Sunteți pe pagina 1din 1703

CPU Disasm

Address Hex dump


00401000 /$ 55
o.00401000(guessed Arg1)
00401001 |. 8BEC
00401003 |. 6A FF
00401005 |. 68 484F4400
0040100A |. 64:A1 0000000
00401010 |. 50
00401011 |. B8 40280000
00401016 |. E8 E5D60200
10304. bytes on stack
0040101B |. A1 A0154500
00401020 |. 33C5
00401022 |. 8945 A0
00401025 |. 56
00401026 |. 50
00401027 |. 8D45 F4
0040102A |. 64:A3 0000000
00401030 |. 8D4D C4
00401033 |. E8 88540000
00401038 |. C745 FC 00000
0040103F |. A1 F8284500
00401044 |. 83C0 01
00401047 |. A3 F8284500
0040104C |. 68 77874400
ystemInfo.448777
00401051 |. 8D8D 1CF9FFFF
00401057 |. E8 94DB0000
fo.0040EBF0
0040105C |. C645 FC 01
00401060 |. 8D8D 1CF9FFFF
00401066 |. 51
OFFSET LOCAL.441
00401067 |. B9 0C294500
0040106C |. E8 AF600000
fo.00407120
00401071 |. 68 74874400
"
00401076 |. 8B15 F8284500
0040107C |. 52
[4528F8] = 0
0040107D |. B9 08294500
00401082 |. E8 D94D0000
fo.00405E60
00401087 |. 50
00401088 |. E8 D3980000
0040108D |. 83C4 08
00401090 |. 8D85 00F9FFFF
00401096 |. 50
OFFSET LOCAL.448
00401097 |. B9 08294500
0040109C |. E8 BF530000
fo.00406460
004010A1 |. 8985 E0D9FFFF
004010A7 |. 8B8D E0D9FFFF
004010AD |. 898D DCD9FFFF
004010B3 |. C645 FC 02
004010B7 |. 837D 08 00
004010BB |. 75 0C

Command
PUSH EBP

Comments
; SystemInf

MOV EBP,ESP
PUSH -1
PUSH 00444F48
MOV EAX,DWORD PTR FS:[0]
PUSH EAX
MOV EAX,2840
CALL 0042E700

; Allocates

MOV EAX,DWORD PTR DS:[4515A0]


XOR EAX,EBP
MOV DWORD PTR SS:[LOCAL.24],EAX
PUSH ESI
PUSH EAX
LEA EAX,[LOCAL.3]
MOV DWORD PTR FS:[0],EAX
LEA ECX,[LOCAL.15]
CALL 004064C0
MOV DWORD PTR SS:[LOCAL.1],0
MOV EAX,DWORD PTR DS:[4528F8]
ADD EAX,1
MOV DWORD PTR DS:[4528F8],EAX
PUSH OFFSET 00448777

; /Arg1 = S

LEA ECX,[LOCAL.441]
CALL 0040EBF0

; |
; \SystemIn

MOV BYTE PTR SS:[LOCAL.1],1


LEA ECX,[LOCAL.441]
PUSH ECX

; /Arg1 =>

MOV ECX,OFFSET 0045290C


CALL 00407120

; |
; \SystemIn

PUSH OFFSET 00448774

; ASCII ".

MOV EDX,DWORD PTR DS:[4528F8]


PUSH EDX

; /Arg1 =>

MOV ECX,OFFSET 00452908


CALL 00405E60

; |
; \SystemIn

PUSH EAX
CALL 0040A960
ADD ESP,8
LEA EAX,[LOCAL.448]
PUSH EAX

; /Arg1 =>

MOV ECX,OFFSET 00452908


CALL 00406460

; |
; \SystemIn

MOV
MOV
MOV
MOV
CMP
JNE

DWORD PTR SS:[LOCAL.2440],EAX


ECX,DWORD PTR SS:[LOCAL.2440]
DWORD PTR SS:[LOCAL.2441],ECX
BYTE PTR SS:[LOCAL.1],2
DWORD PTR SS:[ARG.1],0
SHORT 004010C9

004010BD |. C785 38ECFFFF


004010C7 |. EB 11
004010C9 |> 8B55 08
004010CC |. 8B02
004010CE |. 8B4D 08
004010D1 |. 0348 04
004010D4 |. 898D 38ECFFFF
004010DA |> 68 C0010000
C0
004010DF |. 6A 40
0
004010E1 |. 8B8D 38ECFFFF
004010E7 |. E8 947C0000
fo.00408D80
004010EC |. 6A 06
004010EE |. 8D95 F8F8FFFF
004010F4 |. 52
OFFSET LOCAL.450
004010F5 |. E8 9EC60200
fo.0042D798
004010FA |. 83C4 08
004010FD |. 8985 34ECFFFF
00401103 |. 837D 08 00
00401107 |. 75 0C
00401109 |. C785 D8D9FFFF
00401113 |. EB 11
00401115 |> 8B45 08
00401118 |. 8B08
0040111A |. 8B55 08
0040111D |. 0351 04
00401120 |. 8995 D8D9FFFF
00401126 |> 8B85 34ECFFFF
0040112C |. 8B48 04
0040112F |. 51
00401130 |. 8B95 D8D9FFFF
00401136 |. 52
00401137 |. 8B85 34ECFFFF
0040113D |. 8B08
0040113F |. FFD1
00401141 |. 83C4 08
00401144 |. 8B95 DCD9FFFF
0040114A |. 52
0040114B |. 8B45 08
0040114E |. 50
0040114F |. E8 0C9D0000
00401154 |. 83C4 08
00401157 |. 8985 2CECFFFF
0040115D |. 83BD 2CECFFFF
00401164 |. 75 0C
00401166 |. C785 30ECFFFF
00401170 |. EB 17
00401172 |> 8B8D 2CECFFFF
00401178 |. 8B11
0040117A |. 8B85 2CECFFFF
00401180 |. 0342 04
00401183 |. 8985 30ECFFFF
00401189 |> 68 C0010000
C0
0040118E |. 68 80000000
0

MOV DWORD PTR SS:[LOCAL.1266],0


JMP SHORT 004010DA
MOV EDX,DWORD PTR SS:[ARG.1]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[ARG.1]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.1266],ECX
PUSH 1C0

; /Arg2 = 1

PUSH 40

; |Arg1 = 4

MOV ECX,DWORD PTR SS:[LOCAL.1266]


CALL 00408D80

; |
; \SystemIn

PUSH 6
LEA EDX,[LOCAL.450]
PUSH EDX

; /Arg2 = 6
; |
; |Arg1 =>

CALL 0042D798

; \SystemIn

ADD ESP,8
MOV DWORD PTR SS:[LOCAL.1267],EAX
CMP DWORD PTR SS:[ARG.1],0
JNE SHORT 00401115
MOV DWORD PTR SS:[LOCAL.2442],0
JMP SHORT 00401126
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[ARG.1]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[LOCAL.2442],EDX
MOV EAX,DWORD PTR SS:[LOCAL.1267]
MOV ECX,DWORD PTR DS:[EAX+4]
PUSH ECX
MOV EDX,DWORD PTR SS:[LOCAL.2442]
PUSH EDX
MOV EAX,DWORD PTR SS:[LOCAL.1267]
MOV ECX,DWORD PTR DS:[EAX]
CALL ECX
ADD ESP,8
MOV EDX,DWORD PTR SS:[LOCAL.2441]
PUSH EDX
MOV EAX,DWORD PTR SS:[ARG.1]
PUSH EAX
CALL 0040AE60
ADD ESP,8
MOV DWORD PTR SS:[LOCAL.1269],EAX
CMP DWORD PTR SS:[LOCAL.1269],0
JNE SHORT 00401172
MOV DWORD PTR SS:[LOCAL.1268],0
JMP SHORT 00401189
MOV ECX,DWORD PTR SS:[LOCAL.1269]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[LOCAL.1269]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.1268],EAX
PUSH 1C0

; /Arg2 = 1

PUSH 80

; |Arg1 = 8

00401193 |. 8B8D 30ECFFFF


00401199 |. E8 E27B0000
fo.00408D80
0040119E |. 68 64874400
STALLATIONS"
004011A3 |. 8B8D 2CECFFFF
004011A9 |. 51
004011AA |. E8 B1970000
004011AF |. 83C4 08
004011B2 |. 8985 28ECFFFF
004011B8 |. 6A 0A
A
004011BA |. 8B8D 28ECFFFF
004011C0 |. E8 FBE30000
fo.0040F5C0
004011C5 |. 8B8D 28ECFFFF
004011CB |. E8 F0E50000
fo.0040F7C0
004011D0 |. C645 FC 01
004011D4 |. 6A 00
004011D6 |. 6A 01
004011D8 |. 8D8D 00F9FFFF
004011DE |. E8 7DE90000
fo.0040FB60
004011E3 |. C645 FC 00
004011E7 |. 6A 00
004011E9 |. 6A 01
004011EB |. 8D8D 1CF9FFFF
004011F1 |. E8 6AE90000
fo.0040FB60
004011F6 |. 8D95 CFF8FFFF
004011FC |. 52
004011FD |. 68 60874400
ystemInfo.448760
00401202 |. 8D8D D0F8FFFF
00401208 |. E8 33DA0000
fo.0040EC40
0040120D |. C785 ECF8FFFF
00401217 |. C785 F0F8FFFF
00401221 |. C785 F4F8FFFF
0040122B |. C645 FC 03
0040122F |. 8D85 D0F8FFFF
00401235 |. 50
OFFSET LOCAL.460
00401236 |. 8D4D C4
00401239 |. E8 A2520000
fo.004064E0
0040123E |. 8985 74EBFFFF
00401244 |. 8B8D 74EBFFFF
0040124A |. E8 31D50000
fo.0040E780
0040124F |. 68 58874400
SCII "Arabic"
00401254 |. E8 27D00200
fo.0042E280
00401259 |. 83C4 04
0040125C |. 8985 78EBFFFF
00401262 |. 8B8D 78EBFFFF
00401268 |. 51
[LOCAL.1314]

MOV ECX,DWORD PTR SS:[LOCAL.1268]


CALL 00408D80

; |
; \SystemIn

PUSH OFFSET 00448764

; ASCII "IN

MOV ECX,DWORD PTR SS:[LOCAL.1269]


PUSH ECX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[LOCAL.1270],EAX
PUSH 0A

; /Arg1 = 0

MOV ECX,DWORD PTR SS:[LOCAL.1270]


CALL 0040F5C0

; |
; \SystemIn

MOV ECX,DWORD PTR SS:[LOCAL.1270]


CALL 0040F7C0

; [SystemIn

MOV BYTE PTR SS:[LOCAL.1],1


PUSH 0
PUSH 1
LEA ECX,[LOCAL.448]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

MOV BYTE PTR SS:[LOCAL.1],0


PUSH 0
PUSH 1
LEA ECX,[LOCAL.441]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

LEA EDX,[LOCAL.461+3]
PUSH EDX
PUSH OFFSET 00448760

; /Arg2
; |Arg1 = S

LEA ECX,[LOCAL.460]
CALL 0040EC40

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.453],0


MOV DWORD PTR SS:[LOCAL.452],0
MOV DWORD PTR SS:[LOCAL.451],0
MOV BYTE PTR SS:[LOCAL.1],3
LEA EAX,[LOCAL.460]
PUSH EAX

; /Arg1 =>

LEA ECX,[LOCAL.15]
CALL 004064E0

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.1315],EAX


MOV ECX,DWORD PTR SS:[LOCAL.1315]
CALL 0040E780

; [SystemIn

PUSH OFFSET 00448758

; /Arg1 = A

CALL 0042E280

; \SystemIn

ADD ESP,4
MOV DWORD PTR SS:[LOCAL.1314],EAX
MOV ECX,DWORD PTR SS:[LOCAL.1314]
PUSH ECX

; /Arg2 =>

00401269 |. 68 58874400
SCII "Arabic"
0040126E |. 8B8D 74EBFFFF
00401274 |. E8 D7DE0000
fo.0040F150
00401279 |. C645 FC 04
0040127D |. 8D8D D0F8FFFF
00401283 |. E8 F8D40000
fo.0040E780
00401288 |. C645 FC 00
0040128C |. 6A 00
0040128E |. 6A 01
00401290 |. 8D8D D0F8FFFF
00401296 |. E8 C5E80000
fo.0040FB60
0040129B |. 8D95 A3F8FFFF
004012A1 |. 52
004012A2 |. 68 54874400
ystemInfo.448754
004012A7 |. 8D8D A4F8FFFF
004012AD |. E8 8ED90000
fo.0040EC40
004012B2 |. C785 C0F8FFFF
004012BC |. C785 C4F8FFFF
004012C6 |. C785 C8F8FFFF
004012D0 |. C645 FC 05
004012D4 |. 8D85 A4F8FFFF
004012DA |. 50
OFFSET LOCAL.471
004012DB |. 8D4D C4
004012DE |. E8 FD510000
fo.004064E0
004012E3 |. 8985 C0EAFFFF
004012E9 |. 8B8D C0EAFFFF
004012EF |. E8 8CD40000
fo.0040E780
004012F4 |. 68 4C874400
SCII "Czech"
004012F9 |. E8 82CF0200
fo.0042E280
004012FE |. 83C4 04
00401301 |. 8985 C4EAFFFF
00401307 |. 8B8D C4EAFFFF
0040130D |. 51
[LOCAL.1359]
0040130E |. 68 4C874400
SCII "Czech"
00401313 |. 8B8D C0EAFFFF
00401319 |. E8 32DE0000
fo.0040F150
0040131E |. C645 FC 06
00401322 |. 8D8D A4F8FFFF
00401328 |. E8 53D40000
fo.0040E780
0040132D |. C645 FC 00
00401331 |. 6A 00
00401333 |. 6A 01
00401335 |. 8D8D A4F8FFFF
0040133B |. E8 20E80000
fo.0040FB60

PUSH OFFSET 00448758

; |Arg1 = A

MOV ECX,DWORD PTR SS:[LOCAL.1315]


CALL 0040F150

; |
; \SystemIn

MOV BYTE PTR SS:[LOCAL.1],4


LEA ECX,[LOCAL.460]
CALL 0040E780

; [SystemIn

MOV BYTE PTR SS:[LOCAL.1],0


PUSH 0
PUSH 1
LEA ECX,[LOCAL.460]
CALL 0040FB60

;
;
;
;

LEA EDX,[LOCAL.472+3]
PUSH EDX
PUSH OFFSET 00448754

; /Arg2
; |Arg1 = S

LEA ECX,[LOCAL.471]
CALL 0040EC40

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.464],0


MOV DWORD PTR SS:[LOCAL.463],0
MOV DWORD PTR SS:[LOCAL.462],0
MOV BYTE PTR SS:[LOCAL.1],5
LEA EAX,[LOCAL.471]
PUSH EAX

; /Arg1 =>

LEA ECX,[LOCAL.15]
CALL 004064E0

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.1360],EAX


MOV ECX,DWORD PTR SS:[LOCAL.1360]
CALL 0040E780

; [SystemIn

PUSH OFFSET 0044874C

; /Arg1 = A

CALL 0042E280

; \SystemIn

ADD ESP,4
MOV DWORD PTR SS:[LOCAL.1359],EAX
MOV ECX,DWORD PTR SS:[LOCAL.1359]
PUSH ECX

; /Arg2 =>

PUSH OFFSET 0044874C

; |Arg1 = A

MOV ECX,DWORD PTR SS:[LOCAL.1360]


CALL 0040F150

; |
; \SystemIn

MOV BYTE PTR SS:[LOCAL.1],6


LEA ECX,[LOCAL.471]
CALL 0040E780

; [SystemIn

MOV BYTE PTR SS:[LOCAL.1],0


PUSH 0
PUSH 1
LEA ECX,[LOCAL.471]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

00401340 |. 8D95 77F8FFFF


00401346 |. 52
00401347 |. 68 48874400
ystemInfo.448748
0040134C |. 8D8D 78F8FFFF
00401352 |. E8 E9D80000
fo.0040EC40
00401357 |. C785 94F8FFFF
00401361 |. C785 98F8FFFF
0040136B |. C785 9CF8FFFF
00401375 |. C645 FC 07
00401379 |. 8D85 78F8FFFF
0040137F |. 50
OFFSET LOCAL.482
00401380 |. 8D4D C4
00401383 |. E8 58510000
fo.004064E0
00401388 |. 8985 0CEAFFFF
0040138E |. 8B8D 0CEAFFFF
00401394 |. E8 E7D30000
fo.0040E780
00401399 |. 68 3C874400
SCII "Croatian"
0040139E |. E8 DDCE0200
fo.0042E280
004013A3 |. 83C4 04
004013A6 |. 8985 10EAFFFF
004013AC |. 8B8D 10EAFFFF
004013B2 |. 51
[LOCAL.1404]
004013B3 |. 68 3C874400
SCII "Croatian"
004013B8 |. 8B8D 0CEAFFFF
004013BE |. E8 8DDD0000
fo.0040F150
004013C3 |. C645 FC 08
004013C7 |. 8D8D 78F8FFFF
004013CD |. E8 AED30000
fo.0040E780
004013D2 |. C645 FC 00
004013D6 |. 6A 00
004013D8 |. 6A 01
004013DA |. 8D8D 78F8FFFF
004013E0 |. E8 7BE70000
fo.0040FB60
004013E5 |. 8D95 4BF8FFFF
004013EB |. 52
004013EC |. 68 38874400
SCII "CH"
004013F1 |. 8D8D 4CF8FFFF
004013F7 |. E8 44D80000
fo.0040EC40
004013FC |. C785 68F8FFFF
00401406 |. C785 6CF8FFFF
00401410 |. C785 70F8FFFF
0040141A |. C645 FC 09
0040141E |. 8D85 4CF8FFFF
00401424 |. 50
OFFSET LOCAL.493
00401425 |. 8D4D C4

LEA EDX,[LOCAL.483+3]
PUSH EDX
PUSH OFFSET 00448748

; /Arg2
; |Arg1 = S

LEA ECX,[LOCAL.482]
CALL 0040EC40

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.475],0


MOV DWORD PTR SS:[LOCAL.474],0
MOV DWORD PTR SS:[LOCAL.473],0
MOV BYTE PTR SS:[LOCAL.1],7
LEA EAX,[LOCAL.482]
PUSH EAX

; /Arg1 =>

LEA ECX,[LOCAL.15]
CALL 004064E0

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.1405],EAX


MOV ECX,DWORD PTR SS:[LOCAL.1405]
CALL 0040E780

; [SystemIn

PUSH OFFSET 0044873C

; /Arg1 = A

CALL 0042E280

; \SystemIn

ADD ESP,4
MOV DWORD PTR SS:[LOCAL.1404],EAX
MOV ECX,DWORD PTR SS:[LOCAL.1404]
PUSH ECX

; /Arg2 =>

PUSH OFFSET 0044873C

; |Arg1 = A

MOV ECX,DWORD PTR SS:[LOCAL.1405]


CALL 0040F150

; |
; \SystemIn

MOV BYTE PTR SS:[LOCAL.1],8


LEA ECX,[LOCAL.482]
CALL 0040E780

; [SystemIn

MOV BYTE PTR SS:[LOCAL.1],0


PUSH 0
PUSH 1
LEA ECX,[LOCAL.482]
CALL 0040FB60

;
;
;
;

LEA EDX,[LOCAL.494+3]
PUSH EDX
PUSH OFFSET 00448738

; /Arg2
; |Arg1 = A

LEA ECX,[LOCAL.493]
CALL 0040EC40

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.486],0


MOV DWORD PTR SS:[LOCAL.485],0
MOV DWORD PTR SS:[LOCAL.484],0
MOV BYTE PTR SS:[LOCAL.1],9
LEA EAX,[LOCAL.493]
PUSH EAX

; /Arg1 =>

LEA ECX,[LOCAL.15]

; |

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

00401428 |. E8 B3500000 CALL 004064E0


fo.004064E0
0040142D |. 8985 58E9FFFF MOV DWORD PTR SS:[LOCAL.1450],EAX
00401433 |. 8B8D 58E9FFFF MOV ECX,DWORD PTR SS:[LOCAL.1450]
00401439 |. E8 42D30000 CALL 0040E780
fo.0040E780
0040143E |. 68 20874400 PUSH OFFSET 00448720
SCII "Chinese (Traditional)"
00401443 |. E8 38CE0200 CALL 0042E280
fo.0042E280
00401448 |. 83C4 04
ADD ESP,4
0040144B |. 8985 5CE9FFFF MOV DWORD PTR SS:[LOCAL.1449],EAX
00401451 |. 8B8D 5CE9FFFF MOV ECX,DWORD PTR SS:[LOCAL.1449]
00401457 |. 51
PUSH ECX
[LOCAL.1449]
00401458 |. 68 20874400 PUSH OFFSET 00448720
SCII "Chinese (Traditional)"
0040145D |. 8B8D 58E9FFFF MOV ECX,DWORD PTR SS:[LOCAL.1450]
00401463 |. E8 E8DC0000 CALL 0040F150
fo.0040F150
00401468 |. C645 FC 0A
MOV BYTE PTR SS:[LOCAL.1],0A
0040146C |. 8D8D 4CF8FFFF LEA ECX,[LOCAL.493]
00401472 |. E8 09D30000 CALL 0040E780
fo.0040E780
00401477 |. C645 FC 00
MOV BYTE PTR SS:[LOCAL.1],0
0040147B |. 6A 00
PUSH 0
0040147D |. 6A 01
PUSH 1
0040147F |. 8D8D 4CF8FFFF LEA ECX,[LOCAL.493]
00401485 |. E8 D6E60000 CALL 0040FB60
fo.0040FB60
0040148A |. 8D95 1FF8FFFF LEA EDX,[LOCAL.505+3]
00401490 |. 52
PUSH EDX
00401491 |. 68 1C874400 PUSH OFFSET 0044871C
SCII "CHS"
00401496 |. 8D8D 20F8FFFF LEA ECX,[LOCAL.504]
0040149C |. E8 9FD70000 CALL 0040EC40
fo.0040EC40
004014A1 |. C785 3CF8FFFF MOV DWORD PTR SS:[LOCAL.497],0
004014AB |. C785 40F8FFFF MOV DWORD PTR SS:[LOCAL.496],0
004014B5 |. C785 44F8FFFF MOV DWORD PTR SS:[LOCAL.495],0
004014BF |. C645 FC 0B
MOV BYTE PTR SS:[LOCAL.1],0B
004014C3 |. 8D85 20F8FFFF LEA EAX,[LOCAL.504]
004014C9 |. 50
PUSH EAX
OFFSET LOCAL.504
004014CA |. 8D4D C4
LEA ECX,[LOCAL.15]
004014CD |. E8 0E500000 CALL 004064E0
fo.004064E0
004014D2 |. 8985 A4E8FFFF MOV DWORD PTR SS:[LOCAL.1495],EAX
004014D8 |. 8B8D A4E8FFFF MOV ECX,DWORD PTR SS:[LOCAL.1495]
004014DE |. E8 9DD20000 CALL 0040E780
fo.0040E780
004014E3 |. 68 04874400 PUSH OFFSET 00448704
SCII "Chinese (Simplified)"
004014E8 |. E8 93CD0200 CALL 0042E280
fo.0042E280
004014ED |. 83C4 04
ADD ESP,4
004014F0 |. 8985 A8E8FFFF MOV DWORD PTR SS:[LOCAL.1494],EAX
004014F6 |. 8B8D A8E8FFFF MOV ECX,DWORD PTR SS:[LOCAL.1494]
004014FC |. 51
PUSH ECX
[LOCAL.1494]

; \SystemIn

; [SystemIn
; /Arg1 = A
; \SystemIn

; /Arg2 =>
; |Arg1 = A
; |
; \SystemIn

; [SystemIn
;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

; /Arg2
; |Arg1 = A
; |
; \SystemIn

; /Arg1 =>
; |
; \SystemIn

; [SystemIn
; /Arg1 = A
; \SystemIn

; /Arg2 =>

004014FD |. 68 04874400
SCII "Chinese (Simplified)"
00401502 |. 8B8D A4E8FFFF
00401508 |. E8 43DC0000
fo.0040F150
0040150D |. C645 FC 0C
00401511 |. 8D8D 20F8FFFF
00401517 |. E8 64D20000
fo.0040E780
0040151C |. C645 FC 00
00401520 |. 6A 00
00401522 |. 6A 01
00401524 |. 8D8D 20F8FFFF
0040152A |. E8 31E60000
fo.0040FB60
0040152F |. 8D95 F3F7FFFF
00401535 |. 52
00401536 |. 68 00874400
ystemInfo.448700
0040153B |. 8D8D F4F7FFFF
00401541 |. E8 FAD60000
fo.0040EC40
00401546 |. C785 10F8FFFF
00401550 |. C785 14F8FFFF
0040155A |. C785 18F8FFFF
00401564 |. C645 FC 0D
00401568 |. 8D85 F4F7FFFF
0040156E |. 50
OFFSET LOCAL.515
0040156F |. 8D4D C4
00401572 |. E8 694F0000
fo.004064E0
00401577 |. 8985 F0E7FFFF
0040157D |. 8B8D F0E7FFFF
00401583 |. E8 F8D10000
fo.0040E780
00401588 |. 68 F8864400
SCII "Danish"
0040158D |. E8 EECC0200
fo.0042E280
00401592 |. 83C4 04
00401595 |. 8985 F4E7FFFF
0040159B |. 8B8D F4E7FFFF
004015A1 |. 51
[LOCAL.1539]
004015A2 |. 68 F8864400
SCII "Danish"
004015A7 |. 8B8D F0E7FFFF
004015AD |. E8 9EDB0000
fo.0040F150
004015B2 |. C645 FC 0E
004015B6 |. 8D8D F4F7FFFF
004015BC |. E8 BFD10000
fo.0040E780
004015C1 |. C645 FC 00
004015C5 |. 6A 00
004015C7 |. 6A 01
004015C9 |. 8D8D F4F7FFFF
004015CF |. E8 8CE50000
fo.0040FB60

PUSH OFFSET 00448704

; |Arg1 = A

MOV ECX,DWORD PTR SS:[LOCAL.1495]


CALL 0040F150

; |
; \SystemIn

MOV BYTE PTR SS:[LOCAL.1],0C


LEA ECX,[LOCAL.504]
CALL 0040E780

; [SystemIn

MOV BYTE PTR SS:[LOCAL.1],0


PUSH 0
PUSH 1
LEA ECX,[LOCAL.504]
CALL 0040FB60

;
;
;
;

LEA EDX,[LOCAL.516+3]
PUSH EDX
PUSH OFFSET 00448700

; /Arg2
; |Arg1 = S

LEA ECX,[LOCAL.515]
CALL 0040EC40

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.508],0


MOV DWORD PTR SS:[LOCAL.507],0
MOV DWORD PTR SS:[LOCAL.506],0
MOV BYTE PTR SS:[LOCAL.1],0D
LEA EAX,[LOCAL.515]
PUSH EAX

; /Arg1 =>

LEA ECX,[LOCAL.15]
CALL 004064E0

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.1540],EAX


MOV ECX,DWORD PTR SS:[LOCAL.1540]
CALL 0040E780

; [SystemIn

PUSH OFFSET 004486F8

; /Arg1 = A

CALL 0042E280

; \SystemIn

ADD ESP,4
MOV DWORD PTR SS:[LOCAL.1539],EAX
MOV ECX,DWORD PTR SS:[LOCAL.1539]
PUSH ECX

; /Arg2 =>

PUSH OFFSET 004486F8

; |Arg1 = A

MOV ECX,DWORD PTR SS:[LOCAL.1540]


CALL 0040F150

; |
; \SystemIn

MOV BYTE PTR SS:[LOCAL.1],0E


LEA ECX,[LOCAL.515]
CALL 0040E780

; [SystemIn

MOV BYTE PTR SS:[LOCAL.1],0


PUSH 0
PUSH 1
LEA ECX,[LOCAL.515]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

004015D4 |. 8D95 C7F7FFFF


004015DA |. 52
004015DB |. 68 F4864400
ystemInfo.4486F4
004015E0 |. 8D8D C8F7FFFF
004015E6 |. E8 55D60000
fo.0040EC40
004015EB |. C785 E4F7FFFF
004015F5 |. C785 E8F7FFFF
004015FF |. C785 ECF7FFFF
00401609 |. C645 FC 0F
0040160D |. 8D85 C8F7FFFF
00401613 |. 50
OFFSET LOCAL.526
00401614 |. 8D4D C4
00401617 |. E8 C44E0000
fo.004064E0
0040161C |. 8985 3CE7FFFF
00401622 |. 8B8D 3CE7FFFF
00401628 |. E8 53D10000
fo.0040E780
0040162D |. 68 EC864400
SCII "English"
00401632 |. E8 49CC0200
fo.0042E280
00401637 |. 83C4 04
0040163A |. 8985 40E7FFFF
00401640 |. 8B8D 40E7FFFF
00401646 |. 51
[LOCAL.1584]
00401647 |. 68 EC864400
SCII "English"
0040164C |. 8B8D 3CE7FFFF
00401652 |. E8 F9DA0000
fo.0040F150
00401657 |. C645 FC 10
0040165B |. 8D8D C8F7FFFF
00401661 |. E8 1AD10000
fo.0040E780
00401666 |. C645 FC 00
0040166A |. 6A 00
0040166C |. 6A 01
0040166E |. 8D8D C8F7FFFF
00401674 |. E8 E7E40000
fo.0040FB60
00401679 |. 8D95 9BF7FFFF
0040167F |. 52
00401680 |. 68 E8864400
ystemInfo.4486E8
00401685 |. 8D8D 9CF7FFFF
0040168B |. E8 B0D50000
fo.0040EC40
00401690 |. C785 B8F7FFFF
0040169A |. C785 BCF7FFFF
004016A4 |. C785 C0F7FFFF
004016AE |. C645 FC 11
004016B2 |. 8D85 9CF7FFFF
004016B8 |. 50
OFFSET LOCAL.537
004016B9 |. 8D4D C4

LEA EDX,[LOCAL.527+3]
PUSH EDX
PUSH OFFSET 004486F4

; /Arg2
; |Arg1 = S

LEA ECX,[LOCAL.526]
CALL 0040EC40

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.519],0


MOV DWORD PTR SS:[LOCAL.518],0
MOV DWORD PTR SS:[LOCAL.517],0
MOV BYTE PTR SS:[LOCAL.1],0F
LEA EAX,[LOCAL.526]
PUSH EAX

; /Arg1 =>

LEA ECX,[LOCAL.15]
CALL 004064E0

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.1585],EAX


MOV ECX,DWORD PTR SS:[LOCAL.1585]
CALL 0040E780

; [SystemIn

PUSH OFFSET 004486EC

; /Arg1 = A

CALL 0042E280

; \SystemIn

ADD ESP,4
MOV DWORD PTR SS:[LOCAL.1584],EAX
MOV ECX,DWORD PTR SS:[LOCAL.1584]
PUSH ECX

; /Arg2 =>

PUSH OFFSET 004486EC

; |Arg1 = A

MOV ECX,DWORD PTR SS:[LOCAL.1585]


CALL 0040F150

; |
; \SystemIn

MOV BYTE PTR SS:[LOCAL.1],10


LEA ECX,[LOCAL.526]
CALL 0040E780

; [SystemIn

MOV BYTE PTR SS:[LOCAL.1],0


PUSH 0
PUSH 1
LEA ECX,[LOCAL.526]
CALL 0040FB60

;
;
;
;

LEA EDX,[LOCAL.538+3]
PUSH EDX
PUSH OFFSET 004486E8

; /Arg2
; |Arg1 = S

LEA ECX,[LOCAL.537]
CALL 0040EC40

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.530],0


MOV DWORD PTR SS:[LOCAL.529],0
MOV DWORD PTR SS:[LOCAL.528],0
MOV BYTE PTR SS:[LOCAL.1],11
LEA EAX,[LOCAL.537]
PUSH EAX

; /Arg1 =>

LEA ECX,[LOCAL.15]

; |

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

004016BC |. E8 1F4E0000
fo.004064E0
004016C1 |. 8985 88E6FFFF
004016C7 |. 8B8D 88E6FFFF
004016CD |. E8 AED00000
fo.0040E780
004016D2 |. 68 E0864400
SCII "French"
004016D7 |. E8 A4CB0200
fo.0042E280
004016DC |. 83C4 04
004016DF |. 8985 8CE6FFFF
004016E5 |. 8B8D 8CE6FFFF
004016EB |. 51
[LOCAL.1629]
004016EC |. 68 E0864400
SCII "French"
004016F1 |. 8B8D 88E6FFFF
004016F7 |. E8 54DA0000
fo.0040F150
004016FC |. C645 FC 12
00401700 |. 8D8D 9CF7FFFF
00401706 |. E8 75D00000
fo.0040E780
0040170B |. C645 FC 00
0040170F |. 6A 00
00401711 |. 6A 01
00401713 |. 8D8D 9CF7FFFF
00401719 |. E8 42E40000
fo.0040FB60
0040171E |. 8D95 6FF7FFFF
00401724 |. 52
00401725 |. 68 DC864400
SCII "FI"
0040172A |. 8D8D 70F7FFFF
00401730 |. E8 0BD50000
fo.0040EC40
00401735 |. C785 8CF7FFFF
0040173F |. C785 90F7FFFF
00401749 |. C785 94F7FFFF
00401753 |. C645 FC 13
00401757 |. 8D85 70F7FFFF
0040175D |. 50
OFFSET LOCAL.548
0040175E |. 8D4D C4
00401761 |. E8 7A4D0000
fo.004064E0
00401766 |. 8985 D4E5FFFF
0040176C |. 8B8D D4E5FFFF
00401772 |. E8 09D00000
fo.0040E780
00401777 |. 68 D4864400
SCII "Finnish"
0040177C |. E8 FFCA0200
fo.0042E280
00401781 |. 83C4 04
00401784 |. 8985 D8E5FFFF
0040178A |. 8B8D D8E5FFFF
00401790 |. 51
[LOCAL.1674]

CALL 004064E0

; \SystemIn

MOV DWORD PTR SS:[LOCAL.1630],EAX


MOV ECX,DWORD PTR SS:[LOCAL.1630]
CALL 0040E780

; [SystemIn

PUSH OFFSET 004486E0

; /Arg1 = A

CALL 0042E280

; \SystemIn

ADD ESP,4
MOV DWORD PTR SS:[LOCAL.1629],EAX
MOV ECX,DWORD PTR SS:[LOCAL.1629]
PUSH ECX

; /Arg2 =>

PUSH OFFSET 004486E0

; |Arg1 = A

MOV ECX,DWORD PTR SS:[LOCAL.1630]


CALL 0040F150

; |
; \SystemIn

MOV BYTE PTR SS:[LOCAL.1],12


LEA ECX,[LOCAL.537]
CALL 0040E780

; [SystemIn

MOV BYTE PTR SS:[LOCAL.1],0


PUSH 0
PUSH 1
LEA ECX,[LOCAL.537]
CALL 0040FB60

;
;
;
;

LEA EDX,[LOCAL.549+3]
PUSH EDX
PUSH OFFSET 004486DC

; /Arg2
; |Arg1 = A

LEA ECX,[LOCAL.548]
CALL 0040EC40

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.541],0


MOV DWORD PTR SS:[LOCAL.540],0
MOV DWORD PTR SS:[LOCAL.539],0
MOV BYTE PTR SS:[LOCAL.1],13
LEA EAX,[LOCAL.548]
PUSH EAX

; /Arg1 =>

LEA ECX,[LOCAL.15]
CALL 004064E0

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.1675],EAX


MOV ECX,DWORD PTR SS:[LOCAL.1675]
CALL 0040E780

; [SystemIn

PUSH OFFSET 004486D4

; /Arg1 = A

CALL 0042E280

; \SystemIn

ADD ESP,4
MOV DWORD PTR SS:[LOCAL.1674],EAX
MOV ECX,DWORD PTR SS:[LOCAL.1674]
PUSH ECX

; /Arg2 =>

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

00401791 |. 68 D4864400
SCII "Finnish"
00401796 |. 8B8D D4E5FFFF
0040179C |. E8 AFD90000
fo.0040F150
004017A1 |. C645 FC 14
004017A5 |. 8D8D 70F7FFFF
004017AB |. E8 D0CF0000
fo.0040E780
004017B0 |. C645 FC 00
004017B4 |. 6A 00
004017B6 |. 6A 01
004017B8 |. 8D8D 70F7FFFF
004017BE |. E8 9DE30000
fo.0040FB60
004017C3 |. 8D95 43F7FFFF
004017C9 |. 52
004017CA |. 68 D0864400
ystemInfo.4486D0
004017CF |. 8D8D 44F7FFFF
004017D5 |. E8 66D40000
fo.0040EC40
004017DA |. C785 60F7FFFF
004017E4 |. C785 64F7FFFF
004017EE |. C785 68F7FFFF
004017F8 |. C645 FC 15
004017FC |. 8D85 44F7FFFF
00401802 |. 50
OFFSET LOCAL.559
00401803 |. 8D4D C4
00401806 |. E8 D54C0000
fo.004064E0
0040180B |. 8985 20E5FFFF
00401811 |. 8B8D 20E5FFFF
00401817 |. E8 64CF0000
fo.0040E780
0040181C |. 68 C8864400
SCII "Greek"
00401821 |. E8 5ACA0200
fo.0042E280
00401826 |. 83C4 04
00401829 |. 8985 24E5FFFF
0040182F |. 8B8D 24E5FFFF
00401835 |. 51
[LOCAL.1719]
00401836 |. 68 C8864400
SCII "Greek"
0040183B |. 8B8D 20E5FFFF
00401841 |. E8 0AD90000
fo.0040F150
00401846 |. C645 FC 16
0040184A |. 8D8D 44F7FFFF
00401850 |. E8 2BCF0000
fo.0040E780
00401855 |. C645 FC 00
00401859 |. 6A 00
0040185B |. 6A 01
0040185D |. 8D8D 44F7FFFF
00401863 |. E8 F8E20000
fo.0040FB60

PUSH OFFSET 004486D4

; |Arg1 = A

MOV ECX,DWORD PTR SS:[LOCAL.1675]


CALL 0040F150

; |
; \SystemIn

MOV BYTE PTR SS:[LOCAL.1],14


LEA ECX,[LOCAL.548]
CALL 0040E780

; [SystemIn

MOV BYTE PTR SS:[LOCAL.1],0


PUSH 0
PUSH 1
LEA ECX,[LOCAL.548]
CALL 0040FB60

;
;
;
;

LEA EDX,[LOCAL.560+3]
PUSH EDX
PUSH OFFSET 004486D0

; /Arg2
; |Arg1 = S

LEA ECX,[LOCAL.559]
CALL 0040EC40

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.552],0


MOV DWORD PTR SS:[LOCAL.551],0
MOV DWORD PTR SS:[LOCAL.550],0
MOV BYTE PTR SS:[LOCAL.1],15
LEA EAX,[LOCAL.559]
PUSH EAX

; /Arg1 =>

LEA ECX,[LOCAL.15]
CALL 004064E0

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.1720],EAX


MOV ECX,DWORD PTR SS:[LOCAL.1720]
CALL 0040E780

; [SystemIn

PUSH OFFSET 004486C8

; /Arg1 = A

CALL 0042E280

; \SystemIn

ADD ESP,4
MOV DWORD PTR SS:[LOCAL.1719],EAX
MOV ECX,DWORD PTR SS:[LOCAL.1719]
PUSH ECX

; /Arg2 =>

PUSH OFFSET 004486C8

; |Arg1 = A

MOV ECX,DWORD PTR SS:[LOCAL.1720]


CALL 0040F150

; |
; \SystemIn

MOV BYTE PTR SS:[LOCAL.1],16


LEA ECX,[LOCAL.559]
CALL 0040E780

; [SystemIn

MOV BYTE PTR SS:[LOCAL.1],0


PUSH 0
PUSH 1
LEA ECX,[LOCAL.559]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

00401868 |. 8D95 17F7FFFF


0040186E |. 52
0040186F |. 68 C4864400
SCII "GE"
00401874 |. 8D8D 18F7FFFF
0040187A |. E8 C1D30000
fo.0040EC40
0040187F |. C785 34F7FFFF
00401889 |. C785 38F7FFFF
00401893 |. C785 3CF7FFFF
0040189D |. C645 FC 17
004018A1 |. 8D85 18F7FFFF
004018A7 |. 50
OFFSET LOCAL.570
004018A8 |. 8D4D C4
004018AB |. E8 304C0000
fo.004064E0
004018B0 |. 8985 6CE4FFFF
004018B6 |. 8B8D 6CE4FFFF
004018BC |. E8 BFCE0000
fo.0040E780
004018C1 |. 68 B8864400
SCII "Georgian"
004018C6 |. E8 B5C90200
fo.0042E280
004018CB |. 83C4 04
004018CE |. 8985 70E4FFFF
004018D4 |. 8B8D 70E4FFFF
004018DA |. 51
[LOCAL.1764]
004018DB |. 68 B8864400
SCII "Georgian"
004018E0 |. 8B8D 6CE4FFFF
004018E6 |. E8 65D80000
fo.0040F150
004018EB |. C645 FC 18
004018EF |. 8D8D 18F7FFFF
004018F5 |. E8 86CE0000
fo.0040E780
004018FA |. C645 FC 00
004018FE |. 6A 00
00401900 |. 6A 01
00401902 |. 8D8D 18F7FFFF
00401908 |. E8 53E20000
fo.0040FB60
0040190D |. 8D95 EBF6FFFF
00401913 |. 52
00401914 |. 68 B4864400
ystemInfo.4486B4
00401919 |. 8D8D ECF6FFFF
0040191F |. E8 1CD30000
fo.0040EC40
00401924 |. C785 08F7FFFF
0040192E |. C785 0CF7FFFF
00401938 |. C785 10F7FFFF
00401942 |. C645 FC 19
00401946 |. 8D85 ECF6FFFF
0040194C |. 50
OFFSET LOCAL.581
0040194D |. 8D4D C4

LEA EDX,[LOCAL.571+3]
PUSH EDX
PUSH OFFSET 004486C4

; /Arg2
; |Arg1 = A

LEA ECX,[LOCAL.570]
CALL 0040EC40

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.563],0


MOV DWORD PTR SS:[LOCAL.562],0
MOV DWORD PTR SS:[LOCAL.561],0
MOV BYTE PTR SS:[LOCAL.1],17
LEA EAX,[LOCAL.570]
PUSH EAX

; /Arg1 =>

LEA ECX,[LOCAL.15]
CALL 004064E0

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.1765],EAX


MOV ECX,DWORD PTR SS:[LOCAL.1765]
CALL 0040E780

; [SystemIn

PUSH OFFSET 004486B8

; /Arg1 = A

CALL 0042E280

; \SystemIn

ADD ESP,4
MOV DWORD PTR SS:[LOCAL.1764],EAX
MOV ECX,DWORD PTR SS:[LOCAL.1764]
PUSH ECX

; /Arg2 =>

PUSH OFFSET 004486B8

; |Arg1 = A

MOV ECX,DWORD PTR SS:[LOCAL.1765]


CALL 0040F150

; |
; \SystemIn

MOV BYTE PTR SS:[LOCAL.1],18


LEA ECX,[LOCAL.570]
CALL 0040E780

; [SystemIn

MOV BYTE PTR SS:[LOCAL.1],0


PUSH 0
PUSH 1
LEA ECX,[LOCAL.570]
CALL 0040FB60

;
;
;
;

LEA EDX,[LOCAL.582+3]
PUSH EDX
PUSH OFFSET 004486B4

; /Arg2
; |Arg1 = S

LEA ECX,[LOCAL.581]
CALL 0040EC40

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.574],0


MOV DWORD PTR SS:[LOCAL.573],0
MOV DWORD PTR SS:[LOCAL.572],0
MOV BYTE PTR SS:[LOCAL.1],19
LEA EAX,[LOCAL.581]
PUSH EAX

; /Arg1 =>

LEA ECX,[LOCAL.15]

; |

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

00401950 |. E8 8B4B0000
fo.004064E0
00401955 |. 8985 B8E3FFFF
0040195B |. 8B8D B8E3FFFF
00401961 |. E8 1ACE0000
fo.0040E780
00401966 |. 68 A8864400
SCII "Hungarian"
0040196B |. E8 10C90200
fo.0042E280
00401970 |. 83C4 04
00401973 |. 8985 BCE3FFFF
00401979 |. 8B8D BCE3FFFF
0040197F |. 51
[LOCAL.1809]
00401980 |. 68 A8864400
SCII "Hungarian"
00401985 |. 8B8D B8E3FFFF
0040198B |. E8 C0D70000
fo.0040F150
00401990 |. C645 FC 1A
00401994 |. 8D8D ECF6FFFF
0040199A |. E8 E1CD0000
fo.0040E780
0040199F |. C645 FC 00
004019A3 |. 6A 00
004019A5 |. 6A 01
004019A7 |. 8D8D ECF6FFFF
004019AD |. E8 AEE10000
fo.0040FB60
004019B2 |. 8D95 BFF6FFFF
004019B8 |. 52
004019B9 |. 68 A4864400
ystemInfo.4486A4
004019BE |. 8D8D C0F6FFFF
004019C4 |. E8 77D20000
fo.0040EC40
004019C9 |. C785 DCF6FFFF
004019D3 |. C785 E0F6FFFF
004019DD |. C785 E4F6FFFF
004019E7 |. C645 FC 1B
004019EB |. 8D85 C0F6FFFF
004019F1 |. 50
OFFSET LOCAL.592
004019F2 |. 8D4D C4
004019F5 |. E8 E64A0000
fo.004064E0
004019FA |. 8985 04E3FFFF
00401A00 |. 8B8D 04E3FFFF
00401A06 |. E8 75CD0000
fo.0040E780
00401A0B |. 68 9C864400
SCII "Italian"
00401A10 |. E8 6BC80200
fo.0042E280
00401A15 |. 83C4 04
00401A18 |. 8985 08E3FFFF
00401A1E |. 8B8D 08E3FFFF
00401A24 |. 51
[LOCAL.1854]

CALL 004064E0

; \SystemIn

MOV DWORD PTR SS:[LOCAL.1810],EAX


MOV ECX,DWORD PTR SS:[LOCAL.1810]
CALL 0040E780

; [SystemIn

PUSH OFFSET 004486A8

; /Arg1 = A

CALL 0042E280

; \SystemIn

ADD ESP,4
MOV DWORD PTR SS:[LOCAL.1809],EAX
MOV ECX,DWORD PTR SS:[LOCAL.1809]
PUSH ECX

; /Arg2 =>

PUSH OFFSET 004486A8

; |Arg1 = A

MOV ECX,DWORD PTR SS:[LOCAL.1810]


CALL 0040F150

; |
; \SystemIn

MOV BYTE PTR SS:[LOCAL.1],1A


LEA ECX,[LOCAL.581]
CALL 0040E780

; [SystemIn

MOV BYTE PTR SS:[LOCAL.1],0


PUSH 0
PUSH 1
LEA ECX,[LOCAL.581]
CALL 0040FB60

;
;
;
;

LEA EDX,[LOCAL.593+3]
PUSH EDX
PUSH OFFSET 004486A4

; /Arg2
; |Arg1 = S

LEA ECX,[LOCAL.592]
CALL 0040EC40

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.585],0


MOV DWORD PTR SS:[LOCAL.584],0
MOV DWORD PTR SS:[LOCAL.583],0
MOV BYTE PTR SS:[LOCAL.1],1B
LEA EAX,[LOCAL.592]
PUSH EAX

; /Arg1 =>

LEA ECX,[LOCAL.15]
CALL 004064E0

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.1855],EAX


MOV ECX,DWORD PTR SS:[LOCAL.1855]
CALL 0040E780

; [SystemIn

PUSH OFFSET 0044869C

; /Arg1 = A

CALL 0042E280

; \SystemIn

ADD ESP,4
MOV DWORD PTR SS:[LOCAL.1854],EAX
MOV ECX,DWORD PTR SS:[LOCAL.1854]
PUSH ECX

; /Arg2 =>

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

00401A25 |. 68 9C864400
SCII "Italian"
00401A2A |. 8B8D 04E3FFFF
00401A30 |. E8 1BD70000
fo.0040F150
00401A35 |. C645 FC 1C
00401A39 |. 8D8D C0F6FFFF
00401A3F |. E8 3CCD0000
fo.0040E780
00401A44 |. C645 FC 00
00401A48 |. 6A 00
00401A4A |. 6A 01
00401A4C |. 8D8D C0F6FFFF
00401A52 |. E8 09E10000
fo.0040FB60
00401A57 |. 8D95 93F6FFFF
00401A5D |. 52
00401A5E |. 68 98864400
SCII "IN"
00401A63 |. 8D8D 94F6FFFF
00401A69 |. E8 D2D10000
fo.0040EC40
00401A6E |. C785 B0F6FFFF
00401A78 |. C785 B4F6FFFF
00401A82 |. C785 B8F6FFFF
00401A8C |. C645 FC 1D
00401A90 |. 8D85 94F6FFFF
00401A96 |. 50
OFFSET LOCAL.603
00401A97 |. 8D4D C4
00401A9A |. E8 414A0000
fo.004064E0
00401A9F |. 8985 50E2FFFF
00401AA5 |. 8B8D 50E2FFFF
00401AAB |. E8 D0CC0000
fo.0040E780
00401AB0 |. 68 8C864400
SCII "Indonesian"
00401AB5 |. E8 C6C70200
fo.0042E280
00401ABA |. 83C4 04
00401ABD |. 8985 54E2FFFF
00401AC3 |. 8B8D 54E2FFFF
00401AC9 |. 51
[LOCAL.1899]
00401ACA |. 68 8C864400
SCII "Indonesian"
00401ACF |. 8B8D 50E2FFFF
00401AD5 |. E8 76D60000
fo.0040F150
00401ADA |. C645 FC 1E
00401ADE |. 8D8D 94F6FFFF
00401AE4 |. E8 97CC0000
fo.0040E780
00401AE9 |. C645 FC 00
00401AED |. 6A 00
00401AEF |. 6A 01
00401AF1 |. 8D8D 94F6FFFF
00401AF7 |. E8 64E00000
fo.0040FB60

PUSH OFFSET 0044869C

; |Arg1 = A

MOV ECX,DWORD PTR SS:[LOCAL.1855]


CALL 0040F150

; |
; \SystemIn

MOV BYTE PTR SS:[LOCAL.1],1C


LEA ECX,[LOCAL.592]
CALL 0040E780

; [SystemIn

MOV BYTE PTR SS:[LOCAL.1],0


PUSH 0
PUSH 1
LEA ECX,[LOCAL.592]
CALL 0040FB60

;
;
;
;

LEA EDX,[LOCAL.604+3]
PUSH EDX
PUSH OFFSET 00448698

; /Arg2
; |Arg1 = A

LEA ECX,[LOCAL.603]
CALL 0040EC40

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.596],0


MOV DWORD PTR SS:[LOCAL.595],0
MOV DWORD PTR SS:[LOCAL.594],0
MOV BYTE PTR SS:[LOCAL.1],1D
LEA EAX,[LOCAL.603]
PUSH EAX

; /Arg1 =>

LEA ECX,[LOCAL.15]
CALL 004064E0

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.1900],EAX


MOV ECX,DWORD PTR SS:[LOCAL.1900]
CALL 0040E780

; [SystemIn

PUSH OFFSET 0044868C

; /Arg1 = A

CALL 0042E280

; \SystemIn

ADD ESP,4
MOV DWORD PTR SS:[LOCAL.1899],EAX
MOV ECX,DWORD PTR SS:[LOCAL.1899]
PUSH ECX

; /Arg2 =>

PUSH OFFSET 0044868C

; |Arg1 = A

MOV ECX,DWORD PTR SS:[LOCAL.1900]


CALL 0040F150

; |
; \SystemIn

MOV BYTE PTR SS:[LOCAL.1],1E


LEA ECX,[LOCAL.603]
CALL 0040E780

; [SystemIn

MOV BYTE PTR SS:[LOCAL.1],0


PUSH 0
PUSH 1
LEA ECX,[LOCAL.603]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

00401AFC |. 8D95 67F6FFFF


00401B02 |. 52
00401B03 |. 68 88864400
ystemInfo.448688
00401B08 |. 8D8D 68F6FFFF
00401B0E |. E8 2DD10000
fo.0040EC40
00401B13 |. C785 84F6FFFF
00401B1D |. C785 88F6FFFF
00401B27 |. C785 8CF6FFFF
00401B31 |. C645 FC 1F
00401B35 |. 8D85 68F6FFFF
00401B3B |. 50
OFFSET LOCAL.614
00401B3C |. 8D4D C4
00401B3F |. E8 9C490000
fo.004064E0
00401B44 |. 8985 9CE1FFFF
00401B4A |. 8B8D 9CE1FFFF
00401B50 |. E8 2BCC0000
fo.0040E780
00401B55 |. 68 7C864400
SCII "Japanese"
00401B5A |. E8 21C70200
fo.0042E280
00401B5F |. 83C4 04
00401B62 |. 8985 A0E1FFFF
00401B68 |. 8B8D A0E1FFFF
00401B6E |. 51
[LOCAL.1944]
00401B6F |. 68 7C864400
SCII "Japanese"
00401B74 |. 8B8D 9CE1FFFF
00401B7A |. E8 D1D50000
fo.0040F150
00401B7F |. C645 FC 20
00401B83 |. 8D8D 68F6FFFF
00401B89 |. E8 F2CB0000
fo.0040E780
00401B8E |. C645 FC 00
00401B92 |. 6A 00
00401B94 |. 6A 01
00401B96 |. 8D8D 68F6FFFF
00401B9C |. E8 BFDF0000
fo.0040FB60
00401BA1 |. 8D95 3BF6FFFF
00401BA7 |. 52
00401BA8 |. 68 78864400
ystemInfo.448678
00401BAD |. 8D8D 3CF6FFFF
00401BB3 |. E8 88D00000
fo.0040EC40
00401BB8 |. C785 58F6FFFF
00401BC2 |. C785 5CF6FFFF
00401BCC |. C785 60F6FFFF
00401BD6 |. C645 FC 21
00401BDA |. 8D85 3CF6FFFF
00401BE0 |. 50
OFFSET LOCAL.625
00401BE1 |. 8D4D C4

LEA EDX,[LOCAL.615+3]
PUSH EDX
PUSH OFFSET 00448688

; /Arg2
; |Arg1 = S

LEA ECX,[LOCAL.614]
CALL 0040EC40

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.607],0


MOV DWORD PTR SS:[LOCAL.606],0
MOV DWORD PTR SS:[LOCAL.605],0
MOV BYTE PTR SS:[LOCAL.1],1F
LEA EAX,[LOCAL.614]
PUSH EAX

; /Arg1 =>

LEA ECX,[LOCAL.15]
CALL 004064E0

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.1945],EAX


MOV ECX,DWORD PTR SS:[LOCAL.1945]
CALL 0040E780

; [SystemIn

PUSH OFFSET 0044867C

; /Arg1 = A

CALL 0042E280

; \SystemIn

ADD ESP,4
MOV DWORD PTR SS:[LOCAL.1944],EAX
MOV ECX,DWORD PTR SS:[LOCAL.1944]
PUSH ECX

; /Arg2 =>

PUSH OFFSET 0044867C

; |Arg1 = A

MOV ECX,DWORD PTR SS:[LOCAL.1945]


CALL 0040F150

; |
; \SystemIn

MOV BYTE PTR SS:[LOCAL.1],20


LEA ECX,[LOCAL.614]
CALL 0040E780

; [SystemIn

MOV BYTE PTR SS:[LOCAL.1],0


PUSH 0
PUSH 1
LEA ECX,[LOCAL.614]
CALL 0040FB60

;
;
;
;

LEA EDX,[LOCAL.626+3]
PUSH EDX
PUSH OFFSET 00448678

; /Arg2
; |Arg1 = S

LEA ECX,[LOCAL.625]
CALL 0040EC40

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.618],0


MOV DWORD PTR SS:[LOCAL.617],0
MOV DWORD PTR SS:[LOCAL.616],0
MOV BYTE PTR SS:[LOCAL.1],21
LEA EAX,[LOCAL.625]
PUSH EAX

; /Arg1 =>

LEA ECX,[LOCAL.15]

; |

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

00401BE4 |. E8 F7480000
fo.004064E0
00401BE9 |. 8985 E8E0FFFF
00401BEF |. 8B8D E8E0FFFF
00401BF5 |. E8 86CB0000
fo.0040E780
00401BFA |. 68 6C864400
SCII "Ukranian"
00401BFF |. E8 7CC60200
fo.0042E280
00401C04 |. 83C4 04
00401C07 |. 8985 ECE0FFFF
00401C0D |. 8B8D ECE0FFFF
00401C13 |. 51
[LOCAL.1989]
00401C14 |. 68 6C864400
SCII "Ukranian"
00401C19 |. 8B8D E8E0FFFF
00401C1F |. E8 2CD50000
fo.0040F150
00401C24 |. C645 FC 22
00401C28 |. 8D8D 3CF6FFFF
00401C2E |. E8 4DCB0000
fo.0040E780
00401C33 |. C645 FC 00
00401C37 |. 6A 00
00401C39 |. 6A 01
00401C3B |. 8D8D 3CF6FFFF
00401C41 |. E8 1ADF0000
fo.0040FB60
00401C46 |. 8D95 0FF6FFFF
00401C4C |. 52
00401C4D |. 68 68864400
SCII "KO"
00401C52 |. 8D8D 10F6FFFF
00401C58 |. E8 E3CF0000
fo.0040EC40
00401C5D |. C785 2CF6FFFF
00401C67 |. C785 30F6FFFF
00401C71 |. C785 34F6FFFF
00401C7B |. C645 FC 23
00401C7F |. 8D85 10F6FFFF
00401C85 |. 50
OFFSET LOCAL.636
00401C86 |. 8D4D C4
00401C89 |. E8 52480000
fo.004064E0
00401C8E |. 8985 34E0FFFF
00401C94 |. 8B8D 34E0FFFF
00401C9A |. E8 E1CA0000
fo.0040E780
00401C9F |. 68 60864400
SCII "Korean"
00401CA4 |. E8 D7C50200
fo.0042E280
00401CA9 |. 83C4 04
00401CAC |. 8985 38E0FFFF
00401CB2 |. 8B8D 38E0FFFF
00401CB8 |. 51
[LOCAL.2034]

CALL 004064E0

; \SystemIn

MOV DWORD PTR SS:[LOCAL.1990],EAX


MOV ECX,DWORD PTR SS:[LOCAL.1990]
CALL 0040E780

; [SystemIn

PUSH OFFSET 0044866C

; /Arg1 = A

CALL 0042E280

; \SystemIn

ADD ESP,4
MOV DWORD PTR SS:[LOCAL.1989],EAX
MOV ECX,DWORD PTR SS:[LOCAL.1989]
PUSH ECX

; /Arg2 =>

PUSH OFFSET 0044866C

; |Arg1 = A

MOV ECX,DWORD PTR SS:[LOCAL.1990]


CALL 0040F150

; |
; \SystemIn

MOV BYTE PTR SS:[LOCAL.1],22


LEA ECX,[LOCAL.625]
CALL 0040E780

; [SystemIn

MOV BYTE PTR SS:[LOCAL.1],0


PUSH 0
PUSH 1
LEA ECX,[LOCAL.625]
CALL 0040FB60

;
;
;
;

LEA EDX,[LOCAL.637+3]
PUSH EDX
PUSH OFFSET 00448668

; /Arg2
; |Arg1 = A

LEA ECX,[LOCAL.636]
CALL 0040EC40

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.629],0


MOV DWORD PTR SS:[LOCAL.628],0
MOV DWORD PTR SS:[LOCAL.627],0
MOV BYTE PTR SS:[LOCAL.1],23
LEA EAX,[LOCAL.636]
PUSH EAX

; /Arg1 =>

LEA ECX,[LOCAL.15]
CALL 004064E0

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.2035],EAX


MOV ECX,DWORD PTR SS:[LOCAL.2035]
CALL 0040E780

; [SystemIn

PUSH OFFSET 00448660

; /Arg1 = A

CALL 0042E280

; \SystemIn

ADD ESP,4
MOV DWORD PTR SS:[LOCAL.2034],EAX
MOV ECX,DWORD PTR SS:[LOCAL.2034]
PUSH ECX

; /Arg2 =>

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

00401CB9 |. 68 60864400
SCII "Korean"
00401CBE |. 8B8D 34E0FFFF
00401CC4 |. E8 87D40000
fo.0040F150
00401CC9 |. C645 FC 24
00401CCD |. 8D8D 10F6FFFF
00401CD3 |. E8 A8CA0000
fo.0040E780
00401CD8 |. C645 FC 00
00401CDC |. 6A 00
00401CDE |. 6A 01
00401CE0 |. 8D8D 10F6FFFF
00401CE6 |. E8 75DE0000
fo.0040FB60
00401CEB |. 8D95 E3F5FFFF
00401CF1 |. 52
00401CF2 |. 68 5C864400
ystemInfo.44865C
00401CF7 |. 8D8D E4F5FFFF
00401CFD |. E8 3ECF0000
fo.0040EC40
00401D02 |. C785 00F6FFFF
00401D0C |. C785 04F6FFFF
00401D16 |. C785 08F6FFFF
00401D20 |. C645 FC 25
00401D24 |. 8D85 E4F5FFFF
00401D2A |. 50
OFFSET LOCAL.647
00401D2B |. 8D4D C4
00401D2E |. E8 AD470000
fo.004064E0
00401D33 |. 8985 80DFFFFF
00401D39 |. 8B8D 80DFFFFF
00401D3F |. E8 3CCA0000
fo.0040E780
00401D44 |. 68 50864400
SCII "Romanian"
00401D49 |. E8 32C50200
fo.0042E280
00401D4E |. 83C4 04
00401D51 |. 8985 84DFFFFF
00401D57 |. 8B8D 84DFFFFF
00401D5D |. 51
[LOCAL.2079]
00401D5E |. 68 50864400
SCII "Romanian"
00401D63 |. 8B8D 80DFFFFF
00401D69 |. E8 E2D30000
fo.0040F150
00401D6E |. C645 FC 26
00401D72 |. 8D8D E4F5FFFF
00401D78 |. E8 03CA0000
fo.0040E780
00401D7D |. C645 FC 00
00401D81 |. 6A 00
00401D83 |. 6A 01
00401D85 |. 8D8D E4F5FFFF
00401D8B |. E8 D0DD0000
fo.0040FB60

PUSH OFFSET 00448660

; |Arg1 = A

MOV ECX,DWORD PTR SS:[LOCAL.2035]


CALL 0040F150

; |
; \SystemIn

MOV BYTE PTR SS:[LOCAL.1],24


LEA ECX,[LOCAL.636]
CALL 0040E780

; [SystemIn

MOV BYTE PTR SS:[LOCAL.1],0


PUSH 0
PUSH 1
LEA ECX,[LOCAL.636]
CALL 0040FB60

;
;
;
;

LEA EDX,[LOCAL.648+3]
PUSH EDX
PUSH OFFSET 0044865C

; /Arg2
; |Arg1 = S

LEA ECX,[LOCAL.647]
CALL 0040EC40

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.640],0


MOV DWORD PTR SS:[LOCAL.639],0
MOV DWORD PTR SS:[LOCAL.638],0
MOV BYTE PTR SS:[LOCAL.1],25
LEA EAX,[LOCAL.647]
PUSH EAX

; /Arg1 =>

LEA ECX,[LOCAL.15]
CALL 004064E0

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.2080],EAX


MOV ECX,DWORD PTR SS:[LOCAL.2080]
CALL 0040E780

; [SystemIn

PUSH OFFSET 00448650

; /Arg1 = A

CALL 0042E280

; \SystemIn

ADD ESP,4
MOV DWORD PTR SS:[LOCAL.2079],EAX
MOV ECX,DWORD PTR SS:[LOCAL.2079]
PUSH ECX

; /Arg2 =>

PUSH OFFSET 00448650

; |Arg1 = A

MOV ECX,DWORD PTR SS:[LOCAL.2080]


CALL 0040F150

; |
; \SystemIn

MOV BYTE PTR SS:[LOCAL.1],26


LEA ECX,[LOCAL.647]
CALL 0040E780

; [SystemIn

MOV BYTE PTR SS:[LOCAL.1],0


PUSH 0
PUSH 1
LEA ECX,[LOCAL.647]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

00401D90 |. 8D95 B7F5FFFF


00401D96 |. 52
00401D97 |. 68 4C864400
ystemInfo.44864C
00401D9C |. 8D8D B8F5FFFF
00401DA2 |. E8 99CE0000
fo.0040EC40
00401DA7 |. C785 D4F5FFFF
00401DB1 |. C785 D8F5FFFF
00401DBB |. C785 DCF5FFFF
00401DC5 |. C645 FC 27
00401DC9 |. 8D85 B8F5FFFF
00401DCF |. 50
OFFSET LOCAL.658
00401DD0 |. 8D4D C4
00401DD3 |. E8 08470000
fo.004064E0
00401DD8 |. 8985 CCDEFFFF
00401DDE |. 8B8D CCDEFFFF
00401DE4 |. E8 97C90000
fo.0040E780
00401DE9 |. 68 40864400
SCII "Norwegian"
00401DEE |. E8 8DC40200
fo.0042E280
00401DF3 |. 83C4 04
00401DF6 |. 8985 D0DEFFFF
00401DFC |. 8B8D D0DEFFFF
00401E02 |. 51
[LOCAL.2124]
00401E03 |. 68 40864400
SCII "Norwegian"
00401E08 |. 8B8D CCDEFFFF
00401E0E |. E8 3DD30000
fo.0040F150
00401E13 |. C645 FC 28
00401E17 |. 8D8D B8F5FFFF
00401E1D |. E8 5EC90000
fo.0040E780
00401E22 |. C645 FC 00
00401E26 |. 6A 00
00401E28 |. 6A 01
00401E2A |. 8D8D B8F5FFFF
00401E30 |. E8 2BDD0000
fo.0040FB60
00401E35 |. 8D95 8BF5FFFF
00401E3B |. 52
00401E3C |. 68 3C864400
ystemInfo.44863C
00401E41 |. 8D8D 8CF5FFFF
00401E47 |. E8 F4CD0000
fo.0040EC40
00401E4C |. C785 A8F5FFFF
00401E56 |. C785 ACF5FFFF
00401E60 |. C785 B0F5FFFF
00401E6A |. C645 FC 29
00401E6E |. 8D85 8CF5FFFF
00401E74 |. 50
OFFSET LOCAL.669
00401E75 |. 8D4D C4

LEA EDX,[LOCAL.659+3]
PUSH EDX
PUSH OFFSET 0044864C

; /Arg2
; |Arg1 = S

LEA ECX,[LOCAL.658]
CALL 0040EC40

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.651],0


MOV DWORD PTR SS:[LOCAL.650],0
MOV DWORD PTR SS:[LOCAL.649],0
MOV BYTE PTR SS:[LOCAL.1],27
LEA EAX,[LOCAL.658]
PUSH EAX

; /Arg1 =>

LEA ECX,[LOCAL.15]
CALL 004064E0

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.2125],EAX


MOV ECX,DWORD PTR SS:[LOCAL.2125]
CALL 0040E780

; [SystemIn

PUSH OFFSET 00448640

; /Arg1 = A

CALL 0042E280

; \SystemIn

ADD ESP,4
MOV DWORD PTR SS:[LOCAL.2124],EAX
MOV ECX,DWORD PTR SS:[LOCAL.2124]
PUSH ECX

; /Arg2 =>

PUSH OFFSET 00448640

; |Arg1 = A

MOV ECX,DWORD PTR SS:[LOCAL.2125]


CALL 0040F150

; |
; \SystemIn

MOV BYTE PTR SS:[LOCAL.1],28


LEA ECX,[LOCAL.658]
CALL 0040E780

; [SystemIn

MOV BYTE PTR SS:[LOCAL.1],0


PUSH 0
PUSH 1
LEA ECX,[LOCAL.658]
CALL 0040FB60

;
;
;
;

LEA EDX,[LOCAL.670+3]
PUSH EDX
PUSH OFFSET 0044863C

; /Arg2
; |Arg1 = S

LEA ECX,[LOCAL.669]
CALL 0040EC40

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.662],0


MOV DWORD PTR SS:[LOCAL.661],0
MOV DWORD PTR SS:[LOCAL.660],0
MOV BYTE PTR SS:[LOCAL.1],29
LEA EAX,[LOCAL.669]
PUSH EAX

; /Arg1 =>

LEA ECX,[LOCAL.15]

; |

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

00401E78 |. E8 63460000
fo.004064E0
00401E7D |. 8985 18DEFFFF
00401E83 |. 8B8D 18DEFFFF
00401E89 |. E8 F2C80000
fo.0040E780
00401E8E |. 68 34864400
SCII "Dutch"
00401E93 |. E8 E8C30200
fo.0042E280
00401E98 |. 83C4 04
00401E9B |. 8985 1CDEFFFF
00401EA1 |. 8B8D 1CDEFFFF
00401EA7 |. 51
[LOCAL.2169]
00401EA8 |. 68 34864400
SCII "Dutch"
00401EAD |. 8B8D 18DEFFFF
00401EB3 |. E8 98D20000
fo.0040F150
00401EB8 |. C645 FC 2A
00401EBC |. 8D8D 8CF5FFFF
00401EC2 |. E8 B9C80000
fo.0040E780
00401EC7 |. C645 FC 00
00401ECB |. 6A 00
00401ECD |. 6A 01
00401ECF |. 8D8D 8CF5FFFF
00401ED5 |. E8 86DC0000
fo.0040FB60
00401EDA |. 8D95 5FF5FFFF
00401EE0 |. 52
00401EE1 |. 68 30864400
ystemInfo.448630
00401EE6 |. 8D8D 60F5FFFF
00401EEC |. E8 4FCD0000
fo.0040EC40
00401EF1 |. C785 7CF5FFFF
00401EFB |. C785 80F5FFFF
00401F05 |. C785 84F5FFFF
00401F0F |. C645 FC 2B
00401F13 |. 8D85 60F5FFFF
00401F19 |. 50
OFFSET LOCAL.680
00401F1A |. 8D4D C4
00401F1D |. E8 BE450000
fo.004064E0
00401F22 |. 8985 64DDFFFF
00401F28 |. 8B8D 64DDFFFF
00401F2E |. E8 4DC80000
fo.0040E780
00401F33 |. 68 28864400
SCII "Polish"
00401F38 |. E8 43C30200
fo.0042E280
00401F3D |. 83C4 04
00401F40 |. 8985 68DDFFFF
00401F46 |. 8B8D 68DDFFFF
00401F4C |. 51
[LOCAL.2214]

CALL 004064E0

; \SystemIn

MOV DWORD PTR SS:[LOCAL.2170],EAX


MOV ECX,DWORD PTR SS:[LOCAL.2170]
CALL 0040E780

; [SystemIn

PUSH OFFSET 00448634

; /Arg1 = A

CALL 0042E280

; \SystemIn

ADD ESP,4
MOV DWORD PTR SS:[LOCAL.2169],EAX
MOV ECX,DWORD PTR SS:[LOCAL.2169]
PUSH ECX

; /Arg2 =>

PUSH OFFSET 00448634

; |Arg1 = A

MOV ECX,DWORD PTR SS:[LOCAL.2170]


CALL 0040F150

; |
; \SystemIn

MOV BYTE PTR SS:[LOCAL.1],2A


LEA ECX,[LOCAL.669]
CALL 0040E780

; [SystemIn

MOV BYTE PTR SS:[LOCAL.1],0


PUSH 0
PUSH 1
LEA ECX,[LOCAL.669]
CALL 0040FB60

;
;
;
;

LEA EDX,[LOCAL.681+3]
PUSH EDX
PUSH OFFSET 00448630

; /Arg2
; |Arg1 = S

LEA ECX,[LOCAL.680]
CALL 0040EC40

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.673],0


MOV DWORD PTR SS:[LOCAL.672],0
MOV DWORD PTR SS:[LOCAL.671],0
MOV BYTE PTR SS:[LOCAL.1],2B
LEA EAX,[LOCAL.680]
PUSH EAX

; /Arg1 =>

LEA ECX,[LOCAL.15]
CALL 004064E0

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.2215],EAX


MOV ECX,DWORD PTR SS:[LOCAL.2215]
CALL 0040E780

; [SystemIn

PUSH OFFSET 00448628

; /Arg1 = A

CALL 0042E280

; \SystemIn

ADD ESP,4
MOV DWORD PTR SS:[LOCAL.2214],EAX
MOV ECX,DWORD PTR SS:[LOCAL.2214]
PUSH ECX

; /Arg2 =>

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

00401F4D |. 68 28864400
SCII "Polish"
00401F52 |. 8B8D 64DDFFFF
00401F58 |. E8 F3D10000
fo.0040F150
00401F5D |. C645 FC 2C
00401F61 |. 8D8D 60F5FFFF
00401F67 |. E8 14C80000
fo.0040E780
00401F6C |. C645 FC 00
00401F70 |. 6A 00
00401F72 |. 6A 01
00401F74 |. 8D8D 60F5FFFF
00401F7A |. E8 E1DB0000
fo.0040FB60
00401F7F |. 8D95 33F5FFFF
00401F85 |. 52
00401F86 |. 68 24864400
ystemInfo.448624
00401F8B |. 8D8D 34F5FFFF
00401F91 |. E8 AACC0000
fo.0040EC40
00401F96 |. C785 50F5FFFF
00401FA0 |. C785 54F5FFFF
00401FAA |. C785 58F5FFFF
00401FB4 |. C645 FC 2D
00401FB8 |. 8D85 34F5FFFF
00401FBE |. 50
OFFSET LOCAL.691
00401FBF |. 8D4D C4
00401FC2 |. E8 19450000
fo.004064E0
00401FC7 |. 8985 B0DCFFFF
00401FCD |. 8B8D B0DCFFFF
00401FD3 |. E8 A8C70000
fo.0040E780
00401FD8 |. 68 1C864400
SCII "Spanish"
00401FDD |. E8 9EC20200
fo.0042E280
00401FE2 |. 83C4 04
00401FE5 |. 8985 B4DCFFFF
00401FEB |. 8B8D B4DCFFFF
00401FF1 |. 51
[LOCAL.2259]
00401FF2 |. 68 1C864400
SCII "Spanish"
00401FF7 |. 8B8D B0DCFFFF
00401FFD |. E8 4ED10000
fo.0040F150
00402002 |. C645 FC 2E
00402006 |. 8D8D 34F5FFFF
0040200C |. E8 6FC70000
fo.0040E780
00402011 |. C645 FC 00
00402015 |. 6A 00
00402017 |. 6A 01
00402019 |. 8D8D 34F5FFFF
0040201F |. E8 3CDB0000
fo.0040FB60

PUSH OFFSET 00448628

; |Arg1 = A

MOV ECX,DWORD PTR SS:[LOCAL.2215]


CALL 0040F150

; |
; \SystemIn

MOV BYTE PTR SS:[LOCAL.1],2C


LEA ECX,[LOCAL.680]
CALL 0040E780

; [SystemIn

MOV BYTE PTR SS:[LOCAL.1],0


PUSH 0
PUSH 1
LEA ECX,[LOCAL.680]
CALL 0040FB60

;
;
;
;

LEA EDX,[LOCAL.692+3]
PUSH EDX
PUSH OFFSET 00448624

; /Arg2
; |Arg1 = S

LEA ECX,[LOCAL.691]
CALL 0040EC40

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.684],0


MOV DWORD PTR SS:[LOCAL.683],0
MOV DWORD PTR SS:[LOCAL.682],0
MOV BYTE PTR SS:[LOCAL.1],2D
LEA EAX,[LOCAL.691]
PUSH EAX

; /Arg1 =>

LEA ECX,[LOCAL.15]
CALL 004064E0

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.2260],EAX


MOV ECX,DWORD PTR SS:[LOCAL.2260]
CALL 0040E780

; [SystemIn

PUSH OFFSET 0044861C

; /Arg1 = A

CALL 0042E280

; \SystemIn

ADD ESP,4
MOV DWORD PTR SS:[LOCAL.2259],EAX
MOV ECX,DWORD PTR SS:[LOCAL.2259]
PUSH ECX

; /Arg2 =>

PUSH OFFSET 0044861C

; |Arg1 = A

MOV ECX,DWORD PTR SS:[LOCAL.2260]


CALL 0040F150

; |
; \SystemIn

MOV BYTE PTR SS:[LOCAL.1],2E


LEA ECX,[LOCAL.691]
CALL 0040E780

; [SystemIn

MOV BYTE PTR SS:[LOCAL.1],0


PUSH 0
PUSH 1
LEA ECX,[LOCAL.691]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

00402024 |. 8D95 07F5FFFF


0040202A |. 52
0040202B |. 68 18864400
SCII "SU"
00402030 |. 8D8D 08F5FFFF
00402036 |. E8 05CC0000
fo.0040EC40
0040203B |. C785 24F5FFFF
00402045 |. C785 28F5FFFF
0040204F |. C785 2CF5FFFF
00402059 |. C645 FC 2F
0040205D |. 8D85 08F5FFFF
00402063 |. 50
OFFSET LOCAL.702
00402064 |. 8D4D C4
00402067 |. E8 74440000
fo.004064E0
0040206C |. 8985 FCDBFFFF
00402072 |. 8B8D FCDBFFFF
00402078 |. E8 03C70000
fo.0040E780
0040207D |. 68 10864400
SCII "Sesotho"
00402082 |. E8 F9C10200
fo.0042E280
00402087 |. 83C4 04
0040208A |. 8985 00DCFFFF
00402090 |. 8B8D 00DCFFFF
00402096 |. 51
[LOCAL.2304]
00402097 |. 68 10864400
SCII "Sesotho"
0040209C |. 8B8D FCDBFFFF
004020A2 |. E8 A9D00000
fo.0040F150
004020A7 |. C645 FC 30
004020AB |. 8D8D 08F5FFFF
004020B1 |. E8 CAC60000
fo.0040E780
004020B6 |. C645 FC 00
004020BA |. 6A 00
004020BC |. 6A 01
004020BE |. 8D8D 08F5FFFF
004020C4 |. E8 97DA0000
fo.0040FB60
004020C9 |. 8D95 DBF4FFFF
004020CF |. 52
004020D0 |. 68 0C864400
ystemInfo.44860C
004020D5 |. 8D8D DCF4FFFF
004020DB |. E8 60CB0000
fo.0040EC40
004020E0 |. C785 F8F4FFFF
004020EA |. C785 FCF4FFFF
004020F4 |. C785 00F5FFFF
004020FE |. C645 FC 31
00402102 |. 8D85 DCF4FFFF
00402108 |. 50
OFFSET LOCAL.713
00402109 |. 8D4D C4

LEA EDX,[LOCAL.703+3]
PUSH EDX
PUSH OFFSET 00448618

; /Arg2
; |Arg1 = A

LEA ECX,[LOCAL.702]
CALL 0040EC40

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.695],0


MOV DWORD PTR SS:[LOCAL.694],0
MOV DWORD PTR SS:[LOCAL.693],0
MOV BYTE PTR SS:[LOCAL.1],2F
LEA EAX,[LOCAL.702]
PUSH EAX

; /Arg1 =>

LEA ECX,[LOCAL.15]
CALL 004064E0

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.2305],EAX


MOV ECX,DWORD PTR SS:[LOCAL.2305]
CALL 0040E780

; [SystemIn

PUSH OFFSET 00448610

; /Arg1 = A

CALL 0042E280

; \SystemIn

ADD ESP,4
MOV DWORD PTR SS:[LOCAL.2304],EAX
MOV ECX,DWORD PTR SS:[LOCAL.2304]
PUSH ECX

; /Arg2 =>

PUSH OFFSET 00448610

; |Arg1 = A

MOV ECX,DWORD PTR SS:[LOCAL.2305]


CALL 0040F150

; |
; \SystemIn

MOV BYTE PTR SS:[LOCAL.1],30


LEA ECX,[LOCAL.702]
CALL 0040E780

; [SystemIn

MOV BYTE PTR SS:[LOCAL.1],0


PUSH 0
PUSH 1
LEA ECX,[LOCAL.702]
CALL 0040FB60

;
;
;
;

LEA EDX,[LOCAL.714+3]
PUSH EDX
PUSH OFFSET 0044860C

; /Arg2
; |Arg1 = S

LEA ECX,[LOCAL.713]
CALL 0040EC40

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.706],0


MOV DWORD PTR SS:[LOCAL.705],0
MOV DWORD PTR SS:[LOCAL.704],0
MOV BYTE PTR SS:[LOCAL.1],31
LEA EAX,[LOCAL.713]
PUSH EAX

; /Arg1 =>

LEA ECX,[LOCAL.15]

; |

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

0040210C |. E8 CF430000
fo.004064E0
00402111 |. 8985 48DBFFFF
00402117 |. 8B8D 48DBFFFF
0040211D |. E8 5EC60000
fo.0040E780
00402122 |. 68 00864400
SCII "Portuguese"
00402127 |. E8 54C10200
fo.0042E280
0040212C |. 83C4 04
0040212F |. 8985 4CDBFFFF
00402135 |. 8B8D 4CDBFFFF
0040213B |. 51
[LOCAL.2349]
0040213C |. 68 00864400
SCII "Portuguese"
00402141 |. 8B8D 48DBFFFF
00402147 |. E8 04D00000
fo.0040F150
0040214C |. C645 FC 32
00402150 |. 8D8D DCF4FFFF
00402156 |. E8 25C60000
fo.0040E780
0040215B |. C645 FC 00
0040215F |. 6A 00
00402161 |. 6A 01
00402163 |. 8D8D DCF4FFFF
00402169 |. E8 F2D90000
fo.0040FB60
0040216E |. 8D95 AFF4FFFF
00402174 |. 52
00402175 |. 68 FC854400
SCII "TG"
0040217A |. 8D8D B0F4FFFF
00402180 |. E8 BBCA0000
fo.0040EC40
00402185 |. C785 CCF4FFFF
0040218F |. C785 D0F4FFFF
00402199 |. C785 D4F4FFFF
004021A3 |. C645 FC 33
004021A7 |. 8D85 B0F4FFFF
004021AD |. 50
OFFSET LOCAL.724
004021AE |. 8D4D C4
004021B1 |. E8 2A430000
fo.004064E0
004021B6 |. 8985 94DAFFFF
004021BC |. 8B8D 94DAFFFF
004021C2 |. E8 B9C50000
fo.0040E780
004021C7 |. 68 F0854400
SCII "Tagaolog"
004021CC |. E8 AFC00200
fo.0042E280
004021D1 |. 83C4 04
004021D4 |. 8985 98DAFFFF
004021DA |. 8B8D 98DAFFFF
004021E0 |. 51
[LOCAL.2394]

CALL 004064E0

; \SystemIn

MOV DWORD PTR SS:[LOCAL.2350],EAX


MOV ECX,DWORD PTR SS:[LOCAL.2350]
CALL 0040E780

; [SystemIn

PUSH OFFSET 00448600

; /Arg1 = A

CALL 0042E280

; \SystemIn

ADD ESP,4
MOV DWORD PTR SS:[LOCAL.2349],EAX
MOV ECX,DWORD PTR SS:[LOCAL.2349]
PUSH ECX

; /Arg2 =>

PUSH OFFSET 00448600

; |Arg1 = A

MOV ECX,DWORD PTR SS:[LOCAL.2350]


CALL 0040F150

; |
; \SystemIn

MOV BYTE PTR SS:[LOCAL.1],32


LEA ECX,[LOCAL.713]
CALL 0040E780

; [SystemIn

MOV BYTE PTR SS:[LOCAL.1],0


PUSH 0
PUSH 1
LEA ECX,[LOCAL.713]
CALL 0040FB60

;
;
;
;

LEA EDX,[LOCAL.725+3]
PUSH EDX
PUSH OFFSET 004485FC

; /Arg2
; |Arg1 = A

LEA ECX,[LOCAL.724]
CALL 0040EC40

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.717],0


MOV DWORD PTR SS:[LOCAL.716],0
MOV DWORD PTR SS:[LOCAL.715],0
MOV BYTE PTR SS:[LOCAL.1],33
LEA EAX,[LOCAL.724]
PUSH EAX

; /Arg1 =>

LEA ECX,[LOCAL.15]
CALL 004064E0

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.2395],EAX


MOV ECX,DWORD PTR SS:[LOCAL.2395]
CALL 0040E780

; [SystemIn

PUSH OFFSET 004485F0

; /Arg1 = A

CALL 0042E280

; \SystemIn

ADD ESP,4
MOV DWORD PTR SS:[LOCAL.2394],EAX
MOV ECX,DWORD PTR SS:[LOCAL.2394]
PUSH ECX

; /Arg2 =>

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

004021E1 |. 68 F0854400
SCII "Tagaolog"
004021E6 |. 8B8D 94DAFFFF
004021EC |. E8 5FCF0000
fo.0040F150
004021F1 |. C645 FC 34
004021F5 |. 8D8D B0F4FFFF
004021FB |. E8 80C50000
fo.0040E780
00402200 |. C645 FC 00
00402204 |. 6A 00
00402206 |. 6A 01
00402208 |. 8D8D B0F4FFFF
0040220E |. E8 4DD90000
fo.0040FB60
00402213 |. 8D95 83F4FFFF
00402219 |. 52
0040221A |. 68 EC854400
SCII "TK"
0040221F |. 8D8D 84F4FFFF
00402225 |. E8 16CA0000
fo.0040EC40
0040222A |. C785 A0F4FFFF
00402234 |. C785 A4F4FFFF
0040223E |. C785 A8F4FFFF
00402248 |. C645 FC 35
0040224C |. 8D85 84F4FFFF
00402252 |. 50
OFFSET LOCAL.735
00402253 |. 8D4D C4
00402256 |. E8 85420000
fo.004064E0
0040225B |. 8985 E4D9FFFF
00402261 |. 8B8D E4D9FFFF
00402267 |. E8 14C50000
fo.0040E780
0040226C |. 68 E4854400
SCII "Turkish"
00402271 |. E8 9A350000
fo.00405810
00402276 |. 83C4 04
00402279 |. 50
0040227A |. 68 E4854400
SCII "Turkish"
0040227F |. 8B8D E4D9FFFF
00402285 |. E8 C6CE0000
fo.0040F150
0040228A |. C645 FC 00
0040228E |. 8D8D 84F4FFFF
00402294 |. E8 C7900000
fo.0040B360
00402299 |. 8D8D 57F4FFFF
0040229F |. E8 0CD30000
fo.0040F5B0
004022A4 |. 50
004022A5 |. 68 E0854400
SCII "TW"
004022AA |. 8D8D 58F4FFFF
004022B0 |. E8 DB8F0000
fo.0040B290

PUSH OFFSET 004485F0

; |Arg1 = A

MOV ECX,DWORD PTR SS:[LOCAL.2395]


CALL 0040F150

; |
; \SystemIn

MOV BYTE PTR SS:[LOCAL.1],34


LEA ECX,[LOCAL.724]
CALL 0040E780

; [SystemIn

MOV BYTE PTR SS:[LOCAL.1],0


PUSH 0
PUSH 1
LEA ECX,[LOCAL.724]
CALL 0040FB60

;
;
;
;

LEA EDX,[LOCAL.736+3]
PUSH EDX
PUSH OFFSET 004485EC

; /Arg2
; |Arg1 = A

LEA ECX,[LOCAL.735]
CALL 0040EC40

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.728],0


MOV DWORD PTR SS:[LOCAL.727],0
MOV DWORD PTR SS:[LOCAL.726],0
MOV BYTE PTR SS:[LOCAL.1],35
LEA EAX,[LOCAL.735]
PUSH EAX

; /Arg1 =>

LEA ECX,[LOCAL.15]
CALL 004064E0

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.2439],EAX


MOV ECX,DWORD PTR SS:[LOCAL.2439]
CALL 0040E780

; [SystemIn

PUSH OFFSET 004485E4

; /Arg1 = A

CALL 00405810

; \SystemIn

ADD ESP,4
PUSH EAX
PUSH OFFSET 004485E4

; /Arg2
; |Arg1 = A

MOV ECX,DWORD PTR SS:[LOCAL.2439]


CALL 0040F150

; |
; \SystemIn

MOV BYTE PTR SS:[LOCAL.1],0


LEA ECX,[LOCAL.735]
CALL 0040B360

; [SystemIn

LEA ECX,[LOCAL.747+3]
CALL 0040F5B0

; [SystemIn

PUSH EAX
PUSH OFFSET 004485E0

; /Arg2
; |Arg1 = A

LEA ECX,[LOCAL.746]
CALL 0040B290

; |
; \SystemIn

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

004022B5 |. C645 FC 36
004022B9 |. 68 DC854400
SCII "Twi"
004022BE |. 8D8D 58F4FFFF
004022C4 |. 51
OFFSET LOCAL.746
004022C5 |. 8D4D C4
004022C8 |. E8 13420000
nfo.004064E0
004022CD |. 8BC8
004022CF |. E8 8C930000
fo.0040B660
004022D4 |. C645 FC 00
004022D8 |. 8D8D 58F4FFFF
004022DE |. E8 7D900000
fo.0040B360
004022E3 |. 8D8D 2BF4FFFF
004022E9 |. E8 C2D20000
fo.0040F5B0
004022EE |. 50
004022EF |. 68 D8854400
ystemInfo.4485D8
004022F4 |. 8D8D 2CF4FFFF
004022FA |. E8 918F0000
fo.0040B290
004022FF |. C645 FC 37
00402303 |. 68 D0854400
SCII "Russian"
00402308 |. 8D95 2CF4FFFF
0040230E |. 52
OFFSET LOCAL.757
0040230F |. 8D4D C4
00402312 |. E8 C9410000
nfo.004064E0
00402317 |. 8BC8
00402319 |. E8 42930000
fo.0040B660
0040231E |. C645 FC 00
00402322 |. 8D8D 2CF4FFFF
00402328 |. E8 33900000
fo.0040B360
0040232D |. 8D8D FFF3FFFF
00402333 |. E8 78D20000
fo.0040F5B0
00402338 |. 50
00402339 |. 68 CC854400
ystemInfo.4485CC
0040233E |. 8D8D 00F4FFFF
00402344 |. E8 478F0000
fo.0040B290
00402349 |. C645 FC 38
0040234D |. 68 C4854400
SCII "German"
00402352 |. 8D85 00F4FFFF
00402358 |. 50
OFFSET LOCAL.768
00402359 |. 8D4D C4
0040235C |. E8 7F410000
nfo.004064E0
00402361 |. 8BC8

MOV BYTE PTR SS:[LOCAL.1],36


PUSH OFFSET 004485DC

; /Arg1 = A

LEA ECX,[LOCAL.746]
PUSH ECX

; |
; |/Arg1 =>

LEA ECX,[LOCAL.15]
CALL 004064E0

; ||
; |\SystemI

MOV ECX,EAX
CALL 0040B660

; |
; \SystemIn

MOV BYTE PTR SS:[LOCAL.1],0


LEA ECX,[LOCAL.746]
CALL 0040B360

; [SystemIn

LEA ECX,[LOCAL.758+3]
CALL 0040F5B0

; [SystemIn

PUSH EAX
PUSH OFFSET 004485D8

; /Arg2
; |Arg1 = S

LEA ECX,[LOCAL.757]
CALL 0040B290

; |
; \SystemIn

MOV BYTE PTR SS:[LOCAL.1],37


PUSH OFFSET 004485D0

; /Arg1 = A

LEA EDX,[LOCAL.757]
PUSH EDX

; |
; |/Arg1 =>

LEA ECX,[LOCAL.15]
CALL 004064E0

; ||
; |\SystemI

MOV ECX,EAX
CALL 0040B660

; |
; \SystemIn

MOV BYTE PTR SS:[LOCAL.1],0


LEA ECX,[LOCAL.757]
CALL 0040B360

; [SystemIn

LEA ECX,[LOCAL.769+3]
CALL 0040F5B0

; [SystemIn

PUSH EAX
PUSH OFFSET 004485CC

; /Arg2
; |Arg1 = S

LEA ECX,[LOCAL.768]
CALL 0040B290

; |
; \SystemIn

MOV BYTE PTR SS:[LOCAL.1],38


PUSH OFFSET 004485C4

; /Arg1 = A

LEA EAX,[LOCAL.768]
PUSH EAX

; |
; |/Arg1 =>

LEA ECX,[LOCAL.15]
CALL 004064E0

; ||
; |\SystemI

MOV ECX,EAX

; |

00402363 |. E8 F8920000 CALL 0040B660


fo.0040B660
00402368 |. C645 FC 00
MOV BYTE PTR SS:[LOCAL.1],0
0040236C |. 8D8D 00F4FFFF LEA ECX,[LOCAL.768]
00402372 |. E8 E98F0000 CALL 0040B360
fo.0040B360
00402377 |. 8D8D D3F3FFFF LEA ECX,[LOCAL.780+3]
0040237D |. E8 2ED20000 CALL 0040F5B0
fo.0040F5B0
00402382 |. 50
PUSH EAX
00402383 |. 68 C0854400 PUSH OFFSET 004485C0
SCII "ZU"
00402388 |. 8D8D D4F3FFFF LEA ECX,[LOCAL.779]
0040238E |. E8 FD8E0000 CALL 0040B290
fo.0040B290
00402393 |. C645 FC 39
MOV BYTE PTR SS:[LOCAL.1],39
00402397 |. 68 B8854400 PUSH OFFSET 004485B8
SCII "Zulu"
0040239C |. 8D8D D4F3FFFF LEA ECX,[LOCAL.779]
004023A2 |. 51
PUSH ECX
OFFSET LOCAL.779
004023A3 |. 8D4D C4
LEA ECX,[LOCAL.15]
004023A6 |. E8 35410000 CALL 004064E0
nfo.004064E0
004023AB |. 8BC8
MOV ECX,EAX
004023AD |. E8 AE920000 CALL 0040B660
fo.0040B660
004023B2 |. C645 FC 00
MOV BYTE PTR SS:[LOCAL.1],0
004023B6 |. 8D8D D4F3FFFF LEA ECX,[LOCAL.779]
004023BC |. E8 9F8F0000 CALL 0040B360
fo.0040B360
004023C1 |. 8D4D A8
LEA ECX,[LOCAL.22]
004023C4 |. E8 07460000 CALL 004069D0
fo.004069D0
004023C9 |. C645 FC 3A
MOV BYTE PTR SS:[LOCAL.1],3A
004023CD |. 8D55 C0
LEA EDX,[LOCAL.16]
004023D0 |. 52
PUSH EDX
=> OFFSET LOCAL.16
004023D1 |. 68 19000200 PUSH 20019
ccess = KEY_READ
004023D6 |. 6A 00
PUSH 0
= 0
004023D8 |. 68 94854400 PUSH OFFSET 00448594
"Software\Watchtower\MEPS\Location"
004023DD |. 68 02000080 PUSH 80000002
KEY_LOCAL_MACHINE
004023E2 |. FF15 08804400 CALL DWORD PTR DS:[<&ADVAPI32.RegOpenKey
.RegOpenKeyExA
004023E8 |. 85C0
TEST EAX,EAX
004023EA |. 74 4B
JE SHORT 00402437
004023EC |. 68 409A4000 PUSH 00409A40
ystemInfo.409A40
004023F1 |. 68 80854400 PUSH OFFSET 00448580
o installations"
004023F6 |. 68 77874400 PUSH OFFSET 00448777
004023FB |. 6A 06
PUSH 6
6
004023FD |. 8D85 C8F3FFFF LEA EAX,[LOCAL.782]
00402403 |. 50
PUSH EAX
OFFSET LOCAL.782

; \SystemIn

; [SystemIn
; [SystemIn
; /Arg2
; |Arg1 = A
; |
; \SystemIn
; /Arg1 = A
; |
; |/Arg1 =>
; ||
; |\SystemI
; |
; \SystemIn

; [SystemIn
; [SystemIn

; /pResult
; |DesiredA
; |Reserved
; |SubKey =
; |hKey = H
; \ADVAPI32

; /Arg1 = S
; |ASCII "N
; |
; |/Arg2 =
; ||
; ||Arg1 =>

00402404 |. E8 8FB30200
nfo.0042D798
00402409 |. 83C4 08
0040240C |. 50
0040240D |. 8B4D 08
00402410 |. 51
[ARG.1]
00402411 |. E8 0A850000
nfo.0040A920
00402416 |. 83C4 08
00402419 |. 50
0040241A |. E8 41850000
0040241F |. 83C4 08
00402422 |. 50
00402423 |. E8 38850000
00402428 |. 83C4 08
0040242B |. 8BC8
0040242D |. E8 FE360000
fo.00405B30
00402432 |. E9 41200000
00402437 |> C785 98FEFFFF
00402441 |. C785 98FEFFFF
0040244B |. EB 0F
0040244D |> 8B95 98FEFFFF
00402453 |. 83C2 01
00402456 |. 8995 98FEFFFF
0040245C |> C745 A4 00010
00402463 |. 8D45 E8
00402466 |. 50
teTime => OFFSET LOCAL.6
00402467 |. 6A 00
n = NULL
00402469 |. 6A 00
NULL
0040246B |. 6A 00
= 0
0040246D |. 8D4D A4
00402470 |. 51
=> OFFSET LOCAL.23
00402471 |. 8D95 9CFEFFFF
00402477 |. 52
OFFSET LOCAL.89
00402478 |. 8B85 98FEFFFF
0040247E |. 50
[LOCAL.90]
0040247F |. 8B4D C0
00402482 |. 51
[LOCAL.16]
00402483 |. FF15 0C804400
.RegEnumKeyExA
00402489 |. 8945 F0
0040248C |. 837D F0 00
00402490 |. 0F85 31180000
00402496 |. 8D95 80FCFFFF
0040249C |. 52
=> OFFSET LOCAL.224
0040249D |. 6A 01
ccess = KEY_QUERY_VALUE
0040249F |. 6A 00
= 0

CALL 0042D798

; |\SystemI

ADD ESP,8
PUSH EAX
MOV ECX,DWORD PTR SS:[ARG.1]
PUSH ECX

;
;
;
;

CALL 0040A920

; |\SystemI

ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
MOV ECX,EAX
CALL 00405B30

;
;
;
;
;
;
;
;
;

JMP 00404478
MOV DWORD PTR SS:[LOCAL.90],0
MOV DWORD PTR SS:[LOCAL.90],0
JMP SHORT 0040245C
/MOV EDX,DWORD PTR SS:[LOCAL.90]
|ADD EDX,1
|MOV DWORD PTR SS:[LOCAL.90],EDX
|MOV DWORD PTR SS:[LOCAL.23],100
|LEA EAX,[LOCAL.6]
|PUSH EAX

; /pLastWri

|PUSH 0

; |pClassLe

|PUSH 0

; |Class =

|PUSH 0

; |Reserved

|LEA ECX,[LOCAL.23]
|PUSH ECX

; |
; |pNameLen

|LEA EDX,[LOCAL.89]
|PUSH EDX

; |
; |Name =>

|MOV EAX,DWORD PTR SS:[LOCAL.90]


|PUSH EAX

; |
; |Index =>

|MOV ECX,DWORD PTR SS:[LOCAL.16]


|PUSH ECX

; |
; |hKey =>

|
|/Arg2
||
||Arg1 =>

|
|
|
|
|
|
|
|
\SystemIn

|CALL DWORD PTR DS:[<&ADVAPI32.RegEnumKe ; \ADVAPI32


|MOV DWORD PTR SS:[LOCAL.4],EAX
|CMP DWORD PTR SS:[LOCAL.4],0
|JNE 00403CC7
|LEA EDX,[LOCAL.224]
|PUSH EDX

; /pResult

|PUSH 1

; |DesiredA

|PUSH 0

; |Reserved

004024A1 |. 8D85 9CFEFFFF


004024A7 |. 50
> OFFSET LOCAL.89
004024A8 |. 8B4D C0
004024AB |. 51
[LOCAL.16]
004024AC |. FF15 08804400
.RegOpenKeyExA
004024B2 |. 85C0
004024B4 |. 74 02
004024B6 |.^ EB 95
004024B8 |> C785 84FDFFFF
004024C2 |. C785 84FDFFFF
004024CC |. EB 0F
004024CE |> 8B95 84FDFFFF
004024D4 |. 83C2 01
004024D7 |. 8995 84FDFFFF
004024DD |> C785 78FCFFFF
004024E7 |. C785 88FDFFFF
004024F1 |. 8D85 78FCFFFF
004024F7 |. 50
=> OFFSET LOCAL.226
004024F8 |. 8D8D 94FDFFFF
004024FE |. 51
OFFSET LOCAL.155
004024FF |. 8D95 7CFCFFFF
00402505 |. 52
OFFSET LOCAL.225
00402506 |. 6A 00
= 0
00402508 |. 8D85 88FDFFFF
0040250E |. 50
=> OFFSET LOCAL.158
0040250F |. 8D8D 84FCFFFF
00402515 |. 51
OFFSET LOCAL.223
00402516 |. 8B95 84FDFFFF
0040251C |. 52
[LOCAL.159]
0040251D |. 8B85 80FCFFFF
00402523 |. 50
[LOCAL.224]
00402524 |. FF15 10804400
.RegEnumValueA
0040252A |. 8945 F0
0040252D |. 837D F0 00
00402531 |. 0F85 10160000
00402537 |. 8D8D 9BF3FFFF
0040253D |. E8 6ED00000
fo.0040F5B0
00402542 |. 50
00402543 |. 8D8D 9CFEFFFF
00402549 |. 51
OFFSET LOCAL.89
0040254A |. 8D8D 9CF3FFFF
00402550 |. E8 3B8D0000
fo.0040B290
00402555 |. C645 FC 3B
00402559 |. 8D95 88F3FFFF
0040255F |. 52

|LEA EAX,[LOCAL.89]
|PUSH EAX

; |
; |SubKey =

|MOV ECX,DWORD PTR SS:[LOCAL.16]


|PUSH ECX

; |
; |hKey =>

|CALL DWORD PTR DS:[<&ADVAPI32.RegOpenKe ; \ADVAPI32


|TEST EAX,EAX
|JE SHORT 004024B8
|JMP SHORT 0040244D
|MOV DWORD PTR SS:[LOCAL.159],0
|MOV DWORD PTR SS:[LOCAL.159],0
|JMP SHORT 004024DD
|/MOV EDX,DWORD PTR SS:[LOCAL.159]
||ADD EDX,1
||MOV DWORD PTR SS:[LOCAL.159],EDX
||MOV DWORD PTR SS:[LOCAL.226],100
||MOV DWORD PTR SS:[LOCAL.158],100
||LEA EAX,[LOCAL.226]
||PUSH EAX

; /pDataLen

||LEA ECX,[LOCAL.155]
||PUSH ECX

; |
; |Data =>

||LEA EDX,[LOCAL.225]
||PUSH EDX

; |
; |pType =>

||PUSH 0

; |Reserved

||LEA EAX,[LOCAL.158]
||PUSH EAX

; |
; |pNameLen

||LEA ECX,[LOCAL.223]
||PUSH ECX

; |
; |Name =>

||MOV EDX,DWORD PTR SS:[LOCAL.159]


||PUSH EDX

; |
; |Index =>

||MOV EAX,DWORD PTR SS:[LOCAL.224]


||PUSH EAX

; |
; |hKey =>

||CALL DWORD PTR DS:[<&ADVAPI32.RegEnumV ; \ADVAPI32


||MOV DWORD PTR SS:[LOCAL.4],EAX
||CMP DWORD PTR SS:[LOCAL.4],0
||JNE 00403B47
||LEA ECX,[LOCAL.794+3]
||CALL 0040F5B0

; [SystemIn

||PUSH EAX
||LEA ECX,[LOCAL.89]
||PUSH ECX

; /Arg2
; |
; |Arg1 =>

||LEA ECX,[LOCAL.793]
||CALL 0040B290

; |
; \SystemIn

||MOV BYTE PTR SS:[LOCAL.1],3B


||LEA EDX,[LOCAL.798]
||PUSH EDX

; /Arg1 =>

OFFSET LOCAL.798
00402560 |. 8D4D C4
00402563 |. E8 08040200
fo.00422970
00402568 |. 50
00402569 |. 8D85 9CF3FFFF
0040256F |. 50
OFFSET LOCAL.793
00402570 |. 8D8D 90F3FFFF
00402576 |. 51
OFFSET LOCAL.796
00402577 |. 8D4D C4
0040257A |. E8 11420000
nfo.00406790
0040257F |. 8BC8
00402581 |. E8 DA470000
fo.00406D60
00402586 |. 8885 C7F3FFFF
0040258C |. C645 FC 3A
00402590 |. 8D8D 9CF3FFFF
00402596 |. E8 C58D0000
fo.0040B360
0040259B |. 0FB695 C7F3FF
004025A2 |. 85D2
004025A4 |. 0F84 6D010000
004025AA |. 8D8D 5BF3FFFF
004025B0 |. E8 FBCF0000
fo.0040F5B0
004025B5 |. 50
004025B6 |. 68 6C854400
SCII "Unknown Language ("
004025BB |. 8D8D 5CF3FFFF
004025C1 |. E8 CA8C0000
fo.0040B290
004025C6 |. 8985 D4D9FFFF
004025CC |. 8B85 D4D9FFFF
004025D2 |. 8985 D0D9FFFF
004025D8 |. C645 FC 3C
004025DC |. 8D8D 9CFEFFFF
004025E2 |. 51
OFFSET LOCAL.89
004025E3 |. 8B95 D0D9FFFF
004025E9 |. 52
[LOCAL.2444]
004025EA |. 8D85 30F3FFFF
004025F0 |. 50
OFFSET LOCAL.820
004025F1 |. E8 FAC30000
fo.0040E9F0
004025F6 |. 83C4 0C
004025F9 |. 8985 CCD9FFFF
004025FF |. 8B8D CCD9FFFF
00402605 |. 898D C8D9FFFF
0040260B |. C645 FC 3D
0040260F |. 68 68854400
ystemInfo.448568
00402614 |. 8B95 C8D9FFFF
0040261A |. 52
[LOCAL.2446]
0040261B |. 8D85 08F3FFFF

||LEA ECX,[LOCAL.15]
||CALL 00422970

; |
; \SystemIn

||PUSH EAX
||LEA EAX,[LOCAL.793]
||PUSH EAX

; /Arg1
; |
; |/Arg2 =>

||LEA ECX,[LOCAL.796]
||PUSH ECX

; ||
; ||Arg1 =>

||LEA ECX,[LOCAL.15]
||CALL 00406790

; ||
; |\SystemI

||MOV ECX,EAX
||CALL 00406D60

; |
; \SystemIn

||MOV BYTE PTR SS:[LOCAL.783+3],AL


||MOV BYTE PTR SS:[LOCAL.1],3A
||LEA ECX,[LOCAL.793]
||CALL 0040B360

; [SystemIn

||MOVZX EDX,BYTE PTR SS:[LOCAL.783+3]


||TEST EDX,EDX
||JE 00402717
||LEA ECX,[LOCAL.810+3]
||CALL 0040F5B0

; [SystemIn

||PUSH EAX
||PUSH OFFSET 0044856C

; /Arg2
; |Arg1 = A

||LEA ECX,[LOCAL.809]
||CALL 0040B290

; |
; \SystemIn

||MOV DWORD PTR SS:[LOCAL.2443],EAX


||MOV EAX,DWORD PTR SS:[LOCAL.2443]
||MOV DWORD PTR SS:[LOCAL.2444],EAX
||MOV BYTE PTR SS:[LOCAL.1],3C
||LEA ECX,[LOCAL.89]
||PUSH ECX

; /Arg3 =>

||MOV EDX,DWORD PTR SS:[LOCAL.2444]


||PUSH EDX

; |
; |Arg2 =>

||LEA EAX,[LOCAL.820]
||PUSH EAX

; |
; |Arg1 =>

||CALL 0040E9F0

; \SystemIn

||ADD ESP,0C
||MOV DWORD PTR SS:[LOCAL.2445],EAX
||MOV ECX,DWORD PTR SS:[LOCAL.2445]
||MOV DWORD PTR SS:[LOCAL.2446],ECX
||MOV BYTE PTR SS:[LOCAL.1],3D
||PUSH OFFSET 00448568

; /Arg3 = S

||MOV EDX,DWORD PTR SS:[LOCAL.2446]


||PUSH EDX

; |
; |Arg2 =>

||LEA EAX,[LOCAL.830]

; |

00402621 |. 50
OFFSET LOCAL.830
00402622 |. E8 C9C30000
fo.0040E9F0
00402627 |. 83C4 0C
0040262A |. 8985 C4D9FFFF
00402630 |. 8B8D C4D9FFFF
00402636 |. 898D C0D9FFFF
0040263C |. C645 FC 3E
00402640 |. 6A 20
0
00402642 |. 8D95 87F3FFFF
00402648 |. 52
00402649 |. E8 C2870000
fo.0040AE10
0040264E |. 83C4 08
00402651 |. 50
00402652 |. 68 009A4000
SystemInfo.409A00
00402657 |. 8B85 C0D9FFFF
0040265D |. 50
0040265E |. 68 C0994000
SystemInfo.4099C0
00402663 |. 6A 2E
= 2E
00402665 |. 8D8D 07F3FFFF
0040266B |. 51
0040266C |. E8 9F870000
mInfo.0040AE10
00402671 |. 83C4 08
00402674 |. 50
00402675 |. 6A 23
= 23
00402677 |. 8D95 FCF2FFFF
0040267D |. 52
=> OFFSET LOCAL.833
0040267E |. E8 15B10200
emInfo.0042D798
00402683 |. 83C4 08
00402686 |. 50
00402687 |. 68 77874400
0040268C |. 6A 06
2 = 6
0040268E |. 8D85 F4F2FFFF
00402694 |. 50
1 => OFFSET LOCAL.835
00402695 |. E8 FEB00200
temInfo.0042D798
0040269A |. 83C4 08
0040269D |. 50
2
0040269E |. 8B4D 08
004026A1 |. 51
1 => [ARG.1]
004026A2 |. E8 79820000
temInfo.0040A920
004026A7 |. 83C4 08
004026AA |. 50
004026AB |. E8 B0820000
004026B0 |. 83C4 08

||PUSH EAX

; |Arg1 =>

||CALL 0040E9F0

; \SystemIn

||ADD ESP,0C
||MOV DWORD PTR SS:[LOCAL.2447],EAX
||MOV ECX,DWORD PTR SS:[LOCAL.2447]
||MOV DWORD PTR SS:[LOCAL.2448],ECX
||MOV BYTE PTR SS:[LOCAL.1],3E
||PUSH 20

; /Arg2 = 2

||LEA EDX,[LOCAL.799+3]
||PUSH EDX
||CALL 0040AE10

; |
; |Arg1
; \SystemIn

||ADD ESP,8
||PUSH EAX
||PUSH 00409A00

; /Arg2
; |/Arg1 =

||MOV EAX,DWORD PTR SS:[LOCAL.2448]


||PUSH EAX
||PUSH 004099C0

; ||
; ||
; ||/Arg1 =

||PUSH 2E

; |||/Arg2

||LEA ECX,[LOCAL.831+3]
||PUSH ECX
||CALL 0040AE10

; ||||
; ||||Arg1
; |||\Syste

||ADD ESP,8
||PUSH EAX
||PUSH 23

; |||
; |||/Arg2
; ||||/Arg2

||LEA EDX,[LOCAL.833]
||PUSH EDX

; |||||
; |||||Arg1

||CALL 0042D798

; ||||\Syst

||ADD ESP,8
||PUSH EAX
||PUSH OFFSET 00448777
||PUSH 6

;
;
;
;

||LEA EAX,[LOCAL.835]
||PUSH EAX

; ||||||
; ||||||Arg

||CALL 0042D798

; |||||\Sys

||ADD ESP,8
||PUSH EAX

; |||||
; |||||/Arg

||MOV ECX,DWORD PTR SS:[ARG.1]


||PUSH ECX

; ||||||
; ||||||Arg

||CALL 0040A920

; |||||\Sys

||ADD ESP,8
||PUSH EAX
||CALL 0040A960
||ADD ESP,8

;
;
;
;

||||
||||/Arg2
|||||
|||||/Arg

|||||
|||||
|||||
|||||

004026B3 |. 50
004026B4 |. E8 67820000
emInfo.0040A920
004026B9 |. 83C4 08
004026BC |. 50
004026BD |. E8 5E870000
mInfo.0040AE20
004026C2 |. 83C4 08
004026C5 |. 8BC8
004026C7 |. E8 84340000
Info.00405B50
004026CC |. 50
004026CD |. E8 8E870000
004026D2 |. 83C4 08
004026D5 |. 8BC8
004026D7 |. E8 74340000
nfo.00405B50
004026DC |. 50
004026DD |. E8 3E870000
fo.0040AE20
004026E2 |. 83C4 08
004026E5 |. C645 FC 3D
004026E9 |. 8D8D 08F3FFFF
004026EF |. E8 6C8C0000
fo.0040B360
004026F4 |. C645 FC 3C
004026F8 |. 8D8D 30F3FFFF
004026FE |. E8 5D8C0000
fo.0040B360
00402703 |. C645 FC 3A
00402707 |. 8D8D 5CF3FFFF
0040270D |. E8 4E8C0000
fo.0040B360
00402712 |. E9 A1010000
00402717 |> 8D8D C7F2FFFF
0040271D |. E8 8ECE0000
fo.0040F5B0
00402722 |. 50
00402723 |. 8D95 9CFEFFFF
00402729 |. 52
OFFSET LOCAL.89
0040272A |. 8D8D C8F2FFFF
00402730 |. E8 5B8B0000
fo.0040B290
00402735 |. C645 FC 3F
00402739 |. 68 64854400
SCII " ("
0040273E |. 8D85 C8F2FFFF
00402744 |. 50
OFFSET LOCAL.846
00402745 |. 8D4D C4
00402748 |. E8 933D0000
nfo.004064E0
0040274D |. 50
0040274E |. 8D8D 9CF2FFFF
00402754 |. 51
OFFSET LOCAL.857
00402755 |. E8 96C20000
fo.0040E9F0
0040275A |. 83C4 0C

||PUSH EAX
||CALL 0040A920

; |||||Arg1
; ||||\Syst

||ADD ESP,8
||PUSH EAX
||CALL 0040AE20

; ||||
; ||||Arg1
; |||\Syste

||ADD ESP,8
||MOV ECX,EAX
||CALL 00405B50

; |||
; |||
; ||\System

||PUSH EAX
||CALL 0040AE60
||ADD ESP,8
||MOV ECX,EAX
||CALL 00405B50

;
;
;
;
;

||PUSH EAX
||CALL 0040AE20

; |Arg1
; \SystemIn

||ADD ESP,8
||MOV BYTE PTR SS:[LOCAL.1],3D
||LEA ECX,[LOCAL.830]
||CALL 0040B360

; [SystemIn

||MOV BYTE PTR SS:[LOCAL.1],3C


||LEA ECX,[LOCAL.820]
||CALL 0040B360

; [SystemIn

||MOV BYTE PTR SS:[LOCAL.1],3A


||LEA ECX,[LOCAL.809]
||CALL 0040B360

; [SystemIn

||JMP 004028B8
||LEA ECX,[LOCAL.847+3]
||CALL 0040F5B0

; [SystemIn

||PUSH EAX
||LEA EDX,[LOCAL.89]
||PUSH EDX

; /Arg2
; |
; |Arg1 =>

||LEA ECX,[LOCAL.846]
||CALL 0040B290

; |
; \SystemIn

||MOV BYTE PTR SS:[LOCAL.1],3F


||PUSH OFFSET 00448564

; /Arg3 = A

||LEA EAX,[LOCAL.846]
||PUSH EAX

; |
; |/Arg1 =>

||LEA ECX,[LOCAL.15]
||CALL 004064E0

; ||
; |\SystemI

||PUSH EAX
||LEA ECX,[LOCAL.857]
||PUSH ECX

; |Arg2
; |
; |Arg1 =>

||CALL 0040E9F0

; \SystemIn

||ADD ESP,0C

||
||
||
||
|\SystemI

0040275D |. 8985 BCD9FFFF


00402763 |. 8B95 BCD9FFFF
00402769 |. 8995 B8D9FFFF
0040276F |. C645 FC 40
00402773 |. 8D85 9CFEFFFF
00402779 |. 50
OFFSET LOCAL.89
0040277A |. 8B8D B8D9FFFF
00402780 |. 51
[LOCAL.2450]
00402781 |. 8D95 74F2FFFF
00402787 |. 52
OFFSET LOCAL.867
00402788 |. E8 63C20000
fo.0040E9F0
0040278D |. 83C4 0C
00402790 |. 8985 B4D9FFFF
00402796 |. 8B85 B4D9FFFF
0040279C |. 8985 B0D9FFFF
004027A2 |. C645 FC 41
004027A6 |. 68 68854400
ystemInfo.448568
004027AB |. 8B8D B0D9FFFF
004027B1 |. 51
[LOCAL.2452]
004027B2 |. 8D95 4CF2FFFF
004027B8 |. 52
OFFSET LOCAL.877
004027B9 |. E8 32C20000
fo.0040E9F0
004027BE |. 83C4 0C
004027C1 |. 8985 ACD9FFFF
004027C7 |. 8B85 ACD9FFFF
004027CD |. 8985 A8D9FFFF
004027D3 |. C645 FC 42
004027D7 |. 6A 20
0
004027D9 |. 8D8D F3F2FFFF
004027DF |. 51
004027E0 |. E8 2B860000
fo.0040AE10
004027E5 |. 83C4 08
004027E8 |. 50
004027E9 |. 68 009A4000
SystemInfo.409A00
004027EE |. 8B95 A8D9FFFF
004027F4 |. 52
004027F5 |. 68 C0994000
SystemInfo.4099C0
004027FA |. 6A 2E
= 2E
004027FC |. 8D85 4BF2FFFF
00402802 |. 50
00402803 |. E8 08860000
mInfo.0040AE10
00402808 |. 83C4 08
0040280B |. 50
0040280C |. 6A 23
= 23
0040280E |. 8D8D 40F2FFFF

||MOV DWORD PTR SS:[LOCAL.2449],EAX


||MOV EDX,DWORD PTR SS:[LOCAL.2449]
||MOV DWORD PTR SS:[LOCAL.2450],EDX
||MOV BYTE PTR SS:[LOCAL.1],40
||LEA EAX,[LOCAL.89]
||PUSH EAX

; /Arg3 =>

||MOV ECX,DWORD PTR SS:[LOCAL.2450]


||PUSH ECX

; |
; |Arg2 =>

||LEA EDX,[LOCAL.867]
||PUSH EDX

; |
; |Arg1 =>

||CALL 0040E9F0

; \SystemIn

||ADD ESP,0C
||MOV DWORD PTR SS:[LOCAL.2451],EAX
||MOV EAX,DWORD PTR SS:[LOCAL.2451]
||MOV DWORD PTR SS:[LOCAL.2452],EAX
||MOV BYTE PTR SS:[LOCAL.1],41
||PUSH OFFSET 00448568

; /Arg3 = S

||MOV ECX,DWORD PTR SS:[LOCAL.2452]


||PUSH ECX

; |
; |Arg2 =>

||LEA EDX,[LOCAL.877]
||PUSH EDX

; |
; |Arg1 =>

||CALL 0040E9F0

; \SystemIn

||ADD ESP,0C
||MOV DWORD PTR SS:[LOCAL.2453],EAX
||MOV EAX,DWORD PTR SS:[LOCAL.2453]
||MOV DWORD PTR SS:[LOCAL.2454],EAX
||MOV BYTE PTR SS:[LOCAL.1],42
||PUSH 20

; /Arg2 = 2

||LEA ECX,[LOCAL.836+3]
||PUSH ECX
||CALL 0040AE10

; |
; |Arg1
; \SystemIn

||ADD ESP,8
||PUSH EAX
||PUSH 00409A00

; /Arg2
; |/Arg1 =

||MOV EDX,DWORD PTR SS:[LOCAL.2454]


||PUSH EDX
||PUSH 004099C0

; ||
; ||
; ||/Arg1 =

||PUSH 2E

; |||/Arg2

||LEA EAX,[LOCAL.878+3]
||PUSH EAX
||CALL 0040AE10

; ||||
; ||||Arg1
; |||\Syste

||ADD ESP,8
||PUSH EAX
||PUSH 23

; |||
; |||/Arg2
; ||||/Arg2

||LEA ECX,[LOCAL.880]

; |||||

00402814 |. 51
=> OFFSET LOCAL.880
00402815 |. E8 7EAF0200
emInfo.0042D798
0040281A |. 83C4 08
0040281D |. 50
0040281E |. 68 77874400
00402823 |. 6A 06
2 = 6
00402825 |. 8D95 38F2FFFF
0040282B |. 52
1 => OFFSET LOCAL.882
0040282C |. E8 67AF0200
temInfo.0042D798
00402831 |. 83C4 08
00402834 |. 50
2
00402835 |. 8B45 08
00402838 |. 50
1 => [ARG.1]
00402839 |. E8 E2800000
temInfo.0040A920
0040283E |. 83C4 08
00402841 |. 50
00402842 |. E8 19810000
00402847 |. 83C4 08
0040284A |. 50
0040284B |. E8 D0800000
emInfo.0040A920
00402850 |. 83C4 08
00402853 |. 50
00402854 |. E8 C7850000
mInfo.0040AE20
00402859 |. 83C4 08
0040285C |. 8BC8
0040285E |. E8 ED320000
Info.00405B50
00402863 |. 50
00402864 |. E8 F7850000
00402869 |. 83C4 08
0040286C |. 8BC8
0040286E |. E8 DD320000
nfo.00405B50
00402873 |. 50
00402874 |. E8 A7850000
fo.0040AE20
00402879 |. 83C4 08
0040287C |. C645 FC 41
00402880 |. 8D8D 4CF2FFFF
00402886 |. E8 D58A0000
fo.0040B360
0040288B |. C645 FC 40
0040288F |. 8D8D 74F2FFFF
00402895 |. E8 C68A0000
fo.0040B360
0040289A |. C645 FC 3F
0040289E |. 8D8D 9CF2FFFF
004028A4 |. E8 B78A0000
fo.0040B360
004028A9 |. C645 FC 3A

||PUSH ECX

; |||||Arg1

||CALL 0042D798

; ||||\Syst

||ADD ESP,8
||PUSH EAX
||PUSH OFFSET 00448777
||PUSH 6

;
;
;
;

||LEA EDX,[LOCAL.882]
||PUSH EDX

; ||||||
; ||||||Arg

||CALL 0042D798

; |||||\Sys

||ADD ESP,8
||PUSH EAX

; |||||
; |||||/Arg

||MOV EAX,DWORD PTR SS:[ARG.1]


||PUSH EAX

; ||||||
; ||||||Arg

||CALL 0040A920

; |||||\Sys

||ADD ESP,8
||PUSH EAX
||CALL 0040A960
||ADD ESP,8
||PUSH EAX
||CALL 0040A920

;
;
;
;
;
;

||ADD ESP,8
||PUSH EAX
||CALL 0040AE20

; ||||
; ||||Arg1
; |||\Syste

||ADD ESP,8
||MOV ECX,EAX
||CALL 00405B50

; |||
; |||
; ||\System

||PUSH EAX
||CALL 0040AE60
||ADD ESP,8
||MOV ECX,EAX
||CALL 00405B50

;
;
;
;
;

||PUSH EAX
||CALL 0040AE20

; |Arg1
; \SystemIn

||ADD ESP,8
||MOV BYTE PTR SS:[LOCAL.1],41
||LEA ECX,[LOCAL.877]
||CALL 0040B360

; [SystemIn

||MOV BYTE PTR SS:[LOCAL.1],40


||LEA ECX,[LOCAL.867]
||CALL 0040B360

; [SystemIn

||MOV BYTE PTR SS:[LOCAL.1],3F


||LEA ECX,[LOCAL.857]
||CALL 0040B360

; [SystemIn

||MOV BYTE PTR SS:[LOCAL.1],3A

||||
||||/Arg2
|||||
|||||/Arg

|||||
|||||
|||||
|||||
|||||Arg1
||||\Syst

||
||
||
||
|\SystemI

004028AD |. 8D8D C8F2FFFF


004028B3 |. E8 A88A0000
fo.0040B360
004028B8 |> 68 409A4000
ystemInfo.409A40
004028BD |. 8D8D 84FCFFFF
004028C3 |. 51
004028C4 |. 68 60854400
004028C9 |. 8D95 94FDFFFF
004028CF |. 52
004028D0 |. 8B45 08
004028D3 |. 50
004028D4 |. E8 87800000
004028D9 |. 83C4 08
004028DC |. 50
004028DD |. E8 7E800000
004028E2 |. 83C4 08
004028E5 |. 50
004028E6 |. E8 75800000
004028EB |. 83C4 08
004028EE |. 8BC8
004028F0 |. E8 3B320000
fo.00405B30
004028F5 |. 8D8D D4FBFFFF
004028FB |. E8 B02F0000
fo.004058B0
00402900 |. C645 FC 43
00402904 |. 8D8D 07F2FFFF
0040290A |. E8 A1CC0000
fo.0040F5B0
0040290F |. 50
00402910 |. 8D8D 94FDFFFF
00402916 |. 51
OFFSET LOCAL.155
00402917 |. 8D8D 08F2FFFF
0040291D |. E8 6E890000
fo.0040B290
00402922 |. 8985 A4D9FFFF
00402928 |. 8B95 A4D9FFFF
0040292E |. 8995 A0D9FFFF
00402934 |. C645 FC 44
00402938 |. 83EC 28
0040293B |. 8BC4
0040293D |. 89A5 30F2FFFF
00402943 |. 68 54854400
SCII "\wtlib.exe"
00402948 |. 8B8D A0D9FFFF
0040294E |. 51
[LOCAL.2456]
0040294F |. 50
00402950 |. E8 9BC00000
fo.0040E9F0
00402955 |. 83C4 0C
00402958 |. 8985 9CD9FFFF
0040295E |. E8 2D210000
00402963 |. 83C4 28
00402966 |. 8985 98D9FFFF
0040296C |. 33D2
0040296E |. 83BD 98D9FFFF
00402975 |. 0F94C2

||LEA ECX,[LOCAL.846]
||CALL 0040B360

; [SystemIn

||PUSH 00409A40

; /Arg1 = S

||LEA ECX,[LOCAL.223]
||PUSH ECX
||PUSH OFFSET 00448560
||LEA EDX,[LOCAL.155]
||PUSH EDX
||MOV EAX,DWORD PTR SS:[ARG.1]
||PUSH EAX
||CALL 0040A960
||ADD ESP,8
||PUSH EAX
||CALL 0040A960
||ADD ESP,8
||PUSH EAX
||CALL 0040A960
||ADD ESP,8
||MOV ECX,EAX
||CALL 00405B30

;
;
;
;
;
;
;
;
;
;
;
;
;
;
;
;
;

||LEA ECX,[LOCAL.267]
||CALL 004058B0

; [SystemIn

||MOV BYTE PTR SS:[LOCAL.1],43


||LEA ECX,[LOCAL.895+3]
||CALL 0040F5B0

; [SystemIn

||PUSH EAX
||LEA ECX,[LOCAL.155]
||PUSH ECX

; /Arg2
; |
; |Arg1 =>

||LEA ECX,[LOCAL.894]
||CALL 0040B290

; |
; \SystemIn

||MOV DWORD PTR SS:[LOCAL.2455],EAX


||MOV EDX,DWORD PTR SS:[LOCAL.2455]
||MOV DWORD PTR SS:[LOCAL.2456],EDX
||MOV BYTE PTR SS:[LOCAL.1],44
||SUB ESP,28
||MOV EAX,ESP
||MOV DWORD PTR SS:[LOCAL.884],ESP
||PUSH OFFSET 00448554

; /Arg3 = A

||MOV ECX,DWORD PTR SS:[LOCAL.2456]


||PUSH ECX

; |
; |Arg2 =>

||PUSH EAX
||CALL 0040E9F0

; |Arg1
; \SystemIn

||ADD ESP,0C
||MOV DWORD PTR SS:[LOCAL.2457],EAX
||CALL 00404A90
||ADD ESP,28
||MOV DWORD PTR SS:[LOCAL.2458],EAX
||XOR EDX,EDX
||CMP DWORD PTR SS:[LOCAL.2458],1
||SETE DL

|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
\SystemIn

00402978 |. 8895 37F2FFFF


0040297E |. C645 FC 43
00402982 |. 8D8D 08F2FFFF
00402988 |. E8 D3890000
fo.0040B360
0040298D |. 0FB685 37F2FF
00402994 |. 85C0
00402996 |. 0F84 B1070000
0040299C |. 8D8D 06F2FFFF
004029A2 |. E8 09CC0000
fo.0040F5B0
004029A7 |. 50
004029A8 |. 8D8D 94FDFFFF
004029AE |. 51
OFFSET LOCAL.155
004029AF |. 8D8D A8FBFFFF
004029B5 |. E8 D6880000
fo.0040B290
004029BA |. C645 FC 45
004029BE |. 8D8D A8FBFFFF
004029C4 |. E8 77CB0000
fo.0040F540
004029C9 |. 8BF0
004029CB |. 8D95 9CFEFFFF
004029D1 |. 52
OFFSET LOCAL.89
004029D2 |. E8 F97E0000
fo.0040A8D0
004029D7 |. 83C4 04
004029DA |. 2BF0
004029DC |. 56
004029DD |. 8D8D A8FBFFFF
004029E3 |. E8 E8300000
fo.00405AD0
004029E8 |. 8D85 E4F1FFFF
004029EE |. 50
OFFSET LOCAL.903
004029EF |. 8D4D A8
004029F2 |. E8 99410000
fo.00406B90
004029F7 |. 50
004029F8 |. 8D8D A8FBFFFF
004029FE |. 51
004029FF |. 8D95 FCF1FFFF
00402A05 |. 52
OFFSET LOCAL.897
00402A06 |. 8D4D A8
00402A09 |. E8 82410000
nfo.00406B90
00402A0E |. 8B48 04
00402A11 |. 51
00402A12 |. 8B10
00402A14 |. 52
00402A15 |. 8D85 F4F1FFFF
00402A1B |. 50
OFFSET LOCAL.899
00402A1C |. 8D4D A8
00402A1F |. E8 0C410000
nfo.00406B30
00402A24 |. 8B48 04

||MOV BYTE PTR SS:[LOCAL.883+3],DL


||MOV BYTE PTR SS:[LOCAL.1],43
||LEA ECX,[LOCAL.894]
||CALL 0040B360

; [SystemIn

||MOVZX EAX,BYTE PTR SS:[LOCAL.883+3]


||TEST EAX,EAX
||JE 0040314D
||LEA ECX,[LOCAL.895+2]
||CALL 0040F5B0

; [SystemIn

||PUSH EAX
||LEA ECX,[LOCAL.155]
||PUSH ECX

; /Arg2
; |
; |Arg1 =>

||LEA ECX,[LOCAL.278]
||CALL 0040B290

; |
; \SystemIn

||MOV BYTE PTR SS:[LOCAL.1],45


||LEA ECX,[LOCAL.278]
||CALL 0040F540

; [SystemIn

||MOV ESI,EAX
||LEA EDX,[LOCAL.89]
||PUSH EDX

; /Arg1 =>

||CALL 0040A8D0

; \SystemIn

||ADD ESP,4
||SUB ESI,EAX
||PUSH ESI
||LEA ECX,[LOCAL.278]
||CALL 00405AD0

; /Arg1
; |
; \SystemIn

||LEA EAX,[LOCAL.903]
||PUSH EAX

; /Arg1 =>

||LEA ECX,[LOCAL.22]
||CALL 00406B90

; |
; \SystemIn

||PUSH EAX
||LEA ECX,[LOCAL.278]
||PUSH ECX
||LEA EDX,[LOCAL.897]
||PUSH EDX

;
;
;
;
;

||LEA ECX,[LOCAL.22]
||CALL 00406B90

; ||
; |\SystemI

||MOV ECX,DWORD PTR DS:[EAX+4]


||PUSH ECX
||MOV EDX,DWORD PTR DS:[EAX]
||PUSH EDX
||LEA EAX,[LOCAL.899]
||PUSH EAX

;
;
;
;
;
;

||LEA ECX,[LOCAL.22]
||CALL 00406B30

; ||
; |\SystemI

||MOV ECX,DWORD PTR DS:[EAX+4]

; |

/Arg1
|
|
|
|/Arg1 =>

|
|
|
|
|
|/Arg1 =>

00402A27 |. 51
00402A28 |. 8B10
00402A2A |. 52
00402A2B |. 8D85 ECF1FFFF
00402A31 |. 50
00402A32 |. E8 E9890000
00402A37 |. 83C4 18
00402A3A |. 8BC8
00402A3C |. E8 1F430000
fo.00406D60
00402A41 |. 0FB6C8
00402A44 |. 85C9
00402A46 |. 74 0F
00402A48 |. 8D95 A8FBFFFF
00402A4E |. 52
OFFSET LOCAL.278
00402A4F |. 8D4D A8
00402A52 |. E8 F9410000
fo.00406C50
00402A57 |> 8D85 D4FBFFFF
00402A5D |. 50
00402A5E |. 8D8D B7F1FFFF
00402A64 |. E8 47CB0000
fo.0040F5B0
00402A69 |. 50
00402A6A |. 8D8D 94FDFFFF
00402A70 |. 51
OFFSET LOCAL.155
00402A71 |. 8D8D B8F1FFFF
00402A77 |. E8 14880000
fo.0040B290
00402A7C |. 8985 94D9FFFF
00402A82 |. 8B95 94D9FFFF
00402A88 |. 8995 90D9FFFF
00402A8E |. C645 FC 46
00402A92 |. 83EC 28
00402A95 |. 8BC4
00402A97 |. 89A5 E0F1FFFF
00402A9D |. 68 54854400
SCII "\wtlib.exe"
00402AA2 |. 8B8D 90D9FFFF
00402AA8 |. 51
[LOCAL.2460]
00402AA9 |. 50
00402AAA |. E8 41BF0000
fo.0040E9F0
00402AAF |. 83C4 0C
00402AB2 |. 8985 8CD9FFFF
00402AB8 |. E8 C3830100
00402ABD |. 83C4 2C
00402AC0 |. C645 FC 45
00402AC4 |. 8D8D B8F1FFFF
00402ACA |. E8 91880000
fo.0040B360
00402ACF |. 6A 20
0
00402AD1 |. 8D95 B6F1FFFF
00402AD7 |. 52
00402AD8 |. E8 33830000
fo.0040AE10

||PUSH ECX
||MOV EDX,DWORD PTR DS:[EAX]
||PUSH EDX
||LEA EAX,[LOCAL.901]
||PUSH EAX
||CALL 0040B420
||ADD ESP,18
||MOV ECX,EAX
||CALL 00406D60

;
;
;
;
;
;
;
;
;

|
|
|
|
|
|
|
|
\SystemIn

||MOVZX ECX,AL
||TEST ECX,ECX
||JE SHORT 00402A57
||LEA EDX,[LOCAL.278]
||PUSH EDX

; /Arg1 =>

||LEA ECX,[LOCAL.22]
||CALL 00406C50

; |
; \SystemIn

||LEA EAX,[LOCAL.267]
||PUSH EAX
||LEA ECX,[LOCAL.915+3]
||CALL 0040F5B0

; [SystemIn

||PUSH EAX
||LEA ECX,[LOCAL.155]
||PUSH ECX

; /Arg2
; |
; |Arg1 =>

||LEA ECX,[LOCAL.914]
||CALL 0040B290

; |
; \SystemIn

||MOV DWORD PTR SS:[LOCAL.2459],EAX


||MOV EDX,DWORD PTR SS:[LOCAL.2459]
||MOV DWORD PTR SS:[LOCAL.2460],EDX
||MOV BYTE PTR SS:[LOCAL.1],46
||SUB ESP,28
||MOV EAX,ESP
||MOV DWORD PTR SS:[LOCAL.904],ESP
||PUSH OFFSET 00448554

; /Arg3 = A

||MOV ECX,DWORD PTR SS:[LOCAL.2460]


||PUSH ECX

; |
; |Arg2 =>

||PUSH EAX
||CALL 0040E9F0

; |Arg1
; \SystemIn

||ADD ESP,0C
||MOV DWORD PTR SS:[LOCAL.2461],EAX
||CALL 0041AE80
||ADD ESP,2C
||MOV BYTE PTR SS:[LOCAL.1],45
||LEA ECX,[LOCAL.914]
||CALL 0040B360

; [SystemIn

||PUSH 20

; /Arg2 = 2

||LEA EDX,[LOCAL.915+2]
||PUSH EDX
||CALL 0040AE10

; |
; |Arg1
; \SystemIn

00402ADD |. 83C4 08
||ADD ESP,8
00402AE0 |. 50
||PUSH EAX
00402AE1 |. 68 009A4000 ||PUSH 00409A00
SystemInfo.409A00
00402AE6 |. 68 34854400 ||PUSH OFFSET 00448534
Watchtower Library Version"
00402AEB |. 68 C0994000 ||PUSH 004099C0
SystemInfo.4099C0
00402AF0 |. 6A 2E
||PUSH 2E
= 2E
00402AF2 |. 8D85 B5F1FFFF ||LEA EAX,[LOCAL.915+1]
00402AF8 |. 50
||PUSH EAX
00402AF9 |. E8 12830000 ||CALL 0040AE10
mInfo.0040AE10
00402AFE |. 83C4 08
||ADD ESP,8
00402B01 |. 50
||PUSH EAX
00402B02 |. 6A 23
||PUSH 23
= 23
00402B04 |. 8D8D ACF1FFFF ||LEA ECX,[LOCAL.917]
00402B0A |. 51
||PUSH ECX
=> OFFSET LOCAL.917
00402B0B |. E8 88AC0200 ||CALL 0042D798
emInfo.0042D798
00402B10 |. 83C4 08
||ADD ESP,8
00402B13 |. 50
||PUSH EAX
00402B14 |. 68 77874400 ||PUSH OFFSET 00448777
00402B19 |. 6A 06
||PUSH 6
2 = 6
00402B1B |. 8D95 A4F1FFFF ||LEA EDX,[LOCAL.919]
00402B21 |. 52
||PUSH EDX
1 => OFFSET LOCAL.919
00402B22 |. E8 71AC0200 ||CALL 0042D798
temInfo.0042D798
00402B27 |. 83C4 08
||ADD ESP,8
00402B2A |. 50
||PUSH EAX
2
00402B2B |. 8B45 08
||MOV EAX,DWORD PTR SS:[ARG.1]
00402B2E |. 50
||PUSH EAX
1 => [ARG.1]
00402B2F |. E8 EC7D0000 ||CALL 0040A920
temInfo.0040A920
00402B34 |. 83C4 08
||ADD ESP,8
00402B37 |. 50
||PUSH EAX
00402B38 |. E8 237E0000 ||CALL 0040A960
00402B3D |. 83C4 08
||ADD ESP,8
00402B40 |. 50
||PUSH EAX
00402B41 |. E8 DA7D0000 ||CALL 0040A920
emInfo.0040A920
00402B46 |. 83C4 08
||ADD ESP,8
00402B49 |. 50
||PUSH EAX
00402B4A |. E8 D1820000 ||CALL 0040AE20
mInfo.0040AE20
00402B4F |. 83C4 08
||ADD ESP,8
00402B52 |. 8BC8
||MOV ECX,EAX
00402B54 |. E8 F72F0000 ||CALL 00405B50
Info.00405B50
00402B59 |. 50
||PUSH EAX
00402B5A |. E8 017E0000 ||CALL 0040A960
00402B5F |. 83C4 08
||ADD ESP,8
00402B62 |. 8BC8
||MOV ECX,EAX

; /Arg2
; |/Arg1 =
; ||ASCII "
; ||/Arg1 =
; |||/Arg2
; ||||
; ||||Arg1
; |||\Syste
; |||
; |||/Arg2
; ||||/Arg2
; |||||
; |||||Arg1
; ||||\Syst
;
;
;
;

||||
||||/Arg2
|||||
|||||/Arg

; ||||||
; ||||||Arg
; |||||\Sys
; |||||
; |||||/Arg
; ||||||
; ||||||Arg
; |||||\Sys
;
;
;
;
;
;

|||||
|||||
|||||
|||||
|||||Arg1
||||\Syst

; ||||
; ||||Arg1
; |||\Syste
; |||
; |||
; ||\System
;
;
;
;

||
||
||
||

00402B64 |. E8 E72F0000
nfo.00405B50
00402B69 |. 50
00402B6A |. E8 B1820000
fo.0040AE20
00402B6F |. 83C4 08
00402B72 |. 8D8D FCFBFFFF
00402B78 |. E8 932F0000
00402B7D |. 0FB6C8
00402B80 |. 85C9
00402B82 |. 74 21
00402B84 |. 68 409A4000
ystemInfo.409A40
00402B89 |. 8D95 D4FBFFFF
00402B8F |. 52
00402B90 |. 8B45 08
00402B93 |. 50
00402B94 |. E8 C7820000
00402B99 |. 83C4 08
00402B9C |. 8BC8
00402B9E |. E8 8D2F0000
fo.00405B30
00402BA3 |. EB 4B
00402BA5 |> 68 409A4000
ystemInfo.409A40
00402BAA |. 68 68854400
00402BAF |. 8D8D FCFBFFFF
00402BB5 |. 51
00402BB6 |. 68 64854400
("
00402BBB |. 8D95 24FCFFFF
00402BC1 |. 52
00402BC2 |. 8B45 08
00402BC5 |. 50
00402BC6 |. E8 95820000
00402BCB |. 83C4 08
00402BCE |. 50
00402BCF |. E8 8C7D0000
00402BD4 |. 83C4 08
00402BD7 |. 50
00402BD8 |. E8 83820000
00402BDD |. 83C4 08
00402BE0 |. 50
00402BE1 |. E8 7A7D0000
00402BE6 |. 83C4 08
00402BE9 |. 8BC8
00402BEB |. E8 402F0000
fo.00405B30
00402BF0 |> 8D8D 7BF1FFFF
00402BF6 |. E8 B5C90000
fo.0040F5B0
00402BFB |. 50
00402BFC |. 8D8D 94FDFFFF
00402C02 |. 51
OFFSET LOCAL.155
00402C03 |. 8D8D 7CF1FFFF
00402C09 |. E8 82860000
fo.0040B290
00402C0E |. 8985 88D9FFFF
00402C14 |. 8B95 88D9FFFF

||CALL 00405B50

; |\SystemI

||PUSH EAX
||CALL 0040AE20

; |Arg1
; \SystemIn

||ADD ESP,8
||LEA ECX,[LOCAL.257]
||CALL 00405B10
||MOVZX ECX,AL
||TEST ECX,ECX
||JE SHORT 00402BA5
||PUSH 00409A40

; /Arg1 = S

||LEA EDX,[LOCAL.267]
||PUSH EDX
||MOV EAX,DWORD PTR SS:[ARG.1]
||PUSH EAX
||CALL 0040AE60
||ADD ESP,8
||MOV ECX,EAX
||CALL 00405B30

;
;
;
;
;
;
;
;

||JMP SHORT 00402BF0


||PUSH 00409A40

; /Arg1 = S

||PUSH OFFSET 00448568


||LEA ECX,[LOCAL.257]
||PUSH ECX
||PUSH OFFSET 00448564

;
;
;
;

|
|
|
|ASCII "

||LEA EDX,[LOCAL.247]
||PUSH EDX
||MOV EAX,DWORD PTR SS:[ARG.1]
||PUSH EAX
||CALL 0040AE60
||ADD ESP,8
||PUSH EAX
||CALL 0040A960
||ADD ESP,8
||PUSH EAX
||CALL 0040AE60
||ADD ESP,8
||PUSH EAX
||CALL 0040A960
||ADD ESP,8
||MOV ECX,EAX
||CALL 00405B30

;
;
;
;
;
;
;
;
;
;
;
;
;
;
;
;
;

|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
\SystemIn

||LEA ECX,[LOCAL.930+3]
||CALL 0040F5B0

; [SystemIn

||PUSH EAX
||LEA ECX,[LOCAL.155]
||PUSH ECX

; /Arg2
; |
; |Arg1 =>

||LEA ECX,[LOCAL.929]
||CALL 0040B290

; |
; \SystemIn

||MOV DWORD PTR SS:[LOCAL.2462],EAX


||MOV EDX,DWORD PTR SS:[LOCAL.2462]

|
|
|
|
|
|
|
\SystemIn

00402C1A |. 8995 84D9FFFF ||MOV DWORD PTR SS:[LOCAL.2463],EDX


00402C20 |. C645 FC 47
||MOV BYTE PTR SS:[LOCAL.1],47
00402C24 |. 68 60854400 ||PUSH OFFSET 00448560
ystemInfo.448560
00402C29 |. 8B85 84D9FFFF ||MOV EAX,DWORD PTR SS:[LOCAL.2463]
00402C2F |. 50
||PUSH EAX
[LOCAL.2463]
00402C30 |. 8D8D 50F1FFFF ||LEA ECX,[LOCAL.940]
00402C36 |. 51
||PUSH ECX
OFFSET LOCAL.940
00402C37 |. E8 B4BD0000 ||CALL 0040E9F0
fo.0040E9F0
00402C3C |. 83C4 0C
||ADD ESP,0C
00402C3F |. 8985 80D9FFFF ||MOV DWORD PTR SS:[LOCAL.2464],EAX
00402C45 |. 8B95 80D9FFFF ||MOV EDX,DWORD PTR SS:[LOCAL.2464]
00402C4B |. 8995 7CD9FFFF ||MOV DWORD PTR SS:[LOCAL.2465],EDX
00402C51 |. C645 FC 48
||MOV BYTE PTR SS:[LOCAL.1],48
00402C55 |. 68 1C854400 ||PUSH OFFSET 0044851C
SCII "codepageoverride.msd"
00402C5A |. 8B85 7CD9FFFF ||MOV EAX,DWORD PTR SS:[LOCAL.2465]
00402C60 |. 50
||PUSH EAX
[LOCAL.2465]
00402C61 |. 8D8D 28F1FFFF ||LEA ECX,[LOCAL.950]
00402C67 |. 51
||PUSH ECX
OFFSET LOCAL.950
00402C68 |. E8 83BD0000 ||CALL 0040E9F0
fo.0040E9F0
00402C6D |. 83C4 0C
||ADD ESP,0C
00402C70 |. 8985 78D9FFFF ||MOV DWORD PTR SS:[LOCAL.2466],EAX
00402C76 |. 8B95 78D9FFFF ||MOV EDX,DWORD PTR SS:[LOCAL.2466]
00402C7C |. 8995 74D9FFFF ||MOV DWORD PTR SS:[LOCAL.2467],EDX
00402C82 |. C645 FC 49
||MOV BYTE PTR SS:[LOCAL.1],49
00402C86 |. 6A 00
||PUSH 0
e = NULL
00402C88 |. 68 80000000 ||PUSH 80
es = FILE_ATTRIBUTE_NORMAL
00402C8D |. 6A 03
||PUSH 3
Distribution = OPEN_EXISTING
00402C8F |. 6A 00
||PUSH 0
y = NULL
00402C91 |. 6A 01
||PUSH 1
e = FILE_SHARE_READ
00402C93 |. 68 00000080 ||PUSH 80000000
ccess = GENERIC_READ
00402C98 |. 8B8D 74D9FFFF ||MOV ECX,DWORD PTR SS:[LOCAL.2467]
00402C9E |. E8 6DC80000 ||CALL 0040F510
00402CA3 |. 50
||PUSH EAX
00402CA4 |. FF15 34804400 ||CALL DWORD PTR DS:[<&KERNEL32.CreateFi
.CreateFileA
00402CAA |. 8985 D0FBFFFF ||MOV DWORD PTR SS:[LOCAL.268],EAX
00402CB0 |. C645 FC 48
||MOV BYTE PTR SS:[LOCAL.1],48
00402CB4 |. 8D8D 28F1FFFF ||LEA ECX,[LOCAL.950]
00402CBA |. E8 A1860000 ||CALL 0040B360
fo.0040B360
00402CBF |. C645 FC 47
||MOV BYTE PTR SS:[LOCAL.1],47
00402CC3 |. 8D8D 50F1FFFF ||LEA ECX,[LOCAL.940]
00402CC9 |. E8 92860000 ||CALL 0040B360
fo.0040B360
00402CCE |. C645 FC 45
||MOV BYTE PTR SS:[LOCAL.1],45
00402CD2 |. 8D8D 7CF1FFFF ||LEA ECX,[LOCAL.929]

; /Arg3 = S
; |
; |Arg2 =>
; |
; |Arg1 =>
; \SystemIn

; /Arg3 = A
; |
; |Arg2 =>
; |
; |Arg1 =>
; \SystemIn

; /hTemplat
; |Attribut
; |Creation
; |pSecurit
; |ShareMod
; |DesiredA
;
;
;
;

|
|
|FileName
\KERNEL32

; [SystemIn

; [SystemIn

00402CD8 |. E8 83860000
fo.0040B360
00402CDD |. 83BD D0FBFFFF
00402CE4 |. 0F84 B4000000
00402CEA |. 8B85 D0FBFFFF
00402CF0 |. 50
=> [LOCAL.268]
00402CF1 |. FF15 30804400
.CloseHandle
00402CF7 |. 8D8D 23F1FFFF
00402CFD |. E8 AEC80000
fo.0040F5B0
00402D02 |. 83EC 28
00402D05 |. 8BCC
00402D07 |. 89A5 24F1FFFF
00402D0D |. 50
00402D0E |. 68 1C854400
SCII "codepageoverride.msd"
00402D13 |. E8 78850000
fo.0040B290
00402D18 |. 8985 70D9FFFF
00402D1E |. 8B8D 70D9FFFF
00402D24 |. 898D 6CD9FFFF
00402D2A |. C645 FC 4A
00402D2E |. 8D8D 1BF1FFFF
00402D34 |. E8 77C80000
fo.0040F5B0
00402D39 |. 83EC 28
00402D3C |. 8BCC
00402D3E |. 89A5 1CF1FFFF
00402D44 |. 50
00402D45 |. 68 14854400
SCII "
"
00402D4A |. E8 41850000
fo.0040B290
00402D4F |. 8985 68D9FFFF
00402D55 |. 8B95 68D9FFFF
00402D5B |. 8995 64D9FFFF
00402D61 |. C645 FC 4B
00402D65 |. 8D8D 13F1FFFF
00402D6B |. E8 40C80000
fo.0040F5B0
00402D70 |. 83EC 28
00402D73 |. 8BCC
00402D75 |. 89A5 14F1FFFF
00402D7B |. 50
00402D7C |. 8D85 94FDFFFF
00402D82 |. 50
OFFSET LOCAL.155
00402D83 |. E8 08850000
fo.0040B290
00402D88 |. 8985 60D9FFFF
00402D8E |. 8B4D 08
00402D91 |. 51
00402D92 |. C645 FC 45
00402D96 |. E8 E51F0000
00402D9B |. 83C4 7C
00402D9E |> 8D8D 0BF1FFFF
00402DA4 |. E8 07C80000
fo.0040F5B0

||CALL 0040B360

; [SystemIn

||CMP DWORD PTR SS:[LOCAL.268],-1


||JE 00402D9E
||MOV EAX,DWORD PTR SS:[LOCAL.268]
||PUSH EAX

; /hObject

||CALL DWORD PTR DS:[<&KERNEL32.CloseHan ; \KERNEL32


||LEA ECX,[LOCAL.952+3]
||CALL 0040F5B0

; [SystemIn

||SUB ESP,28
||MOV ECX,ESP
||MOV DWORD PTR SS:[LOCAL.951],ESP
||PUSH EAX
||PUSH OFFSET 0044851C

; /Arg2
; |Arg1 = A

||CALL 0040B290

; \SystemIn

||MOV DWORD PTR SS:[LOCAL.2468],EAX


||MOV ECX,DWORD PTR SS:[LOCAL.2468]
||MOV DWORD PTR SS:[LOCAL.2469],ECX
||MOV BYTE PTR SS:[LOCAL.1],4A
||LEA ECX,[LOCAL.954+3]
||CALL 0040F5B0

; [SystemIn

||SUB ESP,28
||MOV ECX,ESP
||MOV DWORD PTR SS:[LOCAL.953],ESP
||PUSH EAX
||PUSH OFFSET 00448514

; /Arg2
; |Arg1 = A

||CALL 0040B290

; \SystemIn

||MOV DWORD PTR SS:[LOCAL.2470],EAX


||MOV EDX,DWORD PTR SS:[LOCAL.2470]
||MOV DWORD PTR SS:[LOCAL.2471],EDX
||MOV BYTE PTR SS:[LOCAL.1],4B
||LEA ECX,[LOCAL.956+3]
||CALL 0040F5B0

; [SystemIn

||SUB ESP,28
||MOV ECX,ESP
||MOV DWORD PTR SS:[LOCAL.955],ESP
||PUSH EAX
||LEA EAX,[LOCAL.155]
||PUSH EAX

; /Arg2
; |
; |Arg1 =>

||CALL 0040B290

; \SystemIn

||MOV DWORD PTR SS:[LOCAL.2472],EAX


||MOV ECX,DWORD PTR SS:[ARG.1]
||PUSH ECX
||MOV BYTE PTR SS:[LOCAL.1],45
||CALL 00404D80
||ADD ESP,7C
||LEA ECX,[LOCAL.958+3]
||CALL 0040F5B0

; [SystemIn

00402DA9 |. 83EC 28
00402DAC |. 8BCC
00402DAE |. 89A5 0CF1FFFF
00402DB4 |. 50
00402DB5 |. 68 00854400
SCII "mepslanguage.mcf"
00402DBA |. E8 D1840000
fo.0040B290
00402DBF |. 8985 5CD9FFFF
00402DC5 |. 8B95 5CD9FFFF
00402DCB |. 8995 58D9FFFF
00402DD1 |. C645 FC 4C
00402DD5 |. 8D8D 03F1FFFF
00402DDB |. E8 D0C70000
fo.0040F5B0
00402DE0 |. 83EC 28
00402DE3 |. 8BCC
00402DE5 |. 89A5 04F1FFFF
00402DEB |. 50
00402DEC |. 68 14854400
SCII "
"
00402DF1 |. E8 9A840000
fo.0040B290
00402DF6 |. 8985 54D9FFFF
00402DFC |. 8B85 54D9FFFF
00402E02 |. 8985 50D9FFFF
00402E08 |. C645 FC 4D
00402E0C |. 8D8D FBF0FFFF
00402E12 |. E8 99C70000
fo.0040F5B0
00402E17 |. 83EC 28
00402E1A |. 8BCC
00402E1C |. 89A5 FCF0FFFF
00402E22 |. 50
00402E23 |. 8D95 94FDFFFF
00402E29 |. 52
OFFSET LOCAL.155
00402E2A |. E8 61840000
fo.0040B290
00402E2F |. 8985 4CD9FFFF
00402E35 |. 8B45 08
00402E38 |. 50
00402E39 |. C645 FC 45
00402E3D |. E8 3E1F0000
00402E42 |. 83C4 7C
00402E45 |. 8D8D F3F0FFFF
00402E4B |. E8 60C70000
fo.0040F5B0
00402E50 |. 83EC 28
00402E53 |. 8BCC
00402E55 |. 89A5 F4F0FFFF
00402E5B |. 50
00402E5C |. 68 EC844400
SCII "unicodeoverride.msd"
00402E61 |. E8 2A840000
fo.0040B290
00402E66 |. 8985 48D9FFFF
00402E6C |. 8B8D 48D9FFFF
00402E72 |. 898D 44D9FFFF
00402E78 |. C645 FC 4E

||SUB ESP,28
||MOV ECX,ESP
||MOV DWORD PTR SS:[LOCAL.957],ESP
||PUSH EAX
||PUSH OFFSET 00448500

; /Arg2
; |Arg1 = A

||CALL 0040B290

; \SystemIn

||MOV DWORD PTR SS:[LOCAL.2473],EAX


||MOV EDX,DWORD PTR SS:[LOCAL.2473]
||MOV DWORD PTR SS:[LOCAL.2474],EDX
||MOV BYTE PTR SS:[LOCAL.1],4C
||LEA ECX,[LOCAL.960+3]
||CALL 0040F5B0

; [SystemIn

||SUB ESP,28
||MOV ECX,ESP
||MOV DWORD PTR SS:[LOCAL.959],ESP
||PUSH EAX
||PUSH OFFSET 00448514

; /Arg2
; |Arg1 = A

||CALL 0040B290

; \SystemIn

||MOV DWORD PTR SS:[LOCAL.2475],EAX


||MOV EAX,DWORD PTR SS:[LOCAL.2475]
||MOV DWORD PTR SS:[LOCAL.2476],EAX
||MOV BYTE PTR SS:[LOCAL.1],4D
||LEA ECX,[LOCAL.962+3]
||CALL 0040F5B0

; [SystemIn

||SUB ESP,28
||MOV ECX,ESP
||MOV DWORD PTR SS:[LOCAL.961],ESP
||PUSH EAX
||LEA EDX,[LOCAL.155]
||PUSH EDX

; /Arg2
; |
; |Arg1 =>

||CALL 0040B290

; \SystemIn

||MOV DWORD PTR SS:[LOCAL.2477],EAX


||MOV EAX,DWORD PTR SS:[ARG.1]
||PUSH EAX
||MOV BYTE PTR SS:[LOCAL.1],45
||CALL 00404D80
||ADD ESP,7C
||LEA ECX,[LOCAL.964+3]
||CALL 0040F5B0

; [SystemIn

||SUB ESP,28
||MOV ECX,ESP
||MOV DWORD PTR SS:[LOCAL.963],ESP
||PUSH EAX
||PUSH OFFSET 004484EC

; /Arg2
; |Arg1 = A

||CALL 0040B290

; \SystemIn

||MOV
||MOV
||MOV
||MOV

DWORD PTR SS:[LOCAL.2478],EAX


ECX,DWORD PTR SS:[LOCAL.2478]
DWORD PTR SS:[LOCAL.2479],ECX
BYTE PTR SS:[LOCAL.1],4E

00402E7C |. 8D8D EBF0FFFF


00402E82 |. E8 29C70000
fo.0040F5B0
00402E87 |. 83EC 28
00402E8A |. 8BCC
00402E8C |. 89A5 ECF0FFFF
00402E92 |. 50
00402E93 |. 68 14854400
SCII "
"
00402E98 |. E8 F3830000
fo.0040B290
00402E9D |. 8985 40D9FFFF
00402EA3 |. 8B95 40D9FFFF
00402EA9 |. 8995 3CD9FFFF
00402EAF |. C645 FC 4F
00402EB3 |. 8D8D E3F0FFFF
00402EB9 |. E8 F2C60000
fo.0040F5B0
00402EBE |. 83EC 28
00402EC1 |. 8BCC
00402EC3 |. 89A5 E4F0FFFF
00402EC9 |. 50
00402ECA |. 8D85 94FDFFFF
00402ED0 |. 50
OFFSET LOCAL.155
00402ED1 |. E8 BA830000
fo.0040B290
00402ED6 |. 8985 38D9FFFF
00402EDC |. 8B4D 08
00402EDF |. 51
00402EE0 |. C645 FC 45
00402EE4 |. E8 971E0000
00402EE9 |. 83C4 7C
00402EEC |. 8D8D B3F0FFFF
00402EF2 |. E8 B9C60000
fo.0040F5B0
00402EF7 |. 50
00402EF8 |. 68 E4844400
SCII "wtlib_"
00402EFD |. 8D8D B4F0FFFF
00402F03 |. E8 88830000
fo.0040B290
00402F08 |. 8985 34D9FFFF
00402F0E |. 8B95 34D9FFFF
00402F14 |. 8995 30D9FFFF
00402F1A |. C645 FC 50
00402F1E |. 8D85 9CFEFFFF
00402F24 |. 50
OFFSET LOCAL.89
00402F25 |. 8B8D 30D9FFFF
00402F2B |. 51
[LOCAL.2484]
00402F2C |. 8D95 88F0FFFF
00402F32 |. 52
OFFSET LOCAL.990
00402F33 |. E8 B8BA0000
fo.0040E9F0
00402F38 |. 83C4 0C
00402F3B |. 8985 2CD9FFFF
00402F41 |. 8B85 2CD9FFFF

||LEA ECX,[LOCAL.966+3]
||CALL 0040F5B0

; [SystemIn

||SUB ESP,28
||MOV ECX,ESP
||MOV DWORD PTR SS:[LOCAL.965],ESP
||PUSH EAX
||PUSH OFFSET 00448514

; /Arg2
; |Arg1 = A

||CALL 0040B290

; \SystemIn

||MOV DWORD PTR SS:[LOCAL.2480],EAX


||MOV EDX,DWORD PTR SS:[LOCAL.2480]
||MOV DWORD PTR SS:[LOCAL.2481],EDX
||MOV BYTE PTR SS:[LOCAL.1],4F
||LEA ECX,[LOCAL.968+3]
||CALL 0040F5B0

; [SystemIn

||SUB ESP,28
||MOV ECX,ESP
||MOV DWORD PTR SS:[LOCAL.967],ESP
||PUSH EAX
||LEA EAX,[LOCAL.155]
||PUSH EAX

; /Arg2
; |
; |Arg1 =>

||CALL 0040B290

; \SystemIn

||MOV DWORD PTR SS:[LOCAL.2482],EAX


||MOV ECX,DWORD PTR SS:[ARG.1]
||PUSH ECX
||MOV BYTE PTR SS:[LOCAL.1],45
||CALL 00404D80
||ADD ESP,7C
||LEA ECX,[LOCAL.980+3]
||CALL 0040F5B0

; [SystemIn

||PUSH EAX
||PUSH OFFSET 004484E4

; /Arg2
; |Arg1 = A

||LEA ECX,[LOCAL.979]
||CALL 0040B290

; |
; \SystemIn

||MOV DWORD PTR SS:[LOCAL.2483],EAX


||MOV EDX,DWORD PTR SS:[LOCAL.2483]
||MOV DWORD PTR SS:[LOCAL.2484],EDX
||MOV BYTE PTR SS:[LOCAL.1],50
||LEA EAX,[LOCAL.89]
||PUSH EAX

; /Arg3 =>

||MOV ECX,DWORD PTR SS:[LOCAL.2484]


||PUSH ECX

; |
; |Arg2 =>

||LEA EDX,[LOCAL.990]
||PUSH EDX

; |
; |Arg1 =>

||CALL 0040E9F0

; \SystemIn

||ADD ESP,0C
||MOV DWORD PTR SS:[LOCAL.2485],EAX
||MOV EAX,DWORD PTR SS:[LOCAL.2485]

00402F47 |. 8985 28D9FFFF


00402F4D |. C645 FC 51
00402F51 |. 83EC 28
00402F54 |. 8BCC
00402F56 |. 89A5 DCF0FFFF
00402F5C |. 68 DC844400
SCII ".cnt"
00402F61 |. 8B95 28D9FFFF
00402F67 |. 52
[LOCAL.2486]
00402F68 |. 51
00402F69 |. E8 82BA0000
fo.0040E9F0
00402F6E |. 83C4 0C
00402F71 |. 8985 24D9FFFF
00402F77 |. 8B85 24D9FFFF
00402F7D |. 8985 20D9FFFF
00402F83 |. C645 FC 52
00402F87 |. 8D8D 83F0FFFF
00402F8D |. E8 1EC60000
fo.0040F5B0
00402F92 |. 83EC 28
00402F95 |. 8BCC
00402F97 |. 89A5 84F0FFFF
00402F9D |. 50
00402F9E |. 68 14854400
SCII "
"
00402FA3 |. E8 E8820000
fo.0040B290
00402FA8 |. 8985 1CD9FFFF
00402FAE |. 8B8D 1CD9FFFF
00402FB4 |. 898D 18D9FFFF
00402FBA |. C645 FC 53
00402FBE |. 8D8D 7BF0FFFF
00402FC4 |. E8 E7C50000
fo.0040F5B0
00402FC9 |. 83EC 28
00402FCC |. 8BCC
00402FCE |. 89A5 7CF0FFFF
00402FD4 |. 50
00402FD5 |. 8D95 94FDFFFF
00402FDB |. 52
OFFSET LOCAL.155
00402FDC |. E8 AF820000
fo.0040B290
00402FE1 |. 8985 14D9FFFF
00402FE7 |. 8B45 08
00402FEA |. 50
00402FEB |. C645 FC 51
00402FEF |. E8 8C1D0000
00402FF4 |. 83C4 7C
00402FF7 |. C645 FC 50
00402FFB |. 8D8D 88F0FFFF
00403001 |. E8 5A830000
fo.0040B360
00403006 |. C645 FC 45
0040300A |. 8D8D B4F0FFFF
00403010 |. E8 4B830000
fo.0040B360
00403015 |. 8D8D 4BF0FFFF

||MOV DWORD PTR SS:[LOCAL.2486],EAX


||MOV BYTE PTR SS:[LOCAL.1],51
||SUB ESP,28
||MOV ECX,ESP
||MOV DWORD PTR SS:[LOCAL.969],ESP
||PUSH OFFSET 004484DC

; /Arg3 = A

||MOV EDX,DWORD PTR SS:[LOCAL.2486]


||PUSH EDX

; |
; |Arg2 =>

||PUSH ECX
||CALL 0040E9F0

; |Arg1
; \SystemIn

||ADD ESP,0C
||MOV DWORD PTR SS:[LOCAL.2487],EAX
||MOV EAX,DWORD PTR SS:[LOCAL.2487]
||MOV DWORD PTR SS:[LOCAL.2488],EAX
||MOV BYTE PTR SS:[LOCAL.1],52
||LEA ECX,[LOCAL.992+3]
||CALL 0040F5B0

; [SystemIn

||SUB ESP,28
||MOV ECX,ESP
||MOV DWORD PTR SS:[LOCAL.991],ESP
||PUSH EAX
||PUSH OFFSET 00448514

; /Arg2
; |Arg1 = A

||CALL 0040B290

; \SystemIn

||MOV DWORD PTR SS:[LOCAL.2489],EAX


||MOV ECX,DWORD PTR SS:[LOCAL.2489]
||MOV DWORD PTR SS:[LOCAL.2490],ECX
||MOV BYTE PTR SS:[LOCAL.1],53
||LEA ECX,[LOCAL.994+3]
||CALL 0040F5B0

; [SystemIn

||SUB ESP,28
||MOV ECX,ESP
||MOV DWORD PTR SS:[LOCAL.993],ESP
||PUSH EAX
||LEA EDX,[LOCAL.155]
||PUSH EDX

; /Arg2
; |
; |Arg1 =>

||CALL 0040B290

; \SystemIn

||MOV DWORD PTR SS:[LOCAL.2491],EAX


||MOV EAX,DWORD PTR SS:[ARG.1]
||PUSH EAX
||MOV BYTE PTR SS:[LOCAL.1],51
||CALL 00404D80
||ADD ESP,7C
||MOV BYTE PTR SS:[LOCAL.1],50
||LEA ECX,[LOCAL.990]
||CALL 0040B360

; [SystemIn

||MOV BYTE PTR SS:[LOCAL.1],45


||LEA ECX,[LOCAL.979]
||CALL 0040B360

; [SystemIn

||LEA ECX,[LOCAL.1006+3]

0040301B |. E8 90C50000
fo.0040F5B0
00403020 |. 50
00403021 |. 68 E4844400
SCII "wtlib_"
00403026 |. 8D8D 4CF0FFFF
0040302C |. E8 5F820000
fo.0040B290
00403031 |. 8985 10D9FFFF
00403037 |. 8B8D 10D9FFFF
0040303D |. 898D 0CD9FFFF
00403043 |. C645 FC 54
00403047 |. 8D95 9CFEFFFF
0040304D |. 52
OFFSET LOCAL.89
0040304E |. 8B85 0CD9FFFF
00403054 |. 50
[LOCAL.2493]
00403055 |. 8D8D 20F0FFFF
0040305B |. 51
OFFSET LOCAL.1016
0040305C |. E8 8FB90000
fo.0040E9F0
00403061 |. 83C4 0C
00403064 |. 8985 08D9FFFF
0040306A |. 8B95 08D9FFFF
00403070 |. 8995 04D9FFFF
00403076 |. C645 FC 55
0040307A |. 83EC 28
0040307D |. 8BC4
0040307F |. 89A5 74F0FFFF
00403085 |. 68 D4844400
SCII ".hlp"
0040308A |. 8B8D 04D9FFFF
00403090 |. 51
[LOCAL.2495]
00403091 |. 50
00403092 |. E8 59B90000
fo.0040E9F0
00403097 |. 83C4 0C
0040309A |. 8985 00D9FFFF
004030A0 |. 8B95 00D9FFFF
004030A6 |. 8995 FCD8FFFF
004030AC |. C645 FC 56
004030B0 |. 8D8D 1BF0FFFF
004030B6 |. E8 F5C40000
fo.0040F5B0
004030BB |. 83EC 28
004030BE |. 8BCC
004030C0 |. 89A5 1CF0FFFF
004030C6 |. 50
004030C7 |. 68 14854400
SCII "
"
004030CC |. E8 BF810000
fo.0040B290
004030D1 |. 8985 F8D8FFFF
004030D7 |. 8B85 F8D8FFFF
004030DD |. 8985 F4D8FFFF
004030E3 |. C645 FC 57
004030E7 |. 8D8D 13F0FFFF

||CALL 0040F5B0

; [SystemIn

||PUSH EAX
||PUSH OFFSET 004484E4

; /Arg2
; |Arg1 = A

||LEA ECX,[LOCAL.1005]
||CALL 0040B290

; |
; \SystemIn

||MOV DWORD PTR SS:[LOCAL.2492],EAX


||MOV ECX,DWORD PTR SS:[LOCAL.2492]
||MOV DWORD PTR SS:[LOCAL.2493],ECX
||MOV BYTE PTR SS:[LOCAL.1],54
||LEA EDX,[LOCAL.89]
||PUSH EDX

; /Arg3 =>

||MOV EAX,DWORD PTR SS:[LOCAL.2493]


||PUSH EAX

; |
; |Arg2 =>

||LEA ECX,[LOCAL.1016]
||PUSH ECX

; |
; |Arg1 =>

||CALL 0040E9F0

; \SystemIn

||ADD ESP,0C
||MOV DWORD PTR SS:[LOCAL.2494],EAX
||MOV EDX,DWORD PTR SS:[LOCAL.2494]
||MOV DWORD PTR SS:[LOCAL.2495],EDX
||MOV BYTE PTR SS:[LOCAL.1],55
||SUB ESP,28
||MOV EAX,ESP
||MOV DWORD PTR SS:[LOCAL.995],ESP
||PUSH OFFSET 004484D4

; /Arg3 = A

||MOV ECX,DWORD PTR SS:[LOCAL.2495]


||PUSH ECX

; |
; |Arg2 =>

||PUSH EAX
||CALL 0040E9F0

; |Arg1
; \SystemIn

||ADD ESP,0C
||MOV DWORD PTR SS:[LOCAL.2496],EAX
||MOV EDX,DWORD PTR SS:[LOCAL.2496]
||MOV DWORD PTR SS:[LOCAL.2497],EDX
||MOV BYTE PTR SS:[LOCAL.1],56
||LEA ECX,[LOCAL.1018+3]
||CALL 0040F5B0

; [SystemIn

||SUB ESP,28
||MOV ECX,ESP
||MOV DWORD PTR SS:[LOCAL.1017],ESP
||PUSH EAX
||PUSH OFFSET 00448514

; /Arg2
; |Arg1 = A

||CALL 0040B290

; \SystemIn

||MOV
||MOV
||MOV
||MOV
||LEA

DWORD PTR SS:[LOCAL.2498],EAX


EAX,DWORD PTR SS:[LOCAL.2498]
DWORD PTR SS:[LOCAL.2499],EAX
BYTE PTR SS:[LOCAL.1],57
ECX,[LOCAL.1020+3]

004030ED |. E8 BEC40000
fo.0040F5B0
004030F2 |. 83EC 28
004030F5 |. 8BCC
004030F7 |. 89A5 14F0FFFF
004030FD |. 50
004030FE |. 8D95 94FDFFFF
00403104 |. 52
OFFSET LOCAL.155
00403105 |. E8 86810000
fo.0040B290
0040310A |. 8985 F0D8FFFF
00403110 |. 8B45 08
00403113 |. 50
00403114 |. C645 FC 55
00403118 |. E8 631C0000
0040311D |. 83C4 7C
00403120 |. C645 FC 54
00403124 |. 8D8D 20F0FFFF
0040312A |. E8 31820000
fo.0040B360
0040312F |. C645 FC 45
00403133 |. 8D8D 4CF0FFFF
00403139 |. E8 22820000
fo.0040B360
0040313E |. C645 FC 43
00403142 |. 8D8D A8FBFFFF
00403148 |. E8 13820000
fo.0040B360
0040314D |> 8D8D E3EFFFFF
00403153 |. E8 58C40000
fo.0040F5B0
00403158 |. 50
00403159 |. 8D8D 94FDFFFF
0040315F |. 51
OFFSET LOCAL.155
00403160 |. 8D8D E4EFFFFF
00403166 |. E8 25810000
fo.0040B290
0040316B |. 8985 ECD8FFFF
00403171 |. 8B95 ECD8FFFF
00403177 |. 8995 E8D8FFFF
0040317D |. C645 FC 58
00403181 |. 83EC 28
00403184 |. 8BC4
00403186 |. 89A5 0CF0FFFF
0040318C |. 68 C4844400
SCII "\wtlibrary.exe"
00403191 |. 8B8D E8D8FFFF
00403197 |. 51
[LOCAL.2502]
00403198 |. 50
00403199 |. E8 52B80000
fo.0040E9F0
0040319E |. 83C4 0C
004031A1 |. 8985 E4D8FFFF
004031A7 |. E8 E4180000
004031AC |. 83C4 28
004031AF |. 8985 E0D8FFFF
004031B5 |. 33D2

||CALL 0040F5B0

; [SystemIn

||SUB ESP,28
||MOV ECX,ESP
||MOV DWORD PTR SS:[LOCAL.1019],ESP
||PUSH EAX
||LEA EDX,[LOCAL.155]
||PUSH EDX

; /Arg2
; |
; |Arg1 =>

||CALL 0040B290

; \SystemIn

||MOV DWORD PTR SS:[LOCAL.2500],EAX


||MOV EAX,DWORD PTR SS:[ARG.1]
||PUSH EAX
||MOV BYTE PTR SS:[LOCAL.1],55
||CALL 00404D80
||ADD ESP,7C
||MOV BYTE PTR SS:[LOCAL.1],54
||LEA ECX,[LOCAL.1016]
||CALL 0040B360

; [SystemIn

||MOV BYTE PTR SS:[LOCAL.1],45


||LEA ECX,[LOCAL.1005]
||CALL 0040B360

; [SystemIn

||MOV BYTE PTR SS:[LOCAL.1],43


||LEA ECX,[LOCAL.278]
||CALL 0040B360

; [SystemIn

||LEA ECX,[LOCAL.1032+3]
||CALL 0040F5B0

; [SystemIn

||PUSH EAX
||LEA ECX,[LOCAL.155]
||PUSH ECX

; /Arg2
; |
; |Arg1 =>

||LEA ECX,[LOCAL.1031]
||CALL 0040B290

; |
; \SystemIn

||MOV DWORD PTR SS:[LOCAL.2501],EAX


||MOV EDX,DWORD PTR SS:[LOCAL.2501]
||MOV DWORD PTR SS:[LOCAL.2502],EDX
||MOV BYTE PTR SS:[LOCAL.1],58
||SUB ESP,28
||MOV EAX,ESP
||MOV DWORD PTR SS:[LOCAL.1021],ESP
||PUSH OFFSET 004484C4

; /Arg3 = A

||MOV ECX,DWORD PTR SS:[LOCAL.2502]


||PUSH ECX

; |
; |Arg2 =>

||PUSH EAX
||CALL 0040E9F0

; |Arg1
; \SystemIn

||ADD ESP,0C
||MOV DWORD PTR SS:[LOCAL.2503],EAX
||CALL 00404A90
||ADD ESP,28
||MOV DWORD PTR SS:[LOCAL.2504],EAX
||XOR EDX,EDX

004031B7 |. 83BD E0D8FFFF


004031BE |. 0F94C2
004031C1 |. 8895 12F0FFFF
004031C7 |. C645 FC 43
004031CB |. 8D8D E4EFFFFF
004031D1 |. E8 8A810000
fo.0040B360
004031D6 |. 0FB685 12F0FF
004031DD |. 85C0
004031DF |. 0F84 64050000
004031E5 |. 8D8D E2EFFFFF
004031EB |. E8 C0C30000
fo.0040F5B0
004031F0 |. 50
004031F1 |. 8D8D 94FDFFFF
004031F7 |. 51
OFFSET LOCAL.155
004031F8 |. 8D8D 7CFBFFFF
004031FE |. E8 8D800000
fo.0040B290
00403203 |. C645 FC 59
00403207 |. 8D8D 7CFBFFFF
0040320D |. E8 2EC30000
fo.0040F540
00403212 |. 8BF0
00403214 |. 8D95 9CFEFFFF
0040321A |. 52
OFFSET LOCAL.89
0040321B |. E8 B0760000
fo.0040A8D0
00403220 |. 83C4 04
00403223 |. 2BF0
00403225 |. 56
00403226 |. 8D8D 7CFBFFFF
0040322C |. E8 9F280000
fo.00405AD0
00403231 |. 8D85 C0EFFFFF
00403237 |. 50
OFFSET LOCAL.1040
00403238 |. 8D4D A8
0040323B |. E8 50390000
fo.00406B90
00403240 |. 50
00403241 |. 8D8D 7CFBFFFF
00403247 |. 51
00403248 |. 8D95 D8EFFFFF
0040324E |. 52
OFFSET LOCAL.1034
0040324F |. 8D4D A8
00403252 |. E8 39390000
nfo.00406B90
00403257 |. 8B48 04
0040325A |. 51
0040325B |. 8B10
0040325D |. 52
0040325E |. 8D85 D0EFFFFF
00403264 |. 50
OFFSET LOCAL.1036
00403265 |. 8D4D A8
00403268 |. E8 C3380000

||CMP DWORD PTR SS:[LOCAL.2504],1


||SETE DL
||MOV BYTE PTR SS:[LOCAL.1020+2],DL
||MOV BYTE PTR SS:[LOCAL.1],43
||LEA ECX,[LOCAL.1031]
||CALL 0040B360

; [SystemIn

||MOVZX EAX,BYTE PTR SS:[LOCAL.1020+2]


||TEST EAX,EAX
||JE 00403749
||LEA ECX,[LOCAL.1032+2]
||CALL 0040F5B0

; [SystemIn

||PUSH EAX
||LEA ECX,[LOCAL.155]
||PUSH ECX

; /Arg2
; |
; |Arg1 =>

||LEA ECX,[LOCAL.289]
||CALL 0040B290

; |
; \SystemIn

||MOV BYTE PTR SS:[LOCAL.1],59


||LEA ECX,[LOCAL.289]
||CALL 0040F540

; [SystemIn

||MOV ESI,EAX
||LEA EDX,[LOCAL.89]
||PUSH EDX

; /Arg1 =>

||CALL 0040A8D0

; \SystemIn

||ADD ESP,4
||SUB ESI,EAX
||PUSH ESI
||LEA ECX,[LOCAL.289]
||CALL 00405AD0

; /Arg1
; |
; \SystemIn

||LEA EAX,[LOCAL.1040]
||PUSH EAX

; /Arg1 =>

||LEA ECX,[LOCAL.22]
||CALL 00406B90

; |
; \SystemIn

||PUSH EAX
||LEA ECX,[LOCAL.289]
||PUSH ECX
||LEA EDX,[LOCAL.1034]
||PUSH EDX

;
;
;
;
;

||LEA ECX,[LOCAL.22]
||CALL 00406B90

; ||
; |\SystemI

||MOV ECX,DWORD PTR DS:[EAX+4]


||PUSH ECX
||MOV EDX,DWORD PTR DS:[EAX]
||PUSH EDX
||LEA EAX,[LOCAL.1036]
||PUSH EAX

;
;
;
;
;
;

||LEA ECX,[LOCAL.22]
||CALL 00406B30

; ||
; |\SystemI

/Arg1
|
|
|
|/Arg1 =>

|
|
|
|
|
|/Arg1 =>

nfo.00406B30
0040326D |. 8B48 04
00403270 |. 51
00403271 |. 8B10
00403273 |. 52
00403274 |. 8D85 C8EFFFFF
0040327A |. 50
0040327B |. E8 A0810000
00403280 |. 83C4 18
00403283 |. 8BC8
00403285 |. E8 D63A0000
fo.00406D60
0040328A |. 0FB6C8
0040328D |. 85C9
0040328F |. 74 0F
00403291 |. 8D95 7CFBFFFF
00403297 |. 52
OFFSET LOCAL.289
00403298 |. 8D4D A8
0040329B |. E8 B0390000
fo.00406C50
004032A0 |> 8D85 D4FBFFFF
004032A6 |. 50
004032A7 |. 8D8D 93EFFFFF
004032AD |. E8 FEC20000
fo.0040F5B0
004032B2 |. 50
004032B3 |. 8D8D 94FDFFFF
004032B9 |. 51
OFFSET LOCAL.155
004032BA |. 8D8D 94EFFFFF
004032C0 |. E8 CB7F0000
fo.0040B290
004032C5 |. 8985 DCD8FFFF
004032CB |. 8B95 DCD8FFFF
004032D1 |. 8995 D8D8FFFF
004032D7 |. C645 FC 5A
004032DB |. 83EC 28
004032DE |. 8BC4
004032E0 |. 89A5 BCEFFFFF
004032E6 |. 68 C4844400
SCII "\wtlibrary.exe"
004032EB |. 8B8D D8D8FFFF
004032F1 |. 51
[LOCAL.2506]
004032F2 |. 50
004032F3 |. E8 F8B60000
fo.0040E9F0
004032F8 |. 83C4 0C
004032FB |. 8985 D4D8FFFF
00403301 |. E8 7A7B0100
00403306 |. 83C4 2C
00403309 |. C645 FC 59
0040330D |. 8D8D 94EFFFFF
00403313 |. E8 48800000
fo.0040B360
00403318 |. 6A 20
0
0040331A |. 8D95 92EFFFFF
00403320 |. 52

||MOV ECX,DWORD PTR DS:[EAX+4]


||PUSH ECX
||MOV EDX,DWORD PTR DS:[EAX]
||PUSH EDX
||LEA EAX,[LOCAL.1038]
||PUSH EAX
||CALL 0040B420
||ADD ESP,18
||MOV ECX,EAX
||CALL 00406D60

;
;
;
;
;
;
;
;
;
;

|
|
|
|
|
|
|
|
|
\SystemIn

||MOVZX ECX,AL
||TEST ECX,ECX
||JE SHORT 004032A0
||LEA EDX,[LOCAL.289]
||PUSH EDX

; /Arg1 =>

||LEA ECX,[LOCAL.22]
||CALL 00406C50

; |
; \SystemIn

||LEA EAX,[LOCAL.267]
||PUSH EAX
||LEA ECX,[LOCAL.1052+3]
||CALL 0040F5B0

; [SystemIn

||PUSH EAX
||LEA ECX,[LOCAL.155]
||PUSH ECX

; /Arg2
; |
; |Arg1 =>

||LEA ECX,[LOCAL.1051]
||CALL 0040B290

; |
; \SystemIn

||MOV DWORD PTR SS:[LOCAL.2505],EAX


||MOV EDX,DWORD PTR SS:[LOCAL.2505]
||MOV DWORD PTR SS:[LOCAL.2506],EDX
||MOV BYTE PTR SS:[LOCAL.1],5A
||SUB ESP,28
||MOV EAX,ESP
||MOV DWORD PTR SS:[LOCAL.1041],ESP
||PUSH OFFSET 004484C4

; /Arg3 = A

||MOV ECX,DWORD PTR SS:[LOCAL.2506]


||PUSH ECX

; |
; |Arg2 =>

||PUSH EAX
||CALL 0040E9F0

; |Arg1
; \SystemIn

||ADD ESP,0C
||MOV DWORD PTR SS:[LOCAL.2507],EAX
||CALL 0041AE80
||ADD ESP,2C
||MOV BYTE PTR SS:[LOCAL.1],59
||LEA ECX,[LOCAL.1051]
||CALL 0040B360

; [SystemIn

||PUSH 20

; /Arg2 = 2

||LEA EDX,[LOCAL.1052+2]
||PUSH EDX

; |
; |Arg1

00403321 |. E8 EA7A0000 ||CALL 0040AE10


fo.0040AE10
00403326 |. 83C4 08
||ADD ESP,8
00403329 |. 50
||PUSH EAX
0040332A |. 68 009A4000 ||PUSH 00409A00
SystemInfo.409A00
0040332F |. 68 34854400 ||PUSH OFFSET 00448534
Watchtower Library Version"
00403334 |. 68 C0994000 ||PUSH 004099C0
SystemInfo.4099C0
00403339 |. 6A 2E
||PUSH 2E
= 2E
0040333B |. 8D85 91EFFFFF ||LEA EAX,[LOCAL.1052+1]
00403341 |. 50
||PUSH EAX
00403342 |. E8 C97A0000 ||CALL 0040AE10
mInfo.0040AE10
00403347 |. 83C4 08
||ADD ESP,8
0040334A |. 50
||PUSH EAX
0040334B |. 6A 23
||PUSH 23
= 23
0040334D |. 8D8D 88EFFFFF ||LEA ECX,[LOCAL.1054]
00403353 |. 51
||PUSH ECX
=> OFFSET LOCAL.1054
00403354 |. E8 3FA40200 ||CALL 0042D798
emInfo.0042D798
00403359 |. 83C4 08
||ADD ESP,8
0040335C |. 50
||PUSH EAX
0040335D |. 68 77874400 ||PUSH OFFSET 00448777
00403362 |. 6A 06
||PUSH 6
2 = 6
00403364 |. 8D95 80EFFFFF ||LEA EDX,[LOCAL.1056]
0040336A |. 52
||PUSH EDX
1 => OFFSET LOCAL.1056
0040336B |. E8 28A40200 ||CALL 0042D798
temInfo.0042D798
00403370 |. 83C4 08
||ADD ESP,8
00403373 |. 50
||PUSH EAX
2
00403374 |. 8B45 08
||MOV EAX,DWORD PTR SS:[ARG.1]
00403377 |. 50
||PUSH EAX
1 => [ARG.1]
00403378 |. E8 A3750000 ||CALL 0040A920
temInfo.0040A920
0040337D |. 83C4 08
||ADD ESP,8
00403380 |. 50
||PUSH EAX
00403381 |. E8 DA750000 ||CALL 0040A960
00403386 |. 83C4 08
||ADD ESP,8
00403389 |. 50
||PUSH EAX
0040338A |. E8 91750000 ||CALL 0040A920
emInfo.0040A920
0040338F |. 83C4 08
||ADD ESP,8
00403392 |. 50
||PUSH EAX
00403393 |. E8 887A0000 ||CALL 0040AE20
mInfo.0040AE20
00403398 |. 83C4 08
||ADD ESP,8
0040339B |. 8BC8
||MOV ECX,EAX
0040339D |. E8 AE270000 ||CALL 00405B50
Info.00405B50
004033A2 |. 50
||PUSH EAX
004033A3 |. E8 B8750000 ||CALL 0040A960

; \SystemIn
; /Arg2
; |/Arg1 =
; ||ASCII "
; ||/Arg1 =
; |||/Arg2
; ||||
; ||||Arg1
; |||\Syste
; |||
; |||/Arg2
; ||||/Arg2
; |||||
; |||||Arg1
; ||||\Syst
;
;
;
;

||||
||||/Arg2
|||||
|||||/Arg

; ||||||
; ||||||Arg
; |||||\Sys
; |||||
; |||||/Arg
; ||||||
; ||||||Arg
; |||||\Sys
;
;
;
;
;
;

|||||
|||||
|||||
|||||
|||||Arg1
||||\Syst

; ||||
; ||||Arg1
; |||\Syste
; |||
; |||
; ||\System
; ||
; ||

004033A8 |. 83C4 08
004033AB |. 8BC8
004033AD |. E8 9E270000
nfo.00405B50
004033B2 |. 50
004033B3 |. E8 687A0000
fo.0040AE20
004033B8 |. 83C4 08
004033BB |. 8D8D FCFBFFFF
004033C1 |. E8 4A270000
004033C6 |. 0FB6C8
004033C9 |. 85C9
004033CB |. 74 21
004033CD |. 68 409A4000
ystemInfo.409A40
004033D2 |. 8D95 D4FBFFFF
004033D8 |. 52
004033D9 |. 8B45 08
004033DC |. 50
004033DD |. E8 7E7A0000
004033E2 |. 83C4 08
004033E5 |. 8BC8
004033E7 |. E8 44270000
fo.00405B30
004033EC |. EB 4B
004033EE |> 68 409A4000
ystemInfo.409A40
004033F3 |. 68 68854400
004033F8 |. 8D8D FCFBFFFF
004033FE |. 51
004033FF |. 68 64854400
("
00403404 |. 8D95 24FCFFFF
0040340A |. 52
0040340B |. 8B45 08
0040340E |. 50
0040340F |. E8 4C7A0000
00403414 |. 83C4 08
00403417 |. 50
00403418 |. E8 43750000
0040341D |. 83C4 08
00403420 |. 50
00403421 |. E8 3A7A0000
00403426 |. 83C4 08
00403429 |. 50
0040342A |. E8 31750000
0040342F |. 83C4 08
00403432 |. 8BC8
00403434 |. E8 F7260000
fo.00405B30
00403439 |> 8D8D 57EFFFFF
0040343F |. E8 6CC10000
fo.0040F5B0
00403444 |. 50
00403445 |. 8D8D 94FDFFFF
0040344B |. 51
OFFSET LOCAL.155
0040344C |. 8D8D 58EFFFFF
00403452 |. E8 397E0000
fo.0040B290

||ADD ESP,8
||MOV ECX,EAX
||CALL 00405B50

; ||
; ||
; |\SystemI

||PUSH EAX
||CALL 0040AE20

; |Arg1
; \SystemIn

||ADD ESP,8
||LEA ECX,[LOCAL.257]
||CALL 00405B10
||MOVZX ECX,AL
||TEST ECX,ECX
||JE SHORT 004033EE
||PUSH 00409A40

; /Arg1 = S

||LEA EDX,[LOCAL.267]
||PUSH EDX
||MOV EAX,DWORD PTR SS:[ARG.1]
||PUSH EAX
||CALL 0040AE60
||ADD ESP,8
||MOV ECX,EAX
||CALL 00405B30

;
;
;
;
;
;
;
;

||JMP SHORT 00403439


||PUSH 00409A40

; /Arg1 = S

||PUSH OFFSET 00448568


||LEA ECX,[LOCAL.257]
||PUSH ECX
||PUSH OFFSET 00448564

;
;
;
;

|
|
|
|ASCII "

||LEA EDX,[LOCAL.247]
||PUSH EDX
||MOV EAX,DWORD PTR SS:[ARG.1]
||PUSH EAX
||CALL 0040AE60
||ADD ESP,8
||PUSH EAX
||CALL 0040A960
||ADD ESP,8
||PUSH EAX
||CALL 0040AE60
||ADD ESP,8
||PUSH EAX
||CALL 0040A960
||ADD ESP,8
||MOV ECX,EAX
||CALL 00405B30

;
;
;
;
;
;
;
;
;
;
;
;
;
;
;
;
;

|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
\SystemIn

||LEA ECX,[LOCAL.1067+3]
||CALL 0040F5B0

; [SystemIn

||PUSH EAX
||LEA ECX,[LOCAL.155]
||PUSH ECX

; /Arg2
; |
; |Arg1 =>

||LEA ECX,[LOCAL.1066]
||CALL 0040B290

; |
; \SystemIn

|
|
|
|
|
|
|
\SystemIn

00403457 |. 8985 D0D8FFFF ||MOV DWORD PTR SS:[LOCAL.2508],EAX


0040345D |. 8B95 D0D8FFFF ||MOV EDX,DWORD PTR SS:[LOCAL.2508]
00403463 |. 8995 CCD8FFFF ||MOV DWORD PTR SS:[LOCAL.2509],EDX
00403469 |. C645 FC 5B
||MOV BYTE PTR SS:[LOCAL.1],5B
0040346D |. 68 60854400 ||PUSH OFFSET 00448560
ystemInfo.448560
00403472 |. 8B85 CCD8FFFF ||MOV EAX,DWORD PTR SS:[LOCAL.2509]
00403478 |. 50
||PUSH EAX
[LOCAL.2509]
00403479 |. 8D8D 2CEFFFFF ||LEA ECX,[LOCAL.1077]
0040347F |. 51
||PUSH ECX
OFFSET LOCAL.1077
00403480 |. E8 6BB50000 ||CALL 0040E9F0
fo.0040E9F0
00403485 |. 83C4 0C
||ADD ESP,0C
00403488 |. 8985 C8D8FFFF ||MOV DWORD PTR SS:[LOCAL.2510],EAX
0040348E |. 8B95 C8D8FFFF ||MOV EDX,DWORD PTR SS:[LOCAL.2510]
00403494 |. 8995 C4D8FFFF ||MOV DWORD PTR SS:[LOCAL.2511],EDX
0040349A |. C645 FC 5C
||MOV BYTE PTR SS:[LOCAL.1],5C
0040349E |. 68 1C854400 ||PUSH OFFSET 0044851C
SCII "codepageoverride.msd"
004034A3 |. 8B85 C4D8FFFF ||MOV EAX,DWORD PTR SS:[LOCAL.2511]
004034A9 |. 50
||PUSH EAX
[LOCAL.2511]
004034AA |. 8D8D 04EFFFFF ||LEA ECX,[LOCAL.1087]
004034B0 |. 51
||PUSH ECX
OFFSET LOCAL.1087
004034B1 |. E8 3AB50000 ||CALL 0040E9F0
fo.0040E9F0
004034B6 |. 83C4 0C
||ADD ESP,0C
004034B9 |. 8985 C0D8FFFF ||MOV DWORD PTR SS:[LOCAL.2512],EAX
004034BF |. 8B95 C0D8FFFF ||MOV EDX,DWORD PTR SS:[LOCAL.2512]
004034C5 |. 8995 BCD8FFFF ||MOV DWORD PTR SS:[LOCAL.2513],EDX
004034CB |. C645 FC 5D
||MOV BYTE PTR SS:[LOCAL.1],5D
004034CF |. 6A 00
||PUSH 0
e = NULL
004034D1 |. 68 80000000 ||PUSH 80
es = FILE_ATTRIBUTE_NORMAL
004034D6 |. 6A 03
||PUSH 3
Distribution = OPEN_EXISTING
004034D8 |. 6A 00
||PUSH 0
y = NULL
004034DA |. 6A 01
||PUSH 1
e = FILE_SHARE_READ
004034DC |. 68 00000080 ||PUSH 80000000
ccess = GENERIC_READ
004034E1 |. 8B8D BCD8FFFF ||MOV ECX,DWORD PTR SS:[LOCAL.2513]
004034E7 |. E8 24C00000 ||CALL 0040F510
004034EC |. 50
||PUSH EAX
004034ED |. FF15 34804400 ||CALL DWORD PTR DS:[<&KERNEL32.CreateFi
.CreateFileA
004034F3 |. 8985 A4FBFFFF ||MOV DWORD PTR SS:[LOCAL.279],EAX
004034F9 |. C645 FC 5C
||MOV BYTE PTR SS:[LOCAL.1],5C
004034FD |. 8D8D 04EFFFFF ||LEA ECX,[LOCAL.1087]
00403503 |. E8 587E0000 ||CALL 0040B360
fo.0040B360
00403508 |. C645 FC 5B
||MOV BYTE PTR SS:[LOCAL.1],5B
0040350C |. 8D8D 2CEFFFFF ||LEA ECX,[LOCAL.1077]
00403512 |. E8 497E0000 ||CALL 0040B360
fo.0040B360

; /Arg3 = S
; |
; |Arg2 =>
; |
; |Arg1 =>
; \SystemIn

; /Arg3 = A
; |
; |Arg2 =>
; |
; |Arg1 =>
; \SystemIn

; /hTemplat
; |Attribut
; |Creation
; |pSecurit
; |ShareMod
; |DesiredA
;
;
;
;

|
|
|FileName
\KERNEL32

; [SystemIn

; [SystemIn

00403517 |. C645 FC 59
0040351B |. 8D8D 58EFFFFF
00403521 |. E8 3A7E0000
fo.0040B360
00403526 |. 83BD A4FBFFFF
0040352D |. 0F84 B4000000
00403533 |. 8B85 A4FBFFFF
00403539 |. 50
=> [LOCAL.279]
0040353A |. FF15 30804400
.CloseHandle
00403540 |. 8D8D FFEEFFFF
00403546 |. E8 65C00000
fo.0040F5B0
0040354B |. 83EC 28
0040354E |. 8BCC
00403550 |. 89A5 00EFFFFF
00403556 |. 50
00403557 |. 68 1C854400
SCII "codepageoverride.msd"
0040355C |. E8 2F7D0000
fo.0040B290
00403561 |. 8985 B8D8FFFF
00403567 |. 8B8D B8D8FFFF
0040356D |. 898D B4D8FFFF
00403573 |. C645 FC 5E
00403577 |. 8D8D F7EEFFFF
0040357D |. E8 2EC00000
fo.0040F5B0
00403582 |. 83EC 28
00403585 |. 8BCC
00403587 |. 89A5 F8EEFFFF
0040358D |. 50
0040358E |. 68 14854400
SCII "
"
00403593 |. E8 F87C0000
fo.0040B290
00403598 |. 8985 B0D8FFFF
0040359E |. 8B95 B0D8FFFF
004035A4 |. 8995 ACD8FFFF
004035AA |. C645 FC 5F
004035AE |. 8D8D EFEEFFFF
004035B4 |. E8 F7BF0000
fo.0040F5B0
004035B9 |. 83EC 28
004035BC |. 8BCC
004035BE |. 89A5 F0EEFFFF
004035C4 |. 50
004035C5 |. 8D85 94FDFFFF
004035CB |. 50
OFFSET LOCAL.155
004035CC |. E8 BF7C0000
fo.0040B290
004035D1 |. 8985 A8D8FFFF
004035D7 |. 8B4D 08
004035DA |. 51
004035DB |. C645 FC 59
004035DF |. E8 9C170000
004035E4 |. 83C4 7C
004035E7 |> 8D8D E7EEFFFF

||MOV BYTE PTR SS:[LOCAL.1],59


||LEA ECX,[LOCAL.1066]
||CALL 0040B360

; [SystemIn

||CMP DWORD PTR SS:[LOCAL.279],-1


||JE 004035E7
||MOV EAX,DWORD PTR SS:[LOCAL.279]
||PUSH EAX

; /hObject

||CALL DWORD PTR DS:[<&KERNEL32.CloseHan ; \KERNEL32


||LEA ECX,[LOCAL.1089+3]
||CALL 0040F5B0

; [SystemIn

||SUB ESP,28
||MOV ECX,ESP
||MOV DWORD PTR SS:[LOCAL.1088],ESP
||PUSH EAX
||PUSH OFFSET 0044851C

; /Arg2
; |Arg1 = A

||CALL 0040B290

; \SystemIn

||MOV DWORD PTR SS:[LOCAL.2514],EAX


||MOV ECX,DWORD PTR SS:[LOCAL.2514]
||MOV DWORD PTR SS:[LOCAL.2515],ECX
||MOV BYTE PTR SS:[LOCAL.1],5E
||LEA ECX,[LOCAL.1091+3]
||CALL 0040F5B0

; [SystemIn

||SUB ESP,28
||MOV ECX,ESP
||MOV DWORD PTR SS:[LOCAL.1090],ESP
||PUSH EAX
||PUSH OFFSET 00448514

; /Arg2
; |Arg1 = A

||CALL 0040B290

; \SystemIn

||MOV DWORD PTR SS:[LOCAL.2516],EAX


||MOV EDX,DWORD PTR SS:[LOCAL.2516]
||MOV DWORD PTR SS:[LOCAL.2517],EDX
||MOV BYTE PTR SS:[LOCAL.1],5F
||LEA ECX,[LOCAL.1093+3]
||CALL 0040F5B0

; [SystemIn

||SUB ESP,28
||MOV ECX,ESP
||MOV DWORD PTR SS:[LOCAL.1092],ESP
||PUSH EAX
||LEA EAX,[LOCAL.155]
||PUSH EAX

; /Arg2
; |
; |Arg1 =>

||CALL 0040B290

; \SystemIn

||MOV DWORD PTR SS:[LOCAL.2518],EAX


||MOV ECX,DWORD PTR SS:[ARG.1]
||PUSH ECX
||MOV BYTE PTR SS:[LOCAL.1],59
||CALL 00404D80
||ADD ESP,7C
||LEA ECX,[LOCAL.1095+3]

004035ED |. E8 BEBF0000
fo.0040F5B0
004035F2 |. 83EC 28
004035F5 |. 8BCC
004035F7 |. 89A5 E8EEFFFF
004035FD |. 50
004035FE |. 68 00854400
SCII "mepslanguage.mcf"
00403603 |. E8 887C0000
fo.0040B290
00403608 |. 8985 A4D8FFFF
0040360E |. 8B95 A4D8FFFF
00403614 |. 8995 A0D8FFFF
0040361A |. C645 FC 60
0040361E |. 8D8D DFEEFFFF
00403624 |. E8 87BF0000
fo.0040F5B0
00403629 |. 83EC 28
0040362C |. 8BCC
0040362E |. 89A5 E0EEFFFF
00403634 |. 50
00403635 |. 68 14854400
SCII "
"
0040363A |. E8 517C0000
fo.0040B290
0040363F |. 8985 9CD8FFFF
00403645 |. 8B85 9CD8FFFF
0040364B |. 8985 98D8FFFF
00403651 |. C645 FC 61
00403655 |. 8D8D D7EEFFFF
0040365B |. E8 50BF0000
fo.0040F5B0
00403660 |. 83EC 28
00403663 |. 8BCC
00403665 |. 89A5 D8EEFFFF
0040366B |. 50
0040366C |. 8D95 94FDFFFF
00403672 |. 52
OFFSET LOCAL.155
00403673 |. E8 187C0000
fo.0040B290
00403678 |. 8985 94D8FFFF
0040367E |. 8B45 08
00403681 |. 50
00403682 |. C645 FC 59
00403686 |. E8 F5160000
0040368B |. 83C4 7C
0040368E |. 8D8D CFEEFFFF
00403694 |. E8 17BF0000
fo.0040F5B0
00403699 |. 83EC 28
0040369C |. 8BCC
0040369E |. 89A5 D0EEFFFF
004036A4 |. 50
004036A5 |. 68 EC844400
SCII "unicodeoverride.msd"
004036AA |. E8 E17B0000
fo.0040B290
004036AF |. 8985 90D8FFFF
004036B5 |. 8B8D 90D8FFFF

||CALL 0040F5B0

; [SystemIn

||SUB ESP,28
||MOV ECX,ESP
||MOV DWORD PTR SS:[LOCAL.1094],ESP
||PUSH EAX
||PUSH OFFSET 00448500

; /Arg2
; |Arg1 = A

||CALL 0040B290

; \SystemIn

||MOV DWORD PTR SS:[LOCAL.2519],EAX


||MOV EDX,DWORD PTR SS:[LOCAL.2519]
||MOV DWORD PTR SS:[LOCAL.2520],EDX
||MOV BYTE PTR SS:[LOCAL.1],60
||LEA ECX,[LOCAL.1097+3]
||CALL 0040F5B0

; [SystemIn

||SUB ESP,28
||MOV ECX,ESP
||MOV DWORD PTR SS:[LOCAL.1096],ESP
||PUSH EAX
||PUSH OFFSET 00448514

; /Arg2
; |Arg1 = A

||CALL 0040B290

; \SystemIn

||MOV DWORD PTR SS:[LOCAL.2521],EAX


||MOV EAX,DWORD PTR SS:[LOCAL.2521]
||MOV DWORD PTR SS:[LOCAL.2522],EAX
||MOV BYTE PTR SS:[LOCAL.1],61
||LEA ECX,[LOCAL.1099+3]
||CALL 0040F5B0

; [SystemIn

||SUB ESP,28
||MOV ECX,ESP
||MOV DWORD PTR SS:[LOCAL.1098],ESP
||PUSH EAX
||LEA EDX,[LOCAL.155]
||PUSH EDX

; /Arg2
; |
; |Arg1 =>

||CALL 0040B290

; \SystemIn

||MOV DWORD PTR SS:[LOCAL.2523],EAX


||MOV EAX,DWORD PTR SS:[ARG.1]
||PUSH EAX
||MOV BYTE PTR SS:[LOCAL.1],59
||CALL 00404D80
||ADD ESP,7C
||LEA ECX,[LOCAL.1101+3]
||CALL 0040F5B0

; [SystemIn

||SUB ESP,28
||MOV ECX,ESP
||MOV DWORD PTR SS:[LOCAL.1100],ESP
||PUSH EAX
||PUSH OFFSET 004484EC

; /Arg2
; |Arg1 = A

||CALL 0040B290

; \SystemIn

||MOV DWORD PTR SS:[LOCAL.2524],EAX


||MOV ECX,DWORD PTR SS:[LOCAL.2524]

004036BB |. 898D 8CD8FFFF


004036C1 |. C645 FC 62
004036C5 |. 8D8D C7EEFFFF
004036CB |. E8 E0BE0000
fo.0040F5B0
004036D0 |. 83EC 28
004036D3 |. 8BCC
004036D5 |. 89A5 C8EEFFFF
004036DB |. 50
004036DC |. 68 14854400
SCII "
"
004036E1 |. E8 AA7B0000
fo.0040B290
004036E6 |. 8985 88D8FFFF
004036EC |. 8B95 88D8FFFF
004036F2 |. 8995 84D8FFFF
004036F8 |. C645 FC 63
004036FC |. 8D8D BFEEFFFF
00403702 |. E8 A9BE0000
fo.0040F5B0
00403707 |. 83EC 28
0040370A |. 8BCC
0040370C |. 89A5 C0EEFFFF
00403712 |. 50
00403713 |. 8D85 94FDFFFF
00403719 |. 50
OFFSET LOCAL.155
0040371A |. E8 717B0000
fo.0040B290
0040371F |. 8985 80D8FFFF
00403725 |. 8B4D 08
00403728 |. 51
00403729 |. C645 FC 59
0040372D |. E8 4E160000
00403732 |. 83C4 7C
00403735 |. C645 FC 43
00403739 |. 8D8D 7CFBFFFF
0040373F |. E8 1C7C0000
fo.0040B360
00403744 |. E9 EA030000
00403749 |> 8D8D 8FEEFFFF
0040374F |. E8 5CBE0000
fo.0040F5B0
00403754 |. 50
00403755 |. 8D95 94FDFFFF
0040375B |. 52
OFFSET LOCAL.155
0040375C |. 8D8D 90EEFFFF
00403762 |. E8 297B0000
fo.0040B290
00403767 |. 8985 7CD8FFFF
0040376D |. 8B85 7CD8FFFF
00403773 |. 8985 78D8FFFF
00403779 |. C645 FC 64
0040377D |. 83EC 28
00403780 |. 8BCC
00403782 |. 89A5 B8EEFFFF
00403788 |. 68 B4844400
SCII "\wtreader.exe"
0040378D |. 8B95 78D8FFFF

||MOV DWORD PTR SS:[LOCAL.2525],ECX


||MOV BYTE PTR SS:[LOCAL.1],62
||LEA ECX,[LOCAL.1103+3]
||CALL 0040F5B0

; [SystemIn

||SUB ESP,28
||MOV ECX,ESP
||MOV DWORD PTR SS:[LOCAL.1102],ESP
||PUSH EAX
||PUSH OFFSET 00448514

; /Arg2
; |Arg1 = A

||CALL 0040B290

; \SystemIn

||MOV DWORD PTR SS:[LOCAL.2526],EAX


||MOV EDX,DWORD PTR SS:[LOCAL.2526]
||MOV DWORD PTR SS:[LOCAL.2527],EDX
||MOV BYTE PTR SS:[LOCAL.1],63
||LEA ECX,[LOCAL.1105+3]
||CALL 0040F5B0

; [SystemIn

||SUB ESP,28
||MOV ECX,ESP
||MOV DWORD PTR SS:[LOCAL.1104],ESP
||PUSH EAX
||LEA EAX,[LOCAL.155]
||PUSH EAX

; /Arg2
; |
; |Arg1 =>

||CALL 0040B290

; \SystemIn

||MOV DWORD PTR SS:[LOCAL.2528],EAX


||MOV ECX,DWORD PTR SS:[ARG.1]
||PUSH ECX
||MOV BYTE PTR SS:[LOCAL.1],59
||CALL 00404D80
||ADD ESP,7C
||MOV BYTE PTR SS:[LOCAL.1],43
||LEA ECX,[LOCAL.289]
||CALL 0040B360

; [SystemIn

||JMP 00403B33
||LEA ECX,[LOCAL.1117+3]
||CALL 0040F5B0

; [SystemIn

||PUSH EAX
||LEA EDX,[LOCAL.155]
||PUSH EDX

; /Arg2
; |
; |Arg1 =>

||LEA ECX,[LOCAL.1116]
||CALL 0040B290

; |
; \SystemIn

||MOV DWORD PTR SS:[LOCAL.2529],EAX


||MOV EAX,DWORD PTR SS:[LOCAL.2529]
||MOV DWORD PTR SS:[LOCAL.2530],EAX
||MOV BYTE PTR SS:[LOCAL.1],64
||SUB ESP,28
||MOV ECX,ESP
||MOV DWORD PTR SS:[LOCAL.1106],ESP
||PUSH OFFSET 004484B4

; /Arg3 = A

||MOV EDX,DWORD PTR SS:[LOCAL.2530]

; |

00403793 |. 52
[LOCAL.2530]
00403794 |. 51
00403795 |. E8 56B20000
fo.0040E9F0
0040379A |. 83C4 0C
0040379D |. 8985 74D8FFFF
004037A3 |. E8 E8120000
004037A8 |. 83C4 28
004037AB |. 8985 70D8FFFF
004037B1 |. 33C0
004037B3 |. 83BD 70D8FFFF
004037BA |. 0F94C0
004037BD |. 8885 BEEEFFFF
004037C3 |. C645 FC 43
004037C7 |. 8D8D 90EEFFFF
004037CD |. E8 8E7B0000
fo.0040B360
004037D2 |. 0FB68D BEEEFF
004037D9 |. 85C9
004037DB |. 0F84 0C030000
004037E1 |. 8D8D 8EEEFFFF
004037E7 |. E8 C4BD0000
fo.0040F5B0
004037EC |. 50
004037ED |. 8D95 94FDFFFF
004037F3 |. 52
OFFSET LOCAL.155
004037F4 |. 8D8D 54FBFFFF
004037FA |. E8 917A0000
fo.0040B290
004037FF |. C645 FC 65
00403803 |. 8D8D 54FBFFFF
00403809 |. E8 32BD0000
fo.0040F540
0040380E |. 8BF0
00403810 |. 8D85 9CFEFFFF
00403816 |. 50
OFFSET LOCAL.89
00403817 |. E8 B4700000
fo.0040A8D0
0040381C |. 83C4 04
0040381F |. 2BF0
00403821 |. 56
00403822 |. 8D8D 54FBFFFF
00403828 |. E8 A3220000
fo.00405AD0
0040382D |. 8D8D 6CEEFFFF
00403833 |. 51
OFFSET LOCAL.1125
00403834 |. 8D4D A8
00403837 |. E8 54330000
fo.00406B90
0040383C |. 50
0040383D |. 8D95 54FBFFFF
00403843 |. 52
00403844 |. 8D85 84EEFFFF
0040384A |. 50
OFFSET LOCAL.1119
0040384B |. 8D4D A8

||PUSH EDX

; |Arg2 =>

||PUSH ECX
||CALL 0040E9F0

; |Arg1
; \SystemIn

||ADD ESP,0C
||MOV DWORD PTR SS:[LOCAL.2531],EAX
||CALL 00404A90
||ADD ESP,28
||MOV DWORD PTR SS:[LOCAL.2532],EAX
||XOR EAX,EAX
||CMP DWORD PTR SS:[LOCAL.2532],1
||SETE AL
||MOV BYTE PTR SS:[LOCAL.1105+2],AL
||MOV BYTE PTR SS:[LOCAL.1],43
||LEA ECX,[LOCAL.1116]
||CALL 0040B360

; [SystemIn

||MOVZX ECX,BYTE PTR SS:[LOCAL.1105+2]


||TEST ECX,ECX
||JE 00403AED
||LEA ECX,[LOCAL.1117+2]
||CALL 0040F5B0

; [SystemIn

||PUSH EAX
||LEA EDX,[LOCAL.155]
||PUSH EDX

; /Arg2
; |
; |Arg1 =>

||LEA ECX,[LOCAL.299]
||CALL 0040B290

; |
; \SystemIn

||MOV BYTE PTR SS:[LOCAL.1],65


||LEA ECX,[LOCAL.299]
||CALL 0040F540

; [SystemIn

||MOV ESI,EAX
||LEA EAX,[LOCAL.89]
||PUSH EAX

; /Arg1 =>

||CALL 0040A8D0

; \SystemIn

||ADD ESP,4
||SUB ESI,EAX
||PUSH ESI
||LEA ECX,[LOCAL.299]
||CALL 00405AD0

; /Arg1
; |
; \SystemIn

||LEA ECX,[LOCAL.1125]
||PUSH ECX

; /Arg1 =>

||LEA ECX,[LOCAL.22]
||CALL 00406B90

; |
; \SystemIn

||PUSH EAX
||LEA EDX,[LOCAL.299]
||PUSH EDX
||LEA EAX,[LOCAL.1119]
||PUSH EAX

;
;
;
;
;

||LEA ECX,[LOCAL.22]

; ||

/Arg1
|
|
|
|/Arg1 =>

0040384E |. E8 3D330000
nfo.00406B90
00403853 |. 8B48 04
00403856 |. 51
00403857 |. 8B10
00403859 |. 52
0040385A |. 8D85 7CEEFFFF
00403860 |. 50
OFFSET LOCAL.1121
00403861 |. 8D4D A8
00403864 |. E8 C7320000
nfo.00406B30
00403869 |. 8B48 04
0040386C |. 51
0040386D |. 8B10
0040386F |. 52
00403870 |. 8D85 74EEFFFF
00403876 |. 50
00403877 |. E8 A47B0000
0040387C |. 83C4 18
0040387F |. 8BC8
00403881 |. E8 DA340000
fo.00406D60
00403886 |. 0FB6C8
00403889 |. 85C9
0040388B |. 74 0F
0040388D |. 8D95 54FBFFFF
00403893 |. 52
OFFSET LOCAL.299
00403894 |. 8D4D A8
00403897 |. E8 B4330000
fo.00406C50
0040389C |> 8D85 D4FBFFFF
004038A2 |. 50
004038A3 |. 8D8D 3FEEFFFF
004038A9 |. E8 02BD0000
fo.0040F5B0
004038AE |. 50
004038AF |. 8D8D 94FDFFFF
004038B5 |. 51
OFFSET LOCAL.155
004038B6 |. 8D8D 40EEFFFF
004038BC |. E8 CF790000
fo.0040B290
004038C1 |. 8985 6CD8FFFF
004038C7 |. 8B95 6CD8FFFF
004038CD |. 8995 68D8FFFF
004038D3 |. C645 FC 66
004038D7 |. 83EC 28
004038DA |. 8BC4
004038DC |. 89A5 68EEFFFF
004038E2 |. 68 B4844400
SCII "\wtreader.exe"
004038E7 |. 8B8D 68D8FFFF
004038ED |. 51
[LOCAL.2534]
004038EE |. 50
004038EF |. E8 FCB00000
fo.0040E9F0
004038F4 |. 83C4 0C

||CALL 00406B90

; |\SystemI

||MOV ECX,DWORD PTR DS:[EAX+4]


||PUSH ECX
||MOV EDX,DWORD PTR DS:[EAX]
||PUSH EDX
||LEA EAX,[LOCAL.1121]
||PUSH EAX

;
;
;
;
;
;

||LEA ECX,[LOCAL.22]
||CALL 00406B30

; ||
; |\SystemI

||MOV ECX,DWORD PTR DS:[EAX+4]


||PUSH ECX
||MOV EDX,DWORD PTR DS:[EAX]
||PUSH EDX
||LEA EAX,[LOCAL.1123]
||PUSH EAX
||CALL 0040B420
||ADD ESP,18
||MOV ECX,EAX
||CALL 00406D60

;
;
;
;
;
;
;
;
;
;

||MOVZX ECX,AL
||TEST ECX,ECX
||JE SHORT 0040389C
||LEA EDX,[LOCAL.299]
||PUSH EDX

; /Arg1 =>

||LEA ECX,[LOCAL.22]
||CALL 00406C50

; |
; \SystemIn

||LEA EAX,[LOCAL.267]
||PUSH EAX
||LEA ECX,[LOCAL.1137+3]
||CALL 0040F5B0

; [SystemIn

||PUSH EAX
||LEA ECX,[LOCAL.155]
||PUSH ECX

; /Arg2
; |
; |Arg1 =>

||LEA ECX,[LOCAL.1136]
||CALL 0040B290

; |
; \SystemIn

||MOV DWORD PTR SS:[LOCAL.2533],EAX


||MOV EDX,DWORD PTR SS:[LOCAL.2533]
||MOV DWORD PTR SS:[LOCAL.2534],EDX
||MOV BYTE PTR SS:[LOCAL.1],66
||SUB ESP,28
||MOV EAX,ESP
||MOV DWORD PTR SS:[LOCAL.1126],ESP
||PUSH OFFSET 004484B4

; /Arg3 = A

||MOV ECX,DWORD PTR SS:[LOCAL.2534]


||PUSH ECX

; |
; |Arg2 =>

||PUSH EAX
||CALL 0040E9F0

; |Arg1
; \SystemIn

||ADD ESP,0C

|
|
|
|
|
|/Arg1 =>

|
|
|
|
|
|
|
|
|
\SystemIn

004038F7 |. 8985 64D8FFFF ||MOV DWORD PTR SS:[LOCAL.2535],EAX


004038FD |. E8 7E750100 ||CALL 0041AE80
00403902 |. 83C4 2C
||ADD ESP,2C
00403905 |. C645 FC 65
||MOV BYTE PTR SS:[LOCAL.1],65
00403909 |. 8D8D 40EEFFFF ||LEA ECX,[LOCAL.1136]
0040390F |. E8 4C7A0000 ||CALL 0040B360
fo.0040B360
00403914 |. 6A 20
||PUSH 20
0
00403916 |. 8D95 3EEEFFFF ||LEA EDX,[LOCAL.1137+2]
0040391C |. 52
||PUSH EDX
0040391D |. E8 EE740000 ||CALL 0040AE10
fo.0040AE10
00403922 |. 83C4 08
||ADD ESP,8
00403925 |. 50
||PUSH EAX
00403926 |. 68 009A4000 ||PUSH 00409A00
SystemInfo.409A00
0040392B |. 68 94844400 ||PUSH OFFSET 00448494
Watchtower Reader Version"
00403930 |. 68 C0994000 ||PUSH 004099C0
SystemInfo.4099C0
00403935 |. 6A 2E
||PUSH 2E
= 2E
00403937 |. 8D85 3DEEFFFF ||LEA EAX,[LOCAL.1137+1]
0040393D |. 50
||PUSH EAX
0040393E |. E8 CD740000 ||CALL 0040AE10
mInfo.0040AE10
00403943 |. 83C4 08
||ADD ESP,8
00403946 |. 50
||PUSH EAX
00403947 |. 6A 23
||PUSH 23
= 23
00403949 |. 8D8D 34EEFFFF ||LEA ECX,[LOCAL.1139]
0040394F |. 51
||PUSH ECX
=> OFFSET LOCAL.1139
00403950 |. E8 439E0200 ||CALL 0042D798
emInfo.0042D798
00403955 |. 83C4 08
||ADD ESP,8
00403958 |. 50
||PUSH EAX
00403959 |. 68 77874400 ||PUSH OFFSET 00448777
0040395E |. 6A 06
||PUSH 6
2 = 6
00403960 |. 8D95 2CEEFFFF ||LEA EDX,[LOCAL.1141]
00403966 |. 52
||PUSH EDX
1 => OFFSET LOCAL.1141
00403967 |. E8 2C9E0200 ||CALL 0042D798
temInfo.0042D798
0040396C |. 83C4 08
||ADD ESP,8
0040396F |. 50
||PUSH EAX
2
00403970 |. 8B45 08
||MOV EAX,DWORD PTR SS:[ARG.1]
00403973 |. 50
||PUSH EAX
1 => [ARG.1]
00403974 |. E8 A76F0000 ||CALL 0040A920
temInfo.0040A920
00403979 |. 83C4 08
||ADD ESP,8
0040397C |. 50
||PUSH EAX
0040397D |. E8 DE6F0000 ||CALL 0040A960
00403982 |. 83C4 08
||ADD ESP,8
00403985 |. 50
||PUSH EAX
00403986 |. E8 956F0000 ||CALL 0040A920

; [SystemIn
; /Arg2 = 2
; |
; |Arg1
; \SystemIn
; /Arg2
; |/Arg1 =
; ||ASCII "
; ||/Arg1 =
; |||/Arg2
; ||||
; ||||Arg1
; |||\Syste
; |||
; |||/Arg2
; ||||/Arg2
; |||||
; |||||Arg1
; ||||\Syst
;
;
;
;

||||
||||/Arg2
|||||
|||||/Arg

; ||||||
; ||||||Arg
; |||||\Sys
; |||||
; |||||/Arg
; ||||||
; ||||||Arg
; |||||\Sys
;
;
;
;
;
;

|||||
|||||
|||||
|||||
|||||Arg1
||||\Syst

emInfo.0040A920
0040398B |. 83C4 08
0040398E |. 50
0040398F |. E8 8C740000
mInfo.0040AE20
00403994 |. 83C4 08
00403997 |. 8BC8
00403999 |. E8 B2210000
Info.00405B50
0040399E |. 50
0040399F |. E8 BC6F0000
004039A4 |. 83C4 08
004039A7 |. 8BC8
004039A9 |. E8 A2210000
nfo.00405B50
004039AE |. 50
004039AF |. E8 6C740000
fo.0040AE20
004039B4 |. 83C4 08
004039B7 |. 8D8D FCFBFFFF
004039BD |. E8 4E210000
004039C2 |. 0FB6C8
004039C5 |. 85C9
004039C7 |. 74 21
004039C9 |. 68 409A4000
ystemInfo.409A40
004039CE |. 8D95 D4FBFFFF
004039D4 |. 52
004039D5 |. 8B45 08
004039D8 |. 50
004039D9 |. E8 82740000
004039DE |. 83C4 08
004039E1 |. 8BC8
004039E3 |. E8 48210000
fo.00405B30
004039E8 |. EB 4B
004039EA |> 68 409A4000
ystemInfo.409A40
004039EF |. 68 68854400
004039F4 |. 8D8D FCFBFFFF
004039FA |. 51
004039FB |. 68 64854400
("
00403A00 |. 8D95 24FCFFFF
00403A06 |. 52
00403A07 |. 8B45 08
00403A0A |. 50
00403A0B |. E8 50740000
00403A10 |. 83C4 08
00403A13 |. 50
00403A14 |. E8 476F0000
00403A19 |. 83C4 08
00403A1C |. 50
00403A1D |. E8 3E740000
00403A22 |. 83C4 08
00403A25 |. 50
00403A26 |. E8 356F0000
00403A2B |. 83C4 08
00403A2E |. 8BC8
00403A30 |. E8 FB200000

||ADD ESP,8
||PUSH EAX
||CALL 0040AE20

; ||||
; ||||Arg1
; |||\Syste

||ADD ESP,8
||MOV ECX,EAX
||CALL 00405B50

; |||
; |||
; ||\System

||PUSH EAX
||CALL 0040A960
||ADD ESP,8
||MOV ECX,EAX
||CALL 00405B50

;
;
;
;
;

||PUSH EAX
||CALL 0040AE20

; |Arg1
; \SystemIn

||ADD ESP,8
||LEA ECX,[LOCAL.257]
||CALL 00405B10
||MOVZX ECX,AL
||TEST ECX,ECX
||JE SHORT 004039EA
||PUSH 00409A40

; /Arg1 = S

||LEA EDX,[LOCAL.267]
||PUSH EDX
||MOV EAX,DWORD PTR SS:[ARG.1]
||PUSH EAX
||CALL 0040AE60
||ADD ESP,8
||MOV ECX,EAX
||CALL 00405B30

;
;
;
;
;
;
;
;

||JMP SHORT 00403A35


||PUSH 00409A40

; /Arg1 = S

||PUSH OFFSET 00448568


||LEA ECX,[LOCAL.257]
||PUSH ECX
||PUSH OFFSET 00448564

;
;
;
;

|
|
|
|ASCII "

||LEA EDX,[LOCAL.247]
||PUSH EDX
||MOV EAX,DWORD PTR SS:[ARG.1]
||PUSH EAX
||CALL 0040AE60
||ADD ESP,8
||PUSH EAX
||CALL 0040A960
||ADD ESP,8
||PUSH EAX
||CALL 0040AE60
||ADD ESP,8
||PUSH EAX
||CALL 0040A960
||ADD ESP,8
||MOV ECX,EAX
||CALL 00405B30

;
;
;
;
;
;
;
;
;
;
;
;
;
;
;
;
;

|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
\SystemIn

||
||
||
||
|\SystemI

|
|
|
|
|
|
|
\SystemIn

fo.00405B30
00403A35 |> 8D8D 27EEFFFF
00403A3B |. E8 70BB0000
fo.0040F5B0
00403A40 |. 83EC 28
00403A43 |. 8BCC
00403A45 |. 89A5 28EEFFFF
00403A4B |. 50
00403A4C |. 68 00854400
SCII "mepslanguage.mcf"
00403A51 |. E8 3A780000
fo.0040B290
00403A56 |. 8985 60D8FFFF
00403A5C |. 8B8D 60D8FFFF
00403A62 |. 898D 5CD8FFFF
00403A68 |. C645 FC 67
00403A6C |. 8D8D 1FEEFFFF
00403A72 |. E8 39BB0000
fo.0040F5B0
00403A77 |. 83EC 28
00403A7A |. 8BCC
00403A7C |. 89A5 20EEFFFF
00403A82 |. 50
00403A83 |. 68 14854400
SCII "
"
00403A88 |. E8 03780000
fo.0040B290
00403A8D |. 8985 58D8FFFF
00403A93 |. 8B95 58D8FFFF
00403A99 |. 8995 54D8FFFF
00403A9F |. C645 FC 68
00403AA3 |. 8D8D 17EEFFFF
00403AA9 |. E8 02BB0000
fo.0040F5B0
00403AAE |. 83EC 28
00403AB1 |. 8BCC
00403AB3 |. 89A5 18EEFFFF
00403AB9 |. 50
00403ABA |. 8D85 94FDFFFF
00403AC0 |. 50
OFFSET LOCAL.155
00403AC1 |. E8 CA770000
fo.0040B290
00403AC6 |. 8985 50D8FFFF
00403ACC |. 8B4D 08
00403ACF |. 51
00403AD0 |. C645 FC 65
00403AD4 |. E8 A7120000
00403AD9 |. 83C4 7C
00403ADC |. C645 FC 43
00403AE0 |. 8D8D 54FBFFFF
00403AE6 |. E8 75780000
fo.0040B360
00403AEB |. EB 46
00403AED |> 68 409A4000
ystemInfo.409A40
00403AF2 |. 68 78844400
Unknown application."
00403AF7 |. 68 77874400
00403AFC |. 6A 06

||LEA ECX,[LOCAL.1143+3]
||CALL 0040F5B0

; [SystemIn

||SUB ESP,28
||MOV ECX,ESP
||MOV DWORD PTR SS:[LOCAL.1142],ESP
||PUSH EAX
||PUSH OFFSET 00448500

; /Arg2
; |Arg1 = A

||CALL 0040B290

; \SystemIn

||MOV DWORD PTR SS:[LOCAL.2536],EAX


||MOV ECX,DWORD PTR SS:[LOCAL.2536]
||MOV DWORD PTR SS:[LOCAL.2537],ECX
||MOV BYTE PTR SS:[LOCAL.1],67
||LEA ECX,[LOCAL.1145+3]
||CALL 0040F5B0

; [SystemIn

||SUB ESP,28
||MOV ECX,ESP
||MOV DWORD PTR SS:[LOCAL.1144],ESP
||PUSH EAX
||PUSH OFFSET 00448514

; /Arg2
; |Arg1 = A

||CALL 0040B290

; \SystemIn

||MOV DWORD PTR SS:[LOCAL.2538],EAX


||MOV EDX,DWORD PTR SS:[LOCAL.2538]
||MOV DWORD PTR SS:[LOCAL.2539],EDX
||MOV BYTE PTR SS:[LOCAL.1],68
||LEA ECX,[LOCAL.1147+3]
||CALL 0040F5B0

; [SystemIn

||SUB ESP,28
||MOV ECX,ESP
||MOV DWORD PTR SS:[LOCAL.1146],ESP
||PUSH EAX
||LEA EAX,[LOCAL.155]
||PUSH EAX

; /Arg2
; |
; |Arg1 =>

||CALL 0040B290

; \SystemIn

||MOV DWORD PTR SS:[LOCAL.2540],EAX


||MOV ECX,DWORD PTR SS:[ARG.1]
||PUSH ECX
||MOV BYTE PTR SS:[LOCAL.1],65
||CALL 00404D80
||ADD ESP,7C
||MOV BYTE PTR SS:[LOCAL.1],43
||LEA ECX,[LOCAL.299]
||CALL 0040B360

; [SystemIn

||JMP SHORT 00403B33


||PUSH 00409A40

; /Arg1 = S

||PUSH OFFSET 00448478

; |ASCII "

||PUSH OFFSET 00448777


||PUSH 6

; |
; |/Arg2 =

6
00403AFE |. 8D95 0CEEFFFF ||LEA EDX,[LOCAL.1149]
00403B04 |. 52
||PUSH EDX
OFFSET LOCAL.1149
00403B05 |. E8 8E9C0200 ||CALL 0042D798
nfo.0042D798
00403B0A |. 83C4 08
||ADD ESP,8
00403B0D |. 50
||PUSH EAX
00403B0E |. 8B45 08
||MOV EAX,DWORD PTR SS:[ARG.1]
00403B11 |. 50
||PUSH EAX
[ARG.1]
00403B12 |. E8 096E0000 ||CALL 0040A920
nfo.0040A920
00403B17 |. 83C4 08
||ADD ESP,8
00403B1A |. 50
||PUSH EAX
00403B1B |. E8 406E0000 ||CALL 0040A960
00403B20 |. 83C4 08
||ADD ESP,8
00403B23 |. 50
||PUSH EAX
00403B24 |. E8 376E0000 ||CALL 0040A960
00403B29 |. 83C4 08
||ADD ESP,8
00403B2C |. 8BC8
||MOV ECX,EAX
00403B2E |. E8 FD1F0000 ||CALL 00405B30
fo.00405B30
00403B33 |> C645 FC 3A
||MOV BYTE PTR SS:[LOCAL.1],3A
00403B37 |. 8D8D D4FBFFFF ||LEA ECX,[LOCAL.267]
00403B3D |. E8 9E1E0000 ||CALL 004059E0
fo.004059E0
00403B42 |.^ E9 87E9FFFF |\JMP 004024CE
00403B47 |> 817D F0 03010 |CMP DWORD PTR SS:[LOCAL.4],103
00403B4E |. 74 58
|JE SHORT 00403BA8
00403B50 |. 68 409A4000 |PUSH 00409A40
ystemInfo.409A40
00403B55 |. 68 58844400 |PUSH OFFSET 00448458
ASCII "Cannot enumerate installations"
00403B5A |. 8B4D F0
|MOV ECX,DWORD PTR SS:[LOCAL.4]
00403B5D |. 51
|PUSH ECX
[LOCAL.4]
00403B5E |. E8 FDC90000 |CALL 00410560
nfo.00410560
00403B63 |. 83C4 08
|ADD ESP,8
00403B66 |. 50
|PUSH EAX
00403B67 |. 68 77874400 |PUSH OFFSET 00448777
00403B6C |. 6A 06
|PUSH 6
6
00403B6E |. 8D95 04EEFFFF |LEA EDX,[LOCAL.1151]
00403B74 |. 52
|PUSH EDX
OFFSET LOCAL.1151
00403B75 |. E8 1E9C0200 |CALL 0042D798
nfo.0042D798
00403B7A |. 83C4 08
|ADD ESP,8
00403B7D |. 50
|PUSH EAX
00403B7E |. 8B45 08
|MOV EAX,DWORD PTR SS:[ARG.1]
00403B81 |. 50
|PUSH EAX
[ARG.1]
00403B82 |. E8 996D0000 |CALL 0040A920
nfo.0040A920
00403B87 |. 83C4 08
|ADD ESP,8
00403B8A |. 50
|PUSH EAX
00403B8B |. E8 D06D0000 |CALL 0040A960
00403B90 |. 83C4 08
|ADD ESP,8

; ||
; ||Arg1 =>
; |\SystemI
;
;
;
;

|
|/Arg2
||
||Arg1 =>

; |\SystemI
;
;
;
;
;
;
;
;
;

|
|
|
|
|
|
|
|
\SystemIn

; [SystemIn

; /Arg1 = S
; |/Arg2 =
; ||
; ||Arg1 =>
; |\SystemI
;
;
;
;

|
|
|
|/Arg2 =

; ||
; ||Arg1 =>
; |\SystemI
;
;
;
;

|
|/Arg2
||
||Arg1 =>

; |\SystemI
;
;
;
;

|
|
|
|

00403B93 |. 50
|PUSH EAX
00403B94 |. E8 C76D0000 |CALL 0040A960
00403B99 |. 83C4 08
|ADD ESP,8
00403B9C |. 8BC8
|MOV ECX,EAX
00403B9E |. E8 8D1F0000 |CALL 00405B30
fo.00405B30
00403BA3 |. E9 0D010000 |JMP 00403CB5
00403BA8 |> 83BD 84FDFFFF |CMP DWORD PTR SS:[LOCAL.159],0
00403BAF |. 0F85 00010000 |JNE 00403CB5
00403BB5 |. 68 409A4000 |PUSH 00409A40
ystemInfo.409A40
00403BBA |. 68 34844400 |PUSH OFFSET 00448434
installations have been removed."
00403BBF |. 8D8D FFEDFFFF |LEA ECX,[LOCAL.1153+3]
00403BC5 |. E8 E6B90000 |CALL 0040F5B0
nfo.0040F5B0
00403BCA |. 83EC 28
|SUB ESP,28
00403BCD |. 8BCC
|MOV ECX,ESP
00403BCF |. 89A5 00EEFFFF |MOV DWORD PTR SS:[LOCAL.1152],ESP
00403BD5 |. 50
|PUSH EAX
00403BD6 |. 68 20844400 |PUSH OFFSET 00448420
ASCII "Unknown language"
00403BDB |. E8 B0760000 |CALL 0040B290
nfo.0040B290
00403BE0 |. 8985 4CD8FFFF |MOV DWORD PTR SS:[LOCAL.2541],EAX
00403BE6 |. 8B8D 4CD8FFFF |MOV ECX,DWORD PTR SS:[LOCAL.2541]
00403BEC |. 898D 48D8FFFF |MOV DWORD PTR SS:[LOCAL.2542],ECX
00403BF2 |. C645 FC 69
|MOV BYTE PTR SS:[LOCAL.1],69
00403BF6 |. 8D8D F7EDFFFF |LEA ECX,[LOCAL.1155+3]
00403BFC |. E8 AFB90000 |CALL 0040F5B0
nfo.0040F5B0
00403C01 |. 83EC 28
|SUB ESP,28
00403C04 |. 8BCC
|MOV ECX,ESP
00403C06 |. 89A5 F8EDFFFF |MOV DWORD PTR SS:[LOCAL.1154],ESP
00403C0C |. 50
|PUSH EAX
00403C0D |. 8D95 9CFEFFFF |LEA EDX,[LOCAL.89]
00403C13 |. 52
|PUSH EDX
OFFSET LOCAL.89
00403C14 |. E8 77760000 |CALL 0040B290
nfo.0040B290
00403C19 |. 8985 44D8FFFF |MOV DWORD PTR SS:[LOCAL.2543],EAX
00403C1F |. 8D45 C4
|LEA EAX,[LOCAL.15]
00403C22 |. 50
|PUSH EAX
00403C23 |. 8D8D CCEDFFFF |LEA ECX,[LOCAL.1165]
00403C29 |. 51
|PUSH ECX
00403C2A |. C645 FC 3A
|MOV BYTE PTR SS:[LOCAL.1],3A
00403C2E |. E8 FD0E0000 |CALL 00404B30
00403C33 |. 83C4 58
|ADD ESP,58
00403C36 |. 8985 40D8FFFF |MOV DWORD PTR SS:[LOCAL.2544],EAX
00403C3C |. 8B95 40D8FFFF |MOV EDX,DWORD PTR SS:[LOCAL.2544]
00403C42 |. 8995 3CD8FFFF |MOV DWORD PTR SS:[LOCAL.2545],EDX
00403C48 |. C645 FC 6A
|MOV BYTE PTR SS:[LOCAL.1],6A
00403C4C |. 8B85 3CD8FFFF |MOV EAX,DWORD PTR SS:[LOCAL.2545]
00403C52 |. 50
|PUSH EAX
00403C53 |. 68 18844400 |PUSH OFFSET 00448418
ll "
00403C58 |. 68 77874400 |PUSH OFFSET 00448777
00403C5D |. 6A 06
|PUSH 6
6
00403C5F |. 8D8D C4EDFFFF |LEA ECX,[LOCAL.1167]

;
;
;
;
;

|
|
|
|
\SystemIn

; /Arg1 = S
; |ASCII "
; |
; |[SystemI
;
;
;
;
;

|
|
|
|/Arg2
||Arg1 =

; |\SystemI
;
;
;
;
;
;

|
|
|
|
|
|[SystemI

;
;
;
;
;
;

|
|
|
|/Arg2
||
||Arg1 =>

; |\SystemI
;
;
;
;
;
;
;
;
;
;
;
;
;
;
;

|
|
|
|
|
|
|
|
|
|
|
|
|
|
|ASCII "A

; |
; |/Arg2 =
; ||

00403C65 |. 51
|PUSH ECX
OFFSET LOCAL.1167
00403C66 |. E8 2D9B0200 |CALL 0042D798
nfo.0042D798
00403C6B |. 83C4 08
|ADD ESP,8
00403C6E |. 50
|PUSH EAX
00403C6F |. 8B55 08
|MOV EDX,DWORD PTR SS:[ARG.1]
00403C72 |. 52
|PUSH EDX
[ARG.1]
00403C73 |. E8 A86C0000 |CALL 0040A920
nfo.0040A920
00403C78 |. 83C4 08
|ADD ESP,8
00403C7B |. 50
|PUSH EAX
00403C7C |. E8 DF6C0000 |CALL 0040A960
00403C81 |. 83C4 08
|ADD ESP,8
00403C84 |. 50
|PUSH EAX
00403C85 |. E8 D66C0000 |CALL 0040A960
00403C8A |. 83C4 08
|ADD ESP,8
00403C8D |. 50
|PUSH EAX
00403C8E |. E8 CD710000 |CALL 0040AE60
00403C93 |. 83C4 08
|ADD ESP,8
00403C96 |. 50
|PUSH EAX
00403C97 |. E8 C46C0000 |CALL 0040A960
00403C9C |. 83C4 08
|ADD ESP,8
00403C9F |. 8BC8
|MOV ECX,EAX
00403CA1 |. E8 8A1E0000 |CALL 00405B30
fo.00405B30
00403CA6 |. C645 FC 3A
|MOV BYTE PTR SS:[LOCAL.1],3A
00403CAA |. 8D8D CCEDFFFF |LEA ECX,[LOCAL.1165]
00403CB0 |. E8 AB760000 |CALL 0040B360
fo.0040B360
00403CB5 |> 8B85 80FCFFFF |MOV EAX,DWORD PTR SS:[LOCAL.224]
00403CBB |. 50
|PUSH EAX
[LOCAL.224]
00403CBC |. FF15 14804400 |CALL DWORD PTR DS:[<&ADVAPI32.RegCloseK
.RegCloseKey
00403CC2 |.^ E9 86E7FFFF \JMP 0040244D
00403CC7 |> 817D F0 03010 CMP DWORD PTR SS:[LOCAL.4],103
00403CCE |. 74 58
JE SHORT 00403D28
00403CD0 |. 68 409A4000 PUSH 00409A40
ystemInfo.409A40
00403CD5 |. 68 FC834400 PUSH OFFSET 004483FC
ASCII "Cannot enumerate languages"
00403CDA |. 8B4D F0
MOV ECX,DWORD PTR SS:[LOCAL.4]
00403CDD |. 51
PUSH ECX
[LOCAL.4]
00403CDE |. E8 7DC80000 CALL 00410560
nfo.00410560
00403CE3 |. 83C4 08
ADD ESP,8
00403CE6 |. 50
PUSH EAX
00403CE7 |. 68 77874400 PUSH OFFSET 00448777
00403CEC |. 6A 06
PUSH 6
6
00403CEE |. 8D95 BCEDFFFF LEA EDX,[LOCAL.1169]
00403CF4 |. 52
PUSH EDX
OFFSET LOCAL.1169
00403CF5 |. E8 9E9A0200 CALL 0042D798
nfo.0042D798
00403CFA |. 83C4 08
ADD ESP,8
00403CFD |. 50
PUSH EAX

; ||Arg1 =>
; |\SystemI
;
;
;
;

|
|/Arg2
||
||Arg1 =>

; |\SystemI
;
;
;
;
;
;
;
;
;
;
;
;
;
;
;

|
|
|
|
|
|
|
|
|
|
|
|
|
|
\SystemIn

; [SystemIn
; /hKey =>
; \ADVAPI32

; /Arg1 = S
; |/Arg2 =
; ||
; ||Arg1 =>
; |\SystemI
;
;
;
;

|
|
|
|/Arg2 =

; ||
; ||Arg1 =>
; |\SystemI
; |
; |/Arg2

00403CFE |. 8B45 08
MOV EAX,DWORD PTR SS:[ARG.1]
00403D01 |. 50
PUSH EAX
[ARG.1]
00403D02 |. E8 196C0000 CALL 0040A920
nfo.0040A920
00403D07 |. 83C4 08
ADD ESP,8
00403D0A |. 50
PUSH EAX
00403D0B |. E8 506C0000 CALL 0040A960
00403D10 |. 83C4 08
ADD ESP,8
00403D13 |. 50
PUSH EAX
00403D14 |. E8 476C0000 CALL 0040A960
00403D19 |. 83C4 08
ADD ESP,8
00403D1C |. 8BC8
MOV ECX,EAX
00403D1E |. E8 0D1E0000 CALL 00405B30
fo.00405B30
00403D23 |. E9 BF040000 JMP 004041E7
00403D28 |> 83BD 98FEFFFF CMP DWORD PTR SS:[LOCAL.90],0
00403D2F |. 75 4B
JNE SHORT 00403D7C
00403D31 |. 68 409A4000 PUSH 00409A40
ystemInfo.409A40
00403D36 |. 68 D8834400 PUSH OFFSET 004483D8
ll languages have been removed."
00403D3B |. 68 77874400 PUSH OFFSET 00448777
00403D40 |. 6A 06
PUSH 6
6
00403D42 |. 8D8D B4EDFFFF LEA ECX,[LOCAL.1171]
00403D48 |. 51
PUSH ECX
OFFSET LOCAL.1171
00403D49 |. E8 4A9A0200 CALL 0042D798
nfo.0042D798
00403D4E |. 83C4 08
ADD ESP,8
00403D51 |. 50
PUSH EAX
00403D52 |. 8B55 08
MOV EDX,DWORD PTR SS:[ARG.1]
00403D55 |. 52
PUSH EDX
[ARG.1]
00403D56 |. E8 C56B0000 CALL 0040A920
nfo.0040A920
00403D5B |. 83C4 08
ADD ESP,8
00403D5E |. 50
PUSH EAX
00403D5F |. E8 FC6B0000 CALL 0040A960
00403D64 |. 83C4 08
ADD ESP,8
00403D67 |. 50
PUSH EAX
00403D68 |. E8 F36B0000 CALL 0040A960
00403D6D |. 83C4 08
ADD ESP,8
00403D70 |. 8BC8
MOV ECX,EAX
00403D72 |. E8 B91D0000 CALL 00405B30
fo.00405B30
00403D77 |. E9 6B040000 JMP 004041E7
00403D7C |> C785 50FBFFFF MOV DWORD PTR SS:[LOCAL.300],0
00403D86 |. EB 0F
JMP SHORT 00403D97
00403D88 |> 8B85 50FBFFFF /MOV EAX,DWORD PTR SS:[LOCAL.300]
00403D8E |. 83C0 01
|ADD EAX,1
00403D91 |. 8985 50FBFFFF |MOV DWORD PTR SS:[LOCAL.300],EAX
00403D97 |> 8D4D A8
|LEA ECX,[LOCAL.22]
00403D9A |. E8 512E0000 |CALL 00406BF0
00403D9F |. 3985 50FBFFFF |CMP DWORD PTR SS:[LOCAL.300],EAX
00403DA5 |. 0F83 3C040000 |JNB 004041E7
00403DAB |. 68 409A4000 |PUSH 00409A40
ystemInfo.409A40
00403DB0 |. 8B8D 50FBFFFF |MOV ECX,DWORD PTR SS:[LOCAL.300]

; ||
; ||Arg1 =>
; |\SystemI
;
;
;
;
;
;
;
;
;

|
|
|
|
|
|
|
|
\SystemIn

; /Arg1 = S
; |ASCII "A
; |
; |/Arg2 =
; ||
; ||Arg1 =>
; |\SystemI
;
;
;
;

|
|/Arg2
||
||Arg1 =>

; |\SystemI
;
;
;
;
;
;
;
;
;

|
|
|
|
|
|
|
|
\SystemIn

; /Arg1 = S
; |

00403DB6 |. 51
[LOCAL.300]
00403DB7 |. 8D4D A8
00403DBA |. E8 512E0000
nfo.00406C10
00403DBF |. 50
00403DC0 |. 68 C0834400
ommon files found in: "
00403DC5 |. 68 77874400
00403DCA |. 6A 06
6
00403DCC |. 8D95 ACEDFFFF
00403DD2 |. 52
OFFSET LOCAL.1173
00403DD3 |. E8 C0990200
nfo.0042D798
00403DD8 |. 83C4 08
00403DDB |. 50
00403DDC |. 8B45 08
00403DDF |. 50
[ARG.1]
00403DE0 |. E8 3B6B0000
nfo.0040A920
00403DE5 |. 83C4 08
00403DE8 |. 50
00403DE9 |. E8 726B0000
00403DEE |. 83C4 08
00403DF1 |. 50
00403DF2 |. E8 696B0000
00403DF7 |. 83C4 08
00403DFA |. 50
00403DFB |. E8 60700000
00403E00 |. 83C4 08
00403E03 |. 8BC8
00403E05 |. E8 261D0000
fo.00405B30
00403E0A |. 8D8D A7EDFFFF
00403E10 |. E8 9BB70000
fo.0040F5B0
00403E15 |. 83EC 28
00403E18 |. 8BCC
00403E1A |. 89A5 A8EDFFFF
00403E20 |. 50
00403E21 |. 68 AC834400
SCII "DefaultDACFont.mcf"
00403E26 |. E8 65740000
fo.0040B290
00403E2B |. 8985 38D8FFFF
00403E31 |. 8B8D 38D8FFFF
00403E37 |. 898D 34D8FFFF
00403E3D |. C645 FC 6B
00403E41 |. 8D8D 9FEDFFFF
00403E47 |. E8 64B70000
fo.0040F5B0
00403E4C |. 83EC 28
00403E4F |. 8BCC
00403E51 |. 89A5 A0EDFFFF
00403E57 |. 50
00403E58 |. 68 14854400
SCII "
"

|PUSH ECX

; |/Arg1 =>

|LEA ECX,[LOCAL.22]
|CALL 00406C10

; ||
; |\SystemI

|PUSH EAX
|PUSH OFFSET 004483C0

; |
; |ASCII "C

|PUSH OFFSET 00448777


|PUSH 6

; |
; |/Arg2 =

|LEA EDX,[LOCAL.1173]
|PUSH EDX

; ||
; ||Arg1 =>

|CALL 0042D798

; |\SystemI

|ADD ESP,8
|PUSH EAX
|MOV EAX,DWORD PTR SS:[ARG.1]
|PUSH EAX

;
;
;
;

|CALL 0040A920

; |\SystemI

|ADD ESP,8
|PUSH EAX
|CALL 0040A960
|ADD ESP,8
|PUSH EAX
|CALL 0040A960
|ADD ESP,8
|PUSH EAX
|CALL 0040AE60
|ADD ESP,8
|MOV ECX,EAX
|CALL 00405B30

;
;
;
;
;
;
;
;
;
;
;
;

|LEA ECX,[LOCAL.1175+3]
|CALL 0040F5B0

; [SystemIn

|SUB ESP,28
|MOV ECX,ESP
|MOV DWORD PTR SS:[LOCAL.1174],ESP
|PUSH EAX
|PUSH OFFSET 004483AC

; /Arg2
; |Arg1 = A

|CALL 0040B290

; \SystemIn

|MOV DWORD PTR SS:[LOCAL.2546],EAX


|MOV ECX,DWORD PTR SS:[LOCAL.2546]
|MOV DWORD PTR SS:[LOCAL.2547],ECX
|MOV BYTE PTR SS:[LOCAL.1],6B
|LEA ECX,[LOCAL.1177+3]
|CALL 0040F5B0

; [SystemIn

|SUB ESP,28
|MOV ECX,ESP
|MOV DWORD PTR SS:[LOCAL.1176],ESP
|PUSH EAX
|PUSH OFFSET 00448514

; /Arg2
; |Arg1 = A

|
|/Arg2
||
||Arg1 =>

|
|
|
|
|
|
|
|
|
|
|
\SystemIn

00403E5D |. E8 2E740000
fo.0040B290
00403E62 |. 8985 30D8FFFF
00403E68 |. 8B95 30D8FFFF
00403E6E |. 8995 2CD8FFFF
00403E74 |. C645 FC 6C
00403E78 |. 8B85 50FBFFFF
00403E7E |. 50
[LOCAL.300]
00403E7F |. 8D4D A8
00403E82 |. E8 892D0000
fo.00406C10
00403E87 |. 83EC 28
00403E8A |. 8BCC
00403E8C |. 89A5 98EDFFFF
00403E92 |. 50
00403E93 |. E8 786E0000
fo.0040AD10
00403E98 |. 8985 28D8FFFF
00403E9E |. 8B4D 08
00403EA1 |. 51
00403EA2 |. C645 FC 3A
00403EA6 |. E8 D50E0000
00403EAB |. 83C4 7C
00403EAE |. 8D8D 93EDFFFF
00403EB4 |. E8 F7B60000
fo.0040F5B0
00403EB9 |. 83EC 28
00403EBC |. 8BCC
00403EBE |. 89A5 94EDFFFF
00403EC4 |. 50
00403EC5 |. 68 98834400
SCII "DefaultTTFFont.mcf"
00403ECA |. E8 C1730000
fo.0040B290
00403ECF |. 8985 24D8FFFF
00403ED5 |. 8B95 24D8FFFF
00403EDB |. 8995 20D8FFFF
00403EE1 |. C645 FC 6D
00403EE5 |. 8D8D 8BEDFFFF
00403EEB |. E8 C0B60000
fo.0040F5B0
00403EF0 |. 83EC 28
00403EF3 |. 8BCC
00403EF5 |. 89A5 8CEDFFFF
00403EFB |. 50
00403EFC |. 68 14854400
SCII "
"
00403F01 |. E8 8A730000
fo.0040B290
00403F06 |. 8985 1CD8FFFF
00403F0C |. 8B85 1CD8FFFF
00403F12 |. 8985 18D8FFFF
00403F18 |. C645 FC 6E
00403F1C |. 8B8D 50FBFFFF
00403F22 |. 51
[LOCAL.300]
00403F23 |. 8D4D A8
00403F26 |. E8 E52C0000
fo.00406C10

|CALL 0040B290

; \SystemIn

|MOV DWORD PTR SS:[LOCAL.2548],EAX


|MOV EDX,DWORD PTR SS:[LOCAL.2548]
|MOV DWORD PTR SS:[LOCAL.2549],EDX
|MOV BYTE PTR SS:[LOCAL.1],6C
|MOV EAX,DWORD PTR SS:[LOCAL.300]
|PUSH EAX

; /Arg1 =>

|LEA ECX,[LOCAL.22]
|CALL 00406C10

; |
; \SystemIn

|SUB ESP,28
|MOV ECX,ESP
|MOV DWORD PTR SS:[LOCAL.1178],ESP
|PUSH EAX
|CALL 0040AD10

; /Arg1
; \SystemIn

|MOV DWORD PTR SS:[LOCAL.2550],EAX


|MOV ECX,DWORD PTR SS:[ARG.1]
|PUSH ECX
|MOV BYTE PTR SS:[LOCAL.1],3A
|CALL 00404D80
|ADD ESP,7C
|LEA ECX,[LOCAL.1180+3]
|CALL 0040F5B0

; [SystemIn

|SUB ESP,28
|MOV ECX,ESP
|MOV DWORD PTR SS:[LOCAL.1179],ESP
|PUSH EAX
|PUSH OFFSET 00448398

; /Arg2
; |Arg1 = A

|CALL 0040B290

; \SystemIn

|MOV DWORD PTR SS:[LOCAL.2551],EAX


|MOV EDX,DWORD PTR SS:[LOCAL.2551]
|MOV DWORD PTR SS:[LOCAL.2552],EDX
|MOV BYTE PTR SS:[LOCAL.1],6D
|LEA ECX,[LOCAL.1182+3]
|CALL 0040F5B0

; [SystemIn

|SUB ESP,28
|MOV ECX,ESP
|MOV DWORD PTR SS:[LOCAL.1181],ESP
|PUSH EAX
|PUSH OFFSET 00448514

; /Arg2
; |Arg1 = A

|CALL 0040B290

; \SystemIn

|MOV DWORD PTR SS:[LOCAL.2553],EAX


|MOV EAX,DWORD PTR SS:[LOCAL.2553]
|MOV DWORD PTR SS:[LOCAL.2554],EAX
|MOV BYTE PTR SS:[LOCAL.1],6E
|MOV ECX,DWORD PTR SS:[LOCAL.300]
|PUSH ECX

; /Arg1 =>

|LEA ECX,[LOCAL.22]
|CALL 00406C10

; |
; \SystemIn

00403F2B |. 83EC 28
00403F2E |. 8BCC
00403F30 |. 89A5 84EDFFFF
00403F36 |. 50
00403F37 |. E8 D46D0000
fo.0040AD10
00403F3C |. 8985 14D8FFFF
00403F42 |. 8B55 08
00403F45 |. 52
00403F46 |. C645 FC 3A
00403F4A |. E8 310E0000
00403F4F |. 83C4 7C
00403F52 |. 8D8D 7FEDFFFF
00403F58 |. E8 53B60000
fo.0040F5B0
00403F5D |. 83EC 28
00403F60 |. 8BCC
00403F62 |. 89A5 80EDFFFF
00403F68 |. 50
00403F69 |. 68 88834400
SCII "MEPSSystem.mcf"
00403F6E |. E8 1D730000
fo.0040B290
00403F73 |. 8985 10D8FFFF
00403F79 |. 8B85 10D8FFFF
00403F7F |. 8985 0CD8FFFF
00403F85 |. C645 FC 6F
00403F89 |. 8D8D 77EDFFFF
00403F8F |. E8 1CB60000
fo.0040F5B0
00403F94 |. 83EC 28
00403F97 |. 8BCC
00403F99 |. 89A5 78EDFFFF
00403F9F |. 50
00403FA0 |. 68 14854400
SCII "
"
00403FA5 |. E8 E6720000
fo.0040B290
00403FAA |. 8985 08D8FFFF
00403FB0 |. 8B8D 08D8FFFF
00403FB6 |. 898D 04D8FFFF
00403FBC |. C645 FC 70
00403FC0 |. 8B95 50FBFFFF
00403FC6 |. 52
[LOCAL.300]
00403FC7 |. 8D4D A8
00403FCA |. E8 412C0000
fo.00406C10
00403FCF |. 83EC 28
00403FD2 |. 8BCC
00403FD4 |. 89A5 70EDFFFF
00403FDA |. 50
00403FDB |. E8 306D0000
fo.0040AD10
00403FE0 |. 8985 00D8FFFF
00403FE6 |. 8B45 08
00403FE9 |. 50
00403FEA |. C645 FC 3A
00403FEE |. E8 8D0D0000
00403FF3 |. 83C4 7C

|SUB ESP,28
|MOV ECX,ESP
|MOV DWORD PTR SS:[LOCAL.1183],ESP
|PUSH EAX
|CALL 0040AD10

; /Arg1
; \SystemIn

|MOV DWORD PTR SS:[LOCAL.2555],EAX


|MOV EDX,DWORD PTR SS:[ARG.1]
|PUSH EDX
|MOV BYTE PTR SS:[LOCAL.1],3A
|CALL 00404D80
|ADD ESP,7C
|LEA ECX,[LOCAL.1185+3]
|CALL 0040F5B0

; [SystemIn

|SUB ESP,28
|MOV ECX,ESP
|MOV DWORD PTR SS:[LOCAL.1184],ESP
|PUSH EAX
|PUSH OFFSET 00448388

; /Arg2
; |Arg1 = A

|CALL 0040B290

; \SystemIn

|MOV DWORD PTR SS:[LOCAL.2556],EAX


|MOV EAX,DWORD PTR SS:[LOCAL.2556]
|MOV DWORD PTR SS:[LOCAL.2557],EAX
|MOV BYTE PTR SS:[LOCAL.1],6F
|LEA ECX,[LOCAL.1187+3]
|CALL 0040F5B0

; [SystemIn

|SUB ESP,28
|MOV ECX,ESP
|MOV DWORD PTR SS:[LOCAL.1186],ESP
|PUSH EAX
|PUSH OFFSET 00448514

; /Arg2
; |Arg1 = A

|CALL 0040B290

; \SystemIn

|MOV DWORD PTR SS:[LOCAL.2558],EAX


|MOV ECX,DWORD PTR SS:[LOCAL.2558]
|MOV DWORD PTR SS:[LOCAL.2559],ECX
|MOV BYTE PTR SS:[LOCAL.1],70
|MOV EDX,DWORD PTR SS:[LOCAL.300]
|PUSH EDX

; /Arg1 =>

|LEA ECX,[LOCAL.22]
|CALL 00406C10

; |
; \SystemIn

|SUB ESP,28
|MOV ECX,ESP
|MOV DWORD PTR SS:[LOCAL.1188],ESP
|PUSH EAX
|CALL 0040AD10

; /Arg1
; \SystemIn

|MOV DWORD PTR SS:[LOCAL.2560],EAX


|MOV EAX,DWORD PTR SS:[ARG.1]
|PUSH EAX
|MOV BYTE PTR SS:[LOCAL.1],3A
|CALL 00404D80
|ADD ESP,7C

00403FF6 |. 8D8D 6BEDFFFF


00403FFC |. E8 AFB50000
fo.0040F5B0
00404001 |. 83EC 28
00404004 |. 8BCC
00404006 |. 89A5 6CEDFFFF
0040400C |. 50
0040400D |. 68 78834400
SCII "m2u_wtlib.dat"
00404012 |. E8 79720000
fo.0040B290
00404017 |. 8985 FCD7FFFF
0040401D |. 8B8D FCD7FFFF
00404023 |. 898D F8D7FFFF
00404029 |. C645 FC 71
0040402D |. 8D8D 63EDFFFF
00404033 |. E8 78B50000
fo.0040F5B0
00404038 |. 83EC 28
0040403B |. 8BCC
0040403D |. 89A5 64EDFFFF
00404043 |. 50
00404044 |. 68 14854400
SCII "
"
00404049 |. E8 42720000
fo.0040B290
0040404E |. 8985 F4D7FFFF
00404054 |. 8B95 F4D7FFFF
0040405A |. 8995 F0D7FFFF
00404060 |. C645 FC 72
00404064 |. 8B85 50FBFFFF
0040406A |. 50
[LOCAL.300]
0040406B |. 8D4D A8
0040406E |. E8 9D2B0000
fo.00406C10
00404073 |. 83EC 28
00404076 |. 8BCC
00404078 |. 89A5 5CEDFFFF
0040407E |. 50
0040407F |. E8 8C6C0000
fo.0040AD10
00404084 |. 8985 ECD7FFFF
0040408A |. 8B4D 08
0040408D |. 51
0040408E |. C645 FC 3A
00404092 |. E8 E90C0000
00404097 |. 83C4 7C
0040409A |. 8D8D 57EDFFFF
004040A0 |. E8 0BB50000
fo.0040F5B0
004040A5 |. 83EC 28
004040A8 |. 8BCC
004040AA |. 89A5 58EDFFFF
004040B0 |. 50
004040B1 |. 68 68834400
SCII "u2m_wtlib.dat"
004040B6 |. E8 D5710000
fo.0040B290
004040BB |. 8985 E8D7FFFF

|LEA ECX,[LOCAL.1190+3]
|CALL 0040F5B0

; [SystemIn

|SUB ESP,28
|MOV ECX,ESP
|MOV DWORD PTR SS:[LOCAL.1189],ESP
|PUSH EAX
|PUSH OFFSET 00448378

; /Arg2
; |Arg1 = A

|CALL 0040B290

; \SystemIn

|MOV DWORD PTR SS:[LOCAL.2561],EAX


|MOV ECX,DWORD PTR SS:[LOCAL.2561]
|MOV DWORD PTR SS:[LOCAL.2562],ECX
|MOV BYTE PTR SS:[LOCAL.1],71
|LEA ECX,[LOCAL.1192+3]
|CALL 0040F5B0

; [SystemIn

|SUB ESP,28
|MOV ECX,ESP
|MOV DWORD PTR SS:[LOCAL.1191],ESP
|PUSH EAX
|PUSH OFFSET 00448514

; /Arg2
; |Arg1 = A

|CALL 0040B290

; \SystemIn

|MOV DWORD PTR SS:[LOCAL.2563],EAX


|MOV EDX,DWORD PTR SS:[LOCAL.2563]
|MOV DWORD PTR SS:[LOCAL.2564],EDX
|MOV BYTE PTR SS:[LOCAL.1],72
|MOV EAX,DWORD PTR SS:[LOCAL.300]
|PUSH EAX

; /Arg1 =>

|LEA ECX,[LOCAL.22]
|CALL 00406C10

; |
; \SystemIn

|SUB ESP,28
|MOV ECX,ESP
|MOV DWORD PTR SS:[LOCAL.1193],ESP
|PUSH EAX
|CALL 0040AD10

; /Arg1
; \SystemIn

|MOV DWORD PTR SS:[LOCAL.2565],EAX


|MOV ECX,DWORD PTR SS:[ARG.1]
|PUSH ECX
|MOV BYTE PTR SS:[LOCAL.1],3A
|CALL 00404D80
|ADD ESP,7C
|LEA ECX,[LOCAL.1195+3]
|CALL 0040F5B0

; [SystemIn

|SUB ESP,28
|MOV ECX,ESP
|MOV DWORD PTR SS:[LOCAL.1194],ESP
|PUSH EAX
|PUSH OFFSET 00448368

; /Arg2
; |Arg1 = A

|CALL 0040B290

; \SystemIn

|MOV DWORD PTR SS:[LOCAL.2566],EAX

004040C1 |. 8B95 E8D7FFFF


004040C7 |. 8995 E4D7FFFF
004040CD |. C645 FC 73
004040D1 |. 8D8D 4FEDFFFF
004040D7 |. E8 D4B40000
fo.0040F5B0
004040DC |. 83EC 28
004040DF |. 8BCC
004040E1 |. 89A5 50EDFFFF
004040E7 |. 50
004040E8 |. 68 14854400
SCII "
"
004040ED |. E8 9E710000
fo.0040B290
004040F2 |. 8985 E0D7FFFF
004040F8 |. 8B85 E0D7FFFF
004040FE |. 8985 DCD7FFFF
00404104 |. C645 FC 74
00404108 |. 8B8D 50FBFFFF
0040410E |. 51
[LOCAL.300]
0040410F |. 8D4D A8
00404112 |. E8 F92A0000
fo.00406C10
00404117 |. 83EC 28
0040411A |. 8BCC
0040411C |. 89A5 48EDFFFF
00404122 |. 50
00404123 |. E8 E86B0000
fo.0040AD10
00404128 |. 8985 D8D7FFFF
0040412E |. 8B55 08
00404131 |. 52
00404132 |. C645 FC 3A
00404136 |. E8 450C0000
0040413B |. 83C4 7C
0040413E |. 8D8D 43EDFFFF
00404144 |. E8 67B40000
fo.0040F5B0
00404149 |. 83EC 28
0040414C |. 8BCC
0040414E |. 89A5 44EDFFFF
00404154 |. 50
00404155 |. 68 58834400
SCII "systeminfo.exe"
0040415A |. E8 31710000
fo.0040B290
0040415F |. 8985 D4D7FFFF
00404165 |. 8B85 D4D7FFFF
0040416B |. 8985 D0D7FFFF
00404171 |. C645 FC 75
00404175 |. 8D8D 3BEDFFFF
0040417B |. E8 30B40000
fo.0040F5B0
00404180 |. 83EC 28
00404183 |. 8BCC
00404185 |. 89A5 3CEDFFFF
0040418B |. 50
0040418C |. 68 14854400
SCII "
"

|MOV EDX,DWORD PTR SS:[LOCAL.2566]


|MOV DWORD PTR SS:[LOCAL.2567],EDX
|MOV BYTE PTR SS:[LOCAL.1],73
|LEA ECX,[LOCAL.1197+3]
|CALL 0040F5B0

; [SystemIn

|SUB ESP,28
|MOV ECX,ESP
|MOV DWORD PTR SS:[LOCAL.1196],ESP
|PUSH EAX
|PUSH OFFSET 00448514

; /Arg2
; |Arg1 = A

|CALL 0040B290

; \SystemIn

|MOV DWORD PTR SS:[LOCAL.2568],EAX


|MOV EAX,DWORD PTR SS:[LOCAL.2568]
|MOV DWORD PTR SS:[LOCAL.2569],EAX
|MOV BYTE PTR SS:[LOCAL.1],74
|MOV ECX,DWORD PTR SS:[LOCAL.300]
|PUSH ECX

; /Arg1 =>

|LEA ECX,[LOCAL.22]
|CALL 00406C10

; |
; \SystemIn

|SUB ESP,28
|MOV ECX,ESP
|MOV DWORD PTR SS:[LOCAL.1198],ESP
|PUSH EAX
|CALL 0040AD10

; /Arg1
; \SystemIn

|MOV DWORD PTR SS:[LOCAL.2570],EAX


|MOV EDX,DWORD PTR SS:[ARG.1]
|PUSH EDX
|MOV BYTE PTR SS:[LOCAL.1],3A
|CALL 00404D80
|ADD ESP,7C
|LEA ECX,[LOCAL.1200+3]
|CALL 0040F5B0

; [SystemIn

|SUB ESP,28
|MOV ECX,ESP
|MOV DWORD PTR SS:[LOCAL.1199],ESP
|PUSH EAX
|PUSH OFFSET 00448358

; /Arg2
; |Arg1 = A

|CALL 0040B290

; \SystemIn

|MOV DWORD PTR SS:[LOCAL.2571],EAX


|MOV EAX,DWORD PTR SS:[LOCAL.2571]
|MOV DWORD PTR SS:[LOCAL.2572],EAX
|MOV BYTE PTR SS:[LOCAL.1],75
|LEA ECX,[LOCAL.1202+3]
|CALL 0040F5B0

; [SystemIn

|SUB ESP,28
|MOV ECX,ESP
|MOV DWORD PTR SS:[LOCAL.1201],ESP
|PUSH EAX
|PUSH OFFSET 00448514

; /Arg2
; |Arg1 = A

00404191 |. E8 FA700000
fo.0040B290
00404196 |. 8985 CCD7FFFF
0040419C |. 8B8D CCD7FFFF
004041A2 |. 898D C8D7FFFF
004041A8 |. C645 FC 76
004041AC |. 8B95 50FBFFFF
004041B2 |. 52
[LOCAL.300]
004041B3 |. 8D4D A8
004041B6 |. E8 552A0000
fo.00406C10
004041BB |. 83EC 28
004041BE |. 8BCC
004041C0 |. 89A5 34EDFFFF
004041C6 |. 50
004041C7 |. E8 446B0000
fo.0040AD10
004041CC |. 8985 C4D7FFFF
004041D2 |. 8B45 08
004041D5 |. 50
004041D6 |. C645 FC 3A
004041DA |. E8 A10B0000
004041DF |. 83C4 7C
004041E2 |.^ E9 A1FBFFFF
004041E7 |> C785 98FEFFFF
004041F1 |. EB 0F
004041F3 |> 8B8D 98FEFFFF
004041F9 |. 83C1 01
004041FC |. 898D 98FEFFFF
00404202 |> C785 8CFDFFFF
0040420C |. C745 A4 00010
00404213 |. 8D95 8CFDFFFF
00404219 |. 52
=> OFFSET LOCAL.157
0040421A |. 8D85 94FDFFFF
00404220 |. 50
OFFSET LOCAL.155
00404221 |. 8D8D 90FDFFFF
00404227 |. 51
OFFSET LOCAL.156
00404228 |. 6A 00
= 0
0040422A |. 8D55 A4
0040422D |. 52
=> OFFSET LOCAL.23
0040422E |. 8D85 9CFEFFFF
00404234 |. 50
OFFSET LOCAL.89
00404235 |. 8B8D 98FEFFFF
0040423B |. 51
[LOCAL.90]
0040423C |. 8B55 C0
0040423F |. 52
[LOCAL.16]
00404240 |. FF15 10804400
.RegEnumValueA
00404246 |. 8945 F0
00404249 |. 837D F0 00
0040424D |. 0F85 BF010000

|CALL 0040B290

; \SystemIn

|MOV DWORD PTR SS:[LOCAL.2573],EAX


|MOV ECX,DWORD PTR SS:[LOCAL.2573]
|MOV DWORD PTR SS:[LOCAL.2574],ECX
|MOV BYTE PTR SS:[LOCAL.1],76
|MOV EDX,DWORD PTR SS:[LOCAL.300]
|PUSH EDX

; /Arg1 =>

|LEA ECX,[LOCAL.22]
|CALL 00406C10

; |
; \SystemIn

|SUB ESP,28
|MOV ECX,ESP
|MOV DWORD PTR SS:[LOCAL.1203],ESP
|PUSH EAX
|CALL 0040AD10

; /Arg1
; \SystemIn

|MOV DWORD PTR SS:[LOCAL.2575],EAX


|MOV EAX,DWORD PTR SS:[ARG.1]
|PUSH EAX
|MOV BYTE PTR SS:[LOCAL.1],3A
|CALL 00404D80
|ADD ESP,7C
\JMP 00403D88
MOV DWORD PTR SS:[LOCAL.90],0
JMP SHORT 00404202
/MOV ECX,DWORD PTR SS:[LOCAL.90]
|ADD ECX,1
|MOV DWORD PTR SS:[LOCAL.90],ECX
|MOV DWORD PTR SS:[LOCAL.157],100
|MOV DWORD PTR SS:[LOCAL.23],100
|LEA EDX,[LOCAL.157]
|PUSH EDX

; /pDataLen

|LEA EAX,[LOCAL.155]
|PUSH EAX

; |
; |Data =>

|LEA ECX,[LOCAL.156]
|PUSH ECX

; |
; |pType =>

|PUSH 0

; |Reserved

|LEA EDX,[LOCAL.23]
|PUSH EDX

; |
; |pNameLen

|LEA EAX,[LOCAL.89]
|PUSH EAX

; |
; |Name =>

|MOV ECX,DWORD PTR SS:[LOCAL.90]


|PUSH ECX

; |
; |Index =>

|MOV EDX,DWORD PTR SS:[LOCAL.16]


|PUSH EDX

; |
; |hKey =>

|CALL DWORD PTR DS:[<&ADVAPI32.RegEnumVa ; \ADVAPI32


|MOV DWORD PTR SS:[LOCAL.4],EAX
|CMP DWORD PTR SS:[LOCAL.4],0
|JNE 00404412

00404253 |. 83BD 90FDFFFF


0040425A |. 74 16
0040425C |. 83BD 90FDFFFF
00404263 |. 74 0D
00404265 |. 83BD 90FDFFFF
0040426C |. 0F85 C6000000
00404272 |> 68 409A4000
ystemInfo.409A40
00404277 |. 8D85 94FDFFFF
0040427D |. 50
0040427E |. 6A 20
20
00404280 |. 8D8D 33EDFFFF
00404286 |. 51
00404287 |. E8 846B0000
nfo.0040AE10
0040428C |. 83C4 08
0040428F |. 50
00404290 |. 68 009A4000
SystemInfo.409A00
00404295 |. 8D95 9CFEFFFF
0040429B |. 52
0040429C |. 68 C0994000
= SystemInfo.4099C0
004042A1 |. 6A 2E
= 2E
004042A3 |. 8D85 32EDFFFF
004042A9 |. 50
004042AA |. E8 616B0000
emInfo.0040AE10
004042AF |. 83C4 08
004042B2 |. 50
004042B3 |. 6A 23
2 = 23
004042B5 |. 8D8D 28EDFFFF
004042BB |. 51
1 => OFFSET LOCAL.1206
004042BC |. E8 D7940200
temInfo.0042D798
004042C1 |. 83C4 08
004042C4 |. 50
2
004042C5 |. 68 77874400
004042CA |. 6A 06
g2 = 6
004042CC |. 8D95 20EDFFFF
004042D2 |. 52
g1 => OFFSET LOCAL.1208
004042D3 |. E8 C0940200
stemInfo.0042D798
004042D8 |. 83C4 08
004042DB |. 50
g2
004042DC |. 8B45 08
004042DF |. 50
g1 => [ARG.1]
004042E0 |. E8 3B660000
stemInfo.0040A920
004042E5 |. 83C4 08
004042E8 |. 50

|CMP DWORD PTR SS:[LOCAL.156],1


|JE SHORT 00404272
|CMP DWORD PTR SS:[LOCAL.156],2
|JE SHORT 00404272
|CMP DWORD PTR SS:[LOCAL.156],7
|JNE 00404338
|PUSH 00409A40

; /Arg1 = S

|LEA EAX,[LOCAL.155]
|PUSH EAX
|PUSH 20

; |
; |
; |/Arg2 =

|LEA ECX,[LOCAL.1204+3]
|PUSH ECX
|CALL 0040AE10

; ||
; ||Arg1
; |\SystemI

|ADD ESP,8
|PUSH EAX
|PUSH 00409A00

; |
; |/Arg2
; ||/Arg1 =

|LEA EDX,[LOCAL.89]
|PUSH EDX
|PUSH 004099C0

; |||
; |||
; |||/Arg1

|PUSH 2E

; ||||/Arg2

|LEA EAX,[LOCAL.1204+2]
|PUSH EAX
|CALL 0040AE10

; |||||
; |||||Arg1
; ||||\Syst

|ADD ESP,8
|PUSH EAX
|PUSH 23

; ||||
; ||||/Arg2
; |||||/Arg

|LEA ECX,[LOCAL.1206]
|PUSH ECX

; ||||||
; ||||||Arg

|CALL 0042D798

; |||||\Sys

|ADD ESP,8
|PUSH EAX

; |||||
; |||||/Arg

|PUSH OFFSET 00448777


|PUSH 6

; ||||||
; ||||||/Ar

|LEA EDX,[LOCAL.1208]
|PUSH EDX

; |||||||
; |||||||Ar

|CALL 0042D798

; ||||||\Sy

|ADD ESP,8
|PUSH EAX

; ||||||
; ||||||/Ar

|MOV EAX,DWORD PTR SS:[ARG.1]


|PUSH EAX

; |||||||
; |||||||Ar

|CALL 0040A920

; ||||||\Sy

|ADD ESP,8
|PUSH EAX

; ||||||
; ||||||

004042E9 |. E8 72660000
004042EE |. 83C4 08
004042F1 |. 50
1
004042F2 |. E8 29660000
temInfo.0040A920
004042F7 |. 83C4 08
004042FA |. 50
004042FB |. E8 206B0000
emInfo.0040AE20
00404300 |. 83C4 08
00404303 |. 8BC8
00404305 |. E8 46180000
mInfo.00405B50
0040430A |. 50
0040430B |. E8 50660000
00404310 |. 83C4 08
00404313 |. 8BC8
00404315 |. E8 36180000
Info.00405B50
0040431A |. 50
0040431B |. E8 006B0000
nfo.0040AE20
00404320 |. 83C4 08
00404323 |. 50
00404324 |. E8 37660000
00404329 |. 83C4 08
0040432C |. 8BC8
0040432E |. E8 FD170000
fo.00405B30
00404333 |.^ E9 D5000000
00404338 |> 83BD 90FDFFFF
0040433F |. 74 0D
00404341 |. 83BD 90FDFFFF
00404348 |.^ 0F85 BF000000
0040434E |> 68 409A4000
ystemInfo.409A40
00404353 |. 8B8D 94FDFFFF
00404359 |. 51
[LOCAL.155]
0040435A |. 6A 20
20
0040435C |. 8D95 1FEDFFFF
00404362 |. 52
00404363 |. E8 A86A0000
Info.0040AE10
00404368 |. 83C4 08
0040436B |. 50
0040436C |. 68 009A4000
= SystemInfo.409A00
00404371 |. 8D85 9CFEFFFF
00404377 |. 50
00404378 |. 68 C0994000
= SystemInfo.4099C0
0040437D |. 6A 2E
2 = 2E
0040437F |. 8D8D 1EEDFFFF
00404385 |. 51
1
00404386 |. E8 856A0000

|CALL 0040A960
|ADD ESP,8
|PUSH EAX

; ||||||
; ||||||
; ||||||Arg

|CALL 0040A920

; |||||\Sys

|ADD ESP,8
|PUSH EAX
|CALL 0040AE20

; |||||
; |||||Arg1
; ||||\Syst

|ADD ESP,8
|MOV ECX,EAX
|CALL 00405B50

; ||||
; ||||
; |||\Syste

|PUSH EAX
|CALL 0040A960
|ADD ESP,8
|MOV ECX,EAX
|CALL 00405B50

;
;
;
;
;

|PUSH EAX
|CALL 0040AE20

; ||Arg1
; |\SystemI

|ADD ESP,8
|PUSH EAX
|CALL 0040A960
|ADD ESP,8
|MOV ECX,EAX
|CALL 00405B30

;
;
;
;
;
;

|JMP 0040440D
|CMP DWORD PTR SS:[LOCAL.156],4
|JE SHORT 0040434E
|CMP DWORD PTR SS:[LOCAL.156],4
|JNE 0040440D
|PUSH 00409A40

; /Arg1 = S

|MOV ECX,DWORD PTR SS:[LOCAL.155]


|PUSH ECX

; |
; |/Arg1 =>

|PUSH 20

; ||/Arg2 =

|LEA EDX,[LOCAL.1209+3]
|PUSH EDX
|CALL 0040AE10

; |||
; |||Arg1
; ||\System

|ADD ESP,8
|PUSH EAX
|PUSH 00409A00

; ||
; ||/Arg2
; |||/Arg1

|LEA EAX,[LOCAL.89]
|PUSH EAX
|PUSH 004099C0

; ||||
; ||||
; ||||/Arg1

|PUSH 2E

; |||||/Arg

|LEA ECX,[LOCAL.1209+2]
|PUSH ECX

; ||||||
; ||||||Arg

|CALL 0040AE10

; |||||\Sys

|||
|||
|||
|||
||\System

|
|
|
|
|
\SystemIn

temInfo.0040AE10
0040438B |. 83C4 08
0040438E |. 50
2
0040438F |. 6A 23
g2 = 23
00404391 |. 8D95 14EDFFFF
00404397 |. 52
g1 => OFFSET LOCAL.1211
00404398 |. E8 FB930200
stemInfo.0042D798
0040439D |. 83C4 08
004043A0 |. 50
g2
004043A1 |. 68 77874400
004043A6 |. 6A 06
rg2 = 6
004043A8 |. 8D85 0CEDFFFF
004043AE |. 50
rg1 => OFFSET LOCAL.1213
004043AF |. E8 E4930200
ystemInfo.0042D798
004043B4 |. 83C4 08
004043B7 |. 50
rg2
004043B8 |. 8B4D 08
004043BB |. 51
rg1 => [ARG.1]
004043BC |. E8 5F650000
ystemInfo.0040A920
004043C1 |. 83C4 08
004043C4 |. 50
004043C5 |. E8 96650000
004043CA |. 83C4 08
004043CD |. 50
g1
004043CE |. E8 4D650000
stemInfo.0040A920
004043D3 |. 83C4 08
004043D6 |. 50
1
004043D7 |. E8 446A0000
temInfo.0040AE20
004043DC |. 83C4 08
004043DF |. 8BC8
004043E1 |. E8 6A170000
emInfo.00405B50
004043E6 |. 50
004043E7 |. E8 74650000
004043EC |. 83C4 08
004043EF |. 8BC8
004043F1 |. E8 5A170000
mInfo.00405B50
004043F6 |. 50
004043F7 |. E8 246A0000
Info.0040AE20
004043FC |. 83C4 08
004043FF |. 8BC8
00404401 |. E8 8A1D0000
nfo.00406190

|ADD ESP,8
|PUSH EAX

; |||||
; |||||/Arg

|PUSH 23

; ||||||/Ar

|LEA EDX,[LOCAL.1211]
|PUSH EDX

; |||||||
; |||||||Ar

|CALL 0042D798

; ||||||\Sy

|ADD ESP,8
|PUSH EAX

; ||||||
; ||||||/Ar

|PUSH OFFSET 00448777


|PUSH 6

; |||||||
; |||||||/A

|LEA EAX,[LOCAL.1213]
|PUSH EAX

; ||||||||
; ||||||||A

|CALL 0042D798

; |||||||\S

|ADD ESP,8
|PUSH EAX

; |||||||
; |||||||/A

|MOV ECX,DWORD PTR SS:[ARG.1]


|PUSH ECX

; ||||||||
; ||||||||A

|CALL 0040A920

; |||||||\S

|ADD ESP,8
|PUSH EAX
|CALL 0040A960
|ADD ESP,8
|PUSH EAX

;
;
;
;
;

|CALL 0040A920

; ||||||\Sy

|ADD ESP,8
|PUSH EAX

; ||||||
; ||||||Arg

|CALL 0040AE20

; |||||\Sys

|ADD ESP,8
|MOV ECX,EAX
|CALL 00405B50

; |||||
; |||||
; ||||\Syst

|PUSH EAX
|CALL 0040A960
|ADD ESP,8
|MOV ECX,EAX
|CALL 00405B50

;
;
;
;
;

|PUSH EAX
|CALL 0040AE20

; |||Arg1
; ||\System

|ADD ESP,8
|MOV ECX,EAX
|CALL 00406190

; ||
; ||
; |\SystemI

|||||||
|||||||
|||||||
|||||||
|||||||Ar

||||
||||
||||
||||
|||\Syste

00404406 |. 8BC8
|MOV ECX,EAX
00404408 |. E8 23170000 |CALL 00405B30
fo.00405B30
0040440D |>^ E9 E1FDFFFF \JMP 004041F3
00404412 |> 817D F0 03010 CMP DWORD PTR SS:[LOCAL.4],103
00404419 |. 74 53
JE SHORT 0040446E
0040441B |. 68 409A4000 PUSH 00409A40
ystemInfo.409A40
00404420 |. 68 40834400 PUSH OFFSET 00448340
ASCII "Cannot enumerate values"
00404425 |. 8B55 F0
MOV EDX,DWORD PTR SS:[LOCAL.4]
00404428 |. 52
PUSH EDX
[LOCAL.4]
00404429 |. E8 32C10000 CALL 00410560
nfo.00410560
0040442E |. 83C4 08
ADD ESP,8
00404431 |. 50
PUSH EAX
00404432 |. 68 77874400 PUSH OFFSET 00448777
00404437 |. 6A 06
PUSH 6
6
00404439 |. 8D85 04EDFFFF LEA EAX,[LOCAL.1215]
0040443F |. 50
PUSH EAX
OFFSET LOCAL.1215
00404440 |. E8 53930200 CALL 0042D798
nfo.0042D798
00404445 |. 83C4 08
ADD ESP,8
00404448 |. 50
PUSH EAX
00404449 |. 8B4D 08
MOV ECX,DWORD PTR SS:[ARG.1]
0040444C |. 51
PUSH ECX
[ARG.1]
0040444D |. E8 CE640000 CALL 0040A920
nfo.0040A920
00404452 |. 83C4 08
ADD ESP,8
00404455 |. 50
PUSH EAX
00404456 |. E8 05650000 CALL 0040A960
0040445B |. 83C4 08
ADD ESP,8
0040445E |. 50
PUSH EAX
0040445F |. E8 FC640000 CALL 0040A960
00404464 |. 83C4 08
ADD ESP,8
00404467 |. 8BC8
MOV ECX,EAX
00404469 |. E8 C2160000 CALL 00405B30
fo.00405B30
0040446E |> 8B55 C0
MOV EDX,DWORD PTR SS:[LOCAL.16]
00404471 |. 52
PUSH EDX
[LOCAL.16]
00404472 |. FF15 14804400 CALL DWORD PTR DS:[<&ADVAPI32.RegCloseKe
.RegCloseKey
00404478 |> A1 F8284500 MOV EAX,DWORD PTR DS:[4528F8]
0040447D |. 83C0 01
ADD EAX,1
00404480 |. A3 F8284500 MOV DWORD PTR DS:[4528F8],EAX
00404485 |. 68 77874400 PUSH OFFSET 00448777
ystemInfo.448777
0040448A |. 8D8D E8ECFFFF LEA ECX,[LOCAL.1222]
00404490 |. E8 5BA70000 CALL 0040EBF0
fo.0040EBF0
00404495 |. C645 FC 77
MOV BYTE PTR SS:[LOCAL.1],77
00404499 |. 8D8D E8ECFFFF LEA ECX,[LOCAL.1222]
0040449F |. 51
PUSH ECX
OFFSET LOCAL.1222
004044A0 |. B9 08294500 MOV ECX,OFFSET 00452908

; |
; \SystemIn

; /Arg1 = S
; |/Arg2 =
; ||
; ||Arg1 =>
; |\SystemI
;
;
;
;

|
|
|
|/Arg2 =

; ||
; ||Arg1 =>
; |\SystemI
;
;
;
;

|
|/Arg2
||
||Arg1 =>

; |\SystemI
;
;
;
;
;
;
;
;
;

|
|
|
|
|
|
|
|
\SystemIn

; /hKey =>
; \ADVAPI32

; /Arg1 = S
; |
; \SystemIn

; /Arg1 =>
; |

004044A5 |. E8 F61F0000
fo.004064A0
004044AA |. 68 74874400
"
004044AF |. 8B15 F8284500
004044B5 |. 52
[4528F8] = 0
004044B6 |. B9 08294500
004044BB |. E8 A0190000
fo.00405E60
004044C0 |. 50
004044C1 |. E8 9A640000
004044C6 |. 83C4 08
004044C9 |. 8D85 CCECFFFF
004044CF |. 50
OFFSET LOCAL.1229
004044D0 |. B9 08294500
004044D5 |. E8 861F0000
fo.00406460
004044DA |. 8985 C0D7FFFF
004044E0 |. 8B8D C0D7FFFF
004044E6 |. 898D BCD7FFFF
004044EC |. C645 FC 78
004044F0 |. 68 409A4000
ystemInfo.409A40
004044F5 |. 68 30834400
ONFIGURATIONS"
004044FA |. 68 009A4000
SystemInfo.409A00
004044FF |. 8B95 BCD7FFFF
00404505 |. 52
00404506 |. 6A 06
6
00404508 |. 8D85 C4ECFFFF
0040450E |. 50
> OFFSET LOCAL.1231
0040450F |. E8 84920200
Info.0042D798
00404514 |. 83C4 08
00404517 |. 50
00404518 |. 68 C0994000
= SystemInfo.4099C0
0040451D |. 68 409A4000
= SystemInfo.409A40
00404522 |. 8B4D 08
00404525 |. E8 06160000
emInfo.00405B30
0040452A |. 8BC8
0040452C |. E8 1F160000
mInfo.00405B50
00404531 |. 50
00404532 |. E8 E9630000
Info.0040A920
00404537 |. 83C4 08
0040453A |. 50
0040453B |. E8 20690000
00404540 |. 83C4 08
00404543 |. 8BC8
00404545 |. E8 06160000
nfo.00405B50

CALL 004064A0

; \SystemIn

PUSH OFFSET 00448774

; ASCII ".

MOV EDX,DWORD PTR DS:[4528F8]


PUSH EDX

; /Arg1 =>

MOV ECX,OFFSET 00452908


CALL 00405E60

; |
; \SystemIn

PUSH EAX
CALL 0040A960
ADD ESP,8
LEA EAX,[LOCAL.1229]
PUSH EAX

; /Arg1 =>

MOV ECX,OFFSET 00452908


CALL 00406460

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.2576],EAX


MOV ECX,DWORD PTR SS:[LOCAL.2576]
MOV DWORD PTR SS:[LOCAL.2577],ECX
MOV BYTE PTR SS:[LOCAL.1],78
PUSH 00409A40

; /Arg1 = S

PUSH OFFSET 00448330

; |ASCII "C

PUSH 00409A00

; |/Arg1 =

MOV EDX,DWORD PTR SS:[LOCAL.2577]


PUSH EDX
PUSH 6

; ||
; ||
; ||/Arg2 =

LEA EAX,[LOCAL.1231]
PUSH EAX

; |||
; |||Arg1 =

CALL 0042D798

; ||\System

ADD ESP,8
PUSH EAX
PUSH 004099C0

; ||
; ||/Arg2
; |||/Arg1

PUSH 00409A40

; ||||/Arg1

MOV ECX,DWORD PTR SS:[ARG.1]


CALL 00405B30

; |||||
; ||||\Syst

MOV ECX,EAX
CALL 00405B50

; ||||
; |||\Syste

PUSH EAX
CALL 0040A920

; |||Arg1
; ||\System

ADD ESP,8
PUSH EAX
CALL 0040AE60
ADD ESP,8
MOV ECX,EAX
CALL 00405B50

;
;
;
;
;
;

||
||
||
||
||
|\SystemI

0040454A |. 50
PUSH EAX
0040454B |. E8 10640000 CALL 0040A960
00404550 |. 83C4 08
ADD ESP,8
00404553 |. 8BC8
MOV ECX,EAX
00404555 |. E8 D6150000 CALL 00405B30
fo.00405B30
0040455A |. C645 FC 77
MOV BYTE PTR SS:[LOCAL.1],77
0040455E |. 8D8D CCECFFFF LEA ECX,[LOCAL.1229]
00404564 |. E8 67A70000 CALL 0040ECD0
fo.0040ECD0
00404569 |. C645 FC 3A
MOV BYTE PTR SS:[LOCAL.1],3A
0040456D |. 8D8D E8ECFFFF LEA ECX,[LOCAL.1222]
00404573 |. E8 58A70000 CALL 0040ECD0
fo.0040ECD0
00404578 |. 8D4D C0
LEA ECX,[LOCAL.16]
0040457B |. 51
PUSH ECX
=> OFFSET LOCAL.16
0040457C |. 68 19000200 PUSH 20019
ccess = KEY_READ
00404581 |. 6A 00
PUSH 0
= 0
00404583 |. 68 FC824400 PUSH OFFSET 004482FC
"Software\Watchtower\MEPS\System\2.2\Configurations"
00404588 |. 68 02000080 PUSH 80000002
KEY_LOCAL_MACHINE
0040458D |. FF15 08804400 CALL DWORD PTR DS:[<&ADVAPI32.RegOpenKey
.RegOpenKeyExA
00404593 |. 85C0
TEST EAX,EAX
00404595 |. 74 66
JE SHORT 004045FD
00404597 |. 68 409A4000 PUSH 00409A40
ystemInfo.409A40
0040459C |. 68 E8824400 PUSH OFFSET 004482E8
o configurations"
004045A1 |. 68 77874400 PUSH OFFSET 00448777
004045A6 |. 6A 06
PUSH 6
6
004045A8 |. 8D95 BCECFFFF LEA EDX,[LOCAL.1233]
004045AE |. 52
PUSH EDX
OFFSET LOCAL.1233
004045AF |. E8 E4910200 CALL 0042D798
nfo.0042D798
004045B4 |. 83C4 08
ADD ESP,8
004045B7 |. 50
PUSH EAX
004045B8 |. 8B45 08
MOV EAX,DWORD PTR SS:[ARG.1]
004045BB |. 50
PUSH EAX
[ARG.1]
004045BC |. E8 5F630000 CALL 0040A920
nfo.0040A920
004045C1 |. 83C4 08
ADD ESP,8
004045C4 |. 50
PUSH EAX
004045C5 |. E8 96630000 CALL 0040A960
004045CA |. 83C4 08
ADD ESP,8
004045CD |. 50
PUSH EAX
004045CE |. E8 8D630000 CALL 0040A960
004045D3 |. 83C4 08
ADD ESP,8
004045D6 |. 8BC8
MOV ECX,EAX
004045D8 |. E8 53150000 CALL 00405B30
fo.00405B30
004045DD |. C645 FC 00
MOV BYTE PTR SS:[LOCAL.1],0
004045E1 |. 8D4D A8
LEA ECX,[LOCAL.22]

;
;
;
;
;

|
|
|
|
\SystemIn

; [SystemIn

; [SystemIn
; /pResult
; |DesiredA
; |Reserved
; |SubKey =
; |hKey = H
; \ADVAPI32

; /Arg1 = S
; |ASCII "N
; |
; |/Arg2 =
; ||
; ||Arg1 =>
; |\SystemI
;
;
;
;

|
|/Arg2
||
||Arg1 =>

; |\SystemI
;
;
;
;
;
;
;
;
;

|
|
|
|
|
|
|
|
\SystemIn

004045E4 |. E8 D7240000
fo.00406AC0
004045E9 |. C745 FC FFFFF
004045F0 |. 8D4D C4
004045F3 |. E8 38120000
004045F8 |. E9 77040000
004045FD |> C745 E4 00000
00404604 |. C745 E4 00000
0040460B |. EB 09
0040460D |> 8B4D E4
00404610 |. 83C1 01
00404613 |. 894D E4
00404616 |> C745 A4 00010
0040461D |. 8D55 E8
00404620 |. 52
teTime => OFFSET LOCAL.6
00404621 |. 6A 00
n = NULL
00404623 |. 6A 00
NULL
00404625 |. 6A 00
= 0
00404627 |. 8D45 A4
0040462A |. 50
=> OFFSET LOCAL.23
0040462B |. 8D8D 9CFEFFFF
00404631 |. 51
OFFSET LOCAL.89
00404632 |. 8B55 E4
00404635 |. 52
[LOCAL.7]
00404636 |. 8B45 C0
00404639 |. 50
[LOCAL.16]
0040463A |. FF15 0C804400
.RegEnumKeyExA
00404640 |. 8945 F0
00404643 |. 837D F0 00
00404647 |. 0F85 58030000
0040464D |. 68 409A4000
ystemInfo.409A40
00404652 |. 68 E4824400
00404657 |. 8D8D 9CFEFFFF
0040465D |. 51
0040465E |. 68 77874400
00404663 |. 6A 06
6
00404665 |. 8D95 B4ECFFFF
0040466B |. 52
OFFSET LOCAL.1235
0040466C |. E8 27910200
nfo.0042D798
00404671 |. 83C4 08
00404674 |. 50
00404675 |. 68 409A4000
SystemInfo.409A40
0040467A |. 8B4D 08
0040467D |. E8 AE140000
Info.00405B30
00404682 |. 50

CALL 00406AC0

; [SystemIn

MOV DWORD PTR SS:[LOCAL.1],-1


LEA ECX,[LOCAL.15]
CALL 00405830
JMP 00404A74
MOV DWORD PTR SS:[LOCAL.7],0
MOV DWORD PTR SS:[LOCAL.7],0
JMP SHORT 00404616
/MOV ECX,DWORD PTR SS:[LOCAL.7]
|ADD ECX,1
|MOV DWORD PTR SS:[LOCAL.7],ECX
|MOV DWORD PTR SS:[LOCAL.23],100
|LEA EDX,[LOCAL.6]
|PUSH EDX

; /pLastWri

|PUSH 0

; |pClassLe

|PUSH 0

; |Class =

|PUSH 0

; |Reserved

|LEA EAX,[LOCAL.23]
|PUSH EAX

; |
; |pNameLen

|LEA ECX,[LOCAL.89]
|PUSH ECX

; |
; |Name =>

|MOV EDX,DWORD PTR SS:[LOCAL.7]


|PUSH EDX

; |
; |Index =>

|MOV EAX,DWORD PTR SS:[LOCAL.16]


|PUSH EAX

; |
; |hKey =>

|CALL DWORD PTR DS:[<&ADVAPI32.RegEnumKe ; \ADVAPI32


|MOV DWORD PTR SS:[LOCAL.4],EAX
|CMP DWORD PTR SS:[LOCAL.4],0
|JNE 004049A5
|PUSH 00409A40

; /Arg1 = S

|PUSH OFFSET 004482E4


|LEA ECX,[LOCAL.89]
|PUSH ECX
|PUSH OFFSET 00448777
|PUSH 6

;
;
;
;
;

|LEA EDX,[LOCAL.1235]
|PUSH EDX

; ||
; ||Arg1 =>

|CALL 0042D798

; |\SystemI

|ADD ESP,8
|PUSH EAX
|PUSH 00409A40

; |
; |/Arg2
; ||/Arg1 =

|MOV ECX,DWORD PTR SS:[ARG.1]


|CALL 00405B30

; |||
; ||\System

|PUSH EAX

; ||Arg1

|
|
|
|
|/Arg2 =

00404683 |. E8 98620000
nfo.0040A920
00404688 |. 83C4 08
0040468B |. 50
0040468C |. E8 CF620000
00404691 |. 83C4 08
00404694 |. 50
00404695 |. E8 C6620000
0040469A |. 83C4 08
0040469D |. 50
0040469E |. E8 BD620000
004046A3 |. 83C4 08
004046A6 |. 8BC8
004046A8 |. E8 83140000
fo.00405B30
004046AD |. 8D8D 8BECFFFF
004046B3 |. E8 F8AE0000
fo.0040F5B0
004046B8 |. 50
004046B9 |. 6A 2D
D
004046BB |. 8D85 9CFEFFFF
004046C1 |. 50
=> OFFSET LOCAL.89
004046C2 |. FF15 2C804400
2.lstrlenA
004046C8 |. 83C0 01
004046CB |. 50
004046CC |. 8D8D 8CECFFFF
004046D2 |. E8 296C0000
fo.0040B300
004046D7 |. 8985 B8D7FFFF
004046DD |. 8B8D B8D7FFFF
004046E3 |. 898D B4D7FFFF
004046E9 |. C645 FC 79
004046ED |. 68 409A4000
ystemInfo.409A40
004046F2 |. 8B95 B4D7FFFF
004046F8 |. 52
004046F9 |. 68 77874400
004046FE |. 6A 06
6
00404700 |. 8D85 80ECFFFF
00404706 |. 50
OFFSET LOCAL.1248
00404707 |. E8 8C900200
nfo.0042D798
0040470C |. 83C4 08
0040470F |. 50
00404710 |. 8B4D 08
00404713 |. 51
[ARG.1]
00404714 |. E8 07620000
nfo.0040A920
00404719 |. 83C4 08
0040471C |. 50
0040471D |. E8 3E620000
00404722 |. 83C4 08
00404725 |. 50
00404726 |. E8 35670000

|CALL 0040A920

; |\SystemI

|ADD ESP,8
|PUSH EAX
|CALL 0040A960
|ADD ESP,8
|PUSH EAX
|CALL 0040A960
|ADD ESP,8
|PUSH EAX
|CALL 0040A960
|ADD ESP,8
|MOV ECX,EAX
|CALL 00405B30

;
;
;
;
;
;
;
;
;
;
;
;

|LEA ECX,[LOCAL.1246+3]
|CALL 0040F5B0

; [SystemIn

|PUSH EAX
|PUSH 2D

; /Arg3
; |Arg2 = 2

|LEA EAX,[LOCAL.89]
|PUSH EAX

; |
; |/String

|
|
|
|
|
|
|
|
|
|
|
\SystemIn

|CALL DWORD PTR DS:[<&KERNEL32.lstrlenA> ; |\KERNEL3


|ADD EAX,1
|PUSH EAX
|LEA ECX,[LOCAL.1245]
|CALL 0040B300

;
;
;
;

|
|Arg1
|
\SystemIn

|MOV DWORD PTR SS:[LOCAL.2578],EAX


|MOV ECX,DWORD PTR SS:[LOCAL.2578]
|MOV DWORD PTR SS:[LOCAL.2579],ECX
|MOV BYTE PTR SS:[LOCAL.1],79
|PUSH 00409A40

; /Arg1 = S

|MOV EDX,DWORD PTR SS:[LOCAL.2579]


|PUSH EDX
|PUSH OFFSET 00448777
|PUSH 6

;
;
;
;

|LEA EAX,[LOCAL.1248]
|PUSH EAX

; ||
; ||Arg1 =>

|CALL 0042D798

; |\SystemI

|ADD ESP,8
|PUSH EAX
|MOV ECX,DWORD PTR SS:[ARG.1]
|PUSH ECX

;
;
;
;

|CALL 0040A920

; |\SystemI

|ADD ESP,8
|PUSH EAX
|CALL 0040A960
|ADD ESP,8
|PUSH EAX
|CALL 0040AE60

;
;
;
;
;
;

|
|
|
|/Arg2 =

|
|/Arg2
||
||Arg1 =>

|
|
|
|
|
|

0040472B |. 83C4 08
0040472E |. 8BC8
00404730 |. E8 FB130000
fo.00405B30
00404735 |. C645 FC 3A
00404739 |. 8D8D 8CECFFFF
0040473F |. E8 1C6C0000
fo.0040B360
00404744 |. 8D95 40F9FFFF
0040474A |. 52
=> OFFSET LOCAL.432
0040474B |. 68 19000200
ccess = KEY_READ
00404750 |. 6A 00
= 0
00404752 |. 8D85 9CFEFFFF
00404758 |. 50
> OFFSET LOCAL.89
00404759 |. 8B4D C0
0040475C |. 51
[LOCAL.16]
0040475D |. FF15 08804400
.RegOpenKeyExA
00404763 |. 85C0
00404765 |. 74 05
00404767 |.^ E9 A1FEFFFF
0040476C |> C785 48FBFFFF
00404776 |. C785 48FBFFFF
00404780 |. EB 0F
00404782 |> 8B95 48FBFFFF
00404788 |. 83C2 01
0040478B |. 8995 48FBFFFF
00404791 |> C785 38F9FFFF
0040479B |. C785 4CFBFFFF
004047A5 |. 8D85 38F9FFFF
004047AB |. 50
=> OFFSET LOCAL.434
004047AC |. 8D8D 44FAFFFF
004047B2 |. 51
OFFSET LOCAL.367
004047B3 |. 8D95 3CF9FFFF
004047B9 |. 52
OFFSET LOCAL.433
004047BA |. 6A 00
= 0
004047BC |. 8D85 4CFBFFFF
004047C2 |. 50
=> OFFSET LOCAL.301
004047C3 |. 8D8D 44F9FFFF
004047C9 |. 51
OFFSET LOCAL.431
004047CA |. 8B95 48FBFFFF
004047D0 |. 52
[LOCAL.302]
004047D1 |. 8B85 40F9FFFF
004047D7 |. 50
[LOCAL.432]
004047D8 |. FF15 10804400
.RegEnumValueA
004047DE |. 8945 F0

|ADD ESP,8
|MOV ECX,EAX
|CALL 00405B30

; |
; |
; \SystemIn

|MOV BYTE PTR SS:[LOCAL.1],3A


|LEA ECX,[LOCAL.1245]
|CALL 0040B360

; [SystemIn

|LEA EDX,[LOCAL.432]
|PUSH EDX

; /pResult

|PUSH 20019

; |DesiredA

|PUSH 0

; |Reserved

|LEA EAX,[LOCAL.89]
|PUSH EAX

; |
; |SubKey =

|MOV ECX,DWORD PTR SS:[LOCAL.16]


|PUSH ECX

; |
; |hKey =>

|CALL DWORD PTR DS:[<&ADVAPI32.RegOpenKe ; \ADVAPI32


|TEST EAX,EAX
|JE SHORT 0040476C
|JMP 0040460D
|MOV DWORD PTR SS:[LOCAL.302],0
|MOV DWORD PTR SS:[LOCAL.302],0
|JMP SHORT 00404791
|/MOV EDX,DWORD PTR SS:[LOCAL.302]
||ADD EDX,1
||MOV DWORD PTR SS:[LOCAL.302],EDX
||MOV DWORD PTR SS:[LOCAL.434],100
||MOV DWORD PTR SS:[LOCAL.301],100
||LEA EAX,[LOCAL.434]
||PUSH EAX

; /pDataLen

||LEA ECX,[LOCAL.367]
||PUSH ECX

; |
; |Data =>

||LEA EDX,[LOCAL.433]
||PUSH EDX

; |
; |pType =>

||PUSH 0

; |Reserved

||LEA EAX,[LOCAL.301]
||PUSH EAX

; |
; |pNameLen

||LEA ECX,[LOCAL.431]
||PUSH ECX

; |
; |Name =>

||MOV EDX,DWORD PTR SS:[LOCAL.302]


||PUSH EDX

; |
; |Index =>

||MOV EAX,DWORD PTR SS:[LOCAL.432]


||PUSH EAX

; |
; |hKey =>

||CALL DWORD PTR DS:[<&ADVAPI32.RegEnumV ; \ADVAPI32


||MOV DWORD PTR SS:[LOCAL.4],EAX

004047E1 |. 837D F0 00
004047E5 |. 0F85 C6000000
004047EB |. 68 409A4000
ystemInfo.409A40
004047F0 |. 8D8D 44FAFFFF
004047F6 |. 51
004047F7 |. 6A 20
20
004047F9 |. 8D95 7FECFFFF
004047FF |. 52
00404800 |. E8 0B660000
nfo.0040AE10
00404805 |. 83C4 08
00404808 |. 50
00404809 |. 68 009A4000
SystemInfo.409A00
0040480E |. 8D85 44F9FFFF
00404814 |. 50
00404815 |. 68 C0994000
= SystemInfo.4099C0
0040481A |. 6A 2E
= 2E
0040481C |. 8D8D 7EECFFFF
00404822 |. 51
00404823 |. E8 E8650000
emInfo.0040AE10
00404828 |. 83C4 08
0040482B |. 50
0040482C |. 6A 23
2 = 23
0040482E |. 8D95 74ECFFFF
00404834 |. 52
1 => OFFSET LOCAL.1251
00404835 |. E8 5E8F0200
temInfo.0042D798
0040483A |. 83C4 08
0040483D |. 50
2
0040483E |. 68 77874400
00404843 |. 6A 06
g2 = 6
00404845 |. 8D85 6CECFFFF
0040484B |. 50
g1 => OFFSET LOCAL.1253
0040484C |. E8 478F0200
stemInfo.0042D798
00404851 |. 83C4 08
00404854 |. 50
g2
00404855 |. 8B4D 08
00404858 |. 51
g1 => [ARG.1]
00404859 |. E8 C2600000
stemInfo.0040A920
0040485E |. 83C4 08
00404861 |. 50
00404862 |. E8 F9600000
00404867 |. 83C4 08
0040486A |. 50
1

||CMP DWORD PTR SS:[LOCAL.4],0


||JNE 004048B1
||PUSH 00409A40

; /Arg1 = S

||LEA ECX,[LOCAL.367]
||PUSH ECX
||PUSH 20

; |
; |
; |/Arg2 =

||LEA EDX,[LOCAL.1249+3]
||PUSH EDX
||CALL 0040AE10

; ||
; ||Arg1
; |\SystemI

||ADD ESP,8
||PUSH EAX
||PUSH 00409A00

; |
; |/Arg2
; ||/Arg1 =

||LEA EAX,[LOCAL.431]
||PUSH EAX
||PUSH 004099C0

; |||
; |||
; |||/Arg1

||PUSH 2E

; ||||/Arg2

||LEA ECX,[LOCAL.1249+2]
||PUSH ECX
||CALL 0040AE10

; |||||
; |||||Arg1
; ||||\Syst

||ADD ESP,8
||PUSH EAX
||PUSH 23

; ||||
; ||||/Arg2
; |||||/Arg

||LEA EDX,[LOCAL.1251]
||PUSH EDX

; ||||||
; ||||||Arg

||CALL 0042D798

; |||||\Sys

||ADD ESP,8
||PUSH EAX

; |||||
; |||||/Arg

||PUSH OFFSET 00448777


||PUSH 6

; ||||||
; ||||||/Ar

||LEA EAX,[LOCAL.1253]
||PUSH EAX

; |||||||
; |||||||Ar

||CALL 0042D798

; ||||||\Sy

||ADD ESP,8
||PUSH EAX

; ||||||
; ||||||/Ar

||MOV ECX,DWORD PTR SS:[ARG.1]


||PUSH ECX

; |||||||
; |||||||Ar

||CALL 0040A920

; ||||||\Sy

||ADD ESP,8
||PUSH EAX
||CALL 0040A960
||ADD ESP,8
||PUSH EAX

;
;
;
;
;

||||||
||||||
||||||
||||||
||||||Arg

0040486B |. E8 B0600000 ||CALL 0040A920


temInfo.0040A920
00404870 |. 83C4 08
||ADD ESP,8
00404873 |. 50
||PUSH EAX
00404874 |. E8 A7650000 ||CALL 0040AE20
emInfo.0040AE20
00404879 |. 83C4 08
||ADD ESP,8
0040487C |. 8BC8
||MOV ECX,EAX
0040487E |. E8 CD120000 ||CALL 00405B50
mInfo.00405B50
00404883 |. 50
||PUSH EAX
00404884 |. E8 D7600000 ||CALL 0040A960
00404889 |. 83C4 08
||ADD ESP,8
0040488C |. 8BC8
||MOV ECX,EAX
0040488E |. E8 BD120000 ||CALL 00405B50
Info.00405B50
00404893 |. 50
||PUSH EAX
00404894 |. E8 87650000 ||CALL 0040AE20
nfo.0040AE20
00404899 |. 83C4 08
||ADD ESP,8
0040489C |. 50
||PUSH EAX
0040489D |. E8 BE600000 ||CALL 0040A960
004048A2 |. 83C4 08
||ADD ESP,8
004048A5 |. 8BC8
||MOV ECX,EAX
004048A7 |. E8 84120000 ||CALL 00405B30
fo.00405B30
004048AC |.^ E9 D1FEFFFF |\JMP 00404782
004048B1 |> 817D F0 03010 |CMP DWORD PTR SS:[LOCAL.4],103
004048B8 |. 74 55
|JE SHORT 0040490F
004048BA |. 68 409A4000 |PUSH 00409A40
ystemInfo.409A40
004048BF |. 68 40834400 |PUSH OFFSET 00448340
ASCII "Cannot enumerate values"
004048C4 |. 8B55 F0
|MOV EDX,DWORD PTR SS:[LOCAL.4]
004048C7 |. 52
|PUSH EDX
[LOCAL.4]
004048C8 |. E8 93BC0000 |CALL 00410560
nfo.00410560
004048CD |. 83C4 08
|ADD ESP,8
004048D0 |. 50
|PUSH EAX
004048D1 |. 68 77874400 |PUSH OFFSET 00448777
004048D6 |. 6A 06
|PUSH 6
6
004048D8 |. 8D85 64ECFFFF |LEA EAX,[LOCAL.1255]
004048DE |. 50
|PUSH EAX
OFFSET LOCAL.1255
004048DF |. E8 B48E0200 |CALL 0042D798
nfo.0042D798
004048E4 |. 83C4 08
|ADD ESP,8
004048E7 |. 50
|PUSH EAX
004048E8 |. 8B4D 08
|MOV ECX,DWORD PTR SS:[ARG.1]
004048EB |. 51
|PUSH ECX
[ARG.1]
004048EC |. E8 2F600000 |CALL 0040A920
nfo.0040A920
004048F1 |. 83C4 08
|ADD ESP,8
004048F4 |. 50
|PUSH EAX
004048F5 |. E8 66600000 |CALL 0040A960
004048FA |. 83C4 08
|ADD ESP,8
004048FD |. 50
|PUSH EAX

; |||||\Sys
; |||||
; |||||Arg1
; ||||\Syst
; ||||
; ||||
; |||\Syste
;
;
;
;
;

|||
|||
|||
|||
||\System

; ||Arg1
; |\SystemI
;
;
;
;
;
;

|
|
|
|
|
\SystemIn

; /Arg1 = S
; |/Arg2 =
; ||
; ||Arg1 =>
; |\SystemI
;
;
;
;

|
|
|
|/Arg2 =

; ||
; ||Arg1 =>
; |\SystemI
;
;
;
;

|
|/Arg2
||
||Arg1 =>

; |\SystemI
;
;
;
;
;

|
|
|
|
|

004048FE |. E8 5D600000 |CALL 0040A960


00404903 |. 83C4 08
|ADD ESP,8
00404906 |. 8BC8
|MOV ECX,EAX
00404908 |. E8 23120000 |CALL 00405B30
fo.00405B30
0040490D |. EB 6D
|JMP SHORT 0040497C
0040490F |> 83BD 48FBFFFF |CMP DWORD PTR SS:[LOCAL.302],0
00404916 |. 75 64
|JNE SHORT 0040497C
00404918 |. 68 409A4000 |PUSH 00409A40
ystemInfo.409A40
0040491D |. 68 C0824400 |PUSH OFFSET 004482C0
configuration has been removed."
00404922 |. 8D95 9CFEFFFF |LEA EDX,[LOCAL.89]
00404928 |. 52
|PUSH EDX
00404929 |. 68 B8824400 |PUSH OFFSET 004482B8
he "
0040492E |. 68 77874400 |PUSH OFFSET 00448777
00404933 |. 6A 06
|PUSH 6
6
00404935 |. 8D85 5CECFFFF |LEA EAX,[LOCAL.1257]
0040493B |. 50
|PUSH EAX
OFFSET LOCAL.1257
0040493C |. E8 578E0200 |CALL 0042D798
nfo.0042D798
00404941 |. 83C4 08
|ADD ESP,8
00404944 |. 50
|PUSH EAX
00404945 |. 8B4D 08
|MOV ECX,DWORD PTR SS:[ARG.1]
00404948 |. 51
|PUSH ECX
[ARG.1]
00404949 |. E8 D25F0000 |CALL 0040A920
nfo.0040A920
0040494E |. 83C4 08
|ADD ESP,8
00404951 |. 50
|PUSH EAX
00404952 |. E8 09600000 |CALL 0040A960
00404957 |. 83C4 08
|ADD ESP,8
0040495A |. 50
|PUSH EAX
0040495B |. E8 00600000 |CALL 0040A960
00404960 |. 83C4 08
|ADD ESP,8
00404963 |. 50
|PUSH EAX
00404964 |. E8 F75F0000 |CALL 0040A960
00404969 |. 83C4 08
|ADD ESP,8
0040496C |. 50
|PUSH EAX
0040496D |. E8 EE5F0000 |CALL 0040A960
00404972 |. 83C4 08
|ADD ESP,8
00404975 |. 8BC8
|MOV ECX,EAX
00404977 |. E8 B4110000 |CALL 00405B30
fo.00405B30
0040497C |> 8B95 40F9FFFF |MOV EDX,DWORD PTR SS:[LOCAL.432]
00404982 |. 52
|PUSH EDX
[LOCAL.432]
00404983 |. FF15 14804400 |CALL DWORD PTR DS:[<&ADVAPI32.RegCloseK
.RegCloseKey
00404989 |. 8D85 9CFEFFFF |LEA EAX,[LOCAL.89]
0040498F |. 50
|PUSH EAX
00404990 |. 8B4D C0
|MOV ECX,DWORD PTR SS:[LOCAL.16]
00404993 |. 51
|PUSH ECX
00404994 |. 8B55 08
|MOV EDX,DWORD PTR SS:[ARG.1]
00404997 |. 52
|PUSH EDX
00404998 |. E8 53CA0100 |CALL 004213F0
0040499D |. 83C4 0C
|ADD ESP,0C

;
;
;
;

|
|
|
\SystemIn

; /Arg1 = S
; |ASCII "
; |
; |
; |ASCII "T
; |
; |/Arg2 =
; ||
; ||Arg1 =>
; |\SystemI
;
;
;
;

|
|/Arg2
||
||Arg1 =>

; |\SystemI
;
;
;
;
;
;
;
;
;
;
;
;
;
;
;

|
|
|
|
|
|
|
|
|
|
|
|
|
|
\SystemIn

; /hKey =>
; \ADVAPI32

004049A0 |.^ E9 68FCFFFF \JMP 0040460D


004049A5 |> 817D F0 03010 CMP DWORD PTR SS:[LOCAL.4],103
004049AC |. 74 55
JE SHORT 00404A03
004049AE |. 68 409A4000 PUSH 00409A40
ystemInfo.409A40
004049B3 |. 68 FC834400 PUSH OFFSET 004483FC
ASCII "Cannot enumerate languages"
004049B8 |. 8B45 F0
MOV EAX,DWORD PTR SS:[LOCAL.4]
004049BB |. 50
PUSH EAX
[LOCAL.4]
004049BC |. E8 9FBB0000 CALL 00410560
nfo.00410560
004049C1 |. 83C4 08
ADD ESP,8
004049C4 |. 50
PUSH EAX
004049C5 |. 68 77874400 PUSH OFFSET 00448777
004049CA |. 6A 06
PUSH 6
6
004049CC |. 8D8D 54ECFFFF LEA ECX,[LOCAL.1259]
004049D2 |. 51
PUSH ECX
OFFSET LOCAL.1259
004049D3 |. E8 C08D0200 CALL 0042D798
nfo.0042D798
004049D8 |. 83C4 08
ADD ESP,8
004049DB |. 50
PUSH EAX
004049DC |. 8B55 08
MOV EDX,DWORD PTR SS:[ARG.1]
004049DF |. 52
PUSH EDX
[ARG.1]
004049E0 |. E8 3B5F0000 CALL 0040A920
nfo.0040A920
004049E5 |. 83C4 08
ADD ESP,8
004049E8 |. 50
PUSH EAX
004049E9 |. E8 725F0000 CALL 0040A960
004049EE |. 83C4 08
ADD ESP,8
004049F1 |. 50
PUSH EAX
004049F2 |. E8 695F0000 CALL 0040A960
004049F7 |. 83C4 08
ADD ESP,8
004049FA |. 8BC8
MOV ECX,EAX
004049FC |. E8 2F110000 CALL 00405B30
fo.00405B30
00404A01 |. EB 4C
JMP SHORT 00404A4F
00404A03 |> 837D E4 00
CMP DWORD PTR SS:[LOCAL.7],0
00404A07 |. 75 46
JNE SHORT 00404A4F
00404A09 |. 68 409A4000 PUSH 00409A40
ystemInfo.409A40
00404A0E |. 68 D8834400 PUSH OFFSET 004483D8
ll languages have been removed."
00404A13 |. 68 77874400 PUSH OFFSET 00448777
00404A18 |. 6A 06
PUSH 6
6
00404A1A |. 8D85 4CECFFFF LEA EAX,[LOCAL.1261]
00404A20 |. 50
PUSH EAX
OFFSET LOCAL.1261
00404A21 |. E8 728D0200 CALL 0042D798
nfo.0042D798
00404A26 |. 83C4 08
ADD ESP,8
00404A29 |. 50
PUSH EAX
00404A2A |. 8B4D 08
MOV ECX,DWORD PTR SS:[ARG.1]
00404A2D |. 51
PUSH ECX
[ARG.1]
00404A2E |. E8 ED5E0000 CALL 0040A920

; /Arg1 = S
; |/Arg2 =
; ||
; ||Arg1 =>
; |\SystemI
;
;
;
;

|
|
|
|/Arg2 =

; ||
; ||Arg1 =>
; |\SystemI
;
;
;
;

|
|/Arg2
||
||Arg1 =>

; |\SystemI
;
;
;
;
;
;
;
;
;

|
|
|
|
|
|
|
|
\SystemIn

; /Arg1 = S
; |ASCII "A
; |
; |/Arg2 =
; ||
; ||Arg1 =>
; |\SystemI
;
;
;
;

|
|/Arg2
||
||Arg1 =>

; |\SystemI

nfo.0040A920
00404A33 |. 83C4 08
ADD ESP,8
00404A36 |. 50
PUSH EAX
00404A37 |. E8 245F0000 CALL 0040A960
00404A3C |. 83C4 08
ADD ESP,8
00404A3F |. 50
PUSH EAX
00404A40 |. E8 1B5F0000 CALL 0040A960
00404A45 |. 83C4 08
ADD ESP,8
00404A48 |. 8BC8
MOV ECX,EAX
00404A4A |. E8 E1100000 CALL 00405B30
fo.00405B30
00404A4F |> 8B55 C0
MOV EDX,DWORD PTR SS:[LOCAL.16]
00404A52 |. 52
PUSH EDX
[LOCAL.16]
00404A53 |. FF15 14804400 CALL DWORD PTR DS:[<&ADVAPI32.RegCloseKe
.RegCloseKey
00404A59 |. C645 FC 00
MOV BYTE PTR SS:[LOCAL.1],0
00404A5D |. 8D4D A8
LEA ECX,[LOCAL.22]
00404A60 |. E8 5B200000 CALL 00406AC0
fo.00406AC0
00404A65 |. C745 FC FFFFF MOV DWORD PTR SS:[LOCAL.1],-1
00404A6C |. 8D4D C4
LEA ECX,[LOCAL.15]
00404A6F |. E8 BC0D0000 CALL 00405830
00404A74 |> 8B4D F4
MOV ECX,DWORD PTR SS:[LOCAL.3]
00404A77 |. 64:890D 00000 MOV DWORD PTR FS:[0],ECX
00404A7E |. 59
POP ECX
00404A7F |. 5E
POP ESI
00404A80 |. 8B4D A0
MOV ECX,DWORD PTR SS:[LOCAL.24]
00404A83 |. 33CD
XOR ECX,EBP
00404A85 |. E8 679C0200 CALL 0042E6F1
00404A8A |. 8BE5
MOV ESP,EBP
00404A8C |. 5D
POP EBP
00404A8D \. C3
RETN
00404A8E
CC
INT3
00404A8F
CC
INT3
00404A90 /$ 55
PUSH EBP
00404A91 |. 8BEC
MOV EBP,ESP
00404A93 |. 6A FF
PUSH -1
00404A95 |. 68 784F4400 PUSH 00444F78
00404A9A |. 64:A1 0000000 MOV EAX,DWORD PTR FS:[0]
00404AA0 |. 50
PUSH EAX
00404AA1 |. 83EC 30
SUB ESP,30
00404AA4 |. A1 A0154500 MOV EAX,DWORD PTR DS:[4515A0]
00404AA9 |. 33C5
XOR EAX,EBP
00404AAB |. 50
PUSH EAX
00404AAC |. 8D45 F4
LEA EAX,[LOCAL.3]
00404AAF |. 64:A3 0000000 MOV DWORD PTR FS:[0],EAX
00404AB5 |. 837D 20 10
CMP DWORD PTR SS:[ARG.7],10
00404AB9 |. 72 08
JB SHORT 00404AC3
00404ABB |. 8B45 0C
MOV EAX,DWORD PTR SS:[ARG.2]
00404ABE |. 8945 C4
MOV DWORD PTR SS:[LOCAL.15],EAX
00404AC1 |. EB 06
JMP SHORT 00404AC9
00404AC3 |> 8D4D 0C
LEA ECX,[ARG.2]
00404AC6 |. 894D C4
MOV DWORD PTR SS:[LOCAL.15],ECX
00404AC9 |> 6A 00
PUSH 0
e = NULL
00404ACB |. 68 80000000 PUSH 80
es = FILE_ATTRIBUTE_NORMAL
00404AD0 |. 6A 03
PUSH 3
Distribution = OPEN_EXISTING

;
;
;
;
;
;
;
;
;

|
|
|
|
|
|
|
|
\SystemIn

; /hKey =>
; \ADVAPI32

; [SystemIn

; /hTemplat
; |Attribut
; |Creation

00404AD2 |. 6A 00
y = NULL
00404AD4 |. 6A 01
e = FILE_SHARE_READ
00404AD6 |. 68 00000080
ccess = GENERIC_READ
00404ADB |. 8B55 C4
00404ADE |. 52
00404ADF |. FF15 34804400
.CreateFileA
00404AE5 |. 8945 EC
00404AE8 |. 33C0
00404AEA |. 837D EC FF
00404AEE |. 0F95C0
00404AF1 |. 8945 E8
00404AF4 |. C745 FC 00000
00404AFB |. 8D4D 08
00404AFE |. E8 7D9C0000
fo.0040E780
00404B03 |. C745 FC FFFFF
00404B0A |. 6A 00
00404B0C |. 6A 01
00404B0E |. 8D4D 08
00404B11 |. E8 4AB00000
fo.0040FB60
00404B16 |. 8B45 E8
00404B19 |. 8B4D F4
00404B1C |. 64:890D 00000
00404B23 |. 59
00404B24 |. 8BE5
00404B26 |. 5D
00404B27 \. C3
00404B28
CC
00404B29
CC
00404B2A
CC
00404B2B
CC
00404B2C
CC
00404B2D
CC
00404B2E
CC
00404B2F
CC
00404B30 /$ 55
00404B31 |. 8BEC
00404B33 |. 6A FF
00404B35 |. 68 19504400
00404B3A |. 64:A1 0000000
00404B40 |. 50
00404B41 |. 81EC EC000000
00404B47 |. A1 A0154500
00404B4C |. 33C5
00404B4E |. 50
00404B4F |. 8D45 F4
00404B52 |. 64:A3 0000000
00404B58 |. C745 8C 00000
00404B5F |. C745 FC 02000
00404B66 |. 8D45 10
00404B69 |. 50
OFFSET ARG.3
00404B6A |. 8D4D E8
00404B6D |. 51
OFFSET LOCAL.6

PUSH 0

; |pSecurit

PUSH 1

; |ShareMod

PUSH 80000000

; |DesiredA

MOV EDX,DWORD PTR SS:[LOCAL.15]


; |
PUSH EDX
; |FileName
CALL DWORD PTR DS:[<&KERNEL32.CreateFile ; \KERNEL32
MOV DWORD PTR SS:[LOCAL.5],EAX
XOR EAX,EAX
CMP DWORD PTR SS:[LOCAL.5],-1
SETNE AL
MOV DWORD PTR SS:[LOCAL.6],EAX
MOV DWORD PTR SS:[LOCAL.1],0
LEA ECX,[ARG.1]
CALL 0040E780

; [SystemIn

MOV DWORD PTR SS:[LOCAL.1],-1


PUSH 0
PUSH 1
LEA ECX,[ARG.1]
CALL 0040FB60

;
;
;
;

MOV EAX,DWORD PTR SS:[LOCAL.6]


MOV ECX,DWORD PTR SS:[LOCAL.3]
MOV DWORD PTR FS:[0],ECX
POP ECX
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
PUSH -1
PUSH 00445019
MOV EAX,DWORD PTR FS:[0]
PUSH EAX
SUB ESP,0EC
MOV EAX,DWORD PTR DS:[4515A0]
XOR EAX,EBP
PUSH EAX
LEA EAX,[LOCAL.3]
MOV DWORD PTR FS:[0],EAX
MOV DWORD PTR SS:[LOCAL.29],0
MOV DWORD PTR SS:[LOCAL.1],2
LEA EAX,[ARG.3]
PUSH EAX

; /Arg2 =>

LEA ECX,[LOCAL.6]
PUSH ECX

; |
; |Arg1 =>

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

00404B6E |. 8B4D 0C
00404B71 |. E8 3A1D0000
fo.004068B0
00404B76 |. 8B55 0C
00404B79 |. 52
[ARG.2]
00404B7A |. 8B45 0C
00404B7D |. 8B48 18
00404B80 |. 51
00404B81 |. 8D4D E0
00404B84 |. E8 67450200
fo.004290F0
00404B89 |. 33D2
00404B8B |. 837D E8 00
00404B8F |. 0F95C2
00404B92 |. 0FB6C2
00404B95 |. 85C0
00404B97 |. 74 12
00404B99 |. 8B4D E8
00404B9C |. 33D2
00404B9E |. 3B4D E0
00404BA1 |. 0F94C2
00404BA4 |. 0FB6C2
00404BA7 |. 85C0
00404BA9 |. 75 05
00404BAB |> E8 D89C0200
00404BB0 |> 33C9
00404BB2 |.^ 75 FC
00404BB4 |. 8B55 EC
00404BB7 |. 33C0
00404BB9 |. 3B55 E4
00404BBC |. 0F94C0
00404BBF |. 0FB6C8
00404BC2 |. 85C9
00404BC4 |. 0F84 F6000000
00404BCA |. 68 64854400
SCII " ("
00404BCF |. 8D55 38
00404BD2 |. 52
OFFSET ARG.13
00404BD3 |. 8D45 B8
00404BD6 |. 50
OFFSET LOCAL.18
00404BD7 |. E8 149E0000
fo.0040E9F0
00404BDC |. 83C4 0C
00404BDF |. 8985 14FFFFFF
00404BE5 |. 8B8D 14FFFFFF
00404BEB |. 898D 10FFFFFF
00404BF1 |. C645 FC 03
00404BF5 |. 8D55 10
00404BF8 |. 52
OFFSET ARG.3
00404BF9 |. 8B85 10FFFFFF
00404BFF |. 50
[LOCAL.59]
00404C00 |. 8D4D 90
00404C03 |. 51
OFFSET LOCAL.28
00404C04 |. E8 279D0000

MOV ECX,DWORD PTR SS:[ARG.2]


CALL 004068B0

; |
; \SystemIn

MOV EDX,DWORD PTR SS:[ARG.2]


PUSH EDX

; /Arg2 =>

MOV EAX,DWORD PTR SS:[ARG.2]


MOV ECX,DWORD PTR DS:[EAX+18]
PUSH ECX
LEA ECX,[LOCAL.8]
CALL 004290F0

;
;
;
;
;

XOR EDX,EDX
CMP DWORD PTR SS:[LOCAL.6],0
SETNE DL
MOVZX EAX,DL
TEST EAX,EAX
JE SHORT 00404BAB
MOV ECX,DWORD PTR SS:[LOCAL.6]
XOR EDX,EDX
CMP ECX,DWORD PTR SS:[LOCAL.8]
SETE DL
MOVZX EAX,DL
TEST EAX,EAX
JNE SHORT 00404BB0
CALL 0042E888
/XOR ECX,ECX
\JNE SHORT 00404BB0
MOV EDX,DWORD PTR SS:[LOCAL.5]
XOR EAX,EAX
CMP EDX,DWORD PTR SS:[LOCAL.7]
SETE AL
MOVZX ECX,AL
TEST ECX,ECX
JE 00404CC0
PUSH OFFSET 00448564

; /Arg3 = A

LEA EDX,[ARG.13]
PUSH EDX

; |
; |Arg2 =>

LEA EAX,[LOCAL.18]
PUSH EAX

; |
; |Arg1 =>

CALL 0040E9F0

; \SystemIn

ADD ESP,0C
MOV DWORD PTR SS:[LOCAL.59],EAX
MOV ECX,DWORD PTR SS:[LOCAL.59]
MOV DWORD PTR SS:[LOCAL.60],ECX
MOV BYTE PTR SS:[LOCAL.1],3
LEA EDX,[ARG.3]
PUSH EDX

; /Arg3 =>

MOV EAX,DWORD PTR SS:[LOCAL.60]


PUSH EAX

; |
; |Arg2 =>

LEA ECX,[LOCAL.28]
PUSH ECX

; |
; |Arg1 =>

CALL 0040E930

; \SystemIn

|
|
|Arg1
|
\SystemIn

fo.0040E930
00404C09 |. 83C4 0C
00404C0C |. 8985 0CFFFFFF
00404C12 |. 8B95 0CFFFFFF
00404C18 |. 8995 08FFFFFF
00404C1E |. C645 FC 04
00404C22 |. 68 68854400
ystemInfo.448568
00404C27 |. 8B85 08FFFFFF
00404C2D |. 50
[LOCAL.61]
00404C2E |. 8B4D 08
00404C31 |. 51
[ARG.1]
00404C32 |. E8 B99D0000
fo.0040E9F0
00404C37 |. 83C4 0C
00404C3A |. 8B55 8C
00404C3D |. 83CA 01
00404C40 |. 8955 8C
00404C43 |. C645 FC 05
00404C47 |. 8D4D 90
00404C4A |. E8 319B0000
fo.0040E780
00404C4F |. C645 FC 03
00404C53 |. 6A 00
00404C55 |. 6A 01
00404C57 |. 8D4D 90
00404C5A |. E8 01AF0000
fo.0040FB60
00404C5F |. C645 FC 06
00404C63 |. 8D4D B8
00404C66 |. E8 159B0000
fo.0040E780
00404C6B |. C645 FC 02
00404C6F |. 6A 00
00404C71 |. 6A 01
00404C73 |. 8D4D B8
00404C76 |. E8 E5AE0000
fo.0040FB60
00404C7B |. C645 FC 07
00404C7F |. 8D4D 10
00404C82 |. E8 F99A0000
fo.0040E780
00404C87 |. C645 FC 01
00404C8B |. 6A 00
00404C8D |. 6A 01
00404C8F |. 8D4D 10
00404C92 |. E8 C9AE0000
fo.0040FB60
00404C97 |. C745 FC 08000
00404C9E |. 8D4D 38
00404CA1 |. E8 DA9A0000
fo.0040E780
00404CA6 |. C645 FC 00
00404CAA |. 6A 00
00404CAC |. 6A 01
00404CAE |. 8D4D 38
00404CB1 |. E8 AAAE0000
fo.0040FB60

ADD ESP,0C
MOV DWORD PTR SS:[LOCAL.61],EAX
MOV EDX,DWORD PTR SS:[LOCAL.61]
MOV DWORD PTR SS:[LOCAL.62],EDX
MOV BYTE PTR SS:[LOCAL.1],4
PUSH OFFSET 00448568

; /Arg3 = S

MOV EAX,DWORD PTR SS:[LOCAL.62]


PUSH EAX

; |
; |Arg2 =>

MOV ECX,DWORD PTR SS:[ARG.1]


PUSH ECX

; |
; |Arg1 =>

CALL 0040E9F0

; \SystemIn

ADD ESP,0C
MOV EDX,DWORD PTR SS:[LOCAL.29]
OR EDX,00000001
MOV DWORD PTR SS:[LOCAL.29],EDX
MOV BYTE PTR SS:[LOCAL.1],5
LEA ECX,[LOCAL.28]
CALL 0040E780

; [SystemIn

MOV BYTE PTR SS:[LOCAL.1],3


PUSH 0
PUSH 1
LEA ECX,[LOCAL.28]
CALL 0040FB60

;
;
;
;

MOV BYTE PTR SS:[LOCAL.1],6


LEA ECX,[LOCAL.18]
CALL 0040E780

; [SystemIn

MOV BYTE PTR SS:[LOCAL.1],2


PUSH 0
PUSH 1
LEA ECX,[LOCAL.18]
CALL 0040FB60

;
;
;
;

MOV BYTE PTR SS:[LOCAL.1],7


LEA ECX,[ARG.3]
CALL 0040E780

; [SystemIn

MOV BYTE PTR SS:[LOCAL.1],1


PUSH 0
PUSH 1
LEA ECX,[ARG.3]
CALL 0040FB60

;
;
;
;

MOV DWORD PTR SS:[LOCAL.1],8


LEA ECX,[ARG.13]
CALL 0040E780

; [SystemIn

MOV BYTE PTR SS:[LOCAL.1],0


PUSH 0
PUSH 1
LEA ECX,[ARG.13]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

00404CB6 |.
00404CB9 |.
00404CBE |.
00404CC0 |>
00404CC3 |.
fo.004278B0
00404CC8 |.
00404CCE |.
00404CD4 |.
00404CD7 |.
00404CD8 |.
00404CDB |.
fo.0040AD10
00404CE0 |.
00404CE3 |.
00404CE6 |.
00404CE9 |.
00404CED |.
00404CF0 |.
fo.0040E780
00404CF5 |.
00404CF9 |.
00404CFB |.
00404CFD |.
00404D00 |.
fo.0040FB60
00404D05 |.
00404D0C |.
00404D0F |.
fo.0040E780
00404D14 |.
00404D18 |.
00404D1A |.
00404D1C |.
00404D1F |.
fo.0040FB60
00404D24 |.
00404D27 \.
00404D29 />
00404D2D |.
00404D30 |.
fo.0040E780
00404D35 |.
00404D39 |.
00404D3B |.
00404D3D |.
00404D40 |.
fo.0040FB60
00404D45 |.
00404D4C |.
00404D4F |.
fo.0040E780
00404D54 |.
00404D58 |.
00404D5A |.
00404D5C |.
00404D5F |.
fo.0040FB60
00404D64 |>
00404D67 |.

8B45 08
E9 A6000000
EB 69
8D4D E8
E8 E82B0200

MOV EAX,DWORD PTR SS:[ARG.1]


JMP 00404D64
JMP SHORT 00404D29
LEA ECX,[LOCAL.6]
CALL 004278B0

; [SystemIn

8985 58FFFFFF
8B85 58FFFFFF
83C0 28
50
8B4D 08
E8 30600000

MOV DWORD PTR SS:[LOCAL.42],EAX


MOV EAX,DWORD PTR SS:[LOCAL.42]
ADD EAX,28
PUSH EAX
MOV ECX,DWORD PTR SS:[ARG.1]
CALL 0040AD10

; /Arg1
; |
; \SystemIn

8B4D 8C
83C9 01
894D 8C
C645 FC 09
8D4D 10
E8 8B9A0000

MOV ECX,DWORD PTR SS:[LOCAL.29]


OR ECX,00000001
MOV DWORD PTR SS:[LOCAL.29],ECX
MOV BYTE PTR SS:[LOCAL.1],9
LEA ECX,[ARG.3]
CALL 0040E780

; [SystemIn

C645 FC 01
6A 00
6A 01
8D4D 10
E8 5BAE0000

MOV BYTE PTR SS:[LOCAL.1],1


PUSH 0
PUSH 1
LEA ECX,[ARG.3]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

C745 FC 0A000 MOV DWORD PTR SS:[LOCAL.1],0A


8D4D 38
LEA ECX,[ARG.13]
E8 6C9A0000 CALL 0040E780

; [SystemIn

C645 FC 00
6A 00
6A 01
8D4D 38
E8 3CAE0000

MOV BYTE PTR SS:[LOCAL.1],0


PUSH 0
PUSH 1
LEA ECX,[ARG.13]
CALL 0040FB60

;
;
;
;

8B45 08
EB 3B
C645 FC 0B
8D4D 10
E8 4B9A0000

MOV EAX,DWORD PTR SS:[ARG.1]


JMP SHORT 00404D64
MOV BYTE PTR SS:[EBP-4],0B
LEA ECX,[EBP+10]
CALL 0040E780

; [SystemIn

C645 FC 01
6A 00
6A 01
8D4D 10
E8 1BAE0000

MOV BYTE PTR SS:[EBP-4],1


PUSH 0
PUSH 1
LEA ECX,[EBP+10]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

C745 FC 0C000 MOV DWORD PTR SS:[EBP-4],0C


8D4D 38
LEA ECX,[EBP+38]
E8 2C9A0000 CALL 0040E780

; [SystemIn

C645 FC 00
6A 00
6A 01
8D4D 38
E8 FCAD0000

;
;
;
;

MOV BYTE PTR SS:[EBP-4],0


PUSH 0
PUSH 1
LEA ECX,[EBP+38]
CALL 0040FB60

8B4D F4
MOV ECX,DWORD PTR SS:[LOCAL.3]
64:890D 00000 MOV DWORD PTR FS:[0],ECX

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

00404D6E |. 59
00404D6F |. 8BE5
00404D71 |. 5D
00404D72 \. C3
00404D73
CC
00404D74
CC
00404D75
CC
00404D76
CC
00404D77
CC
00404D78
CC
00404D79
CC
00404D7A
CC
00404D7B
CC
00404D7C
CC
00404D7D
CC
00404D7E
CC
00404D7F
CC
00404D80 /$ 55
00404D81 |. 8BEC
00404D83 |. 6A FF
00404D85 |. 68 A7504400
00404D8A |. 64:A1 0000000
00404D90 |. 50
00404D91 |. 81EC 58020000
00404D97 |. A1 A0154500
00404D9C |. 33C5
00404D9E |. 50
00404D9F |. 8D45 F4
00404DA2 |. 64:A3 0000000
00404DA8 |. C745 FC 02000
00404DAF |. 68 60854400
ystemInfo.448560
00404DB4 |. 8D45 0C
00404DB7 |. 50
OFFSET ARG.2
00404DB8 |. 8D8D 78FFFFFF
00404DBE |. 51
OFFSET LOCAL.34
00404DBF |. E8 2C9C0000
fo.0040E9F0
00404DC4 |. 83C4 0C
00404DC7 |. 8985 00FEFFFF
00404DCD |. 8B95 00FEFFFF
00404DD3 |. 8995 FCFDFFFF
00404DD9 |. C645 FC 03
00404DDD |. 8D45 5C
00404DE0 |. 50
OFFSET ARG.22
00404DE1 |. 8B8D FCFDFFFF
00404DE7 |. 51
[LOCAL.128]
00404DE8 |. 8D95 50FFFFFF
00404DEE |. 52
OFFSET LOCAL.44
00404DEF |. E8 3C9B0000
fo.0040E930
00404DF4 |. 83C4 0C
00404DF7 |. 8985 E0FEFFFF
00404DFD |. 8B85 E0FEFFFF
00404E03 |. 8378 18 10

POP ECX
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
PUSH -1
PUSH 004450A7
MOV EAX,DWORD PTR FS:[0]
PUSH EAX
SUB ESP,258
MOV EAX,DWORD PTR DS:[4515A0]
XOR EAX,EBP
PUSH EAX
LEA EAX,[LOCAL.3]
MOV DWORD PTR FS:[0],EAX
MOV DWORD PTR SS:[LOCAL.1],2
PUSH OFFSET 00448560

; /Arg3 = S

LEA EAX,[ARG.2]
PUSH EAX

; |
; |Arg2 =>

LEA ECX,[LOCAL.34]
PUSH ECX

; |
; |Arg1 =>

CALL 0040E9F0

; \SystemIn

ADD ESP,0C
MOV DWORD PTR SS:[LOCAL.128],EAX
MOV EDX,DWORD PTR SS:[LOCAL.128]
MOV DWORD PTR SS:[LOCAL.129],EDX
MOV BYTE PTR SS:[LOCAL.1],3
LEA EAX,[ARG.22]
PUSH EAX

; /Arg3 =>

MOV ECX,DWORD PTR SS:[LOCAL.129]


PUSH ECX

; |
; |Arg2 =>

LEA EDX,[LOCAL.44]
PUSH EDX

; |
; |Arg1 =>

CALL 0040E930

; \SystemIn

ADD
MOV
MOV
CMP

ESP,0C
DWORD PTR SS:[LOCAL.72],EAX
EAX,DWORD PTR SS:[LOCAL.72]
DWORD PTR DS:[EAX+18],10

00404E07 |. 72 11
JB SHORT 00404E1A
00404E09 |. 8B8D E0FEFFFF MOV ECX,DWORD PTR SS:[LOCAL.72]
00404E0F |. 8B51 04
MOV EDX,DWORD PTR DS:[ECX+4]
00404E12 |. 8995 F8FDFFFF MOV DWORD PTR SS:[LOCAL.130],EDX
00404E18 |. EB 0F
JMP SHORT 00404E29
00404E1A |> 8B85 E0FEFFFF MOV EAX,DWORD PTR SS:[LOCAL.72]
00404E20 |. 83C0 04
ADD EAX,4
00404E23 |. 8985 F8FDFFFF MOV DWORD PTR SS:[LOCAL.130],EAX
00404E29 |> 6A 00
PUSH 0
e = NULL
00404E2B |. 68 80000000 PUSH 80
es = FILE_ATTRIBUTE_NORMAL
00404E30 |. 6A 03
PUSH 3
Distribution = OPEN_EXISTING
00404E32 |. 6A 00
PUSH 0
y = NULL
00404E34 |. 6A 01
PUSH 1
e = FILE_SHARE_READ
00404E36 |. 68 00000080 PUSH 80000000
ccess = GENERIC_READ
00404E3B |. 8B8D F8FDFFFF MOV ECX,DWORD PTR SS:[LOCAL.130]
00404E41 |. 51
PUSH ECX
=> [LOCAL.130]
00404E42 |. FF15 34804400 CALL DWORD PTR DS:[<&KERNEL32.CreateFile
.CreateFileA
00404E48 |. 8945 EC
MOV DWORD PTR SS:[LOCAL.5],EAX
00404E4B |. C645 FC 04
MOV BYTE PTR SS:[LOCAL.1],4
00404E4F |. 8D8D 50FFFFFF LEA ECX,[LOCAL.44]
00404E55 |. E8 26990000 CALL 0040E780
fo.0040E780
00404E5A |. C645 FC 03
MOV BYTE PTR SS:[LOCAL.1],3
00404E5E |. 6A 00
PUSH 0
00404E60 |. 6A 01
PUSH 1
00404E62 |. 8D8D 50FFFFFF LEA ECX,[LOCAL.44]
00404E68 |. E8 F3AC0000 CALL 0040FB60
fo.0040FB60
00404E6D |. C645 FC 05
MOV BYTE PTR SS:[LOCAL.1],5
00404E71 |. 8D8D 78FFFFFF LEA ECX,[LOCAL.34]
00404E77 |. E8 04990000 CALL 0040E780
fo.0040E780
00404E7C |. C645 FC 02
MOV BYTE PTR SS:[LOCAL.1],2
00404E80 |. 6A 00
PUSH 0
00404E82 |. 6A 01
PUSH 1
00404E84 |. 8D8D 78FFFFFF LEA ECX,[LOCAL.34]
00404E8A |. E8 D1AC0000 CALL 0040FB60
fo.0040FB60
00404E8F |. 8D55 5C
LEA EDX,[ARG.22]
00404E92 |. 52
PUSH EDX
OFFSET ARG.22
00404E93 |. 8D45 34
LEA EAX,[ARG.12]
00404E96 |. 50
PUSH EAX
OFFSET ARG.12
00404E97 |. 8D8D 24FFFFFF LEA ECX,[LOCAL.55]
00404E9D |. 51
PUSH ECX
OFFSET LOCAL.55
00404E9E |. E8 8D9A0000 CALL 0040E930
fo.0040E930
00404EA3 |. 83C4 0C
ADD ESP,0C
00404EA6 |. 8985 F4FDFFFF MOV DWORD PTR SS:[LOCAL.131],EAX
00404EAC |. 8B95 F4FDFFFF MOV EDX,DWORD PTR SS:[LOCAL.131]

; /hTemplat
; |Attribut
; |Creation
; |pSecurit
; |ShareMod
; |DesiredA
; |
; |FileName
; \KERNEL32

; [SystemIn
;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

; [SystemIn
;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

; /Arg3 =>
; |
; |Arg2 =>
; |
; |Arg1 =>
; \SystemIn

00404EB2 |. 8995 F0FDFFFF


00404EB8 |. C645 FC 06
00404EBC |. C685 4FFFFFFF
00404EC3 |. C685 23FFFFFF
00404ECA |. 6A 06
00404ECC |. 8D85 10FFFFFF
00404ED2 |. 50
OFFSET LOCAL.60
00404ED3 |. E8 C0880200
fo.0042D798
00404ED8 |. 83C4 08
00404EDB |. 8985 DCFEFFFF
00404EE1 |. 837D 08 00
00404EE5 |. 75 0C
00404EE7 |. C785 ECFDFFFF
00404EF1 |. EB 11
00404EF3 |> 8B4D 08
00404EF6 |. 8B11
00404EF8 |. 8B45 08
00404EFB |. 0342 04
00404EFE |. 8985 ECFDFFFF
00404F04 |> 8B8D DCFEFFFF
00404F0A |. 8B51 04
00404F0D |. 52
00404F0E |. 8B85 ECFDFFFF
00404F14 |. 50
00404F15 |. 8B8D DCFEFFFF
00404F1B |. 8B11
00404F1D |. FFD2
00404F1F |. 83C4 08
00404F22 |. 6A 23
3
00404F24 |. 8D85 18FFFFFF
00404F2A |. 50
OFFSET LOCAL.58
00404F2B |. E8 68880200
fo.0042D798
00404F30 |. 83C4 08
00404F33 |. 8985 D4FEFFFF
00404F39 |. 68 77874400
00404F3E |. 8B4D 08
00404F41 |. 51
00404F42 |. E8 195A0000
00404F47 |. 83C4 08
00404F4A |. 8985 D8FEFFFF
00404F50 |. 83BD D8FEFFFF
00404F57 |. 75 0C
00404F59 |. C785 E8FDFFFF
00404F63 |. EB 17
00404F65 |> 8B95 D8FEFFFF
00404F6B |. 8B02
00404F6D |. 8B8D D8FEFFFF
00404F73 |. 0348 04
00404F76 |. 898D E8FDFFFF
00404F7C |> 8B95 D4FEFFFF
00404F82 |. 8B42 04
00404F85 |. 50
00404F86 |. 8B8D E8FDFFFF
00404F8C |. 51
00404F8D |. 8B95 D4FEFFFF

MOV DWORD PTR SS:[LOCAL.132],EDX


MOV BYTE PTR SS:[LOCAL.1],6
MOV BYTE PTR SS:[LOCAL.45+3],20
MOV BYTE PTR SS:[LOCAL.56+3],2E
PUSH 6
LEA EAX,[LOCAL.60]
PUSH EAX

; /Arg2 = 6
; |
; |Arg1 =>

CALL 0042D798

; \SystemIn

ADD ESP,8
MOV DWORD PTR SS:[LOCAL.73],EAX
CMP DWORD PTR SS:[ARG.1],0
JNE SHORT 00404EF3
MOV DWORD PTR SS:[LOCAL.133],0
JMP SHORT 00404F04
MOV ECX,DWORD PTR SS:[ARG.1]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[ARG.1]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.133],EAX
MOV ECX,DWORD PTR SS:[LOCAL.73]
MOV EDX,DWORD PTR DS:[ECX+4]
PUSH EDX
MOV EAX,DWORD PTR SS:[LOCAL.133]
PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.73]
MOV EDX,DWORD PTR DS:[ECX]
CALL EDX
ADD ESP,8
PUSH 23

; /Arg2 = 2

LEA EAX,[LOCAL.58]
PUSH EAX

; |
; |Arg1 =>

CALL 0042D798

; \SystemIn

ADD ESP,8
MOV DWORD PTR SS:[LOCAL.75],EAX
PUSH OFFSET 00448777
MOV ECX,DWORD PTR SS:[ARG.1]
PUSH ECX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[LOCAL.74],EAX
CMP DWORD PTR SS:[LOCAL.74],0
JNE SHORT 00404F65
MOV DWORD PTR SS:[LOCAL.134],0
JMP SHORT 00404F7C
MOV EDX,DWORD PTR SS:[LOCAL.74]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[LOCAL.74]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.134],ECX
MOV EDX,DWORD PTR SS:[LOCAL.75]
MOV EAX,DWORD PTR DS:[EDX+4]
PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.134]
PUSH ECX
MOV EDX,DWORD PTR SS:[LOCAL.75]

00404F93
00404F95
00404F97
00404F9A
00404FA0
00404FA6
00404FAC
00404FAE
00404FB4
00404FB7
00404FBD
00404FC3
00404FC6
00404FCC
00404FD2
00404FD8
00404FDB
00404FE2
00404FE4
00404FEE
00404FF0
00404FF6
00404FF8
00404FFE
00405001
00405007
0040500D
00405010
00405016
0040501B
0040501D
00405023
00405026
0040502B
00405031
00405037
00405039
0040503F
00405042
00405048
00405049
0040504F
00405050
00405055
00405058
0040505E
00405065
00405067
00405071
00405073
00405079
0040507B
00405081
00405084
0040508A
00405090
00405093
00405099
0040509E
004050A0

|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.

8B02
FFD0
83C4 08
8A8D 23FFFFFF
888D CBFEFFFF
8B95 D8FEFFFF
8B02
8B8D D8FEFFFF
0348 04
898D CCFEFFFF
8B95 CCFEFFFF
8A42 30
8885 D3FEFFFF
8B8D CCFEFFFF
8A95 CBFEFFFF
8851 30
83BD D8FEFFFF
75 0C
C785 C0FEFFFF
EB 17
8B85 D8FEFFFF
8B08
8B95 D8FEFFFF
0351 04
8995 C0FEFFFF
8B85 C0FEFFFF
8B48 10
898D C4FEFFFF
BA C0010000
F7D2
8B85 C0FEFFFF
2350 10
B9 40000000
81E1 C0010000
81E1 FFFF0000
0BD1
8B85 C0FEFFFF
8950 10
8B8D F0FDFFFF
51
8B95 D8FEFFFF
52
E8 0B5E0000
83C4 08
8985 B4FEFFFF
83BD B4FEFFFF
75 0C
C785 B8FEFFFF
EB 17
8B85 B4FEFFFF
8B08
8B95 B4FEFFFF
0351 04
8995 B8FEFFFF
8B85 B8FEFFFF
8B48 10
898D BCFEFFFF
BA C0010000
F7D2
8B85 B8FEFFFF

MOV EAX,DWORD PTR DS:[EDX]


CALL EAX
ADD ESP,8
MOV CL,BYTE PTR SS:[LOCAL.56+3]
MOV BYTE PTR SS:[LOCAL.78+3],CL
MOV EDX,DWORD PTR SS:[LOCAL.74]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[LOCAL.74]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.77],ECX
MOV EDX,DWORD PTR SS:[LOCAL.77]
MOV AL,BYTE PTR DS:[EDX+30]
MOV BYTE PTR SS:[LOCAL.76+3],AL
MOV ECX,DWORD PTR SS:[LOCAL.77]
MOV DL,BYTE PTR SS:[LOCAL.78+3]
MOV BYTE PTR DS:[ECX+30],DL
CMP DWORD PTR SS:[LOCAL.74],0
JNE SHORT 00404FF0
MOV DWORD PTR SS:[LOCAL.80],0
JMP SHORT 00405007
MOV EAX,DWORD PTR SS:[LOCAL.74]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[LOCAL.74]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[LOCAL.80],EDX
MOV EAX,DWORD PTR SS:[LOCAL.80]
MOV ECX,DWORD PTR DS:[EAX+10]
MOV DWORD PTR SS:[LOCAL.79],ECX
MOV EDX,1C0
NOT EDX
MOV EAX,DWORD PTR SS:[LOCAL.80]
AND EDX,DWORD PTR DS:[EAX+10]
MOV ECX,40
AND ECX,000001C0
AND ECX,0000FFFF
OR EDX,ECX
MOV EAX,DWORD PTR SS:[LOCAL.80]
MOV DWORD PTR DS:[EAX+10],EDX
MOV ECX,DWORD PTR SS:[LOCAL.132]
PUSH ECX
MOV EDX,DWORD PTR SS:[LOCAL.74]
PUSH EDX
CALL 0040AE60
ADD ESP,8
MOV DWORD PTR SS:[LOCAL.83],EAX
CMP DWORD PTR SS:[LOCAL.83],0
JNE SHORT 00405073
MOV DWORD PTR SS:[LOCAL.82],0
JMP SHORT 0040508A
MOV EAX,DWORD PTR SS:[LOCAL.83]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[LOCAL.83]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[LOCAL.82],EDX
MOV EAX,DWORD PTR SS:[LOCAL.82]
MOV ECX,DWORD PTR DS:[EAX+10]
MOV DWORD PTR SS:[LOCAL.81],ECX
MOV EDX,1C0
NOT EDX
MOV EAX,DWORD PTR SS:[LOCAL.82]

004050A6 |. 2350 10
004050A9 |. B9 80000000
004050AE |. 81E1 C0010000
004050B4 |. 81E1 FFFF0000
004050BA |. 0BD1
004050BC |. 8B85 B8FEFFFF
004050C2 |. 8950 10
004050C5 |. 8A8D 4FFFFFFF
004050CB |. 888D ABFEFFFF
004050D1 |. 8B95 B4FEFFFF
004050D7 |. 8B02
004050D9 |. 8B8D B4FEFFFF
004050DF |. 0348 04
004050E2 |. 898D ACFEFFFF
004050E8 |. 8B95 ACFEFFFF
004050EE |. 8A42 30
004050F1 |. 8885 B3FEFFFF
004050F7 |. 8B8D ACFEFFFF
004050FD |. 8A95 ABFEFFFF
00405103 |. 8851 30
00405106 |. C645 FC 07
0040510A |. 8D8D 24FFFFFF
00405110 |. E8 6B960000
fo.0040E780
00405115 |. C645 FC 02
00405119 |. 6A 00
0040511B |. 6A 01
0040511D |. 8D8D 24FFFFFF
00405123 |. E8 38AA0000
fo.0040FB60
00405128 |. 837D EC FF
0040512C |. 75 34
0040512E |. 68 A4874400
SSING"
00405133 |. 8B45 08
00405136 |. 50
00405137 |. E8 24580000
0040513C |. 83C4 08
0040513F |. 8985 A4FEFFFF
00405145 |. 6A 0A
A
00405147 |. 8B8D A4FEFFFF
0040514D |. E8 6EA40000
fo.0040F5C0
00405152 |. 8B8D A4FEFFFF
00405158 |. E8 63A60000
fo.0040F7C0
0040515D |. E9 3D060000
00405162 |> 6A 34
4
00405164 |. 6A 00
00405166 |. 8D4D B0
00405169 |. 51
OFFSET LOCAL.20
0040516A |. E8 31970200
fo.0042E8A0
0040516F |. 83C4 0C
00405172 |. 8D55 B0
00405175 |. 52
OFFSET LOCAL.20

AND EDX,DWORD PTR DS:[EAX+10]


MOV ECX,80
AND ECX,000001C0
AND ECX,0000FFFF
OR EDX,ECX
MOV EAX,DWORD PTR SS:[LOCAL.82]
MOV DWORD PTR DS:[EAX+10],EDX
MOV CL,BYTE PTR SS:[LOCAL.45+3]
MOV BYTE PTR SS:[LOCAL.86+3],CL
MOV EDX,DWORD PTR SS:[LOCAL.83]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[LOCAL.83]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.85],ECX
MOV EDX,DWORD PTR SS:[LOCAL.85]
MOV AL,BYTE PTR DS:[EDX+30]
MOV BYTE PTR SS:[LOCAL.84+3],AL
MOV ECX,DWORD PTR SS:[LOCAL.85]
MOV DL,BYTE PTR SS:[LOCAL.86+3]
MOV BYTE PTR DS:[ECX+30],DL
MOV BYTE PTR SS:[LOCAL.1],7
LEA ECX,[LOCAL.55]
CALL 0040E780

; [SystemIn

MOV BYTE PTR SS:[LOCAL.1],2


PUSH 0
PUSH 1
LEA ECX,[LOCAL.55]
CALL 0040FB60

;
;
;
;

CMP DWORD PTR SS:[LOCAL.5],-1


JNE SHORT 00405162
PUSH OFFSET 004487A4

; ASCII "MI

MOV EAX,DWORD PTR SS:[ARG.1]


PUSH EAX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[LOCAL.87],EAX
PUSH 0A

; /Arg1 = 0

MOV ECX,DWORD PTR SS:[LOCAL.87]


CALL 0040F5C0

; |
; \SystemIn

MOV ECX,DWORD PTR SS:[LOCAL.87]


CALL 0040F7C0

; [SystemIn

JMP 0040579F
PUSH 34

; /Arg3 = 3

PUSH 0
LEA ECX,[LOCAL.20]
PUSH ECX

; |Arg2 = 0
; |
; |Arg1 =>

CALL 0042E8A0

; \SystemIn

ADD ESP,0C
LEA EDX,[LOCAL.20]
PUSH EDX

; /pInfo =>

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

00405176 |. 8B45 EC
00405179 |. 50
[LOCAL.5]
0040517A |. FF15 40804400
.GetFileInformationByHandle
00405180 |. 8D4D E4
00405183 |. 51
eTime => OFFSET LOCAL.7
00405184 |. 8D55 C4
00405187 |. 52
=> OFFSET LOCAL.15
00405188 |. FF15 3C804400
.FileTimeToLocalFileTime
0040518E |. 8D45 A0
00405191 |. 50
me => OFFSET LOCAL.24
00405192 |. 8D4D E4
00405195 |. 51
=> OFFSET LOCAL.7
00405196 |. FF15 38804400
.FileTimeToSystemTime
0040519C |. 837D B0 00
004051A0 |. 74 0C
004051A2 |. C785 E4FDFFFF
004051AC |. EB 0A
004051AE |> C785 E4FDFFFF
004051B8 |> 8B55 B0
004051BB |. 81E2 00010000
004051C1 |. 74 0C
004051C3 |. C785 E0FDFFFF
004051CD |. EB 0A
004051CF |> C785 E0FDFFFF
004051D9 |> 8B45 B0
004051DC |. 83E0 04
004051DF |. 74 0C
004051E1 |. C785 DCFDFFFF
004051EB |. EB 0A
004051ED |> C785 DCFDFFFF
004051F7 |> 8B4D B0
004051FA |. 83E1 01
004051FD |. 74 0C
004051FF |. C785 D8FDFFFF
00405209 |. EB 0A
0040520B |> C785 D8FDFFFF
00405215 |> 8B55 B0
00405218 |. 81E2 00020000
0040521E |. 74 0C
00405220 |. C785 D4FDFFFF
0040522A |. EB 0A
0040522C |> C785 D4FDFFFF
00405236 |> 8B45 B0
00405239 |. 25 00040000
0040523E |. 74 0C
00405240 |. C785 D0FDFFFF
0040524A |. EB 0A
0040524C |> C785 D0FDFFFF
00405256 |> 8B4D B0
00405259 |. 81E1 00100000
0040525F |. 74 0C
00405261 |. C785 CCFDFFFF

MOV EAX,DWORD PTR SS:[LOCAL.5]


PUSH EAX

; |
; |hFile =>

CALL DWORD PTR DS:[<&KERNEL32.GetFileInf ; \KERNEL32


LEA ECX,[LOCAL.7]
PUSH ECX

; /LocalFil

LEA EDX,[LOCAL.15]
PUSH EDX

; |
; |FileTime

CALL DWORD PTR DS:[<&KERNEL32.FileTimeTo ; \KERNEL32


LEA EAX,[LOCAL.24]
PUSH EAX

; /SystemTi

LEA ECX,[LOCAL.7]
PUSH ECX

; |
; |FileTime

CALL DWORD PTR DS:[<&KERNEL32.FileTimeTo ; \KERNEL32


CMP DWORD PTR SS:[LOCAL.20],0
JE SHORT 004051AE
MOV DWORD PTR SS:[LOCAL.135],OFFSET
JMP SHORT 004051B8
MOV DWORD PTR SS:[LOCAL.135],OFFSET
MOV EDX,DWORD PTR SS:[LOCAL.20]
AND EDX,00000100
JE SHORT 004051CF
MOV DWORD PTR SS:[LOCAL.136],OFFSET
JMP SHORT 004051D9
MOV DWORD PTR SS:[LOCAL.136],OFFSET
MOV EAX,DWORD PTR SS:[LOCAL.20]
AND EAX,00000004
JE SHORT 004051ED
MOV DWORD PTR SS:[LOCAL.137],OFFSET
JMP SHORT 004051F7
MOV DWORD PTR SS:[LOCAL.137],OFFSET
MOV ECX,DWORD PTR SS:[LOCAL.20]
AND ECX,00000001
JE SHORT 0040520B
MOV DWORD PTR SS:[LOCAL.138],OFFSET
JMP SHORT 00405215
MOV DWORD PTR SS:[LOCAL.138],OFFSET
MOV EDX,DWORD PTR SS:[LOCAL.20]
AND EDX,00000200
JE SHORT 0040522C
MOV DWORD PTR SS:[LOCAL.139],OFFSET
JMP SHORT 00405236
MOV DWORD PTR SS:[LOCAL.139],OFFSET
MOV EAX,DWORD PTR SS:[LOCAL.20]
AND EAX,00000400
JE SHORT 0040524C
MOV DWORD PTR SS:[LOCAL.140],OFFSET
JMP SHORT 00405256
MOV DWORD PTR SS:[LOCAL.140],OFFSET
MOV ECX,DWORD PTR SS:[LOCAL.20]
AND ECX,00001000
JE SHORT 0040526D
MOV DWORD PTR SS:[LOCAL.141],OFFSET

0044
0044

0044
0044

0044
0044

0044
0044

0044
0044

0044
0044

0044

0040526B |. EB 0A
0040526D |> C785 CCFDFFFF
00405277 |> 8B55 B0
0040527A |. 83E2 02
0040527D |. 74 0C
0040527F |. C785 C8FDFFFF
00405289 |. EB 0A
0040528B |> C785 C8FDFFFF
00405295 |> 8B45 B0
00405298 |. 25 00400000
0040529D |. 74 0C
0040529F |. C785 C4FDFFFF
004052A9 |. EB 0A
004052AB |> C785 C4FDFFFF
004052B5 |> 8B4D B0
004052B8 |. 81E1 00080000
004052BE |. 74 0C
004052C0 |. C785 C0FDFFFF
004052CA |. EB 0A
004052CC |> C785 C0FDFFFF
004052D6 |> 8B55 B0
004052D9 |. 83E2 20
004052DC |. 74 0C
004052DE |. C785 BCFDFFFF
004052E8 |. EB 0A
004052EA |> C785 BCFDFFFF
004052F4 |> 8B45 B0
004052F7 |. 83E0 10
004052FA |. 74 0C
004052FC |. C785 B8FDFFFF
00405306 |. EB 0A
00405308 |> C785 B8FDFFFF
00405312 |> 837D B0 00
00405316 |. 74 0C
00405318 |. C785 B4FDFFFF
Attr: "
00405322 |. EB 0A
00405324 |> C785 B4FDFFFF
0040532E |> 0FB74D A8
00405332 |. 83F9 0C
00405335 |. 7D 0C
00405337 |. C785 B0FDFFFF
"
00405341 |. EB 0A
00405343 |> C785 B0FDFFFF
"
0040534D |> C685 07FFFFFF
00405354 |. C685 06FFFFFF
0040535B |. 6A 02
0040535D |. 8D95 E4FEFFFF
00405363 |. 52
OFFSET LOCAL.71
00405364 |. E8 2F840200
fo.0042D798
00405369 |. 83C4 08
0040536C |. 8985 A0FEFFFF
00405372 |. 837D 08 00
00405376 |. 75 0C
00405378 |. C785 ACFDFFFF
00405382 |. EB 11

JMP SHORT 00405277


MOV DWORD PTR SS:[LOCAL.141],OFFSET
MOV EDX,DWORD PTR SS:[LOCAL.20]
AND EDX,00000002
JE SHORT 0040528B
MOV DWORD PTR SS:[LOCAL.142],OFFSET
JMP SHORT 00405295
MOV DWORD PTR SS:[LOCAL.142],OFFSET
MOV EAX,DWORD PTR SS:[LOCAL.20]
AND EAX,00004000
JE SHORT 004052AB
MOV DWORD PTR SS:[LOCAL.143],OFFSET
JMP SHORT 004052B5
MOV DWORD PTR SS:[LOCAL.143],OFFSET
MOV ECX,DWORD PTR SS:[LOCAL.20]
AND ECX,00000800
JE SHORT 004052CC
MOV DWORD PTR SS:[LOCAL.144],OFFSET
JMP SHORT 004052D6
MOV DWORD PTR SS:[LOCAL.144],OFFSET
MOV EDX,DWORD PTR SS:[LOCAL.20]
AND EDX,00000020
JE SHORT 004052EA
MOV DWORD PTR SS:[LOCAL.145],OFFSET
JMP SHORT 004052F4
MOV DWORD PTR SS:[LOCAL.145],OFFSET
MOV EAX,DWORD PTR SS:[LOCAL.20]
AND EAX,00000010
JE SHORT 00405308
MOV DWORD PTR SS:[LOCAL.146],OFFSET
JMP SHORT 00405312
MOV DWORD PTR SS:[LOCAL.146],OFFSET
CMP DWORD PTR SS:[LOCAL.20],0
JE SHORT 00405324
MOV DWORD PTR SS:[LOCAL.147],OFFSET

0044

0044
0044

0044
0044

0044
0044

0044
0044

0044
0044
0044 ; ASCII " (

JMP SHORT 0040532E


MOV DWORD PTR SS:[LOCAL.147],OFFSET 0044
MOVZX ECX,WORD PTR SS:[LOCAL.22]
CMP ECX,0C
JGE SHORT 00405343
MOV DWORD PTR SS:[LOCAL.148],OFFSET 0044 ; ASCII "AM
JMP SHORT 0040534D
MOV DWORD PTR SS:[LOCAL.148],OFFSET 0044 ; ASCII "PM
MOV BYTE PTR SS:[LOCAL.63+3],20
MOV BYTE PTR SS:[LOCAL.63+2],30
PUSH 2
LEA EDX,[LOCAL.71]
PUSH EDX

; /Arg2 = 2
; |
; |Arg1 =>

CALL 0042D798

; \SystemIn

ADD
MOV
CMP
JNE
MOV
JMP

ESP,8
DWORD
DWORD
SHORT
DWORD
SHORT

PTR SS:[LOCAL.88],EAX
PTR SS:[ARG.1],0
00405384
PTR SS:[LOCAL.149],0
00405395

00405384 |> 8B45 08


00405387 |. 8B08
00405389 |. 8B55 08
0040538C |. 0351 04
0040538F |. 8995 ACFDFFFF
00405395 |> 8B85 A0FEFFFF
0040539B |. 8B48 04
0040539E |. 51
0040539F |. 8B95 ACFDFFFF
004053A5 |. 52
004053A6 |. 8B85 A0FEFFFF
004053AC |. 8B08
004053AE |. FFD1
004053B0 |. 83C4 08
004053B3 |. 6A 02
004053B5 |. 8D95 ECFEFFFF
004053BB |. 52
OFFSET LOCAL.69
004053BC |. E8 D7830200
fo.0042D798
004053C1 |. 83C4 08
004053C4 |. 8985 98FEFFFF
004053CA |. 68 84874400
004053CF |. 0FB745 A2
004053D3 |. 50
004053D4 |. 8B4D 08
004053D7 |. E8 B4070000
fo.00405B90
004053DC |. 50
004053DD |. E8 7E550000
004053E2 |. 83C4 08
004053E5 |. 8985 9CFEFFFF
004053EB |. 83BD 9CFEFFFF
004053F2 |. 75 0C
004053F4 |. C785 A8FDFFFF
004053FE |. EB 17
00405400 |> 8B8D 9CFEFFFF
00405406 |. 8B11
00405408 |. 8B85 9CFEFFFF
0040540E |. 0342 04
00405411 |. 8985 A8FDFFFF
00405417 |> 8B8D 98FEFFFF
0040541D |. 8B51 04
00405420 |. 52
00405421 |. 8B85 A8FDFFFF
00405427 |. 50
00405428 |. 8B8D 98FEFFFF
0040542E |. 8B11
00405430 |. FFD2
00405432 |. 83C4 08
00405435 |. 6A 02
00405437 |. 8D85 F4FEFFFF
0040543D |. 50
OFFSET LOCAL.67
0040543E |. E8 55830200
fo.0042D798
00405443 |. 83C4 08
00405446 |. 8985 90FEFFFF
0040544C |. 68 80874400
00405451 |. 0FB74D A0

MOV EAX,DWORD PTR SS:[ARG.1]


MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[ARG.1]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[LOCAL.149],EDX
MOV EAX,DWORD PTR SS:[LOCAL.88]
MOV ECX,DWORD PTR DS:[EAX+4]
PUSH ECX
MOV EDX,DWORD PTR SS:[LOCAL.149]
PUSH EDX
MOV EAX,DWORD PTR SS:[LOCAL.88]
MOV ECX,DWORD PTR DS:[EAX]
CALL ECX
ADD ESP,8
PUSH 2
LEA EDX,[LOCAL.69]
PUSH EDX

; /Arg2 = 2
; |
; |Arg1 =>

CALL 0042D798

; \SystemIn

ADD ESP,8
MOV DWORD PTR SS:[LOCAL.90],EAX
PUSH OFFSET 00448784
MOVZX EAX,WORD PTR SS:[LOCAL.24+2]
PUSH EAX
MOV ECX,DWORD PTR SS:[ARG.1]
CALL 00405B90

; /Arg1
; |
; \SystemIn

PUSH EAX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[LOCAL.89],EAX
CMP DWORD PTR SS:[LOCAL.89],0
JNE SHORT 00405400
MOV DWORD PTR SS:[LOCAL.150],0
JMP SHORT 00405417
MOV ECX,DWORD PTR SS:[LOCAL.89]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[LOCAL.89]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.150],EAX
MOV ECX,DWORD PTR SS:[LOCAL.90]
MOV EDX,DWORD PTR DS:[ECX+4]
PUSH EDX
MOV EAX,DWORD PTR SS:[LOCAL.150]
PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.90]
MOV EDX,DWORD PTR DS:[ECX]
CALL EDX
ADD ESP,8
PUSH 2
LEA EAX,[LOCAL.67]
PUSH EAX

; /Arg2 = 2
; |
; |Arg1 =>

CALL 0042D798

; \SystemIn

ADD ESP,8
MOV DWORD PTR SS:[LOCAL.92],EAX
PUSH OFFSET 00448780
MOVZX ECX,WORD PTR SS:[LOCAL.24]

00405455 |. 51
00405456 |. 68 84874400
0040545B |. 0FB755 A6
0040545F |. 52
00405460 |. 8B8D 9CFEFFFF
00405466 |. E8 25070000
nfo.00405B90
0040546B |. 50
0040546C |. E8 EF540000
00405471 |. 83C4 08
00405474 |. 8BC8
00405476 |. E8 15070000
fo.00405B90
0040547B |. 50
0040547C |. E8 DF540000
00405481 |. 83C4 08
00405484 |. 8985 94FEFFFF
0040548A |. 83BD 94FEFFFF
00405491 |. 75 0C
00405493 |. C785 A4FDFFFF
0040549D |. EB 17
0040549F |> 8B85 94FEFFFF
004054A5 |. 8B08
004054A7 |. 8B95 94FEFFFF
004054AD |. 0351 04
004054B0 |. 8995 A4FDFFFF
004054B6 |> 8B85 90FEFFFF
004054BC |. 8B48 04
004054BF |. 51
004054C0 |. 8B95 A4FDFFFF
004054C6 |. 52
004054C7 |. 8B85 90FEFFFF
004054CD |. 8B08
004054CF |. FFD1
004054D1 |. 83C4 08
004054D4 |. 6A 02
004054D6 |. 8D95 FCFEFFFF
004054DC |. 52
OFFSET LOCAL.65
004054DD |. E8 B6820200
fo.0042D798
004054E2 |. 83C4 08
004054E5 |. 8985 88FEFFFF
004054EB |. 68 E4824400
004054F0 |. 0FB745 A8
004054F4 |. 83C0 0B
004054F7 |. 99
004054F8 |. B9 0C000000
004054FD |. F7F9
004054FF |. 83C2 01
00405502 |. 52
00405503 |. 8B8D 94FEFFFF
00405509 |. E8 52090000
fo.00405E60
0040550E |. 50
0040550F |. E8 4C540000
00405514 |. 83C4 08
00405517 |. 8985 8CFEFFFF
0040551D |. 83BD 8CFEFFFF
00405524 |. 75 0C

PUSH ECX
PUSH OFFSET 00448784
MOVZX EDX,WORD PTR SS:[LOCAL.23+2]
PUSH EDX
MOV ECX,DWORD PTR SS:[LOCAL.89]
CALL 00405B90

;
;
;
;
;
;

/Arg1
|
|
|/Arg1
||
|\SystemI

PUSH EAX
CALL 0040A960
ADD ESP,8
MOV ECX,EAX
CALL 00405B90

;
;
;
;
;

|
|
|
|
\SystemIn

PUSH EAX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[LOCAL.91],EAX
CMP DWORD PTR SS:[LOCAL.91],0
JNE SHORT 0040549F
MOV DWORD PTR SS:[LOCAL.151],0
JMP SHORT 004054B6
MOV EAX,DWORD PTR SS:[LOCAL.91]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[LOCAL.91]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[LOCAL.151],EDX
MOV EAX,DWORD PTR SS:[LOCAL.92]
MOV ECX,DWORD PTR DS:[EAX+4]
PUSH ECX
MOV EDX,DWORD PTR SS:[LOCAL.151]
PUSH EDX
MOV EAX,DWORD PTR SS:[LOCAL.92]
MOV ECX,DWORD PTR DS:[EAX]
CALL ECX
ADD ESP,8
PUSH 2
LEA EDX,[LOCAL.65]
PUSH EDX

; /Arg2 = 2
; |
; |Arg1 =>

CALL 0042D798

; \SystemIn

ADD ESP,8
MOV DWORD PTR SS:[LOCAL.94],EAX
PUSH OFFSET 004482E4
MOVZX EAX,WORD PTR SS:[LOCAL.22]
ADD EAX,0B
CDQ
MOV ECX,0C
IDIV ECX
ADD EDX,1
PUSH EDX
MOV ECX,DWORD PTR SS:[LOCAL.91]
CALL 00405E60

; /Arg1
; |
; \SystemIn

PUSH EAX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[LOCAL.93],EAX
CMP DWORD PTR SS:[LOCAL.93],0
JNE SHORT 00405532

00405526 |. C785 A0FDFFFF


00405530 |. EB 17
00405532 |> 8B95 8CFEFFFF
00405538 |. 8B02
0040553A |. 8B8D 8CFEFFFF
00405540 |. 0348 04
00405543 |. 898D A0FDFFFF
00405549 |> 8B95 88FEFFFF
0040554F |. 8B42 04
00405552 |. 50
00405553 |. 8B8D A0FDFFFF
00405559 |. 51
0040555A |. 8B95 88FEFFFF
00405560 |. 8B02
00405562 |. FFD0
00405564 |. 83C4 08
00405567 |. 8A8D 06FFFFFF
0040556D |. 888D 7FFEFFFF
00405573 |. 8B95 8CFEFFFF
00405579 |. 8B02
0040557B |. 8B8D 8CFEFFFF
00405581 |. 0348 04
00405584 |. 898D 80FEFFFF
0040558A |. 8B95 80FEFFFF
00405590 |. 8A42 30
00405593 |. 8885 87FEFFFF
00405599 |. 8B8D 80FEFFFF
0040559F |. 8A95 7FFEFFFF
004055A5 |. 8851 30
004055A8 |. 68 80874400
004055AD |. 0FB745 AA
004055B1 |. 50
004055B2 |. 8B8D 8CFEFFFF
004055B8 |. E8 D3050000
fo.00405B90
004055BD |. 50
004055BE |. E8 9D530000
004055C3 |. 83C4 08
004055C6 |. 8985 70FEFFFF
004055CC |. 8A8D 07FFFFFF
004055D2 |. 888D 77FEFFFF
004055D8 |. 8B95 70FEFFFF
004055DE |. 8B02
004055E0 |. 8B8D 70FEFFFF
004055E6 |. 0348 04
004055E9 |. 898D 78FEFFFF
004055EF |. 8B95 78FEFFFF
004055F5 |. 8A42 30
004055F8 |. 8885 7EFEFFFF
004055FE |. 8B8D 78FEFFFF
00405604 |. 8A95 77FEFFFF
0040560A |. 8851 30
0040560D |. 6A 07
0040560F |. 8D85 08FFFFFF
00405615 |. 50
OFFSET LOCAL.62
00405616 |. E8 7D810200
fo.0042D798
0040561B |. 83C4 08
0040561E |. 8985 68FEFFFF

MOV DWORD PTR SS:[LOCAL.152],0


JMP SHORT 00405549
MOV EDX,DWORD PTR SS:[LOCAL.93]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[LOCAL.93]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.152],ECX
MOV EDX,DWORD PTR SS:[LOCAL.94]
MOV EAX,DWORD PTR DS:[EDX+4]
PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.152]
PUSH ECX
MOV EDX,DWORD PTR SS:[LOCAL.94]
MOV EAX,DWORD PTR DS:[EDX]
CALL EAX
ADD ESP,8
MOV CL,BYTE PTR SS:[LOCAL.63+2]
MOV BYTE PTR SS:[LOCAL.97+3],CL
MOV EDX,DWORD PTR SS:[LOCAL.93]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[LOCAL.93]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.96],ECX
MOV EDX,DWORD PTR SS:[LOCAL.96]
MOV AL,BYTE PTR DS:[EDX+30]
MOV BYTE PTR SS:[LOCAL.95+3],AL
MOV ECX,DWORD PTR SS:[LOCAL.96]
MOV DL,BYTE PTR SS:[LOCAL.97+3]
MOV BYTE PTR DS:[ECX+30],DL
PUSH OFFSET 00448780
MOVZX EAX,WORD PTR SS:[LOCAL.22+2]
PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.93]
CALL 00405B90

; /Arg1
; |
; \SystemIn

PUSH EAX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[LOCAL.100],EAX
MOV CL,BYTE PTR SS:[LOCAL.63+3]
MOV BYTE PTR SS:[LOCAL.99+3],CL
MOV EDX,DWORD PTR SS:[LOCAL.100]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[LOCAL.100]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.98],ECX
MOV EDX,DWORD PTR SS:[LOCAL.98]
MOV AL,BYTE PTR DS:[EDX+30]
MOV BYTE PTR SS:[LOCAL.97+2],AL
MOV ECX,DWORD PTR SS:[LOCAL.98]
MOV DL,BYTE PTR SS:[LOCAL.99+3]
MOV BYTE PTR DS:[ECX+30],DL
PUSH 7
LEA EAX,[LOCAL.62]
PUSH EAX

; /Arg2 = 7
; |
; |Arg1 =>

CALL 0042D798

; \SystemIn

ADD ESP,8
MOV DWORD PTR SS:[LOCAL.102],EAX

00405624 |.
0040562A |.
0040562B |.
00405631 |.
00405632 |.
00405637 |.
0040563A |.
00405640 |.
00405647 |.
00405649 |.
00405653 |.
00405655 |>
0040565B |.
0040565D |.
00405663 |.
00405666 |.
0040566C |>
00405672 |.
00405675 |.
00405676 |.
0040567C |.
0040567D |.
00405683 |.
00405685 |.
00405687 |.
0040568A |.
00405690 |.
00405691 |.
00405697 |.
00405698 |.
0040569E |.
0040569F |.
004056A5 |.
004056A6 |.
004056AC |.
004056AD |.
004056B3 |.
004056B4 |.
004056BA |.
004056BB |.
004056C1 |.
004056C2 |.
004056C8 |.
004056C9 |.
004056CF |.
004056D0 |.
004056D6 |.
004056D7 |.
004056DD |.
004056DE |.
004056E4 |.
004056E5 |.
ytes"
004056EA |.
004056ED |.
[LOCAL.11]
004056EE |.
004056F4 |.
fo.00406190
004056F9 |.

8B8D B0FDFFFF
51
8B95 70FEFFFF
52
E8 29530000
83C4 08
8985 6CFEFFFF
83BD 6CFEFFFF
75 0C
C785 9CFDFFFF
EB 17
8B85 6CFEFFFF
8B08
8B95 6CFEFFFF
0351 04
8995 9CFDFFFF
8B85 68FEFFFF
8B48 04
51
8B95 9CFDFFFF
52
8B85 68FEFFFF
8B08
FFD1
83C4 08
8B95 E4FDFFFF
52
8B85 E0FDFFFF
50
8B8D DCFDFFFF
51
8B95 D8FDFFFF
52
8B85 D4FDFFFF
50
8B8D D0FDFFFF
51
8B95 CCFDFFFF
52
8B85 C8FDFFFF
50
8B8D C4FDFFFF
51
8B95 C0FDFFFF
52
8B85 BCFDFFFF
50
8B8D B8FDFFFF
51
8B95 B4FDFFFF
52
68 78874400

MOV ECX,DWORD PTR SS:[LOCAL.148]


PUSH ECX
MOV EDX,DWORD PTR SS:[LOCAL.100]
PUSH EDX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[LOCAL.101],EAX
CMP DWORD PTR SS:[LOCAL.101],0
JNE SHORT 00405655
MOV DWORD PTR SS:[LOCAL.153],0
JMP SHORT 0040566C
MOV EAX,DWORD PTR SS:[LOCAL.101]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[LOCAL.101]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[LOCAL.153],EDX
MOV EAX,DWORD PTR SS:[LOCAL.102]
MOV ECX,DWORD PTR DS:[EAX+4]
PUSH ECX
MOV EDX,DWORD PTR SS:[LOCAL.153]
PUSH EDX
MOV EAX,DWORD PTR SS:[LOCAL.102]
MOV ECX,DWORD PTR DS:[EAX]
CALL ECX
ADD ESP,8
MOV EDX,DWORD PTR SS:[LOCAL.135]
PUSH EDX
MOV EAX,DWORD PTR SS:[LOCAL.136]
PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.137]
PUSH ECX
MOV EDX,DWORD PTR SS:[LOCAL.138]
PUSH EDX
MOV EAX,DWORD PTR SS:[LOCAL.139]
PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.140]
PUSH ECX
MOV EDX,DWORD PTR SS:[LOCAL.141]
PUSH EDX
MOV EAX,DWORD PTR SS:[LOCAL.142]
PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.143]
PUSH ECX
MOV EDX,DWORD PTR SS:[LOCAL.144]
PUSH EDX
MOV EAX,DWORD PTR SS:[LOCAL.145]
PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.146]
PUSH ECX
MOV EDX,DWORD PTR SS:[LOCAL.147]
PUSH EDX
PUSH OFFSET 00448778

; ASCII " b

8B45 D4
50

MOV EAX,DWORD PTR SS:[LOCAL.11]


PUSH EAX

; /Arg1 =>

8B8D 6CFEFFFF MOV ECX,DWORD PTR SS:[LOCAL.101]


E8 970A0000 CALL 00406190
50

PUSH EAX

; |
; \SystemIn

004056FA |.
004056FF |.
00405702 |.
00405703 |.
00405708 |.
0040570B |.
0040570C |.
00405711 |.
00405714 |.
00405715 |.
0040571A |.
0040571D |.
0040571E |.
00405723 |.
00405726 |.
00405727 |.
0040572C |.
0040572F |.
00405730 |.
00405735 |.
00405738 |.
00405739 |.
0040573E |.
00405741 |.
00405742 |.
00405747 |.
0040574A |.
0040574B |.
00405750 |.
00405753 |.
00405754 |.
00405759 |.
0040575C |.
0040575D |.
00405762 |.
00405765 |.
00405766 |.
0040576B |.
0040576E |.
0040576F |.
00405774 |.
00405777 |.
0040577D |.
A
0040577F |.
00405785 |.
fo.0040F5C0
0040578A |.
00405790 |.
fo.0040F7C0
00405795 |.
00405798 |.
=> [LOCAL.5]
00405799 |.
.CloseHandle
0040579F |>
004057A3 |.
004057A6 |.
fo.0040E780
004057AB |.

E8 61520000
83C4 08
50
E8 58520000
83C4 08
50
E8 4F520000
83C4 08
50
E8 46520000
83C4 08
50
E8 3D520000
83C4 08
50
E8 34520000
83C4 08
50
E8 2B520000
83C4 08
50
E8 22520000
83C4 08
50
E8 19520000
83C4 08
50
E8 10520000
83C4 08
50
E8 07520000
83C4 08
50
E8 FE510000
83C4 08
50
E8 F5510000
83C4 08
50
E8 EC510000
83C4 08
8985 50FEFFFF
6A 0A

CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[LOCAL.108],EAX
PUSH 0A

; /Arg1 = 0

8B8D 50FEFFFF MOV ECX,DWORD PTR SS:[LOCAL.108]


E8 369E0000 CALL 0040F5C0

; |
; \SystemIn

8B8D 50FEFFFF MOV ECX,DWORD PTR SS:[LOCAL.108]


E8 2BA00000 CALL 0040F7C0

; [SystemIn

8B4D EC
51

; /hObject

MOV ECX,DWORD PTR SS:[LOCAL.5]


PUSH ECX

FF15 30804400 CALL DWORD PTR DS:[<&KERNEL32.CloseHandl ; \KERNEL32


C645 FC 08
8D4D 0C
E8 D58F0000

MOV BYTE PTR SS:[LOCAL.1],8


LEA ECX,[ARG.2]
CALL 0040E780

C645 FC 01

MOV BYTE PTR SS:[LOCAL.1],1

; [SystemIn

004057AF |. 6A 00
004057B1 |. 6A 01
004057B3 |. 8D4D 0C
004057B6 |. E8 A5A30000
fo.0040FB60
004057BB |. C645 FC 09
004057BF |. 8D4D 34
004057C2 |. E8 B98F0000
fo.0040E780
004057C7 |. C645 FC 00
004057CB |. 6A 00
004057CD |. 6A 01
004057CF |. 8D4D 34
004057D2 |. E8 89A30000
fo.0040FB60
004057D7 |. C745 FC 0A000
004057DE |. 8D4D 5C
004057E1 |. E8 9A8F0000
fo.0040E780
004057E6 |. C745 FC FFFFF
004057ED |. 6A 00
004057EF |. 6A 01
004057F1 |. 8D4D 5C
004057F4 |. E8 67A30000
fo.0040FB60
004057F9 |. 8B4D F4
004057FC |. 64:890D 00000
00405803 |. 59
00405804 |. 8BE5
00405806 |. 5D
00405807 \. C3
00405808
CC
00405809
CC
0040580A
CC
0040580B
CC
0040580C
CC
0040580D
CC
0040580E
CC
0040580F
CC
00405810 /$ 55
o.00405810(guessed Arg1)
00405811 |. 8BEC
00405813 |. 8B45 08
00405816 |. 50
[ARG.1]
00405817 |. E8 648A0200
fo.0042E280
0040581C |. 83C4 04
0040581F |. 5D
00405820 \. C3
00405821
CC
00405822
CC
00405823
CC
00405824
CC
00405825
CC
00405826
CC
00405827
CC
00405828
CC
00405829
CC
0040582A
CC

PUSH 0
PUSH 1
LEA ECX,[ARG.2]
CALL 0040FB60

;
;
;
;

MOV BYTE PTR SS:[LOCAL.1],9


LEA ECX,[ARG.12]
CALL 0040E780

; [SystemIn

MOV BYTE PTR SS:[LOCAL.1],0


PUSH 0
PUSH 1
LEA ECX,[ARG.12]
CALL 0040FB60

;
;
;
;

MOV DWORD PTR SS:[LOCAL.1],0A


LEA ECX,[ARG.22]
CALL 0040E780

; [SystemIn

MOV DWORD PTR SS:[LOCAL.1],-1


PUSH 0
PUSH 1
LEA ECX,[ARG.22]
CALL 0040FB60

;
;
;
;

MOV ECX,DWORD PTR SS:[LOCAL.3]


MOV DWORD PTR FS:[0],ECX
POP ECX
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP

; SystemInf

MOV EBP,ESP
MOV EAX,DWORD PTR SS:[ARG.1]
PUSH EAX

; /Arg1 =>

CALL 0042E280

; \SystemIn

ADD ESP,4
POP EBP
RETN
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

0040582B
CC
0040582C
CC
0040582D
CC
0040582E
CC
0040582F
CC
00405830 /$ 55
00405831 |. 8BEC
00405833 |. 6A FF
00405835 |. 68 4B5E4400
0040583A |. 64:A1 0000000
00405840 |. 50
00405841 |. 81EC 90000000
00405847 |. A1 A0154500
0040584C |. 33C5
0040584E |. 50
0040584F |. 8D45 F4
00405852 |. 64:A3 0000000
00405858 |. 898D 64FFFFFF
0040585E |. C745 FC 00000
00405865 |. 8B8D 64FFFFFF
0040586B |. E8 F0210000
00405870 |. C745 FC FFFFF
00405877 |. 8B85 64FFFFFF
0040587D |. 8B08
0040587F |. 898D 68FFFFFF
00405885 |. 8B95 68FFFFFF
0040588B |. 52
0040588C |. E8 89900200
00405891 |. 83C4 04
00405894 |. 8B4D F4
00405897 |. 64:890D 00000
0040589E |. 59
0040589F |. 8BE5
004058A1 |. 5D
004058A2 \. C3
004058A3
CC
004058A4
CC
004058A5
CC
004058A6
CC
004058A7
CC
004058A8
CC
004058A9
CC
004058AA
CC
004058AB
CC
004058AC
CC
004058AD
CC
004058AE
CC
004058AF
CC
004058B0 /$ 55
o.004058B0(guessed void)
004058B1 |. 8BEC
004058B3 |. 6A FF
004058B5 |. 68 EE504400
004058BA |. 64:A1 0000000
004058C0 |. 50
004058C1 |. 83EC 68
004058C4 |. A1 A0154500
004058C9 |. 33C5
004058CB |. 50
004058CC |. 8D45 F4

INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
PUSH -1
PUSH 00445E4B
MOV EAX,DWORD PTR FS:[0]
PUSH EAX
SUB ESP,90
MOV EAX,DWORD PTR DS:[4515A0]
XOR EAX,EBP
PUSH EAX
LEA EAX,[EBP-0C]
MOV DWORD PTR FS:[0],EAX
MOV DWORD PTR SS:[EBP-9C],ECX
MOV DWORD PTR SS:[EBP-4],0
MOV ECX,DWORD PTR SS:[EBP-9C]
CALL 00407A60
MOV DWORD PTR SS:[EBP-4],-1
MOV EAX,DWORD PTR SS:[EBP-9C]
MOV ECX,DWORD PTR DS:[EAX]
MOV DWORD PTR SS:[EBP-98],ECX
MOV EDX,DWORD PTR SS:[EBP-98]
PUSH EDX
CALL 0042E91A
ADD ESP,4
MOV ECX,DWORD PTR SS:[EBP-0C]
MOV DWORD PTR FS:[0],ECX
POP ECX
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
PUSH -1
PUSH 004450EE
MOV EAX,DWORD PTR FS:[0]
PUSH EAX
SUB ESP,68
MOV EAX,DWORD PTR DS:[4515A0]
XOR EAX,EBP
PUSH EAX
LEA EAX,[LOCAL.3]

; SystemInf

004058CF |.
004058D5 |.
004058D8 |.
004058DB |.
004058DE |.
004058E0 |.
004058E2 |.
004058E5 |.
fo.0040FB60
004058EA |.
004058ED |.
004058F4 |.
004058F7 |.
004058FE |.
00405901 |.
00405908 |.
0040590F |.
00405912 |.
00405915 |.
00405918 |.
0040591B |.
0040591E |.
00405920 |.
00405922 |.
00405925 |.
fo.0040FB60
0040592A |.
0040592D |.
00405934 |.
00405937 |.
0040593E |.
00405941 |.
00405948 |.
0040594C |.
0040594F |.
00405952 |.
00405955 |.
00405958 |.
0040595B |.
0040595D |.
0040595F |.
00405962 |.
fo.0040FB60
00405967 |.
0040596A |.
00405971 |.
00405974 |.
0040597B |.
0040597E |.
00405985 |.
00405989 |.
0040598C |.
0040598F |.
00405992 |.
00405995 |.
00405998 |.
0040599A |.
0040599C |.
0040599F |.
fo.0040FB60

64:A3 0000000
894D 8C
8D45 E7
8945 E8
6A 00
6A 00
8B4D 8C
E8 76A20000

MOV DWORD PTR FS:[0],EAX


MOV DWORD PTR SS:[LOCAL.29],ECX
LEA EAX,[LOCAL.7+3]
MOV DWORD PTR SS:[LOCAL.6],EAX
PUSH 0
PUSH 0
MOV ECX,DWORD PTR SS:[LOCAL.29]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 0
|
\SystemIn

8B4D 8C
C741 1C 00000
8B55 8C
C742 20 00000
8B45 8C
C740 24 00000
C745 FC 00000
8B4D 8C
83C1 28
894D D4
8D55 DB
8955 DC
6A 00
6A 00
8B4D D4
E8 36A20000

MOV ECX,DWORD PTR SS:[LOCAL.29]


MOV DWORD PTR DS:[ECX+1C],0
MOV EDX,DWORD PTR SS:[LOCAL.29]
MOV DWORD PTR DS:[EDX+20],0
MOV EAX,DWORD PTR SS:[LOCAL.29]
MOV DWORD PTR DS:[EAX+24],0
MOV DWORD PTR SS:[LOCAL.1],0
MOV ECX,DWORD PTR SS:[LOCAL.29]
ADD ECX,28
MOV DWORD PTR SS:[LOCAL.11],ECX
LEA EDX,[LOCAL.10+3]
MOV DWORD PTR SS:[LOCAL.9],EDX
PUSH 0
PUSH 0
MOV ECX,DWORD PTR SS:[LOCAL.11]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 0
|
\SystemIn

8B45 D4
C740 1C 00000
8B4D D4
C741 20 00000
8B55 D4
C742 24 00000
C645 FC 01
8B45 8C
83C0 50
8945 B4
8D4D CB
894D CC
6A 00
6A 00
8B4D B4
E8 F9A10000

MOV EAX,DWORD PTR SS:[LOCAL.11]


MOV DWORD PTR DS:[EAX+1C],0
MOV ECX,DWORD PTR SS:[LOCAL.11]
MOV DWORD PTR DS:[ECX+20],0
MOV EDX,DWORD PTR SS:[LOCAL.11]
MOV DWORD PTR DS:[EDX+24],0
MOV BYTE PTR SS:[LOCAL.1],1
MOV EAX,DWORD PTR SS:[LOCAL.29]
ADD EAX,50
MOV DWORD PTR SS:[LOCAL.19],EAX
LEA ECX,[LOCAL.14+3]
MOV DWORD PTR SS:[LOCAL.13],ECX
PUSH 0
PUSH 0
MOV ECX,DWORD PTR SS:[LOCAL.19]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 0
|
\SystemIn

8B55 B4
C742 1C 00000
8B45 B4
C740 20 00000
8B4D B4
C741 24 00000
C645 FC 02
8B55 8C
83C2 78
8955 90
8D45 AB
8945 AC
6A 00
6A 00
8B4D 90
E8 BCA10000

MOV EDX,DWORD PTR SS:[LOCAL.19]


MOV DWORD PTR DS:[EDX+1C],0
MOV EAX,DWORD PTR SS:[LOCAL.19]
MOV DWORD PTR DS:[EAX+20],0
MOV ECX,DWORD PTR SS:[LOCAL.19]
MOV DWORD PTR DS:[ECX+24],0
MOV BYTE PTR SS:[LOCAL.1],2
MOV EDX,DWORD PTR SS:[LOCAL.29]
ADD EDX,78
MOV DWORD PTR SS:[LOCAL.28],EDX
LEA EAX,[LOCAL.22+3]
MOV DWORD PTR SS:[LOCAL.21],EAX
PUSH 0
PUSH 0
MOV ECX,DWORD PTR SS:[LOCAL.28]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 0
|
\SystemIn

004059A4 |. 8B4D 90
004059A7 |. C741 1C 00000
004059AE |. 8B55 90
004059B1 |. C742 20 00000
004059B8 |. 8B45 90
004059BB |. C740 24 00000
004059C2 |. C745 FC FFFFF
004059C9 |. 8B45 8C
004059CC |. 8B4D F4
004059CF |. 64:890D 00000
004059D6 |. 59
004059D7 |. 8BE5
004059D9 |. 5D
004059DA \. C3
004059DB
CC
004059DC
CC
004059DD
CC
004059DE
CC
004059DF
CC
004059E0 /$ 55
o.004059E0(guessed void)
004059E1 |. 8BEC
004059E3 |. 6A FF
004059E5 |. 68 5A514400
004059EA |. 64:A1 0000000
004059F0 |. 50
004059F1 |. 81EC 84000000
004059F7 |. A1 A0154500
004059FC |. 33C5
004059FE |. 50
004059FF |. 8D45 F4
00405A02 |. 64:A3 0000000
00405A08 |. 898D 70FFFFFF
00405A0E |. C745 FC 02000
00405A15 |. 8B85 70FFFFFF
00405A1B |. 83C0 78
00405A1E |. 8945 D4
00405A21 |. C645 FC 03
00405A25 |. 8B4D D4
00405A28 |. E8 538D0000
fo.0040E780
00405A2D |. C645 FC 02
00405A31 |. 6A 00
00405A33 |. 6A 01
00405A35 |. 8B4D D4
00405A38 |. E8 23A10000
fo.0040FB60
00405A3D |. C645 FC 01
00405A41 |. 8B8D 70FFFFFF
00405A47 |. 83C1 50
00405A4A |. 894D B4
00405A4D |. C645 FC 04
00405A51 |. 8B4D B4
00405A54 |. E8 278D0000
fo.0040E780
00405A59 |. C645 FC 01
00405A5D |. 6A 00
00405A5F |. 6A 01
00405A61 |. 8B4D B4
00405A64 |. E8 F7A00000

MOV ECX,DWORD
MOV DWORD PTR
MOV EDX,DWORD
MOV DWORD PTR
MOV EAX,DWORD
MOV DWORD PTR
MOV DWORD PTR
MOV EAX,DWORD
MOV ECX,DWORD
MOV DWORD PTR
POP ECX
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
INT3
INT3
PUSH EBP

PTR SS:[LOCAL.28]
DS:[ECX+1C],0
PTR SS:[LOCAL.28]
DS:[EDX+20],0
PTR SS:[LOCAL.28]
DS:[EAX+24],0
SS:[LOCAL.1],-1
PTR SS:[LOCAL.29]
PTR SS:[LOCAL.3]
FS:[0],ECX

; SystemInf

MOV EBP,ESP
PUSH -1
PUSH 0044515A
MOV EAX,DWORD PTR FS:[0]
PUSH EAX
SUB ESP,84
MOV EAX,DWORD PTR DS:[4515A0]
XOR EAX,EBP
PUSH EAX
LEA EAX,[EBP-0C]
MOV DWORD PTR FS:[0],EAX
MOV DWORD PTR SS:[EBP-90],ECX
MOV DWORD PTR SS:[EBP-4],2
MOV EAX,DWORD PTR SS:[EBP-90]
ADD EAX,78
MOV DWORD PTR SS:[EBP-2C],EAX
MOV BYTE PTR SS:[EBP-4],3
MOV ECX,DWORD PTR SS:[EBP-2C]
CALL 0040E780

; [SystemIn

MOV BYTE PTR SS:[EBP-4],2


PUSH 0
PUSH 1
MOV ECX,DWORD PTR SS:[EBP-2C]
CALL 0040FB60

;
;
;
;

MOV BYTE PTR SS:[EBP-4],1


MOV ECX,DWORD PTR SS:[EBP-90]
ADD ECX,50
MOV DWORD PTR SS:[EBP-4C],ECX
MOV BYTE PTR SS:[EBP-4],4
MOV ECX,DWORD PTR SS:[EBP-4C]
CALL 0040E780

; [SystemIn

MOV BYTE PTR SS:[EBP-4],1


PUSH 0
PUSH 1
MOV ECX,DWORD PTR SS:[EBP-4C]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

fo.0040FB60
00405A69 |. C645 FC 00
00405A6D |. 8B95 70FFFFFF
00405A73 |. 83C2 28
00405A76 |. 8955 94
00405A79 |. C645 FC 05
00405A7D |. 8B4D 94
00405A80 |. E8 FB8C0000
fo.0040E780
00405A85 |. C645 FC 00
00405A89 |. 6A 00
00405A8B |. 6A 01
00405A8D |. 8B4D 94
00405A90 |. E8 CBA00000
fo.0040FB60
00405A95 |. C745 FC 06000
00405A9C |. 8B8D 70FFFFFF
00405AA2 |. E8 D98C0000
fo.0040E780
00405AA7 |. C745 FC FFFFF
00405AAE |. 6A 00
00405AB0 |. 6A 01
00405AB2 |. 8B8D 70FFFFFF
00405AB8 |. E8 A3A00000
fo.0040FB60
00405ABD |. 8B4D F4
00405AC0 |. 64:890D 00000
00405AC7 |. 59
00405AC8 |. 8BE5
00405ACA |. 5D
00405ACB \. C3
00405ACC
CC
00405ACD
CC
00405ACE
CC
00405ACF
CC
00405AD0 /$ 55
o.00405AD0(guessed Arg1)
00405AD1 |. 8BEC
00405AD3 |. 83EC 3C
00405AD6 |. 894D C4
00405AD9 |. 8B45 C4
00405ADC |. 8B4D 08
00405ADF |. 3B48 14
00405AE2 |. 77 10
00405AE4 |. 6A FF
1
00405AE6 |. 8B55 08
00405AE9 |. 52
[ARG.1]
00405AEA |. 8B4D C4
00405AED |. E8 0E990000
fo.0040F400
00405AF2 |. EB 14
00405AF4 |> 6A 00
00405AF6 |. 8B45 C4
00405AF9 |. 8B4D 08
00405AFC |. 2B48 14
00405AFF |. 51
00405B00 |. 8B4D C4
00405B03 |. E8 78940000

MOV BYTE PTR SS:[EBP-4],0


MOV EDX,DWORD PTR SS:[EBP-90]
ADD EDX,28
MOV DWORD PTR SS:[EBP-6C],EDX
MOV BYTE PTR SS:[EBP-4],5
MOV ECX,DWORD PTR SS:[EBP-6C]
CALL 0040E780

; [SystemIn

MOV BYTE PTR SS:[EBP-4],0


PUSH 0
PUSH 1
MOV ECX,DWORD PTR SS:[EBP-6C]
CALL 0040FB60

;
;
;
;

MOV DWORD PTR SS:[EBP-4],6


MOV ECX,DWORD PTR SS:[EBP-90]
CALL 0040E780

; [SystemIn

MOV DWORD PTR SS:[EBP-4],-1


PUSH 0
PUSH 1
MOV ECX,DWORD PTR SS:[EBP-90]
CALL 0040FB60

;
;
;
;

MOV ECX,DWORD PTR SS:[EBP-0C]


MOV DWORD PTR FS:[0],ECX
POP ECX
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
INT3
PUSH EBP

; SystemInf

MOV EBP,ESP
SUB ESP,3C
MOV DWORD PTR SS:[LOCAL.15],ECX
MOV EAX,DWORD PTR SS:[LOCAL.15]
MOV ECX,DWORD PTR SS:[ARG.1]
CMP ECX,DWORD PTR DS:[EAX+14]
JA SHORT 00405AF4
PUSH -1

; /Arg2 = -

MOV EDX,DWORD PTR SS:[ARG.1]


PUSH EDX

; |
; |Arg1 =>

MOV ECX,DWORD PTR SS:[LOCAL.15]


CALL 0040F400

; |
; \SystemIn

JMP SHORT 00405B08


PUSH 0
MOV EAX,DWORD PTR SS:[LOCAL.15]
MOV ECX,DWORD PTR SS:[ARG.1]
SUB ECX,DWORD PTR DS:[EAX+14]
PUSH ECX
MOV ECX,DWORD PTR SS:[LOCAL.15]
CALL 0040EF80

;
;
;
;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

/Arg2 = 0
|
|
|
|Arg1
|
\SystemIn

fo.0040EF80
00405B08 |> 8BE5
00405B0A |. 5D
00405B0B \. C2 0400
00405B0E
CC
00405B0F
CC
00405B10 /$ 55
00405B11 |. 8BEC
00405B13 |. 51
00405B14 |. 894D FC
00405B17 |. 8B45 FC
00405B1A |. 33C9
00405B1C |. 8378 14 00
00405B20 |. 0F94C1
00405B23 |. 8AC1
00405B25 |. 8BE5
00405B27 |. 5D
00405B28 \. C3
00405B29
CC
00405B2A
CC
00405B2B
CC
00405B2C
CC
00405B2D
CC
00405B2E
CC
00405B2F
CC
00405B30 /$ 55
o.00405B30(guessed Arg1)
00405B31 |. 8BEC
00405B33 |. 51
00405B34 |. 894D FC
00405B37 |. 8B45 FC
00405B3A |. 50
00405B3B |. FF55 08
00405B3E |. 83C4 04
00405B41 |. 8BE5
00405B43 |. 5D
00405B44 \. C2 0400
00405B47
CC
00405B48
CC
00405B49
CC
00405B4A
CC
00405B4B
CC
00405B4C
CC
00405B4D
CC
00405B4E
CC
00405B4F
CC
00405B50 /$ 55
o.00405B50(guessed Arg1)
00405B51 |. 8BEC
00405B53 |. 83EC 08
00405B56 |. 894D FC
00405B59 |. 837D FC 00
00405B5D |. 75 09
00405B5F |. C745 F8 00000
00405B66 |. EB 0E
00405B68 |> 8B45 FC
00405B6B |. 8B08
00405B6D |. 8B55 FC
00405B70 |. 0351 04
00405B73 |. 8955 F8

MOV ESP,EBP
POP EBP
RETN 4
INT3
INT3
PUSH EBP
MOV EBP,ESP
PUSH ECX
MOV DWORD PTR SS:[LOCAL.1],ECX
MOV EAX,DWORD PTR SS:[LOCAL.1]
XOR ECX,ECX
CMP DWORD PTR DS:[EAX+14],0
SETE CL
MOV AL,CL
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP

; SystemInf

MOV EBP,ESP
PUSH ECX
MOV DWORD PTR SS:[LOCAL.1],ECX
MOV EAX,DWORD PTR SS:[LOCAL.1]
PUSH EAX
CALL DWORD PTR SS:[ARG.1]
ADD ESP,4
MOV ESP,EBP
POP EBP
RETN 4
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP

; SystemInf

MOV
SUB
MOV
CMP
JNE
MOV
JMP
MOV
MOV
MOV
ADD
MOV

EBP,ESP
ESP,8
DWORD PTR SS:[LOCAL.1],ECX
DWORD PTR SS:[LOCAL.1],0
SHORT 00405B68
DWORD PTR SS:[LOCAL.2],0
SHORT 00405B76
EAX,DWORD PTR SS:[LOCAL.1]
ECX,DWORD PTR DS:[EAX]
EDX,DWORD PTR SS:[LOCAL.1]
EDX,DWORD PTR DS:[ECX+4]
DWORD PTR SS:[LOCAL.2],EDX

00405B76 |> 8B45 F8


00405B79 |. 50
00405B7A |. FF55 08
00405B7D |. 83C4 04
00405B80 |. 8B45 FC
00405B83 |. 8BE5
00405B85 |. 5D
00405B86 \. C2 0400
00405B89
CC
00405B8A
CC
00405B8B
CC
00405B8C
CC
00405B8D
CC
00405B8E
CC
00405B8F
CC
00405B90 /$ 55
o.00405B90(guessed Arg1)
00405B91 |. 8BEC
00405B93 |. 6A FF
00405B95 |. 68 98514400
00405B9A |. 64:A1 0000000
00405BA0 |. 50
00405BA1 |. 51
00405BA2 |. 81EC B4000000
00405BA8 |. 53
00405BA9 |. 56
00405BAA |. 57
00405BAB |. A1 A0154500
00405BB0 |. 33C5
00405BB2 |. 50
00405BB3 |. 8D45 F4
00405BB6 |. 64:A3 0000000
00405BBC |. 8965 F0
00405BBF |. 898D 4CFFFFFF
00405BC5 |. C745 EC 00000
00405BCC |. 8B85 4CFFFFFF
00405BD2 |. 50
ARG.ECX
00405BD3 |. 8D4D E4
00405BD6 |. E8 C5A10000
fo.0040FDA0
00405BDB |. C745 FC 00000
00405BE2 |. 8A4D E8
00405BE5 |. 884D B7
00405BE8 |. 0FB655 B7
00405BEC |. 85D2
00405BEE |. 0F84 A5010000
00405BF4 |. 8D45 DC
00405BF7 |. 50
OFFSET LOCAL.9
00405BF8 |. 8B8D 4CFFFFFF
00405BFE |. 8B11
00405C00 |. 8B8D 4CFFFFFF
00405C06 |. 034A 04
00405C09 |. E8 32320000
fo.00408E40
00405C0E |. 8985 48FFFFFF
00405C14 |. 8B85 48FFFFFF
00405C1A |. 8985 44FFFFFF
00405C20 |. C645 FC 01

MOV EAX,DWORD PTR SS:[LOCAL.2]


PUSH EAX
CALL DWORD PTR SS:[ARG.1]
ADD ESP,4
MOV EAX,DWORD PTR SS:[LOCAL.1]
MOV ESP,EBP
POP EBP
RETN 4
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP

; SystemInf

MOV EBP,ESP
PUSH -1
PUSH 00445198
MOV EAX,DWORD PTR FS:[0]
PUSH EAX
PUSH ECX
SUB ESP,0B4
PUSH EBX
PUSH ESI
PUSH EDI
MOV EAX,DWORD PTR DS:[4515A0]
XOR EAX,EBP
PUSH EAX
LEA EAX,[LOCAL.3]
MOV DWORD PTR FS:[0],EAX
MOV DWORD PTR SS:[LOCAL.4],ESP
MOV DWORD PTR SS:[LOCAL.45],ECX
MOV DWORD PTR SS:[LOCAL.5],0
MOV EAX,DWORD PTR SS:[LOCAL.45]
PUSH EAX

; /Arg1 =>

LEA ECX,[LOCAL.7]
CALL 0040FDA0

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.1],0


MOV CL,BYTE PTR SS:[LOCAL.6]
MOV BYTE PTR SS:[LOCAL.19+3],CL
MOVZX EDX,BYTE PTR SS:[LOCAL.19+3]
TEST EDX,EDX
JE 00405D99
LEA EAX,[LOCAL.9]
PUSH EAX

; /Arg1 =>

MOV ECX,DWORD
MOV EDX,DWORD
MOV ECX,DWORD
ADD ECX,DWORD
CALL 00408E40

;
;
;
;
;

MOV
MOV
MOV
MOV

PTR
PTR
PTR
PTR

SS:[LOCAL.45]
DS:[ECX]
SS:[LOCAL.45]
DS:[EDX+4]

DWORD PTR SS:[LOCAL.46],EAX


EAX,DWORD PTR SS:[LOCAL.46]
DWORD PTR SS:[LOCAL.47],EAX
BYTE PTR SS:[LOCAL.1],1

|
|
|
|
\SystemIn

00405C24 |.
00405C2A |.
[LOCAL.46]
00405C2B |.
fo.0040B490
00405C30 |.
00405C33 |.
00405C36 |.
00405C3A |.
00405C3D |.
00405C42 |.
00405C46 |.
00405C4D |.
00405C4F |.
00405C59 |.
00405C5B |>
00405C61 |.
00405C63 |.
00405C69 |.
00405C6C |.
00405C72 |>
00405C78 |.
00405C7A |.
00405C7D |.
00405C83 |.
00405C87 |.
00405C8A |.
00405C90 |.
00405C92 |.
00405C95 |.
00405C9B |.
00405C9F |.
00405CA5 |.
00405CA9 |.
00405CAF |.
00405CB2 |.
00405CB5 |.
00405CBB |.
00405CBE |.
00405CC4 |.
00405CC8 |.
00405CC9 |.
00405CCD |.
00405CCE |.
00405CD4 |.
00405CD5 |.
00405CDB |.
00405CDC |.
00405CE2 |.
00405CE3 |.
00405CE6 |.
00405CE7 |.
00405CEA |.
00405CEC |.
00405CEF |.
00405CF2 |.
00405CF4 |.
00405CF8 |.
00405CFA |.
00405CFC |.

8B8D 44FFFFFF MOV ECX,DWORD PTR SS:[LOCAL.47]


51
PUSH ECX

; /Arg1 =>

E8 60580000

CALL 0040B490

; \SystemIn

83C4 04
8945 E0
C645 FC 00
8D4D DC
E8 9E0A0000
C645 FC 02
83BD 4CFFFFFF
75 0C
C785 70FFFFFF
EB 17
8B95 4CFFFFFF
8B02
8B8D 4CFFFFFF
0348 04
898D 70FFFFFF
8B95 4CFFFFFF
8B02
8B48 04
8B95 4CFFFFFF
8A440A 30
8845 83
8B8D 4CFFFFFF
8B11
8B42 04
8B8D 4CFFFFFF
8B5401 28
8995 7CFFFFFF
C645 D4 00
8B85 7CFFFFFF
8945 D8
8B4D D4
898D 74FFFFFF
8B55 D8
8995 78FFFFFF
0FB745 08
50
0FB64D 83
51
8B95 70FFFFFF
52
8B85 78FFFFFF
50
8B8D 74FFFFFF
51
8D55 CC
52
8B45 E0
8B10
8B4D E0
8B42 18
FFD0
0FB64D CC
85C9
74 09
8B55 EC

ADD ESP,4
MOV DWORD PTR SS:[LOCAL.8],EAX
MOV BYTE PTR SS:[LOCAL.1],0
LEA ECX,[LOCAL.9]
CALL 004066E0
MOV BYTE PTR SS:[LOCAL.1],2
CMP DWORD PTR SS:[LOCAL.45],0
JNE SHORT 00405C5B
MOV DWORD PTR SS:[LOCAL.36],0
JMP SHORT 00405C72
MOV EDX,DWORD PTR SS:[LOCAL.45]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[LOCAL.45]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.36],ECX
MOV EDX,DWORD PTR SS:[LOCAL.45]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR DS:[EAX+4]
MOV EDX,DWORD PTR SS:[LOCAL.45]
MOV AL,BYTE PTR DS:[ECX+EDX+30]
MOV BYTE PTR SS:[LOCAL.32+3],AL
MOV ECX,DWORD PTR SS:[LOCAL.45]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR DS:[EDX+4]
MOV ECX,DWORD PTR SS:[LOCAL.45]
MOV EDX,DWORD PTR DS:[EAX+ECX+28]
MOV DWORD PTR SS:[LOCAL.33],EDX
MOV BYTE PTR SS:[LOCAL.11],0
MOV EAX,DWORD PTR SS:[LOCAL.33]
MOV DWORD PTR SS:[LOCAL.10],EAX
MOV ECX,DWORD PTR SS:[LOCAL.11]
MOV DWORD PTR SS:[LOCAL.35],ECX
MOV EDX,DWORD PTR SS:[LOCAL.10]
MOV DWORD PTR SS:[LOCAL.34],EDX
MOVZX EAX,WORD PTR SS:[ARG.1]
PUSH EAX
MOVZX ECX,BYTE PTR SS:[LOCAL.32+3]
PUSH ECX
MOV EDX,DWORD PTR SS:[LOCAL.36]
PUSH EDX
MOV EAX,DWORD PTR SS:[LOCAL.34]
PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.35]
PUSH ECX
LEA EDX,[LOCAL.13]
PUSH EDX
MOV EAX,DWORD PTR SS:[LOCAL.8]
MOV EDX,DWORD PTR DS:[EAX]
MOV ECX,DWORD PTR SS:[LOCAL.8]
MOV EAX,DWORD PTR DS:[EDX+18]
CALL EAX
MOVZX ECX,BYTE PTR SS:[LOCAL.13]
TEST ECX,ECX
JE SHORT 00405D05
MOV EDX,DWORD PTR SS:[LOCAL.5]

00405CFF |.
00405D02 |.
00405D05 \>
00405D0A /.
00405D10 |.
00405D12 |.
00405D18 |.
00405D1B |.
00405D21 |.
00405D26 |.
00405D28 |.
00405D2A |.
00405D30 |.
00405D33 |.
00405D39 |.
00405D3F |.
00405D42 |.
00405D48 |.
00405D4E |.
00405D52 |.
00405D54 |.
00405D5A |.
00405D5D |.
00405D63 |.
00405D65 |>
00405D6B |.
00405D71 |>
00405D73 |.
00405D79 |.
[ARG.EBP-0C0]
00405D7A |.
00405D80 |.
fo.004083E0
00405D85 |>
00405D8C |.
00405D91 \.
00405D92 />
00405D99 |>
00405D9F |.
00405DA1 |.
00405DA7 |.
00405DAA |.
00405DB0 |.
00405DB4 |.
00405DB6 |.
00405DBC |.
00405DBF |.
00405DC5 |.
00405DCB |.
00405DCE |.
00405DD4 |.
00405DDA |.
00405DDE |.
00405DE0 |.
00405DE6 |.
00405DE9 |.
00405DEF |.
00405DF1 |>
00405DF7 |.
00405DFD |>

83CA 04
8955 EC
E9 88000000
8B85 4CFFFFFF
8B08
8B95 4CFFFFFF
0351 04
8995 64FFFFFF
B8 04000000
85C0
74 5B
8B8D 64FFFFFF
8B51 08
8995 6CFFFFFF
8B85 6CFFFFFF
83C8 04
8985 68FFFFFF
8B8D 64FFFFFF
8379 28 00
75 11
8B95 68FFFFFF
83CA 04
8995 40FFFFFF
EB 0C
8B85 68FFFFFF
8985 40FFFFFF
6A 01
8B8D 40FFFFFF
51

OR EDX,00000004
MOV DWORD PTR SS:[LOCAL.5],EDX
JMP 00405D92
MOV EAX,DWORD PTR SS:[EBP-0B4]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[EBP-0B4]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[EBP-9C],EDX
MOV EAX,4
TEST EAX,EAX
JE SHORT 00405D85
MOV ECX,DWORD PTR SS:[EBP-9C]
MOV EDX,DWORD PTR DS:[ECX+8]
MOV DWORD PTR SS:[EBP-94],EDX
MOV EAX,DWORD PTR SS:[EBP-94]
OR EAX,00000004
MOV DWORD PTR SS:[EBP-98],EAX
MOV ECX,DWORD PTR SS:[EBP-9C]
CMP DWORD PTR DS:[ECX+28],0
JNE SHORT 00405D65
MOV EDX,DWORD PTR SS:[EBP-98]
OR EDX,00000004
MOV DWORD PTR SS:[EBP-0C0],EDX
JMP SHORT 00405D71
MOV EAX,DWORD PTR SS:[EBP-98]
MOV DWORD PTR SS:[EBP-0C0],EAX
PUSH 1
MOV ECX,DWORD PTR SS:[EBP-0C0]
PUSH ECX

; /Arg2 = 1
; |
; |Arg1 =>

8B8D 64FFFFFF MOV ECX,DWORD PTR SS:[EBP-9C]


E8 5B260000 CALL 004083E0

; |
; \SystemIn

C745 FC 00000
B8 995D4000
C3
C745 FC 00000
8B95 4CFFFFFF
8B02
8B8D 4CFFFFFF
0348 04
898D 58FFFFFF
837D EC 00
74 5B
8B95 58FFFFFF
8B42 08
8985 60FFFFFF
8B8D 60FFFFFF
0B4D EC
898D 5CFFFFFF
8B95 58FFFFFF
837A 28 00
75 11
8B85 5CFFFFFF
83C8 04
8985 3CFFFFFF
EB 0C
8B8D 5CFFFFFF
898D 3CFFFFFF
6A 00

; /Arg2 = 0

MOV DWORD PTR SS:[EBP-4],0


MOV EAX,00405D99
RETN
MOV DWORD PTR SS:[LOCAL.1],0
MOV EDX,DWORD PTR SS:[LOCAL.45]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[LOCAL.45]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.42],ECX
CMP DWORD PTR SS:[LOCAL.5],0
JE SHORT 00405E11
MOV EDX,DWORD PTR SS:[LOCAL.42]
MOV EAX,DWORD PTR DS:[EDX+8]
MOV DWORD PTR SS:[LOCAL.40],EAX
MOV ECX,DWORD PTR SS:[LOCAL.40]
OR ECX,DWORD PTR SS:[LOCAL.5]
MOV DWORD PTR SS:[LOCAL.41],ECX
MOV EDX,DWORD PTR SS:[LOCAL.42]
CMP DWORD PTR DS:[EDX+28],0
JNE SHORT 00405DF1
MOV EAX,DWORD PTR SS:[LOCAL.41]
OR EAX,00000004
MOV DWORD PTR SS:[LOCAL.49],EAX
JMP SHORT 00405DFD
MOV ECX,DWORD PTR SS:[LOCAL.41]
MOV DWORD PTR SS:[LOCAL.49],ECX
PUSH 0

00405DFF |. 8B95 3CFFFFFF


00405E05 |. 52
[LOCAL.49]
00405E06 |. 8B8D 58FFFFFF
00405E0C |. E8 CF250000
fo.004083E0
00405E11 |> 8B85 4CFFFFFF
00405E17 |. 8945 C8
00405E1A |. C745 FC 04000
00405E21 |. E8 88790200
00405E26 |. 0FB6C8
00405E29 |. 85C9
00405E2B |. 75 08
00405E2D |. 8B4D E4
00405E30 |. E8 4BA30000
00405E35 |> C745 FC FFFFF
00405E3C |. 8D4D E4
00405E3F |. E8 2CA40000
00405E44 |. 8B45 C8
00405E47 |. 8B4D F4
00405E4A |. 64:890D 00000
00405E51 |. 59
00405E52 |. 5F
00405E53 |. 5E
00405E54 |. 5B
00405E55 |. 8BE5
00405E57 |. 5D
00405E58 \. C2 0400
00405E5B
CC
00405E5C
CC
00405E5D
CC
00405E5E
CC
00405E5F
CC
00405E60 /$ 55
o.00405E60(guessed Arg1)
00405E61 |. 8BEC
00405E63 |. 6A FF
00405E65 |. 68 D8514400
00405E6A |. 64:A1 0000000
00405E70 |. 50
00405E71 |. 51
00405E72 |. 81EC C4000000
00405E78 |. 53
00405E79 |. 56
00405E7A |. 57
00405E7B |. A1 A0154500
00405E80 |. 33C5
00405E82 |. 50
00405E83 |. 8D45 F4
00405E86 |. 64:A3 0000000
00405E8C |. 8965 F0
00405E8F |. 898D 40FFFFFF
00405E95 |. C745 EC 00000
00405E9C |. 8B85 40FFFFFF
00405EA2 |. 50
ARG.ECX
00405EA3 |. 8D4D E4
00405EA6 |. E8 F59E0000
fo.0040FDA0
00405EAB |. C745 FC 00000

MOV EDX,DWORD PTR SS:[LOCAL.49]


PUSH EDX

; |
; |Arg1 =>

MOV ECX,DWORD PTR SS:[LOCAL.42]


CALL 004083E0

; |
; \SystemIn

MOV EAX,DWORD PTR SS:[LOCAL.45]


MOV DWORD PTR SS:[LOCAL.14],EAX
MOV DWORD PTR SS:[LOCAL.1],4
CALL 0042D7AE
MOVZX ECX,AL
TEST ECX,ECX
JNE SHORT 00405E35
MOV ECX,DWORD PTR SS:[LOCAL.7]
CALL 00410180
MOV DWORD PTR SS:[LOCAL.1],-1
LEA ECX,[LOCAL.7]
CALL 00410270
MOV EAX,DWORD PTR SS:[LOCAL.14]
MOV ECX,DWORD PTR SS:[LOCAL.3]
MOV DWORD PTR FS:[0],ECX
POP ECX
POP EDI
POP ESI
POP EBX
MOV ESP,EBP
POP EBP
RETN 4
INT3
INT3
INT3
INT3
INT3
PUSH EBP

; SystemInf

MOV EBP,ESP
PUSH -1
PUSH 004451D8
MOV EAX,DWORD PTR FS:[0]
PUSH EAX
PUSH ECX
SUB ESP,0C4
PUSH EBX
PUSH ESI
PUSH EDI
MOV EAX,DWORD PTR DS:[4515A0]
XOR EAX,EBP
PUSH EAX
LEA EAX,[LOCAL.3]
MOV DWORD PTR FS:[0],EAX
MOV DWORD PTR SS:[LOCAL.4],ESP
MOV DWORD PTR SS:[LOCAL.48],ECX
MOV DWORD PTR SS:[LOCAL.5],0
MOV EAX,DWORD PTR SS:[LOCAL.48]
PUSH EAX

; /Arg1 =>

LEA ECX,[LOCAL.7]
CALL 0040FDA0

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.1],0

00405EB2 |. 8A4D E8
00405EB5 |. 884D AF
00405EB8 |. 0FB655 AF
00405EBC |. 85D2
00405EBE |. 0F84 03020000
00405EC4 |. 8D45 D4
00405EC7 |. 50
OFFSET LOCAL.11
00405EC8 |. 8B8D 40FFFFFF
00405ECE |. 8B11
00405ED0 |. 8B8D 40FFFFFF
00405ED6 |. 034A 04
00405ED9 |. E8 622F0000
fo.00408E40
00405EDE |. 8985 3CFFFFFF
00405EE4 |. 8B85 3CFFFFFF
00405EEA |. 8985 38FFFFFF
00405EF0 |. C645 FC 01
00405EF4 |. 8B8D 38FFFFFF
00405EFA |. 51
[LOCAL.49]
00405EFB |. E8 90550000
fo.0040B490
00405F00 |. 83C4 04
00405F03 |. 8945 D8
00405F06 |. C645 FC 00
00405F0A |. 8D4D D4
00405F0D |. E8 CE070000
00405F12 |. 8B95 40FFFFFF
00405F18 |. 8B02
00405F1A |. 8B48 04
00405F1D |. 8B95 40FFFFFF
00405F23 |. 8B440A 10
00405F27 |. 8985 78FFFFFF
00405F2D |. 8B8D 78FFFFFF
00405F33 |. 81E1 000E0000
00405F39 |. 894D DC
00405F3C |. 817D DC 00040
00405F43 |. 74 14
00405F45 |. 817D DC 00080
00405F4C |. 74 0B
00405F4E |. 8B55 08
00405F51 |. 8995 34FFFFFF
00405F57 |. EB 09
00405F59 |> 8B45 08
00405F5C |. 8985 34FFFFFF
00405F62 |> 8B8D 34FFFFFF
00405F68 |. 894D E0
00405F6B |. C645 FC 02
00405F6F |. 83BD 40FFFFFF
00405F76 |. 75 0C
00405F78 |. C785 64FFFFFF
00405F82 |. EB 17
00405F84 |> 8B95 40FFFFFF
00405F8A |. 8B02
00405F8C |. 8B8D 40FFFFFF
00405F92 |. 0348 04
00405F95 |. 898D 64FFFFFF
00405F9B |> 8B95 40FFFFFF
00405FA1 |. 8B02

MOV CL,BYTE PTR SS:[LOCAL.6]


MOV BYTE PTR SS:[LOCAL.21+3],CL
MOVZX EDX,BYTE PTR SS:[LOCAL.21+3]
TEST EDX,EDX
JE 004060C7
LEA EAX,[LOCAL.11]
PUSH EAX

; /Arg1 =>

MOV ECX,DWORD
MOV EDX,DWORD
MOV ECX,DWORD
ADD ECX,DWORD
CALL 00408E40

;
;
;
;
;

PTR
PTR
PTR
PTR

SS:[LOCAL.48]
DS:[ECX]
SS:[LOCAL.48]
DS:[EDX+4]

|
|
|
|
\SystemIn

MOV DWORD PTR SS:[LOCAL.49],EAX


MOV EAX,DWORD PTR SS:[LOCAL.49]
MOV DWORD PTR SS:[LOCAL.50],EAX
MOV BYTE PTR SS:[LOCAL.1],1
MOV ECX,DWORD PTR SS:[LOCAL.50]
PUSH ECX

; /Arg1 =>

CALL 0040B490

; \SystemIn

ADD ESP,4
MOV DWORD PTR SS:[LOCAL.10],EAX
MOV BYTE PTR SS:[LOCAL.1],0
LEA ECX,[LOCAL.11]
CALL 004066E0
MOV EDX,DWORD PTR SS:[LOCAL.48]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR DS:[EAX+4]
MOV EDX,DWORD PTR SS:[LOCAL.48]
MOV EAX,DWORD PTR DS:[ECX+EDX+10]
MOV DWORD PTR SS:[LOCAL.34],EAX
MOV ECX,DWORD PTR SS:[LOCAL.34]
AND ECX,00000E00
MOV DWORD PTR SS:[LOCAL.9],ECX
CMP DWORD PTR SS:[LOCAL.9],400
JE SHORT 00405F59
CMP DWORD PTR SS:[LOCAL.9],800
JE SHORT 00405F59
MOV EDX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR SS:[LOCAL.51],EDX
JMP SHORT 00405F62
MOV EAX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR SS:[LOCAL.51],EAX
MOV ECX,DWORD PTR SS:[LOCAL.51]
MOV DWORD PTR SS:[LOCAL.8],ECX
MOV BYTE PTR SS:[LOCAL.1],2
CMP DWORD PTR SS:[LOCAL.48],0
JNE SHORT 00405F84
MOV DWORD PTR SS:[LOCAL.39],0
JMP SHORT 00405F9B
MOV EDX,DWORD PTR SS:[LOCAL.48]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[LOCAL.48]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.39],ECX
MOV EDX,DWORD PTR SS:[LOCAL.48]
MOV EAX,DWORD PTR DS:[EDX]

00405FA3
00405FA6
00405FAC
00405FB0
00405FB6
00405FBC
00405FBE
00405FC1
00405FC7
00405FCB
00405FD1
00405FD5
00405FDB
00405FDE
00405FE1
00405FE7
00405FEA
00405FF0
00405FF3
00405FF4
00405FFB
00405FFC
00406002
00406003
00406009
0040600A
00406010
00406011
00406014
00406015
00406018
0040601A
0040601D
00406020
00406022
00406026
00406028
0040602A
0040602D
00406030
00406033
00406038
0040603E
00406040
00406046
00406049
0040604F
00406054
00406056
00406058
0040605E
00406061
00406067
0040606D
00406070
00406076
0040607C
00406080
00406082
00406088

|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
\>
/.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.

8B48 04
8B95 40FFFFFF
8A440A 30
8885 77FFFFFF
8B8D 40FFFFFF
8B11
8B42 04
8B8D 40FFFFFF
8B5401 28
8995 70FFFFFF
C645 CC 00
8B85 70FFFFFF
8945 D0
8B4D CC
898D 68FFFFFF
8B55 D0
8995 6CFFFFFF
8B45 E0
50
0FB68D 77FFFF
51
8B95 64FFFFFF
52
8B85 6CFFFFFF
50
8B8D 68FFFFFF
51
8D55 C4
52
8B45 D8
8B10
8B4D D8
8B42 1C
FFD0
0FB64D C4
85C9
74 09
8B55 EC
83CA 04
8955 EC
E9 88000000
8B85 40FFFFFF
8B08
8B95 40FFFFFF
0351 04
8995 58FFFFFF
B8 04000000
85C0
74 5B
8B8D 58FFFFFF
8B51 08
8995 60FFFFFF
8B85 60FFFFFF
83C8 04
8985 5CFFFFFF
8B8D 58FFFFFF
8379 28 00
75 11
8B95 5CFFFFFF
83CA 04

MOV ECX,DWORD PTR DS:[EAX+4]


MOV EDX,DWORD PTR SS:[LOCAL.48]
MOV AL,BYTE PTR DS:[ECX+EDX+30]
MOV BYTE PTR SS:[LOCAL.35+3],AL
MOV ECX,DWORD PTR SS:[LOCAL.48]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR DS:[EDX+4]
MOV ECX,DWORD PTR SS:[LOCAL.48]
MOV EDX,DWORD PTR DS:[EAX+ECX+28]
MOV DWORD PTR SS:[LOCAL.36],EDX
MOV BYTE PTR SS:[LOCAL.13],0
MOV EAX,DWORD PTR SS:[LOCAL.36]
MOV DWORD PTR SS:[LOCAL.12],EAX
MOV ECX,DWORD PTR SS:[LOCAL.13]
MOV DWORD PTR SS:[LOCAL.38],ECX
MOV EDX,DWORD PTR SS:[LOCAL.12]
MOV DWORD PTR SS:[LOCAL.37],EDX
MOV EAX,DWORD PTR SS:[LOCAL.8]
PUSH EAX
MOVZX ECX,BYTE PTR SS:[LOCAL.35+3]
PUSH ECX
MOV EDX,DWORD PTR SS:[LOCAL.39]
PUSH EDX
MOV EAX,DWORD PTR SS:[LOCAL.37]
PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.38]
PUSH ECX
LEA EDX,[LOCAL.15]
PUSH EDX
MOV EAX,DWORD PTR SS:[LOCAL.10]
MOV EDX,DWORD PTR DS:[EAX]
MOV ECX,DWORD PTR SS:[LOCAL.10]
MOV EAX,DWORD PTR DS:[EDX+1C]
CALL EAX
MOVZX ECX,BYTE PTR SS:[LOCAL.15]
TEST ECX,ECX
JE SHORT 00406033
MOV EDX,DWORD PTR SS:[LOCAL.5]
OR EDX,00000004
MOV DWORD PTR SS:[LOCAL.5],EDX
JMP 004060C0
MOV EAX,DWORD PTR SS:[EBP-0C0]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[EBP-0C0]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[EBP-0A8],EDX
MOV EAX,4
TEST EAX,EAX
JE SHORT 004060B3
MOV ECX,DWORD PTR SS:[EBP-0A8]
MOV EDX,DWORD PTR DS:[ECX+8]
MOV DWORD PTR SS:[EBP-0A0],EDX
MOV EAX,DWORD PTR SS:[EBP-0A0]
OR EAX,00000004
MOV DWORD PTR SS:[EBP-0A4],EAX
MOV ECX,DWORD PTR SS:[EBP-0A8]
CMP DWORD PTR DS:[ECX+28],0
JNE SHORT 00406093
MOV EDX,DWORD PTR SS:[EBP-0A4]
OR EDX,00000004

0040608B |.
00406091 |.
00406093 |>
00406099 |.
0040609F |>
004060A1 |.
004060A7 |.
[ARG.EBP-0D0]
004060A8 |.
004060AE |.
fo.004083E0
004060B3 |>
004060BA |.
004060BF \.
004060C0 />
004060C7 |>
004060CD |.
004060CF |.
004060D5 |.
004060D8 |.
004060DE |.
004060E2 |.
004060E4 |.
004060EA |.
004060ED |.
004060F3 |.
004060F9 |.
004060FC |.
00406102 |.
00406108 |.
0040610C |.
0040610E |.
00406114 |.
00406117 |.
0040611D |.
0040611F |>
00406125 |.
0040612B |>
0040612D |.
00406133 |.
[LOCAL.53]
00406134 |.
0040613A |.
fo.004083E0
0040613F |>
00406145 |.
00406148 |.
0040614F |.
00406154 |.
00406157 |.
00406159 |.
0040615B |.
0040615E |.
00406163 |>
0040616A |.
0040616D |.
00406172 |.
00406175 |.
00406178 |.
0040617F |.

8995 30FFFFFF
EB 0C
8B85 5CFFFFFF
8985 30FFFFFF
6A 01
8B8D 30FFFFFF
51

MOV DWORD PTR SS:[EBP-0D0],EDX


JMP SHORT 0040609F
MOV EAX,DWORD PTR SS:[EBP-0A4]
MOV DWORD PTR SS:[EBP-0D0],EAX
PUSH 1
MOV ECX,DWORD PTR SS:[EBP-0D0]
PUSH ECX

; /Arg2 = 1
; |
; |Arg1 =>

8B8D 58FFFFFF MOV ECX,DWORD PTR SS:[EBP-0A8]


E8 2D230000 CALL 004083E0

; |
; \SystemIn

C745 FC 00000
B8 C7604000
C3
C745 FC 00000
8B95 40FFFFFF
8B02
8B8D 40FFFFFF
0348 04
898D 4CFFFFFF
837D EC 00
74 5B
8B95 4CFFFFFF
8B42 08
8985 54FFFFFF
8B8D 54FFFFFF
0B4D EC
898D 50FFFFFF
8B95 4CFFFFFF
837A 28 00
75 11
8B85 50FFFFFF
83C8 04
8985 2CFFFFFF
EB 0C
8B8D 50FFFFFF
898D 2CFFFFFF
6A 00
8B95 2CFFFFFF
52

MOV DWORD PTR SS:[EBP-4],0


MOV EAX,004060C7
RETN
MOV DWORD PTR SS:[LOCAL.1],0
MOV EDX,DWORD PTR SS:[LOCAL.48]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[LOCAL.48]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.45],ECX
CMP DWORD PTR SS:[LOCAL.5],0
JE SHORT 0040613F
MOV EDX,DWORD PTR SS:[LOCAL.45]
MOV EAX,DWORD PTR DS:[EDX+8]
MOV DWORD PTR SS:[LOCAL.43],EAX
MOV ECX,DWORD PTR SS:[LOCAL.43]
OR ECX,DWORD PTR SS:[LOCAL.5]
MOV DWORD PTR SS:[LOCAL.44],ECX
MOV EDX,DWORD PTR SS:[LOCAL.45]
CMP DWORD PTR DS:[EDX+28],0
JNE SHORT 0040611F
MOV EAX,DWORD PTR SS:[LOCAL.44]
OR EAX,00000004
MOV DWORD PTR SS:[LOCAL.53],EAX
JMP SHORT 0040612B
MOV ECX,DWORD PTR SS:[LOCAL.44]
MOV DWORD PTR SS:[LOCAL.53],ECX
PUSH 0
MOV EDX,DWORD PTR SS:[LOCAL.53]
PUSH EDX

; /Arg2 = 0
; |
; |Arg1 =>

8B8D 4CFFFFFF MOV ECX,DWORD PTR SS:[LOCAL.45]


E8 A1220000 CALL 004083E0

; |
; \SystemIn

8B85 40FFFFFF
8945 C0
C745 FC 04000
E8 5A760200
0FB6C8
85C9
75 08
8B4D E4
E8 1DA00000
C745 FC FFFFF
8D4D E4
E8 FEA00000
8B45 C0
8B4D F4
64:890D 00000
59

MOV EAX,DWORD PTR SS:[LOCAL.48]


MOV DWORD PTR SS:[LOCAL.16],EAX
MOV DWORD PTR SS:[LOCAL.1],4
CALL 0042D7AE
MOVZX ECX,AL
TEST ECX,ECX
JNE SHORT 00406163
MOV ECX,DWORD PTR SS:[LOCAL.7]
CALL 00410180
MOV DWORD PTR SS:[LOCAL.1],-1
LEA ECX,[LOCAL.7]
CALL 00410270
MOV EAX,DWORD PTR SS:[LOCAL.16]
MOV ECX,DWORD PTR SS:[LOCAL.3]
MOV DWORD PTR FS:[0],ECX
POP ECX

00406180 |. 5F
00406181 |. 5E
00406182 |. 5B
00406183 |. 8BE5
00406185 |. 5D
00406186 \. C2 0400
00406189
CC
0040618A
CC
0040618B
CC
0040618C
CC
0040618D
CC
0040618E
CC
0040618F
CC
00406190 /$ 55
o.00406190(guessed Arg1)
00406191 |. 8BEC
00406193 |. 6A FF
00406195 |. 68 18524400
0040619A |. 64:A1 0000000
004061A0 |. 50
004061A1 |. 51
004061A2 |. 81EC B4000000
004061A8 |. 53
004061A9 |. 56
004061AA |. 57
004061AB |. A1 A0154500
004061B0 |. 33C5
004061B2 |. 50
004061B3 |. 8D45 F4
004061B6 |. 64:A3 0000000
004061BC |. 8965 F0
004061BF |. 898D 4CFFFFFF
004061C5 |. C745 EC 00000
004061CC |. 8B85 4CFFFFFF
004061D2 |. 50
ARG.ECX
004061D3 |. 8D4D E4
004061D6 |. E8 C59B0000
fo.0040FDA0
004061DB |. C745 FC 00000
004061E2 |. 8A4D E8
004061E5 |. 884D B7
004061E8 |. 0FB655 B7
004061EC |. 85D2
004061EE |. 0F84 A4010000
004061F4 |. 8D45 DC
004061F7 |. 50
OFFSET LOCAL.9
004061F8 |. 8B8D 4CFFFFFF
004061FE |. 8B11
00406200 |. 8B8D 4CFFFFFF
00406206 |. 034A 04
00406209 |. E8 322C0000
fo.00408E40
0040620E |. 8985 48FFFFFF
00406214 |. 8B85 48FFFFFF
0040621A |. 8985 44FFFFFF
00406220 |. C645 FC 01
00406224 |. 8B8D 44FFFFFF
0040622A |. 51

POP EDI
POP ESI
POP EBX
MOV ESP,EBP
POP EBP
RETN 4
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP

; SystemInf

MOV EBP,ESP
PUSH -1
PUSH 00445218
MOV EAX,DWORD PTR FS:[0]
PUSH EAX
PUSH ECX
SUB ESP,0B4
PUSH EBX
PUSH ESI
PUSH EDI
MOV EAX,DWORD PTR DS:[4515A0]
XOR EAX,EBP
PUSH EAX
LEA EAX,[LOCAL.3]
MOV DWORD PTR FS:[0],EAX
MOV DWORD PTR SS:[LOCAL.4],ESP
MOV DWORD PTR SS:[LOCAL.45],ECX
MOV DWORD PTR SS:[LOCAL.5],0
MOV EAX,DWORD PTR SS:[LOCAL.45]
PUSH EAX

; /Arg1 =>

LEA ECX,[LOCAL.7]
CALL 0040FDA0

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.1],0


MOV CL,BYTE PTR SS:[LOCAL.6]
MOV BYTE PTR SS:[LOCAL.19+3],CL
MOVZX EDX,BYTE PTR SS:[LOCAL.19+3]
TEST EDX,EDX
JE 00406398
LEA EAX,[LOCAL.9]
PUSH EAX

; /Arg1 =>

MOV ECX,DWORD
MOV EDX,DWORD
MOV ECX,DWORD
ADD ECX,DWORD
CALL 00408E40

;
;
;
;
;

PTR
PTR
PTR
PTR

SS:[LOCAL.45]
DS:[ECX]
SS:[LOCAL.45]
DS:[EDX+4]

MOV DWORD PTR SS:[LOCAL.46],EAX


MOV EAX,DWORD PTR SS:[LOCAL.46]
MOV DWORD PTR SS:[LOCAL.47],EAX
MOV BYTE PTR SS:[LOCAL.1],1
MOV ECX,DWORD PTR SS:[LOCAL.47]
PUSH ECX

|
|
|
|
\SystemIn

; /Arg1 =>

[LOCAL.46]
0040622B |.
fo.0040B490
00406230 |.
00406233 |.
00406236 |.
0040623A |.
0040623D |.
00406242 |.
00406246 |.
0040624D |.
0040624F |.
00406259 |.
0040625B |>
00406261 |.
00406263 |.
00406269 |.
0040626C |.
00406272 |>
00406278 |.
0040627A |.
0040627D |.
00406283 |.
00406287 |.
0040628A |.
00406290 |.
00406292 |.
00406295 |.
0040629B |.
0040629F |.
004062A5 |.
004062A9 |.
004062AF |.
004062B2 |.
004062B5 |.
004062BB |.
004062BE |.
004062C4 |.
004062C7 |.
004062C8 |.
004062CC |.
004062CD |.
004062D3 |.
004062D4 |.
004062DA |.
004062DB |.
004062E1 |.
004062E2 |.
004062E5 |.
004062E6 |.
004062E9 |.
004062EB |.
004062EE |.
004062F1 |.
004062F3 |.
004062F7 |.
004062F9 |.
004062FB |.
004062FE |.
00406301 |.

E8 60520000

CALL 0040B490

83C4 04
8945 E0
C645 FC 00
8D4D DC
E8 9E040000
C645 FC 02
83BD 4CFFFFFF
75 0C
C785 70FFFFFF
EB 17
8B95 4CFFFFFF
8B02
8B8D 4CFFFFFF
0348 04
898D 70FFFFFF
8B95 4CFFFFFF
8B02
8B48 04
8B95 4CFFFFFF
8A440A 30
8845 83
8B8D 4CFFFFFF
8B11
8B42 04
8B8D 4CFFFFFF
8B5401 28
8995 7CFFFFFF
C645 D4 00
8B85 7CFFFFFF
8945 D8
8B4D D4
898D 74FFFFFF
8B55 D8
8995 78FFFFFF
8B45 08
50
0FB64D 83
51
8B95 70FFFFFF
52
8B85 78FFFFFF
50
8B8D 74FFFFFF
51
8D55 CC
52
8B45 E0
8B10
8B4D E0
8B42 18
FFD0
0FB64D CC
85C9
74 09
8B55 EC
83CA 04
8955 EC

ADD ESP,4
MOV DWORD PTR SS:[LOCAL.8],EAX
MOV BYTE PTR SS:[LOCAL.1],0
LEA ECX,[LOCAL.9]
CALL 004066E0
MOV BYTE PTR SS:[LOCAL.1],2
CMP DWORD PTR SS:[LOCAL.45],0
JNE SHORT 0040625B
MOV DWORD PTR SS:[LOCAL.36],0
JMP SHORT 00406272
MOV EDX,DWORD PTR SS:[LOCAL.45]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[LOCAL.45]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.36],ECX
MOV EDX,DWORD PTR SS:[LOCAL.45]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR DS:[EAX+4]
MOV EDX,DWORD PTR SS:[LOCAL.45]
MOV AL,BYTE PTR DS:[ECX+EDX+30]
MOV BYTE PTR SS:[LOCAL.32+3],AL
MOV ECX,DWORD PTR SS:[LOCAL.45]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR DS:[EDX+4]
MOV ECX,DWORD PTR SS:[LOCAL.45]
MOV EDX,DWORD PTR DS:[EAX+ECX+28]
MOV DWORD PTR SS:[LOCAL.33],EDX
MOV BYTE PTR SS:[LOCAL.11],0
MOV EAX,DWORD PTR SS:[LOCAL.33]
MOV DWORD PTR SS:[LOCAL.10],EAX
MOV ECX,DWORD PTR SS:[LOCAL.11]
MOV DWORD PTR SS:[LOCAL.35],ECX
MOV EDX,DWORD PTR SS:[LOCAL.10]
MOV DWORD PTR SS:[LOCAL.34],EDX
MOV EAX,DWORD PTR SS:[ARG.1]
PUSH EAX
MOVZX ECX,BYTE PTR SS:[LOCAL.32+3]
PUSH ECX
MOV EDX,DWORD PTR SS:[LOCAL.36]
PUSH EDX
MOV EAX,DWORD PTR SS:[LOCAL.34]
PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.35]
PUSH ECX
LEA EDX,[LOCAL.13]
PUSH EDX
MOV EAX,DWORD PTR SS:[LOCAL.8]
MOV EDX,DWORD PTR DS:[EAX]
MOV ECX,DWORD PTR SS:[LOCAL.8]
MOV EAX,DWORD PTR DS:[EDX+18]
CALL EAX
MOVZX ECX,BYTE PTR SS:[LOCAL.13]
TEST ECX,ECX
JE SHORT 00406304
MOV EDX,DWORD PTR SS:[LOCAL.5]
OR EDX,00000004
MOV DWORD PTR SS:[LOCAL.5],EDX

; \SystemIn

00406304 \>
00406309 /.
0040630F |.
00406311 |.
00406317 |.
0040631A |.
00406320 |.
00406325 |.
00406327 |.
00406329 |.
0040632F |.
00406332 |.
00406338 |.
0040633E |.
00406341 |.
00406347 |.
0040634D |.
00406351 |.
00406353 |.
00406359 |.
0040635C |.
00406362 |.
00406364 |>
0040636A |.
00406370 |>
00406372 |.
00406378 |.
[ARG.EBP-0C0]
00406379 |.
0040637F |.
fo.004083E0
00406384 |>
0040638B |.
00406390 \.
00406391 />
00406398 |>
0040639E |.
004063A0 |.
004063A6 |.
004063A9 |.
004063AF |.
004063B3 |.
004063B5 |.
004063BB |.
004063BE |.
004063C4 |.
004063CA |.
004063CD |.
004063D3 |.
004063D9 |.
004063DD |.
004063DF |.
004063E5 |.
004063E8 |.
004063EE |.
004063F0 |>
004063F6 |.
004063FC |>
004063FE |.
00406404 |.

E9 88000000
8B85 4CFFFFFF
8B08
8B95 4CFFFFFF
0351 04
8995 64FFFFFF
B8 04000000
85C0
74 5B
8B8D 64FFFFFF
8B51 08
8995 6CFFFFFF
8B85 6CFFFFFF
83C8 04
8985 68FFFFFF
8B8D 64FFFFFF
8379 28 00
75 11
8B95 68FFFFFF
83CA 04
8995 40FFFFFF
EB 0C
8B85 68FFFFFF
8985 40FFFFFF
6A 01
8B8D 40FFFFFF
51

JMP 00406391
MOV EAX,DWORD PTR SS:[EBP-0B4]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[EBP-0B4]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[EBP-9C],EDX
MOV EAX,4
TEST EAX,EAX
JE SHORT 00406384
MOV ECX,DWORD PTR SS:[EBP-9C]
MOV EDX,DWORD PTR DS:[ECX+8]
MOV DWORD PTR SS:[EBP-94],EDX
MOV EAX,DWORD PTR SS:[EBP-94]
OR EAX,00000004
MOV DWORD PTR SS:[EBP-98],EAX
MOV ECX,DWORD PTR SS:[EBP-9C]
CMP DWORD PTR DS:[ECX+28],0
JNE SHORT 00406364
MOV EDX,DWORD PTR SS:[EBP-98]
OR EDX,00000004
MOV DWORD PTR SS:[EBP-0C0],EDX
JMP SHORT 00406370
MOV EAX,DWORD PTR SS:[EBP-98]
MOV DWORD PTR SS:[EBP-0C0],EAX
PUSH 1
MOV ECX,DWORD PTR SS:[EBP-0C0]
PUSH ECX

; /Arg2 = 1
; |
; |Arg1 =>

8B8D 64FFFFFF MOV ECX,DWORD PTR SS:[EBP-9C]


E8 5C200000 CALL 004083E0

; |
; \SystemIn

C745 FC 00000
B8 98634000
C3
C745 FC 00000
8B95 4CFFFFFF
8B02
8B8D 4CFFFFFF
0348 04
898D 58FFFFFF
837D EC 00
74 5B
8B95 58FFFFFF
8B42 08
8985 60FFFFFF
8B8D 60FFFFFF
0B4D EC
898D 5CFFFFFF
8B95 58FFFFFF
837A 28 00
75 11
8B85 5CFFFFFF
83C8 04
8985 3CFFFFFF
EB 0C
8B8D 5CFFFFFF
898D 3CFFFFFF
6A 00
8B95 3CFFFFFF
52

; /Arg2 = 0
; |
; |Arg1 =>

MOV DWORD PTR SS:[EBP-4],0


MOV EAX,00406398
RETN
MOV DWORD PTR SS:[LOCAL.1],0
MOV EDX,DWORD PTR SS:[LOCAL.45]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[LOCAL.45]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.42],ECX
CMP DWORD PTR SS:[LOCAL.5],0
JE SHORT 00406410
MOV EDX,DWORD PTR SS:[LOCAL.42]
MOV EAX,DWORD PTR DS:[EDX+8]
MOV DWORD PTR SS:[LOCAL.40],EAX
MOV ECX,DWORD PTR SS:[LOCAL.40]
OR ECX,DWORD PTR SS:[LOCAL.5]
MOV DWORD PTR SS:[LOCAL.41],ECX
MOV EDX,DWORD PTR SS:[LOCAL.42]
CMP DWORD PTR DS:[EDX+28],0
JNE SHORT 004063F0
MOV EAX,DWORD PTR SS:[LOCAL.41]
OR EAX,00000004
MOV DWORD PTR SS:[LOCAL.49],EAX
JMP SHORT 004063FC
MOV ECX,DWORD PTR SS:[LOCAL.41]
MOV DWORD PTR SS:[LOCAL.49],ECX
PUSH 0
MOV EDX,DWORD PTR SS:[LOCAL.49]
PUSH EDX

[LOCAL.49]
00406405 |. 8B8D 58FFFFFF
0040640B |. E8 D01F0000
fo.004083E0
00406410 |> 8B85 4CFFFFFF
00406416 |. 8945 C8
00406419 |. C745 FC 04000
00406420 |. E8 89730200
00406425 |. 0FB6C8
00406428 |. 85C9
0040642A |. 75 08
0040642C |. 8B4D E4
0040642F |. E8 4C9D0000
00406434 |> C745 FC FFFFF
0040643B |. 8D4D E4
0040643E |. E8 2D9E0000
00406443 |. 8B45 C8
00406446 |. 8B4D F4
00406449 |. 64:890D 00000
00406450 |. 59
00406451 |. 5F
00406452 |. 5E
00406453 |. 5B
00406454 |. 8BE5
00406456 |. 5D
00406457 \. C2 0400
0040645A
CC
0040645B
CC
0040645C
CC
0040645D
CC
0040645E
CC
0040645F
CC
00406460 /$ 55
o.00406460(guessed Arg1)
00406461 |. 8BEC
00406463 |. 83EC 08
00406466 |. 894D F8
00406469 |. C745 FC 00000
00406470 |. 8B45 08
00406473 |. 50
[ARG.1]
00406474 |. 8B4D F8
00406477 |. 83C1 04
0040647A |. E8 F1090000
fo.00406E70
0040647F |. 8B4D FC
00406482 |. 83C9 01
00406485 |. 894D FC
00406488 |. 8B45 08
0040648B |. 8BE5
0040648D |. 5D
0040648E \. C2 0400
00406491
CC
00406492
CC
00406493
CC
00406494
CC
00406495
CC
00406496
CC
00406497
CC
00406498
CC

MOV ECX,DWORD PTR SS:[LOCAL.42]


CALL 004083E0

; |
; \SystemIn

MOV EAX,DWORD PTR SS:[LOCAL.45]


MOV DWORD PTR SS:[LOCAL.14],EAX
MOV DWORD PTR SS:[LOCAL.1],4
CALL 0042D7AE
MOVZX ECX,AL
TEST ECX,ECX
JNE SHORT 00406434
MOV ECX,DWORD PTR SS:[LOCAL.7]
CALL 00410180
MOV DWORD PTR SS:[LOCAL.1],-1
LEA ECX,[LOCAL.7]
CALL 00410270
MOV EAX,DWORD PTR SS:[LOCAL.14]
MOV ECX,DWORD PTR SS:[LOCAL.3]
MOV DWORD PTR FS:[0],ECX
POP ECX
POP EDI
POP ESI
POP EBX
MOV ESP,EBP
POP EBP
RETN 4
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP

; SystemInf

MOV EBP,ESP
SUB ESP,8
MOV DWORD PTR SS:[LOCAL.2],ECX
MOV DWORD PTR SS:[LOCAL.1],0
MOV EAX,DWORD PTR SS:[ARG.1]
PUSH EAX

; /Arg1 =>

MOV ECX,DWORD PTR SS:[LOCAL.2]


ADD ECX,4
CALL 00406E70

; |
; |
; \SystemIn

MOV ECX,DWORD PTR SS:[LOCAL.1]


OR ECX,00000001
MOV DWORD PTR SS:[LOCAL.1],ECX
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ESP,EBP
POP EBP
RETN 4
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3

00406499
CC
0040649A
CC
0040649B
CC
0040649C
CC
0040649D
CC
0040649E
CC
0040649F
CC
004064A0 /$ 55
o.004064A0(guessed Arg1)
004064A1 |. 8BEC
004064A3 |. 83EC 38
004064A6 |. 894D C8
004064A9 |. 8B45 08
004064AC |. 50
[ARG.1]
004064AD |. 8B4D C8
004064B0 |. 83C1 04
004064B3 |. E8 680C0000
fo.00407120
004064B8 |. 8BE5
004064BA |. 5D
004064BB \. C2 0400
004064BE
CC
004064BF
CC
004064C0 /$ 55
004064C1 |. 8BEC
004064C3 |. 83EC 30
004064C6 |. 894D D0
004064C9 |. 8D45 FF
004064CC |. 50
004064CD |. 8D4D FE
004064D0 |. 51
004064D1 |. 8B4D D0
004064D4 |. E8 A70C0000
fo.00407180
004064D9 |. 8B45 D0
004064DC |. 8BE5
004064DE |. 5D
004064DF \. C3
004064E0 /$ 55
o.004064E0(guessed Arg1)
004064E1 |. 8BEC
004064E3 |. 6A FF
004064E5 |. 68 66524400
004064EA |. 64:A1 0000000
004064F0 |. 50
004064F1 |. 81EC F8000000
004064F7 |. A1 A0154500
004064FC |. 33C5
004064FE |. 50
004064FF |. 8D45 F4
00406502 |. 64:A3 0000000
00406508 |. 898D 00FFFFFF
0040650E |. 8B45 08
00406511 |. 50
[ARG.1]
00406512 |. 8B8D 00FFFFFF
00406518 |. E8 A3280000
fo.00408DC0
0040651D |. 8985 54FFFFFF

INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP

; SystemInf

MOV EBP,ESP
SUB ESP,38
MOV DWORD PTR SS:[LOCAL.14],ECX
MOV EAX,DWORD PTR SS:[ARG.1]
PUSH EAX

; /Arg1 =>

MOV ECX,DWORD PTR SS:[LOCAL.14]


ADD ECX,4
CALL 00407120

; |
; |
; \SystemIn

MOV ESP,EBP
POP EBP
RETN 4
INT3
INT3
PUSH EBP
MOV EBP,ESP
SUB ESP,30
MOV DWORD PTR SS:[LOCAL.12],ECX
LEA EAX,[LOCAL.1+3]
PUSH EAX
LEA ECX,[LOCAL.1+2]
PUSH ECX
MOV ECX,DWORD PTR SS:[LOCAL.12]
CALL 00407180

;
;
;
;
;

MOV EAX,DWORD PTR SS:[LOCAL.12]


MOV ESP,EBP
POP EBP
RETN
PUSH EBP

; SystemInf

MOV EBP,ESP
PUSH -1
PUSH 00445266
MOV EAX,DWORD PTR FS:[0]
PUSH EAX
SUB ESP,0F8
MOV EAX,DWORD PTR DS:[4515A0]
XOR EAX,EBP
PUSH EAX
LEA EAX,[LOCAL.3]
MOV DWORD PTR FS:[0],EAX
MOV DWORD PTR SS:[LOCAL.64],ECX
MOV EAX,DWORD PTR SS:[ARG.1]
PUSH EAX

; /Arg1 =>

MOV ECX,DWORD PTR SS:[LOCAL.64]


CALL 00408DC0

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.43],EAX

/Arg2
|
|Arg1
|
\SystemIn

00406523 |.
00406529 |.
ARG.ECX
0040652A |.
00406530 |.
[LOCAL.43]
00406531 |.
00406534 |.
fo.004290F0
00406539 |.
0040653F |.
00406542 |.
00406548 |.
0040654E |.
ARG.ECX
0040654F |.
00406555 |.
[ARG.ECX+18]
00406556 |.
00406559 |.
fo.004290F0
0040655E |.
00406560 |.
00406564 |.
00406567 |.
0040656A |.
0040656C |.
0040656E |.
00406571 |.
00406573 |.
00406576 |.
00406579 |.
0040657C |.
0040657E |.
00406580 |>
00406585 |>
00406587 |.^
00406589 |.
0040658C |.
0040658E |.
00406591 |.
00406594 |.
00406597 |.
00406599 |.
0040659B |.
0040659E |.
004065A4 |.
004065AA |.
004065AD |.
004065B2 |.
004065B3 |.
004065B6 |.
004065BB |.
004065BC |.
fo.0042E980
004065C1 |.
004065C4 |.
004065C6 |.
004065C8 |.
004065CB |.

8B8D 00FFFFFF MOV ECX,DWORD PTR SS:[LOCAL.64]


51
PUSH ECX

; /Arg2 =>

8B95 54FFFFFF MOV EDX,DWORD PTR SS:[LOCAL.43]


52
PUSH EDX

; |
; |Arg1 =>

8D4D EC
E8 B72B0200

LEA ECX,[LOCAL.5]
CALL 004290F0

; |
; \SystemIn

8B85
8B48
898D
8B95
52

MOV EAX,DWORD
MOV ECX,DWORD
MOV DWORD PTR
MOV EDX,DWORD
PUSH EDX

; /Arg2 =>

00FFFFFF
18
50FFFFFF
00FFFFFF

PTR SS:[LOCAL.64]
PTR DS:[EAX+18]
SS:[LOCAL.44],ECX
PTR SS:[LOCAL.64]

8B85 50FFFFFF MOV EAX,DWORD PTR SS:[LOCAL.44]


50
PUSH EAX

; |
; |Arg1 =>

8D4D E4
E8 922B0200

LEA ECX,[LOCAL.7]
CALL 004290F0

; |
; \SystemIn

33C9
837D EC 00
0F95C1
0FB6D1
85D2
74 12
8B45 EC
33C9
3B45 E4
0F94C1
0FB6D1
85D2
75 05
E8 03830200
33C0
75 FC
8B4D F0
33D2
3B4D E8
0F94C2
0FB6C2
85C0
75 3B
8B4D F0
898D 4CFFFFFF
8B8D 4CFFFFFF
83C1 0C
E8 FE800000
50
8B4D 08
E8 F5800000
50
E8 BF830200

XOR ECX,ECX
CMP DWORD PTR SS:[LOCAL.5],0
SETNE CL
MOVZX EDX,CL
TEST EDX,EDX
JE SHORT 00406580
MOV EAX,DWORD PTR SS:[LOCAL.5]
XOR ECX,ECX
CMP EAX,DWORD PTR SS:[LOCAL.7]
SETE CL
MOVZX EDX,CL
TEST EDX,EDX
JNE SHORT 00406585
CALL 0042E888
/XOR EAX,EAX
\JNE SHORT 00406585
MOV ECX,DWORD PTR SS:[LOCAL.4]
XOR EDX,EDX
CMP ECX,DWORD PTR SS:[LOCAL.6]
SETE DL
MOVZX EAX,DL
TEST EAX,EAX
JNE SHORT 004065D6
MOV ECX,DWORD PTR SS:[LOCAL.4]
MOV DWORD PTR SS:[LOCAL.45],ECX
MOV ECX,DWORD PTR SS:[LOCAL.45]
ADD ECX,0C
CALL 0040E6B0
PUSH EAX
MOV ECX,DWORD PTR SS:[ARG.1]
CALL 0040E6B0
PUSH EAX
CALL 0042E980

;
;
;
;
;

83C4 08
33D2
85C0
0F9CC2
0FB6C2

ADD ESP,8
XOR EDX,EDX
TEST EAX,EAX
SETL DL
MOVZX EAX,DL

/Arg2
|
|
|Arg1
\SystemIn

004065CE |. 85C0
004065D0 |. 0F84 EB000000
004065D6 |> 8B4D EC
004065D9 |. 898D 60FFFFFF
004065DF |. 8B55 F0
004065E2 |. 8995 64FFFFFF
004065E8 |. 8D85 3BFFFFFF
004065EE |. 8985 3CFFFFFF
004065F4 |. 6A 00
004065F6 |. 6A 00
004065F8 |. 8D8D 6CFFFFFF
004065FE |. E8 5D950000
fo.0040FB60
00406603 |. C745 88 00000
0040660A |. C745 8C 00000
00406611 |. C745 90 00000
00406618 |. 8D8D 6CFFFFFF
0040661E |. 898D 34FFFFFF
00406624 |. C745 FC 00000
0040662B |. 8B55 08
0040662E |. 52
[ARG.1]
0040662F |. 8D4D 94
00406632 |. E8 D9460000
fo.0040AD10
00406637 |. C645 FC 01
0040663B |. 8B85 34FFFFFF
00406641 |. 50
OFFSET LOCAL.37
00406642 |. 8D4D BC
00406645 |. E8 C6460000
fo.0040AD10
0040664A |. C645 FC 00
0040664E |. 8D4D 94
00406651 |. 898D FCFEFFFF
00406657 |. C645 FC 02
0040665B |. 8B95 FCFEFFFF
00406661 |. 52
OFFSET LOCAL.27
00406662 |. 8B85 64FFFFFF
00406668 |. 50
[LOCAL.4]
00406669 |. 8B8D 60FFFFFF
0040666F |. 51
[LOCAL.5]
00406670 |. 8D95 58FFFFFF
00406676 |. 52
OFFSET LOCAL.42
00406677 |. 8B8D 00FFFFFF
0040667D |. E8 9E0B0000
fo.00407220
00406682 |. 8B08
00406684 |. 8B50 04
00406687 |. 894D EC
0040668A |. 8955 F0
0040668D |. C645 FC 00
00406691 |. 8D4D 94
00406694 |. E8 17070000
fo.00406DB0
00406699 |. C745 FC 03000

TEST EAX,EAX
JE 004066C1
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV DWORD PTR SS:[LOCAL.40],ECX
MOV EDX,DWORD PTR SS:[LOCAL.4]
MOV DWORD PTR SS:[LOCAL.39],EDX
LEA EAX,[LOCAL.50+3]
MOV DWORD PTR SS:[LOCAL.49],EAX
PUSH 0
PUSH 0
LEA ECX,[LOCAL.37]
CALL 0040FB60

;
;
;
;

MOV DWORD PTR SS:[LOCAL.30],0


MOV DWORD PTR SS:[LOCAL.29],0
MOV DWORD PTR SS:[LOCAL.28],0
LEA ECX,[LOCAL.37]
MOV DWORD PTR SS:[LOCAL.51],ECX
MOV DWORD PTR SS:[LOCAL.1],0
MOV EDX,DWORD PTR SS:[ARG.1]
PUSH EDX

; /Arg1 =>

LEA ECX,[LOCAL.27]
CALL 0040AD10

; |
; \SystemIn

MOV BYTE PTR SS:[LOCAL.1],1


MOV EAX,DWORD PTR SS:[LOCAL.51]
PUSH EAX

; /Arg1 =>

LEA ECX,[LOCAL.17]
CALL 0040AD10

; |
; \SystemIn

MOV BYTE PTR SS:[LOCAL.1],0


LEA ECX,[LOCAL.27]
MOV DWORD PTR SS:[LOCAL.65],ECX
MOV BYTE PTR SS:[LOCAL.1],2
MOV EDX,DWORD PTR SS:[LOCAL.65]
PUSH EDX

; /Arg4 =>

MOV EAX,DWORD PTR SS:[LOCAL.39]


PUSH EAX

; |
; |Arg3 =>

MOV ECX,DWORD PTR SS:[LOCAL.40]


PUSH ECX

; |
; |Arg2 =>

LEA EDX,[LOCAL.42]
PUSH EDX

; |
; |Arg1 =>

MOV ECX,DWORD PTR SS:[LOCAL.64]


CALL 00407220

; |
; \SystemIn

MOV ECX,DWORD PTR DS:[EAX]


MOV EDX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.5],ECX
MOV DWORD PTR SS:[LOCAL.4],EDX
MOV BYTE PTR SS:[LOCAL.1],0
LEA ECX,[LOCAL.27]
CALL 00406DB0

; [SystemIn

MOV DWORD PTR SS:[LOCAL.1],3

/Arg2 = 0
|Arg1 = 0
|
\SystemIn

004066A0 |.
004066A6 |.
fo.0040E780
004066AB |.
004066B2 |.
004066B4 |.
004066B6 |.
004066BC |.
fo.0040FB60
004066C1 |>
004066C4 |.
fo.004278B0
004066C9 |.
004066CC |.
004066CF |.
004066D6 |.
004066D7 |.
004066D9 |.
004066DA \.
004066DD
004066DE
004066DF
004066E0 /$
004066E1 |.
004066E3 |.
004066E6 |.
004066E9 |.
004066EC |.
004066EF |.
004066F1 |.
004066F4 |.
004066F6 |.
004066FB |.
004066FE |.
00406701 |.
00406704 |.
00406708 |.
0040670A |.
0040670C |.
0040670F |.
00406711 |.
00406714 |.
00406716 |.
00406718 |.
0040671B |.
0040671D |>
00406724 |>
00406726 |.
00406727 \.
00406728
00406729
0040672A
0040672B
0040672C
0040672D
0040672E
0040672F
00406730 /$
00406731 |.
00406733 |.

8D8D 6CFFFFFF LEA ECX,[LOCAL.37]


E8 D5800000 CALL 0040E780

; [SystemIn

C745 FC FFFFF
6A 00
6A 01
8D8D 6CFFFFFF
E8 9F940000

MOV DWORD PTR SS:[LOCAL.1],-1


PUSH 0
PUSH 1
LEA ECX,[LOCAL.37]
CALL 0040FB60

;
;
;
;

8D4D EC
E8 E7110200

LEA ECX,[LOCAL.5]
CALL 004278B0

; [SystemIn

83C0 28
8B4D F4
64:890D 00000
59
8BE5
5D
C2 0400
CC
CC
CC
55
8BEC
83EC 18
894D EC
8B45 EC
8338 00
74 33
8B4D EC
8B09
E8 35000000
8945 F8
8B55 F8
8955 FC
837D FC 00
74 13
6A 01
8B45 FC
8B10
8B4D FC
8B02
FFD0
8945 E8
EB 07
C745 E8 00000
8BE5
5D
C3
CC
CC
CC
CC
CC
CC
CC
CC
55
8BEC
83EC 0C

ADD EAX,28
MOV ECX,DWORD PTR SS:[LOCAL.3]
MOV DWORD PTR FS:[0],ECX
POP ECX
MOV ESP,EBP
POP EBP
RETN 4
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
SUB ESP,18
MOV DWORD PTR SS:[EBP-14],ECX
MOV EAX,DWORD PTR SS:[EBP-14]
CMP DWORD PTR DS:[EAX],0
JE SHORT 00406724
MOV ECX,DWORD PTR SS:[EBP-14]
MOV ECX,DWORD PTR DS:[ECX]
CALL 00406730
MOV DWORD PTR SS:[EBP-8],EAX
MOV EDX,DWORD PTR SS:[EBP-8]
MOV DWORD PTR SS:[EBP-4],EDX
CMP DWORD PTR SS:[EBP-4],0
JE SHORT 0040671D
PUSH 1
MOV EAX,DWORD PTR SS:[EBP-4]
MOV EDX,DWORD PTR DS:[EAX]
MOV ECX,DWORD PTR SS:[EBP-4]
MOV EAX,DWORD PTR DS:[EDX]
CALL EAX
MOV DWORD PTR SS:[EBP-18],EAX
JMP SHORT 00406724
MOV DWORD PTR SS:[EBP-18],0
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
SUB ESP,0C

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

00406736 |. 894D F4
MOV DWORD PTR SS:[LOCAL.3],ECX
00406739 |. 6A 00
PUSH 0
0040673B |. 8D4D FC
LEA ECX,[LOCAL.1]
0040673E |. E8 CA700200 CALL 0042D80D
fo.0042D80D
00406743 |. 8B45 F4
MOV EAX,DWORD PTR SS:[LOCAL.3]
00406746 |. 8378 04 00
CMP DWORD PTR DS:[EAX+4],0
0040674A |. 76 18
JBE SHORT 00406764
0040674C |. 8B4D F4
MOV ECX,DWORD PTR SS:[LOCAL.3]
0040674F |. 8379 04 FF
CMP DWORD PTR DS:[ECX+4],-1
00406753 |. 73 0F
JNB SHORT 00406764
00406755 |. 8B55 F4
MOV EDX,DWORD PTR SS:[LOCAL.3]
00406758 |. 8B42 04
MOV EAX,DWORD PTR DS:[EDX+4]
0040675B |. 83E8 01
SUB EAX,1
0040675E |. 8B4D F4
MOV ECX,DWORD PTR SS:[LOCAL.3]
00406761 |. 8941 04
MOV DWORD PTR DS:[ECX+4],EAX
00406764 |> 8B55 F4
MOV EDX,DWORD PTR SS:[LOCAL.3]
00406767 |. 8B42 04
MOV EAX,DWORD PTR DS:[EDX+4]
0040676A |. F7D8
NEG EAX
0040676C |. 1BC0
SBB EAX,EAX
0040676E |. F7D0
NOT EAX
00406770 |. 2345 F4
AND EAX,DWORD PTR SS:[LOCAL.3]
00406773 |. 8945 F8
MOV DWORD PTR SS:[LOCAL.2],EAX
00406776 |. 8D4D FC
LEA ECX,[LOCAL.1]
00406779 |. E8 B7700200 CALL 0042D835
0040677E |. 8B45 F8
MOV EAX,DWORD PTR SS:[LOCAL.2]
00406781 |. 8BE5
MOV ESP,EBP
00406783 |. 5D
POP EBP
00406784 \. C3
RETN
00406785
CC
INT3
00406786
CC
INT3
00406787
CC
INT3
00406788
CC
INT3
00406789
CC
INT3
0040678A
CC
INT3
0040678B
CC
INT3
0040678C
CC
INT3
0040678D
CC
INT3
0040678E
CC
INT3
0040678F
CC
INT3
00406790 /$ 55
PUSH EBP
o.00406790(guessed Arg1,Arg2)
00406791 |. 8BEC
MOV EBP,ESP
00406793 |. 83EC 60
SUB ESP,60
00406796 |. 894D A4
MOV DWORD PTR SS:[LOCAL.23],ECX
00406799 |. 8B45 0C
MOV EAX,DWORD PTR SS:[ARG.2]
0040679C |. 50
PUSH EAX
[ARG.2]
0040679D |. 8B4D A4
MOV ECX,DWORD PTR SS:[LOCAL.23]
004067A0 |. E8 1B260000 CALL 00408DC0
fo.00408DC0
004067A5 |. 8945 D8
MOV DWORD PTR SS:[LOCAL.10],EAX
004067A8 |. 8B4D A4
MOV ECX,DWORD PTR SS:[LOCAL.23]
004067AB |. 51
PUSH ECX
ARG.ECX
004067AC |. 8B55 D8
MOV EDX,DWORD PTR SS:[LOCAL.10]
004067AF |. 52
PUSH EDX
[LOCAL.10]
004067B0 |. 8D4D F8
LEA ECX,[LOCAL.2]
004067B3 |. E8 38290200 CALL 004290F0

; /Arg1 = 0
; |
; \SystemIn

; SystemInf

; /Arg1 =>
; |
; \SystemIn

; /Arg2 =>
; |
; |Arg1 =>
; |
; \SystemIn

fo.004290F0
004067B8 |.
004067BB |.
004067BE |.
004067C1 |.
004067C8 |.
004067CB |.
004067CE |.
004067D2 |.
004067D4 |.
004067D9 |>
004067DB |.^
004067DD |.
004067E0 |.
004067E2 |.
004067E5 |.
004067E7 |.
004067EB |.
004067EE |.
004067F1 |.
004067F3 |.
004067F5 |.
004067F8 |.
004067FA |.
004067FD |.
00406800 |.
00406803 |.
00406805 |.
00406807 |>
0040680C |>
0040680E |.^
00406810 |.
00406813 |.
00406815 |.
00406818 |.
0040681B |.
0040681E |.
00406820 |.
00406822 |.
00406825 |.
00406828 |.
0040682B |.
0040682E |.
00406833 |.
00406834 |.
00406837 |.
0040683C |.
0040683D |.
fo.0042E980
00406842 |.
00406845 |.
00406847 |.
00406849 |.
0040684C |.
0040684F |.
00406851 |.
00406853 |.
00406856 |.
00406859 |.
0040685B |>

8B45 A4
8B48 18
894D D4
C745 EC 00000
8B55 D4
8955 F0
837D A4 00
75 05
E8 AF800200
33C0
75 FC
8B4D A4
8B11
8955 EC
33C0
837D F8 00
0F95C0
0FB6C8
85C9
74 12
8B55 F8
33C0
3B55 EC
0F94C0
0FB6C8
85C9
75 05
E8 7C800200
33D2
75 FC
8B45 FC
33C9
3B45 F0
0F94C1
0FB6D1
85D2
75 39
8B45 FC
8945 D0
8B4D D0
83C1 0C
E8 7D7E0000
50
8B4D 0C
E8 747E0000
50
E8 3E810200

MOV EAX,DWORD PTR SS:[LOCAL.23]


MOV ECX,DWORD PTR DS:[EAX+18]
MOV DWORD PTR SS:[LOCAL.11],ECX
MOV DWORD PTR SS:[LOCAL.5],0
MOV EDX,DWORD PTR SS:[LOCAL.11]
MOV DWORD PTR SS:[LOCAL.4],EDX
CMP DWORD PTR SS:[LOCAL.23],0
JNE SHORT 004067D9
CALL 0042E888
/XOR EAX,EAX
\JNE SHORT 004067D9
MOV ECX,DWORD PTR SS:[LOCAL.23]
MOV EDX,DWORD PTR DS:[ECX]
MOV DWORD PTR SS:[LOCAL.5],EDX
XOR EAX,EAX
CMP DWORD PTR SS:[LOCAL.2],0
SETNE AL
MOVZX ECX,AL
TEST ECX,ECX
JE SHORT 00406807
MOV EDX,DWORD PTR SS:[LOCAL.2]
XOR EAX,EAX
CMP EDX,DWORD PTR SS:[LOCAL.5]
SETE AL
MOVZX ECX,AL
TEST ECX,ECX
JNE SHORT 0040680C
CALL 0042E888
/XOR EDX,EDX
\JNE SHORT 0040680C
MOV EAX,DWORD PTR SS:[LOCAL.1]
XOR ECX,ECX
CMP EAX,DWORD PTR SS:[LOCAL.4]
SETE CL
MOVZX EDX,CL
TEST EDX,EDX
JNE SHORT 0040685B
MOV EAX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR SS:[LOCAL.12],EAX
MOV ECX,DWORD PTR SS:[LOCAL.12]
ADD ECX,0C
CALL 0040E6B0
PUSH EAX
MOV ECX,DWORD PTR SS:[ARG.2]
CALL 0040E6B0
PUSH EAX
CALL 0042E980

83C4 08
33C9
85C0
0F9CC1
0FB6D1
85D2
75 08
8D45 F8
8945 A0
EB 33
8B4D A4

ADD ESP,8
XOR ECX,ECX
TEST EAX,EAX
SETL CL
MOVZX EDX,CL
TEST EDX,EDX
JNE SHORT 0040685B
LEA EAX,[LOCAL.2]
MOV DWORD PTR SS:[LOCAL.24],EAX
JMP SHORT 0040688E
MOV ECX,DWORD PTR SS:[LOCAL.23]

;
;
;
;
;

/Arg2
|
|
|Arg1
\SystemIn

0040685E |. 8B51 18
MOV EDX,DWORD PTR DS:[ECX+18]
00406861 |. 8955 A8
MOV DWORD PTR SS:[LOCAL.22],EDX
00406864 |. C745 E4 00000 MOV DWORD PTR SS:[LOCAL.7],0
0040686B |. 8B45 A8
MOV EAX,DWORD PTR SS:[LOCAL.22]
0040686E |. 8945 E8
MOV DWORD PTR SS:[LOCAL.6],EAX
00406871 |. 837D A4 00
CMP DWORD PTR SS:[LOCAL.23],0
00406875 |. 75 05
JNE SHORT 0040687C
00406877 |. E8 0C800200 CALL 0042E888
0040687C |> 33C9
/XOR ECX,ECX
0040687E |.^ 75 FC
\JNE SHORT 0040687C
00406880 |. 8B55 A4
MOV EDX,DWORD PTR SS:[LOCAL.23]
00406883 |. 8B02
MOV EAX,DWORD PTR DS:[EDX]
00406885 |. 8945 E4
MOV DWORD PTR SS:[LOCAL.7],EAX
00406888 |. 8D4D E4
LEA ECX,[LOCAL.7]
0040688B |. 894D A0
MOV DWORD PTR SS:[LOCAL.24],ECX
0040688E |> 8B55 A0
MOV EDX,DWORD PTR SS:[LOCAL.24]
00406891 |. 8955 F4
MOV DWORD PTR SS:[LOCAL.3],EDX
00406894 |. 8B45 F4
MOV EAX,DWORD PTR SS:[LOCAL.3]
00406897 |. 8B08
MOV ECX,DWORD PTR DS:[EAX]
00406899 |. 8B50 04
MOV EDX,DWORD PTR DS:[EAX+4]
0040689C |. 8B45 08
MOV EAX,DWORD PTR SS:[ARG.1]
0040689F |. 8908
MOV DWORD PTR DS:[EAX],ECX
004068A1 |. 8950 04
MOV DWORD PTR DS:[EAX+4],EDX
004068A4 |. 8B45 08
MOV EAX,DWORD PTR SS:[ARG.1]
004068A7 |. 8BE5
MOV ESP,EBP
004068A9 |. 5D
POP EBP
004068AA \. C2 0800
RETN 8
004068AD
CC
INT3
004068AE
CC
INT3
004068AF
CC
INT3
004068B0 /$ 55
PUSH EBP
o.004068B0(guessed Arg1,Arg2)
004068B1 |. 8BEC
MOV EBP,ESP
004068B3 |. 83EC 5C
SUB ESP,5C
004068B6 |. 894D A8
MOV DWORD PTR SS:[LOCAL.22],ECX
004068B9 |. 8B45 A8
MOV EAX,DWORD PTR SS:[LOCAL.22]
004068BC |. 50
PUSH EAX
ARG.ECX
004068BD |. 8B4D 0C
MOV ECX,DWORD PTR SS:[ARG.2]
004068C0 |. 51
PUSH ECX
[ARG.2]
004068C1 |. 8B4D A8
MOV ECX,DWORD PTR SS:[LOCAL.22]
004068C4 |. E8 F7240000 CALL 00408DC0
nfo.00408DC0
004068C9 |. 50
PUSH EAX
004068CA |. 8D4D F8
LEA ECX,[LOCAL.2]
004068CD |. E8 1E280200 CALL 004290F0
fo.004290F0
004068D2 |. 8B55 A8
MOV EDX,DWORD PTR SS:[LOCAL.22]
004068D5 |. 8B42 18
MOV EAX,DWORD PTR DS:[EDX+18]
004068D8 |. 8945 D8
MOV DWORD PTR SS:[LOCAL.10],EAX
004068DB |. C745 EC 00000 MOV DWORD PTR SS:[LOCAL.5],0
004068E2 |. 8B4D D8
MOV ECX,DWORD PTR SS:[LOCAL.10]
004068E5 |. 894D F0
MOV DWORD PTR SS:[LOCAL.4],ECX
004068E8 |. 837D A8 00
CMP DWORD PTR SS:[LOCAL.22],0
004068EC |. 75 05
JNE SHORT 004068F3
004068EE |. E8 957F0200 CALL 0042E888
004068F3 |> 33D2
/XOR EDX,EDX
004068F5 |.^ 75 FC
\JNE SHORT 004068F3
004068F7 |. 8B45 A8
MOV EAX,DWORD PTR SS:[LOCAL.22]

; SystemInf

; /Arg2 =>
; |
; |/Arg1 =>
; ||
; |\SystemI
; |Arg1
; |
; \SystemIn

004068FA |.
004068FC |.
004068FF |.
00406901 |.
00406905 |.
00406908 |.
0040690B |.
0040690D |.
0040690F |.
00406912 |.
00406914 |.
00406917 |.
0040691A |.
0040691D |.
0040691F |.
00406921 |>
00406926 |>
00406928 |.^
0040692A |.
0040692D |.
0040692F |.
00406932 |.
00406935 |.
00406938 |.
0040693A |.
0040693C |.
0040693F |.
00406942 |.
00406945 |.
00406948 |.
0040694D |.
0040694E |.
00406951 |.
00406956 |.
00406957 |.
fo.0042E980
0040695C |.
0040695F |.
00406961 |.
00406963 |.
00406966 |.
00406969 |.
0040696B |.
0040696D |.
00406970 |.
00406973 |.
00406975 |>
00406978 |.
0040697B |.
0040697E |.
00406985 |.
00406988 |.
0040698B |.
0040698F |.
00406991 |.
00406996 |>
00406998 |.^
0040699A |.
0040699D |.
0040699F |.

8B08
894D EC
33D2
837D F8 00
0F95C2
0FB6C2
85C0
74 12
8B4D F8
33D2
3B4D EC
0F94C2
0FB6C2
85C0
75 05
E8 627F0200
33C9
75 FC
8B55 FC
33C0
3B55 F0
0F94C0
0FB6C8
85C9
75 39
8B55 FC
8955 D4
8B4D D4
83C1 0C
E8 637D0000
50
8B4D 0C
E8 5A7D0000
50
E8 24800200

MOV ECX,DWORD PTR DS:[EAX]


MOV DWORD PTR SS:[LOCAL.5],ECX
XOR EDX,EDX
CMP DWORD PTR SS:[LOCAL.2],0
SETNE DL
MOVZX EAX,DL
TEST EAX,EAX
JE SHORT 00406921
MOV ECX,DWORD PTR SS:[LOCAL.2]
XOR EDX,EDX
CMP ECX,DWORD PTR SS:[LOCAL.5]
SETE DL
MOVZX EAX,DL
TEST EAX,EAX
JNE SHORT 00406926
CALL 0042E888
/XOR ECX,ECX
\JNE SHORT 00406926
MOV EDX,DWORD PTR SS:[LOCAL.1]
XOR EAX,EAX
CMP EDX,DWORD PTR SS:[LOCAL.4]
SETE AL
MOVZX ECX,AL
TEST ECX,ECX
JNE SHORT 00406975
MOV EDX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR SS:[LOCAL.11],EDX
MOV ECX,DWORD PTR SS:[LOCAL.11]
ADD ECX,0C
CALL 0040E6B0
PUSH EAX
MOV ECX,DWORD PTR SS:[ARG.2]
CALL 0040E6B0
PUSH EAX
CALL 0042E980

83C4 08
33C9
85C0
0F9CC1
0FB6D1
85D2
75 08
8D45 F8
8945 A4
EB 33
8B4D A8
8B51 18
8955 AC
C745 E4 00000
8B45 AC
8945 E8
837D A8 00
75 05
E8 F27E0200
33C9
75 FC
8B55 A8
8B02
8945 E4

ADD ESP,8
XOR ECX,ECX
TEST EAX,EAX
SETL CL
MOVZX EDX,CL
TEST EDX,EDX
JNE SHORT 00406975
LEA EAX,[LOCAL.2]
MOV DWORD PTR SS:[LOCAL.23],EAX
JMP SHORT 004069A8
MOV ECX,DWORD PTR SS:[LOCAL.22]
MOV EDX,DWORD PTR DS:[ECX+18]
MOV DWORD PTR SS:[LOCAL.21],EDX
MOV DWORD PTR SS:[LOCAL.7],0
MOV EAX,DWORD PTR SS:[LOCAL.21]
MOV DWORD PTR SS:[LOCAL.6],EAX
CMP DWORD PTR SS:[LOCAL.22],0
JNE SHORT 00406996
CALL 0042E888
/XOR ECX,ECX
\JNE SHORT 00406996
MOV EDX,DWORD PTR SS:[LOCAL.22]
MOV EAX,DWORD PTR DS:[EDX]
MOV DWORD PTR SS:[LOCAL.7],EAX

;
;
;
;
;

/Arg2
|
|
|Arg1
\SystemIn

004069A2 |. 8D4D E4
004069A5 |. 894D A4
004069A8 |> 8B55 A4
004069AB |. 8955 F4
004069AE |. 8B45 F4
004069B1 |. 8B08
004069B3 |. 8B50 04
004069B6 |. 8B45 08
004069B9 |. 8908
004069BB |. 8950 04
004069BE |. 8B45 08
004069C1 |. 8BE5
004069C3 |. 5D
004069C4 \. C2 0800
004069C7
CC
004069C8
CC
004069C9
CC
004069CA
CC
004069CB
CC
004069CC
CC
004069CD
CC
004069CE
CC
004069CF
CC
004069D0 /$ 55
o.004069D0(guessed void)
004069D1 |. 8BEC
004069D3 |. 6A FF
004069D5 |. 68 A6524400
004069DA |. 64:A1 0000000
004069E0 |. 50
004069E1 |. 81EC AC000000
004069E7 |. A1 A0154500
004069EC |. 33C5
004069EE |. 50
004069EF |. 8D45 F4
004069F2 |. 64:A3 0000000
004069F8 |. 898D 54FFFFFF
004069FE |. 8D45 D6
00406A01 |. 8945 EC
00406A04 |. 8D4D D7
00406A07 |. 894D E4
00406A0A |. C745 FC 00000
00406A11 |. 6A 00
00406A13 |. 6A 01
00406A15 |. E8 464D0000
00406A1A |. 83C4 08
00406A1D |. 8945 D8
00406A20 |. 8B55 D8
00406A23 |. 8955 DC
00406A26 |. 837D DC 00
00406A2A |. 74 16
00406A2C |. 8B45 DC
00406A2F |. 8B8D 54FFFFFF
00406A35 |. 8908
00406A37 |. 8B55 DC
00406A3A |. 8995 50FFFFFF
00406A40 |. EB 0A
00406A42 |> C785 50FFFFFF
00406A4C |> 8B85 50FFFFFF
00406A52 |. 8945 E0

LEA ECX,[LOCAL.7]
MOV DWORD PTR SS:[LOCAL.23],ECX
MOV EDX,DWORD PTR SS:[LOCAL.23]
MOV DWORD PTR SS:[LOCAL.3],EDX
MOV EAX,DWORD PTR SS:[LOCAL.3]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR DS:[EAX+4]
MOV EAX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR DS:[EAX],ECX
MOV DWORD PTR DS:[EAX+4],EDX
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ESP,EBP
POP EBP
RETN 8
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
PUSH -1
PUSH 004452A6
MOV EAX,DWORD PTR FS:[0]
PUSH EAX
SUB ESP,0AC
MOV EAX,DWORD PTR DS:[4515A0]
XOR EAX,EBP
PUSH EAX
LEA EAX,[LOCAL.3]
MOV DWORD PTR FS:[0],EAX
MOV DWORD PTR SS:[LOCAL.43],ECX
LEA EAX,[LOCAL.11+2]
MOV DWORD PTR SS:[LOCAL.5],EAX
LEA ECX,[LOCAL.11+3]
MOV DWORD PTR SS:[LOCAL.7],ECX
MOV DWORD PTR SS:[LOCAL.1],0
PUSH 0
PUSH 1
CALL 0040B760
ADD ESP,8
MOV DWORD PTR SS:[LOCAL.10],EAX
MOV EDX,DWORD PTR SS:[LOCAL.10]
MOV DWORD PTR SS:[LOCAL.9],EDX
CMP DWORD PTR SS:[LOCAL.9],0
JE SHORT 00406A42
MOV EAX,DWORD PTR SS:[LOCAL.9]
MOV ECX,DWORD PTR SS:[LOCAL.43]
MOV DWORD PTR DS:[EAX],ECX
MOV EDX,DWORD PTR SS:[LOCAL.9]
MOV DWORD PTR SS:[LOCAL.44],EDX
JMP SHORT 00406A4C
MOV DWORD PTR SS:[LOCAL.44],0
MOV EAX,DWORD PTR SS:[LOCAL.44]
MOV DWORD PTR SS:[LOCAL.8],EAX

; SystemInf

00406A55 |. 8B8D 54FFFFFF


00406A5B |. 8B55 E0
00406A5E |. 8911
00406A60 |. C745 FC FFFFF
00406A67 |. 8B85 54FFFFFF
00406A6D |. 8985 4CFFFFFF
00406A73 |. 8B8D 54FFFFFF
00406A79 |. 898D 48FFFFFF
00406A7F |. C745 FC 01000
00406A86 |. 6A 00
00406A88 |. 8B8D 54FFFFFF
00406A8E |. E8 1D120000
fo.00407CB0
00406A93 |. C745 FC FFFFF
00406A9A |. 8B85 54FFFFFF
00406AA0 |. 8B4D F4
00406AA3 |. 64:890D 00000
00406AAA |. 59
00406AAB |. 8BE5
00406AAD |. 5D
00406AAE \. C3
00406AAF
CC
00406AB0 /> 55
00406AB1 |. 8BEC
00406AB3 |. 51
00406AB4 |. 894D FC
00406AB7 |. 8BE5
00406AB9 |. 5D
00406ABA \. C3
00406ABB
CC
00406ABC
CC
00406ABD
CC
00406ABE
CC
00406ABF
CC
00406AC0 /$ 55
o.00406AC0(guessed void)
00406AC1 |. 8BEC
00406AC3 |. 6A FF
00406AC5 |. 68 D8524400
00406ACA |. 64:A1 0000000
00406AD0 |. 50
00406AD1 |. 83EC 38
00406AD4 |. A1 A0154500
00406AD9 |. 33C5
00406ADB |. 50
00406ADC |. 8D45 F4
00406ADF |. 64:A3 0000000
00406AE5 |. 894D BC
00406AE8 |. C745 FC 00000
00406AEF |. 8B4D BC
00406AF2 |. E8 79120000
00406AF7 |. C745 FC FFFFF
00406AFE |. 8B45 BC
00406B01 |. 8B08
00406B03 |. 894D C0
00406B06 |. 8B55 C0
00406B09 |. 52
00406B0A |. E8 0B7E0200
00406B0F |. 83C4 04
00406B12 |. 8B4D F4

MOV ECX,DWORD
MOV EDX,DWORD
MOV DWORD PTR
MOV DWORD PTR
MOV EAX,DWORD
MOV DWORD PTR
MOV ECX,DWORD
MOV DWORD PTR
MOV DWORD PTR
PUSH 0
MOV ECX,DWORD
CALL 00407CB0

PTR SS:[LOCAL.43]
PTR SS:[LOCAL.8]
DS:[ECX],EDX
SS:[LOCAL.1],-1
PTR SS:[LOCAL.43]
SS:[LOCAL.45],EAX
PTR SS:[LOCAL.43]
SS:[LOCAL.46],ECX
SS:[LOCAL.1],1

MOV DWORD PTR


MOV EAX,DWORD
MOV ECX,DWORD
MOV DWORD PTR
POP ECX
MOV ESP,EBP
POP EBP
RETN
INT3
PUSH EBP
MOV EBP,ESP
PUSH ECX
MOV DWORD PTR
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
INT3
INT3
PUSH EBP

SS:[LOCAL.1],-1
PTR SS:[LOCAL.43]
PTR SS:[LOCAL.3]
FS:[0],ECX

PTR SS:[LOCAL.43]

; /Arg1 = 0
; |
; \SystemIn

SS:[EBP-4],ECX

MOV EBP,ESP
PUSH -1
PUSH 004452D8
MOV EAX,DWORD PTR FS:[0]
PUSH EAX
SUB ESP,38
MOV EAX,DWORD PTR DS:[4515A0]
XOR EAX,EBP
PUSH EAX
LEA EAX,[EBP-0C]
MOV DWORD PTR FS:[0],EAX
MOV DWORD PTR SS:[EBP-44],ECX
MOV DWORD PTR SS:[EBP-4],0
MOV ECX,DWORD PTR SS:[EBP-44]
CALL 00407D70
MOV DWORD PTR SS:[EBP-4],-1
MOV EAX,DWORD PTR SS:[EBP-44]
MOV ECX,DWORD PTR DS:[EAX]
MOV DWORD PTR SS:[EBP-40],ECX
MOV EDX,DWORD PTR SS:[EBP-40]
PUSH EDX
CALL 0042E91A
ADD ESP,4
MOV ECX,DWORD PTR SS:[EBP-0C]

; SystemInf

00406B15 |. 64:890D 00000


00406B1C |. 59
00406B1D |. 8BE5
00406B1F |. 5D
00406B20 \. C3
00406B21
CC
00406B22
CC
00406B23
CC
00406B24
CC
00406B25
CC
00406B26
CC
00406B27
CC
00406B28
CC
00406B29
CC
00406B2A
CC
00406B2B
CC
00406B2C
CC
00406B2D
CC
00406B2E
CC
00406B2F
CC
00406B30 /$ 55
o.00406B30(guessed Arg1)
00406B31 |. 8BEC
00406B33 |. 83EC 08
00406B36 |. 894D F8
00406B39 |. 8B45 F8
00406B3C |. 8B48 0C
00406B3F |. 894D FC
00406B42 |. 8B55 08
00406B45 |. C702 00000000
00406B4B |. 837D F8 00
00406B4F |. 74 16
00406B51 |. 8B45 F8
00406B54 |. 8B48 0C
00406B57 |. 3B4D FC
00406B5A |. 77 0B
00406B5C |. 8B55 F8
00406B5F |. 8B45 FC
00406B62 |. 3B42 10
00406B65 |. 76 05
00406B67 |> E8 1C7D0200
00406B6C |> 33C9
00406B6E |.^ 75 FC
00406B70 |. 8B55 08
00406B73 |. 8B45 F8
00406B76 |. 8B08
00406B78 |. 890A
00406B7A |. 8B55 08
00406B7D |. 8B45 FC
00406B80 |. 8942 04
00406B83 |. 8B45 08
00406B86 |. 8BE5
00406B88 |. 5D
00406B89 \. C2 0400
00406B8C
CC
00406B8D
CC
00406B8E
CC
00406B8F
CC
00406B90 /$ 55
o.00406B90(guessed Arg1)

MOV DWORD PTR FS:[0],ECX


POP ECX
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP

; SystemInf

MOV EBP,ESP
SUB ESP,8
MOV DWORD PTR SS:[LOCAL.2],ECX
MOV EAX,DWORD PTR SS:[LOCAL.2]
MOV ECX,DWORD PTR DS:[EAX+0C]
MOV DWORD PTR SS:[LOCAL.1],ECX
MOV EDX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR DS:[EDX],0
CMP DWORD PTR SS:[LOCAL.2],0
JE SHORT 00406B67
MOV EAX,DWORD PTR SS:[LOCAL.2]
MOV ECX,DWORD PTR DS:[EAX+0C]
CMP ECX,DWORD PTR SS:[LOCAL.1]
JA SHORT 00406B67
MOV EDX,DWORD PTR SS:[LOCAL.2]
MOV EAX,DWORD PTR SS:[LOCAL.1]
CMP EAX,DWORD PTR DS:[EDX+10]
JBE SHORT 00406B6C
CALL 0042E888
/XOR ECX,ECX
\JNE SHORT 00406B6C
MOV EDX,DWORD PTR SS:[ARG.1]
MOV EAX,DWORD PTR SS:[LOCAL.2]
MOV ECX,DWORD PTR DS:[EAX]
MOV DWORD PTR DS:[EDX],ECX
MOV EDX,DWORD PTR SS:[ARG.1]
MOV EAX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR DS:[EDX+4],EAX
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ESP,EBP
POP EBP
RETN 4
INT3
INT3
INT3
INT3
PUSH EBP

; SystemInf

00406B91 |. 8BEC
00406B93 |. 83EC 08
00406B96 |. 894D F8
00406B99 |. 8B45 F8
00406B9C |. 8B48 10
00406B9F |. 894D FC
00406BA2 |. 8B55 08
00406BA5 |. C702 00000000
00406BAB |. 837D F8 00
00406BAF |. 74 16
00406BB1 |. 8B45 F8
00406BB4 |. 8B48 0C
00406BB7 |. 3B4D FC
00406BBA |. 77 0B
00406BBC |. 8B55 F8
00406BBF |. 8B45 FC
00406BC2 |. 3B42 10
00406BC5 |. 76 05
00406BC7 |> E8 BC7C0200
00406BCC |> 33C9
00406BCE |.^ 75 FC
00406BD0 |. 8B55 08
00406BD3 |. 8B45 F8
00406BD6 |. 8B08
00406BD8 |. 890A
00406BDA |. 8B55 08
00406BDD |. 8B45 FC
00406BE0 |. 8942 04
00406BE3 |. 8B45 08
00406BE6 |. 8BE5
00406BE8 |. 5D
00406BE9 \. C2 0400
00406BEC
CC
00406BED
CC
00406BEE
CC
00406BEF
CC
00406BF0 /$ 55
00406BF1 |. 8BEC
00406BF3 |. 51
00406BF4 |. 894D FC
00406BF7 |. 8B45 FC
00406BFA |. 8B4D FC
00406BFD |. 8B40 10
00406C00 |. 2B41 0C
00406C03 |. 99
00406C04 |. B9 28000000
00406C09 |. F7F9
00406C0B |. 8BE5
00406C0D |. 5D
00406C0E \. C3
00406C0F
CC
00406C10 /$ 55
o.00406C10(guessed Arg1)
00406C11 |. 8BEC
00406C13 |. 51
00406C14 |. 894D FC
00406C17 |. 8B45 FC
00406C1A |. 8B4D FC
00406C1D |. 8B40 10
00406C20 |. 2B41 0C

MOV EBP,ESP
SUB ESP,8
MOV DWORD PTR SS:[LOCAL.2],ECX
MOV EAX,DWORD PTR SS:[LOCAL.2]
MOV ECX,DWORD PTR DS:[EAX+10]
MOV DWORD PTR SS:[LOCAL.1],ECX
MOV EDX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR DS:[EDX],0
CMP DWORD PTR SS:[LOCAL.2],0
JE SHORT 00406BC7
MOV EAX,DWORD PTR SS:[LOCAL.2]
MOV ECX,DWORD PTR DS:[EAX+0C]
CMP ECX,DWORD PTR SS:[LOCAL.1]
JA SHORT 00406BC7
MOV EDX,DWORD PTR SS:[LOCAL.2]
MOV EAX,DWORD PTR SS:[LOCAL.1]
CMP EAX,DWORD PTR DS:[EDX+10]
JBE SHORT 00406BCC
CALL 0042E888
/XOR ECX,ECX
\JNE SHORT 00406BCC
MOV EDX,DWORD PTR SS:[ARG.1]
MOV EAX,DWORD PTR SS:[LOCAL.2]
MOV ECX,DWORD PTR DS:[EAX]
MOV DWORD PTR DS:[EDX],ECX
MOV EDX,DWORD PTR SS:[ARG.1]
MOV EAX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR DS:[EDX+4],EAX
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ESP,EBP
POP EBP
RETN 4
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
PUSH ECX
MOV DWORD PTR SS:[LOCAL.1],ECX
MOV EAX,DWORD PTR SS:[LOCAL.1]
MOV ECX,DWORD PTR SS:[LOCAL.1]
MOV EAX,DWORD PTR DS:[EAX+10]
SUB EAX,DWORD PTR DS:[ECX+0C]
CDQ
MOV ECX,28
IDIV ECX
MOV ESP,EBP
POP EBP
RETN
INT3
PUSH EBP
MOV EBP,ESP
PUSH ECX
MOV DWORD PTR
MOV EAX,DWORD
MOV ECX,DWORD
MOV EAX,DWORD
SUB EAX,DWORD

SS:[LOCAL.1],ECX
PTR SS:[LOCAL.1]
PTR SS:[LOCAL.1]
PTR DS:[EAX+10]
PTR DS:[ECX+0C]

; SystemInf

00406C23 |. 99
00406C24 |. B9 28000000
00406C29 |. F7F9
00406C2B |. 3945 08
00406C2E |. 72 05
00406C30 |. E8 537C0200
00406C35 |> 33D2
00406C37 |.^ 75 FC
00406C39 |. 8B45 08
00406C3C |. 6BC0 28
00406C3F |. 8B4D FC
00406C42 |. 0341 0C
00406C45 |. 8BE5
00406C47 |. 5D
00406C48 \. C2 0400
00406C4B
CC
00406C4C
CC
00406C4D
CC
00406C4E
CC
00406C4F
CC
00406C50 /$ 55
o.00406C50(guessed Arg1)
00406C51 |. 8BEC
00406C53 |. 83EC 60
00406C56 |. 894D A4
00406C59 |. 8B45 A4
00406C5C |. 8B4D A4
00406C5F |. 8B40 10
00406C62 |. 2B41 0C
00406C65 |. 99
00406C66 |. B9 28000000
00406C6B |. F7F9
00406C6D |. 8945 E4
00406C70 |. 8B55 A4
00406C73 |. 837A 0C 00
00406C77 |. 75 09
00406C79 |. C745 A0 00000
00406C80 |. EB 17
00406C82 |> 8B45 A4
00406C85 |. 8B4D A4
00406C88 |. 8B40 14
00406C8B |. 2B41 0C
00406C8E |. 99
00406C8F |. B9 28000000
00406C94 |. F7F9
00406C96 |. 8945 A0
00406C99 |> 8B55 E4
00406C9C |. 3B55 A0
00406C9F |. 73 50
00406CA1 |. 8B45 A4
00406CA4 |. 8B48 10
00406CA7 |. 894D D8
00406CAA |. 8B55 D8
00406CAD |. 8955 DC
00406CB0 |. 33C0
00406CB2 |. 8845 E3
00406CB5 |. 8A4D E1
00406CB8 |. 884D E2
00406CBB |. 0FB655 E3
00406CBF |. 52

CDQ
MOV ECX,28
IDIV ECX
CMP DWORD PTR SS:[ARG.1],EAX
JB SHORT 00406C35
CALL 0042E888
/XOR EDX,EDX
\JNE SHORT 00406C35
MOV EAX,DWORD PTR SS:[ARG.1]
IMUL EAX,EAX,28
MOV ECX,DWORD PTR SS:[LOCAL.1]
ADD EAX,DWORD PTR DS:[ECX+0C]
MOV ESP,EBP
POP EBP
RETN 4
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
SUB ESP,60
MOV DWORD PTR SS:[LOCAL.23],ECX
MOV EAX,DWORD PTR SS:[LOCAL.23]
MOV ECX,DWORD PTR SS:[LOCAL.23]
MOV EAX,DWORD PTR DS:[EAX+10]
SUB EAX,DWORD PTR DS:[ECX+0C]
CDQ
MOV ECX,28
IDIV ECX
MOV DWORD PTR SS:[LOCAL.7],EAX
MOV EDX,DWORD PTR SS:[LOCAL.23]
CMP DWORD PTR DS:[EDX+0C],0
JNE SHORT 00406C82
MOV DWORD PTR SS:[LOCAL.24],0
JMP SHORT 00406C99
MOV EAX,DWORD PTR SS:[LOCAL.23]
MOV ECX,DWORD PTR SS:[LOCAL.23]
MOV EAX,DWORD PTR DS:[EAX+14]
SUB EAX,DWORD PTR DS:[ECX+0C]
CDQ
MOV ECX,28
IDIV ECX
MOV DWORD PTR SS:[LOCAL.24],EAX
MOV EDX,DWORD PTR SS:[LOCAL.7]
CMP EDX,DWORD PTR SS:[LOCAL.24]
JNB SHORT 00406CF1
MOV EAX,DWORD PTR SS:[LOCAL.23]
MOV ECX,DWORD PTR DS:[EAX+10]
MOV DWORD PTR SS:[LOCAL.10],ECX
MOV EDX,DWORD PTR SS:[LOCAL.10]
MOV DWORD PTR SS:[LOCAL.9],EDX
XOR EAX,EAX
MOV BYTE PTR SS:[LOCAL.8+3],AL
MOV CL,BYTE PTR SS:[LOCAL.8+1]
MOV BYTE PTR SS:[LOCAL.8+2],CL
MOVZX EDX,BYTE PTR SS:[LOCAL.8+3]
PUSH EDX

; SystemInf

00406CC0 |. 0FB645 E2
00406CC4 |. 50
00406CC5 |. 8B4D A4
00406CC8 |. 83C1 08
00406CCB |. 51
00406CCC |. 8B55 08
00406CCF |. 52
00406CD0 |. 6A 01
00406CD2 |. 8B45 DC
00406CD5 |. 50
00406CD6 |. E8 D5770000
00406CDB |. 83C4 18
00406CDE |. B9 01000000
00406CE3 |. 6BC9 28
00406CE6 |. 034D D8
00406CE9 |. 8B55 A4
00406CEC |. 894A 10
00406CEF |. EB 67
00406CF1 |> 8B45 A4
00406CF4 |. 8B48 10
00406CF7 |. 894D D4
00406CFA |. C745 F0 00000
00406D01 |. 837D A4 00
00406D05 |. 74 16
00406D07 |. 8B55 A4
00406D0A |. 8B42 0C
00406D0D |. 3B45 D4
00406D10 |. 77 0B
00406D12 |. 8B4D A4
00406D15 |. 8B55 D4
00406D18 |. 3B51 10
00406D1B |. 76 05
00406D1D |> E8 667B0200
00406D22 |> 33C0
00406D24 |.^ 75 FC
00406D26 |. 8B4D A4
00406D29 |. 8B11
00406D2B |. 8955 F0
00406D2E |. 8B45 D4
00406D31 |. 8945 F4
00406D34 |. 8B4D F0
00406D37 |. 8B55 F4
00406D3A |. 894D F8
00406D3D |. 8955 FC
00406D40 |. 8B45 08
00406D43 |. 50
[ARG.1]
00406D44 |. 8B4D FC
00406D47 |. 51
[ARG.ECX+10]
00406D48 |. 8B55 F8
00406D4B |. 52
[ARG.ECX]
00406D4C |. 8D45 E8
00406D4F |. 50
OFFSET LOCAL.6
00406D50 |. 8B4D A4
00406D53 |. E8 180E0000
fo.00407B70
00406D58 |> 8BE5

MOVZX EAX,BYTE PTR SS:[LOCAL.8+2]


PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.23]
ADD ECX,8
PUSH ECX
MOV EDX,DWORD PTR SS:[ARG.1]
PUSH EDX
PUSH 1
MOV EAX,DWORD PTR SS:[LOCAL.9]
PUSH EAX
CALL 0040E4B0
ADD ESP,18
MOV ECX,1
IMUL ECX,ECX,28
ADD ECX,DWORD PTR SS:[LOCAL.10]
MOV EDX,DWORD PTR SS:[LOCAL.23]
MOV DWORD PTR DS:[EDX+10],ECX
JMP SHORT 00406D58
MOV EAX,DWORD PTR SS:[LOCAL.23]
MOV ECX,DWORD PTR DS:[EAX+10]
MOV DWORD PTR SS:[LOCAL.11],ECX
MOV DWORD PTR SS:[LOCAL.4],0
CMP DWORD PTR SS:[LOCAL.23],0
JE SHORT 00406D1D
MOV EDX,DWORD PTR SS:[LOCAL.23]
MOV EAX,DWORD PTR DS:[EDX+0C]
CMP EAX,DWORD PTR SS:[LOCAL.11]
JA SHORT 00406D1D
MOV ECX,DWORD PTR SS:[LOCAL.23]
MOV EDX,DWORD PTR SS:[LOCAL.11]
CMP EDX,DWORD PTR DS:[ECX+10]
JBE SHORT 00406D22
CALL 0042E888
/XOR EAX,EAX
\JNE SHORT 00406D22
MOV ECX,DWORD PTR SS:[LOCAL.23]
MOV EDX,DWORD PTR DS:[ECX]
MOV DWORD PTR SS:[LOCAL.4],EDX
MOV EAX,DWORD PTR SS:[LOCAL.11]
MOV DWORD PTR SS:[LOCAL.3],EAX
MOV ECX,DWORD PTR SS:[LOCAL.4]
MOV EDX,DWORD PTR SS:[LOCAL.3]
MOV DWORD PTR SS:[LOCAL.2],ECX
MOV DWORD PTR SS:[LOCAL.1],EDX
MOV EAX,DWORD PTR SS:[ARG.1]
PUSH EAX

; /Arg4 =>

MOV ECX,DWORD PTR SS:[LOCAL.1]


PUSH ECX

; |
; |Arg3 =>

MOV EDX,DWORD PTR SS:[LOCAL.2]


PUSH EDX

; |
; |Arg2 =>

LEA EAX,[LOCAL.6]
PUSH EAX

; |
; |Arg1 =>

MOV ECX,DWORD PTR SS:[LOCAL.23]


CALL 00407B70

; |
; \SystemIn

MOV ESP,EBP

00406D5A |. 5D
00406D5B \. C2 0400
00406D5E
CC
00406D5F
CC
00406D60 /$ 55
o.00406D60(guessed Arg1)
00406D61 |. 8BEC
00406D63 |. 51
00406D64 |. 894D FC
00406D67 |. 8B45 FC
00406D6A |. 33C9
00406D6C |. 8338 00
00406D6F |. 0F95C1
00406D72 |. 0FB6D1
00406D75 |. 85D2
00406D77 |. 74 16
00406D79 |. 8B45 FC
00406D7C |. 8B4D 08
00406D7F |. 8B10
00406D81 |. 33C0
00406D83 |. 3B11
00406D85 |. 0F94C0
00406D88 |. 0FB6C8
00406D8B |. 85C9
00406D8D |. 75 05
00406D8F |> E8 F47A0200
00406D94 |> 33D2
00406D96 |.^ 75 FC
00406D98 |. 8B45 FC
00406D9B |. 8B4D 08
00406D9E |. 8B50 04
00406DA1 |. 33C0
00406DA3 |. 3B51 04
00406DA6 |. 0F94C0
00406DA9 |. 8BE5
00406DAB |. 5D
00406DAC \. C2 0400
00406DAF
CC
00406DB0 /$ 55
o.00406DB0(guessed void)
00406DB1 |. 8BEC
00406DB3 |. 6A FF
00406DB5 |. 68 18534400
00406DBA |. 64:A1 0000000
00406DC0 |. 50
00406DC1 |. 83EC 48
00406DC4 |. A1 A0154500
00406DC9 |. 33C5
00406DCB |. 50
00406DCC |. 8D45 F4
00406DCF |. 64:A3 0000000
00406DD5 |. 894D AC
00406DD8 |. C745 FC 00000
00406DDF |. 8B45 AC
00406DE2 |. 83C0 28
00406DE5 |. 8945 D0
00406DE8 |. C645 FC 01
00406DEC |. 8B4D D0
00406DEF |. E8 8C790000
fo.0040E780

POP EBP
RETN 4
INT3
INT3
PUSH EBP

; SystemInf

MOV EBP,ESP
PUSH ECX
MOV DWORD PTR SS:[LOCAL.1],ECX
MOV EAX,DWORD PTR SS:[LOCAL.1]
XOR ECX,ECX
CMP DWORD PTR DS:[EAX],0
SETNE CL
MOVZX EDX,CL
TEST EDX,EDX
JE SHORT 00406D8F
MOV EAX,DWORD PTR SS:[LOCAL.1]
MOV ECX,DWORD PTR SS:[ARG.1]
MOV EDX,DWORD PTR DS:[EAX]
XOR EAX,EAX
CMP EDX,DWORD PTR DS:[ECX]
SETE AL
MOVZX ECX,AL
TEST ECX,ECX
JNE SHORT 00406D94
CALL 0042E888
/XOR EDX,EDX
\JNE SHORT 00406D94
MOV EAX,DWORD PTR SS:[LOCAL.1]
MOV ECX,DWORD PTR SS:[ARG.1]
MOV EDX,DWORD PTR DS:[EAX+4]
XOR EAX,EAX
CMP EDX,DWORD PTR DS:[ECX+4]
SETE AL
MOV ESP,EBP
POP EBP
RETN 4
INT3
PUSH EBP

; SystemInf

MOV EBP,ESP
PUSH -1
PUSH 00445318
MOV EAX,DWORD PTR FS:[0]
PUSH EAX
SUB ESP,48
MOV EAX,DWORD PTR DS:[4515A0]
XOR EAX,EBP
PUSH EAX
LEA EAX,[EBP-0C]
MOV DWORD PTR FS:[0],EAX
MOV DWORD PTR SS:[EBP-54],ECX
MOV DWORD PTR SS:[EBP-4],0
MOV EAX,DWORD PTR SS:[EBP-54]
ADD EAX,28
MOV DWORD PTR SS:[EBP-30],EAX
MOV BYTE PTR SS:[EBP-4],1
MOV ECX,DWORD PTR SS:[EBP-30]
CALL 0040E780

; [SystemIn

00406DF4 |.
00406DF8 |.
00406DFA |.
00406DFC |.
00406DFF |.
fo.0040FB60
00406E04 |.
00406E0B |.
00406E0E |.
fo.0040E780
00406E13 |.
00406E1A |.
00406E1C |.
00406E1E |.
00406E21 |.
fo.0040FB60
00406E26 |.
00406E29 |.
00406E30 |.
00406E31 |.
00406E33 |.
00406E34 \.
00406E35
00406E36
00406E37
00406E38
00406E39
00406E3A
00406E3B
00406E3C
00406E3D
00406E3E
00406E3F
00406E40 /$
00406E41 |.
00406E43 |.
00406E46 |.
00406E49 |.
00406E4C |.
00406E4E |.
00406E51 |.
00406E54 |.
00406E55 |.
00406E5A |.
00406E5D |.
00406E5F |.
00406E60 \.
00406E61
00406E62
00406E63
00406E64
00406E65
00406E66
00406E67
00406E68
00406E69
00406E6A
00406E6B
00406E6C
00406E6D

C645 FC 00
6A 00
6A 01
8B4D D0
E8 5C8D0000

MOV BYTE PTR SS:[EBP-4],0


PUSH 0
PUSH 1
MOV ECX,DWORD PTR SS:[EBP-30]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

C745 FC 02000 MOV DWORD PTR SS:[EBP-4],2


8B4D AC
MOV ECX,DWORD PTR SS:[EBP-54]
E8 6D790000 CALL 0040E780

; [SystemIn

C745 FC FFFFF
6A 00
6A 01
8B4D AC
E8 3A8D0000

MOV DWORD PTR SS:[EBP-4],-1


PUSH 0
PUSH 1
MOV ECX,DWORD PTR SS:[EBP-54]
CALL 0040FB60

;
;
;
;

8B4D F4
64:890D 00000
59
8BE5
5D
C3
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
55
8BEC
83EC 08
894D F8
8B45 F8
8B08
894D FC
8B55 FC
52
E8 C07A0200
83C4 04
8BE5
5D
C3
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC

MOV ECX,DWORD
MOV DWORD PTR
POP ECX
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
SUB ESP,8
MOV DWORD PTR
MOV EAX,DWORD
MOV ECX,DWORD
MOV DWORD PTR
MOV EDX,DWORD
PUSH EDX
CALL 0042E91A
ADD ESP,4
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3

PTR SS:[EBP-0C]
FS:[0],ECX

SS:[EBP-8],ECX
PTR SS:[EBP-8]
PTR DS:[EAX]
SS:[EBP-4],ECX
PTR SS:[EBP-4]

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

00406E6E
CC
00406E6F
CC
00406E70 /$ 55
o.00406E70(guessed Arg1)
00406E71 |. 8BEC
00406E73 |. 6A FF
00406E75 |. 68 71534400
00406E7A |. 64:A1 0000000
00406E80 |. 50
00406E81 |. 81EC F0000000
00406E87 |. A1 A0154500
00406E8C |. 33C5
00406E8E |. 8945 F0
00406E91 |. 50
00406E92 |. 8D45 F4
00406E95 |. 64:A3 0000000
00406E9B |. 898D 08FFFFFF
00406EA1 |. C745 98 00000
00406EA8 |. 8B85 08FFFFFF
00406EAE |. 8B48 40
00406EB1 |. 83E1 02
00406EB4 |. 0F85 F7000000
00406EBA |. 8B95 08FFFFFF
00406EC0 |. 8B42 24
00406EC3 |. 8B08
00406EC5 |. 894D 94
00406EC8 |. 837D 94 00
00406ECC |. 0F84 DF000000
00406ED2 |. 8B95 08FFFFFF
00406ED8 |. 8B42 24
00406EDB |. 8B08
00406EDD |. 894D 90
00406EE0 |. 8B95 08FFFFFF
00406EE6 |. 8B42 3C
00406EE9 |. 3B45 90
00406EEC |. 73 1C
00406EEE |. 8B4D 8C
00406EF1 |. 898D 04FFFFFF
00406EF7 |. 8B95 08FFFFFF
00406EFD |. 8B42 24
00406F00 |. 8B08
00406F02 |. 898D 04FFFFFF
00406F08 |. EB 0F
00406F0A |> 8B95 08FFFFFF
00406F10 |. 8B42 3C
00406F13 |. 8985 04FFFFFF
00406F19 |> 8B8D 08FFFFFF
00406F1F |. 8B51 14
00406F22 |. 8B02
00406F24 |. 8945 88
00406F27 |. 8B8D 08FFFFFF
00406F2D |. 8B51 14
00406F30 |. 8B02
00406F32 |. 8945 84
00406F35 |. 8D8D 7BFFFFFF
00406F3B |. 898D 7CFFFFFF
00406F41 |. 6A 00
00406F43 |. 6A 00
00406F45 |. 8D4D D4
00406F48 |. E8 138C0000

INT3
INT3
PUSH EBP

; SystemInf

MOV EBP,ESP
PUSH -1
PUSH 00445371
MOV EAX,DWORD PTR FS:[0]
PUSH EAX
SUB ESP,0F0
MOV EAX,DWORD PTR DS:[4515A0]
XOR EAX,EBP
MOV DWORD PTR SS:[LOCAL.4],EAX
PUSH EAX
LEA EAX,[LOCAL.3]
MOV DWORD PTR FS:[0],EAX
MOV DWORD PTR SS:[LOCAL.62],ECX
MOV DWORD PTR SS:[LOCAL.26],0
MOV EAX,DWORD PTR SS:[LOCAL.62]
MOV ECX,DWORD PTR DS:[EAX+40]
AND ECX,00000002
JNE 00406FB1
MOV EDX,DWORD PTR SS:[LOCAL.62]
MOV EAX,DWORD PTR DS:[EDX+24]
MOV ECX,DWORD PTR DS:[EAX]
MOV DWORD PTR SS:[LOCAL.27],ECX
CMP DWORD PTR SS:[LOCAL.27],0
JE 00406FB1
MOV EDX,DWORD PTR SS:[LOCAL.62]
MOV EAX,DWORD PTR DS:[EDX+24]
MOV ECX,DWORD PTR DS:[EAX]
MOV DWORD PTR SS:[LOCAL.28],ECX
MOV EDX,DWORD PTR SS:[LOCAL.62]
MOV EAX,DWORD PTR DS:[EDX+3C]
CMP EAX,DWORD PTR SS:[LOCAL.28]
JNB SHORT 00406F0A
MOV ECX,DWORD PTR SS:[LOCAL.29]
MOV DWORD PTR SS:[LOCAL.63],ECX
MOV EDX,DWORD PTR SS:[LOCAL.62]
MOV EAX,DWORD PTR DS:[EDX+24]
MOV ECX,DWORD PTR DS:[EAX]
MOV DWORD PTR SS:[LOCAL.63],ECX
JMP SHORT 00406F19
MOV EDX,DWORD PTR SS:[LOCAL.62]
MOV EAX,DWORD PTR DS:[EDX+3C]
MOV DWORD PTR SS:[LOCAL.63],EAX
MOV ECX,DWORD PTR SS:[LOCAL.62]
MOV EDX,DWORD PTR DS:[ECX+14]
MOV EAX,DWORD PTR DS:[EDX]
MOV DWORD PTR SS:[LOCAL.30],EAX
MOV ECX,DWORD PTR SS:[LOCAL.62]
MOV EDX,DWORD PTR DS:[ECX+14]
MOV EAX,DWORD PTR DS:[EDX]
MOV DWORD PTR SS:[LOCAL.31],EAX
LEA ECX,[LOCAL.34+3]
MOV DWORD PTR SS:[LOCAL.33],ECX
PUSH 0
PUSH 0
LEA ECX,[LOCAL.11]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 0
|
\SystemIn

fo.0040FB60
00406F4D |. 8B95 04FFFFFF
00406F53 |. 2B55 88
00406F56 |. 52
00406F57 |. 8B45 84
00406F5A |. 50
[LOCAL.31]
00406F5B |. 8D4D D4
00406F5E |. E8 ED810000
fo.0040F150
00406F63 |. C745 FC 01000
00406F6A |. 6A 00
00406F6C |. 6A 00
00406F6E |. 8B4D 08
00406F71 |. E8 EA8B0000
fo.0040FB60
00406F76 |. 8B0D AC874400
00406F7C |. 51
[4487AC] = -1
00406F7D |. 6A 00
00406F7F |. 8D55 D4
00406F82 |. 52
OFFSET LOCAL.11
00406F83 |. 8B4D 08
00406F86 |. E8 95800000
fo.0040F020
00406F8B |. 8B45 98
00406F8E |. 83C8 01
00406F91 |. 8945 98
00406F94 |. C645 FC 00
00406F98 |. 6A 00
00406F9A |. 6A 01
00406F9C |. 8D4D D4
00406F9F |. E8 BC8B0000
fo.0040FB60
00406FA4 |. 8B45 08
00406FA7 |. E9 4A010000
00406FAC |. E9 45010000
00406FB1 |> 8B8D 08FFFFFF
00406FB7 |. 8B51 40
00406FBA |. 83E2 04
00406FBD |. 0F85 D8000000
00406FC3 |. 8B85 08FFFFFF
00406FC9 |. 8B48 20
00406FCC |. 8B11
00406FCE |. 8995 74FFFFFF
00406FD4 |. 83BD 74FFFFFF
00406FDB |. 0F84 BA000000
00406FE1 |. 8B85 08FFFFFF
00406FE7 |. 8B48 20
00406FEA |. 8B95 08FFFFFF
00406FF0 |. 8B42 30
00406FF3 |. 8B09
00406FF5 |. 0308
00406FF7 |. 898D 70FFFFFF
00406FFD |. 8B95 08FFFFFF
00407003 |. 8B42 10
00407006 |. 8B08
00407008 |. 898D 6CFFFFFF
0040700E |. 8B95 08FFFFFF

MOV EDX,DWORD PTR SS:[LOCAL.63]


SUB EDX,DWORD PTR SS:[LOCAL.30]
PUSH EDX
MOV EAX,DWORD PTR SS:[LOCAL.31]
PUSH EAX

; /Arg2
; |
; |Arg1 =>

LEA ECX,[LOCAL.11]
CALL 0040F150

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.1],1


PUSH 0
PUSH 0
MOV ECX,DWORD PTR SS:[ARG.1]
CALL 0040FB60

;
;
;
;

MOV ECX,DWORD PTR DS:[4487AC]


PUSH ECX

; /Arg3 =>

PUSH 0
LEA EDX,[LOCAL.11]
PUSH EDX

; |Arg2 = 0
; |
; |Arg1 =>

MOV ECX,DWORD PTR SS:[ARG.1]


CALL 0040F020

; |
; \SystemIn

MOV EAX,DWORD PTR SS:[LOCAL.26]


OR EAX,00000001
MOV DWORD PTR SS:[LOCAL.26],EAX
MOV BYTE PTR SS:[LOCAL.1],0
PUSH 0
PUSH 1
LEA ECX,[LOCAL.11]
CALL 0040FB60

;
;
;
;

MOV EAX,DWORD PTR SS:[ARG.1]


JMP 004070F6
JMP 004070F6
MOV ECX,DWORD PTR SS:[LOCAL.62]
MOV EDX,DWORD PTR DS:[ECX+40]
AND EDX,00000004
JNE 0040709B
MOV EAX,DWORD PTR SS:[LOCAL.62]
MOV ECX,DWORD PTR DS:[EAX+20]
MOV EDX,DWORD PTR DS:[ECX]
MOV DWORD PTR SS:[LOCAL.35],EDX
CMP DWORD PTR SS:[LOCAL.35],0
JE 0040709B
MOV EAX,DWORD PTR SS:[LOCAL.62]
MOV ECX,DWORD PTR DS:[EAX+20]
MOV EDX,DWORD PTR SS:[LOCAL.62]
MOV EAX,DWORD PTR DS:[EDX+30]
MOV ECX,DWORD PTR DS:[ECX]
ADD ECX,DWORD PTR DS:[EAX]
MOV DWORD PTR SS:[LOCAL.36],ECX
MOV EDX,DWORD PTR SS:[LOCAL.62]
MOV EAX,DWORD PTR DS:[EDX+10]
MOV ECX,DWORD PTR DS:[EAX]
MOV DWORD PTR SS:[LOCAL.37],ECX
MOV EDX,DWORD PTR SS:[LOCAL.62]

/Arg2 = 0
|Arg1 = 0
|
\SystemIn

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

00407014 |. 8B42 10
00407017 |. 8B08
00407019 |. 898D 68FFFFFF
0040701F |. 8D95 5FFFFFFF
00407025 |. 8995 60FFFFFF
0040702B |. 6A 00
0040702D |. 6A 00
0040702F |. 8D4D B8
00407032 |. E8 298B0000
fo.0040FB60
00407037 |. 8B85 70FFFFFF
0040703D |. 2B85 6CFFFFFF
00407043 |. 50
00407044 |. 8B8D 68FFFFFF
0040704A |. 51
[LOCAL.38]
0040704B |. 8D4D B8
0040704E |. E8 FD800000
fo.0040F150
00407053 |. C745 FC 02000
0040705A |. 6A 00
0040705C |. 6A 00
0040705E |. 8B4D 08
00407061 |. E8 FA8A0000
fo.0040FB60
00407066 |. 8B15 AC874400
0040706C |. 52
[4487AC] = -1
0040706D |. 6A 00
0040706F |. 8D45 B8
00407072 |. 50
OFFSET LOCAL.18
00407073 |. 8B4D 08
00407076 |. E8 A57F0000
fo.0040F020
0040707B |. 8B4D 98
0040707E |. 83C9 01
00407081 |. 894D 98
00407084 |. C645 FC 00
00407088 |. 6A 00
0040708A |. 6A 01
0040708C |. 8D4D B8
0040708F |. E8 CC8A0000
fo.0040FB60
00407094 |. 8B45 08
00407097 |. EB 5D
00407099 |. EB 5B
0040709B |> 8D95 23FFFFFF
004070A1 |. 8995 24FFFFFF
004070A7 |. 6A 00
004070A9 |. 6A 00
004070AB |. 8D4D 9C
004070AE |. E8 AD8A0000
fo.0040FB60
004070B3 |. C745 FC 03000
004070BA |. 6A 00
004070BC |. 6A 00
004070BE |. 8B4D 08
004070C1 |. E8 9A8A0000
fo.0040FB60

MOV EAX,DWORD PTR DS:[EDX+10]


MOV ECX,DWORD PTR DS:[EAX]
MOV DWORD PTR SS:[LOCAL.38],ECX
LEA EDX,[LOCAL.41+3]
MOV DWORD PTR SS:[LOCAL.40],EDX
PUSH 0
PUSH 0
LEA ECX,[LOCAL.18]
CALL 0040FB60

;
;
;
;

MOV EAX,DWORD PTR SS:[LOCAL.36]


SUB EAX,DWORD PTR SS:[LOCAL.37]
PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.38]
PUSH ECX

; /Arg2
; |
; |Arg1 =>

LEA ECX,[LOCAL.18]
CALL 0040F150

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.1],2


PUSH 0
PUSH 0
MOV ECX,DWORD PTR SS:[ARG.1]
CALL 0040FB60

;
;
;
;

MOV EDX,DWORD PTR DS:[4487AC]


PUSH EDX

; /Arg3 =>

PUSH 0
LEA EAX,[LOCAL.18]
PUSH EAX

; |Arg2 = 0
; |
; |Arg1 =>

MOV ECX,DWORD PTR SS:[ARG.1]


CALL 0040F020

; |
; \SystemIn

MOV ECX,DWORD PTR SS:[LOCAL.26]


OR ECX,00000001
MOV DWORD PTR SS:[LOCAL.26],ECX
MOV BYTE PTR SS:[LOCAL.1],0
PUSH 0
PUSH 1
LEA ECX,[LOCAL.18]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

MOV EAX,DWORD PTR SS:[ARG.1]


JMP SHORT 004070F6
JMP SHORT 004070F6
LEA EDX,[LOCAL.56+3]
MOV DWORD PTR SS:[LOCAL.55],EDX
PUSH 0
PUSH 0
LEA ECX,[LOCAL.25]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 0
|
\SystemIn

MOV DWORD PTR SS:[LOCAL.1],3


PUSH 0
PUSH 0
MOV ECX,DWORD PTR SS:[ARG.1]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 0
|
\SystemIn

/Arg2 = 0
|Arg1 = 0
|
\SystemIn

/Arg2 = 0
|Arg1 = 0
|
\SystemIn

004070C6 |. A1 AC874400
004070CB |. 50
[4487AC] = -1
004070CC |. 6A 00
004070CE |. 8D4D 9C
004070D1 |. 51
OFFSET LOCAL.25
004070D2 |. 8B4D 08
004070D5 |. E8 467F0000
fo.0040F020
004070DA |. 8B55 98
004070DD |. 83CA 01
004070E0 |. 8955 98
004070E3 |. C645 FC 00
004070E7 |. 6A 00
004070E9 |. 6A 01
004070EB |. 8D4D 9C
004070EE |. E8 6D8A0000
fo.0040FB60
004070F3 |. 8B45 08
004070F6 |> 8B4D F4
004070F9 |. 64:890D 00000
00407100 |. 59
00407101 |. 8B4D F0
00407104 |. 33CD
00407106 |. E8 E6750200
0040710B |. 8BE5
0040710D |. 5D
0040710E \. C2 0400
00407111
CC
00407112
CC
00407113
CC
00407114
CC
00407115
CC
00407116
CC
00407117
CC
00407118
CC
00407119
CC
0040711A
CC
0040711B
CC
0040711C
CC
0040711D
CC
0040711E
CC
0040711F
CC
00407120 /$ 55
o.00407120(guessed Arg1)
00407121 |. 8BEC
00407123 |. 83EC 3C
00407126 |. 894D C8
00407129 |. 8B4D C8
0040712C |. E8 9F8B0000
00407131 |. 8B45 08
00407134 |. 8B48 14
00407137 |. 894D F0
0040713A |. 8B55 08
0040713D |. 837A 18 10
00407141 |. 72 0B
00407143 |. 8B45 08
00407146 |. 8B48 04
00407149 |. 894D C4

MOV EAX,DWORD PTR DS:[4487AC]


PUSH EAX

; /Arg3 =>

PUSH 0
LEA ECX,[LOCAL.25]
PUSH ECX

; |Arg2 = 0
; |
; |Arg1 =>

MOV ECX,DWORD PTR SS:[ARG.1]


CALL 0040F020

; |
; \SystemIn

MOV EDX,DWORD PTR SS:[LOCAL.26]


OR EDX,00000001
MOV DWORD PTR SS:[LOCAL.26],EDX
MOV BYTE PTR SS:[LOCAL.1],0
PUSH 0
PUSH 1
LEA ECX,[LOCAL.25]
CALL 0040FB60

;
;
;
;

MOV EAX,DWORD
MOV ECX,DWORD
MOV DWORD PTR
POP ECX
MOV ECX,DWORD
XOR ECX,EBP
CALL 0042E6F1
MOV ESP,EBP
POP EBP
RETN 4
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP

; SystemInf

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

PTR SS:[ARG.1]
PTR SS:[EBP-0C]
FS:[0],ECX
PTR SS:[EBP-10]

MOV EBP,ESP
SUB ESP,3C
MOV DWORD PTR SS:[LOCAL.14],ECX
MOV ECX,DWORD PTR SS:[LOCAL.14]
CALL 0040FCD0
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ECX,DWORD PTR DS:[EAX+14]
MOV DWORD PTR SS:[LOCAL.4],ECX
MOV EDX,DWORD PTR SS:[ARG.1]
CMP DWORD PTR DS:[EDX+18],10
JB SHORT 0040714E
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.15],ECX

0040714C |. EB 09
JMP SHORT 00407157
0040714E |> 8B55 08
MOV EDX,DWORD PTR SS:[ARG.1]
00407151 |. 83C2 04
ADD EDX,4
00407154 |. 8955 C4
MOV DWORD PTR SS:[LOCAL.15],EDX
00407157 |> 8B45 C8
MOV EAX,DWORD PTR SS:[LOCAL.14]
0040715A |. 8B48 40
MOV ECX,DWORD PTR DS:[EAX+40]
0040715D |. 51
PUSH ECX
[ARG.ECX+40]
0040715E |. 8B55 F0
MOV EDX,DWORD PTR SS:[LOCAL.4]
00407161 |. 52
PUSH EDX
[LOCAL.4]
00407162 |. 8B45 C4
MOV EAX,DWORD PTR SS:[LOCAL.15]
00407165 |. 50
PUSH EAX
[LOCAL.15]
00407166 |. 8B4D C8
MOV ECX,DWORD PTR SS:[LOCAL.14]
00407169 |. E8 C20C0000 CALL 00407E30
fo.00407E30
0040716E |. 8BE5
MOV ESP,EBP
00407170 |. 5D
POP EBP
00407171 \. C2 0400
RETN 4
00407174
CC
INT3
00407175
CC
INT3
00407176
CC
INT3
00407177
CC
INT3
00407178
CC
INT3
00407179
CC
INT3
0040717A
CC
INT3
0040717B
CC
INT3
0040717C
CC
INT3
0040717D
CC
INT3
0040717E
CC
INT3
0040717F
CC
INT3
00407180 /$ 55
PUSH EBP
o.00407180(guessed Arg1,Arg2)
00407181 |. 8BEC
MOV EBP,ESP
00407183 |. 6A FF
PUSH -1
00407185 |. 68 98684400 PUSH 00446898
0040718A |. 64:A1 0000000 MOV EAX,DWORD PTR FS:[0]
00407190 |. 50
PUSH EAX
00407191 |. 83EC 3C
SUB ESP,3C
00407194 |. A1 A0154500 MOV EAX,DWORD PTR DS:[4515A0]
00407199 |. 33C5
XOR EAX,EBP
0040719B |. 50
PUSH EAX
0040719C |. 8D45 F4
LEA EAX,[LOCAL.3]
0040719F |. 64:A3 0000000 MOV DWORD PTR FS:[0],EAX
004071A5 |. 894D C8
MOV DWORD PTR SS:[LOCAL.14],ECX
004071A8 |. 8D45 D1
LEA EAX,[LOCAL.12+1]
004071AB |. 8945 EC
MOV DWORD PTR SS:[LOCAL.5],EAX
004071AE |. 8D4D D2
LEA ECX,[LOCAL.12+2]
004071B1 |. 894D E4
MOV DWORD PTR SS:[LOCAL.7],ECX
004071B4 |. 8D55 D3
LEA EDX,[LOCAL.12+3]
004071B7 |. 8955 DC
MOV DWORD PTR SS:[LOCAL.9],EDX
004071BA |. 51
PUSH ECX
004071BB |. 8BC4
MOV EAX,ESP
004071BD |. 8965 D8
MOV DWORD PTR SS:[LOCAL.10],ESP
004071C0 |. 8945 D4
MOV DWORD PTR SS:[LOCAL.11],EAX
004071C3 |. 8B4D 08
MOV ECX,DWORD PTR SS:[ARG.1]
004071C6 |. 0FB611
MOVZX EDX,BYTE PTR DS:[ECX]
004071C9 |. 52
PUSH EDX
004071CA |. 8B4D C8
MOV ECX,DWORD PTR SS:[LOCAL.14]

; /Arg3 =>
; |
; |Arg2 =>
; |
; |Arg1 =>
; |
; \SystemIn

; SystemInf

;
;
;
;
;
;
;
;

/Arg2
|
|
|
|
|
|Arg1
|

004071CD |. E8 EE590200 CALL 0042CBC0


fo.0042CBC0
004071D2 |. 8945 C4
MOV DWORD PTR SS:[LOCAL.15],EAX
004071D5 |. 8B45 C8
MOV EAX,DWORD PTR SS:[LOCAL.14]
004071D8 |. 8945 C0
MOV DWORD PTR SS:[LOCAL.16],EAX
004071DB |. 8B4D C8
MOV ECX,DWORD PTR SS:[LOCAL.14]
004071DE |. 894D BC
MOV DWORD PTR SS:[LOCAL.17],ECX
004071E1 |. 8B55 C8
MOV EDX,DWORD PTR SS:[LOCAL.14]
004071E4 |. 8955 B8
MOV DWORD PTR SS:[LOCAL.18],EDX
004071E7 |. C745 FC 00000 MOV DWORD PTR SS:[LOCAL.1],0
004071EE |. 8B4D C8
MOV ECX,DWORD PTR SS:[LOCAL.14]
004071F1 |. E8 FA140000 CALL 004086F0
004071F6 |. C745 FC FFFFF MOV DWORD PTR SS:[LOCAL.1],-1
004071FD |. 8B45 C8
MOV EAX,DWORD PTR SS:[LOCAL.14]
00407200 |. 8B4D F4
MOV ECX,DWORD PTR SS:[LOCAL.3]
00407203 |. 64:890D 00000 MOV DWORD PTR FS:[0],ECX
0040720A |. 59
POP ECX
0040720B |. 8BE5
MOV ESP,EBP
0040720D |. 5D
POP EBP
0040720E \. C2 0800
RETN 8
00407211
CC
INT3
00407212
CC
INT3
00407213
CC
INT3
00407214
CC
INT3
00407215
CC
INT3
00407216
CC
INT3
00407217
CC
INT3
00407218
CC
INT3
00407219
CC
INT3
0040721A
CC
INT3
0040721B
CC
INT3
0040721C
CC
INT3
0040721D
CC
INT3
0040721E
CC
INT3
0040721F
CC
INT3
00407220 /$ 55
PUSH EBP
o.00407220(guessed Arg1,Arg2,Arg3,Arg4)
00407221 |. 8BEC
MOV EBP,ESP
00407223 |. 81EC C0010000 SUB ESP,1C0
00407229 |. 898D 40FEFFFF MOV DWORD PTR SS:[LOCAL.112],ECX
0040722F |. C745 F8 00000 MOV DWORD PTR SS:[LOCAL.2],0
00407236 |. C745 FC 00000 MOV DWORD PTR SS:[LOCAL.1],0
0040723D |. 8B85 40FEFFFF MOV EAX,DWORD PTR SS:[LOCAL.112]
00407243 |. 8B48 1C
MOV ECX,DWORD PTR DS:[EAX+1C]
00407246 |. 894D B8
MOV DWORD PTR SS:[LOCAL.18],ECX
00407249 |. 837D B8 00
CMP DWORD PTR SS:[LOCAL.18],0
0040724D |. 75 2C
JNE SHORT 0040727B
0040724F |. 8B55 14
MOV EDX,DWORD PTR SS:[ARG.4]
00407252 |. 52
PUSH EDX
[ARG.4]
00407253 |. 8B85 40FEFFFF MOV EAX,DWORD PTR SS:[LOCAL.112]
00407259 |. 8B48 18
MOV ECX,DWORD PTR DS:[EAX+18]
0040725C |. 51
PUSH ECX
[ARG.ECX+18]
0040725D |. 6A 01
PUSH 1
0040725F |. 8B55 08
MOV EDX,DWORD PTR SS:[ARG.1]
00407262 |. 52
PUSH EDX
[ARG.1]
00407263 |. 8B8D 40FEFFFF MOV ECX,DWORD PTR SS:[LOCAL.112]
00407269 |. E8 F2140000 CALL 00408760

; \SystemIn

; SystemInf

; /Arg4 =>
; |
; |
; |Arg3 =>
; |Arg2 = 1
; |
; |Arg1 =>
; |
; \SystemIn

fo.00408760
0040726E |.
00407271 |.
00407276 |.
0040727B |>
0040727D |.
00407283 |.
00407289 |.
0040728C |.
00407292 |.
00407298 |.
0040729A |.
004072A0 |.
004072A6 |.
ARG.ECX
004072A7 |.
004072AD |.
[LOCAL.39]
004072AE |.
004072B1 |.
fo.004290F0
004072B6 |.
004072B8 |.
004072BC |.
004072BF |.
004072C2 |.
004072C4 |.
004072C6 |.
004072C9 |.
004072CB |.
004072CE |.
004072D1 |.
004072D4 |.
004072D6 |.
004072D8 |>
004072DD |>
004072DF |.^
004072E1 |.
004072E4 |.
004072E6 |.
004072E9 |.
004072EC |.
004072EF |.
004072F1 |.
004072F3 |.
004072F6 |.
004072FC |.
004072FF |.
00407304 |.
00407305 |.
0040730B |.
0040730E |.
00407313 |.
00407314 |.
fo.0042E980
00407319 |.
0040731C |.
0040731E |.
00407320 |.
00407323 |.

8B45 08
E9 DF070000
E9 B7070000
33C0
0F84 1C040000
8B8D 40FEFFFF
8B51 18
8995 68FFFFFF
8B85 68FFFFFF
8B08
898D 64FFFFFF
8B95 40FEFFFF
52

MOV EAX,DWORD
JMP 00407A55
JMP 00407A32
XOR EAX,EAX
JE 0040769F
MOV ECX,DWORD
MOV EDX,DWORD
MOV DWORD PTR
MOV EAX,DWORD
MOV ECX,DWORD
MOV DWORD PTR
MOV EDX,DWORD
PUSH EDX

PTR SS:[ARG.1]

PTR SS:[LOCAL.112]
PTR DS:[ECX+18]
SS:[LOCAL.38],EDX
PTR SS:[LOCAL.38]
PTR DS:[EAX]
SS:[LOCAL.39],ECX
PTR SS:[LOCAL.112]
; /Arg2 =>

8B85 64FFFFFF MOV EAX,DWORD PTR SS:[LOCAL.39]


50
PUSH EAX

; |
; |Arg1 =>

8D4D F0
E8 3A1E0200

LEA ECX,[LOCAL.4]
CALL 004290F0

; |
; \SystemIn

33C9
837D 0C 00
0F95C1
0FB6D1
85D2
74 12
8B45 0C
33C9
3B45 F0
0F94C1
0FB6D1
85D2
75 05
E8 AB750200
33C0
75 FC
8B4D 10
33D2
3B4D F4
0F94C2
0FB6C2
85C0
74 69
8B4D 10
898D 60FFFFFF
8B4D 14
E8 AC730000
50
8B8D 60FFFFFF
83C1 0C
E8 9D730000
50
E8 67760200

XOR ECX,ECX
CMP DWORD PTR SS:[ARG.2],0
SETNE CL
MOVZX EDX,CL
TEST EDX,EDX
JE SHORT 004072D8
MOV EAX,DWORD PTR SS:[ARG.2]
XOR ECX,ECX
CMP EAX,DWORD PTR SS:[LOCAL.4]
SETE CL
MOVZX EDX,CL
TEST EDX,EDX
JNE SHORT 004072DD
CALL 0042E888
/XOR EAX,EAX
\JNE SHORT 004072DD
MOV ECX,DWORD PTR SS:[ARG.3]
XOR EDX,EDX
CMP ECX,DWORD PTR SS:[LOCAL.3]
SETE DL
MOVZX EAX,DL
TEST EAX,EAX
JE SHORT 0040735C
MOV ECX,DWORD PTR SS:[ARG.3]
MOV DWORD PTR SS:[LOCAL.40],ECX
MOV ECX,DWORD PTR SS:[ARG.4]
CALL 0040E6B0
PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.40]
ADD ECX,0C
CALL 0040E6B0
PUSH EAX
CALL 0042E980

;
;
;
;
;
;

83C4 08
33D2
85C0
0F9CC2
0FB6C2

ADD ESP,8
XOR EDX,EDX
TEST EAX,EAX
SETL DL
MOVZX EAX,DL

/Arg2
|
|
|
|Arg1
\SystemIn

00407326 |.
00407328 |.
0040732A |.
0040732D |.
00407333 |.
00407336 |.
[ARG.4]
00407337 |.
0040733D |.
[ARG.3]
0040733E |.
00407340 |.
00407343 |.
[ARG.1]
00407344 |.
0040734A |.
fo.00408760
0040734F |.
00407352 \.
00407357 >
0040735C />
00407362 |.
00407365 |.
0040736B |.
00407371 |.
ARG.ECX
00407372 |.
00407378 |.
[ARG.ECX+18]
00407379 |.
0040737C |.
fo.004290F0
00407381 |.
00407383 |.
00407387 |.
0040738A |.
0040738D |.
0040738F |.
00407391 |.
00407394 |.
00407396 |.
00407399 |.
0040739C |.
0040739F |.
004073A1 |.
004073A3 |>
004073A8 |>
004073AA |.^
004073AC |.
004073AF |.
004073B1 |.
004073B4 |.
004073B7 |.
004073BA |.
004073BC |.
004073BE |.
004073C4 |.
004073C7 |.
004073CA |.
004073D0 |.

85C0
75 2D
8B4D 10
898D 5CFFFFFF
8B55 14
52

TEST EAX,EAX
JNE SHORT 00407357
MOV ECX,DWORD PTR SS:[ARG.3]
MOV DWORD PTR SS:[LOCAL.41],ECX
MOV EDX,DWORD PTR SS:[ARG.4]
PUSH EDX

; /Arg4 =>

8B85 5CFFFFFF MOV EAX,DWORD PTR SS:[LOCAL.41]


50
PUSH EAX

; |
; |Arg3 =>

6A 01
8B4D 08
51

; |Arg2 = 1
; |
; |Arg1 =>

PUSH 1
MOV ECX,DWORD PTR SS:[ARG.1]
PUSH ECX

8B8D 40FEFFFF MOV ECX,DWORD PTR SS:[LOCAL.112]


E8 11140000 CALL 00408760

; |
; \SystemIn

8B45 08
E9 FE060000
E9 3E030000
8B95 40FEFFFF
8B42 18
8985 0CFFFFFF
8B8D 40FEFFFF
51

; /Arg2 =>

MOV EAX,DWORD
JMP 00407A55
JMP 0040769A
MOV EDX,DWORD
MOV EAX,DWORD
MOV DWORD PTR
MOV ECX,DWORD
PUSH ECX

PTR SS:[ARG.1]
PTR SS:[LOCAL.112]
PTR DS:[EDX+18]
SS:[LOCAL.61],EAX
PTR SS:[LOCAL.112]

8B95 0CFFFFFF MOV EDX,DWORD PTR SS:[LOCAL.61]


52
PUSH EDX

; |
; |Arg1 =>

8D4D E8
E8 6F1D0200

LEA ECX,[LOCAL.6]
CALL 004290F0

; |
; \SystemIn

33C0
837D 0C 00
0F95C0
0FB6C8
85C9
74 12
8B55 0C
33C0
3B55 E8
0F94C0
0FB6C8
85C9
75 05
E8 E0740200
33D2
75 FC
8B45 10
33C9
3B45 EC
0F94C1
0FB6D1
85D2
74 7D
8B85 40FEFFFF
8B48 18
83C1 08
898D 08FFFFFF
8B95 08FFFFFF

XOR EAX,EAX
CMP DWORD PTR SS:[ARG.2],0
SETNE AL
MOVZX ECX,AL
TEST ECX,ECX
JE SHORT 004073A3
MOV EDX,DWORD PTR SS:[ARG.2]
XOR EAX,EAX
CMP EDX,DWORD PTR SS:[LOCAL.6]
SETE AL
MOVZX ECX,AL
TEST ECX,ECX
JNE SHORT 004073A8
CALL 0042E888
/XOR EDX,EDX
\JNE SHORT 004073A8
MOV EAX,DWORD PTR SS:[ARG.3]
XOR ECX,ECX
CMP EAX,DWORD PTR SS:[LOCAL.5]
SETE CL
MOVZX EDX,CL
TEST EDX,EDX
JE SHORT 0040743B
MOV EAX,DWORD PTR SS:[LOCAL.112]
MOV ECX,DWORD PTR DS:[EAX+18]
ADD ECX,8
MOV DWORD PTR SS:[LOCAL.62],ECX
MOV EDX,DWORD PTR SS:[LOCAL.62]

004073D6 |.
004073D8 |.
004073DB |.
004073E1 |.
004073E7 |.
004073EC |.
004073ED |.
004073F0 |.
004073F5 |.
004073F6 |.
fo.0042E980
004073FB |.
004073FE |.
00407400 |.
00407402 |.
00407405 |.
00407408 |.
0040740A |.
0040740C |.
0040740F |.
[ARG.4]
00407410 |.
00407416 |.
00407419 |.
0040741C |.
0040741D |.
0040741F |.
00407422 |.
[ARG.1]
00407423 |.
00407429 |.
fo.00408760
0040742E |.
00407431 \.
00407436 >
0040743B />
0040743E |.
00407444 |.
00407447 |.
0040744C |.
0040744D |.
00407453 |.
00407456 |.
0040745B |.
0040745C |.
fo.0042E980
00407461 |.
00407464 |.
00407466 |.
00407468 |.
0040746B |.
0040746E |.
00407470 |.
00407476 |.
00407479 |.
0040747C |.
0040747F |.
00407482 |.
00407485 |.
0040748A |.

8B02
83C0 0C
8985 04FFFFFF
8B8D 04FFFFFF
E8 C4720000
50
8B4D 14
E8 BB720000
50
E8 85750200

MOV EAX,DWORD
ADD EAX,0C
MOV DWORD PTR
MOV ECX,DWORD
CALL 0040E6B0
PUSH EAX
MOV ECX,DWORD
CALL 0040E6B0
PUSH EAX
CALL 0042E980

PTR DS:[EDX]

83C4 08
33C9
85C0
0F9CC1
0FB6D1
85D2
75 2A
8B45 14
50

ADD ESP,8
XOR ECX,ECX
TEST EAX,EAX
SETL CL
MOVZX EDX,CL
TEST EDX,EDX
JNE SHORT 00407436
MOV EAX,DWORD PTR SS:[ARG.4]
PUSH EAX

; /Arg4 =>

8B8D 40FEFFFF
8B51 18
8B42 08
50
6A 00
8B4D 08
51

MOV ECX,DWORD
MOV EDX,DWORD
MOV EAX,DWORD
PUSH EAX
PUSH 0
MOV ECX,DWORD
PUSH ECX

;
;
;
;
;
;
;

SS:[LOCAL.63],EAX
PTR SS:[LOCAL.63]
PTR SS:[ARG.4]

PTR SS:[LOCAL.112]
PTR DS:[ECX+18]
PTR DS:[EDX+8]
PTR SS:[ARG.1]

;
;
;
;
;

/Arg2
|
|
|Arg1
\SystemIn

|
|
|
|Arg3
|Arg2 = 0
|
|Arg1 =>

8B8D 40FEFFFF MOV ECX,DWORD PTR SS:[LOCAL.112]


E8 32130000 CALL 00408760

; |
; \SystemIn

8B45 08
E9 1F060000
E9 5F020000
8B55 10
8995 B4FEFFFF
8B4D 14
E8 64720000
50
8B8D B4FEFFFF
83C1 0C
E8 55720000
50
E8 1F750200

MOV EAX,DWORD
JMP 00407A55
JMP 0040769A
MOV EDX,DWORD
MOV DWORD PTR
MOV ECX,DWORD
CALL 0040E6B0
PUSH EAX
MOV ECX,DWORD
ADD ECX,0C
CALL 0040E6B0
PUSH EAX
CALL 0042E980

;
;
;
;
;
;

83C4 08
33C9
85C0
0F9CC1
0FB6D1
85D2
0F85 C6000000
8B45 0C
8945 F8
8B4D 10
894D FC
8D4D F8
E8 26310000
8B55 FC

ADD ESP,8
XOR ECX,ECX
TEST EAX,EAX
SETL CL
MOVZX EDX,CL
TEST EDX,EDX
JNE 0040753C
MOV EAX,DWORD PTR SS:[ARG.2]
MOV DWORD PTR SS:[LOCAL.2],EAX
MOV ECX,DWORD PTR SS:[ARG.3]
MOV DWORD PTR SS:[LOCAL.1],ECX
LEA ECX,[LOCAL.2]
CALL 0040A5B0
MOV EDX,DWORD PTR SS:[LOCAL.1]

PTR SS:[ARG.1]
PTR SS:[ARG.3]
SS:[LOCAL.83],EDX
PTR SS:[ARG.4]
PTR SS:[LOCAL.83]

/Arg2
|
|
|
|Arg1
\SystemIn

0040748D |.
00407493 |.
00407499 |.
0040749C |.
004074A1 |.
004074A2 |.
004074A5 |.
004074AA |.
004074AB |.
fo.0042E980
004074B0 |.
004074B3 |.
004074B5 |.
004074B7 |.
004074BA |.
004074BD |.
004074BF |.
004074C1 |.
004074C4 |.
004074CA |.
004074D0 |.
004074D3 |.
004074D7 |.
004074D9 |.
004074DB |.
004074DE |.
004074E4 |.
004074E7 |.
[ARG.4]
004074E8 |.
004074EE |.
[ARG.3]
004074EF |.
004074F1 |.
004074F4 |.
[ARG.1]
004074F5 |.
004074FB |.
fo.00408760
00407500 |.
00407503 |.
00407508 |.
0040750A |>
0040750D |.
00407513 |.
00407516 |.
[ARG.4]
00407517 |.
0040751D |.
[ARG.3]
0040751E |.
00407520 |.
00407523 |.
[ARG.1]
00407524 |.
0040752A |.
fo.00408760
0040752F |.
00407532 \.
00407537 >

8995 B0FEFFFF
8B8D B0FEFFFF
83C1 0C
E8 0F720000
50
8B4D 14
E8 06720000
50
E8 D0740200

MOV DWORD PTR SS:[LOCAL.84],EDX


MOV ECX,DWORD PTR SS:[LOCAL.84]
ADD ECX,0C
CALL 0040E6B0
PUSH EAX
MOV ECX,DWORD PTR SS:[ARG.4]
CALL 0040E6B0
PUSH EAX
CALL 0042E980

;
;
;
;
;

83C4 08
33C9
85C0
0F9CC1
0FB6D1
85D2
75 7B
8B45 FC
8985 ACFEFFFF
8B8D ACFEFFFF
8B51 08
0FBE42 5D
85C0
74 2F
8B4D FC
898D A8FEFFFF
8B55 14
52

ADD ESP,8
XOR ECX,ECX
TEST EAX,EAX
SETL CL
MOVZX EDX,CL
TEST EDX,EDX
JNE SHORT 0040753C
MOV EAX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR SS:[LOCAL.85],EAX
MOV ECX,DWORD PTR SS:[LOCAL.85]
MOV EDX,DWORD PTR DS:[ECX+8]
MOVSX EAX,BYTE PTR DS:[EDX+5D]
TEST EAX,EAX
JE SHORT 0040750A
MOV ECX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR SS:[LOCAL.86],ECX
MOV EDX,DWORD PTR SS:[ARG.4]
PUSH EDX

; /Arg4 =>

8B85 A8FEFFFF MOV EAX,DWORD PTR SS:[LOCAL.86]


50
PUSH EAX

; |
; |Arg3 =>

6A 00
8B4D 08
51

; |Arg2 = 0
; |
; |Arg1 =>

PUSH 0
MOV ECX,DWORD PTR SS:[ARG.1]
PUSH ECX

/Arg2
|
|
|Arg1
\SystemIn

8B8D 40FEFFFF MOV ECX,DWORD PTR SS:[LOCAL.112]


E8 60120000 CALL 00408760

; |
; \SystemIn

8B45 08
E9 4D050000
EB 2D
8B55 10
8995 A4FEFFFF
8B45 14
50

MOV EAX,DWORD PTR SS:[ARG.1]


JMP 00407A55
JMP SHORT 00407537
MOV EDX,DWORD PTR SS:[ARG.3]
MOV DWORD PTR SS:[LOCAL.87],EDX
MOV EAX,DWORD PTR SS:[ARG.4]
PUSH EAX

; /Arg4 =>

8B8D A4FEFFFF MOV ECX,DWORD PTR SS:[LOCAL.87]


51
PUSH ECX

; |
; |Arg3 =>

6A 01
8B55 08
52

; |Arg2 = 1
; |
; |Arg1 =>

PUSH 1
MOV EDX,DWORD PTR SS:[ARG.1]
PUSH EDX

8B8D 40FEFFFF MOV ECX,DWORD PTR SS:[LOCAL.112]


E8 31120000 CALL 00408760
8B45 08
E9 1E050000
E9 5E010000

MOV EAX,DWORD PTR SS:[ARG.1]


JMP 00407A55
JMP 0040769A

; |
; \SystemIn

0040753C />
0040753F |.
00407545 |.
0040754B |.
0040754E |.
00407553 |.
00407554 |.
00407557 |.
0040755C |.
0040755D |.
fo.0042E980
00407562 |.
00407565 |.
00407567 |.
00407569 |.
0040756C |.
0040756F |.
00407571 |.
00407577 |.
0040757A |.
0040757D |.
00407580 |.
00407583 |.
00407589 |.
0040758C |.
00407592 |.
00407598 |.
ARG.ECX
00407599 |.
0040759F |.
[ARG.ECX+18]
004075A0 |.
004075A3 |.
fo.004290F0
004075A8 |.
004075AB |.
fo.0040A6B0
004075B0 |.
004075B2 |.
004075B6 |.
004075B9 |.
004075BC |.
004075BE |.
004075C0 |.
004075C3 |.
004075C5 |.
004075C8 |.
004075CB |.
004075CE |.
004075D0 |.
004075D2 |>
004075D7 |>
004075D9 |.^
004075DB |.
004075DE |.
004075E0 |.
004075E3 |.
004075E6 |.
004075E9 |.
004075EB |.

8B45 10
8985 A0FEFFFF
8B8D A0FEFFFF
83C1 0C
E8 5D710000
50
8B4D 14
E8 54710000
50
E8 1E740200

MOV EAX,DWORD
MOV DWORD PTR
MOV ECX,DWORD
ADD ECX,0C
CALL 0040E6B0
PUSH EAX
MOV ECX,DWORD
CALL 0040E6B0
PUSH EAX
CALL 0042E980

83C4 08
33C9
85C0
0F9CC1
0FB6D1
85D2
0F85 23010000
8B45 0C
8945 F8
8B4D 10
894D FC
8B95 40FEFFFF
8B42 18
8985 9CFEFFFF
8B8D 40FEFFFF
51

ADD ESP,8
XOR ECX,ECX
TEST EAX,EAX
SETL CL
MOVZX EDX,CL
TEST EDX,EDX
JNE 0040769A
MOV EAX,DWORD
MOV DWORD PTR
MOV ECX,DWORD
MOV DWORD PTR
MOV EDX,DWORD
MOV EAX,DWORD
MOV DWORD PTR
MOV ECX,DWORD
PUSH ECX

PTR SS:[ARG.3]
SS:[LOCAL.88],EAX
PTR SS:[LOCAL.88]

PTR SS:[ARG.4]

;
;
;
;
;

/Arg2
|
|
|Arg1
\SystemIn

PTR SS:[ARG.2]
SS:[LOCAL.2],EAX
PTR SS:[ARG.3]
SS:[LOCAL.1],ECX
PTR SS:[LOCAL.112]
PTR DS:[EDX+18]
SS:[LOCAL.89],EAX
PTR SS:[LOCAL.112]
; /Arg2 =>

8B95 9CFEFFFF MOV EDX,DWORD PTR SS:[LOCAL.89]


52
PUSH EDX

; |
; |Arg1 =>

8D4D E0
E8 481B0200

LEA ECX,[LOCAL.8]
CALL 004290F0

; |
; \SystemIn

8D4D F8
E8 00310000

LEA ECX,[LOCAL.2]
CALL 0040A6B0

; [SystemIn

33C0
837D F8 00
0F95C0
0FB6C8
85C9
74 12
8B55 F8
33C0
3B55 E0
0F94C0
0FB6C8
85C9
75 05
E8 B1720200
33D2
75 FC
8B45 FC
33C9
3B45 E4
0F94C1
0FB6D1
85D2
75 37

XOR EAX,EAX
CMP DWORD PTR SS:[LOCAL.2],0
SETNE AL
MOVZX ECX,AL
TEST ECX,ECX
JE SHORT 004075D2
MOV EDX,DWORD PTR SS:[LOCAL.2]
XOR EAX,EAX
CMP EDX,DWORD PTR SS:[LOCAL.8]
SETE AL
MOVZX ECX,AL
TEST ECX,ECX
JNE SHORT 004075D7
CALL 0042E888
/XOR EDX,EDX
\JNE SHORT 004075D7
MOV EAX,DWORD PTR SS:[LOCAL.1]
XOR ECX,ECX
CMP EAX,DWORD PTR SS:[LOCAL.7]
SETE CL
MOVZX EDX,CL
TEST EDX,EDX
JNE SHORT 00407624

004075ED |.
004075F0 |.
004075F6 |.
004075F9 |.
004075FE |.
004075FF |.
00407605 |.
00407608 |.
0040760D |.
0040760E |.
fo.0042E980
00407613 |.
00407616 |.
00407618 |.
0040761A |.
0040761D |.
00407620 |.
00407622 |.
00407624 |>
00407627 |.
0040762D |.
00407633 |.
00407636 |.
0040763A |.
0040763C |.
0040763E |.
00407641 |.
00407647 |.
0040764A |.
[ARG.4]
0040764B |.
00407651 |.
[ARG.3]
00407652 |.
00407654 |.
00407657 |.
[ARG.1]
00407658 |.
0040765E |.
fo.00408760
00407663 |.
00407666 |.
0040766B |.
0040766D |>
00407670 |.
00407676 |.
00407679 |.
[ARG.4]
0040767A |.
00407680 |.
[ARG.3]
00407681 |.
00407683 |.
00407686 |.
[ARG.1]
00407687 |.
0040768D |.
fo.00408760
00407692 |.
00407695 \.

8B45 FC
8985 98FEFFFF
8B4D 14
E8 B2700000
50
8B8D 98FEFFFF
83C1 0C
E8 A3700000
50
E8 6D730200

MOV EAX,DWORD
MOV DWORD PTR
MOV ECX,DWORD
CALL 0040E6B0
PUSH EAX
MOV ECX,DWORD
ADD ECX,0C
CALL 0040E6B0
PUSH EAX
CALL 0042E980

PTR SS:[LOCAL.1]
SS:[LOCAL.90],EAX
PTR SS:[ARG.4]

83C4 08
33C9
85C0
0F9CC1
0FB6D1
85D2
75 76
8B45 10
8985 94FEFFFF
8B8D 94FEFFFF
8B51 08
0FBE42 5D
85C0
74 2F
8B4D 10
898D 90FEFFFF
8B55 14
52

ADD ESP,8
XOR ECX,ECX
TEST EAX,EAX
SETL CL
MOVZX EDX,CL
TEST EDX,EDX
JNE SHORT 0040769A
MOV EAX,DWORD PTR SS:[ARG.3]
MOV DWORD PTR SS:[LOCAL.91],EAX
MOV ECX,DWORD PTR SS:[LOCAL.91]
MOV EDX,DWORD PTR DS:[ECX+8]
MOVSX EAX,BYTE PTR DS:[EDX+5D]
TEST EAX,EAX
JE SHORT 0040766D
MOV ECX,DWORD PTR SS:[ARG.3]
MOV DWORD PTR SS:[LOCAL.92],ECX
MOV EDX,DWORD PTR SS:[ARG.4]
PUSH EDX

; /Arg4 =>

8B85 90FEFFFF MOV EAX,DWORD PTR SS:[LOCAL.92]


50
PUSH EAX

; |
; |Arg3 =>

6A 00
8B4D 08
51

; |Arg2 = 0
; |
; |Arg1 =>

PTR SS:[LOCAL.90]

PUSH 0
MOV ECX,DWORD PTR SS:[ARG.1]
PUSH ECX

;
;
;
;
;
;

/Arg2
|
|
|
|Arg1
\SystemIn

8B8D 40FEFFFF MOV ECX,DWORD PTR SS:[LOCAL.112]


E8 FD100000 CALL 00408760

; |
; \SystemIn

8B45 08
E9 EA030000
EB 2D
8B55 FC
8995 8CFEFFFF
8B45 14
50

MOV EAX,DWORD PTR SS:[ARG.1]


JMP 00407A55
JMP SHORT 0040769A
MOV EDX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR SS:[LOCAL.93],EDX
MOV EAX,DWORD PTR SS:[ARG.4]
PUSH EAX

; /Arg4 =>

8B8D 8CFEFFFF MOV ECX,DWORD PTR SS:[LOCAL.93]


51
PUSH ECX

; |
; |Arg3 =>

6A 01
8B55 08
52

; |Arg2 = 1
; |
; |Arg1 =>

PUSH 1
MOV EDX,DWORD PTR SS:[ARG.1]
PUSH EDX

8B8D 40FEFFFF MOV ECX,DWORD PTR SS:[LOCAL.112]


E8 CE100000 CALL 00408760
8B45 08
E9 BB030000

MOV EAX,DWORD PTR SS:[ARG.1]


JMP 00407A55

; |
; \SystemIn

0040769A > E9 93030000


0040769F /> 8B85 40FEFFFF
004076A5 |. 8B48 18
004076A8 |. 898D 88FEFFFF
004076AE |. 8B95 88FEFFFF
004076B4 |. 8B02
004076B6 |. 8985 84FEFFFF
004076BC |. 8B8D 40FEFFFF
004076C2 |. 51
ARG.ECX
004076C3 |. 8B95 84FEFFFF
004076C9 |. 52
[LOCAL.95]
004076CA |. 8D4D D8
004076CD |. E8 1E1A0200
fo.004290F0
004076D2 |. 8D45 D8
004076D5 |. 50
OFFSET LOCAL.10
004076D6 |. 8D4D 0C
004076D9 |. E8 82F6FFFF
fo.00406D60
004076DE |. 0FB6C8
004076E1 |. 85C9
004076E3 |. 74 69
004076E5 |. 8B55 10
004076E8 |. 8995 80FEFFFF
004076EE |. 8B8D 80FEFFFF
004076F4 |. 83C1 0C
004076F7 |. E8 B46F0000
004076FC |. 50
004076FD |. 8B4D 14
00407700 |. E8 AB6F0000
00407705 |. 50
00407706 |. E8 75720200
fo.0042E980
0040770B |. 83C4 08
0040770E |. 33C9
00407710 |. 85C0
00407712 |. 0F9CC1
00407715 |. 0FB6D1
00407718 |. 85D2
0040771A |. 74 2D
0040771C |. 8B45 10
0040771F |. 8985 7CFEFFFF
00407725 |. 8B4D 14
00407728 |. 51
[ARG.4]
00407729 |. 8B95 7CFEFFFF
0040772F |. 52
[ARG.3]
00407730 |. 6A 01
00407732 |. 8B45 08
00407735 |. 50
[ARG.1]
00407736 |. 8B8D 40FEFFFF
0040773C |. E8 1F100000
fo.00408760
00407741 |. 8B45 08
00407744 \. E9 0C030000

JMP 00407A32
MOV EAX,DWORD
MOV ECX,DWORD
MOV DWORD PTR
MOV EDX,DWORD
MOV EAX,DWORD
MOV DWORD PTR
MOV ECX,DWORD
PUSH ECX

PTR SS:[LOCAL.112]
PTR DS:[EAX+18]
SS:[LOCAL.94],ECX
PTR SS:[LOCAL.94]
PTR DS:[EDX]
SS:[LOCAL.95],EAX
PTR SS:[LOCAL.112]
; /Arg2 =>

MOV EDX,DWORD PTR SS:[LOCAL.95]


PUSH EDX

; |
; |Arg1 =>

LEA ECX,[LOCAL.10]
CALL 004290F0

; |
; \SystemIn

LEA EAX,[LOCAL.10]
PUSH EAX

; /Arg1 =>

LEA ECX,[ARG.2]
CALL 00406D60

; |
; \SystemIn

MOVZX ECX,AL
TEST ECX,ECX
JE SHORT 0040774E
MOV EDX,DWORD PTR SS:[ARG.3]
MOV DWORD PTR SS:[LOCAL.96],EDX
MOV ECX,DWORD PTR SS:[LOCAL.96]
ADD ECX,0C
CALL 0040E6B0
PUSH EAX
MOV ECX,DWORD PTR SS:[ARG.4]
CALL 0040E6B0
PUSH EAX
CALL 0042E980

;
;
;
;
;

ADD ESP,8
XOR ECX,ECX
TEST EAX,EAX
SETL CL
MOVZX EDX,CL
TEST EDX,EDX
JE SHORT 00407749
MOV EAX,DWORD PTR SS:[ARG.3]
MOV DWORD PTR SS:[LOCAL.97],EAX
MOV ECX,DWORD PTR SS:[ARG.4]
PUSH ECX

; /Arg4 =>

MOV EDX,DWORD PTR SS:[LOCAL.97]


PUSH EDX

; |
; |Arg3 =>

PUSH 1
MOV EAX,DWORD PTR SS:[ARG.1]
PUSH EAX

; |Arg2 = 1
; |
; |Arg1 =>

MOV ECX,DWORD PTR SS:[LOCAL.112]


CALL 00408760

; |
; \SystemIn

MOV EAX,DWORD PTR SS:[ARG.1]


JMP 00407A55

/Arg2
|
|
|Arg1
\SystemIn

00407749 > E9 E4020000


0040774E /> 8B8D 40FEFFFF
00407754 |. 8B51 18
00407757 |. 8995 78FEFFFF
0040775D |. 8B85 40FEFFFF
00407763 |. 50
ARG.ECX
00407764 |. 8B8D 78FEFFFF
0040776A |. 51
[ARG.ECX+18]
0040776B |. 8D4D D0
0040776E |. E8 7D190200
fo.004290F0
00407773 |. 8D55 D0
00407776 |. 52
OFFSET LOCAL.12
00407777 |. 8D4D 0C
0040777A |. E8 E1F5FFFF
fo.00406D60
0040777F |. 0FB6C0
00407782 |. 85C0
00407784 |. 74 7D
00407786 |. 8B8D 40FEFFFF
0040778C |. 8B51 18
0040778F |. 83C2 08
00407792 |. 8995 74FEFFFF
00407798 |. 8B85 74FEFFFF
0040779E |. 8B08
004077A0 |. 83C1 0C
004077A3 |. 898D 70FEFFFF
004077A9 |. 8B4D 14
004077AC |. E8 FF6E0000
004077B1 |. 50
004077B2 |. 8B8D 70FEFFFF
004077B8 |. E8 F36E0000
004077BD |. 50
004077BE |. E8 BD710200
fo.0042E980
004077C3 |. 83C4 08
004077C6 |. 33D2
004077C8 |. 85C0
004077CA |. 0F9CC2
004077CD |. 0FB6C2
004077D0 |. 85C0
004077D2 |. 74 2A
004077D4 |. 8B4D 14
004077D7 |. 51
[ARG.4]
004077D8 |. 8B95 40FEFFFF
004077DE |. 8B42 18
004077E1 |. 8B48 08
004077E4 |. 51
004077E5 |. 6A 00
004077E7 |. 8B55 08
004077EA |. 52
[ARG.1]
004077EB |. 8B8D 40FEFFFF
004077F1 |. E8 6A0F0000
fo.00408760
004077F6 |. 8B45 08

JMP 00407A32
MOV ECX,DWORD
MOV EDX,DWORD
MOV DWORD PTR
MOV EAX,DWORD
PUSH EAX

PTR SS:[LOCAL.112]
PTR DS:[ECX+18]
SS:[LOCAL.98],EDX
PTR SS:[LOCAL.112]
; /Arg2 =>

MOV ECX,DWORD PTR SS:[LOCAL.98]


PUSH ECX

; |
; |Arg1 =>

LEA ECX,[LOCAL.12]
CALL 004290F0

; |
; \SystemIn

LEA EDX,[LOCAL.12]
PUSH EDX

; /Arg1 =>

LEA ECX,[ARG.2]
CALL 00406D60

; |
; \SystemIn

MOVZX EAX,AL
TEST EAX,EAX
JE SHORT 00407803
MOV ECX,DWORD PTR SS:[LOCAL.112]
MOV EDX,DWORD PTR DS:[ECX+18]
ADD EDX,8
MOV DWORD PTR SS:[LOCAL.99],EDX
MOV EAX,DWORD PTR SS:[LOCAL.99]
MOV ECX,DWORD PTR DS:[EAX]
ADD ECX,0C
MOV DWORD PTR SS:[LOCAL.100],ECX
MOV ECX,DWORD PTR SS:[ARG.4]
CALL 0040E6B0
PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.100]
CALL 0040E6B0
PUSH EAX
CALL 0042E980

;
;
;
;
;

ADD ESP,8
XOR EDX,EDX
TEST EAX,EAX
SETL DL
MOVZX EAX,DL
TEST EAX,EAX
JE SHORT 004077FE
MOV ECX,DWORD PTR SS:[ARG.4]
PUSH ECX

; /Arg4 =>

MOV EDX,DWORD
MOV EAX,DWORD
MOV ECX,DWORD
PUSH ECX
PUSH 0
MOV EDX,DWORD
PUSH EDX

;
;
;
;
;
;
;

PTR SS:[LOCAL.112]
PTR DS:[EDX+18]
PTR DS:[EAX+8]
PTR SS:[ARG.1]

MOV ECX,DWORD PTR SS:[LOCAL.112]


CALL 00408760
MOV EAX,DWORD PTR SS:[ARG.1]

/Arg2
|
|
|Arg1
\SystemIn

|
|
|
|Arg3
|Arg2 = 0
|
|Arg1 =>

; |
; \SystemIn

004077F9 \.
004077FE >
00407803 />
00407806 |.
0040780C |.
00407812 |.
00407815 |.
0040781A |.
0040781B |.
0040781E |.
00407823 |.
00407824 |.
fo.0042E980
00407829 |.
0040782C |.
0040782E |.
00407830 |.
00407833 |.
00407836 |.
00407838 |.
0040783E |.
00407841 |.
00407844 |.
00407847 |.
0040784A |.
0040784D |.
00407852 |.
00407855 |.
0040785B |.
0040785E |.
00407863 |.
00407864 |.
0040786A |.
0040786D |.
00407872 |.
00407873 |.
fo.0042E980
00407878 |.
0040787B |.
0040787D |.
0040787F |.
00407882 |.
00407885 |.
00407887 |.
00407889 |.
0040788C |.
00407892 |.
00407898 |.
0040789B |.
0040789F |.
004078A1 |.
004078A3 |.
004078A6 |.
004078AC |.
004078AF |.
[ARG.4]
004078B0 |.
004078B6 |.
[ARG.3]
004078B7 |.

E9 57020000
E9 2F020000
8B45 10
8985 6CFEFFFF
8B8D 6CFEFFFF
83C1 0C
E8 966E0000
50
8B4D 14
E8 8D6E0000
50
E8 57710200

JMP 00407A55
JMP 00407A32
MOV EAX,DWORD
MOV DWORD PTR
MOV ECX,DWORD
ADD ECX,0C
CALL 0040E6B0
PUSH EAX
MOV ECX,DWORD
CALL 0040E6B0
PUSH EAX
CALL 0042E980

83C4 08
33C9
85C0
0F9CC1
0FB6D1
85D2
0F84 C6000000
8B45 0C
8945 F8
8B4D 10
894D FC
8D4D F8
E8 5E2D0000
8B55 FC
8995 68FEFFFF
8B4D 14
E8 4D6E0000
50
8B8D 68FEFFFF
83C1 0C
E8 3E6E0000
50
E8 08710200
83C4 08
33C9
85C0
0F9CC1
0FB6D1
85D2
74 7B
8B45 FC
8985 64FEFFFF
8B8D 64FEFFFF
8B51 08
0FBE42 5D
85C0
74 2F
8B4D FC
898D 60FEFFFF
8B55 14
52

PTR SS:[ARG.3]
SS:[LOCAL.101],EAX
PTR SS:[LOCAL.101]
;
;
;
;
;

/Arg2
|
|
|Arg1
\SystemIn

ADD ESP,8
XOR ECX,ECX
TEST EAX,EAX
SETL CL
MOVZX EDX,CL
TEST EDX,EDX
JE 00407904
MOV EAX,DWORD PTR SS:[ARG.2]
MOV DWORD PTR SS:[LOCAL.2],EAX
MOV ECX,DWORD PTR SS:[ARG.3]
MOV DWORD PTR SS:[LOCAL.1],ECX
LEA ECX,[LOCAL.2]
CALL 0040A5B0
MOV EDX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR SS:[LOCAL.102],EDX
MOV ECX,DWORD PTR SS:[ARG.4]
CALL 0040E6B0
PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.102]
ADD ECX,0C
CALL 0040E6B0
PUSH EAX
CALL 0042E980

;
;
;
;
;
;

/Arg2
|
|
|
|Arg1
\SystemIn

ADD ESP,8
XOR ECX,ECX
TEST EAX,EAX
SETL CL
MOVZX EDX,CL
TEST EDX,EDX
JE SHORT 00407904
MOV EAX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR SS:[LOCAL.103],EAX
MOV ECX,DWORD PTR SS:[LOCAL.103]
MOV EDX,DWORD PTR DS:[ECX+8]
MOVSX EAX,BYTE PTR DS:[EDX+5D]
TEST EAX,EAX
JE SHORT 004078D2
MOV ECX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR SS:[LOCAL.104],ECX
MOV EDX,DWORD PTR SS:[ARG.4]
PUSH EDX

; /Arg4 =>

8B85 60FEFFFF MOV EAX,DWORD PTR SS:[LOCAL.104]


50
PUSH EAX

; |
; |Arg3 =>

6A 00

; |Arg2 = 0

PUSH 0

PTR SS:[ARG.4]

004078B9 |.
004078BC |.
[ARG.1]
004078BD |.
004078C3 |.
fo.00408760
004078C8 |.
004078CB |.
004078D0 |.
004078D2 |>
004078D5 |.
004078DB |.
004078DE |.
[ARG.4]
004078DF |.
004078E5 |.
[ARG.3]
004078E6 |.
004078E8 |.
004078EB |.
[ARG.1]
004078EC |.
004078F2 |.
fo.00408760
004078F7 |.
004078FA \.
004078FF >
00407904 />
00407907 |.
0040790D |.
00407910 |.
00407915 |.
00407916 |.
0040791C |.
0040791F |.
00407924 |.
00407925 |.
fo.0042E980
0040792A |.
0040792D |.
0040792F |.
00407931 |.
00407934 |.
00407937 |.
00407939 |.
0040793F |.
00407942 |.
00407945 |.
00407948 |.
0040794B |.
00407951 |.
00407954 |.
0040795A |.
00407960 |.
ARG.ECX
00407961 |.
00407967 |.
[ARG.ECX+18]
00407968 |.
0040796B |.

8B4D 08
51

MOV ECX,DWORD PTR SS:[ARG.1]


PUSH ECX

; |
; |Arg1 =>

8B8D 40FEFFFF MOV ECX,DWORD PTR SS:[LOCAL.112]


E8 980E0000 CALL 00408760

; |
; \SystemIn

8B45 08
E9 85010000
EB 2D
8B55 10
8995 5CFEFFFF
8B45 14
50

MOV EAX,DWORD PTR SS:[ARG.1]


JMP 00407A55
JMP SHORT 004078FF
MOV EDX,DWORD PTR SS:[ARG.3]
MOV DWORD PTR SS:[LOCAL.105],EDX
MOV EAX,DWORD PTR SS:[ARG.4]
PUSH EAX

; /Arg4 =>

8B8D 5CFEFFFF MOV ECX,DWORD PTR SS:[LOCAL.105]


51
PUSH ECX

; |
; |Arg3 =>

6A 01
8B55 08
52

; |Arg2 = 1
; |
; |Arg1 =>

PUSH 1
MOV EDX,DWORD PTR SS:[ARG.1]
PUSH EDX

8B8D 40FEFFFF MOV ECX,DWORD PTR SS:[LOCAL.112]


E8 690E0000 CALL 00408760

; |
; \SystemIn

8B45 08
E9 56010000
E9 2E010000
8B45 10
8985 58FEFFFF
8B4D 14
E8 9B6D0000
50
8B8D 58FEFFFF
83C1 0C
E8 8C6D0000
50
E8 56700200

MOV EAX,DWORD
JMP 00407A55
JMP 00407A32
MOV EAX,DWORD
MOV DWORD PTR
MOV ECX,DWORD
CALL 0040E6B0
PUSH EAX
MOV ECX,DWORD
ADD ECX,0C
CALL 0040E6B0
PUSH EAX
CALL 0042E980

;
;
;
;
;
;

83C4 08
33C9
85C0
0F9CC1
0FB6D1
85D2
0F84 F3000000
8B45 0C
8945 F8
8B4D 10
894D FC
8B95 40FEFFFF
8B42 18
8985 54FEFFFF
8B8D 40FEFFFF
51

ADD ESP,8
XOR ECX,ECX
TEST EAX,EAX
SETL CL
MOVZX EDX,CL
TEST EDX,EDX
JE 00407A32
MOV EAX,DWORD
MOV DWORD PTR
MOV ECX,DWORD
MOV DWORD PTR
MOV EDX,DWORD
MOV EAX,DWORD
MOV DWORD PTR
MOV ECX,DWORD
PUSH ECX

PTR SS:[ARG.1]
PTR SS:[ARG.3]
SS:[LOCAL.106],EAX
PTR SS:[ARG.4]
PTR SS:[LOCAL.106]

/Arg2
|
|
|
|Arg1
\SystemIn

PTR SS:[ARG.2]
SS:[LOCAL.2],EAX
PTR SS:[ARG.3]
SS:[LOCAL.1],ECX
PTR SS:[LOCAL.112]
PTR DS:[EDX+18]
SS:[LOCAL.107],EAX
PTR SS:[LOCAL.112]
; /Arg2 =>

8B95 54FEFFFF MOV EDX,DWORD PTR SS:[LOCAL.107]


52
PUSH EDX

; |
; |Arg1 =>

8D4D C8
E8 80170200

; |
; \SystemIn

LEA ECX,[LOCAL.14]
CALL 004290F0

fo.004290F0
00407970 |. 8D4D F8
00407973 |. E8 382D0000
fo.0040A6B0
00407978 |. 8D45 C8
0040797B |. 50
OFFSET LOCAL.14
0040797C |. 8D4D F8
0040797F |. E8 DCF3FFFF
fo.00406D60
00407984 |. 0FB6C8
00407987 |. 85C9
00407989 |. 75 37
0040798B |. 8B55 FC
0040798E |. 8995 50FEFFFF
00407994 |. 8B8D 50FEFFFF
0040799A |. 83C1 0C
0040799D |. E8 0E6D0000
004079A2 |. 50
004079A3 |. 8B4D 14
004079A6 |. E8 056D0000
004079AB |. 50
004079AC |. E8 CF6F0200
fo.0042E980
004079B1 |. 83C4 08
004079B4 |. 33C9
004079B6 |. 85C0
004079B8 |. 0F9CC1
004079BB |. 0FB6D1
004079BE |. 85D2
004079C0 |. 74 70
004079C2 |> 8B45 10
004079C5 |. 8985 4CFEFFFF
004079CB |. 8B8D 4CFEFFFF
004079D1 |. 8B51 08
004079D4 |. 0FBE42 5D
004079D8 |. 85C0
004079DA |. 74 2C
004079DC |. 8B4D 10
004079DF |. 898D 48FEFFFF
004079E5 |. 8B55 14
004079E8 |. 52
[ARG.4]
004079E9 |. 8B85 48FEFFFF
004079EF |. 50
[ARG.3]
004079F0 |. 6A 00
004079F2 |. 8B4D 08
004079F5 |. 51
[ARG.1]
004079F6 |. 8B8D 40FEFFFF
004079FC |. E8 5F0D0000
fo.00408760
00407A01 |. 8B45 08
00407A04 |. EB 4F
00407A06 |. EB 2A
00407A08 |> 8B55 FC
00407A0B |. 8995 44FEFFFF
00407A11 |. 8B45 14
00407A14 |. 50

LEA ECX,[LOCAL.2]
CALL 0040A6B0

; [SystemIn

LEA EAX,[LOCAL.14]
PUSH EAX

; /Arg1 =>

LEA ECX,[LOCAL.2]
CALL 00406D60

; |
; \SystemIn

MOVZX ECX,AL
TEST ECX,ECX
JNE SHORT 004079C2
MOV EDX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR SS:[LOCAL.108],EDX
MOV ECX,DWORD PTR SS:[LOCAL.108]
ADD ECX,0C
CALL 0040E6B0
PUSH EAX
MOV ECX,DWORD PTR SS:[ARG.4]
CALL 0040E6B0
PUSH EAX
CALL 0042E980

;
;
;
;
;

ADD ESP,8
XOR ECX,ECX
TEST EAX,EAX
SETL CL
MOVZX EDX,CL
TEST EDX,EDX
JE SHORT 00407A32
MOV EAX,DWORD PTR SS:[ARG.3]
MOV DWORD PTR SS:[LOCAL.109],EAX
MOV ECX,DWORD PTR SS:[LOCAL.109]
MOV EDX,DWORD PTR DS:[ECX+8]
MOVSX EAX,BYTE PTR DS:[EDX+5D]
TEST EAX,EAX
JE SHORT 00407A08
MOV ECX,DWORD PTR SS:[ARG.3]
MOV DWORD PTR SS:[LOCAL.110],ECX
MOV EDX,DWORD PTR SS:[ARG.4]
PUSH EDX

; /Arg4 =>

MOV EAX,DWORD PTR SS:[LOCAL.110]


PUSH EAX

; |
; |Arg3 =>

PUSH 0
MOV ECX,DWORD PTR SS:[ARG.1]
PUSH ECX

; |Arg2 = 0
; |
; |Arg1 =>

MOV ECX,DWORD PTR SS:[LOCAL.112]


CALL 00408760

; |
; \SystemIn

MOV EAX,DWORD PTR SS:[ARG.1]


JMP SHORT 00407A55
JMP SHORT 00407A32
MOV EDX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR SS:[LOCAL.111],EDX
MOV EAX,DWORD PTR SS:[ARG.4]
PUSH EAX

; /Arg4 =>

/Arg2
|
|
|Arg1
\SystemIn

[ARG.4]
00407A15 |.
00407A1B |.
[ARG.3]
00407A1C |.
00407A1E |.
00407A21 |.
[ARG.1]
00407A22 |.
00407A28 |.
fo.00408760
00407A2D |.
00407A30 |.
00407A32 |>
00407A35 |.
00407A36 |.
00407A39 |.
00407A3A |.
00407A40 |.
fo.00407F70
00407A45 |.
00407A47 |.
00407A4A |.
00407A4D |.
00407A4F |.
00407A52 |.
00407A55 |>
00407A57 |.
00407A58 \.
00407A5B
00407A5C
00407A5D
00407A5E
00407A5F
00407A60 /$
00407A61 |.
00407A63 |.
00407A69 |.
00407A6F |.
00407A75 |.
00407A78 |.
00407A7B |.
00407A82 |.
00407A85 |.
00407A88 |.
00407A8F |.
00407A91 |.
00407A96 |>
00407A98 |.^
00407A9A |.
00407AA0 |.
00407AA2 |.
00407AA5 |.
00407AA8 |.
00407AAB |.
00407AAE |.
00407AB1 |.
00407AB7 |.
00407ABA |.
00407ABD |.

8B8D 44FEFFFF MOV ECX,DWORD PTR SS:[LOCAL.111]


51
PUSH ECX

; |
; |Arg3 =>

6A 01
8B55 08
52

; |Arg2 = 1
; |
; |Arg1 =>

PUSH 1
MOV EDX,DWORD PTR SS:[ARG.1]
PUSH EDX

8B8D 40FEFFFF MOV ECX,DWORD PTR SS:[LOCAL.112]


E8 330D0000 CALL 00408760

; |
; \SystemIn

8B45 08
EB 23
8B45 14
50
8D4D BC
51
8B8D 40FEFFFF
E8 2B050000

MOV EAX,DWORD PTR SS:[ARG.1]


JMP SHORT 00407A55
MOV EAX,DWORD PTR SS:[EBP+14]
PUSH EAX
LEA ECX,[EBP-44]
PUSH ECX
MOV ECX,DWORD PTR SS:[EBP-1C0]
CALL 00407F70

;
;
;
;
;

8B10
8B40 04
8B4D 08
8911
8941 04
8B45 08
8BE5
5D
C2 1000
CC
CC
CC
CC
CC
55
8BEC
81EC 90000000
898D 70FFFFFF
8B85 70FFFFFF
8B48 18
894D D4
C745 F0 00000
8B55 D4
8955 F4
83BD 70FFFFFF
75 05
E8 F26D0200
33C0
75 FC
8B8D 70FFFFFF
8B11
8955 F0
8B45 F0
8B4D F4
8945 F8
894D FC
8B95 70FFFFFF
8B42 18
8945 D0
8B4D D0

MOV EDX,DWORD PTR DS:[EAX]


MOV EAX,DWORD PTR DS:[EAX+4]
MOV ECX,DWORD PTR SS:[EBP+8]
MOV DWORD PTR DS:[ECX],EDX
MOV DWORD PTR DS:[ECX+4],EAX
MOV EAX,DWORD PTR SS:[EBP+8]
MOV ESP,EBP
POP EBP
RETN 10
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
SUB ESP,90
MOV DWORD PTR SS:[LOCAL.36],ECX
MOV EAX,DWORD PTR SS:[LOCAL.36]
MOV ECX,DWORD PTR DS:[EAX+18]
MOV DWORD PTR SS:[LOCAL.11],ECX
MOV DWORD PTR SS:[LOCAL.4],0
MOV EDX,DWORD PTR SS:[LOCAL.11]
MOV DWORD PTR SS:[LOCAL.3],EDX
CMP DWORD PTR SS:[LOCAL.36],0
JNE SHORT 00407A96
CALL 0042E888
/XOR EAX,EAX
\JNE SHORT 00407A96
MOV ECX,DWORD PTR SS:[LOCAL.36]
MOV EDX,DWORD PTR DS:[ECX]
MOV DWORD PTR SS:[LOCAL.4],EDX
MOV EAX,DWORD PTR SS:[LOCAL.4]
MOV ECX,DWORD PTR SS:[LOCAL.3]
MOV DWORD PTR SS:[LOCAL.2],EAX
MOV DWORD PTR SS:[LOCAL.1],ECX
MOV EDX,DWORD PTR SS:[LOCAL.36]
MOV EAX,DWORD PTR DS:[EDX+18]
MOV DWORD PTR SS:[LOCAL.12],EAX
MOV ECX,DWORD PTR SS:[LOCAL.12]

/Arg2
|
|Arg1
|
\SystemIn

00407AC0 |. 8B11
00407AC2 |. 8955 CC
00407AC5 |. C745 E0 00000
00407ACC |. 8B45 CC
00407ACF |. 8945 E4
00407AD2 |. 83BD 70FFFFFF
00407AD9 |. 75 05
00407ADB |. E8 A86D0200
00407AE0 |> 33C9
00407AE2 |.^ 75 FC
00407AE4 |. 8B95 70FFFFFF
00407AEA |. 8B02
00407AEC |. 8945 E0
00407AEF |. 8B4D E0
00407AF2 |. 8B55 E4
00407AF5 |. 894D E8
00407AF8 |. 8955 EC
00407AFB |. 8B45 FC
00407AFE |. 50
[ARG.ECX+18]
00407AFF |. 8B4D F8
00407B02 |. 51
[ARG.ECX]
00407B03 |. 8B55 EC
00407B06 |. 52
[LOCAL.13]
00407B07 |. 8B45 E8
00407B0A |. 50
[ARG.ECX]
00407B0B |. 8D4D D8
00407B0E |. 51
OFFSET LOCAL.10
00407B0F |. 8B8D 70FFFFFF
00407B15 |. E8 C6060000
fo.004081E0
00407B1A |. 8B95 70FFFFFF
00407B20 |. 8B42 18
00407B23 |. 8985 78FFFFFF
00407B29 |. 8B8D 70FFFFFF
00407B2F |. 8B51 18
00407B32 |. 8995 74FFFFFF
00407B38 |. 8B85 74FFFFFF
00407B3E |. 50
00407B3F |. E8 D66D0200
00407B44 |. 83C4 04
00407B47 |. 8B8D 70FFFFFF
00407B4D |. C741 18 00000
00407B54 |. 8B95 70FFFFFF
00407B5A |. C742 1C 00000
00407B61 |. 8BE5
00407B63 |. 5D
00407B64 \. C3
00407B65
CC
00407B66
CC
00407B67
CC
00407B68
CC
00407B69
CC
00407B6A
CC
00407B6B
CC
00407B6C
CC

MOV EDX,DWORD PTR DS:[ECX]


MOV DWORD PTR SS:[LOCAL.13],EDX
MOV DWORD PTR SS:[LOCAL.8],0
MOV EAX,DWORD PTR SS:[LOCAL.13]
MOV DWORD PTR SS:[LOCAL.7],EAX
CMP DWORD PTR SS:[LOCAL.36],0
JNE SHORT 00407AE0
CALL 0042E888
/XOR ECX,ECX
\JNE SHORT 00407AE0
MOV EDX,DWORD PTR SS:[LOCAL.36]
MOV EAX,DWORD PTR DS:[EDX]
MOV DWORD PTR SS:[LOCAL.8],EAX
MOV ECX,DWORD PTR SS:[LOCAL.8]
MOV EDX,DWORD PTR SS:[LOCAL.7]
MOV DWORD PTR SS:[LOCAL.6],ECX
MOV DWORD PTR SS:[LOCAL.5],EDX
MOV EAX,DWORD PTR SS:[LOCAL.1]
PUSH EAX

; /Arg5 =>

MOV ECX,DWORD PTR SS:[LOCAL.2]


PUSH ECX

; |
; |Arg4 =>

MOV EDX,DWORD PTR SS:[LOCAL.5]


PUSH EDX

; |
; |Arg3 =>

MOV EAX,DWORD PTR SS:[LOCAL.6]


PUSH EAX

; |
; |Arg2 =>

LEA ECX,[LOCAL.10]
PUSH ECX

; |
; |Arg1 =>

MOV ECX,DWORD PTR SS:[LOCAL.36]


CALL 004081E0

; |
; \SystemIn

MOV EDX,DWORD
MOV EAX,DWORD
MOV DWORD PTR
MOV ECX,DWORD
MOV EDX,DWORD
MOV DWORD PTR
MOV EAX,DWORD
PUSH EAX
CALL 0042E91A
ADD ESP,4
MOV ECX,DWORD
MOV DWORD PTR
MOV EDX,DWORD
MOV DWORD PTR
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3

PTR SS:[LOCAL.36]
PTR DS:[EDX+18]
SS:[LOCAL.34],EAX
PTR SS:[LOCAL.36]
PTR DS:[ECX+18]
SS:[LOCAL.35],EDX
PTR SS:[LOCAL.35]

PTR SS:[LOCAL.36]
DS:[ECX+18],0
PTR SS:[LOCAL.36]
DS:[EDX+1C],0

00407B6D
CC
INT3
00407B6E
CC
INT3
00407B6F
CC
INT3
00407B70 /$ 55
PUSH EBP
o.00407B70(guessed Arg1,Arg2,Arg3,Arg4)
00407B71 |. 8BEC
MOV EBP,ESP
00407B73 |. 83EC 34
SUB ESP,34
00407B76 |. 894D D0
MOV DWORD PTR SS:[LOCAL.12],ECX
00407B79 |. 8B45 D0
MOV EAX,DWORD PTR SS:[LOCAL.12]
00407B7C |. 8B4D D0
MOV ECX,DWORD PTR SS:[LOCAL.12]
00407B7F |. 8B40 10
MOV EAX,DWORD PTR DS:[EAX+10]
00407B82 |. 2B41 0C
SUB EAX,DWORD PTR DS:[ECX+0C]
00407B85 |. 99
CDQ
00407B86 |. B9 28000000 MOV ECX,28
00407B8B |. F7F9
IDIV ECX
00407B8D |. 85C0
TEST EAX,EAX
00407B8F |. 75 09
JNE SHORT 00407B9A
00407B91 |. C745 CC 00000 MOV DWORD PTR SS:[LOCAL.13],0
00407B98 |. EB 7F
JMP SHORT 00407C19
00407B9A |> 8B55 D0
MOV EDX,DWORD PTR SS:[LOCAL.12]
00407B9D |. 8B42 0C
MOV EAX,DWORD PTR DS:[EDX+0C]
00407BA0 |. 8945 E8
MOV DWORD PTR SS:[LOCAL.6],EAX
00407BA3 |. C745 F4 00000 MOV DWORD PTR SS:[LOCAL.3],0
00407BAA |. 837D D0 00
CMP DWORD PTR SS:[LOCAL.12],0
00407BAE |. 74 16
JE SHORT 00407BC6
00407BB0 |. 8B4D D0
MOV ECX,DWORD PTR SS:[LOCAL.12]
00407BB3 |. 8B51 0C
MOV EDX,DWORD PTR DS:[ECX+0C]
00407BB6 |. 3B55 E8
CMP EDX,DWORD PTR SS:[LOCAL.6]
00407BB9 |. 77 0B
JA SHORT 00407BC6
00407BBB |. 8B45 D0
MOV EAX,DWORD PTR SS:[LOCAL.12]
00407BBE |. 8B4D E8
MOV ECX,DWORD PTR SS:[LOCAL.6]
00407BC1 |. 3B48 10
CMP ECX,DWORD PTR DS:[EAX+10]
00407BC4 |. 76 05
JBE SHORT 00407BCB
00407BC6 |> E8 BD6C0200 CALL 0042E888
00407BCB |> 33D2
/XOR EDX,EDX
00407BCD |.^ 75 FC
\JNE SHORT 00407BCB
00407BCF |. 8B45 D0
MOV EAX,DWORD PTR SS:[LOCAL.12]
00407BD2 |. 8B08
MOV ECX,DWORD PTR DS:[EAX]
00407BD4 |. 894D F4
MOV DWORD PTR SS:[LOCAL.3],ECX
00407BD7 |. 8B55 E8
MOV EDX,DWORD PTR SS:[LOCAL.6]
00407BDA |. 8955 F8
MOV DWORD PTR SS:[LOCAL.2],EDX
00407BDD |. 33C0
XOR EAX,EAX
00407BDF |. 837D 0C 00
CMP DWORD PTR SS:[ARG.2],0
00407BE3 |. 0F95C0
SETNE AL
00407BE6 |. 0FB6C8
MOVZX ECX,AL
00407BE9 |. 85C9
TEST ECX,ECX
00407BEB |. 74 12
JE SHORT 00407BFF
00407BED |. 8B55 0C
MOV EDX,DWORD PTR SS:[ARG.2]
00407BF0 |. 33C0
XOR EAX,EAX
00407BF2 |. 3B55 F4
CMP EDX,DWORD PTR SS:[LOCAL.3]
00407BF5 |. 0F94C0
SETE AL
00407BF8 |. 0FB6C8
MOVZX ECX,AL
00407BFB |. 85C9
TEST ECX,ECX
00407BFD |. 75 05
JNE SHORT 00407C04
00407BFF |> E8 846C0200 CALL 0042E888
00407C04 |> 33D2
/XOR EDX,EDX
00407C06 |.^ 75 FC
\JNE SHORT 00407C04
00407C08 |. 8B45 10
MOV EAX,DWORD PTR SS:[ARG.3]
00407C0B |. 2B45 F8
SUB EAX,DWORD PTR SS:[LOCAL.2]
00407C0E |. 99
CDQ

; SystemInf

00407C0F |.
00407C14 |.
00407C16 |.
00407C19 |>
00407C1C |.
00407C1F |.
00407C22 |.
[ARG.4]
00407C23 |.
00407C25 |.
00407C28 |.
[ARG.3]
00407C29 |.
00407C2C |.
[ARG.2]
00407C2D |.
00407C30 |.
fo.00408EC0
00407C35 |.
00407C38 |.
00407C3B |.
00407C3E |.
00407C45 |.
00407C49 |.
00407C4B |.
00407C4E |.
00407C51 |.
00407C54 |.
00407C56 |.
00407C59 |.
00407C5C |.
00407C5F |.
00407C61 |>
00407C66 |>
00407C68 |.^
00407C6A |.
00407C6D |.
00407C6F |.
00407C72 |.
00407C75 |.
00407C78 |.
00407C7B |.
00407C7E |.
00407C81 |.
00407C84 |.
00407C87 |.
00407C88 |.
00407C8B |.
fo.0040A810
00407C90 |.
00407C93 |.
00407C96 |.
00407C99 |.
00407C9B |.
00407C9E |.
00407CA1 |.
00407CA3 |.
00407CA4 \.
00407CA7
00407CA8

B9 28000000
F7F9
8945 CC
8B55 CC
8955 FC
8B45 14
50

MOV ECX,28
IDIV ECX
MOV DWORD PTR
MOV EDX,DWORD
MOV DWORD PTR
MOV EAX,DWORD
PUSH EAX

6A 01
8B4D 10
51

PUSH 1
MOV ECX,DWORD PTR SS:[ARG.3]
PUSH ECX

; |Arg3 = 1
; |
; |Arg2 =>

8B55 0C
52

MOV EDX,DWORD PTR SS:[ARG.2]


PUSH EDX

; |
; |Arg1 =>

8B4D D0
E8 8B120000

MOV ECX,DWORD PTR SS:[LOCAL.12]


CALL 00408EC0

; |
; \SystemIn

8B45 D0
8B48 0C
894D E4
C745 EC 00000
837D D0 00
74 16
8B55 D0
8B42 0C
3B45 E4
77 0B
8B4D D0
8B55 E4
3B51 10
76 05
E8 226C0200
33C0
75 FC
8B4D D0
8B11
8955 EC
8B45 E4
8945 F0
8B4D EC
8B55 F0
894D DC
8955 E0
8B45 FC
50
8D4D DC
E8 802B0000

MOV EAX,DWORD PTR SS:[LOCAL.12]


MOV ECX,DWORD PTR DS:[EAX+0C]
MOV DWORD PTR SS:[LOCAL.7],ECX
MOV DWORD PTR SS:[LOCAL.5],0
CMP DWORD PTR SS:[LOCAL.12],0
JE SHORT 00407C61
MOV EDX,DWORD PTR SS:[LOCAL.12]
MOV EAX,DWORD PTR DS:[EDX+0C]
CMP EAX,DWORD PTR SS:[LOCAL.7]
JA SHORT 00407C61
MOV ECX,DWORD PTR SS:[LOCAL.12]
MOV EDX,DWORD PTR SS:[LOCAL.7]
CMP EDX,DWORD PTR DS:[ECX+10]
JBE SHORT 00407C66
CALL 0042E888
/XOR EAX,EAX
\JNE SHORT 00407C66
MOV ECX,DWORD PTR SS:[LOCAL.12]
MOV EDX,DWORD PTR DS:[ECX]
MOV DWORD PTR SS:[LOCAL.5],EDX
MOV EAX,DWORD PTR SS:[LOCAL.7]
MOV DWORD PTR SS:[LOCAL.4],EAX
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV EDX,DWORD PTR SS:[LOCAL.4]
MOV DWORD PTR SS:[LOCAL.9],ECX
MOV DWORD PTR SS:[LOCAL.8],EDX
MOV EAX,DWORD PTR SS:[LOCAL.1]
PUSH EAX
LEA ECX,[LOCAL.9]
CALL 0040A810

; /Arg1
; |
; \SystemIn

8B4D DC
8B55 E0
8B45 08
8908
8950 04
8B45 08
8BE5
5D
C2 1000
CC
CC

MOV ECX,DWORD
MOV EDX,DWORD
MOV EAX,DWORD
MOV DWORD PTR
MOV DWORD PTR
MOV EAX,DWORD
MOV ESP,EBP
POP EBP
RETN 10
INT3
INT3

SS:[LOCAL.13],EAX
PTR SS:[LOCAL.13]
SS:[LOCAL.1],EDX
PTR SS:[ARG.4]
; /Arg4 =>

PTR SS:[LOCAL.9]
PTR SS:[LOCAL.8]
PTR SS:[ARG.1]
DS:[EAX],ECX
DS:[EAX+4],EDX
PTR SS:[ARG.1]

00407CA9
CC
00407CAA
CC
00407CAB
CC
00407CAC
CC
00407CAD
CC
00407CAE
CC
00407CAF
CC
00407CB0 /$ 55
o.00407CB0(guessed Arg1)
00407CB1 |. 8BEC
00407CB3 |. 81EC 98000000
00407CB9 |. 898D 6CFFFFFF
00407CBF |. 8B85 6CFFFFFF
00407CC5 |. C740 0C 00000
00407CCC |. 8B8D 6CFFFFFF
00407CD2 |. C741 10 00000
00407CD9 |. 8B95 6CFFFFFF
00407CDF |. C742 14 00000
00407CE6 |. 837D 08 00
00407CEA |. 75 06
00407CEC |. 32C0
00407CEE |. EB 79
00407CF0 |. EB 75
00407CF2 |> C745 FC 66666
00407CF9 |. 837D FC 00
00407CFD |. 76 0B
00407CFF |. 8B45 FC
00407D02 |. 8985 68FFFFFF
00407D08 |. EB 0A
00407D0A |> C785 68FFFFFF
00407D14 |> 8B8D 68FFFFFF
00407D1A |. 3B4D 08
00407D1D |. 73 07
00407D1F |. E8 1C1C0000
00407D24 |. EB 41
00407D26 |> 6A 00
00407D28 |. 8B55 08
00407D2B |. 52
00407D2C |. E8 6F390000
00407D31 |. 83C4 08
00407D34 |. 8B8D 6CFFFFFF
00407D3A |. 8941 0C
00407D3D |. 8B95 6CFFFFFF
00407D43 |. 8B85 6CFFFFFF
00407D49 |. 8B48 0C
00407D4C |. 894A 10
00407D4F |. 8B55 08
00407D52 |. 6BD2 28
00407D55 |. 8B85 6CFFFFFF
00407D5B |. 0350 0C
00407D5E |. 8B8D 6CFFFFFF
00407D64 |. 8951 14
00407D67 |> B0 01
00407D69 |> 8BE5
00407D6B |. 5D
00407D6C \. C2 0400
00407D6F
CC
00407D70 /$ 55
00407D71 |. 8BEC
00407D73 |. 83EC 48

INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
SUB ESP,98
MOV DWORD PTR SS:[LOCAL.37],ECX
MOV EAX,DWORD PTR SS:[LOCAL.37]
MOV DWORD PTR DS:[EAX+0C],0
MOV ECX,DWORD PTR SS:[LOCAL.37]
MOV DWORD PTR DS:[ECX+10],0
MOV EDX,DWORD PTR SS:[LOCAL.37]
MOV DWORD PTR DS:[EDX+14],0
CMP DWORD PTR SS:[ARG.1],0
JNE SHORT 00407CF2
XOR AL,AL
JMP SHORT 00407D69
JMP SHORT 00407D67
MOV DWORD PTR SS:[LOCAL.1],6666666
CMP DWORD PTR SS:[LOCAL.1],0
JBE SHORT 00407D0A
MOV EAX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR SS:[LOCAL.38],EAX
JMP SHORT 00407D14
MOV DWORD PTR SS:[LOCAL.38],1
MOV ECX,DWORD PTR SS:[LOCAL.38]
CMP ECX,DWORD PTR SS:[ARG.1]
JNB SHORT 00407D26
CALL 00409940
JMP SHORT 00407D67
PUSH 0
MOV EDX,DWORD PTR SS:[ARG.1]
PUSH EDX
CALL 0040B6A0
ADD ESP,8
MOV ECX,DWORD PTR SS:[LOCAL.37]
MOV DWORD PTR DS:[ECX+0C],EAX
MOV EDX,DWORD PTR SS:[LOCAL.37]
MOV EAX,DWORD PTR SS:[LOCAL.37]
MOV ECX,DWORD PTR DS:[EAX+0C]
MOV DWORD PTR DS:[EDX+10],ECX
MOV EDX,DWORD PTR SS:[ARG.1]
IMUL EDX,EDX,28
MOV EAX,DWORD PTR SS:[LOCAL.37]
ADD EDX,DWORD PTR DS:[EAX+0C]
MOV ECX,DWORD PTR SS:[LOCAL.37]
MOV DWORD PTR DS:[ECX+14],EDX
MOV AL,1
MOV ESP,EBP
POP EBP
RETN 4
INT3
PUSH EBP
MOV EBP,ESP
SUB ESP,48

; SystemInf

00407D76
00407D79
00407D7C
00407D80
00407D82
00407D85
00407D88
00407D8B
00407D8E
00407D91
00407D94
00407D97
00407D9A
00407D9D
00407DA0
00407DA3
00407DA6
00407DA9
00407DAC
00407DAF
00407DB2
00407DB4
00407DB7
00407DBA
00407DBD
00407DC0
00407DC3
00407DC5
00407DC8
00407DC9
00407DCE
00407DD1
00407DD3
00407DD6
00407DD9
00407DDC
00407DDF
00407DE0
00407DE5
00407DE7
00407DEA
00407DED
00407DF0
00407DF3
00407DF6
00407DF7
00407DFC
00407DFF
00407E02
00407E09
00407E0C
00407E13
00407E16
00407E1D
00407E1F
00407E20
00407E21
00407E22
00407E23
00407E24

|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.^
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
\.

894D B8
8B45 B8
8378 0C 00
74 7D
8B4D B8
8B51 10
8955 C4
8B45 B8
8B48 0C
894D C8
8B55 C4
8955 CC
8B45 C8
8945 D0
8A4D FE
884D FF
8B55 CC
8955 D4
8B45 D0
8945 D8
EB 09
8B4D D8
83C1 28
894D D8
8B55 D8
3B55 D4
74 0E
8B45 D8
50
E8 F26A0000
83C4 04
EB E1
8B4D B8
8B55 B8
8B41 14
2B42 0C
99
B9 28000000
F7F9
8945 BC
8B55 B8
8B42 0C
8945 C0
8B4D C0
51
E8 1E6B0200
83C4 04
8B55 B8
C742 0C 00000
8B45 B8
C740 10 00000
8B4D B8
C741 14 00000
8BE5
5D
C3
CC
CC
CC
CC

MOV DWORD PTR SS:[LOCAL.18],ECX


MOV EAX,DWORD PTR SS:[LOCAL.18]
CMP DWORD PTR DS:[EAX+0C],0
JE SHORT 00407DFF
MOV ECX,DWORD PTR SS:[LOCAL.18]
MOV EDX,DWORD PTR DS:[ECX+10]
MOV DWORD PTR SS:[LOCAL.15],EDX
MOV EAX,DWORD PTR SS:[LOCAL.18]
MOV ECX,DWORD PTR DS:[EAX+0C]
MOV DWORD PTR SS:[LOCAL.14],ECX
MOV EDX,DWORD PTR SS:[LOCAL.15]
MOV DWORD PTR SS:[LOCAL.13],EDX
MOV EAX,DWORD PTR SS:[LOCAL.14]
MOV DWORD PTR SS:[LOCAL.12],EAX
MOV CL,BYTE PTR SS:[LOCAL.1+2]
MOV BYTE PTR SS:[LOCAL.1+3],CL
MOV EDX,DWORD PTR SS:[LOCAL.13]
MOV DWORD PTR SS:[LOCAL.11],EDX
MOV EAX,DWORD PTR SS:[LOCAL.12]
MOV DWORD PTR SS:[LOCAL.10],EAX
JMP SHORT 00407DBD
/MOV ECX,DWORD PTR SS:[LOCAL.10]
|ADD ECX,28
|MOV DWORD PTR SS:[LOCAL.10],ECX
|MOV EDX,DWORD PTR SS:[LOCAL.10]
|CMP EDX,DWORD PTR SS:[LOCAL.11]
|JE SHORT 00407DD3
|MOV EAX,DWORD PTR SS:[LOCAL.10]
|PUSH EAX
|CALL 0040E8C0
|ADD ESP,4
\JMP SHORT 00407DB4
MOV ECX,DWORD PTR SS:[LOCAL.18]
MOV EDX,DWORD PTR SS:[LOCAL.18]
MOV EAX,DWORD PTR DS:[ECX+14]
SUB EAX,DWORD PTR DS:[EDX+0C]
CDQ
MOV ECX,28
IDIV ECX
MOV DWORD PTR SS:[LOCAL.17],EAX
MOV EDX,DWORD PTR SS:[LOCAL.18]
MOV EAX,DWORD PTR DS:[EDX+0C]
MOV DWORD PTR SS:[LOCAL.16],EAX
MOV ECX,DWORD PTR SS:[LOCAL.16]
PUSH ECX
CALL 0042E91A
ADD ESP,4
MOV EDX,DWORD PTR SS:[LOCAL.18]
MOV DWORD PTR DS:[EDX+0C],0
MOV EAX,DWORD PTR SS:[LOCAL.18]
MOV DWORD PTR DS:[EAX+10],0
MOV ECX,DWORD PTR SS:[LOCAL.18]
MOV DWORD PTR DS:[ECX+14],0
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
INT3

00407E25
CC
INT3
00407E26
CC
INT3
00407E27
CC
INT3
00407E28
CC
INT3
00407E29
CC
INT3
00407E2A
CC
INT3
00407E2B
CC
INT3
00407E2C
CC
INT3
00407E2D
CC
INT3
00407E2E
CC
INT3
00407E2F
CC
INT3
00407E30 /$ 55
PUSH EBP
o.00407E30(guessed Arg1,Arg2,Arg3)
00407E31 |. 8BEC
MOV EBP,ESP
00407E33 |. 83EC 24
SUB ESP,24
00407E36 |. 894D DC
MOV DWORD PTR SS:[LOCAL.9],ECX
00407E39 |. 8B45 DC
MOV EAX,DWORD PTR SS:[LOCAL.9]
00407E3C |. C740 3C 00000 MOV DWORD PTR DS:[EAX+3C],0
00407E43 |. 8B4D DC
MOV ECX,DWORD PTR SS:[LOCAL.9]
00407E46 |. 8B55 10
MOV EDX,DWORD PTR SS:[ARG.3]
00407E49 |. 8951 40
MOV DWORD PTR DS:[ECX+40],EDX
00407E4C |. 837D 0C 00
CMP DWORD PTR SS:[ARG.2],0
00407E50 |. 0F84 0F010000 JE 00407F65
00407E56 |. 8B45 DC
MOV EAX,DWORD PTR SS:[LOCAL.9]
00407E59 |. 8B48 40
MOV ECX,DWORD PTR DS:[EAX+40]
00407E5C |. 83E1 06
AND ECX,00000006
00407E5F |. 83F9 06
CMP ECX,6
00407E62 |. 0F84 FD000000 JE 00407F65
00407E68 |. 6A 00
PUSH 0
00407E6A |. 8B55 0C
MOV EDX,DWORD PTR SS:[ARG.2]
00407E6D |. 52
PUSH EDX
00407E6E |. E8 4D840000 CALL 004102C0
00407E73 |. 83C4 08
ADD ESP,8
00407E76 |. 8945 FC
MOV DWORD PTR SS:[LOCAL.1],EAX
00407E79 |. 8A45 EA
MOV AL,BYTE PTR SS:[LOCAL.6+2]
00407E7C |. 8845 EB
MOV BYTE PTR SS:[LOCAL.6+3],AL
00407E7F |. 8B4D 0C
MOV ECX,DWORD PTR SS:[ARG.2]
00407E82 |. 51
PUSH ECX
[ARG.2]
00407E83 |. 8B55 08
MOV EDX,DWORD PTR SS:[ARG.1]
00407E86 |. 52
PUSH EDX
[ARG.1]
00407E87 |. 8B45 0C
MOV EAX,DWORD PTR SS:[ARG.2]
00407E8A |. 50
PUSH EAX
[ARG.2]
00407E8B |. 8B4D FC
MOV ECX,DWORD PTR SS:[LOCAL.1]
00407E8E |. 51
PUSH ECX
[LOCAL.1]
00407E8F |. E8 746B0200 CALL 0042EA08
fo.0042EA08
00407E94 |. 83C4 10
ADD ESP,10
00407E97 |. 8B55 FC
MOV EDX,DWORD PTR SS:[LOCAL.1]
00407E9A |. 0355 0C
ADD EDX,DWORD PTR SS:[ARG.2]
00407E9D |. 8B45 DC
MOV EAX,DWORD PTR SS:[LOCAL.9]
00407EA0 |. 8950 3C
MOV DWORD PTR DS:[EAX+3C],EDX
00407EA3 |. 8B4D DC
MOV ECX,DWORD PTR SS:[LOCAL.9]
00407EA6 |. 8B51 40
MOV EDX,DWORD PTR DS:[ECX+40]
00407EA9 |. 83E2 04
AND EDX,00000004
00407EAC |. 75 27
JNE SHORT 00407ED5
00407EAE |. 8B45 DC
MOV EAX,DWORD PTR SS:[LOCAL.9]

; SystemInf

; /Arg4 =>
; |
; |Arg3 =>
; |
; |Arg2 =>
; |
; |Arg1 =>
; \SystemIn

00407EB1
00407EB4
00407EB7
00407EB9
00407EBC
00407EBF
00407EC2
00407EC4
00407EC7
00407ECA
00407ECD
00407ED0
00407ED3
00407ED5
00407ED8
00407EDB
00407EDE
00407EE0
00407EE3
00407EE6
00407EE9
00407EEB
00407EEE
00407EF1
00407EF4
00407EF6
00407EF9
00407EFC
00407EFF
00407F02
00407F05
00407F07
00407F0A
00407F0D
00407F10
00407F12
00407F15
00407F18
00407F1B
00407F1E
00407F21
00407F23
00407F26
00407F29
00407F2B
00407F2E
00407F32
00407F34
00407F37
00407F3A
00407F3D
00407F3F
00407F42
00407F45
00407F4B
00407F4E
00407F51
00407F54
00407F56
00407F59

|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.

8B48 10
8B55 FC
8911
8B45 DC
8B48 20
8B55 FC
8911
8B45 FC
0345 0C
2B45 FC
8B4D DC
8B51 30
8902
8B45 DC
8B48 40
83E1 02
75 76
8B55 DC
8B42 40
83E0 10
74 0B
8B4D FC
034D 0C
894D E4
EB 06
8B55 FC
8955 E4
8B45 DC
8B48 14
8B55 FC
8911
8B45 DC
8B48 24
8B55 E4
8911
8B45 FC
0345 0C
2B45 E4
8B4D DC
8B51 34
8902
8B45 DC
8B48 20
8B11
8955 E0
837D E0 00
75 22
8B45 DC
8B48 10
8B55 FC
8911
8B45 DC
8B48 20
C701 00000000
8B55 FC
8B45 DC
8B48 30
8911
8B55 DC
8B42 40

MOV ECX,DWORD PTR DS:[EAX+10]


MOV EDX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR DS:[ECX],EDX
MOV EAX,DWORD PTR SS:[LOCAL.9]
MOV ECX,DWORD PTR DS:[EAX+20]
MOV EDX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR DS:[ECX],EDX
MOV EAX,DWORD PTR SS:[LOCAL.1]
ADD EAX,DWORD PTR SS:[ARG.2]
SUB EAX,DWORD PTR SS:[LOCAL.1]
MOV ECX,DWORD PTR SS:[LOCAL.9]
MOV EDX,DWORD PTR DS:[ECX+30]
MOV DWORD PTR DS:[EDX],EAX
MOV EAX,DWORD PTR SS:[LOCAL.9]
MOV ECX,DWORD PTR DS:[EAX+40]
AND ECX,00000002
JNE SHORT 00407F56
MOV EDX,DWORD PTR SS:[LOCAL.9]
MOV EAX,DWORD PTR DS:[EDX+40]
AND EAX,00000010
JE SHORT 00407EF6
MOV ECX,DWORD PTR SS:[LOCAL.1]
ADD ECX,DWORD PTR SS:[ARG.2]
MOV DWORD PTR SS:[LOCAL.7],ECX
JMP SHORT 00407EFC
MOV EDX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR SS:[LOCAL.7],EDX
MOV EAX,DWORD PTR SS:[LOCAL.9]
MOV ECX,DWORD PTR DS:[EAX+14]
MOV EDX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR DS:[ECX],EDX
MOV EAX,DWORD PTR SS:[LOCAL.9]
MOV ECX,DWORD PTR DS:[EAX+24]
MOV EDX,DWORD PTR SS:[LOCAL.7]
MOV DWORD PTR DS:[ECX],EDX
MOV EAX,DWORD PTR SS:[LOCAL.1]
ADD EAX,DWORD PTR SS:[ARG.2]
SUB EAX,DWORD PTR SS:[LOCAL.7]
MOV ECX,DWORD PTR SS:[LOCAL.9]
MOV EDX,DWORD PTR DS:[ECX+34]
MOV DWORD PTR DS:[EDX],EAX
MOV EAX,DWORD PTR SS:[LOCAL.9]
MOV ECX,DWORD PTR DS:[EAX+20]
MOV EDX,DWORD PTR DS:[ECX]
MOV DWORD PTR SS:[LOCAL.8],EDX
CMP DWORD PTR SS:[LOCAL.8],0
JNE SHORT 00407F56
MOV EAX,DWORD PTR SS:[LOCAL.9]
MOV ECX,DWORD PTR DS:[EAX+10]
MOV EDX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR DS:[ECX],EDX
MOV EAX,DWORD PTR SS:[LOCAL.9]
MOV ECX,DWORD PTR DS:[EAX+20]
MOV DWORD PTR DS:[ECX],0
MOV EDX,DWORD PTR SS:[LOCAL.1]
MOV EAX,DWORD PTR SS:[LOCAL.9]
MOV ECX,DWORD PTR DS:[EAX+30]
MOV DWORD PTR DS:[ECX],EDX
MOV EDX,DWORD PTR SS:[LOCAL.9]
MOV EAX,DWORD PTR DS:[EDX+40]

00407F5C |. 83C8 01
OR EAX,00000001
00407F5F |. 8B4D DC
MOV ECX,DWORD PTR SS:[LOCAL.9]
00407F62 |. 8941 40
MOV DWORD PTR DS:[ECX+40],EAX
00407F65 |> 8BE5
MOV ESP,EBP
00407F67 |. 5D
POP EBP
00407F68 \. C2 0C00
RETN 0C
00407F6B
CC
INT3
00407F6C
CC
INT3
00407F6D
CC
INT3
00407F6E
CC
INT3
00407F6F
CC
INT3
00407F70 /$ 55
PUSH EBP
o.00407F70(guessed Arg1,Arg2)
00407F71 |. 8BEC
MOV EBP,ESP
00407F73 |. 81EC B4000000 SUB ESP,0B4
00407F79 |. 898D 50FFFFFF MOV DWORD PTR SS:[LOCAL.44],ECX
00407F7F |. 8B85 50FFFFFF MOV EAX,DWORD PTR SS:[LOCAL.44]
00407F85 |. 8B48 18
MOV ECX,DWORD PTR DS:[EAX+18]
00407F88 |. 8B51 04
MOV EDX,DWORD PTR DS:[ECX+4]
00407F8B |. 8955 F4
MOV DWORD PTR SS:[LOCAL.3],EDX
00407F8E |. 8B85 50FFFFFF MOV EAX,DWORD PTR SS:[LOCAL.44]
00407F94 |. 8B48 18
MOV ECX,DWORD PTR DS:[EAX+18]
00407F97 |. 894D F8
MOV DWORD PTR SS:[LOCAL.2],ECX
00407F9A |. C645 FF 01
MOV BYTE PTR SS:[LOCAL.1+3],1
00407F9E |> 8B55 F4
/MOV EDX,DWORD PTR SS:[LOCAL.3]
00407FA1 |. 0FBE42 5D
|MOVSX EAX,BYTE PTR DS:[EDX+5D]
00407FA5 |. 85C0
|TEST EAX,EAX
00407FA7 |. 75 59
|JNE SHORT 00408002
00407FA9 |. 8B4D F4
|MOV ECX,DWORD PTR SS:[LOCAL.3]
00407FAC |. 894D F8
|MOV DWORD PTR SS:[LOCAL.2],ECX
00407FAF |. 8B4D F4
|MOV ECX,DWORD PTR SS:[LOCAL.3]
00407FB2 |. 83C1 0C
|ADD ECX,0C
00407FB5 |. E8 F6660000 |CALL 0040E6B0
00407FBA |. 50
|PUSH EAX
00407FBB |. 8B4D 0C
|MOV ECX,DWORD PTR SS:[ARG.2]
00407FBE |. E8 ED660000 |CALL 0040E6B0
00407FC3 |. 50
|PUSH EAX
00407FC4 |. E8 B7690200 |CALL 0042E980
fo.0042E980
00407FC9 |. 83C4 08
|ADD ESP,8
00407FCC |. 33D2
|XOR EDX,EDX
00407FCE |. 85C0
|TEST EAX,EAX
00407FD0 |. 0F9CC2
|SETL DL
00407FD3 |. 8855 FF
|MOV BYTE PTR SS:[LOCAL.1+3],DL
00407FD6 |. 0FB645 FF
|MOVZX EAX,BYTE PTR SS:[LOCAL.1+3]
00407FDA |. 85C0
|TEST EAX,EAX
00407FDC |. 74 0D
|JE SHORT 00407FEB
00407FDE |. 8B4D F4
|MOV ECX,DWORD PTR SS:[LOCAL.3]
00407FE1 |. 8B11
|MOV EDX,DWORD PTR DS:[ECX]
00407FE3 |. 8995 4CFFFFFF |MOV DWORD PTR SS:[LOCAL.45],EDX
00407FE9 |. EB 0C
|JMP SHORT 00407FF7
00407FEB |> 8B45 F4
|MOV EAX,DWORD PTR SS:[LOCAL.3]
00407FEE |. 8B48 08
|MOV ECX,DWORD PTR DS:[EAX+8]
00407FF1 |. 898D 4CFFFFFF |MOV DWORD PTR SS:[LOCAL.45],ECX
00407FF7 |> 8B95 4CFFFFFF |MOV EDX,DWORD PTR SS:[LOCAL.45]
00407FFD |. 8955 F4
|MOV DWORD PTR SS:[LOCAL.3],EDX
00408000 |.^ EB 9C
\JMP SHORT 00407F9E
00408002 |> 33C0
XOR EAX,EAX
00408004 |. 74 4F
JE SHORT 00408055
00408006 |. C645 EB 01
MOV BYTE PTR SS:[LOCAL.6+3],1

; SystemInf

;
;
;
;
;

/Arg2
|
|
|Arg1
\SystemIn

0040800A |. 8B4D 0C
0040800D |. 51
[ARG.2]
0040800E |. 8B55 F8
00408011 |. 52
[LOCAL.2]
00408012 |. 0FB645 FF
00408016 |. 50
00408017 |. 8D4D E0
0040801A |. 51
OFFSET LOCAL.8
0040801B |. 8B8D 50FFFFFF
00408021 |. E8 3A070000
fo.00408760
00408026 |. 8985 68FFFFFF
0040802C |. 8B95 68FFFFFF
00408032 |. 8B02
00408034 |. 8B4A 04
00408037 |. 8B55 08
0040803A |. 8902
0040803C |. 894A 04
0040803F |. 8B45 08
00408042 |. 8A4D EB
00408045 |. 8848 08
00408048 |. 8B45 08
0040804B |. E9 84010000
00408050 |. E9 7F010000
00408055 |> 8B95 50FFFFFF
0040805B |. 52
ARG.ECX
0040805C |. 8B45 F8
0040805F |. 50
[LOCAL.2]
00408060 |. 8D4D EC
00408063 |. E8 88100200
fo.004290F0
00408068 |. 0FB64D FF
0040806C |. 85C9
0040806E |. 75 05
00408070 |. E9 C1000000
00408075 |> 8B95 50FFFFFF
0040807B |. 8B42 18
0040807E |. 8985 64FFFFFF
00408084 |. 8B8D 64FFFFFF
0040808A |. 8B11
0040808C |. 8995 60FFFFFF
00408092 |. 8B85 50FFFFFF
00408098 |. 50
ARG.ECX
00408099 |. 8B8D 60FFFFFF
0040809F |. 51
[LOCAL.40]
004080A0 |. 8D4D D8
004080A3 |. E8 48100200
fo.004290F0
004080A8 |. 33D2
004080AA |. 837D EC 00
004080AE |. 0F95C2
004080B1 |. 0FB6C2
004080B4 |. 85C0

MOV ECX,DWORD PTR SS:[ARG.2]


PUSH ECX

; /Arg4 =>

MOV EDX,DWORD PTR SS:[LOCAL.2]


PUSH EDX

; |
; |Arg3 =>

MOVZX EAX,BYTE PTR SS:[LOCAL.1+3]


PUSH EAX
LEA ECX,[LOCAL.8]
PUSH ECX

;
;
;
;

MOV ECX,DWORD PTR SS:[LOCAL.44]


CALL 00408760

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.38],EAX


MOV EDX,DWORD PTR SS:[LOCAL.38]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR DS:[EDX+4]
MOV EDX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR DS:[EDX],EAX
MOV DWORD PTR DS:[EDX+4],ECX
MOV EAX,DWORD PTR SS:[ARG.1]
MOV CL,BYTE PTR SS:[LOCAL.6+3]
MOV BYTE PTR DS:[EAX+8],CL
MOV EAX,DWORD PTR SS:[ARG.1]
JMP 004081D4
JMP 004081D4
MOV EDX,DWORD PTR SS:[LOCAL.44]
PUSH EDX

; /Arg2 =>

MOV EAX,DWORD PTR SS:[LOCAL.2]


PUSH EAX

; |
; |Arg1 =>

LEA ECX,[LOCAL.5]
CALL 004290F0

; |
; \SystemIn

MOVZX ECX,BYTE PTR SS:[LOCAL.1+3]


TEST ECX,ECX
JNE SHORT 00408075
JMP 00408136
MOV EDX,DWORD PTR SS:[LOCAL.44]
MOV EAX,DWORD PTR DS:[EDX+18]
MOV DWORD PTR SS:[LOCAL.39],EAX
MOV ECX,DWORD PTR SS:[LOCAL.39]
MOV EDX,DWORD PTR DS:[ECX]
MOV DWORD PTR SS:[LOCAL.40],EDX
MOV EAX,DWORD PTR SS:[LOCAL.44]
PUSH EAX

; /Arg2 =>

MOV ECX,DWORD PTR SS:[LOCAL.40]


PUSH ECX

; |
; |Arg1 =>

LEA ECX,[LOCAL.10]
CALL 004290F0

; |
; \SystemIn

XOR EDX,EDX
CMP DWORD PTR SS:[LOCAL.5],0
SETNE DL
MOVZX EAX,DL
TEST EAX,EAX

|
|Arg2
|
|Arg1 =>

004080B6 |. 74 12
004080B8 |. 8B4D EC
004080BB |. 33D2
004080BD |. 3B4D D8
004080C0 |. 0F94C2
004080C3 |. 0FB6C2
004080C6 |. 85C0
004080C8 |. 75 05
004080CA |> E8 B9670200
004080CF |> 33C9
004080D1 |.^ 75 FC
004080D3 |. 8B55 F0
004080D6 |. 33C0
004080D8 |. 3B55 DC
004080DB |. 0F94C0
004080DE |. 0FB6C8
004080E1 |. 85C9
004080E3 |. 74 49
004080E5 |. C645 D7 01
004080E9 |. 8B55 0C
004080EC |. 52
[ARG.2]
004080ED |. 8B45 F8
004080F0 |. 50
[LOCAL.2]
004080F1 |. 6A 01
004080F3 |. 8D4D CC
004080F6 |. 51
OFFSET LOCAL.13
004080F7 |. 8B8D 50FFFFFF
004080FD |. E8 5E060000
fo.00408760
00408102 |. 8985 5CFFFFFF
00408108 |. 8B95 5CFFFFFF
0040810E |. 8B02
00408110 |. 8B4A 04
00408113 |. 8B55 08
00408116 |. 8902
00408118 |. 894A 04
0040811B |. 8B45 08
0040811E |. 8A4D D7
00408121 |. 8848 08
00408124 |. 8B45 08
00408127 |. E9 A8000000
0040812C |. EB 08
0040812E |> 8D4D EC
00408131 |. E8 7A240000
00408136 |> 8B55 F0
00408139 |. 8995 58FFFFFF
0040813F |. 8B4D 0C
00408142 |. E8 69650000
00408147 |. 50
00408148 |. 8B8D 58FFFFFF
0040814E |. 83C1 0C
00408151 |. E8 5A650000
00408156 |. 50
00408157 |. E8 24680200
fo.0042E980
0040815C |. 83C4 08
0040815F |. 33C9

JE SHORT 004080CA
MOV ECX,DWORD PTR SS:[LOCAL.5]
XOR EDX,EDX
CMP ECX,DWORD PTR SS:[LOCAL.10]
SETE DL
MOVZX EAX,DL
TEST EAX,EAX
JNE SHORT 004080CF
CALL 0042E888
/XOR ECX,ECX
\JNE SHORT 004080CF
MOV EDX,DWORD PTR SS:[LOCAL.4]
XOR EAX,EAX
CMP EDX,DWORD PTR SS:[LOCAL.9]
SETE AL
MOVZX ECX,AL
TEST ECX,ECX
JE SHORT 0040812E
MOV BYTE PTR SS:[LOCAL.11+3],1
MOV EDX,DWORD PTR SS:[ARG.2]
PUSH EDX

; /Arg4 =>

MOV EAX,DWORD PTR SS:[LOCAL.2]


PUSH EAX

; |
; |Arg3 =>

PUSH 1
LEA ECX,[LOCAL.13]
PUSH ECX

; |Arg2 = 1
; |
; |Arg1 =>

MOV ECX,DWORD PTR SS:[LOCAL.44]


CALL 00408760

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.41],EAX


MOV EDX,DWORD PTR SS:[LOCAL.41]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR DS:[EDX+4]
MOV EDX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR DS:[EDX],EAX
MOV DWORD PTR DS:[EDX+4],ECX
MOV EAX,DWORD PTR SS:[ARG.1]
MOV CL,BYTE PTR SS:[LOCAL.11+3]
MOV BYTE PTR DS:[EAX+8],CL
MOV EAX,DWORD PTR SS:[ARG.1]
JMP 004081D4
JMP SHORT 00408136
LEA ECX,[LOCAL.5]
CALL 0040A5B0
MOV EDX,DWORD PTR SS:[EBP-10]
MOV DWORD PTR SS:[EBP-0A8],EDX
MOV ECX,DWORD PTR SS:[EBP+0C]
CALL 0040E6B0
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP-0A8]
ADD ECX,0C
CALL 0040E6B0
PUSH EAX
CALL 0042E980

;
;
;
;
;
;

ADD ESP,8
XOR ECX,ECX

/Arg2
|
|
|
|Arg1
\SystemIn

00408161 |. 85C0
TEST EAX,EAX
00408163 |. 0F9CC1
SETL CL
00408166 |. 0FB6D1
MOVZX EDX,CL
00408169 |. 85D2
TEST EDX,EDX
0040816B |. 74 49
JE SHORT 004081B6
0040816D |. C645 CB 01
MOV BYTE PTR SS:[EBP-35],1
00408171 |. 8B45 0C
MOV EAX,DWORD PTR SS:[EBP+0C]
00408174 |. 50
PUSH EAX
00408175 |. 8B4D F8
MOV ECX,DWORD PTR SS:[EBP-8]
00408178 |. 51
PUSH ECX
00408179 |. 0FB655 FF
MOVZX EDX,BYTE PTR SS:[EBP-1]
0040817D |. 52
PUSH EDX
0040817E |. 8D45 C0
LEA EAX,[EBP-40]
00408181 |. 50
PUSH EAX
00408182 |. 8B8D 50FFFFFF MOV ECX,DWORD PTR SS:[EBP-0B0]
00408188 |. E8 D3050000 CALL 00408760
fo.00408760
0040818D |. 8985 54FFFFFF MOV DWORD PTR SS:[EBP-0AC],EAX
00408193 |. 8B8D 54FFFFFF MOV ECX,DWORD PTR SS:[EBP-0AC]
00408199 |. 8B11
MOV EDX,DWORD PTR DS:[ECX]
0040819B |. 8B41 04
MOV EAX,DWORD PTR DS:[ECX+4]
0040819E |. 8B4D 08
MOV ECX,DWORD PTR SS:[EBP+8]
004081A1 |. 8911
MOV DWORD PTR DS:[ECX],EDX
004081A3 |. 8941 04
MOV DWORD PTR DS:[ECX+4],EAX
004081A6 |. 8B55 08
MOV EDX,DWORD PTR SS:[EBP+8]
004081A9 |. 8A45 CB
MOV AL,BYTE PTR SS:[EBP-35]
004081AC |. 8842 08
MOV BYTE PTR DS:[EDX+8],AL
004081AF |. 8B45 08
MOV EAX,DWORD PTR SS:[EBP+8]
004081B2 |. EB 20
JMP SHORT 004081D4
004081B4 |. EB 1E
JMP SHORT 004081D4
004081B6 |> C645 BF 00
MOV BYTE PTR SS:[EBP-41],0
004081BA |. 8B4D EC
MOV ECX,DWORD PTR SS:[EBP-14]
004081BD |. 8B55 F0
MOV EDX,DWORD PTR SS:[EBP-10]
004081C0 |. 8B45 08
MOV EAX,DWORD PTR SS:[EBP+8]
004081C3 |. 8908
MOV DWORD PTR DS:[EAX],ECX
004081C5 |. 8950 04
MOV DWORD PTR DS:[EAX+4],EDX
004081C8 |. 8B4D 08
MOV ECX,DWORD PTR SS:[EBP+8]
004081CB |. 8A55 BF
MOV DL,BYTE PTR SS:[EBP-41]
004081CE |. 8851 08
MOV BYTE PTR DS:[ECX+8],DL
004081D1 |. 8B45 08
MOV EAX,DWORD PTR SS:[EBP+8]
004081D4 |> 8BE5
MOV ESP,EBP
004081D6 |. 5D
POP EBP
004081D7 \. C2 0800
RETN 8
004081DA
CC
INT3
004081DB
CC
INT3
004081DC
CC
INT3
004081DD
CC
INT3
004081DE
CC
INT3
004081DF
CC
INT3
004081E0 /$ 55
PUSH EBP
o.004081E0(guessed Arg1,Arg2,Arg3,Arg4,Arg5)
004081E1 |. 8BEC
MOV EBP,ESP
004081E3 |. 83EC 54
SUB ESP,54
004081E6 |. 894D AC
MOV DWORD PTR SS:[LOCAL.21],ECX
004081E9 |. 8B45 AC
MOV EAX,DWORD PTR SS:[LOCAL.21]
004081EC |. 8B48 18
MOV ECX,DWORD PTR DS:[EAX+18]
004081EF |. 894D DC
MOV DWORD PTR SS:[LOCAL.9],ECX
004081F2 |. 8B55 DC
MOV EDX,DWORD PTR SS:[LOCAL.9]
004081F5 |. 8B02
MOV EAX,DWORD PTR DS:[EDX]
004081F7 |. 8945 D8
MOV DWORD PTR SS:[LOCAL.10],EAX

;
;
;
;
;
;
;
;
;

/Arg4
|
|Arg3
|
|Arg2
|
|Arg1
|
\SystemIn

; SystemInf

004081FA
00408201
00408204
00408207
0040820B
0040820D
00408212
00408214
00408216
00408219
0040821B
0040821E
00408220
00408224
00408227
0040822A
0040822C
0040822E
00408231
00408233
00408236
00408239
0040823C
0040823E
00408240
00408245
00408247
00408249
0040824C
0040824E
00408251
00408254
00408257
00408259
0040825F
00408262
00408265
00408268
0040826F
00408272
00408275
00408279
0040827B
00408280
00408282
00408284
00408287
00408289
0040828C
0040828E
00408292
00408295
00408298
0040829A
0040829C
0040829F
004082A1
004082A4
004082A7
004082AA

|.
|.
|.
|.
|.
|.
|>
|.^
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|>
|.^
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.^
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.

C745 F8 00000
8B4D D8
894D FC
837D AC 00
75 05
E8 76660200
33D2
75 FC
8B45 AC
8B08
894D F8
33D2
837D 0C 00
0F95C2
0FB6C2
85C0
74 12
8B4D 0C
33D2
3B4D F8
0F94C2
0FB6C2
85C0
75 05
E8 43660200
33C9
75 FC
8B55 10
33C0
3B55 FC
0F94C0
0FB6C8
85C9
0F84 BB000000
8B55 AC
8B42 18
8945 D4
C745 F0 00000
8B4D D4
894D F4
837D AC 00
75 05
E8 08660200
33D2
75 FC
8B45 AC
8B08
894D F0
33D2
837D 14 00
0F95C2
0FB6C2
85C0
74 12
8B4D 14
33D2
3B4D F0
0F94C2
0FB6C2
85C0

MOV DWORD PTR SS:[LOCAL.2],0


MOV ECX,DWORD PTR SS:[LOCAL.10]
MOV DWORD PTR SS:[LOCAL.1],ECX
CMP DWORD PTR SS:[LOCAL.21],0
JNE SHORT 00408212
CALL 0042E888
/XOR EDX,EDX
\JNE SHORT 00408212
MOV EAX,DWORD PTR SS:[LOCAL.21]
MOV ECX,DWORD PTR DS:[EAX]
MOV DWORD PTR SS:[LOCAL.2],ECX
XOR EDX,EDX
CMP DWORD PTR SS:[ARG.2],0
SETNE DL
MOVZX EAX,DL
TEST EAX,EAX
JE SHORT 00408240
MOV ECX,DWORD PTR SS:[ARG.2]
XOR EDX,EDX
CMP ECX,DWORD PTR SS:[LOCAL.2]
SETE DL
MOVZX EAX,DL
TEST EAX,EAX
JNE SHORT 00408245
CALL 0042E888
/XOR ECX,ECX
\JNE SHORT 00408245
MOV EDX,DWORD PTR SS:[ARG.3]
XOR EAX,EAX
CMP EDX,DWORD PTR SS:[LOCAL.1]
SETE AL
MOVZX ECX,AL
TEST ECX,ECX
JE 0040831A
MOV EDX,DWORD PTR SS:[LOCAL.21]
MOV EAX,DWORD PTR DS:[EDX+18]
MOV DWORD PTR SS:[LOCAL.11],EAX
MOV DWORD PTR SS:[LOCAL.4],0
MOV ECX,DWORD PTR SS:[LOCAL.11]
MOV DWORD PTR SS:[LOCAL.3],ECX
CMP DWORD PTR SS:[LOCAL.21],0
JNE SHORT 00408280
CALL 0042E888
/XOR EDX,EDX
\JNE SHORT 00408280
MOV EAX,DWORD PTR SS:[LOCAL.21]
MOV ECX,DWORD PTR DS:[EAX]
MOV DWORD PTR SS:[LOCAL.4],ECX
XOR EDX,EDX
CMP DWORD PTR SS:[ARG.4],0
SETNE DL
MOVZX EAX,DL
TEST EAX,EAX
JE SHORT 004082AE
MOV ECX,DWORD PTR SS:[ARG.4]
XOR EDX,EDX
CMP ECX,DWORD PTR SS:[LOCAL.4]
SETE DL
MOVZX EAX,DL
TEST EAX,EAX

004082AC
004082AE
004082B3
004082B5
004082B7
004082BA
004082BC
004082BF
004082C2
004082C5
004082C7
004082C9
004082CC
004082D1
004082D4
004082D7
004082DA
004082DD
004082DF
004082E2
004082E5
004082EB
004082EE
004082F1
004082F4
004082F8
004082FA
004082FF
00408301
00408303
00408306
00408309
0040830B
0040830D
00408310
00408315
0040831A
0040831C
00408320
00408323
00408326
00408328
0040832A
0040832D
0040832F
00408332
00408335
00408338
0040833A
0040833C
00408341
00408343
00408345
00408348
0040834A
0040834D
00408350
00408353
00408355
00408357

|.
|>
|>
|.^
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.^
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|>
|.^
|.
|.
|.
|.
|.
|.
|.
|.

75 05
E8 D5650200
33C9
75 FC
8B55 18
33C0
3B55 F4
0F94C0
0FB6C8
85C9
74 51
8B4D AC
E8 AF1E0000
8B55 AC
8B42 18
8945 CC
8B4D CC
8B11
8955 C8
8B45 08
C700 00000000
8B4D 08
8B55 C8
8951 04
837D AC 00
75 05
E8 89650200
33C0
75 FC
8B4D 08
8B55 AC
8B02
8901
8B45 08
E9 C3000000
E9 BE000000
33C9
837D 0C 00
0F95C1
0FB6D1
85D2
74 12
8B45 0C
33C9
3B45 14
0F94C1
0FB6D1
85D2
75 05
E8 47650200
33C0
75 FC
8B4D 10
33D2
3B4D 18
0F94C2
0FB6C2
F7D8
1BC0
83C0 01

JNE SHORT 004082B3


CALL 0042E888
/XOR ECX,ECX
\JNE SHORT 004082B3
MOV EDX,DWORD PTR SS:[ARG.5]
XOR EAX,EAX
CMP EDX,DWORD PTR SS:[LOCAL.3]
SETE AL
MOVZX ECX,AL
TEST ECX,ECX
JE SHORT 0040831A
MOV ECX,DWORD PTR SS:[LOCAL.21]
CALL 0040A180
MOV EDX,DWORD PTR SS:[LOCAL.21]
MOV EAX,DWORD PTR DS:[EDX+18]
MOV DWORD PTR SS:[LOCAL.13],EAX
MOV ECX,DWORD PTR SS:[LOCAL.13]
MOV EDX,DWORD PTR DS:[ECX]
MOV DWORD PTR SS:[LOCAL.14],EDX
MOV EAX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR DS:[EAX],0
MOV ECX,DWORD PTR SS:[ARG.1]
MOV EDX,DWORD PTR SS:[LOCAL.14]
MOV DWORD PTR DS:[ECX+4],EDX
CMP DWORD PTR SS:[LOCAL.21],0
JNE SHORT 004082FF
CALL 0042E888
/XOR EAX,EAX
\JNE SHORT 004082FF
MOV ECX,DWORD PTR SS:[ARG.1]
MOV EDX,DWORD PTR SS:[LOCAL.21]
MOV EAX,DWORD PTR DS:[EDX]
MOV DWORD PTR DS:[ECX],EAX
MOV EAX,DWORD PTR SS:[ARG.1]
JMP 004083D8
JMP 004083D8
/XOR ECX,ECX
|CMP DWORD PTR SS:[ARG.2],0
|SETNE CL
|MOVZX EDX,CL
|TEST EDX,EDX
|JE SHORT 0040833C
|MOV EAX,DWORD PTR SS:[ARG.2]
|XOR ECX,ECX
|CMP EAX,DWORD PTR SS:[ARG.4]
|SETE CL
|MOVZX EDX,CL
|TEST EDX,EDX
|JNE SHORT 00408341
|CALL 0042E888
|/XOR EAX,EAX
|\JNE SHORT 00408341
|MOV ECX,DWORD PTR SS:[ARG.3]
|XOR EDX,EDX
|CMP ECX,DWORD PTR SS:[ARG.5]
|SETE DL
|MOVZX EAX,DL
|NEG EAX
|SBB EAX,EAX
|ADD EAX,1

0040835A |. 0FB6C8
|MOVZX ECX,AL
0040835D |. 85C9
|TEST ECX,ECX
0040835F |. 74 36
|JE SHORT 00408397
00408361 |. 8B55 0C
|MOV EDX,DWORD PTR SS:[ARG.2]
00408364 |. 8B45 10
|MOV EAX,DWORD PTR SS:[ARG.3]
00408367 |. 8955 C0
|MOV DWORD PTR SS:[LOCAL.16],EDX
0040836A |. 8945 C4
|MOV DWORD PTR SS:[LOCAL.15],EAX
0040836D |. 8D4D 0C
|LEA ECX,[ARG.2]
00408370 |. E8 3B230000 |CALL 0040A6B0
fo.0040A6B0
00408375 |. 8B4D C0
|MOV ECX,DWORD PTR SS:[LOCAL.16]
00408378 |. 894D E8
|MOV DWORD PTR SS:[LOCAL.6],ECX
0040837B |. 8B55 C4
|MOV EDX,DWORD PTR SS:[LOCAL.15]
0040837E |. 8955 EC
|MOV DWORD PTR SS:[LOCAL.5],EDX
00408381 |. 8B45 EC
|MOV EAX,DWORD PTR SS:[LOCAL.5]
00408384 |. 50
|PUSH EAX
[ARG.3]
00408385 |. 8B4D E8
|MOV ECX,DWORD PTR SS:[LOCAL.6]
00408388 |. 51
|PUSH ECX
[ARG.2]
00408389 |. 8D55 E0
|LEA EDX,[LOCAL.8]
0040838C |. 52
|PUSH EDX
OFFSET LOCAL.8
0040838D |. 8B4D AC
|MOV ECX,DWORD PTR SS:[LOCAL.21]
00408390 |. E8 0B170000 |CALL 00409AA0
fo.00409AA0
00408395 |.^ EB 83
\JMP SHORT 0040831A
00408397 |> 8B45 0C
MOV EAX,DWORD PTR SS:[ARG.2]
0040839A |. 8945 B0
MOV DWORD PTR SS:[LOCAL.20],EAX
0040839D |. 8B4D 10
MOV ECX,DWORD PTR SS:[ARG.3]
004083A0 |. 894D B4
MOV DWORD PTR SS:[LOCAL.19],ECX
004083A3 |. C745 B8 00000 MOV DWORD PTR SS:[LOCAL.18],0
004083AA |. 8B55 B4
MOV EDX,DWORD PTR SS:[LOCAL.19]
004083AD |. 8955 BC
MOV DWORD PTR SS:[LOCAL.17],EDX
004083B0 |. 837D AC 00
CMP DWORD PTR SS:[LOCAL.21],0
004083B4 |. 75 05
JNE SHORT 004083BB
004083B6 |. E8 CD640200 CALL 0042E888
004083BB |> 33C0
/XOR EAX,EAX
004083BD |.^ 75 FC
\JNE SHORT 004083BB
004083BF |. 8B4D AC
MOV ECX,DWORD PTR SS:[LOCAL.21]
004083C2 |. 8B11
MOV EDX,DWORD PTR DS:[ECX]
004083C4 |. 8955 B8
MOV DWORD PTR SS:[LOCAL.18],EDX
004083C7 |. 8B45 B8
MOV EAX,DWORD PTR SS:[LOCAL.18]
004083CA |. 8B4D BC
MOV ECX,DWORD PTR SS:[LOCAL.17]
004083CD |. 8B55 08
MOV EDX,DWORD PTR SS:[ARG.1]
004083D0 |. 8902
MOV DWORD PTR DS:[EDX],EAX
004083D2 |. 894A 04
MOV DWORD PTR DS:[EDX+4],ECX
004083D5 |. 8B45 08
MOV EAX,DWORD PTR SS:[ARG.1]
004083D8 |> 8BE5
MOV ESP,EBP
004083DA |. 5D
POP EBP
004083DB \. C2 1400
RETN 14
004083DE
CC
INT3
004083DF
CC
INT3
004083E0 /$ 55
PUSH EBP
o.004083E0(guessed Arg1,Arg2)
004083E1 |. 8BEC
MOV EBP,ESP
004083E3 |. 6A FF
PUSH -1
004083E5 |. 68 D9534400 PUSH 004453D9
004083EA |. 64:A1 0000000 MOV EAX,DWORD PTR FS:[0]
004083F0 |. 50
PUSH EAX

; [SystemIn

; /Arg3 =>
; |
; |Arg2 =>
; |
; |Arg1 =>
; |
; \SystemIn

; SystemInf

004083F1 |. 81EC 50010000


004083F7 |. A1 A0154500
004083FC |. 33C5
004083FE |. 50
004083FF |. 8D45 F4
00408402 |. 64:A3 0000000
00408408 |. 898D A4FEFFFF
0040840E |. 8B45 08
00408411 |. 83E0 17
00408414 |. 8B8D A4FEFFFF
0040841A |. 8941 08
0040841D |. 8B95 A4FEFFFF
00408423 |. 8B85 A4FEFFFF
00408429 |. 8B4A 08
0040842C |. 2348 0C
0040842F |. 75 05
00408431 |. E9 89010000
00408436 |> 0FB655 0C
0040843A |. 85D2
0040843C |. 74 0E
0040843E |. 6A 00
00408440 |. 6A 00
00408442 |. E8 DE640200
fo.0042E925
00408447 |. E9 73010000
0040844C |> 8B85 A4FEFFFF
00408452 |. 8B8D A4FEFFFF
00408458 |. 8B50 08
0040845B |. 2351 0C
0040845E |. 83E2 04
00408461 |. 74 64
00408463 |. 68 F8874400
SCII "ios_base::badbit set"
00408468 |. 8D4D B0
0040846B |. E8 80670000
fo.0040EBF0
00408470 |. C745 FC 00000
00408477 |. 8D4D CC
0040847A |. E8 06660200
fo.0042EA85
0040847F |. C645 FC 01
00408483 |. C745 CC F0874
0040848A |. 8D45 B0
0040848D |. 50
OFFSET LOCAL.20
0040848E |. 8D4D D8
00408491 |. E8 FA670000
fo.0040EC90
00408496 |. C645 FC 00
0040849A |. C745 CC E4874
004084A1 |. 68 2CD34400
ystemInfo.44D32C
004084A6 |. 8D4D CC
004084A9 |. 51
OFFSET LOCAL.13
004084AA |. E8 76640200
fo.0042E925
004084AF |. C745 FC FFFFF
004084B6 |. 6A 00
004084B8 |. 6A 01

SUB ESP,150
MOV EAX,DWORD PTR DS:[4515A0]
XOR EAX,EBP
PUSH EAX
LEA EAX,[LOCAL.3]
MOV DWORD PTR FS:[0],EAX
MOV DWORD PTR SS:[LOCAL.87],ECX
MOV EAX,DWORD PTR SS:[ARG.1]
AND EAX,00000017
MOV ECX,DWORD PTR SS:[LOCAL.87]
MOV DWORD PTR DS:[ECX+8],EAX
MOV EDX,DWORD PTR SS:[LOCAL.87]
MOV EAX,DWORD PTR SS:[LOCAL.87]
MOV ECX,DWORD PTR DS:[EDX+8]
AND ECX,DWORD PTR DS:[EAX+0C]
JNE SHORT 00408436
JMP 004085BF
MOVZX EDX,BYTE PTR SS:[ARG.2]
TEST EDX,EDX
JE SHORT 0040844C
PUSH 0
PUSH 0
CALL 0042E925

; /Arg2 = 0
; |Arg1 = 0
; \SystemIn

JMP 004085BF
MOV EAX,DWORD PTR SS:[LOCAL.87]
MOV ECX,DWORD PTR SS:[LOCAL.87]
MOV EDX,DWORD PTR DS:[EAX+8]
AND EDX,DWORD PTR DS:[ECX+0C]
AND EDX,00000004
JE SHORT 004084C7
PUSH OFFSET 004487F8

; /Arg1 = A

LEA ECX,[LOCAL.20]
CALL 0040EBF0

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.1],0


LEA ECX,[LOCAL.13]
CALL 0042EA85

; [SystemIn

MOV BYTE PTR SS:[LOCAL.1],1


MOV DWORD PTR SS:[LOCAL.13],OFFSET 00448
LEA EAX,[LOCAL.20]
PUSH EAX
; /Arg1 =>
LEA ECX,[LOCAL.10]
CALL 0040EC90

; |
; \SystemIn

MOV BYTE PTR SS:[LOCAL.1],0


MOV DWORD PTR SS:[LOCAL.13],OFFSET 00448
PUSH OFFSET 0044D32C
; /Arg2 = S
LEA ECX,[LOCAL.13]
PUSH ECX

; |
; |Arg1 =>

CALL 0042E925

; \SystemIn

MOV DWORD PTR SS:[LOCAL.1],-1


PUSH 0
PUSH 1

; /Arg2 = 0
; |Arg1 = 1

004084BA |. 8D4D B0
LEA ECX,[LOCAL.20]
; |
004084BD |. E8 9E760000 CALL 0040FB60
; \SystemIn
fo.0040FB60
004084C2 |. E9 F8000000 JMP 004085BF
004084C7 |> 8B95 A4FEFFFF MOV EDX,DWORD PTR SS:[LOCAL.87]
004084CD |. 8B85 A4FEFFFF MOV EAX,DWORD PTR SS:[LOCAL.87]
004084D3 |. 8B4A 08
MOV ECX,DWORD PTR DS:[EDX+8]
004084D6 |. 2348 0C
AND ECX,DWORD PTR DS:[EAX+0C]
004084D9 |. 83E1 02
AND ECX,00000002
004084DC |. 74 6A
JE SHORT 00408548
004084DE |. 68 C8874400 PUSH OFFSET 004487C8
; /Arg1 = A
SCII "ios_base::failbit set"
004084E3 |. 8D8D 6CFFFFFF LEA ECX,[LOCAL.37]
; |
004084E9 |. E8 02670000 CALL 0040EBF0
; \SystemIn
fo.0040EBF0
004084EE |. C745 FC 02000 MOV DWORD PTR SS:[LOCAL.1],2
004084F5 |. 8D4D 88
LEA ECX,[LOCAL.30]
004084F8 |. E8 88650200 CALL 0042EA85
; [SystemIn
fo.0042EA85
004084FD |. C645 FC 03
MOV BYTE PTR SS:[LOCAL.1],3
00408501 |. C745 88 F0874 MOV DWORD PTR SS:[LOCAL.30],OFFSET 00448
00408508 |. 8D95 6CFFFFFF LEA EDX,[LOCAL.37]
0040850E |. 52
PUSH EDX
; /Arg1 =>
OFFSET LOCAL.37
0040850F |. 8D4D 94
LEA ECX,[LOCAL.27]
; |
00408512 |. E8 79670000 CALL 0040EC90
; \SystemIn
fo.0040EC90
00408517 |. C645 FC 02
MOV BYTE PTR SS:[LOCAL.1],2
0040851B |. C745 88 E4874 MOV DWORD PTR SS:[LOCAL.30],OFFSET 00448
00408522 |. 68 2CD34400 PUSH OFFSET 0044D32C
; /Arg2 = S
ystemInfo.44D32C
00408527 |. 8D45 88
LEA EAX,[LOCAL.30]
; |
0040852A |. 50
PUSH EAX
; |Arg1 =>
OFFSET LOCAL.30
0040852B |. E8 F5630200 CALL 0042E925
; \SystemIn
fo.0042E925
00408530 |. C745 FC FFFFF MOV DWORD PTR SS:[LOCAL.1],-1
00408537 |. 6A 00
PUSH 0
; /Arg2 = 0
00408539 |. 6A 01
PUSH 1
; |Arg1 = 1
0040853B |. 8D8D 6CFFFFFF LEA ECX,[LOCAL.37]
; |
00408541 |. E8 1A760000 CALL 0040FB60
; \SystemIn
fo.0040FB60
00408546 |. EB 77
JMP SHORT 004085BF
00408548 |> 68 B0874400 PUSH OFFSET 004487B0
; /Arg1 = A
SCII "ios_base::eofbit set"
0040854D |. 8D8D 28FFFFFF LEA ECX,[LOCAL.54]
; |
00408553 |. E8 98660000 CALL 0040EBF0
; \SystemIn
fo.0040EBF0
00408558 |. C745 FC 04000 MOV DWORD PTR SS:[LOCAL.1],4
0040855F |. 8D8D 44FFFFFF LEA ECX,[LOCAL.47]
00408565 |. E8 1B650200 CALL 0042EA85
; [SystemIn
fo.0042EA85
0040856A |. C645 FC 05
MOV BYTE PTR SS:[LOCAL.1],5
0040856E |. C785 44FFFFFF MOV DWORD PTR SS:[LOCAL.47],OFFSET 00448
00408578 |. 8D8D 28FFFFFF LEA ECX,[LOCAL.54]
0040857E |. 51
PUSH ECX
; /Arg1 =>
OFFSET LOCAL.54
0040857F |. 8D8D 50FFFFFF LEA ECX,[LOCAL.44]
; |
00408585 |. E8 06670000 CALL 0040EC90
; \SystemIn
fo.0040EC90

0040858A |. C645 FC 04
0040858E |. C785 44FFFFFF
00408598 |. 68 2CD34400
ystemInfo.44D32C
0040859D |. 8D95 44FFFFFF
004085A3 |. 52
OFFSET LOCAL.47
004085A4 |. E8 7C630200
fo.0042E925
004085A9 |. C745 FC FFFFF
004085B0 |. 6A 00
004085B2 |. 6A 01
004085B4 |. 8D8D 28FFFFFF
004085BA |. E8 A1750000
fo.0040FB60
004085BF |> 8B4D F4
004085C2 |. 64:890D 00000
004085C9 |. 59
004085CA |. 8BE5
004085CC |. 5D
004085CD \. C2 0800
004085D0 /. 55
004085D1 |. 8BEC
004085D3 |. 83EC 18
004085D6 |. 894D E8
004085D9 |. 8B45 E8
004085DC |. C700 F0874400
004085E2 |. 6A 00
004085E4 |. 6A 01
004085E6 |. 8B4D E8
004085E9 |. 83C1 0C
004085EC |. E8 6F750000
fo.0040FB60
004085F1 |. 8B4D E8
004085F4 |. E8 6A650200
fo.0042EB63
004085F9 |. 8B4D 08
004085FC |. 83E1 01
004085FF |. 74 0C
00408601 |. 8B55 E8
00408604 |. 52
00408605 |. E8 10630200
0040860A |. 83C4 04
0040860D |> 8B45 E8
00408610 |. 8BE5
00408612 |. 5D
00408613 \. C2 0400
00408616
CC
00408617
CC
00408618
CC
00408619
CC
0040861A
CC
0040861B
CC
0040861C
CC
0040861D
CC
0040861E
CC
0040861F
CC
00408620 /$ 55
o.00408620(guessed Arg1)
00408621 |. 8BEC

MOV BYTE PTR SS:[LOCAL.1],4


MOV DWORD PTR SS:[LOCAL.47],OFFSET 00448
PUSH OFFSET 0044D32C
; /Arg2 = S
LEA EDX,[LOCAL.47]
PUSH EDX

; |
; |Arg1 =>

CALL 0042E925

; \SystemIn

MOV DWORD PTR SS:[LOCAL.1],-1


PUSH 0
PUSH 1
LEA ECX,[LOCAL.54]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

MOV ECX,DWORD
MOV DWORD PTR
POP ECX
MOV ESP,EBP
POP EBP
RETN 8
PUSH EBP
MOV EBP,ESP
SUB ESP,18
MOV DWORD PTR
MOV EAX,DWORD
MOV DWORD PTR
PUSH 0
PUSH 1
MOV ECX,DWORD
ADD ECX,0C
CALL 0040FB60

;
;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
|
\SystemIn

PTR SS:[LOCAL.3]
FS:[0],ECX

SS:[LOCAL.6],ECX
PTR SS:[LOCAL.6]
DS:[EAX],OFFSET 004487F0
PTR SS:[LOCAL.6]

MOV ECX,DWORD PTR SS:[LOCAL.6]


CALL 0042EB63

; [SystemIn

MOV ECX,DWORD PTR SS:[ARG.1]


AND ECX,00000001
JE SHORT 0040860D
MOV EDX,DWORD PTR SS:[LOCAL.6]
PUSH EDX
CALL 0042E91A
ADD ESP,4
MOV EAX,DWORD PTR SS:[LOCAL.6]
MOV ESP,EBP
POP EBP
RETN 4
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP

; SystemInf

MOV EBP,ESP

00408623 |.
00408625 |.
0040862A |.
00408630 |.
00408631 |.
00408634 |.
00408639 |.
0040863B |.
0040863C |.
0040863F |.
00408645 |.
00408648 |.
0040864B |.
[ARG.1]
0040864C |.
0040864F |.
fo.0042EB06
00408654 |.
0040865B |.
0040865E |.
00408664 |.
00408667 |.
0040866A |.
0040866D |.
0040866F |.
00408671 |.
00408674 |.
fo.0040FB60
00408679 |.
0040867E |.
[4487AC] = -1
0040867F |.
00408681 |.
00408684 |.
00408687 |.
00408688 |.
0040868B |.
fo.0040F020
00408690 |.
00408697 |.
0040869A |.
0040869D |.
004086A4 |.
004086A5 |.
004086A7 |.
004086A8 \.
004086AB
004086AC
004086AD
004086AE
004086AF
004086B0 /.
004086B1 |.
004086B3 |.
004086B6 |.
004086B9 |.
004086BC |.
004086C2 |.
004086C5 |.
004086CB |.

6A FF
68 08544400
64:A1 0000000
50
83EC 70
A1 A0154500
33C5
50
8D45 F4
64:A3 0000000
894D 84
8B45 08
50

PUSH -1
PUSH 00445408
MOV EAX,DWORD PTR FS:[0]
PUSH EAX
SUB ESP,70
MOV EAX,DWORD PTR DS:[4515A0]
XOR EAX,EBP
PUSH EAX
LEA EAX,[LOCAL.3]
MOV DWORD PTR FS:[0],EAX
MOV DWORD PTR SS:[LOCAL.31],ECX
MOV EAX,DWORD PTR SS:[ARG.1]
PUSH EAX

; /Arg1 =>

8B4D 84
E8 B2640200

MOV ECX,DWORD PTR SS:[LOCAL.31]


CALL 0042EB06

; |
; \SystemIn

C745 FC 00000
8B4D 84
C701 F0874400
8B55 84
83C2 0C
8955 88
6A 00
6A 00
8B4D 88
E8 E7740000

MOV DWORD PTR


MOV ECX,DWORD
MOV DWORD PTR
MOV EDX,DWORD
ADD EDX,0C
MOV DWORD PTR
PUSH 0
PUSH 0
MOV ECX,DWORD
CALL 0040FB60

;
;
;
;

A1 AC874400
50

MOV EAX,DWORD PTR DS:[4487AC]


PUSH EAX

; /Arg3 =>

6A 00
8B4D 08
83C1 0C
51
8B4D 88
E8 90690000

PUSH 0
MOV ECX,DWORD PTR SS:[ARG.1]
ADD ECX,0C
PUSH ECX
MOV ECX,DWORD PTR SS:[LOCAL.30]
CALL 0040F020

;
;
;
;
;
;

C745 FC FFFFF
8B45 84
8B4D F4
64:890D 00000
59
8BE5
5D
C2 0400
CC
CC
CC
CC
CC
55
8BEC
83EC 18
894D E8
8B45 E8
C700 E4874400
8B4D E8
C701 F0874400
6A 00

MOV DWORD PTR


MOV EAX,DWORD
MOV ECX,DWORD
MOV DWORD PTR
POP ECX
MOV ESP,EBP
POP EBP
RETN 4
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
SUB ESP,18
MOV DWORD PTR
MOV EAX,DWORD
MOV DWORD PTR
MOV ECX,DWORD
MOV DWORD PTR
PUSH 0

; /Arg2 = 0

SS:[LOCAL.1],0
PTR SS:[LOCAL.31]
DS:[ECX],OFFSET 004487F0
PTR SS:[LOCAL.31]
SS:[LOCAL.30],EDX
PTR SS:[LOCAL.30]

/Arg2 = 0
|Arg1 = 0
|
\SystemIn

|Arg2 = 0
|
|
|Arg1
|
\SystemIn

SS:[LOCAL.1],-1
PTR SS:[LOCAL.31]
PTR SS:[LOCAL.3]
FS:[0],ECX

SS:[LOCAL.6],ECX
PTR SS:[LOCAL.6]
DS:[EAX],OFFSET 004487E4
PTR SS:[LOCAL.6]
DS:[ECX],OFFSET 004487F0

004086CD |.
004086CF |.
004086D2 |.
004086D5 |.
fo.0040FB60
004086DA |.
004086DD |.
fo.0042EB63
004086E2 |.
004086E4 |.
004086E5 \.
004086E6
004086E7
004086E8
004086E9
004086EA
004086EB
004086EC
004086ED
004086EE
004086EF
004086F0 /$
004086F1 |.
004086F3 |.
004086F6 |.
004086F9 |.
004086FC |.
00408701 |.
00408704 |.
00408707 |.
0040870A |.
0040870D |.
00408711 |.
00408714 |.
00408717 |.
0040871A |.
0040871D |.
00408720 |.
00408723 |.
00408726 |.
00408729 |.
0040872C |.
0040872F |.
00408732 |.
00408734 |.
00408737 |.
0040873A |.
0040873D |.
00408740 |.
00408743 |.
00408746 |.
0040874D |.
0040874F |.
00408750 \.
00408751
00408752
00408753
00408754
00408755
00408756

6A 01
8B4D E8
83C1 0C
E8 86740000

PUSH 1
MOV ECX,DWORD PTR SS:[LOCAL.6]
ADD ECX,0C
CALL 0040FB60

;
;
;
;

|Arg1 = 1
|
|
\SystemIn

8B4D E8
E8 81640200

MOV ECX,DWORD PTR SS:[LOCAL.6]


CALL 0042EB63

; [SystemIn

8BE5
5D
C3
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
55
8BEC
83EC 08
894D F8
8B4D F8
E8 3F1C0000
8B4D F8
8941 18
8B55 F8
8B42 18
C640 5D 01
8B4D F8
8B51 18
8B45 F8
8B48 18
894A 04
8B55 F8
8B42 18
8945 FC
8B4D FC
8B55 F8
8B42 18
8901
8B4D F8
8B51 18
8B45 F8
8B48 18
894A 08
8B55 F8
C742 1C 00000
8BE5
5D
C3
CC
CC
CC
CC
CC
CC

MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
SUB ESP,8
MOV DWORD PTR SS:[LOCAL.2],ECX
MOV ECX,DWORD PTR SS:[LOCAL.2]
CALL 0040A340
MOV ECX,DWORD PTR SS:[LOCAL.2]
MOV DWORD PTR DS:[ECX+18],EAX
MOV EDX,DWORD PTR SS:[LOCAL.2]
MOV EAX,DWORD PTR DS:[EDX+18]
MOV BYTE PTR DS:[EAX+5D],1
MOV ECX,DWORD PTR SS:[LOCAL.2]
MOV EDX,DWORD PTR DS:[ECX+18]
MOV EAX,DWORD PTR SS:[LOCAL.2]
MOV ECX,DWORD PTR DS:[EAX+18]
MOV DWORD PTR DS:[EDX+4],ECX
MOV EDX,DWORD PTR SS:[LOCAL.2]
MOV EAX,DWORD PTR DS:[EDX+18]
MOV DWORD PTR SS:[LOCAL.1],EAX
MOV ECX,DWORD PTR SS:[LOCAL.1]
MOV EDX,DWORD PTR SS:[LOCAL.2]
MOV EAX,DWORD PTR DS:[EDX+18]
MOV DWORD PTR DS:[ECX],EAX
MOV ECX,DWORD PTR SS:[LOCAL.2]
MOV EDX,DWORD PTR DS:[ECX+18]
MOV EAX,DWORD PTR SS:[LOCAL.2]
MOV ECX,DWORD PTR DS:[EAX+18]
MOV DWORD PTR DS:[EDX+8],ECX
MOV EDX,DWORD PTR SS:[LOCAL.2]
MOV DWORD PTR DS:[EDX+1C],0
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
INT3
INT3
INT3

00408757
CC
INT3
00408758
CC
INT3
00408759
CC
INT3
0040875A
CC
INT3
0040875B
CC
INT3
0040875C
CC
INT3
0040875D
CC
INT3
0040875E
CC
INT3
0040875F
CC
INT3
00408760 /$ 55
PUSH EBP
o.00408760(guessed Arg1,Arg2,Arg3,Arg4)
00408761 |. 8BEC
MOV EBP,ESP
00408763 |. 6A FF
PUSH -1
00408765 |. 68 38544400 PUSH 00445438
0040876A |. 64:A1 0000000 MOV EAX,DWORD PTR FS:[0]
00408770 |. 50
PUSH EAX
00408771 |. 81EC C8000000 SUB ESP,0C8
00408777 |. A1 A0154500 MOV EAX,DWORD PTR DS:[4515A0]
0040877C |. 33C5
XOR EAX,EBP
0040877E |. 50
PUSH EAX
0040877F |. 8D45 F4
LEA EAX,[LOCAL.3]
00408782 |. 64:A3 0000000 MOV DWORD PTR FS:[0],EAX
00408788 |. 898D 30FFFFFF MOV DWORD PTR SS:[LOCAL.52],ECX
0040878E |. C745 A4 33333 MOV DWORD PTR SS:[LOCAL.23],3333333
00408795 |. 837D A4 00
CMP DWORD PTR SS:[LOCAL.23],0
00408799 |. 76 0B
JBE SHORT 004087A6
0040879B |. 8B45 A4
MOV EAX,DWORD PTR SS:[LOCAL.23]
0040879E |. 8985 2CFFFFFF MOV DWORD PTR SS:[LOCAL.53],EAX
004087A4 |. EB 0A
JMP SHORT 004087B0
004087A6 |> C785 2CFFFFFF MOV DWORD PTR SS:[LOCAL.53],1
004087B0 |> 8B8D 2CFFFFFF MOV ECX,DWORD PTR SS:[LOCAL.53]
004087B6 |. 83E9 01
SUB ECX,1
004087B9 |. 8B95 30FFFFFF MOV EDX,DWORD PTR SS:[LOCAL.52]
004087BF |. 3B4A 1C
CMP ECX,DWORD PTR DS:[EDX+1C]
004087C2 |. 77 48
JA SHORT 0040880C
004087C4 |. 68 1C884400 PUSH OFFSET 0044881C
SCII "map/set<T> too long"
004087C9 |. 8D4D A8
LEA ECX,[LOCAL.22]
004087CC |. E8 1F640000 CALL 0040EBF0
fo.0040EBF0
004087D1 |. C745 FC 00000 MOV DWORD PTR SS:[LOCAL.1],0
004087D8 |. 8D45 A8
LEA EAX,[LOCAL.22]
004087DB |. 50
PUSH EAX
OFFSET LOCAL.22
004087DC |. 8D4D C4
LEA ECX,[LOCAL.15]
004087DF |. E8 5C030000 CALL 00408B40
fo.00408B40
004087E4 |. C745 C4 14884 MOV DWORD PTR SS:[LOCAL.15],OFFSET 00448
004087EB |. 68 20D44400 PUSH OFFSET 0044D420
ystemInfo.44D420
004087F0 |. 8D4D C4
LEA ECX,[LOCAL.15]
004087F3 |. 51
PUSH ECX
OFFSET LOCAL.15
004087F4 |. E8 2C610200 CALL 0042E925
fo.0042E925
004087F9 |. C745 FC FFFFF MOV DWORD PTR SS:[LOCAL.1],-1
00408800 |. 6A 00
PUSH 0
00408802 |. 6A 01
PUSH 1
00408804 |. 8D4D A8
LEA ECX,[LOCAL.22]
00408807 |. E8 54730000 CALL 0040FB60

; SystemInf

; /Arg1 = A
; |
; \SystemIn

; /Arg1 =>
; |
; \SystemIn
; /Arg2 = S
; |
; |Arg1 =>
; \SystemIn
;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

fo.0040FB60
0040880C |>
0040880E |.
00408811 |.
[ARG.4]
00408812 |.
00408818 |.
0040881B |.
[ARG.ECX+18]
0040881C |.
0040881F |.
[ARG.3]
00408820 |.
00408826 |.
00408829 |.
[ARG.ECX+18]
0040882A |.
00408830 |.
fo.0040A490
00408835 |.
00408838 |.
0040883E |.
00408841 |.
00408844 |.
0040884A |.
0040884D |.
00408853 |.
00408856 |.
00408859 |.
0040885B |.
00408861 |.
00408864 |.
00408867 |.
0040886A |.
00408870 |.
00408873 |.
00408876 |.
00408879 |.
0040887C |.
0040887E |.
00408884 |.
00408887 |.
0040888A |.
0040888D |.
0040888F |>
00408893 |.
00408895 |.
00408897 |.
0040889A |.
0040889D |.
0040889F |.
004088A5 |.
004088A8 |.
004088AB |.
004088AE |.
004088B1 |.
004088B3 |.
004088B5 |.
004088BB |.
004088BE |.

6A 00
8B55 14
52

PUSH 0
MOV EDX,DWORD PTR SS:[ARG.4]
PUSH EDX

; /Arg5 = 0
; |
; |Arg4 =>

8B85 30FFFFFF MOV EAX,DWORD PTR SS:[LOCAL.52]


8B48 18
MOV ECX,DWORD PTR DS:[EAX+18]
51
PUSH ECX

; |
; |
; |Arg3 =>

8B55 10
52

; |
; |Arg2 =>

MOV EDX,DWORD PTR SS:[ARG.3]


PUSH EDX

8B85 30FFFFFF MOV EAX,DWORD PTR SS:[LOCAL.52]


8B48 18
MOV ECX,DWORD PTR DS:[EAX+18]
51
PUSH ECX

; |
; |
; |Arg1 =>

8B8D 30FFFFFF MOV ECX,DWORD PTR SS:[LOCAL.52]


E8 5B1C0000 CALL 0040A490

; |
; \SystemIn

8945 F0
8B95 30FFFFFF
8B42 1C
83C0 01
8B8D 30FFFFFF
8941 1C
8B95 30FFFFFF
8B45 10
3B42 18
75 34
8B8D 30FFFFFF
8B51 18
8B45 F0
8942 04
8B8D 30FFFFFF
8B51 18
8955 90
8B45 90
8B4D F0
8908
8B95 30FFFFFF
8B42 18
8B4D F0
8948 08
EB 65
0FB655 0C
85D2
74 34
8B45 10
8B4D F0
8908
8B95 30FFFFFF
8B42 18
8945 8C
8B4D 8C
8B55 10
3B11
75 14
8B85 30FFFFFF
8B48 18
894D 88

MOV DWORD PTR SS:[LOCAL.4],EAX


MOV EDX,DWORD PTR SS:[LOCAL.52]
MOV EAX,DWORD PTR DS:[EDX+1C]
ADD EAX,1
MOV ECX,DWORD PTR SS:[LOCAL.52]
MOV DWORD PTR DS:[ECX+1C],EAX
MOV EDX,DWORD PTR SS:[LOCAL.52]
MOV EAX,DWORD PTR SS:[ARG.3]
CMP EAX,DWORD PTR DS:[EDX+18]
JNE SHORT 0040888F
MOV ECX,DWORD PTR SS:[LOCAL.52]
MOV EDX,DWORD PTR DS:[ECX+18]
MOV EAX,DWORD PTR SS:[LOCAL.4]
MOV DWORD PTR DS:[EDX+4],EAX
MOV ECX,DWORD PTR SS:[LOCAL.52]
MOV EDX,DWORD PTR DS:[ECX+18]
MOV DWORD PTR SS:[LOCAL.28],EDX
MOV EAX,DWORD PTR SS:[LOCAL.28]
MOV ECX,DWORD PTR SS:[LOCAL.4]
MOV DWORD PTR DS:[EAX],ECX
MOV EDX,DWORD PTR SS:[LOCAL.52]
MOV EAX,DWORD PTR DS:[EDX+18]
MOV ECX,DWORD PTR SS:[LOCAL.4]
MOV DWORD PTR DS:[EAX+8],ECX
JMP SHORT 004088F4
MOVZX EDX,BYTE PTR SS:[ARG.2]
TEST EDX,EDX
JE SHORT 004088CB
MOV EAX,DWORD PTR SS:[ARG.3]
MOV ECX,DWORD PTR SS:[LOCAL.4]
MOV DWORD PTR DS:[EAX],ECX
MOV EDX,DWORD PTR SS:[LOCAL.52]
MOV EAX,DWORD PTR DS:[EDX+18]
MOV DWORD PTR SS:[LOCAL.29],EAX
MOV ECX,DWORD PTR SS:[LOCAL.29]
MOV EDX,DWORD PTR SS:[ARG.3]
CMP EDX,DWORD PTR DS:[ECX]
JNE SHORT 004088C9
MOV EAX,DWORD PTR SS:[LOCAL.52]
MOV ECX,DWORD PTR DS:[EAX+18]
MOV DWORD PTR SS:[LOCAL.30],ECX

004088C1
004088C4
004088C7
004088C9
004088CB
004088CE
004088D1
004088D4
004088DA
004088DD
004088E0
004088E3
004088E5
004088EB
004088EE
004088F1
004088F4
004088F7
004088FA
004088FD
00408900
00408904
00408906
0040890C
0040890F
00408912
00408915
00408918
0040891B
0040891D
00408920
00408923
00408926
00408929
0040892B
00408931
00408934
00408937
0040893A
00408940
00408946
00408948
0040894B
0040894E
00408951
00408955
00408957
00408959
0040895C
0040895F
00408963
00408966
0040896A
0040896D
00408970
00408973
00408979
0040897F
00408981
00408985

|.
|.
|.
|>
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.

8B55 88
8B45 F0
8902
EB 29
8B4D 10
8B55 F0
8951 08
8B85 30FFFFFF
8B48 18
8B55 10
3B51 08
75 0F
8B85 30FFFFFF
8B48 18
8B55 F0
8951 08
8B45 F0
8945 EC
8B4D EC
8B51 04
0FBE42 5C
85C0
0F85 C9010000
8B4D EC
8B51 04
83C2 04
8955 84
8B45 84
8B08
894D 80
8B55 EC
8B45 80
8B4A 04
3B08
0F85 C7000000
8B55 EC
8B42 04
83C0 04
8985 7CFFFFFF
8B8D 7CFFFFFF
8B11
8B42 08
8945 10
8B4D 10
0FBE51 5C
85D2
75 3A
8B45 EC
8B48 04
C641 5C 01
8B55 10
C642 5C 01
8B45 EC
8B48 04
83C1 04
898D 78FFFFFF
8B95 78FFFFFF
8B02
C640 5C 00
8B4D EC

MOV EDX,DWORD PTR SS:[LOCAL.30]


MOV EAX,DWORD PTR SS:[LOCAL.4]
MOV DWORD PTR DS:[EDX],EAX
JMP SHORT 004088F4
MOV ECX,DWORD PTR SS:[ARG.3]
MOV EDX,DWORD PTR SS:[LOCAL.4]
MOV DWORD PTR DS:[ECX+8],EDX
MOV EAX,DWORD PTR SS:[LOCAL.52]
MOV ECX,DWORD PTR DS:[EAX+18]
MOV EDX,DWORD PTR SS:[ARG.3]
CMP EDX,DWORD PTR DS:[ECX+8]
JNE SHORT 004088F4
MOV EAX,DWORD PTR SS:[LOCAL.52]
MOV ECX,DWORD PTR DS:[EAX+18]
MOV EDX,DWORD PTR SS:[LOCAL.4]
MOV DWORD PTR DS:[ECX+8],EDX
MOV EAX,DWORD PTR SS:[LOCAL.4]
MOV DWORD PTR SS:[LOCAL.5],EAX
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV EDX,DWORD PTR DS:[ECX+4]
MOVSX EAX,BYTE PTR DS:[EDX+5C]
TEST EAX,EAX
JNE 00408AD5
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV EDX,DWORD PTR DS:[ECX+4]
ADD EDX,4
MOV DWORD PTR SS:[LOCAL.31],EDX
MOV EAX,DWORD PTR SS:[LOCAL.31]
MOV ECX,DWORD PTR DS:[EAX]
MOV DWORD PTR SS:[LOCAL.32],ECX
MOV EDX,DWORD PTR SS:[LOCAL.5]
MOV EAX,DWORD PTR SS:[LOCAL.32]
MOV ECX,DWORD PTR DS:[EDX+4]
CMP ECX,DWORD PTR DS:[EAX]
JNE 004089F8
MOV EDX,DWORD PTR SS:[LOCAL.5]
MOV EAX,DWORD PTR DS:[EDX+4]
ADD EAX,4
MOV DWORD PTR SS:[LOCAL.33],EAX
MOV ECX,DWORD PTR SS:[LOCAL.33]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR DS:[EDX+8]
MOV DWORD PTR SS:[ARG.3],EAX
MOV ECX,DWORD PTR SS:[ARG.3]
MOVSX EDX,BYTE PTR DS:[ECX+5C]
TEST EDX,EDX
JNE SHORT 00408993
MOV EAX,DWORD PTR SS:[LOCAL.5]
MOV ECX,DWORD PTR DS:[EAX+4]
MOV BYTE PTR DS:[ECX+5C],1
MOV EDX,DWORD PTR SS:[ARG.3]
MOV BYTE PTR DS:[EDX+5C],1
MOV EAX,DWORD PTR SS:[LOCAL.5]
MOV ECX,DWORD PTR DS:[EAX+4]
ADD ECX,4
MOV DWORD PTR SS:[LOCAL.34],ECX
MOV EDX,DWORD PTR SS:[LOCAL.34]
MOV EAX,DWORD PTR DS:[EDX]
MOV BYTE PTR DS:[EAX+5C],0
MOV ECX,DWORD PTR SS:[LOCAL.5]

00408988 |.
0040898B |.
0040898E |.
00408991 |.^
00408993 |>
00408996 |.
00408999 |.
0040899C |.
0040899F |.
004089A1 |.
004089A4 |.
004089A7 |.
004089AA |.
004089AD |.
[LOCAL.5]
004089AE |.
004089B4 |.
fo.0040A1E0
004089B9 |>
004089BC |.
004089BF |.
004089C3 |.
004089C6 |.
004089C9 |.
004089CC |.
004089D2 |.
004089D8 |.
004089DA |.
004089DE |.
004089E1 |.
004089E4 |.
004089E7 |.
004089E8 |.
004089EE |.
fo.0040A290
004089F3 |>^
004089F8 |>
004089FB |.
004089FE |.
00408A01 |.
00408A07 |.
00408A0D |.
00408A0F |.
00408A15 |.
00408A1B |.
00408A1D |.
00408A20 |.
00408A23 |.
00408A27 |.
00408A29 |.
00408A2B |.
00408A2E |.
00408A31 |.
00408A35 |.
00408A38 |.
00408A3C |.
00408A3F |.
00408A42 |.
00408A45 |.
00408A4B |.

8B51 04
8B42 04
8945 EC
EB 60
8B4D EC
8B51 04
8B45 EC
3B42 08
75 18
8B4D EC
8B51 04
8955 EC
8B45 EC
50

MOV EDX,DWORD PTR DS:[ECX+4]


MOV EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.5],EAX
JMP SHORT 004089F3
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV EDX,DWORD PTR DS:[ECX+4]
MOV EAX,DWORD PTR SS:[LOCAL.5]
CMP EAX,DWORD PTR DS:[EDX+8]
JNE SHORT 004089B9
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[LOCAL.5],EDX
MOV EAX,DWORD PTR SS:[LOCAL.5]
PUSH EAX

; /Arg1 =>

8B8D 30FFFFFF MOV ECX,DWORD PTR SS:[LOCAL.52]


E8 27180000 CALL 0040A1E0

; |
; \SystemIn

8B4D EC
8B51 04
C642 5C 01
8B45 EC
8B48 04
83C1 04
898D 68FFFFFF
8B95 68FFFFFF
8B02
C640 5C 00
8B4D EC
8B51 04
8B42 04
50
8B8D 30FFFFFF
E8 9D180000

MOV ECX,DWORD PTR SS:[LOCAL.5]


MOV EDX,DWORD PTR DS:[ECX+4]
MOV BYTE PTR DS:[EDX+5C],1
MOV EAX,DWORD PTR SS:[LOCAL.5]
MOV ECX,DWORD PTR DS:[EAX+4]
ADD ECX,4
MOV DWORD PTR SS:[LOCAL.38],ECX
MOV EDX,DWORD PTR SS:[LOCAL.38]
MOV EAX,DWORD PTR DS:[EDX]
MOV BYTE PTR DS:[EAX+5C],0
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV EDX,DWORD PTR DS:[ECX+4]
MOV EAX,DWORD PTR DS:[EDX+4]
PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.52]
CALL 0040A290

; /Arg1
; |
; \SystemIn

E9 D8000000
8B4D EC
8B51 04
83C2 04
8995 5CFFFFFF
8B85 5CFFFFFF
8B08
898D 58FFFFFF
8B95 58FFFFFF
8B02
8945 10
8B4D 10
0FBE51 5C
85D2
75 3A
8B45 EC
8B48 04
C641 5C 01
8B55 10
C642 5C 01
8B45 EC
8B48 04
83C1 04
898D 54FFFFFF
8B95 54FFFFFF

JMP 00408AD0
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV EDX,DWORD PTR DS:[ECX+4]
ADD EDX,4
MOV DWORD PTR SS:[LOCAL.41],EDX
MOV EAX,DWORD PTR SS:[LOCAL.41]
MOV ECX,DWORD PTR DS:[EAX]
MOV DWORD PTR SS:[LOCAL.42],ECX
MOV EDX,DWORD PTR SS:[LOCAL.42]
MOV EAX,DWORD PTR DS:[EDX]
MOV DWORD PTR SS:[ARG.3],EAX
MOV ECX,DWORD PTR SS:[ARG.3]
MOVSX EDX,BYTE PTR DS:[ECX+5C]
TEST EDX,EDX
JNE SHORT 00408A65
MOV EAX,DWORD PTR SS:[LOCAL.5]
MOV ECX,DWORD PTR DS:[EAX+4]
MOV BYTE PTR DS:[ECX+5C],1
MOV EDX,DWORD PTR SS:[ARG.3]
MOV BYTE PTR DS:[EDX+5C],1
MOV EAX,DWORD PTR SS:[LOCAL.5]
MOV ECX,DWORD PTR DS:[EAX+4]
ADD ECX,4
MOV DWORD PTR SS:[LOCAL.43],ECX
MOV EDX,DWORD PTR SS:[LOCAL.43]

00408A51 |.
00408A53 |.
00408A57 |.
00408A5A |.
00408A5D |.
00408A60 |.
00408A63 |.^
00408A65 |>
00408A68 |.
00408A6B |.
00408A71 |.
00408A77 |.
00408A7A |.
00408A7C |.
00408A7E |.
00408A81 |.
00408A84 |.
00408A87 |.
00408A8A |.
[LOCAL.5]
00408A8B |.
00408A91 |.
fo.0040A290
00408A96 |>
00408A99 |.
00408A9C |.
00408AA0 |.
00408AA3 |.
00408AA6 |.
00408AA9 |.
00408AAF |.
00408AB5 |.
00408AB7 |.
00408ABB |.
00408ABE |.
00408AC1 |.
00408AC4 |.
00408AC5 |.
00408ACB |.
fo.0040A1E0
00408AD0 |>^
00408AD5 |>
00408ADB |.
00408ADE |.
00408AE1 |.
00408AE7 |.
00408AED |.
00408AEF |.
00408AF3 |.
00408AF6 |.
00408AFC |.
00408AFF |.
00408B02 |.
00408B05 |.
00408B0C |.
00408B0E |.
00408B13 |>
00408B15 |.^
00408B17 |.
00408B1A |.

8B02
C640 5C 00
8B4D EC
8B51 04
8B42 04
8945 EC
EB 6B
8B4D EC
8B51 04
8995 50FFFFFF
8B85 50FFFFFF
8B4D EC
3B08
75 18
8B55 EC
8B42 04
8945 EC
8B4D EC
51

MOV EAX,DWORD PTR DS:[EDX]


MOV BYTE PTR DS:[EAX+5C],0
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV EDX,DWORD PTR DS:[ECX+4]
MOV EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.5],EAX
JMP SHORT 00408AD0
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[LOCAL.44],EDX
MOV EAX,DWORD PTR SS:[LOCAL.44]
MOV ECX,DWORD PTR SS:[LOCAL.5]
CMP ECX,DWORD PTR DS:[EAX]
JNE SHORT 00408A96
MOV EDX,DWORD PTR SS:[LOCAL.5]
MOV EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.5],EAX
MOV ECX,DWORD PTR SS:[LOCAL.5]
PUSH ECX

; /Arg1 =>

8B8D 30FFFFFF MOV ECX,DWORD PTR SS:[LOCAL.52]


E8 FA170000 CALL 0040A290

; |
; \SystemIn

8B55 EC
8B42 04
C640 5C 01
8B4D EC
8B51 04
83C2 04
8995 44FFFFFF
8B85 44FFFFFF
8B08
C641 5C 00
8B55 EC
8B42 04
8B48 04
51
8B8D 30FFFFFF
E8 10170000

MOV EDX,DWORD PTR SS:[LOCAL.5]


MOV EAX,DWORD PTR DS:[EDX+4]
MOV BYTE PTR DS:[EAX+5C],1
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV EDX,DWORD PTR DS:[ECX+4]
ADD EDX,4
MOV DWORD PTR SS:[LOCAL.47],EDX
MOV EAX,DWORD PTR SS:[LOCAL.47]
MOV ECX,DWORD PTR DS:[EAX]
MOV BYTE PTR DS:[ECX+5C],0
MOV EDX,DWORD PTR SS:[LOCAL.5]
MOV EAX,DWORD PTR DS:[EDX+4]
MOV ECX,DWORD PTR DS:[EAX+4]
PUSH ECX
MOV ECX,DWORD PTR SS:[LOCAL.52]
CALL 0040A1E0

; /Arg1
; |
; \SystemIn

E9 25FEFFFF
8B95 30FFFFFF
8B42 18
83C0 04
8985 34FFFFFF
8B8D 34FFFFFF
8B11
C642 5C 01
8B45 08
C700 00000000
8B4D 08
8B55 F0
8951 04
83BD 30FFFFFF
75 05
E8 755D0200
33C0
75 FC
8B4D 08
8B95 30FFFFFF

JMP 004088FA
MOV EDX,DWORD PTR SS:[LOCAL.52]
MOV EAX,DWORD PTR DS:[EDX+18]
ADD EAX,4
MOV DWORD PTR SS:[LOCAL.51],EAX
MOV ECX,DWORD PTR SS:[LOCAL.51]
MOV EDX,DWORD PTR DS:[ECX]
MOV BYTE PTR DS:[EDX+5C],1
MOV EAX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR DS:[EAX],0
MOV ECX,DWORD PTR SS:[ARG.1]
MOV EDX,DWORD PTR SS:[LOCAL.4]
MOV DWORD PTR DS:[ECX+4],EDX
CMP DWORD PTR SS:[LOCAL.52],0
JNE SHORT 00408B13
CALL 0042E888
/XOR EAX,EAX
\JNE SHORT 00408B13
MOV ECX,DWORD PTR SS:[ARG.1]
MOV EDX,DWORD PTR SS:[LOCAL.52]

00408B20 |. 8B02
00408B22 |. 8901
00408B24 |. 8B45 08
00408B27 |. 8B4D F4
00408B2A |. 64:890D 00000
00408B31 |. 59
00408B32 |. 8BE5
00408B34 |. 5D
00408B35 \. C2 1000
00408B38
CC
00408B39
CC
00408B3A
CC
00408B3B
CC
00408B3C
CC
00408B3D
CC
00408B3E
CC
00408B3F
CC
00408B40 /$ 55
o.00408B40(guessed Arg1)
00408B41 |. 8BEC
00408B43 |. 6A FF
00408B45 |. 68 08544400
00408B4A |. 64:A1 0000000
00408B50 |. 50
00408B51 |. 83EC 70
00408B54 |. A1 A0154500
00408B59 |. 33C5
00408B5B |. 50
00408B5C |. 8D45 F4
00408B5F |. 64:A3 0000000
00408B65 |. 894D 84
00408B68 |. 8B4D 84
00408B6B |. E8 155F0200
fo.0042EA85
00408B70 |. C745 FC 00000
00408B77 |. 8B45 84
00408B7A |. C700 34884400
00408B80 |. 8B4D 84
00408B83 |. 83C1 0C
00408B86 |. 894D 88
00408B89 |. 6A 00
00408B8B |. 6A 00
00408B8D |. 8B4D 88
00408B90 |. E8 CB6F0000
fo.0040FB60
00408B95 |. 8B15 AC874400
00408B9B |. 52
[4487AC] = -1
00408B9C |. 6A 00
00408B9E |. 8B45 08
00408BA1 |. 50
[ARG.1]
00408BA2 |. 8B4D 88
00408BA5 |. E8 76640000
fo.0040F020
00408BAA |. C745 FC FFFFF
00408BB1 |. 8B45 84
00408BB4 |. 8B4D F4
00408BB7 |. 64:890D 00000
00408BBE |. 59

MOV EAX,DWORD
MOV DWORD PTR
MOV EAX,DWORD
MOV ECX,DWORD
MOV DWORD PTR
POP ECX
MOV ESP,EBP
POP EBP
RETN 10
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP

PTR DS:[EDX]
DS:[ECX],EAX
PTR SS:[ARG.1]
PTR SS:[LOCAL.3]
FS:[0],ECX

; SystemInf

MOV EBP,ESP
PUSH -1
PUSH 00445408
MOV EAX,DWORD PTR FS:[0]
PUSH EAX
SUB ESP,70
MOV EAX,DWORD PTR DS:[4515A0]
XOR EAX,EBP
PUSH EAX
LEA EAX,[LOCAL.3]
MOV DWORD PTR FS:[0],EAX
MOV DWORD PTR SS:[LOCAL.31],ECX
MOV ECX,DWORD PTR SS:[LOCAL.31]
CALL 0042EA85

; [SystemIn

MOV DWORD PTR


MOV EAX,DWORD
MOV DWORD PTR
MOV ECX,DWORD
ADD ECX,0C
MOV DWORD PTR
PUSH 0
PUSH 0
MOV ECX,DWORD
CALL 0040FB60

;
;
;
;

SS:[LOCAL.1],0
PTR SS:[LOCAL.31]
DS:[EAX],OFFSET 00448834
PTR SS:[LOCAL.31]
SS:[LOCAL.30],ECX
PTR SS:[LOCAL.30]

/Arg2 = 0
|Arg1 = 0
|
\SystemIn

MOV EDX,DWORD PTR DS:[4487AC]


PUSH EDX

; /Arg3 =>

PUSH 0
MOV EAX,DWORD PTR SS:[ARG.1]
PUSH EAX

; |Arg2 = 0
; |
; |Arg1 =>

MOV ECX,DWORD PTR SS:[LOCAL.30]


CALL 0040F020

; |
; \SystemIn

MOV
MOV
MOV
MOV
POP

DWORD PTR
EAX,DWORD
ECX,DWORD
DWORD PTR
ECX

SS:[LOCAL.1],-1
PTR SS:[LOCAL.31]
PTR SS:[LOCAL.3]
FS:[0],ECX

00408BBF |.
00408BC1 |.
00408BC2 \.
00408BC5
00408BC6
00408BC7
00408BC8
00408BC9
00408BCA
00408BCB
00408BCC
00408BCD
00408BCE
00408BCF
00408BD0 /.
00408BD1 |.
00408BD3 |.
00408BD6 |.
00408BD9 |.
00408BDC |.
00408BDF |.
00408BE2 |.
00408BE5 |.
00408BE9 |.
00408BEB |.
00408BEE |.
00408BF1 |.
00408BF4 |.
00408BF6 |>
00408BF9 |.
00408BFC |.
00408BFF |>
00408C02 |.
00408C04 |.
00408C05 \.
00408C06
00408C07
00408C08
00408C09
00408C0A
00408C0B
00408C0C
00408C0D
00408C0E
00408C0F
00408C10 /.
00408C11 |.
00408C13 |.
00408C16 |.
00408C19 |.
00408C1C |.
00408C22 |.
00408C24 |.
00408C26 |.
00408C29 |.
00408C2C |.
fo.0040FB60
00408C31 |.
00408C34 |.
fo.0042EB63

8BE5
5D
C2 0400
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
55
8BEC
83EC 0C
894D F8
8B45 F8
83C0 0C
8945 FC
8B4D FC
8379 18 10
72 0B
8B55 FC
8B42 04
8945 F4
EB 09
8B4D FC
83C1 04
894D F4
8B45 F4
8BE5
5D
C3
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
55
8BEC
83EC 18
894D E8
8B45 E8
C700 34884400
6A 00
6A 01
8B4D E8
83C1 0C
E8 2F6F0000

MOV ESP,EBP
POP EBP
RETN 4
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
SUB ESP,0C
MOV DWORD PTR SS:[LOCAL.2],ECX
MOV EAX,DWORD PTR SS:[LOCAL.2]
ADD EAX,0C
MOV DWORD PTR SS:[LOCAL.1],EAX
MOV ECX,DWORD PTR SS:[LOCAL.1]
CMP DWORD PTR DS:[ECX+18],10
JB SHORT 00408BF6
MOV EDX,DWORD PTR SS:[LOCAL.1]
MOV EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.3],EAX
JMP SHORT 00408BFF
MOV ECX,DWORD PTR SS:[LOCAL.1]
ADD ECX,4
MOV DWORD PTR SS:[LOCAL.3],ECX
MOV EAX,DWORD PTR SS:[LOCAL.3]
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
SUB ESP,18
MOV DWORD PTR SS:[LOCAL.6],ECX
MOV EAX,DWORD PTR SS:[LOCAL.6]
MOV DWORD PTR DS:[EAX],OFFSET 00448834
PUSH 0
PUSH 1
MOV ECX,DWORD PTR SS:[LOCAL.6]
ADD ECX,0C
CALL 0040FB60

;
;
;
;
;

8B4D E8
E8 2A5F0200

MOV ECX,DWORD PTR SS:[LOCAL.6]


CALL 0042EB63

; [SystemIn

/Arg2 = 0
|Arg1 = 1
|
|
\SystemIn

00408C39 |.
00408C3C |.
00408C3F |.
00408C41 |.
00408C44 |.
00408C45 |.
00408C4A |.
00408C4D |>
00408C50 |.
00408C52 |.
00408C53 \.
00408C56
00408C57
00408C58
00408C59
00408C5A
00408C5B
00408C5C
00408C5D
00408C5E
00408C5F
00408C60 /.
00408C61 |.
00408C63 |.
00408C66 |.
00408C69 |.
00408C6C |.
00408C72 |.
00408C75 |.
00408C7B |.
00408C7D |.
00408C7F |.
00408C82 |.
00408C85 |.
fo.0040FB60
00408C8A |.
00408C8D |.
fo.0042EB63
00408C92 |.
00408C94 |.
00408C95 \.
00408C96
00408C97
00408C98
00408C99
00408C9A
00408C9B
00408C9C
00408C9D
00408C9E
00408C9F
00408CA0 /.
00408CA1 |.
00408CA3 |.
00408CA6 |.
00408CA9 |.
00408CAC |.
00408CB2 |.
00408CB5 |.
00408CBB |.

8B4D 08
83E1 01
74 0C
8B55 E8
52
E8 D05C0200
83C4 04
8B45 E8
8BE5
5D
C2 0400
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
55
8BEC
83EC 18
894D E8
8B45 E8
C700 14884400
8B4D E8
C701 34884400
6A 00
6A 01
8B4D E8
83C1 0C
E8 D66E0000

MOV ECX,DWORD PTR SS:[ARG.1]


AND ECX,00000001
JE SHORT 00408C4D
MOV EDX,DWORD PTR SS:[LOCAL.6]
PUSH EDX
CALL 0042E91A
ADD ESP,4
MOV EAX,DWORD PTR SS:[LOCAL.6]
MOV ESP,EBP
POP EBP
RETN 4
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
SUB ESP,18
MOV DWORD PTR SS:[LOCAL.6],ECX
MOV EAX,DWORD PTR SS:[LOCAL.6]
MOV DWORD PTR DS:[EAX],OFFSET 00448814
MOV ECX,DWORD PTR SS:[LOCAL.6]
MOV DWORD PTR DS:[ECX],OFFSET 00448834
PUSH 0
PUSH 1
MOV ECX,DWORD PTR SS:[LOCAL.6]
ADD ECX,0C
CALL 0040FB60

;
;
;
;
;

8B4D E8
E8 D15E0200

MOV ECX,DWORD PTR SS:[LOCAL.6]


CALL 0042EB63

; [SystemIn

8BE5
5D
C3
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
55
8BEC
83EC 18
894D E8
8B45 E8
C700 14884400
8B4D E8
C701 34884400
6A 00

MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
SUB ESP,18
MOV DWORD PTR
MOV EAX,DWORD
MOV DWORD PTR
MOV ECX,DWORD
MOV DWORD PTR
PUSH 0

; /Arg2 = 0

/Arg2 = 0
|Arg1 = 1
|
|
\SystemIn

SS:[LOCAL.6],ECX
PTR SS:[LOCAL.6]
DS:[EAX],OFFSET 00448814
PTR SS:[LOCAL.6]
DS:[ECX],OFFSET 00448834

00408CBD |. 6A 01
00408CBF |. 8B4D E8
00408CC2 |. 83C1 0C
00408CC5 |. E8 966E0000
fo.0040FB60
00408CCA |. 8B4D E8
00408CCD |. E8 915E0200
fo.0042EB63
00408CD2 |. 8B55 08
00408CD5 |. 83E2 01
00408CD8 |. 74 0C
00408CDA |. 8B45 E8
00408CDD |. 50
00408CDE |. E8 375C0200
00408CE3 |. 83C4 04
00408CE6 |> 8B45 E8
00408CE9 |. 8BE5
00408CEB |. 5D
00408CEC \. C2 0400
00408CEF
CC
00408CF0 /$ 55
o.00408CF0(guessed Arg1)
00408CF1 |. 8BEC
00408CF3 |. 6A FF
00408CF5 |. 68 08544400
00408CFA |. 64:A1 0000000
00408D00 |. 50
00408D01 |. 83EC 70
00408D04 |. A1 A0154500
00408D09 |. 33C5
00408D0B |. 50
00408D0C |. 8D45 F4
00408D0F |. 64:A3 0000000
00408D15 |. 894D 84
00408D18 |. 8B45 08
00408D1B |. 50
[ARG.1]
00408D1C |. 8B4D 84
00408D1F |. E8 E25D0200
fo.0042EB06
00408D24 |. C745 FC 00000
00408D2B |. 8B4D 84
00408D2E |. C701 34884400
00408D34 |. 8B55 84
00408D37 |. 83C2 0C
00408D3A |. 8955 88
00408D3D |. 6A 00
00408D3F |. 6A 00
00408D41 |. 8B4D 88
00408D44 |. E8 176E0000
fo.0040FB60
00408D49 |. A1 AC874400
00408D4E |. 50
[4487AC] = -1
00408D4F |. 6A 00
00408D51 |. 8B4D 08
00408D54 |. 83C1 0C
00408D57 |. 51
00408D58 |. 8B4D 88
00408D5B |. E8 C0620000

PUSH 1
MOV ECX,DWORD PTR SS:[LOCAL.6]
ADD ECX,0C
CALL 0040FB60

;
;
;
;

|Arg1 = 1
|
|
\SystemIn

MOV ECX,DWORD PTR SS:[LOCAL.6]


CALL 0042EB63

; [SystemIn

MOV EDX,DWORD PTR SS:[ARG.1]


AND EDX,00000001
JE SHORT 00408CE6
MOV EAX,DWORD PTR SS:[LOCAL.6]
PUSH EAX
CALL 0042E91A
ADD ESP,4
MOV EAX,DWORD PTR SS:[LOCAL.6]
MOV ESP,EBP
POP EBP
RETN 4
INT3
PUSH EBP

; SystemInf

MOV EBP,ESP
PUSH -1
PUSH 00445408
MOV EAX,DWORD PTR FS:[0]
PUSH EAX
SUB ESP,70
MOV EAX,DWORD PTR DS:[4515A0]
XOR EAX,EBP
PUSH EAX
LEA EAX,[LOCAL.3]
MOV DWORD PTR FS:[0],EAX
MOV DWORD PTR SS:[LOCAL.31],ECX
MOV EAX,DWORD PTR SS:[ARG.1]
PUSH EAX

; /Arg1 =>

MOV ECX,DWORD PTR SS:[LOCAL.31]


CALL 0042EB06

; |
; \SystemIn

MOV DWORD PTR


MOV ECX,DWORD
MOV DWORD PTR
MOV EDX,DWORD
ADD EDX,0C
MOV DWORD PTR
PUSH 0
PUSH 0
MOV ECX,DWORD
CALL 0040FB60

;
;
;
;

SS:[LOCAL.1],0
PTR SS:[LOCAL.31]
DS:[ECX],OFFSET 00448834
PTR SS:[LOCAL.31]
SS:[LOCAL.30],EDX
PTR SS:[LOCAL.30]

/Arg2 = 0
|Arg1 = 0
|
\SystemIn

MOV EAX,DWORD PTR DS:[4487AC]


PUSH EAX

; /Arg3 =>

PUSH 0
MOV ECX,DWORD PTR SS:[ARG.1]
ADD ECX,0C
PUSH ECX
MOV ECX,DWORD PTR SS:[LOCAL.30]
CALL 0040F020

;
;
;
;
;
;

|Arg2 = 0
|
|
|Arg1
|
\SystemIn

fo.0040F020
00408D60 |. C745 FC FFFFF MOV DWORD PTR SS:[LOCAL.1],-1
00408D67 |. 8B45 84
MOV EAX,DWORD PTR SS:[LOCAL.31]
00408D6A |. 8B4D F4
MOV ECX,DWORD PTR SS:[LOCAL.3]
00408D6D |. 64:890D 00000 MOV DWORD PTR FS:[0],ECX
00408D74 |. 59
POP ECX
00408D75 |. 8BE5
MOV ESP,EBP
00408D77 |. 5D
POP EBP
00408D78 \. C2 0400
RETN 4
00408D7B
CC
INT3
00408D7C
CC
INT3
00408D7D
CC
INT3
00408D7E
CC
INT3
00408D7F
CC
INT3
00408D80 /$ 55
PUSH EBP
o.00408D80(guessed Arg1,Arg2)
00408D81 |. 8BEC
MOV EBP,ESP
00408D83 |. 83EC 08
SUB ESP,8
00408D86 |. 894D F8
MOV DWORD PTR SS:[LOCAL.2],ECX
00408D89 |. 8B45 F8
MOV EAX,DWORD PTR SS:[LOCAL.2]
00408D8C |. 8B48 10
MOV ECX,DWORD PTR DS:[EAX+10]
00408D8F |. 894D FC
MOV DWORD PTR SS:[LOCAL.1],ECX
00408D92 |. 8B55 0C
MOV EDX,DWORD PTR SS:[ARG.2]
00408D95 |. F7D2
NOT EDX
00408D97 |. 8B45 F8
MOV EAX,DWORD PTR SS:[LOCAL.2]
00408D9A |. 2350 10
AND EDX,DWORD PTR DS:[EAX+10]
00408D9D |. 8B4D 08
MOV ECX,DWORD PTR SS:[ARG.1]
00408DA0 |. 234D 0C
AND ECX,DWORD PTR SS:[ARG.2]
00408DA3 |. 81E1 FFFF0000 AND ECX,0000FFFF
00408DA9 |. 0BD1
OR EDX,ECX
00408DAB |. 8B45 F8
MOV EAX,DWORD PTR SS:[LOCAL.2]
00408DAE |. 8950 10
MOV DWORD PTR DS:[EAX+10],EDX
00408DB1 |. 8B45 FC
MOV EAX,DWORD PTR SS:[LOCAL.1]
00408DB4 |. 8BE5
MOV ESP,EBP
00408DB6 |. 5D
POP EBP
00408DB7 \. C2 0800
RETN 8
00408DBA
CC
INT3
00408DBB
CC
INT3
00408DBC
CC
INT3
00408DBD
CC
INT3
00408DBE
CC
INT3
00408DBF
CC
INT3
00408DC0 /$ 55
PUSH EBP
o.00408DC0(guessed Arg1)
00408DC1 |. 8BEC
MOV EBP,ESP
00408DC3 |. 83EC 30
SUB ESP,30
00408DC6 |. 894D D0
MOV DWORD PTR SS:[LOCAL.12],ECX
00408DC9 |. 8B45 D0
MOV EAX,DWORD PTR SS:[LOCAL.12]
00408DCC |. 8B48 18
MOV ECX,DWORD PTR DS:[EAX+18]
00408DCF |. 8B51 04
MOV EDX,DWORD PTR DS:[ECX+4]
00408DD2 |. 8955 F8
MOV DWORD PTR SS:[LOCAL.2],EDX
00408DD5 |. 8B45 D0
MOV EAX,DWORD PTR SS:[LOCAL.12]
00408DD8 |. 8B48 18
MOV ECX,DWORD PTR DS:[EAX+18]
00408DDB |. 894D FC
MOV DWORD PTR SS:[LOCAL.1],ECX
00408DDE |> 8B55 F8
/MOV EDX,DWORD PTR SS:[LOCAL.2]
00408DE1 |. 0FBE42 5D
|MOVSX EAX,BYTE PTR DS:[EDX+5D]
00408DE5 |. 85C0
|TEST EAX,EAX
00408DE7 |. 75 46
|JNE SHORT 00408E2F
00408DE9 |. 8B4D 08
|MOV ECX,DWORD PTR SS:[ARG.1]
00408DEC |. E8 BF580000 |CALL 0040E6B0

; SystemInf

; SystemInf

00408DF1 |. 50
00408DF2 |. 8B4D F8
00408DF5 |. 83C1 0C
00408DF8 |. E8 B3580000
00408DFD |. 50
00408DFE |. E8 7D5B0200
fo.0042E980
00408E03 |. 83C4 08
00408E06 |. 33C9
00408E08 |. 85C0
00408E0A |. 0F9CC1
00408E0D |. 0FB6D1
00408E10 |. 85D2
00408E12 |. 74 0B
00408E14 |. 8B45 F8
00408E17 |. 8B48 08
00408E1A |. 894D F8
00408E1D |.^ EB 0E
00408E1F |> 8B55 F8
00408E22 |. 8955 FC
00408E25 |. 8B45 F8
00408E28 |. 8B08
00408E2A |. 894D F8
00408E2D |>^ EB AF
00408E2F |> 8B45 FC
00408E32 |. 8BE5
00408E34 |. 5D
00408E35 \. C2 0400
00408E38
CC
00408E39
CC
00408E3A
CC
00408E3B
CC
00408E3C
CC
00408E3D
CC
00408E3E
CC
00408E3F
CC
00408E40 /$ 55
o.00408E40(guessed Arg1)
00408E41 |. 8BEC
00408E43 |. 83EC 10
00408E46 |. 894D F0
00408E49 |. C745 FC 00000
00408E50 |. 8B45 F0
00408E53 |. 8B48 24
00408E56 |. 894D F4
00408E59 |. 8B55 08
00408E5C |. 8B45 F4
00408E5F |. 8B08
00408E61 |. 890A
00408E63 |. 8B55 08
00408E66 |. 8B0A
00408E68 |. E8 13000000
00408E6D |. 8B45 FC
00408E70 |. 83C8 01
00408E73 |. 8945 FC
00408E76 |. 8B45 08
00408E79 |. 8BE5
00408E7B |. 5D
00408E7C \. C2 0400
00408E7F
CC

|PUSH EAX
|MOV ECX,DWORD PTR SS:[LOCAL.2]
|ADD ECX,0C
|CALL 0040E6B0
|PUSH EAX
|CALL 0042E980

;
;
;
;
;
;

|ADD ESP,8
|XOR ECX,ECX
|TEST EAX,EAX
|SETL CL
|MOVZX EDX,CL
|TEST EDX,EDX
|JE SHORT 00408E1F
|MOV EAX,DWORD PTR SS:[LOCAL.2]
|MOV ECX,DWORD PTR DS:[EAX+8]
|MOV DWORD PTR SS:[LOCAL.2],ECX
|JMP SHORT 00408E2D
|MOV EDX,DWORD PTR SS:[LOCAL.2]
|MOV DWORD PTR SS:[LOCAL.1],EDX
|MOV EAX,DWORD PTR SS:[LOCAL.2]
|MOV ECX,DWORD PTR DS:[EAX]
|MOV DWORD PTR SS:[LOCAL.2],ECX
\JMP SHORT 00408DDE
MOV EAX,DWORD PTR SS:[LOCAL.1]
MOV ESP,EBP
POP EBP
RETN 4
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP

; SystemInf

MOV EBP,ESP
SUB ESP,10
MOV DWORD PTR SS:[LOCAL.4],ECX
MOV DWORD PTR SS:[LOCAL.1],0
MOV EAX,DWORD PTR SS:[LOCAL.4]
MOV ECX,DWORD PTR DS:[EAX+24]
MOV DWORD PTR SS:[LOCAL.3],ECX
MOV EDX,DWORD PTR SS:[ARG.1]
MOV EAX,DWORD PTR SS:[LOCAL.3]
MOV ECX,DWORD PTR DS:[EAX]
MOV DWORD PTR DS:[EDX],ECX
MOV EDX,DWORD PTR SS:[ARG.1]
MOV ECX,DWORD PTR DS:[EDX]
CALL 00408E80
MOV EAX,DWORD PTR SS:[LOCAL.1]
OR EAX,00000001
MOV DWORD PTR SS:[LOCAL.1],EAX
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ESP,EBP
POP EBP
RETN 4
INT3

/Arg2
|
|
|
|Arg1
\SystemIn

00408E80 /$ 55
PUSH EBP
00408E81 |. 8BEC
MOV EBP,ESP
00408E83 |. 83EC 08
SUB ESP,8
00408E86 |. 894D F8
MOV DWORD PTR SS:[LOCAL.2],ECX
00408E89 |. 6A 00
PUSH 0
00408E8B |. 8D4D FC
LEA ECX,[LOCAL.1]
00408E8E |. E8 7A490200 CALL 0042D80D
fo.0042D80D
00408E93 |. 8B45 F8
MOV EAX,DWORD PTR SS:[LOCAL.2]
00408E96 |. 8378 04 FF
CMP DWORD PTR DS:[EAX+4],-1
00408E9A |. 73 0F
JNB SHORT 00408EAB
00408E9C |. 8B4D F8
MOV ECX,DWORD PTR SS:[LOCAL.2]
00408E9F |. 8B51 04
MOV EDX,DWORD PTR DS:[ECX+4]
00408EA2 |. 83C2 01
ADD EDX,1
00408EA5 |. 8B45 F8
MOV EAX,DWORD PTR SS:[LOCAL.2]
00408EA8 |. 8950 04
MOV DWORD PTR DS:[EAX+4],EDX
00408EAB |> 8D4D FC
LEA ECX,[LOCAL.1]
00408EAE |. E8 82490200 CALL 0042D835
00408EB3 |. 8BE5
MOV ESP,EBP
00408EB5 |. 5D
POP EBP
00408EB6 \. C3
RETN
00408EB7
CC
INT3
00408EB8
CC
INT3
00408EB9
CC
INT3
00408EBA
CC
INT3
00408EBB
CC
INT3
00408EBC
CC
INT3
00408EBD
CC
INT3
00408EBE
CC
INT3
00408EBF
CC
INT3
00408EC0 /$ 55
PUSH EBP
o.00408EC0(guessed Arg1,Arg2,Arg3,Arg4)
00408EC1 |. 8BEC
MOV EBP,ESP
00408EC3 |. 6A FF
PUSH -1
00408EC5 |. 68 80544400 PUSH 00445480
00408ECA |. 64:A1 0000000 MOV EAX,DWORD PTR FS:[0]
00408ED0 |. 50
PUSH EAX
00408ED1 |. 51
PUSH ECX
00408ED2 |. 81EC 98020000 SUB ESP,298
00408ED8 |. A1 A0154500 MOV EAX,DWORD PTR DS:[4515A0]
00408EDD |. 33C5
XOR EAX,EBP
00408EDF |. 8945 DC
MOV DWORD PTR SS:[LOCAL.9],EAX
00408EE2 |. 53
PUSH EBX
00408EE3 |. 56
PUSH ESI
00408EE4 |. 57
PUSH EDI
00408EE5 |. 50
PUSH EAX
00408EE6 |. 8D45 F4
LEA EAX,[LOCAL.3]
00408EE9 |. 64:A3 0000000 MOV DWORD PTR FS:[0],EAX
00408EEF |. 8965 F0
MOV DWORD PTR SS:[LOCAL.4],ESP
00408EF2 |. 898D 68FDFFFF MOV DWORD PTR SS:[LOCAL.166],ECX
00408EF8 |. 8B85 68FDFFFF MOV EAX,DWORD PTR SS:[LOCAL.166]
00408EFE |. 8378 0C 00
CMP DWORD PTR DS:[EAX+0C],0
00408F02 |. 75 0C
JNE SHORT 00408F10
00408F04 |. C785 64FDFFFF MOV DWORD PTR SS:[LOCAL.167],0
00408F0E |. EB 20
JMP SHORT 00408F30
00408F10 |> 8B8D 68FDFFFF MOV ECX,DWORD PTR SS:[LOCAL.166]
00408F16 |. 8B95 68FDFFFF MOV EDX,DWORD PTR SS:[LOCAL.166]
00408F1C |. 8B41 14
MOV EAX,DWORD PTR DS:[ECX+14]
00408F1F |. 2B42 0C
SUB EAX,DWORD PTR DS:[EDX+0C]
00408F22 |. 99
CDQ

; /Arg1 = 0
; |
; \SystemIn

; SystemInf

00408F23
00408F28
00408F2A
00408F30
00408F36
00408F39
00408F3D
00408F3F
00408F44
00408F4B
00408F4F
00408F51
00408F54
00408F5A
00408F5C
00408F66
00408F6C
00408F72
00408F75
00408F78
00408F79
00408F7E
00408F80
00408F86
00408F88
00408F8B
00408F8D
00408F92
00408F97
00408F9D
00408FA3
00408FA6
00408FA9
00408FAA
00408FAF
00408FB1
00408FB4
00408FB7
00408FBD
00408FC7
00408FCE
00408FD0
00408FD6
00408FDC
00408FDE
00408FE8
00408FEB
00408FED
00408FF3
00408FF5
00408FF8
00408FFA
00409004
00409006
00409009
0040900B
0040900E
00409014
0040901A
0040901D

|.
|.
|.
|>
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|>
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|>
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|>
|.
|.

B9 28000000
F7F9
8985 64FDFFFF
8B95 64FDFFFF
8955 EC
837D 10 00
75 05
E9 56090000
C745 84 66666
837D 84 00
76 0B
8B45 84
8985 60FDFFFF
EB 0A
C785 60FDFFFF
8B8D 68FDFFFF
8B95 68FDFFFF
8B41 10
2B42 0C
99
B9 28000000
F7F9
8B95 60FDFFFF
2BD0
3B55 10
73 0A
E8 AE090000
E9 03090000
8B85 68FDFFFF
8B8D 68FDFFFF
8B40 10
2B41 0C
99
B9 28000000
F7F9
0345 10
3945 EC
0F83 D6040000
C785 3CFFFFFF
83BD 3CFFFFFF
76 0E
8B95 3CFFFFFF
8995 5CFDFFFF
EB 0A
C785 5CFDFFFF
8B45 EC
D1E8
8B8D 5CFDFFFF
2BC8
3B4D EC
73 0C
C785 58FDFFFF
EB 0E
8B55 EC
D1EA
0355 EC
8995 58FDFFFF
8B85 58FDFFFF
8945 EC
8B8D 68FDFFFF

MOV ECX,28
IDIV ECX
MOV DWORD PTR SS:[LOCAL.167],EAX
MOV EDX,DWORD PTR SS:[LOCAL.167]
MOV DWORD PTR SS:[LOCAL.5],EDX
CMP DWORD PTR SS:[ARG.3],0
JNE SHORT 00408F44
JMP 0040989A
MOV DWORD PTR SS:[LOCAL.31],6666666
CMP DWORD PTR SS:[LOCAL.31],0
JBE SHORT 00408F5C
MOV EAX,DWORD PTR SS:[LOCAL.31]
MOV DWORD PTR SS:[LOCAL.168],EAX
JMP SHORT 00408F66
MOV DWORD PTR SS:[LOCAL.168],1
MOV ECX,DWORD PTR SS:[LOCAL.166]
MOV EDX,DWORD PTR SS:[LOCAL.166]
MOV EAX,DWORD PTR DS:[ECX+10]
SUB EAX,DWORD PTR DS:[EDX+0C]
CDQ
MOV ECX,28
IDIV ECX
MOV EDX,DWORD PTR SS:[LOCAL.168]
SUB EDX,EAX
CMP EDX,DWORD PTR SS:[ARG.3]
JNB SHORT 00408F97
CALL 00409940
JMP 0040989A
MOV EAX,DWORD PTR SS:[LOCAL.166]
MOV ECX,DWORD PTR SS:[LOCAL.166]
MOV EAX,DWORD PTR DS:[EAX+10]
SUB EAX,DWORD PTR DS:[ECX+0C]
CDQ
MOV ECX,28
IDIV ECX
ADD EAX,DWORD PTR SS:[ARG.3]
CMP DWORD PTR SS:[LOCAL.5],EAX
JNB 00409493
MOV DWORD PTR SS:[LOCAL.49],6666666
CMP DWORD PTR SS:[LOCAL.49],0
JBE SHORT 00408FDE
MOV EDX,DWORD PTR SS:[LOCAL.49]
MOV DWORD PTR SS:[LOCAL.169],EDX
JMP SHORT 00408FE8
MOV DWORD PTR SS:[LOCAL.169],1
MOV EAX,DWORD PTR SS:[LOCAL.5]
SHR EAX,1
MOV ECX,DWORD PTR SS:[LOCAL.169]
SUB ECX,EAX
CMP ECX,DWORD PTR SS:[LOCAL.5]
JNB SHORT 00409006
MOV DWORD PTR SS:[LOCAL.170],0
JMP SHORT 00409014
MOV EDX,DWORD PTR SS:[LOCAL.5]
SHR EDX,1
ADD EDX,DWORD PTR SS:[LOCAL.5]
MOV DWORD PTR SS:[LOCAL.170],EDX
MOV EAX,DWORD PTR SS:[LOCAL.170]
MOV DWORD PTR SS:[LOCAL.5],EAX
MOV ECX,DWORD PTR SS:[LOCAL.166]

00409023
00409029
0040902C
0040902F
00409030
00409035
00409037
0040903A
0040903D
0040903F
00409045
0040904B
0040904E
00409051
00409053
00409054
00409059
0040905B
0040905E
00409061
00409063
00409066
00409067
0040906C
0040906F
00409072
00409078
0040907B
0040907E
00409080
00409081
00409086
00409088
0040908B
00409092
00409099
0040909C
0040909F
004090A2
004090A8
004090AE
004090B4
004090B6
004090BC
004090C2
004090C8
004090CF
004090D0
004090D7
004090D8
004090DE
004090E1
004090E2
004090E5
004090E6
004090E9
004090EA
004090F0
004090F1
004090F6

|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.

8B95 68FDFFFF
8B41 10
2B42 0C
99
B9 28000000
F7F9
0345 10
3945 EC
73 22
8B95 68FDFFFF
8B85 68FDFFFF
8B4A 10
2B48 0C
8BC1
99
B9 28000000
F7F9
0345 10
8945 EC
6A 00
8B55 EC
52
E8 34260000
83C4 08
8945 E4
8B85 68FDFFFF
8B4D 0C
2B48 0C
8BC1
99
B9 28000000
F7F9
8945 E8
C745 E0 00000
C745 FC 00000
8B55 E8
6BD2 28
0355 E4
8995 30FFFFFF
8B85 30FFFFFF
8985 34FFFFFF
33C9
888D 3BFFFFFF
8A95 39FFFFFF
8895 3AFFFFFF
0FB685 3BFFFF
50
0FB68D 3AFFFF
51
8B95 68FDFFFF
83C2 08
52
8B45 14
50
8B4D 10
51
8B95 34FFFFFF
52
E8 BA530000
83C4 18

MOV EDX,DWORD PTR SS:[LOCAL.166]


MOV EAX,DWORD PTR DS:[ECX+10]
SUB EAX,DWORD PTR DS:[EDX+0C]
CDQ
MOV ECX,28
IDIV ECX
ADD EAX,DWORD PTR SS:[ARG.3]
CMP DWORD PTR SS:[LOCAL.5],EAX
JNB SHORT 00409061
MOV EDX,DWORD PTR SS:[LOCAL.166]
MOV EAX,DWORD PTR SS:[LOCAL.166]
MOV ECX,DWORD PTR DS:[EDX+10]
SUB ECX,DWORD PTR DS:[EAX+0C]
MOV EAX,ECX
CDQ
MOV ECX,28
IDIV ECX
ADD EAX,DWORD PTR SS:[ARG.3]
MOV DWORD PTR SS:[LOCAL.5],EAX
PUSH 0
MOV EDX,DWORD PTR SS:[LOCAL.5]
PUSH EDX
CALL 0040B6A0
ADD ESP,8
MOV DWORD PTR SS:[LOCAL.7],EAX
MOV EAX,DWORD PTR SS:[LOCAL.166]
MOV ECX,DWORD PTR SS:[ARG.2]
SUB ECX,DWORD PTR DS:[EAX+0C]
MOV EAX,ECX
CDQ
MOV ECX,28
IDIV ECX
MOV DWORD PTR SS:[LOCAL.6],EAX
MOV DWORD PTR SS:[LOCAL.8],0
MOV DWORD PTR SS:[LOCAL.1],0
MOV EDX,DWORD PTR SS:[LOCAL.6]
IMUL EDX,EDX,28
ADD EDX,DWORD PTR SS:[LOCAL.7]
MOV DWORD PTR SS:[LOCAL.52],EDX
MOV EAX,DWORD PTR SS:[LOCAL.52]
MOV DWORD PTR SS:[LOCAL.51],EAX
XOR ECX,ECX
MOV BYTE PTR SS:[LOCAL.50+3],CL
MOV DL,BYTE PTR SS:[LOCAL.50+1]
MOV BYTE PTR SS:[LOCAL.50+2],DL
MOVZX EAX,BYTE PTR SS:[LOCAL.50+3]
PUSH EAX
MOVZX ECX,BYTE PTR SS:[LOCAL.50+2]
PUSH ECX
MOV EDX,DWORD PTR SS:[LOCAL.166]
ADD EDX,8
PUSH EDX
MOV EAX,DWORD PTR SS:[ARG.4]
PUSH EAX
MOV ECX,DWORD PTR SS:[ARG.3]
PUSH ECX
MOV EDX,DWORD PTR SS:[LOCAL.51]
PUSH EDX
CALL 0040E4B0
ADD ESP,18

004090F9 |.
004090FC |.
004090FF |.
00409102 |.
00409108 |.
0040910B |.
00409111 |.
00409114 |.
0040911A |.
0040911D |.
00409123 |.
00409129 |.
0040912F |.
00409131 |.
00409137 |.
0040913D |.
00409143 |.
00409149 |.
0040914F |.
00409155 |.
0040915B |.
00409161 |.
00409167 |.
0040916D |.
00409173 |.
00409179 |.
0040917C |.
0040917D |.
00409183 |.
[LOCAL.7]
00409184 |.
0040918A |.
[ARG.2]
0040918B |.
00409191 |.
[LOCAL.62]
00409192 |.
fo.0040EAB0
00409197 |.
0040919A |.
0040919D |.
004091A0 |.
004091A3 |.
004091A9 |.
004091AC |.
004091B2 |.
004091B5 |.
004091B8 |.
004091BB |.
004091BE |.
004091C4 |.
004091CA |.
004091D0 |.
004091D3 |.
004091D9 |.
004091DB |.
004091E1 |.
004091E7 |.
004091ED |.
004091F3 |.

8B45
83C0
8945
8B8D
8B51
8995
8B45
8985
8B4D
898D
8B95
8995
33C0
8885
8A8D
888D
8B95
8995
8B85
8985
8A8D
888D
8B95
8995
8B85
83C0
50
8B8D
51

E0
01
E0
68FDFFFF
0C
08FFFFFF
E4
0CFFFFFF
0C
10FFFFFF
08FFFFFF
14FFFFFF
2FFFFFFF
2DFFFFFF
2EFFFFFF
10FFFFFF
28FFFFFF
14FFFFFF
20FFFFFF
2FFFFFFF
1BFFFFFF
0CFFFFFF
1CFFFFFF
68FDFFFF
08
1CFFFFFF

MOV EAX,DWORD PTR SS:[LOCAL.8]


ADD EAX,1
MOV DWORD PTR SS:[LOCAL.8],EAX
MOV ECX,DWORD PTR SS:[LOCAL.166]
MOV EDX,DWORD PTR DS:[ECX+0C]
MOV DWORD PTR SS:[LOCAL.62],EDX
MOV EAX,DWORD PTR SS:[LOCAL.7]
MOV DWORD PTR SS:[LOCAL.61],EAX
MOV ECX,DWORD PTR SS:[ARG.2]
MOV DWORD PTR SS:[LOCAL.60],ECX
MOV EDX,DWORD PTR SS:[LOCAL.62]
MOV DWORD PTR SS:[LOCAL.59],EDX
XOR EAX,EAX
MOV BYTE PTR SS:[LOCAL.53+3],AL
MOV CL,BYTE PTR SS:[LOCAL.53+1]
MOV BYTE PTR SS:[LOCAL.53+2],CL
MOV EDX,DWORD PTR SS:[LOCAL.60]
MOV DWORD PTR SS:[LOCAL.54],EDX
MOV EAX,DWORD PTR SS:[LOCAL.59]
MOV DWORD PTR SS:[LOCAL.56],EAX
MOV CL,BYTE PTR SS:[LOCAL.53+3]
MOV BYTE PTR SS:[LOCAL.58+3],CL
MOV EDX,DWORD PTR SS:[LOCAL.61]
MOV DWORD PTR SS:[LOCAL.57],EDX
MOV EAX,DWORD PTR SS:[LOCAL.166]
ADD EAX,8
PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.57]
PUSH ECX

; /Arg4
; |
; |Arg3 =>

8B95 28FFFFFF MOV EDX,DWORD PTR SS:[LOCAL.54]


52
PUSH EDX

; |
; |Arg2 =>

8B85 20FFFFFF MOV EAX,DWORD PTR SS:[LOCAL.56]


50
PUSH EAX

; |
; |Arg1 =>

E8 19590000

CALL 0040EAB0

; \SystemIn

83C4
8B4D
83C1
894D
8B95
8B42
8985
8B4D
034D
6BC9
034D
898D
8B95
8995
8B45
8985
33C9
888D
8A95
8895
8B85
8985

ADD ESP,10
MOV ECX,DWORD PTR SS:[LOCAL.8]
ADD ECX,1
MOV DWORD PTR SS:[LOCAL.8],ECX
MOV EDX,DWORD PTR SS:[LOCAL.166]
MOV EAX,DWORD PTR DS:[EDX+10]
MOV DWORD PTR SS:[LOCAL.72],EAX
MOV ECX,DWORD PTR SS:[LOCAL.6]
ADD ECX,DWORD PTR SS:[ARG.3]
IMUL ECX,ECX,28
ADD ECX,DWORD PTR SS:[LOCAL.7]
MOV DWORD PTR SS:[LOCAL.71],ECX
MOV EDX,DWORD PTR SS:[LOCAL.72]
MOV DWORD PTR SS:[LOCAL.70],EDX
MOV EAX,DWORD PTR SS:[ARG.2]
MOV DWORD PTR SS:[LOCAL.69],EAX
XOR ECX,ECX
MOV BYTE PTR SS:[LOCAL.63+3],CL
MOV DL,BYTE PTR SS:[LOCAL.63+1]
MOV BYTE PTR SS:[LOCAL.63+2],DL
MOV EAX,DWORD PTR SS:[LOCAL.70]
MOV DWORD PTR SS:[LOCAL.64],EAX

10
E0
01
E0
68FDFFFF
10
E0FEFFFF
E8
10
28
E4
E4FEFFFF
E0FEFFFF
E8FEFFFF
0C
ECFEFFFF
07FFFFFF
05FFFFFF
06FFFFFF
E8FEFFFF
00FFFFFF

004091F9 |.
004091FF |.
00409205 |.
0040920B |.
00409211 |.
00409217 |.
0040921D |.
00409223 |.
00409226 |.
00409227 |.
0040922D |.
[LOCAL.71]
0040922E |.
00409234 |.
[LOCAL.72]
00409235 |.
0040923B |.
[ARG.2]
0040923C |.
fo.0040EAB0
00409241 |.
00409244 \.
00409249 /.
0040924D |.
0040924F |.
00409252 |.
00409255 |.
00409258 |.
0040925E |.
00409261 |.
00409267 |.
0040926D |.
00409273 |.
00409279 |.
0040927F |.
00409285 |.
0040928B |.
0040928D |>
00409293 |.
00409296 |.
0040929C |>
004092A2 |.
004092A8 |.
004092AA |.
004092B0 |.
004092B1 |.
004092B6 |.
004092B9 |.^
004092BB |>
004092BF |.
004092C1 |.
004092C4 |.
004092C7 |.
004092CA |.
004092CD |.
004092D0 |.
004092D2 |.
004092D8 |.
004092DB |.
004092DE |.

8B8D
898D
8A95
8895
8B85
8985
8B8D
83C1
51
8B95
52

ECFEFFFF
F8FEFFFF
07FFFFFF
F3FEFFFF
E4FEFFFF
F4FEFFFF
68FDFFFF
08

MOV ECX,DWORD PTR SS:[LOCAL.69]


MOV DWORD PTR SS:[LOCAL.66],ECX
MOV DL,BYTE PTR SS:[LOCAL.63+3]
MOV BYTE PTR SS:[LOCAL.68+3],DL
MOV EAX,DWORD PTR SS:[LOCAL.71]
MOV DWORD PTR SS:[LOCAL.67],EAX
MOV ECX,DWORD PTR SS:[LOCAL.166]
ADD ECX,8
PUSH ECX
F4FEFFFF MOV EDX,DWORD PTR SS:[LOCAL.67]
PUSH EDX

; /Arg4
; |
; |Arg3 =>

8B85 00FFFFFF MOV EAX,DWORD PTR SS:[LOCAL.64]


50
PUSH EAX

; |
; |Arg2 =>

8B8D F8FEFFFF MOV ECX,DWORD PTR SS:[LOCAL.66]


51
PUSH ECX

; |
; |Arg1 =>

E8 6F580000

CALL 0040EAB0

; \SystemIn

83C4 10
E9 14010000
837D E0 01
7E 6C
8B55 E8
6BD2 28
0355 E4
8995 CCFEFFFF
8B45 E4
8985 D0FEFFFF
8A8D DEFEFFFF
888D DFFEFFFF
8B95 CCFEFFFF
8995 D4FEFFFF
8B85 D0FEFFFF
8985 D8FEFFFF
EB 0F
8B8D D8FEFFFF
83C1 28
898D D8FEFFFF
8B95 D8FEFFFF
3B95 D4FEFFFF
74 11
8B85 D8FEFFFF
50
E8 0A560000
83C4 04
EB D2
837D E0 00
7E 7A
8B4D 10
6BC9 28
8B55 E8
6BD2 28
0355 E4
03D1
8995 B8FEFFFF
8B45 E8
6BC0 28
0345 E4

ADD ESP,10
JMP 0040935D
CMP DWORD PTR SS:[EBP-20],1
JLE SHORT 004092BB
MOV EDX,DWORD PTR SS:[EBP-18]
IMUL EDX,EDX,28
ADD EDX,DWORD PTR SS:[EBP-1C]
MOV DWORD PTR SS:[EBP-134],EDX
MOV EAX,DWORD PTR SS:[EBP-1C]
MOV DWORD PTR SS:[EBP-130],EAX
MOV CL,BYTE PTR SS:[EBP-122]
MOV BYTE PTR SS:[EBP-121],CL
MOV EDX,DWORD PTR SS:[EBP-134]
MOV DWORD PTR SS:[EBP-12C],EDX
MOV EAX,DWORD PTR SS:[EBP-130]
MOV DWORD PTR SS:[EBP-128],EAX
JMP SHORT 0040929C
/MOV ECX,DWORD PTR SS:[EBP-128]
|ADD ECX,28
|MOV DWORD PTR SS:[EBP-128],ECX
|MOV EDX,DWORD PTR SS:[EBP-128]
|CMP EDX,DWORD PTR SS:[EBP-12C]
|JE SHORT 004092BB
|MOV EAX,DWORD PTR SS:[EBP-128]
|PUSH EAX
|CALL 0040E8C0
|ADD ESP,4
\JMP SHORT 0040928D
CMP DWORD PTR SS:[EBP-20],0
JLE SHORT 0040933B
MOV ECX,DWORD PTR SS:[EBP+10]
IMUL ECX,ECX,28
MOV EDX,DWORD PTR SS:[EBP-18]
IMUL EDX,EDX,28
ADD EDX,DWORD PTR SS:[EBP-1C]
ADD EDX,ECX
MOV DWORD PTR SS:[EBP-148],EDX
MOV EAX,DWORD PTR SS:[EBP-18]
IMUL EAX,EAX,28
ADD EAX,DWORD PTR SS:[EBP-1C]

004092E1 |.
004092E7 |.
004092ED |.
004092F3 |.
004092F9 |.
004092FF |.
00409305 |.
0040930B |.
0040930D |>
00409313 |.
00409316 |.
0040931C |>
00409322 |.
00409328 |.
0040932A |.
00409330 |.
00409331 |.
00409336 |.
00409339 |.^
0040933B |>
0040933E |.
0040933F |.
00409344 |.
00409347 |.
00409349 |.
0040934B |.
fo.0042E925
00409350 |.
00409357 |.
0040935C \.
0040935D />
00409364 |.
0040936A |.
00409370 |.
00409373 |.
00409376 |.
00409378 |.
00409379 |.
0040937E |.
00409380 |.
00409383 |.
00409386 |.
0040938C |.
00409390 |.
00409396 |.
0040939C |.
0040939F |.
004093A5 |.
004093AB |.
004093AE |.
004093B4 |.
004093BA |.
004093C0 |.
004093C6 |.
004093CC |.
004093D2 |.
004093D8 |.
004093DE |.
004093E4 |.
004093EA |.

8985 BCFEFFFF
8A8D CAFEFFFF
888D CBFEFFFF
8B95 B8FEFFFF
8995 C0FEFFFF
8B85 BCFEFFFF
8985 C4FEFFFF
EB 0F
8B8D C4FEFFFF
83C1 28
898D C4FEFFFF
8B95 C4FEFFFF
3B95 C0FEFFFF
74 11
8B85 C4FEFFFF
50
E8 8A550000
83C4 04
EB D2
8B4D E4
51
E8 D6550200
83C4 04
6A 00
6A 00
E8 D5550200

MOV DWORD PTR SS:[EBP-144],EAX


MOV CL,BYTE PTR SS:[EBP-136]
MOV BYTE PTR SS:[EBP-135],CL
MOV EDX,DWORD PTR SS:[EBP-148]
MOV DWORD PTR SS:[EBP-140],EDX
MOV EAX,DWORD PTR SS:[EBP-144]
MOV DWORD PTR SS:[EBP-13C],EAX
JMP SHORT 0040931C
/MOV ECX,DWORD PTR SS:[EBP-13C]
|ADD ECX,28
|MOV DWORD PTR SS:[EBP-13C],ECX
|MOV EDX,DWORD PTR SS:[EBP-13C]
|CMP EDX,DWORD PTR SS:[EBP-140]
|JE SHORT 0040933B
|MOV EAX,DWORD PTR SS:[EBP-13C]
|PUSH EAX
|CALL 0040E8C0
|ADD ESP,4
\JMP SHORT 0040930D
MOV ECX,DWORD PTR SS:[EBP-1C]
PUSH ECX
CALL 0042E91A
ADD ESP,4
PUSH 0
PUSH 0
CALL 0042E925

C745 FC FFFFF
B8 64934000
C3
C745 FC FFFFF
8B95 68FDFFFF
8B85 68FDFFFF
8B4A 10
2B48 0C
8BC1
99
B9 28000000
F7F9
0345 10
8945 10
8B95 68FDFFFF
837A 0C 00
0F84 C8000000
8B85 68FDFFFF
8B48 10
898D 9CFEFFFF
8B95 68FDFFFF
8B42 0C
8985 A0FEFFFF
8B8D 9CFEFFFF
898D A4FEFFFF
8B95 A0FEFFFF
8995 A8FEFFFF
8A85 B6FEFFFF
8885 B7FEFFFF
8B8D A4FEFFFF
898D ACFEFFFF
8B95 A8FEFFFF
8995 B0FEFFFF

MOV DWORD PTR SS:[EBP-4],-1


MOV EAX,00409364
RETN
MOV DWORD PTR SS:[LOCAL.1],-1
MOV EDX,DWORD PTR SS:[LOCAL.166]
MOV EAX,DWORD PTR SS:[LOCAL.166]
MOV ECX,DWORD PTR DS:[EDX+10]
SUB ECX,DWORD PTR DS:[EAX+0C]
MOV EAX,ECX
CDQ
MOV ECX,28
IDIV ECX
ADD EAX,DWORD PTR SS:[ARG.3]
MOV DWORD PTR SS:[ARG.3],EAX
MOV EDX,DWORD PTR SS:[LOCAL.166]
CMP DWORD PTR DS:[EDX+0C],0
JE 0040945E
MOV EAX,DWORD PTR SS:[LOCAL.166]
MOV ECX,DWORD PTR DS:[EAX+10]
MOV DWORD PTR SS:[LOCAL.89],ECX
MOV EDX,DWORD PTR SS:[LOCAL.166]
MOV EAX,DWORD PTR DS:[EDX+0C]
MOV DWORD PTR SS:[LOCAL.88],EAX
MOV ECX,DWORD PTR SS:[LOCAL.89]
MOV DWORD PTR SS:[LOCAL.87],ECX
MOV EDX,DWORD PTR SS:[LOCAL.88]
MOV DWORD PTR SS:[LOCAL.86],EDX
MOV AL,BYTE PTR SS:[LOCAL.83+2]
MOV BYTE PTR SS:[LOCAL.83+3],AL
MOV ECX,DWORD PTR SS:[LOCAL.87]
MOV DWORD PTR SS:[LOCAL.85],ECX
MOV EDX,DWORD PTR SS:[LOCAL.86]
MOV DWORD PTR SS:[LOCAL.84],EDX

; /Arg2 = 0
; |Arg1 = 0
; \SystemIn

004093F0 |.
004093F2 |>
004093F8 |.
004093FB |.
00409401 |>
00409407 |.
0040940D |.
0040940F |.
00409415 |.
00409416 |.
0040941B |.
0040941E |.^
00409420 |>
00409426 |.
0040942C |.
0040942F |.
00409432 |.
00409433 |.
00409438 |.
0040943A |.
00409440 |.
00409446 |.
00409449 |.
0040944F |.
00409455 |.
00409456 |.
0040945B |.
0040945E |>
00409461 |.
00409464 |.
00409467 |.
0040946D |.
00409470 |.
00409473 |.
00409476 |.
00409479 |.
0040947F |.
00409482 |.
00409488 |.
0040948B |.
0040948E |.
00409493 |>
00409499 |.
0040949C |.
0040949F |.
004094A0 |.
004094A5 |.
004094A7 |.
004094AA |.
004094B0 |.
004094B3 |.
[ARG.4]
004094B4 |.
004094B7 |.
fo.0040AD10
004094BC |.
004094C3 |.
004094C9 |.
004094CC |.
004094D2 |.

EB 0F
8B85 B0FEFFFF
83C0 28
8985 B0FEFFFF
8B8D B0FEFFFF
3B8D ACFEFFFF
74 11
8B95 B0FEFFFF
52
E8 A5540000
83C4 04
EB D2
8B85 68FDFFFF
8B8D 68FDFFFF
8B40 14
2B41 0C
99
B9 28000000
F7F9
8985 94FEFFFF
8B95 68FDFFFF
8B42 0C
8985 98FEFFFF
8B8D 98FEFFFF
51
E8 BF540200
83C4 04
8B55 EC
6BD2 28
0355 E4
8B85 68FDFFFF
8950 14
8B4D 10
6BC9 28
034D E4
8B95 68FDFFFF
894A 10
8B85 68FDFFFF
8B4D E4
8948 0C
E9 07040000
8B95 68FDFFFF
8B42 10
2B45 0C
99
B9 28000000
F7F9
3B45 10
0F83 84020000
8B55 14
52

JMP SHORT 00409401


/MOV EAX,DWORD PTR SS:[LOCAL.84]
|ADD EAX,28
|MOV DWORD PTR SS:[LOCAL.84],EAX
|MOV ECX,DWORD PTR SS:[LOCAL.84]
|CMP ECX,DWORD PTR SS:[LOCAL.85]
|JE SHORT 00409420
|MOV EDX,DWORD PTR SS:[LOCAL.84]
|PUSH EDX
|CALL 0040E8C0
|ADD ESP,4
\JMP SHORT 004093F2
MOV EAX,DWORD PTR SS:[LOCAL.166]
MOV ECX,DWORD PTR SS:[LOCAL.166]
MOV EAX,DWORD PTR DS:[EAX+14]
SUB EAX,DWORD PTR DS:[ECX+0C]
CDQ
MOV ECX,28
IDIV ECX
MOV DWORD PTR SS:[LOCAL.91],EAX
MOV EDX,DWORD PTR SS:[LOCAL.166]
MOV EAX,DWORD PTR DS:[EDX+0C]
MOV DWORD PTR SS:[LOCAL.90],EAX
MOV ECX,DWORD PTR SS:[LOCAL.90]
PUSH ECX
CALL 0042E91A
ADD ESP,4
MOV EDX,DWORD PTR SS:[LOCAL.5]
IMUL EDX,EDX,28
ADD EDX,DWORD PTR SS:[LOCAL.7]
MOV EAX,DWORD PTR SS:[LOCAL.166]
MOV DWORD PTR DS:[EAX+14],EDX
MOV ECX,DWORD PTR SS:[ARG.3]
IMUL ECX,ECX,28
ADD ECX,DWORD PTR SS:[LOCAL.7]
MOV EDX,DWORD PTR SS:[LOCAL.166]
MOV DWORD PTR DS:[EDX+10],ECX
MOV EAX,DWORD PTR SS:[LOCAL.166]
MOV ECX,DWORD PTR SS:[LOCAL.7]
MOV DWORD PTR DS:[EAX+0C],ECX
JMP 0040989A
MOV EDX,DWORD PTR SS:[LOCAL.166]
MOV EAX,DWORD PTR DS:[EDX+10]
SUB EAX,DWORD PTR SS:[ARG.2]
CDQ
MOV ECX,28
IDIV ECX
CMP EAX,DWORD PTR SS:[ARG.3]
JNB 00409734
MOV EDX,DWORD PTR SS:[ARG.4]
PUSH EDX

; /Arg1 =>

8D4D B4
E8 54180000

LEA ECX,[LOCAL.19]
CALL 0040AD10

; |
; \SystemIn

C745
8B85
8B48
898D
8B55

MOV
MOV
MOV
MOV
MOV

FC 02000
68FDFFFF
10
6CFEFFFF
10

DWORD PTR
EAX,DWORD
ECX,DWORD
DWORD PTR
EDX,DWORD

SS:[LOCAL.1],2
PTR SS:[LOCAL.166]
PTR DS:[EAX+10]
SS:[LOCAL.101],ECX
PTR SS:[ARG.3]

004094D5 |.
004094D8 |.
004094DB |.
004094E1 |.
004094E7 |.
004094ED |.
004094F0 |.
004094F6 |.
004094F8 |.
004094FE |.
00409504 |.
0040950A |.
00409510 |.
00409516 |.
0040951C |.
00409522 |.
00409528 |.
0040952E |.
00409534 |.
0040953A |.
00409540 |.
00409543 |.
ARG.ECX+8
00409544 |.
0040954A |.
[LOCAL.100]
0040954B |.
00409551 |.
[ARG.ECX+10]
00409552 |.
00409558 |.
[ARG.2]
00409559 |.
fo.0040EAB0
0040955E |.
00409561 |.
00409565 |.
0040956B |.
0040956E |.
00409571 |.
00409572 |.
00409577 |.
00409579 |.
0040957C |.
0040957E |.
00409584 |.
0040958A |.
0040958D |.
00409593 |.
00409599 |.
0040959F |.
004095A1 |.
004095A7 |.
004095AD |.
004095B3 |.
004095BA |.
004095BB |.
004095C2 |.
004095C3 |.
004095C9 |.

6BD2
0355
8995
8B85
8985
8B4D
898D
33D2
8895
8A85
8885
8B8D
898D
8B95
8995
8A85
8885
8B8D
898D
8B95
83C2
52

28
0C
70FEFFFF
6CFEFFFF
74FEFFFF
0C
78FEFFFF
93FEFFFF
91FEFFFF
92FEFFFF
74FEFFFF
8CFEFFFF
78FEFFFF
84FEFFFF
93FEFFFF
7FFEFFFF
70FEFFFF
80FEFFFF
68FDFFFF
08

IMUL EDX,EDX,28
ADD EDX,DWORD PTR SS:[ARG.2]
MOV DWORD PTR SS:[LOCAL.100],EDX
MOV EAX,DWORD PTR SS:[LOCAL.101]
MOV DWORD PTR SS:[LOCAL.99],EAX
MOV ECX,DWORD PTR SS:[ARG.2]
MOV DWORD PTR SS:[LOCAL.98],ECX
XOR EDX,EDX
MOV BYTE PTR SS:[LOCAL.92+3],DL
MOV AL,BYTE PTR SS:[LOCAL.92+1]
MOV BYTE PTR SS:[LOCAL.92+2],AL
MOV ECX,DWORD PTR SS:[LOCAL.99]
MOV DWORD PTR SS:[LOCAL.93],ECX
MOV EDX,DWORD PTR SS:[LOCAL.98]
MOV DWORD PTR SS:[LOCAL.95],EDX
MOV AL,BYTE PTR SS:[LOCAL.92+3]
MOV BYTE PTR SS:[LOCAL.97+3],AL
MOV ECX,DWORD PTR SS:[LOCAL.100]
MOV DWORD PTR SS:[LOCAL.96],ECX
MOV EDX,DWORD PTR SS:[LOCAL.166]
ADD EDX,8
PUSH EDX

; /Arg4 =>

8B85 80FEFFFF MOV EAX,DWORD PTR SS:[LOCAL.96]


50
PUSH EAX

; |
; |Arg3 =>

8B8D 8CFEFFFF MOV ECX,DWORD PTR SS:[LOCAL.93]


51
PUSH ECX

; |
; |Arg2 =>

8B95 84FEFFFF MOV EDX,DWORD PTR SS:[LOCAL.95]


52
PUSH EDX

; |
; |Arg1 =>

E8 52550000

CALL 0040EAB0

; \SystemIn

83C4 10
C645 FC 03
8B85 68FDFFFF
8B40 10
2B45 0C
99
B9 28000000
F7F9
8B55 10
2BD0
8995 5CFEFFFF
8B85 68FDFFFF
8B48 10
898D 60FEFFFF
8B95 60FEFFFF
8995 64FEFFFF
33C0
8885 6BFEFFFF
8A8D 69FEFFFF
888D 6AFEFFFF
0FB695 6BFEFF
52
0FB685 6AFEFF
50
8B8D 68FDFFFF
83C1 08

ADD ESP,10
MOV BYTE PTR SS:[LOCAL.1],3
MOV EAX,DWORD PTR SS:[LOCAL.166]
MOV EAX,DWORD PTR DS:[EAX+10]
SUB EAX,DWORD PTR SS:[ARG.2]
CDQ
MOV ECX,28
IDIV ECX
MOV EDX,DWORD PTR SS:[ARG.3]
SUB EDX,EAX
MOV DWORD PTR SS:[LOCAL.105],EDX
MOV EAX,DWORD PTR SS:[LOCAL.166]
MOV ECX,DWORD PTR DS:[EAX+10]
MOV DWORD PTR SS:[LOCAL.104],ECX
MOV EDX,DWORD PTR SS:[LOCAL.104]
MOV DWORD PTR SS:[LOCAL.103],EDX
XOR EAX,EAX
MOV BYTE PTR SS:[LOCAL.102+3],AL
MOV CL,BYTE PTR SS:[LOCAL.102+1]
MOV BYTE PTR SS:[LOCAL.102+2],CL
MOVZX EDX,BYTE PTR SS:[LOCAL.102+3]
PUSH EDX
MOVZX EAX,BYTE PTR SS:[LOCAL.102+2]
PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.166]
ADD ECX,8

004095CC |.
004095CD |.
004095D0 |.
004095D1 |.
004095D7 |.
004095D8 |.
004095DE |.
004095DF |.
004095E4 |.
004095E7 \.
004095EC /.
004095EF |.
004095F2 |.
004095F8 |.
004095FB |.
00409601 |.
00409607 |.
0040960D |.
00409610 |.
00409613 |.
00409616 |.
0040961C |.
00409622 |.
00409628 |.
0040962E |.
00409634 |.
0040963A |.
00409640 |.
00409642 |>
00409648 |.
0040964B |.
00409651 |>
00409657 |.
0040965D |.
0040965F |.
00409665 |.
00409666 |.
0040966B |.
0040966E |.^
00409670 |>
00409672 |.
00409674 |.
fo.0042E925
00409679 |.
00409680 |.
00409685 \.
00409686 />
0040968D |.
00409690 |.
00409693 |.
00409699 |.
0040969C |.
004096A2 |.
004096A5 |.
004096A8 |.
004096AB |.
004096B1 |.
004096B4 |.
004096B6 |.
004096BC |.

51
8D55 B4
52
8B85 5CFEFFFF
50
8B8D 64FEFFFF
51
E8 CC4E0000
83C4 18
E9 9A000000
8B55 10
6BD2 28
8B85 68FDFFFF
0350 10
8995 44FEFFFF
8B8D 44FEFFFF
898D 48FEFFFF
8B55 10
6BD2 28
0355 0C
8995 4CFEFFFF
8A85 5AFEFFFF
8885 5BFEFFFF
8B8D 48FEFFFF
898D 50FEFFFF
8B95 4CFEFFFF
8995 54FEFFFF
EB 0F
8B85 54FEFFFF
83C0 28
8985 54FEFFFF
8B8D 54FEFFFF
3B8D 50FEFFFF
74 11
8B95 54FEFFFF
52
E8 55520000
83C4 04
EB D2
6A 00
6A 00
E8 AC520200

PUSH ECX
LEA EDX,[LOCAL.19]
PUSH EDX
MOV EAX,DWORD PTR SS:[LOCAL.105]
PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.103]
PUSH ECX
CALL 0040E4B0
ADD ESP,18
JMP 00409686
MOV EDX,DWORD PTR SS:[EBP+10]
IMUL EDX,EDX,28
MOV EAX,DWORD PTR SS:[EBP-298]
ADD EDX,DWORD PTR DS:[EAX+10]
MOV DWORD PTR SS:[EBP-1BC],EDX
MOV ECX,DWORD PTR SS:[EBP-1BC]
MOV DWORD PTR SS:[EBP-1B8],ECX
MOV EDX,DWORD PTR SS:[EBP+10]
IMUL EDX,EDX,28
ADD EDX,DWORD PTR SS:[EBP+0C]
MOV DWORD PTR SS:[EBP-1B4],EDX
MOV AL,BYTE PTR SS:[EBP-1A6]
MOV BYTE PTR SS:[EBP-1A5],AL
MOV ECX,DWORD PTR SS:[EBP-1B8]
MOV DWORD PTR SS:[EBP-1B0],ECX
MOV EDX,DWORD PTR SS:[EBP-1B4]
MOV DWORD PTR SS:[EBP-1AC],EDX
JMP SHORT 00409651
/MOV EAX,DWORD PTR SS:[EBP-1AC]
|ADD EAX,28
|MOV DWORD PTR SS:[EBP-1AC],EAX
|MOV ECX,DWORD PTR SS:[EBP-1AC]
|CMP ECX,DWORD PTR SS:[EBP-1B0]
|JE SHORT 00409670
|MOV EDX,DWORD PTR SS:[EBP-1AC]
|PUSH EDX
|CALL 0040E8C0
|ADD ESP,4
\JMP SHORT 00409642
PUSH 0
PUSH 0
CALL 0042E925

C745 FC 02000
B8 8D964000
C3
C745 FC 02000
8B45 10
6BC0 28
8B8D 68FDFFFF
0341 10
8B95 68FDFFFF
8942 10
8B45 10
6BC0 28
8B8D 68FDFFFF
8B51 10
2BD0
8995 2CFEFFFF
8B45 0C

MOV DWORD PTR SS:[EBP-4],2


MOV EAX,0040968D
RETN
MOV DWORD PTR SS:[LOCAL.1],2
MOV EAX,DWORD PTR SS:[ARG.3]
IMUL EAX,EAX,28
MOV ECX,DWORD PTR SS:[LOCAL.166]
ADD EAX,DWORD PTR DS:[ECX+10]
MOV EDX,DWORD PTR SS:[LOCAL.166]
MOV DWORD PTR DS:[EDX+10],EAX
MOV EAX,DWORD PTR SS:[ARG.3]
IMUL EAX,EAX,28
MOV ECX,DWORD PTR SS:[LOCAL.166]
MOV EDX,DWORD PTR DS:[ECX+10]
SUB EDX,EAX
MOV DWORD PTR SS:[LOCAL.117],EDX
MOV EAX,DWORD PTR SS:[ARG.2]

; /Arg2 = 0
; |Arg1 = 0
; \SystemIn

004096BF |. 8985 30FEFFFF


004096C5 |. 8B8D 2CFEFFFF
004096CB |. 898D 3CFEFFFF
004096D1 |. 8B95 30FEFFFF
004096D7 |. 8995 34FEFFFF
004096DD |. EB 0F
004096DF |> 8B85 34FEFFFF
004096E5 |. 83C0 28
004096E8 |. 8985 34FEFFFF
004096EE |> 8B8D 34FEFFFF
004096F4 |. 3B8D 3CFEFFFF
004096FA |. 74 11
004096FC |. 8D55 B4
004096FF |. 52
OFFSET LOCAL.19
00409700 |. 8B8D 34FEFFFF
00409706 |. E8 B51C0000
fo.0040B3C0
0040970B |.^ EB D2
0040970D |> C745 FC 05000
00409714 |. 8D4D B4
00409717 |. E8 64500000
fo.0040E780
0040971C |. C745 FC FFFFF
00409723 |. 6A 00
00409725 |. 6A 01
00409727 |. 8D4D B4
0040972A |. E8 31640000
fo.0040FB60
0040972F |. E9 66010000
00409734 |> 8B45 14
00409737 |. 50
[ARG.4]
00409738 |. 8D4D 88
0040973B |. E8 D0150000
fo.0040AD10
00409740 |. C745 FC 06000
00409747 |. 8B8D 68FDFFFF
0040974D |. 8B51 10
00409750 |. 8955 B0
00409753 |. 8B85 68FDFFFF
00409759 |. 8B48 10
0040975C |. 898D E8FDFFFF
00409762 |. 8B95 68FDFFFF
00409768 |. 83C2 08
0040976B |. 52
ARG.ECX+8
0040976C |. 8B85 E8FDFFFF
00409772 |. 50
[ARG.ECX+10]
00409773 |. 8B4D B0
00409776 |. 51
[ARG.ECX+10]
00409777 |. 8B55 10
0040977A |. 6BD2 28
0040977D |. 8B45 B0
00409780 |. 2BC2
00409782 |. 50
00409783 |. E8 184E0000
fo.0040E5A0

MOV DWORD PTR SS:[LOCAL.116],EAX


MOV ECX,DWORD PTR SS:[LOCAL.117]
MOV DWORD PTR SS:[LOCAL.113],ECX
MOV EDX,DWORD PTR SS:[LOCAL.116]
MOV DWORD PTR SS:[LOCAL.115],EDX
JMP SHORT 004096EE
/MOV EAX,DWORD PTR SS:[LOCAL.115]
|ADD EAX,28
|MOV DWORD PTR SS:[LOCAL.115],EAX
|MOV ECX,DWORD PTR SS:[LOCAL.115]
|CMP ECX,DWORD PTR SS:[LOCAL.113]
|JE SHORT 0040970D
|LEA EDX,[LOCAL.19]
|PUSH EDX

; /Arg1 =>

|MOV ECX,DWORD PTR SS:[LOCAL.115]


|CALL 0040B3C0

; |
; \SystemIn

\JMP SHORT 004096DF


MOV DWORD PTR SS:[LOCAL.1],5
LEA ECX,[LOCAL.19]
CALL 0040E780

; [SystemIn

MOV DWORD PTR SS:[LOCAL.1],-1


PUSH 0
PUSH 1
LEA ECX,[LOCAL.19]
CALL 0040FB60

;
;
;
;

JMP 0040989A
MOV EAX,DWORD PTR SS:[ARG.4]
PUSH EAX

; /Arg1 =>

LEA ECX,[LOCAL.30]
CALL 0040AD10

; |
; \SystemIn

MOV DWORD PTR


MOV ECX,DWORD
MOV EDX,DWORD
MOV DWORD PTR
MOV EAX,DWORD
MOV ECX,DWORD
MOV DWORD PTR
MOV EDX,DWORD
ADD EDX,8
PUSH EDX

; /Arg4 =>

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

SS:[LOCAL.1],6
PTR SS:[LOCAL.166]
PTR DS:[ECX+10]
SS:[LOCAL.20],EDX
PTR SS:[LOCAL.166]
PTR DS:[EAX+10]
SS:[LOCAL.134],ECX
PTR SS:[LOCAL.166]

MOV EAX,DWORD PTR SS:[LOCAL.134]


PUSH EAX

; |
; |Arg3 =>

MOV ECX,DWORD PTR SS:[LOCAL.20]


PUSH ECX

; |
; |Arg2 =>

MOV EDX,DWORD PTR SS:[ARG.3]


IMUL EDX,EDX,28
MOV EAX,DWORD PTR SS:[LOCAL.20]
SUB EAX,EDX
PUSH EAX
CALL 0040E5A0

;
;
;
;
;
;

|
|
|
|
|Arg1
\SystemIn

00409788 |. 83C4 10
0040978B |. 8B8D 68FDFFFF
00409791 |. 8941 10
00409794 |. 8B55 B0
00409797 |. 8995 B0FDFFFF
0040979D |. 8B45 10
004097A0 |. 6BC0 28
004097A3 |. 8B4D B0
004097A6 |. 2BC8
004097A8 |. 898D B4FDFFFF
004097AE |. 8B55 0C
004097B1 |. 8995 B8FDFFFF
004097B7 |. 33C0
004097B9 |. 8885 E7FDFFFF
004097BF |. 8A8D E4FDFFFF
004097C5 |. 888D E6FDFFFF
004097CB |. 8B95 B4FDFFFF
004097D1 |. 8995 DCFDFFFF
004097D7 |. 8B85 B8FDFFFF
004097DD |. 8985 D4FDFFFF
004097E3 |. 0FB68D E7FDFF
004097EA |. 51
004097EB |. 0FB695 E6FDFF
004097F2 |. 52
004097F3 |. 0FB685 E5FDFF
004097FA |. 50
004097FB |. 8B8D B0FDFFFF
00409801 |. 51
00409802 |. 8B95 DCFDFFFF
00409808 |. 52
00409809 |. 8B85 D4FDFFFF
0040980F |. 50
00409810 |. E8 0B4E0000
00409815 |. 83C4 18
00409818 |. 8B4D 10
0040981B |. 6BC9 28
0040981E |. 034D 0C
00409821 |. 898D 8CFDFFFF
00409827 |. 8B55 0C
0040982A |. 8995 90FDFFFF
00409830 |. 8B85 8CFDFFFF
00409836 |. 8985 A8FDFFFF
0040983C |. 8B8D 90FDFFFF
00409842 |. 898D 94FDFFFF
00409848 |. EB 0F
0040984A |> 8B95 94FDFFFF
00409850 |. 83C2 28
00409853 |. 8995 94FDFFFF
00409859 |> 8B85 94FDFFFF
0040985F |. 3B85 A8FDFFFF
00409865 |. 74 11
00409867 |. 8D4D 88
0040986A |. 51
OFFSET LOCAL.30
0040986B |. 8B8D 94FDFFFF
00409871 |. E8 4A1B0000
fo.0040B3C0
00409876 |.^ EB D2
00409878 |> C745 FC 07000
0040987F |. 8D4D 88

ADD ESP,10
MOV ECX,DWORD PTR SS:[LOCAL.166]
MOV DWORD PTR DS:[ECX+10],EAX
MOV EDX,DWORD PTR SS:[LOCAL.20]
MOV DWORD PTR SS:[LOCAL.148],EDX
MOV EAX,DWORD PTR SS:[ARG.3]
IMUL EAX,EAX,28
MOV ECX,DWORD PTR SS:[LOCAL.20]
SUB ECX,EAX
MOV DWORD PTR SS:[LOCAL.147],ECX
MOV EDX,DWORD PTR SS:[ARG.2]
MOV DWORD PTR SS:[LOCAL.146],EDX
XOR EAX,EAX
MOV BYTE PTR SS:[LOCAL.135+3],AL
MOV CL,BYTE PTR SS:[LOCAL.135]
MOV BYTE PTR SS:[LOCAL.135+2],CL
MOV EDX,DWORD PTR SS:[LOCAL.147]
MOV DWORD PTR SS:[LOCAL.137],EDX
MOV EAX,DWORD PTR SS:[LOCAL.146]
MOV DWORD PTR SS:[LOCAL.139],EAX
MOVZX ECX,BYTE PTR SS:[LOCAL.135+3]
PUSH ECX
MOVZX EDX,BYTE PTR SS:[LOCAL.135+2]
PUSH EDX
MOVZX EAX,BYTE PTR SS:[LOCAL.135+1]
PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.148]
PUSH ECX
MOV EDX,DWORD PTR SS:[LOCAL.137]
PUSH EDX
MOV EAX,DWORD PTR SS:[LOCAL.139]
PUSH EAX
CALL 0040E620
ADD ESP,18
MOV ECX,DWORD PTR SS:[ARG.3]
IMUL ECX,ECX,28
ADD ECX,DWORD PTR SS:[ARG.2]
MOV DWORD PTR SS:[LOCAL.157],ECX
MOV EDX,DWORD PTR SS:[ARG.2]
MOV DWORD PTR SS:[LOCAL.156],EDX
MOV EAX,DWORD PTR SS:[LOCAL.157]
MOV DWORD PTR SS:[LOCAL.150],EAX
MOV ECX,DWORD PTR SS:[LOCAL.156]
MOV DWORD PTR SS:[LOCAL.155],ECX
JMP SHORT 00409859
/MOV EDX,DWORD PTR SS:[LOCAL.155]
|ADD EDX,28
|MOV DWORD PTR SS:[LOCAL.155],EDX
|MOV EAX,DWORD PTR SS:[LOCAL.155]
|CMP EAX,DWORD PTR SS:[LOCAL.150]
|JE SHORT 00409878
|LEA ECX,[LOCAL.30]
|PUSH ECX

; /Arg1 =>

|MOV ECX,DWORD PTR SS:[LOCAL.155]


|CALL 0040B3C0

; |
; \SystemIn

\JMP SHORT 0040984A


MOV DWORD PTR SS:[LOCAL.1],7
LEA ECX,[LOCAL.30]

00409882 |.
fo.0040E780
00409887 |.
0040988E |.
00409890 |.
00409892 |.
00409895 |.
fo.0040FB60
0040989A |>
0040989D |.
004098A4 |.
004098A5 |.
004098A6 |.
004098A7 |.
004098A8 |.
004098AB |.
004098AD |.
004098B2 |.
004098B4 |.
004098B5 \.
004098B8
004098B9
004098BA
004098BB
004098BC
004098BD
004098BE
004098BF
004098C0 /.
004098C1 |.
004098C3 |.
004098C6 |.
004098C9 |.
004098CC |.
004098D2 |.
004098D5 |.
004098DB |.
004098DD |.
004098DF |.
004098E2 |.
004098E5 |.
fo.0040FB60
004098EA |.
004098ED |.
fo.0042EB63
004098F2 |.
004098F5 |.
004098F8 |.
004098FA |.
004098FD |.
004098FE |.
00409903 |.
00409906 |>
00409909 |.
0040990B |.
0040990C \.
0040990F
00409910 /.
00409911 |.
00409913 |.

E8 F94E0000

CALL 0040E780

; [SystemIn

C745 FC FFFFF
6A 00
6A 01
8D4D 88
E8 C6620000

MOV DWORD PTR SS:[LOCAL.1],-1


PUSH 0
PUSH 1
LEA ECX,[LOCAL.30]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

8B4D F4
64:890D 00000
59
5F
5E
5B
8B4D DC
33CD
E8 3F4E0200
8BE5
5D
C2 1000
CC
CC
CC
CC
CC
CC
CC
CC
55
8BEC
83EC 18
894D E8
8B45 E8
C700 E4874400
8B4D E8
C701 F0874400
6A 00
6A 01
8B4D E8
83C1 0C
E8 76620000

MOV ECX,DWORD
MOV DWORD PTR
POP ECX
POP EDI
POP ESI
POP EBX
MOV ECX,DWORD
XOR ECX,EBP
CALL 0042E6F1
MOV ESP,EBP
POP EBP
RETN 10
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
SUB ESP,18
MOV DWORD PTR
MOV EAX,DWORD
MOV DWORD PTR
MOV ECX,DWORD
MOV DWORD PTR
PUSH 0
PUSH 1
MOV ECX,DWORD
ADD ECX,0C
CALL 0040FB60

;
;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
|
\SystemIn

8B4D E8
E8 71520200

MOV ECX,DWORD PTR SS:[LOCAL.6]


CALL 0042EB63

8B55 08
83E2 01
74 0C
8B45 E8
50
E8 17500200
83C4 04
8B45 E8
8BE5
5D
C2 0400
CC
55
8BEC
83EC 64

MOV EDX,DWORD PTR SS:[ARG.1]


AND EDX,00000001
JE SHORT 00409906
MOV EAX,DWORD PTR SS:[LOCAL.6]
PUSH EAX
CALL 0042E91A
ADD ESP,4
MOV EAX,DWORD PTR SS:[LOCAL.6]
MOV ESP,EBP
POP EBP
RETN 4
INT3
PUSH EBP
MOV EBP,ESP
SUB ESP,64

PTR SS:[LOCAL.3]
FS:[0],ECX

PTR SS:[LOCAL.9]

SS:[LOCAL.6],ECX
PTR SS:[LOCAL.6]
DS:[EAX],OFFSET 004487E4
PTR SS:[LOCAL.6]
DS:[ECX],OFFSET 004487F0
PTR SS:[LOCAL.6]

; [SystemIn

00409916 |. 894D 9C
00409919 |. 8B45 08
0040991C |. 50
[ARG.1]
0040991D |. 8B4D 9C
00409920 |. E8 FBECFFFF
fo.00408620
00409925 |. 8B4D 9C
00409928 |. C701 E4874400
0040992E |. 8B45 9C
00409931 |. 8BE5
00409933 |. 5D
00409934 \. C2 0400
00409937
CC
00409938
CC
00409939
CC
0040993A
CC
0040993B
CC
0040993C
CC
0040993D
CC
0040993E
CC
0040993F
CC
00409940 /$ 55
00409941 |. 8BEC
00409943 |. 6A FF
00409945 |. 68 B8544400
0040994A |. 64:A1 0000000
00409950 |. 50
00409951 |. 81EC B8000000
00409957 |. A1 A0154500
0040995C |. 33C5
0040995E |. 50
0040995F |. 8D45 F4
00409962 |. 64:A3 0000000
00409968 |. 68 3C884400
SCII "vector<T> too long"
0040996D |. 8D4D B0
00409970 |. E8 7B520000
fo.0040EBF0
00409975 |. C745 FC 00000
0040997C |. 8D45 B0
0040997F |. 50
OFFSET LOCAL.20
00409980 |. 8D4D CC
00409983 |. E8 B8F1FFFF
fo.00408B40
00409988 |. C745 CC 14884
0040998F |. 68 20D44400
ystemInfo.44D420
00409994 |. 8D4D CC
00409997 |. 51
OFFSET LOCAL.13
00409998 |. E8 884F0200
fo.0042E925
0040999D |. C745 FC FFFFF
004099A4 |. 6A 00
004099A6 |. 6A 01
004099A8 |. 8D4D B0
004099AB |. E8 B0610000
fo.0040FB60

MOV DWORD PTR SS:[LOCAL.25],ECX


MOV EAX,DWORD PTR SS:[ARG.1]
PUSH EAX

; /Arg1 =>

MOV ECX,DWORD PTR SS:[LOCAL.25]


CALL 00408620

; |
; \SystemIn

MOV ECX,DWORD PTR SS:[LOCAL.25]


MOV DWORD PTR DS:[ECX],OFFSET 004487E4
MOV EAX,DWORD PTR SS:[LOCAL.25]
MOV ESP,EBP
POP EBP
RETN 4
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
PUSH -1
PUSH 004454B8
MOV EAX,DWORD PTR FS:[0]
PUSH EAX
SUB ESP,0B8
MOV EAX,DWORD PTR DS:[4515A0]
XOR EAX,EBP
PUSH EAX
LEA EAX,[LOCAL.3]
MOV DWORD PTR FS:[0],EAX
PUSH OFFSET 0044883C

; /Arg1 = A

LEA ECX,[LOCAL.20]
CALL 0040EBF0

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.1],0


LEA EAX,[LOCAL.20]
PUSH EAX

; /Arg1 =>

LEA ECX,[LOCAL.13]
CALL 00408B40

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.13],OFFSET 00448


PUSH OFFSET 0044D420
; /Arg2 = S
LEA ECX,[LOCAL.13]
PUSH ECX

; |
; |Arg1 =>

CALL 0042E925

; \SystemIn

MOV DWORD PTR SS:[LOCAL.1],-1


PUSH 0
PUSH 1
LEA ECX,[LOCAL.20]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

004099B0
004099B3
004099BA
004099BB
004099BD
004099BE
004099BF
004099C0
004099C1
004099C3
004099C4
004099C7
004099CA
004099CD
004099D2
004099D4
004099D7
004099DA
004099DF
004099E5
004099EB
004099ED
004099F0
004099F3
004099F6
004099F8
004099F9
004099FA
004099FB
004099FC
004099FD
004099FE
004099FF
00409A00
00409A01
00409A03
00409A04
00409A07
00409A0A
00409A0D
00409A12
00409A14
00409A17
00409A1A
00409A1F
00409A25
00409A2B
00409A2D
00409A30
00409A33
00409A36
00409A38
00409A39
00409A3A
00409A3B
00409A3C
00409A3D
00409A3E
00409A3F
00409A40

|.
|.
|.
|.
|.
\.
/.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
\.

/.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
\.

/.

8B4D F4
64:890D 00000
59
8BE5
5D
C3
CC
55
8BEC
51
8B45 08
8B48 10
894D FC
BA C0010000
F7D2
8B45 08
2350 10
B9 40000000
81E1 C0010000
81E1 FFFF0000
0BD1
8B45 08
8950 10
8B45 08
8BE5
5D
C3
CC
CC
CC
CC
CC
CC
55
8BEC
51
8B45 08
8B48 10
894D FC
BA C0010000
F7D2
8B45 08
2350 10
B9 80000000
81E1 C0010000
81E1 FFFF0000
0BD1
8B45 08
8950 10
8B45 08
8BE5
5D
C3
CC
CC
CC
CC
CC
CC
55

MOV ECX,DWORD PTR SS:[LOCAL.3]


MOV DWORD PTR FS:[0],ECX
POP ECX
MOV ESP,EBP
POP EBP
RETN
INT3
PUSH EBP
MOV EBP,ESP
PUSH ECX
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ECX,DWORD PTR DS:[EAX+10]
MOV DWORD PTR SS:[LOCAL.1],ECX
MOV EDX,1C0
NOT EDX
MOV EAX,DWORD PTR SS:[ARG.1]
AND EDX,DWORD PTR DS:[EAX+10]
MOV ECX,40
AND ECX,000001C0
AND ECX,0000FFFF
OR EDX,ECX
MOV EAX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR DS:[EAX+10],EDX
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
PUSH ECX
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ECX,DWORD PTR DS:[EAX+10]
MOV DWORD PTR SS:[LOCAL.1],ECX
MOV EDX,1C0
NOT EDX
MOV EAX,DWORD PTR SS:[ARG.1]
AND EDX,DWORD PTR DS:[EAX+10]
MOV ECX,80
AND ECX,000001C0
AND ECX,0000FFFF
OR EDX,ECX
MOV EAX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR DS:[EAX+10],EDX
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP

00409A41 |. 8BEC
MOV EBP,ESP
00409A43 |. 81EC 24010000 SUB ESP,124
00409A49 |. 6A 0A
PUSH 0A
A
00409A4B |. 8B4D 08
MOV ECX,DWORD
00409A4E |. E8 6D5B0000 CALL 0040F5C0
fo.0040F5C0
00409A53 |. 8B4D 08
MOV ECX,DWORD
00409A56 |. E8 655D0000 CALL 0040F7C0
fo.0040F7C0
00409A5B |. 8B45 08
MOV EAX,DWORD
00409A5E |. 8BE5
MOV ESP,EBP
00409A60 |. 5D
POP EBP
00409A61 \. C3
RETN
00409A62
CC
INT3
00409A63
CC
INT3
00409A64
CC
INT3
00409A65
CC
INT3
00409A66
CC
INT3
00409A67
CC
INT3
00409A68
CC
INT3
00409A69
CC
INT3
00409A6A
CC
INT3
00409A6B
CC
INT3
00409A6C
CC
INT3
00409A6D
CC
INT3
00409A6E
CC
INT3
00409A6F
CC
INT3
00409A70 /. 55
PUSH EBP
00409A71 |. 8BEC
MOV EBP,ESP
00409A73 |. 83EC 64
SUB ESP,64
00409A76 |. 894D 9C
MOV DWORD PTR
00409A79 |. 8B45 08
MOV EAX,DWORD
00409A7C |. 50
PUSH EAX
[ARG.1]
00409A7D |. 8B4D 9C
MOV ECX,DWORD
00409A80 |. E8 6BF2FFFF CALL 00408CF0
fo.00408CF0
00409A85 |. 8B4D 9C
MOV ECX,DWORD
00409A88 |. C701 14884400 MOV DWORD PTR
00409A8E |. 8B45 9C
MOV EAX,DWORD
00409A91 |. 8BE5
MOV ESP,EBP
00409A93 |. 5D
POP EBP
00409A94 \. C2 0400
RETN 4
00409A97
CC
INT3
00409A98
CC
INT3
00409A99
CC
INT3
00409A9A
CC
INT3
00409A9B
CC
INT3
00409A9C
CC
INT3
00409A9D
CC
INT3
00409A9E
CC
INT3
00409A9F
CC
INT3
00409AA0 /$ 55
PUSH EBP
o.00409AA0(guessed Arg1,Arg2,Arg3)
00409AA1 |. 8BEC
MOV EBP,ESP
00409AA3 |. 6A FF
PUSH -1
00409AA5 |. 68 E8544400 PUSH 004454E8
00409AAA |. 64:A1 0000000 MOV EAX,DWORD
00409AB0 |. 50
PUSH EAX

; /Arg1 = 0
PTR SS:[ARG.1]

; |
; \SystemIn

PTR SS:[ARG.1]
; [SystemIn
PTR SS:[ARG.1]

SS:[LOCAL.25],ECX
PTR SS:[ARG.1]
; /Arg1 =>
PTR SS:[LOCAL.25]

; |
; \SystemIn

PTR SS:[LOCAL.25]
DS:[ECX],OFFSET 00448814
PTR SS:[LOCAL.25]

; SystemInf

PTR FS:[0]

00409AB1 |. 81EC 10010000 SUB ESP,110


00409AB7 |. A1 A0154500 MOV EAX,DWORD PTR DS:[4515A0]
00409ABC |. 33C5
XOR EAX,EBP
00409ABE |. 50
PUSH EAX
00409ABF |. 8D45 F4
LEA EAX,[LOCAL.3]
00409AC2 |. 64:A3 0000000 MOV DWORD PTR FS:[0],EAX
00409AC8 |. 898D ECFEFFFF MOV DWORD PTR SS:[LOCAL.69],ECX
00409ACE |. 8B45 10
MOV EAX,DWORD PTR SS:[ARG.3]
00409AD1 |. 8945 9C
MOV DWORD PTR SS:[LOCAL.25],EAX
00409AD4 |. 8B4D 9C
MOV ECX,DWORD PTR SS:[LOCAL.25]
00409AD7 |. 0FBE51 5D
MOVSX EDX,BYTE PTR DS:[ECX+5D]
00409ADB |. 85D2
TEST EDX,EDX
00409ADD |. 74 48
JE SHORT 00409B27
00409ADF |. 68 5C884400 PUSH OFFSET 0044885C
; /Arg1 = A
SCII "invalid map/set<T> iterator"
00409AE4 |. 8D4D A0
LEA ECX,[LOCAL.24]
; |
00409AE7 |. E8 04510000 CALL 0040EBF0
; \SystemIn
fo.0040EBF0
00409AEC |. C745 FC 00000 MOV DWORD PTR SS:[LOCAL.1],0
00409AF3 |. 8D45 A0
LEA EAX,[LOCAL.24]
00409AF6 |. 50
PUSH EAX
; /Arg1 =>
OFFSET LOCAL.24
00409AF7 |. 8D4D BC
LEA ECX,[LOCAL.17]
; |
00409AFA |. E8 41F0FFFF CALL 00408B40
; \SystemIn
fo.00408B40
00409AFF |. C745 BC 54884 MOV DWORD PTR SS:[LOCAL.17],OFFSET 00448
00409B06 |. 68 7CD54400 PUSH OFFSET 0044D57C
; /Arg2 = S
ystemInfo.44D57C
00409B0B |. 8D4D BC
LEA ECX,[LOCAL.17]
; |
00409B0E |. 51
PUSH ECX
; |Arg1 =>
OFFSET LOCAL.17
00409B0F |. E8 114E0200 CALL 0042E925
; \SystemIn
fo.0042E925
00409B14 |. C745 FC FFFFF MOV DWORD PTR SS:[LOCAL.1],-1
00409B1B |. 6A 00
PUSH 0
; /Arg2 = 0
00409B1D |. 6A 01
PUSH 1
; |Arg1 = 1
00409B1F |. 8D4D A0
LEA ECX,[LOCAL.24]
; |
00409B22 |. E8 39600000 CALL 0040FB60
; \SystemIn
fo.0040FB60
00409B27 |> 8B55 10
MOV EDX,DWORD PTR SS:[ARG.3]
00409B2A |. 8955 F0
MOV DWORD PTR SS:[LOCAL.4],EDX
00409B2D |. 8D4D 0C
LEA ECX,[ARG.2]
00409B30 |. E8 7B0B0000 CALL 0040A6B0
; [SystemIn
fo.0040A6B0
00409B35 |. 8B45 F0
MOV EAX,DWORD PTR SS:[LOCAL.4]
00409B38 |. 8945 E8
MOV DWORD PTR SS:[LOCAL.6],EAX
00409B3B |. 8B4D E8
MOV ECX,DWORD PTR SS:[LOCAL.6]
00409B3E |. 8B11
MOV EDX,DWORD PTR DS:[ECX]
00409B40 |. 0FBE42 5D
MOVSX EAX,BYTE PTR DS:[EDX+5D]
00409B44 |. 85C0
TEST EAX,EAX
00409B46 |. 74 0B
JE SHORT 00409B53
00409B48 |. 8B4D E8
MOV ECX,DWORD PTR SS:[LOCAL.6]
00409B4B |. 8B51 08
MOV EDX,DWORD PTR DS:[ECX+8]
00409B4E |. 8955 EC
MOV DWORD PTR SS:[LOCAL.5],EDX
00409B51 |. EB 27
JMP SHORT 00409B7A
00409B53 |> 8B45 E8
MOV EAX,DWORD PTR SS:[LOCAL.6]
00409B56 |. 8B48 08
MOV ECX,DWORD PTR DS:[EAX+8]
00409B59 |. 0FBE51 5D
MOVSX EDX,BYTE PTR DS:[ECX+5D]
00409B5D |. 85D2
TEST EDX,EDX
00409B5F |. 74 0A
JE SHORT 00409B6B

00409B61
00409B64
00409B66
00409B69
00409B6B
00409B6E
00409B71
00409B74
00409B77
00409B7A
00409B7D
00409B80
00409B86
00409B89
00409B8C
00409B8F
00409B92
00409B96
00409B98
00409B9A
00409B9D
00409BA0
00409BA3
00409BA9
00409BAC
00409BAF
00409BB2
00409BB4
00409BBA
00409BBD
00409BC0
00409BC3
00409BC5
00409BC8
00409BCA
00409BCD
00409BCF
00409BD2
00409BD5
00409BD7
00409BD9
00409BDC
00409BDF
00409BE2
00409BE8
00409BEB
00409BEE
00409BF1
00409BF3
00409BF6
00409BF8
00409BFB
00409BFF
00409C01
00409C03
00409C06
00409C0C
00409C0E
00409C11
00409C14

|.
|.
|.
|.
|>
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|>

8B45 E8
8B08
894D EC
EB 0F
8B55 10
8955 E8
8B45 E8
8B48 08
894D EC
8B55 E8
3B55 F0
0F85 3A010000
8B45 F0
8B48 04
894D E4
8B55 EC
0FBE42 5D
85C0
75 09
8B4D EC
8B55 E4
8951 04
8B85 ECFEFFFF
8B48 18
8B51 04
3B55 F0
75 11
8B85 ECFEFFFF
8B48 18
8B55 EC
8951 04
EB 1D
8B45 E4
8B08
3B4D F0
75 0A
8B55 E4
8B45 EC
8902
EB 09
8B4D E4
8B55 EC
8951 08
8B85 ECFEFFFF
8B48 18
894D 88
8B55 88
8B02
3B45 F0
75 53
8B4D EC
0FBE51 5D
85D2
74 0B
8B45 E4
8985 E8FEFFFF
EB 26
8B4D EC
894D 84
8B55 84

MOV EAX,DWORD PTR SS:[LOCAL.6]


MOV ECX,DWORD PTR DS:[EAX]
MOV DWORD PTR SS:[LOCAL.5],ECX
JMP SHORT 00409B7A
MOV EDX,DWORD PTR SS:[ARG.3]
MOV DWORD PTR SS:[LOCAL.6],EDX
MOV EAX,DWORD PTR SS:[LOCAL.6]
MOV ECX,DWORD PTR DS:[EAX+8]
MOV DWORD PTR SS:[LOCAL.5],ECX
MOV EDX,DWORD PTR SS:[LOCAL.6]
CMP EDX,DWORD PTR SS:[LOCAL.4]
JNE 00409CC0
MOV EAX,DWORD PTR SS:[LOCAL.4]
MOV ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.7],ECX
MOV EDX,DWORD PTR SS:[LOCAL.5]
MOVSX EAX,BYTE PTR DS:[EDX+5D]
TEST EAX,EAX
JNE SHORT 00409BA3
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV EDX,DWORD PTR SS:[LOCAL.7]
MOV DWORD PTR DS:[ECX+4],EDX
MOV EAX,DWORD PTR SS:[LOCAL.69]
MOV ECX,DWORD PTR DS:[EAX+18]
MOV EDX,DWORD PTR DS:[ECX+4]
CMP EDX,DWORD PTR SS:[LOCAL.4]
JNE SHORT 00409BC5
MOV EAX,DWORD PTR SS:[LOCAL.69]
MOV ECX,DWORD PTR DS:[EAX+18]
MOV EDX,DWORD PTR SS:[LOCAL.5]
MOV DWORD PTR DS:[ECX+4],EDX
JMP SHORT 00409BE2
MOV EAX,DWORD PTR SS:[LOCAL.7]
MOV ECX,DWORD PTR DS:[EAX]
CMP ECX,DWORD PTR SS:[LOCAL.4]
JNE SHORT 00409BD9
MOV EDX,DWORD PTR SS:[LOCAL.7]
MOV EAX,DWORD PTR SS:[LOCAL.5]
MOV DWORD PTR DS:[EDX],EAX
JMP SHORT 00409BE2
MOV ECX,DWORD PTR SS:[LOCAL.7]
MOV EDX,DWORD PTR SS:[LOCAL.5]
MOV DWORD PTR DS:[ECX+8],EDX
MOV EAX,DWORD PTR SS:[LOCAL.69]
MOV ECX,DWORD PTR DS:[EAX+18]
MOV DWORD PTR SS:[LOCAL.30],ECX
MOV EDX,DWORD PTR SS:[LOCAL.30]
MOV EAX,DWORD PTR DS:[EDX]
CMP EAX,DWORD PTR SS:[LOCAL.4]
JNE SHORT 00409C4B
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOVSX EDX,BYTE PTR DS:[ECX+5D]
TEST EDX,EDX
JE SHORT 00409C0E
MOV EAX,DWORD PTR SS:[LOCAL.7]
MOV DWORD PTR SS:[LOCAL.70],EAX
JMP SHORT 00409C34
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV DWORD PTR SS:[LOCAL.31],ECX
/MOV EDX,DWORD PTR SS:[LOCAL.31]

00409C17
00409C19
00409C1D
00409C1F
00409C21
00409C24
00409C26
00409C29
00409C2B
00409C2E
00409C34
00409C3A
00409C3D
00409C40
00409C43
00409C49
00409C4B
00409C51
00409C54
00409C57
00409C5A
00409C5C
00409C5F
00409C63
00409C65
00409C67
00409C6A
00409C70
00409C72
00409C75
00409C7B
00409C81
00409C84
00409C88
00409C8A
00409C8C
00409C92
00409C95
00409C9B
00409C9D
00409CA3
00409CA9
00409CAF
00409CB2
00409CB8
00409CBB
00409CC0
00409CC3
00409CC5
00409CC8
00409CCB
00409CCE
00409CD1
00409CD3
00409CD5
00409CD8
00409CDB
00409CDE
00409CE0
00409CE3

|.
|.
|.
|.
|.
|.
|.
|.^
|>
|.
|>
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.^
|>
|.
|>
|.
|.
|.
|>
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.

8B02
0FBE48 5D
85C9
75 0A
8B55 84
8B02
8945 84
EB E9
8B4D 84
898D E8FEFFFF
8B95 ECFEFFFF
8B42 18
8945 80
8B4D 80
8B95 E8FEFFFF
8911
8B85 ECFEFFFF
8B48 18
8B51 08
3B55 F0
75 5F
8B45 EC
0FBE48 5D
85C9
74 0B
8B55 E4
8995 E4FEFFFF
EB 37
8B45 EC
8985 7CFFFFFF
8B8D 7CFFFFFF
8B51 08
0FBE42 5D
85C0
75 11
8B8D 7CFFFFFF
8B51 08
8995 7CFFFFFF
EB DE
8B85 7CFFFFFF
8985 E4FEFFFF
8B8D ECFEFFFF
8B51 18
8B85 E4FEFFFF
8942 08
E9 23010000
8B4D F0
8B11
8B45 E8
8942 04
8B4D E8
8B55 F0
8B02
8901
8B4D F0
8B55 E8
3B51 08
75 08
8B45 E8
8945 E4

|MOV EAX,DWORD PTR DS:[EDX]


|MOVSX ECX,BYTE PTR DS:[EAX+5D]
|TEST ECX,ECX
|JNE SHORT 00409C2B
|MOV EDX,DWORD PTR SS:[LOCAL.31]
|MOV EAX,DWORD PTR DS:[EDX]
|MOV DWORD PTR SS:[LOCAL.31],EAX
\JMP SHORT 00409C14
MOV ECX,DWORD PTR SS:[LOCAL.31]
MOV DWORD PTR SS:[LOCAL.70],ECX
MOV EDX,DWORD PTR SS:[LOCAL.69]
MOV EAX,DWORD PTR DS:[EDX+18]
MOV DWORD PTR SS:[LOCAL.32],EAX
MOV ECX,DWORD PTR SS:[LOCAL.32]
MOV EDX,DWORD PTR SS:[LOCAL.70]
MOV DWORD PTR DS:[ECX],EDX
MOV EAX,DWORD PTR SS:[LOCAL.69]
MOV ECX,DWORD PTR DS:[EAX+18]
MOV EDX,DWORD PTR DS:[ECX+8]
CMP EDX,DWORD PTR SS:[LOCAL.4]
JNE SHORT 00409CBB
MOV EAX,DWORD PTR SS:[LOCAL.5]
MOVSX ECX,BYTE PTR DS:[EAX+5D]
TEST ECX,ECX
JE SHORT 00409C72
MOV EDX,DWORD PTR SS:[LOCAL.7]
MOV DWORD PTR SS:[LOCAL.71],EDX
JMP SHORT 00409CA9
MOV EAX,DWORD PTR SS:[LOCAL.5]
MOV DWORD PTR SS:[LOCAL.33],EAX
/MOV ECX,DWORD PTR SS:[LOCAL.33]
|MOV EDX,DWORD PTR DS:[ECX+8]
|MOVSX EAX,BYTE PTR DS:[EDX+5D]
|TEST EAX,EAX
|JNE SHORT 00409C9D
|MOV ECX,DWORD PTR SS:[LOCAL.33]
|MOV EDX,DWORD PTR DS:[ECX+8]
|MOV DWORD PTR SS:[LOCAL.33],EDX
\JMP SHORT 00409C7B
MOV EAX,DWORD PTR SS:[LOCAL.33]
MOV DWORD PTR SS:[LOCAL.71],EAX
MOV ECX,DWORD PTR SS:[LOCAL.69]
MOV EDX,DWORD PTR DS:[ECX+18]
MOV EAX,DWORD PTR SS:[LOCAL.71]
MOV DWORD PTR DS:[EDX+8],EAX
JMP 00409DE3
MOV ECX,DWORD PTR SS:[LOCAL.4]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[LOCAL.6]
MOV DWORD PTR DS:[EDX+4],EAX
MOV ECX,DWORD PTR SS:[LOCAL.6]
MOV EDX,DWORD PTR SS:[LOCAL.4]
MOV EAX,DWORD PTR DS:[EDX]
MOV DWORD PTR DS:[ECX],EAX
MOV ECX,DWORD PTR SS:[LOCAL.4]
MOV EDX,DWORD PTR SS:[LOCAL.6]
CMP EDX,DWORD PTR DS:[ECX+8]
JNE SHORT 00409CE8
MOV EAX,DWORD PTR SS:[LOCAL.6]
MOV DWORD PTR SS:[LOCAL.7],EAX

00409CE6
00409CE8
00409CEB
00409CEE
00409CF1
00409CF4
00409CF8
00409CFA
00409CFC
00409CFF
00409D02
00409D05
00409D08
00409D0B
00409D0D
00409D10
00409D13
00409D16
00409D19
00409D1C
00409D1F
00409D22
00409D25
00409D2B
00409D2E
00409D31
00409D34
00409D36
00409D3C
00409D3F
00409D42
00409D45
00409D47
00409D4A
00409D4D
00409D53
00409D59
00409D5B
00409D5E
00409D60
00409D63
00409D66
00409D6C
00409D72
00409D75
00409D77
00409D79
00409D7C
00409D7F
00409D82
00409D85
00409D88
00409D8B
00409D8E
00409D91
00409D94
00409D97
00409D9D
00409DA0
00409DA3

|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.

EB 3D
8B4D E8
8B51 04
8955 E4
8B45 EC
0FBE48 5D
85C9
75 09
8B55 EC
8B45 E4
8942 04
8B4D E4
8B55 EC
8911
8B45 E8
8B4D F0
8B51 08
8950 08
8B45 F0
8B48 08
8B55 E8
8951 04
8B85 ECFEFFFF
8B48 18
8B51 04
3B55 F0
75 11
8B85 ECFEFFFF
8B48 18
8B55 E8
8951 04
EB 3E
8B45 F0
8B48 04
898D 78FFFFFF
8B95 78FFFFFF
8B02
3B45 F0
75 19
8B4D F0
8B51 04
8995 74FFFFFF
8B85 74FFFFFF
8B4D E8
8908
EB 0C
8B55 F0
8B42 04
8B4D E8
8948 08
8B55 E8
8B45 F0
8B48 04
894A 04
8B55 F0
83C2 5C
8995 68FFFFFF
8B45 E8
83C0 5C
8985 6CFFFFFF

JMP SHORT 00409D25


MOV ECX,DWORD PTR SS:[LOCAL.6]
MOV EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[LOCAL.7],EDX
MOV EAX,DWORD PTR SS:[LOCAL.5]
MOVSX ECX,BYTE PTR DS:[EAX+5D]
TEST ECX,ECX
JNE SHORT 00409D05
MOV EDX,DWORD PTR SS:[LOCAL.5]
MOV EAX,DWORD PTR SS:[LOCAL.7]
MOV DWORD PTR DS:[EDX+4],EAX
MOV ECX,DWORD PTR SS:[LOCAL.7]
MOV EDX,DWORD PTR SS:[LOCAL.5]
MOV DWORD PTR DS:[ECX],EDX
MOV EAX,DWORD PTR SS:[LOCAL.6]
MOV ECX,DWORD PTR SS:[LOCAL.4]
MOV EDX,DWORD PTR DS:[ECX+8]
MOV DWORD PTR DS:[EAX+8],EDX
MOV EAX,DWORD PTR SS:[LOCAL.4]
MOV ECX,DWORD PTR DS:[EAX+8]
MOV EDX,DWORD PTR SS:[LOCAL.6]
MOV DWORD PTR DS:[ECX+4],EDX
MOV EAX,DWORD PTR SS:[LOCAL.69]
MOV ECX,DWORD PTR DS:[EAX+18]
MOV EDX,DWORD PTR DS:[ECX+4]
CMP EDX,DWORD PTR SS:[LOCAL.4]
JNE SHORT 00409D47
MOV EAX,DWORD PTR SS:[LOCAL.69]
MOV ECX,DWORD PTR DS:[EAX+18]
MOV EDX,DWORD PTR SS:[LOCAL.6]
MOV DWORD PTR DS:[ECX+4],EDX
JMP SHORT 00409D85
MOV EAX,DWORD PTR SS:[LOCAL.4]
MOV ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.34],ECX
MOV EDX,DWORD PTR SS:[LOCAL.34]
MOV EAX,DWORD PTR DS:[EDX]
CMP EAX,DWORD PTR SS:[LOCAL.4]
JNE SHORT 00409D79
MOV ECX,DWORD PTR SS:[LOCAL.4]
MOV EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[LOCAL.35],EDX
MOV EAX,DWORD PTR SS:[LOCAL.35]
MOV ECX,DWORD PTR SS:[LOCAL.6]
MOV DWORD PTR DS:[EAX],ECX
JMP SHORT 00409D85
MOV EDX,DWORD PTR SS:[LOCAL.4]
MOV EAX,DWORD PTR DS:[EDX+4]
MOV ECX,DWORD PTR SS:[LOCAL.6]
MOV DWORD PTR DS:[EAX+8],ECX
MOV EDX,DWORD PTR SS:[LOCAL.6]
MOV EAX,DWORD PTR SS:[LOCAL.4]
MOV ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR DS:[EDX+4],ECX
MOV EDX,DWORD PTR SS:[LOCAL.4]
ADD EDX,5C
MOV DWORD PTR SS:[LOCAL.38],EDX
MOV EAX,DWORD PTR SS:[LOCAL.6]
ADD EAX,5C
MOV DWORD PTR SS:[LOCAL.37],EAX

00409DA9 |.
00409DAF |.
00409DB5 |.
00409DB7 |.
00409DBD |.
00409DBF |.
00409DC5 |.
00409DCB |.
00409DD1 |.
00409DD3 |.
00409DD5 |.
00409DDB |.
00409DE1 |.
00409DE3 |>
00409DE6 |.
00409DEA |.
00409DED |.
00409DF3 |.
00409DF5 |>
00409DF8 |.
00409DFB |.
00409DFE |>
00409E04 |.
00409E07 |.
00409E0A |.
00409E0D |.
00409E13 |.
00409E16 |.
00409E1A |.
00409E1D |.
00409E23 |.
00409E26 |.
00409E29 |.
00409E2B |.
00409E31 |.
00409E34 |.
00409E37 |.
00409E3A |.
00409E3D |.
00409E41 |.
00409E43 |.
00409E45 |.
00409E48 |.
00409E4C |.
00409E4F |.
00409E53 |.
00409E56 |.
00409E57 |.
00409E5D |.
fo.0040A1E0
00409E62 |.
00409E65 |.
00409E68 |.
00409E6B |>
00409E6E |.
00409E72 |.
00409E74 |.
00409E76 |.
00409E79 |.
00409E7C |.^

8B8D 6CFFFFFF
3B8D 68FFFFFF
74 2C
8B95 6CFFFFFF
8A02
8885 73FFFFFF
8B8D 6CFFFFFF
8B95 68FFFFFF
8A02
8801
8B8D 68FFFFFF
8A95 73FFFFFF
8811
8B45 F0
0FBE48 5C
83F9 01
0F85 10020000
EB 09
8B55 EC
8B42 04
8945 E4
8B8D ECFEFFFF
8B51 18
8B45 EC
3B42 04
0F84 E9010000
8B4D EC
0FBE51 5C
83FA 01
0F85 D9010000
8B45 E4
8B4D EC
3B08
0F85 E9000000
8B55 E4
8B42 08
8945 E8
8B4D E8
0FBE51 5C
85D2
75 26
8B45 E8
C640 5C 01
8B4D E4
C641 5C 00
8B55 E4
52
8B8D ECFEFFFF
E8 7E030000

MOV ECX,DWORD PTR SS:[LOCAL.37]


CMP ECX,DWORD PTR SS:[LOCAL.38]
JE SHORT 00409DE3
MOV EDX,DWORD PTR SS:[LOCAL.37]
MOV AL,BYTE PTR DS:[EDX]
MOV BYTE PTR SS:[LOCAL.36+3],AL
MOV ECX,DWORD PTR SS:[LOCAL.37]
MOV EDX,DWORD PTR SS:[LOCAL.38]
MOV AL,BYTE PTR DS:[EDX]
MOV BYTE PTR DS:[ECX],AL
MOV ECX,DWORD PTR SS:[LOCAL.38]
MOV DL,BYTE PTR SS:[LOCAL.36+3]
MOV BYTE PTR DS:[ECX],DL
MOV EAX,DWORD PTR SS:[LOCAL.4]
MOVSX ECX,BYTE PTR DS:[EAX+5C]
CMP ECX,1
JNE 0040A003
JMP SHORT 00409DFE
MOV EDX,DWORD PTR SS:[EBP-14]
MOV EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[EBP-1C],EAX
MOV ECX,DWORD PTR SS:[EBP-114]
MOV EDX,DWORD PTR DS:[ECX+18]
MOV EAX,DWORD PTR SS:[EBP-14]
CMP EAX,DWORD PTR DS:[EDX+4]
JE 00409FFC
MOV ECX,DWORD PTR SS:[EBP-14]
MOVSX EDX,BYTE PTR DS:[ECX+5C]
CMP EDX,1
JNE 00409FFC
MOV EAX,DWORD PTR SS:[EBP-1C]
MOV ECX,DWORD PTR SS:[EBP-14]
CMP ECX,DWORD PTR DS:[EAX]
JNE 00409F1A
MOV EDX,DWORD PTR SS:[EBP-1C]
MOV EAX,DWORD PTR DS:[EDX+8]
MOV DWORD PTR SS:[EBP-18],EAX
MOV ECX,DWORD PTR SS:[EBP-18]
MOVSX EDX,BYTE PTR DS:[ECX+5C]
TEST EDX,EDX
JNE SHORT 00409E6B
MOV EAX,DWORD PTR SS:[EBP-18]
MOV BYTE PTR DS:[EAX+5C],1
MOV ECX,DWORD PTR SS:[EBP-1C]
MOV BYTE PTR DS:[ECX+5C],0
MOV EDX,DWORD PTR SS:[EBP-1C]
PUSH EDX
MOV ECX,DWORD PTR SS:[EBP-114]
CALL 0040A1E0

8B45 E4
8B48 08
894D E8
8B55 E8
0FBE42 5D
85C0
74 0B
8B4D E4
894D EC
E9 94000000

MOV EAX,DWORD PTR SS:[EBP-1C]


MOV ECX,DWORD PTR DS:[EAX+8]
MOV DWORD PTR SS:[EBP-18],ECX
MOV EDX,DWORD PTR SS:[EBP-18]
MOVSX EAX,BYTE PTR DS:[EDX+5D]
TEST EAX,EAX
JE SHORT 00409E81
MOV ECX,DWORD PTR SS:[EBP-1C]
MOV DWORD PTR SS:[EBP-14],ECX
JMP 00409F15

; /Arg1
; |
; \SystemIn

00409E81 |>
00409E84 |.
00409E86 |.
00409E8A |.
00409E8D |.
00409E8F |.
00409E92 |.
00409E95 |.
00409E99 |.
00409E9C |.
00409E9E |.
00409EA1 |.
00409EA5 |.
00409EA8 |.
00409EAB |.^
00409EAD |>
00409EB0 |.
00409EB3 |.
00409EB7 |.
00409EBA |.
00409EBC |.
00409EBF |.
00409EC1 |.
00409EC5 |.
00409EC8 |.
00409ECC |.
00409ECF |.
00409ED0 |.
00409ED6 |.
fo.0040A290
00409EDB |.
00409EDE |.
00409EE1 |.
00409EE4 |>
00409EE7 |.
00409EEA |.
00409EED |.
00409EF0 |.
00409EF3 |.
00409EF7 |.
00409EFA |.
00409EFD |.
00409F01 |.
00409F04 |.
00409F05 |.
00409F0B |.
fo.0040A1E0
00409F10 |.
00409F15 |>^
00409F1A |>
00409F1D |.
00409F1F |.
00409F22 |.
00409F25 |.
00409F29 |.
00409F2B |.
00409F2D |.
00409F30 |.
00409F34 |.
00409F37 |.

8B55 E8
8B02
0FBE48 5C
83F9 01
75 1E
8B55 E8
8B42 08
0FBE48 5C
83F9 01
75 0F
8B55 E8
C642 5C 00
8B45 E4
8945 EC
EB 68
8B4D E8
8B51 08
0FBE42 5C
83F8 01
75 28
8B4D E8
8B11
C642 5C 01
8B45 E8
C640 5C 00
8B4D E8
51
8B8D ECFEFFFF
E8 B5030000

MOV EDX,DWORD PTR SS:[EBP-18]


MOV EAX,DWORD PTR DS:[EDX]
MOVSX ECX,BYTE PTR DS:[EAX+5C]
CMP ECX,1
JNE SHORT 00409EAD
MOV EDX,DWORD PTR SS:[EBP-18]
MOV EAX,DWORD PTR DS:[EDX+8]
MOVSX ECX,BYTE PTR DS:[EAX+5C]
CMP ECX,1
JNE SHORT 00409EAD
MOV EDX,DWORD PTR SS:[EBP-18]
MOV BYTE PTR DS:[EDX+5C],0
MOV EAX,DWORD PTR SS:[EBP-1C]
MOV DWORD PTR SS:[EBP-14],EAX
JMP SHORT 00409F15
MOV ECX,DWORD PTR SS:[EBP-18]
MOV EDX,DWORD PTR DS:[ECX+8]
MOVSX EAX,BYTE PTR DS:[EDX+5C]
CMP EAX,1
JNE SHORT 00409EE4
MOV ECX,DWORD PTR SS:[EBP-18]
MOV EDX,DWORD PTR DS:[ECX]
MOV BYTE PTR DS:[EDX+5C],1
MOV EAX,DWORD PTR SS:[EBP-18]
MOV BYTE PTR DS:[EAX+5C],0
MOV ECX,DWORD PTR SS:[EBP-18]
PUSH ECX
MOV ECX,DWORD PTR SS:[EBP-114]
CALL 0040A290

; /Arg1
; |
; \SystemIn

8B55 E4
8B42 08
8945 E8
8B4D E8
8B55 E4
8A42 5C
8841 5C
8B4D E4
C641 5C 01
8B55 E8
8B42 08
C640 5C 01
8B4D E4
51
8B8D ECFEFFFF
E8 D0020000

MOV EDX,DWORD PTR SS:[EBP-1C]


MOV EAX,DWORD PTR DS:[EDX+8]
MOV DWORD PTR SS:[EBP-18],EAX
MOV ECX,DWORD PTR SS:[EBP-18]
MOV EDX,DWORD PTR SS:[EBP-1C]
MOV AL,BYTE PTR DS:[EDX+5C]
MOV BYTE PTR DS:[ECX+5C],AL
MOV ECX,DWORD PTR SS:[EBP-1C]
MOV BYTE PTR DS:[ECX+5C],1
MOV EDX,DWORD PTR SS:[EBP-18]
MOV EAX,DWORD PTR DS:[EDX+8]
MOV BYTE PTR DS:[EAX+5C],1
MOV ECX,DWORD PTR SS:[EBP-1C]
PUSH ECX
MOV ECX,DWORD PTR SS:[EBP-114]
CALL 0040A1E0

; /Arg1
; |
; \SystemIn

E9 E7000000
E9 DD000000
8B55 E4
8B02
8945 E8
8B4D E8
0FBE51 5C
85D2
75 25
8B45 E8
C640 5C 01
8B4D E4
C641 5C 00

JMP 00409FFC
JMP 00409FF7
MOV EDX,DWORD PTR SS:[EBP-1C]
MOV EAX,DWORD PTR DS:[EDX]
MOV DWORD PTR SS:[EBP-18],EAX
MOV ECX,DWORD PTR SS:[EBP-18]
MOVSX EDX,BYTE PTR DS:[ECX+5C]
TEST EDX,EDX
JNE SHORT 00409F52
MOV EAX,DWORD PTR SS:[EBP-18]
MOV BYTE PTR DS:[EAX+5C],1
MOV ECX,DWORD PTR SS:[EBP-1C]
MOV BYTE PTR DS:[ECX+5C],0

00409F3B |.
00409F3E |.
00409F3F |.
00409F45 |.
fo.0040A290
00409F4A |.
00409F4D |.
00409F4F |.
00409F52 |>
00409F55 |.
00409F59 |.
00409F5B |.
00409F5D |.
00409F60 |.
00409F63 |.^
00409F68 |>
00409F6B |.
00409F6E |.
00409F72 |.
00409F75 |.
00409F77 |.
00409F7A |.
00409F7C |.
00409F80 |.
00409F83 |.
00409F85 |.
00409F88 |.
00409F8C |.
00409F8F |.
00409F92 |.^
00409F94 |>
00409F97 |.
00409F99 |.
00409F9D |.
00409FA0 |.
00409FA2 |.
00409FA5 |.
00409FA8 |.
00409FAC |.
00409FAF |.
00409FB3 |.
00409FB6 |.
00409FB7 |.
00409FBD |.
fo.0040A1E0
00409FC2 |.
00409FC5 |.
00409FC7 |.
00409FCA |>
00409FCD |.
00409FD0 |.
00409FD3 |.
00409FD6 |.
00409FD9 |.
00409FDD |.
00409FE0 |.
00409FE2 |.
00409FE6 |.
00409FE9 |.
00409FEA |.

8B55 E4
52
8B8D ECFEFFFF
E8 46030000

MOV EDX,DWORD PTR SS:[EBP-1C]


PUSH EDX
MOV ECX,DWORD PTR SS:[EBP-114]
CALL 0040A290

; /Arg1
; |
; \SystemIn

8B45 E4
8B08
894D E8
8B55 E8
0FBE42 5D
85C0
74 0B
8B4D E4
894D EC
E9 8F000000
8B55 E8
8B42 08
0FBE48 5C
83F9 01
75 1D
8B55 E8
8B02
0FBE48 5C
83F9 01
75 0F
8B55 E8
C642 5C 00
8B45 E4
8945 EC
EB 63
8B4D E8
8B11
0FBE42 5C
83F8 01
75 28
8B4D E8
8B51 08
C642 5C 01
8B45 E8
C640 5C 00
8B4D E8
51
8B8D ECFEFFFF
E8 1E020000

MOV EAX,DWORD PTR SS:[EBP-1C]


MOV ECX,DWORD PTR DS:[EAX]
MOV DWORD PTR SS:[EBP-18],ECX
MOV EDX,DWORD PTR SS:[EBP-18]
MOVSX EAX,BYTE PTR DS:[EDX+5D]
TEST EAX,EAX
JE SHORT 00409F68
MOV ECX,DWORD PTR SS:[EBP-1C]
MOV DWORD PTR SS:[EBP-14],ECX
JMP 00409FF7
MOV EDX,DWORD PTR SS:[EBP-18]
MOV EAX,DWORD PTR DS:[EDX+8]
MOVSX ECX,BYTE PTR DS:[EAX+5C]
CMP ECX,1
JNE SHORT 00409F94
MOV EDX,DWORD PTR SS:[EBP-18]
MOV EAX,DWORD PTR DS:[EDX]
MOVSX ECX,BYTE PTR DS:[EAX+5C]
CMP ECX,1
JNE SHORT 00409F94
MOV EDX,DWORD PTR SS:[EBP-18]
MOV BYTE PTR DS:[EDX+5C],0
MOV EAX,DWORD PTR SS:[EBP-1C]
MOV DWORD PTR SS:[EBP-14],EAX
JMP SHORT 00409FF7
MOV ECX,DWORD PTR SS:[EBP-18]
MOV EDX,DWORD PTR DS:[ECX]
MOVSX EAX,BYTE PTR DS:[EDX+5C]
CMP EAX,1
JNE SHORT 00409FCA
MOV ECX,DWORD PTR SS:[EBP-18]
MOV EDX,DWORD PTR DS:[ECX+8]
MOV BYTE PTR DS:[EDX+5C],1
MOV EAX,DWORD PTR SS:[EBP-18]
MOV BYTE PTR DS:[EAX+5C],0
MOV ECX,DWORD PTR SS:[EBP-18]
PUSH ECX
MOV ECX,DWORD PTR SS:[EBP-114]
CALL 0040A1E0

; /Arg1
; |
; \SystemIn

8B55
8B02
8945
8B4D
8B55
8A42
8841
8B4D
C641
8B55
8B02
C640
8B4D
51
8B8D

E4

MOV EDX,DWORD PTR SS:[EBP-1C]


MOV EAX,DWORD PTR DS:[EDX]
E8
MOV DWORD PTR SS:[EBP-18],EAX
E8
MOV ECX,DWORD PTR SS:[EBP-18]
E4
MOV EDX,DWORD PTR SS:[EBP-1C]
5C
MOV AL,BYTE PTR DS:[EDX+5C]
5C
MOV BYTE PTR DS:[ECX+5C],AL
E4
MOV ECX,DWORD PTR SS:[EBP-1C]
5C 01
MOV BYTE PTR DS:[ECX+5C],1
E8
MOV EDX,DWORD PTR SS:[EBP-18]
MOV EAX,DWORD PTR DS:[EDX]
5C 01
MOV BYTE PTR DS:[EAX+5C],1
E4
MOV ECX,DWORD PTR SS:[EBP-1C]
PUSH ECX
ECFEFFFF MOV ECX,DWORD PTR SS:[EBP-114]

; /Arg1
; |

00409FF0 |.
fo.0040A290
00409FF5 |.
00409FF7 |>^
00409FFC |>
00409FFF |.
0040A003 |>
0040A006 |.
0040A009 |.
fo.00406DB0
0040A00E |.
0040A010 |.
0040A013 |.
0040A015 |.
0040A018 |.
0040A019 |.
0040A01E |.
0040A021 |>
0040A024 |.
0040A025 |.
0040A02A |.
0040A02D |.
0040A033 |.
0040A037 |.
0040A039 |.
0040A03F |.
0040A042 |.
0040A045 |.
0040A04B |.
0040A04E |>
0040A051 |.
0040A057 |.
0040A05A |.
0040A060 |.
0040A06A |.
0040A070 |.
0040A076 |.
0040A07D |.
0040A07F |.
0040A084 |>
0040A086 |.^
0040A088 |.
0040A08E |.
0040A090 |.
0040A096 |.
0040A09C |.
0040A0A2 |.
0040A0A5 |.
0040A0A7 |.
0040A0AA |.
0040A0AD |.
0040A0B0 |.
0040A0B7 |.
0040A0B8 |.
0040A0BA |.
0040A0BB \.
0040A0BE
0040A0BF
0040A0C0 /.
0040A0C1 |.

E8 9B020000

CALL 0040A290

; \SystemIn

EB 05
E9 F9FDFFFF
8B55 EC
C642 5C 01
8B4D F0
83C1 0C
E8 A2CDFFFF

JMP SHORT 00409FFC


JMP 00409DF5
MOV EDX,DWORD PTR SS:[EBP-14]
MOV BYTE PTR DS:[EDX+5C],1
MOV ECX,DWORD PTR SS:[EBP-10]
ADD ECX,0C
CALL 00406DB0

; [SystemIn

33C0
83E0 01
74 0C
8B4D F0
51
E8 FC480200
83C4 04
8B55 F0
52
E8 F0480200
83C4 04
8B85 ECFEFFFF
8378 1C 00
76 15
8B8D ECFEFFFF
8B51 1C
83EA 01
8B85 ECFEFFFF
8950 1C
8B4D 0C
898D F0FEFFFF
8B55 10
8995 F4FEFFFF
C785 F8FEFFFF
8B85 F4FEFFFF
8985 FCFEFFFF
83BD ECFEFFFF
75 05
E8 04480200
33C9
75 FC
8B95 ECFEFFFF
8B02
8985 F8FEFFFF
8B8D F8FEFFFF
8B95 FCFEFFFF
8B45 08
8908
8950 04
8B45 08
8B4D F4
64:890D 00000
59
8BE5
5D
C2 0C00
CC
CC
55
8BEC

XOR EAX,EAX
AND EAX,00000001
JE SHORT 0040A021
MOV ECX,DWORD PTR SS:[EBP-10]
PUSH ECX
CALL 0042E91A
ADD ESP,4
MOV EDX,DWORD PTR SS:[EBP-10]
PUSH EDX
CALL 0042E91A
ADD ESP,4
MOV EAX,DWORD PTR SS:[EBP-114]
CMP DWORD PTR DS:[EAX+1C],0
JBE SHORT 0040A04E
MOV ECX,DWORD PTR SS:[EBP-114]
MOV EDX,DWORD PTR DS:[ECX+1C]
SUB EDX,1
MOV EAX,DWORD PTR SS:[EBP-114]
MOV DWORD PTR DS:[EAX+1C],EDX
MOV ECX,DWORD PTR SS:[EBP+0C]
MOV DWORD PTR SS:[EBP-110],ECX
MOV EDX,DWORD PTR SS:[EBP+10]
MOV DWORD PTR SS:[EBP-10C],EDX
MOV DWORD PTR SS:[EBP-108],0
MOV EAX,DWORD PTR SS:[EBP-10C]
MOV DWORD PTR SS:[EBP-104],EAX
CMP DWORD PTR SS:[EBP-114],0
JNE SHORT 0040A084
CALL 0042E888
/XOR ECX,ECX
\JNE SHORT 0040A084
MOV EDX,DWORD PTR SS:[EBP-114]
MOV EAX,DWORD PTR DS:[EDX]
MOV DWORD PTR SS:[EBP-108],EAX
MOV ECX,DWORD PTR SS:[EBP-108]
MOV EDX,DWORD PTR SS:[EBP-104]
MOV EAX,DWORD PTR SS:[EBP+8]
MOV DWORD PTR DS:[EAX],ECX
MOV DWORD PTR DS:[EAX+4],EDX
MOV EAX,DWORD PTR SS:[EBP+8]
MOV ECX,DWORD PTR SS:[EBP-0C]
MOV DWORD PTR FS:[0],ECX
POP ECX
MOV ESP,EBP
POP EBP
RETN 0C
INT3
INT3
PUSH EBP
MOV EBP,ESP

0040A0C3 |.
0040A0C6 |.
0040A0C9 |.
0040A0CC |.
0040A0D2 |.
0040A0D5 |.
0040A0DB |.
0040A0DD |.
0040A0DF |.
0040A0E2 |.
0040A0E5 |.
fo.0040FB60
0040A0EA |.
0040A0ED |.
fo.0042EB63
0040A0F2 |.
0040A0F4 |.
0040A0F5 \.
0040A0F6
0040A0F7
0040A0F8
0040A0F9
0040A0FA
0040A0FB
0040A0FC
0040A0FD
0040A0FE
0040A0FF
0040A100 /.
0040A101 |.
0040A103 |.
0040A106 |.
0040A109 |.
0040A10C |.
0040A112 |.
0040A115 |.
0040A11B |.
0040A11D |.
0040A11F |.
0040A122 |.
0040A125 |.
fo.0040FB60
0040A12A |.
0040A12D |.
fo.0042EB63
0040A132 |.
0040A135 |.
0040A138 |.
0040A13A |.
0040A13D |.
0040A13E |.
0040A143 |.
0040A146 |>
0040A149 |.
0040A14B |.
0040A14C \.
0040A14F
0040A150 /.
0040A151 |.
0040A153 |.

83EC 18
894D E8
8B45 E8
C700 54884400
8B4D E8
C701 34884400
6A 00
6A 01
8B4D E8
83C1 0C
E8 765A0000

SUB ESP,18
MOV DWORD PTR
MOV EAX,DWORD
MOV DWORD PTR
MOV ECX,DWORD
MOV DWORD PTR
PUSH 0
PUSH 1
MOV ECX,DWORD
ADD ECX,0C
CALL 0040FB60

8B4D E8
E8 714A0200

MOV ECX,DWORD PTR SS:[LOCAL.6]


CALL 0042EB63

; [SystemIn

8BE5
5D
C3
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
55
8BEC
83EC 18
894D E8
8B45 E8
C700 54884400
8B4D E8
C701 34884400
6A 00
6A 01
8B4D E8
83C1 0C
E8 365A0000

MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
SUB ESP,18
MOV DWORD PTR
MOV EAX,DWORD
MOV DWORD PTR
MOV ECX,DWORD
MOV DWORD PTR
PUSH 0
PUSH 1
MOV ECX,DWORD
ADD ECX,0C
CALL 0040FB60

;
;
;
;
;

8B4D E8
E8 314A0200

MOV ECX,DWORD PTR SS:[LOCAL.6]


CALL 0042EB63

8B55 08
83E2 01
74 0C
8B45 E8
50
E8 D7470200
83C4 04
8B45 E8
8BE5
5D
C2 0400
CC
55
8BEC
83EC 64

MOV EDX,DWORD PTR SS:[ARG.1]


AND EDX,00000001
JE SHORT 0040A146
MOV EAX,DWORD PTR SS:[LOCAL.6]
PUSH EAX
CALL 0042E91A
ADD ESP,4
MOV EAX,DWORD PTR SS:[LOCAL.6]
MOV ESP,EBP
POP EBP
RETN 4
INT3
PUSH EBP
MOV EBP,ESP
SUB ESP,64

SS:[LOCAL.6],ECX
PTR SS:[LOCAL.6]
DS:[EAX],OFFSET 00448854
PTR SS:[LOCAL.6]
DS:[ECX],OFFSET 00448834
PTR SS:[LOCAL.6]

;
;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
|
\SystemIn

SS:[LOCAL.6],ECX
PTR SS:[LOCAL.6]
DS:[EAX],OFFSET 00448854
PTR SS:[LOCAL.6]
DS:[ECX],OFFSET 00448834
PTR SS:[LOCAL.6]

/Arg2 = 0
|Arg1 = 1
|
|
\SystemIn

; [SystemIn

0040A156 |.
0040A159 |.
0040A15C |.
[ARG.1]
0040A15D |.
0040A160 |.
fo.00408CF0
0040A165 |.
0040A168 |.
0040A16E |.
0040A171 |.
0040A173 |.
0040A174 \.
0040A177
0040A178
0040A179
0040A17A
0040A17B
0040A17C
0040A17D
0040A17E
0040A17F
0040A180 /$
0040A181 |.
0040A183 |.
0040A186 |.
0040A189 |.
0040A18C |.
0040A18F |.
0040A192 |.
0040A193 |.
0040A196 |.
fo.0040A780
0040A19B |.
0040A19E |.
0040A1A1 |.
0040A1A4 |.
0040A1A7 |.
0040A1AA |.
0040A1AD |.
0040A1B4 |.
0040A1B7 |.
0040A1BA |.
0040A1BD |.
0040A1C0 |.
0040A1C3 |.
0040A1C6 |.
0040A1C8 |.
0040A1CB |.
0040A1CE |.
0040A1D1 |.
0040A1D4 |.
0040A1D7 |.
0040A1D9 |.
0040A1DA \.
0040A1DB
0040A1DC
0040A1DD
0040A1DE
0040A1DF

894D 9C
8B45 08
50

MOV DWORD PTR SS:[LOCAL.25],ECX


MOV EAX,DWORD PTR SS:[ARG.1]
PUSH EAX

; /Arg1 =>

8B4D 9C
E8 8BEBFFFF

MOV ECX,DWORD PTR SS:[LOCAL.25]


CALL 00408CF0

; |
; \SystemIn

8B4D 9C
C701 54884400
8B45 9C
8BE5
5D
C2 0400
CC
CC
CC
CC
CC
CC
CC
CC
CC
55
8BEC
83EC 10
894D F0
8B45 F0
8B48 18
8B51 04
52
8B4D F0
E8 E5050000

MOV ECX,DWORD
MOV DWORD PTR
MOV EAX,DWORD
MOV ESP,EBP
POP EBP
RETN 4
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
SUB ESP,10
MOV DWORD PTR
MOV EAX,DWORD
MOV ECX,DWORD
MOV EDX,DWORD
PUSH EDX
MOV ECX,DWORD
CALL 0040A780

; /Arg1
; |
; \SystemIn

8B45
8B48
8B55
8B42
8941
8B4D
C741
8B55
8B42
8945
8B4D
8B55
8B42
8901
8B4D
8B51
8B45
8B48
894A
8BE5
5D
C3
CC
CC
CC
CC
CC

PTR SS:[LOCAL.25]
DS:[ECX],OFFSET 00448854
PTR SS:[LOCAL.25]

SS:[LOCAL.4],ECX
PTR SS:[LOCAL.4]
PTR DS:[EAX+18]
PTR DS:[ECX+4]
PTR SS:[LOCAL.4]

F0
MOV EAX,DWORD PTR SS:[LOCAL.4]
18
MOV ECX,DWORD PTR DS:[EAX+18]
F0
MOV EDX,DWORD PTR SS:[LOCAL.4]
18
MOV EAX,DWORD PTR DS:[EDX+18]
04
MOV DWORD PTR DS:[ECX+4],EAX
F0
MOV ECX,DWORD PTR SS:[LOCAL.4]
1C 00000 MOV DWORD PTR DS:[ECX+1C],0
F0
MOV EDX,DWORD PTR SS:[LOCAL.4]
18
MOV EAX,DWORD PTR DS:[EDX+18]
F4
MOV DWORD PTR SS:[LOCAL.3],EAX
F4
MOV ECX,DWORD PTR SS:[LOCAL.3]
F0
MOV EDX,DWORD PTR SS:[LOCAL.4]
18
MOV EAX,DWORD PTR DS:[EDX+18]
MOV DWORD PTR DS:[ECX],EAX
F0
MOV ECX,DWORD PTR SS:[LOCAL.4]
18
MOV EDX,DWORD PTR DS:[ECX+18]
F0
MOV EAX,DWORD PTR SS:[LOCAL.4]
18
MOV ECX,DWORD PTR DS:[EAX+18]
08
MOV DWORD PTR DS:[EDX+8],ECX
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
INT3
INT3

0040A1E0 /$ 55
o.0040A1E0(guessed Arg1)
0040A1E1 |. 8BEC
0040A1E3 |. 83EC 10
0040A1E6 |. 894D F0
0040A1E9 |. 8B45 08
0040A1EC |. 8B48 08
0040A1EF |. 894D FC
0040A1F2 |. 8B55 08
0040A1F5 |. 8B45 FC
0040A1F8 |. 8B08
0040A1FA |. 894A 08
0040A1FD |. 8B55 FC
0040A200 |. 8B02
0040A202 |. 0FBE48 5D
0040A206 |. 85C9
0040A208 |. 75 0B
0040A20A |. 8B55 FC
0040A20D |. 8B02
0040A20F |. 8B4D 08
0040A212 |. 8948 04
0040A215 |> 8B55 FC
0040A218 |. 8B45 08
0040A21B |. 8B48 04
0040A21E |. 894A 04
0040A221 |. 8B55 F0
0040A224 |. 8B42 18
0040A227 |. 8B4D 08
0040A22A |. 3B48 04
0040A22D |. 75 0E
0040A22F |. 8B55 F0
0040A232 |. 8B42 18
0040A235 |. 8B4D FC
0040A238 |. 8948 04
0040A23B |. EB 32
0040A23D |> 8B55 08
0040A240 |. 8B42 04
0040A243 |. 8945 F8
0040A246 |. 8B4D F8
0040A249 |. 8B55 08
0040A24C |. 3B11
0040A24E |. 75 13
0040A250 |. 8B45 08
0040A253 |. 8B48 04
0040A256 |. 894D F4
0040A259 |. 8B55 F4
0040A25C |. 8B45 FC
0040A25F |. 8902
0040A261 |. EB 0C
0040A263 |> 8B4D 08
0040A266 |. 8B51 04
0040A269 |. 8B45 FC
0040A26C |. 8942 08
0040A26F |> 8B4D FC
0040A272 |. 8B55 08
0040A275 |. 8911
0040A277 |. 8B45 08
0040A27A |. 8B4D FC
0040A27D |. 8948 04
0040A280 |. 8BE5

PUSH EBP
MOV EBP,ESP
SUB ESP,10
MOV DWORD PTR SS:[LOCAL.4],ECX
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ECX,DWORD PTR DS:[EAX+8]
MOV DWORD PTR SS:[LOCAL.1],ECX
MOV EDX,DWORD PTR SS:[ARG.1]
MOV EAX,DWORD PTR SS:[LOCAL.1]
MOV ECX,DWORD PTR DS:[EAX]
MOV DWORD PTR DS:[EDX+8],ECX
MOV EDX,DWORD PTR SS:[LOCAL.1]
MOV EAX,DWORD PTR DS:[EDX]
MOVSX ECX,BYTE PTR DS:[EAX+5D]
TEST ECX,ECX
JNE SHORT 0040A215
MOV EDX,DWORD PTR SS:[LOCAL.1]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR DS:[EAX+4],ECX
MOV EDX,DWORD PTR SS:[LOCAL.1]
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR DS:[EDX+4],ECX
MOV EDX,DWORD PTR SS:[LOCAL.4]
MOV EAX,DWORD PTR DS:[EDX+18]
MOV ECX,DWORD PTR SS:[ARG.1]
CMP ECX,DWORD PTR DS:[EAX+4]
JNE SHORT 0040A23D
MOV EDX,DWORD PTR SS:[LOCAL.4]
MOV EAX,DWORD PTR DS:[EDX+18]
MOV ECX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR DS:[EAX+4],ECX
JMP SHORT 0040A26F
MOV EDX,DWORD PTR SS:[ARG.1]
MOV EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.2],EAX
MOV ECX,DWORD PTR SS:[LOCAL.2]
MOV EDX,DWORD PTR SS:[ARG.1]
CMP EDX,DWORD PTR DS:[ECX]
JNE SHORT 0040A263
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.3],ECX
MOV EDX,DWORD PTR SS:[LOCAL.3]
MOV EAX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR DS:[EDX],EAX
JMP SHORT 0040A26F
MOV ECX,DWORD PTR SS:[ARG.1]
MOV EDX,DWORD PTR DS:[ECX+4]
MOV EAX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR DS:[EDX+8],EAX
MOV ECX,DWORD PTR SS:[LOCAL.1]
MOV EDX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR DS:[ECX],EDX
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ECX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR DS:[EAX+4],ECX
MOV ESP,EBP

; SystemInf

0040A282 |. 5D
0040A283 \. C2 0400
0040A286
CC
0040A287
CC
0040A288
CC
0040A289
CC
0040A28A
CC
0040A28B
CC
0040A28C
CC
0040A28D
CC
0040A28E
CC
0040A28F
CC
0040A290 /$ 55
o.0040A290(guessed Arg1)
0040A291 |. 8BEC
0040A293 |. 83EC 0C
0040A296 |. 894D F4
0040A299 |. 8B45 08
0040A29C |. 8B08
0040A29E |. 894D FC
0040A2A1 |. 8B55 08
0040A2A4 |. 8B45 FC
0040A2A7 |. 8B48 08
0040A2AA |. 890A
0040A2AC |. 8B55 FC
0040A2AF |. 8B42 08
0040A2B2 |. 0FBE48 5D
0040A2B6 |. 85C9
0040A2B8 |. 75 0C
0040A2BA |. 8B55 FC
0040A2BD |. 8B42 08
0040A2C0 |. 8B4D 08
0040A2C3 |. 8948 04
0040A2C6 |> 8B55 FC
0040A2C9 |. 8B45 08
0040A2CC |. 8B48 04
0040A2CF |. 894A 04
0040A2D2 |. 8B55 F4
0040A2D5 |. 8B42 18
0040A2D8 |. 8B4D 08
0040A2DB |. 3B48 04
0040A2DE |. 75 0E
0040A2E0 |. 8B55 F4
0040A2E3 |. 8B42 18
0040A2E6 |. 8B4D FC
0040A2E9 |. 8948 04
0040A2EC |. EB 2D
0040A2EE |> 8B55 08
0040A2F1 |. 8B42 04
0040A2F4 |. 8B4D 08
0040A2F7 |. 3B48 08
0040A2FA |. 75 0E
0040A2FC |. 8B55 08
0040A2FF |. 8B42 04
0040A302 |. 8B4D FC
0040A305 |. 8948 08
0040A308 |. EB 11
0040A30A |> 8B55 08
0040A30D |. 8B42 04
0040A310 |. 8945 F8

POP EBP
RETN 4
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
SUB ESP,0C
MOV DWORD PTR SS:[LOCAL.3],ECX
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ECX,DWORD PTR DS:[EAX]
MOV DWORD PTR SS:[LOCAL.1],ECX
MOV EDX,DWORD PTR SS:[ARG.1]
MOV EAX,DWORD PTR SS:[LOCAL.1]
MOV ECX,DWORD PTR DS:[EAX+8]
MOV DWORD PTR DS:[EDX],ECX
MOV EDX,DWORD PTR SS:[LOCAL.1]
MOV EAX,DWORD PTR DS:[EDX+8]
MOVSX ECX,BYTE PTR DS:[EAX+5D]
TEST ECX,ECX
JNE SHORT 0040A2C6
MOV EDX,DWORD PTR SS:[LOCAL.1]
MOV EAX,DWORD PTR DS:[EDX+8]
MOV ECX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR DS:[EAX+4],ECX
MOV EDX,DWORD PTR SS:[LOCAL.1]
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR DS:[EDX+4],ECX
MOV EDX,DWORD PTR SS:[LOCAL.3]
MOV EAX,DWORD PTR DS:[EDX+18]
MOV ECX,DWORD PTR SS:[ARG.1]
CMP ECX,DWORD PTR DS:[EAX+4]
JNE SHORT 0040A2EE
MOV EDX,DWORD PTR SS:[LOCAL.3]
MOV EAX,DWORD PTR DS:[EDX+18]
MOV ECX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR DS:[EAX+4],ECX
JMP SHORT 0040A31B
MOV EDX,DWORD PTR SS:[ARG.1]
MOV EAX,DWORD PTR DS:[EDX+4]
MOV ECX,DWORD PTR SS:[ARG.1]
CMP ECX,DWORD PTR DS:[EAX+8]
JNE SHORT 0040A30A
MOV EDX,DWORD PTR SS:[ARG.1]
MOV EAX,DWORD PTR DS:[EDX+4]
MOV ECX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR DS:[EAX+8],ECX
JMP SHORT 0040A31B
MOV EDX,DWORD PTR SS:[ARG.1]
MOV EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.2],EAX

; SystemInf

0040A313 |.
0040A316 |.
0040A319 |.
0040A31B |>
0040A31E |.
0040A321 |.
0040A324 |.
0040A327 |.
0040A32A |.
0040A32D |.
0040A32F |.
0040A330 \.
0040A333
0040A334
0040A335
0040A336
0040A337
0040A338
0040A339
0040A33A
0040A33B
0040A33C
0040A33D
0040A33E
0040A33F
0040A340 /$
0040A341 |.
0040A343 |.
0040A345 |.
0040A34A |.
0040A350 |.
0040A351 |.
0040A352 |.
0040A355 |.
0040A356 |.
0040A357 |.
0040A358 |.
0040A35D |.
0040A35F |.
0040A360 |.
0040A363 |.
0040A369 |.
0040A36C |.
0040A36F |.
0040A371 |.
0040A374 |.
0040A377 |.
fo.0040A7F0
0040A37C |.
0040A37F |.
0040A386 |.
0040A38D |.
0040A394 |.
0040A397 |.
0040A39A |.
0040A39D |.
0040A3A0 |.
0040A3A4 |.
0040A3A6 |.
0040A3A9 |.

8B4D F8
8B55 FC
8911
8B45 FC
8B4D 08
8948 08
8B55 08
8B45 FC
8942 04
8BE5
5D
C2 0400
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
55
8BEC
6A FF
68 10554400
64:A1 0000000
50
51
83EC 50
53
56
57
A1 A0154500
33C5
50
8D45 F4
64:A3 0000000
8965 F0
894D AC
6A 01
8B4D AC
83C1 0C
E8 74040000
8945 E8
C745 EC
C745 FC
C745 E4
8B45 E8
8945 C4
8B4D C4
894D C0
837D C0
74 10
8B55 C0
8B45 E4

MOV ECX,DWORD PTR SS:[LOCAL.2]


MOV EDX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR DS:[ECX],EDX
MOV EAX,DWORD PTR SS:[LOCAL.1]
MOV ECX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR DS:[EAX+8],ECX
MOV EDX,DWORD PTR SS:[ARG.1]
MOV EAX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR DS:[EDX+4],EAX
MOV ESP,EBP
POP EBP
RETN 4
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
PUSH -1
PUSH 00445510
MOV EAX,DWORD PTR FS:[0]
PUSH EAX
PUSH ECX
SUB ESP,50
PUSH EBX
PUSH ESI
PUSH EDI
MOV EAX,DWORD PTR DS:[4515A0]
XOR EAX,EBP
PUSH EAX
LEA EAX,[LOCAL.3]
MOV DWORD PTR FS:[0],EAX
MOV DWORD PTR SS:[LOCAL.4],ESP
MOV DWORD PTR SS:[LOCAL.21],ECX
PUSH 1
MOV ECX,DWORD PTR SS:[LOCAL.21]
ADD ECX,0C
CALL 0040A7F0

MOV DWORD PTR SS:[LOCAL.6],EAX


00000 MOV DWORD PTR SS:[LOCAL.5],0
00000 MOV DWORD PTR SS:[LOCAL.1],0
00000 MOV DWORD PTR SS:[LOCAL.7],0
MOV EAX,DWORD PTR SS:[LOCAL.6]
MOV DWORD PTR SS:[LOCAL.15],EAX
MOV ECX,DWORD PTR SS:[LOCAL.15]
MOV DWORD PTR SS:[LOCAL.16],ECX
00
CMP DWORD PTR SS:[LOCAL.16],0
JE SHORT 0040A3B6
MOV EDX,DWORD PTR SS:[LOCAL.16]
MOV EAX,DWORD PTR SS:[LOCAL.7]

;
;
;
;

/Arg1 = 1
|
|
\SystemIn

0040A3AC |.
0040A3AE |.
0040A3B1 |.
0040A3B4 |.
0040A3B6 |>
0040A3BD |>
0040A3C0 |.
0040A3C3 |.
0040A3C6 |.
0040A3CD |.
0040A3D0 |.
0040A3D3 |.
0040A3D6 |.
0040A3D9 |.
0040A3DC |.
0040A3E0 |.
0040A3E2 |.
0040A3E5 |.
0040A3E8 |.
0040A3EA |.
0040A3ED |.
0040A3F0 |.
0040A3F2 |>
0040A3F9 |>
0040A3FC |.
0040A3FF |.
0040A402 |.
0040A409 |.
0040A40C |.
0040A40F |.
0040A412 |.
0040A415 |.
0040A418 |.
0040A41C |.
0040A41E |.
0040A421 |.
0040A424 |.
0040A426 |.
0040A429 |.
0040A42C |.
0040A42E |>
0040A435 \>
0040A437 /.
0040A43A |.
0040A43B |.
0040A440 |.
0040A443 |.
0040A445 |.
0040A447 |.
fo.0042E925
0040A44C |.
0040A453 |.
0040A458 \.
0040A459 />
0040A460 |.
0040A463 |.
0040A467 |.
0040A46A |.
0040A46E |.
0040A471 |.

8902
8B4D C0
894D A8
EB 07
C745 A8 00000
8B55 EC
83C2 01
8955 EC
C745 E0 00000
8B45 E8
83C0 04
8945 BC
8B4D BC
894D B8
837D B8 00
74 10
8B55 B8
8B45 E0
8902
8B4D B8
894D A4
EB 07
C745 A4 00000
8B55 EC
83C2 01
8955 EC
C745 DC 00000
8B45 E8
83C0 08
8945 B4
8B4D B4
894D B0
837D B0 00
74 10
8B55 B0
8B45 DC
8902
8B4D B0
894D A0
EB 07
C745 A0 00000
EB 22
8B55 E8
52
E8 DA440200
83C4 04
6A 00
6A 00
E8 D9440200

MOV DWORD PTR DS:[EDX],EAX


MOV ECX,DWORD PTR SS:[LOCAL.16]
MOV DWORD PTR SS:[LOCAL.22],ECX
JMP SHORT 0040A3BD
MOV DWORD PTR SS:[LOCAL.22],0
MOV EDX,DWORD PTR SS:[LOCAL.5]
ADD EDX,1
MOV DWORD PTR SS:[LOCAL.5],EDX
MOV DWORD PTR SS:[LOCAL.8],0
MOV EAX,DWORD PTR SS:[LOCAL.6]
ADD EAX,4
MOV DWORD PTR SS:[LOCAL.17],EAX
MOV ECX,DWORD PTR SS:[LOCAL.17]
MOV DWORD PTR SS:[LOCAL.18],ECX
CMP DWORD PTR SS:[LOCAL.18],0
JE SHORT 0040A3F2
MOV EDX,DWORD PTR SS:[LOCAL.18]
MOV EAX,DWORD PTR SS:[LOCAL.8]
MOV DWORD PTR DS:[EDX],EAX
MOV ECX,DWORD PTR SS:[LOCAL.18]
MOV DWORD PTR SS:[LOCAL.23],ECX
JMP SHORT 0040A3F9
MOV DWORD PTR SS:[LOCAL.23],0
MOV EDX,DWORD PTR SS:[LOCAL.5]
ADD EDX,1
MOV DWORD PTR SS:[LOCAL.5],EDX
MOV DWORD PTR SS:[LOCAL.9],0
MOV EAX,DWORD PTR SS:[LOCAL.6]
ADD EAX,8
MOV DWORD PTR SS:[LOCAL.19],EAX
MOV ECX,DWORD PTR SS:[LOCAL.19]
MOV DWORD PTR SS:[LOCAL.20],ECX
CMP DWORD PTR SS:[LOCAL.20],0
JE SHORT 0040A42E
MOV EDX,DWORD PTR SS:[LOCAL.20]
MOV EAX,DWORD PTR SS:[LOCAL.9]
MOV DWORD PTR DS:[EDX],EAX
MOV ECX,DWORD PTR SS:[LOCAL.20]
MOV DWORD PTR SS:[LOCAL.24],ECX
JMP SHORT 0040A435
MOV DWORD PTR SS:[LOCAL.24],0
JMP SHORT 0040A459
MOV EDX,DWORD PTR SS:[EBP-18]
PUSH EDX
CALL 0042E91A
ADD ESP,4
PUSH 0
PUSH 0
CALL 0042E925

C745 FC FFFFF
B8 60A44000
C3
C745 FC FFFFF
8B45 E8
C640 5C 01
8B4D E8
C641 5D 00
8B45 E8
8B4D F4

MOV DWORD PTR SS:[EBP-4],-1


MOV EAX,0040A460
RETN
MOV DWORD PTR SS:[LOCAL.1],-1
MOV EAX,DWORD PTR SS:[LOCAL.6]
MOV BYTE PTR DS:[EAX+5C],1
MOV ECX,DWORD PTR SS:[LOCAL.6]
MOV BYTE PTR DS:[ECX+5D],0
MOV EAX,DWORD PTR SS:[LOCAL.6]
MOV ECX,DWORD PTR SS:[LOCAL.3]

; /Arg2 = 0
; |Arg1 = 0
; \SystemIn

0040A474 |. 64:890D 00000 MOV DWORD PTR FS:[0],ECX


0040A47B |. 59
POP ECX
0040A47C |. 5F
POP EDI
0040A47D |. 5E
POP ESI
0040A47E |. 5B
POP EBX
0040A47F |. 8BE5
MOV ESP,EBP
0040A481 |. 5D
POP EBP
0040A482 \. C3
RETN
0040A483
CC
INT3
0040A484
CC
INT3
0040A485
CC
INT3
0040A486
CC
INT3
0040A487
CC
INT3
0040A488
CC
INT3
0040A489
CC
INT3
0040A48A
CC
INT3
0040A48B
CC
INT3
0040A48C
CC
INT3
0040A48D
CC
INT3
0040A48E
CC
INT3
0040A48F
CC
INT3
0040A490 /$ 55
PUSH EBP
o.0040A490(guessed Arg1,Arg2,Arg3,Arg4,Arg5)
0040A491 |. 8BEC
MOV EBP,ESP
0040A493 |. 6A FF
PUSH -1
0040A495 |. 68 49554400 PUSH 00445549
0040A49A |. 64:A1 0000000 MOV EAX,DWORD PTR FS:[0]
0040A4A0 |. 50
PUSH EAX
0040A4A1 |. 51
PUSH ECX
0040A4A2 |. 83EC 38
SUB ESP,38
0040A4A5 |. 53
PUSH EBX
0040A4A6 |. 56
PUSH ESI
0040A4A7 |. 57
PUSH EDI
0040A4A8 |. A1 A0154500 MOV EAX,DWORD PTR DS:[4515A0]
0040A4AD |. 33C5
XOR EAX,EBP
0040A4AF |. 50
PUSH EAX
0040A4B0 |. 8D45 F4
LEA EAX,[LOCAL.3]
0040A4B3 |. 64:A3 0000000 MOV DWORD PTR FS:[0],EAX
0040A4B9 |. 8965 F0
MOV DWORD PTR SS:[LOCAL.4],ESP
0040A4BC |. 894D C0
MOV DWORD PTR SS:[LOCAL.16],ECX
0040A4BF |. 6A 00
PUSH 0
0040A4C1 |. 6A 01
PUSH 1
0040A4C3 |. E8 F8120000 CALL 0040B7C0
0040A4C8 |. 83C4 08
ADD ESP,8
0040A4CB |. 8945 EC
MOV DWORD PTR SS:[LOCAL.5],EAX
0040A4CE |. C745 FC 00000 MOV DWORD PTR SS:[LOCAL.1],0
0040A4D5 |. 8B45 EC
MOV EAX,DWORD PTR SS:[LOCAL.5]
0040A4D8 |. 8945 E4
MOV DWORD PTR SS:[LOCAL.7],EAX
0040A4DB |. C645 FC 01
MOV BYTE PTR SS:[LOCAL.1],1
0040A4DF |. 837D E4 00
CMP DWORD PTR SS:[LOCAL.7],0
0040A4E3 |. 74 64
JE SHORT 0040A549
0040A4E5 |. 8B4D E4
MOV ECX,DWORD PTR SS:[LOCAL.7]
0040A4E8 |. 8B55 08
MOV EDX,DWORD PTR SS:[ARG.1]
0040A4EB |. 8911
MOV DWORD PTR DS:[ECX],EDX
0040A4ED |. 8B45 E4
MOV EAX,DWORD PTR SS:[LOCAL.7]
0040A4F0 |. 8B4D 0C
MOV ECX,DWORD PTR SS:[ARG.2]
0040A4F3 |. 8948 04
MOV DWORD PTR DS:[EAX+4],ECX
0040A4F6 |. 8B55 E4
MOV EDX,DWORD PTR SS:[LOCAL.7]
0040A4F9 |. 8B45 10
MOV EAX,DWORD PTR SS:[ARG.3]
0040A4FC |. 8942 08
MOV DWORD PTR DS:[EDX+8],EAX

; SystemInf

0040A4FF |.
0040A502 |.
0040A505 |.
0040A508 |.
0040A50B |.
[ARG.4]
0040A50C |.
0040A50F |.
fo.0040AD10
0040A514 |.
0040A517 |.
0040A51B |.
0040A51E |.
0040A521 |.
0040A522 |.
0040A525 |.
0040A528 |.
fo.0040AD10
0040A52D |.
0040A531 |.
0040A534 |.
0040A537 |.
0040A53A |.
0040A53D |.
0040A541 |.
0040A544 |.
0040A547 |.
0040A549 |>
0040A550 |>
0040A553 |.
0040A556 |.
0040A55A \.
0040A55C /.
0040A55F |.
0040A560 |.
0040A565 |.
0040A568 |.
0040A56A |.
0040A56C |.
fo.0042E925
0040A571 |.
0040A578 |.
0040A57D \.
0040A57E />
0040A585 |.
0040A588 |.
0040A58B |.
0040A592 |.
0040A593 |.
0040A594 |.
0040A595 |.
0040A596 |.
0040A598 |.
0040A599 \.
0040A59C
0040A59D
0040A59E
0040A59F
0040A5A0 /$
0040A5A1 |.

8B4D
83C1
894D
8B55
52

E4
0C
C4
14

MOV ECX,DWORD PTR SS:[LOCAL.7]


ADD ECX,0C
MOV DWORD PTR SS:[LOCAL.15],ECX
MOV EDX,DWORD PTR SS:[ARG.4]
PUSH EDX

; /Arg1 =>

8B4D C4
E8 FC070000

MOV ECX,DWORD PTR SS:[LOCAL.15]


CALL 0040AD10

; |
; \SystemIn

8945 BC
C645 FC 02
8B45 14
83C0 28
50
8B4D C4
83C1 28
E8 E3070000

MOV DWORD PTR SS:[LOCAL.17],EAX


MOV BYTE PTR SS:[LOCAL.1],2
MOV EAX,DWORD PTR SS:[ARG.4]
ADD EAX,28
PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.15]
ADD ECX,28
CALL 0040AD10

;
;
;
;

C645 FC 01
8B4D E4
8A55 18
8851 5C
8B45 E4
C640 5D 00
8B4D E4
894D B8
EB 07
C745 B8 00000
8B55 B8
8955 E8
C645 FC 00
EB 22
8B45 EC
50
E8 B5430200
83C4 04
6A 00
6A 00
E8 B4430200

MOV BYTE PTR SS:[LOCAL.1],1


MOV ECX,DWORD PTR SS:[LOCAL.7]
MOV DL,BYTE PTR SS:[ARG.5]
MOV BYTE PTR DS:[ECX+5C],DL
MOV EAX,DWORD PTR SS:[LOCAL.7]
MOV BYTE PTR DS:[EAX+5D],0
MOV ECX,DWORD PTR SS:[LOCAL.7]
MOV DWORD PTR SS:[LOCAL.18],ECX
JMP SHORT 0040A550
MOV DWORD PTR SS:[LOCAL.18],0
MOV EDX,DWORD PTR SS:[LOCAL.18]
MOV DWORD PTR SS:[LOCAL.6],EDX
MOV BYTE PTR SS:[LOCAL.1],0
JMP SHORT 0040A57E
MOV EAX,DWORD PTR SS:[EBP-14]
PUSH EAX
CALL 0042E91A
ADD ESP,4
PUSH 0
PUSH 0
CALL 0042E925

; /Arg2 = 0
; |Arg1 = 0
; \SystemIn

C745 FC FFFFF
B8 85A54000
C3
C745 FC FFFFF
8B45 EC
8B4D F4
64:890D 00000
59
5F
5E
5B
8BE5
5D
C2 1400
CC
CC
CC
CC
55
8BEC

MOV DWORD PTR SS:[EBP-4],-1


MOV EAX,0040A585
RETN
MOV DWORD PTR SS:[LOCAL.1],-1
MOV EAX,DWORD PTR SS:[LOCAL.5]
MOV ECX,DWORD PTR SS:[LOCAL.3]
MOV DWORD PTR FS:[0],ECX
POP ECX
POP EDI
POP ESI
POP EBX
MOV ESP,EBP
POP EBP
RETN 14
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP

/Arg1
|
|
\SystemIn

0040A5A3
0040A5A4
0040A5A5
0040A5A6
0040A5A7
0040A5A8
0040A5A9
0040A5AA
0040A5AB
0040A5AC
0040A5AD
0040A5AE
0040A5AF
0040A5B0
0040A5B1
0040A5B3
0040A5B6
0040A5B9
0040A5BC
0040A5BE
0040A5C1
0040A5C4
0040A5C7
0040A5C9
0040A5CB
0040A5D0
0040A5D2
0040A5D4
0040A5D7
0040A5DA
0040A5DE
0040A5E0
0040A5E2
0040A5E5
0040A5E8
0040A5EB
0040A5EE
0040A5F1
0040A5F4
0040A5F7
0040A5FB
0040A5FD
0040A5FF
0040A604
0040A609
0040A60C
0040A60F
0040A612
0040A615
0040A617
0040A61B
0040A61D
0040A61F
0040A622
0040A625
0040A628
0040A62B
0040A62D
0040A630
0040A633

|. 5D
\. C3
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
/$ 55
|. 8BEC
|. 83EC 14
|. 894D EC
|. 8B45 EC
|. 33C9
|. 8338 00
|. 0F95C1
|. 0FB6D1
|. 85D2
|. 75 05
|. E8 B8420200
|> 33C0
|.^ 75 FC
|. 8B4D EC
|. 8B51 04
|. 0FBE42 5D
|. 85C0
|. 74 27
|. 8B4D EC
|. 8B51 04
|. 8B45 EC
|. 8B4A 08
|. 8948 04
|. 8B55 EC
|. 8B42 04
|. 0FBE48 5D
|. 85C9
|. 74 05
|. E8 84420200
|> E9 98000000
|> 8B55 EC
|. 8B42 04
|. 8945 F8
|. 8B4D F8
|. 8B11
|. 0FBE42 5D
|. 85C0
|. 75 35
|. 8B4D EC
|. 8B51 04
|. 8955 F4
|. 8B45 F4
|. 8B08
|. 894D F0
|> 8B55 F0
|. 8B42 08

POP EBP
RETN
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
SUB ESP,14
MOV DWORD PTR SS:[LOCAL.5],ECX
MOV EAX,DWORD PTR SS:[LOCAL.5]
XOR ECX,ECX
CMP DWORD PTR DS:[EAX],0
SETNE CL
MOVZX EDX,CL
TEST EDX,EDX
JNE SHORT 0040A5D0
CALL 0042E888
/XOR EAX,EAX
\JNE SHORT 0040A5D0
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV EDX,DWORD PTR DS:[ECX+4]
MOVSX EAX,BYTE PTR DS:[EDX+5D]
TEST EAX,EAX
JE SHORT 0040A609
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV EDX,DWORD PTR DS:[ECX+4]
MOV EAX,DWORD PTR SS:[LOCAL.5]
MOV ECX,DWORD PTR DS:[EDX+8]
MOV DWORD PTR DS:[EAX+4],ECX
MOV EDX,DWORD PTR SS:[LOCAL.5]
MOV EAX,DWORD PTR DS:[EDX+4]
MOVSX ECX,BYTE PTR DS:[EAX+5D]
TEST ECX,ECX
JE SHORT 0040A604
CALL 0042E888
JMP 0040A6A1
MOV EDX,DWORD PTR SS:[LOCAL.5]
MOV EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.2],EAX
MOV ECX,DWORD PTR SS:[LOCAL.2]
MOV EDX,DWORD PTR DS:[ECX]
MOVSX EAX,BYTE PTR DS:[EDX+5D]
TEST EAX,EAX
JNE SHORT 0040A654
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[LOCAL.3],EDX
MOV EAX,DWORD PTR SS:[LOCAL.3]
MOV ECX,DWORD PTR DS:[EAX]
MOV DWORD PTR SS:[LOCAL.4],ECX
/MOV EDX,DWORD PTR SS:[LOCAL.4]
|MOV EAX,DWORD PTR DS:[EDX+8]

0040A636 |. 0FBE48 5D
0040A63A |. 85C9
0040A63C |. 75 0B
0040A63E |. 8B55 F0
0040A641 |. 8B42 08
0040A644 |. 8945 F0
0040A647 |.^ EB E7
0040A649 |> 8B4D EC
0040A64C |. 8B55 F0
0040A64F |. 8951 04
0040A652 |. EB 4D
0040A654 |> 8B45 EC
0040A657 |. 8B48 04
0040A65A |. 8B51 04
0040A65D |. 8955 FC
0040A660 |. 8B45 FC
0040A663 |. 0FBE48 5D
0040A667 |. 85C9
0040A669 |. 75 18
0040A66B |. 8B55 EC
0040A66E |. 8B45 FC
0040A671 |. 8B4A 04
0040A674 |. 3B08
0040A676 |. 75 0B
0040A678 |. 8B55 EC
0040A67B |. 8B45 FC
0040A67E |. 8942 04
0040A681 |.^ EB D1
0040A683 |> 8B4D EC
0040A686 |. 8B51 04
0040A689 |. 0FBE42 5D
0040A68D |. 85C0
0040A68F |. 74 07
0040A691 |. E8 F2410200
0040A696 |. EB 09
0040A698 |> 8B4D EC
0040A69B |. 8B55 FC
0040A69E |. 8951 04
0040A6A1 |> 8BE5
0040A6A3 |. 5D
0040A6A4 \. C3
0040A6A5
CC
0040A6A6
CC
0040A6A7
CC
0040A6A8
CC
0040A6A9
CC
0040A6AA
CC
0040A6AB
CC
0040A6AC
CC
0040A6AD
CC
0040A6AE
CC
0040A6AF
CC
0040A6B0 /$ 55
o.0040A6B0(guessed void)
0040A6B1 |. 8BEC
0040A6B3 |. 83EC 14
0040A6B6 |. 894D EC
0040A6B9 |. 8B45 EC
0040A6BC |. 33C9
0040A6BE |. 8338 00

|MOVSX ECX,BYTE PTR DS:[EAX+5D]


|TEST ECX,ECX
|JNE SHORT 0040A649
|MOV EDX,DWORD PTR SS:[LOCAL.4]
|MOV EAX,DWORD PTR DS:[EDX+8]
|MOV DWORD PTR SS:[LOCAL.4],EAX
\JMP SHORT 0040A630
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV EDX,DWORD PTR SS:[LOCAL.4]
MOV DWORD PTR DS:[ECX+4],EDX
JMP SHORT 0040A6A1
/MOV EAX,DWORD PTR SS:[LOCAL.5]
|MOV ECX,DWORD PTR DS:[EAX+4]
|MOV EDX,DWORD PTR DS:[ECX+4]
|MOV DWORD PTR SS:[LOCAL.1],EDX
|MOV EAX,DWORD PTR SS:[LOCAL.1]
|MOVSX ECX,BYTE PTR DS:[EAX+5D]
|TEST ECX,ECX
|JNE SHORT 0040A683
|MOV EDX,DWORD PTR SS:[LOCAL.5]
|MOV EAX,DWORD PTR SS:[LOCAL.1]
|MOV ECX,DWORD PTR DS:[EDX+4]
|CMP ECX,DWORD PTR DS:[EAX]
|JNE SHORT 0040A683
|MOV EDX,DWORD PTR SS:[LOCAL.5]
|MOV EAX,DWORD PTR SS:[LOCAL.1]
|MOV DWORD PTR DS:[EDX+4],EAX
\JMP SHORT 0040A654
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV EDX,DWORD PTR DS:[ECX+4]
MOVSX EAX,BYTE PTR DS:[EDX+5D]
TEST EAX,EAX
JE SHORT 0040A698
CALL 0042E888
JMP SHORT 0040A6A1
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV EDX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR DS:[ECX+4],EDX
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV
SUB
MOV
MOV
XOR
CMP

EBP,ESP
ESP,14
DWORD PTR SS:[LOCAL.5],ECX
EAX,DWORD PTR SS:[LOCAL.5]
ECX,ECX
DWORD PTR DS:[EAX],0

; SystemInf

0040A6C1
0040A6C4
0040A6C7
0040A6C9
0040A6CB
0040A6D0
0040A6D2
0040A6D4
0040A6D7
0040A6DA
0040A6DE
0040A6E0
0040A6E2
0040A6E7
0040A6EC
0040A6EF
0040A6F2
0040A6F5
0040A6F8
0040A6FB
0040A6FD
0040A701
0040A703
0040A705
0040A708
0040A70B
0040A70E
0040A711
0040A714
0040A716
0040A719
0040A71C
0040A71E
0040A722
0040A724
0040A726
0040A729
0040A72B
0040A72E
0040A730
0040A733
0040A736
0040A739
0040A73B
0040A73E
0040A741
0040A744
0040A747
0040A74A
0040A74E
0040A750
0040A752
0040A755
0040A758
0040A75B
0040A75E
0040A760
0040A763
0040A766
0040A769

|.
|.
|.
|.
|.
|>
|.^
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.^
|>
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.^

0F95C1
0FB6D1
85D2
75 05
E8 B8410200
33C0
75 FC
8B4D EC
8B51 04
0FBE42 5D
85C0
74 0A
E8 A1410200
E9 88000000
8B4D EC
8B51 04
83C2 08
8955 F8
8B45 F8
8B08
0FBE51 5D
85D2
75 36
8B45 EC
8B48 04
83C1 08
894D F4
8B55 F4
8B02
8945 F0
8B4D F0
8B11
0FBE42 5D
85C0
75 0A
8B4D F0
8B11
8955 F0
EB E9
8B45 EC
8B4D F0
8948 04
EB 39
8B55 EC
8B42 04
8B48 04
894D FC
8B55 FC
0FBE42 5D
85C0
75 19
8B4D EC
8B55 FC
8B41 04
3B42 08
75 0B
8B4D EC
8B55 FC
8951 04
EB D0

SETNE CL
MOVZX EDX,CL
TEST EDX,EDX
JNE SHORT 0040A6D0
CALL 0042E888
/XOR EAX,EAX
\JNE SHORT 0040A6D0
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV EDX,DWORD PTR DS:[ECX+4]
MOVSX EAX,BYTE PTR DS:[EDX+5D]
TEST EAX,EAX
JE SHORT 0040A6EC
CALL 0042E888
JMP 0040A774
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV EDX,DWORD PTR DS:[ECX+4]
ADD EDX,8
MOV DWORD PTR SS:[LOCAL.2],EDX
MOV EAX,DWORD PTR SS:[LOCAL.2]
MOV ECX,DWORD PTR DS:[EAX]
MOVSX EDX,BYTE PTR DS:[ECX+5D]
TEST EDX,EDX
JNE SHORT 0040A73B
MOV EAX,DWORD PTR SS:[LOCAL.5]
MOV ECX,DWORD PTR DS:[EAX+4]
ADD ECX,8
MOV DWORD PTR SS:[LOCAL.3],ECX
MOV EDX,DWORD PTR SS:[LOCAL.3]
MOV EAX,DWORD PTR DS:[EDX]
MOV DWORD PTR SS:[LOCAL.4],EAX
/MOV ECX,DWORD PTR SS:[LOCAL.4]
|MOV EDX,DWORD PTR DS:[ECX]
|MOVSX EAX,BYTE PTR DS:[EDX+5D]
|TEST EAX,EAX
|JNE SHORT 0040A730
|MOV ECX,DWORD PTR SS:[LOCAL.4]
|MOV EDX,DWORD PTR DS:[ECX]
|MOV DWORD PTR SS:[LOCAL.4],EDX
\JMP SHORT 0040A719
MOV EAX,DWORD PTR SS:[LOCAL.5]
MOV ECX,DWORD PTR SS:[LOCAL.4]
MOV DWORD PTR DS:[EAX+4],ECX
JMP SHORT 0040A774
/MOV EDX,DWORD PTR SS:[LOCAL.5]
|MOV EAX,DWORD PTR DS:[EDX+4]
|MOV ECX,DWORD PTR DS:[EAX+4]
|MOV DWORD PTR SS:[LOCAL.1],ECX
|MOV EDX,DWORD PTR SS:[LOCAL.1]
|MOVSX EAX,BYTE PTR DS:[EDX+5D]
|TEST EAX,EAX
|JNE SHORT 0040A76B
|MOV ECX,DWORD PTR SS:[LOCAL.5]
|MOV EDX,DWORD PTR SS:[LOCAL.1]
|MOV EAX,DWORD PTR DS:[ECX+4]
|CMP EAX,DWORD PTR DS:[EDX+8]
|JNE SHORT 0040A76B
|MOV ECX,DWORD PTR SS:[LOCAL.5]
|MOV EDX,DWORD PTR SS:[LOCAL.1]
|MOV DWORD PTR DS:[ECX+4],EDX
\JMP SHORT 0040A73B

0040A76B |> 8B45 EC


0040A76E |. 8B4D FC
0040A771 |. 8948 04
0040A774 |> 8BE5
0040A776 |. 5D
0040A777 \. C3
0040A778
CC
0040A779
CC
0040A77A
CC
0040A77B
CC
0040A77C
CC
0040A77D
CC
0040A77E
CC
0040A77F
CC
0040A780 /$ 55
o.0040A780(guessed Arg1)
0040A781 |. 8BEC
0040A783 |. 83EC 44
0040A786 |. 894D BC
0040A789 |. 8B45 08
0040A78C |. 8945 FC
0040A78F |. EB 06
0040A791 |> 8B4D FC
0040A794 |. 894D 08
0040A797 |> 8B55 FC
0040A79A |. 0FBE42 5D
0040A79E |. 85C0
0040A7A0 |. 75 43
0040A7A2 |. 8B4D FC
0040A7A5 |. 8B51 08
0040A7A8 |. 52
0040A7A9 |. 8B4D BC
0040A7AC |. E8 CFFFFFFF
fo.0040A780
0040A7B1 |. 8B45 FC
0040A7B4 |. 8B08
0040A7B6 |. 894D FC
0040A7B9 |. 8B4D 08
0040A7BC |. 83C1 0C
0040A7BF |. E8 ECC5FFFF
fo.00406DB0
0040A7C4 |. 33D2
0040A7C6 |. 83E2 01
0040A7C9 |. 74 0C
0040A7CB |. 8B45 08
0040A7CE |. 50
0040A7CF |. E8 46410200
0040A7D4 |. 83C4 04
0040A7D7 |> 8B4D 08
0040A7DA |. 51
0040A7DB |. E8 3A410200
0040A7E0 |. 83C4 04
0040A7E3 |.^ EB AC
0040A7E5 |> 8BE5
0040A7E7 |. 5D
0040A7E8 \. C2 0400
0040A7EB
CC
0040A7EC
CC
0040A7ED
CC
0040A7EE
CC

MOV EAX,DWORD PTR SS:[LOCAL.5]


MOV ECX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR DS:[EAX+4],ECX
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP

; SystemInf

MOV EBP,ESP
SUB ESP,44
MOV DWORD PTR SS:[LOCAL.17],ECX
MOV EAX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR SS:[LOCAL.1],EAX
JMP SHORT 0040A797
/MOV ECX,DWORD PTR SS:[LOCAL.1]
|MOV DWORD PTR SS:[ARG.1],ECX
|MOV EDX,DWORD PTR SS:[LOCAL.1]
|MOVSX EAX,BYTE PTR DS:[EDX+5D]
|TEST EAX,EAX
|JNE SHORT 0040A7E5
|MOV ECX,DWORD PTR SS:[LOCAL.1]
|MOV EDX,DWORD PTR DS:[ECX+8]
|PUSH EDX
|MOV ECX,DWORD PTR SS:[LOCAL.17]
|CALL 0040A780

; /Arg1
; |
; \SystemIn

|MOV EAX,DWORD
|MOV ECX,DWORD
|MOV DWORD PTR
|MOV ECX,DWORD
|ADD ECX,0C
|CALL 00406DB0

; [SystemIn

PTR SS:[LOCAL.1]
PTR DS:[EAX]
SS:[LOCAL.1],ECX
PTR SS:[ARG.1]

|XOR EDX,EDX
|AND EDX,00000001
|JE SHORT 0040A7D7
|MOV EAX,DWORD PTR SS:[ARG.1]
|PUSH EAX
|CALL 0042E91A
|ADD ESP,4
|MOV ECX,DWORD PTR SS:[ARG.1]
|PUSH ECX
|CALL 0042E91A
|ADD ESP,4
\JMP SHORT 0040A791
MOV ESP,EBP
POP EBP
RETN 4
INT3
INT3
INT3
INT3

0040A7EF
CC
0040A7F0 /$ 55
o.0040A7F0(guessed Arg1)
0040A7F1 |. 8BEC
0040A7F3 |. 83EC 14
0040A7F6 |. 894D EC
0040A7F9 |. 6A 00
0040A7FB |. 8B45 08
0040A7FE |. 50
0040A7FF |. E8 BC0F0000
0040A804 |. 83C4 08
0040A807 |. 8BE5
0040A809 |. 5D
0040A80A \. C2 0400
0040A80D
CC
0040A80E
CC
0040A80F
CC
0040A810 /$ 55
o.0040A810(guessed Arg1)
0040A811 |. 8BEC
0040A813 |. 83EC 1C
0040A816 |. 894D EC
0040A819 |. 8B45 EC
0040A81C |. 33C9
0040A81E |. 8338 00
0040A821 |. 0F95C1
0040A824 |. 0FB6D1
0040A827 |. 85D2
0040A829 |. 75 05
0040A82B |. E8 58400200
0040A830 |> 33C0
0040A832 |.^ 75 FC
0040A834 |. 8B4D EC
0040A837 |. 8339 00
0040A83A |. 74 18
0040A83C |. 8B55 EC
0040A83F |. 8B02
0040A841 |. 8945 FC
0040A844 |. 8B4D F8
0040A847 |. 894D E8
0040A84A |. 8B55 FC
0040A84D |. 8B02
0040A84F |. 8945 E8
0040A852 |. EB 07
0040A854 |> C745 E8 00000
0040A85B |> 8B4D 08
0040A85E |. 6BC9 28
0040A861 |. 8B55 EC
0040A864 |. 034A 04
0040A867 |. 8B45 E8
0040A86A |. 3B48 10
0040A86D |. 77 3B
0040A86F |. 8B4D EC
0040A872 |. 8339 00
0040A875 |. 74 18
0040A877 |. 8B55 EC
0040A87A |. 8B02
0040A87C |. 8945 F4
0040A87F |. 8B4D F0
0040A882 |. 894D E4

INT3
PUSH EBP

; SystemInf

MOV EBP,ESP
SUB ESP,14
MOV DWORD PTR SS:[LOCAL.5],ECX
PUSH 0
MOV EAX,DWORD PTR SS:[ARG.1]
PUSH EAX
CALL 0040B7C0
ADD ESP,8
MOV ESP,EBP
POP EBP
RETN 4
INT3
INT3
INT3
PUSH EBP

; SystemInf

MOV EBP,ESP
SUB ESP,1C
MOV DWORD PTR SS:[LOCAL.5],ECX
MOV EAX,DWORD PTR SS:[LOCAL.5]
XOR ECX,ECX
CMP DWORD PTR DS:[EAX],0
SETNE CL
MOVZX EDX,CL
TEST EDX,EDX
JNE SHORT 0040A830
CALL 0042E888
/XOR EAX,EAX
\JNE SHORT 0040A830
MOV ECX,DWORD PTR SS:[LOCAL.5]
CMP DWORD PTR DS:[ECX],0
JE SHORT 0040A854
MOV EDX,DWORD PTR SS:[LOCAL.5]
MOV EAX,DWORD PTR DS:[EDX]
MOV DWORD PTR SS:[LOCAL.1],EAX
MOV ECX,DWORD PTR SS:[LOCAL.2]
MOV DWORD PTR SS:[LOCAL.6],ECX
MOV EDX,DWORD PTR SS:[LOCAL.1]
MOV EAX,DWORD PTR DS:[EDX]
MOV DWORD PTR SS:[LOCAL.6],EAX
JMP SHORT 0040A85B
MOV DWORD PTR SS:[LOCAL.6],0
MOV ECX,DWORD PTR SS:[ARG.1]
IMUL ECX,ECX,28
MOV EDX,DWORD PTR SS:[LOCAL.5]
ADD ECX,DWORD PTR DS:[EDX+4]
MOV EAX,DWORD PTR SS:[LOCAL.6]
CMP ECX,DWORD PTR DS:[EAX+10]
JA SHORT 0040A8AA
MOV ECX,DWORD PTR SS:[LOCAL.5]
CMP DWORD PTR DS:[ECX],0
JE SHORT 0040A88F
MOV EDX,DWORD PTR SS:[LOCAL.5]
MOV EAX,DWORD PTR DS:[EDX]
MOV DWORD PTR SS:[LOCAL.3],EAX
MOV ECX,DWORD PTR SS:[LOCAL.4]
MOV DWORD PTR SS:[LOCAL.7],ECX

0040A885 |. 8B55 F4
0040A888 |. 8B02
0040A88A |. 8945 E4
0040A88D |. EB 07
0040A88F |> C745 E4 00000
0040A896 |> 8B4D 08
0040A899 |. 6BC9 28
0040A89C |. 8B55 EC
0040A89F |. 034A 04
0040A8A2 |. 8B45 E4
0040A8A5 |. 3B48 0C
0040A8A8 |. 73 05
0040A8AA |> E8 D93F0200
0040A8AF |> 33C9
0040A8B1 |.^ 75 FC
0040A8B3 |. 8B55 08
0040A8B6 |. 6BD2 28
0040A8B9 |. 8B45 EC
0040A8BC |. 0350 04
0040A8BF |. 8B4D EC
0040A8C2 |. 8951 04
0040A8C5 |. 8B45 EC
0040A8C8 |. 8BE5
0040A8CA |. 5D
0040A8CB \. C2 0400
0040A8CE
CC
0040A8CF
CC
0040A8D0 /$ 55
o.0040A8D0(guessed Arg1)
0040A8D1 |. 8BEC
0040A8D3 |. 83EC 08
0040A8D6 |. C745 FC 00000
0040A8DD |. EB 09
0040A8DF |> 8B45 08
0040A8E2 |. 0345 F8
0040A8E5 |. 8945 08
0040A8E8 |> E8 87480200
0040A8ED |. 50
0040A8EE |. 8B4D 08
0040A8F1 |. 51
[ARG.1]
0040A8F2 |. E8 B4440200
fo.0042EDAB
0040A8F7 |. 83C4 08
0040A8FA |. 8945 F8
0040A8FD |. 837D F8 00
0040A901 |. 7E 0B
0040A903 |. 8B55 FC
0040A906 |. 83C2 01
0040A909 |. 8955 FC
0040A90C |.^ EB D1
0040A90E |> 8B45 FC
0040A911 |. 8BE5
0040A913 |. 5D
0040A914 \. C3
0040A915
CC
0040A916
CC
0040A917
CC
0040A918
CC
0040A919
CC

MOV EDX,DWORD PTR SS:[LOCAL.3]


MOV EAX,DWORD PTR DS:[EDX]
MOV DWORD PTR SS:[LOCAL.7],EAX
JMP SHORT 0040A896
MOV DWORD PTR SS:[LOCAL.7],0
MOV ECX,DWORD PTR SS:[ARG.1]
IMUL ECX,ECX,28
MOV EDX,DWORD PTR SS:[LOCAL.5]
ADD ECX,DWORD PTR DS:[EDX+4]
MOV EAX,DWORD PTR SS:[LOCAL.7]
CMP ECX,DWORD PTR DS:[EAX+0C]
JNB SHORT 0040A8AF
CALL 0042E888
/XOR ECX,ECX
\JNE SHORT 0040A8AF
MOV EDX,DWORD PTR SS:[ARG.1]
IMUL EDX,EDX,28
MOV EAX,DWORD PTR SS:[LOCAL.5]
ADD EDX,DWORD PTR DS:[EAX+4]
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV DWORD PTR DS:[ECX+4],EDX
MOV EAX,DWORD PTR SS:[LOCAL.5]
MOV ESP,EBP
POP EBP
RETN 4
INT3
INT3
PUSH EBP

; SystemInf

MOV EBP,ESP
SUB ESP,8
MOV DWORD PTR SS:[LOCAL.1],0
JMP SHORT 0040A8E8
/MOV EAX,DWORD PTR SS:[ARG.1]
|ADD EAX,DWORD PTR SS:[LOCAL.2]
|MOV DWORD PTR SS:[ARG.1],EAX
|CALL 0042F174
|PUSH EAX
|MOV ECX,DWORD PTR SS:[ARG.1]
|PUSH ECX

; /Arg2
; |
; |Arg1 =>

|CALL 0042EDAB

; \SystemIn

|ADD ESP,8
|MOV DWORD PTR SS:[LOCAL.2],EAX
|CMP DWORD PTR SS:[LOCAL.2],0
|JLE SHORT 0040A90E
|MOV EDX,DWORD PTR SS:[LOCAL.1]
|ADD EDX,1
|MOV DWORD PTR SS:[LOCAL.1],EDX
\JMP SHORT 0040A8DF
MOV EAX,DWORD PTR SS:[LOCAL.1]
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
INT3
INT3

0040A91A
CC
INT3
0040A91B
CC
INT3
0040A91C
CC
INT3
0040A91D
CC
INT3
0040A91E
CC
INT3
0040A91F
CC
INT3
0040A920 /$ 55
PUSH EBP
o.0040A920(guessed Arg1,Arg2)
0040A921 |. 8BEC
MOV EBP,ESP
0040A923 |. 51
PUSH ECX
0040A924 |. 837D 08 00
CMP DWORD PTR SS:[ARG.1],0
0040A928 |. 75 09
JNE SHORT 0040A933
0040A92A |. C745 FC 00000 MOV DWORD PTR SS:[LOCAL.1],0
0040A931 |. EB 0E
JMP SHORT 0040A941
0040A933 |> 8B45 08
MOV EAX,DWORD PTR SS:[ARG.1]
0040A936 |. 8B08
MOV ECX,DWORD PTR DS:[EAX]
0040A938 |. 8B55 08
MOV EDX,DWORD PTR SS:[ARG.1]
0040A93B |. 0351 04
ADD EDX,DWORD PTR DS:[ECX+4]
0040A93E |. 8955 FC
MOV DWORD PTR SS:[LOCAL.1],EDX
0040A941 |> 8B45 0C
MOV EAX,DWORD PTR SS:[ARG.2]
0040A944 |. 8B48 04
MOV ECX,DWORD PTR DS:[EAX+4]
0040A947 |. 51
PUSH ECX
0040A948 |. 8B55 FC
MOV EDX,DWORD PTR SS:[LOCAL.1]
0040A94B |. 52
PUSH EDX
0040A94C |. 8B45 0C
MOV EAX,DWORD PTR SS:[ARG.2]
0040A94F |. 8B08
MOV ECX,DWORD PTR DS:[EAX]
0040A951 |. FFD1
CALL ECX
0040A953 |. 83C4 08
ADD ESP,8
0040A956 |. 8B45 08
MOV EAX,DWORD PTR SS:[ARG.1]
0040A959 |. 8BE5
MOV ESP,EBP
0040A95B |. 5D
POP EBP
0040A95C \. C3
RETN
0040A95D
CC
INT3
0040A95E
CC
INT3
0040A95F
CC
INT3
0040A960 /$ 55
PUSH EBP
0040A961 |. 8BEC
MOV EBP,ESP
0040A963 |. 6A FF
PUSH -1
0040A965 |. 68 80554400 PUSH 00445580
0040A96A |. 64:A1 0000000 MOV EAX,DWORD PTR FS:[0]
0040A970 |. 50
PUSH EAX
0040A971 |. 51
PUSH ECX
0040A972 |. 81EC 7C010000 SUB ESP,17C
0040A978 |. 53
PUSH EBX
0040A979 |. 56
PUSH ESI
0040A97A |. 57
PUSH EDI
0040A97B |. A1 A0154500 MOV EAX,DWORD PTR DS:[4515A0]
0040A980 |. 33C5
XOR EAX,EBP
0040A982 |. 50
PUSH EAX
0040A983 |. 8D45 F4
LEA EAX,[LOCAL.3]
0040A986 |. 64:A3 0000000 MOV DWORD PTR FS:[0],EAX
0040A98C |. 8965 F0
MOV DWORD PTR SS:[LOCAL.4],ESP
0040A98F |. C745 EC 00000 MOV DWORD PTR SS:[LOCAL.5],0
0040A996 |. 8B45 0C
MOV EAX,DWORD PTR SS:[ARG.2]
0040A999 |. 50
PUSH EAX
[ARG.2]
0040A99A |. E8 E1380200 CALL 0042E280
fo.0042E280
0040A99F |. 83C4 04
ADD ESP,4
0040A9A2 |. 8945 E8
MOV DWORD PTR SS:[LOCAL.6],EAX

; SystemInf

; /Arg1 =>
; \SystemIn

0040A9A5 |.
0040A9A8 |.
0040A9AA |.
0040A9AD |.
0040A9B0 |.
0040A9B4 |.
0040A9B7 |.
0040A9BB |.
0040A9BD |.
0040A9C0 |.
0040A9C2 |.
0040A9C5 |.
0040A9C8 |.
0040A9CC |.
0040A9CF |.
0040A9D2 |.
0040A9D5 |.
0040A9D7 |.
0040A9DA |.
0040A9DC |.
0040A9DF |.
0040A9E2 |.
0040A9E6 |.
0040A9E9 |.
0040A9EC |.
0040A9EF |.
0040A9F5 |.
0040A9F7 |>
0040AA01 |>
0040AA07 |.
0040AA0A |.
0040AA0D |.
[ARG.1]
0040AA0E |.
0040AA11 |.
fo.0040FDA0
0040AA16 |.
0040AA1D |.
0040AA20 |.
0040AA23 |.
0040AA27 |.
0040AA29 |.
0040AA2B |.
0040AA2E |.
0040AA31 |.
0040AA34 |.
0040AA39 |>
0040AA3D |.
0040AA40 |.
0040AA42 |.
0040AA45 |.
0040AA48 |.
0040AA4C |.
0040AA4F |.
0040AA52 |.
0040AA58 |.
0040AA5B |.
0040AA5D |.
0040AA5F |>
0040AA62 |.

8B4D 08
8B11
8B42 04
8B4D 08
8B5401 18
8955 C4
837D C4 00
7E 3A
8B45 08
8B08
8B51 04
8B45 08
8B4C10 18
894D C0
8B55 C0
3B55 E8
7E 20
8B45 08
8B08
8B51 04
8B45 08
8B4C10 18
894D BC
8B55 BC
2B55 E8
8995 88FEFFFF
EB 0A
C785 88FEFFFF
8B85 88FEFFFF
8945 E4
8B4D 08
51

MOV ECX,DWORD PTR SS:[ARG.1]


MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR DS:[EDX+4]
MOV ECX,DWORD PTR SS:[ARG.1]
MOV EDX,DWORD PTR DS:[EAX+ECX+18]
MOV DWORD PTR SS:[LOCAL.15],EDX
CMP DWORD PTR SS:[LOCAL.15],0
JLE SHORT 0040A9F7
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR DS:[ECX+4]
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ECX,DWORD PTR DS:[EDX+EAX+18]
MOV DWORD PTR SS:[LOCAL.16],ECX
MOV EDX,DWORD PTR SS:[LOCAL.16]
CMP EDX,DWORD PTR SS:[LOCAL.6]
JLE SHORT 0040A9F7
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR DS:[ECX+4]
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ECX,DWORD PTR DS:[EDX+EAX+18]
MOV DWORD PTR SS:[LOCAL.17],ECX
MOV EDX,DWORD PTR SS:[LOCAL.17]
SUB EDX,DWORD PTR SS:[LOCAL.6]
MOV DWORD PTR SS:[LOCAL.94],EDX
JMP SHORT 0040AA01
MOV DWORD PTR SS:[LOCAL.94],0
MOV EAX,DWORD PTR SS:[LOCAL.94]
MOV DWORD PTR SS:[LOCAL.7],EAX
MOV ECX,DWORD PTR SS:[ARG.1]
PUSH ECX

; /Arg1 =>

8D4D DC
E8 8A530000

LEA ECX,[LOCAL.9]
CALL 0040FDA0

; |
; \SystemIn

C745 FC 00000
8A55 E0
8855 AB
0FB645 AB
85C0
75 0E
8B4D EC
83C9 04
894D EC
E9 1A020000
C645 FC 01
8B55 08
8B02
8B48 04
8B55 08
8B440A 10
8945 A4
8B4D A4
81E1 C0010000
83F9 40
74 77
EB 09
8B55 E4
83EA 01

MOV DWORD PTR SS:[LOCAL.1],0


MOV DL,BYTE PTR SS:[LOCAL.8]
MOV BYTE PTR SS:[LOCAL.22+3],DL
MOVZX EAX,BYTE PTR SS:[LOCAL.22+3]
TEST EAX,EAX
JNE SHORT 0040AA39
MOV ECX,DWORD PTR SS:[LOCAL.5]
OR ECX,00000004
MOV DWORD PTR SS:[LOCAL.5],ECX
JMP 0040AC53
MOV BYTE PTR SS:[LOCAL.1],1
MOV EDX,DWORD PTR SS:[ARG.1]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR DS:[EAX+4]
MOV EDX,DWORD PTR SS:[ARG.1]
MOV EAX,DWORD PTR DS:[ECX+EDX+10]
MOV DWORD PTR SS:[LOCAL.23],EAX
MOV ECX,DWORD PTR SS:[LOCAL.23]
AND ECX,000001C0
CMP ECX,40
JE SHORT 0040AAD4
JMP SHORT 0040AA68
/MOV EDX,DWORD PTR SS:[EBP-1C]
|SUB EDX,1

0040AA65 |.
0040AA68 |>
0040AA6C |.
0040AA6E |.
0040AA71 |.
0040AA73 |.
0040AA76 |.
0040AA79 |.
0040AA7D |.
0040AA80 |.
0040AA83 |.
0040AA85 |.
0040AA88 |.
0040AA8B |.
0040AA8F |.
0040AA92 |.
0040AA96 |.
0040AA97 |.
0040AA9A |.
fo.0040FC10
0040AA9F |.
0040AAA5 |.
0040AAAB |.
0040AAAE |.
0040AAB5 |.
0040AAB8 |.
0040AABA |.
0040AABD |.
0040AAC0 |.
0040AAC3 |.
0040AAC5 |.^
0040AAC7 |.
0040AACA |.
0040AACD |.
0040AAD0 |.
0040AAD2 |>^
0040AAD4 |>
0040AAD8 |.
0040AADA |.
0040AADD |.
0040AADF |.
0040AAE2 |.
0040AAE5 |.
0040AAE9 |.
0040AAEC |.
0040AAEF |.
0040AAF0 |.
0040AAF3 |.
0040AAF4 |.
0040AAF7 |.
0040AAF9 |.
0040AAFC |.
0040AAFF |.
0040AB01 |.
0040AB07 |.
0040AB0D |.
0040AB10 |.
0040AB12 |.
0040AB15 |.
0040AB18 |.

8955 E4
837D E4 00
7E 66
8B45 08
8B08
8B51 04
8B45 08
8A4C10 30
884D A3
8B55 08
8B02
8B48 04
8B55 08
8B440A 28
8945 9C
0FB64D A3
51
8B4D 9C
E8 71510000

|MOV DWORD PTR SS:[EBP-1C],EDX


|CMP DWORD PTR SS:[EBP-1C],0
|JLE SHORT 0040AAD4
|MOV EAX,DWORD PTR SS:[EBP+8]
|MOV ECX,DWORD PTR DS:[EAX]
|MOV EDX,DWORD PTR DS:[ECX+4]
|MOV EAX,DWORD PTR SS:[EBP+8]
|MOV CL,BYTE PTR DS:[EDX+EAX+30]
|MOV BYTE PTR SS:[EBP-5D],CL
|MOV EDX,DWORD PTR SS:[EBP+8]
|MOV EAX,DWORD PTR DS:[EDX]
|MOV ECX,DWORD PTR DS:[EAX+4]
|MOV EDX,DWORD PTR SS:[EBP+8]
|MOV EAX,DWORD PTR DS:[ECX+EDX+28]
|MOV DWORD PTR SS:[EBP-64],EAX
|MOVZX ECX,BYTE PTR SS:[EBP-5D]
|PUSH ECX
|MOV ECX,DWORD PTR SS:[EBP-64]
|CALL 0040FC10

8985 84FEFFFF
8B95 84FEFFFF
8955 D8
C745 D4 FFFFF
8B45 D4
33C9
3B45 D8
0F94C1
0FB6D1
85D2
74 0B
8B45 EC
83C8 04
8945 EC
EB 02
EB 8B
837D EC 00
75 41
8B4D 08
8B11
8B42 04
8B4D 08
8B5401 28
8955 90
8B45 E8
50
8B4D 0C
51
8B55 90
8B02
8B4D 90
8B50 20
FFD2
8985 80FEFFFF
8B85 80FEFFFF
3B45 E8
74 09
8B4D EC
83C9 04
894D EC

|MOV DWORD PTR SS:[EBP-17C],EAX


|MOV EDX,DWORD PTR SS:[EBP-17C]
|MOV DWORD PTR SS:[EBP-28],EDX
|MOV DWORD PTR SS:[EBP-2C],-1
|MOV EAX,DWORD PTR SS:[EBP-2C]
|XOR ECX,ECX
|CMP EAX,DWORD PTR SS:[EBP-28]
|SETE CL
|MOVZX EDX,CL
|TEST EDX,EDX
|JE SHORT 0040AAD2
|MOV EAX,DWORD PTR SS:[EBP-14]
|OR EAX,00000004
|MOV DWORD PTR SS:[EBP-14],EAX
|JMP SHORT 0040AAD4
\JMP SHORT 0040AA5F
CMP DWORD PTR SS:[EBP-14],0
JNE SHORT 0040AB1B
MOV ECX,DWORD PTR SS:[EBP+8]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR DS:[EDX+4]
MOV ECX,DWORD PTR SS:[EBP+8]
MOV EDX,DWORD PTR DS:[EAX+ECX+28]
MOV DWORD PTR SS:[EBP-70],EDX
MOV EAX,DWORD PTR SS:[EBP-18]
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP+0C]
PUSH ECX
MOV EDX,DWORD PTR SS:[EBP-70]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[EBP-70]
MOV EDX,DWORD PTR DS:[EAX+20]
CALL EDX
MOV DWORD PTR SS:[EBP-180],EAX
MOV EAX,DWORD PTR SS:[EBP-180]
CMP EAX,DWORD PTR SS:[EBP-18]
JE SHORT 0040AB1B
MOV ECX,DWORD PTR SS:[EBP-14]
OR ECX,00000004
MOV DWORD PTR SS:[EBP-14],ECX

; /Arg1
; |
; \SystemIn

0040AB1B |>
0040AB1F |.
0040AB21 |.
0040AB23 |>
0040AB26 |.
0040AB29 |.
0040AB2C |>
0040AB30 |.
0040AB32 |.
0040AB35 |.
0040AB37 |.
0040AB3A |.
0040AB3D |.
0040AB41 |.
0040AB44 |.
0040AB47 |.
0040AB49 |.
0040AB4C |.
0040AB4F |.
0040AB53 |.
0040AB56 |.
0040AB5A |.
0040AB5B |.
0040AB5E |.
fo.0040FC10
0040AB63 |.
0040AB69 |.
0040AB6F |.
0040AB72 |.
0040AB79 |.
0040AB7C |.
0040AB7E |.
0040AB81 |.
0040AB84 |.
0040AB87 |.
0040AB89 |.^
0040AB8B |.
0040AB8E |.
0040AB91 |.
0040AB94 |.
0040AB96 |>^
0040AB98 |>
0040AB9B |.
0040AB9D |.
0040ABA0 |.
0040ABA3 |.
0040ABA9 |.
0040ABAF |.
0040ABB2 |.
0040ABB8 |.
0040ABBE |.
0040ABC5 \.
0040ABCA /.
0040ABCD |.
0040ABCF |.
0040ABD2 |.
0040ABD5 |.
0040ABDB |.
0040ABE0 |.
0040ABE2 |.

837D EC 00
75 77
EB 09
8B55 E4
83EA 01
8955 E4
837D E4 00
7E 66
8B45 08
8B08
8B51 04
8B45 08
8A4C10 30
884D 8F
8B55 08
8B02
8B48 04
8B55 08
8B440A 28
8945 88
0FB64D 8F
51
8B4D 88
E8 AD500000

CMP DWORD PTR SS:[EBP-14],0


JNE SHORT 0040AB98
JMP SHORT 0040AB2C
/MOV EDX,DWORD PTR SS:[EBP-1C]
|SUB EDX,1
|MOV DWORD PTR SS:[EBP-1C],EDX
|CMP DWORD PTR SS:[EBP-1C],0
|JLE SHORT 0040AB98
|MOV EAX,DWORD PTR SS:[EBP+8]
|MOV ECX,DWORD PTR DS:[EAX]
|MOV EDX,DWORD PTR DS:[ECX+4]
|MOV EAX,DWORD PTR SS:[EBP+8]
|MOV CL,BYTE PTR DS:[EDX+EAX+30]
|MOV BYTE PTR SS:[EBP-71],CL
|MOV EDX,DWORD PTR SS:[EBP+8]
|MOV EAX,DWORD PTR DS:[EDX]
|MOV ECX,DWORD PTR DS:[EAX+4]
|MOV EDX,DWORD PTR SS:[EBP+8]
|MOV EAX,DWORD PTR DS:[ECX+EDX+28]
|MOV DWORD PTR SS:[EBP-78],EAX
|MOVZX ECX,BYTE PTR SS:[EBP-71]
|PUSH ECX
|MOV ECX,DWORD PTR SS:[EBP-78]
|CALL 0040FC10

8985 7CFEFFFF
8B95 7CFEFFFF
8955 D0
C745 CC FFFFF
8B45 CC
33C9
3B45 D0
0F94C1
0FB6D1
85D2
74 0B
8B45 EC
83C8 04
8945 EC
EB 02
EB 8B
8B4D 08
8B11
8B45 08
0342 04
8985 78FFFFFF
8B8D 78FFFFFF
8B51 18
8995 7CFFFFFF
8B85 78FFFFFF
C740 18 00000
E9 82000000
8B4D 08
8B11
8B45 08
0342 04
8985 6CFFFFFF
B9 04000000
85C9
74 5B

|MOV DWORD PTR SS:[EBP-184],EAX


|MOV EDX,DWORD PTR SS:[EBP-184]
|MOV DWORD PTR SS:[EBP-30],EDX
|MOV DWORD PTR SS:[EBP-34],-1
|MOV EAX,DWORD PTR SS:[EBP-34]
|XOR ECX,ECX
|CMP EAX,DWORD PTR SS:[EBP-30]
|SETE CL
|MOVZX EDX,CL
|TEST EDX,EDX
|JE SHORT 0040AB96
|MOV EAX,DWORD PTR SS:[EBP-14]
|OR EAX,00000004
|MOV DWORD PTR SS:[EBP-14],EAX
|JMP SHORT 0040AB98
\JMP SHORT 0040AB23
MOV ECX,DWORD PTR SS:[EBP+8]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[EBP+8]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[EBP-88],EAX
MOV ECX,DWORD PTR SS:[EBP-88]
MOV EDX,DWORD PTR DS:[ECX+18]
MOV DWORD PTR SS:[EBP-84],EDX
MOV EAX,DWORD PTR SS:[EBP-88]
MOV DWORD PTR DS:[EAX+18],0
JMP 0040AC4C
MOV ECX,DWORD PTR SS:[EBP+8]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[EBP+8]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[EBP-94],EAX
MOV ECX,4
TEST ECX,ECX
JE SHORT 0040AC3F

; /Arg1
; |
; \SystemIn

0040ABE4 |.
0040ABEA |.
0040ABED |.
0040ABF3 |.
0040ABF9 |.
0040ABFC |.
0040AC02 |.
0040AC08 |.
0040AC0C |.
0040AC0E |.
0040AC14 |.
0040AC17 |.
0040AC1D |.
0040AC1F |>
0040AC25 |.
0040AC2B |>
0040AC2D |.
0040AC33 |.
[ARG.EBP-188]
0040AC34 |.
0040AC3A |.
fo.004083E0
0040AC3F |>
0040AC46 |.
0040AC4B \.
0040AC4C />
0040AC53 |>
0040AC56 |.
0040AC58 |.
0040AC5B |.
0040AC5E |.
0040AC64 |.
0040AC68 |.
0040AC6A |.
0040AC70 |.
0040AC73 |.
0040AC79 |.
0040AC7F |.
0040AC82 |.
0040AC88 |.
0040AC8E |.
0040AC92 |.
0040AC94 |.
0040AC9A |.
0040AC9D |.
0040ACA3 |.
0040ACA5 |>
0040ACAB |.
0040ACB1 |>
0040ACB3 |.
0040ACB9 |.
0040ACBA |.
0040ACC0 |.
fo.004083E0
0040ACC5 |>
0040ACC8 |.
0040ACCB |.
0040ACD2 |.
0040ACD7 |.
0040ACDA |.

8B95 6CFFFFFF
8B42 08
8985 74FFFFFF
8B8D 74FFFFFF
83C9 04
898D 70FFFFFF
8B95 6CFFFFFF
837A 28 00
75 11
8B85 70FFFFFF
83C8 04
8985 78FEFFFF
EB 0C
8B8D 70FFFFFF
898D 78FEFFFF
6A 01
8B95 78FEFFFF
52

MOV EDX,DWORD PTR SS:[EBP-94]


MOV EAX,DWORD PTR DS:[EDX+8]
MOV DWORD PTR SS:[EBP-8C],EAX
MOV ECX,DWORD PTR SS:[EBP-8C]
OR ECX,00000004
MOV DWORD PTR SS:[EBP-90],ECX
MOV EDX,DWORD PTR SS:[EBP-94]
CMP DWORD PTR DS:[EDX+28],0
JNE SHORT 0040AC1F
MOV EAX,DWORD PTR SS:[EBP-90]
OR EAX,00000004
MOV DWORD PTR SS:[EBP-188],EAX
JMP SHORT 0040AC2B
MOV ECX,DWORD PTR SS:[EBP-90]
MOV DWORD PTR SS:[EBP-188],ECX
PUSH 1
MOV EDX,DWORD PTR SS:[EBP-188]
PUSH EDX

; /Arg2 = 1
; |
; |Arg1 =>

8B8D 6CFFFFFF MOV ECX,DWORD PTR SS:[EBP-94]


E8 A1D7FFFF CALL 004083E0

; |
; \SystemIn

C745 FC 00000
B8 53AC4000
C3
C745 FC 00000
8B45 08
8B08
8B55 08
0351 04
8995 94FEFFFF
837D EC 00
74 5B
8B85 94FEFFFF
8B48 08
898D 68FFFFFF
8B95 68FFFFFF
0B55 EC
8995 98FEFFFF
8B85 94FEFFFF
8378 28 00
75 11
8B8D 98FEFFFF
83C9 04
898D 74FEFFFF
EB 0C
8B95 98FEFFFF
8995 74FEFFFF
6A 00
8B85 74FEFFFF
50
8B8D 94FEFFFF
E8 1BD7FFFF

MOV DWORD PTR SS:[EBP-4],0


MOV EAX,0040AC53
RETN
MOV DWORD PTR SS:[EBP-4],0
MOV EAX,DWORD PTR SS:[EBP+8]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[EBP+8]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[EBP-16C],EDX
CMP DWORD PTR SS:[EBP-14],0
JE SHORT 0040ACC5
MOV EAX,DWORD PTR SS:[EBP-16C]
MOV ECX,DWORD PTR DS:[EAX+8]
MOV DWORD PTR SS:[EBP-98],ECX
MOV EDX,DWORD PTR SS:[EBP-98]
OR EDX,DWORD PTR SS:[EBP-14]
MOV DWORD PTR SS:[EBP-168],EDX
MOV EAX,DWORD PTR SS:[EBP-16C]
CMP DWORD PTR DS:[EAX+28],0
JNE SHORT 0040ACA5
MOV ECX,DWORD PTR SS:[EBP-168]
OR ECX,00000004
MOV DWORD PTR SS:[EBP-18C],ECX
JMP SHORT 0040ACB1
MOV EDX,DWORD PTR SS:[EBP-168]
MOV DWORD PTR SS:[EBP-18C],EDX
PUSH 0
MOV EAX,DWORD PTR SS:[EBP-18C]
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP-16C]
CALL 004083E0

;
;
;
;
;

8B4D 08
894D C8
C745 FC 03000
E8 D72A0200
0FB6D0
85D2

MOV ECX,DWORD PTR SS:[EBP+8]


MOV DWORD PTR SS:[EBP-38],ECX
MOV DWORD PTR SS:[EBP-4],3
CALL 0042D7AE
MOVZX EDX,AL
TEST EDX,EDX

/Arg2 = 0
|
|Arg1
|
\SystemIn

0040ACDC |. 75 08
0040ACDE |. 8B4D DC
0040ACE1 |. E8 9A540000
0040ACE6 |> C745 FC FFFFF
0040ACED |. 8D4D DC
0040ACF0 |. E8 7B550000
0040ACF5 |. 8B45 C8
0040ACF8 |. 8B4D F4
0040ACFB |. 64:890D 00000
0040AD02 |. 59
0040AD03 |. 5F
0040AD04 |. 5E
0040AD05 |. 5B
0040AD06 |. 8BE5
0040AD08 |. 5D
0040AD09 \. C3
0040AD0A
CC
0040AD0B
CC
0040AD0C
CC
0040AD0D
CC
0040AD0E
CC
0040AD0F
CC
0040AD10 /$ 55
o.0040AD10(guessed Arg1)
0040AD11 |. 8BEC
0040AD13 |. 6A FF
0040AD15 |. 68 A8554400
0040AD1A |. 64:A1 0000000
0040AD20 |. 50
0040AD21 |. 83EC 4C
0040AD24 |. A1 A0154500
0040AD29 |. 33C5
0040AD2B |. 50
0040AD2C |. 8D45 F4
0040AD2F |. 64:A3 0000000
0040AD35 |. 894D A8
0040AD38 |. 6A 00
0040AD3A |. 6A 00
0040AD3C |. 8B4D A8
0040AD3F |. E8 1C4E0000
fo.0040FB60
0040AD44 |. A1 AC874400
0040AD49 |. 50
[4487AC] = -1
0040AD4A |. 6A 00
0040AD4C |. 8B4D 08
0040AD4F |. 51
[ARG.1]
0040AD50 |. 8B4D A8
0040AD53 |. E8 C8420000
fo.0040F020
0040AD58 |. C745 FC 00000
0040AD5F |. 8B55 08
0040AD62 |. 8B42 1C
0040AD65 |. 50
0040AD66 |. E8 45000000
fo.0040ADB0
0040AD6B |. 83C4 04
0040AD6E |. 8B4D A8
0040AD71 |. 8941 1C

JNE SHORT 0040ACE6


MOV ECX,DWORD PTR SS:[EBP-24]
CALL 00410180
MOV DWORD PTR SS:[EBP-4],-1
LEA ECX,[EBP-24]
CALL 00410270
MOV EAX,DWORD PTR SS:[EBP-38]
MOV ECX,DWORD PTR SS:[EBP-0C]
MOV DWORD PTR FS:[0],ECX
POP ECX
POP EDI
POP ESI
POP EBX
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP

; SystemInf

MOV EBP,ESP
PUSH -1
PUSH 004455A8
MOV EAX,DWORD PTR FS:[0]
PUSH EAX
SUB ESP,4C
MOV EAX,DWORD PTR DS:[4515A0]
XOR EAX,EBP
PUSH EAX
LEA EAX,[LOCAL.3]
MOV DWORD PTR FS:[0],EAX
MOV DWORD PTR SS:[LOCAL.22],ECX
PUSH 0
PUSH 0
MOV ECX,DWORD PTR SS:[LOCAL.22]
CALL 0040FB60

;
;
;
;

MOV EAX,DWORD PTR DS:[4487AC]


PUSH EAX

; /Arg3 =>

PUSH 0
MOV ECX,DWORD PTR SS:[ARG.1]
PUSH ECX

; |Arg2 = 0
; |
; |Arg1 =>

MOV ECX,DWORD PTR SS:[LOCAL.22]


CALL 0040F020

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.1],0


MOV EDX,DWORD PTR SS:[ARG.1]
MOV EAX,DWORD PTR DS:[EDX+1C]
PUSH EAX
CALL 0040ADB0

; /Arg1
; \SystemIn

ADD ESP,4
MOV ECX,DWORD PTR SS:[LOCAL.22]
MOV DWORD PTR DS:[ECX+1C],EAX

/Arg2 = 0
|Arg1 = 0
|
\SystemIn

0040AD74 |. 8B55 08
0040AD77 |. 8B42 20
0040AD7A |. 50
0040AD7B |. E8 30000000
fo.0040ADB0
0040AD80 |. 83C4 04
0040AD83 |. 8B4D A8
0040AD86 |. 8941 20
0040AD89 |. 8B55 A8
0040AD8C |. C742 24 00000
0040AD93 |. C745 FC FFFFF
0040AD9A |. 8B45 A8
0040AD9D |. 8B4D F4
0040ADA0 |. 64:890D 00000
0040ADA7 |. 59
0040ADA8 |. 8BE5
0040ADAA |. 5D
0040ADAB \. C2 0400
0040ADAE
CC
0040ADAF
CC
0040ADB0 /$ 55
o.0040ADB0(guessed Arg1)
0040ADB1 |. 8BEC
0040ADB3 |. 83EC 0C
0040ADB6 |. 837D 08 00
0040ADBA |. 75 06
0040ADBC |. 33C0
0040ADBE |. EB 3D
0040ADC0 |. EB 3B
0040ADC2 |> 8B45 08
0040ADC5 |. 50
[ARG.1]
0040ADC6 |. E8 B5340200
fo.0042E280
0040ADCB |. 83C4 04
0040ADCE |. 83C0 01
0040ADD1 |. 8945 FC
0040ADD4 |. 8B4D FC
0040ADD7 |. 51
[LOCAL.1]
0040ADD8 |. E8 6F2A0200
fo.0042D84C
0040ADDD |. 83C4 04
0040ADE0 |. 8945 F4
0040ADE3 |. 8B55 F4
0040ADE6 |. 8955 F8
0040ADE9 |. 8B45 FC
0040ADEC |. 50
[LOCAL.1]
0040ADED |. 8B4D 08
0040ADF0 |. 51
[ARG.1]
0040ADF1 |. 8B55 F8
0040ADF4 |. 52
[LOCAL.2]
0040ADF5 |. E8 F6430200
fo.0042F1F0
0040ADFA |. 83C4 0C
0040ADFD |> 8BE5
0040ADFF |. 5D

MOV EDX,DWORD PTR SS:[ARG.1]


MOV EAX,DWORD PTR DS:[EDX+20]
PUSH EAX
CALL 0040ADB0

; /Arg1
; \SystemIn

ADD ESP,4
MOV ECX,DWORD
MOV DWORD PTR
MOV EDX,DWORD
MOV DWORD PTR
MOV DWORD PTR
MOV EAX,DWORD
MOV ECX,DWORD
MOV DWORD PTR
POP ECX
MOV ESP,EBP
POP EBP
RETN 4
INT3
INT3
PUSH EBP

; SystemInf

PTR SS:[LOCAL.22]
DS:[ECX+20],EAX
PTR SS:[LOCAL.22]
DS:[EDX+24],0
SS:[LOCAL.1],-1
PTR SS:[LOCAL.22]
PTR SS:[LOCAL.3]
FS:[0],ECX

MOV EBP,ESP
SUB ESP,0C
CMP DWORD PTR SS:[ARG.1],0
JNE SHORT 0040ADC2
XOR EAX,EAX
JMP SHORT 0040ADFD
JMP SHORT 0040ADFD
MOV EAX,DWORD PTR SS:[ARG.1]
PUSH EAX

; /Arg1 =>

CALL 0042E280

; \SystemIn

ADD ESP,4
ADD EAX,1
MOV DWORD PTR SS:[LOCAL.1],EAX
MOV ECX,DWORD PTR SS:[LOCAL.1]
PUSH ECX

; /Arg1 =>

CALL 0042D84C

; \SystemIn

ADD ESP,4
MOV DWORD PTR
MOV EDX,DWORD
MOV DWORD PTR
MOV EAX,DWORD
PUSH EAX

SS:[LOCAL.3],EAX
PTR SS:[LOCAL.3]
SS:[LOCAL.2],EDX
PTR SS:[LOCAL.1]
; /Arg3 =>

MOV ECX,DWORD PTR SS:[ARG.1]


PUSH ECX

; |
; |Arg2 =>

MOV EDX,DWORD PTR SS:[LOCAL.2]


PUSH EDX

; |
; |Arg1 =>

CALL 0042F1F0

; \SystemIn

ADD ESP,0C
MOV ESP,EBP
POP EBP

0040AE00 \. C3
0040AE01
CC
0040AE02
CC
0040AE03
CC
0040AE04
CC
0040AE05
CC
0040AE06
CC
0040AE07
CC
0040AE08
CC
0040AE09
CC
0040AE0A
CC
0040AE0B
CC
0040AE0C
CC
0040AE0D
CC
0040AE0E
CC
0040AE0F
CC
0040AE10 /$ 55
o.0040AE10(guessed
0040AE11 |. 8BEC
0040AE13 |. 8B45
0040AE16 |. 8A4D
0040AE19 |. 8808
0040AE1B |. 8B45
0040AE1E |. 5D
0040AE1F \. C3
0040AE20 /$ 55
o.0040AE20(guessed
0040AE21 |. 8BEC
0040AE23 |. 83EC
0040AE26 |. 8B45
0040AE29 |. 8A08
0040AE2B |. 884D
0040AE2E |. 8B55
0040AE31 |. 8B02
0040AE33 |. 8B4D
0040AE36 |. 0348
0040AE39 |. 894D
0040AE3C |. 8B55
0040AE3F |. 8A42
0040AE42 |. 8845
0040AE45 |. 8B4D
0040AE48 |. 8A55
0040AE4B |. 8851
0040AE4E |. 8B45
0040AE51 |. 8BE5
0040AE53 |. 5D
0040AE54 \. C3
0040AE55
CC
0040AE56
CC
0040AE57
CC
0040AE58
CC
0040AE59
CC
0040AE5A
CC
0040AE5B
CC
0040AE5C
CC
0040AE5D
CC
0040AE5E
CC
0040AE5F
CC
0040AE60 /$ 55
0040AE61 |. 8BEC

RETN
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
Arg1,Arg2)
MOV EBP,ESP
08
MOV EAX,DWORD PTR SS:[ARG.1]
0C
MOV CL,BYTE PTR SS:[ARG.2]
MOV BYTE PTR DS:[EAX],CL
08
MOV EAX,DWORD PTR SS:[ARG.1]
POP EBP
RETN
PUSH EBP
Arg1,Arg2)
MOV EBP,ESP
0C
SUB ESP,0C
0C
MOV EAX,DWORD PTR SS:[ARG.2]
MOV CL,BYTE PTR DS:[EAX]
F7
MOV BYTE PTR SS:[LOCAL.3+3],CL
08
MOV EDX,DWORD PTR SS:[ARG.1]
MOV EAX,DWORD PTR DS:[EDX]
08
MOV ECX,DWORD PTR SS:[ARG.1]
04
ADD ECX,DWORD PTR DS:[EAX+4]
F8
MOV DWORD PTR SS:[LOCAL.2],ECX
F8
MOV EDX,DWORD PTR SS:[LOCAL.2]
30
MOV AL,BYTE PTR DS:[EDX+30]
FF
MOV BYTE PTR SS:[LOCAL.1+3],AL
F8
MOV ECX,DWORD PTR SS:[LOCAL.2]
F7
MOV DL,BYTE PTR SS:[LOCAL.3+3]
30
MOV BYTE PTR DS:[ECX+30],DL
08
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP

; SystemInf

; SystemInf

0040AE63 |.
0040AE65 |.
0040AE6A |.
0040AE70 |.
0040AE71 |.
0040AE72 |.
0040AE78 |.
0040AE79 |.
0040AE7A |.
0040AE7B |.
0040AE80 |.
0040AE82 |.
0040AE83 |.
0040AE86 |.
0040AE8C |.
0040AE8F |.
0040AE96 |.
0040AE99 |.
0040AE9C |.
0040AE9F |.
0040AEA2 |.
0040AEA4 |.
0040AEA7 |.
0040AEAA |.
0040AEAE |.
0040AEB1 |.
0040AEB5 |.
0040AEB7 |.
0040AEBA |.
0040AEBC |.
0040AEBF |.
0040AEC2 |.
0040AEC6 |.
0040AEC9 |.
0040AECC |.
0040AECF |.
0040AED1 |.
0040AED4 |.
0040AED6 |.
0040AED9 |.
0040AEDC |.
0040AEE0 |.
0040AEE3 |.
0040AEE6 |.
0040AEE9 |.
0040AEEF |.
0040AEF1 |>
0040AEFB |>
0040AF01 |.
0040AF04 |.
0040AF07 |.
[ARG.1]
0040AF08 |.
0040AF0B |.
fo.0040FDA0
0040AF10 |.
0040AF17 |.
0040AF1A |.
0040AF1D |.
0040AF21 |.

6A FF
68 E0554400
64:A1 0000000
50
51
81EC 94010000
53
56
57
A1 A0154500
33C5
50
8D45 F4
64:A3 0000000
8965 F0
C745 EC 00000
8B45 0C
8B48 14
894D DC
8B55 08
8B02
8B48 04
8B55 08
8B440A 18
8945 B8
837D B8 00
7E 3A
8B4D 08
8B11
8B42 04
8B4D 08
8B5401 18
8955 B4
8B45 B4
3B45 DC
76 20
8B4D 08
8B11
8B42 04
8B4D 08
8B5401 18
8955 B0
8B45 B0
2B45 DC
8985 74FEFFFF
EB 0A
C785 74FEFFFF
8B8D 74FEFFFF
894D E8
8B55 08
52

PUSH -1
PUSH 004455E0
MOV EAX,DWORD PTR FS:[0]
PUSH EAX
PUSH ECX
SUB ESP,194
PUSH EBX
PUSH ESI
PUSH EDI
MOV EAX,DWORD PTR DS:[4515A0]
XOR EAX,EBP
PUSH EAX
LEA EAX,[LOCAL.3]
MOV DWORD PTR FS:[0],EAX
MOV DWORD PTR SS:[LOCAL.4],ESP
MOV DWORD PTR SS:[LOCAL.5],0
MOV EAX,DWORD PTR SS:[ARG.2]
MOV ECX,DWORD PTR DS:[EAX+14]
MOV DWORD PTR SS:[LOCAL.9],ECX
MOV EDX,DWORD PTR SS:[ARG.1]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR DS:[EAX+4]
MOV EDX,DWORD PTR SS:[ARG.1]
MOV EAX,DWORD PTR DS:[ECX+EDX+18]
MOV DWORD PTR SS:[LOCAL.18],EAX
CMP DWORD PTR SS:[LOCAL.18],0
JLE SHORT 0040AEF1
MOV ECX,DWORD PTR SS:[ARG.1]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR DS:[EDX+4]
MOV ECX,DWORD PTR SS:[ARG.1]
MOV EDX,DWORD PTR DS:[EAX+ECX+18]
MOV DWORD PTR SS:[LOCAL.19],EDX
MOV EAX,DWORD PTR SS:[LOCAL.19]
CMP EAX,DWORD PTR SS:[LOCAL.9]
JBE SHORT 0040AEF1
MOV ECX,DWORD PTR SS:[ARG.1]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR DS:[EDX+4]
MOV ECX,DWORD PTR SS:[ARG.1]
MOV EDX,DWORD PTR DS:[EAX+ECX+18]
MOV DWORD PTR SS:[LOCAL.20],EDX
MOV EAX,DWORD PTR SS:[LOCAL.20]
SUB EAX,DWORD PTR SS:[LOCAL.9]
MOV DWORD PTR SS:[LOCAL.99],EAX
JMP SHORT 0040AEFB
MOV DWORD PTR SS:[LOCAL.99],0
MOV ECX,DWORD PTR SS:[LOCAL.99]
MOV DWORD PTR SS:[LOCAL.6],ECX
MOV EDX,DWORD PTR SS:[ARG.1]
PUSH EDX

; /Arg1 =>

8D4D E0
E8 904E0000

LEA ECX,[LOCAL.8]
CALL 0040FDA0

; |
; \SystemIn

C745 FC 00000
8A45 E4
8845 9F
0FB64D 9F
85C9

MOV DWORD PTR SS:[LOCAL.1],0


MOV AL,BYTE PTR SS:[LOCAL.7]
MOV BYTE PTR SS:[LOCAL.25+3],AL
MOVZX ECX,BYTE PTR SS:[LOCAL.25+3]
TEST ECX,ECX

0040AF23 |.
0040AF25 |.
0040AF28 |.
0040AF2B |.
0040AF2E |.
0040AF33 |>
0040AF37 |.
0040AF3A |.
0040AF3C |.
0040AF3F |.
0040AF42 |.
0040AF46 |.
0040AF49 |.
0040AF4C |.
0040AF52 |.
0040AF55 |.
0040AF57 |.
0040AF59 |>
0040AF5C |.
0040AF5F |.
0040AF62 |>
0040AF66 |.
0040AF68 |.
0040AF6B |.
0040AF6D |.
0040AF70 |.
0040AF73 |.
0040AF77 |.
0040AF7A |.
0040AF7D |.
0040AF7F |.
0040AF82 |.
0040AF85 |.
0040AF89 |.
0040AF8C |.
0040AF90 |.
0040AF91 |.
0040AF94 |.
fo.0040FC10
0040AF99 |.
0040AF9F |.
0040AFA5 |.
0040AFA8 |.
0040AFAF |.
0040AFB2 |.
0040AFB4 |.
0040AFB7 |.
0040AFBA |.
0040AFBD |.
0040AFBF |.^
0040AFC1 |.
0040AFC4 |.
0040AFC7 |.
0040AFCA |.
0040AFCC |>^
0040AFCE |>
0040AFD2 |.
0040AFD8 |.
0040AFDF |.
0040AFE1 |>

75 0E
8B55 EC
83CA 04
8955 EC
E9 A4020000
C645 FC 01
8B45 08
8B08
8B51 04
8B45 08
8B4C10 10
894D 98
8B55 98
81E2 C0010000
83FA 40
74 77
EB 09
8B45 E8
83E8 01
8945 E8
837D E8 00
76 66
8B4D 08
8B11
8B42 04
8B4D 08
8A5401 30
8855 97
8B45 08
8B08
8B51 04
8B45 08
8B4C10 28
894D 90
0FB655 97
52
8B4D 90
E8 774C0000

JNE SHORT 0040AF33


MOV EDX,DWORD PTR SS:[LOCAL.5]
OR EDX,00000004
MOV DWORD PTR SS:[LOCAL.5],EDX
JMP 0040B1D7
MOV BYTE PTR SS:[LOCAL.1],1
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR DS:[ECX+4]
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ECX,DWORD PTR DS:[EDX+EAX+10]
MOV DWORD PTR SS:[LOCAL.26],ECX
MOV EDX,DWORD PTR SS:[LOCAL.26]
AND EDX,000001C0
CMP EDX,40
JE SHORT 0040AFCE
JMP SHORT 0040AF62
/MOV EAX,DWORD PTR SS:[EBP-18]
|SUB EAX,1
|MOV DWORD PTR SS:[EBP-18],EAX
|CMP DWORD PTR SS:[EBP-18],0
|JBE SHORT 0040AFCE
|MOV ECX,DWORD PTR SS:[EBP+8]
|MOV EDX,DWORD PTR DS:[ECX]
|MOV EAX,DWORD PTR DS:[EDX+4]
|MOV ECX,DWORD PTR SS:[EBP+8]
|MOV DL,BYTE PTR DS:[EAX+ECX+30]
|MOV BYTE PTR SS:[EBP-69],DL
|MOV EAX,DWORD PTR SS:[EBP+8]
|MOV ECX,DWORD PTR DS:[EAX]
|MOV EDX,DWORD PTR DS:[ECX+4]
|MOV EAX,DWORD PTR SS:[EBP+8]
|MOV ECX,DWORD PTR DS:[EDX+EAX+28]
|MOV DWORD PTR SS:[EBP-70],ECX
|MOVZX EDX,BYTE PTR SS:[EBP-69]
|PUSH EDX
|MOV ECX,DWORD PTR SS:[EBP-70]
|CALL 0040FC10

8985 70FEFFFF
8B85 70FEFFFF
8945 D4
C745 D0 FFFFF
8B4D D0
33D2
3B4D D4
0F94C2
0FB6C2
85C0
74 0B
8B4D EC
83C9 04
894D EC
EB 02
EB 8B
837D EC 00
0F85 B4000000
C745 D8 00000
EB 09
8B55 D8

|MOV DWORD PTR SS:[EBP-190],EAX


|MOV EAX,DWORD PTR SS:[EBP-190]
|MOV DWORD PTR SS:[EBP-2C],EAX
|MOV DWORD PTR SS:[EBP-30],-1
|MOV ECX,DWORD PTR SS:[EBP-30]
|XOR EDX,EDX
|CMP ECX,DWORD PTR SS:[EBP-2C]
|SETE DL
|MOVZX EAX,DL
|TEST EAX,EAX
|JE SHORT 0040AFCC
|MOV ECX,DWORD PTR SS:[EBP-14]
|OR ECX,00000004
|MOV DWORD PTR SS:[EBP-14],ECX
|JMP SHORT 0040AFCE
\JMP SHORT 0040AF59
CMP DWORD PTR SS:[EBP-14],0
JNE 0040B08C
MOV DWORD PTR SS:[EBP-28],0
JMP SHORT 0040AFEA
/MOV EDX,DWORD PTR SS:[EBP-28]

; /Arg1
; |
; \SystemIn

0040AFE4 |.
0040AFE7 |.
0040AFEA |>
0040AFED |.
0040AFF0 |.
0040AFF6 |.
0040AFF9 |.
0040AFFC |.
0040AFFF |.
0040B001 |.
0040B006 |>
0040B008 |.^
0040B00A |.
0040B00D |.
0040B011 |.
0040B013 |.
0040B016 |.
0040B019 |.
0040B01F |.
0040B021 |>
0040B024 |.
0040B027 |.
0040B02D |>
0040B030 |.
0040B032 |.
0040B035 |.
0040B038 |.
0040B03C |.
0040B03F |.
0040B045 |.
0040B048 |.
0040B04B |.
0040B04C |.
0040B04F |.
fo.0040FC10
0040B054 |.
0040B05A |.
0040B060 |.
0040B063 |.
0040B06A |.
0040B06D |.
0040B06F |.
0040B072 |.
0040B075 |.
0040B078 |.
0040B07A |.^
0040B07C |.
0040B07F |.
0040B082 |.
0040B085 |.
0040B087 |>^
0040B08C |>
0040B090 |.
0040B096 |.
0040B098 |>
0040B09B |.
0040B09E |.
0040B0A1 |>
0040B0A5 |.
0040B0A7 |.

83C2 01
8955 D8
8B45 D8
3B45 DC
0F83 96000000
8B4D 0C
8B55 D8
3B51 14
76 05
E8 82380200
33C0
75 FC
8B4D 0C
8379 18 10
72 0E
8B55 0C
8B42 04
8985 6CFEFFFF
EB 0C
8B4D 0C
83C1 04
898D 6CFEFFFF
8B55 08
8B02
8B48 04
8B55 08
8B440A 28
8945 84
8B8D 6CFEFFFF
034D D8
0FB611
52
8B4D 84
E8 BC4B0000

|ADD EDX,1
|MOV DWORD PTR SS:[EBP-28],EDX
|MOV EAX,DWORD PTR SS:[EBP-28]
|CMP EAX,DWORD PTR SS:[EBP-24]
|JNB 0040B08C
|MOV ECX,DWORD PTR SS:[EBP+0C]
|MOV EDX,DWORD PTR SS:[EBP-28]
|CMP EDX,DWORD PTR DS:[ECX+14]
|JBE SHORT 0040B006
|CALL 0042E888
|/XOR EAX,EAX
|\JNE SHORT 0040B006
|MOV ECX,DWORD PTR SS:[EBP+0C]
|CMP DWORD PTR DS:[ECX+18],10
|JB SHORT 0040B021
|MOV EDX,DWORD PTR SS:[EBP+0C]
|MOV EAX,DWORD PTR DS:[EDX+4]
|MOV DWORD PTR SS:[EBP-194],EAX
|JMP SHORT 0040B02D
|MOV ECX,DWORD PTR SS:[EBP+0C]
|ADD ECX,4
|MOV DWORD PTR SS:[EBP-194],ECX
|MOV EDX,DWORD PTR SS:[EBP+8]
|MOV EAX,DWORD PTR DS:[EDX]
|MOV ECX,DWORD PTR DS:[EAX+4]
|MOV EDX,DWORD PTR SS:[EBP+8]
|MOV EAX,DWORD PTR DS:[ECX+EDX+28]
|MOV DWORD PTR SS:[EBP-7C],EAX
|MOV ECX,DWORD PTR SS:[EBP-194]
|ADD ECX,DWORD PTR SS:[EBP-28]
|MOVZX EDX,BYTE PTR DS:[ECX]
|PUSH EDX
|MOV ECX,DWORD PTR SS:[EBP-7C]
|CALL 0040FC10

8985 68FEFFFF
8B85 68FEFFFF
8945 CC
C745 C8 FFFFF
8B4D C8
33D2
3B4D CC
0F94C2
0FB6C2
85C0
74 0B
8B4D EC
83C9 04
894D EC
EB 05
E9 55FFFFFF
837D EC 00
0F85 86000000
EB 09
8B55 E8
83EA 01
8955 E8
837D E8 00
76 75
8B45 08

|MOV DWORD PTR SS:[EBP-198],EAX


|MOV EAX,DWORD PTR SS:[EBP-198]
|MOV DWORD PTR SS:[EBP-34],EAX
|MOV DWORD PTR SS:[EBP-38],-1
|MOV ECX,DWORD PTR SS:[EBP-38]
|XOR EDX,EDX
|CMP ECX,DWORD PTR SS:[EBP-34]
|SETE DL
|MOVZX EAX,DL
|TEST EAX,EAX
|JE SHORT 0040B087
|MOV ECX,DWORD PTR SS:[EBP-14]
|OR ECX,00000004
|MOV DWORD PTR SS:[EBP-14],ECX
|JMP SHORT 0040B08C
\JMP 0040AFE1
CMP DWORD PTR SS:[EBP-14],0
JNE 0040B11C
JMP SHORT 0040B0A1
/MOV EDX,DWORD PTR SS:[EBP-18]
|SUB EDX,1
|MOV DWORD PTR SS:[EBP-18],EDX
|CMP DWORD PTR SS:[EBP-18],0
|JBE SHORT 0040B11C
|MOV EAX,DWORD PTR SS:[EBP+8]

; /Arg1
; |
; \SystemIn

0040B0AA |.
0040B0AC |.
0040B0AF |.
0040B0B2 |.
0040B0B6 |.
0040B0BC |.
0040B0BF |.
0040B0C1 |.
0040B0C4 |.
0040B0C7 |.
0040B0CB |.
0040B0D1 |.
0040B0D8 |.
0040B0D9 |.
0040B0DF |.
fo.0040FC10
0040B0E4 |.
0040B0EA |.
0040B0F0 |.
0040B0F3 |.
0040B0FA |.
0040B0FD |.
0040B0FF |.
0040B102 |.
0040B105 |.
0040B108 |.
0040B10A |.^
0040B10C |.
0040B10F |.
0040B112 |.
0040B115 |.
0040B117 |>^
0040B11C |>
0040B11F |.
0040B121 |.
0040B124 |.
0040B127 |.
0040B12D |.
0040B133 |.
0040B136 |.
0040B13C |.
0040B142 |.
0040B149 \.
0040B14E /.
0040B151 |.
0040B153 |.
0040B156 |.
0040B159 |.
0040B15F |.
0040B164 |.
0040B166 |.
0040B168 |.
0040B16E |.
0040B171 |.
0040B177 |.
0040B17D |.
0040B180 |.
0040B186 |.
0040B18C |.
0040B190 |.

8B08
8B51 04
8B45 08
8A4C10 30
888D 7BFFFFFF
8B55 08
8B02
8B48 04
8B55 08
8B440A 28
8985 74FFFFFF
0FB68D 7BFFFF
51
8B8D 74FFFFFF
E8 2C4B0000

|MOV ECX,DWORD PTR DS:[EAX]


|MOV EDX,DWORD PTR DS:[ECX+4]
|MOV EAX,DWORD PTR SS:[EBP+8]
|MOV CL,BYTE PTR DS:[EDX+EAX+30]
|MOV BYTE PTR SS:[EBP-85],CL
|MOV EDX,DWORD PTR SS:[EBP+8]
|MOV EAX,DWORD PTR DS:[EDX]
|MOV ECX,DWORD PTR DS:[EAX+4]
|MOV EDX,DWORD PTR SS:[EBP+8]
|MOV EAX,DWORD PTR DS:[ECX+EDX+28]
|MOV DWORD PTR SS:[EBP-8C],EAX
|MOVZX ECX,BYTE PTR SS:[EBP-85]
|PUSH ECX
|MOV ECX,DWORD PTR SS:[EBP-8C]
|CALL 0040FC10

8985 64FEFFFF
8B95 64FEFFFF
8955 C4
C745 C0 FFFFF
8B45 C0
33C9
3B45 C4
0F94C1
0FB6D1
85D2
74 0B
8B45 EC
83C8 04
8945 EC
EB 05
E9 7CFFFFFF
8B4D 08
8B11
8B45 08
0342 04
8985 64FFFFFF
8B8D 64FFFFFF
8B51 18
8995 68FFFFFF
8B85 64FFFFFF
C740 18 00000
E9 82000000
8B4D 08
8B11
8B45 08
0342 04
8985 58FFFFFF
B9 04000000
85C9
74 5B
8B95 58FFFFFF
8B42 08
8985 60FFFFFF
8B8D 60FFFFFF
83C9 04
898D 5CFFFFFF
8B95 58FFFFFF
837A 28 00
75 11

|MOV DWORD PTR SS:[EBP-19C],EAX


|MOV EDX,DWORD PTR SS:[EBP-19C]
|MOV DWORD PTR SS:[EBP-3C],EDX
|MOV DWORD PTR SS:[EBP-40],-1
|MOV EAX,DWORD PTR SS:[EBP-40]
|XOR ECX,ECX
|CMP EAX,DWORD PTR SS:[EBP-3C]
|SETE CL
|MOVZX EDX,CL
|TEST EDX,EDX
|JE SHORT 0040B117
|MOV EAX,DWORD PTR SS:[EBP-14]
|OR EAX,00000004
|MOV DWORD PTR SS:[EBP-14],EAX
|JMP SHORT 0040B11C
\JMP 0040B098
MOV ECX,DWORD PTR SS:[EBP+8]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[EBP+8]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[EBP-9C],EAX
MOV ECX,DWORD PTR SS:[EBP-9C]
MOV EDX,DWORD PTR DS:[ECX+18]
MOV DWORD PTR SS:[EBP-98],EDX
MOV EAX,DWORD PTR SS:[EBP-9C]
MOV DWORD PTR DS:[EAX+18],0
JMP 0040B1D0
MOV ECX,DWORD PTR SS:[EBP+8]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[EBP+8]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[EBP-0A8],EAX
MOV ECX,4
TEST ECX,ECX
JE SHORT 0040B1C3
MOV EDX,DWORD PTR SS:[EBP-0A8]
MOV EAX,DWORD PTR DS:[EDX+8]
MOV DWORD PTR SS:[EBP-0A0],EAX
MOV ECX,DWORD PTR SS:[EBP-0A0]
OR ECX,00000004
MOV DWORD PTR SS:[EBP-0A4],ECX
MOV EDX,DWORD PTR SS:[EBP-0A8]
CMP DWORD PTR DS:[EDX+28],0
JNE SHORT 0040B1A3

; /Arg1
; |
; \SystemIn

0040B192 |.
0040B198 |.
0040B19B |.
0040B1A1 |.
0040B1A3 |>
0040B1A9 |.
0040B1AF |>
0040B1B1 |.
0040B1B7 |.
[ARG.EBP-1A0]
0040B1B8 |.
0040B1BE |.
fo.004083E0
0040B1C3 |>
0040B1CA |.
0040B1CF \.
0040B1D0 />
0040B1D7 |>
0040B1DA |.
0040B1DC |.
0040B1DF |.
0040B1E2 |.
0040B1E8 |.
0040B1EC |.
0040B1EE |.
0040B1F4 |.
0040B1F7 |.
0040B1FD |.
0040B203 |.
0040B206 |.
0040B20C |.
0040B212 |.
0040B216 |.
0040B218 |.
0040B21E |.
0040B221 |.
0040B227 |.
0040B229 |>
0040B22F |.
0040B235 |>
0040B237 |.
0040B23D |.
0040B23E |.
0040B244 |.
fo.004083E0
0040B249 |>
0040B24C |.
0040B24F |.
0040B256 |.
0040B25B |.
0040B25E |.
0040B260 |.
0040B262 |.
0040B265 |.
0040B26A |>
0040B271 |.
0040B274 |.
0040B279 |.
0040B27C |.
0040B27F |.

8B85 5CFFFFFF
83C8 04
8985 60FEFFFF
EB 0C
8B8D 5CFFFFFF
898D 60FEFFFF
6A 01
8B95 60FEFFFF
52

MOV EAX,DWORD PTR SS:[EBP-0A4]


OR EAX,00000004
MOV DWORD PTR SS:[EBP-1A0],EAX
JMP SHORT 0040B1AF
MOV ECX,DWORD PTR SS:[EBP-0A4]
MOV DWORD PTR SS:[EBP-1A0],ECX
PUSH 1
MOV EDX,DWORD PTR SS:[EBP-1A0]
PUSH EDX

; /Arg2 = 1
; |
; |Arg1 =>

8B8D 58FFFFFF MOV ECX,DWORD PTR SS:[EBP-0A8]


E8 1DD2FFFF CALL 004083E0

; |
; \SystemIn

C745 FC 00000
B8 D7B14000
C3
C745 FC 00000
8B45 08
8B08
8B55 08
0351 04
8995 80FEFFFF
837D EC 00
74 5B
8B85 80FEFFFF
8B48 08
898D 54FFFFFF
8B95 54FFFFFF
0B55 EC
8995 84FEFFFF
8B85 80FEFFFF
8378 28 00
75 11
8B8D 84FEFFFF
83C9 04
898D 5CFEFFFF
EB 0C
8B95 84FEFFFF
8995 5CFEFFFF
6A 00
8B85 5CFEFFFF
50
8B8D 80FEFFFF
E8 97D1FFFF

MOV DWORD PTR SS:[EBP-4],0


MOV EAX,0040B1D7
RETN
MOV DWORD PTR SS:[EBP-4],0
MOV EAX,DWORD PTR SS:[EBP+8]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[EBP+8]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[EBP-180],EDX
CMP DWORD PTR SS:[EBP-14],0
JE SHORT 0040B249
MOV EAX,DWORD PTR SS:[EBP-180]
MOV ECX,DWORD PTR DS:[EAX+8]
MOV DWORD PTR SS:[EBP-0AC],ECX
MOV EDX,DWORD PTR SS:[EBP-0AC]
OR EDX,DWORD PTR SS:[EBP-14]
MOV DWORD PTR SS:[EBP-17C],EDX
MOV EAX,DWORD PTR SS:[EBP-180]
CMP DWORD PTR DS:[EAX+28],0
JNE SHORT 0040B229
MOV ECX,DWORD PTR SS:[EBP-17C]
OR ECX,00000004
MOV DWORD PTR SS:[EBP-1A4],ECX
JMP SHORT 0040B235
MOV EDX,DWORD PTR SS:[EBP-17C]
MOV DWORD PTR SS:[EBP-1A4],EDX
PUSH 0
MOV EAX,DWORD PTR SS:[EBP-1A4]
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP-180]
CALL 004083E0

;
;
;
;
;

8B4D 08
894D BC
C745 FC 03000
E8 53250200
0FB6D0
85D2
75 08
8B4D E0
E8 164F0000
C745 FC FFFFF
8D4D E0
E8 F74F0000
8B45 BC
8B4D F4
64:890D 00000

MOV ECX,DWORD PTR SS:[EBP+8]


MOV DWORD PTR SS:[EBP-44],ECX
MOV DWORD PTR SS:[EBP-4],3
CALL 0042D7AE
MOVZX EDX,AL
TEST EDX,EDX
JNE SHORT 0040B26A
MOV ECX,DWORD PTR SS:[EBP-20]
CALL 00410180
MOV DWORD PTR SS:[EBP-4],-1
LEA ECX,[EBP-20]
CALL 00410270
MOV EAX,DWORD PTR SS:[EBP-44]
MOV ECX,DWORD PTR SS:[EBP-0C]
MOV DWORD PTR FS:[0],ECX

/Arg2 = 0
|
|Arg1
|
\SystemIn

0040B286 |. 59
POP ECX
0040B287 |. 5F
POP EDI
0040B288 |. 5E
POP ESI
0040B289 |. 5B
POP EBX
0040B28A |. 8BE5
MOV ESP,EBP
0040B28C |. 5D
POP EBP
0040B28D \. C3
RETN
0040B28E
CC
INT3
0040B28F
CC
INT3
0040B290 /$ 55
PUSH EBP
o.0040B290(guessed Arg1,Arg2)
0040B291 |. 8BEC
MOV EBP,ESP
0040B293 |. 83EC 60
SUB ESP,60
0040B296 |. 894D A0
MOV DWORD PTR SS:[LOCAL.24],ECX
0040B299 |. 8D45 F7
LEA EAX,[LOCAL.3+3]
0040B29C |. 8945 F8
MOV DWORD PTR SS:[LOCAL.2],EAX
0040B29F |. 6A 00
PUSH 0
0040B2A1 |. 6A 00
PUSH 0
0040B2A3 |. 8B4D A0
MOV ECX,DWORD PTR SS:[LOCAL.24]
0040B2A6 |. E8 B5480000 CALL 0040FB60
fo.0040FB60
0040B2AB |. 8B4D 08
MOV ECX,DWORD PTR SS:[ARG.1]
0040B2AE |. 51
PUSH ECX
[ARG.1]
0040B2AF |. E8 CC2F0200 CALL 0042E280
fo.0042E280
0040B2B4 |. 83C4 04
ADD ESP,4
0040B2B7 |. 8945 DC
MOV DWORD PTR SS:[LOCAL.9],EAX
0040B2BA |. 8B55 DC
MOV EDX,DWORD PTR SS:[LOCAL.9]
0040B2BD |. 52
PUSH EDX
[LOCAL.9]
0040B2BE |. 8B45 08
MOV EAX,DWORD PTR SS:[ARG.1]
0040B2C1 |. 50
PUSH EAX
[ARG.1]
0040B2C2 |. 8B4D A0
MOV ECX,DWORD PTR SS:[LOCAL.24]
0040B2C5 |. E8 863E0000 CALL 0040F150
fo.0040F150
0040B2CA |. 8B4D A0
MOV ECX,DWORD PTR SS:[LOCAL.24]
0040B2CD |. C741 1C 00000 MOV DWORD PTR DS:[ECX+1C],0
0040B2D4 |. 8B55 A0
MOV EDX,DWORD PTR SS:[LOCAL.24]
0040B2D7 |. C742 20 00000 MOV DWORD PTR DS:[EDX+20],0
0040B2DE |. 8B45 A0
MOV EAX,DWORD PTR SS:[LOCAL.24]
0040B2E1 |. C740 24 00000 MOV DWORD PTR DS:[EAX+24],0
0040B2E8 |. 8B45 A0
MOV EAX,DWORD PTR SS:[LOCAL.24]
0040B2EB |. 8BE5
MOV ESP,EBP
0040B2ED |. 5D
POP EBP
0040B2EE \. C2 0800
RETN 8
0040B2F1
CC
INT3
0040B2F2
CC
INT3
0040B2F3
CC
INT3
0040B2F4
CC
INT3
0040B2F5
CC
INT3
0040B2F6
CC
INT3
0040B2F7
CC
INT3
0040B2F8
CC
INT3
0040B2F9
CC
INT3
0040B2FA
CC
INT3
0040B2FB
CC
INT3
0040B2FC
CC
INT3
0040B2FD
CC
INT3

; SystemInf

;
;
;
;

/Arg2 = 0
|Arg1 = 0
|
\SystemIn

; /Arg1 =>
; \SystemIn

; /Arg2 =>
; |
; |Arg1 =>
; |
; \SystemIn

0040B2FE
CC
INT3
0040B2FF
CC
INT3
0040B300 /$ 55
PUSH EBP
o.0040B300(guessed Arg1,Arg2,Arg3)
0040B301 |. 8BEC
MOV EBP,ESP
0040B303 |. 83EC 40
SUB ESP,40
0040B306 |. 894D C0
MOV DWORD PTR SS:[LOCAL.16],ECX
0040B309 |. 8D45 F7
LEA EAX,[LOCAL.3+3]
0040B30C |. 8945 F8
MOV DWORD PTR SS:[LOCAL.2],EAX
0040B30F |. 6A 00
PUSH 0
0040B311 |. 6A 00
PUSH 0
0040B313 |. 8B4D C0
MOV ECX,DWORD PTR SS:[LOCAL.16]
0040B316 |. E8 45480000 CALL 0040FB60
fo.0040FB60
0040B31B |. 0FB64D 0C
MOVZX ECX,BYTE PTR SS:[ARG.2]
0040B31F |. 51
PUSH ECX
0040B320 |. 8B55 08
MOV EDX,DWORD PTR SS:[ARG.1]
0040B323 |. 52
PUSH EDX
[ARG.1]
0040B324 |. 8B4D C0
MOV ECX,DWORD PTR SS:[LOCAL.16]
0040B327 |. E8 143F0000 CALL 0040F240
fo.0040F240
0040B32C |. 8B45 C0
MOV EAX,DWORD PTR SS:[LOCAL.16]
0040B32F |. C740 1C 00000 MOV DWORD PTR DS:[EAX+1C],0
0040B336 |. 8B4D C0
MOV ECX,DWORD PTR SS:[LOCAL.16]
0040B339 |. C741 20 00000 MOV DWORD PTR DS:[ECX+20],0
0040B340 |. 8B55 C0
MOV EDX,DWORD PTR SS:[LOCAL.16]
0040B343 |. C742 24 00000 MOV DWORD PTR DS:[EDX+24],0
0040B34A |. 8B45 C0
MOV EAX,DWORD PTR SS:[LOCAL.16]
0040B34D |. 8BE5
MOV ESP,EBP
0040B34F |. 5D
POP EBP
0040B350 \. C2 0C00
RETN 0C
0040B353
CC
INT3
0040B354
CC
INT3
0040B355
CC
INT3
0040B356
CC
INT3
0040B357
CC
INT3
0040B358
CC
INT3
0040B359
CC
INT3
0040B35A
CC
INT3
0040B35B
CC
INT3
0040B35C
CC
INT3
0040B35D
CC
INT3
0040B35E
CC
INT3
0040B35F
CC
INT3
0040B360 /$ 55
PUSH EBP
o.0040B360(guessed void)
0040B361 |. 8BEC
MOV EBP,ESP
0040B363 |. 6A FF
PUSH -1
0040B365 |. 68 08564400 PUSH 00445608
0040B36A |. 64:A1 0000000 MOV EAX,DWORD PTR FS:[0]
0040B370 |. 50
PUSH EAX
0040B371 |. 83EC 24
SUB ESP,24
0040B374 |. A1 A0154500 MOV EAX,DWORD PTR DS:[4515A0]
0040B379 |. 33C5
XOR EAX,EBP
0040B37B |. 50
PUSH EAX
0040B37C |. 8D45 F4
LEA EAX,[EBP-0C]
0040B37F |. 64:A3 0000000 MOV DWORD PTR FS:[0],EAX
0040B385 |. 894D D0
MOV DWORD PTR SS:[EBP-30],ECX
0040B388 |. C745 FC 00000 MOV DWORD PTR SS:[EBP-4],0

; SystemInf

;
;
;
;

/Arg2 = 0
|Arg1 = 0
|
\SystemIn

; /Arg2
; |
; |Arg1 =>
; |
; \SystemIn

; SystemInf

0040B38F |. 8B4D D0
0040B392 |. E8 E9330000
fo.0040E780
0040B397 |. C745 FC FFFFF
0040B39E |. 6A 00
0040B3A0 |. 6A 01
0040B3A2 |. 8B4D D0
0040B3A5 |. E8 B6470000
fo.0040FB60
0040B3AA |. 8B4D F4
0040B3AD |. 64:890D 00000
0040B3B4 |. 59
0040B3B5 |. 8BE5
0040B3B7 |. 5D
0040B3B8 \. C3
0040B3B9
CC
0040B3BA
CC
0040B3BB
CC
0040B3BC
CC
0040B3BD
CC
0040B3BE
CC
0040B3BF
CC
0040B3C0 /$ 55
o.0040B3C0(guessed Arg1)
0040B3C1 |. 8BEC
0040B3C3 |. 83EC 44
0040B3C6 |. 894D BC
0040B3C9 |. 8B4D BC
0040B3CC |. E8 AF330000
fo.0040E780
0040B3D1 |. A1 AC874400
0040B3D6 |. 50
[4487AC] = -1
0040B3D7 |. 6A 00
0040B3D9 |. 8B4D 08
0040B3DC |. 51
[ARG.1]
0040B3DD |. 8B4D BC
0040B3E0 |. E8 3B3C0000
fo.0040F020
0040B3E5 |. 8B55 08
0040B3E8 |. 8B42 1C
0040B3EB |. 50
0040B3EC |. E8 BFF9FFFF
fo.0040ADB0
0040B3F1 |. 83C4 04
0040B3F4 |. 8B4D BC
0040B3F7 |. 8941 1C
0040B3FA |. 8B55 08
0040B3FD |. 8B42 20
0040B400 |. 50
0040B401 |. E8 AAF9FFFF
fo.0040ADB0
0040B406 |. 83C4 04
0040B409 |. 8B4D BC
0040B40C |. 8941 20
0040B40F |. 8B45 BC
0040B412 |. 8BE5
0040B414 |. 5D
0040B415 \. C2 0400

MOV ECX,DWORD PTR SS:[EBP-30]


CALL 0040E780

; [SystemIn

MOV DWORD PTR SS:[EBP-4],-1


PUSH 0
PUSH 1
MOV ECX,DWORD PTR SS:[EBP-30]
CALL 0040FB60

;
;
;
;

MOV ECX,DWORD PTR SS:[EBP-0C]


MOV DWORD PTR FS:[0],ECX
POP ECX
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP

; SystemInf

MOV EBP,ESP
SUB ESP,44
MOV DWORD PTR SS:[LOCAL.17],ECX
MOV ECX,DWORD PTR SS:[LOCAL.17]
CALL 0040E780

; [SystemIn

MOV EAX,DWORD PTR DS:[4487AC]


PUSH EAX

; /Arg3 =>

PUSH 0
MOV ECX,DWORD PTR SS:[ARG.1]
PUSH ECX

; |Arg2 = 0
; |
; |Arg1 =>

MOV ECX,DWORD PTR SS:[LOCAL.17]


CALL 0040F020

; |
; \SystemIn

MOV EDX,DWORD PTR SS:[ARG.1]


MOV EAX,DWORD PTR DS:[EDX+1C]
PUSH EAX
CALL 0040ADB0

; /Arg1
; \SystemIn

ADD ESP,4
MOV ECX,DWORD
MOV DWORD PTR
MOV EDX,DWORD
MOV EAX,DWORD
PUSH EAX
CALL 0040ADB0

; /Arg1
; \SystemIn

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

PTR SS:[LOCAL.17]
DS:[ECX+1C],EAX
PTR SS:[ARG.1]
PTR DS:[EDX+20]

ADD ESP,4
MOV ECX,DWORD PTR SS:[LOCAL.17]
MOV DWORD PTR DS:[ECX+20],EAX
MOV EAX,DWORD PTR SS:[LOCAL.17]
MOV ESP,EBP
POP EBP
RETN 4

0040B418
CC
0040B419
CC
0040B41A
CC
0040B41B
CC
0040B41C
CC
0040B41D
CC
0040B41E
CC
0040B41F
CC
0040B420 /$ 55
0040B421 |. 8BEC
0040B423 |. 83EC 28
0040B426 |. 8B45 18
0040B429 |. 8945 F4
0040B42C |. 8B4D 10
0040B42F |. 894D EC
0040B432 |. 8B55 EC
0040B435 |. 8955 DC
0040B438 |. EB 09
0040B43A |> 8B45 DC
0040B43D |. 83C0 28
0040B440 |. 8945 DC
0040B443 |> 8B4D DC
0040B446 |. 3B4D F4
0040B449 |. 74 1E
0040B44B |. 8B55 1C
0040B44E |. 52
0040B44F |. 8B4D DC
0040B452 |. E8 09410000
fo.0040F560
0040B457 |. F7D8
0040B459 |. 1BC0
0040B45B |. 83C0 01
0040B45E |. 0FB6C0
0040B461 |. 85C0
0040B463 |.^ 74 02
0040B465 |. EB 02
0040B467 |>^ EB D1
0040B469 |> 8B4D DC
0040B46C |. 894D FC
0040B46F |. 8B55 FC
0040B472 |. 8955 D8
0040B475 |. 8B45 D8
0040B478 |. 8945 10
0040B47B |. 8B4D 08
0040B47E |. 8B55 0C
0040B481 |. 8911
0040B483 |. 8B45 10
0040B486 |. 8941 04
0040B489 |. 8B45 08
0040B48C |. 8BE5
0040B48E |. 5D
0040B48F \. C3
0040B490 /$ 55
o.0040B490(guessed Arg1)
0040B491 |. 8BEC
0040B493 |. 6A FF
0040B495 |. 68 38564400
0040B49A |. 64:A1 0000000
0040B4A0 |. 50
0040B4A1 |. 81EC E0000000

INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
SUB ESP,28
MOV EAX,DWORD PTR SS:[ARG.5]
MOV DWORD PTR SS:[LOCAL.3],EAX
MOV ECX,DWORD PTR SS:[ARG.3]
MOV DWORD PTR SS:[LOCAL.5],ECX
MOV EDX,DWORD PTR SS:[LOCAL.5]
MOV DWORD PTR SS:[LOCAL.9],EDX
JMP SHORT 0040B443
/MOV EAX,DWORD PTR SS:[EBP-24]
|ADD EAX,28
|MOV DWORD PTR SS:[EBP-24],EAX
|MOV ECX,DWORD PTR SS:[EBP-24]
|CMP ECX,DWORD PTR SS:[EBP-0C]
|JE SHORT 0040B469
|MOV EDX,DWORD PTR SS:[EBP+1C]
|PUSH EDX
|MOV ECX,DWORD PTR SS:[EBP-24]
|CALL 0040F560

; /Arg1
; |
; \SystemIn

|NEG EAX
|SBB EAX,EAX
|ADD EAX,1
|MOVZX EAX,AL
|TEST EAX,EAX
|JE SHORT 0040B467
|JMP SHORT 0040B469
\JMP SHORT 0040B43A
MOV ECX,DWORD PTR SS:[EBP-24]
MOV DWORD PTR SS:[EBP-4],ECX
MOV EDX,DWORD PTR SS:[EBP-4]
MOV DWORD PTR SS:[EBP-28],EDX
MOV EAX,DWORD PTR SS:[EBP-28]
MOV DWORD PTR SS:[EBP+10],EAX
MOV ECX,DWORD PTR SS:[EBP+8]
MOV EDX,DWORD PTR SS:[EBP+0C]
MOV DWORD PTR DS:[ECX],EDX
MOV EAX,DWORD PTR SS:[EBP+10]
MOV DWORD PTR DS:[ECX+4],EAX
MOV EAX,DWORD PTR SS:[EBP+8]
MOV ESP,EBP
POP EBP
RETN
PUSH EBP

; SystemInf

MOV EBP,ESP
PUSH -1
PUSH 00445638
MOV EAX,DWORD PTR FS:[0]
PUSH EAX
SUB ESP,0E0

0040B4A7 |. A1 A0154500
0040B4AC |. 33C5
0040B4AE |. 50
0040B4AF |. 8D45 F4
0040B4B2 |. 64:A3 0000000
0040B4B8 |. C785 28FFFFFF
0040B4C2 |. 6A 00
0040B4C4 |. 8D4D E8
0040B4C7 |. E8 41230200
fo.0042D80D
0040B4CC |. C745 FC 00000
0040B4D3 |. A1 E0284500
0040B4D8 |. 8945 E4
0040B4DB |. 833D F0284500
0040B4E2 |. 75 36
0040B4E4 |. 6A 00
0040B4E6 |. 8D4D CC
0040B4E9 |. E8 1F230200
fo.0042D80D
0040B4EE |. 833D F0284500
0040B4F5 |. 75 1B
0040B4F7 |. 8B0D 082B4500
0040B4FD |. 83C1 01
0040B500 |. 890D 082B4500
0040B506 |. 8B15 082B4500
0040B50C |. 8915 F0284500
0040B512 |> 8D4D CC
0040B515 |. E8 1B230200
0040B51A |> A1 F0284500
0040B51F |. 8945 EC
0040B522 |. 8B4D EC
0040B525 |. 51
[4528F0] = 0
0040B526 |. 8B4D 08
0040B529 |. E8 A2000000
fo.0040B5D0
0040B52E |. 8945 F0
0040B531 |. 837D F0 00
0040B535 |. 74 02
0040B537 |. EB 69
0040B539 |> 837D E4 00
0040B53D |. 74 08
0040B53F |. 8B55 E4
0040B542 |. 8955 F0
0040B545 |. EB 5B
0040B547 |> 8B45 08
0040B54A |. 50
[ARG.1]
0040B54B |. 8D4D E4
0040B54E |. 51
OFFSET LOCAL.7
0040B54F |. E8 CC020000
fo.0040B820
0040B554 |. 83C4 08
0040B557 |. 83F8 FF
0040B55A |. 75 1D
0040B55C |. 68 78884400
SCII "bad cast"
0040B561 |. 8D4D D4
0040B564 |. E8 1D360200

MOV EAX,DWORD PTR DS:[4515A0]


XOR EAX,EBP
PUSH EAX
LEA EAX,[LOCAL.3]
MOV DWORD PTR FS:[0],EAX
MOV DWORD PTR SS:[LOCAL.54],0
PUSH 0
LEA ECX,[LOCAL.6]
CALL 0042D80D

; /Arg1 = 0
; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.1],0


MOV EAX,DWORD PTR DS:[4528E0]
MOV DWORD PTR SS:[LOCAL.7],EAX
CMP DWORD PTR DS:[4528F0],0
JNE SHORT 0040B51A
PUSH 0
LEA ECX,[LOCAL.13]
CALL 0042D80D

; /Arg1 = 0
; |
; \SystemIn

CMP DWORD PTR DS:[4528F0],0


JNE SHORT 0040B512
MOV ECX,DWORD PTR DS:[452B08]
ADD ECX,1
MOV DWORD PTR DS:[452B08],ECX
MOV EDX,DWORD PTR DS:[452B08]
MOV DWORD PTR DS:[4528F0],EDX
LEA ECX,[LOCAL.13]
CALL 0042D835
MOV EAX,DWORD PTR DS:[4528F0]
MOV DWORD PTR SS:[LOCAL.5],EAX
MOV ECX,DWORD PTR SS:[LOCAL.5]
PUSH ECX

; /Arg1 =>

MOV ECX,DWORD PTR SS:[ARG.1]


CALL 0040B5D0

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.4],EAX


CMP DWORD PTR SS:[LOCAL.4],0
JE SHORT 0040B539
JMP SHORT 0040B5A2
CMP DWORD PTR SS:[LOCAL.7],0
JE SHORT 0040B547
MOV EDX,DWORD PTR SS:[LOCAL.7]
MOV DWORD PTR SS:[LOCAL.4],EDX
JMP SHORT 0040B5A2
MOV EAX,DWORD PTR SS:[ARG.1]
PUSH EAX

; /Arg2 =>

LEA ECX,[LOCAL.7]
PUSH ECX

; |
; |Arg1 =>

CALL 0040B820

; \SystemIn

ADD ESP,8
CMP EAX,-1
JNE SHORT 0040B579
PUSH OFFSET 00448878

; /Arg1 = A

LEA ECX,[LOCAL.11]
CALL 0042EB86

; |
; \SystemIn

fo.0042EB86
0040B569 |. 68 CCD74400
ystemInfo.44D7CC
0040B56E |. 8D55 D4
0040B571 |. 52
OFFSET LOCAL.11
0040B572 |. E8 AE330200
fo.0042E925
0040B577 |. EB 29
0040B579 |> 8B45 E4
0040B57C |. 8945 F0
0040B57F |. 8B4D E4
0040B582 |. 890D E0284500
0040B588 |. 8B55 E4
0040B58B |. 8955 E0
0040B58E |. 8B4D E0
0040B591 |. E8 EAD8FFFF
0040B596 |. 8B45 E0
0040B599 |. 50
0040B59A |. E8 1A240200
0040B59F |. 83C4 04
0040B5A2 |> 8B4D F0
0040B5A5 |. 894D D0
0040B5A8 |. C745 FC FFFFF
0040B5AF |. 8D4D E8
0040B5B2 |. E8 7E220200
0040B5B7 |. 8B45 D0
0040B5BA |. 8B4D F4
0040B5BD |. 64:890D 00000
0040B5C4 |. 59
0040B5C5 |. 8BE5
0040B5C7 |. 5D
0040B5C8 \. C3
0040B5C9
CC
0040B5CA
CC
0040B5CB
CC
0040B5CC
CC
0040B5CD
CC
0040B5CE
CC
0040B5CF
CC
0040B5D0 /$ 55
o.0040B5D0(guessed Arg1)
0040B5D1 |. 8BEC
0040B5D3 |. 83EC 14
0040B5D6 |. 894D F4
0040B5D9 |. 8B45 F4
0040B5DC |. 8B08
0040B5DE |. 8B55 08
0040B5E1 |. 3B51 0C
0040B5E4 |. 73 13
0040B5E6 |. 8B45 F4
0040B5E9 |. 8B08
0040B5EB |. 8B51 08
0040B5EE |. 8B45 08
0040B5F1 |. 8B0C82
0040B5F4 |. 894D F0
0040B5F7 |. EB 07
0040B5F9 |> C745 F0 00000
0040B600 |> 8B55 F0
0040B603 |. 8955 FC

PUSH OFFSET 0044D7CC

; /Arg2 = S

LEA EDX,[LOCAL.11]
PUSH EDX

; |
; |Arg1 =>

CALL 0042E925

; \SystemIn

JMP SHORT 0040B5A2


MOV EAX,DWORD PTR SS:[LOCAL.7]
MOV DWORD PTR SS:[LOCAL.4],EAX
MOV ECX,DWORD PTR SS:[LOCAL.7]
MOV DWORD PTR DS:[4528E0],ECX
MOV EDX,DWORD PTR SS:[LOCAL.7]
MOV DWORD PTR SS:[LOCAL.8],EDX
MOV ECX,DWORD PTR SS:[LOCAL.8]
CALL 00408E80
MOV EAX,DWORD PTR SS:[LOCAL.8]
PUSH EAX
CALL 0042D9B9
ADD ESP,4
MOV ECX,DWORD PTR SS:[LOCAL.4]
MOV DWORD PTR SS:[LOCAL.12],ECX
MOV DWORD PTR SS:[LOCAL.1],-1
LEA ECX,[LOCAL.6]
CALL 0042D835
MOV EAX,DWORD PTR SS:[LOCAL.12]
MOV ECX,DWORD PTR SS:[LOCAL.3]
MOV DWORD PTR FS:[0],ECX
POP ECX
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP

; SystemInf

MOV
SUB
MOV
MOV
MOV
MOV
CMP
JNB
MOV
MOV
MOV
MOV
MOV
MOV
JMP
MOV
MOV
MOV

EBP,ESP
ESP,14
DWORD PTR SS:[LOCAL.3],ECX
EAX,DWORD PTR SS:[LOCAL.3]
ECX,DWORD PTR DS:[EAX]
EDX,DWORD PTR SS:[ARG.1]
EDX,DWORD PTR DS:[ECX+0C]
SHORT 0040B5F9
EAX,DWORD PTR SS:[LOCAL.3]
ECX,DWORD PTR DS:[EAX]
EDX,DWORD PTR DS:[ECX+8]
EAX,DWORD PTR SS:[ARG.1]
ECX,DWORD PTR DS:[EAX*4+EDX]
DWORD PTR SS:[LOCAL.4],ECX
SHORT 0040B600
DWORD PTR SS:[LOCAL.4],0
EDX,DWORD PTR SS:[LOCAL.4]
DWORD PTR SS:[LOCAL.1],EDX

0040B606 |. 837D FC 00
0040B60A |. 75 0D
0040B60C |. 8B45 F4
0040B60F |. 8B08
0040B611 |. 0FB651 14
0040B615 |. 85D2
0040B617 |. 75 07
0040B619 |> 8B45 FC
0040B61C |. EB 30
0040B61E |. EB 2E
0040B620 |> E8 CF220200
fo.0042D8F4
0040B625 |. 8945 F8
0040B628 |. 8B45 F8
0040B62B |. 8B4D 08
0040B62E |. 3B48 0C
0040B631 |. 73 11
0040B633 |. 8B55 F8
0040B636 |. 8B42 08
0040B639 |. 8B4D 08
0040B63C |. 8B1488
0040B63F |. 8955 EC
0040B642 |. EB 07
0040B644 |> C745 EC 00000
0040B64B |> 8B45 EC
0040B64E |> 8BE5
0040B650 |. 5D
0040B651 \. C2 0400
0040B654
CC
0040B655
CC
0040B656
CC
0040B657
CC
0040B658
CC
0040B659
CC
0040B65A
CC
0040B65B
CC
0040B65C
CC
0040B65D
CC
0040B65E
CC
0040B65F
CC
0040B660 /$ 55
o.0040B660(guessed Arg1)
0040B661 |. 8BEC
0040B663 |. 83EC 48
0040B666 |. 894D B8
0040B669 |. 8B4D B8
0040B66C |. E8 0F310000
fo.0040E780
0040B671 |. 8B45 08
0040B674 |. 50
[ARG.1]
0040B675 |. E8 062C0200
fo.0042E280
0040B67A |. 83C4 04
0040B67D |. 8945 F0
0040B680 |. 8B4D F0
0040B683 |. 51
[LOCAL.4]
0040B684 |. 8B55 08
0040B687 |. 52

CMP DWORD PTR SS:[LOCAL.1],0


JNE SHORT 0040B619
MOV EAX,DWORD PTR SS:[LOCAL.3]
MOV ECX,DWORD PTR DS:[EAX]
MOVZX EDX,BYTE PTR DS:[ECX+14]
TEST EDX,EDX
JNE SHORT 0040B620
MOV EAX,DWORD PTR SS:[LOCAL.1]
JMP SHORT 0040B64E
JMP SHORT 0040B64E
CALL 0042D8F4

; [SystemIn

MOV DWORD PTR SS:[LOCAL.2],EAX


MOV EAX,DWORD PTR SS:[LOCAL.2]
MOV ECX,DWORD PTR SS:[ARG.1]
CMP ECX,DWORD PTR DS:[EAX+0C]
JNB SHORT 0040B644
MOV EDX,DWORD PTR SS:[LOCAL.2]
MOV EAX,DWORD PTR DS:[EDX+8]
MOV ECX,DWORD PTR SS:[ARG.1]
MOV EDX,DWORD PTR DS:[ECX*4+EAX]
MOV DWORD PTR SS:[LOCAL.5],EDX
JMP SHORT 0040B64B
MOV DWORD PTR SS:[LOCAL.5],0
MOV EAX,DWORD PTR SS:[LOCAL.5]
MOV ESP,EBP
POP EBP
RETN 4
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP

; SystemInf

MOV EBP,ESP
SUB ESP,48
MOV DWORD PTR SS:[LOCAL.18],ECX
MOV ECX,DWORD PTR SS:[LOCAL.18]
CALL 0040E780

; [SystemIn

MOV EAX,DWORD PTR SS:[ARG.1]


PUSH EAX

; /Arg1 =>

CALL 0042E280

; \SystemIn

ADD ESP,4
MOV DWORD PTR SS:[LOCAL.4],EAX
MOV ECX,DWORD PTR SS:[LOCAL.4]
PUSH ECX

; /Arg2 =>

MOV EDX,DWORD PTR SS:[ARG.1]


PUSH EDX

; |
; |Arg1 =>

[ARG.1]
0040B688 |. 8B4D B8
0040B68B |. E8 C03A0000
fo.0040F150
0040B690 |. 8B45 B8
0040B693 |. 8BE5
0040B695 |. 5D
0040B696 \. C2 0400
0040B699
CC
0040B69A
CC
0040B69B
CC
0040B69C
CC
0040B69D
CC
0040B69E
CC
0040B69F
CC
0040B6A0 /$ 55
0040B6A1 |. 8BEC
0040B6A3 |. 83EC 10
0040B6A6 |. 837D 08 00
0040B6AA |. 77 09
0040B6AC |. C745 08 00000
0040B6B3 |. EB 35
0040B6B5 |> 83C8 FF
0040B6B8 |. 33D2
0040B6BA |. F775 08
0040B6BD |. 83F8 28
0040B6C0 |. 73 28
0040B6C2 |. C745 F0 00000
0040B6C9 |. 8D45 F0
0040B6CC |. 50
OFFSET LOCAL.4
0040B6CD |. 8D4D F4
0040B6D0 |. E8 C1330200
fo.0042EA96
0040B6D5 |. C745 F4 88884
0040B6DC |. 68 30D84400
ystemInfo.44D830
0040B6E1 |. 8D4D F4
0040B6E4 |. 51
OFFSET LOCAL.3
0040B6E5 |. E8 3B320200
fo.0042E925
0040B6EA |> 8B55 08
0040B6ED |. 6BD2 28
0040B6F0 |. 52
0040B6F1 |. E8 7A3E0200
fo.0042F570
0040B6F6 |. 83C4 04
0040B6F9 |. 8BE5
0040B6FB |. 5D
0040B6FC \. C3
0040B6FD
CC
0040B6FE
CC
0040B6FF
CC
0040B700 /. 55
0040B701 |. 8BEC
0040B703 |. 51
0040B704 |. 894D FC
0040B707 |. 8B45 FC
0040B70A |. C700 88884400

MOV ECX,DWORD PTR SS:[LOCAL.18]


CALL 0040F150

; |
; \SystemIn

MOV EAX,DWORD PTR SS:[LOCAL.18]


MOV ESP,EBP
POP EBP
RETN 4
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
SUB ESP,10
CMP DWORD PTR SS:[ARG.1],0
JA SHORT 0040B6B5
MOV DWORD PTR SS:[ARG.1],0
JMP SHORT 0040B6EA
OR EAX,FFFFFFFF
XOR EDX,EDX
DIV DWORD PTR SS:[ARG.1]
CMP EAX,28
JNB SHORT 0040B6EA
MOV DWORD PTR SS:[LOCAL.4],0
LEA EAX,[LOCAL.4]
PUSH EAX

; /Arg1 =>

LEA ECX,[LOCAL.3]
CALL 0042EA96

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.3],OFFSET 004488


PUSH OFFSET 0044D830
; /Arg2 = S
LEA ECX,[LOCAL.3]
PUSH ECX

; |
; |Arg1 =>

CALL 0042E925

; \SystemIn

MOV EDX,DWORD PTR SS:[ARG.1]


IMUL EDX,EDX,28
PUSH EDX
CALL 0042F570

; /Arg1
; \SystemIn

ADD ESP,4
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
PUSH ECX
MOV DWORD PTR SS:[LOCAL.1],ECX
MOV EAX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR DS:[EAX],OFFSET 00448888

0040B710 |. 8B4D FC
0040B713 |. E8 4B340200
fo.0042EB63
0040B718 |. 8BE5
0040B71A |. 5D
0040B71B \. C3
0040B71C
CC
0040B71D
CC
0040B71E
CC
0040B71F
CC
0040B720 /. 55
0040B721 |. 8BEC
0040B723 |. 51
0040B724 |. 894D FC
0040B727 |. 8B45 FC
0040B72A |. C700 88884400
0040B730 |. 8B4D FC
0040B733 |. E8 2B340200
fo.0042EB63
0040B738 |. 8B4D 08
0040B73B |. 83E1 01
0040B73E |. 74 0C
0040B740 |. 8B55 FC
0040B743 |. 52
0040B744 |. E8 D1310200
0040B749 |. 83C4 04
0040B74C |> 8B45 FC
0040B74F |. 8BE5
0040B751 |. 5D
0040B752 \. C2 0400
0040B755
CC
0040B756
CC
0040B757
CC
0040B758
CC
0040B759
CC
0040B75A
CC
0040B75B
CC
0040B75C
CC
0040B75D
CC
0040B75E
CC
0040B75F
CC
0040B760 /$ 55
0040B761 |. 8BEC
0040B763 |. 83EC 10
0040B766 |. 837D 08 00
0040B76A |. 77 09
0040B76C |. C745 08 00000
0040B773 |. EB 35
0040B775 |> 83C8 FF
0040B778 |. 33D2
0040B77A |. F775 08
0040B77D |. 83F8 04
0040B780 |. 73 28
0040B782 |. C745 F0 00000
0040B789 |. 8D45 F0
0040B78C |. 50
OFFSET LOCAL.4
0040B78D |. 8D4D F4
0040B790 |. E8 01330200
fo.0042EA96

MOV ECX,DWORD PTR SS:[LOCAL.1]


CALL 0042EB63

; [SystemIn

MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
PUSH ECX
MOV DWORD PTR
MOV EAX,DWORD
MOV DWORD PTR
MOV ECX,DWORD
CALL 0042EB63

; [SystemIn

SS:[LOCAL.1],ECX
PTR SS:[LOCAL.1]
DS:[EAX],OFFSET 00448888
PTR SS:[LOCAL.1]

MOV ECX,DWORD PTR SS:[ARG.1]


AND ECX,00000001
JE SHORT 0040B74C
MOV EDX,DWORD PTR SS:[LOCAL.1]
PUSH EDX
CALL 0042E91A
ADD ESP,4
MOV EAX,DWORD PTR SS:[LOCAL.1]
MOV ESP,EBP
POP EBP
RETN 4
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
SUB ESP,10
CMP DWORD PTR SS:[ARG.1],0
JA SHORT 0040B775
MOV DWORD PTR SS:[ARG.1],0
JMP SHORT 0040B7AA
OR EAX,FFFFFFFF
XOR EDX,EDX
DIV DWORD PTR SS:[ARG.1]
CMP EAX,4
JNB SHORT 0040B7AA
MOV DWORD PTR SS:[LOCAL.4],0
LEA EAX,[LOCAL.4]
PUSH EAX

; /Arg1 =>

LEA ECX,[LOCAL.3]
CALL 0042EA96

; |
; \SystemIn

0040B795 |. C745 F4 88884


0040B79C |. 68 30D84400
ystemInfo.44D830
0040B7A1 |. 8D4D F4
0040B7A4 |. 51
OFFSET LOCAL.3
0040B7A5 |. E8 7B310200
fo.0042E925
0040B7AA |> 8B55 08
0040B7AD |. C1E2 02
0040B7B0 |. 52
0040B7B1 |. E8 BA3D0200
fo.0042F570
0040B7B6 |. 83C4 04
0040B7B9 |. 8BE5
0040B7BB |. 5D
0040B7BC \. C3
0040B7BD
CC
0040B7BE
CC
0040B7BF
CC
0040B7C0 /$ 55
0040B7C1 |. 8BEC
0040B7C3 |. 83EC 10
0040B7C6 |. 837D 08 00
0040B7CA |. 77 09
0040B7CC |. C745 08 00000
0040B7D3 |. EB 35
0040B7D5 |> 83C8 FF
0040B7D8 |. 33D2
0040B7DA |. F775 08
0040B7DD |. 83F8 60
0040B7E0 |. 73 28
0040B7E2 |. C745 F0 00000
0040B7E9 |. 8D45 F0
0040B7EC |. 50
OFFSET LOCAL.4
0040B7ED |. 8D4D F4
0040B7F0 |. E8 A1320200
fo.0042EA96
0040B7F5 |. C745 F4 88884
0040B7FC |. 68 30D84400
ystemInfo.44D830
0040B801 |. 8D4D F4
0040B804 |. 51
OFFSET LOCAL.3
0040B805 |. E8 1B310200
fo.0042E925
0040B80A |> 8B55 08
0040B80D |. 6BD2 60
0040B810 |. 52
0040B811 |. E8 5A3D0200
fo.0042F570
0040B816 |. 83C4 04
0040B819 |. 8BE5
0040B81B |. 5D
0040B81C \. C3
0040B81D
CC
0040B81E
CC
0040B81F
CC
0040B820 /$ 55

MOV DWORD PTR SS:[LOCAL.3],OFFSET 004488


PUSH OFFSET 0044D830
; /Arg2 = S
LEA ECX,[LOCAL.3]
PUSH ECX

; |
; |Arg1 =>

CALL 0042E925

; \SystemIn

MOV EDX,DWORD PTR SS:[ARG.1]


SHL EDX,2
PUSH EDX
CALL 0042F570

; /Arg1
; \SystemIn

ADD ESP,4
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
SUB ESP,10
CMP DWORD PTR SS:[ARG.1],0
JA SHORT 0040B7D5
MOV DWORD PTR SS:[ARG.1],0
JMP SHORT 0040B80A
OR EAX,FFFFFFFF
XOR EDX,EDX
DIV DWORD PTR SS:[ARG.1]
CMP EAX,60
JNB SHORT 0040B80A
MOV DWORD PTR SS:[LOCAL.4],0
LEA EAX,[LOCAL.4]
PUSH EAX

; /Arg1 =>

LEA ECX,[LOCAL.3]
CALL 0042EA96

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.3],OFFSET 004488


PUSH OFFSET 0044D830
; /Arg2 = S
LEA ECX,[LOCAL.3]
PUSH ECX

; |
; |Arg1 =>

CALL 0042E925

; \SystemIn

MOV EDX,DWORD PTR SS:[ARG.1]


IMUL EDX,EDX,60
PUSH EDX
CALL 0042F570

; /Arg1
; \SystemIn

ADD ESP,4
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
PUSH EBP

; SystemInf

o.0040B820(guessed Arg1,Arg2)
0040B821 |. 8BEC
MOV EBP,ESP
0040B823 |. 6A FF
PUSH -1
0040B825 |. 68 8D564400 PUSH 0044568D
0040B82A |. 64:A1 0000000 MOV EAX,DWORD PTR FS:[0]
0040B830 |. 50
PUSH EAX
0040B831 |. 81EC 30010000 SUB ESP,130
0040B837 |. A1 A0154500 MOV EAX,DWORD PTR DS:[4515A0]
0040B83C |. 33C5
XOR EAX,EBP
0040B83E |. 50
PUSH EAX
0040B83F |. 8D45 F4
LEA EAX,[LOCAL.3]
0040B842 |. 64:A3 0000000 MOV DWORD PTR FS:[0],EAX
0040B848 |. C785 58FFFFFF MOV DWORD PTR SS:[LOCAL.42],0
0040B852 |. 837D 08 00
CMP DWORD PTR SS:[ARG.1],0
0040B856 |. 0F84 51010000 JE 0040B9AD
0040B85C |. 8B45 08
MOV EAX,DWORD PTR SS:[ARG.1]
0040B85F |. 8338 00
CMP DWORD PTR DS:[EAX],0
0040B862 |. 0F85 45010000 JNE 0040B9AD
0040B868 |. 6A 10
PUSH 10
0
0040B86A |. E8 013D0200 CALL 0042F570
fo.0042F570
0040B86F |. 83C4 04
ADD ESP,4
0040B872 |. 8945 EC
MOV DWORD PTR SS:[LOCAL.5],EAX
0040B875 |. C745 FC 00000 MOV DWORD PTR SS:[LOCAL.1],0
0040B87C |. 837D EC 00
CMP DWORD PTR SS:[LOCAL.5],0
0040B880 |. 0F84 C0000000 JE 0040B946
0040B886 |. 8D8D 5CFFFFFF LEA ECX,[LOCAL.41]
0040B88C |. 51
PUSH ECX
OFFSET LOCAL.41
0040B88D |. 8B4D 0C
MOV ECX,DWORD PTR SS:[ARG.2]
0040B890 |. E8 FB020000 CALL 0040BB90
fo.0040BB90
0040B895 |. 8985 D0FEFFFF MOV DWORD PTR SS:[LOCAL.76],EAX
0040B89B |. 8B95 D0FEFFFF MOV EDX,DWORD PTR SS:[LOCAL.76]
0040B8A1 |. 8995 CCFEFFFF MOV DWORD PTR SS:[LOCAL.77],EDX
0040B8A7 |. C645 FC 01
MOV BYTE PTR SS:[LOCAL.1],1
0040B8AB |. 8B85 58FFFFFF MOV EAX,DWORD PTR SS:[LOCAL.42]
0040B8B1 |. 83C8 01
OR EAX,00000001
0040B8B4 |. 8985 58FFFFFF MOV DWORD PTR SS:[LOCAL.42],EAX
0040B8BA |. 8B8D CCFEFFFF MOV ECX,DWORD PTR SS:[LOCAL.77]
0040B8C0 |. 51
PUSH ECX
[LOCAL.76]
0040B8C1 |. 8D8D 78FFFFFF LEA ECX,[LOCAL.34]
0040B8C7 |. E8 04010000 CALL 0040B9D0
fo.0040B9D0
0040B8CC |. 8985 C8FEFFFF MOV DWORD PTR SS:[LOCAL.78],EAX
0040B8D2 |. 8B95 58FFFFFF MOV EDX,DWORD PTR SS:[LOCAL.42]
0040B8D8 |. 83CA 02
OR EDX,00000002
0040B8DB |. 8995 58FFFFFF MOV DWORD PTR SS:[LOCAL.42],EDX
0040B8E1 |. 8B45 EC
MOV EAX,DWORD PTR SS:[LOCAL.5]
0040B8E4 |. C700 BC884400 MOV DWORD PTR DS:[EAX],OFFSET 004488BC
0040B8EA |. 8B4D EC
MOV ECX,DWORD PTR SS:[LOCAL.5]
0040B8ED |. C741 04 00000 MOV DWORD PTR DS:[ECX+4],0
0040B8F4 |. 8B55 EC
MOV EDX,DWORD PTR SS:[LOCAL.5]
0040B8F7 |. C702 94884400 MOV DWORD PTR DS:[EDX],OFFSET 00448894
0040B8FD |. E8 DB220200 CALL 0042DBDD
fo.0042DBDD
0040B902 |. 8985 18FFFFFF MOV DWORD PTR SS:[LOCAL.58],EAX
0040B908 |. 8995 1CFFFFFF MOV DWORD PTR SS:[LOCAL.57],EDX

; /Arg1 = 1
; \SystemIn

; /Arg1 =>
; |
; \SystemIn

; /Arg1 =>
; |
; \SystemIn

; [SystemIn

0040B90E |. 8B85 18FFFFFF


0040B914 |. 8985 20FFFFFF
0040B91A |. 8B8D 1CFFFFFF
0040B920 |. 898D 24FFFFFF
0040B926 |. 8B95 20FFFFFF
0040B92C |. 8B85 24FFFFFF
0040B932 |. 8B4D EC
0040B935 |. 8951 08
0040B938 |. 8941 0C
0040B93B |. 8B55 EC
0040B93E |. 8995 C4FEFFFF
0040B944 |. EB 0A
0040B946 |> C785 C4FEFFFF
0040B950 |> 8B85 C4FEFFFF
0040B956 |. 8945 F0
0040B959 |. C745 FC 02000
0040B960 |. 8B4D 08
0040B963 |. 8B55 F0
0040B966 |. 8911
0040B968 |. 8B85 58FFFFFF
0040B96E |. 83E0 02
0040B971 |. 74 12
0040B973 |. 83A5 58FFFFFF
0040B97A |. 8D8D 78FFFFFF
0040B980 |. E8 5B010000
0040B985 |> C745 FC FFFFF
0040B98C |. 8B8D 58FFFFFF
0040B992 |. 83E1 01
0040B995 |. 74 16
0040B997 |. 83A5 58FFFFFF
0040B99E |. 6A 00
0040B9A0 |. 6A 01
0040B9A2 |. 8D8D 5CFFFFFF
0040B9A8 |. E8 B3410000
fo.0040FB60
0040B9AD |> B8 04000000
0040B9B2 |. 8B4D F4
0040B9B5 |. 64:890D 00000
0040B9BC |. 59
0040B9BD |. 8BE5
0040B9BF |. 5D
0040B9C0 \. C3
0040B9C1
CC
0040B9C2
CC
0040B9C3
CC
0040B9C4
CC
0040B9C5
CC
0040B9C6
CC
0040B9C7
CC
0040B9C8
CC
0040B9C9
CC
0040B9CA
CC
0040B9CB
CC
0040B9CC
CC
0040B9CD
CC
0040B9CE
CC
0040B9CF
CC
0040B9D0 /$ 55
o.0040B9D0(guessed Arg1)
0040B9D1 |. 8BEC

MOV EAX,DWORD PTR SS:[LOCAL.58]


MOV DWORD PTR SS:[LOCAL.56],EAX
MOV ECX,DWORD PTR SS:[LOCAL.57]
MOV DWORD PTR SS:[LOCAL.55],ECX
MOV EDX,DWORD PTR SS:[LOCAL.56]
MOV EAX,DWORD PTR SS:[LOCAL.55]
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV DWORD PTR DS:[ECX+8],EDX
MOV DWORD PTR DS:[ECX+0C],EAX
MOV EDX,DWORD PTR SS:[LOCAL.5]
MOV DWORD PTR SS:[LOCAL.79],EDX
JMP SHORT 0040B950
MOV DWORD PTR SS:[LOCAL.79],0
MOV EAX,DWORD PTR SS:[LOCAL.79]
MOV DWORD PTR SS:[LOCAL.4],EAX
MOV DWORD PTR SS:[LOCAL.1],2
MOV ECX,DWORD PTR SS:[ARG.1]
MOV EDX,DWORD PTR SS:[LOCAL.4]
MOV DWORD PTR DS:[ECX],EDX
MOV EAX,DWORD PTR SS:[LOCAL.42]
AND EAX,00000002
JE SHORT 0040B985
AND DWORD PTR SS:[LOCAL.42],FFFFFFFD
LEA ECX,[LOCAL.34]
CALL 0040BAE0
MOV DWORD PTR SS:[LOCAL.1],-1
MOV ECX,DWORD PTR SS:[LOCAL.42]
AND ECX,00000001
JE SHORT 0040B9AD
AND DWORD PTR SS:[LOCAL.42],FFFFFFFE
PUSH 0
PUSH 1
LEA ECX,[LOCAL.41]
CALL 0040FB60

;
;
;
;

MOV EAX,4
MOV ECX,DWORD PTR SS:[LOCAL.3]
MOV DWORD PTR FS:[0],ECX
POP ECX
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP

; SystemInf

MOV EBP,ESP

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

0040B9D3 |.
0040B9D5 |.
0040B9DA |.
0040B9E0 |.
0040B9E1 |.
0040B9E7 |.
0040B9EC |.
0040B9EE |.
0040B9EF |.
0040B9F2 |.
0040B9F8 |.
0040B9FE |.
0040BA00 |.
0040BA06 |.
fo.0042D80D
0040BA0B |.
0040BA12 |.
0040BA18 |.
0040BA1B |.
0040BA1E |.
0040BA21 |.
0040BA24 |.
0040BA26 |.
0040BA28 |.
0040BA2B |.
fo.0040FB60
0040BA30 |.
0040BA34 |.
0040BA3A |.
0040BA3D |.
0040BA40 |.
0040BA43 |.
0040BA46 |.
0040BA48 |.
0040BA4A |.
0040BA4D |.
fo.0040FB60
0040BA52 |.
0040BA56 |.
0040BA5C |.
0040BA5F |.
0040BA62 |.
0040BA65 |.
0040BA68 |.
0040BA6A |.
0040BA6C |.
0040BA6F |.
fo.0040FB60
0040BA74 |.
0040BA78 |.
0040BA7E |.
0040BA81 |.
0040BA87 |.
0040BA8D |.
0040BA90 |.
0040BA92 |.
0040BA94 |.
0040BA9A |.
fo.0040FB60
0040BA9F |.

6A FF
68 F3564400
64:A1 0000000
50
81EC 94000000
A1 A0154500
33C5
50
8D45 F4
64:A3 0000000
898D 60FFFFFF
6A 00
8B8D 60FFFFFF
E8 021E0200

PUSH -1
PUSH 004456F3
MOV EAX,DWORD PTR FS:[0]
PUSH EAX
SUB ESP,94
MOV EAX,DWORD PTR DS:[4515A0]
XOR EAX,EBP
PUSH EAX
LEA EAX,[LOCAL.3]
MOV DWORD PTR FS:[0],EAX
MOV DWORD PTR SS:[LOCAL.40],ECX
PUSH 0
MOV ECX,DWORD PTR SS:[LOCAL.40]
CALL 0042D80D

; /Arg1 = 0
; |
; \SystemIn

C745 FC 00000
8B85 60FFFFFF
83C0 04
8945 D0
8D4D EB
894D EC
6A 00
6A 00
8B4D D0
E8 30410000

MOV DWORD PTR SS:[LOCAL.1],0


MOV EAX,DWORD PTR SS:[LOCAL.40]
ADD EAX,4
MOV DWORD PTR SS:[LOCAL.12],EAX
LEA ECX,[LOCAL.6+3]
MOV DWORD PTR SS:[LOCAL.5],ECX
PUSH 0
PUSH 0
MOV ECX,DWORD PTR SS:[LOCAL.12]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 0
|
\SystemIn

C645 FC 01
8B95 60FFFFFF
83C2 20
8955 AC
8D45 C7
8945 C8
6A 00
6A 00
8B4D AC
E8 0E410000

MOV BYTE PTR SS:[LOCAL.1],1


MOV EDX,DWORD PTR SS:[LOCAL.40]
ADD EDX,20
MOV DWORD PTR SS:[LOCAL.21],EDX
LEA EAX,[LOCAL.15+3]
MOV DWORD PTR SS:[LOCAL.14],EAX
PUSH 0
PUSH 0
MOV ECX,DWORD PTR SS:[LOCAL.21]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 0
|
\SystemIn

C645 FC 02
8B8D 60FFFFFF
83C1 3C
894D 88
8D55 A3
8955 A4
6A 00
6A 00
8B4D 88
E8 EC400000

MOV BYTE PTR SS:[LOCAL.1],2


MOV ECX,DWORD PTR SS:[LOCAL.40]
ADD ECX,3C
MOV DWORD PTR SS:[LOCAL.30],ECX
LEA EDX,[LOCAL.24+3]
MOV DWORD PTR SS:[LOCAL.23],EDX
PUSH 0
PUSH 0
MOV ECX,DWORD PTR SS:[LOCAL.30]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 0
|
\SystemIn

C645 FC 03
8B85 60FFFFFF
83C0 58
8985 64FFFFFF
8D8D 7FFFFFFF
894D 80
6A 00
6A 00
8B8D 64FFFFFF
E8 C1400000

MOV BYTE PTR SS:[LOCAL.1],3


MOV EAX,DWORD PTR SS:[LOCAL.40]
ADD EAX,58
MOV DWORD PTR SS:[LOCAL.39],EAX
LEA ECX,[LOCAL.33+3]
MOV DWORD PTR SS:[LOCAL.32],ECX
PUSH 0
PUSH 0
MOV ECX,DWORD PTR SS:[LOCAL.39]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 0
|
\SystemIn

C645 FC 04

MOV BYTE PTR SS:[LOCAL.1],4

0040BAA3 |.
0040BAA6 |.
0040BAA7 |.
0040BAAD |.
0040BAAE |.
0040BAB3 |.
0040BAB6 |.
0040BABD |.
0040BAC3 |.
0040BAC6 |.
0040BACD |.
0040BACE |.
0040BAD0 |.
0040BAD1 \.
0040BAD4
0040BAD5
0040BAD6
0040BAD7
0040BAD8
0040BAD9
0040BADA
0040BADB
0040BADC
0040BADD
0040BADE
0040BADF
0040BAE0 /$
0040BAE1 |.
0040BAE3 |.
0040BAE5 |.
0040BAEA |.
0040BAF0 |.
0040BAF1 |.
0040BAF4 |.
0040BAF9 |.
0040BAFB |.
0040BAFC |.
0040BAFF |.
0040BB05 |.
0040BB08 |.
0040BB0F |.
0040BB12 |.
0040BB13 |.
fo.0042D9F7
0040BB18 |.
0040BB1B |.
0040BB1F |.
0040BB21 |.
0040BB23 |.
0040BB26 |.
0040BB29 |.
fo.0040FB60
0040BB2E |.
0040BB32 |.
0040BB34 |.
0040BB36 |.
0040BB39 |.
0040BB3C |.
fo.0040FB60
0040BB41 |.

8B55 08
52
8B85 60FFFFFF
50
E8 CE200200
83C4 08
C745 FC FFFFF
8B85 60FFFFFF
8B4D F4
64:890D 00000
59
8BE5
5D
C2 0400
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
55
8BEC
6A FF
68 54574400
64:A1 0000000
50
83EC 54
A1 A0154500
33C5
50
8D45 F4
64:A3 0000000
894D A0
C745 FC 04000
8B45 A0
50
E8 DF1E0200

MOV EDX,DWORD PTR SS:[ARG.1]


PUSH EDX
MOV EAX,DWORD PTR SS:[LOCAL.40]
PUSH EAX
CALL 0042DB81
ADD ESP,8
MOV DWORD PTR SS:[LOCAL.1],-1
MOV EAX,DWORD PTR SS:[LOCAL.40]
MOV ECX,DWORD PTR SS:[LOCAL.3]
MOV DWORD PTR FS:[0],ECX
POP ECX
MOV ESP,EBP
POP EBP
RETN 4
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
PUSH -1
PUSH 00445754
MOV EAX,DWORD PTR FS:[0]
PUSH EAX
SUB ESP,54
MOV EAX,DWORD PTR DS:[4515A0]
XOR EAX,EBP
PUSH EAX
LEA EAX,[EBP-0C]
MOV DWORD PTR FS:[0],EAX
MOV DWORD PTR SS:[EBP-60],ECX
MOV DWORD PTR SS:[EBP-4],4
MOV EAX,DWORD PTR SS:[EBP-60]
PUSH EAX
CALL 0042D9F7

; /Arg1
; \SystemIn

83C4 04
C645 FC 03
6A 00
6A 01
8B4D A0
83C1 58
E8 32400000

ADD ESP,4
MOV BYTE PTR SS:[EBP-4],3
PUSH 0
PUSH 1
MOV ECX,DWORD PTR SS:[EBP-60]
ADD ECX,58
CALL 0040FB60

;
;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
|
\SystemIn

C645 FC 02
6A 00
6A 01
8B4D A0
83C1 3C
E8 1F400000

MOV BYTE PTR SS:[EBP-4],2


PUSH 0
PUSH 1
MOV ECX,DWORD PTR SS:[EBP-60]
ADD ECX,3C
CALL 0040FB60

;
;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
|
\SystemIn

C645 FC 01

MOV BYTE PTR SS:[EBP-4],1

0040BB45 |. 6A 00
0040BB47 |. 6A 01
0040BB49 |. 8B4D A0
0040BB4C |. 83C1 20
0040BB4F |. E8 0C400000
fo.0040FB60
0040BB54 |. C645 FC 00
0040BB58 |. 6A 00
0040BB5A |. 6A 01
0040BB5C |. 8B4D A0
0040BB5F |. 83C1 04
0040BB62 |. E8 F93F0000
fo.0040FB60
0040BB67 |. C745 FC FFFFF
0040BB6E |. 8B4D A0
0040BB71 |. E8 BF1C0200
0040BB76 |. 8B4D F4
0040BB79 |. 64:890D 00000
0040BB80 |. 59
0040BB81 |. 8BE5
0040BB83 |. 5D
0040BB84 \. C3
0040BB85
CC
0040BB86
CC
0040BB87
CC
0040BB88
CC
0040BB89
CC
0040BB8A
CC
0040BB8B
CC
0040BB8C
CC
0040BB8D
CC
0040BB8E
CC
0040BB8F
CC
0040BB90 /$ 55
o.0040BB90(guessed Arg1)
0040BB91 |. 8BEC
0040BB93 |. 83EC 74
0040BB96 |. 894D 8C
0040BB99 |. C745 FC 00000
0040BBA0 |. 8B45 8C
0040BBA3 |. 8B08
0040BBA5 |. 83C1 18
0040BBA8 |. 894D 90
0040BBAB |. 6A 00
0040BBAD |. 6A 00
0040BBAF |. 8B4D 08
0040BBB2 |. E8 A93F0000
fo.0040FB60
0040BBB7 |. 8B15 AC874400
0040BBBD |. 52
[4487AC] = -1
0040BBBE |. 6A 00
0040BBC0 |. 8B45 90
0040BBC3 |. 50
[LOCAL.28]
0040BBC4 |. 8B4D 08
0040BBC7 |. E8 54340000
fo.0040F020
0040BBCC |. 8B4D FC
0040BBCF |. 83C9 01

PUSH 0
PUSH 1
MOV ECX,DWORD PTR SS:[EBP-60]
ADD ECX,20
CALL 0040FB60

;
;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
|
\SystemIn

MOV BYTE PTR SS:[EBP-4],0


PUSH 0
PUSH 1
MOV ECX,DWORD PTR SS:[EBP-60]
ADD ECX,4
CALL 0040FB60

;
;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
|
\SystemIn

MOV DWORD PTR


MOV ECX,DWORD
CALL 0042D835
MOV ECX,DWORD
MOV DWORD PTR
POP ECX
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP

; SystemInf

MOV EBP,ESP
SUB ESP,74
MOV DWORD PTR
MOV DWORD PTR
MOV EAX,DWORD
MOV ECX,DWORD
ADD ECX,18
MOV DWORD PTR
PUSH 0
PUSH 0
MOV ECX,DWORD
CALL 0040FB60

SS:[EBP-4],-1
PTR SS:[EBP-60]
PTR SS:[EBP-0C]
FS:[0],ECX

SS:[LOCAL.29],ECX
SS:[LOCAL.1],0
PTR SS:[LOCAL.29]
PTR DS:[EAX]
SS:[LOCAL.28],ECX
PTR SS:[ARG.1]

;
;
;
;

/Arg2 = 0
|Arg1 = 0
|
\SystemIn

MOV EDX,DWORD PTR DS:[4487AC]


PUSH EDX

; /Arg3 =>

PUSH 0
MOV EAX,DWORD PTR SS:[LOCAL.28]
PUSH EAX

; |Arg2 = 0
; |
; |Arg1 =>

MOV ECX,DWORD PTR SS:[ARG.1]


CALL 0040F020

; |
; \SystemIn

MOV ECX,DWORD PTR SS:[LOCAL.1]


OR ECX,00000001

0040BBD2
0040BBD5
0040BBD8
0040BBDA
0040BBDB
0040BBDE
0040BBDF
0040BBE0
0040BBE1
0040BBE3
0040BBE4
0040BBE7
0040BBEA
0040BBF0
0040BBF3
0040BBF6
0040BBF8
0040BBFB
0040BBFC
0040BC01
0040BC04
0040BC07
0040BC09
0040BC0A
0040BC0D
0040BC0E
0040BC0F
0040BC10
0040BC11
0040BC13
0040BC15
0040BC1A
0040BC20
0040BC21
0040BC27
0040BC2C
0040BC2E
0040BC31
0040BC32
0040BC35
0040BC3B
0040BC41
0040BC44
0040BC47
0040BC4D
0040BC53
0040BC59
0040BC5B
0040BC5F
0040BC60
0040BC64
0040BC65
0040BC68
0040BC69
0040BC6C
0040BC6D
0040BC70
0040BC71
0040BC74
0040BC75

|.
|.
|.
|.
\.
/.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
\.

/.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.

894D FC
8B45 08
8BE5
5D
C2 0400
CC
CC
55
8BEC
51
894D FC
8B45 FC
C700 BC884400
8B4D 08
83E1 01
74 0C
8B55 FC
52
E8 192D0200
83C4 04
8B45 FC
8BE5
5D
C2 0400
CC
CC
CC
55
8BEC
6A FF
68 90574400
64:A1 0000000
50
81EC 5C010000
A1 A0154500
33C5
8945 E8
50
8D45 F4
64:A3 0000000
898D B0FEFFFF
8B45 14
8B48 10
898D 7CFFFFFF
8B95 7CFFFFFF
81E2 00400000
75 3A
0FB645 1C
50
0FB64D 18
51
8B55 14
52
8B45 10
50
8B4D 0C
51
8B55 08
52
8B85 B0FEFFFF

MOV DWORD PTR SS:[LOCAL.1],ECX


MOV EAX,DWORD PTR SS:[ARG.1]
MOV ESP,EBP
POP EBP
RETN 4
INT3
INT3
PUSH EBP
MOV EBP,ESP
PUSH ECX
MOV DWORD PTR SS:[LOCAL.1],ECX
MOV EAX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR DS:[EAX],OFFSET 004488BC
MOV ECX,DWORD PTR SS:[ARG.1]
AND ECX,00000001
JE SHORT 0040BC04
MOV EDX,DWORD PTR SS:[LOCAL.1]
PUSH EDX
CALL 0042E91A
ADD ESP,4
MOV EAX,DWORD PTR SS:[LOCAL.1]
MOV ESP,EBP
POP EBP
RETN 4
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
PUSH -1
PUSH 00445790
MOV EAX,DWORD PTR FS:[0]
PUSH EAX
SUB ESP,15C
MOV EAX,DWORD PTR DS:[4515A0]
XOR EAX,EBP
MOV DWORD PTR SS:[LOCAL.6],EAX
PUSH EAX
LEA EAX,[LOCAL.3]
MOV DWORD PTR FS:[0],EAX
MOV DWORD PTR SS:[LOCAL.84],ECX
MOV EAX,DWORD PTR SS:[ARG.4]
MOV ECX,DWORD PTR DS:[EAX+10]
MOV DWORD PTR SS:[LOCAL.33],ECX
MOV EDX,DWORD PTR SS:[LOCAL.33]
AND EDX,00004000
JNE SHORT 0040BC95
MOVZX EAX,BYTE PTR SS:[ARG.6]
PUSH EAX
MOVZX ECX,BYTE PTR SS:[ARG.5]
PUSH ECX
MOV EDX,DWORD PTR SS:[ARG.4]
PUSH EDX
MOV EAX,DWORD PTR SS:[ARG.3]
PUSH EAX
MOV ECX,DWORD PTR SS:[ARG.2]
PUSH ECX
MOV EDX,DWORD PTR SS:[ARG.1]
PUSH EDX
MOV EAX,DWORD PTR SS:[LOCAL.84]

0040BC7B |. 8B10
0040BC7D |. 8B8D B0FEFFFF
0040BC83 |. 8B42 1C
0040BC86 |. FFD0
0040BC88 |. 8B45 08
0040BC8B |. E9 F0030000
0040BC90 |. E9 EB030000
0040BC95 |> 8D4D C8
0040BC98 |. 51
OFFSET LOCAL.14
0040BC99 |. 8B4D 14
0040BC9C |. E8 9FD1FFFF
fo.00408E40
0040BCA1 |. 8985 ACFEFFFF
0040BCA7 |. 8B95 ACFEFFFF
0040BCAD |. 8995 A8FEFFFF
0040BCB3 |. C745 FC 00000
0040BCBA |. 8B85 A8FEFFFF
0040BCC0 |. 50
[LOCAL.85]
0040BCC1 |. E8 7A200000
fo.0040DD40
0040BCC6 |. 83C4 04
0040BCC9 |. 8945 F0
0040BCCC |. C745 FC FFFFF
0040BCD3 |. 8D4D C8
0040BCD6 |. E8 05AAFFFF
0040BCDB |. 8D8D 47FFFFFF
0040BCE1 |. 898D 48FFFFFF
0040BCE7 |. 6A 00
0040BCE9 |. 6A 00
0040BCEB |. 8D4D CC
0040BCEE |. E8 6D3E0000
fo.0040FB60
0040BCF3 |. C745 FC 01000
0040BCFA |. 0FB655 1C
0040BCFE |. 85D2
0040BD00 |. 74 4C
0040BD02 |. 8D45 AC
0040BD05 |. 50
OFFSET LOCAL.21
0040BD06 |. 8B4D F0
0040BD09 |. E8 621D0000
fo.0040DA70
0040BD0E |. 8985 A4FEFFFF
0040BD14 |. 8B8D A4FEFFFF
0040BD1A |. 898D 40FFFFFF
0040BD20 |. C645 FC 02
0040BD24 |. 8B15 AC874400
0040BD2A |. 52
[4487AC] = -1
0040BD2B |. 6A 00
0040BD2D |. 8B85 40FFFFFF
0040BD33 |. 50
[LOCAL.87]
0040BD34 |. 8D4D CC
0040BD37 |. E8 E4320000
fo.0040F020
0040BD3C |. C645 FC 01
0040BD40 |. 6A 00

MOV EDX,DWORD PTR DS:[EAX]


MOV ECX,DWORD PTR SS:[LOCAL.84]
MOV EAX,DWORD PTR DS:[EDX+1C]
CALL EAX
MOV EAX,DWORD PTR SS:[ARG.1]
JMP 0040C080
JMP 0040C080
LEA ECX,[LOCAL.14]
PUSH ECX

; /Arg1 =>

MOV ECX,DWORD PTR SS:[ARG.4]


CALL 00408E40

; |
; \SystemIn

MOV DWORD PTR


MOV EDX,DWORD
MOV DWORD PTR
MOV DWORD PTR
MOV EAX,DWORD
PUSH EAX

; /Arg1 =>

SS:[LOCAL.85],EAX
PTR SS:[LOCAL.85]
SS:[LOCAL.86],EDX
SS:[LOCAL.1],0
PTR SS:[LOCAL.86]

CALL 0040DD40

; \SystemIn

ADD ESP,4
MOV DWORD PTR SS:[LOCAL.4],EAX
MOV DWORD PTR SS:[LOCAL.1],-1
LEA ECX,[LOCAL.14]
CALL 004066E0
LEA ECX,[LOCAL.47+3]
MOV DWORD PTR SS:[LOCAL.46],ECX
PUSH 0
PUSH 0
LEA ECX,[LOCAL.13]
CALL 0040FB60

;
;
;
;

MOV DWORD PTR SS:[LOCAL.1],1


MOVZX EDX,BYTE PTR SS:[ARG.6]
TEST EDX,EDX
JE SHORT 0040BD4E
LEA EAX,[LOCAL.21]
PUSH EAX

; /Arg1 =>

MOV ECX,DWORD PTR SS:[LOCAL.4]


CALL 0040DA70

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.87],EAX


MOV ECX,DWORD PTR SS:[LOCAL.87]
MOV DWORD PTR SS:[LOCAL.48],ECX
MOV BYTE PTR SS:[LOCAL.1],2
MOV EDX,DWORD PTR DS:[4487AC]
PUSH EDX

; /Arg3 =>

PUSH 0
MOV EAX,DWORD PTR SS:[LOCAL.48]
PUSH EAX

; |Arg2 = 0
; |
; |Arg1 =>

LEA ECX,[LOCAL.13]
CALL 0040F020

; |
; \SystemIn

MOV BYTE PTR SS:[LOCAL.1],1


PUSH 0

; /Arg2 = 0

/Arg2 = 0
|Arg1 = 0
|
\SystemIn

0040BD42 |. 6A 01
0040BD44 |. 8D4D AC
0040BD47 |. E8 143E0000
fo.0040FB60
0040BD4C |. EB 49
0040BD4E |> 8D4D 90
0040BD51 |. 51
OFFSET LOCAL.28
0040BD52 |. 8B4D F0
0040BD55 |. E8 D61C0000
fo.0040DA30
0040BD5A |. 8985 A0FEFFFF
0040BD60 |. 8B95 A0FEFFFF
0040BD66 |. 8995 3CFFFFFF
0040BD6C |. C645 FC 03
0040BD70 |. A1 AC874400
0040BD75 |. 50
[4487AC] = -1
0040BD76 |. 6A 00
0040BD78 |. 8B8D 3CFFFFFF
0040BD7E |. 51
[LOCAL.88]
0040BD7F |. 8D4D CC
0040BD82 |. E8 99320000
fo.0040F020
0040BD87 |. C645 FC 01
0040BD8B |. 6A 00
0040BD8D |. 6A 01
0040BD8F |. 8D4D 90
0040BD92 |. E8 C93D0000
fo.0040FB60
0040BD97 |> 8B55 14
0040BD9A |. 8B42 18
0040BD9D |. 8985 38FFFFFF
0040BDA3 |. 83BD 38FFFFFF
0040BDAA |. 7E 4C
0040BDAC |. 8B4D 14
0040BDAF |. 8B51 18
0040BDB2 |. 8995 34FFFFFF
0040BDB8 |. 8B45 E0
0040BDBB |. 8985 30FFFFFF
0040BDC1 |. 8B8D 34FFFFFF
0040BDC7 |. 3B8D 30FFFFFF
0040BDCD |. 76 29
0040BDCF |. 8B55 14
0040BDD2 |. 8B42 18
0040BDD5 |. 8985 2CFFFFFF
0040BDDB |. 8B4D E0
0040BDDE |. 898D 28FFFFFF
0040BDE4 |. 8B95 2CFFFFFF
0040BDEA |. 2B95 28FFFFFF
0040BDF0 |. 8995 9CFEFFFF
0040BDF6 |. EB 0A
0040BDF8 |> C785 9CFEFFFF
0040BE02 |> 8B85 9CFEFFFF
0040BE08 |. 8945 EC
0040BE0B |. 8B4D 14
0040BE0E |. 8B51 10
0040BE11 |. 8995 24FFFFFF
0040BE17 |. 8B85 24FFFFFF

PUSH 1
LEA ECX,[LOCAL.21]
CALL 0040FB60

; |Arg1 = 1
; |
; \SystemIn

JMP SHORT 0040BD97


LEA ECX,[LOCAL.28]
PUSH ECX

; /Arg1 =>

MOV ECX,DWORD PTR SS:[LOCAL.4]


CALL 0040DA30

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.88],EAX


MOV EDX,DWORD PTR SS:[LOCAL.88]
MOV DWORD PTR SS:[LOCAL.49],EDX
MOV BYTE PTR SS:[LOCAL.1],3
MOV EAX,DWORD PTR DS:[4487AC]
PUSH EAX

; /Arg3 =>

PUSH 0
MOV ECX,DWORD PTR SS:[LOCAL.49]
PUSH ECX

; |Arg2 = 0
; |
; |Arg1 =>

LEA ECX,[LOCAL.13]
CALL 0040F020

; |
; \SystemIn

MOV BYTE PTR SS:[LOCAL.1],1


PUSH 0
PUSH 1
LEA ECX,[LOCAL.28]
CALL 0040FB60

;
;
;
;

MOV
MOV
MOV
CMP
JLE
MOV
MOV
MOV
MOV
MOV
MOV
CMP
JBE
MOV
MOV
MOV
MOV
MOV
MOV
SUB
MOV
JMP
MOV
MOV
MOV
MOV
MOV
MOV
MOV

EDX,DWORD PTR SS:[ARG.4]


EAX,DWORD PTR DS:[EDX+18]
DWORD PTR SS:[LOCAL.50],EAX
DWORD PTR SS:[LOCAL.50],0
SHORT 0040BDF8
ECX,DWORD PTR SS:[ARG.4]
EDX,DWORD PTR DS:[ECX+18]
DWORD PTR SS:[LOCAL.51],EDX
EAX,DWORD PTR SS:[LOCAL.8]
DWORD PTR SS:[LOCAL.52],EAX
ECX,DWORD PTR SS:[LOCAL.51]
ECX,DWORD PTR SS:[LOCAL.52]
SHORT 0040BDF8
EDX,DWORD PTR SS:[ARG.4]
EAX,DWORD PTR DS:[EDX+18]
DWORD PTR SS:[LOCAL.53],EAX
ECX,DWORD PTR SS:[LOCAL.8]
DWORD PTR SS:[LOCAL.54],ECX
EDX,DWORD PTR SS:[LOCAL.53]
EDX,DWORD PTR SS:[LOCAL.54]
DWORD PTR SS:[LOCAL.89],EDX
SHORT 0040BE02
DWORD PTR SS:[LOCAL.89],0
EAX,DWORD PTR SS:[LOCAL.89]
DWORD PTR SS:[LOCAL.5],EAX
ECX,DWORD PTR SS:[ARG.4]
EDX,DWORD PTR DS:[ECX+10]
DWORD PTR SS:[LOCAL.55],EDX
EAX,DWORD PTR SS:[LOCAL.55]

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

0040BE1D |.
0040BE22 |.
0040BE25 |.
0040BE2B |.
0040BE2E |.
0040BE34 |.
0040BE37 |.
0040BE3D |.
0040BE40 |.
0040BE46 |.
0040BE48 |>
0040BE4E |.
0040BE51 |.
0040BE57 |>
0040BE5E |.
0040BE60 |.
0040BE67 |.
0040BE69 |.
0040BE6D |.
0040BE6E |.
0040BE74 |.
fo.0040FC10
0040BE79 |.
0040BE7F |.
0040BE89 |.
0040BE8F |.
0040BE91 |.
0040BE97 |.
0040BE9A |.
0040BE9D |.
0040BE9F |.^
0040BEA1 |>
0040BEA8 |>^
0040BEAA |>
0040BEB0 |.
0040BEB3 |.
0040BEB9 |.
0040BEBC |.
0040BEBF |.
0040BEC2 |.
0040BEC5 |.
0040BEC8 |.
0040BECF |>
0040BED2 |.
0040BED8 |.
0040BEDC |.
0040BEDE |.
0040BEE1 |.
0040BEE7 |.
0040BEE9 |>
0040BEEC |.
0040BEF2 |>
0040BEF8 |.
0040BEFE |.
0040BF04 |.
0040BF0A |.
0040BF0D |.
0040BF13 |.
0040BF16 |.
0040BF1C |.

25 C0010000
83F8 40
0F84 A4000000
8B4D EC
898D 10FFFFFF
8B55 0C
8995 14FFFFFF
8B45 10
8985 18FFFFFF
EB 0F
8B8D 10FFFFFF
83E9 01
898D 10FFFFFF
83BD 10FFFFFF
76 4A
83BD 18FFFFFF
74 38
0FB655 18
52
8B8D 18FFFFFF
E8 973D0000

AND EAX,000001C0
CMP EAX,40
JE 0040BECF
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV DWORD PTR SS:[LOCAL.60],ECX
MOV EDX,DWORD PTR SS:[ARG.2]
MOV DWORD PTR SS:[LOCAL.59],EDX
MOV EAX,DWORD PTR SS:[ARG.3]
MOV DWORD PTR SS:[LOCAL.58],EAX
JMP SHORT 0040BE57
/MOV ECX,DWORD PTR SS:[LOCAL.60]
|SUB ECX,1
|MOV DWORD PTR SS:[LOCAL.60],ECX
|CMP DWORD PTR SS:[LOCAL.60],0
|JBE SHORT 0040BEAA
|CMP DWORD PTR SS:[LOCAL.58],0
|JE SHORT 0040BEA1
|MOVZX EDX,BYTE PTR SS:[ARG.5]
|PUSH EDX
|MOV ECX,DWORD PTR SS:[LOCAL.58]
|CALL 0040FC10

8985 20FFFFFF
C785 1CFFFFFF
8B85 1CFFFFFF
33C9
3B85 20FFFFFF
0F94C1
0FB6D1
85D2
74 07
C685 14FFFFFF
EB 9E
8B85 14FFFFFF
8945 88
8B8D 18FFFFFF
894D 8C
8B55 88
8B45 8C
8955 0C
8945 10
C745 EC 00000
8B4D E0
898D 0CFFFFFF
837D E4 10
72 0B
8B55 D0
8995 98FEFFFF
EB 09
8D45 D0
8985 98FEFFFF
8B8D 0CFFFFFF
898D E8FEFFFF
8B95 98FEFFFF
8995 ECFEFFFF
8B45 0C
8985 F0FEFFFF
8B4D 10
898D F4FEFFFF
EB 1E

|MOV DWORD PTR SS:[LOCAL.56],EAX


|MOV DWORD PTR SS:[LOCAL.57],-1
|MOV EAX,DWORD PTR SS:[LOCAL.57]
|XOR ECX,ECX
|CMP EAX,DWORD PTR SS:[LOCAL.56]
|SETE CL
|MOVZX EDX,CL
|TEST EDX,EDX
|JE SHORT 0040BEA8
|MOV BYTE PTR SS:[LOCAL.59],1
\JMP SHORT 0040BE48
MOV EAX,DWORD PTR SS:[LOCAL.59]
MOV DWORD PTR SS:[LOCAL.30],EAX
MOV ECX,DWORD PTR SS:[LOCAL.58]
MOV DWORD PTR SS:[LOCAL.29],ECX
MOV EDX,DWORD PTR SS:[LOCAL.30]
MOV EAX,DWORD PTR SS:[LOCAL.29]
MOV DWORD PTR SS:[ARG.2],EDX
MOV DWORD PTR SS:[ARG.3],EAX
MOV DWORD PTR SS:[LOCAL.5],0
MOV ECX,DWORD PTR SS:[LOCAL.8]
MOV DWORD PTR SS:[LOCAL.61],ECX
CMP DWORD PTR SS:[LOCAL.7],10
JB SHORT 0040BEE9
MOV EDX,DWORD PTR SS:[LOCAL.12]
MOV DWORD PTR SS:[LOCAL.90],EDX
JMP SHORT 0040BEF2
LEA EAX,[LOCAL.12]
MOV DWORD PTR SS:[LOCAL.90],EAX
MOV ECX,DWORD PTR SS:[LOCAL.61]
MOV DWORD PTR SS:[LOCAL.70],ECX
MOV EDX,DWORD PTR SS:[LOCAL.90]
MOV DWORD PTR SS:[LOCAL.69],EDX
MOV EAX,DWORD PTR SS:[ARG.2]
MOV DWORD PTR SS:[LOCAL.68],EAX
MOV ECX,DWORD PTR SS:[ARG.3]
MOV DWORD PTR SS:[LOCAL.67],ECX
JMP SHORT 0040BF3C

; /Arg1
; |
; \SystemIn

0040BF1E |>
0040BF24 |.
0040BF27 |.
0040BF2D |.
0040BF33 |.
0040BF36 |.
0040BF3C |>
0040BF43 |.
0040BF45 |.
0040BF4B |.
0040BF4D |.
0040BF53 |.
0040BF5A |.
0040BF5C |.
0040BF63 |.
0040BF64 |.
0040BF6A |.
fo.0040FC10
0040BF6F |.
0040BF75 |.
0040BF7F |.
0040BF85 |.
0040BF87 |.
0040BF8D |.
0040BF90 |.
0040BF93 |.
0040BF95 |.^
0040BF97 |>
0040BF9E |>^
0040BFA3 |>
0040BFA9 |.
0040BFAC |.
0040BFB2 |.
0040BFB5 |.
0040BFB8 |.
0040BFBB |.
0040BFBE |.
0040BFC1 |.
0040BFC4 |.
0040BFC7 |.
0040BFCD |.
0040BFD0 |.
0040BFD7 |.
0040BFDA |.
0040BFE0 |.
0040BFE3 |.
0040BFE9 |.
0040BFEC |.
0040BFF2 |.
0040BFF4 |>
0040BFFA |.
0040BFFD |.
0040C003 |>
0040C00A |.
0040C00C |.
0040C013 |.
0040C015 |.
0040C019 |.
0040C01A |.
0040C020 |.

8B95 E8FEFFFF
83EA 01
8995 E8FEFFFF
8B85 ECFEFFFF
83C0 01
8985 ECFEFFFF
83BD E8FEFFFF
76 5E
8B8D ECFEFFFF
8A11
8895 FBFEFFFF
83BD F4FEFFFF
74 3B
0FB685 FBFEFF
50
8B8D F4FEFFFF
E8 A13C0000

/MOV EDX,DWORD PTR SS:[LOCAL.70]


|SUB EDX,1
|MOV DWORD PTR SS:[LOCAL.70],EDX
|MOV EAX,DWORD PTR SS:[LOCAL.69]
|ADD EAX,1
|MOV DWORD PTR SS:[LOCAL.69],EAX
|CMP DWORD PTR SS:[LOCAL.70],0
|JBE SHORT 0040BFA3
|MOV ECX,DWORD PTR SS:[LOCAL.69]
|MOV DL,BYTE PTR DS:[ECX]
|MOV BYTE PTR SS:[LOCAL.66+3],DL
|CMP DWORD PTR SS:[LOCAL.67],0
|JE SHORT 0040BF97
|MOVZX EAX,BYTE PTR SS:[LOCAL.66+3]
|PUSH EAX
|MOV ECX,DWORD PTR SS:[LOCAL.67]
|CALL 0040FC10

; /Arg1
; |
; \SystemIn

8985 08FFFFFF
C785 04FFFFFF
8B8D 04FFFFFF
33D2
3B8D 08FFFFFF
0F94C2
0FB6C2
85C0
74 07
C685 F0FEFFFF
E9 7BFFFFFF
8B8D F0FEFFFF
894D 80
8B95 F4FEFFFF
8955 84
8B45 80
8B4D 84
8945 0C
894D 10
8B55 14
8B42 18
8985 E4FEFFFF
8B4D 14
C741 18 00000
8B55 EC
8995 C8FEFFFF
8B45 0C
8985 CCFEFFFF
8B4D 10
898D D0FEFFFF
EB 0F
8B95 C8FEFFFF
83EA 01
8995 C8FEFFFF
83BD C8FEFFFF
76 4A
83BD D0FEFFFF
74 38
0FB645 18
50
8B8D D0FEFFFF
E8 EB3B0000

|MOV DWORD PTR SS:[LOCAL.62],EAX


|MOV DWORD PTR SS:[LOCAL.63],-1
|MOV ECX,DWORD PTR SS:[LOCAL.63]
|XOR EDX,EDX
|CMP ECX,DWORD PTR SS:[LOCAL.62]
|SETE DL
|MOVZX EAX,DL
|TEST EAX,EAX
|JE SHORT 0040BF9E
|MOV BYTE PTR SS:[LOCAL.68],1
\JMP 0040BF1E
MOV ECX,DWORD PTR SS:[LOCAL.68]
MOV DWORD PTR SS:[LOCAL.32],ECX
MOV EDX,DWORD PTR SS:[LOCAL.67]
MOV DWORD PTR SS:[LOCAL.31],EDX
MOV EAX,DWORD PTR SS:[LOCAL.32]
MOV ECX,DWORD PTR SS:[LOCAL.31]
MOV DWORD PTR SS:[ARG.2],EAX
MOV DWORD PTR SS:[ARG.3],ECX
MOV EDX,DWORD PTR SS:[ARG.4]
MOV EAX,DWORD PTR DS:[EDX+18]
MOV DWORD PTR SS:[LOCAL.71],EAX
MOV ECX,DWORD PTR SS:[ARG.4]
MOV DWORD PTR DS:[ECX+18],0
MOV EDX,DWORD PTR SS:[LOCAL.5]
MOV DWORD PTR SS:[LOCAL.78],EDX
MOV EAX,DWORD PTR SS:[ARG.2]
MOV DWORD PTR SS:[LOCAL.77],EAX
MOV ECX,DWORD PTR SS:[ARG.3]
MOV DWORD PTR SS:[LOCAL.76],ECX
JMP SHORT 0040C003
/MOV EDX,DWORD PTR SS:[LOCAL.78]
|SUB EDX,1
|MOV DWORD PTR SS:[LOCAL.78],EDX
|CMP DWORD PTR SS:[LOCAL.78],0
|JBE SHORT 0040C056
|CMP DWORD PTR SS:[LOCAL.76],0
|JE SHORT 0040C04D
|MOVZX EAX,BYTE PTR SS:[ARG.5]
|PUSH EAX
|MOV ECX,DWORD PTR SS:[LOCAL.76]
|CALL 0040FC10

; /Arg1
; |
; \SystemIn

fo.0040FC10
0040C025 |. 8985 E0FEFFFF
0040C02B |. C785 DCFEFFFF
0040C035 |. 8B8D DCFEFFFF
0040C03B |. 33D2
0040C03D |. 3B8D E0FEFFFF
0040C043 |. 0F94C2
0040C046 |. 0FB6C2
0040C049 |. 85C0
0040C04B |.^ 74 07
0040C04D |> C685 CCFEFFFF
0040C054 |>^ EB 9E
0040C056 |> 8B4D 08
0040C059 |. 8B95 CCFEFFFF
0040C05F |. 8911
0040C061 |. 8B85 D0FEFFFF
0040C067 |. 8941 04
0040C06A |. C745 FC FFFFF
0040C071 |. 6A 00
0040C073 |. 6A 01
0040C075 |. 8D4D CC
0040C078 |. E8 E33A0000
fo.0040FB60
0040C07D |. 8B45 08
0040C080 |> 8B4D F4
0040C083 |. 64:890D 00000
0040C08A |. 59
0040C08B |. 8B4D E8
0040C08E |. 33CD
0040C090 |. E8 5C260200
0040C095 |. 8BE5
0040C097 |. 5D
0040C098 \. C2 1800
0040C09B
CC
0040C09C
CC
0040C09D
CC
0040C09E
CC
0040C09F
CC
0040C0A0 /. 55
0040C0A1 |. 8BEC
0040C0A3 |. 81EC BC000000
0040C0A9 |. A1 A0154500
0040C0AE |. 33C5
0040C0B0 |. 8945 F8
0040C0B3 |. 898D 44FFFFFF
0040C0B9 |. C745 FC 40000
0040C0C0 |. 8B45 14
0040C0C3 |. 8B48 10
0040C0C6 |. 894D AC
0040C0C9 |. 8B55 1C
0040C0CC |. 52
0040C0CD |. 8B45 AC
0040C0D0 |. 50
[LOCAL.21]
0040C0D1 |. 68 C0884400
SCII "ld"
0040C0D6 |. 8D4D B0
0040C0D9 |. 51
OFFSET LOCAL.20
0040C0DA |. 8B95 44FFFFFF

|MOV DWORD PTR SS:[LOCAL.72],EAX


|MOV DWORD PTR SS:[LOCAL.73],-1
|MOV ECX,DWORD PTR SS:[LOCAL.73]
|XOR EDX,EDX
|CMP ECX,DWORD PTR SS:[LOCAL.72]
|SETE DL
|MOVZX EAX,DL
|TEST EAX,EAX
|JE SHORT 0040C054
|MOV BYTE PTR SS:[LOCAL.77],1
\JMP SHORT 0040BFF4
MOV ECX,DWORD PTR SS:[ARG.1]
MOV EDX,DWORD PTR SS:[LOCAL.77]
MOV DWORD PTR DS:[ECX],EDX
MOV EAX,DWORD PTR SS:[LOCAL.76]
MOV DWORD PTR DS:[ECX+4],EAX
MOV DWORD PTR SS:[LOCAL.1],-1
PUSH 0
PUSH 1
LEA ECX,[LOCAL.13]
CALL 0040FB60

;
;
;
;

MOV EAX,DWORD
MOV ECX,DWORD
MOV DWORD PTR
POP ECX
MOV ECX,DWORD
XOR ECX,EBP
CALL 0042E6F1
MOV ESP,EBP
POP EBP
RETN 18
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
SUB ESP,0BC
MOV EAX,DWORD
XOR EAX,EBP
MOV DWORD PTR
MOV DWORD PTR
MOV DWORD PTR
MOV EAX,DWORD
MOV ECX,DWORD
MOV DWORD PTR
MOV EDX,DWORD
PUSH EDX
MOV EAX,DWORD
PUSH EAX

; /Arg4 =>

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

PTR SS:[ARG.1]
PTR SS:[EBP-0C]
FS:[0],ECX
PTR SS:[EBP-18]

PTR DS:[4515A0]
SS:[LOCAL.2],EAX
SS:[LOCAL.47],ECX
SS:[LOCAL.1],40
PTR SS:[ARG.4]
PTR DS:[EAX+10]
SS:[LOCAL.21],ECX
PTR SS:[ARG.6]
PTR SS:[LOCAL.21]

PUSH OFFSET 004488C0

; |Arg3 = A

LEA ECX,[LOCAL.20]
PUSH ECX

; |
; |Arg2 =>

MOV EDX,DWORD PTR SS:[LOCAL.47]

; |

0040C0E0 |. 52
ARG.ECX
0040C0E1 |. E8 EA110000
fo.0040D2D0
0040C0E6 |. 83C4 10
0040C0E9 |. 50
0040C0EA |. 6A 40
0
0040C0EC |. 8D45 B8
0040C0EF |. 50
OFFSET LOCAL.18
0040C0F0 |. E8 E0340200
fo.0042F5D5
0040C0F5 |. 83C4 10
0040C0F8 |. 50
0040C0F9 |. 8D4D B8
0040C0FC |. 51
OFFSET LOCAL.18
0040C0FD |. 0FB655 18
0040C101 |. 52
0040C102 |. 8B45 14
0040C105 |. 50
[ARG.4]
0040C106 |. 8B4D 10
0040C109 |. 51
[ARG.3]
0040C10A |. 8B55 0C
0040C10D |. 52
[ARG.2]
0040C10E |. 8B45 08
0040C111 |. 50
[ARG.1]
0040C112 |. 8B8D 44FFFFFF
0040C118 |. 51
ARG.ECX
0040C119 |. E8 B2120000
fo.0040D3D0
0040C11E |. 83C4 20
0040C121 |. 8B45 08
0040C124 |. 8B4D F8
0040C127 |. 33CD
0040C129 |. E8 C3250200
0040C12E |. 8BE5
0040C130 |. 5D
0040C131 \. C2 1800
0040C134
CC
0040C135
CC
0040C136
CC
0040C137
CC
0040C138
CC
0040C139
CC
0040C13A
CC
0040C13B
CC
0040C13C
CC
0040C13D
CC
0040C13E
CC
0040C13F
CC
0040C140 /. 55
0040C141 |. 8BEC
0040C143 |. 81EC BC000000

PUSH EDX

; |Arg1 =>

CALL 0040D2D0

; \SystemIn

ADD ESP,10
PUSH EAX
PUSH 40

; /Format
; |Arg2 = 4

LEA EAX,[LOCAL.18]
PUSH EAX

; |
; |Arg1 =>

CALL 0042F5D5

; \SystemIn

ADD ESP,10
PUSH EAX
LEA ECX,[LOCAL.18]
PUSH ECX

; /Arg8
; |
; |Arg7 =>

MOVZX EDX,BYTE PTR SS:[ARG.5]


PUSH EDX
MOV EAX,DWORD PTR SS:[ARG.4]
PUSH EAX

;
;
;
;

MOV ECX,DWORD PTR SS:[ARG.3]


PUSH ECX

; |
; |Arg4 =>

MOV EDX,DWORD PTR SS:[ARG.2]


PUSH EDX

; |
; |Arg3 =>

MOV EAX,DWORD PTR SS:[ARG.1]


PUSH EAX

; |
; |Arg2 =>

MOV ECX,DWORD PTR SS:[LOCAL.47]


PUSH ECX

; |
; |Arg1 =>

CALL 0040D3D0

; \SystemIn

ADD ESP,20
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ECX,DWORD PTR SS:[LOCAL.2]
XOR ECX,EBP
CALL 0042E6F1
MOV ESP,EBP
POP EBP
RETN 18
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
SUB ESP,0BC

|
|Arg6
|
|Arg5 =>

0040C149 |. A1 A0154500
0040C14E |. 33C5
0040C150 |. 8945 F8
0040C153 |. 898D 44FFFFFF
0040C159 |. C745 FC 40000
0040C160 |. 8B45 14
0040C163 |. 8B48 10
0040C166 |. 894D AC
0040C169 |. 8B55 1C
0040C16C |. 52
0040C16D |. 8B45 AC
0040C170 |. 50
[LOCAL.21]
0040C171 |. 68 C4884400
SCII "lu"
0040C176 |. 8D4D B0
0040C179 |. 51
OFFSET LOCAL.20
0040C17A |. 8B95 44FFFFFF
0040C180 |. 52
ARG.ECX
0040C181 |. E8 4A110000
fo.0040D2D0
0040C186 |. 83C4 10
0040C189 |. 50
0040C18A |. 6A 40
0
0040C18C |. 8D45 B8
0040C18F |. 50
OFFSET LOCAL.18
0040C190 |. E8 40340200
fo.0042F5D5
0040C195 |. 83C4 10
0040C198 |. 50
0040C199 |. 8D4D B8
0040C19C |. 51
OFFSET LOCAL.18
0040C19D |. 0FB655 18
0040C1A1 |. 52
0040C1A2 |. 8B45 14
0040C1A5 |. 50
[ARG.4]
0040C1A6 |. 8B4D 10
0040C1A9 |. 51
[ARG.3]
0040C1AA |. 8B55 0C
0040C1AD |. 52
[ARG.2]
0040C1AE |. 8B45 08
0040C1B1 |. 50
[ARG.1]
0040C1B2 |. 8B8D 44FFFFFF
0040C1B8 |. 51
ARG.ECX
0040C1B9 |. E8 12120000
fo.0040D3D0
0040C1BE |. 83C4 20
0040C1C1 |. 8B45 08
0040C1C4 |. 8B4D F8
0040C1C7 |. 33CD

MOV EAX,DWORD
XOR EAX,EBP
MOV DWORD PTR
MOV DWORD PTR
MOV DWORD PTR
MOV EAX,DWORD
MOV ECX,DWORD
MOV DWORD PTR
MOV EDX,DWORD
PUSH EDX
MOV EAX,DWORD
PUSH EAX

PTR DS:[4515A0]
SS:[LOCAL.2],EAX
SS:[LOCAL.47],ECX
SS:[LOCAL.1],40
PTR SS:[ARG.4]
PTR DS:[EAX+10]
SS:[LOCAL.21],ECX
PTR SS:[ARG.6]
PTR SS:[LOCAL.21]
; /Arg4 =>

PUSH OFFSET 004488C4

; |Arg3 = A

LEA ECX,[LOCAL.20]
PUSH ECX

; |
; |Arg2 =>

MOV EDX,DWORD PTR SS:[LOCAL.47]


PUSH EDX

; |
; |Arg1 =>

CALL 0040D2D0

; \SystemIn

ADD ESP,10
PUSH EAX
PUSH 40

; /Format
; |Arg2 = 4

LEA EAX,[LOCAL.18]
PUSH EAX

; |
; |Arg1 =>

CALL 0042F5D5

; \SystemIn

ADD ESP,10
PUSH EAX
LEA ECX,[LOCAL.18]
PUSH ECX

; /Arg8
; |
; |Arg7 =>

MOVZX EDX,BYTE PTR SS:[ARG.5]


PUSH EDX
MOV EAX,DWORD PTR SS:[ARG.4]
PUSH EAX

;
;
;
;

MOV ECX,DWORD PTR SS:[ARG.3]


PUSH ECX

; |
; |Arg4 =>

MOV EDX,DWORD PTR SS:[ARG.2]


PUSH EDX

; |
; |Arg3 =>

MOV EAX,DWORD PTR SS:[ARG.1]


PUSH EAX

; |
; |Arg2 =>

MOV ECX,DWORD PTR SS:[LOCAL.47]


PUSH ECX

; |
; |Arg1 =>

CALL 0040D3D0

; \SystemIn

ADD
MOV
MOV
XOR

ESP,20
EAX,DWORD PTR SS:[ARG.1]
ECX,DWORD PTR SS:[LOCAL.2]
ECX,EBP

|
|Arg6
|
|Arg5 =>

0040C1C9 |. E8 23250200
0040C1CE |. 8BE5
0040C1D0 |. 5D
0040C1D1 \. C2 1800
0040C1D4
CC
0040C1D5
CC
0040C1D6
CC
0040C1D7
CC
0040C1D8
CC
0040C1D9
CC
0040C1DA
CC
0040C1DB
CC
0040C1DC
CC
0040C1DD
CC
0040C1DE
CC
0040C1DF
CC
0040C1E0 /. 55
0040C1E1 |. 8BEC
0040C1E3 |. 81EC BC000000
0040C1E9 |. A1 A0154500
0040C1EE |. 33C5
0040C1F0 |. 8945 F8
0040C1F3 |. 898D 44FFFFFF
0040C1F9 |. C745 FC 40000
0040C200 |. 8B45 14
0040C203 |. 8B48 10
0040C206 |. 894D AC
0040C209 |. 8B55 20
0040C20C |. 52
0040C20D |. 8B45 1C
0040C210 |. 50
0040C211 |. 8B4D AC
0040C214 |. 51
[LOCAL.21]
0040C215 |. 68 C8884400
SCII "Ld"
0040C21A |. 8D55 B0
0040C21D |. 52
OFFSET LOCAL.20
0040C21E |. 8B85 44FFFFFF
0040C224 |. 50
ARG.ECX
0040C225 |. E8 A6100000
fo.0040D2D0
0040C22A |. 83C4 10
0040C22D |. 50
0040C22E |. 6A 40
0
0040C230 |. 8D4D B8
0040C233 |. 51
OFFSET LOCAL.18
0040C234 |. E8 9C330200
fo.0042F5D5
0040C239 |. 83C4 14
0040C23C |. 50
0040C23D |. 8D55 B8
0040C240 |. 52
OFFSET LOCAL.18
0040C241 |. 0FB645 18
0040C245 |. 50

CALL 0042E6F1
MOV ESP,EBP
POP EBP
RETN 18
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
SUB ESP,0BC
MOV EAX,DWORD
XOR EAX,EBP
MOV DWORD PTR
MOV DWORD PTR
MOV DWORD PTR
MOV EAX,DWORD
MOV ECX,DWORD
MOV DWORD PTR
MOV EDX,DWORD
PUSH EDX
MOV EAX,DWORD
PUSH EAX
MOV ECX,DWORD
PUSH ECX

PTR DS:[4515A0]
SS:[LOCAL.2],EAX
SS:[LOCAL.47],ECX
SS:[LOCAL.1],40
PTR SS:[ARG.4]
PTR DS:[EAX+10]
SS:[LOCAL.21],ECX
PTR SS:[ARG.7]
PTR SS:[ARG.6]
PTR SS:[LOCAL.21]
; /Arg4 =>

PUSH OFFSET 004488C8

; |Arg3 = A

LEA EDX,[LOCAL.20]
PUSH EDX

; |
; |Arg2 =>

MOV EAX,DWORD PTR SS:[LOCAL.47]


PUSH EAX

; |
; |Arg1 =>

CALL 0040D2D0

; \SystemIn

ADD ESP,10
PUSH EAX
PUSH 40

; /Format
; |Arg2 = 4

LEA ECX,[LOCAL.18]
PUSH ECX

; |
; |Arg1 =>

CALL 0042F5D5

; \SystemIn

ADD ESP,14
PUSH EAX
LEA EDX,[LOCAL.18]
PUSH EDX

; /Arg8
; |
; |Arg7 =>

MOVZX EAX,BYTE PTR SS:[ARG.5]


PUSH EAX

; |
; |Arg6

0040C246 |. 8B4D 14
0040C249 |. 51
[ARG.4]
0040C24A |. 8B55 10
0040C24D |. 52
[ARG.3]
0040C24E |. 8B45 0C
0040C251 |. 50
[ARG.2]
0040C252 |. 8B4D 08
0040C255 |. 51
[ARG.1]
0040C256 |. 8B95 44FFFFFF
0040C25C |. 52
ARG.ECX
0040C25D |. E8 6E110000
fo.0040D3D0
0040C262 |. 83C4 20
0040C265 |. 8B45 08
0040C268 |. 8B4D F8
0040C26B |. 33CD
0040C26D |. E8 7F240200
0040C272 |. 8BE5
0040C274 |. 5D
0040C275 \. C2 1C00
0040C278
CC
0040C279
CC
0040C27A
CC
0040C27B
CC
0040C27C
CC
0040C27D
CC
0040C27E
CC
0040C27F
CC
0040C280 /. 55
0040C281 |. 8BEC
0040C283 |. 81EC BC000000
0040C289 |. A1 A0154500
0040C28E |. 33C5
0040C290 |. 8945 F8
0040C293 |. 898D 44FFFFFF
0040C299 |. C745 FC 40000
0040C2A0 |. 8B45 14
0040C2A3 |. 8B48 10
0040C2A6 |. 894D AC
0040C2A9 |. 8B55 20
0040C2AC |. 52
0040C2AD |. 8B45 1C
0040C2B0 |. 50
0040C2B1 |. 8B4D AC
0040C2B4 |. 51
[LOCAL.21]
0040C2B5 |. 68 CC884400
SCII "Lu"
0040C2BA |. 8D55 B0
0040C2BD |. 52
OFFSET LOCAL.20
0040C2BE |. 8B85 44FFFFFF
0040C2C4 |. 50
ARG.ECX
0040C2C5 |. E8 06100000

MOV ECX,DWORD PTR SS:[ARG.4]


PUSH ECX

; |
; |Arg5 =>

MOV EDX,DWORD PTR SS:[ARG.3]


PUSH EDX

; |
; |Arg4 =>

MOV EAX,DWORD PTR SS:[ARG.2]


PUSH EAX

; |
; |Arg3 =>

MOV ECX,DWORD PTR SS:[ARG.1]


PUSH ECX

; |
; |Arg2 =>

MOV EDX,DWORD PTR SS:[LOCAL.47]


PUSH EDX

; |
; |Arg1 =>

CALL 0040D3D0

; \SystemIn

ADD ESP,20
MOV EAX,DWORD
MOV ECX,DWORD
XOR ECX,EBP
CALL 0042E6F1
MOV ESP,EBP
POP EBP
RETN 1C
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
SUB ESP,0BC
MOV EAX,DWORD
XOR EAX,EBP
MOV DWORD PTR
MOV DWORD PTR
MOV DWORD PTR
MOV EAX,DWORD
MOV ECX,DWORD
MOV DWORD PTR
MOV EDX,DWORD
PUSH EDX
MOV EAX,DWORD
PUSH EAX
MOV ECX,DWORD
PUSH ECX

PTR SS:[ARG.1]
PTR SS:[LOCAL.2]

PTR DS:[4515A0]
SS:[LOCAL.2],EAX
SS:[LOCAL.47],ECX
SS:[LOCAL.1],40
PTR SS:[ARG.4]
PTR DS:[EAX+10]
SS:[LOCAL.21],ECX
PTR SS:[ARG.7]
PTR SS:[ARG.6]
PTR SS:[LOCAL.21]
; /Arg4 =>

PUSH OFFSET 004488CC

; |Arg3 = A

LEA EDX,[LOCAL.20]
PUSH EDX

; |
; |Arg2 =>

MOV EAX,DWORD PTR SS:[LOCAL.47]


PUSH EAX

; |
; |Arg1 =>

CALL 0040D2D0

; \SystemIn

fo.0040D2D0
0040C2CA |. 83C4 10
0040C2CD |. 50
0040C2CE |. 6A 40
0
0040C2D0 |. 8D4D B8
0040C2D3 |. 51
OFFSET LOCAL.18
0040C2D4 |. E8 FC320200
fo.0042F5D5
0040C2D9 |. 83C4 14
0040C2DC |. 50
0040C2DD |. 8D55 B8
0040C2E0 |. 52
OFFSET LOCAL.18
0040C2E1 |. 0FB645 18
0040C2E5 |. 50
0040C2E6 |. 8B4D 14
0040C2E9 |. 51
[ARG.4]
0040C2EA |. 8B55 10
0040C2ED |. 52
[ARG.3]
0040C2EE |. 8B45 0C
0040C2F1 |. 50
[ARG.2]
0040C2F2 |. 8B4D 08
0040C2F5 |. 51
[ARG.1]
0040C2F6 |. 8B95 44FFFFFF
0040C2FC |. 52
ARG.ECX
0040C2FD |. E8 CE100000
fo.0040D3D0
0040C302 |. 83C4 20
0040C305 |. 8B45 08
0040C308 |. 8B4D F8
0040C30B |. 33CD
0040C30D |. E8 DF230200
0040C312 |. 8BE5
0040C314 |. 5D
0040C315 \. C2 1C00
0040C318
CC
0040C319
CC
0040C31A
CC
0040C31B
CC
0040C31C
CC
0040C31D
CC
0040C31E
CC
0040C31F
CC
0040C320 /. 55
0040C321 |. 8BEC
0040C323 |. 81EC C4000000
0040C329 |. A1 A0154500
0040C32E |. 33C5
0040C330 |. 8945 EC
0040C333 |. 898D 48FFFFFF
0040C339 |. C745 F0 6C000
0040C340 |. 8B45 14
0040C343 |. 8B48 14

ADD ESP,10
PUSH EAX
PUSH 40

; /Format
; |Arg2 = 4

LEA ECX,[LOCAL.18]
PUSH ECX

; |
; |Arg1 =>

CALL 0042F5D5

; \SystemIn

ADD ESP,14
PUSH EAX
LEA EDX,[LOCAL.18]
PUSH EDX

; /Arg8
; |
; |Arg7 =>

MOVZX EAX,BYTE PTR SS:[ARG.5]


PUSH EAX
MOV ECX,DWORD PTR SS:[ARG.4]
PUSH ECX

;
;
;
;

MOV EDX,DWORD PTR SS:[ARG.3]


PUSH EDX

; |
; |Arg4 =>

MOV EAX,DWORD PTR SS:[ARG.2]


PUSH EAX

; |
; |Arg3 =>

MOV ECX,DWORD PTR SS:[ARG.1]


PUSH ECX

; |
; |Arg2 =>

MOV EDX,DWORD PTR SS:[LOCAL.47]


PUSH EDX

; |
; |Arg1 =>

CALL 0040D3D0

; \SystemIn

ADD ESP,20
MOV EAX,DWORD
MOV ECX,DWORD
XOR ECX,EBP
CALL 0042E6F1
MOV ESP,EBP
POP EBP
RETN 1C
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
SUB ESP,0C4
MOV EAX,DWORD
XOR EAX,EBP
MOV DWORD PTR
MOV DWORD PTR
MOV DWORD PTR
MOV EAX,DWORD
MOV ECX,DWORD

PTR SS:[ARG.1]
PTR SS:[LOCAL.2]

PTR DS:[4515A0]
SS:[LOCAL.5],EAX
SS:[LOCAL.46],ECX
SS:[LOCAL.4],6C
PTR SS:[ARG.4]
PTR DS:[EAX+14]

|
|Arg6
|
|Arg5 =>

0040C346 |. 898D 64FFFFFF MOV DWORD PTR SS:[LOCAL.39],ECX


0040C34C |. 83BD 64FFFFFF CMP DWORD PTR SS:[LOCAL.39],0
0040C353 |. 7F 26
JG SHORT 0040C37B
0040C355 |. 8B55 14
MOV EDX,DWORD PTR SS:[ARG.4]
0040C358 |. 8B42 10
MOV EAX,DWORD PTR DS:[EDX+10]
0040C35B |. 8985 60FFFFFF MOV DWORD PTR SS:[LOCAL.40],EAX
0040C361 |. 8B8D 60FFFFFF MOV ECX,DWORD PTR SS:[LOCAL.40]
0040C367 |. 81E1 00200000 AND ECX,00002000
0040C36D |. 75 0C
JNE SHORT 0040C37B
0040C36F |. C785 44FFFFFF MOV DWORD PTR SS:[LOCAL.47],6
0040C379 |. EB 18
JMP SHORT 0040C393
0040C37B |> 8B95 5CFFFFFF MOV EDX,DWORD PTR SS:[LOCAL.41]
0040C381 |. 8995 44FFFFFF MOV DWORD PTR SS:[LOCAL.47],EDX
0040C387 |. 8B45 14
MOV EAX,DWORD PTR SS:[ARG.4]
0040C38A |. 8B48 14
MOV ECX,DWORD PTR DS:[EAX+14]
0040C38D |. 898D 44FFFFFF MOV DWORD PTR SS:[LOCAL.47],ECX
0040C393 |> 8B95 44FFFFFF MOV EDX,DWORD PTR SS:[LOCAL.47]
0040C399 |. 8955 F4
MOV DWORD PTR SS:[LOCAL.3],EDX
0040C39C |. 837D F4 24
CMP DWORD PTR SS:[LOCAL.3],24
0040C3A0 |. 7E 0C
JLE SHORT 0040C3AE
0040C3A2 |. C785 40FFFFFF MOV DWORD PTR SS:[LOCAL.48],24
0040C3AC |. EB 09
JMP SHORT 0040C3B7
0040C3AE |> 8B45 F4
MOV EAX,DWORD PTR SS:[LOCAL.3]
0040C3B1 |. 8985 40FFFFFF MOV DWORD PTR SS:[LOCAL.48],EAX
0040C3B7 |> 8B8D 40FFFFFF MOV ECX,DWORD PTR SS:[LOCAL.48]
0040C3BD |. 898D 6CFFFFFF MOV DWORD PTR SS:[LOCAL.37],ECX
0040C3C3 |. 8B55 F4
MOV EDX,DWORD PTR SS:[LOCAL.3]
0040C3C6 |. 2B95 6CFFFFFF SUB EDX,DWORD PTR SS:[LOCAL.37]
0040C3CC |. 8955 F4
MOV DWORD PTR SS:[LOCAL.3],EDX
0040C3CF |. C745 FC 00000 MOV DWORD PTR SS:[LOCAL.1],0
0040C3D6 |. C745 F8 00000 MOV DWORD PTR SS:[LOCAL.2],0
0040C3DD |. 8B45 14
MOV EAX,DWORD PTR SS:[ARG.4]
0040C3E0 |. 8B48 10
MOV ECX,DWORD PTR DS:[EAX+10]
0040C3E3 |. 898D 58FFFFFF MOV DWORD PTR SS:[LOCAL.42],ECX
0040C3E9 |. 8B95 58FFFFFF MOV EDX,DWORD PTR SS:[LOCAL.42]
0040C3EF |. 81E2 00300000 AND EDX,00003000
0040C3F5 |. 81FA 00200000 CMP EDX,2000
0040C3FB |. 0F85 EE000000 JNE 0040C4EF
0040C401 |. DD45 1C
FLD QWORD PTR SS:[ARG.6]
0040C404 |. DC0D F0884400 FMUL QWORD PTR DS:[4488F0]
000000000000000
0040C40A |. DC5D 1C
FCOMP QWORD PTR SS:[ARG.6]
0040C40D |. DFE0
FSTSW AX
0040C40F |. F6C4 44
TEST AH,44
0040C412 |. 0F8B D7000000 JPO 0040C4EF
0040C418 |. D9EE
FLDZ
0040C41A |. DC5D 1C
FCOMP QWORD PTR SS:[ARG.6]
0040C41D |. DFE0
FSTSW AX
0040C41F |. F6C4 41
TEST AH,41
0040C422 |. 75 0C
JNE SHORT 0040C430
ST<=[EBP+1C] in preceding FCOMP
0040C424 |. C785 3CFFFFFF MOV DWORD PTR SS:[LOCAL.49],1
0040C42E |. EB 0A
JMP SHORT 0040C43A
0040C430 |> C785 3CFFFFFF MOV DWORD PTR SS:[LOCAL.49],0
0040C43A |> 8A85 3CFFFFFF MOV AL,BYTE PTR SS:[LOCAL.49]
0040C440 |. 8885 6BFFFFFF MOV BYTE PTR SS:[LOCAL.38+3],AL
0040C446 |. 0FB68D 6BFFFF MOVZX ECX,BYTE PTR SS:[LOCAL.38+3]
0040C44D |. 85C9
TEST ECX,ECX
0040C44F |. 74 08
JE SHORT 0040C459
0040C451 |. DD45 1C
FLD QWORD PTR SS:[ARG.6]

; FLOAT 0.5

; Taken if

0040C454 |. D9E0
FCHS
0040C456 |. DD5D 1C
FSTP QWORD PTR SS:[ARG.6]
0040C459 |> EB 09
JMP SHORT 0040C464
0040C45B |> 8B55 FC
/MOV EDX,DWORD PTR SS:[LOCAL.1]
0040C45E |. 83C2 0A
|ADD EDX,0A
0040C461 |. 8955 FC
|MOV DWORD PTR SS:[LOCAL.1],EDX
0040C464 |> DD45 1C
|FLD QWORD PTR SS:[ARG.6]
0040C467 |. DC1D E0884400 |FCOMP QWORD PTR DS:[4488E0]
00000000000000e+35
0040C46D |. DFE0
|FSTSW AX
0040C46F |. F6C4 01
|TEST AH,01
0040C472 |. 75 17
|JNE SHORT 0040C48B
ST<[4488E0] in preceding FCOMP
0040C474 |. 817D FC 88130 |CMP DWORD PTR SS:[LOCAL.1],1388
0040C47B |. 73 0E
|JNB SHORT 0040C48B
0040C47D |. DD45 1C
|FLD QWORD PTR SS:[ARG.6]
0040C480 |. DC35 D8884400 |FDIV QWORD PTR DS:[4488D8]
00000000.00000
0040C486 |. DD5D 1C
|FSTP QWORD PTR SS:[ARG.6]
0040C489 |.^ EB D0
\JMP SHORT 0040C45B
0040C48B |> DD45 1C
FLD QWORD PTR SS:[ARG.6]
0040C48E |. DC1D E8884400 FCOMP QWORD PTR DS:[4488E8]
0040C494 |. DFE0
FSTSW AX
0040C496 |. F6C4 41
TEST AH,41
0040C499 |. 75 41
JNE SHORT 0040C4DC
ST<=[4488E8] in preceding FCOMP
0040C49B |. EB 09
JMP SHORT 0040C4A6
0040C49D |> 8B45 F8
/MOV EAX,DWORD PTR SS:[LOCAL.2]
0040C4A0 |. 83C0 0A
|ADD EAX,0A
0040C4A3 |. 8945 F8
|MOV DWORD PTR SS:[LOCAL.2],EAX
0040C4A6 |> 837D F4 0A
|CMP DWORD PTR SS:[LOCAL.3],0A
0040C4AA |. 7C 30
|JL SHORT 0040C4DC
0040C4AC |. DD05 D0884400 |FLD QWORD PTR DS:[4488D0]
00000000000000e-35
0040C4B2 |. DC5D 1C
|FCOMP QWORD PTR SS:[ARG.6]
0040C4B5 |. DFE0
|FSTSW AX
0040C4B7 |. F6C4 01
|TEST AH,01
0040C4BA |. 75 20
|JNE SHORT 0040C4DC
ST<[EBP+1C] in preceding FCOMP
0040C4BC |. 817D F8 88130 |CMP DWORD PTR SS:[LOCAL.2],1388
0040C4C3 |. 73 17
|JNB SHORT 0040C4DC
0040C4C5 |. DD45 1C
|FLD QWORD PTR SS:[ARG.6]
0040C4C8 |. DC0D D8884400 |FMUL QWORD PTR DS:[4488D8]
00000000.00000
0040C4CE |. DD5D 1C
|FSTP QWORD PTR SS:[ARG.6]
0040C4D1 |. 8B4D F4
|MOV ECX,DWORD PTR SS:[LOCAL.3]
0040C4D4 |. 83E9 0A
|SUB ECX,0A
0040C4D7 |. 894D F4
|MOV DWORD PTR SS:[LOCAL.3],ECX
0040C4DA |.^ EB C1
\JMP SHORT 0040C49D
0040C4DC |> 0FB695 6BFFFF MOVZX EDX,BYTE PTR SS:[LOCAL.38+3]
0040C4E3 |. 85D2
TEST EDX,EDX
0040C4E5 |. 74 08
JE SHORT 0040C4EF
0040C4E7 |. DD45 1C
FLD QWORD PTR SS:[ARG.6]
0040C4EA |. D9E0
FCHS
0040C4EC |. DD5D 1C
FSTP QWORD PTR SS:[ARG.6]
0040C4EF |> 8B45 14
MOV EAX,DWORD PTR SS:[ARG.4]
0040C4F2 |. 8B48 10
MOV ECX,DWORD PTR DS:[EAX+10]
0040C4F5 |. 898D 54FFFFFF MOV DWORD PTR SS:[LOCAL.43],ECX
0040C4FB |. 83EC 08
SUB ESP,8
0040C4FE |. DD45 1C
FLD QWORD PTR SS:[ARG.6]

; FLOAT 1.0

; Taken if

; FLOAT 100

; FLOAT 0.0
; Taken if

; FLOAT 1.0

; Taken if

; FLOAT 100

0040C501 |. DD1C24
0040C504 |. 8B95 6CFFFFFF
0040C50A |. 52
0040C50B |. 8B85 54FFFFFF
0040C511 |. 50
[LOCAL.43]
0040C512 |. 6A 00
0040C514 |. 8D8D 70FFFFFF
0040C51A |. 51
OFFSET LOCAL.36
0040C51B |. 8B95 48FFFFFF
0040C521 |. 52
ARG.ECX
0040C522 |. E8 79030000
fo.0040C8A0
0040C527 |. 83C4 10
0040C52A |. 50
0040C52B |. 6A 6C
C
0040C52D |. 8D85 78FFFFFF
0040C533 |. 50
OFFSET LOCAL.34
0040C534 |. E8 9C300200
fo.0042F5D5
0040C539 |. 83C4 18
0040C53C |. 50
0040C53D |. 8B4D F4
0040C540 |. 51
[LOCAL.3]
0040C541 |. 8B55 F8
0040C544 |. 52
[LOCAL.2]
0040C545 |. 8B45 FC
0040C548 |. 50
[LOCAL.1]
0040C549 |. 8D8D 78FFFFFF
0040C54F |. 51
OFFSET LOCAL.34
0040C550 |. 0FB655 18
0040C554 |. 52
0040C555 |. 8B45 14
0040C558 |. 50
[ARG.4]
0040C559 |. 8B4D 10
0040C55C |. 51
[ARG.3]
0040C55D |. 8B55 0C
0040C560 |. 52
[ARG.2]
0040C561 |. 8B45 08
0040C564 |. 50
[ARG.1]
0040C565 |. 8B8D 48FFFFFF
0040C56B |. 51
[LOCAL.46]
0040C56C |. E8 0F040000
fo.0040C980
0040C571 |. 83C4 2C
0040C574 |. 8B45 08
0040C577 |. 8B4D EC

FSTP QWORD PTR SS:[LOCAL.51]


MOV EDX,DWORD PTR SS:[LOCAL.37]
PUSH EDX
MOV EAX,DWORD PTR SS:[LOCAL.43]
PUSH EAX

; /Arg4 =>

PUSH 0
LEA ECX,[LOCAL.36]
PUSH ECX

; |Arg3 = 0
; |
; |Arg2 =>

MOV EDX,DWORD PTR SS:[LOCAL.46]


PUSH EDX

; |
; |Arg1 =>

CALL 0040C8A0

; \SystemIn

ADD ESP,10
PUSH EAX
PUSH 6C

; /Format
; |Arg2 = 6

LEA EAX,[LOCAL.34]
PUSH EAX

; |
; |Arg1 =>

CALL 0042F5D5

; \SystemIn

ADD ESP,18
PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.3]
PUSH ECX

; /Arg11
; |
; |Arg10 =>

MOV EDX,DWORD PTR SS:[LOCAL.2]


PUSH EDX

; |
; |Arg9 =>

MOV EAX,DWORD PTR SS:[LOCAL.1]


PUSH EAX

; |
; |Arg8 =>

LEA ECX,[LOCAL.34]
PUSH ECX

; |
; |Arg7 =>

MOVZX EDX,BYTE PTR SS:[ARG.5]


PUSH EDX
MOV EAX,DWORD PTR SS:[ARG.4]
PUSH EAX

;
;
;
;

MOV ECX,DWORD PTR SS:[ARG.3]


PUSH ECX

; |
; |Arg4 =>

MOV EDX,DWORD PTR SS:[ARG.2]


PUSH EDX

; |
; |Arg3 =>

MOV EAX,DWORD PTR SS:[ARG.1]


PUSH EAX

; |
; |Arg2 =>

MOV ECX,DWORD PTR SS:[LOCAL.46]


PUSH ECX

; |
; |Arg1 =>

CALL 0040C980

; \SystemIn

ADD ESP,2C
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ECX,DWORD PTR SS:[LOCAL.5]

|
|Arg6
|
|Arg5 =>

0040C57A
0040C57C
0040C581
0040C583
0040C584
0040C587
0040C588
0040C589
0040C58A
0040C58B
0040C58C
0040C58D
0040C58E
0040C58F
0040C590
0040C591
0040C593
0040C599
0040C59E
0040C5A0
0040C5A3
0040C5A9
0040C5B0
0040C5B3
0040C5B6
0040C5BC
0040C5C3
0040C5C5
0040C5C8
0040C5CB
0040C5D1
0040C5D7
0040C5DD
0040C5DF
0040C5E9
0040C5EB
0040C5F1
0040C5F7
0040C5FA
0040C5FD
0040C603
0040C609
0040C60C
0040C610
0040C612
0040C61C
0040C61E
0040C621
0040C627
0040C62D
0040C633
0040C636
0040C63C
0040C63F
0040C646
0040C64D
0040C650
0040C653
0040C659
0040C65F

|.
|.
|.
|.
\.

/.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|>
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.

33CD
E8 70210200
8BE5
5D
C2 1C00
CC
CC
CC
CC
CC
CC
CC
CC
CC
55
8BEC
81EC C4000000
A1 A0154500
33C5
8945 EC
898D 48FFFFFF
C745 F0 6C000
8B45 14
8B48 14
898D 64FFFFFF
83BD 64FFFFFF
7F 26
8B55 14
8B42 10
8985 60FFFFFF
8B8D 60FFFFFF
81E1 00200000
75 0C
C785 44FFFFFF
EB 18
8B95 5CFFFFFF
8995 44FFFFFF
8B45 14
8B48 14
898D 44FFFFFF
8B95 44FFFFFF
8955 F4
837D F4 24
7E 0C
C785 40FFFFFF
EB 09
8B45 F4
8985 40FFFFFF
8B8D 40FFFFFF
898D 6CFFFFFF
8B55 F4
2B95 6CFFFFFF
8955 F4
C745 FC 00000
C745 F8 00000
8B45 14
8B48 10
898D 58FFFFFF
8B95 58FFFFFF
81E2 00300000

XOR ECX,EBP
CALL 0042E6F1
MOV ESP,EBP
POP EBP
RETN 1C
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
SUB ESP,0C4
MOV EAX,DWORD PTR DS:[4515A0]
XOR EAX,EBP
MOV DWORD PTR SS:[LOCAL.5],EAX
MOV DWORD PTR SS:[LOCAL.46],ECX
MOV DWORD PTR SS:[LOCAL.4],6C
MOV EAX,DWORD PTR SS:[ARG.4]
MOV ECX,DWORD PTR DS:[EAX+14]
MOV DWORD PTR SS:[LOCAL.39],ECX
CMP DWORD PTR SS:[LOCAL.39],0
JG SHORT 0040C5EB
MOV EDX,DWORD PTR SS:[ARG.4]
MOV EAX,DWORD PTR DS:[EDX+10]
MOV DWORD PTR SS:[LOCAL.40],EAX
MOV ECX,DWORD PTR SS:[LOCAL.40]
AND ECX,00002000
JNE SHORT 0040C5EB
MOV DWORD PTR SS:[LOCAL.47],6
JMP SHORT 0040C603
MOV EDX,DWORD PTR SS:[LOCAL.41]
MOV DWORD PTR SS:[LOCAL.47],EDX
MOV EAX,DWORD PTR SS:[ARG.4]
MOV ECX,DWORD PTR DS:[EAX+14]
MOV DWORD PTR SS:[LOCAL.47],ECX
MOV EDX,DWORD PTR SS:[LOCAL.47]
MOV DWORD PTR SS:[LOCAL.3],EDX
CMP DWORD PTR SS:[LOCAL.3],24
JLE SHORT 0040C61E
MOV DWORD PTR SS:[LOCAL.48],24
JMP SHORT 0040C627
MOV EAX,DWORD PTR SS:[LOCAL.3]
MOV DWORD PTR SS:[LOCAL.48],EAX
MOV ECX,DWORD PTR SS:[LOCAL.48]
MOV DWORD PTR SS:[LOCAL.37],ECX
MOV EDX,DWORD PTR SS:[LOCAL.3]
SUB EDX,DWORD PTR SS:[LOCAL.37]
MOV DWORD PTR SS:[LOCAL.3],EDX
MOV DWORD PTR SS:[LOCAL.1],0
MOV DWORD PTR SS:[LOCAL.2],0
MOV EAX,DWORD PTR SS:[ARG.4]
MOV ECX,DWORD PTR DS:[EAX+10]
MOV DWORD PTR SS:[LOCAL.42],ECX
MOV EDX,DWORD PTR SS:[LOCAL.42]
AND EDX,00003000

0040C665 |. 81FA 00200000 CMP EDX,2000


0040C66B |. 0F85 D7000000 JNE 0040C748
0040C671 |. D9EE
FLDZ
0040C673 |. DC5D 1C
FCOMP QWORD PTR SS:[ARG.6]
0040C676 |. DFE0
FSTSW AX
0040C678 |. F6C4 41
TEST AH,41
0040C67B |. 75 0C
JNE SHORT 0040C689
ST<=[EBP+1C] in preceding FCOMP
0040C67D |. C785 3CFFFFFF MOV DWORD PTR SS:[LOCAL.49],1
0040C687 |. EB 0A
JMP SHORT 0040C693
0040C689 |> C785 3CFFFFFF MOV DWORD PTR SS:[LOCAL.49],0
0040C693 |> 8A85 3CFFFFFF MOV AL,BYTE PTR SS:[LOCAL.49]
0040C699 |. 8885 6BFFFFFF MOV BYTE PTR SS:[LOCAL.38+3],AL
0040C69F |. 0FB68D 6BFFFF MOVZX ECX,BYTE PTR SS:[LOCAL.38+3]
0040C6A6 |. 85C9
TEST ECX,ECX
0040C6A8 |. 74 08
JE SHORT 0040C6B2
0040C6AA |. DD45 1C
FLD QWORD PTR SS:[ARG.6]
0040C6AD |. D9E0
FCHS
0040C6AF |. DD5D 1C
FSTP QWORD PTR SS:[ARG.6]
0040C6B2 |> EB 09
JMP SHORT 0040C6BD
0040C6B4 |> 8B55 FC
/MOV EDX,DWORD PTR SS:[LOCAL.1]
0040C6B7 |. 83C2 0A
|ADD EDX,0A
0040C6BA |. 8955 FC
|MOV DWORD PTR SS:[LOCAL.1],EDX
0040C6BD |> DD45 1C
|FLD QWORD PTR SS:[ARG.6]
0040C6C0 |. DC1D E0884400 |FCOMP QWORD PTR DS:[4488E0]
00000000000000e+35
0040C6C6 |. DFE0
|FSTSW AX
0040C6C8 |. F6C4 01
|TEST AH,01
0040C6CB |. 75 17
|JNE SHORT 0040C6E4
ST<[4488E0] in preceding FCOMP
0040C6CD |. 817D FC 88130 |CMP DWORD PTR SS:[LOCAL.1],1388
0040C6D4 |. 73 0E
|JNB SHORT 0040C6E4
0040C6D6 |. DD45 1C
|FLD QWORD PTR SS:[ARG.6]
0040C6D9 |. DC35 D8884400 |FDIV QWORD PTR DS:[4488D8]
00000000.00000
0040C6DF |. DD5D 1C
|FSTP QWORD PTR SS:[ARG.6]
0040C6E2 |.^ EB D0
\JMP SHORT 0040C6B4
0040C6E4 |> DD45 1C
FLD QWORD PTR SS:[ARG.6]
0040C6E7 |. DC1D E8884400 FCOMP QWORD PTR DS:[4488E8]
0040C6ED |. DFE0
FSTSW AX
0040C6EF |. F6C4 41
TEST AH,41
0040C6F2 |. 75 41
JNE SHORT 0040C735
ST<=[4488E8] in preceding FCOMP
0040C6F4 |. EB 09
JMP SHORT 0040C6FF
0040C6F6 |> 8B45 F8
/MOV EAX,DWORD PTR SS:[LOCAL.2]
0040C6F9 |. 83C0 0A
|ADD EAX,0A
0040C6FC |. 8945 F8
|MOV DWORD PTR SS:[LOCAL.2],EAX
0040C6FF |> 837D F4 0A
|CMP DWORD PTR SS:[LOCAL.3],0A
0040C703 |. 7C 30
|JL SHORT 0040C735
0040C705 |. DD05 D0884400 |FLD QWORD PTR DS:[4488D0]
00000000000000e-35
0040C70B |. DC5D 1C
|FCOMP QWORD PTR SS:[ARG.6]
0040C70E |. DFE0
|FSTSW AX
0040C710 |. F6C4 01
|TEST AH,01
0040C713 |. 75 20
|JNE SHORT 0040C735
ST<[EBP+1C] in preceding FCOMP
0040C715 |. 817D F8 88130 |CMP DWORD PTR SS:[LOCAL.2],1388
0040C71C |. 73 17
|JNB SHORT 0040C735
0040C71E |. DD45 1C
|FLD QWORD PTR SS:[ARG.6]
0040C721 |. DC0D D8884400 |FMUL QWORD PTR DS:[4488D8]

; Taken if

; FLOAT 1.0

; Taken if

; FLOAT 100

; FLOAT 0.0
; Taken if

; FLOAT 1.0

; Taken if

; FLOAT 100

00000000.00000
0040C727 |. DD5D 1C
0040C72A |. 8B4D F4
0040C72D |. 83E9 0A
0040C730 |. 894D F4
0040C733 |.^ EB C1
0040C735 |> 0FB695 6BFFFF
0040C73C |. 85D2
0040C73E |. 74 08
0040C740 |. DD45 1C
0040C743 |. D9E0
0040C745 |. DD5D 1C
0040C748 |> 8B45 14
0040C74B |. 8B48 10
0040C74E |. 898D 54FFFFFF
0040C754 |. 83EC 08
0040C757 |. DD45 1C
0040C75A |. DD1C24
0040C75D |. 8B95 6CFFFFFF
0040C763 |. 52
0040C764 |. 8B85 54FFFFFF
0040C76A |. 50
[LOCAL.43]
0040C76B |. 6A 4C
C
0040C76D |. 8D8D 70FFFFFF
0040C773 |. 51
OFFSET LOCAL.36
0040C774 |. 8B95 48FFFFFF
0040C77A |. 52
ARG.ECX
0040C77B |. E8 20010000
fo.0040C8A0
0040C780 |. 83C4 10
0040C783 |. 50
0040C784 |. 6A 6C
C
0040C786 |. 8D85 78FFFFFF
0040C78C |. 50
OFFSET LOCAL.34
0040C78D |. E8 432E0200
fo.0042F5D5
0040C792 |. 83C4 18
0040C795 |. 50
0040C796 |. 8B4D F4
0040C799 |. 51
[LOCAL.3]
0040C79A |. 8B55 F8
0040C79D |. 52
[LOCAL.2]
0040C79E |. 8B45 FC
0040C7A1 |. 50
[LOCAL.1]
0040C7A2 |. 8D8D 78FFFFFF
0040C7A8 |. 51
OFFSET LOCAL.34
0040C7A9 |. 0FB655 18
0040C7AD |. 52
0040C7AE |. 8B45 14
0040C7B1 |. 50

|FSTP QWORD PTR SS:[ARG.6]


|MOV ECX,DWORD PTR SS:[LOCAL.3]
|SUB ECX,0A
|MOV DWORD PTR SS:[LOCAL.3],ECX
\JMP SHORT 0040C6F6
MOVZX EDX,BYTE PTR SS:[LOCAL.38+3]
TEST EDX,EDX
JE SHORT 0040C748
FLD QWORD PTR SS:[ARG.6]
FCHS
FSTP QWORD PTR SS:[ARG.6]
MOV EAX,DWORD PTR SS:[ARG.4]
MOV ECX,DWORD PTR DS:[EAX+10]
MOV DWORD PTR SS:[LOCAL.43],ECX
SUB ESP,8
FLD QWORD PTR SS:[ARG.6]
FSTP QWORD PTR SS:[LOCAL.51]
MOV EDX,DWORD PTR SS:[LOCAL.37]
PUSH EDX
MOV EAX,DWORD PTR SS:[LOCAL.43]
PUSH EAX

; /Arg4 =>

PUSH 4C

; |Arg3 = 4

LEA ECX,[LOCAL.36]
PUSH ECX

; |
; |Arg2 =>

MOV EDX,DWORD PTR SS:[LOCAL.46]


PUSH EDX

; |
; |Arg1 =>

CALL 0040C8A0

; \SystemIn

ADD ESP,10
PUSH EAX
PUSH 6C

; /Format
; |Arg2 = 6

LEA EAX,[LOCAL.34]
PUSH EAX

; |
; |Arg1 =>

CALL 0042F5D5

; \SystemIn

ADD ESP,18
PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.3]
PUSH ECX

; /Arg11
; |
; |Arg10 =>

MOV EDX,DWORD PTR SS:[LOCAL.2]


PUSH EDX

; |
; |Arg9 =>

MOV EAX,DWORD PTR SS:[LOCAL.1]


PUSH EAX

; |
; |Arg8 =>

LEA ECX,[LOCAL.34]
PUSH ECX

; |
; |Arg7 =>

MOVZX EDX,BYTE PTR SS:[ARG.5]


PUSH EDX
MOV EAX,DWORD PTR SS:[ARG.4]
PUSH EAX

;
;
;
;

|
|Arg6
|
|Arg5 =>

[ARG.4]
0040C7B2 |. 8B4D 10
0040C7B5 |. 51
[ARG.3]
0040C7B6 |. 8B55 0C
0040C7B9 |. 52
[ARG.2]
0040C7BA |. 8B45 08
0040C7BD |. 50
[ARG.1]
0040C7BE |. 8B8D 48FFFFFF
0040C7C4 |. 51
[LOCAL.46]
0040C7C5 |. E8 B6010000
fo.0040C980
0040C7CA |. 83C4 2C
0040C7CD |. 8B45 08
0040C7D0 |. 8B4D EC
0040C7D3 |. 33CD
0040C7D5 |. E8 171F0200
0040C7DA |. 8BE5
0040C7DC |. 5D
0040C7DD \. C2 1C00
0040C7E0 /. 55
0040C7E1 |. 8BEC
0040C7E3 |. 81EC A8000000
0040C7E9 |. A1 A0154500
0040C7EE |. 33C5
0040C7F0 |. 8945 F8
0040C7F3 |. 898D 58FFFFFF
0040C7F9 |. C745 FC 40000
0040C800 |. 8B45 1C
0040C803 |. 50
0040C804 |. 68 F8884400
"%p"
0040C809 |. 6A 40
0
0040C80B |. 8D4D B8
0040C80E |. 51
OFFSET LOCAL.18
0040C80F |. E8 C12D0200
fo.0042F5D5
0040C814 |. 83C4 10
0040C817 |. 50
0040C818 |. 8D55 B8
0040C81B |. 52
OFFSET LOCAL.18
0040C81C |. 0FB645 18
0040C820 |. 50
0040C821 |. 8B4D 14
0040C824 |. 51
[ARG.4]
0040C825 |. 8B55 10
0040C828 |. 52
[ARG.3]
0040C829 |. 8B45 0C
0040C82C |. 50
[ARG.2]
0040C82D |. 8B4D 08
0040C830 |. 51

MOV ECX,DWORD PTR SS:[ARG.3]


PUSH ECX

; |
; |Arg4 =>

MOV EDX,DWORD PTR SS:[ARG.2]


PUSH EDX

; |
; |Arg3 =>

MOV EAX,DWORD PTR SS:[ARG.1]


PUSH EAX

; |
; |Arg2 =>

MOV ECX,DWORD PTR SS:[LOCAL.46]


PUSH ECX

; |
; |Arg1 =>

CALL 0040C980

; \SystemIn

ADD ESP,2C
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ECX,DWORD PTR SS:[LOCAL.5]
XOR ECX,EBP
CALL 0042E6F1
MOV ESP,EBP
POP EBP
RETN 1C
PUSH EBP
MOV EBP,ESP
SUB ESP,0A8
MOV EAX,DWORD PTR DS:[4515A0]
XOR EAX,EBP
MOV DWORD PTR SS:[LOCAL.2],EAX
MOV DWORD PTR SS:[LOCAL.42],ECX
MOV DWORD PTR SS:[LOCAL.1],40
MOV EAX,DWORD PTR SS:[ARG.6]
PUSH EAX
PUSH OFFSET 004488F8

; /Format =

PUSH 40

; |Arg2 = 4

LEA ECX,[LOCAL.18]
PUSH ECX

; |
; |Arg1 =>

CALL 0042F5D5

; \SystemIn

ADD ESP,10
PUSH EAX
LEA EDX,[LOCAL.18]
PUSH EDX

; /Arg8
; |
; |Arg7 =>

MOVZX EAX,BYTE PTR SS:[ARG.5]


PUSH EAX
MOV ECX,DWORD PTR SS:[ARG.4]
PUSH ECX

;
;
;
;

MOV EDX,DWORD PTR SS:[ARG.3]


PUSH EDX

; |
; |Arg4 =>

MOV EAX,DWORD PTR SS:[ARG.2]


PUSH EAX

; |
; |Arg3 =>

MOV ECX,DWORD PTR SS:[ARG.1]


PUSH ECX

; |
; |Arg2 =>

|
|Arg6
|
|Arg5 =>

[ARG.1]
0040C831 |. 8B95 58FFFFFF MOV EDX,DWORD PTR SS:[LOCAL.42]
0040C837 |. 52
PUSH EDX
ARG.ECX
0040C838 |. E8 930B0000 CALL 0040D3D0
fo.0040D3D0
0040C83D |. 83C4 20
ADD ESP,20
0040C840 |. 8B45 08
MOV EAX,DWORD PTR SS:[ARG.1]
0040C843 |. 8B4D F8
MOV ECX,DWORD PTR SS:[LOCAL.2]
0040C846 |. 33CD
XOR ECX,EBP
0040C848 |. E8 A41E0200 CALL 0042E6F1
0040C84D |. 8BE5
MOV ESP,EBP
0040C84F |. 5D
POP EBP
0040C850 \. C2 1800
RETN 18
0040C853
CC
INT3
0040C854
CC
INT3
0040C855
CC
INT3
0040C856
CC
INT3
0040C857
CC
INT3
0040C858
CC
INT3
0040C859
CC
INT3
0040C85A
CC
INT3
0040C85B
CC
INT3
0040C85C
CC
INT3
0040C85D
CC
INT3
0040C85E
CC
INT3
0040C85F
CC
INT3
0040C860 /. 55
PUSH EBP
0040C861 |. 8BEC
MOV EBP,ESP
0040C863 |. 51
PUSH ECX
0040C864 |. 894D FC
MOV DWORD PTR SS:[LOCAL.1],ECX
0040C867 |. 8B45 FC
MOV EAX,DWORD PTR SS:[LOCAL.1]
0040C86A |. C700 94884400 MOV DWORD PTR DS:[EAX],OFFSET 00448894
0040C870 |. 8B4D FC
MOV ECX,DWORD PTR SS:[LOCAL.1]
0040C873 |. C701 BC884400 MOV DWORD PTR DS:[ECX],OFFSET 004488BC
0040C879 |. 8B55 08
MOV EDX,DWORD PTR SS:[ARG.1]
0040C87C |. 83E2 01
AND EDX,00000001
0040C87F |. 74 0C
JE SHORT 0040C88D
0040C881 |. 8B45 FC
MOV EAX,DWORD PTR SS:[LOCAL.1]
0040C884 |. 50
PUSH EAX
0040C885 |. E8 90200200 CALL 0042E91A
0040C88A |. 83C4 04
ADD ESP,4
0040C88D |> 8B45 FC
MOV EAX,DWORD PTR SS:[LOCAL.1]
0040C890 |. 8BE5
MOV ESP,EBP
0040C892 |. 5D
POP EBP
0040C893 \. C2 0400
RETN 4
0040C896
CC
INT3
0040C897
CC
INT3
0040C898
CC
INT3
0040C899
CC
INT3
0040C89A
CC
INT3
0040C89B
CC
INT3
0040C89C
CC
INT3
0040C89D
CC
INT3
0040C89E
CC
INT3
0040C89F
CC
INT3
0040C8A0 /$ 55
PUSH EBP
o.0040C8A0(guessed Arg1,Arg2,Arg3,Arg4)
0040C8A1 |. 8BEC
MOV EBP,ESP
0040C8A3 |. 83EC 0C
SUB ESP,0C

; |
; |Arg1 =>
; \SystemIn

; SystemInf

0040C8A6
0040C8A9
0040C8AC
0040C8AF
0040C8B2
0040C8B5
0040C8B8
0040C8BB
0040C8BE
0040C8C1
0040C8C3
0040C8C6
0040C8C9
0040C8CC
0040C8CF
0040C8D2
0040C8D5
0040C8D8
0040C8DA
0040C8DD
0040C8E0
0040C8E3
0040C8E6
0040C8E9
0040C8EC
0040C8EF
0040C8F2
0040C8F5
0040C8F8
0040C8FB
0040C8FE
0040C901
0040C904
0040C907
0040C90B
0040C90D
0040C90F
0040C912
0040C915
0040C917
0040C91A
0040C91D
0040C920
0040C923
0040C929
0040C92C
0040C933
0040C935
0040C939
0040C93B
0040C942
0040C944
0040C948
0040C94A
0040C951
0040C954
0040C958
0040C95B
0040C95E
0040C961

|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|>
|.
|.
|.
|>
|.
|>

8B45 0C
8945 FC
8B4D FC
C601 25
8B55 FC
83C2 01
8955 FC
8B45 14
83E0 20
74 0F
8B4D FC
C601 2B
8B55 FC
83C2 01
8955 FC
8B45 14
83E0 10
74 0F
8B4D FC
C601 23
8B55 FC
83C2 01
8955 FC
8B45 FC
C600 2E
8B4D FC
83C1 01
894D FC
8B55 FC
C602 2A
8B45 FC
83C0 01
8945 FC
0FBE4D 10
85C9
74 11
8B55 FC
8A45 10
8802
8B4D FC
83C1 01
894D FC
8B55 14
81E2 00300000
8955 F8
817D F8 00200
75 06
C645 F7 66
EB 26
817D F8 00300
75 06
C645 F6 61
EB 11
817D F8 00100
0F95C0
8D4400 65
8845 F6
8A4D F6
884D F7
8B55 FC

MOV EAX,DWORD PTR SS:[ARG.2]


MOV DWORD PTR SS:[LOCAL.1],EAX
MOV ECX,DWORD PTR SS:[LOCAL.1]
MOV BYTE PTR DS:[ECX],25
MOV EDX,DWORD PTR SS:[LOCAL.1]
ADD EDX,1
MOV DWORD PTR SS:[LOCAL.1],EDX
MOV EAX,DWORD PTR SS:[ARG.4]
AND EAX,00000020
JE SHORT 0040C8D2
MOV ECX,DWORD PTR SS:[LOCAL.1]
MOV BYTE PTR DS:[ECX],2B
MOV EDX,DWORD PTR SS:[LOCAL.1]
ADD EDX,1
MOV DWORD PTR SS:[LOCAL.1],EDX
MOV EAX,DWORD PTR SS:[ARG.4]
AND EAX,00000010
JE SHORT 0040C8E9
MOV ECX,DWORD PTR SS:[LOCAL.1]
MOV BYTE PTR DS:[ECX],23
MOV EDX,DWORD PTR SS:[LOCAL.1]
ADD EDX,1
MOV DWORD PTR SS:[LOCAL.1],EDX
MOV EAX,DWORD PTR SS:[LOCAL.1]
MOV BYTE PTR DS:[EAX],2E
MOV ECX,DWORD PTR SS:[LOCAL.1]
ADD ECX,1
MOV DWORD PTR SS:[LOCAL.1],ECX
MOV EDX,DWORD PTR SS:[LOCAL.1]
MOV BYTE PTR DS:[EDX],2A
MOV EAX,DWORD PTR SS:[LOCAL.1]
ADD EAX,1
MOV DWORD PTR SS:[LOCAL.1],EAX
MOVSX ECX,BYTE PTR SS:[ARG.3]
TEST ECX,ECX
JE SHORT 0040C920
MOV EDX,DWORD PTR SS:[LOCAL.1]
MOV AL,BYTE PTR SS:[ARG.3]
MOV BYTE PTR DS:[EDX],AL
MOV ECX,DWORD PTR SS:[LOCAL.1]
ADD ECX,1
MOV DWORD PTR SS:[LOCAL.1],ECX
MOV EDX,DWORD PTR SS:[ARG.4]
AND EDX,00003000
MOV DWORD PTR SS:[LOCAL.2],EDX
CMP DWORD PTR SS:[LOCAL.2],2000
JNE SHORT 0040C93B
MOV BYTE PTR SS:[LOCAL.3+3],66
JMP SHORT 0040C961
CMP DWORD PTR SS:[LOCAL.2],3000
JNE SHORT 0040C94A
MOV BYTE PTR SS:[LOCAL.3+2],61
JMP SHORT 0040C95B
CMP DWORD PTR SS:[LOCAL.2],1000
SETNE AL
LEA EAX,[EAX+EAX+65]
MOV BYTE PTR SS:[LOCAL.3+2],AL
MOV CL,BYTE PTR SS:[LOCAL.3+2]
MOV BYTE PTR SS:[LOCAL.3+3],CL
MOV EDX,DWORD PTR SS:[LOCAL.1]

0040C964 |. 8A45 F7
MOV AL,BYTE PTR SS:[LOCAL.3+3]
0040C967 |. 8802
MOV BYTE PTR DS:[EDX],AL
0040C969 |. 8B4D FC
MOV ECX,DWORD PTR SS:[LOCAL.1]
0040C96C |. 83C1 01
ADD ECX,1
0040C96F |. 894D FC
MOV DWORD PTR SS:[LOCAL.1],ECX
0040C972 |. 8B55 FC
MOV EDX,DWORD PTR SS:[LOCAL.1]
0040C975 |. C602 00
MOV BYTE PTR DS:[EDX],0
0040C978 |. 8B45 0C
MOV EAX,DWORD PTR SS:[ARG.2]
0040C97B |. 8BE5
MOV ESP,EBP
0040C97D |. 5D
POP EBP
0040C97E \. C3
RETN
0040C97F
CC
INT3
0040C980 /$ 55
PUSH EBP
; SystemInf
o.0040C980(guessed Arg1,Arg2,Arg3,Arg4,Arg5,Arg6,Arg7,Arg8,Arg9,Arg10,Arg11)
0040C981 |. 8BEC
MOV EBP,ESP
0040C983 |. 6A FF
PUSH -1
0040C985 |. 68 D8574400 PUSH 004457D8
0040C98A |. 64:A1 0000000 MOV EAX,DWORD PTR FS:[0]
0040C990 |. 50
PUSH EAX
0040C991 |. 81EC 30020000 SUB ESP,230
0040C997 |. A1 A0154500 MOV EAX,DWORD PTR DS:[4515A0]
0040C99C |. 33C5
XOR EAX,EBP
0040C99E |. 8945 CC
MOV DWORD PTR SS:[LOCAL.13],EAX
0040C9A1 |. 50
PUSH EAX
0040C9A2 |. 8D45 F4
LEA EAX,[LOCAL.3]
0040C9A5 |. 64:A3 0000000 MOV DWORD PTR FS:[0],EAX
0040C9AB |. 8D45 80
LEA EAX,[LOCAL.32]
0040C9AE |. 50
PUSH EAX
; /Arg1 =>
OFFSET LOCAL.32
0040C9AF |. 8B4D 18
MOV ECX,DWORD PTR SS:[ARG.5]
; |
0040C9B2 |. E8 89C4FFFF CALL 00408E40
; \SystemIn
fo.00408E40
0040C9B7 |. 8985 E8FDFFFF MOV DWORD PTR SS:[LOCAL.134],EAX
0040C9BD |. 8B8D E8FDFFFF MOV ECX,DWORD PTR SS:[LOCAL.134]
0040C9C3 |. 898D E4FDFFFF MOV DWORD PTR SS:[LOCAL.135],ECX
0040C9C9 |. C745 FC 00000 MOV DWORD PTR SS:[LOCAL.1],0
0040C9D0 |. 8B95 E4FDFFFF MOV EDX,DWORD PTR SS:[LOCAL.135]
0040C9D6 |. 52
PUSH EDX
; /Arg1 =>
[LOCAL.134]
0040C9D7 |. E8 64130000 CALL 0040DD40
; \SystemIn
fo.0040DD40
0040C9DC |. 83C4 04
ADD ESP,4
0040C9DF |. 8945 EC
MOV DWORD PTR SS:[LOCAL.5],EAX
0040C9E2 |. C745 FC FFFFF MOV DWORD PTR SS:[LOCAL.1],-1
0040C9E9 |. 8D4D 80
LEA ECX,[LOCAL.32]
0040C9EC |. E8 EF9CFFFF CALL 004066E0
0040C9F1 |. 8D45 B0
LEA EAX,[LOCAL.20]
0040C9F4 |. 50
PUSH EAX
; /Arg1 =>
OFFSET LOCAL.20
0040C9F5 |. 8B4D EC
MOV ECX,DWORD PTR SS:[LOCAL.5]
; |
0040C9F8 |. E8 03130000 CALL 0040DD00
; \SystemIn
fo.0040DD00
0040C9FD |. C745 FC 01000 MOV DWORD PTR SS:[LOCAL.1],1
0040CA04 |. 8B4D EC
MOV ECX,DWORD PTR SS:[LOCAL.5]
0040CA07 |. 8B11
MOV EDX,DWORD PTR DS:[ECX]
0040CA09 |. 8B4D EC
MOV ECX,DWORD PTR SS:[LOCAL.5]
0040CA0C |. 8B42 08
MOV EAX,DWORD PTR DS:[EDX+8]
0040CA0F |. FFD0
CALL EAX
0040CA11 |. 8845 DB
MOV BYTE PTR SS:[LOCAL.10+3],AL
0040CA14 |. 8D8D EBFEFFFF LEA ECX,[LOCAL.70+3]

0040CA1A |.
0040CA20 |.
0040CA22 |.
0040CA24 |.
0040CA27 |.
fo.0040FB60
0040CA2C |.
0040CA30 |.
0040CA34 |.
0040CA37 |.
0040CA3A |.
0040CA3D |.
0040CA3F |.
0040CA42 |.
0040CA45 |.
0040CA48 |.
0040CA4A |.
0040CA54 |.
0040CA56 |>
0040CA60 |>
0040CA66 |.
0040CA69 |.
0040CA6E |.
0040CA70 |.
0040CA72 |.
0040CA75 |.
0040CA79 |.
0040CA7D |.
0040CA80 |.
[ARG.11]
0040CA81 |.
5
0040CA83 |.
0040CA86 |.
[ARG.7]
0040CA87 |.
fo.0042F6D0
0040CA8C |.
0040CA8F |.
0040CA92 |.
0040CA95 |.
[ARG.11]
0040CA96 |.
0040CA9A |.
0040CA9B |.
0040CA9E |.
[ARG.7]
0040CA9F |.
fo.0042F6D0
0040CAA4 |.
0040CAA7 |.
0040CAAA |.
0040CAAE |.
0040CAB0 |.
0040CAB7 |>
0040CABB |.
0040CABD |.
0040CAC0 |.
0040CAC6 |.
0040CAC8 |>

898D ECFEFFFF
6A 00
6A 00
8D4D 94
E8 34310000

MOV DWORD PTR SS:[LOCAL.69],ECX


PUSH 0
PUSH 0
LEA ECX,[LOCAL.27]
CALL 0040FB60

;
;
;
;

C645 FC 02
C645 EB 30
8B55 20
0FBE02
83F8 2B
74 17
8B4D 20
0FBE11
83FA 2D
74 0C
C785 E0FDFFFF
EB 0A
C785 E0FDFFFF
8B85 E0FDFFFF
8945 DC
E8 0F2D0200
8B08
8A11
8855 E4
C645 E5 65
C645 E6 00
8B45 30
50

MOV BYTE PTR SS:[LOCAL.1],2


MOV BYTE PTR SS:[LOCAL.6+3],30
MOV EDX,DWORD PTR SS:[ARG.7]
MOVSX EAX,BYTE PTR DS:[EDX]
CMP EAX,2B
JE SHORT 0040CA56
MOV ECX,DWORD PTR SS:[ARG.7]
MOVSX EDX,BYTE PTR DS:[ECX]
CMP EDX,2D
JE SHORT 0040CA56
MOV DWORD PTR SS:[LOCAL.136],0
JMP SHORT 0040CA60
MOV DWORD PTR SS:[LOCAL.136],1
MOV EAX,DWORD PTR SS:[LOCAL.136]
MOV DWORD PTR SS:[LOCAL.9],EAX
CALL 0042F77D
MOV ECX,DWORD PTR DS:[EAX]
MOV DL,BYTE PTR DS:[ECX]
MOV BYTE PTR SS:[LOCAL.7],DL
MOV BYTE PTR SS:[LOCAL.7+1],65
MOV BYTE PTR SS:[LOCAL.7+2],0
MOV EAX,DWORD PTR SS:[ARG.11]
PUSH EAX

; /Arg3 =>

6A 65

PUSH 65

; |Arg2 = 6

8B4D 20
51

MOV ECX,DWORD PTR SS:[ARG.7]


PUSH ECX

; |
; |Arg1 =>

E8 442C0200

CALL 0042F6D0

; \SystemIn

83C4 0C
8945 D0
8B55 30
52

ADD ESP,0C
MOV DWORD PTR SS:[LOCAL.12],EAX
MOV EDX,DWORD PTR SS:[ARG.11]
PUSH EDX

; /Arg3 =>

0FBE45 E4
50
8B4D 20
51

MOVSX EAX,BYTE PTR SS:[LOCAL.7]


PUSH EAX
MOV ECX,DWORD PTR SS:[ARG.7]
PUSH ECX

;
;
;
;

E8 2C2C0200

CALL 0042F6D0

; \SystemIn

83C4 0C
8945 E0
837D E0 00
75 07
C745 2C 00000
837D C8 10
72 0B
8B55 B4
8995 DCFDFFFF
EB 09
8D45 B4

ADD ESP,0C
MOV DWORD PTR SS:[LOCAL.8],EAX
CMP DWORD PTR SS:[LOCAL.8],0
JNE SHORT 0040CAB7
MOV DWORD PTR SS:[ARG.10],0
CMP DWORD PTR SS:[LOCAL.14],10
JB SHORT 0040CAC8
MOV EDX,DWORD PTR SS:[LOCAL.19]
MOV DWORD PTR SS:[LOCAL.137],EDX
JMP SHORT 0040CAD1
LEA EAX,[LOCAL.19]

/Arg2 = 0
|Arg1 = 0
|
\SystemIn

|
|Arg2
|
|Arg1 =>

0040CACB |.
0040CAD1 |>
0040CAD7 |.
0040CADA |.
0040CADD |.
0040CAE3 |.
0040CAE7 |.
0040CAE9 |.
0040CAEC |.
0040CAF2 |.
0040CAF4 |>
0040CAF7 |.
0040CAFD |>
0040CB03 |.
0040CB06 |.
0040CB08 |.
0040CB0E |.
0040CB11 |.
[ARG.11]
0040CB12 |.
0040CB15 |.
[ARG.7]
0040CB16 |.
0040CB19 |.
fo.0040EE40
0040CB1E |.
0040CB22 |.
0040CB24 |.
0
0040CB26 |.
0040CB29 |.
[ARG.10]
0040CB2A |.
0040CB2D |.
fo.0040EF80
0040CB32 |.
0040CB34 |>
0040CB38 |.
0040CB3A |.
0
0040CB3C |.
0040CB3F |.
[ARG.8]
0040CB40 |.
0040CB43 |.
fo.0040EF80
0040CB48 |.
0040CB4F |>
0
0040CB51 |.
0040CB54 |.
[ARG.10]
0040CB55 |.
0040CB58 |.
0040CB5B |.
0040CB5C |.
0040CB5F |.
fo.0040F2C0
0040CB64 |>
0040CB6B |.

8985 DCFDFFFF
8B8D DCFDFFFF
0FBE11
83FA 7F
0F84 D3010000
837D C8 10
72 0B
8B45 B4
8985 D8FDFFFF
EB 09
8D4D B4
898D D8FDFFFF
8B95 D8FDFFFF
0FBE02
85C0
0F8E A8010000
8B4D 30
51

MOV DWORD PTR SS:[LOCAL.137],EAX


MOV ECX,DWORD PTR SS:[LOCAL.137]
MOVSX EDX,BYTE PTR DS:[ECX]
CMP EDX,7F
JE 0040CCB6
CMP DWORD PTR SS:[LOCAL.14],10
JB SHORT 0040CAF4
MOV EAX,DWORD PTR SS:[LOCAL.19]
MOV DWORD PTR SS:[LOCAL.138],EAX
JMP SHORT 0040CAFD
LEA ECX,[LOCAL.19]
MOV DWORD PTR SS:[LOCAL.138],ECX
MOV EDX,DWORD PTR SS:[LOCAL.138]
MOVSX EAX,BYTE PTR DS:[EDX]
TEST EAX,EAX
JLE 0040CCB6
MOV ECX,DWORD PTR SS:[ARG.11]
PUSH ECX

; /Arg2 =>

8B55 20
52

MOV EDX,DWORD PTR SS:[ARG.7]


PUSH EDX

; |
; |Arg1 =>

8D4D 94
E8 22230000

LEA ECX,[LOCAL.27]
CALL 0040EE40

; |
; \SystemIn

837D D0 00
75 10
6A 30

CMP DWORD PTR SS:[LOCAL.12],0


JNE SHORT 0040CB34
PUSH 30

; /Arg2 = 3

8B45 2C
50

MOV EAX,DWORD PTR SS:[ARG.10]


PUSH EAX

; |
; |Arg1 =>

8D4D 94
E8 4E240000

LEA ECX,[LOCAL.27]
CALL 0040EF80

; |
; \SystemIn

EB 30
837D E0 00
75 15
6A 30

JMP SHORT 0040CB64


CMP DWORD PTR SS:[LOCAL.8],0
JNE SHORT 0040CB4F
PUSH 30

; /Arg2 = 3

8B4D 24
51

MOV ECX,DWORD PTR SS:[ARG.8]


PUSH ECX

; |
; |Arg1 =>

8D4D 94
E8 38240000

LEA ECX,[LOCAL.27]
CALL 0040EF80

; |
; \SystemIn

C745 24 00000 MOV DWORD PTR SS:[ARG.8],0


6A 30
PUSH 30

; /Arg3 = 3

8B55 2C
52

MOV EDX,DWORD PTR SS:[ARG.10]


PUSH EDX

; |
; |Arg2 =>

8B45 D0
2B45 20
50
8D4D 94
E8 5C270000

MOV EAX,DWORD PTR SS:[LOCAL.12]


SUB EAX,DWORD PTR SS:[ARG.7]
PUSH EAX
LEA ECX,[LOCAL.27]
CALL 0040F2C0

;
;
;
;
;

C745 2C 00000 MOV DWORD PTR SS:[ARG.10],0


837D E0 00
CMP DWORD PTR SS:[LOCAL.8],0

|
|
|Arg1
|
\SystemIn

0040CB6F |. 75 10
0040CB71 |. 6A 30
0
0040CB73 |. 8B4D 24
0040CB76 |. 51
[ARG.8]
0040CB77 |. 8D4D 94
0040CB7A |. E8 01240000
fo.0040EF80
0040CB7F |. EB 34
0040CB81 |> 6A 30
0
0040CB83 |. 8B55 28
0040CB86 |. 52
[ARG.9]
0040CB87 |. 8B45 E0
0040CB8A |. 2B45 20
0040CB8D |. 83C0 01
0040CB90 |. 50
0040CB91 |. 8D4D 94
0040CB94 |. E8 27270000
fo.0040F2C0
0040CB99 |. 6A 30
0
0040CB9B |. 8B4D 24
0040CB9E |. 51
[ARG.8]
0040CB9F |. 8B55 E0
0040CBA2 |. 2B55 20
0040CBA5 |. 52
0040CBA6 |. 8D4D 94
0040CBA9 |. E8 12270000
fo.0040F2C0
0040CBAE |. C745 28 00000
0040CBB5 |> C745 24 00000
0040CBBC |. 837D C8 10
0040CBC0 |. 72 0B
0040CBC2 |. 8B45 B4
0040CBC5 |. 8985 D4FDFFFF
0040CBCB |. EB 09
0040CBCD |> 8D4D B4
0040CBD0 |. 898D D4FDFFFF
0040CBD6 |> 8B95 D4FDFFFF
0040CBDC |. 8955 90
0040CBDF |. 837D A8 00
0040CBE3 |. 73 05
0040CBE5 |. E8 9E1C0200
0040CBEA |> 33C0
0040CBEC |.^ 75 FC
0040CBEE |. 837D AC 10
0040CBF2 |. 72 0B
0040CBF4 |. 8B4D 98
0040CBF7 |. 898D D0FDFFFF
0040CBFD |. EB 09
0040CBFF |> 8D55 98
0040CC02 |. 8995 D0FDFFFF
0040CC08 |> 8D45 E4
0040CC0B |. 50
OFFSET LOCAL.7
0040CC0C |. 8B8D D0FDFFFF

JNE SHORT 0040CB81


PUSH 30

; /Arg2 = 3

MOV ECX,DWORD PTR SS:[ARG.8]


PUSH ECX

; |
; |Arg1 =>

LEA ECX,[LOCAL.27]
CALL 0040EF80

; |
; \SystemIn

JMP SHORT 0040CBB5


PUSH 30

; /Arg3 = 3

MOV EDX,DWORD PTR SS:[ARG.9]


PUSH EDX

; |
; |Arg2 =>

MOV EAX,DWORD PTR SS:[LOCAL.8]


SUB EAX,DWORD PTR SS:[ARG.7]
ADD EAX,1
PUSH EAX
LEA ECX,[LOCAL.27]
CALL 0040F2C0

;
;
;
;
;
;

PUSH 30

; /Arg3 = 3

MOV ECX,DWORD PTR SS:[ARG.8]


PUSH ECX

; |
; |Arg2 =>

MOV EDX,DWORD PTR SS:[LOCAL.8]


SUB EDX,DWORD PTR SS:[ARG.7]
PUSH EDX
LEA ECX,[LOCAL.27]
CALL 0040F2C0

;
;
;
;
;

MOV DWORD PTR SS:[ARG.9],0


MOV DWORD PTR SS:[ARG.8],0
CMP DWORD PTR SS:[LOCAL.14],10
JB SHORT 0040CBCD
MOV EAX,DWORD PTR SS:[LOCAL.19]
MOV DWORD PTR SS:[LOCAL.139],EAX
JMP SHORT 0040CBD6
LEA ECX,[LOCAL.19]
MOV DWORD PTR SS:[LOCAL.139],ECX
MOV EDX,DWORD PTR SS:[LOCAL.139]
MOV DWORD PTR SS:[LOCAL.28],EDX
CMP DWORD PTR SS:[LOCAL.22],0
JNB SHORT 0040CBEA
CALL 0042E888
/XOR EAX,EAX
\JNE SHORT 0040CBEA
CMP DWORD PTR SS:[LOCAL.21],10
JB SHORT 0040CBFF
MOV ECX,DWORD PTR SS:[LOCAL.26]
MOV DWORD PTR SS:[LOCAL.140],ECX
JMP SHORT 0040CC08
LEA EDX,[LOCAL.26]
MOV DWORD PTR SS:[LOCAL.140],EDX
LEA EAX,[LOCAL.7]
PUSH EAX

; /Arg2 =>

MOV ECX,DWORD PTR SS:[LOCAL.140]

; |

|
|
|
|Arg1
|
\SystemIn

|
|
|Arg1
|
\SystemIn

0040CC12 |.
[LOCAL.140]
0040CC13 |.
fo.0042F680
0040CC18 |.
0040CC1B |.
0040CC1E |>
0040CC21 |.
0040CC24 |.
0040CC27 |.
0040CC29 |.
0040CC2C |.
0040CC2F |.
0040CC31 |.
0040CC33 |.
0040CC36 |.
0040CC39 |.
0040CC3C |.
0040CC3F |.
0040CC41 |.
0040CC43 |.
0040CC46 |.
0040CC49 |.
0040CC4C |.
0040CC4E |.
0040CC51 |.
0040CC53 |.
0040CC55 |.
0040CC58 |.
[LOCAL.29]
0040CC59 |.
0040CC5C |.
fo.0040F2C0
0040CC61 |.
0040CC64 |.
0040CC68 |.
0040CC6A |.^
0040CC6C |.
0040CC6F |.
0040CC72 |.
0040CC75 |>^
0040CC77 |>
0040CC7B |.
0040CC7D |.
0040CC82 |>
0040CC84 |.^
0040CC86 |.
0040CC8A |.
0040CC8C |.
0040CC8F |.
0040CC95 |.
0040CC97 |>
0040CC9A |.
0040CCA0 |>
0040CCA6 |.
0040CCA9 |.
0040CCB0 |.
0040CCB3 |.
0040CCB6 |>
0040CCB9 |.

51

PUSH ECX

; |Arg1 =>

E8 682A0200

CALL 0042F680

; \SystemIn

83C4 08
8945 8C
8B55 90
0FBE02
83F8 7F
74 4E
8B4D 90
0FBE11
85D2
7E 44
8B45 90
0FBE08
8B55 8C
2B55 DC
3BCA
73 34
8B45 90
0FBE08
8B55 8C
2BD1
8955 8C
6A 00
6A 01
8B45 8C
50

ADD ESP,8
MOV DWORD PTR SS:[LOCAL.29],EAX
/MOV EDX,DWORD PTR SS:[LOCAL.28]
|MOVSX EAX,BYTE PTR DS:[EDX]
|CMP EAX,7F
|JE SHORT 0040CC77
|MOV ECX,DWORD PTR SS:[LOCAL.28]
|MOVSX EDX,BYTE PTR DS:[ECX]
|TEST EDX,EDX
|JLE SHORT 0040CC77
|MOV EAX,DWORD PTR SS:[LOCAL.28]
|MOVSX ECX,BYTE PTR DS:[EAX]
|MOV EDX,DWORD PTR SS:[LOCAL.29]
|SUB EDX,DWORD PTR SS:[LOCAL.9]
|CMP ECX,EDX
|JNB SHORT 0040CC77
|MOV EAX,DWORD PTR SS:[LOCAL.28]
|MOVSX ECX,BYTE PTR DS:[EAX]
|MOV EDX,DWORD PTR SS:[LOCAL.29]
|SUB EDX,ECX
|MOV DWORD PTR SS:[LOCAL.29],EDX
|PUSH 0
|PUSH 1
|MOV EAX,DWORD PTR SS:[LOCAL.29]
|PUSH EAX

;
;
;
;

8D4D 94
E8 5F260000

|LEA ECX,[LOCAL.27]
|CALL 0040F2C0

; |
; \SystemIn

8B4D 90
0FBE51 01
85D2
7E 09
8B45 90
83C0 01
8945 90
EB A7
837D A8 00
73 05
E8 061C0200
33C9
75 FC
837D AC 10
72 0B
8B55 98
8995 CCFDFFFF
EB 09
8D45 98
8985 CCFDFFFF
8B8D CCFDFFFF
894D 20
C745 2C 00000
8B55 A8
8955 30
8B45 24
0345 28

|MOV ECX,DWORD PTR SS:[LOCAL.28]


|MOVSX EDX,BYTE PTR DS:[ECX+1]
|TEST EDX,EDX
|JLE SHORT 0040CC75
|MOV EAX,DWORD PTR SS:[LOCAL.28]
|ADD EAX,1
|MOV DWORD PTR SS:[LOCAL.28],EAX
\JMP SHORT 0040CC1E
CMP DWORD PTR SS:[LOCAL.22],0
JNB SHORT 0040CC82
CALL 0042E888
/XOR ECX,ECX
\JNE SHORT 0040CC82
CMP DWORD PTR SS:[LOCAL.21],10
JB SHORT 0040CC97
MOV EDX,DWORD PTR SS:[LOCAL.26]
MOV DWORD PTR SS:[LOCAL.141],EDX
JMP SHORT 0040CCA0
LEA EAX,[LOCAL.26]
MOV DWORD PTR SS:[LOCAL.141],EAX
MOV ECX,DWORD PTR SS:[LOCAL.141]
MOV DWORD PTR SS:[ARG.7],ECX
MOV DWORD PTR SS:[ARG.10],0
MOV EDX,DWORD PTR SS:[LOCAL.22]
MOV DWORD PTR SS:[ARG.11],EDX
MOV EAX,DWORD PTR SS:[ARG.8]
ADD EAX,DWORD PTR SS:[ARG.9]

/Arg3 = 0
|Arg2 = 1
|
|Arg1 =>

0040CCBC |.
0040CCBF |.
0040CCC2 |.
0040CCC5 |.
0040CCC8 |.
0040CCCB |.
0040CCD1 |.
0040CCD8 |.
0040CCDA |.
0040CCDD |.
0040CCE0 |.
0040CCE6 |.
0040CCEC |.
0040CCEF |.
0040CCF1 |.
0040CCF4 |.
0040CCF7 |.
0040CCFD |.
0040CD03 |.
0040CD06 |.
0040CD0C |.
0040CD0E |>
0040CD18 |>
0040CD1E |.
0040CD21 |.
0040CD24 |.
0040CD27 |.
0040CD2D |.
0040CD33 |.
0040CD38 |.
0040CD3B |.
0040CD3F |.
0040CD45 |.
0040CD4C |.
0040CD4E |.
0040CD51 |.
0040CD57 |.
0040CD5A |.
0040CD60 |.
0040CD63 |.
0040CD69 |.
0040CD6B |>
0040CD71 |.
0040CD74 |.
0040CD7A |>
0040CD81 |.
0040CD83 |.
0040CD87 |.
0040CD88 |.
0040CD8E |.
fo.0040DCB0
0040CD93 |.^
0040CD95 |>
0040CD9B |.
0040CDA1 |.
0040CDA7 |.
0040CDAD |.
0040CDB3 |.
0040CDB9 |.
0040CDBC |.

0345 2C
0345 30
8945 D4
8B4D 18
8B51 18
8995 6CFEFFFF
83BD 6CFEFFFF
7E 34
8B45 18
8B48 18
898D 68FEFFFF
8B95 68FEFFFF
3B55 D4
76 1D
8B45 18
8B48 18
898D 64FEFFFF
8B95 64FEFFFF
2B55 D4
8995 C8FDFFFF
EB 0A
C785 C8FDFFFF
8B85 C8FDFFFF
8945 D4
8B4D 18
8B51 10
8995 60FEFFFF
8B85 60FEFFFF
25 C0010000
8945 F0
837D F0 40
0F84 86000000
817D F0 00010
74 7D
8B4D D4
898D 54FEFFFF
8B55 10
8995 58FEFFFF
8B45 14
8985 5CFEFFFF
EB 0F
8B8D 54FEFFFF
83E9 01
898D 54FEFFFF
83BD 54FEFFFF
76 12
0FB655 1C
52
8D8D 58FEFFFF
E8 1D0F0000

ADD EAX,DWORD PTR SS:[ARG.10]


ADD EAX,DWORD PTR SS:[ARG.11]
MOV DWORD PTR SS:[LOCAL.11],EAX
MOV ECX,DWORD PTR SS:[ARG.5]
MOV EDX,DWORD PTR DS:[ECX+18]
MOV DWORD PTR SS:[LOCAL.101],EDX
CMP DWORD PTR SS:[LOCAL.101],0
JLE SHORT 0040CD0E
MOV EAX,DWORD PTR SS:[ARG.5]
MOV ECX,DWORD PTR DS:[EAX+18]
MOV DWORD PTR SS:[LOCAL.102],ECX
MOV EDX,DWORD PTR SS:[LOCAL.102]
CMP EDX,DWORD PTR SS:[LOCAL.11]
JBE SHORT 0040CD0E
MOV EAX,DWORD PTR SS:[ARG.5]
MOV ECX,DWORD PTR DS:[EAX+18]
MOV DWORD PTR SS:[LOCAL.103],ECX
MOV EDX,DWORD PTR SS:[LOCAL.103]
SUB EDX,DWORD PTR SS:[LOCAL.11]
MOV DWORD PTR SS:[LOCAL.142],EDX
JMP SHORT 0040CD18
MOV DWORD PTR SS:[LOCAL.142],0
MOV EAX,DWORD PTR SS:[LOCAL.142]
MOV DWORD PTR SS:[LOCAL.11],EAX
MOV ECX,DWORD PTR SS:[ARG.5]
MOV EDX,DWORD PTR DS:[ECX+10]
MOV DWORD PTR SS:[LOCAL.104],EDX
MOV EAX,DWORD PTR SS:[LOCAL.104]
AND EAX,000001C0
MOV DWORD PTR SS:[LOCAL.4],EAX
CMP DWORD PTR SS:[LOCAL.4],40
JE 0040CDCB
CMP DWORD PTR SS:[LOCAL.4],100
JE SHORT 0040CDCB
MOV ECX,DWORD PTR SS:[LOCAL.11]
MOV DWORD PTR SS:[LOCAL.107],ECX
MOV EDX,DWORD PTR SS:[ARG.3]
MOV DWORD PTR SS:[LOCAL.106],EDX
MOV EAX,DWORD PTR SS:[ARG.4]
MOV DWORD PTR SS:[LOCAL.105],EAX
JMP SHORT 0040CD7A
/MOV ECX,DWORD PTR SS:[LOCAL.107]
|SUB ECX,1
|MOV DWORD PTR SS:[LOCAL.107],ECX
|CMP DWORD PTR SS:[LOCAL.107],0
|JBE SHORT 0040CD95
|MOVZX EDX,BYTE PTR SS:[ARG.6]
|PUSH EDX
|LEA ECX,[LOCAL.106]
|CALL 0040DCB0

EB D6
8B85 58FEFFFF
8985 78FFFFFF
8B8D 5CFEFFFF
898D 7CFFFFFF
8B95 78FFFFFF
8B85 7CFFFFFF
8955 10
8945 14

\JMP SHORT 0040CD6B


MOV EAX,DWORD PTR SS:[LOCAL.106]
MOV DWORD PTR SS:[LOCAL.34],EAX
MOV ECX,DWORD PTR SS:[LOCAL.105]
MOV DWORD PTR SS:[LOCAL.33],ECX
MOV EDX,DWORD PTR SS:[LOCAL.34]
MOV EAX,DWORD PTR SS:[LOCAL.33]
MOV DWORD PTR SS:[ARG.3],EDX
MOV DWORD PTR SS:[ARG.4],EAX

; /Arg1
; |
; \SystemIn

0040CDBF |.
0040CDC6 |.
0040CDCB |>
0040CDD2 |.
0040CDD8 |.
0040CDDC |.
0040CDE2 |.
0040CDEC |.
0040CDEF |.
0040CDF5 |.
0040CDF8 |.
0040CDFE |.
0040CE01 |.
0040CE07 |.
0040CE09 |>
0040CE0F |.
0040CE12 |.
0040CE18 |.
0040CE1E |.
0040CE21 |.
0040CE27 |>
0040CE2E |.
0040CE30 |.
0040CE36 |.
0040CE38 |.
0040CE3E |.
0040CE45 |.
0040CE46 |.
0040CE4C |.
fo.0040DCB0
0040CE51 |.^
0040CE53 |>
0040CE59 |.
0040CE5F |.
0040CE65 |.
0040CE6B |.
0040CE71 |.
0040CE77 |.
0040CE7A |.
0040CE7D |.
0040CE80 |.
0040CE83 |.
0040CE86 |.
0040CE89 |.
0040CE8C |.
0040CE8F |>
0040CE92 |.
0040CE98 |.
0040CE9B |.
0040CEA1 |.
0040CEA4 |.
0040CEAA |.
0040CEAC |>
0040CEB2 |.
0040CEB5 |.
0040CEBB |>
0040CEC2 |.
0040CEC4 |.
0040CEC8 |.
0040CEC9 |.

C745 D4 00000
E9 3C010000
817D F0 00010
0F85 2F010000
837D DC 00
0F86 AD000000
C785 40FEFFFF
8B4D 20
898D 44FEFFFF
8B55 10
8995 48FEFFFF
8B45 14
8985 4CFEFFFF
EB 1E
8B8D 40FEFFFF
83E9 01
898D 40FEFFFF
8B95 44FEFFFF
83C2 01
8995 44FEFFFF
83BD 40FEFFFF
76 23
8B85 44FEFFFF
8A08
888D 53FEFFFF
0FB695 53FEFF
52
8D8D 48FEFFFF
E8 5F0E0000

MOV DWORD PTR SS:[LOCAL.11],0


JMP 0040CF07
CMP DWORD PTR SS:[LOCAL.4],100
JNE 0040CF07
CMP DWORD PTR SS:[LOCAL.9],0
JBE 0040CE8F
MOV DWORD PTR SS:[LOCAL.112],1
MOV ECX,DWORD PTR SS:[ARG.7]
MOV DWORD PTR SS:[LOCAL.111],ECX
MOV EDX,DWORD PTR SS:[ARG.3]
MOV DWORD PTR SS:[LOCAL.110],EDX
MOV EAX,DWORD PTR SS:[ARG.4]
MOV DWORD PTR SS:[LOCAL.109],EAX
JMP SHORT 0040CE27
/MOV ECX,DWORD PTR SS:[LOCAL.112]
|SUB ECX,1
|MOV DWORD PTR SS:[LOCAL.112],ECX
|MOV EDX,DWORD PTR SS:[LOCAL.111]
|ADD EDX,1
|MOV DWORD PTR SS:[LOCAL.111],EDX
|CMP DWORD PTR SS:[LOCAL.112],0
|JBE SHORT 0040CE53
|MOV EAX,DWORD PTR SS:[LOCAL.111]
|MOV CL,BYTE PTR DS:[EAX]
|MOV BYTE PTR SS:[LOCAL.108+3],CL
|MOVZX EDX,BYTE PTR SS:[LOCAL.108+3]
|PUSH EDX
|LEA ECX,[LOCAL.110]
|CALL 0040DCB0

; /Arg1
; |
; \SystemIn

EB B6
8B85 48FEFFFF
8985 70FFFFFF
8B8D 4CFEFFFF
898D 74FFFFFF
8B95 70FFFFFF
8B85 74FFFFFF
8955 10
8945 14
8B4D 20
83C1 01
894D 20
8B55 30
83EA 01
8955 30
8B45 D4
8985 34FEFFFF
8B4D 10
898D 38FEFFFF
8B55 14
8995 3CFEFFFF
EB 0F
8B85 34FEFFFF
83E8 01
8985 34FEFFFF
83BD 34FEFFFF
76 12
0FB64D 1C
51
8D8D 38FEFFFF

\JMP SHORT 0040CE09


MOV EAX,DWORD PTR SS:[LOCAL.110]
MOV DWORD PTR SS:[LOCAL.36],EAX
MOV ECX,DWORD PTR SS:[LOCAL.109]
MOV DWORD PTR SS:[LOCAL.35],ECX
MOV EDX,DWORD PTR SS:[LOCAL.36]
MOV EAX,DWORD PTR SS:[LOCAL.35]
MOV DWORD PTR SS:[ARG.3],EDX
MOV DWORD PTR SS:[ARG.4],EAX
MOV ECX,DWORD PTR SS:[ARG.7]
ADD ECX,1
MOV DWORD PTR SS:[ARG.7],ECX
MOV EDX,DWORD PTR SS:[ARG.11]
SUB EDX,1
MOV DWORD PTR SS:[ARG.11],EDX
MOV EAX,DWORD PTR SS:[LOCAL.11]
MOV DWORD PTR SS:[LOCAL.115],EAX
MOV ECX,DWORD PTR SS:[ARG.3]
MOV DWORD PTR SS:[LOCAL.114],ECX
MOV EDX,DWORD PTR SS:[ARG.4]
MOV DWORD PTR SS:[LOCAL.113],EDX
JMP SHORT 0040CEBB
/MOV EAX,DWORD PTR SS:[LOCAL.115]
|SUB EAX,1
|MOV DWORD PTR SS:[LOCAL.115],EAX
|CMP DWORD PTR SS:[LOCAL.115],0
|JBE SHORT 0040CED6
|MOVZX ECX,BYTE PTR SS:[ARG.6]
|PUSH ECX
|LEA ECX,[LOCAL.114]

; /Arg1
; |

0040CECF |. E8 DC0D0000
fo.0040DCB0
0040CED4 |.^ EB D6
0040CED6 |> 8B95 38FEFFFF
0040CEDC |. 8995 68FFFFFF
0040CEE2 |. 8B85 3CFEFFFF
0040CEE8 |. 8985 6CFFFFFF
0040CEEE |. 8B8D 68FFFFFF
0040CEF4 |. 8B95 6CFFFFFF
0040CEFA |. 894D 10
0040CEFD |. 8955 14
0040CF00 |. C745 D4 00000
0040CF07 |> 8B45 30
0040CF0A |. 50
[ARG.11]
0040CF0B |. 0FBE4D E4
0040CF0F |. 51
0040CF10 |. 8B55 20
0040CF13 |. 52
[ARG.7]
0040CF14 |. E8 B7270200
fo.0042F6D0
0040CF19 |. 83C4 0C
0040CF1C |. 8945 E0
0040CF1F |. 837D E0 00
0040CF23 |. 0F84 BE010000
0040CF29 |. 8B45 E0
0040CF2C |. 2B45 20
0040CF2F |. 83C0 01
0040CF32 |. 8945 88
0040CF35 |. 0FB64D DB
0040CF39 |. 51
0040CF3A |. 8B55 88
0040CF3D |. 83EA 01
0040CF40 |. 52
0040CF41 |. 8B45 20
0040CF44 |. 50
[ARG.7]
0040CF45 |. 8B4D 14
0040CF48 |. 51
[ARG.4]
0040CF49 |. 8B55 10
0040CF4C |. 52
[ARG.3]
0040CF4D |. 8D85 60FFFFFF
0040CF53 |. 50
OFFSET LOCAL.40
0040CF54 |. 8B4D 08
0040CF57 |. 51
[ARG.1]
0040CF58 |. E8 D30B0000
fo.0040DB30
0040CF5D |. 83C4 1C
0040CF60 |. 8B10
0040CF62 |. 8B40 04
0040CF65 |. 8955 10
0040CF68 |. 8945 14
0040CF6B |. 8B4D 24
0040CF6E |. 898D 10FEFFFF
0040CF74 |. 8B55 10

|CALL 0040DCB0

; \SystemIn

\JMP SHORT 0040CEAC


MOV EDX,DWORD PTR SS:[LOCAL.114]
MOV DWORD PTR SS:[LOCAL.38],EDX
MOV EAX,DWORD PTR SS:[LOCAL.113]
MOV DWORD PTR SS:[LOCAL.37],EAX
MOV ECX,DWORD PTR SS:[LOCAL.38]
MOV EDX,DWORD PTR SS:[LOCAL.37]
MOV DWORD PTR SS:[ARG.3],ECX
MOV DWORD PTR SS:[ARG.4],EDX
MOV DWORD PTR SS:[LOCAL.11],0
MOV EAX,DWORD PTR SS:[ARG.11]
PUSH EAX

; /Arg3 =>

MOVSX ECX,BYTE PTR SS:[LOCAL.7]


PUSH ECX
MOV EDX,DWORD PTR SS:[ARG.7]
PUSH EDX

;
;
;
;

CALL 0042F6D0

; \SystemIn

ADD ESP,0C
MOV DWORD PTR SS:[LOCAL.8],EAX
CMP DWORD PTR SS:[LOCAL.8],0
JE 0040D0E7
MOV EAX,DWORD PTR SS:[LOCAL.8]
SUB EAX,DWORD PTR SS:[ARG.7]
ADD EAX,1
MOV DWORD PTR SS:[LOCAL.30],EAX
MOVZX ECX,BYTE PTR SS:[LOCAL.10+3]
PUSH ECX
MOV EDX,DWORD PTR SS:[LOCAL.30]
SUB EDX,1
PUSH EDX
MOV EAX,DWORD PTR SS:[ARG.7]
PUSH EAX

;
;
;
;
;
;

MOV ECX,DWORD PTR SS:[ARG.4]


PUSH ECX

; |
; |Arg4 =>

MOV EDX,DWORD PTR SS:[ARG.3]


PUSH EDX

; |
; |Arg3 =>

LEA EAX,[LOCAL.40]
PUSH EAX

; |
; |Arg2 =>

MOV ECX,DWORD PTR SS:[ARG.1]


PUSH ECX

; |
; |Arg1 =>

CALL 0040DB30

; \SystemIn

ADD
MOV
MOV
MOV
MOV
MOV
MOV
MOV

ESP,1C
EDX,DWORD
EAX,DWORD
DWORD PTR
DWORD PTR
ECX,DWORD
DWORD PTR
EDX,DWORD

PTR DS:[EAX]
PTR DS:[EAX+4]
SS:[ARG.3],EDX
SS:[ARG.4],EAX
PTR SS:[ARG.8]
SS:[LOCAL.124],ECX
PTR SS:[ARG.3]

|
|Arg2
|
|Arg1 =>

/Arg7
|
|
|Arg6
|
|Arg5 =>

0040CF77 |.
0040CF7D |.
0040CF80 |.
0040CF86 |.
0040CF88 |>
0040CF8E |.
0040CF91 |.
0040CF97 |>
0040CF9E |.
0040CFA0 |.
0040CFA4 |.
0040CFA5 |.
0040CFAB |.
fo.0040DCB0
0040CFB0 |.^
0040CFB2 |>
0040CFB8 |.
0040CFBE |.
0040CFC4 |.
0040CFCA |.
0040CFD0 |.
0040CFD6 |.
0040CFD9 |.
0040CFDC |.
0040CFDF |.
0040CFE1 |.
0040CFE4 |.
0040CFE7 |.
0040CFE9 |.
0040CFEF |.
0040CFF9 |.
0040CFFC |.
0040D002 |.
0040D005 |.
0040D00B |.
0040D00D |>
0040D013 |.
0040D016 |.
0040D01C |>
0040D023 |.
0040D025 |.
0040D02C |.
0040D02D |.
0040D033 |.
fo.0040DCB0
0040D038 |.^
0040D03A |>
0040D040 |.
0040D046 |.
0040D04C |.
0040D052 |.
0040D058 |.
0040D05E |.
0040D061 |.
0040D064 |.
0040D067 |.
0040D06D |.
0040D070 |.
0040D076 |.
0040D079 |.

8995 14FEFFFF
8B45 14
8985 18FEFFFF
EB 0F
8B8D 10FEFFFF
83E9 01
898D 10FEFFFF
83BD 10FEFFFF
76 12
0FB655 EB
52
8D8D 14FEFFFF
E8 000D0000

MOV DWORD PTR SS:[LOCAL.123],EDX


MOV EAX,DWORD PTR SS:[ARG.4]
MOV DWORD PTR SS:[LOCAL.122],EAX
JMP SHORT 0040CF97
/MOV ECX,DWORD PTR SS:[LOCAL.124]
|SUB ECX,1
|MOV DWORD PTR SS:[LOCAL.124],ECX
|CMP DWORD PTR SS:[LOCAL.124],0
|JBE SHORT 0040CFB2
|MOVZX EDX,BYTE PTR SS:[LOCAL.6+3]
|PUSH EDX
|LEA ECX,[LOCAL.123]
|CALL 0040DCB0

; /Arg1
; |
; \SystemIn

EB D6
8B85 14FEFFFF
8985 58FFFFFF
8B8D 18FEFFFF
898D 5CFFFFFF
8B95 58FFFFFF
8B85 5CFFFFFF
8955 10
8945 14
8B4D EC
8B11
8B4D EC
8B42 04
FFD0
8885 0FFEFFFF
C785 00FEFFFF
8B4D 10
898D 04FEFFFF
8B55 14
8995 08FEFFFF
EB 0F
8B85 00FEFFFF
83E8 01
8985 00FEFFFF
83BD 00FEFFFF
76 15
0FB68D 0FFEFF
51
8D8D 04FEFFFF
E8 780C0000

\JMP SHORT 0040CF88


MOV EAX,DWORD PTR SS:[LOCAL.123]
MOV DWORD PTR SS:[LOCAL.42],EAX
MOV ECX,DWORD PTR SS:[LOCAL.122]
MOV DWORD PTR SS:[LOCAL.41],ECX
MOV EDX,DWORD PTR SS:[LOCAL.42]
MOV EAX,DWORD PTR SS:[LOCAL.41]
MOV DWORD PTR SS:[ARG.3],EDX
MOV DWORD PTR SS:[ARG.4],EAX
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV EDX,DWORD PTR DS:[ECX]
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV EAX,DWORD PTR DS:[EDX+4]
CALL EAX
MOV BYTE PTR SS:[LOCAL.125+3],AL
MOV DWORD PTR SS:[LOCAL.128],1
MOV ECX,DWORD PTR SS:[ARG.3]
MOV DWORD PTR SS:[LOCAL.127],ECX
MOV EDX,DWORD PTR SS:[ARG.4]
MOV DWORD PTR SS:[LOCAL.126],EDX
JMP SHORT 0040D01C
/MOV EAX,DWORD PTR SS:[LOCAL.128]
|SUB EAX,1
|MOV DWORD PTR SS:[LOCAL.128],EAX
|CMP DWORD PTR SS:[LOCAL.128],0
|JBE SHORT 0040D03A
|MOVZX ECX,BYTE PTR SS:[LOCAL.125+3]
|PUSH ECX
|LEA ECX,[LOCAL.127]
|CALL 0040DCB0

; /Arg1
; |
; \SystemIn

EB D3
8B95 04FEFFFF
8995 50FFFFFF
8B85 08FEFFFF
8985 54FFFFFF
8B8D 50FFFFFF
8B95 54FFFFFF
894D 10
8955 14
8B45 28
8985 F4FDFFFF
8B4D 10
898D F8FDFFFF
8B55 14
8995 FCFDFFFF

\JMP SHORT 0040D00D


MOV EDX,DWORD PTR SS:[LOCAL.127]
MOV DWORD PTR SS:[LOCAL.44],EDX
MOV EAX,DWORD PTR SS:[LOCAL.126]
MOV DWORD PTR SS:[LOCAL.43],EAX
MOV ECX,DWORD PTR SS:[LOCAL.44]
MOV EDX,DWORD PTR SS:[LOCAL.43]
MOV DWORD PTR SS:[ARG.3],ECX
MOV DWORD PTR SS:[ARG.4],EDX
MOV EAX,DWORD PTR SS:[ARG.9]
MOV DWORD PTR SS:[LOCAL.131],EAX
MOV ECX,DWORD PTR SS:[ARG.3]
MOV DWORD PTR SS:[LOCAL.130],ECX
MOV EDX,DWORD PTR SS:[ARG.4]
MOV DWORD PTR SS:[LOCAL.129],EDX

0040D07F |.
0040D081 |>
0040D087 |.
0040D08A |.
0040D090 |>
0040D097 |.
0040D099 |.
0040D09D |.
0040D09E |.
0040D0A4 |.
fo.0040DCB0
0040D0A9 |.^
0040D0AB |>
0040D0B1 |.
0040D0B7 |.
0040D0BD |.
0040D0C3 |.
0040D0C9 |.
0040D0CF |.
0040D0D2 |.
0040D0D5 |.
0040D0D8 |.
0040D0DB |.
0040D0DE |.
0040D0E1 |.
0040D0E4 |.
0040D0E7 |>
0040D0EA |.
[ARG.11]
0040D0EB |.
5
0040D0ED |.
0040D0F0 |.
[ARG.7]
0040D0F1 |.
fo.0042F6D0
0040D0F6 |.
0040D0F9 |.
0040D0FC |.
0040D100 |.
0040D106 |.
0040D109 |.
0040D10C |.
0040D10F |.
0040D112 |.
0040D116 |.
0040D117 |.
0040D11A |.
0040D11D |.
0040D11E |.
0040D121 |.
[ARG.7]
0040D122 |.
0040D125 |.
[ARG.4]
0040D126 |.
0040D129 |.
[ARG.3]
0040D12A |.
0040D130 |.

EB 0F
8B85 F4FDFFFF
83E8 01
8985 F4FDFFFF
83BD F4FDFFFF
76 12
0FB64D EB
51
8D8D F8FDFFFF
E8 070C0000

JMP SHORT 0040D090


/MOV EAX,DWORD PTR SS:[LOCAL.131]
|SUB EAX,1
|MOV DWORD PTR SS:[LOCAL.131],EAX
|CMP DWORD PTR SS:[LOCAL.131],0
|JBE SHORT 0040D0AB
|MOVZX ECX,BYTE PTR SS:[LOCAL.6+3]
|PUSH ECX
|LEA ECX,[LOCAL.130]
|CALL 0040DCB0

; /Arg1
; |
; \SystemIn

EB D6
8B95 F8FDFFFF
8995 48FFFFFF
8B85 FCFDFFFF
8985 4CFFFFFF
8B8D 48FFFFFF
8B95 4CFFFFFF
894D 10
8955 14
8B45 20
0345 88
8945 20
8B4D 30
2B4D 88
894D 30
8B55 30
52

\JMP SHORT 0040D081


MOV EDX,DWORD PTR SS:[LOCAL.130]
MOV DWORD PTR SS:[LOCAL.46],EDX
MOV EAX,DWORD PTR SS:[LOCAL.129]
MOV DWORD PTR SS:[LOCAL.45],EAX
MOV ECX,DWORD PTR SS:[LOCAL.46]
MOV EDX,DWORD PTR SS:[LOCAL.45]
MOV DWORD PTR SS:[ARG.3],ECX
MOV DWORD PTR SS:[ARG.4],EDX
MOV EAX,DWORD PTR SS:[ARG.7]
ADD EAX,DWORD PTR SS:[LOCAL.30]
MOV DWORD PTR SS:[ARG.7],EAX
MOV ECX,DWORD PTR SS:[ARG.11]
SUB ECX,DWORD PTR SS:[LOCAL.30]
MOV DWORD PTR SS:[ARG.11],ECX
MOV EDX,DWORD PTR SS:[ARG.11]
PUSH EDX

; /Arg3 =>

6A 65

PUSH 65

; |Arg2 = 6

8B45 20
50

MOV EAX,DWORD PTR SS:[ARG.7]


PUSH EAX

; |
; |Arg1 =>

E8 DA250200

CALL 0042F6D0

; \SystemIn

83C4 0C
8945 D0
837D D0 00
0F84 E6000000
8B4D D0
2B4D 20
83C1 01
894D 84
0FB655 DB
52
8B45 84
83E8 01
50
8B4D 20
51

ADD ESP,0C
MOV DWORD PTR SS:[LOCAL.12],EAX
CMP DWORD PTR SS:[LOCAL.12],0
JE 0040D1EC
MOV ECX,DWORD PTR SS:[LOCAL.12]
SUB ECX,DWORD PTR SS:[ARG.7]
ADD ECX,1
MOV DWORD PTR SS:[LOCAL.31],ECX
MOVZX EDX,BYTE PTR SS:[LOCAL.10+3]
PUSH EDX
MOV EAX,DWORD PTR SS:[LOCAL.31]
SUB EAX,1
PUSH EAX
MOV ECX,DWORD PTR SS:[ARG.7]
PUSH ECX

;
;
;
;
;
;

8B55 14
52

MOV EDX,DWORD PTR SS:[ARG.4]


PUSH EDX

; |
; |Arg4 =>

8B45 10
50

MOV EAX,DWORD PTR SS:[ARG.3]


PUSH EAX

; |
; |Arg3 =>

8D8D 40FFFFFF LEA ECX,[LOCAL.48]


51
PUSH ECX

/Arg7
|
|
|Arg6
|
|Arg5 =>

; |
; |Arg2 =>

OFFSET LOCAL.48
0040D131 |. 8B55 08
0040D134 |. 52
[ARG.1]
0040D135 |. E8 F6090000
fo.0040DB30
0040D13A |. 83C4 1C
0040D13D |. 8B08
0040D13F |. 8B50 04
0040D142 |. 894D 10
0040D145 |. 8955 14
0040D148 |. 8B45 2C
0040D14B |. 50
[ARG.10]
0040D14C |. 0FB64D EB
0040D150 |. 51
0040D151 |. 8B55 14
0040D154 |. 52
[ARG.4]
0040D155 |. 8B45 10
0040D158 |. 50
[ARG.3]
0040D159 |. 8D8D 38FFFFFF
0040D15F |. 51
OFFSET LOCAL.50
0040D160 |. 8B55 08
0040D163 |. 52
[ARG.1]
0040D164 |. E8 57080000
fo.0040D9C0
0040D169 |. 83C4 18
0040D16C |. 8B08
0040D16E |. 8B50 04
0040D171 |. 894D 10
0040D174 |. 8955 14
0040D177 |. C745 2C 00000
0040D17E |. 8B45 18
0040D181 |. 8B48 10
0040D184 |. 898D F0FDFFFF
0040D18A |. 8B95 F0FDFFFF
0040D190 |. 83E2 04
0040D193 |. 74 0C
0040D195 |. C785 C4FDFFFF
0040D19F |. EB 0A
0040D1A1 |> C785 C4FDFFFF
0040D1AB |> 6A 01
0040D1AD |. 8B85 C4FDFFFF
0040D1B3 |. 50
0040D1B4 |. 8B4D 14
0040D1B7 |. 51
0040D1B8 |. 8B55 10
0040D1BB |. 52
0040D1BC |. 8D85 30FFFFFF
0040D1C2 |. 50
0040D1C3 |. 8B4D 08
0040D1C6 |. 51
0040D1C7 |. E8 E4080000
0040D1CC |. 83C4 18
0040D1CF |. 8B10
0040D1D1 |. 8B40 04

MOV EDX,DWORD PTR SS:[ARG.1]


PUSH EDX

; |
; |Arg1 =>

CALL 0040DB30

; \SystemIn

ADD ESP,1C
MOV ECX,DWORD
MOV EDX,DWORD
MOV DWORD PTR
MOV DWORD PTR
MOV EAX,DWORD
PUSH EAX

PTR DS:[EAX]
PTR DS:[EAX+4]
SS:[ARG.3],ECX
SS:[ARG.4],EDX
PTR SS:[ARG.10]
; /Arg6 =>

MOVZX ECX,BYTE PTR SS:[LOCAL.6+3]


PUSH ECX
MOV EDX,DWORD PTR SS:[ARG.4]
PUSH EDX

;
;
;
;

MOV EAX,DWORD PTR SS:[ARG.3]


PUSH EAX

; |
; |Arg3 =>

LEA ECX,[LOCAL.50]
PUSH ECX

; |
; |Arg2 =>

MOV EDX,DWORD PTR SS:[ARG.1]


PUSH EDX

; |
; |Arg1 =>

CALL 0040D9C0

; \SystemIn

ADD ESP,18
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[ARG.3],ECX
MOV DWORD PTR SS:[ARG.4],EDX
MOV DWORD PTR SS:[ARG.10],0
MOV EAX,DWORD PTR SS:[ARG.5]
MOV ECX,DWORD PTR DS:[EAX+10]
MOV DWORD PTR SS:[LOCAL.132],ECX
MOV EDX,DWORD PTR SS:[LOCAL.132]
AND EDX,00000004
JE SHORT 0040D1A1
MOV DWORD PTR SS:[LOCAL.143],OFFSET 0044
JMP SHORT 0040D1AB
MOV DWORD PTR SS:[LOCAL.143],OFFSET 0044
PUSH 1
MOV EAX,DWORD PTR SS:[LOCAL.143]
PUSH EAX
MOV ECX,DWORD PTR SS:[ARG.4]
PUSH ECX
MOV EDX,DWORD PTR SS:[ARG.3]
PUSH EDX
LEA EAX,[LOCAL.52]
PUSH EAX
MOV ECX,DWORD PTR SS:[ARG.1]
PUSH ECX
CALL 0040DAB0
ADD ESP,18
MOV EDX,DWORD PTR DS:[EAX]
MOV EAX,DWORD PTR DS:[EAX+4]

|
|Arg5
|
|Arg4 =>

0040D1D4 |. 8955 10
0040D1D7 |. 8945 14
0040D1DA |. 8B4D 20
0040D1DD |. 034D 84
0040D1E0 |. 894D 20
0040D1E3 |. 8B55 30
0040D1E6 |. 2B55 84
0040D1E9 |. 8955 30
0040D1EC |> 0FB645 DB
0040D1F0 |. 50
0040D1F1 |. 8B4D 30
0040D1F4 |. 51
[ARG.11]
0040D1F5 |. 8B55 20
0040D1F8 |. 52
[ARG.7]
0040D1F9 |. 8B45 14
0040D1FC |. 50
[ARG.4]
0040D1FD |. 8B4D 10
0040D200 |. 51
[ARG.3]
0040D201 |. 8D95 28FFFFFF
0040D207 |. 52
OFFSET LOCAL.54
0040D208 |. 8B45 08
0040D20B |. 50
[ARG.1]
0040D20C |. E8 1F090000
fo.0040DB30
0040D211 |. 83C4 1C
0040D214 |. 8B08
0040D216 |. 8B50 04
0040D219 |. 894D 10
0040D21C |. 8955 14
0040D21F |. 8B45 2C
0040D222 |. 50
[ARG.10]
0040D223 |. 0FB64D EB
0040D227 |. 51
0040D228 |. 8B55 14
0040D22B |. 52
[ARG.4]
0040D22C |. 8B45 10
0040D22F |. 50
[ARG.3]
0040D230 |. 8D8D 20FFFFFF
0040D236 |. 51
OFFSET LOCAL.56
0040D237 |. 8B55 08
0040D23A |. 52
[ARG.1]
0040D23B |. E8 80070000
fo.0040D9C0
0040D240 |. 83C4 18
0040D243 |. 8B08
0040D245 |. 8B50 04
0040D248 |. 894D 10
0040D24B |. 8955 14
0040D24E |. 8B45 18

MOV DWORD PTR SS:[ARG.3],EDX


MOV DWORD PTR SS:[ARG.4],EAX
MOV ECX,DWORD PTR SS:[ARG.7]
ADD ECX,DWORD PTR SS:[LOCAL.31]
MOV DWORD PTR SS:[ARG.7],ECX
MOV EDX,DWORD PTR SS:[ARG.11]
SUB EDX,DWORD PTR SS:[LOCAL.31]
MOV DWORD PTR SS:[ARG.11],EDX
MOVZX EAX,BYTE PTR SS:[LOCAL.10+3]
PUSH EAX
MOV ECX,DWORD PTR SS:[ARG.11]
PUSH ECX

; /Arg7
; |
; |Arg6 =>

MOV EDX,DWORD PTR SS:[ARG.7]


PUSH EDX

; |
; |Arg5 =>

MOV EAX,DWORD PTR SS:[ARG.4]


PUSH EAX

; |
; |Arg4 =>

MOV ECX,DWORD PTR SS:[ARG.3]


PUSH ECX

; |
; |Arg3 =>

LEA EDX,[LOCAL.54]
PUSH EDX

; |
; |Arg2 =>

MOV EAX,DWORD PTR SS:[ARG.1]


PUSH EAX

; |
; |Arg1 =>

CALL 0040DB30

; \SystemIn

ADD ESP,1C
MOV ECX,DWORD
MOV EDX,DWORD
MOV DWORD PTR
MOV DWORD PTR
MOV EAX,DWORD
PUSH EAX

PTR DS:[EAX]
PTR DS:[EAX+4]
SS:[ARG.3],ECX
SS:[ARG.4],EDX
PTR SS:[ARG.10]
; /Arg6 =>

MOVZX ECX,BYTE PTR SS:[LOCAL.6+3]


PUSH ECX
MOV EDX,DWORD PTR SS:[ARG.4]
PUSH EDX

;
;
;
;

MOV EAX,DWORD PTR SS:[ARG.3]


PUSH EAX

; |
; |Arg3 =>

LEA ECX,[LOCAL.56]
PUSH ECX

; |
; |Arg2 =>

MOV EDX,DWORD PTR SS:[ARG.1]


PUSH EDX

; |
; |Arg1 =>

CALL 0040D9C0

; \SystemIn

ADD
MOV
MOV
MOV
MOV
MOV

ESP,18
ECX,DWORD
EDX,DWORD
DWORD PTR
DWORD PTR
EAX,DWORD

PTR DS:[EAX]
PTR DS:[EAX+4]
SS:[ARG.3],ECX
SS:[ARG.4],EDX
PTR SS:[ARG.5]

|
|Arg5
|
|Arg4 =>

0040D251 |. 8B48 18
MOV ECX,DWORD PTR DS:[EAX+18]
0040D254 |. 898D ECFDFFFF MOV DWORD PTR SS:[LOCAL.133],ECX
0040D25A |. 8B55 18
MOV EDX,DWORD PTR SS:[ARG.5]
0040D25D |. C742 18 00000 MOV DWORD PTR DS:[EDX+18],0
0040D264 |. 8B45 D4
MOV EAX,DWORD PTR SS:[LOCAL.11]
0040D267 |. 50
PUSH EAX
[LOCAL.11]
0040D268 |. 0FB64D 1C
MOVZX ECX,BYTE PTR SS:[ARG.6]
0040D26C |. 51
PUSH ECX
0040D26D |. 8B55 14
MOV EDX,DWORD PTR SS:[ARG.4]
0040D270 |. 52
PUSH EDX
[ARG.4]
0040D271 |. 8B45 10
MOV EAX,DWORD PTR SS:[ARG.3]
0040D274 |. 50
PUSH EAX
[ARG.3]
0040D275 |. 8B4D 0C
MOV ECX,DWORD PTR SS:[ARG.2]
0040D278 |. 51
PUSH ECX
[ARG.2]
0040D279 |. 8B55 08
MOV EDX,DWORD PTR SS:[ARG.1]
0040D27C |. 52
PUSH EDX
[ARG.1]
0040D27D |. E8 3E070000 CALL 0040D9C0
fo.0040D9C0
0040D282 |. 83C4 18
ADD ESP,18
0040D285 |. C645 FC 01
MOV BYTE PTR SS:[LOCAL.1],1
0040D289 |. 6A 00
PUSH 0
0040D28B |. 6A 01
PUSH 1
0040D28D |. 8D4D 94
LEA ECX,[LOCAL.27]
0040D290 |. E8 CB280000 CALL 0040FB60
fo.0040FB60
0040D295 |. C745 FC FFFFF MOV DWORD PTR SS:[LOCAL.1],-1
0040D29C |. 6A 00
PUSH 0
0040D29E |. 6A 01
PUSH 1
0040D2A0 |. 8D4D B0
LEA ECX,[LOCAL.20]
0040D2A3 |. E8 B8280000 CALL 0040FB60
fo.0040FB60
0040D2A8 |. 8B45 0C
MOV EAX,DWORD PTR SS:[ARG.2]
0040D2AB |. 8B4D F4
MOV ECX,DWORD PTR SS:[LOCAL.3]
0040D2AE |. 64:890D 00000 MOV DWORD PTR FS:[0],ECX
0040D2B5 |. 59
POP ECX
0040D2B6 |. 8B4D CC
MOV ECX,DWORD PTR SS:[LOCAL.13]
0040D2B9 |. 33CD
XOR ECX,EBP
0040D2BB |. E8 31140200 CALL 0042E6F1
0040D2C0 |. 8BE5
MOV ESP,EBP
0040D2C2 |. 5D
POP EBP
0040D2C3 \. C3
RETN
0040D2C4
CC
INT3
0040D2C5
CC
INT3
0040D2C6
CC
INT3
0040D2C7
CC
INT3
0040D2C8
CC
INT3
0040D2C9
CC
INT3
0040D2CA
CC
INT3
0040D2CB
CC
INT3
0040D2CC
CC
INT3
0040D2CD
CC
INT3
0040D2CE
CC
INT3
0040D2CF
CC
INT3
0040D2D0 /$ 55
PUSH EBP
o.0040D2D0(guessed Arg1,Arg2,Arg3,Arg4)

; /Arg6 =>
;
;
;
;

|
|Arg5
|
|Arg4 =>

; |
; |Arg3 =>
; |
; |Arg2 =>
; |
; |Arg1 =>
; \SystemIn

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

; SystemInf

0040D2D1
0040D2D3
0040D2D6
0040D2D9
0040D2DC
0040D2DF
0040D2E2
0040D2E5
0040D2E8
0040D2EB
0040D2EE
0040D2F1
0040D2F3
0040D2F6
0040D2F9
0040D2FC
0040D2FF
0040D302
0040D305
0040D308
0040D30A
0040D30D
0040D310
0040D313
0040D316
0040D319
0040D31C
0040D31F
0040D322
0040D324
0040D327
0040D32A
0040D32C
0040D32E
0040D331
0040D334
0040D337
0040D339
0040D33C
0040D33F
0040D342
0040D345
0040D348
0040D34B
0040D34E
0040D351
0040D354
0040D357
0040D35A
0040D35D
0040D360
0040D363
0040D366
0040D369
0040D36E
0040D371
0040D378
0040D37A
0040D37E
0040D380

|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|>

8BEC
83EC 0C
8B45 0C
8945 FC
8B4D FC
C601 25
8B55 FC
83C2 01
8955 FC
8B45 14
83E0 20
74 0F
8B4D FC
C601 2B
8B55 FC
83C2 01
8955 FC
8B45 14
83E0 08
74 0F
8B4D FC
C601 23
8B55 FC
83C2 01
8955 FC
8B45 10
0FBE08
83F9 4C
74 15
8B55 FC
8B45 10
8A08
880A
8B55 FC
83C2 01
8955 FC
EB 2D
8B45 FC
C600 49
8B4D FC
83C1 01
894D FC
8B55 FC
C602 36
8B45 FC
83C0 01
8945 FC
8B4D FC
C601 34
8B55 FC
83C2 01
8955 FC
8B45 14
25 000E0000
8945 F8
817D F8 00040
75 06
C645 F7 6F
EB 2B
817D F8 00080

MOV EBP,ESP
SUB ESP,0C
MOV EAX,DWORD PTR SS:[ARG.2]
MOV DWORD PTR SS:[LOCAL.1],EAX
MOV ECX,DWORD PTR SS:[LOCAL.1]
MOV BYTE PTR DS:[ECX],25
MOV EDX,DWORD PTR SS:[LOCAL.1]
ADD EDX,1
MOV DWORD PTR SS:[LOCAL.1],EDX
MOV EAX,DWORD PTR SS:[ARG.4]
AND EAX,00000020
JE SHORT 0040D302
MOV ECX,DWORD PTR SS:[LOCAL.1]
MOV BYTE PTR DS:[ECX],2B
MOV EDX,DWORD PTR SS:[LOCAL.1]
ADD EDX,1
MOV DWORD PTR SS:[LOCAL.1],EDX
MOV EAX,DWORD PTR SS:[ARG.4]
AND EAX,00000008
JE SHORT 0040D319
MOV ECX,DWORD PTR SS:[LOCAL.1]
MOV BYTE PTR DS:[ECX],23
MOV EDX,DWORD PTR SS:[LOCAL.1]
ADD EDX,1
MOV DWORD PTR SS:[LOCAL.1],EDX
MOV EAX,DWORD PTR SS:[ARG.3]
MOVSX ECX,BYTE PTR DS:[EAX]
CMP ECX,4C
JE SHORT 0040D339
MOV EDX,DWORD PTR SS:[LOCAL.1]
MOV EAX,DWORD PTR SS:[ARG.3]
MOV CL,BYTE PTR DS:[EAX]
MOV BYTE PTR DS:[EDX],CL
MOV EDX,DWORD PTR SS:[LOCAL.1]
ADD EDX,1
MOV DWORD PTR SS:[LOCAL.1],EDX
JMP SHORT 0040D366
MOV EAX,DWORD PTR SS:[LOCAL.1]
MOV BYTE PTR DS:[EAX],49
MOV ECX,DWORD PTR SS:[LOCAL.1]
ADD ECX,1
MOV DWORD PTR SS:[LOCAL.1],ECX
MOV EDX,DWORD PTR SS:[LOCAL.1]
MOV BYTE PTR DS:[EDX],36
MOV EAX,DWORD PTR SS:[LOCAL.1]
ADD EAX,1
MOV DWORD PTR SS:[LOCAL.1],EAX
MOV ECX,DWORD PTR SS:[LOCAL.1]
MOV BYTE PTR DS:[ECX],34
MOV EDX,DWORD PTR SS:[LOCAL.1]
ADD EDX,1
MOV DWORD PTR SS:[LOCAL.1],EDX
MOV EAX,DWORD PTR SS:[ARG.4]
AND EAX,00000E00
MOV DWORD PTR SS:[LOCAL.2],EAX
CMP DWORD PTR SS:[LOCAL.2],400
JNE SHORT 0040D380
MOV BYTE PTR SS:[LOCAL.3+3],6F
JMP SHORT 0040D3AB
CMP DWORD PTR SS:[LOCAL.2],800

0040D387 |. 74 0B
JE SHORT 0040D394
0040D389 |. 8B4D 10
MOV ECX,DWORD PTR SS:[ARG.3]
0040D38C |. 8A51 01
MOV DL,BYTE PTR DS:[ECX+1]
0040D38F |. 8855 F6
MOV BYTE PTR SS:[LOCAL.3+2],DL
0040D392 |. EB 11
JMP SHORT 0040D3A5
0040D394 |> 8B45 14
MOV EAX,DWORD PTR SS:[ARG.4]
0040D397 |. 83E0 04
AND EAX,00000004
0040D39A |. F7D8
NEG EAX
0040D39C |. 1AC0
SBB AL,AL
0040D39E |. 24 E0
AND AL,E0
0040D3A0 |. 04 78
ADD AL,78
0040D3A2 |. 8845 F6
MOV BYTE PTR SS:[LOCAL.3+2],AL
0040D3A5 |> 8A4D F6
MOV CL,BYTE PTR SS:[LOCAL.3+2]
0040D3A8 |. 884D F7
MOV BYTE PTR SS:[LOCAL.3+3],CL
0040D3AB |> 8B55 FC
MOV EDX,DWORD PTR SS:[LOCAL.1]
0040D3AE |. 8A45 F7
MOV AL,BYTE PTR SS:[LOCAL.3+3]
0040D3B1 |. 8802
MOV BYTE PTR DS:[EDX],AL
0040D3B3 |. 8B4D FC
MOV ECX,DWORD PTR SS:[LOCAL.1]
0040D3B6 |. 83C1 01
ADD ECX,1
0040D3B9 |. 894D FC
MOV DWORD PTR SS:[LOCAL.1],ECX
0040D3BC |. 8B55 FC
MOV EDX,DWORD PTR SS:[LOCAL.1]
0040D3BF |. C602 00
MOV BYTE PTR DS:[EDX],0
0040D3C2 |. 8B45 0C
MOV EAX,DWORD PTR SS:[ARG.2]
0040D3C5 |. 8BE5
MOV ESP,EBP
0040D3C7 |. 5D
POP EBP
0040D3C8 \. C3
RETN
0040D3C9
CC
INT3
0040D3CA
CC
INT3
0040D3CB
CC
INT3
0040D3CC
CC
INT3
0040D3CD
CC
INT3
0040D3CE
CC
INT3
0040D3CF
CC
INT3
0040D3D0 /$ 55
PUSH EBP
o.0040D3D0(guessed Arg1,Arg2,Arg3,Arg4,Arg5,Arg6,Arg7,Arg8)
0040D3D1 |. 8BEC
MOV EBP,ESP
0040D3D3 |. 6A FF
PUSH -1
0040D3D5 |. 68 10584400 PUSH 00445810
0040D3DA |. 64:A1 0000000 MOV EAX,DWORD PTR FS:[0]
0040D3E0 |. 50
PUSH EAX
0040D3E1 |. 81EC 30010000 SUB ESP,130
0040D3E7 |. A1 A0154500 MOV EAX,DWORD PTR DS:[4515A0]
0040D3EC |. 33C5
XOR EAX,EBP
0040D3EE |. 8945 E0
MOV DWORD PTR SS:[LOCAL.8],EAX
0040D3F1 |. 50
PUSH EAX
0040D3F2 |. 8D45 F4
LEA EAX,[LOCAL.3]
0040D3F5 |. 64:A3 0000000 MOV DWORD PTR FS:[0],EAX
0040D3FB |. 8D45 B8
LEA EAX,[LOCAL.18]
0040D3FE |. 50
PUSH EAX
OFFSET LOCAL.18
0040D3FF |. 8B4D 18
MOV ECX,DWORD PTR SS:[ARG.5]
0040D402 |. E8 39BAFFFF CALL 00408E40
fo.00408E40
0040D407 |. 8985 E0FEFFFF MOV DWORD PTR SS:[LOCAL.72],EAX
0040D40D |. 8B8D E0FEFFFF MOV ECX,DWORD PTR SS:[LOCAL.72]
0040D413 |. 898D DCFEFFFF MOV DWORD PTR SS:[LOCAL.73],ECX
0040D419 |. C745 FC 00000 MOV DWORD PTR SS:[LOCAL.1],0
0040D420 |. 8B95 DCFEFFFF MOV EDX,DWORD PTR SS:[LOCAL.73]
0040D426 |. 52
PUSH EDX
[LOCAL.72]

; SystemInf

; /Arg1 =>
; |
; \SystemIn

; /Arg1 =>

0040D427 |. E8 14090000
fo.0040DD40
0040D42C |. 83C4 04
0040D42F |. 8945 EC
0040D432 |. C745 FC FFFFF
0040D439 |. 8D4D B8
0040D43C |. E8 9F92FFFF
0040D441 |. 8D45 C4
0040D444 |. 50
OFFSET LOCAL.15
0040D445 |. 8B4D EC
0040D448 |. E8 B3080000
fo.0040DD00
0040D44D |. C745 FC 01000
0040D454 |. 8B4D 20
0040D457 |. 0FBE11
0040D45A |. 83FA 2B
0040D45D |. 74 52
0040D45F |. 8B45 20
0040D462 |. 0FBE08
0040D465 |. 83F9 2D
0040D468 |. 74 47
0040D46A |. 8B55 20
0040D46D |. 0FBE02
0040D470 |. 83F8 30
0040D473 |. 75 24
0040D475 |. 8B4D 20
0040D478 |. 0FBE51 01
0040D47C |. 83FA 78
0040D47F |. 74 0C
0040D481 |. 8B45 20
0040D484 |. 0FBE48 01
0040D488 |. 83F9 58
0040D48B |. 75 0C
0040D48D |> C785 D8FEFFFF
0040D497 |. EB 0A
0040D499 |> C785 D8FEFFFF
0040D4A3 |> 8B95 D8FEFFFF
0040D4A9 |. 8995 D4FEFFFF
0040D4AF |. EB 0A
0040D4B1 |> C785 D4FEFFFF
0040D4BB |> 8B85 D4FEFFFF
0040D4C1 |. 8945 E8
0040D4C4 |. 837D DC 10
0040D4C8 |. 72 0B
0040D4CA |. 8B4D C8
0040D4CD |. 898D D0FEFFFF
0040D4D3 |. EB 09
0040D4D5 |> 8D55 C8
0040D4D8 |. 8995 D0FEFFFF
0040D4DE |> 8B85 D0FEFFFF
0040D4E4 |. 0FBE08
0040D4E7 |. 83F9 7F
0040D4EA |. 0F84 E4000000
0040D4F0 |. 837D DC 10
0040D4F4 |. 72 0B
0040D4F6 |. 8B55 C8
0040D4F9 |. 8995 CCFEFFFF
0040D4FF |. EB 09
0040D501 |> 8D45 C8

CALL 0040DD40

; \SystemIn

ADD ESP,4
MOV DWORD PTR SS:[LOCAL.5],EAX
MOV DWORD PTR SS:[LOCAL.1],-1
LEA ECX,[LOCAL.18]
CALL 004066E0
LEA EAX,[LOCAL.15]
PUSH EAX

; /Arg1 =>

MOV ECX,DWORD PTR SS:[LOCAL.5]


CALL 0040DD00

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.1],1


MOV ECX,DWORD PTR SS:[ARG.7]
MOVSX EDX,BYTE PTR DS:[ECX]
CMP EDX,2B
JE SHORT 0040D4B1
MOV EAX,DWORD PTR SS:[ARG.7]
MOVSX ECX,BYTE PTR DS:[EAX]
CMP ECX,2D
JE SHORT 0040D4B1
MOV EDX,DWORD PTR SS:[ARG.7]
MOVSX EAX,BYTE PTR DS:[EDX]
CMP EAX,30
JNE SHORT 0040D499
MOV ECX,DWORD PTR SS:[ARG.7]
MOVSX EDX,BYTE PTR DS:[ECX+1]
CMP EDX,78
JE SHORT 0040D48D
MOV EAX,DWORD PTR SS:[ARG.7]
MOVSX ECX,BYTE PTR DS:[EAX+1]
CMP ECX,58
JNE SHORT 0040D499
MOV DWORD PTR SS:[LOCAL.74],2
JMP SHORT 0040D4A3
MOV DWORD PTR SS:[LOCAL.74],0
MOV EDX,DWORD PTR SS:[LOCAL.74]
MOV DWORD PTR SS:[LOCAL.75],EDX
JMP SHORT 0040D4BB
MOV DWORD PTR SS:[LOCAL.75],1
MOV EAX,DWORD PTR SS:[LOCAL.75]
MOV DWORD PTR SS:[LOCAL.6],EAX
CMP DWORD PTR SS:[LOCAL.9],10
JB SHORT 0040D4D5
MOV ECX,DWORD PTR SS:[LOCAL.14]
MOV DWORD PTR SS:[LOCAL.76],ECX
JMP SHORT 0040D4DE
LEA EDX,[LOCAL.14]
MOV DWORD PTR SS:[LOCAL.76],EDX
MOV EAX,DWORD PTR SS:[LOCAL.76]
MOVSX ECX,BYTE PTR DS:[EAX]
CMP ECX,7F
JE 0040D5D4
CMP DWORD PTR SS:[LOCAL.9],10
JB SHORT 0040D501
MOV EDX,DWORD PTR SS:[LOCAL.14]
MOV DWORD PTR SS:[LOCAL.77],EDX
JMP SHORT 0040D50A
LEA EAX,[LOCAL.14]

0040D504 |.
0040D50A |>
0040D510 |.
0040D513 |.
0040D515 |.
0040D51B |.
0040D51F |.
0040D521 |.
0040D524 |.
0040D52A |.
0040D52C |>
0040D52F |.
0040D535 |>
0040D53B |.
0040D53E |.
0040D541 |.
0040D544 |>
0040D547 |.
0040D54A |.
0040D54D |.
0040D553 |.
0040D556 |.
0040D559 |.
0040D55B |.
0040D55D |.
0040D560 |.
0040D563 |.
0040D566 |.
0040D569 |.
0040D56B |.
0040D56D |.
0040D570 |.
0040D573 |.
0040D576 |.
0040D578 |.
0040D57B |.
0040D57E |.
0040D581 |.
0040D584 |.
0040D585 |.
0040D588 |.
0040D58B |.
0040D58C |.
0040D58F |.
0040D592 |.
0040D595 |.
0040D596 |.
0040D599 |.
0040D59C |.
0040D5A0 |.
0040D5A1 |.
fo.0042F7A3
0040D5A6 |.
0040D5A9 |.
0040D5AC |.
0040D5AF |.
0040D5B2 |.
0040D5B5 |.
0040D5B8 |.
0040D5BB |.

8985 CCFEFFFF
8B8D CCFEFFFF
0FBE11
85D2
0F8E B9000000
837D DC 10
72 0B
8B45 C8
8985 C8FEFFFF
EB 09
8D4D C8
898D C8FEFFFF
8B95 C8FEFFFF
8955 C0
8B45 24
8945 BC
8B4D C0
0FBE11
83FA 7F
0F84 81000000
8B45 C0
0FBE08
85C9
7E 77
8B55 C0
0FBE02
8B4D BC
2B4D E8
3BC1
73 67
8B55 C0
0FBE02
8B4D BC
2BC8
894D BC
8B55 24
83C2 01
2B55 BC
52
8B45 20
0345 BC
50
8B4D 24
83C1 01
2B4D BC
51
8B55 BC
8B45 20
8D4C10 01
51
E8 FD210200

MOV DWORD PTR SS:[LOCAL.77],EAX


MOV ECX,DWORD PTR SS:[LOCAL.77]
MOVSX EDX,BYTE PTR DS:[ECX]
TEST EDX,EDX
JLE 0040D5D4
CMP DWORD PTR SS:[LOCAL.9],10
JB SHORT 0040D52C
MOV EAX,DWORD PTR SS:[LOCAL.14]
MOV DWORD PTR SS:[LOCAL.78],EAX
JMP SHORT 0040D535
LEA ECX,[LOCAL.14]
MOV DWORD PTR SS:[LOCAL.78],ECX
MOV EDX,DWORD PTR SS:[LOCAL.78]
MOV DWORD PTR SS:[LOCAL.16],EDX
MOV EAX,DWORD PTR SS:[ARG.8]
MOV DWORD PTR SS:[LOCAL.17],EAX
/MOV ECX,DWORD PTR SS:[LOCAL.16]
|MOVSX EDX,BYTE PTR DS:[ECX]
|CMP EDX,7F
|JE 0040D5D4
|MOV EAX,DWORD PTR SS:[LOCAL.16]
|MOVSX ECX,BYTE PTR DS:[EAX]
|TEST ECX,ECX
|JLE SHORT 0040D5D4
|MOV EDX,DWORD PTR SS:[LOCAL.16]
|MOVSX EAX,BYTE PTR DS:[EDX]
|MOV ECX,DWORD PTR SS:[LOCAL.17]
|SUB ECX,DWORD PTR SS:[LOCAL.6]
|CMP EAX,ECX
|JNB SHORT 0040D5D4
|MOV EDX,DWORD PTR SS:[LOCAL.16]
|MOVSX EAX,BYTE PTR DS:[EDX]
|MOV ECX,DWORD PTR SS:[LOCAL.17]
|SUB ECX,EAX
|MOV DWORD PTR SS:[LOCAL.17],ECX
|MOV EDX,DWORD PTR SS:[ARG.8]
|ADD EDX,1
|SUB EDX,DWORD PTR SS:[LOCAL.17]
|PUSH EDX
|MOV EAX,DWORD PTR SS:[ARG.7]
|ADD EAX,DWORD PTR SS:[LOCAL.17]
|PUSH EAX
|MOV ECX,DWORD PTR SS:[ARG.8]
|ADD ECX,1
|SUB ECX,DWORD PTR SS:[LOCAL.17]
|PUSH ECX
|MOV EDX,DWORD PTR SS:[LOCAL.17]
|MOV EAX,DWORD PTR SS:[ARG.7]
|LEA ECX,[EDX+EAX+1]
|PUSH ECX
|CALL 0042F7A3

83C4
8B55
0355
C602
8B45
83C0
8945
8B4D

|ADD
|MOV
|ADD
|MOV
|MOV
|ADD
|MOV
|MOV

10
20
BC
00
24
01
24
C0

ESP,10
EDX,DWORD PTR SS:[ARG.7]
EDX,DWORD PTR SS:[LOCAL.17]
BYTE PTR DS:[EDX],0
EAX,DWORD PTR SS:[ARG.8]
EAX,1
DWORD PTR SS:[ARG.8],EAX
ECX,DWORD PTR SS:[LOCAL.16]

;
;
;
;
;
;
;
;
;
;
;
;
;

/Arg4
|
|
|Arg3
|
|
|
|Arg2
|
|
|
|Arg1
\SystemIn

0040D5BE |.
0040D5C2 |.
0040D5C4 |.^
0040D5C6 |.
0040D5C9 |.
0040D5CC |.
0040D5CF |>^
0040D5D4 |>
0040D5D7 |.
0040D5DA |.
0040D5E0 |.
0040D5E7 |.
0040D5E9 |.
0040D5EC |.
0040D5EF |.
0040D5F5 |.
0040D5FB |.
0040D5FE |.
0040D600 |.
0040D603 |.
0040D606 |.
0040D60C |.
0040D612 |.
0040D615 |.
0040D61B |.
0040D61D |>
0040D627 |>
0040D62D |.
0040D630 |.
0040D633 |.
0040D636 |.
0040D63C |.
0040D642 |.
0040D647 |.
0040D64A |.
0040D64E |.
0040D654 |.
0040D65B |.
0040D661 |.
0040D664 |.
0040D66A |.
0040D66D |.
0040D673 |.
0040D676 |.
0040D67C |.
0040D67E |>
0040D684 |.
0040D687 |.
0040D68D |>
0040D694 |.
0040D696 |.
0040D69D |.
0040D69F |.
0040D6A3 |.
0040D6A4 |.
0040D6AA |.
fo.0040FC10
0040D6AF |.
0040D6B5 |.
0040D6BF |.

0FBE51 01
85D2
7E 09
8B45 C0
83C0 01
8945 C0
E9 70FFFFFF
8B4D 18
8B51 18
8995 68FFFFFF
83BD 68FFFFFF
7E 34
8B45 18
8B48 18
898D 64FFFFFF
8B95 64FFFFFF
3B55 24
76 1D
8B45 18
8B48 18
898D 60FFFFFF
8B95 60FFFFFF
2B55 24
8995 C4FEFFFF
EB 0A
C785 C4FEFFFF
8B85 C4FEFFFF
8945 E4
8B4D 18
8B51 10
8995 5CFFFFFF
8B85 5CFFFFFF
25 C0010000
8945 F0
837D F0 40
0F84 B6000000
817D F0 00010
0F84 A9000000
8B4D E4
898D 48FFFFFF
8B55 10
8995 4CFFFFFF
8B45 14
8985 50FFFFFF
EB 0F
8B8D 48FFFFFF
83E9 01
898D 48FFFFFF
83BD 48FFFFFF
76 4A
83BD 50FFFFFF
74 38
0FB655 1C
52
8B8D 50FFFFFF
E8 61250000

|MOVSX EDX,BYTE PTR DS:[ECX+1]


|TEST EDX,EDX
|JLE SHORT 0040D5CF
|MOV EAX,DWORD PTR SS:[LOCAL.16]
|ADD EAX,1
|MOV DWORD PTR SS:[LOCAL.16],EAX
\JMP 0040D544
MOV ECX,DWORD PTR SS:[ARG.5]
MOV EDX,DWORD PTR DS:[ECX+18]
MOV DWORD PTR SS:[LOCAL.38],EDX
CMP DWORD PTR SS:[LOCAL.38],0
JLE SHORT 0040D61D
MOV EAX,DWORD PTR SS:[ARG.5]
MOV ECX,DWORD PTR DS:[EAX+18]
MOV DWORD PTR SS:[LOCAL.39],ECX
MOV EDX,DWORD PTR SS:[LOCAL.39]
CMP EDX,DWORD PTR SS:[ARG.8]
JBE SHORT 0040D61D
MOV EAX,DWORD PTR SS:[ARG.5]
MOV ECX,DWORD PTR DS:[EAX+18]
MOV DWORD PTR SS:[LOCAL.40],ECX
MOV EDX,DWORD PTR SS:[LOCAL.40]
SUB EDX,DWORD PTR SS:[ARG.8]
MOV DWORD PTR SS:[LOCAL.79],EDX
JMP SHORT 0040D627
MOV DWORD PTR SS:[LOCAL.79],0
MOV EAX,DWORD PTR SS:[LOCAL.79]
MOV DWORD PTR SS:[LOCAL.7],EAX
MOV ECX,DWORD PTR SS:[ARG.5]
MOV EDX,DWORD PTR DS:[ECX+10]
MOV DWORD PTR SS:[LOCAL.41],EDX
MOV EAX,DWORD PTR SS:[LOCAL.41]
AND EAX,000001C0
MOV DWORD PTR SS:[LOCAL.4],EAX
CMP DWORD PTR SS:[LOCAL.4],40
JE 0040D70A
CMP DWORD PTR SS:[LOCAL.4],100
JE 0040D70A
MOV ECX,DWORD PTR SS:[LOCAL.7]
MOV DWORD PTR SS:[LOCAL.46],ECX
MOV EDX,DWORD PTR SS:[ARG.3]
MOV DWORD PTR SS:[LOCAL.45],EDX
MOV EAX,DWORD PTR SS:[ARG.4]
MOV DWORD PTR SS:[LOCAL.44],EAX
JMP SHORT 0040D68D
/MOV ECX,DWORD PTR SS:[LOCAL.46]
|SUB ECX,1
|MOV DWORD PTR SS:[LOCAL.46],ECX
|CMP DWORD PTR SS:[LOCAL.46],0
|JBE SHORT 0040D6E0
|CMP DWORD PTR SS:[LOCAL.44],0
|JE SHORT 0040D6D7
|MOVZX EDX,BYTE PTR SS:[ARG.6]
|PUSH EDX
|MOV ECX,DWORD PTR SS:[LOCAL.44]
|CALL 0040FC10

8985 58FFFFFF |MOV DWORD PTR SS:[LOCAL.42],EAX


C785 54FFFFFF |MOV DWORD PTR SS:[LOCAL.43],-1
8B85 54FFFFFF |MOV EAX,DWORD PTR SS:[LOCAL.43]

; /Arg1
; |
; \SystemIn

0040D6C5 |.
0040D6C7 |.
0040D6CD |.
0040D6D0 |.
0040D6D3 |.
0040D6D5 |.^
0040D6D7 |>
0040D6DE |>^
0040D6E0 |>
0040D6E6 |.
0040D6E9 |.
0040D6EF |.
0040D6F2 |.
0040D6F5 |.
0040D6F8 |.
0040D6FB |.
0040D6FE |.
0040D705 |.
0040D70A |>
0040D711 |.
0040D717 |.
0040D71A |.
0040D720 |.
0040D723 |.
0040D729 |.
0040D72C |.
0040D732 |.
0040D735 |.
0040D73B |.
0040D73D |>
0040D743 |.
0040D746 |.
0040D74C |.
0040D752 |.
0040D755 |.
0040D75B |>
0040D762 |.
0040D764 |.
0040D76A |.
0040D76C |.
0040D772 |.
0040D779 |.
0040D77B |.
0040D782 |.
0040D783 |.
0040D789 |.
fo.0040FC10
0040D78E |.
0040D794 |.
0040D79E |.
0040D7A4 |.
0040D7A6 |.
0040D7AC |.
0040D7AF |.
0040D7B2 |.
0040D7B4 |.^
0040D7B6 |>
0040D7BD |>^
0040D7C2 |>
0040D7C8 |.

33C9
3B85 58FFFFFF
0F94C1
0FB6D1
85D2
74 07
C685 4CFFFFFF
EB 9E
8B85 4CFFFFFF
8945 B0
8B8D 50FFFFFF
894D B4
8B55 B0
8B45 B4
8955 10
8945 14
C745 E4 00000
E9 8C010000
817D F0 00010
0F85 7F010000
8B4D E8
898D 2CFFFFFF
8B55 20
8995 30FFFFFF
8B45 10
8985 34FFFFFF
8B4D 14
898D 38FFFFFF
EB 1E
8B95 2CFFFFFF
83EA 01
8995 2CFFFFFF
8B85 30FFFFFF
83C0 01
8985 30FFFFFF
83BD 2CFFFFFF
76 5E
8B8D 30FFFFFF
8A11
8895 47FFFFFF
83BD 38FFFFFF
74 3B
0FB685 47FFFF
50
8B8D 38FFFFFF
E8 82240000

|XOR ECX,ECX
|CMP EAX,DWORD PTR SS:[LOCAL.42]
|SETE CL
|MOVZX EDX,CL
|TEST EDX,EDX
|JE SHORT 0040D6DE
|MOV BYTE PTR SS:[LOCAL.45],1
\JMP SHORT 0040D67E
MOV EAX,DWORD PTR SS:[LOCAL.45]
MOV DWORD PTR SS:[LOCAL.20],EAX
MOV ECX,DWORD PTR SS:[LOCAL.44]
MOV DWORD PTR SS:[LOCAL.19],ECX
MOV EDX,DWORD PTR SS:[LOCAL.20]
MOV EAX,DWORD PTR SS:[LOCAL.19]
MOV DWORD PTR SS:[ARG.3],EDX
MOV DWORD PTR SS:[ARG.4],EAX
MOV DWORD PTR SS:[LOCAL.7],0
JMP 0040D896
CMP DWORD PTR SS:[LOCAL.4],100
JNE 0040D896
MOV ECX,DWORD PTR SS:[LOCAL.6]
MOV DWORD PTR SS:[LOCAL.53],ECX
MOV EDX,DWORD PTR SS:[ARG.7]
MOV DWORD PTR SS:[LOCAL.52],EDX
MOV EAX,DWORD PTR SS:[ARG.3]
MOV DWORD PTR SS:[LOCAL.51],EAX
MOV ECX,DWORD PTR SS:[ARG.4]
MOV DWORD PTR SS:[LOCAL.50],ECX
JMP SHORT 0040D75B
/MOV EDX,DWORD PTR SS:[LOCAL.53]
|SUB EDX,1
|MOV DWORD PTR SS:[LOCAL.53],EDX
|MOV EAX,DWORD PTR SS:[LOCAL.52]
|ADD EAX,1
|MOV DWORD PTR SS:[LOCAL.52],EAX
|CMP DWORD PTR SS:[LOCAL.53],0
|JBE SHORT 0040D7C2
|MOV ECX,DWORD PTR SS:[LOCAL.52]
|MOV DL,BYTE PTR DS:[ECX]
|MOV BYTE PTR SS:[LOCAL.47+3],DL
|CMP DWORD PTR SS:[LOCAL.50],0
|JE SHORT 0040D7B6
|MOVZX EAX,BYTE PTR SS:[LOCAL.47+3]
|PUSH EAX
|MOV ECX,DWORD PTR SS:[LOCAL.50]
|CALL 0040FC10

8985 40FFFFFF
C785 3CFFFFFF
8B8D 3CFFFFFF
33D2
3B8D 40FFFFFF
0F94C2
0FB6C2
85C0
74 07
C685 34FFFFFF
E9 7BFFFFFF
8B8D 34FFFFFF
894D A8

|MOV DWORD PTR SS:[LOCAL.48],EAX


|MOV DWORD PTR SS:[LOCAL.49],-1
|MOV ECX,DWORD PTR SS:[LOCAL.49]
|XOR EDX,EDX
|CMP ECX,DWORD PTR SS:[LOCAL.48]
|SETE DL
|MOVZX EAX,DL
|TEST EAX,EAX
|JE SHORT 0040D7BD
|MOV BYTE PTR SS:[LOCAL.51],1
\JMP 0040D73D
MOV ECX,DWORD PTR SS:[LOCAL.51]
MOV DWORD PTR SS:[LOCAL.22],ECX

; /Arg1
; |
; \SystemIn

0040D7CB |.
0040D7D1 |.
0040D7D4 |.
0040D7D7 |.
0040D7DA |.
0040D7DD |.
0040D7E0 |.
0040D7E3 |.
0040D7E6 |.
0040D7E9 |.
0040D7EC |.
0040D7EF |.
0040D7F2 |.
0040D7F5 |.
0040D7FB |.
0040D7FE |.
0040D804 |.
0040D807 |.
0040D80D |.
0040D80F |>
0040D815 |.
0040D818 |.
0040D81E |>
0040D825 |.
0040D827 |.
0040D82E |.
0040D830 |.
0040D834 |.
0040D835 |.
0040D83B |.
fo.0040FC10
0040D840 |.
0040D846 |.
0040D850 |.
0040D856 |.
0040D858 |.
0040D85E |.
0040D861 |.
0040D864 |.
0040D866 |.^
0040D868 |>
0040D86F |>^
0040D871 |>
0040D877 |.
0040D87A |.
0040D880 |.
0040D883 |.
0040D886 |.
0040D889 |.
0040D88C |.
0040D88F |.
0040D896 |>
0040D899 |.
0040D89B |.
0040D89E |.
0040D8A1 |.
0040D8A3 |.
0040D8A9 |.
0040D8B0 |.
0040D8B1 |.

8B95 38FFFFFF
8955 AC
8B45 A8
8B4D AC
8945 10
894D 14
8B55 20
0355 E8
8955 20
8B45 24
2B45 E8
8945 24
8B4D E4
898D 18FFFFFF
8B55 10
8995 1CFFFFFF
8B45 14
8985 20FFFFFF
EB 0F
8B8D 18FFFFFF
83E9 01
898D 18FFFFFF
83BD 18FFFFFF
76 4A
83BD 20FFFFFF
74 38
0FB655 1C
52
8B8D 20FFFFFF
E8 D0230000

MOV EDX,DWORD PTR SS:[LOCAL.50]


MOV DWORD PTR SS:[LOCAL.21],EDX
MOV EAX,DWORD PTR SS:[LOCAL.22]
MOV ECX,DWORD PTR SS:[LOCAL.21]
MOV DWORD PTR SS:[ARG.3],EAX
MOV DWORD PTR SS:[ARG.4],ECX
MOV EDX,DWORD PTR SS:[ARG.7]
ADD EDX,DWORD PTR SS:[LOCAL.6]
MOV DWORD PTR SS:[ARG.7],EDX
MOV EAX,DWORD PTR SS:[ARG.8]
SUB EAX,DWORD PTR SS:[LOCAL.6]
MOV DWORD PTR SS:[ARG.8],EAX
MOV ECX,DWORD PTR SS:[LOCAL.7]
MOV DWORD PTR SS:[LOCAL.58],ECX
MOV EDX,DWORD PTR SS:[ARG.3]
MOV DWORD PTR SS:[LOCAL.57],EDX
MOV EAX,DWORD PTR SS:[ARG.4]
MOV DWORD PTR SS:[LOCAL.56],EAX
JMP SHORT 0040D81E
/MOV ECX,DWORD PTR SS:[LOCAL.58]
|SUB ECX,1
|MOV DWORD PTR SS:[LOCAL.58],ECX
|CMP DWORD PTR SS:[LOCAL.58],0
|JBE SHORT 0040D871
|CMP DWORD PTR SS:[LOCAL.56],0
|JE SHORT 0040D868
|MOVZX EDX,BYTE PTR SS:[ARG.6]
|PUSH EDX
|MOV ECX,DWORD PTR SS:[LOCAL.56]
|CALL 0040FC10

; /Arg1
; |
; \SystemIn

8985 28FFFFFF
C785 24FFFFFF
8B85 24FFFFFF
33C9
3B85 28FFFFFF
0F94C1
0FB6D1
85D2
74 07
C685 1CFFFFFF
EB 9E
8B85 1CFFFFFF
8945 A0
8B8D 20FFFFFF
894D A4
8B55 A0
8B45 A4
8955 10
8945 14
C745 E4 00000
8B4D EC
8B11
8B4D EC
8B42 08
FFD0
8885 17FFFFFF
0FB68D 17FFFF
51
8B55 24

|MOV DWORD PTR SS:[LOCAL.54],EAX


|MOV DWORD PTR SS:[LOCAL.55],-1
|MOV EAX,DWORD PTR SS:[LOCAL.55]
|XOR ECX,ECX
|CMP EAX,DWORD PTR SS:[LOCAL.54]
|SETE CL
|MOVZX EDX,CL
|TEST EDX,EDX
|JE SHORT 0040D86F
|MOV BYTE PTR SS:[LOCAL.57],1
\JMP SHORT 0040D80F
MOV EAX,DWORD PTR SS:[LOCAL.57]
MOV DWORD PTR SS:[LOCAL.24],EAX
MOV ECX,DWORD PTR SS:[LOCAL.56]
MOV DWORD PTR SS:[LOCAL.23],ECX
MOV EDX,DWORD PTR SS:[LOCAL.24]
MOV EAX,DWORD PTR SS:[LOCAL.23]
MOV DWORD PTR SS:[ARG.3],EDX
MOV DWORD PTR SS:[ARG.4],EAX
MOV DWORD PTR SS:[LOCAL.7],0
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV EDX,DWORD PTR DS:[ECX]
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV EAX,DWORD PTR DS:[EDX+8]
CALL EAX
MOV BYTE PTR SS:[LOCAL.59+3],AL
MOVZX ECX,BYTE PTR SS:[LOCAL.59+3]
PUSH ECX
MOV EDX,DWORD PTR SS:[ARG.8]

; /Arg7
; |

0040D8B4 |. 52
[ARG.8]
0040D8B5 |. 8B45 20
0040D8B8 |. 50
[ARG.7]
0040D8B9 |. 8B4D 14
0040D8BC |. 51
[ARG.4]
0040D8BD |. 8B55 10
0040D8C0 |. 52
[ARG.3]
0040D8C1 |. 8D45 98
0040D8C4 |. 50
OFFSET LOCAL.26
0040D8C5 |. 8B4D 08
0040D8C8 |. 51
[ARG.1]
0040D8C9 |. E8 62020000
fo.0040DB30
0040D8CE |. 83C4 1C
0040D8D1 |. 8B10
0040D8D3 |. 8B40 04
0040D8D6 |. 8955 10
0040D8D9 |. 8945 14
0040D8DC |. 8B4D 18
0040D8DF |. 8B51 18
0040D8E2 |. 8995 F8FEFFFF
0040D8E8 |. 8B45 18
0040D8EB |. C740 18 00000
0040D8F2 |. 8B4D E4
0040D8F5 |. 898D E4FEFFFF
0040D8FB |. 8B55 10
0040D8FE |. 8995 E8FEFFFF
0040D904 |. 8B45 14
0040D907 |. 8985 ECFEFFFF
0040D90D |. EB 0F
0040D90F |> 8B8D E4FEFFFF
0040D915 |. 83E9 01
0040D918 |. 898D E4FEFFFF
0040D91E |> 83BD E4FEFFFF
0040D925 |. 76 4A
0040D927 |. 83BD ECFEFFFF
0040D92E |. 74 38
0040D930 |. 0FB655 1C
0040D934 |. 52
0040D935 |. 8B8D ECFEFFFF
0040D93B |. E8 D0220000
fo.0040FC10
0040D940 |. 8985 F4FEFFFF
0040D946 |. C785 F0FEFFFF
0040D950 |. 8B85 F0FEFFFF
0040D956 |. 33C9
0040D958 |. 3B85 F4FEFFFF
0040D95E |. 0F94C1
0040D961 |. 0FB6D1
0040D964 |. 85D2
0040D966 |.^ 74 07
0040D968 |> C685 E8FEFFFF
0040D96F |>^ EB 9E
0040D971 |> 8B45 0C

PUSH EDX

; |Arg6 =>

MOV EAX,DWORD PTR SS:[ARG.7]


PUSH EAX

; |
; |Arg5 =>

MOV ECX,DWORD PTR SS:[ARG.4]


PUSH ECX

; |
; |Arg4 =>

MOV EDX,DWORD PTR SS:[ARG.3]


PUSH EDX

; |
; |Arg3 =>

LEA EAX,[LOCAL.26]
PUSH EAX

; |
; |Arg2 =>

MOV ECX,DWORD PTR SS:[ARG.1]


PUSH ECX

; |
; |Arg1 =>

CALL 0040DB30

; \SystemIn

ADD ESP,1C
MOV EDX,DWORD PTR DS:[EAX]
MOV EAX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[ARG.3],EDX
MOV DWORD PTR SS:[ARG.4],EAX
MOV ECX,DWORD PTR SS:[ARG.5]
MOV EDX,DWORD PTR DS:[ECX+18]
MOV DWORD PTR SS:[LOCAL.66],EDX
MOV EAX,DWORD PTR SS:[ARG.5]
MOV DWORD PTR DS:[EAX+18],0
MOV ECX,DWORD PTR SS:[LOCAL.7]
MOV DWORD PTR SS:[LOCAL.71],ECX
MOV EDX,DWORD PTR SS:[ARG.3]
MOV DWORD PTR SS:[LOCAL.70],EDX
MOV EAX,DWORD PTR SS:[ARG.4]
MOV DWORD PTR SS:[LOCAL.69],EAX
JMP SHORT 0040D91E
/MOV ECX,DWORD PTR SS:[LOCAL.71]
|SUB ECX,1
|MOV DWORD PTR SS:[LOCAL.71],ECX
|CMP DWORD PTR SS:[LOCAL.71],0
|JBE SHORT 0040D971
|CMP DWORD PTR SS:[LOCAL.69],0
|JE SHORT 0040D968
|MOVZX EDX,BYTE PTR SS:[ARG.6]
|PUSH EDX
|MOV ECX,DWORD PTR SS:[LOCAL.69]
|CALL 0040FC10

; /Arg1
; |
; \SystemIn

|MOV DWORD PTR SS:[LOCAL.67],EAX


|MOV DWORD PTR SS:[LOCAL.68],-1
|MOV EAX,DWORD PTR SS:[LOCAL.68]
|XOR ECX,ECX
|CMP EAX,DWORD PTR SS:[LOCAL.67]
|SETE CL
|MOVZX EDX,CL
|TEST EDX,EDX
|JE SHORT 0040D96F
|MOV BYTE PTR SS:[LOCAL.70],1
\JMP SHORT 0040D90F
MOV EAX,DWORD PTR SS:[ARG.2]

0040D974 |. 8B8D E8FEFFFF MOV ECX,DWORD PTR SS:[LOCAL.70]


0040D97A |. 8908
MOV DWORD PTR DS:[EAX],ECX
0040D97C |. 8B95 ECFEFFFF MOV EDX,DWORD PTR SS:[LOCAL.69]
0040D982 |. 8950 04
MOV DWORD PTR DS:[EAX+4],EDX
0040D985 |. C745 FC FFFFF MOV DWORD PTR SS:[LOCAL.1],-1
0040D98C |. 6A 00
PUSH 0
0040D98E |. 6A 01
PUSH 1
0040D990 |. 8D4D C4
LEA ECX,[LOCAL.15]
0040D993 |. E8 C8210000 CALL 0040FB60
fo.0040FB60
0040D998 |. 8B45 0C
MOV EAX,DWORD PTR SS:[ARG.2]
0040D99B |. 8B4D F4
MOV ECX,DWORD PTR SS:[LOCAL.3]
0040D99E |. 64:890D 00000 MOV DWORD PTR FS:[0],ECX
0040D9A5 |. 59
POP ECX
0040D9A6 |. 8B4D E0
MOV ECX,DWORD PTR SS:[LOCAL.8]
0040D9A9 |. 33CD
XOR ECX,EBP
0040D9AB |. E8 410D0200 CALL 0042E6F1
0040D9B0 |. 8BE5
MOV ESP,EBP
0040D9B2 |. 5D
POP EBP
0040D9B3 \. C3
RETN
0040D9B4
CC
INT3
0040D9B5
CC
INT3
0040D9B6
CC
INT3
0040D9B7
CC
INT3
0040D9B8
CC
INT3
0040D9B9
CC
INT3
0040D9BA
CC
INT3
0040D9BB
CC
INT3
0040D9BC
CC
INT3
0040D9BD
CC
INT3
0040D9BE
CC
INT3
0040D9BF
CC
INT3
0040D9C0 /$ 55
PUSH EBP
o.0040D9C0(guessed Arg1,Arg2,Arg3,Arg4,Arg5,Arg6)
0040D9C1 |. 8BEC
MOV EBP,ESP
0040D9C3 |. 83EC 10
SUB ESP,10
0040D9C6 |. EB 09
JMP SHORT 0040D9D1
0040D9C8 |> 8B45 1C
/MOV EAX,DWORD PTR SS:[ARG.6]
0040D9CB |. 83E8 01
|SUB EAX,1
0040D9CE |. 8945 1C
|MOV DWORD PTR SS:[ARG.6],EAX
0040D9D1 |> 837D 1C 00
|CMP DWORD PTR SS:[ARG.6],0
0040D9D5 |. 76 35
|JBE SHORT 0040DA0C
0040D9D7 |. 837D 14 00
|CMP DWORD PTR SS:[ARG.4],0
0040D9DB |. 74 29
|JE SHORT 0040DA06
0040D9DD |. 0FB64D 18
|MOVZX ECX,BYTE PTR SS:[ARG.5]
0040D9E1 |. 51
|PUSH ECX
0040D9E2 |. 8B4D 14
|MOV ECX,DWORD PTR SS:[ARG.4]
0040D9E5 |. E8 26220000 |CALL 0040FC10
fo.0040FC10
0040D9EA |. 8945 FC
|MOV DWORD PTR SS:[LOCAL.1],EAX
0040D9ED |. C745 F8 FFFFF |MOV DWORD PTR SS:[LOCAL.2],-1
0040D9F4 |. 8B55 F8
|MOV EDX,DWORD PTR SS:[LOCAL.2]
0040D9F7 |. 33C0
|XOR EAX,EAX
0040D9F9 |. 3B55 FC
|CMP EDX,DWORD PTR SS:[LOCAL.1]
0040D9FC |. 0F94C0
|SETE AL
0040D9FF |. 0FB6C8
|MOVZX ECX,AL
0040DA02 |. 85C9
|TEST ECX,ECX
0040DA04 |.^ 74 04
|JE SHORT 0040DA0A
0040DA06 |> C645 10 01
|MOV BYTE PTR SS:[ARG.3],1
0040DA0A |>^ EB BC
\JMP SHORT 0040D9C8

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

; SystemInf

; /Arg1
; |
; \SystemIn

0040DA0C |> 8B55 0C


0040DA0F |. 8B45 10
0040DA12 |. 8902
0040DA14 |. 8B4D 14
0040DA17 |. 894A 04
0040DA1A |. 8B45 0C
0040DA1D |. 8BE5
0040DA1F |. 5D
0040DA20 \. C3
0040DA21
CC
0040DA22
CC
0040DA23
CC
0040DA24
CC
0040DA25
CC
0040DA26
CC
0040DA27
CC
0040DA28
CC
0040DA29
CC
0040DA2A
CC
0040DA2B
CC
0040DA2C
CC
0040DA2D
CC
0040DA2E
CC
0040DA2F
CC
0040DA30 /$ 55
o.0040DA30(guessed Arg1)
0040DA31 |. 8BEC
0040DA33 |. 83EC 08
0040DA36 |. 894D F8
0040DA39 |. C745 FC 00000
0040DA40 |. 8B45 08
0040DA43 |. 50
0040DA44 |. 8B4D F8
0040DA47 |. 8B11
0040DA49 |. 8B4D F8
0040DA4C |. 8B42 10
0040DA4F |. FFD0
0040DA51 |. 8B4D FC
0040DA54 |. 83C9 01
0040DA57 |. 894D FC
0040DA5A |. 8B45 08
0040DA5D |. 8BE5
0040DA5F |. 5D
0040DA60 \. C2 0400
0040DA63
CC
0040DA64
CC
0040DA65
CC
0040DA66
CC
0040DA67
CC
0040DA68
CC
0040DA69
CC
0040DA6A
CC
0040DA6B
CC
0040DA6C
CC
0040DA6D
CC
0040DA6E
CC
0040DA6F
CC
0040DA70 /$ 55
o.0040DA70(guessed Arg1)
0040DA71 |. 8BEC

MOV EDX,DWORD
MOV EAX,DWORD
MOV DWORD PTR
MOV ECX,DWORD
MOV DWORD PTR
MOV EAX,DWORD
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP

PTR SS:[ARG.2]
PTR SS:[ARG.3]
DS:[EDX],EAX
PTR SS:[ARG.4]
DS:[EDX+4],ECX
PTR SS:[ARG.2]

MOV EBP,ESP
SUB ESP,8
MOV DWORD PTR SS:[LOCAL.2],ECX
MOV DWORD PTR SS:[LOCAL.1],0
MOV EAX,DWORD PTR SS:[ARG.1]
PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.2]
MOV EDX,DWORD PTR DS:[ECX]
MOV ECX,DWORD PTR SS:[LOCAL.2]
MOV EAX,DWORD PTR DS:[EDX+10]
CALL EAX
MOV ECX,DWORD PTR SS:[LOCAL.1]
OR ECX,00000001
MOV DWORD PTR SS:[LOCAL.1],ECX
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ESP,EBP
POP EBP
RETN 4
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP

; SystemInf

; SystemInf

0040DA73 |.
0040DA76 |.
0040DA79 |.
0040DA80 |.
0040DA83 |.
0040DA84 |.
0040DA87 |.
0040DA89 |.
0040DA8C |.
0040DA8F |.
0040DA91 |.
0040DA94 |.
0040DA97 |.
0040DA9A |.
0040DA9D |.
0040DA9F |.
0040DAA0 \.
0040DAA3
0040DAA4
0040DAA5
0040DAA6
0040DAA7
0040DAA8
0040DAA9
0040DAAA
0040DAAB
0040DAAC
0040DAAD
0040DAAE
0040DAAF
0040DAB0 /$
0040DAB1 |.
0040DAB3 |.
0040DAB6 |.
0040DAB8 |>
0040DABB |.
0040DABE |.
0040DAC1 |.
0040DAC4 |.
0040DAC7 |.
0040DACA |>
0040DACE |.
0040DAD0 |.
0040DAD3 |.
0040DAD5 |.
0040DAD8 |.
0040DADC |.
0040DADE |.
0040DAE2 |.
0040DAE3 |.
0040DAE6 |.
fo.0040FC10
0040DAEB |.
0040DAEE |.
0040DAF5 |.
0040DAF8 |.
0040DAFA |.
0040DAFD |.
0040DB00 |.
0040DB03 |.

83EC 08
894D F8
C745 FC 00000
8B45 08
50
8B4D F8
8B11
8B4D F8
8B42 14
FFD0
8B4D FC
83C9 01
894D FC
8B45 08
8BE5
5D
C2 0400
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
55
8BEC
83EC 14
EB 12
8B45 1C
83E8 01
8945 1C
8B4D 18
83C1 01
894D 18
837D 1C 00
76 3D
8B55 18
8A02
8845 FF
837D 14 00
74 29
0FB64D FF
51
8B4D 14
E8 25210000

SUB ESP,8
MOV DWORD PTR SS:[LOCAL.2],ECX
MOV DWORD PTR SS:[LOCAL.1],0
MOV EAX,DWORD PTR SS:[ARG.1]
PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.2]
MOV EDX,DWORD PTR DS:[ECX]
MOV ECX,DWORD PTR SS:[LOCAL.2]
MOV EAX,DWORD PTR DS:[EDX+14]
CALL EAX
MOV ECX,DWORD PTR SS:[LOCAL.1]
OR ECX,00000001
MOV DWORD PTR SS:[LOCAL.1],ECX
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ESP,EBP
POP EBP
RETN 4
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
SUB ESP,14
JMP SHORT 0040DACA
/MOV EAX,DWORD PTR SS:[ARG.6]
|SUB EAX,1
|MOV DWORD PTR SS:[ARG.6],EAX
|MOV ECX,DWORD PTR SS:[ARG.5]
|ADD ECX,1
|MOV DWORD PTR SS:[ARG.5],ECX
|CMP DWORD PTR SS:[ARG.6],0
|JBE SHORT 0040DB0D
|MOV EDX,DWORD PTR SS:[ARG.5]
|MOV AL,BYTE PTR DS:[EDX]
|MOV BYTE PTR SS:[LOCAL.1+3],AL
|CMP DWORD PTR SS:[ARG.4],0
|JE SHORT 0040DB07
|MOVZX ECX,BYTE PTR SS:[LOCAL.1+3]
|PUSH ECX
|MOV ECX,DWORD PTR SS:[ARG.4]
|CALL 0040FC10

8945 F8
|MOV DWORD PTR
C745 F4 FFFFF |MOV DWORD PTR
8B55 F4
|MOV EDX,DWORD
33C0
|XOR EAX,EAX
3B55 F8
|CMP EDX,DWORD
0F94C0
|SETE AL
0FB6C8
|MOVZX ECX,AL
85C9
|TEST ECX,ECX

SS:[LOCAL.2],EAX
SS:[LOCAL.3],-1
PTR SS:[LOCAL.3]
PTR SS:[LOCAL.2]

; /Arg1
; |
; \SystemIn

0040DB05 |.^ 74 04
|JE SHORT 0040DB0B
0040DB07 |> C645 10 01
|MOV BYTE PTR SS:[ARG.3],1
0040DB0B |>^ EB AB
\JMP SHORT 0040DAB8
0040DB0D |> 8B55 0C
MOV EDX,DWORD PTR SS:[ARG.2]
0040DB10 |. 8B45 10
MOV EAX,DWORD PTR SS:[ARG.3]
0040DB13 |. 8902
MOV DWORD PTR DS:[EDX],EAX
0040DB15 |. 8B4D 14
MOV ECX,DWORD PTR SS:[ARG.4]
0040DB18 |. 894A 04
MOV DWORD PTR DS:[EDX+4],ECX
0040DB1B |. 8B45 0C
MOV EAX,DWORD PTR SS:[ARG.2]
0040DB1E |. 8BE5
MOV ESP,EBP
0040DB20 |. 5D
POP EBP
0040DB21 \. C3
RETN
0040DB22
CC
INT3
0040DB23
CC
INT3
0040DB24
CC
INT3
0040DB25
CC
INT3
0040DB26
CC
INT3
0040DB27
CC
INT3
0040DB28
CC
INT3
0040DB29
CC
INT3
0040DB2A
CC
INT3
0040DB2B
CC
INT3
0040DB2C
CC
INT3
0040DB2D
CC
INT3
0040DB2E
CC
INT3
0040DB2F
CC
INT3
0040DB30 /$ 55
PUSH EBP
o.0040DB30(guessed Arg1,Arg2,Arg3,Arg4,Arg5,Arg6,Arg7)
0040DB31 |. 8BEC
MOV EBP,ESP
0040DB33 |. 83EC 5C
SUB ESP,5C
0040DB36 |. EB 12
JMP SHORT 0040DB4A
0040DB38 |> 8B45 18
MOV EAX,DWORD PTR SS:[ARG.5]
0040DB3B |. 83C0 01
ADD EAX,1
0040DB3E |. 8945 18
MOV DWORD PTR SS:[ARG.5],EAX
0040DB41 |. 8B4D 1C
MOV ECX,DWORD PTR SS:[ARG.6]
0040DB44 |. 83E9 01
SUB ECX,1
0040DB47 |. 894D 1C
MOV DWORD PTR SS:[ARG.6],ECX
0040DB4A |> 8B55 1C
MOV EDX,DWORD PTR SS:[ARG.6]
0040DB4D |. 52
PUSH EDX
[ARG.6]
0040DB4E |. 6A 00
PUSH 0
0040DB50 |. 8B45 18
MOV EAX,DWORD PTR SS:[ARG.5]
0040DB53 |. 50
PUSH EAX
[ARG.5]
0040DB54 |. E8 771B0200 CALL 0042F6D0
fo.0042F6D0
0040DB59 |. 83C4 0C
ADD ESP,0C
0040DB5C |. 8945 FC
MOV DWORD PTR SS:[LOCAL.1],EAX
0040DB5F |. 837D FC 00
CMP DWORD PTR SS:[LOCAL.1],0
0040DB63 |. 74 0B
JE SHORT 0040DB70
0040DB65 |. 8B4D FC
MOV ECX,DWORD PTR SS:[LOCAL.1]
0040DB68 |. 2B4D 18
SUB ECX,DWORD PTR SS:[ARG.5]
0040DB6B |. 894D A4
MOV DWORD PTR SS:[LOCAL.23],ECX
0040DB6E |. EB 06
JMP SHORT 0040DB76
0040DB70 |> 8B55 1C
MOV EDX,DWORD PTR SS:[ARG.6]
0040DB73 |. 8955 A4
MOV DWORD PTR SS:[LOCAL.23],EDX
0040DB76 |> 8B45 A4
MOV EAX,DWORD PTR SS:[LOCAL.23]
0040DB79 |. 8945 F8
MOV DWORD PTR SS:[LOCAL.2],EAX
0040DB7C |. 8B4D F8
MOV ECX,DWORD PTR SS:[LOCAL.2]
0040DB7F |. 894D C4
MOV DWORD PTR SS:[LOCAL.15],ECX

; SystemInf

; /Arg3 =>
; |Arg2 = 0
; |
; |Arg1 =>
; \SystemIn

0040DB82 |.
0040DB85 |.
0040DB88 |.
0040DB8B |.
0040DB8E |.
0040DB91 |.
0040DB94 |.
0040DB96 |>
0040DB99 |.
0040DB9C |.
0040DB9F |.
0040DBA2 |.
0040DBA5 |.
0040DBA8 |>
0040DBAC |.
0040DBAE |.
0040DBB1 |.
0040DBB3 |.
0040DBB6 |.
0040DBBA |.
0040DBBC |.
0040DBC0 |.
0040DBC1 |.
0040DBC4 |.
fo.0040FC10
0040DBC9 |.
0040DBCC |.
0040DBD3 |.
0040DBD6 |.
0040DBD8 |.
0040DBDB |.
0040DBDE |.
0040DBE1 |.
0040DBE3 |.^
0040DBE5 |>
0040DBE9 |>^
0040DBEB |>
0040DBEE |.
0040DBF1 |.
0040DBF4 |.
0040DBF7 |.
0040DBFA |.
0040DBFD |.
0040DC00 |.
0040DC03 |.
0040DC06 |.
0040DC09 |.
0040DC0C |.
0040DC0F |.
0040DC12 |.
0040DC15 |.
0040DC17 |.
0040DC19 |>
0040DC1D |.
0040DC1F |.^
0040DC21 |.
0040DC28 |.
0040DC2B |.
0040DC2E |.
0040DC31 |.

8B55 18
8955 C8
8B45 10
8945 CC
8B4D 14
894D D0
EB 12
8B55 C4
83EA 01
8955 C4
8B45 C8
83C0 01
8945 C8
837D C4 00
76 3D
8B4D C8
8A11
8855 E7
837D D0 00
74 29
0FB645 E7
50
8B4D D0
E8 47200000

MOV EDX,DWORD PTR SS:[ARG.5]


MOV DWORD PTR SS:[LOCAL.14],EDX
MOV EAX,DWORD PTR SS:[ARG.3]
MOV DWORD PTR SS:[LOCAL.13],EAX
MOV ECX,DWORD PTR SS:[ARG.4]
MOV DWORD PTR SS:[LOCAL.12],ECX
JMP SHORT 0040DBA8
/MOV EDX,DWORD PTR SS:[LOCAL.15]
|SUB EDX,1
|MOV DWORD PTR SS:[LOCAL.15],EDX
|MOV EAX,DWORD PTR SS:[LOCAL.14]
|ADD EAX,1
|MOV DWORD PTR SS:[LOCAL.14],EAX
|CMP DWORD PTR SS:[LOCAL.15],0
|JBE SHORT 0040DBEB
|MOV ECX,DWORD PTR SS:[LOCAL.14]
|MOV DL,BYTE PTR DS:[ECX]
|MOV BYTE PTR SS:[LOCAL.7+3],DL
|CMP DWORD PTR SS:[LOCAL.12],0
|JE SHORT 0040DBE5
|MOVZX EAX,BYTE PTR SS:[LOCAL.7+3]
|PUSH EAX
|MOV ECX,DWORD PTR SS:[LOCAL.12]
|CALL 0040FC10

8945 E0
C745 DC FFFFF
8B4D DC
33D2
3B4D E0
0F94C2
0FB6C2
85C0
74 04
C645 CC 01
EB AB
8B4D CC
894D F0
8B55 D0
8955 F4
8B45 F0
8B4D F4
8945 10
894D 14
8B55 18
0355 F8
8955 18
8B45 1C
2B45 F8
8945 1C
75 02
EB 7E
0FBE4D 20
85C9
74 71
C745 A8 01000
8B55 10
8955 AC
8B45 14
8945 B0

|MOV DWORD PTR SS:[LOCAL.8],EAX


|MOV DWORD PTR SS:[LOCAL.9],-1
|MOV ECX,DWORD PTR SS:[LOCAL.9]
|XOR EDX,EDX
|CMP ECX,DWORD PTR SS:[LOCAL.8]
|SETE DL
|MOVZX EAX,DL
|TEST EAX,EAX
|JE SHORT 0040DBE9
|MOV BYTE PTR SS:[LOCAL.13],1
\JMP SHORT 0040DB96
MOV ECX,DWORD PTR SS:[LOCAL.13]
MOV DWORD PTR SS:[LOCAL.4],ECX
MOV EDX,DWORD PTR SS:[LOCAL.12]
MOV DWORD PTR SS:[LOCAL.3],EDX
MOV EAX,DWORD PTR SS:[LOCAL.4]
MOV ECX,DWORD PTR SS:[LOCAL.3]
MOV DWORD PTR SS:[ARG.3],EAX
MOV DWORD PTR SS:[ARG.4],ECX
MOV EDX,DWORD PTR SS:[ARG.5]
ADD EDX,DWORD PTR SS:[LOCAL.2]
MOV DWORD PTR SS:[ARG.5],EDX
MOV EAX,DWORD PTR SS:[ARG.6]
SUB EAX,DWORD PTR SS:[LOCAL.2]
MOV DWORD PTR SS:[ARG.6],EAX
JNE SHORT 0040DC19
JMP SHORT 0040DC97
MOVSX ECX,BYTE PTR SS:[ARG.7]
TEST ECX,ECX
JE SHORT 0040DC92
MOV DWORD PTR SS:[LOCAL.22],1
MOV EDX,DWORD PTR SS:[ARG.3]
MOV DWORD PTR SS:[LOCAL.21],EDX
MOV EAX,DWORD PTR SS:[ARG.4]
MOV DWORD PTR SS:[LOCAL.20],EAX

; /Arg1
; |
; \SystemIn

0040DC34 |. EB 09
0040DC36 |> 8B4D A8
0040DC39 |. 83E9 01
0040DC3C |. 894D A8
0040DC3F |> 837D A8 00
0040DC43 |. 76 35
0040DC45 |. 837D B0 00
0040DC49 |. 74 29
0040DC4B |. 0FB655 20
0040DC4F |. 52
0040DC50 |. 8B4D B0
0040DC53 |. E8 B81F0000
fo.0040FC10
0040DC58 |. 8945 C0
0040DC5B |. C745 BC FFFFF
0040DC62 |. 8B45 BC
0040DC65 |. 33C9
0040DC67 |. 3B45 C0
0040DC6A |. 0F94C1
0040DC6D |. 0FB6D1
0040DC70 |. 85D2
0040DC72 |.^ 74 04
0040DC74 |> C645 AC 01
0040DC78 |>^ EB BC
0040DC7A |> 8B45 AC
0040DC7D |. 8945 E8
0040DC80 |. 8B4D B0
0040DC83 |. 894D EC
0040DC86 |. 8B55 E8
0040DC89 |. 8B45 EC
0040DC8C |. 8955 10
0040DC8F |. 8945 14
0040DC92 |>^ E9 A1FEFFFF
0040DC97 |> 8B4D 0C
0040DC9A |. 8B55 10
0040DC9D |. 8911
0040DC9F |. 8B45 14
0040DCA2 |. 8941 04
0040DCA5 |. 8B45 0C
0040DCA8 |. 8BE5
0040DCAA |. 5D
0040DCAB \. C3
0040DCAC
CC
0040DCAD
CC
0040DCAE
CC
0040DCAF
CC
0040DCB0 /$ 55
o.0040DCB0(guessed Arg1)
0040DCB1 |. 8BEC
0040DCB3 |. 83EC 14
0040DCB6 |. 894D EC
0040DCB9 |. 8B45 EC
0040DCBC |. 8378 04 00
0040DCC0 |. 74 2C
0040DCC2 |. 0FB64D 08
0040DCC6 |. 51
0040DCC7 |. 8B55 EC
0040DCCA |. 8B4A 04
0040DCCD |. E8 3E1F0000
fo.0040FC10

JMP SHORT 0040DC3F


/MOV ECX,DWORD PTR SS:[LOCAL.22]
|SUB ECX,1
|MOV DWORD PTR SS:[LOCAL.22],ECX
|CMP DWORD PTR SS:[LOCAL.22],0
|JBE SHORT 0040DC7A
|CMP DWORD PTR SS:[LOCAL.20],0
|JE SHORT 0040DC74
|MOVZX EDX,BYTE PTR SS:[ARG.7]
|PUSH EDX
|MOV ECX,DWORD PTR SS:[LOCAL.20]
|CALL 0040FC10

; /Arg1
; |
; \SystemIn

|MOV DWORD PTR SS:[LOCAL.16],EAX


|MOV DWORD PTR SS:[LOCAL.17],-1
|MOV EAX,DWORD PTR SS:[LOCAL.17]
|XOR ECX,ECX
|CMP EAX,DWORD PTR SS:[LOCAL.16]
|SETE CL
|MOVZX EDX,CL
|TEST EDX,EDX
|JE SHORT 0040DC78
|MOV BYTE PTR SS:[LOCAL.21],1
\JMP SHORT 0040DC36
MOV EAX,DWORD PTR SS:[LOCAL.21]
MOV DWORD PTR SS:[LOCAL.6],EAX
MOV ECX,DWORD PTR SS:[LOCAL.20]
MOV DWORD PTR SS:[LOCAL.5],ECX
MOV EDX,DWORD PTR SS:[LOCAL.6]
MOV EAX,DWORD PTR SS:[LOCAL.5]
MOV DWORD PTR SS:[ARG.3],EDX
MOV DWORD PTR SS:[ARG.4],EAX
JMP 0040DB38
MOV ECX,DWORD PTR SS:[ARG.2]
MOV EDX,DWORD PTR SS:[ARG.3]
MOV DWORD PTR DS:[ECX],EDX
MOV EAX,DWORD PTR SS:[ARG.4]
MOV DWORD PTR DS:[ECX+4],EAX
MOV EAX,DWORD PTR SS:[ARG.2]
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
INT3
PUSH EBP

; SystemInf

MOV EBP,ESP
SUB ESP,14
MOV DWORD PTR SS:[LOCAL.5],ECX
MOV EAX,DWORD PTR SS:[LOCAL.5]
CMP DWORD PTR DS:[EAX+4],0
JE SHORT 0040DCEE
MOVZX ECX,BYTE PTR SS:[ARG.1]
PUSH ECX
MOV EDX,DWORD PTR SS:[LOCAL.5]
MOV ECX,DWORD PTR DS:[EDX+4]
CALL 0040FC10

;
;
;
;

/Arg1
|
|
\SystemIn

0040DCD2 |. 8945 FC
0040DCD5 |. C745 F8 FFFFF
0040DCDC |. 8B45 F8
0040DCDF |. 33C9
0040DCE1 |. 3B45 FC
0040DCE4 |. 0F94C1
0040DCE7 |. 0FB6D1
0040DCEA |. 85D2
0040DCEC |. 74 06
0040DCEE |> 8B45 EC
0040DCF1 |. C600 01
0040DCF4 |> 8B45 EC
0040DCF7 |. 8BE5
0040DCF9 |. 5D
0040DCFA \. C2 0400
0040DCFD
CC
0040DCFE
CC
0040DCFF
CC
0040DD00 /$ 55
o.0040DD00(guessed Arg1)
0040DD01 |. 8BEC
0040DD03 |. 83EC 08
0040DD06 |. 894D F8
0040DD09 |. C745 FC 00000
0040DD10 |. 8B45 08
0040DD13 |. 50
0040DD14 |. 8B4D F8
0040DD17 |. 8B11
0040DD19 |. 8B4D F8
0040DD1C |. 8B42 0C
0040DD1F |. FFD0
0040DD21 |. 8B4D FC
0040DD24 |. 83C9 01
0040DD27 |. 894D FC
0040DD2A |. 8B45 08
0040DD2D |. 8BE5
0040DD2F |. 5D
0040DD30 \. C2 0400
0040DD33
CC
0040DD34
CC
0040DD35
CC
0040DD36
CC
0040DD37
CC
0040DD38
CC
0040DD39
CC
0040DD3A
CC
0040DD3B
CC
0040DD3C
CC
0040DD3D
CC
0040DD3E
CC
0040DD3F
CC
0040DD40 /$ 55
o.0040DD40(guessed Arg1)
0040DD41 |. 8BEC
0040DD43 |. 6A FF
0040DD45 |. 68 48584400
0040DD4A |. 64:A1 0000000
0040DD50 |. 50
0040DD51 |. 81EC D4000000
0040DD57 |. A1 A0154500

MOV DWORD PTR SS:[LOCAL.1],EAX


MOV DWORD PTR SS:[LOCAL.2],-1
MOV EAX,DWORD PTR SS:[LOCAL.2]
XOR ECX,ECX
CMP EAX,DWORD PTR SS:[LOCAL.1]
SETE CL
MOVZX EDX,CL
TEST EDX,EDX
JE SHORT 0040DCF4
MOV EAX,DWORD PTR SS:[LOCAL.5]
MOV BYTE PTR DS:[EAX],1
MOV EAX,DWORD PTR SS:[LOCAL.5]
MOV ESP,EBP
POP EBP
RETN 4
INT3
INT3
INT3
PUSH EBP

; SystemInf

MOV EBP,ESP
SUB ESP,8
MOV DWORD PTR SS:[LOCAL.2],ECX
MOV DWORD PTR SS:[LOCAL.1],0
MOV EAX,DWORD PTR SS:[ARG.1]
PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.2]
MOV EDX,DWORD PTR DS:[ECX]
MOV ECX,DWORD PTR SS:[LOCAL.2]
MOV EAX,DWORD PTR DS:[EDX+0C]
CALL EAX
MOV ECX,DWORD PTR SS:[LOCAL.1]
OR ECX,00000001
MOV DWORD PTR SS:[LOCAL.1],ECX
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ESP,EBP
POP EBP
RETN 4
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP

; SystemInf

MOV EBP,ESP
PUSH -1
PUSH 00445848
MOV EAX,DWORD PTR FS:[0]
PUSH EAX
SUB ESP,0D4
MOV EAX,DWORD PTR DS:[4515A0]

0040DD5C |. 33C5
0040DD5E |. 50
0040DD5F |. 8D45 F4
0040DD62 |. 64:A3 0000000
0040DD68 |. C785 28FFFFFF
0040DD72 |. 6A 00
0040DD74 |. 8D4D E8
0040DD77 |. E8 91FA0100
fo.0042D80D
0040DD7C |. C745 FC 00000
0040DD83 |. A1 E4284500
0040DD88 |. 8945 E4
0040DD8B |. 833D E8284500
0040DD92 |. 75 36
0040DD94 |. 6A 00
0040DD96 |. 8D4D CC
0040DD99 |. E8 6FFA0100
fo.0042D80D
0040DD9E |. 833D E8284500
0040DDA5 |. 75 1B
0040DDA7 |. 8B0D 082B4500
0040DDAD |. 83C1 01
0040DDB0 |. 890D 082B4500
0040DDB6 |. 8B15 082B4500
0040DDBC |. 8915 E8284500
0040DDC2 |> 8D4D CC
0040DDC5 |. E8 6BFA0100
0040DDCA |> A1 E8284500
0040DDCF |. 8945 EC
0040DDD2 |. 8B4D EC
0040DDD5 |. 51
[4528E8] = 0
0040DDD6 |. 8B4D 08
0040DDD9 |. E8 F2D7FFFF
fo.0040B5D0
0040DDDE |. 8945 F0
0040DDE1 |. 837D F0 00
0040DDE5 |. 74 02
0040DDE7 |. EB 69
0040DDE9 |> 837D E4 00
0040DDED |. 74 08
0040DDEF |. 8B55 E4
0040DDF2 |. 8955 F0
0040DDF5 |. EB 5B
0040DDF7 |> 8B45 08
0040DDFA |. 50
[ARG.1]
0040DDFB |. 8D4D E4
0040DDFE |. 51
OFFSET LOCAL.7
0040DDFF |. E8 7C000000
fo.0040DE80
0040DE04 |. 83C4 08
0040DE07 |. 83F8 FF
0040DE0A |. 75 1D
0040DE0C |. 68 78884400
SCII "bad cast"
0040DE11 |. 8D4D D4
0040DE14 |. E8 6D0D0200
fo.0042EB86

XOR EAX,EBP
PUSH EAX
LEA EAX,[LOCAL.3]
MOV DWORD PTR FS:[0],EAX
MOV DWORD PTR SS:[LOCAL.54],0
PUSH 0
LEA ECX,[LOCAL.6]
CALL 0042D80D

; /Arg1 = 0
; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.1],0


MOV EAX,DWORD PTR DS:[4528E4]
MOV DWORD PTR SS:[LOCAL.7],EAX
CMP DWORD PTR DS:[4528E8],0
JNE SHORT 0040DDCA
PUSH 0
LEA ECX,[LOCAL.13]
CALL 0042D80D

; /Arg1 = 0
; |
; \SystemIn

CMP DWORD PTR DS:[4528E8],0


JNE SHORT 0040DDC2
MOV ECX,DWORD PTR DS:[452B08]
ADD ECX,1
MOV DWORD PTR DS:[452B08],ECX
MOV EDX,DWORD PTR DS:[452B08]
MOV DWORD PTR DS:[4528E8],EDX
LEA ECX,[LOCAL.13]
CALL 0042D835
MOV EAX,DWORD PTR DS:[4528E8]
MOV DWORD PTR SS:[LOCAL.5],EAX
MOV ECX,DWORD PTR SS:[LOCAL.5]
PUSH ECX

; /Arg1 =>

MOV ECX,DWORD PTR SS:[ARG.1]


CALL 0040B5D0

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.4],EAX


CMP DWORD PTR SS:[LOCAL.4],0
JE SHORT 0040DDE9
JMP SHORT 0040DE52
CMP DWORD PTR SS:[LOCAL.7],0
JE SHORT 0040DDF7
MOV EDX,DWORD PTR SS:[LOCAL.7]
MOV DWORD PTR SS:[LOCAL.4],EDX
JMP SHORT 0040DE52
MOV EAX,DWORD PTR SS:[ARG.1]
PUSH EAX

; /Arg2 =>

LEA ECX,[LOCAL.7]
PUSH ECX

; |
; |Arg1 =>

CALL 0040DE80

; \SystemIn

ADD ESP,8
CMP EAX,-1
JNE SHORT 0040DE29
PUSH OFFSET 00448878

; /Arg1 = A

LEA ECX,[LOCAL.11]
CALL 0042EB86

; |
; \SystemIn

0040DE19 |. 68 CCD74400 PUSH OFFSET 0044D7CC


ystemInfo.44D7CC
0040DE1E |. 8D55 D4
LEA EDX,[LOCAL.11]
0040DE21 |. 52
PUSH EDX
OFFSET LOCAL.11
0040DE22 |. E8 FE0A0200 CALL 0042E925
fo.0042E925
0040DE27 |. EB 29
JMP SHORT 0040DE52
0040DE29 |> 8B45 E4
MOV EAX,DWORD PTR SS:[LOCAL.7]
0040DE2C |. 8945 F0
MOV DWORD PTR SS:[LOCAL.4],EAX
0040DE2F |. 8B4D E4
MOV ECX,DWORD PTR SS:[LOCAL.7]
0040DE32 |. 890D E4284500 MOV DWORD PTR DS:[4528E4],ECX
0040DE38 |. 8B55 E4
MOV EDX,DWORD PTR SS:[LOCAL.7]
0040DE3B |. 8955 E0
MOV DWORD PTR SS:[LOCAL.8],EDX
0040DE3E |. 8B4D E0
MOV ECX,DWORD PTR SS:[LOCAL.8]
0040DE41 |. E8 3AB0FFFF CALL 00408E80
0040DE46 |. 8B45 E0
MOV EAX,DWORD PTR SS:[LOCAL.8]
0040DE49 |. 50
PUSH EAX
0040DE4A |. E8 6AFB0100 CALL 0042D9B9
0040DE4F |. 83C4 04
ADD ESP,4
0040DE52 |> 8B4D F0
MOV ECX,DWORD PTR SS:[LOCAL.4]
0040DE55 |. 894D D0
MOV DWORD PTR SS:[LOCAL.12],ECX
0040DE58 |. C745 FC FFFFF MOV DWORD PTR SS:[LOCAL.1],-1
0040DE5F |. 8D4D E8
LEA ECX,[LOCAL.6]
0040DE62 |. E8 CEF90100 CALL 0042D835
0040DE67 |. 8B45 D0
MOV EAX,DWORD PTR SS:[LOCAL.12]
0040DE6A |. 8B4D F4
MOV ECX,DWORD PTR SS:[LOCAL.3]
0040DE6D |. 64:890D 00000 MOV DWORD PTR FS:[0],ECX
0040DE74 |. 59
POP ECX
0040DE75 |. 8BE5
MOV ESP,EBP
0040DE77 |. 5D
POP EBP
0040DE78 \. C3
RETN
0040DE79
CC
INT3
0040DE7A
CC
INT3
0040DE7B
CC
INT3
0040DE7C
CC
INT3
0040DE7D
CC
INT3
0040DE7E
CC
INT3
0040DE7F
CC
INT3
0040DE80 /$ 55
PUSH EBP
o.0040DE80(guessed Arg1,Arg2)
0040DE81 |. 8BEC
MOV EBP,ESP
0040DE83 |. 6A FF
PUSH -1
0040DE85 |. 68 C7584400 PUSH 004458C7
0040DE8A |. 64:A1 0000000 MOV EAX,DWORD PTR FS:[0]
0040DE90 |. 50
PUSH EAX
0040DE91 |. 81EC 24010000 SUB ESP,124
0040DE97 |. A1 A0154500 MOV EAX,DWORD PTR DS:[4515A0]
0040DE9C |. 33C5
XOR EAX,EBP
0040DE9E |. 50
PUSH EAX
0040DE9F |. 8D45 F4
LEA EAX,[LOCAL.3]
0040DEA2 |. 64:A3 0000000 MOV DWORD PTR FS:[0],EAX
0040DEA8 |. C785 58FFFFFF MOV DWORD PTR SS:[LOCAL.42],0
0040DEB2 |. 837D 08 00
CMP DWORD PTR SS:[ARG.1],0
0040DEB6 |. 0F84 49010000 JE 0040E005
0040DEBC |. 8B45 08
MOV EAX,DWORD PTR SS:[ARG.1]
0040DEBF |. 8338 00
CMP DWORD PTR DS:[EAX],0
0040DEC2 |. 0F85 3D010000 JNE 0040E005
0040DEC8 |. 6A 18
PUSH 18
8

; /Arg2 = S
; |
; |Arg1 =>
; \SystemIn

; SystemInf

; /Arg1 = 1

0040DECA |. E8 A1160200
fo.0042F570
0040DECF |. 83C4 04
0040DED2 |. 8945 EC
0040DED5 |. C745 FC 00000
0040DEDC |. 837D EC 00
0040DEE0 |. 0F84 B1000000
0040DEE6 |. 8D8D 5CFFFFFF
0040DEEC |. 51
OFFSET LOCAL.41
0040DEED |. 8B4D 0C
0040DEF0 |. E8 9BDCFFFF
fo.0040BB90
0040DEF5 |. 8985 DCFEFFFF
0040DEFB |. 8B95 DCFEFFFF
0040DF01 |. 8995 D8FEFFFF
0040DF07 |. C645 FC 01
0040DF0B |. 8B85 58FFFFFF
0040DF11 |. 83C8 01
0040DF14 |. 8985 58FFFFFF
0040DF1A |. 8B8D D8FEFFFF
0040DF20 |. 51
[LOCAL.73]
0040DF21 |. 8D8D 78FFFFFF
0040DF27 |. E8 A4DAFFFF
fo.0040B9D0
0040DF2C |. 8985 D4FEFFFF
0040DF32 |. 8B95 D4FEFFFF
0040DF38 |. 8995 24FFFFFF
0040DF3E |. C745 FC 02000
0040DF45 |. 8B85 58FFFFFF
0040DF4B |. 83C8 02
0040DF4E |. 8985 58FFFFFF
0040DF54 |. 8B4D EC
0040DF57 |. C701 BC884400
0040DF5D |. 8B55 EC
0040DF60 |. C742 04 00000
0040DF67 |. C745 FC 03000
0040DF6E |. 8B45 EC
0040DF71 |. C700 04894400
0040DF77 |. 6A 01
0040DF79 |. 8B8D 24FFFFFF
0040DF7F |. 51
[LOCAL.55]
0040DF80 |. 8B4D EC
0040DF83 |. E8 88020000
fo.0040E210
0040DF88 |. C645 FC 02
0040DF8C |. 8B55 EC
0040DF8F |. 8995 D0FEFFFF
0040DF95 |. EB 0A
0040DF97 |> C785 D0FEFFFF
0040DFA1 |> 8B85 D0FEFFFF
0040DFA7 |. 8945 F0
0040DFAA |. C745 FC 05000
0040DFB1 |. 8B4D 08
0040DFB4 |. 8B55 F0
0040DFB7 |. 8911
0040DFB9 |. C745 FC 04000
0040DFC0 |. 8B85 58FFFFFF

CALL 0042F570

; \SystemIn

ADD ESP,4
MOV DWORD PTR SS:[LOCAL.5],EAX
MOV DWORD PTR SS:[LOCAL.1],0
CMP DWORD PTR SS:[LOCAL.5],0
JE 0040DF97
LEA ECX,[LOCAL.41]
PUSH ECX

; /Arg1 =>

MOV ECX,DWORD PTR SS:[ARG.2]


CALL 0040BB90

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.73],EAX


MOV EDX,DWORD PTR SS:[LOCAL.73]
MOV DWORD PTR SS:[LOCAL.74],EDX
MOV BYTE PTR SS:[LOCAL.1],1
MOV EAX,DWORD PTR SS:[LOCAL.42]
OR EAX,00000001
MOV DWORD PTR SS:[LOCAL.42],EAX
MOV ECX,DWORD PTR SS:[LOCAL.74]
PUSH ECX

; /Arg1 =>

LEA ECX,[LOCAL.34]
CALL 0040B9D0

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.75],EAX


MOV EDX,DWORD PTR SS:[LOCAL.75]
MOV DWORD PTR SS:[LOCAL.55],EDX
MOV DWORD PTR SS:[LOCAL.1],2
MOV EAX,DWORD PTR SS:[LOCAL.42]
OR EAX,00000002
MOV DWORD PTR SS:[LOCAL.42],EAX
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV DWORD PTR DS:[ECX],OFFSET 004488BC
MOV EDX,DWORD PTR SS:[LOCAL.5]
MOV DWORD PTR DS:[EDX+4],0
MOV DWORD PTR SS:[LOCAL.1],3
MOV EAX,DWORD PTR SS:[LOCAL.5]
MOV DWORD PTR DS:[EAX],OFFSET 00448904
PUSH 1
MOV ECX,DWORD PTR SS:[LOCAL.55]
PUSH ECX

; /Arg2 = 1
; |
; |Arg1 =>

MOV ECX,DWORD PTR SS:[LOCAL.5]


CALL 0040E210

; |
; \SystemIn

MOV
MOV
MOV
JMP
MOV
MOV
MOV
MOV
MOV
MOV
MOV
MOV
MOV

BYTE PTR SS:[LOCAL.1],2


EDX,DWORD PTR SS:[LOCAL.5]
DWORD PTR SS:[LOCAL.76],EDX
SHORT 0040DFA1
DWORD PTR SS:[LOCAL.76],0
EAX,DWORD PTR SS:[LOCAL.76]
DWORD PTR SS:[LOCAL.4],EAX
DWORD PTR SS:[LOCAL.1],5
ECX,DWORD PTR SS:[ARG.1]
EDX,DWORD PTR SS:[LOCAL.4]
DWORD PTR DS:[ECX],EDX
DWORD PTR SS:[LOCAL.1],4
EAX,DWORD PTR SS:[LOCAL.42]

0040DFC6 |.
0040DFC9 |.
0040DFCB |.
0040DFD2 |.
0040DFD8 |.
0040DFDD |>
0040DFE4 |.
0040DFEA |.
0040DFED |.
0040DFEF |.
0040DFF6 |.
0040DFF8 |.
0040DFFA |.
0040E000 |.
fo.0040FB60
0040E005 |>
0040E00A |.
0040E00D |.
0040E014 |.
0040E015 |.
0040E017 |.
0040E018 \.
0040E019
0040E01A
0040E01B
0040E01C
0040E01D
0040E01E
0040E01F
0040E020 />
0040E021 |.
0040E023 |.
0040E024 |.
0040E027 |.
0040E02A |.
0040E030 |.
0040E032 |.
0040E033 \.
0040E034
0040E035
0040E036
0040E037
0040E038
0040E039
0040E03A
0040E03B
0040E03C
0040E03D
0040E03E
0040E03F
0040E040 /.
0040E041 |.
0040E043 |.
0040E044 |.
0040E047 |.
0040E04A |.
0040E04D |.
0040E04F |.
0040E050 \.
0040E051

83E0 02
74 12
83A5 58FFFFFF
8D8D 78FFFFFF
E8 03DBFFFF
C745 FC FFFFF
8B8D 58FFFFFF
83E1 01
74 16
83A5 58FFFFFF
6A 00
6A 01
8D8D 5CFFFFFF
E8 5B1B0000

AND EAX,00000002
JE SHORT 0040DFDD
AND DWORD PTR SS:[LOCAL.42],FFFFFFFD
LEA ECX,[LOCAL.34]
CALL 0040BAE0
MOV DWORD PTR SS:[LOCAL.1],-1
MOV ECX,DWORD PTR SS:[LOCAL.42]
AND ECX,00000001
JE SHORT 0040E005
AND DWORD PTR SS:[LOCAL.42],FFFFFFFE
PUSH 0
PUSH 1
LEA ECX,[LOCAL.41]
CALL 0040FB60

B8 04000000
8B4D F4
64:890D 00000
59
8BE5
5D
C3
CC
CC
CC
CC
CC
CC
CC
55
8BEC
51
894D FC
8B45 FC
C700 BC884400
8BE5
5D
C3
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
55
8BEC
51
894D FC
8B45 FC
8A40 0C
8BE5
5D
C3
CC

MOV EAX,4
MOV ECX,DWORD PTR SS:[LOCAL.3]
MOV DWORD PTR FS:[0],ECX
POP ECX
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
PUSH ECX
MOV DWORD PTR SS:[EBP-4],ECX
MOV EAX,DWORD PTR SS:[EBP-4]
MOV DWORD PTR DS:[EAX],OFFSET 004488BC
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
PUSH ECX
MOV DWORD PTR SS:[LOCAL.1],ECX
MOV EAX,DWORD PTR SS:[LOCAL.1]
MOV AL,BYTE PTR DS:[EAX+0C]
MOV ESP,EBP
POP EBP
RETN
INT3

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

0040E052
0040E053
0040E054
0040E055
0040E056
0040E057
0040E058
0040E059
0040E05A
0040E05B
0040E05C
0040E05D
0040E05E
0040E05F
0040E060 /.
0040E061 |.
0040E063 |.
0040E064 |.
0040E067 |.
0040E06A |.
0040E06D |.
0040E06F |.
0040E070 \.
0040E071
0040E072
0040E073
0040E074
0040E075
0040E076
0040E077
0040E078
0040E079
0040E07A
0040E07B
0040E07C
0040E07D
0040E07E
0040E07F
0040E080 /.
0040E081 |.
0040E083 |.
0040E086 |.
0040E089 |.
0040E090 |.
0040E093 |.
0040E096 |.
[ARG.ECX+8]
0040E097 |.
0040E09A |.
fo.0040EBF0
0040E09F |.
0040E0A2 |.
0040E0A5 |.
0040E0A8 |.
0040E0AB |.
0040E0AD |.
0040E0AE \.
0040E0B1
0040E0B2
0040E0B3

CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
55
8BEC
51
894D
8B45
8A40
8BE5
5D
C3
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
55
8BEC
83EC
894D
C745
8B45
8B48
51

INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
PUSH ECX
FC
MOV DWORD PTR SS:[LOCAL.1],ECX
FC
MOV EAX,DWORD PTR SS:[LOCAL.1]
0D
MOV AL,BYTE PTR DS:[EAX+0D]
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
64
SUB ESP,64
9C
MOV DWORD PTR SS:[LOCAL.25],ECX
FC 00000 MOV DWORD PTR SS:[LOCAL.1],0
9C
MOV EAX,DWORD PTR SS:[LOCAL.25]
08
MOV ECX,DWORD PTR DS:[EAX+8]
PUSH ECX

8B4D 08
E8 510B0000

MOV ECX,DWORD PTR SS:[ARG.1]


CALL 0040EBF0

8B55 FC
83CA 01
8955 FC
8B45 08
8BE5
5D
C2 0400
CC
CC
CC

MOV EDX,DWORD PTR SS:[LOCAL.1]


OR EDX,00000001
MOV DWORD PTR SS:[LOCAL.1],EDX
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ESP,EBP
POP EBP
RETN 4
INT3
INT3
INT3

; /Arg1 =>
; |
; \SystemIn

0040E0B4
0040E0B5
0040E0B6
0040E0B7
0040E0B8
0040E0B9
0040E0BA
0040E0BB
0040E0BC
0040E0BD
0040E0BE
0040E0BF
0040E0C0 /.
0040E0C1 |.
0040E0C3 |.
0040E0C6 |.
0040E0C9 |.
0040E0D0 |.
0040E0D3 |.
0040E0D6 |.
[ARG.ECX+10]
0040E0D7 |.
0040E0DA |.
fo.0040EBF0
0040E0DF |.
0040E0E2 |.
0040E0E5 |.
0040E0E8 |.
0040E0EB |.
0040E0ED |.
0040E0EE \.
0040E0F1
0040E0F2
0040E0F3
0040E0F4
0040E0F5
0040E0F6
0040E0F7
0040E0F8
0040E0F9
0040E0FA
0040E0FB
0040E0FC
0040E0FD
0040E0FE
0040E0FF
0040E100 /.
0040E101 |.
0040E103 |.
0040E106 |.
0040E109 |.
0040E110 |.
0040E113 |.
0040E116 |.
[ARG.ECX+14]
0040E117 |.
0040E11A |.
fo.0040EBF0
0040E11F |.
0040E122 |.

CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
55
8BEC
83EC
894D
C745
8B45
8B48
51

INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
64
SUB ESP,64
9C
MOV DWORD PTR
FC 00000 MOV DWORD PTR
9C
MOV EAX,DWORD
10
MOV ECX,DWORD
PUSH ECX

8B4D 08
E8 110B0000

SS:[LOCAL.25],ECX
SS:[LOCAL.1],0
PTR SS:[LOCAL.25]
PTR DS:[EAX+10]

MOV ECX,DWORD PTR SS:[ARG.1]


CALL 0040EBF0

; /Arg1 =>
; |
; \SystemIn

8B55 FC
MOV EDX,DWORD PTR SS:[LOCAL.1]
83CA 01
OR EDX,00000001
8955 FC
MOV DWORD PTR SS:[LOCAL.1],EDX
8B45 08
MOV EAX,DWORD PTR SS:[ARG.1]
8BE5
MOV ESP,EBP
5D
POP EBP
C2 0400
RETN 4
CC
INT3
CC
INT3
CC
INT3
CC
INT3
CC
INT3
CC
INT3
CC
INT3
CC
INT3
CC
INT3
CC
INT3
CC
INT3
CC
INT3
CC
INT3
CC
INT3
CC
INT3
55
PUSH EBP
8BEC
MOV EBP,ESP
83EC 64
SUB ESP,64
894D 9C
MOV DWORD PTR SS:[LOCAL.25],ECX
C745 FC 00000 MOV DWORD PTR SS:[LOCAL.1],0
8B45 9C
MOV EAX,DWORD PTR SS:[LOCAL.25]
8B48 14
MOV ECX,DWORD PTR DS:[EAX+14]
51
PUSH ECX

; /Arg1 =>

8B4D 08
E8 D10A0000

MOV ECX,DWORD PTR SS:[ARG.1]


CALL 0040EBF0

; |
; \SystemIn

8B55 FC
83CA 01

MOV EDX,DWORD PTR SS:[LOCAL.1]


OR EDX,00000001

0040E125
0040E128
0040E12B
0040E12D
0040E12E
0040E131
0040E132
0040E133
0040E134
0040E135
0040E136
0040E137
0040E138
0040E139
0040E13A
0040E13B
0040E13C
0040E13D
0040E13E
0040E13F
0040E140
0040E141
0040E143
0040E145
0040E14A
0040E150
0040E151
0040E154
0040E159
0040E15B
0040E15C
0040E15F
0040E165
0040E168
0040E16B
0040E171
0040E178
0040E17B
0040E180
0040E187
0040E18A
0040E190
0040E193
0040E196
0040E198
0040E19B
0040E19C
0040E1A1
0040E1A4
0040E1A7
0040E1AA
0040E1B1
0040E1B2
0040E1B4
0040E1B5
0040E1B8
0040E1B9
0040E1BA
0040E1BB
0040E1BC

|.
|.
|.
|.
\.

/.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
\.

8955 FC
8B45 08
8BE5
5D
C2 0400
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
55
8BEC
6A FF
68 F8584400
64:A1 0000000
50
83EC 10
A1 A0154500
33C5
50
8D45 F4
64:A3 0000000
894D E4
8B45 E4
C700 04894400
C745 FC 00000
8B4D E4
E8 40000000
C745 FC FFFFF
8B4D E4
C701 BC884400
8B55 08
83E2 01
74 0C
8B45 E4
50
E8 79070200
83C4 04
8B45 E4
8B4D F4
64:890D 00000
59
8BE5
5D
C2 0400
CC
CC
CC
CC
CC

MOV DWORD PTR SS:[LOCAL.1],EDX


MOV EAX,DWORD PTR SS:[ARG.1]
MOV ESP,EBP
POP EBP
RETN 4
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
PUSH -1
PUSH 004458F8
MOV EAX,DWORD PTR FS:[0]
PUSH EAX
SUB ESP,10
MOV EAX,DWORD PTR DS:[4515A0]
XOR EAX,EBP
PUSH EAX
LEA EAX,[LOCAL.3]
MOV DWORD PTR FS:[0],EAX
MOV DWORD PTR SS:[LOCAL.7],ECX
MOV EAX,DWORD PTR SS:[LOCAL.7]
MOV DWORD PTR DS:[EAX],OFFSET 00448904
MOV DWORD PTR SS:[LOCAL.1],0
MOV ECX,DWORD PTR SS:[LOCAL.7]
CALL 0040E1C0
MOV DWORD PTR SS:[LOCAL.1],-1
MOV ECX,DWORD PTR SS:[LOCAL.7]
MOV DWORD PTR DS:[ECX],OFFSET 004488BC
MOV EDX,DWORD PTR SS:[ARG.1]
AND EDX,00000001
JE SHORT 0040E1A4
MOV EAX,DWORD PTR SS:[LOCAL.7]
PUSH EAX
CALL 0042E91A
ADD ESP,4
MOV EAX,DWORD PTR SS:[LOCAL.7]
MOV ECX,DWORD PTR SS:[LOCAL.3]
MOV DWORD PTR FS:[0],ECX
POP ECX
MOV ESP,EBP
POP EBP
RETN 4
INT3
INT3
INT3
INT3
INT3

0040E1BD
CC
INT3
0040E1BE
CC
INT3
0040E1BF
CC
INT3
0040E1C0 /$ 55
PUSH EBP
0040E1C1 |. 8BEC
MOV EBP,ESP
0040E1C3 |. 83EC 10
SUB ESP,10
0040E1C6 |. 894D F0
MOV DWORD PTR SS:[LOCAL.4],ECX
0040E1C9 |. 8B45 F0
MOV EAX,DWORD PTR SS:[LOCAL.4]
0040E1CC |. 8B48 08
MOV ECX,DWORD PTR DS:[EAX+8]
0040E1CF |. 894D FC
MOV DWORD PTR SS:[LOCAL.1],ECX
0040E1D2 |. 8B55 FC
MOV EDX,DWORD PTR SS:[LOCAL.1]
0040E1D5 |. 52
PUSH EDX
[ARG.ECX+8]
0040E1D6 |. E8 25160200 CALL 0042F800
fo.0042F800
0040E1DB |. 83C4 04
ADD ESP,4
0040E1DE |. 8B45 F0
MOV EAX,DWORD PTR SS:[LOCAL.4]
0040E1E1 |. 8B48 10
MOV ECX,DWORD PTR DS:[EAX+10]
0040E1E4 |. 894D F8
MOV DWORD PTR SS:[LOCAL.2],ECX
0040E1E7 |. 8B55 F8
MOV EDX,DWORD PTR SS:[LOCAL.2]
0040E1EA |. 52
PUSH EDX
[ARG.ECX+10]
0040E1EB |. E8 10160200 CALL 0042F800
fo.0042F800
0040E1F0 |. 83C4 04
ADD ESP,4
0040E1F3 |. 8B45 F0
MOV EAX,DWORD PTR SS:[LOCAL.4]
0040E1F6 |. 8B48 14
MOV ECX,DWORD PTR DS:[EAX+14]
0040E1F9 |. 894D F4
MOV DWORD PTR SS:[LOCAL.3],ECX
0040E1FC |. 8B55 F4
MOV EDX,DWORD PTR SS:[LOCAL.3]
0040E1FF |. 52
PUSH EDX
[ARG.ECX+14]
0040E200 |. E8 FB150200 CALL 0042F800
fo.0042F800
0040E205 |. 83C4 04
ADD ESP,4
0040E208 |. 8BE5
MOV ESP,EBP
0040E20A |. 5D
POP EBP
0040E20B \. C3
RETN
0040E20C
CC
INT3
0040E20D
CC
INT3
0040E20E
CC
INT3
0040E20F
CC
INT3
0040E210 /$ 55
PUSH EBP
o.0040E210(guessed Arg1,Arg2)
0040E211 |. 8BEC
MOV EBP,ESP
0040E213 |. 6A FF
PUSH -1
0040E215 |. 68 20594400 PUSH 00445920
0040E21A |. 64:A1 0000000 MOV EAX,DWORD PTR FS:[0]
0040E220 |. 50
PUSH EAX
0040E221 |. 51
PUSH ECX
0040E222 |. 81EC E8000000 SUB ESP,0E8
0040E228 |. 53
PUSH EBX
0040E229 |. 56
PUSH ESI
0040E22A |. 57
PUSH EDI
0040E22B |. A1 A0154500 MOV EAX,DWORD PTR DS:[4515A0]
0040E230 |. 33C5
XOR EAX,EBP
0040E232 |. 50
PUSH EAX
0040E233 |. 8D45 F4
LEA EAX,[LOCAL.3]
0040E236 |. 64:A3 0000000 MOV DWORD PTR FS:[0],EAX
0040E23C |. 8965 F0
MOV DWORD PTR SS:[LOCAL.4],ESP
0040E23F |. 898D 14FFFFFF MOV DWORD PTR SS:[LOCAL.59],ECX

; /Arg1 =>
; \SystemIn

; /Arg1 =>
; \SystemIn

; /Arg1 =>
; \SystemIn

; SystemInf

0040E245 |. E8 33150200
0040E24A |. 8945 EC
0040E24D |. 8B85 14FFFFFF
0040E253 |. C740 08 00000
0040E25A |. 8B8D 14FFFFFF
0040E260 |. C741 10 00000
0040E267 |. 8B95 14FFFFFF
0040E26D |. C742 14 00000
0040E274 |. C745 FC 00000
0040E27B |. E8 5DF90100
fo.0042DBDD
0040E280 |. 8945 A4
0040E283 |. 8955 A8
0040E286 |. 8B45 A4
0040E289 |. 8945 E4
0040E28C |. 8B4D A8
0040E28F |. 894D E8
0040E292 |. 8D55 E4
0040E295 |. 52
OFFSET LOCAL.7
0040E296 |. 6A 00
0040E298 |. 8B45 EC
0040E29B |. 8B48 08
0040E29E |. 51
0040E29F |. E8 6C040000
fo.0040E710
0040E2A4 |. 83C4 0C
0040E2A7 |. 8985 10FFFFFF
0040E2AD |. 8B95 14FFFFFF
0040E2B3 |. 8B85 10FFFFFF
0040E2B9 |. 8942 08
0040E2BC |. E8 1CF90100
fo.0042DBDD
0040E2C1 |. 8945 8C
0040E2C4 |. 8955 90
0040E2C7 |. 8B4D 8C
0040E2CA |. 894D DC
0040E2CD |. 8B55 90
0040E2D0 |. 8955 E0
0040E2D3 |. 8D45 DC
0040E2D6 |. 50
OFFSET LOCAL.9
0040E2D7 |. 6A 00
0040E2D9 |. 68 24894400
SCII "false"
0040E2DE |. E8 2D040000
fo.0040E710
0040E2E3 |. 83C4 0C
0040E2E6 |. 8985 0CFFFFFF
0040E2EC |. 8B8D 14FFFFFF
0040E2F2 |. 8B95 0CFFFFFF
0040E2F8 |. 8951 10
0040E2FB |. E8 DDF80100
fo.0042DBDD
0040E300 |. 8985 74FFFFFF
0040E306 |. 8995 78FFFFFF
0040E30C |. 8B85 74FFFFFF
0040E312 |. 8945 D4
0040E315 |. 8B8D 78FFFFFF
0040E31B |. 894D D8

CALL 0042F77D
MOV DWORD PTR
MOV EAX,DWORD
MOV DWORD PTR
MOV ECX,DWORD
MOV DWORD PTR
MOV EDX,DWORD
MOV DWORD PTR
MOV DWORD PTR
CALL 0042DBDD

SS:[LOCAL.5],EAX
PTR SS:[LOCAL.59]
DS:[EAX+8],0
PTR SS:[LOCAL.59]
DS:[ECX+10],0
PTR SS:[LOCAL.59]
DS:[EDX+14],0
SS:[LOCAL.1],0
; [SystemIn

MOV DWORD PTR SS:[LOCAL.23],EAX


MOV DWORD PTR SS:[LOCAL.22],EDX
MOV EAX,DWORD PTR SS:[LOCAL.23]
MOV DWORD PTR SS:[LOCAL.7],EAX
MOV ECX,DWORD PTR SS:[LOCAL.22]
MOV DWORD PTR SS:[LOCAL.6],ECX
LEA EDX,[LOCAL.7]
PUSH EDX

; /Arg3 =>

PUSH 0
MOV EAX,DWORD PTR SS:[LOCAL.5]
MOV ECX,DWORD PTR DS:[EAX+8]
PUSH ECX
CALL 0040E710

;
;
;
;
;

ADD ESP,0C
MOV DWORD PTR
MOV EDX,DWORD
MOV EAX,DWORD
MOV DWORD PTR
CALL 0042DBDD

; [SystemIn

|Arg2 = 0
|
|
|Arg1
\SystemIn

SS:[LOCAL.60],EAX
PTR SS:[LOCAL.59]
PTR SS:[LOCAL.60]
DS:[EDX+8],EAX

MOV DWORD PTR SS:[LOCAL.29],EAX


MOV DWORD PTR SS:[LOCAL.28],EDX
MOV ECX,DWORD PTR SS:[LOCAL.29]
MOV DWORD PTR SS:[LOCAL.9],ECX
MOV EDX,DWORD PTR SS:[LOCAL.28]
MOV DWORD PTR SS:[LOCAL.8],EDX
LEA EAX,[LOCAL.9]
PUSH EAX

; /Arg3 =>

PUSH 0
PUSH OFFSET 00448924

; |Arg2 = 0
; |Arg1 = A

CALL 0040E710

; \SystemIn

ADD ESP,0C
MOV DWORD PTR
MOV ECX,DWORD
MOV EDX,DWORD
MOV DWORD PTR
CALL 0042DBDD

SS:[LOCAL.61],EAX
PTR SS:[LOCAL.59]
PTR SS:[LOCAL.61]
DS:[ECX+10],EDX

MOV
MOV
MOV
MOV
MOV
MOV

SS:[LOCAL.35],EAX
SS:[LOCAL.34],EDX
PTR SS:[LOCAL.35]
SS:[LOCAL.11],EAX
PTR SS:[LOCAL.34]
SS:[LOCAL.10],ECX

DWORD PTR
DWORD PTR
EAX,DWORD
DWORD PTR
ECX,DWORD
DWORD PTR

; [SystemIn

0040E31E |. 8D55 D4
0040E321 |. 52
OFFSET LOCAL.11
0040E322 |. 6A 00
0040E324 |. 68 1C894400
SCII "true"
0040E329 |. E8 E2030000
fo.0040E710
0040E32E |. 83C4 0C
0040E331 |. 8985 08FFFFFF
0040E337 |. 8B85 14FFFFFF
0040E33D |. 8B8D 08FFFFFF
0040E343 |. 8948 14
0040E346 \. EB 21
0040E348 /. 8B8D 14FFFFFF
0040E34E |. E8 6DFEFFFF
0040E353 |. 6A 00
0040E355 |. 6A 00
0040E357 |. E8 C9050200
fo.0042E925
0040E35C |. C745 FC FFFFF
0040E363 |. B8 70E34000
0040E368 \. C3
0040E369 /> C745 FC FFFFF
0040E370 |. E8 68F80100
fo.0042DBDD
0040E375 |. 8985 50FFFFFF
0040E37B |. 8995 54FFFFFF
0040E381 |. 8B95 50FFFFFF
0040E387 |. 8955 CC
0040E38A |. 8B85 54FFFFFF
0040E390 |. 8945 D0
0040E393 |. 8B4D EC
0040E396 |. 8B11
0040E398 |. 8A02
0040E39A |. 8885 4FFFFFFF
0040E3A0 |. 8B8D 14FFFFFF
0040E3A6 |. 8A95 4FFFFFFF
0040E3AC |. 8851 0C
0040E3AF |. E8 29F80100
fo.0042DBDD
0040E3B4 |. 8985 44FFFFFF
0040E3BA |. 8995 48FFFFFF
0040E3C0 |. 8B85 44FFFFFF
0040E3C6 |. 8945 C4
0040E3C9 |. 8B8D 48FFFFFF
0040E3CF |. 894D C8
0040E3D2 |. 8B55 EC
0040E3D5 |. 8B42 04
0040E3D8 |. 8A08
0040E3DA |. 888D 43FFFFFF
0040E3E0 |. 8B95 14FFFFFF
0040E3E6 |. 8A85 43FFFFFF
0040E3EC |. 8842 0D
0040E3EF |. 0FB64D 0C
0040E3F3 |. 85C9
0040E3F5 |. 0F84 99000000
0040E3FB |. E8 DDF70100
fo.0042DBDD
0040E400 |. 8985 38FFFFFF

LEA EDX,[LOCAL.11]
PUSH EDX

; /Arg3 =>

PUSH 0
PUSH OFFSET 0044891C

; |Arg2 = 0
; |Arg1 = A

CALL 0040E710

; \SystemIn

ADD ESP,0C
MOV DWORD PTR SS:[LOCAL.62],EAX
MOV EAX,DWORD PTR SS:[LOCAL.59]
MOV ECX,DWORD PTR SS:[LOCAL.62]
MOV DWORD PTR DS:[EAX+14],ECX
JMP SHORT 0040E369
MOV ECX,DWORD PTR SS:[EBP-0EC]
CALL 0040E1C0
PUSH 0
PUSH 0
CALL 0042E925

; /Arg2 = 0
; |Arg1 = 0
; \SystemIn

MOV DWORD PTR SS:[EBP-4],-1


MOV EAX,0040E370
RETN
MOV DWORD PTR SS:[LOCAL.1],-1
CALL 0042DBDD

; [SystemIn

MOV DWORD PTR SS:[LOCAL.44],EAX


MOV DWORD PTR SS:[LOCAL.43],EDX
MOV EDX,DWORD PTR SS:[LOCAL.44]
MOV DWORD PTR SS:[LOCAL.13],EDX
MOV EAX,DWORD PTR SS:[LOCAL.43]
MOV DWORD PTR SS:[LOCAL.12],EAX
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV EDX,DWORD PTR DS:[ECX]
MOV AL,BYTE PTR DS:[EDX]
MOV BYTE PTR SS:[LOCAL.45+3],AL
MOV ECX,DWORD PTR SS:[LOCAL.59]
MOV DL,BYTE PTR SS:[LOCAL.45+3]
MOV BYTE PTR DS:[ECX+0C],DL
CALL 0042DBDD

; [SystemIn

MOV DWORD PTR SS:[LOCAL.47],EAX


MOV DWORD PTR SS:[LOCAL.46],EDX
MOV EAX,DWORD PTR SS:[LOCAL.47]
MOV DWORD PTR SS:[LOCAL.15],EAX
MOV ECX,DWORD PTR SS:[LOCAL.46]
MOV DWORD PTR SS:[LOCAL.14],ECX
MOV EDX,DWORD PTR SS:[LOCAL.5]
MOV EAX,DWORD PTR DS:[EDX+4]
MOV CL,BYTE PTR DS:[EAX]
MOV BYTE PTR SS:[LOCAL.48+3],CL
MOV EDX,DWORD PTR SS:[LOCAL.59]
MOV AL,BYTE PTR SS:[LOCAL.48+3]
MOV BYTE PTR DS:[EDX+0D],AL
MOVZX ECX,BYTE PTR SS:[ARG.2]
TEST ECX,ECX
JE 0040E494
CALL 0042DBDD

; [SystemIn

MOV DWORD PTR SS:[LOCAL.50],EAX

0040E406 |. 8995 3CFFFFFF


0040E40C |. 8B95 38FFFFFF
0040E412 |. 8955 BC
0040E415 |. 8B85 3CFFFFFF
0040E41B |. 8945 C0
0040E41E |. 8D4D BC
0040E421 |. 51
OFFSET LOCAL.17
0040E422 |. 6A 00
0040E424 |. 68 77874400
ystemInfo.448777
0040E429 |. E8 E2020000
fo.0040E710
0040E42E |. 83C4 0C
0040E431 |. 8B95 14FFFFFF
0040E437 |. 8942 08
0040E43A |. E8 9EF70100
fo.0042DBDD
0040E43F |. 8985 20FFFFFF
0040E445 |. 8995 24FFFFFF
0040E44B |. 8B85 20FFFFFF
0040E451 |. 8945 B4
0040E454 |. 8B8D 24FFFFFF
0040E45A |. 894D B8
0040E45D |. 8B95 14FFFFFF
0040E463 |. C642 0C 2E
0040E467 |. E8 71F70100
fo.0042DBDD
0040E46C |. 8985 18FFFFFF
0040E472 |. 8995 1CFFFFFF
0040E478 |. 8B85 18FFFFFF
0040E47E |. 8945 AC
0040E481 |. 8B8D 1CFFFFFF
0040E487 |. 894D B0
0040E48A |. 8B95 14FFFFFF
0040E490 |. C642 0D 2C
0040E494 |> 8B4D F4
0040E497 |. 64:890D 00000
0040E49E |. 59
0040E49F |. 5F
0040E4A0 |. 5E
0040E4A1 |. 5B
0040E4A2 |. 8BE5
0040E4A4 |. 5D
0040E4A5 \. C2 0800
0040E4A8
CC
0040E4A9
CC
0040E4AA
CC
0040E4AB
CC
0040E4AC
CC
0040E4AD
CC
0040E4AE
CC
0040E4AF
CC
0040E4B0 /$ 55
0040E4B1 |. 8BEC
0040E4B3 |. 6A FF
0040E4B5 |. 68 51594400
0040E4BA |. 64:A1 0000000
0040E4C0 |. 50
0040E4C1 |. 51

MOV DWORD PTR SS:[LOCAL.49],EDX


MOV EDX,DWORD PTR SS:[LOCAL.50]
MOV DWORD PTR SS:[LOCAL.17],EDX
MOV EAX,DWORD PTR SS:[LOCAL.49]
MOV DWORD PTR SS:[LOCAL.16],EAX
LEA ECX,[LOCAL.17]
PUSH ECX

; /Arg3 =>

PUSH 0
PUSH OFFSET 00448777

; |Arg2 = 0
; |Arg1 = S

CALL 0040E710

; \SystemIn

ADD ESP,0C
MOV EDX,DWORD PTR SS:[LOCAL.59]
MOV DWORD PTR DS:[EDX+8],EAX
CALL 0042DBDD

; [SystemIn

MOV DWORD PTR SS:[LOCAL.56],EAX


MOV DWORD PTR SS:[LOCAL.55],EDX
MOV EAX,DWORD PTR SS:[LOCAL.56]
MOV DWORD PTR SS:[LOCAL.19],EAX
MOV ECX,DWORD PTR SS:[LOCAL.55]
MOV DWORD PTR SS:[LOCAL.18],ECX
MOV EDX,DWORD PTR SS:[LOCAL.59]
MOV BYTE PTR DS:[EDX+0C],2E
CALL 0042DBDD

; [SystemIn

MOV DWORD PTR SS:[LOCAL.58],EAX


MOV DWORD PTR SS:[LOCAL.57],EDX
MOV EAX,DWORD PTR SS:[LOCAL.58]
MOV DWORD PTR SS:[LOCAL.21],EAX
MOV ECX,DWORD PTR SS:[LOCAL.57]
MOV DWORD PTR SS:[LOCAL.20],ECX
MOV EDX,DWORD PTR SS:[LOCAL.59]
MOV BYTE PTR DS:[EDX+0D],2C
MOV ECX,DWORD PTR SS:[LOCAL.3]
MOV DWORD PTR FS:[0],ECX
POP ECX
POP EDI
POP ESI
POP EBX
MOV ESP,EBP
POP EBP
RETN 8
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
PUSH -1
PUSH 00445951
MOV EAX,DWORD PTR FS:[0]
PUSH EAX
PUSH ECX

0040E4C2 |.
0040E4C5 |.
0040E4C6 |.
0040E4C7 |.
0040E4C8 |.
0040E4CD |.
0040E4CF |.
0040E4D0 |.
0040E4D3 |.
0040E4D9 |.
0040E4DC |.
0040E4DF |.
0040E4E2 |.
0040E4E9 |.
0040E4EB |>
0040E4EE |.
0040E4F1 |.
0040E4F4 |.
0040E4F7 |.
0040E4FA |.
0040E4FD |>
0040E501 |.
0040E503 |.
0040E506 |.
0040E509 |.
0040E50C |.
0040E50F |.
0040E513 |.
0040E517 |.
0040E519 |.
0040E51C |.
[ARG.3]
0040E51D |.
0040E520 |.
fo.0040AD10
0040E525 |.
0040E528 |.
0040E52B |.
0040E52E |.
0040E530 |>
0040E537 |>
0040E53A |.
0040E53D |.
0040E541 \.^
0040E543 >
0040E545 /.
0040E547 |>
0040E54A |.
0040E54D |.
0040E550 |>
0040E553 |.
0040E556 |.
0040E558 |.
0040E55B |.
0040E55C |.
0040E561 |.
0040E564 |.^
0040E566 |>
0040E568 |.
0040E56A |.

83EC 50
53
56
57
A1 A0154500
33C5
50
8D45 F4
64:A3 0000000
8965 F0
8B45 08
8945 EC
C745 FC 00000
EB 12
8B4D 0C
83E9 01
894D 0C
8B55 08
83C2 28
8955 08
837D 0C 00
76 40
8B45 08
8945 E8
8B4D E8
894D E0
C645 FC 01
837D E0 00
74 17
8B55 10
52

SUB ESP,50
PUSH EBX
PUSH ESI
PUSH EDI
MOV EAX,DWORD PTR DS:[4515A0]
XOR EAX,EBP
PUSH EAX
LEA EAX,[LOCAL.3]
MOV DWORD PTR FS:[0],EAX
MOV DWORD PTR SS:[LOCAL.4],ESP
MOV EAX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR SS:[LOCAL.5],EAX
MOV DWORD PTR SS:[LOCAL.1],0
JMP SHORT 0040E4FD
/MOV ECX,DWORD PTR SS:[ARG.2]
|SUB ECX,1
|MOV DWORD PTR SS:[ARG.2],ECX
|MOV EDX,DWORD PTR SS:[ARG.1]
|ADD EDX,28
|MOV DWORD PTR SS:[ARG.1],EDX
|CMP DWORD PTR SS:[ARG.2],0
|JBE SHORT 0040E543
|MOV EAX,DWORD PTR SS:[ARG.1]
|MOV DWORD PTR SS:[LOCAL.6],EAX
|MOV ECX,DWORD PTR SS:[LOCAL.6]
|MOV DWORD PTR SS:[LOCAL.8],ECX
|MOV BYTE PTR SS:[LOCAL.1],1
|CMP DWORD PTR SS:[LOCAL.8],0
|JE SHORT 0040E530
|MOV EDX,DWORD PTR SS:[ARG.3]
|PUSH EDX

; /Arg1 =>

8B4D E0
E8 EBC7FFFF

|MOV ECX,DWORD PTR SS:[LOCAL.8]


|CALL 0040AD10

; |
; \SystemIn

8945 A4
8B45 A4
8945 A0
EB 07
C745 A0 00000
8B4D A0
894D E4
C645 FC 00
EB A8
EB 37
EB 09
8B55 EC
83C2 28
8955 EC
8B45 EC
3B45 08
74 0E
8B4D EC
51
E8 5F030000
83C4 04
EB E1
6A 00
6A 00
E8 B6030200

|MOV DWORD PTR SS:[LOCAL.23],EAX


|MOV EAX,DWORD PTR SS:[LOCAL.23]
|MOV DWORD PTR SS:[LOCAL.24],EAX
|JMP SHORT 0040E537
|MOV DWORD PTR SS:[LOCAL.24],0
|MOV ECX,DWORD PTR SS:[LOCAL.24]
|MOV DWORD PTR SS:[LOCAL.7],ECX
|MOV BYTE PTR SS:[LOCAL.1],0
\JMP SHORT 0040E4EB
JMP SHORT 0040E57C
JMP SHORT 0040E550
/MOV EDX,DWORD PTR SS:[EBP-14]
|ADD EDX,28
|MOV DWORD PTR SS:[EBP-14],EDX
|MOV EAX,DWORD PTR SS:[EBP-14]
|CMP EAX,DWORD PTR SS:[EBP+8]
|JE SHORT 0040E566
|MOV ECX,DWORD PTR SS:[EBP-14]
|PUSH ECX
|CALL 0040E8C0
|ADD ESP,4
\JMP SHORT 0040E547
PUSH 0
PUSH 0
CALL 0042E925

; /Arg2 = 0
; |Arg1 = 0
; \SystemIn

fo.0042E925
0040E56F |. C745 FC FFFFF MOV DWORD PTR SS:[EBP-4],-1
0040E576 |. B8 83E54000 MOV EAX,0040E583
0040E57B \. C3
RETN
0040E57C /> C745 FC FFFFF MOV DWORD PTR SS:[EBP-4],-1
0040E583 |. 8B4D F4
MOV ECX,DWORD PTR SS:[EBP-0C]
0040E586 |. 64:890D 00000 MOV DWORD PTR FS:[0],ECX
0040E58D |. 59
POP ECX
0040E58E |. 5F
POP EDI
0040E58F |. 5E
POP ESI
0040E590 |. 5B
POP EBX
0040E591 |. 8BE5
MOV ESP,EBP
0040E593 |. 5D
POP EBP
0040E594 \. C3
RETN
0040E595
CC
INT3
0040E596
CC
INT3
0040E597
CC
INT3
0040E598
CC
INT3
0040E599
CC
INT3
0040E59A
CC
INT3
0040E59B
CC
INT3
0040E59C
CC
INT3
0040E59D
CC
INT3
0040E59E
CC
INT3
0040E59F
CC
INT3
0040E5A0 /$ 55
PUSH EBP
o.0040E5A0(guessed Arg1,Arg2,Arg3,Arg4)
0040E5A1 |. 8BEC
MOV EBP,ESP
0040E5A3 |. 83EC 34
SUB ESP,34
0040E5A6 |. 33C0
XOR EAX,EAX
0040E5A8 |. 8845 FF
MOV BYTE PTR SS:[LOCAL.1+3],AL
0040E5AB |. 8A4D FD
MOV CL,BYTE PTR SS:[LOCAL.1+1]
0040E5AE |. 884D FE
MOV BYTE PTR SS:[LOCAL.1+2],CL
0040E5B1 |. 8B55 0C
MOV EDX,DWORD PTR SS:[ARG.2]
0040E5B4 |. 8955 F8
MOV DWORD PTR SS:[LOCAL.2],EDX
0040E5B7 |. 8B45 08
MOV EAX,DWORD PTR SS:[ARG.1]
0040E5BA |. 8945 F0
MOV DWORD PTR SS:[LOCAL.4],EAX
0040E5BD |. 8A4D FF
MOV CL,BYTE PTR SS:[LOCAL.1+3]
0040E5C0 |. 884D CF
MOV BYTE PTR SS:[LOCAL.13+3],CL
0040E5C3 |. 8B55 10
MOV EDX,DWORD PTR SS:[ARG.3]
0040E5C6 |. 8955 D0
MOV DWORD PTR SS:[LOCAL.12],EDX
0040E5C9 |. 8B45 D0
MOV EAX,DWORD PTR SS:[LOCAL.12]
0040E5CC |. 8945 D4
MOV DWORD PTR SS:[LOCAL.11],EAX
0040E5CF |. 8B4D F8
MOV ECX,DWORD PTR SS:[LOCAL.2]
0040E5D2 |. 894D D8
MOV DWORD PTR SS:[LOCAL.10],ECX
0040E5D5 |. 8B55 F0
MOV EDX,DWORD PTR SS:[LOCAL.4]
0040E5D8 |. 8955 DC
MOV DWORD PTR SS:[LOCAL.9],EDX
0040E5DB |. 33C0
XOR EAX,EAX
0040E5DD |. 8845 EF
MOV BYTE PTR SS:[LOCAL.5+3],AL
0040E5E0 |. 8A4D ED
MOV CL,BYTE PTR SS:[LOCAL.5+1]
0040E5E3 |. 884D EE
MOV BYTE PTR SS:[LOCAL.5+2],CL
0040E5E6 |. 8B55 D8
MOV EDX,DWORD PTR SS:[LOCAL.10]
0040E5E9 |. 8955 E8
MOV DWORD PTR SS:[LOCAL.6],EDX
0040E5EC |. 8B45 DC
MOV EAX,DWORD PTR SS:[LOCAL.9]
0040E5EF |. 8945 E0
MOV DWORD PTR SS:[LOCAL.8],EAX
0040E5F2 |. 0FB64D EF
MOVZX ECX,BYTE PTR SS:[LOCAL.5+3]
0040E5F6 |. 51
PUSH ECX
0040E5F7 |. 0FB655 EE
MOVZX EDX,BYTE PTR SS:[LOCAL.5+2]
0040E5FB |. 52
PUSH EDX
0040E5FC |. 8B45 14
MOV EAX,DWORD PTR SS:[ARG.4]

; SystemInf

0040E5FF
0040E600
0040E603
0040E604
0040E607
0040E608
0040E60B
0040E60C
0040E611
0040E614
0040E616
0040E617
0040E618
0040E619
0040E61A
0040E61B
0040E61C
0040E61D
0040E61E
0040E61F
0040E620
0040E621
0040E623
0040E626
0040E628
0040E62B
0040E62E
0040E631
0040E634
0040E637
0040E63A
0040E63D
0040E640
0040E643
0040E646
0040E649
0040E64A
0040E64F
0040E651
0040E654
0040E657
0040E659
0040E65C
0040E65E
0040E661
0040E663
0040E666
0040E669
0040E66C
0040E66F
0040E672
0040E675
0040E678
0040E67B
0040E67E
0040E681
0040E684
0040E686
0040E689
0040E68C

|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
\.

/$
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.

50
8B4D D4
51
8B55 E8
52
8B45 E0
50
E8 EF040000
83C4 18
8BE5
5D
C3
CC
CC
CC
CC
CC
CC
CC
CC
55
8BEC
83EC 60
33C0
8845 FF
8A4D FD
884D FE
8A55 FF
8855 A3
8B45 10
8945 A4
8B4D 08
894D A8
8B45 0C
2B45 A8
99
B9 28000000
F7F9
6BC0 28
8B55 A4
2BD0
8955 F8
33C0
8845 F7
33C9
884D F6
8A55 F7
8855 AE
8A45 F6
8845 AF
8B4D A4
894D B0
8B55 0C
8955 B4
8B45 A8
3B45 B4
74 20
8B4D B4
83E9 28
894D B4

PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.11]
PUSH ECX
MOV EDX,DWORD PTR SS:[LOCAL.6]
PUSH EDX
MOV EAX,DWORD PTR SS:[LOCAL.8]
PUSH EAX
CALL 0040EB00
ADD ESP,18
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
SUB ESP,60
XOR EAX,EAX
MOV BYTE PTR SS:[LOCAL.1+3],AL
MOV CL,BYTE PTR SS:[LOCAL.1+1]
MOV BYTE PTR SS:[LOCAL.1+2],CL
MOV DL,BYTE PTR SS:[LOCAL.1+3]
MOV BYTE PTR SS:[LOCAL.24+3],DL
MOV EAX,DWORD PTR SS:[ARG.3]
MOV DWORD PTR SS:[LOCAL.23],EAX
MOV ECX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR SS:[LOCAL.22],ECX
MOV EAX,DWORD PTR SS:[ARG.2]
SUB EAX,DWORD PTR SS:[LOCAL.22]
CDQ
MOV ECX,28
IDIV ECX
IMUL EAX,EAX,28
MOV EDX,DWORD PTR SS:[LOCAL.23]
SUB EDX,EAX
MOV DWORD PTR SS:[LOCAL.2],EDX
XOR EAX,EAX
MOV BYTE PTR SS:[LOCAL.3+3],AL
XOR ECX,ECX
MOV BYTE PTR SS:[LOCAL.3+2],CL
MOV DL,BYTE PTR SS:[LOCAL.3+3]
MOV BYTE PTR SS:[LOCAL.21+2],DL
MOV AL,BYTE PTR SS:[LOCAL.3+2]
MOV BYTE PTR SS:[LOCAL.21+3],AL
MOV ECX,DWORD PTR SS:[LOCAL.23]
MOV DWORD PTR SS:[LOCAL.20],ECX
MOV EDX,DWORD PTR SS:[ARG.2]
MOV DWORD PTR SS:[LOCAL.19],EDX
/MOV EAX,DWORD PTR SS:[LOCAL.22]
|CMP EAX,DWORD PTR SS:[LOCAL.19]
|JE SHORT 0040E6A6
|MOV ECX,DWORD PTR SS:[LOCAL.19]
|SUB ECX,28
|MOV DWORD PTR SS:[LOCAL.19],ECX

0040E68F |. 8B55 B0
|MOV EDX,DWORD PTR SS:[LOCAL.20]
0040E692 |. 83EA 28
|SUB EDX,28
0040E695 |. 8955 B0
|MOV DWORD PTR SS:[LOCAL.20],EDX
0040E698 |. 8B45 B4
|MOV EAX,DWORD PTR SS:[LOCAL.19]
0040E69B |. 50
|PUSH EAX
[LOCAL.19]
0040E69C |. 8B4D B0
|MOV ECX,DWORD PTR SS:[LOCAL.20]
0040E69F |. E8 1CCDFFFF |CALL 0040B3C0
fo.0040B3C0
0040E6A4 |.^ EB D8
\JMP SHORT 0040E67E
0040E6A6 |> 8B45 F8
MOV EAX,DWORD PTR SS:[LOCAL.2]
0040E6A9 |. 8BE5
MOV ESP,EBP
0040E6AB |. 5D
POP EBP
0040E6AC \. C3
RETN
0040E6AD
CC
INT3
0040E6AE
CC
INT3
0040E6AF
CC
INT3
0040E6B0 /$ 55
PUSH EBP
0040E6B1 |. 8BEC
MOV EBP,ESP
0040E6B3 |. 83EC 20
SUB ESP,20
0040E6B6 |. 894D E4
MOV DWORD PTR SS:[LOCAL.7],ECX
0040E6B9 |. 8B45 E4
MOV EAX,DWORD PTR SS:[LOCAL.7]
0040E6BC |. 8378 20 00
CMP DWORD PTR DS:[EAX+20],0
0040E6C0 |. 75 40
JNE SHORT 0040E702
0040E6C2 |. 8B4D E4
MOV ECX,DWORD PTR SS:[LOCAL.7]
0040E6C5 |. 8379 18 10
CMP DWORD PTR DS:[ECX+18],10
0040E6C9 |. 72 0B
JB SHORT 0040E6D6
0040E6CB |. 8B55 E4
MOV EDX,DWORD PTR SS:[LOCAL.7]
0040E6CE |. 8B42 04
MOV EAX,DWORD PTR DS:[EDX+4]
0040E6D1 |. 8945 E0
MOV DWORD PTR SS:[LOCAL.8],EAX
0040E6D4 |. EB 09
JMP SHORT 0040E6DF
0040E6D6 |> 8B4D E4
MOV ECX,DWORD PTR SS:[LOCAL.7]
0040E6D9 |. 83C1 04
ADD ECX,4
0040E6DC |. 894D E0
MOV DWORD PTR SS:[LOCAL.8],ECX
0040E6DF |> 8B55 E0
MOV EDX,DWORD PTR SS:[LOCAL.8]
0040E6E2 |. 52
PUSH EDX
0040E6E3 |. E8 E8C1FFFF CALL 0040A8D0
fo.0040A8D0
0040E6E8 |. 83C4 04
ADD ESP,4
0040E6EB |. 8945 F4
MOV DWORD PTR SS:[LOCAL.3],EAX
0040E6EE |. 6A 01
PUSH 1
0040E6F0 |. 8B45 F4
MOV EAX,DWORD PTR SS:[LOCAL.3]
0040E6F3 |. 50
PUSH EAX
[LOCAL.3]
0040E6F4 |. 8B4D E4
MOV ECX,DWORD PTR SS:[LOCAL.7]
0040E6F7 |. E8 14010000 CALL 0040E810
fo.0040E810
0040E6FC |. 8B4D E4
MOV ECX,DWORD PTR SS:[LOCAL.7]
0040E6FF |. 8941 20
MOV DWORD PTR DS:[ECX+20],EAX
0040E702 |> 8B55 E4
MOV EDX,DWORD PTR SS:[LOCAL.7]
0040E705 |. 8B42 20
MOV EAX,DWORD PTR DS:[EDX+20]
0040E708 |. 8BE5
MOV ESP,EBP
0040E70A |. 5D
POP EBP
0040E70B \. C3
RETN
0040E70C
CC
INT3
0040E70D
CC
INT3
0040E70E
CC
INT3
0040E70F
CC
INT3
0040E710 /$ 55
PUSH EBP
o.0040E710(guessed Arg1,Arg2,Arg3)

; /Arg1 =>
; |
; \SystemIn

; /Arg1
; \SystemIn

; /Arg2 = 1
; |
; |Arg1 =>
; |
; \SystemIn

; SystemInf

0040E711 |. 8BEC
0040E713 |. 83EC 10
0040E716 |. 8B45 08
0040E719 |. 50
[ARG.1]
0040E71A |. E8 61FB0100
fo.0042E280
0040E71F |. 83C4 04
0040E722 |. 83C0 01
0040E725 |. 8945 F8
0040E728 |. 8B4D F8
0040E72B |. 51
[LOCAL.2]
0040E72C |. E8 1BF10100
fo.0042D84C
0040E731 |. 83C4 04
0040E734 |. 8945 F0
0040E737 |. 8B55 F0
0040E73A |. 8955 FC
0040E73D |. 8B45 FC
0040E740 |. 8945 F4
0040E743 |. EB 1B
0040E745 |> 8B4D F8
0040E748 |. 83E9 01
0040E74B |. 894D F8
0040E74E |. 8B55 F4
0040E751 |. 83C2 01
0040E754 |. 8955 F4
0040E757 |. 8B45 08
0040E75A |. 83C0 01
0040E75D |. 8945 08
0040E760 |> 837D F8 00
0040E764 |. 76 0C
0040E766 |. 8B4D F4
0040E769 |. 8B55 08
0040E76C |. 8A02
0040E76E |. 8801
0040E770 |.^ EB D3
0040E772 |> 8B45 FC
0040E775 |. 8BE5
0040E777 |. 5D
0040E778 \. C3
0040E779
CC
0040E77A
CC
0040E77B
CC
0040E77C
CC
0040E77D
CC
0040E77E
CC
0040E77F
CC
0040E780 /$ 55
o.0040E780(guessed void)
0040E781 |. 8BEC
0040E783 |. 83EC 10
0040E786 |. 894D F0
0040E789 |. 8B45 F0
0040E78C |. 8378 1C 00
0040E790 |. 74 1F
0040E792 |. 8B4D F0
0040E795 |. 8B51 1C
0040E798 |. 8955 FC

MOV EBP,ESP
SUB ESP,10
MOV EAX,DWORD PTR SS:[ARG.1]
PUSH EAX

; /Arg1 =>

CALL 0042E280

; \SystemIn

ADD ESP,4
ADD EAX,1
MOV DWORD PTR SS:[LOCAL.2],EAX
MOV ECX,DWORD PTR SS:[LOCAL.2]
PUSH ECX

; /Arg1 =>

CALL 0042D84C

; \SystemIn

ADD ESP,4
MOV DWORD PTR SS:[LOCAL.4],EAX
MOV EDX,DWORD PTR SS:[LOCAL.4]
MOV DWORD PTR SS:[LOCAL.1],EDX
MOV EAX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR SS:[LOCAL.3],EAX
JMP SHORT 0040E760
/MOV ECX,DWORD PTR SS:[LOCAL.2]
|SUB ECX,1
|MOV DWORD PTR SS:[LOCAL.2],ECX
|MOV EDX,DWORD PTR SS:[LOCAL.3]
|ADD EDX,1
|MOV DWORD PTR SS:[LOCAL.3],EDX
|MOV EAX,DWORD PTR SS:[ARG.1]
|ADD EAX,1
|MOV DWORD PTR SS:[ARG.1],EAX
|CMP DWORD PTR SS:[LOCAL.2],0
|JBE SHORT 0040E772
|MOV ECX,DWORD PTR SS:[LOCAL.3]
|MOV EDX,DWORD PTR SS:[ARG.1]
|MOV AL,BYTE PTR DS:[EDX]
|MOV BYTE PTR DS:[ECX],AL
\JMP SHORT 0040E745
MOV EAX,DWORD PTR SS:[LOCAL.1]
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP

; SystemInf

MOV EBP,ESP
SUB ESP,10
MOV DWORD PTR SS:[LOCAL.4],ECX
MOV EAX,DWORD PTR SS:[LOCAL.4]
CMP DWORD PTR DS:[EAX+1C],0
JE SHORT 0040E7B1
MOV ECX,DWORD PTR SS:[LOCAL.4]
MOV EDX,DWORD PTR DS:[ECX+1C]
MOV DWORD PTR SS:[LOCAL.1],EDX

0040E79B |. 8B45 FC
MOV EAX,DWORD PTR SS:[LOCAL.1]
0040E79E |. 50
PUSH EAX
[ARG.ECX+1C]
0040E79F |. E8 5C100200 CALL 0042F800
fo.0042F800
0040E7A4 |. 83C4 04
ADD ESP,4
0040E7A7 |. 8B4D F0
MOV ECX,DWORD PTR SS:[LOCAL.4]
0040E7AA |. C741 1C 00000 MOV DWORD PTR DS:[ECX+1C],0
0040E7B1 |> 8B55 F0
MOV EDX,DWORD PTR SS:[LOCAL.4]
0040E7B4 |. 837A 20 00
CMP DWORD PTR DS:[EDX+20],0
0040E7B8 |. 74 1F
JE SHORT 0040E7D9
0040E7BA |. 8B45 F0
MOV EAX,DWORD PTR SS:[LOCAL.4]
0040E7BD |. 8B48 20
MOV ECX,DWORD PTR DS:[EAX+20]
0040E7C0 |. 894D F8
MOV DWORD PTR SS:[LOCAL.2],ECX
0040E7C3 |. 8B55 F8
MOV EDX,DWORD PTR SS:[LOCAL.2]
0040E7C6 |. 52
PUSH EDX
[ARG.ECX+20]
0040E7C7 |. E8 34100200 CALL 0042F800
fo.0042F800
0040E7CC |. 83C4 04
ADD ESP,4
0040E7CF |. 8B45 F0
MOV EAX,DWORD PTR SS:[LOCAL.4]
0040E7D2 |. C740 20 00000 MOV DWORD PTR DS:[EAX+20],0
0040E7D9 |> 8B4D F0
MOV ECX,DWORD PTR SS:[LOCAL.4]
0040E7DC |. 8379 24 00
CMP DWORD PTR DS:[ECX+24],0
0040E7E0 |. 74 1F
JE SHORT 0040E801
0040E7E2 |. 8B55 F0
MOV EDX,DWORD PTR SS:[LOCAL.4]
0040E7E5 |. 8B42 24
MOV EAX,DWORD PTR DS:[EDX+24]
0040E7E8 |. 8945 F4
MOV DWORD PTR SS:[LOCAL.3],EAX
0040E7EB |. 8B4D F4
MOV ECX,DWORD PTR SS:[LOCAL.3]
0040E7EE |. 51
PUSH ECX
[ARG.ECX+24]
0040E7EF |. E8 0C100200 CALL 0042F800
fo.0042F800
0040E7F4 |. 83C4 04
ADD ESP,4
0040E7F7 |. 8B55 F0
MOV EDX,DWORD PTR SS:[LOCAL.4]
0040E7FA |. C742 24 00000 MOV DWORD PTR DS:[EDX+24],0
0040E801 |> 8BE5
MOV ESP,EBP
0040E803 |. 5D
POP EBP
0040E804 \. C3
RETN
0040E805
CC
INT3
0040E806
CC
INT3
0040E807
CC
INT3
0040E808
CC
INT3
0040E809
CC
INT3
0040E80A
CC
INT3
0040E80B
CC
INT3
0040E80C
CC
INT3
0040E80D
CC
INT3
0040E80E
CC
INT3
0040E80F
CC
INT3
0040E810 /$ 55
PUSH EBP
o.0040E810(guessed Arg1,Arg2)
0040E811 |. 8BEC
MOV EBP,ESP
0040E813 |. 83EC 18
SUB ESP,18
0040E816 |. 894D F0
MOV DWORD PTR SS:[LOCAL.4],ECX
0040E819 |. 8B45 F0
MOV EAX,DWORD PTR SS:[LOCAL.4]
0040E81C |. 8378 18 10
CMP DWORD PTR DS:[EAX+18],10
0040E820 |. 72 0B
JB SHORT 0040E82D
0040E822 |. 8B4D F0
MOV ECX,DWORD PTR SS:[LOCAL.4]
0040E825 |. 8B51 04
MOV EDX,DWORD PTR DS:[ECX+4]

; /Arg1 =>
; \SystemIn

; /Arg1 =>
; \SystemIn

; /Arg1 =>
; \SystemIn

; SystemInf

0040E828 |. 8955 EC
0040E82B |. EB 09
0040E82D |> 8B45 F0
0040E830 |. 83C0 04
0040E833 |. 8945 EC
0040E836 |> 6A 00
= 0
0040E838 |. 6A 00
ULL
0040E83A |. 8B4D 08
0040E83D |. 51
> [ARG.1]
0040E83E |. 8B55 EC
0040E841 |. 52
0040E842 |. 8B45 0C
0040E845 |. 0D 00040300
0040E84A |. 50
0040E84B |. FF15 48804400
2.GetThreadLocale
0040E851 |. 50
0040E852 |. FF15 44804400
.LCMapStringA
0040E858 |. 8945 FC
0040E85B |. 8B4D FC
0040E85E |. 51
[LOCAL.1]
0040E85F |. E8 E8EF0100
fo.0042D84C
0040E864 |. 83C4 04
0040E867 |. 8945 F4
0040E86A |. 8B55 F4
0040E86D |. 8955 F8
0040E870 |. 8B45 F0
0040E873 |. 8378 18 10
0040E877 |. 72 0B
0040E879 |. 8B4D F0
0040E87C |. 8B51 04
0040E87F |. 8955 E8
0040E882 |. EB 09
0040E884 |> 8B45 F0
0040E887 |. 83C0 04
0040E88A |. 8945 E8
0040E88D |> 8B4D FC
0040E890 |. 51
=> [LOCAL.1]
0040E891 |. 8B55 F8
0040E894 |. 52
[LOCAL.3]
0040E895 |. 8B45 08
0040E898 |. 50
> [ARG.1]
0040E899 |. 8B4D E8
0040E89C |. 51
0040E89D |. 8B55 0C
0040E8A0 |. 81CA 00040300
0040E8A6 |. 52
0040E8A7 |. FF15 48804400
2.GetThreadLocale
0040E8AD |. 50
0040E8AE |. FF15 44804400

MOV DWORD PTR SS:[LOCAL.5],EDX


JMP SHORT 0040E836
MOV EAX,DWORD PTR SS:[LOCAL.4]
ADD EAX,4
MOV DWORD PTR SS:[LOCAL.5],EAX
PUSH 0

; /DestLen

PUSH 0

; |Dest = N

MOV ECX,DWORD PTR SS:[ARG.1]


PUSH ECX

; |
; |SrcLen =

MOV EDX,DWORD PTR SS:[LOCAL.5]


PUSH EDX
MOV EAX,DWORD PTR SS:[ARG.2]
OR EAX,00030400
PUSH EAX
CALL DWORD PTR DS:[<&KERNEL32.GetThreadL

;
;
;
;
;
;

|
|Src
|
|
|Flags
|[KERNEL3

PUSH EAX
; |Locale
CALL DWORD PTR DS:[<&KERNEL32.LCMapStrin ; \KERNEL32
MOV DWORD PTR SS:[LOCAL.1],EAX
MOV ECX,DWORD PTR SS:[LOCAL.1]
PUSH ECX

; /Arg1 =>

CALL 0042D84C

; \SystemIn

ADD ESP,4
MOV DWORD PTR SS:[LOCAL.3],EAX
MOV EDX,DWORD PTR SS:[LOCAL.3]
MOV DWORD PTR SS:[LOCAL.2],EDX
MOV EAX,DWORD PTR SS:[LOCAL.4]
CMP DWORD PTR DS:[EAX+18],10
JB SHORT 0040E884
MOV ECX,DWORD PTR SS:[LOCAL.4]
MOV EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[LOCAL.6],EDX
JMP SHORT 0040E88D
MOV EAX,DWORD PTR SS:[LOCAL.4]
ADD EAX,4
MOV DWORD PTR SS:[LOCAL.6],EAX
MOV ECX,DWORD PTR SS:[LOCAL.1]
PUSH ECX

; /DestLen

MOV EDX,DWORD PTR SS:[LOCAL.2]


PUSH EDX

; |
; |Dest =>

MOV EAX,DWORD PTR SS:[ARG.1]


PUSH EAX

; |
; |SrcLen =

MOV ECX,DWORD PTR SS:[LOCAL.6]


PUSH ECX
MOV EDX,DWORD PTR SS:[ARG.2]
OR EDX,00030400
PUSH EDX
CALL DWORD PTR DS:[<&KERNEL32.GetThreadL

;
;
;
;
;
;

|
|Src
|
|
|Flags
|[KERNEL3

PUSH EAX
; |Locale
CALL DWORD PTR DS:[<&KERNEL32.LCMapStrin ; \KERNEL32

.LCMapStringA
0040E8B4 |. 8B45 F8
MOV EAX,DWORD PTR SS:[LOCAL.2]
0040E8B7 |. 8BE5
MOV ESP,EBP
0040E8B9 |. 5D
POP EBP
0040E8BA \. C2 0800
RETN 8
0040E8BD
CC
INT3
0040E8BE
CC
INT3
0040E8BF
CC
INT3
0040E8C0 /$ 55
PUSH EBP
0040E8C1 |. 8BEC
MOV EBP,ESP
0040E8C3 |. 6A FF
PUSH -1
0040E8C5 |. 68 78594400 PUSH 00445978
0040E8CA |. 64:A1 0000000 MOV EAX,DWORD PTR FS:[0]
0040E8D0 |. 50
PUSH EAX
0040E8D1 |. 83EC 20
SUB ESP,20
0040E8D4 |. A1 A0154500 MOV EAX,DWORD PTR DS:[4515A0]
0040E8D9 |. 33C5
XOR EAX,EBP
0040E8DB |. 50
PUSH EAX
0040E8DC |. 8D45 F4
LEA EAX,[LOCAL.3]
0040E8DF |. 64:A3 0000000 MOV DWORD PTR FS:[0],EAX
0040E8E5 |. C745 FC 00000 MOV DWORD PTR SS:[LOCAL.1],0
0040E8EC |. 8B4D 08
MOV ECX,DWORD PTR SS:[ARG.1]
0040E8EF |. E8 8CFEFFFF CALL 0040E780
fo.0040E780
0040E8F4 |. C745 FC FFFFF MOV DWORD PTR SS:[LOCAL.1],-1
0040E8FB |. 6A 00
PUSH 0
0040E8FD |. 6A 01
PUSH 1
0040E8FF |. 8B4D 08
MOV ECX,DWORD PTR SS:[ARG.1]
0040E902 |. E8 59120000 CALL 0040FB60
fo.0040FB60
0040E907 |. 33C0
XOR EAX,EAX
0040E909 |. 83E0 01
AND EAX,00000001
0040E90C |. 74 0C
JE SHORT 0040E91A
0040E90E |. 8B4D 08
MOV ECX,DWORD PTR SS:[ARG.1]
0040E911 |. 51
PUSH ECX
0040E912 |. E8 03000200 CALL 0042E91A
0040E917 |. 83C4 04
ADD ESP,4
0040E91A |> 8B4D F4
MOV ECX,DWORD PTR SS:[LOCAL.3]
0040E91D |. 64:890D 00000 MOV DWORD PTR FS:[0],ECX
0040E924 |. 59
POP ECX
0040E925 |. 8BE5
MOV ESP,EBP
0040E927 |. 5D
POP EBP
0040E928 \. C3
RETN
0040E929
CC
INT3
0040E92A
CC
INT3
0040E92B
CC
INT3
0040E92C
CC
INT3
0040E92D
CC
INT3
0040E92E
CC
INT3
0040E92F
CC
INT3
0040E930 /$ 55
PUSH EBP
o.0040E930(guessed Arg1,Arg2,Arg3)
0040E931 |. 8BEC
MOV EBP,ESP
0040E933 |. 6A FF
PUSH -1
0040E935 |. 68 C9594400 PUSH 004459C9
0040E93A |. 64:A1 0000000 MOV EAX,DWORD PTR FS:[0]
0040E940 |. 50
PUSH EAX
0040E941 |. 81EC A8000000 SUB ESP,0A8
0040E947 |. A1 A0154500 MOV EAX,DWORD PTR DS:[4515A0]
0040E94C |. 33C5
XOR EAX,EBP

; [SystemIn
;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

; SystemInf

0040E94E |.
0040E94F |.
0040E952 |.
0040E958 |.
0040E95F |.
0040E962 |.
[ARG.2]
0040E963 |.
0040E966 |.
fo.0040AD10
0040E96B |.
0040E971 |.
0040E977 |.
0040E97A |.
0040E981 |.
0040E984 |.
fo.0040E780
0040E989 |.
0040E98F |.
[4487AC] = -1
0040E990 |.
0040E992 |.
0040E995 |.
[ARG.3]
0040E996 |.
0040E999 |.
fo.0040ECF0
0040E99E |.
0040E9A1 |.
[LOCAL.45]
0040E9A2 |.
0040E9A5 |.
fo.0040AD10
0040E9AA |.
0040E9AD |.
0040E9B0 |.
0040E9B3 |.
0040E9BA |.
0040E9BD |.
fo.0040E780
0040E9C2 |.
0040E9C6 |.
0040E9C8 |.
0040E9CA |.
0040E9CD |.
fo.0040FB60
0040E9D2 |.
0040E9D5 |.
0040E9D8 |.
0040E9DF |.
0040E9E0 |.
0040E9E2 |.
0040E9E3 \.
0040E9E4
0040E9E5
0040E9E6
0040E9E7
0040E9E8
0040E9E9
0040E9EA

50
8D45 F4
64:A3 0000000
C745 C8 00000
8B45 0C
50

PUSH EAX
LEA EAX,[LOCAL.3]
MOV DWORD PTR FS:[0],EAX
MOV DWORD PTR SS:[LOCAL.14],0
MOV EAX,DWORD PTR SS:[ARG.2]
PUSH EAX

; /Arg1 =>

8D4D CC
E8 A5C3FFFF

LEA ECX,[LOCAL.13]
CALL 0040AD10

; |
; \SystemIn

8985 4CFFFFFF
8B8D 4CFFFFFF
894D 88
C745 FC 01000
8B4D 88
E8 F7FDFFFF

MOV DWORD PTR


MOV ECX,DWORD
MOV DWORD PTR
MOV DWORD PTR
MOV ECX,DWORD
CALL 0040E780

; [SystemIn

SS:[LOCAL.45],EAX
PTR SS:[LOCAL.45]
SS:[LOCAL.30],ECX
SS:[LOCAL.1],1
PTR SS:[LOCAL.30]

8B15 AC874400 MOV EDX,DWORD PTR DS:[4487AC]


52
PUSH EDX

; /Arg3 =>

6A 00
8B45 10
50

PUSH 0
MOV EAX,DWORD PTR SS:[ARG.3]
PUSH EAX

; |Arg2 = 0
; |
; |Arg1 =>

8B4D 88
E8 52030000

MOV ECX,DWORD PTR SS:[LOCAL.30]


CALL 0040ECF0

; |
; \SystemIn

8B4D 88
51

MOV ECX,DWORD PTR SS:[LOCAL.30]


PUSH ECX

; /Arg1 =>

8B4D 08
E8 66C3FFFF

MOV ECX,DWORD PTR SS:[ARG.1]


CALL 0040AD10

; |
; \SystemIn

8B55 C8
83CA 01
8955 C8
C745 FC 02000
8D4D CC
E8 BEFDFFFF

MOV EDX,DWORD PTR SS:[LOCAL.14]


OR EDX,00000001
MOV DWORD PTR SS:[LOCAL.14],EDX
MOV DWORD PTR SS:[LOCAL.1],2
LEA ECX,[LOCAL.13]
CALL 0040E780

; [SystemIn

C645 FC 00
6A 00
6A 01
8D4D CC
E8 8E110000

MOV BYTE PTR SS:[LOCAL.1],0


PUSH 0
PUSH 1
LEA ECX,[LOCAL.13]
CALL 0040FB60

;
;
;
;

8B45 08
MOV EAX,DWORD PTR SS:[ARG.1]
8B4D F4
MOV ECX,DWORD PTR SS:[LOCAL.3]
64:890D 00000 MOV DWORD PTR FS:[0],ECX
59
POP ECX
8BE5
MOV ESP,EBP
5D
POP EBP
C3
RETN
CC
INT3
CC
INT3
CC
INT3
CC
INT3
CC
INT3
CC
INT3
CC
INT3

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

0040E9EB
CC
INT3
0040E9EC
CC
INT3
0040E9ED
CC
INT3
0040E9EE
CC
INT3
0040E9EF
CC
INT3
0040E9F0 /$ 55
PUSH EBP
o.0040E9F0(guessed Arg1,Arg2,Arg3)
0040E9F1 |. 8BEC
MOV EBP,ESP
0040E9F3 |. 6A FF
PUSH -1
0040E9F5 |. 68 195A4400 PUSH 00445A19
0040E9FA |. 64:A1 0000000 MOV EAX,DWORD PTR FS:[0]
0040EA00 |. 50
PUSH EAX
0040EA01 |. 81EC A4000000 SUB ESP,0A4
0040EA07 |. A1 A0154500 MOV EAX,DWORD PTR DS:[4515A0]
0040EA0C |. 33C5
XOR EAX,EBP
0040EA0E |. 50
PUSH EAX
0040EA0F |. 8D45 F4
LEA EAX,[LOCAL.3]
0040EA12 |. 64:A3 0000000 MOV DWORD PTR FS:[0],EAX
0040EA18 |. C745 C8 00000 MOV DWORD PTR SS:[LOCAL.14],0
0040EA1F |. 8B45 0C
MOV EAX,DWORD PTR SS:[ARG.2]
0040EA22 |. 50
PUSH EAX
[ARG.2]
0040EA23 |. 8D4D CC
LEA ECX,[LOCAL.13]
0040EA26 |. E8 E5C2FFFF CALL 0040AD10
fo.0040AD10
0040EA2B |. 8985 50FFFFFF MOV DWORD PTR SS:[LOCAL.44],EAX
0040EA31 |. 8B8D 50FFFFFF MOV ECX,DWORD PTR SS:[LOCAL.44]
0040EA37 |. 894D 8C
MOV DWORD PTR SS:[LOCAL.29],ECX
0040EA3A |. C745 FC 01000 MOV DWORD PTR SS:[LOCAL.1],1
0040EA41 |. 8B4D 8C
MOV ECX,DWORD PTR SS:[LOCAL.29]
0040EA44 |. E8 37FDFFFF CALL 0040E780
fo.0040E780
0040EA49 |. 8B55 10
MOV EDX,DWORD PTR SS:[ARG.3]
0040EA4C |. 52
PUSH EDX
[ARG.3]
0040EA4D |. E8 2EF80100 CALL 0042E280
fo.0042E280
0040EA52 |. 83C4 04
ADD ESP,4
0040EA55 |. 8945 A0
MOV DWORD PTR SS:[LOCAL.24],EAX
0040EA58 |. 8B45 A0
MOV EAX,DWORD PTR SS:[LOCAL.24]
0040EA5B |. 50
PUSH EAX
[LOCAL.24]
0040EA5C |. 8B4D 10
MOV ECX,DWORD PTR SS:[ARG.3]
0040EA5F |. 51
PUSH ECX
[ARG.3]
0040EA60 |. 8B4D 8C
MOV ECX,DWORD PTR SS:[LOCAL.29]
0040EA63 |. E8 D8030000 CALL 0040EE40
fo.0040EE40
0040EA68 |. 8B55 8C
MOV EDX,DWORD PTR SS:[LOCAL.29]
0040EA6B |. 52
PUSH EDX
[LOCAL.29]
0040EA6C |. 8B4D 08
MOV ECX,DWORD PTR SS:[ARG.1]
0040EA6F |. E8 9CC2FFFF CALL 0040AD10
fo.0040AD10
0040EA74 |. 8B45 C8
MOV EAX,DWORD PTR SS:[LOCAL.14]
0040EA77 |. 83C8 01
OR EAX,00000001
0040EA7A |. 8945 C8
MOV DWORD PTR SS:[LOCAL.14],EAX
0040EA7D |. C745 FC 02000 MOV DWORD PTR SS:[LOCAL.1],2
0040EA84 |. 8D4D CC
LEA ECX,[LOCAL.13]
0040EA87 |. E8 F4FCFFFF CALL 0040E780

; SystemInf

; /Arg1 =>
; |
; \SystemIn

; [SystemIn
; /Arg1 =>
; \SystemIn

; /Arg2 =>
; |
; |Arg1 =>
; |
; \SystemIn
; /Arg1 =>
; |
; \SystemIn

; [SystemIn

fo.0040E780
0040EA8C |. C645 FC 00
MOV BYTE PTR SS:[LOCAL.1],0
0040EA90 |. 6A 00
PUSH 0
0040EA92 |. 6A 01
PUSH 1
0040EA94 |. 8D4D CC
LEA ECX,[LOCAL.13]
0040EA97 |. E8 C4100000 CALL 0040FB60
fo.0040FB60
0040EA9C |. 8B45 08
MOV EAX,DWORD PTR SS:[ARG.1]
0040EA9F |. 8B4D F4
MOV ECX,DWORD PTR SS:[LOCAL.3]
0040EAA2 |. 64:890D 00000 MOV DWORD PTR FS:[0],ECX
0040EAA9 |. 59
POP ECX
0040EAAA |. 8BE5
MOV ESP,EBP
0040EAAC |. 5D
POP EBP
0040EAAD \. C3
RETN
0040EAAE
CC
INT3
0040EAAF
CC
INT3
0040EAB0 /$ 55
PUSH EBP
o.0040EAB0(guessed Arg1,Arg2,Arg3,Arg4)
0040EAB1 |. 8BEC
MOV EBP,ESP
0040EAB3 |. 83EC 10
SUB ESP,10
0040EAB6 |. 33C0
XOR EAX,EAX
0040EAB8 |. 8845 FF
MOV BYTE PTR SS:[LOCAL.1+3],AL
0040EABB |. 8A4D FD
MOV CL,BYTE PTR SS:[LOCAL.1+1]
0040EABE |. 884D FE
MOV BYTE PTR SS:[LOCAL.1+2],CL
0040EAC1 |. 8B55 0C
MOV EDX,DWORD PTR SS:[ARG.2]
0040EAC4 |. 8955 F8
MOV DWORD PTR SS:[LOCAL.2],EDX
0040EAC7 |. 8B45 08
MOV EAX,DWORD PTR SS:[ARG.1]
0040EACA |. 8945 F0
MOV DWORD PTR SS:[LOCAL.4],EAX
0040EACD |. 0FB64D FF
MOVZX ECX,BYTE PTR SS:[LOCAL.1+3]
0040EAD1 |. 51
PUSH ECX
0040EAD2 |. 0FB655 FE
MOVZX EDX,BYTE PTR SS:[LOCAL.1+2]
0040EAD6 |. 52
PUSH EDX
0040EAD7 |. 8B45 14
MOV EAX,DWORD PTR SS:[ARG.4]
0040EADA |. 50
PUSH EAX
0040EADB |. 8B4D 10
MOV ECX,DWORD PTR SS:[ARG.3]
0040EADE |. 51
PUSH ECX
0040EADF |. 8B55 F8
MOV EDX,DWORD PTR SS:[LOCAL.2]
0040EAE2 |. 52
PUSH EDX
0040EAE3 |. 8B45 F0
MOV EAX,DWORD PTR SS:[LOCAL.4]
0040EAE6 |. 50
PUSH EAX
0040EAE7 |. E8 14000000 CALL 0040EB00
0040EAEC |. 83C4 18
ADD ESP,18
0040EAEF |. 8BE5
MOV ESP,EBP
0040EAF1 |. 5D
POP EBP
0040EAF2 \. C3
RETN
0040EAF3
CC
INT3
0040EAF4
CC
INT3
0040EAF5
CC
INT3
0040EAF6
CC
INT3
0040EAF7
CC
INT3
0040EAF8
CC
INT3
0040EAF9
CC
INT3
0040EAFA
CC
INT3
0040EAFB
CC
INT3
0040EAFC
CC
INT3
0040EAFD
CC
INT3
0040EAFE
CC
INT3
0040EAFF
CC
INT3
0040EB00 /$ 55
PUSH EBP
0040EB01 |. 8BEC
MOV EBP,ESP

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

; SystemInf

0040EB03 |.
0040EB05 |.
0040EB0A |.
0040EB10 |.
0040EB11 |.
0040EB12 |.
0040EB15 |.
0040EB16 |.
0040EB17 |.
0040EB18 |.
0040EB1D |.
0040EB1F |.
0040EB20 |.
0040EB23 |.
0040EB29 |.
0040EB2C |.
0040EB2F |.
0040EB32 |.
0040EB39 |.
0040EB3B |>
0040EB3E |.
0040EB41 |.
0040EB44 |.
0040EB47 |.
0040EB4A |.
0040EB4D |>
0040EB50 |.
0040EB53 |.
0040EB55 |.
0040EB58 |.
0040EB5B |.
0040EB5E |.
0040EB61 |.
0040EB65 |.
0040EB69 |.
0040EB6B |.
0040EB6E |.
[ARG.1]
0040EB6F |.
0040EB72 |.
fo.0040AD10
0040EB77 |.
0040EB7A |.
0040EB7D |.
0040EB80 |.
0040EB82 |>
0040EB89 |>
0040EB8C |.
0040EB8F |.
0040EB93 \.^
0040EB95 >
0040EB97 /.
0040EB99 |>
0040EB9C |.
0040EB9F |.
0040EBA2 |>
0040EBA5 |.
0040EBA8 |.
0040EBAA |.
0040EBAD |.

6A FF
68 515A4400
64:A1 0000000
50
51
83EC 50
53
56
57
A1 A0154500
33C5
50
8D45 F4
64:A3 0000000
8965 F0
8B45 10
8945 EC
C745 FC 00000
EB 12
8B4D 10
83C1 28
894D 10
8B55 08
83C2 28
8955 08
8B45 08
3B45 0C
74 40
8B4D 10
894D E8
8B55 E8
8955 E0
C645 FC 01
837D E0 00
74 17
8B45 08
50

PUSH -1
PUSH 00445A51
MOV EAX,DWORD PTR FS:[0]
PUSH EAX
PUSH ECX
SUB ESP,50
PUSH EBX
PUSH ESI
PUSH EDI
MOV EAX,DWORD PTR DS:[4515A0]
XOR EAX,EBP
PUSH EAX
LEA EAX,[LOCAL.3]
MOV DWORD PTR FS:[0],EAX
MOV DWORD PTR SS:[LOCAL.4],ESP
MOV EAX,DWORD PTR SS:[ARG.3]
MOV DWORD PTR SS:[LOCAL.5],EAX
MOV DWORD PTR SS:[LOCAL.1],0
JMP SHORT 0040EB4D
/MOV ECX,DWORD PTR SS:[ARG.3]
|ADD ECX,28
|MOV DWORD PTR SS:[ARG.3],ECX
|MOV EDX,DWORD PTR SS:[ARG.1]
|ADD EDX,28
|MOV DWORD PTR SS:[ARG.1],EDX
|MOV EAX,DWORD PTR SS:[ARG.1]
|CMP EAX,DWORD PTR SS:[ARG.2]
|JE SHORT 0040EB95
|MOV ECX,DWORD PTR SS:[ARG.3]
|MOV DWORD PTR SS:[LOCAL.6],ECX
|MOV EDX,DWORD PTR SS:[LOCAL.6]
|MOV DWORD PTR SS:[LOCAL.8],EDX
|MOV BYTE PTR SS:[LOCAL.1],1
|CMP DWORD PTR SS:[LOCAL.8],0
|JE SHORT 0040EB82
|MOV EAX,DWORD PTR SS:[ARG.1]
|PUSH EAX

; /Arg1 =>

8B4D E0
E8 99C1FFFF

|MOV ECX,DWORD PTR SS:[LOCAL.8]


|CALL 0040AD10

; |
; \SystemIn

8945 A4
|MOV DWORD PTR SS:[LOCAL.23],EAX
8B4D A4
|MOV ECX,DWORD PTR SS:[LOCAL.23]
894D A0
|MOV DWORD PTR SS:[LOCAL.24],ECX
EB 07
|JMP SHORT 0040EB89
C745 A0 00000 |MOV DWORD PTR SS:[LOCAL.24],0
8B55 A0
|MOV EDX,DWORD PTR SS:[LOCAL.24]
8955 E4
|MOV DWORD PTR SS:[LOCAL.7],EDX
C645 FC 00
|MOV BYTE PTR SS:[LOCAL.1],0
EB A6
\JMP SHORT 0040EB3B
EB 37
JMP SHORT 0040EBCE
EB 09
JMP SHORT 0040EBA2
8B45 EC
/MOV EAX,DWORD PTR SS:[EBP-14]
83C0 28
|ADD EAX,28
8945 EC
|MOV DWORD PTR SS:[EBP-14],EAX
8B4D EC
|MOV ECX,DWORD PTR SS:[EBP-14]
3B4D 10
|CMP ECX,DWORD PTR SS:[EBP+10]
74 0E
|JE SHORT 0040EBB8
8B55 EC
|MOV EDX,DWORD PTR SS:[EBP-14]
52
|PUSH EDX

0040EBAE |. E8 0DFDFFFF
0040EBB3 |. 83C4 04
0040EBB6 |.^ EB E1
0040EBB8 |> 6A 00
0040EBBA |. 6A 00
0040EBBC |. E8 64FD0100
fo.0042E925
0040EBC1 |. C745 FC FFFFF
0040EBC8 |. B8 D5EB4000
0040EBCD \. C3
0040EBCE /> C745 FC FFFFF
0040EBD5 |. 8B45 10
0040EBD8 |. 8B4D F4
0040EBDB |. 64:890D 00000
0040EBE2 |. 59
0040EBE3 |. 5F
0040EBE4 |. 5E
0040EBE5 |. 5B
0040EBE6 |. 8BE5
0040EBE8 |. 5D
0040EBE9 \. C3
0040EBEA
CC
0040EBEB
CC
0040EBEC
CC
0040EBED
CC
0040EBEE
CC
0040EBEF
CC
0040EBF0 /$ 55
o.0040EBF0(guessed Arg1)
0040EBF1 |. 8BEC
0040EBF3 |. 83EC 5C
0040EBF6 |. 894D A4
0040EBF9 |. 8D45 F7
0040EBFC |. 8945 F8
0040EBFF |. 6A 00
0040EC01 |. 6A 00
0040EC03 |. 8B4D A4
0040EC06 |. E8 550F0000
fo.0040FB60
0040EC0B |. 8B4D 08
0040EC0E |. 51
[ARG.1]
0040EC0F |. E8 6CF60100
fo.0042E280
0040EC14 |. 83C4 04
0040EC17 |. 8945 DC
0040EC1A |. 8B55 DC
0040EC1D |. 52
[LOCAL.9]
0040EC1E |. 8B45 08
0040EC21 |. 50
[ARG.1]
0040EC22 |. 8B4D A4
0040EC25 |. E8 26050000
fo.0040F150
0040EC2A |. 8B45 A4
0040EC2D |. 8BE5
0040EC2F |. 5D
0040EC30 \. C2 0400
0040EC33
CC

|CALL 0040E8C0
|ADD ESP,4
\JMP SHORT 0040EB99
PUSH 0
PUSH 0
CALL 0042E925

; /Arg2 = 0
; |Arg1 = 0
; \SystemIn

MOV DWORD PTR SS:[EBP-4],-1


MOV EAX,0040EBD5
RETN
MOV DWORD PTR SS:[EBP-4],-1
MOV EAX,DWORD PTR SS:[EBP+10]
MOV ECX,DWORD PTR SS:[EBP-0C]
MOV DWORD PTR FS:[0],ECX
POP ECX
POP EDI
POP ESI
POP EBX
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP

; SystemInf

MOV EBP,ESP
SUB ESP,5C
MOV DWORD PTR SS:[LOCAL.23],ECX
LEA EAX,[LOCAL.3+3]
MOV DWORD PTR SS:[LOCAL.2],EAX
PUSH 0
PUSH 0
MOV ECX,DWORD PTR SS:[LOCAL.23]
CALL 0040FB60

;
;
;
;

MOV ECX,DWORD PTR SS:[ARG.1]


PUSH ECX

; /Arg1 =>

CALL 0042E280

; \SystemIn

ADD ESP,4
MOV DWORD PTR SS:[LOCAL.9],EAX
MOV EDX,DWORD PTR SS:[LOCAL.9]
PUSH EDX

; /Arg2 =>

MOV EAX,DWORD PTR SS:[ARG.1]


PUSH EAX

; |
; |Arg1 =>

MOV ECX,DWORD PTR SS:[LOCAL.23]


CALL 0040F150

; |
; \SystemIn

MOV EAX,DWORD PTR SS:[LOCAL.23]


MOV ESP,EBP
POP EBP
RETN 4
INT3

/Arg2 = 0
|Arg1 = 0
|
\SystemIn

0040EC34
CC
INT3
0040EC35
CC
INT3
0040EC36
CC
INT3
0040EC37
CC
INT3
0040EC38
CC
INT3
0040EC39
CC
INT3
0040EC3A
CC
INT3
0040EC3B
CC
INT3
0040EC3C
CC
INT3
0040EC3D
CC
INT3
0040EC3E
CC
INT3
0040EC3F
CC
INT3
0040EC40 /$ 55
PUSH EBP
o.0040EC40(guessed Arg1,Arg2)
0040EC41 |. 8BEC
MOV EBP,ESP
0040EC43 |. 83EC 5C
SUB ESP,5C
0040EC46 |. 894D A4
MOV DWORD PTR SS:[LOCAL.23],ECX
0040EC49 |. 8D45 F7
LEA EAX,[LOCAL.3+3]
0040EC4C |. 8945 F8
MOV DWORD PTR SS:[LOCAL.2],EAX
0040EC4F |. 6A 00
PUSH 0
0040EC51 |. 6A 00
PUSH 0
0040EC53 |. 8B4D A4
MOV ECX,DWORD PTR SS:[LOCAL.23]
0040EC56 |. E8 050F0000 CALL 0040FB60
fo.0040FB60
0040EC5B |. 8B4D 08
MOV ECX,DWORD PTR SS:[ARG.1]
0040EC5E |. 51
PUSH ECX
[ARG.1]
0040EC5F |. E8 1CF60100 CALL 0042E280
fo.0042E280
0040EC64 |. 83C4 04
ADD ESP,4
0040EC67 |. 8945 DC
MOV DWORD PTR SS:[LOCAL.9],EAX
0040EC6A |. 8B55 DC
MOV EDX,DWORD PTR SS:[LOCAL.9]
0040EC6D |. 52
PUSH EDX
[LOCAL.9]
0040EC6E |. 8B45 08
MOV EAX,DWORD PTR SS:[ARG.1]
0040EC71 |. 50
PUSH EAX
[ARG.1]
0040EC72 |. 8B4D A4
MOV ECX,DWORD PTR SS:[LOCAL.23]
0040EC75 |. E8 D6040000 CALL 0040F150
fo.0040F150
0040EC7A |. 8B45 A4
MOV EAX,DWORD PTR SS:[LOCAL.23]
0040EC7D |. 8BE5
MOV ESP,EBP
0040EC7F |. 5D
POP EBP
0040EC80 \. C2 0800
RETN 8
0040EC83
CC
INT3
0040EC84
CC
INT3
0040EC85
CC
INT3
0040EC86
CC
INT3
0040EC87
CC
INT3
0040EC88
CC
INT3
0040EC89
CC
INT3
0040EC8A
CC
INT3
0040EC8B
CC
INT3
0040EC8C
CC
INT3
0040EC8D
CC
INT3
0040EC8E
CC
INT3
0040EC8F
CC
INT3
0040EC90 /$ 55
PUSH EBP
o.0040EC90(guessed Arg1)
0040EC91 |. 8BEC
MOV EBP,ESP

; SystemInf

;
;
;
;

/Arg2 = 0
|Arg1 = 0
|
\SystemIn

; /Arg1 =>
; \SystemIn

; /Arg2 =>
; |
; |Arg1 =>
; |
; \SystemIn

; SystemInf

0040EC93 |. 83EC 6C
SUB ESP,6C
0040EC96 |. 894D 94
MOV DWORD PTR
0040EC99 |. 6A 00
PUSH 0
0040EC9B |. 6A 00
PUSH 0
0040EC9D |. 8B4D 94
MOV ECX,DWORD
0040ECA0 |. E8 BB0E0000 CALL 0040FB60
fo.0040FB60
0040ECA5 |. A1 AC874400 MOV EAX,DWORD
0040ECAA |. 50
PUSH EAX
[4487AC] = -1
0040ECAB |. 6A 00
PUSH 0
0040ECAD |. 8B4D 08
MOV ECX,DWORD
0040ECB0 |. 51
PUSH ECX
[ARG.1]
0040ECB1 |. 8B4D 94
MOV ECX,DWORD
0040ECB4 |. E8 67030000 CALL 0040F020
fo.0040F020
0040ECB9 |. 8B45 94
MOV EAX,DWORD
0040ECBC |. 8BE5
MOV ESP,EBP
0040ECBE |. 5D
POP EBP
0040ECBF \. C2 0400
RETN 4
0040ECC2
CC
INT3
0040ECC3
CC
INT3
0040ECC4
CC
INT3
0040ECC5
CC
INT3
0040ECC6
CC
INT3
0040ECC7
CC
INT3
0040ECC8
CC
INT3
0040ECC9
CC
INT3
0040ECCA
CC
INT3
0040ECCB
CC
INT3
0040ECCC
CC
INT3
0040ECCD
CC
INT3
0040ECCE
CC
INT3
0040ECCF
CC
INT3
0040ECD0 /$ 55
PUSH EBP
o.0040ECD0(guessed void)
0040ECD1 |. 8BEC
MOV EBP,ESP
0040ECD3 |. 83EC 18
SUB ESP,18
0040ECD6 |. 894D E8
MOV DWORD PTR
0040ECD9 |. 6A 00
PUSH 0
0040ECDB |. 6A 01
PUSH 1
0040ECDD |. 8B4D E8
MOV ECX,DWORD
0040ECE0 |. E8 7B0E0000 CALL 0040FB60
fo.0040FB60
0040ECE5 |. 8BE5
MOV ESP,EBP
0040ECE7 |. 5D
POP EBP
0040ECE8 \. C3
RETN
0040ECE9
CC
INT3
0040ECEA
CC
INT3
0040ECEB
CC
INT3
0040ECEC
CC
INT3
0040ECED
CC
INT3
0040ECEE
CC
INT3
0040ECEF
CC
INT3
0040ECF0 /$ 55
PUSH EBP
o.0040ECF0(guessed Arg1,Arg2,Arg3)
0040ECF1 |. 8BEC
MOV EBP,ESP
0040ECF3 |. 83EC 44
SUB ESP,44
0040ECF6 |. 894D C8
MOV DWORD PTR

SS:[LOCAL.27],ECX
PTR SS:[LOCAL.27]

;
;
;
;

/Arg2 = 0
|Arg1 = 0
|
\SystemIn

PTR DS:[4487AC]
; /Arg3 =>
PTR SS:[ARG.1]

; |Arg2 = 0
; |
; |Arg1 =>

PTR SS:[LOCAL.27]

; |
; \SystemIn

PTR SS:[LOCAL.27]

; SystemInf

SS:[EBP-18],ECX
PTR SS:[EBP-18]

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

; SystemInf

SS:[LOCAL.14],ECX

0040ECF9 |.
0040ECFC |.
0040ECFF |.
0040ED02 |.
0040ED05 |.
0040ED08 |.
0040ED0A |.
0040ED0F |>
0040ED12 |.
0040ED15 |.
0040ED18 |.
0040ED1B |.
0040ED1E |.
0040ED21 |.
0040ED24 |.
0040ED27 |.
0040ED29 |.
0040ED2C |.
0040ED2F |>
0040ED32 |.
0040ED37 |.
0040ED3A |.
0040ED3D |.
0040ED3F |.
0040ED42 |.
0040ED45 |.
0040ED48 |.
0040ED4B |.
0040ED4E |.
0040ED50 |>
0040ED55 |>
0040ED59 |.
0040ED5F |.
0040ED62 |.
0040ED65 |.
0040ED68 |.
0040ED6B |.
0040ED6D |.
0040ED70 |.
[LOCAL.1]
0040ED71 |.
0040ED74 |.
fo.0040F9F0
0040ED79 |.
0040ED7C |.
0040ED7E |.
0040ED84 |.
0040ED87 |.
0040ED8B |.
0040ED8D |.
0040ED90 |.
0040ED93 |.
0040ED96 |.
0040ED98 |>
0040ED9B |.
0040ED9E |.
0040EDA1 |>
0040EDA4 |.
0040EDA8 |.
0040EDAA |.

8B45 08
8B48 14
894D F8
8B55 F8
3B55 0C
73 05
E8 56EF0100
8B45 08
8B48 14
894D F4
8B55 F4
2B55 0C
8955 FC
8B45 FC
3B45 10
73 06
8B4D FC
894D 10
8B55 C8
A1 AC874400
2B42 14
3B45 10
76 11
8B4D C8
8B51 14
0355 10
8B45 C8
3B50 14
73 05
E8 D8EE0100
837D 10 00
0F86 D0000000
8B4D C8
8B51 14
0355 10
8955 FC
6A 00
8B45 FC
50

MOV EAX,DWORD PTR SS:[ARG.1]


MOV ECX,DWORD PTR DS:[EAX+14]
MOV DWORD PTR SS:[LOCAL.2],ECX
MOV EDX,DWORD PTR SS:[LOCAL.2]
CMP EDX,DWORD PTR SS:[ARG.2]
JNB SHORT 0040ED0F
CALL 0042DC65
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ECX,DWORD PTR DS:[EAX+14]
MOV DWORD PTR SS:[LOCAL.3],ECX
MOV EDX,DWORD PTR SS:[LOCAL.3]
SUB EDX,DWORD PTR SS:[ARG.2]
MOV DWORD PTR SS:[LOCAL.1],EDX
MOV EAX,DWORD PTR SS:[LOCAL.1]
CMP EAX,DWORD PTR SS:[ARG.3]
JNB SHORT 0040ED2F
MOV ECX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR SS:[ARG.3],ECX
MOV EDX,DWORD PTR SS:[LOCAL.14]
MOV EAX,DWORD PTR DS:[4487AC]
SUB EAX,DWORD PTR DS:[EDX+14]
CMP EAX,DWORD PTR SS:[ARG.3]
JBE SHORT 0040ED50
MOV ECX,DWORD PTR SS:[LOCAL.14]
MOV EDX,DWORD PTR DS:[ECX+14]
ADD EDX,DWORD PTR SS:[ARG.3]
MOV EAX,DWORD PTR SS:[LOCAL.14]
CMP EDX,DWORD PTR DS:[EAX+14]
JNB SHORT 0040ED55
CALL 0042DC2D
CMP DWORD PTR SS:[ARG.3],0
JBE 0040EE2F
MOV ECX,DWORD PTR SS:[LOCAL.14]
MOV EDX,DWORD PTR DS:[ECX+14]
ADD EDX,DWORD PTR SS:[ARG.3]
MOV DWORD PTR SS:[LOCAL.1],EDX
PUSH 0
MOV EAX,DWORD PTR SS:[LOCAL.1]
PUSH EAX

; /Arg2 = 0
; |
; |Arg1 =>

8B4D C8
E8 770C0000

MOV ECX,DWORD PTR SS:[LOCAL.14]


CALL 0040F9F0

; |
; \SystemIn

0FB6C8
85C9
0F84 AB000000
8B55 08
837A 18 10
72 0B
8B45 08
8B48 04
894D C4
EB 09
8B55 08
83C2 04
8955 C4
8B45 C8
8378 18 10
72 0B
8B4D C8

MOVZX ECX,AL
TEST ECX,ECX
JE 0040EE2F
MOV EDX,DWORD PTR SS:[ARG.1]
CMP DWORD PTR DS:[EDX+18],10
JB SHORT 0040ED98
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.15],ECX
JMP SHORT 0040EDA1
MOV EDX,DWORD PTR SS:[ARG.1]
ADD EDX,4
MOV DWORD PTR SS:[LOCAL.15],EDX
MOV EAX,DWORD PTR SS:[LOCAL.14]
CMP DWORD PTR DS:[EAX+18],10
JB SHORT 0040EDB5
MOV ECX,DWORD PTR SS:[LOCAL.14]

0040EDAD |.
0040EDB0 |.
0040EDB3 |.
0040EDB5 |>
0040EDB8 |.
0040EDBB |.
0040EDBE |>
0040EDC1 |.
0040EDC4 |.
0040EDC7 |.
0040EDCA |.
0040EDCD |.
0040EDD0 |.
0040EDD3 |.
0040EDD6 |.
0040EDD9 |.
0040EDDC |.
0040EDDF |.
0040EDE2 |.
0040EDE3 |.
0040EDE6 |.
0040EDE9 |.
0040EDEA |.
0040EDED |.
[LOCAL.12]
0040EDEE |.
0040EDF1 |.
[LOCAL.11]
0040EDF2 |.
fo.0042EA08
0040EDF7 |.
0040EDFA |.
0040EDFE |.
0040EE01 |.
0040EE04 |.
0040EE07 |.
0040EE0A |.
0040EE0E |.
0040EE10 |.
0040EE13 |.
0040EE16 |.
0040EE19 |.
0040EE1B |>
0040EE1E |.
0040EE21 |.
0040EE24 |>
0040EE27 |.
0040EE2A |.
0040EE2D |.
0040EE2F |>
0040EE32 |.
0040EE34 |.
0040EE35 \.
0040EE38
0040EE39
0040EE3A
0040EE3B
0040EE3C
0040EE3D
0040EE3E

8B51 04
8955 C0
EB 09
8B45 C8
83C0 04
8945 C0
8B4D C8
8B55 C8
8B41 18
2B42 14
8945 D0
8B4D C8
8B55 C0
0351 14
8955 D4
8A45 DA
8845 DB
8B4D 10
51
8B55 C4
0355 0C
52
8B45 D0
50

MOV EDX,DWORD PTR DS:[ECX+4]


MOV DWORD PTR SS:[LOCAL.16],EDX
JMP SHORT 0040EDBE
MOV EAX,DWORD PTR SS:[LOCAL.14]
ADD EAX,4
MOV DWORD PTR SS:[LOCAL.16],EAX
MOV ECX,DWORD PTR SS:[LOCAL.14]
MOV EDX,DWORD PTR SS:[LOCAL.14]
MOV EAX,DWORD PTR DS:[ECX+18]
SUB EAX,DWORD PTR DS:[EDX+14]
MOV DWORD PTR SS:[LOCAL.12],EAX
MOV ECX,DWORD PTR SS:[LOCAL.14]
MOV EDX,DWORD PTR SS:[LOCAL.16]
ADD EDX,DWORD PTR DS:[ECX+14]
MOV DWORD PTR SS:[LOCAL.11],EDX
MOV AL,BYTE PTR SS:[LOCAL.10+2]
MOV BYTE PTR SS:[LOCAL.10+3],AL
MOV ECX,DWORD PTR SS:[ARG.3]
PUSH ECX
MOV EDX,DWORD PTR SS:[LOCAL.15]
ADD EDX,DWORD PTR SS:[ARG.2]
PUSH EDX
MOV EAX,DWORD PTR SS:[LOCAL.12]
PUSH EAX

;
;
;
;
;
;

8B4D D4
51

MOV ECX,DWORD PTR SS:[LOCAL.11]


PUSH ECX

; |
; |Arg1 =>

E8 11FC0100

CALL 0042EA08

; \SystemIn

83C4 10
C645 CF 00
8B55 C8
8B45 FC
8942 14
8B4D C8
8379 18 10
72 0B
8B55 C8
8B42 04
8945 BC
EB 09
8B4D C8
83C1 04
894D BC
8B55 BC
0355 FC
8A45 CF
8802
8B45 C8
8BE5
5D
C2 0C00
CC
CC
CC
CC
CC
CC
CC

ADD ESP,10
MOV BYTE PTR SS:[LOCAL.13+3],0
MOV EDX,DWORD PTR SS:[LOCAL.14]
MOV EAX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR DS:[EDX+14],EAX
MOV ECX,DWORD PTR SS:[LOCAL.14]
CMP DWORD PTR DS:[ECX+18],10
JB SHORT 0040EE1B
MOV EDX,DWORD PTR SS:[LOCAL.14]
MOV EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.17],EAX
JMP SHORT 0040EE24
MOV ECX,DWORD PTR SS:[LOCAL.14]
ADD ECX,4
MOV DWORD PTR SS:[LOCAL.17],ECX
MOV EDX,DWORD PTR SS:[LOCAL.17]
ADD EDX,DWORD PTR SS:[LOCAL.1]
MOV AL,BYTE PTR SS:[LOCAL.13+3]
MOV BYTE PTR DS:[EDX],AL
MOV EAX,DWORD PTR SS:[LOCAL.14]
MOV ESP,EBP
POP EBP
RETN 0C
INT3
INT3
INT3
INT3
INT3
INT3
INT3

/Arg4
|
|
|Arg3
|
|Arg2 =>

0040EE3F
CC
INT3
0040EE40 /$ 55
PUSH EBP
o.0040EE40(guessed Arg1,Arg2)
0040EE41 |. 8BEC
MOV EBP,ESP
0040EE43 |. 83EC 54
SUB ESP,54
0040EE46 |. 894D B8
MOV DWORD PTR SS:[LOCAL.18],ECX
0040EE49 |. 8B45 08
MOV EAX,DWORD PTR SS:[ARG.1]
0040EE4C |. 50
PUSH EAX
[ARG.1]
0040EE4D |. 8B4D B8
MOV ECX,DWORD PTR SS:[LOCAL.18]
0040EE50 |. E8 9B0C0000 CALL 0040FAF0
fo.0040FAF0
0040EE55 |. 0FB6C8
MOVZX ECX,AL
0040EE58 |. 85C9
TEST ECX,ECX
0040EE5A |. 74 39
JE SHORT 0040EE95
0040EE5C |. 8B55 B8
MOV EDX,DWORD PTR SS:[LOCAL.18]
0040EE5F |. 837A 18 10
CMP DWORD PTR DS:[EDX+18],10
0040EE63 |. 72 0B
JB SHORT 0040EE70
0040EE65 |. 8B45 B8
MOV EAX,DWORD PTR SS:[LOCAL.18]
0040EE68 |. 8B48 04
MOV ECX,DWORD PTR DS:[EAX+4]
0040EE6B |. 894D B4
MOV DWORD PTR SS:[LOCAL.19],ECX
0040EE6E |. EB 09
JMP SHORT 0040EE79
0040EE70 |> 8B55 B8
MOV EDX,DWORD PTR SS:[LOCAL.18]
0040EE73 |. 83C2 04
ADD EDX,4
0040EE76 |. 8955 B4
MOV DWORD PTR SS:[LOCAL.19],EDX
0040EE79 |> 8B45 0C
MOV EAX,DWORD PTR SS:[ARG.2]
0040EE7C |. 50
PUSH EAX
[ARG.2]
0040EE7D |. 8B4D 08
MOV ECX,DWORD PTR SS:[ARG.1]
0040EE80 |. 2B4D B4
SUB ECX,DWORD PTR SS:[LOCAL.19]
0040EE83 |. 51
PUSH ECX
0040EE84 |. 8B55 B8
MOV EDX,DWORD PTR SS:[LOCAL.18]
0040EE87 |. 52
PUSH EDX
ARG.ECX
0040EE88 |. 8B4D B8
MOV ECX,DWORD PTR SS:[LOCAL.18]
0040EE8B |. E8 60FEFFFF CALL 0040ECF0
fo.0040ECF0
0040EE90 |. E9 E4000000 JMP 0040EF79
0040EE95 |> 8B45 B8
MOV EAX,DWORD PTR SS:[LOCAL.18]
0040EE98 |. 8B0D AC874400 MOV ECX,DWORD PTR DS:[4487AC]
0040EE9E |. 2B48 14
SUB ECX,DWORD PTR DS:[EAX+14]
0040EEA1 |. 3B4D 0C
CMP ECX,DWORD PTR SS:[ARG.2]
0040EEA4 |. 76 11
JBE SHORT 0040EEB7
0040EEA6 |. 8B55 B8
MOV EDX,DWORD PTR SS:[LOCAL.18]
0040EEA9 |. 8B42 14
MOV EAX,DWORD PTR DS:[EDX+14]
0040EEAC |. 0345 0C
ADD EAX,DWORD PTR SS:[ARG.2]
0040EEAF |. 8B4D B8
MOV ECX,DWORD PTR SS:[LOCAL.18]
0040EEB2 |. 3B41 14
CMP EAX,DWORD PTR DS:[ECX+14]
0040EEB5 |. 73 05
JNB SHORT 0040EEBC
0040EEB7 |> E8 71ED0100 CALL 0042DC2D
0040EEBC |> 837D 0C 00
CMP DWORD PTR SS:[ARG.2],0
0040EEC0 |. 0F86 B0000000 JBE 0040EF76
0040EEC6 |. 8B55 B8
MOV EDX,DWORD PTR SS:[LOCAL.18]
0040EEC9 |. 8B42 14
MOV EAX,DWORD PTR DS:[EDX+14]
0040EECC |. 0345 0C
ADD EAX,DWORD PTR SS:[ARG.2]
0040EECF |. 8945 FC
MOV DWORD PTR SS:[LOCAL.1],EAX
0040EED2 |. 6A 00
PUSH 0
0040EED4 |. 8B4D FC
MOV ECX,DWORD PTR SS:[LOCAL.1]
0040EED7 |. 51
PUSH ECX
[LOCAL.1]

; SystemInf

; /Arg1 =>
; |
; \SystemIn

; /Arg3 =>
;
;
;
;
;

|
|
|Arg2
|
|Arg1 =>

; |
; \SystemIn

; /Arg2 = 0
; |
; |Arg1 =>

0040EED8 |.
0040EEDB |.
fo.0040F9F0
0040EEE0 |.
0040EEE3 |.
0040EEE5 |.
0040EEEB |.
0040EEEE |.
0040EEF2 |.
0040EEF4 |.
0040EEF7 |.
0040EEFA |.
0040EEFD |.
0040EEFF |>
0040EF02 |.
0040EF05 |.
0040EF08 |>
0040EF0B |.
0040EF0E |.
0040EF11 |.
0040EF14 |.
0040EF17 |.
0040EF1A |.
0040EF1D |.
0040EF20 |.
0040EF23 |.
0040EF26 |.
0040EF29 |.
0040EF2C |.
[ARG.2]
0040EF2D |.
0040EF30 |.
[ARG.1]
0040EF31 |.
0040EF34 |.
[LOCAL.16]
0040EF35 |.
0040EF38 |.
[LOCAL.15]
0040EF39 |.
fo.0042EA08
0040EF3E |.
0040EF41 |.
0040EF45 |.
0040EF48 |.
0040EF4B |.
0040EF4E |.
0040EF51 |.
0040EF55 |.
0040EF57 |.
0040EF5A |.
0040EF5D |.
0040EF60 |.
0040EF62 |>
0040EF65 |.
0040EF68 |.
0040EF6B |>
0040EF6E |.
0040EF71 |.
0040EF74 |.

8B4D B8
E8 100B0000

MOV ECX,DWORD PTR SS:[LOCAL.18]


CALL 0040F9F0

; |
; \SystemIn

0FB6D0
85D2
0F84 8B000000
8B45 B8
8378 18 10
72 0B
8B4D B8
8B51 04
8955 B0
EB 09
8B45 B8
83C0 04
8945 B0
8B4D B8
8B55 B8
8B41 18
2B42 14
8945 C0
8B4D B8
8B55 B0
0351 14
8955 C4
8A45 CA
8845 CB
8B4D 0C
51

MOVZX EDX,AL
TEST EDX,EDX
JE 0040EF76
MOV EAX,DWORD PTR SS:[LOCAL.18]
CMP DWORD PTR DS:[EAX+18],10
JB SHORT 0040EEFF
MOV ECX,DWORD PTR SS:[LOCAL.18]
MOV EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[LOCAL.20],EDX
JMP SHORT 0040EF08
MOV EAX,DWORD PTR SS:[LOCAL.18]
ADD EAX,4
MOV DWORD PTR SS:[LOCAL.20],EAX
MOV ECX,DWORD PTR SS:[LOCAL.18]
MOV EDX,DWORD PTR SS:[LOCAL.18]
MOV EAX,DWORD PTR DS:[ECX+18]
SUB EAX,DWORD PTR DS:[EDX+14]
MOV DWORD PTR SS:[LOCAL.16],EAX
MOV ECX,DWORD PTR SS:[LOCAL.18]
MOV EDX,DWORD PTR SS:[LOCAL.20]
ADD EDX,DWORD PTR DS:[ECX+14]
MOV DWORD PTR SS:[LOCAL.15],EDX
MOV AL,BYTE PTR SS:[LOCAL.14+2]
MOV BYTE PTR SS:[LOCAL.14+3],AL
MOV ECX,DWORD PTR SS:[ARG.2]
PUSH ECX

; /Arg4 =>

8B55 08
52

MOV EDX,DWORD PTR SS:[ARG.1]


PUSH EDX

; |
; |Arg3 =>

8B45 C0
50

MOV EAX,DWORD PTR SS:[LOCAL.16]


PUSH EAX

; |
; |Arg2 =>

8B4D C4
51

MOV ECX,DWORD PTR SS:[LOCAL.15]


PUSH ECX

; |
; |Arg1 =>

E8 CAFA0100

CALL 0042EA08

; \SystemIn

83C4 10
C645 BF 00
8B55 B8
8B45 FC
8942 14
8B4D B8
8379 18 10
72 0B
8B55 B8
8B42 04
8945 AC
EB 09
8B4D B8
83C1 04
894D AC
8B55 AC
0355 FC
8A45 BF
8802

ADD ESP,10
MOV BYTE PTR SS:[LOCAL.17+3],0
MOV EDX,DWORD PTR SS:[LOCAL.18]
MOV EAX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR DS:[EDX+14],EAX
MOV ECX,DWORD PTR SS:[LOCAL.18]
CMP DWORD PTR DS:[ECX+18],10
JB SHORT 0040EF62
MOV EDX,DWORD PTR SS:[LOCAL.18]
MOV EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.21],EAX
JMP SHORT 0040EF6B
MOV ECX,DWORD PTR SS:[LOCAL.18]
ADD ECX,4
MOV DWORD PTR SS:[LOCAL.21],ECX
MOV EDX,DWORD PTR SS:[LOCAL.21]
ADD EDX,DWORD PTR SS:[LOCAL.1]
MOV AL,BYTE PTR SS:[LOCAL.17+3]
MOV BYTE PTR DS:[EDX],AL

0040EF76 |> 8B45 B8


MOV EAX,DWORD PTR SS:[LOCAL.18]
0040EF79 |> 8BE5
MOV ESP,EBP
0040EF7B |. 5D
POP EBP
0040EF7C \. C2 0800
RETN 8
0040EF7F
CC
INT3
0040EF80 /$ 55
PUSH EBP
o.0040EF80(guessed Arg1,Arg2)
0040EF81 |. 8BEC
MOV EBP,ESP
0040EF83 |. 83EC 28
SUB ESP,28
0040EF86 |. 894D DC
MOV DWORD PTR SS:[LOCAL.9],ECX
0040EF89 |. 8B45 DC
MOV EAX,DWORD PTR SS:[LOCAL.9]
0040EF8C |. 8B0D AC874400 MOV ECX,DWORD PTR DS:[4487AC]
0040EF92 |. 2B48 14
SUB ECX,DWORD PTR DS:[EAX+14]
0040EF95 |. 3B4D 08
CMP ECX,DWORD PTR SS:[ARG.1]
0040EF98 |. 77 05
JA SHORT 0040EF9F
0040EF9A |. E8 8EEC0100 CALL 0042DC2D
0040EF9F |> 837D 08 00
CMP DWORD PTR SS:[ARG.1],0
0040EFA3 |. 76 6E
JBE SHORT 0040F013
0040EFA5 |. 8B55 DC
MOV EDX,DWORD PTR SS:[LOCAL.9]
0040EFA8 |. 8B42 14
MOV EAX,DWORD PTR DS:[EDX+14]
0040EFAB |. 0345 08
ADD EAX,DWORD PTR SS:[ARG.1]
0040EFAE |. 8945 FC
MOV DWORD PTR SS:[LOCAL.1],EAX
0040EFB1 |. 6A 00
PUSH 0
0040EFB3 |. 8B4D FC
MOV ECX,DWORD PTR SS:[LOCAL.1]
0040EFB6 |. 51
PUSH ECX
[LOCAL.1]
0040EFB7 |. 8B4D DC
MOV ECX,DWORD PTR SS:[LOCAL.9]
0040EFBA |. E8 310A0000 CALL 0040F9F0
fo.0040F9F0
0040EFBF |. 0FB6D0
MOVZX EDX,AL
0040EFC2 |. 85D2
TEST EDX,EDX
0040EFC4 |. 74 4D
JE SHORT 0040F013
0040EFC6 |. 0FB645 0C
MOVZX EAX,BYTE PTR SS:[ARG.2]
0040EFCA |. 50
PUSH EAX
0040EFCB |. 8B4D 08
MOV ECX,DWORD PTR SS:[ARG.1]
0040EFCE |. 51
PUSH ECX
[ARG.1]
0040EFCF |. 8B55 DC
MOV EDX,DWORD PTR SS:[LOCAL.9]
0040EFD2 |. 8B42 14
MOV EAX,DWORD PTR DS:[EDX+14]
0040EFD5 |. 50
PUSH EAX
[ARG.ECX+14]
0040EFD6 |. 8B4D DC
MOV ECX,DWORD PTR SS:[LOCAL.9]
0040EFD9 |. E8 92090000 CALL 0040F970
fo.0040F970
0040EFDE |. C645 E0 00
MOV BYTE PTR SS:[LOCAL.8],0
0040EFE2 |. 8B4D DC
MOV ECX,DWORD PTR SS:[LOCAL.9]
0040EFE5 |. 8B55 FC
MOV EDX,DWORD PTR SS:[LOCAL.1]
0040EFE8 |. 8951 14
MOV DWORD PTR DS:[ECX+14],EDX
0040EFEB |. 8B45 DC
MOV EAX,DWORD PTR SS:[LOCAL.9]
0040EFEE |. 8378 18 10
CMP DWORD PTR DS:[EAX+18],10
0040EFF2 |. 72 0B
JB SHORT 0040EFFF
0040EFF4 |. 8B4D DC
MOV ECX,DWORD PTR SS:[LOCAL.9]
0040EFF7 |. 8B51 04
MOV EDX,DWORD PTR DS:[ECX+4]
0040EFFA |. 8955 D8
MOV DWORD PTR SS:[LOCAL.10],EDX
0040EFFD |. EB 09
JMP SHORT 0040F008
0040EFFF |> 8B45 DC
MOV EAX,DWORD PTR SS:[LOCAL.9]
0040F002 |. 83C0 04
ADD EAX,4
0040F005 |. 8945 D8
MOV DWORD PTR SS:[LOCAL.10],EAX
0040F008 |> 8B4D D8
MOV ECX,DWORD PTR SS:[LOCAL.10]
0040F00B |. 034D FC
ADD ECX,DWORD PTR SS:[LOCAL.1]

; SystemInf

; /Arg2 = 0
; |
; |Arg1 =>
; |
; \SystemIn

; /Arg3
; |
; |Arg2 =>
; |
; |
; |Arg1 =>
; |
; \SystemIn

0040F00E |. 8A55 E0
MOV DL,BYTE PTR SS:[LOCAL.8]
0040F011 |. 8811
MOV BYTE PTR DS:[ECX],DL
0040F013 |> 8B45 DC
MOV EAX,DWORD PTR SS:[LOCAL.9]
0040F016 |. 8BE5
MOV ESP,EBP
0040F018 |. 5D
POP EBP
0040F019 \. C2 0800
RETN 8
0040F01C
CC
INT3
0040F01D
CC
INT3
0040F01E
CC
INT3
0040F01F
CC
INT3
0040F020 /$ 55
PUSH EBP
o.0040F020(guessed Arg1,Arg2,Arg3)
0040F021 |. 8BEC
MOV EBP,ESP
0040F023 |. 83EC 60
SUB ESP,60
0040F026 |. 894D A8
MOV DWORD PTR SS:[LOCAL.22],ECX
0040F029 |. 8B45 08
MOV EAX,DWORD PTR SS:[ARG.1]
0040F02C |. 8B48 14
MOV ECX,DWORD PTR DS:[EAX+14]
0040F02F |. 894D F8
MOV DWORD PTR SS:[LOCAL.2],ECX
0040F032 |. 8B55 F8
MOV EDX,DWORD PTR SS:[LOCAL.2]
0040F035 |. 3B55 0C
CMP EDX,DWORD PTR SS:[ARG.2]
0040F038 |. 73 05
JNB SHORT 0040F03F
0040F03A |. E8 26EC0100 CALL 0042DC65
0040F03F |> 8B45 08
MOV EAX,DWORD PTR SS:[ARG.1]
0040F042 |. 8B48 14
MOV ECX,DWORD PTR DS:[EAX+14]
0040F045 |. 894D F4
MOV DWORD PTR SS:[LOCAL.3],ECX
0040F048 |. 8B55 F4
MOV EDX,DWORD PTR SS:[LOCAL.3]
0040F04B |. 2B55 0C
SUB EDX,DWORD PTR SS:[ARG.2]
0040F04E |. 8955 FC
MOV DWORD PTR SS:[LOCAL.1],EDX
0040F051 |. 8B45 10
MOV EAX,DWORD PTR SS:[ARG.3]
0040F054 |. 3B45 FC
CMP EAX,DWORD PTR SS:[LOCAL.1]
0040F057 |. 73 06
JNB SHORT 0040F05F
0040F059 |. 8B4D 10
MOV ECX,DWORD PTR SS:[ARG.3]
0040F05C |. 894D FC
MOV DWORD PTR SS:[LOCAL.1],ECX
0040F05F |> 8B55 A8
MOV EDX,DWORD PTR SS:[LOCAL.22]
0040F062 |. 3B55 08
CMP EDX,DWORD PTR SS:[ARG.1]
0040F065 |. 75 28
JNE SHORT 0040F08F
0040F067 |. A1 AC874400 MOV EAX,DWORD PTR DS:[4487AC]
0040F06C |. 50
PUSH EAX
[4487AC] = -1
0040F06D |. 8B4D 0C
MOV ECX,DWORD PTR SS:[ARG.2]
0040F070 |. 034D FC
ADD ECX,DWORD PTR SS:[LOCAL.1]
0040F073 |. 51
PUSH ECX
0040F074 |. 8B4D A8
MOV ECX,DWORD PTR SS:[LOCAL.22]
0040F077 |. E8 84030000 CALL 0040F400
fo.0040F400
0040F07C |. 8B55 0C
MOV EDX,DWORD PTR SS:[ARG.2]
0040F07F |. 52
PUSH EDX
[ARG.2]
0040F080 |. 6A 00
PUSH 0
0040F082 |. 8B4D A8
MOV ECX,DWORD PTR SS:[LOCAL.22]
0040F085 |. E8 76030000 CALL 0040F400
fo.0040F400
0040F08A |. E9 B2000000 JMP 0040F141
0040F08F |> 6A 00
PUSH 0
0040F091 |. 8B45 FC
MOV EAX,DWORD PTR SS:[LOCAL.1]
0040F094 |. 50
PUSH EAX
0040F095 |. 8B4D A8
MOV ECX,DWORD PTR SS:[LOCAL.22]
0040F098 |. E8 53090000 CALL 0040F9F0
fo.0040F9F0
0040F09D |. 0FB6C8
MOVZX ECX,AL

; SystemInf

; /Arg2 =>
;
;
;
;
;

|
|
|Arg1
|
\SystemIn

; /Arg2 =>
; |Arg1 = 0
; |
; \SystemIn
;
;
;
;
;

/Arg2 = 0
|
|Arg1
|
\SystemIn

0040F0A0 |.
0040F0A2 |.
0040F0A8 |.
0040F0AB |.
0040F0AF |.
0040F0B1 |.
0040F0B4 |.
0040F0B7 |.
0040F0BA |.
0040F0BC |>
0040F0BF |.
0040F0C2 |.
0040F0C5 |>
0040F0C8 |.
0040F0CC |.
0040F0CE |.
0040F0D1 |.
0040F0D4 |.
0040F0D7 |.
0040F0D9 |>
0040F0DC |.
0040F0DF |.
0040F0E2 |>
0040F0E5 |.
0040F0E8 |.
0040F0EB |.
0040F0EE |.
0040F0F1 |.
0040F0F4 |.
0040F0F5 |.
0040F0F8 |.
0040F0FB |.
0040F0FC |.
0040F0FF |.
[ARG.ECX+18]
0040F100 |.
0040F103 |.
0040F104 |.
fo.0042EA08
0040F109 |.
0040F10C |.
0040F110 |.
0040F113 |.
0040F116 |.
0040F119 |.
0040F11C |.
0040F120 |.
0040F122 |.
0040F125 |.
0040F128 |.
0040F12B |.
0040F12D |>
0040F130 |.
0040F133 |.
0040F136 |>
0040F139 |.
0040F13C |.
0040F13F |.
0040F141 |>
0040F144 |.

85C9
0F84 99000000
8B55 08
837A 18 10
72 0B
8B45 08
8B48 04
894D A4
EB 09
8B55 08
83C2 04
8955 A4
8B45 A8
8378 18 10
72 0B
8B4D A8
8B51 04
8955 B4
EB 09
8B45 A8
83C0 04
8945 B4
8B4D A8
8B51 18
8955 B0
8A45 B9
8845 BA
8B4D FC
51
8B55 A4
0355 0C
52
8B45 B0
50

TEST ECX,ECX
JE 0040F141
MOV EDX,DWORD PTR SS:[ARG.1]
CMP DWORD PTR DS:[EDX+18],10
JB SHORT 0040F0BC
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.23],ECX
JMP SHORT 0040F0C5
MOV EDX,DWORD PTR SS:[ARG.1]
ADD EDX,4
MOV DWORD PTR SS:[LOCAL.23],EDX
MOV EAX,DWORD PTR SS:[LOCAL.22]
CMP DWORD PTR DS:[EAX+18],10
JB SHORT 0040F0D9
MOV ECX,DWORD PTR SS:[LOCAL.22]
MOV EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[LOCAL.19],EDX
JMP SHORT 0040F0E2
MOV EAX,DWORD PTR SS:[LOCAL.22]
ADD EAX,4
MOV DWORD PTR SS:[LOCAL.19],EAX
MOV ECX,DWORD PTR SS:[LOCAL.22]
MOV EDX,DWORD PTR DS:[ECX+18]
MOV DWORD PTR SS:[LOCAL.20],EDX
MOV AL,BYTE PTR SS:[LOCAL.18+1]
MOV BYTE PTR SS:[LOCAL.18+2],AL
MOV ECX,DWORD PTR SS:[LOCAL.1]
PUSH ECX
MOV EDX,DWORD PTR SS:[LOCAL.23]
ADD EDX,DWORD PTR SS:[ARG.2]
PUSH EDX
MOV EAX,DWORD PTR SS:[LOCAL.20]
PUSH EAX

;
;
;
;
;
;

8B4D B4
51
E8 FFF80100

MOV ECX,DWORD PTR SS:[LOCAL.19]


PUSH ECX
CALL 0042EA08

; |
; |Arg1
; \SystemIn

83C4 10
C645 AF 00
8B55 A8
8B45 FC
8942 14
8B4D A8
8379 18 10
72 0B
8B55 A8
8B42 04
8945 A0
EB 09
8B4D A8
83C1 04
894D A0
8B55 A0
0355 FC
8A45 AF
8802
8B45 A8
8BE5

ADD ESP,10
MOV BYTE PTR SS:[LOCAL.21+3],0
MOV EDX,DWORD PTR SS:[LOCAL.22]
MOV EAX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR DS:[EDX+14],EAX
MOV ECX,DWORD PTR SS:[LOCAL.22]
CMP DWORD PTR DS:[ECX+18],10
JB SHORT 0040F12D
MOV EDX,DWORD PTR SS:[LOCAL.22]
MOV EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.24],EAX
JMP SHORT 0040F136
MOV ECX,DWORD PTR SS:[LOCAL.22]
ADD ECX,4
MOV DWORD PTR SS:[LOCAL.24],ECX
MOV EDX,DWORD PTR SS:[LOCAL.24]
ADD EDX,DWORD PTR SS:[LOCAL.1]
MOV AL,BYTE PTR SS:[LOCAL.21+3]
MOV BYTE PTR DS:[EDX],AL
MOV EAX,DWORD PTR SS:[LOCAL.22]
MOV ESP,EBP

/Arg4
|
|
|Arg3
|
|Arg2 =>

0040F146 |. 5D
POP EBP
0040F147 \. C2 0C00
RETN 0C
0040F14A
CC
INT3
0040F14B
CC
INT3
0040F14C
CC
INT3
0040F14D
CC
INT3
0040F14E
CC
INT3
0040F14F
CC
INT3
0040F150 /$ 55
PUSH EBP
o.0040F150(guessed Arg1,Arg2)
0040F151 |. 8BEC
MOV EBP,ESP
0040F153 |. 83EC 60
SUB ESP,60
0040F156 |. 894D A8
MOV DWORD PTR SS:[LOCAL.22],ECX
0040F159 |. 8B45 08
MOV EAX,DWORD PTR SS:[ARG.1]
0040F15C |. 50
PUSH EAX
[ARG.1]
0040F15D |. 8B4D A8
MOV ECX,DWORD PTR SS:[LOCAL.22]
0040F160 |. E8 8B090000 CALL 0040FAF0
fo.0040FAF0
0040F165 |. 0FB6C8
MOVZX ECX,AL
0040F168 |. 85C9
TEST ECX,ECX
0040F16A |. 74 39
JE SHORT 0040F1A5
0040F16C |. 8B55 A8
MOV EDX,DWORD PTR SS:[LOCAL.22]
0040F16F |. 837A 18 10
CMP DWORD PTR DS:[EDX+18],10
0040F173 |. 72 0B
JB SHORT 0040F180
0040F175 |. 8B45 A8
MOV EAX,DWORD PTR SS:[LOCAL.22]
0040F178 |. 8B48 04
MOV ECX,DWORD PTR DS:[EAX+4]
0040F17B |. 894D A4
MOV DWORD PTR SS:[LOCAL.23],ECX
0040F17E |. EB 09
JMP SHORT 0040F189
0040F180 |> 8B55 A8
MOV EDX,DWORD PTR SS:[LOCAL.22]
0040F183 |. 83C2 04
ADD EDX,4
0040F186 |. 8955 A4
MOV DWORD PTR SS:[LOCAL.23],EDX
0040F189 |> 8B45 0C
MOV EAX,DWORD PTR SS:[ARG.2]
0040F18C |. 50
PUSH EAX
[ARG.2]
0040F18D |. 8B4D 08
MOV ECX,DWORD PTR SS:[ARG.1]
0040F190 |. 2B4D A4
SUB ECX,DWORD PTR SS:[LOCAL.23]
0040F193 |. 51
PUSH ECX
0040F194 |. 8B55 A8
MOV EDX,DWORD PTR SS:[LOCAL.22]
0040F197 |. 52
PUSH EDX
ARG.ECX
0040F198 |. 8B4D A8
MOV ECX,DWORD PTR SS:[LOCAL.22]
0040F19B |. E8 80FEFFFF CALL 0040F020
fo.0040F020
0040F1A0 |. E9 91000000 JMP 0040F236
0040F1A5 |> 6A 00
PUSH 0
0040F1A7 |. 8B45 0C
MOV EAX,DWORD PTR SS:[ARG.2]
0040F1AA |. 50
PUSH EAX
[ARG.2]
0040F1AB |. 8B4D A8
MOV ECX,DWORD PTR SS:[LOCAL.22]
0040F1AE |. E8 3D080000 CALL 0040F9F0
fo.0040F9F0
0040F1B3 |. 0FB6C8
MOVZX ECX,AL
0040F1B6 |. 85C9
TEST ECX,ECX
0040F1B8 |. 74 79
JE SHORT 0040F233
0040F1BA |. 8B55 A8
MOV EDX,DWORD PTR SS:[LOCAL.22]
0040F1BD |. 837A 18 10
CMP DWORD PTR DS:[EDX+18],10
0040F1C1 |. 72 0B
JB SHORT 0040F1CE
0040F1C3 |. 8B45 A8
MOV EAX,DWORD PTR SS:[LOCAL.22]
0040F1C6 |. 8B48 04
MOV ECX,DWORD PTR DS:[EAX+4]

; SystemInf

; /Arg1 =>
; |
; \SystemIn

; /Arg3 =>
;
;
;
;
;

|
|
|Arg2
|
|Arg1 =>

; |
; \SystemIn
; /Arg2 = 0
; |
; |Arg1 =>
; |
; \SystemIn

0040F1C9 |. 894D B4
MOV DWORD PTR SS:[LOCAL.19],ECX
0040F1CC |. EB 09
JMP SHORT 0040F1D7
0040F1CE |> 8B55 A8
MOV EDX,DWORD PTR SS:[LOCAL.22]
0040F1D1 |. 83C2 04
ADD EDX,4
0040F1D4 |. 8955 B4
MOV DWORD PTR SS:[LOCAL.19],EDX
0040F1D7 |> 8B45 A8
MOV EAX,DWORD PTR SS:[LOCAL.22]
0040F1DA |. 8B48 18
MOV ECX,DWORD PTR DS:[EAX+18]
0040F1DD |. 894D B0
MOV DWORD PTR SS:[LOCAL.20],ECX
0040F1E0 |. 8A55 BA
MOV DL,BYTE PTR SS:[LOCAL.18+2]
0040F1E3 |. 8855 BB
MOV BYTE PTR SS:[LOCAL.18+3],DL
0040F1E6 |. 8B45 0C
MOV EAX,DWORD PTR SS:[ARG.2]
0040F1E9 |. 50
PUSH EAX
[ARG.2]
0040F1EA |. 8B4D 08
MOV ECX,DWORD PTR SS:[ARG.1]
0040F1ED |. 51
PUSH ECX
[ARG.1]
0040F1EE |. 8B55 B0
MOV EDX,DWORD PTR SS:[LOCAL.20]
0040F1F1 |. 52
PUSH EDX
[ARG.ECX+18]
0040F1F2 |. 8B45 B4
MOV EAX,DWORD PTR SS:[LOCAL.19]
0040F1F5 |. 50
PUSH EAX
0040F1F6 |. E8 0DF80100 CALL 0042EA08
fo.0042EA08
0040F1FB |. 83C4 10
ADD ESP,10
0040F1FE |. C645 AF 00
MOV BYTE PTR SS:[LOCAL.21+3],0
0040F202 |. 8B4D A8
MOV ECX,DWORD PTR SS:[LOCAL.22]
0040F205 |. 8B55 0C
MOV EDX,DWORD PTR SS:[ARG.2]
0040F208 |. 8951 14
MOV DWORD PTR DS:[ECX+14],EDX
0040F20B |. 8B45 A8
MOV EAX,DWORD PTR SS:[LOCAL.22]
0040F20E |. 8378 18 10
CMP DWORD PTR DS:[EAX+18],10
0040F212 |. 72 0B
JB SHORT 0040F21F
0040F214 |. 8B4D A8
MOV ECX,DWORD PTR SS:[LOCAL.22]
0040F217 |. 8B51 04
MOV EDX,DWORD PTR DS:[ECX+4]
0040F21A |. 8955 A0
MOV DWORD PTR SS:[LOCAL.24],EDX
0040F21D |. EB 09
JMP SHORT 0040F228
0040F21F |> 8B45 A8
MOV EAX,DWORD PTR SS:[LOCAL.22]
0040F222 |. 83C0 04
ADD EAX,4
0040F225 |. 8945 A0
MOV DWORD PTR SS:[LOCAL.24],EAX
0040F228 |> 8B4D A0
MOV ECX,DWORD PTR SS:[LOCAL.24]
0040F22B |. 034D 0C
ADD ECX,DWORD PTR SS:[ARG.2]
0040F22E |. 8A55 AF
MOV DL,BYTE PTR SS:[LOCAL.21+3]
0040F231 |. 8811
MOV BYTE PTR DS:[ECX],DL
0040F233 |> 8B45 A8
MOV EAX,DWORD PTR SS:[LOCAL.22]
0040F236 |> 8BE5
MOV ESP,EBP
0040F238 |. 5D
POP EBP
0040F239 \. C2 0800
RETN 8
0040F23C
CC
INT3
0040F23D
CC
INT3
0040F23E
CC
INT3
0040F23F
CC
INT3
0040F240 /$ 55
PUSH EBP
o.0040F240(guessed Arg1,Arg2)
0040F241 |. 8BEC
MOV EBP,ESP
0040F243 |. 83EC 24
SUB ESP,24
0040F246 |. 894D E0
MOV DWORD PTR SS:[LOCAL.8],ECX
0040F249 |. 8B45 08
MOV EAX,DWORD PTR SS:[ARG.1]
0040F24C |. 3B05 AC874400 CMP EAX,DWORD PTR DS:[4487AC]
0040F252 |. 75 05
JNE SHORT 0040F259
0040F254 |. E8 D4E90100 CALL 0042DC2D
0040F259 |> 6A 00
PUSH 0

; /Arg4 =>
; |
; |Arg3 =>
; |
; |Arg2 =>
; |
; |Arg1
; \SystemIn

; SystemInf

; /Arg2 = 0

0040F25B |. 8B4D 08
MOV ECX,DWORD PTR SS:[ARG.1]
0040F25E |. 51
PUSH ECX
[ARG.1]
0040F25F |. 8B4D E0
MOV ECX,DWORD PTR SS:[LOCAL.8]
0040F262 |. E8 89070000 CALL 0040F9F0
fo.0040F9F0
0040F267 |. 0FB6D0
MOVZX EDX,AL
0040F26A |. 85D2
TEST EDX,EDX
0040F26C |. 74 48
JE SHORT 0040F2B6
0040F26E |. 0FB645 0C
MOVZX EAX,BYTE PTR SS:[ARG.2]
0040F272 |. 50
PUSH EAX
0040F273 |. 8B4D 08
MOV ECX,DWORD PTR SS:[ARG.1]
0040F276 |. 51
PUSH ECX
[ARG.1]
0040F277 |. 6A 00
PUSH 0
0040F279 |. 8B4D E0
MOV ECX,DWORD PTR SS:[LOCAL.8]
0040F27C |. E8 EF060000 CALL 0040F970
fo.0040F970
0040F281 |. C645 E4 00
MOV BYTE PTR SS:[LOCAL.7],0
0040F285 |. 8B55 E0
MOV EDX,DWORD PTR SS:[LOCAL.8]
0040F288 |. 8B45 08
MOV EAX,DWORD PTR SS:[ARG.1]
0040F28B |. 8942 14
MOV DWORD PTR DS:[EDX+14],EAX
0040F28E |. 8B4D E0
MOV ECX,DWORD PTR SS:[LOCAL.8]
0040F291 |. 8379 18 10
CMP DWORD PTR DS:[ECX+18],10
0040F295 |. 72 0B
JB SHORT 0040F2A2
0040F297 |. 8B55 E0
MOV EDX,DWORD PTR SS:[LOCAL.8]
0040F29A |. 8B42 04
MOV EAX,DWORD PTR DS:[EDX+4]
0040F29D |. 8945 DC
MOV DWORD PTR SS:[LOCAL.9],EAX
0040F2A0 |. EB 09
JMP SHORT 0040F2AB
0040F2A2 |> 8B4D E0
MOV ECX,DWORD PTR SS:[LOCAL.8]
0040F2A5 |. 83C1 04
ADD ECX,4
0040F2A8 |. 894D DC
MOV DWORD PTR SS:[LOCAL.9],ECX
0040F2AB |> 8B55 DC
MOV EDX,DWORD PTR SS:[LOCAL.9]
0040F2AE |. 0355 08
ADD EDX,DWORD PTR SS:[ARG.1]
0040F2B1 |. 8A45 E4
MOV AL,BYTE PTR SS:[LOCAL.7]
0040F2B4 |. 8802
MOV BYTE PTR DS:[EDX],AL
0040F2B6 |> 8B45 E0
MOV EAX,DWORD PTR SS:[LOCAL.8]
0040F2B9 |. 8BE5
MOV ESP,EBP
0040F2BB |. 5D
POP EBP
0040F2BC \. C2 0800
RETN 8
0040F2BF
CC
INT3
0040F2C0 /$ 55
PUSH EBP
o.0040F2C0(guessed Arg1,Arg2,Arg3)
0040F2C1 |. 8BEC
MOV EBP,ESP
0040F2C3 |. 83EC 30
SUB ESP,30
0040F2C6 |. 894D DC
MOV DWORD PTR SS:[LOCAL.9],ECX
0040F2C9 |. 8B45 DC
MOV EAX,DWORD PTR SS:[LOCAL.9]
0040F2CC |. 8B48 14
MOV ECX,DWORD PTR DS:[EAX+14]
0040F2CF |. 3B4D 08
CMP ECX,DWORD PTR SS:[ARG.1]
0040F2D2 |. 73 05
JNB SHORT 0040F2D9
0040F2D4 |. E8 8CE90100 CALL 0042DC65
0040F2D9 |> 8B55 DC
MOV EDX,DWORD PTR SS:[LOCAL.9]
0040F2DC |. A1 AC874400 MOV EAX,DWORD PTR DS:[4487AC]
0040F2E1 |. 2B42 14
SUB EAX,DWORD PTR DS:[EDX+14]
0040F2E4 |. 3B45 0C
CMP EAX,DWORD PTR SS:[ARG.2]
0040F2E7 |. 77 05
JA SHORT 0040F2EE
0040F2E9 |. E8 3FE90100 CALL 0042DC2D
0040F2EE |> 837D 0C 00
CMP DWORD PTR SS:[ARG.2],0
0040F2F2 |. 0F86 F1000000 JBE 0040F3E9
0040F2F8 |. 8B4D DC
MOV ECX,DWORD PTR SS:[LOCAL.9]

; |
; |Arg1 =>
; |
; \SystemIn

; /Arg3
; |
; |Arg2 =>
; |Arg1 = 0
; |
; \SystemIn

; SystemInf

0040F2FB |.
0040F2FE |.
0040F301 |.
0040F304 |.
0040F306 |.
0040F309 |.
[LOCAL.1]
0040F30A |.
0040F30D |.
fo.0040F9F0
0040F312 |.
0040F315 |.
0040F317 |.
0040F31D |.
0040F320 |.
0040F324 |.
0040F326 |.
0040F329 |.
0040F32C |.
0040F32F |.
0040F331 |>
0040F334 |.
0040F337 |.
0040F33A |>
0040F33D |.
0040F341 |.
0040F343 |.
0040F346 |.
0040F349 |.
0040F34C |.
0040F34E |>
0040F351 |.
0040F354 |.
0040F357 |>
0040F35A |.
0040F35D |.
0040F360 |.
0040F363 |.
0040F366 |.
0040F369 |.
0040F36C |.
0040F36F |.
0040F372 |.
0040F375 |.
0040F378 |.
0040F37B |.
0040F37E |.
0040F381 |.
0040F384 |.
0040F387 |.
[LOCAL.7]
0040F388 |.
0040F38B |.
0040F38E |.
0040F38F |.
0040F392 |.
[LOCAL.6]
0040F393 |.
0040F396 |.
[LOCAL.5]

8B51 14
0355 0C
8955 FC
6A 00
8B45 FC
50

MOV EDX,DWORD
ADD EDX,DWORD
MOV DWORD PTR
PUSH 0
MOV EAX,DWORD
PUSH EAX

PTR DS:[ECX+14]
PTR SS:[ARG.2]
SS:[LOCAL.1],EDX
PTR SS:[LOCAL.1]

; /Arg2 = 0
; |
; |Arg1 =>

8B4D DC
E8 DE060000

MOV ECX,DWORD PTR SS:[LOCAL.9]


CALL 0040F9F0

; |
; \SystemIn

0FB6C8
85C9
0F84 CC000000
8B55 DC
837A 18 10
72 0B
8B45 DC
8B48 04
894D D8
EB 09
8B55 DC
83C2 04
8955 D8
8B45 DC
8378 18 10
72 0B
8B4D DC
8B51 04
8955 D4
EB 09
8B45 DC
83C0 04
8945 D4
8B4D DC
8B51 14
2B55 08
8955 E4
8B45 DC
8B48 18
2B4D 08
2B4D 0C
894D E8
8B55 D4
0355 08
0355 0C
8955 EC
8A45 F1
8845 F2
8B4D E4
51

MOVZX ECX,AL
TEST ECX,ECX
JE 0040F3E9
MOV EDX,DWORD PTR SS:[LOCAL.9]
CMP DWORD PTR DS:[EDX+18],10
JB SHORT 0040F331
MOV EAX,DWORD PTR SS:[LOCAL.9]
MOV ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.10],ECX
JMP SHORT 0040F33A
MOV EDX,DWORD PTR SS:[LOCAL.9]
ADD EDX,4
MOV DWORD PTR SS:[LOCAL.10],EDX
MOV EAX,DWORD PTR SS:[LOCAL.9]
CMP DWORD PTR DS:[EAX+18],10
JB SHORT 0040F34E
MOV ECX,DWORD PTR SS:[LOCAL.9]
MOV EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[LOCAL.11],EDX
JMP SHORT 0040F357
MOV EAX,DWORD PTR SS:[LOCAL.9]
ADD EAX,4
MOV DWORD PTR SS:[LOCAL.11],EAX
MOV ECX,DWORD PTR SS:[LOCAL.9]
MOV EDX,DWORD PTR DS:[ECX+14]
SUB EDX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR SS:[LOCAL.7],EDX
MOV EAX,DWORD PTR SS:[LOCAL.9]
MOV ECX,DWORD PTR DS:[EAX+18]
SUB ECX,DWORD PTR SS:[ARG.1]
SUB ECX,DWORD PTR SS:[ARG.2]
MOV DWORD PTR SS:[LOCAL.6],ECX
MOV EDX,DWORD PTR SS:[LOCAL.11]
ADD EDX,DWORD PTR SS:[ARG.1]
ADD EDX,DWORD PTR SS:[ARG.2]
MOV DWORD PTR SS:[LOCAL.5],EDX
MOV AL,BYTE PTR SS:[LOCAL.4+1]
MOV BYTE PTR SS:[LOCAL.4+2],AL
MOV ECX,DWORD PTR SS:[LOCAL.7]
PUSH ECX

; /Arg4 =>

8B55 D8
0355 08
52
8B45 E8
50

MOV EDX,DWORD PTR SS:[LOCAL.10]


ADD EDX,DWORD PTR SS:[ARG.1]
PUSH EDX
MOV EAX,DWORD PTR SS:[LOCAL.6]
PUSH EAX

;
;
;
;
;

8B4D EC
51

MOV ECX,DWORD PTR SS:[LOCAL.5]


PUSH ECX

; |
; |Arg1 =>

|
|
|Arg3
|
|Arg2 =>

0040F397 |. E8 07040200 CALL 0042F7A3


fo.0042F7A3
0040F39C |. 83C4 10
ADD ESP,10
0040F39F |. 0FB655 10
MOVZX EDX,BYTE PTR SS:[ARG.3]
0040F3A3 |. 52
PUSH EDX
0040F3A4 |. 8B45 0C
MOV EAX,DWORD PTR SS:[ARG.2]
0040F3A7 |. 50
PUSH EAX
[ARG.2]
0040F3A8 |. 8B4D 08
MOV ECX,DWORD PTR SS:[ARG.1]
0040F3AB |. 51
PUSH ECX
[ARG.1]
0040F3AC |. 8B4D DC
MOV ECX,DWORD PTR SS:[LOCAL.9]
0040F3AF |. E8 BC050000 CALL 0040F970
fo.0040F970
0040F3B4 |. C645 E2 00
MOV BYTE PTR SS:[LOCAL.8+2],0
0040F3B8 |. 8B55 DC
MOV EDX,DWORD PTR SS:[LOCAL.9]
0040F3BB |. 8B45 FC
MOV EAX,DWORD PTR SS:[LOCAL.1]
0040F3BE |. 8942 14
MOV DWORD PTR DS:[EDX+14],EAX
0040F3C1 |. 8B4D DC
MOV ECX,DWORD PTR SS:[LOCAL.9]
0040F3C4 |. 8379 18 10
CMP DWORD PTR DS:[ECX+18],10
0040F3C8 |. 72 0B
JB SHORT 0040F3D5
0040F3CA |. 8B55 DC
MOV EDX,DWORD PTR SS:[LOCAL.9]
0040F3CD |. 8B42 04
MOV EAX,DWORD PTR DS:[EDX+4]
0040F3D0 |. 8945 D0
MOV DWORD PTR SS:[LOCAL.12],EAX
0040F3D3 |. EB 09
JMP SHORT 0040F3DE
0040F3D5 |> 8B4D DC
MOV ECX,DWORD PTR SS:[LOCAL.9]
0040F3D8 |. 83C1 04
ADD ECX,4
0040F3DB |. 894D D0
MOV DWORD PTR SS:[LOCAL.12],ECX
0040F3DE |> 8B55 D0
MOV EDX,DWORD PTR SS:[LOCAL.12]
0040F3E1 |. 0355 FC
ADD EDX,DWORD PTR SS:[LOCAL.1]
0040F3E4 |. 8A45 E2
MOV AL,BYTE PTR SS:[LOCAL.8+2]
0040F3E7 |. 8802
MOV BYTE PTR DS:[EDX],AL
0040F3E9 |> 8B45 DC
MOV EAX,DWORD PTR SS:[LOCAL.9]
0040F3EC |. 8BE5
MOV ESP,EBP
0040F3EE |. 5D
POP EBP
0040F3EF \. C2 0C00
RETN 0C
0040F3F2
CC
INT3
0040F3F3
CC
INT3
0040F3F4
CC
INT3
0040F3F5
CC
INT3
0040F3F6
CC
INT3
0040F3F7
CC
INT3
0040F3F8
CC
INT3
0040F3F9
CC
INT3
0040F3FA
CC
INT3
0040F3FB
CC
INT3
0040F3FC
CC
INT3
0040F3FD
CC
INT3
0040F3FE
CC
INT3
0040F3FF
CC
INT3
0040F400 /$ 55
PUSH EBP
o.0040F400(guessed Arg1,Arg2)
0040F401 |. 8BEC
MOV EBP,ESP
0040F403 |. 83EC 28
SUB ESP,28
0040F406 |. 894D E4
MOV DWORD PTR SS:[LOCAL.7],ECX
0040F409 |. 8B45 E4
MOV EAX,DWORD PTR SS:[LOCAL.7]
0040F40C |. 8B48 14
MOV ECX,DWORD PTR DS:[EAX+14]
0040F40F |. 3B4D 08
CMP ECX,DWORD PTR SS:[ARG.1]
0040F412 |. 73 05
JNB SHORT 0040F419
0040F414 |. E8 4CE80100 CALL 0042DC65

; \SystemIn

; /Arg3
; |
; |Arg2 =>
; |
; |Arg1 =>
; |
; \SystemIn

; SystemInf

0040F419 |>
0040F41C |.
0040F41F |.
0040F422 |.
0040F425 |.
0040F427 |.
0040F42A |.
0040F42D |.
0040F430 |.
0040F433 |>
0040F437 |.
0040F43D |.
0040F440 |.
0040F444 |.
0040F446 |.
0040F449 |.
0040F44C |.
0040F44F |.
0040F451 |>
0040F454 |.
0040F457 |.
0040F45A |>
0040F45D |.
0040F461 |.
0040F463 |.
0040F466 |.
0040F469 |.
0040F46C |.
0040F46E |>
0040F471 |.
0040F474 |.
0040F477 |>
0040F47A |.
0040F47D |.
0040F480 |.
0040F483 |.
0040F486 |.
0040F489 |.
0040F48C |.
0040F48F |.
0040F492 |.
0040F495 |.
0040F498 |.
0040F49B |.
0040F49E |.
0040F4A1 |.
0040F4A4 |.
[LOCAL.5]
0040F4A5 |.
0040F4A8 |.
0040F4AB |.
0040F4AE |.
0040F4AF |.
0040F4B2 |.
[LOCAL.4]
0040F4B3 |.
0040F4B6 |.
[LOCAL.3]
0040F4B7 |.
fo.0042F7A3

8B55 E4
8B42 14
2B45 08
3B45 0C
73 0C
8B4D E4
8B51 14
2B55 08
8955 0C
837D 0C 00
0F86 C3000000
8B45 E4
8378 18 10
72 0B
8B4D E4
8B51 04
8955 E0
EB 09
8B45 E4
83C0 04
8945 E0
8B4D E4
8379 18 10
72 0B
8B55 E4
8B42 04
8945 DC
EB 09
8B4D E4
83C1 04
894D DC
8B55 E4
8B42 14
2B45 08
2B45 0C
8945 EC
8B4D E4
8B51 18
2B55 08
8955 F0
8B45 DC
0345 08
8945 F4
8A4D FA
884D FB
8B55 EC
52

MOV EDX,DWORD PTR SS:[LOCAL.7]


MOV EAX,DWORD PTR DS:[EDX+14]
SUB EAX,DWORD PTR SS:[ARG.1]
CMP EAX,DWORD PTR SS:[ARG.2]
JNB SHORT 0040F433
MOV ECX,DWORD PTR SS:[LOCAL.7]
MOV EDX,DWORD PTR DS:[ECX+14]
SUB EDX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR SS:[ARG.2],EDX
CMP DWORD PTR SS:[ARG.2],0
JBE 0040F500
MOV EAX,DWORD PTR SS:[LOCAL.7]
CMP DWORD PTR DS:[EAX+18],10
JB SHORT 0040F451
MOV ECX,DWORD PTR SS:[LOCAL.7]
MOV EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[LOCAL.8],EDX
JMP SHORT 0040F45A
MOV EAX,DWORD PTR SS:[LOCAL.7]
ADD EAX,4
MOV DWORD PTR SS:[LOCAL.8],EAX
MOV ECX,DWORD PTR SS:[LOCAL.7]
CMP DWORD PTR DS:[ECX+18],10
JB SHORT 0040F46E
MOV EDX,DWORD PTR SS:[LOCAL.7]
MOV EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.9],EAX
JMP SHORT 0040F477
MOV ECX,DWORD PTR SS:[LOCAL.7]
ADD ECX,4
MOV DWORD PTR SS:[LOCAL.9],ECX
MOV EDX,DWORD PTR SS:[LOCAL.7]
MOV EAX,DWORD PTR DS:[EDX+14]
SUB EAX,DWORD PTR SS:[ARG.1]
SUB EAX,DWORD PTR SS:[ARG.2]
MOV DWORD PTR SS:[LOCAL.5],EAX
MOV ECX,DWORD PTR SS:[LOCAL.7]
MOV EDX,DWORD PTR DS:[ECX+18]
SUB EDX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR SS:[LOCAL.4],EDX
MOV EAX,DWORD PTR SS:[LOCAL.9]
ADD EAX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR SS:[LOCAL.3],EAX
MOV CL,BYTE PTR SS:[LOCAL.2+2]
MOV BYTE PTR SS:[LOCAL.2+3],CL
MOV EDX,DWORD PTR SS:[LOCAL.5]
PUSH EDX

; /Arg4 =>

8B45
0345
0345
50
8B4D
51

MOV EAX,DWORD
ADD EAX,DWORD
ADD EAX,DWORD
PUSH EAX
MOV ECX,DWORD
PUSH ECX

;
;
;
;
;
;

E0
08
0C
F0

PTR SS:[LOCAL.8]
PTR SS:[ARG.1]
PTR SS:[ARG.2]
PTR SS:[LOCAL.4]

|
|
|
|Arg3
|
|Arg2 =>

8B55 F4
52

MOV EDX,DWORD PTR SS:[LOCAL.3]


PUSH EDX

; |
; |Arg1 =>

E8 E7020200

CALL 0042F7A3

; \SystemIn

0040F4BC |. 83C4 10
0040F4BF |. 8B45 E4
0040F4C2 |. 8B48 14
0040F4C5 |. 2B4D 0C
0040F4C8 |. 894D FC
0040F4CB |. C645 EB 00
0040F4CF |. 8B55 E4
0040F4D2 |. 8B45 FC
0040F4D5 |. 8942 14
0040F4D8 |. 8B4D E4
0040F4DB |. 8379 18 10
0040F4DF |. 72 0B
0040F4E1 |. 8B55 E4
0040F4E4 |. 8B42 04
0040F4E7 |. 8945 D8
0040F4EA |. EB 09
0040F4EC |> 8B4D E4
0040F4EF |. 83C1 04
0040F4F2 |. 894D D8
0040F4F5 |> 8B55 D8
0040F4F8 |. 0355 FC
0040F4FB |. 8A45 EB
0040F4FE |. 8802
0040F500 |> 8B45 E4
0040F503 |. 8BE5
0040F505 |. 5D
0040F506 \. C2 0800
0040F509
CC
0040F50A
CC
0040F50B
CC
0040F50C
CC
0040F50D
CC
0040F50E
CC
0040F50F
CC
0040F510 /$ 55
0040F511 |. 8BEC
0040F513 |. 83EC 08
0040F516 |. 894D FC
0040F519 |. 8B45 FC
0040F51C |. 8378 18 10
0040F520 |. 72 0B
0040F522 |. 8B4D FC
0040F525 |. 8B51 04
0040F528 |. 8955 F8
0040F52B |. EB 09
0040F52D |> 8B45 FC
0040F530 |. 83C0 04
0040F533 |. 8945 F8
0040F536 |> 8B45 F8
0040F539 |. 8BE5
0040F53B |. 5D
0040F53C \. C3
0040F53D
CC
0040F53E
CC
0040F53F
CC
0040F540 /$ 55
o.0040F540(guessed void)
0040F541 |. 8BEC
0040F543 |. 51
0040F544 |. 894D FC

ADD ESP,10
MOV EAX,DWORD PTR SS:[LOCAL.7]
MOV ECX,DWORD PTR DS:[EAX+14]
SUB ECX,DWORD PTR SS:[ARG.2]
MOV DWORD PTR SS:[LOCAL.1],ECX
MOV BYTE PTR SS:[LOCAL.6+3],0
MOV EDX,DWORD PTR SS:[LOCAL.7]
MOV EAX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR DS:[EDX+14],EAX
MOV ECX,DWORD PTR SS:[LOCAL.7]
CMP DWORD PTR DS:[ECX+18],10
JB SHORT 0040F4EC
MOV EDX,DWORD PTR SS:[LOCAL.7]
MOV EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.10],EAX
JMP SHORT 0040F4F5
MOV ECX,DWORD PTR SS:[LOCAL.7]
ADD ECX,4
MOV DWORD PTR SS:[LOCAL.10],ECX
MOV EDX,DWORD PTR SS:[LOCAL.10]
ADD EDX,DWORD PTR SS:[LOCAL.1]
MOV AL,BYTE PTR SS:[LOCAL.6+3]
MOV BYTE PTR DS:[EDX],AL
MOV EAX,DWORD PTR SS:[LOCAL.7]
MOV ESP,EBP
POP EBP
RETN 8
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
SUB ESP,8
MOV DWORD PTR SS:[LOCAL.1],ECX
MOV EAX,DWORD PTR SS:[LOCAL.1]
CMP DWORD PTR DS:[EAX+18],10
JB SHORT 0040F52D
MOV ECX,DWORD PTR SS:[LOCAL.1]
MOV EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[LOCAL.2],EDX
JMP SHORT 0040F536
MOV EAX,DWORD PTR SS:[LOCAL.1]
ADD EAX,4
MOV DWORD PTR SS:[LOCAL.2],EAX
MOV EAX,DWORD PTR SS:[LOCAL.2]
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
PUSH ECX
MOV DWORD PTR SS:[LOCAL.1],ECX

; SystemInf

0040F547 |. 8B45 FC
0040F54A |. 8B40 14
0040F54D |. 8BE5
0040F54F |. 5D
0040F550 \. C3
0040F551
CC
0040F552
CC
0040F553
CC
0040F554
CC
0040F555
CC
0040F556
CC
0040F557
CC
0040F558
CC
0040F559
CC
0040F55A
CC
0040F55B
CC
0040F55C
CC
0040F55D
CC
0040F55E
CC
0040F55F
CC
0040F560 /$ 55
o.0040F560(guessed Arg1)
0040F561 |. 8BEC
0040F563 |. 83EC 14
0040F566 |. 894D F0
0040F569 |. 8B45 08
0040F56C |. 8B48 14
0040F56F |. 894D FC
0040F572 |. 8B55 08
0040F575 |. 837A 18 10
0040F579 |. 72 0B
0040F57B |. 8B45 08
0040F57E |. 8B48 04
0040F581 |. 894D EC
0040F584 |. EB 09
0040F586 |> 8B55 08
0040F589 |. 83C2 04
0040F58C |. 8955 EC
0040F58F |> 8B45 FC
0040F592 |. 50
[LOCAL.1]
0040F593 |. 8B4D EC
0040F596 |. 51
[LOCAL.5]
0040F597 |. 8B55 F0
0040F59A |. 8B42 14
0040F59D |. 50
[ARG.ECX+14]
0040F59E |. 6A 00
0040F5A0 |. 8B4D F0
0040F5A3 |. E8 08030000
fo.0040F8B0
0040F5A8 |. 8BE5
0040F5AA |. 5D
0040F5AB \. C2 0400
0040F5AE
CC
0040F5AF
CC
0040F5B0 /$ 55
o.0040F5B0(guessed void)
0040F5B1 |. 8BEC

MOV EAX,DWORD PTR SS:[LOCAL.1]


MOV EAX,DWORD PTR DS:[EAX+14]
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP

; SystemInf

MOV EBP,ESP
SUB ESP,14
MOV DWORD PTR SS:[LOCAL.4],ECX
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ECX,DWORD PTR DS:[EAX+14]
MOV DWORD PTR SS:[LOCAL.1],ECX
MOV EDX,DWORD PTR SS:[ARG.1]
CMP DWORD PTR DS:[EDX+18],10
JB SHORT 0040F586
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.5],ECX
JMP SHORT 0040F58F
MOV EDX,DWORD PTR SS:[ARG.1]
ADD EDX,4
MOV DWORD PTR SS:[LOCAL.5],EDX
MOV EAX,DWORD PTR SS:[LOCAL.1]
PUSH EAX

; /Arg4 =>

MOV ECX,DWORD PTR SS:[LOCAL.5]


PUSH ECX

; |
; |Arg3 =>

MOV EDX,DWORD PTR SS:[LOCAL.4]


MOV EAX,DWORD PTR DS:[EDX+14]
PUSH EAX

; |
; |
; |Arg2 =>

PUSH 0
MOV ECX,DWORD PTR SS:[LOCAL.4]
CALL 0040F8B0

; |Arg1 = 0
; |
; \SystemIn

MOV ESP,EBP
POP EBP
RETN 4
INT3
INT3
PUSH EBP

; SystemInf

MOV EBP,ESP

0040F5B3 |. 51
0040F5B4 |. 894D FC
0040F5B7 |. 8B45 FC
0040F5BA |. 8BE5
0040F5BC |. 5D
0040F5BD \. C3
0040F5BE
CC
0040F5BF
CC
0040F5C0 /$ 55
o.0040F5C0(guessed Arg1)
0040F5C1 |. 8BEC
0040F5C3 |. 6A FF
0040F5C5 |. 68 805A4400
0040F5CA |. 64:A1 0000000
0040F5D0 |. 50
0040F5D1 |. 51
0040F5D2 |. 81EC 3C010000
0040F5D8 |. 53
0040F5D9 |. 56
0040F5DA |. 57
0040F5DB |. A1 A0154500
0040F5E0 |. 33C5
0040F5E2 |. 50
0040F5E3 |. 8D45 F4
0040F5E6 |. 64:A3 0000000
0040F5EC |. 8965 F0
0040F5EF |. 898D C0FEFFFF
0040F5F5 |. C745 EC 00000
0040F5FC |. 8B85 C0FEFFFF
0040F602 |. 50
ARG.ECX
0040F603 |. 8D4D E4
0040F606 |. E8 95070000
fo.0040FDA0
0040F60B |. C745 FC 00000
0040F612 |. 8A4D E8
0040F615 |. 884D BF
0040F618 |. 0FB655 BF
0040F61C |. 85D2
0040F61E |. 75 0E
0040F620 |. 8B45 EC
0040F623 |. 83C8 04
0040F626 |. 8945 EC
0040F629 |. E9 D0000000
0040F62E |> C645 FC 01
0040F632 |. 8B8D C0FEFFFF
0040F638 |. 8B11
0040F63A |. 8B42 04
0040F63D |. 8B8D C0FEFFFF
0040F643 |. 8B5401 28
0040F647 |. 8955 B8
0040F64A |. 0FB645 08
0040F64E |. 50
0040F64F |. 8B4D B8
0040F652 |. E8 B9050000
fo.0040FC10
0040F657 |. 8985 BCFEFFFF
0040F65D |. 8B8D BCFEFFFF
0040F663 |. 894D E0
0040F666 |. C745 DC FFFFF

PUSH ECX
MOV DWORD PTR SS:[LOCAL.1],ECX
MOV EAX,DWORD PTR SS:[LOCAL.1]
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
PUSH EBP

; SystemInf

MOV EBP,ESP
PUSH -1
PUSH 00445A80
MOV EAX,DWORD PTR FS:[0]
PUSH EAX
PUSH ECX
SUB ESP,13C
PUSH EBX
PUSH ESI
PUSH EDI
MOV EAX,DWORD PTR DS:[4515A0]
XOR EAX,EBP
PUSH EAX
LEA EAX,[LOCAL.3]
MOV DWORD PTR FS:[0],EAX
MOV DWORD PTR SS:[LOCAL.4],ESP
MOV DWORD PTR SS:[LOCAL.80],ECX
MOV DWORD PTR SS:[LOCAL.5],0
MOV EAX,DWORD PTR SS:[LOCAL.80]
PUSH EAX

; /Arg1 =>

LEA ECX,[LOCAL.7]
CALL 0040FDA0

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.1],0


MOV CL,BYTE PTR SS:[LOCAL.6]
MOV BYTE PTR SS:[LOCAL.17+3],CL
MOVZX EDX,BYTE PTR SS:[LOCAL.17+3]
TEST EDX,EDX
JNE SHORT 0040F62E
MOV EAX,DWORD PTR SS:[LOCAL.5]
OR EAX,00000004
MOV DWORD PTR SS:[LOCAL.5],EAX
JMP 0040F6FE
MOV BYTE PTR SS:[LOCAL.1],1
MOV ECX,DWORD PTR SS:[LOCAL.80]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR DS:[EDX+4]
MOV ECX,DWORD PTR SS:[LOCAL.80]
MOV EDX,DWORD PTR DS:[EAX+ECX+28]
MOV DWORD PTR SS:[LOCAL.18],EDX
MOVZX EAX,BYTE PTR SS:[ARG.1]
PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.18]
CALL 0040FC10

; /Arg1
; |
; \SystemIn

MOV
MOV
MOV
MOV

DWORD PTR
ECX,DWORD
DWORD PTR
DWORD PTR

SS:[LOCAL.81],EAX
PTR SS:[LOCAL.81]
SS:[LOCAL.8],ECX
SS:[LOCAL.9],-1

0040F66D |.
0040F670 |.
0040F672 |.
0040F675 |.
0040F678 |.
0040F67B |.
0040F67D |.
0040F67F |.
0040F682 |.
0040F685 |.
0040F688 \>
0040F68A /.
0040F690 |.
0040F692 |.
0040F698 |.
0040F69B |.
0040F69E |.
0040F6A3 |.
0040F6A5 |.
0040F6A7 |.
0040F6AA |.
0040F6AD |.
0040F6B0 |.
0040F6B3 |.
0040F6B6 |.
0040F6B9 |.
0040F6BC |.
0040F6C0 |.
0040F6C2 |.
0040F6C5 |.
0040F6C8 |.
0040F6CE |.
0040F6D0 |>
0040F6D3 |.
0040F6D9 |>
0040F6DB |.
0040F6E1 |.
[ARG.EBP-148]
0040F6E2 |.
0040F6E5 |.
fo.004083E0
0040F6EA |>
0040F6F1 |.
0040F6F6 \.
0040F6F7 />
0040F6FE |>
0040F704 |.
0040F706 |.
0040F70C |.
0040F70F |.
0040F715 |.
0040F719 |.
0040F71B |.
0040F721 |.
0040F724 |.
0040F727 |.
0040F72A |.
0040F72D |.
0040F733 |.
0040F739 |.

8B55 DC
33C0
3B55 E0
0F94C0
0FB6C8
85C9
74 09
8B55 EC
83CA 04
8955 EC
EB 6D
8B85 C0FEFFFF
8B08
8B95 C0FEFFFF
0351 04
8955 A4
B8 04000000
85C0
74 43
8B4D A4
8B51 08
8955 AC
8B45 AC
83C8 04
8945 A8
8B4D A4
8379 28 00
75 0E
8B55 A8
83CA 04
8995 B8FEFFFF
EB 09
8B45 A8
8985 B8FEFFFF
6A 01
8B8D B8FEFFFF
51

MOV EDX,DWORD PTR SS:[LOCAL.9]


XOR EAX,EAX
CMP EDX,DWORD PTR SS:[LOCAL.8]
SETE AL
MOVZX ECX,AL
TEST ECX,ECX
JE SHORT 0040F688
MOV EDX,DWORD PTR SS:[LOCAL.5]
OR EDX,00000004
MOV DWORD PTR SS:[LOCAL.5],EDX
JMP SHORT 0040F6F7
MOV EAX,DWORD PTR SS:[EBP-140]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[EBP-140]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[EBP-5C],EDX
MOV EAX,4
TEST EAX,EAX
JE SHORT 0040F6EA
MOV ECX,DWORD PTR SS:[EBP-5C]
MOV EDX,DWORD PTR DS:[ECX+8]
MOV DWORD PTR SS:[EBP-54],EDX
MOV EAX,DWORD PTR SS:[EBP-54]
OR EAX,00000004
MOV DWORD PTR SS:[EBP-58],EAX
MOV ECX,DWORD PTR SS:[EBP-5C]
CMP DWORD PTR DS:[ECX+28],0
JNE SHORT 0040F6D0
MOV EDX,DWORD PTR SS:[EBP-58]
OR EDX,00000004
MOV DWORD PTR SS:[EBP-148],EDX
JMP SHORT 0040F6D9
MOV EAX,DWORD PTR SS:[EBP-58]
MOV DWORD PTR SS:[EBP-148],EAX
PUSH 1
MOV ECX,DWORD PTR SS:[EBP-148]
PUSH ECX

; /Arg2 = 1
; |
; |Arg1 =>

8B4D A4
E8 F68CFFFF

MOV ECX,DWORD PTR SS:[EBP-5C]


CALL 004083E0

; |
; \SystemIn

C745 FC 00000
B8 FEF64000
C3
C745 FC 00000
8B95 C0FEFFFF
8B02
8B8D C0FEFFFF
0348 04
898D CCFEFFFF
837D EC 00
74 55
8B95 CCFEFFFF
8B42 08
8945 A0
8B4D A0
0B4D EC
898D D0FEFFFF
8B95 CCFEFFFF
837A 28 00

MOV DWORD PTR SS:[EBP-4],0


MOV EAX,0040F6FE
RETN
MOV DWORD PTR SS:[LOCAL.1],0
MOV EDX,DWORD PTR SS:[LOCAL.80]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[LOCAL.80]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.77],ECX
CMP DWORD PTR SS:[LOCAL.5],0
JE SHORT 0040F770
MOV EDX,DWORD PTR SS:[LOCAL.77]
MOV EAX,DWORD PTR DS:[EDX+8]
MOV DWORD PTR SS:[LOCAL.24],EAX
MOV ECX,DWORD PTR SS:[LOCAL.24]
OR ECX,DWORD PTR SS:[LOCAL.5]
MOV DWORD PTR SS:[LOCAL.76],ECX
MOV EDX,DWORD PTR SS:[LOCAL.77]
CMP DWORD PTR DS:[EDX+28],0

0040F73D |. 75 11
0040F73F |. 8B85 D0FEFFFF
0040F745 |. 83C8 04
0040F748 |. 8985 B4FEFFFF
0040F74E |. EB 0C
0040F750 |> 8B8D D0FEFFFF
0040F756 |. 898D B4FEFFFF
0040F75C |> 6A 00
0040F75E |. 8B95 B4FEFFFF
0040F764 |. 52
[LOCAL.83]
0040F765 |. 8B8D CCFEFFFF
0040F76B |. E8 708CFFFF
fo.004083E0
0040F770 |> 8B85 C0FEFFFF
0040F776 |. 8945 D8
0040F779 |. C745 FC 03000
0040F780 |. E8 29E00100
0040F785 |. 0FB6C8
0040F788 |. 85C9
0040F78A |. 75 08
0040F78C |. 8B4D E4
0040F78F |. E8 EC090000
0040F794 |> C745 FC FFFFF
0040F79B |. 8D4D E4
0040F79E |. E8 CD0A0000
0040F7A3 |. 8B45 D8
0040F7A6 |. 8B4D F4
0040F7A9 |. 64:890D 00000
0040F7B0 |. 59
0040F7B1 |. 5F
0040F7B2 |. 5E
0040F7B3 |. 5B
0040F7B4 |. 8BE5
0040F7B6 |. 5D
0040F7B7 \. C2 0400
0040F7BA
CC
0040F7BB
CC
0040F7BC
CC
0040F7BD
CC
0040F7BE
CC
0040F7BF
CC
0040F7C0 /$ 55
o.0040F7C0(guessed void)
0040F7C1 |. 8BEC
0040F7C3 |. 81EC 3C010000
0040F7C9 |. 898D C8FEFFFF
0040F7CF |. C745 FC 00000
0040F7D6 |. 8B85 C8FEFFFF
0040F7DC |. 8B08
0040F7DE |. 8B51 04
0040F7E1 |. 8B85 C8FEFFFF
0040F7E7 |. 8B4C10 08
0040F7EB |. 894D F8
0040F7EE |. 8B55 F8
0040F7F1 |. 83E2 06
0040F7F4 |. F7DA
EDX to boolean
0040F7F6 |. 1BD2
0040F7F8 |. F7DA

JNE SHORT 0040F750


MOV EAX,DWORD PTR SS:[LOCAL.76]
OR EAX,00000004
MOV DWORD PTR SS:[LOCAL.83],EAX
JMP SHORT 0040F75C
MOV ECX,DWORD PTR SS:[LOCAL.76]
MOV DWORD PTR SS:[LOCAL.83],ECX
PUSH 0
MOV EDX,DWORD PTR SS:[LOCAL.83]
PUSH EDX

; /Arg2 = 0
; |
; |Arg1 =>

MOV ECX,DWORD PTR SS:[LOCAL.77]


CALL 004083E0

; |
; \SystemIn

MOV EAX,DWORD PTR SS:[LOCAL.80]


MOV DWORD PTR SS:[LOCAL.10],EAX
MOV DWORD PTR SS:[LOCAL.1],3
CALL 0042D7AE
MOVZX ECX,AL
TEST ECX,ECX
JNE SHORT 0040F794
MOV ECX,DWORD PTR SS:[LOCAL.7]
CALL 00410180
MOV DWORD PTR SS:[LOCAL.1],-1
LEA ECX,[LOCAL.7]
CALL 00410270
MOV EAX,DWORD PTR SS:[LOCAL.10]
MOV ECX,DWORD PTR SS:[LOCAL.3]
MOV DWORD PTR FS:[0],ECX
POP ECX
POP EDI
POP ESI
POP EBX
MOV ESP,EBP
POP EBP
RETN 4
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP

; SystemInf

MOV
SUB
MOV
MOV
MOV
MOV
MOV
MOV
MOV
MOV
MOV
AND
NEG

; Converts

EBP,ESP
ESP,13C
DWORD PTR SS:[LOCAL.78],ECX
DWORD PTR SS:[LOCAL.1],0
EAX,DWORD PTR SS:[LOCAL.78]
ECX,DWORD PTR DS:[EAX]
EDX,DWORD PTR DS:[ECX+4]
EAX,DWORD PTR SS:[LOCAL.78]
ECX,DWORD PTR DS:[EDX+EAX+8]
DWORD PTR SS:[LOCAL.2],ECX
EDX,DWORD PTR SS:[LOCAL.2]
EDX,00000006
EDX

SBB EDX,EDX
NEG EDX

0040F7FA |. 0FB6C2
MOVZX EAX,DL
0040F7FD |. 85C0
TEST EAX,EAX
0040F7FF |. 75 33
JNE SHORT 0040F834
0040F801 |. 8B8D C8FEFFFF MOV ECX,DWORD PTR SS:[LOCAL.78]
0040F807 |. 8B11
MOV EDX,DWORD PTR DS:[ECX]
0040F809 |. 8B42 04
MOV EAX,DWORD PTR DS:[EDX+4]
0040F80C |. 8B8D C8FEFFFF MOV ECX,DWORD PTR SS:[LOCAL.78]
0040F812 |. 8B5401 28
MOV EDX,DWORD PTR DS:[EAX+ECX+28]
0040F816 |. 8955 F4
MOV DWORD PTR SS:[LOCAL.3],EDX
0040F819 |. 8B45 F4
MOV EAX,DWORD PTR SS:[LOCAL.3]
0040F81C |. 8B10
MOV EDX,DWORD PTR DS:[EAX]
0040F81E |. 8B4D F4
MOV ECX,DWORD PTR SS:[LOCAL.3]
0040F821 |. 8B42 30
MOV EAX,DWORD PTR DS:[EDX+30]
0040F824 |. FFD0
CALL EAX
0040F826 |. 83F8 FF
CMP EAX,-1
0040F829 |. 75 09
JNE SHORT 0040F834
0040F82B |. 8B4D FC
MOV ECX,DWORD PTR SS:[LOCAL.1]
0040F82E |. 83C9 04
OR ECX,00000004
0040F831 |. 894D FC
MOV DWORD PTR SS:[LOCAL.1],ECX
0040F834 |> 8B95 C8FEFFFF MOV EDX,DWORD PTR SS:[LOCAL.78]
0040F83A |. 8B02
MOV EAX,DWORD PTR DS:[EDX]
0040F83C |. 8B8D C8FEFFFF MOV ECX,DWORD PTR SS:[LOCAL.78]
0040F842 |. 0348 04
ADD ECX,DWORD PTR DS:[EAX+4]
0040F845 |. 898D CCFEFFFF MOV DWORD PTR SS:[LOCAL.77],ECX
0040F84B |. 837D FC 00
CMP DWORD PTR SS:[LOCAL.1],0
0040F84F |. 74 55
JE SHORT 0040F8A6
0040F851 |. 8B95 CCFEFFFF MOV EDX,DWORD PTR SS:[LOCAL.77]
0040F857 |. 8B42 08
MOV EAX,DWORD PTR DS:[EDX+8]
0040F85A |. 8945 F0
MOV DWORD PTR SS:[LOCAL.4],EAX
0040F85D |. 8B4D F0
MOV ECX,DWORD PTR SS:[LOCAL.4]
0040F860 |. 0B4D FC
OR ECX,DWORD PTR SS:[LOCAL.1]
0040F863 |. 898D D0FEFFFF MOV DWORD PTR SS:[LOCAL.76],ECX
0040F869 |. 8B95 CCFEFFFF MOV EDX,DWORD PTR SS:[LOCAL.77]
0040F86F |. 837A 28 00
CMP DWORD PTR DS:[EDX+28],0
0040F873 |. 75 11
JNE SHORT 0040F886
0040F875 |. 8B85 D0FEFFFF MOV EAX,DWORD PTR SS:[LOCAL.76]
0040F87B |. 83C8 04
OR EAX,00000004
0040F87E |. 8985 C4FEFFFF MOV DWORD PTR SS:[LOCAL.79],EAX
0040F884 |. EB 0C
JMP SHORT 0040F892
0040F886 |> 8B8D D0FEFFFF MOV ECX,DWORD PTR SS:[LOCAL.76]
0040F88C |. 898D C4FEFFFF MOV DWORD PTR SS:[LOCAL.79],ECX
0040F892 |> 6A 00
PUSH 0
0040F894 |. 8B95 C4FEFFFF MOV EDX,DWORD PTR SS:[LOCAL.79]
0040F89A |. 52
PUSH EDX
[LOCAL.79]
0040F89B |. 8B8D CCFEFFFF MOV ECX,DWORD PTR SS:[LOCAL.77]
0040F8A1 |. E8 3A8BFFFF CALL 004083E0
fo.004083E0
0040F8A6 |> 8B85 C8FEFFFF MOV EAX,DWORD PTR SS:[LOCAL.78]
0040F8AC |. 8BE5
MOV ESP,EBP
0040F8AE |. 5D
POP EBP
0040F8AF \. C3
RETN
0040F8B0 /$ 55
PUSH EBP
o.0040F8B0(guessed Arg1,Arg2,Arg3,Arg4)
0040F8B1 |. 8BEC
MOV EBP,ESP
0040F8B3 |. 83EC 18
SUB ESP,18
0040F8B6 |. 894D F4
MOV DWORD PTR SS:[LOCAL.3],ECX
0040F8B9 |. 8B45 F4
MOV EAX,DWORD PTR SS:[LOCAL.3]
0040F8BC |. 8B48 14
MOV ECX,DWORD PTR DS:[EAX+14]
0040F8BF |. 3B4D 08
CMP ECX,DWORD PTR SS:[ARG.1]

; /Arg2 = 0
; |
; |Arg1 =>
; |
; \SystemIn

; SystemInf

0040F8C2 |.
0040F8C4 |.
0040F8C9 |>
0040F8CC |.
0040F8CF |.
0040F8D2 |.
0040F8D5 |.
0040F8D7 |.
0040F8DA |.
0040F8DD |.
0040F8E0 |.
0040F8E3 |>
0040F8E6 |.
0040F8E9 |.
0040F8EB |.
0040F8EE |.
0040F8F1 |.
0040F8F3 |>
0040F8F6 |.
0040F8F9 |>
0040F8FC |.
0040F900 |.
0040F902 |.
0040F905 |.
0040F908 |.
0040F90B |.
0040F90D |>
0040F910 |.
0040F913 |.
0040F916 |>
0040F919 |.
0040F91A |.
0040F91D |.
[ARG.3]
0040F91E |.
0040F921 |.
0040F924 |.
0040F925 |.
fo.0042F80B
0040F92A |.
0040F92D |.
0040F930 |.
0040F934 |.
0040F936 |.
0040F939 |.
0040F93C |.
0040F93E |>
0040F941 |.
0040F944 |.
0040F946 |.
0040F94D |.
0040F94F |>
0040F952 |.
0040F954 |.
0040F957 |.
0040F95A |.
0040F95D |>
0040F960 |.
0040F963 |>
0040F966 |.

73 05
E8 9CE30100
8B55 F4
8B42 14
2B45 08
3B45 0C
73 0C
8B4D F4
8B51 14
2B55 08
8955 0C
8B45 0C
3B45 14
73 08
8B4D 0C
894D F8
EB 06
8B55 14
8955 F8
8B45 F4
8378 18 10
72 0B
8B4D F4
8B51 04
8955 F0
EB 09
8B45 F4
83C0 04
8945 F0
8B4D F8
51
8B55 10
52

JNB SHORT 0040F8C9


CALL 0042DC65
MOV EDX,DWORD PTR SS:[LOCAL.3]
MOV EAX,DWORD PTR DS:[EDX+14]
SUB EAX,DWORD PTR SS:[ARG.1]
CMP EAX,DWORD PTR SS:[ARG.2]
JNB SHORT 0040F8E3
MOV ECX,DWORD PTR SS:[LOCAL.3]
MOV EDX,DWORD PTR DS:[ECX+14]
SUB EDX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR SS:[ARG.2],EDX
MOV EAX,DWORD PTR SS:[ARG.2]
CMP EAX,DWORD PTR SS:[ARG.4]
JNB SHORT 0040F8F3
MOV ECX,DWORD PTR SS:[ARG.2]
MOV DWORD PTR SS:[LOCAL.2],ECX
JMP SHORT 0040F8F9
MOV EDX,DWORD PTR SS:[ARG.4]
MOV DWORD PTR SS:[LOCAL.2],EDX
MOV EAX,DWORD PTR SS:[LOCAL.3]
CMP DWORD PTR DS:[EAX+18],10
JB SHORT 0040F90D
MOV ECX,DWORD PTR SS:[LOCAL.3]
MOV EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[LOCAL.4],EDX
JMP SHORT 0040F916
MOV EAX,DWORD PTR SS:[LOCAL.3]
ADD EAX,4
MOV DWORD PTR SS:[LOCAL.4],EAX
MOV ECX,DWORD PTR SS:[LOCAL.2]
PUSH ECX
MOV EDX,DWORD PTR SS:[ARG.3]
PUSH EDX

; /Arg3
; |
; |Arg2 =>

8B45 F0
0345 08
50
E8 E1FE0100

MOV EAX,DWORD PTR SS:[LOCAL.4]


ADD EAX,DWORD PTR SS:[ARG.1]
PUSH EAX
CALL 0042F80B

;
;
;
;

83C4 0C
8945 FC
837D FC 00
74 08
8B4D FC
894D EC
EB 25
8B55 0C
3B55 14
73 09
C745 E8 FFFFF
EB 0E
8B45 0C
33C9
3B45 14
0F95C1
894D E8
8B55 E8
8955 EC
8B45 EC
8BE5

ADD ESP,0C
MOV DWORD PTR SS:[LOCAL.1],EAX
CMP DWORD PTR SS:[LOCAL.1],0
JE SHORT 0040F93E
MOV ECX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR SS:[LOCAL.5],ECX
JMP SHORT 0040F963
MOV EDX,DWORD PTR SS:[ARG.2]
CMP EDX,DWORD PTR SS:[ARG.4]
JNB SHORT 0040F94F
MOV DWORD PTR SS:[LOCAL.6],-1
JMP SHORT 0040F95D
MOV EAX,DWORD PTR SS:[ARG.2]
XOR ECX,ECX
CMP EAX,DWORD PTR SS:[ARG.4]
SETNE CL
MOV DWORD PTR SS:[LOCAL.6],ECX
MOV EDX,DWORD PTR SS:[LOCAL.6]
MOV DWORD PTR SS:[LOCAL.5],EDX
MOV EAX,DWORD PTR SS:[LOCAL.5]
MOV ESP,EBP

|
|
|Arg1
\SystemIn

0040F968 |. 5D
POP EBP
0040F969 \. C2 1000
RETN 10
0040F96C
CC
INT3
0040F96D
CC
INT3
0040F96E
CC
INT3
0040F96F
CC
INT3
0040F970 /$ 55
PUSH EBP
o.0040F970(guessed Arg1,Arg2,Arg3)
0040F971 |. 8BEC
MOV EBP,ESP
0040F973 |. 83EC 10
SUB ESP,10
0040F976 |. 894D F8
MOV DWORD PTR SS:[LOCAL.2],ECX
0040F979 |. 837D 0C 01
CMP DWORD PTR SS:[ARG.2],1
0040F97D |. 75 2A
JNE SHORT 0040F9A9
0040F97F |. 8B45 F8
MOV EAX,DWORD PTR SS:[LOCAL.2]
0040F982 |. 8378 18 10
CMP DWORD PTR DS:[EAX+18],10
0040F986 |. 72 0B
JB SHORT 0040F993
0040F988 |. 8B4D F8
MOV ECX,DWORD PTR SS:[LOCAL.2]
0040F98B |. 8B51 04
MOV EDX,DWORD PTR DS:[ECX+4]
0040F98E |. 8955 F4
MOV DWORD PTR SS:[LOCAL.3],EDX
0040F991 |. EB 09
JMP SHORT 0040F99C
0040F993 |> 8B45 F8
MOV EAX,DWORD PTR SS:[LOCAL.2]
0040F996 |. 83C0 04
ADD EAX,4
0040F999 |. 8945 F4
MOV DWORD PTR SS:[LOCAL.3],EAX
0040F99C |> 8B4D F4
MOV ECX,DWORD PTR SS:[LOCAL.3]
0040F99F |. 034D 08
ADD ECX,DWORD PTR SS:[ARG.1]
0040F9A2 |. 8A55 10
MOV DL,BYTE PTR SS:[ARG.3]
0040F9A5 |. 8811
MOV BYTE PTR DS:[ECX],DL
0040F9A7 |. EB 3B
JMP SHORT 0040F9E4
0040F9A9 |> 8B45 F8
MOV EAX,DWORD PTR SS:[LOCAL.2]
0040F9AC |. 8378 18 10
CMP DWORD PTR DS:[EAX+18],10
0040F9B0 |. 72 0B
JB SHORT 0040F9BD
0040F9B2 |. 8B4D F8
MOV ECX,DWORD PTR SS:[LOCAL.2]
0040F9B5 |. 8B51 04
MOV EDX,DWORD PTR DS:[ECX+4]
0040F9B8 |. 8955 F0
MOV DWORD PTR SS:[LOCAL.4],EDX
0040F9BB |. EB 09
JMP SHORT 0040F9C6
0040F9BD |> 8B45 F8
MOV EAX,DWORD PTR SS:[LOCAL.2]
0040F9C0 |. 83C0 04
ADD EAX,4
0040F9C3 |. 8945 F0
MOV DWORD PTR SS:[LOCAL.4],EAX
0040F9C6 |> 8A4D 10
MOV CL,BYTE PTR SS:[ARG.3]
0040F9C9 |. 884D FF
MOV BYTE PTR SS:[LOCAL.1+3],CL
0040F9CC |. 8B55 0C
MOV EDX,DWORD PTR SS:[ARG.2]
0040F9CF |. 52
PUSH EDX
[ARG.2]
0040F9D0 |. 0FBE45 FF
MOVSX EAX,BYTE PTR SS:[LOCAL.1+3]
0040F9D4 |. 50
PUSH EAX
0040F9D5 |. 8B4D F0
MOV ECX,DWORD PTR SS:[LOCAL.4]
0040F9D8 |. 034D 08
ADD ECX,DWORD PTR SS:[ARG.1]
0040F9DB |. 51
PUSH ECX
0040F9DC |. E8 BFEE0100 CALL 0042E8A0
fo.0042E8A0
0040F9E1 |. 83C4 0C
ADD ESP,0C
0040F9E4 |> 8BE5
MOV ESP,EBP
0040F9E6 |. 5D
POP EBP
0040F9E7 \. C2 0C00
RETN 0C
0040F9EA
CC
INT3
0040F9EB
CC
INT3
0040F9EC
CC
INT3
0040F9ED
CC
INT3
0040F9EE
CC
INT3
0040F9EF
CC
INT3

; SystemInf

; /Arg3 =>
;
;
;
;
;
;

|
|Arg2
|
|
|Arg1
\SystemIn

0040F9F0 /$ 55
PUSH EBP
o.0040F9F0(guessed Arg1,Arg2)
0040F9F1 |. 8BEC
MOV EBP,ESP
0040F9F3 |. 83EC 30
SUB ESP,30
0040F9F6 |. 894D E0
MOV DWORD PTR SS:[LOCAL.8],ECX
0040F9F9 |. C745 F8 FFFFF MOV DWORD PTR SS:[LOCAL.2],-1
0040FA00 |. 837D F8 00
CMP DWORD PTR SS:[LOCAL.2],0
0040FA04 |. 76 08
JBE SHORT 0040FA0E
0040FA06 |. 8B45 F8
MOV EAX,DWORD PTR SS:[LOCAL.2]
0040FA09 |. 8945 DC
MOV DWORD PTR SS:[LOCAL.9],EAX
0040FA0C |. EB 07
JMP SHORT 0040FA15
0040FA0E |> C745 DC 01000 MOV DWORD PTR SS:[LOCAL.9],1
0040FA15 |> 8B4D DC
MOV ECX,DWORD PTR SS:[LOCAL.9]
0040FA18 |. 894D FC
MOV DWORD PTR SS:[LOCAL.1],ECX
0040FA1B |. 837D FC 01
CMP DWORD PTR SS:[LOCAL.1],1
0040FA1F |. 77 09
JA SHORT 0040FA2A
0040FA21 |. C745 D8 01000 MOV DWORD PTR SS:[LOCAL.10],1
0040FA28 |. EB 09
JMP SHORT 0040FA33
0040FA2A |> 8B55 FC
MOV EDX,DWORD PTR SS:[LOCAL.1]
0040FA2D |. 83EA 01
SUB EDX,1
0040FA30 |. 8955 D8
MOV DWORD PTR SS:[LOCAL.10],EDX
0040FA33 |> 8B45 D8
MOV EAX,DWORD PTR SS:[LOCAL.10]
0040FA36 |. 3B45 08
CMP EAX,DWORD PTR SS:[ARG.1]
0040FA39 |. 73 05
JNB SHORT 0040FA40
0040FA3B |. E8 EDE10100 CALL 0042DC2D
0040FA40 |> 8B4D E0
MOV ECX,DWORD PTR SS:[LOCAL.8]
0040FA43 |. 8B51 18
MOV EDX,DWORD PTR DS:[ECX+18]
0040FA46 |. 3B55 08
CMP EDX,DWORD PTR SS:[ARG.1]
0040FA49 |. 73 15
JNB SHORT 0040FA60
0040FA4B |. 8B45 E0
MOV EAX,DWORD PTR SS:[LOCAL.8]
0040FA4E |. 8B48 14
MOV ECX,DWORD PTR DS:[EAX+14]
0040FA51 |. 51
PUSH ECX
[ARG.ECX+14]
0040FA52 |. 8B55 08
MOV EDX,DWORD PTR SS:[ARG.1]
0040FA55 |. 52
PUSH EDX
[ARG.1]
0040FA56 |. 8B4D E0
MOV ECX,DWORD PTR SS:[LOCAL.8]
0040FA59 |. E8 92040000 CALL 0040FEF0
fo.0040FEF0
0040FA5E |. EB 73
JMP SHORT 0040FAD3
0040FA60 |> 0FB645 0C
MOVZX EAX,BYTE PTR SS:[ARG.2]
0040FA64 |. 85C0
TEST EAX,EAX
0040FA66 |. 74 32
JE SHORT 0040FA9A
0040FA68 |. 837D 08 10
CMP DWORD PTR SS:[ARG.1],10
0040FA6C |. 73 2C
JNB SHORT 0040FA9A
0040FA6E |. 8B4D E0
MOV ECX,DWORD PTR SS:[LOCAL.8]
0040FA71 |. 8B55 08
MOV EDX,DWORD PTR SS:[ARG.1]
0040FA74 |. 3B51 14
CMP EDX,DWORD PTR DS:[ECX+14]
0040FA77 |. 73 08
JNB SHORT 0040FA81
0040FA79 |. 8B45 08
MOV EAX,DWORD PTR SS:[ARG.1]
0040FA7C |. 8945 D4
MOV DWORD PTR SS:[LOCAL.11],EAX
0040FA7F |. EB 09
JMP SHORT 0040FA8A
0040FA81 |> 8B4D E0
MOV ECX,DWORD PTR SS:[LOCAL.8]
0040FA84 |. 8B51 14
MOV EDX,DWORD PTR DS:[ECX+14]
0040FA87 |. 8955 D4
MOV DWORD PTR SS:[LOCAL.11],EDX
0040FA8A |> 8B45 D4
MOV EAX,DWORD PTR SS:[LOCAL.11]
0040FA8D |. 50
PUSH EAX
0040FA8E |. 6A 01
PUSH 1
0040FA90 |. 8B4D E0
MOV ECX,DWORD PTR SS:[LOCAL.8]
0040FA93 |. E8 C8000000 CALL 0040FB60

; SystemInf

; /Arg2 =>
; |
; |Arg1 =>
; |
; \SystemIn

;
;
;
;

/Arg2
|Arg1 = 1
|
\SystemIn

fo.0040FB60
0040FA98 |. EB 39
JMP SHORT 0040FAD3
0040FA9A |> 837D 08 00
CMP DWORD PTR SS:[ARG.1],0
0040FA9E |. 75 33
JNE SHORT 0040FAD3
0040FAA0 |. C645 E6 00
MOV BYTE PTR SS:[LOCAL.7+2],0
0040FAA4 |. 8B4D E0
MOV ECX,DWORD PTR SS:[LOCAL.8]
0040FAA7 |. C741 14 00000 MOV DWORD PTR DS:[ECX+14],0
0040FAAE |. 8B55 E0
MOV EDX,DWORD PTR SS:[LOCAL.8]
0040FAB1 |. 837A 18 10
CMP DWORD PTR DS:[EDX+18],10
0040FAB5 |. 72 0B
JB SHORT 0040FAC2
0040FAB7 |. 8B45 E0
MOV EAX,DWORD PTR SS:[LOCAL.8]
0040FABA |. 8B48 04
MOV ECX,DWORD PTR DS:[EAX+4]
0040FABD |. 894D D0
MOV DWORD PTR SS:[LOCAL.12],ECX
0040FAC0 |. EB 09
JMP SHORT 0040FACB
0040FAC2 |> 8B55 E0
MOV EDX,DWORD PTR SS:[LOCAL.8]
0040FAC5 |. 83C2 04
ADD EDX,4
0040FAC8 |. 8955 D0
MOV DWORD PTR SS:[LOCAL.12],EDX
0040FACB |> 8B45 D0
MOV EAX,DWORD PTR SS:[LOCAL.12]
0040FACE |. 8A4D E6
MOV CL,BYTE PTR SS:[LOCAL.7+2]
0040FAD1 |. 8808
MOV BYTE PTR DS:[EAX],CL
0040FAD3 |> 33D2
XOR EDX,EDX
0040FAD5 |. 3B55 08
CMP EDX,DWORD PTR SS:[ARG.1]
to boolean result of comparison EDX<[EBP+8]
0040FAD8 |. 1BC0
SBB EAX,EAX
0040FADA |. F7D8
NEG EAX
0040FADC |. 8BE5
MOV ESP,EBP
0040FADE |. 5D
POP EBP
0040FADF \. C2 0800
RETN 8
0040FAE2
CC
INT3
0040FAE3
CC
INT3
0040FAE4
CC
INT3
0040FAE5
CC
INT3
0040FAE6
CC
INT3
0040FAE7
CC
INT3
0040FAE8
CC
INT3
0040FAE9
CC
INT3
0040FAEA
CC
INT3
0040FAEB
CC
INT3
0040FAEC
CC
INT3
0040FAED
CC
INT3
0040FAEE
CC
INT3
0040FAEF
CC
INT3
0040FAF0 /$ 55
PUSH EBP
o.0040FAF0(guessed Arg1)
0040FAF1 |. 8BEC
MOV EBP,ESP
0040FAF3 |. 83EC 0C
SUB ESP,0C
0040FAF6 |. 894D FC
MOV DWORD PTR SS:[LOCAL.1],ECX
0040FAF9 |. 837D 08 00
CMP DWORD PTR SS:[ARG.1],0
0040FAFD |. 74 50
JE SHORT 0040FB4F
0040FAFF |. 8B45 FC
MOV EAX,DWORD PTR SS:[LOCAL.1]
0040FB02 |. 8378 18 10
CMP DWORD PTR DS:[EAX+18],10
0040FB06 |. 72 0B
JB SHORT 0040FB13
0040FB08 |. 8B4D FC
MOV ECX,DWORD PTR SS:[LOCAL.1]
0040FB0B |. 8B51 04
MOV EDX,DWORD PTR DS:[ECX+4]
0040FB0E |. 8955 F8
MOV DWORD PTR SS:[LOCAL.2],EDX
0040FB11 |. EB 09
JMP SHORT 0040FB1C
0040FB13 |> 8B45 FC
MOV EAX,DWORD PTR SS:[LOCAL.1]
0040FB16 |. 83C0 04
ADD EAX,4
0040FB19 |. 8945 F8
MOV DWORD PTR SS:[LOCAL.2],EAX
0040FB1C |> 8B4D 08
MOV ECX,DWORD PTR SS:[ARG.1]

; Sets EAX

; SystemInf

0040FB1F |. 3B4D F8
CMP ECX,DWORD PTR SS:[LOCAL.2]
0040FB22 |. 72 2B
JB SHORT 0040FB4F
0040FB24 |. 8B55 FC
MOV EDX,DWORD PTR SS:[LOCAL.1]
0040FB27 |. 837A 18 10
CMP DWORD PTR DS:[EDX+18],10
0040FB2B |. 72 0B
JB SHORT 0040FB38
0040FB2D |. 8B45 FC
MOV EAX,DWORD PTR SS:[LOCAL.1]
0040FB30 |. 8B48 04
MOV ECX,DWORD PTR DS:[EAX+4]
0040FB33 |. 894D F4
MOV DWORD PTR SS:[LOCAL.3],ECX
0040FB36 |. EB 09
JMP SHORT 0040FB41
0040FB38 |> 8B55 FC
MOV EDX,DWORD PTR SS:[LOCAL.1]
0040FB3B |. 83C2 04
ADD EDX,4
0040FB3E |. 8955 F4
MOV DWORD PTR SS:[LOCAL.3],EDX
0040FB41 |> 8B45 FC
MOV EAX,DWORD PTR SS:[LOCAL.1]
0040FB44 |. 8B4D F4
MOV ECX,DWORD PTR SS:[LOCAL.3]
0040FB47 |. 0348 14
ADD ECX,DWORD PTR DS:[EAX+14]
0040FB4A |. 3B4D 08
CMP ECX,DWORD PTR SS:[ARG.1]
0040FB4D |. 77 06
JA SHORT 0040FB55
0040FB4F |> 32C0
XOR AL,AL
0040FB51 |. EB 04
JMP SHORT 0040FB57
0040FB53 |. EB 02
JMP SHORT 0040FB57
0040FB55 |> B0 01
MOV AL,1
0040FB57 |> 8BE5
MOV ESP,EBP
0040FB59 |. 5D
POP EBP
0040FB5A \. C2 0400
RETN 4
0040FB5D
CC
INT3
0040FB5E
CC
INT3
0040FB5F
CC
INT3
0040FB60 /$ 55
PUSH EBP
o.0040FB60(guessed Arg1,Arg2)
0040FB61 |. 8BEC
MOV EBP,ESP
0040FB63 |. 83EC 1C
SUB ESP,1C
0040FB66 |. 894D E8
MOV DWORD PTR SS:[LOCAL.6],ECX
0040FB69 |. 0FB645 08
MOVZX EAX,BYTE PTR SS:[ARG.1]
0040FB6D |. 85C0
TEST EAX,EAX
0040FB6F |. 75 02
JNE SHORT 0040FB73
0040FB71 |. EB 55
JMP SHORT 0040FBC8
0040FB73 |> 8B4D E8
MOV ECX,DWORD PTR SS:[LOCAL.6]
0040FB76 |. 8379 18 10
CMP DWORD PTR DS:[ECX+18],10
0040FB7A |. 72 4C
JB SHORT 0040FBC8
0040FB7C |. 8B55 E8
MOV EDX,DWORD PTR SS:[LOCAL.6]
0040FB7F |. 8B42 04
MOV EAX,DWORD PTR DS:[EDX+4]
0040FB82 |. 8945 FC
MOV DWORD PTR SS:[LOCAL.1],EAX
0040FB85 |. 837D 0C 00
CMP DWORD PTR SS:[ARG.2],0
0040FB89 |. 76 25
JBE SHORT 0040FBB0
0040FB8B |. 8B4D E8
MOV ECX,DWORD PTR SS:[LOCAL.6]
0040FB8E |. 83C1 04
ADD ECX,4
0040FB91 |. 894D F4
MOV DWORD PTR SS:[LOCAL.3],ECX
0040FB94 |. 8A55 FA
MOV DL,BYTE PTR SS:[LOCAL.2+2]
0040FB97 |. 8855 FB
MOV BYTE PTR SS:[LOCAL.2+3],DL
0040FB9A |. 8B45 0C
MOV EAX,DWORD PTR SS:[ARG.2]
0040FB9D |. 50
PUSH EAX
[ARG.2]
0040FB9E |. 8B4D FC
MOV ECX,DWORD PTR SS:[LOCAL.1]
0040FBA1 |. 51
PUSH ECX
[ARG.ECX+4]
0040FBA2 |. 6A 10
PUSH 10
0
0040FBA4 |. 8B55 F4
MOV EDX,DWORD PTR SS:[LOCAL.3]
0040FBA7 |. 52
PUSH EDX
ARG.ECX+4

; SystemInf

; /Arg4 =>
; |
; |Arg3 =>
; |Arg2 = 1
; |
; |Arg1 =>

0040FBA8 |. E8 5BEE0100
fo.0042EA08
0040FBAD |. 83C4 10
0040FBB0 |> 8B45 E8
0040FBB3 |. 8B48 18
0040FBB6 |. 83C1 01
0040FBB9 |. 894D F0
0040FBBC |. 8B55 FC
0040FBBF |. 52
0040FBC0 |. E8 55ED0100
0040FBC5 |. 83C4 04
0040FBC8 |> 8B45 E8
0040FBCB |. C740 18 0F000
0040FBD2 |. C645 EF 00
0040FBD6 |. 8B4D E8
0040FBD9 |. 8B55 0C
0040FBDC |. 8951 14
0040FBDF |. 8B45 E8
0040FBE2 |. 8378 18 10
0040FBE6 |. 72 0B
0040FBE8 |. 8B4D E8
0040FBEB |. 8B51 04
0040FBEE |. 8955 E4
0040FBF1 |. EB 09
0040FBF3 |> 8B45 E8
0040FBF6 |. 83C0 04
0040FBF9 |. 8945 E4
0040FBFC |> 8B4D E4
0040FBFF |. 034D 0C
0040FC02 |. 8A55 EF
0040FC05 |. 8811
0040FC07 |. 8BE5
0040FC09 |. 5D
0040FC0A \. C2 0800
0040FC0D
CC
0040FC0E
CC
0040FC0F
CC
0040FC10 /$ 55
o.0040FC10(guessed Arg1)
0040FC11 |. 8BEC
0040FC13 |. 83EC 14
0040FC16 |. 894D F4
0040FC19 |. 8B45 F4
0040FC1C |. 8B48 24
0040FC1F |. 8339 00
0040FC22 |. 74 0D
0040FC24 |. 8B55 F4
0040FC27 |. 8B42 34
0040FC2A |. 8B08
0040FC2C |. 894D F0
0040FC2F |. EB 07
0040FC31 |> C745 F0 00000
0040FC38 |> 837D F0 00
0040FC3C |. 7E 1E
0040FC3E |. 8B4D F4
0040FC41 |. E8 3A000000
0040FC46 |. 8945 FC
0040FC49 |. 8B55 FC
0040FC4C |. 8A45 08
0040FC4F |. 8802

CALL 0042EA08

; \SystemIn

ADD ESP,10
MOV EAX,DWORD PTR SS:[LOCAL.6]
MOV ECX,DWORD PTR DS:[EAX+18]
ADD ECX,1
MOV DWORD PTR SS:[LOCAL.4],ECX
MOV EDX,DWORD PTR SS:[LOCAL.1]
PUSH EDX
CALL 0042E91A
ADD ESP,4
MOV EAX,DWORD PTR SS:[LOCAL.6]
MOV DWORD PTR DS:[EAX+18],0F
MOV BYTE PTR SS:[LOCAL.5+3],0
MOV ECX,DWORD PTR SS:[LOCAL.6]
MOV EDX,DWORD PTR SS:[ARG.2]
MOV DWORD PTR DS:[ECX+14],EDX
MOV EAX,DWORD PTR SS:[LOCAL.6]
CMP DWORD PTR DS:[EAX+18],10
JB SHORT 0040FBF3
MOV ECX,DWORD PTR SS:[LOCAL.6]
MOV EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[LOCAL.7],EDX
JMP SHORT 0040FBFC
MOV EAX,DWORD PTR SS:[LOCAL.6]
ADD EAX,4
MOV DWORD PTR SS:[LOCAL.7],EAX
MOV ECX,DWORD PTR SS:[LOCAL.7]
ADD ECX,DWORD PTR SS:[ARG.2]
MOV DL,BYTE PTR SS:[LOCAL.5+3]
MOV BYTE PTR DS:[ECX],DL
MOV ESP,EBP
POP EBP
RETN 8
INT3
INT3
INT3
PUSH EBP

; SystemInf

MOV EBP,ESP
SUB ESP,14
MOV DWORD PTR SS:[LOCAL.3],ECX
MOV EAX,DWORD PTR SS:[LOCAL.3]
MOV ECX,DWORD PTR DS:[EAX+24]
CMP DWORD PTR DS:[ECX],0
JE SHORT 0040FC31
MOV EDX,DWORD PTR SS:[LOCAL.3]
MOV EAX,DWORD PTR DS:[EDX+34]
MOV ECX,DWORD PTR DS:[EAX]
MOV DWORD PTR SS:[LOCAL.4],ECX
JMP SHORT 0040FC38
MOV DWORD PTR SS:[LOCAL.4],0
CMP DWORD PTR SS:[LOCAL.4],0
JLE SHORT 0040FC5C
MOV ECX,DWORD PTR SS:[LOCAL.3]
CALL 0040FC80
MOV DWORD PTR SS:[LOCAL.1],EAX
MOV EDX,DWORD PTR SS:[LOCAL.1]
MOV AL,BYTE PTR SS:[ARG.1]
MOV BYTE PTR DS:[EDX],AL

0040FC51
0040FC54
0040FC57
0040FC5A
0040FC5C
0040FC60
0040FC63
0040FC66
0040FC67
0040FC6A
0040FC6C
0040FC6F
0040FC72
0040FC74
0040FC77
0040FC7A
0040FC7C
0040FC7D
0040FC80
0040FC81
0040FC83
0040FC86
0040FC89
0040FC8C
0040FC8F
0040FC91
0040FC94
0040FC97
0040FC9A
0040FC9C
0040FC9F
0040FCA2
0040FCA4
0040FCA7
0040FCAA
0040FCAD
0040FCAF
0040FCB2
0040FCB5
0040FCB8
0040FCBA
0040FCBD
0040FCBF
0040FCC0
0040FCC1
0040FCC2
0040FCC3
0040FCC4
0040FCC5
0040FCC6
0040FCC7
0040FCC8
0040FCC9
0040FCCA
0040FCCB
0040FCCC
0040FCCD
0040FCCE
0040FCCF
0040FCD0

|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
\.
/$
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
\.

8B4D FC
0FB611
8955 EC
EB 1B
0FB645 08
8945 F8
8B4D F8
51
8B55 F4
8B02
8B4D F4
8B50 04
FFD2
8945 EC
8B45 EC
8BE5
5D
C2 0400
55
8BEC
83EC 08
894D FC
8B45 FC
8B48 34
8B11
83EA 01
8B45 FC
8B48 34
8911
8B55 FC
8B42 24
8B08
894D F8
8B55 FC
8B42 24
8B08
83C1 01
8B55 FC
8B42 24
8908
8B45 F8
8BE5
5D
C3
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
/$ 55

MOV ECX,DWORD PTR SS:[LOCAL.1]


MOVZX EDX,BYTE PTR DS:[ECX]
MOV DWORD PTR SS:[LOCAL.5],EDX
JMP SHORT 0040FC77
MOVZX EAX,BYTE PTR SS:[ARG.1]
MOV DWORD PTR SS:[LOCAL.2],EAX
MOV ECX,DWORD PTR SS:[LOCAL.2]
PUSH ECX
MOV EDX,DWORD PTR SS:[LOCAL.3]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[LOCAL.3]
MOV EDX,DWORD PTR DS:[EAX+4]
CALL EDX
MOV DWORD PTR SS:[LOCAL.5],EAX
MOV EAX,DWORD PTR SS:[LOCAL.5]
MOV ESP,EBP
POP EBP
RETN 4
PUSH EBP
MOV EBP,ESP
SUB ESP,8
MOV DWORD PTR SS:[LOCAL.1],ECX
MOV EAX,DWORD PTR SS:[LOCAL.1]
MOV ECX,DWORD PTR DS:[EAX+34]
MOV EDX,DWORD PTR DS:[ECX]
SUB EDX,1
MOV EAX,DWORD PTR SS:[LOCAL.1]
MOV ECX,DWORD PTR DS:[EAX+34]
MOV DWORD PTR DS:[ECX],EDX
MOV EDX,DWORD PTR SS:[LOCAL.1]
MOV EAX,DWORD PTR DS:[EDX+24]
MOV ECX,DWORD PTR DS:[EAX]
MOV DWORD PTR SS:[LOCAL.2],ECX
MOV EDX,DWORD PTR SS:[LOCAL.1]
MOV EAX,DWORD PTR DS:[EDX+24]
MOV ECX,DWORD PTR DS:[EAX]
ADD ECX,1
MOV EDX,DWORD PTR SS:[LOCAL.1]
MOV EAX,DWORD PTR DS:[EDX+24]
MOV DWORD PTR DS:[EAX],ECX
MOV EAX,DWORD PTR SS:[LOCAL.2]
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP

0040FCD1
0040FCD3
0040FCD6
0040FCD9
0040FCDC
0040FCDF
0040FCE2
0040FCE4
0040FCE7
0040FCEA
0040FCEC
0040FCEF
0040FCF3
0040FCF5
0040FCF8
0040FCFB
0040FCFE
0040FD01
0040FD03
0040FD05
0040FD08
0040FD0A
0040FD0D
0040FD10
0040FD13
0040FD16
0040FD18
0040FD1A
0040FD1D
0040FD20
0040FD23
0040FD25
0040FD28
0040FD2B
0040FD2E
0040FD30
0040FD33
0040FD36
0040FD37
0040FD3C
0040FD3F
0040FD42
0040FD45
0040FD4B
0040FD4E
0040FD51
0040FD57
0040FD59
0040FD5C
0040FD5F
0040FD61
0040FD64
0040FD67
0040FD6D
0040FD70
0040FD73
0040FD79
0040FD7B
0040FD7E
0040FD81

|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.

8BEC
83EC 14
894D F0
8B45 F0
8B48 40
83E1 01
74 5B
8B55 F0
8B42 24
8B08
894D FC
837D FC 00
74 15
8B55 F0
8B42 34
8B4D F0
8B51 24
8B0A
0308
894D EC
EB 13
8B55 F0
8B42 30
8B4D F0
8B51 20
8B0A
0308
894D EC
8B55 F0
8B42 10
8B08
894D F8
8B55 F0
8B42 10
8B08
894D F4
8B55 F4
52
E8 DEEB0100
83C4 04
8B45 F0
8B48 10
C701 00000000
8B55 F0
8B42 20
C700 00000000
33C9
8B55 F0
8B42 30
8908
8B4D F0
8B51 14
C702 00000000
8B45 F0
8B48 24
C701 00000000
33D2
8B45 F0
8B48 34
8911

MOV EBP,ESP
SUB ESP,14
MOV DWORD PTR SS:[LOCAL.4],ECX
MOV EAX,DWORD PTR SS:[LOCAL.4]
MOV ECX,DWORD PTR DS:[EAX+40]
AND ECX,00000001
JE SHORT 0040FD3F
MOV EDX,DWORD PTR SS:[LOCAL.4]
MOV EAX,DWORD PTR DS:[EDX+24]
MOV ECX,DWORD PTR DS:[EAX]
MOV DWORD PTR SS:[LOCAL.1],ECX
CMP DWORD PTR SS:[LOCAL.1],0
JE SHORT 0040FD0A
MOV EDX,DWORD PTR SS:[LOCAL.4]
MOV EAX,DWORD PTR DS:[EDX+34]
MOV ECX,DWORD PTR SS:[LOCAL.4]
MOV EDX,DWORD PTR DS:[ECX+24]
MOV ECX,DWORD PTR DS:[EDX]
ADD ECX,DWORD PTR DS:[EAX]
MOV DWORD PTR SS:[LOCAL.5],ECX
JMP SHORT 0040FD1D
MOV EDX,DWORD PTR SS:[LOCAL.4]
MOV EAX,DWORD PTR DS:[EDX+30]
MOV ECX,DWORD PTR SS:[LOCAL.4]
MOV EDX,DWORD PTR DS:[ECX+20]
MOV ECX,DWORD PTR DS:[EDX]
ADD ECX,DWORD PTR DS:[EAX]
MOV DWORD PTR SS:[LOCAL.5],ECX
MOV EDX,DWORD PTR SS:[LOCAL.4]
MOV EAX,DWORD PTR DS:[EDX+10]
MOV ECX,DWORD PTR DS:[EAX]
MOV DWORD PTR SS:[LOCAL.2],ECX
MOV EDX,DWORD PTR SS:[LOCAL.4]
MOV EAX,DWORD PTR DS:[EDX+10]
MOV ECX,DWORD PTR DS:[EAX]
MOV DWORD PTR SS:[LOCAL.3],ECX
MOV EDX,DWORD PTR SS:[LOCAL.3]
PUSH EDX
CALL 0042E91A
ADD ESP,4
MOV EAX,DWORD PTR SS:[LOCAL.4]
MOV ECX,DWORD PTR DS:[EAX+10]
MOV DWORD PTR DS:[ECX],0
MOV EDX,DWORD PTR SS:[LOCAL.4]
MOV EAX,DWORD PTR DS:[EDX+20]
MOV DWORD PTR DS:[EAX],0
XOR ECX,ECX
MOV EDX,DWORD PTR SS:[LOCAL.4]
MOV EAX,DWORD PTR DS:[EDX+30]
MOV DWORD PTR DS:[EAX],ECX
MOV ECX,DWORD PTR SS:[LOCAL.4]
MOV EDX,DWORD PTR DS:[ECX+14]
MOV DWORD PTR DS:[EDX],0
MOV EAX,DWORD PTR SS:[LOCAL.4]
MOV ECX,DWORD PTR DS:[EAX+24]
MOV DWORD PTR DS:[ECX],0
XOR EDX,EDX
MOV EAX,DWORD PTR SS:[LOCAL.4]
MOV ECX,DWORD PTR DS:[EAX+34]
MOV DWORD PTR DS:[ECX],EDX

0040FD83 |. 8B55 F0
0040FD86 |. C742 3C 00000
0040FD8D |. 8B45 F0
0040FD90 |. 8B48 40
0040FD93 |. 83E1 FE
0040FD96 |. 8B55 F0
0040FD99 |. 894A 40
0040FD9C |. 8BE5
0040FD9E |. 5D
0040FD9F \. C3
0040FDA0 /$ 55
o.0040FDA0(guessed Arg1)
0040FDA1 |. 8BEC
0040FDA3 |. 6A FF
0040FDA5 |. 68 AB5A4400
0040FDAA |. 64:A1 0000000
0040FDB0 |. 50
0040FDB1 |. 81EC 10010000
0040FDB7 |. A1 A0154500
0040FDBC |. 33C5
0040FDBE |. 50
0040FDBF |. 8D45 F4
0040FDC2 |. 64:A3 0000000
0040FDC8 |. 898D E4FEFFFF
0040FDCE |. 8B45 08
0040FDD1 |. 50
[ARG.1]
0040FDD2 |. 8B8D E4FEFFFF
0040FDD8 |. E8 33040000
fo.00410210
0040FDDD |. C745 FC 00000
0040FDE4 |. 8B4D 08
0040FDE7 |. 8B11
0040FDE9 |. 8B42 04
0040FDEC |. 8B4D 08
0040FDEF |. 8B5401 08
0040FDF3 |. 8955 E8
0040FDF6 |. 33C0
0040FDF8 |. 837D E8 00
0040FDFC |. 0F94C0
0040FDFF |. 0FB6C8
0040FE02 |. 85C9
0040FE04 |. 74 32
0040FE06 |. 8B55 08
0040FE09 |. 8B02
0040FE0B |. 8B48 04
0040FE0E |. 8B55 08
0040FE11 |. 8B440A 2C
0040FE15 |. 8945 E4
0040FE18 |. 837D E4 00
0040FE1C |. 74 1A
0040FE1E |. 8B4D 08
0040FE21 |. 8B11
0040FE23 |. 8B42 04
0040FE26 |. 8B4D 08
0040FE29 |. 8B5401 2C
0040FE2D |. 8955 E0
0040FE30 |. 8B4D E0
0040FE33 |. E8 88F9FFFF
fo.0040F7C0

MOV EDX,DWORD PTR SS:[LOCAL.4]


MOV DWORD PTR DS:[EDX+3C],0
MOV EAX,DWORD PTR SS:[LOCAL.4]
MOV ECX,DWORD PTR DS:[EAX+40]
AND ECX,FFFFFFFE
MOV EDX,DWORD PTR SS:[LOCAL.4]
MOV DWORD PTR DS:[EDX+40],ECX
MOV ESP,EBP
POP EBP
RETN
PUSH EBP

; SystemInf

MOV EBP,ESP
PUSH -1
PUSH 00445AAB
MOV EAX,DWORD PTR FS:[0]
PUSH EAX
SUB ESP,110
MOV EAX,DWORD PTR DS:[4515A0]
XOR EAX,EBP
PUSH EAX
LEA EAX,[LOCAL.3]
MOV DWORD PTR FS:[0],EAX
MOV DWORD PTR SS:[LOCAL.71],ECX
MOV EAX,DWORD PTR SS:[ARG.1]
PUSH EAX

; /Arg1 =>

MOV ECX,DWORD PTR SS:[LOCAL.71]


CALL 00410210

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.1],0


MOV ECX,DWORD PTR SS:[ARG.1]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR DS:[EDX+4]
MOV ECX,DWORD PTR SS:[ARG.1]
MOV EDX,DWORD PTR DS:[EAX+ECX+8]
MOV DWORD PTR SS:[LOCAL.6],EDX
XOR EAX,EAX
CMP DWORD PTR SS:[LOCAL.6],0
SETE AL
MOVZX ECX,AL
TEST ECX,ECX
JE SHORT 0040FE38
MOV EDX,DWORD PTR SS:[ARG.1]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR DS:[EAX+4]
MOV EDX,DWORD PTR SS:[ARG.1]
MOV EAX,DWORD PTR DS:[ECX+EDX+2C]
MOV DWORD PTR SS:[LOCAL.7],EAX
CMP DWORD PTR SS:[LOCAL.7],0
JE SHORT 0040FE38
MOV ECX,DWORD PTR SS:[ARG.1]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR DS:[EDX+4]
MOV ECX,DWORD PTR SS:[ARG.1]
MOV EDX,DWORD PTR DS:[EAX+ECX+2C]
MOV DWORD PTR SS:[LOCAL.8],EDX
MOV ECX,DWORD PTR SS:[LOCAL.8]
CALL 0040F7C0

; [SystemIn

0040FE38
0040FE3B
0040FE3D
0040FE40
0040FE43
0040FE47
0040FE4D
0040FE4F
0040FE56
0040FE59
0040FE5F
0040FE62
0040FE69
0040FE6F
0040FE72
0040FE79
0040FE7A
0040FE7C
0040FE7D
0040FE80
0040FE81
0040FE83
0040FE85
0040FE8A
0040FE90
0040FE91
0040FE94
0040FE99
0040FE9B
0040FE9C
0040FE9F
0040FEA5
0040FEA8
0040FEAF
0040FEB4
0040FEB7
0040FEB9
0040FEBB
0040FEBE
0040FEC0
0040FEC5
0040FECC
0040FECF
0040FED4
0040FED7
0040FEDE
0040FEDF
0040FEE1
0040FEE2
0040FEE3
0040FEE4
0040FEE5
0040FEE6
0040FEE7
0040FEE8
0040FEE9
0040FEEA
0040FEEB
0040FEEC
0040FEED

|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
\.
/>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
\.

8B45 08
8B08
8B51 04
8B45 08
8B4C10 08
898D E8FEFFFF
33D2
83BD E8FEFFFF
0F94C2
8B85 E4FEFFFF
8850 04
C745 FC FFFFF
8B85 E4FEFFFF
8B4D F4
64:890D 00000
59
8BE5
5D
C2 0400
55
8BEC
6A FF
68 D85A4400
64:A1 0000000
50
83EC 0C
A1 A0154500
33C5
50
8D45 F4
64:A3 0000000
894D E8
C745 FC 00000
E8 FAD80100
0FB6C0
85C0
75 0A
8B4D E8
8B09
E8 BB020000
C745 FC FFFFF
8B4D E8
E8 9C030000
8B4D F4
64:890D 00000
59
8BE5
5D
C3
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC

MOV EAX,DWORD PTR SS:[ARG.1]


MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR DS:[ECX+4]
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ECX,DWORD PTR DS:[EDX+EAX+8]
MOV DWORD PTR SS:[LOCAL.70],ECX
XOR EDX,EDX
CMP DWORD PTR SS:[LOCAL.70],0
SETE DL
MOV EAX,DWORD PTR SS:[LOCAL.71]
MOV BYTE PTR DS:[EAX+4],DL
MOV DWORD PTR SS:[LOCAL.1],-1
MOV EAX,DWORD PTR SS:[LOCAL.71]
MOV ECX,DWORD PTR SS:[LOCAL.3]
MOV DWORD PTR FS:[0],ECX
POP ECX
MOV ESP,EBP
POP EBP
RETN 4
PUSH EBP
MOV EBP,ESP
PUSH -1
PUSH 00445AD8
MOV EAX,DWORD PTR FS:[0]
PUSH EAX
SUB ESP,0C
MOV EAX,DWORD PTR DS:[4515A0]
XOR EAX,EBP
PUSH EAX
LEA EAX,[EBP-0C]
MOV DWORD PTR FS:[0],EAX
MOV DWORD PTR SS:[EBP-18],ECX
MOV DWORD PTR SS:[EBP-4],0
CALL 0042D7AE
MOVZX EAX,AL
TEST EAX,EAX
JNE SHORT 0040FEC5
MOV ECX,DWORD PTR SS:[EBP-18]
MOV ECX,DWORD PTR DS:[ECX]
CALL 00410180
MOV DWORD PTR SS:[EBP-4],-1
MOV ECX,DWORD PTR SS:[EBP-18]
CALL 00410270
MOV ECX,DWORD PTR SS:[EBP-0C]
MOV DWORD PTR FS:[0],ECX
POP ECX
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3

0040FEEE
CC
INT3
0040FEEF
CC
INT3
0040FEF0 /$ 55
PUSH EBP
o.0040FEF0(guessed Arg1,Arg2)
0040FEF1 |. 8BEC
MOV EBP,ESP
0040FEF3 |. 6A FF
PUSH -1
0040FEF5 |. 68 005B4400 PUSH 00445B00
0040FEFA |. 64:A1 0000000 MOV EAX,DWORD PTR FS:[0]
0040FF00 |. 50
PUSH EAX
0040FF01 |. 51
PUSH ECX
0040FF02 |. 81EC 88000000 SUB ESP,88
0040FF08 |. 53
PUSH EBX
0040FF09 |. 56
PUSH ESI
0040FF0A |. 57
PUSH EDI
0040FF0B |. A1 A0154500 MOV EAX,DWORD PTR DS:[4515A0]
0040FF10 |. 33C5
XOR EAX,EBP
0040FF12 |. 50
PUSH EAX
0040FF13 |. 8D45 F4
LEA EAX,[LOCAL.3]
0040FF16 |. 64:A3 0000000 MOV DWORD PTR FS:[0],EAX
0040FF1C |. 8965 F0
MOV DWORD PTR SS:[LOCAL.4],ESP
0040FF1F |. 894D 84
MOV DWORD PTR SS:[LOCAL.31],ECX
0040FF22 |. 8B45 08
MOV EAX,DWORD PTR SS:[ARG.1]
0040FF25 |. 83C8 0F
OR EAX,0000000F
0040FF28 |. 8945 E8
MOV DWORD PTR SS:[LOCAL.6],EAX
0040FF2B |. C745 E0 FFFFF MOV DWORD PTR SS:[LOCAL.8],-1
0040FF32 |. 837D E0 00
CMP DWORD PTR SS:[LOCAL.8],0
0040FF36 |. 76 08
JBE SHORT 0040FF40
0040FF38 |. 8B4D E0
MOV ECX,DWORD PTR SS:[LOCAL.8]
0040FF3B |. 894D 80
MOV DWORD PTR SS:[LOCAL.32],ECX
0040FF3E |. EB 07
JMP SHORT 0040FF47
0040FF40 |> C745 80 01000 MOV DWORD PTR SS:[LOCAL.32],1
0040FF47 |> 8B55 80
MOV EDX,DWORD PTR SS:[LOCAL.32]
0040FF4A |. 8955 E4
MOV DWORD PTR SS:[LOCAL.7],EDX
0040FF4D |. 837D E4 01
CMP DWORD PTR SS:[LOCAL.7],1
0040FF51 |. 77 0C
JA SHORT 0040FF5F
0040FF53 |. C785 7CFFFFFF MOV DWORD PTR SS:[LOCAL.33],1
0040FF5D |. EB 0C
JMP SHORT 0040FF6B
0040FF5F |> 8B45 E4
MOV EAX,DWORD PTR SS:[LOCAL.7]
0040FF62 |. 83E8 01
SUB EAX,1
0040FF65 |. 8985 7CFFFFFF MOV DWORD PTR SS:[LOCAL.33],EAX
0040FF6B |> 8B8D 7CFFFFFF MOV ECX,DWORD PTR SS:[LOCAL.33]
0040FF71 |. 3B4D E8
CMP ECX,DWORD PTR SS:[LOCAL.6]
0040FF74 |. 73 0B
JNB SHORT 0040FF81
0040FF76 |. 8B55 08
MOV EDX,DWORD PTR SS:[ARG.1]
0040FF79 |. 8955 E8
MOV DWORD PTR SS:[LOCAL.6],EDX
0040FF7C |. E9 8A000000 JMP 0041000B
0040FF81 |> 8B45 84
MOV EAX,DWORD PTR SS:[LOCAL.31]
0040FF84 |. 8B48 18
MOV ECX,DWORD PTR DS:[EAX+18]
0040FF87 |. D1E9
SHR ECX,1
0040FF89 |. 8B45 E8
MOV EAX,DWORD PTR SS:[LOCAL.6]
0040FF8C |. 33D2
XOR EDX,EDX
0040FF8E |. BE 03000000 MOV ESI,3
0040FF93 |. F7F6
DIV ESI
0040FF95 |. 3BC1
CMP EAX,ECX
0040FF97 |. 73 72
JNB SHORT 0041000B
0040FF99 |. C745 D8 FFFFF MOV DWORD PTR SS:[LOCAL.10],-1
0040FFA0 |. 837D D8 00
CMP DWORD PTR SS:[LOCAL.10],0
0040FFA4 |. 76 0B
JBE SHORT 0040FFB1
0040FFA6 |. 8B55 D8
MOV EDX,DWORD PTR SS:[LOCAL.10]
0040FFA9 |. 8995 78FFFFFF MOV DWORD PTR SS:[LOCAL.34],EDX

; SystemInf

0040FFAF |.
0040FFB1 |>
0040FFBB |>
0040FFC1 |.
0040FFC4 |.
0040FFC8 |.
0040FFCA |.
0040FFD4 |.
0040FFD6 |>
0040FFD9 |.
0040FFDC |.
0040FFE2 |>
0040FFE5 |.
0040FFE8 |.
0040FFEA |.
0040FFF0 |.
0040FFF2 |.
0040FFF5 |.
0040FFF8 |.
0040FFFA |.
0040FFFD |.
00410000 |.
00410002 |.
00410005 |.
00410008 |.
0041000B |>
00410012 |.
00410019 |.
0041001C |.
0041001F |.
00410020 |.
00410023 |.
fo.00410160
00410028 |.
0041002E |.
00410034 |.
00410037 \.
00410039 /.
0041003C |.
0041003F |.
00410042 |.
00410046 |.
00410048 |.
0041004B |.
0041004E |.
0041004F |.
00410054 |.
00410057 |.
0041005D |.
00410063 |.
00410066 \.
00410068 /.
0041006A |.
0041006C |.
0041006F |.
fo.0040FB60
00410074 |.
00410076 |.
00410078 |.
fo.0042E925

EB 0A
C785 78FFFFFF
8B85 78FFFFFF
8945 DC
837D DC 01
77 0C
C785 74FFFFFF
EB 0C
8B4D DC
83E9 01
898D 74FFFFFF
8B55 84
8B42 18
D1E8
8B8D 74FFFFFF
2BC8
8B55 84
394A 18
77 11
8B45 84
8B48 18
D1E9
8B55 84
034A 18
894D E8
C745 EC 00000
C745 FC 00000
8B45 E8
83C0 01
50
8B4D 84
E8 38010000

JMP SHORT 0040FFBB


MOV DWORD PTR SS:[LOCAL.34],1
MOV EAX,DWORD PTR SS:[LOCAL.34]
MOV DWORD PTR SS:[LOCAL.9],EAX
CMP DWORD PTR SS:[LOCAL.9],1
JA SHORT 0040FFD6
MOV DWORD PTR SS:[LOCAL.35],1
JMP SHORT 0040FFE2
MOV ECX,DWORD PTR SS:[LOCAL.9]
SUB ECX,1
MOV DWORD PTR SS:[LOCAL.35],ECX
MOV EDX,DWORD PTR SS:[LOCAL.31]
MOV EAX,DWORD PTR DS:[EDX+18]
SHR EAX,1
MOV ECX,DWORD PTR SS:[LOCAL.35]
SUB ECX,EAX
MOV EDX,DWORD PTR SS:[LOCAL.31]
CMP DWORD PTR DS:[EDX+18],ECX
JA SHORT 0041000B
MOV EAX,DWORD PTR SS:[LOCAL.31]
MOV ECX,DWORD PTR DS:[EAX+18]
SHR ECX,1
MOV EDX,DWORD PTR SS:[LOCAL.31]
ADD ECX,DWORD PTR DS:[EDX+18]
MOV DWORD PTR SS:[LOCAL.6],ECX
MOV DWORD PTR SS:[LOCAL.5],0
MOV DWORD PTR SS:[LOCAL.1],0
MOV EAX,DWORD PTR SS:[LOCAL.6]
ADD EAX,1
PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.31]
CALL 00410160

; /Arg1
; |
; \SystemIn

8985 70FFFFFF
8B8D 70FFFFFF
894D EC
EB 65
8965 F0
8B55 08
8955 E8
C645 FC 02
6A 00
8B45 E8
83C0 01
50
E8 6C020000
83C4 08
8985 6CFFFFFF
8B8D 6CFFFFFF
894D EC
EB 22
6A 00
6A 01
8B4D 84
E8 ECFAFFFF

MOV DWORD PTR SS:[LOCAL.36],EAX


MOV ECX,DWORD PTR SS:[LOCAL.36]
MOV DWORD PTR SS:[LOCAL.5],ECX
JMP SHORT 0041009E
MOV DWORD PTR SS:[EBP-10],ESP
MOV EDX,DWORD PTR SS:[EBP+8]
MOV DWORD PTR SS:[EBP-18],EDX
MOV BYTE PTR SS:[EBP-4],2
PUSH 0
MOV EAX,DWORD PTR SS:[EBP-18]
ADD EAX,1
PUSH EAX
CALL 004102C0
ADD ESP,8
MOV DWORD PTR SS:[EBP-94],EAX
MOV ECX,DWORD PTR SS:[EBP-94]
MOV DWORD PTR SS:[EBP-14],ECX
JMP SHORT 0041008A
PUSH 0
PUSH 1
MOV ECX,DWORD PTR SS:[EBP-7C]
CALL 0040FB60

;
;
;
;

6A 00
6A 00
E8 A8E80100

PUSH 0
PUSH 0
CALL 0042E925

; /Arg2 = 0
; |Arg1 = 0
; \SystemIn

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

0041007D |.
00410084 |.
00410089 \.
0041008A />
00410091 |.
00410098 |.
0041009D \.
0041009E />
004100A5 |.
004100A9 |.
004100AB |.
004100AE |.
004100B2 |.
004100B4 |.
004100B7 |.
004100BA |.
004100BD |.
004100BF |>
004100C2 |.
004100C5 |.
004100C8 |>
004100CB |.
004100CE |.
004100D1 |.
[ARG.2]
004100D2 |.
004100D5 |.
004100D6 |.
004100D9 |.
004100DC |.
004100DD |.
004100E0 |.
[LOCAL.36]
004100E1 |.
fo.0042EA08
004100E6 |.
004100E9 |>
004100EB |.
004100ED |.
004100F0 |.
fo.0040FB60
004100F5 |.
004100F8 |.
004100FB |.
004100FE |.
00410101 |.
00410104 |.
00410107 |.
0041010B |.
0041010E |.
00410111 |.
00410114 |.
00410117 |.
0041011B |.
0041011D |.
00410120 |.
00410123 |.
00410129 |.
0041012B |>
0041012E |.

C745 FC 01000
B8 91004100
C3
C745 FC 01000
C745 FC 01000
B8 A5004100
C3
C745 FC FFFFF
837D 0C 00
76 3E
8B55 84
837A 18 10
72 0B
8B45 84
8B48 04
894D 9C
EB 09
8B55 84
83C2 04
8955 9C
8A45 A1
8845 A2
8B4D 0C
51

MOV DWORD PTR SS:[EBP-4],1


MOV EAX,00410091
RETN
MOV DWORD PTR SS:[EBP-4],1
MOV DWORD PTR SS:[EBP-4],1
MOV EAX,004100A5
RETN
MOV DWORD PTR SS:[LOCAL.1],-1
CMP DWORD PTR SS:[ARG.2],0
JBE SHORT 004100E9
MOV EDX,DWORD PTR SS:[LOCAL.31]
CMP DWORD PTR DS:[EDX+18],10
JB SHORT 004100BF
MOV EAX,DWORD PTR SS:[LOCAL.31]
MOV ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.25],ECX
JMP SHORT 004100C8
MOV EDX,DWORD PTR SS:[LOCAL.31]
ADD EDX,4
MOV DWORD PTR SS:[LOCAL.25],EDX
MOV AL,BYTE PTR SS:[LOCAL.24+1]
MOV BYTE PTR SS:[LOCAL.24+2],AL
MOV ECX,DWORD PTR SS:[ARG.2]
PUSH ECX

; /Arg4 =>

8B55
52
8B45
83C0
50
8B4D
51

MOV EDX,DWORD PTR SS:[LOCAL.25]


PUSH EDX
MOV EAX,DWORD PTR SS:[LOCAL.6]
ADD EAX,1
PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.5]
PUSH ECX

;
;
;
;
;
;
;

E8 22E90100

CALL 0042EA08

; \SystemIn

83C4 10
6A 00
6A 01
8B4D 84
E8 6BFAFFFF

ADD ESP,10
PUSH 0
PUSH 1
MOV ECX,DWORD PTR SS:[LOCAL.31]
CALL 0040FB60

;
;
;
;

8B55 84
8B45 EC
8942 04
8B4D 84
8B55 E8
8951 18
C645 8A 00
8B45 84
8B4D 0C
8948 14
8B55 84
837A 18 10
72 0E
8B45 84
8B48 04
898D 68FFFFFF
EB 0C
8B55 84
83C2 04

MOV EDX,DWORD PTR SS:[LOCAL.31]


MOV EAX,DWORD PTR SS:[LOCAL.5]
MOV DWORD PTR DS:[EDX+4],EAX
MOV ECX,DWORD PTR SS:[LOCAL.31]
MOV EDX,DWORD PTR SS:[LOCAL.6]
MOV DWORD PTR DS:[ECX+18],EDX
MOV BYTE PTR SS:[LOCAL.30+2],0
MOV EAX,DWORD PTR SS:[LOCAL.31]
MOV ECX,DWORD PTR SS:[ARG.2]
MOV DWORD PTR DS:[EAX+14],ECX
MOV EDX,DWORD PTR SS:[LOCAL.31]
CMP DWORD PTR DS:[EDX+18],10
JB SHORT 0041012B
MOV EAX,DWORD PTR SS:[LOCAL.31]
MOV ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.38],ECX
JMP SHORT 00410137
MOV EDX,DWORD PTR SS:[LOCAL.31]
ADD EDX,4

9C
E8
01
EC

|
|Arg3
|
|
|Arg2
|
|Arg1 =>

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

00410131 |. 8995 68FFFFFF


00410137 |> 8B85 68FFFFFF
0041013D |. 0345 0C
00410140 |. 8A4D 8A
00410143 |. 8808
00410145 |. 8B4D F4
00410148 |. 64:890D 00000
0041014F |. 59
00410150 |. 5F
00410151 |. 5E
00410152 |. 5B
00410153 |. 8BE5
00410155 |. 5D
00410156 \. C2 0800
00410159
CC
0041015A
CC
0041015B
CC
0041015C
CC
0041015D
CC
0041015E
CC
0041015F
CC
00410160 /$ 55
o.00410160(guessed Arg1)
00410161 |. 8BEC
00410163 |. 83EC 14
00410166 |. 894D EC
00410169 |. 6A 00
0041016B |. 8B45 08
0041016E |. 50
0041016F |. E8 4C010000
00410174 |. 83C4 08
00410177 |. 8BE5
00410179 |. 5D
0041017A \. C2 0400
0041017D
CC
0041017E
CC
0041017F
CC
00410180 /$ 55
00410181 |. 8BEC
00410183 |. 6A FF
00410185 |. 68 205B4400
0041018A |. 64:A1 0000000
00410190 |. 50
00410191 |. 51
00410192 |. 81EC 2C010000
00410198 |. 53
00410199 |. 56
0041019A |. 57
0041019B |. A1 A0154500
004101A0 |. 33C5
004101A2 |. 50
004101A3 |. 8D45 F4
004101A6 |. 64:A3 0000000
004101AC |. 8965 F0
004101AF |. 898D C4FEFFFF
004101B5 |. C745 FC 00000
004101BC |. 8B85 C4FEFFFF
004101C2 |. 8B08
004101C4 |. 8B51 04
004101C7 |. 8B85 C4FEFFFF

MOV DWORD PTR SS:[LOCAL.38],EDX


MOV EAX,DWORD PTR SS:[LOCAL.38]
ADD EAX,DWORD PTR SS:[ARG.2]
MOV CL,BYTE PTR SS:[LOCAL.30+2]
MOV BYTE PTR DS:[EAX],CL
MOV ECX,DWORD PTR SS:[LOCAL.3]
MOV DWORD PTR FS:[0],ECX
POP ECX
POP EDI
POP ESI
POP EBX
MOV ESP,EBP
POP EBP
RETN 8
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
SUB ESP,14
MOV DWORD PTR SS:[LOCAL.5],ECX
PUSH 0
MOV EAX,DWORD PTR SS:[ARG.1]
PUSH EAX
CALL 004102C0
ADD ESP,8
MOV ESP,EBP
POP EBP
RETN 4
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
PUSH -1
PUSH 00445B20
MOV EAX,DWORD PTR FS:[0]
PUSH EAX
PUSH ECX
SUB ESP,12C
PUSH EBX
PUSH ESI
PUSH EDI
MOV EAX,DWORD PTR DS:[4515A0]
XOR EAX,EBP
PUSH EAX
LEA EAX,[LOCAL.3]
MOV DWORD PTR FS:[0],EAX
MOV DWORD PTR SS:[LOCAL.4],ESP
MOV DWORD PTR SS:[LOCAL.79],ECX
MOV DWORD PTR SS:[LOCAL.1],0
MOV EAX,DWORD PTR SS:[LOCAL.79]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR DS:[ECX+4]
MOV EAX,DWORD PTR SS:[LOCAL.79]

; SystemInf

004101CD |. 8B4C10 10
004101D1 |. 894D EC
004101D4 |. 8B55 EC
004101D7 |. 83E2 02
004101DA |. 74 0B
004101DC |. 8B8D C4FEFFFF
004101E2 |. E8 D9F5FFFF
fo.0040F7C0
004101E7 \> EB 0D
004101E9 /. C745 FC FFFFF
004101F0 |. B8 FD014100
004101F5 \. C3
004101F6 /> C745 FC FFFFF
004101FD |. 8B4D F4
00410200 |. 64:890D 00000
00410207 |. 59
00410208 |. 5F
00410209 |. 5E
0041020A |. 5B
0041020B |. 8BE5
0041020D |. 5D
0041020E \. C3
0041020F
CC
00410210 /$ 55
o.00410210(guessed Arg1)
00410211 |. 8BEC
00410213 |. 83EC 0C
00410216 |. 894D F4
00410219 |. 8B45 F4
0041021C |. 8B4D 08
0041021F |. 8908
00410221 |. 8B55 F4
00410224 |. 8B02
00410226 |. 8B08
00410228 |. 8B55 F4
0041022B |. 8B02
0041022D |. 8B49 04
00410230 |. 8B5408 28
00410234 |. 8955 FC
00410237 |. 837D FC 00
0041023B |. 74 21
0041023D |. 8B45 F4
00410240 |. 8B08
00410242 |. 8B11
00410244 |. 8B45 F4
00410247 |. 8B08
00410249 |. 8B52 04
0041024C |. 8B4411 28
00410250 |. 8945 F8
00410253 |. 8B4D F8
00410256 |. 83C1 04
00410259 |. E8 70DA0100
0041025E |> 8B45 F4
00410261 |. 8BE5
00410263 |. 5D
00410264 \. C2 0400
00410267
CC
00410268
CC
00410269
CC
0041026A
CC

MOV ECX,DWORD PTR DS:[EDX+EAX+10]


MOV DWORD PTR SS:[LOCAL.5],ECX
MOV EDX,DWORD PTR SS:[LOCAL.5]
AND EDX,00000002
JE SHORT 004101E7
MOV ECX,DWORD PTR SS:[LOCAL.79]
CALL 0040F7C0

; [SystemIn

JMP SHORT 004101F6


MOV DWORD PTR SS:[EBP-4],-1
MOV EAX,004101FD
RETN
MOV DWORD PTR SS:[LOCAL.1],-1
MOV ECX,DWORD PTR SS:[LOCAL.3]
MOV DWORD PTR FS:[0],ECX
POP ECX
POP EDI
POP ESI
POP EBX
MOV ESP,EBP
POP EBP
RETN
INT3
PUSH EBP

; SystemInf

MOV EBP,ESP
SUB ESP,0C
MOV DWORD PTR SS:[LOCAL.3],ECX
MOV EAX,DWORD PTR SS:[LOCAL.3]
MOV ECX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR DS:[EAX],ECX
MOV EDX,DWORD PTR SS:[LOCAL.3]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[LOCAL.3]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR DS:[ECX+4]
MOV EDX,DWORD PTR DS:[ECX+EAX+28]
MOV DWORD PTR SS:[LOCAL.1],EDX
CMP DWORD PTR SS:[LOCAL.1],0
JE SHORT 0041025E
MOV EAX,DWORD PTR SS:[LOCAL.3]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[LOCAL.3]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR DS:[EDX+4]
MOV EAX,DWORD PTR DS:[EDX+ECX+28]
MOV DWORD PTR SS:[LOCAL.2],EAX
MOV ECX,DWORD PTR SS:[LOCAL.2]
ADD ECX,4
CALL 0042DCCE
MOV EAX,DWORD PTR SS:[LOCAL.3]
MOV ESP,EBP
POP EBP
RETN 4
INT3
INT3
INT3
INT3

0041026B
CC
0041026C
CC
0041026D
CC
0041026E
CC
0041026F
CC
00410270 /$ 55
00410271 |. 8BEC
00410273 |. 83EC 0C
00410276 |. 894D F4
00410279 |. 8B45 F4
0041027C |. 8B08
0041027E |. 8B11
00410280 |. 8B45 F4
00410283 |. 8B08
00410285 |. 8B52 04
00410288 |. 8B4411 28
0041028C |. 8945 FC
0041028F |. 837D FC 00
00410293 |. 74 21
00410295 |. 8B4D F4
00410298 |. 8B11
0041029A |. 8B02
0041029C |. 8B4D F4
0041029F |. 8B11
004102A1 |. 8B40 04
004102A4 |. 8B4C02 28
004102A8 |. 894D F8
004102AB |. 8B4D F8
004102AE |. 83C1 04
004102B1 |. E8 21DA0100
004102B6 |> 8BE5
004102B8 |. 5D
004102B9 \. C3
004102BA
CC
004102BB
CC
004102BC
CC
004102BD
CC
004102BE
CC
004102BF
CC
004102C0 /$ 55
004102C1 |. 8BEC
004102C3 |. 83EC 10
004102C6 |. 837D 08 00
004102CA |. 77 09
004102CC |. C745 08 00000
004102D3 |. EB 35
004102D5 |> 83C8 FF
004102D8 |. 33D2
004102DA |. F775 08
004102DD |. 83F8 01
004102E0 |. 73 28
004102E2 |. C745 F0 00000
004102E9 |. 8D45 F0
004102EC |. 50
OFFSET LOCAL.4
004102ED |. 8D4D F4
004102F0 |. E8 A1E70100
fo.0042EA96
004102F5 |. C745 F4 88884
004102FC |. 68 30D84400

INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
SUB ESP,0C
MOV DWORD PTR SS:[EBP-0C],ECX
MOV EAX,DWORD PTR SS:[EBP-0C]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[EBP-0C]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR DS:[EDX+4]
MOV EAX,DWORD PTR DS:[EDX+ECX+28]
MOV DWORD PTR SS:[EBP-4],EAX
CMP DWORD PTR SS:[EBP-4],0
JE SHORT 004102B6
MOV ECX,DWORD PTR SS:[EBP-0C]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[EBP-0C]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR DS:[EAX+4]
MOV ECX,DWORD PTR DS:[EAX+EDX+28]
MOV DWORD PTR SS:[EBP-8],ECX
MOV ECX,DWORD PTR SS:[EBP-8]
ADD ECX,4
CALL 0042DCD7
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
SUB ESP,10
CMP DWORD PTR SS:[ARG.1],0
JA SHORT 004102D5
MOV DWORD PTR SS:[ARG.1],0
JMP SHORT 0041030A
OR EAX,FFFFFFFF
XOR EDX,EDX
DIV DWORD PTR SS:[ARG.1]
CMP EAX,1
JNB SHORT 0041030A
MOV DWORD PTR SS:[LOCAL.4],0
LEA EAX,[LOCAL.4]
PUSH EAX

; /Arg1 =>

LEA ECX,[LOCAL.3]
CALL 0042EA96

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.3],OFFSET 004488


PUSH OFFSET 0044D830
; /Arg2 = S

ystemInfo.44D830
00410301 |. 8D4D F4
LEA ECX,[LOCAL.3]
00410304 |. 51
PUSH ECX
OFFSET LOCAL.3
00410305 |. E8 1BE60100 CALL 0042E925
fo.0042E925
0041030A |> 8B55 08
MOV EDX,DWORD PTR SS:[ARG.1]
0041030D |. 52
PUSH EDX
0041030E |. E8 5DF20100 CALL 0042F570
fo.0042F570
00410313 |. 83C4 04
ADD ESP,4
00410316 |. 8BE5
MOV ESP,EBP
00410318 |. 5D
POP EBP
00410319 \. C3
RETN
0041031A
CC
INT3
0041031B
CC
INT3
0041031C
CC
INT3
0041031D
CC
INT3
0041031E
CC
INT3
0041031F
CC
INT3
00410320 /$ 55
PUSH EBP
o.00410320(guessed Arg1)
00410321 |. 8BEC
MOV EBP,ESP
00410323 |. 51
PUSH ECX
00410324 |. 894D FC
MOV DWORD PTR SS:[LOCAL.1],ECX
00410327 |. 8B45 08
MOV EAX,DWORD PTR SS:[ARG.1]
0041032A |. 50
PUSH EAX
[ARG.1]
0041032B |. 8B4D FC
MOV ECX,DWORD PTR SS:[LOCAL.1]
0041032E |. E8 D3E70100 CALL 0042EB06
fo.0042EB06
00410333 |. 8B4D FC
MOV ECX,DWORD PTR SS:[LOCAL.1]
00410336 |. C701 88884400 MOV DWORD PTR DS:[ECX],OFFSET 00448888
0041033C |. 8B45 FC
MOV EAX,DWORD PTR SS:[LOCAL.1]
0041033F |. 8BE5
MOV ESP,EBP
00410341 |. 5D
POP EBP
00410342 \. C2 0400
RETN 4
00410345
CC
INT3
00410346
CC
INT3
00410347
CC
INT3
00410348
CC
INT3
00410349
CC
INT3
0041034A
CC
INT3
0041034B
CC
INT3
0041034C
CC
INT3
0041034D
CC
INT3
0041034E
CC
INT3
0041034F
CC
INT3
00410350 /$ 55
PUSH EBP
o.00410350(guessed Arg1,Arg2,Arg3,Arg4)
00410351 |. 8BEC
MOV EBP,ESP
00410353 |. 81EC FC000000 SUB ESP,0FC
00410359 |. A1 A0154500 MOV EAX,DWORD PTR DS:[4515A0]
0041035E |. 33C5
XOR EAX,EBP
00410360 |. 8945 C0
MOV DWORD PTR SS:[LOCAL.16],EAX
00410363 |. 68 77874400 PUSH OFFSET 00448777
ystemInfo.448777
00410368 |. 6A 00
PUSH 0
0041036A |. E8 1D1A0200 CALL 00431D8C
fo.00431D8C

; |
; |Arg1 =>
; \SystemIn
; /Arg1
; \SystemIn

; SystemInf

; /Arg1 =>
; |
; \SystemIn

; SystemInf

; /Arg2 = S
; |Arg1 = 0
; \SystemIn

0041036F |. 83C4 08
ADD ESP,8
00410372 |. 8B45 10
MOV EAX,DWORD PTR SS:[ARG.3]
00410375 |. 0FBE08
MOVSX ECX,BYTE PTR DS:[EAX]
00410378 |. 85C9
TEST ECX,ECX
0041037A |. 74 11
JE SHORT 0041038D
0041037C |. 8B55 10
MOV EDX,DWORD PTR SS:[ARG.3]
0041037F |. 52
PUSH EDX
[ARG.3]
00410380 |. E8 6B1B0100 CALL 00421EF0
fo.00421EF0
00410385 |. 83C4 04
ADD ESP,4
00410388 |. E9 B4010000 JMP 00410541
0041038D |> 8D45 A4
LEA EAX,[LOCAL.23]
00410390 |. 50
PUSH EAX
OFFSET LOCAL.23
00410391 |. E8 0A190100 CALL 00421CA0
fo.00421CA0
00410396 |. 83C4 04
ADD ESP,4
00410399 |. 837D BC 10
CMP DWORD PTR SS:[LOCAL.17],10
0041039D |. 72 0B
JB SHORT 004103AA
0041039F |. 8B4D A8
MOV ECX,DWORD PTR SS:[LOCAL.22]
004103A2 |. 898D 10FFFFFF MOV DWORD PTR SS:[LOCAL.60],ECX
004103A8 |. EB 09
JMP SHORT 004103B3
004103AA |> 8D55 A8
LEA EDX,[LOCAL.22]
004103AD |. 8995 10FFFFFF MOV DWORD PTR SS:[LOCAL.60],EDX
004103B3 |> 8B85 10FFFFFF MOV EAX,DWORD PTR SS:[LOCAL.60]
004103B9 |. 50
PUSH EAX
004103BA |. E8 311B0100 CALL 00421EF0
fo.00421EF0
004103BF |. 83C4 04
ADD ESP,4
004103C2 |. C745 C4 3C000 MOV DWORD PTR SS:[LOCAL.15],3C
004103C9 |. C745 C8 40010 MOV DWORD PTR SS:[LOCAL.14],140
004103D0 |. C745 CC 00000 MOV DWORD PTR SS:[LOCAL.13],0
004103D7 |. C745 D0 B0894 MOV DWORD PTR SS:[LOCAL.12],OFFSET 00448
en"
004103DE |. 837D BC 10
CMP DWORD PTR SS:[LOCAL.17],10
004103E2 |. 72 0B
JB SHORT 004103EF
004103E4 |. 8B4D A8
MOV ECX,DWORD PTR SS:[LOCAL.22]
004103E7 |. 898D 0CFFFFFF MOV DWORD PTR SS:[LOCAL.61],ECX
004103ED |. EB 09
JMP SHORT 004103F8
004103EF |> 8D55 A8
LEA EDX,[LOCAL.22]
004103F2 |. 8995 0CFFFFFF MOV DWORD PTR SS:[LOCAL.61],EDX
004103F8 |> 8B85 0CFFFFFF MOV EAX,DWORD PTR SS:[LOCAL.61]
004103FE |. 8945 D4
MOV DWORD PTR SS:[LOCAL.11],EAX
00410401 |. C745 D8 00000 MOV DWORD PTR SS:[LOCAL.10],0
00410408 |. C745 DC 00000 MOV DWORD PTR SS:[LOCAL.9],0
0041040F |. C745 E0 05000 MOV DWORD PTR SS:[LOCAL.8],5
00410416 |. C745 FC 00000 MOV DWORD PTR SS:[LOCAL.1],0
0041041D |. 8D4D C4
LEA ECX,[LOCAL.15]
00410420 |. 51
PUSH ECX
00410421 |. FF15 EC814400 CALL DWORD PTR DS:[<&SHELL32.ShellExecut
00410427 |. 85C0
TEST EAX,EAX
00410429 |. 0F85 A8000000 JNE 004104D7
0041042F |. 6A 2E
PUSH 2E
E
00410431 |. 8D55 A4
LEA EDX,[LOCAL.23]
00410434 |. 52
PUSH EDX
OFFSET LOCAL.23
00410435 |. 68 48894400 PUSH OFFSET 00448948
ASCII "Cannot open text file.

; /Arg1 =>
; \SystemIn

; /Arg1 =>
; \SystemIn

; /Arg1
; \SystemIn

; ASCII "op

; /Arg3 = 2
; |
; |/Arg3 =>
; ||Arg2 =

We are sorry for the inconvenience.


You can find the system information in "
0041043A |. 8D45 88
LEA EAX,[LOCAL.30]
0041043D |. 50
PUSH EAX
OFFSET LOCAL.30
0041043E |. E8 1DC80100 CALL 0042CC60
nfo.0042CC60
00410443 |. 83C4 0C
ADD ESP,0C
00410446 |. 50
PUSH EAX
00410447 |. 8D8D 6CFFFFFF LEA ECX,[LOCAL.37]
0041044D |. 51
PUSH ECX
OFFSET LOCAL.37
0041044E |. E8 CDC80100 CALL 0042CD20
fo.0042CD20
00410453 |. 83C4 0C
ADD ESP,0C
00410456 |. 8985 64FFFFFF MOV DWORD PTR SS:[LOCAL.39],EAX
0041045C |. 8B95 64FFFFFF MOV EDX,DWORD PTR SS:[LOCAL.39]
00410462 |. 837A 18 10
CMP DWORD PTR DS:[EDX+18],10
00410466 |. 72 11
JB SHORT 00410479
00410468 |. 8B85 64FFFFFF MOV EAX,DWORD PTR SS:[LOCAL.39]
0041046E |. 8B48 04
MOV ECX,DWORD PTR DS:[EAX+4]
00410471 |. 898D 08FFFFFF MOV DWORD PTR SS:[LOCAL.62],ECX
00410477 |. EB 0F
JMP SHORT 00410488
00410479 |> 8B95 64FFFFFF MOV EDX,DWORD PTR SS:[LOCAL.39]
0041047F |. 83C2 04
ADD EDX,4
00410482 |. 8995 08FFFFFF MOV DWORD PTR SS:[LOCAL.62],EDX
00410488 |> 6A 10
PUSH 10
B_OK|MB_ICONHAND|MB_DEFBUTTON1|MB_APPLMODAL
0041048A |. 68 3C894400 PUSH OFFSET 0044893C
= "SystemInfo"
0041048F |. 8B85 08FFFFFF MOV EAX,DWORD PTR SS:[LOCAL.62]
00410495 |. 50
PUSH EAX
[LOCAL.62]
00410496 |. 6A 00
PUSH 0
NULL
00410498 |. FF15 00824400 CALL DWORD PTR DS:[<&USER32.MessageBoxA>
essageBoxA
0041049E |. 6A 00
PUSH 0
004104A0 |. 6A 01
PUSH 1
004104A2 |. 8D8D 6CFFFFFF LEA ECX,[LOCAL.37]
004104A8 |. E8 B3F6FFFF CALL 0040FB60
fo.0040FB60
004104AD |. 6A 00
PUSH 0
004104AF |. 6A 01
PUSH 1
004104B1 |. 8D4D 88
LEA ECX,[LOCAL.30]
004104B4 |. E8 A7F6FFFF CALL 0040FB60
fo.0040FB60
004104B9 |. C785 68FFFFFF MOV DWORD PTR SS:[LOCAL.38],1
004104C3 |. 6A 00
PUSH 0
004104C5 |. 6A 01
PUSH 1
004104C7 |. 8D4D A4
LEA ECX,[LOCAL.23]
004104CA |. E8 91F6FFFF CALL 0040FB60
fo.0040FB60
004104CF |. 8B85 68FFFFFF MOV EAX,DWORD PTR SS:[LOCAL.38]
004104D5 |. EB 6C
JMP SHORT 00410543
004104D7 |> 837D FC 00
CMP DWORD PTR SS:[LOCAL.1],0
004104DB |. 74 58
JE SHORT 00410535
004104DD |. 68 E02E0000 PUSH 2EE0
= 12000. ms
004104E2 |. 8B4D FC
MOV ECX,DWORD PTR SS:[LOCAL.1]

; ||
; ||Arg1 =>
; |\SystemI
;
;
;
;

|
|Arg2
|
|Arg1 =>

; \SystemIn

; /Type = M
; |Caption
; |
; |Text =>
; |hOwner =
; \USER32.M
;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

; /Timeout
; |

004104E5 |. 51
PUSH ECX
=> [LOCAL.1]
004104E6 |. FF15 04824400 CALL DWORD PTR DS:[<&USER32.WaitForInput
aitForInputIdle
004104EC |. FF15 54804400 CALL DWORD PTR DS:[<&KERNEL32.GetVersion
.GetVersion
004104F2 |. 25 00000040 AND EAX,40000000
004104F7 |. 74 0B
JE SHORT 00410504
004104F9 |. 68 88130000 PUSH 1388
000. ms
004104FE |. FF15 50804400 CALL DWORD PTR DS:[<&KERNEL32.Sleep>]
.Sleep
00410504 |> 8B55 FC
MOV EDX,DWORD PTR SS:[LOCAL.1]
00410507 |. 52
PUSH EDX
=> [LOCAL.1]
00410508 |. FF15 30804400 CALL DWORD PTR DS:[<&KERNEL32.CloseHandl
.CloseHandle
0041050E |. 837D BC 10
CMP DWORD PTR SS:[LOCAL.17],10
00410512 |. 72 0B
JB SHORT 0041051F
00410514 |. 8B45 A8
MOV EAX,DWORD PTR SS:[LOCAL.22]
00410517 |. 8985 04FFFFFF MOV DWORD PTR SS:[LOCAL.63],EAX
0041051D |. EB 09
JMP SHORT 00410528
0041051F |> 8D4D A8
LEA ECX,[LOCAL.22]
00410522 |. 898D 04FFFFFF MOV DWORD PTR SS:[LOCAL.63],ECX
00410528 |> 8B95 04FFFFFF MOV EDX,DWORD PTR SS:[LOCAL.63]
0041052E |. 52
PUSH EDX
[LOCAL.63]
0041052F |. FF15 4C804400 CALL DWORD PTR DS:[<&KERNEL32.DeleteFile
.DeleteFileA
00410535 |> 6A 00
PUSH 0
00410537 |. 6A 01
PUSH 1
00410539 |. 8D4D A4
LEA ECX,[LOCAL.23]
0041053C |. E8 1FF6FFFF CALL 0040FB60
fo.0040FB60
00410541 |> 33C0
XOR EAX,EAX
00410543 |> 8B4D C0
MOV ECX,DWORD PTR SS:[LOCAL.16]
00410546 |. 33CD
XOR ECX,EBP
00410548 |. E8 A4E10100 CALL 0042E6F1
0041054D |. 8BE5
MOV ESP,EBP
0041054F |. 5D
POP EBP
00410550 \. C2 1000
RETN 10
00410553
CC
INT3
00410554
CC
INT3
00410555
CC
INT3
00410556
CC
INT3
00410557
CC
INT3
00410558
CC
INT3
00410559
CC
INT3
0041055A
CC
INT3
0041055B
CC
INT3
0041055C
CC
INT3
0041055D
CC
INT3
0041055E
CC
INT3
0041055F
CC
INT3
00410560 /$ 55
PUSH EBP
o.00410560(guessed Arg1,Arg2)
00410561 |. 8BEC
MOV EBP,ESP
00410563 |. 83EC 08
SUB ESP,8
00410566 |. 8B45 0C
MOV EAX,DWORD PTR SS:[ARG.2]
00410569 |. 50
PUSH EAX

; |hProcess
; \USER32.W
; [KERNEL32

; /Time = 5
; \KERNEL32
; /hObject
; \KERNEL32

; /Name =>
; \KERNEL32
;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

; SystemInf

; /Arg1 =>

[ARG.2]
0041056A |. E8 11DD0100
fo.0042E280
0041056F |. 83C4 04
00410572 |. 3D 80000000
00410577 |. 73 1C
00410579 |. 8B4D 0C
0041057C |. 51
[ARG.2]
0041057D |. 68 EC894400
"%s: "
00410582 |. 68 88294500
00410587 |. FF15 FC814400
sprintfA
0041058D |. 83C4 0C
00410590 |. 8945 FC
00410593 |. EB 24
00410595 |> 8B55 0C
00410598 |. C682 80000000
0041059F |. 8B45 0C
004105A2 |. 50
[ARG.2]
004105A3 |. 68 E4894400
"%s...: "
004105A8 |. 68 88294500
004105AD |. FF15 FC814400
sprintfA
004105B3 |. 83C4 0C
004105B6 |. 8945 FC
004105B9 |> 6A 00
s = NULL
004105BB |. B9 00010000
004105C0 |. 2B4D FC
004105C3 |. 51
004105C4 |. 8B55 FC
004105C7 |. 81C2 88294500
004105CD |. 52
004105CE |. 6A 00
= LANG_NEUTRAL
004105D0 |. 8B45 08
004105D3 |. 50
d => [ARG.1]
004105D4 |. 6A 00
0
004105D6 |. 68 00100000
FORMAT_MESSAGE_FROM_SYSTEM
004105DB |. FF15 5C804400
.FormatMessageA
004105E1 |. 8945 F8
004105E4 |. 837D F8 00
004105E8 |. 75 25
004105EA |. FF15 58804400
.GetLastError
004105F0 |. 50
004105F1 |. 8B4D 08
004105F4 |. 51
[ARG.1]
004105F5 |. 68 BC894400
"error %lu (cannot format:
004105FA |. 8B55 FC

CALL 0042E280

; \SystemIn

ADD ESP,4
CMP EAX,80
JNB SHORT 00410595
MOV ECX,DWORD PTR SS:[ARG.2]
PUSH ECX

; /<%s> =>

PUSH OFFSET 004489EC

; |Format =

PUSH OFFSET 00452988


; |Buf
CALL DWORD PTR DS:[<&USER32.wsprintfA>] ; \USER32.w
ADD ESP,0C
MOV DWORD PTR SS:[LOCAL.1],EAX
JMP SHORT 004105B9
MOV EDX,DWORD PTR SS:[ARG.2]
MOV BYTE PTR DS:[EDX+80],0
MOV EAX,DWORD PTR SS:[ARG.2]
PUSH EAX

; /<%s> =>

PUSH OFFSET 004489E4

; |Format =

PUSH OFFSET 00452988


; |Buf
CALL DWORD PTR DS:[<&USER32.wsprintfA>] ; \USER32.w
ADD ESP,0C
MOV DWORD PTR SS:[LOCAL.1],EAX
PUSH 0

; /Argument

MOV ECX,100
SUB ECX,DWORD PTR SS:[LOCAL.1]
PUSH ECX
MOV EDX,DWORD PTR SS:[LOCAL.1]
ADD EDX,OFFSET 00452988
PUSH EDX
PUSH 0

;
;
;
;
;
;
;

MOV EAX,DWORD PTR SS:[ARG.1]


PUSH EAX

; |
; |MessageI

PUSH 0

; |Source =

PUSH 1000

; |Flags =

|
|
|Size
|
|
|Buf
|Language

CALL DWORD PTR DS:[<&KERNEL32.FormatMess ; \KERNEL32


MOV DWORD PTR SS:[LOCAL.2],EAX
CMP DWORD PTR SS:[LOCAL.2],0
JNE SHORT 0041060F
CALL DWORD PTR DS:[<&KERNEL32.GetLastErr ; [KERNEL32
PUSH EAX
MOV ECX,DWORD PTR SS:[ARG.1]
PUSH ECX

; /<%lu>
; |
; |<%lu> =>

PUSH OFFSET 004489BC


error %lu)"
MOV EDX,DWORD PTR SS:[LOCAL.1]

; |Format =
; |

004105FD |. 81C2 88294500


00410603 |. 52
00410604 |. FF15 FC814400
sprintfA
0041060A |. 83C4 10
0041060D |. EB 2C
0041060F |> 68 B8894400
SCII "
"
00410614 |. 8B45 F8
00410617 |. 8B4D FC
0041061A |. 8D9401 862945
00410621 |. 52
00410622 |. E8 59E30100
fo.0042E980
00410627 |. 83C4 08
0041062A |. 85C0
0041062C |. 75 0D
0041062E |. 8B45 FC
00410631 |. 0345 F8
00410634 |. C680 86294500
0041063B |> B8 88294500
00410640 |. 8BE5
00410642 |. 5D
00410643 \. C3
00410644
CC
00410645
CC
00410646
CC
00410647
CC
00410648
CC
00410649
CC
0041064A
CC
0041064B
CC
0041064C
CC
0041064D
CC
0041064E
CC
0041064F
CC
00410650 /$ 55
o.00410650(guessed Arg1)
00410651 |. 8BEC
00410653 |. 8B45 08
00410656 |. 50
[ARG.1]
00410657 |. FF15 58804400
2.GetLastError
0041065D |. 50
0041065E |. E8 FDFEFFFF
fo.00410560
00410663 |. 83C4 08
00410666 |. 5D
00410667 \. C3
00410668
CC
00410669
CC
0041066A
CC
0041066B
CC
0041066C
CC
0041066D
CC
0041066E
CC
0041066F
CC
00410670 /$ 55

ADD EDX,OFFSET 00452988


; |
PUSH EDX
; |Buf
CALL DWORD PTR DS:[<&USER32.wsprintfA>] ; \USER32.w
ADD ESP,10
JMP SHORT 0041063B
PUSH OFFSET 004489B8

; /Arg2 = A

MOV EAX,DWORD PTR SS:[LOCAL.2]


MOV ECX,DWORD PTR SS:[LOCAL.1]
LEA EDX,[EAX+ECX+452986]
PUSH EDX
CALL 0042E980

;
;
;
;
;

ADD ESP,8
TEST EAX,EAX
JNE SHORT 0041063B
MOV EAX,DWORD PTR SS:[LOCAL.1]
ADD EAX,DWORD PTR SS:[LOCAL.2]
MOV BYTE PTR DS:[EAX+452986],0
MOV EAX,OFFSET 00452988
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP

; SystemInf

MOV EBP,ESP
MOV EAX,DWORD PTR SS:[ARG.1]
PUSH EAX

; /Arg2 =>

|
|
|
|Arg1
\SystemIn

CALL DWORD PTR DS:[<&KERNEL32.GetLastErr ; |[KERNEL3


PUSH EAX
CALL 00410560

; |Arg1
; \SystemIn

ADD ESP,8
POP EBP
RETN
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP

; SystemInf

o.00410670(guessed Arg1,Arg2,Arg3,Arg4,Arg5,Arg6)
00410671 |. 8BEC
MOV EBP,ESP
00410673 |. 6A FF
PUSH -1
00410675 |. 68 565B4400 PUSH 00445B56
0041067A |. 64:A1 0000000 MOV EAX,DWORD PTR FS:[0]
00410680 |. 50
PUSH EAX
00410681 |. 81EC 0C020000 SUB ESP,20C
00410687 |. 56
PUSH ESI
00410688 |. A1 A0154500 MOV EAX,DWORD PTR DS:[4515A0]
0041068D |. 33C5
XOR EAX,EBP
0041068F |. 50
PUSH EAX
00410690 |. 8D45 F4
LEA EAX,[LOCAL.3]
00410693 |. 64:A3 0000000 MOV DWORD PTR FS:[0],EAX
00410699 |. C785 9CFEFFFF MOV DWORD PTR SS:[LOCAL.89],0
004106A3 |. 8D45 E8
LEA EAX,[LOCAL.6]
004106A6 |. 50
PUSH EAX
=> OFFSET LOCAL.6
004106A7 |. 68 19000200 PUSH 20019
ccess = KEY_READ
004106AC |. 6A 00
PUSH 0
= 0
004106AE |. 8B4D 10
MOV ECX,DWORD PTR SS:[ARG.3]
004106B1 |. 51
PUSH ECX
> [ARG.3]
004106B2 |. 8B55 0C
MOV EDX,DWORD PTR SS:[ARG.2]
004106B5 |. 52
PUSH EDX
[ARG.2]
004106B6 |. FF15 08804400 CALL DWORD PTR DS:[<&ADVAPI32.RegOpenKey
.RegOpenKeyExA
004106BC |. 85C0
TEST EAX,EAX
004106BE |. 75 06
JNE SHORT 004106C6
004106C0 |. 837D E8 00
CMP DWORD PTR SS:[LOCAL.6],0
004106C4 |. 75 05
JNE SHORT 004106CB
004106C6 |> E9 FB030000 JMP 00410AC6
004106CB |> 6A 00
PUSH 0
teTime = NULL
004106CD |. 6A 00
PUSH 0
y = NULL
004106CF |. 8D45 F0
LEA EAX,[LOCAL.4]
004106D2 |. 50
PUSH EAX
eLength => OFFSET LOCAL.4
004106D3 |. 8D4D DC
LEA ECX,[LOCAL.9]
004106D6 |. 51
PUSH ECX
eNameLength => OFFSET LOCAL.9
004106D7 |. 8D55 D4
LEA EDX,[LOCAL.11]
004106DA |. 52
PUSH EDX
=> OFFSET LOCAL.11
004106DB |. 8D45 E4
LEA EAX,[LOCAL.7]
004106DE |. 50
PUSH EAX
sLength => OFFSET LOCAL.7
004106DF |. 8D4D EC
LEA ECX,[LOCAL.5]
004106E2 |. 51
PUSH ECX
eyLength => OFFSET LOCAL.5
004106E3 |. 8D55 E0
LEA EDX,[LOCAL.8]
004106E6 |. 52
PUSH EDX
=> OFFSET LOCAL.8
004106E7 |. 6A 00
PUSH 0
= 0
004106E9 |. 6A 00
PUSH 0
n = NULL

; /pResult
; |DesiredA
; |Reserved
; |
; |SubKey =
; |
; |hKey =>
; \ADVAPI32

; /pLastWri
; |pSecurit
; |
; |pMaxValu
; |
; |pMaxValu
; |
; |pValues
; |
; |pMaxClas
; |
; |pMaxSubk
; |
; |pSubkeys
; |Reserved
; |pClassLe

004106EB |. 6A 00
NULL
004106ED |. 8B45 E8
004106F0 |. 50
[LOCAL.6]
004106F1 |. FF15 00804400
.RegQueryInfoKeyA
004106F7 |. 85C0
004106F9 |. 74 05
004106FB |. E9 C6030000
00410700 |> 837D D4 00
00410704 |. 0F86 B8020000
0041070A |. 8B4D F0
0041070D |. 51
[LOCAL.4]
0041070E |. E8 39D10100
fo.0042D84C
00410713 |. 83C4 04
00410716 |. 8985 2CFFFFFF
0041071C |. 8B95 2CFFFFFF
00410722 |. 8955 CC
00410725 |. 8B45 F0
00410728 |. 50
[LOCAL.4]
00410729 |. E8 1ED10100
fo.0042D84C
0041072E |. 83C4 04
00410731 |. 8985 28FFFFFF
00410737 |. 8B8D 28FFFFFF
0041073D |. 894D C4
00410740 |. 8B55 F0
00410743 |. 8955 C8
00410746 |. 837D 14 00
0041074A |. 74 46
0041074C |. 8D45 C8
0041074F |. 50
=> OFFSET LOCAL.14
00410750 |. 8B4D CC
00410753 |. 51
[LOCAL.53]
00410754 |. 8D55 C0
00410757 |. 52
OFFSET LOCAL.16
00410758 |. 6A 00
= 0
0041075A |. 8B45 14
0041075D |. 50
[ARG.4]
0041075E |. 8B4D E8
00410761 |. 51
[LOCAL.6]
00410762 |. FF15 04804400
.RegQueryValueExA
00410768 |. 85C0
0041076A |. 0F85 22020000
00410770 |. 837D C0 01
00410774 |. 0F85 18020000
0041077A |. 8B55 18
0041077D |. 52
[ARG.5]

PUSH 0

; |Class =

MOV EAX,DWORD PTR SS:[LOCAL.6]


PUSH EAX

; |
; |hKey =>

CALL DWORD PTR DS:[<&ADVAPI32.RegQueryIn ; \ADVAPI32


TEST EAX,EAX
JE SHORT 00410700
JMP 00410AC6
CMP DWORD PTR SS:[LOCAL.11],0
JBE 004109C2
MOV ECX,DWORD PTR SS:[LOCAL.4]
PUSH ECX

; /Arg1 =>

CALL 0042D84C

; \SystemIn

ADD ESP,4
MOV DWORD PTR
MOV EDX,DWORD
MOV DWORD PTR
MOV EAX,DWORD
PUSH EAX

SS:[LOCAL.53],EAX
PTR SS:[LOCAL.53]
SS:[LOCAL.13],EDX
PTR SS:[LOCAL.4]
; /Arg1 =>

CALL 0042D84C

; \SystemIn

ADD ESP,4
MOV DWORD PTR SS:[LOCAL.54],EAX
MOV ECX,DWORD PTR SS:[LOCAL.54]
MOV DWORD PTR SS:[LOCAL.15],ECX
MOV EDX,DWORD PTR SS:[LOCAL.4]
MOV DWORD PTR SS:[LOCAL.14],EDX
CMP DWORD PTR SS:[ARG.4],0
JE SHORT 00410792
LEA EAX,[LOCAL.14]
PUSH EAX

; /pDataLen

MOV ECX,DWORD PTR SS:[LOCAL.13]


PUSH ECX

; |
; |pData =>

LEA EDX,[LOCAL.16]
PUSH EDX

; |
; |pType =>

PUSH 0

; |Reserved

MOV EAX,DWORD PTR SS:[ARG.4]


PUSH EAX

; |
; |Name =>

MOV ECX,DWORD PTR SS:[LOCAL.6]


PUSH ECX

; |
; |hKey =>

CALL DWORD PTR DS:[<&ADVAPI32.RegQueryVa ; \ADVAPI32


TEST EAX,EAX
JNE 00410992
CMP DWORD PTR SS:[LOCAL.16],1
JNE 00410992
MOV EDX,DWORD PTR SS:[ARG.5]
PUSH EDX

; /Arg2 =>

0041077E |. 8B45 CC
00410781 |. 50
[LOCAL.53]
00410782 |. E8 391B0100
fo.004222C0
00410787 |. 83C4 08
0041078A |. 85C0
0041078C |. 0F85 00020000
00410792 |> 6A 01
00410794 |. 6A 02
00410796 |. 8D8D 3CFFFFFF
0041079C |. E8 3F200100
fo.004227E0
004107A1 |. C745 FC 00000
004107A8 |. 8B4D 1C
004107AB |. 898D 38FFFFFF
004107B1 |. EB 1F
004107B3 |> 8B95 38FFFFFF
004107B9 |. 52
004107BA |. E8 C1DA0100
fo.0042E280
004107BF |. 83C4 04
004107C2 |. 8B8D 38FFFFFF
004107C8 |. 8D5401 01
004107CC |. 8995 38FFFFFF
004107D2 |> 8B85 38FFFFFF
004107D8 |. 0FBE08
004107DB |. 85C9
004107DD |. 0F84 CE000000
004107E3 |. 8B55 F0
004107E6 |. 8955 C8
004107E9 |. 8D45 C8
004107EC |. 50
=> OFFSET LOCAL.14
004107ED |. 8B4D C4
004107F0 |. 51
004107F1 |. 8D55 C0
004107F4 |. 52
OFFSET LOCAL.16
004107F5 |. 6A 00
= 0
004107F7 |. 8B85 38FFFFFF
004107FD |. 50
004107FE |. 8B4D E8
00410801 |. 51
[LOCAL.6]
00410802 |. FF15 04804400
.RegQueryValueExA
00410808 |. 85C0
0041080A |.^ 0F85 9C000000
00410810 |. 837D C0 01
00410814 |. 74 10
00410816 |. 837D C0 02
0041081A |. 74 0A
0041081C |. 837D C0 07
00410820 |.^ 0F85 86000000
00410826 |> 8D95 08FFFFFF
0041082C |. 52
OFFSET LOCAL.62
0041082D |. 8D8D 3CFFFFFF

MOV EAX,DWORD PTR SS:[LOCAL.13]


PUSH EAX

; |
; |Arg1 =>

CALL 004222C0

; \SystemIn

ADD ESP,8
TEST EAX,EAX
JNE 00410992
PUSH 1
PUSH 2
LEA ECX,[LOCAL.49]
CALL 004227E0

;
;
;
;

MOV DWORD PTR SS:[LOCAL.1],0


MOV ECX,DWORD PTR SS:[ARG.6]
MOV DWORD PTR SS:[LOCAL.50],ECX
JMP SHORT 004107D2
/MOV EDX,DWORD PTR SS:[LOCAL.50]
|PUSH EDX
|CALL 0042E280

; /Arg1
; \SystemIn

|ADD ESP,4
|MOV ECX,DWORD PTR SS:[LOCAL.50]
|LEA EDX,[EAX+ECX+1]
|MOV DWORD PTR SS:[LOCAL.50],EDX
|MOV EAX,DWORD PTR SS:[LOCAL.50]
|MOVSX ECX,BYTE PTR DS:[EAX]
|TEST ECX,ECX
|JE 004108B1
|MOV EDX,DWORD PTR SS:[LOCAL.4]
|MOV DWORD PTR SS:[LOCAL.14],EDX
|LEA EAX,[LOCAL.14]
|PUSH EAX

; /pDataLen

|MOV ECX,DWORD PTR SS:[LOCAL.15]


|PUSH ECX
|LEA EDX,[LOCAL.16]
|PUSH EDX

;
;
;
;

|PUSH 0

; |Reserved

|MOV EAX,DWORD PTR SS:[LOCAL.50]


|PUSH EAX
|MOV ECX,DWORD PTR SS:[LOCAL.6]
|PUSH ECX

;
;
;
;

/Arg2 = 1
|Arg1 = 2
|
\SystemIn

|
|pData
|
|pType =>

|
|Name
|
|hKey =>

|CALL DWORD PTR DS:[<&ADVAPI32.RegQueryV ; \ADVAPI32


|TEST EAX,EAX
|JNE 004108AC
|CMP DWORD PTR SS:[LOCAL.16],1
|JE SHORT 00410826
|CMP DWORD PTR SS:[LOCAL.16],2
|JE SHORT 00410826
|CMP DWORD PTR SS:[LOCAL.16],7
|JNE 004108AC
|LEA EDX,[LOCAL.62]
|PUSH EDX

; /Arg1 =>

|LEA ECX,[LOCAL.49]

; |

00410833 |. E8 285CFFFF
fo.00406460
00410838 |. 8985 94FEFFFF
0041083E |. 8B85 94FEFFFF
00410844 |. 33C9
00410846 |. 8378 14 00
0041084A |. 0F94C1
0041084D |. 0FB6D1
00410850 |. F7DA
00410852 |. 1BD2
00410854 |. 83C2 01
00410857 |. 8895 27FFFFFF
0041085D |. 6A 00
0041085F |. 6A 01
00410861 |. 8D8D 08FFFFFF
00410867 |. E8 F4F2FFFF
fo.0040FB60
0041086C |. 0FB685 27FFFF
00410873 |. 85C0
00410875 |. 74 11
00410877 |. 6A 20
00410879 |. 8D8D 3CFFFFFF
0041087F |. 51
00410880 |. E8 5BC50100
00410885 |. 83C4 08
00410888 |> 68 80874400
0041088D |. 8B55 C4
00410890 |. 52
00410891 |. E8 1A1C0100
00410896 |. 83C4 08
00410899 |. 0345 C4
0041089C |. 50
0041089D |. 8D85 3CFFFFFF
004108A3 |. 50
004108A4 |. E8 B7A0FFFF
004108A9 |. 83C4 08
004108AC |>^ E9 02FFFFFF
004108B1 |> 8D8D E8FEFFFF
004108B7 |. 51
OFFSET LOCAL.70
004108B8 |. 8D8D 3CFFFFFF
004108BE |. E8 9D5BFFFF
fo.00406460
004108C3 |. 8985 74FEFFFF
004108C9 |. 8B95 74FEFFFF
004108CF |. 33C0
004108D1 |. 837A 14 00
004108D5 |. 0F94C0
004108D8 |. 0FB6C8
004108DB |. F7D9
004108DD |. 1BC9
004108DF |. 83C1 01
004108E2 |. 888D 07FFFFFF
004108E8 |. 6A 00
004108EA |. 6A 01
004108EC |. 8D8D E8FEFFFF
004108F2 |. E8 69F2FFFF
fo.0040FB60
004108F7 |. 0FB695 07FFFF
004108FE |. 85D2

|CALL 00406460

; \SystemIn

|MOV DWORD PTR SS:[LOCAL.91],EAX


|MOV EAX,DWORD PTR SS:[LOCAL.91]
|XOR ECX,ECX
|CMP DWORD PTR DS:[EAX+14],0
|SETE CL
|MOVZX EDX,CL
|NEG EDX
|SBB EDX,EDX
|ADD EDX,1
|MOV BYTE PTR SS:[LOCAL.55+3],DL
|PUSH 0
|PUSH 1
|LEA ECX,[LOCAL.62]
|CALL 0040FB60

;
;
;
;

|MOVZX EAX,BYTE PTR SS:[LOCAL.55+3]


|TEST EAX,EAX
|JE SHORT 00410888
|PUSH 20
|LEA ECX,[LOCAL.49]
|PUSH ECX
|CALL 0042CDE0
|ADD ESP,8
|PUSH OFFSET 00448780
|MOV EDX,DWORD PTR SS:[LOCAL.15]
|PUSH EDX
|CALL 004224B0
|ADD ESP,8
|ADD EAX,DWORD PTR SS:[LOCAL.15]
|PUSH EAX
|LEA EAX,[LOCAL.49]
|PUSH EAX
|CALL 0040A960
|ADD ESP,8
\JMP 004107B3
LEA ECX,[LOCAL.70]
PUSH ECX

; /Arg1 =>

LEA ECX,[LOCAL.49]
CALL 00406460

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.99],EAX


MOV EDX,DWORD PTR SS:[LOCAL.99]
XOR EAX,EAX
CMP DWORD PTR DS:[EDX+14],0
SETE AL
MOVZX ECX,AL
NEG ECX
SBB ECX,ECX
ADD ECX,1
MOV BYTE PTR SS:[LOCAL.63+3],CL
PUSH 0
PUSH 1
LEA ECX,[LOCAL.70]
CALL 0040FB60

;
;
;
;

MOVZX EDX,BYTE PTR SS:[LOCAL.63+3]


TEST EDX,EDX

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

00410900 |. 74 51
00410902 |. 8D85 CCFEFFFF
00410908 |. 50
OFFSET LOCAL.77
00410909 |. 8D8D 3CFFFFFF
0041090F |. E8 4C5BFFFF
fo.00406460
00410914 |. 8985 ECFDFFFF
0041091A |. 8B8D ECFDFFFF
00410920 |. 898D E8FDFFFF
00410926 |. C645 FC 01
0041092A |. 8B95 E8FDFFFF
00410930 |. 52
[LOCAL.133]
00410931 |. 8D85 C0FEFFFF
00410937 |. 50
OFFSET LOCAL.80
00410938 |. 8B4D 08
0041093B |. E8 80200100
fo.004229C0
00410940 |. C645 FC 00
00410944 |. 6A 00
00410946 |. 6A 01
00410948 |. 8D8D CCFEFFFF
0041094E |. E8 0DF2FFFF
fo.0040FB60
00410953 |> C745 FC FFFFF
0041095A |. 8D4D 88
0041095D |. E8 8E700100
fo.004279F0
00410962 |. 8D4D 88
00410965 |. 898D F0FDFFFF
0041096B |. 8B95 F0FDFFFF
00410971 |. C702 008A4400
00410977 |. 8B85 F0FDFFFF
0041097D |. C700 F8894400
00410983 |. 8B8D F0FDFFFF
00410989 |. 51
OFFSET LOCAL.30
0041098A |. E8 36D40100
fo.0042DDC5
0041098F |. 83C4 04
00410992 |> 8B55 CC
00410995 |. 8995 BCFEFFFF
0041099B |. 8B85 BCFEFFFF
004109A1 |. 50
[LOCAL.13]
004109A2 |. E8 59EE0100
fo.0042F800
004109A7 |. 83C4 04
004109AA |. 8B4D C4
004109AD |. 898D B8FEFFFF
004109B3 |. 8B95 B8FEFFFF
004109B9 |. 52
[LOCAL.15]
004109BA |. E8 41EE0100
fo.0042F800
004109BF |. 83C4 04
004109C2 |> 8B45 10
004109C5 |. 50

JE SHORT 00410953
LEA EAX,[LOCAL.77]
PUSH EAX

; /Arg1 =>

LEA ECX,[LOCAL.49]
CALL 00406460

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.133],EAX


MOV ECX,DWORD PTR SS:[LOCAL.133]
MOV DWORD PTR SS:[LOCAL.134],ECX
MOV BYTE PTR SS:[LOCAL.1],1
MOV EDX,DWORD PTR SS:[LOCAL.134]
PUSH EDX

; /Arg2 =>

LEA EAX,[LOCAL.80]
PUSH EAX

; |
; |Arg1 =>

MOV ECX,DWORD PTR SS:[ARG.1]


CALL 004229C0

; |
; \SystemIn

MOV BYTE PTR SS:[LOCAL.1],0


PUSH 0
PUSH 1
LEA ECX,[LOCAL.77]
CALL 0040FB60

;
;
;
;

MOV DWORD PTR SS:[LOCAL.1],-1


LEA ECX,[LOCAL.30]
CALL 004279F0

; [SystemIn

LEA ECX,[LOCAL.30]
MOV DWORD PTR SS:[LOCAL.132],ECX
MOV EDX,DWORD PTR SS:[LOCAL.132]
MOV DWORD PTR DS:[EDX],OFFSET 00448A00
MOV EAX,DWORD PTR SS:[LOCAL.132]
MOV DWORD PTR DS:[EAX],OFFSET 004489F8
MOV ECX,DWORD PTR SS:[LOCAL.132]
PUSH ECX

; /Arg1 =>

CALL 0042DDC5

; \SystemIn

ADD ESP,4
MOV EDX,DWORD PTR SS:[LOCAL.13]
MOV DWORD PTR SS:[LOCAL.81],EDX
MOV EAX,DWORD PTR SS:[LOCAL.81]
PUSH EAX

; /Arg1 =>

CALL 0042F800

; \SystemIn

ADD ESP,4
MOV ECX,DWORD PTR SS:[LOCAL.15]
MOV DWORD PTR SS:[LOCAL.82],ECX
MOV EDX,DWORD PTR SS:[LOCAL.82]
PUSH EDX

; /Arg1 =>

CALL 0042F800

; \SystemIn

ADD ESP,4
MOV EAX,DWORD PTR SS:[ARG.3]
PUSH EAX

; /Arg1 =>

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

[ARG.3]
004109C6 |. E8 B5D80100
fo.0042E280
004109CB |. 83C4 04
004109CE |. 8BF0
004109D0 |. 68 60854400
ystemInfo.448560
004109D5 |. E8 A6D80100
fo.0042E280
004109DA |. 83C4 04
004109DD |. 03F0
004109DF |. 8975 D0
004109E2 |. 8B4D EC
004109E5 |. 8B55 D0
004109E8 |. 8D440A 01
004109EC |. 50
004109ED |. E8 5ACE0100
fo.0042D84C
004109F2 |. 83C4 04
004109F5 |. 8985 B4FEFFFF
004109FB |. 8B8D B4FEFFFF
00410A01 |. 894D D8
00410A04 |. 8B55 10
00410A07 |. 52
00410A08 |. 8B45 D8
00410A0B |. 50
00410A0C |. E8 EF140200
00410A11 |. 83C4 08
00410A14 |. 68 60854400
00410A19 |. 8B4D D8
00410A1C |. 51
00410A1D |. E8 EE140200
00410A22 |. 83C4 08
00410A25 |. C785 34FFFFFF
00410A2F |. EB 0F
00410A31 |> 8B95 34FFFFFF
00410A37 |. 83C2 01
00410A3A |. 8995 34FFFFFF
00410A40 |> 8B85 34FFFFFF
00410A46 |. 3B45 E0
00410A49 |. 73 59
00410A4B |. 8B4D EC
00410A4E |. 83C1 01
00410A51 |. 898D 30FFFFFF
00410A57 |. 6A 00
teTime = NULL
00410A59 |. 6A 00
n = NULL
00410A5B |. 6A 00
NULL
00410A5D |. 6A 00
= 0
00410A5F |. 8D95 30FFFFFF
00410A65 |. 52
=> OFFSET LOCAL.52
00410A66 |. 8B45 D8
00410A69 |. 0345 D0
00410A6C |. 50
00410A6D |. 8B8D 34FFFFFF
00410A73 |. 51

CALL 0042E280

; \SystemIn

ADD ESP,4
MOV ESI,EAX
PUSH OFFSET 00448560

; /Arg1 = S

CALL 0042E280

; \SystemIn

ADD ESP,4
ADD ESI,EAX
MOV DWORD PTR SS:[LOCAL.12],ESI
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV EDX,DWORD PTR SS:[LOCAL.12]
LEA EAX,[ECX+EDX+1]
PUSH EAX
CALL 0042D84C

; /Arg1
; \SystemIn

ADD ESP,4
MOV DWORD PTR SS:[LOCAL.83],EAX
MOV ECX,DWORD PTR SS:[LOCAL.83]
MOV DWORD PTR SS:[LOCAL.10],ECX
MOV EDX,DWORD PTR SS:[ARG.3]
PUSH EDX
MOV EAX,DWORD PTR SS:[LOCAL.10]
PUSH EAX
CALL 00431F00
ADD ESP,8
PUSH OFFSET 00448560
MOV ECX,DWORD PTR SS:[LOCAL.10]
PUSH ECX
CALL 00431F10
ADD ESP,8
MOV DWORD PTR SS:[LOCAL.51],0
JMP SHORT 00410A40
/MOV EDX,DWORD PTR SS:[LOCAL.51]
|ADD EDX,1
|MOV DWORD PTR SS:[LOCAL.51],EDX
|MOV EAX,DWORD PTR SS:[LOCAL.51]
|CMP EAX,DWORD PTR SS:[LOCAL.8]
|JNB SHORT 00410AA4
|MOV ECX,DWORD PTR SS:[LOCAL.5]
|ADD ECX,1
|MOV DWORD PTR SS:[LOCAL.52],ECX
|PUSH 0

; /pLastWri

|PUSH 0

; |pClassLe

|PUSH 0

; |Class =

|PUSH 0

; |Reserved

|LEA EDX,[LOCAL.52]
|PUSH EDX

; |
; |pNameLen

|MOV EAX,DWORD PTR SS:[LOCAL.10]


|ADD EAX,DWORD PTR SS:[LOCAL.12]
|PUSH EAX
|MOV ECX,DWORD PTR SS:[LOCAL.51]
|PUSH ECX

;
;
;
;
;

|
|
|Name
|
|Index =>

[LOCAL.51]
00410A74 |. 8B55 E8
00410A77 |. 52
[LOCAL.6]
00410A78 |. FF15 0C804400
.RegEnumKeyExA
00410A7E |. 85C0
00410A80 |.^ 75 20
00410A82 |. 8B45 1C
00410A85 |. 50
[ARG.6]
00410A86 |. 8B4D 18
00410A89 |. 51
[ARG.5]
00410A8A |. 8B55 14
00410A8D |. 52
[ARG.4]
00410A8E |. 8B45 D8
00410A91 |. 50
[LOCAL.10]
00410A92 |. 8B4D 0C
00410A95 |. 51
[ARG.2]
00410A96 |. 8B55 08
00410A99 |. 52
[ARG.1]
00410A9A |. E8 D1FBFFFF
fo.00410670
00410A9F |. 83C4 18
00410AA2 |>^ EB 8D
00410AA4 |> 8B45 D8
00410AA7 |. 8985 B0FEFFFF
00410AAD |. 8B8D B0FEFFFF
00410AB3 |. 51
[LOCAL.84]
00410AB4 |. E8 47ED0100
fo.0042F800
00410AB9 |. 83C4 04
00410ABC |. 8B55 E8
00410ABF |. 52
[LOCAL.6]
00410AC0 |. FF15 14804400
.RegCloseKey
00410AC6 |> 8B4D F4
00410AC9 |. 64:890D 00000
00410AD0 |. 59
00410AD1 |. 5E
00410AD2 |. 8BE5
00410AD4 |. 5D
00410AD5 \. C3
00410AD6
CC
00410AD7
CC
00410AD8
CC
00410AD9
CC
00410ADA
CC
00410ADB
CC
00410ADC
CC
00410ADD
CC
00410ADE
CC
00410ADF
CC

|MOV EDX,DWORD PTR SS:[LOCAL.6]


|PUSH EDX

; |
; |hKey =>

|CALL DWORD PTR DS:[<&ADVAPI32.RegEnumKe ; \ADVAPI32


|TEST EAX,EAX
|JNE SHORT 00410AA2
|MOV EAX,DWORD PTR SS:[ARG.6]
|PUSH EAX

; /Arg6 =>

|MOV ECX,DWORD PTR SS:[ARG.5]


|PUSH ECX

; |
; |Arg5 =>

|MOV EDX,DWORD PTR SS:[ARG.4]


|PUSH EDX

; |
; |Arg4 =>

|MOV EAX,DWORD PTR SS:[LOCAL.10]


|PUSH EAX

; |
; |Arg3 =>

|MOV ECX,DWORD PTR SS:[ARG.2]


|PUSH ECX

; |
; |Arg2 =>

|MOV EDX,DWORD PTR SS:[ARG.1]


|PUSH EDX

; |
; |Arg1 =>

|CALL 00410670

; \SystemIn

|ADD ESP,18
\JMP SHORT 00410A31
MOV EAX,DWORD PTR SS:[LOCAL.10]
MOV DWORD PTR SS:[LOCAL.84],EAX
MOV ECX,DWORD PTR SS:[LOCAL.84]
PUSH ECX

; /Arg1 =>

CALL 0042F800

; \SystemIn

ADD ESP,4
MOV EDX,DWORD PTR SS:[LOCAL.6]
PUSH EDX

; /hKey =>

CALL DWORD PTR DS:[<&ADVAPI32.RegCloseKe ; \ADVAPI32


MOV ECX,DWORD PTR SS:[LOCAL.3]
MOV DWORD PTR FS:[0],ECX
POP ECX
POP ESI
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3

00410AE0 /$ 55
o.00410AE0(guessed Arg1)
00410AE1 |. 8BEC
00410AE3 |. 6A FF
00410AE5 |. 68 115E4400
00410AEA |. 64:A1 0000000
00410AF0 |. 50
00410AF1 |. B8 88160000
00410AF6 |. E8 05DC0100
5768. bytes on stack
00410AFB |. A1 A0154500
00410B00 |. 33C5
00410B02 |. 8985 10FFFFFF
00410B08 |. 56
00410B09 |. 50
00410B0A |. 8D45 F4
00410B0D |. 64:A3 0000000
00410B13 |. A1 F8284500
00410B18 |. 83C0 01
00410B1B |. A3 F8284500
00410B20 |. C705 FC284500
00410B2A |. 68 77874400
ystemInfo.448777
00410B2F |. 8D8D C0FAFFFF
00410B35 |. E8 B6E0FFFF
fo.0040EBF0
00410B3A |. C745 FC 00000
00410B41 |. 8D8D C0FAFFFF
00410B47 |. 51
00410B48 |. B9 0C294500
00410B4D |. E8 CE65FFFF
fo.00407120
00410B52 |. 8B15 FC284500
00410B58 |. 83C2 01
00410B5B |. 8915 FC284500
00410B61 |. 68 74874400
"
00410B66 |. A1 FC284500
00410B6B |. 50
[4528FC] = 0
00410B6C |. 68 D0914400
00410B71 |. 8B0D F8284500
00410B77 |. 51
[4528F8] = 0
00410B78 |. B9 08294500
00410B7D |. E8 DE52FFFF
nfo.00405E60
00410B82 |. 50
00410B83 |. E8 D89DFFFF
00410B88 |. 83C4 08
00410B8B |. 8BC8
00410B8D |. E8 CE52FFFF
fo.00405E60
00410B92 |. 50
00410B93 |. E8 C89DFFFF
00410B98 |. 83C4 08
00410B9B |. 8D95 A4FAFFFF
00410BA1 |. 52
00410BA2 |. B9 08294500
00410BA7 |. E8 B458FFFF

PUSH EBP

; SystemInf

MOV EBP,ESP
PUSH -1
PUSH 00445E11
MOV EAX,DWORD PTR FS:[0]
PUSH EAX
MOV EAX,1688
CALL 0042E700

; Allocates

MOV EAX,DWORD PTR DS:[4515A0]


XOR EAX,EBP
MOV DWORD PTR SS:[EBP-0F0],EAX
PUSH ESI
PUSH EAX
LEA EAX,[EBP-0C]
MOV DWORD PTR FS:[0],EAX
MOV EAX,DWORD PTR DS:[4528F8]
ADD EAX,1
MOV DWORD PTR DS:[4528F8],EAX
MOV DWORD PTR DS:[4528FC],0
PUSH OFFSET 00448777

; /Arg1 = S

LEA ECX,[EBP-540]
CALL 0040EBF0

; |
; \SystemIn

MOV DWORD PTR SS:[EBP-4],0


LEA ECX,[EBP-540]
PUSH ECX
MOV ECX,OFFSET 0045290C
CALL 00407120

; /Arg1
; |
; \SystemIn

MOV EDX,DWORD PTR DS:[4528FC]


ADD EDX,1
MOV DWORD PTR DS:[4528FC],EDX
PUSH OFFSET 00448774

; ASCII ".

MOV EAX,DWORD PTR DS:[4528FC]


PUSH EAX

; /Arg1 =>

PUSH OFFSET 004491D0


MOV ECX,DWORD PTR DS:[4528F8]
PUSH ECX

; |
; |
; |/Arg1 =>

MOV ECX,OFFSET 00452908


CALL 00405E60

; ||
; |\SystemI

PUSH EAX
CALL 0040A960
ADD ESP,8
MOV ECX,EAX
CALL 00405E60

;
;
;
;
;

PUSH EAX
CALL 0040A960
ADD ESP,8
LEA EDX,[EBP-55C]
PUSH EDX
MOV ECX,OFFSET 00452908
CALL 00406460

; /Arg1
; |
; \SystemIn

|
|
|
|
\SystemIn

fo.00406460
00410BAC |.
00410BB2 |.
00410BB8 |.
00410BBE |.
00410BC2 |.
00410BC6 |.
00410BC8 |.
00410BD2 |.
00410BD4 |>
00410BD7 |.
00410BD9 |.
00410BDC |.
00410BDF |.
00410BE5 |>
C0
00410BEA |.
0
00410BEC |.
00410BF2 |.
fo.00408D80
00410BF7 |.
00410BF9 |.
00410BFF |.
00410C00 |.
fo.0042D798
00410C05 |.
00410C08 |.
00410C0E |.
00410C12 |.
00410C14 |.
00410C1E |.
00410C20 |>
00410C23 |.
00410C25 |.
00410C28 |.
00410C2B |.
00410C31 |>
00410C37 |.
00410C3A |.
00410C3B |.
00410C41 |.
00410C42 |.
00410C48 |.
00410C4A |.
00410C4C |.
00410C4F |.
00410C55 |.
00410C56 |.
00410C59 |.
00410C5A |.
00410C5F |.
00410C62 |.
00410C68 |.
00410C6F |.
00410C71 |.
00410C7B |.
00410C7D |>
00410C83 |.
00410C85 |.

8985 D8EBFFFF
8B85 D8EBFFFF
8985 D4EBFFFF
C645 FC 01
837D 08 00
75 0C
C785 C4F1FFFF
EB 11
8B4D 08
8B11
8B45 08
0342 04
8985 C4F1FFFF
68 C0010000

MOV DWORD PTR SS:[EBP-1428],EAX


MOV EAX,DWORD PTR SS:[EBP-1428]
MOV DWORD PTR SS:[EBP-142C],EAX
MOV BYTE PTR SS:[EBP-4],1
CMP DWORD PTR SS:[EBP+8],0
JNE SHORT 00410BD4
MOV DWORD PTR SS:[EBP-0E3C],0
JMP SHORT 00410BE5
MOV ECX,DWORD PTR SS:[EBP+8]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[EBP+8]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[EBP-0E3C],EAX
PUSH 1C0

; /Arg2 = 1

6A 40

PUSH 40

; |Arg1 = 4

8B8D C4F1FFFF MOV ECX,DWORD PTR SS:[EBP-0E3C]


E8 8981FFFF CALL 00408D80

; |
; \SystemIn

6A 06
8D8D 9CFAFFFF
51
E8 93CB0100

PUSH 6
LEA ECX,[EBP-564]
PUSH ECX
CALL 0042D798

;
;
;
;

83C4 08
8985 C0F1FFFF
837D 08 00
75 0C
C785 D0EBFFFF
EB 11
8B55 08
8B02
8B4D 08
0348 04
898D D0EBFFFF
8B95 C0F1FFFF
8B42 04
50
8B8D D0EBFFFF
51
8B95 C0F1FFFF
8B02
FFD0
83C4 08
8B8D D4EBFFFF
51
8B55 08
52
E8 01A2FFFF
83C4 08
8985 B8F1FFFF
83BD B8F1FFFF
75 0C
C785 BCF1FFFF
EB 17
8B85 B8F1FFFF
8B08
8B95 B8F1FFFF

ADD ESP,8
MOV DWORD PTR SS:[EBP-0E40],EAX
CMP DWORD PTR SS:[EBP+8],0
JNE SHORT 00410C20
MOV DWORD PTR SS:[EBP-1430],0
JMP SHORT 00410C31
MOV EDX,DWORD PTR SS:[EBP+8]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[EBP+8]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[EBP-1430],ECX
MOV EDX,DWORD PTR SS:[EBP-0E40]
MOV EAX,DWORD PTR DS:[EDX+4]
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP-1430]
PUSH ECX
MOV EDX,DWORD PTR SS:[EBP-0E40]
MOV EAX,DWORD PTR DS:[EDX]
CALL EAX
ADD ESP,8
MOV ECX,DWORD PTR SS:[EBP-142C]
PUSH ECX
MOV EDX,DWORD PTR SS:[EBP+8]
PUSH EDX
CALL 0040AE60
ADD ESP,8
MOV DWORD PTR SS:[EBP-0E48],EAX
CMP DWORD PTR SS:[EBP-0E48],0
JNE SHORT 00410C7D
MOV DWORD PTR SS:[EBP-0E44],0
JMP SHORT 00410C94
MOV EAX,DWORD PTR SS:[EBP-0E48]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[EBP-0E48]

/Arg2 = 6
|
|Arg1
\SystemIn

00410C8B |. 0351 04
00410C8E |. 8995 BCF1FFFF
00410C94 |> 68 C0010000
C0
00410C99 |. 68 80000000
0
00410C9E |. 8B8D BCF1FFFF
00410CA4 |. E8 D780FFFF
fo.00408D80
00410CA9 |. 68 BC914400
NERAL INFORMATION"
00410CAE |. 8B85 B8F1FFFF
00410CB4 |. 50
00410CB5 |. E8 A69CFFFF
00410CBA |. 83C4 08
00410CBD |. 8985 B4F1FFFF
00410CC3 |. 6A 0A
A
00410CC5 |. 8B8D B4F1FFFF
00410CCB |. E8 F0E8FFFF
fo.0040F5C0
00410CD0 |. 8B8D B4F1FFFF
00410CD6 |. E8 E5EAFFFF
fo.0040F7C0
00410CDB |. C645 FC 00
00410CDF |. 6A 00
00410CE1 |. 6A 01
00410CE3 |. 8D8D A4FAFFFF
00410CE9 |. E8 72EEFFFF
fo.0040FB60
00410CEE |. C745 FC FFFFF
00410CF5 |. 6A 00
00410CF7 |. 6A 01
00410CF9 |. 8D8D C0FAFFFF
00410CFF |. E8 5CEEFFFF
fo.0040FB60
00410D04 |. 68 77874400
ystemInfo.448777
00410D09 |. 8D8D 74FAFFFF
00410D0F |. E8 DCDEFFFF
fo.0040EBF0
00410D14 |. C745 FC 02000
00410D1B |. 8D8D 74FAFFFF
00410D21 |. 51
00410D22 |. B9 0C294500
00410D27 |. E8 F463FFFF
fo.00407120
00410D2C |. 8B15 FC284500
00410D32 |. 83C2 01
00410D35 |. 8915 FC284500
00410D3B |. 68 74874400
"
00410D40 |. A1 FC284500
00410D45 |. 50
[4528FC] = 0
00410D46 |. 68 D0914400
00410D4B |. 8B0D F8284500
00410D51 |. 51
[4528F8] = 0
00410D52 |. B9 08294500

ADD EDX,DWORD PTR DS:[ECX+4]


MOV DWORD PTR SS:[EBP-0E44],EDX
PUSH 1C0

; /Arg2 = 1

PUSH 80

; |Arg1 = 8

MOV ECX,DWORD PTR SS:[EBP-0E44]


CALL 00408D80

; |
; \SystemIn

PUSH OFFSET 004491BC

; ASCII "GE

MOV EAX,DWORD PTR SS:[EBP-0E48]


PUSH EAX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[EBP-0E4C],EAX
PUSH 0A

; /Arg1 = 0

MOV ECX,DWORD PTR SS:[EBP-0E4C]


CALL 0040F5C0

; |
; \SystemIn

MOV ECX,DWORD PTR SS:[EBP-0E4C]


CALL 0040F7C0

; [SystemIn

MOV BYTE PTR SS:[EBP-4],0


PUSH 0
PUSH 1
LEA ECX,[EBP-55C]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

MOV DWORD PTR SS:[EBP-4],-1


PUSH 0
PUSH 1
LEA ECX,[EBP-540]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

PUSH OFFSET 00448777

; /Arg1 = S

LEA ECX,[EBP-58C]
CALL 0040EBF0

; |
; \SystemIn

MOV DWORD PTR SS:[EBP-4],2


LEA ECX,[EBP-58C]
PUSH ECX
MOV ECX,OFFSET 0045290C
CALL 00407120

; /Arg1
; |
; \SystemIn

MOV EDX,DWORD PTR DS:[4528FC]


ADD EDX,1
MOV DWORD PTR DS:[4528FC],EDX
PUSH OFFSET 00448774

; ASCII ".

MOV EAX,DWORD PTR DS:[4528FC]


PUSH EAX

; /Arg1 =>

PUSH OFFSET 004491D0


MOV ECX,DWORD PTR DS:[4528F8]
PUSH ECX

; |
; |
; |/Arg1 =>

MOV ECX,OFFSET 00452908

; ||

00410D57 |.
nfo.00405E60
00410D5C |.
00410D5D |.
00410D62 |.
00410D65 |.
00410D67 |.
fo.00405E60
00410D6C |.
00410D6D |.
00410D72 |.
00410D75 |.
00410D7B |.
00410D7C |.
00410D81 |.
fo.00406460
00410D86 |.
00410D8C |.
00410D92 |.
00410D98 |.
00410D9C |.
00410DA3 |.
00410DAA |.
00410DAE |.
00410DB0 |.
00410DBA |.
00410DBC |>
00410DBF |.
00410DC1 |.
00410DC4 |.
00410DC7 |.
00410DCD |>
C0
00410DD2 |.
0
00410DD4 |.
00410DDA |.
fo.00408D80
00410DDF |.
00410DE1 |.
00410DE7 |.
00410DE8 |.
fo.0042D798
00410DED |.
00410DF0 |.
00410DF6 |.
00410DFA |.
00410DFC |.
00410E06 |.
00410E08 |>
00410E0B |.
00410E0D |.
00410E10 |.
00410E13 |.
00410E19 |>
00410E1F |.
00410E22 |.
00410E23 |.
00410E29 |.
00410E2A |.

E8 0451FFFF

CALL 00405E60

; |\SystemI

50
E8 FE9BFFFF
83C4 08
8BC8
E8 F450FFFF

PUSH EAX
CALL 0040A960
ADD ESP,8
MOV ECX,EAX
CALL 00405E60

;
;
;
;
;

50
E8 EE9BFFFF
83C4 08
8D95 58FAFFFF
52
B9 08294500
E8 DA56FFFF

PUSH EAX
CALL 0040A960
ADD ESP,8
LEA EDX,[EBP-5A8]
PUSH EDX
MOV ECX,OFFSET 00452908
CALL 00406460

; /Arg1
; |
; \SystemIn

8985 CCEBFFFF
8B85 CCEBFFFF
8985 C8EBFFFF
C645 FC 03
C685 9BFAFFFF
C685 9AFAFFFF
837D 08 00
75 0C
C785 9CF1FFFF
EB 11
8B4D 08
8B11
8B45 08
0342 04
8985 9CF1FFFF
68 C0010000

MOV DWORD PTR SS:[EBP-1434],EAX


MOV EAX,DWORD PTR SS:[EBP-1434]
MOV DWORD PTR SS:[EBP-1438],EAX
MOV BYTE PTR SS:[EBP-4],3
MOV BYTE PTR SS:[EBP-565],20
MOV BYTE PTR SS:[EBP-566],2E
CMP DWORD PTR SS:[EBP+8],0
JNE SHORT 00410DBC
MOV DWORD PTR SS:[EBP-0E64],0
JMP SHORT 00410DCD
MOV ECX,DWORD PTR SS:[EBP+8]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[EBP+8]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[EBP-0E64],EAX
PUSH 1C0

; /Arg2 = 1

6A 40

PUSH 40

; |Arg1 = 4

|
|
|
|
\SystemIn

8B8D 9CF1FFFF MOV ECX,DWORD PTR SS:[EBP-0E64]


E8 A17FFFFF CALL 00408D80

; |
; \SystemIn

6A 06
8D8D 50FAFFFF
51
E8 ABC90100

PUSH 6
LEA ECX,[EBP-5B0]
PUSH ECX
CALL 0042D798

;
;
;
;

83C4 08
8985 98F1FFFF
837D 08 00
75 0C
C785 C4EBFFFF
EB 11
8B55 08
8B02
8B4D 08
0348 04
898D C4EBFFFF
8B95 98F1FFFF
8B42 04
50
8B8D C4EBFFFF
51
8B95 98F1FFFF

ADD ESP,8
MOV DWORD PTR SS:[EBP-0E68],EAX
CMP DWORD PTR SS:[EBP+8],0
JNE SHORT 00410E08
MOV DWORD PTR SS:[EBP-143C],0
JMP SHORT 00410E19
MOV EDX,DWORD PTR SS:[EBP+8]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[EBP+8]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[EBP-143C],ECX
MOV EDX,DWORD PTR SS:[EBP-0E68]
MOV EAX,DWORD PTR DS:[EDX+4]
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP-143C]
PUSH ECX
MOV EDX,DWORD PTR SS:[EBP-0E68]

/Arg2 = 6
|
|Arg1
\SystemIn

00410E30 |.
00410E32 |.
00410E34 |.
00410E37 |.
00410E3D |.
00410E3E |.
00410E41 |.
00410E42 |.
00410E47 |.
00410E4A |.
00410E50 |.
00410E57 |.
00410E59 |.
00410E63 |.
00410E65 |>
00410E6B |.
00410E6D |.
00410E73 |.
00410E76 |.
00410E7C |>
C0
00410E81 |.
0
00410E86 |.
00410E8C |.
fo.00408D80
00410E91 |.
3
00410E93 |.
00410E99 |.
00410E9A |.
fo.0042D798
00410E9F |.
00410EA2 |.
00410EA8 |.
00410EAF |.
00410EB1 |.
00410EBB |.
00410EBD |>
00410EC3 |.
00410EC5 |.
00410ECB |.
00410ECE |.
00410ED4 |>
00410EDA |.
00410EDD |.
00410EDE |.
00410EE4 |.
00410EE5 |.
00410EEB |.
00410EED |.
00410EEF |.
00410EF2 |.
00410EF8 |.
00410EFE |.
00410F04 |.
00410F06 |.
00410F0C |.
00410F0F |.
00410F15 |.

8B02
FFD0
83C4 08
8B8D C8EBFFFF
51
8B55 08
52
E8 19A0FFFF
83C4 08
8985 90F1FFFF
83BD 90F1FFFF
75 0C
C785 94F1FFFF
EB 17
8B85 90F1FFFF
8B08
8B95 90F1FFFF
0351 04
8995 94F1FFFF
68 C0010000

MOV EAX,DWORD PTR DS:[EDX]


CALL EAX
ADD ESP,8
MOV ECX,DWORD PTR SS:[EBP-1438]
PUSH ECX
MOV EDX,DWORD PTR SS:[EBP+8]
PUSH EDX
CALL 0040AE60
ADD ESP,8
MOV DWORD PTR SS:[EBP-0E70],EAX
CMP DWORD PTR SS:[EBP-0E70],0
JNE SHORT 00410E65
MOV DWORD PTR SS:[EBP-0E6C],0
JMP SHORT 00410E7C
MOV EAX,DWORD PTR SS:[EBP-0E70]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[EBP-0E70]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[EBP-0E6C],EDX
PUSH 1C0

; /Arg2 = 1

68 80000000

PUSH 80

; |Arg1 = 8

8B8D 94F1FFFF MOV ECX,DWORD PTR SS:[EBP-0E6C]


E8 EF7EFFFF CALL 00408D80

; |
; \SystemIn

6A 23

; /Arg2 = 2

PUSH 23

8D85 90FAFFFF LEA EAX,[EBP-570]


50
PUSH EAX
E8 F9C80100 CALL 0042D798
83C4 08
8985 8CF1FFFF
83BD 90F1FFFF
75 0C
C785 C0EBFFFF
EB 17
8B8D 90F1FFFF
8B11
8B85 90F1FFFF
0342 04
8985 C0EBFFFF
8B8D 8CF1FFFF
8B51 04
52
8B85 C0EBFFFF
50
8B8D 8CF1FFFF
8B11
FFD2
83C4 08
8A85 9AFAFFFF
8885 83F1FFFF
8B8D 90F1FFFF
8B11
8B85 90F1FFFF
0342 04
8985 84F1FFFF
8B8D 84F1FFFF

ADD ESP,8
MOV DWORD PTR SS:[EBP-0E74],EAX
CMP DWORD PTR SS:[EBP-0E70],0
JNE SHORT 00410EBD
MOV DWORD PTR SS:[EBP-1440],0
JMP SHORT 00410ED4
MOV ECX,DWORD PTR SS:[EBP-0E70]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[EBP-0E70]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[EBP-1440],EAX
MOV ECX,DWORD PTR SS:[EBP-0E74]
MOV EDX,DWORD PTR DS:[ECX+4]
PUSH EDX
MOV EAX,DWORD PTR SS:[EBP-1440]
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP-0E74]
MOV EDX,DWORD PTR DS:[ECX]
CALL EDX
ADD ESP,8
MOV AL,BYTE PTR SS:[EBP-566]
MOV BYTE PTR SS:[EBP-0E7D],AL
MOV ECX,DWORD PTR SS:[EBP-0E70]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[EBP-0E70]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[EBP-0E7C],EAX
MOV ECX,DWORD PTR SS:[EBP-0E7C]

; |
; |Arg1
; \SystemIn

00410F1B |. 8A51 30
00410F1E |. 8895 8BF1FFFF
00410F24 |. 8B85 84F1FFFF
00410F2A |. 8A8D 83F1FFFF
00410F30 |. 8848 30
00410F33 |. 83BD 90F1FFFF
00410F3A |. 75 0C
00410F3C |. C785 7CF1FFFF
00410F46 |. EB 17
00410F48 |> 8B95 90F1FFFF
00410F4E |. 8B02
00410F50 |. 8B8D 90F1FFFF
00410F56 |. 0348 04
00410F59 |. 898D 7CF1FFFF
00410F5F |> 68 C0010000
C0
00410F64 |. 6A 40
0
00410F66 |. 8B8D 7CF1FFFF
00410F6C |. E8 0F7EFFFF
fo.00408D80
00410F71 |. 68 A8914400
erating System"
00410F76 |. 8B95 90F1FFFF
00410F7C |. 52
00410F7D |. E8 DE99FFFF
00410F82 |. 83C4 08
00410F85 |. 8985 74F1FFFF
00410F8B |. 83BD 74F1FFFF
00410F92 |. 75 0C
00410F94 |. C785 78F1FFFF
00410F9E |. EB 17
00410FA0 |> 8B85 74F1FFFF
00410FA6 |. 8B08
00410FA8 |. 8B95 74F1FFFF
00410FAE |. 0351 04
00410FB1 |. 8995 78F1FFFF
00410FB7 |> 68 C0010000
C0
00410FBC |. 68 80000000
0
00410FC1 |. 8B8D 78F1FFFF
00410FC7 |. E8 B47DFFFF
fo.00408D80
00410FCC |. 8A85 9BFAFFFF
00410FD2 |. 8885 6BF1FFFF
00410FD8 |. 8B8D 74F1FFFF
00410FDE |. 8B11
00410FE0 |. 8B85 74F1FFFF
00410FE6 |. 0342 04
00410FE9 |. 8985 6CF1FFFF
00410FEF |. 8B8D 6CF1FFFF
00410FF5 |. 8A51 30
00410FF8 |. 8895 73F1FFFF
00410FFE |. 8B85 6CF1FFFF
00411004 |. 8A8D 6BF1FFFF
0041100A |. 8848 30
0041100D |. C645 FC 02
00411011 |. 6A 00
00411013 |. 6A 01

MOV DL,BYTE PTR DS:[ECX+30]


MOV BYTE PTR SS:[EBP-0E75],DL
MOV EAX,DWORD PTR SS:[EBP-0E7C]
MOV CL,BYTE PTR SS:[EBP-0E7D]
MOV BYTE PTR DS:[EAX+30],CL
CMP DWORD PTR SS:[EBP-0E70],0
JNE SHORT 00410F48
MOV DWORD PTR SS:[EBP-0E84],0
JMP SHORT 00410F5F
MOV EDX,DWORD PTR SS:[EBP-0E70]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[EBP-0E70]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[EBP-0E84],ECX
PUSH 1C0

; /Arg2 = 1

PUSH 40

; |Arg1 = 4

MOV ECX,DWORD PTR SS:[EBP-0E84]


CALL 00408D80

; |
; \SystemIn

PUSH OFFSET 004491A8

; ASCII "Op

MOV EDX,DWORD PTR SS:[EBP-0E70]


PUSH EDX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[EBP-0E8C],EAX
CMP DWORD PTR SS:[EBP-0E8C],0
JNE SHORT 00410FA0
MOV DWORD PTR SS:[EBP-0E88],0
JMP SHORT 00410FB7
MOV EAX,DWORD PTR SS:[EBP-0E8C]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[EBP-0E8C]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[EBP-0E88],EDX
PUSH 1C0

; /Arg2 = 1

PUSH 80

; |Arg1 = 8

MOV ECX,DWORD PTR SS:[EBP-0E88]


CALL 00408D80

; |
; \SystemIn

MOV AL,BYTE PTR SS:[EBP-565]


MOV BYTE PTR SS:[EBP-0E95],AL
MOV ECX,DWORD PTR SS:[EBP-0E8C]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[EBP-0E8C]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[EBP-0E94],EAX
MOV ECX,DWORD PTR SS:[EBP-0E94]
MOV DL,BYTE PTR DS:[ECX+30]
MOV BYTE PTR SS:[EBP-0E8D],DL
MOV EAX,DWORD PTR SS:[EBP-0E94]
MOV CL,BYTE PTR SS:[EBP-0E95]
MOV BYTE PTR DS:[EAX+30],CL
MOV BYTE PTR SS:[EBP-4],2
PUSH 0
PUSH 1

; /Arg2 = 0
; |Arg1 = 1

00411015 |.
0041101B |.
fo.0040FB60
00411020 |.
00411027 |.
00411029 |.
0041102B |.
00411031 |.
fo.0040FB60
00411036 |.
0041103C |.
00411042 |.
0041104C |.
00411052 |.
0041105C |.
0041105E |.
00411063 |>
.GetVersion
00411069 |.
0041106E |.
00411074 |.
.GetVersion
0041107A |.
0041107F |.
00411082 |.
00411087 |.
0041108A |.
0041108D |.
0041108F |.
"
00411099 |.
0041109B |>
.GetVersion
004110A1 |.
004110A6 |.
004110A9 |.
004110AC |.
004110B2 |.
004110B5 |.
004110B8 |.
004110BA |.
00"
004110C4 |.
004110C6 |>
"
004110D0 |>
004110D6 |.
004110DC |>
004110E3 |.
004110EA |.
004110EC |.
004110F2 |.
004110F3 |.
fo.0042D798
004110F8 |.
004110FB |.
00411101 |.
00411106 |.
.GetVersion
0041110C |.

8D8D 58FAFFFF LEA ECX,[EBP-5A8]


E8 40EBFFFF CALL 0040FB60

; |
; \SystemIn

C745 FC FFFFF
6A 00
6A 01
8D8D 74FAFFFF
E8 2AEBFFFF

MOV DWORD PTR SS:[EBP-4],-1


PUSH 0
PUSH 1
LEA ECX,[EBP-58C]
CALL 0040FB60

;
;
;
;

8B15 90114500
8995 BCEBFFFF
81BD BCEBFFFF
0F84 BA090000
81BD BCEBFFFF
74 05
E9 15190000
FF15 54804400

MOV EDX,DWORD PTR DS:[451190]


MOV DWORD PTR SS:[EBP-1444],EDX
CMP DWORD PTR SS:[EBP-1444],94
JE 00411A0C
CMP DWORD PTR SS:[EBP-1444],9C
JE SHORT 00411063
JMP 00412978
CALL DWORD PTR DS:[<&KERNEL32.GetVersion ; [KERNEL32

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

3D 00000080 CMP EAX,80000000


0F83 31020000 JNB 004112A5
FF15 54804400 CALL DWORD PTR DS:[<&KERNEL32.GetVersion ; [KERNEL32
25 FFFF0000
0FB7C0
25 FF000000
0FB6C8
83F9 05
74 0C
C785 B8EBFFFF

AND EAX,0000FFFF
MOVZX EAX,AX
AND EAX,000000FF
MOVZX ECX,AL
CMP ECX,5
JE SHORT 0041109B
MOV DWORD PTR SS:[EBP-1448],OFFSET 00449 ; ASCII "NT

EB 41
JMP SHORT 004110DC
FF15 54804400 CALL DWORD PTR DS:[<&KERNEL32.GetVersion ; [KERNEL32
25 FFFF0000
0FB7D0
C1EA 08
81E2 FF000000
0FB6C2
83F8 01
7D 0C
C785 B4EBFFFF

AND EAX,0000FFFF
MOVZX EDX,AX
SHR EDX,8
AND EDX,000000FF
MOVZX EAX,DL
CMP EAX,1
JGE SHORT 004110C6
MOV DWORD PTR SS:[EBP-144C],OFFSET 00449 ; ASCII "20

EB 0A
JMP SHORT 004110D0
C785 B4EBFFFF MOV DWORD PTR SS:[EBP-144C],OFFSET 00449 ; ASCII "XP
8B8D B4EBFFFF
898D B8EBFFFF
C685 4FFAFFFF
C685 4EFAFFFF
6A 02
8D95 44FAFFFF
52
E8 A0C60100

MOV ECX,DWORD PTR SS:[EBP-144C]


MOV DWORD PTR SS:[EBP-1448],ECX
MOV BYTE PTR SS:[EBP-5B1],20
MOV BYTE PTR SS:[EBP-5B2],30
PUSH 2
LEA EDX,[EBP-5BC]
PUSH EDX
CALL 0042D798

83C4 08
8985 60F1FFFF
68 D0914400
FF15 54804400

ADD ESP,8
MOV DWORD PTR SS:[EBP-0EA0],EAX
PUSH OFFSET 004491D0
CALL DWORD PTR DS:[<&KERNEL32.GetVersion ; [KERNEL32

25 FFFF0000

AND EAX,0000FFFF

;
;
;
;

/Arg2 = 2
|
|Arg1
\SystemIn

00411111 |.
00411114 |.
00411119 |.
0041111C |.
0041111D |.
00411122 |.
00411128 |.
00411129 |.
indows "
0041112E |.
00411131 |.
00411132 |.
00411137 |.
0041113A |.
0041113B |.
00411140 |.
00411143 |.
00411144 |.
00411149 |.
0041114C |.
0041114E |.
fo.00405E60
00411153 |.
00411154 |.
00411159 |.
0041115C |.
00411162 |.
00411169 |.
0041116B |.
00411175 |.
00411177 |>
0041117D |.
0041117F |.
00411185 |.
00411188 |.
0041118E |>
00411194 |.
00411197 |.
00411198 |.
0041119E |.
0041119F |.
004111A5 |.
004111A7 |.
004111A9 |.
004111AC |.
004111B2 |.
004111B8 |.
004111BE |.
004111C0 |.
004111C6 |.
004111C9 |.
004111CF |.
004111D5 |.
004111D8 |.
004111DE |.
004111E4 |.
004111EA |.
004111ED |.
.GetVersion
004111F3 |.

0FB7C0
25 FF000000
0FB6C8
51
68 80874400
8B95 B8EBFFFF
52
68 8C914400

MOVZX EAX,AX
AND EAX,000000FF
MOVZX ECX,AL
PUSH ECX
PUSH OFFSET 00448780
MOV EDX,DWORD PTR SS:[EBP-1448]
PUSH EDX
PUSH OFFSET 0044918C

;
;
;
;
;

/Arg1
|
|
|
|ASCII "W

8B45 08
50
E8 2998FFFF
83C4 08
50
E8 2098FFFF
83C4 08
50
E8 1798FFFF
83C4 08
8BC8
E8 0D4DFFFF

MOV EAX,DWORD PTR SS:[EBP+8]


PUSH EAX
CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
MOV ECX,EAX
CALL 00405E60

;
;
;
;
;
;
;
;
;
;
;
;

|
|
|
|
|
|
|
|
|
|
|
\SystemIn

50
E8 0798FFFF
83C4 08
8985 64F1FFFF
83BD 64F1FFFF
75 0C
C785 B0EBFFFF
EB 17
8B8D 64F1FFFF
8B11
8B85 64F1FFFF
0342 04
8985 B0EBFFFF
8B8D 60F1FFFF
8B51 04
52
8B85 B0EBFFFF
50
8B8D 60F1FFFF
8B11
FFD2
83C4 08
8A85 4EFAFFFF
8885 57F1FFFF
8B8D 64F1FFFF
8B11
8B85 64F1FFFF
0342 04
8985 58F1FFFF
8B8D 58F1FFFF
8A51 30
8895 5FF1FFFF
8B85 58F1FFFF
8A8D 57F1FFFF
8848 30
FF15 54804400

PUSH EAX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[EBP-0E9C],EAX
CMP DWORD PTR SS:[EBP-0E9C],0
JNE SHORT 00411177
MOV DWORD PTR SS:[EBP-1450],0
JMP SHORT 0041118E
MOV ECX,DWORD PTR SS:[EBP-0E9C]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[EBP-0E9C]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[EBP-1450],EAX
MOV ECX,DWORD PTR SS:[EBP-0EA0]
MOV EDX,DWORD PTR DS:[ECX+4]
PUSH EDX
MOV EAX,DWORD PTR SS:[EBP-1450]
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP-0EA0]
MOV EDX,DWORD PTR DS:[ECX]
CALL EDX
ADD ESP,8
MOV AL,BYTE PTR SS:[EBP-5B2]
MOV BYTE PTR SS:[EBP-0EA9],AL
MOV ECX,DWORD PTR SS:[EBP-0E9C]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[EBP-0E9C]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[EBP-0EA8],EAX
MOV ECX,DWORD PTR SS:[EBP-0EA8]
MOV DL,BYTE PTR DS:[ECX+30]
MOV BYTE PTR SS:[EBP-0EA1],DL
MOV EAX,DWORD PTR SS:[EBP-0EA8]
MOV CL,BYTE PTR SS:[EBP-0EA9]
MOV BYTE PTR DS:[EAX+30],CL
CALL DWORD PTR DS:[<&KERNEL32.GetVersion ; [KERNEL32

25 FFFF0000

AND EAX,0000FFFF

004111F8 |.
004111FB |.
004111FE |.
00411204 |.
00411207 |.
00411208 |.
0041120E |.
fo.00405E60
00411213 |.
00411219 |.
0041121F |.
00411225 |.
0041122B |.
0041122D |.
00411233 |.
00411236 |.
0041123C |.
00411242 |.
00411245 |.
0041124B |.
00411251 |.
00411257 |.
0041125A |.
.GetVersion
00411260 |.
00411263 |.
00411268 |.
0041126B |.
.GetVersion
00411271 |.
00411276 |.
00411278 |.
0041127D |.
00411282 |.
00411284 |.
00411285 |.
0041128A |.
00411290 |.
00411291 |.
00411296 |.
00411299 |.
0041129B |.
fo.00405E60
004112A0 |.
004112A5 |>
.GetVersion
004112AB |.
004112B0 |.
004112B6 |.
.GetVersion
004112BC |.
004112C1 |.
004112C4 |.
004112C7 |.
004112CD |.
004112D0 |.
004112D3 |.
004112D5 |.
"
004112DF |.

0FB7D0
C1EA 08
81E2 FF000000
0FB6C2
50
8B8D 64F1FFFF
E8 4D4CFFFF

MOVZX EDX,AX
SHR EDX,8
AND EDX,000000FF
MOVZX EAX,DL
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP-0E9C]
CALL 00405E60

8985
8A8D
888D
8B95
8B02
8B8D
0348
898D
8B95
8A42
8885
8B8D
8A95
8851
FF15

48F1FFFF
04
50F1FFFF
50F1FFFF
30
56F1FFFF
50F1FFFF
4FF1FFFF
30
54804400

MOV DWORD PTR SS:[EBP-0EB8],EAX


MOV CL,BYTE PTR SS:[EBP-5B1]
MOV BYTE PTR SS:[EBP-0EB1],CL
MOV EDX,DWORD PTR SS:[EBP-0EB8]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[EBP-0EB8]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[EBP-0EB0],ECX
MOV EDX,DWORD PTR SS:[EBP-0EB0]
MOV AL,BYTE PTR DS:[EDX+30]
MOV BYTE PTR SS:[EBP-0EAA],AL
MOV ECX,DWORD PTR SS:[EBP-0EB0]
MOV DL,BYTE PTR SS:[EBP-0EB1]
MOV BYTE PTR DS:[ECX+30],DL
CALL DWORD PTR DS:[<&KERNEL32.GetVersion ; [KERNEL32

C1E8 10
25 FFFF0000
0FB7F0
FF15 54804400

SHR EAX,10
AND EAX,0000FFFF
MOVZX ESI,AX
CALL DWORD PTR DS:[<&KERNEL32.GetVersion ; [KERNEL32

3D 00000080
1BC0
25 00400000
05 FF3F0000
23F0
56
68 D0914400
8B8D 48F1FFFF
51
E8 CA96FFFF
83C4 08
8BC8
E8 C04BFFFF

CMP EAX,80000000
SBB EAX,EAX
AND EAX,00004000
ADD EAX,3FFF
AND ESI,EAX
PUSH ESI
PUSH OFFSET 004491D0
MOV ECX,DWORD PTR SS:[EBP-0EB8]
PUSH ECX
CALL 0040A960
ADD ESP,8
MOV ECX,EAX
CALL 00405E60

48F1FFFF
4FFAFFFF
4FF1FFFF
48F1FFFF

; /Arg1
; |
; \SystemIn

;
;
;
;
;
;
;
;

/Arg1
|
|
|
|
|
|
\SystemIn

E9 B0020000 JMP 00411555


FF15 54804400 CALL DWORD PTR DS:[<&KERNEL32.GetVersion ; [KERNEL32
25 00000040 AND EAX,40000000
0F84 F0010000 JE 004114A6
FF15 54804400 CALL DWORD PTR DS:[<&KERNEL32.GetVersion ; [KERNEL32
25 FFFF0000
0FB7D0
C1EA 08
81E2 FF000000
0FB6C2
83F8 0A
7D 0C
C785 ACEBFFFF

AND EAX,0000FFFF
MOVZX EDX,AX
SHR EDX,8
AND EDX,000000FF
MOVZX EAX,DL
CMP EAX,0A
JGE SHORT 004112E1
MOV DWORD PTR SS:[EBP-1454],OFFSET 00449 ; ASCII "95

EB 41

JMP SHORT 00411322

004112E1 |>
.GetVersion
004112E7 |.
004112EC |.
004112EF |.
004112F2 |.
004112F8 |.
004112FB |.
004112FE |.
00411300 |.
"
0041130A |.
0041130C |>
"
00411316 |>
0041131C |.
00411322 |>
00411329 |.
00411330 |.
00411332 |.
00411338 |.
00411339 |.
fo.0042D798
0041133E |.
00411341 |.
00411347 |.
0041134C |.
.GetVersion
00411352 |.
00411357 |.
0041135A |.
00411360 |.
00411363 |.
00411364 |.
00411369 |.
0041136F |.
00411370 |.
indows "
00411375 |.
00411378 |.
00411379 |.
0041137E |.
00411381 |.
00411382 |.
00411387 |.
0041138A |.
0041138B |.
00411390 |.
00411393 |.
00411395 |.
fo.00405E60
0041139A |.
0041139B |.
004113A0 |.
004113A3 |.
004113A9 |.
004113B0 |.
004113B2 |.
004113BC |.
004113BE |>

FF15 54804400 CALL DWORD PTR DS:[<&KERNEL32.GetVersion ; [KERNEL32


25 FFFF0000
0FB7C8
C1E9 08
81E1 FF000000
0FB6D1
83FA 5A
7D 0C
C785 A8EBFFFF

AND EAX,0000FFFF
MOVZX ECX,AX
SHR ECX,8
AND ECX,000000FF
MOVZX EDX,CL
CMP EDX,5A
JGE SHORT 0041130C
MOV DWORD PTR SS:[EBP-1458],OFFSET 00449 ; ASCII "98

EB 0A
JMP SHORT 00411316
C785 A8EBFFFF MOV DWORD PTR SS:[EBP-1458],OFFSET 00449 ; ASCII "Me
8B85 A8EBFFFF
8985 ACEBFFFF
C685 43FAFFFF
C685 42FAFFFF
6A 02
8D8D 38FAFFFF
51
E8 5AC40100

MOV EAX,DWORD PTR SS:[EBP-1458]


MOV DWORD PTR SS:[EBP-1454],EAX
MOV BYTE PTR SS:[EBP-5BD],20
MOV BYTE PTR SS:[EBP-5BE],30
PUSH 2
LEA ECX,[EBP-5C8]
PUSH ECX
CALL 0042D798

83C4 08
8985 40F1FFFF
68 D0914400
FF15 54804400

ADD ESP,8
MOV DWORD PTR SS:[EBP-0EC0],EAX
PUSH OFFSET 004491D0
CALL DWORD PTR DS:[<&KERNEL32.GetVersion ; [KERNEL32

25 FFFF0000
0FB7D0
81E2 FF000000
0FB6C2
50
68 80874400
8B8D ACEBFFFF
51
68 8C914400

AND EAX,0000FFFF
MOVZX EDX,AX
AND EDX,000000FF
MOVZX EAX,DL
PUSH EAX
PUSH OFFSET 00448780
MOV ECX,DWORD PTR SS:[EBP-1454]
PUSH ECX
PUSH OFFSET 0044918C

;
;
;
;
;

/Arg1
|
|
|
|ASCII "W

8B55 08
52
E8 E295FFFF
83C4 08
50
E8 D995FFFF
83C4 08
50
E8 D095FFFF
83C4 08
8BC8
E8 C64AFFFF

MOV EDX,DWORD PTR SS:[EBP+8]


PUSH EDX
CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
MOV ECX,EAX
CALL 00405E60

;
;
;
;
;
;
;
;
;
;
;
;

|
|
|
|
|
|
|
|
|
|
|
\SystemIn

50
E8 C095FFFF
83C4 08
8985 44F1FFFF
83BD 44F1FFFF
75 0C
C785 A4EBFFFF
EB 17
8B85 44F1FFFF

PUSH EAX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[EBP-0EBC],EAX
CMP DWORD PTR SS:[EBP-0EBC],0
JNE SHORT 004113BE
MOV DWORD PTR SS:[EBP-145C],0
JMP SHORT 004113D5
MOV EAX,DWORD PTR SS:[EBP-0EBC]

;
;
;
;

/Arg2 = 2
|
|Arg1
\SystemIn

004113C4 |.
004113C6 |.
004113CC |.
004113CF |.
004113D5 |>
004113DB |.
004113DE |.
004113DF |.
004113E5 |.
004113E6 |.
004113EC |.
004113EE |.
004113F0 |.
004113F3 |.
004113F9 |.
004113FF |.
00411405 |.
00411407 |.
0041140D |.
00411410 |.
00411416 |.
0041141C |.
0041141F |.
00411425 |.
0041142B |.
00411431 |.
00411434 |.
.GetVersion
0041143A |.
0041143F |.
00411442 |.
00411445 |.
0041144B |.
0041144E |.
0041144F |.
00411455 |.
fo.00405E60
0041145A |.
00411460 |.
00411466 |.
0041146C |.
00411472 |.
00411474 |.
0041147A |.
0041147D |.
00411483 |.
00411489 |.
0041148C |.
00411492 |.
00411498 |.
0041149E |.
004114A1 |.
004114A6 |>
004114AB |.
.GetVersion
004114B1 |.
004114B4 |.
004114B9 |.
004114BC |.
.GetVersion

8B08
8B95
0351
8995
8B85
8B48
51
8B95
52
8B85
8B08
FFD1
83C4
8A95
8895
8B85
8B08
8B95
0351
8995
8B85
8A48
888D
8B95
8A85
8842
FF15

44F1FFFF
04
A4EBFFFF
40F1FFFF
04
A4EBFFFF
40F1FFFF
08
42FAFFFF
37F1FFFF
44F1FFFF
44F1FFFF
04
38F1FFFF
38F1FFFF
30
3FF1FFFF
38F1FFFF
37F1FFFF
30
54804400

MOV ECX,DWORD PTR DS:[EAX]


MOV EDX,DWORD PTR SS:[EBP-0EBC]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[EBP-145C],EDX
MOV EAX,DWORD PTR SS:[EBP-0EC0]
MOV ECX,DWORD PTR DS:[EAX+4]
PUSH ECX
MOV EDX,DWORD PTR SS:[EBP-145C]
PUSH EDX
MOV EAX,DWORD PTR SS:[EBP-0EC0]
MOV ECX,DWORD PTR DS:[EAX]
CALL ECX
ADD ESP,8
MOV DL,BYTE PTR SS:[EBP-5BE]
MOV BYTE PTR SS:[EBP-0EC9],DL
MOV EAX,DWORD PTR SS:[EBP-0EBC]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[EBP-0EBC]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[EBP-0EC8],EDX
MOV EAX,DWORD PTR SS:[EBP-0EC8]
MOV CL,BYTE PTR DS:[EAX+30]
MOV BYTE PTR SS:[EBP-0EC1],CL
MOV EDX,DWORD PTR SS:[EBP-0EC8]
MOV AL,BYTE PTR SS:[EBP-0EC9]
MOV BYTE PTR DS:[EDX+30],AL
CALL DWORD PTR DS:[<&KERNEL32.GetVersion ; [KERNEL32

25 FFFF0000
0FB7C8
C1E9 08
81E1 FF000000
0FB6D1
52
8B8D 44F1FFFF
E8 064AFFFF

AND EAX,0000FFFF
MOVZX ECX,AX
SHR ECX,8
AND ECX,000000FF
MOVZX EDX,CL
PUSH EDX
MOV ECX,DWORD PTR SS:[EBP-0EBC]
CALL 00405E60

8985 28F1FFFF
8A85 43FAFFFF
8885 2FF1FFFF
8B8D 28F1FFFF
8B11
8B85 28F1FFFF
0342 04
8985 30F1FFFF
8B8D 30F1FFFF
8A51 30
8895 36F1FFFF
8B85 30F1FFFF
8A8D 2FF1FFFF
8848 30
E9 AF000000
68 68854400
FF15 54804400

MOV DWORD PTR SS:[EBP-0ED8],EAX


MOV AL,BYTE PTR SS:[EBP-5BD]
MOV BYTE PTR SS:[EBP-0ED1],AL
MOV ECX,DWORD PTR SS:[EBP-0ED8]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[EBP-0ED8]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[EBP-0ED0],EAX
MOV ECX,DWORD PTR SS:[EBP-0ED0]
MOV DL,BYTE PTR DS:[ECX+30]
MOV BYTE PTR SS:[EBP-0ECA],DL
MOV EAX,DWORD PTR SS:[EBP-0ED0]
MOV CL,BYTE PTR SS:[EBP-0ED1]
MOV BYTE PTR DS:[EAX+30],CL
JMP 00411555
PUSH OFFSET 00448568
CALL DWORD PTR DS:[<&KERNEL32.GetVersion ; [KERNEL32

C1E8 10
25 FFFF0000
0FB7F0
FF15 54804400

SHR EAX,10
AND EAX,0000FFFF
MOVZX ESI,AX
CALL DWORD PTR DS:[<&KERNEL32.GetVersion ; [KERNEL32

; /Arg1
; |
; \SystemIn

004114C2 |. 3D 00000080
004114C7 |. 1BD2
004114C9 |. 81E2 00400000
004114CF |. 81C2 FF3F0000
004114D5 |. 23F2
004114D7 |. 56
004114D8 |. 68 74914400
(build "
004114DD |. FF15 54804400
2.GetVersion
004114E3 |. 25 FFFF0000
004114E8 |. 0FB7C0
004114EB |. C1E8 08
004114EE |. 25 FF000000
004114F3 |. 0FB6C8
004114F6 |. 51
004114F7 |. 68 D0914400
004114FC |. FF15 54804400
32.GetVersion
00411502 |. 25 FFFF0000
00411507 |. 0FB7D0
0041150A |. 81E2 FF000000
00411510 |. 0FB6C2
00411513 |. 50
00411514 |. 68 8C914400
"Windows "
00411519 |. 8B4D 08
0041151C |. 51
0041151D |. E8 3E94FFFF
00411522 |. 83C4 08
00411525 |. 8BC8
00411527 |. E8 3449FFFF
Info.00405E60
0041152C |. 50
0041152D |. E8 2E94FFFF
00411532 |. 83C4 08
00411535 |. 8BC8
00411537 |. E8 2449FFFF
nfo.00405E60
0041153C |. 50
0041153D |. E8 1E94FFFF
00411542 |. 83C4 08
00411545 |. 8BC8
00411547 |. E8 1449FFFF
fo.00405E60
0041154C |. 50
0041154D |. E8 0E94FFFF
00411552 |. 83C4 08
00411555 |> 8B15 A0114500
0041155B |. 8995 A0EBFFFF
00411561 |. 83BD A0EBFFFF
00411568 |. 74 05
0041156A |. E9 98040000
0041156F |> 68 77874400
ystemInfo.448777
00411574 |. 8D8D 14FAFFFF
0041157A |. E8 71D6FFFF
fo.0040EBF0
0041157F |. C745 FC 04000
00411586 |. 8D85 14FAFFFF

CMP EAX,80000000
SBB EDX,EDX
AND EDX,00004000
ADD EDX,3FFF
AND ESI,EDX
PUSH ESI
PUSH OFFSET 00449174

; /Arg1
; |ASCII "

CALL DWORD PTR DS:[<&KERNEL32.GetVersion ; |[KERNEL3


AND EAX,0000FFFF
MOVZX EAX,AX
SHR EAX,8
AND EAX,000000FF
MOVZX ECX,AL
PUSH ECX
PUSH OFFSET 004491D0
CALL DWORD PTR DS:[<&KERNEL32.GetVersion

;
;
;
;
;
;
;
;

|
|
|
|
|
|/Arg1
||
||[KERNEL

AND EAX,0000FFFF
MOVZX EDX,AX
AND EDX,000000FF
MOVZX EAX,DL
PUSH EAX
PUSH OFFSET 0044918C

;
;
;
;
;
;

||
||
||
||
||/Arg1
|||ASCII

MOV ECX,DWORD PTR SS:[EBP+8]


PUSH ECX
CALL 0040A960
ADD ESP,8
MOV ECX,EAX
CALL 00405E60

;
;
;
;
;
;

|||
|||
|||
|||
|||
||\System

PUSH EAX
CALL 0040A960
ADD ESP,8
MOV ECX,EAX
CALL 00405E60

;
;
;
;
;

||
||
||
||
|\SystemI

PUSH EAX
CALL 0040A960
ADD ESP,8
MOV ECX,EAX
CALL 00405E60

;
;
;
;
;

|
|
|
|
\SystemIn

PUSH EAX
CALL 0040A960
ADD ESP,8
MOV EDX,DWORD PTR DS:[4511A0]
MOV DWORD PTR SS:[EBP-1460],EDX
CMP DWORD PTR SS:[EBP-1460],2
JE SHORT 0041156F
JMP 00411A07
PUSH OFFSET 00448777

; /Arg1 = S

LEA ECX,[EBP-5EC]
CALL 0040EBF0

; |
; \SystemIn

MOV DWORD PTR SS:[EBP-4],4


LEA EAX,[EBP-5EC]

0041158C |.
0041158D |.
00411592 |.
fo.00407120
00411597 |.
0041159D |.
004115A0 |.
004115A6 |.
"
004115AB |.
004115B1 |.
[4528FC] = 0
004115B2 |.
004115B7 |.
004115BC |.
[4528F8] = 0
004115BD |.
004115C2 |.
nfo.00405E60
004115C7 |.
004115C8 |.
004115CD |.
004115D0 |.
004115D2 |.
fo.00405E60
004115D7 |.
004115D8 |.
004115DD |.
004115E0 |.
004115E6 |.
004115E7 |.
004115EC |.
fo.00406460
004115F1 |.
004115F7 |.
004115FD |.
00411603 |.
00411607 |.
A
00411609 |.
0041160C |.
fo.0040F5C0
00411611 |.
00411614 |.
fo.0040F7C0
00411619 |.
0041161D |.
0041161F |.
00411629 |.
0041162B |>
0041162E |.
00411630 |.
00411633 |.
00411636 |.
0041163C |>
00411642 |.
00411645 |.
0041164B |.
00411650 |.
00411652 |.

50
B9 0C294500
E8 895BFFFF

PUSH EAX
MOV ECX,OFFSET 0045290C
CALL 00407120

; /Arg1
; |
; \SystemIn

8B0D FC284500
83C1 01
890D FC284500
68 74874400

MOV ECX,DWORD PTR DS:[4528FC]


ADD ECX,1
MOV DWORD PTR DS:[4528FC],ECX
PUSH OFFSET 00448774

; ASCII ".

8B15 FC284500 MOV EDX,DWORD PTR DS:[4528FC]


52
PUSH EDX

; /Arg1 =>

68 D0914400
A1 F8284500
50

PUSH OFFSET 004491D0


MOV EAX,DWORD PTR DS:[4528F8]
PUSH EAX

; |
; |
; |/Arg1 =>

B9 08294500
E8 9948FFFF

MOV ECX,OFFSET 00452908


CALL 00405E60

; ||
; |\SystemI

50
E8 9393FFFF
83C4 08
8BC8
E8 8948FFFF

PUSH EAX
CALL 0040A960
ADD ESP,8
MOV ECX,EAX
CALL 00405E60

;
;
;
;
;

50
E8 8393FFFF
83C4 08
8D8D F8F9FFFF
51
B9 08294500
E8 6F4EFFFF

PUSH EAX
CALL 0040A960
ADD ESP,8
LEA ECX,[EBP-608]
PUSH ECX
MOV ECX,OFFSET 00452908
CALL 00406460

; /Arg1
; |
; \SystemIn

8985 9CEBFFFF
8B95 9CEBFFFF
8995 98EBFFFF
C645 FC 05
6A 0A

MOV DWORD PTR SS:[EBP-1464],EAX


MOV EDX,DWORD PTR SS:[EBP-1464]
MOV DWORD PTR SS:[EBP-1468],EDX
MOV BYTE PTR SS:[EBP-4],5
PUSH 0A

; /Arg1 = 0

8B4D 08
E8 AFDFFFFF

MOV ECX,DWORD PTR SS:[EBP+8]


CALL 0040F5C0

; |
; \SystemIn

8B4D 08
E8 A7E1FFFF

MOV ECX,DWORD PTR SS:[EBP+8]


CALL 0040F7C0

; [SystemIn

837D 08 00
75 0C
C785 0CF1FFFF
EB 11
8B45 08
8B08
8B55 08
0351 04
8995 0CF1FFFF
8B85 0CF1FFFF
8B48 10
898D 10F1FFFF
BA C0010000
F7D2
8B85 0CF1FFFF

CMP
JNE
MOV
JMP
MOV
MOV
MOV
ADD
MOV
MOV
MOV
MOV
MOV
NOT
MOV

DWORD PTR SS:[EBP+8],0


SHORT 0041162B
DWORD PTR SS:[EBP-0EF4],0
SHORT 0041163C
EAX,DWORD PTR SS:[EBP+8]
ECX,DWORD PTR DS:[EAX]
EDX,DWORD PTR SS:[EBP+8]
EDX,DWORD PTR DS:[ECX+4]
DWORD PTR SS:[EBP-0EF4],EDX
EAX,DWORD PTR SS:[EBP-0EF4]
ECX,DWORD PTR DS:[EAX+10]
DWORD PTR SS:[EBP-0EF0],ECX
EDX,1C0
EDX
EAX,DWORD PTR SS:[EBP-0EF4]

|
|
|
|
\SystemIn

00411658 |.
0041165B |.
00411660 |.
00411666 |.
0041166C |.
0041166E |.
00411674 |.
00411677 |.
00411679 |.
0041167F |.
00411680 |.
fo.0042D798
00411685 |.
00411688 |.
0041168E |.
00411692 |.
00411694 |.
0041169E |.
004116A0 |>
004116A3 |.
004116A5 |.
004116A8 |.
004116AB |.
004116B1 |>
004116B7 |.
004116BA |.
004116BB |.
004116C1 |.
004116C2 |.
004116C8 |.
004116CA |.
004116CC |.
004116CF |.
004116D5 |.
004116D6 |.
004116D9 |.
004116DA |.
004116DF |.
004116E2 |.
004116E8 |.
004116EF |.
004116F1 |.
004116FB |.
004116FD |>
00411703 |.
00411705 |.
0041170B |.
0041170E |.
00411714 |>
0041171A |.
0041171D |.
00411723 |.
00411728 |.
0041172A |.
00411730 |.
00411733 |.
00411738 |.
0041173E |.
00411744 |.
00411746 |.

2350 10
B9 40000000
81E1 C0010000
81E1 FFFF0000
0BD1
8B85 0CF1FFFF
8950 10
6A 06
8D8D F0F9FFFF
51
E8 13C10100

AND EDX,DWORD PTR DS:[EAX+10]


MOV ECX,40
AND ECX,000001C0
AND ECX,0000FFFF
OR EDX,ECX
MOV EAX,DWORD PTR SS:[EBP-0EF4]
MOV DWORD PTR DS:[EAX+10],EDX
PUSH 6
LEA ECX,[EBP-610]
PUSH ECX
CALL 0042D798

83C4 08
8985 08F1FFFF
837D 08 00
75 0C
C785 94EBFFFF
EB 11
8B55 08
8B02
8B4D 08
0348 04
898D 94EBFFFF
8B95 08F1FFFF
8B42 04
50
8B8D 94EBFFFF
51
8B95 08F1FFFF
8B02
FFD0
83C4 08
8B8D 98EBFFFF
51
8B55 08
52
E8 8197FFFF
83C4 08
8985 FCF0FFFF
83BD FCF0FFFF
75 0C
C785 00F1FFFF
EB 17
8B85 FCF0FFFF
8B08
8B95 FCF0FFFF
0351 04
8995 00F1FFFF
8B85 00F1FFFF
8B48 10
898D 04F1FFFF
BA C0010000
F7D2
8B85 00F1FFFF
2350 10
B9 80000000
81E1 C0010000
81E1 FFFF0000
0BD1
8B85 00F1FFFF

ADD ESP,8
MOV DWORD PTR SS:[EBP-0EF8],EAX
CMP DWORD PTR SS:[EBP+8],0
JNE SHORT 004116A0
MOV DWORD PTR SS:[EBP-146C],0
JMP SHORT 004116B1
MOV EDX,DWORD PTR SS:[EBP+8]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[EBP+8]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[EBP-146C],ECX
MOV EDX,DWORD PTR SS:[EBP-0EF8]
MOV EAX,DWORD PTR DS:[EDX+4]
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP-146C]
PUSH ECX
MOV EDX,DWORD PTR SS:[EBP-0EF8]
MOV EAX,DWORD PTR DS:[EDX]
CALL EAX
ADD ESP,8
MOV ECX,DWORD PTR SS:[EBP-1468]
PUSH ECX
MOV EDX,DWORD PTR SS:[EBP+8]
PUSH EDX
CALL 0040AE60
ADD ESP,8
MOV DWORD PTR SS:[EBP-0F04],EAX
CMP DWORD PTR SS:[EBP-0F04],0
JNE SHORT 004116FD
MOV DWORD PTR SS:[EBP-0F00],0
JMP SHORT 00411714
MOV EAX,DWORD PTR SS:[EBP-0F04]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[EBP-0F04]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[EBP-0F00],EDX
MOV EAX,DWORD PTR SS:[EBP-0F00]
MOV ECX,DWORD PTR DS:[EAX+10]
MOV DWORD PTR SS:[EBP-0EFC],ECX
MOV EDX,1C0
NOT EDX
MOV EAX,DWORD PTR SS:[EBP-0F00]
AND EDX,DWORD PTR DS:[EAX+10]
MOV ECX,80
AND ECX,000001C0
AND ECX,0000FFFF
OR EDX,ECX
MOV EAX,DWORD PTR SS:[EBP-0F00]

;
;
;
;

/Arg2 = 6
|
|Arg1
\SystemIn

0041174C |.
0041174F |.
3
00411751 |.
00411757 |.
00411758 |.
fo.0042D798
0041175D |.
00411760 |.
00411766 |.
0041176D |.
0041176F |.
00411779 |.
0041177B |>
00411781 |.
00411783 |.
00411789 |.
0041178C |.
00411792 |>
00411798 |.
0041179B |.
0041179C |.
004117A2 |.
004117A3 |.
004117A9 |.
004117AB |.
004117AD |.
004117B0 |.
004117B5 |.
004117BB |.
004117BC |.
004117C1 |.
004117C4 |.
004117C8 |.
004117CA |.
004117CC |.
004117D2 |.
fo.0040FB60
004117D7 |.
004117DE |.
004117E0 |.
004117E2 |.
004117E8 |.
fo.0040FB60
004117ED |.
004117F4 |.
004117F7 |.
004117F9 |.
00411800 |.
00411805 |.
00411807 |.
ersonal"
00411811 |.
00411813 |>
rofessional"
0041181D |>
00411823 |.
00411829 |.
0041182B |>
00411832 |.

8950 10
6A 23

MOV DWORD PTR DS:[EAX+10],EDX


PUSH 23

; /Arg2 = 2

8D8D 30FAFFFF LEA ECX,[EBP-5D0]


51
PUSH ECX
E8 3BC00100 CALL 0042D798

; |
; |Arg1
; \SystemIn

83C4 08
8985 F8F0FFFF
83BD FCF0FFFF
75 0C
C785 90EBFFFF
EB 17
8B95 FCF0FFFF
8B02
8B8D FCF0FFFF
0348 04
898D 90EBFFFF
8B95 F8F0FFFF
8B42 04
50
8B8D 90EBFFFF
51
8B95 F8F0FFFF
8B02
FFD0
83C4 08
68 80874400
8B8D FCF0FFFF
51
E8 9F91FFFF
83C4 08
C645 FC 04
6A 00
6A 01
8D8D F8F9FFFF
E8 89E3FFFF

ADD ESP,8
MOV DWORD PTR SS:[EBP-0F08],EAX
CMP DWORD PTR SS:[EBP-0F04],0
JNE SHORT 0041177B
MOV DWORD PTR SS:[EBP-1470],0
JMP SHORT 00411792
MOV EDX,DWORD PTR SS:[EBP-0F04]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[EBP-0F04]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[EBP-1470],ECX
MOV EDX,DWORD PTR SS:[EBP-0F08]
MOV EAX,DWORD PTR DS:[EDX+4]
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP-1470]
PUSH ECX
MOV EDX,DWORD PTR SS:[EBP-0F08]
MOV EAX,DWORD PTR DS:[EDX]
CALL EAX
ADD ESP,8
PUSH OFFSET 00448780
MOV ECX,DWORD PTR SS:[EBP-0F04]
PUSH ECX
CALL 0040A960
ADD ESP,8
MOV BYTE PTR SS:[EBP-4],4
PUSH 0
PUSH 1
LEA ECX,[EBP-608]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

C745 FC FFFFF
6A 00
6A 01
8D8D 14FAFFFF
E8 73E3FFFF

MOV DWORD PTR SS:[EBP-4],-1


PUSH 0
PUSH 1
LEA ECX,[EBP-5EC]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

0FB615 2A1245
83FA 01
75 32
0FB705 281245
25 00020000
74 0C
C785 8CEBFFFF

MOVZX EDX,BYTE PTR DS:[45122A]


CMP EDX,1
JNE SHORT 0041182B
MOVZX EAX,WORD PTR DS:[451228]
AND EAX,00000200
JE SHORT 00411813
MOV DWORD PTR SS:[EBP-1474],OFFSET 00449 ; ASCII " P

EB 0A
JMP SHORT 0041181D
C785 8CEBFFFF MOV DWORD PTR SS:[EBP-1474],OFFSET 00449 ; ASCII " P
8B8D 8CEBFFFF
898D 88EBFFFF
EB 52
0FB615 2A1245
83FA 02

MOV ECX,DWORD PTR SS:[EBP-1474]


MOV DWORD PTR SS:[EBP-1478],ECX
JMP SHORT 0041187D
MOVZX EDX,BYTE PTR DS:[45122A]
CMP EDX,2

00411835 |. 75 0C
00411837 |. C785 84EBFFFF
omain Controller"
00411841 |. EB 2E
00411843 |> 0FB605 2A1245
0041184A |. 83F8 03
0041184D |. 75 0C
0041184F |. C785 80EBFFFF
erver"
00411859 |. EB 0A
0041185B |> C785 80EBFFFF
nknown product type"
00411865 |> 8B8D 80EBFFFF
0041186B |. 898D 84EBFFFF
00411871 |> 8B95 84EBFFFF
00411877 |. 8995 88EBFFFF
0041187D |> 0FB705 281245
00411884 |. 83E0 10
00411887 |. 74 0C
00411889 |. C785 7CEBFFFF
erminal Services"
00411893 |. EB 0A
00411895 |> C785 7CEBFFFF
0041189F |> 0FB70D 281245
004118A6 |. 83E1 20
004118A9 |. 74 0C
004118AB |. C785 78EBFFFF
mall Business Restricted"
004118B5 |. EB 0A
004118B7 |> C785 78EBFFFF
004118C1 |> 0FB715 281245
004118C8 |. 83E2 01
004118CB |. 74 0C
004118CD |. C785 74EBFFFF
mall Business"
004118D7 |. EB 0A
004118D9 |> C785 74EBFFFF
004118E3 |> 0FB705 281245
004118EA |. 83E0 02
004118ED |. 74 0C
004118EF |. C785 70EBFFFF
dvanced"
004118F9 |. EB 0A
004118FB |> C785 70EBFFFF
00411905 |> 0FB70D 281245
0041190C |. 81E1 80000000
00411912 |. 74 0C
00411914 |. C785 6CEBFFFF
ataCenter"
0041191E |. EB 0A
00411920 |> C785 6CEBFFFF
0041192A |> 0FB715 281245
00411931 |. 83E2 04
00411934 |. 74 0C
00411936 |. C785 68EBFFFF
ackOffice"
00411940 |. EB 0A
00411942 |> C785 68EBFFFF
0041194C |> 8B85 88EBFFFF
00411952 |. 50

JNE SHORT 00411843


MOV DWORD PTR SS:[EBP-147C],OFFSET 00449 ; ASCII " D
JMP SHORT 00411871
MOVZX EAX,BYTE PTR DS:[45122A]
CMP EAX,3
JNE SHORT 0041185B
MOV DWORD PTR SS:[EBP-1480],OFFSET 00449 ; ASCII " S
JMP SHORT 00411865
MOV DWORD PTR SS:[EBP-1480],OFFSET 00449 ; ASCII " U
MOV ECX,DWORD PTR SS:[EBP-1480]
MOV DWORD PTR SS:[EBP-147C],ECX
MOV EDX,DWORD PTR SS:[EBP-147C]
MOV DWORD PTR SS:[EBP-1478],EDX
MOVZX EAX,WORD PTR DS:[451228]
AND EAX,00000010
JE SHORT 00411895
MOV DWORD PTR SS:[EBP-1484],OFFSET 00449 ; ASCII " T
JMP SHORT 0041189F
MOV DWORD PTR SS:[EBP-1484],OFFSET 00448
MOVZX ECX,WORD PTR DS:[451228]
AND ECX,00000020
JE SHORT 004118B7
MOV DWORD PTR SS:[EBP-1488],OFFSET 00449 ; ASCII " S
JMP SHORT 004118C1
MOV DWORD PTR SS:[EBP-1488],OFFSET 00448
MOVZX EDX,WORD PTR DS:[451228]
AND EDX,00000001
JE SHORT 004118D9
MOV DWORD PTR SS:[EBP-148C],OFFSET 00449 ; ASCII " S
JMP SHORT 004118E3
MOV DWORD PTR SS:[EBP-148C],OFFSET 00448
MOVZX EAX,WORD PTR DS:[451228]
AND EAX,00000002
JE SHORT 004118FB
MOV DWORD PTR SS:[EBP-1490],OFFSET 00449 ; ASCII " A
JMP SHORT 00411905
MOV DWORD PTR SS:[EBP-1490],OFFSET 00448
MOVZX ECX,WORD PTR DS:[451228]
AND ECX,00000080
JE SHORT 00411920
MOV DWORD PTR SS:[EBP-1494],OFFSET 00449 ; ASCII " D
JMP SHORT 0041192A
MOV DWORD PTR SS:[EBP-1494],OFFSET 00448
MOVZX EDX,WORD PTR DS:[451228]
AND EDX,00000004
JE SHORT 00411942
MOV DWORD PTR SS:[EBP-1498],OFFSET 00449 ; ASCII " B
JMP SHORT 0041194C
MOV DWORD PTR SS:[EBP-1498],OFFSET 00448
MOV EAX,DWORD PTR SS:[EBP-1478]
PUSH EAX

00411953 |.
00411959 |.
0041195A |.
00411960 |.
00411961 |.
00411967 |.
00411968 |.
0041196E |.
0041196F |.
00411975 |.
00411976 |.
0041197C |.
0041197D |.
00411980 |.
00411981 |.
00411986 |.
00411989 |.
0041198A |.
0041198F |.
00411992 |.
00411993 |.
00411998 |.
0041199B |.
0041199C |.
004119A1 |.
004119A4 |.
004119A5 |.
004119AA |.
004119AD |.
004119AE |.
004119B3 |.
004119B6 |.
004119B7 |.
004119BC |.
004119BF |.
004119C6 |.
004119C8 |.
004119CA |.
004119D1 |.
004119D2 |.
004119D7 |.
004119DE |.
004119DF |.
SP "
004119E4 |.
004119E7 |.
004119E8 |.
004119ED |.
004119F0 |.
004119F2 |.
nfo.00405B90
004119F7 |.
004119F8 |.
004119FD |.
00411A00 |.
00411A02 |.
fo.00405B90
00411A07 |>
00411A0C |>
00411A11 |.

8B8D 7CEBFFFF
51
8B95 78EBFFFF
52
8B85 74EBFFFF
50
8B8D 70EBFFFF
51
8B95 6CEBFFFF
52
8B85 68EBFFFF
50
8B4D 08
51
E8 DA8FFFFF
83C4 08
50
E8 D18FFFFF
83C4 08
50
E8 C88FFFFF
83C4 08
50
E8 BF8FFFFF
83C4 08
50
E8 B68FFFFF
83C4 08
50
E8 AD8FFFFF
83C4 08
50
E8 A48FFFFF
83C4 08
0FB715 241245
85D2
7E 3D
0FB705 261245
50
68 D0914400
0FB70D 241245
51
68 B8904400

MOV ECX,DWORD PTR SS:[EBP-1484]


PUSH ECX
MOV EDX,DWORD PTR SS:[EBP-1488]
PUSH EDX
MOV EAX,DWORD PTR SS:[EBP-148C]
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP-1490]
PUSH ECX
MOV EDX,DWORD PTR SS:[EBP-1494]
PUSH EDX
MOV EAX,DWORD PTR SS:[EBP-1498]
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP+8]
PUSH ECX
CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
MOVZX EDX,WORD PTR DS:[451224]
TEST EDX,EDX
JLE SHORT 00411A07
MOVZX EAX,WORD PTR DS:[451226]
PUSH EAX
PUSH OFFSET 004491D0
MOVZX ECX,WORD PTR DS:[451224]
PUSH ECX
PUSH OFFSET 004490B8

;
;
;
;
;

/Arg1
|
|
|/Arg1
||ASCII "

8B55 08
52
E8 738FFFFF
83C4 08
8BC8
E8 9941FFFF

MOV EDX,DWORD PTR SS:[EBP+8]


PUSH EDX
CALL 0040A960
ADD ESP,8
MOV ECX,EAX
CALL 00405B90

;
;
;
;
;
;

||
||
||
||
||
|\SystemI

50
E8 638FFFFF
83C4 08
8BC8
E8 8941FFFF

PUSH EAX
CALL 0040A960
ADD ESP,8
MOV ECX,EAX
CALL 00405B90

;
;
;
;
;

|
|
|
|
\SystemIn

E9 5C140000 JMP 00412E68


A1 A0114500 MOV EAX,DWORD PTR DS:[4511A0]
8985 64EBFFFF MOV DWORD PTR SS:[EBP-149C],EAX

00411A17 |. 83BD 64EBFFFF CMP DWORD PTR SS:[EBP-149C],1


00411A1E |. 0F84 75070000 JE 00412199
00411A24 |. 83BD 64EBFFFF CMP DWORD PTR SS:[EBP-149C],2
00411A2B |. 74 05
JE SHORT 00411A32
00411A2D |. E9 DD0E0000 JMP 0041290F
00411A32 |> C785 18FFFFFF MOV DWORD PTR SS:[EBP-0E8],100
00411A3C |. 8D8D 1CFFFFFF LEA ECX,[EBP-0E4]
00411A42 |. 51
PUSH ECX
00411A43 |. 6A 01
PUSH 1
ccess = KEY_QUERY_VALUE
00411A45 |. 6A 00
PUSH 0
= 0
00411A47 |. 68 88904400 PUSH OFFSET 00449088
"SYSTEM\CurrentControlSet\Control\ProductOptions"
00411A4C |. 68 02000080 PUSH 80000002
KEY_LOCAL_MACHINE
00411A51 |. FF15 08804400 CALL DWORD PTR DS:[<&ADVAPI32.RegOpenKey
.RegOpenKeyExA
00411A57 |. 85C0
TEST EAX,EAX
00411A59 |. 0F85 0D020000 JNE 00411C6C
00411A5F |. 8D95 18FFFFFF LEA EDX,[EBP-0E8]
00411A65 |. 52
PUSH EDX
00411A66 |. 8D85 0CFEFFFF LEA EAX,[EBP-1F4]
00411A6C |. 50
PUSH EAX
00411A6D |. 6A 00
PUSH 0
NULL
00411A6F |. 6A 00
PUSH 0
= 0
00411A71 |. 68 7C904400 PUSH OFFSET 0044907C
ProductType"
00411A76 |. 8B8D 1CFFFFFF MOV ECX,DWORD PTR SS:[EBP-0E4]
00411A7C |. 51
PUSH ECX
00411A7D |. FF15 04804400 CALL DWORD PTR DS:[<&ADVAPI32.RegQueryVa
.RegQueryValueExA
00411A83 |. 68 70904400 PUSH OFFSET 00449070
SCII "LANMANNT"
00411A88 |. 8D95 0CFEFFFF LEA EDX,[EBP-1F4]
00411A8E |. 52
PUSH EDX
00411A8F |. E8 2C080100 CALL 004222C0
fo.004222C0
00411A94 |. 83C4 08
ADD ESP,8
00411A97 |. 85C0
TEST EAX,EAX
00411A99 |. 75 0C
JNE SHORT 00411AA7
00411A9B |. C785 60EBFFFF MOV DWORD PTR SS:[EBP-14A0],OFFSET 00449
erver"
00411AA5 |. EB 3A
JMP SHORT 00411AE1
00411AA7 |> 68 64904400 PUSH OFFSET 00449064
SCII "SERVERNT"
00411AAC |. 8D85 0CFEFFFF LEA EAX,[EBP-1F4]
00411AB2 |. 50
PUSH EAX
00411AB3 |. E8 08080100 CALL 004222C0
fo.004222C0
00411AB8 |. 83C4 08
ADD ESP,8
00411ABB |. 85C0
TEST EAX,EAX
00411ABD |. 75 0C
JNE SHORT 00411ACB
00411ABF |. C785 5CEBFFFF MOV DWORD PTR SS:[EBP-14A4],OFFSET 00449
dvanced Server"
00411AC9 |. EB 0A
JMP SHORT 00411AD5
00411ACB |> C785 5CEBFFFF MOV DWORD PTR SS:[EBP-14A4],OFFSET 00448
00411AD5 |> 8B8D 5CEBFFFF MOV ECX,DWORD PTR SS:[EBP-14A4]

; /pResult
; |DesiredA
; |Reserved
; |SubKey =
; |hKey = H
; \ADVAPI32

;
;
;
;

/pDataLen
|
|pData
|pType =

; |Reserved
; |Name = "
; |
; |hKey
; \ADVAPI32
; /Arg2 = A
; |
; |Arg1
; \SystemIn

; ASCII " S
; /Arg2 = A
; |
; |Arg1
; \SystemIn

; ASCII " A

00411ADB |. 898D 60EBFFFF


00411AE1 |> 833D 94114500
00411AE8 |. 73 0C
00411AEA |. C785 58EBFFFF
"
00411AF4 |. EB 2B
00411AF6 |> 833D 98114500
00411AFD |. 73 0C
00411AFF |. C785 54EBFFFF
00"
00411B09 |. EB 0A
00411B0B |> C785 54EBFFFF
"
00411B15 |> 8B95 54EBFFFF
00411B1B |. 8995 58EBFFFF
00411B21 |> 8B85 60EBFFFF
00411B27 |. 50
00411B28 |. 8B8D 58EBFFFF
00411B2E |. 51
00411B2F |. 68 8C914400
ndows "
00411B34 |. 8B55 08
00411B37 |. 52
00411B38 |. E8 238EFFFF
00411B3D |. 83C4 08
00411B40 |. 50
00411B41 |. E8 1A8EFFFF
00411B46 |. 83C4 08
00411B49 |. 50
00411B4A |. E8 118EFFFF
00411B4F |. 83C4 08
00411B52 |. C785 20FFFFFF
00411B5C |. 8D85 20FFFFFF
00411B62 |. 50
00411B63 |. 8D8D 0CFDFFFF
00411B69 |. 51
00411B6A |. 8D95 14FFFFFF
00411B70 |. 52
00411B71 |. 6A 00
= 0
00411B73 |. 68 40904400
ProductSuite"
00411B78 |. 8B85 1CFFFFFF
00411B7E |. 50
00411B7F |. FF15 04804400
.RegQueryValueExA
00411B85 |. 85C0
00411B87 |. 75 14
00411B89 |. 83BD 14FFFFFF
00411B90 |. 75 0B
00411B92 |. 0FBE8D 0CFDFF
00411B99 |. 85C9
00411B9B |. 75 2C
00411B9D |> 68 38904400
= "WINNT"
00411BA2 |. 8D95 0CFEFFFF
00411BA8 |. 52
00411BA9 |. FF15 6C804400
.lstrcmpi
00411BAF |. 85C0

MOV
CMP
JNB
MOV

DWORD
DWORD
SHORT
DWORD

PTR SS:[EBP-14A0],ECX
PTR DS:[451194],5
00411AF6
PTR SS:[EBP-14A8],OFFSET 00449 ; ASCII "NT

JMP
CMP
JNB
MOV

SHORT
DWORD
SHORT
DWORD

00411B21
PTR DS:[451198],1
00411B0B
PTR SS:[EBP-14AC],OFFSET 00449 ; ASCII "20

JMP SHORT 00411B15


MOV DWORD PTR SS:[EBP-14AC],OFFSET 00449 ; ASCII "XP
MOV EDX,DWORD PTR SS:[EBP-14AC]
MOV DWORD PTR SS:[EBP-14A8],EDX
MOV EAX,DWORD PTR SS:[EBP-14A0]
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP-14A8]
PUSH ECX
PUSH OFFSET 0044918C

; ASCII "Wi

MOV EDX,DWORD PTR SS:[EBP+8]


PUSH EDX
CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[EBP-0E0],100
LEA EAX,[EBP-0E0]
PUSH EAX
LEA ECX,[EBP-2F4]
PUSH ECX
LEA EDX,[EBP-0EC]
PUSH EDX
PUSH 0

;
;
;
;
;
;

PUSH OFFSET 00449040

; |Name = "

/pDataLen
|
|pData
|
|pType
|Reserved

MOV EAX,DWORD PTR SS:[EBP-0E4]


; |
PUSH EAX
; |hKey
CALL DWORD PTR DS:[<&ADVAPI32.RegQueryVa ; \ADVAPI32
TEST EAX,EAX
JNE SHORT 00411B9D
CMP DWORD PTR SS:[EBP-0EC],7
JNE SHORT 00411B9D
MOVSX ECX,BYTE PTR SS:[EBP-2F4]
TEST ECX,ECX
JNE SHORT 00411BC9
PUSH OFFSET 00449038

; /String2

LEA EDX,[EBP-1F4]
; |
PUSH EDX
; |String1
CALL DWORD PTR DS:[<&KERNEL32.lstrcmpiA> ; \KERNEL32
TEST EAX,EAX

00411BB1 |. 75 11
00411BB3 |. 68 58914400
rofessional"
00411BB8 |. 8B45 08
00411BBB |. 50
00411BBC |. E8 9F8DFFFF
00411BC1 |. 83C4 08
00411BC4 |> E9 96000000
00411BC9 |> 68 2C904400
= "Personal"
00411BCE |. 8D8D 0CFDFFFF
00411BD4 |. 51
00411BD5 |. FF15 6C804400
.lstrcmpi
00411BDB |. 85C0
00411BDD |. 75 25
00411BDF |. 833D 94114500
00411BE6 |. 72 1C
00411BE8 |. 833D 98114500
00411BEF |. 76 13
00411BF1 |. 68 24904400
ome"
00411BF6 |. 8B55 08
00411BF9 |. 52
00411BFA |. E8 618DFFFF
00411BFF |. 83C4 08
00411C02 |. EB 5B
00411C04 |> 8D85 0CFDFFFF
00411C0A |. 8985 08FDFFFF
00411C10 |> 8B8D 08FDFFFF
00411C16 |. 0FBE11
00411C19 |. 85D2
00411C1B |. 74 42
00411C1D |. 8B85 08FDFFFF
00411C23 |. 50
00411C24 |. 68 80874400
00411C29 |. 8B4D 08
00411C2C |. 51
00411C2D |. E8 2E8DFFFF
00411C32 |. 83C4 08
00411C35 |. 50
00411C36 |. E8 258DFFFF
00411C3B |. 83C4 08
00411C3E |. 8B95 08FDFFFF
00411C44 |. 52
00411C45 |. E8 868CFFFF
fo.0040A8D0
00411C4A |. 83C4 04
00411C4D |. 8B8D 08FDFFFF
00411C53 |. 8D5401 01
00411C57 |. 8995 08FDFFFF
00411C5D |.^ EB B1
00411C5F |> 8B85 1CFFFFFF
00411C65 |. 50
00411C66 |. FF15 14804400
.RegCloseKey
00411C6C |> 68 77874400
ystemInfo.448777
00411C71 |. 8D8D BCF9FFFF
00411C77 |. E8 74CFFFFF

JNE SHORT 00411BC4


PUSH OFFSET 00449158

; ASCII " P

MOV EAX,DWORD PTR SS:[EBP+8]


PUSH EAX
CALL 0040A960
ADD ESP,8
JMP 00411C5F
PUSH OFFSET 0044902C

; /String2

LEA ECX,[EBP-2F4]
; |
PUSH ECX
; |String1
CALL DWORD PTR DS:[<&KERNEL32.lstrcmpiA> ; \KERNEL32
TEST EAX,EAX
JNE SHORT 00411C04
CMP DWORD PTR DS:[451194],5
JB SHORT 00411C04
CMP DWORD PTR DS:[451198],0
JBE SHORT 00411C04
PUSH OFFSET 00449024

; ASCII " H

MOV EDX,DWORD PTR SS:[EBP+8]


PUSH EDX
CALL 0040A960
ADD ESP,8
JMP SHORT 00411C5F
LEA EAX,[EBP-2F4]
MOV DWORD PTR SS:[EBP-2F8],EAX
/MOV ECX,DWORD PTR SS:[EBP-2F8]
|MOVSX EDX,BYTE PTR DS:[ECX]
|TEST EDX,EDX
|JE SHORT 00411C5F
|MOV EAX,DWORD PTR SS:[EBP-2F8]
|PUSH EAX
|PUSH OFFSET 00448780
|MOV ECX,DWORD PTR SS:[EBP+8]
|PUSH ECX
|CALL 0040A960
|ADD ESP,8
|PUSH EAX
|CALL 0040A960
|ADD ESP,8
|MOV EDX,DWORD PTR SS:[EBP-2F8]
|PUSH EDX
|CALL 0040A8D0

; /Arg1
; \SystemIn

|ADD ESP,4
|MOV ECX,DWORD PTR SS:[EBP-2F8]
|LEA EDX,[EAX+ECX+1]
|MOV DWORD PTR SS:[EBP-2F8],EDX
\JMP SHORT 00411C10
MOV EAX,DWORD PTR SS:[EBP-0E4]
PUSH EAX
; /hKey
CALL DWORD PTR DS:[<&ADVAPI32.RegCloseKe ; \ADVAPI32
PUSH OFFSET 00448777

; /Arg1 = S

LEA ECX,[EBP-644]
CALL 0040EBF0

; |
; \SystemIn

fo.0040EBF0
00411C7C |.
00411C83 |.
00411C89 |.
00411C8A |.
00411C8F |.
fo.00407120
00411C94 |.
00411C9A |.
00411C9D |.
00411CA3 |.
"
00411CA8 |.
00411CAD |.
[4528FC] = 0
00411CAE |.
00411CB3 |.
00411CB9 |.
[4528F8] = 0
00411CBA |.
00411CBF |.
nfo.00405E60
00411CC4 |.
00411CC5 |.
00411CCA |.
00411CCD |.
00411CCF |.
fo.00405E60
00411CD4 |.
00411CD5 |.
00411CDA |.
00411CDD |.
00411CE3 |.
00411CE4 |.
00411CE9 |.
fo.00406460
00411CEE |.
00411CF4 |.
00411CFA |.
00411D00 |.
00411D04 |.
00411D0B |.
00411D12 |.
00411D19 |.
00411D20 |.
A
00411D22 |.
00411D25 |.
fo.0040F5C0
00411D2A |.
00411D2D |.
fo.0040F7C0
00411D32 |.
00411D36 |.
00411D38 |.
00411D42 |.
00411D44 |>
00411D47 |.
00411D49 |.
00411D4C |.

C745 FC 06000
8D8D BCF9FFFF
51
B9 0C294500
E8 8C54FFFF

MOV DWORD PTR SS:[EBP-4],6


LEA ECX,[EBP-644]
PUSH ECX
MOV ECX,OFFSET 0045290C
CALL 00407120

; /Arg1
; |
; \SystemIn

8B15 FC284500
83C2 01
8915 FC284500
68 74874400

MOV EDX,DWORD PTR DS:[4528FC]


ADD EDX,1
MOV DWORD PTR DS:[4528FC],EDX
PUSH OFFSET 00448774

; ASCII ".

A1 FC284500
50

MOV EAX,DWORD PTR DS:[4528FC]


PUSH EAX

; /Arg1 =>

68 D0914400 PUSH OFFSET 004491D0


8B0D F8284500 MOV ECX,DWORD PTR DS:[4528F8]
51
PUSH ECX

; |
; |
; |/Arg1 =>

B9 08294500
E8 9C41FFFF

MOV ECX,OFFSET 00452908


CALL 00405E60

; ||
; |\SystemI

50
E8 968CFFFF
83C4 08
8BC8
E8 8C41FFFF

PUSH EAX
CALL 0040A960
ADD ESP,8
MOV ECX,EAX
CALL 00405E60

;
;
;
;
;

50
E8 868CFFFF
83C4 08
8D95 A0F9FFFF
52
B9 08294500
E8 7247FFFF

PUSH EAX
CALL 0040A960
ADD ESP,8
LEA EDX,[EBP-660]
PUSH EDX
MOV ECX,OFFSET 00452908
CALL 00406460

; /Arg1
; |
; \SystemIn

8985 50EBFFFF
8B85 50EBFFFF
8985 4CEBFFFF
C645 FC 07
C685 EFF9FFFF
C685 EEF9FFFF
C685 E3F9FFFF
C685 E2F9FFFF
6A 0A

MOV DWORD PTR SS:[EBP-14B0],EAX


MOV EAX,DWORD PTR SS:[EBP-14B0]
MOV DWORD PTR SS:[EBP-14B4],EAX
MOV BYTE PTR SS:[EBP-4],7
MOV BYTE PTR SS:[EBP-611],20
MOV BYTE PTR SS:[EBP-612],30
MOV BYTE PTR SS:[EBP-61D],20
MOV BYTE PTR SS:[EBP-61E],2E
PUSH 0A

; /Arg1 = 0

8B4D 08
E8 96D8FFFF

MOV ECX,DWORD PTR SS:[EBP+8]


CALL 0040F5C0

; |
; \SystemIn

8B4D 08
E8 8EDAFFFF

MOV ECX,DWORD PTR SS:[EBP+8]


CALL 0040F7C0

; [SystemIn

837D 08 00
75 0C
C785 B4F0FFFF
EB 11
8B4D 08
8B11
8B45 08
0342 04

CMP
JNE
MOV
JMP
MOV
MOV
MOV
ADD

DWORD PTR SS:[EBP+8],0


SHORT 00411D44
DWORD PTR SS:[EBP-0F4C],0
SHORT 00411D55
ECX,DWORD PTR SS:[EBP+8]
EDX,DWORD PTR DS:[ECX]
EAX,DWORD PTR SS:[EBP+8]
EAX,DWORD PTR DS:[EDX+4]

|
|
|
|
\SystemIn

00411D4F |.
00411D55 |>
00411D5B |.
00411D5E |.
00411D64 |.
00411D69 |.
00411D6B |.
00411D71 |.
00411D74 |.
00411D79 |.
00411D7F |.
00411D85 |.
00411D87 |.
00411D8D |.
00411D90 |.
00411D92 |.
00411D98 |.
00411D99 |.
fo.0042D798
00411D9E |.
00411DA1 |.
00411DA7 |.
00411DAB |.
00411DAD |.
00411DB7 |.
00411DB9 |>
00411DBC |.
00411DBE |.
00411DC1 |.
00411DC4 |.
00411DCA |>
00411DD0 |.
00411DD3 |.
00411DD4 |.
00411DDA |.
00411DDB |.
00411DE1 |.
00411DE3 |.
00411DE5 |.
00411DE8 |.
00411DEE |.
00411DEF |.
00411DF2 |.
00411DF3 |.
00411DF8 |.
00411DFB |.
00411E01 |.
00411E08 |.
00411E0A |.
00411E14 |.
00411E16 |>
00411E1C |.
00411E1E |.
00411E24 |.
00411E27 |.
00411E2D |>
00411E33 |.
00411E36 |.
00411E3C |.
00411E41 |.

8985 B4F0FFFF
8B8D B4F0FFFF
8B51 10
8995 B8F0FFFF
B8 C0010000
F7D0
8B8D B4F0FFFF
2341 10
BA 40000000
81E2 C0010000
81E2 FFFF0000
0BC2
8B8D B4F0FFFF
8941 10
6A 06
8D95 98F9FFFF
52
E8 FAB90100

MOV DWORD PTR SS:[EBP-0F4C],EAX


MOV ECX,DWORD PTR SS:[EBP-0F4C]
MOV EDX,DWORD PTR DS:[ECX+10]
MOV DWORD PTR SS:[EBP-0F48],EDX
MOV EAX,1C0
NOT EAX
MOV ECX,DWORD PTR SS:[EBP-0F4C]
AND EAX,DWORD PTR DS:[ECX+10]
MOV EDX,40
AND EDX,000001C0
AND EDX,0000FFFF
OR EAX,EDX
MOV ECX,DWORD PTR SS:[EBP-0F4C]
MOV DWORD PTR DS:[ECX+10],EAX
PUSH 6
LEA EDX,[EBP-668]
PUSH EDX
CALL 0042D798

83C4 08
8985 B0F0FFFF
837D 08 00
75 0C
C785 48EBFFFF
EB 11
8B45 08
8B08
8B55 08
0351 04
8995 48EBFFFF
8B85 B0F0FFFF
8B48 04
51
8B95 48EBFFFF
52
8B85 B0F0FFFF
8B08
FFD1
83C4 08
8B95 4CEBFFFF
52
8B45 08
50
E8 6890FFFF
83C4 08
8985 A4F0FFFF
83BD A4F0FFFF
75 0C
C785 A8F0FFFF
EB 17
8B8D A4F0FFFF
8B11
8B85 A4F0FFFF
0342 04
8985 A8F0FFFF
8B8D A8F0FFFF
8B51 10
8995 ACF0FFFF
B8 C0010000
F7D0

ADD ESP,8
MOV DWORD PTR SS:[EBP-0F50],EAX
CMP DWORD PTR SS:[EBP+8],0
JNE SHORT 00411DB9
MOV DWORD PTR SS:[EBP-14B8],0
JMP SHORT 00411DCA
MOV EAX,DWORD PTR SS:[EBP+8]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[EBP+8]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[EBP-14B8],EDX
MOV EAX,DWORD PTR SS:[EBP-0F50]
MOV ECX,DWORD PTR DS:[EAX+4]
PUSH ECX
MOV EDX,DWORD PTR SS:[EBP-14B8]
PUSH EDX
MOV EAX,DWORD PTR SS:[EBP-0F50]
MOV ECX,DWORD PTR DS:[EAX]
CALL ECX
ADD ESP,8
MOV EDX,DWORD PTR SS:[EBP-14B4]
PUSH EDX
MOV EAX,DWORD PTR SS:[EBP+8]
PUSH EAX
CALL 0040AE60
ADD ESP,8
MOV DWORD PTR SS:[EBP-0F5C],EAX
CMP DWORD PTR SS:[EBP-0F5C],0
JNE SHORT 00411E16
MOV DWORD PTR SS:[EBP-0F58],0
JMP SHORT 00411E2D
MOV ECX,DWORD PTR SS:[EBP-0F5C]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[EBP-0F5C]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[EBP-0F58],EAX
MOV ECX,DWORD PTR SS:[EBP-0F58]
MOV EDX,DWORD PTR DS:[ECX+10]
MOV DWORD PTR SS:[EBP-0F54],EDX
MOV EAX,1C0
NOT EAX

;
;
;
;

/Arg2 = 6
|
|Arg1
\SystemIn

00411E43 |.
00411E49 |.
00411E4C |.
00411E51 |.
00411E57 |.
00411E5D |.
00411E5F |.
00411E65 |.
00411E68 |.
3
00411E6A |.
00411E70 |.
00411E71 |.
fo.0042D798
00411E76 |.
00411E79 |.
00411E7F |.
00411E86 |.
00411E88 |.
00411E92 |.
00411E94 |>
00411E9A |.
00411E9C |.
00411EA2 |.
00411EA5 |.
00411EAB |>
00411EB1 |.
00411EB4 |.
00411EB5 |.
00411EBB |.
00411EBC |.
00411EC2 |.
00411EC4 |.
00411EC6 |.
00411EC9 |.
00411ECF |.
00411ED5 |.
00411EDB |.
00411EDD |.
00411EE3 |.
00411EE6 |.
00411EEC |.
00411EF2 |.
00411EF5 |.
00411EFB |.
00411F01 |.
00411F07 |.
00411F0A |.
00411F11 |.
00411F13 |.
00411F1D |.
00411F1F |>
00411F25 |.
00411F27 |.
00411F2D |.
00411F30 |.
00411F36 |>
00411F3C |.
00411F3F |.
00411F45 |.

8B8D A8F0FFFF
2341 10
BA 80000000
81E2 C0010000
81E2 FFFF0000
0BC2
8B8D A8F0FFFF
8941 10
6A 23

MOV ECX,DWORD PTR SS:[EBP-0F58]


AND EAX,DWORD PTR DS:[ECX+10]
MOV EDX,80
AND EDX,000001C0
AND EDX,0000FFFF
OR EAX,EDX
MOV ECX,DWORD PTR SS:[EBP-0F58]
MOV DWORD PTR DS:[ECX+10],EAX
PUSH 23

8D95 D8F9FFFF LEA EDX,[EBP-628]


52
PUSH EDX
E8 22B90100 CALL 0042D798
83C4 08
8985 A0F0FFFF
83BD A4F0FFFF
75 0C
C785 44EBFFFF
EB 17
8B85 A4F0FFFF
8B08
8B95 A4F0FFFF
0351 04
8995 44EBFFFF
8B85 A0F0FFFF
8B48 04
51
8B95 44EBFFFF
52
8B85 A0F0FFFF
8B08
FFD1
83C4 08
8A95 E2F9FFFF
8895 97F0FFFF
8B85 A4F0FFFF
8B08
8B95 A4F0FFFF
0351 04
8995 98F0FFFF
8B85 98F0FFFF
8A48 30
888D 9FF0FFFF
8B95 98F0FFFF
8A85 97F0FFFF
8842 30
83BD A4F0FFFF
75 0C
C785 8CF0FFFF
EB 17
8B8D A4F0FFFF
8B11
8B85 A4F0FFFF
0342 04
8985 8CF0FFFF
8B8D 8CF0FFFF
8B51 10
8995 90F0FFFF
B8 C0010000

ADD ESP,8
MOV DWORD PTR SS:[EBP-0F60],EAX
CMP DWORD PTR SS:[EBP-0F5C],0
JNE SHORT 00411E94
MOV DWORD PTR SS:[EBP-14BC],0
JMP SHORT 00411EAB
MOV EAX,DWORD PTR SS:[EBP-0F5C]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[EBP-0F5C]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[EBP-14BC],EDX
MOV EAX,DWORD PTR SS:[EBP-0F60]
MOV ECX,DWORD PTR DS:[EAX+4]
PUSH ECX
MOV EDX,DWORD PTR SS:[EBP-14BC]
PUSH EDX
MOV EAX,DWORD PTR SS:[EBP-0F60]
MOV ECX,DWORD PTR DS:[EAX]
CALL ECX
ADD ESP,8
MOV DL,BYTE PTR SS:[EBP-61E]
MOV BYTE PTR SS:[EBP-0F69],DL
MOV EAX,DWORD PTR SS:[EBP-0F5C]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[EBP-0F5C]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[EBP-0F68],EDX
MOV EAX,DWORD PTR SS:[EBP-0F68]
MOV CL,BYTE PTR DS:[EAX+30]
MOV BYTE PTR SS:[EBP-0F61],CL
MOV EDX,DWORD PTR SS:[EBP-0F68]
MOV AL,BYTE PTR SS:[EBP-0F69]
MOV BYTE PTR DS:[EDX+30],AL
CMP DWORD PTR SS:[EBP-0F5C],0
JNE SHORT 00411F1F
MOV DWORD PTR SS:[EBP-0F74],0
JMP SHORT 00411F36
MOV ECX,DWORD PTR SS:[EBP-0F5C]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[EBP-0F5C]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[EBP-0F74],EAX
MOV ECX,DWORD PTR SS:[EBP-0F74]
MOV EDX,DWORD PTR DS:[ECX+10]
MOV DWORD PTR SS:[EBP-0F70],EDX
MOV EAX,1C0

; /Arg2 = 2
; |
; |Arg1
; \SystemIn

00411F4A |. F7D0
00411F4C |. 8B8D 8CF0FFFF
00411F52 |. 2341 10
00411F55 |. BA 40000000
00411F5A |. 81E2 C0010000
00411F60 |. 81E2 FFFF0000
00411F66 |. 0BC2
00411F68 |. 8B8D 8CF0FFFF
00411F6E |. 8941 10
00411F71 |. 68 08904400
erating System Version"
00411F76 |. 8B95 A4F0FFFF
00411F7C |. 52
00411F7D |. E8 DE89FFFF
00411F82 |. 83C4 08
00411F85 |. 8985 84F0FFFF
00411F8B |. 83BD 84F0FFFF
00411F92 |. 75 0C
00411F94 |. C785 88F0FFFF
00411F9E |. EB 17
00411FA0 |> 8B85 84F0FFFF
00411FA6 |. 8B08
00411FA8 |. 8B95 84F0FFFF
00411FAE |. 0351 04
00411FB1 |. 8995 88F0FFFF
00411FB7 |> 68 C0010000
C0
00411FBC |. 68 80000000
0
00411FC1 |. 8B8D 88F0FFFF
00411FC7 |. E8 B46DFFFF
fo.00408D80
00411FCC |. 8A85 E3F9FFFF
00411FD2 |. 8885 7BF0FFFF
00411FD8 |. 8B8D 84F0FFFF
00411FDE |. 8B11
00411FE0 |. 8B85 84F0FFFF
00411FE6 |. 0342 04
00411FE9 |. 8985 7CF0FFFF
00411FEF |. 8B8D 7CF0FFFF
00411FF5 |. 8A51 30
00411FF8 |. 8895 83F0FFFF
00411FFE |. 8B85 7CF0FFFF
00412004 |. 8A8D 7BF0FFFF
0041200A |. 8848 30
0041200D |. 6A 02
0041200F |. 8D95 E4F9FFFF
00412015 |. 52
00412016 |. E8 7DB70100
fo.0042D798
0041201B |. 83C4 08
0041201E |. 8985 70F0FFFF
00412024 |. 68 D0914400
00412029 |. A1 94114500
0041202E |. 50
[451194] = 0
0041202F |. 8B8D 84F0FFFF
00412035 |. E8 5641FFFF
fo.00406190
0041203A |. 50

NOT EAX
MOV ECX,DWORD PTR SS:[EBP-0F74]
AND EAX,DWORD PTR DS:[ECX+10]
MOV EDX,40
AND EDX,000001C0
AND EDX,0000FFFF
OR EAX,EDX
MOV ECX,DWORD PTR SS:[EBP-0F74]
MOV DWORD PTR DS:[ECX+10],EAX
PUSH OFFSET 00449008

; ASCII "Op

MOV EDX,DWORD PTR SS:[EBP-0F5C]


PUSH EDX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[EBP-0F7C],EAX
CMP DWORD PTR SS:[EBP-0F7C],0
JNE SHORT 00411FA0
MOV DWORD PTR SS:[EBP-0F78],0
JMP SHORT 00411FB7
MOV EAX,DWORD PTR SS:[EBP-0F7C]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[EBP-0F7C]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[EBP-0F78],EDX
PUSH 1C0

; /Arg2 = 1

PUSH 80

; |Arg1 = 8

MOV ECX,DWORD PTR SS:[EBP-0F78]


CALL 00408D80

; |
; \SystemIn

MOV AL,BYTE PTR SS:[EBP-61D]


MOV BYTE PTR SS:[EBP-0F85],AL
MOV ECX,DWORD PTR SS:[EBP-0F7C]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[EBP-0F7C]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[EBP-0F84],EAX
MOV ECX,DWORD PTR SS:[EBP-0F84]
MOV DL,BYTE PTR DS:[ECX+30]
MOV BYTE PTR SS:[EBP-0F7D],DL
MOV EAX,DWORD PTR SS:[EBP-0F84]
MOV CL,BYTE PTR SS:[EBP-0F85]
MOV BYTE PTR DS:[EAX+30],CL
PUSH 2
LEA EDX,[EBP-61C]
PUSH EDX
CALL 0042D798

;
;
;
;

ADD ESP,8
MOV DWORD PTR SS:[EBP-0F90],EAX
PUSH OFFSET 004491D0
MOV EAX,DWORD PTR DS:[451194]
PUSH EAX

; /Arg1 =>

MOV ECX,DWORD PTR SS:[EBP-0F7C]


CALL 00406190

; |
; \SystemIn

PUSH EAX

/Arg2 = 2
|
|Arg1
\SystemIn

0041203B |.
00412040 |.
00412043 |.
00412049 |.
00412050 |.
00412052 |.
0041205C |.
0041205E |>
00412064 |.
00412066 |.
0041206C |.
0041206F |.
00412075 |>
0041207B |.
0041207E |.
0041207F |.
00412085 |.
00412086 |.
0041208C |.
0041208E |.
00412090 |.
00412093 |.
00412099 |.
0041209F |.
004120A5 |.
004120A7 |.
004120AD |.
004120B0 |.
004120B6 |.
004120BC |.
004120BF |.
004120C5 |.
004120CB |.
004120D1 |.
004120D4 |.
004120DA |.
[451198] = 0
004120DB |.
004120E1 |.
fo.00406190
004120E6 |.
004120EC |.
004120F2 |.
004120F8 |.
004120FE |.
00412100 |.
00412106 |.
00412109 |.
0041210F |.
00412115 |.
00412118 |.
0041211E |.
00412124 |.
0041212A |.
0041212D |.
00412132 |.
00412137 |.
0041213D |.
[45119C] = 0
0041213E |.

E8 2089FFFF
83C4 08
8985 74F0FFFF
83BD 74F0FFFF
75 0C
C785 40EBFFFF
EB 17
8B8D 74F0FFFF
8B11
8B85 74F0FFFF
0342 04
8985 40EBFFFF
8B8D 70F0FFFF
8B51 04
52
8B85 40EBFFFF
50
8B8D 70F0FFFF
8B11
FFD2
83C4 08
8A85 EEF9FFFF
8885 67F0FFFF
8B8D 74F0FFFF
8B11
8B85 74F0FFFF
0342 04
8985 68F0FFFF
8B8D 68F0FFFF
8A51 30
8895 6FF0FFFF
8B85 68F0FFFF
8A8D 67F0FFFF
8848 30
8B15 98114500
52

CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[EBP-0F8C],EAX
CMP DWORD PTR SS:[EBP-0F8C],0
JNE SHORT 0041205E
MOV DWORD PTR SS:[EBP-14C0],0
JMP SHORT 00412075
MOV ECX,DWORD PTR SS:[EBP-0F8C]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[EBP-0F8C]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[EBP-14C0],EAX
MOV ECX,DWORD PTR SS:[EBP-0F90]
MOV EDX,DWORD PTR DS:[ECX+4]
PUSH EDX
MOV EAX,DWORD PTR SS:[EBP-14C0]
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP-0F90]
MOV EDX,DWORD PTR DS:[ECX]
CALL EDX
ADD ESP,8
MOV AL,BYTE PTR SS:[EBP-612]
MOV BYTE PTR SS:[EBP-0F99],AL
MOV ECX,DWORD PTR SS:[EBP-0F8C]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[EBP-0F8C]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[EBP-0F98],EAX
MOV ECX,DWORD PTR SS:[EBP-0F98]
MOV DL,BYTE PTR DS:[ECX+30]
MOV BYTE PTR SS:[EBP-0F91],DL
MOV EAX,DWORD PTR SS:[EBP-0F98]
MOV CL,BYTE PTR SS:[EBP-0F99]
MOV BYTE PTR DS:[EAX+30],CL
MOV EDX,DWORD PTR DS:[451198]
PUSH EDX

; /Arg1 =>

8B8D 74F0FFFF MOV ECX,DWORD PTR SS:[EBP-0F8C]


E8 AA40FFFF CALL 00406190

; |
; \SystemIn

8985 58F0FFFF
8A85 EFF9FFFF
8885 5FF0FFFF
8B8D 58F0FFFF
8B11
8B85 58F0FFFF
0342 04
8985 60F0FFFF
8B8D 60F0FFFF
8A51 30
8895 66F0FFFF
8B85 60F0FFFF
8A8D 5FF0FFFF
8848 30
68 A4114500
68 80874400
8B15 9C114500
52

MOV DWORD PTR SS:[EBP-0FA8],EAX


MOV AL,BYTE PTR SS:[EBP-611]
MOV BYTE PTR SS:[EBP-0FA1],AL
MOV ECX,DWORD PTR SS:[EBP-0FA8]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[EBP-0FA8]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[EBP-0FA0],EAX
MOV ECX,DWORD PTR SS:[EBP-0FA0]
MOV DL,BYTE PTR DS:[ECX+30]
MOV BYTE PTR SS:[EBP-0F9A],DL
MOV EAX,DWORD PTR SS:[EBP-0FA0]
MOV CL,BYTE PTR SS:[EBP-0FA1]
MOV BYTE PTR DS:[EAX+30],CL
PUSH OFFSET 004511A4
PUSH OFFSET 00448780
MOV EDX,DWORD PTR DS:[45119C]
PUSH EDX

; /Arg1 =>

68 D0914400

PUSH OFFSET 004491D0

; |

00412143 |. 8B85 58F0FFFF


00412149 |. 50
0041214A |. E8 1188FFFF
0041214F |. 83C4 08
00412152 |. 8BC8
00412154 |. E8 3740FFFF
fo.00406190
00412159 |. 50
0041215A |. E8 0188FFFF
0041215F |. 83C4 08
00412162 |. 50
00412163 |. E8 F887FFFF
00412168 |. 83C4 08
0041216B |. C645 FC 06
0041216F |. 6A 00
00412171 |. 6A 01
00412173 |. 8D8D A0F9FFFF
00412179 |. E8 E2D9FFFF
fo.0040FB60
0041217E |. C745 FC FFFFF
00412185 |. 6A 00
00412187 |. 6A 01
00412189 |. 8D8D BCF9FFFF
0041218F |. E8 CCD9FFFF
fo.0040FB60
00412194 |. E9 DA070000
00412199 |> 8D8D 6FF9FFFF
0041219F |. 51
004121A0 |. 68 A4114500
ystemInfo.4511A4
004121A5 |. 8D8D 70F9FFFF
004121AB |. E8 90CAFFFF
fo.0040EC40
004121B0 |. C785 8CF9FFFF
004121BA |. C785 90F9FFFF
004121C4 |. C785 94F9FFFF
004121CE |. 8D95 70F9FFFF
004121D4 |. 8995 54F0FFFF
004121DA |. C745 FC 08000
004121E1 |. C685 53F0FFFF
004121E8 |. 6A 01
004121EA |. 6A 00
004121EC |. 8D85 53F0FFFF
004121F2 |. 50
004121F3 |. 8B8D 54F0FFFF
004121F9 |. E8 52290100
fo.00424B50
004121FE |. 8A88 A4114500
00412204 |. 888D 03FDFFFF
0041220A |. C745 FC 09000
00412211 |. 8D8D 70F9FFFF
00412217 |. E8 64C5FFFF
fo.0040E780
0041221C |. C745 FC FFFFF
00412223 |. 6A 00
00412225 |. 6A 01
00412227 |. 8D8D 70F9FFFF
0041222D |. E8 2ED9FFFF
fo.0040FB60
00412232 |. 0FBE95 03FDFF

MOV EAX,DWORD PTR SS:[EBP-0FA8]


PUSH EAX
CALL 0040A960
ADD ESP,8
MOV ECX,EAX
CALL 00406190

;
;
;
;
;
;

|
|
|
|
|
\SystemIn

PUSH EAX
CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
MOV BYTE PTR SS:[EBP-4],6
PUSH 0
PUSH 1
LEA ECX,[EBP-660]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

MOV DWORD PTR SS:[EBP-4],-1


PUSH 0
PUSH 1
LEA ECX,[EBP-644]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

JMP 00412973
LEA ECX,[EBP-691]
PUSH ECX
PUSH OFFSET 004511A4

; /Arg2
; |Arg1 = S

LEA ECX,[EBP-690]
CALL 0040EC40

; |
; \SystemIn

MOV DWORD PTR SS:[EBP-674],0


MOV DWORD PTR SS:[EBP-670],0
MOV DWORD PTR SS:[EBP-66C],0
LEA EDX,[EBP-690]
MOV DWORD PTR SS:[EBP-0FAC],EDX
MOV DWORD PTR SS:[EBP-4],8
MOV BYTE PTR SS:[EBP-0FAD],20
PUSH 1
PUSH 0
LEA EAX,[EBP-0FAD]
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP-0FAC]
CALL 00424B50

;
;
;
;
;
;

MOV CL,BYTE PTR DS:[EAX+4511A4]


MOV BYTE PTR SS:[EBP-2FD],CL
MOV DWORD PTR SS:[EBP-4],9
LEA ECX,[EBP-690]
CALL 0040E780

; [SystemIn

MOV DWORD PTR SS:[EBP-4],-1


PUSH 0
PUSH 1
LEA ECX,[EBP-690]
CALL 0040FB60

;
;
;
;

MOVSX EDX,BYTE PTR SS:[EBP-2FD]

/Arg3 = 1
|Arg2 = 0
|
|Arg1
|
\SystemIn

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

00412239 |. 83FA 41
0041223C |. 75 0C
0041223E |. C785 3CEBFFFF
econd Edition"
00412248 |. EB 52
0041224A |> 0FBE85 03FDFF
00412251 |. 83F8 42
00412254 |. 75 0C
00412256 |. C785 38EBFFFF
SR-2"
00412260 |. EB 2E
00412262 |> 0FBE8D 03FDFF
00412269 |. 83F9 43
0041226C |. 75 0C
0041226E |. C785 34EBFFFF
SR-2.1"
00412278 |. EB 0A
0041227A |> C785 34EBFFFF
00412284 |> 8B95 34EBFFFF
0041228A |. 8995 38EBFFFF
00412290 |> 8B85 38EBFFFF
00412296 |. 8985 3CEBFFFF
0041229C |> 833D 98114500
004122A3 |. 73 0C
004122A5 |. C785 30EBFFFF
"
004122AF |. EB 2B
004122B1 |> 833D 98114500
004122B8 |. 73 0C
004122BA |. C785 2CEBFFFF
"
004122C4 |. EB 0A
004122C6 |> C785 2CEBFFFF
"
004122D0 |> 8B8D 2CEBFFFF
004122D6 |. 898D 30EBFFFF
004122DC |> 8B95 3CEBFFFF
004122E2 |. 52
004122E3 |. 8B85 30EBFFFF
004122E9 |. 50
004122EA |. 68 8C914400
ndows "
004122EF |. 8B4D 08
004122F2 |. 51
004122F3 |. E8 6886FFFF
004122F8 |. 83C4 08
004122FB |. 50
004122FC |. E8 5F86FFFF
00412301 |. 83C4 08
00412304 |. 50
00412305 |. E8 5686FFFF
0041230A |. 83C4 08
0041230D |. 8985 4CF0FFFF
00412313 |. 6A 0A
A
00412315 |. 8B8D 4CF0FFFF
0041231B |. E8 A0D2FFFF
fo.0040F5C0
00412320 |. 8B8D 4CF0FFFF
00412326 |. E8 95D4FFFF

CMP EDX,41
JNE SHORT 0041224A
MOV DWORD PTR SS:[EBP-14C4],OFFSET 00448 ; ASCII " S
JMP SHORT 0041229C
MOVSX EAX,BYTE PTR SS:[EBP-2FD]
CMP EAX,42
JNE SHORT 00412262
MOV DWORD PTR SS:[EBP-14C8],OFFSET 00448 ; ASCII " O
JMP SHORT 00412290
MOVSX ECX,BYTE PTR SS:[EBP-2FD]
CMP ECX,43
JNE SHORT 0041227A
MOV DWORD PTR SS:[EBP-14CC],OFFSET 00448 ; ASCII " O
JMP
MOV
MOV
MOV
MOV
MOV
CMP
JNB
MOV

SHORT 00412284
DWORD PTR SS:[EBP-14CC],OFFSET 00448
EDX,DWORD PTR SS:[EBP-14CC]
DWORD PTR SS:[EBP-14C8],EDX
EAX,DWORD PTR SS:[EBP-14C8]
DWORD PTR SS:[EBP-14C4],EAX
DWORD PTR DS:[451198],0A
SHORT 004122B1
DWORD PTR SS:[EBP-14D0],OFFSET 00449 ; ASCII "95

JMP
CMP
JNB
MOV

SHORT
DWORD
SHORT
DWORD

004122DC
PTR DS:[451198],5A
004122C6
PTR SS:[EBP-14D4],OFFSET 00449 ; ASCII "98

JMP SHORT 004122D0


MOV DWORD PTR SS:[EBP-14D4],OFFSET 00449 ; ASCII "Me
MOV ECX,DWORD PTR SS:[EBP-14D4]
MOV DWORD PTR SS:[EBP-14D0],ECX
MOV EDX,DWORD PTR SS:[EBP-14C4]
PUSH EDX
MOV EAX,DWORD PTR SS:[EBP-14D0]
PUSH EAX
PUSH OFFSET 0044918C

; ASCII "Wi

MOV ECX,DWORD PTR SS:[EBP+8]


PUSH ECX
CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[EBP-0FB4],EAX
PUSH 0A

; /Arg1 = 0

MOV ECX,DWORD PTR SS:[EBP-0FB4]


CALL 0040F5C0

; |
; \SystemIn

MOV ECX,DWORD PTR SS:[EBP-0FB4]


CALL 0040F7C0

; [SystemIn

fo.0040F7C0
0041232B |. 68 77874400
ystemInfo.448777
00412330 |. 8D8D 3CF9FFFF
00412336 |. E8 B5C8FFFF
fo.0040EBF0
0041233B |. C745 FC 0A000
00412342 |. 8D95 3CF9FFFF
00412348 |. 52
00412349 |. B9 0C294500
0041234E |. E8 CD4DFFFF
fo.00407120
00412353 |. A1 FC284500
00412358 |. 83C0 01
0041235B |. A3 FC284500
00412360 |. 68 74874400
"
00412365 |. 8B0D FC284500
0041236B |. 51
[4528FC] = 0
0041236C |. 68 D0914400
00412371 |. 8B15 F8284500
00412377 |. 52
[4528F8] = 0
00412378 |. B9 08294500
0041237D |. E8 DE3AFFFF
nfo.00405E60
00412382 |. 50
00412383 |. E8 D885FFFF
00412388 |. 83C4 08
0041238B |. 8BC8
0041238D |. E8 CE3AFFFF
fo.00405E60
00412392 |. 50
00412393 |. E8 C885FFFF
00412398 |. 83C4 08
0041239B |. 8D85 20F9FFFF
004123A1 |. 50
004123A2 |. B9 08294500
004123A7 |. E8 B440FFFF
fo.00406460
004123AC |. 8985 28EBFFFF
004123B2 |. 8B8D 28EBFFFF
004123B8 |. 898D 24EBFFFF
004123BE |. C645 FC 0B
004123C2 |. C685 6EF9FFFF
004123C9 |. C685 6DF9FFFF
004123D0 |. C685 63F9FFFF
004123D7 |. C685 62F9FFFF
004123DE |. 837D 08 00
004123E2 |. 75 0C
004123E4 |. C785 30F0FFFF
004123EE |. EB 11
004123F0 |> 8B55 08
004123F3 |. 8B02
004123F5 |. 8B4D 08
004123F8 |. 0348 04
004123FB |. 898D 30F0FFFF
00412401 |> 8B95 30F0FFFF
00412407 |. 8B42 10

PUSH OFFSET 00448777

; /Arg1 = S

LEA ECX,[EBP-6C4]
CALL 0040EBF0

; |
; \SystemIn

MOV DWORD PTR SS:[EBP-4],0A


LEA EDX,[EBP-6C4]
PUSH EDX
MOV ECX,OFFSET 0045290C
CALL 00407120

; /Arg1
; |
; \SystemIn

MOV EAX,DWORD PTR DS:[4528FC]


ADD EAX,1
MOV DWORD PTR DS:[4528FC],EAX
PUSH OFFSET 00448774

; ASCII ".

MOV ECX,DWORD PTR DS:[4528FC]


PUSH ECX

; /Arg1 =>

PUSH OFFSET 004491D0


MOV EDX,DWORD PTR DS:[4528F8]
PUSH EDX

; |
; |
; |/Arg1 =>

MOV ECX,OFFSET 00452908


CALL 00405E60

; ||
; |\SystemI

PUSH EAX
CALL 0040A960
ADD ESP,8
MOV ECX,EAX
CALL 00405E60

;
;
;
;
;

PUSH EAX
CALL 0040A960
ADD ESP,8
LEA EAX,[EBP-6E0]
PUSH EAX
MOV ECX,OFFSET 00452908
CALL 00406460

; /Arg1
; |
; \SystemIn

MOV
MOV
MOV
MOV
MOV
MOV
MOV
MOV
CMP
JNE
MOV
JMP
MOV
MOV
MOV
ADD
MOV
MOV
MOV

DWORD PTR SS:[EBP-14D8],EAX


ECX,DWORD PTR SS:[EBP-14D8]
DWORD PTR SS:[EBP-14DC],ECX
BYTE PTR SS:[EBP-4],0B
BYTE PTR SS:[EBP-692],20
BYTE PTR SS:[EBP-693],30
BYTE PTR SS:[EBP-69D],20
BYTE PTR SS:[EBP-69E],2E
DWORD PTR SS:[EBP+8],0
SHORT 004123F0
DWORD PTR SS:[EBP-0FD0],0
SHORT 00412401
EDX,DWORD PTR SS:[EBP+8]
EAX,DWORD PTR DS:[EDX]
ECX,DWORD PTR SS:[EBP+8]
ECX,DWORD PTR DS:[EAX+4]
DWORD PTR SS:[EBP-0FD0],ECX
EDX,DWORD PTR SS:[EBP-0FD0]
EAX,DWORD PTR DS:[EDX+10]

|
|
|
|
\SystemIn

0041240A |.
00412410 |.
00412415 |.
00412417 |.
0041241D |.
00412420 |.
00412425 |.
0041242A |.
0041242F |.
00412431 |.
00412437 |.
0041243A |.
0041243C |.
00412442 |.
00412443 |.
fo.0042D798
00412448 |.
0041244B |.
00412451 |.
00412455 |.
00412457 |.
00412461 |.
00412463 |>
00412466 |.
00412468 |.
0041246B |.
0041246E |.
00412474 |>
0041247A |.
0041247D |.
0041247E |.
00412484 |.
00412485 |.
0041248B |.
0041248D |.
0041248F |.
00412492 |.
00412498 |.
00412499 |.
0041249C |.
0041249D |.
004124A2 |.
004124A5 |.
004124AB |.
004124B2 |.
004124B4 |.
004124BE |.
004124C0 |>
004124C6 |.
004124C8 |.
004124CE |.
004124D1 |.
004124D7 |>
004124DD |.
004124E0 |.
004124E6 |.
004124EB |.
004124ED |.
004124F3 |.
004124F6 |.

8985 34F0FFFF
B9 C0010000
F7D1
8B95 30F0FFFF
234A 10
B8 40000000
25 C0010000
25 FFFF0000
0BC8
8B95 30F0FFFF
894A 10
6A 06
8D85 18F9FFFF
50
E8 50B30100

MOV DWORD PTR SS:[EBP-0FCC],EAX


MOV ECX,1C0
NOT ECX
MOV EDX,DWORD PTR SS:[EBP-0FD0]
AND ECX,DWORD PTR DS:[EDX+10]
MOV EAX,40
AND EAX,000001C0
AND EAX,0000FFFF
OR ECX,EAX
MOV EDX,DWORD PTR SS:[EBP-0FD0]
MOV DWORD PTR DS:[EDX+10],ECX
PUSH 6
LEA EAX,[EBP-6E8]
PUSH EAX
CALL 0042D798

83C4 08
8985 2CF0FFFF
837D 08 00
75 0C
C785 20EBFFFF
EB 11
8B4D 08
8B11
8B45 08
0342 04
8985 20EBFFFF
8B8D 2CF0FFFF
8B51 04
52
8B85 20EBFFFF
50
8B8D 2CF0FFFF
8B11
FFD2
83C4 08
8B85 24EBFFFF
50
8B4D 08
51
E8 BE89FFFF
83C4 08
8985 20F0FFFF
83BD 20F0FFFF
75 0C
C785 24F0FFFF
EB 17
8B95 20F0FFFF
8B02
8B8D 20F0FFFF
0348 04
898D 24F0FFFF
8B95 24F0FFFF
8B42 10
8985 28F0FFFF
B9 C0010000
F7D1
8B95 24F0FFFF
234A 10
B8 80000000

ADD ESP,8
MOV DWORD PTR SS:[EBP-0FD4],EAX
CMP DWORD PTR SS:[EBP+8],0
JNE SHORT 00412463
MOV DWORD PTR SS:[EBP-14E0],0
JMP SHORT 00412474
MOV ECX,DWORD PTR SS:[EBP+8]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[EBP+8]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[EBP-14E0],EAX
MOV ECX,DWORD PTR SS:[EBP-0FD4]
MOV EDX,DWORD PTR DS:[ECX+4]
PUSH EDX
MOV EAX,DWORD PTR SS:[EBP-14E0]
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP-0FD4]
MOV EDX,DWORD PTR DS:[ECX]
CALL EDX
ADD ESP,8
MOV EAX,DWORD PTR SS:[EBP-14DC]
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP+8]
PUSH ECX
CALL 0040AE60
ADD ESP,8
MOV DWORD PTR SS:[EBP-0FE0],EAX
CMP DWORD PTR SS:[EBP-0FE0],0
JNE SHORT 004124C0
MOV DWORD PTR SS:[EBP-0FDC],0
JMP SHORT 004124D7
MOV EDX,DWORD PTR SS:[EBP-0FE0]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[EBP-0FE0]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[EBP-0FDC],ECX
MOV EDX,DWORD PTR SS:[EBP-0FDC]
MOV EAX,DWORD PTR DS:[EDX+10]
MOV DWORD PTR SS:[EBP-0FD8],EAX
MOV ECX,1C0
NOT ECX
MOV EDX,DWORD PTR SS:[EBP-0FDC]
AND ECX,DWORD PTR DS:[EDX+10]
MOV EAX,80

;
;
;
;

/Arg2 = 6
|
|Arg1
\SystemIn

004124FB |.
00412500 |.
00412505 |.
00412507 |.
0041250D |.
00412510 |.
3
00412512 |.
00412518 |.
00412519 |.
fo.0042D798
0041251E |.
00412521 |.
00412527 |.
0041252E |.
00412530 |.
0041253A |.
0041253C |>
00412542 |.
00412544 |.
0041254A |.
0041254D |.
00412553 |>
00412559 |.
0041255C |.
0041255D |.
00412563 |.
00412564 |.
0041256A |.
0041256C |.
0041256E |.
00412571 |.
00412577 |.
0041257D |.
00412583 |.
00412585 |.
0041258B |.
0041258E |.
00412594 |.
0041259A |.
0041259D |.
004125A3 |.
004125A9 |.
004125AF |.
004125B2 |.
004125B9 |.
004125BB |.
004125C5 |.
004125C7 |>
004125CD |.
004125CF |.
004125D5 |.
004125D8 |.
004125DE |>
004125E4 |.
004125E7 |.
004125ED |.
004125F2 |.
004125F4 |.
004125FA |.

25 C0010000
25 FFFF0000
0BC8
8B95 24F0FFFF
894A 10
6A 23

AND EAX,000001C0
AND EAX,0000FFFF
OR ECX,EAX
MOV EDX,DWORD PTR SS:[EBP-0FDC]
MOV DWORD PTR DS:[EDX+10],ECX
PUSH 23

8D85 58F9FFFF LEA EAX,[EBP-6A8]


50
PUSH EAX
E8 7AB20100 CALL 0042D798
83C4 08
8985 1CF0FFFF
83BD 20F0FFFF
75 0C
C785 1CEBFFFF
EB 17
8B8D 20F0FFFF
8B11
8B85 20F0FFFF
0342 04
8985 1CEBFFFF
8B8D 1CF0FFFF
8B51 04
52
8B85 1CEBFFFF
50
8B8D 1CF0FFFF
8B11
FFD2
83C4 08
8A85 62F9FFFF
8885 13F0FFFF
8B8D 20F0FFFF
8B11
8B85 20F0FFFF
0342 04
8985 14F0FFFF
8B8D 14F0FFFF
8A51 30
8895 1BF0FFFF
8B85 14F0FFFF
8A8D 13F0FFFF
8848 30
83BD 20F0FFFF
75 0C
C785 08F0FFFF
EB 17
8B95 20F0FFFF
8B02
8B8D 20F0FFFF
0348 04
898D 08F0FFFF
8B95 08F0FFFF
8B42 10
8985 0CF0FFFF
B9 C0010000
F7D1
8B95 08F0FFFF
234A 10

ADD ESP,8
MOV DWORD PTR SS:[EBP-0FE4],EAX
CMP DWORD PTR SS:[EBP-0FE0],0
JNE SHORT 0041253C
MOV DWORD PTR SS:[EBP-14E4],0
JMP SHORT 00412553
MOV ECX,DWORD PTR SS:[EBP-0FE0]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[EBP-0FE0]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[EBP-14E4],EAX
MOV ECX,DWORD PTR SS:[EBP-0FE4]
MOV EDX,DWORD PTR DS:[ECX+4]
PUSH EDX
MOV EAX,DWORD PTR SS:[EBP-14E4]
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP-0FE4]
MOV EDX,DWORD PTR DS:[ECX]
CALL EDX
ADD ESP,8
MOV AL,BYTE PTR SS:[EBP-69E]
MOV BYTE PTR SS:[EBP-0FED],AL
MOV ECX,DWORD PTR SS:[EBP-0FE0]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[EBP-0FE0]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[EBP-0FEC],EAX
MOV ECX,DWORD PTR SS:[EBP-0FEC]
MOV DL,BYTE PTR DS:[ECX+30]
MOV BYTE PTR SS:[EBP-0FE5],DL
MOV EAX,DWORD PTR SS:[EBP-0FEC]
MOV CL,BYTE PTR SS:[EBP-0FED]
MOV BYTE PTR DS:[EAX+30],CL
CMP DWORD PTR SS:[EBP-0FE0],0
JNE SHORT 004125C7
MOV DWORD PTR SS:[EBP-0FF8],0
JMP SHORT 004125DE
MOV EDX,DWORD PTR SS:[EBP-0FE0]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[EBP-0FE0]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[EBP-0FF8],ECX
MOV EDX,DWORD PTR SS:[EBP-0FF8]
MOV EAX,DWORD PTR DS:[EDX+10]
MOV DWORD PTR SS:[EBP-0FF4],EAX
MOV ECX,1C0
NOT ECX
MOV EDX,DWORD PTR SS:[EBP-0FF8]
AND ECX,DWORD PTR DS:[EDX+10]

; /Arg2 = 2
; |
; |Arg1
; \SystemIn

004125FD |. B8 40000000
00412602 |. 25 C0010000
00412607 |. 25 FFFF0000
0041260C |. 0BC8
0041260E |. 8B95 08F0FFFF
00412614 |. 894A 10
00412617 |. 68 08904400
erating System Version"
0041261C |. 8B85 20F0FFFF
00412622 |. 50
00412623 |. E8 3883FFFF
00412628 |. 83C4 08
0041262B |. 8985 FCEFFFFF
00412631 |. 83BD FCEFFFFF
00412638 |. 75 0C
0041263A |. C785 00F0FFFF
00412644 |. EB 17
00412646 |> 8B8D FCEFFFFF
0041264C |. 8B11
0041264E |. 8B85 FCEFFFFF
00412654 |. 0342 04
00412657 |. 8985 00F0FFFF
0041265D |> 8B8D 00F0FFFF
00412663 |. 8B51 10
00412666 |. 8995 04F0FFFF
0041266C |. B8 C0010000
00412671 |. F7D0
00412673 |. 8B8D 00F0FFFF
00412679 |. 2341 10
0041267C |. BA 80000000
00412681 |. 81E2 C0010000
00412687 |. 81E2 FFFF0000
0041268D |. 0BC2
0041268F |. 8B8D 00F0FFFF
00412695 |. 8941 10
00412698 |. 8A95 63F9FFFF
0041269E |. 8895 F3EFFFFF
004126A4 |. 8B85 FCEFFFFF
004126AA |. 8B08
004126AC |. 8B95 FCEFFFFF
004126B2 |. 0351 04
004126B5 |. 8995 F4EFFFFF
004126BB |. 8B85 F4EFFFFF
004126C1 |. 8A48 30
004126C4 |. 888D FBEFFFFF
004126CA |. 8B95 F4EFFFFF
004126D0 |. 8A85 F3EFFFFF
004126D6 |. 8842 30
004126D9 |. 6A 02
004126DB |. 8D8D 64F9FFFF
004126E1 |. 51
004126E2 |. E8 B1B00100
fo.0042D798
004126E7 |. 83C4 08
004126EA |. 8985 E8EFFFFF
004126F0 |. 6A 2E
004126F2 |. 8B15 94114500
004126F8 |. 52
[451194] = 0
004126F9 |. 8B8D FCEFFFFF

MOV EAX,40
AND EAX,000001C0
AND EAX,0000FFFF
OR ECX,EAX
MOV EDX,DWORD PTR SS:[EBP-0FF8]
MOV DWORD PTR DS:[EDX+10],ECX
PUSH OFFSET 00449008

; ASCII "Op

MOV EAX,DWORD PTR SS:[EBP-0FE0]


PUSH EAX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[EBP-1004],EAX
CMP DWORD PTR SS:[EBP-1004],0
JNE SHORT 00412646
MOV DWORD PTR SS:[EBP-1000],0
JMP SHORT 0041265D
MOV ECX,DWORD PTR SS:[EBP-1004]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[EBP-1004]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[EBP-1000],EAX
MOV ECX,DWORD PTR SS:[EBP-1000]
MOV EDX,DWORD PTR DS:[ECX+10]
MOV DWORD PTR SS:[EBP-0FFC],EDX
MOV EAX,1C0
NOT EAX
MOV ECX,DWORD PTR SS:[EBP-1000]
AND EAX,DWORD PTR DS:[ECX+10]
MOV EDX,80
AND EDX,000001C0
AND EDX,0000FFFF
OR EAX,EDX
MOV ECX,DWORD PTR SS:[EBP-1000]
MOV DWORD PTR DS:[ECX+10],EAX
MOV DL,BYTE PTR SS:[EBP-69D]
MOV BYTE PTR SS:[EBP-100D],DL
MOV EAX,DWORD PTR SS:[EBP-1004]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[EBP-1004]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[EBP-100C],EDX
MOV EAX,DWORD PTR SS:[EBP-100C]
MOV CL,BYTE PTR DS:[EAX+30]
MOV BYTE PTR SS:[EBP-1005],CL
MOV EDX,DWORD PTR SS:[EBP-100C]
MOV AL,BYTE PTR SS:[EBP-100D]
MOV BYTE PTR DS:[EDX+30],AL
PUSH 2
LEA ECX,[EBP-69C]
PUSH ECX
CALL 0042D798

;
;
;
;

ADD ESP,8
MOV DWORD PTR SS:[EBP-1018],EAX
PUSH 2E
MOV EDX,DWORD PTR DS:[451194]
PUSH EDX

; /Arg1 =>

MOV ECX,DWORD PTR SS:[EBP-1004]

; |

/Arg2 = 2
|
|Arg1
\SystemIn

004126FF |.
fo.00406190
00412704 |.
00412705 |.
0041270A |.
0041270D |.
00412713 |.
0041271A |.
0041271C |.
00412726 |.
00412728 |>
0041272E |.
00412730 |.
00412736 |.
00412739 |.
0041273F |>
00412745 |.
00412748 |.
00412749 |.
0041274F |.
00412750 |.
00412756 |.
00412758 |.
0041275A |.
0041275D |.
00412763 |.
00412769 |.
0041276F |.
00412771 |.
00412777 |.
0041277A |.
00412780 |.
00412786 |.
00412789 |.
0041278F |.
00412795 |.
0041279B |.
0041279E |.
004127A4 |.
[451198] = 0
004127A5 |.
004127AB |.
fo.00406190
004127B0 |.
004127B6 |.
004127BC |.
004127C2 |.
004127C8 |.
004127CA |.
004127D0 |.
004127D3 |.
004127D9 |.
004127DF |.
004127E2 |.
004127E8 |.
004127EE |.
004127F4 |.
004127F7 |.
004127FC |.
00412802 |.

E8 8C3AFFFF

CALL 00406190

; \SystemIn

50
E8 D6A60100
83C4 08
8985 ECEFFFFF
83BD ECEFFFFF
75 0C
C785 18EBFFFF
EB 17
8B85 ECEFFFFF
8B08
8B95 ECEFFFFF
0351 04
8995 18EBFFFF
8B85 E8EFFFFF
8B48 04
51
8B95 18EBFFFF
52
8B85 E8EFFFFF
8B08
FFD1
83C4 08
8A95 6DF9FFFF
8895 DFEFFFFF
8B85 ECEFFFFF
8B08
8B95 ECEFFFFF
0351 04
8995 E0EFFFFF
8B85 E0EFFFFF
8A48 30
888D E7EFFFFF
8B95 E0EFFFFF
8A85 DFEFFFFF
8842 30
8B0D 98114500
51

PUSH EAX
CALL 0042CDE0
ADD ESP,8
MOV DWORD PTR SS:[EBP-1014],EAX
CMP DWORD PTR SS:[EBP-1014],0
JNE SHORT 00412728
MOV DWORD PTR SS:[EBP-14E8],0
JMP SHORT 0041273F
MOV EAX,DWORD PTR SS:[EBP-1014]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[EBP-1014]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[EBP-14E8],EDX
MOV EAX,DWORD PTR SS:[EBP-1018]
MOV ECX,DWORD PTR DS:[EAX+4]
PUSH ECX
MOV EDX,DWORD PTR SS:[EBP-14E8]
PUSH EDX
MOV EAX,DWORD PTR SS:[EBP-1018]
MOV ECX,DWORD PTR DS:[EAX]
CALL ECX
ADD ESP,8
MOV DL,BYTE PTR SS:[EBP-693]
MOV BYTE PTR SS:[EBP-1021],DL
MOV EAX,DWORD PTR SS:[EBP-1014]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[EBP-1014]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[EBP-1020],EDX
MOV EAX,DWORD PTR SS:[EBP-1020]
MOV CL,BYTE PTR DS:[EAX+30]
MOV BYTE PTR SS:[EBP-1019],CL
MOV EDX,DWORD PTR SS:[EBP-1020]
MOV AL,BYTE PTR SS:[EBP-1021]
MOV BYTE PTR DS:[EDX+30],AL
MOV ECX,DWORD PTR DS:[451198]
PUSH ECX

; /Arg1 =>

8B8D ECEFFFFF MOV ECX,DWORD PTR SS:[EBP-1014]


E8 E039FFFF CALL 00406190
8985 D0EFFFFF
8A95 6EF9FFFF
8895 D7EFFFFF
8B85 D0EFFFFF
8B08
8B95 D0EFFFFF
0351 04
8995 D8EFFFFF
8B85 D8EFFFFF
8A48 30
888D DEEFFFFF
8B95 D8EFFFFF
8A85 D7EFFFFF
8842 30
68 A4114500
8B8D D0EFFFFF
51

MOV DWORD PTR SS:[EBP-1030],EAX


MOV DL,BYTE PTR SS:[EBP-692]
MOV BYTE PTR SS:[EBP-1029],DL
MOV EAX,DWORD PTR SS:[EBP-1030]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[EBP-1030]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[EBP-1028],EDX
MOV EAX,DWORD PTR SS:[EBP-1028]
MOV CL,BYTE PTR DS:[EAX+30]
MOV BYTE PTR SS:[EBP-1022],CL
MOV EDX,DWORD PTR SS:[EBP-1028]
MOV AL,BYTE PTR SS:[EBP-1029]
MOV BYTE PTR DS:[EDX+30],AL
PUSH OFFSET 004511A4
MOV ECX,DWORD PTR SS:[EBP-1030]
PUSH ECX

; |
; \SystemIn

00412803 |. E8 5881FFFF CALL 0040A960


00412808 |. 83C4 08
ADD ESP,8
0041280B |. C645 FC 0A
MOV BYTE PTR SS:[EBP-4],0A
0041280F |. 6A 00
PUSH 0
00412811 |. 6A 01
PUSH 1
00412813 |. 8D8D 20F9FFFF LEA ECX,[EBP-6E0]
00412819 |. E8 42D3FFFF CALL 0040FB60
fo.0040FB60
0041281E |. C745 FC FFFFF MOV DWORD PTR SS:[EBP-4],-1
00412825 |. 6A 00
PUSH 0
00412827 |. 6A 01
PUSH 1
00412829 |. 8D8D 3CF9FFFF LEA ECX,[EBP-6C4]
0041282F |. E8 2CD3FFFF CALL 0040FB60
fo.0040FB60
00412834 |. 8D95 04FDFFFF LEA EDX,[EBP-2FC]
0041283A |. 52
PUSH EDX
0041283B |. 6A 01
PUSH 1
ccess = KEY_QUERY_VALUE
0041283D |. 6A 00
PUSH 0
= 0
0041283F |. 68 B88F4400 PUSH OFFSET 00448FB8
"SOFTWARE\Microsoft\Windows\CurrentVersion"
00412844 |. 68 02000080 PUSH 80000002
KEY_LOCAL_MACHINE
00412849 |. FF15 08804400 CALL DWORD PTR DS:[<&ADVAPI32.RegOpenKey
.RegOpenKeyExA
0041284F |. 85C0
TEST EAX,EAX
00412851 |. 0F85 B6000000 JNE 0041290D
00412857 |. C785 FCFCFFFF MOV DWORD PTR SS:[EBP-304],100
00412861 |. 8D85 FCFCFFFF LEA EAX,[EBP-304]
00412867 |. 50
PUSH EAX
00412868 |. 8D8D FCFBFFFF LEA ECX,[EBP-404]
0041286E |. 51
PUSH ECX
0041286F |. 6A 00
PUSH 0
NULL
00412871 |. 6A 00
PUSH 0
= 0
00412873 |. 68 A88F4400 PUSH OFFSET 00448FA8
VersionNumber"
00412878 |. 8B95 04FDFFFF MOV EDX,DWORD PTR SS:[EBP-2FC]
0041287E |. 52
PUSH EDX
0041287F |. FF15 04804400 CALL DWORD PTR DS:[<&ADVAPI32.RegQueryVa
.RegQueryValueExA
00412885 |. 85C0
TEST EAX,EAX
00412887 |. 75 77
JNE SHORT 00412900
00412889 |. 8D85 FCFBFFFF LEA EAX,[EBP-404]
0041288F |. 50
PUSH EAX
00412890 |. 68 64854400 PUSH OFFSET 00448564
"
00412895 |. 8B4D 08
MOV ECX,DWORD PTR SS:[EBP+8]
00412898 |. 51
PUSH ECX
00412899 |. E8 C280FFFF CALL 0040A960
0041289E |. 83C4 08
ADD ESP,8
004128A1 |. 50
PUSH EAX
004128A2 |. E8 B980FFFF CALL 0040A960
004128A7 |. 83C4 08
ADD ESP,8
004128AA |. C785 FCFCFFFF MOV DWORD PTR SS:[EBP-304],100
004128B4 |. 8D95 FCFCFFFF LEA EDX,[EBP-304]
004128BA |. 52
PUSH EDX
004128BB |. 8D85 FCFBFFFF LEA EAX,[EBP-404]

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

; /pResult
; |DesiredA
; |Reserved
; |SubKey =
; |hKey = H
; \ADVAPI32

;
;
;
;

/pDataLen
|
|pData
|pType =

; |Reserved
; |Name = "
; |
; |hKey
; \ADVAPI32

; ASCII " (

; /pDataLen
; |

004128C1 |. 50
004128C2 |. 6A 00
NULL
004128C4 |. 6A 00
= 0
004128C6 |. 68 948F4400
SubVersionNumber"
004128CB |. 8B8D 04FDFFFF
004128D1 |. 51
004128D2 |. FF15 04804400
.RegQueryValueExA
004128D8 |. 85C0
004128DA |. 75 13
004128DC |. 8D95 FCFBFFFF
004128E2 |. 52
004128E3 |. 8B45 08
004128E6 |. 50
004128E7 |. E8 7480FFFF
004128EC |. 83C4 08
004128EF |> 68 68854400
004128F4 |. 8B4D 08
004128F7 |. 51
004128F8 |. E8 6380FFFF
004128FD |. 83C4 08
00412900 |> 8B95 04FDFFFF
00412906 |. 52
00412907 |. FF15 14804400
.RegCloseKey
0041290D |> EB 64
0041290F |> 68 68854400
00412914 |. A1 9C114500
00412919 |. 50
[45119C] = 0
0041291A |. 68 74914400
(build "
0041291F |. 8B0D 98114500
00412925 |. 51
[451198] = 0
00412926 |. 68 D0914400
0041292B |. 8B15 94114500
00412931 |. 52
> [451194] = 0
00412932 |. 68 8C914400
"Windows "
00412937 |. 8B45 08
0041293A |. 50
0041293B |. E8 2080FFFF
00412940 |. 83C4 08
00412943 |. 8BC8
00412945 |. E8 4638FFFF
Info.00406190
0041294A |. 50
0041294B |. E8 1080FFFF
00412950 |. 83C4 08
00412953 |. 8BC8
00412955 |. E8 3638FFFF
nfo.00406190
0041295A |. 50
0041295B |. E8 0080FFFF
00412960 |. 83C4 08

PUSH EAX
PUSH 0

; |pData
; |pType =

PUSH 0

; |Reserved

PUSH OFFSET 00448F94

; |Name = "

MOV ECX,DWORD PTR SS:[EBP-2FC]


; |
PUSH ECX
; |hKey
CALL DWORD PTR DS:[<&ADVAPI32.RegQueryVa ; \ADVAPI32
TEST EAX,EAX
JNE SHORT 004128EF
LEA EDX,[EBP-404]
PUSH EDX
MOV EAX,DWORD PTR SS:[EBP+8]
PUSH EAX
CALL 0040A960
ADD ESP,8
PUSH OFFSET 00448568
MOV ECX,DWORD PTR SS:[EBP+8]
PUSH ECX
CALL 0040A960
ADD ESP,8
MOV EDX,DWORD PTR SS:[EBP-2FC]
PUSH EDX
; /hKey
CALL DWORD PTR DS:[<&ADVAPI32.RegCloseKe ; \ADVAPI32
JMP SHORT 00412973
PUSH OFFSET 00448568
MOV EAX,DWORD PTR DS:[45119C]
PUSH EAX

; /Arg1 =>

PUSH OFFSET 00449174

; |ASCII "

MOV ECX,DWORD PTR DS:[451198]


PUSH ECX

; |
; |/Arg1 =>

PUSH OFFSET 004491D0


MOV EDX,DWORD PTR DS:[451194]
PUSH EDX

; ||
; ||
; ||/Arg1 =

PUSH OFFSET 0044918C

; |||ASCII

MOV EAX,DWORD PTR SS:[EBP+8]


PUSH EAX
CALL 0040A960
ADD ESP,8
MOV ECX,EAX
CALL 00406190

;
;
;
;
;
;

|||
|||
|||
|||
|||
||\System

PUSH EAX
CALL 0040A960
ADD ESP,8
MOV ECX,EAX
CALL 00406190

;
;
;
;
;

||
||
||
||
|\SystemI

PUSH EAX
CALL 0040A960
ADD ESP,8

; |
; |
; |

00412963 |.
00412965 |.
fo.00406190
0041296A |.
0041296B |.
00412970 |.
00412973 |>
00412978 |>
.GetVersion
0041297E |.
00412983 |.
00412989 |.
.GetVersion
0041298F |.
00412994 |.
00412997 |.
0041299D |.
004129A0 |.
004129A3 |.
004129A5 |.
"
004129AF |.
004129B1 |>
.GetVersion
004129B7 |.
004129BC |.
004129BF |.
004129C2 |.
004129C7 |.
004129CA |.
004129CD |.
004129CF |.
00"
004129D9 |.
004129DB |>
"
004129E5 |>
004129EB |.
004129F1 |>
004129F8 |.
004129FF |.
00412A01 |.
00412A07 |.
00412A08 |.
fo.0042D798
00412A0D |.
00412A10 |.
00412A16 |.
00412A1B |.
.GetVersion
00412A21 |.
00412A26 |.
00412A29 |.
00412A2F |.
00412A32 |.
00412A33 |.
00412A38 |.
00412A3E |.
00412A3F |.
indows "

8BC8
E8 2638FFFF

MOV ECX,EAX
CALL 00406190

; |
; \SystemIn

50
E8 F07FFFFF
83C4 08
E9 F0040000
FF15 54804400

PUSH EAX
CALL 0040A960
ADD ESP,8
JMP 00412E68
CALL DWORD PTR DS:[<&KERNEL32.GetVersion ; [KERNEL32

3D 00000080 CMP EAX,80000000


0F83 33020000 JNB 00412BBC
FF15 54804400 CALL DWORD PTR DS:[<&KERNEL32.GetVersion ; [KERNEL32
25 FFFF0000
0FB7C8
81E1 FF000000
0FB6D1
83FA 05
74 0C
C785 14EBFFFF

AND EAX,0000FFFF
MOVZX ECX,AX
AND ECX,000000FF
MOVZX EDX,CL
CMP EDX,5
JE SHORT 004129B1
MOV DWORD PTR SS:[EBP-14EC],OFFSET 00449 ; ASCII "NT

EB 40
JMP SHORT 004129F1
FF15 54804400 CALL DWORD PTR DS:[<&KERNEL32.GetVersion ; [KERNEL32
25 FFFF0000
0FB7C0
C1E8 08
25 FF000000
0FB6C8
83F9 01
7D 0C
C785 10EBFFFF

AND EAX,0000FFFF
MOVZX EAX,AX
SHR EAX,8
AND EAX,000000FF
MOVZX ECX,AL
CMP ECX,1
JGE SHORT 004129DB
MOV DWORD PTR SS:[EBP-14F0],OFFSET 00449 ; ASCII "20

EB 0A
JMP SHORT 004129E5
C785 10EBFFFF MOV DWORD PTR SS:[EBP-14F0],OFFSET 00449 ; ASCII "XP
8B95 10EBFFFF
8995 14EBFFFF
C685 17F9FFFF
C685 16F9FFFF
6A 02
8D85 0CF9FFFF
50
E8 8BAD0100

MOV EDX,DWORD PTR SS:[EBP-14F0]


MOV DWORD PTR SS:[EBP-14EC],EDX
MOV BYTE PTR SS:[EBP-6E9],20
MOV BYTE PTR SS:[EBP-6EA],30
PUSH 2
LEA EAX,[EBP-6F4]
PUSH EAX
CALL 0042D798

83C4 08
8985 C8EFFFFF
68 D0914400
FF15 54804400

ADD ESP,8
MOV DWORD PTR SS:[EBP-1038],EAX
PUSH OFFSET 004491D0
CALL DWORD PTR DS:[<&KERNEL32.GetVersion ; [KERNEL32

25 FFFF0000
0FB7C8
81E1 FF000000
0FB6D1
52
68 80874400
8B85 14EBFFFF
50
68 8C914400

AND EAX,0000FFFF
MOVZX ECX,AX
AND ECX,000000FF
MOVZX EDX,CL
PUSH EDX
PUSH OFFSET 00448780
MOV EAX,DWORD PTR SS:[EBP-14EC]
PUSH EAX
PUSH OFFSET 0044918C

;
;
;
;

;
;
;
;
;

/Arg2 = 2
|
|Arg1
\SystemIn

/Arg1
|
|
|
|ASCII "W

00412A44 |.
00412A47 |.
00412A48 |.
00412A4D |.
00412A50 |.
00412A51 |.
00412A56 |.
00412A59 |.
00412A5A |.
00412A5F |.
00412A62 |.
00412A64 |.
fo.00405E60
00412A69 |.
00412A6A |.
00412A6F |.
00412A72 |.
00412A78 |.
00412A7F |.
00412A81 |.
00412A8B |.
00412A8D |>
00412A93 |.
00412A95 |.
00412A9B |.
00412A9E |.
00412AA4 |>
00412AAA |.
00412AAD |.
00412AAE |.
00412AB4 |.
00412AB5 |.
00412ABB |.
00412ABD |.
00412ABF |.
00412AC2 |.
00412AC8 |.
00412ACE |.
00412AD4 |.
00412AD6 |.
00412ADC |.
00412ADF |.
00412AE5 |.
00412AEB |.
00412AEE |.
00412AF4 |.
00412AFA |.
00412B00 |.
00412B03 |.
.GetVersion
00412B09 |.
00412B0E |.
00412B11 |.
00412B14 |.
00412B19 |.
00412B1C |.
00412B1D |.
00412B23 |.
fo.00405E60
00412B28 |.

8B4D 08
51
E8 137FFFFF
83C4 08
50
E8 0A7FFFFF
83C4 08
50
E8 017FFFFF
83C4 08
8BC8
E8 F733FFFF

MOV ECX,DWORD PTR SS:[EBP+8]


PUSH ECX
CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
MOV ECX,EAX
CALL 00405E60

50
E8 F17EFFFF
83C4 08
8985 CCEFFFFF
83BD CCEFFFFF
75 0C
C785 0CEBFFFF
EB 17
8B95 CCEFFFFF
8B02
8B8D CCEFFFFF
0348 04
898D 0CEBFFFF
8B95 C8EFFFFF
8B42 04
50
8B8D 0CEBFFFF
51
8B95 C8EFFFFF
8B02
FFD0
83C4 08
8A8D 16F9FFFF
888D BFEFFFFF
8B95 CCEFFFFF
8B02
8B8D CCEFFFFF
0348 04
898D C0EFFFFF
8B95 C0EFFFFF
8A42 30
8885 C7EFFFFF
8B8D C0EFFFFF
8A95 BFEFFFFF
8851 30
FF15 54804400

PUSH EAX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[EBP-1034],EAX
CMP DWORD PTR SS:[EBP-1034],0
JNE SHORT 00412A8D
MOV DWORD PTR SS:[EBP-14F4],0
JMP SHORT 00412AA4
MOV EDX,DWORD PTR SS:[EBP-1034]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[EBP-1034]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[EBP-14F4],ECX
MOV EDX,DWORD PTR SS:[EBP-1038]
MOV EAX,DWORD PTR DS:[EDX+4]
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP-14F4]
PUSH ECX
MOV EDX,DWORD PTR SS:[EBP-1038]
MOV EAX,DWORD PTR DS:[EDX]
CALL EAX
ADD ESP,8
MOV CL,BYTE PTR SS:[EBP-6EA]
MOV BYTE PTR SS:[EBP-1041],CL
MOV EDX,DWORD PTR SS:[EBP-1034]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[EBP-1034]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[EBP-1040],ECX
MOV EDX,DWORD PTR SS:[EBP-1040]
MOV AL,BYTE PTR DS:[EDX+30]
MOV BYTE PTR SS:[EBP-1039],AL
MOV ECX,DWORD PTR SS:[EBP-1040]
MOV DL,BYTE PTR SS:[EBP-1041]
MOV BYTE PTR DS:[ECX+30],DL
CALL DWORD PTR DS:[<&KERNEL32.GetVersion ; [KERNEL32

25 FFFF0000
0FB7C0
C1E8 08
25 FF000000
0FB6C8
51
8B8D CCEFFFFF
E8 3833FFFF

AND EAX,0000FFFF
MOVZX EAX,AX
SHR EAX,8
AND EAX,000000FF
MOVZX ECX,AL
PUSH ECX
MOV ECX,DWORD PTR SS:[EBP-1034]
CALL 00405E60

8985 B0EFFFFF MOV DWORD PTR SS:[EBP-1050],EAX

;
;
;
;
;
;
;
;
;
;
;
;

|
|
|
|
|
|
|
|
|
|
|
\SystemIn

; /Arg1
; |
; \SystemIn

00412B2E |.
00412B34 |.
00412B3A |.
00412B40 |.
00412B42 |.
00412B48 |.
00412B4B |.
00412B51 |.
00412B57 |.
00412B5A |.
00412B60 |.
00412B66 |.
00412B6C |.
00412B6F |.
.GetVersion
00412B75 |.
00412B78 |.
00412B7D |.
00412B80 |.
.GetVersion
00412B86 |.
00412B8B |.
00412B8D |.
00412B93 |.
00412B99 |.
00412B9B |.
00412B9C |.
00412BA1 |.
00412BA7 |.
00412BA8 |.
00412BAD |.
00412BB0 |.
00412BB2 |.
fo.00405E60
00412BB7 |.
00412BBC |>
.GetVersion
00412BC2 |.
00412BC7 |.
00412BCD |.
.GetVersion
00412BD3 |.
00412BD8 |.
00412BDB |.
00412BDE |.
00412BE3 |.
00412BE6 |.
00412BE9 |.
00412BEB |.
"
00412BF5 |.
00412BF7 |>
.GetVersion
00412BFD |.
00412C02 |.
00412C05 |.
00412C08 |.
00412C0E |.
00412C11 |.
00412C14 |.

8A95
8895
8B85
8B08
8B95
0351
8995
8B85
8A48
888D
8B95
8A85
8842
FF15

17F9FFFF MOV DL,BYTE PTR SS:[EBP-6E9]


B7EFFFFF MOV BYTE PTR SS:[EBP-1049],DL
B0EFFFFF MOV EAX,DWORD PTR SS:[EBP-1050]
MOV ECX,DWORD PTR DS:[EAX]
B0EFFFFF MOV EDX,DWORD PTR SS:[EBP-1050]
04
ADD EDX,DWORD PTR DS:[ECX+4]
B8EFFFFF MOV DWORD PTR SS:[EBP-1048],EDX
B8EFFFFF MOV EAX,DWORD PTR SS:[EBP-1048]
30
MOV CL,BYTE PTR DS:[EAX+30]
BEEFFFFF MOV BYTE PTR SS:[EBP-1042],CL
B8EFFFFF MOV EDX,DWORD PTR SS:[EBP-1048]
B7EFFFFF MOV AL,BYTE PTR SS:[EBP-1049]
30
MOV BYTE PTR DS:[EDX+30],AL
54804400 CALL DWORD PTR DS:[<&KERNEL32.GetVersion ; [KERNEL32

C1E8 10
25 FFFF0000
0FB7F0
FF15 54804400

SHR EAX,10
AND EAX,0000FFFF
MOVZX ESI,AX
CALL DWORD PTR DS:[<&KERNEL32.GetVersion ; [KERNEL32

3D 00000080
1BC9
81E1 00400000
81C1 FF3F0000
23F1
56
68 D0914400
8B95 B0EFFFFF
52
E8 B37DFFFF
83C4 08
8BC8
E8 A932FFFF

CMP EAX,80000000
SBB ECX,ECX
AND ECX,00004000
ADD ECX,3FFF
AND ESI,ECX
PUSH ESI
PUSH OFFSET 004491D0
MOV EDX,DWORD PTR SS:[EBP-1050]
PUSH EDX
CALL 0040A960
ADD ESP,8
MOV ECX,EAX
CALL 00405E60

;
;
;
;
;
;
;
;

/Arg1
|
|
|
|
|
|
\SystemIn

E9 AC020000 JMP 00412E68


FF15 54804400 CALL DWORD PTR DS:[<&KERNEL32.GetVersion ; [KERNEL32
25 00000040 AND EAX,40000000
0F84 EE010000 JE 00412DBB
FF15 54804400 CALL DWORD PTR DS:[<&KERNEL32.GetVersion ; [KERNEL32
25 FFFF0000
0FB7C0
C1E8 08
25 FF000000
0FB6C8
83F9 0A
7D 0C
C785 08EBFFFF

AND EAX,0000FFFF
MOVZX EAX,AX
SHR EAX,8
AND EAX,000000FF
MOVZX ECX,AL
CMP ECX,0A
JGE SHORT 00412BF7
MOV DWORD PTR SS:[EBP-14F8],OFFSET 00449 ; ASCII "95

EB 41
JMP SHORT 00412C38
FF15 54804400 CALL DWORD PTR DS:[<&KERNEL32.GetVersion ; [KERNEL32
25 FFFF0000
0FB7D0
C1EA 08
81E2 FF000000
0FB6C2
83F8 5A
7D 0C

AND EAX,0000FFFF
MOVZX EDX,AX
SHR EDX,8
AND EDX,000000FF
MOVZX EAX,DL
CMP EAX,5A
JGE SHORT 00412C22

00412C16 |.
"
00412C20 |.
00412C22 |>
"
00412C2C |>
00412C32 |.
00412C38 |>
00412C3F |.
00412C46 |.
00412C48 |.
00412C4E |.
00412C4F |.
fo.0042D798
00412C54 |.
00412C57 |.
00412C5D |.
00412C62 |.
.GetVersion
00412C68 |.
00412C6D |.
00412C70 |.
00412C75 |.
00412C78 |.
00412C79 |.
00412C7E |.
00412C84 |.
00412C85 |.
indows "
00412C8A |.
00412C8D |.
00412C8E |.
00412C93 |.
00412C96 |.
00412C97 |.
00412C9C |.
00412C9F |.
00412CA0 |.
00412CA5 |.
00412CA8 |.
00412CAA |.
fo.00405E60
00412CAF |.
00412CB0 |.
00412CB5 |.
00412CB8 |.
00412CBE |.
00412CC5 |.
00412CC7 |.
00412CD1 |.
00412CD3 |>
00412CD9 |.
00412CDB |.
00412CE1 |.
00412CE4 |.
00412CEA |>
00412CF0 |.
00412CF3 |.
00412CF4 |.
00412CFA |.

C785 04EBFFFF MOV DWORD PTR SS:[EBP-14FC],OFFSET 00449 ; ASCII "98


EB 0A
JMP SHORT 00412C2C
C785 04EBFFFF MOV DWORD PTR SS:[EBP-14FC],OFFSET 00449 ; ASCII "Me
8B8D 04EBFFFF
898D 08EBFFFF
C685 0BF9FFFF
C685 0AF9FFFF
6A 02
8D95 00F9FFFF
52
E8 44AB0100

MOV ECX,DWORD PTR SS:[EBP-14FC]


MOV DWORD PTR SS:[EBP-14F8],ECX
MOV BYTE PTR SS:[EBP-6F5],20
MOV BYTE PTR SS:[EBP-6F6],30
PUSH 2
LEA EDX,[EBP-700]
PUSH EDX
CALL 0042D798

83C4 08
8985 A8EFFFFF
68 D0914400
FF15 54804400

ADD ESP,8
MOV DWORD PTR SS:[EBP-1058],EAX
PUSH OFFSET 004491D0
CALL DWORD PTR DS:[<&KERNEL32.GetVersion ; [KERNEL32

25 FFFF0000
0FB7C0
25 FF000000
0FB6C8
51
68 80874400
8B95 08EBFFFF
52
68 8C914400

AND EAX,0000FFFF
MOVZX EAX,AX
AND EAX,000000FF
MOVZX ECX,AL
PUSH ECX
PUSH OFFSET 00448780
MOV EDX,DWORD PTR SS:[EBP-14F8]
PUSH EDX
PUSH OFFSET 0044918C

;
;
;
;
;

/Arg1
|
|
|
|ASCII "W

8B45 08
50
E8 CD7CFFFF
83C4 08
50
E8 C47CFFFF
83C4 08
50
E8 BB7CFFFF
83C4 08
8BC8
E8 B131FFFF

MOV EAX,DWORD PTR SS:[EBP+8]


PUSH EAX
CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
MOV ECX,EAX
CALL 00405E60

;
;
;
;
;
;
;
;
;
;
;
;

|
|
|
|
|
|
|
|
|
|
|
\SystemIn

50
E8 AB7CFFFF
83C4 08
8985 ACEFFFFF
83BD ACEFFFFF
75 0C
C785 00EBFFFF
EB 17
8B8D ACEFFFFF
8B11
8B85 ACEFFFFF
0342 04
8985 00EBFFFF
8B8D A8EFFFFF
8B51 04
52
8B85 00EBFFFF
50

PUSH EAX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[EBP-1054],EAX
CMP DWORD PTR SS:[EBP-1054],0
JNE SHORT 00412CD3
MOV DWORD PTR SS:[EBP-1500],0
JMP SHORT 00412CEA
MOV ECX,DWORD PTR SS:[EBP-1054]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[EBP-1054]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[EBP-1500],EAX
MOV ECX,DWORD PTR SS:[EBP-1058]
MOV EDX,DWORD PTR DS:[ECX+4]
PUSH EDX
MOV EAX,DWORD PTR SS:[EBP-1500]
PUSH EAX

;
;
;
;

/Arg2 = 2
|
|Arg1
\SystemIn

00412CFB |.
00412D01 |.
00412D03 |.
00412D05 |.
00412D08 |.
00412D0E |.
00412D14 |.
00412D1A |.
00412D1C |.
00412D22 |.
00412D25 |.
00412D2B |.
00412D31 |.
00412D34 |.
00412D3A |.
00412D40 |.
00412D46 |.
00412D49 |.
.GetVersion
00412D4F |.
00412D54 |.
00412D57 |.
00412D5A |.
00412D60 |.
00412D63 |.
00412D64 |.
00412D6A |.
fo.00405E60
00412D6F |.
00412D75 |.
00412D7B |.
00412D81 |.
00412D87 |.
00412D89 |.
00412D8F |.
00412D92 |.
00412D98 |.
00412D9E |.
00412DA1 |.
00412DA7 |.
00412DAD |.
00412DB3 |.
00412DB6 |.
00412DBB |>
00412DC0 |.
.GetVersion
00412DC6 |.
00412DC9 |.
00412DCE |.
00412DD1 |.
.GetVersion
00412DD7 |.
00412DDC |.
00412DDE |.
00412DE3 |.
00412DE8 |.
00412DEA |.
00412DEB |.
(build "
00412DF0 |.

8B8D
8B11
FFD2
83C4
8A85
8885
8B8D
8B11
8B85
0342
8985
8B8D
8A51
8895
8B85
8A8D
8848
FF15

A8EFFFFF MOV ECX,DWORD PTR SS:[EBP-1058]


MOV EDX,DWORD PTR DS:[ECX]
CALL EDX
08
ADD ESP,8
0AF9FFFF MOV AL,BYTE PTR SS:[EBP-6F6]
9FEFFFFF MOV BYTE PTR SS:[EBP-1061],AL
ACEFFFFF MOV ECX,DWORD PTR SS:[EBP-1054]
MOV EDX,DWORD PTR DS:[ECX]
ACEFFFFF MOV EAX,DWORD PTR SS:[EBP-1054]
04
ADD EAX,DWORD PTR DS:[EDX+4]
A0EFFFFF MOV DWORD PTR SS:[EBP-1060],EAX
A0EFFFFF MOV ECX,DWORD PTR SS:[EBP-1060]
30
MOV DL,BYTE PTR DS:[ECX+30]
A7EFFFFF MOV BYTE PTR SS:[EBP-1059],DL
A0EFFFFF MOV EAX,DWORD PTR SS:[EBP-1060]
9FEFFFFF MOV CL,BYTE PTR SS:[EBP-1061]
30
MOV BYTE PTR DS:[EAX+30],CL
54804400 CALL DWORD PTR DS:[<&KERNEL32.GetVersion ; [KERNEL32

25 FFFF0000
0FB7D0
C1EA 08
81E2 FF000000
0FB6C2
50
8B8D ACEFFFFF
E8 F130FFFF

AND EAX,0000FFFF
MOVZX EDX,AX
SHR EDX,8
AND EDX,000000FF
MOVZX EAX,DL
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP-1054]
CALL 00405E60

8985 90EFFFFF
8A8D 0BF9FFFF
888D 97EFFFFF
8B95 90EFFFFF
8B02
8B8D 90EFFFFF
0348 04
898D 98EFFFFF
8B95 98EFFFFF
8A42 30
8885 9EEFFFFF
8B8D 98EFFFFF
8A95 97EFFFFF
8851 30
E9 AD000000
68 68854400
FF15 54804400

MOV DWORD PTR SS:[EBP-1070],EAX


MOV CL,BYTE PTR SS:[EBP-6F5]
MOV BYTE PTR SS:[EBP-1069],CL
MOV EDX,DWORD PTR SS:[EBP-1070]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[EBP-1070]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[EBP-1068],ECX
MOV EDX,DWORD PTR SS:[EBP-1068]
MOV AL,BYTE PTR DS:[EDX+30]
MOV BYTE PTR SS:[EBP-1062],AL
MOV ECX,DWORD PTR SS:[EBP-1068]
MOV DL,BYTE PTR SS:[EBP-1069]
MOV BYTE PTR DS:[ECX+30],DL
JMP 00412E68
PUSH OFFSET 00448568
CALL DWORD PTR DS:[<&KERNEL32.GetVersion ; [KERNEL32

C1E8 10
25 FFFF0000
0FB7F0
FF15 54804400

SHR EAX,10
AND EAX,0000FFFF
MOVZX ESI,AX
CALL DWORD PTR DS:[<&KERNEL32.GetVersion ; [KERNEL32

3D 00000080
1BC0
25 00400000
05 FF3F0000
23F0
56
68 74914400

CMP EAX,80000000
SBB EAX,EAX
AND EAX,00004000
ADD EAX,3FFF
AND ESI,EAX
PUSH ESI
PUSH OFFSET 00449174

; /Arg1
; |
; \SystemIn

; /Arg1
; |ASCII "

FF15 54804400 CALL DWORD PTR DS:[<&KERNEL32.GetVersion ; |[KERNEL3

2.GetVersion
00412DF6 |. 25 FFFF0000 AND EAX,0000FFFF
00412DFB |. 0FB7C8
MOVZX ECX,AX
00412DFE |. C1E9 08
SHR ECX,8
00412E01 |. 81E1 FF000000 AND ECX,000000FF
00412E07 |. 0FB6D1
MOVZX EDX,CL
00412E0A |. 52
PUSH EDX
00412E0B |. 68 D0914400 PUSH OFFSET 004491D0
00412E10 |. FF15 54804400 CALL DWORD PTR DS:[<&KERNEL32.GetVersion
32.GetVersion
00412E16 |. 25 FFFF0000 AND EAX,0000FFFF
00412E1B |. 0FB7C0
MOVZX EAX,AX
00412E1E |. 25 FF000000 AND EAX,000000FF
00412E23 |. 0FB6C8
MOVZX ECX,AL
00412E26 |. 51
PUSH ECX
00412E27 |. 68 8C914400 PUSH OFFSET 0044918C
"Windows "
00412E2C |. 8B55 08
MOV EDX,DWORD PTR SS:[EBP+8]
00412E2F |. 52
PUSH EDX
00412E30 |. E8 2B7BFFFF CALL 0040A960
00412E35 |. 83C4 08
ADD ESP,8
00412E38 |. 8BC8
MOV ECX,EAX
00412E3A |. E8 2130FFFF CALL 00405E60
Info.00405E60
00412E3F |. 50
PUSH EAX
00412E40 |. E8 1B7BFFFF CALL 0040A960
00412E45 |. 83C4 08
ADD ESP,8
00412E48 |. 8BC8
MOV ECX,EAX
00412E4A |. E8 1130FFFF CALL 00405E60
nfo.00405E60
00412E4F |. 50
PUSH EAX
00412E50 |. E8 0B7BFFFF CALL 0040A960
00412E55 |. 83C4 08
ADD ESP,8
00412E58 |. 8BC8
MOV ECX,EAX
00412E5A |. E8 0130FFFF CALL 00405E60
fo.00405E60
00412E5F |. 50
PUSH EAX
00412E60 |. E8 FB7AFFFF CALL 0040A960
00412E65 |. 83C4 08
ADD ESP,8
00412E68 |> 6A 0A
PUSH 0A
A
00412E6A |. 8B4D 08
MOV ECX,DWORD PTR SS:[EBP+8]
00412E6D |. E8 4EC7FFFF CALL 0040F5C0
fo.0040F5C0
00412E72 |. 8B4D 08
MOV ECX,DWORD PTR SS:[EBP+8]
00412E75 |. E8 46C9FFFF CALL 0040F7C0
fo.0040F7C0
00412E7A |. 8D85 F8FBFFFF LEA EAX,[EBP-408]
00412E80 |. 50
PUSH EAX
00412E81 |. 6A 01
PUSH 1
ccess = KEY_QUERY_VALUE
00412E83 |. 6A 00
PUSH 0
= 0
00412E85 |. 68 6C8F4400 PUSH OFFSET 00448F6C
"SOFTWARE\Microsoft\Internet Explorer"
00412E8A |. 68 02000080 PUSH 80000002
KEY_LOCAL_MACHINE
00412E8F |. FF15 08804400 CALL DWORD PTR DS:[<&ADVAPI32.RegOpenKey
.RegOpenKeyExA
00412E95 |. 85C0
TEST EAX,EAX

;
;
;
;
;
;
;
;

|
|
|
|
|
|/Arg1
||
||[KERNEL

;
;
;
;
;
;

||
||
||
||
||/Arg1
|||ASCII

;
;
;
;
;
;

|||
|||
|||
|||
|||
||\System

;
;
;
;
;

||
||
||
||
|\SystemI

;
;
;
;
;

|
|
|
|
\SystemIn

; /Arg1 = 0
; |
; \SystemIn
; [SystemIn
; /pResult
; |DesiredA
; |Reserved
; |SubKey =
; |hKey = H
; \ADVAPI32

00412E97 |. 0F85 47040000


00412E9D |. C785 F4FBFFFF
00412EA7 |. 8D8D F4FBFFFF
00412EAD |. 51
00412EAE |. 8D95 F4FAFFFF
00412EB4 |. 52
00412EB5 |. 6A 00
NULL
00412EB7 |. 6A 00
= 0
00412EB9 |. 68 648F4400
Version"
00412EBE |. 8B85 F8FBFFFF
00412EC4 |. 50
00412EC5 |. FF15 04804400
.RegQueryValueExA
00412ECB |. 85C0
00412ECD |. 0F85 04040000
00412ED3 |. 68 77874400
ystemInfo.448777
00412ED8 |. 8D8D D8F8FFFF
00412EDE |. E8 0DBDFFFF
fo.0040EBF0
00412EE3 |. C745 FC 0C000
00412EEA |. 8D8D D8F8FFFF
00412EF0 |. 51
00412EF1 |. B9 0C294500
00412EF6 |. E8 2542FFFF
fo.00407120
00412EFB |. 8B15 FC284500
00412F01 |. 83C2 01
00412F04 |. 8915 FC284500
00412F0A |. 68 74874400
"
00412F0F |. A1 FC284500
00412F14 |. 50
[4528FC] = 0
00412F15 |. 68 D0914400
00412F1A |. 8B0D F8284500
00412F20 |. 51
[4528F8] = 0
00412F21 |. B9 08294500
00412F26 |. E8 352FFFFF
nfo.00405E60
00412F2B |. 50
00412F2C |. E8 2F7AFFFF
00412F31 |. 83C4 08
00412F34 |. 8BC8
00412F36 |. E8 252FFFFF
fo.00405E60
00412F3B |. 50
00412F3C |. E8 1F7AFFFF
00412F41 |. 83C4 08
00412F44 |. 8D95 BCF8FFFF
00412F4A |. 52
00412F4B |. B9 08294500
00412F50 |. E8 0B35FFFF
fo.00406460
00412F55 |. 8985 FCEAFFFF
00412F5B |. 8B85 FCEAFFFF

JNE 004132E4
MOV DWORD PTR SS:[EBP-40C],100
LEA ECX,[EBP-40C]
PUSH ECX
LEA EDX,[EBP-50C]
PUSH EDX
PUSH 0

;
;
;
;

PUSH 0

; |Reserved

PUSH OFFSET 00448F64

; |Name = "

/pDataLen
|
|pData
|pType =

MOV EAX,DWORD PTR SS:[EBP-408]


; |
PUSH EAX
; |hKey
CALL DWORD PTR DS:[<&ADVAPI32.RegQueryVa ; \ADVAPI32
TEST EAX,EAX
JNE 004132D7
PUSH OFFSET 00448777

; /Arg1 = S

LEA ECX,[EBP-728]
CALL 0040EBF0

; |
; \SystemIn

MOV DWORD PTR SS:[EBP-4],0C


LEA ECX,[EBP-728]
PUSH ECX
MOV ECX,OFFSET 0045290C
CALL 00407120

; /Arg1
; |
; \SystemIn

MOV EDX,DWORD PTR DS:[4528FC]


ADD EDX,1
MOV DWORD PTR DS:[4528FC],EDX
PUSH OFFSET 00448774

; ASCII ".

MOV EAX,DWORD PTR DS:[4528FC]


PUSH EAX

; /Arg1 =>

PUSH OFFSET 004491D0


MOV ECX,DWORD PTR DS:[4528F8]
PUSH ECX

; |
; |
; |/Arg1 =>

MOV ECX,OFFSET 00452908


CALL 00405E60

; ||
; |\SystemI

PUSH EAX
CALL 0040A960
ADD ESP,8
MOV ECX,EAX
CALL 00405E60

;
;
;
;
;

PUSH EAX
CALL 0040A960
ADD ESP,8
LEA EDX,[EBP-744]
PUSH EDX
MOV ECX,OFFSET 00452908
CALL 00406460

; /Arg1
; |
; \SystemIn

MOV DWORD PTR SS:[EBP-1504],EAX


MOV EAX,DWORD PTR SS:[EBP-1504]

|
|
|
|
\SystemIn

00412F61 |.
00412F67 |.
00412F6B |.
00412F72 |.
00412F79 |.
00412F7D |.
00412F7F |.
00412F89 |.
00412F8B |>
00412F8E |.
00412F90 |.
00412F93 |.
00412F96 |.
00412F9C |>
00412FA2 |.
00412FA5 |.
00412FAB |.
00412FB0 |.
00412FB2 |.
00412FB8 |.
00412FBB |.
00412FC0 |.
00412FC6 |.
00412FCC |.
00412FCE |.
00412FD4 |.
00412FD7 |.
00412FD9 |.
00412FDF |.
00412FE0 |.
fo.0042D798
00412FE5 |.
00412FE8 |.
00412FEE |.
00412FF2 |.
00412FF4 |.
00412FFE |.
00413000 |>
00413003 |.
00413005 |.
00413008 |.
0041300B |.
00413011 |>
00413017 |.
0041301A |.
0041301B |.
00413021 |.
00413022 |.
00413028 |.
0041302A |.
0041302C |.
0041302F |.
00413035 |.
00413036 |.
00413039 |.
0041303A |.
0041303F |.
00413042 |.
00413048 |.
0041304F |.

8985 F8EAFFFF
C645 FC 0D
C685 FFF8FFFF
C685 FEF8FFFF
837D 08 00
75 0C
C785 74EFFFFF
EB 11
8B4D 08
8B11
8B45 08
0342 04
8985 74EFFFFF
8B8D 74EFFFFF
8B51 10
8995 78EFFFFF
B8 C0010000
F7D0
8B8D 74EFFFFF
2341 10
BA 40000000
81E2 C0010000
81E2 FFFF0000
0BC2
8B8D 74EFFFFF
8941 10
6A 06
8D95 B4F8FFFF
52
E8 B3A70100

MOV DWORD PTR SS:[EBP-1508],EAX


MOV BYTE PTR SS:[EBP-4],0D
MOV BYTE PTR SS:[EBP-701],20
MOV BYTE PTR SS:[EBP-702],2E
CMP DWORD PTR SS:[EBP+8],0
JNE SHORT 00412F8B
MOV DWORD PTR SS:[EBP-108C],0
JMP SHORT 00412F9C
MOV ECX,DWORD PTR SS:[EBP+8]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[EBP+8]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[EBP-108C],EAX
MOV ECX,DWORD PTR SS:[EBP-108C]
MOV EDX,DWORD PTR DS:[ECX+10]
MOV DWORD PTR SS:[EBP-1088],EDX
MOV EAX,1C0
NOT EAX
MOV ECX,DWORD PTR SS:[EBP-108C]
AND EAX,DWORD PTR DS:[ECX+10]
MOV EDX,40
AND EDX,000001C0
AND EDX,0000FFFF
OR EAX,EDX
MOV ECX,DWORD PTR SS:[EBP-108C]
MOV DWORD PTR DS:[ECX+10],EAX
PUSH 6
LEA EDX,[EBP-74C]
PUSH EDX
CALL 0042D798

83C4 08
8985 70EFFFFF
837D 08 00
75 0C
C785 F4EAFFFF
EB 11
8B45 08
8B08
8B55 08
0351 04
8995 F4EAFFFF
8B85 70EFFFFF
8B48 04
51
8B95 F4EAFFFF
52
8B85 70EFFFFF
8B08
FFD1
83C4 08
8B95 F8EAFFFF
52
8B45 08
50
E8 217EFFFF
83C4 08
8985 64EFFFFF
83BD 64EFFFFF
75 0C

ADD ESP,8
MOV DWORD PTR SS:[EBP-1090],EAX
CMP DWORD PTR SS:[EBP+8],0
JNE SHORT 00413000
MOV DWORD PTR SS:[EBP-150C],0
JMP SHORT 00413011
MOV EAX,DWORD PTR SS:[EBP+8]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[EBP+8]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[EBP-150C],EDX
MOV EAX,DWORD PTR SS:[EBP-1090]
MOV ECX,DWORD PTR DS:[EAX+4]
PUSH ECX
MOV EDX,DWORD PTR SS:[EBP-150C]
PUSH EDX
MOV EAX,DWORD PTR SS:[EBP-1090]
MOV ECX,DWORD PTR DS:[EAX]
CALL ECX
ADD ESP,8
MOV EDX,DWORD PTR SS:[EBP-1508]
PUSH EDX
MOV EAX,DWORD PTR SS:[EBP+8]
PUSH EAX
CALL 0040AE60
ADD ESP,8
MOV DWORD PTR SS:[EBP-109C],EAX
CMP DWORD PTR SS:[EBP-109C],0
JNE SHORT 0041305D

;
;
;
;

/Arg2 = 6
|
|Arg1
\SystemIn

00413051 |.
0041305B |.
0041305D |>
00413063 |.
00413065 |.
0041306B |.
0041306E |.
00413074 |>
0041307A |.
0041307D |.
00413083 |.
00413088 |.
0041308A |.
00413090 |.
00413093 |.
00413098 |.
0041309E |.
004130A4 |.
004130A6 |.
004130AC |.
004130AF |.
3
004130B1 |.
004130B7 |.
004130B8 |.
fo.0042D798
004130BD |.
004130C0 |.
004130C6 |.
004130CD |.
004130CF |.
004130D9 |.
004130DB |>
004130E1 |.
004130E3 |.
004130E9 |.
004130EC |.
004130F2 |>
004130F8 |.
004130FB |.
004130FC |.
00413102 |.
00413103 |.
00413109 |.
0041310B |.
0041310D |.
00413110 |.
00413116 |.
0041311C |.
00413122 |.
00413124 |.
0041312A |.
0041312D |.
00413133 |.
00413139 |.
0041313C |.
00413142 |.
00413148 |.
0041314E |.
00413151 |.

C785 68EFFFFF
EB 17
8B8D 64EFFFFF
8B11
8B85 64EFFFFF
0342 04
8985 68EFFFFF
8B8D 68EFFFFF
8B51 10
8995 6CEFFFFF
B8 C0010000
F7D0
8B8D 68EFFFFF
2341 10
BA 80000000
81E2 C0010000
81E2 FFFF0000
0BC2
8B8D 68EFFFFF
8941 10
6A 23

MOV DWORD PTR SS:[EBP-1098],0


JMP SHORT 00413074
MOV ECX,DWORD PTR SS:[EBP-109C]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[EBP-109C]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[EBP-1098],EAX
MOV ECX,DWORD PTR SS:[EBP-1098]
MOV EDX,DWORD PTR DS:[ECX+10]
MOV DWORD PTR SS:[EBP-1094],EDX
MOV EAX,1C0
NOT EAX
MOV ECX,DWORD PTR SS:[EBP-1098]
AND EAX,DWORD PTR DS:[ECX+10]
MOV EDX,80
AND EDX,000001C0
AND EDX,0000FFFF
OR EAX,EDX
MOV ECX,DWORD PTR SS:[EBP-1098]
MOV DWORD PTR DS:[ECX+10],EAX
PUSH 23

8D95 F4F8FFFF LEA EDX,[EBP-70C]


52
PUSH EDX
E8 DBA60100 CALL 0042D798
83C4 08
8985 60EFFFFF
83BD 64EFFFFF
75 0C
C785 F0EAFFFF
EB 17
8B85 64EFFFFF
8B08
8B95 64EFFFFF
0351 04
8995 F0EAFFFF
8B85 60EFFFFF
8B48 04
51
8B95 F0EAFFFF
52
8B85 60EFFFFF
8B08
FFD1
83C4 08
8A95 FEF8FFFF
8895 57EFFFFF
8B85 64EFFFFF
8B08
8B95 64EFFFFF
0351 04
8995 58EFFFFF
8B85 58EFFFFF
8A48 30
888D 5FEFFFFF
8B95 58EFFFFF
8A85 57EFFFFF
8842 30
83BD 64EFFFFF

ADD ESP,8
MOV DWORD PTR SS:[EBP-10A0],EAX
CMP DWORD PTR SS:[EBP-109C],0
JNE SHORT 004130DB
MOV DWORD PTR SS:[EBP-1510],0
JMP SHORT 004130F2
MOV EAX,DWORD PTR SS:[EBP-109C]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[EBP-109C]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[EBP-1510],EDX
MOV EAX,DWORD PTR SS:[EBP-10A0]
MOV ECX,DWORD PTR DS:[EAX+4]
PUSH ECX
MOV EDX,DWORD PTR SS:[EBP-1510]
PUSH EDX
MOV EAX,DWORD PTR SS:[EBP-10A0]
MOV ECX,DWORD PTR DS:[EAX]
CALL ECX
ADD ESP,8
MOV DL,BYTE PTR SS:[EBP-702]
MOV BYTE PTR SS:[EBP-10A9],DL
MOV EAX,DWORD PTR SS:[EBP-109C]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[EBP-109C]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[EBP-10A8],EDX
MOV EAX,DWORD PTR SS:[EBP-10A8]
MOV CL,BYTE PTR DS:[EAX+30]
MOV BYTE PTR SS:[EBP-10A1],CL
MOV EDX,DWORD PTR SS:[EBP-10A8]
MOV AL,BYTE PTR SS:[EBP-10A9]
MOV BYTE PTR DS:[EDX+30],AL
CMP DWORD PTR SS:[EBP-109C],0

; /Arg2 = 2
; |
; |Arg1
; \SystemIn

00413158 |. 75 0C
0041315A |. C785 4CEFFFFF
00413164 |. EB 17
00413166 |> 8B8D 64EFFFFF
0041316C |. 8B11
0041316E |. 8B85 64EFFFFF
00413174 |. 0342 04
00413177 |. 8985 4CEFFFFF
0041317D |> 8B8D 4CEFFFFF
00413183 |. 8B51 10
00413186 |. 8995 50EFFFFF
0041318C |. B8 C0010000
00413191 |. F7D0
00413193 |. 8B8D 4CEFFFFF
00413199 |. 2341 10
0041319C |. BA 40000000
004131A1 |. 81E2 C0010000
004131A7 |. 81E2 FFFF0000
004131AD |. 0BC2
004131AF |. 8B8D 4CEFFFFF
004131B5 |. 8941 10
004131B8 |. 68 488F4400
ternet Explorer Version"
004131BD |. 8B95 64EFFFFF
004131C3 |. 52
004131C4 |. E8 9777FFFF
004131C9 |. 83C4 08
004131CC |. 8985 40EFFFFF
004131D2 |. 83BD 40EFFFFF
004131D9 |. 75 0C
004131DB |. C785 44EFFFFF
004131E5 |. EB 17
004131E7 |> 8B85 40EFFFFF
004131ED |. 8B08
004131EF |. 8B95 40EFFFFF
004131F5 |. 0351 04
004131F8 |. 8995 44EFFFFF
004131FE |> 8B85 44EFFFFF
00413204 |. 8B48 10
00413207 |. 898D 48EFFFFF
0041320D |. BA C0010000
00413212 |. F7D2
00413214 |. 8B85 44EFFFFF
0041321A |. 2350 10
0041321D |. B9 80000000
00413222 |. 81E1 C0010000
00413228 |. 81E1 FFFF0000
0041322E |. 0BD1
00413230 |. 8B85 44EFFFFF
00413236 |. 8950 10
00413239 |. 8A8D FFF8FFFF
0041323F |. 888D 37EFFFFF
00413245 |. 8B95 40EFFFFF
0041324B |. 8B02
0041324D |. 8B8D 40EFFFFF
00413253 |. 0348 04
00413256 |. 898D 38EFFFFF
0041325C |. 8B95 38EFFFFF
00413262 |. 8A42 30
00413265 |. 8885 3FEFFFFF

JNE SHORT 00413166


MOV DWORD PTR SS:[EBP-10B4],0
JMP SHORT 0041317D
MOV ECX,DWORD PTR SS:[EBP-109C]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[EBP-109C]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[EBP-10B4],EAX
MOV ECX,DWORD PTR SS:[EBP-10B4]
MOV EDX,DWORD PTR DS:[ECX+10]
MOV DWORD PTR SS:[EBP-10B0],EDX
MOV EAX,1C0
NOT EAX
MOV ECX,DWORD PTR SS:[EBP-10B4]
AND EAX,DWORD PTR DS:[ECX+10]
MOV EDX,40
AND EDX,000001C0
AND EDX,0000FFFF
OR EAX,EDX
MOV ECX,DWORD PTR SS:[EBP-10B4]
MOV DWORD PTR DS:[ECX+10],EAX
PUSH OFFSET 00448F48
MOV EDX,DWORD PTR SS:[EBP-109C]
PUSH EDX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[EBP-10C0],EAX
CMP DWORD PTR SS:[EBP-10C0],0
JNE SHORT 004131E7
MOV DWORD PTR SS:[EBP-10BC],0
JMP SHORT 004131FE
MOV EAX,DWORD PTR SS:[EBP-10C0]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[EBP-10C0]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[EBP-10BC],EDX
MOV EAX,DWORD PTR SS:[EBP-10BC]
MOV ECX,DWORD PTR DS:[EAX+10]
MOV DWORD PTR SS:[EBP-10B8],ECX
MOV EDX,1C0
NOT EDX
MOV EAX,DWORD PTR SS:[EBP-10BC]
AND EDX,DWORD PTR DS:[EAX+10]
MOV ECX,80
AND ECX,000001C0
AND ECX,0000FFFF
OR EDX,ECX
MOV EAX,DWORD PTR SS:[EBP-10BC]
MOV DWORD PTR DS:[EAX+10],EDX
MOV CL,BYTE PTR SS:[EBP-701]
MOV BYTE PTR SS:[EBP-10C9],CL
MOV EDX,DWORD PTR SS:[EBP-10C0]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[EBP-10C0]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[EBP-10C8],ECX
MOV EDX,DWORD PTR SS:[EBP-10C8]
MOV AL,BYTE PTR DS:[EDX+30]
MOV BYTE PTR SS:[EBP-10C1],AL

; ASCII "In

0041326B |. 8B8D 38EFFFFF


00413271 |. 8A95 37EFFFFF
00413277 |. 8851 30
0041327A |. 8D85 F4FAFFFF
00413280 |. 50
00413281 |. 8B8D 40EFFFFF
00413287 |. 51
00413288 |. E8 D376FFFF
0041328D |. 83C4 08
00413290 |. 8985 30EFFFFF
00413296 |. 6A 0A
A
00413298 |. 8B8D 30EFFFFF
0041329E |. E8 1DC3FFFF
fo.0040F5C0
004132A3 |. 8B8D 30EFFFFF
004132A9 |. E8 12C5FFFF
fo.0040F7C0
004132AE |. C645 FC 0C
004132B2 |. 6A 00
004132B4 |. 6A 01
004132B6 |. 8D8D BCF8FFFF
004132BC |. E8 9FC8FFFF
fo.0040FB60
004132C1 |. C745 FC FFFFF
004132C8 |. 6A 00
004132CA |. 6A 01
004132CC |. 8D8D D8F8FFFF
004132D2 |. E8 89C8FFFF
fo.0040FB60
004132D7 |> 8B95 F8FBFFFF
004132DD |. 52
004132DE |. FF15 14804400
.RegCloseKey
004132E4 |> 6A 00
= 0
004132E6 |. FF15 F4814400
etKeyboardLayout
004132EC |. 8945 D4
004132EF |. C745 C0 00000
004132F6 |. C785 28FFFFFF
00413300 |. 8B85 28FFFFFF
00413306 |. 50
00413307 |. E8 40A50100
fo.0042D84C
0041330C |. 83C4 04
0041330F |. 8985 B0F8FFFF
00413315 |. 8B8D B0F8FFFF
0041331B |. 894D E0
0041331E |. 68 77874400
ystemInfo.448777
00413323 |. 8D8D 88F8FFFF
00413329 |. E8 C2B8FFFF
fo.0040EBF0
0041332E |. C745 FC 0E000
00413335 |. 8D95 88F8FFFF
0041333B |. 52
0041333C |. B9 0C294500
00413341 |. E8 DA3DFFFF
fo.00407120

MOV ECX,DWORD PTR SS:[EBP-10C8]


MOV DL,BYTE PTR SS:[EBP-10C9]
MOV BYTE PTR DS:[ECX+30],DL
LEA EAX,[EBP-50C]
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP-10C0]
PUSH ECX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[EBP-10D0],EAX
PUSH 0A

; /Arg1 = 0

MOV ECX,DWORD PTR SS:[EBP-10D0]


CALL 0040F5C0

; |
; \SystemIn

MOV ECX,DWORD PTR SS:[EBP-10D0]


CALL 0040F7C0

; [SystemIn

MOV BYTE PTR SS:[EBP-4],0C


PUSH 0
PUSH 1
LEA ECX,[EBP-744]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

MOV DWORD PTR SS:[EBP-4],-1


PUSH 0
PUSH 1
LEA ECX,[EBP-728]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

MOV EDX,DWORD PTR SS:[EBP-408]


PUSH EDX
; /hKey
CALL DWORD PTR DS:[<&ADVAPI32.RegCloseKe ; \ADVAPI32
PUSH 0

; /ThreadID

CALL DWORD PTR DS:[<&USER32.GetKeyboardL ; \USER32.G


MOV DWORD PTR
MOV DWORD PTR
MOV DWORD PTR
MOV EAX,DWORD
PUSH EAX
CALL 0042D84C

SS:[EBP-2C],EAX
SS:[EBP-40],0
SS:[EBP-0D8],10
PTR SS:[EBP-0D8]
; /Arg1
; \SystemIn

ADD ESP,4
MOV DWORD PTR SS:[EBP-750],EAX
MOV ECX,DWORD PTR SS:[EBP-750]
MOV DWORD PTR SS:[EBP-20],ECX
PUSH OFFSET 00448777

; /Arg1 = S

LEA ECX,[EBP-778]
CALL 0040EBF0

; |
; \SystemIn

MOV DWORD PTR SS:[EBP-4],0E


LEA EDX,[EBP-778]
PUSH EDX
MOV ECX,OFFSET 0045290C
CALL 00407120

; /Arg1
; |
; \SystemIn

00413346 |.
0041334B |.
0041334E |.
00413353 |.
"
00413358 |.
0041335E |.
[4528FC] = 0
0041335F |.
00413364 |.
0041336A |.
[4528F8] = 0
0041336B |.
00413370 |.
nfo.00405E60
00413375 |.
00413376 |.
0041337B |.
0041337E |.
00413380 |.
fo.00405E60
00413385 |.
00413386 |.
0041338B |.
0041338E |.
00413394 |.
00413395 |.
0041339A |.
fo.00406460
0041339F |.
004133A5 |.
004133AB |.
004133B1 |.
004133B5 |.
004133BC |.
004133C3 |.
004133C7 |.
004133C9 |.
004133D3 |.
004133D5 |>
004133D8 |.
004133DA |.
004133DD |.
004133E0 |.
004133E6 |>
004133EC |.
004133EF |.
004133F5 |.
004133FA |.
004133FC |.
00413402 |.
00413405 |.
0041340A |.
0041340F |.
00413414 |.
00413416 |.
0041341C |.
0041341F |.
00413421 |.
00413427 |.

A1 FC284500
83C0 01
A3 FC284500
68 74874400

MOV EAX,DWORD PTR DS:[4528FC]


ADD EAX,1
MOV DWORD PTR DS:[4528FC],EAX
PUSH OFFSET 00448774

; ASCII ".

8B0D FC284500 MOV ECX,DWORD PTR DS:[4528FC]


51
PUSH ECX

; /Arg1 =>

68 D0914400 PUSH OFFSET 004491D0


8B15 F8284500 MOV EDX,DWORD PTR DS:[4528F8]
52
PUSH EDX

; |
; |
; |/Arg1 =>

B9 08294500
E8 EB2AFFFF

MOV ECX,OFFSET 00452908


CALL 00405E60

; ||
; |\SystemI

50
E8 E575FFFF
83C4 08
8BC8
E8 DB2AFFFF

PUSH EAX
CALL 0040A960
ADD ESP,8
MOV ECX,EAX
CALL 00405E60

;
;
;
;
;

50
E8 D575FFFF
83C4 08
8D85 6CF8FFFF
50
B9 08294500
E8 C130FFFF

PUSH EAX
CALL 0040A960
ADD ESP,8
LEA EAX,[EBP-794]
PUSH EAX
MOV ECX,OFFSET 00452908
CALL 00406460

; /Arg1
; |
; \SystemIn

8985 ECEAFFFF
8B8D ECEAFFFF
898D E8EAFFFF
C645 FC 0F
C685 AFF8FFFF
C685 AEF8FFFF
837D 08 00
75 0C
C785 14EFFFFF
EB 11
8B55 08
8B02
8B4D 08
0348 04
898D 14EFFFFF
8B95 14EFFFFF
8B42 10
8985 18EFFFFF
B9 C0010000
F7D1
8B95 14EFFFFF
234A 10
B8 40000000
25 C0010000
25 FFFF0000
0BC8
8B95 14EFFFFF
894A 10
6A 06
8D85 64F8FFFF
50

MOV DWORD PTR SS:[EBP-1514],EAX


MOV ECX,DWORD PTR SS:[EBP-1514]
MOV DWORD PTR SS:[EBP-1518],ECX
MOV BYTE PTR SS:[EBP-4],0F
MOV BYTE PTR SS:[EBP-751],20
MOV BYTE PTR SS:[EBP-752],2E
CMP DWORD PTR SS:[EBP+8],0
JNE SHORT 004133D5
MOV DWORD PTR SS:[EBP-10EC],0
JMP SHORT 004133E6
MOV EDX,DWORD PTR SS:[EBP+8]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[EBP+8]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[EBP-10EC],ECX
MOV EDX,DWORD PTR SS:[EBP-10EC]
MOV EAX,DWORD PTR DS:[EDX+10]
MOV DWORD PTR SS:[EBP-10E8],EAX
MOV ECX,1C0
NOT ECX
MOV EDX,DWORD PTR SS:[EBP-10EC]
AND ECX,DWORD PTR DS:[EDX+10]
MOV EAX,40
AND EAX,000001C0
AND EAX,0000FFFF
OR ECX,EAX
MOV EDX,DWORD PTR SS:[EBP-10EC]
MOV DWORD PTR DS:[EDX+10],ECX
PUSH 6
LEA EAX,[EBP-79C]
PUSH EAX

; /Arg2 = 6
; |
; |Arg1

|
|
|
|
\SystemIn

00413428 |.
fo.0042D798
0041342D |.
00413430 |.
00413436 |.
0041343A |.
0041343C |.
00413446 |.
00413448 |>
0041344B |.
0041344D |.
00413450 |.
00413453 |.
00413459 |>
0041345F |.
00413462 |.
00413463 |.
00413469 |.
0041346A |.
00413470 |.
00413472 |.
00413474 |.
00413477 |.
0041347D |.
0041347E |.
00413481 |.
00413482 |.
00413487 |.
0041348A |.
00413490 |.
00413497 |.
00413499 |.
004134A3 |.
004134A5 |>
004134AB |.
004134AD |.
004134B3 |.
004134B6 |.
004134BC |>
004134C2 |.
004134C5 |.
004134CB |.
004134D0 |.
004134D2 |.
004134D8 |.
004134DB |.
004134E0 |.
004134E5 |.
004134EA |.
004134EC |.
004134F2 |.
004134F5 |.
3
004134F7 |.
004134FD |.
004134FE |.
fo.0042D798
00413503 |.
00413506 |.
0041350C |.

E8 6BA30100

CALL 0042D798

; \SystemIn

83C4 08
8985 10EFFFFF
837D 08 00
75 0C
C785 E4EAFFFF
EB 11
8B4D 08
8B11
8B45 08
0342 04
8985 E4EAFFFF
8B8D 10EFFFFF
8B51 04
52
8B85 E4EAFFFF
50
8B8D 10EFFFFF
8B11
FFD2
83C4 08
8B85 E8EAFFFF
50
8B4D 08
51
E8 D979FFFF
83C4 08
8985 04EFFFFF
83BD 04EFFFFF
75 0C
C785 08EFFFFF
EB 17
8B95 04EFFFFF
8B02
8B8D 04EFFFFF
0348 04
898D 08EFFFFF
8B95 08EFFFFF
8B42 10
8985 0CEFFFFF
B9 C0010000
F7D1
8B95 08EFFFFF
234A 10
B8 80000000
25 C0010000
25 FFFF0000
0BC8
8B95 08EFFFFF
894A 10
6A 23

ADD ESP,8
MOV DWORD PTR SS:[EBP-10F0],EAX
CMP DWORD PTR SS:[EBP+8],0
JNE SHORT 00413448
MOV DWORD PTR SS:[EBP-151C],0
JMP SHORT 00413459
MOV ECX,DWORD PTR SS:[EBP+8]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[EBP+8]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[EBP-151C],EAX
MOV ECX,DWORD PTR SS:[EBP-10F0]
MOV EDX,DWORD PTR DS:[ECX+4]
PUSH EDX
MOV EAX,DWORD PTR SS:[EBP-151C]
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP-10F0]
MOV EDX,DWORD PTR DS:[ECX]
CALL EDX
ADD ESP,8
MOV EAX,DWORD PTR SS:[EBP-1518]
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP+8]
PUSH ECX
CALL 0040AE60
ADD ESP,8
MOV DWORD PTR SS:[EBP-10FC],EAX
CMP DWORD PTR SS:[EBP-10FC],0
JNE SHORT 004134A5
MOV DWORD PTR SS:[EBP-10F8],0
JMP SHORT 004134BC
MOV EDX,DWORD PTR SS:[EBP-10FC]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[EBP-10FC]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[EBP-10F8],ECX
MOV EDX,DWORD PTR SS:[EBP-10F8]
MOV EAX,DWORD PTR DS:[EDX+10]
MOV DWORD PTR SS:[EBP-10F4],EAX
MOV ECX,1C0
NOT ECX
MOV EDX,DWORD PTR SS:[EBP-10F8]
AND ECX,DWORD PTR DS:[EDX+10]
MOV EAX,80
AND EAX,000001C0
AND EAX,0000FFFF
OR ECX,EAX
MOV EDX,DWORD PTR SS:[EBP-10F8]
MOV DWORD PTR DS:[EDX+10],ECX
PUSH 23

; /Arg2 = 2

8D85 A4F8FFFF LEA EAX,[EBP-75C]


50
PUSH EAX
E8 95A20100 CALL 0042D798
83C4 08
ADD ESP,8
8985 00EFFFFF MOV DWORD PTR SS:[EBP-1100],EAX
83BD 04EFFFFF CMP DWORD PTR SS:[EBP-10FC],0

; |
; |Arg1
; \SystemIn

00413513 |.
00413515 |.
0041351F |.
00413521 |>
00413527 |.
00413529 |.
0041352F |.
00413532 |.
00413538 |>
0041353E |.
00413541 |.
00413542 |.
00413548 |.
00413549 |.
0041354F |.
00413551 |.
00413553 |.
00413556 |.
0041355C |.
00413562 |.
00413568 |.
0041356A |.
00413570 |.
00413573 |.
00413579 |.
0041357F |.
00413582 |.
00413588 |.
0041358E |.
00413594 |.
00413597 |.
0041359E |.
004135A0 |.
004135AA |.
004135AC |>
004135B2 |.
004135B4 |.
004135BA |.
004135BD |.
004135C3 |>
004135C9 |.
004135CC |.
004135D2 |.
004135D7 |.
004135D9 |.
004135DF |.
004135E2 |.
004135E7 |.
004135EC |.
004135F1 |.
004135F3 |.
004135F9 |.
004135FC |.
mputer Name"
00413601 |.
00413607 |.
00413608 |.
0041360D |.
00413610 |.
00413616 |.

75 0C
C785 E0EAFFFF
EB 17
8B8D 04EFFFFF
8B11
8B85 04EFFFFF
0342 04
8985 E0EAFFFF
8B8D 00EFFFFF
8B51 04
52
8B85 E0EAFFFF
50
8B8D 00EFFFFF
8B11
FFD2
83C4 08
8A85 AEF8FFFF
8885 F7EEFFFF
8B8D 04EFFFFF
8B11
8B85 04EFFFFF
0342 04
8985 F8EEFFFF
8B8D F8EEFFFF
8A51 30
8895 FFEEFFFF
8B85 F8EEFFFF
8A8D F7EEFFFF
8848 30
83BD 04EFFFFF
75 0C
C785 ECEEFFFF
EB 17
8B95 04EFFFFF
8B02
8B8D 04EFFFFF
0348 04
898D ECEEFFFF
8B95 ECEEFFFF
8B42 10
8985 F0EEFFFF
B9 C0010000
F7D1
8B95 ECEEFFFF
234A 10
B8 40000000
25 C0010000
25 FFFF0000
0BC8
8B95 ECEEFFFF
894A 10
68 388F4400

JNE SHORT 00413521


MOV DWORD PTR SS:[EBP-1520],0
JMP SHORT 00413538
MOV ECX,DWORD PTR SS:[EBP-10FC]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[EBP-10FC]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[EBP-1520],EAX
MOV ECX,DWORD PTR SS:[EBP-1100]
MOV EDX,DWORD PTR DS:[ECX+4]
PUSH EDX
MOV EAX,DWORD PTR SS:[EBP-1520]
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP-1100]
MOV EDX,DWORD PTR DS:[ECX]
CALL EDX
ADD ESP,8
MOV AL,BYTE PTR SS:[EBP-752]
MOV BYTE PTR SS:[EBP-1109],AL
MOV ECX,DWORD PTR SS:[EBP-10FC]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[EBP-10FC]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[EBP-1108],EAX
MOV ECX,DWORD PTR SS:[EBP-1108]
MOV DL,BYTE PTR DS:[ECX+30]
MOV BYTE PTR SS:[EBP-1101],DL
MOV EAX,DWORD PTR SS:[EBP-1108]
MOV CL,BYTE PTR SS:[EBP-1109]
MOV BYTE PTR DS:[EAX+30],CL
CMP DWORD PTR SS:[EBP-10FC],0
JNE SHORT 004135AC
MOV DWORD PTR SS:[EBP-1114],0
JMP SHORT 004135C3
MOV EDX,DWORD PTR SS:[EBP-10FC]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[EBP-10FC]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[EBP-1114],ECX
MOV EDX,DWORD PTR SS:[EBP-1114]
MOV EAX,DWORD PTR DS:[EDX+10]
MOV DWORD PTR SS:[EBP-1110],EAX
MOV ECX,1C0
NOT ECX
MOV EDX,DWORD PTR SS:[EBP-1114]
AND ECX,DWORD PTR DS:[EDX+10]
MOV EAX,40
AND EAX,000001C0
AND EAX,0000FFFF
OR ECX,EAX
MOV EDX,DWORD PTR SS:[EBP-1114]
MOV DWORD PTR DS:[EDX+10],ECX
PUSH OFFSET 00448F38

8B85 04EFFFFF
50
E8 5373FFFF
83C4 08
8985 E0EEFFFF
83BD E0EEFFFF

MOV EAX,DWORD PTR SS:[EBP-10FC]


PUSH EAX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[EBP-1120],EAX
CMP DWORD PTR SS:[EBP-1120],0

; ASCII "Co

0041361D |. 75 0C
0041361F |. C785 E4EEFFFF
00413629 |. EB 17
0041362B |> 8B8D E0EEFFFF
00413631 |. 8B11
00413633 |. 8B85 E0EEFFFF
00413639 |. 0342 04
0041363C |. 8985 E4EEFFFF
00413642 |> 8B8D E4EEFFFF
00413648 |. 8B51 10
0041364B |. 8995 E8EEFFFF
00413651 |. B8 C0010000
00413656 |. F7D0
00413658 |. 8B8D E4EEFFFF
0041365E |. 2341 10
00413661 |. BA 80000000
00413666 |. 81E2 C0010000
0041366C |. 81E2 FFFF0000
00413672 |. 0BC2
00413674 |. 8B8D E4EEFFFF
0041367A |. 8941 10
0041367D |. 8A95 AFF8FFFF
00413683 |. 8895 D7EEFFFF
00413689 |. 8B85 E0EEFFFF
0041368F |. 8B08
00413691 |. 8B95 E0EEFFFF
00413697 |. 0351 04
0041369A |. 8995 D8EEFFFF
004136A0 |. 8B85 D8EEFFFF
004136A6 |. 8A48 30
004136A9 |. 888D DFEEFFFF
004136AF |. 8B95 D8EEFFFF
004136B5 |. 8A85 D7EEFFFF
004136BB |. 8842 30
004136BE |. C645 FC 0E
004136C2 |. 6A 00
004136C4 |. 6A 01
004136C6 |. 8D8D 6CF8FFFF
004136CC |. E8 8FC4FFFF
fo.0040FB60
004136D1 |. C745 FC FFFFF
004136D8 |. 6A 00
004136DA |. 6A 01
004136DC |. 8D8D 88F8FFFF
004136E2 |. E8 79C4FFFF
fo.0040FB60
004136E7 |. 8D8D 28FFFFFF
004136ED |. 51
004136EE |. 8B55 E0
004136F1 |. 52
004136F2 |. FF15 68804400
.GetComputerNameA
004136F8 |. 85C0
004136FA |. 74 30
004136FC |. 8B45 E0
004136FF |. 50
00413700 |. 8B4D 08
00413703 |. 51
00413704 |. E8 5772FFFF
00413709 |. 83C4 08

JNE SHORT 0041362B


MOV DWORD PTR SS:[EBP-111C],0
JMP SHORT 00413642
MOV ECX,DWORD PTR SS:[EBP-1120]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[EBP-1120]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[EBP-111C],EAX
MOV ECX,DWORD PTR SS:[EBP-111C]
MOV EDX,DWORD PTR DS:[ECX+10]
MOV DWORD PTR SS:[EBP-1118],EDX
MOV EAX,1C0
NOT EAX
MOV ECX,DWORD PTR SS:[EBP-111C]
AND EAX,DWORD PTR DS:[ECX+10]
MOV EDX,80
AND EDX,000001C0
AND EDX,0000FFFF
OR EAX,EDX
MOV ECX,DWORD PTR SS:[EBP-111C]
MOV DWORD PTR DS:[ECX+10],EAX
MOV DL,BYTE PTR SS:[EBP-751]
MOV BYTE PTR SS:[EBP-1129],DL
MOV EAX,DWORD PTR SS:[EBP-1120]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[EBP-1120]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[EBP-1128],EDX
MOV EAX,DWORD PTR SS:[EBP-1128]
MOV CL,BYTE PTR DS:[EAX+30]
MOV BYTE PTR SS:[EBP-1121],CL
MOV EDX,DWORD PTR SS:[EBP-1128]
MOV AL,BYTE PTR SS:[EBP-1129]
MOV BYTE PTR DS:[EDX+30],AL
MOV BYTE PTR SS:[EBP-4],0E
PUSH 0
PUSH 1
LEA ECX,[EBP-794]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

MOV DWORD PTR SS:[EBP-4],-1


PUSH 0
PUSH 1
LEA ECX,[EBP-778]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

LEA ECX,[EBP-0D8]
PUSH ECX
MOV EDX,DWORD PTR SS:[EBP-20]
PUSH EDX
CALL DWORD PTR DS:[<&KERNEL32.GetCompute

;
;
;
;

/Size
|
|Buffer
\KERNEL32

TEST EAX,EAX
JE SHORT 0041372C
MOV EAX,DWORD PTR SS:[EBP-20]
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP+8]
PUSH ECX
CALL 0040A960
ADD ESP,8

0041370C |. 8985 D0EEFFFF


00413712 |. 6A 0A
A
00413714 |. 8B8D D0EEFFFF
0041371A |. E8 A1BEFFFF
fo.0040F5C0
0041371F |. 8B8D D0EEFFFF
00413725 |. E8 96C0FFFF
fo.0040F7C0
0041372A |. EB 38
0041372C |> 68 308F4400
SCII "None"
00413731 |. E8 1ACFFFFF
fo.00410650
00413736 |. 83C4 04
00413739 |. 50
0041373A |. 8B55 08
0041373D |. 52
0041373E |. E8 1D72FFFF
00413743 |. 83C4 08
00413746 |. 8985 CCEEFFFF
0041374C |. 6A 0A
A
0041374E |. 8B8D CCEEFFFF
00413754 |. E8 67BEFFFF
fo.0040F5C0
00413759 |. 8B8D CCEEFFFF
0041375F |. E8 5CC0FFFF
fo.0040F7C0
00413764 |> 68 77874400
ystemInfo.448777
00413769 |. 8D8D 3CF8FFFF
0041376F |. E8 7CB4FFFF
fo.0040EBF0
00413774 |. C745 FC 10000
0041377B |. 8D85 3CF8FFFF
00413781 |. 50
00413782 |. B9 0C294500
00413787 |. E8 9439FFFF
fo.00407120
0041378C |. 8B0D FC284500
00413792 |. 83C1 01
00413795 |. 890D FC284500
0041379B |. 68 74874400
"
004137A0 |. 8B15 FC284500
004137A6 |. 52
[4528FC] = 0
004137A7 |. 68 D0914400
004137AC |. A1 F8284500
004137B1 |. 50
[4528F8] = 0
004137B2 |. B9 08294500
004137B7 |. E8 A426FFFF
nfo.00405E60
004137BC |. 50
004137BD |. E8 9E71FFFF
004137C2 |. 83C4 08
004137C5 |. 8BC8
004137C7 |. E8 9426FFFF

MOV DWORD PTR SS:[EBP-1130],EAX


PUSH 0A

; /Arg1 = 0

MOV ECX,DWORD PTR SS:[EBP-1130]


CALL 0040F5C0

; |
; \SystemIn

MOV ECX,DWORD PTR SS:[EBP-1130]


CALL 0040F7C0

; [SystemIn

JMP SHORT 00413764


PUSH OFFSET 00448F30

; /Arg1 = A

CALL 00410650

; \SystemIn

ADD ESP,4
PUSH EAX
MOV EDX,DWORD PTR SS:[EBP+8]
PUSH EDX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[EBP-1134],EAX
PUSH 0A

; /Arg1 = 0

MOV ECX,DWORD PTR SS:[EBP-1134]


CALL 0040F5C0

; |
; \SystemIn

MOV ECX,DWORD PTR SS:[EBP-1134]


CALL 0040F7C0

; [SystemIn

PUSH OFFSET 00448777

; /Arg1 = S

LEA ECX,[EBP-7C4]
CALL 0040EBF0

; |
; \SystemIn

MOV DWORD PTR SS:[EBP-4],10


LEA EAX,[EBP-7C4]
PUSH EAX
MOV ECX,OFFSET 0045290C
CALL 00407120

; /Arg1
; |
; \SystemIn

MOV ECX,DWORD PTR DS:[4528FC]


ADD ECX,1
MOV DWORD PTR DS:[4528FC],ECX
PUSH OFFSET 00448774

; ASCII ".

MOV EDX,DWORD PTR DS:[4528FC]


PUSH EDX

; /Arg1 =>

PUSH OFFSET 004491D0


MOV EAX,DWORD PTR DS:[4528F8]
PUSH EAX

; |
; |
; |/Arg1 =>

MOV ECX,OFFSET 00452908


CALL 00405E60

; ||
; |\SystemI

PUSH EAX
CALL 0040A960
ADD ESP,8
MOV ECX,EAX
CALL 00405E60

;
;
;
;
;

|
|
|
|
\SystemIn

fo.00405E60
004137CC |.
004137CD |.
004137D2 |.
004137D5 |.
004137DB |.
004137DC |.
004137E1 |.
fo.00406460
004137E6 |.
004137EC |.
004137F2 |.
004137F8 |.
004137FC |.
00413803 |.
0041380A |.
0041380E |.
00413810 |.
0041381A |.
0041381C |>
0041381F |.
00413821 |.
00413824 |.
00413827 |.
0041382D |>
00413833 |.
00413836 |.
0041383C |.
00413841 |.
00413843 |.
00413849 |.
0041384C |.
00413851 |.
00413857 |.
0041385D |.
0041385F |.
00413865 |.
00413868 |.
0041386A |.
00413870 |.
00413871 |.
fo.0042D798
00413876 |.
00413879 |.
0041387F |.
00413883 |.
00413885 |.
0041388F |.
00413891 |>
00413894 |.
00413896 |.
00413899 |.
0041389C |.
004138A2 |>
004138A8 |.
004138AB |.
004138AC |.
004138B2 |.
004138B3 |.
004138B9 |.

50
E8 8E71FFFF
83C4 08
8D8D 20F8FFFF
51
B9 08294500
E8 7A2CFFFF

PUSH EAX
CALL 0040A960
ADD ESP,8
LEA ECX,[EBP-7E0]
PUSH ECX
MOV ECX,OFFSET 00452908
CALL 00406460

; /Arg1
; |
; \SystemIn

8985 DCEAFFFF
8B95 DCEAFFFF
8995 D8EAFFFF
C645 FC 11
C685 63F8FFFF
C685 62F8FFFF
837D 08 00
75 0C
C785 B0EEFFFF
EB 11
8B45 08
8B08
8B55 08
0351 04
8995 B0EEFFFF
8B85 B0EEFFFF
8B48 10
898D B4EEFFFF
BA C0010000
F7D2
8B85 B0EEFFFF
2350 10
B9 40000000
81E1 C0010000
81E1 FFFF0000
0BD1
8B85 B0EEFFFF
8950 10
6A 06
8D8D 18F8FFFF
51
E8 229F0100

MOV DWORD PTR SS:[EBP-1524],EAX


MOV EDX,DWORD PTR SS:[EBP-1524]
MOV DWORD PTR SS:[EBP-1528],EDX
MOV BYTE PTR SS:[EBP-4],11
MOV BYTE PTR SS:[EBP-79D],20
MOV BYTE PTR SS:[EBP-79E],2E
CMP DWORD PTR SS:[EBP+8],0
JNE SHORT 0041381C
MOV DWORD PTR SS:[EBP-1150],0
JMP SHORT 0041382D
MOV EAX,DWORD PTR SS:[EBP+8]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[EBP+8]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[EBP-1150],EDX
MOV EAX,DWORD PTR SS:[EBP-1150]
MOV ECX,DWORD PTR DS:[EAX+10]
MOV DWORD PTR SS:[EBP-114C],ECX
MOV EDX,1C0
NOT EDX
MOV EAX,DWORD PTR SS:[EBP-1150]
AND EDX,DWORD PTR DS:[EAX+10]
MOV ECX,40
AND ECX,000001C0
AND ECX,0000FFFF
OR EDX,ECX
MOV EAX,DWORD PTR SS:[EBP-1150]
MOV DWORD PTR DS:[EAX+10],EDX
PUSH 6
LEA ECX,[EBP-7E8]
PUSH ECX
CALL 0042D798

;
;
;
;

83C4 08
8985 ACEEFFFF
837D 08 00
75 0C
C785 D4EAFFFF
EB 11
8B55 08
8B02
8B4D 08
0348 04
898D D4EAFFFF
8B95 ACEEFFFF
8B42 04
50
8B8D D4EAFFFF
51
8B95 ACEEFFFF
8B02

ADD ESP,8
MOV DWORD PTR SS:[EBP-1154],EAX
CMP DWORD PTR SS:[EBP+8],0
JNE SHORT 00413891
MOV DWORD PTR SS:[EBP-152C],0
JMP SHORT 004138A2
MOV EDX,DWORD PTR SS:[EBP+8]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[EBP+8]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[EBP-152C],ECX
MOV EDX,DWORD PTR SS:[EBP-1154]
MOV EAX,DWORD PTR DS:[EDX+4]
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP-152C]
PUSH ECX
MOV EDX,DWORD PTR SS:[EBP-1154]
MOV EAX,DWORD PTR DS:[EDX]

/Arg2 = 6
|
|Arg1
\SystemIn

004138BB |.
004138BD |.
004138C0 |.
004138C6 |.
004138C7 |.
004138CA |.
004138CB |.
004138D0 |.
004138D3 |.
004138D9 |.
004138E0 |.
004138E2 |.
004138EC |.
004138EE |>
004138F4 |.
004138F6 |.
004138FC |.
004138FF |.
00413905 |>
0041390B |.
0041390E |.
00413914 |.
00413919 |.
0041391B |.
00413921 |.
00413924 |.
00413929 |.
0041392F |.
00413935 |.
00413937 |.
0041393D |.
00413940 |.
3
00413942 |.
00413948 |.
00413949 |.
fo.0042D798
0041394E |.
00413951 |.
00413957 |.
0041395E |.
00413960 |.
0041396A |.
0041396C |>
00413972 |.
00413974 |.
0041397A |.
0041397D |.
00413983 |>
00413989 |.
0041398C |.
0041398D |.
00413993 |.
00413994 |.
0041399A |.
0041399C |.
0041399E |.
004139A1 |.
004139A7 |.
004139AD |.

FFD0
83C4 08
8B8D D8EAFFFF
51
8B55 08
52
E8 9075FFFF
83C4 08
8985 A0EEFFFF
83BD A0EEFFFF
75 0C
C785 A4EEFFFF
EB 17
8B85 A0EEFFFF
8B08
8B95 A0EEFFFF
0351 04
8995 A4EEFFFF
8B85 A4EEFFFF
8B48 10
898D A8EEFFFF
BA C0010000
F7D2
8B85 A4EEFFFF
2350 10
B9 80000000
81E1 C0010000
81E1 FFFF0000
0BD1
8B85 A4EEFFFF
8950 10
6A 23

CALL EAX
ADD ESP,8
MOV ECX,DWORD PTR SS:[EBP-1528]
PUSH ECX
MOV EDX,DWORD PTR SS:[EBP+8]
PUSH EDX
CALL 0040AE60
ADD ESP,8
MOV DWORD PTR SS:[EBP-1160],EAX
CMP DWORD PTR SS:[EBP-1160],0
JNE SHORT 004138EE
MOV DWORD PTR SS:[EBP-115C],0
JMP SHORT 00413905
MOV EAX,DWORD PTR SS:[EBP-1160]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[EBP-1160]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[EBP-115C],EDX
MOV EAX,DWORD PTR SS:[EBP-115C]
MOV ECX,DWORD PTR DS:[EAX+10]
MOV DWORD PTR SS:[EBP-1158],ECX
MOV EDX,1C0
NOT EDX
MOV EAX,DWORD PTR SS:[EBP-115C]
AND EDX,DWORD PTR DS:[EAX+10]
MOV ECX,80
AND ECX,000001C0
AND ECX,0000FFFF
OR EDX,ECX
MOV EAX,DWORD PTR SS:[EBP-115C]
MOV DWORD PTR DS:[EAX+10],EDX
PUSH 23

8D8D 58F8FFFF LEA ECX,[EBP-7A8]


51
PUSH ECX
E8 4A9E0100 CALL 0042D798
83C4 08
8985 9CEEFFFF
83BD A0EEFFFF
75 0C
C785 D0EAFFFF
EB 17
8B95 A0EEFFFF
8B02
8B8D A0EEFFFF
0348 04
898D D0EAFFFF
8B95 9CEEFFFF
8B42 04
50
8B8D D0EAFFFF
51
8B95 9CEEFFFF
8B02
FFD0
83C4 08
8A8D 62F8FFFF
888D 93EEFFFF
8B95 A0EEFFFF

ADD ESP,8
MOV DWORD PTR SS:[EBP-1164],EAX
CMP DWORD PTR SS:[EBP-1160],0
JNE SHORT 0041396C
MOV DWORD PTR SS:[EBP-1530],0
JMP SHORT 00413983
MOV EDX,DWORD PTR SS:[EBP-1160]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[EBP-1160]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[EBP-1530],ECX
MOV EDX,DWORD PTR SS:[EBP-1164]
MOV EAX,DWORD PTR DS:[EDX+4]
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP-1530]
PUSH ECX
MOV EDX,DWORD PTR SS:[EBP-1164]
MOV EAX,DWORD PTR DS:[EDX]
CALL EAX
ADD ESP,8
MOV CL,BYTE PTR SS:[EBP-79E]
MOV BYTE PTR SS:[EBP-116D],CL
MOV EDX,DWORD PTR SS:[EBP-1160]

; /Arg2 = 2
; |
; |Arg1
; \SystemIn

004139B3 |. 8B02
004139B5 |. 8B8D A0EEFFFF
004139BB |. 0348 04
004139BE |. 898D 94EEFFFF
004139C4 |. 8B95 94EEFFFF
004139CA |. 8A42 30
004139CD |. 8885 9BEEFFFF
004139D3 |. 8B8D 94EEFFFF
004139D9 |. 8A95 93EEFFFF
004139DF |. 8851 30
004139E2 |. 83BD A0EEFFFF
004139E9 |. 75 0C
004139EB |. C785 88EEFFFF
004139F5 |. EB 17
004139F7 |> 8B85 A0EEFFFF
004139FD |. 8B08
004139FF |. 8B95 A0EEFFFF
00413A05 |. 0351 04
00413A08 |. 8995 88EEFFFF
00413A0E |> 8B85 88EEFFFF
00413A14 |. 8B48 10
00413A17 |. 898D 8CEEFFFF
00413A1D |. BA C0010000
00413A22 |. F7D2
00413A24 |. 8B85 88EEFFFF
00413A2A |. 2350 10
00413A2D |. B9 40000000
00413A32 |. 81E1 C0010000
00413A38 |. 81E1 FFFF0000
00413A3E |. 0BD1
00413A40 |. 8B85 88EEFFFF
00413A46 |. 8950 10
00413A49 |. 68 1C8F4400
rrent User Name"
00413A4E |. 8B8D A0EEFFFF
00413A54 |. 51
00413A55 |. E8 066FFFFF
00413A5A |. 83C4 08
00413A5D |. 8985 7CEEFFFF
00413A63 |. 83BD 7CEEFFFF
00413A6A |. 75 0C
00413A6C |. C785 80EEFFFF
00413A76 |. EB 17
00413A78 |> 8B95 7CEEFFFF
00413A7E |. 8B02
00413A80 |. 8B8D 7CEEFFFF
00413A86 |. 0348 04
00413A89 |. 898D 80EEFFFF
00413A8F |> 8B95 80EEFFFF
00413A95 |. 8B42 10
00413A98 |. 8985 84EEFFFF
00413A9E |. B9 C0010000
00413AA3 |. F7D1
00413AA5 |. 8B95 80EEFFFF
00413AAB |. 234A 10
00413AAE |. B8 80000000
00413AB3 |. 25 C0010000
00413AB8 |. 25 FFFF0000
00413ABD |. 0BC8
00413ABF |. 8B95 80EEFFFF

MOV EAX,DWORD PTR DS:[EDX]


MOV ECX,DWORD PTR SS:[EBP-1160]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[EBP-116C],ECX
MOV EDX,DWORD PTR SS:[EBP-116C]
MOV AL,BYTE PTR DS:[EDX+30]
MOV BYTE PTR SS:[EBP-1165],AL
MOV ECX,DWORD PTR SS:[EBP-116C]
MOV DL,BYTE PTR SS:[EBP-116D]
MOV BYTE PTR DS:[ECX+30],DL
CMP DWORD PTR SS:[EBP-1160],0
JNE SHORT 004139F7
MOV DWORD PTR SS:[EBP-1178],0
JMP SHORT 00413A0E
MOV EAX,DWORD PTR SS:[EBP-1160]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[EBP-1160]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[EBP-1178],EDX
MOV EAX,DWORD PTR SS:[EBP-1178]
MOV ECX,DWORD PTR DS:[EAX+10]
MOV DWORD PTR SS:[EBP-1174],ECX
MOV EDX,1C0
NOT EDX
MOV EAX,DWORD PTR SS:[EBP-1178]
AND EDX,DWORD PTR DS:[EAX+10]
MOV ECX,40
AND ECX,000001C0
AND ECX,0000FFFF
OR EDX,ECX
MOV EAX,DWORD PTR SS:[EBP-1178]
MOV DWORD PTR DS:[EAX+10],EDX
PUSH OFFSET 00448F1C
MOV ECX,DWORD PTR SS:[EBP-1160]
PUSH ECX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[EBP-1184],EAX
CMP DWORD PTR SS:[EBP-1184],0
JNE SHORT 00413A78
MOV DWORD PTR SS:[EBP-1180],0
JMP SHORT 00413A8F
MOV EDX,DWORD PTR SS:[EBP-1184]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[EBP-1184]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[EBP-1180],ECX
MOV EDX,DWORD PTR SS:[EBP-1180]
MOV EAX,DWORD PTR DS:[EDX+10]
MOV DWORD PTR SS:[EBP-117C],EAX
MOV ECX,1C0
NOT ECX
MOV EDX,DWORD PTR SS:[EBP-1180]
AND ECX,DWORD PTR DS:[EDX+10]
MOV EAX,80
AND EAX,000001C0
AND EAX,0000FFFF
OR ECX,EAX
MOV EDX,DWORD PTR SS:[EBP-1180]

; ASCII "Cu

00413AC5 |.
00413AC8 |.
00413ACE |.
00413AD4 |.
00413ADA |.
00413ADC |.
00413AE2 |.
00413AE5 |.
00413AEB |.
00413AF1 |.
00413AF4 |.
00413AFA |.
00413B00 |.
00413B06 |.
00413B09 |.
00413B0D |.
00413B0F |.
00413B11 |.
00413B17 |.
fo.0040FB60
00413B1C |.
00413B23 |.
00413B25 |.
00413B27 |.
00413B2D |.
fo.0040FB60
00413B32 |.
00413B35 |.
00413B36 |.
NULL
00413B38 |.
.GetUserNameA
00413B3E |.
00413B41 |.
00413B42 |.
fo.0042D84C
00413B47 |.
00413B4A |.
00413B50 |.
00413B56 |.
00413B59 |.
00413B5C |.
00413B5D |.
00413B60 |.
00413B61 |.
.GetUserNameA
00413B67 |.
00413B69 |.
00413B6B |.
00413B6E |.
00413B6F |.
00413B72 |.
00413B73 |.
00413B78 |.
00413B7B |.
00413B81 |.
A
00413B83 |.
00413B89 |.
fo.0040F5C0

894A 10
8A85 63F8FFFF
8885 73EEFFFF
8B8D 7CEEFFFF
8B11
8B85 7CEEFFFF
0342 04
8985 74EEFFFF
8B8D 74EEFFFF
8A51 30
8895 7BEEFFFF
8B85 74EEFFFF
8A8D 73EEFFFF
8848 30
C645 FC 10
6A 00
6A 01
8D8D 20F8FFFF
E8 44C0FFFF

MOV DWORD PTR DS:[EDX+10],ECX


MOV AL,BYTE PTR SS:[EBP-79D]
MOV BYTE PTR SS:[EBP-118D],AL
MOV ECX,DWORD PTR SS:[EBP-1184]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[EBP-1184]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[EBP-118C],EAX
MOV ECX,DWORD PTR SS:[EBP-118C]
MOV DL,BYTE PTR DS:[ECX+30]
MOV BYTE PTR SS:[EBP-1185],DL
MOV EAX,DWORD PTR SS:[EBP-118C]
MOV CL,BYTE PTR SS:[EBP-118D]
MOV BYTE PTR DS:[EAX+30],CL
MOV BYTE PTR SS:[EBP-4],10
PUSH 0
PUSH 1
LEA ECX,[EBP-7E0]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

C745 FC FFFFF
6A 00
6A 01
8D8D 3CF8FFFF
E8 2EC0FFFF

MOV DWORD PTR SS:[EBP-4],-1


PUSH 0
PUSH 1
LEA ECX,[EBP-7C4]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

8D55 C0
52
6A 00

LEA EDX,[EBP-40]
PUSH EDX
PUSH 0

; /Bufsize
; |Buffer =

FF15 18804400 CALL DWORD PTR DS:[<&ADVAPI32.GetUserNam ; \ADVAPI32


8B45 C0
50
E8 059D0100
83C4
8985
8B8D
894D
8D55
52
8B45
50
FF15

MOV EAX,DWORD PTR SS:[EBP-40]


PUSH EAX
CALL 0042D84C

ADD ESP,4
MOV DWORD PTR SS:[EBP-7EC],EAX
MOV ECX,DWORD PTR SS:[EBP-7EC]
MOV DWORD PTR SS:[EBP-28],ECX
LEA EDX,[EBP-40]
PUSH EDX
D8
MOV EAX,DWORD PTR SS:[EBP-28]
PUSH EAX
18804400 CALL DWORD PTR DS:[<&ADVAPI32.GetUserNam

; /Arg1
; \SystemIn

04
14F8FFFF
14F8FFFF
D8
C0

85C0
74 33
8B4D D8
51
8B55 08
52
E8 E86DFFFF
83C4 08
8985 6CEEFFFF
6A 0A

;
;
;
;

/Bufsize
|
|Buffer
\ADVAPI32

TEST EAX,EAX
JE SHORT 00413B9E
MOV ECX,DWORD PTR SS:[EBP-28]
PUSH ECX
MOV EDX,DWORD PTR SS:[EBP+8]
PUSH EDX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[EBP-1194],EAX
PUSH 0A

; /Arg1 = 0

8B8D 6CEEFFFF MOV ECX,DWORD PTR SS:[EBP-1194]


E8 32BAFFFF CALL 0040F5C0

; |
; \SystemIn

00413B8E |. 8B8D 6CEEFFFF


00413B94 |. E8 27BCFFFF
fo.0040F7C0
00413B99 |. E9 88000000
00413B9E |> FF15 58804400
.GetLastError
00413BA4 |. 8985 6CFFFFFF
00413BAA |. 81BD 6CFFFFFF
00413BB4 |. 75 31
00413BB6 |. 68 0C8F4400
ot logged in>"
00413BBB |. 8B45 08
00413BBE |. 50
00413BBF |. E8 9C6DFFFF
00413BC4 |. 83C4 08
00413BC7 |. 8985 68EEFFFF
00413BCD |. 6A 0A
A
00413BCF |. 8B8D 68EEFFFF
00413BD5 |. E8 E6B9FFFF
fo.0040F5C0
00413BDA |. 8B8D 68EEFFFF
00413BE0 |. E8 DBBBFFFF
fo.0040F7C0
00413BE5 |. EB 3F
00413BE7 |> 68 308F4400
SCII "None"
00413BEC |. 8B8D 6CFFFFFF
00413BF2 |. 51
00413BF3 |. E8 68C9FFFF
fo.00410560
00413BF8 |. 83C4 08
00413BFB |. 50
00413BFC |. 8B55 08
00413BFF |. 52
00413C00 |. E8 5B6DFFFF
00413C05 |. 83C4 08
00413C08 |. 8985 64EEFFFF
00413C0E |. 6A 0A
A
00413C10 |. 8B8D 64EEFFFF
00413C16 |. E8 A5B9FFFF
fo.0040F5C0
00413C1B |. 8B8D 64EEFFFF
00413C21 |. E8 9ABBFFFF
fo.0040F7C0
00413C26 |> 8B45 D8
00413C29 |. 8985 10F8FFFF
00413C2F |. 8B8D 10F8FFFF
00413C35 |. 51
00413C36 |. E8 C5BB0100
fo.0042F800
00413C3B |. 83C4 04
00413C3E |. 6A 00
0
00413C40 |. 6A 00
NULL
00413C42 |. 6A 06
6
00413C44 |. 68 00080000

MOV ECX,DWORD PTR SS:[EBP-1194]


CALL 0040F7C0

; [SystemIn

JMP 00413C26
CALL DWORD PTR DS:[<&KERNEL32.GetLastErr ; [KERNEL32
MOV DWORD PTR SS:[EBP-94],EAX
CMP DWORD PTR SS:[EBP-94],4DD
JNE SHORT 00413BE7
PUSH OFFSET 00448F0C

; ASCII "<N

MOV EAX,DWORD PTR SS:[EBP+8]


PUSH EAX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[EBP-1198],EAX
PUSH 0A

; /Arg1 = 0

MOV ECX,DWORD PTR SS:[EBP-1198]


CALL 0040F5C0

; |
; \SystemIn

MOV ECX,DWORD PTR SS:[EBP-1198]


CALL 0040F7C0

; [SystemIn

JMP SHORT 00413C26


PUSH OFFSET 00448F30

; /Arg2 = A

MOV ECX,DWORD PTR SS:[EBP-94]


PUSH ECX
CALL 00410560

; |
; |Arg1
; \SystemIn

ADD ESP,8
PUSH EAX
MOV EDX,DWORD PTR SS:[EBP+8]
PUSH EDX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[EBP-119C],EAX
PUSH 0A

; /Arg1 = 0

MOV ECX,DWORD PTR SS:[EBP-119C]


CALL 0040F5C0

; |
; \SystemIn

MOV ECX,DWORD PTR SS:[EBP-119C]


CALL 0040F7C0

; [SystemIn

MOV EAX,DWORD PTR SS:[EBP-28]


MOV DWORD PTR SS:[EBP-7F0],EAX
MOV ECX,DWORD PTR SS:[EBP-7F0]
PUSH ECX
CALL 0042F800

; /Arg1
; \SystemIn

ADD ESP,4
PUSH 0

; /Count =

PUSH 0

; |pData =

PUSH 6

; |LCType =

PUSH 800

; |Locale =

LOCALE_SYSTEM_DEFAULT
00413C49 |. FF15 64804400
.GetLocaleInfoA
00413C4F |. 8945 C8
00413C52 |. 6A 00
0
00413C54 |. 6A 00
NULL
00413C56 |. 6A 02
2
00413C58 |. 68 00080000
LOCALE_SYSTEM_DEFAULT
00413C5D |. FF15 64804400
.GetLocaleInfoA
00413C63 |. 8985 2CFFFFFF
00413C69 |. 6A 00
0
00413C6B |. 6A 00
NULL
00413C6D |. 6A 02
2
00413C6F |. 68 00040000
LOCALE_USER_DEFAULT
00413C74 |. FF15 64804400
.GetLocaleInfoA
00413C7A |. 8945 C4
00413C7D |. 6A 00
0
00413C7F |. 6A 00
NULL
00413C81 |. 6A 02
2
00413C83 |. 8B55 D4
00413C86 |. 81E2 FFFF0000
00413C8C |. 0FB7C2
00413C8F |. 50
00413C90 |. FF15 64804400
.GetLocaleInfoA
00413C96 |. 8985 64FFFFFF
00413C9C |. 6A 00
0
00413C9E |. 6A 00
NULL
00413CA0 |. 68 02100000
1002
00413CA5 |. 68 00080000
LOCALE_SYSTEM_DEFAULT
00413CAA |. FF15 64804400
.GetLocaleInfoA
00413CB0 |. 8945 D0
00413CB3 |. 6A 00
0
00413CB5 |. 6A 00
NULL
00413CB7 |. 68 01100000
1001
00413CBC |. 68 00080000
LOCALE_SYSTEM_DEFAULT
00413CC1 |. FF15 64804400
.GetLocaleInfoA

CALL DWORD PTR DS:[<&KERNEL32.GetLocaleI ; \KERNEL32


MOV DWORD PTR SS:[EBP-38],EAX
PUSH 0

; /Count =

PUSH 0

; |pData =

PUSH 2

; |LCType =

PUSH 800

; |Locale =

CALL DWORD PTR DS:[<&KERNEL32.GetLocaleI ; \KERNEL32


MOV DWORD PTR SS:[EBP-0D4],EAX
PUSH 0

; /Count =

PUSH 0

; |pData =

PUSH 2

; |LCType =

PUSH 400

; |Locale =

CALL DWORD PTR DS:[<&KERNEL32.GetLocaleI ; \KERNEL32


MOV DWORD PTR SS:[EBP-3C],EAX
PUSH 0

; /Count =

PUSH 0

; |pData =

PUSH 2

; |LCType =

MOV EDX,DWORD PTR SS:[EBP-2C]


AND EDX,0000FFFF
MOVZX EAX,DX
PUSH EAX
CALL DWORD PTR DS:[<&KERNEL32.GetLocaleI

;
;
;
;
;

MOV DWORD PTR SS:[EBP-9C],EAX


PUSH 0

; /Count =

PUSH 0

; |pData =

PUSH 1002

; |LCType =

PUSH 800

; |Locale =

|
|
|
|Locale
\KERNEL32

CALL DWORD PTR DS:[<&KERNEL32.GetLocaleI ; \KERNEL32


MOV DWORD PTR SS:[EBP-30],EAX
PUSH 0

; /Count =

PUSH 0

; |pData =

PUSH 1001

; |LCType =

PUSH 800

; |Locale =

CALL DWORD PTR DS:[<&KERNEL32.GetLocaleI ; \KERNEL32

00413CC7 |. 8985 70FFFFFF


00413CCD |. 6A 00
0
00413CCF |. 6A 00
NULL
00413CD1 |. 68 01100000
1001
00413CD6 |. 68 00040000
LOCALE_USER_DEFAULT
00413CDB |. FF15 64804400
.GetLocaleInfoA
00413CE1 |. 8945 98
00413CE4 |. 6A 00
0
00413CE6 |. 6A 00
NULL
00413CE8 |. 68 01100000
1001
00413CED |. 8B4D D4
00413CF0 |. 81E1 FFFF0000
00413CF6 |. 0FB7D1
00413CF9 |. 52
00413CFA |. FF15 64804400
.GetLocaleInfoA
00413D00 |. 8945 E4
00413D03 |. 8B45 C8
00413D06 |. 50
00413D07 |. E8 409B0100
fo.0042D84C
00413D0C |. 83C4 04
00413D0F |. 8985 0CF8FFFF
00413D15 |. 8B8D 0CF8FFFF
00413D1B |. 898D 74FFFFFF
00413D21 |. 8B95 2CFFFFFF
00413D27 |. 52
00413D28 |. E8 1F9B0100
fo.0042D84C
00413D2D |. 83C4 04
00413D30 |. 8985 08F8FFFF
00413D36 |. 8B85 08F8FFFF
00413D3C |. 8945 9C
00413D3F |. 8B4D C4
00413D42 |. 51
00413D43 |. E8 049B0100
fo.0042D84C
00413D48 |. 83C4 04
00413D4B |. 8985 04F8FFFF
00413D51 |. 8B95 04F8FFFF
00413D57 |. 8995 58FFFFFF
00413D5D |. 8B85 64FFFFFF
00413D63 |. 50
00413D64 |. E8 E39A0100
fo.0042D84C
00413D69 |. 83C4 04
00413D6C |. 8985 00F8FFFF
00413D72 |. 8B8D 00F8FFFF
00413D78 |. 898D 24FFFFFF
00413D7E |. 8B55 D0
00413D81 |. 52
00413D82 |. E8 C59A0100

MOV DWORD PTR SS:[EBP-90],EAX


PUSH 0

; /Count =

PUSH 0

; |pData =

PUSH 1001

; |LCType =

PUSH 400

; |Locale =

CALL DWORD PTR DS:[<&KERNEL32.GetLocaleI ; \KERNEL32


MOV DWORD PTR SS:[EBP-68],EAX
PUSH 0

; /Count =

PUSH 0

; |pData =

PUSH 1001

; |LCType =

MOV ECX,DWORD PTR SS:[EBP-2C]


AND ECX,0000FFFF
MOVZX EDX,CX
PUSH EDX
CALL DWORD PTR DS:[<&KERNEL32.GetLocaleI

;
;
;
;
;

MOV DWORD PTR SS:[EBP-1C],EAX


MOV EAX,DWORD PTR SS:[EBP-38]
PUSH EAX
CALL 0042D84C

; /Arg1
; \SystemIn

ADD ESP,4
MOV DWORD PTR
MOV ECX,DWORD
MOV DWORD PTR
MOV EDX,DWORD
PUSH EDX
CALL 0042D84C

; /Arg1
; \SystemIn

ADD ESP,4
MOV DWORD PTR
MOV EAX,DWORD
MOV DWORD PTR
MOV ECX,DWORD
PUSH ECX
CALL 0042D84C

|
|
|
|Locale
\KERNEL32

SS:[EBP-7F4],EAX
PTR SS:[EBP-7F4]
SS:[EBP-8C],ECX
PTR SS:[EBP-0D4]

SS:[EBP-7F8],EAX
PTR SS:[EBP-7F8]
SS:[EBP-64],EAX
PTR SS:[EBP-3C]
; /Arg1
; \SystemIn

ADD ESP,4
MOV DWORD PTR
MOV EDX,DWORD
MOV DWORD PTR
MOV EAX,DWORD
PUSH EAX
CALL 0042D84C

SS:[EBP-7FC],EAX
PTR SS:[EBP-7FC]
SS:[EBP-0A8],EDX
PTR SS:[EBP-9C]

ADD ESP,4
MOV DWORD PTR
MOV ECX,DWORD
MOV DWORD PTR
MOV EDX,DWORD
PUSH EDX
CALL 0042D84C

SS:[EBP-800],EAX
PTR SS:[EBP-800]
SS:[EBP-0DC],ECX
PTR SS:[EBP-30]

; /Arg1
; \SystemIn

; /Arg1
; \SystemIn

fo.0042D84C
00413D87 |. 83C4 04
00413D8A |. 8985 FCF7FFFF
00413D90 |. 8B85 FCF7FFFF
00413D96 |. 8945 E8
00413D99 |. 8B8D 70FFFFFF
00413D9F |. 51
00413DA0 |. E8 A79A0100
fo.0042D84C
00413DA5 |. 83C4 04
00413DA8 |. 8985 F8F7FFFF
00413DAE |. 8B95 F8F7FFFF
00413DB4 |. 8955 DC
00413DB7 |. 8B45 98
00413DBA |. 50
00413DBB |. E8 8C9A0100
fo.0042D84C
00413DC0 |. 83C4 04
00413DC3 |. 8985 F4F7FFFF
00413DC9 |. 8B8D F4F7FFFF
00413DCF |. 898D 68FFFFFF
00413DD5 |. 8B55 E4
00413DD8 |. 52
00413DD9 |. E8 6E9A0100
fo.0042D84C
00413DDE |. 83C4 04
00413DE1 |. 8985 F0F7FFFF
00413DE7 |. 8B85 F0F7FFFF
00413DED |. 8985 30FFFFFF
00413DF3 |. 8B4D C8
00413DF6 |. 51
00413DF7 |. 8B95 74FFFFFF
00413DFD |. 52
00413DFE |. 6A 06
6
00413E00 |. 68 00080000
LOCALE_SYSTEM_DEFAULT
00413E05 |. FF15 64804400
.GetLocaleInfoA
00413E0B |. 8B85 2CFFFFFF
00413E11 |. 50
00413E12 |. 8B4D 9C
00413E15 |. 51
00413E16 |. 6A 02
2
00413E18 |. 68 00080000
LOCALE_SYSTEM_DEFAULT
00413E1D |. FF15 64804400
.GetLocaleInfoA
00413E23 |. 8B55 C4
00413E26 |. 52
00413E27 |. 8B85 58FFFFFF
00413E2D |. 50
00413E2E |. 6A 02
2
00413E30 |. 68 00040000
LOCALE_USER_DEFAULT
00413E35 |. FF15 64804400
.GetLocaleInfoA
00413E3B |. 8B8D 64FFFFFF

ADD ESP,4
MOV DWORD PTR
MOV EAX,DWORD
MOV DWORD PTR
MOV ECX,DWORD
PUSH ECX
CALL 0042D84C

SS:[EBP-804],EAX
PTR SS:[EBP-804]
SS:[EBP-18],EAX
PTR SS:[EBP-90]

ADD ESP,4
MOV DWORD PTR
MOV EDX,DWORD
MOV DWORD PTR
MOV EAX,DWORD
PUSH EAX
CALL 0042D84C

SS:[EBP-808],EAX
PTR SS:[EBP-808]
SS:[EBP-24],EDX
PTR SS:[EBP-68]

ADD ESP,4
MOV DWORD PTR
MOV ECX,DWORD
MOV DWORD PTR
MOV EDX,DWORD
PUSH EDX
CALL 0042D84C
ADD ESP,4
MOV DWORD PTR
MOV EAX,DWORD
MOV DWORD PTR
MOV ECX,DWORD
PUSH ECX
MOV EDX,DWORD
PUSH EDX
PUSH 6

; /Arg1
; \SystemIn

; /Arg1
; \SystemIn
SS:[EBP-80C],EAX
PTR SS:[EBP-80C]
SS:[EBP-98],ECX
PTR SS:[EBP-1C]
; /Arg1
; \SystemIn
SS:[EBP-810],EAX
PTR SS:[EBP-810]
SS:[EBP-0D0],EAX
PTR SS:[EBP-38]
PTR SS:[EBP-8C]

PUSH 800

;
;
;
;

/Count
|
|pData
|LCType =

; |Locale =

CALL DWORD PTR DS:[<&KERNEL32.GetLocaleI ; \KERNEL32


MOV EAX,DWORD PTR SS:[EBP-0D4]
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP-64]
PUSH ECX
PUSH 2

;
;
;
;

PUSH 800

; |Locale =

/Count
|
|pData
|LCType =

CALL DWORD PTR DS:[<&KERNEL32.GetLocaleI ; \KERNEL32


MOV EDX,DWORD PTR SS:[EBP-3C]
PUSH EDX
MOV EAX,DWORD PTR SS:[EBP-0A8]
PUSH EAX
PUSH 2

;
;
;
;

PUSH 400

; |Locale =

/Count
|
|pData
|LCType =

CALL DWORD PTR DS:[<&KERNEL32.GetLocaleI ; \KERNEL32


MOV ECX,DWORD PTR SS:[EBP-9C]

00413E41 |. 51
00413E42 |. 8B95 24FFFFFF
00413E48 |. 52
00413E49 |. 6A 02
2
00413E4B |. 8B45 D4
00413E4E |. 25 FFFF0000
00413E53 |. 0FB7C8
00413E56 |. 51
00413E57 |. FF15 64804400
.GetLocaleInfoA
00413E5D |. 8B55 D0
00413E60 |. 52
00413E61 |. 8B45 E8
00413E64 |. 50
00413E65 |. 68 02100000
1002
00413E6A |. 68 00080000
LOCALE_SYSTEM_DEFAULT
00413E6F |. FF15 64804400
.GetLocaleInfoA
00413E75 |. 8B8D 70FFFFFF
00413E7B |. 51
00413E7C |. 8B55 DC
00413E7F |. 52
00413E80 |. 68 01100000
1001
00413E85 |. 68 00080000
LOCALE_SYSTEM_DEFAULT
00413E8A |. FF15 64804400
.GetLocaleInfoA
00413E90 |. 8B45 98
00413E93 |. 50
00413E94 |. 8B8D 68FFFFFF
00413E9A |. 51
00413E9B |. 68 01100000
1001
00413EA0 |. 68 00040000
LOCALE_USER_DEFAULT
00413EA5 |. FF15 64804400
.GetLocaleInfoA
00413EAB |. 8B55 E4
00413EAE |. 52
00413EAF |. 8B85 30FFFFFF
00413EB5 |. 50
00413EB6 |. 68 01100000
1001
00413EBB |. 8B4D D4
00413EBE |. 81E1 FFFF0000
00413EC4 |. 0FB7D1
00413EC7 |. 52
00413EC8 |. FF15 64804400
.GetLocaleInfoA
00413ECE |. 68 77874400
ystemInfo.448777
00413ED3 |. 8D8D C8F7FFFF
00413ED9 |. E8 12ADFFFF
fo.0040EBF0
00413EDE |. C745 FC 12000
00413EE5 |. 8D85 C8F7FFFF

PUSH ECX
MOV EDX,DWORD PTR SS:[EBP-0DC]
PUSH EDX
PUSH 2

;
;
;
;

/Count
|
|pData
|LCType =

MOV EAX,DWORD PTR SS:[EBP-2C]


AND EAX,0000FFFF
MOVZX ECX,AX
PUSH ECX
CALL DWORD PTR DS:[<&KERNEL32.GetLocaleI

;
;
;
;
;

|
|
|
|Locale
\KERNEL32

MOV EDX,DWORD PTR SS:[EBP-30]


PUSH EDX
MOV EAX,DWORD PTR SS:[EBP-18]
PUSH EAX
PUSH 1002

;
;
;
;

/Count
|
|pData
|LCType =

PUSH 800

; |Locale =

CALL DWORD PTR DS:[<&KERNEL32.GetLocaleI ; \KERNEL32


MOV ECX,DWORD PTR SS:[EBP-90]
PUSH ECX
MOV EDX,DWORD PTR SS:[EBP-24]
PUSH EDX
PUSH 1001

;
;
;
;

PUSH 800

; |Locale =

/Count
|
|pData
|LCType =

CALL DWORD PTR DS:[<&KERNEL32.GetLocaleI ; \KERNEL32


MOV EAX,DWORD PTR SS:[EBP-68]
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP-98]
PUSH ECX
PUSH 1001

;
;
;
;

PUSH 400

; |Locale =

/Count
|
|pData
|LCType =

CALL DWORD PTR DS:[<&KERNEL32.GetLocaleI ; \KERNEL32


MOV EDX,DWORD PTR SS:[EBP-1C]
PUSH EDX
MOV EAX,DWORD PTR SS:[EBP-0D0]
PUSH EAX
PUSH 1001

;
;
;
;

/Count
|
|pData
|LCType =

MOV ECX,DWORD PTR SS:[EBP-2C]


AND ECX,0000FFFF
MOVZX EDX,CX
PUSH EDX
CALL DWORD PTR DS:[<&KERNEL32.GetLocaleI

;
;
;
;
;

|
|
|
|Locale
\KERNEL32

PUSH OFFSET 00448777

; /Arg1 = S

LEA ECX,[EBP-838]
CALL 0040EBF0

; |
; \SystemIn

MOV DWORD PTR SS:[EBP-4],12


LEA EAX,[EBP-838]

00413EEB |.
00413EEC |.
00413EF1 |.
fo.00407120
00413EF6 |.
00413EFC |.
00413EFF |.
00413F05 |.
"
00413F0A |.
00413F10 |.
[4528FC] = 0
00413F11 |.
00413F16 |.
00413F1B |.
[4528F8] = 0
00413F1C |.
00413F21 |.
nfo.00405E60
00413F26 |.
00413F27 |.
00413F2C |.
00413F2F |.
00413F31 |.
fo.00405E60
00413F36 |.
00413F37 |.
00413F3C |.
00413F3F |.
00413F45 |.
00413F46 |.
00413F4B |.
fo.00406460
00413F50 |.
00413F56 |.
00413F5C |.
00413F62 |.
00413F66 |.
00413F6D |.
00413F74 |.
00413F78 |.
00413F7A |.
00413F84 |.
00413F86 |>
00413F89 |.
00413F8B |.
00413F8E |.
00413F91 |.
00413F97 |>
00413F9D |.
00413FA0 |.
00413FA6 |.
00413FAB |.
00413FAD |.
00413FB3 |.
00413FB6 |.
00413FBB |.
00413FC1 |.
00413FC7 |.
00413FC9 |.

50
B9 0C294500
E8 2A32FFFF

PUSH EAX
MOV ECX,OFFSET 0045290C
CALL 00407120

; /Arg1
; |
; \SystemIn

8B0D FC284500
83C1 01
890D FC284500
68 74874400

MOV ECX,DWORD PTR DS:[4528FC]


ADD ECX,1
MOV DWORD PTR DS:[4528FC],ECX
PUSH OFFSET 00448774

; ASCII ".

8B15 FC284500 MOV EDX,DWORD PTR DS:[4528FC]


52
PUSH EDX

; /Arg1 =>

68 D0914400
A1 F8284500
50

PUSH OFFSET 004491D0


MOV EAX,DWORD PTR DS:[4528F8]
PUSH EAX

; |
; |
; |/Arg1 =>

B9 08294500
E8 3A1FFFFF

MOV ECX,OFFSET 00452908


CALL 00405E60

; ||
; |\SystemI

50
E8 346AFFFF
83C4 08
8BC8
E8 2A1FFFFF

PUSH EAX
CALL 0040A960
ADD ESP,8
MOV ECX,EAX
CALL 00405E60

;
;
;
;
;

50
E8 246AFFFF
83C4 08
8D8D ACF7FFFF
51
B9 08294500
E8 1025FFFF

PUSH EAX
CALL 0040A960
ADD ESP,8
LEA ECX,[EBP-854]
PUSH ECX
MOV ECX,OFFSET 00452908
CALL 00406460

; /Arg1
; |
; \SystemIn

8985 CCEAFFFF
8B95 CCEAFFFF
8995 C8EAFFFF
C645 FC 13
C685 EFF7FFFF
C685 EEF7FFFF
837D 08 00
75 0C
C785 48EEFFFF
EB 11
8B45 08
8B08
8B55 08
0351 04
8995 48EEFFFF
8B85 48EEFFFF
8B48 10
898D 4CEEFFFF
BA C0010000
F7D2
8B85 48EEFFFF
2350 10
B9 40000000
81E1 C0010000
81E1 FFFF0000
0BD1
8B85 48EEFFFF

MOV DWORD PTR SS:[EBP-1534],EAX


MOV EDX,DWORD PTR SS:[EBP-1534]
MOV DWORD PTR SS:[EBP-1538],EDX
MOV BYTE PTR SS:[EBP-4],13
MOV BYTE PTR SS:[EBP-811],20
MOV BYTE PTR SS:[EBP-812],2E
CMP DWORD PTR SS:[EBP+8],0
JNE SHORT 00413F86
MOV DWORD PTR SS:[EBP-11B8],0
JMP SHORT 00413F97
MOV EAX,DWORD PTR SS:[EBP+8]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[EBP+8]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[EBP-11B8],EDX
MOV EAX,DWORD PTR SS:[EBP-11B8]
MOV ECX,DWORD PTR DS:[EAX+10]
MOV DWORD PTR SS:[EBP-11B4],ECX
MOV EDX,1C0
NOT EDX
MOV EAX,DWORD PTR SS:[EBP-11B8]
AND EDX,DWORD PTR DS:[EAX+10]
MOV ECX,40
AND ECX,000001C0
AND ECX,0000FFFF
OR EDX,ECX
MOV EAX,DWORD PTR SS:[EBP-11B8]

|
|
|
|
\SystemIn

00413FCF |.
00413FD2 |.
00413FD4 |.
00413FDA |.
00413FDB |.
fo.0042D798
00413FE0 |.
00413FE3 |.
00413FE9 |.
00413FED |.
00413FEF |.
00413FF9 |.
00413FFB |>
00413FFE |.
00414000 |.
00414003 |.
00414006 |.
0041400C |>
00414012 |.
00414015 |.
00414016 |.
0041401C |.
0041401D |.
00414023 |.
00414025 |.
00414027 |.
0041402A |.
00414030 |.
00414031 |.
00414034 |.
00414035 |.
0041403A |.
0041403D |.
00414043 |.
0041404A |.
0041404C |.
00414056 |.
00414058 |>
0041405E |.
00414060 |.
00414066 |.
00414069 |.
0041406F |>
00414075 |.
00414078 |.
0041407E |.
00414083 |.
00414085 |.
0041408B |.
0041408E |.
00414093 |.
00414099 |.
0041409F |.
004140A1 |.
004140A7 |.
004140AA |.
3
004140AC |.
004140B2 |.
004140B3 |.

8950 10
6A 06
8D8D A4F7FFFF
51
E8 B8970100

MOV DWORD PTR DS:[EAX+10],EDX


PUSH 6
LEA ECX,[EBP-85C]
PUSH ECX
CALL 0042D798

;
;
;
;

83C4 08
8985 44EEFFFF
837D 08 00
75 0C
C785 C4EAFFFF
EB 11
8B55 08
8B02
8B4D 08
0348 04
898D C4EAFFFF
8B95 44EEFFFF
8B42 04
50
8B8D C4EAFFFF
51
8B95 44EEFFFF
8B02
FFD0
83C4 08
8B8D C8EAFFFF
51
8B55 08
52
E8 266EFFFF
83C4 08
8985 38EEFFFF
83BD 38EEFFFF
75 0C
C785 3CEEFFFF
EB 17
8B85 38EEFFFF
8B08
8B95 38EEFFFF
0351 04
8995 3CEEFFFF
8B85 3CEEFFFF
8B48 10
898D 40EEFFFF
BA C0010000
F7D2
8B85 3CEEFFFF
2350 10
B9 80000000
81E1 C0010000
81E1 FFFF0000
0BD1
8B85 3CEEFFFF
8950 10
6A 23

ADD ESP,8
MOV DWORD PTR SS:[EBP-11BC],EAX
CMP DWORD PTR SS:[EBP+8],0
JNE SHORT 00413FFB
MOV DWORD PTR SS:[EBP-153C],0
JMP SHORT 0041400C
MOV EDX,DWORD PTR SS:[EBP+8]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[EBP+8]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[EBP-153C],ECX
MOV EDX,DWORD PTR SS:[EBP-11BC]
MOV EAX,DWORD PTR DS:[EDX+4]
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP-153C]
PUSH ECX
MOV EDX,DWORD PTR SS:[EBP-11BC]
MOV EAX,DWORD PTR DS:[EDX]
CALL EAX
ADD ESP,8
MOV ECX,DWORD PTR SS:[EBP-1538]
PUSH ECX
MOV EDX,DWORD PTR SS:[EBP+8]
PUSH EDX
CALL 0040AE60
ADD ESP,8
MOV DWORD PTR SS:[EBP-11C8],EAX
CMP DWORD PTR SS:[EBP-11C8],0
JNE SHORT 00414058
MOV DWORD PTR SS:[EBP-11C4],0
JMP SHORT 0041406F
MOV EAX,DWORD PTR SS:[EBP-11C8]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[EBP-11C8]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[EBP-11C4],EDX
MOV EAX,DWORD PTR SS:[EBP-11C4]
MOV ECX,DWORD PTR DS:[EAX+10]
MOV DWORD PTR SS:[EBP-11C0],ECX
MOV EDX,1C0
NOT EDX
MOV EAX,DWORD PTR SS:[EBP-11C4]
AND EDX,DWORD PTR DS:[EAX+10]
MOV ECX,80
AND ECX,000001C0
AND ECX,0000FFFF
OR EDX,ECX
MOV EAX,DWORD PTR SS:[EBP-11C4]
MOV DWORD PTR DS:[EAX+10],EDX
PUSH 23

; /Arg2 = 2

8D8D E4F7FFFF LEA ECX,[EBP-81C]


51
PUSH ECX
E8 E0960100 CALL 0042D798

/Arg2 = 6
|
|Arg1
\SystemIn

; |
; |Arg1
; \SystemIn

fo.0042D798
004140B8 |.
004140BB |.
004140C1 |.
004140C8 |.
004140CA |.
004140D4 |.
004140D6 |>
004140DC |.
004140DE |.
004140E4 |.
004140E7 |.
004140ED |>
004140F3 |.
004140F6 |.
004140F7 |.
004140FD |.
004140FE |.
00414104 |.
00414106 |.
00414108 |.
0041410B |.
00414111 |.
00414117 |.
0041411D |.
0041411F |.
00414125 |.
00414128 |.
0041412E |.
00414134 |.
00414137 |.
0041413D |.
00414143 |.
00414149 |.
0041414C |.
00414153 |.
00414155 |.
0041415F |.
00414161 |>
00414167 |.
00414169 |.
0041416F |.
00414172 |.
00414178 |>
0041417E |.
00414181 |.
00414187 |.
0041418C |.
0041418E |.
00414194 |.
00414197 |.
0041419C |.
004141A2 |.
004141A8 |.
004141AA |.
004141B0 |.
004141B3 |.
untry"
004141B8 |.
004141BE |.

83C4 08
8985 34EEFFFF
83BD 38EEFFFF
75 0C
C785 C0EAFFFF
EB 17
8B95 38EEFFFF
8B02
8B8D 38EEFFFF
0348 04
898D C0EAFFFF
8B95 34EEFFFF
8B42 04
50
8B8D C0EAFFFF
51
8B95 34EEFFFF
8B02
FFD0
83C4 08
8A8D EEF7FFFF
888D 2BEEFFFF
8B95 38EEFFFF
8B02
8B8D 38EEFFFF
0348 04
898D 2CEEFFFF
8B95 2CEEFFFF
8A42 30
8885 33EEFFFF
8B8D 2CEEFFFF
8A95 2BEEFFFF
8851 30
83BD 38EEFFFF
75 0C
C785 20EEFFFF
EB 17
8B85 38EEFFFF
8B08
8B95 38EEFFFF
0351 04
8995 20EEFFFF
8B85 20EEFFFF
8B48 10
898D 24EEFFFF
BA C0010000
F7D2
8B85 20EEFFFF
2350 10
B9 40000000
81E1 C0010000
81E1 FFFF0000
0BD1
8B85 20EEFFFF
8950 10
68 048F4400

ADD ESP,8
MOV DWORD PTR SS:[EBP-11CC],EAX
CMP DWORD PTR SS:[EBP-11C8],0
JNE SHORT 004140D6
MOV DWORD PTR SS:[EBP-1540],0
JMP SHORT 004140ED
MOV EDX,DWORD PTR SS:[EBP-11C8]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[EBP-11C8]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[EBP-1540],ECX
MOV EDX,DWORD PTR SS:[EBP-11CC]
MOV EAX,DWORD PTR DS:[EDX+4]
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP-1540]
PUSH ECX
MOV EDX,DWORD PTR SS:[EBP-11CC]
MOV EAX,DWORD PTR DS:[EDX]
CALL EAX
ADD ESP,8
MOV CL,BYTE PTR SS:[EBP-812]
MOV BYTE PTR SS:[EBP-11D5],CL
MOV EDX,DWORD PTR SS:[EBP-11C8]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[EBP-11C8]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[EBP-11D4],ECX
MOV EDX,DWORD PTR SS:[EBP-11D4]
MOV AL,BYTE PTR DS:[EDX+30]
MOV BYTE PTR SS:[EBP-11CD],AL
MOV ECX,DWORD PTR SS:[EBP-11D4]
MOV DL,BYTE PTR SS:[EBP-11D5]
MOV BYTE PTR DS:[ECX+30],DL
CMP DWORD PTR SS:[EBP-11C8],0
JNE SHORT 00414161
MOV DWORD PTR SS:[EBP-11E0],0
JMP SHORT 00414178
MOV EAX,DWORD PTR SS:[EBP-11C8]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[EBP-11C8]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[EBP-11E0],EDX
MOV EAX,DWORD PTR SS:[EBP-11E0]
MOV ECX,DWORD PTR DS:[EAX+10]
MOV DWORD PTR SS:[EBP-11DC],ECX
MOV EDX,1C0
NOT EDX
MOV EAX,DWORD PTR SS:[EBP-11E0]
AND EDX,DWORD PTR DS:[EAX+10]
MOV ECX,40
AND ECX,000001C0
AND ECX,0000FFFF
OR EDX,ECX
MOV EAX,DWORD PTR SS:[EBP-11E0]
MOV DWORD PTR DS:[EAX+10],EDX
PUSH OFFSET 00448F04

8B8D 38EEFFFF MOV ECX,DWORD PTR SS:[EBP-11C8]


51
PUSH ECX

; ASCII "Co

004141BF |.
004141C4 |.
004141C7 |.
004141CD |.
004141D4 |.
004141D6 |.
004141E0 |.
004141E2 |>
004141E8 |.
004141EA |.
004141F0 |.
004141F3 |.
004141F9 |>
004141FF |.
00414202 |.
00414208 |.
0041420D |.
0041420F |.
00414215 |.
00414218 |.
0041421D |.
00414222 |.
00414227 |.
00414229 |.
0041422F |.
00414232 |.
00414238 |.
0041423E |.
00414244 |.
00414246 |.
0041424C |.
0041424F |.
00414255 |.
0041425B |.
0041425E |.
00414264 |.
0041426A |.
00414270 |.
00414273 |.
00414279 |.
0041427A |.
00414280 |.
00414281 |.
00414286 |.
00414289 |.
0041428F |.
A
00414291 |.
00414297 |.
fo.0040F5C0
0041429C |.
004142A2 |.
fo.0040F7C0
004142A7 |.
004142AB |.
004142AD |.
004142AF |.
004142B5 |.
fo.0040FB60
004142BA |.

E8 9C67FFFF
83C4 08
8985 14EEFFFF
83BD 14EEFFFF
75 0C
C785 18EEFFFF
EB 17
8B95 14EEFFFF
8B02
8B8D 14EEFFFF
0348 04
898D 18EEFFFF
8B95 18EEFFFF
8B42 10
8985 1CEEFFFF
B9 C0010000
F7D1
8B95 18EEFFFF
234A 10
B8 80000000
25 C0010000
25 FFFF0000
0BC8
8B95 18EEFFFF
894A 10
8A85 EFF7FFFF
8885 0BEEFFFF
8B8D 14EEFFFF
8B11
8B85 14EEFFFF
0342 04
8985 0CEEFFFF
8B8D 0CEEFFFF
8A51 30
8895 13EEFFFF
8B85 0CEEFFFF
8A8D 0BEEFFFF
8848 30
8B95 74FFFFFF
52
8B85 14EEFFFF
50
E8 DA66FFFF
83C4 08
8985 04EEFFFF
6A 0A

CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[EBP-11EC],EAX
CMP DWORD PTR SS:[EBP-11EC],0
JNE SHORT 004141E2
MOV DWORD PTR SS:[EBP-11E8],0
JMP SHORT 004141F9
MOV EDX,DWORD PTR SS:[EBP-11EC]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[EBP-11EC]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[EBP-11E8],ECX
MOV EDX,DWORD PTR SS:[EBP-11E8]
MOV EAX,DWORD PTR DS:[EDX+10]
MOV DWORD PTR SS:[EBP-11E4],EAX
MOV ECX,1C0
NOT ECX
MOV EDX,DWORD PTR SS:[EBP-11E8]
AND ECX,DWORD PTR DS:[EDX+10]
MOV EAX,80
AND EAX,000001C0
AND EAX,0000FFFF
OR ECX,EAX
MOV EDX,DWORD PTR SS:[EBP-11E8]
MOV DWORD PTR DS:[EDX+10],ECX
MOV AL,BYTE PTR SS:[EBP-811]
MOV BYTE PTR SS:[EBP-11F5],AL
MOV ECX,DWORD PTR SS:[EBP-11EC]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[EBP-11EC]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[EBP-11F4],EAX
MOV ECX,DWORD PTR SS:[EBP-11F4]
MOV DL,BYTE PTR DS:[ECX+30]
MOV BYTE PTR SS:[EBP-11ED],DL
MOV EAX,DWORD PTR SS:[EBP-11F4]
MOV CL,BYTE PTR SS:[EBP-11F5]
MOV BYTE PTR DS:[EAX+30],CL
MOV EDX,DWORD PTR SS:[EBP-8C]
PUSH EDX
MOV EAX,DWORD PTR SS:[EBP-11EC]
PUSH EAX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[EBP-11FC],EAX
PUSH 0A

; /Arg1 = 0

8B8D 04EEFFFF MOV ECX,DWORD PTR SS:[EBP-11FC]


E8 24B3FFFF CALL 0040F5C0

; |
; \SystemIn

8B8D 04EEFFFF MOV ECX,DWORD PTR SS:[EBP-11FC]


E8 19B5FFFF CALL 0040F7C0

; [SystemIn

C645 FC 12
6A 00
6A 01
8D8D ACF7FFFF
E8 A6B8FFFF

;
;
;
;

MOV BYTE PTR SS:[EBP-4],12


PUSH 0
PUSH 1
LEA ECX,[EBP-854]
CALL 0040FB60

C745 FC FFFFF MOV DWORD PTR SS:[EBP-4],-1

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

004142C1 |. 6A 00
004142C3 |. 6A 01
004142C5 |. 8D8D C8F7FFFF
004142CB |. E8 90B8FFFF
fo.0040FB60
004142D0 |. 68 77874400
ystemInfo.448777
004142D5 |. 8D8D 7CF7FFFF
004142DB |. E8 10A9FFFF
fo.0040EBF0
004142E0 |. C745 FC 14000
004142E7 |. 8D8D 7CF7FFFF
004142ED |. 51
004142EE |. B9 0C294500
004142F3 |. E8 282EFFFF
fo.00407120
004142F8 |. 8B15 FC284500
004142FE |. 83C2 01
00414301 |. 8915 FC284500
00414307 |. 68 74874400
"
0041430C |. A1 FC284500
00414311 |. 50
[4528FC] = 0
00414312 |. 68 D0914400
00414317 |. 8B0D F8284500
0041431D |. 51
[4528F8] = 0
0041431E |. B9 08294500
00414323 |. E8 381BFFFF
nfo.00405E60
00414328 |. 50
00414329 |. E8 3266FFFF
0041432E |. 83C4 08
00414331 |. 8BC8
00414333 |. E8 281BFFFF
fo.00405E60
00414338 |. 50
00414339 |. E8 2266FFFF
0041433E |. 83C4 08
00414341 |. 8D95 60F7FFFF
00414347 |. 52
00414348 |. B9 08294500
0041434D |. E8 0E21FFFF
fo.00406460
00414352 |. 8985 BCEAFFFF
00414358 |. 8B85 BCEAFFFF
0041435E |. 8985 B8EAFFFF
00414364 |. C645 FC 15
00414368 |. C685 A3F7FFFF
0041436F |. C685 A2F7FFFF
00414376 |. 837D 08 00
0041437A |. 75 0C
0041437C |. C785 E8EDFFFF
00414386 |. EB 11
00414388 |> 8B4D 08
0041438B |. 8B11
0041438D |. 8B45 08
00414390 |. 0342 04
00414393 |. 8985 E8EDFFFF

PUSH 0
PUSH 1
LEA ECX,[EBP-838]
CALL 0040FB60

;
;
;
;

PUSH OFFSET 00448777

; /Arg1 = S

LEA ECX,[EBP-884]
CALL 0040EBF0

; |
; \SystemIn

MOV DWORD PTR SS:[EBP-4],14


LEA ECX,[EBP-884]
PUSH ECX
MOV ECX,OFFSET 0045290C
CALL 00407120

; /Arg1
; |
; \SystemIn

MOV EDX,DWORD PTR DS:[4528FC]


ADD EDX,1
MOV DWORD PTR DS:[4528FC],EDX
PUSH OFFSET 00448774

; ASCII ".

MOV EAX,DWORD PTR DS:[4528FC]


PUSH EAX

; /Arg1 =>

PUSH OFFSET 004491D0


MOV ECX,DWORD PTR DS:[4528F8]
PUSH ECX

; |
; |
; |/Arg1 =>

MOV ECX,OFFSET 00452908


CALL 00405E60

; ||
; |\SystemI

PUSH EAX
CALL 0040A960
ADD ESP,8
MOV ECX,EAX
CALL 00405E60

;
;
;
;
;

PUSH EAX
CALL 0040A960
ADD ESP,8
LEA EDX,[EBP-8A0]
PUSH EDX
MOV ECX,OFFSET 00452908
CALL 00406460

; /Arg1
; |
; \SystemIn

MOV
MOV
MOV
MOV
MOV
MOV
CMP
JNE
MOV
JMP
MOV
MOV
MOV
ADD
MOV

DWORD PTR SS:[EBP-1544],EAX


EAX,DWORD PTR SS:[EBP-1544]
DWORD PTR SS:[EBP-1548],EAX
BYTE PTR SS:[EBP-4],15
BYTE PTR SS:[EBP-85D],20
BYTE PTR SS:[EBP-85E],2E
DWORD PTR SS:[EBP+8],0
SHORT 00414388
DWORD PTR SS:[EBP-1218],0
SHORT 00414399
ECX,DWORD PTR SS:[EBP+8]
EDX,DWORD PTR DS:[ECX]
EAX,DWORD PTR SS:[EBP+8]
EAX,DWORD PTR DS:[EDX+4]
DWORD PTR SS:[EBP-1218],EAX

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

|
|
|
|
\SystemIn

00414399 |>
0041439F |.
004143A2 |.
004143A8 |.
004143AD |.
004143AF |.
004143B5 |.
004143B8 |.
004143BD |.
004143C3 |.
004143C9 |.
004143CB |.
004143D1 |.
004143D4 |.
004143D6 |.
004143DC |.
004143DD |.
fo.0042D798
004143E2 |.
004143E5 |.
004143EB |.
004143EF |.
004143F1 |.
004143FB |.
004143FD |>
00414400 |.
00414402 |.
00414405 |.
00414408 |.
0041440E |>
00414414 |.
00414417 |.
00414418 |.
0041441E |.
0041441F |.
00414425 |.
00414427 |.
00414429 |.
0041442C |.
00414432 |.
00414433 |.
00414436 |.
00414437 |.
0041443C |.
0041443F |.
00414445 |.
0041444C |.
0041444E |.
00414458 |.
0041445A |>
00414460 |.
00414462 |.
00414468 |.
0041446B |.
00414471 |>
00414477 |.
0041447A |.
00414480 |.
00414485 |.
00414487 |.

8B8D E8EDFFFF
8B51 10
8995 ECEDFFFF
B8 C0010000
F7D0
8B8D E8EDFFFF
2341 10
BA 40000000
81E2 C0010000
81E2 FFFF0000
0BC2
8B8D E8EDFFFF
8941 10
6A 06
8D95 58F7FFFF
52
E8 B6930100

MOV ECX,DWORD PTR SS:[EBP-1218]


MOV EDX,DWORD PTR DS:[ECX+10]
MOV DWORD PTR SS:[EBP-1214],EDX
MOV EAX,1C0
NOT EAX
MOV ECX,DWORD PTR SS:[EBP-1218]
AND EAX,DWORD PTR DS:[ECX+10]
MOV EDX,40
AND EDX,000001C0
AND EDX,0000FFFF
OR EAX,EDX
MOV ECX,DWORD PTR SS:[EBP-1218]
MOV DWORD PTR DS:[ECX+10],EAX
PUSH 6
LEA EDX,[EBP-8A8]
PUSH EDX
CALL 0042D798

83C4 08
8985 E4EDFFFF
837D 08 00
75 0C
C785 B4EAFFFF
EB 11
8B45 08
8B08
8B55 08
0351 04
8995 B4EAFFFF
8B85 E4EDFFFF
8B48 04
51
8B95 B4EAFFFF
52
8B85 E4EDFFFF
8B08
FFD1
83C4 08
8B95 B8EAFFFF
52
8B45 08
50
E8 246AFFFF
83C4 08
8985 D8EDFFFF
83BD D8EDFFFF
75 0C
C785 DCEDFFFF
EB 17
8B8D D8EDFFFF
8B11
8B85 D8EDFFFF
0342 04
8985 DCEDFFFF
8B8D DCEDFFFF
8B51 10
8995 E0EDFFFF
B8 C0010000
F7D0
8B8D DCEDFFFF

ADD ESP,8
MOV DWORD PTR SS:[EBP-121C],EAX
CMP DWORD PTR SS:[EBP+8],0
JNE SHORT 004143FD
MOV DWORD PTR SS:[EBP-154C],0
JMP SHORT 0041440E
MOV EAX,DWORD PTR SS:[EBP+8]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[EBP+8]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[EBP-154C],EDX
MOV EAX,DWORD PTR SS:[EBP-121C]
MOV ECX,DWORD PTR DS:[EAX+4]
PUSH ECX
MOV EDX,DWORD PTR SS:[EBP-154C]
PUSH EDX
MOV EAX,DWORD PTR SS:[EBP-121C]
MOV ECX,DWORD PTR DS:[EAX]
CALL ECX
ADD ESP,8
MOV EDX,DWORD PTR SS:[EBP-1548]
PUSH EDX
MOV EAX,DWORD PTR SS:[EBP+8]
PUSH EAX
CALL 0040AE60
ADD ESP,8
MOV DWORD PTR SS:[EBP-1228],EAX
CMP DWORD PTR SS:[EBP-1228],0
JNE SHORT 0041445A
MOV DWORD PTR SS:[EBP-1224],0
JMP SHORT 00414471
MOV ECX,DWORD PTR SS:[EBP-1228]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[EBP-1228]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[EBP-1224],EAX
MOV ECX,DWORD PTR SS:[EBP-1224]
MOV EDX,DWORD PTR DS:[ECX+10]
MOV DWORD PTR SS:[EBP-1220],EDX
MOV EAX,1C0
NOT EAX
MOV ECX,DWORD PTR SS:[EBP-1224]

;
;
;
;

/Arg2 = 6
|
|Arg1
\SystemIn

0041448D |.
00414490 |.
00414495 |.
0041449B |.
004144A1 |.
004144A3 |.
004144A9 |.
004144AC |.
3
004144AE |.
004144B4 |.
004144B5 |.
fo.0042D798
004144BA |.
004144BD |.
004144C3 |.
004144CA |.
004144CC |.
004144D6 |.
004144D8 |>
004144DE |.
004144E0 |.
004144E6 |.
004144E9 |.
004144EF |>
004144F5 |.
004144F8 |.
004144F9 |.
004144FF |.
00414500 |.
00414506 |.
00414508 |.
0041450A |.
0041450D |.
00414513 |.
00414519 |.
0041451F |.
00414521 |.
00414527 |.
0041452A |.
00414530 |.
00414536 |.
00414539 |.
0041453F |.
00414545 |.
0041454B |.
0041454E |.
00414555 |.
00414557 |.
00414561 |.
00414563 |>
00414569 |.
0041456B |.
00414571 |.
00414574 |.
0041457A |>
00414580 |.
00414583 |.
00414589 |.
0041458E |.

2341 10
BA 80000000
81E2 C0010000
81E2 FFFF0000
0BC2
8B8D DCEDFFFF
8941 10
6A 23

AND EAX,DWORD PTR DS:[ECX+10]


MOV EDX,80
AND EDX,000001C0
AND EDX,0000FFFF
OR EAX,EDX
MOV ECX,DWORD PTR SS:[EBP-1224]
MOV DWORD PTR DS:[ECX+10],EAX
PUSH 23

8D95 98F7FFFF LEA EDX,[EBP-868]


52
PUSH EDX
E8 DE920100 CALL 0042D798
83C4 08
8985 D4EDFFFF
83BD D8EDFFFF
75 0C
C785 B0EAFFFF
EB 17
8B85 D8EDFFFF
8B08
8B95 D8EDFFFF
0351 04
8995 B0EAFFFF
8B85 D4EDFFFF
8B48 04
51
8B95 B0EAFFFF
52
8B85 D4EDFFFF
8B08
FFD1
83C4 08
8A95 A2F7FFFF
8895 CBEDFFFF
8B85 D8EDFFFF
8B08
8B95 D8EDFFFF
0351 04
8995 CCEDFFFF
8B85 CCEDFFFF
8A48 30
888D D3EDFFFF
8B95 CCEDFFFF
8A85 CBEDFFFF
8842 30
83BD D8EDFFFF
75 0C
C785 C0EDFFFF
EB 17
8B8D D8EDFFFF
8B11
8B85 D8EDFFFF
0342 04
8985 C0EDFFFF
8B8D C0EDFFFF
8B51 10
8995 C4EDFFFF
B8 C0010000
F7D0

ADD ESP,8
MOV DWORD PTR SS:[EBP-122C],EAX
CMP DWORD PTR SS:[EBP-1228],0
JNE SHORT 004144D8
MOV DWORD PTR SS:[EBP-1550],0
JMP SHORT 004144EF
MOV EAX,DWORD PTR SS:[EBP-1228]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[EBP-1228]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[EBP-1550],EDX
MOV EAX,DWORD PTR SS:[EBP-122C]
MOV ECX,DWORD PTR DS:[EAX+4]
PUSH ECX
MOV EDX,DWORD PTR SS:[EBP-1550]
PUSH EDX
MOV EAX,DWORD PTR SS:[EBP-122C]
MOV ECX,DWORD PTR DS:[EAX]
CALL ECX
ADD ESP,8
MOV DL,BYTE PTR SS:[EBP-85E]
MOV BYTE PTR SS:[EBP-1235],DL
MOV EAX,DWORD PTR SS:[EBP-1228]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[EBP-1228]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[EBP-1234],EDX
MOV EAX,DWORD PTR SS:[EBP-1234]
MOV CL,BYTE PTR DS:[EAX+30]
MOV BYTE PTR SS:[EBP-122D],CL
MOV EDX,DWORD PTR SS:[EBP-1234]
MOV AL,BYTE PTR SS:[EBP-1235]
MOV BYTE PTR DS:[EDX+30],AL
CMP DWORD PTR SS:[EBP-1228],0
JNE SHORT 00414563
MOV DWORD PTR SS:[EBP-1240],0
JMP SHORT 0041457A
MOV ECX,DWORD PTR SS:[EBP-1228]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[EBP-1228]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[EBP-1240],EAX
MOV ECX,DWORD PTR SS:[EBP-1240]
MOV EDX,DWORD PTR DS:[ECX+10]
MOV DWORD PTR SS:[EBP-123C],EDX
MOV EAX,1C0
NOT EAX

; /Arg2 = 2
; |
; |Arg1
; \SystemIn

00414590
00414596
00414599
0041459E
004145A4
004145AA
004145AC
004145B2
004145B5
nguage"
004145BA
004145C0
004145C1
004145C6
004145C9
004145CF
004145D6
004145D8
004145E2
004145E4
004145EA
004145EC
004145F2
004145F5
004145FB
00414601
00414604
0041460A
0041460F
00414611
00414617
0041461A
0041461F
00414625
0041462B
0041462D
00414633
00414636
0041463C
00414642
00414648
0041464A
00414650
00414653
00414659
0041465F
00414662
00414668
0041466E
00414674
00414677
0041467A
0041467B
00414681
00414682
00414687
0041468A
00414690
A
00414692

|.
|.
|.
|.
|.
|.
|.
|.
|.

8B8D C0EDFFFF
2341 10
BA 40000000
81E2 C0010000
81E2 FFFF0000
0BC2
8B8D C0EDFFFF
8941 10
68 F88E4400

MOV ECX,DWORD PTR SS:[EBP-1240]


AND EAX,DWORD PTR DS:[ECX+10]
MOV EDX,40
AND EDX,000001C0
AND EDX,0000FFFF
OR EAX,EDX
MOV ECX,DWORD PTR SS:[EBP-1240]
MOV DWORD PTR DS:[ECX+10],EAX
PUSH OFFSET 00448EF8

; ASCII "La

|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.

8B95 D8EDFFFF
52
E8 9A63FFFF
83C4 08
8985 B4EDFFFF
83BD B4EDFFFF
75 0C
C785 B8EDFFFF
EB 17
8B85 B4EDFFFF
8B08
8B95 B4EDFFFF
0351 04
8995 B8EDFFFF
8B85 B8EDFFFF
8B48 10
898D BCEDFFFF
BA C0010000
F7D2
8B85 B8EDFFFF
2350 10
B9 80000000
81E1 C0010000
81E1 FFFF0000
0BD1
8B85 B8EDFFFF
8950 10
8A8D A3F7FFFF
888D ABEDFFFF
8B95 B4EDFFFF
8B02
8B8D B4EDFFFF
0348 04
898D ACEDFFFF
8B95 ACEDFFFF
8A42 30
8885 B3EDFFFF
8B8D ACEDFFFF
8A95 ABEDFFFF
8851 30
8B45 9C
50
8B8D B4EDFFFF
51
E8 D962FFFF
83C4 08
8985 A4EDFFFF
6A 0A

MOV EDX,DWORD PTR SS:[EBP-1228]


PUSH EDX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[EBP-124C],EAX
CMP DWORD PTR SS:[EBP-124C],0
JNE SHORT 004145E4
MOV DWORD PTR SS:[EBP-1248],0
JMP SHORT 004145FB
MOV EAX,DWORD PTR SS:[EBP-124C]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[EBP-124C]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[EBP-1248],EDX
MOV EAX,DWORD PTR SS:[EBP-1248]
MOV ECX,DWORD PTR DS:[EAX+10]
MOV DWORD PTR SS:[EBP-1244],ECX
MOV EDX,1C0
NOT EDX
MOV EAX,DWORD PTR SS:[EBP-1248]
AND EDX,DWORD PTR DS:[EAX+10]
MOV ECX,80
AND ECX,000001C0
AND ECX,0000FFFF
OR EDX,ECX
MOV EAX,DWORD PTR SS:[EBP-1248]
MOV DWORD PTR DS:[EAX+10],EDX
MOV CL,BYTE PTR SS:[EBP-85D]
MOV BYTE PTR SS:[EBP-1255],CL
MOV EDX,DWORD PTR SS:[EBP-124C]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[EBP-124C]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[EBP-1254],ECX
MOV EDX,DWORD PTR SS:[EBP-1254]
MOV AL,BYTE PTR DS:[EDX+30]
MOV BYTE PTR SS:[EBP-124D],AL
MOV ECX,DWORD PTR SS:[EBP-1254]
MOV DL,BYTE PTR SS:[EBP-1255]
MOV BYTE PTR DS:[ECX+30],DL
MOV EAX,DWORD PTR SS:[EBP-64]
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP-124C]
PUSH ECX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[EBP-125C],EAX
PUSH 0A

; /Arg1 = 0

|. 8B8D A4EDFFFF MOV ECX,DWORD PTR SS:[EBP-125C]

; |

00414698 |. E8 23AFFFFF
fo.0040F5C0
0041469D |. 8B8D A4EDFFFF
004146A3 |. E8 18B1FFFF
fo.0040F7C0
004146A8 |. C645 FC 14
004146AC |. 6A 00
004146AE |. 6A 01
004146B0 |. 8D8D 60F7FFFF
004146B6 |. E8 A5B4FFFF
fo.0040FB60
004146BB |. C745 FC FFFFF
004146C2 |. 6A 00
004146C4 |. 6A 01
004146C6 |. 8D8D 7CF7FFFF
004146CC |. E8 8FB4FFFF
fo.0040FB60
004146D1 |. 68 77874400
ystemInfo.448777
004146D6 |. 8D8D 30F7FFFF
004146DC |. E8 0FA5FFFF
fo.0040EBF0
004146E1 |. C745 FC 16000
004146E8 |. 8D95 30F7FFFF
004146EE |. 52
004146EF |. B9 0C294500
004146F4 |. E8 272AFFFF
fo.00407120
004146F9 |. A1 FC284500
004146FE |. 83C0 01
00414701 |. A3 FC284500
00414706 |. 68 74874400
"
0041470B |. 8B0D FC284500
00414711 |. 51
[4528FC] = 0
00414712 |. 68 D0914400
00414717 |. 8B15 F8284500
0041471D |. 52
[4528F8] = 0
0041471E |. B9 08294500
00414723 |. E8 3817FFFF
nfo.00405E60
00414728 |. 50
00414729 |. E8 3262FFFF
0041472E |. 83C4 08
00414731 |. 8BC8
00414733 |. E8 2817FFFF
fo.00405E60
00414738 |. 50
00414739 |. E8 2262FFFF
0041473E |. 83C4 08
00414741 |. 8D85 14F7FFFF
00414747 |. 50
00414748 |. B9 08294500
0041474D |. E8 0E1DFFFF
fo.00406460
00414752 |. 8985 ACEAFFFF
00414758 |. 8B8D ACEAFFFF
0041475E |. 898D A8EAFFFF

CALL 0040F5C0

; \SystemIn

MOV ECX,DWORD PTR SS:[EBP-125C]


CALL 0040F7C0

; [SystemIn

MOV BYTE PTR SS:[EBP-4],14


PUSH 0
PUSH 1
LEA ECX,[EBP-8A0]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

MOV DWORD PTR SS:[EBP-4],-1


PUSH 0
PUSH 1
LEA ECX,[EBP-884]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

PUSH OFFSET 00448777

; /Arg1 = S

LEA ECX,[EBP-8D0]
CALL 0040EBF0

; |
; \SystemIn

MOV DWORD PTR SS:[EBP-4],16


LEA EDX,[EBP-8D0]
PUSH EDX
MOV ECX,OFFSET 0045290C
CALL 00407120

; /Arg1
; |
; \SystemIn

MOV EAX,DWORD PTR DS:[4528FC]


ADD EAX,1
MOV DWORD PTR DS:[4528FC],EAX
PUSH OFFSET 00448774

; ASCII ".

MOV ECX,DWORD PTR DS:[4528FC]


PUSH ECX

; /Arg1 =>

PUSH OFFSET 004491D0


MOV EDX,DWORD PTR DS:[4528F8]
PUSH EDX

; |
; |
; |/Arg1 =>

MOV ECX,OFFSET 00452908


CALL 00405E60

; ||
; |\SystemI

PUSH EAX
CALL 0040A960
ADD ESP,8
MOV ECX,EAX
CALL 00405E60

;
;
;
;
;

PUSH EAX
CALL 0040A960
ADD ESP,8
LEA EAX,[EBP-8EC]
PUSH EAX
MOV ECX,OFFSET 00452908
CALL 00406460

; /Arg1
; |
; \SystemIn

MOV DWORD PTR SS:[EBP-1554],EAX


MOV ECX,DWORD PTR SS:[EBP-1554]
MOV DWORD PTR SS:[EBP-1558],ECX

|
|
|
|
\SystemIn

00414764 |.
00414768 |.
0041476F |.
00414776 |.
0041477A |.
0041477C |.
00414786 |.
00414788 |>
0041478B |.
0041478D |.
00414790 |.
00414793 |.
00414799 |>
0041479F |.
004147A2 |.
004147A8 |.
004147AD |.
004147AF |.
004147B5 |.
004147B8 |.
004147BD |.
004147C2 |.
004147C7 |.
004147C9 |.
004147CF |.
004147D2 |.
004147D4 |.
004147DA |.
004147DB |.
fo.0042D798
004147E0 |.
004147E3 |.
004147E9 |.
004147ED |.
004147EF |.
004147F9 |.
004147FB |>
004147FE |.
00414800 |.
00414803 |.
00414806 |.
0041480C |>
00414812 |.
00414815 |.
00414816 |.
0041481C |.
0041481D |.
00414823 |.
00414825 |.
00414827 |.
0041482A |.
00414830 |.
00414831 |.
00414834 |.
00414835 |.
0041483A |.
0041483D |.
00414843 |.
0041484A |.
0041484C |.

C645 FC 17
C685 57F7FFFF
C685 56F7FFFF
837D 08 00
75 0C
C785 88EDFFFF
EB 11
8B55 08
8B02
8B4D 08
0348 04
898D 88EDFFFF
8B95 88EDFFFF
8B42 10
8985 8CEDFFFF
B9 C0010000
F7D1
8B95 88EDFFFF
234A 10
B8 40000000
25 C0010000
25 FFFF0000
0BC8
8B95 88EDFFFF
894A 10
6A 06
8D85 0CF7FFFF
50
E8 B88F0100

MOV BYTE PTR SS:[EBP-4],17


MOV BYTE PTR SS:[EBP-8A9],20
MOV BYTE PTR SS:[EBP-8AA],2E
CMP DWORD PTR SS:[EBP+8],0
JNE SHORT 00414788
MOV DWORD PTR SS:[EBP-1278],0
JMP SHORT 00414799
MOV EDX,DWORD PTR SS:[EBP+8]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[EBP+8]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[EBP-1278],ECX
MOV EDX,DWORD PTR SS:[EBP-1278]
MOV EAX,DWORD PTR DS:[EDX+10]
MOV DWORD PTR SS:[EBP-1274],EAX
MOV ECX,1C0
NOT ECX
MOV EDX,DWORD PTR SS:[EBP-1278]
AND ECX,DWORD PTR DS:[EDX+10]
MOV EAX,40
AND EAX,000001C0
AND EAX,0000FFFF
OR ECX,EAX
MOV EDX,DWORD PTR SS:[EBP-1278]
MOV DWORD PTR DS:[EDX+10],ECX
PUSH 6
LEA EAX,[EBP-8F4]
PUSH EAX
CALL 0042D798

83C4 08
8985 84EDFFFF
837D 08 00
75 0C
C785 A4EAFFFF
EB 11
8B4D 08
8B11
8B45 08
0342 04
8985 A4EAFFFF
8B8D 84EDFFFF
8B51 04
52
8B85 A4EAFFFF
50
8B8D 84EDFFFF
8B11
FFD2
83C4 08
8B85 A8EAFFFF
50
8B4D 08
51
E8 2666FFFF
83C4 08
8985 78EDFFFF
83BD 78EDFFFF
75 0C
C785 7CEDFFFF

ADD ESP,8
MOV DWORD PTR SS:[EBP-127C],EAX
CMP DWORD PTR SS:[EBP+8],0
JNE SHORT 004147FB
MOV DWORD PTR SS:[EBP-155C],0
JMP SHORT 0041480C
MOV ECX,DWORD PTR SS:[EBP+8]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[EBP+8]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[EBP-155C],EAX
MOV ECX,DWORD PTR SS:[EBP-127C]
MOV EDX,DWORD PTR DS:[ECX+4]
PUSH EDX
MOV EAX,DWORD PTR SS:[EBP-155C]
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP-127C]
MOV EDX,DWORD PTR DS:[ECX]
CALL EDX
ADD ESP,8
MOV EAX,DWORD PTR SS:[EBP-1558]
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP+8]
PUSH ECX
CALL 0040AE60
ADD ESP,8
MOV DWORD PTR SS:[EBP-1288],EAX
CMP DWORD PTR SS:[EBP-1288],0
JNE SHORT 00414858
MOV DWORD PTR SS:[EBP-1284],0

;
;
;
;

/Arg2 = 6
|
|Arg1
\SystemIn

00414856 |.
00414858 |>
0041485E |.
00414860 |.
00414866 |.
00414869 |.
0041486F |>
00414875 |.
00414878 |.
0041487E |.
00414883 |.
00414885 |.
0041488B |.
0041488E |.
00414893 |.
00414898 |.
0041489D |.
0041489F |.
004148A5 |.
004148A8 |.
3
004148AA |.
004148B0 |.
004148B1 |.
fo.0042D798
004148B6 |.
004148B9 |.
004148BF |.
004148C6 |.
004148C8 |.
004148D2 |.
004148D4 |>
004148DA |.
004148DC |.
004148E2 |.
004148E5 |.
004148EB |>
004148F1 |.
004148F4 |.
004148F5 |.
004148FB |.
004148FC |.
00414902 |.
00414904 |.
00414906 |.
00414909 |.
0041490F |.
00414915 |.
0041491B |.
0041491D |.
00414923 |.
00414926 |.
0041492C |.
00414932 |.
00414935 |.
0041493B |.
00414941 |.
00414947 |.
0041494A |.
00414951 |.

EB 17
8B95 78EDFFFF
8B02
8B8D 78EDFFFF
0348 04
898D 7CEDFFFF
8B95 7CEDFFFF
8B42 10
8985 80EDFFFF
B9 C0010000
F7D1
8B95 7CEDFFFF
234A 10
B8 80000000
25 C0010000
25 FFFF0000
0BC8
8B95 7CEDFFFF
894A 10
6A 23

JMP SHORT 0041486F


MOV EDX,DWORD PTR SS:[EBP-1288]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[EBP-1288]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[EBP-1284],ECX
MOV EDX,DWORD PTR SS:[EBP-1284]
MOV EAX,DWORD PTR DS:[EDX+10]
MOV DWORD PTR SS:[EBP-1280],EAX
MOV ECX,1C0
NOT ECX
MOV EDX,DWORD PTR SS:[EBP-1284]
AND ECX,DWORD PTR DS:[EDX+10]
MOV EAX,80
AND EAX,000001C0
AND EAX,0000FFFF
OR ECX,EAX
MOV EDX,DWORD PTR SS:[EBP-1284]
MOV DWORD PTR DS:[EDX+10],ECX
PUSH 23

8D85 4CF7FFFF LEA EAX,[EBP-8B4]


50
PUSH EAX
E8 E28E0100 CALL 0042D798
83C4 08
8985 74EDFFFF
83BD 78EDFFFF
75 0C
C785 A0EAFFFF
EB 17
8B8D 78EDFFFF
8B11
8B85 78EDFFFF
0342 04
8985 A0EAFFFF
8B8D 74EDFFFF
8B51 04
52
8B85 A0EAFFFF
50
8B8D 74EDFFFF
8B11
FFD2
83C4 08
8A85 56F7FFFF
8885 6BEDFFFF
8B8D 78EDFFFF
8B11
8B85 78EDFFFF
0342 04
8985 6CEDFFFF
8B8D 6CEDFFFF
8A51 30
8895 73EDFFFF
8B85 6CEDFFFF
8A8D 6BEDFFFF
8848 30
83BD 78EDFFFF
75 0C

ADD ESP,8
MOV DWORD PTR SS:[EBP-128C],EAX
CMP DWORD PTR SS:[EBP-1288],0
JNE SHORT 004148D4
MOV DWORD PTR SS:[EBP-1560],0
JMP SHORT 004148EB
MOV ECX,DWORD PTR SS:[EBP-1288]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[EBP-1288]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[EBP-1560],EAX
MOV ECX,DWORD PTR SS:[EBP-128C]
MOV EDX,DWORD PTR DS:[ECX+4]
PUSH EDX
MOV EAX,DWORD PTR SS:[EBP-1560]
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP-128C]
MOV EDX,DWORD PTR DS:[ECX]
CALL EDX
ADD ESP,8
MOV AL,BYTE PTR SS:[EBP-8AA]
MOV BYTE PTR SS:[EBP-1295],AL
MOV ECX,DWORD PTR SS:[EBP-1288]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[EBP-1288]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[EBP-1294],EAX
MOV ECX,DWORD PTR SS:[EBP-1294]
MOV DL,BYTE PTR DS:[ECX+30]
MOV BYTE PTR SS:[EBP-128D],DL
MOV EAX,DWORD PTR SS:[EBP-1294]
MOV CL,BYTE PTR SS:[EBP-1295]
MOV BYTE PTR DS:[EAX+30],CL
CMP DWORD PTR SS:[EBP-1288],0
JNE SHORT 0041495F

; /Arg2 = 2
; |
; |Arg1
; \SystemIn

00414953 |.
0041495D |.
0041495F |>
00414965 |.
00414967 |.
0041496D |.
00414970 |.
00414976 |>
0041497C |.
0041497F |.
00414985 |.
0041498A |.
0041498C |.
00414992 |.
00414995 |.
0041499A |.
0041499F |.
004149A4 |.
004149A6 |.
004149AC |.
004149AF |.
rrent User's
004149B4 |.
004149BA |.
004149BB |.
004149C0 |.
004149C3 |.
004149C9 |.
004149D0 |.
004149D2 |.
004149DC |.
004149DE |>
004149E4 |.
004149E6 |.
004149EC |.
004149EF |.
004149F5 |>
004149FB |.
004149FE |.
00414A04 |.
00414A09 |.
00414A0B |.
00414A11 |.
00414A14 |.
00414A19 |.
00414A1F |.
00414A25 |.
00414A27 |.
00414A2D |.
00414A30 |.
00414A36 |.
00414A3C |.
00414A42 |.
00414A44 |.
00414A4A |.
00414A4D |.
00414A53 |.
00414A59 |.
00414A5C |.
00414A62 |.

C785 60EDFFFF
EB 17
8B95 78EDFFFF
8B02
8B8D 78EDFFFF
0348 04
898D 60EDFFFF
8B95 60EDFFFF
8B42 10
8985 64EDFFFF
B9 C0010000
F7D1
8B95 60EDFFFF
234A 10
B8 40000000
25 C0010000
25 FFFF0000
0BC8
8B95 60EDFFFF
894A 10
68 E08E4400
Language"
8B85 78EDFFFF
50
E8 A05FFFFF
83C4 08
8985 54EDFFFF
83BD 54EDFFFF
75 0C
C785 58EDFFFF
EB 17
8B8D 54EDFFFF
8B11
8B85 54EDFFFF
0342 04
8985 58EDFFFF
8B8D 58EDFFFF
8B51 10
8995 5CEDFFFF
B8 C0010000
F7D0
8B8D 58EDFFFF
2341 10
BA 80000000
81E2 C0010000
81E2 FFFF0000
0BC2
8B8D 58EDFFFF
8941 10
8A95 57F7FFFF
8895 4BEDFFFF
8B85 54EDFFFF
8B08
8B95 54EDFFFF
0351 04
8995 4CEDFFFF
8B85 4CEDFFFF
8A48 30
888D 53EDFFFF
8B95 4CEDFFFF

MOV DWORD PTR SS:[EBP-12A0],0


JMP SHORT 00414976
MOV EDX,DWORD PTR SS:[EBP-1288]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[EBP-1288]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[EBP-12A0],ECX
MOV EDX,DWORD PTR SS:[EBP-12A0]
MOV EAX,DWORD PTR DS:[EDX+10]
MOV DWORD PTR SS:[EBP-129C],EAX
MOV ECX,1C0
NOT ECX
MOV EDX,DWORD PTR SS:[EBP-12A0]
AND ECX,DWORD PTR DS:[EDX+10]
MOV EAX,40
AND EAX,000001C0
AND EAX,0000FFFF
OR ECX,EAX
MOV EDX,DWORD PTR SS:[EBP-12A0]
MOV DWORD PTR DS:[EDX+10],ECX
PUSH OFFSET 00448EE0
MOV EAX,DWORD PTR SS:[EBP-1288]
PUSH EAX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[EBP-12AC],EAX
CMP DWORD PTR SS:[EBP-12AC],0
JNE SHORT 004149DE
MOV DWORD PTR SS:[EBP-12A8],0
JMP SHORT 004149F5
MOV ECX,DWORD PTR SS:[EBP-12AC]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[EBP-12AC]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[EBP-12A8],EAX
MOV ECX,DWORD PTR SS:[EBP-12A8]
MOV EDX,DWORD PTR DS:[ECX+10]
MOV DWORD PTR SS:[EBP-12A4],EDX
MOV EAX,1C0
NOT EAX
MOV ECX,DWORD PTR SS:[EBP-12A8]
AND EAX,DWORD PTR DS:[ECX+10]
MOV EDX,80
AND EDX,000001C0
AND EDX,0000FFFF
OR EAX,EDX
MOV ECX,DWORD PTR SS:[EBP-12A8]
MOV DWORD PTR DS:[ECX+10],EAX
MOV DL,BYTE PTR SS:[EBP-8A9]
MOV BYTE PTR SS:[EBP-12B5],DL
MOV EAX,DWORD PTR SS:[EBP-12AC]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[EBP-12AC]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[EBP-12B4],EDX
MOV EAX,DWORD PTR SS:[EBP-12B4]
MOV CL,BYTE PTR DS:[EAX+30]
MOV BYTE PTR SS:[EBP-12AD],CL
MOV EDX,DWORD PTR SS:[EBP-12B4]

; ASCII "Cu

00414A68 |. 8A85 4BEDFFFF


00414A6E |. 8842 30
00414A71 |. 8B8D 58FFFFFF
00414A77 |. 51
00414A78 |. 8B95 54EDFFFF
00414A7E |. 52
00414A7F |. E8 DC5EFFFF
00414A84 |. 83C4 08
00414A87 |. 8985 44EDFFFF
00414A8D |. 6A 0A
A
00414A8F |. 8B8D 44EDFFFF
00414A95 |. E8 26ABFFFF
fo.0040F5C0
00414A9A |. 8B8D 44EDFFFF
00414AA0 |. E8 1BADFFFF
fo.0040F7C0
00414AA5 |. C645 FC 16
00414AA9 |. 6A 00
00414AAB |. 6A 01
00414AAD |. 8D8D 14F7FFFF
00414AB3 |. E8 A8B0FFFF
fo.0040FB60
00414AB8 |. C745 FC FFFFF
00414ABF |. 6A 00
00414AC1 |. 6A 01
00414AC3 |. 8D8D 30F7FFFF
00414AC9 |. E8 92B0FFFF
fo.0040FB60
00414ACE |. 68 77874400
ystemInfo.448777
00414AD3 |. 8D8D E4F6FFFF
00414AD9 |. E8 12A1FFFF
fo.0040EBF0
00414ADE |. C745 FC 18000
00414AE5 |. 8D85 E4F6FFFF
00414AEB |. 50
00414AEC |. B9 0C294500
00414AF1 |. E8 2A26FFFF
fo.00407120
00414AF6 |. 8B0D FC284500
00414AFC |. 83C1 01
00414AFF |. 890D FC284500
00414B05 |. 68 74874400
"
00414B0A |. 8B15 FC284500
00414B10 |. 52
[4528FC] = 0
00414B11 |. 68 D0914400
00414B16 |. A1 F8284500
00414B1B |. 50
[4528F8] = 0
00414B1C |. B9 08294500
00414B21 |. E8 3A13FFFF
nfo.00405E60
00414B26 |. 50
00414B27 |. E8 345EFFFF
00414B2C |. 83C4 08
00414B2F |. 8BC8
00414B31 |. E8 2A13FFFF

MOV AL,BYTE PTR SS:[EBP-12B5]


MOV BYTE PTR DS:[EDX+30],AL
MOV ECX,DWORD PTR SS:[EBP-0A8]
PUSH ECX
MOV EDX,DWORD PTR SS:[EBP-12AC]
PUSH EDX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[EBP-12BC],EAX
PUSH 0A

; /Arg1 = 0

MOV ECX,DWORD PTR SS:[EBP-12BC]


CALL 0040F5C0

; |
; \SystemIn

MOV ECX,DWORD PTR SS:[EBP-12BC]


CALL 0040F7C0

; [SystemIn

MOV BYTE PTR SS:[EBP-4],16


PUSH 0
PUSH 1
LEA ECX,[EBP-8EC]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

MOV DWORD PTR SS:[EBP-4],-1


PUSH 0
PUSH 1
LEA ECX,[EBP-8D0]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

PUSH OFFSET 00448777

; /Arg1 = S

LEA ECX,[EBP-91C]
CALL 0040EBF0

; |
; \SystemIn

MOV DWORD PTR SS:[EBP-4],18


LEA EAX,[EBP-91C]
PUSH EAX
MOV ECX,OFFSET 0045290C
CALL 00407120

; /Arg1
; |
; \SystemIn

MOV ECX,DWORD PTR DS:[4528FC]


ADD ECX,1
MOV DWORD PTR DS:[4528FC],ECX
PUSH OFFSET 00448774

; ASCII ".

MOV EDX,DWORD PTR DS:[4528FC]


PUSH EDX

; /Arg1 =>

PUSH OFFSET 004491D0


MOV EAX,DWORD PTR DS:[4528F8]
PUSH EAX

; |
; |
; |/Arg1 =>

MOV ECX,OFFSET 00452908


CALL 00405E60

; ||
; |\SystemI

PUSH EAX
CALL 0040A960
ADD ESP,8
MOV ECX,EAX
CALL 00405E60

;
;
;
;
;

|
|
|
|
\SystemIn

fo.00405E60
00414B36 |.
00414B37 |.
00414B3C |.
00414B3F |.
00414B45 |.
00414B46 |.
00414B4B |.
fo.00406460
00414B50 |.
00414B56 |.
00414B5C |.
00414B62 |.
00414B66 |.
00414B6D |.
00414B74 |.
00414B78 |.
00414B7A |.
00414B84 |.
00414B86 |>
00414B89 |.
00414B8B |.
00414B8E |.
00414B91 |.
00414B97 |>
00414B9D |.
00414BA0 |.
00414BA6 |.
00414BAB |.
00414BAD |.
00414BB3 |.
00414BB6 |.
00414BBB |.
00414BC1 |.
00414BC7 |.
00414BC9 |.
00414BCF |.
00414BD2 |.
00414BD4 |.
00414BDA |.
00414BDB |.
fo.0042D798
00414BE0 |.
00414BE3 |.
00414BE9 |.
00414BED |.
00414BEF |.
00414BF9 |.
00414BFB |>
00414BFE |.
00414C00 |.
00414C03 |.
00414C06 |.
00414C0C |>
00414C12 |.
00414C15 |.
00414C16 |.
00414C1C |.
00414C1D |.
00414C23 |.

50
E8 245EFFFF
83C4 08
8D8D C8F6FFFF
51
B9 08294500
E8 1019FFFF

PUSH EAX
CALL 0040A960
ADD ESP,8
LEA ECX,[EBP-938]
PUSH ECX
MOV ECX,OFFSET 00452908
CALL 00406460

; /Arg1
; |
; \SystemIn

8985 9CEAFFFF
8B95 9CEAFFFF
8995 98EAFFFF
C645 FC 19
C685 0BF7FFFF
C685 0AF7FFFF
837D 08 00
75 0C
C785 28EDFFFF
EB 11
8B45 08
8B08
8B55 08
0351 04
8995 28EDFFFF
8B85 28EDFFFF
8B48 10
898D 2CEDFFFF
BA C0010000
F7D2
8B85 28EDFFFF
2350 10
B9 40000000
81E1 C0010000
81E1 FFFF0000
0BD1
8B85 28EDFFFF
8950 10
6A 06
8D8D C0F6FFFF
51
E8 B88B0100

MOV DWORD PTR SS:[EBP-1564],EAX


MOV EDX,DWORD PTR SS:[EBP-1564]
MOV DWORD PTR SS:[EBP-1568],EDX
MOV BYTE PTR SS:[EBP-4],19
MOV BYTE PTR SS:[EBP-8F5],20
MOV BYTE PTR SS:[EBP-8F6],2E
CMP DWORD PTR SS:[EBP+8],0
JNE SHORT 00414B86
MOV DWORD PTR SS:[EBP-12D8],0
JMP SHORT 00414B97
MOV EAX,DWORD PTR SS:[EBP+8]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[EBP+8]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[EBP-12D8],EDX
MOV EAX,DWORD PTR SS:[EBP-12D8]
MOV ECX,DWORD PTR DS:[EAX+10]
MOV DWORD PTR SS:[EBP-12D4],ECX
MOV EDX,1C0
NOT EDX
MOV EAX,DWORD PTR SS:[EBP-12D8]
AND EDX,DWORD PTR DS:[EAX+10]
MOV ECX,40
AND ECX,000001C0
AND ECX,0000FFFF
OR EDX,ECX
MOV EAX,DWORD PTR SS:[EBP-12D8]
MOV DWORD PTR DS:[EAX+10],EDX
PUSH 6
LEA ECX,[EBP-940]
PUSH ECX
CALL 0042D798

;
;
;
;

83C4 08
8985 24EDFFFF
837D 08 00
75 0C
C785 94EAFFFF
EB 11
8B55 08
8B02
8B4D 08
0348 04
898D 94EAFFFF
8B95 24EDFFFF
8B42 04
50
8B8D 94EAFFFF
51
8B95 24EDFFFF
8B02

ADD ESP,8
MOV DWORD PTR SS:[EBP-12DC],EAX
CMP DWORD PTR SS:[EBP+8],0
JNE SHORT 00414BFB
MOV DWORD PTR SS:[EBP-156C],0
JMP SHORT 00414C0C
MOV EDX,DWORD PTR SS:[EBP+8]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[EBP+8]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[EBP-156C],ECX
MOV EDX,DWORD PTR SS:[EBP-12DC]
MOV EAX,DWORD PTR DS:[EDX+4]
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP-156C]
PUSH ECX
MOV EDX,DWORD PTR SS:[EBP-12DC]
MOV EAX,DWORD PTR DS:[EDX]

/Arg2 = 6
|
|Arg1
\SystemIn

00414C25 |.
00414C27 |.
00414C2A |.
00414C30 |.
00414C31 |.
00414C34 |.
00414C35 |.
00414C3A |.
00414C3D |.
00414C43 |.
00414C4A |.
00414C4C |.
00414C56 |.
00414C58 |>
00414C5E |.
00414C60 |.
00414C66 |.
00414C69 |.
00414C6F |>
00414C75 |.
00414C78 |.
00414C7E |.
00414C83 |.
00414C85 |.
00414C8B |.
00414C8E |.
00414C93 |.
00414C99 |.
00414C9F |.
00414CA1 |.
00414CA7 |.
00414CAA |.
3
00414CAC |.
00414CB2 |.
00414CB3 |.
fo.0042D798
00414CB8 |.
00414CBB |.
00414CC1 |.
00414CC8 |.
00414CCA |.
00414CD4 |.
00414CD6 |>
00414CDC |.
00414CDE |.
00414CE4 |.
00414CE7 |.
00414CED |>
00414CF3 |.
00414CF6 |.
00414CF7 |.
00414CFD |.
00414CFE |.
00414D04 |.
00414D06 |.
00414D08 |.
00414D0B |.
00414D11 |.
00414D17 |.

FFD0
83C4 08
8B8D 98EAFFFF
51
8B55 08
52
E8 2662FFFF
83C4 08
8985 18EDFFFF
83BD 18EDFFFF
75 0C
C785 1CEDFFFF
EB 17
8B85 18EDFFFF
8B08
8B95 18EDFFFF
0351 04
8995 1CEDFFFF
8B85 1CEDFFFF
8B48 10
898D 20EDFFFF
BA C0010000
F7D2
8B85 1CEDFFFF
2350 10
B9 80000000
81E1 C0010000
81E1 FFFF0000
0BD1
8B85 1CEDFFFF
8950 10
6A 23

CALL EAX
ADD ESP,8
MOV ECX,DWORD PTR SS:[EBP-1568]
PUSH ECX
MOV EDX,DWORD PTR SS:[EBP+8]
PUSH EDX
CALL 0040AE60
ADD ESP,8
MOV DWORD PTR SS:[EBP-12E8],EAX
CMP DWORD PTR SS:[EBP-12E8],0
JNE SHORT 00414C58
MOV DWORD PTR SS:[EBP-12E4],0
JMP SHORT 00414C6F
MOV EAX,DWORD PTR SS:[EBP-12E8]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[EBP-12E8]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[EBP-12E4],EDX
MOV EAX,DWORD PTR SS:[EBP-12E4]
MOV ECX,DWORD PTR DS:[EAX+10]
MOV DWORD PTR SS:[EBP-12E0],ECX
MOV EDX,1C0
NOT EDX
MOV EAX,DWORD PTR SS:[EBP-12E4]
AND EDX,DWORD PTR DS:[EAX+10]
MOV ECX,80
AND ECX,000001C0
AND ECX,0000FFFF
OR EDX,ECX
MOV EAX,DWORD PTR SS:[EBP-12E4]
MOV DWORD PTR DS:[EAX+10],EDX
PUSH 23

8D8D 00F7FFFF LEA ECX,[EBP-900]


51
PUSH ECX
E8 E08A0100 CALL 0042D798
83C4 08
8985 14EDFFFF
83BD 18EDFFFF
75 0C
C785 90EAFFFF
EB 17
8B95 18EDFFFF
8B02
8B8D 18EDFFFF
0348 04
898D 90EAFFFF
8B95 14EDFFFF
8B42 04
50
8B8D 90EAFFFF
51
8B95 14EDFFFF
8B02
FFD0
83C4 08
8A8D 0AF7FFFF
888D 0BEDFFFF
8B95 18EDFFFF

ADD ESP,8
MOV DWORD PTR SS:[EBP-12EC],EAX
CMP DWORD PTR SS:[EBP-12E8],0
JNE SHORT 00414CD6
MOV DWORD PTR SS:[EBP-1570],0
JMP SHORT 00414CED
MOV EDX,DWORD PTR SS:[EBP-12E8]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[EBP-12E8]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[EBP-1570],ECX
MOV EDX,DWORD PTR SS:[EBP-12EC]
MOV EAX,DWORD PTR DS:[EDX+4]
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP-1570]
PUSH ECX
MOV EDX,DWORD PTR SS:[EBP-12EC]
MOV EAX,DWORD PTR DS:[EDX]
CALL EAX
ADD ESP,8
MOV CL,BYTE PTR SS:[EBP-8F6]
MOV BYTE PTR SS:[EBP-12F5],CL
MOV EDX,DWORD PTR SS:[EBP-12E8]

; /Arg2 = 2
; |
; |Arg1
; \SystemIn

00414D1D |. 8B02
MOV EAX,DWORD PTR DS:[EDX]
00414D1F |. 8B8D 18EDFFFF MOV ECX,DWORD PTR SS:[EBP-12E8]
00414D25 |. 0348 04
ADD ECX,DWORD PTR DS:[EAX+4]
00414D28 |. 898D 0CEDFFFF MOV DWORD PTR SS:[EBP-12F4],ECX
00414D2E |. 8B95 0CEDFFFF MOV EDX,DWORD PTR SS:[EBP-12F4]
00414D34 |. 8A42 30
MOV AL,BYTE PTR DS:[EDX+30]
00414D37 |. 8885 13EDFFFF MOV BYTE PTR SS:[EBP-12ED],AL
00414D3D |. 8B8D 0CEDFFFF MOV ECX,DWORD PTR SS:[EBP-12F4]
00414D43 |. 8A95 0BEDFFFF MOV DL,BYTE PTR SS:[EBP-12F5]
00414D49 |. 8851 30
MOV BYTE PTR DS:[ECX+30],DL
00414D4C |. 83BD 18EDFFFF CMP DWORD PTR SS:[EBP-12E8],0
00414D53 |. 75 0C
JNE SHORT 00414D61
00414D55 |. C785 00EDFFFF MOV DWORD PTR SS:[EBP-1300],0
00414D5F |. EB 17
JMP SHORT 00414D78
00414D61 |> 8B85 18EDFFFF MOV EAX,DWORD PTR SS:[EBP-12E8]
00414D67 |. 8B08
MOV ECX,DWORD PTR DS:[EAX]
00414D69 |. 8B95 18EDFFFF MOV EDX,DWORD PTR SS:[EBP-12E8]
00414D6F |. 0351 04
ADD EDX,DWORD PTR DS:[ECX+4]
00414D72 |. 8995 00EDFFFF MOV DWORD PTR SS:[EBP-1300],EDX
00414D78 |> 8B85 00EDFFFF MOV EAX,DWORD PTR SS:[EBP-1300]
00414D7E |. 8B48 10
MOV ECX,DWORD PTR DS:[EAX+10]
00414D81 |. 898D 04EDFFFF MOV DWORD PTR SS:[EBP-12FC],ECX
00414D87 |. BA C0010000 MOV EDX,1C0
00414D8C |. F7D2
NOT EDX
00414D8E |. 8B85 00EDFFFF MOV EAX,DWORD PTR SS:[EBP-1300]
00414D94 |. 2350 10
AND EDX,DWORD PTR DS:[EAX+10]
00414D97 |. B9 40000000 MOV ECX,40
00414D9C |. 81E1 C0010000 AND ECX,000001C0
00414DA2 |. 81E1 FFFF0000 AND ECX,0000FFFF
00414DA8 |. 0BD1
OR EDX,ECX
00414DAA |. 8B85 00EDFFFF MOV EAX,DWORD PTR SS:[EBP-1300]
00414DB0 |. 8950 10
MOV DWORD PTR DS:[EAX+10],EDX
00414DB3 |. 68 C08E4400 PUSH OFFSET 00448EC0
tive Input Locale (Keyboard)"
00414DB8 |. 8B8D 18EDFFFF MOV ECX,DWORD PTR SS:[EBP-12E8]
00414DBE |. 51
PUSH ECX
00414DBF |. E8 9C5BFFFF CALL 0040A960
00414DC4 |. 83C4 08
ADD ESP,8
00414DC7 |. 8985 F4ECFFFF MOV DWORD PTR SS:[EBP-130C],EAX
00414DCD |. 83BD F4ECFFFF CMP DWORD PTR SS:[EBP-130C],0
00414DD4 |. 75 0C
JNE SHORT 00414DE2
00414DD6 |. C785 F8ECFFFF MOV DWORD PTR SS:[EBP-1308],0
00414DE0 |. EB 17
JMP SHORT 00414DF9
00414DE2 |> 8B95 F4ECFFFF MOV EDX,DWORD PTR SS:[EBP-130C]
00414DE8 |. 8B02
MOV EAX,DWORD PTR DS:[EDX]
00414DEA |. 8B8D F4ECFFFF MOV ECX,DWORD PTR SS:[EBP-130C]
00414DF0 |. 0348 04
ADD ECX,DWORD PTR DS:[EAX+4]
00414DF3 |. 898D F8ECFFFF MOV DWORD PTR SS:[EBP-1308],ECX
00414DF9 |> 8B95 F8ECFFFF MOV EDX,DWORD PTR SS:[EBP-1308]
00414DFF |. 8B42 10
MOV EAX,DWORD PTR DS:[EDX+10]
00414E02 |. 8985 FCECFFFF MOV DWORD PTR SS:[EBP-1304],EAX
00414E08 |. B9 C0010000 MOV ECX,1C0
00414E0D |. F7D1
NOT ECX
00414E0F |. 8B95 F8ECFFFF MOV EDX,DWORD PTR SS:[EBP-1308]
00414E15 |. 234A 10
AND ECX,DWORD PTR DS:[EDX+10]
00414E18 |. B8 80000000 MOV EAX,80
00414E1D |. 25 C0010000 AND EAX,000001C0
00414E22 |. 25 FFFF0000 AND EAX,0000FFFF
00414E27 |. 0BC8
OR ECX,EAX
00414E29 |. 8B95 F8ECFFFF MOV EDX,DWORD PTR SS:[EBP-1308]

; ASCII "Ac

00414E2F |.
00414E32 |.
00414E38 |.
00414E3E |.
00414E44 |.
00414E46 |.
00414E4C |.
00414E4F |.
00414E55 |.
00414E5B |.
00414E5E |.
00414E64 |.
00414E6A |.
00414E70 |.
00414E73 |.
device "
00414E78 |.
00414E7E |.
00414E7F |.
00414E85 |.
00414E86 |.
00414E8B |.
00414E8E |.
00414E8F |.
00414E94 |.
00414E97 |.
00414E9D |.
00414EA4 |.
00414EA6 |.
00414EB0 |.
00414EB2 |>
00414EB8 |.
00414EBA |.
00414EC0 |.
00414EC3 |.
00414EC9 |>
00414ECF |.
00414ED2 |.
00414ED8 |.
00414EDD |.
00414EDF |.
00414EE5 |.
00414EE8 |.
00414EED |.
00414EF3 |.
00414EF9 |.
00414EFB |.
00414F01 |.
00414F04 |.
00414F07 |.
00414F0A |.
00414F10 |.
00414F11 |.
00414F17 |.
fo.00405B90
00414F1C |.
00414F22 |.
00414F29 |.
00414F2B |.
00414F35 |.

894A 10
8A85 0BF7FFFF
8885 EBECFFFF
8B8D F4ECFFFF
8B11
8B85 F4ECFFFF
0342 04
8985 ECECFFFF
8B8D ECECFFFF
8A51 30
8895 F3ECFFFF
8B85 ECECFFFF
8A8D EBECFFFF
8848 30
68 B48E4400

MOV DWORD PTR DS:[EDX+10],ECX


MOV AL,BYTE PTR SS:[EBP-8F5]
MOV BYTE PTR SS:[EBP-1315],AL
MOV ECX,DWORD PTR SS:[EBP-130C]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[EBP-130C]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[EBP-1314],EAX
MOV ECX,DWORD PTR SS:[EBP-1314]
MOV DL,BYTE PTR DS:[ECX+30]
MOV BYTE PTR SS:[EBP-130D],DL
MOV EAX,DWORD PTR SS:[EBP-1314]
MOV CL,BYTE PTR SS:[EBP-1315]
MOV BYTE PTR DS:[EAX+30],CL
PUSH OFFSET 00448EB4

; ASCII ",

8B95 24FFFFFF
52
8B85 F4ECFFFF
50
E8 D55AFFFF
83C4 08
50
E8 CC5AFFFF
83C4 08
8985 DCECFFFF
83BD DCECFFFF
75 0C
C785 E0ECFFFF
EB 17
8B8D DCECFFFF
8B11
8B85 DCECFFFF
0342 04
8985 E0ECFFFF
8B8D E0ECFFFF
8B51 10
8995 E4ECFFFF
B8 000E0000
F7D0
8B8D E0ECFFFF
2341 10
BA 00080000
81E2 000E0000
81E2 FFFF0000
0BC2
8B8D E0ECFFFF
8941 10
8B55 D4
C1EA 10
81E2 FFFF0000
52
8B8D DCECFFFF
E8 740CFFFF

MOV EDX,DWORD PTR SS:[EBP-0DC]


PUSH EDX
MOV EAX,DWORD PTR SS:[EBP-130C]
PUSH EAX
CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[EBP-1324],EAX
CMP DWORD PTR SS:[EBP-1324],0
JNE SHORT 00414EB2
MOV DWORD PTR SS:[EBP-1320],0
JMP SHORT 00414EC9
MOV ECX,DWORD PTR SS:[EBP-1324]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[EBP-1324]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[EBP-1320],EAX
MOV ECX,DWORD PTR SS:[EBP-1320]
MOV EDX,DWORD PTR DS:[ECX+10]
MOV DWORD PTR SS:[EBP-131C],EDX
MOV EAX,0E00
NOT EAX
MOV ECX,DWORD PTR SS:[EBP-1320]
AND EAX,DWORD PTR DS:[ECX+10]
MOV EDX,800
AND EDX,00000E00
AND EDX,0000FFFF
OR EAX,EDX
MOV ECX,DWORD PTR SS:[EBP-1320]
MOV DWORD PTR DS:[ECX+10],EAX
MOV EDX,DWORD PTR SS:[EBP-2C]
SHR EDX,10
AND EDX,0000FFFF
PUSH EDX
MOV ECX,DWORD PTR SS:[EBP-1324]
CALL 00405B90

; /Arg1
; |
; \SystemIn

8985 D0ECFFFF
83BD D0ECFFFF
75 0C
C785 D4ECFFFF
EB 17

MOV
CMP
JNE
MOV
JMP

DWORD
DWORD
SHORT
DWORD
SHORT

PTR SS:[EBP-1330],EAX
PTR SS:[EBP-1330],0
00414F37
PTR SS:[EBP-132C],0
00414F4E

00414F37 |> 8B85 D0ECFFFF


00414F3D |. 8B08
00414F3F |. 8B95 D0ECFFFF
00414F45 |. 0351 04
00414F48 |. 8995 D4ECFFFF
00414F4E |> 8B85 D4ECFFFF
00414F54 |. 8B48 10
00414F57 |. 898D D8ECFFFF
00414F5D |. BA 000E0000
00414F62 |. F7D2
00414F64 |. 8B85 D4ECFFFF
00414F6A |. 2350 10
00414F6D |. B9 00020000
00414F72 |. 81E1 000E0000
00414F78 |. 81E1 FFFF0000
00414F7E |. 0BD1
00414F80 |. 8B85 D4ECFFFF
00414F86 |. 8950 10
00414F89 |. 6A 0A
A
00414F8B |. 8B8D D0ECFFFF
00414F91 |. E8 2AA6FFFF
fo.0040F5C0
00414F96 |. 8B8D D0ECFFFF
00414F9C |. E8 1FA8FFFF
fo.0040F7C0
00414FA1 |. C645 FC 18
00414FA5 |. 6A 00
00414FA7 |. 6A 01
00414FA9 |. 8D8D C8F6FFFF
00414FAF |. E8 ACABFFFF
fo.0040FB60
00414FB4 |. C745 FC FFFFF
00414FBB |. 6A 00
00414FBD |. 6A 01
00414FBF |. 8D8D E4F6FFFF
00414FC5 |. E8 96ABFFFF
fo.0040FB60
00414FCA |. 68 77874400
ystemInfo.448777
00414FCF |. 8D8D A4F6FFFF
00414FD5 |. E8 169CFFFF
fo.0040EBF0
00414FDA |. C745 FC 1A000
00414FE1 |. 8D8D A4F6FFFF
00414FE7 |. 51
00414FE8 |. B9 0C294500
00414FED |. E8 2E21FFFF
fo.00407120
00414FF2 |. 8B15 FC284500
00414FF8 |. 83C2 01
00414FFB |. 8915 FC284500
00415001 |. 68 74874400
"
00415006 |. A1 FC284500
0041500B |. 50
[4528FC] = 0
0041500C |. 68 D0914400
00415011 |. 8B0D F8284500
00415017 |. 51

MOV EAX,DWORD PTR SS:[EBP-1330]


MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[EBP-1330]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[EBP-132C],EDX
MOV EAX,DWORD PTR SS:[EBP-132C]
MOV ECX,DWORD PTR DS:[EAX+10]
MOV DWORD PTR SS:[EBP-1328],ECX
MOV EDX,0E00
NOT EDX
MOV EAX,DWORD PTR SS:[EBP-132C]
AND EDX,DWORD PTR DS:[EAX+10]
MOV ECX,200
AND ECX,00000E00
AND ECX,0000FFFF
OR EDX,ECX
MOV EAX,DWORD PTR SS:[EBP-132C]
MOV DWORD PTR DS:[EAX+10],EDX
PUSH 0A

; /Arg1 = 0

MOV ECX,DWORD PTR SS:[EBP-1330]


CALL 0040F5C0

; |
; \SystemIn

MOV ECX,DWORD PTR SS:[EBP-1330]


CALL 0040F7C0

; [SystemIn

MOV BYTE PTR SS:[EBP-4],18


PUSH 0
PUSH 1
LEA ECX,[EBP-938]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

MOV DWORD PTR SS:[EBP-4],-1


PUSH 0
PUSH 1
LEA ECX,[EBP-91C]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

PUSH OFFSET 00448777

; /Arg1 = S

LEA ECX,[EBP-95C]
CALL 0040EBF0

; |
; \SystemIn

MOV DWORD PTR SS:[EBP-4],1A


LEA ECX,[EBP-95C]
PUSH ECX
MOV ECX,OFFSET 0045290C
CALL 00407120

; /Arg1
; |
; \SystemIn

MOV EDX,DWORD PTR DS:[4528FC]


ADD EDX,1
MOV DWORD PTR DS:[4528FC],EDX
PUSH OFFSET 00448774

; ASCII ".

MOV EAX,DWORD PTR DS:[4528FC]


PUSH EAX

; /Arg1 =>

PUSH OFFSET 004491D0


MOV ECX,DWORD PTR DS:[4528F8]
PUSH ECX

; |
; |
; |/Arg1 =>

[4528F8] = 0
00415018 |.
0041501D |.
nfo.00405E60
00415022 |.
00415023 |.
00415028 |.
0041502B |.
0041502D |.
fo.00405E60
00415032 |.
00415033 |.
00415038 |.
0041503B |.
00415041 |.
00415042 |.
00415047 |.
fo.00406460
0041504C |.
00415052 |.
00415058 |.
0041505E |.
00415062 |.
00415066 |.
00415068 |.
00415072 |.
00415074 |>
00415077 |.
00415079 |.
0041507C |.
0041507F |.
00415085 |>
0041508B |.
0041508E |.
00415094 |.
00415099 |.
0041509B |.
004150A1 |.
004150A4 |.
004150A9 |.
004150AF |.
004150B5 |.
004150B7 |.
004150BD |.
004150C0 |.
004150C2 |.
004150C8 |.
004150C9 |.
fo.0042D798
004150CE |.
004150D1 |.
004150D7 |.
004150DB |.
004150DD |.
004150E7 |.
004150E9 |>
004150EC |.
004150EE |.
004150F1 |.
004150F4 |.

B9 08294500
E8 3E0EFFFF

MOV ECX,OFFSET 00452908


CALL 00405E60

; ||
; |\SystemI

50
E8 3859FFFF
83C4 08
8BC8
E8 2E0EFFFF

PUSH EAX
CALL 0040A960
ADD ESP,8
MOV ECX,EAX
CALL 00405E60

;
;
;
;
;

50
E8 2859FFFF
83C4 08
8D95 88F6FFFF
52
B9 08294500
E8 1414FFFF

PUSH EAX
CALL 0040A960
ADD ESP,8
LEA EDX,[EBP-978]
PUSH EDX
MOV ECX,OFFSET 00452908
CALL 00406460

; /Arg1
; |
; \SystemIn

8985 8CEAFFFF
8B85 8CEAFFFF
8985 88EAFFFF
C645 FC 1B
837D 08 00
75 0C
C785 B4ECFFFF
EB 11
8B4D 08
8B11
8B45 08
0342 04
8985 B4ECFFFF
8B8D B4ECFFFF
8B51 10
8995 B8ECFFFF
B8 C0010000
F7D0
8B8D B4ECFFFF
2341 10
BA 40000000
81E2 C0010000
81E2 FFFF0000
0BC2
8B8D B4ECFFFF
8941 10
6A 06
8D95 80F6FFFF
52
E8 CA860100

MOV DWORD PTR SS:[EBP-1574],EAX


MOV EAX,DWORD PTR SS:[EBP-1574]
MOV DWORD PTR SS:[EBP-1578],EAX
MOV BYTE PTR SS:[EBP-4],1B
CMP DWORD PTR SS:[EBP+8],0
JNE SHORT 00415074
MOV DWORD PTR SS:[EBP-134C],0
JMP SHORT 00415085
MOV ECX,DWORD PTR SS:[EBP+8]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[EBP+8]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[EBP-134C],EAX
MOV ECX,DWORD PTR SS:[EBP-134C]
MOV EDX,DWORD PTR DS:[ECX+10]
MOV DWORD PTR SS:[EBP-1348],EDX
MOV EAX,1C0
NOT EAX
MOV ECX,DWORD PTR SS:[EBP-134C]
AND EAX,DWORD PTR DS:[ECX+10]
MOV EDX,40
AND EDX,000001C0
AND EDX,0000FFFF
OR EAX,EDX
MOV ECX,DWORD PTR SS:[EBP-134C]
MOV DWORD PTR DS:[ECX+10],EAX
PUSH 6
LEA EDX,[EBP-980]
PUSH EDX
CALL 0042D798

;
;
;
;

83C4 08
8985 B0ECFFFF
837D 08 00
75 0C
C785 84EAFFFF
EB 11
8B45 08
8B08
8B55 08
0351 04
8995 84EAFFFF

ADD
MOV
CMP
JNE
MOV
JMP
MOV
MOV
MOV
ADD
MOV

ESP,8
DWORD PTR SS:[EBP-1350],EAX
DWORD PTR SS:[EBP+8],0
SHORT 004150E9
DWORD PTR SS:[EBP-157C],0
SHORT 004150FA
EAX,DWORD PTR SS:[EBP+8]
ECX,DWORD PTR DS:[EAX]
EDX,DWORD PTR SS:[EBP+8]
EDX,DWORD PTR DS:[ECX+4]
DWORD PTR SS:[EBP-157C],EDX

|
|
|
|
\SystemIn

/Arg2 = 6
|
|Arg1
\SystemIn

004150FA |>
00415100 |.
00415103 |.
00415104 |.
0041510A |.
0041510B |.
00415111 |.
00415113 |.
00415115 |.
00415118 |.
0041511E |.
0041511F |.
00415122 |.
00415123 |.
00415128 |.
0041512B |.
00415131 |.
00415138 |.
0041513A |.
00415144 |.
00415146 |>
0041514C |.
0041514E |.
00415154 |.
00415157 |.
0041515D |>
00415163 |.
00415166 |.
0041516C |.
00415171 |.
00415173 |.
00415179 |.
0041517C |.
00415181 |.
00415187 |.
0041518D |.
0041518F |.
00415195 |.
00415198 |.
English:"
0041519D |.
004151A3 |.
004151A4 |.
004151A9 |.
004151AC |.
004151B2 |.
A
004151B4 |.
004151BA |.
fo.0040F5C0
004151BF |.
004151C5 |.
fo.0040F7C0
004151CA |.
004151CE |.
004151D0 |.
004151D2 |.
004151D8 |.
fo.0040FB60
004151DD |.

8B85 B0ECFFFF
8B48 04
51
8B95 84EAFFFF
52
8B85 B0ECFFFF
8B08
FFD1
83C4 08
8B95 88EAFFFF
52
8B45 08
50
E8 385DFFFF
83C4 08
8985 A4ECFFFF
83BD A4ECFFFF
75 0C
C785 A8ECFFFF
EB 17
8B8D A4ECFFFF
8B11
8B85 A4ECFFFF
0342 04
8985 A8ECFFFF
8B8D A8ECFFFF
8B51 10
8995 ACECFFFF
B8 C0010000
F7D0
8B8D A8ECFFFF
2341 10
BA 80000000
81E2 C0010000
81E2 FFFF0000
0BC2
8B8D A8ECFFFF
8941 10
68 A88E4400

MOV EAX,DWORD PTR SS:[EBP-1350]


MOV ECX,DWORD PTR DS:[EAX+4]
PUSH ECX
MOV EDX,DWORD PTR SS:[EBP-157C]
PUSH EDX
MOV EAX,DWORD PTR SS:[EBP-1350]
MOV ECX,DWORD PTR DS:[EAX]
CALL ECX
ADD ESP,8
MOV EDX,DWORD PTR SS:[EBP-1578]
PUSH EDX
MOV EAX,DWORD PTR SS:[EBP+8]
PUSH EAX
CALL 0040AE60
ADD ESP,8
MOV DWORD PTR SS:[EBP-135C],EAX
CMP DWORD PTR SS:[EBP-135C],0
JNE SHORT 00415146
MOV DWORD PTR SS:[EBP-1358],0
JMP SHORT 0041515D
MOV ECX,DWORD PTR SS:[EBP-135C]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[EBP-135C]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[EBP-1358],EAX
MOV ECX,DWORD PTR SS:[EBP-1358]
MOV EDX,DWORD PTR DS:[ECX+10]
MOV DWORD PTR SS:[EBP-1354],EDX
MOV EAX,1C0
NOT EAX
MOV ECX,DWORD PTR SS:[EBP-1358]
AND EAX,DWORD PTR DS:[ECX+10]
MOV EDX,80
AND EDX,000001C0
AND EDX,0000FFFF
OR EAX,EDX
MOV ECX,DWORD PTR SS:[EBP-1358]
MOV DWORD PTR DS:[ECX+10],EAX
PUSH OFFSET 00448EA8

; ASCII "In

8B95 A4ECFFFF
52
E8 B757FFFF
83C4 08
8985 A0ECFFFF
6A 0A

MOV EDX,DWORD PTR SS:[EBP-135C]


PUSH EDX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[EBP-1360],EAX
PUSH 0A

; /Arg1 = 0

8B8D A0ECFFFF MOV ECX,DWORD PTR SS:[EBP-1360]


E8 01A4FFFF CALL 0040F5C0

; |
; \SystemIn

8B8D A0ECFFFF MOV ECX,DWORD PTR SS:[EBP-1360]


E8 F6A5FFFF CALL 0040F7C0

; [SystemIn

C645 FC 1A
6A 00
6A 01
8D8D 88F6FFFF
E8 83A9FFFF

;
;
;
;

MOV BYTE PTR SS:[EBP-4],1A


PUSH 0
PUSH 1
LEA ECX,[EBP-978]
CALL 0040FB60

C745 FC FFFFF MOV DWORD PTR SS:[EBP-4],-1

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

004151E4 |. 6A 00
004151E6 |. 6A 01
004151E8 |. 8D8D A4F6FFFF
004151EE |. E8 6DA9FFFF
fo.0040FB60
004151F3 |. 68 77874400
ystemInfo.448777
004151F8 |. 8D8D 58F6FFFF
004151FE |. E8 ED99FFFF
fo.0040EBF0
00415203 |. C745 FC 1C000
0041520A |. 8D85 58F6FFFF
00415210 |. 50
00415211 |. B9 0C294500
00415216 |. E8 051FFFFF
fo.00407120
0041521B |. 8B0D FC284500
00415221 |. 83C1 01
00415224 |. 890D FC284500
0041522A |. 68 74874400
"
0041522F |. 8B15 FC284500
00415235 |. 52
[4528FC] = 0
00415236 |. 68 D0914400
0041523B |. A1 F8284500
00415240 |. 50
[4528F8] = 0
00415241 |. B9 08294500
00415246 |. E8 150CFFFF
nfo.00405E60
0041524B |. 50
0041524C |. E8 0F57FFFF
00415251 |. 83C4 08
00415254 |. 8BC8
00415256 |. E8 050CFFFF
fo.00405E60
0041525B |. 50
0041525C |. E8 FF56FFFF
00415261 |. 83C4 08
00415264 |. 8D8D 3CF6FFFF
0041526A |. 51
0041526B |. B9 08294500
00415270 |. E8 EB11FFFF
fo.00406460
00415275 |. 8985 80EAFFFF
0041527B |. 8B95 80EAFFFF
00415281 |. 8995 7CEAFFFF
00415287 |. C645 FC 1D
0041528B |. C685 7FF6FFFF
00415292 |. C685 7EF6FFFF
00415299 |. 837D 08 00
0041529D |. 75 0C
0041529F |. C785 84ECFFFF
004152A9 |. EB 11
004152AB |> 8B45 08
004152AE |. 8B08
004152B0 |. 8B55 08
004152B3 |. 0351 04
004152B6 |. 8995 84ECFFFF

PUSH 0
PUSH 1
LEA ECX,[EBP-95C]
CALL 0040FB60

;
;
;
;

PUSH OFFSET 00448777

; /Arg1 = S

LEA ECX,[EBP-9A8]
CALL 0040EBF0

; |
; \SystemIn

MOV DWORD PTR SS:[EBP-4],1C


LEA EAX,[EBP-9A8]
PUSH EAX
MOV ECX,OFFSET 0045290C
CALL 00407120

; /Arg1
; |
; \SystemIn

MOV ECX,DWORD PTR DS:[4528FC]


ADD ECX,1
MOV DWORD PTR DS:[4528FC],ECX
PUSH OFFSET 00448774

; ASCII ".

MOV EDX,DWORD PTR DS:[4528FC]


PUSH EDX

; /Arg1 =>

PUSH OFFSET 004491D0


MOV EAX,DWORD PTR DS:[4528F8]
PUSH EAX

; |
; |
; |/Arg1 =>

MOV ECX,OFFSET 00452908


CALL 00405E60

; ||
; |\SystemI

PUSH EAX
CALL 0040A960
ADD ESP,8
MOV ECX,EAX
CALL 00405E60

;
;
;
;
;

PUSH EAX
CALL 0040A960
ADD ESP,8
LEA ECX,[EBP-9C4]
PUSH ECX
MOV ECX,OFFSET 00452908
CALL 00406460

; /Arg1
; |
; \SystemIn

MOV
MOV
MOV
MOV
MOV
MOV
CMP
JNE
MOV
JMP
MOV
MOV
MOV
ADD
MOV

DWORD PTR SS:[EBP-1580],EAX


EDX,DWORD PTR SS:[EBP-1580]
DWORD PTR SS:[EBP-1584],EDX
BYTE PTR SS:[EBP-4],1D
BYTE PTR SS:[EBP-981],20
BYTE PTR SS:[EBP-982],2E
DWORD PTR SS:[EBP+8],0
SHORT 004152AB
DWORD PTR SS:[EBP-137C],0
SHORT 004152BC
EAX,DWORD PTR SS:[EBP+8]
ECX,DWORD PTR DS:[EAX]
EDX,DWORD PTR SS:[EBP+8]
EDX,DWORD PTR DS:[ECX+4]
DWORD PTR SS:[EBP-137C],EDX

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

|
|
|
|
\SystemIn

004152BC |>
004152C2 |.
004152C5 |.
004152CB |.
004152D0 |.
004152D2 |.
004152D8 |.
004152DB |.
004152E0 |.
004152E6 |.
004152EC |.
004152EE |.
004152F4 |.
004152F7 |.
004152F9 |.
004152FF |.
00415300 |.
fo.0042D798
00415305 |.
00415308 |.
0041530E |.
00415312 |.
00415314 |.
0041531E |.
00415320 |>
00415323 |.
00415325 |.
00415328 |.
0041532B |.
00415331 |>
00415337 |.
0041533A |.
0041533B |.
00415341 |.
00415342 |.
00415348 |.
0041534A |.
0041534C |.
0041534F |.
00415355 |.
00415356 |.
00415359 |.
0041535A |.
0041535F |.
00415362 |.
00415368 |.
0041536F |.
00415371 |.
0041537B |.
0041537D |>
00415383 |.
00415385 |.
0041538B |.
0041538E |.
00415394 |>
0041539A |.
0041539D |.
004153A3 |.
004153A8 |.
004153AA |.

8B85 84ECFFFF
8B48 10
898D 88ECFFFF
BA C0010000
F7D2
8B85 84ECFFFF
2350 10
B9 40000000
81E1 C0010000
81E1 FFFF0000
0BD1
8B85 84ECFFFF
8950 10
6A 06
8D8D 34F6FFFF
51
E8 93840100

MOV EAX,DWORD PTR SS:[EBP-137C]


MOV ECX,DWORD PTR DS:[EAX+10]
MOV DWORD PTR SS:[EBP-1378],ECX
MOV EDX,1C0
NOT EDX
MOV EAX,DWORD PTR SS:[EBP-137C]
AND EDX,DWORD PTR DS:[EAX+10]
MOV ECX,40
AND ECX,000001C0
AND ECX,0000FFFF
OR EDX,ECX
MOV EAX,DWORD PTR SS:[EBP-137C]
MOV DWORD PTR DS:[EAX+10],EDX
PUSH 6
LEA ECX,[EBP-9CC]
PUSH ECX
CALL 0042D798

83C4 08
8985 80ECFFFF
837D 08 00
75 0C
C785 78EAFFFF
EB 11
8B55 08
8B02
8B4D 08
0348 04
898D 78EAFFFF
8B95 80ECFFFF
8B42 04
50
8B8D 78EAFFFF
51
8B95 80ECFFFF
8B02
FFD0
83C4 08
8B8D 7CEAFFFF
51
8B55 08
52
E8 015BFFFF
83C4 08
8985 74ECFFFF
83BD 74ECFFFF
75 0C
C785 78ECFFFF
EB 17
8B85 74ECFFFF
8B08
8B95 74ECFFFF
0351 04
8995 78ECFFFF
8B85 78ECFFFF
8B48 10
898D 7CECFFFF
BA C0010000
F7D2
8B85 78ECFFFF

ADD ESP,8
MOV DWORD PTR SS:[EBP-1380],EAX
CMP DWORD PTR SS:[EBP+8],0
JNE SHORT 00415320
MOV DWORD PTR SS:[EBP-1588],0
JMP SHORT 00415331
MOV EDX,DWORD PTR SS:[EBP+8]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[EBP+8]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[EBP-1588],ECX
MOV EDX,DWORD PTR SS:[EBP-1380]
MOV EAX,DWORD PTR DS:[EDX+4]
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP-1588]
PUSH ECX
MOV EDX,DWORD PTR SS:[EBP-1380]
MOV EAX,DWORD PTR DS:[EDX]
CALL EAX
ADD ESP,8
MOV ECX,DWORD PTR SS:[EBP-1584]
PUSH ECX
MOV EDX,DWORD PTR SS:[EBP+8]
PUSH EDX
CALL 0040AE60
ADD ESP,8
MOV DWORD PTR SS:[EBP-138C],EAX
CMP DWORD PTR SS:[EBP-138C],0
JNE SHORT 0041537D
MOV DWORD PTR SS:[EBP-1388],0
JMP SHORT 00415394
MOV EAX,DWORD PTR SS:[EBP-138C]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[EBP-138C]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[EBP-1388],EDX
MOV EAX,DWORD PTR SS:[EBP-1388]
MOV ECX,DWORD PTR DS:[EAX+10]
MOV DWORD PTR SS:[EBP-1384],ECX
MOV EDX,1C0
NOT EDX
MOV EAX,DWORD PTR SS:[EBP-1388]

;
;
;
;

/Arg2 = 6
|
|Arg1
\SystemIn

004153B0 |.
004153B3 |.
004153B8 |.
004153BE |.
004153C4 |.
004153C6 |.
004153CC |.
004153CF |.
3
004153D1 |.
004153D7 |.
004153D8 |.
fo.0042D798
004153DD |.
004153E0 |.
004153E6 |.
004153ED |.
004153EF |.
004153F9 |.
004153FB |>
00415401 |.
00415403 |.
00415409 |.
0041540C |.
00415412 |>
00415418 |.
0041541B |.
0041541C |.
00415422 |.
00415423 |.
00415429 |.
0041542B |.
0041542D |.
00415430 |.
00415436 |.
0041543C |.
00415442 |.
00415444 |.
0041544A |.
0041544D |.
00415453 |.
00415459 |.
0041545C |.
00415462 |.
00415468 |.
0041546E |.
00415471 |.
00415478 |.
0041547A |.
00415484 |.
00415486 |>
0041548C |.
0041548E |.
00415494 |.
00415497 |.
0041549D |>
004154A3 |.
004154A6 |.
004154AC |.
004154B1 |.

2350 10
B9 80000000
81E1 C0010000
81E1 FFFF0000
0BD1
8B85 78ECFFFF
8950 10
6A 23

AND EDX,DWORD PTR DS:[EAX+10]


MOV ECX,80
AND ECX,000001C0
AND ECX,0000FFFF
OR EDX,ECX
MOV EAX,DWORD PTR SS:[EBP-1388]
MOV DWORD PTR DS:[EAX+10],EDX
PUSH 23

8D8D 74F6FFFF LEA ECX,[EBP-98C]


51
PUSH ECX
E8 BB830100 CALL 0042D798
83C4 08
8985 70ECFFFF
83BD 74ECFFFF
75 0C
C785 74EAFFFF
EB 17
8B95 74ECFFFF
8B02
8B8D 74ECFFFF
0348 04
898D 74EAFFFF
8B95 70ECFFFF
8B42 04
50
8B8D 74EAFFFF
51
8B95 70ECFFFF
8B02
FFD0
83C4 08
8A8D 7EF6FFFF
888D 67ECFFFF
8B95 74ECFFFF
8B02
8B8D 74ECFFFF
0348 04
898D 68ECFFFF
8B95 68ECFFFF
8A42 30
8885 6FECFFFF
8B8D 68ECFFFF
8A95 67ECFFFF
8851 30
83BD 74ECFFFF
75 0C
C785 5CECFFFF
EB 17
8B85 74ECFFFF
8B08
8B95 74ECFFFF
0351 04
8995 5CECFFFF
8B85 5CECFFFF
8B48 10
898D 60ECFFFF
BA C0010000
F7D2

ADD ESP,8
MOV DWORD PTR SS:[EBP-1390],EAX
CMP DWORD PTR SS:[EBP-138C],0
JNE SHORT 004153FB
MOV DWORD PTR SS:[EBP-158C],0
JMP SHORT 00415412
MOV EDX,DWORD PTR SS:[EBP-138C]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[EBP-138C]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[EBP-158C],ECX
MOV EDX,DWORD PTR SS:[EBP-1390]
MOV EAX,DWORD PTR DS:[EDX+4]
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP-158C]
PUSH ECX
MOV EDX,DWORD PTR SS:[EBP-1390]
MOV EAX,DWORD PTR DS:[EDX]
CALL EAX
ADD ESP,8
MOV CL,BYTE PTR SS:[EBP-982]
MOV BYTE PTR SS:[EBP-1399],CL
MOV EDX,DWORD PTR SS:[EBP-138C]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[EBP-138C]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[EBP-1398],ECX
MOV EDX,DWORD PTR SS:[EBP-1398]
MOV AL,BYTE PTR DS:[EDX+30]
MOV BYTE PTR SS:[EBP-1391],AL
MOV ECX,DWORD PTR SS:[EBP-1398]
MOV DL,BYTE PTR SS:[EBP-1399]
MOV BYTE PTR DS:[ECX+30],DL
CMP DWORD PTR SS:[EBP-138C],0
JNE SHORT 00415486
MOV DWORD PTR SS:[EBP-13A4],0
JMP SHORT 0041549D
MOV EAX,DWORD PTR SS:[EBP-138C]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[EBP-138C]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[EBP-13A4],EDX
MOV EAX,DWORD PTR SS:[EBP-13A4]
MOV ECX,DWORD PTR DS:[EAX+10]
MOV DWORD PTR SS:[EBP-13A0],ECX
MOV EDX,1C0
NOT EDX

; /Arg2 = 2
; |
; |Arg1
; \SystemIn

004154B3 |.
004154B9 |.
004154BC |.
004154C1 |.
004154C7 |.
004154CD |.
004154CF |.
004154D5 |.
004154D8 |.
Country"
004154DD |.
004154E3 |.
004154E4 |.
004154E9 |.
004154EC |.
004154F2 |.
004154F9 |.
004154FB |.
00415505 |.
00415507 |>
0041550D |.
0041550F |.
00415515 |.
00415518 |.
0041551E |>
00415524 |.
00415527 |.
0041552D |.
00415532 |.
00415534 |.
0041553A |.
0041553D |.
00415542 |.
00415547 |.
0041554C |.
0041554E |.
00415554 |.
00415557 |.
0041555D |.
00415563 |.
00415569 |.
0041556B |.
00415571 |.
00415574 |.
0041557A |.
00415580 |.
00415583 |.
00415589 |.
0041558F |.
00415595 |.
00415598 |.
0041559B |.
0041559C |.
004155A2 |.
004155A3 |.
004155A8 |.
004155AB |.
004155B1 |.
A
004155B3 |.

8B85 5CECFFFF
2350 10
B9 40000000
81E1 C0010000
81E1 FFFF0000
0BD1
8B85 5CECFFFF
8950 10
68 9C8E4400

MOV EAX,DWORD PTR SS:[EBP-13A4]


AND EDX,DWORD PTR DS:[EAX+10]
MOV ECX,40
AND ECX,000001C0
AND ECX,0000FFFF
OR EDX,ECX
MOV EAX,DWORD PTR SS:[EBP-13A4]
MOV DWORD PTR DS:[EAX+10],EDX
PUSH OFFSET 00448E9C

; ASCII "

8B8D 74ECFFFF
51
E8 7754FFFF
83C4 08
8985 50ECFFFF
83BD 50ECFFFF
75 0C
C785 54ECFFFF
EB 17
8B95 50ECFFFF
8B02
8B8D 50ECFFFF
0348 04
898D 54ECFFFF
8B95 54ECFFFF
8B42 10
8985 58ECFFFF
B9 C0010000
F7D1
8B95 54ECFFFF
234A 10
B8 80000000
25 C0010000
25 FFFF0000
0BC8
8B95 54ECFFFF
894A 10
8A85 7FF6FFFF
8885 47ECFFFF
8B8D 50ECFFFF
8B11
8B85 50ECFFFF
0342 04
8985 48ECFFFF
8B8D 48ECFFFF
8A51 30
8895 4FECFFFF
8B85 48ECFFFF
8A8D 47ECFFFF
8848 30
8B55 E8
52
8B85 50ECFFFF
50
E8 B853FFFF
83C4 08
8985 40ECFFFF
6A 0A

MOV ECX,DWORD PTR SS:[EBP-138C]


PUSH ECX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[EBP-13B0],EAX
CMP DWORD PTR SS:[EBP-13B0],0
JNE SHORT 00415507
MOV DWORD PTR SS:[EBP-13AC],0
JMP SHORT 0041551E
MOV EDX,DWORD PTR SS:[EBP-13B0]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[EBP-13B0]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[EBP-13AC],ECX
MOV EDX,DWORD PTR SS:[EBP-13AC]
MOV EAX,DWORD PTR DS:[EDX+10]
MOV DWORD PTR SS:[EBP-13A8],EAX
MOV ECX,1C0
NOT ECX
MOV EDX,DWORD PTR SS:[EBP-13AC]
AND ECX,DWORD PTR DS:[EDX+10]
MOV EAX,80
AND EAX,000001C0
AND EAX,0000FFFF
OR ECX,EAX
MOV EDX,DWORD PTR SS:[EBP-13AC]
MOV DWORD PTR DS:[EDX+10],ECX
MOV AL,BYTE PTR SS:[EBP-981]
MOV BYTE PTR SS:[EBP-13B9],AL
MOV ECX,DWORD PTR SS:[EBP-13B0]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[EBP-13B0]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[EBP-13B8],EAX
MOV ECX,DWORD PTR SS:[EBP-13B8]
MOV DL,BYTE PTR DS:[ECX+30]
MOV BYTE PTR SS:[EBP-13B1],DL
MOV EAX,DWORD PTR SS:[EBP-13B8]
MOV CL,BYTE PTR SS:[EBP-13B9]
MOV BYTE PTR DS:[EAX+30],CL
MOV EDX,DWORD PTR SS:[EBP-18]
PUSH EDX
MOV EAX,DWORD PTR SS:[EBP-13B0]
PUSH EAX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[EBP-13C0],EAX
PUSH 0A

; /Arg1 = 0

8B8D 40ECFFFF MOV ECX,DWORD PTR SS:[EBP-13C0]

; |

004155B9 |. E8 02A0FFFF
fo.0040F5C0
004155BE |. 8B8D 40ECFFFF
004155C4 |. E8 F7A1FFFF
fo.0040F7C0
004155C9 |. C645 FC 1C
004155CD |. 6A 00
004155CF |. 6A 01
004155D1 |. 8D8D 3CF6FFFF
004155D7 |. E8 84A5FFFF
fo.0040FB60
004155DC |. C745 FC FFFFF
004155E3 |. 6A 00
004155E5 |. 6A 01
004155E7 |. 8D8D 58F6FFFF
004155ED |. E8 6EA5FFFF
fo.0040FB60
004155F2 |. 68 77874400
ystemInfo.448777
004155F7 |. 8D8D 0CF6FFFF
004155FD |. E8 EE95FFFF
fo.0040EBF0
00415602 |. C745 FC 1E000
00415609 |. 8D8D 0CF6FFFF
0041560F |. 51
00415610 |. B9 0C294500
00415615 |. E8 061BFFFF
fo.00407120
0041561A |. 8B15 FC284500
00415620 |. 83C2 01
00415623 |. 8915 FC284500
00415629 |. 68 74874400
"
0041562E |. A1 FC284500
00415633 |. 50
[4528FC] = 0
00415634 |. 68 D0914400
00415639 |. 8B0D F8284500
0041563F |. 51
[4528F8] = 0
00415640 |. B9 08294500
00415645 |. E8 1608FFFF
nfo.00405E60
0041564A |. 50
0041564B |. E8 1053FFFF
00415650 |. 83C4 08
00415653 |. 8BC8
00415655 |. E8 0608FFFF
fo.00405E60
0041565A |. 50
0041565B |. E8 0053FFFF
00415660 |. 83C4 08
00415663 |. 8D95 F0F5FFFF
00415669 |. 52
0041566A |. B9 08294500
0041566F |. E8 EC0DFFFF
fo.00406460
00415674 |. 8985 70EAFFFF
0041567A |. 8B85 70EAFFFF
00415680 |. 8985 6CEAFFFF

CALL 0040F5C0

; \SystemIn

MOV ECX,DWORD PTR SS:[EBP-13C0]


CALL 0040F7C0

; [SystemIn

MOV BYTE PTR SS:[EBP-4],1C


PUSH 0
PUSH 1
LEA ECX,[EBP-9C4]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

MOV DWORD PTR SS:[EBP-4],-1


PUSH 0
PUSH 1
LEA ECX,[EBP-9A8]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

PUSH OFFSET 00448777

; /Arg1 = S

LEA ECX,[EBP-9F4]
CALL 0040EBF0

; |
; \SystemIn

MOV DWORD PTR SS:[EBP-4],1E


LEA ECX,[EBP-9F4]
PUSH ECX
MOV ECX,OFFSET 0045290C
CALL 00407120

; /Arg1
; |
; \SystemIn

MOV EDX,DWORD PTR DS:[4528FC]


ADD EDX,1
MOV DWORD PTR DS:[4528FC],EDX
PUSH OFFSET 00448774

; ASCII ".

MOV EAX,DWORD PTR DS:[4528FC]


PUSH EAX

; /Arg1 =>

PUSH OFFSET 004491D0


MOV ECX,DWORD PTR DS:[4528F8]
PUSH ECX

; |
; |
; |/Arg1 =>

MOV ECX,OFFSET 00452908


CALL 00405E60

; ||
; |\SystemI

PUSH EAX
CALL 0040A960
ADD ESP,8
MOV ECX,EAX
CALL 00405E60

;
;
;
;
;

PUSH EAX
CALL 0040A960
ADD ESP,8
LEA EDX,[EBP-0A10]
PUSH EDX
MOV ECX,OFFSET 00452908
CALL 00406460

; /Arg1
; |
; \SystemIn

MOV DWORD PTR SS:[EBP-1590],EAX


MOV EAX,DWORD PTR SS:[EBP-1590]
MOV DWORD PTR SS:[EBP-1594],EAX

|
|
|
|
\SystemIn

00415686 |.
0041568A |.
00415691 |.
00415698 |.
0041569C |.
0041569E |.
004156A8 |.
004156AA |>
004156AD |.
004156AF |.
004156B2 |.
004156B5 |.
004156BB |>
004156C1 |.
004156C4 |.
004156CA |.
004156CF |.
004156D1 |.
004156D7 |.
004156DA |.
004156DF |.
004156E5 |.
004156EB |.
004156ED |.
004156F3 |.
004156F6 |.
004156F8 |.
004156FE |.
004156FF |.
fo.0042D798
00415704 |.
00415707 |.
0041570D |.
00415711 |.
00415713 |.
0041571D |.
0041571F |>
00415722 |.
00415724 |.
00415727 |.
0041572A |.
00415730 |>
00415736 |.
00415739 |.
0041573A |.
00415740 |.
00415741 |.
00415747 |.
00415749 |.
0041574B |.
0041574E |.
00415754 |.
00415755 |.
00415758 |.
00415759 |.
0041575E |.
00415761 |.
00415767 |.
0041576E |.
00415770 |.

C645 FC 1F
C685 33F6FFFF
C685 32F6FFFF
837D 08 00
75 0C
C785 24ECFFFF
EB 11
8B4D 08
8B11
8B45 08
0342 04
8985 24ECFFFF
8B8D 24ECFFFF
8B51 10
8995 28ECFFFF
B8 C0010000
F7D0
8B8D 24ECFFFF
2341 10
BA 40000000
81E2 C0010000
81E2 FFFF0000
0BC2
8B8D 24ECFFFF
8941 10
6A 06
8D95 E8F5FFFF
52
E8 94800100

MOV BYTE PTR SS:[EBP-4],1F


MOV BYTE PTR SS:[EBP-9CD],20
MOV BYTE PTR SS:[EBP-9CE],2E
CMP DWORD PTR SS:[EBP+8],0
JNE SHORT 004156AA
MOV DWORD PTR SS:[EBP-13DC],0
JMP SHORT 004156BB
MOV ECX,DWORD PTR SS:[EBP+8]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[EBP+8]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[EBP-13DC],EAX
MOV ECX,DWORD PTR SS:[EBP-13DC]
MOV EDX,DWORD PTR DS:[ECX+10]
MOV DWORD PTR SS:[EBP-13D8],EDX
MOV EAX,1C0
NOT EAX
MOV ECX,DWORD PTR SS:[EBP-13DC]
AND EAX,DWORD PTR DS:[ECX+10]
MOV EDX,40
AND EDX,000001C0
AND EDX,0000FFFF
OR EAX,EDX
MOV ECX,DWORD PTR SS:[EBP-13DC]
MOV DWORD PTR DS:[ECX+10],EAX
PUSH 6
LEA EDX,[EBP-0A18]
PUSH EDX
CALL 0042D798

83C4 08
8985 20ECFFFF
837D 08 00
75 0C
C785 68EAFFFF
EB 11
8B45 08
8B08
8B55 08
0351 04
8995 68EAFFFF
8B85 20ECFFFF
8B48 04
51
8B95 68EAFFFF
52
8B85 20ECFFFF
8B08
FFD1
83C4 08
8B95 6CEAFFFF
52
8B45 08
50
E8 0257FFFF
83C4 08
8985 14ECFFFF
83BD 14ECFFFF
75 0C
C785 18ECFFFF

ADD ESP,8
MOV DWORD PTR SS:[EBP-13E0],EAX
CMP DWORD PTR SS:[EBP+8],0
JNE SHORT 0041571F
MOV DWORD PTR SS:[EBP-1598],0
JMP SHORT 00415730
MOV EAX,DWORD PTR SS:[EBP+8]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[EBP+8]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[EBP-1598],EDX
MOV EAX,DWORD PTR SS:[EBP-13E0]
MOV ECX,DWORD PTR DS:[EAX+4]
PUSH ECX
MOV EDX,DWORD PTR SS:[EBP-1598]
PUSH EDX
MOV EAX,DWORD PTR SS:[EBP-13E0]
MOV ECX,DWORD PTR DS:[EAX]
CALL ECX
ADD ESP,8
MOV EDX,DWORD PTR SS:[EBP-1594]
PUSH EDX
MOV EAX,DWORD PTR SS:[EBP+8]
PUSH EAX
CALL 0040AE60
ADD ESP,8
MOV DWORD PTR SS:[EBP-13EC],EAX
CMP DWORD PTR SS:[EBP-13EC],0
JNE SHORT 0041577C
MOV DWORD PTR SS:[EBP-13E8],0

;
;
;
;

/Arg2 = 6
|
|Arg1
\SystemIn

0041577A |.
0041577C |>
00415782 |.
00415784 |.
0041578A |.
0041578D |.
00415793 |>
00415799 |.
0041579C |.
004157A2 |.
004157A7 |.
004157A9 |.
004157AF |.
004157B2 |.
004157B7 |.
004157BD |.
004157C3 |.
004157C5 |.
004157CB |.
004157CE |.
3
004157D0 |.
004157D6 |.
004157D7 |.
fo.0042D798
004157DC |.
004157DF |.
004157E5 |.
004157EC |.
004157EE |.
004157F8 |.
004157FA |>
00415800 |.
00415802 |.
00415808 |.
0041580B |.
00415811 |>
00415817 |.
0041581A |.
0041581B |.
00415821 |.
00415822 |.
00415828 |.
0041582A |.
0041582C |.
0041582F |.
00415835 |.
0041583B |.
00415841 |.
00415843 |.
00415849 |.
0041584C |.
00415852 |.
00415858 |.
0041585B |.
00415861 |.
00415867 |.
0041586D |.
00415870 |.
00415877 |.

EB 17
8B8D 14ECFFFF
8B11
8B85 14ECFFFF
0342 04
8985 18ECFFFF
8B8D 18ECFFFF
8B51 10
8995 1CECFFFF
B8 C0010000
F7D0
8B8D 18ECFFFF
2341 10
BA 80000000
81E2 C0010000
81E2 FFFF0000
0BC2
8B8D 18ECFFFF
8941 10
6A 23

JMP SHORT 00415793


MOV ECX,DWORD PTR SS:[EBP-13EC]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[EBP-13EC]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[EBP-13E8],EAX
MOV ECX,DWORD PTR SS:[EBP-13E8]
MOV EDX,DWORD PTR DS:[ECX+10]
MOV DWORD PTR SS:[EBP-13E4],EDX
MOV EAX,1C0
NOT EAX
MOV ECX,DWORD PTR SS:[EBP-13E8]
AND EAX,DWORD PTR DS:[ECX+10]
MOV EDX,80
AND EDX,000001C0
AND EDX,0000FFFF
OR EAX,EDX
MOV ECX,DWORD PTR SS:[EBP-13E8]
MOV DWORD PTR DS:[ECX+10],EAX
PUSH 23

8D95 28F6FFFF LEA EDX,[EBP-9D8]


52
PUSH EDX
E8 BC7F0100 CALL 0042D798
83C4 08
8985 10ECFFFF
83BD 14ECFFFF
75 0C
C785 64EAFFFF
EB 17
8B85 14ECFFFF
8B08
8B95 14ECFFFF
0351 04
8995 64EAFFFF
8B85 10ECFFFF
8B48 04
51
8B95 64EAFFFF
52
8B85 10ECFFFF
8B08
FFD1
83C4 08
8A95 32F6FFFF
8895 07ECFFFF
8B85 14ECFFFF
8B08
8B95 14ECFFFF
0351 04
8995 08ECFFFF
8B85 08ECFFFF
8A48 30
888D 0FECFFFF
8B95 08ECFFFF
8A85 07ECFFFF
8842 30
83BD 14ECFFFF
75 0C

ADD ESP,8
MOV DWORD PTR SS:[EBP-13F0],EAX
CMP DWORD PTR SS:[EBP-13EC],0
JNE SHORT 004157FA
MOV DWORD PTR SS:[EBP-159C],0
JMP SHORT 00415811
MOV EAX,DWORD PTR SS:[EBP-13EC]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[EBP-13EC]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[EBP-159C],EDX
MOV EAX,DWORD PTR SS:[EBP-13F0]
MOV ECX,DWORD PTR DS:[EAX+4]
PUSH ECX
MOV EDX,DWORD PTR SS:[EBP-159C]
PUSH EDX
MOV EAX,DWORD PTR SS:[EBP-13F0]
MOV ECX,DWORD PTR DS:[EAX]
CALL ECX
ADD ESP,8
MOV DL,BYTE PTR SS:[EBP-9CE]
MOV BYTE PTR SS:[EBP-13F9],DL
MOV EAX,DWORD PTR SS:[EBP-13EC]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[EBP-13EC]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[EBP-13F8],EDX
MOV EAX,DWORD PTR SS:[EBP-13F8]
MOV CL,BYTE PTR DS:[EAX+30]
MOV BYTE PTR SS:[EBP-13F1],CL
MOV EDX,DWORD PTR SS:[EBP-13F8]
MOV AL,BYTE PTR SS:[EBP-13F9]
MOV BYTE PTR DS:[EDX+30],AL
CMP DWORD PTR SS:[EBP-13EC],0
JNE SHORT 00415885

; /Arg2 = 2
; |
; |Arg1
; \SystemIn

00415879 |.
00415883 |.
00415885 |>
0041588B |.
0041588D |.
00415893 |.
00415896 |.
0041589C |>
004158A2 |.
004158A5 |.
004158AB |.
004158B0 |.
004158B2 |.
004158B8 |.
004158BB |.
004158C0 |.
004158C6 |.
004158CC |.
004158CE |.
004158D4 |.
004158D7 |.
Language"
004158DC |.
004158E2 |.
004158E3 |.
004158E8 |.
004158EB |.
004158F1 |.
004158F8 |.
004158FA |.
00415904 |.
00415906 |>
0041590C |.
0041590E |.
00415914 |.
00415917 |.
0041591D |>
00415923 |.
00415926 |.
0041592C |.
00415931 |.
00415933 |.
00415939 |.
0041593C |.
00415941 |.
00415947 |.
0041594D |.
0041594F |.
00415955 |.
00415958 |.
0041595E |.
00415964 |.
0041596A |.
0041596C |.
00415972 |.
00415975 |.
0041597B |.
00415981 |.
00415984 |.
0041598A |.

C785 FCEBFFFF
EB 17
8B8D 14ECFFFF
8B11
8B85 14ECFFFF
0342 04
8985 FCEBFFFF
8B8D FCEBFFFF
8B51 10
8995 00ECFFFF
B8 C0010000
F7D0
8B8D FCEBFFFF
2341 10
BA 40000000
81E2 C0010000
81E2 FFFF0000
0BC2
8B8D FCEBFFFF
8941 10
68 8C8E4400

MOV DWORD PTR SS:[EBP-1404],0


JMP SHORT 0041589C
MOV ECX,DWORD PTR SS:[EBP-13EC]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[EBP-13EC]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[EBP-1404],EAX
MOV ECX,DWORD PTR SS:[EBP-1404]
MOV EDX,DWORD PTR DS:[ECX+10]
MOV DWORD PTR SS:[EBP-1400],EDX
MOV EAX,1C0
NOT EAX
MOV ECX,DWORD PTR SS:[EBP-1404]
AND EAX,DWORD PTR DS:[ECX+10]
MOV EDX,40
AND EDX,000001C0
AND EDX,0000FFFF
OR EAX,EDX
MOV ECX,DWORD PTR SS:[EBP-1404]
MOV DWORD PTR DS:[ECX+10],EAX
PUSH OFFSET 00448E8C

8B95 14ECFFFF
52
E8 7850FFFF
83C4 08
8985 F0EBFFFF
83BD F0EBFFFF
75 0C
C785 F4EBFFFF
EB 17
8B85 F0EBFFFF
8B08
8B95 F0EBFFFF
0351 04
8995 F4EBFFFF
8B85 F4EBFFFF
8B48 10
898D F8EBFFFF
BA C0010000
F7D2
8B85 F4EBFFFF
2350 10
B9 80000000
81E1 C0010000
81E1 FFFF0000
0BD1
8B85 F4EBFFFF
8950 10
8A8D 33F6FFFF
888D E7EBFFFF
8B95 F0EBFFFF
8B02
8B8D F0EBFFFF
0348 04
898D E8EBFFFF
8B95 E8EBFFFF
8A42 30
8885 EFEBFFFF
8B8D E8EBFFFF

MOV EDX,DWORD PTR SS:[EBP-13EC]


PUSH EDX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[EBP-1410],EAX
CMP DWORD PTR SS:[EBP-1410],0
JNE SHORT 00415906
MOV DWORD PTR SS:[EBP-140C],0
JMP SHORT 0041591D
MOV EAX,DWORD PTR SS:[EBP-1410]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[EBP-1410]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[EBP-140C],EDX
MOV EAX,DWORD PTR SS:[EBP-140C]
MOV ECX,DWORD PTR DS:[EAX+10]
MOV DWORD PTR SS:[EBP-1408],ECX
MOV EDX,1C0
NOT EDX
MOV EAX,DWORD PTR SS:[EBP-140C]
AND EDX,DWORD PTR DS:[EAX+10]
MOV ECX,80
AND ECX,000001C0
AND ECX,0000FFFF
OR EDX,ECX
MOV EAX,DWORD PTR SS:[EBP-140C]
MOV DWORD PTR DS:[EAX+10],EDX
MOV CL,BYTE PTR SS:[EBP-9CD]
MOV BYTE PTR SS:[EBP-1419],CL
MOV EDX,DWORD PTR SS:[EBP-1410]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[EBP-1410]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[EBP-1418],ECX
MOV EDX,DWORD PTR SS:[EBP-1418]
MOV AL,BYTE PTR DS:[EDX+30]
MOV BYTE PTR SS:[EBP-1411],AL
MOV ECX,DWORD PTR SS:[EBP-1418]

; ASCII "

00415990 |. 8A95 E7EBFFFF


00415996 |. 8851 30
00415999 |. 8B45 DC
0041599C |. 50
0041599D |. 8B8D F0EBFFFF
004159A3 |. 51
004159A4 |. E8 B74FFFFF
004159A9 |. 83C4 08
004159AC |. 8985 E0EBFFFF
004159B2 |. 6A 0A
A
004159B4 |. 8B8D E0EBFFFF
004159BA |. E8 019CFFFF
fo.0040F5C0
004159BF |. 8B8D E0EBFFFF
004159C5 |. E8 F69DFFFF
fo.0040F7C0
004159CA |. C645 FC 1E
004159CE |. 6A 00
004159D0 |. 6A 01
004159D2 |. 8D8D F0F5FFFF
004159D8 |. E8 83A1FFFF
fo.0040FB60
004159DD |. C745 FC FFFFF
004159E4 |. 6A 00
004159E6 |. 6A 01
004159E8 |. 8D8D 0CF6FFFF
004159EE |. E8 6DA1FFFF
fo.0040FB60
004159F3 |. 68 77874400
ystemInfo.448777
004159F8 |. 8D8D C0F5FFFF
004159FE |. E8 ED91FFFF
fo.0040EBF0
00415A03 |. C745 FC 20000
00415A0A |. 8D95 C0F5FFFF
00415A10 |. 52
00415A11 |. B9 08294500
00415A16 |. E8 850AFFFF
fo.004064A0
00415A1B |. A1 FC284500
00415A20 |. 83C0 01
00415A23 |. A3 FC284500
00415A28 |. 68 74874400
"
00415A2D |. 8B0D FC284500
00415A33 |. 51
[4528FC] = 0
00415A34 |. 68 D0914400
00415A39 |. 8B15 F8284500
00415A3F |. 52
[4528F8] = 0
00415A40 |. B9 08294500
00415A45 |. E8 1604FFFF
nfo.00405E60
00415A4A |. 50
00415A4B |. E8 104FFFFF
00415A50 |. 83C4 08
00415A53 |. 8BC8
00415A55 |. E8 0604FFFF

MOV DL,BYTE PTR SS:[EBP-1419]


MOV BYTE PTR DS:[ECX+30],DL
MOV EAX,DWORD PTR SS:[EBP-24]
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP-1410]
PUSH ECX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[EBP-1420],EAX
PUSH 0A

; /Arg1 = 0

MOV ECX,DWORD PTR SS:[EBP-1420]


CALL 0040F5C0

; |
; \SystemIn

MOV ECX,DWORD PTR SS:[EBP-1420]


CALL 0040F7C0

; [SystemIn

MOV BYTE PTR SS:[EBP-4],1E


PUSH 0
PUSH 1
LEA ECX,[EBP-0A10]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

MOV DWORD PTR SS:[EBP-4],-1


PUSH 0
PUSH 1
LEA ECX,[EBP-9F4]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

PUSH OFFSET 00448777

; /Arg1 = S

LEA ECX,[EBP-0A40]
CALL 0040EBF0

; |
; \SystemIn

MOV DWORD PTR SS:[EBP-4],20


LEA EDX,[EBP-0A40]
PUSH EDX
MOV ECX,OFFSET 00452908
CALL 004064A0

; /Arg1
; |
; \SystemIn

MOV EAX,DWORD PTR DS:[4528FC]


ADD EAX,1
MOV DWORD PTR DS:[4528FC],EAX
PUSH OFFSET 00448774

; ASCII ".

MOV ECX,DWORD PTR DS:[4528FC]


PUSH ECX

; /Arg1 =>

PUSH OFFSET 004491D0


MOV EDX,DWORD PTR DS:[4528F8]
PUSH EDX

; |
; |
; |/Arg1 =>

MOV ECX,OFFSET 00452908


CALL 00405E60

; ||
; |\SystemI

PUSH EAX
CALL 0040A960
ADD ESP,8
MOV ECX,EAX
CALL 00405E60

;
;
;
;
;

|
|
|
|
\SystemIn

fo.00405E60
00415A5A |. 50
PUSH EAX
00415A5B |. E8 004FFFFF CALL 0040A960
00415A60 |. 83C4 08
ADD ESP,8
00415A63 |. 8D85 A4F5FFFF LEA EAX,[EBP-0A5C]
00415A69 |. 50
PUSH EAX
00415A6A |. B9 08294500 MOV ECX,OFFSET 00452908
00415A6F |. E8 EC09FFFF CALL 00406460
fo.00406460
00415A74 |. 8985 60EAFFFF MOV DWORD PTR SS:[EBP-15A0],EAX
00415A7A |. 8B8D 60EAFFFF MOV ECX,DWORD PTR SS:[EBP-15A0]
00415A80 |. 898D 5CEAFFFF MOV DWORD PTR SS:[EBP-15A4],ECX
00415A86 |. C645 FC 21
MOV BYTE PTR SS:[EBP-4],21
00415A8A |. 68 409A4000 PUSH 00409A40
ystemInfo.409A40
00415A8F |. 8B95 68FFFFFF MOV EDX,DWORD PTR SS:[EBP-98]
00415A95 |. 52
PUSH EDX
00415A96 |. 6A 20
PUSH 20
20
00415A98 |. 8D85 E7F5FFFF LEA EAX,[EBP-0A19]
00415A9E |. 50
PUSH EAX
00415A9F |. E8 6C53FFFF CALL 0040AE10
nfo.0040AE10
00415AA4 |. 83C4 08
ADD ESP,8
00415AA7 |. 50
PUSH EAX
00415AA8 |. 68 009A4000 PUSH 00409A00
SystemInfo.409A00
00415AAD |. 68 708E4400 PUSH OFFSET 00448E70
"
Current User's Language"
00415AB2 |. 68 C0994000 PUSH 004099C0
= SystemInfo.4099C0
00415AB7 |. 6A 2E
PUSH 2E
= 2E
00415AB9 |. 8D8D E6F5FFFF LEA ECX,[EBP-0A1A]
00415ABF |. 51
PUSH ECX
00415AC0 |. E8 4B53FFFF CALL 0040AE10
emInfo.0040AE10
00415AC5 |. 83C4 08
ADD ESP,8
00415AC8 |. 50
PUSH EAX
00415AC9 |. 6A 23
PUSH 23
2 = 23
00415ACB |. 8D95 DCF5FFFF LEA EDX,[EBP-0A24]
00415AD1 |. 52
PUSH EDX
1
00415AD2 |. E8 C17C0100 CALL 0042D798
temInfo.0042D798
00415AD7 |. 83C4 08
ADD ESP,8
00415ADA |. 50
PUSH EAX
2
00415ADB |. 68 009A4000 PUSH 00409A00
g1 = SystemInfo.409A00
00415AE0 |. 8B85 5CEAFFFF MOV EAX,DWORD PTR SS:[EBP-15A4]
00415AE6 |. 50
PUSH EAX
00415AE7 |. 6A 06
PUSH 6
rg2 = 6
00415AE9 |. 8D8D 9CF5FFFF LEA ECX,[EBP-0A64]
00415AEF |. 51
PUSH ECX
rg1
00415AF0 |. E8 A37C0100 CALL 0042D798
ystemInfo.0042D798

; /Arg1
; |
; \SystemIn

; /Arg1 = S
; |
; |
; |/Arg2 =
; ||
; ||Arg1
; |\SystemI
; |
; |/Arg2
; ||/Arg1 =
; |||ASCII
; |||/Arg1
; ||||/Arg2
; |||||
; |||||Arg1
; ||||\Syst
; ||||
; ||||/Arg2
; |||||/Arg
; ||||||
; ||||||Arg
; |||||\Sys
; |||||
; |||||/Arg
; ||||||/Ar
; |||||||
; |||||||
; |||||||/A
; ||||||||
; ||||||||A
; |||||||\S

00415AF5 |. 83C4 08
00415AF8 |. 50
rg2
00415AF9 |. 68 C0994000
Arg1 = SystemInfo.4099C0
00415AFE |. 8B4D 08
00415B01 |. E8 4A00FFFF
SystemInfo.00405B50
00415B06 |. 50
rg1
00415B07 |. E8 144EFFFF
ystemInfo.0040A920
00415B0C |. 83C4 08
00415B0F |. 50
00415B10 |. E8 4B53FFFF
00415B15 |. 83C4 08
00415B18 |. 8BC8
00415B1A |. E8 3100FFFF
stemInfo.00405B50
00415B1F |. 50
1
00415B20 |. E8 FB4DFFFF
temInfo.0040A920
00415B25 |. 83C4 08
00415B28 |. 50
00415B29 |. E8 F252FFFF
emInfo.0040AE20
00415B2E |. 83C4 08
00415B31 |. 8BC8
00415B33 |. E8 1800FFFF
mInfo.00405B50
00415B38 |. 50
00415B39 |. E8 224EFFFF
00415B3E |. 83C4 08
00415B41 |. 8BC8
00415B43 |. E8 0800FFFF
Info.00405B50
00415B48 |. 50
00415B49 |. E8 D252FFFF
nfo.0040AE20
00415B4E |. 83C4 08
00415B51 |. 50
00415B52 |. E8 094EFFFF
00415B57 |. 83C4 08
00415B5A |. 8BC8
00415B5C |. E8 CFFFFEFF
fo.00405B30
00415B61 |. C645 FC 20
00415B65 |. 8D8D A4F5FFFF
00415B6B |. E8 6091FFFF
fo.0040ECD0
00415B70 |. C745 FC FFFFF
00415B77 |. 8D8D C0F5FFFF
00415B7D |. E8 4E91FFFF
fo.0040ECD0
00415B82 |. 68 77874400
ystemInfo.448777
00415B87 |. 8D8D 74F5FFFF
00415B8D |. E8 5E90FFFF
fo.0040EBF0

ADD ESP,8
PUSH EAX

; |||||||
; |||||||/A

PUSH 004099C0

; ||||||||/

MOV ECX,DWORD PTR SS:[EBP+8]


CALL 00405B50

; |||||||||
; ||||||||\

PUSH EAX

; ||||||||A

CALL 0040A920

; |||||||\S

ADD ESP,8
PUSH EAX
CALL 0040AE60
ADD ESP,8
MOV ECX,EAX
CALL 00405B50

;
;
;
;
;
;

PUSH EAX

; ||||||Arg

CALL 0040A920

; |||||\Sys

ADD ESP,8
PUSH EAX
CALL 0040AE20

; |||||
; |||||Arg1
; ||||\Syst

ADD ESP,8
MOV ECX,EAX
CALL 00405B50

; ||||
; ||||
; |||\Syste

PUSH EAX
CALL 0040A960
ADD ESP,8
MOV ECX,EAX
CALL 00405B50

;
;
;
;
;

PUSH EAX
CALL 0040AE20

; ||Arg1
; |\SystemI

ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
MOV ECX,EAX
CALL 00405B30

;
;
;
;
;
;

MOV BYTE PTR SS:[EBP-4],20


LEA ECX,[EBP-0A5C]
CALL 0040ECD0

; [SystemIn

MOV DWORD PTR SS:[EBP-4],-1


LEA ECX,[EBP-0A40]
CALL 0040ECD0

; [SystemIn

PUSH OFFSET 00448777

; /Arg1 = S

LEA ECX,[EBP-0A8C]
CALL 0040EBF0

; |
; \SystemIn

|||||||
|||||||
|||||||
|||||||
|||||||
||||||\Sy

|||
|||
|||
|||
||\System

|
|
|
|
|
\SystemIn

00415B92 |. C745 FC 22000


00415B99 |. 8D95 74F5FFFF
00415B9F |. 52
00415BA0 |. B9 08294500
00415BA5 |. E8 F608FFFF
fo.004064A0
00415BAA |. A1 FC284500
00415BAF |. 83C0 01
00415BB2 |. A3 FC284500
00415BB7 |. 68 74874400
"
00415BBC |. 8B0D FC284500
00415BC2 |. 51
[4528FC] = 0
00415BC3 |. 68 D0914400
00415BC8 |. 8B15 F8284500
00415BCE |. 52
[4528F8] = 0
00415BCF |. B9 08294500
00415BD4 |. E8 8702FFFF
nfo.00405E60
00415BD9 |. 50
00415BDA |. E8 814DFFFF
00415BDF |. 83C4 08
00415BE2 |. 8BC8
00415BE4 |. E8 7702FFFF
fo.00405E60
00415BE9 |. 50
00415BEA |. E8 714DFFFF
00415BEF |. 83C4 08
00415BF2 |. 8D85 58F5FFFF
00415BF8 |. 50
00415BF9 |. B9 08294500
00415BFE |. E8 5D08FFFF
fo.00406460
00415C03 |. 8985 58EAFFFF
00415C09 |. 8B8D 58EAFFFF
00415C0F |. 898D 54EAFFFF
00415C15 |. C645 FC 23
00415C19 |. 68 409A4000
ystemInfo.409A40
00415C1E |. 8B95 30FFFFFF
00415C24 |. 52
00415C25 |. 6A 20
20
00415C27 |. 8D85 9BF5FFFF
00415C2D |. 50
00415C2E |. E8 DD51FFFF
nfo.0040AE10
00415C33 |. 83C4 08
00415C36 |. 50
00415C37 |. 68 009A4000
SystemInfo.409A00
00415C3C |. 68 588E4400
"
Active Input Locale"
00415C41 |. 68 C0994000
= SystemInfo.4099C0
00415C46 |. 6A 2E
= 2E
00415C48 |. 8D8D 9AF5FFFF

MOV DWORD PTR SS:[EBP-4],22


LEA EDX,[EBP-0A8C]
PUSH EDX
MOV ECX,OFFSET 00452908
CALL 004064A0

; /Arg1
; |
; \SystemIn

MOV EAX,DWORD PTR DS:[4528FC]


ADD EAX,1
MOV DWORD PTR DS:[4528FC],EAX
PUSH OFFSET 00448774

; ASCII ".

MOV ECX,DWORD PTR DS:[4528FC]


PUSH ECX

; /Arg1 =>

PUSH OFFSET 004491D0


MOV EDX,DWORD PTR DS:[4528F8]
PUSH EDX

; |
; |
; |/Arg1 =>

MOV ECX,OFFSET 00452908


CALL 00405E60

; ||
; |\SystemI

PUSH EAX
CALL 0040A960
ADD ESP,8
MOV ECX,EAX
CALL 00405E60

;
;
;
;
;

PUSH EAX
CALL 0040A960
ADD ESP,8
LEA EAX,[EBP-0AA8]
PUSH EAX
MOV ECX,OFFSET 00452908
CALL 00406460

; /Arg1
; |
; \SystemIn

MOV DWORD PTR SS:[EBP-15A8],EAX


MOV ECX,DWORD PTR SS:[EBP-15A8]
MOV DWORD PTR SS:[EBP-15AC],ECX
MOV BYTE PTR SS:[EBP-4],23
PUSH 00409A40

; /Arg1 = S

MOV EDX,DWORD PTR SS:[EBP-0D0]


PUSH EDX
PUSH 20

; |
; |
; |/Arg2 =

LEA EAX,[EBP-0A65]
PUSH EAX
CALL 0040AE10

; ||
; ||Arg1
; |\SystemI

ADD ESP,8
PUSH EAX
PUSH 00409A00

; |
; |/Arg2
; ||/Arg1 =

PUSH OFFSET 00448E58

; |||ASCII

PUSH 004099C0

; |||/Arg1

PUSH 2E

; ||||/Arg2

LEA ECX,[EBP-0A66]

; |||||

|
|
|
|
\SystemIn

00415C4E |. 51
00415C4F |. E8 BC51FFFF
emInfo.0040AE10
00415C54 |. 83C4 08
00415C57 |. 50
00415C58 |. 6A 23
2 = 23
00415C5A |. 8D95 90F5FFFF
00415C60 |. 52
1
00415C61 |. E8 327B0100
temInfo.0042D798
00415C66 |. 83C4 08
00415C69 |. 50
2
00415C6A |. 68 009A4000
g1 = SystemInfo.409A00
00415C6F |. 8B85 54EAFFFF
00415C75 |. 50
00415C76 |. 6A 06
rg2 = 6
00415C78 |. 8D8D 50F5FFFF
00415C7E |. 51
rg1
00415C7F |. E8 147B0100
ystemInfo.0042D798
00415C84 |. 83C4 08
00415C87 |. 50
rg2
00415C88 |. 68 C0994000
Arg1 = SystemInfo.4099C0
00415C8D |. 8B4D 08
00415C90 |. E8 BBFEFEFF
SystemInfo.00405B50
00415C95 |. 50
rg1
00415C96 |. E8 854CFFFF
ystemInfo.0040A920
00415C9B |. 83C4 08
00415C9E |. 50
00415C9F |. E8 BC51FFFF
00415CA4 |. 83C4 08
00415CA7 |. 8BC8
00415CA9 |. E8 A2FEFEFF
stemInfo.00405B50
00415CAE |. 50
1
00415CAF |. E8 6C4CFFFF
temInfo.0040A920
00415CB4 |. 83C4 08
00415CB7 |. 50
00415CB8 |. E8 6351FFFF
emInfo.0040AE20
00415CBD |. 83C4 08
00415CC0 |. 8BC8
00415CC2 |. E8 89FEFEFF
mInfo.00405B50
00415CC7 |. 50
00415CC8 |. E8 934CFFFF
00415CCD |. 83C4 08

PUSH ECX
CALL 0040AE10

; |||||Arg1
; ||||\Syst

ADD ESP,8
PUSH EAX
PUSH 23

; ||||
; ||||/Arg2
; |||||/Arg

LEA EDX,[EBP-0A70]
PUSH EDX

; ||||||
; ||||||Arg

CALL 0042D798

; |||||\Sys

ADD ESP,8
PUSH EAX

; |||||
; |||||/Arg

PUSH 00409A00

; ||||||/Ar

MOV EAX,DWORD PTR SS:[EBP-15AC]


PUSH EAX
PUSH 6

; |||||||
; |||||||
; |||||||/A

LEA ECX,[EBP-0AB0]
PUSH ECX

; ||||||||
; ||||||||A

CALL 0042D798

; |||||||\S

ADD ESP,8
PUSH EAX

; |||||||
; |||||||/A

PUSH 004099C0

; ||||||||/

MOV ECX,DWORD PTR SS:[EBP+8]


CALL 00405B50

; |||||||||
; ||||||||\

PUSH EAX

; ||||||||A

CALL 0040A920

; |||||||\S

ADD ESP,8
PUSH EAX
CALL 0040AE60
ADD ESP,8
MOV ECX,EAX
CALL 00405B50

;
;
;
;
;
;

PUSH EAX

; ||||||Arg

CALL 0040A920

; |||||\Sys

ADD ESP,8
PUSH EAX
CALL 0040AE20

; |||||
; |||||Arg1
; ||||\Syst

ADD ESP,8
MOV ECX,EAX
CALL 00405B50

; ||||
; ||||
; |||\Syste

PUSH EAX
CALL 0040A960
ADD ESP,8

; |||
; |||
; |||

|||||||
|||||||
|||||||
|||||||
|||||||
||||||\Sy

00415CD0 |.
00415CD2 |.
Info.00405B50
00415CD7 |.
00415CD8 |.
nfo.0040AE20
00415CDD |.
00415CE0 |.
00415CE1 |.
00415CE6 |.
00415CE9 |.
00415CEB |.
fo.00405B30
00415CF0 |.
00415CF4 |.
00415CFA |.
fo.0040ECD0
00415CFF |.
00415D06 |.
00415D0C |.
fo.0040ECD0
00415D11 |.
00415D17 |.
00415D1D |.
00415D23 |.
00415D24 |.
fo.0042F800
00415D29 |.
00415D2C |.
00415D2F |.
00415D35 |.
00415D3B |.
00415D3C |.
fo.0042F800
00415D41 |.
00415D44 |.
00415D4A |.
00415D50 |.
00415D56 |.
00415D57 |.
fo.0042F800
00415D5C |.
00415D5F |.
00415D65 |.
00415D6B |.
00415D71 |.
00415D72 |.
fo.0042F800
00415D77 |.
00415D7A |.
00415D7D |.
00415D83 |.
00415D89 |.
00415D8A |.
fo.0042F800
00415D8F |.
00415D92 |.
00415D95 |.
00415D9B |.
00415DA1 |.

8BC8
E8 79FEFEFF

MOV ECX,EAX
CALL 00405B50

; |||
; ||\System

50
E8 4351FFFF

PUSH EAX
CALL 0040AE20

; ||Arg1
; |\SystemI

83C4 08
50
E8 7A4CFFFF
83C4 08
8BC8
E8 40FEFEFF

ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
MOV ECX,EAX
CALL 00405B30

;
;
;
;
;
;

|
|
|
|
|
\SystemIn

C645 FC 22
MOV BYTE PTR SS:[EBP-4],22
8D8D 58F5FFFF LEA ECX,[EBP-0AA8]
E8 D18FFFFF CALL 0040ECD0

; [SystemIn

C745 FC FFFFF MOV DWORD PTR SS:[EBP-4],-1


8D8D 74F5FFFF LEA ECX,[EBP-0A8C]
E8 BF8FFFFF CALL 0040ECD0

; [SystemIn

8B95 74FFFFFF
8995 4CF5FFFF
8B85 4CF5FFFF
50
E8 D79A0100

MOV EDX,DWORD PTR SS:[EBP-8C]


MOV DWORD PTR SS:[EBP-0AB4],EDX
MOV EAX,DWORD PTR SS:[EBP-0AB4]
PUSH EAX
CALL 0042F800

; /Arg1
; \SystemIn

83C4 04
8B4D 9C
898D 48F5FFFF
8B95 48F5FFFF
52
E8 BF9A0100

ADD ESP,4
MOV ECX,DWORD PTR SS:[EBP-64]
MOV DWORD PTR SS:[EBP-0AB8],ECX
MOV EDX,DWORD PTR SS:[EBP-0AB8]
PUSH EDX
CALL 0042F800

; /Arg1
; \SystemIn

83C4 04
8B85 58FFFFFF
8985 44F5FFFF
8B8D 44F5FFFF
51
E8 A49A0100

ADD ESP,4
MOV EAX,DWORD PTR SS:[EBP-0A8]
MOV DWORD PTR SS:[EBP-0ABC],EAX
MOV ECX,DWORD PTR SS:[EBP-0ABC]
PUSH ECX
CALL 0042F800

; /Arg1
; \SystemIn

83C4 04
8B95 24FFFFFF
8995 40F5FFFF
8B85 40F5FFFF
50
E8 899A0100

ADD ESP,4
MOV EDX,DWORD PTR SS:[EBP-0DC]
MOV DWORD PTR SS:[EBP-0AC0],EDX
MOV EAX,DWORD PTR SS:[EBP-0AC0]
PUSH EAX
CALL 0042F800

; /Arg1
; \SystemIn

83C4 04
8B4D E8
898D 3CF5FFFF
8B95 3CF5FFFF
52
E8 719A0100

ADD ESP,4
MOV ECX,DWORD PTR SS:[EBP-18]
MOV DWORD PTR SS:[EBP-0AC4],ECX
MOV EDX,DWORD PTR SS:[EBP-0AC4]
PUSH EDX
CALL 0042F800

; /Arg1
; \SystemIn

83C4
8B45
8985
8B8D
51

ADD ESP,4
MOV EAX,DWORD PTR SS:[EBP-24]
MOV DWORD PTR SS:[EBP-0AC8],EAX
MOV ECX,DWORD PTR SS:[EBP-0AC8]
PUSH ECX

; /Arg1

04
DC
38F5FFFF
38F5FFFF

00415DA2 |. E8 599A0100
fo.0042F800
00415DA7 |. 83C4 04
00415DAA |. 8B95 68FFFFFF
00415DB0 |. 8995 34F5FFFF
00415DB6 |. 8B85 34F5FFFF
00415DBC |. 50
00415DBD |. E8 3E9A0100
fo.0042F800
00415DC2 |. 83C4 04
00415DC5 |. 8B8D 30FFFFFF
00415DCB |. 898D 30F5FFFF
00415DD1 |. 8B95 30F5FFFF
00415DD7 |. 52
00415DD8 |. E8 239A0100
fo.0042F800
00415DDD |. 83C4 04
00415DE0 |. 8B45 E0
00415DE3 |. 8985 2CF5FFFF
00415DE9 |. 8B8D 2CF5FFFF
00415DEF |. 51
00415DF0 |. E8 0B9A0100
fo.0042F800
00415DF5 |. 83C4 04
00415DF8 |. 68 77874400
ystemInfo.448777
00415DFD |. 8D8D 04F5FFFF
00415E03 |. E8 E88DFFFF
fo.0040EBF0
00415E08 |. C745 FC 24000
00415E0F |. 8D95 04F5FFFF
00415E15 |. 52
00415E16 |. B9 08294500
00415E1B |. E8 8006FFFF
fo.004064A0
00415E20 |. A1 FC284500
00415E25 |. 83C0 01
00415E28 |. A3 FC284500
00415E2D |. 68 74874400
"
00415E32 |. 8B0D FC284500
00415E38 |. 51
[4528FC] = 0
00415E39 |. 68 D0914400
00415E3E |. 8B15 F8284500
00415E44 |. 52
[4528F8] = 0
00415E45 |. B9 08294500
00415E4A |. E8 1100FFFF
nfo.00405E60
00415E4F |. 50
00415E50 |. E8 0B4BFFFF
00415E55 |. 83C4 08
00415E58 |. 8BC8
00415E5A |. E8 0100FFFF
fo.00405E60
00415E5F |. 50
00415E60 |. E8 FB4AFFFF
00415E65 |. 83C4 08
00415E68 |. 8D85 E8F4FFFF

CALL 0042F800

; \SystemIn

ADD ESP,4
MOV EDX,DWORD PTR SS:[EBP-98]
MOV DWORD PTR SS:[EBP-0ACC],EDX
MOV EAX,DWORD PTR SS:[EBP-0ACC]
PUSH EAX
CALL 0042F800

; /Arg1
; \SystemIn

ADD ESP,4
MOV ECX,DWORD PTR SS:[EBP-0D0]
MOV DWORD PTR SS:[EBP-0AD0],ECX
MOV EDX,DWORD PTR SS:[EBP-0AD0]
PUSH EDX
CALL 0042F800

; /Arg1
; \SystemIn

ADD ESP,4
MOV EAX,DWORD PTR SS:[EBP-20]
MOV DWORD PTR SS:[EBP-0AD4],EAX
MOV ECX,DWORD PTR SS:[EBP-0AD4]
PUSH ECX
CALL 0042F800

; /Arg1
; \SystemIn

ADD ESP,4
PUSH OFFSET 00448777

; /Arg1 = S

LEA ECX,[EBP-0AFC]
CALL 0040EBF0

; |
; \SystemIn

MOV DWORD PTR SS:[EBP-4],24


LEA EDX,[EBP-0AFC]
PUSH EDX
MOV ECX,OFFSET 00452908
CALL 004064A0

; /Arg1
; |
; \SystemIn

MOV EAX,DWORD PTR DS:[4528FC]


ADD EAX,1
MOV DWORD PTR DS:[4528FC],EAX
PUSH OFFSET 00448774

; ASCII ".

MOV ECX,DWORD PTR DS:[4528FC]


PUSH ECX

; /Arg1 =>

PUSH OFFSET 004491D0


MOV EDX,DWORD PTR DS:[4528F8]
PUSH EDX

; |
; |
; |/Arg1 =>

MOV ECX,OFFSET 00452908


CALL 00405E60

; ||
; |\SystemI

PUSH EAX
CALL 0040A960
ADD ESP,8
MOV ECX,EAX
CALL 00405E60

;
;
;
;
;

PUSH EAX
CALL 0040A960
ADD ESP,8
LEA EAX,[EBP-0B18]

|
|
|
|
\SystemIn

00415E6E |. 50
00415E6F |. B9 08294500
00415E74 |. E8 E705FFFF
fo.00406460
00415E79 |. 8985 50EAFFFF
00415E7F |. 8B8D 50EAFFFF
00415E85 |. 898D 4CEAFFFF
00415E8B |. C645 FC 25
00415E8F |. 6A 20
0
00415E91 |. 8D95 2BF5FFFF
00415E97 |. 52
00415E98 |. E8 734FFFFF
fo.0040AE10
00415E9D |. 83C4 08
00415EA0 |. 50
00415EA1 |. 68 009A4000
SystemInfo.409A00
00415EA6 |. 68 408E4400
User Interface Features"
00415EAB |. 68 C0994000
SystemInfo.4099C0
00415EB0 |. 6A 2E
= 2E
00415EB2 |. 8D85 2AF5FFFF
00415EB8 |. 50
00415EB9 |. E8 524FFFFF
mInfo.0040AE10
00415EBE |. 83C4 08
00415EC1 |. 50
00415EC2 |. 6A 23
= 23
00415EC4 |. 8D8D 20F5FFFF
00415ECA |. 51
00415ECB |. E8 C8780100
emInfo.0042D798
00415ED0 |. 83C4 08
00415ED3 |. 50
00415ED4 |. 68 009A4000
1 = SystemInfo.409A00
00415ED9 |. 8B95 4CEAFFFF
00415EDF |. 52
00415EE0 |. 6A 06
g2 = 6
00415EE2 |. 8D85 E0F4FFFF
00415EE8 |. 50
g1
00415EE9 |. E8 AA780100
stemInfo.0042D798
00415EEE |. 83C4 08
00415EF1 |. 50
g2
00415EF2 |. 68 C0994000
rg1 = SystemInfo.4099C0
00415EF7 |. 8B4D 08
00415EFA |. E8 51FCFEFF
ystemInfo.00405B50
00415EFF |. 50
g1
00415F00 |. E8 1B4AFFFF

PUSH EAX
MOV ECX,OFFSET 00452908
CALL 00406460

; /Arg1
; |
; \SystemIn

MOV DWORD PTR SS:[EBP-15B0],EAX


MOV ECX,DWORD PTR SS:[EBP-15B0]
MOV DWORD PTR SS:[EBP-15B4],ECX
MOV BYTE PTR SS:[EBP-4],25
PUSH 20

; /Arg2 = 2

LEA EDX,[EBP-0AD5]
PUSH EDX
CALL 0040AE10

; |
; |Arg1
; \SystemIn

ADD ESP,8
PUSH EAX
PUSH 00409A00

; /Arg2
; |/Arg1 =

PUSH OFFSET 00448E40

; ||ASCII "

PUSH 004099C0

; ||/Arg1 =

PUSH 2E

; |||/Arg2

LEA EAX,[EBP-0AD6]
PUSH EAX
CALL 0040AE10

; ||||
; ||||Arg1
; |||\Syste

ADD ESP,8
PUSH EAX
PUSH 23

; |||
; |||/Arg2
; ||||/Arg2

LEA ECX,[EBP-0AE0]
PUSH ECX
CALL 0042D798

; |||||
; |||||Arg1
; ||||\Syst

ADD ESP,8
PUSH EAX
PUSH 00409A00

; ||||
; ||||/Arg2
; |||||/Arg

MOV EDX,DWORD PTR SS:[EBP-15B4]


PUSH EDX
PUSH 6

; ||||||
; ||||||
; ||||||/Ar

LEA EAX,[EBP-0B20]
PUSH EAX

; |||||||
; |||||||Ar

CALL 0042D798

; ||||||\Sy

ADD ESP,8
PUSH EAX

; ||||||
; ||||||/Ar

PUSH 004099C0

; |||||||/A

MOV ECX,DWORD PTR SS:[EBP+8]


CALL 00405B50

; ||||||||
; |||||||\S

PUSH EAX

; |||||||Ar

CALL 0040A920

; ||||||\Sy

stemInfo.0040A920
00415F05 |. 83C4 08
00415F08 |. 50
00415F09 |. E8 524FFFFF
00415F0E |. 83C4 08
00415F11 |. 8BC8
00415F13 |. E8 38FCFEFF
temInfo.00405B50
00415F18 |. 50
00415F19 |. E8 024AFFFF
emInfo.0040A920
00415F1E |. 83C4 08
00415F21 |. 50
00415F22 |. E8 F94EFFFF
mInfo.0040AE20
00415F27 |. 83C4 08
00415F2A |. 8BC8
00415F2C |. E8 1FFCFEFF
Info.00405B50
00415F31 |. 50
00415F32 |. E8 294AFFFF
00415F37 |. 83C4 08
00415F3A |. 8BC8
00415F3C |. E8 0FFCFEFF
nfo.00405B50
00415F41 |. 50
00415F42 |. E8 D94EFFFF
fo.0040AE20
00415F47 |. 83C4 08
00415F4A |. C645 FC 24
00415F4E |. 8D8D E8F4FFFF
00415F54 |. E8 778DFFFF
fo.0040ECD0
00415F59 |. C745 FC FFFFF
00415F60 |. 8D8D 04F5FFFF
00415F66 |. E8 658DFFFF
fo.0040ECD0
00415F6B |. C745 CC 00000
00415F72 |. 6A 2A
SM_DBCSENABLED
00415F74 |. FF15 F8814400
etSystemMetrics
00415F7A |. 85C0
00415F7C |. 74 49
00415F7E |. 8B4D CC
00415F81 |. 8B55 CC
00415F84 |. 83C2 01
00415F87 |. 8955 CC
00415F8A |. 85C9
00415F8C |. 7E 0C
00415F8E |. C785 48EAFFFF
"
00415F98 |. EB 0A
00415F9A |> C785 48EAFFFF
00415FA4 |> 68 2C8E4400
CS enabled"
00415FA9 |. 8B85 48EAFFFF
00415FAF |. 50
00415FB0 |. 8B4D 08
00415FB3 |. 51

ADD ESP,8
PUSH EAX
CALL 0040AE60
ADD ESP,8
MOV ECX,EAX
CALL 00405B50

;
;
;
;
;
;

||||||
||||||
||||||
||||||
||||||
|||||\Sys

PUSH EAX
CALL 0040A920

; |||||Arg1
; ||||\Syst

ADD ESP,8
PUSH EAX
CALL 0040AE20

; ||||
; ||||Arg1
; |||\Syste

ADD ESP,8
MOV ECX,EAX
CALL 00405B50

; |||
; |||
; ||\System

PUSH EAX
CALL 0040A960
ADD ESP,8
MOV ECX,EAX
CALL 00405B50

;
;
;
;
;

PUSH EAX
CALL 0040AE20

; |Arg1
; \SystemIn

ADD ESP,8
MOV BYTE PTR SS:[EBP-4],24
LEA ECX,[EBP-0B18]
CALL 0040ECD0

; [SystemIn

MOV DWORD PTR SS:[EBP-4],-1


LEA ECX,[EBP-0AFC]
CALL 0040ECD0

; [SystemIn

MOV DWORD PTR SS:[EBP-34],0


PUSH 2A

; /Index =

||
||
||
||
|\SystemI

CALL DWORD PTR DS:[<&USER32.GetSystemMet ; \USER32.G


TEST EAX,EAX
JE SHORT 00415FC7
MOV ECX,DWORD PTR SS:[EBP-34]
MOV EDX,DWORD PTR SS:[EBP-34]
ADD EDX,1
MOV DWORD PTR SS:[EBP-34],EDX
TEST ECX,ECX
JLE SHORT 00415F9A
MOV DWORD PTR SS:[EBP-15B8],OFFSET 00448 ; ASCII ",
JMP SHORT 00415FA4
MOV DWORD PTR SS:[EBP-15B8],OFFSET 00448
PUSH OFFSET 00448E2C
; ASCII "DB
MOV EAX,DWORD PTR SS:[EBP-15B8]
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP+8]
PUSH ECX

00415FB4 |. E8 A749FFFF
00415FB9 |. 83C4 08
00415FBC |. 50
00415FBD |. E8 9E49FFFF
00415FC2 |. 83C4 08
00415FC5 |. EB 47
00415FC7 |> 8B55 CC
00415FCA |. 8B45 CC
00415FCD |. 83C0 01
00415FD0 |. 8945 CC
00415FD3 |. 85D2
00415FD5 |. 7E 0C
00415FD7 |. C785 44EAFFFF
"
00415FE1 |. EB 0A
00415FE3 |> C785 44EAFFFF
00415FED |> 68 1C8E4400
CS disabled"
00415FF2 |. 8B8D 44EAFFFF
00415FF8 |. 51
00415FF9 |. 8B55 08
00415FFC |. 52
00415FFD |. E8 5E49FFFF
00416002 |. 83C4 08
00416005 |. 50
00416006 |. E8 5549FFFF
0041600B |. 83C4 08
0041600E |> 6A 52
SM_IMMENABLED
00416010 |. FF15 F8814400
etSystemMetrics
00416016 |. 85C0
00416018 |. 74 49
0041601A |. 8B45 CC
0041601D |. 8B4D CC
00416020 |. 83C1 01
00416023 |. 894D CC
00416026 |. 85C0
00416028 |. 7E 0C
0041602A |. C785 40EAFFFF
"
00416034 |. EB 0A
00416036 |> C785 40EAFFFF
00416040 |> 68 048E4400
put Method Manager"
00416045 |. 8B95 40EAFFFF
0041604B |. 52
0041604C |. 8B45 08
0041604F |. 50
00416050 |. E8 0B49FFFF
00416055 |. 83C4 08
00416058 |. 50
00416059 |. E8 0249FFFF
0041605E |. 83C4 08
00416061 |. EB 47
00416063 |> 8B4D CC
00416066 |. 8B55 CC
00416069 |. 83C2 01
0041606C |. 8955 CC
0041606F |. 85C9

CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
JMP SHORT 0041600E
MOV EDX,DWORD PTR SS:[EBP-34]
MOV EAX,DWORD PTR SS:[EBP-34]
ADD EAX,1
MOV DWORD PTR SS:[EBP-34],EAX
TEST EDX,EDX
JLE SHORT 00415FE3
MOV DWORD PTR SS:[EBP-15BC],OFFSET 00448 ; ASCII ",
JMP SHORT 00415FED
MOV DWORD PTR SS:[EBP-15BC],OFFSET 00448
PUSH OFFSET 00448E1C
; ASCII "DB
MOV ECX,DWORD PTR SS:[EBP-15BC]
PUSH ECX
MOV EDX,DWORD PTR SS:[EBP+8]
PUSH EDX
CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
PUSH 52

; /Index =

CALL DWORD PTR DS:[<&USER32.GetSystemMet ; \USER32.G


TEST EAX,EAX
JE SHORT 00416063
MOV EAX,DWORD PTR SS:[EBP-34]
MOV ECX,DWORD PTR SS:[EBP-34]
ADD ECX,1
MOV DWORD PTR SS:[EBP-34],ECX
TEST EAX,EAX
JLE SHORT 00416036
MOV DWORD PTR SS:[EBP-15C0],OFFSET 00448 ; ASCII ",
JMP SHORT 00416040
MOV DWORD PTR SS:[EBP-15C0],OFFSET 00448
PUSH OFFSET 00448E04
; ASCII "In
MOV EDX,DWORD PTR SS:[EBP-15C0]
PUSH EDX
MOV EAX,DWORD PTR SS:[EBP+8]
PUSH EAX
CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
JMP SHORT 004160AA
MOV ECX,DWORD PTR SS:[EBP-34]
MOV EDX,DWORD PTR SS:[EBP-34]
ADD EDX,1
MOV DWORD PTR SS:[EBP-34],EDX
TEST ECX,ECX

00416071 |. 7E 0C
JLE SHORT 0041607F
00416073 |. C785 3CEAFFFF MOV DWORD PTR SS:[EBP-15C4],OFFSET 00448
"
0041607D |. EB 0A
JMP SHORT 00416089
0041607F |> C785 3CEAFFFF MOV DWORD PTR SS:[EBP-15C4],OFFSET 00448
00416089 |> 68 E48D4400 PUSH OFFSET 00448DE4
put Method Manager disabled"
0041608E |. 8B85 3CEAFFFF MOV EAX,DWORD PTR SS:[EBP-15C4]
00416094 |. 50
PUSH EAX
00416095 |. 8B4D 08
MOV ECX,DWORD PTR SS:[EBP+8]
00416098 |. 51
PUSH ECX
00416099 |. E8 C248FFFF CALL 0040A960
0041609E |. 83C4 08
ADD ESP,8
004160A1 |. 50
PUSH EAX
004160A2 |. E8 B948FFFF CALL 0040A960
004160A7 |. 83C4 08
ADD ESP,8
004160AA |> 6A 4A
PUSH 4A
SM_MIDEASTENABLED
004160AC |. FF15 F8814400 CALL DWORD PTR DS:[<&USER32.GetSystemMet
etSystemMetrics
004160B2 |. 85C0
TEST EAX,EAX
004160B4 |. 74 49
JE SHORT 004160FF
004160B6 |. 8B55 CC
MOV EDX,DWORD PTR SS:[EBP-34]
004160B9 |. 8B45 CC
MOV EAX,DWORD PTR SS:[EBP-34]
004160BC |. 83C0 01
ADD EAX,1
004160BF |. 8945 CC
MOV DWORD PTR SS:[EBP-34],EAX
004160C2 |. 85D2
TEST EDX,EDX
004160C4 |. 7E 0C
JLE SHORT 004160D2
004160C6 |. C785 38EAFFFF MOV DWORD PTR SS:[EBP-15C8],OFFSET 00448
"
004160D0 |. EB 0A
JMP SHORT 004160DC
004160D2 |> C785 38EAFFFF MOV DWORD PTR SS:[EBP-15C8],OFFSET 00448
004160DC |> 68 D08D4400 PUSH OFFSET 00448DD0
brew or Arabic"
004160E1 |. 8B8D 38EAFFFF MOV ECX,DWORD PTR SS:[EBP-15C8]
004160E7 |. 51
PUSH ECX
004160E8 |. 8B55 08
MOV EDX,DWORD PTR SS:[EBP+8]
004160EB |. 52
PUSH EDX
004160EC |. E8 6F48FFFF CALL 0040A960
004160F1 |. 83C4 08
ADD ESP,8
004160F4 |. 50
PUSH EAX
004160F5 |. E8 6648FFFF CALL 0040A960
004160FA |. 83C4 08
ADD ESP,8
004160FD |. EB 47
JMP SHORT 00416146
004160FF |> 8B45 CC
MOV EAX,DWORD PTR SS:[EBP-34]
00416102 |. 8B4D CC
MOV ECX,DWORD PTR SS:[EBP-34]
00416105 |. 83C1 01
ADD ECX,1
00416108 |. 894D CC
MOV DWORD PTR SS:[EBP-34],ECX
0041610B |. 85C0
TEST EAX,EAX
0041610D |. 7E 0C
JLE SHORT 0041611B
0041610F |. C785 34EAFFFF MOV DWORD PTR SS:[EBP-15CC],OFFSET 00448
"
00416119 |. EB 0A
JMP SHORT 00416125
0041611B |> C785 34EAFFFF MOV DWORD PTR SS:[EBP-15CC],OFFSET 00448
00416125 |> 68 B08D4400 PUSH OFFSET 00448DB0
brew and Arabic not supported"
0041612A |. 8B95 34EAFFFF MOV EDX,DWORD PTR SS:[EBP-15CC]
00416130 |. 52
PUSH EDX
00416131 |. 8B45 08
MOV EAX,DWORD PTR SS:[EBP+8]
00416134 |. 50
PUSH EAX

; ASCII ",

; ASCII "In

; /Index =
; \USER32.G

; ASCII ",

; ASCII "He

; ASCII ",

; ASCII "He

00416135 |. E8 2648FFFF
0041613A |. 83C4 08
0041613D |. 50
0041613E |. E8 1D48FFFF
00416143 |. 83C4 08
00416146 |> 6A 29
SM_PENWINDOWS
00416148 |. FF15 F8814400
etSystemMetrics
0041614E |. 85C0
00416150 |. 74 47
00416152 |. 8B4D CC
00416155 |. 8B55 CC
00416158 |. 83C2 01
0041615B |. 8955 CC
0041615E |. 85C9
00416160 |. 7E 0C
00416162 |. C785 30EAFFFF
"
0041616C |. EB 0A
0041616E |> C785 30EAFFFF
00416178 |> 68 A48D4400
n Windows"
0041617D |. 8B85 30EAFFFF
00416183 |. 50
00416184 |. 8B4D 08
00416187 |. 51
00416188 |. E8 D347FFFF
0041618D |. 83C4 08
00416190 |. 50
00416191 |. E8 CA47FFFF
00416196 |. 83C4 08
00416199 |> 6A 46
SM_SHOWSOUNDS
0041619B |. FF15 F8814400
etSystemMetrics
004161A1 |. 85C0
004161A3 |. 74 47
004161A5 |. 8B55 CC
004161A8 |. 8B45 CC
004161AB |. 83C0 01
004161AE |. 8945 CC
004161B1 |. 85D2
004161B3 |. 7E 0C
004161B5 |. C785 2CEAFFFF
"
004161BF |. EB 0A
004161C1 |> C785 2CEAFFFF
004161CB |> 68 988D4400
ow sounds"
004161D0 |. 8B8D 2CEAFFFF
004161D6 |. 51
004161D7 |. 8B55 08
004161DA |. 52
004161DB |. E8 8047FFFF
004161E0 |. 83C4 08
004161E3 |. 50
004161E4 |. E8 7747FFFF
004161E9 |. 83C4 08
004161EC |> 837D CC 00

CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
PUSH 29

; /Index =

CALL DWORD PTR DS:[<&USER32.GetSystemMet ; \USER32.G


TEST EAX,EAX
JE SHORT 00416199
MOV ECX,DWORD PTR SS:[EBP-34]
MOV EDX,DWORD PTR SS:[EBP-34]
ADD EDX,1
MOV DWORD PTR SS:[EBP-34],EDX
TEST ECX,ECX
JLE SHORT 0041616E
MOV DWORD PTR SS:[EBP-15D0],OFFSET 00448 ; ASCII ",
JMP SHORT 00416178
MOV DWORD PTR SS:[EBP-15D0],OFFSET 00448
PUSH OFFSET 00448DA4
; ASCII "Pe
MOV EAX,DWORD PTR SS:[EBP-15D0]
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP+8]
PUSH ECX
CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
PUSH 46

; /Index =

CALL DWORD PTR DS:[<&USER32.GetSystemMet ; \USER32.G


TEST EAX,EAX
JE SHORT 004161EC
MOV EDX,DWORD PTR SS:[EBP-34]
MOV EAX,DWORD PTR SS:[EBP-34]
ADD EAX,1
MOV DWORD PTR SS:[EBP-34],EAX
TEST EDX,EDX
JLE SHORT 004161C1
MOV DWORD PTR SS:[EBP-15D4],OFFSET 00448 ; ASCII ",
JMP SHORT 004161CB
MOV DWORD PTR SS:[EBP-15D4],OFFSET 00448
PUSH OFFSET 00448D98
; ASCII "Sh
MOV ECX,DWORD PTR SS:[EBP-15D4]
PUSH ECX
MOV EDX,DWORD PTR SS:[EBP+8]
PUSH EDX
CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
CMP DWORD PTR SS:[EBP-34],0

004161F0 |. 75 11
004161F2 |. 68 848D4400
special features"
004161F7 |. 8B45 08
004161FA |. 50
004161FB |. E8 6047FFFF
00416200 |. 83C4 08
00416203 |> 68 409A4000
ystemInfo.409A40
00416208 |. 8B4D 08
0041620B |. E8 20F9FEFF
fo.00405B30
00416210 |. 68 77874400
ystemInfo.448777
00416215 |. 8D8D B8F4FFFF
0041621B |. E8 D089FFFF
fo.0040EBF0
00416220 |. C745 FC 26000
00416227 |. 8D8D B8F4FFFF
0041622D |. 51
0041622E |. B9 08294500
00416233 |. E8 6802FFFF
fo.004064A0
00416238 |. 8B15 FC284500
0041623E |. 83C2 01
00416241 |. 8915 FC284500
00416247 |. 68 74874400
"
0041624C |. A1 FC284500
00416251 |. 50
[4528FC] = 0
00416252 |. 68 D0914400
00416257 |. 8B0D F8284500
0041625D |. 51
[4528F8] = 0
0041625E |. B9 08294500
00416263 |. E8 F8FBFEFF
nfo.00405E60
00416268 |. 50
00416269 |. E8 F246FFFF
0041626E |. 83C4 08
00416271 |. 8BC8
00416273 |. E8 E8FBFEFF
fo.00405E60
00416278 |. 50
00416279 |. E8 E246FFFF
0041627E |. 83C4 08
00416281 |. 8D95 9CF4FFFF
00416287 |. 52
00416288 |. B9 08294500
0041628D |. E8 CE01FFFF
fo.00406460
00416292 |. 8985 28EAFFFF
00416298 |. 8B85 28EAFFFF
0041629E |. 8985 24EAFFFF
004162A4 |. C645 FC 27
004162A8 |. 6A 20
0
004162AA |. 8D8D DFF4FFFF
004162B0 |. 51

JNE SHORT 00416203


PUSH OFFSET 00448D84

; ASCII "No

MOV EAX,DWORD PTR SS:[EBP+8]


PUSH EAX
CALL 0040A960
ADD ESP,8
PUSH 00409A40

; /Arg1 = S

MOV ECX,DWORD PTR SS:[EBP+8]


CALL 00405B30

; |
; \SystemIn

PUSH OFFSET 00448777

; /Arg1 = S

LEA ECX,[EBP-0B48]
CALL 0040EBF0

; |
; \SystemIn

MOV DWORD PTR SS:[EBP-4],26


LEA ECX,[EBP-0B48]
PUSH ECX
MOV ECX,OFFSET 00452908
CALL 004064A0

; /Arg1
; |
; \SystemIn

MOV EDX,DWORD PTR DS:[4528FC]


ADD EDX,1
MOV DWORD PTR DS:[4528FC],EDX
PUSH OFFSET 00448774

; ASCII ".

MOV EAX,DWORD PTR DS:[4528FC]


PUSH EAX

; /Arg1 =>

PUSH OFFSET 004491D0


MOV ECX,DWORD PTR DS:[4528F8]
PUSH ECX

; |
; |
; |/Arg1 =>

MOV ECX,OFFSET 00452908


CALL 00405E60

; ||
; |\SystemI

PUSH EAX
CALL 0040A960
ADD ESP,8
MOV ECX,EAX
CALL 00405E60

;
;
;
;
;

PUSH EAX
CALL 0040A960
ADD ESP,8
LEA EDX,[EBP-0B64]
PUSH EDX
MOV ECX,OFFSET 00452908
CALL 00406460

; /Arg1
; |
; \SystemIn

MOV DWORD PTR SS:[EBP-15D8],EAX


MOV EAX,DWORD PTR SS:[EBP-15D8]
MOV DWORD PTR SS:[EBP-15DC],EAX
MOV BYTE PTR SS:[EBP-4],27
PUSH 20

; /Arg2 = 2

LEA ECX,[EBP-0B21]
PUSH ECX

; |
; |Arg1

|
|
|
|
\SystemIn

004162B1 |. E8 5A4BFFFF
fo.0040AE10
004162B6 |. 83C4 08
004162B9 |. 50
004162BA |. 68 009A4000
SystemInfo.409A00
004162BF |. 68 748D4400
System Features"
004162C4 |. 68 C0994000
SystemInfo.4099C0
004162C9 |. 6A 2E
= 2E
004162CB |. 8D95 DEF4FFFF
004162D1 |. 52
004162D2 |. E8 394BFFFF
mInfo.0040AE10
004162D7 |. 83C4 08
004162DA |. 50
004162DB |. 6A 23
= 23
004162DD |. 8D85 D4F4FFFF
004162E3 |. 50
004162E4 |. E8 AF740100
emInfo.0042D798
004162E9 |. 83C4 08
004162EC |. 50
004162ED |. 68 009A4000
1 = SystemInfo.409A00
004162F2 |. 8B8D 24EAFFFF
004162F8 |. 51
004162F9 |. 6A 06
g2 = 6
004162FB |. 8D95 94F4FFFF
00416301 |. 52
g1
00416302 |. E8 91740100
stemInfo.0042D798
00416307 |. 83C4 08
0041630A |. 50
g2
0041630B |. 68 C0994000
rg1 = SystemInfo.4099C0
00416310 |. 8B4D 08
00416313 |. E8 38F8FEFF
ystemInfo.00405B50
00416318 |. 50
g1
00416319 |. E8 0246FFFF
stemInfo.0040A920
0041631E |. 83C4 08
00416321 |. 50
00416322 |. E8 394BFFFF
00416327 |. 83C4 08
0041632A |. 8BC8
0041632C |. E8 1FF8FEFF
temInfo.00405B50
00416331 |. 50
00416332 |. E8 E945FFFF
emInfo.0040A920
00416337 |. 83C4 08

CALL 0040AE10

; \SystemIn

ADD ESP,8
PUSH EAX
PUSH 00409A00

; /Arg2
; |/Arg1 =

PUSH OFFSET 00448D74

; ||ASCII "

PUSH 004099C0

; ||/Arg1 =

PUSH 2E

; |||/Arg2

LEA EDX,[EBP-0B22]
PUSH EDX
CALL 0040AE10

; ||||
; ||||Arg1
; |||\Syste

ADD ESP,8
PUSH EAX
PUSH 23

; |||
; |||/Arg2
; ||||/Arg2

LEA EAX,[EBP-0B2C]
PUSH EAX
CALL 0042D798

; |||||
; |||||Arg1
; ||||\Syst

ADD ESP,8
PUSH EAX
PUSH 00409A00

; ||||
; ||||/Arg2
; |||||/Arg

MOV ECX,DWORD PTR SS:[EBP-15DC]


PUSH ECX
PUSH 6

; ||||||
; ||||||
; ||||||/Ar

LEA EDX,[EBP-0B6C]
PUSH EDX

; |||||||
; |||||||Ar

CALL 0042D798

; ||||||\Sy

ADD ESP,8
PUSH EAX

; ||||||
; ||||||/Ar

PUSH 004099C0

; |||||||/A

MOV ECX,DWORD PTR SS:[EBP+8]


CALL 00405B50

; ||||||||
; |||||||\S

PUSH EAX

; |||||||Ar

CALL 0040A920

; ||||||\Sy

ADD ESP,8
PUSH EAX
CALL 0040AE60
ADD ESP,8
MOV ECX,EAX
CALL 00405B50

;
;
;
;
;
;

PUSH EAX
CALL 0040A920

; |||||Arg1
; ||||\Syst

ADD ESP,8

; ||||

||||||
||||||
||||||
||||||
||||||
|||||\Sys

0041633A |. 50
0041633B |. E8 E04AFFFF
mInfo.0040AE20
00416340 |. 83C4 08
00416343 |. 8BC8
00416345 |. E8 06F8FEFF
Info.00405B50
0041634A |. 50
0041634B |. E8 1046FFFF
00416350 |. 83C4 08
00416353 |. 8BC8
00416355 |. E8 F6F7FEFF
nfo.00405B50
0041635A |. 50
0041635B |. E8 C04AFFFF
fo.0040AE20
00416360 |. 83C4 08
00416363 |. C645 FC 26
00416367 |. 8D8D 9CF4FFFF
0041636D |. E8 5E89FFFF
fo.0040ECD0
00416372 |. C745 FC FFFFF
00416379 |. 8D8D B8F4FFFF
0041637F |. E8 4C89FFFF
fo.0040ECD0
00416384 |. C745 CC 00000
0041638B |. 6A 16
SM_DEBUG
0041638D |. FF15 F8814400
etSystemMetrics
00416393 |. 85C0
00416395 |. 74 47
00416397 |. 8B45 CC
0041639A |. 8B4D CC
0041639D |. 83C1 01
004163A0 |. 894D CC
004163A3 |. 85C0
004163A5 |. 7E 0C
004163A7 |. C785 20EAFFFF
"
004163B1 |. EB 0A
004163B3 |> C785 20EAFFFF
004163BD |> 68 608D4400
bugging version"
004163C2 |. 8B95 20EAFFFF
004163C8 |. 52
004163C9 |. 8B45 08
004163CC |. 50
004163CD |. E8 8E45FFFF
004163D2 |. 83C4 08
004163D5 |. 50
004163D6 |. E8 8545FFFF
004163DB |. 83C4 08
004163DE |> 6A 13
SM_MOUSEPRESENT
004163E0 |. FF15 F8814400
etSystemMetrics
004163E6 |. 85C0
004163E8 |. 74 49
004163EA |. 8B4D CC

PUSH EAX
CALL 0040AE20

; ||||Arg1
; |||\Syste

ADD ESP,8
MOV ECX,EAX
CALL 00405B50

; |||
; |||
; ||\System

PUSH EAX
CALL 0040A960
ADD ESP,8
MOV ECX,EAX
CALL 00405B50

;
;
;
;
;

PUSH EAX
CALL 0040AE20

; |Arg1
; \SystemIn

ADD ESP,8
MOV BYTE PTR SS:[EBP-4],26
LEA ECX,[EBP-0B64]
CALL 0040ECD0

; [SystemIn

MOV DWORD PTR SS:[EBP-4],-1


LEA ECX,[EBP-0B48]
CALL 0040ECD0

; [SystemIn

MOV DWORD PTR SS:[EBP-34],0


PUSH 16

; /Index =

||
||
||
||
|\SystemI

CALL DWORD PTR DS:[<&USER32.GetSystemMet ; \USER32.G


TEST EAX,EAX
JE SHORT 004163DE
MOV EAX,DWORD PTR SS:[EBP-34]
MOV ECX,DWORD PTR SS:[EBP-34]
ADD ECX,1
MOV DWORD PTR SS:[EBP-34],ECX
TEST EAX,EAX
JLE SHORT 004163B3
MOV DWORD PTR SS:[EBP-15E0],OFFSET 00448 ; ASCII ",
JMP SHORT 004163BD
MOV DWORD PTR SS:[EBP-15E0],OFFSET 00448
PUSH OFFSET 00448D60
; ASCII "De
MOV EDX,DWORD PTR SS:[EBP-15E0]
PUSH EDX
MOV EAX,DWORD PTR SS:[EBP+8]
PUSH EAX
CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
PUSH 13

; /Index =

CALL DWORD PTR DS:[<&USER32.GetSystemMet ; \USER32.G


TEST EAX,EAX
JE SHORT 00416433
MOV ECX,DWORD PTR SS:[EBP-34]

004163ED |. 8B55 CC
004163F0 |. 83C2 01
004163F3 |. 8955 CC
004163F6 |. 85C9
004163F8 |. 7E 0C
004163FA |. C785 1CEAFFFF
"
00416404 |. EB 0A
00416406 |> C785 1CEAFFFF
00416410 |> 68 508D4400
use installed"
00416415 |. 8B85 1CEAFFFF
0041641B |. 50
0041641C |. 8B4D 08
0041641F |. 51
00416420 |. E8 3B45FFFF
00416425 |. 83C4 08
00416428 |. 50
00416429 |. E8 3245FFFF
0041642E |. 83C4 08
00416431 |. EB 47
00416433 |> 8B55 CC
00416436 |. 8B45 CC
00416439 |. 83C0 01
0041643C |. 8945 CC
0041643F |. 85D2
00416441 |. 7E 0C
00416443 |. C785 18EAFFFF
"
0041644D |. EB 0A
0041644F |> C785 18EAFFFF
00416459 |> 68 3C8D4400
mouse installed"
0041645E |. 8B8D 18EAFFFF
00416464 |. 51
00416465 |. 8B55 08
00416468 |. 52
00416469 |. E8 F244FFFF
0041646E |. 83C4 08
00416471 |. 50
00416472 |. E8 E944FFFF
00416477 |. 83C4 08
0041647A |> 6A 4B
SM_MOUSEWHEELPRESENT
0041647C |. FF15 F8814400
etSystemMetrics
00416482 |. 85C0
00416484 |. 74 47
00416486 |. 8B45 CC
00416489 |. 8B4D CC
0041648C |. 83C1 01
0041648F |. 894D CC
00416492 |. 85C0
00416494 |. 7E 0C
00416496 |. C785 14EAFFFF
"
004164A0 |. EB 0A
004164A2 |> C785 14EAFFFF
004164AC |> 68 308D4400
use wheel"

MOV EDX,DWORD PTR SS:[EBP-34]


ADD EDX,1
MOV DWORD PTR SS:[EBP-34],EDX
TEST ECX,ECX
JLE SHORT 00416406
MOV DWORD PTR SS:[EBP-15E4],OFFSET 00448 ; ASCII ",
JMP SHORT 00416410
MOV DWORD PTR SS:[EBP-15E4],OFFSET 00448
PUSH OFFSET 00448D50
; ASCII "Mo
MOV EAX,DWORD PTR SS:[EBP-15E4]
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP+8]
PUSH ECX
CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
JMP SHORT 0041647A
MOV EDX,DWORD PTR SS:[EBP-34]
MOV EAX,DWORD PTR SS:[EBP-34]
ADD EAX,1
MOV DWORD PTR SS:[EBP-34],EAX
TEST EDX,EDX
JLE SHORT 0041644F
MOV DWORD PTR SS:[EBP-15E8],OFFSET 00448 ; ASCII ",
JMP SHORT 00416459
MOV DWORD PTR SS:[EBP-15E8],OFFSET 00448
PUSH OFFSET 00448D3C
; ASCII "No
MOV ECX,DWORD PTR SS:[EBP-15E8]
PUSH ECX
MOV EDX,DWORD PTR SS:[EBP+8]
PUSH EDX
CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
PUSH 4B

; /Index =

CALL DWORD PTR DS:[<&USER32.GetSystemMet ; \USER32.G


TEST EAX,EAX
JE SHORT 004164CD
MOV EAX,DWORD PTR SS:[EBP-34]
MOV ECX,DWORD PTR SS:[EBP-34]
ADD ECX,1
MOV DWORD PTR SS:[EBP-34],ECX
TEST EAX,EAX
JLE SHORT 004164A2
MOV DWORD PTR SS:[EBP-15EC],OFFSET 00448 ; ASCII ",
JMP SHORT 004164AC
MOV DWORD PTR SS:[EBP-15EC],OFFSET 00448
PUSH OFFSET 00448D30
; ASCII "Mo

004164B1 |. 8B95 14EAFFFF


004164B7 |. 52
004164B8 |. 8B45 08
004164BB |. 50
004164BC |. E8 9F44FFFF
004164C1 |. 83C4 08
004164C4 |. 50
004164C5 |. E8 9644FFFF
004164CA |. 83C4 08
004164CD |> 6A 17
SM_SWAPBUTTON
004164CF |. FF15 F8814400
etSystemMetrics
004164D5 |. 85C0
004164D7 |. 74 47
004164D9 |. 8B4D CC
004164DC |. 8B55 CC
004164DF |. 83C2 01
004164E2 |. 8955 CC
004164E5 |. 85C9
004164E7 |. 7E 0C
004164E9 |. C785 10EAFFFF
"
004164F3 |. EB 0A
004164F5 |> C785 10EAFFFF
004164FF |> 68 188D4400
use buttons swapped"
00416504 |. 8B85 10EAFFFF
0041650A |. 50
0041650B |. 8B4D 08
0041650E |. 51
0041650F |. E8 4C44FFFF
00416514 |. 83C4 08
00416517 |. 50
00416518 |. E8 4344FFFF
0041651D |. 83C4 08
00416520 |> 6A 3F
SM_NETWORK
00416522 |. FF15 F8814400
etSystemMetrics
00416528 |. 85C0
0041652A |. 74 49
0041652C |. 8B55 CC
0041652F |. 8B45 CC
00416532 |. 83C0 01
00416535 |. 8945 CC
00416538 |. 85D2
0041653A |. 7E 0C
0041653C |. C785 0CEAFFFF
"
00416546 |. EB 0A
00416548 |> C785 0CEAFFFF
00416552 |> 68 048D4400
twork connected"
00416557 |. 8B8D 0CEAFFFF
0041655D |. 51
0041655E |. 8B55 08
00416561 |. 52
00416562 |. E8 F943FFFF
00416567 |. 83C4 08

MOV EDX,DWORD PTR SS:[EBP-15EC]


PUSH EDX
MOV EAX,DWORD PTR SS:[EBP+8]
PUSH EAX
CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
PUSH 17

; /Index =

CALL DWORD PTR DS:[<&USER32.GetSystemMet ; \USER32.G


TEST EAX,EAX
JE SHORT 00416520
MOV ECX,DWORD PTR SS:[EBP-34]
MOV EDX,DWORD PTR SS:[EBP-34]
ADD EDX,1
MOV DWORD PTR SS:[EBP-34],EDX
TEST ECX,ECX
JLE SHORT 004164F5
MOV DWORD PTR SS:[EBP-15F0],OFFSET 00448 ; ASCII ",
JMP SHORT 004164FF
MOV DWORD PTR SS:[EBP-15F0],OFFSET 00448
PUSH OFFSET 00448D18
; ASCII "Mo
MOV EAX,DWORD PTR SS:[EBP-15F0]
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP+8]
PUSH ECX
CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
PUSH 3F

; /Index =

CALL DWORD PTR DS:[<&USER32.GetSystemMet ; \USER32.G


TEST EAX,EAX
JE SHORT 00416575
MOV EDX,DWORD PTR SS:[EBP-34]
MOV EAX,DWORD PTR SS:[EBP-34]
ADD EAX,1
MOV DWORD PTR SS:[EBP-34],EAX
TEST EDX,EDX
JLE SHORT 00416548
MOV DWORD PTR SS:[EBP-15F4],OFFSET 00448 ; ASCII ",
JMP SHORT 00416552
MOV DWORD PTR SS:[EBP-15F4],OFFSET 00448
PUSH OFFSET 00448D04
; ASCII "Ne
MOV ECX,DWORD PTR SS:[EBP-15F4]
PUSH ECX
MOV EDX,DWORD PTR SS:[EBP+8]
PUSH EDX
CALL 0040A960
ADD ESP,8

0041656A |. 50
0041656B |. E8 F043FFFF
00416570 |. 83C4 08
00416573 |. EB 47
00416575 |> 8B45 CC
00416578 |. 8B4D CC
0041657B |. 83C1 01
0041657E |. 894D CC
00416581 |. 85C0
00416583 |. 7E 0C
00416585 |. C785 08EAFFFF
"
0041658F |. EB 0A
00416591 |> C785 08EAFFFF
0041659B |> 68 F88C4400
network"
004165A0 |. 8B95 08EAFFFF
004165A6 |. 52
004165A7 |. 8B45 08
004165AA |. 50
004165AB |. E8 B043FFFF
004165B0 |. 83C4 08
004165B3 |. 50
004165B4 |. E8 A743FFFF
004165B9 |. 83C4 08
004165BC |> 6A 2C
SM_SECURE
004165BE |. FF15 F8814400
etSystemMetrics
004165C4 |. 85C0
004165C6 |. 74 47
004165C8 |. 8B4D CC
004165CB |. 8B55 CC
004165CE |. 83C2 01
004165D1 |. 8955 CC
004165D4 |. 85C9
004165D6 |. 7E 0C
004165D8 |. C785 04EAFFFF
"
004165E2 |. EB 0A
004165E4 |> C785 04EAFFFF
004165EE |> 68 EC8C4400
curity"
004165F3 |. 8B85 04EAFFFF
004165F9 |. 50
004165FA |. 8B4D 08
004165FD |. 51
004165FE |. E8 5D43FFFF
00416603 |. 83C4 08
00416606 |. 50
00416607 |. E8 5443FFFF
0041660C |. 83C4 08
0041660F |> 6A 49
SM_SLOWMACHINE
00416611 |. FF15 F8814400
etSystemMetrics
00416617 |. 85C0
00416619 |. 74 47
0041661B |. 8B55 CC
0041661E |. 8B45 CC

PUSH EAX
CALL 0040A960
ADD ESP,8
JMP SHORT 004165BC
MOV EAX,DWORD PTR SS:[EBP-34]
MOV ECX,DWORD PTR SS:[EBP-34]
ADD ECX,1
MOV DWORD PTR SS:[EBP-34],ECX
TEST EAX,EAX
JLE SHORT 00416591
MOV DWORD PTR SS:[EBP-15F8],OFFSET 00448 ; ASCII ",
JMP SHORT 0041659B
MOV DWORD PTR SS:[EBP-15F8],OFFSET 00448
PUSH OFFSET 00448CF8
; ASCII "No
MOV EDX,DWORD PTR SS:[EBP-15F8]
PUSH EDX
MOV EAX,DWORD PTR SS:[EBP+8]
PUSH EAX
CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
PUSH 2C

; /Index =

CALL DWORD PTR DS:[<&USER32.GetSystemMet ; \USER32.G


TEST EAX,EAX
JE SHORT 0041660F
MOV ECX,DWORD PTR SS:[EBP-34]
MOV EDX,DWORD PTR SS:[EBP-34]
ADD EDX,1
MOV DWORD PTR SS:[EBP-34],EDX
TEST ECX,ECX
JLE SHORT 004165E4
MOV DWORD PTR SS:[EBP-15FC],OFFSET 00448 ; ASCII ",
JMP SHORT 004165EE
MOV DWORD PTR SS:[EBP-15FC],OFFSET 00448
PUSH OFFSET 00448CEC
; ASCII "Se
MOV EAX,DWORD PTR SS:[EBP-15FC]
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP+8]
PUSH ECX
CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
PUSH 49

; /Index =

CALL DWORD PTR DS:[<&USER32.GetSystemMet ; \USER32.G


TEST EAX,EAX
JE SHORT 00416662
MOV EDX,DWORD PTR SS:[EBP-34]
MOV EAX,DWORD PTR SS:[EBP-34]

00416621 |. 83C0 01
00416624 |. 8945 CC
00416627 |. 85D2
00416629 |. 7E 0C
0041662B |. C785 00EAFFFF
"
00416635 |. EB 0A
00416637 |> C785 00EAFFFF
00416641 |> 68 DC8C4400
ow machine"
00416646 |. 8B8D 00EAFFFF
0041664C |. 51
0041664D |. 8B55 08
00416650 |. 52
00416651 |. E8 0A43FFFF
00416656 |. 83C4 08
00416659 |. 50
0041665A |. E8 0143FFFF
0041665F |. 83C4 08
00416662 |> 837D CC 00
00416666 |. 75 11
00416668 |. 68 848D4400
special features"
0041666D |. 8B45 08
00416670 |. 50
00416671 |. E8 EA42FFFF
00416676 |. 83C4 08
00416679 |> 68 409A4000
ystemInfo.409A40
0041667E |. 8B4D 08
00416681 |. E8 AAF4FEFF
fo.00405B30
00416686 |. 68 77874400
ystemInfo.448777
0041668B |. 8D8D 6CF4FFFF
00416691 |. E8 5A85FFFF
fo.0040EBF0
00416696 |. C745 FC 28000
0041669D |. 8D8D 6CF4FFFF
004166A3 |. 51
004166A4 |. B9 08294500
004166A9 |. E8 F2FDFEFF
fo.004064A0
004166AE |. 8B15 FC284500
004166B4 |. 83C2 01
004166B7 |. 8915 FC284500
004166BD |. 68 74874400
"
004166C2 |. A1 FC284500
004166C7 |. 50
[4528FC] = 0
004166C8 |. 68 D0914400
004166CD |. 8B0D F8284500
004166D3 |. 51
[4528F8] = 0
004166D4 |. B9 08294500
004166D9 |. E8 82F7FEFF
nfo.00405E60
004166DE |. 50
004166DF |. E8 7C42FFFF

ADD EAX,1
MOV DWORD PTR SS:[EBP-34],EAX
TEST EDX,EDX
JLE SHORT 00416637
MOV DWORD PTR SS:[EBP-1600],OFFSET 00448 ; ASCII ",
JMP SHORT 00416641
MOV DWORD PTR SS:[EBP-1600],OFFSET 00448
PUSH OFFSET 00448CDC
; ASCII "Sl
MOV ECX,DWORD PTR SS:[EBP-1600]
PUSH ECX
MOV EDX,DWORD PTR SS:[EBP+8]
PUSH EDX
CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
CMP DWORD PTR SS:[EBP-34],0
JNE SHORT 00416679
PUSH OFFSET 00448D84

; ASCII "No

MOV EAX,DWORD PTR SS:[EBP+8]


PUSH EAX
CALL 0040A960
ADD ESP,8
PUSH 00409A40

; /Arg1 = S

MOV ECX,DWORD PTR SS:[EBP+8]


CALL 00405B30

; |
; \SystemIn

PUSH OFFSET 00448777

; /Arg1 = S

LEA ECX,[EBP-0B94]
CALL 0040EBF0

; |
; \SystemIn

MOV DWORD PTR SS:[EBP-4],28


LEA ECX,[EBP-0B94]
PUSH ECX
MOV ECX,OFFSET 00452908
CALL 004064A0

; /Arg1
; |
; \SystemIn

MOV EDX,DWORD PTR DS:[4528FC]


ADD EDX,1
MOV DWORD PTR DS:[4528FC],EDX
PUSH OFFSET 00448774

; ASCII ".

MOV EAX,DWORD PTR DS:[4528FC]


PUSH EAX

; /Arg1 =>

PUSH OFFSET 004491D0


MOV ECX,DWORD PTR DS:[4528F8]
PUSH ECX

; |
; |
; |/Arg1 =>

MOV ECX,OFFSET 00452908


CALL 00405E60

; ||
; |\SystemI

PUSH EAX
CALL 0040A960

; |
; |

004166E4 |. 83C4 08
004166E7 |. 8BC8
004166E9 |. E8 72F7FEFF
fo.00405E60
004166EE |. 50
004166EF |. E8 6C42FFFF
004166F4 |. 83C4 08
004166F7 |. 8D95 50F4FFFF
004166FD |. 52
004166FE |. B9 08294500
00416703 |. E8 58FDFEFF
fo.00406460
00416708 |. 8985 FCE9FFFF
0041670E |. 8B85 FCE9FFFF
00416714 |. 8985 F8E9FFFF
0041671A |. C645 FC 29
0041671E |. 6A 2B
SM_CMOUSEBUTTONS
00416720 |. FF15 F8814400
etSystemMetrics
00416726 |. 50
00416727 |. 6A 20
20
00416729 |. 8D8D 93F4FFFF
0041672F |. 51
00416730 |. E8 DB46FFFF
nfo.0040AE10
00416735 |. 83C4 08
00416738 |. 50
00416739 |. 68 009A4000
SystemInfo.409A00
0041673E |. 68 C48C4400
"Number of Mouse Buttons"
00416743 |. 68 C0994000
= SystemInfo.4099C0
00416748 |. 6A 2E
= 2E
0041674A |. 8D95 92F4FFFF
00416750 |. 52
00416751 |. E8 BA46FFFF
emInfo.0040AE10
00416756 |. 83C4 08
00416759 |. 50
0041675A |. 6A 23
2 = 23
0041675C |. 8D85 88F4FFFF
00416762 |. 50
1
00416763 |. E8 30700100
temInfo.0042D798
00416768 |. 83C4 08
0041676B |. 50
2
0041676C |. 68 009A4000
g1 = SystemInfo.409A00
00416771 |. 8B8D F8E9FFFF
00416777 |. 51
00416778 |. 6A 06
rg2 = 6
0041677A |. 8D95 48F4FFFF

ADD ESP,8
MOV ECX,EAX
CALL 00405E60

; |
; |
; \SystemIn

PUSH EAX
CALL 0040A960
ADD ESP,8
LEA EDX,[EBP-0BB0]
PUSH EDX
MOV ECX,OFFSET 00452908
CALL 00406460

; /Arg1
; |
; \SystemIn

MOV DWORD PTR SS:[EBP-1604],EAX


MOV EAX,DWORD PTR SS:[EBP-1604]
MOV DWORD PTR SS:[EBP-1608],EAX
MOV BYTE PTR SS:[EBP-4],29
PUSH 2B

; /Index =

CALL DWORD PTR DS:[<&USER32.GetSystemMet ; \USER32.G


PUSH EAX
PUSH 20

; /Arg1
; |/Arg2 =

LEA ECX,[EBP-0B6D]
PUSH ECX
CALL 0040AE10

; ||
; ||Arg1
; |\SystemI

ADD ESP,8
PUSH EAX
PUSH 00409A00

; |
; |/Arg2
; ||/Arg1 =

PUSH OFFSET 00448CC4

; |||ASCII

PUSH 004099C0

; |||/Arg1

PUSH 2E

; ||||/Arg2

LEA EDX,[EBP-0B6E]
PUSH EDX
CALL 0040AE10

; |||||
; |||||Arg1
; ||||\Syst

ADD ESP,8
PUSH EAX
PUSH 23

; ||||
; ||||/Arg2
; |||||/Arg

LEA EAX,[EBP-0B78]
PUSH EAX

; ||||||
; ||||||Arg

CALL 0042D798

; |||||\Sys

ADD ESP,8
PUSH EAX

; |||||
; |||||/Arg

PUSH 00409A00

; ||||||/Ar

MOV ECX,DWORD PTR SS:[EBP-1608]


PUSH ECX
PUSH 6

; |||||||
; |||||||
; |||||||/A

LEA EDX,[EBP-0BB8]

; ||||||||

00416780 |. 52
rg1
00416781 |. E8 12700100
ystemInfo.0042D798
00416786 |. 83C4 08
00416789 |. 50
rg2
0041678A |. 68 C0994000
Arg1 = SystemInfo.4099C0
0041678F |. 8B4D 08
00416792 |. E8 B9F3FEFF
SystemInfo.00405B50
00416797 |. 50
rg1
00416798 |. E8 8341FFFF
ystemInfo.0040A920
0041679D |. 83C4 08
004167A0 |. 50
004167A1 |. E8 BA46FFFF
004167A6 |. 83C4 08
004167A9 |. 8BC8
004167AB |. E8 A0F3FEFF
stemInfo.00405B50
004167B0 |. 50
1
004167B1 |. E8 6A41FFFF
temInfo.0040A920
004167B6 |. 83C4 08
004167B9 |. 50
004167BA |. E8 6146FFFF
emInfo.0040AE20
004167BF |. 83C4 08
004167C2 |. 8BC8
004167C4 |. E8 87F3FEFF
mInfo.00405B50
004167C9 |. 50
004167CA |. E8 9141FFFF
004167CF |. 83C4 08
004167D2 |. 8BC8
004167D4 |. E8 77F3FEFF
Info.00405B50
004167D9 |. 50
004167DA |. E8 4146FFFF
nfo.0040AE20
004167DF |. 83C4 08
004167E2 |. 8BC8
004167E4 |. E8 77F6FEFF
fo.00405E60
004167E9 |. C645 FC 28
004167ED |. 8D8D 50F4FFFF
004167F3 |. E8 D884FFFF
fo.0040ECD0
004167F8 |. C745 FC FFFFF
004167FF |. 8D8D 6CF4FFFF
00416805 |. E8 C684FFFF
fo.0040ECD0
0041680A |. 6A 2B
SM_CMOUSEBUTTONS
0041680C |. FF15 F8814400
etSystemMetrics

PUSH EDX

; ||||||||A

CALL 0042D798

; |||||||\S

ADD ESP,8
PUSH EAX

; |||||||
; |||||||/A

PUSH 004099C0

; ||||||||/

MOV ECX,DWORD PTR SS:[EBP+8]


CALL 00405B50

; |||||||||
; ||||||||\

PUSH EAX

; ||||||||A

CALL 0040A920

; |||||||\S

ADD ESP,8
PUSH EAX
CALL 0040AE60
ADD ESP,8
MOV ECX,EAX
CALL 00405B50

;
;
;
;
;
;

PUSH EAX

; ||||||Arg

CALL 0040A920

; |||||\Sys

ADD ESP,8
PUSH EAX
CALL 0040AE20

; |||||
; |||||Arg1
; ||||\Syst

ADD ESP,8
MOV ECX,EAX
CALL 00405B50

; ||||
; ||||
; |||\Syste

PUSH EAX
CALL 0040A960
ADD ESP,8
MOV ECX,EAX
CALL 00405B50

;
;
;
;
;

PUSH EAX
CALL 0040AE20

; ||Arg1
; |\SystemI

ADD ESP,8
MOV ECX,EAX
CALL 00405E60

; |
; |
; \SystemIn

MOV BYTE PTR SS:[EBP-4],28


LEA ECX,[EBP-0BB0]
CALL 0040ECD0

; [SystemIn

MOV DWORD PTR SS:[EBP-4],-1


LEA ECX,[EBP-0B94]
CALL 0040ECD0

; [SystemIn

PUSH 2B

; /Index =

|||||||
|||||||
|||||||
|||||||
|||||||
||||||\Sy

|||
|||
|||
|||
||\System

CALL DWORD PTR DS:[<&USER32.GetSystemMet ; \USER32.G

00416812 |. 85C0
00416814 |. 75 11
00416816 |. 68 AC8C4400
no mouse installed)"
0041681B |. 8B45 08
0041681E |. 50
0041681F |. E8 3C41FFFF
00416824 |. 83C4 08
00416827 |> 68 409A4000
ystemInfo.409A40
0041682C |. 8B4D 08
0041682F |. E8 FCF2FEFF
fo.00405B30
00416834 |. 8D8D 34FFFFFF
0041683A |. 51
nfo
0041683B |. FF15 60804400
.GetSystemInfo
00416841 |. 68 77874400
ystemInfo.448777
00416846 |. 8D8D 20F4FFFF
0041684C |. E8 9F83FFFF
fo.0040EBF0
00416851 |. C745 FC 2A000
00416858 |. 8D95 20F4FFFF
0041685E |. 52
0041685F |. B9 08294500
00416864 |. E8 37FCFEFF
fo.004064A0
00416869 |. A1 FC284500
0041686E |. 83C0 01
00416871 |. A3 FC284500
00416876 |. 68 74874400
"
0041687B |. 8B0D FC284500
00416881 |. 51
[4528FC] = 0
00416882 |. 68 D0914400
00416887 |. 8B15 F8284500
0041688D |. 52
[4528F8] = 0
0041688E |. B9 08294500
00416893 |. E8 C8F5FEFF
nfo.00405E60
00416898 |. 50
00416899 |. E8 C240FFFF
0041689E |. 83C4 08
004168A1 |. 8BC8
004168A3 |. E8 B8F5FEFF
fo.00405E60
004168A8 |. 50
004168A9 |. E8 B240FFFF
004168AE |. 83C4 08
004168B1 |. 8D85 04F4FFFF
004168B7 |. 50
004168B8 |. B9 08294500
004168BD |. E8 9EFBFEFF
fo.00406460
004168C2 |. 8985 F4E9FFFF
004168C8 |. 8B8D F4E9FFFF

TEST EAX,EAX
JNE SHORT 00416827
PUSH OFFSET 00448CAC

; ASCII " (

MOV EAX,DWORD PTR SS:[EBP+8]


PUSH EAX
CALL 0040A960
ADD ESP,8
PUSH 00409A40

; /Arg1 = S

MOV ECX,DWORD PTR SS:[EBP+8]


CALL 00405B30

; |
; \SystemIn

LEA ECX,[EBP-0CC]
PUSH ECX

; /pSystemi

CALL DWORD PTR DS:[<&KERNEL32.GetSystemI ; \KERNEL32


PUSH OFFSET 00448777

; /Arg1 = S

LEA ECX,[EBP-0BE0]
CALL 0040EBF0

; |
; \SystemIn

MOV DWORD PTR SS:[EBP-4],2A


LEA EDX,[EBP-0BE0]
PUSH EDX
MOV ECX,OFFSET 00452908
CALL 004064A0

; /Arg1
; |
; \SystemIn

MOV EAX,DWORD PTR DS:[4528FC]


ADD EAX,1
MOV DWORD PTR DS:[4528FC],EAX
PUSH OFFSET 00448774

; ASCII ".

MOV ECX,DWORD PTR DS:[4528FC]


PUSH ECX

; /Arg1 =>

PUSH OFFSET 004491D0


MOV EDX,DWORD PTR DS:[4528F8]
PUSH EDX

; |
; |
; |/Arg1 =>

MOV ECX,OFFSET 00452908


CALL 00405E60

; ||
; |\SystemI

PUSH EAX
CALL 0040A960
ADD ESP,8
MOV ECX,EAX
CALL 00405E60

;
;
;
;
;

PUSH EAX
CALL 0040A960
ADD ESP,8
LEA EAX,[EBP-0BFC]
PUSH EAX
MOV ECX,OFFSET 00452908
CALL 00406460

; /Arg1
; |
; \SystemIn

MOV DWORD PTR SS:[EBP-160C],EAX


MOV ECX,DWORD PTR SS:[EBP-160C]

|
|
|
|
\SystemIn

004168CE |. 898D F0E9FFFF


004168D4 |. C645 FC 2B
004168D8 |. 68 409A4000
ystemInfo.409A40
004168DD |. 8B95 48FFFFFF
004168E3 |. 52
004168E4 |. 6A 20
20
004168E6 |. 8D85 47F4FFFF
004168EC |. 50
004168ED |. E8 1E45FFFF
Info.0040AE10
004168F2 |. 83C4 08
004168F5 |. 50
004168F6 |. 68 009A4000
= SystemInfo.409A00
004168FB |. 68 948C4400
"Number of Processors"
00416900 |. 68 C0994000
= SystemInfo.4099C0
00416905 |. 6A 2E
2 = 2E
00416907 |. 8D8D 46F4FFFF
0041690D |. 51
1
0041690E |. E8 FD44FFFF
temInfo.0040AE10
00416913 |. 83C4 08
00416916 |. 50
2
00416917 |. 6A 23
g2 = 23
00416919 |. 8D95 3CF4FFFF
0041691F |. 52
g1
00416920 |. E8 736E0100
stemInfo.0042D798
00416925 |. 83C4 08
00416928 |. 50
g2
00416929 |. 68 009A4000
rg1 = SystemInfo.409A00
0041692E |. 8B85 F0E9FFFF
00416934 |. 50
00416935 |. 6A 06
Arg2 = 6
00416937 |. 8D8D FCF3FFFF
0041693D |. 51
Arg1
0041693E |. E8 556E0100
SystemInfo.0042D798
00416943 |. 83C4 08
00416946 |. 50
Arg2
00416947 |. 68 C0994000
/Arg1 = SystemInfo.4099C0
0041694C |. 8B4D 08
|
0041694F |. E8 FCF1FEFF
\SystemInfo.00405B50

MOV DWORD PTR SS:[EBP-1610],ECX


MOV BYTE PTR SS:[EBP-4],2B
PUSH 00409A40

; /Arg1 = S

MOV EDX,DWORD PTR SS:[EBP-0B8]


PUSH EDX
PUSH 20

; |
; |/Arg1
; ||/Arg2 =

LEA EAX,[EBP-0BB9]
PUSH EAX
CALL 0040AE10

; |||
; |||Arg1
; ||\System

ADD ESP,8
PUSH EAX
PUSH 00409A00

; ||
; ||/Arg2
; |||/Arg1

PUSH OFFSET 00448C94

; ||||ASCII

PUSH 004099C0

; ||||/Arg1

PUSH 2E

; |||||/Arg

LEA ECX,[EBP-0BBA]
PUSH ECX

; ||||||
; ||||||Arg

CALL 0040AE10

; |||||\Sys

ADD ESP,8
PUSH EAX

; |||||
; |||||/Arg

PUSH 23

; ||||||/Ar

LEA EDX,[EBP-0BC4]
PUSH EDX

; |||||||
; |||||||Ar

CALL 0042D798

; ||||||\Sy

ADD ESP,8
PUSH EAX

; ||||||
; ||||||/Ar

PUSH 00409A00

; |||||||/A

MOV EAX,DWORD PTR SS:[EBP-1610]


PUSH EAX
PUSH 6

; ||||||||
; ||||||||
; ||||||||/

LEA ECX,[EBP-0C04]
PUSH ECX

; |||||||||
; |||||||||

CALL 0042D798

; ||||||||\

ADD ESP,8
PUSH EAX

; ||||||||
; ||||||||/

PUSH 004099C0

; |||||||||

MOV ECX,DWORD PTR SS:[EBP+8]

; |||||||||

CALL 00405B50

; |||||||||

00416954 |. 50
Arg1
00416955 |. E8 C63FFFFF
SystemInfo.0040A920
0041695A |. 83C4 08
0041695D |. 50
0041695E |. E8 FD44FFFF
00416963 |. 83C4 08
00416966 |. 8BC8
00416968 |. E8 E3F1FEFF
ystemInfo.00405B50
0041696D |. 50
g1
0041696E |. E8 AD3FFFFF
stemInfo.0040A920
00416973 |. 83C4 08
00416976 |. 50
1
00416977 |. E8 A444FFFF
temInfo.0040AE20
0041697C |. 83C4 08
0041697F |. 8BC8
00416981 |. E8 CAF1FEFF
emInfo.00405B50
00416986 |. 50
00416987 |. E8 D43FFFFF
0041698C |. 83C4 08
0041698F |. 8BC8
00416991 |. E8 BAF1FEFF
mInfo.00405B50
00416996 |. 50
00416997 |. E8 8444FFFF
Info.0040AE20
0041699C |. 83C4 08
0041699F |. 8BC8
004169A1 |. E8 EAF7FEFF
nfo.00406190
004169A6 |. 8BC8
004169A8 |. E8 83F1FEFF
fo.00405B30
004169AD |. C645 FC 2A
004169B1 |. 8D8D 04F4FFFF
004169B7 |. E8 1483FFFF
fo.0040ECD0
004169BC |. C745 FC FFFFF
004169C3 |. 8D8D 20F4FFFF
004169C9 |. E8 0283FFFF
fo.0040ECD0
004169CE |. 68 77874400
ystemInfo.448777
004169D3 |. 8D8D D4F3FFFF
004169D9 |. E8 1282FFFF
fo.0040EBF0
004169DE |. C745 FC 2C000
004169E5 |. 8D95 D4F3FFFF
004169EB |. 52
004169EC |. B9 08294500
004169F1 |. E8 AAFAFEFF
fo.004064A0
004169F6 |. A1 FC284500

PUSH EAX

; |||||||||

CALL 0040A920

; ||||||||\

ADD ESP,8
PUSH EAX
CALL 0040AE60
ADD ESP,8
MOV ECX,EAX
CALL 00405B50

;
;
;
;
;
;

PUSH EAX

; |||||||Ar

CALL 0040A920

; ||||||\Sy

ADD ESP,8
PUSH EAX

; ||||||
; ||||||Arg

CALL 0040AE20

; |||||\Sys

ADD ESP,8
MOV ECX,EAX
CALL 00405B50

; |||||
; |||||
; ||||\Syst

PUSH EAX
CALL 0040A960
ADD ESP,8
MOV ECX,EAX
CALL 00405B50

;
;
;
;
;

PUSH EAX
CALL 0040AE20

; |||Arg1
; ||\System

ADD ESP,8
MOV ECX,EAX
CALL 00406190

; ||
; ||
; |\SystemI

MOV ECX,EAX
CALL 00405B30

; |
; \SystemIn

MOV BYTE PTR SS:[EBP-4],2A


LEA ECX,[EBP-0BFC]
CALL 0040ECD0

; [SystemIn

MOV DWORD PTR SS:[EBP-4],-1


LEA ECX,[EBP-0BE0]
CALL 0040ECD0

; [SystemIn

PUSH OFFSET 00448777

; /Arg1 = S

LEA ECX,[EBP-0C2C]
CALL 0040EBF0

; |
; \SystemIn

MOV DWORD PTR SS:[EBP-4],2C


LEA EDX,[EBP-0C2C]
PUSH EDX
MOV ECX,OFFSET 00452908
CALL 004064A0

; /Arg1
; |
; \SystemIn

MOV EAX,DWORD PTR DS:[4528FC]

||||||||
||||||||
||||||||
||||||||
||||||||
|||||||\S

||||
||||
||||
||||
|||\Syste

004169FB |. 83C0 01
004169FE |. A3 FC284500
00416A03 |. 68 74874400
"
00416A08 |. 8B0D FC284500
00416A0E |. 51
[4528FC] = 0
00416A0F |. 68 D0914400
00416A14 |. 8B15 F8284500
00416A1A |. 52
[4528F8] = 0
00416A1B |. B9 08294500
00416A20 |. E8 3BF4FEFF
nfo.00405E60
00416A25 |. 50
00416A26 |. E8 353FFFFF
00416A2B |. 83C4 08
00416A2E |. 8BC8
00416A30 |. E8 2BF4FEFF
fo.00405E60
00416A35 |. 50
00416A36 |. E8 253FFFFF
00416A3B |. 83C4 08
00416A3E |. 8D85 B8F3FFFF
00416A44 |. 50
00416A45 |. B9 08294500
00416A4A |. E8 11FAFEFF
fo.00406460
00416A4F |. 8985 ECE9FFFF
00416A55 |. 8B8D ECE9FFFF
00416A5B |. 898D E8E9FFFF
00416A61 |. C645 FC 2D
00416A65 |. 6A 20
0
00416A67 |. 8D95 FBF3FFFF
00416A6D |. 52
00416A6E |. E8 9D43FFFF
fo.0040AE10
00416A73 |. 83C4 08
00416A76 |. 50
00416A77 |. 68 009A4000
SystemInfo.409A00
00416A7C |. 68 848C4400
Processor Type"
00416A81 |. 68 C0994000
SystemInfo.4099C0
00416A86 |. 6A 2E
= 2E
00416A88 |. 8D85 FAF3FFFF
00416A8E |. 50
00416A8F |. E8 7C43FFFF
mInfo.0040AE10
00416A94 |. 83C4 08
00416A97 |. 50
00416A98 |. 6A 23
= 23
00416A9A |. 8D8D F0F3FFFF
00416AA0 |. 51
00416AA1 |. E8 F26C0100
emInfo.0042D798

ADD EAX,1
MOV DWORD PTR DS:[4528FC],EAX
PUSH OFFSET 00448774

; ASCII ".

MOV ECX,DWORD PTR DS:[4528FC]


PUSH ECX

; /Arg1 =>

PUSH OFFSET 004491D0


MOV EDX,DWORD PTR DS:[4528F8]
PUSH EDX

; |
; |
; |/Arg1 =>

MOV ECX,OFFSET 00452908


CALL 00405E60

; ||
; |\SystemI

PUSH EAX
CALL 0040A960
ADD ESP,8
MOV ECX,EAX
CALL 00405E60

;
;
;
;
;

PUSH EAX
CALL 0040A960
ADD ESP,8
LEA EAX,[EBP-0C48]
PUSH EAX
MOV ECX,OFFSET 00452908
CALL 00406460

; /Arg1
; |
; \SystemIn

MOV DWORD PTR SS:[EBP-1614],EAX


MOV ECX,DWORD PTR SS:[EBP-1614]
MOV DWORD PTR SS:[EBP-1618],ECX
MOV BYTE PTR SS:[EBP-4],2D
PUSH 20

; /Arg2 = 2

LEA EDX,[EBP-0C05]
PUSH EDX
CALL 0040AE10

; |
; |Arg1
; \SystemIn

ADD ESP,8
PUSH EAX
PUSH 00409A00

; /Arg2
; |/Arg1 =

PUSH OFFSET 00448C84

; ||ASCII "

PUSH 004099C0

; ||/Arg1 =

PUSH 2E

; |||/Arg2

LEA EAX,[EBP-0C06]
PUSH EAX
CALL 0040AE10

; ||||
; ||||Arg1
; |||\Syste

ADD ESP,8
PUSH EAX
PUSH 23

; |||
; |||/Arg2
; ||||/Arg2

LEA ECX,[EBP-0C10]
PUSH ECX
CALL 0042D798

; |||||
; |||||Arg1
; ||||\Syst

|
|
|
|
\SystemIn

00416AA6 |. 83C4 08
00416AA9 |. 50
00416AAA |. 68 009A4000
1 = SystemInfo.409A00
00416AAF |. 8B95 E8E9FFFF
00416AB5 |. 52
00416AB6 |. 6A 06
g2 = 6
00416AB8 |. 8D85 B0F3FFFF
00416ABE |. 50
g1
00416ABF |. E8 D46C0100
stemInfo.0042D798
00416AC4 |. 83C4 08
00416AC7 |. 50
g2
00416AC8 |. 68 C0994000
rg1 = SystemInfo.4099C0
00416ACD |. 8B4D 08
00416AD0 |. E8 7BF0FEFF
ystemInfo.00405B50
00416AD5 |. 50
g1
00416AD6 |. E8 453EFFFF
stemInfo.0040A920
00416ADB |. 83C4 08
00416ADE |. 50
00416ADF |. E8 7C43FFFF
00416AE4 |. 83C4 08
00416AE7 |. 8BC8
00416AE9 |. E8 62F0FEFF
temInfo.00405B50
00416AEE |. 50
00416AEF |. E8 2C3EFFFF
emInfo.0040A920
00416AF4 |. 83C4 08
00416AF7 |. 50
00416AF8 |. E8 2343FFFF
mInfo.0040AE20
00416AFD |. 83C4 08
00416B00 |. 8BC8
00416B02 |. E8 49F0FEFF
Info.00405B50
00416B07 |. 50
00416B08 |. E8 533EFFFF
00416B0D |. 83C4 08
00416B10 |. 8BC8
00416B12 |. E8 39F0FEFF
nfo.00405B50
00416B17 |. 50
00416B18 |. E8 0343FFFF
fo.0040AE20
00416B1D |. 83C4 08
00416B20 |. C645 FC 2C
00416B24 |. 8D8D B8F3FFFF
00416B2A |. E8 A181FFFF
fo.0040ECD0
00416B2F |. C745 FC FFFFF
00416B36 |. 8D8D D4F3FFFF
00416B3C |. E8 8F81FFFF

ADD ESP,8
PUSH EAX
PUSH 00409A00

; ||||
; ||||/Arg2
; |||||/Arg

MOV EDX,DWORD PTR SS:[EBP-1618]


PUSH EDX
PUSH 6

; ||||||
; ||||||
; ||||||/Ar

LEA EAX,[EBP-0C50]
PUSH EAX

; |||||||
; |||||||Ar

CALL 0042D798

; ||||||\Sy

ADD ESP,8
PUSH EAX

; ||||||
; ||||||/Ar

PUSH 004099C0

; |||||||/A

MOV ECX,DWORD PTR SS:[EBP+8]


CALL 00405B50

; ||||||||
; |||||||\S

PUSH EAX

; |||||||Ar

CALL 0040A920

; ||||||\Sy

ADD ESP,8
PUSH EAX
CALL 0040AE60
ADD ESP,8
MOV ECX,EAX
CALL 00405B50

;
;
;
;
;
;

PUSH EAX
CALL 0040A920

; |||||Arg1
; ||||\Syst

ADD ESP,8
PUSH EAX
CALL 0040AE20

; ||||
; ||||Arg1
; |||\Syste

ADD ESP,8
MOV ECX,EAX
CALL 00405B50

; |||
; |||
; ||\System

PUSH EAX
CALL 0040A960
ADD ESP,8
MOV ECX,EAX
CALL 00405B50

;
;
;
;
;

PUSH EAX
CALL 0040AE20

; |Arg1
; \SystemIn

ADD ESP,8
MOV BYTE PTR SS:[EBP-4],2C
LEA ECX,[EBP-0C48]
CALL 0040ECD0

; [SystemIn

MOV DWORD PTR SS:[EBP-4],-1


LEA ECX,[EBP-0C2C]
CALL 0040ECD0

; [SystemIn

||||||
||||||
||||||
||||||
||||||
|||||\Sys

||
||
||
||
|\SystemI

fo.0040ECD0
00416B41 |. 0FB78D 34FFFF
00416B48 |. 898D E4E9FFFF
00416B4E |. 81BD E4E9FFFF
00416B58 |. 7F 2A
00416B5A |. 81BD E4E9FFFF
00416B64 |. 0F84 460A0000
00416B6A |. 83BD E4E9FFFF
00416B71 |. 0F87 4C0A0000
00416B77 |. 8B95 E4E9FFFF
00416B7D \. FF2495 447A41
00416B84 > E9 3A0A0000
00416B89 /> 0FB785 54FFFF
00416B90 |. 83F8 03
00416B93 |. 75 0F
00416B95 |. C785 E0E9FFFF
tel 80386"
00416B9F |. E9 E8000000
00416BA4 |> 0FB78D 54FFFF
00416BAB |. 83F9 04
00416BAE |. 75 0F
00416BB0 |. C785 DCE9FFFF
tel 80486"
00416BBA |. E9 C1000000
00416BBF |> 0FB795 54FFFF
00416BC6 |. 83FA 05
00416BC9 |. 75 0F
00416BCB |. C785 D8E9FFFF
tel Pentium"
00416BD5 |. E9 9A000000
00416BDA |> 0FB785 54FFFF
00416BE1 |. 83F8 06
00416BE4 |. 75 0C
00416BE6 |. C785 D4E9FFFF
tel Pentium II or higher"
00416BF0 |. EB 76
00416BF2 |> 81BD 4CFFFFFF
00416BFC |. 75 0C
00416BFE |. C785 D0E9FFFF
tel 80386"
00416C08 |. EB 52
00416C0A |> 81BD 4CFFFFFF
00416C14 |. 75 0C
00416C16 |. C785 CCE9FFFF
tel 80486"
00416C20 |. EB 2E
00416C22 |> 81BD 4CFFFFFF
00416C2C |. 75 0C
00416C2E |. C785 C8E9FFFF
tel Pentium"
00416C38 |. EB 0A
00416C3A |> C785 C8E9FFFF
known Intel processor"
00416C44 |> 8B8D C8E9FFFF
00416C4A |. 898D CCE9FFFF
00416C50 |> 8B95 CCE9FFFF
00416C56 |. 8995 D0E9FFFF
00416C5C |> 8B85 D0E9FFFF
00416C62 |. 8985 D4E9FFFF
00416C68 |> 8B8D D4E9FFFF

MOVZX ECX,WORD PTR SS:[EBP-0CC]


MOV DWORD PTR SS:[EBP-161C],ECX
CMP DWORD PTR SS:[EBP-161C],0FFFF
JG SHORT 00416B84
CMP DWORD PTR SS:[EBP-161C],0FFFF
JE 004175B0
CMP DWORD PTR SS:[EBP-161C],0A
JA 004175C3
MOV EDX,DWORD PTR SS:[EBP-161C]
JMP DWORD PTR DS:[EDX*4+417A44]
JMP 004175C3
MOVZX EAX,WORD PTR SS:[EBP-0AC]
CMP EAX,3
JNE SHORT 00416BA4
MOV DWORD PTR SS:[EBP-1620],OFFSET 00448 ; ASCII "In
JMP 00416C8C
MOVZX ECX,WORD PTR SS:[EBP-0AC]
CMP ECX,4
JNE SHORT 00416BBF
MOV DWORD PTR SS:[EBP-1624],OFFSET 00448 ; ASCII "In
JMP 00416C80
MOVZX EDX,WORD PTR SS:[EBP-0AC]
CMP EDX,5
JNE SHORT 00416BDA
MOV DWORD PTR SS:[EBP-1628],OFFSET 00448 ; ASCII "In
JMP 00416C74
MOVZX EAX,WORD PTR SS:[EBP-0AC]
CMP EAX,6
JNE SHORT 00416BF2
MOV DWORD PTR SS:[EBP-162C],OFFSET 00448 ; ASCII "In
JMP
CMP
JNE
MOV

SHORT
DWORD
SHORT
DWORD

00416C68
PTR SS:[EBP-0B4],182
00416C0A
PTR SS:[EBP-1630],OFFSET 00448 ; ASCII "In

JMP
CMP
JNE
MOV

SHORT
DWORD
SHORT
DWORD

00416C5C
PTR SS:[EBP-0B4],1E6
00416C22
PTR SS:[EBP-1634],OFFSET 00448 ; ASCII "In

JMP
CMP
JNE
MOV

SHORT
DWORD
SHORT
DWORD

00416C50
PTR SS:[EBP-0B4],24A
00416C3A
PTR SS:[EBP-1638],OFFSET 00448 ; ASCII "In

JMP SHORT 00416C44


MOV DWORD PTR SS:[EBP-1638],OFFSET 00448 ; ASCII "Un
MOV
MOV
MOV
MOV
MOV
MOV
MOV

ECX,DWORD
DWORD PTR
EDX,DWORD
DWORD PTR
EAX,DWORD
DWORD PTR
ECX,DWORD

PTR SS:[EBP-1638]
SS:[EBP-1634],ECX
PTR SS:[EBP-1634]
SS:[EBP-1630],EDX
PTR SS:[EBP-1630]
SS:[EBP-162C],EAX
PTR SS:[EBP-162C]

00416C6E |. 898D D8E9FFFF


00416C74 |> 8B95 D8E9FFFF
00416C7A |. 8995 DCE9FFFF
00416C80 |> 8B85 DCE9FFFF
00416C86 |. 8985 E0E9FFFF
00416C8C |> 8B8D E0E9FFFF
00416C92 |. 51
00416C93 |. 8B55 08
00416C96 |. 52
00416C97 |. E8 C43CFFFF
00416C9C |. 83C4 08
00416C9F |. 0FB785 56FFFF
00416CA6 |. C1E8 08
00416CA9 |. 25 FF000000
00416CAE |. 66:0FB6C8
00416CB2 |. 66:898D ECFAF
00416CB9 |. 0FB795 56FFFF
00416CC0 |. 81E2 FF000000
00416CC6 |. 66:0FB6C2
00416CCA |. 66:8985 F0FAF
00416CD1 |. 0FB78D 54FFFF
00416CD8 |. 83F9 03
00416CDB |. 74 28
00416CDD |. 0FB795 54FFFF
00416CE4 |. 83FA 04
00416CE7 |. 74 1C
00416CE9 |. 81BD 4CFFFFFF
00416CF3 |. 74 10
00416CF5 |. 81BD 4CFFFFFF
00416CFF |. 0F85 8D000000
00416D05 |> 0FB785 ECFAFF
00416D0C |. 3D FF000000
00416D11 |. 75 43
00416D13 |. 0FB78D F0FAFF
00416D1A |. 83E1 0F
00416D1D |. 51
00416D1E |. 0FB795 F0FAFF
00416D25 |. C1FA 04
00416D28 |. 52
00416D29 |. 68 A0F84100
SystemInfo.41F8A0
00416D2E |. 68 248C4400
00416D33 |. 8B45 08
00416D36 |. 50
00416D37 |. E8 243CFFFF
00416D3C |. 83C4 08
00416D3F |. 8BC8
00416D41 |. E8 0AEEFEFF
Info.00405B50
00416D46 |. 8BC8
00416D48 |. E8 13F1FEFF
nfo.00405E60
00416D4D |. 8BC8
00416D4F |. E8 0CF1FEFF
fo.00405E60
00416D54 |. EB 37
00416D56 |> 0FB78D F0FAFF
00416D5D |. 51
00416D5E |. 0FB795 ECFAFF
00416D65 |. 81C2 60874400

MOV DWORD PTR SS:[EBP-1628],ECX


MOV EDX,DWORD PTR SS:[EBP-1628]
MOV DWORD PTR SS:[EBP-1624],EDX
MOV EAX,DWORD PTR SS:[EBP-1624]
MOV DWORD PTR SS:[EBP-1620],EAX
MOV ECX,DWORD PTR SS:[EBP-1620]
PUSH ECX
MOV EDX,DWORD PTR SS:[EBP+8]
PUSH EDX
CALL 0040A960
ADD ESP,8
MOVZX EAX,WORD PTR SS:[EBP-0AA]
SHR EAX,8
AND EAX,000000FF
MOVZX CX,AL
MOV WORD PTR SS:[EBP-514],CX
MOVZX EDX,WORD PTR SS:[EBP-0AA]
AND EDX,000000FF
MOVZX AX,DL
MOV WORD PTR SS:[EBP-510],AX
MOVZX ECX,WORD PTR SS:[EBP-0AC]
CMP ECX,3
JE SHORT 00416D05
MOVZX EDX,WORD PTR SS:[EBP-0AC]
CMP EDX,4
JE SHORT 00416D05
CMP DWORD PTR SS:[EBP-0B4],182
JE SHORT 00416D05
CMP DWORD PTR SS:[EBP-0B4],1E6
JNE 00416D92
MOVZX EAX,WORD PTR SS:[EBP-514]
CMP EAX,0FF
JNE SHORT 00416D56
MOVZX ECX,WORD PTR SS:[EBP-510]
AND ECX,0000000F
PUSH ECX
MOVZX EDX,WORD PTR SS:[EBP-510]
SAR EDX,4
PUSH EDX
PUSH 0041F8A0

;
;
;
;
;

/Arg1
|
|
|/Arg1
||/Arg1 =

PUSH OFFSET 00448C24


MOV EAX,DWORD PTR SS:[EBP+8]
PUSH EAX
CALL 0040A960
ADD ESP,8
MOV ECX,EAX
CALL 00405B50

;
;
;
;
;
;
;

|||
|||
|||
|||
|||
|||
||\System

MOV ECX,EAX
CALL 00405E60

; ||
; |\SystemI

MOV ECX,EAX
CALL 00405E60

; |
; \SystemIn

JMP SHORT 00416D8D


MOVZX ECX,WORD PTR SS:[EBP-510]
PUSH ECX
MOVZX EDX,WORD PTR SS:[EBP-514]
ADD EDX,OFFSET 00448760

; /Arg1
; |
; |

00416D6B |. 52
00416D6C |. 68 248C4400
00416D71 |. 8B45 08
00416D74 |. 50
00416D75 |. E8 E63BFFFF
00416D7A |. 83C4 08
00416D7D |. 50
00416D7E |. E8 DD3BFFFF
00416D83 |. 83C4 08
00416D86 |. 8BC8
00416D88 |. E8 03EEFEFF
fo.00405B90
00416D8D |> E9 6D010000
00416D92 |> 68 409A4000
ystemInfo.409A40
00416D97 |. 8B4D 08
00416D9A |. E8 91EDFEFF
fo.00405B30
00416D9F |. 68 77874400
ystemInfo.448777
00416DA4 |. 8D8D 8CF3FFFF
00416DAA |. E8 417EFFFF
fo.0040EBF0
00416DAF |. C745 FC 2E000
00416DB6 |. 8D8D 8CF3FFFF
00416DBC |. 51
00416DBD |. B9 08294500
00416DC2 |. E8 D9F6FEFF
fo.004064A0
00416DC7 |. 8B15 FC284500
00416DCD |. 83C2 01
00416DD0 |. 8915 FC284500
00416DD6 |. 68 74874400
"
00416DDB |. A1 FC284500
00416DE0 |. 50
[4528FC] = 0
00416DE1 |. 68 D0914400
00416DE6 |. 8B0D F8284500
00416DEC |. 51
[4528F8] = 0
00416DED |. B9 08294500
00416DF2 |. E8 69F0FEFF
nfo.00405E60
00416DF7 |. 50
00416DF8 |. E8 633BFFFF
00416DFD |. 83C4 08
00416E00 |. 8BC8
00416E02 |. E8 59F0FEFF
fo.00405E60
00416E07 |. 50
00416E08 |. E8 533BFFFF
00416E0D |. 83C4 08
00416E10 |. 8D95 70F3FFFF
00416E16 |. 52
00416E17 |. B9 08294500
00416E1C |. E8 3FF6FEFF
fo.00406460
00416E21 |. 8985 C4E9FFFF
00416E27 |. 8B85 C4E9FFFF

PUSH EDX
PUSH OFFSET 00448C24
MOV EAX,DWORD PTR SS:[EBP+8]
PUSH EAX
CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
MOV ECX,EAX
CALL 00405B90

;
;
;
;
;
;
;
;
;
;
;

JMP 00416EFF
PUSH 00409A40

; /Arg1 = S

MOV ECX,DWORD PTR SS:[EBP+8]


CALL 00405B30

; |
; \SystemIn

PUSH OFFSET 00448777

; /Arg1 = S

LEA ECX,[EBP-0C74]
CALL 0040EBF0

; |
; \SystemIn

MOV DWORD PTR SS:[EBP-4],2E


LEA ECX,[EBP-0C74]
PUSH ECX
MOV ECX,OFFSET 00452908
CALL 004064A0

; /Arg1
; |
; \SystemIn

MOV EDX,DWORD PTR DS:[4528FC]


ADD EDX,1
MOV DWORD PTR DS:[4528FC],EDX
PUSH OFFSET 00448774

; ASCII ".

MOV EAX,DWORD PTR DS:[4528FC]


PUSH EAX

; /Arg1 =>

PUSH OFFSET 004491D0


MOV ECX,DWORD PTR DS:[4528F8]
PUSH ECX

; |
; |
; |/Arg1 =>

MOV ECX,OFFSET 00452908


CALL 00405E60

; ||
; |\SystemI

PUSH EAX
CALL 0040A960
ADD ESP,8
MOV ECX,EAX
CALL 00405E60

;
;
;
;
;

PUSH EAX
CALL 0040A960
ADD ESP,8
LEA EDX,[EBP-0C90]
PUSH EDX
MOV ECX,OFFSET 00452908
CALL 00406460

; /Arg1
; |
; \SystemIn

MOV DWORD PTR SS:[EBP-163C],EAX


MOV EAX,DWORD PTR SS:[EBP-163C]

|
|
|
|
|
|
|
|
|
|
\SystemIn

|
|
|
|
\SystemIn

00416E2D |. 8985 C0E9FFFF


00416E33 |. C645 FC 2F
00416E37 |. 0FB78D F0FAFF
00416E3E |. 51
00416E3F |. 68 188C4400
Stepping "
00416E44 |. 0FB795 ECFAFF
00416E4B |. 52
00416E4C |. 68 108C4400
Model "
00416E51 |. 68 80874400
00416E56 |. 6A 23
23
00416E58 |. 8D85 A8F3FFFF
00416E5E |. 50
00416E5F |. E8 34690100
Info.0042D798
00416E64 |. 83C4 08
00416E67 |. 50
00416E68 |. 68 009A4000
= SystemInfo.409A00
00416E6D |. 8B8D C0E9FFFF
00416E73 |. 51
00416E74 |. 6A 06
= 6
00416E76 |. 8D95 68F3FFFF
00416E7C |. 52
00416E7D |. E8 16690100
emInfo.0042D798
00416E82 |. 83C4 08
00416E85 |. 50
00416E86 |. 68 C0994000
1 = SystemInfo.4099C0
00416E8B |. 8B4D 08
00416E8E |. E8 BDECFEFF
temInfo.00405B50
00416E93 |. 50
00416E94 |. E8 873AFFFF
emInfo.0040A920
00416E99 |. 83C4 08
00416E9C |. 50
00416E9D |. E8 BE3FFFFF
00416EA2 |. 83C4 08
00416EA5 |. 8BC8
00416EA7 |. E8 A4ECFEFF
mInfo.00405B50
00416EAC |. 50
00416EAD |. E8 6E3AFFFF
Info.0040A920
00416EB2 |. 83C4 08
00416EB5 |. 50
00416EB6 |. E8 A53AFFFF
00416EBB |. 83C4 08
00416EBE |. 50
00416EBF |. E8 9C3AFFFF
00416EC4 |. 83C4 08
00416EC7 |. 8BC8
00416EC9 |. E8 C2ECFEFF
nfo.00405B90
00416ECE |. 50

MOV DWORD PTR SS:[EBP-1640],EAX


MOV BYTE PTR SS:[EBP-4],2F
MOVZX ECX,WORD PTR SS:[EBP-510]
PUSH ECX
PUSH OFFSET 00448C18

; /Arg1
; |ASCII ",

MOVZX EDX,WORD PTR SS:[EBP-514]


PUSH EDX
PUSH OFFSET 00448C10

; |
; |/Arg1
; ||ASCII "

PUSH OFFSET 00448780


PUSH 23

; ||
; ||/Arg2 =

LEA EAX,[EBP-0C58]
PUSH EAX
CALL 0042D798

; |||
; |||Arg1
; ||\System

ADD ESP,8
PUSH EAX
PUSH 00409A00

; ||
; ||/Arg2
; |||/Arg1

MOV ECX,DWORD PTR SS:[EBP-1640]


PUSH ECX
PUSH 6

; ||||
; ||||
; ||||/Arg2

LEA EDX,[EBP-0C98]
PUSH EDX
CALL 0042D798

; |||||
; |||||Arg1
; ||||\Syst

ADD ESP,8
PUSH EAX
PUSH 004099C0

; ||||
; ||||/Arg2
; |||||/Arg

MOV ECX,DWORD PTR SS:[EBP+8]


CALL 00405B50

; ||||||
; |||||\Sys

PUSH EAX
CALL 0040A920

; |||||Arg1
; ||||\Syst

ADD ESP,8
PUSH EAX
CALL 0040AE60
ADD ESP,8
MOV ECX,EAX
CALL 00405B50

;
;
;
;
;
;

PUSH EAX
CALL 0040A920

; |||Arg1
; ||\System

ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
MOV ECX,EAX
CALL 00405B90

;
;
;
;
;
;
;
;
;

PUSH EAX

; |

||||
||||
||||
||||
||||
|||\Syste

||
||
||
||
||
||
||
||
|\SystemI

00416ECF |. E8 8C3AFFFF
00416ED4 |. 83C4 08
00416ED7 |. 8BC8
00416ED9 |. E8 B2ECFEFF
fo.00405B90
00416EDE |. C645 FC 2E
00416EE2 |. 8D8D 70F3FFFF
00416EE8 |. E8 E37DFFFF
fo.0040ECD0
00416EED |. C745 FC FFFFF
00416EF4 |. 8D8D 8CF3FFFF
00416EFA |. E8 D17DFFFF
fo.0040ECD0
00416EFF \> E9 D0060000
00416F04 /> 0FB785 54FFFF
00416F0B |. 83F8 04
00416F0E |. 75 0C
00416F10 |. C785 BCE9FFFF
PS R4000"
00416F1A |. EB 0A
00416F1C |> C785 BCE9FFFF
known MIPS processor"
00416F26 |> 8B8D BCE9FFFF
00416F2C |. 51
00416F2D |. 8B55 08
00416F30 |. 52
00416F31 |. E8 2A3AFFFF
00416F36 |. 83C4 08
00416F39 |. 68 409A4000
ystemInfo.409A40
00416F3E |. 8B4D 08
00416F41 |. E8 EAEBFEFF
fo.00405B30
00416F46 |. 68 77874400
ystemInfo.448777
00416F4B |. 8D8D 44F3FFFF
00416F51 |. E8 9A7CFFFF
fo.0040EBF0
00416F56 |. C745 FC 30000
00416F5D |. 8D85 44F3FFFF
00416F63 |. 50
00416F64 |. B9 08294500
00416F69 |. E8 32F5FEFF
fo.004064A0
00416F6E |. 8B0D FC284500
00416F74 |. 83C1 01
00416F77 |. 890D FC284500
00416F7D |. 68 74874400
"
00416F82 |. 8B15 FC284500
00416F88 |. 52
[4528FC] = 0
00416F89 |. 68 D0914400
00416F8E |. A1 F8284500
00416F93 |. 50
[4528F8] = 0
00416F94 |. B9 08294500
00416F99 |. E8 C2EEFEFF
nfo.00405E60
00416F9E |. 50

CALL 0040A960
ADD ESP,8
MOV ECX,EAX
CALL 00405B90

;
;
;
;

|
|
|
\SystemIn

MOV BYTE PTR SS:[EBP-4],2E


LEA ECX,[EBP-0C90]
CALL 0040ECD0

; [SystemIn

MOV DWORD PTR SS:[EBP-4],-1


LEA ECX,[EBP-0C74]
CALL 0040ECD0

; [SystemIn

JMP 004175D4
MOVZX EAX,WORD PTR SS:[EBP-0AC]
CMP EAX,4
JNE SHORT 00416F1C
MOV DWORD PTR SS:[EBP-1644],OFFSET 00448 ; ASCII "MI
JMP SHORT 00416F26
MOV DWORD PTR SS:[EBP-1644],OFFSET 00448 ; ASCII "Un
MOV ECX,DWORD PTR SS:[EBP-1644]
PUSH ECX
MOV EDX,DWORD PTR SS:[EBP+8]
PUSH EDX
CALL 0040A960
ADD ESP,8
PUSH 00409A40

; /Arg1 = S

MOV ECX,DWORD PTR SS:[EBP+8]


CALL 00405B30

; |
; \SystemIn

PUSH OFFSET 00448777

; /Arg1 = S

LEA ECX,[EBP-0CBC]
CALL 0040EBF0

; |
; \SystemIn

MOV DWORD PTR SS:[EBP-4],30


LEA EAX,[EBP-0CBC]
PUSH EAX
MOV ECX,OFFSET 00452908
CALL 004064A0

; /Arg1
; |
; \SystemIn

MOV ECX,DWORD PTR DS:[4528FC]


ADD ECX,1
MOV DWORD PTR DS:[4528FC],ECX
PUSH OFFSET 00448774

; ASCII ".

MOV EDX,DWORD PTR DS:[4528FC]


PUSH EDX

; /Arg1 =>

PUSH OFFSET 004491D0


MOV EAX,DWORD PTR DS:[4528F8]
PUSH EAX

; |
; |
; |/Arg1 =>

MOV ECX,OFFSET 00452908


CALL 00405E60

; ||
; |\SystemI

PUSH EAX

; |

00416F9F |. E8 BC39FFFF
00416FA4 |. 83C4 08
00416FA7 |. 8BC8
00416FA9 |. E8 B2EEFEFF
fo.00405E60
00416FAE |. 50
00416FAF |. E8 AC39FFFF
00416FB4 |. 83C4 08
00416FB7 |. 8D8D 28F3FFFF
00416FBD |. 51
00416FBE |. B9 08294500
00416FC3 |. E8 98F4FEFF
fo.00406460
00416FC8 |. 8985 B8E9FFFF
00416FCE |. 8B95 B8E9FFFF
00416FD4 |. 8995 B4E9FFFF
00416FDA |. C645 FC 31
00416FDE |. 0FB785 56FFFF
00416FE5 |. 50
00416FE6 |. 68 E08B4400
evision "
00416FEB |. 68 80874400
00416FF0 |. 6A 23
23
00416FF2 |. 8D8D 60F3FFFF
00416FF8 |. 51
00416FF9 |. E8 9A670100
nfo.0042D798
00416FFE |. 83C4 08
00417001 |. 50
00417002 |. 68 009A4000
SystemInfo.409A00
00417007 |. 8B95 B4E9FFFF
0041700D |. 52
0041700E |. 6A 06
= 6
00417010 |. 8D85 20F3FFFF
00417016 |. 50
00417017 |. E8 7C670100
mInfo.0042D798
0041701C |. 83C4 08
0041701F |. 50
00417020 |. 68 C0994000
= SystemInfo.4099C0
00417025 |. 8B4D 08
00417028 |. E8 23EBFEFF
emInfo.00405B50
0041702D |. 50
0041702E |. E8 ED38FFFF
mInfo.0040A920
00417033 |. 83C4 08
00417036 |. 50
00417037 |. E8 243EFFFF
0041703C |. 83C4 08
0041703F |. 8BC8
00417041 |. E8 0AEBFEFF
Info.00405B50
00417046 |. 50
00417047 |. E8 D438FFFF
nfo.0040A920

CALL 0040A960
ADD ESP,8
MOV ECX,EAX
CALL 00405E60

;
;
;
;

|
|
|
\SystemIn

PUSH EAX
CALL 0040A960
ADD ESP,8
LEA ECX,[EBP-0CD8]
PUSH ECX
MOV ECX,OFFSET 00452908
CALL 00406460

; /Arg1
; |
; \SystemIn

MOV DWORD PTR SS:[EBP-1648],EAX


MOV EDX,DWORD PTR SS:[EBP-1648]
MOV DWORD PTR SS:[EBP-164C],EDX
MOV BYTE PTR SS:[EBP-4],31
MOVZX EAX,WORD PTR SS:[EBP-0AA]
PUSH EAX
PUSH OFFSET 00448BE0

; /Arg1
; |ASCII "R

PUSH OFFSET 00448780


PUSH 23

; |
; |/Arg2 =

LEA ECX,[EBP-0CA0]
PUSH ECX
CALL 0042D798

; ||
; ||Arg1
; |\SystemI

ADD ESP,8
PUSH EAX
PUSH 00409A00

; |
; |/Arg2
; ||/Arg1 =

MOV EDX,DWORD PTR SS:[EBP-164C]


PUSH EDX
PUSH 6

; |||
; |||
; |||/Arg2

LEA EAX,[EBP-0CE0]
PUSH EAX
CALL 0042D798

; ||||
; ||||Arg1
; |||\Syste

ADD ESP,8
PUSH EAX
PUSH 004099C0

; |||
; |||/Arg2
; ||||/Arg1

MOV ECX,DWORD PTR SS:[EBP+8]


CALL 00405B50

; |||||
; ||||\Syst

PUSH EAX
CALL 0040A920

; ||||Arg1
; |||\Syste

ADD ESP,8
PUSH EAX
CALL 0040AE60
ADD ESP,8
MOV ECX,EAX
CALL 00405B50

;
;
;
;
;
;

PUSH EAX
CALL 0040A920

; ||Arg1
; |\SystemI

|||
|||
|||
|||
|||
||\System

0041704C |. 83C4 08
0041704F |. 50
00417050 |. E8 0B39FFFF
00417055 |. 83C4 08
00417058 |. 50
00417059 |. E8 0239FFFF
0041705E |. 83C4 08
00417061 |. 8BC8
00417063 |. E8 28EBFEFF
fo.00405B90
00417068 |. C645 FC 30
0041706C |. 8D8D 28F3FFFF
00417072 |. E8 597CFFFF
fo.0040ECD0
00417077 |. C745 FC FFFFF
0041707E |. 8D8D 44F3FFFF
00417084 |. E8 477CFFFF
fo.0040ECD0
00417089 \. E9 46050000
0041708E /> 0FB78D 54FFFF
00417095 |. 81F9 48520000
0041709B |. 75 0C
0041709D |. C785 B0E9FFFF
pha 21064"
004170A7 |. EB 57
004170A9 |> 0FB795 54FFFF
004170B0 |. 81FA 4A520000
004170B6 |. 75 0C
004170B8 |. C785 ACE9FFFF
pha 21066"
004170C2 |. EB 30
004170C4 |> 0FB785 54FFFF
004170CB |. 3D AC520000
004170D0 |. 75 0C
004170D2 |. C785 A8E9FFFF
pha 21164"
004170DC |. EB 0A
004170DE |> C785 A8E9FFFF
known Alpha processor"
004170E8 |> 8B8D A8E9FFFF
004170EE |. 898D ACE9FFFF
004170F4 |> 8B95 ACE9FFFF
004170FA |. 8995 B0E9FFFF
00417100 |> 8B85 B0E9FFFF
00417106 |. 50
00417107 |. 8B4D 08
0041710A |. 51
0041710B |. E8 5038FFFF
00417110 |. 83C4 08
00417113 |. 0FB795 56FFFF
0041711A |. C1EA 08
0041711D |. 81E2 FF000000
00417123 |. 66:0FB6C2
00417127 |. 66:8985 E4FAF
0041712E |. 0FB78D 56FFFF
00417135 |. 81E1 FF000000
0041713B |. 66:0FB6D1
0041713F |. 66:8995 E8FAF
00417146 |. 68 409A4000
ystemInfo.409A40

ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
MOV ECX,EAX
CALL 00405B90

;
;
;
;
;
;
;
;
;

|
|
|
|
|
|
|
|
\SystemIn

MOV BYTE PTR SS:[EBP-4],30


LEA ECX,[EBP-0CD8]
CALL 0040ECD0

; [SystemIn

MOV DWORD PTR SS:[EBP-4],-1


LEA ECX,[EBP-0CBC]
CALL 0040ECD0

; [SystemIn

JMP 004175D4
MOVZX ECX,WORD PTR SS:[EBP-0AC]
CMP ECX,5248
JNE SHORT 004170A9
MOV DWORD PTR SS:[EBP-1650],OFFSET 00448 ; ASCII "Al
JMP SHORT 00417100
MOVZX EDX,WORD PTR SS:[EBP-0AC]
CMP EDX,524A
JNE SHORT 004170C4
MOV DWORD PTR SS:[EBP-1654],OFFSET 00448 ; ASCII "Al
JMP SHORT 004170F4
MOVZX EAX,WORD PTR SS:[EBP-0AC]
CMP EAX,52AC
JNE SHORT 004170DE
MOV DWORD PTR SS:[EBP-1658],OFFSET 00448 ; ASCII "Al
JMP SHORT 004170E8
MOV DWORD PTR SS:[EBP-1658],OFFSET 00448 ; ASCII "Un
MOV ECX,DWORD PTR SS:[EBP-1658]
MOV DWORD PTR SS:[EBP-1654],ECX
MOV EDX,DWORD PTR SS:[EBP-1654]
MOV DWORD PTR SS:[EBP-1650],EDX
MOV EAX,DWORD PTR SS:[EBP-1650]
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP+8]
PUSH ECX
CALL 0040A960
ADD ESP,8
MOVZX EDX,WORD PTR SS:[EBP-0AA]
SHR EDX,8
AND EDX,000000FF
MOVZX AX,DL
MOV WORD PTR SS:[EBP-51C],AX
MOVZX ECX,WORD PTR SS:[EBP-0AA]
AND ECX,000000FF
MOVZX DX,CL
MOV WORD PTR SS:[EBP-518],DX
PUSH 00409A40

; /Arg1 = S

0041714B |. 8B4D 08
0041714E |. E8 DDE9FEFF
fo.00405B30
00417153 |. 68 77874400
ystemInfo.448777
00417158 |. 8D8D FCF2FFFF
0041715E |. E8 8D7AFFFF
fo.0040EBF0
00417163 |. C745 FC 32000
0041716A |. 8D85 FCF2FFFF
00417170 |. 50
00417171 |. B9 08294500
00417176 |. E8 25F3FEFF
fo.004064A0
0041717B |. 8B0D FC284500
00417181 |. 83C1 01
00417184 |. 890D FC284500
0041718A |. 68 74874400
"
0041718F |. 8B15 FC284500
00417195 |. 52
[4528FC] = 0
00417196 |. 68 D0914400
0041719B |. A1 F8284500
004171A0 |. 50
[4528F8] = 0
004171A1 |. B9 08294500
004171A6 |. E8 B5ECFEFF
nfo.00405E60
004171AB |. 50
004171AC |. E8 AF37FFFF
004171B1 |. 83C4 08
004171B4 |. 8BC8
004171B6 |. E8 A5ECFEFF
fo.00405E60
004171BB |. 50
004171BC |. E8 9F37FFFF
004171C1 |. 83C4 08
004171C4 |. 8D8D E0F2FFFF
004171CA |. 51
004171CB |. B9 08294500
004171D0 |. E8 8BF2FEFF
fo.00406460
004171D5 |. 8985 A4E9FFFF
004171DB |. 8B95 A4E9FFFF
004171E1 |. 8995 A0E9FFFF
004171E7 |. C645 FC 33
004171EB |. 0FB785 E8FAFF
004171F2 |. 50
004171F3 |. 68 9C8B4400
Pass "
004171F8 |. 0FB78D E4FAFF
004171FF |. 81C1 60874400
00417205 |. 51
00417206 |. 68 108C4400
odel "
0041720B |. 68 80874400
00417210 |. 6A 23
23
00417212 |. 8D95 18F3FFFF

MOV ECX,DWORD PTR SS:[EBP+8]


CALL 00405B30

; |
; \SystemIn

PUSH OFFSET 00448777

; /Arg1 = S

LEA ECX,[EBP-0D04]
CALL 0040EBF0

; |
; \SystemIn

MOV DWORD PTR SS:[EBP-4],32


LEA EAX,[EBP-0D04]
PUSH EAX
MOV ECX,OFFSET 00452908
CALL 004064A0

; /Arg1
; |
; \SystemIn

MOV ECX,DWORD PTR DS:[4528FC]


ADD ECX,1
MOV DWORD PTR DS:[4528FC],ECX
PUSH OFFSET 00448774

; ASCII ".

MOV EDX,DWORD PTR DS:[4528FC]


PUSH EDX

; /Arg1 =>

PUSH OFFSET 004491D0


MOV EAX,DWORD PTR DS:[4528F8]
PUSH EAX

; |
; |
; |/Arg1 =>

MOV ECX,OFFSET 00452908


CALL 00405E60

; ||
; |\SystemI

PUSH EAX
CALL 0040A960
ADD ESP,8
MOV ECX,EAX
CALL 00405E60

;
;
;
;
;

PUSH EAX
CALL 0040A960
ADD ESP,8
LEA ECX,[EBP-0D20]
PUSH ECX
MOV ECX,OFFSET 00452908
CALL 00406460

; /Arg1
; |
; \SystemIn

MOV DWORD PTR SS:[EBP-165C],EAX


MOV EDX,DWORD PTR SS:[EBP-165C]
MOV DWORD PTR SS:[EBP-1660],EDX
MOV BYTE PTR SS:[EBP-4],33
MOVZX EAX,WORD PTR SS:[EBP-518]
PUSH EAX
PUSH OFFSET 00448B9C

; /Arg1
; |ASCII ",

MOVZX ECX,WORD PTR SS:[EBP-51C]


ADD ECX,OFFSET 00448760
PUSH ECX
PUSH OFFSET 00448C10

;
;
;
;

PUSH OFFSET 00448780


PUSH 23

; |
; |/Arg2 =

LEA EDX,[EBP-0CE8]

; ||

|
|
|
|
\SystemIn

|
|
|
|ASCII "M

00417218 |. 52
00417219 |. E8 7A650100
nfo.0042D798
0041721E |. 83C4 08
00417221 |. 50
00417222 |. 68 009A4000
SystemInfo.409A00
00417227 |. 8B85 A0E9FFFF
0041722D |. 50
0041722E |. 6A 06
= 6
00417230 |. 8D8D D8F2FFFF
00417236 |. 51
00417237 |. E8 5C650100
mInfo.0042D798
0041723C |. 83C4 08
0041723F |. 50
00417240 |. 68 C0994000
= SystemInfo.4099C0
00417245 |. 8B4D 08
00417248 |. E8 03E9FEFF
emInfo.00405B50
0041724D |. 50
0041724E |. E8 CD36FFFF
mInfo.0040A920
00417253 |. 83C4 08
00417256 |. 50
00417257 |. E8 043CFFFF
0041725C |. 83C4 08
0041725F |. 8BC8
00417261 |. E8 EAE8FEFF
Info.00405B50
00417266 |. 50
00417267 |. E8 B436FFFF
nfo.0040A920
0041726C |. 83C4 08
0041726F |. 50
00417270 |. E8 EB36FFFF
00417275 |. 83C4 08
00417278 |. 50
00417279 |. E8 E236FFFF
0041727E |. 83C4 08
00417281 |. 50
00417282 |. E8 D936FFFF
00417287 |. 83C4 08
0041728A |. 50
0041728B |. E8 D036FFFF
00417290 |. 83C4 08
00417293 |. 8BC8
00417295 |. E8 F6E8FEFF
fo.00405B90
0041729A |. C645 FC 32
0041729E |. 8D8D E0F2FFFF
004172A4 |. E8 277AFFFF
fo.0040ECD0
004172A9 |. C745 FC FFFFF
004172B0 |. 8D8D FCF2FFFF
004172B6 |. E8 157AFFFF
fo.0040ECD0
004172BB \. E9 14030000

PUSH EDX
CALL 0042D798

; ||Arg1
; |\SystemI

ADD ESP,8
PUSH EAX
PUSH 00409A00

; |
; |/Arg2
; ||/Arg1 =

MOV EAX,DWORD PTR SS:[EBP-1660]


PUSH EAX
PUSH 6

; |||
; |||
; |||/Arg2

LEA ECX,[EBP-0D28]
PUSH ECX
CALL 0042D798

; ||||
; ||||Arg1
; |||\Syste

ADD ESP,8
PUSH EAX
PUSH 004099C0

; |||
; |||/Arg2
; ||||/Arg1

MOV ECX,DWORD PTR SS:[EBP+8]


CALL 00405B50

; |||||
; ||||\Syst

PUSH EAX
CALL 0040A920

; ||||Arg1
; |||\Syste

ADD ESP,8
PUSH EAX
CALL 0040AE60
ADD ESP,8
MOV ECX,EAX
CALL 00405B50

;
;
;
;
;
;

PUSH EAX
CALL 0040A920

; ||Arg1
; |\SystemI

ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
MOV ECX,EAX
CALL 00405B90

;
;
;
;
;
;
;
;
;
;
;
;
;
;
;

MOV BYTE PTR SS:[EBP-4],32


LEA ECX,[EBP-0D20]
CALL 0040ECD0

; [SystemIn

MOV DWORD PTR SS:[EBP-4],-1


LEA ECX,[EBP-0D04]
CALL 0040ECD0

; [SystemIn

JMP 004175D4

|||
|||
|||
|||
|||
||\System

|
|
|
|
|
|
|
|
|
|
|
|
|
|
\SystemIn

004172C0
004172C7
004172CA
004172CC
C 601"
004172D6
004172DB
004172E2
004172E5
004172E7
C 603"
004172F1
004172F6
004172FD
00417300
00417302
C 604"
0041730C
0041730E
00417315
00417318
0041731A
C 603+"
00417324
00417326
0041732D
00417330
00417332
C 604+"
0041733C
0041733E
00417345
00417348
0041734A
C 620"
00417354
00417356
known PPC
00417360
00417366
0041736C
00417372
00417378
0041737E
00417384
0041738A
00417390
00417396
0041739C
004173A2
004173A3
004173A6
004173A7
004173AC
004173AF
004173B6
004173B9
004173BE
004173C2
004173C9

/>
|.
|.
|.

0FB795 54FFFF
83FA 01
75 0F
C785 9CE9FFFF

MOVZX EDX,WORD PTR SS:[EBP-0AC]


CMP EDX,1
JNE SHORT 004172DB
MOV DWORD PTR SS:[EBP-1664],OFFSET 00448 ; ASCII "PP

|.
|>
|.
|.
|.

E9 C1000000
0FB785 54FFFF
83F8 03
75 0F
C785 98E9FFFF

JMP 0041739C
MOVZX EAX,WORD PTR SS:[EBP-0AC]
CMP EAX,3
JNE SHORT 004172F6
MOV DWORD PTR SS:[EBP-1668],OFFSET 00448 ; ASCII "PP

|.
|>
|.
|.
|.

E9 9A000000
0FB78D 54FFFF
83F9 04
75 0C
C785 94E9FFFF

JMP 00417390
MOVZX ECX,WORD PTR SS:[EBP-0AC]
CMP ECX,4
JNE SHORT 0041730E
MOV DWORD PTR SS:[EBP-166C],OFFSET 00448 ; ASCII "PP

|.
|>
|.
|.
|.

EB 76
0FB795 54FFFF
83FA 06
75 0C
C785 90E9FFFF

JMP SHORT 00417384


MOVZX EDX,WORD PTR SS:[EBP-0AC]
CMP EDX,6
JNE SHORT 00417326
MOV DWORD PTR SS:[EBP-1670],OFFSET 00448 ; ASCII "PP

|.
|>
|.
|.
|.

EB 52
0FB785 54FFFF
83F8 09
75 0C
C785 8CE9FFFF

JMP SHORT 00417378


MOVZX EAX,WORD PTR SS:[EBP-0AC]
CMP EAX,9
JNE SHORT 0041733E
MOV DWORD PTR SS:[EBP-1674],OFFSET 00448 ; ASCII "PP

|.
|>
|.
|.
|.

EB 2E
0FB78D 54FFFF
83F9 14
75 0C
C785 88E9FFFF

JMP SHORT 0041736C


MOVZX ECX,WORD PTR SS:[EBP-0AC]
CMP ECX,14
JNE SHORT 00417356
MOV DWORD PTR SS:[EBP-1678],OFFSET 00448 ; ASCII "PP

|. EB 0A
|> C785 88E9FFFF
processor"
|> 8B95 88E9FFFF
|. 8995 8CE9FFFF
|> 8B85 8CE9FFFF
|. 8985 90E9FFFF
|> 8B8D 90E9FFFF
|. 898D 94E9FFFF
|> 8B95 94E9FFFF
|. 8995 98E9FFFF
|> 8B85 98E9FFFF
|. 8985 9CE9FFFF
|> 8B8D 9CE9FFFF
|. 51
|. 8B55 08
|. 52
|. E8 B435FFFF
|. 83C4 08
|. 0FB785 56FFFF
|. C1E8 08
|. 25 FF000000
|. 66:0FB6C8
|. 66:898D DCFAF
|. 0FB795 56FFFF

JMP SHORT 00417360


MOV DWORD PTR SS:[EBP-1678],OFFSET 00448 ; ASCII "Un
MOV EDX,DWORD PTR SS:[EBP-1678]
MOV DWORD PTR SS:[EBP-1674],EDX
MOV EAX,DWORD PTR SS:[EBP-1674]
MOV DWORD PTR SS:[EBP-1670],EAX
MOV ECX,DWORD PTR SS:[EBP-1670]
MOV DWORD PTR SS:[EBP-166C],ECX
MOV EDX,DWORD PTR SS:[EBP-166C]
MOV DWORD PTR SS:[EBP-1668],EDX
MOV EAX,DWORD PTR SS:[EBP-1668]
MOV DWORD PTR SS:[EBP-1664],EAX
MOV ECX,DWORD PTR SS:[EBP-1664]
PUSH ECX
MOV EDX,DWORD PTR SS:[EBP+8]
PUSH EDX
CALL 0040A960
ADD ESP,8
MOVZX EAX,WORD PTR SS:[EBP-0AA]
SHR EAX,8
AND EAX,000000FF
MOVZX CX,AL
MOV WORD PTR SS:[EBP-524],CX
MOVZX EDX,WORD PTR SS:[EBP-0AA]

004173D0 |. 81E2 FF000000


004173D6 |. 66:0FB6C2
004173DA |. 66:8985 E0FAF
004173E1 |. 68 409A4000
ystemInfo.409A40
004173E6 |. 8B4D 08
004173E9 |. E8 42E7FEFF
fo.00405B30
004173EE |. 68 77874400
ystemInfo.448777
004173F3 |. 8D8D B4F2FFFF
004173F9 |. E8 F277FFFF
fo.0040EBF0
004173FE |. C745 FC 34000
00417405 |. 8D8D B4F2FFFF
0041740B |. 51
0041740C |. B9 08294500
00417411 |. E8 8AF0FEFF
fo.004064A0
00417416 |. 8B15 FC284500
0041741C |. 83C2 01
0041741F |. 8915 FC284500
00417425 |. 68 74874400
"
0041742A |. A1 FC284500
0041742F |. 50
[4528FC] = 0
00417430 |. 68 D0914400
00417435 |. 8B0D F8284500
0041743B |. 51
[4528F8] = 0
0041743C |. B9 08294500
00417441 |. E8 1AEAFEFF
nfo.00405E60
00417446 |. 50
00417447 |. E8 1435FFFF
0041744C |. 83C4 08
0041744F |. 8BC8
00417451 |. E8 0AEAFEFF
fo.00405E60
00417456 |. 50
00417457 |. E8 0435FFFF
0041745C |. 83C4 08
0041745F |. 8D95 98F2FFFF
00417465 |. 52
00417466 |. B9 08294500
0041746B |. E8 F0EFFEFF
fo.00406460
00417470 |. 8985 84E9FFFF
00417476 |. 8B85 84E9FFFF
0041747C |. 8985 80E9FFFF
00417482 |. C645 FC 35
00417486 |. 0FB78D E0FAFF
0041748D |. 51
0041748E |. 68 D0914400
00417493 |. 0FB795 DCFAFF
0041749A |. 52
0041749B |. 68 E08B4400
Revision "
004174A0 |. 68 80874400

AND EDX,000000FF
MOVZX AX,DL
MOV WORD PTR SS:[EBP-520],AX
PUSH 00409A40

; /Arg1 = S

MOV ECX,DWORD PTR SS:[EBP+8]


CALL 00405B30

; |
; \SystemIn

PUSH OFFSET 00448777

; /Arg1 = S

LEA ECX,[EBP-0D4C]
CALL 0040EBF0

; |
; \SystemIn

MOV DWORD PTR SS:[EBP-4],34


LEA ECX,[EBP-0D4C]
PUSH ECX
MOV ECX,OFFSET 00452908
CALL 004064A0

; /Arg1
; |
; \SystemIn

MOV EDX,DWORD PTR DS:[4528FC]


ADD EDX,1
MOV DWORD PTR DS:[4528FC],EDX
PUSH OFFSET 00448774

; ASCII ".

MOV EAX,DWORD PTR DS:[4528FC]


PUSH EAX

; /Arg1 =>

PUSH OFFSET 004491D0


MOV ECX,DWORD PTR DS:[4528F8]
PUSH ECX

; |
; |
; |/Arg1 =>

MOV ECX,OFFSET 00452908


CALL 00405E60

; ||
; |\SystemI

PUSH EAX
CALL 0040A960
ADD ESP,8
MOV ECX,EAX
CALL 00405E60

;
;
;
;
;

PUSH EAX
CALL 0040A960
ADD ESP,8
LEA EDX,[EBP-0D68]
PUSH EDX
MOV ECX,OFFSET 00452908
CALL 00406460

; /Arg1
; |
; \SystemIn

MOV DWORD PTR SS:[EBP-167C],EAX


MOV EAX,DWORD PTR SS:[EBP-167C]
MOV DWORD PTR SS:[EBP-1680],EAX
MOV BYTE PTR SS:[EBP-4],35
MOVZX ECX,WORD PTR SS:[EBP-520]
PUSH ECX
PUSH OFFSET 004491D0
MOVZX EDX,WORD PTR SS:[EBP-524]
PUSH EDX
PUSH OFFSET 00448BE0

;
;
;
;
;

PUSH OFFSET 00448780

; ||

|
|
|
|
\SystemIn

/Arg1
|
|
|/Arg1
||ASCII "

004174A5 |. 6A 23
23
004174A7 |. 8D85 D0F2FFFF
004174AD |. 50
004174AE |. E8 E5620100
Info.0042D798
004174B3 |. 83C4 08
004174B6 |. 50
004174B7 |. 68 009A4000
= SystemInfo.409A00
004174BC |. 8B8D 80E9FFFF
004174C2 |. 51
004174C3 |. 6A 06
= 6
004174C5 |. 8D95 90F2FFFF
004174CB |. 52
004174CC |. E8 C7620100
emInfo.0042D798
004174D1 |. 83C4 08
004174D4 |. 50
004174D5 |. 68 C0994000
1 = SystemInfo.4099C0
004174DA |. 8B4D 08
004174DD |. E8 6EE6FEFF
temInfo.00405B50
004174E2 |. 50
004174E3 |. E8 3834FFFF
emInfo.0040A920
004174E8 |. 83C4 08
004174EB |. 50
004174EC |. E8 6F39FFFF
004174F1 |. 83C4 08
004174F4 |. 8BC8
004174F6 |. E8 55E6FEFF
mInfo.00405B50
004174FB |. 50
004174FC |. E8 1F34FFFF
Info.0040A920
00417501 |. 83C4 08
00417504 |. 50
00417505 |. E8 5634FFFF
0041750A |. 83C4 08
0041750D |. 50
0041750E |. E8 4D34FFFF
00417513 |. 83C4 08
00417516 |. 8BC8
00417518 |. E8 73E6FEFF
nfo.00405B90
0041751D |. 50
0041751E |. E8 3D34FFFF
00417523 |. 83C4 08
00417526 |. 8BC8
00417528 |. E8 63E6FEFF
fo.00405B90
0041752D |. C645 FC 34
00417531 |. 8D8D 98F2FFFF
00417537 |. E8 9477FFFF
fo.0040ECD0
0041753C |. C745 FC FFFFF
00417543 |. 8D8D B4F2FFFF

PUSH 23

; ||/Arg2 =

LEA EAX,[EBP-0D30]
PUSH EAX
CALL 0042D798

; |||
; |||Arg1
; ||\System

ADD ESP,8
PUSH EAX
PUSH 00409A00

; ||
; ||/Arg2
; |||/Arg1

MOV ECX,DWORD PTR SS:[EBP-1680]


PUSH ECX
PUSH 6

; ||||
; ||||
; ||||/Arg2

LEA EDX,[EBP-0D70]
PUSH EDX
CALL 0042D798

; |||||
; |||||Arg1
; ||||\Syst

ADD ESP,8
PUSH EAX
PUSH 004099C0

; ||||
; ||||/Arg2
; |||||/Arg

MOV ECX,DWORD PTR SS:[EBP+8]


CALL 00405B50

; ||||||
; |||||\Sys

PUSH EAX
CALL 0040A920

; |||||Arg1
; ||||\Syst

ADD ESP,8
PUSH EAX
CALL 0040AE60
ADD ESP,8
MOV ECX,EAX
CALL 00405B50

;
;
;
;
;
;

PUSH EAX
CALL 0040A920

; |||Arg1
; ||\System

ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
MOV ECX,EAX
CALL 00405B90

;
;
;
;
;
;
;
;
;

||
||
||
||
||
||
||
||
|\SystemI

PUSH EAX
CALL 0040A960
ADD ESP,8
MOV ECX,EAX
CALL 00405B90

;
;
;
;
;

|
|
|
|
\SystemIn

MOV BYTE PTR SS:[EBP-4],34


LEA ECX,[EBP-0D68]
CALL 0040ECD0

; [SystemIn

MOV DWORD PTR SS:[EBP-4],-1


LEA ECX,[EBP-0D4C]

||||
||||
||||
||||
||||
|||\Syste

00417549 |. E8 8277FFFF CALL 0040ECD0


; [SystemIn
fo.0040ECD0
0041754E \. E9 81000000 JMP 004175D4
00417553 /> 0FB785 54FFFF MOVZX EAX,WORD PTR SS:[EBP-0AC]
0041755A |. 83F8 01
CMP EAX,1
0041755D |. 75 0C
JNE SHORT 0041756B
0041755F |. C785 7CE9FFFF MOV DWORD PTR SS:[EBP-1684],OFFSET 00448 ; ASCII "In
tel IA64"
00417569 |. EB 0A
JMP SHORT 00417575
0041756B |> C785 7CE9FFFF MOV DWORD PTR SS:[EBP-1684],OFFSET 00448 ; ASCII "Un
known Intel IA64 processor"
00417575 |> 8B8D 7CE9FFFF MOV ECX,DWORD PTR SS:[EBP-1684]
0041757B |. 51
PUSH ECX
0041757C |. 8B55 08
MOV EDX,DWORD PTR SS:[EBP+8]
0041757F |. 52
PUSH EDX
00417580 |. E8 DB33FFFF CALL 0040A960
00417585 |. 83C4 08
ADD ESP,8
00417588 \. EB 4A
JMP SHORT 004175D4
0041758A /> 68 0C8B4400 PUSH OFFSET 00448B0C
; ASCII "In
tel IA64 on Win64"
0041758F |. 8B45 08
MOV EAX,DWORD PTR SS:[EBP+8]
00417592 |. 50
PUSH EAX
00417593 |. E8 C833FFFF CALL 0040A960
00417598 |. 83C4 08
ADD ESP,8
0041759B \. EB 37
JMP SHORT 004175D4
0041759D /> 68 FC8A4400 PUSH OFFSET 00448AFC
; ASCII "AM
D64 processor"
004175A2 |. 8B4D 08
MOV ECX,DWORD PTR SS:[EBP+8]
004175A5 |. 51
PUSH ECX
004175A6 |. E8 B533FFFF CALL 0040A960
004175AB |. 83C4 08
ADD ESP,8
004175AE \. EB 24
JMP SHORT 004175D4
004175B0 /> 68 F48A4400 PUSH OFFSET 00448AF4
; ASCII "Un
known"
004175B5 |. 8B55 08
MOV EDX,DWORD PTR SS:[EBP+8]
004175B8 |. 52
PUSH EDX
004175B9 |. E8 A233FFFF CALL 0040A960
004175BE |. 83C4 08
ADD ESP,8
004175C1 |. EB 11
JMP SHORT 004175D4
004175C3 |> 68 D48A4400 PUSH OFFSET 00448AD4
; ASCII "In
valid processor architecture"
004175C8 |. 8B45 08
MOV EAX,DWORD PTR SS:[EBP+8]
004175CB |. 50
PUSH EAX
004175CC |. E8 8F33FFFF CALL 0040A960
004175D1 |. 83C4 08
ADD ESP,8
004175D4 |> 68 409A4000 PUSH 00409A40
; /Arg1 = S
ystemInfo.409A40
004175D9 |. 8B4D 08
MOV ECX,DWORD PTR SS:[EBP+8]
; |
004175DC |. E8 4FE5FEFF CALL 00405B30
; \SystemIn
fo.00405B30
004175E1 |. 8D4D A0
LEA ECX,[EBP-60]
004175E4 |. E8 17B30000 CALL 00422900
; [SystemIn
fo.00422900
004175E9 |. C745 FC 36000 MOV DWORD PTR SS:[EBP-4],36
004175F0 |. 8D8D 78FFFFFF LEA ECX,[EBP-88]
004175F6 |. E8 05B30000 CALL 00422900
; [SystemIn
fo.00422900
004175FB |. C645 FC 37
MOV BYTE PTR SS:[EBP-4],37
004175FF |. 8D4D EC
LEA ECX,[EBP-14]
00417602 |. E8 09B60000 CALL 00422C10
; [SystemIn

fo.00422C10
00417607 |. 8D8D 5CFFFFFF LEA ECX,[EBP-0A4]
0041760D |. E8 FEB50000 CALL 00422C10
fo.00422C10
00417612 |. 68 A08A4400 PUSH OFFSET 00448AA0
SCII "VendorIdentifier"
00417617 |. 6A 00
PUSH 0
00417619 |. 6A 00
PUSH 0
0041761B |. 68 708A4400 PUSH OFFSET 00448A70
SCII "HARDWARE\DESCRIPTION\System\CentralProcessor"
00417620 |. 68 02000080 PUSH 80000002
0000002
00417625 |. 8D4D A0
LEA ECX,[EBP-60]
00417628 |. 51
PUSH ECX
00417629 |. E8 4290FFFF CALL 00410670
fo.00410670
0041762E |. 83C4 18
ADD ESP,18
00417631 |. 8D95 88F2FFFF LEA EDX,[EBP-0D78]
00417637 |. 52
PUSH EDX
00417638 |. 8D4D A0
LEA ECX,[EBP-60]
0041763B |. E8 E0B20000 CALL 00422920
fo.00422920
00417640 |. 8B08
MOV ECX,DWORD PTR DS:[EAX]
00417642 |. 8B50 04
MOV EDX,DWORD PTR DS:[EAX+4]
00417645 |. 894D EC
MOV DWORD PTR SS:[EBP-14],ECX
00417648 |. 8955 F0
MOV DWORD PTR SS:[EBP-10],EDX
0041764B |. EB 08
JMP SHORT 00417655
0041764D |> 8D4D EC
/LEA ECX,[EBP-14]
00417650 |. E8 0BB60000 |CALL 00422C60
00417655 |> 8D85 80F2FFFF |LEA EAX,[EBP-0D80]
0041765B |. 50
|PUSH EAX
0041765C |. 8D4D A0
|LEA ECX,[EBP-60]
0041765F |. E8 0CB30000 |CALL 00422970
fo.00422970
00417664 |. 50
|PUSH EAX
00417665 |. 8D4D EC
|LEA ECX,[EBP-14]
00417668 |. E8 13B60000 |CALL 00422C80
fo.00422C80
0041766D |. 0FB6C8
|MOVZX ECX,AL
00417670 |. 85C9
|TEST ECX,ECX
00417672 |. 0F84 42010000 |JE 004177BA
00417678 |. 68 77874400 |PUSH OFFSET 00448777
ystemInfo.448777
0041767D |. 8D8D 5CF2FFFF |LEA ECX,[EBP-0DA4]
00417683 |. E8 6875FFFF |CALL 0040EBF0
fo.0040EBF0
00417688 |. C645 FC 38
|MOV BYTE PTR SS:[EBP-4],38
0041768C |. 8D95 5CF2FFFF |LEA EDX,[EBP-0DA4]
00417692 |. 52
|PUSH EDX
00417693 |. B9 08294500 |MOV ECX,OFFSET 00452908
00417698 |. E8 03EEFEFF |CALL 004064A0
fo.004064A0
0041769D |. A1 FC284500 |MOV EAX,DWORD PTR DS:[4528FC]
004176A2 |. 83C0 01
|ADD EAX,1
004176A5 |. A3 FC284500 |MOV DWORD PTR DS:[4528FC],EAX
004176AA |. 68 74874400 |PUSH OFFSET 00448774
"
004176AF |. 8B0D FC284500 |MOV ECX,DWORD PTR DS:[4528FC]
004176B5 |. 51
|PUSH ECX
[4528FC] = 0

; [SystemIn
; /Arg6 = A
; |Arg5 = 0
; |Arg4 = 0
; |Arg3 = A
; |Arg2 = 8
; |
; |Arg1
; \SystemIn

; /Arg1
; |
; \SystemIn

; /Arg1
; |
; \SystemIn
; /Arg1
; |
; \SystemIn

; /Arg1 = S
; |
; \SystemIn

; /Arg1
; |
; \SystemIn

; ASCII ".
; /Arg1 =>

004176B6 |. 68 D0914400
004176BB |. 8B15 F8284500
004176C1 |. 52
[4528F8] = 0
004176C2 |. B9 08294500
004176C7 |. E8 94E7FEFF
nfo.00405E60
004176CC |. 50
004176CD |. E8 8E32FFFF
004176D2 |. 83C4 08
004176D5 |. 8BC8
004176D7 |. E8 84E7FEFF
fo.00405E60
004176DC |. 50
004176DD |. E8 7E32FFFF
004176E2 |. 83C4 08
004176E5 |. 8D85 40F2FFFF
004176EB |. 50
004176EC |. B9 08294500
004176F1 |. E8 6AEDFEFF
fo.00406460
004176F6 |. 8985 78E9FFFF
004176FC |. 8B8D 78E9FFFF
00417702 |. 898D 74E9FFFF
00417708 |. C645 FC 39
0041770C |. 68 409A4000
ystemInfo.409A40
00417711 |. 8D4D EC
00417714 |. E8 27B50000
00417719 |. 50
0041771A |. 68 80874400
0041771F |. 6A 23
23
00417721 |. 8D95 78F2FFFF
00417727 |. 52
00417728 |. E8 6B600100
nfo.0042D798
0041772D |. 83C4 08
00417730 |. 50
00417731 |. 68 009A4000
SystemInfo.409A00
00417736 |. 8B85 74E9FFFF
0041773C |. 50
0041773D |. 6A 06
= 6
0041773F |. 8D8D 38F2FFFF
00417745 |. 51
00417746 |. E8 4D600100
mInfo.0042D798
0041774B |. 83C4 08
0041774E |. 50
0041774F |. 68 C0994000
= SystemInfo.4099C0
00417754 |. 8B4D 08
00417757 |. E8 F4E3FEFF
emInfo.00405B50
0041775C |. 50
0041775D |. E8 BE31FFFF
mInfo.0040A920
00417762 |. 83C4 08

|PUSH OFFSET 004491D0


|MOV EDX,DWORD PTR DS:[4528F8]
|PUSH EDX

; |
; |
; |/Arg1 =>

|MOV ECX,OFFSET 00452908


|CALL 00405E60

; ||
; |\SystemI

|PUSH EAX
|CALL 0040A960
|ADD ESP,8
|MOV ECX,EAX
|CALL 00405E60

;
;
;
;
;

|PUSH EAX
|CALL 0040A960
|ADD ESP,8
|LEA EAX,[EBP-0DC0]
|PUSH EAX
|MOV ECX,OFFSET 00452908
|CALL 00406460

; /Arg1
; |
; \SystemIn

|MOV DWORD PTR SS:[EBP-1688],EAX


|MOV ECX,DWORD PTR SS:[EBP-1688]
|MOV DWORD PTR SS:[EBP-168C],ECX
|MOV BYTE PTR SS:[EBP-4],39
|PUSH 00409A40

; /Arg1 = S

|LEA ECX,[EBP-14]
|CALL 00422C40
|PUSH EAX
|PUSH OFFSET 00448780
|PUSH 23

;
;
;
;
;

|LEA EDX,[EBP-0D88]
|PUSH EDX
|CALL 0042D798

; ||
; ||Arg1
; |\SystemI

|ADD ESP,8
|PUSH EAX
|PUSH 00409A00

; |
; |/Arg2
; ||/Arg1 =

|MOV EAX,DWORD PTR SS:[EBP-168C]


|PUSH EAX
|PUSH 6

; |||
; |||
; |||/Arg2

|LEA ECX,[EBP-0DC8]
|PUSH ECX
|CALL 0042D798

; ||||
; ||||Arg1
; |||\Syste

|ADD ESP,8
|PUSH EAX
|PUSH 004099C0

; |||
; |||/Arg2
; ||||/Arg1

|MOV ECX,DWORD PTR SS:[EBP+8]


|CALL 00405B50

; |||||
; ||||\Syst

|PUSH EAX
|CALL 0040A920

; ||||Arg1
; |||\Syste

|ADD ESP,8

; |||

|
|
|
|
\SystemIn

|
|
|
|
|/Arg2 =

00417765 |. 50
00417766 |. E8 F536FFFF
0041776B |. 83C4 08
0041776E |. 8BC8
00417770 |. E8 DBE3FEFF
Info.00405B50
00417775 |. 50
00417776 |. E8 A531FFFF
nfo.0040A920
0041777B |. 83C4 08
0041777E |. 50
0041777F |. E8 DC31FFFF
00417784 |. 83C4 08
00417787 |. 50
00417788 |. E8 D336FFFF
0041778D |. 83C4 08
00417790 |. 8BC8
00417792 |. E8 99E3FEFF
fo.00405B30
00417797 |. C645 FC 38
0041779B |. 8D8D 40F2FFFF
004177A1 |. E8 2A75FFFF
fo.0040ECD0
004177A6 |. C645 FC 37
004177AA |. 8D8D 5CF2FFFF
004177B0 |. E8 1B75FFFF
fo.0040ECD0
004177B5 |.^ E9 93FEFFFF
004177BA |> FF15 54804400
.GetVersion
004177C0 |. 3D 00000080
004177C5 |. 73 2A
004177C7 |. 68 648A4400
SCII "Identifier"
004177CC |. 68 548A4400
SCII "CdRomPeripheral"
004177D1 |. 68 4C8A4400
SCII "Type"
004177D6 |. 68 388A4400
SCII "HARDWARE\DEVICEMAP"
004177DB |. 68 02000080
0000002
004177E0 |. 8D95 78FFFFFF
004177E6 |. 52
004177E7 |. E8 848EFFFF
fo.00410670
004177EC |. 83C4 18
004177EF |. EB 28
004177F1 |> 68 2C8A4400
SCII "DeviceDesc"
004177F6 |. 68 248A4400
SCII "CDROM"
004177FB |. 68 1C8A4400
SCII "Class"
00417800 |. 68 148A4400
SCII "Enum"
00417805 |. 68 02000080
0000002
0041780A |. 8D85 78FFFFFF
00417810 |. 50

|PUSH EAX
|CALL 0040AE60
|ADD ESP,8
|MOV ECX,EAX
|CALL 00405B50

;
;
;
;
;

|||
|||
|||
|||
||\System

|PUSH EAX
|CALL 0040A920

; ||Arg1
; |\SystemI

|ADD ESP,8
|PUSH EAX
|CALL 0040A960
|ADD ESP,8
|PUSH EAX
|CALL 0040AE60
|ADD ESP,8
|MOV ECX,EAX
|CALL 00405B30

;
;
;
;
;
;
;
;
;

|MOV BYTE PTR SS:[EBP-4],38


|LEA ECX,[EBP-0DC0]
|CALL 0040ECD0

; [SystemIn

|MOV BYTE PTR SS:[EBP-4],37


|LEA ECX,[EBP-0DA4]
|CALL 0040ECD0

; [SystemIn

|
|
|
|
|
|
|
|
\SystemIn

\JMP 0041764D
CALL DWORD PTR DS:[<&KERNEL32.GetVersion ; [KERNEL32
CMP EAX,80000000
JNB SHORT 004177F1
PUSH OFFSET 00448A64

; /Arg6 = A

PUSH OFFSET 00448A54

; |Arg5 = A

PUSH OFFSET 00448A4C

; |Arg4 = A

PUSH OFFSET 00448A38

; |Arg3 = A

PUSH 80000002

; |Arg2 = 8

LEA EDX,[EBP-88]
PUSH EDX
CALL 00410670

; |
; |Arg1
; \SystemIn

ADD ESP,18
JMP SHORT 00417819
PUSH OFFSET 00448A2C

; /Arg6 = A

PUSH OFFSET 00448A24

; |Arg5 = A

PUSH OFFSET 00448A1C

; |Arg4 = A

PUSH OFFSET 00448A14

; |Arg3 = A

PUSH 80000002

; |Arg2 = 8

LEA EAX,[EBP-88]
PUSH EAX

; |
; |Arg1

00417811 |. E8 5A8EFFFF
fo.00410670
00417816 |. 83C4 18
00417819 |> 8D8D 30F2FFFF
0041781F |. 51
00417820 |. 8D8D 78FFFFFF
00417826 |. E8 F5B00000
fo.00422920
0041782B |. 8B10
0041782D |. 8B40 04
00417830 |. 8995 5CFFFFFF
00417836 |. 8985 60FFFFFF
0041783C |. EB 0B
0041783E |> 8D8D 5CFFFFFF
00417844 |. E8 17B40000
00417849 |> 8D8D 28F2FFFF
0041784F |. 51
00417850 |. 8D8D 78FFFFFF
00417856 |. E8 15B10000
fo.00422970
0041785B |. 50
0041785C |. 8D8D 5CFFFFFF
00417862 |. E8 19B40000
fo.00422C80
00417867 |. 0FB6D0
0041786A |. 85D2
0041786C |. 0F84 94010000
00417872 |. 68 77874400
ystemInfo.448777
00417877 |. 8D8D 00F2FFFF
0041787D |. E8 6E73FFFF
fo.0040EBF0
00417882 |. C645 FC 3A
00417886 |. 8D85 00F2FFFF
0041788C |. 50
0041788D |. B9 08294500
00417892 |. E8 09ECFEFF
fo.004064A0
00417897 |. 8B0D FC284500
0041789D |. 83C1 01
004178A0 |. 890D FC284500
004178A6 |. 68 74874400
"
004178AB |. 8B15 FC284500
004178B1 |. 52
[4528FC] = 0
004178B2 |. 68 D0914400
004178B7 |. A1 F8284500
004178BC |. 50
[4528F8] = 0
004178BD |. B9 08294500
004178C2 |. E8 99E5FEFF
nfo.00405E60
004178C7 |. 50
004178C8 |. E8 9330FFFF
004178CD |. 83C4 08
004178D0 |. 8BC8
004178D2 |. E8 89E5FEFF
fo.00405E60
004178D7 |. 50

CALL 00410670

; \SystemIn

ADD ESP,18
LEA ECX,[EBP-0DD0]
PUSH ECX
LEA ECX,[EBP-88]
CALL 00422920

; /Arg1
; |
; \SystemIn

MOV EDX,DWORD PTR DS:[EAX]


MOV EAX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[EBP-0A4],EDX
MOV DWORD PTR SS:[EBP-0A0],EAX
JMP SHORT 00417849
/LEA ECX,[EBP-0A4]
|CALL 00422C60
|LEA ECX,[EBP-0DD8]
|PUSH ECX
|LEA ECX,[EBP-88]
|CALL 00422970

; /Arg1
; |
; \SystemIn

|PUSH EAX
|LEA ECX,[EBP-0A4]
|CALL 00422C80

; /Arg1
; |
; \SystemIn

|MOVZX EDX,AL
|TEST EDX,EDX
|JE 00417A06
|PUSH OFFSET 00448777

; /Arg1 = S

|LEA ECX,[EBP-0E00]
|CALL 0040EBF0

; |
; \SystemIn

|MOV BYTE PTR SS:[EBP-4],3A


|LEA EAX,[EBP-0E00]
|PUSH EAX
|MOV ECX,OFFSET 00452908
|CALL 004064A0

; /Arg1
; |
; \SystemIn

|MOV ECX,DWORD PTR DS:[4528FC]


|ADD ECX,1
|MOV DWORD PTR DS:[4528FC],ECX
|PUSH OFFSET 00448774

; ASCII ".

|MOV EDX,DWORD PTR DS:[4528FC]


|PUSH EDX

; /Arg1 =>

|PUSH OFFSET 004491D0


|MOV EAX,DWORD PTR DS:[4528F8]
|PUSH EAX

; |
; |
; |/Arg1 =>

|MOV ECX,OFFSET 00452908


|CALL 00405E60

; ||
; |\SystemI

|PUSH EAX
|CALL 0040A960
|ADD ESP,8
|MOV ECX,EAX
|CALL 00405E60

;
;
;
;
;

|PUSH EAX

|
|
|
|
\SystemIn

004178D8 |. E8 8330FFFF
004178DD |. 83C4 08
004178E0 |. 8D8D E4F1FFFF
004178E6 |. 51
004178E7 |. B9 08294500
004178EC |. E8 6FEBFEFF
fo.00406460
004178F1 |. 8985 70E9FFFF
004178F7 |. 8B95 70E9FFFF
004178FD |. 8995 6CE9FFFF
00417903 |. C645 FC 3B
00417907 |. 68 409A4000
ystemInfo.409A40
0041790C |. 8D8D 5CFFFFFF
00417912 |. E8 29B30000
00417917 |. 50
00417918 |. 6A 20
20
0041791A |. 8D85 27F2FFFF
00417920 |. 50
00417921 |. E8 EA34FFFF
nfo.0040AE10
00417926 |. 83C4 08
00417929 |. 50
0041792A |. 68 009A4000
SystemInfo.409A00
0041792F |. 68 048A4400
"CD-ROM Drive"
00417934 |. 68 C0994000
= SystemInfo.4099C0
00417939 |. 6A 2E
= 2E
0041793B |. 8D8D 26F2FFFF
00417941 |. 51
00417942 |. E8 C934FFFF
emInfo.0040AE10
00417947 |. 83C4 08
0041794A |. 50
0041794B |. 6A 23
2 = 23
0041794D |. 8D95 1CF2FFFF
00417953 |. 52
1
00417954 |. E8 3F5E0100
temInfo.0042D798
00417959 |. 83C4 08
0041795C |. 50
2
0041795D |. 68 009A4000
g1 = SystemInfo.409A00
00417962 |. 8B85 6CE9FFFF
00417968 |. 50
00417969 |. 6A 06
rg2 = 6
0041796B |. 8D8D DCF1FFFF
00417971 |. 51
rg1
00417972 |. E8 215E0100
ystemInfo.0042D798
00417977 |. 83C4 08

|CALL 0040A960
|ADD ESP,8
|LEA ECX,[EBP-0E1C]
|PUSH ECX
|MOV ECX,OFFSET 00452908
|CALL 00406460

; /Arg1
; |
; \SystemIn

|MOV DWORD PTR SS:[EBP-1690],EAX


|MOV EDX,DWORD PTR SS:[EBP-1690]
|MOV DWORD PTR SS:[EBP-1694],EDX
|MOV BYTE PTR SS:[EBP-4],3B
|PUSH 00409A40

; /Arg1 = S

|LEA ECX,[EBP-0A4]
|CALL 00422C40
|PUSH EAX
|PUSH 20

;
;
;
;

|LEA EAX,[EBP-0DD9]
|PUSH EAX
|CALL 0040AE10

; ||
; ||Arg1
; |\SystemI

|ADD ESP,8
|PUSH EAX
|PUSH 00409A00

; |
; |/Arg2
; ||/Arg1 =

|PUSH OFFSET 00448A04

; |||ASCII

|PUSH 004099C0

; |||/Arg1

|PUSH 2E

; ||||/Arg2

|LEA ECX,[EBP-0DDA]
|PUSH ECX
|CALL 0040AE10

; |||||
; |||||Arg1
; ||||\Syst

|ADD ESP,8
|PUSH EAX
|PUSH 23

; ||||
; ||||/Arg2
; |||||/Arg

|LEA EDX,[EBP-0DE4]
|PUSH EDX

; ||||||
; ||||||Arg

|CALL 0042D798

; |||||\Sys

|ADD ESP,8
|PUSH EAX

; |||||
; |||||/Arg

|PUSH 00409A00

; ||||||/Ar

|MOV EAX,DWORD PTR SS:[EBP-1694]


|PUSH EAX
|PUSH 6

; |||||||
; |||||||
; |||||||/A

|LEA ECX,[EBP-0E24]
|PUSH ECX

; ||||||||
; ||||||||A

|CALL 0042D798

; |||||||\S

|ADD ESP,8

; |||||||

|
|
|
|/Arg2 =

0041797A |. 50
rg2
0041797B |. 68 C0994000
Arg1 = SystemInfo.4099C0
00417980 |. 8B4D 08
00417983 |. E8 C8E1FEFF
SystemInfo.00405B50
00417988 |. 50
rg1
00417989 |. E8 922FFFFF
ystemInfo.0040A920
0041798E |. 83C4 08
00417991 |. 50
00417992 |. E8 C934FFFF
00417997 |. 83C4 08
0041799A |. 8BC8
0041799C |. E8 AFE1FEFF
stemInfo.00405B50
004179A1 |. 50
1
004179A2 |. E8 792FFFFF
temInfo.0040A920
004179A7 |. 83C4 08
004179AA |. 50
004179AB |. E8 7034FFFF
emInfo.0040AE20
004179B0 |. 83C4 08
004179B3 |. 8BC8
004179B5 |. E8 96E1FEFF
mInfo.00405B50
004179BA |. 50
004179BB |. E8 A02FFFFF
004179C0 |. 83C4 08
004179C3 |. 8BC8
004179C5 |. E8 86E1FEFF
Info.00405B50
004179CA |. 50
004179CB |. E8 5034FFFF
nfo.0040AE20
004179D0 |. 83C4 08
004179D3 |. 50
004179D4 |. E8 8734FFFF
004179D9 |. 83C4 08
004179DC |. 8BC8
004179DE |. E8 4DE1FEFF
fo.00405B30
004179E3 |. C645 FC 3A
004179E7 |. 8D8D E4F1FFFF
004179ED |. E8 DE72FFFF
fo.0040ECD0
004179F2 |. C645 FC 37
004179F6 |. 8D8D 00F2FFFF
004179FC |. E8 CF72FFFF
fo.0040ECD0
00417A01 |.^ E9 38FEFFFF
00417A06 |> C645 FC 36
00417A0A |. 8D8D 78FFFFFF
00417A10 |. E8 5B000000
00417A15 |. C745 FC FFFFF
00417A1C |. 8D4D A0

|PUSH EAX

; |||||||/A

|PUSH 004099C0

; ||||||||/

|MOV ECX,DWORD PTR SS:[EBP+8]


|CALL 00405B50

; |||||||||
; ||||||||\

|PUSH EAX

; ||||||||A

|CALL 0040A920

; |||||||\S

|ADD ESP,8
|PUSH EAX
|CALL 0040AE60
|ADD ESP,8
|MOV ECX,EAX
|CALL 00405B50

;
;
;
;
;
;

|PUSH EAX

; ||||||Arg

|CALL 0040A920

; |||||\Sys

|ADD ESP,8
|PUSH EAX
|CALL 0040AE20

; |||||
; |||||Arg1
; ||||\Syst

|ADD ESP,8
|MOV ECX,EAX
|CALL 00405B50

; ||||
; ||||
; |||\Syste

|PUSH EAX
|CALL 0040A960
|ADD ESP,8
|MOV ECX,EAX
|CALL 00405B50

;
;
;
;
;

|PUSH EAX
|CALL 0040AE20

; ||Arg1
; |\SystemI

|ADD ESP,8
|PUSH EAX
|CALL 0040AE60
|ADD ESP,8
|MOV ECX,EAX
|CALL 00405B30

;
;
;
;
;
;

|MOV BYTE PTR SS:[EBP-4],3A


|LEA ECX,[EBP-0E1C]
|CALL 0040ECD0

; [SystemIn

|MOV BYTE PTR SS:[EBP-4],37


|LEA ECX,[EBP-0E00]
|CALL 0040ECD0

; [SystemIn

\JMP 0041783E
MOV BYTE PTR SS:[EBP-4],36
LEA ECX,[EBP-88]
CALL 00417A70
MOV DWORD PTR SS:[EBP-4],-1
LEA ECX,[EBP-60]

|||||||
|||||||
|||||||
|||||||
|||||||
||||||\Sy

|||
|||
|||
|||
||\System

|
|
|
|
|
\SystemIn

00417A1F
00417A24
00417A27
00417A2E
00417A2F
00417A30
00417A36
00417A38
00417A3D
00417A3F
00417A40
00417A41
00417A44
00417A48
00417A4C
00417A50
00417A54
00417A58
00417A5C
00417A60
00417A64
00417A68
00417A6C
00417A70
00417A71
00417A73
00417A75
00417A7A
00417A80
00417A81
00417A87
00417A8C
00417A8E
00417A8F
00417A92
00417A98
00417A9E
00417AA5
00417AAB
00417AB0
00417AB7
00417ABD
00417ABF
00417AC5
00417ACB
00417ACC
00417AD1
00417AD4
00417AD7
00417ADE
00417ADF
00417AE1
00417AE2
00417AE3
00417AE4
00417AE5
00417AE6
00417AE7
00417AE8
00417AE9

|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
\.
.
.
.
.
.
.
.
.
.
.
.
/$
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
\.

E8 4C000000
8B4D F4
64:890D 00000
59
5E
8B8D 10FFFFFF
33CD
E8 B46C0100
8BE5
5D
C3
8D49 00
896B4100
046F4100
8E704100
C0724100
C3754100
C3754100
53754100
C3754100
C3754100
9D754100
8A754100
55
8BEC
6A FF
68 4B5E4400
64:A1 0000000
50
81EC 90000000
A1 A0154500
33C5
50
8D45 F4
64:A3 0000000
898D 64FFFFFF
C745 FC 00000
8B8D 64FFFFFF
E8 F0D70000
C745 FC FFFFF
8B85 64FFFFFF
8B08
898D 68FFFFFF
8B95 68FFFFFF
52
E8 496E0100
83C4 04
8B4D F4
64:890D 00000
59
8BE5
5D
C3
CC
CC
CC
CC
CC
CC
CC

CALL 00417A70
MOV ECX,DWORD PTR SS:[EBP-0C]
MOV DWORD PTR FS:[0],ECX
POP ECX
POP ESI
MOV ECX,DWORD PTR SS:[EBP-0F0]
XOR ECX,EBP
CALL 0042E6F1
MOV ESP,EBP
POP EBP
RETN
LEA ECX,[ECX]
DD 00416B89
DD 00416F04
DD 0041708E
DD 004172C0
DD 004175C3
DD 004175C3
DD 00417553
DD 004175C3
DD 004175C3
DD 0041759D
DD 0041758A
PUSH EBP
MOV EBP,ESP
PUSH -1
PUSH 00445E4B
MOV EAX,DWORD PTR FS:[0]
PUSH EAX
SUB ESP,90
MOV EAX,DWORD PTR DS:[4515A0]
XOR EAX,EBP
PUSH EAX
LEA EAX,[EBP-0C]
MOV DWORD PTR FS:[0],EAX
MOV DWORD PTR SS:[EBP-9C],ECX
MOV DWORD PTR SS:[EBP-4],0
MOV ECX,DWORD PTR SS:[EBP-9C]
CALL 004252A0
MOV DWORD PTR SS:[EBP-4],-1
MOV EAX,DWORD PTR SS:[EBP-9C]
MOV ECX,DWORD PTR DS:[EAX]
MOV DWORD PTR SS:[EBP-98],ECX
MOV EDX,DWORD PTR SS:[EBP-98]
PUSH EDX
CALL 0042E91A
ADD ESP,4
MOV ECX,DWORD PTR SS:[EBP-0C]
MOV DWORD PTR FS:[0],ECX
POP ECX
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
INT3
INT3
INT3
INT3

00417AEA
CC
00417AEB
CC
00417AEC
CC
00417AED
CC
00417AEE
CC
00417AEF
CC
00417AF0 /$ 55
o.00417AF0(guessed Arg1)
00417AF1 |. 8BEC
00417AF3 |. 6A FF
00417AF5 |. 68 D85E4400
00417AFA |. 64:A1 0000000
00417B00 |. 50
00417B01 |. 81EC D0030000
00417B07 |. A1 A0154500
00417B0C |. 33C5
00417B0E |. 50
00417B0F |. 8D45 F4
00417B12 |. 64:A3 0000000
00417B18 |. 8D45 D4
00417B1B |. 50
tatus => OFFSET LOCAL.11
00417B1C |. FF15 70804400
.GlobalMemoryStatus
00417B22 |. 8B0D F8284500
00417B28 |. 83C1 01
00417B2B |. 890D F8284500
00417B31 |. C705 FC284500
00417B3B |. 68 77874400
ystemInfo.448777
00417B40 |. 8D4D A0
00417B43 |. E8 A870FFFF
fo.0040EBF0
00417B48 |. C745 FC 00000
00417B4F |. 8D55 A0
00417B52 |. 52
OFFSET LOCAL.24
00417B53 |. B9 0C294500
00417B58 |. E8 C3F5FEFF
fo.00407120
00417B5D |. A1 FC284500
00417B62 |. 83C0 01
00417B65 |. A3 FC284500
00417B6A |. 68 74874400
"
00417B6F |. 8B0D FC284500
00417B75 |. 51
[4528FC] = 0
00417B76 |. 68 D0914400
00417B7B |. 8B15 F8284500
00417B81 |. 52
[4528F8] = 0
00417B82 |. B9 08294500
00417B87 |. E8 D4E2FEFF
nfo.00405E60
00417B8C |. 50
00417B8D |. E8 CE2DFFFF
00417B92 |. 83C4 08
00417B95 |. 8BC8
00417B97 |. E8 C4E2FEFF

INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP

; SystemInf

MOV EBP,ESP
PUSH -1
PUSH 00445ED8
MOV EAX,DWORD PTR FS:[0]
PUSH EAX
SUB ESP,3D0
MOV EAX,DWORD PTR DS:[4515A0]
XOR EAX,EBP
PUSH EAX
LEA EAX,[LOCAL.3]
MOV DWORD PTR FS:[0],EAX
LEA EAX,[LOCAL.11]
PUSH EAX

; /pMemorys

CALL DWORD PTR DS:[<&KERNEL32.GlobalMemo ; \KERNEL32


MOV ECX,DWORD PTR DS:[4528F8]
ADD ECX,1
MOV DWORD PTR DS:[4528F8],ECX
MOV DWORD PTR DS:[4528FC],0
PUSH OFFSET 00448777

; /Arg1 = S

LEA ECX,[LOCAL.24]
CALL 0040EBF0

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.1],0


LEA EDX,[LOCAL.24]
PUSH EDX

; /Arg1 =>

MOV ECX,OFFSET 0045290C


CALL 00407120

; |
; \SystemIn

MOV EAX,DWORD PTR DS:[4528FC]


ADD EAX,1
MOV DWORD PTR DS:[4528FC],EAX
PUSH OFFSET 00448774

; ASCII ".

MOV ECX,DWORD PTR DS:[4528FC]


PUSH ECX

; /Arg1 =>

PUSH OFFSET 004491D0


MOV EDX,DWORD PTR DS:[4528F8]
PUSH EDX

; |
; |
; |/Arg1 =>

MOV ECX,OFFSET 00452908


CALL 00405E60

; ||
; |\SystemI

PUSH EAX
CALL 0040A960
ADD ESP,8
MOV ECX,EAX
CALL 00405E60

;
;
;
;
;

|
|
|
|
\SystemIn

fo.00405E60
00417B9C |. 50
00417B9D |. E8 BE2DFFFF
00417BA2 |. 83C4 08
00417BA5 |. 8D45 84
00417BA8 |. 50
OFFSET LOCAL.31
00417BA9 |. B9 08294500
00417BAE |. E8 ADE8FEFF
fo.00406460
00417BB3 |. 8985 90FCFFFF
00417BB9 |. 8B8D 90FCFFFF
00417BBF |. 898D 8CFCFFFF
00417BC5 |. C645 FC 01
00417BC9 |. 837D 08 00
00417BCD |. 75 0C
00417BCF |. C785 08FEFFFF
00417BD9 |. EB 11
00417BDB |> 8B55 08
00417BDE |. 8B02
00417BE0 |. 8B4D 08
00417BE3 |. 0348 04
00417BE6 |. 898D 08FEFFFF
00417BEC |> 68 C0010000
C0
00417BF1 |. 6A 40
0
00417BF3 |. 8B8D 08FEFFFF
00417BF9 |. E8 8211FFFF
fo.00408D80
00417BFE |. 6A 06
00417C00 |. 8D95 7CFFFFFF
00417C06 |. 52
OFFSET LOCAL.33
00417C07 |. E8 8C5B0100
fo.0042D798
00417C0C |. 83C4 08
00417C0F |. 8985 04FEFFFF
00417C15 |. 837D 08 00
00417C19 |. 75 0C
00417C1B |. C785 88FCFFFF
00417C25 |. EB 11
00417C27 |> 8B45 08
00417C2A |. 8B08
00417C2C |. 8B55 08
00417C2F |. 0351 04
00417C32 |. 8995 88FCFFFF
00417C38 |> 8B85 04FEFFFF
00417C3E |. 8B48 04
00417C41 |. 51
00417C42 |. 8B95 88FCFFFF
00417C48 |. 52
00417C49 |. 8B85 04FEFFFF
00417C4F |. 8B08
00417C51 |. FFD1
00417C53 |. 83C4 08
00417C56 |. 8B95 8CFCFFFF
00417C5C |. 52
00417C5D |. 8B45 08
00417C60 |. 50

PUSH EAX
CALL 0040A960
ADD ESP,8
LEA EAX,[LOCAL.31]
PUSH EAX

; /Arg1 =>

MOV ECX,OFFSET 00452908


CALL 00406460

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.220],EAX


MOV ECX,DWORD PTR SS:[LOCAL.220]
MOV DWORD PTR SS:[LOCAL.221],ECX
MOV BYTE PTR SS:[LOCAL.1],1
CMP DWORD PTR SS:[ARG.1],0
JNE SHORT 00417BDB
MOV DWORD PTR SS:[LOCAL.126],0
JMP SHORT 00417BEC
MOV EDX,DWORD PTR SS:[ARG.1]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[ARG.1]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.126],ECX
PUSH 1C0

; /Arg2 = 1

PUSH 40

; |Arg1 = 4

MOV ECX,DWORD PTR SS:[LOCAL.126]


CALL 00408D80

; |
; \SystemIn

PUSH 6
LEA EDX,[LOCAL.33]
PUSH EDX

; /Arg2 = 6
; |
; |Arg1 =>

CALL 0042D798

; \SystemIn

ADD ESP,8
MOV DWORD PTR SS:[LOCAL.127],EAX
CMP DWORD PTR SS:[ARG.1],0
JNE SHORT 00417C27
MOV DWORD PTR SS:[LOCAL.222],0
JMP SHORT 00417C38
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[ARG.1]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[LOCAL.222],EDX
MOV EAX,DWORD PTR SS:[LOCAL.127]
MOV ECX,DWORD PTR DS:[EAX+4]
PUSH ECX
MOV EDX,DWORD PTR SS:[LOCAL.222]
PUSH EDX
MOV EAX,DWORD PTR SS:[LOCAL.127]
MOV ECX,DWORD PTR DS:[EAX]
CALL ECX
ADD ESP,8
MOV EDX,DWORD PTR SS:[LOCAL.221]
PUSH EDX
MOV EAX,DWORD PTR SS:[ARG.1]
PUSH EAX

00417C61 |. E8 FA31FFFF
00417C66 |. 83C4 08
00417C69 |. 8985 FCFDFFFF
00417C6F |. 83BD FCFDFFFF
00417C76 |. 75 0C
00417C78 |. C785 00FEFFFF
00417C82 |. EB 17
00417C84 |> 8B8D FCFDFFFF
00417C8A |. 8B11
00417C8C |. 8B85 FCFDFFFF
00417C92 |. 0342 04
00417C95 |. 8985 00FEFFFF
00417C9B |> 68 C0010000
C0
00417CA0 |. 68 80000000
0
00417CA5 |. 8B8D 00FEFFFF
00417CAB |. E8 D010FFFF
fo.00408D80
00417CB0 |. 6A 23
3
00417CB2 |. 8D4D BC
00417CB5 |. 51
OFFSET LOCAL.17
00417CB6 |. E8 DD5A0100
fo.0042D798
00417CBB |. 83C4 08
00417CBE |. 8985 F8FDFFFF
00417CC4 |. 83BD FCFDFFFF
00417CCB |. 75 0C
00417CCD |. C785 84FCFFFF
00417CD7 |. EB 17
00417CD9 |> 8B95 FCFDFFFF
00417CDF |. 8B02
00417CE1 |. 8B8D FCFDFFFF
00417CE7 |. 0348 04
00417CEA |. 898D 84FCFFFF
00417CF0 |> 8B95 F8FDFFFF
00417CF6 |. 8B42 04
00417CF9 |. 50
00417CFA |. 8B8D 84FCFFFF
00417D00 |. 51
00417D01 |. 8B95 F8FDFFFF
00417D07 |. 8B02
00417D09 |. FFD0
00417D0B |. 83C4 08
00417D0E |. 83BD FCFDFFFF
00417D15 |. 75 0C
00417D17 |. C785 F4FDFFFF
00417D21 |. EB 17
00417D23 |> 8B8D FCFDFFFF
00417D29 |. 8B11
00417D2B |. 8B85 FCFDFFFF
00417D31 |. 0342 04
00417D34 |. 8985 F4FDFFFF
00417D3A |> 68 C0010000
C0
00417D3F |. 6A 40
0
00417D41 |. 8B8D F4FDFFFF

CALL 0040AE60
ADD ESP,8
MOV DWORD PTR SS:[LOCAL.129],EAX
CMP DWORD PTR SS:[LOCAL.129],0
JNE SHORT 00417C84
MOV DWORD PTR SS:[LOCAL.128],0
JMP SHORT 00417C9B
MOV ECX,DWORD PTR SS:[LOCAL.129]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[LOCAL.129]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.128],EAX
PUSH 1C0

; /Arg2 = 1

PUSH 80

; |Arg1 = 8

MOV ECX,DWORD PTR SS:[LOCAL.128]


CALL 00408D80

; |
; \SystemIn

PUSH 23

; /Arg2 = 2

LEA ECX,[LOCAL.17]
PUSH ECX

; |
; |Arg1 =>

CALL 0042D798

; \SystemIn

ADD ESP,8
MOV DWORD PTR SS:[LOCAL.130],EAX
CMP DWORD PTR SS:[LOCAL.129],0
JNE SHORT 00417CD9
MOV DWORD PTR SS:[LOCAL.223],0
JMP SHORT 00417CF0
MOV EDX,DWORD PTR SS:[LOCAL.129]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[LOCAL.129]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.223],ECX
MOV EDX,DWORD PTR SS:[LOCAL.130]
MOV EAX,DWORD PTR DS:[EDX+4]
PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.223]
PUSH ECX
MOV EDX,DWORD PTR SS:[LOCAL.130]
MOV EAX,DWORD PTR DS:[EDX]
CALL EAX
ADD ESP,8
CMP DWORD PTR SS:[LOCAL.129],0
JNE SHORT 00417D23
MOV DWORD PTR SS:[LOCAL.131],0
JMP SHORT 00417D3A
MOV ECX,DWORD PTR SS:[LOCAL.129]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[LOCAL.129]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.131],EAX
PUSH 1C0

; /Arg2 = 1

PUSH 40

; |Arg1 = 4

MOV ECX,DWORD PTR SS:[LOCAL.131]

; |

00417D47 |. E8 3410FFFF
fo.00408D80
00417D4C |. 68 2C924400
MORY"
00417D51 |. 8B8D FCFDFFFF
00417D57 |. 51
00417D58 |. E8 032CFFFF
00417D5D |. 83C4 08
00417D60 |. 8985 ECFDFFFF
00417D66 |. 83BD ECFDFFFF
00417D6D |. 75 0C
00417D6F |. C785 F0FDFFFF
00417D79 |. EB 17
00417D7B |> 8B95 ECFDFFFF
00417D81 |. 8B02
00417D83 |. 8B8D ECFDFFFF
00417D89 |. 0348 04
00417D8C |. 898D F0FDFFFF
00417D92 |> 68 C0010000
C0
00417D97 |. 68 80000000
0
00417D9C |. 8B8D F0FDFFFF
00417DA2 |. E8 D90FFFFF
fo.00408D80
00417DA7 |. 6A 0A
A
00417DA9 |. 8D55 C4
00417DAC |. 52
OFFSET LOCAL.15
00417DAD |. E8 E6590100
fo.0042D798
00417DB2 |. 83C4 08
00417DB5 |. 8985 E8FDFFFF
00417DBB |. 83BD ECFDFFFF
00417DC2 |. 75 0C
00417DC4 |. C785 80FCFFFF
00417DCE |. EB 17
00417DD0 |> 8B85 ECFDFFFF
00417DD6 |. 8B08
00417DD8 |. 8B95 ECFDFFFF
00417DDE |. 0351 04
00417DE1 |. 8995 80FCFFFF
00417DE7 |> 8B85 E8FDFFFF
00417DED |. 8B48 04
00417DF0 |. 51
00417DF1 |. 8B95 80FCFFFF
00417DF7 |. 52
00417DF8 |. 8B85 E8FDFFFF
00417DFE |. 8B08
00417E00 |. FFD1
00417E02 |. 83C4 08
00417E05 |. 6A 0C
C
00417E07 |. 8D55 CC
00417E0A |. 52
OFFSET LOCAL.13
00417E0B |. E8 88590100
fo.0042D798
00417E10 |. 83C4 08

CALL 00408D80

; \SystemIn

PUSH OFFSET 0044922C

; ASCII "ME

MOV ECX,DWORD PTR SS:[LOCAL.129]


PUSH ECX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[LOCAL.133],EAX
CMP DWORD PTR SS:[LOCAL.133],0
JNE SHORT 00417D7B
MOV DWORD PTR SS:[LOCAL.132],0
JMP SHORT 00417D92
MOV EDX,DWORD PTR SS:[LOCAL.133]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[LOCAL.133]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.132],ECX
PUSH 1C0

; /Arg2 = 1

PUSH 80

; |Arg1 = 8

MOV ECX,DWORD PTR SS:[LOCAL.132]


CALL 00408D80

; |
; \SystemIn

PUSH 0A

; /Arg2 = 0

LEA EDX,[LOCAL.15]
PUSH EDX

; |
; |Arg1 =>

CALL 0042D798

; \SystemIn

ADD ESP,8
MOV DWORD PTR SS:[LOCAL.134],EAX
CMP DWORD PTR SS:[LOCAL.133],0
JNE SHORT 00417DD0
MOV DWORD PTR SS:[LOCAL.224],0
JMP SHORT 00417DE7
MOV EAX,DWORD PTR SS:[LOCAL.133]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[LOCAL.133]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[LOCAL.224],EDX
MOV EAX,DWORD PTR SS:[LOCAL.134]
MOV ECX,DWORD PTR DS:[EAX+4]
PUSH ECX
MOV EDX,DWORD PTR SS:[LOCAL.224]
PUSH EDX
MOV EAX,DWORD PTR SS:[LOCAL.134]
MOV ECX,DWORD PTR DS:[EAX]
CALL ECX
ADD ESP,8
PUSH 0C

; /Arg2 = 0

LEA EDX,[LOCAL.13]
PUSH EDX

; |
; |Arg1 =>

CALL 0042D798

; \SystemIn

ADD ESP,8

00417E13 |. 8985 E0FDFFFF


00417E19 |. 68 20924400
tal "
00417E1E |. 8B85 ECFDFFFF
00417E24 |. 50
00417E25 |. E8 362BFFFF
00417E2A |. 83C4 08
00417E2D |. 8985 E4FDFFFF
00417E33 |. 83BD E4FDFFFF
00417E3A |. 75 0C
00417E3C |. C785 7CFCFFFF
00417E46 |. EB 17
00417E48 |> 8B8D E4FDFFFF
00417E4E |. 8B11
00417E50 |. 8B85 E4FDFFFF
00417E56 |. 0342 04
00417E59 |. 8985 7CFCFFFF
00417E5F |> 8B8D E0FDFFFF
00417E65 |. 8B51 04
00417E68 |. 52
00417E69 |. 8B85 7CFCFFFF
00417E6F |. 50
00417E70 |. 8B8D E0FDFFFF
00417E76 |. 8B11
00417E78 |. FFD2
00417E7A |. 83C4 08
00417E7D |. 68 14924400
ailable"
00417E82 |. 8B85 E4FDFFFF
00417E88 |. 50
00417E89 |. E8 D22AFFFF
00417E8E |. 83C4 08
00417E91 |. 8985 DCFDFFFF
00417E97 |. 6A 0A
A
00417E99 |. 8B8D DCFDFFFF
00417E9F |. E8 1C77FFFF
fo.0040F5C0
00417EA4 |. 8B8D DCFDFFFF
00417EAA |. E8 1179FFFF
fo.0040F7C0
00417EAF |. C645 FC 00
00417EB3 |. 6A 00
00417EB5 |. 6A 01
00417EB7 |. 8D4D 84
00417EBA |. E8 A17CFFFF
fo.0040FB60
00417EBF |. C745 FC FFFFF
00417EC6 |. 6A 00
00417EC8 |. 6A 01
00417ECA |. 8D4D A0
00417ECD |. E8 8E7CFFFF
fo.0040FB60
00417ED2 |. 68 77874400
ystemInfo.448777
00417ED7 |. 8D8D 44FFFFFF
00417EDD |. E8 0E6DFFFF
fo.0040EBF0
00417EE2 |. C745 FC 02000
00417EE9 |. 8D8D 44FFFFFF

MOV DWORD PTR SS:[LOCAL.136],EAX


PUSH OFFSET 00449220

; ASCII "To

MOV EAX,DWORD PTR SS:[LOCAL.133]


PUSH EAX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[LOCAL.135],EAX
CMP DWORD PTR SS:[LOCAL.135],0
JNE SHORT 00417E48
MOV DWORD PTR SS:[LOCAL.225],0
JMP SHORT 00417E5F
MOV ECX,DWORD PTR SS:[LOCAL.135]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[LOCAL.135]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.225],EAX
MOV ECX,DWORD PTR SS:[LOCAL.136]
MOV EDX,DWORD PTR DS:[ECX+4]
PUSH EDX
MOV EAX,DWORD PTR SS:[LOCAL.225]
PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.136]
MOV EDX,DWORD PTR DS:[ECX]
CALL EDX
ADD ESP,8
PUSH OFFSET 00449214

; ASCII "Av

MOV EAX,DWORD PTR SS:[LOCAL.135]


PUSH EAX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[LOCAL.137],EAX
PUSH 0A

; /Arg1 = 0

MOV ECX,DWORD PTR SS:[LOCAL.137]


CALL 0040F5C0

; |
; \SystemIn

MOV ECX,DWORD PTR SS:[LOCAL.137]


CALL 0040F7C0

; [SystemIn

MOV BYTE PTR SS:[LOCAL.1],0


PUSH 0
PUSH 1
LEA ECX,[LOCAL.31]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

MOV DWORD PTR SS:[LOCAL.1],-1


PUSH 0
PUSH 1
LEA ECX,[LOCAL.24]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

PUSH OFFSET 00448777

; /Arg1 = S

LEA ECX,[LOCAL.47]
CALL 0040EBF0

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.1],2


LEA ECX,[LOCAL.47]

00417EEF |. 51
OFFSET LOCAL.47
00417EF0 |. B9 0C294500
00417EF5 |. E8 26F2FEFF
fo.00407120
00417EFA |. 8B15 FC284500
00417F00 |. 83C2 01
00417F03 |. 8915 FC284500
00417F09 |. 68 74874400
"
00417F0E |. A1 FC284500
00417F13 |. 50
[4528FC] = 0
00417F14 |. 68 D0914400
00417F19 |. 8B0D F8284500
00417F1F |. 51
[4528F8] = 0
00417F20 |. B9 08294500
00417F25 |. E8 36DFFEFF
nfo.00405E60
00417F2A |. 50
00417F2B |. E8 302AFFFF
00417F30 |. 83C4 08
00417F33 |. 8BC8
00417F35 |. E8 26DFFEFF
fo.00405E60
00417F3A |. 50
00417F3B |. E8 202AFFFF
00417F40 |. 83C4 08
00417F43 |. 8D95 28FFFFFF
00417F49 |. 52
OFFSET LOCAL.54
00417F4A |. B9 08294500
00417F4F |. E8 0CE5FEFF
fo.00406460
00417F54 |. 8985 78FCFFFF
00417F5A |. 8B85 78FCFFFF
00417F60 |. 8985 74FCFFFF
00417F66 |. C645 FC 03
00417F6A |. C685 6BFFFFFF
00417F71 |. C685 6AFFFFFF
00417F78 |. 837D 08 00
00417F7C |. 75 0C
00417F7E |. C785 C8FDFFFF
00417F88 |. EB 11
00417F8A |> 8B4D 08
00417F8D |. 8B11
00417F8F |. 8B45 08
00417F92 |. 0342 04
00417F95 |. 8985 C8FDFFFF
00417F9B |> 68 C0010000
C0
00417FA0 |. 6A 40
0
00417FA2 |. 8B8D C8FDFFFF
00417FA8 |. E8 D30DFFFF
fo.00408D80
00417FAD |. 6A 06
00417FAF |. 8D8D 20FFFFFF
00417FB5 |. 51

PUSH ECX

; /Arg1 =>

MOV ECX,OFFSET 0045290C


CALL 00407120

; |
; \SystemIn

MOV EDX,DWORD PTR DS:[4528FC]


ADD EDX,1
MOV DWORD PTR DS:[4528FC],EDX
PUSH OFFSET 00448774

; ASCII ".

MOV EAX,DWORD PTR DS:[4528FC]


PUSH EAX

; /Arg1 =>

PUSH OFFSET 004491D0


MOV ECX,DWORD PTR DS:[4528F8]
PUSH ECX

; |
; |
; |/Arg1 =>

MOV ECX,OFFSET 00452908


CALL 00405E60

; ||
; |\SystemI

PUSH EAX
CALL 0040A960
ADD ESP,8
MOV ECX,EAX
CALL 00405E60

;
;
;
;
;

PUSH EAX
CALL 0040A960
ADD ESP,8
LEA EDX,[LOCAL.54]
PUSH EDX

; /Arg1 =>

MOV ECX,OFFSET 00452908


CALL 00406460

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.226],EAX


MOV EAX,DWORD PTR SS:[LOCAL.226]
MOV DWORD PTR SS:[LOCAL.227],EAX
MOV BYTE PTR SS:[LOCAL.1],3
MOV BYTE PTR SS:[LOCAL.38+3],20
MOV BYTE PTR SS:[LOCAL.38+2],2E
CMP DWORD PTR SS:[ARG.1],0
JNE SHORT 00417F8A
MOV DWORD PTR SS:[LOCAL.142],0
JMP SHORT 00417F9B
MOV ECX,DWORD PTR SS:[ARG.1]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[ARG.1]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.142],EAX
PUSH 1C0

; /Arg2 = 1

PUSH 40

; |Arg1 = 4

MOV ECX,DWORD PTR SS:[LOCAL.142]


CALL 00408D80

; |
; \SystemIn

PUSH 6
LEA ECX,[LOCAL.56]
PUSH ECX

; /Arg2 = 6
; |
; |Arg1 =>

|
|
|
|
\SystemIn

OFFSET LOCAL.56
00417FB6 |. E8 DD570100
fo.0042D798
00417FBB |. 83C4 08
00417FBE |. 8985 C4FDFFFF
00417FC4 |. 837D 08 00
00417FC8 |. 75 0C
00417FCA |. C785 70FCFFFF
00417FD4 |. EB 11
00417FD6 |> 8B55 08
00417FD9 |. 8B02
00417FDB |. 8B4D 08
00417FDE |. 0348 04
00417FE1 |. 898D 70FCFFFF
00417FE7 |> 8B95 C4FDFFFF
00417FED |. 8B42 04
00417FF0 |. 50
00417FF1 |. 8B8D 70FCFFFF
00417FF7 |. 51
00417FF8 |. 8B95 C4FDFFFF
00417FFE |. 8B02
00418000 |. FFD0
00418002 |. 83C4 08
00418005 |. 8B8D 74FCFFFF
0041800B |. 51
0041800C |. 8B55 08
0041800F |. 52
00418010 |. E8 4B2EFFFF
00418015 |. 83C4 08
00418018 |. 8985 BCFDFFFF
0041801E |. 83BD BCFDFFFF
00418025 |. 75 0C
00418027 |. C785 C0FDFFFF
00418031 |. EB 17
00418033 |> 8B85 BCFDFFFF
00418039 |. 8B08
0041803B |. 8B95 BCFDFFFF
00418041 |. 0351 04
00418044 |. 8995 C0FDFFFF
0041804A |> 68 C0010000
C0
0041804F |. 68 80000000
0
00418054 |. 8B8D C0FDFFFF
0041805A |. E8 210DFFFF
fo.00408D80
0041805F |. 6A 23
3
00418061 |. 8D85 60FFFFFF
00418067 |. 50
OFFSET LOCAL.40
00418068 |. E8 2B570100
fo.0042D798
0041806D |. 83C4 08
00418070 |. 8985 B8FDFFFF
00418076 |. 83BD BCFDFFFF
0041807D |. 75 0C
0041807F |. C785 6CFCFFFF
00418089 |. EB 17
0041808B |> 8B8D BCFDFFFF

CALL 0042D798

; \SystemIn

ADD ESP,8
MOV DWORD PTR SS:[LOCAL.143],EAX
CMP DWORD PTR SS:[ARG.1],0
JNE SHORT 00417FD6
MOV DWORD PTR SS:[LOCAL.228],0
JMP SHORT 00417FE7
MOV EDX,DWORD PTR SS:[ARG.1]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[ARG.1]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.228],ECX
MOV EDX,DWORD PTR SS:[LOCAL.143]
MOV EAX,DWORD PTR DS:[EDX+4]
PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.228]
PUSH ECX
MOV EDX,DWORD PTR SS:[LOCAL.143]
MOV EAX,DWORD PTR DS:[EDX]
CALL EAX
ADD ESP,8
MOV ECX,DWORD PTR SS:[LOCAL.227]
PUSH ECX
MOV EDX,DWORD PTR SS:[ARG.1]
PUSH EDX
CALL 0040AE60
ADD ESP,8
MOV DWORD PTR SS:[LOCAL.145],EAX
CMP DWORD PTR SS:[LOCAL.145],0
JNE SHORT 00418033
MOV DWORD PTR SS:[LOCAL.144],0
JMP SHORT 0041804A
MOV EAX,DWORD PTR SS:[LOCAL.145]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[LOCAL.145]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[LOCAL.144],EDX
PUSH 1C0

; /Arg2 = 1

PUSH 80

; |Arg1 = 8

MOV ECX,DWORD PTR SS:[LOCAL.144]


CALL 00408D80

; |
; \SystemIn

PUSH 23

; /Arg2 = 2

LEA EAX,[LOCAL.40]
PUSH EAX

; |
; |Arg1 =>

CALL 0042D798

; \SystemIn

ADD
MOV
CMP
JNE
MOV
JMP
MOV

ESP,8
DWORD PTR SS:[LOCAL.146],EAX
DWORD PTR SS:[LOCAL.145],0
SHORT 0041808B
DWORD PTR SS:[LOCAL.229],0
SHORT 004180A2
ECX,DWORD PTR SS:[LOCAL.145]

00418091 |. 8B11
00418093 |. 8B85 BCFDFFFF
00418099 |. 0342 04
0041809C |. 8985 6CFCFFFF
004180A2 |> 8B8D B8FDFFFF
004180A8 |. 8B51 04
004180AB |. 52
004180AC |. 8B85 6CFCFFFF
004180B2 |. 50
004180B3 |. 8B8D B8FDFFFF
004180B9 |. 8B11
004180BB |. FFD2
004180BD |. 83C4 08
004180C0 |. 8A85 6AFFFFFF
004180C6 |. 8885 AFFDFFFF
004180CC |. 8B8D BCFDFFFF
004180D2 |. 8B11
004180D4 |. 8B85 BCFDFFFF
004180DA |. 0342 04
004180DD |. 8985 B0FDFFFF
004180E3 |. 8B8D B0FDFFFF
004180E9 |. 8A51 30
004180EC |. 8895 B7FDFFFF
004180F2 |. 8B85 B0FDFFFF
004180F8 |. 8A8D AFFDFFFF
004180FE |. 8848 30
00418101 |. 83BD BCFDFFFF
00418108 |. 75 0C
0041810A |. C785 A8FDFFFF
00418114 |. EB 17
00418116 |> 8B95 BCFDFFFF
0041811C |. 8B02
0041811E |. 8B8D BCFDFFFF
00418124 |. 0348 04
00418127 |. 898D A8FDFFFF
0041812D |> 68 C0010000
C0
00418132 |. 6A 40
0
00418134 |. 8B8D A8FDFFFF
0041813A |. E8 410CFFFF
fo.00408D80
0041813F |. 68 04924400
ysical Memory"
00418144 |. 8B95 BCFDFFFF
0041814A |. 52
0041814B |. E8 1028FFFF
00418150 |. 83C4 08
00418153 |. 8985 A0FDFFFF
00418159 |. 83BD A0FDFFFF
00418160 |. 75 0C
00418162 |. C785 A4FDFFFF
0041816C |. EB 17
0041816E |> 8B85 A0FDFFFF
00418174 |. 8B08
00418176 |. 8B95 A0FDFFFF
0041817C |. 0351 04
0041817F |. 8995 A4FDFFFF
00418185 |> 68 C0010000
C0

MOV EDX,DWORD PTR DS:[ECX]


MOV EAX,DWORD PTR SS:[LOCAL.145]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.229],EAX
MOV ECX,DWORD PTR SS:[LOCAL.146]
MOV EDX,DWORD PTR DS:[ECX+4]
PUSH EDX
MOV EAX,DWORD PTR SS:[LOCAL.229]
PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.146]
MOV EDX,DWORD PTR DS:[ECX]
CALL EDX
ADD ESP,8
MOV AL,BYTE PTR SS:[LOCAL.38+2]
MOV BYTE PTR SS:[LOCAL.149+3],AL
MOV ECX,DWORD PTR SS:[LOCAL.145]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[LOCAL.145]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.148],EAX
MOV ECX,DWORD PTR SS:[LOCAL.148]
MOV DL,BYTE PTR DS:[ECX+30]
MOV BYTE PTR SS:[LOCAL.147+3],DL
MOV EAX,DWORD PTR SS:[LOCAL.148]
MOV CL,BYTE PTR SS:[LOCAL.149+3]
MOV BYTE PTR DS:[EAX+30],CL
CMP DWORD PTR SS:[LOCAL.145],0
JNE SHORT 00418116
MOV DWORD PTR SS:[LOCAL.150],0
JMP SHORT 0041812D
MOV EDX,DWORD PTR SS:[LOCAL.145]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[LOCAL.145]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.150],ECX
PUSH 1C0

; /Arg2 = 1

PUSH 40

; |Arg1 = 4

MOV ECX,DWORD PTR SS:[LOCAL.150]


CALL 00408D80

; |
; \SystemIn

PUSH OFFSET 00449204

; ASCII "Ph

MOV EDX,DWORD PTR SS:[LOCAL.145]


PUSH EDX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[LOCAL.152],EAX
CMP DWORD PTR SS:[LOCAL.152],0
JNE SHORT 0041816E
MOV DWORD PTR SS:[LOCAL.151],0
JMP SHORT 00418185
MOV EAX,DWORD PTR SS:[LOCAL.152]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[LOCAL.152]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[LOCAL.151],EDX
PUSH 1C0

; /Arg2 = 1

0041818A |. 68 80000000
0
0041818F |. 8B8D A4FDFFFF
00418195 |. E8 E60BFFFF
fo.00408D80
0041819A |. 8A85 6BFFFFFF
004181A0 |. 8885 97FDFFFF
004181A6 |. 8B8D A0FDFFFF
004181AC |. 8B11
004181AE |. 8B85 A0FDFFFF
004181B4 |. 0342 04
004181B7 |. 8985 98FDFFFF
004181BD |. 8B8D 98FDFFFF
004181C3 |. 8A51 30
004181C6 |. 8895 9FFDFFFF
004181CC |. 8B85 98FDFFFF
004181D2 |. 8A8D 97FDFFFF
004181D8 |. 8848 30
004181DB |. 6A 07
004181DD |. 8D95 6CFFFFFF
004181E3 |. 52
OFFSET LOCAL.37
004181E4 |. E8 AF550100
fo.0042D798
004181E9 |. 83C4 08
004181EC |. 8985 90FDFFFF
004181F2 |. 83BD A0FDFFFF
004181F9 |. 75 0C
004181FB |. C785 68FCFFFF
00418205 |. EB 17
00418207 |> 8B85 A0FDFFFF
0041820D |. 8B08
0041820F |. 8B95 A0FDFFFF
00418215 |. 0351 04
00418218 |. 8995 68FCFFFF
0041821E |> 8B85 90FDFFFF
00418224 |. 8B48 04
00418227 |. 51
00418228 |. 8B95 68FCFFFF
0041822E |. 52
0041822F |. 8B85 90FDFFFF
00418235 |. 8B08
00418237 |. FFD1
00418239 |. 83C4 08
0041823C |. 6A 09
0041823E |. 8D95 74FFFFFF
00418244 |. 52
OFFSET LOCAL.35
00418245 |. E8 4E550100
fo.0042D798
0041824A |. 83C4 08
0041824D |. 8985 88FDFFFF
00418253 |. 68 00924400
B"
00418258 |. 8B45 DC
0041825B |. C1E8 0A
0041825E |. 50
0041825F |. 8B8D A0FDFFFF
00418265 |. E8 26DFFEFF
fo.00406190

PUSH 80

; |Arg1 = 8

MOV ECX,DWORD PTR SS:[LOCAL.151]


CALL 00408D80

; |
; \SystemIn

MOV AL,BYTE PTR SS:[LOCAL.38+3]


MOV BYTE PTR SS:[LOCAL.155+3],AL
MOV ECX,DWORD PTR SS:[LOCAL.152]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[LOCAL.152]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.154],EAX
MOV ECX,DWORD PTR SS:[LOCAL.154]
MOV DL,BYTE PTR DS:[ECX+30]
MOV BYTE PTR SS:[LOCAL.153+3],DL
MOV EAX,DWORD PTR SS:[LOCAL.154]
MOV CL,BYTE PTR SS:[LOCAL.155+3]
MOV BYTE PTR DS:[EAX+30],CL
PUSH 7
LEA EDX,[LOCAL.37]
PUSH EDX

; /Arg2 = 7
; |
; |Arg1 =>

CALL 0042D798

; \SystemIn

ADD ESP,8
MOV DWORD PTR SS:[LOCAL.156],EAX
CMP DWORD PTR SS:[LOCAL.152],0
JNE SHORT 00418207
MOV DWORD PTR SS:[LOCAL.230],0
JMP SHORT 0041821E
MOV EAX,DWORD PTR SS:[LOCAL.152]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[LOCAL.152]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[LOCAL.230],EDX
MOV EAX,DWORD PTR SS:[LOCAL.156]
MOV ECX,DWORD PTR DS:[EAX+4]
PUSH ECX
MOV EDX,DWORD PTR SS:[LOCAL.230]
PUSH EDX
MOV EAX,DWORD PTR SS:[LOCAL.156]
MOV ECX,DWORD PTR DS:[EAX]
CALL ECX
ADD ESP,8
PUSH 9
LEA EDX,[LOCAL.35]
PUSH EDX

; /Arg2 = 9
; |
; |Arg1 =>

CALL 0042D798

; \SystemIn

ADD ESP,8
MOV DWORD PTR SS:[LOCAL.158],EAX
PUSH OFFSET 00449200

; ASCII " K

MOV EAX,DWORD PTR SS:[LOCAL.9]


SHR EAX,0A
PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.152]
CALL 00406190

; /Arg1
; |
; \SystemIn

0041826A |. 50
0041826B |. E8 F026FFFF
00418270 |. 83C4 08
00418273 |. 8985 8CFDFFFF
00418279 |. 83BD 8CFDFFFF
00418280 |. 75 0C
00418282 |. C785 64FCFFFF
0041828C |. EB 17
0041828E |> 8B8D 8CFDFFFF
00418294 |. 8B11
00418296 |. 8B85 8CFDFFFF
0041829C |. 0342 04
0041829F |. 8985 64FCFFFF
004182A5 |> 8B8D 88FDFFFF
004182AB |. 8B51 04
004182AE |. 52
004182AF |. 8B85 64FCFFFF
004182B5 |. 50
004182B6 |. 8B8D 88FDFFFF
004182BC |. 8B11
004182BE |. FFD2
004182C0 |. 83C4 08
004182C3 |. 68 00924400
B"
004182C8 |. 8B45 E0
004182CB |. C1E8 0A
004182CE |. 50
004182CF |. 8B8D 8CFDFFFF
004182D5 |. E8 B6DEFEFF
fo.00406190
004182DA |. 50
004182DB |. E8 8026FFFF
004182E0 |. 83C4 08
004182E3 |. 8985 84FDFFFF
004182E9 |. 6A 0A
A
004182EB |. 8B8D 84FDFFFF
004182F1 |. E8 CA72FFFF
fo.0040F5C0
004182F6 |. 8B8D 84FDFFFF
004182FC |. E8 BF74FFFF
fo.0040F7C0
00418301 |. C645 FC 02
00418305 |. 6A 00
00418307 |. 6A 01
00418309 |. 8D8D 28FFFFFF
0041830F |. E8 4C78FFFF
fo.0040FB60
00418314 |. C745 FC FFFFF
0041831B |. 6A 00
0041831D |. 6A 01
0041831F |. 8D8D 44FFFFFF
00418325 |. E8 3678FFFF
fo.0040FB60
0041832A |. 68 77874400
ystemInfo.448777
0041832F |. 8D8D E8FEFFFF
00418335 |. E8 B668FFFF
fo.0040EBF0
0041833A |. C745 FC 04000

PUSH EAX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[LOCAL.157],EAX
CMP DWORD PTR SS:[LOCAL.157],0
JNE SHORT 0041828E
MOV DWORD PTR SS:[LOCAL.231],0
JMP SHORT 004182A5
MOV ECX,DWORD PTR SS:[LOCAL.157]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[LOCAL.157]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.231],EAX
MOV ECX,DWORD PTR SS:[LOCAL.158]
MOV EDX,DWORD PTR DS:[ECX+4]
PUSH EDX
MOV EAX,DWORD PTR SS:[LOCAL.231]
PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.158]
MOV EDX,DWORD PTR DS:[ECX]
CALL EDX
ADD ESP,8
PUSH OFFSET 00449200

; ASCII " K

MOV EAX,DWORD PTR SS:[LOCAL.8]


SHR EAX,0A
PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.157]
CALL 00406190

; /Arg1
; |
; \SystemIn

PUSH EAX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[LOCAL.159],EAX
PUSH 0A

; /Arg1 = 0

MOV ECX,DWORD PTR SS:[LOCAL.159]


CALL 0040F5C0

; |
; \SystemIn

MOV ECX,DWORD PTR SS:[LOCAL.159]


CALL 0040F7C0

; [SystemIn

MOV BYTE PTR SS:[LOCAL.1],2


PUSH 0
PUSH 1
LEA ECX,[LOCAL.54]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

MOV DWORD PTR SS:[LOCAL.1],-1


PUSH 0
PUSH 1
LEA ECX,[LOCAL.47]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

PUSH OFFSET 00448777

; /Arg1 = S

LEA ECX,[LOCAL.70]
CALL 0040EBF0

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.1],4

00418341 |. 8D8D E8FEFFFF


00418347 |. 51
OFFSET LOCAL.70
00418348 |. B9 0C294500
0041834D |. E8 CEEDFEFF
fo.00407120
00418352 |. 8B15 FC284500
00418358 |. 83C2 01
0041835B |. 8915 FC284500
00418361 |. 68 74874400
"
00418366 |. A1 FC284500
0041836B |. 50
[4528FC] = 0
0041836C |. 68 D0914400
00418371 |. 8B0D F8284500
00418377 |. 51
[4528F8] = 0
00418378 |. B9 08294500
0041837D |. E8 DEDAFEFF
nfo.00405E60
00418382 |. 50
00418383 |. E8 D825FFFF
00418388 |. 83C4 08
0041838B |. 8BC8
0041838D |. E8 CEDAFEFF
fo.00405E60
00418392 |. 50
00418393 |. E8 C825FFFF
00418398 |. 83C4 08
0041839B |. 8D95 CCFEFFFF
004183A1 |. 52
OFFSET LOCAL.77
004183A2 |. B9 08294500
004183A7 |. E8 B4E0FEFF
fo.00406460
004183AC |. 8985 60FCFFFF
004183B2 |. 8B85 60FCFFFF
004183B8 |. 8985 5CFCFFFF
004183BE |. C645 FC 05
004183C2 |. C685 0FFFFFFF
004183C9 |. C685 0EFFFFFF
004183D0 |. 837D 08 00
004183D4 |. 75 0C
004183D6 |. C785 70FDFFFF
004183E0 |. EB 11
004183E2 |> 8B4D 08
004183E5 |. 8B11
004183E7 |. 8B45 08
004183EA |. 0342 04
004183ED |. 8985 70FDFFFF
004183F3 |> 68 C0010000
C0
004183F8 |. 6A 40
0
004183FA |. 8B8D 70FDFFFF
00418400 |. E8 7B09FFFF
fo.00408D80
00418405 |. 6A 06
00418407 |. 8D8D C4FEFFFF

LEA ECX,[LOCAL.70]
PUSH ECX

; /Arg1 =>

MOV ECX,OFFSET 0045290C


CALL 00407120

; |
; \SystemIn

MOV EDX,DWORD PTR DS:[4528FC]


ADD EDX,1
MOV DWORD PTR DS:[4528FC],EDX
PUSH OFFSET 00448774

; ASCII ".

MOV EAX,DWORD PTR DS:[4528FC]


PUSH EAX

; /Arg1 =>

PUSH OFFSET 004491D0


MOV ECX,DWORD PTR DS:[4528F8]
PUSH ECX

; |
; |
; |/Arg1 =>

MOV ECX,OFFSET 00452908


CALL 00405E60

; ||
; |\SystemI

PUSH EAX
CALL 0040A960
ADD ESP,8
MOV ECX,EAX
CALL 00405E60

;
;
;
;
;

PUSH EAX
CALL 0040A960
ADD ESP,8
LEA EDX,[LOCAL.77]
PUSH EDX

; /Arg1 =>

MOV ECX,OFFSET 00452908


CALL 00406460

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.232],EAX


MOV EAX,DWORD PTR SS:[LOCAL.232]
MOV DWORD PTR SS:[LOCAL.233],EAX
MOV BYTE PTR SS:[LOCAL.1],5
MOV BYTE PTR SS:[LOCAL.61+3],20
MOV BYTE PTR SS:[LOCAL.61+2],2E
CMP DWORD PTR SS:[ARG.1],0
JNE SHORT 004183E2
MOV DWORD PTR SS:[LOCAL.164],0
JMP SHORT 004183F3
MOV ECX,DWORD PTR SS:[ARG.1]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[ARG.1]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.164],EAX
PUSH 1C0

; /Arg2 = 1

PUSH 40

; |Arg1 = 4

MOV ECX,DWORD PTR SS:[LOCAL.164]


CALL 00408D80

; |
; \SystemIn

PUSH 6
LEA ECX,[LOCAL.79]

; /Arg2 = 6
; |

|
|
|
|
\SystemIn

0041840D |. 51
OFFSET LOCAL.79
0041840E |. E8 85530100
fo.0042D798
00418413 |. 83C4 08
00418416 |. 8985 6CFDFFFF
0041841C |. 837D 08 00
00418420 |. 75 0C
00418422 |. C785 58FCFFFF
0041842C |. EB 11
0041842E |> 8B55 08
00418431 |. 8B02
00418433 |. 8B4D 08
00418436 |. 0348 04
00418439 |. 898D 58FCFFFF
0041843F |> 8B95 6CFDFFFF
00418445 |. 8B42 04
00418448 |. 50
00418449 |. 8B8D 58FCFFFF
0041844F |. 51
00418450 |. 8B95 6CFDFFFF
00418456 |. 8B02
00418458 |. FFD0
0041845A |. 83C4 08
0041845D |. 8B8D 5CFCFFFF
00418463 |. 51
00418464 |. 8B55 08
00418467 |. 52
00418468 |. E8 F329FFFF
0041846D |. 83C4 08
00418470 |. 8985 64FDFFFF
00418476 |. 83BD 64FDFFFF
0041847D |. 75 0C
0041847F |. C785 68FDFFFF
00418489 |. EB 17
0041848B |> 8B85 64FDFFFF
00418491 |. 8B08
00418493 |. 8B95 64FDFFFF
00418499 |. 0351 04
0041849C |. 8995 68FDFFFF
004184A2 |> 68 C0010000
C0
004184A7 |. 68 80000000
0
004184AC |. 8B8D 68FDFFFF
004184B2 |. E8 C908FFFF
fo.00408D80
004184B7 |. 6A 23
3
004184B9 |. 8D85 04FFFFFF
004184BF |. 50
OFFSET LOCAL.63
004184C0 |. E8 D3520100
fo.0042D798
004184C5 |. 83C4 08
004184C8 |. 8985 60FDFFFF
004184CE |. 83BD 64FDFFFF
004184D5 |. 75 0C
004184D7 |. C785 54FCFFFF
004184E1 |. EB 17

PUSH ECX

; |Arg1 =>

CALL 0042D798

; \SystemIn

ADD ESP,8
MOV DWORD PTR SS:[LOCAL.165],EAX
CMP DWORD PTR SS:[ARG.1],0
JNE SHORT 0041842E
MOV DWORD PTR SS:[LOCAL.234],0
JMP SHORT 0041843F
MOV EDX,DWORD PTR SS:[ARG.1]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[ARG.1]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.234],ECX
MOV EDX,DWORD PTR SS:[LOCAL.165]
MOV EAX,DWORD PTR DS:[EDX+4]
PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.234]
PUSH ECX
MOV EDX,DWORD PTR SS:[LOCAL.165]
MOV EAX,DWORD PTR DS:[EDX]
CALL EAX
ADD ESP,8
MOV ECX,DWORD PTR SS:[LOCAL.233]
PUSH ECX
MOV EDX,DWORD PTR SS:[ARG.1]
PUSH EDX
CALL 0040AE60
ADD ESP,8
MOV DWORD PTR SS:[LOCAL.167],EAX
CMP DWORD PTR SS:[LOCAL.167],0
JNE SHORT 0041848B
MOV DWORD PTR SS:[LOCAL.166],0
JMP SHORT 004184A2
MOV EAX,DWORD PTR SS:[LOCAL.167]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[LOCAL.167]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[LOCAL.166],EDX
PUSH 1C0

; /Arg2 = 1

PUSH 80

; |Arg1 = 8

MOV ECX,DWORD PTR SS:[LOCAL.166]


CALL 00408D80

; |
; \SystemIn

PUSH 23

; /Arg2 = 2

LEA EAX,[LOCAL.63]
PUSH EAX

; |
; |Arg1 =>

CALL 0042D798

; \SystemIn

ADD
MOV
CMP
JNE
MOV
JMP

ESP,8
DWORD
DWORD
SHORT
DWORD
SHORT

PTR SS:[LOCAL.168],EAX
PTR SS:[LOCAL.167],0
004184E3
PTR SS:[LOCAL.235],0
004184FA

004184E3 |>
004184E9 |.
004184EB |.
004184F1 |.
004184F4 |.
004184FA |>
00418500 |.
00418503 |.
00418504 |.
0041850A |.
0041850B |.
00418511 |.
00418513 |.
00418515 |.
00418518 |.
0041851E |.
00418524 |.
0041852A |.
0041852C |.
00418532 |.
00418535 |.
0041853B |.
00418541 |.
00418544 |.
0041854A |.
00418550 |.
00418556 |.
00418559 |.
00418560 |.
00418562 |.
0041856C |.
0041856E |>
00418574 |.
00418576 |.
0041857C |.
0041857F |.
00418585 |>
C0
0041858A |.
0
0041858C |.
00418592 |.
fo.00408D80
00418597 |.
ge File"
0041859C |.
004185A2 |.
004185A3 |.
004185A8 |.
004185AB |.
004185B1 |.
004185B8 |.
004185BA |.
004185C4 |.
004185C6 |>
004185CC |.
004185CE |.
004185D4 |.
004185D7 |.
004185DD |>

8B8D 64FDFFFF
8B11
8B85 64FDFFFF
0342 04
8985 54FCFFFF
8B8D 60FDFFFF
8B51 04
52
8B85 54FCFFFF
50
8B8D 60FDFFFF
8B11
FFD2
83C4 08
8A85 0EFFFFFF
8885 57FDFFFF
8B8D 64FDFFFF
8B11
8B85 64FDFFFF
0342 04
8985 58FDFFFF
8B8D 58FDFFFF
8A51 30
8895 5FFDFFFF
8B85 58FDFFFF
8A8D 57FDFFFF
8848 30
83BD 64FDFFFF
75 0C
C785 50FDFFFF
EB 17
8B95 64FDFFFF
8B02
8B8D 64FDFFFF
0348 04
898D 50FDFFFF
68 C0010000

MOV ECX,DWORD PTR SS:[LOCAL.167]


MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[LOCAL.167]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.235],EAX
MOV ECX,DWORD PTR SS:[LOCAL.168]
MOV EDX,DWORD PTR DS:[ECX+4]
PUSH EDX
MOV EAX,DWORD PTR SS:[LOCAL.235]
PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.168]
MOV EDX,DWORD PTR DS:[ECX]
CALL EDX
ADD ESP,8
MOV AL,BYTE PTR SS:[LOCAL.61+2]
MOV BYTE PTR SS:[LOCAL.171+3],AL
MOV ECX,DWORD PTR SS:[LOCAL.167]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[LOCAL.167]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.170],EAX
MOV ECX,DWORD PTR SS:[LOCAL.170]
MOV DL,BYTE PTR DS:[ECX+30]
MOV BYTE PTR SS:[LOCAL.169+3],DL
MOV EAX,DWORD PTR SS:[LOCAL.170]
MOV CL,BYTE PTR SS:[LOCAL.171+3]
MOV BYTE PTR DS:[EAX+30],CL
CMP DWORD PTR SS:[LOCAL.167],0
JNE SHORT 0041856E
MOV DWORD PTR SS:[LOCAL.172],0
JMP SHORT 00418585
MOV EDX,DWORD PTR SS:[LOCAL.167]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[LOCAL.167]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.172],ECX
PUSH 1C0

; /Arg2 = 1

6A 40

PUSH 40

; |Arg1 = 4

8B8D 50FDFFFF MOV ECX,DWORD PTR SS:[LOCAL.172]


E8 E907FFFF CALL 00408D80

; |
; \SystemIn

68 F4914400

PUSH OFFSET 004491F4

; ASCII "Pa

8B95 64FDFFFF
52
E8 B823FFFF
83C4 08
8985 48FDFFFF
83BD 48FDFFFF
75 0C
C785 4CFDFFFF
EB 17
8B85 48FDFFFF
8B08
8B95 48FDFFFF
0351 04
8995 4CFDFFFF
68 C0010000

MOV EDX,DWORD PTR SS:[LOCAL.167]


PUSH EDX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[LOCAL.174],EAX
CMP DWORD PTR SS:[LOCAL.174],0
JNE SHORT 004185C6
MOV DWORD PTR SS:[LOCAL.173],0
JMP SHORT 004185DD
MOV EAX,DWORD PTR SS:[LOCAL.174]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[LOCAL.174]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[LOCAL.173],EDX
PUSH 1C0

; /Arg2 = 1

C0
004185E2 |. 68 80000000
0
004185E7 |. 8B8D 4CFDFFFF
004185ED |. E8 8E07FFFF
fo.00408D80
004185F2 |. 8A85 0FFFFFFF
004185F8 |. 8885 3FFDFFFF
004185FE |. 8B8D 48FDFFFF
00418604 |. 8B11
00418606 |. 8B85 48FDFFFF
0041860C |. 0342 04
0041860F |. 8985 40FDFFFF
00418615 |. 8B8D 40FDFFFF
0041861B |. 8A51 30
0041861E |. 8895 47FDFFFF
00418624 |. 8B85 40FDFFFF
0041862A |. 8A8D 3FFDFFFF
00418630 |. 8848 30
00418633 |. 6A 07
00418635 |. 8D95 10FFFFFF
0041863B |. 52
OFFSET LOCAL.60
0041863C |. E8 57510100
fo.0042D798
00418641 |. 83C4 08
00418644 |. 8985 38FDFFFF
0041864A |. 83BD 48FDFFFF
00418651 |. 75 0C
00418653 |. C785 50FCFFFF
0041865D |. EB 17
0041865F |> 8B85 48FDFFFF
00418665 |. 8B08
00418667 |. 8B95 48FDFFFF
0041866D |. 0351 04
00418670 |. 8995 50FCFFFF
00418676 |> 8B85 38FDFFFF
0041867C |. 8B48 04
0041867F |. 51
00418680 |. 8B95 50FCFFFF
00418686 |. 52
00418687 |. 8B85 38FDFFFF
0041868D |. 8B08
0041868F |. FFD1
00418691 |. 83C4 08
00418694 |. 6A 09
00418696 |. 8D95 18FFFFFF
0041869C |. 52
OFFSET LOCAL.58
0041869D |. E8 F6500100
fo.0042D798
004186A2 |. 83C4 08
004186A5 |. 8985 30FDFFFF
004186AB |. 68 00924400
B"
004186B0 |. 8B45 E4
004186B3 |. C1E8 0A
004186B6 |. 50
004186B7 |. 8B8D 48FDFFFF
004186BD |. E8 CEDAFEFF

PUSH 80

; |Arg1 = 8

MOV ECX,DWORD PTR SS:[LOCAL.173]


CALL 00408D80

; |
; \SystemIn

MOV AL,BYTE PTR SS:[LOCAL.61+3]


MOV BYTE PTR SS:[LOCAL.177+3],AL
MOV ECX,DWORD PTR SS:[LOCAL.174]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[LOCAL.174]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.176],EAX
MOV ECX,DWORD PTR SS:[LOCAL.176]
MOV DL,BYTE PTR DS:[ECX+30]
MOV BYTE PTR SS:[LOCAL.175+3],DL
MOV EAX,DWORD PTR SS:[LOCAL.176]
MOV CL,BYTE PTR SS:[LOCAL.177+3]
MOV BYTE PTR DS:[EAX+30],CL
PUSH 7
LEA EDX,[LOCAL.60]
PUSH EDX

; /Arg2 = 7
; |
; |Arg1 =>

CALL 0042D798

; \SystemIn

ADD ESP,8
MOV DWORD PTR SS:[LOCAL.178],EAX
CMP DWORD PTR SS:[LOCAL.174],0
JNE SHORT 0041865F
MOV DWORD PTR SS:[LOCAL.236],0
JMP SHORT 00418676
MOV EAX,DWORD PTR SS:[LOCAL.174]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[LOCAL.174]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[LOCAL.236],EDX
MOV EAX,DWORD PTR SS:[LOCAL.178]
MOV ECX,DWORD PTR DS:[EAX+4]
PUSH ECX
MOV EDX,DWORD PTR SS:[LOCAL.236]
PUSH EDX
MOV EAX,DWORD PTR SS:[LOCAL.178]
MOV ECX,DWORD PTR DS:[EAX]
CALL ECX
ADD ESP,8
PUSH 9
LEA EDX,[LOCAL.58]
PUSH EDX

; /Arg2 = 9
; |
; |Arg1 =>

CALL 0042D798

; \SystemIn

ADD ESP,8
MOV DWORD PTR SS:[LOCAL.180],EAX
PUSH OFFSET 00449200

; ASCII " K

MOV EAX,DWORD PTR SS:[LOCAL.7]


SHR EAX,0A
PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.174]
CALL 00406190

; /Arg1
; |
; \SystemIn

fo.00406190
004186C2 |. 50
004186C3 |. E8 9822FFFF
004186C8 |. 83C4 08
004186CB |. 8985 34FDFFFF
004186D1 |. 83BD 34FDFFFF
004186D8 |. 75 0C
004186DA |. C785 4CFCFFFF
004186E4 |. EB 17
004186E6 |> 8B8D 34FDFFFF
004186EC |. 8B11
004186EE |. 8B85 34FDFFFF
004186F4 |. 0342 04
004186F7 |. 8985 4CFCFFFF
004186FD |> 8B8D 30FDFFFF
00418703 |. 8B51 04
00418706 |. 52
00418707 |. 8B85 4CFCFFFF
0041870D |. 50
0041870E |. 8B8D 30FDFFFF
00418714 |. 8B11
00418716 |. FFD2
00418718 |. 83C4 08
0041871B |. 68 00924400
B"
00418720 |. 8B45 E8
00418723 |. C1E8 0A
00418726 |. 50
00418727 |. 8B8D 34FDFFFF
0041872D |. E8 5EDAFEFF
fo.00406190
00418732 |. 50
00418733 |. E8 2822FFFF
00418738 |. 83C4 08
0041873B |. 8985 2CFDFFFF
00418741 |. 6A 0A
A
00418743 |. 8B8D 2CFDFFFF
00418749 |. E8 726EFFFF
fo.0040F5C0
0041874E |. 8B8D 2CFDFFFF
00418754 |. E8 6770FFFF
fo.0040F7C0
00418759 |. C645 FC 04
0041875D |. 6A 00
0041875F |. 6A 01
00418761 |. 8D8D CCFEFFFF
00418767 |. E8 F473FFFF
fo.0040FB60
0041876C |. C745 FC FFFFF
00418773 |. 6A 00
00418775 |. 6A 01
00418777 |. 8D8D E8FEFFFF
0041877D |. E8 DE73FFFF
fo.0040FB60
00418782 |. 68 77874400
ystemInfo.448777
00418787 |. 8D8D 8CFEFFFF
0041878D |. E8 5E64FFFF
fo.0040EBF0

PUSH EAX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[LOCAL.179],EAX
CMP DWORD PTR SS:[LOCAL.179],0
JNE SHORT 004186E6
MOV DWORD PTR SS:[LOCAL.237],0
JMP SHORT 004186FD
MOV ECX,DWORD PTR SS:[LOCAL.179]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[LOCAL.179]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.237],EAX
MOV ECX,DWORD PTR SS:[LOCAL.180]
MOV EDX,DWORD PTR DS:[ECX+4]
PUSH EDX
MOV EAX,DWORD PTR SS:[LOCAL.237]
PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.180]
MOV EDX,DWORD PTR DS:[ECX]
CALL EDX
ADD ESP,8
PUSH OFFSET 00449200

; ASCII " K

MOV EAX,DWORD PTR SS:[LOCAL.6]


SHR EAX,0A
PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.179]
CALL 00406190

; /Arg1
; |
; \SystemIn

PUSH EAX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[LOCAL.181],EAX
PUSH 0A

; /Arg1 = 0

MOV ECX,DWORD PTR SS:[LOCAL.181]


CALL 0040F5C0

; |
; \SystemIn

MOV ECX,DWORD PTR SS:[LOCAL.181]


CALL 0040F7C0

; [SystemIn

MOV BYTE PTR SS:[LOCAL.1],4


PUSH 0
PUSH 1
LEA ECX,[LOCAL.77]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

MOV DWORD PTR SS:[LOCAL.1],-1


PUSH 0
PUSH 1
LEA ECX,[LOCAL.70]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

PUSH OFFSET 00448777

; /Arg1 = S

LEA ECX,[LOCAL.93]
CALL 0040EBF0

; |
; \SystemIn

00418792 |. C745 FC 06000


00418799 |. 8D8D 8CFEFFFF
0041879F |. 51
OFFSET LOCAL.93
004187A0 |. B9 0C294500
004187A5 |. E8 76E9FEFF
fo.00407120
004187AA |. 8B15 FC284500
004187B0 |. 83C2 01
004187B3 |. 8915 FC284500
004187B9 |. 68 74874400
"
004187BE |. A1 FC284500
004187C3 |. 50
[4528FC] = 0
004187C4 |. 68 D0914400
004187C9 |. 8B0D F8284500
004187CF |. 51
[4528F8] = 0
004187D0 |. B9 08294500
004187D5 |. E8 86D6FEFF
nfo.00405E60
004187DA |. 50
004187DB |. E8 8021FFFF
004187E0 |. 83C4 08
004187E3 |. 8BC8
004187E5 |. E8 76D6FEFF
fo.00405E60
004187EA |. 50
004187EB |. E8 7021FFFF
004187F0 |. 83C4 08
004187F3 |. 8D95 70FEFFFF
004187F9 |. 52
OFFSET LOCAL.100
004187FA |. B9 08294500
004187FF |. E8 5CDCFEFF
fo.00406460
00418804 |. 8985 48FCFFFF
0041880A |. 8B85 48FCFFFF
00418810 |. 8985 44FCFFFF
00418816 |. C645 FC 07
0041881A |. C685 B3FEFFFF
00418821 |. C685 B2FEFFFF
00418828 |. 837D 08 00
0041882C |. 75 0C
0041882E |. C785 18FDFFFF
00418838 |. EB 11
0041883A |> 8B4D 08
0041883D |. 8B11
0041883F |. 8B45 08
00418842 |. 0342 04
00418845 |. 8985 18FDFFFF
0041884B |> 68 C0010000
C0
00418850 |. 6A 40
0
00418852 |. 8B8D 18FDFFFF
00418858 |. E8 2305FFFF
fo.00408D80
0041885D |. 6A 06

MOV DWORD PTR SS:[LOCAL.1],6


LEA ECX,[LOCAL.93]
PUSH ECX

; /Arg1 =>

MOV ECX,OFFSET 0045290C


CALL 00407120

; |
; \SystemIn

MOV EDX,DWORD PTR DS:[4528FC]


ADD EDX,1
MOV DWORD PTR DS:[4528FC],EDX
PUSH OFFSET 00448774

; ASCII ".

MOV EAX,DWORD PTR DS:[4528FC]


PUSH EAX

; /Arg1 =>

PUSH OFFSET 004491D0


MOV ECX,DWORD PTR DS:[4528F8]
PUSH ECX

; |
; |
; |/Arg1 =>

MOV ECX,OFFSET 00452908


CALL 00405E60

; ||
; |\SystemI

PUSH EAX
CALL 0040A960
ADD ESP,8
MOV ECX,EAX
CALL 00405E60

;
;
;
;
;

PUSH EAX
CALL 0040A960
ADD ESP,8
LEA EDX,[LOCAL.100]
PUSH EDX

; /Arg1 =>

MOV ECX,OFFSET 00452908


CALL 00406460

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.238],EAX


MOV EAX,DWORD PTR SS:[LOCAL.238]
MOV DWORD PTR SS:[LOCAL.239],EAX
MOV BYTE PTR SS:[LOCAL.1],7
MOV BYTE PTR SS:[LOCAL.84+3],20
MOV BYTE PTR SS:[LOCAL.84+2],2E
CMP DWORD PTR SS:[ARG.1],0
JNE SHORT 0041883A
MOV DWORD PTR SS:[LOCAL.186],0
JMP SHORT 0041884B
MOV ECX,DWORD PTR SS:[ARG.1]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[ARG.1]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.186],EAX
PUSH 1C0

; /Arg2 = 1

PUSH 40

; |Arg1 = 4

MOV ECX,DWORD PTR SS:[LOCAL.186]


CALL 00408D80

; |
; \SystemIn

PUSH 6

; /Arg2 = 6

|
|
|
|
\SystemIn

0041885F |. 8D8D 68FEFFFF


00418865 |. 51
OFFSET LOCAL.102
00418866 |. E8 2D4F0100
fo.0042D798
0041886B |. 83C4 08
0041886E |. 8985 14FDFFFF
00418874 |. 837D 08 00
00418878 |. 75 0C
0041887A |. C785 40FCFFFF
00418884 |. EB 11
00418886 |> 8B55 08
00418889 |. 8B02
0041888B |. 8B4D 08
0041888E |. 0348 04
00418891 |. 898D 40FCFFFF
00418897 |> 8B95 14FDFFFF
0041889D |. 8B42 04
004188A0 |. 50
004188A1 |. 8B8D 40FCFFFF
004188A7 |. 51
004188A8 |. 8B95 14FDFFFF
004188AE |. 8B02
004188B0 |. FFD0
004188B2 |. 83C4 08
004188B5 |. 8B8D 44FCFFFF
004188BB |. 51
004188BC |. 8B55 08
004188BF |. 52
004188C0 |. E8 9B25FFFF
004188C5 |. 83C4 08
004188C8 |. 8985 0CFDFFFF
004188CE |. 83BD 0CFDFFFF
004188D5 |. 75 0C
004188D7 |. C785 10FDFFFF
004188E1 |. EB 17
004188E3 |> 8B85 0CFDFFFF
004188E9 |. 8B08
004188EB |. 8B95 0CFDFFFF
004188F1 |. 0351 04
004188F4 |. 8995 10FDFFFF
004188FA |> 68 C0010000
C0
004188FF |. 68 80000000
0
00418904 |. 8B8D 10FDFFFF
0041890A |. E8 7104FFFF
fo.00408D80
0041890F |. 6A 23
3
00418911 |. 8D85 A8FEFFFF
00418917 |. 50
OFFSET LOCAL.86
00418918 |. E8 7B4E0100
fo.0042D798
0041891D |. 83C4 08
00418920 |. 8985 08FDFFFF
00418926 |. 83BD 0CFDFFFF
0041892D |. 75 0C
0041892F |. C785 3CFCFFFF

LEA ECX,[LOCAL.102]
PUSH ECX

; |
; |Arg1 =>

CALL 0042D798

; \SystemIn

ADD ESP,8
MOV DWORD PTR SS:[LOCAL.187],EAX
CMP DWORD PTR SS:[ARG.1],0
JNE SHORT 00418886
MOV DWORD PTR SS:[LOCAL.240],0
JMP SHORT 00418897
MOV EDX,DWORD PTR SS:[ARG.1]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[ARG.1]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.240],ECX
MOV EDX,DWORD PTR SS:[LOCAL.187]
MOV EAX,DWORD PTR DS:[EDX+4]
PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.240]
PUSH ECX
MOV EDX,DWORD PTR SS:[LOCAL.187]
MOV EAX,DWORD PTR DS:[EDX]
CALL EAX
ADD ESP,8
MOV ECX,DWORD PTR SS:[LOCAL.239]
PUSH ECX
MOV EDX,DWORD PTR SS:[ARG.1]
PUSH EDX
CALL 0040AE60
ADD ESP,8
MOV DWORD PTR SS:[LOCAL.189],EAX
CMP DWORD PTR SS:[LOCAL.189],0
JNE SHORT 004188E3
MOV DWORD PTR SS:[LOCAL.188],0
JMP SHORT 004188FA
MOV EAX,DWORD PTR SS:[LOCAL.189]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[LOCAL.189]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[LOCAL.188],EDX
PUSH 1C0

; /Arg2 = 1

PUSH 80

; |Arg1 = 8

MOV ECX,DWORD PTR SS:[LOCAL.188]


CALL 00408D80

; |
; \SystemIn

PUSH 23

; /Arg2 = 2

LEA EAX,[LOCAL.86]
PUSH EAX

; |
; |Arg1 =>

CALL 0042D798

; \SystemIn

ADD
MOV
CMP
JNE
MOV

ESP,8
DWORD
DWORD
SHORT
DWORD

PTR SS:[LOCAL.190],EAX
PTR SS:[LOCAL.189],0
0041893B
PTR SS:[LOCAL.241],0

00418939 |.
0041893B |>
00418941 |.
00418943 |.
00418949 |.
0041894C |.
00418952 |>
00418958 |.
0041895B |.
0041895C |.
00418962 |.
00418963 |.
00418969 |.
0041896B |.
0041896D |.
00418970 |.
00418976 |.
0041897C |.
00418982 |.
00418984 |.
0041898A |.
0041898D |.
00418993 |.
00418999 |.
0041899C |.
004189A2 |.
004189A8 |.
004189AE |.
004189B1 |.
004189B8 |.
004189BA |.
004189C4 |.
004189C6 |>
004189CC |.
004189CE |.
004189D4 |.
004189D7 |.
004189DD |>
C0
004189E2 |.
0
004189E4 |.
004189EA |.
fo.00408D80
004189EF |.
rtual Memory"
004189F4 |.
004189FA |.
004189FB |.
00418A00 |.
00418A03 |.
00418A09 |.
00418A10 |.
00418A12 |.
00418A1C |.
00418A1E |>
00418A24 |.
00418A26 |.
00418A2C |.
00418A2F |.

EB 17
8B8D 0CFDFFFF
8B11
8B85 0CFDFFFF
0342 04
8985 3CFCFFFF
8B8D 08FDFFFF
8B51 04
52
8B85 3CFCFFFF
50
8B8D 08FDFFFF
8B11
FFD2
83C4 08
8A85 B2FEFFFF
8885 FFFCFFFF
8B8D 0CFDFFFF
8B11
8B85 0CFDFFFF
0342 04
8985 00FDFFFF
8B8D 00FDFFFF
8A51 30
8895 07FDFFFF
8B85 00FDFFFF
8A8D FFFCFFFF
8848 30
83BD 0CFDFFFF
75 0C
C785 F8FCFFFF
EB 17
8B95 0CFDFFFF
8B02
8B8D 0CFDFFFF
0348 04
898D F8FCFFFF
68 C0010000

JMP SHORT 00418952


MOV ECX,DWORD PTR SS:[LOCAL.189]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[LOCAL.189]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.241],EAX
MOV ECX,DWORD PTR SS:[LOCAL.190]
MOV EDX,DWORD PTR DS:[ECX+4]
PUSH EDX
MOV EAX,DWORD PTR SS:[LOCAL.241]
PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.190]
MOV EDX,DWORD PTR DS:[ECX]
CALL EDX
ADD ESP,8
MOV AL,BYTE PTR SS:[LOCAL.84+2]
MOV BYTE PTR SS:[LOCAL.193+3],AL
MOV ECX,DWORD PTR SS:[LOCAL.189]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[LOCAL.189]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.192],EAX
MOV ECX,DWORD PTR SS:[LOCAL.192]
MOV DL,BYTE PTR DS:[ECX+30]
MOV BYTE PTR SS:[LOCAL.191+3],DL
MOV EAX,DWORD PTR SS:[LOCAL.192]
MOV CL,BYTE PTR SS:[LOCAL.193+3]
MOV BYTE PTR DS:[EAX+30],CL
CMP DWORD PTR SS:[LOCAL.189],0
JNE SHORT 004189C6
MOV DWORD PTR SS:[LOCAL.194],0
JMP SHORT 004189DD
MOV EDX,DWORD PTR SS:[LOCAL.189]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[LOCAL.189]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.194],ECX
PUSH 1C0

; /Arg2 = 1

6A 40

PUSH 40

; |Arg1 = 4

8B8D F8FCFFFF MOV ECX,DWORD PTR SS:[LOCAL.194]


E8 9103FFFF CALL 00408D80

; |
; \SystemIn

68 E4914400

PUSH OFFSET 004491E4

; ASCII "Vi

8B95 0CFDFFFF
52
E8 601FFFFF
83C4 08
8985 F0FCFFFF
83BD F0FCFFFF
75 0C
C785 F4FCFFFF
EB 17
8B85 F0FCFFFF
8B08
8B95 F0FCFFFF
0351 04
8995 F4FCFFFF

MOV EDX,DWORD PTR SS:[LOCAL.189]


PUSH EDX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[LOCAL.196],EAX
CMP DWORD PTR SS:[LOCAL.196],0
JNE SHORT 00418A1E
MOV DWORD PTR SS:[LOCAL.195],0
JMP SHORT 00418A35
MOV EAX,DWORD PTR SS:[LOCAL.196]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[LOCAL.196]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[LOCAL.195],EDX

00418A35 |> 68 C0010000


C0
00418A3A |. 68 80000000
0
00418A3F |. 8B8D F4FCFFFF
00418A45 |. E8 3603FFFF
fo.00408D80
00418A4A |. 8A85 B3FEFFFF
00418A50 |. 8885 E7FCFFFF
00418A56 |. 8B8D F0FCFFFF
00418A5C |. 8B11
00418A5E |. 8B85 F0FCFFFF
00418A64 |. 0342 04
00418A67 |. 8985 E8FCFFFF
00418A6D |. 8B8D E8FCFFFF
00418A73 |. 8A51 30
00418A76 |. 8895 EFFCFFFF
00418A7C |. 8B85 E8FCFFFF
00418A82 |. 8A8D E7FCFFFF
00418A88 |. 8848 30
00418A8B |. 6A 07
00418A8D |. 8D95 B4FEFFFF
00418A93 |. 52
OFFSET LOCAL.83
00418A94 |. E8 FF4C0100
fo.0042D798
00418A99 |. 83C4 08
00418A9C |. 8985 E0FCFFFF
00418AA2 |. 83BD F0FCFFFF
00418AA9 |. 75 0C
00418AAB |. C785 38FCFFFF
00418AB5 |. EB 17
00418AB7 |> 8B85 F0FCFFFF
00418ABD |. 8B08
00418ABF |. 8B95 F0FCFFFF
00418AC5 |. 0351 04
00418AC8 |. 8995 38FCFFFF
00418ACE |> 8B85 E0FCFFFF
00418AD4 |. 8B48 04
00418AD7 |. 51
00418AD8 |. 8B95 38FCFFFF
00418ADE |. 52
00418ADF |. 8B85 E0FCFFFF
00418AE5 |. 8B08
00418AE7 |. FFD1
00418AE9 |. 83C4 08
00418AEC |. 6A 09
00418AEE |. 8D95 BCFEFFFF
00418AF4 |. 52
OFFSET LOCAL.81
00418AF5 |. E8 9E4C0100
fo.0042D798
00418AFA |. 83C4 08
00418AFD |. 8985 D8FCFFFF
00418B03 |. 68 00924400
B"
00418B08 |. 8B45 EC
00418B0B |. C1E8 0A
00418B0E |. 50
00418B0F |. 8B8D F0FCFFFF

PUSH 1C0

; /Arg2 = 1

PUSH 80

; |Arg1 = 8

MOV ECX,DWORD PTR SS:[LOCAL.195]


CALL 00408D80

; |
; \SystemIn

MOV AL,BYTE PTR SS:[LOCAL.84+3]


MOV BYTE PTR SS:[LOCAL.199+3],AL
MOV ECX,DWORD PTR SS:[LOCAL.196]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[LOCAL.196]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.198],EAX
MOV ECX,DWORD PTR SS:[LOCAL.198]
MOV DL,BYTE PTR DS:[ECX+30]
MOV BYTE PTR SS:[LOCAL.197+3],DL
MOV EAX,DWORD PTR SS:[LOCAL.198]
MOV CL,BYTE PTR SS:[LOCAL.199+3]
MOV BYTE PTR DS:[EAX+30],CL
PUSH 7
LEA EDX,[LOCAL.83]
PUSH EDX

; /Arg2 = 7
; |
; |Arg1 =>

CALL 0042D798

; \SystemIn

ADD ESP,8
MOV DWORD PTR SS:[LOCAL.200],EAX
CMP DWORD PTR SS:[LOCAL.196],0
JNE SHORT 00418AB7
MOV DWORD PTR SS:[LOCAL.242],0
JMP SHORT 00418ACE
MOV EAX,DWORD PTR SS:[LOCAL.196]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[LOCAL.196]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[LOCAL.242],EDX
MOV EAX,DWORD PTR SS:[LOCAL.200]
MOV ECX,DWORD PTR DS:[EAX+4]
PUSH ECX
MOV EDX,DWORD PTR SS:[LOCAL.242]
PUSH EDX
MOV EAX,DWORD PTR SS:[LOCAL.200]
MOV ECX,DWORD PTR DS:[EAX]
CALL ECX
ADD ESP,8
PUSH 9
LEA EDX,[LOCAL.81]
PUSH EDX

; /Arg2 = 9
; |
; |Arg1 =>

CALL 0042D798

; \SystemIn

ADD ESP,8
MOV DWORD PTR SS:[LOCAL.202],EAX
PUSH OFFSET 00449200

; ASCII " K

MOV EAX,DWORD PTR SS:[LOCAL.5]


SHR EAX,0A
PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.196]

; /Arg1
; |

00418B15 |.
fo.00406190
00418B1A |.
00418B1B |.
00418B20 |.
00418B23 |.
00418B29 |.
00418B30 |.
00418B32 |.
00418B3C |.
00418B3E |>
00418B44 |.
00418B46 |.
00418B4C |.
00418B4F |.
00418B55 |>
00418B5B |.
00418B5E |.
00418B5F |.
00418B65 |.
00418B66 |.
00418B6C |.
00418B6E |.
00418B70 |.
00418B73 |.
B"
00418B78 |.
00418B7B |.
00418B7E |.
00418B7F |.
00418B85 |.
fo.00406190
00418B8A |.
00418B8B |.
00418B90 |.
00418B93 |.
00418B99 |.
A
00418B9B |.
00418BA1 |.
fo.0040F5C0
00418BA6 |.
00418BAC |.
fo.0040F7C0
00418BB1 |.
00418BB5 |.
00418BB7 |.
00418BB9 |.
00418BBF |.
fo.0040FB60
00418BC4 |.
00418BCB |.
00418BCD |.
00418BCF |.
00418BD5 |.
fo.0040FB60
00418BDA |.
.GetVersion
00418BE0 |.
00418BE5 |.

E8 76D6FEFF

CALL 00406190

; \SystemIn

50
E8 401EFFFF
83C4 08
8985 DCFCFFFF
83BD DCFCFFFF
75 0C
C785 34FCFFFF
EB 17
8B8D DCFCFFFF
8B11
8B85 DCFCFFFF
0342 04
8985 34FCFFFF
8B8D D8FCFFFF
8B51 04
52
8B85 34FCFFFF
50
8B8D D8FCFFFF
8B11
FFD2
83C4 08
68 00924400

PUSH EAX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[LOCAL.201],EAX
CMP DWORD PTR SS:[LOCAL.201],0
JNE SHORT 00418B3E
MOV DWORD PTR SS:[LOCAL.243],0
JMP SHORT 00418B55
MOV ECX,DWORD PTR SS:[LOCAL.201]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[LOCAL.201]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.243],EAX
MOV ECX,DWORD PTR SS:[LOCAL.202]
MOV EDX,DWORD PTR DS:[ECX+4]
PUSH EDX
MOV EAX,DWORD PTR SS:[LOCAL.243]
PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.202]
MOV EDX,DWORD PTR DS:[ECX]
CALL EDX
ADD ESP,8
PUSH OFFSET 00449200

; ASCII " K

8B45 F0
C1E8 0A
50
8B8D DCFCFFFF
E8 06D6FEFF

MOV EAX,DWORD PTR SS:[LOCAL.4]


SHR EAX,0A
PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.201]
CALL 00406190

; /Arg1
; |
; \SystemIn

50
E8 D01DFFFF
83C4 08
8985 D4FCFFFF
6A 0A

PUSH EAX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[LOCAL.203],EAX
PUSH 0A

; /Arg1 = 0

8B8D D4FCFFFF MOV ECX,DWORD PTR SS:[LOCAL.203]


E8 1A6AFFFF CALL 0040F5C0

; |
; \SystemIn

8B8D D4FCFFFF MOV ECX,DWORD PTR SS:[LOCAL.203]


E8 0F6CFFFF CALL 0040F7C0

; [SystemIn

C645 FC 06
6A 00
6A 01
8D8D 70FEFFFF
E8 9C6FFFFF

MOV BYTE PTR SS:[LOCAL.1],6


PUSH 0
PUSH 1
LEA ECX,[LOCAL.100]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

C745 FC FFFFF
6A 00
6A 01
8D8D 8CFEFFFF
E8 866FFFFF

MOV DWORD PTR SS:[LOCAL.1],-1


PUSH 0
PUSH 1
LEA ECX,[LOCAL.93]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

FF15 54804400 CALL DWORD PTR DS:[<&KERNEL32.GetVersion ; [KERNEL32


3D 00000080 CMP EAX,80000000
0F83 3E030000 JNB 00418F29

00418BEB |. 68 77874400
ystemInfo.448777
00418BF0 |. 8D8D 40FEFFFF
00418BF6 |. E8 F55FFFFF
fo.0040EBF0
00418BFB |. C745 FC 08000
00418C02 |. 8D8D 40FEFFFF
00418C08 |. 51
OFFSET LOCAL.112
00418C09 |. B9 0C294500
00418C0E |. E8 0DE5FEFF
fo.00407120
00418C13 |. 8B15 FC284500
00418C19 |. 83C2 01
00418C1C |. 8915 FC284500
00418C22 |. 68 74874400
"
00418C27 |. A1 FC284500
00418C2C |. 50
[4528FC] = 0
00418C2D |. 68 D0914400
00418C32 |. 8B0D F8284500
00418C38 |. 51
[4528F8] = 0
00418C39 |. B9 08294500
00418C3E |. E8 1DD2FEFF
nfo.00405E60
00418C43 |. 50
00418C44 |. E8 171DFFFF
00418C49 |. 83C4 08
00418C4C |. 8BC8
00418C4E |. E8 0DD2FEFF
fo.00405E60
00418C53 |. 50
00418C54 |. E8 071DFFFF
00418C59 |. 83C4 08
00418C5C |. 8D95 24FEFFFF
00418C62 |. 52
OFFSET LOCAL.119
00418C63 |. B9 08294500
00418C68 |. E8 F3D7FEFF
fo.00406460
00418C6D |. 8985 30FCFFFF
00418C73 |. 8B85 30FCFFFF
00418C79 |. 8985 2CFCFFFF
00418C7F |. C645 FC 09
00418C83 |. C685 67FEFFFF
00418C8A |. C685 66FEFFFF
00418C91 |. 837D 08 00
00418C95 |. 75 0C
00418C97 |. C785 C0FCFFFF
00418CA1 |. EB 11
00418CA3 |> 8B4D 08
00418CA6 |. 8B11
00418CA8 |. 8B45 08
00418CAB |. 0342 04
00418CAE |. 8985 C0FCFFFF
00418CB4 |> 68 C0010000
C0
00418CB9 |. 6A 40

PUSH OFFSET 00448777

; /Arg1 = S

LEA ECX,[LOCAL.112]
CALL 0040EBF0

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.1],8


LEA ECX,[LOCAL.112]
PUSH ECX

; /Arg1 =>

MOV ECX,OFFSET 0045290C


CALL 00407120

; |
; \SystemIn

MOV EDX,DWORD PTR DS:[4528FC]


ADD EDX,1
MOV DWORD PTR DS:[4528FC],EDX
PUSH OFFSET 00448774

; ASCII ".

MOV EAX,DWORD PTR DS:[4528FC]


PUSH EAX

; /Arg1 =>

PUSH OFFSET 004491D0


MOV ECX,DWORD PTR DS:[4528F8]
PUSH ECX

; |
; |
; |/Arg1 =>

MOV ECX,OFFSET 00452908


CALL 00405E60

; ||
; |\SystemI

PUSH EAX
CALL 0040A960
ADD ESP,8
MOV ECX,EAX
CALL 00405E60

;
;
;
;
;

PUSH EAX
CALL 0040A960
ADD ESP,8
LEA EDX,[LOCAL.119]
PUSH EDX

; /Arg1 =>

MOV ECX,OFFSET 00452908


CALL 00406460

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.244],EAX


MOV EAX,DWORD PTR SS:[LOCAL.244]
MOV DWORD PTR SS:[LOCAL.245],EAX
MOV BYTE PTR SS:[LOCAL.1],9
MOV BYTE PTR SS:[LOCAL.103+3],20
MOV BYTE PTR SS:[LOCAL.103+2],2E
CMP DWORD PTR SS:[ARG.1],0
JNE SHORT 00418CA3
MOV DWORD PTR SS:[LOCAL.208],0
JMP SHORT 00418CB4
MOV ECX,DWORD PTR SS:[ARG.1]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[ARG.1]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.208],EAX
PUSH 1C0

; /Arg2 = 1

PUSH 40

; |Arg1 = 4

|
|
|
|
\SystemIn

0
00418CBB |. 8B8D C0FCFFFF
00418CC1 |. E8 BA00FFFF
fo.00408D80
00418CC6 |. 6A 06
00418CC8 |. 8D8D 1CFEFFFF
00418CCE |. 51
OFFSET LOCAL.121
00418CCF |. E8 C44A0100
fo.0042D798
00418CD4 |. 83C4 08
00418CD7 |. 8985 BCFCFFFF
00418CDD |. 837D 08 00
00418CE1 |. 75 0C
00418CE3 |. C785 28FCFFFF
00418CED |. EB 11
00418CEF |> 8B55 08
00418CF2 |. 8B02
00418CF4 |. 8B4D 08
00418CF7 |. 0348 04
00418CFA |. 898D 28FCFFFF
00418D00 |> 8B95 BCFCFFFF
00418D06 |. 8B42 04
00418D09 |. 50
00418D0A |. 8B8D 28FCFFFF
00418D10 |. 51
00418D11 |. 8B95 BCFCFFFF
00418D17 |. 8B02
00418D19 |. FFD0
00418D1B |. 83C4 08
00418D1E |. 8B8D 2CFCFFFF
00418D24 |. 51
00418D25 |. 8B55 08
00418D28 |. 52
00418D29 |. E8 3221FFFF
00418D2E |. 83C4 08
00418D31 |. 8985 B4FCFFFF
00418D37 |. 83BD B4FCFFFF
00418D3E |. 75 0C
00418D40 |. C785 B8FCFFFF
00418D4A |. EB 17
00418D4C |> 8B85 B4FCFFFF
00418D52 |. 8B08
00418D54 |. 8B95 B4FCFFFF
00418D5A |. 0351 04
00418D5D |. 8995 B8FCFFFF
00418D63 |> 68 C0010000
C0
00418D68 |. 68 80000000
0
00418D6D |. 8B8D B8FCFFFF
00418D73 |. E8 0800FFFF
fo.00408D80
00418D78 |. 6A 23
3
00418D7A |. 8D85 5CFEFFFF
00418D80 |. 50
OFFSET LOCAL.105
00418D81 |. E8 124A0100
fo.0042D798

MOV ECX,DWORD PTR SS:[LOCAL.208]


CALL 00408D80

; |
; \SystemIn

PUSH 6
LEA ECX,[LOCAL.121]
PUSH ECX

; /Arg2 = 6
; |
; |Arg1 =>

CALL 0042D798

; \SystemIn

ADD ESP,8
MOV DWORD PTR SS:[LOCAL.209],EAX
CMP DWORD PTR SS:[ARG.1],0
JNE SHORT 00418CEF
MOV DWORD PTR SS:[LOCAL.246],0
JMP SHORT 00418D00
MOV EDX,DWORD PTR SS:[ARG.1]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[ARG.1]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.246],ECX
MOV EDX,DWORD PTR SS:[LOCAL.209]
MOV EAX,DWORD PTR DS:[EDX+4]
PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.246]
PUSH ECX
MOV EDX,DWORD PTR SS:[LOCAL.209]
MOV EAX,DWORD PTR DS:[EDX]
CALL EAX
ADD ESP,8
MOV ECX,DWORD PTR SS:[LOCAL.245]
PUSH ECX
MOV EDX,DWORD PTR SS:[ARG.1]
PUSH EDX
CALL 0040AE60
ADD ESP,8
MOV DWORD PTR SS:[LOCAL.211],EAX
CMP DWORD PTR SS:[LOCAL.211],0
JNE SHORT 00418D4C
MOV DWORD PTR SS:[LOCAL.210],0
JMP SHORT 00418D63
MOV EAX,DWORD PTR SS:[LOCAL.211]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[LOCAL.211]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[LOCAL.210],EDX
PUSH 1C0

; /Arg2 = 1

PUSH 80

; |Arg1 = 8

MOV ECX,DWORD PTR SS:[LOCAL.210]


CALL 00408D80

; |
; \SystemIn

PUSH 23

; /Arg2 = 2

LEA EAX,[LOCAL.105]
PUSH EAX

; |
; |Arg1 =>

CALL 0042D798

; \SystemIn

00418D86 |.
00418D89 |.
00418D8F |.
00418D96 |.
00418D98 |.
00418DA2 |.
00418DA4 |>
00418DAA |.
00418DAC |.
00418DB2 |.
00418DB5 |.
00418DBB |>
00418DC1 |.
00418DC4 |.
00418DC5 |.
00418DCB |.
00418DCC |.
00418DD2 |.
00418DD4 |.
00418DD6 |.
00418DD9 |.
00418DDF |.
00418DE5 |.
00418DEB |.
00418DED |.
00418DF3 |.
00418DF6 |.
00418DFC |.
00418E02 |.
00418E05 |.
00418E0B |.
00418E11 |.
00418E17 |.
00418E1A |.
00418E21 |.
00418E23 |.
00418E2D |.
00418E2F |>
00418E35 |.
00418E37 |.
00418E3D |.
00418E40 |.
00418E46 |>
C0
00418E4B |.
0
00418E4D |.
00418E53 |.
fo.00408D80
00418E58 |.
mory Load"
00418E5D |.
00418E63 |.
00418E64 |.
00418E69 |.
00418E6C |.
00418E72 |.
00418E79 |.
00418E7B |.
00418E85 |.

83C4 08
8985 B0FCFFFF
83BD B4FCFFFF
75 0C
C785 24FCFFFF
EB 17
8B8D B4FCFFFF
8B11
8B85 B4FCFFFF
0342 04
8985 24FCFFFF
8B8D B0FCFFFF
8B51 04
52
8B85 24FCFFFF
50
8B8D B0FCFFFF
8B11
FFD2
83C4 08
8A85 66FEFFFF
8885 A7FCFFFF
8B8D B4FCFFFF
8B11
8B85 B4FCFFFF
0342 04
8985 A8FCFFFF
8B8D A8FCFFFF
8A51 30
8895 AFFCFFFF
8B85 A8FCFFFF
8A8D A7FCFFFF
8848 30
83BD B4FCFFFF
75 0C
C785 A0FCFFFF
EB 17
8B95 B4FCFFFF
8B02
8B8D B4FCFFFF
0348 04
898D A0FCFFFF
68 C0010000

ADD ESP,8
MOV DWORD PTR SS:[LOCAL.212],EAX
CMP DWORD PTR SS:[LOCAL.211],0
JNE SHORT 00418DA4
MOV DWORD PTR SS:[LOCAL.247],0
JMP SHORT 00418DBB
MOV ECX,DWORD PTR SS:[LOCAL.211]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[LOCAL.211]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.247],EAX
MOV ECX,DWORD PTR SS:[LOCAL.212]
MOV EDX,DWORD PTR DS:[ECX+4]
PUSH EDX
MOV EAX,DWORD PTR SS:[LOCAL.247]
PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.212]
MOV EDX,DWORD PTR DS:[ECX]
CALL EDX
ADD ESP,8
MOV AL,BYTE PTR SS:[LOCAL.103+2]
MOV BYTE PTR SS:[LOCAL.215+3],AL
MOV ECX,DWORD PTR SS:[LOCAL.211]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[LOCAL.211]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.214],EAX
MOV ECX,DWORD PTR SS:[LOCAL.214]
MOV DL,BYTE PTR DS:[ECX+30]
MOV BYTE PTR SS:[LOCAL.213+3],DL
MOV EAX,DWORD PTR SS:[LOCAL.214]
MOV CL,BYTE PTR SS:[LOCAL.215+3]
MOV BYTE PTR DS:[EAX+30],CL
CMP DWORD PTR SS:[LOCAL.211],0
JNE SHORT 00418E2F
MOV DWORD PTR SS:[LOCAL.216],0
JMP SHORT 00418E46
MOV EDX,DWORD PTR SS:[LOCAL.211]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[LOCAL.211]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.216],ECX
PUSH 1C0

; /Arg2 = 1

6A 40

PUSH 40

; |Arg1 = 4

8B8D A0FCFFFF MOV ECX,DWORD PTR SS:[LOCAL.216]


E8 28FFFEFF CALL 00408D80

; |
; \SystemIn

68 D8914400

PUSH OFFSET 004491D8

; ASCII "Me

8B95 B4FCFFFF
52
E8 F71AFFFF
83C4 08
8985 98FCFFFF
83BD 98FCFFFF
75 0C
C785 9CFCFFFF
EB 17

MOV EDX,DWORD PTR SS:[LOCAL.211]


PUSH EDX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[LOCAL.218],EAX
CMP DWORD PTR SS:[LOCAL.218],0
JNE SHORT 00418E87
MOV DWORD PTR SS:[LOCAL.217],0
JMP SHORT 00418E9E

00418E87 |>
00418E8D |.
00418E8F |.
00418E95 |.
00418E98 |.
00418E9E |>
C0
00418EA3 |.
0
00418EA8 |.
00418EAE |.
fo.00408D80
00418EB3 |.
00418EB8 |.
00418EBB |.
[LOCAL.10]
00418EBC |.
00418EC2 |.
00418EC3 |.
00418EC9 |.
[LOCAL.218]
00418ECA |.
nfo.0040AE20
00418ECF |.
00418ED2 |.
00418ED4 |.
fo.00406190
00418ED9 |.
00418EDA |.
00418EDF |.
00418EE2 |.
00418EE8 |.
A
00418EEA |.
00418EF0 |.
fo.0040F5C0
00418EF5 |.
00418EFB |.
fo.0040F7C0
00418F00 |.
00418F04 |.
00418F06 |.
00418F08 |.
00418F0E |.
fo.0040FB60
00418F13 |.
00418F1A |.
00418F1C |.
00418F1E |.
00418F24 |.
fo.0040FB60
00418F29 |>
00418F2C |.
00418F33 |.
00418F34 |.
00418F36 |.
00418F37 \.
00418F38
00418F39
00418F3A

8B85 98FCFFFF
8B08
8B95 98FCFFFF
0351 04
8995 9CFCFFFF
68 C0010000

MOV EAX,DWORD
MOV ECX,DWORD
MOV EDX,DWORD
ADD EDX,DWORD
MOV DWORD PTR
PUSH 1C0

68 80000000

PUSH 80

PTR SS:[LOCAL.218]
PTR DS:[EAX]
PTR SS:[LOCAL.218]
PTR DS:[ECX+4]
SS:[LOCAL.217],EDX
; /Arg2 = 1
; |Arg1 = 8

8B8D 9CFCFFFF MOV ECX,DWORD PTR SS:[LOCAL.217]


E8 CDFEFEFF CALL 00408D80

; |
; \SystemIn

68 D4914400
8B45 D8
50

; /Arg1 =>

PUSH OFFSET 004491D4


MOV EAX,DWORD PTR SS:[LOCAL.10]
PUSH EAX

8D8D 67FEFFFF LEA ECX,[LOCAL.103+3]


51
PUSH ECX
8B95 98FCFFFF MOV EDX,DWORD PTR SS:[LOCAL.218]
52
PUSH EDX

;
;
;
;

E8 511FFFFF

CALL 0040AE20

; |\SystemI

83C4 08
8BC8
E8 B7D2FEFF

ADD ESP,8
MOV ECX,EAX
CALL 00406190

; |
; |
; \SystemIn

50
E8 811AFFFF
83C4 08
8985 94FCFFFF
6A 0A

PUSH EAX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[LOCAL.219],EAX
PUSH 0A

; /Arg1 = 0

8B8D 94FCFFFF MOV ECX,DWORD PTR SS:[LOCAL.219]


E8 CB66FFFF CALL 0040F5C0

; |
; \SystemIn

8B8D 94FCFFFF MOV ECX,DWORD PTR SS:[LOCAL.219]


E8 C068FFFF CALL 0040F7C0

; [SystemIn

C645 FC 08
6A 00
6A 01
8D8D 24FEFFFF
E8 4D6CFFFF

MOV BYTE PTR SS:[LOCAL.1],8


PUSH 0
PUSH 1
LEA ECX,[LOCAL.119]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

C745 FC FFFFF
6A 00
6A 01
8D8D 40FEFFFF
E8 376CFFFF

MOV DWORD PTR SS:[LOCAL.1],-1


PUSH 0
PUSH 1
LEA ECX,[LOCAL.112]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

8B4D F4
MOV ECX,DWORD PTR SS:[LOCAL.3]
64:890D 00000 MOV DWORD PTR FS:[0],ECX
59
POP ECX
8BE5
MOV ESP,EBP
5D
POP EBP
C3
RETN
CC
INT3
CC
INT3
CC
INT3

|
|/Arg2
||
||Arg1 =>

00418F3B
CC
00418F3C
CC
00418F3D
CC
00418F3E
CC
00418F3F
CC
00418F40 /$ 55
o.00418F40(guessed Arg1)
00418F41 |. 8BEC
00418F43 |. 6A FF
00418F45 |. 68 2C5F4400
00418F4A |. 64:A1 0000000
00418F50 |. 50
00418F51 |. 81EC 2C050000
00418F57 |. A1 A0154500
00418F5C |. 33C5
00418F5E |. 8945 B8
00418F61 |. 56
00418F62 |. 50
00418F63 |. 8D45 F4
00418F66 |. 64:A3 0000000
00418F6C |. C785 C0FBFFFF
00418F76 |. C745 F0 00000
00418F7D |. A1 F8284500
00418F82 |. 83C0 01
00418F85 |. A3 F8284500
00418F8A |. C705 FC284500
00418F94 |. 68 77874400
ystemInfo.448777
00418F99 |. 8D8D 68FCFFFF
00418F9F |. E8 4C5CFFFF
fo.0040EBF0
00418FA4 |. C745 FC 00000
00418FAB |. 8D8D 68FCFFFF
00418FB1 |. 51
00418FB2 |. B9 0C294500
00418FB7 |. E8 64E1FEFF
fo.00407120
00418FBC |. 68 74874400
"
00418FC1 |. 8B15 F8284500
00418FC7 |. 52
[4528F8] = 0
00418FC8 |. B9 08294500
00418FCD |. E8 8ECEFEFF
fo.00405E60
00418FD2 |. 50
00418FD3 |. E8 8819FFFF
00418FD8 |. 83C4 08
00418FDB |. 8D85 4CFCFFFF
00418FE1 |. 50
00418FE2 |. B9 08294500
00418FE7 |. E8 74D4FEFF
fo.00406460
00418FEC |. 8985 E8FAFFFF
00418FF2 |. 8B8D E8FAFFFF
00418FF8 |. 898D E4FAFFFF
00418FFE |. C645 FC 01
00419002 |. 837D 08 00
00419006 |. 75 0C
00419008 |. C785 ECFBFFFF

INT3
INT3
INT3
INT3
INT3
PUSH EBP

; SystemInf

MOV EBP,ESP
PUSH -1
PUSH 00445F2C
MOV EAX,DWORD PTR FS:[0]
PUSH EAX
SUB ESP,52C
MOV EAX,DWORD PTR DS:[4515A0]
XOR EAX,EBP
MOV DWORD PTR SS:[EBP-48],EAX
PUSH ESI
PUSH EAX
LEA EAX,[EBP-0C]
MOV DWORD PTR FS:[0],EAX
MOV DWORD PTR SS:[EBP-440],0
MOV DWORD PTR SS:[EBP-10],0
MOV EAX,DWORD PTR DS:[4528F8]
ADD EAX,1
MOV DWORD PTR DS:[4528F8],EAX
MOV DWORD PTR DS:[4528FC],0
PUSH OFFSET 00448777

; /Arg1 = S

LEA ECX,[EBP-398]
CALL 0040EBF0

; |
; \SystemIn

MOV DWORD PTR SS:[EBP-4],0


LEA ECX,[EBP-398]
PUSH ECX
MOV ECX,OFFSET 0045290C
CALL 00407120

; /Arg1
; |
; \SystemIn

PUSH OFFSET 00448774

; ASCII ".

MOV EDX,DWORD PTR DS:[4528F8]


PUSH EDX

; /Arg1 =>

MOV ECX,OFFSET 00452908


CALL 00405E60

; |
; \SystemIn

PUSH EAX
CALL 0040A960
ADD ESP,8
LEA EAX,[EBP-3B4]
PUSH EAX
MOV ECX,OFFSET 00452908
CALL 00406460

; /Arg1
; |
; \SystemIn

MOV
MOV
MOV
MOV
CMP
JNE
MOV

DWORD PTR SS:[EBP-518],EAX


ECX,DWORD PTR SS:[EBP-518]
DWORD PTR SS:[EBP-51C],ECX
BYTE PTR SS:[EBP-4],1
DWORD PTR SS:[EBP+8],0
SHORT 00419014
DWORD PTR SS:[EBP-414],0

00419012 |.
00419014 |>
00419017 |.
00419019 |.
0041901C |.
0041901F |.
00419025 |>
0041902B |.
0041902E |.
00419034 |.
00419039 |.
0041903B |.
00419041 |.
00419044 |.
00419049 |.
0041904E |.
00419053 |.
00419055 |.
0041905B |.
0041905E |.
00419060 |.
00419066 |.
00419067 |.
fo.0042D798
0041906C |.
0041906F |.
00419075 |.
00419079 |.
0041907B |.
00419085 |.
00419087 |>
0041908A |.
0041908C |.
0041908F |.
00419092 |.
00419098 |>
0041909E |.
004190A1 |.
004190A2 |.
004190A8 |.
004190A9 |.
004190AF |.
004190B1 |.
004190B3 |.
004190B6 |.
004190BC |.
004190BD |.
004190C0 |.
004190C1 |.
004190C6 |.
004190C9 |.
004190CF |.
004190D6 |.
004190D8 |.
004190E2 |.
004190E4 |>
004190EA |.
004190EC |.
004190F2 |.
004190F5 |.

EB 11
8B55 08
8B02
8B4D 08
0348 04
898D ECFBFFFF
8B95 ECFBFFFF
8B42 10
8985 F0FBFFFF
B9 C0010000
F7D1
8B95 ECFBFFFF
234A 10
B8 40000000
25 C0010000
25 FFFF0000
0BC8
8B95 ECFBFFFF
894A 10
6A 06
8D85 44FCFFFF
50
E8 2C470100

JMP SHORT 00419025


MOV EDX,DWORD PTR SS:[EBP+8]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[EBP+8]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[EBP-414],ECX
MOV EDX,DWORD PTR SS:[EBP-414]
MOV EAX,DWORD PTR DS:[EDX+10]
MOV DWORD PTR SS:[EBP-410],EAX
MOV ECX,1C0
NOT ECX
MOV EDX,DWORD PTR SS:[EBP-414]
AND ECX,DWORD PTR DS:[EDX+10]
MOV EAX,40
AND EAX,000001C0
AND EAX,0000FFFF
OR ECX,EAX
MOV EDX,DWORD PTR SS:[EBP-414]
MOV DWORD PTR DS:[EDX+10],ECX
PUSH 6
LEA EAX,[EBP-3BC]
PUSH EAX
CALL 0042D798

83C4 08
8985 E8FBFFFF
837D 08 00
75 0C
C785 E0FAFFFF
EB 11
8B4D 08
8B11
8B45 08
0342 04
8985 E0FAFFFF
8B8D E8FBFFFF
8B51 04
52
8B85 E0FAFFFF
50
8B8D E8FBFFFF
8B11
FFD2
83C4 08
8B85 E4FAFFFF
50
8B4D 08
51
E8 9A1DFFFF
83C4 08
8985 DCFBFFFF
83BD DCFBFFFF
75 0C
C785 E0FBFFFF
EB 17
8B95 DCFBFFFF
8B02
8B8D DCFBFFFF
0348 04
898D E0FBFFFF

ADD ESP,8
MOV DWORD PTR SS:[EBP-418],EAX
CMP DWORD PTR SS:[EBP+8],0
JNE SHORT 00419087
MOV DWORD PTR SS:[EBP-520],0
JMP SHORT 00419098
MOV ECX,DWORD PTR SS:[EBP+8]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[EBP+8]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[EBP-520],EAX
MOV ECX,DWORD PTR SS:[EBP-418]
MOV EDX,DWORD PTR DS:[ECX+4]
PUSH EDX
MOV EAX,DWORD PTR SS:[EBP-520]
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP-418]
MOV EDX,DWORD PTR DS:[ECX]
CALL EDX
ADD ESP,8
MOV EAX,DWORD PTR SS:[EBP-51C]
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP+8]
PUSH ECX
CALL 0040AE60
ADD ESP,8
MOV DWORD PTR SS:[EBP-424],EAX
CMP DWORD PTR SS:[EBP-424],0
JNE SHORT 004190E4
MOV DWORD PTR SS:[EBP-420],0
JMP SHORT 004190FB
MOV EDX,DWORD PTR SS:[EBP-424]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[EBP-424]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[EBP-420],ECX

;
;
;
;

/Arg2 = 6
|
|Arg1
\SystemIn

004190FB |> 8B95 E0FBFFFF


00419101 |. 8B42 10
00419104 |. 8985 E4FBFFFF
0041910A |. B9 C0010000
0041910F |. F7D1
00419111 |. 8B95 E0FBFFFF
00419117 |. 234A 10
0041911A |. B8 80000000
0041911F |. 25 C0010000
00419124 |. 25 FFFF0000
00419129 |. 0BC8
0041912B |. 8B95 E0FBFFFF
00419131 |. 894A 10
00419134 |. 68 50934400
IVES"
00419139 |. 8B85 DCFBFFFF
0041913F |. 50
00419140 |. E8 1B18FFFF
00419145 |. 83C4 08
00419148 |. 8985 D8FBFFFF
0041914E |. 6A 0A
A
00419150 |. 8B8D D8FBFFFF
00419156 |. E8 6564FFFF
fo.0040F5C0
0041915B |. 8B8D D8FBFFFF
00419161 |. E8 5A66FFFF
fo.0040F7C0
00419166 |. C645 FC 00
0041916A |. 6A 00
0041916C |. 6A 01
0041916E |. 8D8D 4CFCFFFF
00419174 |. E8 E769FFFF
fo.0040FB60
00419179 |. C745 FC FFFFF
00419180 |. 6A 00
00419182 |. 6A 01
00419184 |. 8D8D 68FCFFFF
0041918A |. E8 D169FFFF
fo.0040FB60
0041918F |. 8D8D 34FFFFFF
00419195 |. 51
00419196 |. 68 80000000
= 128.
0041919B |. FF15 8C804400
.GetLogicalDriveStringsA
004191A1 |. 85C0
004191A3 |. 0F85 A3000000
004191A9 |. 6A 06
004191AB |. 8D95 3CFCFFFF
004191B1 |. 52
004191B2 |. E8 E1450100
fo.0042D798
004191B7 |. 83C4 08
004191BA |. 8985 D4FBFFFF
004191C0 |. 837D 08 00
004191C4 |. 75 0C
004191C6 |. C785 DCFAFFFF
004191D0 |. EB 11
004191D2 |> 8B45 08

MOV EDX,DWORD PTR SS:[EBP-420]


MOV EAX,DWORD PTR DS:[EDX+10]
MOV DWORD PTR SS:[EBP-41C],EAX
MOV ECX,1C0
NOT ECX
MOV EDX,DWORD PTR SS:[EBP-420]
AND ECX,DWORD PTR DS:[EDX+10]
MOV EAX,80
AND EAX,000001C0
AND EAX,0000FFFF
OR ECX,EAX
MOV EDX,DWORD PTR SS:[EBP-420]
MOV DWORD PTR DS:[EDX+10],ECX
PUSH OFFSET 00449350

; ASCII "DR

MOV EAX,DWORD PTR SS:[EBP-424]


PUSH EAX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[EBP-428],EAX
PUSH 0A

; /Arg1 = 0

MOV ECX,DWORD PTR SS:[EBP-428]


CALL 0040F5C0

; |
; \SystemIn

MOV ECX,DWORD PTR SS:[EBP-428]


CALL 0040F7C0

; [SystemIn

MOV BYTE PTR SS:[EBP-4],0


PUSH 0
PUSH 1
LEA ECX,[EBP-3B4]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

MOV DWORD PTR SS:[EBP-4],-1


PUSH 0
PUSH 1
LEA ECX,[EBP-398]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

LEA ECX,[EBP-0CC]
PUSH ECX
PUSH 80

; /Buf
; |Bufsize

CALL DWORD PTR DS:[<&KERNEL32.GetLogical ; \KERNEL32


TEST EAX,EAX
JNE 0041924C
PUSH 6
LEA EDX,[EBP-3C4]
PUSH EDX
CALL 0042D798
ADD
MOV
CMP
JNE
MOV
JMP
MOV

ESP,8
DWORD PTR SS:[EBP-42C],EAX
DWORD PTR SS:[EBP+8],0
SHORT 004191D2
DWORD PTR SS:[EBP-524],0
SHORT 004191E3
EAX,DWORD PTR SS:[EBP+8]

;
;
;
;

/Arg2 = 6
|
|Arg1
\SystemIn

004191D5 |.
004191D7 |.
004191DA |.
004191DD |.
004191E3 |>
004191E9 |.
004191EC |.
004191ED |.
004191F3 |.
004191F4 |.
004191FA |.
004191FC |.
004191FE |.
00419201 |.
SCII "Cannot
00419206 |.
fo.00410650
0041920B |.
0041920E |.
0041920F |.
00419214 |.
00419217 |.
00419218 |.
0041921D |.
00419220 |.
00419221 |.
00419226 |.
00419229 |.
0041922F |.
A
00419231 |.
00419237 |.
fo.0040F5C0
0041923C |.
00419242 |.
fo.0040F7C0
00419247 |.
0041924C |>
00419252 |.
00419258 |.
0041925A |>
00419260 |.
00419261 |.
fo.0042E280
00419266 |.
00419269 |.
0041926F |.
00419273 |.
00419279 |>
0041927F |.
00419282 |.
00419284 |.
0041928A |.
0041928C |.
0041928E |.
00419294 |.
fo.004227E0
00419299 |.
004192A0 |.
004192A6 |.

8B08
MOV ECX,DWORD PTR DS:[EAX]
8B55 08
MOV EDX,DWORD PTR SS:[EBP+8]
0351 04
ADD EDX,DWORD PTR DS:[ECX+4]
8995 DCFAFFFF MOV DWORD PTR SS:[EBP-524],EDX
8B85 D4FBFFFF MOV EAX,DWORD PTR SS:[EBP-42C]
8B48 04
MOV ECX,DWORD PTR DS:[EAX+4]
51
PUSH ECX
8B95 DCFAFFFF MOV EDX,DWORD PTR SS:[EBP-524]
52
PUSH EDX
8B85 D4FBFFFF MOV EAX,DWORD PTR SS:[EBP-42C]
8B08
MOV ECX,DWORD PTR DS:[EAX]
FFD1
CALL ECX
83C4 08
ADD ESP,8
68 34934400 PUSH OFFSET 00449334
get logical drives"
E8 4574FFFF CALL 00410650
83C4 04
50
68 77874400
8B55 08
52
E8 4317FFFF
83C4 08
50
E8 3A17FFFF
83C4 08
8985 C4FBFFFF
6A 0A

; /Arg1 = A
; \SystemIn

ADD ESP,4
PUSH EAX
PUSH OFFSET 00448777
MOV EDX,DWORD PTR SS:[EBP+8]
PUSH EDX
CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[EBP-43C],EAX
PUSH 0A

; /Arg1 = 0

8B8D C4FBFFFF MOV ECX,DWORD PTR SS:[EBP-43C]


E8 8463FFFF CALL 0040F5C0

; |
; \SystemIn

8B8D C4FBFFFF MOV ECX,DWORD PTR SS:[EBP-43C]


E8 7965FFFF CALL 0040F7C0

; [SystemIn

E9 54070000
8D85 34FFFFFF
8985 30FFFFFF
EB 1F
8B8D 30FFFFFF
51
E8 1A500100

JMP 004199A0
LEA EAX,[EBP-0CC]
MOV DWORD PTR SS:[EBP-0D0],EAX
JMP SHORT 00419279
MOV ECX,DWORD PTR SS:[EBP-0D0]
PUSH ECX
CALL 0042E280

; /Arg1
; \SystemIn

83C4 04
8B95 30FFFFFF
8D4402 01
8985 30FFFFFF
8B8D 30FFFFFF
0FBE11
85D2
0F84 16070000
6A 01
6A 02
8D8D 94FCFFFF
E8 47950000

ADD ESP,4
MOV EDX,DWORD PTR SS:[EBP-0D0]
LEA EAX,[EAX+EDX+1]
MOV DWORD PTR SS:[EBP-0D0],EAX
MOV ECX,DWORD PTR SS:[EBP-0D0]
MOVSX EDX,BYTE PTR DS:[ECX]
TEST EDX,EDX
JE 004199A0
PUSH 1
PUSH 2
LEA ECX,[EBP-36C]
CALL 004227E0

;
;
;
;

C745 FC 02000 MOV DWORD PTR SS:[EBP-4],2


8B85 30FFFFFF MOV EAX,DWORD PTR SS:[EBP-0D0]
50
PUSH EAX

/Arg2 = 1
|Arg1 = 2
|
\SystemIn

004192A7 |. 8D8D 94FCFFFF


004192AD |. 51
004192AE |. E8 AD16FFFF
004192B3 |. 83C4 08
004192B6 |. 8B95 30FFFFFF
004192BC |. 52
004192BD |. FF15 88804400
.GetDriveTypeA
004192C3 |. 8985 90FCFFFF
004192C9 |. 8B85 90FCFFFF
004192CF |. 8985 D8FAFFFF
004192D5 |. 83BD D8FAFFFF
004192DC |. 0F87 AD000000
004192E2 |. 8B8D D8FAFFFF
004192E8 |. FF248D BC9941
004192EF |> 68 28934400
nknown"
004192F4 |. 8D95 94FCFFFF
004192FA |. 52
004192FB |. E8 6016FFFF
00419300 |. 83C4 08
00419303 \. E9 9B000000
00419308 /> 68 14934400
nvalid root path"
0041930D |. 8D85 94FCFFFF
00419313 |. 50
00419314 |. E8 4716FFFF
00419319 |. 83C4 08
0041931C \. E9 82000000
00419321 /> 68 08934400
emovable"
00419326 |. 8D8D 94FCFFFF
0041932C |. 51
0041932D |. E8 2E16FFFF
00419332 |. 83C4 08
00419335 \. EB 6C
00419337 /> 68 00934400
ixed"
0041933C |. 8D95 94FCFFFF
00419342 |. 52
00419343 |. E8 1816FFFF
00419348 |. 83C4 08
0041934B \. EB 56
0041934D /> 68 F4924400
etwork"
00419352 |. 8D85 94FCFFFF
00419358 |. 50
00419359 |. E8 0216FFFF
0041935E |. 83C4 08
00419361 \. EB 40
00419363 /> 68 EC924400
D/DVD"
00419368 |. 8D8D 94FCFFFF
0041936E |. 51
0041936F |. E8 EC15FFFF
00419374 |. 83C4 08
00419377 \. EB 2A
00419379 /> 68 E0924400
AM Disk"
0041937E |. 8D95 94FCFFFF

LEA ECX,[EBP-36C]
PUSH ECX
CALL 0040A960
ADD ESP,8
MOV EDX,DWORD PTR SS:[EBP-0D0]
PUSH EDX
; /RootPath
CALL DWORD PTR DS:[<&KERNEL32.GetDriveTy ; \KERNEL32
MOV DWORD PTR SS:[EBP-370],EAX
MOV EAX,DWORD PTR SS:[EBP-370]
MOV DWORD PTR SS:[EBP-528],EAX
CMP DWORD PTR SS:[EBP-528],6
JA 0041938F
MOV ECX,DWORD PTR SS:[EBP-528]
JMP DWORD PTR DS:[ECX*4+4199BC]
PUSH OFFSET 00449328

; ASCII " U

LEA EDX,[EBP-36C]
PUSH EDX
CALL 0040A960
ADD ESP,8
JMP 004193A3
PUSH OFFSET 00449314

; ASCII " I

LEA EAX,[EBP-36C]
PUSH EAX
CALL 0040A960
ADD ESP,8
JMP 004193A3
PUSH OFFSET 00449308

; ASCII " R

LEA ECX,[EBP-36C]
PUSH ECX
CALL 0040A960
ADD ESP,8
JMP SHORT 004193A3
PUSH OFFSET 00449300

; ASCII " F

LEA EDX,[EBP-36C]
PUSH EDX
CALL 0040A960
ADD ESP,8
JMP SHORT 004193A3
PUSH OFFSET 004492F4

; ASCII " N

LEA EAX,[EBP-36C]
PUSH EAX
CALL 0040A960
ADD ESP,8
JMP SHORT 004193A3
PUSH OFFSET 004492EC

; ASCII " C

LEA ECX,[EBP-36C]
PUSH ECX
CALL 0040A960
ADD ESP,8
JMP SHORT 004193A3
PUSH OFFSET 004492E0

; ASCII " R

LEA EDX,[EBP-36C]

00419384 |. 52
00419385 |. E8 D615FFFF
0041938A |. 83C4 08
0041938D |. EB 14
0041938F |> 68 D0924400
nvalid type"
00419394 |. 8D85 94FCFFFF
0041939A |. 50
0041939B |. E8 C015FFFF
004193A0 |. 83C4 08
004193A3 |> 68 04010000
ize = 260.
004193A8 |. 8D8D 24FEFFFF
004193AE |. 51
004193AF |. 8D95 88FCFFFF
004193B5 |. 52
004193B6 |. 8D85 8CFCFFFF
004193BC |. 50
Length
004193BD |. 8D8D 2CFFFFFF
004193C3 |. 51
umber
004193C4 |. 68 04010000
ze = 260.
004193C9 |. 8D95 14FDFFFF
004193CF |. 52
me
004193D0 |. 8B85 30FFFFFF
004193D6 |. 50
004193D7 |. FF15 84804400
.GetVolumeInformationA
004193DD |. 85C0
004193DF |. 0F84 B3000000
004193E5 |. 8D8D 24FEFFFF
004193EB |. 51
004193EC |. 68 64854400
"
004193F1 |. 8D95 94FCFFFF
004193F7 |. 52
004193F8 |. E8 6315FFFF
004193FD |. 83C4 08
00419400 |. 50
00419401 |. E8 5A15FFFF
00419406 |. 83C4 08
00419409 |. 8B85 88FCFFFF
0041940F |. 25 00000800
00419414 |. 74 14
00419416 |. 68 C4924400
ead-only"
0041941B |. 8D8D 94FCFFFF
00419421 |. 51
00419422 |. E8 3915FFFF
00419427 |. 83C4 08
0041942A |> 8B95 88FCFFFF
00419430 |. 81E2 00800000
00419436 |. 74 14
00419438 |. 68 B8924400
ompressed"
0041943D |. 8D85 94FCFFFF
00419443 |. 50

PUSH EDX
CALL 0040A960
ADD ESP,8
JMP SHORT 004193A3
PUSH OFFSET 004492D0

; ASCII " I

LEA EAX,[EBP-36C]
PUSH EAX
CALL 0040A960
ADD ESP,8
PUSH 104

; /SysNameS

LEA ECX,[EBP-1DC]
PUSH ECX
LEA EDX,[EBP-378]
PUSH EDX
LEA EAX,[EBP-374]
PUSH EAX

;
;
;
;
;
;

LEA ECX,[EBP-0D4]
PUSH ECX

; |
; |pSerialN

PUSH 104

; |VolumeSi

LEA EDX,[EBP-2EC]
PUSH EDX

; |
; |VolumeNa

|
|SysName
|
|pFlags
|
|pMaxName

MOV EAX,DWORD PTR SS:[EBP-0D0]


; |
PUSH EAX
; |Root
CALL DWORD PTR DS:[<&KERNEL32.GetVolumeI ; \KERNEL32
TEST EAX,EAX
JE 00419498
LEA ECX,[EBP-1DC]
PUSH ECX
PUSH OFFSET 00448564

; ASCII " (

LEA EDX,[EBP-36C]
PUSH EDX
CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
MOV EAX,DWORD PTR SS:[EBP-378]
AND EAX,00080000
JE SHORT 0041942A
PUSH OFFSET 004492C4

; ASCII " r

LEA ECX,[EBP-36C]
PUSH ECX
CALL 0040A960
ADD ESP,8
MOV EDX,DWORD PTR SS:[EBP-378]
AND EDX,00008000
JE SHORT 0041944C
PUSH OFFSET 004492B8

; ASCII " c

LEA EAX,[EBP-36C]
PUSH EAX

00419444 |.
00419449 |.
0041944C |>
00419453 |.
00419455 |.
00419457 |.
0041945E |.
00419460 |.
00419466 |.
00419467 |.
"
0041946C |.
00419472 |.
00419473 |.
00419478 |.
0041947B |.
0041947C |.
00419481 |.
00419484 |>
00419489 |.
0041948F |.
00419490 |.
00419495 |.
00419498 |>
0041949E |.
0041949F |.
004194A5 |.
fo.00406460
004194AA |.
004194B0 |.
004194B6 |.
004194BC |.
004194C0 |.
004194C7 |.
004194CE |.
004194D0 |.
004194D6 |.
004194D7 |.
fo.0042D798
004194DC |.
004194DF |.
004194E5 |.
004194E9 |.
004194EB |.
004194F5 |.
004194F7 |>
004194FA |.
004194FC |.
004194FF |.
00419502 |.
00419508 |>
0041950E |.
00419511 |.
00419512 |.
00419518 |.
00419519 |.
0041951F |.
00419521 |.
00419523 |.
00419526 |.

E8 1715FFFF
83C4 08
0FBE8D 14FDFF
85C9
74 2D
83BD 90FCFFFF
74 24
8D95 14FDFFFF
52
68 B4924400

CALL 0040A960
ADD ESP,8
MOVSX ECX,BYTE PTR SS:[EBP-2EC]
TEST ECX,ECX
JE SHORT 00419484
CMP DWORD PTR SS:[EBP-370],4
JE SHORT 00419484
LEA EDX,[EBP-2EC]
PUSH EDX
PUSH OFFSET 004492B4

; ASCII ":

8D85 94FCFFFF
50
E8 E814FFFF
83C4 08
50
E8 DF14FFFF
83C4 08
68 68854400
8D8D 94FCFFFF
51
E8 CB14FFFF
83C4 08
8D95 1CFCFFFF
52
8D8D 94FCFFFF
E8 B6CFFEFF

LEA EAX,[EBP-36C]
PUSH EAX
CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
PUSH OFFSET 00448568
LEA ECX,[EBP-36C]
PUSH ECX
CALL 0040A960
ADD ESP,8
LEA EDX,[EBP-3E4]
PUSH EDX
LEA ECX,[EBP-36C]
CALL 00406460

; /Arg1
; |
; \SystemIn

8985 D4FAFFFF
8B85 D4FAFFFF
8985 D0FAFFFF
C645 FC 03
C685 3BFCFFFF
C685 1BFCFFFF
6A 06
8D8D 08FCFFFF
51
E8 BC420100

MOV DWORD PTR SS:[EBP-52C],EAX


MOV EAX,DWORD PTR SS:[EBP-52C]
MOV DWORD PTR SS:[EBP-530],EAX
MOV BYTE PTR SS:[EBP-4],3
MOV BYTE PTR SS:[EBP-3C5],20
MOV BYTE PTR SS:[EBP-3E5],2E
PUSH 6
LEA ECX,[EBP-3F8]
PUSH ECX
CALL 0042D798

;
;
;
;

83C4 08
8985 B8FBFFFF
837D 08 00
75 0C
C785 CCFAFFFF
EB 11
8B55 08
8B02
8B4D 08
0348 04
898D CCFAFFFF
8B95 B8FBFFFF
8B42 04
50
8B8D CCFAFFFF
51
8B95 B8FBFFFF
8B02
FFD0
83C4 08
6A 23

ADD ESP,8
MOV DWORD PTR SS:[EBP-448],EAX
CMP DWORD PTR SS:[EBP+8],0
JNE SHORT 004194F7
MOV DWORD PTR SS:[EBP-534],0
JMP SHORT 00419508
MOV EDX,DWORD PTR SS:[EBP+8]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[EBP+8]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[EBP-534],ECX
MOV EDX,DWORD PTR SS:[EBP-448]
MOV EAX,DWORD PTR DS:[EDX+4]
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP-534]
PUSH ECX
MOV EDX,DWORD PTR SS:[EBP-448]
MOV EAX,DWORD PTR DS:[EDX]
CALL EAX
ADD ESP,8
PUSH 23

; /Arg2 = 2

/Arg2 = 6
|
|Arg1
\SystemIn

3
00419528 |.
0041952E |.
0041952F |.
fo.0042D798
00419534 |.
00419537 |.
0041953D |.
00419542 |.
00419545 |.
00419546 |.
0041954B |.
0041954E |.
00419554 |.
0041955B |.
0041955D |.
00419567 |.
00419569 |>
0041956F |.
00419571 |.
00419577 |.
0041957A |.
00419580 |>
00419586 |.
00419589 |.
0041958A |.
00419590 |.
00419591 |.
00419597 |.
00419599 |.
0041959B |.
0041959E |.
004195A4 |.
004195AA |.
004195B0 |.
004195B2 |.
004195B8 |.
004195BB |.
004195C1 |.
004195C7 |.
004195CA |.
004195D0 |.
004195D6 |.
004195DC |.
004195DF |.
004195E6 |.
004195E8 |.
004195F2 |.
004195F4 |>
004195FA |.
004195FC |.
00419602 |.
00419605 |.
0041960B |>
00419611 |.
00419614 |.
0041961A |.
0041961F |.
00419621 |.
00419627 |.

8D8D 10FCFFFF LEA ECX,[EBP-3F0]


51
PUSH ECX
E8 64420100 CALL 0042D798
83C4 08
8985 B0FBFFFF
68 77874400
8B55 08
52
E8 1514FFFF
83C4 08
8985 B4FBFFFF
83BD B4FBFFFF
75 0C
C785 C8FAFFFF
EB 17
8B85 B4FBFFFF
8B08
8B95 B4FBFFFF
0351 04
8995 C8FAFFFF
8B85 B0FBFFFF
8B48 04
51
8B95 C8FAFFFF
52
8B85 B0FBFFFF
8B08
FFD1
83C4 08
8A95 1BFCFFFF
8895 A7FBFFFF
8B85 B4FBFFFF
8B08
8B95 B4FBFFFF
0351 04
8995 A8FBFFFF
8B85 A8FBFFFF
8A48 30
888D AFFBFFFF
8B95 A8FBFFFF
8A85 A7FBFFFF
8842 30
83BD B4FBFFFF
75 0C
C785 9CFBFFFF
EB 17
8B8D B4FBFFFF
8B11
8B85 B4FBFFFF
0342 04
8985 9CFBFFFF
8B8D 9CFBFFFF
8B51 10
8995 A0FBFFFF
B8 C0010000
F7D0
8B8D 9CFBFFFF
2341 10

ADD ESP,8
MOV DWORD PTR SS:[EBP-450],EAX
PUSH OFFSET 00448777
MOV EDX,DWORD PTR SS:[EBP+8]
PUSH EDX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[EBP-44C],EAX
CMP DWORD PTR SS:[EBP-44C],0
JNE SHORT 00419569
MOV DWORD PTR SS:[EBP-538],0
JMP SHORT 00419580
MOV EAX,DWORD PTR SS:[EBP-44C]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[EBP-44C]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[EBP-538],EDX
MOV EAX,DWORD PTR SS:[EBP-450]
MOV ECX,DWORD PTR DS:[EAX+4]
PUSH ECX
MOV EDX,DWORD PTR SS:[EBP-538]
PUSH EDX
MOV EAX,DWORD PTR SS:[EBP-450]
MOV ECX,DWORD PTR DS:[EAX]
CALL ECX
ADD ESP,8
MOV DL,BYTE PTR SS:[EBP-3E5]
MOV BYTE PTR SS:[EBP-459],DL
MOV EAX,DWORD PTR SS:[EBP-44C]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[EBP-44C]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[EBP-458],EDX
MOV EAX,DWORD PTR SS:[EBP-458]
MOV CL,BYTE PTR DS:[EAX+30]
MOV BYTE PTR SS:[EBP-451],CL
MOV EDX,DWORD PTR SS:[EBP-458]
MOV AL,BYTE PTR SS:[EBP-459]
MOV BYTE PTR DS:[EDX+30],AL
CMP DWORD PTR SS:[EBP-44C],0
JNE SHORT 004195F4
MOV DWORD PTR SS:[EBP-464],0
JMP SHORT 0041960B
MOV ECX,DWORD PTR SS:[EBP-44C]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[EBP-44C]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[EBP-464],EAX
MOV ECX,DWORD PTR SS:[EBP-464]
MOV EDX,DWORD PTR DS:[ECX+10]
MOV DWORD PTR SS:[EBP-460],EDX
MOV EAX,1C0
NOT EAX
MOV ECX,DWORD PTR SS:[EBP-464]
AND EAX,DWORD PTR DS:[ECX+10]

; |
; |Arg1
; \SystemIn

0041962A |. BA 40000000
0041962F |. 81E2 C0010000
00419635 |. 81E2 FFFF0000
0041963B |. 0BC2
0041963D |. 8B8D 9CFBFFFF
00419643 |. 8941 10
00419646 |. 8B95 D0FAFFFF
0041964C |. 52
0041964D |. 8B85 B4FBFFFF
00419653 |. 50
00419654 |. E8 0718FFFF
00419659 |. 83C4 08
0041965C |. 8985 90FBFFFF
00419662 |. 83BD 90FBFFFF
00419669 |. 75 0C
0041966B |. C785 94FBFFFF
00419675 |. EB 17
00419677 |> 8B8D 90FBFFFF
0041967D |. 8B11
0041967F |. 8B85 90FBFFFF
00419685 |. 0342 04
00419688 |. 8985 94FBFFFF
0041968E |> 8B8D 94FBFFFF
00419694 |. 8B51 10
00419697 |. 8995 98FBFFFF
0041969D |. B8 C0010000
004196A2 |. F7D0
004196A4 |. 8B8D 94FBFFFF
004196AA |. 2341 10
004196AD |. BA 80000000
004196B2 |. 81E2 C0010000
004196B8 |. 81E2 FFFF0000
004196BE |. 0BC2
004196C0 |. 8B8D 94FBFFFF
004196C6 |. 8941 10
004196C9 |. 8A95 3BFCFFFF
004196CF |. 8895 87FBFFFF
004196D5 |. 8B85 90FBFFFF
004196DB |. 8B08
004196DD |. 8B95 90FBFFFF
004196E3 |. 0351 04
004196E6 |. 8995 88FBFFFF
004196EC |. 8B85 88FBFFFF
004196F2 |. 8A48 30
004196F5 |. 888D 8FFBFFFF
004196FB |. 8B95 88FBFFFF
00419701 |. 8A85 87FBFFFF
00419707 |. 8842 30
0041970A |. C645 FC 02
0041970E |. 6A 00
00419710 |. 6A 01
00419712 |. 8D8D 1CFCFFFF
00419718 |. E8 4364FFFF
fo.0040FB60
0041971D |. 68 A0924400
= "GetDiskFreeSpaceExA"
00419722 |. 68 94924400
ame = "KERNEL32"
00419727 |. FF15 80804400
2.GetModuleHandleA

MOV EDX,40
AND EDX,000001C0
AND EDX,0000FFFF
OR EAX,EDX
MOV ECX,DWORD PTR SS:[EBP-464]
MOV DWORD PTR DS:[ECX+10],EAX
MOV EDX,DWORD PTR SS:[EBP-530]
PUSH EDX
MOV EAX,DWORD PTR SS:[EBP-44C]
PUSH EAX
CALL 0040AE60
ADD ESP,8
MOV DWORD PTR SS:[EBP-470],EAX
CMP DWORD PTR SS:[EBP-470],0
JNE SHORT 00419677
MOV DWORD PTR SS:[EBP-46C],0
JMP SHORT 0041968E
MOV ECX,DWORD PTR SS:[EBP-470]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[EBP-470]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[EBP-46C],EAX
MOV ECX,DWORD PTR SS:[EBP-46C]
MOV EDX,DWORD PTR DS:[ECX+10]
MOV DWORD PTR SS:[EBP-468],EDX
MOV EAX,1C0
NOT EAX
MOV ECX,DWORD PTR SS:[EBP-46C]
AND EAX,DWORD PTR DS:[ECX+10]
MOV EDX,80
AND EDX,000001C0
AND EDX,0000FFFF
OR EAX,EDX
MOV ECX,DWORD PTR SS:[EBP-46C]
MOV DWORD PTR DS:[ECX+10],EAX
MOV DL,BYTE PTR SS:[EBP-3C5]
MOV BYTE PTR SS:[EBP-479],DL
MOV EAX,DWORD PTR SS:[EBP-470]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[EBP-470]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[EBP-478],EDX
MOV EAX,DWORD PTR SS:[EBP-478]
MOV CL,BYTE PTR DS:[EAX+30]
MOV BYTE PTR SS:[EBP-471],CL
MOV EDX,DWORD PTR SS:[EBP-478]
MOV AL,BYTE PTR SS:[EBP-479]
MOV BYTE PTR DS:[EDX+30],AL
MOV BYTE PTR SS:[EBP-4],2
PUSH 0
PUSH 1
LEA ECX,[EBP-3E4]
CALL 0040FB60

;
;
;
;

PUSH OFFSET 004492A0

; /Procname

PUSH OFFSET 00449294

; |/ModuleN

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

CALL DWORD PTR DS:[<&KERNEL32.GetModuleH ; |\KERNEL3

0041972D |. 50
0041972E |. FF15 7C804400
.GetProcAddress
00419734 |. 8945 F0
00419737 |. 6A 01
EM_FAILCRITICALERRORS
00419739 |. FF15 78804400
.SetErrorMode
0041973F |. 8985 20FEFFFF
00419745 |. 837D F0 00
00419749 |. 74 1B
0041974B |. 8D4D DC
0041974E |. 51
0041974F |. 8D55 CC
00419752 |. 52
00419753 |. 8D45 BC
00419756 |. 50
00419757 |. 8B8D 30FFFFFF
0041975D |. 51
0041975E |. FF55 F0
00419761 |. 8945 E8
00419764 |. EB 58
00419766 |> 8D55 C8
00419769 |. 52
usters
0041976A |. 8D45 D4
0041976D |. 50
sters
0041976E |. 8D4D EC
00419771 |. 51
rSector
00419772 |. 8D55 D8
00419775 |. 52
PerCluster
00419776 |. 8B85 30FFFFFF
0041977C |. 50
0041977D |. FF15 74804400
.GetDiskFreeSpaceA
00419783 |. 8945 E8
00419786 |. 8B45 C8
00419789 |. 8B4D D8
0041978C |. F7E1
0041978E |. 8B4D EC
00419791 |. 33F6
00419793 |. 56
0
00419794 |. 51
00419795 |. 52
00419796 |. 50
00419797 |. E8 D4880100
fo.00432070
0041979C |. 8945 CC
0041979F |. 8955 D0
004197A2 |. 8B45 D4
004197A5 |. 8B55 D8
004197A8 |. F7E2
004197AA |. 8B4D EC
004197AD |. 33F6
004197AF |. 56
0

PUSH EAX
; |hModule
CALL DWORD PTR DS:[<&KERNEL32.GetProcAdd ; \KERNEL32
MOV DWORD PTR SS:[EBP-10],EAX
PUSH 1

; /Mode = S

CALL DWORD PTR DS:[<&KERNEL32.SetErrorMo ; \KERNEL32


MOV DWORD PTR SS:[EBP-1E0],EAX
CMP DWORD PTR SS:[EBP-10],0
JE SHORT 00419766
LEA ECX,[EBP-24]
PUSH ECX
LEA EDX,[EBP-34]
PUSH EDX
LEA EAX,[EBP-44]
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP-0D0]
PUSH ECX
CALL DWORD PTR SS:[EBP-10]
MOV DWORD PTR SS:[EBP-18],EAX
JMP SHORT 004197BE
LEA EDX,[EBP-38]
PUSH EDX

; /pTotalCl

LEA EAX,[EBP-2C]
PUSH EAX

; |
; |pFreeClu

LEA ECX,[EBP-14]
PUSH ECX

; |
; |pBytesPe

LEA EDX,[EBP-28]
PUSH EDX

; |
; |pSectors

MOV EAX,DWORD PTR SS:[EBP-0D0]


; |
PUSH EAX
; |RootName
CALL DWORD PTR DS:[<&KERNEL32.GetDiskFre ; \KERNEL32
MOV DWORD PTR
MOV EAX,DWORD
MOV ECX,DWORD
MUL ECX
MOV ECX,DWORD
XOR ESI,ESI
PUSH ESI
PUSH
PUSH
PUSH
CALL

SS:[EBP-18],EAX
PTR SS:[EBP-38]
PTR SS:[EBP-28]
PTR SS:[EBP-14]
; /Arg4 =>

ECX
EDX
EAX
00432070

MOV DWORD PTR


MOV DWORD PTR
MOV EAX,DWORD
MOV EDX,DWORD
MUL EDX
MOV ECX,DWORD
XOR ESI,ESI
PUSH ESI

;
;
;
;

|Arg3
|Arg2
|Arg1
\SystemIn

SS:[EBP-34],EAX
SS:[EBP-30],EDX
PTR SS:[EBP-2C]
PTR SS:[EBP-28]
PTR SS:[EBP-14]
; /Arg4 =>

004197B0 |. 51
PUSH ECX
004197B1 |. 52
PUSH EDX
004197B2 |. 50
PUSH EAX
004197B3 |. E8 B8880100 CALL 00432070
fo.00432070
004197B8 |. 8945 DC
MOV DWORD PTR SS:[EBP-24],EAX
004197BB |. 8955 E0
MOV DWORD PTR SS:[EBP-20],EDX
004197BE |> 8B95 20FEFFFF MOV EDX,DWORD PTR SS:[EBP-1E0]
004197C4 |. 52
PUSH EDX
004197C5 |. FF15 78804400 CALL DWORD PTR DS:[<&KERNEL32.SetErrorMo
.SetErrorMode
004197CB |. 837D E8 00
CMP DWORD PTR SS:[EBP-18],0
004197CF |. 0F85 A0000000 JNE 00419875
004197D5 |. FF15 58804400 CALL DWORD PTR DS:[<&KERNEL32.GetLastErr
.GetLastError
004197DB |. 8985 84FCFFFF MOV DWORD PTR SS:[EBP-37C],EAX
004197E1 |. 83BD 84FCFFFF CMP DWORD PTR SS:[EBP-37C],15
004197E8 |. 74 16
JE SHORT 00419800
004197EA |. 83BD 84FCFFFF CMP DWORD PTR SS:[EBP-37C],0F
004197F1 |. 75 3E
JNE SHORT 00419831
004197F3 |. FF15 54804400 CALL DWORD PTR DS:[<&KERNEL32.GetVersion
.GetVersion
004197F9 |. 25 00000040 AND EAX,40000000
004197FE |. 74 31
JE SHORT 00419831
00419800 |> 68 80924400 PUSH OFFSET 00449280
disk in drive"
00419805 |. 8B45 08
MOV EAX,DWORD PTR SS:[EBP+8]
00419808 |. 50
PUSH EAX
00419809 |. E8 5211FFFF CALL 0040A960
0041980E |. 83C4 08
ADD ESP,8
00419811 |. 8985 54FBFFFF MOV DWORD PTR SS:[EBP-4AC],EAX
00419817 |. 6A 0A
PUSH 0A
A
00419819 |. 8B8D 54FBFFFF MOV ECX,DWORD PTR SS:[EBP-4AC]
0041981F |. E8 9C5DFFFF CALL 0040F5C0
fo.0040F5C0
00419824 |. 8B8D 54FBFFFF MOV ECX,DWORD PTR SS:[EBP-4AC]
0041982A |. E8 915FFFFF CALL 0040F7C0
fo.0040F7C0
0041982F |. EB 3F
JMP SHORT 00419870
00419831 |> 68 68924400 PUSH OFFSET 00449268
SCII "Cannot get free space"
00419836 |. 8B8D 84FCFFFF MOV ECX,DWORD PTR SS:[EBP-37C]
0041983C |. 51
PUSH ECX
0041983D |. E8 1E6DFFFF CALL 00410560
fo.00410560
00419842 |. 83C4 08
ADD ESP,8
00419845 |. 50
PUSH EAX
00419846 |. 8B55 08
MOV EDX,DWORD PTR SS:[EBP+8]
00419849 |. 52
PUSH EDX
0041984A |. E8 1111FFFF CALL 0040A960
0041984F |. 83C4 08
ADD ESP,8
00419852 |. 8985 38FBFFFF MOV DWORD PTR SS:[EBP-4C8],EAX
00419858 |. 6A 0A
PUSH 0A
A
0041985A |. 8B8D 38FBFFFF MOV ECX,DWORD PTR SS:[EBP-4C8]
00419860 |. E8 5B5DFFFF CALL 0040F5C0
fo.0040F5C0
00419865 |. 8B8D 38FBFFFF MOV ECX,DWORD PTR SS:[EBP-4C8]
0041986B |. E8 505FFFFF CALL 0040F7C0

;
;
;
;

|Arg3
|Arg2
|Arg1
\SystemIn

; /Mode
; \KERNEL32

; [KERNEL32

; [KERNEL32

; ASCII "No

; /Arg1 = 0
; |
; \SystemIn
; [SystemIn
; /Arg2 = A
; |
; |Arg1
; \SystemIn

; /Arg1 = 0
; |
; \SystemIn
; [SystemIn

fo.0040F7C0
00419870 |>
00419875 |>
00419879 |.
0041987B |.
0041987D |.
00419884 |.
00419886 |>
ytes Free"
0041988B |.
0041988E |.
0041988F |.
00419892 |.
00419893 |.
bytes Total,
00419898 |.
0041989B |.
0041989C |.
0041989F |.
004198A0 |.
004198A3 |.
nfo.00422510
004198A8 |.
004198A9 |.
004198AE |.
004198B1 |.
004198B3 |.
fo.00422510
004198B8 |.
004198B9 |.
004198BE |.
004198C1 |.
004198C7 |.
A
004198C9 |.
004198CF |.
fo.0040F5C0
004198D4 |.
004198DA |.
fo.0040F7C0
004198DF |.
004198E1 |>
B Free"
004198E6 |.
004198E8 |.
00000
004198ED |.
004198F0 |.
004198F1 |.
004198F4 |.
004198F5 |.
fo.00432000
004198FA |.
004198FB |.
004198FC |.
MB Total, "
00419901 |.
0
00419903 |.
100000

E9 E1000000
837D D0 00
77 66
72 09
817D CC 00003
73 5B
68 5C924400

JMP 00419956
CMP DWORD PTR SS:[EBP-30],0
JA SHORT 004198E1
JB SHORT 00419886
CMP DWORD PTR SS:[EBP-34],300000
JNB SHORT 004198E1
PUSH OFFSET 0044925C

; ASCII " b

8B45 E0
50
8B4D DC
51
68 4C924400

MOV EAX,DWORD PTR SS:[EBP-20]


PUSH EAX
MOV ECX,DWORD PTR SS:[EBP-24]
PUSH ECX
PUSH OFFSET 0044924C

;
;
;
;

/Arg2
|
|Arg1
|ASCII "

8B55 D0
52
8B45 CC
50
8B4D 08
E8 688C0000

MOV EDX,DWORD PTR SS:[EBP-30]


PUSH EDX
MOV EAX,DWORD PTR SS:[EBP-34]
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP+8]
CALL 00422510

;
;
;
;
;
;

|
|/Arg2
||
||Arg1
||
|\SystemI

50
E8 B210FFFF
83C4 08
8BC8
E8 588C0000

PUSH EAX
CALL 0040A960
ADD ESP,8
MOV ECX,EAX
CALL 00422510

;
;
;
;
;

|
|
|
|
\SystemIn

50
E8 A210FFFF
83C4 08
8985 1CFBFFFF
6A 0A

PUSH EAX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[EBP-4E4],EAX
PUSH 0A

; /Arg1 = 0

8B8D 1CFBFFFF MOV ECX,DWORD PTR SS:[EBP-4E4]


E8 EC5CFFFF CALL 0040F5C0

; |
; \SystemIn

8B8D 1CFBFFFF MOV ECX,DWORD PTR SS:[EBP-4E4]


E8 E15EFFFF CALL 0040F7C0

; [SystemIn

EB 75
68 40924400

JMP SHORT 00419956


PUSH OFFSET 00449240

; ASCII " M

6A 00
68 00001000

PUSH 0
PUSH 100000

; /Arg4 = 0
; |Arg3 = 1

8B4D E0
51
8B55 DC
52
E8 06870100

MOV ECX,DWORD PTR SS:[EBP-20]


PUSH ECX
MOV EDX,DWORD PTR SS:[EBP-24]
PUSH EDX
CALL 00432000

;
;
;
;
;

52
50
68 34924400

PUSH EDX
PUSH EAX
PUSH OFFSET 00449234

; /Arg2
; |Arg1
; |ASCII "

6A 00

PUSH 0

; |/Arg4 =

68 00001000

PUSH 100000

; ||Arg3 =

"

|
|Arg2
|
|Arg1
\SystemIn

00419908 |.
0041990B |.
0041990C |.
0041990F |.
00419910 |.
nfo.00432000
00419915 |.
00419916 |.
00419917 |.
0041991A |.
nfo.00422510
0041991F |.
00419920 |.
00419925 |.
00419928 |.
0041992A |.
fo.00422510
0041992F |.
00419930 |.
00419935 |.
00419938 |.
0041993E |.
A
00419940 |.
00419946 |.
fo.0040F5C0
0041994B |.
00419951 |.
fo.0040F7C0
00419956 |>
0041995D |.
00419963 |.
fo.004279F0
00419968 |.
0041996E |.
00419974 |.
0041997A |.
00419980 |.
00419986 |.
0041998C |.
00419992 |.
00419993 |.
fo.0042DDC5
00419998 |.
0041999B |.^
004199A0 |>
004199A3 |.
004199AA |.
004199AB |.
004199AC |.
004199AF |.
004199B1 |.
004199B6 |.
004199B8 |.
004199B9 \.
004199BA
004199BC .
004199C0 .
004199C4 .
004199C8 .

8B45 D0
50
8B4D CC
51
E8 EB860100

MOV EAX,DWORD PTR SS:[EBP-30]


PUSH EAX
MOV ECX,DWORD PTR SS:[EBP-34]
PUSH ECX
CALL 00432000

;
;
;
;
;

||
||Arg2
||
||Arg1
|\SystemI

52
50
8B4D 08
E8 F18B0000

PUSH EDX
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP+8]
CALL 00422510

;
;
;
;

|/Arg2
||Arg1
||
|\SystemI

50
E8 3B10FFFF
83C4 08
8BC8
E8 E18B0000

PUSH EAX
CALL 0040A960
ADD ESP,8
MOV ECX,EAX
CALL 00422510

;
;
;
;
;

|
|
|
|
\SystemIn

50
E8 2B10FFFF
83C4 08
8985 00FBFFFF
6A 0A

PUSH EAX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[EBP-500],EAX
PUSH 0A

; /Arg1 = 0

8B8D 00FBFFFF MOV ECX,DWORD PTR SS:[EBP-500]


E8 755CFFFF CALL 0040F5C0

; |
; \SystemIn

8B8D 00FBFFFF MOV ECX,DWORD PTR SS:[EBP-500]


E8 6A5EFFFF CALL 0040F7C0

; [SystemIn

C745 FC FFFFF MOV DWORD PTR SS:[EBP-4],-1


8D8D E0FCFFFF LEA ECX,[EBP-320]
E8 88E00000 CALL 004279F0

; [SystemIn

8D95 E0FCFFFF
8995 ECFAFFFF
8B85 ECFAFFFF
C700 008A4400
8B8D ECFAFFFF
C701 F8894400
8B95 ECFAFFFF
52
E8 2D440100

LEA EDX,[EBP-320]
MOV DWORD PTR SS:[EBP-514],EDX
MOV EAX,DWORD PTR SS:[EBP-514]
MOV DWORD PTR DS:[EAX],OFFSET 00448A00
MOV ECX,DWORD PTR SS:[EBP-514]
MOV DWORD PTR DS:[ECX],OFFSET 004489F8
MOV EDX,DWORD PTR SS:[EBP-514]
PUSH EDX
CALL 0042DDC5

; /Arg1
; \SystemIn

83C4 04
E9 BAF8FFFF
8B4D F4
64:890D 00000
59
5E
8B4D B8
33CD
E8 3B4D0100
8BE5
5D
C3
8BFF
EF924100
08934100
21934100
37934100

ADD ESP,4
JMP 0041925A
MOV ECX,DWORD PTR SS:[EBP-0C]
MOV DWORD PTR FS:[0],ECX
POP ECX
POP ESI
MOV ECX,DWORD PTR SS:[EBP-48]
XOR ECX,EBP
CALL 0042E6F1
MOV ESP,EBP
POP EBP
RETN
MOV EDI,EDI
DD 004192EF
DD 00419308
DD 00419321
DD 00419337

004199CC . 4D934100
004199D0 . 63934100
004199D4 . 79934100
004199D8
CC
004199D9
CC
004199DA
CC
004199DB
CC
004199DC
CC
004199DD
CC
004199DE
CC
004199DF
CC
004199E0 /$ 55
o.004199E0(guessed Arg1)
004199E1 |. 8BEC
004199E3 |. 6A FF
004199E5 |. 68 AD5F4400
004199EA |. 64:A1 0000000
004199F0 |. 50
004199F1 |. 81EC 58060000
004199F7 |. A1 A0154500
004199FC |. 33C5
004199FE |. 8985 C4FEFFFF
00419A04 |. 50
00419A05 |. 8D45 F4
00419A08 |. 64:A3 0000000
00419A0E |. C785 0CFCFFFF
00419A18 |. FF15 A8804400
.GetProcessHeap
00419A1E |. 8945 E4
00419A21 |. A1 F8284500
00419A26 |. 83C0 01
00419A29 |. A3 F8284500
00419A2E |. C705 FC284500
00419A38 |. 68 77874400
ystemInfo.448777
00419A3D |. 8D8D A4FDFFFF
00419A43 |. E8 A851FFFF
fo.0040EBF0
00419A48 |. C745 FC 00000
00419A4F |. 8D8D A4FDFFFF
00419A55 |. 51
OFFSET LOCAL.151
00419A56 |. B9 0C294500
00419A5B |. E8 C0D6FEFF
fo.00407120
00419A60 |. 68 74874400
"
00419A65 |. 8B15 F8284500
00419A6B |. 52
[4528F8] = 0
00419A6C |. B9 08294500
00419A71 |. E8 EAC3FEFF
fo.00405E60
00419A76 |. 50
00419A77 |. E8 E40EFFFF
00419A7C |. 83C4 08
00419A7F |. 8D85 88FDFFFF
00419A85 |. 50
OFFSET LOCAL.158
00419A86 |. B9 08294500

DD 0041934D
DD 00419363
DD 00419379
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP

; SystemInf

MOV EBP,ESP
PUSH -1
PUSH 00445FAD
MOV EAX,DWORD PTR FS:[0]
PUSH EAX
SUB ESP,658
MOV EAX,DWORD PTR DS:[4515A0]
XOR EAX,EBP
MOV DWORD PTR SS:[LOCAL.79],EAX
PUSH EAX
LEA EAX,[LOCAL.3]
MOV DWORD PTR FS:[0],EAX
MOV DWORD PTR SS:[LOCAL.253],0
CALL DWORD PTR DS:[<&KERNEL32.GetProcess ; [KERNEL32
MOV DWORD PTR SS:[LOCAL.7],EAX
MOV EAX,DWORD PTR DS:[4528F8]
ADD EAX,1
MOV DWORD PTR DS:[4528F8],EAX
MOV DWORD PTR DS:[4528FC],0
PUSH OFFSET 00448777

; /Arg1 = S

LEA ECX,[LOCAL.151]
CALL 0040EBF0

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.1],0


LEA ECX,[LOCAL.151]
PUSH ECX

; /Arg1 =>

MOV ECX,OFFSET 0045290C


CALL 00407120

; |
; \SystemIn

PUSH OFFSET 00448774

; ASCII ".

MOV EDX,DWORD PTR DS:[4528F8]


PUSH EDX

; /Arg1 =>

MOV ECX,OFFSET 00452908


CALL 00405E60

; |
; \SystemIn

PUSH EAX
CALL 0040A960
ADD ESP,8
LEA EAX,[LOCAL.158]
PUSH EAX

; /Arg1 =>

MOV ECX,OFFSET 00452908

; |

00419A8B |. E8 D0C9FEFF
fo.00406460
00419A90 |. 8985 34FAFFFF
00419A96 |. 8B8D 34FAFFFF
00419A9C |. 898D 30FAFFFF
00419AA2 |. C645 FC 01
00419AA6 |. 837D 08 00
00419AAA |. 75 0C
00419AAC |. C785 ACFCFFFF
00419AB6 |. EB 11
00419AB8 |> 8B55 08
00419ABB |. 8B02
00419ABD |. 8B4D 08
00419AC0 |. 0348 04
00419AC3 |. 898D ACFCFFFF
00419AC9 |> 8B95 ACFCFFFF
00419ACF |. 8B42 10
00419AD2 |. 8985 B0FCFFFF
00419AD8 |. B9 C0010000
00419ADD |. F7D1
00419ADF |. 8B95 ACFCFFFF
00419AE5 |. 234A 10
00419AE8 |. B8 40000000
00419AED |. 25 C0010000
00419AF2 |. 25 FFFF0000
00419AF7 |. 0BC8
00419AF9 |. 8B95 ACFCFFFF
00419AFF |. 894A 10
00419B02 |. 6A 06
00419B04 |. 8D85 80FDFFFF
00419B0A |. 50
OFFSET LOCAL.160
00419B0B |. E8 883C0100
fo.0042D798
00419B10 |. 83C4 08
00419B13 |. 8985 A8FCFFFF
00419B19 |. 837D 08 00
00419B1D |. 75 0C
00419B1F |. C785 2CFAFFFF
00419B29 |. EB 11
00419B2B |> 8B4D 08
00419B2E |. 8B11
00419B30 |. 8B45 08
00419B33 |. 0342 04
00419B36 |. 8985 2CFAFFFF
00419B3C |> 8B8D A8FCFFFF
00419B42 |. 8B51 04
00419B45 |. 52
00419B46 |. 8B85 2CFAFFFF
00419B4C |. 50
00419B4D |. 8B8D A8FCFFFF
00419B53 |. 8B11
00419B55 |. FFD2
00419B57 |. 83C4 08
00419B5A |. 8B85 30FAFFFF
00419B60 |. 50
00419B61 |. 8B4D 08
00419B64 |. 51
00419B65 |. E8 F612FFFF
00419B6A |. 83C4 08

CALL 00406460

; \SystemIn

MOV DWORD PTR SS:[LOCAL.371],EAX


MOV ECX,DWORD PTR SS:[LOCAL.371]
MOV DWORD PTR SS:[LOCAL.372],ECX
MOV BYTE PTR SS:[LOCAL.1],1
CMP DWORD PTR SS:[ARG.1],0
JNE SHORT 00419AB8
MOV DWORD PTR SS:[LOCAL.213],0
JMP SHORT 00419AC9
MOV EDX,DWORD PTR SS:[ARG.1]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[ARG.1]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.213],ECX
MOV EDX,DWORD PTR SS:[LOCAL.213]
MOV EAX,DWORD PTR DS:[EDX+10]
MOV DWORD PTR SS:[LOCAL.212],EAX
MOV ECX,1C0
NOT ECX
MOV EDX,DWORD PTR SS:[LOCAL.213]
AND ECX,DWORD PTR DS:[EDX+10]
MOV EAX,40
AND EAX,000001C0
AND EAX,0000FFFF
OR ECX,EAX
MOV EDX,DWORD PTR SS:[LOCAL.213]
MOV DWORD PTR DS:[EDX+10],ECX
PUSH 6
LEA EAX,[LOCAL.160]
PUSH EAX

; /Arg2 = 6
; |
; |Arg1 =>

CALL 0042D798

; \SystemIn

ADD ESP,8
MOV DWORD PTR SS:[LOCAL.214],EAX
CMP DWORD PTR SS:[ARG.1],0
JNE SHORT 00419B2B
MOV DWORD PTR SS:[LOCAL.373],0
JMP SHORT 00419B3C
MOV ECX,DWORD PTR SS:[ARG.1]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[ARG.1]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.373],EAX
MOV ECX,DWORD PTR SS:[LOCAL.214]
MOV EDX,DWORD PTR DS:[ECX+4]
PUSH EDX
MOV EAX,DWORD PTR SS:[LOCAL.373]
PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.214]
MOV EDX,DWORD PTR DS:[ECX]
CALL EDX
ADD ESP,8
MOV EAX,DWORD PTR SS:[LOCAL.372]
PUSH EAX
MOV ECX,DWORD PTR SS:[ARG.1]
PUSH ECX
CALL 0040AE60
ADD ESP,8

00419B6D |.
00419B73 |.
00419B7A |.
00419B7C |.
00419B86 |.
00419B88 |>
00419B8E |.
00419B90 |.
00419B96 |.
00419B99 |.
00419B9F |>
00419BA5 |.
00419BA8 |.
00419BAE |.
00419BB3 |.
00419BB5 |.
00419BBB |.
00419BBE |.
00419BC3 |.
00419BC8 |.
00419BCD |.
00419BCF |.
00419BD5 |.
00419BD8 |.
INTERS"
00419BDD |.
00419BE3 |.
00419BE4 |.
00419BE9 |.
00419BEC |.
00419BF2 |.
A
00419BF4 |.
00419BFA |.
fo.0040F5C0
00419BFF |.
00419C05 |.
fo.0040F7C0
00419C0A |.
00419C0E |.
00419C10 |.
00419C12 |.
00419C18 |.
fo.0040FB60
00419C1D |.
00419C24 |.
00419C26 |.
00419C28 |.
00419C2E |.
fo.0040FB60
00419C33 |.
00419C36 |.
00419C37 |.
00419C3A |.
00419C3B |.
00419C3D |.
00419C3F |.
00419C41 |.
00419C43 |.
00419C45 |.

8985 9CFCFFFF
83BD 9CFCFFFF
75 0C
C785 A0FCFFFF
EB 17
8B95 9CFCFFFF
8B02
8B8D 9CFCFFFF
0348 04
898D A0FCFFFF
8B95 A0FCFFFF
8B42 10
8985 A4FCFFFF
B9 C0010000
F7D1
8B95 A0FCFFFF
234A 10
B8 80000000
25 C0010000
25 FFFF0000
0BC8
8B95 A0FCFFFF
894A 10
68 B4954400

MOV DWORD PTR SS:[LOCAL.217],EAX


CMP DWORD PTR SS:[LOCAL.217],0
JNE SHORT 00419B88
MOV DWORD PTR SS:[LOCAL.216],0
JMP SHORT 00419B9F
MOV EDX,DWORD PTR SS:[LOCAL.217]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[LOCAL.217]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.216],ECX
MOV EDX,DWORD PTR SS:[LOCAL.216]
MOV EAX,DWORD PTR DS:[EDX+10]
MOV DWORD PTR SS:[LOCAL.215],EAX
MOV ECX,1C0
NOT ECX
MOV EDX,DWORD PTR SS:[LOCAL.216]
AND ECX,DWORD PTR DS:[EDX+10]
MOV EAX,80
AND EAX,000001C0
AND EAX,0000FFFF
OR ECX,EAX
MOV EDX,DWORD PTR SS:[LOCAL.216]
MOV DWORD PTR DS:[EDX+10],ECX
PUSH OFFSET 004495B4

; ASCII "PR

8B85 9CFCFFFF
50
E8 770DFFFF
83C4 08
8985 8CFCFFFF
6A 0A

MOV EAX,DWORD PTR SS:[LOCAL.217]


PUSH EAX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[LOCAL.221],EAX
PUSH 0A

; /Arg1 = 0

8B8D 8CFCFFFF MOV ECX,DWORD PTR SS:[LOCAL.221]


E8 C159FFFF CALL 0040F5C0

; |
; \SystemIn

8B8D 8CFCFFFF MOV ECX,DWORD PTR SS:[LOCAL.221]


E8 B65BFFFF CALL 0040F7C0

; [SystemIn

C645 FC 00
6A 00
6A 01
8D8D 88FDFFFF
E8 435FFFFF

MOV BYTE PTR SS:[LOCAL.1],0


PUSH 0
PUSH 1
LEA ECX,[LOCAL.158]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

C745 FC FFFFF
6A 00
6A 01
8D8D A4FDFFFF
E8 2D5FFFFF

MOV DWORD PTR SS:[LOCAL.1],-1


PUSH 0
PUSH 1
LEA ECX,[LOCAL.151]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

8D4D E0
51
8D55 F0
52
6A 00
6A 00
6A 02
6A 00
6A 06
E8 383B0100

LEA ECX,[LOCAL.8]
PUSH ECX
LEA EDX,[LOCAL.4]
PUSH EDX
PUSH 0
PUSH 0
PUSH 2
PUSH 0
PUSH 6
CALL <JMP.&WINSPOOL_DRV.EnumPrintersA>

; Jump to W

INSPOOL_DRV.EnumPrintersA
00419C4A |. 8B45 F0
MOV EAX,DWORD PTR SS:[LOCAL.4]
00419C4D |. 8945 EC
MOV DWORD PTR SS:[LOCAL.5],EAX
00419C50 |. 8B4D F0
MOV ECX,DWORD PTR SS:[LOCAL.4]
00419C53 |. 51
PUSH ECX
[LOCAL.4]
00419C54 |. 6A 00
PUSH 0
0
00419C56 |. 8B55 E4
MOV EDX,DWORD PTR SS:[LOCAL.7]
00419C59 |. 52
PUSH EDX
[LOCAL.7]
00419C5A |. FF15 A4804400 CALL DWORD PTR DS:[<&KERNEL32.HeapAlloc>
lAllocateHeap
00419C60 |. 8945 E8
MOV DWORD PTR SS:[LOCAL.6],EAX
00419C63 |. 837D E8 00
CMP DWORD PTR SS:[LOCAL.6],0
00419C67 |. 0F85 9A000000 JNE 00419D07
00419C6D |. 6A 06
PUSH 6
00419C6F |. 8D85 78FDFFFF LEA EAX,[LOCAL.162]
00419C75 |. 50
PUSH EAX
OFFSET LOCAL.162
00419C76 |. E8 1D3B0100 CALL 0042D798
fo.0042D798
00419C7B |. 83C4 08
ADD ESP,8
00419C7E |. 8985 68FCFFFF MOV DWORD PTR SS:[LOCAL.230],EAX
00419C84 |. 837D 08 00
CMP DWORD PTR SS:[ARG.1],0
00419C88 |. 75 0C
JNE SHORT 00419C96
00419C8A |. C785 28FAFFFF MOV DWORD PTR SS:[LOCAL.374],0
00419C94 |. EB 11
JMP SHORT 00419CA7
00419C96 |> 8B4D 08
MOV ECX,DWORD PTR SS:[ARG.1]
00419C99 |. 8B11
MOV EDX,DWORD PTR DS:[ECX]
00419C9B |. 8B45 08
MOV EAX,DWORD PTR SS:[ARG.1]
00419C9E |. 0342 04
ADD EAX,DWORD PTR DS:[EDX+4]
00419CA1 |. 8985 28FAFFFF MOV DWORD PTR SS:[LOCAL.374],EAX
00419CA7 |> 8B8D 68FCFFFF MOV ECX,DWORD PTR SS:[LOCAL.230]
00419CAD |. 8B51 04
MOV EDX,DWORD PTR DS:[ECX+4]
00419CB0 |. 52
PUSH EDX
00419CB1 |. 8B85 28FAFFFF MOV EAX,DWORD PTR SS:[LOCAL.374]
00419CB7 |. 50
PUSH EAX
00419CB8 |. 8B8D 68FCFFFF MOV ECX,DWORD PTR SS:[LOCAL.230]
00419CBE |. 8B11
MOV EDX,DWORD PTR DS:[ECX]
00419CC0 |. FFD2
CALL EDX
00419CC2 |. 83C4 08
ADD ESP,8
00419CC5 |. 68 88954400 PUSH OFFSET 00449588
nnot enumerate printers (out of memory)"
00419CCA |. 68 77874400 PUSH OFFSET 00448777
00419CCF |. 8B45 08
MOV EAX,DWORD PTR SS:[ARG.1]
00419CD2 |. 50
PUSH EAX
00419CD3 |. E8 880CFFFF CALL 0040A960
00419CD8 |. 83C4 08
ADD ESP,8
00419CDB |. 50
PUSH EAX
00419CDC |. E8 7F0CFFFF CALL 0040A960
00419CE1 |. 83C4 08
ADD ESP,8
00419CE4 |. 8985 58FCFFFF MOV DWORD PTR SS:[LOCAL.234],EAX
00419CEA |. 6A 0A
PUSH 0A
A
00419CEC |. 8B8D 58FCFFFF MOV ECX,DWORD PTR SS:[LOCAL.234]
00419CF2 |. E8 C958FFFF CALL 0040F5C0
fo.0040F5C0
00419CF7 |. 8B8D 58FCFFFF MOV ECX,DWORD PTR SS:[LOCAL.234]
00419CFD |. E8 BE5AFFFF CALL 0040F7C0

; /Size =>
; |Flags =
; |
; |Heap =>
; \NTDLL.Rt

; /Arg2 = 6
; |
; |Arg1 =>
; \SystemIn

; ASCII "Ca

; /Arg1 = 0
; |
; \SystemIn
; [SystemIn

fo.0040F7C0
00419D02 |. E9 53110000 JMP 0041AE5A
00419D07 |> 8D4D E0
/LEA ECX,[EBP-20]
00419D0A |. 51
|PUSH ECX
00419D0B |. 8D55 F0
|LEA EDX,[EBP-10]
00419D0E |. 52
|PUSH EDX
00419D0F |. 8B45 EC
|MOV EAX,DWORD PTR SS:[EBP-14]
00419D12 |. 50
|PUSH EAX
00419D13 |. 8B4D E8
|MOV ECX,DWORD PTR SS:[EBP-18]
00419D16 |. 51
|PUSH ECX
00419D17 |. 6A 02
|PUSH 2
00419D19 |. 6A 00
|PUSH 0
00419D1B |. 6A 06
|PUSH 6
00419D1D |. E8 603A0100 |CALL <JMP.&WINSPOOL_DRV.EnumPrintersA>
INSPOOL_DRV.EnumPrintersA
00419D22 |. 85C0
|TEST EAX,EAX
00419D24 |. 0F85 85010000 |JNE 00419EAF
00419D2A |. 8B55 F0
|MOV EDX,DWORD PTR SS:[EBP-10]
00419D2D |. 3B55 EC
|CMP EDX,DWORD PTR SS:[EBP-14]
00419D30 |. 0F87 B3000000 |JA 00419DE9
00419D36 |. 6A 06
|PUSH 6
00419D38 |. 8D85 70FDFFFF |LEA EAX,[EBP-290]
00419D3E |. 50
|PUSH EAX
00419D3F |. E8 543A0100 |CALL 0042D798
fo.0042D798
00419D44 |. 83C4 08
|ADD ESP,8
00419D47 |. 8985 54FCFFFF |MOV DWORD PTR SS:[EBP-3AC],EAX
00419D4D |. 837D 08 00
|CMP DWORD PTR SS:[EBP+8],0
00419D51 |. 75 0C
|JNE SHORT 00419D5F
00419D53 |. C785 24FAFFFF |MOV DWORD PTR SS:[EBP-5DC],0
00419D5D |. EB 11
|JMP SHORT 00419D70
00419D5F |> 8B4D 08
|MOV ECX,DWORD PTR SS:[EBP+8]
00419D62 |. 8B11
|MOV EDX,DWORD PTR DS:[ECX]
00419D64 |. 8B45 08
|MOV EAX,DWORD PTR SS:[EBP+8]
00419D67 |. 0342 04
|ADD EAX,DWORD PTR DS:[EDX+4]
00419D6A |. 8985 24FAFFFF |MOV DWORD PTR SS:[EBP-5DC],EAX
00419D70 |> 8B8D 54FCFFFF |MOV ECX,DWORD PTR SS:[EBP-3AC]
00419D76 |. 8B51 04
|MOV EDX,DWORD PTR DS:[ECX+4]
00419D79 |. 52
|PUSH EDX
00419D7A |. 8B85 24FAFFFF |MOV EAX,DWORD PTR SS:[EBP-5DC]
00419D80 |. 50
|PUSH EAX
00419D81 |. 8B8D 54FCFFFF |MOV ECX,DWORD PTR SS:[EBP-3AC]
00419D87 |. 8B11
|MOV EDX,DWORD PTR DS:[ECX]
00419D89 |. FFD2
|CALL EDX
00419D8B |. 83C4 08
|ADD ESP,8
00419D8E |. 68 6C954400 |PUSH OFFSET 0044956C
SCII "Cannot enumerate printers"
00419D93 |. E8 B868FFFF |CALL 00410650
fo.00410650
00419D98 |. 83C4 04
|ADD ESP,4
00419D9B |. 50
|PUSH EAX
00419D9C |. 68 77874400 |PUSH OFFSET 00448777
00419DA1 |. 8B45 08
|MOV EAX,DWORD PTR SS:[EBP+8]
00419DA4 |. 50
|PUSH EAX
00419DA5 |. E8 B60BFFFF |CALL 0040A960
00419DAA |. 83C4 08
|ADD ESP,8
00419DAD |. 50
|PUSH EAX
00419DAE |. E8 AD0BFFFF |CALL 0040A960
00419DB3 |. 83C4 08
|ADD ESP,8
00419DB6 |. 8985 44FCFFFF |MOV DWORD PTR SS:[EBP-3BC],EAX

; Jump to W

;
;
;
;

/Arg2 = 6
|
|Arg1
\SystemIn

; /Arg1 = A
; \SystemIn

00419DBC |. 6A 0A
|PUSH 0A
A
00419DBE |. 8B8D 44FCFFFF |MOV ECX,DWORD PTR SS:[EBP-3BC]
00419DC4 |. E8 F757FFFF |CALL 0040F5C0
fo.0040F5C0
00419DC9 |. 8B8D 44FCFFFF |MOV ECX,DWORD PTR SS:[EBP-3BC]
00419DCF |. E8 EC59FFFF |CALL 0040F7C0
fo.0040F7C0
00419DD4 |. 8B4D E8
|MOV ECX,DWORD PTR SS:[EBP-18]
00419DD7 |. 51
|PUSH ECX
00419DD8 |. 6A 00
|PUSH 0
0
00419DDA |. 8B55 E4
|MOV EDX,DWORD PTR SS:[EBP-1C]
00419DDD |. 52
|PUSH EDX
00419DDE |. FF15 A0804400 |CALL DWORD PTR DS:[<&KERNEL32.HeapFree>
.HeapFree
00419DE4 |. E9 71100000 |JMP 0041AE5A
00419DE9 |> 8B45 F0
|MOV EAX,DWORD PTR SS:[EBP-10]
00419DEC |. 8945 EC
|MOV DWORD PTR SS:[EBP-14],EAX
00419DEF |. 8B4D F0
|MOV ECX,DWORD PTR SS:[EBP-10]
00419DF2 |. 51
|PUSH ECX
00419DF3 |. 8B55 E8
|MOV EDX,DWORD PTR SS:[EBP-18]
00419DF6 |. 52
|PUSH EDX
00419DF7 |. 6A 00
|PUSH 0
0
00419DF9 |. 8B45 E4
|MOV EAX,DWORD PTR SS:[EBP-1C]
00419DFC |. 50
|PUSH EAX
00419DFD |. FF15 9C804400 |CALL DWORD PTR DS:[<&KERNEL32.HeapReAll
lReAllocateHeap
00419E03 |. 8945 E8
|MOV DWORD PTR SS:[EBP-18],EAX
00419E06 |. 837D E8 00
|CMP DWORD PTR SS:[EBP-18],0
00419E0A |.^ 0F85 9A000000 |JNE 00419EAA
00419E10 |. 6A 06
|PUSH 6
00419E12 |. 8D8D 68FDFFFF |LEA ECX,[EBP-298]
00419E18 |. 51
|PUSH ECX
00419E19 |. E8 7A390100 |CALL 0042D798
fo.0042D798
00419E1E |. 83C4 08
|ADD ESP,8
00419E21 |. 8985 40FCFFFF |MOV DWORD PTR SS:[EBP-3C0],EAX
00419E27 |. 837D 08 00
|CMP DWORD PTR SS:[EBP+8],0
00419E2B |. 75 0C
|JNE SHORT 00419E39
00419E2D |. C785 20FAFFFF |MOV DWORD PTR SS:[EBP-5E0],0
00419E37 |. EB 11
|JMP SHORT 00419E4A
00419E39 |> 8B55 08
|MOV EDX,DWORD PTR SS:[EBP+8]
00419E3C |. 8B02
|MOV EAX,DWORD PTR DS:[EDX]
00419E3E |. 8B4D 08
|MOV ECX,DWORD PTR SS:[EBP+8]
00419E41 |. 0348 04
|ADD ECX,DWORD PTR DS:[EAX+4]
00419E44 |. 898D 20FAFFFF |MOV DWORD PTR SS:[EBP-5E0],ECX
00419E4A |> 8B95 40FCFFFF |MOV EDX,DWORD PTR SS:[EBP-3C0]
00419E50 |. 8B42 04
|MOV EAX,DWORD PTR DS:[EDX+4]
00419E53 |. 50
|PUSH EAX
00419E54 |. 8B8D 20FAFFFF |MOV ECX,DWORD PTR SS:[EBP-5E0]
00419E5A |. 51
|PUSH ECX
00419E5B |. 8B95 40FCFFFF |MOV EDX,DWORD PTR SS:[EBP-3C0]
00419E61 |. 8B02
|MOV EAX,DWORD PTR DS:[EDX]
00419E63 |. FFD0
|CALL EAX
00419E65 |. 83C4 08
|ADD ESP,8
00419E68 |. 68 88954400 |PUSH OFFSET 00449588
nnot enumerate printers (out of memory)"
00419E6D |. 68 77874400 |PUSH OFFSET 00448777

; /Arg1 = 0
; |
; \SystemIn
; [SystemIn
; /pMem
; |Flags =
; |
; |Heap
; \KERNEL32

;
;
;
;

/Size
|
|pMem
|Flags =

; |
; |Heap
; \NTDLL.Rt

;
;
;
;

/Arg2 = 6
|
|Arg1
\SystemIn

; ASCII "Ca

00419E72 |. 8B4D 08
00419E75 |. 51
00419E76 |. E8 E50AFFFF
00419E7B |. 83C4 08
00419E7E |. 50
00419E7F |. E8 DC0AFFFF
00419E84 |. 83C4 08
00419E87 |. 8985 30FCFFFF
00419E8D |. 6A 0A
A
00419E8F |. 8B8D 30FCFFFF
00419E95 |. E8 2657FFFF
fo.0040F5C0
00419E9A |. 8B8D 30FCFFFF
00419EA0 |. E8 1B59FFFF
fo.0040F7C0
00419EA5 |. E9 B00F0000
00419EAA |>^ E9 58FEFFFF
00419EAF |> C745 DC 00000
00419EB6 |. EB 09
00419EB8 |> 8B55 DC
00419EBB |. 83C2 01
00419EBE |. 8955 DC
00419EC1 |> 8B45 DC
00419EC4 |. 3B45 E0
00419EC7 |. 0F83 7D0F0000
00419ECD |. FF15 54804400
.GetVersion
00419ED3 |. 3D 00000080
00419ED8 |. 0F83 D3000000
00419EDE |. 68 60854400
ystemInfo.448560
00419EE3 |. E8 98430100
fo.0042E280
00419EE8 |. 83C4 04
00419EEB |. 8985 20FCFFFF
00419EF1 |. 8B4D DC
00419EF4 |. 6BC9 54
00419EF7 |. 8B55 E8
00419EFA |. 8B440A 04
00419EFE |. 8985 24FCFFFF
00419F04 |. C785 2CFCFFFF
00419F0E |. EB 21
00419F10 |> E8 5F520100
00419F15 |. 50
00419F16 |. 8B8D 24FCFFFF
00419F1C |. 51
00419F1D |. E8 894E0100
fo.0042EDAB
00419F22 |. 83C4 08
00419F25 |. 0385 24FCFFFF
00419F2B |. 8985 24FCFFFF
00419F31 |> 8B95 20FCFFFF
00419F37 |. 52
00419F38 |. 68 60854400
00419F3D |. 8B85 24FCFFFF
00419F43 |. 50
00419F44 |. E8 A7840000
00419F49 |. 83C4 0C
00419F4C |. 8985 24FCFFFF

|MOV ECX,DWORD PTR SS:[EBP+8]


|PUSH ECX
|CALL 0040A960
|ADD ESP,8
|PUSH EAX
|CALL 0040A960
|ADD ESP,8
|MOV DWORD PTR SS:[EBP-3D0],EAX
|PUSH 0A

; /Arg1 = 0

|MOV ECX,DWORD PTR SS:[EBP-3D0]


|CALL 0040F5C0

; |
; \SystemIn

|MOV ECX,DWORD PTR SS:[EBP-3D0]


|CALL 0040F7C0

; [SystemIn

|JMP 0041AE5A
\JMP 00419D07
MOV DWORD PTR SS:[EBP-24],0
JMP SHORT 00419EC1
MOV EDX,DWORD PTR SS:[EBP-24]
ADD EDX,1
MOV DWORD PTR SS:[EBP-24],EDX
MOV EAX,DWORD PTR SS:[EBP-24]
CMP EAX,DWORD PTR SS:[EBP-20]
JNB 0041AE4A
CALL DWORD PTR DS:[<&KERNEL32.GetVersion ; [KERNEL32
CMP EAX,80000000
JNB 00419FB1
PUSH OFFSET 00448560

; /Arg1 = S

CALL 0042E280

; \SystemIn

ADD ESP,4
MOV DWORD PTR SS:[EBP-3E0],EAX
MOV ECX,DWORD PTR SS:[EBP-24]
IMUL ECX,ECX,54
MOV EDX,DWORD PTR SS:[EBP-18]
MOV EAX,DWORD PTR DS:[ECX+EDX+4]
MOV DWORD PTR SS:[EBP-3DC],EAX
MOV DWORD PTR SS:[EBP-3D4],0
JMP SHORT 00419F31
/CALL 0042F174
|PUSH EAX
|MOV ECX,DWORD PTR SS:[EBP-3DC]
|PUSH ECX
|CALL 0042EDAB

;
;
;
;

|ADD ESP,8
|ADD EAX,DWORD PTR SS:[EBP-3DC]
|MOV DWORD PTR SS:[EBP-3DC],EAX
|MOV EDX,DWORD PTR SS:[EBP-3E0]
|PUSH EDX
|PUSH OFFSET 00448560
|MOV EAX,DWORD PTR SS:[EBP-3DC]
|PUSH EAX
|CALL 004223F0
|ADD ESP,0C
|MOV DWORD PTR SS:[EBP-3DC],EAX

/Arg2
|
|Arg1
\SystemIn

00419F52 |. 83BD 24FCFFFF


00419F59 |. 74 0E
00419F5B |. 8B8D 24FCFFFF
00419F61 |. 898D 2CFCFFFF
00419F67 |.^ EB A7
00419F69 |> 8B95 2CFCFFFF
00419F6F |. 8995 D8FEFFFF
00419F75 |. 83BD D8FEFFFF
00419F7C |. 75 15
00419F7E |. 8B45 DC
00419F81 |. 6BC0 54
00419F84 |. 8B4D E8
00419F87 |. 8B5401 04
00419F8B |. 8995 D8FEFFFF
00419F91 |. EB 19
00419F93 |> 68 60854400
ystemInfo.448560
00419F98 |. E8 E3420100
fo.0042E280
00419F9D |. 83C4 04
00419FA0 |. 0385 D8FEFFFF
00419FA6 |. 8985 D8FEFFFF
00419FAC |> E9 D7000000
00419FB1 |> 68 60854400
ystemInfo.448560
00419FB6 |. E8 C5420100
fo.0042E280
00419FBB |. 83C4 04
00419FBE |. 8985 10FCFFFF
00419FC4 |. 8B45 DC
00419FC7 |. 6BC0 54
00419FCA |. 8B4D E8
00419FCD |. 8B5401 0C
00419FD1 |. 8995 14FCFFFF
00419FD7 |. C785 1CFCFFFF
00419FE1 |. EB 21
00419FE3 |> E8 8C510100
00419FE8 |. 50
00419FE9 |. 8B85 14FCFFFF
00419FEF |. 50
00419FF0 |. E8 B64D0100
fo.0042EDAB
00419FF5 |. 83C4 08
00419FF8 |. 0385 14FCFFFF
00419FFE |. 8985 14FCFFFF
0041A004 |> 8B8D 10FCFFFF
0041A00A |. 51
0041A00B |. 68 60854400
0041A010 |. 8B95 14FCFFFF
0041A016 |. 52
0041A017 |. E8 D4830000
0041A01C |. 83C4 0C
0041A01F |. 8985 14FCFFFF
0041A025 |. 83BD 14FCFFFF
0041A02C |. 74 0E
0041A02E |. 8B85 14FCFFFF
0041A034 |. 8985 1CFCFFFF
0041A03A |.^ EB A7
0041A03C |> 8B8D 1CFCFFFF
0041A042 |. 898D D8FEFFFF

|CMP DWORD PTR SS:[EBP-3DC],0


|JE SHORT 00419F69
|MOV ECX,DWORD PTR SS:[EBP-3DC]
|MOV DWORD PTR SS:[EBP-3D4],ECX
\JMP SHORT 00419F10
MOV EDX,DWORD PTR SS:[EBP-3D4]
MOV DWORD PTR SS:[EBP-128],EDX
CMP DWORD PTR SS:[EBP-128],0
JNE SHORT 00419F93
MOV EAX,DWORD PTR SS:[EBP-24]
IMUL EAX,EAX,54
MOV ECX,DWORD PTR SS:[EBP-18]
MOV EDX,DWORD PTR DS:[EAX+ECX+4]
MOV DWORD PTR SS:[EBP-128],EDX
JMP SHORT 00419FAC
PUSH OFFSET 00448560

; /Arg1 = S

CALL 0042E280

; \SystemIn

ADD ESP,4
ADD EAX,DWORD PTR SS:[EBP-128]
MOV DWORD PTR SS:[EBP-128],EAX
JMP 0041A088
PUSH OFFSET 00448560

; /Arg1 = S

CALL 0042E280

; \SystemIn

ADD ESP,4
MOV DWORD PTR SS:[EBP-3F0],EAX
MOV EAX,DWORD PTR SS:[EBP-24]
IMUL EAX,EAX,54
MOV ECX,DWORD PTR SS:[EBP-18]
MOV EDX,DWORD PTR DS:[EAX+ECX+0C]
MOV DWORD PTR SS:[EBP-3EC],EDX
MOV DWORD PTR SS:[EBP-3E4],0
JMP SHORT 0041A004
/CALL 0042F174
|PUSH EAX
|MOV EAX,DWORD PTR SS:[EBP-3EC]
|PUSH EAX
|CALL 0042EDAB

;
;
;
;

|ADD ESP,8
|ADD EAX,DWORD PTR SS:[EBP-3EC]
|MOV DWORD PTR SS:[EBP-3EC],EAX
|MOV ECX,DWORD PTR SS:[EBP-3F0]
|PUSH ECX
|PUSH OFFSET 00448560
|MOV EDX,DWORD PTR SS:[EBP-3EC]
|PUSH EDX
|CALL 004223F0
|ADD ESP,0C
|MOV DWORD PTR SS:[EBP-3EC],EAX
|CMP DWORD PTR SS:[EBP-3EC],0
|JE SHORT 0041A03C
|MOV EAX,DWORD PTR SS:[EBP-3EC]
|MOV DWORD PTR SS:[EBP-3E4],EAX
\JMP SHORT 00419FE3
MOV ECX,DWORD PTR SS:[EBP-3E4]
MOV DWORD PTR SS:[EBP-128],ECX

/Arg2
|
|Arg1
\SystemIn

0041A048 |. 83BD D8FEFFFF


0041A04F |. 75 15
0041A051 |. 8B55 DC
0041A054 |. 6BD2 54
0041A057 |. 8B45 E8
0041A05A |. 8B4C10 0C
0041A05E |. 898D D8FEFFFF
0041A064 |. EB 22
0041A066 |> 8B95 D8FEFFFF
0041A06C |. C602 00
0041A06F |. 68 60854400
ystemInfo.448560
0041A074 |. E8 07420100
fo.0042E280
0041A079 |. 83C4 04
0041A07C |. 0385 D8FEFFFF
0041A082 |. 8985 D8FEFFFF
0041A088 |> 6A 01
0041A08A |. 6A 02
0041A08C |. 8D8D DCFEFFFF
0041A092 |. E8 49870000
fo.004227E0
0041A097 |. C745 FC 02000
0041A09E |. 68 64954400
n "
0041A0A3 |. 8B85 D8FEFFFF
0041A0A9 |. 50
0041A0AA |. 8D8D DCFEFFFF
0041A0B0 |. 51
0041A0B1 |. E8 AA08FFFF
0041A0B6 |. 83C4 08
0041A0B9 |. 50
0041A0BA |. E8 A108FFFF
0041A0BF |. 83C4 08
0041A0C2 |. 8B55 DC
0041A0C5 |. 6BD2 54
0041A0C8 |. 8B45 E8
0041A0CB |. 833C10 00
0041A0CF |. 74 1E
0041A0D1 |. 8B4D DC
0041A0D4 |. 6BC9 54
0041A0D7 |. 8B55 E8
0041A0DA |. 8B040A
0041A0DD |. 50
0041A0DE |. 8D8D DCFEFFFF
0041A0E4 |. 51
0041A0E5 |. E8 7608FFFF
0041A0EA |. 83C4 08
0041A0ED |. EB 43
0041A0EF |> 8B55 DC
0041A0F2 |. 6BD2 54
0041A0F5 |. 8B45 E8
0041A0F8 |. 837C10 0C 00
0041A0FD |. 74 1F
0041A0FF |. 8B4D DC
0041A102 |. 6BC9 54
0041A105 |. 8B55 E8
0041A108 |. 8B440A 0C
0041A10C |. 50
0041A10D |. 8D8D DCFEFFFF

CMP DWORD PTR SS:[EBP-128],0


JNE SHORT 0041A066
MOV EDX,DWORD PTR SS:[EBP-24]
IMUL EDX,EDX,54
MOV EAX,DWORD PTR SS:[EBP-18]
MOV ECX,DWORD PTR DS:[EDX+EAX+0C]
MOV DWORD PTR SS:[EBP-128],ECX
JMP SHORT 0041A088
MOV EDX,DWORD PTR SS:[EBP-128]
MOV BYTE PTR DS:[EDX],0
PUSH OFFSET 00448560

; /Arg1 = S

CALL 0042E280

; \SystemIn

ADD ESP,4
ADD EAX,DWORD PTR SS:[EBP-128]
MOV DWORD PTR SS:[EBP-128],EAX
PUSH 1
PUSH 2
LEA ECX,[EBP-124]
CALL 004227E0

;
;
;
;

MOV DWORD PTR SS:[EBP-4],2


PUSH OFFSET 00449564

; ASCII " o

MOV EAX,DWORD PTR SS:[EBP-128]


PUSH EAX
LEA ECX,[EBP-124]
PUSH ECX
CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
MOV EDX,DWORD PTR SS:[EBP-24]
IMUL EDX,EDX,54
MOV EAX,DWORD PTR SS:[EBP-18]
CMP DWORD PTR DS:[EDX+EAX],0
JE SHORT 0041A0EF
MOV ECX,DWORD PTR SS:[EBP-24]
IMUL ECX,ECX,54
MOV EDX,DWORD PTR SS:[EBP-18]
MOV EAX,DWORD PTR DS:[ECX+EDX]
PUSH EAX
LEA ECX,[EBP-124]
PUSH ECX
CALL 0040A960
ADD ESP,8
JMP SHORT 0041A132
MOV EDX,DWORD PTR SS:[EBP-24]
IMUL EDX,EDX,54
MOV EAX,DWORD PTR SS:[EBP-18]
CMP DWORD PTR DS:[EDX+EAX+0C],0
JE SHORT 0041A11E
MOV ECX,DWORD PTR SS:[EBP-24]
IMUL ECX,ECX,54
MOV EDX,DWORD PTR SS:[EBP-18]
MOV EAX,DWORD PTR DS:[ECX+EDX+0C]
PUSH EAX
LEA ECX,[EBP-124]

/Arg2 = 1
|Arg1 = 2
|
\SystemIn

0041A113 |. 51
0041A114 |. E8 4708FFFF
0041A119 |. 83C4 08
0041A11C |. EB 14
0041A11E |> 68 50954400
known connection"
0041A123 |. 8D95 DCFEFFFF
0041A129 |. 52
0041A12A |. E8 3108FFFF
0041A12F |. 83C4 08
0041A132 |> FF15 54804400
.GetVersion
0041A138 |. 3D 00000080
0041A13D |. 0F83 A2010000
0041A143 |. 833D A0114500
0041A14A |. 0F85 1B010000
0041A150 |. 833D 94114500
0041A157 |. 0F82 0E010000
0041A15D |. C785 D4FEFFFF
0041A167 |. 68 40954400
= "winspool.drv"
0041A16C |. FF15 24814400
.LoadLibraryA
0041A172 |. 8985 D4FEFFFF
0041A178 |. 83BD D4FEFFFF
0041A17F |. 0F84 E4000000
0041A185 |. C785 D0FEFFFF
0041A18F |. 68 2C954400
= "GetDefaultPrinterA"
0041A194 |. 8B85 D4FEFFFF
0041A19A |. 50
0041A19B |. FF15 7C804400
.GetProcAddress
0041A1A1 |. 8985 D0FEFFFF
0041A1A7 |. 83BD D0FEFFFF
0041A1AE |. 0F84 A8000000
0041A1B4 |. 8B4D DC
0041A1B7 |. 6BC9 54
0041A1BA |. 8B55 E8
0041A1BD |. 8B440A 04
0041A1C1 |. 50
0041A1C2 |. E8 0907FFFF
fo.0040A8D0
0041A1C7 |. 83C4 04
0041A1CA |. 83C0 01
0041A1CD |. 8985 CCFEFFFF
0041A1D3 |. 8B8D CCFEFFFF
0041A1D9 |. 51
0041A1DA |. E8 6D360100
fo.0042D84C
0041A1DF |. 83C4 04
0041A1E2 |. 8985 64FDFFFF
0041A1E8 |. 8B95 64FDFFFF
0041A1EE |. 8995 C8FEFFFF
0041A1F4 |. 8D85 CCFEFFFF
0041A1FA |. 50
0041A1FB |. 8B8D C8FEFFFF
0041A201 |. 51
0041A202 |. FF95 D0FEFFFF
0041A208 |. 85C0

PUSH ECX
CALL 0040A960
ADD ESP,8
JMP SHORT 0041A132
PUSH OFFSET 00449550

; ASCII "un

LEA EDX,[EBP-124]
PUSH EDX
CALL 0040A960
ADD ESP,8
CALL DWORD PTR DS:[<&KERNEL32.GetVersion ; [KERNEL32
CMP EAX,80000000
JNB 0041A2E5
CMP DWORD PTR DS:[4511A0],2
JNE 0041A26B
CMP DWORD PTR DS:[451194],5
JB 0041A26B
MOV DWORD PTR SS:[EBP-12C],0
PUSH OFFSET 00449540

; /FileName

CALL DWORD PTR DS:[<&KERNEL32.LoadLibrar ; \KERNEL32


MOV DWORD PTR SS:[EBP-12C],EAX
CMP DWORD PTR SS:[EBP-12C],0
JE 0041A269
MOV DWORD PTR SS:[EBP-130],0
PUSH OFFSET 0044952C

; /Procname

MOV EAX,DWORD PTR SS:[EBP-12C]


; |
PUSH EAX
; |hModule
CALL DWORD PTR DS:[<&KERNEL32.GetProcAdd ; \KERNEL32
MOV DWORD PTR SS:[EBP-130],EAX
CMP DWORD PTR SS:[EBP-130],0
JE 0041A25C
MOV ECX,DWORD PTR SS:[EBP-24]
IMUL ECX,ECX,54
MOV EDX,DWORD PTR SS:[EBP-18]
MOV EAX,DWORD PTR DS:[ECX+EDX+4]
PUSH EAX
CALL 0040A8D0

; /Arg1
; \SystemIn

ADD ESP,4
ADD EAX,1
MOV DWORD PTR SS:[EBP-134],EAX
MOV ECX,DWORD PTR SS:[EBP-134]
PUSH ECX
CALL 0042D84C

; /Arg1
; \SystemIn

ADD ESP,4
MOV DWORD PTR SS:[EBP-29C],EAX
MOV EDX,DWORD PTR SS:[EBP-29C]
MOV DWORD PTR SS:[EBP-138],EDX
LEA EAX,[EBP-134]
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP-138]
PUSH ECX
CALL DWORD PTR SS:[EBP-130]
TEST EAX,EAX

0041A20A |. 74 35
0041A20C |. 8B55 DC
0041A20F |. 6BD2 54
0041A212 |. 8B45 E8
0041A215 |. 8B4C10 04
0041A219 |. 51
0041A21A |. 8B95 C8FEFFFF
0041A220 |. 52
0041A221 |. E8 5A470100
fo.0042E980
0041A226 |. 83C4 08
0041A229 |. 85C0
0041A22B |. 75 14
0041A22D |. 68 20954400
default)"
0041A232 |. 8D85 DCFEFFFF
0041A238 |. 50
0041A239 |. E8 2207FFFF
0041A23E |. 83C4 08
0041A241 |> 8B8D C8FEFFFF
0041A247 |. 898D 60FDFFFF
0041A24D |. 8B95 60FDFFFF
0041A253 |. 52
0041A254 |. E8 A7550100
fo.0042F800
0041A259 |. 83C4 04
0041A25C |> 8B85 D4FEFFFF
0041A262 |. 50
0041A263 |. FF15 04814400
.FreeLibrary
0041A269 |> EB 78
0041A26B |> C785 C0FDFFFF
0041A275 |. 68 FA000000
250.
0041A27A |. 8D8D C4FDFFFF
0041A280 |. 51
0041A281 |. 68 1C954400
= ",,,"
0041A286 |. 68 14954400
evice"
0041A28B |. 68 0C954400
= "windows"
0041A290 |. FF15 90804400
.GetProfileStringA
0041A296 |. 85C0
0041A298 |. 76 49
0041A29A |. 68 08954400
ystemInfo.449508
0041A29F |. 8D95 C4FDFFFF
0041A2A5 |. 52
0041A2A6 |. E8 1A7E0100
fo.004320C5
0041A2AB |. 83C4 08
0041A2AE |. 8B45 DC
0041A2B1 |. 6BC0 54
0041A2B4 |. 8B4D E8
0041A2B7 |. 8B5401 04
0041A2BB |. 52
0041A2BC |. 8D85 C4FDFFFF
0041A2C2 |. 50

JE SHORT 0041A241
MOV EDX,DWORD PTR
IMUL EDX,EDX,54
MOV EAX,DWORD PTR
MOV ECX,DWORD PTR
PUSH ECX
MOV EDX,DWORD PTR
PUSH EDX
CALL 0042E980

SS:[EBP-24]
SS:[EBP-18]
DS:[EDX+EAX+4]
SS:[EBP-138]

;
;
;
;

/Arg2
|
|Arg1
\SystemIn

ADD ESP,8
TEST EAX,EAX
JNE SHORT 0041A241
PUSH OFFSET 00449520

; ASCII " (

LEA EAX,[EBP-124]
PUSH EAX
CALL 0040A960
ADD ESP,8
MOV ECX,DWORD PTR SS:[EBP-138]
MOV DWORD PTR SS:[EBP-2A0],ECX
MOV EDX,DWORD PTR SS:[EBP-2A0]
PUSH EDX
CALL 0042F800

; /Arg1
; \SystemIn

ADD ESP,4
MOV EAX,DWORD PTR SS:[EBP-12C]
PUSH EAX
; /hModule
CALL DWORD PTR DS:[<&KERNEL32.FreeLibrar ; \KERNEL32
JMP SHORT 0041A2E3
MOV DWORD PTR SS:[EBP-240],0FA
PUSH 0FA

; /Count =

LEA ECX,[EBP-23C]
PUSH ECX
PUSH OFFSET 0044951C

; |
; |Buffer
; |Default

PUSH OFFSET 00449514

; |Key = "d

PUSH OFFSET 0044950C

; |Section

CALL DWORD PTR DS:[<&KERNEL32.GetProfile ; \KERNEL32


TEST EAX,EAX
JBE SHORT 0041A2E3
PUSH OFFSET 00449508

; /Arg2 = S

LEA EDX,[EBP-23C]
PUSH EDX
CALL 004320C5

; |
; |Arg1
; \SystemIn

ADD ESP,8
MOV EAX,DWORD PTR SS:[EBP-24]
IMUL EAX,EAX,54
MOV ECX,DWORD PTR SS:[EBP-18]
MOV EDX,DWORD PTR DS:[EAX+ECX+4]
PUSH EDX
LEA EAX,[EBP-23C]
PUSH EAX

; /Arg2
; |
; |Arg1

0041A2C3 |.
fo.0042E980
0041A2C8 |.
0041A2CB |.
0041A2CD |.
0041A2CF |.
default)"
0041A2D4 |.
0041A2DA |.
0041A2DB |.
0041A2E0 |.
0041A2E3 |>
0041A2E5 |>
0041A2E8 |.
0041A2EB |.
0041A2EE |.
0041A2F2 |.
0041A2F5 |.
0041A2F7 |.
default)"
0041A2FC |.
0041A302 |.
0041A303 |.
0041A308 |.
0041A30B |>
0041A311 |.
0041A312 |.
0041A318 |.
fo.00406460
0041A31D |.
0041A323 |.
0041A329 |.
0041A32F |.
0041A333 |.
0041A33A |.
0041A341 |.
0041A343 |.
0041A349 |.
0041A34A |.
fo.0042D798
0041A34F |.
0041A352 |.
0041A358 |.
0041A35C |.
0041A35E |.
0041A368 |.
0041A36A |>
0041A36D |.
0041A36F |.
0041A372 |.
0041A375 |.
0041A37B |>
0041A381 |.
0041A384 |.
0041A385 |.
0041A38B |.
0041A38C |.
0041A392 |.
0041A394 |.
0041A396 |.

E8 B8460100

CALL 0042E980

; \SystemIn

83C4 08
85C0
75 14
68 20954400

ADD ESP,8
TEST EAX,EAX
JNE SHORT 0041A2E3
PUSH OFFSET 00449520

; ASCII " (

8D8D DCFEFFFF
51
E8 8006FFFF
83C4 08
EB 26
8B55 DC
6BD2 54
8B45 E8
8B4C10 34
83E1 04
74 14
68 20954400

LEA ECX,[EBP-124]
PUSH ECX
CALL 0040A960
ADD ESP,8
JMP SHORT 0041A30B
MOV EDX,DWORD PTR SS:[EBP-24]
IMUL EDX,EDX,54
MOV EAX,DWORD PTR SS:[EBP-18]
MOV ECX,DWORD PTR DS:[EDX+EAX+34]
AND ECX,00000004
JE SHORT 0041A30B
PUSH OFFSET 00449520

; ASCII " (

8D95 DCFEFFFF
52
E8 5806FFFF
83C4 08
8D85 40FDFFFF
50
8D8D DCFEFFFF
E8 43C1FEFF

LEA EDX,[EBP-124]
PUSH EDX
CALL 0040A960
ADD ESP,8
LEA EAX,[EBP-2C0]
PUSH EAX
LEA ECX,[EBP-124]
CALL 00406460

; /Arg1
; |
; \SystemIn

8985 1CFAFFFF
8B8D 1CFAFFFF
898D 18FAFFFF
C645 FC 03
C685 5FFDFFFF
C685 3FFDFFFF
6A 06
8D95 2CFDFFFF
52
E8 49340100

MOV DWORD PTR SS:[EBP-5E4],EAX


MOV ECX,DWORD PTR SS:[EBP-5E4]
MOV DWORD PTR SS:[EBP-5E8],ECX
MOV BYTE PTR SS:[EBP-4],3
MOV BYTE PTR SS:[EBP-2A1],20
MOV BYTE PTR SS:[EBP-2C1],2E
PUSH 6
LEA EDX,[EBP-2D4]
PUSH EDX
CALL 0042D798

;
;
;
;

83C4 08
8985 FCFBFFFF
837D 08 00
75 0C
C785 14FAFFFF
EB 11
8B45 08
8B08
8B55 08
0351 04
8995 14FAFFFF
8B85 FCFBFFFF
8B48 04
51
8B95 14FAFFFF
52
8B85 FCFBFFFF
8B08
FFD1
83C4 08

ADD ESP,8
MOV DWORD PTR SS:[EBP-404],EAX
CMP DWORD PTR SS:[EBP+8],0
JNE SHORT 0041A36A
MOV DWORD PTR SS:[EBP-5EC],0
JMP SHORT 0041A37B
MOV EAX,DWORD PTR SS:[EBP+8]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[EBP+8]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[EBP-5EC],EDX
MOV EAX,DWORD PTR SS:[EBP-404]
MOV ECX,DWORD PTR DS:[EAX+4]
PUSH ECX
MOV EDX,DWORD PTR SS:[EBP-5EC]
PUSH EDX
MOV EAX,DWORD PTR SS:[EBP-404]
MOV ECX,DWORD PTR DS:[EAX]
CALL ECX
ADD ESP,8

/Arg2 = 6
|
|Arg1
\SystemIn

0041A399 |.
3
0041A39B |.
0041A3A1 |.
0041A3A2 |.
fo.0042D798
0041A3A7 |.
0041A3AA |.
0041A3B0 |.
0041A3B5 |.
0041A3B8 |.
0041A3B9 |.
0041A3BE |.
0041A3C1 |.
0041A3C7 |.
0041A3CE |.
0041A3D0 |.
0041A3DA |.
0041A3DC |>
0041A3E2 |.
0041A3E4 |.
0041A3EA |.
0041A3ED |.
0041A3F3 |>
0041A3F9 |.
0041A3FC |.
0041A3FD |.
0041A403 |.
0041A404 |.
0041A40A |.
0041A40C |.
0041A40E |.
0041A411 |.
0041A417 |.
0041A41D |.
0041A423 |.
0041A425 |.
0041A42B |.
0041A42E |.
0041A434 |.
0041A43A |.
0041A43D |.
0041A443 |.
0041A449 |.
0041A44F |.
0041A452 |.
0041A459 |.
0041A45B |.
0041A465 |.
0041A467 |>
0041A46D |.
0041A46F |.
0041A475 |.
0041A478 |.
0041A47E |>
0041A484 |.
0041A487 |.
0041A48D |.
0041A492 |.
0041A494 |.

6A 23

PUSH 23

8D95 34FDFFFF LEA EDX,[EBP-2CC]


52
PUSH EDX
E8 F1330100 CALL 0042D798
83C4 08
8985 F4FBFFFF
68 77874400
8B45 08
50
E8 A205FFFF
83C4 08
8985 F8FBFFFF
83BD F8FBFFFF
75 0C
C785 10FAFFFF
EB 17
8B8D F8FBFFFF
8B11
8B85 F8FBFFFF
0342 04
8985 10FAFFFF
8B8D F4FBFFFF
8B51 04
52
8B85 10FAFFFF
50
8B8D F4FBFFFF
8B11
FFD2
83C4 08
8A85 3FFDFFFF
8885 EBFBFFFF
8B8D F8FBFFFF
8B11
8B85 F8FBFFFF
0342 04
8985 ECFBFFFF
8B8D ECFBFFFF
8A51 30
8895 F3FBFFFF
8B85 ECFBFFFF
8A8D EBFBFFFF
8848 30
83BD F8FBFFFF
75 0C
C785 E0FBFFFF
EB 17
8B95 F8FBFFFF
8B02
8B8D F8FBFFFF
0348 04
898D E0FBFFFF
8B95 E0FBFFFF
8B42 10
8985 E4FBFFFF
B9 C0010000
F7D1
8B95 E0FBFFFF

ADD ESP,8
MOV DWORD PTR SS:[EBP-40C],EAX
PUSH OFFSET 00448777
MOV EAX,DWORD PTR SS:[EBP+8]
PUSH EAX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[EBP-408],EAX
CMP DWORD PTR SS:[EBP-408],0
JNE SHORT 0041A3DC
MOV DWORD PTR SS:[EBP-5F0],0
JMP SHORT 0041A3F3
MOV ECX,DWORD PTR SS:[EBP-408]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[EBP-408]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[EBP-5F0],EAX
MOV ECX,DWORD PTR SS:[EBP-40C]
MOV EDX,DWORD PTR DS:[ECX+4]
PUSH EDX
MOV EAX,DWORD PTR SS:[EBP-5F0]
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP-40C]
MOV EDX,DWORD PTR DS:[ECX]
CALL EDX
ADD ESP,8
MOV AL,BYTE PTR SS:[EBP-2C1]
MOV BYTE PTR SS:[EBP-415],AL
MOV ECX,DWORD PTR SS:[EBP-408]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[EBP-408]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[EBP-414],EAX
MOV ECX,DWORD PTR SS:[EBP-414]
MOV DL,BYTE PTR DS:[ECX+30]
MOV BYTE PTR SS:[EBP-40D],DL
MOV EAX,DWORD PTR SS:[EBP-414]
MOV CL,BYTE PTR SS:[EBP-415]
MOV BYTE PTR DS:[EAX+30],CL
CMP DWORD PTR SS:[EBP-408],0
JNE SHORT 0041A467
MOV DWORD PTR SS:[EBP-420],0
JMP SHORT 0041A47E
MOV EDX,DWORD PTR SS:[EBP-408]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[EBP-408]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[EBP-420],ECX
MOV EDX,DWORD PTR SS:[EBP-420]
MOV EAX,DWORD PTR DS:[EDX+10]
MOV DWORD PTR SS:[EBP-41C],EAX
MOV ECX,1C0
NOT ECX
MOV EDX,DWORD PTR SS:[EBP-420]

; /Arg2 = 2
; |
; |Arg1
; \SystemIn

0041A49A |.
0041A49D |.
0041A4A2 |.
0041A4A7 |.
0041A4AC |.
0041A4AE |.
0041A4B4 |.
0041A4B7 |.
0041A4BD |.
0041A4BE |.
0041A4C4 |.
0041A4C5 |.
0041A4CA |.
0041A4CD |.
0041A4D3 |.
0041A4DA |.
0041A4DC |.
0041A4E6 |.
0041A4E8 |>
0041A4EE |.
0041A4F0 |.
0041A4F6 |.
0041A4F9 |.
0041A4FF |>
0041A505 |.
0041A508 |.
0041A50E |.
0041A513 |.
0041A515 |.
0041A51B |.
0041A51E |.
0041A523 |.
0041A528 |.
0041A52D |.
0041A52F |.
0041A535 |.
0041A538 |.
0041A53E |.
0041A544 |.
0041A54A |.
0041A54C |.
0041A552 |.
0041A555 |.
0041A55B |.
0041A561 |.
0041A564 |.
0041A56A |.
0041A570 |.
0041A576 |.
0041A579 |.
0041A57D |.
0041A57F |.
0041A581 |.
0041A587 |.
fo.0040FB60
0041A58C |.
0041A58F |.
0041A592 |.
0041A595 |.
0041A59A |.

234A 10
B8 40000000
25 C0010000
25 FFFF0000
0BC8
8B95 E0FBFFFF
894A 10
8B85 18FAFFFF
50
8B8D F8FBFFFF
51
E8 9609FFFF
83C4 08
8985 D4FBFFFF
83BD D4FBFFFF
75 0C
C785 D8FBFFFF
EB 17
8B95 D4FBFFFF
8B02
8B8D D4FBFFFF
0348 04
898D D8FBFFFF
8B95 D8FBFFFF
8B42 10
8985 DCFBFFFF
B9 C0010000
F7D1
8B95 D8FBFFFF
234A 10
B8 80000000
25 C0010000
25 FFFF0000
0BC8
8B95 D8FBFFFF
894A 10
8A85 5FFDFFFF
8885 CBFBFFFF
8B8D D4FBFFFF
8B11
8B85 D4FBFFFF
0342 04
8985 CCFBFFFF
8B8D CCFBFFFF
8A51 30
8895 D3FBFFFF
8B85 CCFBFFFF
8A8D CBFBFFFF
8848 30
C645 FC 02
6A 00
6A 01
8D8D 40FDFFFF
E8 D455FFFF

AND ECX,DWORD PTR DS:[EDX+10]


MOV EAX,40
AND EAX,000001C0
AND EAX,0000FFFF
OR ECX,EAX
MOV EDX,DWORD PTR SS:[EBP-420]
MOV DWORD PTR DS:[EDX+10],ECX
MOV EAX,DWORD PTR SS:[EBP-5E8]
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP-408]
PUSH ECX
CALL 0040AE60
ADD ESP,8
MOV DWORD PTR SS:[EBP-42C],EAX
CMP DWORD PTR SS:[EBP-42C],0
JNE SHORT 0041A4E8
MOV DWORD PTR SS:[EBP-428],0
JMP SHORT 0041A4FF
MOV EDX,DWORD PTR SS:[EBP-42C]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[EBP-42C]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[EBP-428],ECX
MOV EDX,DWORD PTR SS:[EBP-428]
MOV EAX,DWORD PTR DS:[EDX+10]
MOV DWORD PTR SS:[EBP-424],EAX
MOV ECX,1C0
NOT ECX
MOV EDX,DWORD PTR SS:[EBP-428]
AND ECX,DWORD PTR DS:[EDX+10]
MOV EAX,80
AND EAX,000001C0
AND EAX,0000FFFF
OR ECX,EAX
MOV EDX,DWORD PTR SS:[EBP-428]
MOV DWORD PTR DS:[EDX+10],ECX
MOV AL,BYTE PTR SS:[EBP-2A1]
MOV BYTE PTR SS:[EBP-435],AL
MOV ECX,DWORD PTR SS:[EBP-42C]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[EBP-42C]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[EBP-434],EAX
MOV ECX,DWORD PTR SS:[EBP-434]
MOV DL,BYTE PTR DS:[ECX+30]
MOV BYTE PTR SS:[EBP-42D],DL
MOV EAX,DWORD PTR SS:[EBP-434]
MOV CL,BYTE PTR SS:[EBP-435]
MOV BYTE PTR DS:[EAX+30],CL
MOV BYTE PTR SS:[EBP-4],2
PUSH 0
PUSH 1
LEA ECX,[EBP-2C0]
CALL 0040FB60

8B55 DC
MOV EDX,DWORD PTR SS:[EBP-24]
6BD2 54
IMUL EDX,EDX,54
8B45 E8
MOV EAX,DWORD PTR SS:[EBP-18]
837C10 10 00 CMP DWORD PTR DS:[EDX+EAX+10],0
74 1A
JE SHORT 0041A5B6

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

0041A59C
0041A59F
0041A5A2
0041A5A5
0041A5A9
0041A5AA
0041A5AD
0041A5AE
0041A5B3
0041A5B6
0041A5B9
0041A5BC
0041A5BF
0041A5C4
0041A5CA
0041A5CD
0041A5D0
0041A5D3
0041A5D7
0041A5DA
0041A5E0
0041A5E2
0041A5E5
0041A5E8
0041A5EB
0041A5EF
0041A5F3
0041A5F6
0041A5F8
color)"
0041A5FD
0041A600
0041A601
0041A606
0041A609
0041A60C
0041A60F
0041A612
0041A616
0041A61A
0041A620
0041A623
0041A624
0041A629
0041A62C
0041A62F
0041A632
0041A636
0041A63A
0041A63D
0041A642
0041A645
0041A646
, v. "
0041A64B
0041A64E
0041A64F
0041A654
0041A657
0041A659

|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.

8B4D DC
6BC9 54
8B55 E8
8B440A 10
50
8B4D 08
51
E8 AD03FFFF
83C4 08
8B55 DC
6BD2 54
8B45 E8
837C10 1C 00
0F84 A4000000
8B4D DC
6BC9 54
8B55 E8
8B440A 1C
8B48 28
81E1 00080000
74 27
8B55 DC
6BD2 54
8B45 E8
8B4C10 1C
0FBF51 3C
83FA 02
75 11
68 FC944400

MOV ECX,DWORD PTR SS:[EBP-24]


IMUL ECX,ECX,54
MOV EDX,DWORD PTR SS:[EBP-18]
MOV EAX,DWORD PTR DS:[ECX+EDX+10]
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP+8]
PUSH ECX
CALL 0040A960
ADD ESP,8
MOV EDX,DWORD PTR SS:[EBP-24]
IMUL EDX,EDX,54
MOV EAX,DWORD PTR SS:[EBP-18]
CMP DWORD PTR DS:[EDX+EAX+1C],0
JE 0041A66E
MOV ECX,DWORD PTR SS:[EBP-24]
IMUL ECX,ECX,54
MOV EDX,DWORD PTR SS:[EBP-18]
MOV EAX,DWORD PTR DS:[ECX+EDX+1C]
MOV ECX,DWORD PTR DS:[EAX+28]
AND ECX,00000800
JE SHORT 0041A609
MOV EDX,DWORD PTR SS:[EBP-24]
IMUL EDX,EDX,54
MOV EAX,DWORD PTR SS:[EBP-18]
MOV ECX,DWORD PTR DS:[EDX+EAX+1C]
MOVSX EDX,WORD PTR DS:[ECX+3C]
CMP EDX,2
JNE SHORT 0041A609
PUSH OFFSET 004494FC

; ASCII " (

|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.

8B45 08
50
E8 5A03FFFF
83C4 08
8B4D DC
6BC9 54
8B55 E8
8B440A 1C
0FB748 22
81E1 FF000000
0FB6D1
52
68 D0914400
8B45 DC
6BC0 54
8B4D E8
8B5401 1C
0FB742 22
C1E8 08
25 FF000000
0FB6C8
51
68 F4944400

MOV EAX,DWORD PTR SS:[EBP+8]


PUSH EAX
CALL 0040A960
ADD ESP,8
MOV ECX,DWORD PTR SS:[EBP-24]
IMUL ECX,ECX,54
MOV EDX,DWORD PTR SS:[EBP-18]
MOV EAX,DWORD PTR DS:[ECX+EDX+1C]
MOVZX ECX,WORD PTR DS:[EAX+22]
AND ECX,000000FF
MOVZX EDX,CL
PUSH EDX
PUSH OFFSET 004491D0
MOV EAX,DWORD PTR SS:[EBP-24]
IMUL EAX,EAX,54
MOV ECX,DWORD PTR SS:[EBP-18]
MOV EDX,DWORD PTR DS:[EAX+ECX+1C]
MOVZX EAX,WORD PTR DS:[EDX+22]
SHR EAX,8
AND EAX,000000FF
MOVZX ECX,AL
PUSH ECX
PUSH OFFSET 004494F4

;
;
;
;
;
;
;
;
;
;
;
;

/Arg1
|
|
|
|
|
|
|
|
|
|/Arg1
||ASCII "

|.
|.
|.
|.
|.
|.

8B55 08
52
E8 0C03FFFF
83C4 08
8BC8
E8 02B8FEFF

MOV EDX,DWORD PTR SS:[EBP+8]


PUSH EDX
CALL 0040A960
ADD ESP,8
MOV ECX,EAX
CALL 00405E60

;
;
;
;
;
;

||
||
||
||
||
|\SystemI

nfo.00405E60
0041A65E |. 50
0041A65F |. E8 FC02FFFF
0041A664 |. 83C4 08
0041A667 |. 8BC8
0041A669 |. E8 F2B7FEFF
fo.00405E60
0041A66E |> 6A 01
0041A670 |. 6A 02
0041A672 |. 8D8D 5CFFFFFF
0041A678 |. E8 63810000
fo.004227E0
0041A67D |. C645 FC 04
0041A681 |. 8B45 DC
0041A684 |. 6BC0 54
0041A687 |. 8B4D E8
0041A68A |. 8B5401 48
0041A68E |. 81E2 00000100
0041A694 |. 74 0C
0041A696 |. C785 0CFAFFFF
warming up"
0041A6A0 |. EB 0A
0041A6A2 |> C785 0CFAFFFF
0041A6AC |> 8B45 DC
0041A6AF |. 6BC0 54
0041A6B2 |. 8B4D E8
0041A6B5 |. 8B5401 48
0041A6B9 |. 81E2 00200000
0041A6BF |. 74 0C
0041A6C1 |. C785 08FAFFFF
waiting"
0041A6CB |. EB 0A
0041A6CD |> C785 08FAFFFF
0041A6D7 |> 8B45 DC
0041A6DA |. 6BC0 54
0041A6DD |. 8B4D E8
0041A6E0 |. 8B5401 48
0041A6E4 |. 81E2 00001000
0041A6EA |. 74 0C
0041A6EC |. C785 04FAFFFF
user required"
0041A6F6 |. EB 0A
0041A6F8 |> C785 04FAFFFF
0041A702 |> 8B45 DC
0041A705 |. 6BC0 54
0041A708 |. 8B4D E8
0041A70B |. 8B5401 48
0041A70F |. 81E2 00000200
0041A715 |. 74 0C
0041A717 |. C785 00FAFFFF
toner low"
0041A721 |. EB 0A
0041A723 |> C785 00FAFFFF
0041A72D |> 8B45 DC
0041A730 |. 6BC0 54
0041A733 |. 8B4D E8
0041A736 |. 8B5401 48
0041A73A |. 81E2 00008000
0041A740 |. 74 0C
0041A742 |. C785 FCF9FFFF

PUSH EAX
CALL 0040A960
ADD ESP,8
MOV ECX,EAX
CALL 00405E60

;
;
;
;
;

|
|
|
|
\SystemIn

PUSH 1
PUSH 2
LEA ECX,[EBP-0A4]
CALL 004227E0

;
;
;
;

/Arg2 = 1
|Arg1 = 2
|
\SystemIn

MOV BYTE PTR SS:[EBP-4],4


MOV EAX,DWORD PTR SS:[EBP-24]
IMUL EAX,EAX,54
MOV ECX,DWORD PTR SS:[EBP-18]
MOV EDX,DWORD PTR DS:[EAX+ECX+48]
AND EDX,00010000
JE SHORT 0041A6A2
MOV DWORD PTR SS:[EBP-5F4],OFFSET 004494 ; ASCII ",
JMP SHORT 0041A6AC
MOV DWORD PTR SS:[EBP-5F4],OFFSET 004487
MOV EAX,DWORD PTR SS:[EBP-24]
IMUL EAX,EAX,54
MOV ECX,DWORD PTR SS:[EBP-18]
MOV EDX,DWORD PTR DS:[EAX+ECX+48]
AND EDX,00002000
JE SHORT 0041A6CD
MOV DWORD PTR SS:[EBP-5F8],OFFSET 004494 ; ASCII ",
JMP SHORT 0041A6D7
MOV DWORD PTR SS:[EBP-5F8],OFFSET 004487
MOV EAX,DWORD PTR SS:[EBP-24]
IMUL EAX,EAX,54
MOV ECX,DWORD PTR SS:[EBP-18]
MOV EDX,DWORD PTR DS:[EAX+ECX+48]
AND EDX,00100000
JE SHORT 0041A6F8
MOV DWORD PTR SS:[EBP-5FC],OFFSET 004494 ; ASCII ",
JMP SHORT 0041A702
MOV DWORD PTR SS:[EBP-5FC],OFFSET 004487
MOV EAX,DWORD PTR SS:[EBP-24]
IMUL EAX,EAX,54
MOV ECX,DWORD PTR SS:[EBP-18]
MOV EDX,DWORD PTR DS:[EAX+ECX+48]
AND EDX,00020000
JE SHORT 0041A723
MOV DWORD PTR SS:[EBP-600],OFFSET 004494 ; ASCII ",
JMP SHORT 0041A72D
MOV DWORD PTR SS:[EBP-600],OFFSET 004487
MOV EAX,DWORD PTR SS:[EBP-24]
IMUL EAX,EAX,54
MOV ECX,DWORD PTR SS:[EBP-18]
MOV EDX,DWORD PTR DS:[EAX+ECX+48]
AND EDX,00800000
JE SHORT 0041A74E
MOV DWORD PTR SS:[EBP-604],OFFSET 004494 ; ASCII ",

unknown status"
0041A74C |. EB 0A
0041A74E |> C785 FCF9FFFF
0041A758 |> 8B45 DC
0041A75B |. 6BC0 54
0041A75E |. 8B4D E8
0041A761 |. 8B5401 48
0041A765 |. 81E2 00400000
0041A76B |. 74 0C
0041A76D |. C785 F8F9FFFF
processing"
0041A777 |. EB 0A
0041A779 |> C785 F8F9FFFF
0041A783 |> 8B45 DC
0041A786 |. 6BC0 54
0041A789 |. 8B4D E8
0041A78C |. 8B5401 48
0041A790 |. 81E2 00040000
0041A796 |. 74 0C
0041A798 |. C785 F4F9FFFF
printing"
0041A7A2 |. EB 0A
0041A7A4 |> C785 F4F9FFFF
0041A7AE |> 8B45 DC
0041A7B1 |. 6BC0 54
0041A7B4 |. 8B4D E8
0041A7B7 |. 8B5401 48
0041A7BB |. 81E2 00000001
0041A7C1 |. 74 0C
0041A7C3 |. C785 F0F9FFFF
power save"
0041A7CD |. EB 0A
0041A7CF |> C785 F0F9FFFF
0041A7D9 |> 8B45 DC
0041A7DC |. 6BC0 54
0041A7DF |. 8B4D E8
0041A7E2 |. 8B5401 48
0041A7E6 |. 83E2 04
0041A7E9 |. 74 0C
0041A7EB |. C785 ECF9FFFF
deleting printer"
0041A7F5 |. EB 0A
0041A7F7 |> C785 ECF9FFFF
0041A801 |> 8B45 DC
0041A804 |. 6BC0 54
0041A807 |. 8B4D E8
0041A80A |. 8B5401 48
0041A80E |. 83E2 01
0041A811 |. 74 0C
0041A813 |. C785 E8F9FFFF
paused"
0041A81D |. EB 0A
0041A81F |> C785 E8F9FFFF
0041A829 |> 8B45 DC
0041A82C |. 6BC0 54
0041A82F |. 8B4D E8
0041A832 |. 8B5401 48
0041A836 |. 83E2 40
0041A839 |. 74 0C
0041A83B |. C785 E4F9FFFF

JMP SHORT 0041A758


MOV DWORD PTR SS:[EBP-604],OFFSET 004487
MOV EAX,DWORD PTR SS:[EBP-24]
IMUL EAX,EAX,54
MOV ECX,DWORD PTR SS:[EBP-18]
MOV EDX,DWORD PTR DS:[EAX+ECX+48]
AND EDX,00004000
JE SHORT 0041A779
MOV DWORD PTR SS:[EBP-608],OFFSET 004494 ; ASCII ",
JMP SHORT 0041A783
MOV DWORD PTR SS:[EBP-608],OFFSET 004487
MOV EAX,DWORD PTR SS:[EBP-24]
IMUL EAX,EAX,54
MOV ECX,DWORD PTR SS:[EBP-18]
MOV EDX,DWORD PTR DS:[EAX+ECX+48]
AND EDX,00000400
JE SHORT 0041A7A4
MOV DWORD PTR SS:[EBP-60C],OFFSET 004494 ; ASCII ",
JMP SHORT 0041A7AE
MOV DWORD PTR SS:[EBP-60C],OFFSET 004487
MOV EAX,DWORD PTR SS:[EBP-24]
IMUL EAX,EAX,54
MOV ECX,DWORD PTR SS:[EBP-18]
MOV EDX,DWORD PTR DS:[EAX+ECX+48]
AND EDX,01000000
JE SHORT 0041A7CF
MOV DWORD PTR SS:[EBP-610],OFFSET 004494 ; ASCII ",
JMP SHORT 0041A7D9
MOV DWORD PTR SS:[EBP-610],OFFSET 004487
MOV EAX,DWORD PTR SS:[EBP-24]
IMUL EAX,EAX,54
MOV ECX,DWORD PTR SS:[EBP-18]
MOV EDX,DWORD PTR DS:[EAX+ECX+48]
AND EDX,00000004
JE SHORT 0041A7F7
MOV DWORD PTR SS:[EBP-614],OFFSET 004494 ; ASCII ",
JMP SHORT 0041A801
MOV DWORD PTR SS:[EBP-614],OFFSET 004487
MOV EAX,DWORD PTR SS:[EBP-24]
IMUL EAX,EAX,54
MOV ECX,DWORD PTR SS:[EBP-18]
MOV EDX,DWORD PTR DS:[EAX+ECX+48]
AND EDX,00000001
JE SHORT 0041A81F
MOV DWORD PTR SS:[EBP-618],OFFSET 004494 ; ASCII ",
JMP SHORT 0041A829
MOV DWORD PTR SS:[EBP-618],OFFSET 004487
MOV EAX,DWORD PTR SS:[EBP-24]
IMUL EAX,EAX,54
MOV ECX,DWORD PTR SS:[EBP-18]
MOV EDX,DWORD PTR DS:[EAX+ECX+48]
AND EDX,00000040
JE SHORT 0041A847
MOV DWORD PTR SS:[EBP-61C],OFFSET 004494 ; ASCII ",

paper problem"
0041A845 |. EB 0A
0041A847 |> C785 E4F9FFFF
0041A851 |> 8B45 DC
0041A854 |. 6BC0 54
0041A857 |. 8B4D E8
0041A85A |. 8B5401 48
0041A85E |. 83E2 10
0041A861 |. 74 0C
0041A863 |. C785 E0F9FFFF
out of paper"
0041A86D |. EB 0A
0041A86F |> C785 E0F9FFFF
0041A879 |> 8B45 DC
0041A87C |. 6BC0 54
0041A87F |. 8B4D E8
0041A882 |. 8B5401 48
0041A886 |. 83E2 08
0041A889 |. 74 0C
0041A88B |. C785 DCF9FFFF
paper jam"
0041A895 |. EB 0A
0041A897 |> C785 DCF9FFFF
0041A8A1 |> 8B45 DC
0041A8A4 |. 6BC0 54
0041A8A7 |. 8B4D E8
0041A8AA |. 8B5401 48
0041A8AE |. 81E2 00000800
0041A8B4 |. 74 0C
0041A8B6 |. C785 D8F9FFFF
cannot print page"
0041A8C0 |. EB 0A
0041A8C2 |> C785 D8F9FFFF
0041A8CC |> 8B45 DC
0041A8CF |. 6BC0 54
0041A8D2 |. 8B4D E8
0041A8D5 |. 8B5401 48
0041A8D9 |. 81E2 00080000
0041A8DF |. 74 0C
0041A8E1 |. C785 D4F9FFFF
output bin is full"
0041A8EB |. EB 0A
0041A8ED |> C785 D4F9FFFF
0041A8F7 |> 8B45 DC
0041A8FA |. 6BC0 54
0041A8FD |. 8B4D E8
0041A900 |. 8B5401 48
0041A904 |. 81E2 00002000
0041A90A |. 74 0C
0041A90C |. C785 D0F9FFFF
out of memory"
0041A916 |. EB 0A
0041A918 |> C785 D0F9FFFF
0041A922 |> 8B45 DC
0041A925 |. 6BC0 54
0041A928 |. 8B4D E8
0041A92B |. 8B5401 48
0041A92F |. 81E2 80000000
0041A935 |. 74 0C
0041A937 |. C785 CCF9FFFF

JMP SHORT 0041A851


MOV DWORD PTR SS:[EBP-61C],OFFSET 004487
MOV EAX,DWORD PTR SS:[EBP-24]
IMUL EAX,EAX,54
MOV ECX,DWORD PTR SS:[EBP-18]
MOV EDX,DWORD PTR DS:[EAX+ECX+48]
AND EDX,00000010
JE SHORT 0041A86F
MOV DWORD PTR SS:[EBP-620],OFFSET 004494 ; ASCII ",
JMP SHORT 0041A879
MOV DWORD PTR SS:[EBP-620],OFFSET 004487
MOV EAX,DWORD PTR SS:[EBP-24]
IMUL EAX,EAX,54
MOV ECX,DWORD PTR SS:[EBP-18]
MOV EDX,DWORD PTR DS:[EAX+ECX+48]
AND EDX,00000008
JE SHORT 0041A897
MOV DWORD PTR SS:[EBP-624],OFFSET 004494 ; ASCII ",
JMP SHORT 0041A8A1
MOV DWORD PTR SS:[EBP-624],OFFSET 004487
MOV EAX,DWORD PTR SS:[EBP-24]
IMUL EAX,EAX,54
MOV ECX,DWORD PTR SS:[EBP-18]
MOV EDX,DWORD PTR DS:[EAX+ECX+48]
AND EDX,00080000
JE SHORT 0041A8C2
MOV DWORD PTR SS:[EBP-628],OFFSET 004494 ; ASCII ",
JMP SHORT 0041A8CC
MOV DWORD PTR SS:[EBP-628],OFFSET 004487
MOV EAX,DWORD PTR SS:[EBP-24]
IMUL EAX,EAX,54
MOV ECX,DWORD PTR SS:[EBP-18]
MOV EDX,DWORD PTR DS:[EAX+ECX+48]
AND EDX,00000800
JE SHORT 0041A8ED
MOV DWORD PTR SS:[EBP-62C],OFFSET 004494 ; ASCII ",
JMP SHORT 0041A8F7
MOV DWORD PTR SS:[EBP-62C],OFFSET 004487
MOV EAX,DWORD PTR SS:[EBP-24]
IMUL EAX,EAX,54
MOV ECX,DWORD PTR SS:[EBP-18]
MOV EDX,DWORD PTR DS:[EAX+ECX+48]
AND EDX,00200000
JE SHORT 0041A918
MOV DWORD PTR SS:[EBP-630],OFFSET 004493 ; ASCII ",
JMP SHORT 0041A922
MOV DWORD PTR SS:[EBP-630],OFFSET 004487
MOV EAX,DWORD PTR SS:[EBP-24]
IMUL EAX,EAX,54
MOV ECX,DWORD PTR SS:[EBP-18]
MOV EDX,DWORD PTR DS:[EAX+ECX+48]
AND EDX,00000080
JE SHORT 0041A943
MOV DWORD PTR SS:[EBP-634],OFFSET 004493 ; ASCII ",

offline"
0041A941 |. EB 0A
0041A943 |> C785 CCF9FFFF
0041A94D |> 8B45 DC
0041A950 |. 6BC0 54
0041A953 |. 8B4D E8
0041A956 |. 8B5401 48
0041A95A |. 81E2 00100000
0041A960 |. 74 0C
0041A962 |. C785 C8F9FFFF
not available"
0041A96C |. EB 0A
0041A96E |> C785 C8F9FFFF
0041A978 |> 8B45 DC
0041A97B |. 6BC0 54
0041A97E |. 8B4D E8
0041A981 |. 8B5401 48
0041A985 |. 81E2 00000400
0041A98B |. 74 0C
0041A98D |. C785 C4F9FFFF
out of toner"
0041A997 |. EB 0A
0041A999 |> C785 C4F9FFFF
0041A9A3 |> 8B45 DC
0041A9A6 |. 6BC0 54
0041A9A9 |. 8B4D E8
0041A9AC |. 8B5401 48
0041A9B0 |. 83E2 20
0041A9B3 |. 74 0C
0041A9B5 |. C785 C0F9FFFF
manual feed"
0041A9BF |. EB 0A
0041A9C1 |> C785 C0F9FFFF
0041A9CB |> 8B45 DC
0041A9CE |. 6BC0 54
0041A9D1 |. 8B4D E8
0041A9D4 |. 8B5401 48
0041A9D8 |. 81E2 00010000
0041A9DE |. 74 0C
0041A9E0 |. C785 BCF9FFFF
active input/output"
0041A9EA |. EB 0A
0041A9EC |> C785 BCF9FFFF
0041A9F6 |> 8B45 DC
0041A9F9 |. 6BC0 54
0041A9FC |. 8B4D E8
0041A9FF |. 8B5401 48
0041AA03 |. 81E2 00800000
0041AA09 |. 74 0C
0041AA0B |. C785 B8F9FFFF
initializing"
0041AA15 |. EB 0A
0041AA17 |> C785 B8F9FFFF
0041AA21 |> 8B45 DC
0041AA24 |. 6BC0 54
0041AA27 |. 8B4D E8
0041AA2A |. 8B5401 48
0041AA2E |. 83E2 02
0041AA31 |. 74 0C
0041AA33 |. C785 B4F9FFFF

JMP SHORT 0041A94D


MOV DWORD PTR SS:[EBP-634],OFFSET 004487
MOV EAX,DWORD PTR SS:[EBP-24]
IMUL EAX,EAX,54
MOV ECX,DWORD PTR SS:[EBP-18]
MOV EDX,DWORD PTR DS:[EAX+ECX+48]
AND EDX,00001000
JE SHORT 0041A96E
MOV DWORD PTR SS:[EBP-638],OFFSET 004493 ; ASCII ",
JMP SHORT 0041A978
MOV DWORD PTR SS:[EBP-638],OFFSET 004487
MOV EAX,DWORD PTR SS:[EBP-24]
IMUL EAX,EAX,54
MOV ECX,DWORD PTR SS:[EBP-18]
MOV EDX,DWORD PTR DS:[EAX+ECX+48]
AND EDX,00040000
JE SHORT 0041A999
MOV DWORD PTR SS:[EBP-63C],OFFSET 004493 ; ASCII ",
JMP SHORT 0041A9A3
MOV DWORD PTR SS:[EBP-63C],OFFSET 004487
MOV EAX,DWORD PTR SS:[EBP-24]
IMUL EAX,EAX,54
MOV ECX,DWORD PTR SS:[EBP-18]
MOV EDX,DWORD PTR DS:[EAX+ECX+48]
AND EDX,00000020
JE SHORT 0041A9C1
MOV DWORD PTR SS:[EBP-640],OFFSET 004493 ; ASCII ",
JMP SHORT 0041A9CB
MOV DWORD PTR SS:[EBP-640],OFFSET 004487
MOV EAX,DWORD PTR SS:[EBP-24]
IMUL EAX,EAX,54
MOV ECX,DWORD PTR SS:[EBP-18]
MOV EDX,DWORD PTR DS:[EAX+ECX+48]
AND EDX,00000100
JE SHORT 0041A9EC
MOV DWORD PTR SS:[EBP-644],OFFSET 004493 ; ASCII ",
JMP SHORT 0041A9F6
MOV DWORD PTR SS:[EBP-644],OFFSET 004487
MOV EAX,DWORD PTR SS:[EBP-24]
IMUL EAX,EAX,54
MOV ECX,DWORD PTR SS:[EBP-18]
MOV EDX,DWORD PTR DS:[EAX+ECX+48]
AND EDX,00008000
JE SHORT 0041AA17
MOV DWORD PTR SS:[EBP-648],OFFSET 004493 ; ASCII ",
JMP SHORT 0041AA21
MOV DWORD PTR SS:[EBP-648],OFFSET 004487
MOV EAX,DWORD PTR SS:[EBP-24]
IMUL EAX,EAX,54
MOV ECX,DWORD PTR SS:[EBP-18]
MOV EDX,DWORD PTR DS:[EAX+ECX+48]
AND EDX,00000002
JE SHORT 0041AA3F
MOV DWORD PTR SS:[EBP-64C],OFFSET 004493 ; ASCII ",

error"
0041AA3D |.
0041AA3F |>
0041AA49 |>
0041AA4C |.
0041AA4F |.
0041AA52 |.
0041AA56 |.
0041AA5C |.
0041AA5E |.
door is open"
0041AA68 |.
0041AA6A |>
0041AA74 |>
0041AA77 |.
0041AA7A |.
0041AA7D |.
0041AA81 |.
0041AA87 |.
0041AA89 |.
busy"
0041AA93 |.
0041AA95 |>
0041AA9F |>
0041AAA5 |.
0041AAA6 |.
0041AAAC |.
0041AAAD |.
0041AAB3 |.
0041AAB4 |.
0041AABA |.
0041AABB |.
0041AAC1 |.
0041AAC2 |.
0041AAC8 |.
0041AAC9 |.
0041AACF |.
0041AAD0 |.
0041AAD6 |.
0041AAD7 |.
0041AADD |.
0041AADE |.
0041AAE4 |.
0041AAE5 |.
0041AAEB |.
0041AAEC |.
0041AAF2 |.
0041AAF3 |.
0041AAF9 |.
0041AAFA |.
0041AB00 |.
0041AB01 |.
0041AB07 |.
0041AB08 |.
0041AB0E |.
0041AB0F |.
0041AB15 |.
0041AB16 |.
0041AB1C |.
0041AB1D |.

EB 0A
C785 B4F9FFFF
8B45 DC
6BC0 54
8B4D E8
8B5401 48
81E2 00004000
74 0C
C785 B0F9FFFF

JMP SHORT 0041AA49


MOV DWORD PTR SS:[EBP-64C],OFFSET 004487
MOV EAX,DWORD PTR SS:[EBP-24]
IMUL EAX,EAX,54
MOV ECX,DWORD PTR SS:[EBP-18]
MOV EDX,DWORD PTR DS:[EAX+ECX+48]
AND EDX,00400000
JE SHORT 0041AA6A
MOV DWORD PTR SS:[EBP-650],OFFSET 004493 ; ASCII ",

EB 0A
C785 B0F9FFFF
8B45 DC
6BC0 54
8B4D E8
8B5401 48
81E2 00020000
74 0C
C785 ACF9FFFF

JMP SHORT 0041AA74


MOV DWORD PTR SS:[EBP-650],OFFSET 004487
MOV EAX,DWORD PTR SS:[EBP-24]
IMUL EAX,EAX,54
MOV ECX,DWORD PTR SS:[EBP-18]
MOV EDX,DWORD PTR DS:[EAX+ECX+48]
AND EDX,00000200
JE SHORT 0041AA95
MOV DWORD PTR SS:[EBP-654],OFFSET 004493 ; ASCII ",

EB 0A
C785 ACF9FFFF
8B85 0CFAFFFF
50
8B8D 08FAFFFF
51
8B95 04FAFFFF
52
8B85 00FAFFFF
50
8B8D FCF9FFFF
51
8B95 F8F9FFFF
52
8B85 F4F9FFFF
50
8B8D F0F9FFFF
51
8B95 ECF9FFFF
52
8B85 E8F9FFFF
50
8B8D E4F9FFFF
51
8B95 E0F9FFFF
52
8B85 DCF9FFFF
50
8B8D D8F9FFFF
51
8B95 D4F9FFFF
52
8B85 D0F9FFFF
50
8B8D CCF9FFFF
51
8B95 C8F9FFFF
52
8B85 C4F9FFFF

JMP SHORT 0041AA9F


MOV DWORD PTR SS:[EBP-654],OFFSET 004487
MOV EAX,DWORD PTR SS:[EBP-5F4]
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP-5F8]
PUSH ECX
MOV EDX,DWORD PTR SS:[EBP-5FC]
PUSH EDX
MOV EAX,DWORD PTR SS:[EBP-600]
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP-604]
PUSH ECX
MOV EDX,DWORD PTR SS:[EBP-608]
PUSH EDX
MOV EAX,DWORD PTR SS:[EBP-60C]
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP-610]
PUSH ECX
MOV EDX,DWORD PTR SS:[EBP-614]
PUSH EDX
MOV EAX,DWORD PTR SS:[EBP-618]
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP-61C]
PUSH ECX
MOV EDX,DWORD PTR SS:[EBP-620]
PUSH EDX
MOV EAX,DWORD PTR SS:[EBP-624]
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP-628]
PUSH ECX
MOV EDX,DWORD PTR SS:[EBP-62C]
PUSH EDX
MOV EAX,DWORD PTR SS:[EBP-630]
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP-634]
PUSH ECX
MOV EDX,DWORD PTR SS:[EBP-638]
PUSH EDX
MOV EAX,DWORD PTR SS:[EBP-63C]

0041AB23
0041AB24
0041AB2A
0041AB2B
0041AB31
0041AB32
0041AB38
0041AB39
0041AB3F
0041AB40
0041AB46
0041AB47
0041AB4D
0041AB4E
0041AB54
0041AB55
0041AB5A
0041AB5D
0041AB5E
0041AB63
0041AB66
0041AB67
0041AB6C
0041AB6F
0041AB70
0041AB75
0041AB78
0041AB79
0041AB7E
0041AB81
0041AB82
0041AB87
0041AB8A
0041AB8B
0041AB90
0041AB93
0041AB94
0041AB99
0041AB9C
0041AB9D
0041ABA2
0041ABA5
0041ABA6
0041ABAB
0041ABAE
0041ABAF
0041ABB4
0041ABB7
0041ABB8
0041ABBD
0041ABC0
0041ABC1
0041ABC6
0041ABC9
0041ABCA
0041ABCF
0041ABD2
0041ABD3
0041ABD8
0041ABDB

|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.

50
8B8D C0F9FFFF
51
8B95 BCF9FFFF
52
8B85 B8F9FFFF
50
8B8D B4F9FFFF
51
8B95 B0F9FFFF
52
8B85 ACF9FFFF
50
8D8D 5CFFFFFF
51
E8 06FEFEFF
83C4 08
50
E8 FDFDFEFF
83C4 08
50
E8 F4FDFEFF
83C4 08
50
E8 EBFDFEFF
83C4 08
50
E8 E2FDFEFF
83C4 08
50
E8 D9FDFEFF
83C4 08
50
E8 D0FDFEFF
83C4 08
50
E8 C7FDFEFF
83C4 08
50
E8 BEFDFEFF
83C4 08
50
E8 B5FDFEFF
83C4 08
50
E8 ACFDFEFF
83C4 08
50
E8 A3FDFEFF
83C4 08
50
E8 9AFDFEFF
83C4 08
50
E8 91FDFEFF
83C4 08
50
E8 88FDFEFF
83C4 08
50

PUSH EAX
MOV ECX,DWORD PTR
PUSH ECX
MOV EDX,DWORD PTR
PUSH EDX
MOV EAX,DWORD PTR
PUSH EAX
MOV ECX,DWORD PTR
PUSH ECX
MOV EDX,DWORD PTR
PUSH EDX
MOV EAX,DWORD PTR
PUSH EAX
LEA ECX,[EBP-0A4]
PUSH ECX
CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
PUSH EAX

SS:[EBP-640]
SS:[EBP-644]
SS:[EBP-648]
SS:[EBP-64C]
SS:[EBP-650]
SS:[EBP-654]

0041ABDC |.
0041ABE1 |.
0041ABE4 |.
0041ABE5 |.
0041ABEA |.
0041ABED |.
0041ABEE |.
0041ABF3 |.
0041ABF6 |.
0041ABF7 |.
0041ABFC |.
0041ABFF |.
0041AC00 |.
0041AC05 |.
0041AC08 |.
0041AC09 |.
0041AC0E |.
0041AC11 |.
0041AC12 |.
0041AC17 |.
0041AC1A |.
0041AC1B |.
0041AC20 |.
0041AC23 |.
0041AC24 |.
0041AC29 |.
0041AC2C |.
0041AC2D |.
0041AC32 |.
0041AC35 |.
0041AC3B |.
0041AC3C |.
0041AC42 |.
fo.00406460
0041AC47 |.
0041AC4D |.
0041AC53 |.
0041AC55 |.
0041AC59 |.
0041AC5C |.
0041AC5F |.
0041AC61 |.
0041AC63 |.
0041AC66 |.
0041AC6C |.
0041AC6E |.
0041AC70 |.
0041AC76 |.
fo.0040FB60
0041AC7B |.
0041AC82 |.
0041AC84 |.
0041AC8A |.
0041AC90 |.
0041AC91 |.
0041AC97 |.
fo.00406460
0041AC9C |.
0041ACA2 |.
0041ACA8 |.

E8 7FFDFEFF
83C4 08
50
E8 76FDFEFF
83C4 08
50
E8 6DFDFEFF
83C4 08
50
E8 64FDFEFF
83C4 08
50
E8 5BFDFEFF
83C4 08
50
E8 52FDFEFF
83C4 08
50
E8 49FDFEFF
83C4 08
50
E8 40FDFEFF
83C4 08
50
E8 37FDFEFF
83C4 08
50
E8 2EFDFEFF
83C4 08
8D95 0CFDFFFF
52
8D8D 5CFFFFFF
E8 19B8FEFF

CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
LEA EDX,[EBP-2F4]
PUSH EDX
LEA ECX,[EBP-0A4]
CALL 00406460

; /Arg1
; |
; \SystemIn

8985 ACFBFFFF
8B85 ACFBFFFF
33C9
8378 14 00
0F94C1
0FB6D1
F7DA
1BD2
83C2 01
8895 2BFDFFFF
6A 00
6A 01
8D8D 0CFDFFFF
E8 E54EFFFF

MOV DWORD PTR SS:[EBP-454],EAX


MOV EAX,DWORD PTR SS:[EBP-454]
XOR ECX,ECX
CMP DWORD PTR DS:[EAX+14],0
SETE CL
MOVZX EDX,CL
NEG EDX
SBB EDX,EDX
ADD EDX,1
MOV BYTE PTR SS:[EBP-2D5],DL
PUSH 0
PUSH 1
LEA ECX,[EBP-2F4]
CALL 0040FB60

;
;
;
;

0FB685 2BFDFF
85C0
0F84 A9000000
8D8D F0FCFFFF
51
8D8D 5CFFFFFF
E8 C4B7FEFF

MOVZX EAX,BYTE PTR SS:[EBP-2D5]


TEST EAX,EAX
JE 0041AD33
LEA ECX,[EBP-310]
PUSH ECX
LEA ECX,[EBP-0A4]
CALL 00406460

; /Arg1
; |
; \SystemIn

8985 A8F9FFFF MOV DWORD PTR SS:[EBP-658],EAX


8B95 A8F9FFFF MOV EDX,DWORD PTR SS:[EBP-658]
8995 A4F9FFFF MOV DWORD PTR SS:[EBP-65C],EDX

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

0041ACAE |.
0041ACB2 |.
1
0041ACB4 |.
0041ACB6 |.
0041ACBC |.
0041ACBD |.
0041ACC3 |.
fo.00422460
0041ACC8 |.
0041ACCE |.
0041ACD4 |.
0041ACDA |.
0041ACDE |.
0041ACE3 |.
0041ACE9 |.
0041ACEA |.
"
0041ACEF |.
0041ACF2 |.
0041ACF3 |.
0041ACF8 |.
0041ACFB |.
0041ACFC |.
0041AD01 |.
0041AD04 |.
0041AD05 |.
0041AD0A |.
0041AD0D |.
0041AD11 |.
0041AD13 |.
0041AD15 |.
0041AD1B |.
fo.0040FB60
0041AD20 |.
0041AD24 |.
0041AD26 |.
0041AD28 |.
0041AD2E |.
fo.0040FB60
0041AD33 |>
0041AD36 |.
0041AD39 |.
0041AD3C |.
0041AD40 |.
0041AD45 |.
0041AD47 |.
offline"
0041AD4C |.
0041AD4F |.
0041AD50 |.
0041AD55 |.
0041AD58 |>
0041AD5B |.
0041AD5E |.
0041AD61 |.
0041AD65 |.
0041AD6B |.
0041AD6D |.
unpublished"

C645 FC 05
6A FF

MOV BYTE PTR SS:[EBP-4],5


PUSH -1

; /Arg3 = -

6A 02
8D85 D4FCFFFF
50
8B8D A4F9FFFF
E8 98770000

PUSH 2
LEA EAX,[EBP-32C]
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP-65C]
CALL 00422460

;
;
;
;
;

8985 A0F9FFFF
8B8D A0F9FFFF
898D 9CF9FFFF
C645 FC 06
68 68854400
8B95 9CF9FFFF
52
68 64854400

MOV DWORD PTR SS:[EBP-660],EAX


MOV ECX,DWORD PTR SS:[EBP-660]
MOV DWORD PTR SS:[EBP-664],ECX
MOV BYTE PTR SS:[EBP-4],6
PUSH OFFSET 00448568
MOV EDX,DWORD PTR SS:[EBP-664]
PUSH EDX
PUSH OFFSET 00448564

; ASCII " (

8B45 08
50
E8 68FCFEFF
83C4 08
50
E8 5F01FFFF
83C4 08
50
E8 56FCFEFF
83C4 08
C645 FC 05
6A 00
6A 01
8D8D D4FCFFFF
E8 404EFFFF

MOV EAX,DWORD PTR SS:[EBP+8]


PUSH EAX
CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040AE60
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
MOV BYTE PTR SS:[EBP-4],5
PUSH 0
PUSH 1
LEA ECX,[EBP-32C]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

C645 FC 04
6A 00
6A 01
8D8D F0FCFFFF
E8 2D4EFFFF

MOV BYTE PTR SS:[EBP-4],4


PUSH 0
PUSH 1
LEA ECX,[EBP-310]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

8B4D DC
6BC9 54
8B55 E8
8B440A 34
25 00040000
74 11
68 E8934400

MOV ECX,DWORD PTR SS:[EBP-24]


IMUL ECX,ECX,54
MOV EDX,DWORD PTR SS:[EBP-18]
MOV EAX,DWORD PTR DS:[ECX+EDX+34]
AND EAX,00000400
JE SHORT 0041AD58
PUSH OFFSET 004493E8

; ASCII ",

8B4D 08
51
E8 0BFCFEFF
83C4 08
8B55 DC
6BD2 54
8B45 E8
8B4C10 34
81E1 00200000
75 11
68 60934400

MOV ECX,DWORD PTR SS:[EBP+8]


PUSH ECX
CALL 0040A960
ADD ESP,8
MOV EDX,DWORD PTR SS:[EBP-24]
IMUL EDX,EDX,54
MOV EAX,DWORD PTR SS:[EBP-18]
MOV ECX,DWORD PTR DS:[EDX+EAX+34]
AND ECX,00002000
JNE SHORT 0041AD7E
PUSH OFFSET 00449360

; ASCII ",

|Arg2 = 2
|
|Arg1
|
\SystemIn

0041AD72 |.
0041AD75 |.
0041AD76 |.
0041AD7B |.
0041AD7E |>
obs"
0041AD83 |.
0041AD86 |.
0041AD89 |.
0041AD8C |.
0041AD90 |.
0041AD91 |.
"
0041AD96 |.
0041AD99 |.
0041AD9A |.
0041AD9F |.
0041ADA2 |.
0041ADA4 |.
fo.00406190
0041ADA9 |.
0041ADAA |.
0041ADAF |.
0041ADB2 |.
A
0041ADB4 |.
0041ADB7 |.
fo.0040F5C0
0041ADBC |.
0041ADBF |.
fo.0040F7C0
0041ADC4 |.
0041ADC8 |.
0041ADCB |.
fo.004279F0
0041ADD0 |.
0041ADD3 |.
0041ADD9 |.
0041ADDF |.
0041ADE5 |.
0041ADEB |.
0041ADF1 |.
0041ADF7 |.
0041ADF8 |.
fo.0042DDC5
0041ADFD |.
0041AE00 |.
0041AE07 |.
0041AE0D |.
fo.004279F0
0041AE12 |.
0041AE18 |.
0041AE1E |.
0041AE24 |.
0041AE2A |.
0041AE30 |.
0041AE36 |.
0041AE3C |.
0041AE3D |.
fo.0042DDC5

8B55 08
52
E8 E5FBFEFF
83C4 08
68 58934400

MOV EDX,DWORD PTR SS:[EBP+8]


PUSH EDX
CALL 0040A960
ADD ESP,8
PUSH OFFSET 00449358

; ASCII " j

8B45 DC
6BC0 54
8B4D E8
8B5401 4C
52
68 3C8E4400

MOV EAX,DWORD PTR SS:[EBP-24]


IMUL EAX,EAX,54
MOV ECX,DWORD PTR SS:[EBP-18]
MOV EDX,DWORD PTR DS:[EAX+ECX+4C]
PUSH EDX
PUSH OFFSET 00448E3C

; /Arg1
; |ASCII ",

8B45 08
50
E8 C1FBFEFF
83C4 08
8BC8
E8 E7B3FEFF

MOV EAX,DWORD PTR SS:[EBP+8]


PUSH EAX
CALL 0040A960
ADD ESP,8
MOV ECX,EAX
CALL 00406190

;
;
;
;
;
;

50
E8 B1FBFEFF
83C4 08
6A 0A

PUSH EAX
CALL 0040A960
ADD ESP,8
PUSH 0A

; /Arg1 = 0

8B4D 08
E8 0448FFFF

MOV ECX,DWORD PTR SS:[EBP+8]


CALL 0040F5C0

; |
; \SystemIn

8B4D 08
E8 FC49FFFF

MOV ECX,DWORD PTR SS:[EBP+8]


CALL 0040F7C0

; [SystemIn

C645 FC 02
8D4D A8
E8 20CC0000

MOV BYTE PTR SS:[EBP-4],2


LEA ECX,[EBP-58]
CALL 004279F0

; [SystemIn

8D4D A8
898D 60FAFFFF
8B95 60FAFFFF
C702 008A4400
8B85 60FAFFFF
C700 F8894400
8B8D 60FAFFFF
51
E8 C82F0100

LEA ECX,[EBP-58]
MOV DWORD PTR SS:[EBP-5A0],ECX
MOV EDX,DWORD PTR SS:[EBP-5A0]
MOV DWORD PTR DS:[EDX],OFFSET 00448A00
MOV EAX,DWORD PTR SS:[EBP-5A0]
MOV DWORD PTR DS:[EAX],OFFSET 004489F8
MOV ECX,DWORD PTR SS:[EBP-5A0]
PUSH ECX
CALL 0042DDC5

; /Arg1
; \SystemIn

83C4 04
C745 FC FFFFF
8D8D 28FFFFFF
E8 DECB0000

ADD ESP,4
MOV DWORD PTR SS:[EBP-4],-1
LEA ECX,[EBP-0D8]
CALL 004279F0

; [SystemIn

8D95 28FFFFFF
8995 38FAFFFF
8B85 38FAFFFF
C700 008A4400
8B8D 38FAFFFF
C701 F8894400
8B95 38FAFFFF
52
E8 832F0100

LEA EDX,[EBP-0D8]
MOV DWORD PTR SS:[EBP-5C8],EDX
MOV EAX,DWORD PTR SS:[EBP-5C8]
MOV DWORD PTR DS:[EAX],OFFSET 00448A00
MOV ECX,DWORD PTR SS:[EBP-5C8]
MOV DWORD PTR DS:[ECX],OFFSET 004489F8
MOV EDX,DWORD PTR SS:[EBP-5C8]
PUSH EDX
CALL 0042DDC5

; /Arg1
; \SystemIn

|
|
|
|
|
\SystemIn

0041AE42
0041AE45
0041AE4A
0041AE4D
0041AE4E
0
0041AE50
0041AE53
0041AE54
.HeapFree
0041AE5A
0041AE5D
0041AE64
0041AE65
0041AE6B
0041AE6D
0041AE72
0041AE74
0041AE75
0041AE76
0041AE77
0041AE78
0041AE79
0041AE7A
0041AE7B
0041AE7C
0041AE7D
0041AE7E
0041AE7F
0041AE80
0041AE81
0041AE83
0041AE85
0041AE8A
0041AE90
0041AE91
0041AE97
0041AE9C
0041AE9E
0041AEA1
0041AEA2
0041AEA3
0041AEA4
0041AEA7
0041AEAD
0041AEB4
0041AEB8
0041AEBA
0041AEBD
0041AEC3
0041AEC5
0041AEC8
0041AECE
0041AED4
0041AED7
0041AEDA
=> OFFSET
0041AEDB
0041AEDE
0041AEDF

|.
|.^
|>
|.
|.

83C4 04
E9 6EF0FFFF
8B45 E8
50
6A 00

ADD ESP,4
JMP 00419EB8
MOV EAX,DWORD PTR SS:[EBP-18]
PUSH EAX
PUSH 0

; /pMem
; |Flags =

|. 8B4D E4
MOV ECX,DWORD PTR SS:[EBP-1C]
; |
|. 51
PUSH ECX
; |Heap
|. FF15 A0804400 CALL DWORD PTR DS:[<&KERNEL32.HeapFree>] ; \KERNEL32
|>
|.
|.
|.
|.
|.
|.
|.
\.

8B4D F4
64:890D 00000
59
8B8D C4FEFFFF
33CD
E8 7F380100
8BE5
5D
C3
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
/$ 55
|. 8BEC
|. 6A FF
|. 68 10604400
|. 64:A1 0000000
|. 50
|. 81EC 4C030000
|. A1 A0154500
|. 33C5
|. 8945 F0
|. 56
|. 57
|. 50
|. 8D45 F4
|. 64:A3 0000000
|. C745 FC 00000
|. 837D 20 10
|. 72 0B
|. 8B45 0C
|. 8985 A8FCFFFF
|. EB 09
|> 8D4D 0C
|. 898D A8FCFFFF
|> 8B95 A8FCFFFF
|. 8955 B0
|. 8D45 C8
|. 50
LOCAL.14
|. 8B4D B0
|. 51
|. E8 98280100

MOV ECX,DWORD PTR SS:[EBP-0C]


MOV DWORD PTR FS:[0],ECX
POP ECX
MOV ECX,DWORD PTR SS:[EBP-13C]
XOR ECX,EBP
CALL 0042E6F1
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
PUSH -1
PUSH 00446010
MOV EAX,DWORD PTR FS:[0]
PUSH EAX
SUB ESP,34C
MOV EAX,DWORD PTR DS:[4515A0]
XOR EAX,EBP
MOV DWORD PTR SS:[LOCAL.4],EAX
PUSH ESI
PUSH EDI
PUSH EAX
LEA EAX,[LOCAL.3]
MOV DWORD PTR FS:[0],EAX
MOV DWORD PTR SS:[LOCAL.1],0
CMP DWORD PTR SS:[ARG.7],10
JB SHORT 0041AEC5
MOV EAX,DWORD PTR SS:[ARG.2]
MOV DWORD PTR SS:[LOCAL.214],EAX
JMP SHORT 0041AECE
LEA ECX,[ARG.2]
MOV DWORD PTR SS:[LOCAL.214],ECX
MOV EDX,DWORD PTR SS:[LOCAL.214]
MOV DWORD PTR SS:[LOCAL.20],EDX
LEA EAX,[LOCAL.14]
PUSH EAX

; /pHandle

MOV ECX,DWORD PTR SS:[LOCAL.20]


; |
PUSH ECX
; |Filename
CALL <JMP.&VERSION.GetFileVersionInfoSiz ; \VERSION.

GetFileVersionInfoSizeA
0041AEE4 |. 8945 CC
MOV DWORD PTR SS:[LOCAL.13],EAX
0041AEE7 |. 837D CC 00
CMP DWORD PTR SS:[LOCAL.13],0
0041AEEB |. 75 6D
JNE SHORT 0041AF5A
0041AEED |. 68 50974400 PUSH OFFSET 00449750
SCII "No version information"
0041AEF2 |. E8 5957FFFF CALL 00410650
fo.00410650
0041AEF7 |. 83C4 04
ADD ESP,4
0041AEFA |. 8985 48FEFFFF MOV DWORD PTR SS:[LOCAL.110],EAX
0041AF00 |. 8B4D 30
MOV ECX,DWORD PTR SS:[ARG.11]
0041AF03 |. E8 7838FFFF CALL 0040E780
fo.0040E780
0041AF08 |. 8B95 48FEFFFF MOV EDX,DWORD PTR SS:[LOCAL.110]
0041AF0E |. 52
PUSH EDX
[LOCAL.110]
0041AF0F |. E8 6C330100 CALL 0042E280
fo.0042E280
0041AF14 |. 83C4 04
ADD ESP,4
0041AF17 |. 8985 58FEFFFF MOV DWORD PTR SS:[LOCAL.106],EAX
0041AF1D |. 8B85 58FEFFFF MOV EAX,DWORD PTR SS:[LOCAL.106]
0041AF23 |. 50
PUSH EAX
[LOCAL.106]
0041AF24 |. 8B8D 48FEFFFF MOV ECX,DWORD PTR SS:[LOCAL.110]
0041AF2A |. 51
PUSH ECX
[LOCAL.110]
0041AF2B |. 8B4D 30
MOV ECX,DWORD PTR SS:[ARG.11]
0041AF2E |. E8 1D42FFFF CALL 0040F150
fo.0040F150
0041AF33 |. C745 FC 01000 MOV DWORD PTR SS:[LOCAL.1],1
0041AF3A |. 8D4D 08
LEA ECX,[ARG.1]
0041AF3D |. E8 3E38FFFF CALL 0040E780
fo.0040E780
0041AF42 |. C745 FC FFFFF MOV DWORD PTR SS:[LOCAL.1],-1
0041AF49 |. 6A 00
PUSH 0
0041AF4B |. 6A 01
PUSH 1
0041AF4D |. 8D4D 08
LEA ECX,[ARG.1]
0041AF50 |. E8 0B4CFFFF CALL 0040FB60
fo.0040FB60
0041AF55 |. E9 A50B0000 JMP 0041BAFF
0041AF5A |> 8B55 CC
MOV EDX,DWORD PTR SS:[LOCAL.13]
0041AF5D |. 52
PUSH EDX
[LOCAL.13]
0041AF5E |. E8 E9280100 CALL 0042D84C
fo.0042D84C
0041AF63 |. 83C4 04
ADD ESP,4
0041AF66 |. 8985 94FEFFFF MOV DWORD PTR SS:[LOCAL.91],EAX
0041AF6C |. 8B85 94FEFFFF MOV EAX,DWORD PTR SS:[LOCAL.91]
0041AF72 |. 8945 D0
MOV DWORD PTR SS:[LOCAL.12],EAX
0041AF75 |. 837D D0 00
CMP DWORD PTR SS:[LOCAL.12],0
0041AF79 |. 75 56
JNE SHORT 0041AFD1
0041AF7B |. 8B4D 30
MOV ECX,DWORD PTR SS:[ARG.11]
0041AF7E |. E8 FD37FFFF CALL 0040E780
fo.0040E780
0041AF83 |. 68 40974400 PUSH OFFSET 00449740
SCII "Out of memory"
0041AF88 |. E8 F3320100 CALL 0042E280
fo.0042E280
0041AF8D |. 83C4 04
ADD ESP,4
0041AF90 |. 8985 1CFEFFFF MOV DWORD PTR SS:[LOCAL.121],EAX

; /Arg1 = A
; \SystemIn

; [SystemIn
; /Arg1 =>
; \SystemIn

; /Arg2 =>
; |
; |Arg1 =>
; |
; \SystemIn

; [SystemIn
;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

; /Arg1 =>
; \SystemIn

; [SystemIn
; /Arg1 = A
; \SystemIn

0041AF96 |. 8B8D 1CFEFFFF MOV ECX,DWORD PTR SS:[LOCAL.121]


0041AF9C |. 51
PUSH ECX
[LOCAL.121]
0041AF9D |. 68 40974400 PUSH OFFSET 00449740
SCII "Out of memory"
0041AFA2 |. 8B4D 30
MOV ECX,DWORD PTR SS:[ARG.11]
0041AFA5 |. E8 A641FFFF CALL 0040F150
fo.0040F150
0041AFAA |. C745 FC 02000 MOV DWORD PTR SS:[LOCAL.1],2
0041AFB1 |. 8D4D 08
LEA ECX,[ARG.1]
0041AFB4 |. E8 C737FFFF CALL 0040E780
fo.0040E780
0041AFB9 |. C745 FC FFFFF MOV DWORD PTR SS:[LOCAL.1],-1
0041AFC0 |. 6A 00
PUSH 0
0041AFC2 |. 6A 01
PUSH 1
0041AFC4 |. 8D4D 08
LEA ECX,[ARG.1]
0041AFC7 |. E8 944BFFFF CALL 0040FB60
fo.0040FB60
0041AFCC |. E9 2E0B0000 JMP 0041BAFF
0041AFD1 |> 8B55 D0
MOV EDX,DWORD PTR SS:[LOCAL.12]
0041AFD4 |. 52
PUSH EDX
LOCAL.91]
0041AFD5 |. 8B45 CC
MOV EAX,DWORD PTR SS:[LOCAL.13]
0041AFD8 |. 50
PUSH EAX
=> [LOCAL.13]
0041AFD9 |. 6A 00
PUSH 0
NULL
0041AFDB |. 8B4D B0
MOV ECX,DWORD PTR SS:[LOCAL.20]
0041AFDE |. 51
PUSH ECX
0041AFDF |. E8 92270100 CALL <JMP.&VERSION.GetFileVersionInfoA>
GetFileVersionInfoA
0041AFE4 |. 85C0
TEST EAX,EAX
0041AFE6 |. 0F85 85000000 JNE 0041B071
0041AFEC |. 68 20974400 PUSH OFFSET 00449720
SCII "Cannot get version information"
0041AFF1 |. E8 5A56FFFF CALL 00410650
fo.00410650
0041AFF6 |. 83C4 04
ADD ESP,4
0041AFF9 |. 8985 D4FDFFFF MOV DWORD PTR SS:[LOCAL.139],EAX
0041AFFF |. 8B4D 30
MOV ECX,DWORD PTR SS:[ARG.11]
0041B002 |. E8 7937FFFF CALL 0040E780
fo.0040E780
0041B007 |. 8B95 D4FDFFFF MOV EDX,DWORD PTR SS:[LOCAL.139]
0041B00D |. 52
PUSH EDX
[LOCAL.139]
0041B00E |. E8 6D320100 CALL 0042E280
fo.0042E280
0041B013 |. 83C4 04
ADD ESP,4
0041B016 |. 8985 E4FDFFFF MOV DWORD PTR SS:[LOCAL.135],EAX
0041B01C |. 8B85 E4FDFFFF MOV EAX,DWORD PTR SS:[LOCAL.135]
0041B022 |. 50
PUSH EAX
[LOCAL.135]
0041B023 |. 8B8D D4FDFFFF MOV ECX,DWORD PTR SS:[LOCAL.139]
0041B029 |. 51
PUSH ECX
[LOCAL.139]
0041B02A |. 8B4D 30
MOV ECX,DWORD PTR SS:[ARG.11]
0041B02D |. E8 1E41FFFF CALL 0040F150
fo.0040F150
0041B032 |. 8B55 D0
MOV EDX,DWORD PTR SS:[LOCAL.12]
0041B035 |. 8995 90FEFFFF MOV DWORD PTR SS:[LOCAL.92],EDX

; /Arg2 =>
; |Arg1 = A
; |
; \SystemIn

; [SystemIn
;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

; /Buf => [
; |
; |Bufsize
; |Handle =
; |
; |Filename
; \VERSION.

; /Arg1 = A
; \SystemIn

; [SystemIn
; /Arg1 =>
; \SystemIn

; /Arg2 =>
; |
; |Arg1 =>
; |
; \SystemIn

0041B03B |. 8B85 90FEFFFF MOV EAX,DWORD PTR SS:[LOCAL.92]


0041B041 |. 50
PUSH EAX
[LOCAL.92]
0041B042 |. E8 B9470100 CALL 0042F800
fo.0042F800
0041B047 |. 83C4 04
ADD ESP,4
0041B04A |. C745 FC 03000 MOV DWORD PTR SS:[LOCAL.1],3
0041B051 |. 8D4D 08
LEA ECX,[ARG.1]
0041B054 |. E8 2737FFFF CALL 0040E780
fo.0040E780
0041B059 |. C745 FC FFFFF MOV DWORD PTR SS:[LOCAL.1],-1
0041B060 |. 6A 00
PUSH 0
0041B062 |. 6A 01
PUSH 1
0041B064 |. 8D4D 08
LEA ECX,[ARG.1]
0041B067 |. E8 F44AFFFF CALL 0040FB60
fo.0040FB60
0041B06C |. E9 8E0A0000 JMP 0041BAFF
0041B071 |> B9 09040000 MOV ECX,409
0041B076 |. 66:894D AC
MOV WORD PTR SS:[LOCAL.21],CX
0041B07A |. BA E4040000 MOV EDX,4E4
0041B07F |. 66:8955 AE
MOV WORD PTR SS:[LOCAL.21+2],DX
0041B083 |. FF15 B4804400 CALL DWORD PTR DS:[<&KERNEL32.GetSystemD
.GetSystemDefaultLangID
0041B089 |. 66:8945 D8
MOV WORD PTR SS:[LOCAL.10],AX
0041B08D |. 33C0
XOR EAX,EAX
0041B08F |. 66:8945 DA
MOV WORD PTR SS:[LOCAL.10+2],AX
0041B093 |. B9 09040000 MOV ECX,409
0041B098 |. 66:894D DC
MOV WORD PTR SS:[LOCAL.9],CX
0041B09C |. C745 E0 00000 MOV DWORD PTR SS:[LOCAL.8],0
0041B0A3 |. C745 C4 00000 MOV DWORD PTR SS:[LOCAL.15],0
0041B0AA |. C745 B8 00000 MOV DWORD PTR SS:[LOCAL.18],0
0041B0B1 |. C745 EC 00000 MOV DWORD PTR SS:[LOCAL.5],0
0041B0B8 |. 8D55 BC
LEA EDX,[LOCAL.17]
0041B0BB |. 52
PUSH EDX
OFFSET LOCAL.17
0041B0BC |. 8D45 B4
LEA EAX,[LOCAL.19]
0041B0BF |. 50
PUSH EAX
OFFSET LOCAL.19
0041B0C0 |. 68 04974400 PUSH OFFSET 00449704
= "\VarFileInfo\Translation"
0041B0C5 |. 8B4D D0
MOV ECX,DWORD PTR SS:[LOCAL.12]
0041B0C8 |. 51
PUSH ECX
LOCAL.91]
0041B0C9 |. E8 A2260100 CALL <JMP.&VERSION.VerQueryValueA>
VerQueryValueA
0041B0CE |. 85C0
TEST EAX,EAX
0041B0D0 |. 75 0D
JNE SHORT 0041B0DF
0041B0D2 |. 8D55 AC
LEA EDX,[LOCAL.21]
0041B0D5 |. 8955 B4
MOV DWORD PTR SS:[LOCAL.19],EDX
0041B0D8 |. C745 BC 04000 MOV DWORD PTR SS:[LOCAL.17],4
0041B0DF |> C745 A8 00000 MOV DWORD PTR SS:[LOCAL.22],0
0041B0E6 |. EB 09
JMP SHORT 0041B0F1
0041B0E8 |> 8B45 A8
MOV EAX,DWORD PTR SS:[EBP-58]
0041B0EB |. 83C0 01
ADD EAX,1
0041B0EE |. 8945 A8
MOV DWORD PTR SS:[EBP-58],EAX
0041B0F1 |> 837D A8 03
CMP DWORD PTR SS:[EBP-58],3
0041B0F5 |. 0F87 8D010000 JA 0041B288
0041B0FB |. C745 A4 00000 MOV DWORD PTR SS:[EBP-5C],0
0041B102 |. EB 09
JMP SHORT 0041B10D
0041B104 |> 8B4D A4
MOV ECX,DWORD PTR SS:[EBP-5C]

; /Arg1 =>
; \SystemIn

; [SystemIn
;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

; [KERNEL32

; /pSize =>
; |
; |ppBuf =>
; |Subblock
; |
; |Buf => [
; \VERSION.

0041B107 |. 83C1 01
ADD ECX,1
0041B10A |. 894D A4
MOV DWORD PTR SS:[EBP-5C],ECX
0041B10D |> 8B55 BC
MOV EDX,DWORD PTR SS:[EBP-44]
0041B110 |. C1EA 02
SHR EDX,2
0041B113 |. 3955 A4
CMP DWORD PTR SS:[EBP-5C],EDX
0041B116 |. 0F83 4D010000 JNB 0041B269
0041B11C |. 837D A8 03
CMP DWORD PTR SS:[EBP-58],3
0041B120 |. 73 56
JNB SHORT 0041B178
0041B122 |. 8B45 A4
MOV EAX,DWORD PTR SS:[EBP-5C]
0041B125 |. 8B4D B4
MOV ECX,DWORD PTR SS:[EBP-4C]
0041B128 |. 0FB71481
MOVZX EDX,WORD PTR DS:[EAX*4+ECX]
0041B12C |. 8B45 A8
MOV EAX,DWORD PTR SS:[EBP-58]
0041B12F |. 0FB74C45 D8 MOVZX ECX,WORD PTR SS:[EAX*2+EBP-28]
0041B134 |. 3BD1
CMP EDX,ECX
0041B136 |.^ 0F85 28010000 JNE 0041B264
0041B13C |. 8B55 A4
MOV EDX,DWORD PTR SS:[EBP-5C]
0041B13F |. 8B45 B4
MOV EAX,DWORD PTR SS:[EBP-4C]
0041B142 |. 0FB74C90 02 MOVZX ECX,WORD PTR DS:[EDX*4+EAX+2]
0041B147 |. 81F9 B0040000 CMP ECX,4B0
0041B14D |. 74 29
JE SHORT 0041B178
0041B14F |. 8B55 A4
MOV EDX,DWORD PTR SS:[EBP-5C]
0041B152 |. 8B45 B4
MOV EAX,DWORD PTR SS:[EBP-4C]
0041B155 |. 0FB74C90 02 MOVZX ECX,WORD PTR DS:[EDX*4+EAX+2]
0041B15A |. 85C9
TEST ECX,ECX
0041B15C |. 74 1A
JE SHORT 0041B178
0041B15E |. 8B55 A4
MOV EDX,DWORD PTR SS:[EBP-5C]
0041B161 |. 8B45 B4
MOV EAX,DWORD PTR SS:[EBP-4C]
0041B164 |. 0FB74C90 02 MOVZX ECX,WORD PTR DS:[EDX*4+EAX+2]
0041B169 |. 51
PUSH ECX
0041B16A |. FF15 B0804400 CALL DWORD PTR DS:[<&KERNEL32.IsValidCod
.IsValidCodePage
0041B170 |. 85C0
TEST EAX,EAX
0041B172 |.^ 0F84 EC000000 JE 0041B264
0041B178 |> 8B55 A4
MOV EDX,DWORD PTR SS:[EBP-5C]
0041B17B |. 8B45 B4
MOV EAX,DWORD PTR SS:[EBP-4C]
0041B17E |. 0FB74C90 02 MOVZX ECX,WORD PTR DS:[EDX*4+EAX+2]
0041B183 |. 51
PUSH ECX
0041B184 |. 8B55 A4
MOV EDX,DWORD PTR SS:[EBP-5C]
0041B187 |. 8B45 B4
MOV EAX,DWORD PTR SS:[EBP-4C]
0041B18A |. 0FB70C90
MOVZX ECX,WORD PTR DS:[EDX*4+EAX]
0041B18E |. 51
PUSH ECX
0041B18F |. 68 E8964400 PUSH OFFSET 004496E8
"\StringFileInfo\%04x%04x\"
0041B194 |. 8D95 1CFFFFFF LEA EDX,[EBP-0E4]
0041B19A |. 52
PUSH EDX
0041B19B |. FF15 FC814400 CALL DWORD PTR DS:[<&USER32.wsprintfA>]
sprintfA
0041B1A1 |. 83C4 10
ADD ESP,10
0041B1A4 |. 8D8405 1CFFFF LEA EAX,[EAX+EBP-0E4]
0041B1AB |. 8945 A0
MOV DWORD PTR SS:[EBP-60],EAX
0041B1AE |. 68 D8964400 PUSH OFFSET 004496D8
ileDescription"
0041B1B3 |. 8B4D A0
MOV ECX,DWORD PTR SS:[EBP-60]
0041B1B6 |. 51
PUSH ECX
0041B1B7 |. FF15 AC804400 CALL DWORD PTR DS:[<&KERNEL32.lstrcpyA>]
.lstrcpy
0041B1BD |. 8D55 E0
LEA EDX,[EBP-20]
0041B1C0 |. 52
PUSH EDX
0041B1C1 |. 8D45 D4
LEA EAX,[EBP-2C]
0041B1C4 |. 50
PUSH EAX

; /Code
; \KERNEL32

;
;
;
;
;
;

/<%04x>
|
|
|
|<%04x>
|Format =

; |
; |Buf
; \USER32.w

; /Src = "F
; |
; |Dest
; \KERNEL32
; /pSize
; |
; |ppBuf

0041B1C5 |. 8D8D 1CFFFFFF


0041B1CB |. 51
0041B1CC |. 8B55 D0
0041B1CF |. 52
0041B1D0 |. E8 9B250100
VerQueryValueA
0041B1D5 |. 68 CC964400
ompanyName"
0041B1DA |. 8B45 A0
0041B1DD |. 50
0041B1DE |. FF15 AC804400
.lstrcpy
0041B1E4 |. 8D4D C4
0041B1E7 |. 51
0041B1E8 |. 8D55 C0
0041B1EB |. 52
0041B1EC |. 8D85 1CFFFFFF
0041B1F2 |. 50
0041B1F3 |. 8B4D D0
0041B1F6 |. 51
0041B1F7 |. E8 74250100
VerQueryValueA
0041B1FC |. 68 C0964400
ileVersion"
0041B201 |. 8B55 A0
0041B204 |. 52
0041B205 |. FF15 AC804400
.lstrcpy
0041B20B |. 8D45 B8
0041B20E |. 50
0041B20F |. 8D4D E4
0041B212 |. 51
0041B213 |. 8D95 1CFFFFFF
0041B219 |. 52
0041B21A |. 8B45 D0
0041B21D |. 50
0041B21E |. E8 4D250100
VerQueryValueA
0041B223 |. 68 B0964400
roductVersion"
0041B228 |. 8B4D A0
0041B22B |. 51
0041B22C |. FF15 AC804400
.lstrcpy
0041B232 |. 8D55 EC
0041B235 |. 52
0041B236 |. 8D45 E8
0041B239 |. 50
0041B23A |. 8D8D 1CFFFFFF
0041B240 |. 51
0041B241 |. 8B55 D0
0041B244 |. 52
0041B245 |. E8 26250100
VerQueryValueA
0041B24A |. 837D E0 00
0041B24E |. 77 12
0041B250 |. 837D C4 00
0041B254 |. 77 0C
0041B256 |. 837D B8 00
0041B25A |. 77 06

LEA ECX,[EBP-0E4]
PUSH ECX
MOV EDX,DWORD PTR SS:[EBP-30]
PUSH EDX
CALL <JMP.&VERSION.VerQueryValueA>

;
;
;
;
;

|
|Subblock
|
|Buf
\VERSION.

PUSH OFFSET 004496CC

; /Src = "C

MOV EAX,DWORD PTR SS:[EBP-60]


; |
PUSH EAX
; |Dest
CALL DWORD PTR DS:[<&KERNEL32.lstrcpyA>] ; \KERNEL32
LEA ECX,[EBP-3C]
PUSH ECX
LEA EDX,[EBP-40]
PUSH EDX
LEA EAX,[EBP-0E4]
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP-30]
PUSH ECX
CALL <JMP.&VERSION.VerQueryValueA>

;
;
;
;
;
;
;
;

PUSH OFFSET 004496C0

; /Src = "F

/pSize
|
|ppBuf
|
|Subblock
|
|Buf
\VERSION.

MOV EDX,DWORD PTR SS:[EBP-60]


; |
PUSH EDX
; |Dest
CALL DWORD PTR DS:[<&KERNEL32.lstrcpyA>] ; \KERNEL32
LEA EAX,[EBP-48]
PUSH EAX
LEA ECX,[EBP-1C]
PUSH ECX
LEA EDX,[EBP-0E4]
PUSH EDX
MOV EAX,DWORD PTR SS:[EBP-30]
PUSH EAX
CALL <JMP.&VERSION.VerQueryValueA>

;
;
;
;
;
;
;
;

PUSH OFFSET 004496B0

; /Src = "P

/pSize
|
|ppBuf
|
|Subblock
|
|Buf
\VERSION.

MOV ECX,DWORD PTR SS:[EBP-60]


; |
PUSH ECX
; |Dest
CALL DWORD PTR DS:[<&KERNEL32.lstrcpyA>] ; \KERNEL32
LEA EDX,[EBP-14]
PUSH EDX
LEA EAX,[EBP-18]
PUSH EAX
LEA ECX,[EBP-0E4]
PUSH ECX
MOV EDX,DWORD PTR SS:[EBP-30]
PUSH EDX
CALL <JMP.&VERSION.VerQueryValueA>
CMP DWORD PTR SS:[EBP-20],0
JA SHORT 0041B262
CMP DWORD PTR SS:[EBP-3C],0
JA SHORT 0041B262
CMP DWORD PTR SS:[EBP-48],0
JA SHORT 0041B262

;
;
;
;
;
;
;
;

/pSize
|
|ppBuf
|
|Subblock
|
|Buf
\VERSION.

0041B25C |. 837D EC 00
0041B260 |.^ 76 02
0041B262 |> EB 05
0041B264 |>^ E9 9BFEFFFF
0041B269 |> 837D E0 00
0041B26D |. 77 12
0041B26F |. 837D C4 00
0041B273 |. 77 0C
0041B275 |. 837D B8 00
0041B279 |. 77 06
0041B27B |. 837D EC 00
0041B27F |.^ 76 02
0041B281 |> EB 05
0041B283 |>^ E9 60FEFFFF
0041B288 |> 837D E0 00
0041B28C |. 0F85 A9060000
0041B292 |. 837D C4 00
0041B296 |. 0F85 9F060000
0041B29C |. 837D B8 00
0041B2A0 |. 0F85 95060000
0041B2A6 |. 837D EC 00
0041B2AA |. 0F85 8B060000
0041B2B0 |. B9 07000000
0041B2B5 |. BE 90964400
StringFileInfo"
0041B2BA |. 8DBD B8FEFFFF
0041B2C0 |. F3:A5
0041B2C2 |. 66:A5
0041B2C4 |. C785 ECFEFFFF
0041B2CE |. B9 08000000
0041B2D3 |. BE 70964400
VS_VERSION_INFO"
0041B2D8 |. 8DBD F0FEFFFF
0041B2DE |. F3:A5
0041B2E0 |. C785 D8FEFFFF
0041B2EA |. C785 E8FEFFFF
0041B2F4 |. 8B45 D0
0041B2F7 |. 8985 14FFFFFF
0041B2FD |. 6A 20
0
0041B2FF |. 8D8D F0FEFFFF
0041B305 |. 51
0041B306 |. 8B95 14FFFFFF
0041B30C |. 83C2 06
0041B30F |. 52
0041B310 |. E8 F6440100
fo.0042F80B
0041B315 |. 83C4 0C
0041B318 |. 85C0
0041B31A |. 75 17
0041B31C |. 8B85 14FFFFFF
0041B322 |. 0FB708
0041B325 |. 8B95 14FFFFFF
0041B32B |. 0FB742 02
0041B32F |. 3BC8
0041B331 |. 7F 6E
0041B333 |> 8B4D 30
0041B336 |. E8 4534FFFF
fo.0040E780
0041B33B |. 68 44964400

CMP DWORD PTR SS:[EBP-14],0


JBE SHORT 0041B264
JMP SHORT 0041B269
JMP 0041B104
CMP DWORD PTR SS:[EBP-20],0
JA SHORT 0041B281
CMP DWORD PTR SS:[EBP-3C],0
JA SHORT 0041B281
CMP DWORD PTR SS:[EBP-48],0
JA SHORT 0041B281
CMP DWORD PTR SS:[EBP-14],0
JBE SHORT 0041B283
JMP SHORT 0041B288
JMP 0041B0E8
CMP DWORD PTR SS:[EBP-20],0
JNE 0041B93B
CMP DWORD PTR SS:[EBP-3C],0
JNE 0041B93B
CMP DWORD PTR SS:[EBP-48],0
JNE 0041B93B
CMP DWORD PTR SS:[EBP-14],0
JNE 0041B93B
MOV ECX,7
MOV ESI,OFFSET 00449690

; UNICODE "

LEA EDI,[EBP-148]
REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS
MOVS WORD PTR ES:[EDI],WORD PTR DS:[ESI]
MOV DWORD PTR SS:[EBP-114],0F
MOV ECX,8
MOV ESI,OFFSET 00449670
; UNICODE "
LEA EDI,[EBP-110]
REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS
MOV DWORD PTR SS:[EBP-128],10
MOV DWORD PTR SS:[EBP-118],FEEF04BD
MOV EAX,DWORD PTR SS:[EBP-30]
MOV DWORD PTR SS:[EBP-0EC],EAX
PUSH 20
; /Arg3 = 2
LEA ECX,[EBP-110]
PUSH ECX
MOV EDX,DWORD PTR SS:[EBP-0EC]
ADD EDX,6
PUSH EDX
CALL 0042F80B

;
;
;
;
;
;

|
|Arg2
|
|
|Arg1
\SystemIn

ADD ESP,0C
TEST EAX,EAX
JNE SHORT 0041B333
MOV EAX,DWORD PTR SS:[EBP-0EC]
MOVZX ECX,WORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[EBP-0EC]
MOVZX EAX,WORD PTR DS:[EDX+2]
CMP ECX,EAX
JG SHORT 0041B3A1
MOV ECX,DWORD PTR SS:[EBP+30]
CALL 0040E780

; [SystemIn

PUSH OFFSET 00449644

; /Arg1 = A

SCII "Version
0041B340 |.
fo.0042E280
0041B345 |.
0041B348 |.
0041B34E |.
0041B354 |.
0041B355 |.
SCII "Version
0041B35A |.
0041B35D |.
fo.0040F150
0041B362 |.
0041B365 |.
0041B36B |.
0041B371 |.
0041B372 |.
fo.0042F800
0041B377 |.
0041B37A |.
0041B381 |.
0041B384 |.
fo.0040E780
0041B389 |.
0041B390 |.
0041B392 |.
0041B394 |.
0041B397 |.
fo.0040FB60
0041B39C |.
0041B3A1 |>
0041B3AB |.
0041B3AD |>
0041B3B3 |.
0041B3B6 |.
0041B3BC |>
0041B3C3 |.
0041B3C9 |.
0041B3CF |.
0041B3D2 |.
0041B3D8 |.
0041B3DE |.
0041B3E4 |.
0041B3E7 |.
0041B3ED |.
0041B3EF |>
0041B3F5 |.
0041B3F8 |.
0041B3FE |.
0041B404 |>
0041B40A |.
0041B410 |.
0041B416 |.
0041B41C |.
0041B41F |.
0041B425 |.
0041B42B |.
0041B431 |.
0041B434 |.
0041B43A |.

information resource is corrupted"


E8 3B2F0100 CALL 0042E280

; \SystemIn

83C4 04
ADD ESP,4
8985 A8FDFFFF MOV DWORD PTR SS:[EBP-258],EAX
8B8D A8FDFFFF MOV ECX,DWORD PTR SS:[EBP-258]
51
PUSH ECX
68 44964400 PUSH OFFSET 00449644
information resource is corrupted"
8B4D 30
MOV ECX,DWORD PTR SS:[EBP+30]
E8 EE3DFFFF CALL 0040F150

; /Arg2
; |Arg1 = A
; |
; \SystemIn

8B55 D0
8995 8CFEFFFF
8B85 8CFEFFFF
50
E8 89440100

MOV EDX,DWORD PTR SS:[EBP-30]


MOV DWORD PTR SS:[EBP-174],EDX
MOV EAX,DWORD PTR SS:[EBP-174]
PUSH EAX
CALL 0042F800

; /Arg1
; \SystemIn

83C4 04
C745 FC 04000
8D4D 08
E8 F733FFFF

ADD ESP,4
MOV DWORD PTR SS:[EBP-4],4
LEA ECX,[EBP+8]
CALL 0040E780

; [SystemIn

C745 FC FFFFF
6A 00
6A 01
8D4D 08
E8 C447FFFF

MOV DWORD PTR SS:[EBP-4],-1


PUSH 0
PUSH 1
LEA ECX,[EBP+8]
CALL 0040FB60

;
;
;
;

E9 5E070000
C785 B0FEFFFF
EB 0F
8B8D B0FEFFFF
83C1 01
898D B0FEFFFF
83BD B0FEFFFF
0F87 72050000
8B95 14FFFFFF
0FB702
0385 14FFFFFF
8985 10FFFFFF
8B8D 14FFFFFF
83C1 5C
898D E0FEFFFF
EB 15
8B95 E0FEFFFF
0FB702
0385 E0FEFFFF
8985 E0FEFFFF
8B8D E0FEFFFF
3B8D 10FFFFFF
0F83 06050000
8B95 E0FEFFFF
0FB702
0385 E0FEFFFF
8985 ACFEFFFF
8B8D E0FEFFFF
83C1 24
398D ACFEFFFF
72 0E

JMP 0041BAFF
MOV DWORD PTR SS:[EBP-150],0
JMP SHORT 0041B3BC
MOV ECX,DWORD PTR SS:[EBP-150]
ADD ECX,1
MOV DWORD PTR SS:[EBP-150],ECX
CMP DWORD PTR SS:[EBP-150],3
JA 0041B93B
MOV EDX,DWORD PTR SS:[EBP-0EC]
MOVZX EAX,WORD PTR DS:[EDX]
ADD EAX,DWORD PTR SS:[EBP-0EC]
MOV DWORD PTR SS:[EBP-0F0],EAX
MOV ECX,DWORD PTR SS:[EBP-0EC]
ADD ECX,5C
MOV DWORD PTR SS:[EBP-120],ECX
JMP SHORT 0041B404
MOV EDX,DWORD PTR SS:[EBP-120]
MOVZX EAX,WORD PTR DS:[EDX]
ADD EAX,DWORD PTR SS:[EBP-120]
MOV DWORD PTR SS:[EBP-120],EAX
MOV ECX,DWORD PTR SS:[EBP-120]
CMP ECX,DWORD PTR SS:[EBP-0F0]
JNB 0041B91C
MOV EDX,DWORD PTR SS:[EBP-120]
MOVZX EAX,WORD PTR DS:[EDX]
ADD EAX,DWORD PTR SS:[EBP-120]
MOV DWORD PTR SS:[EBP-154],EAX
MOV ECX,DWORD PTR SS:[EBP-120]
ADD ECX,24
CMP DWORD PTR SS:[EBP-154],ECX
JB SHORT 0041B44A

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

0041B43C |.
0041B442 |.
0041B448 |.
0041B44A |>
0041B44F |>
E
0041B451 |.
0041B457 |.
0041B458 |.
0041B45E |.
0041B461 |.
0041B462 |.
fo.0042F80B
0041B467 |.
0041B46A |.
0041B46C |.
0041B46E |.^
0041B473 |>
0041B479 |.
0041B47C |.
0041B482 |.
0041B488 |.
0041B48E |.
0041B491 |.
0041B497 |.
0041B499 |>
0041B49F |.
0041B4A2 |.
0041B4A8 |.
0041B4AE |>
0041B4B4 |.
0041B4BA |.
0041B4C0 |.
0041B4C6 |.
0041B4C9 |.
0041B4CF |.
0041B4D5 |.
0041B4DB |.
0041B4DE |.
0041B4E4 |.
0041B4E6 |.
0041B4EC |.
0041B4F2 |.
0041B4F4 |>
0041B4F9 |>
0041B4FF |.
0041B500 |.
0041B506 |.
0041B507 |.
%4x%4x"
0041B50C |.
0041B512 |.
0041B515 |.
0041B516 |.
0041B51B |.
0041B51E |.
0041B525 |.
0041B527 |.
0041B52E |.
0041B534 |.

8B95 10FFFFFF
3B95 ACFEFFFF
73 05
E9 CD040000
6A 1E

MOV EDX,DWORD PTR SS:[EBP-0F0]


CMP EDX,DWORD PTR SS:[EBP-154]
JNB SHORT 0041B44F
JMP 0041B91C
PUSH 1E

; /Arg3 = 1

8D85 B8FEFFFF
50
8B8D E0FEFFFF
83C1 06
51
E8 A4430100

LEA EAX,[EBP-148]
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP-120]
ADD ECX,6
PUSH ECX
CALL 0042F80B

;
;
;
;
;
;

83C4 0C
85C0
74 05
E9 7CFFFFFF
8B95 E0FEFFFF
0FB702
0385 E0FEFFFF
8985 DCFEFFFF
8B8D E0FEFFFF
83C1 24
898D B4FEFFFF
EB 15
8B95 B4FEFFFF
0FB702
0385 B4FEFFFF
8985 B4FEFFFF
8B8D B4FEFFFF
3B8D DCFEFFFF
0F83 3D040000
8B95 B4FEFFFF
0FB702
0385 B4FEFFFF
8985 A4FEFFFF
8B8D B4FEFFFF
83C1 18
398D A4FEFFFF
72 0E
8B95 DCFEFFFF
3B95 A4FEFFFF
73 05
E9 04040000
8D85 A8FEFFFF
50
8D8D A0FEFFFF
51
68 34964400

ADD ESP,0C
TEST EAX,EAX
JE SHORT 0041B473
JMP 0041B3EF
MOV EDX,DWORD PTR SS:[EBP-120]
MOVZX EAX,WORD PTR DS:[EDX]
ADD EAX,DWORD PTR SS:[EBP-120]
MOV DWORD PTR SS:[EBP-124],EAX
MOV ECX,DWORD PTR SS:[EBP-120]
ADD ECX,24
MOV DWORD PTR SS:[EBP-14C],ECX
JMP SHORT 0041B4AE
MOV EDX,DWORD PTR SS:[EBP-14C]
MOVZX EAX,WORD PTR DS:[EDX]
ADD EAX,DWORD PTR SS:[EBP-14C]
MOV DWORD PTR SS:[EBP-14C],EAX
MOV ECX,DWORD PTR SS:[EBP-14C]
CMP ECX,DWORD PTR SS:[EBP-124]
JNB 0041B8FD
MOV EDX,DWORD PTR SS:[EBP-14C]
MOVZX EAX,WORD PTR DS:[EDX]
ADD EAX,DWORD PTR SS:[EBP-14C]
MOV DWORD PTR SS:[EBP-15C],EAX
MOV ECX,DWORD PTR SS:[EBP-14C]
ADD ECX,18
CMP DWORD PTR SS:[EBP-15C],ECX
JB SHORT 0041B4F4
MOV EDX,DWORD PTR SS:[EBP-124]
CMP EDX,DWORD PTR SS:[EBP-15C]
JNB SHORT 0041B4F9
JMP 0041B8FD
LEA EAX,[EBP-158]
PUSH EAX
LEA ECX,[EBP-160]
PUSH ECX
PUSH OFFSET 00449634

; UNICODE "

8B95 B4FEFFFF
83C2 06
52
E8 B86F0100
83C4 10
83BD B0FEFFFF
73 41
0FB785 A0FEFF
8B8D B0FEFFFF
0FB7544D D8

MOV EDX,DWORD PTR SS:[EBP-14C]


ADD EDX,6
PUSH EDX
CALL 004324D3
ADD ESP,10
CMP DWORD PTR SS:[EBP-150],3
JNB SHORT 0041B568
MOVZX EAX,WORD PTR SS:[EBP-160]
MOV ECX,DWORD PTR SS:[EBP-150]
MOVZX EDX,WORD PTR SS:[ECX*2+EBP-28]

|
|Arg2
|
|
|Arg1
\SystemIn

0041B539 |. 3BC2
0041B53B |.^ 75 26
0041B53D |. 81BD A8FEFFFF
0041B547 |. 74 1F
0041B549 |. 83BD A8FEFFFF
0041B550 |. 74 16
0041B552 |. 8B85 A8FEFFFF
0041B558 |. 50
0041B559 |. FF15 B0804400
.IsValidCodePage
0041B55F |. 85C0
0041B561 |. 75 05
0041B563 |>^ E9 31FFFFFF
0041B568 |> 8B8D B4FEFFFF
0041B56E |. 0FB711
0041B571 |. 0395 B4FEFFFF
0041B577 |. 8995 E4FEFFFF
0041B57D |. 8B85 B4FEFFFF
0041B583 |. 83C0 18
0041B586 |. 8985 18FFFFFF
0041B58C |. EB 1B
0041B58E |> 8B8D 18FFFFFF
0041B594 |. 0FB711
0041B597 |. 83C2 03
0041B59A |. 83E2 FC
0041B59D |. 0395 18FFFFFF
0041B5A3 |. 8995 18FFFFFF
0041B5A9 |> 8B85 18FFFFFF
0041B5AF |. 3B85 E4FEFFFF
0041B5B5 |. 0F83 23030000
0041B5BB |. 8B8D 18FFFFFF
0041B5C1 |. 0FB711
0041B5C4 |. 0395 18FFFFFF
0041B5CA |. 8995 9CFEFFFF
0041B5D0 |. 8B85 18FFFFFF
0041B5D6 |. 83C0 06
0041B5D9 |. 3985 9CFEFFFF
0041B5DF |. 72 0E
0041B5E1 |. 8B8D E4FEFFFF
0041B5E7 |. 3B8D 9CFEFFFF
0041B5ED |. 73 05
0041B5EF |> E9 EA020000
0041B5F4 |> 8B95 18FFFFFF
0041B5FA |. 83C2 06
0041B5FD |. 52
0041B5FE |. E8 466E0100
fo.00432449
0041B603 |. 83C4 04
0041B606 |. 8B8D 18FFFFFF
0041B60C |. 8D5441 08
0041B610 |. 8995 98FEFFFF
0041B616 |. 8B85 98FEFFFF
0041B61C |. 2B85 18FFFFFF
0041B622 |. 83E0 03
0041B625 |. 74 0F
0041B627 |. 8B8D 98FEFFFF
0041B62D |. 83C1 02
0041B630 |. 898D 98FEFFFF
0041B636 |> 68 14964400
NICODE "FileDescription"

CMP EAX,EDX
JNE SHORT 0041B563
CMP DWORD PTR SS:[EBP-158],4B0
JE SHORT 0041B568
CMP DWORD PTR SS:[EBP-158],0
JE SHORT 0041B568
MOV EAX,DWORD PTR SS:[EBP-158]
PUSH EAX
; /Code
CALL DWORD PTR DS:[<&KERNEL32.IsValidCod ; \KERNEL32
TEST EAX,EAX
JNE SHORT 0041B568
JMP 0041B499
MOV ECX,DWORD PTR SS:[EBP-14C]
MOVZX EDX,WORD PTR DS:[ECX]
ADD EDX,DWORD PTR SS:[EBP-14C]
MOV DWORD PTR SS:[EBP-11C],EDX
MOV EAX,DWORD PTR SS:[EBP-14C]
ADD EAX,18
MOV DWORD PTR SS:[EBP-0E8],EAX
JMP SHORT 0041B5A9
MOV ECX,DWORD PTR SS:[EBP-0E8]
MOVZX EDX,WORD PTR DS:[ECX]
ADD EDX,3
AND EDX,FFFFFFFC
ADD EDX,DWORD PTR SS:[EBP-0E8]
MOV DWORD PTR SS:[EBP-0E8],EDX
MOV EAX,DWORD PTR SS:[EBP-0E8]
CMP EAX,DWORD PTR SS:[EBP-11C]
JNB 0041B8DE
MOV ECX,DWORD PTR SS:[EBP-0E8]
MOVZX EDX,WORD PTR DS:[ECX]
ADD EDX,DWORD PTR SS:[EBP-0E8]
MOV DWORD PTR SS:[EBP-164],EDX
MOV EAX,DWORD PTR SS:[EBP-0E8]
ADD EAX,6
CMP DWORD PTR SS:[EBP-164],EAX
JB SHORT 0041B5EF
MOV ECX,DWORD PTR SS:[EBP-11C]
CMP ECX,DWORD PTR SS:[EBP-164]
JNB SHORT 0041B5F4
JMP 0041B8DE
MOV EDX,DWORD PTR SS:[EBP-0E8]
ADD EDX,6
PUSH EDX
CALL 00432449

; /Arg1
; \SystemIn

ADD ESP,4
MOV ECX,DWORD PTR SS:[EBP-0E8]
LEA EDX,[EAX*2+ECX+8]
MOV DWORD PTR SS:[EBP-168],EDX
MOV EAX,DWORD PTR SS:[EBP-168]
SUB EAX,DWORD PTR SS:[EBP-0E8]
AND EAX,00000003
JE SHORT 0041B636
MOV ECX,DWORD PTR SS:[EBP-168]
ADD ECX,2
MOV DWORD PTR SS:[EBP-168],ECX
PUSH OFFSET 00449614

; /Arg2 = U

0041B63B |. 8B95 18FFFFFF


0041B641 |. 83C2 06
0041B644 |. 52
0041B645 |. E8 C86D0100
fo.00432412
0041B64A |. 83C4 08
0041B64D |. 85C0
0041B64F |. 0F85 8B000000
0041B655 |. 8B85 98FEFFFF
0041B65B |. 50
0041B65C |. E8 E86D0100
fo.00432449
0041B661 |. 83C4 04
0041B664 |. 8945 E0
0041B667 |. 8B4D E0
0041B66A |. 83C1 01
0041B66D |. 51
0041B66E |. E8 D9210100
fo.0042D84C
0041B673 |. 83C4 04
0041B676 |. 8985 88FEFFFF
0041B67C |. 8B95 88FEFFFF
0041B682 |. 8955 D4
0041B685 |. 8B45 E0
0041B688 |. 8D4C00 02
0041B68C |. 51
0041B68D |. 8B95 98FEFFFF
0041B693 |. 52
0041B694 |. 8B45 D4
0041B697 |. 50
0041B698 |. E8 816C0100
fo.0043231E
0041B69D |. 83C4 0C
0041B6A0 |. 8B4D E0
0041B6A3 |. 83C1 01
0041B6A6 |. 51
0041B6A7 |. 8B55 D4
0041B6AA |. 52
0041B6AB |. 8B85 98FEFFFF
0041B6B1 |. 50
0041B6B2 |. E8 393B0100
fo.0042F1F0
0041B6B7 |. 83C4 0C
0041B6BA |. 8B4D D4
0041B6BD |. 898D 84FEFFFF
0041B6C3 |. 8B95 84FEFFFF
0041B6C9 |. 52
0041B6CA |. E8 31410100
fo.0042F800
0041B6CF |. 83C4 04
0041B6D2 |. 8B85 98FEFFFF
0041B6D8 |. 8945 D4
0041B6DB |.^ E9 F9010000
0041B6E0 |> 68 FC954400
NICODE "CompanyName"
0041B6E5 |. 8B8D 18FFFFFF
0041B6EB |. 83C1 06
0041B6EE |. 51
0041B6EF |. E8 1E6D0100
fo.00432412

MOV EDX,DWORD PTR SS:[EBP-0E8]


ADD EDX,6
PUSH EDX
CALL 00432412

;
;
;
;

|
|
|Arg1
\SystemIn

ADD ESP,8
TEST EAX,EAX
JNE 0041B6E0
MOV EAX,DWORD PTR SS:[EBP-168]
PUSH EAX
CALL 00432449

; /Arg1
; \SystemIn

ADD ESP,4
MOV DWORD PTR SS:[EBP-20],EAX
MOV ECX,DWORD PTR SS:[EBP-20]
ADD ECX,1
PUSH ECX
CALL 0042D84C

; /Arg1
; \SystemIn

ADD ESP,4
MOV DWORD PTR SS:[EBP-178],EAX
MOV EDX,DWORD PTR SS:[EBP-178]
MOV DWORD PTR SS:[EBP-2C],EDX
MOV EAX,DWORD PTR SS:[EBP-20]
LEA ECX,[EAX+EAX+2]
PUSH ECX
MOV EDX,DWORD PTR SS:[EBP-168]
PUSH EDX
MOV EAX,DWORD PTR SS:[EBP-2C]
PUSH EAX
CALL 0043231E

;
;
;
;
;
;

/Arg3
|
|Arg2
|
|Arg1
\SystemIn

ADD ESP,0C
MOV ECX,DWORD PTR SS:[EBP-20]
ADD ECX,1
PUSH ECX
MOV EDX,DWORD PTR SS:[EBP-2C]
PUSH EDX
MOV EAX,DWORD PTR SS:[EBP-168]
PUSH EAX
CALL 0042F1F0

;
;
;
;
;
;

/Arg3
|
|Arg2
|
|Arg1
\SystemIn

ADD ESP,0C
MOV ECX,DWORD PTR SS:[EBP-2C]
MOV DWORD PTR SS:[EBP-17C],ECX
MOV EDX,DWORD PTR SS:[EBP-17C]
PUSH EDX
CALL 0042F800

; /Arg1
; \SystemIn

ADD ESP,4
MOV EAX,DWORD PTR SS:[EBP-168]
MOV DWORD PTR SS:[EBP-2C],EAX
JMP 0041B8D9
PUSH OFFSET 004495FC

; /Arg2 = U

MOV ECX,DWORD PTR SS:[EBP-0E8]


ADD ECX,6
PUSH ECX
CALL 00432412

;
;
;
;

|
|
|Arg1
\SystemIn

0041B6F4 |. 83C4 08
0041B6F7 |. 85C0
0041B6F9 |. 0F85 8B000000
0041B6FF |. 8B95 98FEFFFF
0041B705 |. 52
0041B706 |. E8 3E6D0100
fo.00432449
0041B70B |. 83C4 04
0041B70E |. 8945 C4
0041B711 |. 8B45 C4
0041B714 |. 83C0 01
0041B717 |. 50
0041B718 |. E8 2F210100
fo.0042D84C
0041B71D |. 83C4 04
0041B720 |. 8985 80FEFFFF
0041B726 |. 8B8D 80FEFFFF
0041B72C |. 894D C0
0041B72F |. 8B55 C4
0041B732 |. 8D4412 02
0041B736 |. 50
0041B737 |. 8B8D 98FEFFFF
0041B73D |. 51
0041B73E |. 8B55 C0
0041B741 |. 52
0041B742 |. E8 D76B0100
fo.0043231E
0041B747 |. 83C4 0C
0041B74A |. 8B45 E0
0041B74D |. 83C0 01
0041B750 |. 50
0041B751 |. 8B4D C0
0041B754 |. 51
0041B755 |. 8B95 98FEFFFF
0041B75B |. 52
0041B75C |. E8 8F3A0100
fo.0042F1F0
0041B761 |. 83C4 0C
0041B764 |. 8B45 C0
0041B767 |. 8985 7CFEFFFF
0041B76D |. 8B8D 7CFEFFFF
0041B773 |. 51
0041B774 |. E8 87400100
fo.0042F800
0041B779 |. 83C4 04
0041B77C |. 8B95 98FEFFFF
0041B782 |. 8955 C0
0041B785 |.^ E9 4F010000
0041B78A |> 68 E4954400
NICODE "FileVersion"
0041B78F |. 8B85 18FFFFFF
0041B795 |. 83C0 06
0041B798 |. 50
0041B799 |. E8 746C0100
fo.00432412
0041B79E |. 83C4 08
0041B7A1 |. 85C0
0041B7A3 |. 0F85 8B000000
0041B7A9 |. 8B8D 98FEFFFF
0041B7AF |. 51

ADD ESP,8
TEST EAX,EAX
JNE 0041B78A
MOV EDX,DWORD PTR SS:[EBP-168]
PUSH EDX
CALL 00432449

; /Arg1
; \SystemIn

ADD ESP,4
MOV DWORD PTR SS:[EBP-3C],EAX
MOV EAX,DWORD PTR SS:[EBP-3C]
ADD EAX,1
PUSH EAX
CALL 0042D84C

; /Arg1
; \SystemIn

ADD ESP,4
MOV DWORD PTR SS:[EBP-180],EAX
MOV ECX,DWORD PTR SS:[EBP-180]
MOV DWORD PTR SS:[EBP-40],ECX
MOV EDX,DWORD PTR SS:[EBP-3C]
LEA EAX,[EDX+EDX+2]
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP-168]
PUSH ECX
MOV EDX,DWORD PTR SS:[EBP-40]
PUSH EDX
CALL 0043231E

;
;
;
;
;
;

/Arg3
|
|Arg2
|
|Arg1
\SystemIn

ADD ESP,0C
MOV EAX,DWORD PTR SS:[EBP-20]
ADD EAX,1
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP-40]
PUSH ECX
MOV EDX,DWORD PTR SS:[EBP-168]
PUSH EDX
CALL 0042F1F0

;
;
;
;
;
;

/Arg3
|
|Arg2
|
|Arg1
\SystemIn

ADD ESP,0C
MOV EAX,DWORD PTR SS:[EBP-40]
MOV DWORD PTR SS:[EBP-184],EAX
MOV ECX,DWORD PTR SS:[EBP-184]
PUSH ECX
CALL 0042F800

; /Arg1
; \SystemIn

ADD ESP,4
MOV EDX,DWORD PTR SS:[EBP-168]
MOV DWORD PTR SS:[EBP-40],EDX
JMP 0041B8D9
PUSH OFFSET 004495E4

; /Arg2 = U

MOV EAX,DWORD PTR SS:[EBP-0E8]


ADD EAX,6
PUSH EAX
CALL 00432412

;
;
;
;

ADD ESP,8
TEST EAX,EAX
JNE 0041B834
MOV ECX,DWORD PTR SS:[EBP-168]
PUSH ECX

; /Arg1

|
|
|Arg1
\SystemIn

0041B7B0 |. E8 946C0100
fo.00432449
0041B7B5 |. 83C4 04
0041B7B8 |. 8945 B8
0041B7BB |. 8B55 B8
0041B7BE |. 83C2 01
0041B7C1 |. 52
0041B7C2 |. E8 85200100
fo.0042D84C
0041B7C7 |. 83C4 04
0041B7CA |. 8985 78FEFFFF
0041B7D0 |. 8B85 78FEFFFF
0041B7D6 |. 8945 E4
0041B7D9 |. 8B4D B8
0041B7DC |. 8D5409 02
0041B7E0 |. 52
0041B7E1 |. 8B85 98FEFFFF
0041B7E7 |. 50
0041B7E8 |. 8B4D E4
0041B7EB |. 51
0041B7EC |. E8 2D6B0100
fo.0043231E
0041B7F1 |. 83C4 0C
0041B7F4 |. 8B55 E0
0041B7F7 |. 83C2 01
0041B7FA |. 52
0041B7FB |. 8B45 E4
0041B7FE |. 50
0041B7FF |. 8B8D 98FEFFFF
0041B805 |. 51
0041B806 |. E8 E5390100
fo.0042F1F0
0041B80B |. 83C4 0C
0041B80E |. 8B55 E4
0041B811 |. 8995 74FEFFFF
0041B817 |. 8B85 74FEFFFF
0041B81D |. 50
0041B81E |. E8 DD3F0100
fo.0042F800
0041B823 |. 83C4 04
0041B826 |. 8B8D 98FEFFFF
0041B82C |. 894D E4
0041B82F |.^ E9 A5000000
0041B834 |> 68 C4954400
NICODE "ProductVersion"
0041B839 |. 8B95 18FFFFFF
0041B83F |. 83C2 06
0041B842 |. 52
0041B843 |. E8 CA6B0100
fo.00432412
0041B848 |. 83C4 08
0041B84B |. 85C0
0041B84D |.^ 0F85 86000000
0041B853 |. 8B85 98FEFFFF
0041B859 |. 50
0041B85A |. E8 EA6B0100
fo.00432449
0041B85F |. 83C4 04
0041B862 |. 8945 EC
0041B865 |. 8B4D EC

CALL 00432449

; \SystemIn

ADD ESP,4
MOV DWORD PTR SS:[EBP-48],EAX
MOV EDX,DWORD PTR SS:[EBP-48]
ADD EDX,1
PUSH EDX
CALL 0042D84C

; /Arg1
; \SystemIn

ADD ESP,4
MOV DWORD PTR SS:[EBP-188],EAX
MOV EAX,DWORD PTR SS:[EBP-188]
MOV DWORD PTR SS:[EBP-1C],EAX
MOV ECX,DWORD PTR SS:[EBP-48]
LEA EDX,[ECX+ECX+2]
PUSH EDX
MOV EAX,DWORD PTR SS:[EBP-168]
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP-1C]
PUSH ECX
CALL 0043231E

;
;
;
;
;
;

/Arg3
|
|Arg2
|
|Arg1
\SystemIn

ADD ESP,0C
MOV EDX,DWORD PTR SS:[EBP-20]
ADD EDX,1
PUSH EDX
MOV EAX,DWORD PTR SS:[EBP-1C]
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP-168]
PUSH ECX
CALL 0042F1F0

;
;
;
;
;
;

/Arg3
|
|Arg2
|
|Arg1
\SystemIn

ADD ESP,0C
MOV EDX,DWORD PTR SS:[EBP-1C]
MOV DWORD PTR SS:[EBP-18C],EDX
MOV EAX,DWORD PTR SS:[EBP-18C]
PUSH EAX
CALL 0042F800

; /Arg1
; \SystemIn

ADD ESP,4
MOV ECX,DWORD PTR SS:[EBP-168]
MOV DWORD PTR SS:[EBP-1C],ECX
JMP 0041B8D9
PUSH OFFSET 004495C4

; /Arg2 = U

MOV EDX,DWORD PTR SS:[EBP-0E8]


ADD EDX,6
PUSH EDX
CALL 00432412

;
;
;
;

ADD ESP,8
TEST EAX,EAX
JNE 0041B8D9
MOV EAX,DWORD PTR SS:[EBP-168]
PUSH EAX
CALL 00432449

; /Arg1
; \SystemIn

ADD ESP,4
MOV DWORD PTR SS:[EBP-14],EAX
MOV ECX,DWORD PTR SS:[EBP-14]

|
|
|Arg1
\SystemIn

0041B868 |.
0041B86B |.
0041B86C |.
fo.0042D84C
0041B871 |.
0041B874 |.
0041B87A |.
0041B880 |.
0041B883 |.
0041B886 |.
0041B88A |.
0041B88B |.
0041B891 |.
0041B892 |.
0041B895 |.
0041B896 |.
fo.0043231E
0041B89B |.
0041B89E |.
0041B8A1 |.
0041B8A4 |.
0041B8A5 |.
0041B8A8 |.
0041B8A9 |.
0041B8AF |.
0041B8B0 |.
fo.0042F1F0
0041B8B5 |.
0041B8B8 |.
0041B8BB |.
0041B8C1 |.
0041B8C7 |.
0041B8C8 |.
fo.0042F800
0041B8CD |.
0041B8D0 |.
0041B8D6 |.
0041B8D9 |>^
0041B8DE |>
0041B8E2 |.
0041B8E4 |.
0041B8E8 |.
0041B8EA |.
0041B8EE |.
0041B8F0 |.
0041B8F4 |.^
0041B8F6 |>
0041B8F8 |>^
0041B8FD |>
0041B901 |.
0041B903 |.
0041B907 |.
0041B909 |.
0041B90D |.
0041B90F |.
0041B913 |.^
0041B915 |>
0041B917 |>^
0041B91C |>
0041B920 |.

83C1 01
51
E8 DB1F0100

ADD ECX,1
PUSH ECX
CALL 0042D84C

; /Arg1
; \SystemIn

83C4 04
8985 70FEFFFF
8B95 70FEFFFF
8955 E8
8B45 EC
8D4C00 02
51
8B95 98FEFFFF
52
8B45 E8
50
E8 836A0100

ADD ESP,4
MOV DWORD PTR SS:[EBP-190],EAX
MOV EDX,DWORD PTR SS:[EBP-190]
MOV DWORD PTR SS:[EBP-18],EDX
MOV EAX,DWORD PTR SS:[EBP-14]
LEA ECX,[EAX+EAX+2]
PUSH ECX
MOV EDX,DWORD PTR SS:[EBP-168]
PUSH EDX
MOV EAX,DWORD PTR SS:[EBP-18]
PUSH EAX
CALL 0043231E

;
;
;
;
;
;

/Arg3
|
|Arg2
|
|Arg1
\SystemIn

83C4 0C
8B4D E0
83C1 01
51
8B55 E8
52
8B85 98FEFFFF
50
E8 3B390100

ADD ESP,0C
MOV ECX,DWORD PTR SS:[EBP-20]
ADD ECX,1
PUSH ECX
MOV EDX,DWORD PTR SS:[EBP-18]
PUSH EDX
MOV EAX,DWORD PTR SS:[EBP-168]
PUSH EAX
CALL 0042F1F0

;
;
;
;
;
;

/Arg3
|
|Arg2
|
|Arg1
\SystemIn

83C4 0C
8B4D E8
898D 6CFEFFFF
8B95 6CFEFFFF
52
E8 333F0100

ADD ESP,0C
MOV ECX,DWORD PTR SS:[EBP-18]
MOV DWORD PTR SS:[EBP-194],ECX
MOV EDX,DWORD PTR SS:[EBP-194]
PUSH EDX
CALL 0042F800

; /Arg1
; \SystemIn

83C4 04
8B85 98FEFFFF
8945 E8
E9 B0FCFFFF
837D E0 00
77 12
837D C4 00
77 0C
837D B8 00
77 06
837D EC 00
76 02
EB 05
E9 9CFBFFFF
837D E0 00
77 12
837D C4 00
77 0C
837D B8 00
77 06
837D EC 00
76 02
EB 05
E9 D3FAFFFF
837D E0 00
77 12

ADD ESP,4
MOV EAX,DWORD PTR SS:[EBP-168]
MOV DWORD PTR SS:[EBP-18],EAX
JMP 0041B58E
CMP DWORD PTR SS:[EBP-20],0
JA SHORT 0041B8F6
CMP DWORD PTR SS:[EBP-3C],0
JA SHORT 0041B8F6
CMP DWORD PTR SS:[EBP-48],0
JA SHORT 0041B8F6
CMP DWORD PTR SS:[EBP-14],0
JBE SHORT 0041B8F8
JMP SHORT 0041B8FD
JMP 0041B499
CMP DWORD PTR SS:[EBP-20],0
JA SHORT 0041B915
CMP DWORD PTR SS:[EBP-3C],0
JA SHORT 0041B915
CMP DWORD PTR SS:[EBP-48],0
JA SHORT 0041B915
CMP DWORD PTR SS:[EBP-14],0
JBE SHORT 0041B917
JMP SHORT 0041B91C
JMP 0041B3EF
CMP DWORD PTR SS:[EBP-20],0
JA SHORT 0041B934

0041B922 |.
0041B926 |.
0041B928 |.
0041B92C |.
0041B92E |.
0041B932 |.^
0041B934 |>
0041B936 |>^
0041B93B |>
0041B93F |.
0041B941 |.
0041B945 |.
0041B947 |.
0041B94B |.
0041B94D |.
0041B951 |.
0041B953 |.
0041B956 |.
fo.0040E780
0041B95B |.
SCII "Version
0041B960 |.
fo.0042E280
0041B965 |.
0041B968 |.
0041B96E |.
0041B974 |.
0041B975 |.
SCII "Version
0041B97A |.
0041B97D |.
fo.0040F150
0041B982 |.
0041B987 |>
0041B98B |.
0041B98D |.
0041B990 |.
0041B996 |.
0041B999 |.
fo.0040E780
0041B99E |.
0041B9A4 |.
0041B9A5 |.
fo.0042E280
0041B9AA |.
0041B9AD |.
0041B9B3 |.
0041B9B9 |.
0041B9BA |.
0041B9C0 |.
0041B9C1 |.
0041B9C4 |.
fo.0040F150
0041B9C9 |>
0041B9CD |.
0041B9CF |.
0041B9D2 |.
0041B9D8 |.
0041B9DB |.
0041B9DE |.

837D C4 00
77 0C
837D B8 00
77 06
837D EC 00
76 02
EB 05
E9 72FAFFFF
837D E0 00
75 46
837D C4 00
75 40
837D B8 00
75 3A
837D EC 00
75 34
8B4D 30
E8 252EFFFF

CMP DWORD PTR SS:[EBP-3C],0


JA SHORT 0041B934
CMP DWORD PTR SS:[EBP-48],0
JA SHORT 0041B934
CMP DWORD PTR SS:[EBP-14],0
JBE SHORT 0041B936
JMP SHORT 0041B93B
JMP 0041B3AD
CMP DWORD PTR SS:[EBP-20],0
JNE SHORT 0041B987
CMP DWORD PTR SS:[EBP-3C],0
JNE SHORT 0041B987
CMP DWORD PTR SS:[EBP-48],0
JNE SHORT 0041B987
CMP DWORD PTR SS:[EBP-14],0
JNE SHORT 0041B987
MOV ECX,DWORD PTR SS:[EBP+30]
CALL 0040E780

68 44964400 PUSH OFFSET 00449644


information resource is corrupted"
E8 1B290100 CALL 0042E280
83C4 04
ADD ESP,4
8985 70FDFFFF MOV DWORD PTR SS:[EBP-290],EAX
8B8D 70FDFFFF MOV ECX,DWORD PTR SS:[EBP-290]
51
PUSH ECX
68 44964400 PUSH OFFSET 00449644
information resource is corrupted"
8B4D 30
MOV ECX,DWORD PTR SS:[EBP+30]
E8 CE37FFFF CALL 0040F150
E9 3E010000
837D E0 00
76 3C
8B55 D4
8995 3CFDFFFF
8B4D 30
E8 E22DFFFF

; [SystemIn
; /Arg1 = A
; \SystemIn

; /Arg2
; |Arg1 = A
; |
; \SystemIn

JMP 0041BAC5
CMP DWORD PTR SS:[EBP-20],0
JBE SHORT 0041B9C9
MOV EDX,DWORD PTR SS:[EBP-2C]
MOV DWORD PTR SS:[EBP-2C4],EDX
MOV ECX,DWORD PTR SS:[EBP+30]
CALL 0040E780

; [SystemIn

8B85 3CFDFFFF MOV EAX,DWORD PTR SS:[EBP-2C4]


50
PUSH EAX
E8 D6280100 CALL 0042E280

; /Arg1
; \SystemIn

83C4 04
8985 50FDFFFF
8B8D 50FDFFFF
51
8B95 3CFDFFFF
52
8B4D 30
E8 8737FFFF

ADD ESP,4
MOV DWORD PTR
MOV ECX,DWORD
PUSH ECX
MOV EDX,DWORD
PUSH EDX
MOV ECX,DWORD
CALL 0040F150

;
;
;
;
;

837D C4 00
76 4E
8B45 C0
8985 18FDFFFF
8B4D 30
83C1 78
898D 1CFDFFFF

CMP
JBE
MOV
MOV
MOV
ADD
MOV

SS:[EBP-2B0],EAX
PTR SS:[EBP-2B0]
PTR SS:[EBP-2C4]
PTR SS:[EBP+30]

DWORD PTR SS:[EBP-3C],0


SHORT 0041BA1D
EAX,DWORD PTR SS:[EBP-40]
DWORD PTR SS:[EBP-2E8],EAX
ECX,DWORD PTR SS:[EBP+30]
ECX,78
DWORD PTR SS:[EBP-2E4],ECX

/Arg2
|
|Arg1
|
\SystemIn

0041B9E4 |.
0041B9EA |.
fo.0040E780
0041B9EF |.
0041B9F5 |.
0041B9F6 |.
fo.0042E280
0041B9FB |.
0041B9FE |.
0041BA04 |.
0041BA0A |.
0041BA0B |.
0041BA11 |.
0041BA12 |.
0041BA18 |.
fo.0040F150
0041BA1D |>
0041BA21 |.
0041BA23 |.
0041BA26 |.
0041BA2C |.
0041BA2F |.
0041BA32 |.
0041BA38 |.
0041BA3E |.
fo.0040E780
0041BA43 |.
0041BA49 |.
0041BA4A |.
fo.0042E280
0041BA4F |.
0041BA52 |.
0041BA58 |.
0041BA5E |.
0041BA5F |.
0041BA65 |.
0041BA66 |.
0041BA6C |.
fo.0040F150
0041BA71 |>
0041BA75 |.
0041BA77 |.
0041BA7A |.
0041BA80 |.
0041BA83 |.
0041BA86 |.
0041BA8C |.
0041BA92 |.
fo.0040E780
0041BA97 |.
0041BA9D |.
0041BA9E |.
fo.0042E280
0041BAA3 |.
0041BAA6 |.
0041BAAC |.
0041BAB2 |.
0041BAB3 |.
0041BAB9 |.
0041BABA |.

8B8D 1CFDFFFF MOV ECX,DWORD PTR SS:[EBP-2E4]


E8 912DFFFF CALL 0040E780

; [SystemIn

8B95 18FDFFFF MOV EDX,DWORD PTR SS:[EBP-2E8]


52
PUSH EDX
E8 85280100 CALL 0042E280

; /Arg1
; \SystemIn

83C4 04
8985 2CFDFFFF
8B85 2CFDFFFF
50
8B8D 18FDFFFF
51
8B8D 1CFDFFFF
E8 3337FFFF

ADD ESP,4
MOV DWORD PTR
MOV EAX,DWORD
PUSH EAX
MOV ECX,DWORD
PUSH ECX
MOV ECX,DWORD
CALL 0040F150

;
;
;
;
;

837D B8 00
76 4E
8B55 E4
8995 F4FCFFFF
8B45 30
83C0 28
8985 F8FCFFFF
8B8D F8FCFFFF
E8 3D2DFFFF

CMP DWORD PTR SS:[EBP-48],0


JBE SHORT 0041BA71
MOV EDX,DWORD PTR SS:[EBP-1C]
MOV DWORD PTR SS:[EBP-30C],EDX
MOV EAX,DWORD PTR SS:[EBP+30]
ADD EAX,28
MOV DWORD PTR SS:[EBP-308],EAX
MOV ECX,DWORD PTR SS:[EBP-308]
CALL 0040E780

; [SystemIn

8B8D F4FCFFFF MOV ECX,DWORD PTR SS:[EBP-30C]


51
PUSH ECX
E8 31280100 CALL 0042E280

; /Arg1
; \SystemIn

83C4 04
8985 08FDFFFF
8B95 08FDFFFF
52
8B85 F4FCFFFF
50
8B8D F8FCFFFF
E8 DF36FFFF

ADD ESP,4
MOV DWORD PTR
MOV EDX,DWORD
PUSH EDX
MOV EAX,DWORD
PUSH EAX
MOV ECX,DWORD
CALL 0040F150

;
;
;
;
;

837D EC 00
76 4E
8B4D E8
898D CCFCFFFF
8B55 30
83C2 50
8995 D0FCFFFF
8B8D D0FCFFFF
E8 E92CFFFF

CMP DWORD PTR SS:[EBP-14],0


JBE SHORT 0041BAC5
MOV ECX,DWORD PTR SS:[EBP-18]
MOV DWORD PTR SS:[EBP-334],ECX
MOV EDX,DWORD PTR SS:[EBP+30]
ADD EDX,50
MOV DWORD PTR SS:[EBP-330],EDX
MOV ECX,DWORD PTR SS:[EBP-330]
CALL 0040E780

; [SystemIn

8B85 CCFCFFFF MOV EAX,DWORD PTR SS:[EBP-334]


50
PUSH EAX
E8 DD270100 CALL 0042E280

; /Arg1
; \SystemIn

83C4
8985
8B8D
51
8B95
52
8B8D

;
;
;
;

04
ADD ESP,4
E4FCFFFF MOV DWORD PTR
E4FCFFFF MOV ECX,DWORD
PUSH ECX
CCFCFFFF MOV EDX,DWORD
PUSH EDX
D0FCFFFF MOV ECX,DWORD

SS:[EBP-2D4],EAX
PTR SS:[EBP-2D4]
PTR SS:[EBP-2E8]
PTR SS:[EBP-2E4]

/Arg2
|
|Arg1
|
\SystemIn

SS:[EBP-2F8],EAX
PTR SS:[EBP-2F8]
PTR SS:[EBP-30C]
PTR SS:[EBP-308]

/Arg2
|
|Arg1
|
\SystemIn

SS:[EBP-31C],EAX
PTR SS:[EBP-31C]
PTR SS:[EBP-334]
PTR SS:[EBP-330]

/Arg2
|
|Arg1
|

0041BAC0 |. E8 8B36FFFF CALL 0040F150


; \SystemIn
fo.0040F150
0041BAC5 |> 8B45 D0
MOV EAX,DWORD PTR SS:[EBP-30]
0041BAC8 |. 8985 68FEFFFF MOV DWORD PTR SS:[EBP-198],EAX
0041BACE |. 8B8D 68FEFFFF MOV ECX,DWORD PTR SS:[EBP-198]
0041BAD4 |. 51
PUSH ECX
; /Arg1
0041BAD5 |. E8 263D0100 CALL 0042F800
; \SystemIn
fo.0042F800
0041BADA |. 83C4 04
ADD ESP,4
0041BADD |. C745 FC 05000 MOV DWORD PTR SS:[EBP-4],5
0041BAE4 |. 8D4D 08
LEA ECX,[EBP+8]
0041BAE7 |. E8 942CFFFF CALL 0040E780
; [SystemIn
fo.0040E780
0041BAEC |. C745 FC FFFFF MOV DWORD PTR SS:[EBP-4],-1
0041BAF3 |. 6A 00
PUSH 0
; /Arg2 = 0
0041BAF5 |. 6A 01
PUSH 1
; |Arg1 = 1
0041BAF7 |. 8D4D 08
LEA ECX,[EBP+8]
; |
0041BAFA |. E8 6140FFFF CALL 0040FB60
; \SystemIn
fo.0040FB60
0041BAFF |> 8B4D F4
MOV ECX,DWORD PTR SS:[EBP-0C]
0041BB02 |. 64:890D 00000 MOV DWORD PTR FS:[0],ECX
0041BB09 |. 59
POP ECX
0041BB0A |. 5F
POP EDI
0041BB0B |. 5E
POP ESI
0041BB0C |. 8B4D F0
MOV ECX,DWORD PTR SS:[EBP-10]
0041BB0F |. 33CD
XOR ECX,EBP
0041BB11 |. E8 DB2B0100 CALL 0042E6F1
0041BB16 |. 8BE5
MOV ESP,EBP
0041BB18 |. 5D
POP EBP
0041BB19 \. C3
RETN
0041BB1A
CC
INT3
0041BB1B
CC
INT3
0041BB1C
CC
INT3
0041BB1D
CC
INT3
0041BB1E
CC
INT3
0041BB1F
CC
INT3
0041BB20 /$ 55
PUSH EBP
; SystemInf
o.0041BB20(guessed Arg1,Arg2,Arg3,Arg4,Arg5,Arg6,Arg7,Arg8,Arg9,Arg10,Arg11,Arg1
2,Arg13,Arg14)
0041BB21 |. 8BEC
MOV EBP,ESP
0041BB23 |. 6A FF
PUSH -1
0041BB25 |. 68 5B604400 PUSH 0044605B
0041BB2A |. 64:A1 0000000 MOV EAX,DWORD PTR FS:[0]
0041BB30 |. 50
PUSH EAX
0041BB31 |. 81EC B4010000 SUB ESP,1B4
0041BB37 |. A1 A0154500 MOV EAX,DWORD PTR DS:[4515A0]
0041BB3C |. 33C5
XOR EAX,EBP
0041BB3E |. 8945 F0
MOV DWORD PTR SS:[LOCAL.4],EAX
0041BB41 |. 50
PUSH EAX
0041BB42 |. 8D45 F4
LEA EAX,[LOCAL.3]
0041BB45 |. 64:A3 0000000 MOV DWORD PTR FS:[0],EAX
0041BB4B |. C745 FC 00000 MOV DWORD PTR SS:[LOCAL.1],0
0041BB52 |. 8D8D 4CFFFFFF LEA ECX,[LOCAL.45]
0041BB58 |. E8 539DFEFF CALL 004058B0
; [SystemIn
fo.004058B0
0041BB5D |. C645 FC 01
MOV BYTE PTR SS:[LOCAL.1],1
0041BB61 |. 8D85 4CFFFFFF LEA EAX,[LOCAL.45]
0041BB67 |. 50
PUSH EAX
0041BB68 |. 83EC 28
SUB ESP,28
0041BB6B |. 8BCC
MOV ECX,ESP

0041BB6D |. 89A5 48FFFFFF


0041BB73 |. 8D55 0C
0041BB76 |. 52
OFFSET ARG.2
0041BB77 |. E8 94F1FEFF
fo.0040AD10
0041BB7C |. 8985 58FEFFFF
0041BB82 |. E8 F9F2FFFF
0041BB87 |. 83C4 2C
0041BB8A |. 33C0
0041BB8C |. 837D 88 00
0041BB90 |. 0F94C0
0041BB93 |. 0FB6C8
0041BB96 |. 85C9
0041BB98 |. 74 36
0041BB9A |. 8D95 4CFFFFFF
0041BBA0 |. 52
0041BBA1 |. 8B45 08
0041BBA4 |. 50
0041BBA5 |. E8 B6F2FEFF
0041BBAA |. 83C4 08
0041BBAD |. 8985 04FFFFFF
0041BBB3 |. 6A 0A
A
0041BBB5 |. 8B8D 04FFFFFF
0041BBBB |. E8 003AFFFF
fo.0040F5C0
0041BBC0 |. 8B8D 04FFFFFF
0041BBC6 |. E8 F53BFFFF
fo.0040F7C0
0041BBCB |. E9 C0060000
0041BBD0 |> 33C9
0041BBD2 |. 83BD 60FFFFFF
0041BBD9 |. 0F94C1
0041BBDC |. 0FB6D1
0041BBDF |. 85D2
0041BBE1 |. 0F85 2C020000
0041BBE7 |. C685 47FFFFFF
0041BBEE |. C685 46FFFFFF
0041BBF5 |. 6A 06
0041BBF7 |. 8D85 34FFFFFF
0041BBFD |. 50
OFFSET LOCAL.51
0041BBFE |. E8 951B0100
fo.0042D798
0041BC03 |. 83C4 08
0041BC06 |. 8985 00FFFFFF
0041BC0C |. 837D 08 00
0041BC10 |. 75 0C
0041BC12 |. C785 54FEFFFF
0041BC1C |. EB 11
0041BC1E |> 8B4D 08
0041BC21 |. 8B11
0041BC23 |. 8B45 08
0041BC26 |. 0342 04
0041BC29 |. 8985 54FEFFFF
0041BC2F |> 8B8D 00FFFFFF
0041BC35 |. 8B51 04
0041BC38 |. 52
0041BC39 |. 8B85 54FEFFFF

MOV DWORD PTR SS:[LOCAL.46],ESP


LEA EDX,[ARG.2]
PUSH EDX

; /Arg1 =>

CALL 0040AD10

; \SystemIn

MOV DWORD PTR SS:[LOCAL.106],EAX


CALL 0041AE80
ADD ESP,2C
XOR EAX,EAX
CMP DWORD PTR SS:[LOCAL.30],0
SETE AL
MOVZX ECX,AL
TEST ECX,ECX
JE SHORT 0041BBD0
LEA EDX,[LOCAL.45]
PUSH EDX
MOV EAX,DWORD PTR SS:[ARG.1]
PUSH EAX
CALL 0040AE60
ADD ESP,8
MOV DWORD PTR SS:[LOCAL.63],EAX
PUSH 0A

; /Arg1 = 0

MOV ECX,DWORD PTR SS:[LOCAL.63]


CALL 0040F5C0

; |
; \SystemIn

MOV ECX,DWORD PTR SS:[LOCAL.63]


CALL 0040F7C0

; [SystemIn

JMP 0041C290
XOR ECX,ECX
CMP DWORD PTR SS:[LOCAL.40],0
SETE CL
MOVZX EDX,CL
TEST EDX,EDX
JNE 0041BE13
MOV BYTE PTR SS:[LOCAL.47+3],20
MOV BYTE PTR SS:[LOCAL.47+2],2E
PUSH 6
LEA EAX,[LOCAL.51]
PUSH EAX

; /Arg2 = 6
; |
; |Arg1 =>

CALL 0042D798

; \SystemIn

ADD ESP,8
MOV DWORD PTR SS:[LOCAL.64],EAX
CMP DWORD PTR SS:[ARG.1],0
JNE SHORT 0041BC1E
MOV DWORD PTR SS:[LOCAL.107],0
JMP SHORT 0041BC2F
MOV ECX,DWORD PTR SS:[ARG.1]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[ARG.1]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.107],EAX
MOV ECX,DWORD PTR SS:[LOCAL.64]
MOV EDX,DWORD PTR DS:[ECX+4]
PUSH EDX
MOV EAX,DWORD PTR SS:[LOCAL.107]

0041BC3F |. 50
0041BC40 |. 8B8D 00FFFFFF
0041BC46 |. 8B11
0041BC48 |. FFD2
0041BC4A |. 83C4 08
0041BC4D |. 6A 23
3
0041BC4F |. 8D85 3CFFFFFF
0041BC55 |. 50
OFFSET LOCAL.49
0041BC56 |. E8 3D1B0100
fo.0042D798
0041BC5B |. 83C4 08
0041BC5E |. 8985 F8FEFFFF
0041BC64 |. 68 77874400
0041BC69 |. 8B4D 08
0041BC6C |. 51
0041BC6D |. E8 EEECFEFF
0041BC72 |. 83C4 08
0041BC75 |. 8985 FCFEFFFF
0041BC7B |. 83BD FCFEFFFF
0041BC82 |. 75 0C
0041BC84 |. C785 50FEFFFF
0041BC8E |. EB 17
0041BC90 |> 8B95 FCFEFFFF
0041BC96 |. 8B02
0041BC98 |. 8B8D FCFEFFFF
0041BC9E |. 0348 04
0041BCA1 |. 898D 50FEFFFF
0041BCA7 |> 8B95 F8FEFFFF
0041BCAD |. 8B42 04
0041BCB0 |. 50
0041BCB1 |. 8B8D 50FEFFFF
0041BCB7 |. 51
0041BCB8 |. 8B95 F8FEFFFF
0041BCBE |. 8B02
0041BCC0 |. FFD0
0041BCC2 |. 83C4 08
0041BCC5 |. 8A8D 46FFFFFF
0041BCCB |. 888D EFFEFFFF
0041BCD1 |. 8B95 FCFEFFFF
0041BCD7 |. 8B02
0041BCD9 |. 8B8D FCFEFFFF
0041BCDF |. 0348 04
0041BCE2 |. 898D F0FEFFFF
0041BCE8 |. 8B95 F0FEFFFF
0041BCEE |. 8A42 30
0041BCF1 |. 8885 F7FEFFFF
0041BCF7 |. 8B8D F0FEFFFF
0041BCFD |. 8A95 EFFEFFFF
0041BD03 |. 8851 30
0041BD06 |. 83BD FCFEFFFF
0041BD0D |. 75 0C
0041BD0F |. C785 E8FEFFFF
0041BD19 |. EB 17
0041BD1B |> 8B85 FCFEFFFF
0041BD21 |. 8B08
0041BD23 |. 8B95 FCFEFFFF
0041BD29 |. 0351 04
0041BD2C |. 8995 E8FEFFFF

PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.64]
MOV EDX,DWORD PTR DS:[ECX]
CALL EDX
ADD ESP,8
PUSH 23

; /Arg2 = 2

LEA EAX,[LOCAL.49]
PUSH EAX

; |
; |Arg1 =>

CALL 0042D798

; \SystemIn

ADD ESP,8
MOV DWORD PTR SS:[LOCAL.66],EAX
PUSH OFFSET 00448777
MOV ECX,DWORD PTR SS:[ARG.1]
PUSH ECX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[LOCAL.65],EAX
CMP DWORD PTR SS:[LOCAL.65],0
JNE SHORT 0041BC90
MOV DWORD PTR SS:[LOCAL.108],0
JMP SHORT 0041BCA7
MOV EDX,DWORD PTR SS:[LOCAL.65]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[LOCAL.65]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.108],ECX
MOV EDX,DWORD PTR SS:[LOCAL.66]
MOV EAX,DWORD PTR DS:[EDX+4]
PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.108]
PUSH ECX
MOV EDX,DWORD PTR SS:[LOCAL.66]
MOV EAX,DWORD PTR DS:[EDX]
CALL EAX
ADD ESP,8
MOV CL,BYTE PTR SS:[LOCAL.47+2]
MOV BYTE PTR SS:[LOCAL.69+3],CL
MOV EDX,DWORD PTR SS:[LOCAL.65]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[LOCAL.65]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.68],ECX
MOV EDX,DWORD PTR SS:[LOCAL.68]
MOV AL,BYTE PTR DS:[EDX+30]
MOV BYTE PTR SS:[LOCAL.67+3],AL
MOV ECX,DWORD PTR SS:[LOCAL.68]
MOV DL,BYTE PTR SS:[LOCAL.69+3]
MOV BYTE PTR DS:[ECX+30],DL
CMP DWORD PTR SS:[LOCAL.65],0
JNE SHORT 0041BD1B
MOV DWORD PTR SS:[LOCAL.70],0
JMP SHORT 0041BD32
MOV EAX,DWORD PTR SS:[LOCAL.65]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[LOCAL.65]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[LOCAL.70],EDX

0041BD32 |>
C0
0041BD37 |.
0
0041BD39 |.
0041BD3F |.
fo.00408D80
0041BD44 |.
0041BD47 |.
0041BD48 |.
0041BD4E |.
0041BD4F |.
0041BD54 |.
0041BD57 |.
0041BD5D |.
0041BD64 |.
0041BD66 |.
0041BD70 |.
0041BD72 |>
0041BD78 |.
0041BD7A |.
0041BD80 |.
0041BD83 |.
0041BD89 |>
C0
0041BD8E |.
0
0041BD93 |.
0041BD99 |.
fo.00408D80
0041BD9E |.
0041BDA4 |.
0041BDAA |.
0041BDB0 |.
0041BDB2 |.
0041BDB8 |.
0041BDBB |.
0041BDC1 |.
0041BDC7 |.
0041BDCA |.
0041BDD0 |.
0041BDD6 |.
0041BDDC |.
0041BDDF |.
0041BDE5 |.
0041BDE6 |.
0041BDEC |.
0041BDED |.
0041BDF2 |.
0041BDF5 |.
0041BDFB |.
A
0041BDFD |.
0041BE03 |.
fo.0040F5C0
0041BE08 |.
0041BE0E |.
fo.0040F7C0
0041BE13 |>
0041BE15 |.

68 C0010000

PUSH 1C0

; /Arg2 = 1

6A 40

PUSH 40

; |Arg1 = 4

8B8D E8FEFFFF MOV ECX,DWORD PTR SS:[LOCAL.70]


E8 3CD0FEFF CALL 00408D80

; |
; \SystemIn

8B45 34
50
8B8D FCFEFFFF
51
E8 0CECFEFF
83C4 08
8985 E0FEFFFF
83BD E0FEFFFF
75 0C
C785 E4FEFFFF
EB 17
8B95 E0FEFFFF
8B02
8B8D E0FEFFFF
0348 04
898D E4FEFFFF
68 C0010000

MOV EAX,DWORD PTR SS:[ARG.12]


PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.65]
PUSH ECX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[LOCAL.72],EAX
CMP DWORD PTR SS:[LOCAL.72],0
JNE SHORT 0041BD72
MOV DWORD PTR SS:[LOCAL.71],0
JMP SHORT 0041BD89
MOV EDX,DWORD PTR SS:[LOCAL.72]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[LOCAL.72]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.71],ECX
PUSH 1C0

; /Arg2 = 1

68 80000000

PUSH 80

; |Arg1 = 8

8B8D E4FEFFFF MOV ECX,DWORD PTR SS:[LOCAL.71]


E8 E2CFFEFF CALL 00408D80

; |
; \SystemIn

8A95 47FFFFFF
8895 D7FEFFFF
8B85 E0FEFFFF
8B08
8B95 E0FEFFFF
0351 04
8995 D8FEFFFF
8B85 D8FEFFFF
8A48 30
888D DFFEFFFF
8B95 D8FEFFFF
8A85 D7FEFFFF
8842 30
8D8D 4CFFFFFF
51
8B95 E0FEFFFF
52
E8 6EF0FEFF
83C4 08
8985 D0FEFFFF
6A 0A

MOV DL,BYTE PTR SS:[LOCAL.47+3]


MOV BYTE PTR SS:[LOCAL.75+3],DL
MOV EAX,DWORD PTR SS:[LOCAL.72]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[LOCAL.72]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[LOCAL.74],EDX
MOV EAX,DWORD PTR SS:[LOCAL.74]
MOV CL,BYTE PTR DS:[EAX+30]
MOV BYTE PTR SS:[LOCAL.73+3],CL
MOV EDX,DWORD PTR SS:[LOCAL.74]
MOV AL,BYTE PTR SS:[LOCAL.75+3]
MOV BYTE PTR DS:[EDX+30],AL
LEA ECX,[LOCAL.45]
PUSH ECX
MOV EDX,DWORD PTR SS:[LOCAL.72]
PUSH EDX
CALL 0040AE60
ADD ESP,8
MOV DWORD PTR SS:[LOCAL.76],EAX
PUSH 0A

; /Arg1 = 0

8B8D D0FEFFFF MOV ECX,DWORD PTR SS:[LOCAL.76]


E8 B837FFFF CALL 0040F5C0

; |
; \SystemIn

8B8D D0FEFFFF MOV ECX,DWORD PTR SS:[LOCAL.76]


E8 AD39FFFF CALL 0040F7C0

; [SystemIn

33C0
837D 88 00

XOR EAX,EAX
CMP DWORD PTR SS:[LOCAL.30],0

0041BE19 |. 0F94C0
0041BE1C |. 0FB6C8
0041BE1F |. 85C9
0041BE21 |. 0F85 2C020000
0041BE27 |. C685 33FFFFFF
0041BE2E |. C685 32FFFFFF
0041BE35 |. 6A 06
0041BE37 |. 8D95 20FFFFFF
0041BE3D |. 52
OFFSET LOCAL.56
0041BE3E |. E8 55190100
fo.0042D798
0041BE43 |. 83C4 08
0041BE46 |. 8985 CCFEFFFF
0041BE4C |. 837D 08 00
0041BE50 |. 75 0C
0041BE52 |. C785 4CFEFFFF
0041BE5C |. EB 11
0041BE5E |> 8B45 08
0041BE61 |. 8B08
0041BE63 |. 8B55 08
0041BE66 |. 0351 04
0041BE69 |. 8995 4CFEFFFF
0041BE6F |> 8B85 CCFEFFFF
0041BE75 |. 8B48 04
0041BE78 |. 51
0041BE79 |. 8B95 4CFEFFFF
0041BE7F |. 52
0041BE80 |. 8B85 CCFEFFFF
0041BE86 |. 8B08
0041BE88 |. FFD1
0041BE8A |. 83C4 08
0041BE8D |. 6A 23
3
0041BE8F |. 8D95 28FFFFFF
0041BE95 |. 52
OFFSET LOCAL.54
0041BE96 |. E8 FD180100
fo.0042D798
0041BE9B |. 83C4 08
0041BE9E |. 8985 C4FEFFFF
0041BEA4 |. 68 77874400
0041BEA9 |. 8B45 08
0041BEAC |. 50
0041BEAD |. E8 AEEAFEFF
0041BEB2 |. 83C4 08
0041BEB5 |. 8985 C8FEFFFF
0041BEBB |. 83BD C8FEFFFF
0041BEC2 |. 75 0C
0041BEC4 |. C785 48FEFFFF
0041BECE |. EB 17
0041BED0 |> 8B8D C8FEFFFF
0041BED6 |. 8B11
0041BED8 |. 8B85 C8FEFFFF
0041BEDE |. 0342 04
0041BEE1 |. 8985 48FEFFFF
0041BEE7 |> 8B8D C4FEFFFF
0041BEED |. 8B51 04
0041BEF0 |. 52
0041BEF1 |. 8B85 48FEFFFF

SETE AL
MOVZX ECX,AL
TEST ECX,ECX
JNE 0041C053
MOV BYTE PTR SS:[LOCAL.52+3],20
MOV BYTE PTR SS:[LOCAL.52+2],2E
PUSH 6
LEA EDX,[LOCAL.56]
PUSH EDX

; /Arg2 = 6
; |
; |Arg1 =>

CALL 0042D798

; \SystemIn

ADD ESP,8
MOV DWORD PTR SS:[LOCAL.77],EAX
CMP DWORD PTR SS:[ARG.1],0
JNE SHORT 0041BE5E
MOV DWORD PTR SS:[LOCAL.109],0
JMP SHORT 0041BE6F
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[ARG.1]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[LOCAL.109],EDX
MOV EAX,DWORD PTR SS:[LOCAL.77]
MOV ECX,DWORD PTR DS:[EAX+4]
PUSH ECX
MOV EDX,DWORD PTR SS:[LOCAL.109]
PUSH EDX
MOV EAX,DWORD PTR SS:[LOCAL.77]
MOV ECX,DWORD PTR DS:[EAX]
CALL ECX
ADD ESP,8
PUSH 23

; /Arg2 = 2

LEA EDX,[LOCAL.54]
PUSH EDX

; |
; |Arg1 =>

CALL 0042D798

; \SystemIn

ADD ESP,8
MOV DWORD PTR SS:[LOCAL.79],EAX
PUSH OFFSET 00448777
MOV EAX,DWORD PTR SS:[ARG.1]
PUSH EAX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[LOCAL.78],EAX
CMP DWORD PTR SS:[LOCAL.78],0
JNE SHORT 0041BED0
MOV DWORD PTR SS:[LOCAL.110],0
JMP SHORT 0041BEE7
MOV ECX,DWORD PTR SS:[LOCAL.78]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[LOCAL.78]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.110],EAX
MOV ECX,DWORD PTR SS:[LOCAL.79]
MOV EDX,DWORD PTR DS:[ECX+4]
PUSH EDX
MOV EAX,DWORD PTR SS:[LOCAL.110]

0041BEF7 |.
0041BEF8 |.
0041BEFE |.
0041BF00 |.
0041BF02 |.
0041BF05 |.
0041BF0B |.
0041BF11 |.
0041BF17 |.
0041BF19 |.
0041BF1F |.
0041BF22 |.
0041BF28 |.
0041BF2E |.
0041BF31 |.
0041BF37 |.
0041BF3D |.
0041BF43 |.
0041BF46 |.
0041BF4D |.
0041BF4F |.
0041BF59 |.
0041BF5B |>
0041BF61 |.
0041BF63 |.
0041BF69 |.
0041BF6C |.
0041BF72 |>
C0
0041BF77 |.
0
0041BF79 |.
0041BF7F |.
fo.00408D80
0041BF84 |.
0041BF87 |.
0041BF88 |.
0041BF8E |.
0041BF8F |.
0041BF94 |.
0041BF97 |.
0041BF9D |.
0041BFA4 |.
0041BFA6 |.
0041BFB0 |.
0041BFB2 |>
0041BFB8 |.
0041BFBA |.
0041BFC0 |.
0041BFC3 |.
0041BFC9 |>
C0
0041BFCE |.
0
0041BFD3 |.
0041BFD9 |.
fo.00408D80
0041BFDE |.
0041BFE4 |.
0041BFEA |.

50
8B8D C4FEFFFF
8B11
FFD2
83C4 08
8A85 32FFFFFF
8885 BBFEFFFF
8B8D C8FEFFFF
8B11
8B85 C8FEFFFF
0342 04
8985 BCFEFFFF
8B8D BCFEFFFF
8A51 30
8895 C3FEFFFF
8B85 BCFEFFFF
8A8D BBFEFFFF
8848 30
83BD C8FEFFFF
75 0C
C785 B4FEFFFF
EB 17
8B95 C8FEFFFF
8B02
8B8D C8FEFFFF
0348 04
898D B4FEFFFF
68 C0010000

PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.79]
MOV EDX,DWORD PTR DS:[ECX]
CALL EDX
ADD ESP,8
MOV AL,BYTE PTR SS:[LOCAL.52+2]
MOV BYTE PTR SS:[LOCAL.82+3],AL
MOV ECX,DWORD PTR SS:[LOCAL.78]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[LOCAL.78]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.81],EAX
MOV ECX,DWORD PTR SS:[LOCAL.81]
MOV DL,BYTE PTR DS:[ECX+30]
MOV BYTE PTR SS:[LOCAL.80+3],DL
MOV EAX,DWORD PTR SS:[LOCAL.81]
MOV CL,BYTE PTR SS:[LOCAL.82+3]
MOV BYTE PTR DS:[EAX+30],CL
CMP DWORD PTR SS:[LOCAL.78],0
JNE SHORT 0041BF5B
MOV DWORD PTR SS:[LOCAL.83],0
JMP SHORT 0041BF72
MOV EDX,DWORD PTR SS:[LOCAL.78]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[LOCAL.78]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.83],ECX
PUSH 1C0

; /Arg2 = 1

6A 40

PUSH 40

; |Arg1 = 4

8B8D B4FEFFFF MOV ECX,DWORD PTR SS:[LOCAL.83]


E8 FCCDFEFF CALL 00408D80

; |
; \SystemIn

8B55 38
52
8B85 C8FEFFFF
50
E8 CCE9FEFF
83C4 08
8985 ACFEFFFF
83BD ACFEFFFF
75 0C
C785 B0FEFFFF
EB 17
8B8D ACFEFFFF
8B11
8B85 ACFEFFFF
0342 04
8985 B0FEFFFF
68 C0010000

MOV EDX,DWORD PTR SS:[ARG.13]


PUSH EDX
MOV EAX,DWORD PTR SS:[LOCAL.78]
PUSH EAX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[LOCAL.85],EAX
CMP DWORD PTR SS:[LOCAL.85],0
JNE SHORT 0041BFB2
MOV DWORD PTR SS:[LOCAL.84],0
JMP SHORT 0041BFC9
MOV ECX,DWORD PTR SS:[LOCAL.85]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[LOCAL.85]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.84],EAX
PUSH 1C0

; /Arg2 = 1

68 80000000

PUSH 80

; |Arg1 = 8

8B8D B0FEFFFF MOV ECX,DWORD PTR SS:[LOCAL.84]


E8 A2CDFEFF CALL 00408D80
8A8D 33FFFFFF MOV CL,BYTE PTR SS:[LOCAL.52+3]
888D A3FEFFFF MOV BYTE PTR SS:[LOCAL.88+3],CL
8B95 ACFEFFFF MOV EDX,DWORD PTR SS:[LOCAL.85]

; |
; \SystemIn

0041BFF0 |. 8B02
0041BFF2 |. 8B8D ACFEFFFF
0041BFF8 |. 0348 04
0041BFFB |. 898D A4FEFFFF
0041C001 |. 8B95 A4FEFFFF
0041C007 |. 8A42 30
0041C00A |. 8885 ABFEFFFF
0041C010 |. 8B8D A4FEFFFF
0041C016 |. 8A95 A3FEFFFF
0041C01C |. 8851 30
0041C01F |. 8D85 74FFFFFF
0041C025 |. 50
0041C026 |. 8B8D ACFEFFFF
0041C02C |. 51
0041C02D |. E8 2EEEFEFF
0041C032 |. 83C4 08
0041C035 |. 8985 9CFEFFFF
0041C03B |. 6A 0A
A
0041C03D |. 8B8D 9CFEFFFF
0041C043 |. E8 7835FFFF
fo.0040F5C0
0041C048 |. 8B8D 9CFEFFFF
0041C04E |. E8 6D37FFFF
fo.0040F7C0
0041C053 |> 33D2
0041C055 |. 837D D8 00
0041C059 |. 0F94C2
0041C05C |. 0FB6C2
0041C05F |. 85C0
0041C061 |. 0F85 29020000
0041C067 |. C685 1FFFFFFF
0041C06E |. C685 1EFFFFFF
0041C075 |. 6A 06
0041C077 |. 8D8D 0CFFFFFF
0041C07D |. 51
OFFSET LOCAL.61
0041C07E |. E8 15170100
fo.0042D798
0041C083 |. 83C4 08
0041C086 |. 8985 98FEFFFF
0041C08C |. 837D 08 00
0041C090 |. 75 0C
0041C092 |. C785 44FEFFFF
0041C09C |. EB 11
0041C09E |> 8B55 08
0041C0A1 |. 8B02
0041C0A3 |. 8B4D 08
0041C0A6 |. 0348 04
0041C0A9 |. 898D 44FEFFFF
0041C0AF |> 8B95 98FEFFFF
0041C0B5 |. 8B42 04
0041C0B8 |. 50
0041C0B9 |. 8B8D 44FEFFFF
0041C0BF |. 51
0041C0C0 |. 8B95 98FEFFFF
0041C0C6 |. 8B02
0041C0C8 |. FFD0
0041C0CA |. 83C4 08
0041C0CD |. 6A 23

MOV EAX,DWORD PTR DS:[EDX]


MOV ECX,DWORD PTR SS:[LOCAL.85]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.87],ECX
MOV EDX,DWORD PTR SS:[LOCAL.87]
MOV AL,BYTE PTR DS:[EDX+30]
MOV BYTE PTR SS:[LOCAL.86+3],AL
MOV ECX,DWORD PTR SS:[LOCAL.87]
MOV DL,BYTE PTR SS:[LOCAL.88+3]
MOV BYTE PTR DS:[ECX+30],DL
LEA EAX,[LOCAL.35]
PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.85]
PUSH ECX
CALL 0040AE60
ADD ESP,8
MOV DWORD PTR SS:[LOCAL.89],EAX
PUSH 0A

; /Arg1 = 0

MOV ECX,DWORD PTR SS:[LOCAL.89]


CALL 0040F5C0

; |
; \SystemIn

MOV ECX,DWORD PTR SS:[LOCAL.89]


CALL 0040F7C0

; [SystemIn

XOR EDX,EDX
CMP DWORD PTR SS:[LOCAL.10],0
SETE DL
MOVZX EAX,DL
TEST EAX,EAX
JNE 0041C290
MOV BYTE PTR SS:[LOCAL.57+3],20
MOV BYTE PTR SS:[LOCAL.57+2],2E
PUSH 6
LEA ECX,[LOCAL.61]
PUSH ECX

; /Arg2 = 6
; |
; |Arg1 =>

CALL 0042D798

; \SystemIn

ADD ESP,8
MOV DWORD PTR SS:[LOCAL.90],EAX
CMP DWORD PTR SS:[ARG.1],0
JNE SHORT 0041C09E
MOV DWORD PTR SS:[LOCAL.111],0
JMP SHORT 0041C0AF
MOV EDX,DWORD PTR SS:[ARG.1]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[ARG.1]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.111],ECX
MOV EDX,DWORD PTR SS:[LOCAL.90]
MOV EAX,DWORD PTR DS:[EDX+4]
PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.111]
PUSH ECX
MOV EDX,DWORD PTR SS:[LOCAL.90]
MOV EAX,DWORD PTR DS:[EDX]
CALL EAX
ADD ESP,8
PUSH 23

; /Arg2 = 2

3
0041C0CF |. 8D8D 14FFFFFF
0041C0D5 |. 51
OFFSET LOCAL.59
0041C0D6 |. E8 BD160100
fo.0042D798
0041C0DB |. 83C4 08
0041C0DE |. 8985 90FEFFFF
0041C0E4 |. 68 77874400
0041C0E9 |. 8B55 08
0041C0EC |. 52
0041C0ED |. E8 6EE8FEFF
0041C0F2 |. 83C4 08
0041C0F5 |. 8985 94FEFFFF
0041C0FB |. 83BD 94FEFFFF
0041C102 |. 75 0C
0041C104 |. C785 40FEFFFF
0041C10E |. EB 17
0041C110 |> 8B85 94FEFFFF
0041C116 |. 8B08
0041C118 |. 8B95 94FEFFFF
0041C11E |. 0351 04
0041C121 |. 8995 40FEFFFF
0041C127 |> 8B85 90FEFFFF
0041C12D |. 8B48 04
0041C130 |. 51
0041C131 |. 8B95 40FEFFFF
0041C137 |. 52
0041C138 |. 8B85 90FEFFFF
0041C13E |. 8B08
0041C140 |. FFD1
0041C142 |. 83C4 08
0041C145 |. 8A95 1EFFFFFF
0041C14B |. 8895 87FEFFFF
0041C151 |. 8B85 94FEFFFF
0041C157 |. 8B08
0041C159 |. 8B95 94FEFFFF
0041C15F |. 0351 04
0041C162 |. 8995 88FEFFFF
0041C168 |. 8B85 88FEFFFF
0041C16E |. 8A48 30
0041C171 |. 888D 8FFEFFFF
0041C177 |. 8B95 88FEFFFF
0041C17D |. 8A85 87FEFFFF
0041C183 |. 8842 30
0041C186 |. 83BD 94FEFFFF
0041C18D |. 75 0C
0041C18F |. C785 80FEFFFF
0041C199 |. EB 17
0041C19B |> 8B8D 94FEFFFF
0041C1A1 |. 8B11
0041C1A3 |. 8B85 94FEFFFF
0041C1A9 |. 0342 04
0041C1AC |. 8985 80FEFFFF
0041C1B2 |> 68 C0010000
C0
0041C1B7 |. 6A 40
0
0041C1B9 |. 8B8D 80FEFFFF
0041C1BF |. E8 BCCBFEFF

LEA ECX,[LOCAL.59]
PUSH ECX

; |
; |Arg1 =>

CALL 0042D798

; \SystemIn

ADD ESP,8
MOV DWORD PTR SS:[LOCAL.92],EAX
PUSH OFFSET 00448777
MOV EDX,DWORD PTR SS:[ARG.1]
PUSH EDX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[LOCAL.91],EAX
CMP DWORD PTR SS:[LOCAL.91],0
JNE SHORT 0041C110
MOV DWORD PTR SS:[LOCAL.112],0
JMP SHORT 0041C127
MOV EAX,DWORD PTR SS:[LOCAL.91]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[LOCAL.91]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[LOCAL.112],EDX
MOV EAX,DWORD PTR SS:[LOCAL.92]
MOV ECX,DWORD PTR DS:[EAX+4]
PUSH ECX
MOV EDX,DWORD PTR SS:[LOCAL.112]
PUSH EDX
MOV EAX,DWORD PTR SS:[LOCAL.92]
MOV ECX,DWORD PTR DS:[EAX]
CALL ECX
ADD ESP,8
MOV DL,BYTE PTR SS:[LOCAL.57+2]
MOV BYTE PTR SS:[LOCAL.95+3],DL
MOV EAX,DWORD PTR SS:[LOCAL.91]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[LOCAL.91]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[LOCAL.94],EDX
MOV EAX,DWORD PTR SS:[LOCAL.94]
MOV CL,BYTE PTR DS:[EAX+30]
MOV BYTE PTR SS:[LOCAL.93+3],CL
MOV EDX,DWORD PTR SS:[LOCAL.94]
MOV AL,BYTE PTR SS:[LOCAL.95+3]
MOV BYTE PTR DS:[EDX+30],AL
CMP DWORD PTR SS:[LOCAL.91],0
JNE SHORT 0041C19B
MOV DWORD PTR SS:[LOCAL.96],0
JMP SHORT 0041C1B2
MOV ECX,DWORD PTR SS:[LOCAL.91]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[LOCAL.91]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.96],EAX
PUSH 1C0

; /Arg2 = 1

PUSH 40

; |Arg1 = 4

MOV ECX,DWORD PTR SS:[LOCAL.96]


CALL 00408D80

; |
; \SystemIn

fo.00408D80
0041C1C4 |.
0041C1C7 |.
0041C1C8 |.
0041C1CE |.
0041C1CF |.
0041C1D4 |.
0041C1D7 |.
0041C1DD |.
0041C1E4 |.
0041C1E6 |.
0041C1F0 |.
0041C1F2 |>
0041C1F8 |.
0041C1FA |.
0041C200 |.
0041C203 |.
0041C209 |>
C0
0041C20E |.
0
0041C213 |.
0041C219 |.
fo.00408D80
0041C21E |.
0041C224 |.
0041C22A |.
0041C230 |.
0041C232 |.
0041C238 |.
0041C23B |.
0041C241 |.
0041C247 |.
0041C24A |.
0041C250 |.
0041C256 |.
0041C25C |.
0041C25F |.
0041C262 |.
0041C263 |.
0041C269 |.
0041C26A |.
0041C26F |.
0041C272 |.
0041C278 |.
A
0041C27A |.
0041C280 |.
fo.0040F5C0
0041C285 |.
0041C28B |.
fo.0040F7C0
0041C290 |>
0041C294 |.
0041C29A |.
fo.004059E0
0041C29F |.
0041C2A6 |.
0041C2A9 |.
fo.0040E780

8B4D 3C
51
8B95 94FEFFFF
52
E8 8CE7FEFF
83C4 08
8985 78FEFFFF
83BD 78FEFFFF
75 0C
C785 7CFEFFFF
EB 17
8B85 78FEFFFF
8B08
8B95 78FEFFFF
0351 04
8995 7CFEFFFF
68 C0010000

MOV ECX,DWORD PTR SS:[ARG.14]


PUSH ECX
MOV EDX,DWORD PTR SS:[LOCAL.91]
PUSH EDX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[LOCAL.98],EAX
CMP DWORD PTR SS:[LOCAL.98],0
JNE SHORT 0041C1F2
MOV DWORD PTR SS:[LOCAL.97],0
JMP SHORT 0041C209
MOV EAX,DWORD PTR SS:[LOCAL.98]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[LOCAL.98]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[LOCAL.97],EDX
PUSH 1C0

; /Arg2 = 1

68 80000000

PUSH 80

; |Arg1 = 8

8B8D 7CFEFFFF MOV ECX,DWORD PTR SS:[LOCAL.97]


E8 62CBFEFF CALL 00408D80

; |
; \SystemIn

8A85 1FFFFFFF
8885 6FFEFFFF
8B8D 78FEFFFF
8B11
8B85 78FEFFFF
0342 04
8985 70FEFFFF
8B8D 70FEFFFF
8A51 30
8895 77FEFFFF
8B85 70FEFFFF
8A8D 6FFEFFFF
8848 30
8D55 C4
52
8B85 78FEFFFF
50
E8 F1EBFEFF
83C4 08
8985 68FEFFFF
6A 0A

MOV AL,BYTE PTR SS:[LOCAL.57+3]


MOV BYTE PTR SS:[LOCAL.101+3],AL
MOV ECX,DWORD PTR SS:[LOCAL.98]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[LOCAL.98]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.100],EAX
MOV ECX,DWORD PTR SS:[LOCAL.100]
MOV DL,BYTE PTR DS:[ECX+30]
MOV BYTE PTR SS:[LOCAL.99+3],DL
MOV EAX,DWORD PTR SS:[LOCAL.100]
MOV CL,BYTE PTR SS:[LOCAL.101+3]
MOV BYTE PTR DS:[EAX+30],CL
LEA EDX,[LOCAL.15]
PUSH EDX
MOV EAX,DWORD PTR SS:[LOCAL.98]
PUSH EAX
CALL 0040AE60
ADD ESP,8
MOV DWORD PTR SS:[LOCAL.102],EAX
PUSH 0A

; /Arg1 = 0

8B8D 68FEFFFF MOV ECX,DWORD PTR SS:[LOCAL.102]


E8 3B33FFFF CALL 0040F5C0

; |
; \SystemIn

8B8D 68FEFFFF MOV ECX,DWORD PTR SS:[LOCAL.102]


E8 3035FFFF CALL 0040F7C0

; [SystemIn

C645 FC 00
MOV BYTE PTR SS:[LOCAL.1],0
8D8D 4CFFFFFF LEA ECX,[LOCAL.45]
E8 4197FEFF CALL 004059E0

; [SystemIn

C745 FC 02000 MOV DWORD PTR SS:[LOCAL.1],2


8D4D 0C
LEA ECX,[ARG.2]
E8 D224FFFF CALL 0040E780

; [SystemIn

0041C2AE |. C745 FC FFFFF


0041C2B5 |. 6A 00
0041C2B7 |. 6A 01
0041C2B9 |. 8D4D 0C
0041C2BC |. E8 9F38FFFF
fo.0040FB60
0041C2C1 |. 8B4D F4
0041C2C4 |. 64:890D 00000
0041C2CB |. 59
0041C2CC |. 8B4D F0
0041C2CF |. 33CD
0041C2D1 |. E8 1B240100
0041C2D6 |. 8BE5
0041C2D8 |. 5D
0041C2D9 \. C3
0041C2DA
CC
0041C2DB
CC
0041C2DC
CC
0041C2DD
CC
0041C2DE
CC
0041C2DF
CC
0041C2E0 /$ 55
o.0041C2E0(guessed Arg1)
0041C2E1 |. 8BEC
0041C2E3 |. 6A FF
0041C2E5 |. 68 06624400
0041C2EA |. 64:A1 0000000
0041C2F0 |. 50
0041C2F1 |. 81EC AC0E0000
0041C2F7 |. A1 A0154500
0041C2FC |. 33C5
0041C2FE |. 8945 E4
0041C301 |. 50
0041C302 |. 8D45 F4
0041C305 |. 64:A3 0000000
0041C30B |. A1 F8284500
0041C310 |. 83C0 01
0041C313 |. A3 F8284500
0041C318 |. 68 77874400
ystemInfo.448777
0041C31D |. 8D8D CCFAFFFF
0041C323 |. E8 C828FFFF
fo.0040EBF0
0041C328 |. C745 FC 00000
0041C32F |. 8D8D CCFAFFFF
0041C335 |. 51
OFFSET LOCAL.333
0041C336 |. B9 0C294500
0041C33B |. E8 E0ADFEFF
fo.00407120
0041C340 |. 68 74874400
"
0041C345 |. 8B15 F8284500
0041C34B |. 52
[4528F8] = 0
0041C34C |. B9 08294500
0041C351 |. E8 0A9BFEFF
fo.00405E60
0041C356 |. 50
0041C357 |. E8 04E6FEFF

MOV DWORD PTR SS:[LOCAL.1],-1


PUSH 0
PUSH 1
LEA ECX,[ARG.2]
CALL 0040FB60

;
;
;
;

MOV ECX,DWORD PTR SS:[LOCAL.3]


MOV DWORD PTR FS:[0],ECX
POP ECX
MOV ECX,DWORD PTR SS:[LOCAL.4]
XOR ECX,EBP
CALL 0042E6F1
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP

; SystemInf

MOV EBP,ESP
PUSH -1
PUSH 00446206
MOV EAX,DWORD PTR FS:[0]
PUSH EAX
SUB ESP,0EAC
MOV EAX,DWORD PTR DS:[4515A0]
XOR EAX,EBP
MOV DWORD PTR SS:[LOCAL.7],EAX
PUSH EAX
LEA EAX,[LOCAL.3]
MOV DWORD PTR FS:[0],EAX
MOV EAX,DWORD PTR DS:[4528F8]
ADD EAX,1
MOV DWORD PTR DS:[4528F8],EAX
PUSH OFFSET 00448777

; /Arg1 = S

LEA ECX,[LOCAL.333]
CALL 0040EBF0

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.1],0


LEA ECX,[LOCAL.333]
PUSH ECX

; /Arg1 =>

MOV ECX,OFFSET 0045290C


CALL 00407120

; |
; \SystemIn

PUSH OFFSET 00448774

; ASCII ".

MOV EDX,DWORD PTR DS:[4528F8]


PUSH EDX

; /Arg1 =>

MOV ECX,OFFSET 00452908


CALL 00405E60

; |
; \SystemIn

PUSH EAX
CALL 0040A960

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

0041C35C |. 83C4 08
0041C35F |. 8D85 B0FAFFFF
0041C365 |. 50
OFFSET LOCAL.340
0041C366 |. B9 08294500
0041C36B |. E8 F0A0FEFF
fo.00406460
0041C370 |. 8985 20F2FFFF
0041C376 |. 8B8D 20F2FFFF
0041C37C |. 898D 1CF2FFFF
0041C382 |. C645 FC 01
0041C386 |. 837D 08 00
0041C38A |. 75 0C
0041C38C |. C785 F0F6FFFF
0041C396 |. EB 11
0041C398 |> 8B55 08
0041C39B |. 8B02
0041C39D |. 8B4D 08
0041C3A0 |. 0348 04
0041C3A3 |. 898D F0F6FFFF
0041C3A9 |> 68 C0010000
C0
0041C3AE |. 6A 40
0
0041C3B0 |. 8B8D F0F6FFFF
0041C3B6 |. E8 C5C9FEFF
fo.00408D80
0041C3BB |. 6A 06
0041C3BD |. 8D95 A8FAFFFF
0041C3C3 |. 52
OFFSET LOCAL.342
0041C3C4 |. E8 CF130100
fo.0042D798
0041C3C9 |. 83C4 08
0041C3CC |. 8985 ECF6FFFF
0041C3D2 |. 837D 08 00
0041C3D6 |. 75 0C
0041C3D8 |. C785 18F2FFFF
0041C3E2 |. EB 11
0041C3E4 |> 8B45 08
0041C3E7 |. 8B08
0041C3E9 |. 8B55 08
0041C3EC |. 0351 04
0041C3EF |. 8995 18F2FFFF
0041C3F5 |> 8B85 ECF6FFFF
0041C3FB |. 8B48 04
0041C3FE |. 51
0041C3FF |. 8B95 18F2FFFF
0041C405 |. 52
0041C406 |. 8B85 ECF6FFFF
0041C40C |. 8B08
0041C40E |. FFD1
0041C410 |. 83C4 08
0041C413 |. 8B95 1CF2FFFF
0041C419 |. 52
0041C41A |. 8B45 08
0041C41D |. 50
0041C41E |. E8 3DEAFEFF
0041C423 |. 83C4 08
0041C426 |. 8985 E4F6FFFF

ADD ESP,8
LEA EAX,[LOCAL.340]
PUSH EAX

; /Arg1 =>

MOV ECX,OFFSET 00452908


CALL 00406460

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.888],EAX


MOV ECX,DWORD PTR SS:[LOCAL.888]
MOV DWORD PTR SS:[LOCAL.889],ECX
MOV BYTE PTR SS:[LOCAL.1],1
CMP DWORD PTR SS:[ARG.1],0
JNE SHORT 0041C398
MOV DWORD PTR SS:[LOCAL.580],0
JMP SHORT 0041C3A9
MOV EDX,DWORD PTR SS:[ARG.1]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[ARG.1]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.580],ECX
PUSH 1C0

; /Arg2 = 1

PUSH 40

; |Arg1 = 4

MOV ECX,DWORD PTR SS:[LOCAL.580]


CALL 00408D80

; |
; \SystemIn

PUSH 6
LEA EDX,[LOCAL.342]
PUSH EDX

; /Arg2 = 6
; |
; |Arg1 =>

CALL 0042D798

; \SystemIn

ADD ESP,8
MOV DWORD PTR SS:[LOCAL.581],EAX
CMP DWORD PTR SS:[ARG.1],0
JNE SHORT 0041C3E4
MOV DWORD PTR SS:[LOCAL.890],0
JMP SHORT 0041C3F5
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[ARG.1]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[LOCAL.890],EDX
MOV EAX,DWORD PTR SS:[LOCAL.581]
MOV ECX,DWORD PTR DS:[EAX+4]
PUSH ECX
MOV EDX,DWORD PTR SS:[LOCAL.890]
PUSH EDX
MOV EAX,DWORD PTR SS:[LOCAL.581]
MOV ECX,DWORD PTR DS:[EAX]
CALL ECX
ADD ESP,8
MOV EDX,DWORD PTR SS:[LOCAL.889]
PUSH EDX
MOV EAX,DWORD PTR SS:[ARG.1]
PUSH EAX
CALL 0040AE60
ADD ESP,8
MOV DWORD PTR SS:[LOCAL.583],EAX

0041C42C |. 83BD E4F6FFFF


0041C433 |. 75 0C
0041C435 |. C785 E8F6FFFF
0041C43F |. EB 17
0041C441 |> 8B8D E4F6FFFF
0041C447 |. 8B11
0041C449 |. 8B85 E4F6FFFF
0041C44F |. 0342 04
0041C452 |. 8985 E8F6FFFF
0041C458 |> 68 C0010000
C0
0041C45D |. 68 80000000
0
0041C462 |. 8B8D E8F6FFFF
0041C468 |. E8 13C9FEFF
fo.00408D80
0041C46D |. 68 F8994400
DEO"
0041C472 |. 8B8D E4F6FFFF
0041C478 |. 51
0041C479 |. E8 E2E4FEFF
0041C47E |. 83C4 08
0041C481 |. 8985 E0F6FFFF
0041C487 |. 6A 0A
A
0041C489 |. 8B8D E0F6FFFF
0041C48F |. E8 2C31FFFF
fo.0040F5C0
0041C494 |. 8B8D E0F6FFFF
0041C49A |. E8 2133FFFF
fo.0040F7C0
0041C49F |. C645 FC 00
0041C4A3 |. 6A 00
0041C4A5 |. 6A 01
0041C4A7 |. 8D8D B0FAFFFF
0041C4AD |. E8 AE36FFFF
fo.0040FB60
0041C4B2 |. C745 FC FFFFF
0041C4B9 |. 6A 00
0041C4BB |. 6A 01
0041C4BD |. 8D8D CCFAFFFF
0041C4C3 |. E8 9836FFFF
fo.0040FB60
0041C4C8 |. 6A 00
ULL
0041C4CA |. FF15 0C824400
etDC
0041C4D0 |. 8985 CCFDFFFF
0041C4D6 |. C685 A7FAFFFF
0041C4DD |. C685 A6FAFFFF
0041C4E4 |. 6A 06
0041C4E6 |. 8D95 94FAFFFF
0041C4EC |. 52
OFFSET LOCAL.347
0041C4ED |. E8 A6120100
fo.0042D798
0041C4F2 |. 83C4 08
0041C4F5 |. 8985 DCF6FFFF
0041C4FB |. 837D 08 00
0041C4FF |. 75 0C

CMP DWORD PTR SS:[LOCAL.583],0


JNE SHORT 0041C441
MOV DWORD PTR SS:[LOCAL.582],0
JMP SHORT 0041C458
MOV ECX,DWORD PTR SS:[LOCAL.583]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[LOCAL.583]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.582],EAX
PUSH 1C0

; /Arg2 = 1

PUSH 80

; |Arg1 = 8

MOV ECX,DWORD PTR SS:[LOCAL.582]


CALL 00408D80

; |
; \SystemIn

PUSH OFFSET 004499F8

; ASCII "VI

MOV ECX,DWORD PTR SS:[LOCAL.583]


PUSH ECX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[LOCAL.584],EAX
PUSH 0A

; /Arg1 = 0

MOV ECX,DWORD PTR SS:[LOCAL.584]


CALL 0040F5C0

; |
; \SystemIn

MOV ECX,DWORD PTR SS:[LOCAL.584]


CALL 0040F7C0

; [SystemIn

MOV BYTE PTR SS:[LOCAL.1],0


PUSH 0
PUSH 1
LEA ECX,[LOCAL.340]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

MOV DWORD PTR SS:[LOCAL.1],-1


PUSH 0
PUSH 1
LEA ECX,[LOCAL.333]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

PUSH 0

; /hWnd = N

CALL DWORD PTR DS:[<&USER32.GetDC>]

; \USER32.G

MOV DWORD PTR SS:[LOCAL.141],EAX


MOV BYTE PTR SS:[LOCAL.343+3],20
MOV BYTE PTR SS:[LOCAL.343+2],2E
PUSH 6
LEA EDX,[LOCAL.347]
PUSH EDX

; /Arg2 = 6
; |
; |Arg1 =>

CALL 0042D798

; \SystemIn

ADD
MOV
CMP
JNE

ESP,8
DWORD PTR SS:[LOCAL.585],EAX
DWORD PTR SS:[ARG.1],0
SHORT 0041C50D

0041C501 |. C785 14F2FFFF


0041C50B |. EB 11
0041C50D |> 8B45 08
0041C510 |. 8B08
0041C512 |. 8B55 08
0041C515 |. 0351 04
0041C518 |. 8995 14F2FFFF
0041C51E |> 8B85 DCF6FFFF
0041C524 |. 8B48 04
0041C527 |. 51
0041C528 |. 8B95 14F2FFFF
0041C52E |. 52
0041C52F |. 8B85 DCF6FFFF
0041C535 |. 8B08
0041C537 |. FFD1
0041C539 |. 83C4 08
0041C53C |. 6A 23
3
0041C53E |. 8D95 9CFAFFFF
0041C544 |. 52
OFFSET LOCAL.345
0041C545 |. E8 4E120100
fo.0042D798
0041C54A |. 83C4 08
0041C54D |. 8985 D4F6FFFF
0041C553 |. 68 77874400
0041C558 |. 8B45 08
0041C55B |. 50
0041C55C |. E8 FFE3FEFF
0041C561 |. 83C4 08
0041C564 |. 8985 D8F6FFFF
0041C56A |. 83BD D8F6FFFF
0041C571 |. 75 0C
0041C573 |. C785 10F2FFFF
0041C57D |. EB 17
0041C57F |> 8B8D D8F6FFFF
0041C585 |. 8B11
0041C587 |. 8B85 D8F6FFFF
0041C58D |. 0342 04
0041C590 |. 8985 10F2FFFF
0041C596 |> 8B8D D4F6FFFF
0041C59C |. 8B51 04
0041C59F |. 52
0041C5A0 |. 8B85 10F2FFFF
0041C5A6 |. 50
0041C5A7 |. 8B8D D4F6FFFF
0041C5AD |. 8B11
0041C5AF |. FFD2
0041C5B1 |. 83C4 08
0041C5B4 |. 8A85 A6FAFFFF
0041C5BA |. 8885 CBF6FFFF
0041C5C0 |. 8B8D D8F6FFFF
0041C5C6 |. 8B11
0041C5C8 |. 8B85 D8F6FFFF
0041C5CE |. 0342 04
0041C5D1 |. 8985 CCF6FFFF
0041C5D7 |. 8B8D CCF6FFFF
0041C5DD |. 8A51 30
0041C5E0 |. 8895 D3F6FFFF
0041C5E6 |. 8B85 CCF6FFFF

MOV DWORD PTR SS:[LOCAL.891],0


JMP SHORT 0041C51E
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[ARG.1]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[LOCAL.891],EDX
MOV EAX,DWORD PTR SS:[LOCAL.585]
MOV ECX,DWORD PTR DS:[EAX+4]
PUSH ECX
MOV EDX,DWORD PTR SS:[LOCAL.891]
PUSH EDX
MOV EAX,DWORD PTR SS:[LOCAL.585]
MOV ECX,DWORD PTR DS:[EAX]
CALL ECX
ADD ESP,8
PUSH 23

; /Arg2 = 2

LEA EDX,[LOCAL.345]
PUSH EDX

; |
; |Arg1 =>

CALL 0042D798

; \SystemIn

ADD ESP,8
MOV DWORD PTR SS:[LOCAL.587],EAX
PUSH OFFSET 00448777
MOV EAX,DWORD PTR SS:[ARG.1]
PUSH EAX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[LOCAL.586],EAX
CMP DWORD PTR SS:[LOCAL.586],0
JNE SHORT 0041C57F
MOV DWORD PTR SS:[LOCAL.892],0
JMP SHORT 0041C596
MOV ECX,DWORD PTR SS:[LOCAL.586]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[LOCAL.586]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.892],EAX
MOV ECX,DWORD PTR SS:[LOCAL.587]
MOV EDX,DWORD PTR DS:[ECX+4]
PUSH EDX
MOV EAX,DWORD PTR SS:[LOCAL.892]
PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.587]
MOV EDX,DWORD PTR DS:[ECX]
CALL EDX
ADD ESP,8
MOV AL,BYTE PTR SS:[LOCAL.343+2]
MOV BYTE PTR SS:[LOCAL.590+3],AL
MOV ECX,DWORD PTR SS:[LOCAL.586]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[LOCAL.586]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.589],EAX
MOV ECX,DWORD PTR SS:[LOCAL.589]
MOV DL,BYTE PTR DS:[ECX+30]
MOV BYTE PTR SS:[LOCAL.588+3],DL
MOV EAX,DWORD PTR SS:[LOCAL.589]

0041C5EC |.
0041C5F2 |.
0041C5F5 |.
0041C5FC |.
0041C5FE |.
0041C608 |.
0041C60A |>
0041C610 |.
0041C612 |.
0041C618 |.
0041C61B |.
0041C621 |>
C0
0041C626 |.
0
0041C628 |.
0041C62E |.
fo.00408D80
0041C633 |.
reen Size"
0041C638 |.
0041C63E |.
0041C63F |.
0041C644 |.
0041C647 |.
0041C64D |.
0041C654 |.
0041C656 |.
0041C660 |.
0041C662 |>
0041C668 |.
0041C66A |.
0041C670 |.
0041C673 |.
0041C679 |>
C0
0041C67E |.
0
0041C683 |.
0041C689 |.
fo.00408D80
0041C68E |.
0041C694 |.
0041C69A |.
0041C6A0 |.
0041C6A2 |.
0041C6A8 |.
0041C6AB |.
0041C6B1 |.
0041C6B7 |.
0041C6BA |.
0041C6C0 |.
0041C6C6 |.
0041C6CC |.
0041C6CF |.
VERTRES
0041C6D1 |.
0041C6D7 |.
LOCAL.141]
0041C6D8 |.

8A8D CBF6FFFF
8848 30
83BD D8F6FFFF
75 0C
C785 C4F6FFFF
EB 17
8B95 D8F6FFFF
8B02
8B8D D8F6FFFF
0348 04
898D C4F6FFFF
68 C0010000

MOV CL,BYTE PTR SS:[LOCAL.590+3]


MOV BYTE PTR DS:[EAX+30],CL
CMP DWORD PTR SS:[LOCAL.586],0
JNE SHORT 0041C60A
MOV DWORD PTR SS:[LOCAL.591],0
JMP SHORT 0041C621
MOV EDX,DWORD PTR SS:[LOCAL.586]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[LOCAL.586]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.591],ECX
PUSH 1C0

; /Arg2 = 1

6A 40

PUSH 40

; |Arg1 = 4

8B8D C4F6FFFF MOV ECX,DWORD PTR SS:[LOCAL.591]


E8 4DC7FEFF CALL 00408D80

; |
; \SystemIn

68 EC994400

PUSH OFFSET 004499EC

; ASCII "Sc

8B95 D8F6FFFF
52
E8 1CE3FEFF
83C4 08
8985 BCF6FFFF
83BD BCF6FFFF
75 0C
C785 C0F6FFFF
EB 17
8B85 BCF6FFFF
8B08
8B95 BCF6FFFF
0351 04
8995 C0F6FFFF
68 C0010000

MOV EDX,DWORD PTR SS:[LOCAL.586]


PUSH EDX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[LOCAL.593],EAX
CMP DWORD PTR SS:[LOCAL.593],0
JNE SHORT 0041C662
MOV DWORD PTR SS:[LOCAL.592],0
JMP SHORT 0041C679
MOV EAX,DWORD PTR SS:[LOCAL.593]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[LOCAL.593]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[LOCAL.592],EDX
PUSH 1C0

; /Arg2 = 1

68 80000000

PUSH 80

; |Arg1 = 8

8B8D C0F6FFFF MOV ECX,DWORD PTR SS:[LOCAL.592]


E8 F2C6FEFF CALL 00408D80

; |
; \SystemIn

8A85 A7FAFFFF
8885 B3F6FFFF
8B8D BCF6FFFF
8B11
8B85 BCF6FFFF
0342 04
8985 B4F6FFFF
8B8D B4F6FFFF
8A51 30
8895 BBF6FFFF
8B85 B4F6FFFF
8A8D B3F6FFFF
8848 30
6A 0A

; /Index =

MOV AL,BYTE PTR SS:[LOCAL.343+3]


MOV BYTE PTR SS:[LOCAL.596+3],AL
MOV ECX,DWORD PTR SS:[LOCAL.593]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[LOCAL.593]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.595],EAX
MOV ECX,DWORD PTR SS:[LOCAL.595]
MOV DL,BYTE PTR DS:[ECX+30]
MOV BYTE PTR SS:[LOCAL.594+3],DL
MOV EAX,DWORD PTR SS:[LOCAL.595]
MOV CL,BYTE PTR SS:[LOCAL.596+3]
MOV BYTE PTR DS:[EAX+30],CL
PUSH 0A

8B95 CCFDFFFF MOV EDX,DWORD PTR SS:[LOCAL.141]


52
PUSH EDX

; |
; |hDC => [

FF15 20804400 CALL DWORD PTR DS:[<&GDI32.GetDeviceCaps ; \GDI32.Ge

tDeviceCaps
0041C6DE |. 50
0041C6DF |. 6A 78
0041C6E1 |. 6A 08
HORZRES
0041C6E3 |. 8B85 CCFDFFFF
0041C6E9 |. 50
[LOCAL.141]
0041C6EA |. FF15 20804400
etDeviceCaps
0041C6F0 |. 50
0041C6F1 |. 8B8D BCF6FFFF
0041C6F7 |. E8 6497FEFF
nfo.00405E60
0041C6FC |. 50
0041C6FD |. E8 DE060100
0041C702 |. 83C4 08
0041C705 |. 8BC8
0041C707 |. E8 5497FEFF
fo.00405E60
0041C70C |. 8985 ACF6FFFF
0041C712 |. 6A 0A
A
0041C714 |. 8B8D ACF6FFFF
0041C71A |. E8 A12EFFFF
fo.0040F5C0
0041C71F |. 8B8D ACF6FFFF
0041C725 |. E8 9630FFFF
fo.0040F7C0
0041C72A |. C685 93FAFFFF
0041C731 |. C685 92FAFFFF
0041C738 |. 6A 06
0041C73A |. 8D8D 80FAFFFF
0041C740 |. 51
OFFSET LOCAL.352
0041C741 |. E8 52100100
fo.0042D798
0041C746 |. 83C4 08
0041C749 |. 8985 A8F6FFFF
0041C74F |. 837D 08 00
0041C753 |. 75 0C
0041C755 |. C785 0CF2FFFF
0041C75F |. EB 11
0041C761 |> 8B55 08
0041C764 |. 8B02
0041C766 |. 8B4D 08
0041C769 |. 0348 04
0041C76C |. 898D 0CF2FFFF
0041C772 |> 8B95 A8F6FFFF
0041C778 |. 8B42 04
0041C77B |. 50
0041C77C |. 8B8D 0CF2FFFF
0041C782 |. 51
0041C783 |. 8B95 A8F6FFFF
0041C789 |. 8B02
0041C78B |. FFD0
0041C78D |. 83C4 08
0041C790 |. 6A 23
3
0041C792 |. 8D8D 88FAFFFF

PUSH EAX
PUSH 78
PUSH 8

; /Arg1
; |
; |/Index =

MOV EAX,DWORD PTR SS:[LOCAL.141]


PUSH EAX

; ||
; ||hDC =>

CALL DWORD PTR DS:[<&GDI32.GetDeviceCaps ; |\GDI32.G


PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.593]
CALL 00405E60

; |/Arg1
; ||
; |\SystemI

PUSH EAX
CALL 0042CDE0
ADD ESP,8
MOV ECX,EAX
CALL 00405E60

;
;
;
;
;

MOV DWORD PTR SS:[LOCAL.597],EAX


PUSH 0A

; /Arg1 = 0

MOV ECX,DWORD PTR SS:[LOCAL.597]


CALL 0040F5C0

; |
; \SystemIn

MOV ECX,DWORD PTR SS:[LOCAL.597]


CALL 0040F7C0

; [SystemIn

MOV BYTE PTR SS:[LOCAL.348+3],20


MOV BYTE PTR SS:[LOCAL.348+2],2E
PUSH 6
LEA ECX,[LOCAL.352]
PUSH ECX

; /Arg2 = 6
; |
; |Arg1 =>

CALL 0042D798

; \SystemIn

ADD ESP,8
MOV DWORD PTR SS:[LOCAL.598],EAX
CMP DWORD PTR SS:[ARG.1],0
JNE SHORT 0041C761
MOV DWORD PTR SS:[LOCAL.893],0
JMP SHORT 0041C772
MOV EDX,DWORD PTR SS:[ARG.1]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[ARG.1]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.893],ECX
MOV EDX,DWORD PTR SS:[LOCAL.598]
MOV EAX,DWORD PTR DS:[EDX+4]
PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.893]
PUSH ECX
MOV EDX,DWORD PTR SS:[LOCAL.598]
MOV EAX,DWORD PTR DS:[EDX]
CALL EAX
ADD ESP,8
PUSH 23

; /Arg2 = 2

LEA ECX,[LOCAL.350]

; |

|
|
|
|
\SystemIn

0041C798 |. 51
OFFSET LOCAL.350
0041C799 |. E8 FA0F0100
fo.0042D798
0041C79E |. 83C4 08
0041C7A1 |. 8985 A0F6FFFF
0041C7A7 |. 68 77874400
0041C7AC |. 8B55 08
0041C7AF |. 52
0041C7B0 |. E8 ABE1FEFF
0041C7B5 |. 83C4 08
0041C7B8 |. 8985 A4F6FFFF
0041C7BE |. 83BD A4F6FFFF
0041C7C5 |. 75 0C
0041C7C7 |. C785 08F2FFFF
0041C7D1 |. EB 17
0041C7D3 |> 8B85 A4F6FFFF
0041C7D9 |. 8B08
0041C7DB |. 8B95 A4F6FFFF
0041C7E1 |. 0351 04
0041C7E4 |. 8995 08F2FFFF
0041C7EA |> 8B85 A0F6FFFF
0041C7F0 |. 8B48 04
0041C7F3 |. 51
0041C7F4 |. 8B95 08F2FFFF
0041C7FA |. 52
0041C7FB |. 8B85 A0F6FFFF
0041C801 |. 8B08
0041C803 |. FFD1
0041C805 |. 83C4 08
0041C808 |. 8A95 92FAFFFF
0041C80E |. 8895 97F6FFFF
0041C814 |. 8B85 A4F6FFFF
0041C81A |. 8B08
0041C81C |. 8B95 A4F6FFFF
0041C822 |. 0351 04
0041C825 |. 8995 98F6FFFF
0041C82B |. 8B85 98F6FFFF
0041C831 |. 8A48 30
0041C834 |. 888D 9FF6FFFF
0041C83A |. 8B95 98F6FFFF
0041C840 |. 8A85 97F6FFFF
0041C846 |. 8842 30
0041C849 |. 83BD A4F6FFFF
0041C850 |. 75 0C
0041C852 |. C785 90F6FFFF
0041C85C |. EB 17
0041C85E |> 8B8D A4F6FFFF
0041C864 |. 8B11
0041C866 |. 8B85 A4F6FFFF
0041C86C |. 0342 04
0041C86F |. 8985 90F6FFFF
0041C875 |> 68 C0010000
C0
0041C87A |. 6A 40
0
0041C87C |. 8B8D 90F6FFFF
0041C882 |. E8 F9C4FEFF
fo.00408D80
0041C887 |. 68 E0994400

PUSH ECX

; |Arg1 =>

CALL 0042D798

; \SystemIn

ADD ESP,8
MOV DWORD PTR SS:[LOCAL.600],EAX
PUSH OFFSET 00448777
MOV EDX,DWORD PTR SS:[ARG.1]
PUSH EDX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[LOCAL.599],EAX
CMP DWORD PTR SS:[LOCAL.599],0
JNE SHORT 0041C7D3
MOV DWORD PTR SS:[LOCAL.894],0
JMP SHORT 0041C7EA
MOV EAX,DWORD PTR SS:[LOCAL.599]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[LOCAL.599]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[LOCAL.894],EDX
MOV EAX,DWORD PTR SS:[LOCAL.600]
MOV ECX,DWORD PTR DS:[EAX+4]
PUSH ECX
MOV EDX,DWORD PTR SS:[LOCAL.894]
PUSH EDX
MOV EAX,DWORD PTR SS:[LOCAL.600]
MOV ECX,DWORD PTR DS:[EAX]
CALL ECX
ADD ESP,8
MOV DL,BYTE PTR SS:[LOCAL.348+2]
MOV BYTE PTR SS:[LOCAL.603+3],DL
MOV EAX,DWORD PTR SS:[LOCAL.599]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[LOCAL.599]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[LOCAL.602],EDX
MOV EAX,DWORD PTR SS:[LOCAL.602]
MOV CL,BYTE PTR DS:[EAX+30]
MOV BYTE PTR SS:[LOCAL.601+3],CL
MOV EDX,DWORD PTR SS:[LOCAL.602]
MOV AL,BYTE PTR SS:[LOCAL.603+3]
MOV BYTE PTR DS:[EDX+30],AL
CMP DWORD PTR SS:[LOCAL.599],0
JNE SHORT 0041C85E
MOV DWORD PTR SS:[LOCAL.604],0
JMP SHORT 0041C875
MOV ECX,DWORD PTR SS:[LOCAL.599]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[LOCAL.599]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.604],EAX
PUSH 1C0

; /Arg2 = 1

PUSH 40

; |Arg1 = 4

MOV ECX,DWORD PTR SS:[LOCAL.604]


CALL 00408D80

; |
; \SystemIn

PUSH OFFSET 004499E0

; ASCII "Co

lor Depth"
0041C88C |. 8B8D A4F6FFFF
0041C892 |. 51
0041C893 |. E8 C8E0FEFF
0041C898 |. 83C4 08
0041C89B |. 8985 88F6FFFF
0041C8A1 |. 83BD 88F6FFFF
0041C8A8 |. 75 0C
0041C8AA |. C785 8CF6FFFF
0041C8B4 |. EB 17
0041C8B6 |> 8B95 88F6FFFF
0041C8BC |. 8B02
0041C8BE |. 8B8D 88F6FFFF
0041C8C4 |. 0348 04
0041C8C7 |. 898D 8CF6FFFF
0041C8CD |> 68 C0010000
C0
0041C8D2 |. 68 80000000
0
0041C8D7 |. 8B8D 8CF6FFFF
0041C8DD |. E8 9EC4FEFF
fo.00408D80
0041C8E2 |. 8A95 93FAFFFF
0041C8E8 |. 8895 7FF6FFFF
0041C8EE |. 8B85 88F6FFFF
0041C8F4 |. 8B08
0041C8F6 |. 8B95 88F6FFFF
0041C8FC |. 0351 04
0041C8FF |. 8995 80F6FFFF
0041C905 |. 8B85 80F6FFFF
0041C90B |. 8A48 30
0041C90E |. 888D 87F6FFFF
0041C914 |. 8B95 80F6FFFF
0041C91A |. 8A85 7FF6FFFF
0041C920 |. 8842 30
0041C923 |. 6A 0C
BITSPIXEL
0041C925 |. 8B8D CCFDFFFF
0041C92B |. 51
LOCAL.141]
0041C92C |. FF15 20804400
tDeviceCaps
0041C932 |. 8945 F0
0041C935 |. 837D F0 08
0041C939 |. 7F 41
0041C93B |. 68 C8994400
olors in color table)"
0041C940 |. 6A 18
NUMCOLORS
0041C942 |. 8B95 CCFDFFFF
0041C948 |. 52
LOCAL.141]
0041C949 |. FF15 20804400
tDeviceCaps
0041C94F |. 50
0041C950 |. 68 B8994400
bit color ("
0041C955 |. 8B45 F0
0041C958 |. 50
[LOCAL.4]

MOV ECX,DWORD PTR SS:[LOCAL.599]


PUSH ECX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[LOCAL.606],EAX
CMP DWORD PTR SS:[LOCAL.606],0
JNE SHORT 0041C8B6
MOV DWORD PTR SS:[LOCAL.605],0
JMP SHORT 0041C8CD
MOV EDX,DWORD PTR SS:[LOCAL.606]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[LOCAL.606]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.605],ECX
PUSH 1C0

; /Arg2 = 1

PUSH 80

; |Arg1 = 8

MOV ECX,DWORD PTR SS:[LOCAL.605]


CALL 00408D80

; |
; \SystemIn

MOV DL,BYTE PTR SS:[LOCAL.348+3]


MOV BYTE PTR SS:[LOCAL.609+3],DL
MOV EAX,DWORD PTR SS:[LOCAL.606]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[LOCAL.606]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[LOCAL.608],EDX
MOV EAX,DWORD PTR SS:[LOCAL.608]
MOV CL,BYTE PTR DS:[EAX+30]
MOV BYTE PTR SS:[LOCAL.607+3],CL
MOV EDX,DWORD PTR SS:[LOCAL.608]
MOV AL,BYTE PTR SS:[LOCAL.609+3]
MOV BYTE PTR DS:[EDX+30],AL
PUSH 0C

; /Index =

MOV ECX,DWORD PTR SS:[LOCAL.141]


PUSH ECX

; |
; |hDC => [

CALL DWORD PTR DS:[<&GDI32.GetDeviceCaps ; \GDI32.Ge


MOV DWORD PTR SS:[LOCAL.4],EAX
CMP DWORD PTR SS:[LOCAL.4],8
JG SHORT 0041C97C
PUSH OFFSET 004499C8

; ASCII " c

PUSH 18

; /Index =

MOV EDX,DWORD PTR SS:[LOCAL.141]


PUSH EDX

; |
; |hDC => [

CALL DWORD PTR DS:[<&GDI32.GetDeviceCaps ; \GDI32.Ge


PUSH EAX
PUSH OFFSET 004499B8

; /Arg1
; |ASCII "-

MOV EAX,DWORD PTR SS:[LOCAL.4]


PUSH EAX

; |
; |/Arg1 =>

0041C959 |. 8B4D 08
0041C95C |. E8 FF94FEFF
nfo.00405E60
0041C961 |. 50
0041C962 |. E8 F9DFFEFF
0041C967 |. 83C4 08
0041C96A |. 8BC8
0041C96C |. E8 EF94FEFF
fo.00405E60
0041C971 |. 50
0041C972 |. E8 E9DFFEFF
0041C977 |. 83C4 08
0041C97A |. EB 33
0041C97C |> 837D F0 10
0041C980 |. 75 13
0041C982 |. 68 A4994400
- or 16-bit color"
0041C987 |. 8B4D 08
0041C98A |. 51
0041C98B |. E8 D0DFFEFF
0041C990 |. 83C4 08
0041C993 |. EB 1A
0041C995 |> 68 98994400
it color"
0041C99A |. 8B55 F0
0041C99D |. 52
[LOCAL.4]
0041C99E |. 8B4D 08
0041C9A1 |. E8 BA94FEFF
fo.00405E60
0041C9A6 |. 50
0041C9A7 |. E8 B4DFFEFF
0041C9AC |. 83C4 08
0041C9AF |> 6A 0A
A
0041C9B1 |. 8B4D 08
0041C9B4 |. E8 072CFFFF
fo.0040F5C0
0041C9B9 |. 8B4D 08
0041C9BC |. E8 FF2DFFFF
fo.0040F7C0
0041C9C1 |. C685 7FFAFFFF
0041C9C8 |. C685 7EFAFFFF
0041C9CF |. 6A 06
0041C9D1 |. 8D85 6CFAFFFF
0041C9D7 |. 50
OFFSET LOCAL.357
0041C9D8 |. E8 BB0D0100
fo.0042D798
0041C9DD |. 83C4 08
0041C9E0 |. 8985 78F6FFFF
0041C9E6 |. 837D 08 00
0041C9EA |. 75 0C
0041C9EC |. C785 04F2FFFF
0041C9F6 |. EB 11
0041C9F8 |> 8B4D 08
0041C9FB |. 8B11
0041C9FD |. 8B45 08
0041CA00 |. 0342 04
0041CA03 |. 8985 04F2FFFF

MOV ECX,DWORD PTR SS:[ARG.1]


CALL 00405E60

; ||
; |\SystemI

PUSH EAX
CALL 0040A960
ADD ESP,8
MOV ECX,EAX
CALL 00405E60

;
;
;
;
;

PUSH EAX
CALL 0040A960
ADD ESP,8
JMP SHORT 0041C9AF
CMP DWORD PTR SS:[LOCAL.4],10
JNE SHORT 0041C995
PUSH OFFSET 004499A4

; ASCII "15

MOV ECX,DWORD PTR SS:[ARG.1]


PUSH ECX
CALL 0040A960
ADD ESP,8
JMP SHORT 0041C9AF
PUSH OFFSET 00449998

; ASCII "-b

MOV EDX,DWORD PTR SS:[LOCAL.4]


PUSH EDX

; /Arg1 =>

MOV ECX,DWORD PTR SS:[ARG.1]


CALL 00405E60

; |
; \SystemIn

PUSH EAX
CALL 0040A960
ADD ESP,8
PUSH 0A

; /Arg1 = 0

MOV ECX,DWORD PTR SS:[ARG.1]


CALL 0040F5C0

; |
; \SystemIn

MOV ECX,DWORD PTR SS:[ARG.1]


CALL 0040F7C0

; [SystemIn

MOV BYTE PTR SS:[LOCAL.353+3],20


MOV BYTE PTR SS:[LOCAL.353+2],2E
PUSH 6
LEA EAX,[LOCAL.357]
PUSH EAX

; /Arg2 = 6
; |
; |Arg1 =>

CALL 0042D798

; \SystemIn

ADD
MOV
CMP
JNE
MOV
JMP
MOV
MOV
MOV
ADD
MOV

ESP,8
DWORD PTR SS:[LOCAL.610],EAX
DWORD PTR SS:[ARG.1],0
SHORT 0041C9F8
DWORD PTR SS:[LOCAL.895],0
SHORT 0041CA09
ECX,DWORD PTR SS:[ARG.1]
EDX,DWORD PTR DS:[ECX]
EAX,DWORD PTR SS:[ARG.1]
EAX,DWORD PTR DS:[EDX+4]
DWORD PTR SS:[LOCAL.895],EAX

|
|
|
|
\SystemIn

0041CA09 |> 8B8D 78F6FFFF


0041CA0F |. 8B51 04
0041CA12 |. 52
0041CA13 |. 8B85 04F2FFFF
0041CA19 |. 50
0041CA1A |. 8B8D 78F6FFFF
0041CA20 |. 8B11
0041CA22 |. FFD2
0041CA24 |. 83C4 08
0041CA27 |. 6A 23
3
0041CA29 |. 8D85 74FAFFFF
0041CA2F |. 50
OFFSET LOCAL.355
0041CA30 |. E8 630D0100
fo.0042D798
0041CA35 |. 83C4 08
0041CA38 |. 8985 70F6FFFF
0041CA3E |. 68 77874400
0041CA43 |. 8B4D 08
0041CA46 |. 51
0041CA47 |. E8 14DFFEFF
0041CA4C |. 83C4 08
0041CA4F |. 8985 74F6FFFF
0041CA55 |. 83BD 74F6FFFF
0041CA5C |. 75 0C
0041CA5E |. C785 00F2FFFF
0041CA68 |. EB 17
0041CA6A |> 8B95 74F6FFFF
0041CA70 |. 8B02
0041CA72 |. 8B8D 74F6FFFF
0041CA78 |. 0348 04
0041CA7B |. 898D 00F2FFFF
0041CA81 |> 8B95 70F6FFFF
0041CA87 |. 8B42 04
0041CA8A |. 50
0041CA8B |. 8B8D 00F2FFFF
0041CA91 |. 51
0041CA92 |. 8B95 70F6FFFF
0041CA98 |. 8B02
0041CA9A |. FFD0
0041CA9C |. 83C4 08
0041CA9F |. 8A8D 7EFAFFFF
0041CAA5 |. 888D 67F6FFFF
0041CAAB |. 8B95 74F6FFFF
0041CAB1 |. 8B02
0041CAB3 |. 8B8D 74F6FFFF
0041CAB9 |. 0348 04
0041CABC |. 898D 68F6FFFF
0041CAC2 |. 8B95 68F6FFFF
0041CAC8 |. 8A42 30
0041CACB |. 8885 6FF6FFFF
0041CAD1 |. 8B8D 68F6FFFF
0041CAD7 |. 8A95 67F6FFFF
0041CADD |. 8851 30
0041CAE0 |. 83BD 74F6FFFF
0041CAE7 |. 75 0C
0041CAE9 |. C785 60F6FFFF
0041CAF3 |. EB 17
0041CAF5 |> 8B85 74F6FFFF

MOV ECX,DWORD
MOV EDX,DWORD
PUSH EDX
MOV EAX,DWORD
PUSH EAX
MOV ECX,DWORD
MOV EDX,DWORD
CALL EDX
ADD ESP,8
PUSH 23

PTR SS:[LOCAL.610]
PTR DS:[ECX+4]
PTR SS:[LOCAL.895]
PTR SS:[LOCAL.610]
PTR DS:[ECX]
; /Arg2 = 2

LEA EAX,[LOCAL.355]
PUSH EAX

; |
; |Arg1 =>

CALL 0042D798

; \SystemIn

ADD ESP,8
MOV DWORD PTR SS:[LOCAL.612],EAX
PUSH OFFSET 00448777
MOV ECX,DWORD PTR SS:[ARG.1]
PUSH ECX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[LOCAL.611],EAX
CMP DWORD PTR SS:[LOCAL.611],0
JNE SHORT 0041CA6A
MOV DWORD PTR SS:[LOCAL.896],0
JMP SHORT 0041CA81
MOV EDX,DWORD PTR SS:[LOCAL.611]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[LOCAL.611]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.896],ECX
MOV EDX,DWORD PTR SS:[LOCAL.612]
MOV EAX,DWORD PTR DS:[EDX+4]
PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.896]
PUSH ECX
MOV EDX,DWORD PTR SS:[LOCAL.612]
MOV EAX,DWORD PTR DS:[EDX]
CALL EAX
ADD ESP,8
MOV CL,BYTE PTR SS:[LOCAL.353+2]
MOV BYTE PTR SS:[LOCAL.615+3],CL
MOV EDX,DWORD PTR SS:[LOCAL.611]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[LOCAL.611]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.614],ECX
MOV EDX,DWORD PTR SS:[LOCAL.614]
MOV AL,BYTE PTR DS:[EDX+30]
MOV BYTE PTR SS:[LOCAL.613+3],AL
MOV ECX,DWORD PTR SS:[LOCAL.614]
MOV DL,BYTE PTR SS:[LOCAL.615+3]
MOV BYTE PTR DS:[ECX+30],DL
CMP DWORD PTR SS:[LOCAL.611],0
JNE SHORT 0041CAF5
MOV DWORD PTR SS:[LOCAL.616],0
JMP SHORT 0041CB0C
MOV EAX,DWORD PTR SS:[LOCAL.611]

0041CAFB |. 8B08
0041CAFD |. 8B95 74F6FFFF
0041CB03 |. 0351 04
0041CB06 |. 8995 60F6FFFF
0041CB0C |> 68 C0010000
C0
0041CB11 |. 6A 40
0
0041CB13 |. 8B8D 60F6FFFF
0041CB19 |. E8 62C2FEFF
fo.00408D80
0041CB1E |. 68 84994400
mber of Monitors"
0041CB23 |. 8B85 74F6FFFF
0041CB29 |. 50
0041CB2A |. E8 31DEFEFF
0041CB2F |. 83C4 08
0041CB32 |. 8985 58F6FFFF
0041CB38 |. 83BD 58F6FFFF
0041CB3F |. 75 0C
0041CB41 |. C785 5CF6FFFF
0041CB4B |. EB 17
0041CB4D |> 8B8D 58F6FFFF
0041CB53 |. 8B11
0041CB55 |. 8B85 58F6FFFF
0041CB5B |. 0342 04
0041CB5E |. 8985 5CF6FFFF
0041CB64 |> 68 C0010000
C0
0041CB69 |. 68 80000000
0
0041CB6E |. 8B8D 5CF6FFFF
0041CB74 |. E8 07C2FEFF
fo.00408D80
0041CB79 |. 8A8D 7FFAFFFF
0041CB7F |. 888D 4FF6FFFF
0041CB85 |. 8B95 58F6FFFF
0041CB8B |. 8B02
0041CB8D |. 8B8D 58F6FFFF
0041CB93 |. 0348 04
0041CB96 |. 898D 50F6FFFF
0041CB9C |. 8B95 50F6FFFF
0041CBA2 |. 8A42 30
0041CBA5 |. 8885 57F6FFFF
0041CBAB |. 8B8D 50F6FFFF
0041CBB1 |. 8A95 4FF6FFFF
0041CBB7 |. 8851 30
0041CBBA |. 6A 50
SM_CMONITORS
0041CBBC |. FF15 F8814400
etSystemMetrics
0041CBC2 |. 50
0041CBC3 |. 8B8D 58F6FFFF
0041CBC9 |. E8 9292FEFF
fo.00405E60
0041CBCE |. 8985 48F6FFFF
0041CBD4 |. 6A 0A
A
0041CBD6 |. 8B8D 48F6FFFF
0041CBDC |. E8 DF29FFFF

MOV ECX,DWORD
MOV EDX,DWORD
ADD EDX,DWORD
MOV DWORD PTR
PUSH 1C0

PTR DS:[EAX]
PTR SS:[LOCAL.611]
PTR DS:[ECX+4]
SS:[LOCAL.616],EDX
; /Arg2 = 1

PUSH 40

; |Arg1 = 4

MOV ECX,DWORD PTR SS:[LOCAL.616]


CALL 00408D80

; |
; \SystemIn

PUSH OFFSET 00449984

; ASCII "Nu

MOV EAX,DWORD PTR SS:[LOCAL.611]


PUSH EAX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[LOCAL.618],EAX
CMP DWORD PTR SS:[LOCAL.618],0
JNE SHORT 0041CB4D
MOV DWORD PTR SS:[LOCAL.617],0
JMP SHORT 0041CB64
MOV ECX,DWORD PTR SS:[LOCAL.618]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[LOCAL.618]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.617],EAX
PUSH 1C0

; /Arg2 = 1

PUSH 80

; |Arg1 = 8

MOV ECX,DWORD PTR SS:[LOCAL.617]


CALL 00408D80

; |
; \SystemIn

MOV CL,BYTE PTR SS:[LOCAL.353+3]


MOV BYTE PTR SS:[LOCAL.621+3],CL
MOV EDX,DWORD PTR SS:[LOCAL.618]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[LOCAL.618]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.620],ECX
MOV EDX,DWORD PTR SS:[LOCAL.620]
MOV AL,BYTE PTR DS:[EDX+30]
MOV BYTE PTR SS:[LOCAL.619+3],AL
MOV ECX,DWORD PTR SS:[LOCAL.620]
MOV DL,BYTE PTR SS:[LOCAL.621+3]
MOV BYTE PTR DS:[ECX+30],DL
PUSH 50

; /Index =

CALL DWORD PTR DS:[<&USER32.GetSystemMet ; \USER32.G


PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.618]
CALL 00405E60

; /Arg1
; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.622],EAX


PUSH 0A

; /Arg1 = 0

MOV ECX,DWORD PTR SS:[LOCAL.622]


CALL 0040F5C0

; |
; \SystemIn

fo.0040F5C0
0041CBE1 |. 8B8D 48F6FFFF
0041CBE7 |. E8 D42BFFFF
fo.0040F7C0
0041CBEC |. 6A 4E
SM_CXVIRTUALSCREEN
0041CBEE |. FF15 F8814400
etSystemMetrics
0041CBF4 |. 85C0
0041CBF6 |. 0F84 49020000
0041CBFC |. C685 6BFAFFFF
0041CC03 |. C685 6AFAFFFF
0041CC0A |. 6A 06
0041CC0C |. 8D85 58FAFFFF
0041CC12 |. 50
OFFSET LOCAL.362
0041CC13 |. E8 800B0100
fo.0042D798
0041CC18 |. 83C4 08
0041CC1B |. 8985 44F6FFFF
0041CC21 |. 837D 08 00
0041CC25 |. 75 0C
0041CC27 |. C785 FCF1FFFF
0041CC31 |. EB 11
0041CC33 |> 8B4D 08
0041CC36 |. 8B11
0041CC38 |. 8B45 08
0041CC3B |. 0342 04
0041CC3E |. 8985 FCF1FFFF
0041CC44 |> 8B8D 44F6FFFF
0041CC4A |. 8B51 04
0041CC4D |. 52
0041CC4E |. 8B85 FCF1FFFF
0041CC54 |. 50
0041CC55 |. 8B8D 44F6FFFF
0041CC5B |. 8B11
0041CC5D |. FFD2
0041CC5F |. 83C4 08
0041CC62 |. 6A 23
3
0041CC64 |. 8D85 60FAFFFF
0041CC6A |. 50
OFFSET LOCAL.360
0041CC6B |. E8 280B0100
fo.0042D798
0041CC70 |. 83C4 08
0041CC73 |. 8985 3CF6FFFF
0041CC79 |. 68 77874400
0041CC7E |. 8B4D 08
0041CC81 |. 51
0041CC82 |. E8 D9DCFEFF
0041CC87 |. 83C4 08
0041CC8A |. 8985 40F6FFFF
0041CC90 |. 83BD 40F6FFFF
0041CC97 |. 75 0C
0041CC99 |. C785 F8F1FFFF
0041CCA3 |. EB 17
0041CCA5 |> 8B95 40F6FFFF
0041CCAB |. 8B02
0041CCAD |. 8B8D 40F6FFFF

MOV ECX,DWORD PTR SS:[LOCAL.622]


CALL 0040F7C0

; [SystemIn

PUSH 4E

; /Index =

CALL DWORD PTR DS:[<&USER32.GetSystemMet ; \USER32.G


TEST EAX,EAX
JE 0041CE45
MOV BYTE PTR SS:[LOCAL.358+3],20
MOV BYTE PTR SS:[LOCAL.358+2],2E
PUSH 6
LEA EAX,[LOCAL.362]
PUSH EAX

; /Arg2 = 6
; |
; |Arg1 =>

CALL 0042D798

; \SystemIn

ADD ESP,8
MOV DWORD PTR SS:[LOCAL.623],EAX
CMP DWORD PTR SS:[ARG.1],0
JNE SHORT 0041CC33
MOV DWORD PTR SS:[LOCAL.897],0
JMP SHORT 0041CC44
MOV ECX,DWORD PTR SS:[ARG.1]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[ARG.1]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.897],EAX
MOV ECX,DWORD PTR SS:[LOCAL.623]
MOV EDX,DWORD PTR DS:[ECX+4]
PUSH EDX
MOV EAX,DWORD PTR SS:[LOCAL.897]
PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.623]
MOV EDX,DWORD PTR DS:[ECX]
CALL EDX
ADD ESP,8
PUSH 23

; /Arg2 = 2

LEA EAX,[LOCAL.360]
PUSH EAX

; |
; |Arg1 =>

CALL 0042D798

; \SystemIn

ADD ESP,8
MOV DWORD PTR SS:[LOCAL.625],EAX
PUSH OFFSET 00448777
MOV ECX,DWORD PTR SS:[ARG.1]
PUSH ECX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[LOCAL.624],EAX
CMP DWORD PTR SS:[LOCAL.624],0
JNE SHORT 0041CCA5
MOV DWORD PTR SS:[LOCAL.898],0
JMP SHORT 0041CCBC
MOV EDX,DWORD PTR SS:[LOCAL.624]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[LOCAL.624]

0041CCB3 |.
0041CCB6 |.
0041CCBC |>
0041CCC2 |.
0041CCC5 |.
0041CCC6 |.
0041CCCC |.
0041CCCD |.
0041CCD3 |.
0041CCD5 |.
0041CCD7 |.
0041CCDA |.
0041CCE0 |.
0041CCE6 |.
0041CCEC |.
0041CCEE |.
0041CCF4 |.
0041CCF7 |.
0041CCFD |.
0041CD03 |.
0041CD06 |.
0041CD0C |.
0041CD12 |.
0041CD18 |.
0041CD1B |.
0041CD22 |.
0041CD24 |.
0041CD2E |.
0041CD30 |>
0041CD36 |.
0041CD38 |.
0041CD3E |.
0041CD41 |.
0041CD47 |>
C0
0041CD4C |.
0
0041CD4E |.
0041CD54 |.
fo.00408D80
0041CD59 |.
rtual Screen
0041CD5E |.
0041CD64 |.
0041CD65 |.
0041CD6A |.
0041CD6D |.
0041CD73 |.
0041CD7A |.
0041CD7C |.
0041CD86 |.
0041CD88 |>
0041CD8E |.
0041CD90 |.
0041CD96 |.
0041CD99 |.
0041CD9F |>
C0
0041CDA4 |.
0

0348 04
898D F8F1FFFF
8B95 3CF6FFFF
8B42 04
50
8B8D F8F1FFFF
51
8B95 3CF6FFFF
8B02
FFD0
83C4 08
8A8D 6AFAFFFF
888D 33F6FFFF
8B95 40F6FFFF
8B02
8B8D 40F6FFFF
0348 04
898D 34F6FFFF
8B95 34F6FFFF
8A42 30
8885 3BF6FFFF
8B8D 34F6FFFF
8A95 33F6FFFF
8851 30
83BD 40F6FFFF
75 0C
C785 2CF6FFFF
EB 17
8B85 40F6FFFF
8B08
8B95 40F6FFFF
0351 04
8995 2CF6FFFF
68 C0010000

ADD ECX,DWORD PTR DS:[EAX+4]


MOV DWORD PTR SS:[LOCAL.898],ECX
MOV EDX,DWORD PTR SS:[LOCAL.625]
MOV EAX,DWORD PTR DS:[EDX+4]
PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.898]
PUSH ECX
MOV EDX,DWORD PTR SS:[LOCAL.625]
MOV EAX,DWORD PTR DS:[EDX]
CALL EAX
ADD ESP,8
MOV CL,BYTE PTR SS:[LOCAL.358+2]
MOV BYTE PTR SS:[LOCAL.628+3],CL
MOV EDX,DWORD PTR SS:[LOCAL.624]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[LOCAL.624]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.627],ECX
MOV EDX,DWORD PTR SS:[LOCAL.627]
MOV AL,BYTE PTR DS:[EDX+30]
MOV BYTE PTR SS:[LOCAL.626+3],AL
MOV ECX,DWORD PTR SS:[LOCAL.627]
MOV DL,BYTE PTR SS:[LOCAL.628+3]
MOV BYTE PTR DS:[ECX+30],DL
CMP DWORD PTR SS:[LOCAL.624],0
JNE SHORT 0041CD30
MOV DWORD PTR SS:[LOCAL.629],0
JMP SHORT 0041CD47
MOV EAX,DWORD PTR SS:[LOCAL.624]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[LOCAL.624]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[LOCAL.629],EDX
PUSH 1C0

; /Arg2 = 1

6A 40

PUSH 40

; |Arg1 = 4

8B8D 2CF6FFFF MOV ECX,DWORD PTR SS:[LOCAL.629]


E8 27C0FEFF CALL 00408D80
68 70994400
Size"
8B85 40F6FFFF
50
E8 F6DBFEFF
83C4 08
8985 24F6FFFF
83BD 24F6FFFF
75 0C
C785 28F6FFFF
EB 17
8B8D 24F6FFFF
8B11
8B85 24F6FFFF
0342 04
8985 28F6FFFF
68 C0010000
68 80000000

; |
; \SystemIn

PUSH OFFSET 00449970

; ASCII "Vi

MOV EAX,DWORD PTR SS:[LOCAL.624]


PUSH EAX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[LOCAL.631],EAX
CMP DWORD PTR SS:[LOCAL.631],0
JNE SHORT 0041CD88
MOV DWORD PTR SS:[LOCAL.630],0
JMP SHORT 0041CD9F
MOV ECX,DWORD PTR SS:[LOCAL.631]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[LOCAL.631]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.630],EAX
PUSH 1C0

; /Arg2 = 1

PUSH 80

; |Arg1 = 8

0041CDA9 |. 8B8D 28F6FFFF


0041CDAF |. E8 CCBFFEFF
fo.00408D80
0041CDB4 |. 8A8D 6BFAFFFF
0041CDBA |. 888D 1BF6FFFF
0041CDC0 |. 8B95 24F6FFFF
0041CDC6 |. 8B02
0041CDC8 |. 8B8D 24F6FFFF
0041CDCE |. 0348 04
0041CDD1 |. 898D 1CF6FFFF
0041CDD7 |. 8B95 1CF6FFFF
0041CDDD |. 8A42 30
0041CDE0 |. 8885 23F6FFFF
0041CDE6 |. 8B8D 1CF6FFFF
0041CDEC |. 8A95 1BF6FFFF
0041CDF2 |. 8851 30
0041CDF5 |. 6A 4F
SM_CYVIRTUALSCREEN
0041CDF7 |. FF15 F8814400
etSystemMetrics
0041CDFD |. 50
0041CDFE |. 68 6C994400
0041CE03 |. 6A 4E
SM_CXVIRTUALSCREEN
0041CE05 |. FF15 F8814400
GetSystemMetrics
0041CE0B |. 50
0041CE0C |. 8B8D 24F6FFFF
0041CE12 |. E8 4990FEFF
nfo.00405E60
0041CE17 |. 50
0041CE18 |. E8 43DBFEFF
0041CE1D |. 83C4 08
0041CE20 |. 8BC8
0041CE22 |. E8 3990FEFF
fo.00405E60
0041CE27 |. 8985 14F6FFFF
0041CE2D |. 6A 0A
A
0041CE2F |. 8B8D 14F6FFFF
0041CE35 |. E8 8627FFFF
fo.0040F5C0
0041CE3A |. 8B8D 14F6FFFF
0041CE40 |. E8 7B29FFFF
fo.0040F7C0
0041CE45 |> C685 57FAFFFF
0041CE4C |. C685 56FAFFFF
0041CE53 |. 6A 06
0041CE55 |. 8D85 44FAFFFF
0041CE5B |. 50
OFFSET LOCAL.367
0041CE5C |. E8 37090100
fo.0042D798
0041CE61 |. 83C4 08
0041CE64 |. 8985 10F6FFFF
0041CE6A |. 837D 08 00
0041CE6E |. 75 0C
0041CE70 |. C785 F4F1FFFF
0041CE7A |. EB 11
0041CE7C |> 8B4D 08

MOV ECX,DWORD PTR SS:[LOCAL.630]


CALL 00408D80

; |
; \SystemIn

MOV CL,BYTE PTR SS:[LOCAL.358+3]


MOV BYTE PTR SS:[LOCAL.634+3],CL
MOV EDX,DWORD PTR SS:[LOCAL.631]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[LOCAL.631]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.633],ECX
MOV EDX,DWORD PTR SS:[LOCAL.633]
MOV AL,BYTE PTR DS:[EDX+30]
MOV BYTE PTR SS:[LOCAL.632+3],AL
MOV ECX,DWORD PTR SS:[LOCAL.633]
MOV DL,BYTE PTR SS:[LOCAL.634+3]
MOV BYTE PTR DS:[ECX+30],DL
PUSH 4F

; /Index =

CALL DWORD PTR DS:[<&USER32.GetSystemMet ; \USER32.G


PUSH EAX
PUSH OFFSET 0044996C
PUSH 4E

; /Arg1
; |
; |/Index =

CALL DWORD PTR DS:[<&USER32.GetSystemMet ; |\USER32.


PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.631]
CALL 00405E60

; |/Arg1
; ||
; |\SystemI

PUSH EAX
CALL 0040A960
ADD ESP,8
MOV ECX,EAX
CALL 00405E60

;
;
;
;
;

MOV DWORD PTR SS:[LOCAL.635],EAX


PUSH 0A

; /Arg1 = 0

MOV ECX,DWORD PTR SS:[LOCAL.635]


CALL 0040F5C0

; |
; \SystemIn

MOV ECX,DWORD PTR SS:[LOCAL.635]


CALL 0040F7C0

; [SystemIn

MOV BYTE PTR SS:[LOCAL.363+3],20


MOV BYTE PTR SS:[LOCAL.363+2],2E
PUSH 6
LEA EAX,[LOCAL.367]
PUSH EAX

; /Arg2 = 6
; |
; |Arg1 =>

CALL 0042D798

; \SystemIn

ADD
MOV
CMP
JNE
MOV
JMP
MOV

ESP,8
DWORD PTR SS:[LOCAL.636],EAX
DWORD PTR SS:[ARG.1],0
SHORT 0041CE7C
DWORD PTR SS:[LOCAL.899],0
SHORT 0041CE8D
ECX,DWORD PTR SS:[ARG.1]

|
|
|
|
\SystemIn

0041CE7F |. 8B11
0041CE81 |. 8B45 08
0041CE84 |. 0342 04
0041CE87 |. 8985 F4F1FFFF
0041CE8D |> 8B8D 10F6FFFF
0041CE93 |. 8B51 04
0041CE96 |. 52
0041CE97 |. 8B85 F4F1FFFF
0041CE9D |. 50
0041CE9E |. 8B8D 10F6FFFF
0041CEA4 |. 8B11
0041CEA6 |. FFD2
0041CEA8 |. 83C4 08
0041CEAB |. 6A 23
3
0041CEAD |. 8D85 4CFAFFFF
0041CEB3 |. 50
OFFSET LOCAL.365
0041CEB4 |. E8 DF080100
fo.0042D798
0041CEB9 |. 83C4 08
0041CEBC |. 8985 08F6FFFF
0041CEC2 |. 68 77874400
0041CEC7 |. 8B4D 08
0041CECA |. 51
0041CECB |. E8 90DAFEFF
0041CED0 |. 83C4 08
0041CED3 |. 8985 0CF6FFFF
0041CED9 |. 83BD 0CF6FFFF
0041CEE0 |. 75 0C
0041CEE2 |. C785 F0F1FFFF
0041CEEC |. EB 17
0041CEEE |> 8B95 0CF6FFFF
0041CEF4 |. 8B02
0041CEF6 |. 8B8D 0CF6FFFF
0041CEFC |. 0348 04
0041CEFF |. 898D F0F1FFFF
0041CF05 |> 8B95 08F6FFFF
0041CF0B |. 8B42 04
0041CF0E |. 50
0041CF0F |. 8B8D F0F1FFFF
0041CF15 |. 51
0041CF16 |. 8B95 08F6FFFF
0041CF1C |. 8B02
0041CF1E |. FFD0
0041CF20 |. 83C4 08
0041CF23 |. 8A8D 56FAFFFF
0041CF29 |. 888D FFF5FFFF
0041CF2F |. 8B95 0CF6FFFF
0041CF35 |. 8B02
0041CF37 |. 8B8D 0CF6FFFF
0041CF3D |. 0348 04
0041CF40 |. 898D 00F6FFFF
0041CF46 |. 8B95 00F6FFFF
0041CF4C |. 8A42 30
0041CF4F |. 8885 07F6FFFF
0041CF55 |. 8B8D 00F6FFFF
0041CF5B |. 8A95 FFF5FFFF
0041CF61 |. 8851 30
0041CF64 |. 83BD 0CF6FFFF

MOV EDX,DWORD
MOV EAX,DWORD
ADD EAX,DWORD
MOV DWORD PTR
MOV ECX,DWORD
MOV EDX,DWORD
PUSH EDX
MOV EAX,DWORD
PUSH EAX
MOV ECX,DWORD
MOV EDX,DWORD
CALL EDX
ADD ESP,8
PUSH 23

PTR DS:[ECX]
PTR SS:[ARG.1]
PTR DS:[EDX+4]
SS:[LOCAL.899],EAX
PTR SS:[LOCAL.636]
PTR DS:[ECX+4]
PTR SS:[LOCAL.899]
PTR SS:[LOCAL.636]
PTR DS:[ECX]
; /Arg2 = 2

LEA EAX,[LOCAL.365]
PUSH EAX

; |
; |Arg1 =>

CALL 0042D798

; \SystemIn

ADD ESP,8
MOV DWORD PTR SS:[LOCAL.638],EAX
PUSH OFFSET 00448777
MOV ECX,DWORD PTR SS:[ARG.1]
PUSH ECX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[LOCAL.637],EAX
CMP DWORD PTR SS:[LOCAL.637],0
JNE SHORT 0041CEEE
MOV DWORD PTR SS:[LOCAL.900],0
JMP SHORT 0041CF05
MOV EDX,DWORD PTR SS:[LOCAL.637]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[LOCAL.637]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.900],ECX
MOV EDX,DWORD PTR SS:[LOCAL.638]
MOV EAX,DWORD PTR DS:[EDX+4]
PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.900]
PUSH ECX
MOV EDX,DWORD PTR SS:[LOCAL.638]
MOV EAX,DWORD PTR DS:[EDX]
CALL EAX
ADD ESP,8
MOV CL,BYTE PTR SS:[LOCAL.363+2]
MOV BYTE PTR SS:[LOCAL.641+3],CL
MOV EDX,DWORD PTR SS:[LOCAL.637]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[LOCAL.637]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.640],ECX
MOV EDX,DWORD PTR SS:[LOCAL.640]
MOV AL,BYTE PTR DS:[EDX+30]
MOV BYTE PTR SS:[LOCAL.639+3],AL
MOV ECX,DWORD PTR SS:[LOCAL.640]
MOV DL,BYTE PTR SS:[LOCAL.641+3]
MOV BYTE PTR DS:[ECX+30],DL
CMP DWORD PTR SS:[LOCAL.637],0

0041CF6B |. 75 0C
0041CF6D |. C785 F8F5FFFF
0041CF77 |. EB 17
0041CF79 |> 8B85 0CF6FFFF
0041CF7F |. 8B08
0041CF81 |. 8B95 0CF6FFFF
0041CF87 |. 0351 04
0041CF8A |. 8995 F8F5FFFF
0041CF90 |> 68 C0010000
C0
0041CF95 |. 6A 40
0
0041CF97 |. 8B8D F8F5FFFF
0041CF9D |. E8 DEBDFEFF
fo.00408D80
0041CFA2 |. 68 54994400
rtual Screen Origin"
0041CFA7 |. 8B85 0CF6FFFF
0041CFAD |. 50
0041CFAE |. E8 ADD9FEFF
0041CFB3 |. 83C4 08
0041CFB6 |. 8985 F0F5FFFF
0041CFBC |. 83BD F0F5FFFF
0041CFC3 |. 75 0C
0041CFC5 |. C785 F4F5FFFF
0041CFCF |. EB 17
0041CFD1 |> 8B8D F0F5FFFF
0041CFD7 |. 8B11
0041CFD9 |. 8B85 F0F5FFFF
0041CFDF |. 0342 04
0041CFE2 |. 8985 F4F5FFFF
0041CFE8 |> 68 C0010000
C0
0041CFED |. 68 80000000
0
0041CFF2 |. 8B8D F4F5FFFF
0041CFF8 |. E8 83BDFEFF
fo.00408D80
0041CFFD |. 8A8D 57FAFFFF
0041D003 |. 888D E7F5FFFF
0041D009 |. 8B95 F0F5FFFF
0041D00F |. 8B02
0041D011 |. 8B8D F0F5FFFF
0041D017 |. 0348 04
0041D01A |. 898D E8F5FFFF
0041D020 |. 8B95 E8F5FFFF
0041D026 |. 8A42 30
0041D029 |. 8885 EFF5FFFF
0041D02F |. 8B8D E8F5FFFF
0041D035 |. 8A95 E7F5FFFF
0041D03B |. 8851 30
0041D03E |. 68 68854400
0041D043 |. 6A 4D
SM_YVIRTUALSCREEN
0041D045 |. FF15 F8814400
etSystemMetrics
0041D04B |. 50
0041D04C |. 68 3C8E4400
"
0041D051 |. 6A 4C

JNE SHORT 0041CF79


MOV DWORD PTR SS:[LOCAL.642],0
JMP SHORT 0041CF90
MOV EAX,DWORD PTR SS:[LOCAL.637]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[LOCAL.637]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[LOCAL.642],EDX
PUSH 1C0

; /Arg2 = 1

PUSH 40

; |Arg1 = 4

MOV ECX,DWORD PTR SS:[LOCAL.642]


CALL 00408D80

; |
; \SystemIn

PUSH OFFSET 00449954

; ASCII "Vi

MOV EAX,DWORD PTR SS:[LOCAL.637]


PUSH EAX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[LOCAL.644],EAX
CMP DWORD PTR SS:[LOCAL.644],0
JNE SHORT 0041CFD1
MOV DWORD PTR SS:[LOCAL.643],0
JMP SHORT 0041CFE8
MOV ECX,DWORD PTR SS:[LOCAL.644]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[LOCAL.644]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.643],EAX
PUSH 1C0

; /Arg2 = 1

PUSH 80

; |Arg1 = 8

MOV ECX,DWORD PTR SS:[LOCAL.643]


CALL 00408D80

; |
; \SystemIn

MOV CL,BYTE PTR SS:[LOCAL.363+3]


MOV BYTE PTR SS:[LOCAL.647+3],CL
MOV EDX,DWORD PTR SS:[LOCAL.644]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[LOCAL.644]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.646],ECX
MOV EDX,DWORD PTR SS:[LOCAL.646]
MOV AL,BYTE PTR DS:[EDX+30]
MOV BYTE PTR SS:[LOCAL.645+3],AL
MOV ECX,DWORD PTR SS:[LOCAL.646]
MOV DL,BYTE PTR SS:[LOCAL.647+3]
MOV BYTE PTR DS:[ECX+30],DL
PUSH OFFSET 00448568
PUSH 4D

; /Index =

CALL DWORD PTR DS:[<&USER32.GetSystemMet ; \USER32.G


PUSH EAX
PUSH OFFSET 00448E3C

; /Arg1
; |ASCII ",

PUSH 4C

; |/Index =

SM_XVIRTUALSCREEN
0041D053 |. FF15 F8814400
GetSystemMetrics
0041D059 |. 50
0041D05A |. 68 C0954400
0041D05F |. 8B85 F0F5FFFF
0041D065 |. 50
0041D066 |. E8 F5D8FEFF
0041D06B |. 83C4 08
0041D06E |. 8BC8
0041D070 |. E8 EB8DFEFF
nfo.00405E60
0041D075 |. 50
0041D076 |. E8 E5D8FEFF
0041D07B |. 83C4 08
0041D07E |. 8BC8
0041D080 |. E8 DB8DFEFF
fo.00405E60
0041D085 |. 50
0041D086 |. E8 D5D8FEFF
0041D08B |. 83C4 08
0041D08E |. 8985 E0F5FFFF
0041D094 |. 6A 0A
A
0041D096 |. 8B8D E0F5FFFF
0041D09C |. E8 1F25FFFF
fo.0040F5C0
0041D0A1 |. 8B8D E0F5FFFF
0041D0A7 |. E8 1427FFFF
fo.0040F7C0
0041D0AC |. 6A 51
SM_SAMEDISPLAYFORMAT
0041D0AE |. FF15 F8814400
etSystemMetrics
0041D0B4 |. 85C0
0041D0B6 |. 0F85 2B020000
0041D0BC |. C685 43FAFFFF
0041D0C3 |. C685 42FAFFFF
0041D0CA |. 6A 06
0041D0CC |. 8D8D 30FAFFFF
0041D0D2 |. 51
OFFSET LOCAL.372
0041D0D3 |. E8 C0060100
fo.0042D798
0041D0D8 |. 83C4 08
0041D0DB |. 8985 DCF5FFFF
0041D0E1 |. 837D 08 00
0041D0E5 |. 75 0C
0041D0E7 |. C785 ECF1FFFF
0041D0F1 |. EB 11
0041D0F3 |> 8B55 08
0041D0F6 |. 8B02
0041D0F8 |. 8B4D 08
0041D0FB |. 0348 04
0041D0FE |. 898D ECF1FFFF
0041D104 |> 8B95 DCF5FFFF
0041D10A |. 8B42 04
0041D10D |. 50
0041D10E |. 8B8D ECF1FFFF
0041D114 |. 51

CALL DWORD PTR DS:[<&USER32.GetSystemMet ; |\USER32.


PUSH EAX
PUSH OFFSET 004495C0
MOV EAX,DWORD PTR SS:[LOCAL.644]
PUSH EAX
CALL 0040A960
ADD ESP,8
MOV ECX,EAX
CALL 00405E60

;
;
;
;
;
;
;
;

|/Arg1
||
||
||
||
||
||
|\SystemI

PUSH EAX
CALL 0040A960
ADD ESP,8
MOV ECX,EAX
CALL 00405E60

;
;
;
;
;

|
|
|
|
\SystemIn

PUSH EAX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[LOCAL.648],EAX
PUSH 0A

; /Arg1 = 0

MOV ECX,DWORD PTR SS:[LOCAL.648]


CALL 0040F5C0

; |
; \SystemIn

MOV ECX,DWORD PTR SS:[LOCAL.648]


CALL 0040F7C0

; [SystemIn

PUSH 51

; /Index =

CALL DWORD PTR DS:[<&USER32.GetSystemMet ; \USER32.G


TEST EAX,EAX
JNE 0041D2E7
MOV BYTE PTR SS:[LOCAL.368+3],20
MOV BYTE PTR SS:[LOCAL.368+2],2E
PUSH 6
LEA ECX,[LOCAL.372]
PUSH ECX

; /Arg2 = 6
; |
; |Arg1 =>

CALL 0042D798

; \SystemIn

ADD ESP,8
MOV DWORD PTR SS:[LOCAL.649],EAX
CMP DWORD PTR SS:[ARG.1],0
JNE SHORT 0041D0F3
MOV DWORD PTR SS:[LOCAL.901],0
JMP SHORT 0041D104
MOV EDX,DWORD PTR SS:[ARG.1]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[ARG.1]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.901],ECX
MOV EDX,DWORD PTR SS:[LOCAL.649]
MOV EAX,DWORD PTR DS:[EDX+4]
PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.901]
PUSH ECX

0041D115 |. 8B95 DCF5FFFF


0041D11B |. 8B02
0041D11D |. FFD0
0041D11F |. 83C4 08
0041D122 |. 6A 23
3
0041D124 |. 8D8D 38FAFFFF
0041D12A |. 51
OFFSET LOCAL.370
0041D12B |. E8 68060100
fo.0042D798
0041D130 |. 83C4 08
0041D133 |. 8985 D4F5FFFF
0041D139 |. 68 77874400
0041D13E |. 8B55 08
0041D141 |. 52
0041D142 |. E8 19D8FEFF
0041D147 |. 83C4 08
0041D14A |. 8985 D8F5FFFF
0041D150 |. 83BD D8F5FFFF
0041D157 |. 75 0C
0041D159 |. C785 E8F1FFFF
0041D163 |. EB 17
0041D165 |> 8B85 D8F5FFFF
0041D16B |. 8B08
0041D16D |. 8B95 D8F5FFFF
0041D173 |. 0351 04
0041D176 |. 8995 E8F1FFFF
0041D17C |> 8B85 D4F5FFFF
0041D182 |. 8B48 04
0041D185 |. 51
0041D186 |. 8B95 E8F1FFFF
0041D18C |. 52
0041D18D |. 8B85 D4F5FFFF
0041D193 |. 8B08
0041D195 |. FFD1
0041D197 |. 83C4 08
0041D19A |. 8A95 42FAFFFF
0041D1A0 |. 8895 CBF5FFFF
0041D1A6 |. 8B85 D8F5FFFF
0041D1AC |. 8B08
0041D1AE |. 8B95 D8F5FFFF
0041D1B4 |. 0351 04
0041D1B7 |. 8995 CCF5FFFF
0041D1BD |. 8B85 CCF5FFFF
0041D1C3 |. 8A48 30
0041D1C6 |. 888D D3F5FFFF
0041D1CC |. 8B95 CCF5FFFF
0041D1D2 |. 8A85 CBF5FFFF
0041D1D8 |. 8842 30
0041D1DB |. 83BD D8F5FFFF
0041D1E2 |. 75 0C
0041D1E4 |. C785 C4F5FFFF
0041D1EE |. EB 17
0041D1F0 |> 8B8D D8F5FFFF
0041D1F6 |. 8B11
0041D1F8 |. 8B85 D8F5FFFF
0041D1FE |. 0342 04
0041D201 |. 8985 C4F5FFFF
0041D207 |> 68 C0010000

MOV EDX,DWORD PTR SS:[LOCAL.649]


MOV EAX,DWORD PTR DS:[EDX]
CALL EAX
ADD ESP,8
PUSH 23

; /Arg2 = 2

LEA ECX,[LOCAL.370]
PUSH ECX

; |
; |Arg1 =>

CALL 0042D798

; \SystemIn

ADD ESP,8
MOV DWORD PTR SS:[LOCAL.651],EAX
PUSH OFFSET 00448777
MOV EDX,DWORD PTR SS:[ARG.1]
PUSH EDX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[LOCAL.650],EAX
CMP DWORD PTR SS:[LOCAL.650],0
JNE SHORT 0041D165
MOV DWORD PTR SS:[LOCAL.902],0
JMP SHORT 0041D17C
MOV EAX,DWORD PTR SS:[LOCAL.650]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[LOCAL.650]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[LOCAL.902],EDX
MOV EAX,DWORD PTR SS:[LOCAL.651]
MOV ECX,DWORD PTR DS:[EAX+4]
PUSH ECX
MOV EDX,DWORD PTR SS:[LOCAL.902]
PUSH EDX
MOV EAX,DWORD PTR SS:[LOCAL.651]
MOV ECX,DWORD PTR DS:[EAX]
CALL ECX
ADD ESP,8
MOV DL,BYTE PTR SS:[LOCAL.368+2]
MOV BYTE PTR SS:[LOCAL.654+3],DL
MOV EAX,DWORD PTR SS:[LOCAL.650]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[LOCAL.650]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[LOCAL.653],EDX
MOV EAX,DWORD PTR SS:[LOCAL.653]
MOV CL,BYTE PTR DS:[EAX+30]
MOV BYTE PTR SS:[LOCAL.652+3],CL
MOV EDX,DWORD PTR SS:[LOCAL.653]
MOV AL,BYTE PTR SS:[LOCAL.654+3]
MOV BYTE PTR DS:[EDX+30],AL
CMP DWORD PTR SS:[LOCAL.650],0
JNE SHORT 0041D1F0
MOV DWORD PTR SS:[LOCAL.655],0
JMP SHORT 0041D207
MOV ECX,DWORD PTR SS:[LOCAL.650]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[LOCAL.650]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.655],EAX
PUSH 1C0

; /Arg2 = 1

C0
0041D20C |. 6A 40
0
0041D20E |. 8B8D C4F5FFFF
0041D214 |. E8 67BBFEFF
fo.00408D80
0041D219 |. 68 3C994400
ltiple Monitor Colors"
0041D21E |. 8B8D D8F5FFFF
0041D224 |. 51
0041D225 |. E8 36D7FEFF
0041D22A |. 83C4 08
0041D22D |. 8985 BCF5FFFF
0041D233 |. 83BD BCF5FFFF
0041D23A |. 75 0C
0041D23C |. C785 C0F5FFFF
0041D246 |. EB 17
0041D248 |> 8B95 BCF5FFFF
0041D24E |. 8B02
0041D250 |. 8B8D BCF5FFFF
0041D256 |. 0348 04
0041D259 |. 898D C0F5FFFF
0041D25F |> 68 C0010000
C0
0041D264 |. 68 80000000
0
0041D269 |. 8B8D C0F5FFFF
0041D26F |. E8 0CBBFEFF
fo.00408D80
0041D274 |. 8A95 43FAFFFF
0041D27A |. 8895 B3F5FFFF
0041D280 |. 8B85 BCF5FFFF
0041D286 |. 8B08
0041D288 |. 8B95 BCF5FFFF
0041D28E |. 0351 04
0041D291 |. 8995 B4F5FFFF
0041D297 |. 8B85 B4F5FFFF
0041D29D |. 8A48 30
0041D2A0 |. 888D BBF5FFFF
0041D2A6 |. 8B95 B4F5FFFF
0041D2AC |. 8A85 B3F5FFFF
0041D2B2 |. 8842 30
0041D2B5 |. 68 14994400
nitors have different color
0041D2BA |. 8B8D BCF5FFFF
0041D2C0 |. 51
0041D2C1 |. E8 9AD6FEFF
0041D2C6 |. 83C4 08
0041D2C9 |. 8985 ACF5FFFF
0041D2CF |. 6A 0A
A
0041D2D1 |. 8B8D ACF5FFFF
0041D2D7 |. E8 E422FFFF
fo.0040F5C0
0041D2DC |. 8B8D ACF5FFFF
0041D2E2 |. E8 D924FFFF
fo.0040F7C0
0041D2E7 |> C685 2FFAFFFF
0041D2EE |. C685 2EFAFFFF
0041D2F5 |. 6A 06

PUSH 40

; |Arg1 = 4

MOV ECX,DWORD PTR SS:[LOCAL.655]


CALL 00408D80

; |
; \SystemIn

PUSH OFFSET 0044993C

; ASCII "Mu

MOV ECX,DWORD PTR SS:[LOCAL.650]


PUSH ECX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[LOCAL.657],EAX
CMP DWORD PTR SS:[LOCAL.657],0
JNE SHORT 0041D248
MOV DWORD PTR SS:[LOCAL.656],0
JMP SHORT 0041D25F
MOV EDX,DWORD PTR SS:[LOCAL.657]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[LOCAL.657]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.656],ECX
PUSH 1C0

; /Arg2 = 1

PUSH 80

; |Arg1 = 8

MOV ECX,DWORD PTR SS:[LOCAL.656]


CALL 00408D80

; |
; \SystemIn

MOV DL,BYTE PTR SS:[LOCAL.368+3]


MOV BYTE PTR SS:[LOCAL.660+3],DL
MOV EAX,DWORD PTR SS:[LOCAL.657]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[LOCAL.657]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[LOCAL.659],EDX
MOV EAX,DWORD PTR SS:[LOCAL.659]
MOV CL,BYTE PTR DS:[EAX+30]
MOV BYTE PTR SS:[LOCAL.658+3],CL
MOV EDX,DWORD PTR SS:[LOCAL.659]
MOV AL,BYTE PTR SS:[LOCAL.660+3]
MOV BYTE PTR DS:[EDX+30],AL
PUSH OFFSET 00449914
formats"
MOV ECX,DWORD PTR SS:[LOCAL.657]
PUSH ECX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[LOCAL.661],EAX
PUSH 0A

; ASCII "Mo

; /Arg1 = 0

MOV ECX,DWORD PTR SS:[LOCAL.661]


CALL 0040F5C0

; |
; \SystemIn

MOV ECX,DWORD PTR SS:[LOCAL.661]


CALL 0040F7C0

; [SystemIn

MOV BYTE PTR SS:[LOCAL.373+3],20


MOV BYTE PTR SS:[LOCAL.373+2],2E
PUSH 6

; /Arg2 = 6

0041D2F7 |. 8D95 1CFAFFFF


0041D2FD |. 52
OFFSET LOCAL.377
0041D2FE |. E8 95040100
fo.0042D798
0041D303 |. 83C4 08
0041D306 |. 8985 A8F5FFFF
0041D30C |. 837D 08 00
0041D310 |. 75 0C
0041D312 |. C785 E4F1FFFF
0041D31C |. EB 11
0041D31E |> 8B45 08
0041D321 |. 8B08
0041D323 |. 8B55 08
0041D326 |. 0351 04
0041D329 |. 8995 E4F1FFFF
0041D32F |> 8B85 A8F5FFFF
0041D335 |. 8B48 04
0041D338 |. 51
0041D339 |. 8B95 E4F1FFFF
0041D33F |. 52
0041D340 |. 8B85 A8F5FFFF
0041D346 |. 8B08
0041D348 |. FFD1
0041D34A |. 83C4 08
0041D34D |. 6A 23
3
0041D34F |. 8D95 24FAFFFF
0041D355 |. 52
OFFSET LOCAL.375
0041D356 |. E8 3D040100
fo.0042D798
0041D35B |. 83C4 08
0041D35E |. 8985 A0F5FFFF
0041D364 |. 68 77874400
0041D369 |. 8B45 08
0041D36C |. 50
0041D36D |. E8 EED5FEFF
0041D372 |. 83C4 08
0041D375 |. 8985 A4F5FFFF
0041D37B |. 83BD A4F5FFFF
0041D382 |. 75 0C
0041D384 |. C785 E0F1FFFF
0041D38E |. EB 17
0041D390 |> 8B8D A4F5FFFF
0041D396 |. 8B11
0041D398 |. 8B85 A4F5FFFF
0041D39E |. 0342 04
0041D3A1 |. 8985 E0F1FFFF
0041D3A7 |> 8B8D A0F5FFFF
0041D3AD |. 8B51 04
0041D3B0 |. 52
0041D3B1 |. 8B85 E0F1FFFF
0041D3B7 |. 50
0041D3B8 |. 8B8D A0F5FFFF
0041D3BE |. 8B11
0041D3C0 |. FFD2
0041D3C2 |. 83C4 08
0041D3C5 |. 8A85 2EFAFFFF
0041D3CB |. 8885 97F5FFFF

LEA EDX,[LOCAL.377]
PUSH EDX

; |
; |Arg1 =>

CALL 0042D798

; \SystemIn

ADD ESP,8
MOV DWORD PTR SS:[LOCAL.662],EAX
CMP DWORD PTR SS:[ARG.1],0
JNE SHORT 0041D31E
MOV DWORD PTR SS:[LOCAL.903],0
JMP SHORT 0041D32F
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[ARG.1]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[LOCAL.903],EDX
MOV EAX,DWORD PTR SS:[LOCAL.662]
MOV ECX,DWORD PTR DS:[EAX+4]
PUSH ECX
MOV EDX,DWORD PTR SS:[LOCAL.903]
PUSH EDX
MOV EAX,DWORD PTR SS:[LOCAL.662]
MOV ECX,DWORD PTR DS:[EAX]
CALL ECX
ADD ESP,8
PUSH 23

; /Arg2 = 2

LEA EDX,[LOCAL.375]
PUSH EDX

; |
; |Arg1 =>

CALL 0042D798

; \SystemIn

ADD ESP,8
MOV DWORD PTR SS:[LOCAL.664],EAX
PUSH OFFSET 00448777
MOV EAX,DWORD PTR SS:[ARG.1]
PUSH EAX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[LOCAL.663],EAX
CMP DWORD PTR SS:[LOCAL.663],0
JNE SHORT 0041D390
MOV DWORD PTR SS:[LOCAL.904],0
JMP SHORT 0041D3A7
MOV ECX,DWORD PTR SS:[LOCAL.663]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[LOCAL.663]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.904],EAX
MOV ECX,DWORD PTR SS:[LOCAL.664]
MOV EDX,DWORD PTR DS:[ECX+4]
PUSH EDX
MOV EAX,DWORD PTR SS:[LOCAL.904]
PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.664]
MOV EDX,DWORD PTR DS:[ECX]
CALL EDX
ADD ESP,8
MOV AL,BYTE PTR SS:[LOCAL.373+2]
MOV BYTE PTR SS:[LOCAL.667+3],AL

0041D3D1 |. 8B8D A4F5FFFF


0041D3D7 |. 8B11
0041D3D9 |. 8B85 A4F5FFFF
0041D3DF |. 0342 04
0041D3E2 |. 8985 98F5FFFF
0041D3E8 |. 8B8D 98F5FFFF
0041D3EE |. 8A51 30
0041D3F1 |. 8895 9FF5FFFF
0041D3F7 |. 8B85 98F5FFFF
0041D3FD |. 8A8D 97F5FFFF
0041D403 |. 8848 30
0041D406 |. 83BD A4F5FFFF
0041D40D |. 75 0C
0041D40F |. C785 90F5FFFF
0041D419 |. EB 17
0041D41B |> 8B95 A4F5FFFF
0041D421 |. 8B02
0041D423 |. 8B8D A4F5FFFF
0041D429 |. 0348 04
0041D42C |. 898D 90F5FFFF
0041D432 |> 68 C0010000
C0
0041D437 |. 6A 40
0
0041D439 |. 8B8D 90F5FFFF
0041D43F |. E8 3CB9FEFF
fo.00408D80
0041D444 |. 68 FC984400
vice Driver Version"
0041D449 |. 8B95 A4F5FFFF
0041D44F |. 52
0041D450 |. E8 0BD5FEFF
0041D455 |. 83C4 08
0041D458 |. 8985 88F5FFFF
0041D45E |. 83BD 88F5FFFF
0041D465 |. 75 0C
0041D467 |. C785 8CF5FFFF
0041D471 |. EB 17
0041D473 |> 8B85 88F5FFFF
0041D479 |. 8B08
0041D47B |. 8B95 88F5FFFF
0041D481 |. 0351 04
0041D484 |. 8995 8CF5FFFF
0041D48A |> 68 C0010000
C0
0041D48F |. 68 80000000
0
0041D494 |. 8B8D 8CF5FFFF
0041D49A |. E8 E1B8FEFF
fo.00408D80
0041D49F |. 8A85 2FFAFFFF
0041D4A5 |. 8885 7FF5FFFF
0041D4AB |. 8B8D 88F5FFFF
0041D4B1 |. 8B11
0041D4B3 |. 8B85 88F5FFFF
0041D4B9 |. 0342 04
0041D4BC |. 8985 80F5FFFF
0041D4C2 |. 8B8D 80F5FFFF
0041D4C8 |. 8A51 30
0041D4CB |. 8895 87F5FFFF

MOV ECX,DWORD PTR SS:[LOCAL.663]


MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[LOCAL.663]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.666],EAX
MOV ECX,DWORD PTR SS:[LOCAL.666]
MOV DL,BYTE PTR DS:[ECX+30]
MOV BYTE PTR SS:[LOCAL.665+3],DL
MOV EAX,DWORD PTR SS:[LOCAL.666]
MOV CL,BYTE PTR SS:[LOCAL.667+3]
MOV BYTE PTR DS:[EAX+30],CL
CMP DWORD PTR SS:[LOCAL.663],0
JNE SHORT 0041D41B
MOV DWORD PTR SS:[LOCAL.668],0
JMP SHORT 0041D432
MOV EDX,DWORD PTR SS:[LOCAL.663]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[LOCAL.663]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.668],ECX
PUSH 1C0

; /Arg2 = 1

PUSH 40

; |Arg1 = 4

MOV ECX,DWORD PTR SS:[LOCAL.668]


CALL 00408D80

; |
; \SystemIn

PUSH OFFSET 004498FC

; ASCII "De

MOV EDX,DWORD PTR SS:[LOCAL.663]


PUSH EDX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[LOCAL.670],EAX
CMP DWORD PTR SS:[LOCAL.670],0
JNE SHORT 0041D473
MOV DWORD PTR SS:[LOCAL.669],0
JMP SHORT 0041D48A
MOV EAX,DWORD PTR SS:[LOCAL.670]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[LOCAL.670]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[LOCAL.669],EDX
PUSH 1C0

; /Arg2 = 1

PUSH 80

; |Arg1 = 8

MOV ECX,DWORD PTR SS:[LOCAL.669]


CALL 00408D80

; |
; \SystemIn

MOV
MOV
MOV
MOV
MOV
ADD
MOV
MOV
MOV
MOV

AL,BYTE PTR SS:[LOCAL.373+3]


BYTE PTR SS:[LOCAL.673+3],AL
ECX,DWORD PTR SS:[LOCAL.670]
EDX,DWORD PTR DS:[ECX]
EAX,DWORD PTR SS:[LOCAL.670]
EAX,DWORD PTR DS:[EDX+4]
DWORD PTR SS:[LOCAL.672],EAX
ECX,DWORD PTR SS:[LOCAL.672]
DL,BYTE PTR DS:[ECX+30]
BYTE PTR SS:[LOCAL.671+3],DL

0041D4D1 |. 8B85 80F5FFFF


0041D4D7 |. 8A8D 7FF5FFFF
0041D4DD |. 8848 30
0041D4E0 |. 6A 00
DRIVERVERSION
0041D4E2 |. 8B95 CCFDFFFF
0041D4E8 |. 52
LOCAL.141]
0041D4E9 |. FF15 20804400
tDeviceCaps
0041D4EF |. 25 FF000000
0041D4F4 |. 0FB6C0
0041D4F7 |. 50
0041D4F8 |. 68 D0914400
0041D4FD |. 6A 00
DRIVERVERSION
0041D4FF |. 8B8D CCFDFFFF
0041D505 |. 51
[LOCAL.141]
0041D506 |. FF15 20804400
etDeviceCaps
0041D50C |. C1E8 08
0041D50F |. 25 FF000000
0041D514 |. 0FB6D0
0041D517 |. 52
0041D518 |. 8B8D 88F5FFFF
0041D51E |. E8 3D89FEFF
nfo.00405E60
0041D523 |. 50
0041D524 |. E8 37D4FEFF
0041D529 |. 83C4 08
0041D52C |. 8BC8
0041D52E |. E8 2D89FEFF
fo.00405E60
0041D533 |. 8985 78F5FFFF
0041D539 |. 6A 0A
A
0041D53B |. 8B8D 78F5FFFF
0041D541 |. E8 7A20FFFF
fo.0040F5C0
0041D546 |. 8B8D 78F5FFFF
0041D54C |. E8 6F22FFFF
fo.0040F7C0
0041D551 |. 8B85 CCFDFFFF
0041D557 |. 50
LOCAL.141]
0041D558 |. 6A 00
ULL
0041D55A |. FF15 08824400
eleaseDC
0041D560 |. FF15 54804400
.GetVersion
0041D566 |. 3D 00000080
0041D56B |. 0F83 51130000
0041D571 |. 8D4D E8
0041D574 |. 51
=> OFFSET LOCAL.6
0041D575 |. 6A 01
ccess = KEY_QUERY_VALUE
0041D577 |. 6A 00

MOV EAX,DWORD PTR SS:[LOCAL.672]


MOV CL,BYTE PTR SS:[LOCAL.673+3]
MOV BYTE PTR DS:[EAX+30],CL
PUSH 0

; /Index =

MOV EDX,DWORD PTR SS:[LOCAL.141]


PUSH EDX

; |
; |hDC => [

CALL DWORD PTR DS:[<&GDI32.GetDeviceCaps ; \GDI32.Ge


AND EAX,000000FF
MOVZX EAX,AL
PUSH EAX
PUSH OFFSET 004491D0
PUSH 0

; /Arg1
; |
; |/Index =

MOV ECX,DWORD PTR SS:[LOCAL.141]


PUSH ECX

; ||
; ||hDC =>

CALL DWORD PTR DS:[<&GDI32.GetDeviceCaps ; |\GDI32.G


SHR EAX,8
AND EAX,000000FF
MOVZX EDX,AL
PUSH EDX
MOV ECX,DWORD PTR SS:[LOCAL.670]
CALL 00405E60

;
;
;
;
;
;

|
|
|
|/Arg1
||
|\SystemI

PUSH EAX
CALL 0040A960
ADD ESP,8
MOV ECX,EAX
CALL 00405E60

;
;
;
;
;

|
|
|
|
\SystemIn

MOV DWORD PTR SS:[LOCAL.674],EAX


PUSH 0A

; /Arg1 = 0

MOV ECX,DWORD PTR SS:[LOCAL.674]


CALL 0040F5C0

; |
; \SystemIn

MOV ECX,DWORD PTR SS:[LOCAL.674]


CALL 0040F7C0

; [SystemIn

MOV EAX,DWORD PTR SS:[LOCAL.141]


PUSH EAX

; /hDC => [

PUSH 0

; |hWnd = N

CALL DWORD PTR DS:[<&USER32.ReleaseDC>] ; \USER32.R


CALL DWORD PTR DS:[<&KERNEL32.GetVersion ; [KERNEL32
CMP EAX,80000000
JNB 0041E8C2
LEA ECX,[LOCAL.6]
PUSH ECX

; /pResult

PUSH 1

; |DesiredA

PUSH 0

; |Reserved

= 0
0041D579 |. 68 E0984400
"hardware\DeviceMap\Video"
0041D57E |. 68 02000080
KEY_LOCAL_MACHINE
0041D583 |. FF15 08804400
.RegOpenKeyExA
0041D589 |. 85C0
0041D58B |. 75 3A
0041D58D |. C785 D0FDFFFF
0041D597 |. 8D95 D0FDFFFF
0041D59D |. 52
=> OFFSET LOCAL.140
0041D59E |. 8D85 E4FEFFFF
0041D5A4 |. 50
OFFSET LOCAL.71
0041D5A5 |. 8D8D E0FEFFFF
0041D5AB |. 51
OFFSET LOCAL.72
0041D5AC |. 6A 00
= 0
0041D5AE |. 68 D0984400
\Device\Video0"
0041D5B3 |. 8B55 E8
0041D5B6 |. 52
[LOCAL.6]
0041D5B7 |. FF15 04804400
.RegQueryValueExA
0041D5BD |. 8B45 E8
0041D5C0 |. 50
[LOCAL.6]
0041D5C1 |. FF15 14804400
.RegCloseKey
0041D5C7 |> 8D8D 1BFAFFFF
0041D5CD |. 51
0041D5CE |. 8D8D 4CFDFFFF
0041D5D4 |. E8 27710000
fo.00424700
0041D5D9 |. C785 68FDFFFF
0041D5E3 |. C785 6CFDFFFF
0041D5ED |. C785 70FDFFFF
0041D5F7 |. C745 FC 02000
0041D5FE |. 8D95 1AFAFFFF
0041D604 |. 52
0041D605 |. 8D8D A4FDFFFF
0041D60B |. E8 F0700000
fo.00424700
0041D610 |. C785 C0FDFFFF
0041D61A |. C785 C4FDFFFF
0041D624 |. C785 C8FDFFFF
0041D62E |. C645 FC 03
0041D632 |> 8D8D A4FDFFFF
0041D638 |. E8 4311FFFF
fo.0040E780
0041D63D |. 8D85 E4FEFFFF
0041D643 |. 50
OFFSET LOCAL.71
0041D644 |. E8 370C0100
fo.0042E280
0041D649 |. 83C4 04

PUSH OFFSET 004498E0

; |SubKey =

PUSH 80000002

; |hKey = H

CALL DWORD PTR DS:[<&ADVAPI32.RegOpenKey ; \ADVAPI32


TEST EAX,EAX
JNE SHORT 0041D5C7
MOV DWORD PTR SS:[LOCAL.140],100
LEA EDX,[LOCAL.140]
PUSH EDX

; /pDataLen

LEA EAX,[LOCAL.71]
PUSH EAX

; |
; |pData =>

LEA ECX,[LOCAL.72]
PUSH ECX

; |
; |pType =>

PUSH 0

; |Reserved

PUSH OFFSET 004498D0

; |Name = "

MOV EDX,DWORD PTR SS:[LOCAL.6]


PUSH EDX

; |
; |hKey =>

CALL DWORD PTR DS:[<&ADVAPI32.RegQueryVa ; \ADVAPI32


MOV EAX,DWORD PTR SS:[LOCAL.6]
PUSH EAX

; /hKey =>

CALL DWORD PTR DS:[<&ADVAPI32.RegCloseKe ; \ADVAPI32


LEA ECX,[LOCAL.378+3]
PUSH ECX
LEA ECX,[LOCAL.173]
CALL 00424700

; /Arg1
; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.166],0


MOV DWORD PTR SS:[LOCAL.165],0
MOV DWORD PTR SS:[LOCAL.164],0
MOV DWORD PTR SS:[LOCAL.1],2
LEA EDX,[LOCAL.378+2]
PUSH EDX
LEA ECX,[LOCAL.151]
CALL 00424700

; /Arg1
; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.144],0


MOV DWORD PTR SS:[LOCAL.143],0
MOV DWORD PTR SS:[LOCAL.142],0
MOV BYTE PTR SS:[LOCAL.1],3
/LEA ECX,[LOCAL.151]
|CALL 0040E780

; [SystemIn

|LEA EAX,[LOCAL.71]
|PUSH EAX

; /Arg1 =>

|CALL 0042E280

; \SystemIn

|ADD ESP,4

0041D64C |. 8985 74F5FFFF


0041D652 |. 8B8D 74F5FFFF
0041D658 |. 51
[LOCAL.675]
0041D659 |. 8D95 E4FEFFFF
0041D65F |. 52
OFFSET LOCAL.71
0041D660 |. 8D8D A4FDFFFF
0041D666 |. E8 E51AFFFF
fo.0040F150
0041D66B |. 8D8D A4FDFFFF
0041D671 |. E8 0A11FFFF
fo.0040E780
0041D676 |. 6A 12
2
0041D678 |. 6A 00
0041D67A |. 8D8D A4FDFFFF
0041D680 |. E8 7B1DFFFF
fo.0040F400
0041D685 |. 83BD BCFDFFFF
0041D68C |. 72 0E
0041D68E |. 8B85 A8FDFFFF
0041D694 |. 8985 DCF1FFFF
0041D69A |. EB 0C
0041D69C |> 8D8D A8FDFFFF
0041D6A2 |. 898D DCF1FFFF
0041D6A8 |> 8D55 E8
0041D6AB |. 52
=> OFFSET LOCAL.6
0041D6AC |. 68 19000200
ccess = KEY_READ
0041D6B1 |. 6A 00
= 0
0041D6B3 |. 8B85 DCF1FFFF
0041D6B9 |. 50
> [LOCAL.905]
0041D6BA |. 68 02000080
KEY_LOCAL_MACHINE
0041D6BF |. FF15 08804400
.RegOpenKeyExA
0041D6C5 |. 85C0
0041D6C7 |. 74 05
0041D6C9 |. E9 FC000000
0041D6CE |> C785 D0FDFFFF
0041D6D8 |. 8D8D D0FDFFFF
0041D6DE |. 51
=> OFFSET LOCAL.140
0041D6DF |. 8D95 E4FEFFFF
0041D6E5 |. 52
OFFSET LOCAL.71
0041D6E6 |. 8D85 E0FEFFFF
0041D6EC |. 50
OFFSET LOCAL.72
0041D6ED |. 6A 00
= 0
0041D6EF |. 68 B8984400
InstalledDisplayDrivers"
0041D6F4 |. 8B4D E8
0041D6F7 |. 51
[LOCAL.6]

|MOV DWORD PTR SS:[LOCAL.675],EAX


|MOV ECX,DWORD PTR SS:[LOCAL.675]
|PUSH ECX

; /Arg2 =>

|LEA EDX,[LOCAL.71]
|PUSH EDX

; |
; |Arg1 =>

|LEA ECX,[LOCAL.151]
|CALL 0040F150

; |
; \SystemIn

|LEA ECX,[LOCAL.151]
|CALL 0040E780

; [SystemIn

|PUSH 12

; /Arg2 = 1

|PUSH 0
|LEA ECX,[LOCAL.151]
|CALL 0040F400

; |Arg1 = 0
; |
; \SystemIn

|CMP DWORD PTR SS:[LOCAL.145],10


|JB SHORT 0041D69C
|MOV EAX,DWORD PTR SS:[LOCAL.150]
|MOV DWORD PTR SS:[LOCAL.905],EAX
|JMP SHORT 0041D6A8
|LEA ECX,[LOCAL.150]
|MOV DWORD PTR SS:[LOCAL.905],ECX
|LEA EDX,[LOCAL.6]
|PUSH EDX

; /pResult

|PUSH 20019

; |DesiredA

|PUSH 0

; |Reserved

|MOV EAX,DWORD PTR SS:[LOCAL.905]


|PUSH EAX

; |
; |SubKey =

|PUSH 80000002

; |hKey = H

|CALL DWORD PTR DS:[<&ADVAPI32.RegOpenKe ; \ADVAPI32


|TEST EAX,EAX
|JE SHORT 0041D6CE
|JMP 0041D7CA
|MOV DWORD PTR SS:[LOCAL.140],100
|LEA ECX,[LOCAL.140]
|PUSH ECX

; /pDataLen

|LEA EDX,[LOCAL.71]
|PUSH EDX

; |
; |pData =>

|LEA EAX,[LOCAL.72]
|PUSH EAX

; |
; |pType =>

|PUSH 0

; |Reserved

|PUSH OFFSET 004498B8

; |Name = "

|MOV ECX,DWORD PTR SS:[LOCAL.6]


|PUSH ECX

; |
; |hKey =>

0041D6F8 |. FF15 04804400


.RegQueryValueExA
0041D6FE |. 8B55 E8
0041D701 |. 52
[LOCAL.6]
0041D702 |. FF15 14804400
.RegCloseKey
0041D708 |. 8D8D 4CFDFFFF
0041D70E |. E8 6D10FFFF
fo.0040E780
0041D713 |. 8D85 E4FEFFFF
0041D719 |. 50
OFFSET LOCAL.71
0041D71A |. E8 610B0100
fo.0042E280
0041D71F |. 83C4 04
0041D722 |. 8985 70F5FFFF
0041D728 |. 8B8D 70F5FFFF
0041D72E |. 51
[LOCAL.676]
0041D72F |. 8D95 E4FEFFFF
0041D735 |. 52
OFFSET LOCAL.71
0041D736 |. 8D8D 4CFDFFFF
0041D73C |. E8 0F1AFFFF
fo.0040F150
0041D741 |. 8D85 EFF9FFFF
0041D747 |. 50
0041D748 |. 68 A4984400
SCII "\REGISTRY\Machine\"
0041D74D |. 8D8D F0F9FFFF
0041D753 |. E8 E814FFFF
fo.0040EC40
0041D758 |. C785 0CFAFFFF
0041D762 |. C785 10FAFFFF
0041D76C |. C785 14FAFFFF
0041D776 |. C645 FC 04
0041D77A |. 8D8D F0F9FFFF
0041D780 |. 51
OFFSET LOCAL.388
0041D781 |. 8D8D 4CFDFFFF
0041D787 |. E8 A4660000
fo.00423E30
0041D78C |. F7D8
0041D78E |. 1BC0
0041D790 |. 83C0 01
0041D793 |. 8885 19FAFFFF
0041D799 |. C645 FC 05
0041D79D |. 8D8D F0F9FFFF
0041D7A3 |. E8 D80FFFFF
fo.0040E780
0041D7A8 |. C645 FC 03
0041D7AC |. 6A 00
0041D7AE |. 6A 01
0041D7B0 |. 8D8D F0F9FFFF
0041D7B6 |. E8 A523FFFF
fo.0040FB60
0041D7BB |. 0FB695 19FAFF
0041D7C2 |. 85D2
0041D7C4 |.^ 0F85 68FEFFFF

|CALL DWORD PTR DS:[<&ADVAPI32.RegQueryV ; \ADVAPI32


|MOV EDX,DWORD PTR SS:[LOCAL.6]
|PUSH EDX

; /hKey =>

|CALL DWORD PTR DS:[<&ADVAPI32.RegCloseK ; \ADVAPI32


|LEA ECX,[LOCAL.173]
|CALL 0040E780

; [SystemIn

|LEA EAX,[LOCAL.71]
|PUSH EAX

; /Arg1 =>

|CALL 0042E280

; \SystemIn

|ADD ESP,4
|MOV DWORD PTR SS:[LOCAL.676],EAX
|MOV ECX,DWORD PTR SS:[LOCAL.676]
|PUSH ECX

; /Arg2 =>

|LEA EDX,[LOCAL.71]
|PUSH EDX

; |
; |Arg1 =>

|LEA ECX,[LOCAL.173]
|CALL 0040F150

; |
; \SystemIn

|LEA EAX,[LOCAL.389+3]
|PUSH EAX
|PUSH OFFSET 004498A4

; /Arg2
; |Arg1 = A

|LEA ECX,[LOCAL.388]
|CALL 0040EC40

; |
; \SystemIn

|MOV DWORD PTR SS:[LOCAL.381],0


|MOV DWORD PTR SS:[LOCAL.380],0
|MOV DWORD PTR SS:[LOCAL.379],0
|MOV BYTE PTR SS:[LOCAL.1],4
|LEA ECX,[LOCAL.388]
|PUSH ECX

; /Arg1 =>

|LEA ECX,[LOCAL.173]
|CALL 00423E30

; |
; \SystemIn

|NEG EAX
|SBB EAX,EAX
|ADD EAX,1
|MOV BYTE PTR SS:[LOCAL.378+1],AL
|MOV BYTE PTR SS:[LOCAL.1],5
|LEA ECX,[LOCAL.388]
|CALL 0040E780

; [SystemIn

|MOV BYTE PTR SS:[LOCAL.1],3


|PUSH 0
|PUSH 1
|LEA ECX,[LOCAL.388]
|CALL 0040FB60

;
;
;
;

|MOVZX EDX,BYTE PTR SS:[LOCAL.378+1]


|TEST EDX,EDX
\JNE 0041D632

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

0041D7CA |> C685 6BF5FFFF


0041D7D1 |. 6A 01
0041D7D3 |. 6A 00
0041D7D5 |. 8D85 6BF5FFFF
0041D7DB |. 50
0041D7DC |. 8D8D A4FDFFFF
0041D7E2 |. E8 E9630000
fo.00423BD0
0041D7E7 |. 8985 64F5FFFF
0041D7ED |. 8D8D A4FDFFFF
0041D7F3 |. E8 880FFFFF
fo.0040E780
0041D7F8 |. 6A FF
1
0041D7FA |. 8B8D 64F5FFFF
0041D800 |. 51
[LOCAL.679]
0041D801 |. 8D8D A4FDFFFF
0041D807 |. E8 F41BFFFF
fo.0040F400
0041D80C |. C685 63F5FFFF
0041D813 |. 6A 01
0041D815 |. 6A 00
0041D817 |. 8D95 63F5FFFF
0041D81D |. 52
0041D81E |. 8D8D A4FDFFFF
0041D824 |. E8 A7630000
fo.00423BD0
0041D829 |. 83C0 01
0041D82C |. 8985 5CF5FFFF
0041D832 |. 8D8D A4FDFFFF
0041D838 |. E8 430FFFFF
fo.0040E780
0041D83D |. 8B85 5CF5FFFF
0041D843 |. 50
[LOCAL.681]
0041D844 |. 6A 00
0041D846 |. 8D8D A4FDFFFF
0041D84C |. E8 AF1BFFFF
fo.0040F400
0041D851 |. 6A 00
0
0041D853 |. 6A 00
NULL
0041D855 |. FF15 BC804400
.GetSystemDirectoryA
0041D85B |. 8985 44FDFFFF
0041D861 |. 8B8D 44FDFFFF
0041D867 |. 51
[LOCAL.175]
0041D868 |. E8 DFFF0000
fo.0042D84C
0041D86D |. 83C4 04
0041D870 |. 8985 E8F9FFFF
0041D876 |. 8B95 E8F9FFFF
0041D87C |. 8995 48FDFFFF
0041D882 |. 8B85 44FDFFFF
0041D888 |. 50
[LOCAL.175]
0041D889 |. 8B8D 48FDFFFF

MOV BYTE PTR SS:[LOCAL.678+3],5C


PUSH 1
PUSH 0
LEA EAX,[LOCAL.678+3]
PUSH EAX
LEA ECX,[LOCAL.151]
CALL 00423BD0

;
;
;
;
;
;

MOV DWORD PTR SS:[LOCAL.679],EAX


LEA ECX,[LOCAL.151]
CALL 0040E780

; [SystemIn

PUSH -1

; /Arg2 = -

MOV ECX,DWORD PTR SS:[LOCAL.679]


PUSH ECX

; |
; |Arg1 =>

LEA ECX,[LOCAL.151]
CALL 0040F400

; |
; \SystemIn

MOV BYTE PTR SS:[LOCAL.680+3],5C


PUSH 1
PUSH 0
LEA EDX,[LOCAL.680+3]
PUSH EDX
LEA ECX,[LOCAL.151]
CALL 00423BD0

;
;
;
;
;
;

ADD EAX,1
MOV DWORD PTR SS:[LOCAL.681],EAX
LEA ECX,[LOCAL.151]
CALL 0040E780

; [SystemIn

MOV EAX,DWORD PTR SS:[LOCAL.681]


PUSH EAX

; /Arg2 =>

PUSH 0
LEA ECX,[LOCAL.151]
CALL 0040F400

; |Arg1 = 0
; |
; \SystemIn

PUSH 0

; /Count =

PUSH 0

; |Buffer =

/Arg3 = 1
|Arg2 = 0
|
|Arg1
|
\SystemIn

/Arg3 = 1
|Arg2 = 0
|
|Arg1
|
\SystemIn

CALL DWORD PTR DS:[<&KERNEL32.GetSystemD ; \KERNEL32


MOV DWORD PTR SS:[LOCAL.175],EAX
MOV ECX,DWORD PTR SS:[LOCAL.175]
PUSH ECX

; /Arg1 =>

CALL 0042D84C

; \SystemIn

ADD ESP,4
MOV DWORD PTR
MOV EDX,DWORD
MOV DWORD PTR
MOV EAX,DWORD
PUSH EAX

SS:[LOCAL.390],EAX
PTR SS:[LOCAL.390]
SS:[LOCAL.174],EDX
PTR SS:[LOCAL.175]

MOV ECX,DWORD PTR SS:[LOCAL.174]

; /Count =>
; |

0041D88F |. 51
> [LOCAL.174]
0041D890 |. FF15 BC804400
.GetSystemDirectoryA
0041D896 |. 8D95 4CFDFFFF
0041D89C |. 52
OFFSET LOCAL.173
0041D89D |. 68 60854400
ystemInfo.448560
0041D8A2 |. 8D85 C0F9FFFF
0041D8A8 |. 50
OFFSET LOCAL.400
0041D8A9 |. E8 626C0000
fo.00424510
0041D8AE |. 83C4 0C
0041D8B1 |. 8985 D8F1FFFF
0041D8B7 |. 8B8D D8F1FFFF
0041D8BD |. 898D D4F1FFFF
0041D8C3 |. C645 FC 06
0041D8C7 |. 8B95 D4F1FFFF
0041D8CD |. 52
[LOCAL.907]
0041D8CE |. 8B85 48FDFFFF
0041D8D4 |. 50
[LOCAL.174]
0041D8D5 |. 8D8D 98F9FFFF
0041D8DB |. 51
OFFSET LOCAL.410
0041D8DC |. E8 2F6C0000
fo.00424510
0041D8E1 |. 83C4 0C
0041D8E4 |. 8985 D0F1FFFF
0041D8EA |. 8B95 D0F1FFFF
0041D8F0 |. 8995 CCF1FFFF
0041D8F6 |. C645 FC 07
0041D8FA |. 68 9C984400
SCII ".dll"
0041D8FF |. 8B85 CCF1FFFF
0041D905 |. 50
[LOCAL.909]
0041D906 |. 8D8D 74FDFFFF
0041D90C |. 51
OFFSET LOCAL.163
0041D90D |. E8 DE10FFFF
fo.0040E9F0
0041D912 |. 83C4 0C
0041D915 |. C645 FC 0A
0041D919 |. 8D8D 98F9FFFF
0041D91F |. E8 5C0EFFFF
fo.0040E780
0041D924 |. C645 FC 09
0041D928 |. 6A 00
0041D92A |. 6A 01
0041D92C |. 8D8D 98F9FFFF
0041D932 |. E8 2922FFFF
fo.0040FB60
0041D937 |. C645 FC 0C
0041D93B |. 8D8D C0F9FFFF
0041D941 |. E8 3A0EFFFF
fo.0040E780

PUSH ECX

; |Buffer =

CALL DWORD PTR DS:[<&KERNEL32.GetSystemD ; \KERNEL32


LEA EDX,[LOCAL.173]
PUSH EDX

; /Arg3 =>

PUSH OFFSET 00448560

; |Arg2 = S

LEA EAX,[LOCAL.400]
PUSH EAX

; |
; |Arg1 =>

CALL 00424510

; \SystemIn

ADD ESP,0C
MOV DWORD PTR SS:[LOCAL.906],EAX
MOV ECX,DWORD PTR SS:[LOCAL.906]
MOV DWORD PTR SS:[LOCAL.907],ECX
MOV BYTE PTR SS:[LOCAL.1],6
MOV EDX,DWORD PTR SS:[LOCAL.907]
PUSH EDX

; /Arg3 =>

MOV EAX,DWORD PTR SS:[LOCAL.174]


PUSH EAX

; |
; |Arg2 =>

LEA ECX,[LOCAL.410]
PUSH ECX

; |
; |Arg1 =>

CALL 00424510

; \SystemIn

ADD ESP,0C
MOV DWORD PTR SS:[LOCAL.908],EAX
MOV EDX,DWORD PTR SS:[LOCAL.908]
MOV DWORD PTR SS:[LOCAL.909],EDX
MOV BYTE PTR SS:[LOCAL.1],7
PUSH OFFSET 0044989C

; /Arg3 = A

MOV EAX,DWORD PTR SS:[LOCAL.909]


PUSH EAX

; |
; |Arg2 =>

LEA ECX,[LOCAL.163]
PUSH ECX

; |
; |Arg1 =>

CALL 0040E9F0

; \SystemIn

ADD ESP,0C
MOV BYTE PTR SS:[LOCAL.1],0A
LEA ECX,[LOCAL.410]
CALL 0040E780

; [SystemIn

MOV BYTE PTR SS:[LOCAL.1],9


PUSH 0
PUSH 1
LEA ECX,[LOCAL.410]
CALL 0040FB60

;
;
;
;

MOV BYTE PTR SS:[LOCAL.1],0C


LEA ECX,[LOCAL.400]
CALL 0040E780

; [SystemIn

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

0041D946 |. C645 FC 0B
0041D94A |. 6A 00
0041D94C |. 6A 01
0041D94E |. 8D8D C0F9FFFF
0041D954 |. E8 0722FFFF
fo.0040FB60
0041D959 |. 8B95 48FDFFFF
0041D95F |. 8995 94F9FFFF
0041D965 |. 8B85 94F9FFFF
0041D96B |. 50
[LOCAL.411]
0041D96C |. E8 8F1E0100
fo.0042F800
0041D971 |. 83C4 04
0041D974 |. C685 93F9FFFF
0041D97B |. C685 92F9FFFF
0041D982 |. 6A 06
0041D984 |. 8D8D 80F9FFFF
0041D98A |. 51
OFFSET LOCAL.416
0041D98B |. E8 08FE0000
fo.0042D798
0041D990 |. 83C4 08
0041D993 |. 8985 58F5FFFF
0041D999 |. 837D 08 00
0041D99D |. 75 0C
0041D99F |. C785 C8F1FFFF
0041D9A9 |. EB 11
0041D9AB |> 8B55 08
0041D9AE |. 8B02
0041D9B0 |. 8B4D 08
0041D9B3 |. 0348 04
0041D9B6 |. 898D C8F1FFFF
0041D9BC |> 8B95 58F5FFFF
0041D9C2 |. 8B42 04
0041D9C5 |. 50
0041D9C6 |. 8B8D C8F1FFFF
0041D9CC |. 51
0041D9CD |. 8B95 58F5FFFF
0041D9D3 |. 8B02
0041D9D5 |. FFD0
0041D9D7 |. 83C4 08
0041D9DA |. 6A 23
3
0041D9DC |. 8D8D 88F9FFFF
0041D9E2 |. 51
OFFSET LOCAL.414
0041D9E3 |. E8 B0FD0000
fo.0042D798
0041D9E8 |. 83C4 08
0041D9EB |. 8985 50F5FFFF
0041D9F1 |. 68 77874400
0041D9F6 |. 8B55 08
0041D9F9 |. 52
0041D9FA |. E8 61CFFEFF
0041D9FF |. 83C4 08
0041DA02 |. 8985 54F5FFFF
0041DA08 |. 83BD 54F5FFFF
0041DA0F |. 75 0C
0041DA11 |. C785 C4F1FFFF

MOV BYTE PTR SS:[LOCAL.1],0B


PUSH 0
PUSH 1
LEA ECX,[LOCAL.400]
CALL 0040FB60

;
;
;
;

MOV EDX,DWORD PTR SS:[LOCAL.174]


MOV DWORD PTR SS:[LOCAL.411],EDX
MOV EAX,DWORD PTR SS:[LOCAL.411]
PUSH EAX

; /Arg1 =>

CALL 0042F800

; \SystemIn

ADD ESP,4
MOV BYTE PTR SS:[LOCAL.412+3],20
MOV BYTE PTR SS:[LOCAL.412+2],2E
PUSH 6
LEA ECX,[LOCAL.416]
PUSH ECX

; /Arg2 = 6
; |
; |Arg1 =>

CALL 0042D798

; \SystemIn

ADD ESP,8
MOV DWORD PTR SS:[LOCAL.682],EAX
CMP DWORD PTR SS:[ARG.1],0
JNE SHORT 0041D9AB
MOV DWORD PTR SS:[LOCAL.910],0
JMP SHORT 0041D9BC
MOV EDX,DWORD PTR SS:[ARG.1]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[ARG.1]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.910],ECX
MOV EDX,DWORD PTR SS:[LOCAL.682]
MOV EAX,DWORD PTR DS:[EDX+4]
PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.910]
PUSH ECX
MOV EDX,DWORD PTR SS:[LOCAL.682]
MOV EAX,DWORD PTR DS:[EDX]
CALL EAX
ADD ESP,8
PUSH 23

; /Arg2 = 2

LEA ECX,[LOCAL.414]
PUSH ECX

; |
; |Arg1 =>

CALL 0042D798

; \SystemIn

ADD ESP,8
MOV DWORD PTR SS:[LOCAL.684],EAX
PUSH OFFSET 00448777
MOV EDX,DWORD PTR SS:[ARG.1]
PUSH EDX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[LOCAL.683],EAX
CMP DWORD PTR SS:[LOCAL.683],0
JNE SHORT 0041DA1D
MOV DWORD PTR SS:[LOCAL.911],0

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

0041DA1B |. EB 17
0041DA1D |> 8B85 54F5FFFF
0041DA23 |. 8B08
0041DA25 |. 8B95 54F5FFFF
0041DA2B |. 0351 04
0041DA2E |. 8995 C4F1FFFF
0041DA34 |> 8B85 50F5FFFF
0041DA3A |. 8B48 04
0041DA3D |. 51
0041DA3E |. 8B95 C4F1FFFF
0041DA44 |. 52
0041DA45 |. 8B85 50F5FFFF
0041DA4B |. 8B08
0041DA4D |. FFD1
0041DA4F |. 83C4 08
0041DA52 |. 8A95 92F9FFFF
0041DA58 |. 8895 47F5FFFF
0041DA5E |. 8B85 54F5FFFF
0041DA64 |. 8B08
0041DA66 |. 8B95 54F5FFFF
0041DA6C |. 0351 04
0041DA6F |. 8995 48F5FFFF
0041DA75 |. 8B85 48F5FFFF
0041DA7B |. 8A48 30
0041DA7E |. 888D 4FF5FFFF
0041DA84 |. 8B95 48F5FFFF
0041DA8A |. 8A85 47F5FFFF
0041DA90 |. 8842 30
0041DA93 |. 83BD 54F5FFFF
0041DA9A |. 75 0C
0041DA9C |. C785 3CF5FFFF
0041DAA6 |. EB 17
0041DAA8 |> 8B8D 54F5FFFF
0041DAAE |. 8B11
0041DAB0 |. 8B85 54F5FFFF
0041DAB6 |. 0342 04
0041DAB9 |. 8985 3CF5FFFF
0041DABF |> 8B8D 3CF5FFFF
0041DAC5 |. 8B51 10
0041DAC8 |. 8995 40F5FFFF
0041DACE |. B8 C0010000
0041DAD3 |. F7D0
0041DAD5 |. 8B8D 3CF5FFFF
0041DADB |. 2341 10
0041DADE |. BA 40000000
0041DAE3 |. 81E2 C0010000
0041DAE9 |. 81E2 FFFF0000
0041DAEF |. 0BC2
0041DAF1 |. 8B8D 3CF5FFFF
0041DAF7 |. 8941 10
0041DAFA |. 68 88984400
deo Driver Files"
0041DAFF |. 8B95 54F5FFFF
0041DB05 |. 52
0041DB06 |. E8 55CEFEFF
0041DB0B |. 83C4 08
0041DB0E |. 8985 30F5FFFF
0041DB14 |. 83BD 30F5FFFF
0041DB1B |. 75 0C
0041DB1D |. C785 34F5FFFF

JMP SHORT 0041DA34


MOV EAX,DWORD PTR SS:[LOCAL.683]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[LOCAL.683]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[LOCAL.911],EDX
MOV EAX,DWORD PTR SS:[LOCAL.684]
MOV ECX,DWORD PTR DS:[EAX+4]
PUSH ECX
MOV EDX,DWORD PTR SS:[LOCAL.911]
PUSH EDX
MOV EAX,DWORD PTR SS:[LOCAL.684]
MOV ECX,DWORD PTR DS:[EAX]
CALL ECX
ADD ESP,8
MOV DL,BYTE PTR SS:[LOCAL.412+2]
MOV BYTE PTR SS:[LOCAL.687+3],DL
MOV EAX,DWORD PTR SS:[LOCAL.683]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[LOCAL.683]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[LOCAL.686],EDX
MOV EAX,DWORD PTR SS:[LOCAL.686]
MOV CL,BYTE PTR DS:[EAX+30]
MOV BYTE PTR SS:[LOCAL.685+3],CL
MOV EDX,DWORD PTR SS:[LOCAL.686]
MOV AL,BYTE PTR SS:[LOCAL.687+3]
MOV BYTE PTR DS:[EDX+30],AL
CMP DWORD PTR SS:[LOCAL.683],0
JNE SHORT 0041DAA8
MOV DWORD PTR SS:[LOCAL.689],0
JMP SHORT 0041DABF
MOV ECX,DWORD PTR SS:[LOCAL.683]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[LOCAL.683]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.689],EAX
MOV ECX,DWORD PTR SS:[LOCAL.689]
MOV EDX,DWORD PTR DS:[ECX+10]
MOV DWORD PTR SS:[LOCAL.688],EDX
MOV EAX,1C0
NOT EAX
MOV ECX,DWORD PTR SS:[LOCAL.689]
AND EAX,DWORD PTR DS:[ECX+10]
MOV EDX,40
AND EDX,000001C0
AND EDX,0000FFFF
OR EAX,EDX
MOV ECX,DWORD PTR SS:[LOCAL.689]
MOV DWORD PTR DS:[ECX+10],EAX
PUSH OFFSET 00449888
MOV EDX,DWORD PTR SS:[LOCAL.683]
PUSH EDX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[LOCAL.692],EAX
CMP DWORD PTR SS:[LOCAL.692],0
JNE SHORT 0041DB29
MOV DWORD PTR SS:[LOCAL.691],0

; ASCII "Vi

0041DB27 |. EB 17
JMP SHORT 0041DB40
0041DB29 |> 8B85 30F5FFFF MOV EAX,DWORD PTR SS:[LOCAL.692]
0041DB2F |. 8B08
MOV ECX,DWORD PTR DS:[EAX]
0041DB31 |. 8B95 30F5FFFF MOV EDX,DWORD PTR SS:[LOCAL.692]
0041DB37 |. 0351 04
ADD EDX,DWORD PTR DS:[ECX+4]
0041DB3A |. 8995 34F5FFFF MOV DWORD PTR SS:[LOCAL.691],EDX
0041DB40 |> 8B85 34F5FFFF MOV EAX,DWORD PTR SS:[LOCAL.691]
0041DB46 |. 8B48 10
MOV ECX,DWORD PTR DS:[EAX+10]
0041DB49 |. 898D 38F5FFFF MOV DWORD PTR SS:[LOCAL.690],ECX
0041DB4F |. BA C0010000 MOV EDX,1C0
0041DB54 |. F7D2
NOT EDX
0041DB56 |. 8B85 34F5FFFF MOV EAX,DWORD PTR SS:[LOCAL.691]
0041DB5C |. 2350 10
AND EDX,DWORD PTR DS:[EAX+10]
0041DB5F |. B9 80000000 MOV ECX,80
0041DB64 |. 81E1 C0010000 AND ECX,000001C0
0041DB6A |. 81E1 FFFF0000 AND ECX,0000FFFF
0041DB70 |. 0BD1
OR EDX,ECX
0041DB72 |. 8B85 34F5FFFF MOV EAX,DWORD PTR SS:[LOCAL.691]
0041DB78 |. 8950 10
MOV DWORD PTR DS:[EAX+10],EDX
0041DB7B |. 8A8D 93F9FFFF MOV CL,BYTE PTR SS:[LOCAL.412+3]
0041DB81 |. 888D 27F5FFFF MOV BYTE PTR SS:[LOCAL.695+3],CL
0041DB87 |. 8B95 30F5FFFF MOV EDX,DWORD PTR SS:[LOCAL.692]
0041DB8D |. 8B02
MOV EAX,DWORD PTR DS:[EDX]
0041DB8F |. 8B8D 30F5FFFF MOV ECX,DWORD PTR SS:[LOCAL.692]
0041DB95 |. 0348 04
ADD ECX,DWORD PTR DS:[EAX+4]
0041DB98 |. 898D 28F5FFFF MOV DWORD PTR SS:[LOCAL.694],ECX
0041DB9E |. 8B95 28F5FFFF MOV EDX,DWORD PTR SS:[LOCAL.694]
0041DBA4 |. 8A42 30
MOV AL,BYTE PTR DS:[EDX+30]
0041DBA7 |. 8885 2FF5FFFF MOV BYTE PTR SS:[LOCAL.693+3],AL
0041DBAD |. 8B8D 28F5FFFF MOV ECX,DWORD PTR SS:[LOCAL.694]
0041DBB3 |. 8A95 27F5FFFF MOV DL,BYTE PTR SS:[LOCAL.695+3]
0041DBB9 |. 8851 30
MOV BYTE PTR DS:[ECX+30],DL
0041DBBC |. 68 08954400 PUSH OFFSET 00449508
0041DBC1 |. 8D85 74FDFFFF LEA EAX,[LOCAL.163]
0041DBC7 |. 50
PUSH EAX
0041DBC8 |. 8B8D 30F5FFFF MOV ECX,DWORD PTR SS:[LOCAL.692]
0041DBCE |. 51
PUSH ECX
0041DBCF |. E8 8CD2FEFF CALL 0040AE60
0041DBD4 |. 83C4 08
ADD ESP,8
0041DBD7 |. 50
PUSH EAX
0041DBD8 |. E8 83CDFEFF CALL 0040A960
0041DBDD |. 83C4 08
ADD ESP,8
0041DBE0 |. 8985 20F5FFFF MOV DWORD PTR SS:[LOCAL.696],EAX
0041DBE6 |. 6A 0A
PUSH 0A
A
0041DBE8 |. 8B8D 20F5FFFF MOV ECX,DWORD PTR SS:[LOCAL.696]
0041DBEE |. E8 CD19FFFF CALL 0040F5C0
fo.0040F5C0
0041DBF3 |. 8B8D 20F5FFFF MOV ECX,DWORD PTR SS:[LOCAL.696]
0041DBF9 |. E8 C21BFFFF CALL 0040F7C0
fo.0040F7C0
0041DBFE |. 8D95 A4FDFFFF LEA EDX,[LOCAL.151]
0041DC04 |. 52
PUSH EDX
OFFSET LOCAL.151
0041DC05 |. 68 64984400 PUSH OFFSET 00449864
SCII "SYSTEM\CurrentControlSet\Services\"
0041DC0A |. 8D85 54F9FFFF LEA EAX,[LOCAL.427]
0041DC10 |. 50
PUSH EAX
OFFSET LOCAL.427
0041DC11 |. E8 FA680000 CALL 00424510

; /Arg1 = 0
; |
; \SystemIn
; [SystemIn
; /Arg3 =>
; |Arg2 = A
; |
; |Arg1 =>
; \SystemIn

fo.00424510
0041DC16 |. 83C4 0C
0041DC19 |. 8985 1CF5FFFF
0041DC1F |. 8B8D 1CF5FFFF
0041DC25 |. 8379 18 10
0041DC29 |. 72 11
0041DC2B |. 8B95 1CF5FFFF
0041DC31 |. 8B42 04
0041DC34 |. 8985 C0F1FFFF
0041DC3A |. EB 0F
0041DC3C |> 8B8D 1CF5FFFF
0041DC42 |. 83C1 04
0041DC45 |. 898D C0F1FFFF
0041DC4B |> 8D55 E8
0041DC4E |. 52
=> OFFSET LOCAL.6
0041DC4F |. 68 19000200
ccess = KEY_READ
0041DC54 |. 6A 00
= 0
0041DC56 |. 8B85 C0F1FFFF
0041DC5C |. 50
> [LOCAL.912]
0041DC5D |. 68 02000080
KEY_LOCAL_MACHINE
0041DC62 |. FF15 08804400
.RegOpenKeyExA
0041DC68 |. F7D8
0041DC6A |. 1BC0
0041DC6C |. 83C0 01
0041DC6F |. 8885 7FF9FFFF
0041DC75 |. C645 FC 0D
0041DC79 |. 8D8D 54F9FFFF
0041DC7F |. E8 FC0AFFFF
fo.0040E780
0041DC84 |. C645 FC 0B
0041DC88 |. 6A 00
0041DC8A |. 6A 01
0041DC8C |. 8D8D 54F9FFFF
0041DC92 |. E8 C91EFFFF
fo.0040FB60
0041DC97 |. 0FB68D 7FF9FF
0041DC9E |. 85C9
0041DCA0 |. 74 3A
0041DCA2 |. C785 D0FDFFFF
0041DCAC |. 8D95 D0FDFFFF
0041DCB2 |. 52
=> OFFSET LOCAL.140
0041DCB3 |. 8D85 E4FEFFFF
0041DCB9 |. 50
OFFSET LOCAL.71
0041DCBA |. 8D8D E0FEFFFF
0041DCC0 |. 51
OFFSET LOCAL.72
0041DCC1 |. 6A 00
= 0
0041DCC3 |. 68 58984400
ImagePath"
0041DCC8 |. 8B55 E8
0041DCCB |. 52

ADD ESP,0C
MOV DWORD PTR SS:[LOCAL.697],EAX
MOV ECX,DWORD PTR SS:[LOCAL.697]
CMP DWORD PTR DS:[ECX+18],10
JB SHORT 0041DC3C
MOV EDX,DWORD PTR SS:[LOCAL.697]
MOV EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.912],EAX
JMP SHORT 0041DC4B
MOV ECX,DWORD PTR SS:[LOCAL.697]
ADD ECX,4
MOV DWORD PTR SS:[LOCAL.912],ECX
LEA EDX,[LOCAL.6]
PUSH EDX

; /pResult

PUSH 20019

; |DesiredA

PUSH 0

; |Reserved

MOV EAX,DWORD PTR SS:[LOCAL.912]


PUSH EAX

; |
; |SubKey =

PUSH 80000002

; |hKey = H

CALL DWORD PTR DS:[<&ADVAPI32.RegOpenKey ; \ADVAPI32


NEG EAX
SBB EAX,EAX
ADD EAX,1
MOV BYTE PTR SS:[LOCAL.417+3],AL
MOV BYTE PTR SS:[LOCAL.1],0D
LEA ECX,[LOCAL.427]
CALL 0040E780

; [SystemIn

MOV BYTE PTR SS:[LOCAL.1],0B


PUSH 0
PUSH 1
LEA ECX,[LOCAL.427]
CALL 0040FB60

;
;
;
;

MOVZX ECX,BYTE PTR SS:[LOCAL.417+3]


TEST ECX,ECX
JE SHORT 0041DCDC
MOV DWORD PTR SS:[LOCAL.140],100
LEA EDX,[LOCAL.140]
PUSH EDX

; /pDataLen

LEA EAX,[LOCAL.71]
PUSH EAX

; |
; |pData =>

LEA ECX,[LOCAL.72]
PUSH ECX

; |
; |pType =>

PUSH 0

; |Reserved

PUSH OFFSET 00449858

; |Name = "

MOV EDX,DWORD PTR SS:[LOCAL.6]


PUSH EDX

; |
; |hKey =>

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

[LOCAL.6]
0041DCCC |. FF15 04804400
.RegQueryValueExA
0041DCD2 |. 8B45 E8
0041DCD5 |. 50
[LOCAL.6]
0041DCD6 |. FF15 14804400
.RegCloseKey
0041DCDC |> 6A 00
0
0041DCDE |. 6A 00
NULL
0041DCE0 |. FF15 B8804400
.GetWindowsDirectoryA
0041DCE6 |. 8985 9CFDFFFF
0041DCEC |. 8B8D 9CFDFFFF
0041DCF2 |. 51
[LOCAL.153]
0041DCF3 |. E8 54FB0000
fo.0042D84C
0041DCF8 |. 83C4 04
0041DCFB |. 8985 50F9FFFF
0041DD01 |. 8B95 50F9FFFF
0041DD07 |. 8995 A0FDFFFF
0041DD0D |. 8B85 9CFDFFFF
0041DD13 |. 50
[LOCAL.153]
0041DD14 |. 8B8D A0FDFFFF
0041DD1A |. 51
> [LOCAL.152]
0041DD1B |. FF15 B8804400
.GetWindowsDirectoryA
0041DD21 |. 6A 06
0041DD23 |. 8D95 40F9FFFF
0041DD29 |. 52
OFFSET LOCAL.432
0041DD2A |. E8 69FA0000
fo.0042D798
0041DD2F |. 83C4 08
0041DD32 |. 8985 18F5FFFF
0041DD38 |. 837D 08 00
0041DD3C |. 75 0C
0041DD3E |. C785 BCF1FFFF
0041DD48 |. EB 11
0041DD4A |> 8B45 08
0041DD4D |. 8B08
0041DD4F |. 8B55 08
0041DD52 |. 0351 04
0041DD55 |. 8995 BCF1FFFF
0041DD5B |> 8B85 18F5FFFF
0041DD61 |. 8B48 04
0041DD64 |. 51
0041DD65 |. 8B95 BCF1FFFF
0041DD6B |. 52
0041DD6C |. 8B85 18F5FFFF
0041DD72 |. 8B08
0041DD74 |. FFD1
0041DD76 |. 83C4 08
0041DD79 |. 6A 23
3

CALL DWORD PTR DS:[<&ADVAPI32.RegQueryVa ; \ADVAPI32


MOV EAX,DWORD PTR SS:[LOCAL.6]
PUSH EAX

; /hKey =>

CALL DWORD PTR DS:[<&ADVAPI32.RegCloseKe ; \ADVAPI32


PUSH 0

; /Count =

PUSH 0

; |Buffer =

CALL DWORD PTR DS:[<&KERNEL32.GetWindows ; \KERNEL32


MOV DWORD PTR SS:[LOCAL.153],EAX
MOV ECX,DWORD PTR SS:[LOCAL.153]
PUSH ECX

; /Arg1 =>

CALL 0042D84C

; \SystemIn

ADD ESP,4
MOV DWORD PTR
MOV EDX,DWORD
MOV DWORD PTR
MOV EAX,DWORD
PUSH EAX

SS:[LOCAL.428],EAX
PTR SS:[LOCAL.428]
SS:[LOCAL.152],EDX
PTR SS:[LOCAL.153]

MOV ECX,DWORD PTR SS:[LOCAL.152]


PUSH ECX

; /Count =>
; |
; |Buffer =

CALL DWORD PTR DS:[<&KERNEL32.GetWindows ; \KERNEL32


PUSH 6
LEA EDX,[LOCAL.432]
PUSH EDX

; /Arg2 = 6
; |
; |Arg1 =>

CALL 0042D798

; \SystemIn

ADD ESP,8
MOV DWORD PTR SS:[LOCAL.698],EAX
CMP DWORD PTR SS:[ARG.1],0
JNE SHORT 0041DD4A
MOV DWORD PTR SS:[LOCAL.913],0
JMP SHORT 0041DD5B
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[ARG.1]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[LOCAL.913],EDX
MOV EAX,DWORD PTR SS:[LOCAL.698]
MOV ECX,DWORD PTR DS:[EAX+4]
PUSH ECX
MOV EDX,DWORD PTR SS:[LOCAL.913]
PUSH EDX
MOV EAX,DWORD PTR SS:[LOCAL.698]
MOV ECX,DWORD PTR DS:[EAX]
CALL ECX
ADD ESP,8
PUSH 23

; /Arg2 = 2

0041DD7B |. 8D95 48F9FFFF


0041DD81 |. 52
OFFSET LOCAL.430
0041DD82 |. E8 11FA0000
fo.0042D798
0041DD87 |. 83C4 08
0041DD8A |. 8985 10F5FFFF
0041DD90 |. 68 77874400
0041DD95 |. 8B45 08
0041DD98 |. 50
0041DD99 |. E8 C2CBFEFF
0041DD9E |. 83C4 08
0041DDA1 |. 8985 14F5FFFF
0041DDA7 |. 83BD 14F5FFFF
0041DDAE |. 75 0C
0041DDB0 |. C785 B8F1FFFF
0041DDBA |. EB 17
0041DDBC |> 8B8D 14F5FFFF
0041DDC2 |. 8B11
0041DDC4 |. 8B85 14F5FFFF
0041DDCA |. 0342 04
0041DDCD |. 8985 B8F1FFFF
0041DDD3 |> 8B8D 10F5FFFF
0041DDD9 |. 8B51 04
0041DDDC |. 52
0041DDDD |. 8B85 B8F1FFFF
0041DDE3 |. 50
0041DDE4 |. 8B8D 10F5FFFF
0041DDEA |. 8B11
0041DDEC |. FFD2
0041DDEE |. 83C4 08
0041DDF1 |. 8D85 E4FEFFFF
0041DDF7 |. 50
0041DDF8 |. 68 60854400
0041DDFD |. 8B8D A0FDFFFF
0041DE03 |. 51
0041DE04 |. 68 80874400
0041DE09 |. 8B95 14F5FFFF
0041DE0F |. 52
0041DE10 |. E8 4BCBFEFF
0041DE15 |. 83C4 08
0041DE18 |. 50
0041DE19 |. E8 42CBFEFF
0041DE1E |. 83C4 08
0041DE21 |. 50
0041DE22 |. E8 39CBFEFF
0041DE27 |. 83C4 08
0041DE2A |. 50
0041DE2B |. E8 30CBFEFF
0041DE30 |. 83C4 08
0041DE33 |. 8985 0CF5FFFF
0041DE39 |. 6A 0A
A
0041DE3B |. 8B8D 0CF5FFFF
0041DE41 |. E8 7A17FFFF
fo.0040F5C0
0041DE46 |. 8B8D 0CF5FFFF
0041DE4C |. E8 6F19FFFF
fo.0040F7C0
0041DE51 |. 68 44984400

LEA EDX,[LOCAL.430]
PUSH EDX

; |
; |Arg1 =>

CALL 0042D798

; \SystemIn

ADD ESP,8
MOV DWORD PTR SS:[LOCAL.700],EAX
PUSH OFFSET 00448777
MOV EAX,DWORD PTR SS:[ARG.1]
PUSH EAX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[LOCAL.699],EAX
CMP DWORD PTR SS:[LOCAL.699],0
JNE SHORT 0041DDBC
MOV DWORD PTR SS:[LOCAL.914],0
JMP SHORT 0041DDD3
MOV ECX,DWORD PTR SS:[LOCAL.699]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[LOCAL.699]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.914],EAX
MOV ECX,DWORD PTR SS:[LOCAL.700]
MOV EDX,DWORD PTR DS:[ECX+4]
PUSH EDX
MOV EAX,DWORD PTR SS:[LOCAL.914]
PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.700]
MOV EDX,DWORD PTR DS:[ECX]
CALL EDX
ADD ESP,8
LEA EAX,[LOCAL.71]
PUSH EAX
PUSH OFFSET 00448560
MOV ECX,DWORD PTR SS:[LOCAL.152]
PUSH ECX
PUSH OFFSET 00448780
MOV EDX,DWORD PTR SS:[LOCAL.699]
PUSH EDX
CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[LOCAL.701],EAX
PUSH 0A

; /Arg1 = 0

MOV ECX,DWORD PTR SS:[LOCAL.701]


CALL 0040F5C0

; |
; \SystemIn

MOV ECX,DWORD PTR SS:[LOCAL.701]


CALL 0040F7C0

; [SystemIn

PUSH OFFSET 00449844

; /Arg14 =

ASCII "Video Manufacturer"


0041DE56 |. 68 2C984400 PUSH OFFSET 0044982C
ASCII "Video Driver Version"
0041DE5B |. 68 1C984400 PUSH OFFSET 0044981C
ASCII "Video Driver"
0041DE60 |. 83EC 28
SUB ESP,28
0041DE63 |. 8BCC
MOV ECX,ESP
0041DE65 |. 89A5 3CF9FFFF MOV DWORD PTR SS:[LOCAL.433],ESP
0041DE6B |. 8D85 74FDFFFF LEA EAX,[LOCAL.163]
0041DE71 |. 50
PUSH EAX
OFFSET LOCAL.163
0041DE72 |. E8 99CEFEFF CALL 0040AD10
nfo.0040AD10
0041DE77 |. 8985 B4F1FFFF MOV DWORD PTR SS:[LOCAL.915],EAX
0041DE7D |. 8B4D 08
MOV ECX,DWORD PTR SS:[ARG.1]
0041DE80 |. 51
PUSH ECX
[ARG.1]
0041DE81 |. E8 9ADCFFFF CALL 0041BB20
fo.0041BB20
0041DE86 |. 83C4 38
ADD ESP,38
0041DE89 |. 8D55 E8
LEA EDX,[LOCAL.6]
0041DE8C |. 52
PUSH EDX
=> OFFSET LOCAL.6
0041DE8D |. 68 19000200 PUSH 20019
ccess = KEY_READ
0041DE92 |. 6A 00
PUSH 0
= 0
0041DE94 |. 68 FC974400 PUSH OFFSET 004497FC
"SYSTEM\CurrentControlSet\Enum"
0041DE99 |. 68 02000080 PUSH 80000002
KEY_LOCAL_MACHINE
0041DE9E |. FF15 08804400 CALL DWORD PTR DS:[<&ADVAPI32.RegOpenKey
.RegOpenKeyExA
0041DEA4 |. 85C0
TEST EAX,EAX
0041DEA6 |. 0F85 A5090000 JNE 0041E851
0041DEAC |. C745 EC 00000 MOV DWORD PTR SS:[LOCAL.5],0
0041DEB3 |. EB 09
JMP SHORT 0041DEBE
0041DEB5 |> 8B45 EC
/MOV EAX,DWORD PTR SS:[LOCAL.5]
0041DEB8 |. 83C0 01
|ADD EAX,1
0041DEBB |. 8945 EC
|MOV DWORD PTR SS:[LOCAL.5],EAX
0041DEBE |> C785 D8FEFFFF |MOV DWORD PTR SS:[LOCAL.74],100
0041DEC8 |. 8D8D 3CFDFFFF |LEA ECX,[LOCAL.177]
0041DECE |. 51
|PUSH ECX
teTime => OFFSET LOCAL.177
0041DECF |. 6A 00
|PUSH 0
n = NULL
0041DED1 |. 6A 00
|PUSH 0
NULL
0041DED3 |. 6A 00
|PUSH 0
= 0
0041DED5 |. 8D95 D8FEFFFF |LEA EDX,[LOCAL.74]
0041DEDB |. 52
|PUSH EDX
=> OFFSET LOCAL.74
0041DEDC |. 8D85 D4FDFFFF |LEA EAX,[LOCAL.139]
0041DEE2 |. 50
|PUSH EAX
OFFSET LOCAL.139
0041DEE3 |. 8B4D EC
|MOV ECX,DWORD PTR SS:[LOCAL.5]
0041DEE6 |. 51
|PUSH ECX
[LOCAL.5]
0041DEE7 |. 8B55 E8
|MOV EDX,DWORD PTR SS:[LOCAL.6]

; |Arg13 =
; |Arg12 =
;
;
;
;
;

|
|
|
|
|/Arg1 =>

; |\SystemI
; |
; |
; |Arg1 =>
; \SystemIn

; /pResult
; |DesiredA
; |Reserved
; |SubKey =
; |hKey = H
; \ADVAPI32

; /pLastWri
; |pClassLe
; |Class =
; |Reserved
; |
; |pNameLen
; |
; |Name =>
; |
; |Index =>
; |

0041DEEA |. 52
[LOCAL.6]
0041DEEB |. FF15 0C804400
.RegEnumKeyExA
0041DEF1 |. 85C0
0041DEF3 |. 0F85 4E090000
0041DEF9 |. 8D85 38FDFFFF
0041DEFF |. 50
=> OFFSET LOCAL.178
0041DF00 |. 68 19000200
ccess = KEY_READ
0041DF05 |. 6A 00
= 0
0041DF07 |. 8D8D D4FDFFFF
0041DF0D |. 51
> OFFSET LOCAL.139
0041DF0E |. 8B55 E8
0041DF11 |. 52
[LOCAL.6]
0041DF12 |. FF15 08804400
.RegOpenKeyExA
0041DF18 |. 85C0
0041DF1A |. 74 02
0041DF1C |.^ EB 97
0041DF1E |> C785 34FDFFFF
0041DF28 |. EB 0F
0041DF2A |> 8B85 34FDFFFF
0041DF30 |. 83C0 01
0041DF33 |. 8985 34FDFFFF
0041DF39 |> C785 D8FEFFFF
0041DF43 |. 8D8D 3CFDFFFF
0041DF49 |. 51
teTime => OFFSET LOCAL.177
0041DF4A |. 6A 00
n = NULL
0041DF4C |. 6A 00
NULL
0041DF4E |. 6A 00
= 0
0041DF50 |. 8D95 D8FEFFFF
0041DF56 |. 52
=> OFFSET LOCAL.74
0041DF57 |. 8D85 D4FDFFFF
0041DF5D |. 50
OFFSET LOCAL.139
0041DF5E |. 8B8D 34FDFFFF
0041DF64 |. 51
[LOCAL.179]
0041DF65 |. 8B95 38FDFFFF
0041DF6B |. 52
[LOCAL.178]
0041DF6C |. FF15 0C804400
.RegEnumKeyExA
0041DF72 |. 85C0
0041DF74 |. 0F85 BB080000
0041DF7A |. 8D85 30FDFFFF
0041DF80 |. 50
=> OFFSET LOCAL.180
0041DF81 |. 68 19000200
ccess = KEY_READ

|PUSH EDX

; |hKey =>

|CALL DWORD PTR DS:[<&ADVAPI32.RegEnumKe ; \ADVAPI32


|TEST EAX,EAX
|JNE 0041E847
|LEA EAX,[LOCAL.178]
|PUSH EAX

; /pResult

|PUSH 20019

; |DesiredA

|PUSH 0

; |Reserved

|LEA ECX,[LOCAL.139]
|PUSH ECX

; |
; |SubKey =

|MOV EDX,DWORD PTR SS:[LOCAL.6]


|PUSH EDX

; |
; |hKey =>

|CALL DWORD PTR DS:[<&ADVAPI32.RegOpenKe ; \ADVAPI32


|TEST EAX,EAX
|JE SHORT 0041DF1E
|JMP SHORT 0041DEB5
|MOV DWORD PTR SS:[LOCAL.179],0
|JMP SHORT 0041DF39
|/MOV EAX,DWORD PTR SS:[LOCAL.179]
||ADD EAX,1
||MOV DWORD PTR SS:[LOCAL.179],EAX
||MOV DWORD PTR SS:[LOCAL.74],100
||LEA ECX,[LOCAL.177]
||PUSH ECX

; /pLastWri

||PUSH 0

; |pClassLe

||PUSH 0

; |Class =

||PUSH 0

; |Reserved

||LEA EDX,[LOCAL.74]
||PUSH EDX

; |
; |pNameLen

||LEA EAX,[LOCAL.139]
||PUSH EAX

; |
; |Name =>

||MOV ECX,DWORD PTR SS:[LOCAL.179]


||PUSH ECX

; |
; |Index =>

||MOV EDX,DWORD PTR SS:[LOCAL.178]


||PUSH EDX

; |
; |hKey =>

||CALL DWORD PTR DS:[<&ADVAPI32.RegEnumK ; \ADVAPI32


||TEST EAX,EAX
||JNE 0041E835
||LEA EAX,[LOCAL.180]
||PUSH EAX

; /pResult

||PUSH 20019

; |DesiredA

0041DF86 |. 6A 00
= 0
0041DF88 |. 8D8D D4FDFFFF
0041DF8E |. 51
> OFFSET LOCAL.139
0041DF8F |. 8B95 38FDFFFF
0041DF95 |. 52
[LOCAL.178]
0041DF96 |. FF15 08804400
.RegOpenKeyExA
0041DF9C |. 85C0
0041DF9E |. 74 02
0041DFA0 |.^ EB 88
0041DFA2 |> C785 2CFDFFFF
0041DFAC |. EB 0F
0041DFAE |> 8B85 2CFDFFFF
0041DFB4 |. 83C0 01
0041DFB7 |. 8985 2CFDFFFF
0041DFBD |> C785 D8FEFFFF
0041DFC7 |. 8D8D 3CFDFFFF
0041DFCD |. 51
teTime => OFFSET LOCAL.177
0041DFCE |. 6A 00
n = NULL
0041DFD0 |. 6A 00
NULL
0041DFD2 |. 6A 00
= 0
0041DFD4 |. 8D95 D8FEFFFF
0041DFDA |. 52
=> OFFSET LOCAL.74
0041DFDB |. 8D85 D4FDFFFF
0041DFE1 |. 50
OFFSET LOCAL.139
0041DFE2 |. 8B8D 2CFDFFFF
0041DFE8 |. 51
[LOCAL.181]
0041DFE9 |. 8B95 30FDFFFF
0041DFEF |. 52
[LOCAL.180]
0041DFF0 |. FF15 0C804400
.RegEnumKeyExA
0041DFF6 |. 85C0
0041DFF8 |. 0F85 25080000
0041DFFE |. 8D85 28FCFFFF
0041E004 |. 50
=> OFFSET LOCAL.246
0041E005 |. 68 19000200
ccess = KEY_READ
0041E00A |. 6A 00
= 0
0041E00C |. 8D8D D4FDFFFF
0041E012 |. 51
> OFFSET LOCAL.139
0041E013 |. 8B95 30FDFFFF
0041E019 |. 52
[LOCAL.180]
0041E01A |. FF15 08804400
.RegOpenKeyExA
0041E020 |. 85C0

||PUSH 0

; |Reserved

||LEA ECX,[LOCAL.139]
||PUSH ECX

; |
; |SubKey =

||MOV EDX,DWORD PTR SS:[LOCAL.178]


||PUSH EDX

; |
; |hKey =>

||CALL DWORD PTR DS:[<&ADVAPI32.RegOpenK ; \ADVAPI32


||TEST EAX,EAX
||JE SHORT 0041DFA2
||JMP SHORT 0041DF2A
||MOV DWORD PTR SS:[LOCAL.181],0
||JMP SHORT 0041DFBD
||/MOV EAX,DWORD PTR SS:[LOCAL.181]
|||ADD EAX,1
|||MOV DWORD PTR SS:[LOCAL.181],EAX
|||MOV DWORD PTR SS:[LOCAL.74],100
|||LEA ECX,[LOCAL.177]
|||PUSH ECX

; /pLastWri

|||PUSH 0

; |pClassLe

|||PUSH 0

; |Class =

|||PUSH 0

; |Reserved

|||LEA EDX,[LOCAL.74]
|||PUSH EDX

; |
; |pNameLen

|||LEA EAX,[LOCAL.139]
|||PUSH EAX

; |
; |Name =>

|||MOV ECX,DWORD PTR SS:[LOCAL.181]


|||PUSH ECX

; |
; |Index =>

|||MOV EDX,DWORD PTR SS:[LOCAL.180]


|||PUSH EDX

; |
; |hKey =>

|||CALL DWORD PTR DS:[<&ADVAPI32.RegEnum ; \ADVAPI32


|||TEST EAX,EAX
|||JNE 0041E823
|||LEA EAX,[LOCAL.246]
|||PUSH EAX

; /pResult

|||PUSH 20019

; |DesiredA

|||PUSH 0

; |Reserved

|||LEA ECX,[LOCAL.139]
|||PUSH ECX

; |
; |SubKey =

|||MOV EDX,DWORD PTR SS:[LOCAL.180]


|||PUSH EDX

; |
; |hKey =>

|||CALL DWORD PTR DS:[<&ADVAPI32.RegOpen ; \ADVAPI32


|||TEST EAX,EAX

0041E022 |. 74 02
0041E024 |.^ EB 88
0041E026 |> C785 D0FDFFFF
0041E030 |. 8D85 D0FDFFFF
0041E036 |. 50
=> OFFSET LOCAL.140
0041E037 |. 8D8D 2CFCFFFF
0041E03D |. 51
OFFSET LOCAL.245
0041E03E |. 8D95 E0FEFFFF
0041E044 |. 52
OFFSET LOCAL.72
0041E045 |. 6A 00
= 0
0041E047 |. 68 1C8A4400
Class"
0041E04C |. 8B85 28FCFFFF
0041E052 |. 50
[LOCAL.246]
0041E053 |. FF15 04804400
.RegQueryValueExA
0041E059 |. 85C0
0041E05B |. 0F85 B0070000
0041E061 |. 83BD E0FEFFFF
0041E068 |. 0F85 A3070000
0041E06E |. 68 F4974400
SCII "Monitor"
0041E073 |. 8D8D 2CFCFFFF
0041E079 |. 51
OFFSET LOCAL.245
0041E07A |. E8 41420000
fo.004222C0
0041E07F |. 83C4 08
0041E082 |. 85C0
0041E084 |. 0F84 AD000000
0041E08A |. 68 EC974400
SCII "Display"
0041E08F |. 8D95 2CFCFFFF
0041E095 |. 52
OFFSET LOCAL.245
0041E096 |. E8 25420000
fo.004222C0
0041E09B |. 83C4 08
0041E09E |. 85C0
0041E0A0 |. 0F85 6B070000
0041E0A6 |. C785 D0FDFFFF
0041E0B0 |. 8D85 D0FDFFFF
0041E0B6 |. 50
=> OFFSET LOCAL.140
0041E0B7 |. 8D8D E4FEFFFF
0041E0BD |. 51
OFFSET LOCAL.71
0041E0BE |. 8D95 E0FEFFFF
0041E0C4 |. 52
OFFSET LOCAL.72
0041E0C5 |. 6A 00
= 0
0041E0C7 |. 68 E4974400
Service"
0041E0CC |. 8B85 28FCFFFF

|||JE SHORT 0041E026


|||JMP SHORT 0041DFAE
|||MOV DWORD PTR SS:[LOCAL.140],100
|||LEA EAX,[LOCAL.140]
|||PUSH EAX

; /pDataLen

|||LEA ECX,[LOCAL.245]
|||PUSH ECX

; |
; |pData =>

|||LEA EDX,[LOCAL.72]
|||PUSH EDX

; |
; |pType =>

|||PUSH 0

; |Reserved

|||PUSH OFFSET 00448A1C

; |Name = "

|||MOV EAX,DWORD PTR SS:[LOCAL.246]


|||PUSH EAX

; |
; |hKey =>

|||CALL DWORD PTR DS:[<&ADVAPI32.RegQuer ; \ADVAPI32


|||TEST EAX,EAX
|||JNE 0041E811
|||CMP DWORD PTR SS:[LOCAL.72],1
|||JNE 0041E811
|||PUSH OFFSET 004497F4

; /Arg2 = A

|||LEA ECX,[LOCAL.245]
|||PUSH ECX

; |
; |Arg1 =>

|||CALL 004222C0

; \SystemIn

|||ADD ESP,8
|||TEST EAX,EAX
|||JE 0041E137
|||PUSH OFFSET 004497EC

; /Arg2 = A

|||LEA EDX,[LOCAL.245]
|||PUSH EDX

; |
; |Arg1 =>

|||CALL 004222C0

; \SystemIn

|||ADD ESP,8
|||TEST EAX,EAX
|||JNE 0041E811
|||MOV DWORD PTR SS:[LOCAL.140],100
|||LEA EAX,[LOCAL.140]
|||PUSH EAX

; /pDataLen

|||LEA ECX,[LOCAL.71]
|||PUSH ECX

; |
; |pData =>

|||LEA EDX,[LOCAL.72]
|||PUSH EDX

; |
; |pType =>

|||PUSH 0

; |Reserved

|||PUSH OFFSET 004497E4

; |Name = "

|||MOV EAX,DWORD PTR SS:[LOCAL.246]

; |

0041E0D2 |. 50
[LOCAL.246]
0041E0D3 |. FF15 04804400
.RegQueryValueExA
0041E0D9 |. 85C0
0041E0DB |. 0F85 30070000
0041E0E1 |. 83BD E0FEFFFF
0041E0E8 |. 0F85 23070000
0041E0EE |. 8D8D E4FEFFFF
0041E0F4 |. 51
OFFSET LOCAL.71
0041E0F5 |. E8 86010100
fo.0042E280
0041E0FA |. 83C4 04
0041E0FD |. 8985 E8F4FFFF
0041E103 |. 8B95 E8F4FFFF
0041E109 |. 52
[LOCAL.710]
0041E10A |. 8D85 E4FEFFFF
0041E110 |. 50
OFFSET LOCAL.71
0041E111 |. 8B8D B8FDFFFF
0041E117 |. 51
[LOCAL.146]
0041E118 |. 6A 00
0041E11A |. 8D8D A4FDFFFF
0041E120 |. E8 8B17FFFF
fo.0040F8B0
0041E125 |. F7D8
0041E127 |. 1BC0
0041E129 |. 83C0 01
0041E12C |. 0FB6D0
0041E12F |. 85D2
0041E131 |. 0F84 DA060000
0041E137 |> C785 D0FDFFFF
0041E141 |. 8D85 D0FDFFFF
0041E147 |. 50
=> OFFSET LOCAL.140
0041E148 |. 8D8D E4FEFFFF
0041E14E |. 51
OFFSET LOCAL.71
0041E14F |. 8D95 E0FEFFFF
0041E155 |. 52
OFFSET LOCAL.72
0041E156 |. 6A 00
= 0
0041E158 |. 68 D8974400
DeviceDesc"
0041E15D |. 8B85 28FCFFFF
0041E163 |. 50
[LOCAL.246]
0041E164 |. FF15 04804400
.RegQueryValueExA
0041E16A |. 8D8D 0FF9FFFF
0041E170 |. 51
0041E171 |. 8D95 2CFCFFFF
0041E177 |. 52
OFFSET LOCAL.245
0041E178 |. 8D8D 10F9FFFF
0041E17E |. E8 BD0AFFFF

|||PUSH EAX

; |hKey =>

|||CALL DWORD PTR DS:[<&ADVAPI32.RegQuer ; \ADVAPI32


|||TEST EAX,EAX
|||JNE 0041E811
|||CMP DWORD PTR SS:[LOCAL.72],1
|||JNE 0041E811
|||LEA ECX,[LOCAL.71]
|||PUSH ECX

; /Arg1 =>

|||CALL 0042E280

; \SystemIn

|||ADD ESP,4
|||MOV DWORD PTR SS:[LOCAL.710],EAX
|||MOV EDX,DWORD PTR SS:[LOCAL.710]
|||PUSH EDX

; /Arg4 =>

|||LEA EAX,[LOCAL.71]
|||PUSH EAX

; |
; |Arg3 =>

|||MOV ECX,DWORD PTR SS:[LOCAL.146]


|||PUSH ECX

; |
; |Arg2 =>

|||PUSH 0
|||LEA ECX,[LOCAL.151]
|||CALL 0040F8B0

; |Arg1 = 0
; |
; \SystemIn

|||NEG EAX
|||SBB EAX,EAX
|||ADD EAX,1
|||MOVZX EDX,AL
|||TEST EDX,EDX
|||JE 0041E811
|||MOV DWORD PTR SS:[LOCAL.140],100
|||LEA EAX,[LOCAL.140]
|||PUSH EAX

; /pDataLen

|||LEA ECX,[LOCAL.71]
|||PUSH ECX

; |
; |pData =>

|||LEA EDX,[LOCAL.72]
|||PUSH EDX

; |
; |pType =>

|||PUSH 0

; |Reserved

|||PUSH OFFSET 004497D8

; |Name = "

|||MOV EAX,DWORD PTR SS:[LOCAL.246]


|||PUSH EAX

; |
; |hKey =>

|||CALL DWORD PTR DS:[<&ADVAPI32.RegQuer ; \ADVAPI32


|||LEA ECX,[LOCAL.445+3]
|||PUSH ECX
|||LEA EDX,[LOCAL.245]
|||PUSH EDX

; /Arg2
; |
; |Arg1 =>

|||LEA ECX,[LOCAL.444]
|||CALL 0040EC40

; |
; \SystemIn

fo.0040EC40
0041E183 |. C785 2CF9FFFF
0041E18D |. C785 30F9FFFF
0041E197 |. C785 34F9FFFF
0041E1A1 |. 8D85 10F9FFFF
0041E1A7 |. 8985 B0F1FFFF
0041E1AD |. C645 FC 0E
0041E1B1 |. 68 D0974400
SCII " Device"
0041E1B6 |. 8B8D B0F1FFFF
0041E1BC |. 51
[LOCAL.916]
0041E1BD |. 8D95 E4F8FFFF
0041E1C3 |. 52
OFFSET LOCAL.455
0041E1C4 |. E8 2708FFFF
fo.0040E9F0
0041E1C9 |. 83C4 0C
0041E1CC |. 8985 ACF1FFFF
0041E1D2 |. 8B85 ACF1FFFF
0041E1D8 |. 8985 A8F1FFFF
0041E1DE |. C645 FC 0F
0041E1E2 |. C685 3BF9FFFF
0041E1E9 |. C685 E3F8FFFF
0041E1F0 |. 6A 06
0041E1F2 |. 8D8D D0F8FFFF
0041E1F8 |. 51
OFFSET LOCAL.460
0041E1F9 |. E8 9AF50000
fo.0042D798
0041E1FE |. 83C4 08
0041E201 |. 8985 E4F4FFFF
0041E207 |. 837D 08 00
0041E20B |. 75 0C
0041E20D |. C785 A4F1FFFF
0041E217 |. EB 11
0041E219 |> 8B55 08
0041E21C |. 8B02
0041E21E |. 8B4D 08
0041E221 |. 0348 04
0041E224 |. 898D A4F1FFFF
0041E22A |> 8B95 E4F4FFFF
0041E230 |. 8B42 04
0041E233 |. 50
0041E234 |. 8B8D A4F1FFFF
0041E23A |. 51
0041E23B |. 8B95 E4F4FFFF
0041E241 |. 8B02
0041E243 |. FFD0
0041E245 |. 83C4 08
0041E248 |. 6A 23
3
0041E24A |. 8D8D D8F8FFFF
0041E250 |. 51
OFFSET LOCAL.458
0041E251 |. E8 42F50000
fo.0042D798
0041E256 |. 83C4 08
0041E259 |. 8985 DCF4FFFF
0041E25F |. 68 77874400

|||MOV DWORD PTR SS:[LOCAL.437],0


|||MOV DWORD PTR SS:[LOCAL.436],0
|||MOV DWORD PTR SS:[LOCAL.435],0
|||LEA EAX,[LOCAL.444]
|||MOV DWORD PTR SS:[LOCAL.916],EAX
|||MOV BYTE PTR SS:[LOCAL.1],0E
|||PUSH OFFSET 004497D0

; /Arg3 = A

|||MOV ECX,DWORD PTR SS:[LOCAL.916]


|||PUSH ECX

; |
; |Arg2 =>

|||LEA EDX,[LOCAL.455]
|||PUSH EDX

; |
; |Arg1 =>

|||CALL 0040E9F0

; \SystemIn

|||ADD ESP,0C
|||MOV DWORD PTR SS:[LOCAL.917],EAX
|||MOV EAX,DWORD PTR SS:[LOCAL.917]
|||MOV DWORD PTR SS:[LOCAL.918],EAX
|||MOV BYTE PTR SS:[LOCAL.1],0F
|||MOV BYTE PTR SS:[LOCAL.434+3],20
|||MOV BYTE PTR SS:[LOCAL.456+3],2E
|||PUSH 6
|||LEA ECX,[LOCAL.460]
|||PUSH ECX

; /Arg2 = 6
; |
; |Arg1 =>

|||CALL 0042D798

; \SystemIn

|||ADD ESP,8
|||MOV DWORD PTR SS:[LOCAL.711],EAX
|||CMP DWORD PTR SS:[ARG.1],0
|||JNE SHORT 0041E219
|||MOV DWORD PTR SS:[LOCAL.919],0
|||JMP SHORT 0041E22A
|||MOV EDX,DWORD PTR SS:[ARG.1]
|||MOV EAX,DWORD PTR DS:[EDX]
|||MOV ECX,DWORD PTR SS:[ARG.1]
|||ADD ECX,DWORD PTR DS:[EAX+4]
|||MOV DWORD PTR SS:[LOCAL.919],ECX
|||MOV EDX,DWORD PTR SS:[LOCAL.711]
|||MOV EAX,DWORD PTR DS:[EDX+4]
|||PUSH EAX
|||MOV ECX,DWORD PTR SS:[LOCAL.919]
|||PUSH ECX
|||MOV EDX,DWORD PTR SS:[LOCAL.711]
|||MOV EAX,DWORD PTR DS:[EDX]
|||CALL EAX
|||ADD ESP,8
|||PUSH 23

; /Arg2 = 2

|||LEA ECX,[LOCAL.458]
|||PUSH ECX

; |
; |Arg1 =>

|||CALL 0042D798

; \SystemIn

|||ADD ESP,8
|||MOV DWORD PTR SS:[LOCAL.713],EAX
|||PUSH OFFSET 00448777

0041E264
0041E267
0041E268
0041E26D
0041E270
0041E276
0041E27D
0041E27F
0041E289
0041E28B
0041E291
0041E293
0041E299
0041E29C
0041E2A2
0041E2A8
0041E2AB
0041E2AC
0041E2B2
0041E2B3
0041E2B9
0041E2BB
0041E2BD
0041E2C0
0041E2C6
0041E2CC
0041E2D2
0041E2D4
0041E2DA
0041E2DD
0041E2E3
0041E2E9
0041E2EC
0041E2F2
0041E2F8
0041E2FE
0041E301
0041E308
0041E30A
0041E314
0041E316
0041E31C
0041E31E
0041E324
0041E327
0041E32D
0041E333
0041E336
0041E33C
0041E341
0041E343
0041E349
0041E34C
0041E351
0041E357
0041E35D
0041E35F
0041E365
0041E368
0041E36E

|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.

8B55 08
52
E8 F3C6FEFF
83C4 08
8985 E0F4FFFF
83BD E0F4FFFF
75 0C
C785 A0F1FFFF
EB 17
8B85 E0F4FFFF
8B08
8B95 E0F4FFFF
0351 04
8995 A0F1FFFF
8B85 DCF4FFFF
8B48 04
51
8B95 A0F1FFFF
52
8B85 DCF4FFFF
8B08
FFD1
83C4 08
8A95 E3F8FFFF
8895 D3F4FFFF
8B85 E0F4FFFF
8B08
8B95 E0F4FFFF
0351 04
8995 D4F4FFFF
8B85 D4F4FFFF
8A48 30
888D DBF4FFFF
8B95 D4F4FFFF
8A85 D3F4FFFF
8842 30
83BD E0F4FFFF
75 0C
C785 C8F4FFFF
EB 17
8B8D E0F4FFFF
8B11
8B85 E0F4FFFF
0342 04
8985 C8F4FFFF
8B8D C8F4FFFF
8B51 10
8995 CCF4FFFF
B8 C0010000
F7D0
8B8D C8F4FFFF
2341 10
BA 40000000
81E2 C0010000
81E2 FFFF0000
0BC2
8B8D C8F4FFFF
8941 10
8B95 A8F1FFFF
52

|||MOV EDX,DWORD PTR SS:[ARG.1]


|||PUSH EDX
|||CALL 0040A960
|||ADD ESP,8
|||MOV DWORD PTR SS:[LOCAL.712],EAX
|||CMP DWORD PTR SS:[LOCAL.712],0
|||JNE SHORT 0041E28B
|||MOV DWORD PTR SS:[LOCAL.920],0
|||JMP SHORT 0041E2A2
|||MOV EAX,DWORD PTR SS:[LOCAL.712]
|||MOV ECX,DWORD PTR DS:[EAX]
|||MOV EDX,DWORD PTR SS:[LOCAL.712]
|||ADD EDX,DWORD PTR DS:[ECX+4]
|||MOV DWORD PTR SS:[LOCAL.920],EDX
|||MOV EAX,DWORD PTR SS:[LOCAL.713]
|||MOV ECX,DWORD PTR DS:[EAX+4]
|||PUSH ECX
|||MOV EDX,DWORD PTR SS:[LOCAL.920]
|||PUSH EDX
|||MOV EAX,DWORD PTR SS:[LOCAL.713]
|||MOV ECX,DWORD PTR DS:[EAX]
|||CALL ECX
|||ADD ESP,8
|||MOV DL,BYTE PTR SS:[LOCAL.456+3]
|||MOV BYTE PTR SS:[LOCAL.716+3],DL
|||MOV EAX,DWORD PTR SS:[LOCAL.712]
|||MOV ECX,DWORD PTR DS:[EAX]
|||MOV EDX,DWORD PTR SS:[LOCAL.712]
|||ADD EDX,DWORD PTR DS:[ECX+4]
|||MOV DWORD PTR SS:[LOCAL.715],EDX
|||MOV EAX,DWORD PTR SS:[LOCAL.715]
|||MOV CL,BYTE PTR DS:[EAX+30]
|||MOV BYTE PTR SS:[LOCAL.714+3],CL
|||MOV EDX,DWORD PTR SS:[LOCAL.715]
|||MOV AL,BYTE PTR SS:[LOCAL.716+3]
|||MOV BYTE PTR DS:[EDX+30],AL
|||CMP DWORD PTR SS:[LOCAL.712],0
|||JNE SHORT 0041E316
|||MOV DWORD PTR SS:[LOCAL.718],0
|||JMP SHORT 0041E32D
|||MOV ECX,DWORD PTR SS:[LOCAL.712]
|||MOV EDX,DWORD PTR DS:[ECX]
|||MOV EAX,DWORD PTR SS:[LOCAL.712]
|||ADD EAX,DWORD PTR DS:[EDX+4]
|||MOV DWORD PTR SS:[LOCAL.718],EAX
|||MOV ECX,DWORD PTR SS:[LOCAL.718]
|||MOV EDX,DWORD PTR DS:[ECX+10]
|||MOV DWORD PTR SS:[LOCAL.717],EDX
|||MOV EAX,1C0
|||NOT EAX
|||MOV ECX,DWORD PTR SS:[LOCAL.718]
|||AND EAX,DWORD PTR DS:[ECX+10]
|||MOV EDX,40
|||AND EDX,000001C0
|||AND EDX,0000FFFF
|||OR EAX,EDX
|||MOV ECX,DWORD PTR SS:[LOCAL.718]
|||MOV DWORD PTR DS:[ECX+10],EAX
|||MOV EDX,DWORD PTR SS:[LOCAL.918]
|||PUSH EDX

0041E36F |.
0041E375 |.
0041E376 |.
0041E37B |.
0041E37E |.
0041E384 |.
0041E38B |.
0041E38D |.
0041E397 |.
0041E399 |>
0041E39F |.
0041E3A1 |.
0041E3A7 |.
0041E3AA |.
0041E3B0 |>
0041E3B6 |.
0041E3B9 |.
0041E3BF |.
0041E3C4 |.
0041E3C6 |.
0041E3CC |.
0041E3CF |.
0041E3D4 |.
0041E3DA |.
0041E3E0 |.
0041E3E2 |.
0041E3E8 |.
0041E3EB |.
0041E3F1 |.
0041E3F7 |.
0041E3FD |.
0041E3FF |.
0041E405 |.
0041E408 |.
0041E40E |.
0041E414 |.
0041E417 |.
0041E41D |.
0041E423 |.
0041E429 |.
0041E42C |.
0041E432 |.
0041E433 |.
0041E439 |.
0041E43A |.
0041E43F |.
0041E442 |.
0041E448 |.
A
0041E44A |.
0041E450 |.
fo.0040F5C0
0041E455 |.
0041E45B |.
fo.0040F7C0
0041E460 |.
0041E464 |.
0041E46A |.
fo.0040E780
0041E46F |.

8B85 E0F4FFFF
50
E8 E5CAFEFF
83C4 08
8985 BCF4FFFF
83BD BCF4FFFF
75 0C
C785 C0F4FFFF
EB 17
8B8D BCF4FFFF
8B11
8B85 BCF4FFFF
0342 04
8985 C0F4FFFF
8B8D C0F4FFFF
8B51 10
8995 C4F4FFFF
B8 C0010000
F7D0
8B8D C0F4FFFF
2341 10
BA 80000000
81E2 C0010000
81E2 FFFF0000
0BC2
8B8D C0F4FFFF
8941 10
8A95 3BF9FFFF
8895 B3F4FFFF
8B85 BCF4FFFF
8B08
8B95 BCF4FFFF
0351 04
8995 B4F4FFFF
8B85 B4F4FFFF
8A48 30
888D BBF4FFFF
8B95 B4F4FFFF
8A85 B3F4FFFF
8842 30
8D8D E4FEFFFF
51
8B95 BCF4FFFF
52
E8 21C5FEFF
83C4 08
8985 ACF4FFFF
6A 0A

|||MOV EAX,DWORD PTR SS:[LOCAL.712]


|||PUSH EAX
|||CALL 0040AE60
|||ADD ESP,8
|||MOV DWORD PTR SS:[LOCAL.721],EAX
|||CMP DWORD PTR SS:[LOCAL.721],0
|||JNE SHORT 0041E399
|||MOV DWORD PTR SS:[LOCAL.720],0
|||JMP SHORT 0041E3B0
|||MOV ECX,DWORD PTR SS:[LOCAL.721]
|||MOV EDX,DWORD PTR DS:[ECX]
|||MOV EAX,DWORD PTR SS:[LOCAL.721]
|||ADD EAX,DWORD PTR DS:[EDX+4]
|||MOV DWORD PTR SS:[LOCAL.720],EAX
|||MOV ECX,DWORD PTR SS:[LOCAL.720]
|||MOV EDX,DWORD PTR DS:[ECX+10]
|||MOV DWORD PTR SS:[LOCAL.719],EDX
|||MOV EAX,1C0
|||NOT EAX
|||MOV ECX,DWORD PTR SS:[LOCAL.720]
|||AND EAX,DWORD PTR DS:[ECX+10]
|||MOV EDX,80
|||AND EDX,000001C0
|||AND EDX,0000FFFF
|||OR EAX,EDX
|||MOV ECX,DWORD PTR SS:[LOCAL.720]
|||MOV DWORD PTR DS:[ECX+10],EAX
|||MOV DL,BYTE PTR SS:[LOCAL.434+3]
|||MOV BYTE PTR SS:[LOCAL.724+3],DL
|||MOV EAX,DWORD PTR SS:[LOCAL.721]
|||MOV ECX,DWORD PTR DS:[EAX]
|||MOV EDX,DWORD PTR SS:[LOCAL.721]
|||ADD EDX,DWORD PTR DS:[ECX+4]
|||MOV DWORD PTR SS:[LOCAL.723],EDX
|||MOV EAX,DWORD PTR SS:[LOCAL.723]
|||MOV CL,BYTE PTR DS:[EAX+30]
|||MOV BYTE PTR SS:[LOCAL.722+3],CL
|||MOV EDX,DWORD PTR SS:[LOCAL.723]
|||MOV AL,BYTE PTR SS:[LOCAL.724+3]
|||MOV BYTE PTR DS:[EDX+30],AL
|||LEA ECX,[LOCAL.71]
|||PUSH ECX
|||MOV EDX,DWORD PTR SS:[LOCAL.721]
|||PUSH EDX
|||CALL 0040A960
|||ADD ESP,8
|||MOV DWORD PTR SS:[LOCAL.725],EAX
|||PUSH 0A

; /Arg1 = 0

8B8D ACF4FFFF |||MOV ECX,DWORD PTR SS:[LOCAL.725]


E8 6B11FFFF |||CALL 0040F5C0

; |
; \SystemIn

8B8D ACF4FFFF |||MOV ECX,DWORD PTR SS:[LOCAL.725]


E8 6013FFFF |||CALL 0040F7C0

; [SystemIn

C645 FC 10
|||MOV BYTE PTR SS:[LOCAL.1],10
8D8D E4F8FFFF |||LEA ECX,[LOCAL.455]
E8 1103FFFF |||CALL 0040E780

; [SystemIn

C645 FC 0E

|||MOV BYTE PTR SS:[LOCAL.1],0E

0041E473 |. 6A 00
0041E475 |. 6A 01
0041E477 |. 8D8D E4F8FFFF
0041E47D |. E8 DE16FFFF
fo.0040FB60
0041E482 |. C645 FC 11
0041E486 |. 8D8D 10F9FFFF
0041E48C |. E8 EF02FFFF
fo.0040E780
0041E491 |. C645 FC 0B
0041E495 |. 6A 00
0041E497 |. 6A 01
0041E499 |. 8D8D 10F9FFFF
0041E49F |. E8 BC16FFFF
fo.0040FB60
0041E4A4 |. C785 D0FDFFFF
0041E4AE |. 8D85 D0FDFFFF
0041E4B4 |. 50
=> OFFSET LOCAL.140
0041E4B5 |. 8D8D E4FEFFFF
0041E4BB |. 51
OFFSET LOCAL.71
0041E4BC |. 8D95 E0FEFFFF
0041E4C2 |. 52
OFFSET LOCAL.72
0041E4C3 |. 6A 00
= 0
0041E4C5 |. 68 CC974400
Mfg"
0041E4CA |. 8B85 28FCFFFF
0041E4D0 |. 50
[LOCAL.246]
0041E4D1 |. FF15 04804400
.RegQueryValueExA
0041E4D7 |. 8D8D A3F8FFFF
0041E4DD |. 51
0041E4DE |. 8D95 2CFCFFFF
0041E4E4 |. 52
OFFSET LOCAL.245
0041E4E5 |. 8D8D A4F8FFFF
0041E4EB |. E8 5007FFFF
fo.0040EC40
0041E4F0 |. C785 C0F8FFFF
0041E4FA |. C785 C4F8FFFF
0041E504 |. C785 C8F8FFFF
0041E50E |. 8D85 A4F8FFFF
0041E514 |. 8985 9CF1FFFF
0041E51A |. C645 FC 12
0041E51E |. 68 BC974400
SCII " Manufacturer"
0041E523 |. 8B8D 9CF1FFFF
0041E529 |. 51
[LOCAL.921]
0041E52A |. 8D95 78F8FFFF
0041E530 |. 52
OFFSET LOCAL.482
0041E531 |. E8 BA04FFFF
fo.0040E9F0
0041E536 |. 83C4 0C
0041E539 |. 8985 98F1FFFF

|||PUSH 0
|||PUSH 1
|||LEA ECX,[LOCAL.455]
|||CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

|||MOV BYTE PTR SS:[LOCAL.1],11


|||LEA ECX,[LOCAL.444]
|||CALL 0040E780

; [SystemIn

|||MOV BYTE PTR SS:[LOCAL.1],0B


|||PUSH 0
|||PUSH 1
|||LEA ECX,[LOCAL.444]
|||CALL 0040FB60

;
;
;
;

|||MOV DWORD PTR SS:[LOCAL.140],100


|||LEA EAX,[LOCAL.140]
|||PUSH EAX

; /pDataLen

|||LEA ECX,[LOCAL.71]
|||PUSH ECX

; |
; |pData =>

|||LEA EDX,[LOCAL.72]
|||PUSH EDX

; |
; |pType =>

|||PUSH 0

; |Reserved

|||PUSH OFFSET 004497CC

; |Name = "

|||MOV EAX,DWORD PTR SS:[LOCAL.246]


|||PUSH EAX

; |
; |hKey =>

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

|||CALL DWORD PTR DS:[<&ADVAPI32.RegQuer ; \ADVAPI32


|||LEA ECX,[LOCAL.472+3]
|||PUSH ECX
|||LEA EDX,[LOCAL.245]
|||PUSH EDX

; /Arg2
; |
; |Arg1 =>

|||LEA ECX,[LOCAL.471]
|||CALL 0040EC40

; |
; \SystemIn

|||MOV DWORD PTR SS:[LOCAL.464],0


|||MOV DWORD PTR SS:[LOCAL.463],0
|||MOV DWORD PTR SS:[LOCAL.462],0
|||LEA EAX,[LOCAL.471]
|||MOV DWORD PTR SS:[LOCAL.921],EAX
|||MOV BYTE PTR SS:[LOCAL.1],12
|||PUSH OFFSET 004497BC

; /Arg3 = A

|||MOV ECX,DWORD PTR SS:[LOCAL.921]


|||PUSH ECX

; |
; |Arg2 =>

|||LEA EDX,[LOCAL.482]
|||PUSH EDX

; |
; |Arg1 =>

|||CALL 0040E9F0

; \SystemIn

|||ADD ESP,0C
|||MOV DWORD PTR SS:[LOCAL.922],EAX

0041E53F |. 8B85 98F1FFFF


0041E545 |. 8985 94F1FFFF
0041E54B |. C645 FC 13
0041E54F |. C685 CFF8FFFF
0041E556 |. C685 77F8FFFF
0041E55D |. 6A 06
0041E55F |. 8D8D 64F8FFFF
0041E565 |. 51
OFFSET LOCAL.487
0041E566 |. E8 2DF20000
fo.0042D798
0041E56B |. 83C4 08
0041E56E |. 8985 A8F4FFFF
0041E574 |. 837D 08 00
0041E578 |. 75 0C
0041E57A |. C785 90F1FFFF
0041E584 |. EB 11
0041E586 |> 8B55 08
0041E589 |. 8B02
0041E58B |. 8B4D 08
0041E58E |. 0348 04
0041E591 |. 898D 90F1FFFF
0041E597 |> 8B95 A8F4FFFF
0041E59D |. 8B42 04
0041E5A0 |. 50
0041E5A1 |. 8B8D 90F1FFFF
0041E5A7 |. 51
0041E5A8 |. 8B95 A8F4FFFF
0041E5AE |. 8B02
0041E5B0 |. FFD0
0041E5B2 |. 83C4 08
0041E5B5 |. 6A 23
3
0041E5B7 |. 8D8D 6CF8FFFF
0041E5BD |. 51
OFFSET LOCAL.485
0041E5BE |. E8 D5F10000
fo.0042D798
0041E5C3 |. 83C4 08
0041E5C6 |. 8985 A0F4FFFF
0041E5CC |. 68 77874400
0041E5D1 |. 8B55 08
0041E5D4 |. 52
0041E5D5 |. E8 86C3FEFF
0041E5DA |. 83C4 08
0041E5DD |. 8985 A4F4FFFF
0041E5E3 |. 83BD A4F4FFFF
0041E5EA |. 75 0C
0041E5EC |. C785 8CF1FFFF
0041E5F6 |. EB 17
0041E5F8 |> 8B85 A4F4FFFF
0041E5FE |. 8B08
0041E600 |. 8B95 A4F4FFFF
0041E606 |. 0351 04
0041E609 |. 8995 8CF1FFFF
0041E60F |> 8B85 A0F4FFFF
0041E615 |. 8B48 04
0041E618 |. 51
0041E619 |. 8B95 8CF1FFFF
0041E61F |. 52

|||MOV EAX,DWORD PTR SS:[LOCAL.922]


|||MOV DWORD PTR SS:[LOCAL.923],EAX
|||MOV BYTE PTR SS:[LOCAL.1],13
|||MOV BYTE PTR SS:[LOCAL.461+3],20
|||MOV BYTE PTR SS:[LOCAL.483+3],2E
|||PUSH 6
|||LEA ECX,[LOCAL.487]
|||PUSH ECX

; /Arg2 = 6
; |
; |Arg1 =>

|||CALL 0042D798

; \SystemIn

|||ADD ESP,8
|||MOV DWORD PTR SS:[LOCAL.726],EAX
|||CMP DWORD PTR SS:[ARG.1],0
|||JNE SHORT 0041E586
|||MOV DWORD PTR SS:[LOCAL.924],0
|||JMP SHORT 0041E597
|||MOV EDX,DWORD PTR SS:[ARG.1]
|||MOV EAX,DWORD PTR DS:[EDX]
|||MOV ECX,DWORD PTR SS:[ARG.1]
|||ADD ECX,DWORD PTR DS:[EAX+4]
|||MOV DWORD PTR SS:[LOCAL.924],ECX
|||MOV EDX,DWORD PTR SS:[LOCAL.726]
|||MOV EAX,DWORD PTR DS:[EDX+4]
|||PUSH EAX
|||MOV ECX,DWORD PTR SS:[LOCAL.924]
|||PUSH ECX
|||MOV EDX,DWORD PTR SS:[LOCAL.726]
|||MOV EAX,DWORD PTR DS:[EDX]
|||CALL EAX
|||ADD ESP,8
|||PUSH 23

; /Arg2 = 2

|||LEA ECX,[LOCAL.485]
|||PUSH ECX

; |
; |Arg1 =>

|||CALL 0042D798

; \SystemIn

|||ADD ESP,8
|||MOV DWORD PTR SS:[LOCAL.728],EAX
|||PUSH OFFSET 00448777
|||MOV EDX,DWORD PTR SS:[ARG.1]
|||PUSH EDX
|||CALL 0040A960
|||ADD ESP,8
|||MOV DWORD PTR SS:[LOCAL.727],EAX
|||CMP DWORD PTR SS:[LOCAL.727],0
|||JNE SHORT 0041E5F8
|||MOV DWORD PTR SS:[LOCAL.925],0
|||JMP SHORT 0041E60F
|||MOV EAX,DWORD PTR SS:[LOCAL.727]
|||MOV ECX,DWORD PTR DS:[EAX]
|||MOV EDX,DWORD PTR SS:[LOCAL.727]
|||ADD EDX,DWORD PTR DS:[ECX+4]
|||MOV DWORD PTR SS:[LOCAL.925],EDX
|||MOV EAX,DWORD PTR SS:[LOCAL.728]
|||MOV ECX,DWORD PTR DS:[EAX+4]
|||PUSH ECX
|||MOV EDX,DWORD PTR SS:[LOCAL.925]
|||PUSH EDX

0041E620
0041E626
0041E628
0041E62A
0041E62D
0041E633
0041E639
0041E63F
0041E641
0041E647
0041E64A
0041E650
0041E656
0041E659
0041E65F
0041E665
0041E66B
0041E66E
0041E675
0041E677
0041E681
0041E683
0041E689
0041E68B
0041E691
0041E694
0041E69A
0041E6A0
0041E6A3
0041E6A9
0041E6AE
0041E6B0
0041E6B6
0041E6B9
0041E6BE
0041E6C4
0041E6CA
0041E6CC
0041E6D2
0041E6D5
0041E6DB
0041E6DC
0041E6E2
0041E6E3
0041E6E8
0041E6EB
0041E6F1
0041E6F8
0041E6FA
0041E704
0041E706
0041E70C
0041E70E
0041E714
0041E717
0041E71D
0041E723
0041E726
0041E72C
0041E731

|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|>
|.
|.
|.
|.

8B85 A0F4FFFF
8B08
FFD1
83C4 08
8A95 77F8FFFF
8895 97F4FFFF
8B85 A4F4FFFF
8B08
8B95 A4F4FFFF
0351 04
8995 98F4FFFF
8B85 98F4FFFF
8A48 30
888D 9FF4FFFF
8B95 98F4FFFF
8A85 97F4FFFF
8842 30
83BD A4F4FFFF
75 0C
C785 8CF4FFFF
EB 17
8B8D A4F4FFFF
8B11
8B85 A4F4FFFF
0342 04
8985 8CF4FFFF
8B8D 8CF4FFFF
8B51 10
8995 90F4FFFF
B8 C0010000
F7D0
8B8D 8CF4FFFF
2341 10
BA 40000000
81E2 C0010000
81E2 FFFF0000
0BC2
8B8D 8CF4FFFF
8941 10
8B95 94F1FFFF
52
8B85 A4F4FFFF
50
E8 78C7FEFF
83C4 08
8985 80F4FFFF
83BD 80F4FFFF
75 0C
C785 84F4FFFF
EB 17
8B8D 80F4FFFF
8B11
8B85 80F4FFFF
0342 04
8985 84F4FFFF
8B8D 84F4FFFF
8B51 10
8995 88F4FFFF
B8 C0010000
F7D0

|||MOV EAX,DWORD PTR SS:[LOCAL.728]


|||MOV ECX,DWORD PTR DS:[EAX]
|||CALL ECX
|||ADD ESP,8
|||MOV DL,BYTE PTR SS:[LOCAL.483+3]
|||MOV BYTE PTR SS:[LOCAL.731+3],DL
|||MOV EAX,DWORD PTR SS:[LOCAL.727]
|||MOV ECX,DWORD PTR DS:[EAX]
|||MOV EDX,DWORD PTR SS:[LOCAL.727]
|||ADD EDX,DWORD PTR DS:[ECX+4]
|||MOV DWORD PTR SS:[LOCAL.730],EDX
|||MOV EAX,DWORD PTR SS:[LOCAL.730]
|||MOV CL,BYTE PTR DS:[EAX+30]
|||MOV BYTE PTR SS:[LOCAL.729+3],CL
|||MOV EDX,DWORD PTR SS:[LOCAL.730]
|||MOV AL,BYTE PTR SS:[LOCAL.731+3]
|||MOV BYTE PTR DS:[EDX+30],AL
|||CMP DWORD PTR SS:[LOCAL.727],0
|||JNE SHORT 0041E683
|||MOV DWORD PTR SS:[LOCAL.733],0
|||JMP SHORT 0041E69A
|||MOV ECX,DWORD PTR SS:[LOCAL.727]
|||MOV EDX,DWORD PTR DS:[ECX]
|||MOV EAX,DWORD PTR SS:[LOCAL.727]
|||ADD EAX,DWORD PTR DS:[EDX+4]
|||MOV DWORD PTR SS:[LOCAL.733],EAX
|||MOV ECX,DWORD PTR SS:[LOCAL.733]
|||MOV EDX,DWORD PTR DS:[ECX+10]
|||MOV DWORD PTR SS:[LOCAL.732],EDX
|||MOV EAX,1C0
|||NOT EAX
|||MOV ECX,DWORD PTR SS:[LOCAL.733]
|||AND EAX,DWORD PTR DS:[ECX+10]
|||MOV EDX,40
|||AND EDX,000001C0
|||AND EDX,0000FFFF
|||OR EAX,EDX
|||MOV ECX,DWORD PTR SS:[LOCAL.733]
|||MOV DWORD PTR DS:[ECX+10],EAX
|||MOV EDX,DWORD PTR SS:[LOCAL.923]
|||PUSH EDX
|||MOV EAX,DWORD PTR SS:[LOCAL.727]
|||PUSH EAX
|||CALL 0040AE60
|||ADD ESP,8
|||MOV DWORD PTR SS:[LOCAL.736],EAX
|||CMP DWORD PTR SS:[LOCAL.736],0
|||JNE SHORT 0041E706
|||MOV DWORD PTR SS:[LOCAL.735],0
|||JMP SHORT 0041E71D
|||MOV ECX,DWORD PTR SS:[LOCAL.736]
|||MOV EDX,DWORD PTR DS:[ECX]
|||MOV EAX,DWORD PTR SS:[LOCAL.736]
|||ADD EAX,DWORD PTR DS:[EDX+4]
|||MOV DWORD PTR SS:[LOCAL.735],EAX
|||MOV ECX,DWORD PTR SS:[LOCAL.735]
|||MOV EDX,DWORD PTR DS:[ECX+10]
|||MOV DWORD PTR SS:[LOCAL.734],EDX
|||MOV EAX,1C0
|||NOT EAX

0041E733 |.
0041E739 |.
0041E73C |.
0041E741 |.
0041E747 |.
0041E74D |.
0041E74F |.
0041E755 |.
0041E758 |.
0041E75E |.
0041E764 |.
0041E76A |.
0041E76C |.
0041E772 |.
0041E775 |.
0041E77B |.
0041E781 |.
0041E784 |.
0041E78A |.
0041E790 |.
0041E796 |.
0041E799 |.
0041E79F |.
0041E7A0 |.
0041E7A6 |.
0041E7A7 |.
0041E7AC |.
0041E7AF |.
0041E7B5 |.
A
0041E7B7 |.
0041E7BD |.
fo.0040F5C0
0041E7C2 |.
0041E7C8 |.
fo.0040F7C0
0041E7CD |.
0041E7D1 |.
0041E7D7 |.
fo.0040E780
0041E7DC |.
0041E7E0 |.
0041E7E2 |.
0041E7E4 |.
0041E7EA |.
fo.0040FB60
0041E7EF |.
0041E7F3 |.
0041E7F9 |.
fo.0040E780
0041E7FE |.
0041E802 |.
0041E804 |.
0041E806 |.
0041E80C |.
fo.0040FB60
0041E811 |>
0041E817 |.
[LOCAL.246]
0041E818 |.

8B8D 84F4FFFF
2341 10
BA 80000000
81E2 C0010000
81E2 FFFF0000
0BC2
8B8D 84F4FFFF
8941 10
8A95 CFF8FFFF
8895 77F4FFFF
8B85 80F4FFFF
8B08
8B95 80F4FFFF
0351 04
8995 78F4FFFF
8B85 78F4FFFF
8A48 30
888D 7FF4FFFF
8B95 78F4FFFF
8A85 77F4FFFF
8842 30
8D8D E4FEFFFF
51
8B95 80F4FFFF
52
E8 B4C1FEFF
83C4 08
8985 70F4FFFF
6A 0A

|||MOV ECX,DWORD PTR SS:[LOCAL.735]


|||AND EAX,DWORD PTR DS:[ECX+10]
|||MOV EDX,80
|||AND EDX,000001C0
|||AND EDX,0000FFFF
|||OR EAX,EDX
|||MOV ECX,DWORD PTR SS:[LOCAL.735]
|||MOV DWORD PTR DS:[ECX+10],EAX
|||MOV DL,BYTE PTR SS:[LOCAL.461+3]
|||MOV BYTE PTR SS:[LOCAL.739+3],DL
|||MOV EAX,DWORD PTR SS:[LOCAL.736]
|||MOV ECX,DWORD PTR DS:[EAX]
|||MOV EDX,DWORD PTR SS:[LOCAL.736]
|||ADD EDX,DWORD PTR DS:[ECX+4]
|||MOV DWORD PTR SS:[LOCAL.738],EDX
|||MOV EAX,DWORD PTR SS:[LOCAL.738]
|||MOV CL,BYTE PTR DS:[EAX+30]
|||MOV BYTE PTR SS:[LOCAL.737+3],CL
|||MOV EDX,DWORD PTR SS:[LOCAL.738]
|||MOV AL,BYTE PTR SS:[LOCAL.739+3]
|||MOV BYTE PTR DS:[EDX+30],AL
|||LEA ECX,[LOCAL.71]
|||PUSH ECX
|||MOV EDX,DWORD PTR SS:[LOCAL.736]
|||PUSH EDX
|||CALL 0040A960
|||ADD ESP,8
|||MOV DWORD PTR SS:[LOCAL.740],EAX
|||PUSH 0A

; /Arg1 = 0

8B8D 70F4FFFF |||MOV ECX,DWORD PTR SS:[LOCAL.740]


E8 FE0DFFFF |||CALL 0040F5C0

; |
; \SystemIn

8B8D 70F4FFFF |||MOV ECX,DWORD PTR SS:[LOCAL.740]


E8 F30FFFFF |||CALL 0040F7C0

; [SystemIn

C645 FC 14
|||MOV BYTE PTR SS:[LOCAL.1],14
8D8D 78F8FFFF |||LEA ECX,[LOCAL.482]
E8 A4FFFEFF |||CALL 0040E780

; [SystemIn

C645 FC 12
6A 00
6A 01
8D8D 78F8FFFF
E8 7113FFFF

;
;
;
;

|||MOV BYTE PTR SS:[LOCAL.1],12


|||PUSH 0
|||PUSH 1
|||LEA ECX,[LOCAL.482]
|||CALL 0040FB60

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

C645 FC 15
|||MOV BYTE PTR SS:[LOCAL.1],15
8D8D A4F8FFFF |||LEA ECX,[LOCAL.471]
E8 82FFFEFF |||CALL 0040E780

; [SystemIn

C645 FC 0B
6A 00
6A 01
8D8D A4F8FFFF
E8 4F13FFFF

;
;
;
;

|||MOV BYTE PTR SS:[LOCAL.1],0B


|||PUSH 0
|||PUSH 1
|||LEA ECX,[LOCAL.471]
|||CALL 0040FB60

8B85 28FCFFFF |||MOV EAX,DWORD PTR SS:[LOCAL.246]


50
|||PUSH EAX

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

; /hKey =>

FF15 14804400 |||CALL DWORD PTR DS:[<&ADVAPI32.RegClos ; \ADVAPI32

.RegCloseKey
0041E81E |.^ E9 8BF7FFFF
0041E823 |> 8B8D 30FDFFFF
0041E829 |. 51
[LOCAL.180]
0041E82A |. FF15 14804400
.RegCloseKey
0041E830 |.^ E9 F5F6FFFF
0041E835 |> 8B95 38FDFFFF
0041E83B |. 52
[LOCAL.178]
0041E83C |. FF15 14804400
.RegCloseKey
0041E842 |.^ E9 6EF6FFFF
0041E847 |> 8B45 E8
0041E84A |. 50
[LOCAL.6]
0041E84B |. FF15 14804400
.RegCloseKey
0041E851 |> C645 FC 16
0041E855 |. 8D8D 74FDFFFF
0041E85B |. E8 20FFFEFF
fo.0040E780
0041E860 |. C645 FC 03
0041E864 |. 6A 00
0041E866 |. 6A 01
0041E868 |. 8D8D 74FDFFFF
0041E86E |. E8 ED12FFFF
fo.0040FB60
0041E873 |. C645 FC 17
0041E877 |. 8D8D A4FDFFFF
0041E87D |. E8 FEFEFEFF
fo.0040E780
0041E882 |. C645 FC 02
0041E886 |. 6A 00
0041E888 |. 6A 01
0041E88A |. 8D8D A4FDFFFF
0041E890 |. E8 CB12FFFF
fo.0040FB60
0041E895 |. C745 FC 18000
0041E89C |. 8D8D 4CFDFFFF
0041E8A2 |. E8 D9FEFEFF
fo.0040E780
0041E8A7 |. C745 FC FFFFF
0041E8AE |. 6A 00
0041E8B0 |. 6A 01
0041E8B2 |. 8D8D 4CFDFFFF
0041E8B8 |. E8 A312FFFF
fo.0040FB60
0041E8BD |. E9 73090000
0041E8C2 |> 8D4D E8
0041E8C5 |. 51
=> OFFSET LOCAL.6
0041E8C6 |. 68 19000200
ccess = KEY_READ
0041E8CB |. 6A 00
= 0
0041E8CD |. 68 A8974400
"Config Manager\Enum"
0041E8D2 |. 68 06000080

||\JMP 0041DFAE
||MOV ECX,DWORD PTR SS:[LOCAL.180]
||PUSH ECX

; /hKey =>

||CALL DWORD PTR DS:[<&ADVAPI32.RegClose ; \ADVAPI32


|\JMP 0041DF2A
|MOV EDX,DWORD PTR SS:[LOCAL.178]
|PUSH EDX

; /hKey =>

|CALL DWORD PTR DS:[<&ADVAPI32.RegCloseK ; \ADVAPI32


\JMP 0041DEB5
MOV EAX,DWORD PTR SS:[LOCAL.6]
PUSH EAX

; /hKey =>

CALL DWORD PTR DS:[<&ADVAPI32.RegCloseKe ; \ADVAPI32


MOV BYTE PTR SS:[LOCAL.1],16
LEA ECX,[LOCAL.163]
CALL 0040E780

; [SystemIn

MOV BYTE PTR SS:[LOCAL.1],3


PUSH 0
PUSH 1
LEA ECX,[LOCAL.163]
CALL 0040FB60

;
;
;
;

MOV BYTE PTR SS:[LOCAL.1],17


LEA ECX,[LOCAL.151]
CALL 0040E780

; [SystemIn

MOV BYTE PTR SS:[LOCAL.1],2


PUSH 0
PUSH 1
LEA ECX,[LOCAL.151]
CALL 0040FB60

;
;
;
;

MOV DWORD PTR SS:[LOCAL.1],18


LEA ECX,[LOCAL.173]
CALL 0040E780

; [SystemIn

MOV DWORD PTR SS:[LOCAL.1],-1


PUSH 0
PUSH 1
LEA ECX,[LOCAL.173]
CALL 0040FB60

;
;
;
;

JMP 0041F235
LEA ECX,[LOCAL.6]
PUSH ECX

; /pResult

PUSH 20019

; |DesiredA

PUSH 0

; |Reserved

PUSH OFFSET 004497A8

; |SubKey =

PUSH 80000006

; |hKey = H

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

KEY_DYN_DATA
0041E8D7 |. FF15 08804400
.RegOpenKeyExA
0041E8DD |. 85C0
0041E8DF |. 0F85 50090000
0041E8E5 |. C685 E4FEFFFF
0041E8EC |. C745 EC 00000
0041E8F3 |. EB 09
0041E8F5 |> 8B55 EC
0041E8F8 |. 83C2 01
0041E8FB |. 8955 EC
0041E8FE |> C785 D8FEFFFF
0041E908 |. 8D85 20FCFFFF
0041E90E |. 50
teTime => OFFSET LOCAL.248
0041E90F |. 6A 00
n = NULL
0041E911 |. 6A 00
NULL
0041E913 |. 6A 00
= 0
0041E915 |. 8D8D D8FEFFFF
0041E91B |. 51
=> OFFSET LOCAL.74
0041E91C |. 8D95 D4FDFFFF
0041E922 |. 52
OFFSET LOCAL.139
0041E923 |. 8B45 EC
0041E926 |. 50
[LOCAL.5]
0041E927 |. 8B4D E8
0041E92A |. 51
[LOCAL.6]
0041E92B |. FF15 0C804400
.RegEnumKeyExA
0041E931 |. 85C0
0041E933 |. 0F85 F2080000
0041E939 |. 8D95 1CFCFFFF
0041E93F |. 52
=> OFFSET LOCAL.249
0041E940 |. 68 19000200
ccess = KEY_READ
0041E945 |. 6A 00
= 0
0041E947 |. 8D85 D4FDFFFF
0041E94D |. 50
> OFFSET LOCAL.139
0041E94E |. 8B4D E8
0041E951 |. 51
[LOCAL.6]
0041E952 |. FF15 08804400
.RegOpenKeyExA
0041E958 |. 85C0
0041E95A |. 75 40
0041E95C |. C785 D0FDFFFF
0041E966 |. 8D95 D0FDFFFF
0041E96C |. 52
=> OFFSET LOCAL.140
0041E96D |. 8D85 E4FEFFFF
0041E973 |. 50

CALL DWORD PTR DS:[<&ADVAPI32.RegOpenKey ; \ADVAPI32


TEST EAX,EAX
JNE 0041F235
MOV BYTE PTR SS:[LOCAL.71],0
MOV DWORD PTR SS:[LOCAL.5],0
JMP SHORT 0041E8FE
/MOV EDX,DWORD PTR SS:[LOCAL.5]
|ADD EDX,1
|MOV DWORD PTR SS:[LOCAL.5],EDX
|MOV DWORD PTR SS:[LOCAL.74],100
|LEA EAX,[LOCAL.248]
|PUSH EAX

; /pLastWri

|PUSH 0

; |pClassLe

|PUSH 0

; |Class =

|PUSH 0

; |Reserved

|LEA ECX,[LOCAL.74]
|PUSH ECX

; |
; |pNameLen

|LEA EDX,[LOCAL.139]
|PUSH EDX

; |
; |Name =>

|MOV EAX,DWORD PTR SS:[LOCAL.5]


|PUSH EAX

; |
; |Index =>

|MOV ECX,DWORD PTR SS:[LOCAL.6]


|PUSH ECX

; |
; |hKey =>

|CALL DWORD PTR DS:[<&ADVAPI32.RegEnumKe ; \ADVAPI32


|TEST EAX,EAX
|JNE 0041F22B
|LEA EDX,[LOCAL.249]
|PUSH EDX

; /pResult

|PUSH 20019

; |DesiredA

|PUSH 0

; |Reserved

|LEA EAX,[LOCAL.139]
|PUSH EAX

; |
; |SubKey =

|MOV ECX,DWORD PTR SS:[LOCAL.6]


|PUSH ECX

; |
; |hKey =>

|CALL DWORD PTR DS:[<&ADVAPI32.RegOpenKe ; \ADVAPI32


|TEST EAX,EAX
|JNE SHORT 0041E99C
|MOV DWORD PTR SS:[LOCAL.140],100
|LEA EDX,[LOCAL.140]
|PUSH EDX

; /pDataLen

|LEA EAX,[LOCAL.71]
|PUSH EAX

; |
; |pData =>

OFFSET LOCAL.71
0041E974 |. 8D8D E0FEFFFF
0041E97A |. 51
OFFSET LOCAL.72
0041E97B |. 6A 00
= 0
0041E97D |. 68 9C974400
HardWareKey"
0041E982 |. 8B95 1CFCFFFF
0041E988 |. 52
[LOCAL.249]
0041E989 |. FF15 04804400
.RegQueryValueExA
0041E98F |. 8B85 1CFCFFFF
0041E995 |. 50
[LOCAL.249]
0041E996 |. FF15 14804400
.RegCloseKey
0041E99C |> 8D8D 37F8FFFF
0041E9A2 |. 51
0041E9A3 |. 68 94974400
SCII "Enum\"
0041E9A8 |. 8D8D 38F8FFFF
0041E9AE |. E8 8D02FFFF
fo.0040EC40
0041E9B3 |. C785 54F8FFFF
0041E9BD |. C785 58F8FFFF
0041E9C7 |. C785 5CF8FFFF
0041E9D1 |. 8D95 38F8FFFF
0041E9D7 |. 8995 88F1FFFF
0041E9DD |. C745 FC 19000
0041E9E4 |. 8D85 E4FEFFFF
0041E9EA |. 50
OFFSET LOCAL.71
0041E9EB |. 8B8D 88F1FFFF
0041E9F1 |. 51
[LOCAL.926]
0041E9F2 |. 8D95 0CF8FFFF
0041E9F8 |. 52
OFFSET LOCAL.509
0041E9F9 |. E8 F2FFFEFF
fo.0040E9F0
0041E9FE |. 83C4 0C
0041EA01 |. 8985 6CF4FFFF
0041EA07 |. 8B85 6CF4FFFF
0041EA0D |. 8378 18 10
0041EA11 |. 72 11
0041EA13 |. 8B8D 6CF4FFFF
0041EA19 |. 8B51 04
0041EA1C |. 8995 84F1FFFF
0041EA22 |. EB 0F
0041EA24 |> 8B85 6CF4FFFF
0041EA2A |. 83C0 04
0041EA2D |. 8985 84F1FFFF
0041EA33 |> 8D8D 1CFCFFFF
0041EA39 |. 51
=> OFFSET LOCAL.249
0041EA3A |. 68 19000200
ccess = KEY_READ
0041EA3F |. 6A 00

|LEA ECX,[LOCAL.72]
|PUSH ECX

; |
; |pType =>

|PUSH 0

; |Reserved

|PUSH OFFSET 0044979C

; |Name = "

|MOV EDX,DWORD PTR SS:[LOCAL.249]


|PUSH EDX

; |
; |hKey =>

|CALL DWORD PTR DS:[<&ADVAPI32.RegQueryV ; \ADVAPI32


|MOV EAX,DWORD PTR SS:[LOCAL.249]
|PUSH EAX

; /hKey =>

|CALL DWORD PTR DS:[<&ADVAPI32.RegCloseK ; \ADVAPI32


|LEA ECX,[LOCAL.499+3]
|PUSH ECX
|PUSH OFFSET 00449794

; /Arg2
; |Arg1 = A

|LEA ECX,[LOCAL.498]
|CALL 0040EC40

; |
; \SystemIn

|MOV DWORD PTR SS:[LOCAL.491],0


|MOV DWORD PTR SS:[LOCAL.490],0
|MOV DWORD PTR SS:[LOCAL.489],0
|LEA EDX,[LOCAL.498]
|MOV DWORD PTR SS:[LOCAL.926],EDX
|MOV DWORD PTR SS:[LOCAL.1],19
|LEA EAX,[LOCAL.71]
|PUSH EAX

; /Arg3 =>

|MOV ECX,DWORD PTR SS:[LOCAL.926]


|PUSH ECX

; |
; |Arg2 =>

|LEA EDX,[LOCAL.509]
|PUSH EDX

; |
; |Arg1 =>

|CALL 0040E9F0

; \SystemIn

|ADD ESP,0C
|MOV DWORD PTR SS:[LOCAL.741],EAX
|MOV EAX,DWORD PTR SS:[LOCAL.741]
|CMP DWORD PTR DS:[EAX+18],10
|JB SHORT 0041EA24
|MOV ECX,DWORD PTR SS:[LOCAL.741]
|MOV EDX,DWORD PTR DS:[ECX+4]
|MOV DWORD PTR SS:[LOCAL.927],EDX
|JMP SHORT 0041EA33
|MOV EAX,DWORD PTR SS:[LOCAL.741]
|ADD EAX,4
|MOV DWORD PTR SS:[LOCAL.927],EAX
|LEA ECX,[LOCAL.249]
|PUSH ECX

; /pResult

|PUSH 20019

; |DesiredA

|PUSH 0

; |Reserved

= 0
0041EA41 |. 8B95 84F1FFFF
0041EA47 |. 52
> [LOCAL.927]
0041EA48 |. 68 02000080
KEY_LOCAL_MACHINE
0041EA4D |. FF15 08804400
.RegOpenKeyExA
0041EA53 |. F7D8
EAX to boolean
0041EA55 |. 1BC0
0041EA57 |. F7D8
0041EA59 |. 8885 63F8FFFF
0041EA5F |. C645 FC 1A
0041EA63 |. 8D8D 0CF8FFFF
0041EA69 |. E8 12FDFEFF
fo.0040E780
0041EA6E |. C645 FC 19
0041EA72 |. 6A 00
0041EA74 |. 6A 01
0041EA76 |. 8D8D 0CF8FFFF
0041EA7C |. E8 DF10FFFF
fo.0040FB60
0041EA81 |. C745 FC 1B000
0041EA88 |. 8D8D 38F8FFFF
0041EA8E |. E8 EDFCFEFF
fo.0040E780
0041EA93 |. C745 FC FFFFF
0041EA9A |. 6A 00
0041EA9C |. 6A 01
0041EA9E |. 8D8D 38F8FFFF
0041EAA4 |. E8 B710FFFF
fo.0040FB60
0041EAA9 |. 0FB685 63F8FF
0041EAB0 |. 85C0
0041EAB2 |. 74 05
0041EAB4 |.^ E9 3CFEFFFF
0041EAB9 |> C785 D0FDFFFF
0041EAC3 |. 8D8D D0FDFFFF
0041EAC9 |. 51
=> OFFSET LOCAL.140
0041EACA |. 8D95 E4FEFFFF
0041EAD0 |. 52
OFFSET LOCAL.71
0041EAD1 |. 8D85 E0FEFFFF
0041EAD7 |. 50
OFFSET LOCAL.72
0041EAD8 |. 6A 00
= 0
0041EADA |. 68 1C8A4400
Class"
0041EADF |. 8B8D 1CFCFFFF
0041EAE5 |. 51
[LOCAL.249]
0041EAE6 |. FF15 04804400
.RegQueryValueExA
0041EAEC |. 85C0
0041EAEE |. 0F85 25070000
0041EAF4 |. 83BD E0FEFFFF
0041EAFB |. 0F85 18070000

|MOV EDX,DWORD PTR SS:[LOCAL.927]


|PUSH EDX

; |
; |SubKey =

|PUSH 80000002

; |hKey = H

|CALL DWORD PTR DS:[<&ADVAPI32.RegOpenKe ; \ADVAPI32


|NEG EAX

; Converts

|SBB EAX,EAX
|NEG EAX
|MOV BYTE PTR SS:[LOCAL.488+3],AL
|MOV BYTE PTR SS:[LOCAL.1],1A
|LEA ECX,[LOCAL.509]
|CALL 0040E780

; [SystemIn

|MOV BYTE PTR SS:[LOCAL.1],19


|PUSH 0
|PUSH 1
|LEA ECX,[LOCAL.509]
|CALL 0040FB60

;
;
;
;

|MOV DWORD PTR SS:[LOCAL.1],1B


|LEA ECX,[LOCAL.498]
|CALL 0040E780

; [SystemIn

|MOV DWORD PTR SS:[LOCAL.1],-1


|PUSH 0
|PUSH 1
|LEA ECX,[LOCAL.498]
|CALL 0040FB60

;
;
;
;

|MOVZX EAX,BYTE PTR SS:[LOCAL.488+3]


|TEST EAX,EAX
|JE SHORT 0041EAB9
|JMP 0041E8F5
|MOV DWORD PTR SS:[LOCAL.140],100
|LEA ECX,[LOCAL.140]
|PUSH ECX

; /pDataLen

|LEA EDX,[LOCAL.71]
|PUSH EDX

; |
; |pData =>

|LEA EAX,[LOCAL.72]
|PUSH EAX

; |
; |pType =>

|PUSH 0

; |Reserved

|PUSH OFFSET 00448A1C

; |Name = "

|MOV ECX,DWORD PTR SS:[LOCAL.249]


|PUSH ECX

; |
; |hKey =>

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

|CALL DWORD PTR DS:[<&ADVAPI32.RegQueryV ; \ADVAPI32


|TEST EAX,EAX
|JNE 0041F219
|CMP DWORD PTR SS:[LOCAL.72],1
|JNE 0041F219

0041EB01 |. 68 F4974400
SCII "Monitor"
0041EB06 |. 8D95 E4FEFFFF
0041EB0C |. 52
OFFSET LOCAL.71
0041EB0D |. E8 AE370000
fo.004222C0
0041EB12 |. 83C4 08
0041EB15 |. 85C0
0041EB17 |. 74 1C
0041EB19 |. 68 EC974400
SCII "Display"
0041EB1E |. 8D85 E4FEFFFF
0041EB24 |. 50
OFFSET LOCAL.71
0041EB25 |. E8 96370000
fo.004222C0
0041EB2A |. 83C4 08
0041EB2D |. 85C0
0041EB2F |. 0F85 E4060000
0041EB35 |> C785 D0FDFFFF
0041EB3F |. 8D8D D0FDFFFF
0041EB45 |. 51
=> OFFSET LOCAL.140
0041EB46 |. 8D95 1CFBFFFF
0041EB4C |. 52
OFFSET LOCAL.313
0041EB4D |. 8D85 E0FEFFFF
0041EB53 |. 50
OFFSET LOCAL.72
0041EB54 |. 6A 00
= 0
0041EB56 |. 68 D8974400
DeviceDesc"
0041EB5B |. 8B8D 1CFCFFFF
0041EB61 |. 51
[LOCAL.249]
0041EB62 |. FF15 04804400
.RegQueryValueExA
0041EB68 |. 8D95 DFF7FFFF
0041EB6E |. 52
0041EB6F |. 8D85 E4FEFFFF
0041EB75 |. 50
OFFSET LOCAL.71
0041EB76 |. 8D8D E0F7FFFF
0041EB7C |. E8 BF00FFFF
fo.0040EC40
0041EB81 |. C785 FCF7FFFF
0041EB8B |. C785 00F8FFFF
0041EB95 |. C785 04F8FFFF
0041EB9F |. 8D8D E0F7FFFF
0041EBA5 |. 898D 80F1FFFF
0041EBAB |. C745 FC 1C000
0041EBB2 |. 68 D0974400
SCII " Device"
0041EBB7 |. 8B95 80F1FFFF
0041EBBD |. 52
[LOCAL.928]
0041EBBE |. 8D85 B4F7FFFF
0041EBC4 |. 50

|PUSH OFFSET 004497F4

; /Arg2 = A

|LEA EDX,[LOCAL.71]
|PUSH EDX

; |
; |Arg1 =>

|CALL 004222C0

; \SystemIn

|ADD ESP,8
|TEST EAX,EAX
|JE SHORT 0041EB35
|PUSH OFFSET 004497EC

; /Arg2 = A

|LEA EAX,[LOCAL.71]
|PUSH EAX

; |
; |Arg1 =>

|CALL 004222C0

; \SystemIn

|ADD ESP,8
|TEST EAX,EAX
|JNE 0041F219
|MOV DWORD PTR SS:[LOCAL.140],100
|LEA ECX,[LOCAL.140]
|PUSH ECX

; /pDataLen

|LEA EDX,[LOCAL.313]
|PUSH EDX

; |
; |pData =>

|LEA EAX,[LOCAL.72]
|PUSH EAX

; |
; |pType =>

|PUSH 0

; |Reserved

|PUSH OFFSET 004497D8

; |Name = "

|MOV ECX,DWORD PTR SS:[LOCAL.249]


|PUSH ECX

; |
; |hKey =>

|CALL DWORD PTR DS:[<&ADVAPI32.RegQueryV ; \ADVAPI32


|LEA EDX,[LOCAL.521+3]
|PUSH EDX
|LEA EAX,[LOCAL.71]
|PUSH EAX

; /Arg2
; |
; |Arg1 =>

|LEA ECX,[LOCAL.520]
|CALL 0040EC40

; |
; \SystemIn

|MOV DWORD PTR SS:[LOCAL.513],0


|MOV DWORD PTR SS:[LOCAL.512],0
|MOV DWORD PTR SS:[LOCAL.511],0
|LEA ECX,[LOCAL.520]
|MOV DWORD PTR SS:[LOCAL.928],ECX
|MOV DWORD PTR SS:[LOCAL.1],1C
|PUSH OFFSET 004497D0

; /Arg3 = A

|MOV EDX,DWORD PTR SS:[LOCAL.928]


|PUSH EDX

; |
; |Arg2 =>

|LEA EAX,[LOCAL.531]
|PUSH EAX

; |
; |Arg1 =>

OFFSET LOCAL.531
0041EBC5 |. E8 26FEFEFF
fo.0040E9F0
0041EBCA |. 83C4 0C
0041EBCD |. 8985 7CF1FFFF
0041EBD3 |. 8B8D 7CF1FFFF
0041EBD9 |. 898D 78F1FFFF
0041EBDF |. C645 FC 1D
0041EBE3 |. C685 0BF8FFFF
0041EBEA |. C685 B3F7FFFF
0041EBF1 |. 6A 06
0041EBF3 |. 8D95 A0F7FFFF
0041EBF9 |. 52
OFFSET LOCAL.536
0041EBFA |. E8 99EB0000
fo.0042D798
0041EBFF |. 83C4 08
0041EC02 |. 8985 48F4FFFF
0041EC08 |. 837D 08 00
0041EC0C |. 75 0C
0041EC0E |. C785 74F1FFFF
0041EC18 |. EB 11
0041EC1A |> 8B45 08
0041EC1D |. 8B08
0041EC1F |. 8B55 08
0041EC22 |. 0351 04
0041EC25 |. 8995 74F1FFFF
0041EC2B |> 8B85 48F4FFFF
0041EC31 |. 8B48 04
0041EC34 |. 51
0041EC35 |. 8B95 74F1FFFF
0041EC3B |. 52
0041EC3C |. 8B85 48F4FFFF
0041EC42 |. 8B08
0041EC44 |. FFD1
0041EC46 |. 83C4 08
0041EC49 |. 6A 23
3
0041EC4B |. 8D95 A8F7FFFF
0041EC51 |. 52
OFFSET LOCAL.534
0041EC52 |. E8 41EB0000
fo.0042D798
0041EC57 |. 83C4 08
0041EC5A |. 8985 40F4FFFF
0041EC60 |. 68 77874400
0041EC65 |. 8B45 08
0041EC68 |. 50
0041EC69 |. E8 F2BCFEFF
0041EC6E |. 83C4 08
0041EC71 |. 8985 44F4FFFF
0041EC77 |. 83BD 44F4FFFF
0041EC7E |. 75 0C
0041EC80 |. C785 70F1FFFF
0041EC8A |. EB 17
0041EC8C |> 8B8D 44F4FFFF
0041EC92 |. 8B11
0041EC94 |. 8B85 44F4FFFF
0041EC9A |. 0342 04
0041EC9D |. 8985 70F1FFFF

|CALL 0040E9F0

; \SystemIn

|ADD ESP,0C
|MOV DWORD PTR SS:[LOCAL.929],EAX
|MOV ECX,DWORD PTR SS:[LOCAL.929]
|MOV DWORD PTR SS:[LOCAL.930],ECX
|MOV BYTE PTR SS:[LOCAL.1],1D
|MOV BYTE PTR SS:[LOCAL.510+3],20
|MOV BYTE PTR SS:[LOCAL.532+3],2E
|PUSH 6
|LEA EDX,[LOCAL.536]
|PUSH EDX

; /Arg2 = 6
; |
; |Arg1 =>

|CALL 0042D798

; \SystemIn

|ADD ESP,8
|MOV DWORD PTR SS:[LOCAL.750],EAX
|CMP DWORD PTR SS:[ARG.1],0
|JNE SHORT 0041EC1A
|MOV DWORD PTR SS:[LOCAL.931],0
|JMP SHORT 0041EC2B
|MOV EAX,DWORD PTR SS:[ARG.1]
|MOV ECX,DWORD PTR DS:[EAX]
|MOV EDX,DWORD PTR SS:[ARG.1]
|ADD EDX,DWORD PTR DS:[ECX+4]
|MOV DWORD PTR SS:[LOCAL.931],EDX
|MOV EAX,DWORD PTR SS:[LOCAL.750]
|MOV ECX,DWORD PTR DS:[EAX+4]
|PUSH ECX
|MOV EDX,DWORD PTR SS:[LOCAL.931]
|PUSH EDX
|MOV EAX,DWORD PTR SS:[LOCAL.750]
|MOV ECX,DWORD PTR DS:[EAX]
|CALL ECX
|ADD ESP,8
|PUSH 23

; /Arg2 = 2

|LEA EDX,[LOCAL.534]
|PUSH EDX

; |
; |Arg1 =>

|CALL 0042D798

; \SystemIn

|ADD ESP,8
|MOV DWORD PTR SS:[LOCAL.752],EAX
|PUSH OFFSET 00448777
|MOV EAX,DWORD PTR SS:[ARG.1]
|PUSH EAX
|CALL 0040A960
|ADD ESP,8
|MOV DWORD PTR SS:[LOCAL.751],EAX
|CMP DWORD PTR SS:[LOCAL.751],0
|JNE SHORT 0041EC8C
|MOV DWORD PTR SS:[LOCAL.932],0
|JMP SHORT 0041ECA3
|MOV ECX,DWORD PTR SS:[LOCAL.751]
|MOV EDX,DWORD PTR DS:[ECX]
|MOV EAX,DWORD PTR SS:[LOCAL.751]
|ADD EAX,DWORD PTR DS:[EDX+4]
|MOV DWORD PTR SS:[LOCAL.932],EAX

0041ECA3
0041ECA9
0041ECAC
0041ECAD
0041ECB3
0041ECB4
0041ECBA
0041ECBC
0041ECBE
0041ECC1
0041ECC7
0041ECCD
0041ECD3
0041ECD5
0041ECDB
0041ECDE
0041ECE4
0041ECEA
0041ECED
0041ECF3
0041ECF9
0041ECFF
0041ED02
0041ED09
0041ED0B
0041ED15
0041ED17
0041ED1D
0041ED1F
0041ED25
0041ED28
0041ED2E
0041ED34
0041ED37
0041ED3D
0041ED42
0041ED44
0041ED4A
0041ED4D
0041ED52
0041ED57
0041ED5C
0041ED5E
0041ED64
0041ED67
0041ED6D
0041ED6E
0041ED74
0041ED75
0041ED7A
0041ED7D
0041ED83
0041ED8A
0041ED8C
0041ED96
0041ED98
0041ED9E
0041EDA0
0041EDA6
0041EDA9

|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.

8B8D 40F4FFFF
8B51 04
52
8B85 70F1FFFF
50
8B8D 40F4FFFF
8B11
FFD2
83C4 08
8A85 B3F7FFFF
8885 37F4FFFF
8B8D 44F4FFFF
8B11
8B85 44F4FFFF
0342 04
8985 38F4FFFF
8B8D 38F4FFFF
8A51 30
8895 3FF4FFFF
8B85 38F4FFFF
8A8D 37F4FFFF
8848 30
83BD 44F4FFFF
75 0C
C785 2CF4FFFF
EB 17
8B95 44F4FFFF
8B02
8B8D 44F4FFFF
0348 04
898D 2CF4FFFF
8B95 2CF4FFFF
8B42 10
8985 30F4FFFF
B9 C0010000
F7D1
8B95 2CF4FFFF
234A 10
B8 40000000
25 C0010000
25 FFFF0000
0BC8
8B95 2CF4FFFF
894A 10
8B85 78F1FFFF
50
8B8D 44F4FFFF
51
E8 E6C0FEFF
83C4 08
8985 20F4FFFF
83BD 20F4FFFF
75 0C
C785 24F4FFFF
EB 17
8B95 20F4FFFF
8B02
8B8D 20F4FFFF
0348 04
898D 24F4FFFF

|MOV ECX,DWORD PTR SS:[LOCAL.752]


|MOV EDX,DWORD PTR DS:[ECX+4]
|PUSH EDX
|MOV EAX,DWORD PTR SS:[LOCAL.932]
|PUSH EAX
|MOV ECX,DWORD PTR SS:[LOCAL.752]
|MOV EDX,DWORD PTR DS:[ECX]
|CALL EDX
|ADD ESP,8
|MOV AL,BYTE PTR SS:[LOCAL.532+3]
|MOV BYTE PTR SS:[LOCAL.755+3],AL
|MOV ECX,DWORD PTR SS:[LOCAL.751]
|MOV EDX,DWORD PTR DS:[ECX]
|MOV EAX,DWORD PTR SS:[LOCAL.751]
|ADD EAX,DWORD PTR DS:[EDX+4]
|MOV DWORD PTR SS:[LOCAL.754],EAX
|MOV ECX,DWORD PTR SS:[LOCAL.754]
|MOV DL,BYTE PTR DS:[ECX+30]
|MOV BYTE PTR SS:[LOCAL.753+3],DL
|MOV EAX,DWORD PTR SS:[LOCAL.754]
|MOV CL,BYTE PTR SS:[LOCAL.755+3]
|MOV BYTE PTR DS:[EAX+30],CL
|CMP DWORD PTR SS:[LOCAL.751],0
|JNE SHORT 0041ED17
|MOV DWORD PTR SS:[LOCAL.757],0
|JMP SHORT 0041ED2E
|MOV EDX,DWORD PTR SS:[LOCAL.751]
|MOV EAX,DWORD PTR DS:[EDX]
|MOV ECX,DWORD PTR SS:[LOCAL.751]
|ADD ECX,DWORD PTR DS:[EAX+4]
|MOV DWORD PTR SS:[LOCAL.757],ECX
|MOV EDX,DWORD PTR SS:[LOCAL.757]
|MOV EAX,DWORD PTR DS:[EDX+10]
|MOV DWORD PTR SS:[LOCAL.756],EAX
|MOV ECX,1C0
|NOT ECX
|MOV EDX,DWORD PTR SS:[LOCAL.757]
|AND ECX,DWORD PTR DS:[EDX+10]
|MOV EAX,40
|AND EAX,000001C0
|AND EAX,0000FFFF
|OR ECX,EAX
|MOV EDX,DWORD PTR SS:[LOCAL.757]
|MOV DWORD PTR DS:[EDX+10],ECX
|MOV EAX,DWORD PTR SS:[LOCAL.930]
|PUSH EAX
|MOV ECX,DWORD PTR SS:[LOCAL.751]
|PUSH ECX
|CALL 0040AE60
|ADD ESP,8
|MOV DWORD PTR SS:[LOCAL.760],EAX
|CMP DWORD PTR SS:[LOCAL.760],0
|JNE SHORT 0041ED98
|MOV DWORD PTR SS:[LOCAL.759],0
|JMP SHORT 0041EDAF
|MOV EDX,DWORD PTR SS:[LOCAL.760]
|MOV EAX,DWORD PTR DS:[EDX]
|MOV ECX,DWORD PTR SS:[LOCAL.760]
|ADD ECX,DWORD PTR DS:[EAX+4]
|MOV DWORD PTR SS:[LOCAL.759],ECX

0041EDAF |>
0041EDB5 |.
0041EDB8 |.
0041EDBE |.
0041EDC3 |.
0041EDC5 |.
0041EDCB |.
0041EDCE |.
0041EDD3 |.
0041EDD8 |.
0041EDDD |.
0041EDDF |.
0041EDE5 |.
0041EDE8 |.
0041EDEE |.
0041EDF4 |.
0041EDFA |.
0041EDFC |.
0041EE02 |.
0041EE05 |.
0041EE0B |.
0041EE11 |.
0041EE14 |.
0041EE1A |.
0041EE20 |.
0041EE26 |.
0041EE29 |.
0041EE2F |.
0041EE30 |.
0041EE36 |.
0041EE37 |.
0041EE3C |.
0041EE3F |.
0041EE45 |.
A
0041EE47 |.
0041EE4D |.
fo.0040F5C0
0041EE52 |.
0041EE58 |.
fo.0040F7C0
0041EE5D |.
0041EE61 |.
0041EE67 |.
fo.0040E780
0041EE6C |.
0041EE70 |.
0041EE72 |.
0041EE74 |.
0041EE7A |.
fo.0040FB60
0041EE7F |.
0041EE86 |.
0041EE8C |.
fo.0040E780
0041EE91 |.
0041EE98 |.
0041EE9A |.
0041EE9C |.
0041EEA2 |.

8B95 24F4FFFF
8B42 10
8985 28F4FFFF
B9 C0010000
F7D1
8B95 24F4FFFF
234A 10
B8 80000000
25 C0010000
25 FFFF0000
0BC8
8B95 24F4FFFF
894A 10
8A85 0BF8FFFF
8885 17F4FFFF
8B8D 20F4FFFF
8B11
8B85 20F4FFFF
0342 04
8985 18F4FFFF
8B8D 18F4FFFF
8A51 30
8895 1FF4FFFF
8B85 18F4FFFF
8A8D 17F4FFFF
8848 30
8D95 1CFBFFFF
52
8B85 20F4FFFF
50
E8 24BBFEFF
83C4 08
8985 10F4FFFF
6A 0A

|MOV EDX,DWORD PTR SS:[LOCAL.759]


|MOV EAX,DWORD PTR DS:[EDX+10]
|MOV DWORD PTR SS:[LOCAL.758],EAX
|MOV ECX,1C0
|NOT ECX
|MOV EDX,DWORD PTR SS:[LOCAL.759]
|AND ECX,DWORD PTR DS:[EDX+10]
|MOV EAX,80
|AND EAX,000001C0
|AND EAX,0000FFFF
|OR ECX,EAX
|MOV EDX,DWORD PTR SS:[LOCAL.759]
|MOV DWORD PTR DS:[EDX+10],ECX
|MOV AL,BYTE PTR SS:[LOCAL.510+3]
|MOV BYTE PTR SS:[LOCAL.763+3],AL
|MOV ECX,DWORD PTR SS:[LOCAL.760]
|MOV EDX,DWORD PTR DS:[ECX]
|MOV EAX,DWORD PTR SS:[LOCAL.760]
|ADD EAX,DWORD PTR DS:[EDX+4]
|MOV DWORD PTR SS:[LOCAL.762],EAX
|MOV ECX,DWORD PTR SS:[LOCAL.762]
|MOV DL,BYTE PTR DS:[ECX+30]
|MOV BYTE PTR SS:[LOCAL.761+3],DL
|MOV EAX,DWORD PTR SS:[LOCAL.762]
|MOV CL,BYTE PTR SS:[LOCAL.763+3]
|MOV BYTE PTR DS:[EAX+30],CL
|LEA EDX,[LOCAL.313]
|PUSH EDX
|MOV EAX,DWORD PTR SS:[LOCAL.760]
|PUSH EAX
|CALL 0040A960
|ADD ESP,8
|MOV DWORD PTR SS:[LOCAL.764],EAX
|PUSH 0A

; /Arg1 = 0

8B8D 10F4FFFF |MOV ECX,DWORD PTR SS:[LOCAL.764]


E8 6E07FFFF |CALL 0040F5C0

; |
; \SystemIn

8B8D 10F4FFFF |MOV ECX,DWORD PTR SS:[LOCAL.764]


E8 6309FFFF |CALL 0040F7C0

; [SystemIn

C645 FC 1E
|MOV BYTE PTR SS:[LOCAL.1],1E
8D8D B4F7FFFF |LEA ECX,[LOCAL.531]
E8 14F9FEFF |CALL 0040E780

; [SystemIn

C645 FC 1C
6A 00
6A 01
8D8D B4F7FFFF
E8 E10CFFFF

;
;
;
;

|MOV BYTE PTR SS:[LOCAL.1],1C


|PUSH 0
|PUSH 1
|LEA ECX,[LOCAL.531]
|CALL 0040FB60

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

C745 FC 1F000 |MOV DWORD PTR SS:[LOCAL.1],1F


8D8D E0F7FFFF |LEA ECX,[LOCAL.520]
E8 EFF8FEFF |CALL 0040E780

; [SystemIn

C745 FC FFFFF
6A 00
6A 01
8D8D E0F7FFFF
E8 B90CFFFF

;
;
;
;

|MOV DWORD PTR SS:[LOCAL.1],-1


|PUSH 0
|PUSH 1
|LEA ECX,[LOCAL.520]
|CALL 0040FB60

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

fo.0040FB60
0041EEA7 |. C785 D0FDFFFF
0041EEB1 |. 8D8D D0FDFFFF
0041EEB7 |. 51
=> OFFSET LOCAL.140
0041EEB8 |. 8D95 1CFBFFFF
0041EEBE |. 52
OFFSET LOCAL.313
0041EEBF |. 8D85 E0FEFFFF
0041EEC5 |. 50
OFFSET LOCAL.72
0041EEC6 |. 6A 00
= 0
0041EEC8 |. 68 CC974400
Mfg"
0041EECD |. 8B8D 1CFCFFFF
0041EED3 |. 51
[LOCAL.249]
0041EED4 |. FF15 04804400
.RegQueryValueExA
0041EEDA |. 8D95 73F7FFFF
0041EEE0 |. 52
0041EEE1 |. 8D85 E4FEFFFF
0041EEE7 |. 50
OFFSET LOCAL.71
0041EEE8 |. 8D8D 74F7FFFF
0041EEEE |. E8 4DFDFEFF
fo.0040EC40
0041EEF3 |. C785 90F7FFFF
0041EEFD |. C785 94F7FFFF
0041EF07 |. C785 98F7FFFF
0041EF11 |. 8D8D 74F7FFFF
0041EF17 |. 898D 6CF1FFFF
0041EF1D |. C745 FC 20000
0041EF24 |. 68 BC974400
SCII " Manufacturer"
0041EF29 |. 8B95 6CF1FFFF
0041EF2F |. 52
[LOCAL.933]
0041EF30 |. 8D85 48F7FFFF
0041EF36 |. 50
OFFSET LOCAL.558
0041EF37 |. E8 B4FAFEFF
fo.0040E9F0
0041EF3C |. 83C4 0C
0041EF3F |. 8985 68F1FFFF
0041EF45 |. 8B8D 68F1FFFF
0041EF4B |. 898D 64F1FFFF
0041EF51 |. C645 FC 21
0041EF55 |. C685 9FF7FFFF
0041EF5C |. C685 47F7FFFF
0041EF63 |. 6A 06
0041EF65 |. 8D95 34F7FFFF
0041EF6B |. 52
OFFSET LOCAL.563
0041EF6C |. E8 27E80000
fo.0042D798
0041EF71 |. 83C4 08
0041EF74 |. 8985 0CF4FFFF
0041EF7A |. 837D 08 00

|MOV DWORD PTR SS:[LOCAL.140],100


|LEA ECX,[LOCAL.140]
|PUSH ECX

; /pDataLen

|LEA EDX,[LOCAL.313]
|PUSH EDX

; |
; |pData =>

|LEA EAX,[LOCAL.72]
|PUSH EAX

; |
; |pType =>

|PUSH 0

; |Reserved

|PUSH OFFSET 004497CC

; |Name = "

|MOV ECX,DWORD PTR SS:[LOCAL.249]


|PUSH ECX

; |
; |hKey =>

|CALL DWORD PTR DS:[<&ADVAPI32.RegQueryV ; \ADVAPI32


|LEA EDX,[LOCAL.548+3]
|PUSH EDX
|LEA EAX,[LOCAL.71]
|PUSH EAX

; /Arg2
; |
; |Arg1 =>

|LEA ECX,[LOCAL.547]
|CALL 0040EC40

; |
; \SystemIn

|MOV DWORD PTR SS:[LOCAL.540],0


|MOV DWORD PTR SS:[LOCAL.539],0
|MOV DWORD PTR SS:[LOCAL.538],0
|LEA ECX,[LOCAL.547]
|MOV DWORD PTR SS:[LOCAL.933],ECX
|MOV DWORD PTR SS:[LOCAL.1],20
|PUSH OFFSET 004497BC

; /Arg3 = A

|MOV EDX,DWORD PTR SS:[LOCAL.933]


|PUSH EDX

; |
; |Arg2 =>

|LEA EAX,[LOCAL.558]
|PUSH EAX

; |
; |Arg1 =>

|CALL 0040E9F0

; \SystemIn

|ADD ESP,0C
|MOV DWORD PTR SS:[LOCAL.934],EAX
|MOV ECX,DWORD PTR SS:[LOCAL.934]
|MOV DWORD PTR SS:[LOCAL.935],ECX
|MOV BYTE PTR SS:[LOCAL.1],21
|MOV BYTE PTR SS:[LOCAL.537+3],20
|MOV BYTE PTR SS:[LOCAL.559+3],2E
|PUSH 6
|LEA EDX,[LOCAL.563]
|PUSH EDX

; /Arg2 = 6
; |
; |Arg1 =>

|CALL 0042D798

; \SystemIn

|ADD ESP,8
|MOV DWORD PTR SS:[LOCAL.765],EAX
|CMP DWORD PTR SS:[ARG.1],0

0041EF7E |. 75 0C
0041EF80 |. C785 60F1FFFF
0041EF8A |. EB 11
0041EF8C |> 8B45 08
0041EF8F |. 8B08
0041EF91 |. 8B55 08
0041EF94 |. 0351 04
0041EF97 |. 8995 60F1FFFF
0041EF9D |> 8B85 0CF4FFFF
0041EFA3 |. 8B48 04
0041EFA6 |. 51
0041EFA7 |. 8B95 60F1FFFF
0041EFAD |. 52
0041EFAE |. 8B85 0CF4FFFF
0041EFB4 |. 8B08
0041EFB6 |. FFD1
0041EFB8 |. 83C4 08
0041EFBB |. 6A 23
3
0041EFBD |. 8D95 3CF7FFFF
0041EFC3 |. 52
OFFSET LOCAL.561
0041EFC4 |. E8 CFE70000
fo.0042D798
0041EFC9 |. 83C4 08
0041EFCC |. 8985 04F4FFFF
0041EFD2 |. 68 77874400
0041EFD7 |. 8B45 08
0041EFDA |. 50
0041EFDB |. E8 80B9FEFF
0041EFE0 |. 83C4 08
0041EFE3 |. 8985 08F4FFFF
0041EFE9 |. 83BD 08F4FFFF
0041EFF0 |. 75 0C
0041EFF2 |. C785 5CF1FFFF
0041EFFC |. EB 17
0041EFFE |> 8B8D 08F4FFFF
0041F004 |. 8B11
0041F006 |. 8B85 08F4FFFF
0041F00C |. 0342 04
0041F00F |. 8985 5CF1FFFF
0041F015 |> 8B8D 04F4FFFF
0041F01B |. 8B51 04
0041F01E |. 52
0041F01F |. 8B85 5CF1FFFF
0041F025 |. 50
0041F026 |. 8B8D 04F4FFFF
0041F02C |. 8B11
0041F02E |. FFD2
0041F030 |. 83C4 08
0041F033 |. 8A85 47F7FFFF
0041F039 |. 8885 FBF3FFFF
0041F03F |. 8B8D 08F4FFFF
0041F045 |. 8B11
0041F047 |. 8B85 08F4FFFF
0041F04D |. 0342 04
0041F050 |. 8985 FCF3FFFF
0041F056 |. 8B8D FCF3FFFF
0041F05C |. 8A51 30
0041F05F |. 8895 03F4FFFF

|JNE SHORT 0041EF8C


|MOV DWORD PTR SS:[LOCAL.936],0
|JMP SHORT 0041EF9D
|MOV EAX,DWORD PTR SS:[ARG.1]
|MOV ECX,DWORD PTR DS:[EAX]
|MOV EDX,DWORD PTR SS:[ARG.1]
|ADD EDX,DWORD PTR DS:[ECX+4]
|MOV DWORD PTR SS:[LOCAL.936],EDX
|MOV EAX,DWORD PTR SS:[LOCAL.765]
|MOV ECX,DWORD PTR DS:[EAX+4]
|PUSH ECX
|MOV EDX,DWORD PTR SS:[LOCAL.936]
|PUSH EDX
|MOV EAX,DWORD PTR SS:[LOCAL.765]
|MOV ECX,DWORD PTR DS:[EAX]
|CALL ECX
|ADD ESP,8
|PUSH 23

; /Arg2 = 2

|LEA EDX,[LOCAL.561]
|PUSH EDX

; |
; |Arg1 =>

|CALL 0042D798

; \SystemIn

|ADD ESP,8
|MOV DWORD PTR SS:[LOCAL.767],EAX
|PUSH OFFSET 00448777
|MOV EAX,DWORD PTR SS:[ARG.1]
|PUSH EAX
|CALL 0040A960
|ADD ESP,8
|MOV DWORD PTR SS:[LOCAL.766],EAX
|CMP DWORD PTR SS:[LOCAL.766],0
|JNE SHORT 0041EFFE
|MOV DWORD PTR SS:[LOCAL.937],0
|JMP SHORT 0041F015
|MOV ECX,DWORD PTR SS:[LOCAL.766]
|MOV EDX,DWORD PTR DS:[ECX]
|MOV EAX,DWORD PTR SS:[LOCAL.766]
|ADD EAX,DWORD PTR DS:[EDX+4]
|MOV DWORD PTR SS:[LOCAL.937],EAX
|MOV ECX,DWORD PTR SS:[LOCAL.767]
|MOV EDX,DWORD PTR DS:[ECX+4]
|PUSH EDX
|MOV EAX,DWORD PTR SS:[LOCAL.937]
|PUSH EAX
|MOV ECX,DWORD PTR SS:[LOCAL.767]
|MOV EDX,DWORD PTR DS:[ECX]
|CALL EDX
|ADD ESP,8
|MOV AL,BYTE PTR SS:[LOCAL.559+3]
|MOV BYTE PTR SS:[LOCAL.770+3],AL
|MOV ECX,DWORD PTR SS:[LOCAL.766]
|MOV EDX,DWORD PTR DS:[ECX]
|MOV EAX,DWORD PTR SS:[LOCAL.766]
|ADD EAX,DWORD PTR DS:[EDX+4]
|MOV DWORD PTR SS:[LOCAL.769],EAX
|MOV ECX,DWORD PTR SS:[LOCAL.769]
|MOV DL,BYTE PTR DS:[ECX+30]
|MOV BYTE PTR SS:[LOCAL.768+3],DL

0041F065
0041F06B
0041F071
0041F074
0041F07B
0041F07D
0041F087
0041F089
0041F08F
0041F091
0041F097
0041F09A
0041F0A0
0041F0A6
0041F0A9
0041F0AF
0041F0B4
0041F0B6
0041F0BC
0041F0BF
0041F0C4
0041F0C9
0041F0CE
0041F0D0
0041F0D6
0041F0D9
0041F0DF
0041F0E0
0041F0E6
0041F0E7
0041F0EC
0041F0EF
0041F0F5
0041F0FC
0041F0FE
0041F108
0041F10A
0041F110
0041F112
0041F118
0041F11B
0041F121
0041F127
0041F12A
0041F130
0041F135
0041F137
0041F13D
0041F140
0041F145
0041F14A
0041F14F
0041F151
0041F157
0041F15A
0041F160
0041F166
0041F16C
0041F16E
0041F174

|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.

8B85 FCF3FFFF
8A8D FBF3FFFF
8848 30
83BD 08F4FFFF
75 0C
C785 F0F3FFFF
EB 17
8B95 08F4FFFF
8B02
8B8D 08F4FFFF
0348 04
898D F0F3FFFF
8B95 F0F3FFFF
8B42 10
8985 F4F3FFFF
B9 C0010000
F7D1
8B95 F0F3FFFF
234A 10
B8 40000000
25 C0010000
25 FFFF0000
0BC8
8B95 F0F3FFFF
894A 10
8B85 64F1FFFF
50
8B8D 08F4FFFF
51
E8 74BDFEFF
83C4 08
8985 E4F3FFFF
83BD E4F3FFFF
75 0C
C785 E8F3FFFF
EB 17
8B95 E4F3FFFF
8B02
8B8D E4F3FFFF
0348 04
898D E8F3FFFF
8B95 E8F3FFFF
8B42 10
8985 ECF3FFFF
B9 C0010000
F7D1
8B95 E8F3FFFF
234A 10
B8 80000000
25 C0010000
25 FFFF0000
0BC8
8B95 E8F3FFFF
894A 10
8A85 9FF7FFFF
8885 DBF3FFFF
8B8D E4F3FFFF
8B11
8B85 E4F3FFFF
0342 04

|MOV EAX,DWORD PTR SS:[LOCAL.769]


|MOV CL,BYTE PTR SS:[LOCAL.770+3]
|MOV BYTE PTR DS:[EAX+30],CL
|CMP DWORD PTR SS:[LOCAL.766],0
|JNE SHORT 0041F089
|MOV DWORD PTR SS:[LOCAL.772],0
|JMP SHORT 0041F0A0
|MOV EDX,DWORD PTR SS:[LOCAL.766]
|MOV EAX,DWORD PTR DS:[EDX]
|MOV ECX,DWORD PTR SS:[LOCAL.766]
|ADD ECX,DWORD PTR DS:[EAX+4]
|MOV DWORD PTR SS:[LOCAL.772],ECX
|MOV EDX,DWORD PTR SS:[LOCAL.772]
|MOV EAX,DWORD PTR DS:[EDX+10]
|MOV DWORD PTR SS:[LOCAL.771],EAX
|MOV ECX,1C0
|NOT ECX
|MOV EDX,DWORD PTR SS:[LOCAL.772]
|AND ECX,DWORD PTR DS:[EDX+10]
|MOV EAX,40
|AND EAX,000001C0
|AND EAX,0000FFFF
|OR ECX,EAX
|MOV EDX,DWORD PTR SS:[LOCAL.772]
|MOV DWORD PTR DS:[EDX+10],ECX
|MOV EAX,DWORD PTR SS:[LOCAL.935]
|PUSH EAX
|MOV ECX,DWORD PTR SS:[LOCAL.766]
|PUSH ECX
|CALL 0040AE60
|ADD ESP,8
|MOV DWORD PTR SS:[LOCAL.775],EAX
|CMP DWORD PTR SS:[LOCAL.775],0
|JNE SHORT 0041F10A
|MOV DWORD PTR SS:[LOCAL.774],0
|JMP SHORT 0041F121
|MOV EDX,DWORD PTR SS:[LOCAL.775]
|MOV EAX,DWORD PTR DS:[EDX]
|MOV ECX,DWORD PTR SS:[LOCAL.775]
|ADD ECX,DWORD PTR DS:[EAX+4]
|MOV DWORD PTR SS:[LOCAL.774],ECX
|MOV EDX,DWORD PTR SS:[LOCAL.774]
|MOV EAX,DWORD PTR DS:[EDX+10]
|MOV DWORD PTR SS:[LOCAL.773],EAX
|MOV ECX,1C0
|NOT ECX
|MOV EDX,DWORD PTR SS:[LOCAL.774]
|AND ECX,DWORD PTR DS:[EDX+10]
|MOV EAX,80
|AND EAX,000001C0
|AND EAX,0000FFFF
|OR ECX,EAX
|MOV EDX,DWORD PTR SS:[LOCAL.774]
|MOV DWORD PTR DS:[EDX+10],ECX
|MOV AL,BYTE PTR SS:[LOCAL.537+3]
|MOV BYTE PTR SS:[LOCAL.778+3],AL
|MOV ECX,DWORD PTR SS:[LOCAL.775]
|MOV EDX,DWORD PTR DS:[ECX]
|MOV EAX,DWORD PTR SS:[LOCAL.775]
|ADD EAX,DWORD PTR DS:[EDX+4]

0041F177 |.
0041F17D |.
0041F183 |.
0041F186 |.
0041F18C |.
0041F192 |.
0041F198 |.
0041F19B |.
0041F1A1 |.
0041F1A2 |.
0041F1A8 |.
0041F1A9 |.
0041F1AE |.
0041F1B1 |.
0041F1B7 |.
A
0041F1B9 |.
0041F1BF |.
fo.0040F5C0
0041F1C4 |.
0041F1CA |.
fo.0040F7C0
0041F1CF |.
0041F1D3 |.
0041F1D9 |.
fo.0040E780
0041F1DE |.
0041F1E2 |.
0041F1E4 |.
0041F1E6 |.
0041F1EC |.
fo.0040FB60
0041F1F1 |.
0041F1F8 |.
0041F1FE |.
fo.0040E780
0041F203 |.
0041F20A |.
0041F20C |.
0041F20E |.
0041F214 |.
fo.0040FB60
0041F219 |>
0041F21F |.
[LOCAL.249]
0041F220 |.
.RegCloseKey
0041F226 |.^
0041F22B |>
0041F22E |.
[LOCAL.6]
0041F22F |.
.RegCloseKey
0041F235 |>
0041F23B |.
0041F241 |.
0041F248 |.
0041F24E |.
0041F250 |.
0041F256 |.

8985 DCF3FFFF
8B8D DCF3FFFF
8A51 30
8895 E3F3FFFF
8B85 DCF3FFFF
8A8D DBF3FFFF
8848 30
8D95 1CFBFFFF
52
8B85 E4F3FFFF
50
E8 B2B7FEFF
83C4 08
8985 D4F3FFFF
6A 0A

|MOV DWORD PTR SS:[LOCAL.777],EAX


|MOV ECX,DWORD PTR SS:[LOCAL.777]
|MOV DL,BYTE PTR DS:[ECX+30]
|MOV BYTE PTR SS:[LOCAL.776+3],DL
|MOV EAX,DWORD PTR SS:[LOCAL.777]
|MOV CL,BYTE PTR SS:[LOCAL.778+3]
|MOV BYTE PTR DS:[EAX+30],CL
|LEA EDX,[LOCAL.313]
|PUSH EDX
|MOV EAX,DWORD PTR SS:[LOCAL.775]
|PUSH EAX
|CALL 0040A960
|ADD ESP,8
|MOV DWORD PTR SS:[LOCAL.779],EAX
|PUSH 0A

; /Arg1 = 0

8B8D D4F3FFFF |MOV ECX,DWORD PTR SS:[LOCAL.779]


E8 FC03FFFF |CALL 0040F5C0

; |
; \SystemIn

8B8D D4F3FFFF |MOV ECX,DWORD PTR SS:[LOCAL.779]


E8 F105FFFF |CALL 0040F7C0

; [SystemIn

C645 FC 22
|MOV BYTE PTR SS:[LOCAL.1],22
8D8D 48F7FFFF |LEA ECX,[LOCAL.558]
E8 A2F5FEFF |CALL 0040E780

; [SystemIn

C645 FC 20
6A 00
6A 01
8D8D 48F7FFFF
E8 6F09FFFF

;
;
;
;

|MOV BYTE PTR SS:[LOCAL.1],20


|PUSH 0
|PUSH 1
|LEA ECX,[LOCAL.558]
|CALL 0040FB60

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

C745 FC 23000 |MOV DWORD PTR SS:[LOCAL.1],23


8D8D 74F7FFFF |LEA ECX,[LOCAL.547]
E8 7DF5FEFF |CALL 0040E780

; [SystemIn

C745 FC FFFFF
6A 00
6A 01
8D8D 74F7FFFF
E8 4709FFFF

;
;
;
;

|MOV DWORD PTR SS:[LOCAL.1],-1


|PUSH 0
|PUSH 1
|LEA ECX,[LOCAL.547]
|CALL 0040FB60

8B8D 1CFCFFFF |MOV ECX,DWORD PTR SS:[LOCAL.249]


51
|PUSH ECX

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

; /hKey =>

FF15 14804400 |CALL DWORD PTR DS:[<&ADVAPI32.RegCloseK ; \ADVAPI32


E9 CAF6FFFF
8B55 E8
52

\JMP 0041E8F5
MOV EDX,DWORD PTR SS:[LOCAL.6]
PUSH EDX

; /hKey =>

FF15 14804400 CALL DWORD PTR DS:[<&ADVAPI32.RegCloseKe ; \ADVAPI32


FF15 24824400
8985 DCFEFFFF
83BD DCFEFFFF
0F85 95000000
6A 06
8D85 2CF7FFFF
50

CALL DWORD PTR DS:[<&WINMM.waveOutGetNum


MOV DWORD PTR SS:[LOCAL.73],EAX
CMP DWORD PTR SS:[LOCAL.73],0
JNE 0041F2E3
PUSH 6
; /Arg2 = 6
LEA EAX,[LOCAL.565]
; |
PUSH EAX
; |Arg1 =>

OFFSET LOCAL.565
0041F257 |. E8 3CE50000
fo.0042D798
0041F25C |. 83C4 08
0041F25F |. 8985 D0F3FFFF
0041F265 |. 837D 08 00
0041F269 |. 75 0C
0041F26B |. C785 58F1FFFF
0041F275 |. EB 11
0041F277 |> 8B4D 08
0041F27A |. 8B11
0041F27C |. 8B45 08
0041F27F |. 0342 04
0041F282 |. 8985 58F1FFFF
0041F288 |> 8B8D D0F3FFFF
0041F28E |. 8B51 04
0041F291 |. 52
0041F292 |. 8B85 58F1FFFF
0041F298 |. 50
0041F299 |. 8B8D D0F3FFFF
0041F29F |. 8B11
0041F2A1 |. FFD2
0041F2A3 |. 83C4 08
0041F2A6 |. 68 84974400
Sound Device"
0041F2AB |. 68 77874400
0041F2B0 |. 8B45 08
0041F2B3 |. 50
0041F2B4 |. E8 A7B6FEFF
0041F2B9 |. 83C4 08
0041F2BC |. 50
0041F2BD |. E8 9EB6FEFF
0041F2C2 |. 83C4 08
0041F2C5 |. 8985 CCF3FFFF
0041F2CB |. 6A 0A
A
0041F2CD |. 8B8D CCF3FFFF
0041F2D3 |. E8 E802FFFF
fo.0040F5C0
0041F2D8 |. 8B8D CCF3FFFF
0041F2DE |. E8 DD04FFFF
fo.0040F7C0
0041F2E3 |> C745 EC 00000
0041F2EA |. EB 09
0041F2EC |> 8B4D EC
0041F2EF |. 83C1 01
0041F2F2 |. 894D EC
0041F2F5 |> 8B55 EC
0041F2F8 |. 3B95 DCFEFFFF
0041F2FE |. 0F83 41050000
0041F304 |. 6A 34
0041F306 |. 8D85 E8FAFFFF
0041F30C |. 50
0041F30D |. 8B4D EC
0041F310 |. 51
0041F311 |. FF15 28824400
0041F317 |. 85C0
0041F319 |. 0F85 7A020000
0041F31F |. C685 2BF7FFFF
0041F326 |. C685 2AF7FFFF

CALL 0042D798

; \SystemIn

ADD ESP,8
MOV DWORD PTR SS:[LOCAL.780],EAX
CMP DWORD PTR SS:[ARG.1],0
JNE SHORT 0041F277
MOV DWORD PTR SS:[LOCAL.938],0
JMP SHORT 0041F288
MOV ECX,DWORD PTR SS:[ARG.1]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[ARG.1]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.938],EAX
MOV ECX,DWORD PTR SS:[LOCAL.780]
MOV EDX,DWORD PTR DS:[ECX+4]
PUSH EDX
MOV EAX,DWORD PTR SS:[LOCAL.938]
PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.780]
MOV EDX,DWORD PTR DS:[ECX]
CALL EDX
ADD ESP,8
PUSH OFFSET 00449784

; ASCII "No

PUSH OFFSET 00448777


MOV EAX,DWORD PTR SS:[ARG.1]
PUSH EAX
CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[LOCAL.781],EAX
PUSH 0A

; /Arg1 = 0

MOV ECX,DWORD PTR SS:[LOCAL.781]


CALL 0040F5C0

; |
; \SystemIn

MOV ECX,DWORD PTR SS:[LOCAL.781]


CALL 0040F7C0

; [SystemIn

MOV DWORD PTR SS:[LOCAL.5],0


JMP SHORT 0041F2F5
/MOV ECX,DWORD PTR SS:[LOCAL.5]
|ADD ECX,1
|MOV DWORD PTR SS:[LOCAL.5],ECX
|MOV EDX,DWORD PTR SS:[LOCAL.5]
|CMP EDX,DWORD PTR SS:[LOCAL.73]
|JNB 0041F845
|PUSH 34
|LEA EAX,[LOCAL.326]
|PUSH EAX
|MOV ECX,DWORD PTR SS:[LOCAL.5]
|PUSH ECX
|CALL DWORD PTR DS:[<&WINMM.waveOutGetDe
|TEST EAX,EAX
|JNE 0041F599
|MOV BYTE PTR SS:[LOCAL.566+3],20
|MOV BYTE PTR SS:[LOCAL.566+2],2E

0041F32D |. 6A 06
0041F32F |. 8D95 18F7FFFF
0041F335 |. 52
OFFSET LOCAL.570
0041F336 |. E8 5DE40000
fo.0042D798
0041F33B |. 83C4 08
0041F33E |. 8985 C8F3FFFF
0041F344 |. 837D 08 00
0041F348 |. 75 0C
0041F34A |. C785 54F1FFFF
0041F354 |. EB 11
0041F356 |> 8B45 08
0041F359 |. 8B08
0041F35B |. 8B55 08
0041F35E |. 0351 04
0041F361 |. 8995 54F1FFFF
0041F367 |> 8B85 C8F3FFFF
0041F36D |. 8B48 04
0041F370 |. 51
0041F371 |. 8B95 54F1FFFF
0041F377 |. 52
0041F378 |. 8B85 C8F3FFFF
0041F37E |. 8B08
0041F380 |. FFD1
0041F382 |. 83C4 08
0041F385 |. 6A 23
3
0041F387 |. 8D95 20F7FFFF
0041F38D |. 52
OFFSET LOCAL.568
0041F38E |. E8 05E40000
fo.0042D798
0041F393 |. 83C4 08
0041F396 |. 8985 C0F3FFFF
0041F39C |. 68 77874400
0041F3A1 |. 8B45 08
0041F3A4 |. 50
0041F3A5 |. E8 B6B5FEFF
0041F3AA |. 83C4 08
0041F3AD |. 8985 C4F3FFFF
0041F3B3 |. 83BD C4F3FFFF
0041F3BA |. 75 0C
0041F3BC |. C785 50F1FFFF
0041F3C6 |. EB 17
0041F3C8 |> 8B8D C4F3FFFF
0041F3CE |. 8B11
0041F3D0 |. 8B85 C4F3FFFF
0041F3D6 |. 0342 04
0041F3D9 |. 8985 50F1FFFF
0041F3DF |> 8B8D C0F3FFFF
0041F3E5 |. 8B51 04
0041F3E8 |. 52
0041F3E9 |. 8B85 50F1FFFF
0041F3EF |. 50
0041F3F0 |. 8B8D C0F3FFFF
0041F3F6 |. 8B11
0041F3F8 |. FFD2
0041F3FA |. 83C4 08
0041F3FD |. 8A85 2AF7FFFF

|PUSH 6
|LEA EDX,[LOCAL.570]
|PUSH EDX

; /Arg2 = 6
; |
; |Arg1 =>

|CALL 0042D798

; \SystemIn

|ADD ESP,8
|MOV DWORD PTR SS:[LOCAL.782],EAX
|CMP DWORD PTR SS:[ARG.1],0
|JNE SHORT 0041F356
|MOV DWORD PTR SS:[LOCAL.939],0
|JMP SHORT 0041F367
|MOV EAX,DWORD PTR SS:[ARG.1]
|MOV ECX,DWORD PTR DS:[EAX]
|MOV EDX,DWORD PTR SS:[ARG.1]
|ADD EDX,DWORD PTR DS:[ECX+4]
|MOV DWORD PTR SS:[LOCAL.939],EDX
|MOV EAX,DWORD PTR SS:[LOCAL.782]
|MOV ECX,DWORD PTR DS:[EAX+4]
|PUSH ECX
|MOV EDX,DWORD PTR SS:[LOCAL.939]
|PUSH EDX
|MOV EAX,DWORD PTR SS:[LOCAL.782]
|MOV ECX,DWORD PTR DS:[EAX]
|CALL ECX
|ADD ESP,8
|PUSH 23

; /Arg2 = 2

|LEA EDX,[LOCAL.568]
|PUSH EDX

; |
; |Arg1 =>

|CALL 0042D798

; \SystemIn

|ADD ESP,8
|MOV DWORD PTR SS:[LOCAL.784],EAX
|PUSH OFFSET 00448777
|MOV EAX,DWORD PTR SS:[ARG.1]
|PUSH EAX
|CALL 0040A960
|ADD ESP,8
|MOV DWORD PTR SS:[LOCAL.783],EAX
|CMP DWORD PTR SS:[LOCAL.783],0
|JNE SHORT 0041F3C8
|MOV DWORD PTR SS:[LOCAL.940],0
|JMP SHORT 0041F3DF
|MOV ECX,DWORD PTR SS:[LOCAL.783]
|MOV EDX,DWORD PTR DS:[ECX]
|MOV EAX,DWORD PTR SS:[LOCAL.783]
|ADD EAX,DWORD PTR DS:[EDX+4]
|MOV DWORD PTR SS:[LOCAL.940],EAX
|MOV ECX,DWORD PTR SS:[LOCAL.784]
|MOV EDX,DWORD PTR DS:[ECX+4]
|PUSH EDX
|MOV EAX,DWORD PTR SS:[LOCAL.940]
|PUSH EAX
|MOV ECX,DWORD PTR SS:[LOCAL.784]
|MOV EDX,DWORD PTR DS:[ECX]
|CALL EDX
|ADD ESP,8
|MOV AL,BYTE PTR SS:[LOCAL.566+2]

0041F403 |.
0041F409 |.
0041F40F |.
0041F411 |.
0041F417 |.
0041F41A |.
0041F420 |.
0041F426 |.
0041F429 |.
0041F42F |.
0041F435 |.
0041F43B |.
0041F43E |.
0041F445 |.
0041F447 |.
0041F451 |.
0041F453 |>
0041F459 |.
0041F45B |.
0041F461 |.
0041F464 |.
0041F46A |>
0041F470 |.
0041F473 |.
0041F479 |.
0041F47E |.
0041F480 |.
0041F486 |.
0041F489 |.
0041F48E |.
0041F493 |.
0041F498 |.
0041F49A |.
0041F4A0 |.
0041F4A3 |.
und Device"
0041F4A8 |.
0041F4AE |.
0041F4AF |.
0041F4B4 |.
0041F4B7 |.
0041F4BD |.
0041F4C4 |.
0041F4C6 |.
0041F4D0 |.
0041F4D2 |>
0041F4D8 |.
0041F4DA |.
0041F4E0 |.
0041F4E3 |.
0041F4E9 |>
0041F4EF |.
0041F4F2 |.
0041F4F8 |.
0041F4FD |.
0041F4FF |.
0041F505 |.
0041F508 |.
0041F50D |.
0041F513 |.

8885 B7F3FFFF
8B8D C4F3FFFF
8B11
8B85 C4F3FFFF
0342 04
8985 B8F3FFFF
8B8D B8F3FFFF
8A51 30
8895 BFF3FFFF
8B85 B8F3FFFF
8A8D B7F3FFFF
8848 30
83BD C4F3FFFF
75 0C
C785 ACF3FFFF
EB 17
8B95 C4F3FFFF
8B02
8B8D C4F3FFFF
0348 04
898D ACF3FFFF
8B95 ACF3FFFF
8B42 10
8985 B0F3FFFF
B9 C0010000
F7D1
8B95 ACF3FFFF
234A 10
B8 40000000
25 C0010000
25 FFFF0000
0BC8
8B95 ACF3FFFF
894A 10
68 74974400

|MOV BYTE PTR SS:[LOCAL.787+3],AL


|MOV ECX,DWORD PTR SS:[LOCAL.783]
|MOV EDX,DWORD PTR DS:[ECX]
|MOV EAX,DWORD PTR SS:[LOCAL.783]
|ADD EAX,DWORD PTR DS:[EDX+4]
|MOV DWORD PTR SS:[LOCAL.786],EAX
|MOV ECX,DWORD PTR SS:[LOCAL.786]
|MOV DL,BYTE PTR DS:[ECX+30]
|MOV BYTE PTR SS:[LOCAL.785+3],DL
|MOV EAX,DWORD PTR SS:[LOCAL.786]
|MOV CL,BYTE PTR SS:[LOCAL.787+3]
|MOV BYTE PTR DS:[EAX+30],CL
|CMP DWORD PTR SS:[LOCAL.783],0
|JNE SHORT 0041F453
|MOV DWORD PTR SS:[LOCAL.789],0
|JMP SHORT 0041F46A
|MOV EDX,DWORD PTR SS:[LOCAL.783]
|MOV EAX,DWORD PTR DS:[EDX]
|MOV ECX,DWORD PTR SS:[LOCAL.783]
|ADD ECX,DWORD PTR DS:[EAX+4]
|MOV DWORD PTR SS:[LOCAL.789],ECX
|MOV EDX,DWORD PTR SS:[LOCAL.789]
|MOV EAX,DWORD PTR DS:[EDX+10]
|MOV DWORD PTR SS:[LOCAL.788],EAX
|MOV ECX,1C0
|NOT ECX
|MOV EDX,DWORD PTR SS:[LOCAL.789]
|AND ECX,DWORD PTR DS:[EDX+10]
|MOV EAX,40
|AND EAX,000001C0
|AND EAX,0000FFFF
|OR ECX,EAX
|MOV EDX,DWORD PTR SS:[LOCAL.789]
|MOV DWORD PTR DS:[EDX+10],ECX
|PUSH OFFSET 00449774

8B85 C4F3FFFF
50
E8 ACB4FEFF
83C4 08
8985 A0F3FFFF
83BD A0F3FFFF
75 0C
C785 A4F3FFFF
EB 17
8B8D A0F3FFFF
8B11
8B85 A0F3FFFF
0342 04
8985 A4F3FFFF
8B8D A4F3FFFF
8B51 10
8995 A8F3FFFF
B8 C0010000
F7D0
8B8D A4F3FFFF
2341 10
BA 80000000
81E2 C0010000
81E2 FFFF0000

|MOV EAX,DWORD PTR SS:[LOCAL.783]


|PUSH EAX
|CALL 0040A960
|ADD ESP,8
|MOV DWORD PTR SS:[LOCAL.792],EAX
|CMP DWORD PTR SS:[LOCAL.792],0
|JNE SHORT 0041F4D2
|MOV DWORD PTR SS:[LOCAL.791],0
|JMP SHORT 0041F4E9
|MOV ECX,DWORD PTR SS:[LOCAL.792]
|MOV EDX,DWORD PTR DS:[ECX]
|MOV EAX,DWORD PTR SS:[LOCAL.792]
|ADD EAX,DWORD PTR DS:[EDX+4]
|MOV DWORD PTR SS:[LOCAL.791],EAX
|MOV ECX,DWORD PTR SS:[LOCAL.791]
|MOV EDX,DWORD PTR DS:[ECX+10]
|MOV DWORD PTR SS:[LOCAL.790],EDX
|MOV EAX,1C0
|NOT EAX
|MOV ECX,DWORD PTR SS:[LOCAL.791]
|AND EAX,DWORD PTR DS:[ECX+10]
|MOV EDX,80
|AND EDX,000001C0
|AND EDX,0000FFFF

; ASCII "So

0041F519 |. 0BC2
0041F51B |. 8B8D A4F3FFFF
0041F521 |. 8941 10
0041F524 |. 8A95 2BF7FFFF
0041F52A |. 8895 97F3FFFF
0041F530 |. 8B85 A0F3FFFF
0041F536 |. 8B08
0041F538 |. 8B95 A0F3FFFF
0041F53E |. 0351 04
0041F541 |. 8995 98F3FFFF
0041F547 |. 8B85 98F3FFFF
0041F54D |. 8A48 30
0041F550 |. 888D 9FF3FFFF
0041F556 |. 8B95 98F3FFFF
0041F55C |. 8A85 97F3FFFF
0041F562 |. 8842 30
0041F565 |. 8D8D F0FAFFFF
0041F56B |. 51
0041F56C |. 8B95 A0F3FFFF
0041F572 |. 52
0041F573 |. E8 E8B3FEFF
0041F578 |. 83C4 08
0041F57B |. 8985 84F3FFFF
0041F581 |. 6A 0A
A
0041F583 |. 8B8D 84F3FFFF
0041F589 |. E8 3200FFFF
fo.0040F5C0
0041F58E |. 8B8D 84F3FFFF
0041F594 |. E8 2702FFFF
fo.0040F7C0
0041F599 |> C685 17F7FFFF
0041F5A0 |. C685 16F7FFFF
0041F5A7 |. 6A 06
0041F5A9 |. 8D85 04F7FFFF
0041F5AF |. 50
OFFSET LOCAL.575
0041F5B0 |. E8 E3E10000
fo.0042D798
0041F5B5 |. 83C4 08
0041F5B8 |. 8985 80F3FFFF
0041F5BE |. 837D 08 00
0041F5C2 |. 75 0C
0041F5C4 |. C785 4CF1FFFF
0041F5CE |. EB 11
0041F5D0 |> 8B4D 08
0041F5D3 |. 8B11
0041F5D5 |. 8B45 08
0041F5D8 |. 0342 04
0041F5DB |. 8985 4CF1FFFF
0041F5E1 |> 8B8D 80F3FFFF
0041F5E7 |. 8B51 04
0041F5EA |. 52
0041F5EB |. 8B85 4CF1FFFF
0041F5F1 |. 50
0041F5F2 |. 8B8D 80F3FFFF
0041F5F8 |. 8B11
0041F5FA |. FFD2
0041F5FC |. 83C4 08
0041F5FF |. 6A 23

|OR EAX,EDX
|MOV ECX,DWORD PTR SS:[LOCAL.791]
|MOV DWORD PTR DS:[ECX+10],EAX
|MOV DL,BYTE PTR SS:[LOCAL.566+3]
|MOV BYTE PTR SS:[LOCAL.795+3],DL
|MOV EAX,DWORD PTR SS:[LOCAL.792]
|MOV ECX,DWORD PTR DS:[EAX]
|MOV EDX,DWORD PTR SS:[LOCAL.792]
|ADD EDX,DWORD PTR DS:[ECX+4]
|MOV DWORD PTR SS:[LOCAL.794],EDX
|MOV EAX,DWORD PTR SS:[LOCAL.794]
|MOV CL,BYTE PTR DS:[EAX+30]
|MOV BYTE PTR SS:[LOCAL.793+3],CL
|MOV EDX,DWORD PTR SS:[LOCAL.794]
|MOV AL,BYTE PTR SS:[LOCAL.795+3]
|MOV BYTE PTR DS:[EDX+30],AL
|LEA ECX,[LOCAL.324]
|PUSH ECX
|MOV EDX,DWORD PTR SS:[LOCAL.792]
|PUSH EDX
|CALL 0040A960
|ADD ESP,8
|MOV DWORD PTR SS:[LOCAL.799],EAX
|PUSH 0A

; /Arg1 = 0

|MOV ECX,DWORD PTR SS:[LOCAL.799]


|CALL 0040F5C0

; |
; \SystemIn

|MOV ECX,DWORD PTR SS:[LOCAL.799]


|CALL 0040F7C0

; [SystemIn

|MOV BYTE PTR SS:[LOCAL.571+3],20


|MOV BYTE PTR SS:[LOCAL.571+2],2E
|PUSH 6
|LEA EAX,[LOCAL.575]
|PUSH EAX

; /Arg2 = 6
; |
; |Arg1 =>

|CALL 0042D798

; \SystemIn

|ADD ESP,8
|MOV DWORD PTR SS:[LOCAL.800],EAX
|CMP DWORD PTR SS:[ARG.1],0
|JNE SHORT 0041F5D0
|MOV DWORD PTR SS:[LOCAL.941],0
|JMP SHORT 0041F5E1
|MOV ECX,DWORD PTR SS:[ARG.1]
|MOV EDX,DWORD PTR DS:[ECX]
|MOV EAX,DWORD PTR SS:[ARG.1]
|ADD EAX,DWORD PTR DS:[EDX+4]
|MOV DWORD PTR SS:[LOCAL.941],EAX
|MOV ECX,DWORD PTR SS:[LOCAL.800]
|MOV EDX,DWORD PTR DS:[ECX+4]
|PUSH EDX
|MOV EAX,DWORD PTR SS:[LOCAL.941]
|PUSH EAX
|MOV ECX,DWORD PTR SS:[LOCAL.800]
|MOV EDX,DWORD PTR DS:[ECX]
|CALL EDX
|ADD ESP,8
|PUSH 23

; /Arg2 = 2

3
0041F601 |. 8D85 0CF7FFFF
0041F607 |. 50
OFFSET LOCAL.573
0041F608 |. E8 8BE10000
fo.0042D798
0041F60D |. 83C4 08
0041F610 |. 8985 78F3FFFF
0041F616 |. 68 77874400
0041F61B |. 8B4D 08
0041F61E |. 51
0041F61F |. E8 3CB3FEFF
0041F624 |. 83C4 08
0041F627 |. 8985 7CF3FFFF
0041F62D |. 83BD 7CF3FFFF
0041F634 |. 75 0C
0041F636 |. C785 48F1FFFF
0041F640 |. EB 17
0041F642 |> 8B95 7CF3FFFF
0041F648 |. 8B02
0041F64A |. 8B8D 7CF3FFFF
0041F650 |. 0348 04
0041F653 |. 898D 48F1FFFF
0041F659 |> 8B95 78F3FFFF
0041F65F |. 8B42 04
0041F662 |. 50
0041F663 |. 8B8D 48F1FFFF
0041F669 |. 51
0041F66A |. 8B95 78F3FFFF
0041F670 |. 8B02
0041F672 |. FFD0
0041F674 |. 83C4 08
0041F677 |. 8A8D 16F7FFFF
0041F67D |. 888D 6FF3FFFF
0041F683 |. 8B95 7CF3FFFF
0041F689 |. 8B02
0041F68B |. 8B8D 7CF3FFFF
0041F691 |. 0348 04
0041F694 |. 898D 70F3FFFF
0041F69A |. 8B95 70F3FFFF
0041F6A0 |. 8A42 30
0041F6A3 |. 8885 77F3FFFF
0041F6A9 |. 8B8D 70F3FFFF
0041F6AF |. 8A95 6FF3FFFF
0041F6B5 |. 8851 30
0041F6B8 |. 83BD 7CF3FFFF
0041F6BF |. 75 0C
0041F6C1 |. C785 64F3FFFF
0041F6CB |. EB 17
0041F6CD |> 8B85 7CF3FFFF
0041F6D3 |. 8B08
0041F6D5 |. 8B95 7CF3FFFF
0041F6DB |. 0351 04
0041F6DE |. 8995 64F3FFFF
0041F6E4 |> 8B85 64F3FFFF
0041F6EA |. 8B48 10
0041F6ED |. 898D 68F3FFFF
0041F6F3 |. BA C0010000
0041F6F8 |. F7D2
0041F6FA |. 8B85 64F3FFFF

|LEA EAX,[LOCAL.573]
|PUSH EAX

; |
; |Arg1 =>

|CALL 0042D798

; \SystemIn

|ADD ESP,8
|MOV DWORD PTR SS:[LOCAL.802],EAX
|PUSH OFFSET 00448777
|MOV ECX,DWORD PTR SS:[ARG.1]
|PUSH ECX
|CALL 0040A960
|ADD ESP,8
|MOV DWORD PTR SS:[LOCAL.801],EAX
|CMP DWORD PTR SS:[LOCAL.801],0
|JNE SHORT 0041F642
|MOV DWORD PTR SS:[LOCAL.942],0
|JMP SHORT 0041F659
|MOV EDX,DWORD PTR SS:[LOCAL.801]
|MOV EAX,DWORD PTR DS:[EDX]
|MOV ECX,DWORD PTR SS:[LOCAL.801]
|ADD ECX,DWORD PTR DS:[EAX+4]
|MOV DWORD PTR SS:[LOCAL.942],ECX
|MOV EDX,DWORD PTR SS:[LOCAL.802]
|MOV EAX,DWORD PTR DS:[EDX+4]
|PUSH EAX
|MOV ECX,DWORD PTR SS:[LOCAL.942]
|PUSH ECX
|MOV EDX,DWORD PTR SS:[LOCAL.802]
|MOV EAX,DWORD PTR DS:[EDX]
|CALL EAX
|ADD ESP,8
|MOV CL,BYTE PTR SS:[LOCAL.571+2]
|MOV BYTE PTR SS:[LOCAL.805+3],CL
|MOV EDX,DWORD PTR SS:[LOCAL.801]
|MOV EAX,DWORD PTR DS:[EDX]
|MOV ECX,DWORD PTR SS:[LOCAL.801]
|ADD ECX,DWORD PTR DS:[EAX+4]
|MOV DWORD PTR SS:[LOCAL.804],ECX
|MOV EDX,DWORD PTR SS:[LOCAL.804]
|MOV AL,BYTE PTR DS:[EDX+30]
|MOV BYTE PTR SS:[LOCAL.803+3],AL
|MOV ECX,DWORD PTR SS:[LOCAL.804]
|MOV DL,BYTE PTR SS:[LOCAL.805+3]
|MOV BYTE PTR DS:[ECX+30],DL
|CMP DWORD PTR SS:[LOCAL.801],0
|JNE SHORT 0041F6CD
|MOV DWORD PTR SS:[LOCAL.807],0
|JMP SHORT 0041F6E4
|MOV EAX,DWORD PTR SS:[LOCAL.801]
|MOV ECX,DWORD PTR DS:[EAX]
|MOV EDX,DWORD PTR SS:[LOCAL.801]
|ADD EDX,DWORD PTR DS:[ECX+4]
|MOV DWORD PTR SS:[LOCAL.807],EDX
|MOV EAX,DWORD PTR SS:[LOCAL.807]
|MOV ECX,DWORD PTR DS:[EAX+10]
|MOV DWORD PTR SS:[LOCAL.806],ECX
|MOV EDX,1C0
|NOT EDX
|MOV EAX,DWORD PTR SS:[LOCAL.807]

0041F700 |.
0041F703 |.
0041F708 |.
0041F70E |.
0041F714 |.
0041F716 |.
0041F71C |.
0041F71F |.
Version"
0041F724 |.
0041F72A |.
0041F72B |.
0041F730 |.
0041F733 |.
0041F739 |.
0041F740 |.
0041F742 |.
0041F74C |.
0041F74E |>
0041F754 |.
0041F756 |.
0041F75C |.
0041F75F |.
0041F765 |>
0041F76B |.
0041F76E |.
0041F774 |.
0041F779 |.
0041F77B |.
0041F781 |.
0041F784 |.
0041F789 |.
0041F78E |.
0041F793 |.
0041F795 |.
0041F79B |.
0041F79E |.
0041F7A4 |.
0041F7AA |.
0041F7B0 |.
0041F7B2 |.
0041F7B8 |.
0041F7BB |.
0041F7C1 |.
0041F7C7 |.
0041F7CA |.
0041F7D0 |.
0041F7D6 |.
0041F7DC |.
0041F7DF |.
0041F7E5 |.
0041F7EB |.
0041F7EE |.
0041F7EF |.
0041F7F4 |.
0041F7FA |.
0041F7FD |.
0041F803 |.
0041F806 |.
0041F807 |.

2350 10
B9 40000000
81E1 C0010000
81E1 FFFF0000
0BD1
8B85 64F3FFFF
8950 10
68 68974400

|AND EDX,DWORD PTR DS:[EAX+10]


|MOV ECX,40
|AND ECX,000001C0
|AND ECX,0000FFFF
|OR EDX,ECX
|MOV EAX,DWORD PTR SS:[LOCAL.807]
|MOV DWORD PTR DS:[EAX+10],EDX
|PUSH OFFSET 00449768

; ASCII "

8B8D 7CF3FFFF
51
E8 30B2FEFF
83C4 08
8985 58F3FFFF
83BD 58F3FFFF
75 0C
C785 5CF3FFFF
EB 17
8B95 58F3FFFF
8B02
8B8D 58F3FFFF
0348 04
898D 5CF3FFFF
8B95 5CF3FFFF
8B42 10
8985 60F3FFFF
B9 C0010000
F7D1
8B95 5CF3FFFF
234A 10
B8 80000000
25 C0010000
25 FFFF0000
0BC8
8B95 5CF3FFFF
894A 10
8A85 17F7FFFF
8885 4FF3FFFF
8B8D 58F3FFFF
8B11
8B85 58F3FFFF
0342 04
8985 50F3FFFF
8B8D 50F3FFFF
8A51 30
8895 57F3FFFF
8B85 50F3FFFF
8A8D 4FF3FFFF
8848 30
8B95 ECFAFFFF
81E2 FF000000
0FB6C2
50
68 D0914400
8B8D ECFAFFFF
C1E9 08
81E1 FF000000
0FB6D1
52
8B8D 58F3FFFF

|MOV ECX,DWORD PTR SS:[LOCAL.801]


|PUSH ECX
|CALL 0040A960
|ADD ESP,8
|MOV DWORD PTR SS:[LOCAL.810],EAX
|CMP DWORD PTR SS:[LOCAL.810],0
|JNE SHORT 0041F74E
|MOV DWORD PTR SS:[LOCAL.809],0
|JMP SHORT 0041F765
|MOV EDX,DWORD PTR SS:[LOCAL.810]
|MOV EAX,DWORD PTR DS:[EDX]
|MOV ECX,DWORD PTR SS:[LOCAL.810]
|ADD ECX,DWORD PTR DS:[EAX+4]
|MOV DWORD PTR SS:[LOCAL.809],ECX
|MOV EDX,DWORD PTR SS:[LOCAL.809]
|MOV EAX,DWORD PTR DS:[EDX+10]
|MOV DWORD PTR SS:[LOCAL.808],EAX
|MOV ECX,1C0
|NOT ECX
|MOV EDX,DWORD PTR SS:[LOCAL.809]
|AND ECX,DWORD PTR DS:[EDX+10]
|MOV EAX,80
|AND EAX,000001C0
|AND EAX,0000FFFF
|OR ECX,EAX
|MOV EDX,DWORD PTR SS:[LOCAL.809]
|MOV DWORD PTR DS:[EDX+10],ECX
|MOV AL,BYTE PTR SS:[LOCAL.571+3]
|MOV BYTE PTR SS:[LOCAL.813+3],AL
|MOV ECX,DWORD PTR SS:[LOCAL.810]
|MOV EDX,DWORD PTR DS:[ECX]
|MOV EAX,DWORD PTR SS:[LOCAL.810]
|ADD EAX,DWORD PTR DS:[EDX+4]
|MOV DWORD PTR SS:[LOCAL.812],EAX
|MOV ECX,DWORD PTR SS:[LOCAL.812]
|MOV DL,BYTE PTR DS:[ECX+30]
|MOV BYTE PTR SS:[LOCAL.811+3],DL
|MOV EAX,DWORD PTR SS:[LOCAL.812]
|MOV CL,BYTE PTR SS:[LOCAL.813+3]
|MOV BYTE PTR DS:[EAX+30],CL
|MOV EDX,DWORD PTR SS:[LOCAL.325]
|AND EDX,000000FF
|MOVZX EAX,DL
|PUSH EAX
|PUSH OFFSET 004491D0
|MOV ECX,DWORD PTR SS:[LOCAL.325]
|SHR ECX,8
|AND ECX,000000FF
|MOVZX EDX,CL
|PUSH EDX
|MOV ECX,DWORD PTR SS:[LOCAL.810]

;
;
;
;
;
;
;
;

/Arg1
|
|
|
|
|
|/Arg1
||

0041F80D |.
nfo.00405E60
0041F812 |.
0041F813 |.
0041F818 |.
0041F81B |.
0041F81D |.
fo.00405E60
0041F822 |.
0041F828 |.
A
0041F82A |.
0041F830 |.
fo.0040F5C0
0041F835 |.
0041F83B |.
fo.0040F7C0
0041F840 |.^
0041F845 |>
0041F848 |.
0041F84F |.
0041F850 |.
0041F853 |.
0041F855 |.
0041F85A |.
0041F85C |.
0041F85D \.
0041F85E
0041F85F
0041F860 /.
0041F861 |.
0041F863 |.
0041F864 |.
0041F867 |.
0041F86A |.
0041F870 |.
0041F873 |.
ARG.ECX
0041F874 |.
fo.0042DDC5
0041F879 |.
0041F87C |.
0041F87F |.
0041F882 |.
0041F884 |.
0041F887 |.
0041F888 |.
0041F88D |.
0041F890 |>
0041F893 |.
0041F895 |.
0041F896 \.
0041F899
0041F89A
0041F89B
0041F89C
0041F89D
0041F89E
0041F89F
0041F8A0 /.

E8 4E66FEFF

|CALL 00405E60

; |\SystemI

50
E8 48B1FEFF
83C4 08
8BC8
E8 3E66FEFF

|PUSH EAX
|CALL 0040A960
|ADD ESP,8
|MOV ECX,EAX
|CALL 00405E60

;
;
;
;
;

|
|
|
|
\SystemIn

8985 24F2FFFF |MOV DWORD PTR SS:[LOCAL.887],EAX


6A 0A
|PUSH 0A

; /Arg1 = 0

8B8D 24F2FFFF |MOV ECX,DWORD PTR SS:[LOCAL.887]


E8 8BFDFEFF |CALL 0040F5C0

; |
; \SystemIn

8B8D 24F2FFFF |MOV ECX,DWORD PTR SS:[LOCAL.887]


E8 80FFFEFF |CALL 0040F7C0

; [SystemIn

E9 A7FAFFFF
8B4D F4
64:890D 00000
59
8B4D E4
33CD
E8 97EE0000
8BE5
5D
C3
CC
CC
55
8BEC
51
894D FC
8B45 FC
C700 F8894400
8B4D FC
51

\JMP 0041F2EC
MOV ECX,DWORD
MOV DWORD PTR
POP ECX
MOV ECX,DWORD
XOR ECX,EBP
CALL 0042E6F1
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
PUSH EBP
MOV EBP,ESP
PUSH ECX
MOV DWORD PTR
MOV EAX,DWORD
MOV DWORD PTR
MOV ECX,DWORD
PUSH ECX

; /Arg1 =>

E8 4CE50000

CALL 0042DDC5

83C4 04
8B55 08
83E2 01
74 0C
8B45 FC
50
E8 8DF00000
83C4 04
8B45 FC
8BE5
5D
C2 0400
CC
CC
CC
CC
CC
CC
CC
55

ADD ESP,4
MOV EDX,DWORD PTR SS:[ARG.1]
AND EDX,00000001
JE SHORT 0041F890
MOV EAX,DWORD PTR SS:[LOCAL.1]
PUSH EAX
CALL 0042E91A
ADD ESP,4
MOV EAX,DWORD PTR SS:[LOCAL.1]
MOV ESP,EBP
POP EBP
RETN 4
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP

PTR SS:[LOCAL.3]
FS:[0],ECX
PTR SS:[LOCAL.7]

SS:[LOCAL.1],ECX
PTR SS:[LOCAL.1]
DS:[EAX],OFFSET 004489F8
PTR SS:[LOCAL.1]
; \SystemIn

0041F8A1 |. 8BEC
0041F8A3 |. 51
0041F8A4 |. 8B45 08
0041F8A7 |. 8B48 10
0041F8AA |. 894D FC
0041F8AD |. BA 000E0000
0041F8B2 |. F7D2
0041F8B4 |. 8B45 08
0041F8B7 |. 2350 10
0041F8BA |. B9 00080000
0041F8BF |. 81E1 000E0000
0041F8C5 |. 81E1 FFFF0000
0041F8CB |. 0BD1
0041F8CD |. 8B45 08
0041F8D0 |. 8950 10
0041F8D3 |. 8B45 08
0041F8D6 |. 8BE5
0041F8D8 |. 5D
0041F8D9 \. C3
0041F8DA
CC
0041F8DB
CC
0041F8DC
CC
0041F8DD
CC
0041F8DE
CC
0041F8DF
CC
0041F8E0 /$ 55
o.0041F8E0(guessed Arg1)
0041F8E1 |. 8BEC
0041F8E3 |. 6A FF
0041F8E5 |. 68 F5634400
0041F8EA |. 64:A1 0000000
0041F8F0 |. 50
0041F8F1 |. B8 F4130000
0041F8F6 |. E8 05EE0000
5108. bytes on stack
0041F8FB |. A1 A0154500
0041F900 |. 33C5
0041F902 |. 8945 84
0041F905 |. 50
0041F906 |. 8D45 F4
0041F909 |. 64:A3 0000000
0041F90F |. C785 54FEFFFF
0041F919 |. 68 0B010000
0B
0041F91E |. E8 29DF0000
fo.0042D84C
0041F923 |. 83C4 04
0041F926 |. 8985 BCF8FFFF
0041F92C |. 8B85 BCF8FFFF
0041F932 |. 8945 88
0041F935 |. C745 90 F09A4
mctl32.dll"
0041F93C |. C745 94 E09A4
eaut32.dll"
0041F943 |. C745 98 D09A4
epro32.dll"
0041F94A |. C745 9C C09A4
folder.dll"
0041F951 |. C785 58FEFFFF
0041F95B |. 8D4D A0

MOV EBP,ESP
PUSH ECX
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ECX,DWORD PTR DS:[EAX+10]
MOV DWORD PTR SS:[LOCAL.1],ECX
MOV EDX,0E00
NOT EDX
MOV EAX,DWORD PTR SS:[ARG.1]
AND EDX,DWORD PTR DS:[EAX+10]
MOV ECX,800
AND ECX,00000E00
AND ECX,0000FFFF
OR EDX,ECX
MOV EAX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR DS:[EAX+10],EDX
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP

; SystemInf

MOV EBP,ESP
PUSH -1
PUSH 004463F5
MOV EAX,DWORD PTR FS:[0]
PUSH EAX
MOV EAX,13F4
CALL 0042E700

; Allocates

MOV EAX,DWORD PTR DS:[4515A0]


XOR EAX,EBP
MOV DWORD PTR SS:[LOCAL.31],EAX
PUSH EAX
LEA EAX,[LOCAL.3]
MOV DWORD PTR FS:[0],EAX
MOV DWORD PTR SS:[LOCAL.107],105
PUSH 10B

; /Arg1 = 1

CALL 0042D84C

; \SystemIn

ADD
MOV
MOV
MOV
MOV

ESP,4
DWORD PTR
EAX,DWORD
DWORD PTR
DWORD PTR

SS:[LOCAL.465],EAX
PTR SS:[LOCAL.465]
SS:[LOCAL.30],EAX
SS:[LOCAL.28],OFFSET 00449 ; ASCII "co

MOV DWORD PTR SS:[LOCAL.27],OFFSET 00449 ; ASCII "ol


MOV DWORD PTR SS:[LOCAL.26],OFFSET 00449 ; ASCII "ol
MOV DWORD PTR SS:[LOCAL.25],OFFSET 00449 ; ASCII "sh
MOV DWORD PTR SS:[LOCAL.106],4
LEA ECX,[LOCAL.24]

0041F95E |. E8 0D490000
0041F963 |. C745 FC 00000
0041F96A |. 8B0D F8284500
0041F970 |. 83C1 01
0041F973 |. 890D F8284500
0041F979 |. 68 77874400
ystemInfo.448777
0041F97E |. 8D8D A0F8FFFF
0041F984 |. E8 67F2FEFF
fo.0040EBF0
0041F989 |. C645 FC 01
0041F98D |. 8D95 A0F8FFFF
0041F993 |. 52
OFFSET LOCAL.472
0041F994 |. B9 0C294500
0041F999 |. E8 8277FEFF
fo.00407120
0041F99E |. 68 74874400
"
0041F9A3 |. A1 F8284500
0041F9A8 |. 50
[4528F8] = 0
0041F9A9 |. B9 08294500
0041F9AE |. E8 AD64FEFF
fo.00405E60
0041F9B3 |. 50
0041F9B4 |. E8 A7AFFEFF
0041F9B9 |. 83C4 08
0041F9BC |. 8D8D 84F8FFFF
0041F9C2 |. 51
OFFSET LOCAL.479
0041F9C3 |. B9 08294500
0041F9C8 |. E8 936AFEFF
fo.00406460
0041F9CD |. 8985 A8ECFFFF
0041F9D3 |. 8B95 A8ECFFFF
0041F9D9 |. 8995 A4ECFFFF
0041F9DF |. C645 FC 02
0041F9E3 |. 837D 08 00
0041F9E7 |. 75 0C
0041F9E9 |. C785 74F5FFFF
0041F9F3 |. EB 11
0041F9F5 |> 8B45 08
0041F9F8 |. 8B08
0041F9FA |. 8B55 08
0041F9FD |. 0351 04
0041FA00 |. 8995 74F5FFFF
0041FA06 |> 68 C0010000
C0
0041FA0B |. 6A 40
0
0041FA0D |. 8B8D 74F5FFFF
0041FA13 |. E8 6893FEFF
fo.00408D80
0041FA18 |. 6A 06
0041FA1A |. 8D85 7CF8FFFF
0041FA20 |. 50
OFFSET LOCAL.481
0041FA21 |. E8 72DD0000
fo.0042D798

CALL 00424270
MOV DWORD PTR SS:[LOCAL.1],0
MOV ECX,DWORD PTR DS:[4528F8]
ADD ECX,1
MOV DWORD PTR DS:[4528F8],ECX
PUSH OFFSET 00448777

; /Arg1 = S

LEA ECX,[LOCAL.472]
CALL 0040EBF0

; |
; \SystemIn

MOV BYTE PTR SS:[LOCAL.1],1


LEA EDX,[LOCAL.472]
PUSH EDX

; /Arg1 =>

MOV ECX,OFFSET 0045290C


CALL 00407120

; |
; \SystemIn

PUSH OFFSET 00448774

; ASCII ".

MOV EAX,DWORD PTR DS:[4528F8]


PUSH EAX

; /Arg1 =>

MOV ECX,OFFSET 00452908


CALL 00405E60

; |
; \SystemIn

PUSH EAX
CALL 0040A960
ADD ESP,8
LEA ECX,[LOCAL.479]
PUSH ECX

; /Arg1 =>

MOV ECX,OFFSET 00452908


CALL 00406460

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.1238],EAX


MOV EDX,DWORD PTR SS:[LOCAL.1238]
MOV DWORD PTR SS:[LOCAL.1239],EDX
MOV BYTE PTR SS:[LOCAL.1],2
CMP DWORD PTR SS:[ARG.1],0
JNE SHORT 0041F9F5
MOV DWORD PTR SS:[LOCAL.675],0
JMP SHORT 0041FA06
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[ARG.1]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[LOCAL.675],EDX
PUSH 1C0

; /Arg2 = 1

PUSH 40

; |Arg1 = 4

MOV ECX,DWORD PTR SS:[LOCAL.675]


CALL 00408D80

; |
; \SystemIn

PUSH 6
LEA EAX,[LOCAL.481]
PUSH EAX

; /Arg2 = 6
; |
; |Arg1 =>

CALL 0042D798

; \SystemIn

0041FA26 |.
0041FA29 |.
0041FA2F |.
0041FA33 |.
0041FA35 |.
0041FA3F |.
0041FA41 |>
0041FA44 |.
0041FA46 |.
0041FA49 |.
0041FA4C |.
0041FA52 |>
0041FA58 |.
0041FA5B |.
0041FA5C |.
0041FA62 |.
0041FA63 |.
0041FA69 |.
0041FA6B |.
0041FA6D |.
0041FA70 |.
0041FA76 |.
0041FA77 |.
0041FA7A |.
0041FA7B |.
0041FA80 |.
0041FA83 |.
0041FA89 |.
0041FA90 |.
0041FA92 |.
0041FA9C |.
0041FA9E |>
0041FAA4 |.
0041FAA6 |.
0041FAAC |.
0041FAAF |.
0041FAB5 |>
C0
0041FABA |.
0
0041FABF |.
0041FAC5 |.
fo.00408D80
0041FACA |.
LS"
0041FACF |.
0041FAD5 |.
0041FAD6 |.
0041FADB |.
0041FADE |.
0041FAE4 |.
A
0041FAE6 |.
0041FAEC |.
fo.0040F5C0
0041FAF1 |.
0041FAF7 |.
fo.0040F7C0
0041FAFC |.
0041FB00 |.

83C4 08
8985 70F5FFFF
837D 08 00
75 0C
C785 A0ECFFFF
EB 11
8B4D 08
8B11
8B45 08
0342 04
8985 A0ECFFFF
8B8D 70F5FFFF
8B51 04
52
8B85 A0ECFFFF
50
8B8D 70F5FFFF
8B11
FFD2
83C4 08
8B85 A4ECFFFF
50
8B4D 08
51
E8 E0B3FEFF
83C4 08
8985 68F5FFFF
83BD 68F5FFFF
75 0C
C785 6CF5FFFF
EB 17
8B95 68F5FFFF
8B02
8B8D 68F5FFFF
0348 04
898D 6CF5FFFF
68 C0010000

ADD ESP,8
MOV DWORD PTR SS:[LOCAL.676],EAX
CMP DWORD PTR SS:[ARG.1],0
JNE SHORT 0041FA41
MOV DWORD PTR SS:[LOCAL.1240],0
JMP SHORT 0041FA52
MOV ECX,DWORD PTR SS:[ARG.1]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[ARG.1]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.1240],EAX
MOV ECX,DWORD PTR SS:[LOCAL.676]
MOV EDX,DWORD PTR DS:[ECX+4]
PUSH EDX
MOV EAX,DWORD PTR SS:[LOCAL.1240]
PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.676]
MOV EDX,DWORD PTR DS:[ECX]
CALL EDX
ADD ESP,8
MOV EAX,DWORD PTR SS:[LOCAL.1239]
PUSH EAX
MOV ECX,DWORD PTR SS:[ARG.1]
PUSH ECX
CALL 0040AE60
ADD ESP,8
MOV DWORD PTR SS:[LOCAL.678],EAX
CMP DWORD PTR SS:[LOCAL.678],0
JNE SHORT 0041FA9E
MOV DWORD PTR SS:[LOCAL.677],0
JMP SHORT 0041FAB5
MOV EDX,DWORD PTR SS:[LOCAL.678]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[LOCAL.678]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.677],ECX
PUSH 1C0

; /Arg2 = 1

68 80000000

PUSH 80

; |Arg1 = 8

8B8D 6CF5FFFF MOV ECX,DWORD PTR SS:[LOCAL.677]


E8 B692FEFF CALL 00408D80

; |
; \SystemIn

68 B89A4400

PUSH OFFSET 00449AB8

; ASCII "DL

8B95 68F5FFFF
52
E8 85AEFEFF
83C4 08
8985 64F5FFFF
6A 0A

MOV EDX,DWORD PTR SS:[LOCAL.678]


PUSH EDX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[LOCAL.679],EAX
PUSH 0A

; /Arg1 = 0

8B8D 64F5FFFF MOV ECX,DWORD PTR SS:[LOCAL.679]


E8 CFFAFEFF CALL 0040F5C0

; |
; \SystemIn

8B8D 64F5FFFF MOV ECX,DWORD PTR SS:[LOCAL.679]


E8 C4FCFEFF CALL 0040F7C0

; [SystemIn

C645 FC 01
6A 00

; /Arg2 = 0

MOV BYTE PTR SS:[LOCAL.1],1


PUSH 0

0041FB02 |. 6A 01
PUSH 1
0041FB04 |. 8D8D 84F8FFFF LEA ECX,[LOCAL.479]
0041FB0A |. E8 5100FFFF CALL 0040FB60
fo.0040FB60
0041FB0F |. C645 FC 00
MOV BYTE PTR SS:[LOCAL.1],0
0041FB13 |. 6A 00
PUSH 0
0041FB15 |. 6A 01
PUSH 1
0041FB17 |. 8D8D A0F8FFFF LEA ECX,[LOCAL.472]
0041FB1D |. E8 3E00FFFF CALL 0040FB60
fo.0040FB60
0041FB22 |. C785 4CFEFFFF MOV DWORD PTR SS:[LOCAL.109],105
0041FB2C |. 8B45 88
MOV EAX,DWORD PTR SS:[LOCAL.30]
0041FB2F |. C600 00
MOV BYTE PTR DS:[EAX],0
0041FB32 |. 8D8D 50FEFFFF LEA ECX,[LOCAL.108]
0041FB38 |. 51
PUSH ECX
=> OFFSET LOCAL.108
0041FB39 |. 6A 01
PUSH 1
ccess = KEY_QUERY_VALUE
0041FB3B |. 6A 00
PUSH 0
= 0
0041FB3D |. 68 849A4400 PUSH OFFSET 00449A84
"Software\Watchtower\MEPS\Location\MEPS Platform 2.2"
0041FB42 |. 68 02000080 PUSH 80000002
KEY_LOCAL_MACHINE
0041FB47 |. FF15 08804400 CALL DWORD PTR DS:[<&ADVAPI32.RegOpenKey
.RegOpenKeyExA
0041FB4D |. 85C0
TEST EAX,EAX
0041FB4F |. 75 2E
JNE SHORT 0041FB7F
0041FB51 |. 8D95 4CFEFFFF LEA EDX,[LOCAL.109]
0041FB57 |. 52
PUSH EDX
=> OFFSET LOCAL.109
0041FB58 |. 8B45 88
MOV EAX,DWORD PTR SS:[LOCAL.30]
0041FB5B |. 50
PUSH EAX
[LOCAL.30]
0041FB5C |. 6A 00
PUSH 0
NULL
0041FB5E |. 6A 00
PUSH 0
= 0
0041FB60 |. 68 7C9A4400 PUSH OFFSET 00449A7C
Path"
0041FB65 |. 8B8D 50FEFFFF MOV ECX,DWORD PTR SS:[LOCAL.108]
0041FB6B |. 51
PUSH ECX
[LOCAL.108]
0041FB6C |. FF15 04804400 CALL DWORD PTR DS:[<&ADVAPI32.RegQueryVa
.RegQueryValueExA
0041FB72 |. 8B95 50FEFFFF MOV EDX,DWORD PTR SS:[LOCAL.108]
0041FB78 |. 52
PUSH EDX
[LOCAL.108]
0041FB79 |. FF15 14804400 CALL DWORD PTR DS:[<&ADVAPI32.RegCloseKe
.RegCloseKey
0041FB7F |> 8B45 88
MOV EAX,DWORD PTR SS:[LOCAL.30]
0041FB82 |. 0FBE08
MOVSX ECX,BYTE PTR DS:[EAX]
0041FB85 |. 85C9
TEST ECX,ECX
0041FB87 |. 0F85 9A000000 JNE 0041FC27
0041FB8D |. 6A 06
PUSH 6
0041FB8F |. 8D95 74F8FFFF LEA EDX,[LOCAL.483]
0041FB95 |. 52
PUSH EDX
OFFSET LOCAL.483
0041FB96 |. E8 FDDB0000 CALL 0042D798
fo.0042D798

; |Arg1 = 1
; |
; \SystemIn
;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

; /pResult
; |DesiredA
; |Reserved
; |SubKey =
; |hKey = H
; \ADVAPI32

; /pDataLen
; |
; |pData =>
; |pType =
; |Reserved
; |Name = "
; |
; |hKey =>
; \ADVAPI32
; /hKey =>
; \ADVAPI32

; /Arg2 = 6
; |
; |Arg1 =>
; \SystemIn

0041FB9B |. 83C4 08
0041FB9E |. 8985 60F5FFFF
0041FBA4 |. 837D 08 00
0041FBA8 |. 75 0C
0041FBAA |. C785 9CECFFFF
0041FBB4 |. EB 11
0041FBB6 |> 8B45 08
0041FBB9 |. 8B08
0041FBBB |. 8B55 08
0041FBBE |. 0351 04
0041FBC1 |. 8995 9CECFFFF
0041FBC7 |> 8B85 60F5FFFF
0041FBCD |. 8B48 04
0041FBD0 |. 51
0041FBD1 |. 8B95 9CECFFFF
0041FBD7 |. 52
0041FBD8 |. 8B85 60F5FFFF
0041FBDE |. 8B08
0041FBE0 |. FFD1
0041FBE2 |. 83C4 08
0041FBE5 |. 68 609A4400
nnot find Watchtower DLLs"
0041FBEA |. 68 77874400
0041FBEF |. 8B55 08
0041FBF2 |. 52
0041FBF3 |. E8 68ADFEFF
0041FBF8 |. 83C4 08
0041FBFB |. 50
0041FBFC |. E8 5FADFEFF
0041FC01 |. 83C4 08
0041FC04 |. 8985 5CF5FFFF
0041FC0A |. 6A 0A
A
0041FC0C |. 8B8D 5CF5FFFF
0041FC12 |. E8 A9F9FEFF
fo.0040F5C0
0041FC17 |. 8B8D 5CF5FFFF
0041FC1D |. E8 9EFBFEFF
fo.0040F7C0
0041FC22 |. E9 7D010000
0041FC27 |> 8D85 73F8FFFF
0041FC2D |. 50
0041FC2E |. 8B4D 88
0041FC31 |. 51
[LOCAL.30]
0041FC32 |. 8D8D 24FEFFFF
0041FC38 |. E8 03F0FEFF
fo.0040EC40
0041FC3D |. C785 40FEFFFF
0041FC47 |. C785 44FEFFFF
0041FC51 |. C785 48FEFFFF
0041FC5B |. C645 FC 03
0041FC5F |. 68 589A4400
*.dll"
0041FC64 |. 8B55 88
0041FC67 |. 52
[LOCAL.30]
0041FC68 |. FF15 D0804400
.lstrcatA
0041FC6E |. 8D85 E4FCFFFF

ADD ESP,8
MOV DWORD PTR SS:[LOCAL.680],EAX
CMP DWORD PTR SS:[ARG.1],0
JNE SHORT 0041FBB6
MOV DWORD PTR SS:[LOCAL.1241],0
JMP SHORT 0041FBC7
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[ARG.1]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[LOCAL.1241],EDX
MOV EAX,DWORD PTR SS:[LOCAL.680]
MOV ECX,DWORD PTR DS:[EAX+4]
PUSH ECX
MOV EDX,DWORD PTR SS:[LOCAL.1241]
PUSH EDX
MOV EAX,DWORD PTR SS:[LOCAL.680]
MOV ECX,DWORD PTR DS:[EAX]
CALL ECX
ADD ESP,8
PUSH OFFSET 00449A60

; ASCII "Ca

PUSH OFFSET 00448777


MOV EDX,DWORD PTR SS:[ARG.1]
PUSH EDX
CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[LOCAL.681],EAX
PUSH 0A

; /Arg1 = 0

MOV ECX,DWORD PTR SS:[LOCAL.681]


CALL 0040F5C0

; |
; \SystemIn

MOV ECX,DWORD PTR SS:[LOCAL.681]


CALL 0040F7C0

; [SystemIn

JMP 0041FDA4
LEA EAX,[LOCAL.484+3]
PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.30]
PUSH ECX

; /Arg2
; |
; |Arg1 =>

LEA ECX,[LOCAL.119]
CALL 0040EC40

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.112],0


MOV DWORD PTR SS:[LOCAL.111],0
MOV DWORD PTR SS:[LOCAL.110],0
MOV BYTE PTR SS:[LOCAL.1],3
PUSH OFFSET 00449A58

; /Src = "\

MOV EDX,DWORD PTR SS:[LOCAL.30]


PUSH EDX

; |
; |Dest =>

CALL DWORD PTR DS:[<&KERNEL32.lstrcatA>] ; \KERNEL32


LEA EAX,[LOCAL.199]

0041FC74 |. 50
a => OFFSET LOCAL.199
0041FC75 |. 8B4D 88
0041FC78 |. 51
=> [LOCAL.30]
0041FC79 |. FF15 CC804400
.FindFirstFileA
0041FC7F |. 8985 E0FCFFFF
0041FC85 |. 83BD E0FCFFFF
0041FC8C |. 0F84 F0000000
0041FC92 |> 68 60854400
ystemInfo.448560
0041FC97 |. 8D95 24FEFFFF
0041FC9D |. 52
OFFSET LOCAL.119
0041FC9E |. 8D85 48F8FFFF
0041FCA4 |. 50
OFFSET LOCAL.494
0041FCA5 |. E8 46EDFEFF
fo.0040E9F0
0041FCAA |. 83C4 0C
0041FCAD |. 8985 98ECFFFF
0041FCB3 |. 8B8D 98ECFFFF
0041FCB9 |. 898D 94ECFFFF
0041FCBF |. C645 FC 04
0041FCC3 |. 8D95 10FDFFFF
0041FCC9 |. 52
OFFSET LOCAL.188
0041FCCA |. 8B85 94ECFFFF
0041FCD0 |. 50
[LOCAL.1243]
0041FCD1 |. 8D8D B8FCFFFF
0041FCD7 |. 51
OFFSET LOCAL.210
0041FCD8 |. E8 13EDFEFF
fo.0040E9F0
0041FCDD |. 83C4 0C
0041FCE0 |. C645 FC 07
0041FCE4 |. 8D8D 48F8FFFF
0041FCEA |. E8 91EAFEFF
fo.0040E780
0041FCEF |. C645 FC 06
0041FCF3 |. 6A 00
0041FCF5 |. 6A 01
0041FCF7 |. 8D8D 48F8FFFF
0041FCFD |. E8 5EFEFEFF
fo.0040FB60
0041FD02 |. 8D95 B8FCFFFF
0041FD08 |. 52
OFFSET LOCAL.210
0041FD09 |. 8D4D A0
0041FD0C |. E8 7F450000
fo.00424290
0041FD11 |. 50
0041FD12 |. 83EC 28
0041FD15 |. 8BCC
0041FD17 |. 89A5 44F8FFFF
0041FD1D |. 8D85 B8FCFFFF
0041FD23 |. 50
OFFSET LOCAL.210

PUSH EAX

; /pFindDat

MOV ECX,DWORD PTR SS:[LOCAL.30]


PUSH ECX

; |
; |FileName

CALL DWORD PTR DS:[<&KERNEL32.FindFirstF ; \KERNEL32


MOV DWORD PTR SS:[LOCAL.200],EAX
CMP DWORD PTR SS:[LOCAL.200],-1
JE 0041FD82
/PUSH OFFSET 00448560

; /Arg3 = S

|LEA EDX,[LOCAL.119]
|PUSH EDX

; |
; |Arg2 =>

|LEA EAX,[LOCAL.494]
|PUSH EAX

; |
; |Arg1 =>

|CALL 0040E9F0

; \SystemIn

|ADD ESP,0C
|MOV DWORD PTR SS:[LOCAL.1242],EAX
|MOV ECX,DWORD PTR SS:[LOCAL.1242]
|MOV DWORD PTR SS:[LOCAL.1243],ECX
|MOV BYTE PTR SS:[LOCAL.1],4
|LEA EDX,[LOCAL.188]
|PUSH EDX

; /Arg3 =>

|MOV EAX,DWORD PTR SS:[LOCAL.1243]


|PUSH EAX

; |
; |Arg2 =>

|LEA ECX,[LOCAL.210]
|PUSH ECX

; |
; |Arg1 =>

|CALL 0040E9F0

; \SystemIn

|ADD ESP,0C
|MOV BYTE PTR SS:[LOCAL.1],7
|LEA ECX,[LOCAL.494]
|CALL 0040E780

; [SystemIn

|MOV BYTE PTR SS:[LOCAL.1],6


|PUSH 0
|PUSH 1
|LEA ECX,[LOCAL.494]
|CALL 0040FB60

;
;
;
;

|LEA EDX,[LOCAL.210]
|PUSH EDX

; /Arg1 =>

|LEA ECX,[LOCAL.24]
|CALL 00424290

; |
; \SystemIn

|PUSH EAX
|SUB ESP,28
|MOV ECX,ESP
|MOV DWORD PTR SS:[LOCAL.495],ESP
|LEA EAX,[LOCAL.210]
|PUSH EAX

; /Arg1 =>

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

0041FD24 |. E8 E7AFFEFF |CALL 0040AD10


fo.0040AD10
0041FD29 |. 8985 90ECFFFF |MOV DWORD PTR SS:[LOCAL.1244],EAX
0041FD2F |. E8 4CB1FFFF |CALL 0041AE80
0041FD34 |. 83C4 2C
|ADD ESP,2C
0041FD37 |. C645 FC 08
|MOV BYTE PTR SS:[LOCAL.1],8
0041FD3B |. 8D8D B8FCFFFF |LEA ECX,[LOCAL.210]
0041FD41 |. E8 3AEAFEFF |CALL 0040E780
fo.0040E780
0041FD46 |. C645 FC 03
|MOV BYTE PTR SS:[LOCAL.1],3
0041FD4A |. 6A 00
|PUSH 0
0041FD4C |. 6A 01
|PUSH 1
0041FD4E |. 8D8D B8FCFFFF |LEA ECX,[LOCAL.210]
0041FD54 |. E8 07FEFEFF |CALL 0040FB60
fo.0040FB60
0041FD59 |. 8D8D E4FCFFFF |LEA ECX,[LOCAL.199]
0041FD5F |. 51
|PUSH ECX
a => OFFSET LOCAL.199
0041FD60 |. 8B95 E0FCFFFF |MOV EDX,DWORD PTR SS:[LOCAL.200]
0041FD66 |. 52
|PUSH EDX
e => [LOCAL.200]
0041FD67 |. FF15 C8804400 |CALL DWORD PTR DS:[<&KERNEL32.FindNextF
.FindNextFileA
0041FD6D |. 85C0
|TEST EAX,EAX
0041FD6F |.^ 0F85 1DFFFFFF \JNE 0041FC92
0041FD75 |. 8B85 E0FCFFFF MOV EAX,DWORD PTR SS:[LOCAL.200]
0041FD7B |. 50
PUSH EAX
e => [LOCAL.200]
0041FD7C |. FF15 C4804400 CALL DWORD PTR DS:[<&KERNEL32.FindClose>
.FindClose
0041FD82 |> C645 FC 09
MOV BYTE PTR SS:[LOCAL.1],9
0041FD86 |. 8D8D 24FEFFFF LEA ECX,[LOCAL.119]
0041FD8C |. E8 EFE9FEFF CALL 0040E780
fo.0040E780
0041FD91 |. C645 FC 00
MOV BYTE PTR SS:[LOCAL.1],0
0041FD95 |. 6A 00
PUSH 0
0041FD97 |. 6A 01
PUSH 1
0041FD99 |. 8D8D 24FEFFFF LEA ECX,[LOCAL.119]
0041FD9F |. E8 BCFDFEFF CALL 0040FB60
fo.0040FB60
0041FDA4 |> 8D4D E0
LEA ECX,[LOCAL.8]
0041FDA7 |. 51
PUSH ECX
=> OFFSET LOCAL.8
0041FDA8 |. 68 19000200 PUSH 20019
ccess = KEY_READ
0041FDAD |. 6A 00
PUSH 0
= 0
0041FDAF |. 68 FC824400 PUSH OFFSET 004482FC
"Software\Watchtower\MEPS\System\2.2\Configurations"
0041FDB4 |. 68 02000080 PUSH 80000002
KEY_LOCAL_MACHINE
0041FDB9 |. FF15 08804400 CALL DWORD PTR DS:[<&ADVAPI32.RegOpenKey
.RegOpenKeyExA
0041FDBF |. 85C0
TEST EAX,EAX
0041FDC1 |. 0F84 BF000000 JE 0041FE86
0041FDC7 |. 6A 06
PUSH 6
0041FDC9 |. 8D95 3CF8FFFF LEA EDX,[LOCAL.497]
0041FDCF |. 52
PUSH EDX
OFFSET LOCAL.497
0041FDD0 |. E8 C3D90000 CALL 0042D798

; \SystemIn

; [SystemIn
;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

; /pFinddat
; |
; |hFindfil
; \KERNEL32

; /hFindFil
; \KERNEL32

; [SystemIn
;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

; /pResult
; |DesiredA
; |Reserved
; |SubKey =
; |hKey = H
; \ADVAPI32

; /Arg2 = 6
; |
; |Arg1 =>
; \SystemIn

fo.0042D798
0041FDD5 |. 83C4 08
0041FDD8 |. 8985 C4F3FFFF
0041FDDE |. 837D 08 00
0041FDE2 |. 75 0C
0041FDE4 |. C785 8CECFFFF
0041FDEE |. EB 11
0041FDF0 |> 8B45 08
0041FDF3 |. 8B08
0041FDF5 |. 8B55 08
0041FDF8 |. 0351 04
0041FDFB |. 8995 8CECFFFF
0041FE01 |> 8B85 C4F3FFFF
0041FE07 |. 8B48 04
0041FE0A |. 51
0041FE0B |. 8B95 8CECFFFF
0041FE11 |. 52
0041FE12 |. 8B85 C4F3FFFF
0041FE18 |. 8B08
0041FE1A |. FFD1
0041FE1C |. 83C4 08
0041FE1F |. 68 E8824400
configurations"
0041FE24 |. 68 77874400
0041FE29 |. 8B55 08
0041FE2C |. 52
0041FE2D |. E8 2EABFEFF
0041FE32 |. 83C4 08
0041FE35 |. 50
0041FE36 |. E8 25ABFEFF
0041FE3B |. 83C4 08
0041FE3E |. 8985 C0F3FFFF
0041FE44 |. 6A 0A
A
0041FE46 |. 8B8D C0F3FFFF
0041FE4C |. E8 6FF7FEFF
fo.0040F5C0
0041FE51 |. 8B8D C0F3FFFF
0041FE57 |. E8 64F9FEFF
fo.0040F7C0
0041FE5C |. C745 FC FFFFF
0041FE63 |. C745 FC 0A000
0041FE6A |. 8D4D A0
0041FE6D |. E8 FE6F0000
fo.00426E70
0041FE72 |. C745 FC FFFFF
0041FE79 |. 8D4D A0
0041FE7C |. E8 BF6FFEFF
0041FE81 |. E9 C4140000
0041FE86 |> C745 E4 00000
0041FE8D |. C745 E4 00000
0041FE94 |. EB 09
0041FE96 |> 8B45 E4
0041FE99 |. 83C0 01
0041FE9C |. 8945 E4
0041FE9F |> C745 8C 00010
0041FEA6 |. 8D4D EC
0041FEA9 |. 51
teTime => OFFSET LOCAL.5
0041FEAA |. 6A 00

ADD ESP,8
MOV DWORD PTR SS:[LOCAL.783],EAX
CMP DWORD PTR SS:[ARG.1],0
JNE SHORT 0041FDF0
MOV DWORD PTR SS:[LOCAL.1245],0
JMP SHORT 0041FE01
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[ARG.1]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[LOCAL.1245],EDX
MOV EAX,DWORD PTR SS:[LOCAL.783]
MOV ECX,DWORD PTR DS:[EAX+4]
PUSH ECX
MOV EDX,DWORD PTR SS:[LOCAL.1245]
PUSH EDX
MOV EAX,DWORD PTR SS:[LOCAL.783]
MOV ECX,DWORD PTR DS:[EAX]
CALL ECX
ADD ESP,8
PUSH OFFSET 004482E8

; ASCII "No

PUSH OFFSET 00448777


MOV EDX,DWORD PTR SS:[ARG.1]
PUSH EDX
CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[LOCAL.784],EAX
PUSH 0A

; /Arg1 = 0

MOV ECX,DWORD PTR SS:[LOCAL.784]


CALL 0040F5C0

; |
; \SystemIn

MOV ECX,DWORD PTR SS:[LOCAL.784]


CALL 0040F7C0

; [SystemIn

MOV DWORD PTR SS:[LOCAL.1],-1


MOV DWORD PTR SS:[LOCAL.1],0A
LEA ECX,[LOCAL.24]
CALL 00426E70

; [SystemIn

MOV DWORD PTR SS:[LOCAL.1],-1


LEA ECX,[LOCAL.24]
CALL 00406E40
JMP 0042134A
MOV DWORD PTR SS:[LOCAL.7],0
MOV DWORD PTR SS:[LOCAL.7],0
JMP SHORT 0041FE9F
/MOV EAX,DWORD PTR SS:[LOCAL.7]
|ADD EAX,1
|MOV DWORD PTR SS:[LOCAL.7],EAX
|MOV DWORD PTR SS:[LOCAL.29],100
|LEA ECX,[LOCAL.5]
|PUSH ECX

; /pLastWri

|PUSH 0

; |pClassLe

n = NULL
0041FEAC |. 6A 00
NULL
0041FEAE |. 6A 00
= 0
0041FEB0 |. 8D55 8C
0041FEB3 |. 52
=> OFFSET LOCAL.29
0041FEB4 |. 8D85 84FEFFFF
0041FEBA |. 50
OFFSET LOCAL.95
0041FEBB |. 8B4D E4
0041FEBE |. 51
[LOCAL.7]
0041FEBF |. 8B55 E0
0041FEC2 |. 52
[LOCAL.8]
0041FEC3 |. FF15 0C804400
.RegEnumKeyExA
0041FEC9 |. 8945 E8
0041FECC |. 837D E8 00
0041FED0 |. 0F85 D1030000
0041FED6 |. 8D85 B0FAFFFF
0041FEDC |. 50
=> OFFSET LOCAL.340
0041FEDD |. 68 19000200
ccess = KEY_READ
0041FEE2 |. 6A 00
= 0
0041FEE4 |. 8D8D 84FEFFFF
0041FEEA |. 51
> OFFSET LOCAL.95
0041FEEB |. 8B55 E0
0041FEEE |. 52
[LOCAL.8]
0041FEEF |. FF15 08804400
.RegOpenKeyExA
0041FEF5 |. 85C0
0041FEF7 |. 74 02
0041FEF9 |.^ EB 9B
0041FEFB |> C785 A4FAFFFF
0041FF05 |. EB 0F
0041FF07 |> 8B85 A4FAFFFF
0041FF0D |. 83C0 01
0041FF10 |. 8985 A4FAFFFF
0041FF16 |> C785 ACFAFFFF
0041FF20 |. C785 B4FCFFFF
0041FF2A |. 8D8D ACFAFFFF
0041FF30 |. 51
=> OFFSET LOCAL.341
0041FF31 |. 8D95 B4FBFFFF
0041FF37 |. 52
OFFSET LOCAL.275
0041FF38 |. 8D85 A8FAFFFF
0041FF3E |. 50
OFFSET LOCAL.342
0041FF3F |. 6A 00
= 0
0041FF41 |. 8D8D B4FCFFFF
0041FF47 |. 51

|PUSH 0

; |Class =

|PUSH 0

; |Reserved

|LEA EDX,[LOCAL.29]
|PUSH EDX

; |
; |pNameLen

|LEA EAX,[LOCAL.95]
|PUSH EAX

; |
; |Name =>

|MOV ECX,DWORD PTR SS:[LOCAL.7]


|PUSH ECX

; |
; |Index =>

|MOV EDX,DWORD PTR SS:[LOCAL.8]


|PUSH EDX

; |
; |hKey =>

|CALL DWORD PTR DS:[<&ADVAPI32.RegEnumKe ; \ADVAPI32


|MOV DWORD PTR SS:[LOCAL.6],EAX
|CMP DWORD PTR SS:[LOCAL.6],0
|JNE 004202A7
|LEA EAX,[LOCAL.340]
|PUSH EAX

; /pResult

|PUSH 20019

; |DesiredA

|PUSH 0

; |Reserved

|LEA ECX,[LOCAL.95]
|PUSH ECX

; |
; |SubKey =

|MOV EDX,DWORD PTR SS:[LOCAL.8]


|PUSH EDX

; |
; |hKey =>

|CALL DWORD PTR DS:[<&ADVAPI32.RegOpenKe ; \ADVAPI32


|TEST EAX,EAX
|JE SHORT 0041FEFB
|JMP SHORT 0041FE96
|MOV DWORD PTR SS:[LOCAL.343],0
|JMP SHORT 0041FF16
|/MOV EAX,DWORD PTR SS:[LOCAL.343]
||ADD EAX,1
||MOV DWORD PTR SS:[LOCAL.343],EAX
||MOV DWORD PTR SS:[LOCAL.341],100
||MOV DWORD PTR SS:[LOCAL.211],100
||LEA ECX,[LOCAL.341]
||PUSH ECX

; /pDataLen

||LEA EDX,[LOCAL.275]
||PUSH EDX

; |
; |Data =>

||LEA EAX,[LOCAL.342]
||PUSH EAX

; |
; |pType =>

||PUSH 0

; |Reserved

||LEA ECX,[LOCAL.211]
||PUSH ECX

; |
; |pNameLen

=> OFFSET LOCAL.211


0041FF48 |. 8D95 B4FAFFFF
0041FF4E |. 52
OFFSET LOCAL.339
0041FF4F |. 8B85 A4FAFFFF
0041FF55 |. 50
[LOCAL.343]
0041FF56 |. 8B8D B0FAFFFF
0041FF5C |. 51
[LOCAL.340]
0041FF5D |. FF15 10804400
.RegEnumValueA
0041FF63 |. 8945 E8
0041FF66 |. 837D E8 00
0041FF6A |. 0F85 76020000
0041FF70 |. 8D95 3BF8FFFF
0041FF76 |. 52
0041FF77 |. 8D85 B4FBFFFF
0041FF7D |. 50
OFFSET LOCAL.275
0041FF7E |. 8D8D 7CFAFFFF
0041FF84 |. E8 B7ECFEFF
fo.0040EC40
0041FF89 |. C785 98FAFFFF
0041FF93 |. C785 9CFAFFFF
0041FF9D |. C785 A0FAFFFF
0041FFA7 |. C645 FC 0B
0041FFAB |. 68 4C9A4400
SCII "\*.wtplug*"
0041FFB0 |. 8D8D 7CFAFFFF
0041FFB6 |. 51
OFFSET LOCAL.353
0041FFB7 |. 8D95 10F8FFFF
0041FFBD |. 52
OFFSET LOCAL.508
0041FFBE |. E8 2DEAFEFF
fo.0040E9F0
0041FFC3 |. 83C4 0C
0041FFC6 |. 8985 BCF3FFFF
0041FFCC |. 8B85 BCF3FFFF
0041FFD2 |. 8378 18 10
0041FFD6 |. 72 11
0041FFD8 |. 8B8D BCF3FFFF
0041FFDE |. 8B51 04
0041FFE1 |. 8995 88ECFFFF
0041FFE7 |. EB 0F
0041FFE9 |> 8B85 BCF3FFFF
0041FFEF |. 83C0 04
0041FFF2 |. 8985 88ECFFFF
0041FFF8 |> 8D8D 3CF9FFFF
0041FFFE |. 51
a => OFFSET LOCAL.433
0041FFFF |. 8B95 88ECFFFF
00420005 |. 52
=> [LOCAL.1246]
00420006 |. FF15 CC804400
.FindFirstFileA
0042000C |. 8985 38F9FFFF
00420012 |. C645 FC 0C
00420016 |. 8D8D 10F8FFFF

||LEA EDX,[LOCAL.339]
||PUSH EDX

; |
; |Name =>

||MOV EAX,DWORD PTR SS:[LOCAL.343]


||PUSH EAX

; |
; |Index =>

||MOV ECX,DWORD PTR SS:[LOCAL.340]


||PUSH ECX

; |
; |hKey =>

||CALL DWORD PTR DS:[<&ADVAPI32.RegEnumV ; \ADVAPI32


||MOV DWORD PTR SS:[LOCAL.6],EAX
||CMP DWORD PTR SS:[LOCAL.6],0
||JNE 004201E6
||LEA EDX,[LOCAL.498+3]
||PUSH EDX
||LEA EAX,[LOCAL.275]
||PUSH EAX

; /Arg2
; |
; |Arg1 =>

||LEA ECX,[LOCAL.353]
||CALL 0040EC40

; |
; \SystemIn

||MOV DWORD PTR SS:[LOCAL.346],0


||MOV DWORD PTR SS:[LOCAL.345],0
||MOV DWORD PTR SS:[LOCAL.344],0
||MOV BYTE PTR SS:[LOCAL.1],0B
||PUSH OFFSET 00449A4C

; /Arg3 = A

||LEA ECX,[LOCAL.353]
||PUSH ECX

; |
; |Arg2 =>

||LEA EDX,[LOCAL.508]
||PUSH EDX

; |
; |Arg1 =>

||CALL 0040E9F0

; \SystemIn

||ADD ESP,0C
||MOV DWORD PTR SS:[LOCAL.785],EAX
||MOV EAX,DWORD PTR SS:[LOCAL.785]
||CMP DWORD PTR DS:[EAX+18],10
||JB SHORT 0041FFE9
||MOV ECX,DWORD PTR SS:[LOCAL.785]
||MOV EDX,DWORD PTR DS:[ECX+4]
||MOV DWORD PTR SS:[LOCAL.1246],EDX
||JMP SHORT 0041FFF8
||MOV EAX,DWORD PTR SS:[LOCAL.785]
||ADD EAX,4
||MOV DWORD PTR SS:[LOCAL.1246],EAX
||LEA ECX,[LOCAL.433]
||PUSH ECX

; /pFindDat

||MOV EDX,DWORD PTR SS:[LOCAL.1246]


||PUSH EDX

; |
; |FileName

||CALL DWORD PTR DS:[<&KERNEL32.FindFirs ; \KERNEL32


||MOV DWORD PTR SS:[LOCAL.434],EAX
||MOV BYTE PTR SS:[LOCAL.1],0C
||LEA ECX,[LOCAL.508]

0042001C |. E8 5FE7FEFF
fo.0040E780
00420021 |. C645 FC 0B
00420025 |. 6A 00
00420027 |. 6A 01
00420029 |. 8D8D 10F8FFFF
0042002F |. E8 2CFBFEFF
fo.0040FB60
00420034 |. 83BD 38F9FFFF
0042003B |. 0F84 7E010000
00420041 |> 68 60854400
ystemInfo.448560
00420046 |. 8D85 7CFAFFFF
0042004C |. 50
OFFSET LOCAL.353
0042004D |. 8D8D E8F7FFFF
00420053 |. 51
OFFSET LOCAL.518
00420054 |. E8 97E9FEFF
fo.0040E9F0
00420059 |. 83C4 0C
0042005C |. 8985 84ECFFFF
00420062 |. 8B95 84ECFFFF
00420068 |. 8995 80ECFFFF
0042006E |. C645 FC 0D
00420072 |. 8D85 68F9FFFF
00420078 |. 50
OFFSET LOCAL.422
00420079 |. 8B8D 80ECFFFF
0042007F |. 51
[LOCAL.1248]
00420080 |. 8D95 10F9FFFF
00420086 |. 52
OFFSET LOCAL.444
00420087 |. E8 64E9FEFF
fo.0040E9F0
0042008C |. 83C4 0C
0042008F |. C645 FC 10
00420093 |. 8D8D E8F7FFFF
00420099 |. E8 E2E6FEFF
fo.0040E780
0042009E |. C645 FC 0F
004200A2 |. 6A 00
004200A4 |. 6A 01
004200A6 |. 8D8D E8F7FFFF
004200AC |. E8 AFFAFEFF
fo.0040FB60
004200B1 |. 8B45 B8
004200B4 |. 8985 B8F3FFFF
004200BA |. 8D4D A0
004200BD |. 51
OFFSET LOCAL.24
004200BE |. 8B95 B8F3FFFF
004200C4 |. 52
[LOCAL.786]
004200C5 |. 8D8D D8F7FFFF
004200CB |. E8 20900000
fo.004290F0
004200D0 |. 8D85 10F9FFFF
004200D6 |. 50

||CALL 0040E780

; [SystemIn

||MOV BYTE PTR SS:[LOCAL.1],0B


||PUSH 0
||PUSH 1
||LEA ECX,[LOCAL.508]
||CALL 0040FB60

;
;
;
;

||CMP DWORD PTR SS:[LOCAL.434],-1


||JE 004201BF
||/PUSH OFFSET 00448560

; /Arg3 = S

|||LEA EAX,[LOCAL.353]
|||PUSH EAX

; |
; |Arg2 =>

|||LEA ECX,[LOCAL.518]
|||PUSH ECX

; |
; |Arg1 =>

|||CALL 0040E9F0

; \SystemIn

|||ADD ESP,0C
|||MOV DWORD PTR SS:[LOCAL.1247],EAX
|||MOV EDX,DWORD PTR SS:[LOCAL.1247]
|||MOV DWORD PTR SS:[LOCAL.1248],EDX
|||MOV BYTE PTR SS:[LOCAL.1],0D
|||LEA EAX,[LOCAL.422]
|||PUSH EAX

; /Arg3 =>

|||MOV ECX,DWORD PTR SS:[LOCAL.1248]


|||PUSH ECX

; |
; |Arg2 =>

|||LEA EDX,[LOCAL.444]
|||PUSH EDX

; |
; |Arg1 =>

|||CALL 0040E9F0

; \SystemIn

|||ADD ESP,0C
|||MOV BYTE PTR SS:[LOCAL.1],10
|||LEA ECX,[LOCAL.518]
|||CALL 0040E780

; [SystemIn

|||MOV BYTE PTR SS:[LOCAL.1],0F


|||PUSH 0
|||PUSH 1
|||LEA ECX,[LOCAL.518]
|||CALL 0040FB60

;
;
;
;

|||MOV EAX,DWORD PTR SS:[LOCAL.18]


|||MOV DWORD PTR SS:[LOCAL.786],EAX
|||LEA ECX,[LOCAL.24]
|||PUSH ECX

; /Arg2 =>

|||MOV EDX,DWORD PTR SS:[LOCAL.786]


|||PUSH EDX

; |
; |Arg1 =>

|||LEA ECX,[LOCAL.522]
|||CALL 004290F0

; |
; \SystemIn

|||LEA EAX,[LOCAL.444]
|||PUSH EAX

; /Arg2 =>

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

OFFSET LOCAL.444
004200D7 |. 8D8D E0F7FFFF
004200DD |. 51
OFFSET LOCAL.520
004200DE |. 8D4D A0
004200E1 |. E8 FA440000
fo.004245E0
004200E6 |. 8985 88F3FFFF
004200EC |. 8B95 88F3FFFF
004200F2 |. 33C0
004200F4 |. 833A 00
004200F7 |. 0F95C0
004200FA |. 0FB6C8
004200FD |. 85C9
004200FF |. 74 1A
00420101 |. 8B95 88F3FFFF
00420107 |. 8B02
00420109 |. 33C9
0042010B |. 3B85 D8F7FFFF
00420111 |. 0F94C1
00420114 |. 0FB6D1
00420117 |. 85D2
00420119 |. 75 05
0042011B |> E8 68E70000
00420120 |> 33C0
00420122 |.^ 75 FC
00420124 |. 8B8D 88F3FFFF
0042012A |. 8B51 04
0042012D |. 33C0
0042012F |. 3B95 DCF7FFFF
00420135 |. 0F94C0
00420138 |. 0FB6C8
0042013B |. 85C9
0042013D |. 74 35
0042013F |. 8D95 10F9FFFF
00420145 |. 52
OFFSET LOCAL.444
00420146 |. 8D4D A0
00420149 |. E8 42410000
fo.00424290
0042014E |. 50
0042014F |. 83EC 28
00420152 |. 8BCC
00420154 |. 89A5 D4F7FFFF
0042015A |. 8D85 10F9FFFF
00420160 |. 50
OFFSET LOCAL.444
00420161 |. E8 AAABFEFF
fo.0040AD10
00420166 |. 8985 7CECFFFF
0042016C |. E8 0FADFFFF
00420171 |. 83C4 2C
00420174 |> C645 FC 11
00420178 |. 8D8D 10F9FFFF
0042017E |. E8 FDE5FEFF
fo.0040E780
00420183 |. C645 FC 0B
00420187 |. 6A 00
00420189 |. 6A 01
0042018B |. 8D8D 10F9FFFF

|||LEA ECX,[LOCAL.520]
|||PUSH ECX

; |
; |Arg1 =>

|||LEA ECX,[LOCAL.24]
|||CALL 004245E0

; |
; \SystemIn

|||MOV DWORD PTR SS:[LOCAL.798],EAX


|||MOV EDX,DWORD PTR SS:[LOCAL.798]
|||XOR EAX,EAX
|||CMP DWORD PTR DS:[EDX],0
|||SETNE AL
|||MOVZX ECX,AL
|||TEST ECX,ECX
|||JE SHORT 0042011B
|||MOV EDX,DWORD PTR SS:[LOCAL.798]
|||MOV EAX,DWORD PTR DS:[EDX]
|||XOR ECX,ECX
|||CMP EAX,DWORD PTR SS:[LOCAL.522]
|||SETE CL
|||MOVZX EDX,CL
|||TEST EDX,EDX
|||JNE SHORT 00420120
|||CALL 0042E888
|||/XOR EAX,EAX
|||\JNE SHORT 00420120
|||MOV ECX,DWORD PTR SS:[LOCAL.798]
|||MOV EDX,DWORD PTR DS:[ECX+4]
|||XOR EAX,EAX
|||CMP EDX,DWORD PTR SS:[LOCAL.521]
|||SETE AL
|||MOVZX ECX,AL
|||TEST ECX,ECX
|||JE SHORT 00420174
|||LEA EDX,[LOCAL.444]
|||PUSH EDX

; /Arg1 =>

|||LEA ECX,[LOCAL.24]
|||CALL 00424290

; |
; \SystemIn

|||PUSH EAX
|||SUB ESP,28
|||MOV ECX,ESP
|||MOV DWORD PTR SS:[LOCAL.523],ESP
|||LEA EAX,[LOCAL.444]
|||PUSH EAX

; /Arg1 =>

|||CALL 0040AD10

; \SystemIn

|||MOV DWORD PTR SS:[LOCAL.1249],EAX


|||CALL 0041AE80
|||ADD ESP,2C
|||MOV BYTE PTR SS:[LOCAL.1],11
|||LEA ECX,[LOCAL.444]
|||CALL 0040E780

; [SystemIn

|||MOV BYTE PTR SS:[LOCAL.1],0B


|||PUSH 0
|||PUSH 1
|||LEA ECX,[LOCAL.444]

; /Arg2 = 0
; |Arg1 = 1
; |

00420191 |. E8 CAF9FEFF |||CALL 0040FB60


fo.0040FB60
00420196 |. 8D8D 3CF9FFFF |||LEA ECX,[LOCAL.433]
0042019C |. 51
|||PUSH ECX
a => OFFSET LOCAL.433
0042019D |. 8B95 38F9FFFF |||MOV EDX,DWORD PTR SS:[LOCAL.434]
004201A3 |. 52
|||PUSH EDX
e => [LOCAL.434]
004201A4 |. FF15 C8804400 |||CALL DWORD PTR DS:[<&KERNEL32.FindNex
.FindNextFileA
004201AA |. 85C0
|||TEST EAX,EAX
004201AC |.^ 0F85 8FFEFFFF ||\JNE 00420041
004201B2 |. 8B85 38F9FFFF ||MOV EAX,DWORD PTR SS:[LOCAL.434]
004201B8 |. 50
||PUSH EAX
e => [LOCAL.434]
004201B9 |. FF15 C4804400 ||CALL DWORD PTR DS:[<&KERNEL32.FindClos
.FindClose
004201BF |> C645 FC 12
||MOV BYTE PTR SS:[LOCAL.1],12
004201C3 |. 8D8D 7CFAFFFF ||LEA ECX,[LOCAL.353]
004201C9 |. E8 B2E5FEFF ||CALL 0040E780
fo.0040E780
004201CE |. C645 FC 00
||MOV BYTE PTR SS:[LOCAL.1],0
004201D2 |. 6A 00
||PUSH 0
004201D4 |. 6A 01
||PUSH 1
004201D6 |. 8D8D 7CFAFFFF ||LEA ECX,[LOCAL.353]
004201DC |. E8 7FF9FEFF ||CALL 0040FB60
fo.0040FB60
004201E1 |.^ E9 21FDFFFF |\JMP 0041FF07
004201E6 |> 817D E8 03010 |CMP DWORD PTR SS:[LOCAL.6],103
004201ED |. 0F84 A2000000 |JE 00420295
004201F3 |. 6A 06
|PUSH 6
004201F5 |. 8D8D CCF7FFFF |LEA ECX,[LOCAL.525]
004201FB |. 51
|PUSH ECX
OFFSET LOCAL.525
004201FC |. E8 97D50000 |CALL 0042D798
fo.0042D798
00420201 |. 83C4 08
|ADD ESP,8
00420204 |. 8985 F0F1FFFF |MOV DWORD PTR SS:[LOCAL.900],EAX
0042020A |. 837D 08 00
|CMP DWORD PTR SS:[ARG.1],0
0042020E |. 75 0C
|JNE SHORT 0042021C
00420210 |. C785 78ECFFFF |MOV DWORD PTR SS:[LOCAL.1250],0
0042021A |. EB 11
|JMP SHORT 0042022D
0042021C |> 8B55 08
|MOV EDX,DWORD PTR SS:[ARG.1]
0042021F |. 8B02
|MOV EAX,DWORD PTR DS:[EDX]
00420221 |. 8B4D 08
|MOV ECX,DWORD PTR SS:[ARG.1]
00420224 |. 0348 04
|ADD ECX,DWORD PTR DS:[EAX+4]
00420227 |. 898D 78ECFFFF |MOV DWORD PTR SS:[LOCAL.1250],ECX
0042022D |> 8B95 F0F1FFFF |MOV EDX,DWORD PTR SS:[LOCAL.900]
00420233 |. 8B42 04
|MOV EAX,DWORD PTR DS:[EDX+4]
00420236 |. 50
|PUSH EAX
00420237 |. 8B8D 78ECFFFF |MOV ECX,DWORD PTR SS:[LOCAL.1250]
0042023D |. 51
|PUSH ECX
0042023E |. 8B95 F0F1FFFF |MOV EDX,DWORD PTR SS:[LOCAL.900]
00420244 |. 8B02
|MOV EAX,DWORD PTR DS:[EDX]
00420246 |. FFD0
|CALL EAX
00420248 |. 83C4 08
|ADD ESP,8
0042024B |. 68 58844400 |PUSH OFFSET 00448458
SCII "Cannot enumerate installations"
00420250 |. 8B4D E8
|MOV ECX,DWORD PTR SS:[LOCAL.6]
00420253 |. 51
|PUSH ECX

; \SystemIn
; /pFinddat
; |
; |hFindfil
; \KERNEL32

; /hFindFil
; \KERNEL32

; [SystemIn
;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

; /Arg2 = 6
; |
; |Arg1 =>
; \SystemIn

; /Arg2 = A
; |
; |Arg1 =>

[LOCAL.6]
00420254 |. E8 0703FFFF |CALL 00410560
fo.00410560
00420259 |. 83C4 08
|ADD ESP,8
0042025C |. 50
|PUSH EAX
0042025D |. 68 77874400 |PUSH OFFSET 00448777
00420262 |. 8B55 08
|MOV EDX,DWORD PTR SS:[ARG.1]
00420265 |. 52
|PUSH EDX
00420266 |. E8 F5A6FEFF |CALL 0040A960
0042026B |. 83C4 08
|ADD ESP,8
0042026E |. 50
|PUSH EAX
0042026F |. E8 ECA6FEFF |CALL 0040A960
00420274 |. 83C4 08
|ADD ESP,8
00420277 |. 8985 ECF1FFFF |MOV DWORD PTR SS:[LOCAL.901],EAX
0042027D |. 6A 0A
|PUSH 0A
A
0042027F |. 8B8D ECF1FFFF |MOV ECX,DWORD PTR SS:[LOCAL.901]
00420285 |. E8 36F3FEFF |CALL 0040F5C0
fo.0040F5C0
0042028A |. 8B8D ECF1FFFF |MOV ECX,DWORD PTR SS:[LOCAL.901]
00420290 |. E8 2BF5FEFF |CALL 0040F7C0
fo.0040F7C0
00420295 |> 8B85 B0FAFFFF |MOV EAX,DWORD PTR SS:[LOCAL.340]
0042029B |. 50
|PUSH EAX
[LOCAL.340]
0042029C |. FF15 14804400 |CALL DWORD PTR DS:[<&ADVAPI32.RegCloseK
.RegCloseKey
004202A2 |.^ E9 EFFBFFFF \JMP 0041FE96
004202A7 |> 817D E8 03010 CMP DWORD PTR SS:[LOCAL.6],103
004202AE |. 0F84 A2000000 JE 00420356
004202B4 |. 6A 06
PUSH 6
004202B6 |. 8D8D C4F7FFFF LEA ECX,[LOCAL.527]
004202BC |. 51
PUSH ECX
OFFSET LOCAL.527
004202BD |. E8 D6D40000 CALL 0042D798
fo.0042D798
004202C2 |. 83C4 08
ADD ESP,8
004202C5 |. 8985 E8F1FFFF MOV DWORD PTR SS:[LOCAL.902],EAX
004202CB |. 837D 08 00
CMP DWORD PTR SS:[ARG.1],0
004202CF |. 75 0C
JNE SHORT 004202DD
004202D1 |. C785 74ECFFFF MOV DWORD PTR SS:[LOCAL.1251],0
004202DB |. EB 11
JMP SHORT 004202EE
004202DD |> 8B55 08
MOV EDX,DWORD PTR SS:[ARG.1]
004202E0 |. 8B02
MOV EAX,DWORD PTR DS:[EDX]
004202E2 |. 8B4D 08
MOV ECX,DWORD PTR SS:[ARG.1]
004202E5 |. 0348 04
ADD ECX,DWORD PTR DS:[EAX+4]
004202E8 |. 898D 74ECFFFF MOV DWORD PTR SS:[LOCAL.1251],ECX
004202EE |> 8B95 E8F1FFFF MOV EDX,DWORD PTR SS:[LOCAL.902]
004202F4 |. 8B42 04
MOV EAX,DWORD PTR DS:[EDX+4]
004202F7 |. 50
PUSH EAX
004202F8 |. 8B8D 74ECFFFF MOV ECX,DWORD PTR SS:[LOCAL.1251]
004202FE |. 51
PUSH ECX
004202FF |. 8B95 E8F1FFFF MOV EDX,DWORD PTR SS:[LOCAL.902]
00420305 |. 8B02
MOV EAX,DWORD PTR DS:[EDX]
00420307 |. FFD0
CALL EAX
00420309 |. 83C4 08
ADD ESP,8
0042030C |. 68 FC834400 PUSH OFFSET 004483FC
SCII "Cannot enumerate languages"
00420311 |. 8B4D E8
MOV ECX,DWORD PTR SS:[LOCAL.6]
00420314 |. 51
PUSH ECX

; \SystemIn

; /Arg1 = 0
; |
; \SystemIn
; [SystemIn
; /hKey =>
; \ADVAPI32

; /Arg2 = 6
; |
; |Arg1 =>
; \SystemIn

; /Arg2 = A
; |
; |Arg1 =>

[LOCAL.6]
00420315 |. E8 4602FFFF
fo.00410560
0042031A |. 83C4 08
0042031D |. 50
0042031E |. 68 77874400
00420323 |. 8B55 08
00420326 |. 52
00420327 |. E8 34A6FEFF
0042032C |. 83C4 08
0042032F |. 50
00420330 |. E8 2BA6FEFF
00420335 |. 83C4 08
00420338 |. 8985 E4F1FFFF
0042033E |. 6A 0A
A
00420340 |. 8B8D E4F1FFFF
00420346 |. E8 75F2FEFF
fo.0040F5C0
0042034B |. 8B8D E4F1FFFF
00420351 |. E8 6AF4FEFF
fo.0040F7C0
00420356 |> 8B45 E0
00420359 |. 50
[LOCAL.8]
0042035A |. FF15 14804400
.RegCloseKey
00420360 |. C745 E4 00000
00420367 |. EB 09
00420369 |> 8B4D E4
0042036C |. 83C1 01
0042036F |. 894D E4
00420372 |> 837D E4 04
00420376 |. 0F8D 74020000
0042037C |. 8D95 04F9FFFF
00420382 |. 52
t => OFFSET LOCAL.447
00420383 |. 6A 00
LL
00420385 |. 6A 00
= NULL
00420387 |. 6A 00
n = NULL
00420389 |. 8B45 E4
0042038C |. 8B4C85 90
00420390 |. 51
00420391 |. 6A 00
ULL
00420393 |. FF15 C0804400
.SearchPathA
00420399 |. 8985 08F9FFFF
0042039F |. FF15 A8804400
.GetProcessHeap
004203A5 |. 8985 0CF9FFFF
004203AB |. 8B95 08F9FFFF
004203B1 |. 52
[LOCAL.446]
004203B2 |. 6A 00
0
004203B4 |. 8B85 0CF9FFFF

CALL 00410560

; \SystemIn

ADD ESP,8
PUSH EAX
PUSH OFFSET 00448777
MOV EDX,DWORD PTR SS:[ARG.1]
PUSH EDX
CALL 0040A960
ADD ESP,8
PUSH EAX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[LOCAL.903],EAX
PUSH 0A

; /Arg1 = 0

MOV ECX,DWORD PTR SS:[LOCAL.903]


CALL 0040F5C0

; |
; \SystemIn

MOV ECX,DWORD PTR SS:[LOCAL.903]


CALL 0040F7C0

; [SystemIn

MOV EAX,DWORD PTR SS:[LOCAL.8]


PUSH EAX

; /hKey =>

CALL DWORD PTR DS:[<&ADVAPI32.RegCloseKe ; \ADVAPI32


MOV DWORD PTR SS:[LOCAL.7],0
JMP SHORT 00420372
/MOV ECX,DWORD PTR SS:[LOCAL.7]
|ADD ECX,1
|MOV DWORD PTR SS:[LOCAL.7],ECX
|CMP DWORD PTR SS:[LOCAL.7],4
|JGE 004205F0
|LEA EDX,[LOCAL.447]
|PUSH EDX

; /pFilePar

|PUSH 0

; |Buf = NU

|PUSH 0

; |Bufsize

|PUSH 0

; |Extensio

|MOV EAX,DWORD PTR SS:[LOCAL.7]


|MOV ECX,DWORD PTR SS:[EAX*4+EBP-70]
|PUSH ECX
|PUSH 0

;
;
;
;

|
|
|FileName
|Path = N

|CALL DWORD PTR DS:[<&KERNEL32.SearchPat ; \KERNEL32


|MOV DWORD PTR SS:[LOCAL.446],EAX
|CALL DWORD PTR DS:[<&KERNEL32.GetProces ; [KERNEL32
|MOV DWORD PTR SS:[LOCAL.445],EAX
|MOV EDX,DWORD PTR SS:[LOCAL.446]
|PUSH EDX

; /Size =>

|PUSH 0

; |Flags =

|MOV EAX,DWORD PTR SS:[LOCAL.445]

; |

004203BA |. 50
[LOCAL.445]
004203BB |. FF15 A4804400
lAllocateHeap
004203C1 |. 8985 00F9FFFF
004203C7 |. 8D8D 04F9FFFF
004203CD |. 51
t => OFFSET LOCAL.447
004203CE |. 8B95 00F9FFFF
004203D4 |. 52
LOCAL.448]
004203D5 |. 8B85 08F9FFFF
004203DB |. 50
=> [LOCAL.446]
004203DC |. 6A 00
n = NULL
004203DE |. 8B4D E4
004203E1 |. 8B548D 90
004203E5 |. 52
004203E6 |. 6A 00
ULL
004203E8 |. FF15 C0804400
.SearchPathA
004203EE |. 85C0
004203F0 |. 0F86 D7000000
004203F6 |. 8D85 9BF7FFFF
004203FC |. 50
004203FD |. 8B8D 00F9FFFF
00420403 |. 51
[LOCAL.448]
00420404 |. 8D8D 9CF7FFFF
0042040A |. E8 31E8FEFF
fo.0040EC40
0042040F |. C785 B8F7FFFF
00420419 |. C785 BCF7FFFF
00420423 |. C785 C0F7FFFF
0042042D |. C645 FC 13
00420431 |. 8D95 9CF7FFFF
00420437 |. 52
OFFSET LOCAL.537
00420438 |. 8D4D A0
0042043B |. E8 503E0000
fo.00424290
00420440 |. 50
00420441 |. 83EC 28
00420444 |. 8BC4
00420446 |. 89A5 94F7FFFF
0042044C |. 8985 4CF0FFFF
00420452 |. 8D8D 93F7FFFF
00420458 |. 51
00420459 |. 8B95 00F9FFFF
0042045F |. 52
[LOCAL.448]
00420460 |. 8B8D 4CF0FFFF
00420466 |. E8 D5E7FEFF
fo.0040EC40
0042046B |. 8B85 4CF0FFFF
00420471 |. C740 1C 00000
00420478 |. 8B8D 4CF0FFFF
0042047E |. C741 20 00000

|PUSH EAX

; |Heap =>

|CALL DWORD PTR DS:[<&KERNEL32.HeapAlloc ; \NTDLL.Rt


|MOV DWORD PTR SS:[LOCAL.448],EAX
|LEA ECX,[LOCAL.447]
|PUSH ECX

; /pFilePar

|MOV EDX,DWORD PTR SS:[LOCAL.448]


|PUSH EDX

; |
; |Buf => [

|MOV EAX,DWORD PTR SS:[LOCAL.446]


|PUSH EAX

; |
; |Bufsize

|PUSH 0

; |Extensio

|MOV ECX,DWORD PTR SS:[LOCAL.7]


|MOV EDX,DWORD PTR SS:[ECX*4+EBP-70]
|PUSH EDX
|PUSH 0

;
;
;
;

|
|
|FileName
|Path = N

|CALL DWORD PTR DS:[<&KERNEL32.SearchPat ; \KERNEL32


|TEST EAX,EAX
|JBE 004204CD
|LEA EAX,[LOCAL.538+3]
|PUSH EAX
|MOV ECX,DWORD PTR SS:[LOCAL.448]
|PUSH ECX

; /Arg2
; |
; |Arg1 =>

|LEA ECX,[LOCAL.537]
|CALL 0040EC40

; |
; \SystemIn

|MOV DWORD PTR SS:[LOCAL.530],0


|MOV DWORD PTR SS:[LOCAL.529],0
|MOV DWORD PTR SS:[LOCAL.528],0
|MOV BYTE PTR SS:[LOCAL.1],13
|LEA EDX,[LOCAL.537]
|PUSH EDX

; /Arg1 =>

|LEA ECX,[LOCAL.24]
|CALL 00424290

; |
; \SystemIn

|PUSH EAX
|SUB ESP,28
|MOV EAX,ESP
|MOV DWORD PTR SS:[LOCAL.539],ESP
|MOV DWORD PTR SS:[LOCAL.1005],EAX
|LEA ECX,[LOCAL.540+3]
|PUSH ECX
|MOV EDX,DWORD PTR SS:[LOCAL.448]
|PUSH EDX

; /Arg2
; |
; |Arg1 =>

|MOV ECX,DWORD PTR SS:[LOCAL.1005]


|CALL 0040EC40

; |
; \SystemIn

|MOV
|MOV
|MOV
|MOV

EAX,DWORD
DWORD PTR
ECX,DWORD
DWORD PTR

PTR SS:[LOCAL.1005]
DS:[EAX+1C],0
PTR SS:[LOCAL.1005]
DS:[ECX+20],0

00420485 |. 8B95 4CF0FFFF


0042048B |. C742 24 00000
00420492 |. 8B85 4CF0FFFF
00420498 |. 8985 70ECFFFF
0042049E |. E8 DDA9FFFF
004204A3 |. 83C4 2C
004204A6 |. C645 FC 14
004204AA |. 8D8D 9CF7FFFF
004204B0 |. E8 CBE2FEFF
fo.0040E780
004204B5 |. C645 FC 00
004204B9 |. 6A 00
004204BB |. 6A 01
004204BD |. 8D8D 9CF7FFFF
004204C3 |. E8 98F6FEFF
fo.0040FB60
004204C8 |.^ E9 1E010000
004204CD |> 8D8D 67F7FFFF
004204D3 |. 51
004204D4 |. 68 409A4400
SCII "Not Found\"
004204D9 |. 8D8D 68F7FFFF
004204DF |. E8 5CE7FEFF
fo.0040EC40
004204E4 |. C785 84F7FFFF
004204EE |. C785 88F7FFFF
004204F8 |. C785 8CF7FFFF
00420502 |. 8D95 68F7FFFF
00420508 |. 8995 6CECFFFF
0042050E |. C645 FC 15
00420512 |. 8B45 E4
00420515 |. 8B4C85 90
00420519 |. 51
0042051A |. 8B95 6CECFFFF
00420520 |. 52
[LOCAL.1253]
00420521 |. 8D85 3CF7FFFF
00420527 |. 50
OFFSET LOCAL.561
00420528 |. E8 C3E4FEFF
fo.0040E9F0
0042052D |. 83C4 0C
00420530 |. 8985 68ECFFFF
00420536 |. 8B8D 68ECFFFF
0042053C |. 898D 64ECFFFF
00420542 |. C645 FC 16
00420546 |. 68 349A4400
SCII "Not found"
0042054B |. E8 0001FFFF
fo.00410650
00420550 |. 83C4 04
00420553 |. 8985 ACEEFFFF
00420559 |. 8B95 64ECFFFF
0042055F |. 52
[LOCAL.1255]
00420560 |. 8D4D A0
00420563 |. E8 283D0000
fo.00424290
00420568 |. 8985 B0EEFFFF
0042056E |. 8B8D B0EEFFFF

|MOV EDX,DWORD PTR SS:[LOCAL.1005]


|MOV DWORD PTR DS:[EDX+24],0
|MOV EAX,DWORD PTR SS:[LOCAL.1005]
|MOV DWORD PTR SS:[LOCAL.1252],EAX
|CALL 0041AE80
|ADD ESP,2C
|MOV BYTE PTR SS:[LOCAL.1],14
|LEA ECX,[LOCAL.537]
|CALL 0040E780

; [SystemIn

|MOV BYTE PTR SS:[LOCAL.1],0


|PUSH 0
|PUSH 1
|LEA ECX,[LOCAL.537]
|CALL 0040FB60

;
;
;
;

|JMP 004205EB
|LEA ECX,[LOCAL.551+3]
|PUSH ECX
|PUSH OFFSET 00449A40

; /Arg2
; |Arg1 = A

|LEA ECX,[LOCAL.550]
|CALL 0040EC40

; |
; \SystemIn

|MOV DWORD PTR SS:[LOCAL.543],0


|MOV DWORD PTR SS:[LOCAL.542],0
|MOV DWORD PTR SS:[LOCAL.541],0
|LEA EDX,[LOCAL.550]
|MOV DWORD PTR SS:[LOCAL.1253],EDX
|MOV BYTE PTR SS:[LOCAL.1],15
|MOV EAX,DWORD PTR SS:[LOCAL.7]
|MOV ECX,DWORD PTR SS:[EAX*4+EBP-70]
|PUSH ECX
|MOV EDX,DWORD PTR SS:[LOCAL.1253]
|PUSH EDX

; /Arg3
; |
; |Arg2 =>

|LEA EAX,[LOCAL.561]
|PUSH EAX

; |
; |Arg1 =>

|CALL 0040E9F0

; \SystemIn

|ADD ESP,0C
|MOV DWORD PTR SS:[LOCAL.1254],EAX
|MOV ECX,DWORD PTR SS:[LOCAL.1254]
|MOV DWORD PTR SS:[LOCAL.1255],ECX
|MOV BYTE PTR SS:[LOCAL.1],16
|PUSH OFFSET 00449A34

; /Arg1 = A

|CALL 00410650

; \SystemIn

|ADD ESP,4
|MOV DWORD PTR SS:[LOCAL.1109],EAX
|MOV EDX,DWORD PTR SS:[LOCAL.1255]
|PUSH EDX

; /Arg1 =>

|LEA ECX,[LOCAL.24]
|CALL 00424290

; |
; \SystemIn

|MOV DWORD PTR SS:[LOCAL.1108],EAX


|MOV ECX,DWORD PTR SS:[LOCAL.1108]

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

00420574 |. E8 07E2FEFF
fo.0040E780
00420579 |. 8B85 ACEEFFFF
0042057F |. 50
[LOCAL.1109]
00420580 |. E8 FBDC0000
fo.0042E280
00420585 |. 83C4 04
00420588 |. 8985 B4EEFFFF
0042058E |. 8B8D B4EEFFFF
00420594 |. 51
[LOCAL.1107]
00420595 |. 8B95 ACEEFFFF
0042059B |. 52
[LOCAL.1109]
0042059C |. 8B8D B0EEFFFF
004205A2 |. E8 A9EBFEFF
fo.0040F150
004205A7 |. C645 FC 17
004205AB |. 8D8D 3CF7FFFF
004205B1 |. E8 CAE1FEFF
fo.0040E780
004205B6 |. C645 FC 15
004205BA |. 6A 00
004205BC |. 6A 01
004205BE |. 8D8D 3CF7FFFF
004205C4 |. E8 97F5FEFF
fo.0040FB60
004205C9 |. C645 FC 18
004205CD |. 8D8D 68F7FFFF
004205D3 |. E8 A8E1FEFF
fo.0040E780
004205D8 |. C645 FC 00
004205DC |. 6A 00
004205DE |. 6A 01
004205E0 |. 8D8D 68F7FFFF
004205E6 |. E8 75F5FEFF
fo.0040FB60
004205EB |>^ E9 79FDFFFF
004205F0 |> 8D4D C0
004205F3 |. E8 38410000
004205F8 |. C645 FC 19
004205FC |. 8B45 B8
004205FF |. 8985 A8EEFFFF
00420605 |. 8B8D A8EEFFFF
0042060B |. 8B11
0042060D |. 8995 A4EEFFFF
00420613 |. 8D45 A0
00420616 |. 50
OFFSET LOCAL.24
00420617 |. 8B8D A4EEFFFF
0042061D |. 51
[LOCAL.1111]
0042061E |. 8D8D 34F7FFFF
00420624 |. E8 C78A0000
fo.004290F0
00420629 |. 8B95 34F7FFFF
0042062F |. 8B85 38F7FFFF
00420635 |. 8995 F8F8FFFF
0042063B |. 8985 FCF8FFFF

|CALL 0040E780

; [SystemIn

|MOV EAX,DWORD PTR SS:[LOCAL.1109]


|PUSH EAX

; /Arg1 =>

|CALL 0042E280

; \SystemIn

|ADD ESP,4
|MOV DWORD PTR SS:[LOCAL.1107],EAX
|MOV ECX,DWORD PTR SS:[LOCAL.1107]
|PUSH ECX

; /Arg2 =>

|MOV EDX,DWORD PTR SS:[LOCAL.1109]


|PUSH EDX

; |
; |Arg1 =>

|MOV ECX,DWORD PTR SS:[LOCAL.1108]


|CALL 0040F150

; |
; \SystemIn

|MOV BYTE PTR SS:[LOCAL.1],17


|LEA ECX,[LOCAL.561]
|CALL 0040E780

; [SystemIn

|MOV BYTE PTR SS:[LOCAL.1],15


|PUSH 0
|PUSH 1
|LEA ECX,[LOCAL.561]
|CALL 0040FB60

;
;
;
;

|MOV BYTE PTR SS:[LOCAL.1],18


|LEA ECX,[LOCAL.550]
|CALL 0040E780

; [SystemIn

|MOV BYTE PTR SS:[LOCAL.1],0


|PUSH 0
|PUSH 1
|LEA ECX,[LOCAL.550]
|CALL 0040FB60

;
;
;
;

\JMP 00420369
LEA ECX,[LOCAL.16]
CALL 00424730
MOV BYTE PTR SS:[LOCAL.1],19
MOV EAX,DWORD PTR SS:[LOCAL.18]
MOV DWORD PTR SS:[LOCAL.1110],EAX
MOV ECX,DWORD PTR SS:[LOCAL.1110]
MOV EDX,DWORD PTR DS:[ECX]
MOV DWORD PTR SS:[LOCAL.1111],EDX
LEA EAX,[LOCAL.24]
PUSH EAX

; /Arg2 =>

MOV ECX,DWORD PTR SS:[LOCAL.1111]


PUSH ECX

; |
; |Arg1 =>

LEA ECX,[LOCAL.563]
CALL 004290F0

; |
; \SystemIn

MOV
MOV
MOV
MOV

EDX,DWORD
EAX,DWORD
DWORD PTR
DWORD PTR

PTR SS:[LOCAL.563]
PTR SS:[LOCAL.562]
SS:[LOCAL.450],EDX
SS:[LOCAL.449],EAX

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

00420641 |. EB 0B
00420643 |> 8D8D F8F8FFFF
00420649 |. E8 926B0000
fo.004271E0
0042064E |> 8B4D B8
00420651 |. 898D A0EEFFFF
00420657 |. 8D55 A0
0042065A |. 52
OFFSET LOCAL.24
0042065B |. 8B85 A0EEFFFF
00420661 |. 50
[LOCAL.1112]
00420662 |. 8D8D 2CF7FFFF
00420668 |. E8 838A0000
fo.004290F0
0042066D |. 8D8D 2CF7FFFF
00420673 |. 51
OFFSET LOCAL.565
00420674 |. 8D8D F8F8FFFF
0042067A |. E8 E166FEFF
fo.00406D60
0042067F |. 0FB6D0
00420682 |. F7DA
00420684 |. 1BD2
00420686 |. 83C2 01
00420689 |. 0FB6C2
0042068C |. 85C0
0042068E |. 0F84 6B010000
00420694 |. 8D8D F8F8FFFF
0042069A |. E8 11720000
fo.004278B0
0042069F |. 8985 9CEEFFFF
004206A5 |. C685 9BEEFFFF
004206AC |. 6A 01
004206AE |. 6A 00
004206B0 |. 8D8D 9BEEFFFF
004206B6 |. 51
004206B7 |. 8B8D 9CEEFFFF
004206BD |. E8 0E350000
fo.00423BD0
004206C2 |. 8985 94EEFFFF
004206C8 |. 8D8D F8F8FFFF
004206CE |. E8 DD710000
fo.004278B0
004206D3 |. 8985 90EEFFFF
004206D9 |. 8B95 94EEFFFF
004206DF |. 52
[LOCAL.1115]
004206E0 |. 6A 00
004206E2 |. 8D85 B8F6FFFF
004206E8 |. 50
OFFSET LOCAL.594
004206E9 |. 8B8D 90EEFFFF
004206EF |. E8 6C1D0000
fo.00422460
004206F4 |. 8985 60ECFFFF
004206FA |. 8B8D 60ECFFFF
00420700 |. 898D 8CEEFFFF
00420706 |. C645 FC 1A
0042070A |. 8B95 8CEEFFFF

JMP SHORT 0042064E


/LEA ECX,[LOCAL.450]
|CALL 004271E0

; [SystemIn

|MOV ECX,DWORD PTR SS:[LOCAL.18]


|MOV DWORD PTR SS:[LOCAL.1112],ECX
|LEA EDX,[LOCAL.24]
|PUSH EDX

; /Arg2 =>

|MOV EAX,DWORD PTR SS:[LOCAL.1112]


|PUSH EAX

; |
; |Arg1 =>

|LEA ECX,[LOCAL.565]
|CALL 004290F0

; |
; \SystemIn

|LEA ECX,[LOCAL.565]
|PUSH ECX

; /Arg1 =>

|LEA ECX,[LOCAL.450]
|CALL 00406D60

; |
; \SystemIn

|MOVZX EDX,AL
|NEG EDX
|SBB EDX,EDX
|ADD EDX,1
|MOVZX EAX,DL
|TEST EAX,EAX
|JE 004207FF
|LEA ECX,[LOCAL.450]
|CALL 004278B0

; [SystemIn

|MOV DWORD PTR SS:[LOCAL.1113],EAX


|MOV BYTE PTR SS:[LOCAL.1114+3],5C
|PUSH 1
|PUSH 0
|LEA ECX,[LOCAL.1114+3]
|PUSH ECX
|MOV ECX,DWORD PTR SS:[LOCAL.1113]
|CALL 00423BD0

;
;
;
;
;
;

|MOV DWORD PTR SS:[LOCAL.1115],EAX


|LEA ECX,[LOCAL.450]
|CALL 004278B0

; [SystemIn

|MOV DWORD PTR SS:[LOCAL.1116],EAX


|MOV EDX,DWORD PTR SS:[LOCAL.1115]
|PUSH EDX

; /Arg3 =>

|PUSH 0
|LEA EAX,[LOCAL.594]
|PUSH EAX

; |Arg2 = 0
; |
; |Arg1 =>

|MOV ECX,DWORD PTR SS:[LOCAL.1116]


|CALL 00422460

; |
; \SystemIn

|MOV
|MOV
|MOV
|MOV
|MOV

DWORD PTR SS:[LOCAL.1256],EAX


ECX,DWORD PTR SS:[LOCAL.1256]
DWORD PTR SS:[LOCAL.1117],ECX
BYTE PTR SS:[LOCAL.1],1A
EDX,DWORD PTR SS:[LOCAL.1117]

/Arg3 = 1
|Arg2 = 0
|
|Arg1
|
\SystemIn

00420710 |. 52
[LOCAL.1117]
00420711 |. 8D8D D4F6FFFF
00420717 |. E8 74E5FEFF
fo.0040EC90
0042071C |. C785 F0F6FFFF
00420726 |. C785 F4F6FFFF
00420730 |. C785 F8F6FFFF
0042073A |. C645 FC 1B
0042073E |. 8D85 D4F6FFFF
00420744 |. 50
OFFSET LOCAL.587
00420745 |. 8D8D FCF6FFFF
0042074B |. E8 C0A5FEFF
fo.0040AD10
00420750 |. 8B8D F8F8FFFF
00420756 |. 8B95 FCF8FFFF
0042075C |. 898D 24F7FFFF
00420762 |. 8995 28F7FFFF
00420768 |. 8D85 FCF6FFFF
0042076E |. 8985 7CEEFFFF
00420774 |. C645 FC 1C
00420778 |. 8B8D 7CEEFFFF
0042077E |. 51
[LOCAL.1121]
0042077F |. 8D95 80EEFFFF
00420785 |. 52
OFFSET LOCAL.1120
00420786 |. 8D4D C0
00420789 |. E8 426D0000
fo.004274D0
0042078E |. 8B08
00420790 |. 8B50 04
00420793 |. 898D B0F6FFFF
00420799 |. 8995 B4F6FFFF
0042079F |. C645 FC 1B
004207A3 |. C645 FC 1D
004207A7 |. 8D8D FCF6FFFF
004207AD |. E8 CEDFFEFF
fo.0040E780
004207B2 |. C645 FC 1B
004207B6 |. 6A 00
004207B8 |. 6A 01
004207BA |. 8D8D FCF6FFFF
004207C0 |. E8 9BF3FEFF
fo.0040FB60
004207C5 |. C645 FC 1E
004207C9 |. 8D8D D4F6FFFF
004207CF |. E8 ACDFFEFF
fo.0040E780
004207D4 |. C645 FC 1A
004207D8 |. 6A 00
004207DA |. 6A 01
004207DC |. 8D8D D4F6FFFF
004207E2 |. E8 79F3FEFF
fo.0040FB60
004207E7 |. C645 FC 19
004207EB |. 6A 00
004207ED |. 6A 01
004207EF |. 8D8D B8F6FFFF

|PUSH EDX

; /Arg1 =>

|LEA ECX,[LOCAL.587]
|CALL 0040EC90

; |
; \SystemIn

|MOV DWORD PTR SS:[LOCAL.580],0


|MOV DWORD PTR SS:[LOCAL.579],0
|MOV DWORD PTR SS:[LOCAL.578],0
|MOV BYTE PTR SS:[LOCAL.1],1B
|LEA EAX,[LOCAL.587]
|PUSH EAX

; /Arg1 =>

|LEA ECX,[LOCAL.577]
|CALL 0040AD10

; |
; \SystemIn

|MOV ECX,DWORD PTR SS:[LOCAL.450]


|MOV EDX,DWORD PTR SS:[LOCAL.449]
|MOV DWORD PTR SS:[LOCAL.567],ECX
|MOV DWORD PTR SS:[LOCAL.566],EDX
|LEA EAX,[LOCAL.577]
|MOV DWORD PTR SS:[LOCAL.1121],EAX
|MOV BYTE PTR SS:[LOCAL.1],1C
|MOV ECX,DWORD PTR SS:[LOCAL.1121]
|PUSH ECX

; /Arg2 =>

|LEA EDX,[LOCAL.1120]
|PUSH EDX

; |
; |Arg1 =>

|LEA ECX,[LOCAL.16]
|CALL 004274D0

; |
; \SystemIn

|MOV ECX,DWORD PTR DS:[EAX]


|MOV EDX,DWORD PTR DS:[EAX+4]
|MOV DWORD PTR SS:[LOCAL.596],ECX
|MOV DWORD PTR SS:[LOCAL.595],EDX
|MOV BYTE PTR SS:[LOCAL.1],1B
|MOV BYTE PTR SS:[LOCAL.1],1D
|LEA ECX,[LOCAL.577]
|CALL 0040E780

; [SystemIn

|MOV BYTE PTR SS:[LOCAL.1],1B


|PUSH 0
|PUSH 1
|LEA ECX,[LOCAL.577]
|CALL 0040FB60

;
;
;
;

|MOV BYTE PTR SS:[LOCAL.1],1E


|LEA ECX,[LOCAL.587]
|CALL 0040E780

; [SystemIn

|MOV BYTE PTR SS:[LOCAL.1],1A


|PUSH 0
|PUSH 1
|LEA ECX,[LOCAL.587]
|CALL 0040FB60

;
;
;
;

|MOV BYTE PTR SS:[LOCAL.1],19


|PUSH 0
|PUSH 1
|LEA ECX,[LOCAL.594]

; /Arg2 = 0
; |Arg1 = 1
; |

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

004207F5 |. E8 66F3FEFF
fo.0040FB60
004207FA |.^ E9 44FEFFFF
004207FF |> 8D85 AFF6FFFF
00420805 |. 50
00420806 |. 8D8D 5CFEFFFF
0042080C |. E8 EF3E0000
fo.00424700
00420811 |. C785 78FEFFFF
0042081B |. C785 7CFEFFFF
00420825 |. C785 80FEFFFF
0042082F |. C645 FC 1F
00420833 |. 837D 08 00
00420837 |. 75 0C
00420839 |. C785 74EEFFFF
00420843 |. EB 11
00420845 |> 8B4D 08
00420848 |. 8B11
0042084A |. 8B45 08
0042084D |. 0342 04
00420850 |. 8985 74EEFFFF
00420856 |> 8B8D 74EEFFFF
0042085C |. 8B51 10
0042085F |. 8995 78EEFFFF
00420865 |. B8 C0010000
0042086A |. F7D0
0042086C |. 8B8D 74EEFFFF
00420872 |. 2341 10
00420875 |. BA 40000000
0042087A |. 81E2 C0010000
00420880 |. 81E2 FFFF0000
00420886 |. 0BC2
00420888 |. 8B8D 74EEFFFF
0042088E |. 8941 10
00420891 |. 8B55 D8
00420894 |. 8995 70EEFFFF
0042089A |. 8B85 70EEFFFF
004208A0 |. 8B08
004208A2 |. 898D 6CEEFFFF
004208A8 |. 8D55 C0
004208AB |. 52
OFFSET LOCAL.16
004208AC |. 8B85 6CEEFFFF
004208B2 |. 50
[LOCAL.1125]
004208B3 |. 8D8D A4F6FFFF
004208B9 |. E8 32880000
fo.004290F0
004208BE |. 8B8D A4F6FFFF
004208C4 |. 8B95 A8F6FFFF
004208CA |. 898D F0F8FFFF
004208D0 |. 8995 F4F8FFFF
004208D6 |. EB 0B
004208D8 |> 8D8D F0F8FFFF
004208DE |. E8 3D700000
004208E3 |> 8B45 D8
004208E6 |. 8985 68EEFFFF
004208EC |. 8D4D C0
004208EF |. 51
OFFSET LOCAL.16

|CALL 0040FB60

; \SystemIn

\JMP 00420643
LEA EAX,[LOCAL.597+3]
PUSH EAX
LEA ECX,[LOCAL.105]
CALL 00424700

; /Arg1
; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.98],0


MOV DWORD PTR SS:[LOCAL.97],0
MOV DWORD PTR SS:[LOCAL.96],0
MOV BYTE PTR SS:[LOCAL.1],1F
CMP DWORD PTR SS:[ARG.1],0
JNE SHORT 00420845
MOV DWORD PTR SS:[LOCAL.1123],0
JMP SHORT 00420856
MOV ECX,DWORD PTR SS:[ARG.1]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[ARG.1]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.1123],EAX
MOV ECX,DWORD PTR SS:[LOCAL.1123]
MOV EDX,DWORD PTR DS:[ECX+10]
MOV DWORD PTR SS:[LOCAL.1122],EDX
MOV EAX,1C0
NOT EAX
MOV ECX,DWORD PTR SS:[LOCAL.1123]
AND EAX,DWORD PTR DS:[ECX+10]
MOV EDX,40
AND EDX,000001C0
AND EDX,0000FFFF
OR EAX,EDX
MOV ECX,DWORD PTR SS:[LOCAL.1123]
MOV DWORD PTR DS:[ECX+10],EAX
MOV EDX,DWORD PTR SS:[LOCAL.10]
MOV DWORD PTR SS:[LOCAL.1124],EDX
MOV EAX,DWORD PTR SS:[LOCAL.1124]
MOV ECX,DWORD PTR DS:[EAX]
MOV DWORD PTR SS:[LOCAL.1125],ECX
LEA EDX,[LOCAL.16]
PUSH EDX

; /Arg2 =>

MOV EAX,DWORD PTR SS:[LOCAL.1125]


PUSH EAX

; |
; |Arg1 =>

LEA ECX,[LOCAL.599]
CALL 004290F0

; |
; \SystemIn

MOV ECX,DWORD PTR SS:[LOCAL.599]


MOV EDX,DWORD PTR SS:[LOCAL.598]
MOV DWORD PTR SS:[LOCAL.452],ECX
MOV DWORD PTR SS:[LOCAL.451],EDX
JMP SHORT 004208E3
/LEA ECX,[LOCAL.452]
|CALL 00427920
|MOV EAX,DWORD PTR SS:[LOCAL.10]
|MOV DWORD PTR SS:[LOCAL.1126],EAX
|LEA ECX,[LOCAL.16]
|PUSH ECX

; /Arg2 =>

004208F0 |. 8B95 68EEFFFF


004208F6 |. 52
[LOCAL.1126]
004208F7 |. 8D8D 9CF6FFFF
004208FD |. E8 EE870000
fo.004290F0
00420902 |. 8D85 9CF6FFFF
00420908 |. 50
OFFSET LOCAL.601
00420909 |. 8D8D F0F8FFFF
0042090F |. E8 4C64FEFF
fo.00406D60
00420914 |. 0FB6C8
00420917 |. F7D9
00420919 |. 1BC9
0042091B |. 83C1 01
0042091E |. 0FB6D1
00420921 |. 85D2
00420923 |. 0F84 6E090000
00420929 |. 8D8D F0F8FFFF
0042092F |. E8 7C6F0000
fo.004278B0
00420934 |. 8985 E8F8FFFF
0042093A |. 8D8D F0F8FFFF
00420940 |. E8 6B6F0000
fo.004278B0
00420945 |. 8985 64EEFFFF
0042094B |. 8B8D 64EEFFFF
00420951 |. 83C1 28
00420954 |. E8 576F0000
fo.004278B0
00420959 |. 83C0 28
0042095C |. 8985 ECF8FFFF
00420962 |. 8B85 E8F8FFFF
00420968 |. 8378 18 10
0042096C |. 72 11
0042096E |. 8B8D E8F8FFFF
00420974 |. 8B51 04
00420977 |. 8995 5CECFFFF
0042097D |. EB 0F
0042097F |> 8B85 E8F8FFFF
00420985 |. 83C0 04
00420988 |. 8985 5CECFFFF
0042098E |> 8B8D 5CECFFFF
00420994 |. 51
[LOCAL.1257]
00420995 |. E8 369FFEFF
fo.0040A8D0
0042099A |. 83C4 04
0042099D |. 8985 58EEFFFF
004209A3 |. 8D8D F0F8FFFF
004209A9 |. E8 026F0000
fo.004278B0
004209AE |. 8985 54EEFFFF
004209B4 |. 8B8D 54EEFFFF
004209BA |. 83C1 28
004209BD |. E8 EE6E0000
fo.004278B0
004209C2 |. 8985 50EEFFFF
004209C8 |. 6A FF

|MOV EDX,DWORD PTR SS:[LOCAL.1126]


|PUSH EDX

; |
; |Arg1 =>

|LEA ECX,[LOCAL.601]
|CALL 004290F0

; |
; \SystemIn

|LEA EAX,[LOCAL.601]
|PUSH EAX

; /Arg1 =>

|LEA ECX,[LOCAL.452]
|CALL 00406D60

; |
; \SystemIn

|MOVZX ECX,AL
|NEG ECX
|SBB ECX,ECX
|ADD ECX,1
|MOVZX EDX,CL
|TEST EDX,EDX
|JE 00421297
|LEA ECX,[LOCAL.452]
|CALL 004278B0

; [SystemIn

|MOV DWORD PTR SS:[LOCAL.454],EAX


|LEA ECX,[LOCAL.452]
|CALL 004278B0

; [SystemIn

|MOV DWORD PTR SS:[LOCAL.1127],EAX


|MOV ECX,DWORD PTR SS:[LOCAL.1127]
|ADD ECX,28
|CALL 004278B0

; [SystemIn

|ADD EAX,28
|MOV DWORD PTR SS:[LOCAL.453],EAX
|MOV EAX,DWORD PTR SS:[LOCAL.454]
|CMP DWORD PTR DS:[EAX+18],10
|JB SHORT 0042097F
|MOV ECX,DWORD PTR SS:[LOCAL.454]
|MOV EDX,DWORD PTR DS:[ECX+4]
|MOV DWORD PTR SS:[LOCAL.1257],EDX
|JMP SHORT 0042098E
|MOV EAX,DWORD PTR SS:[LOCAL.454]
|ADD EAX,4
|MOV DWORD PTR SS:[LOCAL.1257],EAX
|MOV ECX,DWORD PTR SS:[LOCAL.1257]
|PUSH ECX

; /Arg1 =>

|CALL 0040A8D0

; \SystemIn

|ADD ESP,4
|MOV DWORD PTR SS:[LOCAL.1130],EAX
|LEA ECX,[LOCAL.452]
|CALL 004278B0

; [SystemIn

|MOV DWORD PTR SS:[LOCAL.1131],EAX


|MOV ECX,DWORD PTR SS:[LOCAL.1131]
|ADD ECX,28
|CALL 004278B0

; [SystemIn

|MOV DWORD PTR SS:[LOCAL.1132],EAX


|PUSH -1

; /Arg3 = -

1
004209CA |. 8B95 58EEFFFF
004209D0 |. 83C2 01
004209D3 |. 52
004209D4 |. 8D85 80F6FFFF
004209DA |. 50
OFFSET LOCAL.608
004209DB |. 8B8D 50EEFFFF
004209E1 |. E8 7A1A0000
fo.00422460
004209E6 |. 8985 58ECFFFF
004209EC |. 8B8D 58ECFFFF
004209F2 |. 898D 4CEEFFFF
004209F8 |. C645 FC 20
004209FC |. 8B95 4CEEFFFF
00420A02 |. 52
[LOCAL.1133]
00420A03 |. 8D8D C0F8FFFF
00420A09 |. E8 82E2FEFF
fo.0040EC90
00420A0E |. C785 DCF8FFFF
00420A18 |. C785 E0F8FFFF
00420A22 |. C785 E4F8FFFF
00420A2C |. C645 FC 22
00420A30 |. 6A 00
00420A32 |. 6A 01
00420A34 |. 8D8D 80F6FFFF
00420A3A |. E8 21F1FEFF
fo.0040FB60
00420A3F |. 8D85 5CFEFFFF
00420A45 |. 50
OFFSET LOCAL.105
00420A46 |. 8B8D E8F8FFFF
00420A4C |. E8 0FEBFEFF
fo.0040F560
00420A51 |. F7D8
00420A53 |. 1BC0
00420A55 |. 83C0 01
00420A58 |. 0FB6C8
00420A5B |. F7D9
00420A5D |. 1BC9
00420A5F |. 83C1 01
00420A62 |. 0FB6D1
00420A65 |. 85D2
00420A67 |. 0F84 D1040000
00420A6D |. 8B85 E8F8FFFF
00420A73 |. 50
[LOCAL.454]
00420A74 |. 8D8D 5CFEFFFF
00420A7A |. E8 41A9FEFF
fo.0040B3C0
00420A7F |. 8B8D E8F8FFFF
00420A85 |. 8379 18 10
00420A89 |. 72 11
00420A8B |. 8B95 E8F8FFFF
00420A91 |. 8B42 04
00420A94 |. 8985 54ECFFFF
00420A9A |. EB 0F
00420A9C |> 8B8D E8F8FFFF
00420AA2 |. 83C1 04

|MOV EDX,DWORD PTR SS:[LOCAL.1130]


|ADD EDX,1
|PUSH EDX
|LEA EAX,[LOCAL.608]
|PUSH EAX

;
;
;
;
;

|MOV ECX,DWORD PTR SS:[LOCAL.1132]


|CALL 00422460

; |
; \SystemIn

|MOV DWORD PTR SS:[LOCAL.1258],EAX


|MOV ECX,DWORD PTR SS:[LOCAL.1258]
|MOV DWORD PTR SS:[LOCAL.1133],ECX
|MOV BYTE PTR SS:[LOCAL.1],20
|MOV EDX,DWORD PTR SS:[LOCAL.1133]
|PUSH EDX

; /Arg1 =>

|LEA ECX,[LOCAL.464]
|CALL 0040EC90

; |
; \SystemIn

|MOV DWORD PTR SS:[LOCAL.457],0


|MOV DWORD PTR SS:[LOCAL.456],0
|MOV DWORD PTR SS:[LOCAL.455],0
|MOV BYTE PTR SS:[LOCAL.1],22
|PUSH 0
|PUSH 1
|LEA ECX,[LOCAL.608]
|CALL 0040FB60

;
;
;
;

|LEA EAX,[LOCAL.105]
|PUSH EAX

; /Arg1 =>

|MOV ECX,DWORD PTR SS:[LOCAL.454]


|CALL 0040F560

; |
; \SystemIn

|NEG EAX
|SBB EAX,EAX
|ADD EAX,1
|MOVZX ECX,AL
|NEG ECX
|SBB ECX,ECX
|ADD ECX,1
|MOVZX EDX,CL
|TEST EDX,EDX
|JE 00420F3E
|MOV EAX,DWORD PTR SS:[LOCAL.454]
|PUSH EAX

; /Arg1 =>

|LEA ECX,[LOCAL.105]
|CALL 0040B3C0

; |
; \SystemIn

|MOV ECX,DWORD PTR SS:[LOCAL.454]


|CMP DWORD PTR DS:[ECX+18],10
|JB SHORT 00420A9C
|MOV EDX,DWORD PTR SS:[LOCAL.454]
|MOV EAX,DWORD PTR DS:[EDX+4]
|MOV DWORD PTR SS:[LOCAL.1259],EAX
|JMP SHORT 00420AAB
|MOV ECX,DWORD PTR SS:[LOCAL.454]
|ADD ECX,4

|
|
|Arg2
|
|Arg1 =>

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

00420AA5 |.
00420AAB |>
00420AB1 |.
[LOCAL.1259]
00420AB2 |.
fo.0040A8D0
00420AB7 |.
00420ABA |.
00420ABD |.
00420ABF |.
00420AC9 |.
00420ACB |>
00420AD1 |.
00420AD5 |.
00420AD7 |.
00420ADD |.
00420AE0 |.
00420AE6 |.
00420AE8 |>
00420AEE |.
00420AF1 |.
00420AF7 |>
00420AFD |.
[LOCAL.1261]
00420AFE |.
fo.0040A8D0
00420B03 |.
00420B06 |.
00420B0C |>
00420B12 |.
00420B16 |.
00420B18 |.
00420B1E |.
00420B21 |.
00420B27 |.
00420B29 |>
00420B2F |.
00420B32 |.
00420B38 |>
00420B3E |.
[LOCAL.1262]
00420B3F |.
fo.0040A8D0
00420B44 |.
00420B47 |.
00420B4A |.
00420B4C |.
"
00420B56 |.
00420B58 |>
00420B62 |>
00420B68 |.
00420B69 |.
D
00420B6B |.
00420B71 |.
00420B74 |.
00420B75 |.
00420B7B |.
fo.00424750

898D 54ECFFFF |MOV DWORD PTR SS:[LOCAL.1259],ECX


8B95 54ECFFFF |MOV EDX,DWORD PTR SS:[LOCAL.1259]
52
|PUSH EDX

; /Arg1 =>

E8 199EFEFF

|CALL 0040A8D0

; \SystemIn

83C4 04
83F8 03
73 0C
C785 50ECFFFF
EB 41
8B85 E8F8FFFF
8378 18 10
72 11
8B8D E8F8FFFF
8B51 04
8995 4CECFFFF
EB 0F
8B85 E8F8FFFF
83C0 04
8985 4CECFFFF
8B8D 4CECFFFF
51

|ADD ESP,4
|CMP EAX,3
|JNB SHORT 00420ACB
|MOV DWORD PTR SS:[LOCAL.1260],3
|JMP SHORT 00420B0C
|MOV EAX,DWORD PTR SS:[LOCAL.454]
|CMP DWORD PTR DS:[EAX+18],10
|JB SHORT 00420AE8
|MOV ECX,DWORD PTR SS:[LOCAL.454]
|MOV EDX,DWORD PTR DS:[ECX+4]
|MOV DWORD PTR SS:[LOCAL.1261],EDX
|JMP SHORT 00420AF7
|MOV EAX,DWORD PTR SS:[LOCAL.454]
|ADD EAX,4
|MOV DWORD PTR SS:[LOCAL.1261],EAX
|MOV ECX,DWORD PTR SS:[LOCAL.1261]
|PUSH ECX

; /Arg1 =>

E8 CD9DFEFF

|CALL 0040A8D0

; \SystemIn

83C4 04
8985 50ECFFFF
8B95 E8F8FFFF
837A 18 10
72 11
8B85 E8F8FFFF
8B48 04
898D 48ECFFFF
EB 0F
8B95 E8F8FFFF
83C2 04
8995 48ECFFFF
8B85 48ECFFFF
50

|ADD ESP,4
|MOV DWORD PTR SS:[LOCAL.1260],EAX
|MOV EDX,DWORD PTR SS:[LOCAL.454]
|CMP DWORD PTR DS:[EDX+18],10
|JB SHORT 00420B29
|MOV EAX,DWORD PTR SS:[LOCAL.454]
|MOV ECX,DWORD PTR DS:[EAX+4]
|MOV DWORD PTR SS:[LOCAL.1262],ECX
|JMP SHORT 00420B38
|MOV EDX,DWORD PTR SS:[LOCAL.454]
|ADD EDX,4
|MOV DWORD PTR SS:[LOCAL.1262],EDX
|MOV EAX,DWORD PTR SS:[LOCAL.1262]
|PUSH EAX

; /Arg1 =>

E8 8C9DFEFF

|CALL 0040A8D0

; \SystemIn

83C4 04
83F8 02
75 0C
C785 44ECFFFF

|ADD
|CMP
|JNE
|MOV

EB 0A
C785 44ECFFFF
8D8D 37F6FFFF
51
6A 2D

|JMP SHORT 00420B62


|MOV DWORD PTR SS:[LOCAL.1263],OFFSET 00
|LEA ECX,[LOCAL.627+3]
|PUSH ECX
; /Arg3
|PUSH 2D
; |Arg2 = 2

8B95 50ECFFFF
83C2 01
52
8D8D 38F6FFFF
E8 D03B0000

|MOV EDX,DWORD PTR SS:[LOCAL.1260]


|ADD EDX,1
|PUSH EDX
|LEA ECX,[LOCAL.626]
|CALL 00424750

ESP,4
EAX,2
SHORT 00420B58
DWORD PTR SS:[LOCAL.1263],OFFSET 00 ; ASCII "\:

;
;
;
;
;

|
|
|Arg1
|
\SystemIn

00420B80 |. C785 54F6FFFF


00420B8A |. C785 58F6FFFF
00420B94 |. C785 5CF6FFFF
00420B9E |. 8D85 38F6FFFF
00420BA4 |. 8985 40ECFFFF
00420BAA |. C645 FC 23
00420BAE |. 6A 0A
A
00420BB0 |. 8B4D 08
00420BB3 |. E8 08EAFEFF
fo.0040F5C0
00420BB8 |. 8B4D 08
00420BBB |. E8 00ECFEFF
fo.0040F7C0
00420BC0 |. 6A 06
00420BC2 |. 8D8D 24F6FFFF
00420BC8 |. 51
OFFSET LOCAL.631
00420BC9 |. E8 CACB0000
fo.0042D798
00420BCE |. 83C4 08
00420BD1 |. 8985 2CEEFFFF
00420BD7 |. 837D 08 00
00420BDB |. 75 0C
00420BDD |. C785 3CECFFFF
00420BE7 |. EB 11
00420BE9 |> 8B55 08
00420BEC |. 8B02
00420BEE |. 8B4D 08
00420BF1 |. 0348 04
00420BF4 |. 898D 3CECFFFF
00420BFA |> 8B95 2CEEFFFF
00420C00 |. 8B42 04
00420C03 |. 50
00420C04 |. 8B8D 3CECFFFF
00420C0A |. 51
00420C0B |. 8B95 2CEEFFFF
00420C11 |. 8B02
00420C13 |. FFD0
00420C15 |. 83C4 08
00420C18 |. 8B8D 44ECFFFF
00420C1E |. 51
00420C1F |. 8B95 E8F8FFFF
00420C25 |. 52
00420C26 |. 68 77874400
00420C2B |. 8B45 08
00420C2E |. 50
00420C2F |. E8 2C9DFEFF
00420C34 |. 83C4 08
00420C37 |. 50
00420C38 |. E8 23A2FEFF
00420C3D |. 83C4 08
00420C40 |. 50
00420C41 |. E8 1A9DFEFF
00420C46 |. 83C4 08
00420C49 |. 8985 28EEFFFF
00420C4F |. 6A 0A
A
00420C51 |. 8B8D 28EEFFFF
00420C57 |. E8 64E9FEFF

|MOV DWORD PTR SS:[LOCAL.619],0


|MOV DWORD PTR SS:[LOCAL.618],0
|MOV DWORD PTR SS:[LOCAL.617],0
|LEA EAX,[LOCAL.626]
|MOV DWORD PTR SS:[LOCAL.1264],EAX
|MOV BYTE PTR SS:[LOCAL.1],23
|PUSH 0A

; /Arg1 = 0

|MOV ECX,DWORD PTR SS:[ARG.1]


|CALL 0040F5C0

; |
; \SystemIn

|MOV ECX,DWORD PTR SS:[ARG.1]


|CALL 0040F7C0

; [SystemIn

|PUSH 6
|LEA ECX,[LOCAL.631]
|PUSH ECX

; /Arg2 = 6
; |
; |Arg1 =>

|CALL 0042D798

; \SystemIn

|ADD ESP,8
|MOV DWORD PTR SS:[LOCAL.1141],EAX
|CMP DWORD PTR SS:[ARG.1],0
|JNE SHORT 00420BE9
|MOV DWORD PTR SS:[LOCAL.1265],0
|JMP SHORT 00420BFA
|MOV EDX,DWORD PTR SS:[ARG.1]
|MOV EAX,DWORD PTR DS:[EDX]
|MOV ECX,DWORD PTR SS:[ARG.1]
|ADD ECX,DWORD PTR DS:[EAX+4]
|MOV DWORD PTR SS:[LOCAL.1265],ECX
|MOV EDX,DWORD PTR SS:[LOCAL.1141]
|MOV EAX,DWORD PTR DS:[EDX+4]
|PUSH EAX
|MOV ECX,DWORD PTR SS:[LOCAL.1265]
|PUSH ECX
|MOV EDX,DWORD PTR SS:[LOCAL.1141]
|MOV EAX,DWORD PTR DS:[EDX]
|CALL EAX
|ADD ESP,8
|MOV ECX,DWORD PTR SS:[LOCAL.1263]
|PUSH ECX
|MOV EDX,DWORD PTR SS:[LOCAL.454]
|PUSH EDX
|PUSH OFFSET 00448777
|MOV EAX,DWORD PTR SS:[ARG.1]
|PUSH EAX
|CALL 0040A960
|ADD ESP,8
|PUSH EAX
|CALL 0040AE60
|ADD ESP,8
|PUSH EAX
|CALL 0040A960
|ADD ESP,8
|MOV DWORD PTR SS:[LOCAL.1142],EAX
|PUSH 0A

; /Arg1 = 0

|MOV ECX,DWORD PTR SS:[LOCAL.1142]


|CALL 0040F5C0

; |
; \SystemIn

fo.0040F5C0
00420C5C |. 8B8D 28EEFFFF
00420C62 |. E8 59EBFEFF
fo.0040F7C0
00420C67 |. 6A 06
00420C69 |. 8D8D 2CF6FFFF
00420C6F |. 51
OFFSET LOCAL.629
00420C70 |. E8 23CB0000
fo.0042D798
00420C75 |. 83C4 08
00420C78 |. 8985 24EEFFFF
00420C7E |. 83BD 28EEFFFF
00420C85 |. 75 0C
00420C87 |. C785 38ECFFFF
00420C91 |. EB 17
00420C93 |> 8B95 28EEFFFF
00420C99 |. 8B02
00420C9B |. 8B8D 28EEFFFF
00420CA1 |. 0348 04
00420CA4 |. 898D 38ECFFFF
00420CAA |> 8B95 24EEFFFF
00420CB0 |. 8B42 04
00420CB3 |. 50
00420CB4 |. 8B8D 38ECFFFF
00420CBA |. 51
00420CBB |. 8B95 24EEFFFF
00420CC1 |. 8B02
00420CC3 |. FFD0
00420CC5 |. 83C4 08
00420CC8 |. 8B8D 40ECFFFF
00420CCE |. 51
00420CCF |. 68 77874400
00420CD4 |. 8B95 28EEFFFF
00420CDA |. 52
00420CDB |. E8 809CFEFF
00420CE0 |. 83C4 08
00420CE3 |. 50
00420CE4 |. E8 77A1FEFF
00420CE9 |. 83C4 08
00420CEC |. 8985 20EEFFFF
00420CF2 |. 6A 0A
A
00420CF4 |. 8B8D 20EEFFFF
00420CFA |. E8 C1E8FEFF
fo.0040F5C0
00420CFF |. 8B8D 20EEFFFF
00420D05 |. E8 B6EAFEFF
fo.0040F7C0
00420D0A |. 6A 06
00420D0C |. 8D85 60F6FFFF
00420D12 |. 50
OFFSET LOCAL.616
00420D13 |. E8 80CA0000
fo.0042D798
00420D18 |. 83C4 08
00420D1B |. 8985 1CEEFFFF
00420D21 |. 83BD 20EEFFFF
00420D28 |. 75 0C
00420D2A |. C785 34ECFFFF

|MOV ECX,DWORD PTR SS:[LOCAL.1142]


|CALL 0040F7C0

; [SystemIn

|PUSH 6
|LEA ECX,[LOCAL.629]
|PUSH ECX

; /Arg2 = 6
; |
; |Arg1 =>

|CALL 0042D798

; \SystemIn

|ADD ESP,8
|MOV DWORD PTR SS:[LOCAL.1143],EAX
|CMP DWORD PTR SS:[LOCAL.1142],0
|JNE SHORT 00420C93
|MOV DWORD PTR SS:[LOCAL.1266],0
|JMP SHORT 00420CAA
|MOV EDX,DWORD PTR SS:[LOCAL.1142]
|MOV EAX,DWORD PTR DS:[EDX]
|MOV ECX,DWORD PTR SS:[LOCAL.1142]
|ADD ECX,DWORD PTR DS:[EAX+4]
|MOV DWORD PTR SS:[LOCAL.1266],ECX
|MOV EDX,DWORD PTR SS:[LOCAL.1143]
|MOV EAX,DWORD PTR DS:[EDX+4]
|PUSH EAX
|MOV ECX,DWORD PTR SS:[LOCAL.1266]
|PUSH ECX
|MOV EDX,DWORD PTR SS:[LOCAL.1143]
|MOV EAX,DWORD PTR DS:[EDX]
|CALL EAX
|ADD ESP,8
|MOV ECX,DWORD PTR SS:[LOCAL.1264]
|PUSH ECX
|PUSH OFFSET 00448777
|MOV EDX,DWORD PTR SS:[LOCAL.1142]
|PUSH EDX
|CALL 0040A960
|ADD ESP,8
|PUSH EAX
|CALL 0040AE60
|ADD ESP,8
|MOV DWORD PTR SS:[LOCAL.1144],EAX
|PUSH 0A

; /Arg1 = 0

|MOV ECX,DWORD PTR SS:[LOCAL.1144]


|CALL 0040F5C0

; |
; \SystemIn

|MOV ECX,DWORD PTR SS:[LOCAL.1144]


|CALL 0040F7C0

; [SystemIn

|PUSH 6
|LEA EAX,[LOCAL.616]
|PUSH EAX

; /Arg2 = 6
; |
; |Arg1 =>

|CALL 0042D798

; \SystemIn

|ADD
|MOV
|CMP
|JNE
|MOV

ESP,8
DWORD
DWORD
SHORT
DWORD

PTR SS:[LOCAL.1145],EAX
PTR SS:[LOCAL.1144],0
00420D36
PTR SS:[LOCAL.1267],0

00420D34 |. EB 17
00420D36 |> 8B8D 20EEFFFF
00420D3C |. 8B11
00420D3E |. 8B85 20EEFFFF
00420D44 |. 0342 04
00420D47 |. 8985 34ECFFFF
00420D4D |> 8B8D 1CEEFFFF
00420D53 |. 8B51 04
00420D56 |. 52
00420D57 |. 8B85 34ECFFFF
00420D5D |. 50
00420D5E |. 8B8D 1CEEFFFF
00420D64 |. 8B11
00420D66 |. FFD2
00420D68 |. 83C4 08
00420D6B |. 6A 14
4
00420D6D |. 8D85 68F6FFFF
00420D73 |. 50
OFFSET LOCAL.614
00420D74 |. E8 1FCA0000
fo.0042D798
00420D79 |. 83C4 08
00420D7C |. 8985 14EEFFFF
00420D82 |. 68 77874400
00420D87 |. 8B8D 20EEFFFF
00420D8D |. 51
00420D8E |. E8 CD9BFEFF
00420D93 |. 83C4 08
00420D96 |. 8985 18EEFFFF
00420D9C |. 83BD 18EEFFFF
00420DA3 |. 75 0C
00420DA5 |. C785 30ECFFFF
00420DAF |. EB 17
00420DB1 |> 8B95 18EEFFFF
00420DB7 |. 8B02
00420DB9 |. 8B8D 18EEFFFF
00420DBF |. 0348 04
00420DC2 |. 898D 30ECFFFF
00420DC8 |> 8B95 14EEFFFF
00420DCE |. 8B42 04
00420DD1 |. 50
00420DD2 |. 8B8D 30ECFFFF
00420DD8 |. 51
00420DD9 |. 8B95 14EEFFFF
00420DDF |. 8B02
00420DE1 |. FFD0
00420DE3 |. 83C4 08
00420DE6 |. 6A 0F
F
00420DE8 |. 8D8D 70F6FFFF
00420DEE |. 51
OFFSET LOCAL.612
00420DEF |. E8 A4C90000
fo.0042D798
00420DF4 |. 83C4 08
00420DF7 |. 8985 0CEEFFFF
00420DFD |. 68 2C9A4400
L"
00420E02 |. 8B95 18EEFFFF

|JMP SHORT 00420D4D


|MOV ECX,DWORD PTR SS:[LOCAL.1144]
|MOV EDX,DWORD PTR DS:[ECX]
|MOV EAX,DWORD PTR SS:[LOCAL.1144]
|ADD EAX,DWORD PTR DS:[EDX+4]
|MOV DWORD PTR SS:[LOCAL.1267],EAX
|MOV ECX,DWORD PTR SS:[LOCAL.1145]
|MOV EDX,DWORD PTR DS:[ECX+4]
|PUSH EDX
|MOV EAX,DWORD PTR SS:[LOCAL.1267]
|PUSH EAX
|MOV ECX,DWORD PTR SS:[LOCAL.1145]
|MOV EDX,DWORD PTR DS:[ECX]
|CALL EDX
|ADD ESP,8
|PUSH 14

; /Arg2 = 1

|LEA EAX,[LOCAL.614]
|PUSH EAX

; |
; |Arg1 =>

|CALL 0042D798

; \SystemIn

|ADD ESP,8
|MOV DWORD PTR SS:[LOCAL.1147],EAX
|PUSH OFFSET 00448777
|MOV ECX,DWORD PTR SS:[LOCAL.1144]
|PUSH ECX
|CALL 0040A960
|ADD ESP,8
|MOV DWORD PTR SS:[LOCAL.1146],EAX
|CMP DWORD PTR SS:[LOCAL.1146],0
|JNE SHORT 00420DB1
|MOV DWORD PTR SS:[LOCAL.1268],0
|JMP SHORT 00420DC8
|MOV EDX,DWORD PTR SS:[LOCAL.1146]
|MOV EAX,DWORD PTR DS:[EDX]
|MOV ECX,DWORD PTR SS:[LOCAL.1146]
|ADD ECX,DWORD PTR DS:[EAX+4]
|MOV DWORD PTR SS:[LOCAL.1268],ECX
|MOV EDX,DWORD PTR SS:[LOCAL.1147]
|MOV EAX,DWORD PTR DS:[EDX+4]
|PUSH EAX
|MOV ECX,DWORD PTR SS:[LOCAL.1268]
|PUSH ECX
|MOV EDX,DWORD PTR SS:[LOCAL.1147]
|MOV EAX,DWORD PTR DS:[EDX]
|CALL EAX
|ADD ESP,8
|PUSH 0F

; /Arg2 = 0

|LEA ECX,[LOCAL.612]
|PUSH ECX

; |
; |Arg1 =>

|CALL 0042D798

; \SystemIn

|ADD ESP,8
|MOV DWORD PTR SS:[LOCAL.1149],EAX
|PUSH OFFSET 00449A2C

; ASCII "DL

|MOV EDX,DWORD PTR SS:[LOCAL.1146]

00420E08 |. 52
00420E09 |. E8 529BFEFF
00420E0E |. 83C4 08
00420E11 |. 8985 10EEFFFF
00420E17 |. 83BD 10EEFFFF
00420E1E |. 75 0C
00420E20 |. C785 2CECFFFF
00420E2A |. EB 17
00420E2C |> 8B85 10EEFFFF
00420E32 |. 8B08
00420E34 |. 8B95 10EEFFFF
00420E3A |. 0351 04
00420E3D |. 8995 2CECFFFF
00420E43 |> 8B85 0CEEFFFF
00420E49 |. 8B48 04
00420E4C |. 51
00420E4D |. 8B95 2CECFFFF
00420E53 |. 52
00420E54 |. 8B85 0CEEFFFF
00420E5A |. 8B08
00420E5C |. FFD1
00420E5E |. 83C4 08
00420E61 |. 6A 0F
F
00420E63 |. 8D95 78F6FFFF
00420E69 |. 52
OFFSET LOCAL.610
00420E6A |. E8 29C90000
fo.0042D798
00420E6F |. 83C4 08
00420E72 |. 8985 04EEFFFF
00420E78 |. 68 1C9A4400
oduct Ver."
00420E7D |. 8B85 10EEFFFF
00420E83 |. 50
00420E84 |. E8 D79AFEFF
00420E89 |. 83C4 08
00420E8C |. 8985 08EEFFFF
00420E92 |. 83BD 08EEFFFF
00420E99 |. 75 0C
00420E9B |. C785 28ECFFFF
00420EA5 |. EB 17
00420EA7 |> 8B8D 08EEFFFF
00420EAD |. 8B11
00420EAF |. 8B85 08EEFFFF
00420EB5 |. 0342 04
00420EB8 |. 8985 28ECFFFF
00420EBE |> 8B8D 04EEFFFF
00420EC4 |. 8B51 04
00420EC7 |. 52
00420EC8 |. 8B85 28ECFFFF
00420ECE |. 50
00420ECF |. 8B8D 04EEFFFF
00420ED5 |. 8B11
00420ED7 |. FFD2
00420ED9 |. 83C4 08
00420EDC |. 68 109A4400
scription"
00420EE1 |. 68 009A4400
le Version"

|PUSH EDX
|CALL 0040A960
|ADD ESP,8
|MOV DWORD PTR SS:[LOCAL.1148],EAX
|CMP DWORD PTR SS:[LOCAL.1148],0
|JNE SHORT 00420E2C
|MOV DWORD PTR SS:[LOCAL.1269],0
|JMP SHORT 00420E43
|MOV EAX,DWORD PTR SS:[LOCAL.1148]
|MOV ECX,DWORD PTR DS:[EAX]
|MOV EDX,DWORD PTR SS:[LOCAL.1148]
|ADD EDX,DWORD PTR DS:[ECX+4]
|MOV DWORD PTR SS:[LOCAL.1269],EDX
|MOV EAX,DWORD PTR SS:[LOCAL.1149]
|MOV ECX,DWORD PTR DS:[EAX+4]
|PUSH ECX
|MOV EDX,DWORD PTR SS:[LOCAL.1269]
|PUSH EDX
|MOV EAX,DWORD PTR SS:[LOCAL.1149]
|MOV ECX,DWORD PTR DS:[EAX]
|CALL ECX
|ADD ESP,8
|PUSH 0F

; /Arg2 = 0

|LEA EDX,[LOCAL.610]
|PUSH EDX

; |
; |Arg1 =>

|CALL 0042D798

; \SystemIn

|ADD ESP,8
|MOV DWORD PTR SS:[LOCAL.1151],EAX
|PUSH OFFSET 00449A1C

; ASCII "Pr

|MOV EAX,DWORD PTR SS:[LOCAL.1148]


|PUSH EAX
|CALL 0040A960
|ADD ESP,8
|MOV DWORD PTR SS:[LOCAL.1150],EAX
|CMP DWORD PTR SS:[LOCAL.1150],0
|JNE SHORT 00420EA7
|MOV DWORD PTR SS:[LOCAL.1270],0
|JMP SHORT 00420EBE
|MOV ECX,DWORD PTR SS:[LOCAL.1150]
|MOV EDX,DWORD PTR DS:[ECX]
|MOV EAX,DWORD PTR SS:[LOCAL.1150]
|ADD EAX,DWORD PTR DS:[EDX+4]
|MOV DWORD PTR SS:[LOCAL.1270],EAX
|MOV ECX,DWORD PTR SS:[LOCAL.1151]
|MOV EDX,DWORD PTR DS:[ECX+4]
|PUSH EDX
|MOV EAX,DWORD PTR SS:[LOCAL.1270]
|PUSH EAX
|MOV ECX,DWORD PTR SS:[LOCAL.1151]
|MOV EDX,DWORD PTR DS:[ECX]
|CALL EDX
|ADD ESP,8
|PUSH OFFSET 00449A10

; ASCII "De

|PUSH OFFSET 00449A00

; ASCII "Fi

00420EE6 |. 8B85 08EEFFFF


00420EEC |. 50
00420EED |. E8 6E9AFEFF
00420EF2 |. 83C4 08
00420EF5 |. 50
00420EF6 |. E8 659AFEFF
00420EFB |. 83C4 08
00420EFE |. 8985 00EEFFFF
00420F04 |. 6A 0A
A
00420F06 |. 8B8D 00EEFFFF
00420F0C |. E8 AFE6FEFF
fo.0040F5C0
00420F11 |. 8B8D 00EEFFFF
00420F17 |. E8 A4E8FEFF
fo.0040F7C0
00420F1C |. C645 FC 24
00420F20 |. 8D8D 38F6FFFF
00420F26 |. E8 55D8FEFF
fo.0040E780
00420F2B |. C645 FC 22
00420F2F |. 6A 00
00420F31 |. 6A 01
00420F33 |. 8D8D 38F6FFFF
00420F39 |. E8 22ECFEFF
fo.0040FB60
00420F3E |> 68 80874400
ystemInfo.448780
00420F43 |. 8D8D C0F8FFFF
00420F49 |. 51
OFFSET LOCAL.464
00420F4A |. 8D95 FCF5FFFF
00420F50 |. 52
OFFSET LOCAL.641
00420F51 |. E8 9ADAFEFF
fo.0040E9F0
00420F56 |. 83C4 0C
00420F59 |. 8985 24ECFFFF
00420F5F |. 8B85 24ECFFFF
00420F65 |. 8985 20ECFFFF
00420F6B |. C645 FC 25
00420F6F |. 6A 06
00420F71 |. 8D8D ECF5FFFF
00420F77 |. 51
OFFSET LOCAL.645
00420F78 |. E8 1BC80000
fo.0042D798
00420F7D |. 83C4 08
00420F80 |. 8985 FCEDFFFF
00420F86 |. 837D 08 00
00420F8A |. 75 0C
00420F8C |. C785 1CECFFFF
00420F96 |. EB 11
00420F98 |> 8B55 08
00420F9B |. 8B02
00420F9D |. 8B4D 08
00420FA0 |. 0348 04
00420FA3 |. 898D 1CECFFFF
00420FA9 |> 8B95 FCEDFFFF
00420FAF |. 8B42 04

|MOV EAX,DWORD PTR SS:[LOCAL.1150]


|PUSH EAX
|CALL 0040A960
|ADD ESP,8
|PUSH EAX
|CALL 0040A960
|ADD ESP,8
|MOV DWORD PTR SS:[LOCAL.1152],EAX
|PUSH 0A

; /Arg1 = 0

|MOV ECX,DWORD PTR SS:[LOCAL.1152]


|CALL 0040F5C0

; |
; \SystemIn

|MOV ECX,DWORD PTR SS:[LOCAL.1152]


|CALL 0040F7C0

; [SystemIn

|MOV BYTE PTR SS:[LOCAL.1],24


|LEA ECX,[LOCAL.626]
|CALL 0040E780

; [SystemIn

|MOV BYTE PTR SS:[LOCAL.1],22


|PUSH 0
|PUSH 1
|LEA ECX,[LOCAL.626]
|CALL 0040FB60

;
;
;
;

|PUSH OFFSET 00448780

; /Arg3 = S

|LEA ECX,[LOCAL.464]
|PUSH ECX

; |
; |Arg2 =>

|LEA EDX,[LOCAL.641]
|PUSH EDX

; |
; |Arg1 =>

|CALL 0040E9F0

; \SystemIn

|ADD ESP,0C
|MOV DWORD PTR SS:[LOCAL.1271],EAX
|MOV EAX,DWORD PTR SS:[LOCAL.1271]
|MOV DWORD PTR SS:[LOCAL.1272],EAX
|MOV BYTE PTR SS:[LOCAL.1],25
|PUSH 6
|LEA ECX,[LOCAL.645]
|PUSH ECX

; /Arg2 = 6
; |
; |Arg1 =>

|CALL 0042D798

; \SystemIn

|ADD
|MOV
|CMP
|JNE
|MOV
|JMP
|MOV
|MOV
|MOV
|ADD
|MOV
|MOV
|MOV

ESP,8
DWORD PTR SS:[LOCAL.1153],EAX
DWORD PTR SS:[ARG.1],0
SHORT 00420F98
DWORD PTR SS:[LOCAL.1273],0
SHORT 00420FA9
EDX,DWORD PTR SS:[ARG.1]
EAX,DWORD PTR DS:[EDX]
ECX,DWORD PTR SS:[ARG.1]
ECX,DWORD PTR DS:[EAX+4]
DWORD PTR SS:[LOCAL.1273],ECX
EDX,DWORD PTR SS:[LOCAL.1153]
EAX,DWORD PTR DS:[EDX+4]

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

00420FB2 |. 50
00420FB3 |. 8B8D 1CECFFFF
00420FB9 |. 51
00420FBA |. 8B95 FCEDFFFF
00420FC0 |. 8B02
00420FC2 |. FFD0
00420FC4 |. 83C4 08
00420FC7 |. 6A 14
4
00420FC9 |. 8D8D F4F5FFFF
00420FCF |. 51
OFFSET LOCAL.643
00420FD0 |. E8 C3C70000
fo.0042D798
00420FD5 |. 83C4 08
00420FD8 |. 8985 F4EDFFFF
00420FDE |. 68 77874400
00420FE3 |. 8B55 08
00420FE6 |. 52
00420FE7 |. E8 7499FEFF
00420FEC |. 83C4 08
00420FEF |. 8985 F8EDFFFF
00420FF5 |. 83BD F8EDFFFF
00420FFC |. 75 0C
00420FFE |. C785 18ECFFFF
00421008 |. EB 17
0042100A |> 8B85 F8EDFFFF
00421010 |. 8B08
00421012 |. 8B95 F8EDFFFF
00421018 |. 0351 04
0042101B |. 8995 18ECFFFF
00421021 |> 8B85 F4EDFFFF
00421027 |. 8B48 04
0042102A |. 51
0042102B |. 8B95 18ECFFFF
00421031 |. 52
00421032 |. 8B85 F4EDFFFF
00421038 |. 8B08
0042103A |. FFD1
0042103C |. 83C4 08
0042103F |. 8B95 20ECFFFF
00421045 |. 52
00421046 |. 8B85 F8EDFFFF
0042104C |. 50
0042104D |. E8 0E9EFEFF
00421052 |. 83C4 08
00421055 |. C645 FC 26
00421059 |. 8D8D FCF5FFFF
0042105F |. E8 1CD7FEFF
fo.0040E780
00421064 |. C645 FC 22
00421068 |. 6A 00
0042106A |. 6A 01
0042106C |. 8D8D FCF5FFFF
00421072 |. E8 E9EAFEFF
fo.0040FB60
00421077 |. 8B8D ECF8FFFF
0042107D |. 33D2
0042107F |. 8379 64 00
00421083 |. 0F94C2

|PUSH EAX
|MOV ECX,DWORD PTR SS:[LOCAL.1273]
|PUSH ECX
|MOV EDX,DWORD PTR SS:[LOCAL.1153]
|MOV EAX,DWORD PTR DS:[EDX]
|CALL EAX
|ADD ESP,8
|PUSH 14

; /Arg2 = 1

|LEA ECX,[LOCAL.643]
|PUSH ECX

; |
; |Arg1 =>

|CALL 0042D798

; \SystemIn

|ADD ESP,8
|MOV DWORD PTR SS:[LOCAL.1155],EAX
|PUSH OFFSET 00448777
|MOV EDX,DWORD PTR SS:[ARG.1]
|PUSH EDX
|CALL 0040A960
|ADD ESP,8
|MOV DWORD PTR SS:[LOCAL.1154],EAX
|CMP DWORD PTR SS:[LOCAL.1154],0
|JNE SHORT 0042100A
|MOV DWORD PTR SS:[LOCAL.1274],0
|JMP SHORT 00421021
|MOV EAX,DWORD PTR SS:[LOCAL.1154]
|MOV ECX,DWORD PTR DS:[EAX]
|MOV EDX,DWORD PTR SS:[LOCAL.1154]
|ADD EDX,DWORD PTR DS:[ECX+4]
|MOV DWORD PTR SS:[LOCAL.1274],EDX
|MOV EAX,DWORD PTR SS:[LOCAL.1155]
|MOV ECX,DWORD PTR DS:[EAX+4]
|PUSH ECX
|MOV EDX,DWORD PTR SS:[LOCAL.1274]
|PUSH EDX
|MOV EAX,DWORD PTR SS:[LOCAL.1155]
|MOV ECX,DWORD PTR DS:[EAX]
|CALL ECX
|ADD ESP,8
|MOV EDX,DWORD PTR SS:[LOCAL.1272]
|PUSH EDX
|MOV EAX,DWORD PTR SS:[LOCAL.1154]
|PUSH EAX
|CALL 0040AE60
|ADD ESP,8
|MOV BYTE PTR SS:[LOCAL.1],26
|LEA ECX,[LOCAL.641]
|CALL 0040E780

; [SystemIn

|MOV BYTE PTR SS:[LOCAL.1],22


|PUSH 0
|PUSH 1
|LEA ECX,[LOCAL.641]
|CALL 0040FB60

;
;
;
;

|MOV ECX,DWORD PTR SS:[LOCAL.453]


|XOR EDX,EDX
|CMP DWORD PTR DS:[ECX+64],0
|SETE DL

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

00421086 |. 0FB6C2
00421089 |. 85C0
0042108B |. 0F85 AE010000
00421091 |. 8B8D ECF8FFFF
00421097 |. 33D2
00421099 |. 8379 3C 00
0042109D |. 0F94C2
004210A0 |. 0FB6C2
004210A3 |. 85C0
004210A5 |. 0F85 94010000
004210AB |. 68 80874400
ystemInfo.448780
004210B0 |. 8B8D ECF8FFFF
004210B6 |. 83C1 28
004210B9 |. 51
004210BA |. 8D95 C4F5FFFF
004210C0 |. 52
OFFSET LOCAL.655
004210C1 |. E8 2AD9FEFF
fo.0040E9F0
004210C6 |. 83C4 0C
004210C9 |. 8985 14ECFFFF
004210CF |. 8B85 14ECFFFF
004210D5 |. 8985 10ECFFFF
004210DB |. C645 FC 27
004210DF |. 68 80874400
ystemInfo.448780
004210E4 |. 8B8D ECF8FFFF
004210EA |. 83C1 50
004210ED |. 51
004210EE |. 8D95 94F5FFFF
004210F4 |. 52
OFFSET LOCAL.667
004210F5 |. E8 F6D8FEFF
fo.0040E9F0
004210FA |. 83C4 0C
004210FD |. 8985 0CECFFFF
00421103 |. 8B85 0CECFFFF
00421109 |. 8985 08ECFFFF
0042110F |. C645 FC 28
00421113 |. 6A 0F
F
00421115 |. 8D8D 8CF5FFFF
0042111B |. 51
OFFSET LOCAL.669
0042111C |. E8 77C60000
fo.0042D798
00421121 |. 83C4 08
00421124 |. 8985 E0EDFFFF
0042112A |. 837D 08 00
0042112E |. 75 0C
00421130 |. C785 04ECFFFF
0042113A |. EB 11
0042113C |> 8B55 08
0042113F |. 8B02
00421141 |. 8B4D 08
00421144 |. 0348 04
00421147 |. 898D 04ECFFFF
0042114D |> 8B95 E0EDFFFF
00421153 |. 8B42 04

|MOVZX EAX,DL
|TEST EAX,EAX
|JNE 0042123F
|MOV ECX,DWORD PTR SS:[LOCAL.453]
|XOR EDX,EDX
|CMP DWORD PTR DS:[ECX+3C],0
|SETE DL
|MOVZX EAX,DL
|TEST EAX,EAX
|JNE 0042123F
|PUSH OFFSET 00448780

; /Arg3 = S

|MOV ECX,DWORD PTR SS:[LOCAL.453]


|ADD ECX,28
|PUSH ECX
|LEA EDX,[LOCAL.655]
|PUSH EDX

;
;
;
;
;

|CALL 0040E9F0

; \SystemIn

|ADD ESP,0C
|MOV DWORD PTR SS:[LOCAL.1275],EAX
|MOV EAX,DWORD PTR SS:[LOCAL.1275]
|MOV DWORD PTR SS:[LOCAL.1276],EAX
|MOV BYTE PTR SS:[LOCAL.1],27
|PUSH OFFSET 00448780

; /Arg3 = S

|MOV ECX,DWORD PTR SS:[LOCAL.453]


|ADD ECX,50
|PUSH ECX
|LEA EDX,[LOCAL.667]
|PUSH EDX

;
;
;
;
;

|CALL 0040E9F0

; \SystemIn

|ADD ESP,0C
|MOV DWORD PTR SS:[LOCAL.1277],EAX
|MOV EAX,DWORD PTR SS:[LOCAL.1277]
|MOV DWORD PTR SS:[LOCAL.1278],EAX
|MOV BYTE PTR SS:[LOCAL.1],28
|PUSH 0F

; /Arg2 = 0

|LEA ECX,[LOCAL.669]
|PUSH ECX

; |
; |Arg1 =>

|CALL 0042D798

; \SystemIn

|ADD
|MOV
|CMP
|JNE
|MOV
|JMP
|MOV
|MOV
|MOV
|ADD
|MOV
|MOV
|MOV

ESP,8
DWORD PTR SS:[LOCAL.1160],EAX
DWORD PTR SS:[ARG.1],0
SHORT 0042113C
DWORD PTR SS:[LOCAL.1279],0
SHORT 0042114D
EDX,DWORD PTR SS:[ARG.1]
EAX,DWORD PTR DS:[EDX]
ECX,DWORD PTR SS:[ARG.1]
ECX,DWORD PTR DS:[EAX+4]
DWORD PTR SS:[LOCAL.1279],ECX
EDX,DWORD PTR SS:[LOCAL.1160]
EAX,DWORD PTR DS:[EDX+4]

|
|
|Arg2
|
|Arg1 =>

|
|
|Arg2
|
|Arg1 =>

00421156 |. 50
00421157 |. 8B8D 04ECFFFF
0042115D |. 51
0042115E |. 8B95 E0EDFFFF
00421164 |. 8B02
00421166 |. FFD0
00421168 |. 83C4 08
0042116B |. 6A 0F
F
0042116D |. 8D8D BCF5FFFF
00421173 |. 51
OFFSET LOCAL.657
00421174 |. E8 1FC60000
fo.0042D798
00421179 |. 83C4 08
0042117C |. 8985 D8EDFFFF
00421182 |. 8B95 08ECFFFF
00421188 |. 52
00421189 |. 8B45 08
0042118C |. 50
0042118D |. E8 CE9CFEFF
00421192 |. 83C4 08
00421195 |. 8985 DCEDFFFF
0042119B |. 83BD DCEDFFFF
004211A2 |. 75 0C
004211A4 |. C785 00ECFFFF
004211AE |. EB 17
004211B0 |> 8B8D DCEDFFFF
004211B6 |. 8B11
004211B8 |. 8B85 DCEDFFFF
004211BE |. 0342 04
004211C1 |. 8985 00ECFFFF
004211C7 |> 8B8D D8EDFFFF
004211CD |. 8B51 04
004211D0 |. 52
004211D1 |. 8B85 00ECFFFF
004211D7 |. 50
004211D8 |. 8B8D D8EDFFFF
004211DE |. 8B11
004211E0 |. FFD2
004211E2 |. 83C4 08
004211E5 |. 8B85 10ECFFFF
004211EB |. 50
004211EC |. 8B8D DCEDFFFF
004211F2 |. 51
004211F3 |. E8 689CFEFF
004211F8 |. 83C4 08
004211FB |. C645 FC 29
004211FF |. 8D8D 94F5FFFF
00421205 |. E8 76D5FEFF
fo.0040E780
0042120A |. C645 FC 27
0042120E |. 6A 00
00421210 |. 6A 01
00421212 |. 8D8D 94F5FFFF
00421218 |. E8 43E9FEFF
fo.0040FB60
0042121D |. C645 FC 2A
00421221 |. 8D8D C4F5FFFF
00421227 |. E8 54D5FEFF

|PUSH EAX
|MOV ECX,DWORD PTR SS:[LOCAL.1279]
|PUSH ECX
|MOV EDX,DWORD PTR SS:[LOCAL.1160]
|MOV EAX,DWORD PTR DS:[EDX]
|CALL EAX
|ADD ESP,8
|PUSH 0F

; /Arg2 = 0

|LEA ECX,[LOCAL.657]
|PUSH ECX

; |
; |Arg1 =>

|CALL 0042D798

; \SystemIn

|ADD ESP,8
|MOV DWORD PTR SS:[LOCAL.1162],EAX
|MOV EDX,DWORD PTR SS:[LOCAL.1278]
|PUSH EDX
|MOV EAX,DWORD PTR SS:[ARG.1]
|PUSH EAX
|CALL 0040AE60
|ADD ESP,8
|MOV DWORD PTR SS:[LOCAL.1161],EAX
|CMP DWORD PTR SS:[LOCAL.1161],0
|JNE SHORT 004211B0
|MOV DWORD PTR SS:[LOCAL.1280],0
|JMP SHORT 004211C7
|MOV ECX,DWORD PTR SS:[LOCAL.1161]
|MOV EDX,DWORD PTR DS:[ECX]
|MOV EAX,DWORD PTR SS:[LOCAL.1161]
|ADD EAX,DWORD PTR DS:[EDX+4]
|MOV DWORD PTR SS:[LOCAL.1280],EAX
|MOV ECX,DWORD PTR SS:[LOCAL.1162]
|MOV EDX,DWORD PTR DS:[ECX+4]
|PUSH EDX
|MOV EAX,DWORD PTR SS:[LOCAL.1280]
|PUSH EAX
|MOV ECX,DWORD PTR SS:[LOCAL.1162]
|MOV EDX,DWORD PTR DS:[ECX]
|CALL EDX
|ADD ESP,8
|MOV EAX,DWORD PTR SS:[LOCAL.1276]
|PUSH EAX
|MOV ECX,DWORD PTR SS:[LOCAL.1161]
|PUSH ECX
|CALL 0040AE60
|ADD ESP,8
|MOV BYTE PTR SS:[LOCAL.1],29
|LEA ECX,[LOCAL.667]
|CALL 0040E780

; [SystemIn

|MOV BYTE PTR SS:[LOCAL.1],27


|PUSH 0
|PUSH 1
|LEA ECX,[LOCAL.667]
|CALL 0040FB60

;
;
;
;

|MOV BYTE PTR SS:[LOCAL.1],2A


|LEA ECX,[LOCAL.655]
|CALL 0040E780

; [SystemIn

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

fo.0040E780
0042122C |.
00421230 |.
00421232 |.
00421234 |.
0042123A |.
fo.0040FB60
0042123F |>
00421245 |.
00421246 |.
00421249 |.
0042124A |.
0042124F |.
00421252 |.
00421258 |.
A
0042125A |.
00421260 |.
fo.0040F5C0
00421265 |.
0042126B |.
fo.0040F7C0
00421270 |.
00421274 |.
0042127A |.
fo.0040E780
0042127F |.
00421283 |.
00421285 |.
00421287 |.
0042128D |.
fo.0040FB60
00421292 |.^
00421297 |>
0042129B |.
0042129D |.
004212A7 |.
004212A9 |>
004212AC |.
004212AE |.
004212B1 |.
004212B4 |.
004212BA |>
004212C0 |.
004212C3 |.
004212C9 |.
004212CE |.
004212D0 |.
004212D6 |.
004212D9 |.
004212DE |.
004212E4 |.
004212EA |.
004212EC |.
004212F2 |.
004212F5 |.
004212F8 |.
004212FE |.
00421304 |.
[LOCAL.670]

C645 FC 22
6A 00
6A 01
8D8D C4F5FFFF
E8 21E9FEFF

|MOV BYTE PTR SS:[LOCAL.1],22


|PUSH 0
|PUSH 1
|LEA ECX,[LOCAL.655]
|CALL 0040FB60

;
;
;
;

8B95 ECF8FFFF
52
8B45 08
50
E8 119CFEFF
83C4 08
8985 A8EDFFFF
6A 0A

|MOV EDX,DWORD PTR SS:[LOCAL.453]


|PUSH EDX
|MOV EAX,DWORD PTR SS:[ARG.1]
|PUSH EAX
|CALL 0040AE60
|ADD ESP,8
|MOV DWORD PTR SS:[LOCAL.1174],EAX
|PUSH 0A

; /Arg1 = 0

8B8D A8EDFFFF |MOV ECX,DWORD PTR SS:[LOCAL.1174]


E8 5BE3FEFF |CALL 0040F5C0

; |
; \SystemIn

8B8D A8EDFFFF |MOV ECX,DWORD PTR SS:[LOCAL.1174]


E8 50E5FEFF |CALL 0040F7C0

; [SystemIn

C645 FC 2B
|MOV BYTE PTR SS:[LOCAL.1],2B
8D8D C0F8FFFF |LEA ECX,[LOCAL.464]
E8 01D5FEFF |CALL 0040E780

; [SystemIn

C645 FC 1F
6A 00
6A 01
8D8D C0F8FFFF
E8 CEE8FEFF

|MOV BYTE PTR SS:[LOCAL.1],1F


|PUSH 0
|PUSH 1
|LEA ECX,[LOCAL.464]
|CALL 0040FB60

;
;
;
;

E9 41F6FFFF
837D 08 00
75 0C
C785 94EDFFFF
EB 11
8B4D 08
8B11
8B45 08
0342 04
8985 94EDFFFF
8B8D 94EDFFFF
8B51 10
8995 98EDFFFF
B8 C0010000
F7D0
8B8D 94EDFFFF
2341 10
BA 80000000
81E2 C0010000
81E2 FFFF0000
0BC2
8B8D 94EDFFFF
8941 10
8B55 88
8995 88F5FFFF
8B85 88F5FFFF
50

\JMP 004208D8
CMP DWORD PTR SS:[ARG.1],0
JNE SHORT 004212A9
MOV DWORD PTR SS:[LOCAL.1179],0
JMP SHORT 004212BA
MOV ECX,DWORD PTR SS:[ARG.1]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[ARG.1]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.1179],EAX
MOV ECX,DWORD PTR SS:[LOCAL.1179]
MOV EDX,DWORD PTR DS:[ECX+10]
MOV DWORD PTR SS:[LOCAL.1178],EDX
MOV EAX,1C0
NOT EAX
MOV ECX,DWORD PTR SS:[LOCAL.1179]
AND EAX,DWORD PTR DS:[ECX+10]
MOV EDX,80
AND EDX,000001C0
AND EDX,0000FFFF
OR EAX,EDX
MOV ECX,DWORD PTR SS:[LOCAL.1179]
MOV DWORD PTR DS:[ECX+10],EAX
MOV EDX,DWORD PTR SS:[LOCAL.30]
MOV DWORD PTR SS:[LOCAL.670],EDX
MOV EAX,DWORD PTR SS:[LOCAL.670]
PUSH EAX

; /Arg1 =>

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

00421305 |. E8 F6E40000
fo.0042F800
0042130A |. 83C4 04
0042130D |. C645 FC 2C
00421311 |. 8D8D 5CFEFFFF
00421317 |. E8 64D4FEFF
fo.0040E780
0042131C |. C645 FC 19
00421320 |. 6A 00
00421322 |. 6A 01
00421324 |. 8D8D 5CFEFFFF
0042132A |. E8 31E8FEFF
fo.0040FB60
0042132F |. C645 FC 00
00421333 |. 8D4D C0
00421336 |. E8 35000000
fo.00421370
0042133B |. C745 FC FFFFF
00421342 |. 8D4D A0
00421345 |. E8 46310000
0042134A |> 8B4D F4
0042134D |. 64:890D 00000
00421354 |. 59
00421355 |. 8B4D 84
00421358 |. 33CD
0042135A |. E8 92D30000
0042135F |. 8BE5
00421361 |. 5D
00421362 \. C3
00421363
CC
00421364
CC
00421365
CC
00421366
CC
00421367
CC
00421368
CC
00421369
CC
0042136A
CC
0042136B
CC
0042136C
CC
0042136D
CC
0042136E
CC
0042136F
CC
00421370 /$ 55
o.00421370(guessed void)
00421371 |. 8BEC
00421373 |. 6A FF
00421375 |. 68 4B5E4400
0042137A |. 64:A1 0000000
00421380 |. 50
00421381 |. 81EC 90000000
00421387 |. A1 A0154500
0042138C |. 33C5
0042138E |. 50
0042138F |. 8D45 F4
00421392 |. 64:A3 0000000
00421398 |. 898D 64FFFFFF
0042139E |. C745 FC 00000
004213A5 |. 8B8D 64FFFFFF
004213AB |. E8 F0630000
004213B0 |. C745 FC FFFFF

CALL 0042F800

; \SystemIn

ADD ESP,4
MOV BYTE PTR SS:[LOCAL.1],2C
LEA ECX,[LOCAL.105]
CALL 0040E780

; [SystemIn

MOV BYTE PTR SS:[LOCAL.1],19


PUSH 0
PUSH 1
LEA ECX,[LOCAL.105]
CALL 0040FB60

;
;
;
;

MOV BYTE PTR SS:[LOCAL.1],0


LEA ECX,[LOCAL.16]
CALL 00421370

; [SystemIn

MOV DWORD PTR SS:[LOCAL.1],-1


LEA ECX,[LOCAL.24]
CALL 00424490
MOV ECX,DWORD PTR SS:[LOCAL.3]
MOV DWORD PTR FS:[0],ECX
POP ECX
MOV ECX,DWORD PTR SS:[LOCAL.31]
XOR ECX,EBP
CALL 0042E6F1
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP

; SystemInf

MOV EBP,ESP
PUSH -1
PUSH 00445E4B
MOV EAX,DWORD PTR FS:[0]
PUSH EAX
SUB ESP,90
MOV EAX,DWORD PTR DS:[4515A0]
XOR EAX,EBP
PUSH EAX
LEA EAX,[EBP-0C]
MOV DWORD PTR FS:[0],EAX
MOV DWORD PTR SS:[EBP-9C],ECX
MOV DWORD PTR SS:[EBP-4],0
MOV ECX,DWORD PTR SS:[EBP-9C]
CALL 004277A0
MOV DWORD PTR SS:[EBP-4],-1

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

004213B7 |. 8B85 64FFFFFF


004213BD |. 8B08
004213BF |. 898D 68FFFFFF
004213C5 |. 8B95 68FFFFFF
004213CB |. 52
004213CC |. E8 49D50000
004213D1 |. 83C4 04
004213D4 |. 8B4D F4
004213D7 |. 64:890D 00000
004213DE |. 59
004213DF |. 8BE5
004213E1 |. 5D
004213E2 \. C3
004213E3
CC
004213E4
CC
004213E5
CC
004213E6
CC
004213E7
CC
004213E8
CC
004213E9
CC
004213EA
CC
004213EB
CC
004213EC
CC
004213ED
CC
004213EE
CC
004213EF
CC
004213F0 /$ 55
004213F1 |. 8BEC
004213F3 |. 6A FF
004213F5 |. 68 4C644400
004213FA |. 64:A1 0000000
00421400 |. 50
00421401 |. 81EC A0040000
00421407 |. A1 A0154500
0042140C |. 33C5
0042140E |. 8945 E4
00421411 |. 50
00421412 |. 8D45 F4
00421415 |. 64:A3 0000000
0042141B |. 8D85 DCFEFFFF
00421421 |. 50
=> OFFSET LOCAL.73
00421422 |. 68 19000200
ccess = KEY_READ
00421427 |. 6A 00
= 0
00421429 |. 8B4D 10
0042142C |. 51
> [ARG.3]
0042142D |. 8B55 0C
00421430 |. 52
[ARG.2]
00421431 |. FF15 08804400
.RegOpenKeyExA
00421437 |. 85C0
00421439 |. 74 05
0042143B |. E9 45080000
00421440 |> 8D85 C4FCFFFF
00421446 |. 50
teTime => OFFSET LOCAL.207

MOV EAX,DWORD PTR SS:[EBP-9C]


MOV ECX,DWORD PTR DS:[EAX]
MOV DWORD PTR SS:[EBP-98],ECX
MOV EDX,DWORD PTR SS:[EBP-98]
PUSH EDX
CALL 0042E91A
ADD ESP,4
MOV ECX,DWORD PTR SS:[EBP-0C]
MOV DWORD PTR FS:[0],ECX
POP ECX
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
PUSH -1
PUSH 0044644C
MOV EAX,DWORD PTR FS:[0]
PUSH EAX
SUB ESP,4A0
MOV EAX,DWORD PTR DS:[4515A0]
XOR EAX,EBP
MOV DWORD PTR SS:[LOCAL.7],EAX
PUSH EAX
LEA EAX,[LOCAL.3]
MOV DWORD PTR FS:[0],EAX
LEA EAX,[LOCAL.73]
PUSH EAX

; /pResult

PUSH 20019

; |DesiredA

PUSH 0

; |Reserved

MOV ECX,DWORD PTR SS:[ARG.3]


PUSH ECX

; |
; |SubKey =

MOV EDX,DWORD PTR SS:[ARG.2]


PUSH EDX

; |
; |hKey =>

CALL DWORD PTR DS:[<&ADVAPI32.RegOpenKey ; \ADVAPI32


TEST EAX,EAX
JE SHORT 00421440
JMP 00421C85
LEA EAX,[LOCAL.207]
PUSH EAX

; /pLastWri

00421447 |. 8D8D E0FEFFFF LEA ECX,[LOCAL.72]


0042144D |. 51
PUSH ECX
y => OFFSET LOCAL.72
0042144E |. 8D55 E8
LEA EDX,[LOCAL.6]
00421451 |. 52
PUSH EDX
eLength => OFFSET LOCAL.6
00421452 |. 8D85 D0FCFFFF LEA EAX,[LOCAL.204]
00421458 |. 50
PUSH EAX
eNameLength => OFFSET LOCAL.204
00421459 |. 8D8D C0FCFFFF LEA ECX,[LOCAL.208]
0042145F |. 51
PUSH ECX
=> OFFSET LOCAL.208
00421460 |. 8D95 D8FCFFFF LEA EDX,[LOCAL.202]
00421466 |. 52
PUSH EDX
sLength => OFFSET LOCAL.202
00421467 |. 8D85 BCFCFFFF LEA EAX,[LOCAL.209]
0042146D |. 50
PUSH EAX
eyLength => OFFSET LOCAL.209
0042146E |. 8D8D D4FCFFFF LEA ECX,[LOCAL.203]
00421474 |. 51
PUSH ECX
=> OFFSET LOCAL.203
00421475 |. 6A 00
PUSH 0
= 0
00421477 |. 6A 00
PUSH 0
n = NULL
00421479 |. 6A 00
PUSH 0
NULL
0042147B |. 8B95 DCFEFFFF MOV EDX,DWORD PTR SS:[LOCAL.73]
00421481 |. 52
PUSH EDX
[LOCAL.73]
00421482 |. FF15 00804400 CALL DWORD PTR DS:[<&ADVAPI32.RegQueryIn
.RegQueryInfoKeyA
00421488 |. C785 B0FCFFFF MOV DWORD PTR SS:[LOCAL.212],0
00421492 |. EB 0F
JMP SHORT 004214A3
00421494 |> 8B85 B0FCFFFF /MOV EAX,DWORD PTR SS:[LOCAL.212]
0042149A |. 83C0 01
|ADD EAX,1
0042149D |. 8985 B0FCFFFF |MOV DWORD PTR SS:[LOCAL.212],EAX
004214A3 |> C785 CCFCFFFF |MOV DWORD PTR SS:[LOCAL.205],100
004214AD |. 8D8D C4FCFFFF |LEA ECX,[LOCAL.207]
004214B3 |. 51
|PUSH ECX
teTime => OFFSET LOCAL.207
004214B4 |. 6A 00
|PUSH 0
n = NULL
004214B6 |. 6A 00
|PUSH 0
NULL
004214B8 |. 6A 00
|PUSH 0
= 0
004214BA |. 8D95 CCFCFFFF |LEA EDX,[LOCAL.205]
004214C0 |. 52
|PUSH EDX
=> OFFSET LOCAL.205
004214C1 |. 8D85 E4FEFFFF |LEA EAX,[LOCAL.71]
004214C7 |. 50
|PUSH EAX
OFFSET LOCAL.71
004214C8 |. 8B8D B0FCFFFF |MOV ECX,DWORD PTR SS:[LOCAL.212]
004214CE |. 51
|PUSH ECX
004214CF |. 8B95 DCFEFFFF |MOV EDX,DWORD PTR SS:[LOCAL.73]
004214D5 |. 52
|PUSH EDX
[LOCAL.73]
004214D6 |. FF15 0C804400 |CALL DWORD PTR DS:[<&ADVAPI32.RegEnumKe
.RegEnumKeyExA

; |
; |pSecurit
; |
; |pMaxValu
; |
; |pMaxValu
; |
; |pValues
; |
; |pMaxClas
; |
; |pMaxSubk
; |
; |pSubkeys
; |Reserved
; |pClassLe
; |Class =
; |
; |hKey =>
; \ADVAPI32

; /pLastWri
; |pClassLe
; |Class =
; |Reserved
; |
; |pNameLen
; |
; |Name =>
;
;
;
;

|
|Index
|
|hKey =>

; \ADVAPI32

004214DC |. 8945 EC
|MOV DWORD PTR SS:[LOCAL.5],EAX
004214DF |. 837D EC 00
|CMP DWORD PTR SS:[LOCAL.5],0
004214E3 |. 75 1C
|JNE SHORT 00421501
004214E5 |. 8D85 E4FEFFFF |LEA EAX,[LOCAL.71]
004214EB |. 50
|PUSH EAX
004214EC |. 8B8D DCFEFFFF |MOV ECX,DWORD PTR SS:[LOCAL.73]
004214F2 |. 51
|PUSH ECX
004214F3 |. 8B55 08
|MOV EDX,DWORD PTR SS:[ARG.1]
004214F6 |. 52
|PUSH EDX
004214F7 |. E8 F4FEFFFF |CALL 004213F0
004214FC |. 83C4 0C
|ADD ESP,0C
004214FF |.^ EB 93
\JMP SHORT 00421494
00421501 |> 817D EC 03010 CMP DWORD PTR SS:[LOCAL.5],103
00421508 |. 0F84 A2000000 JE 004215B0
0042150E |. 6A 06
PUSH 6
00421510 |. 8D85 A4FCFFFF LEA EAX,[LOCAL.215]
00421516 |. 50
PUSH EAX
OFFSET LOCAL.215
00421517 |. E8 7CC20000 CALL 0042D798
fo.0042D798
0042151C |. 83C4 08
ADD ESP,8
0042151F |. 8985 20FCFFFF MOV DWORD PTR SS:[LOCAL.248],EAX
00421525 |. 837D 08 00
CMP DWORD PTR SS:[ARG.1],0
00421529 |. 75 0C
JNE SHORT 00421537
0042152B |. C785 70FBFFFF MOV DWORD PTR SS:[LOCAL.292],0
00421535 |. EB 11
JMP SHORT 00421548
00421537 |> 8B4D 08
MOV ECX,DWORD PTR SS:[ARG.1]
0042153A |. 8B11
MOV EDX,DWORD PTR DS:[ECX]
0042153C |. 8B45 08
MOV EAX,DWORD PTR SS:[ARG.1]
0042153F |. 0342 04
ADD EAX,DWORD PTR DS:[EDX+4]
00421542 |. 8985 70FBFFFF MOV DWORD PTR SS:[LOCAL.292],EAX
00421548 |> 8B8D 20FCFFFF MOV ECX,DWORD PTR SS:[LOCAL.248]
0042154E |. 8B51 04
MOV EDX,DWORD PTR DS:[ECX+4]
00421551 |. 52
PUSH EDX
00421552 |. 8B85 70FBFFFF MOV EAX,DWORD PTR SS:[LOCAL.292]
00421558 |. 50
PUSH EAX
00421559 |. 8B8D 20FCFFFF MOV ECX,DWORD PTR SS:[LOCAL.248]
0042155F |. 8B11
MOV EDX,DWORD PTR DS:[ECX]
00421561 |. FFD2
CALL EDX
00421563 |. 83C4 08
ADD ESP,8
00421566 |. 68 089B4400 PUSH OFFSET 00449B08
SCII "Cannot enumerate subkeys"
0042156B |. 8B45 EC
MOV EAX,DWORD PTR SS:[LOCAL.5]
0042156E |. 50
PUSH EAX
[LOCAL.5]
0042156F |. E8 ECEFFEFF CALL 00410560
fo.00410560
00421574 |. 83C4 08
ADD ESP,8
00421577 |. 50
PUSH EAX
00421578 |. 68 77874400 PUSH OFFSET 00448777
0042157D |. 8B4D 08
MOV ECX,DWORD PTR SS:[ARG.1]
00421580 |. 51
PUSH ECX
00421581 |. E8 DA93FEFF CALL 0040A960
00421586 |. 83C4 08
ADD ESP,8
00421589 |. 50
PUSH EAX
0042158A |. E8 D193FEFF CALL 0040A960
0042158F |. 83C4 08
ADD ESP,8
00421592 |. 8985 1CFCFFFF MOV DWORD PTR SS:[LOCAL.249],EAX
00421598 |. 6A 0A
PUSH 0A
A

; /Arg2 = 6
; |
; |Arg1 =>
; \SystemIn

; /Arg2 = A
; |
; |Arg1 =>
; \SystemIn

; /Arg1 = 0

0042159A |. 8B8D 1CFCFFFF


004215A0 |. E8 1BE0FEFF
fo.0040F5C0
004215A5 |. 8B8D 1CFCFFFF
004215AB |. E8 10E2FEFF
fo.0040F7C0
004215B0 |> 83BD C0FCFFFF
004215B7 |. 74 09
004215B9 |. 83BD D4FCFFFF
004215C0 |. 76 05
004215C2 |> E9 BE060000
004215C7 |> C685 A3FCFFFF
004215CE |. C685 A2FCFFFF
004215D5 |. 6A 06
004215D7 |. 8D95 90FCFFFF
004215DD |. 52
OFFSET LOCAL.220
004215DE |. E8 B5C10000
fo.0042D798
004215E3 |. 83C4 08
004215E6 |. 8985 18FCFFFF
004215EC |. 837D 08 00
004215F0 |. 75 0C
004215F2 |. C785 6CFBFFFF
004215FC |. EB 11
004215FE |> 8B45 08
00421601 |. 8B08
00421603 |. 8B55 08
00421606 |. 0351 04
00421609 |. 8995 6CFBFFFF
0042160F |> 8B85 18FCFFFF
00421615 |. 8B48 04
00421618 |. 51
00421619 |. 8B95 6CFBFFFF
0042161F |. 52
00421620 |. 8B85 18FCFFFF
00421626 |. 8B08
00421628 |. FFD1
0042162A |. 83C4 08
0042162D |. 6A 23
3
0042162F |. 8D95 98FCFFFF
00421635 |. 52
OFFSET LOCAL.218
00421636 |. E8 5DC10000
fo.0042D798
0042163B |. 83C4 08
0042163E |. 8985 10FCFFFF
00421644 |. 68 77874400
00421649 |. 8B45 08
0042164C |. 50
0042164D |. E8 0E93FEFF
00421652 |. 83C4 08
00421655 |. 8985 14FCFFFF
0042165B |. 83BD 14FCFFFF
00421662 |. 75 0C
00421664 |. C785 68FBFFFF
0042166E |. EB 17
00421670 |> 8B8D 14FCFFFF
00421676 |. 8B11

MOV ECX,DWORD PTR SS:[LOCAL.249]


CALL 0040F5C0

; |
; \SystemIn

MOV ECX,DWORD PTR SS:[LOCAL.249]


CALL 0040F7C0

; [SystemIn

CMP DWORD PTR SS:[LOCAL.208],0


JE SHORT 004215C2
CMP DWORD PTR SS:[LOCAL.203],0
JBE SHORT 004215C7
JMP 00421C85
MOV BYTE PTR SS:[LOCAL.216+3],20
MOV BYTE PTR SS:[LOCAL.216+2],2E
PUSH 6
LEA EDX,[LOCAL.220]
PUSH EDX

; /Arg2 = 6
; |
; |Arg1 =>

CALL 0042D798

; \SystemIn

ADD ESP,8
MOV DWORD PTR SS:[LOCAL.250],EAX
CMP DWORD PTR SS:[ARG.1],0
JNE SHORT 004215FE
MOV DWORD PTR SS:[LOCAL.293],0
JMP SHORT 0042160F
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[ARG.1]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[LOCAL.293],EDX
MOV EAX,DWORD PTR SS:[LOCAL.250]
MOV ECX,DWORD PTR DS:[EAX+4]
PUSH ECX
MOV EDX,DWORD PTR SS:[LOCAL.293]
PUSH EDX
MOV EAX,DWORD PTR SS:[LOCAL.250]
MOV ECX,DWORD PTR DS:[EAX]
CALL ECX
ADD ESP,8
PUSH 23

; /Arg2 = 2

LEA EDX,[LOCAL.218]
PUSH EDX

; |
; |Arg1 =>

CALL 0042D798

; \SystemIn

ADD ESP,8
MOV DWORD PTR SS:[LOCAL.252],EAX
PUSH OFFSET 00448777
MOV EAX,DWORD PTR SS:[ARG.1]
PUSH EAX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[LOCAL.251],EAX
CMP DWORD PTR SS:[LOCAL.251],0
JNE SHORT 00421670
MOV DWORD PTR SS:[LOCAL.294],0
JMP SHORT 00421687
MOV ECX,DWORD PTR SS:[LOCAL.251]
MOV EDX,DWORD PTR DS:[ECX]

00421678
0042167E
00421681
00421687
0042168D
00421690
00421691
00421697
00421698
0042169E
004216A0
004216A2
004216A5
004216AB
004216B1
004216B7
004216B9
004216BF
004216C2
004216C8
004216CE
004216D1
004216D7
004216DD
004216E3
004216E6
004216ED
004216EF
004216F9
004216FB
00421701
00421703
00421709
0042170C
00421712
00421718
0042171B
00421721
00421726
00421728
0042172E
00421731
00421736
0042173B
00421740
00421742
00421748
0042174B
0042174E
0042174F
00421755
00421756
0042175B
0042175E
00421764
0042176B
0042176D
00421777
00421779
0042177F

|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.

8B85 14FCFFFF
0342 04
8985 68FBFFFF
8B8D 10FCFFFF
8B51 04
52
8B85 68FBFFFF
50
8B8D 10FCFFFF
8B11
FFD2
83C4 08
8A85 A2FCFFFF
8885 07FCFFFF
8B8D 14FCFFFF
8B11
8B85 14FCFFFF
0342 04
8985 08FCFFFF
8B8D 08FCFFFF
8A51 30
8895 0FFCFFFF
8B85 08FCFFFF
8A8D 07FCFFFF
8848 30
83BD 14FCFFFF
75 0C
C785 FCFBFFFF
EB 17
8B95 14FCFFFF
8B02
8B8D 14FCFFFF
0348 04
898D FCFBFFFF
8B95 FCFBFFFF
8B42 10
8985 00FCFFFF
B9 C0010000
F7D1
8B95 FCFBFFFF
234A 10
B8 40000000
25 C0010000
25 FFFF0000
0BC8
8B95 FCFBFFFF
894A 10
8B45 10
50
8B8D 14FCFFFF
51
E8 0592FEFF
83C4 08
8985 F0FBFFFF
83BD F0FBFFFF
75 0C
C785 F4FBFFFF
EB 17
8B95 F0FBFFFF
8B02

MOV EAX,DWORD PTR SS:[LOCAL.251]


ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.294],EAX
MOV ECX,DWORD PTR SS:[LOCAL.252]
MOV EDX,DWORD PTR DS:[ECX+4]
PUSH EDX
MOV EAX,DWORD PTR SS:[LOCAL.294]
PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.252]
MOV EDX,DWORD PTR DS:[ECX]
CALL EDX
ADD ESP,8
MOV AL,BYTE PTR SS:[LOCAL.216+2]
MOV BYTE PTR SS:[LOCAL.255+3],AL
MOV ECX,DWORD PTR SS:[LOCAL.251]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[LOCAL.251]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.254],EAX
MOV ECX,DWORD PTR SS:[LOCAL.254]
MOV DL,BYTE PTR DS:[ECX+30]
MOV BYTE PTR SS:[LOCAL.253+3],DL
MOV EAX,DWORD PTR SS:[LOCAL.254]
MOV CL,BYTE PTR SS:[LOCAL.255+3]
MOV BYTE PTR DS:[EAX+30],CL
CMP DWORD PTR SS:[LOCAL.251],0
JNE SHORT 004216FB
MOV DWORD PTR SS:[LOCAL.257],0
JMP SHORT 00421712
MOV EDX,DWORD PTR SS:[LOCAL.251]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[LOCAL.251]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.257],ECX
MOV EDX,DWORD PTR SS:[LOCAL.257]
MOV EAX,DWORD PTR DS:[EDX+10]
MOV DWORD PTR SS:[LOCAL.256],EAX
MOV ECX,1C0
NOT ECX
MOV EDX,DWORD PTR SS:[LOCAL.257]
AND ECX,DWORD PTR DS:[EDX+10]
MOV EAX,40
AND EAX,000001C0
AND EAX,0000FFFF
OR ECX,EAX
MOV EDX,DWORD PTR SS:[LOCAL.257]
MOV DWORD PTR DS:[EDX+10],ECX
MOV EAX,DWORD PTR SS:[ARG.3]
PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.251]
PUSH ECX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[LOCAL.260],EAX
CMP DWORD PTR SS:[LOCAL.260],0
JNE SHORT 00421779
MOV DWORD PTR SS:[LOCAL.259],0
JMP SHORT 00421790
MOV EDX,DWORD PTR SS:[LOCAL.260]
MOV EAX,DWORD PTR DS:[EDX]

00421781 |. 8B8D F0FBFFFF


00421787 |. 0348 04
0042178A |. 898D F4FBFFFF
00421790 |> 8B95 F4FBFFFF
00421796 |. 8B42 10
00421799 |. 8985 F8FBFFFF
0042179F |. B9 C0010000
004217A4 |. F7D1
004217A6 |. 8B95 F4FBFFFF
004217AC |. 234A 10
004217AF |. B8 80000000
004217B4 |. 25 C0010000
004217B9 |. 25 FFFF0000
004217BE |. 0BC8
004217C0 |. 8B95 F4FBFFFF
004217C6 |. 894A 10
004217C9 |. 8A85 A3FCFFFF
004217CF |. 8885 E7FBFFFF
004217D5 |. 8B8D F0FBFFFF
004217DB |. 8B11
004217DD |. 8B85 F0FBFFFF
004217E3 |. 0342 04
004217E6 |. 8985 E8FBFFFF
004217EC |. 8B8D E8FBFFFF
004217F2 |. 8A51 30
004217F5 |. 8895 EFFBFFFF
004217FB |. 8B85 E8FBFFFF
00421801 |. 8A8D E7FBFFFF
00421807 |. 8848 30
0042180A |. C785 B4FCFFFF
00421814 |. 8D95 B4FCFFFF
0042181A |. 52
=> OFFSET LOCAL.211
0042181B |. 8D85 DCFDFFFF
00421821 |. 50
OFFSET LOCAL.137
00421822 |. 8D8D B8FCFFFF
00421828 |. 51
OFFSET LOCAL.210
00421829 |. 6A 00
= 0
0042182B |. 68 009B4400
Value"
00421830 |. 8B95 DCFEFFFF
00421836 |. 52
[LOCAL.73]
00421837 |. FF15 04804400
.RegQueryValueExA
0042183D |. 85C0
0042183F |. 75 13
00421841 |. 8D85 DCFDFFFF
00421847 |. 50
00421848 |. 8B4D 08
0042184B |. 51
0042184C |. E8 0F91FEFF
00421851 |. 83C4 08
00421854 |> 6A 0A
A
00421856 |. 8B4D 08
00421859 |. E8 62DDFEFF

MOV ECX,DWORD PTR SS:[LOCAL.260]


ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.259],ECX
MOV EDX,DWORD PTR SS:[LOCAL.259]
MOV EAX,DWORD PTR DS:[EDX+10]
MOV DWORD PTR SS:[LOCAL.258],EAX
MOV ECX,1C0
NOT ECX
MOV EDX,DWORD PTR SS:[LOCAL.259]
AND ECX,DWORD PTR DS:[EDX+10]
MOV EAX,80
AND EAX,000001C0
AND EAX,0000FFFF
OR ECX,EAX
MOV EDX,DWORD PTR SS:[LOCAL.259]
MOV DWORD PTR DS:[EDX+10],ECX
MOV AL,BYTE PTR SS:[LOCAL.216+3]
MOV BYTE PTR SS:[LOCAL.263+3],AL
MOV ECX,DWORD PTR SS:[LOCAL.260]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[LOCAL.260]
ADD EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.262],EAX
MOV ECX,DWORD PTR SS:[LOCAL.262]
MOV DL,BYTE PTR DS:[ECX+30]
MOV BYTE PTR SS:[LOCAL.261+3],DL
MOV EAX,DWORD PTR SS:[LOCAL.262]
MOV CL,BYTE PTR SS:[LOCAL.263+3]
MOV BYTE PTR DS:[EAX+30],CL
MOV DWORD PTR SS:[LOCAL.211],100
LEA EDX,[LOCAL.211]
PUSH EDX

; /pDataLen

LEA EAX,[LOCAL.137]
PUSH EAX

; |
; |pData =>

LEA ECX,[LOCAL.210]
PUSH ECX

; |
; |pType =>

PUSH 0

; |Reserved

PUSH OFFSET 00449B00

; |Name = "

MOV EDX,DWORD PTR SS:[LOCAL.73]


PUSH EDX

; |
; |hKey =>

CALL DWORD PTR DS:[<&ADVAPI32.RegQueryVa ; \ADVAPI32


TEST EAX,EAX
JNE SHORT 00421854
LEA EAX,[LOCAL.137]
PUSH EAX
MOV ECX,DWORD PTR SS:[ARG.1]
PUSH ECX
CALL 0040A960
ADD ESP,8
PUSH 0A

; /Arg1 = 0

MOV ECX,DWORD PTR SS:[ARG.1]


CALL 0040F5C0

; |
; \SystemIn

fo.0040F5C0
0042185E |. 8B4D 08
00421861 |. E8 5ADFFEFF
fo.0040F7C0
00421866 |. C785 ACFCFFFF
00421870 |. EB 0F
00421872 |> 8B95 ACFCFFFF
00421878 |. 83C2 01
0042187B |. 8995 ACFCFFFF
00421881 |> C785 B4FCFFFF
0042188B |. C745 F0 00010
00421892 |. 8D85 B4FCFFFF
00421898 |. 50
=> OFFSET LOCAL.211
00421899 |. 8D8D DCFDFFFF
0042189F |. 51
OFFSET LOCAL.137
004218A0 |. 8D95 B8FCFFFF
004218A6 |. 52
OFFSET LOCAL.210
004218A7 |. 6A 00
= 0
004218A9 |. 8D45 F0
004218AC |. 50
=> OFFSET LOCAL.4
004218AD |. 8D8D DCFCFFFF
004218B3 |. 51
OFFSET LOCAL.201
004218B4 |. 8B95 ACFCFFFF
004218BA |. 52
[LOCAL.213]
004218BB |. 8B85 DCFEFFFF
004218C1 |. 50
[LOCAL.73]
004218C2 |. FF15 10804400
.RegEnumValueA
004218C8 |. 8945 EC
004218CB |. 837D EC 00
004218CF |. 0F85 5E030000
004218D5 |. 68 009B4400
= "Value"
004218DA |. 8D8D DCFCFFFF
004218E0 |. 51
=> OFFSET LOCAL.201
004218E1 |. FF15 D4804400
.lstrcmpA
004218E7 |. 85C0
004218E9 |.^ 0F84 3F030000
004218EF |. 8D95 63FCFFFF
004218F5 |. 52
004218F6 |. 68 14854400
SCII "
"
004218FB |. 8D8D 64FCFFFF
00421901 |. E8 3AD3FEFF
fo.0040EC40
00421906 |. C785 80FCFFFF
00421910 |. C785 84FCFFFF
0042191A |. C785 88FCFFFF
00421924 |. 8D85 64FCFFFF
0042192A |. 8985 64FBFFFF

MOV ECX,DWORD PTR SS:[ARG.1]


CALL 0040F7C0

; [SystemIn

MOV DWORD PTR SS:[LOCAL.213],0


JMP SHORT 00421881
/MOV EDX,DWORD PTR SS:[LOCAL.213]
|ADD EDX,1
|MOV DWORD PTR SS:[LOCAL.213],EDX
|MOV DWORD PTR SS:[LOCAL.211],100
|MOV DWORD PTR SS:[LOCAL.4],100
|LEA EAX,[LOCAL.211]
|PUSH EAX

; /pDataLen

|LEA ECX,[LOCAL.137]
|PUSH ECX

; |
; |Data =>

|LEA EDX,[LOCAL.210]
|PUSH EDX

; |
; |pType =>

|PUSH 0

; |Reserved

|LEA EAX,[LOCAL.4]
|PUSH EAX

; |
; |pNameLen

|LEA ECX,[LOCAL.201]
|PUSH ECX

; |
; |Name =>

|MOV EDX,DWORD PTR SS:[LOCAL.213]


|PUSH EDX

; |
; |Index =>

|MOV EAX,DWORD PTR SS:[LOCAL.73]


|PUSH EAX

; |
; |hKey =>

|CALL DWORD PTR DS:[<&ADVAPI32.RegEnumVa ; \ADVAPI32


|MOV DWORD PTR SS:[LOCAL.5],EAX
|CMP DWORD PTR SS:[LOCAL.5],0
|JNE 00421C33
|PUSH OFFSET 00449B00

; /String2

|LEA ECX,[LOCAL.201]
|PUSH ECX

; |
; |String1

|CALL DWORD PTR DS:[<&KERNEL32.lstrcmpA> ; \KERNEL32


|TEST EAX,EAX
|JE 00421C2E
|LEA EDX,[LOCAL.232+3]
|PUSH EDX
|PUSH OFFSET 00448514

; /Arg2
; |Arg1 = A

|LEA ECX,[LOCAL.231]
|CALL 0040EC40

; |
; \SystemIn

|MOV
|MOV
|MOV
|LEA
|MOV

DWORD PTR SS:[LOCAL.224],0


DWORD PTR SS:[LOCAL.223],0
DWORD PTR SS:[LOCAL.222],0
EAX,[LOCAL.231]
DWORD PTR SS:[LOCAL.295],EAX

00421930 |. C745 FC 00000


00421937 |. 8D8D DCFCFFFF
0042193D |. 51
OFFSET LOCAL.201
0042193E |. 8B95 64FBFFFF
00421944 |. 52
[LOCAL.295]
00421945 |. 8D85 38FCFFFF
0042194B |. 50
OFFSET LOCAL.242
0042194C |. E8 9FD0FEFF
fo.0040E9F0
00421951 |. 83C4 0C
00421954 |. 8985 60FBFFFF
0042195A |. 8B8D 60FBFFFF
00421960 |. 898D 5CFBFFFF
00421966 |. C645 FC 01
0042196A |. C685 8FFCFFFF
00421971 |. C685 37FCFFFF
00421978 |. 6A 06
0042197A |. 8D95 24FCFFFF
00421980 |. 52
OFFSET LOCAL.247
00421981 |. E8 12BE0000
fo.0042D798
00421986 |. 83C4 08
00421989 |. 8985 E0FBFFFF
0042198F |. 837D 08 00
00421993 |. 75 0C
00421995 |. C785 58FBFFFF
0042199F |. EB 11
004219A1 |> 8B45 08
004219A4 |. 8B08
004219A6 |. 8B55 08
004219A9 |. 0351 04
004219AC |. 8995 58FBFFFF
004219B2 |> 8B85 E0FBFFFF
004219B8 |. 8B48 04
004219BB |. 51
004219BC |. 8B95 58FBFFFF
004219C2 |. 52
004219C3 |. 8B85 E0FBFFFF
004219C9 |. 8B08
004219CB |. FFD1
004219CD |. 83C4 08
004219D0 |. 6A 23
3
004219D2 |. 8D95 2CFCFFFF
004219D8 |. 52
OFFSET LOCAL.245
004219D9 |. E8 BABD0000
fo.0042D798
004219DE |. 83C4 08
004219E1 |. 8985 D8FBFFFF
004219E7 |. 68 77874400
004219EC |. 8B45 08
004219EF |. 50
004219F0 |. E8 6B8FFEFF
004219F5 |. 83C4 08
004219F8 |. 8985 DCFBFFFF

|MOV DWORD PTR SS:[LOCAL.1],0


|LEA ECX,[LOCAL.201]
|PUSH ECX

; /Arg3 =>

|MOV EDX,DWORD PTR SS:[LOCAL.295]


|PUSH EDX

; |
; |Arg2 =>

|LEA EAX,[LOCAL.242]
|PUSH EAX

; |
; |Arg1 =>

|CALL 0040E9F0

; \SystemIn

|ADD ESP,0C
|MOV DWORD PTR SS:[LOCAL.296],EAX
|MOV ECX,DWORD PTR SS:[LOCAL.296]
|MOV DWORD PTR SS:[LOCAL.297],ECX
|MOV BYTE PTR SS:[LOCAL.1],1
|MOV BYTE PTR SS:[LOCAL.221+3],20
|MOV BYTE PTR SS:[LOCAL.243+3],2E
|PUSH 6
|LEA EDX,[LOCAL.247]
|PUSH EDX

; /Arg2 = 6
; |
; |Arg1 =>

|CALL 0042D798

; \SystemIn

|ADD ESP,8
|MOV DWORD PTR SS:[LOCAL.264],EAX
|CMP DWORD PTR SS:[ARG.1],0
|JNE SHORT 004219A1
|MOV DWORD PTR SS:[LOCAL.298],0
|JMP SHORT 004219B2
|MOV EAX,DWORD PTR SS:[ARG.1]
|MOV ECX,DWORD PTR DS:[EAX]
|MOV EDX,DWORD PTR SS:[ARG.1]
|ADD EDX,DWORD PTR DS:[ECX+4]
|MOV DWORD PTR SS:[LOCAL.298],EDX
|MOV EAX,DWORD PTR SS:[LOCAL.264]
|MOV ECX,DWORD PTR DS:[EAX+4]
|PUSH ECX
|MOV EDX,DWORD PTR SS:[LOCAL.298]
|PUSH EDX
|MOV EAX,DWORD PTR SS:[LOCAL.264]
|MOV ECX,DWORD PTR DS:[EAX]
|CALL ECX
|ADD ESP,8
|PUSH 23

; /Arg2 = 2

|LEA EDX,[LOCAL.245]
|PUSH EDX

; |
; |Arg1 =>

|CALL 0042D798

; \SystemIn

|ADD ESP,8
|MOV DWORD PTR SS:[LOCAL.266],EAX
|PUSH OFFSET 00448777
|MOV EAX,DWORD PTR SS:[ARG.1]
|PUSH EAX
|CALL 0040A960
|ADD ESP,8
|MOV DWORD PTR SS:[LOCAL.265],EAX

004219FE
00421A05
00421A07
00421A11
00421A13
00421A19
00421A1B
00421A21
00421A24
00421A2A
00421A30
00421A33
00421A34
00421A3A
00421A3B
00421A41
00421A43
00421A45
00421A48
00421A4E
00421A54
00421A5A
00421A5C
00421A62
00421A65
00421A6B
00421A71
00421A74
00421A7A
00421A80
00421A86
00421A89
00421A90
00421A92
00421A9C
00421A9E
00421AA4
00421AA6
00421AAC
00421AAF
00421AB5
00421ABB
00421ABE
00421AC4
00421AC9
00421ACB
00421AD1
00421AD4
00421AD9
00421ADE
00421AE3
00421AE5
00421AEB
00421AEE
00421AF4
00421AF5
00421AFB
00421AFC
00421B01
00421B04

|.
|.
|.
|.
|>
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.

83BD DCFBFFFF
75 0C
C785 54FBFFFF
EB 17
8B8D DCFBFFFF
8B11
8B85 DCFBFFFF
0342 04
8985 54FBFFFF
8B8D D8FBFFFF
8B51 04
52
8B85 54FBFFFF
50
8B8D D8FBFFFF
8B11
FFD2
83C4 08
8A85 37FCFFFF
8885 CFFBFFFF
8B8D DCFBFFFF
8B11
8B85 DCFBFFFF
0342 04
8985 D0FBFFFF
8B8D D0FBFFFF
8A51 30
8895 D7FBFFFF
8B85 D0FBFFFF
8A8D CFFBFFFF
8848 30
83BD DCFBFFFF
75 0C
C785 C4FBFFFF
EB 17
8B95 DCFBFFFF
8B02
8B8D DCFBFFFF
0348 04
898D C4FBFFFF
8B95 C4FBFFFF
8B42 10
8985 C8FBFFFF
B9 C0010000
F7D1
8B95 C4FBFFFF
234A 10
B8 40000000
25 C0010000
25 FFFF0000
0BC8
8B95 C4FBFFFF
894A 10
8B85 5CFBFFFF
50
8B8D DCFBFFFF
51
E8 5F93FEFF
83C4 08
8985 B8FBFFFF

|CMP DWORD PTR SS:[LOCAL.265],0


|JNE SHORT 00421A13
|MOV DWORD PTR SS:[LOCAL.299],0
|JMP SHORT 00421A2A
|MOV ECX,DWORD PTR SS:[LOCAL.265]
|MOV EDX,DWORD PTR DS:[ECX]
|MOV EAX,DWORD PTR SS:[LOCAL.265]
|ADD EAX,DWORD PTR DS:[EDX+4]
|MOV DWORD PTR SS:[LOCAL.299],EAX
|MOV ECX,DWORD PTR SS:[LOCAL.266]
|MOV EDX,DWORD PTR DS:[ECX+4]
|PUSH EDX
|MOV EAX,DWORD PTR SS:[LOCAL.299]
|PUSH EAX
|MOV ECX,DWORD PTR SS:[LOCAL.266]
|MOV EDX,DWORD PTR DS:[ECX]
|CALL EDX
|ADD ESP,8
|MOV AL,BYTE PTR SS:[LOCAL.243+3]
|MOV BYTE PTR SS:[LOCAL.269+3],AL
|MOV ECX,DWORD PTR SS:[LOCAL.265]
|MOV EDX,DWORD PTR DS:[ECX]
|MOV EAX,DWORD PTR SS:[LOCAL.265]
|ADD EAX,DWORD PTR DS:[EDX+4]
|MOV DWORD PTR SS:[LOCAL.268],EAX
|MOV ECX,DWORD PTR SS:[LOCAL.268]
|MOV DL,BYTE PTR DS:[ECX+30]
|MOV BYTE PTR SS:[LOCAL.267+3],DL
|MOV EAX,DWORD PTR SS:[LOCAL.268]
|MOV CL,BYTE PTR SS:[LOCAL.269+3]
|MOV BYTE PTR DS:[EAX+30],CL
|CMP DWORD PTR SS:[LOCAL.265],0
|JNE SHORT 00421A9E
|MOV DWORD PTR SS:[LOCAL.271],0
|JMP SHORT 00421AB5
|MOV EDX,DWORD PTR SS:[LOCAL.265]
|MOV EAX,DWORD PTR DS:[EDX]
|MOV ECX,DWORD PTR SS:[LOCAL.265]
|ADD ECX,DWORD PTR DS:[EAX+4]
|MOV DWORD PTR SS:[LOCAL.271],ECX
|MOV EDX,DWORD PTR SS:[LOCAL.271]
|MOV EAX,DWORD PTR DS:[EDX+10]
|MOV DWORD PTR SS:[LOCAL.270],EAX
|MOV ECX,1C0
|NOT ECX
|MOV EDX,DWORD PTR SS:[LOCAL.271]
|AND ECX,DWORD PTR DS:[EDX+10]
|MOV EAX,40
|AND EAX,000001C0
|AND EAX,0000FFFF
|OR ECX,EAX
|MOV EDX,DWORD PTR SS:[LOCAL.271]
|MOV DWORD PTR DS:[EDX+10],ECX
|MOV EAX,DWORD PTR SS:[LOCAL.297]
|PUSH EAX
|MOV ECX,DWORD PTR SS:[LOCAL.265]
|PUSH ECX
|CALL 0040AE60
|ADD ESP,8
|MOV DWORD PTR SS:[LOCAL.274],EAX

00421B0A |.
00421B11 |.
00421B13 |.
00421B1D |.
00421B1F |>
00421B25 |.
00421B27 |.
00421B2D |.
00421B30 |.
00421B36 |>
00421B3C |.
00421B3F |.
00421B45 |.
00421B4A |.
00421B4C |.
00421B52 |.
00421B55 |.
00421B5A |.
00421B5F |.
00421B64 |.
00421B66 |.
00421B6C |.
00421B6F |.
00421B75 |.
00421B7B |.
00421B81 |.
00421B83 |.
00421B89 |.
00421B8C |.
00421B92 |.
00421B98 |.
00421B9B |.
00421BA1 |.
00421BA7 |.
00421BAD |.
00421BB0 |.
00421BB6 |.
00421BB7 |.
00421BBD |.
00421BBE |.
00421BC3 |.
00421BC6 |.
00421BCC |.
A
00421BCE |.
00421BD4 |.
fo.0040F5C0
00421BD9 |.
00421BDF |.
fo.0040F7C0
00421BE4 |.
00421BE8 |.
00421BEE |.
fo.0040E780
00421BF3 |.
00421BF7 |.
00421BF9 |.
00421BFB |.
00421C01 |.
fo.0040FB60

83BD B8FBFFFF
75 0C
C785 BCFBFFFF
EB 17
8B95 B8FBFFFF
8B02
8B8D B8FBFFFF
0348 04
898D BCFBFFFF
8B95 BCFBFFFF
8B42 10
8985 C0FBFFFF
B9 C0010000
F7D1
8B95 BCFBFFFF
234A 10
B8 80000000
25 C0010000
25 FFFF0000
0BC8
8B95 BCFBFFFF
894A 10
8A85 8FFCFFFF
8885 AFFBFFFF
8B8D B8FBFFFF
8B11
8B85 B8FBFFFF
0342 04
8985 B0FBFFFF
8B8D B0FBFFFF
8A51 30
8895 B7FBFFFF
8B85 B0FBFFFF
8A8D AFFBFFFF
8848 30
8D95 DCFDFFFF
52
8B85 B8FBFFFF
50
E8 9D8DFEFF
83C4 08
8985 9CFBFFFF
6A 0A

|CMP DWORD PTR SS:[LOCAL.274],0


|JNE SHORT 00421B1F
|MOV DWORD PTR SS:[LOCAL.273],0
|JMP SHORT 00421B36
|MOV EDX,DWORD PTR SS:[LOCAL.274]
|MOV EAX,DWORD PTR DS:[EDX]
|MOV ECX,DWORD PTR SS:[LOCAL.274]
|ADD ECX,DWORD PTR DS:[EAX+4]
|MOV DWORD PTR SS:[LOCAL.273],ECX
|MOV EDX,DWORD PTR SS:[LOCAL.273]
|MOV EAX,DWORD PTR DS:[EDX+10]
|MOV DWORD PTR SS:[LOCAL.272],EAX
|MOV ECX,1C0
|NOT ECX
|MOV EDX,DWORD PTR SS:[LOCAL.273]
|AND ECX,DWORD PTR DS:[EDX+10]
|MOV EAX,80
|AND EAX,000001C0
|AND EAX,0000FFFF
|OR ECX,EAX
|MOV EDX,DWORD PTR SS:[LOCAL.273]
|MOV DWORD PTR DS:[EDX+10],ECX
|MOV AL,BYTE PTR SS:[LOCAL.221+3]
|MOV BYTE PTR SS:[LOCAL.277+3],AL
|MOV ECX,DWORD PTR SS:[LOCAL.274]
|MOV EDX,DWORD PTR DS:[ECX]
|MOV EAX,DWORD PTR SS:[LOCAL.274]
|ADD EAX,DWORD PTR DS:[EDX+4]
|MOV DWORD PTR SS:[LOCAL.276],EAX
|MOV ECX,DWORD PTR SS:[LOCAL.276]
|MOV DL,BYTE PTR DS:[ECX+30]
|MOV BYTE PTR SS:[LOCAL.275+3],DL
|MOV EAX,DWORD PTR SS:[LOCAL.276]
|MOV CL,BYTE PTR SS:[LOCAL.277+3]
|MOV BYTE PTR DS:[EAX+30],CL
|LEA EDX,[LOCAL.137]
|PUSH EDX
|MOV EAX,DWORD PTR SS:[LOCAL.274]
|PUSH EAX
|CALL 0040A960
|ADD ESP,8
|MOV DWORD PTR SS:[LOCAL.281],EAX
|PUSH 0A

; /Arg1 = 0

8B8D 9CFBFFFF |MOV ECX,DWORD PTR SS:[LOCAL.281]


E8 E7D9FEFF |CALL 0040F5C0

; |
; \SystemIn

8B8D 9CFBFFFF |MOV ECX,DWORD PTR SS:[LOCAL.281]


E8 DCDBFEFF |CALL 0040F7C0

; [SystemIn

C645 FC 02
|MOV BYTE PTR SS:[LOCAL.1],2
8D8D 38FCFFFF |LEA ECX,[LOCAL.242]
E8 8DCBFEFF |CALL 0040E780

; [SystemIn

C645 FC 00
6A 00
6A 01
8D8D 38FCFFFF
E8 5ADFFEFF

;
;
;
;

|MOV BYTE PTR SS:[LOCAL.1],0


|PUSH 0
|PUSH 1
|LEA ECX,[LOCAL.242]
|CALL 0040FB60

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

00421C06 |. C745 FC 03000 |MOV DWORD PTR SS:[LOCAL.1],3


00421C0D |. 8D8D 64FCFFFF |LEA ECX,[LOCAL.231]
00421C13 |. E8 68CBFEFF |CALL 0040E780
fo.0040E780
00421C18 |. C745 FC FFFFF |MOV DWORD PTR SS:[LOCAL.1],-1
00421C1F |. 6A 00
|PUSH 0
00421C21 |. 6A 01
|PUSH 1
00421C23 |. 8D8D 64FCFFFF |LEA ECX,[LOCAL.231]
00421C29 |. E8 32DFFEFF |CALL 0040FB60
fo.0040FB60
00421C2E |>^ E9 3FFCFFFF \JMP 00421872
00421C33 |> 817D EC 03010 CMP DWORD PTR SS:[LOCAL.5],103
00421C3A |. 74 3C
JE SHORT 00421C78
00421C3C |. 68 58844400 PUSH OFFSET 00448458
SCII "Cannot enumerate installations"
00421C41 |. 8B4D EC
MOV ECX,DWORD PTR SS:[LOCAL.5]
00421C44 |. 51
PUSH ECX
[LOCAL.5]
00421C45 |. E8 16E9FEFF CALL 00410560
fo.00410560
00421C4A |. 83C4 08
ADD ESP,8
00421C4D |. 50
PUSH EAX
00421C4E |. 8B55 08
MOV EDX,DWORD PTR SS:[ARG.1]
00421C51 |. 52
PUSH EDX
00421C52 |. E8 098DFEFF CALL 0040A960
00421C57 |. 83C4 08
ADD ESP,8
00421C5A |. 8985 74FBFFFF MOV DWORD PTR SS:[LOCAL.291],EAX
00421C60 |. 6A 0A
PUSH 0A
A
00421C62 |. 8B8D 74FBFFFF MOV ECX,DWORD PTR SS:[LOCAL.291]
00421C68 |. E8 53D9FEFF CALL 0040F5C0
fo.0040F5C0
00421C6D |. 8B8D 74FBFFFF MOV ECX,DWORD PTR SS:[LOCAL.291]
00421C73 |. E8 48DBFEFF CALL 0040F7C0
fo.0040F7C0
00421C78 |> 8B85 DCFEFFFF MOV EAX,DWORD PTR SS:[LOCAL.73]
00421C7E |. 50
PUSH EAX
[LOCAL.73]
00421C7F |. FF15 14804400 CALL DWORD PTR DS:[<&ADVAPI32.RegCloseKe
.RegCloseKey
00421C85 |> 8B4D F4
MOV ECX,DWORD PTR SS:[LOCAL.3]
00421C88 |. 64:890D 00000 MOV DWORD PTR FS:[0],ECX
00421C8F |. 59
POP ECX
00421C90 |. 8B4D E4
MOV ECX,DWORD PTR SS:[LOCAL.7]
00421C93 |. 33CD
XOR ECX,EBP
00421C95 |. E8 57CA0000 CALL 0042E6F1
00421C9A |. 8BE5
MOV ESP,EBP
00421C9C |. 5D
POP EBP
00421C9D \. C3
RETN
00421C9E
CC
INT3
00421C9F
CC
INT3
00421CA0 /$ 55
PUSH EBP
o.00421CA0(guessed Arg1)
00421CA1 |. 8BEC
MOV EBP,ESP
00421CA3 |. 6A FF
PUSH -1
00421CA5 |. 68 A1644400 PUSH 004464A1
00421CAA |. 64:A1 0000000 MOV EAX,DWORD PTR FS:[0]
00421CB0 |. 50
PUSH EAX
00421CB1 |. 81EC 00010000 SUB ESP,100
00421CB7 |. A1 A0154500 MOV EAX,DWORD PTR DS:[4515A0]

; [SystemIn
;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

; /Arg2 = A
; |
; |Arg1 =>
; \SystemIn

; /Arg1 = 0
; |
; \SystemIn
; [SystemIn
; /hKey =>
; \ADVAPI32

; SystemInf

00421CBC |. 33C5
00421CBE |. 8945 E4
00421CC1 |. 50
00421CC2 |. 8D45 F4
00421CC5 |. 64:A3 0000000
00421CCB |. C745 A4 00000
00421CD2 |. 6A 00
NULL
00421CD4 |. 6A 00
= 0
00421CD6 |. FF15 DC804400
.GetTempPathA
00421CDC |. 8945 E8
00421CDF |. 8B45 E8
00421CE2 |. 83C0 03
00421CE5 |. 50
00421CE6 |. E8 61BB0000
fo.0042D84C
00421CEB |. 83C4 04
00421CEE |. 8945 C4
00421CF1 |. 8B4D C4
00421CF4 |. 894D F0
00421CF7 |. 8B55 E8
00421CFA |. 83C2 0C
00421CFD |. 52
00421CFE |. E8 49BB0000
fo.0042D84C
00421D03 |. 83C4 04
00421D06 |. 8945 C0
00421D09 |. 8B45 C0
00421D0C |. 8945 EC
00421D0F |. 837D F0 00
00421D13 |. 74 06
00421D15 |. 837D EC 00
00421D19 |. 75 49
00421D1B |> 8B4D EC
00421D1E |. 894D BC
00421D21 |. 8B55 BC
00421D24 |. 52
[LOCAL.16]
00421D25 |. E8 D6DA0000
fo.0042F800
00421D2A |. 83C4 04
00421D2D |. 8B45 F0
00421D30 |. 8945 B8
00421D33 |. 8B4D B8
00421D36 |. 51
[LOCAL.15]
00421D37 |. E8 C4DA0000
fo.0042F800
00421D3C |. 83C4 04
00421D3F |. 68 349B4400
SCII ".\SI0000.TXT"
00421D44 |. 8B4D 08
00421D47 |. E8 A4CEFEFF
fo.0040EBF0
00421D4C |. C745 FC 00000
00421D53 |. 8B55 A4
00421D56 |. 83CA 01
00421D59 |. 8955 A4

XOR EAX,EBP
MOV DWORD PTR SS:[LOCAL.7],EAX
PUSH EAX
LEA EAX,[LOCAL.3]
MOV DWORD PTR FS:[0],EAX
MOV DWORD PTR SS:[LOCAL.23],0
PUSH 0

; /Buffer =

PUSH 0

; |Bufsize

CALL DWORD PTR DS:[<&KERNEL32.GetTempPat ; \KERNEL32


MOV DWORD PTR SS:[LOCAL.6],EAX
MOV EAX,DWORD PTR SS:[LOCAL.6]
ADD EAX,3
PUSH EAX
CALL 0042D84C

; /Arg1
; \SystemIn

ADD ESP,4
MOV DWORD PTR
MOV ECX,DWORD
MOV DWORD PTR
MOV EDX,DWORD
ADD EDX,0C
PUSH EDX
CALL 0042D84C

; /Arg1
; \SystemIn

SS:[LOCAL.15],EAX
PTR SS:[LOCAL.15]
SS:[LOCAL.4],ECX
PTR SS:[LOCAL.6]

ADD ESP,4
MOV DWORD PTR SS:[LOCAL.16],EAX
MOV EAX,DWORD PTR SS:[LOCAL.16]
MOV DWORD PTR SS:[LOCAL.5],EAX
CMP DWORD PTR SS:[LOCAL.4],0
JE SHORT 00421D1B
CMP DWORD PTR SS:[LOCAL.5],0
JNE SHORT 00421D64
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV DWORD PTR SS:[LOCAL.17],ECX
MOV EDX,DWORD PTR SS:[LOCAL.17]
PUSH EDX

; /Arg1 =>

CALL 0042F800

; \SystemIn

ADD ESP,4
MOV EAX,DWORD PTR SS:[LOCAL.4]
MOV DWORD PTR SS:[LOCAL.18],EAX
MOV ECX,DWORD PTR SS:[LOCAL.18]
PUSH ECX

; /Arg1 =>

CALL 0042F800

; \SystemIn

ADD ESP,4
PUSH OFFSET 00449B34

; /Arg1 = A

MOV ECX,DWORD PTR SS:[ARG.1]


CALL 0040EBF0

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.1],0


MOV EDX,DWORD PTR SS:[LOCAL.23]
OR EDX,00000001
MOV DWORD PTR SS:[LOCAL.23],EDX

00421D5C |. 8B45 08
00421D5F |. E9 6B010000
00421D64 |> 8B45 F0
00421D67 |. 50
> [LOCAL.15]
00421D68 |. 8B4D E8
00421D6B |. 51
=> [LOCAL.6]
00421D6C |. FF15 DC804400
.GetTempPathA
00421D72 |. 85C0
00421D74 |. 75 0F
00421D76 |. 68 309B4400
\"
00421D7B |. 8B55 F0
00421D7E |. 52
[LOCAL.15]
00421D7F |. FF15 AC804400
.lstrcpy
00421D85 |> 8B45 EC
00421D88 |. 50
=> [LOCAL.16]
00421D89 |. 6A 00
0
00421D8B |. 68 2C9B4400
ring = "SI"
00421D90 |. 8B4D F0
00421D93 |. 51
=> [LOCAL.15]
00421D94 |. FF15 D8804400
.GetTempFileNameA
00421D9A |. 85C0
00421D9C |. 75 63
00421D9E |. 8B55 EC
00421DA1 |. 52
=> [LOCAL.16]
00421DA2 |. 6A 00
0
00421DA4 |. 68 2C9B4400
ring = "SI"
00421DA9 |. 68 309B4400
= ".\"
00421DAE |. FF15 D8804400
.GetTempFileNameA
00421DB4 |. 85C0
00421DB6 |. 75 49
00421DB8 |. 8B45 EC
00421DBB |. 8945 B4
00421DBE |. 8B4D B4
00421DC1 |. 51
[LOCAL.16]
00421DC2 |. E8 39DA0000
fo.0042F800
00421DC7 |. 83C4 04
00421DCA |. 8B55 F0
00421DCD |. 8955 B0
00421DD0 |. 8B45 B0
00421DD3 |. 50
[LOCAL.15]
00421DD4 |. E8 27DA0000

MOV EAX,DWORD PTR SS:[ARG.1]


JMP 00421ECF
MOV EAX,DWORD PTR SS:[LOCAL.4]
PUSH EAX

; /Buffer =

MOV ECX,DWORD PTR SS:[LOCAL.6]


PUSH ECX

; |
; |Bufsize

CALL DWORD PTR DS:[<&KERNEL32.GetTempPat ; \KERNEL32


TEST EAX,EAX
JNE SHORT 00421D85
PUSH OFFSET 00449B30

; /Src = ".

MOV EDX,DWORD PTR SS:[LOCAL.4]


PUSH EDX

; |
; |Dest =>

CALL DWORD PTR DS:[<&KERNEL32.lstrcpyA>] ; \KERNEL32


MOV EAX,DWORD PTR SS:[LOCAL.5]
PUSH EAX

; /FileName

PUSH 0

; |Unique =

PUSH OFFSET 00449B2C

; |PrefixSt

MOV ECX,DWORD PTR SS:[LOCAL.4]


PUSH ECX

; |
; |PathName

CALL DWORD PTR DS:[<&KERNEL32.GetTempFil ; \KERNEL32


TEST EAX,EAX
JNE SHORT 00421E01
MOV EDX,DWORD PTR SS:[LOCAL.5]
PUSH EDX

; /FileName

PUSH 0

; |Unique =

PUSH OFFSET 00449B2C

; |PrefixSt

PUSH OFFSET 00449B30

; |PathName

CALL DWORD PTR DS:[<&KERNEL32.GetTempFil ; \KERNEL32


TEST EAX,EAX
JNE SHORT 00421E01
MOV EAX,DWORD PTR SS:[LOCAL.5]
MOV DWORD PTR SS:[LOCAL.19],EAX
MOV ECX,DWORD PTR SS:[LOCAL.19]
PUSH ECX

; /Arg1 =>

CALL 0042F800

; \SystemIn

ADD ESP,4
MOV EDX,DWORD PTR SS:[LOCAL.4]
MOV DWORD PTR SS:[LOCAL.20],EDX
MOV EAX,DWORD PTR SS:[LOCAL.20]
PUSH EAX

; /Arg1 =>

CALL 0042F800

; \SystemIn

fo.0042F800
00421DD9 |. 83C4 04
00421DDC |. 68 349B4400
SCII ".\SI0000.TXT"
00421DE1 |. 8B4D 08
00421DE4 |. E8 07CEFEFF
fo.0040EBF0
00421DE9 |. C745 FC 00000
00421DF0 |. 8B4D A4
00421DF3 |. 83C9 01
00421DF6 |. 894D A4
00421DF9 |. 8B45 08
00421DFC |. E9 CE000000
00421E01 |> 8B55 EC
00421E04 |. 52
[LOCAL.16]
00421E05 |. FF15 4C804400
.DeleteFileA
00421E0B |. 8B45 EC
00421E0E |. 50
[LOCAL.16]
00421E0F |. 8D4D C8
00421E12 |. E8 D9CDFEFF
fo.0040EBF0
00421E17 |. C745 FC 01000
00421E1E |. C685 3FFFFFFF
00421E25 |. 6A 01
00421E27 |. 6A FF
1
00421E29 |. 8D8D 3FFFFFFF
00421E2F |. 51
00421E30 |. 8D4D C8
00421E33 |. E8 E82B0000
fo.00424A20
00421E38 |. 8985 34FFFFFF
00421E3E |. 68 249B4400
SCII ".TXT"
00421E43 |. E8 38C40000
fo.0042E280
00421E48 |. 83C4 04
00421E4B |. 8985 38FFFFFF
00421E51 |. 8B95 38FFFFFF
00421E57 |. 52
[LOCAL.50]
00421E58 |. 68 249B4400
SCII ".TXT"
00421E5D |. 6A FF
1
00421E5F |. 8B85 34FFFFFF
00421E65 |. 50
[LOCAL.51]
00421E66 |. 8D4D C8
00421E69 |. E8 42350000
fo.004253B0
00421E6E |. 8B4D EC
00421E71 |. 894D AC
00421E74 |. 8B55 AC
00421E77 |. 52
[LOCAL.21]
00421E78 |. E8 83D90000

ADD ESP,4
PUSH OFFSET 00449B34

; /Arg1 = A

MOV ECX,DWORD PTR SS:[ARG.1]


CALL 0040EBF0

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.1],0


MOV ECX,DWORD PTR SS:[LOCAL.23]
OR ECX,00000001
MOV DWORD PTR SS:[LOCAL.23],ECX
MOV EAX,DWORD PTR SS:[ARG.1]
JMP 00421ECF
MOV EDX,DWORD PTR SS:[LOCAL.5]
PUSH EDX

; /Name =>

CALL DWORD PTR DS:[<&KERNEL32.DeleteFile ; \KERNEL32


MOV EAX,DWORD PTR SS:[LOCAL.5]
PUSH EAX

; /Arg1 =>

LEA ECX,[LOCAL.14]
CALL 0040EBF0

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.1],1


MOV BYTE PTR SS:[LOCAL.49+3],2E
PUSH 1
PUSH -1

; /Arg3 = 1
; |Arg2 = -

LEA ECX,[LOCAL.49+3]
PUSH ECX
LEA ECX,[LOCAL.14]
CALL 00424A20

;
;
;
;

MOV DWORD PTR SS:[LOCAL.51],EAX


PUSH OFFSET 00449B24

; /Arg1 = A

CALL 0042E280

; \SystemIn

ADD ESP,4
MOV DWORD PTR SS:[LOCAL.50],EAX
MOV EDX,DWORD PTR SS:[LOCAL.50]
PUSH EDX

; /Arg4 =>

PUSH OFFSET 00449B24

; |Arg3 = A

PUSH -1

; |Arg2 = -

MOV EAX,DWORD PTR SS:[LOCAL.51]


PUSH EAX

; |
; |Arg1 =>

LEA ECX,[LOCAL.14]
CALL 004253B0

; |
; \SystemIn

MOV ECX,DWORD PTR SS:[LOCAL.5]


MOV DWORD PTR SS:[LOCAL.21],ECX
MOV EDX,DWORD PTR SS:[LOCAL.21]
PUSH EDX

; /Arg1 =>

CALL 0042F800

; \SystemIn

|
|Arg1
|
\SystemIn

fo.0042F800
00421E7D |. 83C4 04
00421E80 |. 8B45 F0
00421E83 |. 8945 A8
00421E86 |. 8B4D A8
00421E89 |. 51
[LOCAL.22]
00421E8A |. E8 71D90000
fo.0042F800
00421E8F |. 83C4 04
00421E92 |. 6A 00
00421E94 |. 6A 00
00421E96 |. 8B4D 08
00421E99 |. E8 C2DCFEFF
fo.0040FB60
00421E9E |. 8B15 AC874400
00421EA4 |. 52
[4487AC] = -1
00421EA5 |. 6A 00
00421EA7 |. 8D45 C8
00421EAA |. 50
OFFSET LOCAL.14
00421EAB |. 8B4D 08
00421EAE |. E8 6DD1FEFF
fo.0040F020
00421EB3 |. 8B4D A4
00421EB6 |. 83C9 01
00421EB9 |. 894D A4
00421EBC |. C645 FC 00
00421EC0 |. 6A 00
00421EC2 |. 6A 01
00421EC4 |. 8D4D C8
00421EC7 |. E8 94DCFEFF
fo.0040FB60
00421ECC |. 8B45 08
00421ECF |> 8B4D F4
00421ED2 |. 64:890D 00000
00421ED9 |. 59
00421EDA |. 8B4D E4
00421EDD |. 33CD
00421EDF |. E8 0DC80000
00421EE4 |. 8BE5
00421EE6 |. 5D
00421EE7 \. C3
00421EE8
CC
00421EE9
CC
00421EEA
CC
00421EEB
CC
00421EEC
CC
00421EED
CC
00421EEE
CC
00421EEF
CC
00421EF0 /$ 55
o.00421EF0(guessed Arg1)
00421EF1 |. 8BEC
00421EF3 |. 6A FF
00421EF5 |. 68 E3644400
00421EFA |. 64:A1 0000000
00421F00 |. 50
00421F01 |. 81EC 48010000

ADD ESP,4
MOV EAX,DWORD PTR SS:[LOCAL.4]
MOV DWORD PTR SS:[LOCAL.22],EAX
MOV ECX,DWORD PTR SS:[LOCAL.22]
PUSH ECX

; /Arg1 =>

CALL 0042F800

; \SystemIn

ADD ESP,4
PUSH 0
PUSH 0
MOV ECX,DWORD PTR SS:[ARG.1]
CALL 0040FB60

;
;
;
;

MOV EDX,DWORD PTR DS:[4487AC]


PUSH EDX

; /Arg3 =>

PUSH 0
LEA EAX,[LOCAL.14]
PUSH EAX

; |Arg2 = 0
; |
; |Arg1 =>

MOV ECX,DWORD PTR SS:[ARG.1]


CALL 0040F020

; |
; \SystemIn

MOV ECX,DWORD PTR SS:[LOCAL.23]


OR ECX,00000001
MOV DWORD PTR SS:[LOCAL.23],ECX
MOV BYTE PTR SS:[LOCAL.1],0
PUSH 0
PUSH 1
LEA ECX,[LOCAL.14]
CALL 0040FB60

;
;
;
;

MOV EAX,DWORD
MOV ECX,DWORD
MOV DWORD PTR
POP ECX
MOV ECX,DWORD
XOR ECX,EBP
CALL 0042E6F1
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP

; SystemInf

/Arg2 = 0
|Arg1 = 0
|
\SystemIn

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

PTR SS:[ARG.1]
PTR SS:[LOCAL.3]
FS:[0],ECX
PTR SS:[LOCAL.7]

MOV EBP,ESP
PUSH -1
PUSH 004464E3
MOV EAX,DWORD PTR FS:[0]
PUSH EAX
SUB ESP,148

00421F07 |. A1 A0154500
00421F0C |. 33C5
00421F0E |. 8945 EC
00421F11 |. 50
00421F12 |. 8D45 F4
00421F15 |. 64:A3 0000000
00421F1B |. C785 00FFFFFF
00421F25 |. 8B45 08
00421F28 |. 50
[ARG.1]
00421F29 |. 8D4D D0
00421F2C |. E8 BFCCFEFF
fo.0040EBF0
00421F31 |. C745 FC 00000
00421F38 |. C745 F0 00000
00421F3F |> C685 17FFFFFF
00421F46 |. 6A 01
00421F48 |. 8B4D F0
00421F4B |. 83C1 01
00421F4E |. 51
00421F4F |. 8D95 17FFFFFF
00421F55 |. 52
00421F56 |. 8D4D D0
00421F59 |. E8 B2290000
fo.00424910
00421F5E |. 8945 F0
00421F61 |. 837D F0 FF
00421F65 |. 74 6A
00421F67 |. 8B45 F0
00421F6A |. 50
[LOCAL.4]
00421F6B |. 6A 00
00421F6D |. 8D8D 28FFFFFF
00421F73 |. 51
OFFSET LOCAL.54
00421F74 |. 8D4D D0
00421F77 |. E8 E4040000
fo.00422460
00421F7C |. 8985 10FFFFFF
00421F82 |. 8B95 10FFFFFF
00421F88 |. 837A 18 10
00421F8C |. 72 11
00421F8E |. 8B85 10FFFFFF
00421F94 |. 8B48 04
00421F97 |. 898D B4FEFFFF
00421F9D |. EB 0F
00421F9F |> 8B95 10FFFFFF
00421FA5 |. 83C2 04
00421FA8 |. 8995 B4FEFFFF
00421FAE |> 6A 00
y = NULL
00421FB0 |. 8B85 B4FEFFFF
00421FB6 |. 50
=> [LOCAL.83]
00421FB7 |. FF15 E0804400
.CreateDirectoryA
00421FBD |. 6A 00
00421FBF |. 6A 01
00421FC1 |. 8D8D 28FFFFFF
00421FC7 |. E8 94DBFEFF

MOV EAX,DWORD PTR DS:[4515A0]


XOR EAX,EBP
MOV DWORD PTR SS:[LOCAL.5],EAX
PUSH EAX
LEA EAX,[LOCAL.3]
MOV DWORD PTR FS:[0],EAX
MOV DWORD PTR SS:[LOCAL.64],0
MOV EAX,DWORD PTR SS:[ARG.1]
PUSH EAX

; /Arg1 =>

LEA ECX,[LOCAL.12]
CALL 0040EBF0

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.1],0


MOV DWORD PTR SS:[LOCAL.4],0
/MOV BYTE PTR SS:[LOCAL.59+3],5C
|PUSH 1
|MOV ECX,DWORD PTR SS:[LOCAL.4]
|ADD ECX,1
|PUSH ECX
|LEA EDX,[LOCAL.59+3]
|PUSH EDX
|LEA ECX,[LOCAL.12]
|CALL 00424910

;
;
;
;
;
;
;
;

|MOV DWORD PTR SS:[LOCAL.4],EAX


|CMP DWORD PTR SS:[LOCAL.4],-1
|JE SHORT 00421FD1
|MOV EAX,DWORD PTR SS:[LOCAL.4]
|PUSH EAX

; /Arg3 =>

|PUSH 0
|LEA ECX,[LOCAL.54]
|PUSH ECX

; |Arg2 = 0
; |
; |Arg1 =>

|LEA ECX,[LOCAL.12]
|CALL 00422460

; |
; \SystemIn

|MOV DWORD PTR SS:[LOCAL.60],EAX


|MOV EDX,DWORD PTR SS:[LOCAL.60]
|CMP DWORD PTR DS:[EDX+18],10
|JB SHORT 00421F9F
|MOV EAX,DWORD PTR SS:[LOCAL.60]
|MOV ECX,DWORD PTR DS:[EAX+4]
|MOV DWORD PTR SS:[LOCAL.83],ECX
|JMP SHORT 00421FAE
|MOV EDX,DWORD PTR SS:[LOCAL.60]
|ADD EDX,4
|MOV DWORD PTR SS:[LOCAL.83],EDX
|PUSH 0

; /pSecurit

|MOV EAX,DWORD PTR SS:[LOCAL.83]


|PUSH EAX

; |
; |PathName

/Arg3 = 1
|
|
|Arg2
|
|Arg1
|
\SystemIn

|CALL DWORD PTR DS:[<&KERNEL32.CreateDir ; \KERNEL32


|PUSH 0
|PUSH 1
|LEA ECX,[LOCAL.54]
|CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

fo.0040FB60
00421FCC |.^ E9 6EFFFFFF
00421FD1 |> 8B4D E4
00421FD4 |. 898D 0CFFFFFF
00421FDA |. 8B95 0CFFFFFF
00421FE0 |. 83EA 01
00421FE3 |. 8995 08FFFFFF
00421FE9 |. 8B85 08FFFFFF
00421FEF |. 3B45 E4
00421FF2 |. 76 05
00421FF4 |. E8 8FC80000
00421FF9 |> 33C9
00421FFB |.^ 75 FC
00421FFD |. 837D E8 10
00422001 |. 72 0B
00422003 |. 8B55 D4
00422006 |. 8995 B0FEFFFF
0042200C |. EB 09
0042200E |> 8D45 D4
00422011 |. 8985 B0FEFFFF
00422017 |> 8B8D B0FEFFFF
0042201D |. 038D 08FFFFFF
00422023 |. 0FBE11
00422026 |. 83FA 5C
00422029 |. 75 27
0042202B |. 68 589B4400
SCII "SystemInfo.txt"
00422030 |. E8 4BC20000
fo.0042E280
00422035 |. 83C4 04
00422038 |. 8985 04FFFFFF
0042203E |. 8B85 04FFFFFF
00422044 |. 50
[LOCAL.63]
00422045 |. 68 589B4400
SCII "SystemInfo.txt"
0042204A |. 8D4D D0
0042204D |. E8 EECDFEFF
fo.0040EE40
00422052 |> 837D E8 10
00422056 |. 72 0B
00422058 |. 8B4D D4
0042205B |. 898D ACFEFFFF
00422061 |. EB 09
00422063 |> 8D55 D4
00422066 |. 8995 ACFEFFFF
0042206C |> 6A 01
0042206E |. 6A 40
0
00422070 |. 6A 02
00422072 |. 8B85 ACFEFFFF
00422078 |. 50
[LOCAL.85]
00422079 |. 8D8D 44FFFFFF
0042207F |. E8 5C0C0000
fo.00422CE0
00422084 |. C645 FC 01
00422088 |. 8B8D 44FFFFFF
0042208E |. 8B51 04
00422091 |. 8B8415 4CFFFF

\JMP 00421F3F
MOV ECX,DWORD PTR SS:[LOCAL.7]
MOV DWORD PTR SS:[LOCAL.61],ECX
MOV EDX,DWORD PTR SS:[LOCAL.61]
SUB EDX,1
MOV DWORD PTR SS:[LOCAL.62],EDX
MOV EAX,DWORD PTR SS:[LOCAL.62]
CMP EAX,DWORD PTR SS:[LOCAL.7]
JBE SHORT 00421FF9
CALL 0042E888
/XOR ECX,ECX
\JNE SHORT 00421FF9
CMP DWORD PTR SS:[LOCAL.6],10
JB SHORT 0042200E
MOV EDX,DWORD PTR SS:[LOCAL.11]
MOV DWORD PTR SS:[LOCAL.84],EDX
JMP SHORT 00422017
LEA EAX,[LOCAL.11]
MOV DWORD PTR SS:[LOCAL.84],EAX
MOV ECX,DWORD PTR SS:[LOCAL.84]
ADD ECX,DWORD PTR SS:[LOCAL.62]
MOVSX EDX,BYTE PTR DS:[ECX]
CMP EDX,5C
JNE SHORT 00422052
PUSH OFFSET 00449B58

; /Arg1 = A

CALL 0042E280

; \SystemIn

ADD ESP,4
MOV DWORD PTR SS:[LOCAL.63],EAX
MOV EAX,DWORD PTR SS:[LOCAL.63]
PUSH EAX

; /Arg2 =>

PUSH OFFSET 00449B58

; |Arg1 = A

LEA ECX,[LOCAL.12]
CALL 0040EE40

; |
; \SystemIn

CMP DWORD PTR SS:[LOCAL.6],10


JB SHORT 00422063
MOV ECX,DWORD PTR SS:[LOCAL.11]
MOV DWORD PTR SS:[LOCAL.85],ECX
JMP SHORT 0042206C
LEA EDX,[LOCAL.11]
MOV DWORD PTR SS:[LOCAL.85],EDX
PUSH 1
PUSH 40

; /Arg4 = 1
; |Arg3 = 4

PUSH 2
MOV EAX,DWORD PTR SS:[LOCAL.85]
PUSH EAX

; |Arg2 = 2
; |
; |Arg1 =>

LEA ECX,[LOCAL.47]
CALL 00422CE0

; |
; \SystemIn

MOV
MOV
MOV
MOV

BYTE PTR SS:[LOCAL.1],1


ECX,DWORD PTR SS:[LOCAL.47]
EDX,DWORD PTR DS:[ECX+4]
EAX,DWORD PTR SS:[EDX+EBP-0B4]

00422098 |. 8985 FCFEFFFF


0042209E |. 8B8D FCFEFFFF
004220A4 |. 83E1 06
004220A7 |. F7D9
ECX to boolean
004220A9 |. 1BC9
004220AB |. F7D9
004220AD |. 0FB6D1
004220B0 |. 85D2
004220B2 |. 74 54
004220B4 |. C645 FC 00
004220B8 |. 8D4D 98
004220BB |. E8 200E0000
fo.00422EE0
004220C0 |. 8D45 98
004220C3 |. 8985 F8FEFFFF
004220C9 |. 8B8D F8FEFFFF
004220CF |. C701 008A4400
004220D5 |. 8B95 F8FEFFFF
004220DB |. C702 F8894400
004220E1 |. 8B85 F8FEFFFF
004220E7 |. 50
[LOCAL.66]
004220E8 |. E8 D8BC0000
fo.0042DDC5
004220ED |. 83C4 04
004220F0 |. C745 FC FFFFF
004220F7 |. 6A 00
004220F9 |. 6A 01
004220FB |. 8D4D D0
004220FE |. E8 5DDAFEFF
fo.0040FB60
00422103 |. E9 92010000
00422108 |> 68 449B4400
STEM INFORMATION"
0042210D |. 8D8D 44FFFFFF
00422113 |. 51
00422114 |. E8 4788FEFF
00422119 |. 83C4 08
0042211C |. 8985 F4FEFFFF
00422122 |. 6A 0A
A
00422124 |. 8B8D F4FEFFFF
0042212A |. E8 91D4FEFF
fo.0040F5C0
0042212F |. 8B8D F4FEFFFF
00422135 |. E8 86D6FEFF
fo.0040F7C0
0042213A |. 6A 0A
A
0042213C |. 8B8D F4FEFFFF
00422142 |. E8 79D4FEFF
fo.0040F5C0
00422147 |. 8B8D F4FEFFFF
0042214D |. E8 6ED6FEFF
fo.0040F7C0
00422152 |. 8D95 44FFFFFF
00422158 |. 52
OFFSET LOCAL.47
00422159 |. E8 82E9FEFF

MOV
MOV
AND
NEG

DWORD PTR SS:[LOCAL.65],EAX


ECX,DWORD PTR SS:[LOCAL.65]
ECX,00000006
ECX

; Converts

SBB ECX,ECX
NEG ECX
MOVZX EDX,CL
TEST EDX,EDX
JE SHORT 00422108
MOV BYTE PTR SS:[LOCAL.1],0
LEA ECX,[LOCAL.26]
CALL 00422EE0

; [SystemIn

LEA EAX,[LOCAL.26]
MOV DWORD PTR SS:[LOCAL.66],EAX
MOV ECX,DWORD PTR SS:[LOCAL.66]
MOV DWORD PTR DS:[ECX],OFFSET 00448A00
MOV EDX,DWORD PTR SS:[LOCAL.66]
MOV DWORD PTR DS:[EDX],OFFSET 004489F8
MOV EAX,DWORD PTR SS:[LOCAL.66]
PUSH EAX

; /Arg1 =>

CALL 0042DDC5

; \SystemIn

ADD ESP,4
MOV DWORD PTR SS:[LOCAL.1],-1
PUSH 0
PUSH 1
LEA ECX,[LOCAL.12]
CALL 0040FB60

;
;
;
;

JMP 0042229A
PUSH OFFSET 00449B44

; ASCII "SY

LEA ECX,[LOCAL.47]
PUSH ECX
CALL 0040A960
ADD ESP,8
MOV DWORD PTR SS:[LOCAL.67],EAX
PUSH 0A

; /Arg1 = 0

MOV ECX,DWORD PTR SS:[LOCAL.67]


CALL 0040F5C0

; |
; \SystemIn

MOV ECX,DWORD PTR SS:[LOCAL.67]


CALL 0040F7C0

; [SystemIn

PUSH 0A

; /Arg1 = 0

MOV ECX,DWORD PTR SS:[LOCAL.67]


CALL 0040F5C0

; |
; \SystemIn

MOV ECX,DWORD PTR SS:[LOCAL.67]


CALL 0040F7C0

; [SystemIn

LEA EDX,[LOCAL.47]
PUSH EDX

; /Arg1 =>

CALL 00410AE0

; \SystemIn

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

fo.00410AE0
0042215E |. 83C4 04
00422161 |. 6A 0A
A
00422163 |. 8D8D 44FFFFFF
00422169 |. E8 52D4FEFF
fo.0040F5C0
0042216E |. 8D8D 44FFFFFF
00422174 |. E8 47D6FEFF
fo.0040F7C0
00422179 |. 8D85 44FFFFFF
0042217F |. 50
OFFSET LOCAL.47
00422180 |. E8 6B59FFFF
fo.00417AF0
00422185 |. 83C4 04
00422188 |. 6A 0A
A
0042218A |. 8D8D 44FFFFFF
00422190 |. E8 2BD4FEFF
fo.0040F5C0
00422195 |. 8D8D 44FFFFFF
0042219B |. E8 20D6FEFF
fo.0040F7C0
004221A0 |. 8D8D 44FFFFFF
004221A6 |. 51
OFFSET LOCAL.47
004221A7 |. E8 946DFFFF
fo.00418F40
004221AC |. 83C4 04
004221AF |. 6A 0A
A
004221B1 |. 8D8D 44FFFFFF
004221B7 |. E8 04D4FEFF
fo.0040F5C0
004221BC |. 8D8D 44FFFFFF
004221C2 |. E8 F9D5FEFF
fo.0040F7C0
004221C7 |. 8D95 44FFFFFF
004221CD |. 52
OFFSET LOCAL.47
004221CE |. E8 0D78FFFF
fo.004199E0
004221D3 |. 83C4 04
004221D6 |. 6A 0A
A
004221D8 |. 8D8D 44FFFFFF
004221DE |. E8 DDD3FEFF
fo.0040F5C0
004221E3 |. 8D8D 44FFFFFF
004221E9 |. E8 D2D5FEFF
fo.0040F7C0
004221EE |. 8D85 44FFFFFF
004221F4 |. 50
OFFSET LOCAL.47
004221F5 |. E8 E6A0FFFF
fo.0041C2E0
004221FA |. 83C4 04
004221FD |. 6A 0A
A

ADD ESP,4
PUSH 0A

; /Arg1 = 0

LEA ECX,[LOCAL.47]
CALL 0040F5C0

; |
; \SystemIn

LEA ECX,[LOCAL.47]
CALL 0040F7C0

; [SystemIn

LEA EAX,[LOCAL.47]
PUSH EAX

; /Arg1 =>

CALL 00417AF0

; \SystemIn

ADD ESP,4
PUSH 0A

; /Arg1 = 0

LEA ECX,[LOCAL.47]
CALL 0040F5C0

; |
; \SystemIn

LEA ECX,[LOCAL.47]
CALL 0040F7C0

; [SystemIn

LEA ECX,[LOCAL.47]
PUSH ECX

; /Arg1 =>

CALL 00418F40

; \SystemIn

ADD ESP,4
PUSH 0A

; /Arg1 = 0

LEA ECX,[LOCAL.47]
CALL 0040F5C0

; |
; \SystemIn

LEA ECX,[LOCAL.47]
CALL 0040F7C0

; [SystemIn

LEA EDX,[LOCAL.47]
PUSH EDX

; /Arg1 =>

CALL 004199E0

; \SystemIn

ADD ESP,4
PUSH 0A

; /Arg1 = 0

LEA ECX,[LOCAL.47]
CALL 0040F5C0

; |
; \SystemIn

LEA ECX,[LOCAL.47]
CALL 0040F7C0

; [SystemIn

LEA EAX,[LOCAL.47]
PUSH EAX

; /Arg1 =>

CALL 0041C2E0

; \SystemIn

ADD ESP,4
PUSH 0A

; /Arg1 = 0

004221FF |. 8D8D 44FFFFFF


00422205 |. E8 B6D3FEFF
fo.0040F5C0
0042220A |. 8D8D 44FFFFFF
00422210 |. E8 ABD5FEFF
fo.0040F7C0
00422215 |. 8D8D 44FFFFFF
0042221B |. 51
OFFSET LOCAL.47
0042221C |. E8 DFEDFDFF
fo.00401000
00422221 |. 83C4 04
00422224 |. 6A 0A
A
00422226 |. 8D8D 44FFFFFF
0042222C |. E8 8FD3FEFF
fo.0040F5C0
00422231 |. 8D8D 44FFFFFF
00422237 |. E8 84D5FEFF
fo.0040F7C0
0042223C |. 8D95 44FFFFFF
00422242 |. 52
OFFSET LOCAL.47
00422243 |. E8 98D6FFFF
fo.0041F8E0
00422248 |. 83C4 04
0042224B |. 8D8D 48FFFFFF
00422251 |. E8 0A3E0000
00422256 |. 85C0
00422258 |. 75 19
0042225A |. 6A 00
0042225C |. 6A 02
0042225E |. 8B85 44FFFFFF
00422264 |. 8B48 04
00422267 |. 8D8C0D 44FFFF
0042226E |. E8 7D4B0000
fo.00426DF0
00422273 |> C645 FC 00
00422277 |. 8D4D 98
0042227A |. E8 610C0000
fo.00422EE0
0042227F |. 8D4D 98
00422282 |. E8 394B0000
fo.00426DC0
00422287 |. C745 FC FFFFF
0042228E |. 6A 00
00422290 |. 6A 01
00422292 |. 8D4D D0
00422295 |. E8 C6D8FEFF
fo.0040FB60
0042229A |> 8B4D F4
0042229D |. 64:890D 00000
004222A4 |. 59
004222A5 |. 8B4D EC
004222A8 |. 33CD
004222AA |. E8 42C40000
004222AF |. 8BE5
004222B1 |. 5D
004222B2 \. C3
004222B3
CC

LEA ECX,[LOCAL.47]
CALL 0040F5C0

; |
; \SystemIn

LEA ECX,[LOCAL.47]
CALL 0040F7C0

; [SystemIn

LEA ECX,[LOCAL.47]
PUSH ECX

; /Arg1 =>

CALL 00401000

; \SystemIn

ADD ESP,4
PUSH 0A

; /Arg1 = 0

LEA ECX,[LOCAL.47]
CALL 0040F5C0

; |
; \SystemIn

LEA ECX,[LOCAL.47]
CALL 0040F7C0

; [SystemIn

LEA EDX,[LOCAL.47]
PUSH EDX

; /Arg1 =>

CALL 0041F8E0

; \SystemIn

ADD ESP,4
LEA ECX,[LOCAL.46]
CALL 00426060
TEST EAX,EAX
JNE SHORT 00422273
PUSH 0
PUSH 2
MOV EAX,DWORD PTR SS:[LOCAL.47]
MOV ECX,DWORD PTR DS:[EAX+4]
LEA ECX,[ECX+EBP-0BC]
CALL 00426DF0

;
;
;
;
;
;

MOV BYTE PTR SS:[LOCAL.1],0


LEA ECX,[LOCAL.26]
CALL 00422EE0

; [SystemIn

LEA ECX,[LOCAL.26]
CALL 00426DC0

; [SystemIn

MOV DWORD PTR SS:[LOCAL.1],-1


PUSH 0
PUSH 1
LEA ECX,[LOCAL.12]
CALL 0040FB60

;
;
;
;

MOV ECX,DWORD PTR SS:[LOCAL.3]


MOV DWORD PTR FS:[0],ECX
POP ECX
MOV ECX,DWORD PTR SS:[LOCAL.5]
XOR ECX,EBP
CALL 0042E6F1
MOV ESP,EBP
POP EBP
RETN
INT3

/Arg2 = 0
|Arg1 = 2
|
|
|
\SystemIn

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

004222B4
CC
INT3
004222B5
CC
INT3
004222B6
CC
INT3
004222B7
CC
INT3
004222B8
CC
INT3
004222B9
CC
INT3
004222BA
CC
INT3
004222BB
CC
INT3
004222BC
CC
INT3
004222BD
CC
INT3
004222BE
CC
INT3
004222BF
CC
INT3
004222C0 /$ 55
PUSH EBP
o.004222C0(guessed Arg1,Arg2)
004222C1 |. 8BEC
MOV EBP,ESP
004222C3 |. 83EC 10
SUB ESP,10
004222C6 |. EB 12
JMP SHORT 004222DA
004222C8 |> 8B45 08
/MOV EAX,DWORD PTR SS:[EBP+8]
004222CB |. 0345 F0
|ADD EAX,DWORD PTR SS:[EBP-10]
004222CE |. 8945 08
|MOV DWORD PTR SS:[EBP+8],EAX
004222D1 |. 8B4D 0C
|MOV ECX,DWORD PTR SS:[EBP+0C]
004222D4 |. 034D FC
|ADD ECX,DWORD PTR SS:[EBP-4]
004222D7 |. 894D 0C
|MOV DWORD PTR SS:[EBP+0C],ECX
004222DA |> E8 95CE0000 |CALL 0042F174
004222DF |. 50
|PUSH EAX
004222E0 |. 8B55 08
|MOV EDX,DWORD PTR SS:[EBP+8]
004222E3 |. 52
|PUSH EDX
004222E4 |. 8D45 F8
|LEA EAX,[EBP-8]
004222E7 |. 50
|PUSH EAX
004222E8 |. E8 E7030100 |CALL 004326D4
fo.004326D4
004222ED |. 83C4 0C
|ADD ESP,0C
004222F0 |. 8945 F0
|MOV DWORD PTR SS:[EBP-10],EAX
004222F3 |. 837D F0 00
|CMP DWORD PTR SS:[EBP-10],0
004222F7 |. 7E 6A
|JLE SHORT 00422363
004222F9 |. E8 76CE0000 |CALL 0042F174
004222FE |. 50
|PUSH EAX
004222FF |. 8B4D 0C
|MOV ECX,DWORD PTR SS:[EBP+0C]
00422302 |. 51
|PUSH ECX
00422303 |. 8D55 F4
|LEA EDX,[EBP-0C]
00422306 |. 52
|PUSH EDX
00422307 |. E8 C8030100 |CALL 004326D4
fo.004326D4
0042230C |. 83C4 0C
|ADD ESP,0C
0042230F |. 8945 FC
|MOV DWORD PTR SS:[EBP-4],EAX
00422312 |. 837D FC 00
|CMP DWORD PTR SS:[EBP-4],0
00422316 |. 7E 4B
|JLE SHORT 00422363
00422318 |. 0FB745 F8
|MOVZX EAX,WORD PTR SS:[EBP-8]
0042231C |. 50
|PUSH EAX
0042231D |. E8 88020100 |CALL 004325AA
fo.004325AA
00422322 |. 83C4 04
|ADD ESP,4
00422325 |. 66:8945 F8
|MOV WORD PTR SS:[EBP-8],AX
00422329 |. 0FB74D F4
|MOVZX ECX,WORD PTR SS:[EBP-0C]
0042232D |. 51
|PUSH ECX
0042232E |. E8 77020100 |CALL 004325AA
fo.004325AA
00422333 |. 83C4 04
|ADD ESP,4
00422336 |. 66:8945 F4
|MOV WORD PTR SS:[EBP-0C],AX
0042233A |. 0FB755 F8
|MOVZX EDX,WORD PTR SS:[EBP-8]

; SystemInf

;
;
;
;
;
;

/Arg3
|
|Arg2
|
|Arg1
\SystemIn

;
;
;
;
;
;

/Arg3
|
|Arg2
|
|Arg1
\SystemIn

; /Arg1
; \SystemIn

; /Arg1
; \SystemIn

0042233E |.
00422342 |.
00422344 |.
00422346 |.
00422349 |.
0042234B |>
0042234F |.
00422353 |.
00422355 |.^
00422357 |.
0042235C |.
0042235E |>^
00422363 |>
00422368 |.
00422369 |.
0042236C |.
0042236D |.
fo.0042EDAB
00422372 |.
00422375 |.
00422377 |.
00422379 |.
0042237E |.
00422380 |>
00422385 |.
00422386 |.
00422389 |.
0042238A |.
fo.0042EDAB
0042238F |.
00422392 |.
00422394 |.
00422396 |.
00422399 |.
0042239B |>
0042239D |>
0042239F |.
004223A0 \.
004223A1
004223A2
004223A3
004223A4
004223A5
004223A6
004223A7
004223A8
004223A9
004223AA
004223AB
004223AC
004223AD
004223AE
004223AF
004223B0 />
004223B1 |.
004223B3 |.
004223B6 |.
004223B9 |.
004223BC |.
004223BF |.

0FB745 F4
3BD0
7D 05
83C8 FF
EB 52
0FB74D F8
0FB755 F4
3BCA
7E 07
B8 01000000
EB 3F
E9 65FFFFFF
E8 0CCE0000
50
8B45 08
50
E8 39CA0000

|MOVZX EAX,WORD PTR SS:[EBP-0C]


|CMP EDX,EAX
|JGE SHORT 0042234B
|OR EAX,FFFFFFFF
|JMP SHORT 0042239D
|MOVZX ECX,WORD PTR SS:[EBP-8]
|MOVZX EDX,WORD PTR SS:[EBP-0C]
|CMP ECX,EDX
|JLE SHORT 0042235E
|MOV EAX,1
|JMP SHORT 0042239D
\JMP 004222C8
CALL 0042F174
PUSH EAX
MOV EAX,DWORD PTR SS:[EBP+8]
PUSH EAX
CALL 0042EDAB

;
;
;
;

/Arg2
|
|Arg1
\SystemIn

83C4 08
85C0
7E 07
B8 01000000
EB 1D
E8 EFCD0000
50
8B4D 0C
51
E8 1CCA0000

ADD ESP,8
TEST EAX,EAX
JLE SHORT 00422380
MOV EAX,1
JMP SHORT 0042239D
CALL 0042F174
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP+0C]
PUSH ECX
CALL 0042EDAB

;
;
;
;

/Arg2
|
|Arg1
\SystemIn

83C4 08
85C0
7E 05
83C8 FF
EB 02
33C0
8BE5
5D
C3
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
55
8BEC
83EC 1C
894D E4
8B4D E4
83C1 54
E8 1C0B0000

ADD ESP,8
TEST EAX,EAX
JLE SHORT 0042239B
OR EAX,FFFFFFFF
JMP SHORT 0042239D
XOR EAX,EAX
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
SUB ESP,1C
MOV DWORD PTR SS:[EBP-1C],ECX
MOV ECX,DWORD PTR SS:[EBP-1C]
ADD ECX,54
CALL 00422EE0

; [SystemIn

fo.00422EE0
004223C4 |.
004223C7 |.
004223CA |.
004223CD |.
004223D0 |.
004223D6 |.
004223D9 |.
004223DF |.
004223E2 |.
004223E3 |.
fo.0042DDC5
004223E8 |.
004223EB |.
004223ED |.
004223EE \.
004223EF
004223F0 /$
004223F1 |.
004223F3 |.
004223F4 |.
004223F7 |.
[ARG.1]
004223F8 |.
fo.0042E280
004223FD |.
00422400 |.
00422403 |.
00422406 |.
00422409 |.
0042240C |.
0042240E |>
00422413 |.
00422414 |.
00422417 |.
00422418 |.
fo.0042EDAB
0042241D |.
00422420 |.
00422423 |.
00422426 |>
00422429 |.
0042242C |.
0042242E |.
00422431 |.
00422432 |.
00422435 |.
00422436 |.
00422439 |.
0042243A |.
fo.0042F80B
0042243F |.
00422442 |.
00422444 |.^
00422446 |.
00422448 |>^
0042244A |>
0042244D |.
00422450 |.
00422452 |.

8B45 E4
83C0 54
8945 E8
8B4D E8
C701 008A4400
8B55 E8
C702 F8894400
8B45 E8
50
E8 DDB90000

MOV EAX,DWORD
ADD EAX,54
MOV DWORD PTR
MOV ECX,DWORD
MOV DWORD PTR
MOV EDX,DWORD
MOV DWORD PTR
MOV EAX,DWORD
PUSH EAX
CALL 0042DDC5

PTR SS:[EBP-1C]

83C4 04
8BE5
5D
C3
CC
55
8BEC
51
8B45 08
50

ADD ESP,4
MOV ESP,EBP
POP EBP
RETN
INT3
PUSH EBP
MOV EBP,ESP
PUSH ECX
MOV EAX,DWORD PTR SS:[ARG.1]
PUSH EAX

; /Arg1 =>

E8 83BE0000

CALL 0042E280

; \SystemIn

83C4 04
0345 08
2B45 10
83C0 01
8945 FC
EB 18
E8 61CD0000
50
8B4D 08
51
E8 8EC90000

ADD ESP,4
ADD EAX,DWORD PTR SS:[ARG.1]
SUB EAX,DWORD PTR SS:[ARG.3]
ADD EAX,1
MOV DWORD PTR SS:[LOCAL.1],EAX
JMP SHORT 00422426
/CALL 0042F174
|PUSH EAX
|MOV ECX,DWORD PTR SS:[EBP+8]
|PUSH ECX
|CALL 0042EDAB

;
;
;
;

/Arg2
|
|Arg1
\SystemIn

83C4 08
0345 08
8945 08
8B55 08
3B55 FC
73 1C
8B45 10
50
8B4D 0C
51
8B55 08
52
E8 CCD30000

|ADD ESP,8
|ADD EAX,DWORD PTR SS:[EBP+8]
|MOV DWORD PTR SS:[EBP+8],EAX
|MOV EDX,DWORD PTR SS:[EBP+8]
|CMP EDX,DWORD PTR SS:[EBP-4]
|JNB SHORT 0042244A
|MOV EAX,DWORD PTR SS:[EBP+10]
|PUSH EAX
|MOV ECX,DWORD PTR SS:[EBP+0C]
|PUSH ECX
|MOV EDX,DWORD PTR SS:[EBP+8]
|PUSH EDX
|CALL 0042F80B

;
;
;
;
;
;

/Arg3
|
|Arg2
|
|Arg1
\SystemIn

83C4 0C
85C0
75 02
EB 02
EB C4
8B45 08
3B45 FC
1BC0
2345 08

|ADD ESP,0C
|TEST EAX,EAX
|JNE SHORT 00422448
|JMP SHORT 0042244A
\JMP SHORT 0042240E
MOV EAX,DWORD PTR SS:[EBP+8]
CMP EAX,DWORD PTR SS:[EBP-4]
SBB EAX,EAX
AND EAX,DWORD PTR SS:[EBP+8]

SS:[EBP-18],EAX
PTR SS:[EBP-18]
DS:[ECX],OFFSET 00448A00
PTR SS:[EBP-18]
DS:[EDX],OFFSET 004489F8
PTR SS:[EBP-18]
; /Arg1
; \SystemIn

00422455 |. 8BE5
MOV ESP,EBP
00422457 |. 5D
POP EBP
00422458 \. C3
RETN
00422459
CC
INT3
0042245A
CC
INT3
0042245B
CC
INT3
0042245C
CC
INT3
0042245D
CC
INT3
0042245E
CC
INT3
0042245F
CC
INT3
00422460 /$ 55
PUSH EBP
o.00422460(guessed Arg1,Arg2,Arg3)
00422461 |. 8BEC
MOV EBP,ESP
00422463 |. 81EC 80000000 SUB ESP,80
00422469 |. 894D 80
MOV DWORD PTR SS:[LOCAL.32],ECX
0042246C |. C745 F8 00000 MOV DWORD PTR SS:[LOCAL.2],0
00422473 |. 8D45 EF
LEA EAX,[LOCAL.5+3]
00422476 |. 8945 F0
MOV DWORD PTR SS:[LOCAL.4],EAX
00422479 |. 6A 00
PUSH 0
0042247B |. 6A 00
PUSH 0
0042247D |. 8B4D 08
MOV ECX,DWORD PTR SS:[ARG.1]
00422480 |. E8 DBD6FEFF CALL 0040FB60
fo.0040FB60
00422485 |. 8B4D 10
MOV ECX,DWORD PTR SS:[ARG.3]
00422488 |. 51
PUSH ECX
[ARG.3]
00422489 |. 8B55 0C
MOV EDX,DWORD PTR SS:[ARG.2]
0042248C |. 52
PUSH EDX
[ARG.2]
0042248D |. 8B45 80
MOV EAX,DWORD PTR SS:[LOCAL.32]
00422490 |. 50
PUSH EAX
ARG.ECX
00422491 |. 8B4D 08
MOV ECX,DWORD PTR SS:[ARG.1]
00422494 |. E8 87CBFEFF CALL 0040F020
fo.0040F020
00422499 |. 8B4D F8
MOV ECX,DWORD PTR SS:[LOCAL.2]
0042249C |. 83C9 01
OR ECX,00000001
0042249F |. 894D F8
MOV DWORD PTR SS:[LOCAL.2],ECX
004224A2 |. 8B45 08
MOV EAX,DWORD PTR SS:[ARG.1]
004224A5 |. 8BE5
MOV ESP,EBP
004224A7 |. 5D
POP EBP
004224A8 \. C2 0C00
RETN 0C
004224AB
CC
INT3
004224AC
CC
INT3
004224AD
CC
INT3
004224AE
CC
INT3
004224AF
CC
INT3
004224B0 /$ 55
PUSH EBP
004224B1 |. 8BEC
MOV EBP,ESP
004224B3 |. 83EC 0C
SUB ESP,0C
004224B6 |. 8B45 08
MOV EAX,DWORD PTR SS:[ARG.1]
004224B9 |. 8945 FC
MOV DWORD PTR SS:[LOCAL.1],EAX
004224BC |. EB 09
JMP SHORT 004224C7
004224BE |> 8B4D FC
/MOV ECX,DWORD PTR SS:[EBP-4]
004224C1 |. 034D F8
|ADD ECX,DWORD PTR SS:[EBP-8]
004224C4 |. 894D FC
|MOV DWORD PTR SS:[EBP-4],ECX
004224C7 |> E8 A8CC0000 |CALL 0042F174
004224CC |. 50
|PUSH EAX
004224CD |. 8B55 FC
|MOV EDX,DWORD PTR SS:[EBP-4]
004224D0 |. 52
|PUSH EDX

; SystemInf

;
;
;
;

/Arg2 = 0
|Arg1 = 0
|
\SystemIn

; /Arg3 =>
; |
; |Arg2 =>
; |
; |Arg1 =>
; |
; \SystemIn

; /Arg2
; |
; |Arg1

004224D1 |. E8 D5C80000 |CALL 0042EDAB


fo.0042EDAB
004224D6 |. 83C4 08
|ADD ESP,8
004224D9 |. 8945 F8
|MOV DWORD PTR SS:[EBP-8],EAX
004224DC |. 8B45 F8
|MOV EAX,DWORD PTR SS:[EBP-8]
004224DF |. 50
|PUSH EAX
004224E0 |. 8B4D FC
|MOV ECX,DWORD PTR SS:[EBP-4]
004224E3 |. 51
|PUSH ECX
004224E4 |. 8B55 0C
|MOV EDX,DWORD PTR SS:[EBP+0C]
004224E7 |. 52
|PUSH EDX
004224E8 |. E8 03FFFFFF |CALL 004223F0
004224ED |. 83C4 0C
|ADD ESP,0C
004224F0 |. 85C0
|TEST EAX,EAX
004224F2 |. 74 0E
|JE SHORT 00422502
004224F4 |. 8B45 FC
|MOV EAX,DWORD PTR SS:[EBP-4]
004224F7 |. 0FBE08
|MOVSX ECX,BYTE PTR DS:[EAX]
004224FA |. 85C9
|TEST ECX,ECX
004224FC |.^ 75 02
|JNE SHORT 00422500
004224FE |. EB 02
|JMP SHORT 00422502
00422500 |>^ EB BC
\JMP SHORT 004224BE
00422502 |> 8B45 FC
MOV EAX,DWORD PTR SS:[EBP-4]
00422505 |. 2B45 08
SUB EAX,DWORD PTR SS:[EBP+8]
00422508 |. 8BE5
MOV ESP,EBP
0042250A |. 5D
POP EBP
0042250B \. C3
RETN
0042250C
CC
INT3
0042250D
CC
INT3
0042250E
CC
INT3
0042250F
CC
INT3
00422510 /$ 55
PUSH EBP
o.00422510(guessed Arg1,Arg2)
00422511 |. 8BEC
MOV EBP,ESP
00422513 |. 6A FF
PUSH -1
00422515 |. 68 28654400 PUSH 00446528
0042251A |. 64:A1 0000000 MOV EAX,DWORD PTR FS:[0]
00422520 |. 50
PUSH EAX
00422521 |. 51
PUSH ECX
00422522 |. 81EC B4000000 SUB ESP,0B4
00422528 |. 53
PUSH EBX
00422529 |. 56
PUSH ESI
0042252A |. 57
PUSH EDI
0042252B |. A1 A0154500 MOV EAX,DWORD PTR DS:[4515A0]
00422530 |. 33C5
XOR EAX,EBP
00422532 |. 50
PUSH EAX
00422533 |. 8D45 F4
LEA EAX,[LOCAL.3]
00422536 |. 64:A3 0000000 MOV DWORD PTR FS:[0],EAX
0042253C |. 8965 F0
MOV DWORD PTR SS:[LOCAL.4],ESP
0042253F |. 898D 4CFFFFFF MOV DWORD PTR SS:[LOCAL.45],ECX
00422545 |. C745 EC 00000 MOV DWORD PTR SS:[LOCAL.5],0
0042254C |. 8B85 4CFFFFFF MOV EAX,DWORD PTR SS:[LOCAL.45]
00422552 |. 50
PUSH EAX
ARG.ECX
00422553 |. 8D4D E4
LEA ECX,[LOCAL.7]
00422556 |. E8 45D8FEFF CALL 0040FDA0
fo.0040FDA0
0042255B |. C745 FC 00000 MOV DWORD PTR SS:[LOCAL.1],0
00422562 |. 8A4D E8
MOV CL,BYTE PTR SS:[LOCAL.6]
00422565 |. 884D B7
MOV BYTE PTR SS:[LOCAL.19+3],CL
00422568 |. 0FB655 B7
MOVZX EDX,BYTE PTR SS:[LOCAL.19+3]
0042256C |. 85D2
TEST EDX,EDX

; \SystemIn

; SystemInf

; /Arg1 =>
; |
; \SystemIn

0042256E |. 0F84 A8010000


00422574 |. 8D45 DC
00422577 |. 50
OFFSET LOCAL.9
00422578 |. 8B8D 4CFFFFFF
0042257E |. 8B11
00422580 |. 8B8D 4CFFFFFF
00422586 |. 034A 04
00422589 |. E8 B268FEFF
fo.00408E40
0042258E |. 8985 48FFFFFF
00422594 |. 8B85 48FFFFFF
0042259A |. 8985 44FFFFFF
004225A0 |. C645 FC 01
004225A4 |. 8B8D 44FFFFFF
004225AA |. 51
[LOCAL.46]
004225AB |. E8 E08EFEFF
fo.0040B490
004225B0 |. 83C4 04
004225B3 |. 8945 E0
004225B6 |. C645 FC 00
004225BA |. 8D4D DC
004225BD |. E8 1E41FEFF
004225C2 |. C645 FC 02
004225C6 |. 83BD 4CFFFFFF
004225CD |. 75 0C
004225CF |. C785 70FFFFFF
004225D9 |. EB 17
004225DB |> 8B95 4CFFFFFF
004225E1 |. 8B02
004225E3 |. 8B8D 4CFFFFFF
004225E9 |. 0348 04
004225EC |. 898D 70FFFFFF
004225F2 |> 8B95 4CFFFFFF
004225F8 |. 8B02
004225FA |. 8B48 04
004225FD |. 8B95 4CFFFFFF
00422603 |. 8A440A 30
00422607 |. 8845 83
0042260A |. 8B8D 4CFFFFFF
00422610 |. 8B11
00422612 |. 8B42 04
00422615 |. 8B8D 4CFFFFFF
0042261B |. 8B5401 28
0042261F |. 8995 7CFFFFFF
00422625 |. C645 D4 00
00422629 |. 8B85 7CFFFFFF
0042262F |. 8945 D8
00422632 |. 8B4D D4
00422635 |. 898D 74FFFFFF
0042263B |. 8B55 D8
0042263E |. 8995 78FFFFFF
00422644 |. 8B45 0C
00422647 |. 50
00422648 |. 8B4D 08
0042264B |. 51
0042264C |. 0FB655 83
00422650 |. 52
00422651 |. 8B85 70FFFFFF

JE 0042271C
LEA EAX,[LOCAL.9]
PUSH EAX
MOV ECX,DWORD
MOV EDX,DWORD
MOV ECX,DWORD
ADD ECX,DWORD
CALL 00408E40

PTR
PTR
PTR
PTR

; /Arg1 =>
SS:[LOCAL.45]
DS:[ECX]
SS:[LOCAL.45]
DS:[EDX+4]

;
;
;
;
;

|
|
|
|
\SystemIn

MOV DWORD PTR SS:[LOCAL.46],EAX


MOV EAX,DWORD PTR SS:[LOCAL.46]
MOV DWORD PTR SS:[LOCAL.47],EAX
MOV BYTE PTR SS:[LOCAL.1],1
MOV ECX,DWORD PTR SS:[LOCAL.47]
PUSH ECX

; /Arg1 =>

CALL 0040B490

; \SystemIn

ADD ESP,4
MOV DWORD PTR SS:[LOCAL.8],EAX
MOV BYTE PTR SS:[LOCAL.1],0
LEA ECX,[LOCAL.9]
CALL 004066E0
MOV BYTE PTR SS:[LOCAL.1],2
CMP DWORD PTR SS:[LOCAL.45],0
JNE SHORT 004225DB
MOV DWORD PTR SS:[LOCAL.36],0
JMP SHORT 004225F2
MOV EDX,DWORD PTR SS:[LOCAL.45]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[LOCAL.45]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.36],ECX
MOV EDX,DWORD PTR SS:[LOCAL.45]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR DS:[EAX+4]
MOV EDX,DWORD PTR SS:[LOCAL.45]
MOV AL,BYTE PTR DS:[ECX+EDX+30]
MOV BYTE PTR SS:[LOCAL.32+3],AL
MOV ECX,DWORD PTR SS:[LOCAL.45]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR DS:[EDX+4]
MOV ECX,DWORD PTR SS:[LOCAL.45]
MOV EDX,DWORD PTR DS:[EAX+ECX+28]
MOV DWORD PTR SS:[LOCAL.33],EDX
MOV BYTE PTR SS:[LOCAL.11],0
MOV EAX,DWORD PTR SS:[LOCAL.33]
MOV DWORD PTR SS:[LOCAL.10],EAX
MOV ECX,DWORD PTR SS:[LOCAL.11]
MOV DWORD PTR SS:[LOCAL.35],ECX
MOV EDX,DWORD PTR SS:[LOCAL.10]
MOV DWORD PTR SS:[LOCAL.34],EDX
MOV EAX,DWORD PTR SS:[ARG.2]
PUSH EAX
MOV ECX,DWORD PTR SS:[ARG.1]
PUSH ECX
MOVZX EDX,BYTE PTR SS:[LOCAL.32+3]
PUSH EDX
MOV EAX,DWORD PTR SS:[LOCAL.36]

00422657 |.
00422658 |.
0042265E |.
0042265F |.
00422665 |.
00422666 |.
00422669 |.
0042266A |.
0042266D |.
0042266F |.
00422672 |.
00422675 |.
00422677 |.
0042267B |.
0042267D |.
0042267F |.
00422682 |.
00422685 |.
00422688 \>
0042268D /.
00422693 |.
00422695 |.
0042269B |.
0042269E |.
004226A4 |.
004226A9 |.
004226AB |.
004226AD |.
004226B3 |.
004226B6 |.
004226BC |.
004226C2 |.
004226C5 |.
004226CB |.
004226D1 |.
004226D5 |.
004226D7 |.
004226DD |.
004226E0 |.
004226E6 |.
004226E8 |>
004226EE |.
004226F4 |>
004226F6 |.
004226FC |.
[ARG.EBP-0C0]
004226FD |.
00422703 |.
fo.004083E0
00422708 |>
0042270F |.
00422714 \.
00422715 />
0042271C |>
00422722 |.
00422724 |.
0042272A |.
0042272D |.
00422733 |.
00422737 |.

50
8B8D 78FFFFFF
51
8B95 74FFFFFF
52
8D45 CC
50
8B4D E0
8B11
8B4D E0
8B42 10
FFD0
0FB64D CC
85C9
74 09
8B55 EC
83CA 04
8955 EC
E9 88000000
8B85 4CFFFFFF
8B08
8B95 4CFFFFFF
0351 04
8995 64FFFFFF
B8 04000000
85C0
74 5B
8B8D 64FFFFFF
8B51 08
8995 6CFFFFFF
8B85 6CFFFFFF
83C8 04
8985 68FFFFFF
8B8D 64FFFFFF
8379 28 00
75 11
8B95 68FFFFFF
83CA 04
8995 40FFFFFF
EB 0C
8B85 68FFFFFF
8985 40FFFFFF
6A 01
8B8D 40FFFFFF
51

PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.34]
PUSH ECX
MOV EDX,DWORD PTR SS:[LOCAL.35]
PUSH EDX
LEA EAX,[LOCAL.13]
PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.8]
MOV EDX,DWORD PTR DS:[ECX]
MOV ECX,DWORD PTR SS:[LOCAL.8]
MOV EAX,DWORD PTR DS:[EDX+10]
CALL EAX
MOVZX ECX,BYTE PTR SS:[LOCAL.13]
TEST ECX,ECX
JE SHORT 00422688
MOV EDX,DWORD PTR SS:[LOCAL.5]
OR EDX,00000004
MOV DWORD PTR SS:[LOCAL.5],EDX
JMP 00422715
MOV EAX,DWORD PTR SS:[EBP-0B4]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[EBP-0B4]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[EBP-9C],EDX
MOV EAX,4
TEST EAX,EAX
JE SHORT 00422708
MOV ECX,DWORD PTR SS:[EBP-9C]
MOV EDX,DWORD PTR DS:[ECX+8]
MOV DWORD PTR SS:[EBP-94],EDX
MOV EAX,DWORD PTR SS:[EBP-94]
OR EAX,00000004
MOV DWORD PTR SS:[EBP-98],EAX
MOV ECX,DWORD PTR SS:[EBP-9C]
CMP DWORD PTR DS:[ECX+28],0
JNE SHORT 004226E8
MOV EDX,DWORD PTR SS:[EBP-98]
OR EDX,00000004
MOV DWORD PTR SS:[EBP-0C0],EDX
JMP SHORT 004226F4
MOV EAX,DWORD PTR SS:[EBP-98]
MOV DWORD PTR SS:[EBP-0C0],EAX
PUSH 1
MOV ECX,DWORD PTR SS:[EBP-0C0]
PUSH ECX

8B8D 64FFFFFF MOV ECX,DWORD PTR SS:[EBP-9C]


E8 D85CFEFF CALL 004083E0
C745 FC 00000
B8 1C274200
C3
C745 FC 00000
8B95 4CFFFFFF
8B02
8B8D 4CFFFFFF
0348 04
898D 58FFFFFF
837D EC 00
74 5B

MOV DWORD PTR SS:[EBP-4],0


MOV EAX,0042271C
RETN
MOV DWORD PTR SS:[LOCAL.1],0
MOV EDX,DWORD PTR SS:[LOCAL.45]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[LOCAL.45]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.42],ECX
CMP DWORD PTR SS:[LOCAL.5],0
JE SHORT 00422794

; /Arg2 = 1
; |
; |Arg1 =>
; |
; \SystemIn

00422739 |. 8B95 58FFFFFF MOV EDX,DWORD PTR SS:[LOCAL.42]


0042273F |. 8B42 08
MOV EAX,DWORD PTR DS:[EDX+8]
00422742 |. 8985 60FFFFFF MOV DWORD PTR SS:[LOCAL.40],EAX
00422748 |. 8B8D 60FFFFFF MOV ECX,DWORD PTR SS:[LOCAL.40]
0042274E |. 0B4D EC
OR ECX,DWORD PTR SS:[LOCAL.5]
00422751 |. 898D 5CFFFFFF MOV DWORD PTR SS:[LOCAL.41],ECX
00422757 |. 8B95 58FFFFFF MOV EDX,DWORD PTR SS:[LOCAL.42]
0042275D |. 837A 28 00
CMP DWORD PTR DS:[EDX+28],0
00422761 |. 75 11
JNE SHORT 00422774
00422763 |. 8B85 5CFFFFFF MOV EAX,DWORD PTR SS:[LOCAL.41]
00422769 |. 83C8 04
OR EAX,00000004
0042276C |. 8985 3CFFFFFF MOV DWORD PTR SS:[LOCAL.49],EAX
00422772 |. EB 0C
JMP SHORT 00422780
00422774 |> 8B8D 5CFFFFFF MOV ECX,DWORD PTR SS:[LOCAL.41]
0042277A |. 898D 3CFFFFFF MOV DWORD PTR SS:[LOCAL.49],ECX
00422780 |> 6A 00
PUSH 0
00422782 |. 8B95 3CFFFFFF MOV EDX,DWORD PTR SS:[LOCAL.49]
00422788 |. 52
PUSH EDX
[LOCAL.49]
00422789 |. 8B8D 58FFFFFF MOV ECX,DWORD PTR SS:[LOCAL.42]
0042278F |. E8 4C5CFEFF CALL 004083E0
fo.004083E0
00422794 |> 8B85 4CFFFFFF MOV EAX,DWORD PTR SS:[LOCAL.45]
0042279A |. 8945 C8
MOV DWORD PTR SS:[LOCAL.14],EAX
0042279D |. C745 FC 04000 MOV DWORD PTR SS:[LOCAL.1],4
004227A4 |. E8 05B00000 CALL 0042D7AE
004227A9 |. 0FB6C8
MOVZX ECX,AL
004227AC |. 85C9
TEST ECX,ECX
004227AE |. 75 08
JNE SHORT 004227B8
004227B0 |. 8B4D E4
MOV ECX,DWORD PTR SS:[LOCAL.7]
004227B3 |. E8 C8D9FEFF CALL 00410180
004227B8 |> C745 FC FFFFF MOV DWORD PTR SS:[LOCAL.1],-1
004227BF |. 8D4D E4
LEA ECX,[LOCAL.7]
004227C2 |. E8 A9DAFEFF CALL 00410270
004227C7 |. 8B45 C8
MOV EAX,DWORD PTR SS:[LOCAL.14]
004227CA |. 8B4D F4
MOV ECX,DWORD PTR SS:[LOCAL.3]
004227CD |. 64:890D 00000 MOV DWORD PTR FS:[0],ECX
004227D4 |. 59
POP ECX
004227D5 |. 5F
POP EDI
004227D6 |. 5E
POP ESI
004227D7 |. 5B
POP EBX
004227D8 |. 8BE5
MOV ESP,EBP
004227DA |. 5D
POP EBP
004227DB \. C2 0800
RETN 8
004227DE
CC
INT3
004227DF
CC
INT3
004227E0 /$ 55
PUSH EBP
o.004227E0(guessed Arg1,Arg2)
004227E1 |. 8BEC
MOV EBP,ESP
004227E3 |. 6A FF
PUSH -1
004227E5 |. 68 93654400 PUSH 00446593
004227EA |. 64:A1 0000000 MOV EAX,DWORD PTR FS:[0]
004227F0 |. 50
PUSH EAX
004227F1 |. 83EC 3C
SUB ESP,3C
004227F4 |. A1 A0154500 MOV EAX,DWORD PTR DS:[4515A0]
004227F9 |. 33C5
XOR EAX,EBP
004227FB |. 50
PUSH EAX
004227FC |. 8D45 F4
LEA EAX,[LOCAL.3]
004227FF |. 64:A3 0000000 MOV DWORD PTR FS:[0],EAX
00422805 |. 894D B8
MOV DWORD PTR SS:[LOCAL.18],ECX

; /Arg2 = 0
; |
; |Arg1 =>
; |
; \SystemIn

; SystemInf

00422808 |.
0042280F |.
00422813 |.
00422815 |.
00422818 |.
0042281E |.
00422821 |.
00422824 |.
00422827 |.
0042282A |.
00422830 |.
00422833 |.
00422839 |.
00422840 |.
00422843 |.
00422846 |.
00422849 |>
0042284B |.
0042284D |.
00422850 |.
00422856 |.
00422859 |.
0042285C |.
0042285F |.
00422862 |.
00422868 |.
0042286B |.
00422871 |.
00422878 |.
0042287B |.
0042287E |.
00422881 |>
00422884 |.
00422886 |.
00422889 |.
0042288C |.
00422893 |.
00422895 |.
00422898 |.
0042289B |.
0042289C |.
0042289F |.
004228A1 |.
004228A4 |.
004228A7 |.
fo.00428670
004228AC |.
004228B3 |.
004228B6 |.
004228B8 |.
004228BB |.
004228BE |.
004228C5 |.
004228C8 |.
004228CB |.
004228CC |.
004228CF |.
004228D2 |.
fo.00424C60
004228D7 |.

C745 F0 00000
837D 0C 00
74 34
8B45 B8
C700 809B4400
8B4D B8
83C1 4C
894D EC
8B55 EC
C702 F8894400
8B45 EC
C700 008A4400
C745 FC 00000
8B4D F0
83C9 01
894D F0
33D2
74 34
8B45 B8
C700 789B4400
8B4D B8
83C1 04
894D E8
8B55 E8
C702 F8894400
8B45 E8
C700 008A4400
C745 FC 01000
8B4D F0
83C9 02
894D F0
8B55 B8
8B02
8B48 04
8B55 B8
C7040A 749B44
6A 00
8B45 B8
83C0 04
50
8B4D B8
8B11
8B4D B8
034A 04
E8 C45D0000

MOV DWORD PTR SS:[LOCAL.4],0


CMP DWORD PTR SS:[ARG.2],0
JE SHORT 00422849
MOV EAX,DWORD PTR SS:[LOCAL.18]
MOV DWORD PTR DS:[EAX],OFFSET 00449B80
MOV ECX,DWORD PTR SS:[LOCAL.18]
ADD ECX,4C
MOV DWORD PTR SS:[LOCAL.5],ECX
MOV EDX,DWORD PTR SS:[LOCAL.5]
MOV DWORD PTR DS:[EDX],OFFSET 004489F8
MOV EAX,DWORD PTR SS:[LOCAL.5]
MOV DWORD PTR DS:[EAX],OFFSET 00448A00
MOV DWORD PTR SS:[LOCAL.1],0
MOV ECX,DWORD PTR SS:[LOCAL.4]
OR ECX,00000001
MOV DWORD PTR SS:[LOCAL.4],ECX
XOR EDX,EDX
JE SHORT 00422881
MOV EAX,DWORD PTR SS:[LOCAL.18]
MOV DWORD PTR DS:[EAX],OFFSET 00449B78
MOV ECX,DWORD PTR SS:[LOCAL.18]
ADD ECX,4
MOV DWORD PTR SS:[LOCAL.6],ECX
MOV EDX,DWORD PTR SS:[LOCAL.6]
MOV DWORD PTR DS:[EDX],OFFSET 004489F8
MOV EAX,DWORD PTR SS:[LOCAL.6]
MOV DWORD PTR DS:[EAX],OFFSET 00448A00
MOV DWORD PTR SS:[LOCAL.1],1
MOV ECX,DWORD PTR SS:[LOCAL.4]
OR ECX,00000002
MOV DWORD PTR SS:[LOCAL.4],ECX
MOV EDX,DWORD PTR SS:[LOCAL.18]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR DS:[EAX+4]
MOV EDX,DWORD PTR SS:[LOCAL.18]
MOV DWORD PTR DS:[ECX+EDX],OFFSET 00449B
PUSH 0
MOV EAX,DWORD PTR SS:[LOCAL.18]
ADD EAX,4
PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.18]
MOV EDX,DWORD PTR DS:[ECX]
MOV ECX,DWORD PTR SS:[LOCAL.18]
ADD ECX,DWORD PTR DS:[EDX+4]
CALL 00428670

C745 FC 02000
8B45 B8
8B08
8B51 04
8B45 B8
C70410 6C9B44
8B4D 08
83C9 02
51
8B4D B8
83C1 04
E8 89230000

MOV DWORD PTR SS:[LOCAL.1],2


MOV EAX,DWORD PTR SS:[LOCAL.18]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR DS:[ECX+4]
MOV EAX,DWORD PTR SS:[LOCAL.18]
MOV DWORD PTR DS:[EDX+EAX],OFFSET 00449B
MOV ECX,DWORD PTR SS:[ARG.1]
OR ECX,00000002
PUSH ECX
; /Arg1
MOV ECX,DWORD PTR SS:[LOCAL.18]
; |
ADD ECX,4
; |
CALL 00424C60
; \SystemIn

C745 FC FFFFF MOV DWORD PTR SS:[LOCAL.1],-1

;
;
;
;
;
;
;
;
;

/Arg2 = 0
|
|
|Arg1
|
|
|
|
\SystemIn

004228DE |. 8B45 B8
004228E1 |. 8B4D F4
004228E4 |. 64:890D 00000
004228EB |. 59
004228EC |. 8BE5
004228EE |. 5D
004228EF \. C2 0800
004228F2
CC
004228F3
CC
004228F4
CC
004228F5
CC
004228F6
CC
004228F7
CC
004228F8
CC
004228F9
CC
004228FA
CC
004228FB
CC
004228FC
CC
004228FD
CC
004228FE
CC
004228FF
CC
00422900 /$ 55
o.00422900(guessed void)
00422901 |. 8BEC
00422903 |. 83EC 30
00422906 |. 894D D0
00422909 |. 8D45 FF
0042290C |. 50
0042290D |. 8D4D FE
00422910 |. 51
00422911 |. 8B4D D0
00422914 |. E8 07250000
fo.00424E20
00422919 |. 8B45 D0
0042291C |. 8BE5
0042291E |. 5D
0042291F \. C3
00422920 /$ 55
o.00422920(guessed Arg1)
00422921 |. 8BEC
00422923 |. 83EC 0C
00422926 |. 894D F4
00422929 |. 8B45 F4
0042292C |. 8B48 18
0042292F |. 894D FC
00422932 |. 8B55 FC
00422935 |. 8B02
00422937 |. 8945 F8
0042293A |. 8B4D 08
0042293D |. C701 00000000
00422943 |. 8B55 08
00422946 |. 8B45 F8
00422949 |. 8942 04
0042294C |. 837D F4 00
00422950 |. 75 05
00422952 |. E8 31BF0000
00422957 |> 33C9
00422959 |.^ 75 FC
0042295B |. 8B55 08
0042295E |. 8B45 F4

MOV EAX,DWORD PTR SS:[LOCAL.18]


MOV ECX,DWORD PTR SS:[LOCAL.3]
MOV DWORD PTR FS:[0],ECX
POP ECX
MOV ESP,EBP
POP EBP
RETN 8
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP

; SystemInf

MOV EBP,ESP
SUB ESP,30
MOV DWORD PTR SS:[LOCAL.12],ECX
LEA EAX,[LOCAL.1+3]
PUSH EAX
LEA ECX,[LOCAL.1+2]
PUSH ECX
MOV ECX,DWORD PTR SS:[LOCAL.12]
CALL 00424E20

;
;
;
;
;

MOV EAX,DWORD PTR SS:[LOCAL.12]


MOV ESP,EBP
POP EBP
RETN
PUSH EBP

; SystemInf

MOV EBP,ESP
SUB ESP,0C
MOV DWORD PTR SS:[LOCAL.3],ECX
MOV EAX,DWORD PTR SS:[LOCAL.3]
MOV ECX,DWORD PTR DS:[EAX+18]
MOV DWORD PTR SS:[LOCAL.1],ECX
MOV EDX,DWORD PTR SS:[LOCAL.1]
MOV EAX,DWORD PTR DS:[EDX]
MOV DWORD PTR SS:[LOCAL.2],EAX
MOV ECX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR DS:[ECX],0
MOV EDX,DWORD PTR SS:[ARG.1]
MOV EAX,DWORD PTR SS:[LOCAL.2]
MOV DWORD PTR DS:[EDX+4],EAX
CMP DWORD PTR SS:[LOCAL.3],0
JNE SHORT 00422957
CALL 0042E888
/XOR ECX,ECX
\JNE SHORT 00422957
MOV EDX,DWORD PTR SS:[ARG.1]
MOV EAX,DWORD PTR SS:[LOCAL.3]

/Arg2
|
|Arg1
|
\SystemIn

00422961 |. 8B08
MOV ECX,DWORD PTR DS:[EAX]
00422963 |. 890A
MOV DWORD PTR DS:[EDX],ECX
00422965 |. 8B45 08
MOV EAX,DWORD PTR SS:[ARG.1]
00422968 |. 8BE5
MOV ESP,EBP
0042296A |. 5D
POP EBP
0042296B \. C2 0400
RETN 4
0042296E
CC
INT3
0042296F
CC
INT3
00422970 /$ 55
PUSH EBP
o.00422970(guessed Arg1)
00422971 |. 8BEC
MOV EBP,ESP
00422973 |. 83EC 08
SUB ESP,8
00422976 |. 894D F8
MOV DWORD PTR SS:[LOCAL.2],ECX
00422979 |. 8B45 F8
MOV EAX,DWORD PTR SS:[LOCAL.2]
0042297C |. 8B48 18
MOV ECX,DWORD PTR DS:[EAX+18]
0042297F |. 894D FC
MOV DWORD PTR SS:[LOCAL.1],ECX
00422982 |. 8B55 08
MOV EDX,DWORD PTR SS:[ARG.1]
00422985 |. C702 00000000 MOV DWORD PTR DS:[EDX],0
0042298B |. 8B45 08
MOV EAX,DWORD PTR SS:[ARG.1]
0042298E |. 8B4D FC
MOV ECX,DWORD PTR SS:[LOCAL.1]
00422991 |. 8948 04
MOV DWORD PTR DS:[EAX+4],ECX
00422994 |. 837D F8 00
CMP DWORD PTR SS:[LOCAL.2],0
00422998 |. 75 05
JNE SHORT 0042299F
0042299A |. E8 E9BE0000 CALL 0042E888
0042299F |> 33D2
/XOR EDX,EDX
004229A1 |.^ 75 FC
\JNE SHORT 0042299F
004229A3 |. 8B45 08
MOV EAX,DWORD PTR SS:[ARG.1]
004229A6 |. 8B4D F8
MOV ECX,DWORD PTR SS:[LOCAL.2]
004229A9 |. 8B11
MOV EDX,DWORD PTR DS:[ECX]
004229AB |. 8910
MOV DWORD PTR DS:[EAX],EDX
004229AD |. 8B45 08
MOV EAX,DWORD PTR SS:[ARG.1]
004229B0 |. 8BE5
MOV ESP,EBP
004229B2 |. 5D
POP EBP
004229B3 \. C2 0400
RETN 4
004229B6
CC
INT3
004229B7
CC
INT3
004229B8
CC
INT3
004229B9
CC
INT3
004229BA
CC
INT3
004229BB
CC
INT3
004229BC
CC
INT3
004229BD
CC
INT3
004229BE
CC
INT3
004229BF
CC
INT3
004229C0 /$ 55
PUSH EBP
o.004229C0(guessed Arg1,Arg2)
004229C1 |. 8BEC
MOV EBP,ESP
004229C3 |. 81EC B8000000 SUB ESP,0B8
004229C9 |. 898D 4CFFFFFF MOV DWORD PTR SS:[LOCAL.45],ECX
004229CF |. 8B85 4CFFFFFF MOV EAX,DWORD PTR SS:[LOCAL.45]
004229D5 |. 8B48 18
MOV ECX,DWORD PTR DS:[EAX+18]
004229D8 |. 8B51 04
MOV EDX,DWORD PTR DS:[ECX+4]
004229DB |. 8955 F4
MOV DWORD PTR SS:[LOCAL.3],EDX
004229DE |. 8B85 4CFFFFFF MOV EAX,DWORD PTR SS:[LOCAL.45]
004229E4 |. 8B48 18
MOV ECX,DWORD PTR DS:[EAX+18]
004229E7 |. 894D F8
MOV DWORD PTR SS:[LOCAL.2],ECX
004229EA |. C645 FF 01
MOV BYTE PTR SS:[LOCAL.1+3],1
004229EE |> 8B55 F4
/MOV EDX,DWORD PTR SS:[LOCAL.3]
004229F1 |. 0FBE42 29
|MOVSX EAX,BYTE PTR DS:[EDX+29]
004229F5 |. 85C0
|TEST EAX,EAX

; SystemInf

; SystemInf

004229F7 |. 75 4B
004229F9 |. 8B4D F4
004229FC |. 894D F8
004229FF |. 8B55 F4
00422A02 |. 83C2 0C
00422A05 |. 52
00422A06 |. 8B4D 0C
00422A09 |. E8 52CBFEFF
fo.0040F560
00422A0E |. 33C9
00422A10 |. 85C0
00422A12 |. 0F9CC1
00422A15 |. 884D FF
00422A18 |. 0FB655 FF
00422A1C |. 85D2
00422A1E |. 74 0D
00422A20 |. 8B45 F4
00422A23 |. 8B08
00422A25 |. 898D 48FFFFFF
00422A2B |. EB 0C
00422A2D |> 8B55 F4
00422A30 |. 8B42 08
00422A33 |. 8985 48FFFFFF
00422A39 |> 8B8D 48FFFFFF
00422A3F |. 894D F4
00422A42 |.^ EB AA
00422A44 |> 33D2
00422A46 |. 74 4F
00422A48 |. C645 EB 01
00422A4C |. 8B45 0C
00422A4F |. 50
[ARG.2]
00422A50 |. 8B4D F8
00422A53 |. 51
[LOCAL.2]
00422A54 |. 0FB655 FF
00422A58 |. 52
00422A59 |. 8D45 E0
00422A5C |. 50
OFFSET LOCAL.8
00422A5D |. 8B8D 4CFFFFFF
00422A63 |. E8 58240000
fo.00424EC0
00422A68 |. 8985 68FFFFFF
00422A6E |. 8B8D 68FFFFFF
00422A74 |. 8B11
00422A76 |. 8B41 04
00422A79 |. 8B4D 08
00422A7C |. 8911
00422A7E |. 8941 04
00422A81 |. 8B55 08
00422A84 |. 8A45 EB
00422A87 |. 8842 08
00422A8A |. 8B45 08
00422A8D |. E9 76010000
00422A92 |. E9 71010000
00422A97 |> 8B8D 4CFFFFFF
00422A9D |. 51
ARG.ECX
00422A9E |. 8B55 F8

|JNE SHORT 00422A44


|MOV ECX,DWORD PTR SS:[LOCAL.3]
|MOV DWORD PTR SS:[LOCAL.2],ECX
|MOV EDX,DWORD PTR SS:[LOCAL.3]
|ADD EDX,0C
|PUSH EDX
|MOV ECX,DWORD PTR SS:[ARG.2]
|CALL 0040F560

; /Arg1
; |
; \SystemIn

|XOR ECX,ECX
|TEST EAX,EAX
|SETL CL
|MOV BYTE PTR SS:[LOCAL.1+3],CL
|MOVZX EDX,BYTE PTR SS:[LOCAL.1+3]
|TEST EDX,EDX
|JE SHORT 00422A2D
|MOV EAX,DWORD PTR SS:[LOCAL.3]
|MOV ECX,DWORD PTR DS:[EAX]
|MOV DWORD PTR SS:[LOCAL.46],ECX
|JMP SHORT 00422A39
|MOV EDX,DWORD PTR SS:[LOCAL.3]
|MOV EAX,DWORD PTR DS:[EDX+8]
|MOV DWORD PTR SS:[LOCAL.46],EAX
|MOV ECX,DWORD PTR SS:[LOCAL.46]
|MOV DWORD PTR SS:[LOCAL.3],ECX
\JMP SHORT 004229EE
XOR EDX,EDX
JE SHORT 00422A97
MOV BYTE PTR SS:[LOCAL.6+3],1
MOV EAX,DWORD PTR SS:[ARG.2]
PUSH EAX

; /Arg4 =>

MOV ECX,DWORD PTR SS:[LOCAL.2]


PUSH ECX

; |
; |Arg3 =>

MOVZX EDX,BYTE PTR SS:[LOCAL.1+3]


PUSH EDX
LEA EAX,[LOCAL.8]
PUSH EAX

;
;
;
;

MOV ECX,DWORD PTR SS:[LOCAL.45]


CALL 00424EC0

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.38],EAX


MOV ECX,DWORD PTR SS:[LOCAL.38]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR DS:[ECX+4]
MOV ECX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR DS:[ECX],EDX
MOV DWORD PTR DS:[ECX+4],EAX
MOV EDX,DWORD PTR SS:[ARG.1]
MOV AL,BYTE PTR SS:[LOCAL.6+3]
MOV BYTE PTR DS:[EDX+8],AL
MOV EAX,DWORD PTR SS:[ARG.1]
JMP 00422C08
JMP 00422C08
MOV ECX,DWORD PTR SS:[LOCAL.45]
PUSH ECX

; /Arg2 =>

MOV EDX,DWORD PTR SS:[LOCAL.2]

; |

|
|Arg2
|
|Arg1 =>

00422AA1 |. 52
[LOCAL.2]
00422AA2 |. 8D4D EC
00422AA5 |. E8 46660000
fo.004290F0
00422AAA |. 0FB645 FF
00422AAE |. 85C0
00422AB0 |. 75 05
00422AB2 |. E9 C1000000
00422AB7 |> 8B8D 4CFFFFFF
00422ABD |. 8B51 18
00422AC0 |. 8995 64FFFFFF
00422AC6 |. 8B85 64FFFFFF
00422ACC |. 8B08
00422ACE |. 898D 60FFFFFF
00422AD4 |. 8B95 4CFFFFFF
00422ADA |. 52
ARG.ECX
00422ADB |. 8B85 60FFFFFF
00422AE1 |. 50
[LOCAL.40]
00422AE2 |. 8D4D D8
00422AE5 |. E8 06660000
fo.004290F0
00422AEA |. 33C9
00422AEC |. 837D EC 00
00422AF0 |. 0F95C1
00422AF3 |. 0FB6D1
00422AF6 |. 85D2
00422AF8 |. 74 12
00422AFA |. 8B45 EC
00422AFD |. 33C9
00422AFF |. 3B45 D8
00422B02 |. 0F94C1
00422B05 |. 0FB6D1
00422B08 |. 85D2
00422B0A |. 75 05
00422B0C |> E8 77BD0000
00422B11 |> 33C0
00422B13 |.^ 75 FC
00422B15 |. 8B4D F0
00422B18 |. 33D2
00422B1A |. 3B4D DC
00422B1D |. 0F94C2
00422B20 |. 0FB6C2
00422B23 |. 85C0
00422B25 |. 74 49
00422B27 |. C645 D7 01
00422B2B |. 8B4D 0C
00422B2E |. 51
[ARG.2]
00422B2F |. 8B55 F8
00422B32 |. 52
[LOCAL.2]
00422B33 |. 6A 01
00422B35 |. 8D45 CC
00422B38 |. 50
OFFSET LOCAL.13
00422B39 |. 8B8D 4CFFFFFF
00422B3F |. E8 7C230000

PUSH EDX

; |Arg1 =>

LEA ECX,[LOCAL.5]
CALL 004290F0

; |
; \SystemIn

MOVZX EAX,BYTE PTR SS:[LOCAL.1+3]


TEST EAX,EAX
JNE SHORT 00422AB7
JMP 00422B78
MOV ECX,DWORD PTR SS:[LOCAL.45]
MOV EDX,DWORD PTR DS:[ECX+18]
MOV DWORD PTR SS:[LOCAL.39],EDX
MOV EAX,DWORD PTR SS:[LOCAL.39]
MOV ECX,DWORD PTR DS:[EAX]
MOV DWORD PTR SS:[LOCAL.40],ECX
MOV EDX,DWORD PTR SS:[LOCAL.45]
PUSH EDX

; /Arg2 =>

MOV EAX,DWORD PTR SS:[LOCAL.40]


PUSH EAX

; |
; |Arg1 =>

LEA ECX,[LOCAL.10]
CALL 004290F0

; |
; \SystemIn

XOR ECX,ECX
CMP DWORD PTR SS:[LOCAL.5],0
SETNE CL
MOVZX EDX,CL
TEST EDX,EDX
JE SHORT 00422B0C
MOV EAX,DWORD PTR SS:[LOCAL.5]
XOR ECX,ECX
CMP EAX,DWORD PTR SS:[LOCAL.10]
SETE CL
MOVZX EDX,CL
TEST EDX,EDX
JNE SHORT 00422B11
CALL 0042E888
/XOR EAX,EAX
\JNE SHORT 00422B11
MOV ECX,DWORD PTR SS:[LOCAL.4]
XOR EDX,EDX
CMP ECX,DWORD PTR SS:[LOCAL.9]
SETE DL
MOVZX EAX,DL
TEST EAX,EAX
JE SHORT 00422B70
MOV BYTE PTR SS:[LOCAL.11+3],1
MOV ECX,DWORD PTR SS:[ARG.2]
PUSH ECX

; /Arg4 =>

MOV EDX,DWORD PTR SS:[LOCAL.2]


PUSH EDX

; |
; |Arg3 =>

PUSH 1
LEA EAX,[LOCAL.13]
PUSH EAX

; |Arg2 = 1
; |
; |Arg1 =>

MOV ECX,DWORD PTR SS:[LOCAL.45]


CALL 00424EC0

; |
; \SystemIn

fo.00424EC0
00422B44 |.
00422B4A |.
00422B50 |.
00422B52 |.
00422B55 |.
00422B58 |.
00422B5A |.
00422B5D |.
00422B60 |.
00422B63 |.
00422B66 |.
00422B69 |.
00422B6E |.
00422B70 |>
00422B73 |.
00422B78 |>
00422B7B |.
00422B81 |.
00422B84 |.
00422B85 |.
00422B8B |.
00422B8E |.
fo.0040F560
00422B93 |.
00422B95 |.
00422B97 |.
00422B9A |.
00422B9D |.
00422B9F |.
00422BA1 |.
00422BA5 |.
00422BA8 |.
00422BA9 |.
00422BAC |.
00422BAD |.
00422BB1 |.
00422BB2 |.
00422BB5 |.
00422BB6 |.
00422BBC |.
fo.00424EC0
00422BC1 |.
00422BC7 |.
00422BCD |.
00422BCF |.
00422BD2 |.
00422BD5 |.
00422BD7 |.
00422BDA |.
00422BDD |.
00422BE0 |.
00422BE3 |.
00422BE6 |.
00422BE8 |.
00422BEA |>
00422BEE |.
00422BF1 |.
00422BF4 |.
00422BF7 |.

8985 5CFFFFFF
8B8D 5CFFFFFF
8B11
8B41 04
8B4D 08
8911
8941 04
8B55 08
8A45 D7
8842 08
8B45 08
E9 9A000000
EB 08
8D4D EC
E8 B8860000
8B4D F0
898D 58FFFFFF
8B55 0C
52
8B8D 58FFFFFF
83C1 0C
E8 CDC9FEFF

MOV DWORD PTR SS:[LOCAL.41],EAX


MOV ECX,DWORD PTR SS:[LOCAL.41]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR DS:[ECX+4]
MOV ECX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR DS:[ECX],EDX
MOV DWORD PTR DS:[ECX+4],EAX
MOV EDX,DWORD PTR SS:[ARG.1]
MOV AL,BYTE PTR SS:[LOCAL.11+3]
MOV BYTE PTR DS:[EDX+8],AL
MOV EAX,DWORD PTR SS:[ARG.1]
JMP 00422C08
JMP SHORT 00422B78
LEA ECX,[LOCAL.5]
CALL 0042B230
MOV ECX,DWORD PTR SS:[EBP-10]
MOV DWORD PTR SS:[EBP-0A8],ECX
MOV EDX,DWORD PTR SS:[EBP+0C]
PUSH EDX
MOV ECX,DWORD PTR SS:[EBP-0A8]
ADD ECX,0C
CALL 0040F560

;
;
;
;

/Arg1
|
|
\SystemIn

33C9
85C0
0F9CC1
0FB6D1
85D2
74 49
C645 CB 01
8B45 0C
50
8B4D F8
51
0FB655 FF
52
8D45 C0
50
8B8D 4CFFFFFF
E8 FF220000

XOR ECX,ECX
TEST EAX,EAX
SETL CL
MOVZX EDX,CL
TEST EDX,EDX
JE SHORT 00422BEA
MOV BYTE PTR SS:[EBP-35],1
MOV EAX,DWORD PTR SS:[EBP+0C]
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP-8]
PUSH ECX
MOVZX EDX,BYTE PTR SS:[EBP-1]
PUSH EDX
LEA EAX,[EBP-40]
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP-0B4]
CALL 00424EC0

;
;
;
;
;
;
;
;
;

/Arg4
|
|Arg3
|
|Arg2
|
|Arg1
|
\SystemIn

8985 50FFFFFF
8B8D 50FFFFFF
8B11
8B41 04
8B4D 08
8911
8941 04
8B55 08
8A45 CB
8842 08
8B45 08
EB 20
EB 1E
C645 BF 00
8B4D EC
8B55 F0
8B45 08
8908

MOV
MOV
MOV
MOV
MOV
MOV
MOV
MOV
MOV
MOV
MOV
JMP
JMP
MOV
MOV
MOV
MOV
MOV

DWORD PTR SS:[EBP-0B0],EAX


ECX,DWORD PTR SS:[EBP-0B0]
EDX,DWORD PTR DS:[ECX]
EAX,DWORD PTR DS:[ECX+4]
ECX,DWORD PTR SS:[EBP+8]
DWORD PTR DS:[ECX],EDX
DWORD PTR DS:[ECX+4],EAX
EDX,DWORD PTR SS:[EBP+8]
AL,BYTE PTR SS:[EBP-35]
BYTE PTR DS:[EDX+8],AL
EAX,DWORD PTR SS:[EBP+8]
SHORT 00422C08
SHORT 00422C08
BYTE PTR SS:[EBP-41],0
ECX,DWORD PTR SS:[EBP-14]
EDX,DWORD PTR SS:[EBP-10]
EAX,DWORD PTR SS:[EBP+8]
DWORD PTR DS:[EAX],ECX

00422BF9 |. 8950 04
00422BFC |. 8B4D 08
00422BFF |. 8A55 BF
00422C02 |. 8851 08
00422C05 |. 8B45 08
00422C08 |> 8BE5
00422C0A |. 5D
00422C0B \. C2 0800
00422C0E
CC
00422C0F
CC
00422C10 /$ 55
o.00422C10(guessed void)
00422C11 |. 8BEC
00422C13 |. 51
00422C14 |. 894D FC
00422C17 |. 8B45 FC
00422C1A |. C700 00000000
00422C20 |. 8B4D FC
00422C23 |. C741 04 00000
00422C2A |. 8B45 FC
00422C2D |. 8BE5
00422C2F |. 5D
00422C30 \. C3
00422C31
CC
00422C32
CC
00422C33
CC
00422C34
CC
00422C35
CC
00422C36
CC
00422C37
CC
00422C38
CC
00422C39
CC
00422C3A
CC
00422C3B
CC
00422C3C
CC
00422C3D
CC
00422C3E
CC
00422C3F
CC
00422C40 /$ 55
00422C41 |. 8BEC
00422C43 |. 83EC 0C
00422C46 |. 894D F4
00422C49 |. 8B4D F4
00422C4C |. E8 5F4C0000
fo.004278B0
00422C51 |. 8BE5
00422C53 |. 5D
00422C54 \. C3
00422C55
CC
00422C56
CC
00422C57
CC
00422C58
CC
00422C59
CC
00422C5A
CC
00422C5B
CC
00422C5C
CC
00422C5D
CC
00422C5E
CC
00422C5F
CC
00422C60 /$ 55

MOV DWORD PTR DS:[EAX+4],EDX


MOV ECX,DWORD PTR SS:[EBP+8]
MOV DL,BYTE PTR SS:[EBP-41]
MOV BYTE PTR DS:[ECX+8],DL
MOV EAX,DWORD PTR SS:[EBP+8]
MOV ESP,EBP
POP EBP
RETN 8
INT3
INT3
PUSH EBP

; SystemInf

MOV EBP,ESP
PUSH ECX
MOV DWORD PTR
MOV EAX,DWORD
MOV DWORD PTR
MOV ECX,DWORD
MOV DWORD PTR
MOV EAX,DWORD
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
SUB ESP,0C
MOV DWORD PTR
MOV ECX,DWORD
CALL 004278B0

; [SystemIn

MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP

SS:[LOCAL.1],ECX
PTR SS:[LOCAL.1]
DS:[EAX],0
PTR SS:[LOCAL.1]
DS:[ECX+4],0
PTR SS:[LOCAL.1]

SS:[LOCAL.3],ECX
PTR SS:[LOCAL.3]

00422C61 |. 8BEC
00422C63 |. 83EC 14
00422C66 |. 894D EC
00422C69 |. 8B4D EC
00422C6C |. E8 BF640000
00422C71 |. 8B45 EC
00422C74 |. 8BE5
00422C76 |. 5D
00422C77 \. C3
00422C78
CC
00422C79
CC
00422C7A
CC
00422C7B
CC
00422C7C
CC
00422C7D
CC
00422C7E
CC
00422C7F
CC
00422C80 /$ 55
o.00422C80(guessed Arg1)
00422C81 |. 8BEC
00422C83 |. 51
00422C84 |. 894D FC
00422C87 |. 8B45 FC
00422C8A |. 33C9
00422C8C |. 8338 00
00422C8F |. 0F95C1
00422C92 |. 0FB6D1
00422C95 |. 85D2
00422C97 |. 74 16
00422C99 |. 8B45 FC
00422C9C |. 8B4D 08
00422C9F |. 8B10
00422CA1 |. 33C0
00422CA3 |. 3B11
00422CA5 |. 0F94C0
00422CA8 |. 0FB6C8
00422CAB |. 85C9
00422CAD |. 75 05
00422CAF |> E8 D4BB0000
00422CB4 |> 33D2
00422CB6 |.^ 75 FC
00422CB8 |. 8B45 FC
00422CBB |. 8B4D 08
00422CBE |. 8B50 04
00422CC1 |. 33C0
00422CC3 |. 3B51 04
00422CC6 |. 0F94C0
00422CC9 |. 0FB6C0
00422CCC |. F7D8
00422CCE |. 1BC0
00422CD0 |. 83C0 01
00422CD3 |. 8BE5
00422CD5 |. 5D
00422CD6 \. C2 0400
00422CD9
CC
00422CDA
CC
00422CDB
CC
00422CDC
CC
00422CDD
CC
00422CDE
CC

MOV EBP,ESP
SUB ESP,14
MOV DWORD PTR SS:[LOCAL.5],ECX
MOV ECX,DWORD PTR SS:[LOCAL.5]
CALL 00429130
MOV EAX,DWORD PTR SS:[LOCAL.5]
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
PUSH ECX
MOV DWORD PTR SS:[LOCAL.1],ECX
MOV EAX,DWORD PTR SS:[LOCAL.1]
XOR ECX,ECX
CMP DWORD PTR DS:[EAX],0
SETNE CL
MOVZX EDX,CL
TEST EDX,EDX
JE SHORT 00422CAF
MOV EAX,DWORD PTR SS:[LOCAL.1]
MOV ECX,DWORD PTR SS:[ARG.1]
MOV EDX,DWORD PTR DS:[EAX]
XOR EAX,EAX
CMP EDX,DWORD PTR DS:[ECX]
SETE AL
MOVZX ECX,AL
TEST ECX,ECX
JNE SHORT 00422CB4
CALL 0042E888
/XOR EDX,EDX
\JNE SHORT 00422CB4
MOV EAX,DWORD PTR SS:[LOCAL.1]
MOV ECX,DWORD PTR SS:[ARG.1]
MOV EDX,DWORD PTR DS:[EAX+4]
XOR EAX,EAX
CMP EDX,DWORD PTR DS:[ECX+4]
SETE AL
MOVZX EAX,AL
NEG EAX
SBB EAX,EAX
ADD EAX,1
MOV ESP,EBP
POP EBP
RETN 4
INT3
INT3
INT3
INT3
INT3
INT3

; SystemInf

00422CDF
CC
INT3
00422CE0 /$ 55
PUSH EBP
o.00422CE0(guessed Arg1,Arg2,Arg3,Arg4)
00422CE1 |. 8BEC
MOV EBP,ESP
00422CE3 |. 6A FF
PUSH -1
00422CE5 |. 68 12664400 PUSH 00446612
00422CEA |. 64:A1 0000000 MOV EAX,DWORD PTR FS:[0]
00422CF0 |. 50
PUSH EAX
00422CF1 |. 81EC 10010000 SUB ESP,110
00422CF7 |. A1 A0154500 MOV EAX,DWORD PTR DS:[4515A0]
00422CFC |. 33C5
XOR EAX,EBP
00422CFE |. 50
PUSH EAX
00422CFF |. 8D45 F4
LEA EAX,[LOCAL.3]
00422D02 |. 64:A3 0000000 MOV DWORD PTR FS:[0],EAX
00422D08 |. 898D E8FEFFFF MOV DWORD PTR SS:[LOCAL.70],ECX
00422D0E |. C745 F0 00000 MOV DWORD PTR SS:[LOCAL.4],0
00422D15 |. 837D 14 00
CMP DWORD PTR SS:[ARG.4],0
00422D19 |. 74 3A
JE SHORT 00422D55
00422D1B |. 8B85 E8FEFFFF MOV EAX,DWORD PTR SS:[LOCAL.70]
00422D21 |. C700 CC9B4400 MOV DWORD PTR DS:[EAX],OFFSET 00449BCC
00422D27 |. 8B8D E8FEFFFF MOV ECX,DWORD PTR SS:[LOCAL.70]
00422D2D |. 83C1 54
ADD ECX,54
00422D30 |. 894D EC
MOV DWORD PTR SS:[LOCAL.5],ECX
00422D33 |. 8B55 EC
MOV EDX,DWORD PTR SS:[LOCAL.5]
00422D36 |. C702 F8894400 MOV DWORD PTR DS:[EDX],OFFSET 004489F8
00422D3C |. 8B45 EC
MOV EAX,DWORD PTR SS:[LOCAL.5]
00422D3F |. C700 008A4400 MOV DWORD PTR DS:[EAX],OFFSET 00448A00
00422D45 |. C745 FC 00000 MOV DWORD PTR SS:[LOCAL.1],0
00422D4C |. 8B4D F0
MOV ECX,DWORD PTR SS:[LOCAL.4]
00422D4F |. 83C9 01
OR ECX,00000001
00422D52 |. 894D F0
MOV DWORD PTR SS:[LOCAL.4],ECX
00422D55 |> 33D2
XOR EDX,EDX
00422D57 |. 74 3A
JE SHORT 00422D93
00422D59 |. 8B85 E8FEFFFF MOV EAX,DWORD PTR SS:[LOCAL.70]
00422D5F |. C700 789B4400 MOV DWORD PTR DS:[EAX],OFFSET 00449B78
00422D65 |. 8B8D E8FEFFFF MOV ECX,DWORD PTR SS:[LOCAL.70]
00422D6B |. 83C1 04
ADD ECX,4
00422D6E |. 894D E8
MOV DWORD PTR SS:[LOCAL.6],ECX
00422D71 |. 8B55 E8
MOV EDX,DWORD PTR SS:[LOCAL.6]
00422D74 |. C702 F8894400 MOV DWORD PTR DS:[EDX],OFFSET 004489F8
00422D7A |. 8B45 E8
MOV EAX,DWORD PTR SS:[LOCAL.6]
00422D7D |. C700 008A4400 MOV DWORD PTR DS:[EAX],OFFSET 00448A00
00422D83 |. C745 FC 01000 MOV DWORD PTR SS:[LOCAL.1],1
00422D8A |. 8B4D F0
MOV ECX,DWORD PTR SS:[LOCAL.4]
00422D8D |. 83C9 02
OR ECX,00000002
00422D90 |. 894D F0
MOV DWORD PTR SS:[LOCAL.4],ECX
00422D93 |> 8B95 E8FEFFFF MOV EDX,DWORD PTR SS:[LOCAL.70]
00422D99 |. 8B02
MOV EAX,DWORD PTR DS:[EDX]
00422D9B |. 8B48 04
MOV ECX,DWORD PTR DS:[EAX+4]
00422D9E |. 8B95 E8FEFFFF MOV EDX,DWORD PTR SS:[LOCAL.70]
00422DA4 |. C7040A 749B44 MOV DWORD PTR DS:[ECX+EDX],OFFSET 00449B
00422DAB |. 6A 00
PUSH 0
00422DAD |. 8B85 E8FEFFFF MOV EAX,DWORD PTR SS:[LOCAL.70]
00422DB3 |. 83C0 04
ADD EAX,4
00422DB6 |. 50
PUSH EAX
00422DB7 |. 8B8D E8FEFFFF MOV ECX,DWORD PTR SS:[LOCAL.70]
00422DBD |. 8B11
MOV EDX,DWORD PTR DS:[ECX]
00422DBF |. 8B8D E8FEFFFF MOV ECX,DWORD PTR SS:[LOCAL.70]
00422DC5 |. 034A 04
ADD ECX,DWORD PTR DS:[EDX+4]
00422DC8 |. E8 A3580000 CALL 00428670

; SystemInf

;
;
;
;
;
;
;
;
;

/Arg2 = 0
|
|
|Arg1
|
|
|
|
\SystemIn

fo.00428670
00422DCD |.
00422DD4 |.
00422DDA |.
00422DDC |.
00422DDF |.
00422DE5 |.
00422DEC |.
00422DF2 |.
00422DF5 |.
00422DF8 |.
00422DFB |.
fo.00428830
00422E00 |.
00422E04 |.
00422E07 |.
00422E0D |.
00422E0F |.
00422E11 |.
00422E14 |.
fo.004260E0
00422E19 |.
00422E1D |.
00422E20 |.
[ARG.3]
00422E21 |.
00422E24 |.
00422E27 |.
00422E28 |.
00422E2B |.
[ARG.1]
00422E2C |.
00422E32 |.
00422E35 |.
fo.00425F80
00422E3A |.
00422E3C |.
00422E3E |.
00422E44 |.
00422E46 |.
00422E4C |.
00422E4F |.
00422E55 |.
00422E5A |.
00422E5C |.
00422E5E |.
00422E64 |.
00422E67 |.
00422E6A |.
00422E6D |.
00422E70 |.
00422E76 |.
00422E7C |.
00422E80 |.
00422E82 |.
00422E88 |.
00422E8B |.
00422E91 |.
00422E93 |>
00422E99 |.

C745 FC 02000
8B85 E8FEFFFF
8B08
8B51 04
8B85 E8FEFFFF
C70410 C89B44
8B8D E8FEFFFF
83C1 04
894D E0
8B4D E0
E8 305A0000

MOV DWORD PTR


MOV EAX,DWORD
MOV ECX,DWORD
MOV EDX,DWORD
MOV EAX,DWORD
MOV DWORD PTR
MOV ECX,DWORD
ADD ECX,4
MOV DWORD PTR
MOV ECX,DWORD
CALL 00428830

SS:[LOCAL.1],2
PTR SS:[LOCAL.70]
PTR DS:[EAX]
PTR DS:[ECX+4]
PTR SS:[LOCAL.70]
DS:[EDX+EAX],OFFSET 00449B
PTR SS:[LOCAL.70]

C645 FC 03
8B55 E0
C702 8C9B4400
6A 00
6A 00
8B4D E0
E8 C7320000

MOV BYTE PTR SS:[LOCAL.1],3


MOV EDX,DWORD PTR SS:[LOCAL.8]
MOV DWORD PTR DS:[EDX],OFFSET 00449B8C
PUSH 0
PUSH 0
MOV ECX,DWORD PTR SS:[LOCAL.8]
CALL 004260E0

;
;
;
;

C645 FC 04
8B45 10
50

MOV BYTE PTR SS:[LOCAL.1],4


MOV EAX,DWORD PTR SS:[ARG.3]
PUSH EAX

; /Arg3 =>

8B4D 0C
83C9 02
51
8B55 08
52

MOV ECX,DWORD PTR SS:[ARG.2]


OR ECX,00000002
PUSH ECX
MOV EDX,DWORD PTR SS:[ARG.1]
PUSH EDX

;
;
;
;
;

SS:[LOCAL.8],ECX
PTR SS:[LOCAL.8]

8B8D E8FEFFFF MOV ECX,DWORD PTR SS:[LOCAL.70]


83C1 04
ADD ECX,4
E8 46310000 CALL 00425F80
85C0
75 75
8B85 E8FEFFFF
8B08
8B95 E8FEFFFF
0351 04
8995 ECFEFFFF
B8 02000000
85C0
74 55
8B8D ECFEFFFF
8B51 08
8955 C0
8B45 C0
83C8 02
8985 F0FEFFFF
8B8D ECFEFFFF
8379 28 00
75 11
8B95 F0FEFFFF
83CA 04
8995 E4FEFFFF
EB 0C
8B85 F0FEFFFF
8985 E4FEFFFF

TEST EAX,EAX
JNE SHORT 00422EB3
MOV EAX,DWORD PTR SS:[LOCAL.70]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[LOCAL.70]
ADD EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[LOCAL.69],EDX
MOV EAX,2
TEST EAX,EAX
JE SHORT 00422EB3
MOV ECX,DWORD PTR SS:[LOCAL.69]
MOV EDX,DWORD PTR DS:[ECX+8]
MOV DWORD PTR SS:[LOCAL.16],EDX
MOV EAX,DWORD PTR SS:[LOCAL.16]
OR EAX,00000002
MOV DWORD PTR SS:[LOCAL.68],EAX
MOV ECX,DWORD PTR SS:[LOCAL.69]
CMP DWORD PTR DS:[ECX+28],0
JNE SHORT 00422E93
MOV EDX,DWORD PTR SS:[LOCAL.68]
OR EDX,00000004
MOV DWORD PTR SS:[LOCAL.71],EDX
JMP SHORT 00422E9F
MOV EAX,DWORD PTR SS:[LOCAL.68]
MOV DWORD PTR SS:[LOCAL.71],EAX

; [SystemIn

/Arg2 = 0
|Arg1 = 0
|
\SystemIn

|
|
|Arg2
|
|Arg1 =>

; |
; |
; \SystemIn

00422E9F |> 6A 00
00422EA1 |. 8B8D E4FEFFFF
00422EA7 |. 51
[LOCAL.71]
00422EA8 |. 8B8D ECFEFFFF
00422EAE |. E8 2D55FEFF
fo.004083E0
00422EB3 |> C745 FC FFFFF
00422EBA |. 8B85 E8FEFFFF
00422EC0 |. 8B4D F4
00422EC3 |. 64:890D 00000
00422ECA |. 59
00422ECB |. 8BE5
00422ECD |. 5D
00422ECE \. C2 1000
00422ED1
CC
00422ED2
CC
00422ED3
CC
00422ED4
CC
00422ED5
CC
00422ED6
CC
00422ED7
CC
00422ED8
CC
00422ED9
CC
00422EDA
CC
00422EDB
CC
00422EDC
CC
00422EDD
CC
00422EDE
CC
00422EDF
CC
00422EE0 /$ 55
o.00422EE0(guessed void)
00422EE1 |. 8BEC
00422EE3 |. 6A FF
00422EE5 |. 68 43664400
00422EEA |. 64:A1 0000000
00422EF0 |. 50
00422EF1 |. 83EC 38
00422EF4 |. A1 A0154500
00422EF9 |. 33C5
00422EFB |. 50
00422EFC |. 8D45 F4
00422EFF |. 64:A3 0000000
00422F05 |. 894D BC
00422F08 |. 8B45 BC
00422F0B |. 8B48 AC
00422F0E |. 8B51 04
00422F11 |. 8B45 BC
00422F14 |. C74410 AC C89
00422F1C |. C745 FC 00000
00422F23 |. 8B4D BC
00422F26 |. 83E9 50
00422F29 |. 894D C4
00422F2C |. 8B55 C4
00422F2F |. C702 8C9B4400
00422F35 |. C645 FC 01
00422F39 |. 8B45 C4
00422F3C |. 0FB648 48
00422F40 |. 85C9
00422F42 |. 74 08

PUSH 0
MOV ECX,DWORD PTR SS:[LOCAL.71]
PUSH ECX

; /Arg2 = 0
; |
; |Arg1 =>

MOV ECX,DWORD PTR SS:[LOCAL.69]


CALL 004083E0

; |
; \SystemIn

MOV DWORD PTR


MOV EAX,DWORD
MOV ECX,DWORD
MOV DWORD PTR
POP ECX
MOV ESP,EBP
POP EBP
RETN 10
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP

; SystemInf

SS:[LOCAL.1],-1
PTR SS:[LOCAL.70]
PTR SS:[LOCAL.3]
FS:[0],ECX

MOV EBP,ESP
PUSH -1
PUSH 00446643
MOV EAX,DWORD PTR FS:[0]
PUSH EAX
SUB ESP,38
MOV EAX,DWORD PTR DS:[4515A0]
XOR EAX,EBP
PUSH EAX
LEA EAX,[LOCAL.3]
MOV DWORD PTR FS:[0],EAX
MOV DWORD PTR SS:[LOCAL.17],ECX
MOV EAX,DWORD PTR SS:[LOCAL.17]
MOV ECX,DWORD PTR DS:[EAX-54]
MOV EDX,DWORD PTR DS:[ECX+4]
MOV EAX,DWORD PTR SS:[LOCAL.17]
MOV DWORD PTR DS:[EDX+EAX-54],OFFSET 004
MOV DWORD PTR SS:[LOCAL.1],0
MOV ECX,DWORD PTR SS:[LOCAL.17]
SUB ECX,50
MOV DWORD PTR SS:[LOCAL.15],ECX
MOV EDX,DWORD PTR SS:[LOCAL.15]
MOV DWORD PTR DS:[EDX],OFFSET 00449B8C
MOV BYTE PTR SS:[LOCAL.1],1
MOV EAX,DWORD PTR SS:[LOCAL.15]
MOVZX ECX,BYTE PTR DS:[EAX+48]
TEST ECX,ECX
JE SHORT 00422F4C

00422F44 |.
00422F47 |.
00422F4C |>
00422F50 |.
00422F53 |.
fo.00426F80
00422F58 |.
00422F5F |.
00422F62 |.
00422F65 |.
00422F68 |.
00422F6B |.
00422F6E |.
00422F71 |.
00422F74 |.
00422F7C |.
00422F7F |.
00422F86 |.
00422F87 |.
00422F89 |.
00422F8A \.
00422F8B
00422F8C
00422F8D
00422F8E
00422F8F
00422F90 />
00422F91 |.
00422F93 |.
00422F95 |.
00422F9A |.
00422FA0 |.
00422FA1 |.
00422FA7 |.
00422FAC |.
00422FAE |.
00422FAF |.
00422FB2 |.
00422FB8 |.
00422FBE |.
00422FC4 |.
00422FCA |.
00422FD1 |.
00422FD7 |.
00422FDB |.
00422FDD |.
00422FDF |.
00422FE5 |.
00422FEA |>
00422FF1 |.
00422FF7 |.
fo.00426F80
00422FFC |.
00422FFF |.
00423006 |.
00423007 |.
00423009 |.
0042300A \.
0042300B
0042300C

8B4D C4
E8 14310000
C645 FC 00
8B4D C4
E8 28400000

MOV ECX,DWORD PTR SS:[LOCAL.15]


CALL 00426060
MOV BYTE PTR SS:[LOCAL.1],0
MOV ECX,DWORD PTR SS:[LOCAL.15]
CALL 00426F80

C745 FC FFFFF
8B55 BC
83EA 50
8955 C0
8B45 C0
8B48 FC
8B51 04
8B45 C0
C74410 FC 749
8B4D F4
64:890D 00000
59
8BE5
5D
C3
CC
CC
CC
CC
CC
55
8BEC
6A FF
68 6B664400
64:A1 0000000
50
81EC B0000000
A1 A0154500
33C5
50
8D45 F4
64:A3 0000000
898D 44FFFFFF
8B85 44FFFFFF
C700 8C9B4400
C745 FC 00000
8B8D 44FFFFFF
0FB651 48
85D2
74 0B
8B8D 44FFFFFF
E8 76300000
C745 FC FFFFF
8B8D 44FFFFFF
E8 843F0000

MOV DWORD PTR SS:[LOCAL.1],-1


MOV EDX,DWORD PTR SS:[LOCAL.17]
SUB EDX,50
MOV DWORD PTR SS:[LOCAL.16],EDX
MOV EAX,DWORD PTR SS:[LOCAL.16]
MOV ECX,DWORD PTR DS:[EAX-4]
MOV EDX,DWORD PTR DS:[ECX+4]
MOV EAX,DWORD PTR SS:[LOCAL.16]
MOV DWORD PTR DS:[EDX+EAX-4],OFFSET 0044
MOV ECX,DWORD PTR SS:[LOCAL.3]
MOV DWORD PTR FS:[0],ECX
POP ECX
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
PUSH -1
PUSH 0044666B
MOV EAX,DWORD PTR FS:[0]
PUSH EAX
SUB ESP,0B0
MOV EAX,DWORD PTR DS:[4515A0]
XOR EAX,EBP
PUSH EAX
LEA EAX,[EBP-0C]
MOV DWORD PTR FS:[0],EAX
MOV DWORD PTR SS:[EBP-0BC],ECX
MOV EAX,DWORD PTR SS:[EBP-0BC]
MOV DWORD PTR DS:[EAX],OFFSET 00449B8C
MOV DWORD PTR SS:[EBP-4],0
MOV ECX,DWORD PTR SS:[EBP-0BC]
MOVZX EDX,BYTE PTR DS:[ECX+48]
TEST EDX,EDX
JE SHORT 00422FEA
MOV ECX,DWORD PTR SS:[EBP-0BC]
CALL 00426060
MOV DWORD PTR SS:[EBP-4],-1
MOV ECX,DWORD PTR SS:[EBP-0BC]
CALL 00426F80
; [SystemIn

8B4D F4
MOV ECX,DWORD PTR SS:[EBP-0C]
64:890D 00000 MOV DWORD PTR FS:[0],ECX
59
POP ECX
8BE5
MOV ESP,EBP
5D
POP EBP
C3
RETN
CC
INT3
CC
INT3

; [SystemIn

0042300D
0042300E
0042300F
00423010
00423011
00423013
00423015
0042301A
00423020
00423021
00423027
0042302C
0042302E
00423031
00423032
00423035
0042303B
00423041
00423048
0042304B
0042304D
00423050
00423053
00423056
00423058
0042305A
0042305E
00423060
00423063
00423069
0042306B
0042306E
00423070
00423072
00423075
0042307B
00423081
00423086
0042308B
00423091
00423094
00423096
00423099
0042309D
004230A3
004230A9
004230AC
004230AE
004230B1
004230B7
004230BA
004230C0
004230C3
004230C5
004230C7
004230CA
004230CC
004230CF
004230D5
004230DB

/.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|>
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.

CC
CC
CC
55
8BEC
6A FF
68 98664400
64:A1 0000000
50
81EC 10010000
A1 A0154500
33C5
8945 E0
50
8D45 F4
64:A3 0000000
898D F8FEFFFF
C745 BC FFFFF
8B45 BC
33C9
3B45 08
0F94C1
0FB6D1
85D2
74 31
837D 08 FF
74 0B
8B45 08
8985 F4FEFFFF
EB 10
83C9 FF
F7D9
1BC9
83C1 01
898D F4FEFFFF
8B85 F4FEFFFF
E9 67040000
E9 62040000
8B95 F8FEFFFF
8B42 24
8B08
894D 84
837D 84 00
0F84 90000000
8B95 F8FEFFFF
8B42 24
8B08
894D 80
8B95 F8FEFFFF
8B42 34
8B8D F8FEFFFF
8B51 24
8B0A
0308
394D 80
73 67
8A55 08
8895 7FFFFFFF
8B85 F8FEFFFF
8B48 34

INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
PUSH -1
PUSH 00446698
MOV EAX,DWORD PTR FS:[0]
PUSH EAX
SUB ESP,110
MOV EAX,DWORD PTR DS:[4515A0]
XOR EAX,EBP
MOV DWORD PTR SS:[LOCAL.8],EAX
PUSH EAX
LEA EAX,[LOCAL.3]
MOV DWORD PTR FS:[0],EAX
MOV DWORD PTR SS:[LOCAL.66],ECX
MOV DWORD PTR SS:[LOCAL.17],-1
MOV EAX,DWORD PTR SS:[LOCAL.17]
XOR ECX,ECX
CMP EAX,DWORD PTR SS:[ARG.1]
SETE CL
MOVZX EDX,CL
TEST EDX,EDX
JE SHORT 0042308B
CMP DWORD PTR SS:[ARG.1],-1
JE SHORT 0042306B
MOV EAX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR SS:[LOCAL.67],EAX
JMP SHORT 0042307B
OR ECX,FFFFFFFF
NEG ECX
SBB ECX,ECX
ADD ECX,1
MOV DWORD PTR SS:[LOCAL.67],ECX
MOV EAX,DWORD PTR SS:[LOCAL.67]
JMP 004234ED
JMP 004234ED
MOV EDX,DWORD PTR SS:[LOCAL.66]
MOV EAX,DWORD PTR DS:[EDX+24]
MOV ECX,DWORD PTR DS:[EAX]
MOV DWORD PTR SS:[LOCAL.31],ECX
CMP DWORD PTR SS:[LOCAL.31],0
JE 00423133
MOV EDX,DWORD PTR SS:[LOCAL.66]
MOV EAX,DWORD PTR DS:[EDX+24]
MOV ECX,DWORD PTR DS:[EAX]
MOV DWORD PTR SS:[LOCAL.32],ECX
MOV EDX,DWORD PTR SS:[LOCAL.66]
MOV EAX,DWORD PTR DS:[EDX+34]
MOV ECX,DWORD PTR SS:[LOCAL.66]
MOV EDX,DWORD PTR DS:[ECX+24]
MOV ECX,DWORD PTR DS:[EDX]
ADD ECX,DWORD PTR DS:[EAX]
CMP DWORD PTR SS:[LOCAL.32],ECX
JNB SHORT 00423133
MOV DL,BYTE PTR SS:[ARG.1]
MOV BYTE PTR SS:[LOCAL.33+3],DL
MOV EAX,DWORD PTR SS:[LOCAL.66]
MOV ECX,DWORD PTR DS:[EAX+34]

004230DE
004230E0
004230E3
004230E9
004230EC
004230EE
004230F4
004230F7
004230F9
004230FF
00423105
00423108
0042310A
0042310D
00423113
00423116
00423118
0042311E
00423124
00423126
00423129
0042312E
00423133
00423139
0042313D
0042313F
00423142
00423147
0042314C
00423152
00423156
00423158
0042315B
00423161
00423167
0042316A
00423170
00423176
00423177
0042317E
0042317F
00423184
00423187
00423189
0042318C
0042318F
00423192
00423194
00423196
00423199
0042319F
004231A1
004231AB
004231B1
004231B6
004231BB
004231C2
004231C5
004231C8
004231CE

|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|>
|.
|.
|>
|.
|.
|.
|.

8B11
83EA 01
8B85 F8FEFFFF
8B48 34
8911
8B95 F8FEFFFF
8B42 24
8B08
898D F0FEFFFF
8B95 F8FEFFFF
8B42 24
8B08
83C1 01
8B95 F8FEFFFF
8B42 24
8908
8B8D F0FEFFFF
8A95 7FFFFFFF
8811
8B45 08
E9 BF030000
E9 BA030000
8B85 F8FEFFFF
8378 4C 00
75 0D
83C8 FF
E9 A6030000
E9 A1030000
8B8D F8FEFFFF
8379 3C 00
75 63
8A55 08
8895 7EFFFFFF
8B85 F8FEFFFF
8B48 4C
898D 78FFFFFF
8B95 78FFFFFF
52
0FBE85 7EFFFF
50
E8 4EF70000
83C4 08
33C9
83F8 FF
0F95C1
0FB6D1
85D2
74 0B
8B45 08
8985 ECFEFFFF
EB 0A
C785 ECFEFFFF
8B85 ECFEFFFF
E9 37030000
E9 32030000
C745 F0 08000
8A4D 08
884D EB
8D95 6FFFFFFF
8995 70FFFFFF

MOV EDX,DWORD PTR DS:[ECX]


SUB EDX,1
MOV EAX,DWORD PTR SS:[LOCAL.66]
MOV ECX,DWORD PTR DS:[EAX+34]
MOV DWORD PTR DS:[ECX],EDX
MOV EDX,DWORD PTR SS:[LOCAL.66]
MOV EAX,DWORD PTR DS:[EDX+24]
MOV ECX,DWORD PTR DS:[EAX]
MOV DWORD PTR SS:[LOCAL.68],ECX
MOV EDX,DWORD PTR SS:[LOCAL.66]
MOV EAX,DWORD PTR DS:[EDX+24]
MOV ECX,DWORD PTR DS:[EAX]
ADD ECX,1
MOV EDX,DWORD PTR SS:[LOCAL.66]
MOV EAX,DWORD PTR DS:[EDX+24]
MOV DWORD PTR DS:[EAX],ECX
MOV ECX,DWORD PTR SS:[LOCAL.68]
MOV DL,BYTE PTR SS:[LOCAL.33+3]
MOV BYTE PTR DS:[ECX],DL
MOV EAX,DWORD PTR SS:[ARG.1]
JMP 004234ED
JMP 004234ED
MOV EAX,DWORD PTR SS:[LOCAL.66]
CMP DWORD PTR DS:[EAX+4C],0
JNE SHORT 0042314C
OR EAX,FFFFFFFF
JMP 004234ED
JMP 004234ED
MOV ECX,DWORD PTR SS:[LOCAL.66]
CMP DWORD PTR DS:[ECX+3C],0
JNE SHORT 004231BB
MOV DL,BYTE PTR SS:[ARG.1]
MOV BYTE PTR SS:[LOCAL.33+2],DL
MOV EAX,DWORD PTR SS:[LOCAL.66]
MOV ECX,DWORD PTR DS:[EAX+4C]
MOV DWORD PTR SS:[LOCAL.34],ECX
MOV EDX,DWORD PTR SS:[LOCAL.34]
PUSH EDX
MOVSX EAX,BYTE PTR SS:[LOCAL.33+2]
PUSH EAX
CALL 004328D2
ADD ESP,8
XOR ECX,ECX
CMP EAX,-1
SETNE CL
MOVZX EDX,CL
TEST EDX,EDX
JE SHORT 004231A1
MOV EAX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR SS:[LOCAL.69],EAX
JMP SHORT 004231AB
MOV DWORD PTR SS:[LOCAL.69],-1
MOV EAX,DWORD PTR SS:[LOCAL.69]
JMP 004234ED
JMP 004234ED
MOV DWORD PTR SS:[LOCAL.4],8
MOV CL,BYTE PTR SS:[ARG.1]
MOV BYTE PTR SS:[LOCAL.6+3],CL
LEA EDX,[LOCAL.37+3]
MOV DWORD PTR SS:[LOCAL.36],EDX

004231D4 |.
004231D6 |.
004231D8 |.
004231DB |.
fo.0040FB60
004231E0 |.
004231E2 |.
004231E4 |.
004231E7 |.
fo.0040F240
004231EC |.
004231F3 |>
004231F7 |.
004231F9 |.
004231FC |.
00423202 |.
00423204 |>
00423207 |.
0042320D |>
00423210 |.
00423211 |.
00423217 |.
00423218 |.
0042321B |.
fo.0042A290
00423220 |.
00423223 |.
fo.00429BC0
00423228 |.
0042322E |.
00423231 |.
00423237 |.
0042323B |.
0042323D |.
00423240 |.
00423246 |.
00423248 |>
0042324B |.
00423251 |>
00423254 |.
00423255 |.
0042325B |.
0042325C |.
0042325F |.
fo.0042A290
00423264 |.
00423267 |.
fo.00429BC0
0042326C |.
00423272 |.
00423278 |.
0042327B |.
00423281 |.
00423284 |.
00423285 |.
0042328B |.
00423291 |.
00423292 |.
00423298 |.
00423299 |.

6A 00
6A 00
8D4D C4
E8 80C9FEFF

PUSH 0
PUSH 0
LEA ECX,[LOCAL.15]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 0
|
\SystemIn

6A 00
6A 08
8D4D C4
E8 54C0FEFF

PUSH 0
PUSH 8
LEA ECX,[LOCAL.15]
CALL 0040F240

;
;
;
;

/Arg2 = 0
|Arg1 = 8
|
\SystemIn

C745 FC 00000
837D DC 10
72 0B
8B45 C8
8985 68FFFFFF
EB 09
8D4D C8
898D 68FFFFFF
8D55 C4
52
8B85 68FFFFFF
50
8D4D B4
E8 70700000

MOV DWORD PTR SS:[LOCAL.1],0


CMP DWORD PTR SS:[EBP-24],10
JB SHORT 00423204
MOV EAX,DWORD PTR SS:[EBP-38]
MOV DWORD PTR SS:[EBP-98],EAX
JMP SHORT 0042320D
LEA ECX,[EBP-38]
MOV DWORD PTR SS:[EBP-98],ECX
LEA EDX,[EBP-3C]
PUSH EDX
MOV EAX,DWORD PTR SS:[EBP-98]
PUSH EAX
LEA ECX,[EBP-4C]
CALL 0042A290

;
;
;
;
;

/Arg2
|
|Arg1
|
\SystemIn

8D4D B4
E8 98690000

LEA ECX,[EBP-4C]
CALL 00429BC0

; [SystemIn

8985 64FFFFFF
8B4D D8
898D 60FFFFFF
837D DC 10
72 0B
8B55 C8
8995 5CFFFFFF
EB 09
8D45 C8
8985 5CFFFFFF
8D4D C4
51
8B95 5CFFFFFF
52
8D4D AC
E8 2C700000

MOV DWORD PTR SS:[EBP-9C],EAX


MOV ECX,DWORD PTR SS:[EBP-28]
MOV DWORD PTR SS:[EBP-0A0],ECX
CMP DWORD PTR SS:[EBP-24],10
JB SHORT 00423248
MOV EDX,DWORD PTR SS:[EBP-38]
MOV DWORD PTR SS:[EBP-0A4],EDX
JMP SHORT 00423251
LEA EAX,[EBP-38]
MOV DWORD PTR SS:[EBP-0A4],EAX
LEA ECX,[EBP-3C]
PUSH ECX
MOV EDX,DWORD PTR SS:[EBP-0A4]
PUSH EDX
LEA ECX,[EBP-54]
CALL 0042A290

;
;
;
;
;

8D4D AC
E8 54690000

LEA ECX,[EBP-54]
CALL 00429BC0

; [SystemIn

8985
8B85
8B48
898D
8D55
52
8B85
0385
50
8B8D
51
8D55

58FFFFFF
F8FEFFFF
3C
54FFFFFF
E4

MOV DWORD PTR SS:[EBP-0A8],EAX


MOV EAX,DWORD PTR SS:[EBP-108]
MOV ECX,DWORD PTR DS:[EAX+3C]
MOV DWORD PTR SS:[EBP-0AC],ECX
LEA EDX,[EBP-1C]
PUSH EDX
64FFFFFF MOV EAX,DWORD PTR SS:[EBP-9C]
60FFFFFF ADD EAX,DWORD PTR SS:[EBP-0A0]
PUSH EAX
58FFFFFF MOV ECX,DWORD PTR SS:[EBP-0A8]
PUSH ECX
EC
LEA EDX,[EBP-14]

/Arg2
|
|Arg1
|
\SystemIn

0042329C |.
0042329D |.
004232A0 |.
004232A1 |.
004232A4 |.
004232A5 |.
004232AB |.
004232AE |.
004232AF |.
004232B5 |.
004232B7 |.
004232BD |.
004232C0 |.
004232C2 |.
004232C8 |.
004232CF |.
004232D5 |.
004232DC |.
004232DE |.
004232E5 |.
004232EB |.
004232F0 |>
004232F4 |.
004232F6 |.
004232F9 |.
004232FF |.
00423301 |>
00423304 |.
0042330A |>
0042330D |.
0042330E |.
00423314 |.
00423315 |.
00423318 |.
fo.0042A290
0042331D |.
00423320 |.
fo.00429BC0
00423325 |.
0042332B |.
0042332E |.
00423334 |.
00423337 |.
0042333D |.
00423341 |.
00423343 |.
00423346 |.
0042334C |.
0042334E |>
00423351 |.
00423357 |>
0042335A |.
0042335B |.
00423361 |.
00423362 |.
00423365 |.
fo.0042A290
0042336A |.
0042336D |.
fo.00429BC0

52
8D45 EC
50
8D4D EB
51
8B95 F8FEFFFF
83C2 44
52
8B85 54FFFFFF
8B10
8B8D 54FFFFFF
8B42 14
FFD0
8985 E8FEFFFF
83BD E8FEFFFF
0F8C E1010000
83BD E8FEFFFF
7E 12
83BD E8FEFFFF
0F84 57010000
E9 C6010000
837D DC 10
72 0B
8B4D C8
898D 50FFFFFF
EB 09
8D55 C8
8995 50FFFFFF
8D45 C4
50
8B8D 50FFFFFF
51
8D4D A4
E8 736F0000

PUSH EDX
LEA EAX,[EBP-14]
PUSH EAX
LEA ECX,[EBP-15]
PUSH ECX
MOV EDX,DWORD PTR SS:[EBP-108]
ADD EDX,44
PUSH EDX
MOV EAX,DWORD PTR SS:[EBP-0AC]
MOV EDX,DWORD PTR DS:[EAX]
MOV ECX,DWORD PTR SS:[EBP-0AC]
MOV EAX,DWORD PTR DS:[EDX+14]
CALL EAX
MOV DWORD PTR SS:[EBP-118],EAX
CMP DWORD PTR SS:[EBP-118],0
JL 004234B6
CMP DWORD PTR SS:[EBP-118],1
JLE SHORT 004232F0
CMP DWORD PTR SS:[EBP-118],3
JE 00423442
JMP 004234B6
CMP DWORD PTR SS:[EBP-24],10
JB SHORT 00423301
MOV ECX,DWORD PTR SS:[EBP-38]
MOV DWORD PTR SS:[EBP-0B0],ECX
JMP SHORT 0042330A
LEA EDX,[EBP-38]
MOV DWORD PTR SS:[EBP-0B0],EDX
LEA EAX,[EBP-3C]
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP-0B0]
PUSH ECX
LEA ECX,[EBP-5C]
CALL 0042A290

;
;
;
;
;

8D4D A4
E8 9B680000

LEA ECX,[EBP-5C]
CALL 00429BC0

; [SystemIn

8985 4CFFFFFF
8B55 E4
2B95 4CFFFFFF
8955 C0
0F84 81000000
837D DC 10
72 0B
8B45 C8
8985 48FFFFFF
EB 09
8D4D C8
898D 48FFFFFF
8D55 C4
52
8B85 48FFFFFF
50
8D4D 9C
E8 266F0000

MOV DWORD PTR SS:[EBP-0B4],EAX


MOV EDX,DWORD PTR SS:[EBP-1C]
SUB EDX,DWORD PTR SS:[EBP-0B4]
MOV DWORD PTR SS:[EBP-40],EDX
JE 004233BE
CMP DWORD PTR SS:[EBP-24],10
JB SHORT 0042334E
MOV EAX,DWORD PTR SS:[EBP-38]
MOV DWORD PTR SS:[EBP-0B8],EAX
JMP SHORT 00423357
LEA ECX,[EBP-38]
MOV DWORD PTR SS:[EBP-0B8],ECX
LEA EDX,[EBP-3C]
PUSH EDX
MOV EAX,DWORD PTR SS:[EBP-0B8]
PUSH EAX
LEA ECX,[EBP-64]
CALL 0042A290

;
;
;
;
;

8D4D 9C
E8 4E680000

LEA ECX,[EBP-64]
CALL 00429BC0

; [SystemIn

/Arg2
|
|Arg1
|
\SystemIn

/Arg2
|
|Arg1
|
\SystemIn

00423372 |.
00423378 |.
0042337E |.
00423381 |.
00423382 |.
00423385 |.
00423386 |.
00423388 |.
0042338E |.
0042338F |.
00423394 |.
00423397 |.
0042339A |.
0042339C |.
004233A3 |.
004233AA |.
004233AC |.
004233AE |.
004233B1 |.
fo.0040FB60
004233B6 |.
004233B9 |.
004233BE |>
004233C4 |.
004233C8 |.
004233CB |.
004233CE |.
004233D0 |.
004233D2 |.
004233D5 |.
004233D8 |.
004233DF |.
004233E1 |.
004233E3 |.
004233E6 |.
fo.0040FB60
004233EB |.
004233EE |.
004233F3 |>
004233F7 |.
004233F9 |.^
004233FB |>
004233FE |.
00423404 |.
0042340B |.
0042340D |.
0042340F |.
00423411 |.
00423414 |.
fo.0040EF80
00423419 |.^
0042341B |>
00423422 |.
00423429 |.
0042342B |.
0042342D |.
00423430 |.
fo.0040FB60
00423435 |.
00423438 |.

8985 44FFFFFF
8B8D F8FEFFFF
8B51 4C
52
8B45 C0
50
6A 01
8B8D 44FFFFFF
51
E8 BCF40000
83C4 10
3945 C0
74 22
C745 98 FFFFF
C745 FC FFFFF
6A 00
6A 01
8D4D C4
E8 AAC7FEFF

MOV DWORD PTR SS:[EBP-0BC],EAX


MOV ECX,DWORD PTR SS:[EBP-108]
MOV EDX,DWORD PTR DS:[ECX+4C]
PUSH EDX
MOV EAX,DWORD PTR SS:[EBP-40]
PUSH EAX
PUSH 1
MOV ECX,DWORD PTR SS:[EBP-0BC]
PUSH ECX
CALL 00432850
ADD ESP,10
CMP DWORD PTR SS:[EBP-40],EAX
JE SHORT 004233BE
MOV DWORD PTR SS:[EBP-68],-1
MOV DWORD PTR SS:[EBP-4],-1
PUSH 0
PUSH 1
LEA ECX,[EBP-3C]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

8B45 98
E9 2F010000
8B95 F8FEFFFF
C642 41 01
8B45 EC
8D4D EB
3BC1
74 21
8B55 08
8955 94
C745 FC FFFFF
6A 00
6A 01
8D4D C4
E8 75C7FEFF

MOV EAX,DWORD PTR SS:[EBP-68]


JMP 004234ED
MOV EDX,DWORD PTR SS:[EBP-108]
MOV BYTE PTR DS:[EDX+41],1
MOV EAX,DWORD PTR SS:[EBP-14]
LEA ECX,[EBP-15]
CMP EAX,ECX
JE SHORT 004233F3
MOV EDX,DWORD PTR SS:[EBP+8]
MOV DWORD PTR SS:[EBP-6C],EDX
MOV DWORD PTR SS:[EBP-4],-1
PUSH 0
PUSH 1
LEA ECX,[EBP-3C]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

8B45 94
E9 FA000000
837D C0 00
76 02
EB 42
8B45 D8
8985 40FFFFFF
83BD 40FFFFFF
73 0E
6A 00
6A 08
8D4D C4
E8 67BBFEFF

MOV EAX,DWORD PTR SS:[EBP-6C]


JMP 004234ED
CMP DWORD PTR SS:[EBP-40],0
JBE SHORT 004233FB
JMP SHORT 0042343D
MOV EAX,DWORD PTR SS:[EBP-28]
MOV DWORD PTR SS:[EBP-0C0],EAX
CMP DWORD PTR SS:[EBP-0C0],20
JNB SHORT 0042341B
PUSH 0
PUSH 8
LEA ECX,[EBP-3C]
CALL 0040EF80

;
;
;
;

/Arg2 = 0
|Arg1 = 8
|
\SystemIn

EB 22
C745 90 FFFFF
C745 FC FFFFF
6A 00
6A 01
8D4D C4
E8 2BC7FEFF

JMP SHORT 0042343D


MOV DWORD PTR SS:[EBP-70],-1
MOV DWORD PTR SS:[EBP-4],-1
PUSH 0
PUSH 1
LEA ECX,[EBP-3C]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

8B45 90
E9 B0000000

MOV EAX,DWORD PTR SS:[EBP-70]


JMP 004234ED

0042343D |>^
00423442 |>
00423448 |.
0042344B |.
00423451 |.
00423454 |.
0042345A |.
00423460 |.
00423461 |.
00423468 |.
00423469 |.
0042346E |.
00423471 |.
00423473 |.
00423476 |.
00423479 |.
0042347C |.
0042347E |.
00423480 |.
00423483 |.
00423489 |.
0042348B |>
00423495 |>
0042349B |.
0042349E |.
004234A5 |.
004234A7 |.
004234A9 |.
004234AC |.
fo.0040FB60
004234B1 |.
004234B4 |.
004234B6 |>
004234BD |.
004234C4 |.
004234C6 |.
004234C8 |.
004234CB |.
fo.0040FB60
004234D0 |.
004234D3 |.
004234D5 \>^
004234DA /.
004234E1 |.
004234E3 |.
004234E5 |.
004234E8 |.
fo.0040FB60
004234ED |>
004234F0 |.
004234F7 |.
004234F8 |.
004234FB |.
004234FD |.
00423502 |.
00423504 |.
00423505 \.
00423508
00423509
0042350A

E9 93000000
8B8D F8FEFFFF
8B51 4C
8995 34FFFFFF
8A45 EB
8885 3AFFFFFF
8B8D 34FFFFFF
51
0FBE95 3AFFFF
52
E8 64F40000
83C4 08
33C9
83F8 FF
0F95C1
0FB6D1
85D2
74 0B
8B45 08
8985 E4FEFFFF
EB 0A
C785 E4FEFFFF
8B8D E4FEFFFF
894D 8C
C745 FC FFFFF
6A 00
6A 01
8D4D C4
E8 AFC6FEFF

JMP 004234D5
MOV ECX,DWORD PTR SS:[EBP-108]
MOV EDX,DWORD PTR DS:[ECX+4C]
MOV DWORD PTR SS:[EBP-0CC],EDX
MOV AL,BYTE PTR SS:[EBP-15]
MOV BYTE PTR SS:[EBP-0C6],AL
MOV ECX,DWORD PTR SS:[EBP-0CC]
PUSH ECX
MOVSX EDX,BYTE PTR SS:[EBP-0C6]
PUSH EDX
CALL 004328D2
ADD ESP,8
XOR ECX,ECX
CMP EAX,-1
SETNE CL
MOVZX EDX,CL
TEST EDX,EDX
JE SHORT 0042348B
MOV EAX,DWORD PTR SS:[EBP+8]
MOV DWORD PTR SS:[EBP-11C],EAX
JMP SHORT 00423495
MOV DWORD PTR SS:[EBP-11C],-1
MOV ECX,DWORD PTR SS:[EBP-11C]
MOV DWORD PTR SS:[EBP-74],ECX
MOV DWORD PTR SS:[EBP-4],-1
PUSH 0
PUSH 1
LEA ECX,[EBP-3C]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

8B45 8C
EB 37
C745 88 FFFFF
C745 FC FFFFF
6A 00
6A 01
8D4D C4
E8 90C6FEFF

MOV EAX,DWORD PTR SS:[EBP-74]


JMP SHORT 004234ED
MOV DWORD PTR SS:[EBP-78],-1
MOV DWORD PTR SS:[EBP-4],-1
PUSH 0
PUSH 1
LEA ECX,[EBP-3C]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

8B45 88
EB 18
E9 19FDFFFF
C745 FC FFFFF
6A 00
6A 01
8D4D C4
E8 73C6FEFF

MOV EAX,DWORD PTR SS:[EBP-78]


JMP SHORT 004234ED
JMP 004231F3
MOV DWORD PTR SS:[EBP-4],-1
PUSH 0
PUSH 1
LEA ECX,[EBP-3C]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

8B4D F4
64:890D 00000
59
8B4D E0
33CD
E8 EFB10000
8BE5
5D
C2 0400
CC
CC
CC

MOV ECX,DWORD PTR SS:[EBP-0C]


MOV DWORD PTR FS:[0],ECX
POP ECX
MOV ECX,DWORD PTR SS:[EBP-20]
XOR ECX,EBP
CALL 0042E6F1
MOV ESP,EBP
POP EBP
RETN 4
INT3
INT3
INT3

0042350B
0042350C
0042350D
0042350E
0042350F
00423510
00423511
00423513
00423516
00423519
0042351C
0042351F
00423521
00423524
00423528
0042352E
00423531
00423534
00423536
00423539
0042353C
0042353F
00423541
00423544
00423547
0042354A
0042354C
00423553
00423556
00423558
0042355B
0042355E
00423561
00423563
00423565
00423568
0042356B
0042356D
00423570
00423573
00423577
0042357A
0042357D
0042357F
00423582
00423585
00423588
0042358A
0042358C
0042358F
00423594
00423598
0042359A
0042359D
004235A0
004235A2
004235A5
004235A7
004235A9
004235AC

/.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.

CC
CC
CC
CC
CC
55
8BEC
83EC 30
894D D4
8B45 D4
8B48 20
8B11
8955 EC
837D EC 00
0F84 8E000000
8B45 D4
8B48 10
8B11
8955 E8
8B45 D4
8B48 20
8B11
8955 E4
8B45 E8
3B45 E4
73 70
C745 FC FFFFF
8B4D FC
33D2
3B4D 08
0F94C2
0FB6C2
85C0
75 27
8B4D D4
8B51 20
8B02
8945 E0
8B4D E0
0FB651 FF
8955 F8
8B45 F8
33C9
3B45 08
0F94C1
0FB6D1
85D2
74 30
8B4D D4
E8 8C160000
837D 08 FF
74 08
8B45 08
8945 D0
EB 0D
83C9 FF
F7D9
1BC9
83C1 01
894D D0

INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
SUB ESP,30
MOV DWORD PTR SS:[LOCAL.11],ECX
MOV EAX,DWORD PTR SS:[LOCAL.11]
MOV ECX,DWORD PTR DS:[EAX+20]
MOV EDX,DWORD PTR DS:[ECX]
MOV DWORD PTR SS:[LOCAL.5],EDX
CMP DWORD PTR SS:[LOCAL.5],0
JE 004235BC
MOV EAX,DWORD PTR SS:[LOCAL.11]
MOV ECX,DWORD PTR DS:[EAX+10]
MOV EDX,DWORD PTR DS:[ECX]
MOV DWORD PTR SS:[LOCAL.6],EDX
MOV EAX,DWORD PTR SS:[LOCAL.11]
MOV ECX,DWORD PTR DS:[EAX+20]
MOV EDX,DWORD PTR DS:[ECX]
MOV DWORD PTR SS:[LOCAL.7],EDX
MOV EAX,DWORD PTR SS:[LOCAL.6]
CMP EAX,DWORD PTR SS:[LOCAL.7]
JNB SHORT 004235BC
MOV DWORD PTR SS:[LOCAL.1],-1
MOV ECX,DWORD PTR SS:[LOCAL.1]
XOR EDX,EDX
CMP ECX,DWORD PTR SS:[ARG.1]
SETE DL
MOVZX EAX,DL
TEST EAX,EAX
JNE SHORT 0042358C
MOV ECX,DWORD PTR SS:[LOCAL.11]
MOV EDX,DWORD PTR DS:[ECX+20]
MOV EAX,DWORD PTR DS:[EDX]
MOV DWORD PTR SS:[LOCAL.8],EAX
MOV ECX,DWORD PTR SS:[LOCAL.8]
MOVZX EDX,BYTE PTR DS:[ECX-1]
MOV DWORD PTR SS:[LOCAL.2],EDX
MOV EAX,DWORD PTR SS:[LOCAL.2]
XOR ECX,ECX
CMP EAX,DWORD PTR SS:[ARG.1]
SETE CL
MOVZX EDX,CL
TEST EDX,EDX
JE SHORT 004235BC
MOV ECX,DWORD PTR SS:[LOCAL.11]
CALL 00424C20
CMP DWORD PTR SS:[ARG.1],-1
JE SHORT 004235A2
MOV EAX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR SS:[LOCAL.12],EAX
JMP SHORT 004235AF
OR ECX,FFFFFFFF
NEG ECX
SBB ECX,ECX
ADD ECX,1
MOV DWORD PTR SS:[LOCAL.12],ECX

004235AF
004235B2
004235B7
004235BC
004235BF
004235C3
004235C5
004235CC
004235CF
004235D1
004235D4
004235D7
004235DA
004235DC
004235DE
004235E1
004235E6
004235EB
004235EE
004235F2
004235F4
004235F7
004235FA
004235FD
00423600
00423603
00423606
00423607
0042360B
0042360C
00423611
00423614
00423616
00423619
0042361C
0042361F
00423621
00423623
00423626
00423628
0042362A
0042362C
0042362E
00423631
00423634
00423637
0042363A
0042363D
00423640
00423643
00423646
00423649
0042364C
0042364E
00423651
00423654
00423657
00423659
0042365C
0042365F

|>
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.

8B45 D0
E9 BD000000
E9 B8000000
8B55 D4
837A 4C 00
74 19
C745 F4 FFFFF
8B45 F4
33C9
3B45 08
0F94C1
0FB6D1
85D2
74 0D
83C8 FF
E9 8E000000
E9 89000000
8B45 D4
8378 3C 00
75 36
8A4D 08
884D F3
8B55 D4
8B42 4C
8945 DC
8B4D DC
51
0FB655 F3
52
E8 BEF40000
83C4 08
33C9
83F8 FF
0F95C1
0FB6D1
85D2
74 07
8B45 08
EB 4C
EB 4A
33C0
74 43
8B4D D4
8A55 08
8851 40
8B45 D4
83C0 40
8945 D8
8B4D D4
8B51 10
8B45 D4
83C0 40
8902
8B4D D4
8B51 20
8B45 D8
8902
8B4D D4
83C1 41
2B4D D8

MOV EAX,DWORD PTR SS:[LOCAL.12]


JMP 00423674
JMP 00423674
MOV EDX,DWORD PTR SS:[LOCAL.11]
CMP DWORD PTR DS:[EDX+4C],0
JE SHORT 004235DE
MOV DWORD PTR SS:[LOCAL.3],-1
MOV EAX,DWORD PTR SS:[LOCAL.3]
XOR ECX,ECX
CMP EAX,DWORD PTR SS:[ARG.1]
SETE CL
MOVZX EDX,CL
TEST EDX,EDX
JE SHORT 004235EB
OR EAX,FFFFFFFF
JMP 00423674
JMP 00423674
MOV EAX,DWORD PTR SS:[LOCAL.11]
CMP DWORD PTR DS:[EAX+3C],0
JNE SHORT 0042362A
MOV CL,BYTE PTR SS:[ARG.1]
MOV BYTE PTR SS:[LOCAL.4+3],CL
MOV EDX,DWORD PTR SS:[LOCAL.11]
MOV EAX,DWORD PTR DS:[EDX+4C]
MOV DWORD PTR SS:[LOCAL.9],EAX
MOV ECX,DWORD PTR SS:[LOCAL.9]
PUSH ECX
MOVZX EDX,BYTE PTR SS:[LOCAL.4+3]
PUSH EDX
CALL 00432ACF
ADD ESP,8
XOR ECX,ECX
CMP EAX,-1
SETNE CL
MOVZX EDX,CL
TEST EDX,EDX
JE SHORT 0042362A
MOV EAX,DWORD PTR SS:[ARG.1]
JMP SHORT 00423674
JMP SHORT 00423674
XOR EAX,EAX
JE SHORT 00423671
MOV ECX,DWORD PTR SS:[LOCAL.11]
MOV DL,BYTE PTR SS:[ARG.1]
MOV BYTE PTR DS:[ECX+40],DL
MOV EAX,DWORD PTR SS:[LOCAL.11]
ADD EAX,40
MOV DWORD PTR SS:[LOCAL.10],EAX
MOV ECX,DWORD PTR SS:[LOCAL.11]
MOV EDX,DWORD PTR DS:[ECX+10]
MOV EAX,DWORD PTR SS:[LOCAL.11]
ADD EAX,40
MOV DWORD PTR DS:[EDX],EAX
MOV ECX,DWORD PTR SS:[LOCAL.11]
MOV EDX,DWORD PTR DS:[ECX+20]
MOV EAX,DWORD PTR SS:[LOCAL.10]
MOV DWORD PTR DS:[EDX],EAX
MOV ECX,DWORD PTR SS:[LOCAL.11]
ADD ECX,41
SUB ECX,DWORD PTR SS:[LOCAL.10]

00423662
00423665
00423668
0042366A
0042366D
0042366F
00423671
00423674
00423676
00423677
0042367A
0042367B
0042367C
0042367D
0042367E
0042367F
00423680
00423681
00423683
00423686
00423689
0042368C
0042368F
00423691
00423694
00423698
0042369A
0042369D
004236A0
004236A2
004236A5
004236A8
004236AB
004236AE
004236B1
004236B3
004236B5
004236B8
004236BA
004236BD
004236C0
004236C2
004236C5
004236C8
004236CB
004236CD
004236CF
004236D2
004236D4
004236D7
004236DA
004236DC
004236DF
004236E6
004236E9
004236EB
004236EE
004236F1
004236F4
004236F6

|.
|.
|.
|.
|.
|.
|>
|>
|.
\.

/.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.

8B55 D4
8B42 30
8908
8B45 08
EB 05
EB 03
83C8 FF
8BE5
5D
C2 0400
CC
CC
CC
CC
CC
CC
55
8BEC
83EC 18
894D E8
8B45 E8
8B48 20
8B11
8955 F4
837D F4 00
74 35
8B45 E8
8B48 20
8B11
8955 F0
8B45 E8
8B48 30
8B55 E8
8B42 20
8B10
0311
3955 F0
73 15
8B45 E8
8B48 20
8B11
8955 EC
8B45 EC
0FB600
EB 46
EB 44
8B4D E8
8B11
8B4D E8
8B42 14
FFD0
8945 FC
C745 F8 FFFFF
8B4D F8
33D2
3B4D FC
0F94C2
0FB6C2
85C0
74 07

MOV EDX,DWORD PTR SS:[LOCAL.11]


MOV EAX,DWORD PTR DS:[EDX+30]
MOV DWORD PTR DS:[EAX],ECX
MOV EAX,DWORD PTR SS:[ARG.1]
JMP SHORT 00423674
JMP SHORT 00423674
OR EAX,FFFFFFFF
MOV ESP,EBP
POP EBP
RETN 4
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
SUB ESP,18
MOV DWORD PTR SS:[LOCAL.6],ECX
MOV EAX,DWORD PTR SS:[LOCAL.6]
MOV ECX,DWORD PTR DS:[EAX+20]
MOV EDX,DWORD PTR DS:[ECX]
MOV DWORD PTR SS:[LOCAL.3],EDX
CMP DWORD PTR SS:[LOCAL.3],0
JE SHORT 004236CF
MOV EAX,DWORD PTR SS:[LOCAL.6]
MOV ECX,DWORD PTR DS:[EAX+20]
MOV EDX,DWORD PTR DS:[ECX]
MOV DWORD PTR SS:[LOCAL.4],EDX
MOV EAX,DWORD PTR SS:[LOCAL.6]
MOV ECX,DWORD PTR DS:[EAX+30]
MOV EDX,DWORD PTR SS:[LOCAL.6]
MOV EAX,DWORD PTR DS:[EDX+20]
MOV EDX,DWORD PTR DS:[EAX]
ADD EDX,DWORD PTR DS:[ECX]
CMP DWORD PTR SS:[LOCAL.4],EDX
JNB SHORT 004236CF
MOV EAX,DWORD PTR SS:[LOCAL.6]
MOV ECX,DWORD PTR DS:[EAX+20]
MOV EDX,DWORD PTR DS:[ECX]
MOV DWORD PTR SS:[LOCAL.5],EDX
MOV EAX,DWORD PTR SS:[LOCAL.5]
MOVZX EAX,BYTE PTR DS:[EAX]
JMP SHORT 00423713
JMP SHORT 00423713
MOV ECX,DWORD PTR SS:[LOCAL.6]
MOV EDX,DWORD PTR DS:[ECX]
MOV ECX,DWORD PTR SS:[LOCAL.6]
MOV EAX,DWORD PTR DS:[EDX+14]
CALL EAX
MOV DWORD PTR SS:[LOCAL.1],EAX
MOV DWORD PTR SS:[LOCAL.2],-1
MOV ECX,DWORD PTR SS:[LOCAL.2]
XOR EDX,EDX
CMP ECX,DWORD PTR SS:[LOCAL.1]
SETE DL
MOVZX EAX,DL
TEST EAX,EAX
JE SHORT 004236FF

004236F8
004236FB
004236FD
004236FF
00423702
00423703
00423706
00423708
0042370B
0042370E
00423710
00423713
00423715
00423716
00423717
00423718
00423719
0042371A
0042371B
0042371C
0042371D
0042371E
0042371F
00423720
00423721
00423723
00423725
0042372A
00423730
00423731
00423737
0042373C
0042373E
00423741
00423742
00423745
0042374B
00423751
00423757
0042375A
0042375C
0042375F
00423763
00423769
0042376F
00423772
00423774
0042377A
00423780
00423783
00423789
0042378C
0042378E
00423790
00423796
00423798
0042379E
004237A1
004237A3
004237A6

|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|>
|.
\.

/.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.

8B45 FC
EB 16
EB 14
8B4D FC
51
8B55 E8
8B02
8B4D E8
8B50 08
FFD2
8B45 FC
8BE5
5D
C3
CC
CC
CC
CC
CC
CC
CC
CC
CC
55
8BEC
6A FF
68 C8664400
64:A1 0000000
50
81EC 18010000
A1 A0154500
33C5
8945 EC
50
8D45 F4
64:A3 0000000
898D E4FEFFFF
8B85 E4FEFFFF
8B48 20
8B11
8955 80
837D 80 00
0F84 85000000
8B85 E4FEFFFF
8B48 20
8B11
8995 7CFFFFFF
8B85 E4FEFFFF
8B48 30
8B95 E4FEFFFF
8B42 20
8B10
0311
3995 7CFFFFFF
73 56
8B85 E4FEFFFF
8B48 30
8B11
83EA 01
8B85 E4FEFFFF

MOV EAX,DWORD PTR SS:[LOCAL.1]


JMP SHORT 00423713
JMP SHORT 00423713
MOV ECX,DWORD PTR SS:[LOCAL.1]
PUSH ECX
MOV EDX,DWORD PTR SS:[LOCAL.6]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[LOCAL.6]
MOV EDX,DWORD PTR DS:[EAX+8]
CALL EDX
MOV EAX,DWORD PTR SS:[LOCAL.1]
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
PUSH -1
PUSH 004466C8
MOV EAX,DWORD PTR FS:[0]
PUSH EAX
SUB ESP,118
MOV EAX,DWORD PTR DS:[4515A0]
XOR EAX,EBP
MOV DWORD PTR SS:[LOCAL.5],EAX
PUSH EAX
LEA EAX,[LOCAL.3]
MOV DWORD PTR FS:[0],EAX
MOV DWORD PTR SS:[LOCAL.71],ECX
MOV EAX,DWORD PTR SS:[LOCAL.71]
MOV ECX,DWORD PTR DS:[EAX+20]
MOV EDX,DWORD PTR DS:[ECX]
MOV DWORD PTR SS:[LOCAL.32],EDX
CMP DWORD PTR SS:[LOCAL.32],0
JE 004237EE
MOV EAX,DWORD PTR SS:[LOCAL.71]
MOV ECX,DWORD PTR DS:[EAX+20]
MOV EDX,DWORD PTR DS:[ECX]
MOV DWORD PTR SS:[LOCAL.33],EDX
MOV EAX,DWORD PTR SS:[LOCAL.71]
MOV ECX,DWORD PTR DS:[EAX+30]
MOV EDX,DWORD PTR SS:[LOCAL.71]
MOV EAX,DWORD PTR DS:[EDX+20]
MOV EDX,DWORD PTR DS:[EAX]
ADD EDX,DWORD PTR DS:[ECX]
CMP DWORD PTR SS:[LOCAL.33],EDX
JNB SHORT 004237EE
MOV EAX,DWORD PTR SS:[LOCAL.71]
MOV ECX,DWORD PTR DS:[EAX+30]
MOV EDX,DWORD PTR DS:[ECX]
SUB EDX,1
MOV EAX,DWORD PTR SS:[LOCAL.71]

004237AC |.
004237AF |.
004237B1 |.
004237B7 |.
004237BA |.
004237BC |.
004237C2 |.
004237C8 |.
004237CB |.
004237CD |.
004237D0 |.
004237D6 |.
004237D9 |.
004237DB |.
004237E1 |.
004237E4 |.
004237E9 |.
004237EE |>
004237F4 |.
004237F8 |.
004237FA |.
004237FD |.
00423802 |.
00423807 |>
0042380D |.
00423811 |.
00423813 |.
00423819 |.
0042381C |.
00423822 |.
00423828 |.
00423829 |.
0042382E |.
00423831 |.
00423837 |.
0042383E |.
00423840 |.
00423847 |.
00423849 |.
0042384B |>
00423851 |.
00423854 |.
0042385B |>
00423862 |.
00423864 |.
00423866 |.
0042386A |.
00423870 |.
00423872 |>
0042387C |>
00423882 |.
00423887 |.
0042388C |>
00423892 |.
00423898 |.
0042389A |.
0042389C |.
0042389F |.
fo.0040FB60
004238A4 |.

8B48 30
8911
8B95 E4FEFFFF
8B42 20
8B08
898D 78FFFFFF
8B95 E4FEFFFF
8B42 20
8B08
83C1 01
8B95 E4FEFFFF
8B42 20
8908
8B8D 78FFFFFF
0FB601
E9 C7030000
E9 C2030000
8B95 E4FEFFFF
837A 4C 00
75 0D
83C8 FF
E9 AE030000
E9 A9030000
8B85 E4FEFFFF
8378 3C 00
75 79
8B8D E4FEFFFF
8B51 4C
8995 70FFFFFF
8B85 70FFFFFF
50
E8 13F30000
83C4 04
8985 74FFFFFF
83BD 74FFFFFF
75 0B
C685 6FFFFFFF
EB 12
EB 10
8A8D 74FFFFFF
884D F3
C685 6FFFFFFF
0FB695 6FFFFF
85D2
74 0C
0FB645 F3
8985 E0FEFFFF
EB 0A
C785 E0FEFFFF
8B85 E0FEFFFF
E9 29030000
E9 24030000
8D8D 63FFFFFF
898D 64FFFFFF
6A 00
6A 00
8D4D D0
E8 BCC2FEFF

MOV ECX,DWORD PTR DS:[EAX+30]


MOV DWORD PTR DS:[ECX],EDX
MOV EDX,DWORD PTR SS:[LOCAL.71]
MOV EAX,DWORD PTR DS:[EDX+20]
MOV ECX,DWORD PTR DS:[EAX]
MOV DWORD PTR SS:[LOCAL.34],ECX
MOV EDX,DWORD PTR SS:[LOCAL.71]
MOV EAX,DWORD PTR DS:[EDX+20]
MOV ECX,DWORD PTR DS:[EAX]
ADD ECX,1
MOV EDX,DWORD PTR SS:[LOCAL.71]
MOV EAX,DWORD PTR DS:[EDX+20]
MOV DWORD PTR DS:[EAX],ECX
MOV ECX,DWORD PTR SS:[LOCAL.34]
MOVZX EAX,BYTE PTR DS:[ECX]
JMP 00423BB0
JMP 00423BB0
MOV EDX,DWORD PTR SS:[LOCAL.71]
CMP DWORD PTR DS:[EDX+4C],0
JNE SHORT 00423807
OR EAX,FFFFFFFF
JMP 00423BB0
JMP 00423BB0
MOV EAX,DWORD PTR SS:[LOCAL.71]
CMP DWORD PTR DS:[EAX+3C],0
JNE SHORT 0042388C
MOV ECX,DWORD PTR SS:[LOCAL.71]
MOV EDX,DWORD PTR DS:[ECX+4C]
MOV DWORD PTR SS:[LOCAL.36],EDX
MOV EAX,DWORD PTR SS:[LOCAL.36]
PUSH EAX
CALL 00432B41
ADD ESP,4
MOV DWORD PTR SS:[LOCAL.35],EAX
CMP DWORD PTR SS:[LOCAL.35],-1
JNE SHORT 0042384B
MOV BYTE PTR SS:[LOCAL.37+3],0
JMP SHORT 0042385B
JMP SHORT 0042385B
MOV CL,BYTE PTR SS:[LOCAL.35]
MOV BYTE PTR SS:[LOCAL.4+3],CL
MOV BYTE PTR SS:[LOCAL.37+3],1
MOVZX EDX,BYTE PTR SS:[EBP-91]
TEST EDX,EDX
JE SHORT 00423872
MOVZX EAX,BYTE PTR SS:[EBP-0D]
MOV DWORD PTR SS:[EBP-120],EAX
JMP SHORT 0042387C
MOV DWORD PTR SS:[EBP-120],-1
MOV EAX,DWORD PTR SS:[EBP-120]
JMP 00423BB0
JMP 00423BB0
LEA ECX,[LOCAL.40+3]
MOV DWORD PTR SS:[LOCAL.39],ECX
PUSH 0
PUSH 0
LEA ECX,[LOCAL.12]
CALL 0040FB60

C745 FC 00000 MOV DWORD PTR SS:[LOCAL.1],0

;
;
;
;

/Arg2 = 0
|Arg1 = 0
|
\SystemIn

004238AB |>
004238B1 |.
004238B4 |.
004238B5 |.
004238BA |.
004238BD |.
004238C0 |.
004238C4 |.
004238C6 |.
004238CD |.
004238D4 |.
004238D6 |.
004238D8 |.
004238DB |.
fo.0040FB60
004238E0 |.
004238E3 |.
004238E8 |>
004238EC |.
004238ED |.
004238EF |.
004238F2 |.
fo.0040EF80
004238F7 |.
004238FB |.
004238FD |.
00423900 |.
00423906 |.
00423908 |>
0042390B |.
00423911 |>
00423914 |.
00423915 |.
0042391B |.
0042391C |.
0042391F |.
fo.0042A290
00423924 |.
00423927 |.
fo.00429BC0
0042392C |.
00423932 |.
00423935 |.
0042393B |.
0042393F |.
00423941 |.
00423944 |.
0042394A |.
0042394C |>
0042394F |.
00423955 |>
00423958 |.
00423959 |.
0042395F |.
00423960 |.
00423963 |.
fo.0042A290
00423968 |.
0042396B |.
fo.00429BC0

8B95 E4FEFFFF
8B42 4C
50
E8 87F20000
83C4 04
8945 BC
837D BC FF
75 22
C745 B8 FFFFF
C745 FC FFFFF
6A 00
6A 01
8D4D D0
E8 80C2FEFF

MOV EDX,DWORD PTR SS:[EBP-11C]


MOV EAX,DWORD PTR DS:[EDX+4C]
PUSH EAX
CALL 00432B41
ADD ESP,4
MOV DWORD PTR SS:[EBP-44],EAX
CMP DWORD PTR SS:[EBP-44],-1
JNE SHORT 004238E8
MOV DWORD PTR SS:[EBP-48],-1
MOV DWORD PTR SS:[EBP-4],-1
PUSH 0
PUSH 1
LEA ECX,[EBP-30]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

8B45 B8
E9 C8020000
0FB64D BC
51
6A 01
8D4D D0
E8 89B6FEFF

MOV EAX,DWORD PTR SS:[EBP-48]


JMP 00423BB0
MOVZX ECX,BYTE PTR SS:[EBP-44]
PUSH ECX
PUSH 1
LEA ECX,[EBP-30]
CALL 0040EF80

;
;
;
;

/Arg2
|Arg1 = 1
|
\SystemIn

837D E8 10
72 0B
8B55 D4
8995 58FFFFFF
EB 09
8D45 D4
8985 58FFFFFF
8D4D D0
51
8B95 58FFFFFF
52
8D4D B0
E8 6C690000

CMP DWORD PTR SS:[EBP-18],10


JB SHORT 00423908
MOV EDX,DWORD PTR SS:[EBP-2C]
MOV DWORD PTR SS:[EBP-0A8],EDX
JMP SHORT 00423911
LEA EAX,[EBP-2C]
MOV DWORD PTR SS:[EBP-0A8],EAX
LEA ECX,[EBP-30]
PUSH ECX
MOV EDX,DWORD PTR SS:[EBP-0A8]
PUSH EDX
LEA ECX,[EBP-50]
CALL 0042A290

;
;
;
;
;

/Arg2
|
|Arg1
|
\SystemIn

8D4D B0
E8 94620000

LEA ECX,[EBP-50]
CALL 00429BC0

; [SystemIn

8985 54FFFFFF
8B45 E4
8985 50FFFFFF
837D E8 10
72 0B
8B4D D4
898D 4CFFFFFF
EB 09
8D55 D4
8995 4CFFFFFF
8D45 D0
50
8B8D 4CFFFFFF
51
8D4D A8
E8 28690000

MOV DWORD PTR SS:[EBP-0AC],EAX


MOV EAX,DWORD PTR SS:[EBP-1C]
MOV DWORD PTR SS:[EBP-0B0],EAX
CMP DWORD PTR SS:[EBP-18],10
JB SHORT 0042394C
MOV ECX,DWORD PTR SS:[EBP-2C]
MOV DWORD PTR SS:[EBP-0B4],ECX
JMP SHORT 00423955
LEA EDX,[EBP-2C]
MOV DWORD PTR SS:[EBP-0B4],EDX
LEA EAX,[EBP-30]
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP-0B4]
PUSH ECX
LEA ECX,[EBP-58]
CALL 0042A290

;
;
;
;
;

8D4D A8
E8 50620000

LEA ECX,[EBP-58]
CALL 00429BC0

; [SystemIn

/Arg2
|
|Arg1
|
\SystemIn

00423970 |.
00423976 |.
0042397C |.
0042397F |.
00423985 |.
00423988 |.
00423989 |.
0042398C |.
0042398D |.
00423990 |.
00423991 |.
00423994 |.
00423995 |.
0042399B |.
004239A1 |.
004239A2 |.
004239A8 |.
004239A9 |.
004239AF |.
004239B2 |.
004239B3 |.
004239B9 |.
004239BB |.
004239C1 |.
004239C4 |.
004239C6 |.
004239CC |.
004239D3 |.
004239D9 |.
004239E0 |.
004239E2 |.
004239E9 |.
004239EF |.
004239F4 |>
004239F7 |.
004239FA |.
004239FC |.
00423A02 |.
00423A06 |.
00423A08 |.
00423A0B |.
00423A11 |.
00423A13 |>
00423A16 |.
00423A1C |>
00423A1F |.
00423A20 |.
00423A26 |.
00423A27 |.
00423A2A |.
fo.0042A290
00423A2F |.
00423A32 |.
fo.00429BC0
00423A37 |.
00423A3D |.
00423A40 |.
00423A46 |.
00423A4C |.
00423A52 |.

8985 48FFFFFF
8B95 E4FEFFFF
8B42 3C
8985 44FFFFFF
8D4D C0
51
8D55 C8
52
8D45 C7
50
8D4D C8
51
8B95 54FFFFFF
0395 50FFFFFF
52
8B85 48FFFFFF
50
8B8D E4FEFFFF
83C1 44
51
8B95 44FFFFFF
8B02
8B8D 44FFFFFF
8B50 10
FFD2
8985 DCFEFFFF
83BD DCFEFFFF
0F8C A0010000
83BD DCFEFFFF
7E 12
83BD DCFEFFFF
0F84 0E010000
E9 85010000
8B45 C0
8D4D C7
3BC1
0F84 A7000000
837D E8 10
72 0B
8B55 D4
8995 40FFFFFF
EB 09
8D45 D4
8985 40FFFFFF
8D4D D0
51
8B95 40FFFFFF
52
8D4D A0
E8 61680000

MOV DWORD PTR SS:[EBP-0B8],EAX


MOV EDX,DWORD PTR SS:[EBP-11C]
MOV EAX,DWORD PTR DS:[EDX+3C]
MOV DWORD PTR SS:[EBP-0BC],EAX
LEA ECX,[EBP-40]
PUSH ECX
LEA EDX,[EBP-38]
PUSH EDX
LEA EAX,[EBP-39]
PUSH EAX
LEA ECX,[EBP-38]
PUSH ECX
MOV EDX,DWORD PTR SS:[EBP-0AC]
ADD EDX,DWORD PTR SS:[EBP-0B0]
PUSH EDX
MOV EAX,DWORD PTR SS:[EBP-0B8]
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP-11C]
ADD ECX,44
PUSH ECX
MOV EDX,DWORD PTR SS:[EBP-0BC]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[EBP-0BC]
MOV EDX,DWORD PTR DS:[EAX+10]
CALL EDX
MOV DWORD PTR SS:[EBP-124],EAX
CMP DWORD PTR SS:[EBP-124],0
JL 00423B79
CMP DWORD PTR SS:[EBP-124],1
JLE SHORT 004239F4
CMP DWORD PTR SS:[EBP-124],3
JE 00423AFD
JMP 00423B79
MOV EAX,DWORD PTR SS:[EBP-40]
LEA ECX,[EBP-39]
CMP EAX,ECX
JE 00423AA9
CMP DWORD PTR SS:[EBP-18],10
JB SHORT 00423A13
MOV EDX,DWORD PTR SS:[EBP-2C]
MOV DWORD PTR SS:[EBP-0C0],EDX
JMP SHORT 00423A1C
LEA EAX,[EBP-2C]
MOV DWORD PTR SS:[EBP-0C0],EAX
LEA ECX,[EBP-30]
PUSH ECX
MOV EDX,DWORD PTR SS:[EBP-0C0]
PUSH EDX
LEA ECX,[EBP-60]
CALL 0042A290

;
;
;
;
;

8D4D A0
E8 89610000

LEA ECX,[EBP-60]
CALL 00429BC0

; [SystemIn

8985
8B45
8985
8B8D
038D
2B4D

MOV
MOV
MOV
MOV
ADD
SUB

3CFFFFFF
E4
38FFFFFF
3CFFFFFF
38FFFFFF
C8

DWORD PTR
EAX,DWORD
DWORD PTR
ECX,DWORD
ECX,DWORD
ECX,DWORD

SS:[EBP-0C4],EAX
PTR SS:[EBP-1C]
SS:[EBP-0C8],EAX
PTR SS:[EBP-0C4]
PTR SS:[EBP-0C8]
PTR SS:[EBP-38]

/Arg2
|
|Arg1
|
\SystemIn

00423A55 |.
00423A58 |>
00423A5C |.
00423A5E |.
00423A61 |.
00423A64 |.
00423A67 |.
00423A6D |.
00423A70 |.
00423A71 |.
00423A74 |.
00423A77 |.
00423A7A |.
00423A7B |.
00423A80 |.
00423A83 |.^
00423A85 |>
00423A89 |.
00423A8C |.
00423A93 |.
00423A95 |.
00423A97 |.
00423A9A |.
fo.0040FB60
00423A9F |.
00423AA2 |.
00423AA7 |.^
00423AA9 |>
00423AAD |.
00423AAF |.
00423AB2 |.
00423AB8 |.
00423ABA |>
00423ABD |.
00423AC3 |>
00423AC6 |.
00423AC7 |.
00423ACD |.
00423ACE |.
00423AD1 |.
fo.0042A290
00423AD6 |.
00423AD9 |.
fo.00429BC0
00423ADE |.
00423AE4 |.
00423AE7 |.
00423AED |.
00423AEE |.
00423AF0 |.
00423AF3 |.
fo.0040F400
00423AF8 |>^
00423AFD |>
00423B00 |.
00423B06 |.
00423B0D |.
00423B0F |.^
00423B14 |>
00423B18 |.

894D CC
837D CC 00
7E 27
8B55 CC
83EA 01
8955 CC
8B85 E4FEFFFF
8B48 4C
51
8B55 C8
0355 CC
0FBE02
50
E8 4FF00000
83C4 08
EB D3
0FB64D C7
894D 9C
C745 FC FFFFF
6A 00
6A 01
8D4D D0
E8 C1C0FEFF

MOV DWORD PTR SS:[EBP-34],ECX


/CMP DWORD PTR SS:[EBP-34],0
|JLE SHORT 00423A85
|MOV EDX,DWORD PTR SS:[EBP-34]
|SUB EDX,1
|MOV DWORD PTR SS:[EBP-34],EDX
|MOV EAX,DWORD PTR SS:[EBP-11C]
|MOV ECX,DWORD PTR DS:[EAX+4C]
|PUSH ECX
|MOV EDX,DWORD PTR SS:[EBP-38]
|ADD EDX,DWORD PTR SS:[EBP-34]
|MOVSX EAX,BYTE PTR DS:[EDX]
|PUSH EAX
|CALL 00432ACF
|ADD ESP,8
\JMP SHORT 00423A58
MOVZX ECX,BYTE PTR SS:[EBP-39]
MOV DWORD PTR SS:[EBP-64],ECX
MOV DWORD PTR SS:[EBP-4],-1
PUSH 0
PUSH 1
LEA ECX,[EBP-30]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

8B45 9C
E9 09010000
EB 4F
837D E8 10
72 0B
8B55 D4
8995 34FFFFFF
EB 09
8D45 D4
8985 34FFFFFF
8D4D D0
51
8B95 34FFFFFF
52
8D4D 94
E8 BA670000

MOV EAX,DWORD PTR SS:[EBP-64]


JMP 00423BB0
JMP SHORT 00423AF8
CMP DWORD PTR SS:[EBP-18],10
JB SHORT 00423ABA
MOV EDX,DWORD PTR SS:[EBP-2C]
MOV DWORD PTR SS:[EBP-0CC],EDX
JMP SHORT 00423AC3
LEA EAX,[EBP-2C]
MOV DWORD PTR SS:[EBP-0CC],EAX
LEA ECX,[EBP-30]
PUSH ECX
MOV EDX,DWORD PTR SS:[EBP-0CC]
PUSH EDX
LEA ECX,[EBP-6C]
CALL 0042A290

;
;
;
;
;

/Arg2
|
|Arg1
|
\SystemIn

8D4D 94
E8 E2600000

LEA ECX,[EBP-6C]
CALL 00429BC0

; [SystemIn

8985 30FFFFFF
8B45 C8
2B85 30FFFFFF
50
6A 00
8D4D D0
E8 08B9FEFF

MOV DWORD PTR SS:[EBP-0D0],EAX


MOV EAX,DWORD PTR SS:[EBP-38]
SUB EAX,DWORD PTR SS:[EBP-0D0]
PUSH EAX
PUSH 0
LEA ECX,[EBP-30]
CALL 0040F400

;
;
;
;

E9 9B000000
8B4D E4
898D 14FFFFFF
83BD 14FFFFFF
73 05
E9 84000000
837D E8 10
72 0B

JMP 00423B98
MOV ECX,DWORD PTR SS:[EBP-1C]
MOV DWORD PTR SS:[EBP-0EC],ECX
CMP DWORD PTR SS:[EBP-0EC],1
JNB SHORT 00423B14
JMP 00423B98
CMP DWORD PTR SS:[EBP-18],10
JB SHORT 00423B25

/Arg2
|Arg1 = 0
|
\SystemIn

00423B1A |.
00423B1D |.
00423B23 |.
00423B25 |>
00423B28 |.
00423B2E |>
00423B31 |.
00423B32 |.
00423B38 |.
00423B39 |.
00423B3C |.
fo.0042A290
00423B41 |.
00423B43 |.
00423B46 |.
nfo.00429BC0
00423B4B |.
00423B4C |.
00423B4E |.
00423B51 |.
00423B52 |.
fo.0042EA08
00423B57 |.
00423B5A |.
00423B5E |.
00423B61 |.
00423B68 |.
00423B6A |.
00423B6C |.
00423B6F |.
fo.0040FB60
00423B74 |.
00423B77 |.
00423B79 |>
00423B80 |.
00423B87 |.
00423B89 |.
00423B8B |.
00423B8E |.
fo.0040FB60
00423B93 |.
00423B96 |.
00423B98 \>^
00423B9D /.
00423BA4 |.
00423BA6 |.
00423BA8 |.
00423BAB |.
fo.0040FB60
00423BB0 |>
00423BB3 |.
00423BBA |.
00423BBB |.
00423BBE |.
00423BC0 |.
00423BC5 |.
00423BC7 |.
00423BC8 \.
00423BC9
00423BCA

8B55 D4
8995 10FFFFFF
EB 09
8D45 D4
8985 10FFFFFF
8D4D D0
51
8B95 10FFFFFF
52
8D4D 8C
E8 4F670000

MOV EDX,DWORD PTR SS:[EBP-2C]


MOV DWORD PTR SS:[EBP-0F0],EDX
JMP SHORT 00423B2E
LEA EAX,[EBP-2C]
MOV DWORD PTR SS:[EBP-0F0],EAX
LEA ECX,[EBP-30]
PUSH ECX
MOV EDX,DWORD PTR SS:[EBP-0F0]
PUSH EDX
LEA ECX,[EBP-74]
CALL 0042A290

;
;
;
;
;

6A 01
8D4D 8C
E8 75600000

PUSH 1
LEA ECX,[EBP-74]
CALL 00429BC0

; /Arg4 = 1
; |
; |[SystemI

50
6A 01
8D45 C7
50
E8 B1AE0000

PUSH EAX
PUSH 1
LEA EAX,[EBP-39]
PUSH EAX
CALL 0042EA08

;
;
;
;
;

|Arg3
|Arg2 = 1
|
|Arg1
\SystemIn

83C4 10
0FB64D C7
894D 88
C745 FC FFFFF
6A 00
6A 01
8D4D D0
E8 ECBFFEFF

ADD ESP,10
MOVZX ECX,BYTE PTR SS:[EBP-39]
MOV DWORD PTR SS:[EBP-78],ECX
MOV DWORD PTR SS:[EBP-4],-1
PUSH 0
PUSH 1
LEA ECX,[EBP-30]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

8B45 88
EB 37
C745 84 FFFFF
C745 FC FFFFF
6A 00
6A 01
8D4D D0
E8 CDBFFEFF

MOV EAX,DWORD PTR SS:[EBP-78]


JMP SHORT 00423BB0
MOV DWORD PTR SS:[EBP-7C],-1
MOV DWORD PTR SS:[EBP-4],-1
PUSH 0
PUSH 1
LEA ECX,[EBP-30]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

8B45 84
EB 18
E9 0EFDFFFF
C745 FC FFFFF
6A 00
6A 01
8D4D D0
E8 B0BFFEFF

MOV EAX,DWORD PTR SS:[EBP-7C]


JMP SHORT 00423BB0
JMP 004238AB
MOV DWORD PTR SS:[EBP-4],-1
PUSH 0
PUSH 1
LEA ECX,[EBP-30]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

8B4D F4
64:890D 00000
59
8B4D EC
33CD
E8 2CAB0000
8BE5
5D
C3
CC
CC

MOV ECX,DWORD PTR SS:[EBP-0C]


MOV DWORD PTR FS:[0],ECX
POP ECX
MOV ECX,DWORD PTR SS:[EBP-14]
XOR ECX,EBP
CALL 0042E6F1
MOV ESP,EBP
POP EBP
RETN
INT3
INT3

/Arg2
|
|Arg1
|
\SystemIn

00423BCB
CC
INT3
00423BCC
CC
INT3
00423BCD
CC
INT3
00423BCE
CC
INT3
00423BCF
CC
INT3
00423BD0 /$ 55
PUSH EBP
o.00423BD0(guessed Arg1,Arg2,Arg3)
00423BD1 |. 8BEC
MOV EBP,ESP
00423BD3 |. 83EC 20
SUB ESP,20
00423BD6 |. 894D E8
MOV DWORD PTR SS:[LOCAL.6],ECX
00423BD9 |. 8B45 E8
MOV EAX,DWORD PTR SS:[LOCAL.6]
00423BDC |. 8378 18 10
CMP DWORD PTR DS:[EAX+18],10
00423BE0 |. 72 0B
JB SHORT 00423BED
00423BE2 |. 8B4D E8
MOV ECX,DWORD PTR SS:[LOCAL.6]
00423BE5 |. 8B51 04
MOV EDX,DWORD PTR DS:[ECX+4]
00423BE8 |. 8955 E4
MOV DWORD PTR SS:[LOCAL.7],EDX
00423BEB |. EB 09
JMP SHORT 00423BF6
00423BED |> 8B45 E8
MOV EAX,DWORD PTR SS:[LOCAL.6]
00423BF0 |. 83C0 04
ADD EAX,4
00423BF3 |. 8945 E4
MOV DWORD PTR SS:[LOCAL.7],EAX
00423BF6 |> 8B4D E4
MOV ECX,DWORD PTR SS:[LOCAL.7]
00423BF9 |. 894D F8
MOV DWORD PTR SS:[LOCAL.2],ECX
00423BFC |. 8B55 F8
MOV EDX,DWORD PTR SS:[LOCAL.2]
00423BFF |. 0355 0C
ADD EDX,DWORD PTR SS:[ARG.2]
00423C02 |. 8955 EC
MOV DWORD PTR SS:[LOCAL.5],EDX
00423C05 |. C745 F4 00000 MOV DWORD PTR SS:[LOCAL.3],0
00423C0C |. EB 18
JMP SHORT 00423C26
00423C0E |> E8 61B50000 /CALL 0042F174
00423C13 |. 50
|PUSH EAX
00423C14 |. 8B45 EC
|MOV EAX,DWORD PTR SS:[LOCAL.5]
00423C17 |. 50
|PUSH EAX
[LOCAL.5]
00423C18 |. E8 8EB10000 |CALL 0042EDAB
fo.0042EDAB
00423C1D |. 83C4 08
|ADD ESP,8
00423C20 |. 0345 EC
|ADD EAX,DWORD PTR SS:[LOCAL.5]
00423C23 |. 8945 EC
|MOV DWORD PTR SS:[LOCAL.5],EAX
00423C26 |> 8B4D 10
|MOV ECX,DWORD PTR SS:[ARG.3]
00423C29 |. 51
|PUSH ECX
00423C2A |. 8B55 08
|MOV EDX,DWORD PTR SS:[ARG.1]
00423C2D |. 52
|PUSH EDX
00423C2E |. 8B45 EC
|MOV EAX,DWORD PTR SS:[LOCAL.5]
00423C31 |. 50
|PUSH EAX
00423C32 |. E8 B9E7FFFF |CALL 004223F0
00423C37 |. 83C4 0C
|ADD ESP,0C
00423C3A |. 8945 EC
|MOV DWORD PTR SS:[LOCAL.5],EAX
00423C3D |. 837D EC 00
|CMP DWORD PTR SS:[LOCAL.5],0
00423C41 |. 74 08
|JE SHORT 00423C4B
00423C43 |. 8B4D EC
|MOV ECX,DWORD PTR SS:[LOCAL.5]
00423C46 |. 894D F4
|MOV DWORD PTR SS:[LOCAL.3],ECX
00423C49 |.^ EB C3
\JMP SHORT 00423C0E
00423C4B |> 8B55 F4
MOV EDX,DWORD PTR SS:[LOCAL.3]
00423C4E |. 8955 FC
MOV DWORD PTR SS:[LOCAL.1],EDX
00423C51 |. 837D FC 00
CMP DWORD PTR SS:[LOCAL.1],0
00423C55 |. 75 0A
JNE SHORT 00423C61
00423C57 |. A1 AC874400 MOV EAX,DWORD PTR DS:[4487AC]
00423C5C |. 8945 E0
MOV DWORD PTR SS:[LOCAL.8],EAX
00423C5F |. EB 09
JMP SHORT 00423C6A
00423C61 |> 8B4D FC
MOV ECX,DWORD PTR SS:[LOCAL.1]
00423C64 |. 2B4D F8
SUB ECX,DWORD PTR SS:[LOCAL.2]

; SystemInf

; /Arg2
; |
; |Arg1 =>
; \SystemIn

00423C67
00423C6A
00423C6D
00423C6F
00423C70
00423C73
00423C74
00423C75
00423C76
00423C77
00423C78
00423C79
00423C7A
00423C7B
00423C7C
00423C7D
00423C7E
00423C7F
00423C80
00423C81
00423C83
00423C89
00423C8F
00423C95
00423C98
00423C9A
00423C9D
00423CA3
00423CA6
00423CA9
00423CAB
00423CAF
00423CB1
00423CB7
00423CBB
00423CBD
00423CC0
00423CC3
00423CC6
00423CCC
00423CD0
00423CD2
00423CD8
00423CDD
00423CE0
00423CE2
00423CE4
00423CE8
00423CEA
00423CEE
00423CF0
00423CF3
00423CF4
00423CF7
00423CF8
00423CFE
00423D01
00423D02
00423D07
00423D0A

|.
|>
|.
|.
\.

/.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.

894D E0
8B45 E0
8BE5
5D
C2 0C00
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
55
8BEC
81EC B4000000
898D 4CFFFFFF
8B85 4CFFFFFF
8B48 20
8B11
8955 F4
8B85 4CFFFFFF
83C0 40
3945 F4
75 1B
837D 10 01
75 15
8B8D 4CFFFFFF
8379 3C 00
75 09
8B55 0C
83EA 01
8955 0C
8B85 4CFFFFFF
8378 4C 00
74 56
8B8D 4CFFFFFF
E8 C3240000
0FB6C8
85C9
74 44
837D 0C 00
75 06
837D 10 01
74 1E
8B55 10
52
8B45 0C
50
8B8D 4CFFFFFF
8B51 4C
52
E8 36F00000
83C4 0C
85C0

MOV DWORD PTR SS:[LOCAL.8],ECX


MOV EAX,DWORD PTR SS:[LOCAL.8]
MOV ESP,EBP
POP EBP
RETN 0C
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
SUB ESP,0B4
MOV DWORD PTR SS:[LOCAL.45],ECX
MOV EAX,DWORD PTR SS:[LOCAL.45]
MOV ECX,DWORD PTR DS:[EAX+20]
MOV EDX,DWORD PTR DS:[ECX]
MOV DWORD PTR SS:[LOCAL.3],EDX
MOV EAX,DWORD PTR SS:[LOCAL.45]
ADD EAX,40
CMP DWORD PTR SS:[LOCAL.3],EAX
JNE SHORT 00423CC6
CMP DWORD PTR SS:[ARG.3],1
JNE SHORT 00423CC6
MOV ECX,DWORD PTR SS:[LOCAL.45]
CMP DWORD PTR DS:[ECX+3C],0
JNE SHORT 00423CC6
MOV EDX,DWORD PTR SS:[ARG.2]
SUB EDX,1
MOV DWORD PTR SS:[ARG.2],EDX
MOV EAX,DWORD PTR SS:[LOCAL.45]
CMP DWORD PTR DS:[EAX+4C],0
JE SHORT 00423D28
MOV ECX,DWORD PTR SS:[LOCAL.45]
CALL 004261A0
MOVZX ECX,AL
TEST ECX,ECX
JE SHORT 00423D28
CMP DWORD PTR SS:[ARG.2],0
JNE SHORT 00423CF0
CMP DWORD PTR SS:[ARG.3],1
JE SHORT 00423D0E
MOV EDX,DWORD PTR SS:[ARG.3]
PUSH EDX
MOV EAX,DWORD PTR SS:[ARG.2]
PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.45]
MOV EDX,DWORD PTR DS:[ECX+4C]
PUSH EDX
CALL 00432D3D
ADD ESP,0C
TEST EAX,EAX

00423D0C |. 75 1A
00423D0E |> 8D45 F8
00423D11 |. 50
OFFSET LOCAL.2
00423D12 |. 8B8D 4CFFFFFF
00423D18 |. 8B51 4C
00423D1B |. 52
[ARG.ECX+4C]
00423D1C |. E8 24EF0000
fo.00432C45
00423D21 |. 83C4 08
00423D24 |. 85C0
00423D26 |. 74 3B
00423D28 |> A1 049D4400
00423D2D |. 8985 64FFFFFF
00423D33 |. 8B4D 08
00423D36 |. 8B95 64FFFFFF
00423D3C |. 8911
00423D3E |. 8B45 08
00423D41 |. C740 08 00000
00423D48 |. C740 0C 00000
00423D4F |. 8B4D 08
00423D52 |. 8B15 D49B4400
00423D58 |. 8951 10
00423D5B |. 8B45 08
00423D5E |. E9 BE000000
00423D63 |> 8B85 4CFFFFFF
00423D69 |. 8B48 20
00423D6C |. 8B11
00423D6E |. 8995 60FFFFFF
00423D74 |. 8B85 4CFFFFFF
00423D7A |. 83C0 40
00423D7D |. 3985 60FFFFFF
00423D83 |. 75 4E
00423D85 |. 8B8D 4CFFFFFF
00423D8B |. 83C1 41
00423D8E |. 898D 5CFFFFFF
00423D94 |. 8B95 4CFFFFFF
00423D9A |. 8B42 10
00423D9D |. 8B8D 4CFFFFFF
00423DA3 |. 83C1 40
00423DA6 |. 8908
00423DA8 |. 8B95 4CFFFFFF
00423DAE |. 8B42 20
00423DB1 |. 8B8D 5CFFFFFF
00423DB7 |. 8908
00423DB9 |. 8B95 4CFFFFFF
00423DBF |. 83C2 41
00423DC2 |. 2B95 5CFFFFFF
00423DC8 |. 8B85 4CFFFFFF
00423DCE |. 8B48 30
00423DD1 |. 8911
00423DD3 |> 8B55 F8
00423DD6 |. 8995 50FFFFFF
00423DDC |. 8B45 FC
00423DDF |. 8985 54FFFFFF
00423DE5 |. 8B8D 4CFFFFFF
00423DEB |. 8B51 44
00423DEE |. 8995 58FFFFFF
00423DF4 |. 8B45 08

JNE SHORT 00423D28


LEA EAX,[LOCAL.2]
PUSH EAX

; /Arg2 =>

MOV ECX,DWORD PTR SS:[LOCAL.45]


MOV EDX,DWORD PTR DS:[ECX+4C]
PUSH EDX

; |
; |
; |Arg1 =>

CALL 00432C45

; \SystemIn

ADD ESP,8
TEST EAX,EAX
JE SHORT 00423D63
MOV EAX,DWORD PTR DS:[449D04]
MOV DWORD PTR SS:[LOCAL.39],EAX
MOV ECX,DWORD PTR SS:[ARG.1]
MOV EDX,DWORD PTR SS:[LOCAL.39]
MOV DWORD PTR DS:[ECX],EDX
MOV EAX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR DS:[EAX+8],0
MOV DWORD PTR DS:[EAX+0C],0
MOV ECX,DWORD PTR SS:[ARG.1]
MOV EDX,DWORD PTR DS:[449BD4]
MOV DWORD PTR DS:[ECX+10],EDX
MOV EAX,DWORD PTR SS:[ARG.1]
JMP 00423E21
MOV EAX,DWORD PTR SS:[LOCAL.45]
MOV ECX,DWORD PTR DS:[EAX+20]
MOV EDX,DWORD PTR DS:[ECX]
MOV DWORD PTR SS:[LOCAL.40],EDX
MOV EAX,DWORD PTR SS:[LOCAL.45]
ADD EAX,40
CMP DWORD PTR SS:[LOCAL.40],EAX
JNE SHORT 00423DD3
MOV ECX,DWORD PTR SS:[LOCAL.45]
ADD ECX,41
MOV DWORD PTR SS:[LOCAL.41],ECX
MOV EDX,DWORD PTR SS:[LOCAL.45]
MOV EAX,DWORD PTR DS:[EDX+10]
MOV ECX,DWORD PTR SS:[LOCAL.45]
ADD ECX,40
MOV DWORD PTR DS:[EAX],ECX
MOV EDX,DWORD PTR SS:[LOCAL.45]
MOV EAX,DWORD PTR DS:[EDX+20]
MOV ECX,DWORD PTR SS:[LOCAL.41]
MOV DWORD PTR DS:[EAX],ECX
MOV EDX,DWORD PTR SS:[LOCAL.45]
ADD EDX,41
SUB EDX,DWORD PTR SS:[LOCAL.41]
MOV EAX,DWORD PTR SS:[LOCAL.45]
MOV ECX,DWORD PTR DS:[EAX+30]
MOV DWORD PTR DS:[ECX],EDX
MOV EDX,DWORD PTR SS:[LOCAL.2]
MOV DWORD PTR SS:[LOCAL.44],EDX
MOV EAX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR SS:[LOCAL.43],EAX
MOV ECX,DWORD PTR SS:[LOCAL.45]
MOV EDX,DWORD PTR DS:[ECX+44]
MOV DWORD PTR SS:[LOCAL.42],EDX
MOV EAX,DWORD PTR SS:[ARG.1]

00423DF7 |. C700 00000000


00423DFD |. 8B4D 08
00423E00 |. 8B95 50FFFFFF
00423E06 |. 8951 08
00423E09 |. 8B85 54FFFFFF
00423E0F |. 8941 0C
00423E12 |. 8B4D 08
00423E15 |. 8B95 58FFFFFF
00423E1B |. 8951 10
00423E1E |. 8B45 08
00423E21 |> 8BE5
00423E23 |. 5D
00423E24 \. C2 1000
00423E27
CC
00423E28
CC
00423E29
CC
00423E2A
CC
00423E2B
CC
00423E2C
CC
00423E2D
CC
00423E2E
CC
00423E2F
CC
00423E30 /$ 55
o.00423E30(guessed Arg1)
00423E31 |. 8BEC
00423E33 |. 83EC 4C
00423E36 |. 894D B8
00423E39 |. 8B45 08
00423E3C |. 8378 18 10
00423E40 |. 72 0B
00423E42 |. 8B4D 08
00423E45 |. 8B51 04
00423E48 |. 8955 B4
00423E4B |. EB 09
00423E4D |> 8B45 08
00423E50 |. 83C0 04
00423E53 |. 8945 B4
00423E56 |> 8B4D B4
00423E59 |. 51
[LOCAL.19]
00423E5A |. E8 716AFEFF
fo.0040A8D0
00423E5F |. 83C4 04
00423E62 |. 8945 DC
00423E65 |. 8B4D 08
00423E68 |. E8 43A8FEFF
00423E6D |. 50
00423E6E |. 8B55 DC
00423E71 |. 52
[LOCAL.9]
00423E72 |. 8B4D B8
00423E75 |. E8 E6010000
nfo.00424060
00423E7A |. 50
00423E7B |. E8 00AB0000
fo.0042E980
00423E80 |. 83C4 08
00423E83 |. 8BE5
00423E85 |. 5D
00423E86 \. C2 0400

MOV DWORD PTR


MOV ECX,DWORD
MOV EDX,DWORD
MOV DWORD PTR
MOV EAX,DWORD
MOV DWORD PTR
MOV ECX,DWORD
MOV EDX,DWORD
MOV DWORD PTR
MOV EAX,DWORD
MOV ESP,EBP
POP EBP
RETN 10
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP

DS:[EAX],0
PTR SS:[ARG.1]
PTR SS:[LOCAL.44]
DS:[ECX+8],EDX
PTR SS:[LOCAL.43]
DS:[ECX+0C],EAX
PTR SS:[ARG.1]
PTR SS:[LOCAL.42]
DS:[ECX+10],EDX
PTR SS:[ARG.1]

; SystemInf

MOV EBP,ESP
SUB ESP,4C
MOV DWORD PTR SS:[LOCAL.18],ECX
MOV EAX,DWORD PTR SS:[ARG.1]
CMP DWORD PTR DS:[EAX+18],10
JB SHORT 00423E4D
MOV ECX,DWORD PTR SS:[ARG.1]
MOV EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[LOCAL.19],EDX
JMP SHORT 00423E56
MOV EAX,DWORD PTR SS:[ARG.1]
ADD EAX,4
MOV DWORD PTR SS:[LOCAL.19],EAX
MOV ECX,DWORD PTR SS:[LOCAL.19]
PUSH ECX

; /Arg1 =>

CALL 0040A8D0

; \SystemIn

ADD ESP,4
MOV DWORD PTR SS:[LOCAL.9],EAX
MOV ECX,DWORD PTR SS:[ARG.1]
CALL 0040E6B0
PUSH EAX
MOV EDX,DWORD PTR SS:[LOCAL.9]
PUSH EDX

; /Arg2
; |
; |/Arg1 =>

MOV ECX,DWORD PTR SS:[LOCAL.18]


CALL 00424060

; ||
; |\SystemI

PUSH EAX
CALL 0042E980

; |Arg1
; \SystemIn

ADD ESP,8
MOV ESP,EBP
POP EBP
RETN 4

00423E89
CC
00423E8A
CC
00423E8B
CC
00423E8C
CC
00423E8D
CC
00423E8E
CC
00423E8F
CC
00423E90 /. 55
00423E91 |. 8BEC
00423E93 |. 81EC C0000000
00423E99 |. 898D 40FFFFFF
00423E9F |. 8B45 14
00423EA2 |. 8945 EC
00423EA5 |. 8B4D 18
00423EA8 |. 894D F0
00423EAB |. 8B55 EC
00423EAE |. 8955 F8
00423EB1 |. 8B45 F0
00423EB4 |. 8945 FC
00423EB7 |. 8B4D F8
00423EBA |. 8B55 14
00423EBD |. 0355 0C
00423EC0 |. 2BD1
00423EC2 |. 8955 F4
00423EC5 |. 8B85 40FFFFFF
00423ECB |. 8378 4C 00
00423ECF |. 74 68
00423ED1 |. 8B8D 40FFFFFF
00423ED7 |. E8 C4220000
00423EDC |. 0FB6C8
00423EDF |. 85C9
00423EE1 |. 74 56
00423EE3 |. 8D55 F8
00423EE6 |. 52
OFFSET LOCAL.2
00423EE7 |. 8B85 40FFFFFF
00423EED |. 8B48 4C
00423EF0 |. 51
[ARG.ECX+4C]
00423EF1 |. E8 CCEE0000
fo.00432DC2
00423EF6 |. 83C4 08
00423EF9 |. 85C0
00423EFB |. 75 3C
00423EFD |. 837D F4 00
00423F01 |. 74 1C
00423F03 |. 6A 01
00423F05 |. 8B55 F4
00423F08 |. 52
00423F09 |. 8B85 40FFFFFF
00423F0F |. 8B48 4C
00423F12 |. 51
00423F13 |. E8 25EE0000
00423F18 |. 83C4 0C
00423F1B |. 85C0
00423F1D |. 75 1A
00423F1F |> 8D55 F8
00423F22 |. 52
OFFSET LOCAL.2
00423F23 |. 8B85 40FFFFFF

INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
SUB ESP,0C0
MOV DWORD PTR SS:[LOCAL.48],ECX
MOV EAX,DWORD PTR SS:[ARG.4]
MOV DWORD PTR SS:[LOCAL.5],EAX
MOV ECX,DWORD PTR SS:[ARG.5]
MOV DWORD PTR SS:[LOCAL.4],ECX
MOV EDX,DWORD PTR SS:[LOCAL.5]
MOV DWORD PTR SS:[LOCAL.2],EDX
MOV EAX,DWORD PTR SS:[LOCAL.4]
MOV DWORD PTR SS:[LOCAL.1],EAX
MOV ECX,DWORD PTR SS:[LOCAL.2]
MOV EDX,DWORD PTR SS:[ARG.4]
ADD EDX,DWORD PTR SS:[ARG.2]
SUB EDX,ECX
MOV DWORD PTR SS:[LOCAL.3],EDX
MOV EAX,DWORD PTR SS:[LOCAL.48]
CMP DWORD PTR DS:[EAX+4C],0
JE SHORT 00423F39
MOV ECX,DWORD PTR SS:[LOCAL.48]
CALL 004261A0
MOVZX ECX,AL
TEST ECX,ECX
JE SHORT 00423F39
LEA EDX,[LOCAL.2]
PUSH EDX

; /Arg2 =>

MOV EAX,DWORD PTR SS:[LOCAL.48]


MOV ECX,DWORD PTR DS:[EAX+4C]
PUSH ECX

; |
; |
; |Arg1 =>

CALL 00432DC2

; \SystemIn

ADD ESP,8
TEST EAX,EAX
JNE SHORT 00423F39
CMP DWORD PTR SS:[LOCAL.3],0
JE SHORT 00423F1F
PUSH 1
MOV EDX,DWORD PTR SS:[LOCAL.3]
PUSH EDX
MOV EAX,DWORD PTR SS:[LOCAL.48]
MOV ECX,DWORD PTR DS:[EAX+4C]
PUSH ECX
CALL 00432D3D
ADD ESP,0C
TEST EAX,EAX
JNE SHORT 00423F39
LEA EDX,[LOCAL.2]
PUSH EDX

; /Arg2 =>

MOV EAX,DWORD PTR SS:[LOCAL.48]

; |

00423F29 |.
00423F2C |.
[ARG.ECX+4C]
00423F2D |.
fo.00432C45
00423F32 |.
00423F35 |.
00423F37 |.
00423F39 |>
00423F3F |.
00423F45 |.
00423F48 |.
00423F4E |.
00423F50 |.
00423F53 |.
00423F5A |.
00423F61 |.
00423F64 |.
00423F6A |.
00423F6D |.
00423F70 |.
00423F75 |>
00423F78 |.
00423F7E |.
00423F84 |.
00423F8A |.
00423F8D |.
00423F93 |.
00423F96 |.
00423F98 |.
00423F9E |.
00423FA4 |.
00423FA7 |.
00423FAD |.
00423FAF |.
00423FB5 |.
00423FB8 |.
00423FBE |.
00423FC4 |.
00423FC7 |.
00423FCD |.
00423FD0 |.
00423FD2 |.
00423FD8 |.
00423FDB |.
00423FE1 |.
00423FE3 |.
00423FE9 |.
00423FEC |.
00423FF2 |.
00423FF8 |.
00423FFB |.
00423FFD |>
00424000 |.
00424006 |.
00424009 |.
0042400F |.
00424015 |.
00424018 |.
0042401E |.

8B48 4C
51

MOV ECX,DWORD PTR DS:[EAX+4C]


PUSH ECX

; |
; |Arg1 =>

E8 13ED0000

CALL 00432C45

; \SystemIn

83C4 08
85C0
74 3C
8B15 049D4400
8995 5CFFFFFF
8B45 08
8B8D 5CFFFFFF
8908
8B55 08
C742 08 00000
C742 0C 00000
8B45 08
8B0D D49B4400
8948 10
8B45 08
E9 D6000000
8B55 1C
8995 58FFFFFF
8B85 40FFFFFF
8B8D 58FFFFFF
8948 44
8B95 40FFFFFF
8B42 20
8B08
898D 54FFFFFF
8B95 40FFFFFF
83C2 40
3995 54FFFFFF
75 4E
8B85 40FFFFFF
83C0 41
8985 50FFFFFF
8B8D 40FFFFFF
8B51 10
8B85 40FFFFFF
83C0 40
8902
8B8D 40FFFFFF
8B51 20
8B85 50FFFFFF
8902
8B8D 40FFFFFF
83C1 41
2B8D 50FFFFFF
8B95 40FFFFFF
8B42 30
8908
8B4D F8
898D 44FFFFFF
8B55 FC
8995 48FFFFFF
8B85 40FFFFFF
8B48 44
898D 4CFFFFFF
8B55 08

ADD ESP,8
TEST EAX,EAX
JE SHORT 00423F75
MOV EDX,DWORD PTR DS:[449D04]
MOV DWORD PTR SS:[LOCAL.41],EDX
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ECX,DWORD PTR SS:[LOCAL.41]
MOV DWORD PTR DS:[EAX],ECX
MOV EDX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR DS:[EDX+8],0
MOV DWORD PTR DS:[EDX+0C],0
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ECX,DWORD PTR DS:[449BD4]
MOV DWORD PTR DS:[EAX+10],ECX
MOV EAX,DWORD PTR SS:[ARG.1]
JMP 0042404B
MOV EDX,DWORD PTR SS:[ARG.6]
MOV DWORD PTR SS:[LOCAL.42],EDX
MOV EAX,DWORD PTR SS:[LOCAL.48]
MOV ECX,DWORD PTR SS:[LOCAL.42]
MOV DWORD PTR DS:[EAX+44],ECX
MOV EDX,DWORD PTR SS:[LOCAL.48]
MOV EAX,DWORD PTR DS:[EDX+20]
MOV ECX,DWORD PTR DS:[EAX]
MOV DWORD PTR SS:[LOCAL.43],ECX
MOV EDX,DWORD PTR SS:[LOCAL.48]
ADD EDX,40
CMP DWORD PTR SS:[LOCAL.43],EDX
JNE SHORT 00423FFD
MOV EAX,DWORD PTR SS:[LOCAL.48]
ADD EAX,41
MOV DWORD PTR SS:[LOCAL.44],EAX
MOV ECX,DWORD PTR SS:[LOCAL.48]
MOV EDX,DWORD PTR DS:[ECX+10]
MOV EAX,DWORD PTR SS:[LOCAL.48]
ADD EAX,40
MOV DWORD PTR DS:[EDX],EAX
MOV ECX,DWORD PTR SS:[LOCAL.48]
MOV EDX,DWORD PTR DS:[ECX+20]
MOV EAX,DWORD PTR SS:[LOCAL.44]
MOV DWORD PTR DS:[EDX],EAX
MOV ECX,DWORD PTR SS:[LOCAL.48]
ADD ECX,41
SUB ECX,DWORD PTR SS:[LOCAL.44]
MOV EDX,DWORD PTR SS:[LOCAL.48]
MOV EAX,DWORD PTR DS:[EDX+30]
MOV DWORD PTR DS:[EAX],ECX
MOV ECX,DWORD PTR SS:[LOCAL.2]
MOV DWORD PTR SS:[LOCAL.47],ECX
MOV EDX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR SS:[LOCAL.46],EDX
MOV EAX,DWORD PTR SS:[LOCAL.48]
MOV ECX,DWORD PTR DS:[EAX+44]
MOV DWORD PTR SS:[LOCAL.45],ECX
MOV EDX,DWORD PTR SS:[ARG.1]

00424021 |. C702 00000000


00424027 |. 8B45 08
0042402A |. 8B8D 44FFFFFF
00424030 |. 8948 08
00424033 |. 8B95 48FFFFFF
00424039 |. 8950 0C
0042403C |. 8B45 08
0042403F |. 8B8D 4CFFFFFF
00424045 |. 8948 10
00424048 |. 8B45 08
0042404B |> 8BE5
0042404D |. 5D
0042404E \. C2 2000
00424051
CC
00424052
CC
00424053
CC
00424054
CC
00424055
CC
00424056
CC
00424057
CC
00424058
CC
00424059
CC
0042405A
CC
0042405B
CC
0042405C
CC
0042405D
CC
0042405E
CC
0042405F
CC
00424060 /$ 55
o.00424060(guessed Arg1)
00424061 |. 8BEC
00424063 |. 83EC 30
00424066 |. 894D DC
00424069 |. 8B45 DC
0042406C |. 8378 24 00
00424070 |. 74 15
00424072 |. 8B4D DC
00424075 |. 8B51 24
00424078 |. 8955 FC
0042407B |. 8B45 FC
0042407E |. 50
[ARG.ECX+24]
0042407F |. E8 7CB70000
fo.0042F800
00424084 |. 83C4 04
00424087 |> 8B4D DC
0042408A |. 8379 18 10
0042408E |. 72 0B
00424090 |. 8B55 DC
00424093 |. 8B42 04
00424096 |. 8945 D8
00424099 |. EB 09
0042409B |> 8B4D DC
0042409E |. 83C1 04
004240A1 |. 894D D8
004240A4 |> 8B55 D8
004240A7 |. 52
004240A8 |. E8 2368FEFF
fo.0040A8D0
004240AD |. 83C4 04

MOV DWORD PTR


MOV EAX,DWORD
MOV ECX,DWORD
MOV DWORD PTR
MOV EDX,DWORD
MOV DWORD PTR
MOV EAX,DWORD
MOV ECX,DWORD
MOV DWORD PTR
MOV EAX,DWORD
MOV ESP,EBP
POP EBP
RETN 20
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP

DS:[EDX],0
PTR SS:[ARG.1]
PTR SS:[LOCAL.47]
DS:[EAX+8],ECX
PTR SS:[LOCAL.46]
DS:[EAX+0C],EDX
PTR SS:[ARG.1]
PTR SS:[LOCAL.45]
DS:[EAX+10],ECX
PTR SS:[ARG.1]

; SystemInf

MOV EBP,ESP
SUB ESP,30
MOV DWORD PTR SS:[LOCAL.9],ECX
MOV EAX,DWORD PTR SS:[LOCAL.9]
CMP DWORD PTR DS:[EAX+24],0
JE SHORT 00424087
MOV ECX,DWORD PTR SS:[LOCAL.9]
MOV EDX,DWORD PTR DS:[ECX+24]
MOV DWORD PTR SS:[LOCAL.1],EDX
MOV EAX,DWORD PTR SS:[LOCAL.1]
PUSH EAX

; /Arg1 =>

CALL 0042F800

; \SystemIn

ADD ESP,4
MOV ECX,DWORD PTR SS:[LOCAL.9]
CMP DWORD PTR DS:[ECX+18],10
JB SHORT 0042409B
MOV EDX,DWORD PTR SS:[LOCAL.9]
MOV EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.10],EAX
JMP SHORT 004240A4
MOV ECX,DWORD PTR SS:[LOCAL.9]
ADD ECX,4
MOV DWORD PTR SS:[LOCAL.10],ECX
MOV EDX,DWORD PTR SS:[LOCAL.10]
PUSH EDX
CALL 0040A8D0

; /Arg1
; \SystemIn

ADD ESP,4

004240B0 |.
004240B3 |.
004240B5 |.
004240B8 |.
004240BB |.
004240BD |>
004240C0 |.
004240C4 |.
004240C6 |.
004240C9 |.
004240CC |.
004240CF |.
004240D1 |>
004240D4 |.
004240D7 |.
004240DA |>
004240DD |.
004240DE |.
fo.0040A8D0
004240E3 |.
004240E6 |.
004240E9 |>
004240EB |.
004240EE |.
004240EF |.
004240F2 |.
fo.0040E810
004240F7 |.
004240FA |.
004240FD |.
00424100 |.
00424103 |.
00424105 |.
00424106 \.
00424109
0042410A
0042410B
0042410C
0042410D
0042410E
0042410F
00424110 /.
00424111 |.
00424113 |.
00424116 |.
00424119 |.
0042411C |.
00424120 |.
00424122 |.
00424126 |.
00424128 |.
0042412C |.
0042412E |.
00424135 |.
00424137 |>
0042413E |>
00424141 |.
00424142 |.
00424145 |.
00424146 |.

3945 08
7D 08
8B45 08
8945 D4
EB 2C
8B4D DC
8379 18 10
72 0B
8B55 DC
8B42 04
8945 D0
EB 09
8B4D DC
83C1 04
894D D0
8B55 D0
52
E8 ED67FEFF

CMP DWORD PTR SS:[ARG.1],EAX


JGE SHORT 004240BD
MOV EAX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR SS:[LOCAL.11],EAX
JMP SHORT 004240E9
MOV ECX,DWORD PTR SS:[LOCAL.9]
CMP DWORD PTR DS:[ECX+18],10
JB SHORT 004240D1
MOV EDX,DWORD PTR SS:[LOCAL.9]
MOV EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.12],EAX
JMP SHORT 004240DA
MOV ECX,DWORD PTR SS:[LOCAL.9]
ADD ECX,4
MOV DWORD PTR SS:[LOCAL.12],ECX
MOV EDX,DWORD PTR SS:[LOCAL.12]
PUSH EDX
CALL 0040A8D0

; /Arg1
; \SystemIn

83C4 04
8945 D4
6A 01
8B45 D4
50
8B4D DC
E8 19A7FEFF

ADD ESP,4
MOV DWORD PTR SS:[LOCAL.11],EAX
PUSH 1
MOV EAX,DWORD PTR SS:[LOCAL.11]
PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.9]
CALL 0040E810

;
;
;
;
;

8B4D DC
8941 24
8B55 DC
8B42 24
8BE5
5D
C2 0400
CC
CC
CC
CC
CC
CC
CC
55
8BEC
83EC 18
894D EC
8B45 EC
8378 4C
74 3B
837D 08
75 0F
837D 0C
75 09
C745 E8
EB 07
C745 E8
8B4D 0C
51
8B55 E8
52
8B45 08

MOV ECX,DWORD PTR SS:[LOCAL.9]


MOV DWORD PTR DS:[ECX+24],EAX
MOV EDX,DWORD PTR SS:[LOCAL.9]
MOV EAX,DWORD PTR DS:[EDX+24]
MOV ESP,EBP
POP EBP
RETN 4
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
SUB ESP,18
MOV DWORD PTR SS:[LOCAL.5],ECX
MOV EAX,DWORD PTR SS:[LOCAL.5]
00
CMP DWORD PTR DS:[EAX+4C],0
JE SHORT 0042415D
00
CMP DWORD PTR SS:[ARG.1],0
JNE SHORT 00424137
00
CMP DWORD PTR SS:[ARG.2],0
JNE SHORT 00424137
04000 MOV DWORD PTR SS:[LOCAL.6],4
JMP SHORT 0042413E
00000 MOV DWORD PTR SS:[LOCAL.6],0
MOV ECX,DWORD PTR SS:[ARG.2]
PUSH ECX
MOV EDX,DWORD PTR SS:[LOCAL.6]
PUSH EDX
MOV EAX,DWORD PTR SS:[ARG.1]

/Arg2 = 1
|
|Arg1
|
\SystemIn

00424149 |.
0042414A |.
0042414D |.
00424150 |.
00424151 |.
00424156 |.
00424159 |.
0042415B |.
0042415D |>
0042415F |.
00424161 |.
00424163 |>
00424165 |.
00424168 |.
0042416B |.
[ARG.ECX+4C]
0042416C |.
0042416F |.
fo.004260E0
00424174 |.
00424177 |>
00424179 |.
0042417A \.
0042417D
0042417E
0042417F
00424180 /.
00424181 |.
00424183 |.
00424186 |.
00424189 |.
0042418C |.
00424190 |.
00424192 |.
00424194 |.
00424197 |.
00424199 |.
0042419C |.
0042419F |.
004241A1 |.
004241A4 |.
004241AB |.
004241AE |.
004241B0 |.
004241B3 |.
004241B6 |.
004241B9 |.
004241BB |.
004241BD |.
004241C0 |.
004241C3 |.
004241C4 |.
004241C9 |.
004241CC |.
004241CE |.
004241D0 |.
004241D7 |.
004241D9 |>
004241E0 |>
004241E3 |.

50
8B4D EC
8B51 4C
52
E8 B1EC0000
83C4 10
85C0
74 06
33C0
EB 16
EB 14
6A 01
8B45 EC
8B48 4C
51

PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV EDX,DWORD PTR DS:[ECX+4C]
PUSH EDX
CALL 00432E07
ADD ESP,10
TEST EAX,EAX
JE SHORT 00424163
XOR EAX,EAX
JMP SHORT 00424177
JMP SHORT 00424177
PUSH 1
MOV EAX,DWORD PTR SS:[LOCAL.5]
MOV ECX,DWORD PTR DS:[EAX+4C]
PUSH ECX

;
;
;
;

8B4D EC
E8 6C1F0000

MOV ECX,DWORD PTR SS:[LOCAL.5]


CALL 004260E0

; |
; \SystemIn

8B45 EC
8BE5
5D
C2 0800
CC
CC
CC
55
8BEC
83EC 10
894D F4
8B45 F4
8378 4C 00
74 47
6A FF
8B4D F4
8B11
8B4D F4
8B42 04
FFD0
8945 FC
C745 F8 FFFFF
8B4D F8
33D2
3B4D FC
0F94C2
0FB6C2
85C0
75 1C
8B4D F4
8B51 4C
52
E8 C6EE0000
83C4 04
85C0
7D 09
C745 F0 FFFFF
EB 07
C745 F0 00000
8B45 F0
8BE5

MOV EAX,DWORD PTR SS:[LOCAL.5]


MOV ESP,EBP
POP EBP
RETN 8
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
SUB ESP,10
MOV DWORD PTR SS:[LOCAL.3],ECX
MOV EAX,DWORD PTR SS:[LOCAL.3]
CMP DWORD PTR DS:[EAX+4C],0
JE SHORT 004241D9
PUSH -1
MOV ECX,DWORD PTR SS:[LOCAL.3]
MOV EDX,DWORD PTR DS:[ECX]
MOV ECX,DWORD PTR SS:[LOCAL.3]
MOV EAX,DWORD PTR DS:[EDX+4]
CALL EAX
MOV DWORD PTR SS:[LOCAL.1],EAX
MOV DWORD PTR SS:[LOCAL.2],-1
MOV ECX,DWORD PTR SS:[LOCAL.2]
XOR EDX,EDX
CMP ECX,DWORD PTR SS:[LOCAL.1]
SETE DL
MOVZX EAX,DL
TEST EAX,EAX
JNE SHORT 004241D9
MOV ECX,DWORD PTR SS:[LOCAL.3]
MOV EDX,DWORD PTR DS:[ECX+4C]
PUSH EDX
CALL 0043308F
ADD ESP,4
TEST EAX,EAX
JGE SHORT 004241D9
MOV DWORD PTR SS:[LOCAL.4],-1
JMP SHORT 004241E0
MOV DWORD PTR SS:[LOCAL.4],0
MOV EAX,DWORD PTR SS:[LOCAL.4]
MOV ESP,EBP

/Arg2 = 1
|
|
|Arg1 =>

004241E5 |.
004241E6 \.
004241E7
004241E8
004241E9
004241EA
004241EB
004241EC
004241ED
004241EE
004241EF
004241F0 /.
004241F1 |.
004241F3 |.
004241F9 |.
004241FF |.
00424209 |.
0042420C |.
[ARG.1]
0042420D |.
fo.0042D170
00424212 |.
00424215 |.
0042421B |.
00424221 |.
00424223 |.
00424229 |.
0042422C |.
0042422E |.
00424231 |.
00424233 |.
00424235 |.
0042423B |.
00424242 |.
00424244 |>
0042424A |.
00424250 |.
00424253 |.
00424259 |.
0042425E |>
00424260 |.
00424261 \.
00424264
00424265
00424266
00424267
00424268
00424269
0042426A
0042426B
0042426C
0042426D
0042426E
0042426F
00424270 /$
00424271 |.
00424273 |.
00424276 |.
00424279 |.
0042427C |.

5D
C3
CC
CC
CC
CC
CC
CC
CC
CC
CC
55
8BEC
81EC
898D
C785
8B45
50

POP EBP
RETN
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
D8000000 SUB ESP,0D8
28FFFFFF MOV DWORD PTR SS:[LOCAL.54],ECX
34FFFFFF MOV DWORD PTR SS:[LOCAL.51],0
08
MOV EAX,DWORD PTR SS:[ARG.1]
PUSH EAX

; /Arg1 =>

E8 5E8F0000

CALL 0042D170

; \SystemIn

83C4 04
8985 2CFFFFFF
8B8D 2CFFFFFF
8B11
8B8D 2CFFFFFF
8B42 04
FFD0
0FB6C8
85C9
74 0F
8B95 28FFFFFF
C742 3C 00000
EB 1A
8B85 28FFFFFF
8B8D 2CFFFFFF
8948 3C
8B8D 28FFFFFF
E8 52470000
8BE5
5D
C2 0400
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
55
8BEC
83EC 30
894D D0
8D45 FF
50

ADD ESP,4
MOV DWORD PTR SS:[LOCAL.53],EAX
MOV ECX,DWORD PTR SS:[LOCAL.53]
MOV EDX,DWORD PTR DS:[ECX]
MOV ECX,DWORD PTR SS:[LOCAL.53]
MOV EAX,DWORD PTR DS:[EDX+4]
CALL EAX
MOVZX ECX,AL
TEST ECX,ECX
JE SHORT 00424244
MOV EDX,DWORD PTR SS:[LOCAL.54]
MOV DWORD PTR DS:[EDX+3C],0
JMP SHORT 0042425E
MOV EAX,DWORD PTR SS:[LOCAL.54]
MOV ECX,DWORD PTR SS:[LOCAL.53]
MOV DWORD PTR DS:[EAX+3C],ECX
MOV ECX,DWORD PTR SS:[LOCAL.54]
CALL 004289B0
MOV ESP,EBP
POP EBP
RETN 4
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
SUB ESP,30
MOV DWORD PTR SS:[LOCAL.12],ECX
LEA EAX,[LOCAL.1+3]
PUSH EAX

; /Arg2

0042427D |. 8D4D FE
00424280 |. 51
00424281 |. 8B4D D0
00424284 |. E8 27220000
fo.004264B0
00424289 |. 8B45 D0
0042428C |. 8BE5
0042428E |. 5D
0042428F \. C3
00424290 /$ 55
o.00424290(guessed Arg1)
00424291 |. 8BEC
00424293 |. 6A FF
00424295 |. 68 27674400
0042429A |. 64:A1 0000000
004242A0 |. 50
004242A1 |. 81EC E4010000
004242A7 |. A1 A0154500
004242AC |. 33C5
004242AE |. 50
004242AF |. 8D45 F4
004242B2 |. 64:A3 0000000
004242B8 |. 898D 18FEFFFF
004242BE |. 8B45 08
004242C1 |. 50
[ARG.1]
004242C2 |. 8B8D 18FEFFFF
004242C8 |. E8 73580000
fo.00429B40
004242CD |. 8985 68FEFFFF
004242D3 |. 8B8D 18FEFFFF
004242D9 |. 51
ARG.ECX
004242DA |. 8B95 68FEFFFF
004242E0 |. 52
[LOCAL.102]
004242E1 |. 8D4D EC
004242E4 |. E8 074E0000
fo.004290F0
004242E9 |. 8B85 18FEFFFF
004242EF |. 8B48 18
004242F2 |. 898D 64FEFFFF
004242F8 |. 8B95 18FEFFFF
004242FE |. 52
ARG.ECX
004242FF |. 8B85 64FEFFFF
00424305 |. 50
[ARG.ECX+18]
00424306 |. 8D4D E4
00424309 |. E8 E24D0000
fo.004290F0
0042430E |. 33C9
00424310 |. 837D EC 00
00424314 |. 0F95C1
00424317 |. 0FB6D1
0042431A |. 85D2
0042431C |. 74 12
0042431E |. 8B45 EC
00424321 |. 33C9
00424323 |. 3B45 E4

LEA ECX,[LOCAL.1+2]
PUSH ECX
MOV ECX,DWORD PTR SS:[LOCAL.12]
CALL 004264B0

;
;
;
;

|
|Arg1
|
\SystemIn

MOV EAX,DWORD PTR SS:[LOCAL.12]


MOV ESP,EBP
POP EBP
RETN
PUSH EBP

; SystemInf

MOV EBP,ESP
PUSH -1
PUSH 00446727
MOV EAX,DWORD PTR FS:[0]
PUSH EAX
SUB ESP,1E4
MOV EAX,DWORD PTR DS:[4515A0]
XOR EAX,EBP
PUSH EAX
LEA EAX,[LOCAL.3]
MOV DWORD PTR FS:[0],EAX
MOV DWORD PTR SS:[LOCAL.122],ECX
MOV EAX,DWORD PTR SS:[ARG.1]
PUSH EAX

; /Arg1 =>

MOV ECX,DWORD PTR SS:[LOCAL.122]


CALL 00429B40

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.102],EAX


MOV ECX,DWORD PTR SS:[LOCAL.122]
PUSH ECX

; /Arg2 =>

MOV EDX,DWORD PTR SS:[LOCAL.102]


PUSH EDX

; |
; |Arg1 =>

LEA ECX,[LOCAL.5]
CALL 004290F0

; |
; \SystemIn

MOV EAX,DWORD
MOV ECX,DWORD
MOV DWORD PTR
MOV EDX,DWORD
PUSH EDX

; /Arg2 =>

PTR SS:[LOCAL.122]
PTR DS:[EAX+18]
SS:[LOCAL.103],ECX
PTR SS:[LOCAL.122]

MOV EAX,DWORD PTR SS:[LOCAL.103]


PUSH EAX

; |
; |Arg1 =>

LEA ECX,[LOCAL.7]
CALL 004290F0

; |
; \SystemIn

XOR ECX,ECX
CMP DWORD PTR SS:[LOCAL.5],0
SETNE CL
MOVZX EDX,CL
TEST EDX,EDX
JE SHORT 00424330
MOV EAX,DWORD PTR SS:[LOCAL.5]
XOR ECX,ECX
CMP EAX,DWORD PTR SS:[LOCAL.7]

00424326 |.
00424329 |.
0042432C |.
0042432E |.
00424330 |>
00424335 |>
00424337 |.^
00424339 |.
0042433C |.
0042433E |.
00424341 |.
00424344 |.
00424347 |.
00424349 |.
0042434B |.
0042434E |.
00424354 |.
0042435A |.
0042435D |.
00424362 |.
00424363 |.
00424366 |.
0042436B |.
0042436C |.
fo.0042E980
00424371 |.
00424374 |.
00424376 |.
00424378 |.
0042437B |.
0042437E |.
00424380 |.
00424386 |>
00424389 |.
0042438F |.
00424392 |.
00424398 |.
0042439E |.
fo.004058B0
004243A3 |.
004243A9 |.
004243AF |.
004243B5 |.
004243BC |.
004243BF |.
[ARG.1]
004243C0 |.
004243C6 |.
fo.0040AD10
004243CB |.
004243CF |.
004243D5 |.
[LOCAL.123]
004243D6 |.
004243DC |.
fo.004283A0
004243E1 |.
004243E5 |.
004243EB |.
004243F1 |.

0F94C1
0FB6D1
85D2
75 05
E8 53A50000
33C0
75 FC
8B4D F0
33D2
3B4D E8
0F94C2
0FB6C2
85C0
75 3B
8B4D F0
898D 60FEFFFF
8B8D 60FEFFFF
83C1 0C
E8 4EA3FEFF
50
8B4D 08
E8 45A3FEFF
50
E8 0FA60000

SETE CL
MOVZX EDX,CL
TEST EDX,EDX
JNE SHORT 00424335
CALL 0042E888
/XOR EAX,EAX
\JNE SHORT 00424335
MOV ECX,DWORD PTR SS:[LOCAL.4]
XOR EDX,EDX
CMP ECX,DWORD PTR SS:[LOCAL.6]
SETE DL
MOVZX EAX,DL
TEST EAX,EAX
JNE SHORT 00424386
MOV ECX,DWORD PTR SS:[LOCAL.4]
MOV DWORD PTR SS:[LOCAL.104],ECX
MOV ECX,DWORD PTR SS:[LOCAL.104]
ADD ECX,0C
CALL 0040E6B0
PUSH EAX
MOV ECX,DWORD PTR SS:[ARG.1]
CALL 0040E6B0
PUSH EAX
CALL 0042E980

;
;
;
;
;

83C4 08
33D2
85C0
0F9CC2
0FB6C2
85C0
0F84 E4000000
8B4D EC
898D 74FEFFFF
8B55 F0
8995 78FEFFFF
8D8D 7CFEFFFF
E8 0D15FEFF

ADD ESP,8
XOR EDX,EDX
TEST EAX,EAX
SETL DL
MOVZX EAX,DL
TEST EAX,EAX
JE 0042446A
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV DWORD PTR SS:[LOCAL.99],ECX
MOV EDX,DWORD PTR SS:[LOCAL.4]
MOV DWORD PTR SS:[LOCAL.98],EDX
LEA ECX,[LOCAL.97]
CALL 004058B0

; [SystemIn

8985
8B85
8985
C745
8B4D
51

MOV DWORD PTR


MOV EAX,DWORD
MOV DWORD PTR
MOV DWORD PTR
MOV ECX,DWORD
PUSH ECX

; /Arg1 =>

14FEFFFF
14FEFFFF
50FEFFFF
FC 00000
08

/Arg2
|
|
|Arg1
\SystemIn

SS:[LOCAL.123],EAX
PTR SS:[LOCAL.123]
SS:[LOCAL.108],EAX
SS:[LOCAL.1],0
PTR SS:[ARG.1]

8D8D 1CFFFFFF LEA ECX,[LOCAL.57]


E8 4569FEFF CALL 0040AD10

; |
; \SystemIn

C645 FC 01
MOV BYTE PTR SS:[LOCAL.1],1
8B95 50FEFFFF MOV EDX,DWORD PTR SS:[LOCAL.108]
52
PUSH EDX

; /Arg1 =>

8D8D 44FFFFFF LEA ECX,[LOCAL.47]


E8 BF3F0000 CALL 004283A0

; |
; \SystemIn

C645
8D85
8985
C645

FC 00
1CFFFFFF
10FEFFFF
FC 02

MOV
LEA
MOV
MOV

BYTE PTR SS:[LOCAL.1],0


EAX,[LOCAL.57]
DWORD PTR SS:[LOCAL.124],EAX
BYTE PTR SS:[LOCAL.1],2

004243F5 |. 8B8D 10FEFFFF


004243FB |. 51
OFFSET LOCAL.57
004243FC |. 8B95 78FEFFFF
00424402 |. 52
[LOCAL.4]
00424403 |. 8B85 74FEFFFF
00424409 |. 50
[LOCAL.5]
0042440A |. 8D8D 6CFEFFFF
00424410 |. 51
OFFSET LOCAL.101
00424411 |. 8B8D 18FEFFFF
00424417 |. E8 34210000
fo.00426550
0042441C |. 8B10
0042441E |. 8B40 04
00424421 |. 8955 EC
00424424 |. 8945 F0
00424427 |. C645 FC 03
0042442B |. 8D8D 44FFFFFF
00424431 |. E8 AA15FEFF
fo.004059E0
00424436 |. C645 FC 04
0042443A |. 8D8D 1CFFFFFF
00424440 |. E8 3BA3FEFF
fo.0040E780
00424445 |. C645 FC 00
00424449 |. 6A 00
0042444B |. 6A 01
0042444D |. 8D8D 1CFFFFFF
00424453 |. E8 08B7FEFF
fo.0040FB60
00424458 |. C745 FC FFFFF
0042445F |. 8D8D 7CFEFFFF
00424465 |. E8 7615FEFF
fo.004059E0
0042446A |> 8D4D EC
0042446D |. E8 3E340000
fo.004278B0
00424472 |. 83C0 28
00424475 |. 8B4D F4
00424478 |. 64:890D 00000
0042447F |. 59
00424480 |. 8BE5
00424482 |. 5D
00424483 \. C2 0400
00424486
CC
00424487
CC
00424488
CC
00424489
CC
0042448A
CC
0042448B
CC
0042448C
CC
0042448D
CC
0042448E
CC
0042448F
CC
00424490 /$ 55
00424491 |. 8BEC
00424493 |. 6A FF

MOV ECX,DWORD PTR SS:[LOCAL.124]


PUSH ECX

; /Arg4 =>

MOV EDX,DWORD PTR SS:[LOCAL.98]


PUSH EDX

; |
; |Arg3 =>

MOV EAX,DWORD PTR SS:[LOCAL.99]


PUSH EAX

; |
; |Arg2 =>

LEA ECX,[LOCAL.101]
PUSH ECX

; |
; |Arg1 =>

MOV ECX,DWORD PTR SS:[LOCAL.122]


CALL 00426550

; |
; \SystemIn

MOV EDX,DWORD PTR DS:[EAX]


MOV EAX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.5],EDX
MOV DWORD PTR SS:[LOCAL.4],EAX
MOV BYTE PTR SS:[LOCAL.1],3
LEA ECX,[LOCAL.47]
CALL 004059E0

; [SystemIn

MOV BYTE PTR SS:[LOCAL.1],4


LEA ECX,[LOCAL.57]
CALL 0040E780

; [SystemIn

MOV BYTE PTR SS:[LOCAL.1],0


PUSH 0
PUSH 1
LEA ECX,[LOCAL.57]
CALL 0040FB60

;
;
;
;

MOV DWORD PTR SS:[LOCAL.1],-1


LEA ECX,[LOCAL.97]
CALL 004059E0

; [SystemIn

LEA ECX,[LOCAL.5]
CALL 004278B0

; [SystemIn

ADD EAX,28
MOV ECX,DWORD PTR SS:[LOCAL.3]
MOV DWORD PTR FS:[0],ECX
POP ECX
MOV ESP,EBP
POP EBP
RETN 4
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
PUSH -1

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

00424495 |. 68 4B5E4400 PUSH 00445E4B


0042449A |. 64:A1 0000000 MOV EAX,DWORD PTR FS:[0]
004244A0 |. 50
PUSH EAX
004244A1 |. 81EC 90000000 SUB ESP,90
004244A7 |. A1 A0154500 MOV EAX,DWORD PTR DS:[4515A0]
004244AC |. 33C5
XOR EAX,EBP
004244AE |. 50
PUSH EAX
004244AF |. 8D45 F4
LEA EAX,[EBP-0C]
004244B2 |. 64:A3 0000000 MOV DWORD PTR FS:[0],EAX
004244B8 |. 898D 64FFFFFF MOV DWORD PTR SS:[EBP-9C],ECX
004244BE |. C745 FC 00000 MOV DWORD PTR SS:[EBP-4],0
004244C5 |. 8B8D 64FFFFFF MOV ECX,DWORD PTR SS:[EBP-9C]
004244CB |. E8 A0290000 CALL 00426E70
fo.00426E70
004244D0 |. C745 FC FFFFF MOV DWORD PTR SS:[EBP-4],-1
004244D7 |. 8B85 64FFFFFF MOV EAX,DWORD PTR SS:[EBP-9C]
004244DD |. 8B08
MOV ECX,DWORD PTR DS:[EAX]
004244DF |. 898D 68FFFFFF MOV DWORD PTR SS:[EBP-98],ECX
004244E5 |. 8B95 68FFFFFF MOV EDX,DWORD PTR SS:[EBP-98]
004244EB |. 52
PUSH EDX
004244EC |. E8 29A40000 CALL 0042E91A
004244F1 |. 83C4 04
ADD ESP,4
004244F4 |. 8B4D F4
MOV ECX,DWORD PTR SS:[EBP-0C]
004244F7 |. 64:890D 00000 MOV DWORD PTR FS:[0],ECX
004244FE |. 59
POP ECX
004244FF |. 8BE5
MOV ESP,EBP
00424501 |. 5D
POP EBP
00424502 \. C3
RETN
00424503
CC
INT3
00424504
CC
INT3
00424505
CC
INT3
00424506
CC
INT3
00424507
CC
INT3
00424508
CC
INT3
00424509
CC
INT3
0042450A
CC
INT3
0042450B
CC
INT3
0042450C
CC
INT3
0042450D
CC
INT3
0042450E
CC
INT3
0042450F
CC
INT3
00424510 /$ 55
PUSH EBP
o.00424510(guessed Arg1,Arg2,Arg3)
00424511 |. 8BEC
MOV EBP,ESP
00424513 |. 6A FF
PUSH -1
00424515 |. 68 79674400 PUSH 00446779
0042451A |. 64:A1 0000000 MOV EAX,DWORD PTR FS:[0]
00424520 |. 50
PUSH EAX
00424521 |. 81EC B4000000 SUB ESP,0B4
00424527 |. A1 A0154500 MOV EAX,DWORD PTR DS:[4515A0]
0042452C |. 33C5
XOR EAX,EBP
0042452E |. 50
PUSH EAX
0042452F |. 8D45 F4
LEA EAX,[LOCAL.3]
00424532 |. 64:A3 0000000 MOV DWORD PTR FS:[0],EAX
00424538 |. C745 C4 00000 MOV DWORD PTR SS:[LOCAL.15],0
0042453F |. 8D45 CB
LEA EAX,[LOCAL.14+3]
00424542 |. 50
PUSH EAX
00424543 |. 8B4D 0C
MOV ECX,DWORD PTR SS:[ARG.2]
00424546 |. 51
PUSH ECX
[ARG.2]

; [SystemIn

; SystemInf

; /Arg2
; |
; |Arg1 =>

00424547 |.
0042454A |.
fo.0040B290
0042454F |.
00424555 |.
0042455B |.
00424561 |.
00424568 |.
0042456E |.
fo.0040E780
00424573 |.
00424578 |.
[4487AC] = -1
00424579 |.
0042457B |.
0042457E |.
[ARG.3]
0042457F |.
00424585 |.
fo.0040ECF0
0042458A |.
00424590 |.
[LOCAL.48]
00424591 |.
00424594 |.
fo.0040AD10
00424599 |.
0042459C |.
0042459F |.
004245A2 |.
004245A9 |.
004245AC |.
fo.0040E780
004245B1 |.
004245B5 |.
004245B7 |.
004245B9 |.
004245BC |.
fo.0040FB60
004245C1 |.
004245C4 |.
004245C7 |.
004245CE |.
004245CF |.
004245D1 |.
004245D2 \.
004245D3
004245D4
004245D5
004245D6
004245D7
004245D8
004245D9
004245DA
004245DB
004245DC
004245DD
004245DE
004245DF
004245E0 /$

8D4D CC
E8 416DFEFF

LEA ECX,[LOCAL.13]
CALL 0040B290

; |
; \SystemIn

8985 40FFFFFF
8B95 40FFFFFF
8995 7CFFFFFF
C745 FC 01000
8B8D 7CFFFFFF
E8 0DA2FEFF

MOV DWORD PTR


MOV EDX,DWORD
MOV DWORD PTR
MOV DWORD PTR
MOV ECX,DWORD
CALL 0040E780

; [SystemIn

A1 AC874400
50

MOV EAX,DWORD PTR DS:[4487AC]


PUSH EAX

; /Arg3 =>

6A 00
8B4D 10
51

PUSH 0
MOV ECX,DWORD PTR SS:[ARG.3]
PUSH ECX

; |Arg2 = 0
; |
; |Arg1 =>

SS:[LOCAL.48],EAX
PTR SS:[LOCAL.48]
SS:[LOCAL.33],EDX
SS:[LOCAL.1],1
PTR SS:[LOCAL.33]

8B8D 7CFFFFFF MOV ECX,DWORD PTR SS:[LOCAL.33]


E8 66A7FEFF CALL 0040ECF0

; |
; \SystemIn

8B95 7CFFFFFF MOV EDX,DWORD PTR SS:[LOCAL.33]


52
PUSH EDX

; /Arg1 =>

8B4D 08
E8 7767FEFF

MOV ECX,DWORD PTR SS:[ARG.1]


CALL 0040AD10

; |
; \SystemIn

8B45 C4
83C8 01
8945 C4
C745 FC 02000
8D4D CC
E8 CFA1FEFF

MOV EAX,DWORD PTR SS:[LOCAL.15]


OR EAX,00000001
MOV DWORD PTR SS:[LOCAL.15],EAX
MOV DWORD PTR SS:[LOCAL.1],2
LEA ECX,[LOCAL.13]
CALL 0040E780

; [SystemIn

C645 FC 00
6A 00
6A 01
8D4D CC
E8 9FB5FEFF

MOV BYTE PTR SS:[LOCAL.1],0


PUSH 0
PUSH 1
LEA ECX,[LOCAL.13]
CALL 0040FB60

;
;
;
;

8B45 08
MOV EAX,DWORD PTR SS:[ARG.1]
8B4D F4
MOV ECX,DWORD PTR SS:[LOCAL.3]
64:890D 00000 MOV DWORD PTR FS:[0],ECX
59
POP ECX
8BE5
MOV ESP,EBP
5D
POP EBP
C3
RETN
CC
INT3
CC
INT3
CC
INT3
CC
INT3
CC
INT3
CC
INT3
CC
INT3
CC
INT3
CC
INT3
CC
INT3
CC
INT3
CC
INT3
CC
INT3
55
PUSH EBP

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

; SystemInf

o.004245E0(guessed Arg1,Arg2)
004245E1 |. 8BEC
MOV EBP,ESP
004245E3 |. 83EC 60
SUB ESP,60
004245E6 |. 894D A4
MOV DWORD PTR SS:[LOCAL.23],ECX
004245E9 |. 8B45 0C
MOV EAX,DWORD PTR SS:[ARG.2]
004245EC |. 50
PUSH EAX
[ARG.2]
004245ED |. 8B4D A4
MOV ECX,DWORD PTR SS:[LOCAL.23]
004245F0 |. E8 4B550000 CALL 00429B40
fo.00429B40
004245F5 |. 8945 D8
MOV DWORD PTR SS:[LOCAL.10],EAX
004245F8 |. 8B4D A4
MOV ECX,DWORD PTR SS:[LOCAL.23]
004245FB |. 51
PUSH ECX
ARG.ECX
004245FC |. 8B55 D8
MOV EDX,DWORD PTR SS:[LOCAL.10]
004245FF |. 52
PUSH EDX
[LOCAL.10]
00424600 |. 8D4D F8
LEA ECX,[LOCAL.2]
00424603 |. E8 E84A0000 CALL 004290F0
fo.004290F0
00424608 |. 8B45 A4
MOV EAX,DWORD PTR SS:[LOCAL.23]
0042460B |. 8B48 18
MOV ECX,DWORD PTR DS:[EAX+18]
0042460E |. 894D D4
MOV DWORD PTR SS:[LOCAL.11],ECX
00424611 |. C745 EC 00000 MOV DWORD PTR SS:[LOCAL.5],0
00424618 |. 8B55 D4
MOV EDX,DWORD PTR SS:[LOCAL.11]
0042461B |. 8955 F0
MOV DWORD PTR SS:[LOCAL.4],EDX
0042461E |. 837D A4 00
CMP DWORD PTR SS:[LOCAL.23],0
00424622 |. 75 05
JNE SHORT 00424629
00424624 |. E8 5FA20000 CALL 0042E888
00424629 |> 33C0
/XOR EAX,EAX
0042462B |.^ 75 FC
\JNE SHORT 00424629
0042462D |. 8B4D A4
MOV ECX,DWORD PTR SS:[LOCAL.23]
00424630 |. 8B11
MOV EDX,DWORD PTR DS:[ECX]
00424632 |. 8955 EC
MOV DWORD PTR SS:[LOCAL.5],EDX
00424635 |. 33C0
XOR EAX,EAX
00424637 |. 837D F8 00
CMP DWORD PTR SS:[LOCAL.2],0
0042463B |. 0F95C0
SETNE AL
0042463E |. 0FB6C8
MOVZX ECX,AL
00424641 |. 85C9
TEST ECX,ECX
00424643 |. 74 12
JE SHORT 00424657
00424645 |. 8B55 F8
MOV EDX,DWORD PTR SS:[LOCAL.2]
00424648 |. 33C0
XOR EAX,EAX
0042464A |. 3B55 EC
CMP EDX,DWORD PTR SS:[LOCAL.5]
0042464D |. 0F94C0
SETE AL
00424650 |. 0FB6C8
MOVZX ECX,AL
00424653 |. 85C9
TEST ECX,ECX
00424655 |. 75 05
JNE SHORT 0042465C
00424657 |> E8 2CA20000 CALL 0042E888
0042465C |> 33D2
/XOR EDX,EDX
0042465E |.^ 75 FC
\JNE SHORT 0042465C
00424660 |. 8B45 FC
MOV EAX,DWORD PTR SS:[LOCAL.1]
00424663 |. 33C9
XOR ECX,ECX
00424665 |. 3B45 F0
CMP EAX,DWORD PTR SS:[LOCAL.4]
00424668 |. 0F94C1
SETE CL
0042466B |. 0FB6D1
MOVZX EDX,CL
0042466E |. 85D2
TEST EDX,EDX
00424670 |. 75 39
JNE SHORT 004246AB
00424672 |. 8B45 FC
MOV EAX,DWORD PTR SS:[LOCAL.1]
00424675 |. 8945 D0
MOV DWORD PTR SS:[LOCAL.12],EAX
00424678 |. 8B4D D0
MOV ECX,DWORD PTR SS:[LOCAL.12]

; /Arg1 =>
; |
; \SystemIn

; /Arg2 =>
; |
; |Arg1 =>
; |
; \SystemIn

0042467B |. 83C1 0C
0042467E |. E8 2DA0FEFF
00424683 |. 50
00424684 |. 8B4D 0C
00424687 |. E8 24A0FEFF
0042468C |. 50
0042468D |. E8 EEA20000
fo.0042E980
00424692 |. 83C4 08
00424695 |. 33C9
00424697 |. 85C0
00424699 |. 0F9CC1
0042469C |. 0FB6D1
0042469F |. 85D2
004246A1 |. 75 08
004246A3 |. 8D45 F8
004246A6 |. 8945 A0
004246A9 |. EB 33
004246AB |> 8B4D A4
004246AE |. 8B51 18
004246B1 |. 8955 A8
004246B4 |. C745 E4 00000
004246BB |. 8B45 A8
004246BE |. 8945 E8
004246C1 |. 837D A4 00
004246C5 |. 75 05
004246C7 |. E8 BCA10000
004246CC |> 33C9
004246CE |.^ 75 FC
004246D0 |. 8B55 A4
004246D3 |. 8B02
004246D5 |. 8945 E4
004246D8 |. 8D4D E4
004246DB |. 894D A0
004246DE |> 8B55 A0
004246E1 |. 8955 F4
004246E4 |. 8B45 F4
004246E7 |. 8B08
004246E9 |. 8B50 04
004246EC |. 8B45 08
004246EF |. 8908
004246F1 |. 8950 04
004246F4 |. 8B45 08
004246F7 |. 8BE5
004246F9 |. 5D
004246FA \. C2 0800
004246FD
CC
004246FE
CC
004246FF
CC
00424700 /$ 55
o.00424700(guessed Arg1)
00424701 |. 8BEC
00424703 |. 83EC 24
00424706 |. 894D DC
00424709 |. 8D45 F7
0042470C |. 8945 F8
0042470F |. 6A 00
00424711 |. 6A 00
00424713 |. 8B4D DC
00424716 |. E8 45B4FEFF

ADD ECX,0C
CALL 0040E6B0
PUSH EAX
MOV ECX,DWORD PTR SS:[ARG.2]
CALL 0040E6B0
PUSH EAX
CALL 0042E980

;
;
;
;
;

ADD ESP,8
XOR ECX,ECX
TEST EAX,EAX
SETL CL
MOVZX EDX,CL
TEST EDX,EDX
JNE SHORT 004246AB
LEA EAX,[LOCAL.2]
MOV DWORD PTR SS:[LOCAL.24],EAX
JMP SHORT 004246DE
MOV ECX,DWORD PTR SS:[LOCAL.23]
MOV EDX,DWORD PTR DS:[ECX+18]
MOV DWORD PTR SS:[LOCAL.22],EDX
MOV DWORD PTR SS:[LOCAL.7],0
MOV EAX,DWORD PTR SS:[LOCAL.22]
MOV DWORD PTR SS:[LOCAL.6],EAX
CMP DWORD PTR SS:[LOCAL.23],0
JNE SHORT 004246CC
CALL 0042E888
/XOR ECX,ECX
\JNE SHORT 004246CC
MOV EDX,DWORD PTR SS:[LOCAL.23]
MOV EAX,DWORD PTR DS:[EDX]
MOV DWORD PTR SS:[LOCAL.7],EAX
LEA ECX,[LOCAL.7]
MOV DWORD PTR SS:[LOCAL.24],ECX
MOV EDX,DWORD PTR SS:[LOCAL.24]
MOV DWORD PTR SS:[LOCAL.3],EDX
MOV EAX,DWORD PTR SS:[LOCAL.3]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR DS:[EAX+4]
MOV EAX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR DS:[EAX],ECX
MOV DWORD PTR DS:[EAX+4],EDX
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ESP,EBP
POP EBP
RETN 8
INT3
INT3
INT3
PUSH EBP

; SystemInf

MOV EBP,ESP
SUB ESP,24
MOV DWORD PTR SS:[LOCAL.9],ECX
LEA EAX,[LOCAL.3+3]
MOV DWORD PTR SS:[LOCAL.2],EAX
PUSH 0
PUSH 0
MOV ECX,DWORD PTR SS:[LOCAL.9]
CALL 0040FB60

;
;
;
;

/Arg2
|
|
|Arg1
\SystemIn

/Arg2 = 0
|Arg1 = 0
|
\SystemIn

fo.0040FB60
0042471B |. 8B45 DC
MOV EAX,DWORD PTR SS:[LOCAL.9]
0042471E |. 8BE5
MOV ESP,EBP
00424720 |. 5D
POP EBP
00424721 \. C2 0400
RETN 4
00424724
CC
INT3
00424725
CC
INT3
00424726
CC
INT3
00424727
CC
INT3
00424728
CC
INT3
00424729
CC
INT3
0042472A
CC
INT3
0042472B
CC
INT3
0042472C
CC
INT3
0042472D
CC
INT3
0042472E
CC
INT3
0042472F
CC
INT3
00424730 /$ 55
PUSH EBP
00424731 |. 8BEC
MOV EBP,ESP
00424733 |. 83EC 30
SUB ESP,30
00424736 |. 894D D0
MOV DWORD PTR SS:[LOCAL.12],ECX
00424739 |. 8D45 FF
LEA EAX,[LOCAL.1+3]
0042473C |. 50
PUSH EAX
0042473D |. 8D4D FE
LEA ECX,[LOCAL.1+2]
00424740 |. 51
PUSH ECX
00424741 |. 8B4D D0
MOV ECX,DWORD PTR SS:[LOCAL.12]
00424744 |. E8 A72C0000 CALL 004273F0
fo.004273F0
00424749 |. 8B45 D0
MOV EAX,DWORD PTR SS:[LOCAL.12]
0042474C |. 8BE5
MOV ESP,EBP
0042474E |. 5D
POP EBP
0042474F \. C3
RETN
00424750 /$ 55
PUSH EBP
o.00424750(guessed Arg1,Arg2,Arg3)
00424751 |. 8BEC
MOV EBP,ESP
00424753 |. 83EC 40
SUB ESP,40
00424756 |. 894D C0
MOV DWORD PTR SS:[LOCAL.16],ECX
00424759 |. 8D45 F7
LEA EAX,[LOCAL.3+3]
0042475C |. 8945 F8
MOV DWORD PTR SS:[LOCAL.2],EAX
0042475F |. 6A 00
PUSH 0
00424761 |. 6A 00
PUSH 0
00424763 |. 8B4D C0
MOV ECX,DWORD PTR SS:[LOCAL.16]
00424766 |. E8 F5B3FEFF CALL 0040FB60
fo.0040FB60
0042476B |. 0FB64D 0C
MOVZX ECX,BYTE PTR SS:[ARG.2]
0042476F |. 51
PUSH ECX
00424770 |. 8B55 08
MOV EDX,DWORD PTR SS:[ARG.1]
00424773 |. 52
PUSH EDX
[ARG.1]
00424774 |. 8B4D C0
MOV ECX,DWORD PTR SS:[LOCAL.16]
00424777 |. E8 C4AAFEFF CALL 0040F240
fo.0040F240
0042477C |. 8B45 C0
MOV EAX,DWORD PTR SS:[LOCAL.16]
0042477F |. 8BE5
MOV ESP,EBP
00424781 |. 5D
POP EBP
00424782 \. C2 0C00
RETN 0C
00424785
CC
INT3
00424786
CC
INT3
00424787
CC
INT3
00424788
CC
INT3

;
;
;
;
;

/Arg2
|
|Arg1
|
\SystemIn

; SystemInf

;
;
;
;

/Arg2 = 0
|Arg1 = 0
|
\SystemIn

; /Arg2
; |
; |Arg1 =>
; |
; \SystemIn

00424789
0042478A
0042478B
0042478C
0042478D
0042478E
0042478F
00424790 /.
00424791 |.
00424793 |.
00424796 |.
00424799 |.
0042479C |.
0042479F |.
004247A2 |.
004247A5 |.
004247A8 |.
fo.00422EE0
004247AD |.
004247B0 |.
004247B3 |.
004247B6 |.
004247B9 |.
004247BF |.
004247C2 |.
004247C8 |.
004247CB |.
ARG.ECX
004247CC |.
fo.0042DDC5
004247D1 |.
004247D4 |.
004247D7 |.
004247DA |.
004247DC |.
004247DF |.
004247E2 |.
004247E3 |.
004247E8 |.
004247EB |>
004247EE |.
004247F1 |.
004247F3 |.
004247F4 \.
004247F7
004247F8
004247F9
004247FA
004247FB
004247FC
004247FD
004247FE
004247FF
00424800 /.
00424801 |.
00424803 |.
00424805 |.
0042480A |.
00424810 |.
00424811 |.

CC
CC
CC
CC
CC
CC
CC
55
8BEC
83EC 20
894D E0
8B45 E0
83E8 54
8945 E4
8B4D E4
83C1 54
E8 33E7FFFF

INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
SUB ESP,20
MOV DWORD PTR
MOV EAX,DWORD
SUB EAX,54
MOV DWORD PTR
MOV ECX,DWORD
ADD ECX,54
CALL 00422EE0

8B4D
83C1
894D
8B55
C702
8B45
C700
8B4D
51

MOV ECX,DWORD
ADD ECX,54
MOV DWORD PTR
MOV EDX,DWORD
MOV DWORD PTR
MOV EAX,DWORD
MOV DWORD PTR
MOV ECX,DWORD
PUSH ECX

E4
54
E8
E8
008A4400
E8
F8894400
E8

SS:[LOCAL.8],ECX
PTR SS:[LOCAL.8]
SS:[LOCAL.7],EAX
PTR SS:[LOCAL.7]
; [SystemIn
PTR SS:[LOCAL.7]
SS:[LOCAL.6],ECX
PTR SS:[LOCAL.6]
DS:[EDX],OFFSET 00448A00
PTR SS:[LOCAL.6]
DS:[EAX],OFFSET 004489F8
PTR SS:[LOCAL.6]

E8 F4950000

CALL 0042DDC5

83C4 04
8B55 08
83E2 01
74 0F
8B45 E0
83E8 54
50
E8 32A10000
83C4 04
8B45 E0
83E8 54
8BE5
5D
C2 0400
CC
CC
CC
CC
CC
CC
CC
CC
CC
55
8BEC
6A FF
68 AB674400
64:A1 0000000
50
81EC A0000000

ADD ESP,4
MOV EDX,DWORD PTR
AND EDX,00000001
JE SHORT 004247EB
MOV EAX,DWORD PTR
SUB EAX,54
PUSH EAX
CALL 0042E91A
ADD ESP,4
MOV EAX,DWORD PTR
SUB EAX,54
MOV ESP,EBP
POP EBP
RETN 4
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
PUSH -1
PUSH 004467AB
MOV EAX,DWORD PTR
PUSH EAX
SUB ESP,0A0

; /Arg1 =>
; \SystemIn
SS:[ARG.1]
SS:[LOCAL.8]

SS:[LOCAL.8]

FS:[0]

00424817 |.
0042481C |.
0042481E |.
0042481F |.
00424822 |.
00424828 |.
0042482E |.
00424834 |.
0042483A |.
00424841 |.
00424847 |.
0042484B |.
0042484D |.
0042484F |.
00424855 |.
0042485A |>
00424861 |.
00424867 |.
fo.00426F80
0042486C |.
0042486F |.
00424872 |.
00424874 |.
0042487A |.
0042487B |.
00424880 |.
00424883 |>
00424889 |.
0042488C |.
00424893 |.
00424894 |.
00424896 |.
00424897 \.
0042489A
0042489B
0042489C
0042489D
0042489E
0042489F
004248A0 />
004248A1 |.
004248A3 |.
004248A5 |.
004248AA |.
004248B0 |.
004248B1 |.
004248B4 |.
004248B9 |.
004248BB |.
004248BC |.
004248BF |.
004248C5 |.
004248C8 |.
004248CF |.
004248D2 |.
004248D5 |.
fo.004059E0
004248DA |.
004248E1 |.
004248E4 |.

A1 A0154500
33C5
50
8D45 F4
64:A3 0000000
898D 54FFFFFF
8B85 54FFFFFF
C700 8C9B4400
C745 FC 00000
8B8D 54FFFFFF
0FB651 48
85D2
74 0B
8B8D 54FFFFFF
E8 06180000
C745 FC FFFFF
8B8D 54FFFFFF
E8 14270000

MOV EAX,DWORD PTR DS:[4515A0]


XOR EAX,EBP
PUSH EAX
LEA EAX,[LOCAL.3]
MOV DWORD PTR FS:[0],EAX
MOV DWORD PTR SS:[LOCAL.43],ECX
MOV EAX,DWORD PTR SS:[LOCAL.43]
MOV DWORD PTR DS:[EAX],OFFSET 00449B8C
MOV DWORD PTR SS:[LOCAL.1],0
MOV ECX,DWORD PTR SS:[LOCAL.43]
MOVZX EDX,BYTE PTR DS:[ECX+48]
TEST EDX,EDX
JE SHORT 0042485A
MOV ECX,DWORD PTR SS:[LOCAL.43]
CALL 00426060
MOV DWORD PTR SS:[LOCAL.1],-1
MOV ECX,DWORD PTR SS:[LOCAL.43]
CALL 00426F80

; [SystemIn

8B45 08
83E0 01
74 0F
8B8D 54FFFFFF
51
E8 9AA00000
83C4 04
8B85 54FFFFFF
8B4D F4
64:890D 00000
59
8BE5
5D
C2 0400
CC
CC
CC
CC
CC
CC
55
8BEC
6A FF
68 E0674400
64:A1 0000000
50
83EC 68
A1 A0154500
33C5
50
8D45 F4
64:A3 0000000
894D 8C
C745 FC 00000
8B4D 8C
83C1 28
E8 0611FEFF

MOV EAX,DWORD PTR SS:[ARG.1]


AND EAX,00000001
JE SHORT 00424883
MOV ECX,DWORD PTR SS:[LOCAL.43]
PUSH ECX
CALL 0042E91A
ADD ESP,4
MOV EAX,DWORD PTR SS:[LOCAL.43]
MOV ECX,DWORD PTR SS:[LOCAL.3]
MOV DWORD PTR FS:[0],ECX
POP ECX
MOV ESP,EBP
POP EBP
RETN 4
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
PUSH -1
PUSH 004467E0
MOV EAX,DWORD PTR FS:[0]
PUSH EAX
SUB ESP,68
MOV EAX,DWORD PTR DS:[4515A0]
XOR EAX,EBP
PUSH EAX
LEA EAX,[EBP-0C]
MOV DWORD PTR FS:[0],EAX
MOV DWORD PTR SS:[EBP-74],ECX
MOV DWORD PTR SS:[EBP-4],0
MOV ECX,DWORD PTR SS:[EBP-74]
ADD ECX,28
CALL 004059E0

; [SystemIn

C745 FC 01000 MOV DWORD PTR SS:[EBP-4],1


8B4D 8C
MOV ECX,DWORD PTR SS:[EBP-74]
E8 979EFEFF CALL 0040E780

; [SystemIn

fo.0040E780
004248E9 |. C745 FC FFFFF MOV DWORD PTR SS:[EBP-4],-1
004248F0 |. 6A 00
PUSH 0
004248F2 |. 6A 01
PUSH 1
004248F4 |. 8B4D 8C
MOV ECX,DWORD PTR SS:[EBP-74]
004248F7 |. E8 64B2FEFF CALL 0040FB60
fo.0040FB60
004248FC |. 8B4D F4
MOV ECX,DWORD PTR SS:[EBP-0C]
004248FF |. 64:890D 00000 MOV DWORD PTR FS:[0],ECX
00424906 |. 59
POP ECX
00424907 |. 8BE5
MOV ESP,EBP
00424909 |. 5D
POP EBP
0042490A \. C3
RETN
0042490B
CC
INT3
0042490C
CC
INT3
0042490D
CC
INT3
0042490E
CC
INT3
0042490F
CC
INT3
00424910 /$ 55
PUSH EBP
o.00424910(guessed Arg1,Arg2,Arg3)
00424911 |. 8BEC
MOV EBP,ESP
00424913 |. 83EC 18
SUB ESP,18
00424916 |. 894D F0
MOV DWORD PTR SS:[LOCAL.4],ECX
00424919 |. 837D 10 00
CMP DWORD PTR SS:[ARG.3],0
0042491D |. 75 13
JNE SHORT 00424932
0042491F |. 8B45 F0
MOV EAX,DWORD PTR SS:[LOCAL.4]
00424922 |. 8B4D 0C
MOV ECX,DWORD PTR SS:[ARG.2]
00424925 |. 3B48 14
CMP ECX,DWORD PTR DS:[EAX+14]
00424928 |. 77 08
JA SHORT 00424932
0042492A |. 8B45 0C
MOV EAX,DWORD PTR SS:[ARG.2]
0042492D |. E9 D9000000 JMP 00424A0B
00424932 |> 8B55 F0
MOV EDX,DWORD PTR SS:[LOCAL.4]
00424935 |. 8B45 0C
MOV EAX,DWORD PTR SS:[ARG.2]
00424938 |. 3B42 14
CMP EAX,DWORD PTR DS:[EDX+14]
0042493B |. 0F83 C7000000 JNB 00424A08
00424941 |. 8B4D F0
MOV ECX,DWORD PTR SS:[LOCAL.4]
00424944 |. 8B51 14
MOV EDX,DWORD PTR DS:[ECX+14]
00424947 |. 2B55 0C
SUB EDX,DWORD PTR SS:[ARG.2]
0042494A |. 8955 FC
MOV DWORD PTR SS:[LOCAL.1],EDX
0042494D |. 8B45 10
MOV EAX,DWORD PTR SS:[ARG.3]
00424950 |. 3B45 FC
CMP EAX,DWORD PTR SS:[LOCAL.1]
00424953 |. 0F87 AF000000 JA 00424A08
00424959 |. 8B4D 10
MOV ECX,DWORD PTR SS:[ARG.3]
0042495C |. 83E9 01
SUB ECX,1
0042495F |. 8B55 FC
MOV EDX,DWORD PTR SS:[LOCAL.1]
00424962 |. 2BD1
SUB EDX,ECX
00424964 |. 8955 FC
MOV DWORD PTR SS:[LOCAL.1],EDX
00424967 |. 8B45 F0
MOV EAX,DWORD PTR SS:[LOCAL.4]
0042496A |. 8378 18 10
CMP DWORD PTR DS:[EAX+18],10
0042496E |. 72 0B
JB SHORT 0042497B
00424970 |. 8B4D F0
MOV ECX,DWORD PTR SS:[LOCAL.4]
00424973 |. 8B51 04
MOV EDX,DWORD PTR DS:[ECX+4]
00424976 |. 8955 EC
MOV DWORD PTR SS:[LOCAL.5],EDX
00424979 |. EB 09
JMP SHORT 00424984
0042497B |> 8B45 F0
MOV EAX,DWORD PTR SS:[LOCAL.4]
0042497E |. 83C0 04
ADD EAX,4
00424981 |. 8945 EC
MOV DWORD PTR SS:[LOCAL.5],EAX
00424984 |> 8B4D EC
MOV ECX,DWORD PTR SS:[LOCAL.5]
00424987 |. 034D 0C
ADD ECX,DWORD PTR SS:[ARG.2]
0042498A |. 894D F4
MOV DWORD PTR SS:[LOCAL.3],ECX

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

; SystemInf

0042498D |.
0042498F |>
00424992 |.
00424995 |.
00424998 |.
0042499B |.
0042499D |.
004249A0 |.
004249A3 |.
004249A6 |.
004249A9 |>
004249AC |.
004249AD |.
004249B0 |.
004249B3 |.
004249B4 |.
004249B7 |.
004249B8 |.
fo.0042F6D0
004249BD |.
004249C0 |.
004249C3 |.
004249C7 |.
004249C9 |.
004249CC |.
004249CD |.
004249D0 |.
004249D1 |.
004249D4 |.
004249D5 |.
fo.0042F80B
004249DA |.
004249DD |.
004249DF |.^
004249E1 |.
004249E4 |.
004249E8 |.
004249EA |.
004249ED |.
004249F0 |.
004249F3 |.
004249F5 |>
004249F8 |.
004249FB |.
004249FE |>
00424A01 |.
00424A04 |.
00424A06 |>^
00424A08 |>
00424A0B |>
00424A0D |.
00424A0E \.
00424A11
00424A12
00424A13
00424A14
00424A15
00424A16
00424A17
00424A18

EB 1A
8B55 F8
2B55 F4
83C2 01
8B45 FC
2BC2
8945 FC
8B4D F8
83C1 01
894D F4
8B55 FC
52
8B45 08
0FBE08
51
8B55 F4
52
E8 13AD0000

JMP SHORT 004249A9


/MOV EDX,DWORD PTR SS:[EBP-8]
|SUB EDX,DWORD PTR SS:[EBP-0C]
|ADD EDX,1
|MOV EAX,DWORD PTR SS:[EBP-4]
|SUB EAX,EDX
|MOV DWORD PTR SS:[EBP-4],EAX
|MOV ECX,DWORD PTR SS:[EBP-8]
|ADD ECX,1
|MOV DWORD PTR SS:[EBP-0C],ECX
|MOV EDX,DWORD PTR SS:[EBP-4]
|PUSH EDX
|MOV EAX,DWORD PTR SS:[EBP+8]
|MOVSX ECX,BYTE PTR DS:[EAX]
|PUSH ECX
|MOV EDX,DWORD PTR SS:[EBP-0C]
|PUSH EDX
|CALL 0042F6D0

;
;
;
;
;
;
;

/Arg3
|
|
|Arg2
|
|Arg1
\SystemIn

83C4 0C
8945 F8
837D F8 00
74 3F
8B45 10
50
8B4D 08
51
8B55 F8
52
E8 31AE0000

|ADD ESP,0C
|MOV DWORD PTR SS:[EBP-8],EAX
|CMP DWORD PTR SS:[EBP-8],0
|JE SHORT 00424A08
|MOV EAX,DWORD PTR SS:[EBP+10]
|PUSH EAX
|MOV ECX,DWORD PTR SS:[EBP+8]
|PUSH ECX
|MOV EDX,DWORD PTR SS:[EBP-8]
|PUSH EDX
|CALL 0042F80B

;
;
;
;
;
;

/Arg3
|
|Arg2
|
|Arg1
\SystemIn

83C4 0C
85C0
75 25
8B45 F0
8378 18 10
72 0B
8B4D F0
8B51 04
8955 E8
EB 09
8B45 F0
83C0 04
8945 E8
8B45 F8
2B45 E8
EB 05
EB 87
83C8 FF
8BE5
5D
C2 0C00
CC
CC
CC
CC
CC
CC
CC
CC

|ADD ESP,0C
|TEST EAX,EAX
|JNE SHORT 00424A06
|MOV EAX,DWORD PTR SS:[EBP-10]
|CMP DWORD PTR DS:[EAX+18],10
|JB SHORT 004249F5
|MOV ECX,DWORD PTR SS:[EBP-10]
|MOV EDX,DWORD PTR DS:[ECX+4]
|MOV DWORD PTR SS:[EBP-18],EDX
|JMP SHORT 004249FE
|MOV EAX,DWORD PTR SS:[EBP-10]
|ADD EAX,4
|MOV DWORD PTR SS:[EBP-18],EAX
|MOV EAX,DWORD PTR SS:[EBP-8]
|SUB EAX,DWORD PTR SS:[EBP-18]
|JMP SHORT 00424A0B
\JMP SHORT 0042498F
OR EAX,FFFFFFFF
MOV ESP,EBP
POP EBP
RETN 0C
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3

00424A19
CC
INT3
00424A1A
CC
INT3
00424A1B
CC
INT3
00424A1C
CC
INT3
00424A1D
CC
INT3
00424A1E
CC
INT3
00424A1F
CC
INT3
00424A20 /$ 55
PUSH EBP
o.00424A20(guessed Arg1,Arg2,Arg3)
00424A21 |. 8BEC
MOV EBP,ESP
00424A23 |. 83EC 1C
SUB ESP,1C
00424A26 |. 894D F8
MOV DWORD PTR SS:[LOCAL.2],ECX
00424A29 |. 837D 10 00
CMP DWORD PTR SS:[ARG.3],0
00424A2D |. 75 24
JNE SHORT 00424A53
00424A2F |. 8B45 F8
MOV EAX,DWORD PTR SS:[LOCAL.2]
00424A32 |. 8B4D 0C
MOV ECX,DWORD PTR SS:[ARG.2]
00424A35 |. 3B48 14
CMP ECX,DWORD PTR DS:[EAX+14]
00424A38 |. 73 08
JNB SHORT 00424A42
00424A3A |. 8B55 0C
MOV EDX,DWORD PTR SS:[ARG.2]
00424A3D |. 8955 F4
MOV DWORD PTR SS:[LOCAL.3],EDX
00424A40 |. EB 09
JMP SHORT 00424A4B
00424A42 |> 8B45 F8
MOV EAX,DWORD PTR SS:[LOCAL.2]
00424A45 |. 8B48 14
MOV ECX,DWORD PTR DS:[EAX+14]
00424A48 |. 894D F4
MOV DWORD PTR SS:[LOCAL.3],ECX
00424A4B |> 8B45 F4
MOV EAX,DWORD PTR SS:[LOCAL.3]
00424A4E |. E9 EA000000 JMP 00424B3D
00424A53 |> 8B55 F8
MOV EDX,DWORD PTR SS:[LOCAL.2]
00424A56 |. 8B45 10
MOV EAX,DWORD PTR SS:[ARG.3]
00424A59 |. 3B42 14
CMP EAX,DWORD PTR DS:[EDX+14]
00424A5C |. 0F87 D8000000 JA 00424B3A
00424A62 |. 8B4D F8
MOV ECX,DWORD PTR SS:[LOCAL.2]
00424A65 |. 8B51 14
MOV EDX,DWORD PTR DS:[ECX+14]
00424A68 |. 2B55 10
SUB EDX,DWORD PTR SS:[ARG.3]
00424A6B |. 3955 0C
CMP DWORD PTR SS:[ARG.2],EDX
00424A6E |. 73 08
JNB SHORT 00424A78
00424A70 |. 8B45 0C
MOV EAX,DWORD PTR SS:[ARG.2]
00424A73 |. 8945 F0
MOV DWORD PTR SS:[LOCAL.4],EAX
00424A76 |. EB 0C
JMP SHORT 00424A84
00424A78 |> 8B4D F8
MOV ECX,DWORD PTR SS:[LOCAL.2]
00424A7B |. 8B51 14
MOV EDX,DWORD PTR DS:[ECX+14]
00424A7E |. 2B55 10
SUB EDX,DWORD PTR SS:[ARG.3]
00424A81 |. 8955 F0
MOV DWORD PTR SS:[LOCAL.4],EDX
00424A84 |> 8B45 F8
MOV EAX,DWORD PTR SS:[LOCAL.2]
00424A87 |. 8378 18 10
CMP DWORD PTR DS:[EAX+18],10
00424A8B |. 72 0B
JB SHORT 00424A98
00424A8D |. 8B4D F8
MOV ECX,DWORD PTR SS:[LOCAL.2]
00424A90 |. 8B51 04
MOV EDX,DWORD PTR DS:[ECX+4]
00424A93 |. 8955 EC
MOV DWORD PTR SS:[LOCAL.5],EDX
00424A96 |. EB 09
JMP SHORT 00424AA1
00424A98 |> 8B45 F8
MOV EAX,DWORD PTR SS:[LOCAL.2]
00424A9B |. 83C0 04
ADD EAX,4
00424A9E |. 8945 EC
MOV DWORD PTR SS:[LOCAL.5],EAX
00424AA1 |> 8B4D EC
MOV ECX,DWORD PTR SS:[LOCAL.5]
00424AA4 |. 034D F0
ADD ECX,DWORD PTR SS:[LOCAL.4]
00424AA7 |. 894D FC
MOV DWORD PTR SS:[LOCAL.1],ECX
00424AAA |. EB 09
JMP SHORT 00424AB5
00424AAC |> 8B55 FC
MOV EDX,DWORD PTR SS:[EBP-4]
00424AAF |. 83EA 01
SUB EDX,1
00424AB2 |. 8955 FC
MOV DWORD PTR SS:[EBP-4],EDX
00424AB5 |> 8B45 08
MOV EAX,DWORD PTR SS:[EBP+8]

; SystemInf

00424AB8 |.
00424ABB |.
00424ABE |.
00424AC1 |.
00424AC3 |.
00424AC5 |.
00424AC8 |.
00424ACB |.
00424ACD |.
00424ACF |.
00424AD2 |.
00424AD3 |.
00424AD6 |.
00424AD7 |.
00424ADA |.
00424ADB |.
fo.0042F80B
00424AE0 |.
00424AE3 |.
00424AE5 |.
00424AE7 |.
00424AEA |.
00424AEE |.
00424AF0 |.
00424AF3 |.
00424AF6 |.
00424AF9 |.
00424AFB |>
00424AFE |.
00424B01 |.
00424B04 |>
00424B07 |.
00424B0A |.
00424B0C |.^
00424B0E |>
00424B11 |.
00424B15 |.
00424B17 |.
00424B1A |.
00424B1D |.
00424B20 |.
00424B22 |>
00424B25 |.
00424B28 |.
00424B2B |>
00424B2E |.
00424B31 |.^
00424B33 |.
00424B35 |>^
00424B3A |>
00424B3D |>
00424B3F |.
00424B40 \.
00424B43
00424B44
00424B45
00424B46
00424B47
00424B48
00424B49

0FBE08
8B55 FC
0FBE02
33D2
3BC1
0F94C2
0FB6C2
85C0
74 3F
8B4D 10
51
8B55 08
52
8B45 FC
50
E8 2BAD0000

MOVSX ECX,BYTE PTR DS:[EAX]


MOV EDX,DWORD PTR SS:[EBP-4]
MOVSX EAX,BYTE PTR DS:[EDX]
XOR EDX,EDX
CMP EAX,ECX
SETE DL
MOVZX EAX,DL
TEST EAX,EAX
JE SHORT 00424B0E
MOV ECX,DWORD PTR SS:[EBP+10]
PUSH ECX
MOV EDX,DWORD PTR SS:[EBP+8]
PUSH EDX
MOV EAX,DWORD PTR SS:[EBP-4]
PUSH EAX
CALL 0042F80B

83C4 0C
85C0
75 27
8B4D F8
8379 18 10
72 0B
8B55 F8
8B42 04
8945 E8
EB 09
8B4D F8
83C1 04
894D E8
8B45 FC
2B45 E8
EB 31
EB 27
8B55 F8
837A 18 10
72 0B
8B45 F8
8B48 04
894D E4
EB 09
8B55 F8
83C2 04
8955 E4
8B45 FC
3B45 E4
75 02
EB 05
E9 72FFFFFF
83C8 FF
8BE5
5D
C2 0C00
CC
CC
CC
CC
CC
CC
CC

ADD ESP,0C
TEST EAX,EAX
JNE SHORT 00424B0E
MOV ECX,DWORD PTR SS:[EBP-8]
CMP DWORD PTR DS:[ECX+18],10
JB SHORT 00424AFB
MOV EDX,DWORD PTR SS:[EBP-8]
MOV EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[EBP-18],EAX
JMP SHORT 00424B04
MOV ECX,DWORD PTR SS:[EBP-8]
ADD ECX,4
MOV DWORD PTR SS:[EBP-18],ECX
MOV EAX,DWORD PTR SS:[EBP-4]
SUB EAX,DWORD PTR SS:[EBP-18]
JMP SHORT 00424B3D
JMP SHORT 00424B35
MOV EDX,DWORD PTR SS:[EBP-8]
CMP DWORD PTR DS:[EDX+18],10
JB SHORT 00424B22
MOV EAX,DWORD PTR SS:[EBP-8]
MOV ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[EBP-1C],ECX
JMP SHORT 00424B2B
MOV EDX,DWORD PTR SS:[EBP-8]
ADD EDX,4
MOV DWORD PTR SS:[EBP-1C],EDX
MOV EAX,DWORD PTR SS:[EBP-4]
CMP EAX,DWORD PTR SS:[EBP-1C]
JNE SHORT 00424B35
JMP SHORT 00424B3A
JMP 00424AAC
OR EAX,FFFFFFFF
MOV ESP,EBP
POP EBP
RETN 0C
INT3
INT3
INT3
INT3
INT3
INT3
INT3

;
;
;
;
;
;

/Arg3
|
|Arg2
|
|Arg1
\SystemIn

00424B4A
CC
INT3
00424B4B
CC
INT3
00424B4C
CC
INT3
00424B4D
CC
INT3
00424B4E
CC
INT3
00424B4F
CC
INT3
00424B50 /$ 55
PUSH EBP
o.00424B50(guessed Arg1,Arg2,Arg3)
00424B51 |. 8BEC
MOV EBP,ESP
00424B53 |. 83EC 18
SUB ESP,18
00424B56 |. 894D F4
MOV DWORD PTR SS:[LOCAL.3],ECX
00424B59 |. 8B45 F4
MOV EAX,DWORD PTR SS:[LOCAL.3]
00424B5C |. 8B4D 0C
MOV ECX,DWORD PTR SS:[ARG.2]
00424B5F |. 3B48 14
CMP ECX,DWORD PTR DS:[EAX+14]
00424B62 |. 0F83 A4000000 JNB 00424C0C
00424B68 |. 8B55 F4
MOV EDX,DWORD PTR SS:[LOCAL.3]
00424B6B |. 837A 18 10
CMP DWORD PTR DS:[EDX+18],10
00424B6F |. 72 0B
JB SHORT 00424B7C
00424B71 |. 8B45 F4
MOV EAX,DWORD PTR SS:[LOCAL.3]
00424B74 |. 8B48 04
MOV ECX,DWORD PTR DS:[EAX+4]
00424B77 |. 894D F0
MOV DWORD PTR SS:[LOCAL.4],ECX
00424B7A |. EB 09
JMP SHORT 00424B85
00424B7C |> 8B55 F4
MOV EDX,DWORD PTR SS:[LOCAL.3]
00424B7F |. 83C2 04
ADD EDX,4
00424B82 |. 8955 F0
MOV DWORD PTR SS:[LOCAL.4],EDX
00424B85 |> 8B45 F4
MOV EAX,DWORD PTR SS:[LOCAL.3]
00424B88 |. 8B4D F0
MOV ECX,DWORD PTR SS:[LOCAL.4]
00424B8B |. 0348 14
ADD ECX,DWORD PTR DS:[EAX+14]
00424B8E |. 894D FC
MOV DWORD PTR SS:[LOCAL.1],ECX
00424B91 |. 8B55 F4
MOV EDX,DWORD PTR SS:[LOCAL.3]
00424B94 |. 837A 18 10
CMP DWORD PTR DS:[EDX+18],10
00424B98 |. 72 0B
JB SHORT 00424BA5
00424B9A |. 8B45 F4
MOV EAX,DWORD PTR SS:[LOCAL.3]
00424B9D |. 8B48 04
MOV ECX,DWORD PTR DS:[EAX+4]
00424BA0 |. 894D EC
MOV DWORD PTR SS:[LOCAL.5],ECX
00424BA3 |. EB 09
JMP SHORT 00424BAE
00424BA5 |> 8B55 F4
MOV EDX,DWORD PTR SS:[LOCAL.3]
00424BA8 |. 83C2 04
ADD EDX,4
00424BAB |. 8955 EC
MOV DWORD PTR SS:[LOCAL.5],EDX
00424BAE |> 8B45 EC
MOV EAX,DWORD PTR SS:[LOCAL.5]
00424BB1 |. 0345 0C
ADD EAX,DWORD PTR SS:[ARG.2]
00424BB4 |. 8945 F8
MOV DWORD PTR SS:[LOCAL.2],EAX
00424BB7 |. EB 09
JMP SHORT 00424BC2
00424BB9 |> 8B4D F8
/MOV ECX,DWORD PTR SS:[EBP-8]
00424BBC |. 83C1 01
|ADD ECX,1
00424BBF |. 894D F8
|MOV DWORD PTR SS:[EBP-8],ECX
00424BC2 |> 8B55 F8
|MOV EDX,DWORD PTR SS:[EBP-8]
00424BC5 |. 3B55 FC
|CMP EDX,DWORD PTR SS:[EBP-4]
00424BC8 |. 73 42
|JNB SHORT 00424C0C
00424BCA |. 8B45 10
|MOV EAX,DWORD PTR SS:[EBP+10]
00424BCD |. 50
|PUSH EAX
00424BCE |. 8B4D F8
|MOV ECX,DWORD PTR SS:[EBP-8]
00424BD1 |. 0FBE11
|MOVSX EDX,BYTE PTR DS:[ECX]
00424BD4 |. 52
|PUSH EDX
00424BD5 |. 8B45 08
|MOV EAX,DWORD PTR SS:[EBP+8]
00424BD8 |. 50
|PUSH EAX
00424BD9 |. E8 F2AA0000 |CALL 0042F6D0
fo.0042F6D0
00424BDE |. 83C4 0C
|ADD ESP,0C
00424BE1 |. 85C0
|TEST EAX,EAX

; SystemInf

;
;
;
;
;
;
;

/Arg3
|
|
|Arg2
|
|Arg1
\SystemIn

00424BE3
00424BE5
00424BE8
00424BEC
00424BEE
00424BF1
00424BF4
00424BF7
00424BF9
00424BFC
00424BFF
00424C02
00424C05
00424C08
00424C0A
00424C0C
00424C0F
00424C11
00424C12
00424C15
00424C16
00424C17
00424C18
00424C19
00424C1A
00424C1B
00424C1C
00424C1D
00424C1E
00424C1F
00424C20
00424C21
00424C23
00424C24
00424C27
00424C2A
00424C2D
00424C2F
00424C32
00424C35
00424C38
00424C3A
00424C3D
00424C40
00424C42
00424C45
00424C48
00424C4B
00424C4D
00424C50
00424C53
00424C55
00424C57
00424C58
00424C59
00424C5A
00424C5B
00424C5C
00424C5D
00424C5E

|.^
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|>
|.
|.
|>^
|>
|>
|.
\.

/$
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
\.

75 25
8B4D F4
8379 18 10
72 0B
8B55 F4
8B42 04
8945 E8
EB 09
8B4D F4
83C1 04
894D E8
8B45 F8
2B45 E8
EB 05
EB AD
83C8 FF
8BE5
5D
C2 0C00
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
55
8BEC
51
894D FC
8B45 FC
8B48 30
8B11
83C2 01
8B45 FC
8B48 30
8911
8B55 FC
8B42 20
8B08
83E9 01
8B55 FC
8B42 20
8908
8B4D FC
8B51 20
8B02
8BE5
5D
C3
CC
CC
CC
CC
CC
CC

|JNE SHORT 00424C0A


|MOV ECX,DWORD PTR SS:[EBP-0C]
|CMP DWORD PTR DS:[ECX+18],10
|JB SHORT 00424BF9
|MOV EDX,DWORD PTR SS:[EBP-0C]
|MOV EAX,DWORD PTR DS:[EDX+4]
|MOV DWORD PTR SS:[EBP-18],EAX
|JMP SHORT 00424C02
|MOV ECX,DWORD PTR SS:[EBP-0C]
|ADD ECX,4
|MOV DWORD PTR SS:[EBP-18],ECX
|MOV EAX,DWORD PTR SS:[EBP-8]
|SUB EAX,DWORD PTR SS:[EBP-18]
|JMP SHORT 00424C0F
\JMP SHORT 00424BB9
OR EAX,FFFFFFFF
MOV ESP,EBP
POP EBP
RETN 0C
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
PUSH ECX
MOV DWORD PTR SS:[LOCAL.1],ECX
MOV EAX,DWORD PTR SS:[LOCAL.1]
MOV ECX,DWORD PTR DS:[EAX+30]
MOV EDX,DWORD PTR DS:[ECX]
ADD EDX,1
MOV EAX,DWORD PTR SS:[LOCAL.1]
MOV ECX,DWORD PTR DS:[EAX+30]
MOV DWORD PTR DS:[ECX],EDX
MOV EDX,DWORD PTR SS:[LOCAL.1]
MOV EAX,DWORD PTR DS:[EDX+20]
MOV ECX,DWORD PTR DS:[EAX]
SUB ECX,1
MOV EDX,DWORD PTR SS:[LOCAL.1]
MOV EAX,DWORD PTR DS:[EDX+20]
MOV DWORD PTR DS:[EAX],ECX
MOV ECX,DWORD PTR SS:[LOCAL.1]
MOV EDX,DWORD PTR DS:[ECX+20]
MOV EAX,DWORD PTR DS:[EDX]
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
INT3
INT3
INT3

00424C5F
CC
00424C60 /$ 55
o.00424C60(guessed Arg1)
00424C61 |. 8BEC
00424C63 |. 6A FF
00424C65 |. 68 08684400
00424C6A |. 64:A1 0000000
00424C70 |. 50
00424C71 |. 83EC 34
00424C74 |. A1 A0154500
00424C79 |. 33C5
00424C7B |. 50
00424C7C |. 8D45 F4
00424C7F |. 64:A3 0000000
00424C85 |. 894D C0
00424C88 |. 8B4D C0
00424C8B |. E8 A03B0000
fo.00428830
00424C90 |. C745 FC 00000
00424C97 |. 8B45 C0
00424C9A |. C700 DC9B4400
00424CA0 |. C745 E8 00000
00424CA7 |. 8B4D 08
00424CAA |. 83E1 01
00424CAD |. 75 09
00424CAF |. 8B55 E8
00424CB2 |. 83CA 04
00424CB5 |. 8955 E8
00424CB8 |> 8B45 08
00424CBB |. 83E0 02
00424CBE |. 75 09
00424CC0 |. 8B4D E8
00424CC3 |. 83C9 02
00424CC6 |. 894D E8
00424CC9 |> 8B55 08
00424CCC |. 83E2 08
00424CCF |. 74 09
00424CD1 |. 8B45 E8
00424CD4 |. 83C8 08
00424CD7 |. 8945 E8
00424CDA |> 8B4D 08
00424CDD |. 83E1 04
00424CE0 |. 74 09
00424CE2 |. 8B55 E8
00424CE5 |. 83CA 10
00424CE8 |. 8955 E8
00424CEB |> 8B45 C0
00424CEE |. C740 3C 00000
00424CF5 |. 8B4D C0
00424CF8 |. 8B55 E8
00424CFB |. 8951 40
00424CFE |. 33C0
00424D00 |. 0F84 FC000000
00424D06 |. 8B4D C0
00424D09 |. 8B51 40
00424D0C |. 83E2 06
00424D0F |. 83FA 06
00424D12 |. 0F84 EA000000
00424D18 |. 6A 00
00424D1A |. 8B4D C0

INT3
PUSH EBP

; SystemInf

MOV EBP,ESP
PUSH -1
PUSH 00446808
MOV EAX,DWORD PTR FS:[0]
PUSH EAX
SUB ESP,34
MOV EAX,DWORD PTR DS:[4515A0]
XOR EAX,EBP
PUSH EAX
LEA EAX,[LOCAL.3]
MOV DWORD PTR FS:[0],EAX
MOV DWORD PTR SS:[LOCAL.16],ECX
MOV ECX,DWORD PTR SS:[LOCAL.16]
CALL 00428830

; [SystemIn

MOV DWORD PTR SS:[LOCAL.1],0


MOV EAX,DWORD PTR SS:[LOCAL.16]
MOV DWORD PTR DS:[EAX],OFFSET 00449BDC
MOV DWORD PTR SS:[LOCAL.6],0
MOV ECX,DWORD PTR SS:[ARG.1]
AND ECX,00000001
JNE SHORT 00424CB8
MOV EDX,DWORD PTR SS:[LOCAL.6]
OR EDX,00000004
MOV DWORD PTR SS:[LOCAL.6],EDX
MOV EAX,DWORD PTR SS:[ARG.1]
AND EAX,00000002
JNE SHORT 00424CC9
MOV ECX,DWORD PTR SS:[LOCAL.6]
OR ECX,00000002
MOV DWORD PTR SS:[LOCAL.6],ECX
MOV EDX,DWORD PTR SS:[ARG.1]
AND EDX,00000008
JE SHORT 00424CDA
MOV EAX,DWORD PTR SS:[LOCAL.6]
OR EAX,00000008
MOV DWORD PTR SS:[LOCAL.6],EAX
MOV ECX,DWORD PTR SS:[ARG.1]
AND ECX,00000004
JE SHORT 00424CEB
MOV EDX,DWORD PTR SS:[LOCAL.6]
OR EDX,00000010
MOV DWORD PTR SS:[LOCAL.6],EDX
MOV EAX,DWORD PTR SS:[LOCAL.16]
MOV DWORD PTR DS:[EAX+3C],0
MOV ECX,DWORD PTR SS:[LOCAL.16]
MOV EDX,DWORD PTR SS:[LOCAL.6]
MOV DWORD PTR DS:[ECX+40],EDX
XOR EAX,EAX
JE 00424E02
MOV ECX,DWORD PTR SS:[LOCAL.16]
MOV EDX,DWORD PTR DS:[ECX+40]
AND EDX,00000006
CMP EDX,6
JE 00424E02
PUSH 0
MOV ECX,DWORD PTR SS:[LOCAL.16]

; /Arg1 = 0
; |

00424D1D |.
00424D20 |.
fo.00410160
00424D25 |.
00424D28 |.
00424D2B |.
00424D2E |.
00424D30 |.
00424D32 |.
00424D34 |.
00424D37 |.
[LOCAL.7]
00424D38 |.
fo.0042EA08
00424D3D |.
00424D40 |.
00424D43 |.
00424D46 |.
00424D49 |.
00424D4C |.
00424D4F |.
00424D52 |.
00424D54 |.
00424D57 |.
00424D5A |.
00424D5D |.
00424D5F |.
00424D62 |.
00424D65 |.
00424D68 |.
00424D6A |.
00424D6D |.
00424D70 |.
00424D73 |.
00424D76 |.
00424D78 |>
00424D7B |.
00424D7E |.
00424D81 |.
00424D83 |.
00424D86 |.
00424D89 |.
00424D8C |.
00424D8E |.
00424D91 |.
00424D94 |.
00424D96 |>
00424D99 |.
00424D9C |>
00424D9F |.
00424DA2 |.
00424DA5 |.
00424DA7 |.
00424DAA |.
00424DAD |.
00424DB0 |.
00424DB2 |.
00424DB5 |.
00424DB8 |.
00424DBB |.

83C1 44
E8 3BB4FEFF

ADD ECX,44
CALL 00410160

; |
; \SystemIn

8945 E4
8A45 CE
8845 CF
6A 00
6A 00
6A 00
8B4D E4
51

MOV DWORD PTR SS:[LOCAL.7],EAX


MOV AL,BYTE PTR SS:[LOCAL.13+2]
MOV BYTE PTR SS:[LOCAL.13+3],AL
PUSH 0
PUSH 0
PUSH 0
MOV ECX,DWORD PTR SS:[LOCAL.7]
PUSH ECX

;
;
;
;
;

E8 CB9C0000

CALL 0042EA08

; \SystemIn

83C4 10
8B55 E4
8B45 C0
8950 3C
8B4D C0
8B51 40
83E2 04
75 24
8B45 C0
8B48 10
8B55 E4
8911
8B45 C0
8B48 20
8B55 E4
8911
8B45 E4
2B45 E4
8B4D C0
8B51 30
8902
8B45 C0
8B48 40
83E1 02
75 70
8B55 C0
8B42 40
83E0 10
74 08
8B4D E4
894D C8
EB 06
8B55 E4
8955 C8
8B45 C0
8B48 14
8B55 E4
8911
8B45 C0
8B48 24
8B55 C8
8911
8B45 E4
2B45 C8
8B4D C0
8B51 34

ADD ESP,10
MOV EDX,DWORD PTR SS:[LOCAL.7]
MOV EAX,DWORD PTR SS:[LOCAL.16]
MOV DWORD PTR DS:[EAX+3C],EDX
MOV ECX,DWORD PTR SS:[LOCAL.16]
MOV EDX,DWORD PTR DS:[ECX+40]
AND EDX,00000004
JNE SHORT 00424D78
MOV EAX,DWORD PTR SS:[LOCAL.16]
MOV ECX,DWORD PTR DS:[EAX+10]
MOV EDX,DWORD PTR SS:[LOCAL.7]
MOV DWORD PTR DS:[ECX],EDX
MOV EAX,DWORD PTR SS:[LOCAL.16]
MOV ECX,DWORD PTR DS:[EAX+20]
MOV EDX,DWORD PTR SS:[LOCAL.7]
MOV DWORD PTR DS:[ECX],EDX
MOV EAX,DWORD PTR SS:[LOCAL.7]
SUB EAX,DWORD PTR SS:[LOCAL.7]
MOV ECX,DWORD PTR SS:[LOCAL.16]
MOV EDX,DWORD PTR DS:[ECX+30]
MOV DWORD PTR DS:[EDX],EAX
MOV EAX,DWORD PTR SS:[LOCAL.16]
MOV ECX,DWORD PTR DS:[EAX+40]
AND ECX,00000002
JNE SHORT 00424DF3
MOV EDX,DWORD PTR SS:[LOCAL.16]
MOV EAX,DWORD PTR DS:[EDX+40]
AND EAX,00000010
JE SHORT 00424D96
MOV ECX,DWORD PTR SS:[LOCAL.7]
MOV DWORD PTR SS:[LOCAL.14],ECX
JMP SHORT 00424D9C
MOV EDX,DWORD PTR SS:[LOCAL.7]
MOV DWORD PTR SS:[LOCAL.14],EDX
MOV EAX,DWORD PTR SS:[LOCAL.16]
MOV ECX,DWORD PTR DS:[EAX+14]
MOV EDX,DWORD PTR SS:[LOCAL.7]
MOV DWORD PTR DS:[ECX],EDX
MOV EAX,DWORD PTR SS:[LOCAL.16]
MOV ECX,DWORD PTR DS:[EAX+24]
MOV EDX,DWORD PTR SS:[LOCAL.14]
MOV DWORD PTR DS:[ECX],EDX
MOV EAX,DWORD PTR SS:[LOCAL.7]
SUB EAX,DWORD PTR SS:[LOCAL.14]
MOV ECX,DWORD PTR SS:[LOCAL.16]
MOV EDX,DWORD PTR DS:[ECX+34]

/Arg4
|Arg3
|Arg2
|
|Arg1

= 0
= 0
= 0
=>

00424DBE |. 8902
MOV DWORD PTR DS:[EDX],EAX
00424DC0 |. 8B45 C0
MOV EAX,DWORD PTR SS:[LOCAL.16]
00424DC3 |. 8B48 20
MOV ECX,DWORD PTR DS:[EAX+20]
00424DC6 |. 8B11
MOV EDX,DWORD PTR DS:[ECX]
00424DC8 |. 8955 C4
MOV DWORD PTR SS:[LOCAL.15],EDX
00424DCB |. 837D C4 00
CMP DWORD PTR SS:[LOCAL.15],0
00424DCF |. 75 22
JNE SHORT 00424DF3
00424DD1 |. 8B45 C0
MOV EAX,DWORD PTR SS:[LOCAL.16]
00424DD4 |. 8B48 10
MOV ECX,DWORD PTR DS:[EAX+10]
00424DD7 |. 8B55 E4
MOV EDX,DWORD PTR SS:[LOCAL.7]
00424DDA |. 8911
MOV DWORD PTR DS:[ECX],EDX
00424DDC |. 8B45 C0
MOV EAX,DWORD PTR SS:[LOCAL.16]
00424DDF |. 8B48 20
MOV ECX,DWORD PTR DS:[EAX+20]
00424DE2 |. C701 00000000 MOV DWORD PTR DS:[ECX],0
00424DE8 |. 8B55 E4
MOV EDX,DWORD PTR SS:[LOCAL.7]
00424DEB |. 8B45 C0
MOV EAX,DWORD PTR SS:[LOCAL.16]
00424DEE |. 8B48 30
MOV ECX,DWORD PTR DS:[EAX+30]
00424DF1 |. 8911
MOV DWORD PTR DS:[ECX],EDX
00424DF3 |> 8B55 C0
MOV EDX,DWORD PTR SS:[LOCAL.16]
00424DF6 |. 8B42 40
MOV EAX,DWORD PTR DS:[EDX+40]
00424DF9 |. 83C8 01
OR EAX,00000001
00424DFC |. 8B4D C0
MOV ECX,DWORD PTR SS:[LOCAL.16]
00424DFF |. 8941 40
MOV DWORD PTR DS:[ECX+40],EAX
00424E02 |> C745 FC FFFFF MOV DWORD PTR SS:[LOCAL.1],-1
00424E09 |. 8B45 C0
MOV EAX,DWORD PTR SS:[LOCAL.16]
00424E0C |. 8B4D F4
MOV ECX,DWORD PTR SS:[LOCAL.3]
00424E0F |. 64:890D 00000 MOV DWORD PTR FS:[0],ECX
00424E16 |. 59
POP ECX
00424E17 |. 8BE5
MOV ESP,EBP
00424E19 |. 5D
POP EBP
00424E1A \. C2 0400
RETN 4
00424E1D
CC
INT3
00424E1E
CC
INT3
00424E1F
CC
INT3
00424E20 /$ 55
PUSH EBP
o.00424E20(guessed Arg1,Arg2)
00424E21 |. 8BEC
MOV EBP,ESP
00424E23 |. 6A FF
PUSH -1
00424E25 |. 68 98684400 PUSH 00446898
00424E2A |. 64:A1 0000000 MOV EAX,DWORD PTR FS:[0]
00424E30 |. 50
PUSH EAX
00424E31 |. 83EC 3C
SUB ESP,3C
00424E34 |. A1 A0154500 MOV EAX,DWORD PTR DS:[4515A0]
00424E39 |. 33C5
XOR EAX,EBP
00424E3B |. 50
PUSH EAX
00424E3C |. 8D45 F4
LEA EAX,[LOCAL.3]
00424E3F |. 64:A3 0000000 MOV DWORD PTR FS:[0],EAX
00424E45 |. 894D C8
MOV DWORD PTR SS:[LOCAL.14],ECX
00424E48 |. 8D45 D1
LEA EAX,[LOCAL.12+1]
00424E4B |. 8945 EC
MOV DWORD PTR SS:[LOCAL.5],EAX
00424E4E |. 8D4D D2
LEA ECX,[LOCAL.12+2]
00424E51 |. 894D E4
MOV DWORD PTR SS:[LOCAL.7],ECX
00424E54 |. 8D55 D3
LEA EDX,[LOCAL.12+3]
00424E57 |. 8955 DC
MOV DWORD PTR SS:[LOCAL.9],EDX
00424E5A |. 51
PUSH ECX
00424E5B |. 8BC4
MOV EAX,ESP
00424E5D |. 8965 D8
MOV DWORD PTR SS:[LOCAL.10],ESP
00424E60 |. 8945 D4
MOV DWORD PTR SS:[LOCAL.11],EAX
00424E63 |. 8B4D 08
MOV ECX,DWORD PTR SS:[ARG.1]
00424E66 |. 0FB611
MOVZX EDX,BYTE PTR DS:[ECX]

; SystemInf

;
;
;
;
;
;

/Arg2
|
|
|
|
|

00424E69 |. 52
PUSH EDX
00424E6A |. 8B4D C8
MOV ECX,DWORD PTR SS:[LOCAL.14]
00424E6D |. E8 4E7D0000 CALL 0042CBC0
fo.0042CBC0
00424E72 |. 8945 C4
MOV DWORD PTR SS:[LOCAL.15],EAX
00424E75 |. 8B45 C8
MOV EAX,DWORD PTR SS:[LOCAL.14]
00424E78 |. 8945 C0
MOV DWORD PTR SS:[LOCAL.16],EAX
00424E7B |. 8B4D C8
MOV ECX,DWORD PTR SS:[LOCAL.14]
00424E7E |. 894D BC
MOV DWORD PTR SS:[LOCAL.17],ECX
00424E81 |. 8B55 C8
MOV EDX,DWORD PTR SS:[LOCAL.14]
00424E84 |. 8955 B8
MOV DWORD PTR SS:[LOCAL.18],EDX
00424E87 |. C745 FC 00000 MOV DWORD PTR SS:[LOCAL.1],0
00424E8E |. 8B4D C8
MOV ECX,DWORD PTR SS:[LOCAL.14]
00424E91 |. E8 7A3F0000 CALL 00428E10
00424E96 |. C745 FC FFFFF MOV DWORD PTR SS:[LOCAL.1],-1
00424E9D |. 8B45 C8
MOV EAX,DWORD PTR SS:[LOCAL.14]
00424EA0 |. 8B4D F4
MOV ECX,DWORD PTR SS:[LOCAL.3]
00424EA3 |. 64:890D 00000 MOV DWORD PTR FS:[0],ECX
00424EAA |. 59
POP ECX
00424EAB |. 8BE5
MOV ESP,EBP
00424EAD |. 5D
POP EBP
00424EAE \. C2 0800
RETN 8
00424EB1
CC
INT3
00424EB2
CC
INT3
00424EB3
CC
INT3
00424EB4
CC
INT3
00424EB5
CC
INT3
00424EB6
CC
INT3
00424EB7
CC
INT3
00424EB8
CC
INT3
00424EB9
CC
INT3
00424EBA
CC
INT3
00424EBB
CC
INT3
00424EBC
CC
INT3
00424EBD
CC
INT3
00424EBE
CC
INT3
00424EBF
CC
INT3
00424EC0 /$ 55
PUSH EBP
o.00424EC0(guessed Arg1,Arg2,Arg3,Arg4)
00424EC1 |. 8BEC
MOV EBP,ESP
00424EC3 |. 6A FF
PUSH -1
00424EC5 |. 68 38544400 PUSH 00445438
00424ECA |. 64:A1 0000000 MOV EAX,DWORD PTR FS:[0]
00424ED0 |. 50
PUSH EAX
00424ED1 |. 81EC C8000000 SUB ESP,0C8
00424ED7 |. A1 A0154500 MOV EAX,DWORD PTR DS:[4515A0]
00424EDC |. 33C5
XOR EAX,EBP
00424EDE |. 50
PUSH EAX
00424EDF |. 8D45 F4
LEA EAX,[LOCAL.3]
00424EE2 |. 64:A3 0000000 MOV DWORD PTR FS:[0],EAX
00424EE8 |. 898D 30FFFFFF MOV DWORD PTR SS:[LOCAL.52],ECX
00424EEE |. C745 A4 49922 MOV DWORD PTR SS:[LOCAL.23],9249249
00424EF5 |. 837D A4 00
CMP DWORD PTR SS:[LOCAL.23],0
00424EF9 |. 76 0B
JBE SHORT 00424F06
00424EFB |. 8B45 A4
MOV EAX,DWORD PTR SS:[LOCAL.23]
00424EFE |. 8985 2CFFFFFF MOV DWORD PTR SS:[LOCAL.53],EAX
00424F04 |. EB 0A
JMP SHORT 00424F10
00424F06 |> C785 2CFFFFFF MOV DWORD PTR SS:[LOCAL.53],1
00424F10 |> 8B8D 2CFFFFFF MOV ECX,DWORD PTR SS:[LOCAL.53]
00424F16 |. 83E9 01
SUB ECX,1

; |Arg1
; |
; \SystemIn

; SystemInf

00424F19 |. 8B95 30FFFFFF


00424F1F |. 3B4A 1C
00424F22 |. 77 48
00424F24 |. 68 1C884400
SCII "map/set<T> too long"
00424F29 |. 8D4D A8
00424F2C |. E8 BF9CFEFF
fo.0040EBF0
00424F31 |. C745 FC 00000
00424F38 |. 8D45 A8
00424F3B |. 50
OFFSET LOCAL.22
00424F3C |. 8D4D C4
00424F3F |. E8 FC3BFEFF
fo.00408B40
00424F44 |. C745 C4 14884
00424F4B |. 68 20D44400
ystemInfo.44D420
00424F50 |. 8D4D C4
00424F53 |. 51
OFFSET LOCAL.15
00424F54 |. E8 CC990000
fo.0042E925
00424F59 |. C745 FC FFFFF
00424F60 |. 6A 00
00424F62 |. 6A 01
00424F64 |. 8D4D A8
00424F67 |. E8 F4ABFEFF
fo.0040FB60
00424F6C |> 6A 00
00424F6E |. 8B55 14
00424F71 |. 52
[ARG.4]
00424F72 |. 8B85 30FFFFFF
00424F78 |. 8B48 18
00424F7B |. 51
[ARG.ECX+18]
00424F7C |. 8B55 10
00424F7F |. 52
[ARG.3]
00424F80 |. 8B85 30FFFFFF
00424F86 |. 8B48 18
00424F89 |. 51
[ARG.ECX+18]
00424F8A |. 8B8D 30FFFFFF
00424F90 |. E8 4B400000
fo.00428FE0
00424F95 |. 8945 F0
00424F98 |. 8B95 30FFFFFF
00424F9E |. 8B42 1C
00424FA1 |. 83C0 01
00424FA4 |. 8B8D 30FFFFFF
00424FAA |. 8941 1C
00424FAD |. 8B95 30FFFFFF
00424FB3 |. 8B45 10
00424FB6 |. 3B42 18
00424FB9 |. 75 34
00424FBB |. 8B8D 30FFFFFF
00424FC1 |. 8B51 18
00424FC4 |. 8B45 F0

MOV EDX,DWORD PTR SS:[LOCAL.52]


CMP ECX,DWORD PTR DS:[EDX+1C]
JA SHORT 00424F6C
PUSH OFFSET 0044881C

; /Arg1 = A

LEA ECX,[LOCAL.22]
CALL 0040EBF0

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.1],0


LEA EAX,[LOCAL.22]
PUSH EAX

; /Arg1 =>

LEA ECX,[LOCAL.15]
CALL 00408B40

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.15],OFFSET 00448


PUSH OFFSET 0044D420
; /Arg2 = S
LEA ECX,[LOCAL.15]
PUSH ECX

; |
; |Arg1 =>

CALL 0042E925

; \SystemIn

MOV DWORD PTR SS:[LOCAL.1],-1


PUSH 0
PUSH 1
LEA ECX,[LOCAL.22]
CALL 0040FB60

;
;
;
;

PUSH 0
MOV EDX,DWORD PTR SS:[ARG.4]
PUSH EDX

; /Arg5 = 0
; |
; |Arg4 =>

MOV EAX,DWORD PTR SS:[LOCAL.52]


MOV ECX,DWORD PTR DS:[EAX+18]
PUSH ECX

; |
; |
; |Arg3 =>

MOV EDX,DWORD PTR SS:[ARG.3]


PUSH EDX

; |
; |Arg2 =>

MOV EAX,DWORD PTR SS:[LOCAL.52]


MOV ECX,DWORD PTR DS:[EAX+18]
PUSH ECX

; |
; |
; |Arg1 =>

MOV ECX,DWORD PTR SS:[LOCAL.52]


CALL 00428FE0

; |
; \SystemIn

MOV
MOV
MOV
ADD
MOV
MOV
MOV
MOV
CMP
JNE
MOV
MOV
MOV

DWORD PTR SS:[LOCAL.4],EAX


EDX,DWORD PTR SS:[LOCAL.52]
EAX,DWORD PTR DS:[EDX+1C]
EAX,1
ECX,DWORD PTR SS:[LOCAL.52]
DWORD PTR DS:[ECX+1C],EAX
EDX,DWORD PTR SS:[LOCAL.52]
EAX,DWORD PTR SS:[ARG.3]
EAX,DWORD PTR DS:[EDX+18]
SHORT 00424FEF
ECX,DWORD PTR SS:[LOCAL.52]
EDX,DWORD PTR DS:[ECX+18]
EAX,DWORD PTR SS:[LOCAL.4]

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

00424FC7
00424FCA
00424FD0
00424FD3
00424FD6
00424FD9
00424FDC
00424FDE
00424FE4
00424FE7
00424FEA
00424FED
00424FEF
00424FF3
00424FF5
00424FF7
00424FFA
00424FFD
00424FFF
00425005
00425008
0042500B
0042500E
00425011
00425013
00425015
0042501B
0042501E
00425021
00425024
00425027
00425029
0042502B
0042502E
00425031
00425034
0042503A
0042503D
00425040
00425043
00425045
0042504B
0042504E
00425051
00425054
00425057
0042505A
0042505D
00425060
00425064
00425066
0042506C
0042506F
00425072
00425075
00425078
0042507B
0042507D
00425080
00425083

|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.

8942 04
8B8D 30FFFFFF
8B51 18
8955 90
8B45 90
8B4D F0
8908
8B95 30FFFFFF
8B42 18
8B4D F0
8948 08
EB 65
0FB655 0C
85D2
74 34
8B45 10
8B4D F0
8908
8B95 30FFFFFF
8B42 18
8945 8C
8B4D 8C
8B55 10
3B11
75 14
8B85 30FFFFFF
8B48 18
894D 88
8B55 88
8B45 F0
8902
EB 29
8B4D 10
8B55 F0
8951 08
8B85 30FFFFFF
8B48 18
8B55 10
3B51 08
75 0F
8B85 30FFFFFF
8B48 18
8B55 F0
8951 08
8B45 F0
8945 EC
8B4D EC
8B51 04
0FBE42 28
85C0
0F85 C9010000
8B4D EC
8B51 04
83C2 04
8955 84
8B45 84
8B08
894D 80
8B55 EC
8B45 80

MOV DWORD PTR DS:[EDX+4],EAX


MOV ECX,DWORD PTR SS:[LOCAL.52]
MOV EDX,DWORD PTR DS:[ECX+18]
MOV DWORD PTR SS:[LOCAL.28],EDX
MOV EAX,DWORD PTR SS:[LOCAL.28]
MOV ECX,DWORD PTR SS:[LOCAL.4]
MOV DWORD PTR DS:[EAX],ECX
MOV EDX,DWORD PTR SS:[LOCAL.52]
MOV EAX,DWORD PTR DS:[EDX+18]
MOV ECX,DWORD PTR SS:[LOCAL.4]
MOV DWORD PTR DS:[EAX+8],ECX
JMP SHORT 00425054
MOVZX EDX,BYTE PTR SS:[ARG.2]
TEST EDX,EDX
JE SHORT 0042502B
MOV EAX,DWORD PTR SS:[ARG.3]
MOV ECX,DWORD PTR SS:[LOCAL.4]
MOV DWORD PTR DS:[EAX],ECX
MOV EDX,DWORD PTR SS:[LOCAL.52]
MOV EAX,DWORD PTR DS:[EDX+18]
MOV DWORD PTR SS:[LOCAL.29],EAX
MOV ECX,DWORD PTR SS:[LOCAL.29]
MOV EDX,DWORD PTR SS:[ARG.3]
CMP EDX,DWORD PTR DS:[ECX]
JNE SHORT 00425029
MOV EAX,DWORD PTR SS:[LOCAL.52]
MOV ECX,DWORD PTR DS:[EAX+18]
MOV DWORD PTR SS:[LOCAL.30],ECX
MOV EDX,DWORD PTR SS:[LOCAL.30]
MOV EAX,DWORD PTR SS:[LOCAL.4]
MOV DWORD PTR DS:[EDX],EAX
JMP SHORT 00425054
MOV ECX,DWORD PTR SS:[ARG.3]
MOV EDX,DWORD PTR SS:[LOCAL.4]
MOV DWORD PTR DS:[ECX+8],EDX
MOV EAX,DWORD PTR SS:[LOCAL.52]
MOV ECX,DWORD PTR DS:[EAX+18]
MOV EDX,DWORD PTR SS:[ARG.3]
CMP EDX,DWORD PTR DS:[ECX+8]
JNE SHORT 00425054
MOV EAX,DWORD PTR SS:[LOCAL.52]
MOV ECX,DWORD PTR DS:[EAX+18]
MOV EDX,DWORD PTR SS:[LOCAL.4]
MOV DWORD PTR DS:[ECX+8],EDX
MOV EAX,DWORD PTR SS:[LOCAL.4]
MOV DWORD PTR SS:[LOCAL.5],EAX
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV EDX,DWORD PTR DS:[ECX+4]
MOVSX EAX,BYTE PTR DS:[EDX+28]
TEST EAX,EAX
JNE 00425235
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV EDX,DWORD PTR DS:[ECX+4]
ADD EDX,4
MOV DWORD PTR SS:[LOCAL.31],EDX
MOV EAX,DWORD PTR SS:[LOCAL.31]
MOV ECX,DWORD PTR DS:[EAX]
MOV DWORD PTR SS:[LOCAL.32],ECX
MOV EDX,DWORD PTR SS:[LOCAL.5]
MOV EAX,DWORD PTR SS:[LOCAL.32]

00425086 |.
00425089 |.
0042508B |.
00425091 |.
00425094 |.
00425097 |.
0042509A |.
004250A0 |.
004250A6 |.
004250A8 |.
004250AB |.
004250AE |.
004250B1 |.
004250B5 |.
004250B7 |.
004250B9 |.
004250BC |.
004250BF |.
004250C3 |.
004250C6 |.
004250CA |.
004250CD |.
004250D0 |.
004250D3 |.
004250D9 |.
004250DF |.
004250E1 |.
004250E5 |.
004250E8 |.
004250EB |.
004250EE |.
004250F1 |.^
004250F3 |>
004250F6 |.
004250F9 |.
004250FC |.
004250FF |.
00425101 |.
00425104 |.
00425107 |.
0042510A |.
0042510D |.
[LOCAL.5]
0042510E |.
00425114 |.
fo.00428E80
00425119 |>
0042511C |.
0042511F |.
00425123 |.
00425126 |.
00425129 |.
0042512C |.
00425132 |.
00425138 |.
0042513A |.
0042513E |.
00425141 |.
00425144 |.
00425147 |.

8B4A 04
3B08
0F85 C7000000
8B55 EC
8B42 04
83C0 04
8985 7CFFFFFF
8B8D 7CFFFFFF
8B11
8B42 08
8945 10
8B4D 10
0FBE51 28
85D2
75 3A
8B45 EC
8B48 04
C641 28 01
8B55 10
C642 28 01
8B45 EC
8B48 04
83C1 04
898D 78FFFFFF
8B95 78FFFFFF
8B02
C640 28 00
8B4D EC
8B51 04
8B42 04
8945 EC
EB 60
8B4D EC
8B51 04
8B45 EC
3B42 08
75 18
8B4D EC
8B51 04
8955 EC
8B45 EC
50

MOV ECX,DWORD PTR DS:[EDX+4]


CMP ECX,DWORD PTR DS:[EAX]
JNE 00425158
MOV EDX,DWORD PTR SS:[LOCAL.5]
MOV EAX,DWORD PTR DS:[EDX+4]
ADD EAX,4
MOV DWORD PTR SS:[LOCAL.33],EAX
MOV ECX,DWORD PTR SS:[LOCAL.33]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR DS:[EDX+8]
MOV DWORD PTR SS:[ARG.3],EAX
MOV ECX,DWORD PTR SS:[ARG.3]
MOVSX EDX,BYTE PTR DS:[ECX+28]
TEST EDX,EDX
JNE SHORT 004250F3
MOV EAX,DWORD PTR SS:[LOCAL.5]
MOV ECX,DWORD PTR DS:[EAX+4]
MOV BYTE PTR DS:[ECX+28],1
MOV EDX,DWORD PTR SS:[ARG.3]
MOV BYTE PTR DS:[EDX+28],1
MOV EAX,DWORD PTR SS:[LOCAL.5]
MOV ECX,DWORD PTR DS:[EAX+4]
ADD ECX,4
MOV DWORD PTR SS:[LOCAL.34],ECX
MOV EDX,DWORD PTR SS:[LOCAL.34]
MOV EAX,DWORD PTR DS:[EDX]
MOV BYTE PTR DS:[EAX+28],0
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV EDX,DWORD PTR DS:[ECX+4]
MOV EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.5],EAX
JMP SHORT 00425153
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV EDX,DWORD PTR DS:[ECX+4]
MOV EAX,DWORD PTR SS:[LOCAL.5]
CMP EAX,DWORD PTR DS:[EDX+8]
JNE SHORT 00425119
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[LOCAL.5],EDX
MOV EAX,DWORD PTR SS:[LOCAL.5]
PUSH EAX

; /Arg1 =>

8B8D 30FFFFFF MOV ECX,DWORD PTR SS:[LOCAL.52]


E8 673D0000 CALL 00428E80

; |
; \SystemIn

8B4D
8B51
C642
8B45
8B48
83C1
898D
8B95
8B02
C640
8B4D
8B51
8B42
50

; /Arg1

EC
04
28 01
EC
04
04
68FFFFFF
68FFFFFF
28 00
EC
04
04

MOV ECX,DWORD PTR SS:[LOCAL.5]


MOV EDX,DWORD PTR DS:[ECX+4]
MOV BYTE PTR DS:[EDX+28],1
MOV EAX,DWORD PTR SS:[LOCAL.5]
MOV ECX,DWORD PTR DS:[EAX+4]
ADD ECX,4
MOV DWORD PTR SS:[LOCAL.38],ECX
MOV EDX,DWORD PTR SS:[LOCAL.38]
MOV EAX,DWORD PTR DS:[EDX]
MOV BYTE PTR DS:[EAX+28],0
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV EDX,DWORD PTR DS:[ECX+4]
MOV EAX,DWORD PTR DS:[EDX+4]
PUSH EAX

00425148 |.
0042514E |.
fo.00428F30
00425153 |>^
00425158 |>
0042515B |.
0042515E |.
00425161 |.
00425167 |.
0042516D |.
0042516F |.
00425175 |.
0042517B |.
0042517D |.
00425180 |.
00425183 |.
00425187 |.
00425189 |.
0042518B |.
0042518E |.
00425191 |.
00425195 |.
00425198 |.
0042519C |.
0042519F |.
004251A2 |.
004251A5 |.
004251AB |.
004251B1 |.
004251B3 |.
004251B7 |.
004251BA |.
004251BD |.
004251C0 |.
004251C3 |.^
004251C5 |>
004251C8 |.
004251CB |.
004251D1 |.
004251D7 |.
004251DA |.
004251DC |.
004251DE |.
004251E1 |.
004251E4 |.
004251E7 |.
004251EA |.
[LOCAL.5]
004251EB |.
004251F1 |.
fo.00428F30
004251F6 |>
004251F9 |.
004251FC |.
00425200 |.
00425203 |.
00425206 |.
00425209 |.
0042520F |.
00425215 |.

8B8D 30FFFFFF MOV ECX,DWORD PTR SS:[LOCAL.52]


E8 DD3D0000 CALL 00428F30

; |
; \SystemIn

E9 D8000000
8B4D EC
8B51 04
83C2 04
8995 5CFFFFFF
8B85 5CFFFFFF
8B08
898D 58FFFFFF
8B95 58FFFFFF
8B02
8945 10
8B4D 10
0FBE51 28
85D2
75 3A
8B45 EC
8B48 04
C641 28 01
8B55 10
C642 28 01
8B45 EC
8B48 04
83C1 04
898D 54FFFFFF
8B95 54FFFFFF
8B02
C640 28 00
8B4D EC
8B51 04
8B42 04
8945 EC
EB 6B
8B4D EC
8B51 04
8995 50FFFFFF
8B85 50FFFFFF
8B4D EC
3B08
75 18
8B55 EC
8B42 04
8945 EC
8B4D EC
51

; /Arg1 =>

JMP 00425230
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV EDX,DWORD PTR DS:[ECX+4]
ADD EDX,4
MOV DWORD PTR SS:[LOCAL.41],EDX
MOV EAX,DWORD PTR SS:[LOCAL.41]
MOV ECX,DWORD PTR DS:[EAX]
MOV DWORD PTR SS:[LOCAL.42],ECX
MOV EDX,DWORD PTR SS:[LOCAL.42]
MOV EAX,DWORD PTR DS:[EDX]
MOV DWORD PTR SS:[ARG.3],EAX
MOV ECX,DWORD PTR SS:[ARG.3]
MOVSX EDX,BYTE PTR DS:[ECX+28]
TEST EDX,EDX
JNE SHORT 004251C5
MOV EAX,DWORD PTR SS:[LOCAL.5]
MOV ECX,DWORD PTR DS:[EAX+4]
MOV BYTE PTR DS:[ECX+28],1
MOV EDX,DWORD PTR SS:[ARG.3]
MOV BYTE PTR DS:[EDX+28],1
MOV EAX,DWORD PTR SS:[LOCAL.5]
MOV ECX,DWORD PTR DS:[EAX+4]
ADD ECX,4
MOV DWORD PTR SS:[LOCAL.43],ECX
MOV EDX,DWORD PTR SS:[LOCAL.43]
MOV EAX,DWORD PTR DS:[EDX]
MOV BYTE PTR DS:[EAX+28],0
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV EDX,DWORD PTR DS:[ECX+4]
MOV EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.5],EAX
JMP SHORT 00425230
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[LOCAL.44],EDX
MOV EAX,DWORD PTR SS:[LOCAL.44]
MOV ECX,DWORD PTR SS:[LOCAL.5]
CMP ECX,DWORD PTR DS:[EAX]
JNE SHORT 004251F6
MOV EDX,DWORD PTR SS:[LOCAL.5]
MOV EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.5],EAX
MOV ECX,DWORD PTR SS:[LOCAL.5]
PUSH ECX

8B8D 30FFFFFF MOV ECX,DWORD PTR SS:[LOCAL.52]


E8 3A3D0000 CALL 00428F30
8B55
8B42
C640
8B4D
8B51
83C2
8995
8B85
8B08

EC
04
28 01
EC
04
04
44FFFFFF
44FFFFFF

MOV
MOV
MOV
MOV
MOV
ADD
MOV
MOV
MOV

EDX,DWORD PTR SS:[LOCAL.5]


EAX,DWORD PTR DS:[EDX+4]
BYTE PTR DS:[EAX+28],1
ECX,DWORD PTR SS:[LOCAL.5]
EDX,DWORD PTR DS:[ECX+4]
EDX,4
DWORD PTR SS:[LOCAL.47],EDX
EAX,DWORD PTR SS:[LOCAL.47]
ECX,DWORD PTR DS:[EAX]

; |
; \SystemIn

00425217 |.
0042521B |.
0042521E |.
00425221 |.
00425224 |.
00425225 |.
0042522B |.
fo.00428E80
00425230 |>^
00425235 |>
0042523B |.
0042523E |.
00425241 |.
00425247 |.
0042524D |.
0042524F |.
00425253 |.
00425256 |.
0042525C |.
0042525F |.
00425262 |.
00425265 |.
0042526C |.
0042526E |.
00425273 |>
00425275 |.^
00425277 |.
0042527A |.
00425280 |.
00425282 |.
00425284 |.
00425287 |.
0042528A |.
00425291 |.
00425292 |.
00425294 |.
00425295 \.
00425298
00425299
0042529A
0042529B
0042529C
0042529D
0042529E
0042529F
004252A0 /$
004252A1 |.
004252A3 |.
004252A9 |.
004252AF |.
004252B5 |.
004252B8 |.
004252BB |.
004252C2 |.
004252C5 |.
004252C8 |.
004252CF |.
004252D1 |.
004252D6 |>
004252D8 |.^

C641 28 00
8B55 EC
8B42 04
8B48 04
51
8B8D 30FFFFFF
E8 503C0000

MOV BYTE PTR DS:[ECX+28],0


MOV EDX,DWORD PTR SS:[LOCAL.5]
MOV EAX,DWORD PTR DS:[EDX+4]
MOV ECX,DWORD PTR DS:[EAX+4]
PUSH ECX
MOV ECX,DWORD PTR SS:[LOCAL.52]
CALL 00428E80

E9 25FEFFFF
8B95 30FFFFFF
8B42 18
83C0 04
8985 34FFFFFF
8B8D 34FFFFFF
8B11
C642 28 01
8B45 08
C700 00000000
8B4D 08
8B55 F0
8951 04
83BD 30FFFFFF
75 05
E8 15960000
33C0
75 FC
8B4D 08
8B95 30FFFFFF
8B02
8901
8B45 08
8B4D F4
64:890D 00000
59
8BE5
5D
C2 1000
CC
CC
CC
CC
CC
CC
CC
CC
55
8BEC
81EC 90000000
898D 70FFFFFF
8B85 70FFFFFF
8B48 18
894D D4
C745 F0 00000
8B55 D4
8955 F4
83BD 70FFFFFF
75 05
E8 B2950000
33C0
75 FC

JMP 0042505A
MOV EDX,DWORD PTR SS:[LOCAL.52]
MOV EAX,DWORD PTR DS:[EDX+18]
ADD EAX,4
MOV DWORD PTR SS:[LOCAL.51],EAX
MOV ECX,DWORD PTR SS:[LOCAL.51]
MOV EDX,DWORD PTR DS:[ECX]
MOV BYTE PTR DS:[EDX+28],1
MOV EAX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR DS:[EAX],0
MOV ECX,DWORD PTR SS:[ARG.1]
MOV EDX,DWORD PTR SS:[LOCAL.4]
MOV DWORD PTR DS:[ECX+4],EDX
CMP DWORD PTR SS:[LOCAL.52],0
JNE SHORT 00425273
CALL 0042E888
/XOR EAX,EAX
\JNE SHORT 00425273
MOV ECX,DWORD PTR SS:[ARG.1]
MOV EDX,DWORD PTR SS:[LOCAL.52]
MOV EAX,DWORD PTR DS:[EDX]
MOV DWORD PTR DS:[ECX],EAX
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ECX,DWORD PTR SS:[LOCAL.3]
MOV DWORD PTR FS:[0],ECX
POP ECX
MOV ESP,EBP
POP EBP
RETN 10
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
SUB ESP,90
MOV DWORD PTR SS:[LOCAL.36],ECX
MOV EAX,DWORD PTR SS:[LOCAL.36]
MOV ECX,DWORD PTR DS:[EAX+18]
MOV DWORD PTR SS:[LOCAL.11],ECX
MOV DWORD PTR SS:[LOCAL.4],0
MOV EDX,DWORD PTR SS:[LOCAL.11]
MOV DWORD PTR SS:[LOCAL.3],EDX
CMP DWORD PTR SS:[LOCAL.36],0
JNE SHORT 004252D6
CALL 0042E888
/XOR EAX,EAX
\JNE SHORT 004252D6

; /Arg1
; |
; \SystemIn

004252DA |. 8B8D 70FFFFFF


004252E0 |. 8B11
004252E2 |. 8955 F0
004252E5 |. 8B45 F0
004252E8 |. 8B4D F4
004252EB |. 8945 F8
004252EE |. 894D FC
004252F1 |. 8B95 70FFFFFF
004252F7 |. 8B42 18
004252FA |. 8945 D0
004252FD |. 8B4D D0
00425300 |. 8B11
00425302 |. 8955 CC
00425305 |. C745 E0 00000
0042530C |. 8B45 CC
0042530F |. 8945 E4
00425312 |. 83BD 70FFFFFF
00425319 |. 75 05
0042531B |. E8 68950000
00425320 |> 33C9
00425322 |.^ 75 FC
00425324 |. 8B95 70FFFFFF
0042532A |. 8B02
0042532C |. 8945 E0
0042532F |. 8B4D E0
00425332 |. 8B55 E4
00425335 |. 894D E8
00425338 |. 8955 EC
0042533B |. 8B45 FC
0042533E |. 50
[ARG.ECX+18]
0042533F |. 8B4D F8
00425342 |. 51
[ARG.ECX]
00425343 |. 8B55 EC
00425346 |. 52
[LOCAL.13]
00425347 |. 8B45 E8
0042534A |. 50
[ARG.ECX]
0042534B |. 8D4D D8
0042534E |. 51
OFFSET LOCAL.10
0042534F |. 8B8D 70FFFFFF
00425355 |. E8 B6380000
fo.00428C10
0042535A |. 8B95 70FFFFFF
00425360 |. 8B42 18
00425363 |. 8985 78FFFFFF
00425369 |. 8B8D 70FFFFFF
0042536F |. 8B51 18
00425372 |. 8995 74FFFFFF
00425378 |. 8B85 74FFFFFF
0042537E |. 50
0042537F |. E8 96950000
00425384 |. 83C4 04
00425387 |. 8B8D 70FFFFFF
0042538D |. C741 18 00000
00425394 |. 8B95 70FFFFFF
0042539A |. C742 1C 00000

MOV ECX,DWORD PTR SS:[LOCAL.36]


MOV EDX,DWORD PTR DS:[ECX]
MOV DWORD PTR SS:[LOCAL.4],EDX
MOV EAX,DWORD PTR SS:[LOCAL.4]
MOV ECX,DWORD PTR SS:[LOCAL.3]
MOV DWORD PTR SS:[LOCAL.2],EAX
MOV DWORD PTR SS:[LOCAL.1],ECX
MOV EDX,DWORD PTR SS:[LOCAL.36]
MOV EAX,DWORD PTR DS:[EDX+18]
MOV DWORD PTR SS:[LOCAL.12],EAX
MOV ECX,DWORD PTR SS:[LOCAL.12]
MOV EDX,DWORD PTR DS:[ECX]
MOV DWORD PTR SS:[LOCAL.13],EDX
MOV DWORD PTR SS:[LOCAL.8],0
MOV EAX,DWORD PTR SS:[LOCAL.13]
MOV DWORD PTR SS:[LOCAL.7],EAX
CMP DWORD PTR SS:[LOCAL.36],0
JNE SHORT 00425320
CALL 0042E888
/XOR ECX,ECX
\JNE SHORT 00425320
MOV EDX,DWORD PTR SS:[LOCAL.36]
MOV EAX,DWORD PTR DS:[EDX]
MOV DWORD PTR SS:[LOCAL.8],EAX
MOV ECX,DWORD PTR SS:[LOCAL.8]
MOV EDX,DWORD PTR SS:[LOCAL.7]
MOV DWORD PTR SS:[LOCAL.6],ECX
MOV DWORD PTR SS:[LOCAL.5],EDX
MOV EAX,DWORD PTR SS:[LOCAL.1]
PUSH EAX

; /Arg5 =>

MOV ECX,DWORD PTR SS:[LOCAL.2]


PUSH ECX

; |
; |Arg4 =>

MOV EDX,DWORD PTR SS:[LOCAL.5]


PUSH EDX

; |
; |Arg3 =>

MOV EAX,DWORD PTR SS:[LOCAL.6]


PUSH EAX

; |
; |Arg2 =>

LEA ECX,[LOCAL.10]
PUSH ECX

; |
; |Arg1 =>

MOV ECX,DWORD PTR SS:[LOCAL.36]


CALL 00428C10

; |
; \SystemIn

MOV EDX,DWORD
MOV EAX,DWORD
MOV DWORD PTR
MOV ECX,DWORD
MOV EDX,DWORD
MOV DWORD PTR
MOV EAX,DWORD
PUSH EAX
CALL 0042E91A
ADD ESP,4
MOV ECX,DWORD
MOV DWORD PTR
MOV EDX,DWORD
MOV DWORD PTR

PTR SS:[LOCAL.36]
PTR DS:[EDX+18]
SS:[LOCAL.34],EAX
PTR SS:[LOCAL.36]
PTR DS:[ECX+18]
SS:[LOCAL.35],EDX
PTR SS:[LOCAL.35]

PTR SS:[LOCAL.36]
DS:[ECX+18],0
PTR SS:[LOCAL.36]
DS:[EDX+1C],0

004253A1 |. 8BE5
MOV ESP,EBP
004253A3 |. 5D
POP EBP
004253A4 \. C3
RETN
004253A5
CC
INT3
004253A6
CC
INT3
004253A7
CC
INT3
004253A8
CC
INT3
004253A9
CC
INT3
004253AA
CC
INT3
004253AB
CC
INT3
004253AC
CC
INT3
004253AD
CC
INT3
004253AE
CC
INT3
004253AF
CC
INT3
004253B0 /$ 55
PUSH EBP
o.004253B0(guessed Arg1,Arg2,Arg3,Arg4)
004253B1 |. 8BEC
MOV EBP,ESP
004253B3 |. 81EC E8000000 SUB ESP,0E8
004253B9 |. 898D 34FFFFFF MOV DWORD PTR SS:[LOCAL.51],ECX
004253BF |. 8B45 10
MOV EAX,DWORD PTR SS:[ARG.3]
004253C2 |. 50
PUSH EAX
[ARG.3]
004253C3 |. 8B8D 34FFFFFF MOV ECX,DWORD PTR SS:[LOCAL.51]
004253C9 |. E8 22A7FEFF CALL 0040FAF0
fo.0040FAF0
004253CE |. 0FB6C8
MOVZX ECX,AL
004253D1 |. 85C9
TEST ECX,ECX
004253D3 |. 74 59
JE SHORT 0042542E
004253D5 |. 8B95 34FFFFFF MOV EDX,DWORD PTR SS:[LOCAL.51]
004253DB |. 837A 18 10
CMP DWORD PTR DS:[EDX+18],10
004253DF |. 72 11
JB SHORT 004253F2
004253E1 |. 8B85 34FFFFFF MOV EAX,DWORD PTR SS:[LOCAL.51]
004253E7 |. 8B48 04
MOV ECX,DWORD PTR DS:[EAX+4]
004253EA |. 898D 30FFFFFF MOV DWORD PTR SS:[LOCAL.52],ECX
004253F0 |. EB 0F
JMP SHORT 00425401
004253F2 |> 8B95 34FFFFFF MOV EDX,DWORD PTR SS:[LOCAL.51]
004253F8 |. 83C2 04
ADD EDX,4
004253FB |. 8995 30FFFFFF MOV DWORD PTR SS:[LOCAL.52],EDX
00425401 |> 8B45 14
MOV EAX,DWORD PTR SS:[ARG.4]
00425404 |. 50
PUSH EAX
[ARG.4]
00425405 |. 8B4D 10
MOV ECX,DWORD PTR SS:[ARG.3]
00425408 |. 2B8D 30FFFFFF SUB ECX,DWORD PTR SS:[LOCAL.52]
0042540E |. 51
PUSH ECX
0042540F |. 8B95 34FFFFFF MOV EDX,DWORD PTR SS:[LOCAL.51]
00425415 |. 52
PUSH EDX
ARG.ECX
00425416 |. 8B45 0C
MOV EAX,DWORD PTR SS:[ARG.2]
00425419 |. 50
PUSH EAX
[ARG.2]
0042541A |. 8B4D 08
MOV ECX,DWORD PTR SS:[ARG.1]
0042541D |. 51
PUSH ECX
[ARG.1]
0042541E |. 8B8D 34FFFFFF MOV ECX,DWORD PTR SS:[LOCAL.51]
00425424 |. E8 F7020000 CALL 00425720
fo.00425720
00425429 |. E9 EA020000 JMP 00425718
0042542E |> 8B95 34FFFFFF MOV EDX,DWORD PTR SS:[LOCAL.51]
00425434 |. 8B42 14
MOV EAX,DWORD PTR DS:[EDX+14]
00425437 |. 3B45 08
CMP EAX,DWORD PTR SS:[ARG.1]

; SystemInf

; /Arg1 =>
; |
; \SystemIn

; /Arg5 =>
;
;
;
;
;

|
|
|Arg4
|
|Arg3 =>

; |
; |Arg2 =>
; |
; |Arg1 =>
; |
; \SystemIn

0042543A
0042543C
00425441
00425447
0042544A
0042544D
00425450
00425452
00425458
0042545B
0042545E
00425461
00425467
0042546A
00425470
00425473
00425476
00425478
0042547A
0042547F
00425485
00425488
0042548B
0042548E
00425491
00425494
00425497
0042549D
004254A3
004254A7
004254A9
004254AF
004254B2
004254B8
004254BA
004254C0
004254C3
004254C9
004254CF
004254D3
004254D5
004254DB
004254DE
004254E4
004254E6
004254EC
004254EF
004254F5
004254FB
004254FE
00425501
00425504
0042550A
00425510
00425513
00425516
0042551C
00425522
00425528
0042552B

|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|>
|.
|.
|.
|.
|.
|.
|>
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.

73 05
E8 24880000
8B8D 34FFFFFF
8B51 14
2B55 08
3B55 0C
73 0F
8B85 34FFFFFF
8B48 14
2B4D 08
894D 0C
8B15 AC874400
2B55 14
8B85 34FFFFFF
8B48 14
2B4D 0C
3BD1
77 05
E8 AE870000
8B95 34FFFFFF
8B42 14
2B45 0C
2B45 08
8945 FC
8B4D 14
3B4D 0C
0F83 B2000000
8B95 34FFFFFF
837A 18 10
72 11
8B85 34FFFFFF
8B48 04
898D 2CFFFFFF
EB 0F
8B95 34FFFFFF
83C2 04
8995 2CFFFFFF
8B85 34FFFFFF
8378 18 10
72 11
8B8D 34FFFFFF
8B51 04
8995 28FFFFFF
EB 0F
8B85 34FFFFFF
83C0 04
8985 28FFFFFF
8B8D 34FFFFFF
8B51 18
2B55 08
2B55 14
8995 54FFFFFF
8B85 28FFFFFF
0345 08
0345 14
8985 58FFFFFF
8A8D 5EFFFFFF
888D 5FFFFFFF
8B55 FC
52

JNB SHORT 00425441


CALL 0042DC65
MOV ECX,DWORD PTR SS:[LOCAL.51]
MOV EDX,DWORD PTR DS:[ECX+14]
SUB EDX,DWORD PTR SS:[ARG.1]
CMP EDX,DWORD PTR SS:[ARG.2]
JNB SHORT 00425461
MOV EAX,DWORD PTR SS:[LOCAL.51]
MOV ECX,DWORD PTR DS:[EAX+14]
SUB ECX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR SS:[ARG.2],ECX
MOV EDX,DWORD PTR DS:[4487AC]
SUB EDX,DWORD PTR SS:[ARG.4]
MOV EAX,DWORD PTR SS:[LOCAL.51]
MOV ECX,DWORD PTR DS:[EAX+14]
SUB ECX,DWORD PTR SS:[ARG.2]
CMP EDX,ECX
JA SHORT 0042547F
CALL 0042DC2D
MOV EDX,DWORD PTR SS:[LOCAL.51]
MOV EAX,DWORD PTR DS:[EDX+14]
SUB EAX,DWORD PTR SS:[ARG.2]
SUB EAX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR SS:[LOCAL.1],EAX
MOV ECX,DWORD PTR SS:[ARG.4]
CMP ECX,DWORD PTR SS:[ARG.2]
JNB 0042554F
MOV EDX,DWORD PTR SS:[LOCAL.51]
CMP DWORD PTR DS:[EDX+18],10
JB SHORT 004254BA
MOV EAX,DWORD PTR SS:[LOCAL.51]
MOV ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.53],ECX
JMP SHORT 004254C9
MOV EDX,DWORD PTR SS:[LOCAL.51]
ADD EDX,4
MOV DWORD PTR SS:[LOCAL.53],EDX
MOV EAX,DWORD PTR SS:[LOCAL.51]
CMP DWORD PTR DS:[EAX+18],10
JB SHORT 004254E6
MOV ECX,DWORD PTR SS:[LOCAL.51]
MOV EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[LOCAL.54],EDX
JMP SHORT 004254F5
MOV EAX,DWORD PTR SS:[LOCAL.51]
ADD EAX,4
MOV DWORD PTR SS:[LOCAL.54],EAX
MOV ECX,DWORD PTR SS:[LOCAL.51]
MOV EDX,DWORD PTR DS:[ECX+18]
SUB EDX,DWORD PTR SS:[ARG.1]
SUB EDX,DWORD PTR SS:[ARG.4]
MOV DWORD PTR SS:[LOCAL.43],EDX
MOV EAX,DWORD PTR SS:[LOCAL.54]
ADD EAX,DWORD PTR SS:[ARG.1]
ADD EAX,DWORD PTR SS:[ARG.4]
MOV DWORD PTR SS:[LOCAL.42],EAX
MOV CL,BYTE PTR SS:[LOCAL.41+2]
MOV BYTE PTR SS:[LOCAL.41+3],CL
MOV EDX,DWORD PTR SS:[LOCAL.1]
PUSH EDX

; /Arg4 =>

[LOCAL.1]
0042552C |.
00425532 |.
00425535 |.
00425538 |.
00425539 |.
0042553F |.
[LOCAL.43]
00425540 |.
00425546 |.
[LOCAL.42]
00425547 |.
fo.0042F7A3
0042554C |.
0042554F |>
00425553 |.
00425555 |.
00425559 |.
0042555F |>
00425565 |.
00425568 |.
0042556B |.
0042556E |.
00425571 |.
00425573 |.
00425576 |.
[LOCAL.2]
00425577 |.
0042557D |.
fo.0040F9F0
00425582 |.
00425585 |.
00425587 |.
0042558D |.
00425590 |.
00425593 |.
00425599 |.
0042559F |.
004255A3 |.
004255A5 |.
004255AB |.
004255AE |.
004255B4 |.
004255B6 |>
004255BC |.
004255BF |.
004255C5 |>
004255CB |.
004255CF |.
004255D1 |.
004255D7 |.
004255DA |.
004255E0 |.
004255E2 |>
004255E8 |.
004255EB |.
004255F1 |>
004255F7 |.
004255FA |.
004255FD |.

8B85
0345
0345
50
8B8D
51

2CFFFFFF MOV EAX,DWORD PTR


08
ADD EAX,DWORD PTR
0C
ADD EAX,DWORD PTR
PUSH EAX
54FFFFFF MOV ECX,DWORD PTR
PUSH ECX

SS:[LOCAL.53]
SS:[ARG.1]
SS:[ARG.2]
SS:[LOCAL.43]

;
;
;
;
;
;

|
|
|
|Arg3
|
|Arg2 =>

8B95 58FFFFFF MOV EDX,DWORD PTR SS:[LOCAL.42]


52
PUSH EDX

; |
; |Arg1 =>

E8 57A20000

CALL 0042F7A3

; \SystemIn

83C4 10
837D 14 00
77 0A
837D 0C 00
0F86 B3010000
8B85 34FFFFFF
8B48 14
034D 14
2B4D 0C
894D F8
6A 00
8B55 F8
52

ADD ESP,10
CMP DWORD PTR SS:[ARG.4],0
JA SHORT 0042555F
CMP DWORD PTR SS:[ARG.2],0
JBE 00425712
MOV EAX,DWORD PTR SS:[LOCAL.51]
MOV ECX,DWORD PTR DS:[EAX+14]
ADD ECX,DWORD PTR SS:[ARG.4]
SUB ECX,DWORD PTR SS:[ARG.2]
MOV DWORD PTR SS:[LOCAL.2],ECX
PUSH 0
MOV EDX,DWORD PTR SS:[LOCAL.2]
PUSH EDX

; /Arg2 = 0
; |
; |Arg1 =>

8B8D 34FFFFFF MOV ECX,DWORD PTR SS:[LOCAL.51]


E8 6EA4FEFF CALL 0040F9F0

; |
; \SystemIn

0FB6C0
85C0
0F84 85010000
8B4D 0C
3B4D 14
0F83 B2000000
8B95 34FFFFFF
837A 18 10
72 11
8B85 34FFFFFF
8B48 04
898D 24FFFFFF
EB 0F
8B95 34FFFFFF
83C2 04
8995 24FFFFFF
8B85 34FFFFFF
8378 18 10
72 11
8B8D 34FFFFFF
8B51 04
8995 20FFFFFF
EB 0F
8B85 34FFFFFF
83C0 04
8985 20FFFFFF
8B8D 34FFFFFF
8B51 18
2B55 08
2B55 14

MOVZX EAX,AL
TEST EAX,EAX
JE 00425712
MOV ECX,DWORD PTR SS:[ARG.2]
CMP ECX,DWORD PTR SS:[ARG.4]
JNB 0042564B
MOV EDX,DWORD PTR SS:[LOCAL.51]
CMP DWORD PTR DS:[EDX+18],10
JB SHORT 004255B6
MOV EAX,DWORD PTR SS:[LOCAL.51]
MOV ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.55],ECX
JMP SHORT 004255C5
MOV EDX,DWORD PTR SS:[LOCAL.51]
ADD EDX,4
MOV DWORD PTR SS:[LOCAL.55],EDX
MOV EAX,DWORD PTR SS:[LOCAL.51]
CMP DWORD PTR DS:[EAX+18],10
JB SHORT 004255E2
MOV ECX,DWORD PTR SS:[LOCAL.51]
MOV EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[LOCAL.56],EDX
JMP SHORT 004255F1
MOV EAX,DWORD PTR SS:[LOCAL.51]
ADD EAX,4
MOV DWORD PTR SS:[LOCAL.56],EAX
MOV ECX,DWORD PTR SS:[LOCAL.51]
MOV EDX,DWORD PTR DS:[ECX+18]
SUB EDX,DWORD PTR SS:[ARG.1]
SUB EDX,DWORD PTR SS:[ARG.4]

00425600 |.
00425606 |.
0042560C |.
0042560F |.
00425612 |.
00425618 |.
0042561E |.
00425624 |.
00425627 |.
[LOCAL.1]
00425628 |.
0042562E |.
00425631 |.
00425634 |.
00425635 |.
0042563B |.
[LOCAL.46]
0042563C |.
00425642 |.
[LOCAL.45]
00425643 |.
fo.0042F7A3
00425648 |.
0042564B |>
00425651 |.
00425655 |.
00425657 |.
0042565D |.
00425660 |.
00425666 |.
00425668 |>
0042566E |.
00425671 |.
00425677 |>
0042567D |.
00425680 |.
00425683 |.
00425689 |.
0042568F |.
00425692 |.
00425698 |.
0042569E |.
004256A4 |.
004256A7 |.
[ARG.4]
004256A8 |.
004256AB |.
[ARG.3]
004256AC |.
004256B2 |.
[LOCAL.49]
004256B3 |.
004256B9 |.
[LOCAL.48]
004256BA |.
fo.0042EA08
004256BF |.
004256C2 |.
004256C9 |.
004256CF |.

8995
8B85
0345
0345
8985
8A8D
888D
8B55
52

48FFFFFF
20FFFFFF
08
14
4CFFFFFF
52FFFFFF
53FFFFFF
FC

MOV DWORD PTR SS:[LOCAL.46],EDX


MOV EAX,DWORD PTR SS:[LOCAL.56]
ADD EAX,DWORD PTR SS:[ARG.1]
ADD EAX,DWORD PTR SS:[ARG.4]
MOV DWORD PTR SS:[LOCAL.45],EAX
MOV CL,BYTE PTR SS:[LOCAL.44+2]
MOV BYTE PTR SS:[LOCAL.44+3],CL
MOV EDX,DWORD PTR SS:[LOCAL.1]
PUSH EDX

8B85
0345
0345
50
8B8D
51

24FFFFFF MOV EAX,DWORD PTR


08
ADD EAX,DWORD PTR
0C
ADD EAX,DWORD PTR
PUSH EAX
48FFFFFF MOV ECX,DWORD PTR
PUSH ECX

SS:[LOCAL.55]
SS:[ARG.1]
SS:[ARG.2]
SS:[LOCAL.46]

; /Arg4 =>
;
;
;
;
;
;

|
|
|
|Arg3
|
|Arg2 =>

8B95 4CFFFFFF MOV EDX,DWORD PTR SS:[LOCAL.45]


52
PUSH EDX

; |
; |Arg1 =>

E8 5BA10000

CALL 0042F7A3

; \SystemIn

83C4 10
8B85 34FFFFFF
8378 18 10
72 11
8B8D 34FFFFFF
8B51 04
8995 1CFFFFFF
EB 0F
8B85 34FFFFFF
83C0 04
8985 1CFFFFFF
8B8D 34FFFFFF
8B51 18
2B55 08
8995 3CFFFFFF
8B85 1CFFFFFF
0345 08
8985 40FFFFFF
8A8D 46FFFFFF
888D 47FFFFFF
8B55 14
52

ADD ESP,10
MOV EAX,DWORD PTR SS:[LOCAL.51]
CMP DWORD PTR DS:[EAX+18],10
JB SHORT 00425668
MOV ECX,DWORD PTR SS:[LOCAL.51]
MOV EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[LOCAL.57],EDX
JMP SHORT 00425677
MOV EAX,DWORD PTR SS:[LOCAL.51]
ADD EAX,4
MOV DWORD PTR SS:[LOCAL.57],EAX
MOV ECX,DWORD PTR SS:[LOCAL.51]
MOV EDX,DWORD PTR DS:[ECX+18]
SUB EDX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR SS:[LOCAL.49],EDX
MOV EAX,DWORD PTR SS:[LOCAL.57]
ADD EAX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR SS:[LOCAL.48],EAX
MOV CL,BYTE PTR SS:[LOCAL.47+2]
MOV BYTE PTR SS:[LOCAL.47+3],CL
MOV EDX,DWORD PTR SS:[ARG.4]
PUSH EDX

; /Arg4 =>

8B45 10
50

MOV EAX,DWORD PTR SS:[ARG.3]


PUSH EAX

; |
; |Arg3 =>

8B8D 3CFFFFFF MOV ECX,DWORD PTR SS:[LOCAL.49]


51
PUSH ECX

; |
; |Arg2 =>

8B95 40FFFFFF MOV EDX,DWORD PTR SS:[LOCAL.48]


52
PUSH EDX

; |
; |Arg1 =>

E8 49930000

CALL 0042EA08

; \SystemIn

83C4
C685
8B85
8B4D

ADD
MOV
MOV
MOV

10
3BFFFFFF
34FFFFFF
F8

ESP,10
BYTE PTR SS:[LOCAL.50+3],0
EAX,DWORD PTR SS:[LOCAL.51]
ECX,DWORD PTR SS:[LOCAL.2]

004256D2 |. 8948 14
MOV DWORD PTR DS:[EAX+14],ECX
004256D5 |. 8B95 34FFFFFF MOV EDX,DWORD PTR SS:[LOCAL.51]
004256DB |. 837A 18 10
CMP DWORD PTR DS:[EDX+18],10
004256DF |. 72 11
JB SHORT 004256F2
004256E1 |. 8B85 34FFFFFF MOV EAX,DWORD PTR SS:[LOCAL.51]
004256E7 |. 8B48 04
MOV ECX,DWORD PTR DS:[EAX+4]
004256EA |. 898D 18FFFFFF MOV DWORD PTR SS:[LOCAL.58],ECX
004256F0 |. EB 0F
JMP SHORT 00425701
004256F2 |> 8B95 34FFFFFF MOV EDX,DWORD PTR SS:[LOCAL.51]
004256F8 |. 83C2 04
ADD EDX,4
004256FB |. 8995 18FFFFFF MOV DWORD PTR SS:[LOCAL.58],EDX
00425701 |> 8B85 18FFFFFF MOV EAX,DWORD PTR SS:[LOCAL.58]
00425707 |. 0345 F8
ADD EAX,DWORD PTR SS:[LOCAL.2]
0042570A |. 8A8D 3BFFFFFF MOV CL,BYTE PTR SS:[LOCAL.50+3]
00425710 |. 8808
MOV BYTE PTR DS:[EAX],CL
00425712 |> 8B85 34FFFFFF MOV EAX,DWORD PTR SS:[LOCAL.51]
00425718 |> 8BE5
MOV ESP,EBP
0042571A |. 5D
POP EBP
0042571B \. C2 1000
RETN 10
0042571E
CC
INT3
0042571F
CC
INT3
00425720 /$ 55
PUSH EBP
o.00425720(guessed Arg1,Arg2,Arg3,Arg4,Arg5)
00425721 |. 8BEC
MOV EBP,ESP
00425723 |. 81EC FC000000 SUB ESP,0FC
00425729 |. 898D 60FFFFFF MOV DWORD PTR SS:[LOCAL.40],ECX
0042572F |. 8B85 60FFFFFF MOV EAX,DWORD PTR SS:[LOCAL.40]
00425735 |. 8B48 14
MOV ECX,DWORD PTR DS:[EAX+14]
00425738 |. 3B4D 08
CMP ECX,DWORD PTR SS:[ARG.1]
0042573B |. 72 11
JB SHORT 0042574E
0042573D |. 8B55 10
MOV EDX,DWORD PTR SS:[ARG.3]
00425740 |. 8B42 14
MOV EAX,DWORD PTR DS:[EDX+14]
00425743 |. 8945 F0
MOV DWORD PTR SS:[LOCAL.4],EAX
00425746 |. 8B4D F0
MOV ECX,DWORD PTR SS:[LOCAL.4]
00425749 |. 3B4D 14
CMP ECX,DWORD PTR SS:[ARG.4]
0042574C |. 73 05
JNB SHORT 00425753
0042574E |> E8 12850000 CALL 0042DC65
00425753 |> 8B95 60FFFFFF MOV EDX,DWORD PTR SS:[LOCAL.40]
00425759 |. 8B42 14
MOV EAX,DWORD PTR DS:[EDX+14]
0042575C |. 2B45 08
SUB EAX,DWORD PTR SS:[ARG.1]
0042575F |. 3B45 0C
CMP EAX,DWORD PTR SS:[ARG.2]
00425762 |. 73 0F
JNB SHORT 00425773
00425764 |. 8B8D 60FFFFFF MOV ECX,DWORD PTR SS:[LOCAL.40]
0042576A |. 8B51 14
MOV EDX,DWORD PTR DS:[ECX+14]
0042576D |. 2B55 08
SUB EDX,DWORD PTR SS:[ARG.1]
00425770 |. 8955 0C
MOV DWORD PTR SS:[ARG.2],EDX
00425773 |> 8B45 10
MOV EAX,DWORD PTR SS:[ARG.3]
00425776 |. 8B48 14
MOV ECX,DWORD PTR DS:[EAX+14]
00425779 |. 894D EC
MOV DWORD PTR SS:[LOCAL.5],ECX
0042577C |. 8B55 EC
MOV EDX,DWORD PTR SS:[LOCAL.5]
0042577F |. 2B55 14
SUB EDX,DWORD PTR SS:[ARG.4]
00425782 |. 8955 F8
MOV DWORD PTR SS:[LOCAL.2],EDX
00425785 |. 8B45 F8
MOV EAX,DWORD PTR SS:[LOCAL.2]
00425788 |. 3B45 18
CMP EAX,DWORD PTR SS:[ARG.5]
0042578B |. 73 06
JNB SHORT 00425793
0042578D |. 8B4D F8
MOV ECX,DWORD PTR SS:[LOCAL.2]
00425790 |. 894D 18
MOV DWORD PTR SS:[ARG.5],ECX
00425793 |> 8B15 AC874400 MOV EDX,DWORD PTR DS:[4487AC]
00425799 |. 2B55 18
SUB EDX,DWORD PTR SS:[ARG.5]
0042579C |. 8B85 60FFFFFF MOV EAX,DWORD PTR SS:[LOCAL.40]

; SystemInf

004257A2 |.
004257A5 |.
004257A8 |.
004257AA |.
004257AC |.
004257B1 |>
004257B7 |.
004257BA |.
004257BD |.
004257C0 |.
004257C3 |.
004257C9 |.
004257CC |.
004257CF |.
004257D2 |.
004257D5 |.
004257DB |.
004257DE |.
004257E1 |.
004257E3 |.
004257E5 |.
004257E8 |.
[LOCAL.3]
004257E9 |.
004257EF |.
fo.0040F9F0
004257F4 |>
004257FA |.
004257FD |.
00425803 |.
00425809 |.
0042580D |.
0042580F |.
00425815 |.
00425818 |.
0042581E |.
00425820 |>
00425826 |.
00425829 |.
0042582F |>
00425835 |.
00425839 |.
0042583B |.
00425841 |.
00425844 |.
0042584A |.
0042584C |>
00425852 |.
00425855 |.
0042585B |>
00425861 |.
00425864 |.
00425867 |.
0042586A |.
0042586D |.
00425873 |.
00425876 |.
00425879 |.
0042587C |.
0042587F |.

8B48 14
2B4D 0C
3BD1
77 05
E8 7C840000
8B95 60FFFFFF
8B42 14
2B45 0C
2B45 08
8945 FC
8B8D 60FFFFFF
8B51 14
0355 18
2B55 0C
8955 F4
8B85 60FFFFFF
8B48 14
3B4D F4
73 11
6A 00
8B55 F4
52

MOV ECX,DWORD PTR DS:[EAX+14]


SUB ECX,DWORD PTR SS:[ARG.2]
CMP EDX,ECX
JA SHORT 004257B1
CALL 0042DC2D
MOV EDX,DWORD PTR SS:[LOCAL.40]
MOV EAX,DWORD PTR DS:[EDX+14]
SUB EAX,DWORD PTR SS:[ARG.2]
SUB EAX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR SS:[LOCAL.1],EAX
MOV ECX,DWORD PTR SS:[LOCAL.40]
MOV EDX,DWORD PTR DS:[ECX+14]
ADD EDX,DWORD PTR SS:[ARG.5]
SUB EDX,DWORD PTR SS:[ARG.2]
MOV DWORD PTR SS:[LOCAL.3],EDX
MOV EAX,DWORD PTR SS:[LOCAL.40]
MOV ECX,DWORD PTR DS:[EAX+14]
CMP ECX,DWORD PTR SS:[LOCAL.3]
JNB SHORT 004257F4
PUSH 0
MOV EDX,DWORD PTR SS:[LOCAL.3]
PUSH EDX

; /Arg2 = 0
; |
; |Arg1 =>

8B8D 60FFFFFF MOV ECX,DWORD PTR SS:[LOCAL.40]


E8 FCA1FEFF CALL 0040F9F0

; |
; \SystemIn

8B85 60FFFFFF
3B45 10
0F84 33010000
8B8D 60FFFFFF
8379 18 10
72 11
8B95 60FFFFFF
8B42 04
8985 5CFFFFFF
EB 0F
8B8D 60FFFFFF
83C1 04
898D 5CFFFFFF
8B95 60FFFFFF
837A 18 10
72 11
8B85 60FFFFFF
8B48 04
898D 58FFFFFF
EB 0F
8B95 60FFFFFF
83C2 04
8995 58FFFFFF
8B85 60FFFFFF
8B48 18
2B4D 08
2B4D 18
894D E0
8B95 58FFFFFF
0355 08
0355 18
8955 E4
8A45 EA
8845 EB

MOV EAX,DWORD PTR SS:[LOCAL.40]


CMP EAX,DWORD PTR SS:[ARG.3]
JE 00425936
MOV ECX,DWORD PTR SS:[LOCAL.40]
CMP DWORD PTR DS:[ECX+18],10
JB SHORT 00425820
MOV EDX,DWORD PTR SS:[LOCAL.40]
MOV EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.41],EAX
JMP SHORT 0042582F
MOV ECX,DWORD PTR SS:[LOCAL.40]
ADD ECX,4
MOV DWORD PTR SS:[LOCAL.41],ECX
MOV EDX,DWORD PTR SS:[LOCAL.40]
CMP DWORD PTR DS:[EDX+18],10
JB SHORT 0042584C
MOV EAX,DWORD PTR SS:[LOCAL.40]
MOV ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.42],ECX
JMP SHORT 0042585B
MOV EDX,DWORD PTR SS:[LOCAL.40]
ADD EDX,4
MOV DWORD PTR SS:[LOCAL.42],EDX
MOV EAX,DWORD PTR SS:[LOCAL.40]
MOV ECX,DWORD PTR DS:[EAX+18]
SUB ECX,DWORD PTR SS:[ARG.1]
SUB ECX,DWORD PTR SS:[ARG.5]
MOV DWORD PTR SS:[LOCAL.8],ECX
MOV EDX,DWORD PTR SS:[LOCAL.42]
ADD EDX,DWORD PTR SS:[ARG.1]
ADD EDX,DWORD PTR SS:[ARG.5]
MOV DWORD PTR SS:[LOCAL.7],EDX
MOV AL,BYTE PTR SS:[LOCAL.6+2]
MOV BYTE PTR SS:[LOCAL.6+3],AL

00425882 |.
00425885 |.
[LOCAL.1]
00425886 |.
0042588C |.
0042588F |.
00425892 |.
00425893 |.
00425896 |.
[LOCAL.8]
00425897 |.
0042589A |.
[LOCAL.7]
0042589B |.
fo.0042F7A3
004258A0 |.
004258A3 |.
004258A6 |.
004258AA |.
004258AC |.
004258AF |.
004258B2 |.
004258B8 |.
004258BA |>
004258BD |.
004258C0 |.
004258C6 |>
004258CC |.
004258D0 |.
004258D2 |.
004258D8 |.
004258DB |.
004258E1 |.
004258E3 |>
004258E9 |.
004258EC |.
004258F2 |>
004258F8 |.
004258FB |.
004258FE |.
00425901 |.
00425907 |.
0042590A |.
0042590D |.
00425910 |.
00425913 |.
00425916 |.
00425917 |.
0042591D |.
00425920 |.
00425921 |.
00425924 |.
[LOCAL.11]
00425925 |.
00425928 |.
[LOCAL.10]
00425929 |.
fo.0042EA08
0042592E |.
00425931 |.

8B4D FC
51
8B95
0355
0355
52
8B45
50

MOV ECX,DWORD PTR SS:[LOCAL.1]


PUSH ECX

5CFFFFFF MOV EDX,DWORD PTR


08
ADD EDX,DWORD PTR
0C
ADD EDX,DWORD PTR
PUSH EDX
E0
MOV EAX,DWORD PTR
PUSH EAX

SS:[LOCAL.41]
SS:[ARG.1]
SS:[ARG.2]
SS:[LOCAL.8]

; /Arg4 =>
;
;
;
;
;
;

|
|
|
|Arg3
|
|Arg2 =>

8B4D E4
51

MOV ECX,DWORD PTR SS:[LOCAL.7]


PUSH ECX

; |
; |Arg1 =>

E8 039F0000

CALL 0042F7A3

; \SystemIn

83C4 10
8B55 10
837A 18 10
72 0E
8B45 10
8B48 04
898D 54FFFFFF
EB 0C
8B55 10
83C2 04
8995 54FFFFFF
8B85 60FFFFFF
8378 18 10
72 11
8B8D 60FFFFFF
8B51 04
8995 50FFFFFF
EB 0F
8B85 60FFFFFF
83C0 04
8985 50FFFFFF
8B8D 60FFFFFF
8B51 18
2B55 08
8955 D4
8B85 50FFFFFF
0345 08
8945 D8
8A4D DE
884D DF
8B55 18
52
8B85 54FFFFFF
0345 14
50
8B4D D4
51

ADD ESP,10
MOV EDX,DWORD PTR SS:[ARG.3]
CMP DWORD PTR DS:[EDX+18],10
JB SHORT 004258BA
MOV EAX,DWORD PTR SS:[ARG.3]
MOV ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.43],ECX
JMP SHORT 004258C6
MOV EDX,DWORD PTR SS:[ARG.3]
ADD EDX,4
MOV DWORD PTR SS:[LOCAL.43],EDX
MOV EAX,DWORD PTR SS:[LOCAL.40]
CMP DWORD PTR DS:[EAX+18],10
JB SHORT 004258E3
MOV ECX,DWORD PTR SS:[LOCAL.40]
MOV EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[LOCAL.44],EDX
JMP SHORT 004258F2
MOV EAX,DWORD PTR SS:[LOCAL.40]
ADD EAX,4
MOV DWORD PTR SS:[LOCAL.44],EAX
MOV ECX,DWORD PTR SS:[LOCAL.40]
MOV EDX,DWORD PTR DS:[ECX+18]
SUB EDX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR SS:[LOCAL.11],EDX
MOV EAX,DWORD PTR SS:[LOCAL.44]
ADD EAX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR SS:[LOCAL.10],EAX
MOV CL,BYTE PTR SS:[LOCAL.9+2]
MOV BYTE PTR SS:[LOCAL.9+3],CL
MOV EDX,DWORD PTR SS:[ARG.5]
PUSH EDX
MOV EAX,DWORD PTR SS:[LOCAL.43]
ADD EAX,DWORD PTR SS:[ARG.4]
PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.11]
PUSH ECX

;
;
;
;
;
;

8B55 D8
52

MOV EDX,DWORD PTR SS:[LOCAL.10]


PUSH EDX

; |
; |Arg1 =>

E8 DA900000

CALL 0042EA08

; \SystemIn

83C4 10
E9 DF050000

ADD ESP,10
JMP 00425F15

/Arg4
|
|
|Arg3
|
|Arg2 =>

00425936 |>
00425939 |.
0042593C |.
00425942 |.
00425948 |.
0042594C |.
0042594E |.
00425954 |.
00425957 |.
0042595D |.
0042595F |>
00425965 |.
00425968 |.
0042596E |>
00425974 |.
00425978 |.
0042597A |.
00425980 |.
00425983 |.
00425989 |.
0042598B |>
00425991 |.
00425994 |.
0042599A |>
004259A0 |.
004259A3 |.
004259A6 |.
004259A9 |.
004259AF |.
004259B2 |.
004259B5 |.
004259B8 |.
004259BB |.
004259BE |.
004259BF |.
004259C5 |.
004259C8 |.
004259C9 |.
004259CC |.
[LOCAL.14]
004259CD |.
004259D0 |.
[LOCAL.13]
004259D1 |.
fo.0042F7A3
004259D6 |.
004259D9 |.
004259DF |.
004259E3 |.
004259E5 |.
004259EB |.
004259EE |.
004259F4 |.
004259F6 |>
004259FC |.
004259FF |.
00425A05 |>
00425A0B |.
00425A0F |.
00425A11 |.

8B45 18
3B45 0C
0F87 3C010000
8B8D 60FFFFFF
8379 18 10
72 11
8B95 60FFFFFF
8B42 04
8985 4CFFFFFF
EB 0F
8B8D 60FFFFFF
83C1 04
898D 4CFFFFFF
8B95 60FFFFFF
837A 18 10
72 11
8B85 60FFFFFF
8B48 04
898D 48FFFFFF
EB 0F
8B95 60FFFFFF
83C2 04
8995 48FFFFFF
8B85 60FFFFFF
8B48 18
2B4D 08
894D C8
8B95 48FFFFFF
0355 08
8955 CC
8A45 D2
8845 D3
8B4D 18
51
8B95 4CFFFFFF
0355 14
52
8B45 C8
50

MOV EAX,DWORD PTR SS:[ARG.5]


CMP EAX,DWORD PTR SS:[ARG.2]
JA 00425A7E
MOV ECX,DWORD PTR SS:[LOCAL.40]
CMP DWORD PTR DS:[ECX+18],10
JB SHORT 0042595F
MOV EDX,DWORD PTR SS:[LOCAL.40]
MOV EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.45],EAX
JMP SHORT 0042596E
MOV ECX,DWORD PTR SS:[LOCAL.40]
ADD ECX,4
MOV DWORD PTR SS:[LOCAL.45],ECX
MOV EDX,DWORD PTR SS:[LOCAL.40]
CMP DWORD PTR DS:[EDX+18],10
JB SHORT 0042598B
MOV EAX,DWORD PTR SS:[LOCAL.40]
MOV ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.46],ECX
JMP SHORT 0042599A
MOV EDX,DWORD PTR SS:[LOCAL.40]
ADD EDX,4
MOV DWORD PTR SS:[LOCAL.46],EDX
MOV EAX,DWORD PTR SS:[LOCAL.40]
MOV ECX,DWORD PTR DS:[EAX+18]
SUB ECX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR SS:[LOCAL.14],ECX
MOV EDX,DWORD PTR SS:[LOCAL.46]
ADD EDX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR SS:[LOCAL.13],EDX
MOV AL,BYTE PTR SS:[LOCAL.12+2]
MOV BYTE PTR SS:[LOCAL.12+3],AL
MOV ECX,DWORD PTR SS:[ARG.5]
PUSH ECX
MOV EDX,DWORD PTR SS:[LOCAL.45]
ADD EDX,DWORD PTR SS:[ARG.4]
PUSH EDX
MOV EAX,DWORD PTR SS:[LOCAL.14]
PUSH EAX

;
;
;
;
;
;

8B4D CC
51

MOV ECX,DWORD PTR SS:[LOCAL.13]


PUSH ECX

; |
; |Arg1 =>

E8 CD9D0000

CALL 0042F7A3

; \SystemIn

83C4 10
8B95 60FFFFFF
837A 18 10
72 11
8B85 60FFFFFF
8B48 04
898D 44FFFFFF
EB 0F
8B95 60FFFFFF
83C2 04
8995 44FFFFFF
8B85 60FFFFFF
8378 18 10
72 11
8B8D 60FFFFFF

ADD ESP,10
MOV EDX,DWORD PTR SS:[LOCAL.40]
CMP DWORD PTR DS:[EDX+18],10
JB SHORT 004259F6
MOV EAX,DWORD PTR SS:[LOCAL.40]
MOV ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.47],ECX
JMP SHORT 00425A05
MOV EDX,DWORD PTR SS:[LOCAL.40]
ADD EDX,4
MOV DWORD PTR SS:[LOCAL.47],EDX
MOV EAX,DWORD PTR SS:[LOCAL.40]
CMP DWORD PTR DS:[EAX+18],10
JB SHORT 00425A22
MOV ECX,DWORD PTR SS:[LOCAL.40]

/Arg4
|
|
|Arg3
|
|Arg2 =>

00425A17 |.
00425A1A |.
00425A20 |.
00425A22 |>
00425A28 |.
00425A2B |.
00425A31 |>
00425A37 |.
00425A3A |.
00425A3D |.
00425A40 |.
00425A43 |.
00425A49 |.
00425A4C |.
00425A4F |.
00425A52 |.
00425A55 |.
00425A58 |.
00425A5B |.
[LOCAL.1]
00425A5C |.
00425A62 |.
00425A65 |.
00425A68 |.
00425A69 |.
00425A6C |.
[LOCAL.17]
00425A6D |.
00425A70 |.
[LOCAL.16]
00425A71 |.
fo.0042F7A3
00425A76 |.
00425A79 |.
00425A7E |>
00425A81 |.
00425A84 |.
00425A8A |.
00425A90 |.
00425A94 |.
00425A96 |.
00425A9C |.
00425A9F |.
00425AA5 |.
00425AA7 |>
00425AAD |.
00425AB0 |.
00425AB6 |>
00425ABC |.
00425AC0 |.
00425AC2 |.
00425AC8 |.
00425ACB |.
00425AD1 |.
00425AD3 |>
00425AD9 |.
00425ADC |.
00425AE2 |>
00425AE8 |.
00425AEB |.

8B51 04
8995 40FFFFFF
EB 0F
8B85 60FFFFFF
83C0 04
8985 40FFFFFF
8B8D 60FFFFFF
8B51 18
2B55 08
2B55 18
8955 BC
8B85 40FFFFFF
0345 08
0345 18
8945 C0
8A4D C6
884D C7
8B55 FC
52
8B85
0345
0345
50
8B4D
51

MOV EDX,DWORD PTR DS:[ECX+4]


MOV DWORD PTR SS:[LOCAL.48],EDX
JMP SHORT 00425A31
MOV EAX,DWORD PTR SS:[LOCAL.40]
ADD EAX,4
MOV DWORD PTR SS:[LOCAL.48],EAX
MOV ECX,DWORD PTR SS:[LOCAL.40]
MOV EDX,DWORD PTR DS:[ECX+18]
SUB EDX,DWORD PTR SS:[ARG.1]
SUB EDX,DWORD PTR SS:[ARG.5]
MOV DWORD PTR SS:[LOCAL.17],EDX
MOV EAX,DWORD PTR SS:[LOCAL.48]
ADD EAX,DWORD PTR SS:[ARG.1]
ADD EAX,DWORD PTR SS:[ARG.5]
MOV DWORD PTR SS:[LOCAL.16],EAX
MOV CL,BYTE PTR SS:[LOCAL.15+2]
MOV BYTE PTR SS:[LOCAL.15+3],CL
MOV EDX,DWORD PTR SS:[LOCAL.1]
PUSH EDX

44FFFFFF MOV EAX,DWORD PTR


08
ADD EAX,DWORD PTR
0C
ADD EAX,DWORD PTR
PUSH EAX
BC
MOV ECX,DWORD PTR
PUSH ECX

SS:[LOCAL.47]
SS:[ARG.1]
SS:[ARG.2]
SS:[LOCAL.17]

; /Arg4 =>
;
;
;
;
;
;

|
|
|
|Arg3
|
|Arg2 =>

8B55 C0
52

MOV EDX,DWORD PTR SS:[LOCAL.16]


PUSH EDX

; |
; |Arg1 =>

E8 2D9D0000

CALL 0042F7A3

; \SystemIn

83C4 10
E9 97040000
8B45 14
3B45 08
0F87 3C010000
8B8D 60FFFFFF
8379 18 10
72 11
8B95 60FFFFFF
8B42 04
8985 3CFFFFFF
EB 0F
8B8D 60FFFFFF
83C1 04
898D 3CFFFFFF
8B95 60FFFFFF
837A 18 10
72 11
8B85 60FFFFFF
8B48 04
898D 38FFFFFF
EB 0F
8B95 60FFFFFF
83C2 04
8995 38FFFFFF
8B85 60FFFFFF
8B48 18
2B4D 08

ADD ESP,10
JMP 00425F15
MOV EAX,DWORD PTR SS:[ARG.4]
CMP EAX,DWORD PTR SS:[ARG.1]
JA 00425BC6
MOV ECX,DWORD PTR SS:[LOCAL.40]
CMP DWORD PTR DS:[ECX+18],10
JB SHORT 00425AA7
MOV EDX,DWORD PTR SS:[LOCAL.40]
MOV EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.49],EAX
JMP SHORT 00425AB6
MOV ECX,DWORD PTR SS:[LOCAL.40]
ADD ECX,4
MOV DWORD PTR SS:[LOCAL.49],ECX
MOV EDX,DWORD PTR SS:[LOCAL.40]
CMP DWORD PTR DS:[EDX+18],10
JB SHORT 00425AD3
MOV EAX,DWORD PTR SS:[LOCAL.40]
MOV ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.50],ECX
JMP SHORT 00425AE2
MOV EDX,DWORD PTR SS:[LOCAL.40]
ADD EDX,4
MOV DWORD PTR SS:[LOCAL.50],EDX
MOV EAX,DWORD PTR SS:[LOCAL.40]
MOV ECX,DWORD PTR DS:[EAX+18]
SUB ECX,DWORD PTR SS:[ARG.1]

00425AEE |.
00425AF1 |.
00425AF4 |.
00425AFA |.
00425AFD |.
00425B00 |.
00425B03 |.
00425B06 |.
00425B09 |.
00425B0C |.
[LOCAL.1]
00425B0D |.
00425B13 |.
00425B16 |.
00425B19 |.
00425B1A |.
00425B1D |.
[LOCAL.20]
00425B1E |.
00425B21 |.
[LOCAL.19]
00425B22 |.
fo.0042F7A3
00425B27 |.
00425B2A |.
00425B30 |.
00425B34 |.
00425B36 |.
00425B3C |.
00425B3F |.
00425B45 |.
00425B47 |>
00425B4D |.
00425B50 |.
00425B56 |>
00425B5C |.
00425B60 |.
00425B62 |.
00425B68 |.
00425B6B |.
00425B71 |.
00425B73 |>
00425B79 |.
00425B7C |.
00425B82 |>
00425B88 |.
00425B8B |.
00425B8E |.
00425B91 |.
00425B97 |.
00425B9A |.
00425B9D |.
00425BA0 |.
00425BA3 |.
00425BA6 |.
00425BA7 |.
00425BAD |.
00425BB0 |.
00425BB1 |.
00425BB4 |.

2B4D
894D
8B95
0355
0355
8955
8A45
8845
8B4D
51

18
B0
38FFFFFF
08
18
B4
BA
BB
FC

SUB ECX,DWORD PTR SS:[ARG.5]


MOV DWORD PTR SS:[LOCAL.20],ECX
MOV EDX,DWORD PTR SS:[LOCAL.50]
ADD EDX,DWORD PTR SS:[ARG.1]
ADD EDX,DWORD PTR SS:[ARG.5]
MOV DWORD PTR SS:[LOCAL.19],EDX
MOV AL,BYTE PTR SS:[LOCAL.18+2]
MOV BYTE PTR SS:[LOCAL.18+3],AL
MOV ECX,DWORD PTR SS:[LOCAL.1]
PUSH ECX

8B95
0355
0355
52
8B45
50

3CFFFFFF MOV EDX,DWORD PTR


08
ADD EDX,DWORD PTR
0C
ADD EDX,DWORD PTR
PUSH EDX
B0
MOV EAX,DWORD PTR
PUSH EAX

SS:[LOCAL.49]
SS:[ARG.1]
SS:[ARG.2]
SS:[LOCAL.20]

; /Arg4 =>
;
;
;
;
;
;

|
|
|
|Arg3
|
|Arg2 =>

8B4D B4
51

MOV ECX,DWORD PTR SS:[LOCAL.19]


PUSH ECX

; |
; |Arg1 =>

E8 7C9C0000

CALL 0042F7A3

; \SystemIn

83C4 10
8B95 60FFFFFF
837A 18 10
72 11
8B85 60FFFFFF
8B48 04
898D 34FFFFFF
EB 0F
8B95 60FFFFFF
83C2 04
8995 34FFFFFF
8B85 60FFFFFF
8378 18 10
72 11
8B8D 60FFFFFF
8B51 04
8995 30FFFFFF
EB 0F
8B85 60FFFFFF
83C0 04
8985 30FFFFFF
8B8D 60FFFFFF
8B51 18
2B55 08
8955 A4
8B85 30FFFFFF
0345 08
8945 A8
8A4D AE
884D AF
8B55 18
52
8B85 34FFFFFF
0345 14
50
8B4D A4
51

ADD ESP,10
MOV EDX,DWORD PTR SS:[LOCAL.40]
CMP DWORD PTR DS:[EDX+18],10
JB SHORT 00425B47
MOV EAX,DWORD PTR SS:[LOCAL.40]
MOV ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.51],ECX
JMP SHORT 00425B56
MOV EDX,DWORD PTR SS:[LOCAL.40]
ADD EDX,4
MOV DWORD PTR SS:[LOCAL.51],EDX
MOV EAX,DWORD PTR SS:[LOCAL.40]
CMP DWORD PTR DS:[EAX+18],10
JB SHORT 00425B73
MOV ECX,DWORD PTR SS:[LOCAL.40]
MOV EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[LOCAL.52],EDX
JMP SHORT 00425B82
MOV EAX,DWORD PTR SS:[LOCAL.40]
ADD EAX,4
MOV DWORD PTR SS:[LOCAL.52],EAX
MOV ECX,DWORD PTR SS:[LOCAL.40]
MOV EDX,DWORD PTR DS:[ECX+18]
SUB EDX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR SS:[LOCAL.23],EDX
MOV EAX,DWORD PTR SS:[LOCAL.52]
ADD EAX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR SS:[LOCAL.22],EAX
MOV CL,BYTE PTR SS:[LOCAL.21+2]
MOV BYTE PTR SS:[LOCAL.21+3],CL
MOV EDX,DWORD PTR SS:[ARG.5]
PUSH EDX
MOV EAX,DWORD PTR SS:[LOCAL.51]
ADD EAX,DWORD PTR SS:[ARG.4]
PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.23]
PUSH ECX

;
;
;
;
;
;

/Arg4
|
|
|Arg3
|
|Arg2 =>

[LOCAL.23]
00425BB5 |.
00425BB8 |.
[LOCAL.22]
00425BB9 |.
fo.0042F7A3
00425BBE |.
00425BC1 |.
00425BC6 |>
00425BC9 |.
00425BCC |.
00425BCF |.
00425BD5 |.
00425BDB |.
00425BDF |.
00425BE1 |.
00425BE7 |.
00425BEA |.
00425BF0 |.
00425BF2 |>
00425BF8 |.
00425BFB |.
00425C01 |>
00425C07 |.
00425C0B |.
00425C0D |.
00425C13 |.
00425C16 |.
00425C1C |.
00425C1E |>
00425C24 |.
00425C27 |.
00425C2D |>
00425C33 |.
00425C36 |.
00425C39 |.
00425C3C |.
00425C3F |.
00425C45 |.
00425C48 |.
00425C4B |.
00425C4E |.
00425C51 |.
00425C54 |.
00425C57 |.
[LOCAL.1]
00425C58 |.
00425C5E |.
00425C61 |.
00425C64 |.
00425C65 |.
00425C68 |.
[LOCAL.26]
00425C69 |.
00425C6C |.
[LOCAL.25]
00425C6D |.
fo.0042F7A3
00425C72 |.
00425C75 |.

8B55 A8
52

MOV EDX,DWORD PTR SS:[LOCAL.22]


PUSH EDX

; |
; |Arg1 =>

E8 E59B0000

CALL 0042F7A3

; \SystemIn

83C4 10
E9 4F030000
8B45 08
0345 0C
3B45 14
0F87 42010000
8B8D 60FFFFFF
8379 18 10
72 11
8B95 60FFFFFF
8B42 04
8985 2CFFFFFF
EB 0F
8B8D 60FFFFFF
83C1 04
898D 2CFFFFFF
8B95 60FFFFFF
837A 18 10
72 11
8B85 60FFFFFF
8B48 04
898D 28FFFFFF
EB 0F
8B95 60FFFFFF
83C2 04
8995 28FFFFFF
8B85 60FFFFFF
8B48 18
2B4D 08
2B4D 18
894D 98
8B95 28FFFFFF
0355 08
0355 18
8955 9C
8A45 A2
8845 A3
8B4D FC
51

ADD ESP,10
JMP 00425F15
MOV EAX,DWORD PTR SS:[ARG.1]
ADD EAX,DWORD PTR SS:[ARG.2]
CMP EAX,DWORD PTR SS:[ARG.4]
JA 00425D17
MOV ECX,DWORD PTR SS:[LOCAL.40]
CMP DWORD PTR DS:[ECX+18],10
JB SHORT 00425BF2
MOV EDX,DWORD PTR SS:[LOCAL.40]
MOV EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.53],EAX
JMP SHORT 00425C01
MOV ECX,DWORD PTR SS:[LOCAL.40]
ADD ECX,4
MOV DWORD PTR SS:[LOCAL.53],ECX
MOV EDX,DWORD PTR SS:[LOCAL.40]
CMP DWORD PTR DS:[EDX+18],10
JB SHORT 00425C1E
MOV EAX,DWORD PTR SS:[LOCAL.40]
MOV ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.54],ECX
JMP SHORT 00425C2D
MOV EDX,DWORD PTR SS:[LOCAL.40]
ADD EDX,4
MOV DWORD PTR SS:[LOCAL.54],EDX
MOV EAX,DWORD PTR SS:[LOCAL.40]
MOV ECX,DWORD PTR DS:[EAX+18]
SUB ECX,DWORD PTR SS:[ARG.1]
SUB ECX,DWORD PTR SS:[ARG.5]
MOV DWORD PTR SS:[LOCAL.26],ECX
MOV EDX,DWORD PTR SS:[LOCAL.54]
ADD EDX,DWORD PTR SS:[ARG.1]
ADD EDX,DWORD PTR SS:[ARG.5]
MOV DWORD PTR SS:[LOCAL.25],EDX
MOV AL,BYTE PTR SS:[LOCAL.24+2]
MOV BYTE PTR SS:[LOCAL.24+3],AL
MOV ECX,DWORD PTR SS:[LOCAL.1]
PUSH ECX

; /Arg4 =>

8B95
0355
0355
52
8B45
50

2CFFFFFF MOV EDX,DWORD PTR


08
ADD EDX,DWORD PTR
0C
ADD EDX,DWORD PTR
PUSH EDX
98
MOV EAX,DWORD PTR
PUSH EAX

SS:[LOCAL.53]
SS:[ARG.1]
SS:[ARG.2]
SS:[LOCAL.26]

;
;
;
;
;
;

|
|
|
|Arg3
|
|Arg2 =>

8B4D 9C
51

MOV ECX,DWORD PTR SS:[LOCAL.25]


PUSH ECX

; |
; |Arg1 =>

E8 319B0000

CALL 0042F7A3

; \SystemIn

83C4 10
ADD ESP,10
8B95 60FFFFFF MOV EDX,DWORD PTR SS:[LOCAL.40]

00425C7B |.
00425C7F |.
00425C81 |.
00425C87 |.
00425C8A |.
00425C90 |.
00425C92 |>
00425C98 |.
00425C9B |.
00425CA1 |>
00425CA7 |.
00425CAB |.
00425CAD |.
00425CB3 |.
00425CB6 |.
00425CBC |.
00425CBE |>
00425CC4 |.
00425CC7 |.
00425CCD |>
00425CD3 |.
00425CD6 |.
00425CD9 |.
00425CDC |.
00425CE2 |.
00425CE5 |.
00425CE8 |.
00425CEB |.
00425CEE |.
00425CF1 |.
00425CF2 |.
00425CF5 |.
00425CF8 |.
00425CFB |.
00425D01 |.
00425D02 |.
00425D05 |.
[LOCAL.29]
00425D06 |.
00425D09 |.
[LOCAL.28]
00425D0A |.
fo.0042F7A3
00425D0F |.
00425D12 |.
00425D17 |>
00425D1D |.
00425D21 |.
00425D23 |.
00425D29 |.
00425D2C |.
00425D32 |.
00425D34 |>
00425D3A |.
00425D3D |.
00425D43 |>
00425D49 |.
00425D4D |.
00425D4F |.
00425D55 |.

837A 18 10
72 11
8B85 60FFFFFF
8B48 04
898D 24FFFFFF
EB 0F
8B95 60FFFFFF
83C2 04
8995 24FFFFFF
8B85 60FFFFFF
8378 18 10
72 11
8B8D 60FFFFFF
8B51 04
8995 20FFFFFF
EB 0F
8B85 60FFFFFF
83C0 04
8985 20FFFFFF
8B8D 60FFFFFF
8B51 18
2B55 08
8955 8C
8B85 20FFFFFF
0345 08
8945 90
8A4D 96
884D 97
8B55 18
52
8B45 14
0345 18
2B45 0C
0385 24FFFFFF
50
8B4D 8C
51

CMP DWORD PTR DS:[EDX+18],10


JB SHORT 00425C92
MOV EAX,DWORD PTR SS:[LOCAL.40]
MOV ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.55],ECX
JMP SHORT 00425CA1
MOV EDX,DWORD PTR SS:[LOCAL.40]
ADD EDX,4
MOV DWORD PTR SS:[LOCAL.55],EDX
MOV EAX,DWORD PTR SS:[LOCAL.40]
CMP DWORD PTR DS:[EAX+18],10
JB SHORT 00425CBE
MOV ECX,DWORD PTR SS:[LOCAL.40]
MOV EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[LOCAL.56],EDX
JMP SHORT 00425CCD
MOV EAX,DWORD PTR SS:[LOCAL.40]
ADD EAX,4
MOV DWORD PTR SS:[LOCAL.56],EAX
MOV ECX,DWORD PTR SS:[LOCAL.40]
MOV EDX,DWORD PTR DS:[ECX+18]
SUB EDX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR SS:[LOCAL.29],EDX
MOV EAX,DWORD PTR SS:[LOCAL.56]
ADD EAX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR SS:[LOCAL.28],EAX
MOV CL,BYTE PTR SS:[LOCAL.27+2]
MOV BYTE PTR SS:[LOCAL.27+3],CL
MOV EDX,DWORD PTR SS:[ARG.5]
PUSH EDX
MOV EAX,DWORD PTR SS:[ARG.4]
ADD EAX,DWORD PTR SS:[ARG.5]
SUB EAX,DWORD PTR SS:[ARG.2]
ADD EAX,DWORD PTR SS:[LOCAL.55]
PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.29]
PUSH ECX

;
;
;
;
;
;
;
;

8B55 90
52

MOV EDX,DWORD PTR SS:[LOCAL.28]


PUSH EDX

; |
; |Arg1 =>

E8 949A0000

CALL 0042F7A3

; \SystemIn

83C4 10
E9 FE010000
8B85 60FFFFFF
8378 18 10
72 11
8B8D 60FFFFFF
8B51 04
8995 1CFFFFFF
EB 0F
8B85 60FFFFFF
83C0 04
8985 1CFFFFFF
8B8D 60FFFFFF
8379 18 10
72 11
8B95 60FFFFFF
8B42 04

ADD ESP,10
JMP 00425F15
MOV EAX,DWORD PTR SS:[LOCAL.40]
CMP DWORD PTR DS:[EAX+18],10
JB SHORT 00425D34
MOV ECX,DWORD PTR SS:[LOCAL.40]
MOV EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[LOCAL.57],EDX
JMP SHORT 00425D43
MOV EAX,DWORD PTR SS:[LOCAL.40]
ADD EAX,4
MOV DWORD PTR SS:[LOCAL.57],EAX
MOV ECX,DWORD PTR SS:[LOCAL.40]
CMP DWORD PTR DS:[ECX+18],10
JB SHORT 00425D60
MOV EDX,DWORD PTR SS:[LOCAL.40]
MOV EAX,DWORD PTR DS:[EDX+4]

/Arg4
|
|
|
|
|Arg3
|
|Arg2 =>

00425D58 |.
00425D5E |.
00425D60 |>
00425D66 |.
00425D69 |.
00425D6F |>
00425D75 |.
00425D78 |.
00425D7B |.
00425D7E |.
00425D84 |.
00425D87 |.
00425D8A |.
00425D8D |.
00425D90 |.
00425D93 |.
[ARG.2]
00425D94 |.
00425D9A |.
00425D9D |.
00425D9E |.
00425DA1 |.
[LOCAL.32]
00425DA2 |.
00425DA5 |.
[LOCAL.31]
00425DA6 |.
fo.0042F7A3
00425DAB |.
00425DAE |.
00425DB4 |.
00425DB8 |.
00425DBA |.
00425DC0 |.
00425DC3 |.
00425DC9 |.
00425DCB |>
00425DD1 |.
00425DD4 |.
00425DDA |>
00425DE0 |.
00425DE4 |.
00425DE6 |.
00425DEC |.
00425DEF |.
00425DF5 |.
00425DF7 |>
00425DFD |.
00425E00 |.
00425E06 |>
00425E0C |.
00425E0F |.
00425E12 |.
00425E15 |.
00425E1B |.
00425E21 |.
00425E24 |.
00425E27 |.
00425E2D |.
00425E33 |.

8985 18FFFFFF
EB 0F
8B8D 60FFFFFF
83C1 04
898D 18FFFFFF
8B95 60FFFFFF
8B42 18
2B45 08
8945 80
8B8D 18FFFFFF
034D 08
894D 84
8A55 8A
8855 8B
8B45 0C
50

MOV DWORD PTR SS:[LOCAL.58],EAX


JMP SHORT 00425D6F
MOV ECX,DWORD PTR SS:[LOCAL.40]
ADD ECX,4
MOV DWORD PTR SS:[LOCAL.58],ECX
MOV EDX,DWORD PTR SS:[LOCAL.40]
MOV EAX,DWORD PTR DS:[EDX+18]
SUB EAX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR SS:[LOCAL.32],EAX
MOV ECX,DWORD PTR SS:[LOCAL.58]
ADD ECX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR SS:[LOCAL.31],ECX
MOV DL,BYTE PTR SS:[LOCAL.30+2]
MOV BYTE PTR SS:[LOCAL.30+3],DL
MOV EAX,DWORD PTR SS:[ARG.2]
PUSH EAX

; /Arg4 =>

8B8D 1CFFFFFF MOV ECX,DWORD PTR SS:[LOCAL.57]


034D 14
ADD ECX,DWORD PTR SS:[ARG.4]
51
PUSH ECX
8B55 80
MOV EDX,DWORD PTR SS:[LOCAL.32]
52
PUSH EDX

;
;
;
;
;

|
|
|Arg3
|
|Arg2 =>

8B45 84
50

MOV EAX,DWORD PTR SS:[LOCAL.31]


PUSH EAX

; |
; |Arg1 =>

E8 F8990000

CALL 0042F7A3

; \SystemIn

83C4 10
8B8D 60FFFFFF
8379 18 10
72 11
8B95 60FFFFFF
8B42 04
8985 14FFFFFF
EB 0F
8B8D 60FFFFFF
83C1 04
898D 14FFFFFF
8B95 60FFFFFF
837A 18 10
72 11
8B85 60FFFFFF
8B48 04
898D 10FFFFFF
EB 0F
8B95 60FFFFFF
83C2 04
8995 10FFFFFF
8B85 60FFFFFF
8B48 18
2B4D 08
2B4D 18
898D 74FFFFFF
8B95 10FFFFFF
0355 08
0355 18
8995 78FFFFFF
8A85 7EFFFFFF
8885 7FFFFFFF

ADD ESP,10
MOV ECX,DWORD PTR SS:[LOCAL.40]
CMP DWORD PTR DS:[ECX+18],10
JB SHORT 00425DCB
MOV EDX,DWORD PTR SS:[LOCAL.40]
MOV EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.59],EAX
JMP SHORT 00425DDA
MOV ECX,DWORD PTR SS:[LOCAL.40]
ADD ECX,4
MOV DWORD PTR SS:[LOCAL.59],ECX
MOV EDX,DWORD PTR SS:[LOCAL.40]
CMP DWORD PTR DS:[EDX+18],10
JB SHORT 00425DF7
MOV EAX,DWORD PTR SS:[LOCAL.40]
MOV ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.60],ECX
JMP SHORT 00425E06
MOV EDX,DWORD PTR SS:[LOCAL.40]
ADD EDX,4
MOV DWORD PTR SS:[LOCAL.60],EDX
MOV EAX,DWORD PTR SS:[LOCAL.40]
MOV ECX,DWORD PTR DS:[EAX+18]
SUB ECX,DWORD PTR SS:[ARG.1]
SUB ECX,DWORD PTR SS:[ARG.5]
MOV DWORD PTR SS:[LOCAL.35],ECX
MOV EDX,DWORD PTR SS:[LOCAL.60]
ADD EDX,DWORD PTR SS:[ARG.1]
ADD EDX,DWORD PTR SS:[ARG.5]
MOV DWORD PTR SS:[LOCAL.34],EDX
MOV AL,BYTE PTR SS:[LOCAL.33+2]
MOV BYTE PTR SS:[LOCAL.33+3],AL

00425E39 |.
00425E3C |.
[LOCAL.1]
00425E3D |.
00425E43 |.
00425E46 |.
00425E49 |.
00425E4A |.
00425E50 |.
[LOCAL.35]
00425E51 |.
00425E57 |.
[LOCAL.34]
00425E58 |.
fo.0042F7A3
00425E5D |.
00425E60 |.
00425E66 |.
00425E6A |.
00425E6C |.
00425E72 |.
00425E75 |.
00425E7B |.
00425E7D |>
00425E83 |.
00425E86 |.
00425E8C |>
00425E92 |.
00425E96 |.
00425E98 |.
00425E9E |.
00425EA1 |.
00425EA7 |.
00425EA9 |>
00425EAF |.
00425EB2 |.
00425EB8 |>
00425EBE |.
00425EC1 |.
00425EC4 |.
00425EC7 |.
00425ECD |.
00425ED3 |.
00425ED6 |.
00425ED9 |.
00425EDF |.
00425EE5 |.
00425EEB |.
00425EEE |.
00425EF1 |.
00425EF2 |.
00425EF8 |.
00425EFB |.
00425EFE |.
00425EFF |.
00425F05 |.
[LOCAL.38]
00425F06 |.
00425F0C |.
[LOCAL.37]

8B4D FC
51
8B95
0355
0355
52
8B85
50

MOV ECX,DWORD PTR SS:[LOCAL.1]


PUSH ECX

14FFFFFF MOV EDX,DWORD PTR


08
ADD EDX,DWORD PTR
0C
ADD EDX,DWORD PTR
PUSH EDX
74FFFFFF MOV EAX,DWORD PTR
PUSH EAX

SS:[LOCAL.59]
SS:[ARG.1]
SS:[ARG.2]
SS:[LOCAL.35]

; /Arg4 =>
;
;
;
;
;
;

|
|
|
|Arg3
|
|Arg2 =>

8B8D 78FFFFFF MOV ECX,DWORD PTR SS:[LOCAL.34]


51
PUSH ECX

; |
; |Arg1 =>

E8 46990000

CALL 0042F7A3

; \SystemIn

83C4 10
8B95 60FFFFFF
837A 18 10
72 11
8B85 60FFFFFF
8B48 04
898D 0CFFFFFF
EB 0F
8B95 60FFFFFF
83C2 04
8995 0CFFFFFF
8B85 60FFFFFF
8378 18 10
72 11
8B8D 60FFFFFF
8B51 04
8995 08FFFFFF
EB 0F
8B85 60FFFFFF
83C0 04
8985 08FFFFFF
8B8D 60FFFFFF
8B51 18
2B55 08
2B55 0C
8995 68FFFFFF
8B85 08FFFFFF
0345 08
0345 0C
8985 6CFFFFFF
8A8D 72FFFFFF
888D 73FFFFFF
8B55 18
2B55 0C
52
8B85 0CFFFFFF
0345 14
0345 18
50
8B8D 68FFFFFF
51

ADD ESP,10
MOV EDX,DWORD PTR SS:[LOCAL.40]
CMP DWORD PTR DS:[EDX+18],10
JB SHORT 00425E7D
MOV EAX,DWORD PTR SS:[LOCAL.40]
MOV ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.61],ECX
JMP SHORT 00425E8C
MOV EDX,DWORD PTR SS:[LOCAL.40]
ADD EDX,4
MOV DWORD PTR SS:[LOCAL.61],EDX
MOV EAX,DWORD PTR SS:[LOCAL.40]
CMP DWORD PTR DS:[EAX+18],10
JB SHORT 00425EA9
MOV ECX,DWORD PTR SS:[LOCAL.40]
MOV EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[LOCAL.62],EDX
JMP SHORT 00425EB8
MOV EAX,DWORD PTR SS:[LOCAL.40]
ADD EAX,4
MOV DWORD PTR SS:[LOCAL.62],EAX
MOV ECX,DWORD PTR SS:[LOCAL.40]
MOV EDX,DWORD PTR DS:[ECX+18]
SUB EDX,DWORD PTR SS:[ARG.1]
SUB EDX,DWORD PTR SS:[ARG.2]
MOV DWORD PTR SS:[LOCAL.38],EDX
MOV EAX,DWORD PTR SS:[LOCAL.62]
ADD EAX,DWORD PTR SS:[ARG.1]
ADD EAX,DWORD PTR SS:[ARG.2]
MOV DWORD PTR SS:[LOCAL.37],EAX
MOV CL,BYTE PTR SS:[LOCAL.36+2]
MOV BYTE PTR SS:[LOCAL.36+3],CL
MOV EDX,DWORD PTR SS:[ARG.5]
SUB EDX,DWORD PTR SS:[ARG.2]
PUSH EDX
MOV EAX,DWORD PTR SS:[LOCAL.61]
ADD EAX,DWORD PTR SS:[ARG.4]
ADD EAX,DWORD PTR SS:[ARG.5]
PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.38]
PUSH ECX

;
;
;
;
;
;
;

8B95 6CFFFFFF MOV EDX,DWORD PTR SS:[LOCAL.37]


52
PUSH EDX

/Arg4
|
|
|
|Arg3
|
|Arg2 =>

; |
; |Arg1 =>

00425F0D |. E8 91980000 CALL 0042F7A3


fo.0042F7A3
00425F12 |. 83C4 10
ADD ESP,10
00425F15 |> C685 67FFFFFF MOV BYTE PTR SS:[LOCAL.39+3],0
00425F1C |. 8B85 60FFFFFF MOV EAX,DWORD PTR SS:[LOCAL.40]
00425F22 |. 8B4D F4
MOV ECX,DWORD PTR SS:[LOCAL.3]
00425F25 |. 8948 14
MOV DWORD PTR DS:[EAX+14],ECX
00425F28 |. 8B95 60FFFFFF MOV EDX,DWORD PTR SS:[LOCAL.40]
00425F2E |. 837A 18 10
CMP DWORD PTR DS:[EDX+18],10
00425F32 |. 72 11
JB SHORT 00425F45
00425F34 |. 8B85 60FFFFFF MOV EAX,DWORD PTR SS:[LOCAL.40]
00425F3A |. 8B48 04
MOV ECX,DWORD PTR DS:[EAX+4]
00425F3D |. 898D 04FFFFFF MOV DWORD PTR SS:[LOCAL.63],ECX
00425F43 |. EB 0F
JMP SHORT 00425F54
00425F45 |> 8B95 60FFFFFF MOV EDX,DWORD PTR SS:[LOCAL.40]
00425F4B |. 83C2 04
ADD EDX,4
00425F4E |. 8995 04FFFFFF MOV DWORD PTR SS:[LOCAL.63],EDX
00425F54 |> 8B85 04FFFFFF MOV EAX,DWORD PTR SS:[LOCAL.63]
00425F5A |. 0345 F4
ADD EAX,DWORD PTR SS:[LOCAL.3]
00425F5D |. 8A8D 67FFFFFF MOV CL,BYTE PTR SS:[LOCAL.39+3]
00425F63 |. 8808
MOV BYTE PTR DS:[EAX],CL
00425F65 |. 8B85 60FFFFFF MOV EAX,DWORD PTR SS:[LOCAL.40]
00425F6B |. 8BE5
MOV ESP,EBP
00425F6D |. 5D
POP EBP
00425F6E \. C2 1400
RETN 14
00425F71
CC
INT3
00425F72
CC
INT3
00425F73
CC
INT3
00425F74
CC
INT3
00425F75
CC
INT3
00425F76
CC
INT3
00425F77
CC
INT3
00425F78
CC
INT3
00425F79
CC
INT3
00425F7A
CC
INT3
00425F7B
CC
INT3
00425F7C
CC
INT3
00425F7D
CC
INT3
00425F7E
CC
INT3
00425F7F
CC
INT3
00425F80 /$ 55
PUSH EBP
o.00425F80(guessed Arg1,Arg2,Arg3)
00425F81 |. 8BEC
MOV EBP,ESP
00425F83 |. 6A FF
PUSH -1
00425F85 |. 68 38684400 PUSH 00446838
00425F8A |. 64:A1 0000000 MOV EAX,DWORD PTR FS:[0]
00425F90 |. 50
PUSH EAX
00425F91 |. 83EC 6C
SUB ESP,6C
00425F94 |. A1 A0154500 MOV EAX,DWORD PTR DS:[4515A0]
00425F99 |. 33C5
XOR EAX,EBP
00425F9B |. 50
PUSH EAX
00425F9C |. 8D45 F4
LEA EAX,[LOCAL.3]
00425F9F |. 64:A3 0000000 MOV DWORD PTR FS:[0],EAX
00425FA5 |. 894D 90
MOV DWORD PTR SS:[LOCAL.28],ECX
00425FA8 |. 8B45 90
MOV EAX,DWORD PTR SS:[LOCAL.28]
00425FAB |. 8378 4C 00
CMP DWORD PTR DS:[EAX+4C],0
00425FAF |. 75 1D
JNE SHORT 00425FCE
00425FB1 |. 8B4D 10
MOV ECX,DWORD PTR SS:[ARG.3]
00425FB4 |. 51
PUSH ECX
[ARG.3]

; \SystemIn

; SystemInf

; /Arg3 =>

00425FB5 |. 8B55 0C
00425FB8 |. 52
[ARG.2]
00425FB9 |. 8B45 08
00425FBC |. 50
[ARG.1]
00425FBD |. E8 F77E0000
fo.0042DEB9
00425FC2 |. 83C4 0C
00425FC5 |. 8945 F0
00425FC8 |. 837D F0 00
00425FCC |. 75 04
00425FCE |> 33C0
00425FD0 |. EB 7C
00425FD2 |> 6A 01
00425FD4 |. 8B4D F0
00425FD7 |. 51
[LOCAL.4]
00425FD8 |. 8B4D 90
00425FDB |. E8 00010000
fo.004260E0
00425FE0 |. 8D55 EC
00425FE3 |. 52
OFFSET LOCAL.5
00425FE4 |. 8B4D 90
00425FE7 |. E8 84290000
fo.00428970
00425FEC |. 8945 8C
00425FEF |. 8B45 8C
00425FF2 |. 8945 88
00425FF5 |. C745 FC 00000
00425FFC |. 8B4D 88
00425FFF |. 51
[LOCAL.29]
00426000 |. E8 6B710000
fo.0042D170
00426005 |. 83C4 04
00426008 |. 8945 A4
0042600B |. 8B55 A4
0042600E |. 8B02
00426010 |. 8B4D A4
00426013 |. 8B50 04
00426016 |. FFD2
00426018 |. 0FB6C0
0042601B |. 85C0
0042601D |. 74 0C
0042601F |. 8B4D 90
00426022 |. C741 3C 00000
00426029 |. EB 11
0042602B |> 8B55 90
0042602E |. 8B45 A4
00426031 |. 8942 3C
00426034 |. 8B4D 90
00426037 |. E8 74290000
0042603C |> C745 FC FFFFF
00426043 |. 8D4D EC
00426046 |. E8 9506FEFF
0042604B |. 8B45 90
0042604E |> 8B4D F4
00426051 |. 64:890D 00000

MOV EDX,DWORD PTR SS:[ARG.2]


PUSH EDX

; |
; |Arg2 =>

MOV EAX,DWORD PTR SS:[ARG.1]


PUSH EAX

; |
; |Arg1 =>

CALL 0042DEB9

; \SystemIn

ADD ESP,0C
MOV DWORD PTR SS:[LOCAL.4],EAX
CMP DWORD PTR SS:[LOCAL.4],0
JNE SHORT 00425FD2
XOR EAX,EAX
JMP SHORT 0042604E
PUSH 1
MOV ECX,DWORD PTR SS:[LOCAL.4]
PUSH ECX

; /Arg2 = 1
; |
; |Arg1 =>

MOV ECX,DWORD PTR SS:[LOCAL.28]


CALL 004260E0

; |
; \SystemIn

LEA EDX,[LOCAL.5]
PUSH EDX

; /Arg1 =>

MOV ECX,DWORD PTR SS:[LOCAL.28]


CALL 00428970

; |
; \SystemIn

MOV DWORD PTR


MOV EAX,DWORD
MOV DWORD PTR
MOV DWORD PTR
MOV ECX,DWORD
PUSH ECX

; /Arg1 =>

SS:[LOCAL.29],EAX
PTR SS:[LOCAL.29]
SS:[LOCAL.30],EAX
SS:[LOCAL.1],0
PTR SS:[LOCAL.30]

CALL 0042D170
ADD ESP,4
MOV DWORD PTR SS:[LOCAL.23],EAX
MOV EDX,DWORD PTR SS:[LOCAL.23]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[LOCAL.23]
MOV EDX,DWORD PTR DS:[EAX+4]
CALL EDX
MOVZX EAX,AL
TEST EAX,EAX
JE SHORT 0042602B
MOV ECX,DWORD PTR SS:[LOCAL.28]
MOV DWORD PTR DS:[ECX+3C],0
JMP SHORT 0042603C
MOV EDX,DWORD PTR SS:[LOCAL.28]
MOV EAX,DWORD PTR SS:[LOCAL.23]
MOV DWORD PTR DS:[EDX+3C],EAX
MOV ECX,DWORD PTR SS:[LOCAL.28]
CALL 004289B0
MOV DWORD PTR SS:[LOCAL.1],-1
LEA ECX,[LOCAL.5]
CALL 004066E0
MOV EAX,DWORD PTR SS:[LOCAL.28]
MOV ECX,DWORD PTR SS:[LOCAL.3]
MOV DWORD PTR FS:[0],ECX

; \SystemIn

00426058 |. 59
POP ECX
00426059 |. 8BE5
MOV ESP,EBP
0042605B |. 5D
POP EBP
0042605C \. C2 0C00
RETN 0C
0042605F
CC
INT3
00426060 /$ 55
PUSH EBP
00426061 |. 8BEC
MOV EBP,ESP
00426063 |. 81EC A8000000 SUB ESP,0A8
00426069 |. 898D 58FFFFFF MOV DWORD PTR SS:[LOCAL.42],ECX
0042606F |. 8B85 58FFFFFF MOV EAX,DWORD PTR SS:[LOCAL.42]
00426075 |. 8945 FC
MOV DWORD PTR SS:[LOCAL.1],EAX
00426078 |. 8B8D 58FFFFFF MOV ECX,DWORD PTR SS:[LOCAL.42]
0042607E |. 8379 4C 00
CMP DWORD PTR DS:[ECX+4C],0
00426082 |. 75 09
JNE SHORT 0042608D
00426084 |. C745 FC 00000 MOV DWORD PTR SS:[LOCAL.1],0
0042608B |. EB 36
JMP SHORT 004260C3
0042608D |> 8B8D 58FFFFFF MOV ECX,DWORD PTR SS:[LOCAL.42]
00426093 |. E8 08010000 CALL 004261A0
00426098 |. 0FB6D0
MOVZX EDX,AL
0042609B |. 85D2
TEST EDX,EDX
0042609D |. 75 07
JNE SHORT 004260A6
0042609F |. C745 FC 00000 MOV DWORD PTR SS:[LOCAL.1],0
004260A6 |> 8B85 58FFFFFF MOV EAX,DWORD PTR SS:[LOCAL.42]
004260AC |. 8B48 4C
MOV ECX,DWORD PTR DS:[EAX+4C]
004260AF |. 51
PUSH ECX
004260B0 |. E8 ADD00000 CALL 00433162
004260B5 |. 83C4 04
ADD ESP,4
004260B8 |. 85C0
TEST EAX,EAX
004260BA |. 74 07
JE SHORT 004260C3
004260BC |. C745 FC 00000 MOV DWORD PTR SS:[LOCAL.1],0
004260C3 |> 6A 02
PUSH 2
004260C5 |. 6A 00
PUSH 0
004260C7 |. 8B8D 58FFFFFF MOV ECX,DWORD PTR SS:[LOCAL.42]
004260CD |. E8 0E000000 CALL 004260E0
fo.004260E0
004260D2 |. 8B45 FC
MOV EAX,DWORD PTR SS:[LOCAL.1]
004260D5 |. 8BE5
MOV ESP,EBP
004260D7 |. 5D
POP EBP
004260D8 \. C3
RETN
004260D9
CC
INT3
004260DA
CC
INT3
004260DB
CC
INT3
004260DC
CC
INT3
004260DD
CC
INT3
004260DE
CC
INT3
004260DF
CC
INT3
004260E0 /$ 55
PUSH EBP
o.004260E0(guessed Arg1,Arg2)
004260E1 |. 8BEC
MOV EBP,ESP
004260E3 |. 83EC 14
SUB ESP,14
004260E6 |. 894D EC
MOV DWORD PTR SS:[LOCAL.5],ECX
004260E9 |. 33C0
XOR EAX,EAX
004260EB |. 837D 0C 01
CMP DWORD PTR SS:[ARG.2],1
004260EF |. 0F94C0
SETE AL
004260F2 |. 8B4D EC
MOV ECX,DWORD PTR SS:[LOCAL.5]
004260F5 |. 8841 48
MOV BYTE PTR DS:[ECX+48],AL
004260F8 |. 8B55 EC
MOV EDX,DWORD PTR SS:[LOCAL.5]
004260FB |. C642 41 00
MOV BYTE PTR DS:[EDX+41],0
004260FF |. 8B4D EC
MOV ECX,DWORD PTR SS:[LOCAL.5]
00426102 |. E8 A9280000 CALL 004289B0

;
;
;
;

/Arg2 = 2
|Arg1 = 0
|
\SystemIn

; SystemInf

00426107
0042610B
0042610D
00426112
00426114
00426116
00426119
0042611C
0042611F
00426122
00426125
00426128
0042612B
0042612E
00426131
00426134
00426137
0042613A
0042613D
00426140
00426143
00426146
00426149
0042614C
0042614F
00426152
00426155
00426158
0042615B
0042615E
00426161
00426164
00426167
0042616A
0042616D
00426170
00426173
00426176
00426179
0042617F
00426182
00426185
0042618C
0042618E
0042618F
00426192
00426193
00426194
00426195
00426196
00426197
00426198
00426199
0042619A
0042619B
0042619C
0042619D
0042619E
0042619F
004261A0

|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
\.

837D 08 00
74 60
B8 01000000
85C0
74 57
8B4D 08
83C1 08
894D F8
8B55 08
8955 F4
8B45 08
83C0 04
8945 F0
8B4D 08
83C1 04
894D FC
8B55 EC
8B45 F8
8942 10
8B4D EC
8B55 F8
8951 14
8B45 EC
8B4D F4
8948 20
8B55 EC
8B45 F4
8942 24
8B4D EC
8B55 F0
8951 30
8B45 EC
8B4D FC
8948 34
8B55 EC
8B45 08
8942 4C
8B4D EC
8B15 882A4500
8951 44
8B45 EC
C740 3C 00000
8BE5
5D
C2 0800
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
/$ 55

CMP DWORD PTR SS:[ARG.1],0


JE SHORT 0042616D
MOV EAX,1
TEST EAX,EAX
JE SHORT 0042616D
MOV ECX,DWORD PTR SS:[ARG.1]
ADD ECX,8
MOV DWORD PTR SS:[LOCAL.2],ECX
MOV EDX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR SS:[LOCAL.3],EDX
MOV EAX,DWORD PTR SS:[ARG.1]
ADD EAX,4
MOV DWORD PTR SS:[LOCAL.4],EAX
MOV ECX,DWORD PTR SS:[ARG.1]
ADD ECX,4
MOV DWORD PTR SS:[LOCAL.1],ECX
MOV EDX,DWORD PTR SS:[LOCAL.5]
MOV EAX,DWORD PTR SS:[LOCAL.2]
MOV DWORD PTR DS:[EDX+10],EAX
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV EDX,DWORD PTR SS:[LOCAL.2]
MOV DWORD PTR DS:[ECX+14],EDX
MOV EAX,DWORD PTR SS:[LOCAL.5]
MOV ECX,DWORD PTR SS:[LOCAL.3]
MOV DWORD PTR DS:[EAX+20],ECX
MOV EDX,DWORD PTR SS:[LOCAL.5]
MOV EAX,DWORD PTR SS:[LOCAL.3]
MOV DWORD PTR DS:[EDX+24],EAX
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV EDX,DWORD PTR SS:[LOCAL.4]
MOV DWORD PTR DS:[ECX+30],EDX
MOV EAX,DWORD PTR SS:[LOCAL.5]
MOV ECX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR DS:[EAX+34],ECX
MOV EDX,DWORD PTR SS:[LOCAL.5]
MOV EAX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR DS:[EDX+4C],EAX
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV EDX,DWORD PTR DS:[452A88]
MOV DWORD PTR DS:[ECX+44],EDX
MOV EAX,DWORD PTR SS:[LOCAL.5]
MOV DWORD PTR DS:[EAX+3C],0
MOV ESP,EBP
POP EBP
RETN 8
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP

004261A1 |.
004261A3 |.
004261A5 |.
004261AA |.
004261B0 |.
004261B1 |.
004261B7 |.
004261BC |.
004261BE |.
004261C1 |.
004261C2 |.
004261C5 |.
004261CB |.
004261D1 |.
004261D7 |.
004261DB |.
004261DD |.
004261E3 |.
004261E7 |.
004261E9 |.
004261EB |>
004261ED |.
004261F2 |.
004261F7 |>
004261FE |.
00426200 |.
00426206 |.
00426208 |.
0042620E |.
00426211 |.
00426213 |.
00426216 |.
0042621D |.
00426220 |.
00426222 |.
00426225 |.
00426228 |.
0042622B |.
0042622D |.
0042622F |.
00426231 |.
00426236 |>
00426239 |.
0042623C |.
0042623E |.
00426240 |.
00426243 |.
fo.0040FB60
00426248 |.
0042624A |.
0042624C |.
0042624F |.
fo.0040F240
00426254 |.
0042625B |>
0042625F |.
00426261 |.
00426264 |.
00426267 |.
00426269 |>

8BEC
6A FF
68 68684400
64:A1 0000000
50
81EC F4000000
A1 A0154500
33C5
8945 E8
50
8D45 F4
64:A3 0000000
898D 04FFFFFF
8B85 04FFFFFF
8378 3C 00
74 0E
8B8D 04FFFFFF
0FB651 41
85D2
75 0C
B0 01
E9 97020000
E9 92020000
C745 F0 08000
6A FF
8B85 04FFFFFF
8B10
8B8D 04FFFFFF
8B42 04
FFD0
8945 C4
C745 C0 FFFFF
8B4D C0
33D2
3B4D C4
0F94C2
0FB6C2
85C0
74 07
32C0
E9 53020000
8D4D 93
894D 94
6A 00
6A 00
8D4D CC
E8 1899FEFF

MOV EBP,ESP
PUSH -1
PUSH 00446868
MOV EAX,DWORD PTR FS:[0]
PUSH EAX
SUB ESP,0F4
MOV EAX,DWORD PTR DS:[4515A0]
XOR EAX,EBP
MOV DWORD PTR SS:[LOCAL.6],EAX
PUSH EAX
LEA EAX,[LOCAL.3]
MOV DWORD PTR FS:[0],EAX
MOV DWORD PTR SS:[LOCAL.63],ECX
MOV EAX,DWORD PTR SS:[LOCAL.63]
CMP DWORD PTR DS:[EAX+3C],0
JE SHORT 004261EB
MOV ECX,DWORD PTR SS:[LOCAL.63]
MOVZX EDX,BYTE PTR DS:[ECX+41]
TEST EDX,EDX
JNE SHORT 004261F7
MOV AL,1
JMP 00426489
JMP 00426489
MOV DWORD PTR SS:[LOCAL.4],8
PUSH -1
MOV EAX,DWORD PTR SS:[LOCAL.63]
MOV EDX,DWORD PTR DS:[EAX]
MOV ECX,DWORD PTR SS:[LOCAL.63]
MOV EAX,DWORD PTR DS:[EDX+4]
CALL EAX
MOV DWORD PTR SS:[LOCAL.15],EAX
MOV DWORD PTR SS:[LOCAL.16],-1
MOV ECX,DWORD PTR SS:[LOCAL.16]
XOR EDX,EDX
CMP ECX,DWORD PTR SS:[LOCAL.15]
SETE DL
MOVZX EAX,DL
TEST EAX,EAX
JE SHORT 00426236
XOR AL,AL
JMP 00426489
LEA ECX,[LOCAL.28+3]
MOV DWORD PTR SS:[LOCAL.27],ECX
PUSH 0
PUSH 0
LEA ECX,[LOCAL.13]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 0
|
\SystemIn

6A 00
6A 08
8D4D CC
E8 EC8FFEFF

PUSH 0
PUSH 8
LEA ECX,[LOCAL.13]
CALL 0040F240

;
;
;
;

/Arg2 = 0
|Arg1 = 8
|
\SystemIn

C745 FC 00000 MOV DWORD PTR SS:[LOCAL.1],0


837D E4 10
CMP DWORD PTR SS:[EBP-1C],10
72 08
JB SHORT 00426269
8B55 D0
MOV EDX,DWORD PTR SS:[EBP-30]
8955 8C
MOV DWORD PTR SS:[EBP-74],EDX
EB 06
JMP SHORT 0042626F
8D45 D0
LEA EAX,[EBP-30]

0042626C |.
0042626F |>
00426272 |.
00426273 |.
00426276 |.
00426277 |.
0042627A |.
fo.0042A290
0042627F |.
00426282 |.
fo.00429BC0
00426287 |.
0042628A |.
0042628D |.
00426290 |.
00426294 |.
00426296 |.
00426299 |.
0042629C |.
0042629E |>
004262A1 |.
004262A4 |>
004262A7 |.
004262A8 |.
004262AB |.
004262AC |.
004262AF |.
fo.0042A290
004262B4 |.
004262B7 |.
fo.00429BC0
004262BC |.
004262C2 |.
004262C8 |.
004262CB |.
004262D1 |.
004262D4 |.
004262D5 |.
004262D8 |.
004262DB |.
004262DC |.
004262E2 |.
004262E3 |.
004262E9 |.
004262EC |.
004262ED |.
004262F3 |.
004262F5 |.
004262FB |.
004262FE |.
00426300 |.
00426306 |.
0042630D |.
0042630F |.
00426316 |.
00426318 |.
0042631F |.
00426325 |.
0042632A |>
00426330 |.

8945 8C
8D4D CC
51
8B55 8C
52
8D4D B8
E8 11400000

MOV DWORD PTR SS:[EBP-74],EAX


LEA ECX,[EBP-34]
PUSH ECX
MOV EDX,DWORD PTR SS:[EBP-74]
PUSH EDX
LEA ECX,[EBP-48]
CALL 0042A290

;
;
;
;
;

8D4D B8
E8 39390000

LEA ECX,[EBP-48]
CALL 00429BC0

; [SystemIn

8945 88
8B45 E0
8945 84
837D E4 10
72 08
8B4D D0
894D 80
EB 06
8D55 D0
8955 80
8D45 CC
50
8B4D 80
51
8D4D B0
E8 DC3F0000

MOV DWORD PTR SS:[EBP-78],EAX


MOV EAX,DWORD PTR SS:[EBP-20]
MOV DWORD PTR SS:[EBP-7C],EAX
CMP DWORD PTR SS:[EBP-1C],10
JB SHORT 0042629E
MOV ECX,DWORD PTR SS:[EBP-30]
MOV DWORD PTR SS:[EBP-80],ECX
JMP SHORT 004262A4
LEA EDX,[EBP-30]
MOV DWORD PTR SS:[EBP-80],EDX
LEA EAX,[EBP-34]
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP-80]
PUSH ECX
LEA ECX,[EBP-50]
CALL 0042A290

;
;
;
;
;

8D4D B0
E8 04390000

LEA ECX,[EBP-50]
CALL 00429BC0

; [SystemIn

8985 7CFFFFFF
8B95 04FFFFFF
8B42 3C
8985 78FFFFFF
8D4D EC
51
8B55 88
0355 84
52
8B85 7CFFFFFF
50
8B8D 04FFFFFF
83C1 44
51
8B95 78FFFFFF
8B02
8B8D 78FFFFFF
8B50 18
FFD2
8985 00FFFFFF
83BD 00FFFFFF
74 1B
83BD 00FFFFFF
74 1C
83BD 00FFFFFF
0F84 14010000
E9 2B010000
8B85 04FFFFFF
C640 41 00

MOV DWORD PTR SS:[EBP-84],EAX


MOV EDX,DWORD PTR SS:[EBP-0FC]
MOV EAX,DWORD PTR DS:[EDX+3C]
MOV DWORD PTR SS:[EBP-88],EAX
LEA ECX,[EBP-14]
PUSH ECX
MOV EDX,DWORD PTR SS:[EBP-78]
ADD EDX,DWORD PTR SS:[EBP-7C]
PUSH EDX
MOV EAX,DWORD PTR SS:[EBP-84]
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP-0FC]
ADD ECX,44
PUSH ECX
MOV EDX,DWORD PTR SS:[EBP-88]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[EBP-88]
MOV EDX,DWORD PTR DS:[EAX+18]
CALL EDX
MOV DWORD PTR SS:[EBP-100],EAX
CMP DWORD PTR SS:[EBP-100],0
JE SHORT 0042632A
CMP DWORD PTR SS:[EBP-100],1
JE SHORT 00426334
CMP DWORD PTR SS:[EBP-100],3
JE 00426439
JMP 00426455
MOV EAX,DWORD PTR SS:[EBP-0FC]
MOV BYTE PTR DS:[EAX+41],0

/Arg2
|
|Arg1
|
\SystemIn

/Arg2
|
|Arg1
|
\SystemIn

00426334 |>
00426338 |.
0042633A |.
0042633D |.
00426343 |.
00426345 |>
00426348 |.
0042634E |>
00426351 |.
00426352 |.
00426358 |.
00426359 |.
0042635C |.
fo.0042A290
00426361 |.
00426364 |.
fo.00429BC0
00426369 |.
0042636F |.
00426372 |.
00426378 |.
0042637B |.
0042637D |.
00426381 |.
00426383 |.
00426386 |.
0042638C |.
0042638E |>
00426391 |.
00426397 |>
0042639A |.
0042639B |.
004263A1 |.
004263A2 |.
004263A5 |.
fo.0042A290
004263AA |.
004263AD |.
fo.00429BC0
004263B2 |.
004263B8 |.
004263BE |.
004263C1 |.
004263C2 |.
004263C5 |.
004263C6 |.
004263C8 |.
004263CE |.
004263CF |.
004263D4 |.
004263D7 |.
004263DA |.
004263DC |.
004263E0 |.
004263E7 |.
004263E9 |.
004263EB |.
004263EE |.
fo.0040FB60
004263F3 |.

837D E4 10
72 0B
8B4D D0
898D 74FFFFFF
EB 09
8D55 D0
8995 74FFFFFF
8D45 CC
50
8B8D 74FFFFFF
51
8D4D A8
E8 2F3F0000

CMP DWORD PTR SS:[EBP-1C],10


JB SHORT 00426345
MOV ECX,DWORD PTR SS:[EBP-30]
MOV DWORD PTR SS:[EBP-8C],ECX
JMP SHORT 0042634E
LEA EDX,[EBP-30]
MOV DWORD PTR SS:[EBP-8C],EDX
LEA EAX,[EBP-34]
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP-8C]
PUSH ECX
LEA ECX,[EBP-58]
CALL 0042A290

;
;
;
;
;

8D4D A8
E8 57380000

LEA ECX,[EBP-58]
CALL 00429BC0

; [SystemIn

8985 70FFFFFF
8B55 EC
2B95 70FFFFFF
8955 C8
74 7E
837D E4 10
72 0B
8B45 D0
8985 6CFFFFFF
EB 09
8D4D D0
898D 6CFFFFFF
8D55 CC
52
8B85 6CFFFFFF
50
8D4D A0
E8 E63E0000

MOV DWORD PTR SS:[EBP-90],EAX


MOV EDX,DWORD PTR SS:[EBP-14]
SUB EDX,DWORD PTR SS:[EBP-90]
MOV DWORD PTR SS:[EBP-38],EDX
JE SHORT 004263FB
CMP DWORD PTR SS:[EBP-1C],10
JB SHORT 0042638E
MOV EAX,DWORD PTR SS:[EBP-30]
MOV DWORD PTR SS:[EBP-94],EAX
JMP SHORT 00426397
LEA ECX,[EBP-30]
MOV DWORD PTR SS:[EBP-94],ECX
LEA EDX,[EBP-34]
PUSH EDX
MOV EAX,DWORD PTR SS:[EBP-94]
PUSH EAX
LEA ECX,[EBP-60]
CALL 0042A290

;
;
;
;
;

8D4D A0
E8 0E380000

LEA ECX,[EBP-60]
CALL 00429BC0

; [SystemIn

8985 68FFFFFF
8B8D 04FFFFFF
8B51 4C
52
8B45 C8
50
6A 01
8B8D 68FFFFFF
51
E8 7CC40000
83C4 10
3945 C8
74 1F
C645 9F 00
C745 FC FFFFF
6A 00
6A 01
8D4D CC
E8 6D97FEFF

MOV DWORD PTR SS:[EBP-98],EAX


MOV ECX,DWORD PTR SS:[EBP-0FC]
MOV EDX,DWORD PTR DS:[ECX+4C]
PUSH EDX
MOV EAX,DWORD PTR SS:[EBP-38]
PUSH EAX
PUSH 1
MOV ECX,DWORD PTR SS:[EBP-98]
PUSH ECX
CALL 00432850
ADD ESP,10
CMP DWORD PTR SS:[EBP-38],EAX
JE SHORT 004263FB
MOV BYTE PTR SS:[EBP-61],0
MOV DWORD PTR SS:[EBP-4],-1
PUSH 0
PUSH 1
LEA ECX,[EBP-34]
CALL 0040FB60

;
;
;
;

8A45 9F

MOV AL,BYTE PTR SS:[EBP-61]

/Arg2
|
|Arg1
|
\SystemIn

/Arg2
|
|Arg1
|
\SystemIn

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

004263F6 |.
004263FB |>
00426401 |.
00426405 |.
00426407 |.
00426409 |.
0042640D |.
00426414 |.
00426416 |.
00426418 |.
0042641B |.
fo.0040FB60
00426420 |.
00426423 |.
00426425 |>
00426429 |.^
0042642B |.
0042642D |.
0042642F |.
00426432 |.
fo.0040EF80
00426437 |>^
00426439 |>
0042643D |.
00426444 |.
00426446 |.
00426448 |.
0042644B |.
fo.0040FB60
00426450 |.
00426453 |.
00426455 |>
00426459 |.
00426460 |.
00426462 |.
00426464 |.
00426467 |.
fo.0040FB60
0042646C |.
0042646F |.
00426471 \>^
00426476 /.
0042647D |.
0042647F |.
00426481 |.
00426484 |.
fo.0040FB60
00426489 |>
0042648C |.
00426493 |.
00426494 |.
00426497 |.
00426499 |.
0042649E |.
004264A0 |.
004264A1 \.
004264A2
004264A3
004264A4
004264A5

E9 8E000000
8B95 04FFFFFF
0FB642 41
85C0
75 1C
C645 9E 01
C745 FC FFFFF
6A 00
6A 01
8D4D CC
E8 4097FEFF

JMP 00426489
MOV EDX,DWORD PTR SS:[EBP-0FC]
MOVZX EAX,BYTE PTR DS:[EDX+41]
TEST EAX,EAX
JNE SHORT 00426425
MOV BYTE PTR SS:[EBP-62],1
MOV DWORD PTR SS:[EBP-4],-1
PUSH 0
PUSH 1
LEA ECX,[EBP-34]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

8A45 9E
EB 64
837D C8 00
75 0C
6A 00
6A 08
8D4D CC
E8 498BFEFF

MOV AL,BYTE PTR SS:[EBP-62]


JMP SHORT 00426489
CMP DWORD PTR SS:[EBP-38],0
JNE SHORT 00426437
PUSH 0
PUSH 8
LEA ECX,[EBP-34]
CALL 0040EF80

;
;
;
;

/Arg2 = 0
|Arg1 = 8
|
\SystemIn

EB 38
C645 9D 01
C745 FC FFFFF
6A 00
6A 01
8D4D CC
E8 1097FEFF

JMP SHORT 00426471


MOV BYTE PTR SS:[EBP-63],1
MOV DWORD PTR SS:[EBP-4],-1
PUSH 0
PUSH 1
LEA ECX,[EBP-34]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

8A45 9D
EB 34
C645 9C 00
C745 FC FFFFF
6A 00
6A 01
8D4D CC
E8 F496FEFF

MOV AL,BYTE PTR SS:[EBP-63]


JMP SHORT 00426489
MOV BYTE PTR SS:[EBP-64],0
MOV DWORD PTR SS:[EBP-4],-1
PUSH 0
PUSH 1
LEA ECX,[EBP-34]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

8A45 9C
EB 18
E9 E5FDFFFF
C745 FC FFFFF
6A 00
6A 01
8D4D CC
E8 D796FEFF

MOV AL,BYTE PTR SS:[EBP-64]


JMP SHORT 00426489
JMP 0042625B
MOV DWORD PTR SS:[EBP-4],-1
PUSH 0
PUSH 1
LEA ECX,[EBP-34]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

8B4D F4
64:890D 00000
59
8B4D E8
33CD
E8 53820000
8BE5
5D
C3
CC
CC
CC
CC

MOV ECX,DWORD PTR SS:[EBP-0C]


MOV DWORD PTR FS:[0],ECX
POP ECX
MOV ECX,DWORD PTR SS:[EBP-18]
XOR ECX,EBP
CALL 0042E6F1
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
INT3

004264A6
CC
INT3
004264A7
CC
INT3
004264A8
CC
INT3
004264A9
CC
INT3
004264AA
CC
INT3
004264AB
CC
INT3
004264AC
CC
INT3
004264AD
CC
INT3
004264AE
CC
INT3
004264AF
CC
INT3
004264B0 /$ 55
PUSH EBP
o.004264B0(guessed Arg1,Arg2)
004264B1 |. 8BEC
MOV EBP,ESP
004264B3 |. 6A FF
PUSH -1
004264B5 |. 68 98684400 PUSH 00446898
004264BA |. 64:A1 0000000 MOV EAX,DWORD PTR FS:[0]
004264C0 |. 50
PUSH EAX
004264C1 |. 83EC 3C
SUB ESP,3C
004264C4 |. A1 A0154500 MOV EAX,DWORD PTR DS:[4515A0]
004264C9 |. 33C5
XOR EAX,EBP
004264CB |. 50
PUSH EAX
004264CC |. 8D45 F4
LEA EAX,[LOCAL.3]
004264CF |. 64:A3 0000000 MOV DWORD PTR FS:[0],EAX
004264D5 |. 894D C8
MOV DWORD PTR SS:[LOCAL.14],ECX
004264D8 |. 8D45 D1
LEA EAX,[LOCAL.12+1]
004264DB |. 8945 EC
MOV DWORD PTR SS:[LOCAL.5],EAX
004264DE |. 8D4D D2
LEA ECX,[LOCAL.12+2]
004264E1 |. 894D E4
MOV DWORD PTR SS:[LOCAL.7],ECX
004264E4 |. 8D55 D3
LEA EDX,[LOCAL.12+3]
004264E7 |. 8955 DC
MOV DWORD PTR SS:[LOCAL.9],EDX
004264EA |. 51
PUSH ECX
004264EB |. 8BC4
MOV EAX,ESP
004264ED |. 8965 D8
MOV DWORD PTR SS:[LOCAL.10],ESP
004264F0 |. 8945 D4
MOV DWORD PTR SS:[LOCAL.11],EAX
004264F3 |. 8B4D 08
MOV ECX,DWORD PTR SS:[ARG.1]
004264F6 |. 0FB611
MOVZX EDX,BYTE PTR DS:[ECX]
004264F9 |. 52
PUSH EDX
004264FA |. 8B4D C8
MOV ECX,DWORD PTR SS:[LOCAL.14]
004264FD |. E8 BE660000 CALL 0042CBC0
fo.0042CBC0
00426502 |. 8945 C4
MOV DWORD PTR SS:[LOCAL.15],EAX
00426505 |. 8B45 C8
MOV EAX,DWORD PTR SS:[LOCAL.14]
00426508 |. 8945 C0
MOV DWORD PTR SS:[LOCAL.16],EAX
0042650B |. 8B4D C8
MOV ECX,DWORD PTR SS:[LOCAL.14]
0042650E |. 894D BC
MOV DWORD PTR SS:[LOCAL.17],ECX
00426511 |. 8B55 C8
MOV EDX,DWORD PTR SS:[LOCAL.14]
00426514 |. 8955 B8
MOV DWORD PTR SS:[LOCAL.18],EDX
00426517 |. C745 FC 00000 MOV DWORD PTR SS:[LOCAL.1],0
0042651E |. 8B4D C8
MOV ECX,DWORD PTR SS:[LOCAL.14]
00426521 |. E8 9A310000 CALL 004296C0
00426526 |. C745 FC FFFFF MOV DWORD PTR SS:[LOCAL.1],-1
0042652D |. 8B45 C8
MOV EAX,DWORD PTR SS:[LOCAL.14]
00426530 |. 8B4D F4
MOV ECX,DWORD PTR SS:[LOCAL.3]
00426533 |. 64:890D 00000 MOV DWORD PTR FS:[0],ECX
0042653A |. 59
POP ECX
0042653B |. 8BE5
MOV ESP,EBP
0042653D |. 5D
POP EBP
0042653E \. C2 0800
RETN 8
00426541
CC
INT3
00426542
CC
INT3

; SystemInf

;
;
;
;
;
;
;
;
;

/Arg2
|
|
|
|
|
|Arg1
|
\SystemIn

00426543
CC
INT3
00426544
CC
INT3
00426545
CC
INT3
00426546
CC
INT3
00426547
CC
INT3
00426548
CC
INT3
00426549
CC
INT3
0042654A
CC
INT3
0042654B
CC
INT3
0042654C
CC
INT3
0042654D
CC
INT3
0042654E
CC
INT3
0042654F
CC
INT3
00426550 /$ 55
PUSH EBP
o.00426550(guessed Arg1,Arg2,Arg3,Arg4)
00426551 |. 8BEC
MOV EBP,ESP
00426553 |. 81EC C0010000 SUB ESP,1C0
00426559 |. 898D 40FEFFFF MOV DWORD PTR SS:[LOCAL.112],ECX
0042655F |. C745 F8 00000 MOV DWORD PTR SS:[LOCAL.2],0
00426566 |. C745 FC 00000 MOV DWORD PTR SS:[LOCAL.1],0
0042656D |. 8B85 40FEFFFF MOV EAX,DWORD PTR SS:[LOCAL.112]
00426573 |. 8B48 1C
MOV ECX,DWORD PTR DS:[EAX+1C]
00426576 |. 894D B8
MOV DWORD PTR SS:[LOCAL.18],ECX
00426579 |. 837D B8 00
CMP DWORD PTR SS:[LOCAL.18],0
0042657D |. 75 2C
JNE SHORT 004265AB
0042657F |. 8B55 14
MOV EDX,DWORD PTR SS:[ARG.4]
00426582 |. 52
PUSH EDX
[ARG.4]
00426583 |. 8B85 40FEFFFF MOV EAX,DWORD PTR SS:[LOCAL.112]
00426589 |. 8B48 18
MOV ECX,DWORD PTR DS:[EAX+18]
0042658C |. 51
PUSH ECX
[ARG.ECX+18]
0042658D |. 6A 01
PUSH 1
0042658F |. 8B55 08
MOV EDX,DWORD PTR SS:[ARG.1]
00426592 |. 52
PUSH EDX
[ARG.1]
00426593 |. 8B8D 40FEFFFF MOV ECX,DWORD PTR SS:[LOCAL.112]
00426599 |. E8 92310000 CALL 00429730
fo.00429730
0042659E |. 8B45 08
MOV EAX,DWORD PTR SS:[ARG.1]
004265A1 |. E9 EB070000 JMP 00426D91
004265A6 |. E9 C3070000 JMP 00426D6E
004265AB |> 33C0
XOR EAX,EAX
004265AD |. 0F84 22040000 JE 004269D5
004265B3 |. 8B8D 40FEFFFF MOV ECX,DWORD PTR SS:[LOCAL.112]
004265B9 |. 8B51 18
MOV EDX,DWORD PTR DS:[ECX+18]
004265BC |. 8995 68FFFFFF MOV DWORD PTR SS:[LOCAL.38],EDX
004265C2 |. 8B85 68FFFFFF MOV EAX,DWORD PTR SS:[LOCAL.38]
004265C8 |. 8B08
MOV ECX,DWORD PTR DS:[EAX]
004265CA |. 898D 64FFFFFF MOV DWORD PTR SS:[LOCAL.39],ECX
004265D0 |. 8B95 40FEFFFF MOV EDX,DWORD PTR SS:[LOCAL.112]
004265D6 |. 52
PUSH EDX
ARG.ECX
004265D7 |. 8B85 64FFFFFF MOV EAX,DWORD PTR SS:[LOCAL.39]
004265DD |. 50
PUSH EAX
[LOCAL.39]
004265DE |. 8D4D F0
LEA ECX,[LOCAL.4]
004265E1 |. E8 0A2B0000 CALL 004290F0
fo.004290F0
004265E6 |. 33C9
XOR ECX,ECX

; SystemInf

; /Arg4 =>
; |
; |
; |Arg3 =>
; |Arg2 = 1
; |
; |Arg1 =>
; |
; \SystemIn

; /Arg2 =>
; |
; |Arg1 =>
; |
; \SystemIn

004265E8 |.
004265EC |.
004265EF |.
004265F2 |.
004265F4 |.
004265F6 |.
004265F9 |.
004265FB |.
004265FE |.
00426601 |.
00426604 |.
00426606 |.
00426608 |>
0042660D |>
0042660F |.^
00426611 |.
00426614 |.
00426616 |.
00426619 |.
0042661C |.
0042661F |.
00426621 |.
00426623 |.
00426626 |.
0042662C |.
0042662F |.
00426634 |.
00426635 |.
0042663B |.
0042663E |.
00426643 |.
00426644 |.
fo.0042E980
00426649 |.
0042664C |.
0042664E |.
00426650 |.
00426653 |.
00426656 |.
00426658 |.
0042665A |.
0042665D |.
00426663 |.
00426666 |.
[ARG.4]
00426667 |.
0042666D |.
[ARG.3]
0042666E |.
00426670 |.
00426673 |.
[ARG.1]
00426674 |.
0042667A |.
fo.00429730
0042667F |.
00426682 \.
00426687 >
0042668C />
00426692 |.

837D 0C 00
0F95C1
0FB6D1
85D2
74 12
8B45 0C
33C9
3B45 F0
0F94C1
0FB6D1
85D2
75 05
E8 7B820000
33C0
75 FC
8B4D 10
33D2
3B4D F4
0F94C2
0FB6C2
85C0
74 69
8B4D 10
898D 60FFFFFF
8B4D 14
E8 7C80FEFF
50
8B8D 60FFFFFF
83C1 0C
E8 6D80FEFF
50
E8 37830000

CMP DWORD PTR SS:[ARG.2],0


SETNE CL
MOVZX EDX,CL
TEST EDX,EDX
JE SHORT 00426608
MOV EAX,DWORD PTR SS:[ARG.2]
XOR ECX,ECX
CMP EAX,DWORD PTR SS:[LOCAL.4]
SETE CL
MOVZX EDX,CL
TEST EDX,EDX
JNE SHORT 0042660D
CALL 0042E888
/XOR EAX,EAX
\JNE SHORT 0042660D
MOV ECX,DWORD PTR SS:[ARG.3]
XOR EDX,EDX
CMP ECX,DWORD PTR SS:[LOCAL.3]
SETE DL
MOVZX EAX,DL
TEST EAX,EAX
JE SHORT 0042668C
MOV ECX,DWORD PTR SS:[ARG.3]
MOV DWORD PTR SS:[LOCAL.40],ECX
MOV ECX,DWORD PTR SS:[ARG.4]
CALL 0040E6B0
PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.40]
ADD ECX,0C
CALL 0040E6B0
PUSH EAX
CALL 0042E980

;
;
;
;
;
;

83C4 08
33D2
85C0
0F9CC2
0FB6C2
85C0
75 2D
8B4D 10
898D 5CFFFFFF
8B55 14
52

ADD ESP,8
XOR EDX,EDX
TEST EAX,EAX
SETL DL
MOVZX EAX,DL
TEST EAX,EAX
JNE SHORT 00426687
MOV ECX,DWORD PTR SS:[ARG.3]
MOV DWORD PTR SS:[LOCAL.41],ECX
MOV EDX,DWORD PTR SS:[ARG.4]
PUSH EDX

; /Arg4 =>

8B85 5CFFFFFF MOV EAX,DWORD PTR SS:[LOCAL.41]


50
PUSH EAX

; |
; |Arg3 =>

6A 01
8B4D 08
51

; |Arg2 = 1
; |
; |Arg1 =>

PUSH 1
MOV ECX,DWORD PTR SS:[ARG.1]
PUSH ECX

8B8D 40FEFFFF MOV ECX,DWORD PTR SS:[LOCAL.112]


E8 B1300000 CALL 00429730
8B45 08
E9 0A070000
E9 44030000
8B95 40FEFFFF
8B42 18

MOV
JMP
JMP
MOV
MOV

EAX,DWORD PTR SS:[ARG.1]


00426D91
004269D0
EDX,DWORD PTR SS:[LOCAL.112]
EAX,DWORD PTR DS:[EDX+18]

/Arg2
|
|
|
|Arg1
\SystemIn

; |
; \SystemIn

00426695 |.
0042669B |.
004266A1 |.
ARG.ECX
004266A2 |.
004266A8 |.
[ARG.ECX+18]
004266A9 |.
004266AC |.
fo.004290F0
004266B1 |.
004266B3 |.
004266B7 |.
004266BA |.
004266BD |.
004266BF |.
004266C1 |.
004266C4 |.
004266C6 |.
004266C9 |.
004266CC |.
004266CF |.
004266D1 |.
004266D3 |>
004266D8 |>
004266DA |.^
004266DC |.
004266DF |.
004266E1 |.
004266E4 |.
004266E7 |.
004266EA |.
004266EC |.
004266EE |.
004266F4 |.
004266F7 |.
004266FA |.
00426700 |.
00426706 |.
00426708 |.
0042670B |.
00426711 |.
00426717 |.
0042671C |.
0042671D |.
00426720 |.
00426725 |.
00426726 |.
fo.0042E980
0042672B |.
0042672E |.
00426730 |.
00426732 |.
00426735 |.
00426738 |.
0042673A |.
0042673C |.
0042673F |.
[ARG.4]
00426740 |.

8985 0CFFFFFF MOV DWORD PTR SS:[LOCAL.61],EAX


8B8D 40FEFFFF MOV ECX,DWORD PTR SS:[LOCAL.112]
51
PUSH ECX

; /Arg2 =>

8B95 0CFFFFFF MOV EDX,DWORD PTR SS:[LOCAL.61]


52
PUSH EDX

; |
; |Arg1 =>

8D4D E8
E8 3F2A0000

LEA ECX,[LOCAL.6]
CALL 004290F0

; |
; \SystemIn

33C0
837D 0C 00
0F95C0
0FB6C8
85C9
74 12
8B55 0C
33C0
3B55 E8
0F94C0
0FB6C8
85C9
75 05
E8 B0810000
33D2
75 FC
8B45 10
33C9
3B45 EC
0F94C1
0FB6D1
85D2
74 7D
8B85 40FEFFFF
8B48 18
83C1 08
898D 08FFFFFF
8B95 08FFFFFF
8B02
83C0 0C
8985 04FFFFFF
8B8D 04FFFFFF
E8 947FFEFF
50
8B4D 14
E8 8B7FFEFF
50
E8 55820000

XOR EAX,EAX
CMP DWORD PTR SS:[ARG.2],0
SETNE AL
MOVZX ECX,AL
TEST ECX,ECX
JE SHORT 004266D3
MOV EDX,DWORD PTR SS:[ARG.2]
XOR EAX,EAX
CMP EDX,DWORD PTR SS:[LOCAL.6]
SETE AL
MOVZX ECX,AL
TEST ECX,ECX
JNE SHORT 004266D8
CALL 0042E888
/XOR EDX,EDX
\JNE SHORT 004266D8
MOV EAX,DWORD PTR SS:[ARG.3]
XOR ECX,ECX
CMP EAX,DWORD PTR SS:[LOCAL.5]
SETE CL
MOVZX EDX,CL
TEST EDX,EDX
JE SHORT 0042676B
MOV EAX,DWORD PTR SS:[LOCAL.112]
MOV ECX,DWORD PTR DS:[EAX+18]
ADD ECX,8
MOV DWORD PTR SS:[LOCAL.62],ECX
MOV EDX,DWORD PTR SS:[LOCAL.62]
MOV EAX,DWORD PTR DS:[EDX]
ADD EAX,0C
MOV DWORD PTR SS:[LOCAL.63],EAX
MOV ECX,DWORD PTR SS:[LOCAL.63]
CALL 0040E6B0
PUSH EAX
MOV ECX,DWORD PTR SS:[ARG.4]
CALL 0040E6B0
PUSH EAX
CALL 0042E980

;
;
;
;
;

83C4 08
33C9
85C0
0F9CC1
0FB6D1
85D2
75 2A
8B45 14
50

ADD ESP,8
XOR ECX,ECX
TEST EAX,EAX
SETL CL
MOVZX EDX,CL
TEST EDX,EDX
JNE SHORT 00426766
MOV EAX,DWORD PTR SS:[ARG.4]
PUSH EAX

; /Arg4 =>

8B8D 40FEFFFF MOV ECX,DWORD PTR SS:[LOCAL.112]

/Arg2
|
|
|Arg1
\SystemIn

; |

00426746 |.
00426749 |.
0042674C |.
0042674D |.
0042674F |.
00426752 |.
[ARG.1]
00426753 |.
00426759 |.
fo.00429730
0042675E |.
00426761 \.
00426766 >
0042676B />
0042676E |.
00426774 |.
00426777 |.
0042677C |.
0042677D |.
00426783 |.
00426786 |.
0042678B |.
0042678C |.
fo.0042E980
00426791 |.
00426794 |.
00426796 |.
00426798 |.
0042679B |.
0042679E |.
004267A0 |.
004267A6 |.
004267A9 |.
004267AC |.
004267AF |.
004267B2 |.
004267B5 |.
004267BA |.
004267BD |.
004267C3 |.
004267C9 |.
004267CC |.
004267D1 |.
004267D2 |.
004267D5 |.
004267DA |.
004267DB |.
fo.0042E980
004267E0 |.
004267E3 |.
004267E5 |.
004267E7 |.
004267EA |.
004267ED |.
004267EF |.
004267F1 |.
004267F4 |.
004267FA |.
00426800 |.
00426803 |.

8B51 18
8B42 08
50
6A 00
8B4D 08
51

MOV EDX,DWORD PTR DS:[ECX+18]


MOV EAX,DWORD PTR DS:[EDX+8]
PUSH EAX
PUSH 0
MOV ECX,DWORD PTR SS:[ARG.1]
PUSH ECX

;
;
;
;
;
;

|
|
|Arg3
|Arg2 = 0
|
|Arg1 =>

8B8D 40FEFFFF MOV ECX,DWORD PTR SS:[LOCAL.112]


E8 D22F0000 CALL 00429730

; |
; \SystemIn

8B45 08
E9 2B060000
E9 65020000
8B55 10
8995 B4FEFFFF
8B4D 14
E8 347FFEFF
50
8B8D B4FEFFFF
83C1 0C
E8 257FFEFF
50
E8 EF810000

MOV EAX,DWORD
JMP 00426D91
JMP 004269D0
MOV EDX,DWORD
MOV DWORD PTR
MOV ECX,DWORD
CALL 0040E6B0
PUSH EAX
MOV ECX,DWORD
ADD ECX,0C
CALL 0040E6B0
PUSH EAX
CALL 0042E980

;
;
;
;
;
;

/Arg2
|
|
|
|Arg1
\SystemIn

83C4 08
33C9
85C0
0F9CC1
0FB6D1
85D2
0F85 C9000000
8B45 0C
8945 F8
8B4D 10
894D FC
8D4D F8
E8 46560000
8B55 FC
8995 B0FEFFFF
8B8D B0FEFFFF
83C1 0C
E8 DF7EFEFF
50
8B4D 14
E8 D67EFEFF
50
E8 A0810000

ADD ESP,8
XOR ECX,ECX
TEST EAX,EAX
SETL CL
MOVZX EDX,CL
TEST EDX,EDX
JNE 0042686F
MOV EAX,DWORD PTR SS:[ARG.2]
MOV DWORD PTR SS:[LOCAL.2],EAX
MOV ECX,DWORD PTR SS:[ARG.3]
MOV DWORD PTR SS:[LOCAL.1],ECX
LEA ECX,[LOCAL.2]
CALL 0042BE00
MOV EDX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR SS:[LOCAL.84],EDX
MOV ECX,DWORD PTR SS:[LOCAL.84]
ADD ECX,0C
CALL 0040E6B0
PUSH EAX
MOV ECX,DWORD PTR SS:[ARG.4]
CALL 0040E6B0
PUSH EAX
CALL 0042E980

;
;
;
;
;

/Arg2
|
|
|Arg1
\SystemIn

83C4 08
33C9
85C0
0F9CC1
0FB6D1
85D2
75 7E
8B45 FC
8985 ACFEFFFF
8B8D ACFEFFFF
8B51 08
0FBE82 D50000

ADD ESP,8
XOR ECX,ECX
TEST EAX,EAX
SETL CL
MOVZX EDX,CL
TEST EDX,EDX
JNE SHORT 0042686F
MOV EAX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR SS:[LOCAL.85],EAX
MOV ECX,DWORD PTR SS:[LOCAL.85]
MOV EDX,DWORD PTR DS:[ECX+8]
MOVSX EAX,BYTE PTR DS:[EDX+0D5]

PTR SS:[ARG.1]
PTR SS:[ARG.3]
SS:[LOCAL.83],EDX
PTR SS:[ARG.4]
PTR SS:[LOCAL.83]

0042680A |.
0042680C |.
0042680E |.
00426811 |.
00426817 |.
0042681A |.
[ARG.4]
0042681B |.
00426821 |.
[ARG.3]
00426822 |.
00426824 |.
00426827 |.
[ARG.1]
00426828 |.
0042682E |.
fo.00429730
00426833 |.
00426836 |.
0042683B |.
0042683D |>
00426840 |.
00426846 |.
00426849 |.
[ARG.4]
0042684A |.
00426850 |.
[ARG.3]
00426851 |.
00426853 |.
00426856 |.
[ARG.1]
00426857 |.
0042685D |.
fo.00429730
00426862 |.
00426865 \.
0042686A >
0042686F />
00426872 |.
00426878 |.
0042687E |.
00426881 |.
00426886 |.
00426887 |.
0042688A |.
0042688F |.
00426890 |.
fo.0042E980
00426895 |.
00426898 |.
0042689A |.
0042689C |.
0042689F |.
004268A2 |.
004268A4 |.
004268AA |.
004268AD |.
004268B0 |.
004268B3 |.

85C0
74 2F
8B4D FC
898D A8FEFFFF
8B55 14
52

TEST EAX,EAX
JE SHORT 0042683D
MOV ECX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR SS:[LOCAL.86],ECX
MOV EDX,DWORD PTR SS:[ARG.4]
PUSH EDX

; /Arg4 =>

8B85 A8FEFFFF MOV EAX,DWORD PTR SS:[LOCAL.86]


50
PUSH EAX

; |
; |Arg3 =>

6A 00
8B4D 08
51

; |Arg2 = 0
; |
; |Arg1 =>

PUSH 0
MOV ECX,DWORD PTR SS:[ARG.1]
PUSH ECX

8B8D 40FEFFFF MOV ECX,DWORD PTR SS:[LOCAL.112]


E8 FD2E0000 CALL 00429730

; |
; \SystemIn

8B45 08
E9 56050000
EB 2D
8B55 10
8995 A4FEFFFF
8B45 14
50

MOV EAX,DWORD PTR SS:[ARG.1]


JMP 00426D91
JMP SHORT 0042686A
MOV EDX,DWORD PTR SS:[ARG.3]
MOV DWORD PTR SS:[LOCAL.87],EDX
MOV EAX,DWORD PTR SS:[ARG.4]
PUSH EAX

; /Arg4 =>

8B8D A4FEFFFF MOV ECX,DWORD PTR SS:[LOCAL.87]


51
PUSH ECX

; |
; |Arg3 =>

6A 01
8B55 08
52

; |Arg2 = 1
; |
; |Arg1 =>

PUSH 1
MOV EDX,DWORD PTR SS:[ARG.1]
PUSH EDX

8B8D 40FEFFFF MOV ECX,DWORD PTR SS:[LOCAL.112]


E8 CE2E0000 CALL 00429730

; |
; \SystemIn

8B45 08
E9 27050000
E9 61010000
8B45 10
8985 A0FEFFFF
8B8D A0FEFFFF
83C1 0C
E8 2A7EFEFF
50
8B4D 14
E8 217EFEFF
50
E8 EB800000

MOV EAX,DWORD
JMP 00426D91
JMP 004269D0
MOV EAX,DWORD
MOV DWORD PTR
MOV ECX,DWORD
ADD ECX,0C
CALL 0040E6B0
PUSH EAX
MOV ECX,DWORD
CALL 0040E6B0
PUSH EAX
CALL 0042E980

;
;
;
;
;

83C4 08
33C9
85C0
0F9CC1
0FB6D1
85D2
0F85 26010000
8B45 0C
8945 F8
8B4D 10
894D FC

ADD ESP,8
XOR ECX,ECX
TEST EAX,EAX
SETL CL
MOVZX EDX,CL
TEST EDX,EDX
JNE 004269D0
MOV EAX,DWORD
MOV DWORD PTR
MOV ECX,DWORD
MOV DWORD PTR

PTR SS:[ARG.1]
PTR SS:[ARG.3]
SS:[LOCAL.88],EAX
PTR SS:[LOCAL.88]

PTR SS:[ARG.4]

PTR SS:[ARG.2]
SS:[LOCAL.2],EAX
PTR SS:[ARG.3]
SS:[LOCAL.1],ECX

/Arg2
|
|
|Arg1
\SystemIn

004268B6 |.
004268BC |.
004268BF |.
004268C5 |.
004268CB |.
ARG.ECX
004268CC |.
004268D2 |.
[ARG.ECX+18]
004268D3 |.
004268D6 |.
fo.004290F0
004268DB |.
004268DE |.
fo.004271E0
004268E3 |.
004268E5 |.
004268E9 |.
004268EC |.
004268EF |.
004268F1 |.
004268F3 |.
004268F6 |.
004268F8 |.
004268FB |.
004268FE |.
00426901 |.
00426903 |.
00426905 |>
0042690A |>
0042690C |.^
0042690E |.
00426911 |.
00426913 |.
00426916 |.
00426919 |.
0042691C |.
0042691E |.
00426920 |.
00426923 |.
00426929 |.
0042692C |.
00426931 |.
00426932 |.
00426938 |.
0042693B |.
00426940 |.
00426941 |.
fo.0042E980
00426946 |.
00426949 |.
0042694B |.
0042694D |.
00426950 |.
00426953 |.
00426955 |.
00426957 |>
0042695A |.
00426960 |.
00426966 |.

8B95
8B42
8985
8B8D
51

40FEFFFF
18
9CFEFFFF
40FEFFFF

MOV EDX,DWORD
MOV EAX,DWORD
MOV DWORD PTR
MOV ECX,DWORD
PUSH ECX

PTR SS:[LOCAL.112]
PTR DS:[EDX+18]
SS:[LOCAL.89],EAX
PTR SS:[LOCAL.112]
; /Arg2 =>

8B95 9CFEFFFF MOV EDX,DWORD PTR SS:[LOCAL.89]


52
PUSH EDX

; |
; |Arg1 =>

8D4D E0
E8 15280000

LEA ECX,[LOCAL.8]
CALL 004290F0

; |
; \SystemIn

8D4D F8
E8 FD080000

LEA ECX,[LOCAL.2]
CALL 004271E0

; [SystemIn

33C0
837D F8 00
0F95C0
0FB6C8
85C9
74 12
8B55 F8
33C0
3B55 E0
0F94C0
0FB6C8
85C9
75 05
E8 7E7F0000
33D2
75 FC
8B45 FC
33C9
3B45 E4
0F94C1
0FB6D1
85D2
75 37
8B45 FC
8985 98FEFFFF
8B4D 14
E8 7F7DFEFF
50
8B8D 98FEFFFF
83C1 0C
E8 707DFEFF
50
E8 3A800000

XOR EAX,EAX
CMP DWORD PTR SS:[LOCAL.2],0
SETNE AL
MOVZX ECX,AL
TEST ECX,ECX
JE SHORT 00426905
MOV EDX,DWORD PTR SS:[LOCAL.2]
XOR EAX,EAX
CMP EDX,DWORD PTR SS:[LOCAL.8]
SETE AL
MOVZX ECX,AL
TEST ECX,ECX
JNE SHORT 0042690A
CALL 0042E888
/XOR EDX,EDX
\JNE SHORT 0042690A
MOV EAX,DWORD PTR SS:[LOCAL.1]
XOR ECX,ECX
CMP EAX,DWORD PTR SS:[LOCAL.7]
SETE CL
MOVZX EDX,CL
TEST EDX,EDX
JNE SHORT 00426957
MOV EAX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR SS:[LOCAL.90],EAX
MOV ECX,DWORD PTR SS:[ARG.4]
CALL 0040E6B0
PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.90]
ADD ECX,0C
CALL 0040E6B0
PUSH EAX
CALL 0042E980

;
;
;
;
;
;

83C4 08
33C9
85C0
0F9CC1
0FB6D1
85D2
75 79
8B45 10
8985 94FEFFFF
8B8D 94FEFFFF
8B51 08

ADD ESP,8
XOR ECX,ECX
TEST EAX,EAX
SETL CL
MOVZX EDX,CL
TEST EDX,EDX
JNE SHORT 004269D0
MOV EAX,DWORD PTR SS:[ARG.3]
MOV DWORD PTR SS:[LOCAL.91],EAX
MOV ECX,DWORD PTR SS:[LOCAL.91]
MOV EDX,DWORD PTR DS:[ECX+8]

/Arg2
|
|
|
|Arg1
\SystemIn

00426969 |. 0FBE82 D50000


00426970 |. 85C0
00426972 |. 74 2F
00426974 |. 8B4D 10
00426977 |. 898D 90FEFFFF
0042697D |. 8B55 14
00426980 |. 52
[ARG.4]
00426981 |. 8B85 90FEFFFF
00426987 |. 50
[ARG.3]
00426988 |. 6A 00
0042698A |. 8B4D 08
0042698D |. 51
[ARG.1]
0042698E |. 8B8D 40FEFFFF
00426994 |. E8 972D0000
fo.00429730
00426999 |. 8B45 08
0042699C |. E9 F0030000
004269A1 |. EB 2D
004269A3 |> 8B55 FC
004269A6 |. 8995 8CFEFFFF
004269AC |. 8B45 14
004269AF |. 50
[ARG.4]
004269B0 |. 8B8D 8CFEFFFF
004269B6 |. 51
[ARG.3]
004269B7 |. 6A 01
004269B9 |. 8B55 08
004269BC |. 52
[ARG.1]
004269BD |. 8B8D 40FEFFFF
004269C3 |. E8 682D0000
fo.00429730
004269C8 |. 8B45 08
004269CB \. E9 C1030000
004269D0 > E9 99030000
004269D5 /> 8B85 40FEFFFF
004269DB |. 8B48 18
004269DE |. 898D 88FEFFFF
004269E4 |. 8B95 88FEFFFF
004269EA |. 8B02
004269EC |. 8985 84FEFFFF
004269F2 |. 8B8D 40FEFFFF
004269F8 |. 51
ARG.ECX
004269F9 |. 8B95 84FEFFFF
004269FF |. 52
[LOCAL.95]
00426A00 |. 8D4D D8
00426A03 |. E8 E8260000
fo.004290F0
00426A08 |. 8D45 D8
00426A0B |. 50
OFFSET LOCAL.10
00426A0C |. 8D4D 0C
00426A0F |. E8 4C03FEFF
fo.00406D60

MOVSX EAX,BYTE PTR DS:[EDX+0D5]


TEST EAX,EAX
JE SHORT 004269A3
MOV ECX,DWORD PTR SS:[ARG.3]
MOV DWORD PTR SS:[LOCAL.92],ECX
MOV EDX,DWORD PTR SS:[ARG.4]
PUSH EDX

; /Arg4 =>

MOV EAX,DWORD PTR SS:[LOCAL.92]


PUSH EAX

; |
; |Arg3 =>

PUSH 0
MOV ECX,DWORD PTR SS:[ARG.1]
PUSH ECX

; |Arg2 = 0
; |
; |Arg1 =>

MOV ECX,DWORD PTR SS:[LOCAL.112]


CALL 00429730

; |
; \SystemIn

MOV EAX,DWORD PTR SS:[ARG.1]


JMP 00426D91
JMP SHORT 004269D0
MOV EDX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR SS:[LOCAL.93],EDX
MOV EAX,DWORD PTR SS:[ARG.4]
PUSH EAX

; /Arg4 =>

MOV ECX,DWORD PTR SS:[LOCAL.93]


PUSH ECX

; |
; |Arg3 =>

PUSH 1
MOV EDX,DWORD PTR SS:[ARG.1]
PUSH EDX

; |Arg2 = 1
; |
; |Arg1 =>

MOV ECX,DWORD PTR SS:[LOCAL.112]


CALL 00429730

; |
; \SystemIn

MOV EAX,DWORD
JMP 00426D91
JMP 00426D6E
MOV EAX,DWORD
MOV ECX,DWORD
MOV DWORD PTR
MOV EDX,DWORD
MOV EAX,DWORD
MOV DWORD PTR
MOV ECX,DWORD
PUSH ECX

; /Arg2 =>

PTR SS:[ARG.1]
PTR SS:[LOCAL.112]
PTR DS:[EAX+18]
SS:[LOCAL.94],ECX
PTR SS:[LOCAL.94]
PTR DS:[EDX]
SS:[LOCAL.95],EAX
PTR SS:[LOCAL.112]

MOV EDX,DWORD PTR SS:[LOCAL.95]


PUSH EDX

; |
; |Arg1 =>

LEA ECX,[LOCAL.10]
CALL 004290F0

; |
; \SystemIn

LEA EAX,[LOCAL.10]
PUSH EAX

; /Arg1 =>

LEA ECX,[ARG.2]
CALL 00406D60

; |
; \SystemIn

00426A14 |. 0FB6C8
00426A17 |. 85C9
00426A19 |. 74 69
00426A1B |. 8B55 10
00426A1E |. 8995 80FEFFFF
00426A24 |. 8B8D 80FEFFFF
00426A2A |. 83C1 0C
00426A2D |. E8 7E7CFEFF
00426A32 |. 50
00426A33 |. 8B4D 14
00426A36 |. E8 757CFEFF
00426A3B |. 50
00426A3C |. E8 3F7F0000
fo.0042E980
00426A41 |. 83C4 08
00426A44 |. 33C9
00426A46 |. 85C0
00426A48 |. 0F9CC1
00426A4B |. 0FB6D1
00426A4E |. 85D2
00426A50 |. 74 2D
00426A52 |. 8B45 10
00426A55 |. 8985 7CFEFFFF
00426A5B |. 8B4D 14
00426A5E |. 51
[ARG.4]
00426A5F |. 8B95 7CFEFFFF
00426A65 |. 52
[ARG.3]
00426A66 |. 6A 01
00426A68 |. 8B45 08
00426A6B |. 50
[ARG.1]
00426A6C |. 8B8D 40FEFFFF
00426A72 |. E8 B92C0000
fo.00429730
00426A77 |. 8B45 08
00426A7A \. E9 12030000
00426A7F > E9 EA020000
00426A84 /> 8B8D 40FEFFFF
00426A8A |. 8B51 18
00426A8D |. 8995 78FEFFFF
00426A93 |. 8B85 40FEFFFF
00426A99 |. 50
ARG.ECX
00426A9A |. 8B8D 78FEFFFF
00426AA0 |. 51
[ARG.ECX+18]
00426AA1 |. 8D4D D0
00426AA4 |. E8 47260000
fo.004290F0
00426AA9 |. 8D55 D0
00426AAC |. 52
OFFSET LOCAL.12
00426AAD |. 8D4D 0C
00426AB0 |. E8 AB02FEFF
fo.00406D60
00426AB5 |. 0FB6C0
00426AB8 |. 85C0
00426ABA |. 74 7D

MOVZX ECX,AL
TEST ECX,ECX
JE SHORT 00426A84
MOV EDX,DWORD PTR SS:[ARG.3]
MOV DWORD PTR SS:[LOCAL.96],EDX
MOV ECX,DWORD PTR SS:[LOCAL.96]
ADD ECX,0C
CALL 0040E6B0
PUSH EAX
MOV ECX,DWORD PTR SS:[ARG.4]
CALL 0040E6B0
PUSH EAX
CALL 0042E980

;
;
;
;
;

ADD ESP,8
XOR ECX,ECX
TEST EAX,EAX
SETL CL
MOVZX EDX,CL
TEST EDX,EDX
JE SHORT 00426A7F
MOV EAX,DWORD PTR SS:[ARG.3]
MOV DWORD PTR SS:[LOCAL.97],EAX
MOV ECX,DWORD PTR SS:[ARG.4]
PUSH ECX

; /Arg4 =>

MOV EDX,DWORD PTR SS:[LOCAL.97]


PUSH EDX

; |
; |Arg3 =>

PUSH 1
MOV EAX,DWORD PTR SS:[ARG.1]
PUSH EAX

; |Arg2 = 1
; |
; |Arg1 =>

MOV ECX,DWORD PTR SS:[LOCAL.112]


CALL 00429730

; |
; \SystemIn

MOV EAX,DWORD
JMP 00426D91
JMP 00426D6E
MOV ECX,DWORD
MOV EDX,DWORD
MOV DWORD PTR
MOV EAX,DWORD
PUSH EAX

; /Arg2 =>

/Arg2
|
|
|Arg1
\SystemIn

PTR SS:[ARG.1]
PTR SS:[LOCAL.112]
PTR DS:[ECX+18]
SS:[LOCAL.98],EDX
PTR SS:[LOCAL.112]

MOV ECX,DWORD PTR SS:[LOCAL.98]


PUSH ECX

; |
; |Arg1 =>

LEA ECX,[LOCAL.12]
CALL 004290F0

; |
; \SystemIn

LEA EDX,[LOCAL.12]
PUSH EDX

; /Arg1 =>

LEA ECX,[ARG.2]
CALL 00406D60

; |
; \SystemIn

MOVZX EAX,AL
TEST EAX,EAX
JE SHORT 00426B39

00426ABC |.
00426AC2 |.
00426AC5 |.
00426AC8 |.
00426ACE |.
00426AD4 |.
00426AD6 |.
00426AD9 |.
00426ADF |.
00426AE2 |.
00426AE7 |.
00426AE8 |.
00426AEE |.
00426AF3 |.
00426AF4 |.
fo.0042E980
00426AF9 |.
00426AFC |.
00426AFE |.
00426B00 |.
00426B03 |.
00426B06 |.
00426B08 |.
00426B0A |.
00426B0D |.
[ARG.4]
00426B0E |.
00426B14 |.
00426B17 |.
00426B1A |.
00426B1B |.
00426B1D |.
00426B20 |.
[ARG.1]
00426B21 |.
00426B27 |.
fo.00429730
00426B2C |.
00426B2F \.
00426B34 >
00426B39 />
00426B3C |.
00426B42 |.
00426B48 |.
00426B4B |.
00426B50 |.
00426B51 |.
00426B54 |.
00426B59 |.
00426B5A |.
fo.0042E980
00426B5F |.
00426B62 |.
00426B64 |.
00426B66 |.
00426B69 |.
00426B6C |.
00426B6E |.
00426B74 |.
00426B77 |.

8B8D 40FEFFFF
8B51 18
83C2 08
8995 74FEFFFF
8B85 74FEFFFF
8B08
83C1 0C
898D 70FEFFFF
8B4D 14
E8 C97BFEFF
50
8B8D 70FEFFFF
E8 BD7BFEFF
50
E8 877E0000

MOV ECX,DWORD
MOV EDX,DWORD
ADD EDX,8
MOV DWORD PTR
MOV EAX,DWORD
MOV ECX,DWORD
ADD ECX,0C
MOV DWORD PTR
MOV ECX,DWORD
CALL 0040E6B0
PUSH EAX
MOV ECX,DWORD
CALL 0040E6B0
PUSH EAX
CALL 0042E980

PTR SS:[LOCAL.112]
PTR DS:[ECX+18]

83C4 08
33D2
85C0
0F9CC2
0FB6C2
85C0
74 2A
8B4D 14
51

ADD ESP,8
XOR EDX,EDX
TEST EAX,EAX
SETL DL
MOVZX EAX,DL
TEST EAX,EAX
JE SHORT 00426B34
MOV ECX,DWORD PTR SS:[ARG.4]
PUSH ECX

; /Arg4 =>

8B95 40FEFFFF
8B42 18
8B48 08
51
6A 00
8B55 08
52

MOV EDX,DWORD
MOV EAX,DWORD
MOV ECX,DWORD
PUSH ECX
PUSH 0
MOV EDX,DWORD
PUSH EDX

;
;
;
;
;
;
;

SS:[LOCAL.99],EDX
PTR SS:[LOCAL.99]
PTR DS:[EAX]
SS:[LOCAL.100],ECX
PTR SS:[ARG.4]
PTR SS:[LOCAL.100]

PTR SS:[LOCAL.112]
PTR DS:[EDX+18]
PTR DS:[EAX+8]
PTR SS:[ARG.1]

;
;
;
;
;

/Arg2
|
|
|Arg1
\SystemIn

|
|
|
|Arg3
|Arg2 = 0
|
|Arg1 =>

8B8D 40FEFFFF MOV ECX,DWORD PTR SS:[LOCAL.112]


E8 042C0000 CALL 00429730

; |
; \SystemIn

8B45 08
E9 5D020000
E9 35020000
8B45 10
8985 6CFEFFFF
8B8D 6CFEFFFF
83C1 0C
E8 607BFEFF
50
8B4D 14
E8 577BFEFF
50
E8 217E0000

MOV EAX,DWORD
JMP 00426D91
JMP 00426D6E
MOV EAX,DWORD
MOV DWORD PTR
MOV ECX,DWORD
ADD ECX,0C
CALL 0040E6B0
PUSH EAX
MOV ECX,DWORD
CALL 0040E6B0
PUSH EAX
CALL 0042E980

;
;
;
;
;

83C4 08
33C9
85C0
0F9CC1
0FB6D1
85D2
0F84 C9000000
8B45 0C
8945 F8

ADD ESP,8
XOR ECX,ECX
TEST EAX,EAX
SETL CL
MOVZX EDX,CL
TEST EDX,EDX
JE 00426C3D
MOV EAX,DWORD PTR SS:[ARG.2]
MOV DWORD PTR SS:[LOCAL.2],EAX

PTR SS:[ARG.1]
PTR SS:[ARG.3]
SS:[LOCAL.101],EAX
PTR SS:[LOCAL.101]

PTR SS:[ARG.4]

/Arg2
|
|
|Arg1
\SystemIn

00426B7A |.
00426B7D |.
00426B80 |.
00426B83 |.
00426B88 |.
00426B8B |.
00426B91 |.
00426B94 |.
00426B99 |.
00426B9A |.
00426BA0 |.
00426BA3 |.
00426BA8 |.
00426BA9 |.
fo.0042E980
00426BAE |.
00426BB1 |.
00426BB3 |.
00426BB5 |.
00426BB8 |.
00426BBB |.
00426BBD |.
00426BBF |.
00426BC2 |.
00426BC8 |.
00426BCE |.
00426BD1 |.
00426BD8 |.
00426BDA |.
00426BDC |.
00426BDF |.
00426BE5 |.
00426BE8 |.
[ARG.4]
00426BE9 |.
00426BEF |.
[ARG.3]
00426BF0 |.
00426BF2 |.
00426BF5 |.
[ARG.1]
00426BF6 |.
00426BFC |.
fo.00429730
00426C01 |.
00426C04 |.
00426C09 |.
00426C0B |>
00426C0E |.
00426C14 |.
00426C17 |.
[ARG.4]
00426C18 |.
00426C1E |.
[ARG.3]
00426C1F |.
00426C21 |.
00426C24 |.
[ARG.1]
00426C25 |.

8B4D 10
894D FC
8D4D F8
E8 78520000
8B55 FC
8995 68FEFFFF
8B4D 14
E8 177BFEFF
50
8B8D 68FEFFFF
83C1 0C
E8 087BFEFF
50
E8 D27D0000

MOV ECX,DWORD PTR SS:[ARG.3]


MOV DWORD PTR SS:[LOCAL.1],ECX
LEA ECX,[LOCAL.2]
CALL 0042BE00
MOV EDX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR SS:[LOCAL.102],EDX
MOV ECX,DWORD PTR SS:[ARG.4]
CALL 0040E6B0
PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.102]
ADD ECX,0C
CALL 0040E6B0
PUSH EAX
CALL 0042E980

;
;
;
;
;
;

83C4 08
33C9
85C0
0F9CC1
0FB6D1
85D2
74 7E
8B45 FC
8985 64FEFFFF
8B8D 64FEFFFF
8B51 08
0FBE82 D50000
85C0
74 2F
8B4D FC
898D 60FEFFFF
8B55 14
52

ADD ESP,8
XOR ECX,ECX
TEST EAX,EAX
SETL CL
MOVZX EDX,CL
TEST EDX,EDX
JE SHORT 00426C3D
MOV EAX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR SS:[LOCAL.103],EAX
MOV ECX,DWORD PTR SS:[LOCAL.103]
MOV EDX,DWORD PTR DS:[ECX+8]
MOVSX EAX,BYTE PTR DS:[EDX+0D5]
TEST EAX,EAX
JE SHORT 00426C0B
MOV ECX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR SS:[LOCAL.104],ECX
MOV EDX,DWORD PTR SS:[ARG.4]
PUSH EDX

; /Arg4 =>

8B85 60FEFFFF MOV EAX,DWORD PTR SS:[LOCAL.104]


50
PUSH EAX

; |
; |Arg3 =>

6A 00
8B4D 08
51

; |Arg2 = 0
; |
; |Arg1 =>

PUSH 0
MOV ECX,DWORD PTR SS:[ARG.1]
PUSH ECX

/Arg2
|
|
|
|Arg1
\SystemIn

8B8D 40FEFFFF MOV ECX,DWORD PTR SS:[LOCAL.112]


E8 2F2B0000 CALL 00429730

; |
; \SystemIn

8B45 08
E9 88010000
EB 2D
8B55 10
8995 5CFEFFFF
8B45 14
50

MOV EAX,DWORD PTR SS:[ARG.1]


JMP 00426D91
JMP SHORT 00426C38
MOV EDX,DWORD PTR SS:[ARG.3]
MOV DWORD PTR SS:[LOCAL.105],EDX
MOV EAX,DWORD PTR SS:[ARG.4]
PUSH EAX

; /Arg4 =>

8B8D 5CFEFFFF MOV ECX,DWORD PTR SS:[LOCAL.105]


51
PUSH ECX

; |
; |Arg3 =>

6A 01
8B55 08
52

; |Arg2 = 1
; |
; |Arg1 =>

PUSH 1
MOV EDX,DWORD PTR SS:[ARG.1]
PUSH EDX

8B8D 40FEFFFF MOV ECX,DWORD PTR SS:[LOCAL.112]

; |

00426C2B |. E8 002B0000
fo.00429730
00426C30 |. 8B45 08
00426C33 \. E9 59010000
00426C38 > E9 31010000
00426C3D /> 8B45 10
00426C40 |. 8985 58FEFFFF
00426C46 |. 8B4D 14
00426C49 |. E8 627AFEFF
00426C4E |. 50
00426C4F |. 8B8D 58FEFFFF
00426C55 |. 83C1 0C
00426C58 |. E8 537AFEFF
00426C5D |. 50
00426C5E |. E8 1D7D0000
fo.0042E980
00426C63 |. 83C4 08
00426C66 |. 33C9
00426C68 |. 85C0
00426C6A |. 0F9CC1
00426C6D |. 0FB6D1
00426C70 |. 85D2
00426C72 |. 0F84 F6000000
00426C78 |. 8B45 0C
00426C7B |. 8945 F8
00426C7E |. 8B4D 10
00426C81 |. 894D FC
00426C84 |. 8B95 40FEFFFF
00426C8A |. 8B42 18
00426C8D |. 8985 54FEFFFF
00426C93 |. 8B8D 40FEFFFF
00426C99 |. 51
ARG.ECX
00426C9A |. 8B95 54FEFFFF
00426CA0 |. 52
[ARG.ECX+18]
00426CA1 |. 8D4D C8
00426CA4 |. E8 47240000
fo.004290F0
00426CA9 |. 8D4D F8
00426CAC |. E8 2F050000
fo.004271E0
00426CB1 |. 8D45 C8
00426CB4 |. 50
OFFSET LOCAL.14
00426CB5 |. 8D4D F8
00426CB8 |. E8 A300FEFF
fo.00406D60
00426CBD |. 0FB6C8
00426CC0 |. 85C9
00426CC2 |. 75 37
00426CC4 |. 8B55 FC
00426CC7 |. 8995 50FEFFFF
00426CCD |. 8B8D 50FEFFFF
00426CD3 |. 83C1 0C
00426CD6 |. E8 D579FEFF
00426CDB |. 50
00426CDC |. 8B4D 14
00426CDF |. E8 CC79FEFF
00426CE4 |. 50

CALL 00429730
MOV EAX,DWORD
JMP 00426D91
JMP 00426D6E
MOV EAX,DWORD
MOV DWORD PTR
MOV ECX,DWORD
CALL 0040E6B0
PUSH EAX
MOV ECX,DWORD
ADD ECX,0C
CALL 0040E6B0
PUSH EAX
CALL 0042E980
ADD ESP,8
XOR ECX,ECX
TEST EAX,EAX
SETL CL
MOVZX EDX,CL
TEST EDX,EDX
JE 00426D6E
MOV EAX,DWORD
MOV DWORD PTR
MOV ECX,DWORD
MOV DWORD PTR
MOV EDX,DWORD
MOV EAX,DWORD
MOV DWORD PTR
MOV ECX,DWORD
PUSH ECX

; \SystemIn
PTR SS:[ARG.1]
PTR SS:[ARG.3]
SS:[LOCAL.106],EAX
PTR SS:[ARG.4]
PTR SS:[LOCAL.106]

;
;
;
;
;
;

/Arg2
|
|
|
|Arg1
\SystemIn

PTR SS:[ARG.2]
SS:[LOCAL.2],EAX
PTR SS:[ARG.3]
SS:[LOCAL.1],ECX
PTR SS:[LOCAL.112]
PTR DS:[EDX+18]
SS:[LOCAL.107],EAX
PTR SS:[LOCAL.112]
; /Arg2 =>

MOV EDX,DWORD PTR SS:[LOCAL.107]


PUSH EDX

; |
; |Arg1 =>

LEA ECX,[LOCAL.14]
CALL 004290F0

; |
; \SystemIn

LEA ECX,[LOCAL.2]
CALL 004271E0

; [SystemIn

LEA EAX,[LOCAL.14]
PUSH EAX

; /Arg1 =>

LEA ECX,[LOCAL.2]
CALL 00406D60

; |
; \SystemIn

MOVZX ECX,AL
TEST ECX,ECX
JNE SHORT 00426CFB
MOV EDX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR SS:[LOCAL.108],EDX
MOV ECX,DWORD PTR SS:[LOCAL.108]
ADD ECX,0C
CALL 0040E6B0
PUSH EAX
MOV ECX,DWORD PTR SS:[ARG.4]
CALL 0040E6B0
PUSH EAX

;
;
;
;

/Arg2
|
|
|Arg1

00426CE5 |.
fo.0042E980
00426CEA |.
00426CED |.
00426CEF |.
00426CF1 |.
00426CF4 |.
00426CF7 |.
00426CF9 |.
00426CFB |>
00426CFE |.
00426D04 |.
00426D0A |.
00426D0D |.
00426D14 |.
00426D16 |.
00426D18 |.
00426D1B |.
00426D21 |.
00426D24 |.
[ARG.4]
00426D25 |.
00426D2B |.
[ARG.3]
00426D2C |.
00426D2E |.
00426D31 |.
[ARG.1]
00426D32 |.
00426D38 |.
fo.00429730
00426D3D |.
00426D40 |.
00426D42 |.
00426D44 |>
00426D47 |.
00426D4D |.
00426D50 |.
[ARG.4]
00426D51 |.
00426D57 |.
[ARG.3]
00426D58 |.
00426D5A |.
00426D5D |.
[ARG.1]
00426D5E |.
00426D64 |.
fo.00429730
00426D69 |.
00426D6C |.
00426D6E |>
00426D71 |.
00426D72 |.
00426D75 |.
00426D76 |.
00426D7C |.
fo.00429200
00426D81 |.
00426D83 |.

E8 967C0000

CALL 0042E980

; \SystemIn

83C4 08
33C9
85C0
0F9CC1
0FB6D1
85D2
74 73
8B45 10
8985 4CFEFFFF
8B8D 4CFEFFFF
8B51 08
0FBE82 D50000
85C0
74 2C
8B4D 10
898D 48FEFFFF
8B55 14
52

ADD ESP,8
XOR ECX,ECX
TEST EAX,EAX
SETL CL
MOVZX EDX,CL
TEST EDX,EDX
JE SHORT 00426D6E
MOV EAX,DWORD PTR SS:[ARG.3]
MOV DWORD PTR SS:[LOCAL.109],EAX
MOV ECX,DWORD PTR SS:[LOCAL.109]
MOV EDX,DWORD PTR DS:[ECX+8]
MOVSX EAX,BYTE PTR DS:[EDX+0D5]
TEST EAX,EAX
JE SHORT 00426D44
MOV ECX,DWORD PTR SS:[ARG.3]
MOV DWORD PTR SS:[LOCAL.110],ECX
MOV EDX,DWORD PTR SS:[ARG.4]
PUSH EDX

; /Arg4 =>

8B85 48FEFFFF MOV EAX,DWORD PTR SS:[LOCAL.110]


50
PUSH EAX

; |
; |Arg3 =>

6A 00
8B4D 08
51

; |Arg2 = 0
; |
; |Arg1 =>

PUSH 0
MOV ECX,DWORD PTR SS:[ARG.1]
PUSH ECX

8B8D 40FEFFFF MOV ECX,DWORD PTR SS:[LOCAL.112]


E8 F3290000 CALL 00429730

; |
; \SystemIn

8B45 08
EB 4F
EB 2A
8B55 FC
8995 44FEFFFF
8B45 14
50

MOV EAX,DWORD PTR SS:[ARG.1]


JMP SHORT 00426D91
JMP SHORT 00426D6E
MOV EDX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR SS:[LOCAL.111],EDX
MOV EAX,DWORD PTR SS:[ARG.4]
PUSH EAX

; /Arg4 =>

8B8D 44FEFFFF MOV ECX,DWORD PTR SS:[LOCAL.111]


51
PUSH ECX

; |
; |Arg3 =>

6A 01
8B55 08
52

; |Arg2 = 1
; |
; |Arg1 =>

PUSH 1
MOV EDX,DWORD PTR SS:[ARG.1]
PUSH EDX

8B8D 40FEFFFF MOV ECX,DWORD PTR SS:[LOCAL.112]


E8 C7290000 CALL 00429730

; |
; \SystemIn

8B45 08
EB 23
8B45 14
50
8D4D BC
51
8B8D 40FEFFFF
E8 7F240000

MOV EAX,DWORD PTR SS:[ARG.1]


JMP SHORT 00426D91
MOV EAX,DWORD PTR SS:[EBP+14]
PUSH EAX
LEA ECX,[EBP-44]
PUSH ECX
MOV ECX,DWORD PTR SS:[EBP-1C0]
CALL 00429200

;
;
;
;
;

8B10
8B40 04

MOV EDX,DWORD PTR DS:[EAX]


MOV EAX,DWORD PTR DS:[EAX+4]

/Arg2
|
|Arg1
|
\SystemIn

00426D86 |. 8B4D 08
MOV ECX,DWORD PTR SS:[EBP+8]
00426D89 |. 8911
MOV DWORD PTR DS:[ECX],EDX
00426D8B |. 8941 04
MOV DWORD PTR DS:[ECX+4],EAX
00426D8E |. 8B45 08
MOV EAX,DWORD PTR SS:[EBP+8]
00426D91 |> 8BE5
MOV ESP,EBP
00426D93 |. 5D
POP EBP
00426D94 \. C2 1000
RETN 10
00426D97
CC
INT3
00426D98
CC
INT3
00426D99
CC
INT3
00426D9A
CC
INT3
00426D9B
CC
INT3
00426D9C
CC
INT3
00426D9D
CC
INT3
00426D9E
CC
INT3
00426D9F
CC
INT3
00426DA0 /> 55
PUSH EBP
00426DA1 |. 8BEC
MOV EBP,ESP
00426DA3 |. 51
PUSH ECX
00426DA4 |. 894D FC
MOV DWORD PTR SS:[EBP-4],ECX
00426DA7 |. 8B45 FC
MOV EAX,DWORD PTR SS:[EBP-4]
00426DAA |. 8B48 FC
MOV ECX,DWORD PTR DS:[EAX-4]
00426DAD |. 8B51 04
MOV EDX,DWORD PTR DS:[ECX+4]
00426DB0 |. 8B45 FC
MOV EAX,DWORD PTR SS:[EBP-4]
00426DB3 |. C74410 FC 749 MOV DWORD PTR DS:[EDX+EAX-4],OFFSET 0044
00426DBB |. 8BE5
MOV ESP,EBP
00426DBD |. 5D
POP EBP
00426DBE \. C3
RETN
00426DBF
CC
INT3
00426DC0 /$ 55
PUSH EBP
o.00426DC0(guessed void)
00426DC1 |. 8BEC
MOV EBP,ESP
00426DC3 |. 51
PUSH ECX
00426DC4 |. 894D FC
MOV DWORD PTR SS:[EBP-4],ECX
00426DC7 |. 8B45 FC
MOV EAX,DWORD PTR SS:[EBP-4]
00426DCA |. C700 008A4400 MOV DWORD PTR DS:[EAX],OFFSET 00448A00
00426DD0 |. 8B4D FC
MOV ECX,DWORD PTR SS:[EBP-4]
00426DD3 |. C701 F8894400 MOV DWORD PTR DS:[ECX],OFFSET 004489F8
00426DD9 |. 8B55 FC
MOV EDX,DWORD PTR SS:[EBP-4]
00426DDC |. 52
PUSH EDX
00426DDD |. E8 E36F0000 CALL 0042DDC5
fo.0042DDC5
00426DE2 |. 83C4 04
ADD ESP,4
00426DE5 |. 8BE5
MOV ESP,EBP
00426DE7 |. 5D
POP EBP
00426DE8 \. C3
RETN
00426DE9
CC
INT3
00426DEA
CC
INT3
00426DEB
CC
INT3
00426DEC
CC
INT3
00426DED
CC
INT3
00426DEE
CC
INT3
00426DEF
CC
INT3
00426DF0 /$ 55
PUSH EBP
o.00426DF0(guessed Arg1,Arg2)
00426DF1 |. 8BEC
MOV EBP,ESP
00426DF3 |. 81EC 1C010000 SUB ESP,11C
00426DF9 |. 898D E8FEFFFF MOV DWORD PTR SS:[LOCAL.70],ECX
00426DFF |. 837D 08 00
CMP DWORD PTR SS:[ARG.1],0
00426E03 |. 74 58
JE SHORT 00426E5D

; SystemInf

; /Arg1
; \SystemIn

; SystemInf

00426E05 |. 8B85 E8FEFFFF


00426E0B |. 8B48 08
00426E0E |. 894D FC
00426E11 |. 8B55 FC
00426E14 |. 0B55 08
00426E17 |. 8995 ECFEFFFF
00426E1D |. 8B85 E8FEFFFF
00426E23 |. 8378 28 00
00426E27 |. 75 11
00426E29 |. 8B8D ECFEFFFF
00426E2F |. 83C9 04
00426E32 |. 898D E4FEFFFF
00426E38 |. EB 0C
00426E3A |> 8B95 ECFEFFFF
00426E40 |. 8995 E4FEFFFF
00426E46 |> 0FB645 0C
00426E4A |. 50
00426E4B |. 8B8D E4FEFFFF
00426E51 |. 51
[LOCAL.71]
00426E52 |. 8B8D E8FEFFFF
00426E58 |. E8 8315FEFF
fo.004083E0
00426E5D |> 8BE5
00426E5F |. 5D
00426E60 \. C2 0800
00426E63
CC
00426E64
CC
00426E65
CC
00426E66
CC
00426E67
CC
00426E68
CC
00426E69
CC
00426E6A
CC
00426E6B
CC
00426E6C
CC
00426E6D
CC
00426E6E
CC
00426E6F
CC
00426E70 /$ 55
o.00426E70(guessed void)
00426E71 |. 8BEC
00426E73 |. 81EC 90000000
00426E79 |. 898D 70FFFFFF
00426E7F |. 8B85 70FFFFFF
00426E85 |. 8B48 18
00426E88 |. 894D D4
00426E8B |. C745 F0 00000
00426E92 |. 8B55 D4
00426E95 |. 8955 F4
00426E98 |. 83BD 70FFFFFF
00426E9F |. 75 05
00426EA1 |. E8 E2790000
00426EA6 |> 33C0
00426EA8 |.^ 75 FC
00426EAA |. 8B8D 70FFFFFF
00426EB0 |. 8B11
00426EB2 |. 8955 F0
00426EB5 |. 8B45 F0
00426EB8 |. 8B4D F4

MOV EAX,DWORD PTR SS:[LOCAL.70]


MOV ECX,DWORD PTR DS:[EAX+8]
MOV DWORD PTR SS:[LOCAL.1],ECX
MOV EDX,DWORD PTR SS:[LOCAL.1]
OR EDX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR SS:[LOCAL.69],EDX
MOV EAX,DWORD PTR SS:[LOCAL.70]
CMP DWORD PTR DS:[EAX+28],0
JNE SHORT 00426E3A
MOV ECX,DWORD PTR SS:[LOCAL.69]
OR ECX,00000004
MOV DWORD PTR SS:[LOCAL.71],ECX
JMP SHORT 00426E46
MOV EDX,DWORD PTR SS:[LOCAL.69]
MOV DWORD PTR SS:[LOCAL.71],EDX
MOVZX EAX,BYTE PTR SS:[ARG.2]
PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.71]
PUSH ECX

; /Arg2
; |
; |Arg1 =>

MOV ECX,DWORD PTR SS:[LOCAL.70]


CALL 004083E0

; |
; \SystemIn

MOV ESP,EBP
POP EBP
RETN 8
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP

; SystemInf

MOV EBP,ESP
SUB ESP,90
MOV DWORD PTR SS:[LOCAL.36],ECX
MOV EAX,DWORD PTR SS:[LOCAL.36]
MOV ECX,DWORD PTR DS:[EAX+18]
MOV DWORD PTR SS:[LOCAL.11],ECX
MOV DWORD PTR SS:[LOCAL.4],0
MOV EDX,DWORD PTR SS:[LOCAL.11]
MOV DWORD PTR SS:[LOCAL.3],EDX
CMP DWORD PTR SS:[LOCAL.36],0
JNE SHORT 00426EA6
CALL 0042E888
/XOR EAX,EAX
\JNE SHORT 00426EA6
MOV ECX,DWORD PTR SS:[LOCAL.36]
MOV EDX,DWORD PTR DS:[ECX]
MOV DWORD PTR SS:[LOCAL.4],EDX
MOV EAX,DWORD PTR SS:[LOCAL.4]
MOV ECX,DWORD PTR SS:[LOCAL.3]

00426EBB |. 8945 F8
00426EBE |. 894D FC
00426EC1 |. 8B95 70FFFFFF
00426EC7 |. 8B42 18
00426ECA |. 8945 D0
00426ECD |. 8B4D D0
00426ED0 |. 8B11
00426ED2 |. 8955 CC
00426ED5 |. C745 E0 00000
00426EDC |. 8B45 CC
00426EDF |. 8945 E4
00426EE2 |. 83BD 70FFFFFF
00426EE9 |. 75 05
00426EEB |. E8 98790000
00426EF0 |> 33C9
00426EF2 |.^ 75 FC
00426EF4 |. 8B95 70FFFFFF
00426EFA |. 8B02
00426EFC |. 8945 E0
00426EFF |. 8B4D E0
00426F02 |. 8B55 E4
00426F05 |. 894D E8
00426F08 |. 8955 EC
00426F0B |. 8B45 FC
00426F0E |. 50
[ARG.ECX+18]
00426F0F |. 8B4D F8
00426F12 |. 51
[ARG.ECX]
00426F13 |. 8B55 EC
00426F16 |. 52
[LOCAL.13]
00426F17 |. 8B45 E8
00426F1A |. 50
[ARG.ECX]
00426F1B |. 8D4D D8
00426F1E |. 51
OFFSET LOCAL.10
00426F1F |. 8B8D 70FFFFFF
00426F25 |. E8 46250000
fo.00429470
00426F2A |. 8B95 70FFFFFF
00426F30 |. 8B42 18
00426F33 |. 8985 78FFFFFF
00426F39 |. 8B8D 70FFFFFF
00426F3F |. 8B51 18
00426F42 |. 8995 74FFFFFF
00426F48 |. 8B85 74FFFFFF
00426F4E |. 50
00426F4F |. E8 C6790000
00426F54 |. 83C4 04
00426F57 |. 8B8D 70FFFFFF
00426F5D |. C741 18 00000
00426F64 |. 8B95 70FFFFFF
00426F6A |. C742 1C 00000
00426F71 |. 8BE5
00426F73 |. 5D
00426F74 \. C3
00426F75
CC
00426F76
CC

MOV DWORD PTR SS:[LOCAL.2],EAX


MOV DWORD PTR SS:[LOCAL.1],ECX
MOV EDX,DWORD PTR SS:[LOCAL.36]
MOV EAX,DWORD PTR DS:[EDX+18]
MOV DWORD PTR SS:[LOCAL.12],EAX
MOV ECX,DWORD PTR SS:[LOCAL.12]
MOV EDX,DWORD PTR DS:[ECX]
MOV DWORD PTR SS:[LOCAL.13],EDX
MOV DWORD PTR SS:[LOCAL.8],0
MOV EAX,DWORD PTR SS:[LOCAL.13]
MOV DWORD PTR SS:[LOCAL.7],EAX
CMP DWORD PTR SS:[LOCAL.36],0
JNE SHORT 00426EF0
CALL 0042E888
/XOR ECX,ECX
\JNE SHORT 00426EF0
MOV EDX,DWORD PTR SS:[LOCAL.36]
MOV EAX,DWORD PTR DS:[EDX]
MOV DWORD PTR SS:[LOCAL.8],EAX
MOV ECX,DWORD PTR SS:[LOCAL.8]
MOV EDX,DWORD PTR SS:[LOCAL.7]
MOV DWORD PTR SS:[LOCAL.6],ECX
MOV DWORD PTR SS:[LOCAL.5],EDX
MOV EAX,DWORD PTR SS:[LOCAL.1]
PUSH EAX

; /Arg5 =>

MOV ECX,DWORD PTR SS:[LOCAL.2]


PUSH ECX

; |
; |Arg4 =>

MOV EDX,DWORD PTR SS:[LOCAL.5]


PUSH EDX

; |
; |Arg3 =>

MOV EAX,DWORD PTR SS:[LOCAL.6]


PUSH EAX

; |
; |Arg2 =>

LEA ECX,[LOCAL.10]
PUSH ECX

; |
; |Arg1 =>

MOV ECX,DWORD PTR SS:[LOCAL.36]


CALL 00429470

; |
; \SystemIn

MOV EDX,DWORD
MOV EAX,DWORD
MOV DWORD PTR
MOV ECX,DWORD
MOV EDX,DWORD
MOV DWORD PTR
MOV EAX,DWORD
PUSH EAX
CALL 0042E91A
ADD ESP,4
MOV ECX,DWORD
MOV DWORD PTR
MOV EDX,DWORD
MOV DWORD PTR
MOV ESP,EBP
POP EBP
RETN
INT3
INT3

PTR SS:[LOCAL.36]
PTR DS:[EDX+18]
SS:[LOCAL.34],EAX
PTR SS:[LOCAL.36]
PTR DS:[ECX+18]
SS:[LOCAL.35],EDX
PTR SS:[LOCAL.35]

PTR SS:[LOCAL.36]
DS:[ECX+18],0
PTR SS:[LOCAL.36]
DS:[EDX+1C],0

00426F77
CC
00426F78
CC
00426F79
CC
00426F7A
CC
00426F7B
CC
00426F7C
CC
00426F7D
CC
00426F7E
CC
00426F7F
CC
00426F80 /$ 55
o.00426F80(guessed void)
00426F81 |. 8BEC
00426F83 |. 83EC 20
00426F86 |. 894D E4
00426F89 |. 8B45 E4
00426F8C |. C700 189C4400
00426F92 |. 8B4D E4
00426F95 |. 8B51 38
00426F98 |. 8955 F8
00426F9B |. 8B45 F8
00426F9E |. 8945 FC
00426FA1 |. 837D FC 00
00426FA5 |. 74 26
00426FA7 |. 8B4D FC
00426FAA |. E8 31F7FDFF
00426FAF |. B9 01000000
00426FB4 |. 83E1 01
00426FB7 |. 74 0C
00426FB9 |. 8B55 FC
00426FBC |. 52
00426FBD |. E8 58790000
00426FC2 |. 83C4 04
00426FC5 |> 8B45 FC
00426FC8 |. 8945 E0
00426FCB |. EB 07
00426FCD |> C745 E0 00000
00426FD4 |> 8B4D E4
00426FD7 |. 83C1 04
00426FDA |. E8 D86C0000
00426FDF |. 8BE5
00426FE1 |. 5D
00426FE2 \. C3
00426FE3
CC
00426FE4
CC
00426FE5
CC
00426FE6
CC
00426FE7
CC
00426FE8
CC
00426FE9
CC
00426FEA
CC
00426FEB
CC
00426FEC
CC
00426FED
CC
00426FEE
CC
00426FEF
CC
00426FF0 /. 55
00426FF1 |. 8BEC
00426FF3 |. 51
00426FF4 |. 894D FC
00426FF7 |. 83C8 FF

INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
SUB ESP,20
MOV DWORD PTR SS:[EBP-1C],ECX
MOV EAX,DWORD PTR SS:[EBP-1C]
MOV DWORD PTR DS:[EAX],OFFSET 00449C18
MOV ECX,DWORD PTR SS:[EBP-1C]
MOV EDX,DWORD PTR DS:[ECX+38]
MOV DWORD PTR SS:[EBP-8],EDX
MOV EAX,DWORD PTR SS:[EBP-8]
MOV DWORD PTR SS:[EBP-4],EAX
CMP DWORD PTR SS:[EBP-4],0
JE SHORT 00426FCD
MOV ECX,DWORD PTR SS:[EBP-4]
CALL 004066E0
MOV ECX,1
AND ECX,00000001
JE SHORT 00426FC5
MOV EDX,DWORD PTR SS:[EBP-4]
PUSH EDX
CALL 0042E91A
ADD ESP,4
MOV EAX,DWORD PTR SS:[EBP-4]
MOV DWORD PTR SS:[EBP-20],EAX
JMP SHORT 00426FD4
MOV DWORD PTR SS:[EBP-20],0
MOV ECX,DWORD PTR SS:[EBP-1C]
ADD ECX,4
CALL 0042DCB7
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
PUSH ECX
MOV DWORD PTR SS:[LOCAL.1],ECX
OR EAX,FFFFFFFF

; SystemInf

00426FFA
00426FFC
00426FFD
00427000
00427001
00427003
00427004
00427007
00427009
0042700B
0042700C
0042700D
0042700E
0042700F
00427010
00427011
00427013
00427014
00427017
0042701A
0042701C
0042701D
0042701E
0042701F
00427020
00427021
00427023
00427026
00427029
0042702C
0042702E
00427031
00427034
00427036
00427039
00427040
00427043
00427045
00427048
0042704B
0042704E
00427050
00427052
00427059
0042705B
0042705E
00427063
00427066
00427069
0042706C
0042706F
00427072
00427074
00427075
00427076
00427077
00427078
00427079
0042707A
0042707B

|.
|.
\.
/.
|.
|.
|.
|.
|.
|.
\.

/.
|.
|.
|.
|.
|.
|.
\.
/.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|>
|.
|.
\.

8BE5
5D
C2 0400
55
8BEC
51
894D FC
33C0
8BE5
5D
C3
CC
CC
CC
55
8BEC
51
894D FC
83C8 FF
8BE5
5D
C3
CC
CC
55
8BEC
83EC 14
894D F0
8B45 F0
8B10
8B4D F0
8B42 10
FFD0
8945 FC
C745 F8 FFFFF
8B4D F8
33D2
3B4D FC
0F94C2
0FB6C2
85C0
74 09
C745 EC FFFFF
EB 14
8B4D F0
E8 0D260000
8945 F4
8B4D F4
0FB611
8955 EC
8B45 EC
8BE5
5D
C3
CC
CC
CC
CC
CC
CC

MOV ESP,EBP
POP EBP
RETN 4
PUSH EBP
MOV EBP,ESP
PUSH ECX
MOV DWORD PTR SS:[LOCAL.1],ECX
XOR EAX,EAX
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
PUSH ECX
MOV DWORD PTR SS:[LOCAL.1],ECX
OR EAX,FFFFFFFF
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
PUSH EBP
MOV EBP,ESP
SUB ESP,14
MOV DWORD PTR SS:[LOCAL.4],ECX
MOV EAX,DWORD PTR SS:[LOCAL.4]
MOV EDX,DWORD PTR DS:[EAX]
MOV ECX,DWORD PTR SS:[LOCAL.4]
MOV EAX,DWORD PTR DS:[EDX+10]
CALL EAX
MOV DWORD PTR SS:[LOCAL.1],EAX
MOV DWORD PTR SS:[LOCAL.2],-1
MOV ECX,DWORD PTR SS:[LOCAL.2]
XOR EDX,EDX
CMP ECX,DWORD PTR SS:[LOCAL.1]
SETE DL
MOVZX EAX,DL
TEST EAX,EAX
JE SHORT 0042705B
MOV DWORD PTR SS:[LOCAL.5],-1
JMP SHORT 0042706F
MOV ECX,DWORD PTR SS:[LOCAL.4]
CALL 00429670
MOV DWORD PTR SS:[LOCAL.3],EAX
MOV ECX,DWORD PTR SS:[LOCAL.3]
MOVZX EDX,BYTE PTR DS:[ECX]
MOV DWORD PTR SS:[LOCAL.5],EDX
MOV EAX,DWORD PTR SS:[LOCAL.5]
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
INT3
INT3
INT3

0042707C
0042707D
0042707E
0042707F
00427080
00427081
00427083
00427084
00427087
0042708A
0042708B
0042708D
00427090
00427091
00427094
00427096
00427099
0042709C
0042709E
004270A0
004270A1
004270A4
004270A5
004270A6
004270A7
004270A8
004270A9
004270AA
004270AB
004270AC
004270AD
004270AE
004270AF
004270B0
004270B1
004270B3
004270B6
004270B9
004270C0
004270C4
004270CA
004270CD
004270D0
004270D3
004270D5
004270D8
004270DB
004270DD
004270E0
004270E2
004270E9
004270EC
004270EF
004270F3
004270F9
004270FC
004270FF
00427102
00427105
00427107

/.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
\.

/.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.

CC
CC
CC
CC
55
8BEC
51
894D FC
8B45 0C
50
6A FF
8B4D 08
51
8B55 FC
8B02
8B4D FC
8B50 1C
FFD2
8BE5
5D
C2 0800
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
55
8BEC
83EC 24
894D E0
C745 FC 00000
837D 10 00
0F8E 04010000
8B45 E0
8B48 20
8339 00
74 0D
8B55 E0
8B42 30
8B08
894D DC
EB 07
C745 DC 00000
8B55 DC
8955 F8
837D F8 00
0F8E 80000000
8B45 F8
8945 F4
8B4D 10
3B4D F4
7D 06
8B55 10

INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
PUSH ECX
MOV DWORD PTR SS:[LOCAL.1],ECX
MOV EAX,DWORD PTR SS:[ARG.2]
PUSH EAX
PUSH -1
MOV ECX,DWORD PTR SS:[ARG.1]
PUSH ECX
MOV EDX,DWORD PTR SS:[LOCAL.1]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[LOCAL.1]
MOV EDX,DWORD PTR DS:[EAX+1C]
CALL EDX
MOV ESP,EBP
POP EBP
RETN 8
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
SUB ESP,24
MOV DWORD PTR SS:[LOCAL.8],ECX
MOV DWORD PTR SS:[LOCAL.1],0
CMP DWORD PTR SS:[EBP+10],0
JLE 004271CE
MOV EAX,DWORD PTR SS:[EBP-20]
MOV ECX,DWORD PTR DS:[EAX+20]
CMP DWORD PTR DS:[ECX],0
JE SHORT 004270E2
MOV EDX,DWORD PTR SS:[EBP-20]
MOV EAX,DWORD PTR DS:[EDX+30]
MOV ECX,DWORD PTR DS:[EAX]
MOV DWORD PTR SS:[EBP-24],ECX
JMP SHORT 004270E9
MOV DWORD PTR SS:[EBP-24],0
MOV EDX,DWORD PTR SS:[EBP-24]
MOV DWORD PTR SS:[EBP-8],EDX
CMP DWORD PTR SS:[EBP-8],0
JLE 00427179
MOV EAX,DWORD PTR SS:[EBP-8]
MOV DWORD PTR SS:[EBP-0C],EAX
MOV ECX,DWORD PTR SS:[EBP+10]
CMP ECX,DWORD PTR SS:[EBP-0C]
JGE SHORT 0042710D
MOV EDX,DWORD PTR SS:[EBP+10]

0042710A |.
0042710D |>
00427110 |.
00427113 |.
00427115 |.
00427118 |.
0042711B |.
0042711E |.
00427121 |.
00427122 |.
00427125 |.
00427126 |.
00427129 |.
0042712A |.
0042712D |.
0042712E |.
fo.0042EA08
00427133 |.
00427136 |.
00427139 |.
0042713C |.
0042713F |.
00427142 |.
00427145 |.
00427148 |.
0042714B |.
0042714E |.
00427151 |.
00427154 |.
00427157 |.
00427159 |.
0042715C |.
0042715F |.
00427162 |.
00427164 |.
00427167 |.
0042716A |.
0042716C |.
0042716F |.
00427172 |.
00427175 |.
00427177 |.^
00427179 |>
0042717C |.
0042717E |.
00427181 |.
00427184 |.
00427186 |.
00427189 |.
00427190 |.
00427193 |.
00427195 |.
00427198 |.
0042719B |.
0042719E |.
004271A0 |.
004271A2 |.
004271A4 |.^
004271A6 |>
004271A9 |.

8955 F4
8B45 E0
8B48 20
8B11
8955 E8
8A45 E6
8845 E7
8B4D F4
51
8B55 E8
52
8B45 0C
50
8B4D 08
51
E8 D5780000

MOV DWORD PTR SS:[EBP-0C],EDX


MOV EAX,DWORD PTR SS:[EBP-20]
MOV ECX,DWORD PTR DS:[EAX+20]
MOV EDX,DWORD PTR DS:[ECX]
MOV DWORD PTR SS:[EBP-18],EDX
MOV AL,BYTE PTR SS:[EBP-1A]
MOV BYTE PTR SS:[EBP-19],AL
MOV ECX,DWORD PTR SS:[EBP-0C]
PUSH ECX
MOV EDX,DWORD PTR SS:[EBP-18]
PUSH EDX
MOV EAX,DWORD PTR SS:[EBP+0C]
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP+8]
PUSH ECX
CALL 0042EA08

83C4 10
ADD ESP,10
8B55 08
MOV EDX,DWORD PTR SS:[EBP+8]
0355 F4
ADD EDX,DWORD PTR SS:[EBP-0C]
8955 08
MOV DWORD PTR SS:[EBP+8],EDX
8B45 FC
MOV EAX,DWORD PTR SS:[EBP-4]
0345 F4
ADD EAX,DWORD PTR SS:[EBP-0C]
8945 FC
MOV DWORD PTR SS:[EBP-4],EAX
8B4D 10
MOV ECX,DWORD PTR SS:[EBP+10]
2B4D F4
SUB ECX,DWORD PTR SS:[EBP-0C]
894D 10
MOV DWORD PTR SS:[EBP+10],ECX
8B55 E0
MOV EDX,DWORD PTR SS:[EBP-20]
8B42 30
MOV EAX,DWORD PTR DS:[EDX+30]
8B08
MOV ECX,DWORD PTR DS:[EAX]
2B4D F4
SUB ECX,DWORD PTR SS:[EBP-0C]
8B55 E0
MOV EDX,DWORD PTR SS:[EBP-20]
8B42 30
MOV EAX,DWORD PTR DS:[EDX+30]
8908
MOV DWORD PTR DS:[EAX],ECX
8B4D E0
MOV ECX,DWORD PTR SS:[EBP-20]
8B51 20
MOV EDX,DWORD PTR DS:[ECX+20]
8B02
MOV EAX,DWORD PTR DS:[EDX]
0345 F4
ADD EAX,DWORD PTR SS:[EBP-0C]
8B4D E0
MOV ECX,DWORD PTR SS:[EBP-20]
8B51 20
MOV EDX,DWORD PTR DS:[ECX+20]
8902
MOV DWORD PTR DS:[EDX],EAX
EB 50
JMP SHORT 004271C9
8B45 E0
MOV EAX,DWORD PTR SS:[EBP-20]
8B10
MOV EDX,DWORD PTR DS:[EAX]
8B4D E0
MOV ECX,DWORD PTR SS:[EBP-20]
8B42 14
MOV EAX,DWORD PTR DS:[EDX+14]
FFD0
CALL EAX
8945 F0
MOV DWORD PTR SS:[EBP-10],EAX
C745 EC FFFFF MOV DWORD PTR SS:[EBP-14],-1
8B4D EC
MOV ECX,DWORD PTR SS:[EBP-14]
33D2
XOR EDX,EDX
3B4D F0
CMP ECX,DWORD PTR SS:[EBP-10]
0F94C2
SETE DL
0FB6C2
MOVZX EAX,DL
85C0
TEST EAX,EAX
74 04
JE SHORT 004271A6
EB 2A
JMP SHORT 004271CE
EB 23
JMP SHORT 004271C9
8B4D 08
MOV ECX,DWORD PTR SS:[EBP+8]
8A55 F0
MOV DL,BYTE PTR SS:[EBP-10]

;
;
;
;
;
;
;
;

/Arg4
|
|Arg3
|
|Arg2
|
|Arg1
\SystemIn

004271AC |. 8811
004271AE |. 8B45 08
004271B1 |. 83C0 01
004271B4 |. 8945 08
004271B7 |. 8B4D FC
004271BA |. 83C1 01
004271BD |. 894D FC
004271C0 |. 8B55 10
004271C3 |. 83EA 01
004271C6 |. 8955 10
004271C9 |>^ E9 F2FEFFFF
004271CE |> 8B45 FC
004271D1 |. 8BE5
004271D3 |. 5D
004271D4 \. C2 0C00
004271D7
CC
004271D8
CC
004271D9
CC
004271DA
CC
004271DB
CC
004271DC
CC
004271DD
CC
004271DE
CC
004271DF
CC
004271E0 /$ 55
o.004271E0(guessed void)
004271E1 |. 8BEC
004271E3 |. 83EC 14
004271E6 |. 894D EC
004271E9 |. 8B45 EC
004271EC |. 33C9
004271EE |. 8338 00
004271F1 |. 0F95C1
004271F4 |. 0FB6D1
004271F7 |. 85D2
004271F9 |. 75 05
004271FB |. E8 88760000
00427200 |> 33C0
00427202 |.^ 75 FC
00427204 |. 8B4D EC
00427207 |. 8B51 04
0042720A |. 0FBE82 D50000
00427211 |. 85C0
00427213 |. 74 0A
00427215 |. E8 6E760000
0042721A |. E9 91000000
0042721F |> 8B4D EC
00427222 |. 8B51 04
00427225 |. 83C2 08
00427228 |. 8955 F8
0042722B |. 8B45 F8
0042722E |. 8B08
00427230 |. 0FBE91 D50000
00427237 |. 85D2
00427239 |. 75 39
0042723B |. 8B45 EC
0042723E |. 8B48 04
00427241 |. 83C1 08
00427244 |. 894D F4
00427247 |. 8B55 F4

MOV BYTE PTR DS:[ECX],DL


MOV EAX,DWORD PTR SS:[EBP+8]
ADD EAX,1
MOV DWORD PTR SS:[EBP+8],EAX
MOV ECX,DWORD PTR SS:[EBP-4]
ADD ECX,1
MOV DWORD PTR SS:[EBP-4],ECX
MOV EDX,DWORD PTR SS:[EBP+10]
SUB EDX,1
MOV DWORD PTR SS:[EBP+10],EDX
JMP 004270C0
MOV EAX,DWORD PTR SS:[EBP-4]
MOV ESP,EBP
POP EBP
RETN 0C
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
SUB ESP,14
MOV DWORD PTR SS:[LOCAL.5],ECX
MOV EAX,DWORD PTR SS:[LOCAL.5]
XOR ECX,ECX
CMP DWORD PTR DS:[EAX],0
SETNE CL
MOVZX EDX,CL
TEST EDX,EDX
JNE SHORT 00427200
CALL 0042E888
/XOR EAX,EAX
\JNE SHORT 00427200
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV EDX,DWORD PTR DS:[ECX+4]
MOVSX EAX,BYTE PTR DS:[EDX+0D5]
TEST EAX,EAX
JE SHORT 0042721F
CALL 0042E888
JMP 004272B0
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV EDX,DWORD PTR DS:[ECX+4]
ADD EDX,8
MOV DWORD PTR SS:[LOCAL.2],EDX
MOV EAX,DWORD PTR SS:[LOCAL.2]
MOV ECX,DWORD PTR DS:[EAX]
MOVSX EDX,BYTE PTR DS:[ECX+0D5]
TEST EDX,EDX
JNE SHORT 00427274
MOV EAX,DWORD PTR SS:[LOCAL.5]
MOV ECX,DWORD PTR DS:[EAX+4]
ADD ECX,8
MOV DWORD PTR SS:[LOCAL.3],ECX
MOV EDX,DWORD PTR SS:[LOCAL.3]

; SystemInf

0042724A
0042724C
0042724F
00427252
00427254
0042725B
0042725D
0042725F
00427262
00427264
00427267
00427269
0042726C
0042726F
00427272
00427274
00427277
0042727A
0042727D
00427280
00427283
0042728A
0042728C
0042728E
00427291
00427294
00427297
0042729A
0042729C
0042729F
004272A2
004272A5
004272A7
004272AA
004272AD
004272B0
004272B2
004272B3
004272B4
004272B5
004272B6
004272B7
004272B8
004272B9
004272BA
004272BB
004272BC
004272BD
004272BE
004272BF
004272C0
004272C1
004272C3
004272C6
004272C9
004272D0
004272D4
004272DA
004272DD
004272E0

|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.^
|>
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.^
|>
|.
|.
|>
|.
\.

/.
|.
|.
|.
|.
|>
|.
|.
|.
|.

8B02
8945 F0
8B4D F0
8B11
0FBE82 D50000
85C0
75 0A
8B4D F0
8B11
8955 F0
EB E6
8B45 EC
8B4D F0
8948 04
EB 3C
8B55 EC
8B42 04
8B48 04
894D FC
8B55 FC
0FBE82 D50000
85C0
75 19
8B4D EC
8B55 FC
8B41 04
3B42 08
75 0B
8B4D EC
8B55 FC
8951 04
EB CD
8B45 EC
8B4D FC
8948 04
8BE5
5D
C3
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
55
8BEC
83EC 28
894D DC
C745 FC 00000
837D 0C 00
0F8E 09010000
8B45 DC
8B48 24
8339 00

MOV EAX,DWORD PTR DS:[EDX]


MOV DWORD PTR SS:[LOCAL.4],EAX
/MOV ECX,DWORD PTR SS:[LOCAL.4]
|MOV EDX,DWORD PTR DS:[ECX]
|MOVSX EAX,BYTE PTR DS:[EDX+0D5]
|TEST EAX,EAX
|JNE SHORT 00427269
|MOV ECX,DWORD PTR SS:[LOCAL.4]
|MOV EDX,DWORD PTR DS:[ECX]
|MOV DWORD PTR SS:[LOCAL.4],EDX
\JMP SHORT 0042724F
MOV EAX,DWORD PTR SS:[LOCAL.5]
MOV ECX,DWORD PTR SS:[LOCAL.4]
MOV DWORD PTR DS:[EAX+4],ECX
JMP SHORT 004272B0
/MOV EDX,DWORD PTR SS:[LOCAL.5]
|MOV EAX,DWORD PTR DS:[EDX+4]
|MOV ECX,DWORD PTR DS:[EAX+4]
|MOV DWORD PTR SS:[LOCAL.1],ECX
|MOV EDX,DWORD PTR SS:[LOCAL.1]
|MOVSX EAX,BYTE PTR DS:[EDX+0D5]
|TEST EAX,EAX
|JNE SHORT 004272A7
|MOV ECX,DWORD PTR SS:[LOCAL.5]
|MOV EDX,DWORD PTR SS:[LOCAL.1]
|MOV EAX,DWORD PTR DS:[ECX+4]
|CMP EAX,DWORD PTR DS:[EDX+8]
|JNE SHORT 004272A7
|MOV ECX,DWORD PTR SS:[LOCAL.5]
|MOV EDX,DWORD PTR SS:[LOCAL.1]
|MOV DWORD PTR DS:[ECX+4],EDX
\JMP SHORT 00427274
MOV EAX,DWORD PTR SS:[LOCAL.5]
MOV ECX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR DS:[EAX+4],ECX
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
SUB ESP,28
MOV DWORD PTR SS:[LOCAL.9],ECX
MOV DWORD PTR SS:[LOCAL.1],0
CMP DWORD PTR SS:[EBP+0C],0
JLE 004273E3
MOV EAX,DWORD PTR SS:[EBP-24]
MOV ECX,DWORD PTR DS:[EAX+24]
CMP DWORD PTR DS:[ECX],0

004272E3 |.
004272E5 |.
004272E8 |.
004272EB |.
004272ED |.
004272F0 |.
004272F2 |>
004272F9 |>
004272FC |.
004272FF |.
00427303 |.
00427309 |.
0042730C |.
0042730F |.
00427312 |.
00427315 |.
00427317 |.
0042731A |.
0042731D |>
00427320 |.
00427323 |.
00427325 |.
00427328 |.
0042732B |.
0042732E |.
00427331 |.
00427332 |.
00427335 |.
00427336 |.
00427339 |.
0042733A |.
0042733D |.
0042733E |.
fo.0042EA08
00427343 |.
00427346 |.
00427349 |.
0042734C |.
0042734F |.
00427352 |.
00427355 |.
00427358 |.
0042735B |.
0042735E |.
00427361 |.
00427364 |.
00427367 |.
00427369 |.
0042736C |.
0042736F |.
00427372 |.
00427374 |.
00427377 |.
0042737A |.
0042737C |.
0042737F |.
00427382 |.
00427385 |.
00427387 |.^
00427389 |>

74 0D
8B55 DC
8B42 34
8B08
894D D8
EB 07
C745 D8 00000
8B55 D8
8955 F8
837D F8 00
0F8E 80000000
8B45 F8
8945 F4
8B4D 0C
3B4D F4
7D 06
8B55 0C
8955 F4
8B45 DC
8B48 24
8B11
8955 E8
8A45 E6
8845 E7
8B4D F4
51
8B55 08
52
8B45 F8
50
8B4D E8
51
E8 C5760000

JE SHORT 004272F2
MOV EDX,DWORD PTR SS:[EBP-24]
MOV EAX,DWORD PTR DS:[EDX+34]
MOV ECX,DWORD PTR DS:[EAX]
MOV DWORD PTR SS:[EBP-28],ECX
JMP SHORT 004272F9
MOV DWORD PTR SS:[EBP-28],0
MOV EDX,DWORD PTR SS:[EBP-28]
MOV DWORD PTR SS:[EBP-8],EDX
CMP DWORD PTR SS:[EBP-8],0
JLE 00427389
MOV EAX,DWORD PTR SS:[EBP-8]
MOV DWORD PTR SS:[EBP-0C],EAX
MOV ECX,DWORD PTR SS:[EBP+0C]
CMP ECX,DWORD PTR SS:[EBP-0C]
JGE SHORT 0042731D
MOV EDX,DWORD PTR SS:[EBP+0C]
MOV DWORD PTR SS:[EBP-0C],EDX
MOV EAX,DWORD PTR SS:[EBP-24]
MOV ECX,DWORD PTR DS:[EAX+24]
MOV EDX,DWORD PTR DS:[ECX]
MOV DWORD PTR SS:[EBP-18],EDX
MOV AL,BYTE PTR SS:[EBP-1A]
MOV BYTE PTR SS:[EBP-19],AL
MOV ECX,DWORD PTR SS:[EBP-0C]
PUSH ECX
MOV EDX,DWORD PTR SS:[EBP+8]
PUSH EDX
MOV EAX,DWORD PTR SS:[EBP-8]
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP-18]
PUSH ECX
CALL 0042EA08

83C4 10
8B55 08
0355 F4
8955 08
8B45 FC
0345 F4
8945 FC
8B4D 0C
2B4D F4
894D 0C
8B55 DC
8B42 34
8B08
2B4D F4
8B55 DC
8B42 34
8908
8B4D DC
8B51 24
8B02
0345 F4
8B4D DC
8B51 24
8902
EB 55
8B45 08

ADD
MOV
ADD
MOV
MOV
ADD
MOV
MOV
SUB
MOV
MOV
MOV
MOV
SUB
MOV
MOV
MOV
MOV
MOV
MOV
ADD
MOV
MOV
MOV
JMP
MOV

ESP,10
EDX,DWORD PTR SS:[EBP+8]
EDX,DWORD PTR SS:[EBP-0C]
DWORD PTR SS:[EBP+8],EDX
EAX,DWORD PTR SS:[EBP-4]
EAX,DWORD PTR SS:[EBP-0C]
DWORD PTR SS:[EBP-4],EAX
ECX,DWORD PTR SS:[EBP+0C]
ECX,DWORD PTR SS:[EBP-0C]
DWORD PTR SS:[EBP+0C],ECX
EDX,DWORD PTR SS:[EBP-24]
EAX,DWORD PTR DS:[EDX+34]
ECX,DWORD PTR DS:[EAX]
ECX,DWORD PTR SS:[EBP-0C]
EDX,DWORD PTR SS:[EBP-24]
EAX,DWORD PTR DS:[EDX+34]
DWORD PTR DS:[EAX],ECX
ECX,DWORD PTR SS:[EBP-24]
EDX,DWORD PTR DS:[ECX+24]
EAX,DWORD PTR DS:[EDX]
EAX,DWORD PTR SS:[EBP-0C]
ECX,DWORD PTR SS:[EBP-24]
EDX,DWORD PTR DS:[ECX+24]
DWORD PTR DS:[EDX],EAX
SHORT 004273DE
EAX,DWORD PTR SS:[EBP+8]

;
;
;
;
;
;
;
;

/Arg4
|
|Arg3
|
|Arg2
|
|Arg1
\SystemIn

0042738C |. 0FB608
MOVZX ECX,BYTE PTR DS:[EAX]
0042738F |. 894D E0
MOV DWORD PTR SS:[EBP-20],ECX
00427392 |. 8B55 E0
MOV EDX,DWORD PTR SS:[EBP-20]
00427395 |. 52
PUSH EDX
00427396 |. 8B45 DC
MOV EAX,DWORD PTR SS:[EBP-24]
00427399 |. 8B10
MOV EDX,DWORD PTR DS:[EAX]
0042739B |. 8B4D DC
MOV ECX,DWORD PTR SS:[EBP-24]
0042739E |. 8B42 04
MOV EAX,DWORD PTR DS:[EDX+4]
004273A1 |. FFD0
CALL EAX
004273A3 |. 8945 F0
MOV DWORD PTR SS:[EBP-10],EAX
004273A6 |. C745 EC FFFFF MOV DWORD PTR SS:[EBP-14],-1
004273AD |. 8B4D EC
MOV ECX,DWORD PTR SS:[EBP-14]
004273B0 |. 33D2
XOR EDX,EDX
004273B2 |. 3B4D F0
CMP ECX,DWORD PTR SS:[EBP-10]
004273B5 |. 0F94C2
SETE DL
004273B8 |. 0FB6C2
MOVZX EAX,DL
004273BB |. 85C0
TEST EAX,EAX
004273BD |. 74 04
JE SHORT 004273C3
004273BF |. EB 22
JMP SHORT 004273E3
004273C1 |.^ EB 1B
JMP SHORT 004273DE
004273C3 |> 8B4D 08
MOV ECX,DWORD PTR SS:[EBP+8]
004273C6 |. 83C1 01
ADD ECX,1
004273C9 |. 894D 08
MOV DWORD PTR SS:[EBP+8],ECX
004273CC |. 8B55 FC
MOV EDX,DWORD PTR SS:[EBP-4]
004273CF |. 83C2 01
ADD EDX,1
004273D2 |. 8955 FC
MOV DWORD PTR SS:[EBP-4],EDX
004273D5 |. 8B45 0C
MOV EAX,DWORD PTR SS:[EBP+0C]
004273D8 |. 83E8 01
SUB EAX,1
004273DB |. 8945 0C
MOV DWORD PTR SS:[EBP+0C],EAX
004273DE |>^ E9 EDFEFFFF JMP 004272D0
004273E3 |> 8B45 FC
MOV EAX,DWORD PTR SS:[EBP-4]
004273E6 |. 8BE5
MOV ESP,EBP
004273E8 |. 5D
POP EBP
004273E9 \. C2 0800
RETN 8
004273EC
CC
INT3
004273ED
CC
INT3
004273EE
CC
INT3
004273EF
CC
INT3
004273F0 /$ 55
PUSH EBP
o.004273F0(guessed Arg1,Arg2)
004273F1 |. 8BEC
MOV EBP,ESP
004273F3 |. 6A FF
PUSH -1
004273F5 |. 68 98684400 PUSH 00446898
004273FA |. 64:A1 0000000 MOV EAX,DWORD PTR FS:[0]
00427400 |. 50
PUSH EAX
00427401 |. 83EC 3C
SUB ESP,3C
00427404 |. A1 A0154500 MOV EAX,DWORD PTR DS:[4515A0]
00427409 |. 33C5
XOR EAX,EBP
0042740B |. 50
PUSH EAX
0042740C |. 8D45 F4
LEA EAX,[LOCAL.3]
0042740F |. 64:A3 0000000 MOV DWORD PTR FS:[0],EAX
00427415 |. 894D C8
MOV DWORD PTR SS:[LOCAL.14],ECX
00427418 |. 8D45 D1
LEA EAX,[LOCAL.12+1]
0042741B |. 8945 EC
MOV DWORD PTR SS:[LOCAL.5],EAX
0042741E |. 8D4D D2
LEA ECX,[LOCAL.12+2]
00427421 |. 894D E4
MOV DWORD PTR SS:[LOCAL.7],ECX
00427424 |. 8D55 D3
LEA EDX,[LOCAL.12+3]
00427427 |. 8955 DC
MOV DWORD PTR SS:[LOCAL.9],EDX
0042742A |. 51
PUSH ECX
0042742B |. 8BC4
MOV EAX,ESP

; SystemInf

; /Arg2
; |

0042742D |.
00427430 |.
00427433 |.
00427436 |.
00427439 |.
0042743A |.
0042743D |.
fo.0042CBC0
00427442 |.
00427445 |.
00427448 |.
0042744B |.
0042744E |.
00427451 |.
00427454 |.
00427457 |.
0042745E |.
00427461 |.
00427466 |.
0042746D |.
00427470 |.
00427473 |.
0042747A |.
0042747B |.
0042747D |.
0042747E \.
00427481
00427482
00427483
00427484
00427485
00427486
00427487
00427488
00427489
0042748A
0042748B
0042748C
0042748D
0042748E
0042748F
00427490 /.
00427491 |.
00427493 |.
00427496 |.
00427499 |.
0042749E |.
004274A1 |.
004274A4 |.
004274A7 |.
004274A9 |.
004274AC |.
004274B3 |.
004274BA |.
004274BD |.
004274C3 |.
004274C6 |.
004274C9 |.
004274CB |.
004274CC \.

8965 D8
8945 D4
8B4D 08
0FB611
52
8B4D C8
E8 7E570000

MOV DWORD PTR SS:[LOCAL.10],ESP


MOV DWORD PTR SS:[LOCAL.11],EAX
MOV ECX,DWORD PTR SS:[ARG.1]
MOVZX EDX,BYTE PTR DS:[ECX]
PUSH EDX
MOV ECX,DWORD PTR SS:[LOCAL.14]
CALL 0042CBC0

8945 C4
8B45 C8
8945 C0
8B4D C8
894D BC
8B55 C8
8955 B8
C745 FC 00000
8B4D C8
E8 DA290000
C745 FC FFFFF
8B45 C8
8B4D F4
64:890D 00000
59
8BE5
5D
C2 0800
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
55
8BEC
83EC 08
894D F8
A1 049D4400
8945 FC
8B4D 08
8B55 FC
8911
8B45 08
C740 08 00000
C740 0C 00000
8B4D 08
8B15 D49B4400
8951 10
8B45 08
8BE5
5D
C2 1000

MOV DWORD PTR


MOV EAX,DWORD
MOV DWORD PTR
MOV ECX,DWORD
MOV DWORD PTR
MOV EDX,DWORD
MOV DWORD PTR
MOV DWORD PTR
MOV ECX,DWORD
CALL 00429E40
MOV DWORD PTR
MOV EAX,DWORD
MOV ECX,DWORD
MOV DWORD PTR
POP ECX
MOV ESP,EBP
POP EBP
RETN 8
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
SUB ESP,8
MOV DWORD PTR
MOV EAX,DWORD
MOV DWORD PTR
MOV ECX,DWORD
MOV EDX,DWORD
MOV DWORD PTR
MOV EAX,DWORD
MOV DWORD PTR
MOV DWORD PTR
MOV ECX,DWORD
MOV EDX,DWORD
MOV DWORD PTR
MOV EAX,DWORD
MOV ESP,EBP
POP EBP
RETN 10

SS:[LOCAL.15],EAX
PTR SS:[LOCAL.14]
SS:[LOCAL.16],EAX
PTR SS:[LOCAL.14]
SS:[LOCAL.17],ECX
PTR SS:[LOCAL.14]
SS:[LOCAL.18],EDX
SS:[LOCAL.1],0
PTR SS:[LOCAL.14]
SS:[LOCAL.1],-1
PTR SS:[LOCAL.14]
PTR SS:[LOCAL.3]
FS:[0],ECX

SS:[LOCAL.2],ECX
PTR DS:[449D04]
SS:[LOCAL.1],EAX
PTR SS:[ARG.1]
PTR SS:[LOCAL.1]
DS:[ECX],EDX
PTR SS:[ARG.1]
DS:[EAX+8],0
DS:[EAX+0C],0
PTR SS:[ARG.1]
PTR DS:[449BD4]
DS:[ECX+10],EDX
PTR SS:[ARG.1]

;
;
;
;
;
;
;

|
|
|
|
|Arg1
|
\SystemIn

004274CF
CC
INT3
004274D0 /$ 55
PUSH EBP
o.004274D0(guessed Arg1,Arg2)
004274D1 |. 8BEC
MOV EBP,ESP
004274D3 |. 81EC B4000000 SUB ESP,0B4
004274D9 |. 898D 50FFFFFF MOV DWORD PTR SS:[LOCAL.44],ECX
004274DF |. 8B85 50FFFFFF MOV EAX,DWORD PTR SS:[LOCAL.44]
004274E5 |. 8B48 18
MOV ECX,DWORD PTR DS:[EAX+18]
004274E8 |. 8B51 04
MOV EDX,DWORD PTR DS:[ECX+4]
004274EB |. 8955 F4
MOV DWORD PTR SS:[LOCAL.3],EDX
004274EE |. 8B85 50FFFFFF MOV EAX,DWORD PTR SS:[LOCAL.44]
004274F4 |. 8B48 18
MOV ECX,DWORD PTR DS:[EAX+18]
004274F7 |. 894D F8
MOV DWORD PTR SS:[LOCAL.2],ECX
004274FA |. C645 FF 01
MOV BYTE PTR SS:[LOCAL.1+3],1
004274FE |> 8B55 F4
/MOV EDX,DWORD PTR SS:[LOCAL.3]
00427501 |. 0FBE42 3D
|MOVSX EAX,BYTE PTR DS:[EDX+3D]
00427505 |. 85C0
|TEST EAX,EAX
00427507 |. 75 59
|JNE SHORT 00427562
00427509 |. 8B4D F4
|MOV ECX,DWORD PTR SS:[LOCAL.3]
0042750C |. 894D F8
|MOV DWORD PTR SS:[LOCAL.2],ECX
0042750F |. 8B4D F4
|MOV ECX,DWORD PTR SS:[LOCAL.3]
00427512 |. 83C1 0C
|ADD ECX,0C
00427515 |. E8 9671FEFF |CALL 0040E6B0
0042751A |. 50
|PUSH EAX
0042751B |. 8B4D 0C
|MOV ECX,DWORD PTR SS:[ARG.2]
0042751E |. E8 8D71FEFF |CALL 0040E6B0
00427523 |. 50
|PUSH EAX
00427524 |. E8 57740000 |CALL 0042E980
fo.0042E980
00427529 |. 83C4 08
|ADD ESP,8
0042752C |. 33D2
|XOR EDX,EDX
0042752E |. 85C0
|TEST EAX,EAX
00427530 |. 0F9CC2
|SETL DL
00427533 |. 8855 FF
|MOV BYTE PTR SS:[LOCAL.1+3],DL
00427536 |. 0FB645 FF
|MOVZX EAX,BYTE PTR SS:[LOCAL.1+3]
0042753A |. 85C0
|TEST EAX,EAX
0042753C |. 74 0D
|JE SHORT 0042754B
0042753E |. 8B4D F4
|MOV ECX,DWORD PTR SS:[LOCAL.3]
00427541 |. 8B11
|MOV EDX,DWORD PTR DS:[ECX]
00427543 |. 8995 4CFFFFFF |MOV DWORD PTR SS:[LOCAL.45],EDX
00427549 |. EB 0C
|JMP SHORT 00427557
0042754B |> 8B45 F4
|MOV EAX,DWORD PTR SS:[LOCAL.3]
0042754E |. 8B48 08
|MOV ECX,DWORD PTR DS:[EAX+8]
00427551 |. 898D 4CFFFFFF |MOV DWORD PTR SS:[LOCAL.45],ECX
00427557 |> 8B95 4CFFFFFF |MOV EDX,DWORD PTR SS:[LOCAL.45]
0042755D |. 8955 F4
|MOV DWORD PTR SS:[LOCAL.3],EDX
00427560 |.^ EB 9C
\JMP SHORT 004274FE
00427562 |> B8 01000000 MOV EAX,1
00427567 |. 85C0
TEST EAX,EAX
00427569 |. 74 4F
JE SHORT 004275BA
0042756B |. C645 EB 01
MOV BYTE PTR SS:[LOCAL.6+3],1
0042756F |. 8B4D 0C
MOV ECX,DWORD PTR SS:[ARG.2]
00427572 |. 51
PUSH ECX
[ARG.2]
00427573 |. 8B55 F8
MOV EDX,DWORD PTR SS:[LOCAL.2]
00427576 |. 52
PUSH EDX
[LOCAL.2]
00427577 |. 0FB645 FF
MOVZX EAX,BYTE PTR SS:[LOCAL.1+3]
0042757B |. 50
PUSH EAX
0042757C |. 8D4D E0
LEA ECX,[LOCAL.8]

; SystemInf

;
;
;
;
;

/Arg2
|
|
|Arg1
\SystemIn

; /Arg4 =>
; |
; |Arg3 =>
; |
; |Arg2
; |

0042757F |. 51
OFFSET LOCAL.8
00427580 |. 8B8D 50FFFFFF
00427586 |. E8 25290000
fo.00429EB0
0042758B |. 8985 68FFFFFF
00427591 |. 8B95 68FFFFFF
00427597 |. 8B02
00427599 |. 8B4A 04
0042759C |. 8B55 08
0042759F |. 8902
004275A1 |. 894A 04
004275A4 |. 8B45 08
004275A7 |. 8A4D EB
004275AA |. 8848 08
004275AD |. 8B45 08
004275B0 |. E9 84010000
004275B5 |. E9 7F010000
004275BA |> 8B95 50FFFFFF
004275C0 |. 52
ARG.ECX
004275C1 |. 8B45 F8
004275C4 |. 50
[LOCAL.2]
004275C5 |. 8D4D EC
004275C8 |. E8 231B0000
fo.004290F0
004275CD |. 0FB64D FF
004275D1 |. 85C9
004275D3 |. 75 05
004275D5 |. E9 C1000000
004275DA |> 8B95 50FFFFFF
004275E0 |. 8B42 18
004275E3 |. 8985 64FFFFFF
004275E9 |. 8B8D 64FFFFFF
004275EF |. 8B11
004275F1 |. 8995 60FFFFFF
004275F7 |. 8B85 50FFFFFF
004275FD |. 50
ARG.ECX
004275FE |. 8B8D 60FFFFFF
00427604 |. 51
[LOCAL.40]
00427605 |. 8D4D D8
00427608 |. E8 E31A0000
fo.004290F0
0042760D |. 33D2
0042760F |. 837D EC 00
00427613 |. 0F95C2
00427616 |. 0FB6C2
00427619 |. 85C0
0042761B |. 74 12
0042761D |. 8B4D EC
00427620 |. 33D2
00427622 |. 3B4D D8
00427625 |. 0F94C2
00427628 |. 0FB6C2
0042762B |. 85C0
0042762D |. 75 05
0042762F |> E8 54720000

PUSH ECX

; |Arg1 =>

MOV ECX,DWORD PTR SS:[LOCAL.44]


CALL 00429EB0

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.38],EAX


MOV EDX,DWORD PTR SS:[LOCAL.38]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR DS:[EDX+4]
MOV EDX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR DS:[EDX],EAX
MOV DWORD PTR DS:[EDX+4],ECX
MOV EAX,DWORD PTR SS:[ARG.1]
MOV CL,BYTE PTR SS:[LOCAL.6+3]
MOV BYTE PTR DS:[EAX+8],CL
MOV EAX,DWORD PTR SS:[ARG.1]
JMP 00427739
JMP 00427739
MOV EDX,DWORD PTR SS:[LOCAL.44]
PUSH EDX

; /Arg2 =>

MOV EAX,DWORD PTR SS:[LOCAL.2]


PUSH EAX

; |
; |Arg1 =>

LEA ECX,[LOCAL.5]
CALL 004290F0

; |
; \SystemIn

MOVZX ECX,BYTE PTR SS:[LOCAL.1+3]


TEST ECX,ECX
JNE SHORT 004275DA
JMP 0042769B
MOV EDX,DWORD PTR SS:[LOCAL.44]
MOV EAX,DWORD PTR DS:[EDX+18]
MOV DWORD PTR SS:[LOCAL.39],EAX
MOV ECX,DWORD PTR SS:[LOCAL.39]
MOV EDX,DWORD PTR DS:[ECX]
MOV DWORD PTR SS:[LOCAL.40],EDX
MOV EAX,DWORD PTR SS:[LOCAL.44]
PUSH EAX

; /Arg2 =>

MOV ECX,DWORD PTR SS:[LOCAL.40]


PUSH ECX

; |
; |Arg1 =>

LEA ECX,[LOCAL.10]
CALL 004290F0

; |
; \SystemIn

XOR EDX,EDX
CMP DWORD PTR SS:[LOCAL.5],0
SETNE DL
MOVZX EAX,DL
TEST EAX,EAX
JE SHORT 0042762F
MOV ECX,DWORD PTR SS:[LOCAL.5]
XOR EDX,EDX
CMP ECX,DWORD PTR SS:[LOCAL.10]
SETE DL
MOVZX EAX,DL
TEST EAX,EAX
JNE SHORT 00427634
CALL 0042E888

00427634 |> 33C9


00427636 |.^ 75 FC
00427638 |. 8B55 F0
0042763B |. 33C0
0042763D |. 3B55 DC
00427640 |. 0F94C0
00427643 |. 0FB6C8
00427646 |. 85C9
00427648 |. 74 49
0042764A |. C645 D7 01
0042764E |. 8B55 0C
00427651 |. 52
[ARG.2]
00427652 |. 8B45 F8
00427655 |. 50
[LOCAL.2]
00427656 |. 6A 01
00427658 |. 8D4D CC
0042765B |. 51
OFFSET LOCAL.13
0042765C |. 8B8D 50FFFFFF
00427662 |. E8 49280000
fo.00429EB0
00427667 |. 8985 5CFFFFFF
0042766D |. 8B95 5CFFFFFF
00427673 |. 8B02
00427675 |. 8B4A 04
00427678 |. 8B55 08
0042767B |. 8902
0042767D |. 894A 04
00427680 |. 8B45 08
00427683 |. 8A4D D7
00427686 |. 8848 08
00427689 |. 8B45 08
0042768C |. E9 A8000000
00427691 |. EB 08
00427693 |> 8D4D EC
00427696 |. E8 25540000
0042769B |> 8B55 F0
0042769E |. 8995 58FFFFFF
004276A4 |. 8B4D 0C
004276A7 |. E8 0470FEFF
004276AC |. 50
004276AD |. 8B8D 58FFFFFF
004276B3 |. 83C1 0C
004276B6 |. E8 F56FFEFF
004276BB |. 50
004276BC |. E8 BF720000
fo.0042E980
004276C1 |. 83C4 08
004276C4 |. 33C9
004276C6 |. 85C0
004276C8 |. 0F9CC1
004276CB |. 0FB6D1
004276CE |. 85D2
004276D0 |. 74 49
004276D2 |. C645 CB 01
004276D6 |. 8B45 0C
004276D9 |. 50
004276DA |. 8B4D F8

/XOR ECX,ECX
\JNE SHORT 00427634
MOV EDX,DWORD PTR SS:[LOCAL.4]
XOR EAX,EAX
CMP EDX,DWORD PTR SS:[LOCAL.9]
SETE AL
MOVZX ECX,AL
TEST ECX,ECX
JE SHORT 00427693
MOV BYTE PTR SS:[LOCAL.11+3],1
MOV EDX,DWORD PTR SS:[ARG.2]
PUSH EDX

; /Arg4 =>

MOV EAX,DWORD PTR SS:[LOCAL.2]


PUSH EAX

; |
; |Arg3 =>

PUSH 1
LEA ECX,[LOCAL.13]
PUSH ECX

; |Arg2 = 1
; |
; |Arg1 =>

MOV ECX,DWORD PTR SS:[LOCAL.44]


CALL 00429EB0

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.41],EAX


MOV EDX,DWORD PTR SS:[LOCAL.41]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR DS:[EDX+4]
MOV EDX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR DS:[EDX],EAX
MOV DWORD PTR DS:[EDX+4],ECX
MOV EAX,DWORD PTR SS:[ARG.1]
MOV CL,BYTE PTR SS:[LOCAL.11+3]
MOV BYTE PTR DS:[EAX+8],CL
MOV EAX,DWORD PTR SS:[ARG.1]
JMP 00427739
JMP SHORT 0042769B
LEA ECX,[LOCAL.5]
CALL 0042CAC0
MOV EDX,DWORD PTR SS:[EBP-10]
MOV DWORD PTR SS:[EBP-0A8],EDX
MOV ECX,DWORD PTR SS:[EBP+0C]
CALL 0040E6B0
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP-0A8]
ADD ECX,0C
CALL 0040E6B0
PUSH EAX
CALL 0042E980

;
;
;
;
;
;

ADD ESP,8
XOR ECX,ECX
TEST EAX,EAX
SETL CL
MOVZX EDX,CL
TEST EDX,EDX
JE SHORT 0042771B
MOV BYTE PTR SS:[EBP-35],1
MOV EAX,DWORD PTR SS:[EBP+0C]
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP-8]

; /Arg4
; |

/Arg2
|
|
|
|Arg1
\SystemIn

004276DD |.
004276DE |.
004276E2 |.
004276E3 |.
004276E6 |.
004276E7 |.
004276ED |.
fo.00429EB0
004276F2 |.
004276F8 |.
004276FE |.
00427700 |.
00427703 |.
00427706 |.
00427708 |.
0042770B |.
0042770E |.
00427711 |.
00427714 |.
00427717 |.
00427719 |.
0042771B |>
0042771F |.
00427722 |.
00427725 |.
00427728 |.
0042772A |.
0042772D |.
00427730 |.
00427733 |.
00427736 |.
00427739 |>
0042773B |.
0042773C \.
0042773F
00427740 /.
00427741 |.
00427743 |.
00427746 |.
00427749 |.
0042774E |.
00427751 |.
00427754 |.
00427757 |.
00427759 |.
0042775C |.
00427763 |.
0042776A |.
0042776D |.
00427773 |.
00427776 |.
00427779 |.
0042777B |.
0042777C \.
0042777F
00427780 /.
00427781 |.
00427783 |.
00427784 |.
00427787 |.

51
0FB655 FF
52
8D45 C0
50
8B8D 50FFFFFF
E8 BE270000

PUSH ECX
MOVZX EDX,BYTE PTR SS:[EBP-1]
PUSH EDX
LEA EAX,[EBP-40]
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP-0B0]
CALL 00429EB0

8985 54FFFFFF
8B8D 54FFFFFF
8B11
8B41 04
8B4D 08
8911
8941 04
8B55 08
8A45 CB
8842 08
8B45 08
EB 20
EB 1E
C645 BF 00
8B4D EC
8B55 F0
8B45 08
8908
8950 04
8B4D 08
8A55 BF
8851 08
8B45 08
8BE5
5D
C2 0800
CC
55
8BEC
83EC 08
894D F8
A1 049D4400
8945 FC
8B4D 08
8B55 FC
8911
8B45 08
C740 08 00000
C740 0C 00000
8B4D 08
8B15 D49B4400
8951 10
8B45 08
8BE5
5D
C2 2000
CC
55
8BEC
51
894D FC
8B45 FC

MOV DWORD PTR SS:[EBP-0AC],EAX


MOV ECX,DWORD PTR SS:[EBP-0AC]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR DS:[ECX+4]
MOV ECX,DWORD PTR SS:[EBP+8]
MOV DWORD PTR DS:[ECX],EDX
MOV DWORD PTR DS:[ECX+4],EAX
MOV EDX,DWORD PTR SS:[EBP+8]
MOV AL,BYTE PTR SS:[EBP-35]
MOV BYTE PTR DS:[EDX+8],AL
MOV EAX,DWORD PTR SS:[EBP+8]
JMP SHORT 00427739
JMP SHORT 00427739
MOV BYTE PTR SS:[EBP-41],0
MOV ECX,DWORD PTR SS:[EBP-14]
MOV EDX,DWORD PTR SS:[EBP-10]
MOV EAX,DWORD PTR SS:[EBP+8]
MOV DWORD PTR DS:[EAX],ECX
MOV DWORD PTR DS:[EAX+4],EDX
MOV ECX,DWORD PTR SS:[EBP+8]
MOV DL,BYTE PTR SS:[EBP-41]
MOV BYTE PTR DS:[ECX+8],DL
MOV EAX,DWORD PTR SS:[EBP+8]
MOV ESP,EBP
POP EBP
RETN 8
INT3
PUSH EBP
MOV EBP,ESP
SUB ESP,8
MOV DWORD PTR SS:[LOCAL.2],ECX
MOV EAX,DWORD PTR DS:[449D04]
MOV DWORD PTR SS:[LOCAL.1],EAX
MOV ECX,DWORD PTR SS:[ARG.1]
MOV EDX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR DS:[ECX],EDX
MOV EAX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR DS:[EAX+8],0
MOV DWORD PTR DS:[EAX+0C],0
MOV ECX,DWORD PTR SS:[ARG.1]
MOV EDX,DWORD PTR DS:[449BD4]
MOV DWORD PTR DS:[ECX+10],EDX
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ESP,EBP
POP EBP
RETN 20
INT3
PUSH EBP
MOV EBP,ESP
PUSH ECX
MOV DWORD PTR SS:[LOCAL.1],ECX
MOV EAX,DWORD PTR SS:[LOCAL.1]

;
;
;
;
;
;
;

|Arg3
|
|Arg2
|
|Arg1
|
\SystemIn

0042778A |.
0042778C |.
0042778D \.
00427790 /.
00427791 |.
00427793 |.
00427794 |.
00427797 |.
00427799 |.
0042779A \.
0042779D
0042779E
0042779F
004277A0 /$
004277A1 |.
004277A3 |.
004277A9 |.
004277AF |.
004277B5 |.
004277B8 |.
004277BB |.
004277C2 |.
004277C5 |.
004277C8 |.
004277CF |.
004277D1 |.
004277D6 |>
004277D8 |.^
004277DA |.
004277E0 |.
004277E2 |.
004277E5 |.
004277E8 |.
004277EB |.
004277EE |.
004277F1 |.
004277F7 |.
004277FA |.
004277FD |.
00427800 |.
00427802 |.
00427805 |.
0042780C |.
0042780F |.
00427812 |.
00427819 |.
0042781B |.
00427820 |>
00427822 |.^
00427824 |.
0042782A |.
0042782C |.
0042782F |.
00427832 |.
00427835 |.
00427838 |.
0042783B |.
0042783E |.
[ARG.ECX+18]
0042783F |.

8BE5
5D
C2 0800
55
8BEC
51
894D FC
8BE5
5D
C2 0400
CC
CC
CC
55
8BEC
81EC 90000000
898D 70FFFFFF
8B85 70FFFFFF
8B48 18
894D D4
C745 F0 00000
8B55 D4
8955 F4
83BD 70FFFFFF
75 05
E8 B2700000
33C0
75 FC
8B8D 70FFFFFF
8B11
8955 F0
8B45 F0
8B4D F4
8945 F8
894D FC
8B95 70FFFFFF
8B42 18
8945 D0
8B4D D0
8B11
8955 CC
C745 E0 00000
8B45 CC
8945 E4
83BD 70FFFFFF
75 05
E8 68700000
33C9
75 FC
8B95 70FFFFFF
8B02
8945 E0
8B4D E0
8B55 E4
894D E8
8955 EC
8B45 FC
50

MOV ESP,EBP
POP EBP
RETN 8
PUSH EBP
MOV EBP,ESP
PUSH ECX
MOV DWORD PTR SS:[LOCAL.1],ECX
MOV ESP,EBP
POP EBP
RETN 4
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
SUB ESP,90
MOV DWORD PTR SS:[LOCAL.36],ECX
MOV EAX,DWORD PTR SS:[LOCAL.36]
MOV ECX,DWORD PTR DS:[EAX+18]
MOV DWORD PTR SS:[LOCAL.11],ECX
MOV DWORD PTR SS:[LOCAL.4],0
MOV EDX,DWORD PTR SS:[LOCAL.11]
MOV DWORD PTR SS:[LOCAL.3],EDX
CMP DWORD PTR SS:[LOCAL.36],0
JNE SHORT 004277D6
CALL 0042E888
/XOR EAX,EAX
\JNE SHORT 004277D6
MOV ECX,DWORD PTR SS:[LOCAL.36]
MOV EDX,DWORD PTR DS:[ECX]
MOV DWORD PTR SS:[LOCAL.4],EDX
MOV EAX,DWORD PTR SS:[LOCAL.4]
MOV ECX,DWORD PTR SS:[LOCAL.3]
MOV DWORD PTR SS:[LOCAL.2],EAX
MOV DWORD PTR SS:[LOCAL.1],ECX
MOV EDX,DWORD PTR SS:[LOCAL.36]
MOV EAX,DWORD PTR DS:[EDX+18]
MOV DWORD PTR SS:[LOCAL.12],EAX
MOV ECX,DWORD PTR SS:[LOCAL.12]
MOV EDX,DWORD PTR DS:[ECX]
MOV DWORD PTR SS:[LOCAL.13],EDX
MOV DWORD PTR SS:[LOCAL.8],0
MOV EAX,DWORD PTR SS:[LOCAL.13]
MOV DWORD PTR SS:[LOCAL.7],EAX
CMP DWORD PTR SS:[LOCAL.36],0
JNE SHORT 00427820
CALL 0042E888
/XOR ECX,ECX
\JNE SHORT 00427820
MOV EDX,DWORD PTR SS:[LOCAL.36]
MOV EAX,DWORD PTR DS:[EDX]
MOV DWORD PTR SS:[LOCAL.8],EAX
MOV ECX,DWORD PTR SS:[LOCAL.8]
MOV EDX,DWORD PTR SS:[LOCAL.7]
MOV DWORD PTR SS:[LOCAL.6],ECX
MOV DWORD PTR SS:[LOCAL.5],EDX
MOV EAX,DWORD PTR SS:[LOCAL.1]
PUSH EAX

; /Arg5 =>

8B4D F8

MOV ECX,DWORD PTR SS:[LOCAL.2]

; |

00427842 |. 51
[ARG.ECX]
00427843 |. 8B55 EC
00427846 |. 52
[LOCAL.13]
00427847 |. 8B45 E8
0042784A |. 50
[ARG.ECX]
0042784B |. 8D4D D8
0042784E |. 51
OFFSET LOCAL.10
0042784F |. 8B8D 70FFFFFF
00427855 |. E8 E6230000
fo.00429C40
0042785A |. 8B95 70FFFFFF
00427860 |. 8B42 18
00427863 |. 8985 78FFFFFF
00427869 |. 8B8D 70FFFFFF
0042786F |. 8B51 18
00427872 |. 8995 74FFFFFF
00427878 |. 8B85 74FFFFFF
0042787E |. 50
0042787F |. E8 96700000
00427884 |. 83C4 04
00427887 |. 8B8D 70FFFFFF
0042788D |. C741 18 00000
00427894 |. 8B95 70FFFFFF
0042789A |. C742 1C 00000
004278A1 |. 8BE5
004278A3 |. 5D
004278A4 \. C3
004278A5
CC
004278A6
CC
004278A7
CC
004278A8
CC
004278A9
CC
004278AA
CC
004278AB
CC
004278AC
CC
004278AD
CC
004278AE
CC
004278AF
CC
004278B0 /$ 55
o.004278B0(guessed void)
004278B1 |. 8BEC
004278B3 |. 83EC 10
004278B6 |. 894D F4
004278B9 |. 8B45 F4
004278BC |. 33C9
004278BE |. 8338 00
004278C1 |. 0F95C1
004278C4 |. 0FB6D1
004278C7 |. 85D2
004278C9 |. 75 05
004278CB |. E8 B86F0000
004278D0 |> 33C0
004278D2 |.^ 75 FC
004278D4 |. 8B4D F4
004278D7 |. 8339 00
004278DA |. 74 18

PUSH ECX

; |Arg4 =>

MOV EDX,DWORD PTR SS:[LOCAL.5]


PUSH EDX

; |
; |Arg3 =>

MOV EAX,DWORD PTR SS:[LOCAL.6]


PUSH EAX

; |
; |Arg2 =>

LEA ECX,[LOCAL.10]
PUSH ECX

; |
; |Arg1 =>

MOV ECX,DWORD PTR SS:[LOCAL.36]


CALL 00429C40

; |
; \SystemIn

MOV EDX,DWORD
MOV EAX,DWORD
MOV DWORD PTR
MOV ECX,DWORD
MOV EDX,DWORD
MOV DWORD PTR
MOV EAX,DWORD
PUSH EAX
CALL 0042E91A
ADD ESP,4
MOV ECX,DWORD
MOV DWORD PTR
MOV EDX,DWORD
MOV DWORD PTR
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP

; SystemInf

PTR SS:[LOCAL.36]
PTR DS:[EDX+18]
SS:[LOCAL.34],EAX
PTR SS:[LOCAL.36]
PTR DS:[ECX+18]
SS:[LOCAL.35],EDX
PTR SS:[LOCAL.35]

PTR SS:[LOCAL.36]
DS:[ECX+18],0
PTR SS:[LOCAL.36]
DS:[EDX+1C],0

MOV EBP,ESP
SUB ESP,10
MOV DWORD PTR SS:[LOCAL.3],ECX
MOV EAX,DWORD PTR SS:[LOCAL.3]
XOR ECX,ECX
CMP DWORD PTR DS:[EAX],0
SETNE CL
MOVZX EDX,CL
TEST EDX,EDX
JNE SHORT 004278D0
CALL 0042E888
/XOR EAX,EAX
\JNE SHORT 004278D0
MOV ECX,DWORD PTR SS:[LOCAL.3]
CMP DWORD PTR DS:[ECX],0
JE SHORT 004278F4

004278DC
004278DF
004278E1
004278E4
004278E7
004278EA
004278ED
004278EF
004278F2
004278F4
004278FB
004278FE
00427901
00427904
00427907
00427909
0042790E
00427910
00427912
00427915
00427918
0042791B
0042791D
0042791E
0042791F
00427920
00427921
00427923
00427926
00427929
0042792C
0042792E
00427931
00427934
00427937
00427939
0042793B
00427940
00427942
00427944
00427947
0042794A
0042794E
00427950
00427952
00427957
0042795C
0042795F
00427962
00427965
00427968
0042796B
0042796D
00427971
00427973
00427975
00427978
0042797B
0042797E
00427981

|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|>
|.
|.
|.
|.
|.
|>
|.^
|.
|.
|.
|.
|.
\.
/$
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.^
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.

8B55 F4
8B02
8945 FC
8B4D F8
894D F0
8B55 FC
8B02
8945 F0
EB 07
C745 F0 00000
8B4D F4
8B55 F0
8B41 04
3B42 18
75 05
E8 7A6F0000
33C9
75 FC
8B55 F4
8B42 04
83C0 0C
8BE5
5D
C3
CC
55
8BEC
83EC 14
894D EC
8B45 EC
33C9
8338 00
0F95C1
0FB6D1
85D2
75 05
E8 486F0000
33C0
75 FC
8B4D EC
8B51 04
0FBE42 3D
85C0
74 0A
E8 316F0000
E9 88000000
8B4D EC
8B51 04
83C2 08
8955 F8
8B45 F8
8B08
0FBE51 3D
85D2
75 36
8B45 EC
8B48 04
83C1 08
894D F4
8B55 F4

MOV EDX,DWORD PTR SS:[LOCAL.3]


MOV EAX,DWORD PTR DS:[EDX]
MOV DWORD PTR SS:[LOCAL.1],EAX
MOV ECX,DWORD PTR SS:[LOCAL.2]
MOV DWORD PTR SS:[LOCAL.4],ECX
MOV EDX,DWORD PTR SS:[LOCAL.1]
MOV EAX,DWORD PTR DS:[EDX]
MOV DWORD PTR SS:[LOCAL.4],EAX
JMP SHORT 004278FB
MOV DWORD PTR SS:[LOCAL.4],0
MOV ECX,DWORD PTR SS:[LOCAL.3]
MOV EDX,DWORD PTR SS:[LOCAL.4]
MOV EAX,DWORD PTR DS:[ECX+4]
CMP EAX,DWORD PTR DS:[EDX+18]
JNE SHORT 0042790E
CALL 0042E888
/XOR ECX,ECX
\JNE SHORT 0042790E
MOV EDX,DWORD PTR SS:[LOCAL.3]
MOV EAX,DWORD PTR DS:[EDX+4]
ADD EAX,0C
MOV ESP,EBP
POP EBP
RETN
INT3
PUSH EBP
MOV EBP,ESP
SUB ESP,14
MOV DWORD PTR SS:[LOCAL.5],ECX
MOV EAX,DWORD PTR SS:[LOCAL.5]
XOR ECX,ECX
CMP DWORD PTR DS:[EAX],0
SETNE CL
MOVZX EDX,CL
TEST EDX,EDX
JNE SHORT 00427940
CALL 0042E888
/XOR EAX,EAX
\JNE SHORT 00427940
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV EDX,DWORD PTR DS:[ECX+4]
MOVSX EAX,BYTE PTR DS:[EDX+3D]
TEST EAX,EAX
JE SHORT 0042795C
CALL 0042E888
JMP 004279E4
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV EDX,DWORD PTR DS:[ECX+4]
ADD EDX,8
MOV DWORD PTR SS:[LOCAL.2],EDX
MOV EAX,DWORD PTR SS:[LOCAL.2]
MOV ECX,DWORD PTR DS:[EAX]
MOVSX EDX,BYTE PTR DS:[ECX+3D]
TEST EDX,EDX
JNE SHORT 004279AB
MOV EAX,DWORD PTR SS:[LOCAL.5]
MOV ECX,DWORD PTR DS:[EAX+4]
ADD ECX,8
MOV DWORD PTR SS:[LOCAL.3],ECX
MOV EDX,DWORD PTR SS:[LOCAL.3]

00427984 |. 8B02
00427986 |. 8945 F0
00427989 |> 8B4D F0
0042798C |. 8B11
0042798E |. 0FBE42 3D
00427992 |. 85C0
00427994 |. 75 0A
00427996 |. 8B4D F0
00427999 |. 8B11
0042799B |. 8955 F0
0042799E |.^ EB E9
004279A0 |> 8B45 EC
004279A3 |. 8B4D F0
004279A6 |. 8948 04
004279A9 |. EB 39
004279AB |> 8B55 EC
004279AE |. 8B42 04
004279B1 |. 8B48 04
004279B4 |. 894D FC
004279B7 |. 8B55 FC
004279BA |. 0FBE42 3D
004279BE |. 85C0
004279C0 |. 75 19
004279C2 |. 8B4D EC
004279C5 |. 8B55 FC
004279C8 |. 8B41 04
004279CB |. 3B42 08
004279CE |. 75 0B
004279D0 |. 8B4D EC
004279D3 |. 8B55 FC
004279D6 |. 8951 04
004279D9 |.^ EB D0
004279DB |> 8B45 EC
004279DE |. 8B4D FC
004279E1 |. 8948 04
004279E4 |> 8BE5
004279E6 |. 5D
004279E7 \. C3
004279E8
CC
004279E9
CC
004279EA
CC
004279EB
CC
004279EC
CC
004279ED
CC
004279EE
CC
004279EF
CC
004279F0 /$ 55
o.004279F0(guessed void)
004279F1 |. 8BEC
004279F3 |. 6A FF
004279F5 |. 68 D3684400
004279FA |. 64:A1 0000000
00427A00 |. 50
00427A01 |. 83EC 30
00427A04 |. A1 A0154500
00427A09 |. 33C5
00427A0B |. 50
00427A0C |. 8D45 F4
00427A0F |. 64:A3 0000000
00427A15 |. 894D C4

MOV EAX,DWORD PTR DS:[EDX]


MOV DWORD PTR SS:[LOCAL.4],EAX
/MOV ECX,DWORD PTR SS:[LOCAL.4]
|MOV EDX,DWORD PTR DS:[ECX]
|MOVSX EAX,BYTE PTR DS:[EDX+3D]
|TEST EAX,EAX
|JNE SHORT 004279A0
|MOV ECX,DWORD PTR SS:[LOCAL.4]
|MOV EDX,DWORD PTR DS:[ECX]
|MOV DWORD PTR SS:[LOCAL.4],EDX
\JMP SHORT 00427989
MOV EAX,DWORD PTR SS:[LOCAL.5]
MOV ECX,DWORD PTR SS:[LOCAL.4]
MOV DWORD PTR DS:[EAX+4],ECX
JMP SHORT 004279E4
/MOV EDX,DWORD PTR SS:[LOCAL.5]
|MOV EAX,DWORD PTR DS:[EDX+4]
|MOV ECX,DWORD PTR DS:[EAX+4]
|MOV DWORD PTR SS:[LOCAL.1],ECX
|MOV EDX,DWORD PTR SS:[LOCAL.1]
|MOVSX EAX,BYTE PTR DS:[EDX+3D]
|TEST EAX,EAX
|JNE SHORT 004279DB
|MOV ECX,DWORD PTR SS:[LOCAL.5]
|MOV EDX,DWORD PTR SS:[LOCAL.1]
|MOV EAX,DWORD PTR DS:[ECX+4]
|CMP EAX,DWORD PTR DS:[EDX+8]
|JNE SHORT 004279DB
|MOV ECX,DWORD PTR SS:[LOCAL.5]
|MOV EDX,DWORD PTR SS:[LOCAL.1]
|MOV DWORD PTR DS:[ECX+4],EDX
\JMP SHORT 004279AB
MOV EAX,DWORD PTR SS:[LOCAL.5]
MOV ECX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR DS:[EAX+4],ECX
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
PUSH -1
PUSH 004468D3
MOV EAX,DWORD PTR FS:[0]
PUSH EAX
SUB ESP,30
MOV EAX,DWORD PTR DS:[4515A0]
XOR EAX,EBP
PUSH EAX
LEA EAX,[LOCAL.3]
MOV DWORD PTR FS:[0],EAX
MOV DWORD PTR SS:[LOCAL.15],ECX

; SystemInf

00427A18 |.
00427A1B |.
00427A1E |.
00427A21 |.
00427A24 |.
00427A2C |.
00427A33 |.
00427A36 |.
00427A39 |.
00427A3C |.
00427A3F |.
00427A45 |.
00427A49 |.
00427A4C |.
00427A51 |.
00427A55 |.
00427A58 |.
fo.00426F80
00427A5D |.
00427A64 |.
00427A67 |.
00427A6A |.
00427A6D |.
00427A70 |.
00427A73 |.
00427A76 |.
00427A79 |.
00427A81 |.
00427A84 |.
00427A8B |.
00427A8C |.
00427A8E |.
00427A8F \.
00427A90 /.
00427A91 |.
00427A93 |.
00427A99 |.
00427A9C |.
00427A9F |.
00427AA2 |.
00427AA5 |.
00427AA7 |.
00427AAA |.
00427AAD |.
00427AAF |.
00427AB2 |.
00427AB6 |.
00427AB8 |.
00427ABB |.
00427ABE |.
00427AC0 |.
00427AC3 |.
00427AC6 |.
00427AC9 |.
00427ACC |.
00427ACE |.
00427AD1 |.
00427AD4 |.
00427AD7 |.
00427ADA |.

8B45 C4
8B48 B4
8B51 04
8B45 C4
C74410 B4 6C9
C745 FC 00000
8B4D C4
83E9 48
894D CC
8B55 CC
C702 DC9B4400
C645 FC 01
8B4D CC
E8 7F82FEFF
C645 FC 00
8B4D CC
E8 23F5FFFF

MOV EAX,DWORD PTR SS:[LOCAL.15]


MOV ECX,DWORD PTR DS:[EAX-4C]
MOV EDX,DWORD PTR DS:[ECX+4]
MOV EAX,DWORD PTR SS:[LOCAL.15]
MOV DWORD PTR DS:[EDX+EAX-4C],OFFSET 004
MOV DWORD PTR SS:[LOCAL.1],0
MOV ECX,DWORD PTR SS:[LOCAL.15]
SUB ECX,48
MOV DWORD PTR SS:[LOCAL.13],ECX
MOV EDX,DWORD PTR SS:[LOCAL.13]
MOV DWORD PTR DS:[EDX],OFFSET 00449BDC
MOV BYTE PTR SS:[LOCAL.1],1
MOV ECX,DWORD PTR SS:[LOCAL.13]
CALL 0040FCD0
MOV BYTE PTR SS:[LOCAL.1],0
MOV ECX,DWORD PTR SS:[LOCAL.13]
CALL 00426F80
; [SystemIn

C745 FC FFFFF
8B45 C4
83E8 48
8945 C8
8B4D C8
8B51 FC
8B42 04
8B4D C8
C74401 FC 749
8B4D F4
64:890D 00000
59
8BE5
5D
C3
55
8BEC
81EC 88000000
894D 84
8B45 84
8B48 40
83E1 08
74 72
8B55 84
8B42 24
8B08
894D E4
837D E4 00
74 61
8B55 84
8B42 24
8B08
894D E0
8B55 84
8B45 E0
3B42 3C
73 4B
8B4D 84
8B51 24
8B45 84
8B48 34
8B12

MOV DWORD PTR SS:[LOCAL.1],-1


MOV EAX,DWORD PTR SS:[LOCAL.15]
SUB EAX,48
MOV DWORD PTR SS:[LOCAL.14],EAX
MOV ECX,DWORD PTR SS:[LOCAL.14]
MOV EDX,DWORD PTR DS:[ECX-4]
MOV EAX,DWORD PTR DS:[EDX+4]
MOV ECX,DWORD PTR SS:[LOCAL.14]
MOV DWORD PTR DS:[EAX+ECX-4],OFFSET 0044
MOV ECX,DWORD PTR SS:[LOCAL.3]
MOV DWORD PTR FS:[0],ECX
POP ECX
MOV ESP,EBP
POP EBP
RETN
PUSH EBP
MOV EBP,ESP
SUB ESP,88
MOV DWORD PTR SS:[LOCAL.31],ECX
MOV EAX,DWORD PTR SS:[LOCAL.31]
MOV ECX,DWORD PTR DS:[EAX+40]
AND ECX,00000008
JE SHORT 00427B19
MOV EDX,DWORD PTR SS:[LOCAL.31]
MOV EAX,DWORD PTR DS:[EDX+24]
MOV ECX,DWORD PTR DS:[EAX]
MOV DWORD PTR SS:[LOCAL.7],ECX
CMP DWORD PTR SS:[LOCAL.7],0
JE SHORT 00427B19
MOV EDX,DWORD PTR SS:[LOCAL.31]
MOV EAX,DWORD PTR DS:[EDX+24]
MOV ECX,DWORD PTR DS:[EAX]
MOV DWORD PTR SS:[LOCAL.8],ECX
MOV EDX,DWORD PTR SS:[LOCAL.31]
MOV EAX,DWORD PTR SS:[LOCAL.8]
CMP EAX,DWORD PTR DS:[EDX+3C]
JNB SHORT 00427B19
MOV ECX,DWORD PTR SS:[LOCAL.31]
MOV EDX,DWORD PTR DS:[ECX+24]
MOV EAX,DWORD PTR SS:[LOCAL.31]
MOV ECX,DWORD PTR DS:[EAX+34]
MOV EDX,DWORD PTR DS:[EDX]

00427ADC
00427ADE
00427AE1
00427AE4
00427AE7
00427AE9
00427AEC
00427AEF
00427AF2
00427AF5
00427AF8
00427AFB
00427AFE
00427B00
00427B03
00427B06
00427B09
00427B0B
00427B0E
00427B11
00427B14
00427B17
00427B19
00427B20
00427B23
00427B25
00427B28
00427B2B
00427B2E
00427B30
00427B32
00427B36
00427B38
00427B3B
00427B3E
00427B40
00427B43
00427B45
00427B47
00427B4A
00427B4D
00427B50
00427B55
00427B5A
00427B5D
00427B60
00427B62
00427B65
00427B69
00427B6B
00427B6E
00427B71
00427B73
00427B76
00427B79
00427B7C
00427B7F
00427B82
00427B84
00427B86

|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|>
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.

0311
8955 DC
8B45 84
8B48 14
8B11
8955 D8
8B45 84
8B48 3C
894D D4
8B55 84
8B42 14
8B4D D8
8908
8B55 84
8B42 24
8B4D D4
8908
8B55 DC
2B55 D4
8B45 84
8B48 34
8911
C745 E8 FFFFF
8B55 E8
33C0
3B55 08
0F94C0
0FB6C8
85C9
74 28
837D 08 FF
74 08
8B55 08
8955 80
EB 0D
83C8 FF
F7D8
1BC0
83C0 01
8945 80
8B45 80
E9 0D030000
E9 08030000
8B4D 84
8B51 24
8B02
8945 D0
837D D0 00
74 40
8B4D 84
8B51 24
8B02
8945 CC
8B4D 84
8B51 34
8B45 84
8B48 24
8B01
0302
3945 CC

ADD EDX,DWORD PTR DS:[ECX]


MOV DWORD PTR SS:[LOCAL.9],EDX
MOV EAX,DWORD PTR SS:[LOCAL.31]
MOV ECX,DWORD PTR DS:[EAX+14]
MOV EDX,DWORD PTR DS:[ECX]
MOV DWORD PTR SS:[LOCAL.10],EDX
MOV EAX,DWORD PTR SS:[LOCAL.31]
MOV ECX,DWORD PTR DS:[EAX+3C]
MOV DWORD PTR SS:[LOCAL.11],ECX
MOV EDX,DWORD PTR SS:[LOCAL.31]
MOV EAX,DWORD PTR DS:[EDX+14]
MOV ECX,DWORD PTR SS:[LOCAL.10]
MOV DWORD PTR DS:[EAX],ECX
MOV EDX,DWORD PTR SS:[LOCAL.31]
MOV EAX,DWORD PTR DS:[EDX+24]
MOV ECX,DWORD PTR SS:[LOCAL.11]
MOV DWORD PTR DS:[EAX],ECX
MOV EDX,DWORD PTR SS:[LOCAL.9]
SUB EDX,DWORD PTR SS:[LOCAL.11]
MOV EAX,DWORD PTR SS:[LOCAL.31]
MOV ECX,DWORD PTR DS:[EAX+34]
MOV DWORD PTR DS:[ECX],EDX
MOV DWORD PTR SS:[LOCAL.6],-1
MOV EDX,DWORD PTR SS:[LOCAL.6]
XOR EAX,EAX
CMP EDX,DWORD PTR SS:[ARG.1]
SETE AL
MOVZX ECX,AL
TEST ECX,ECX
JE SHORT 00427B5A
CMP DWORD PTR SS:[ARG.1],-1
JE SHORT 00427B40
MOV EDX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR SS:[LOCAL.32],EDX
JMP SHORT 00427B4D
OR EAX,FFFFFFFF
NEG EAX
SBB EAX,EAX
ADD EAX,1
MOV DWORD PTR SS:[LOCAL.32],EAX
MOV EAX,DWORD PTR SS:[LOCAL.32]
JMP 00427E62
JMP 00427E62
MOV ECX,DWORD PTR SS:[LOCAL.31]
MOV EDX,DWORD PTR DS:[ECX+24]
MOV EAX,DWORD PTR DS:[EDX]
MOV DWORD PTR SS:[LOCAL.12],EAX
CMP DWORD PTR SS:[LOCAL.12],0
JE SHORT 00427BAB
MOV ECX,DWORD PTR SS:[LOCAL.31]
MOV EDX,DWORD PTR DS:[ECX+24]
MOV EAX,DWORD PTR DS:[EDX]
MOV DWORD PTR SS:[LOCAL.13],EAX
MOV ECX,DWORD PTR SS:[LOCAL.31]
MOV EDX,DWORD PTR DS:[ECX+34]
MOV EAX,DWORD PTR SS:[LOCAL.31]
MOV ECX,DWORD PTR DS:[EAX+24]
MOV EAX,DWORD PTR DS:[ECX]
ADD EAX,DWORD PTR DS:[EDX]
CMP DWORD PTR SS:[LOCAL.13],EAX

00427B89
00427B8B
00427B8E
00427B91
00427B94
00427B99
00427B9C
00427B9E
00427BA1
00427BA6
00427BAB
00427BAE
00427BB1
00427BB4
00427BB6
00427BB9
00427BBE
00427BC3
00427BC6
00427BC9
00427BCB
00427BCE
00427BD2
00427BD4
00427BDE
00427BE0
00427BE3
00427BE6
00427BE9
00427BEC
00427BEE
00427BF0
00427BF3
00427BF6
00427BF9
00427BFB
00427BFE
00427C01
00427C04
00427C0A
00427C10
00427C13
00427C16
00427C19
00427C1C
00427C1E
00427C21
00427C23
00427C2D
00427C2F
00427C32
00427C34
00427C3A
00427C40
00427C43
00427C47
00427C49
00427C4E
00427C51
00427C54

|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|>
|.
|>
|.
|.
|.
|.
|.

73 20
8A4D 08
884D CB
8B4D 84
E8 E780FEFF
8A55 CB
8810
8B45 08
E9 BC020000
E9 B7020000
8B45 84
8B48 40
83E1 02
74 0D
83C8 FF
E9 A4020000
E9 9F020000
8B55 84
8B42 24
8B08
894D C4
837D C4 00
75 0C
C785 7CFFFFFF
EB 2A
8B55 84
8B42 24
8B4D 84
8B51 34
8B00
0302
8945 C0
8B4D 84
8B51 10
8B02
8945 BC
8B4D C0
2B4D BC
898D 7CFFFFFF
8B95 7CFFFFFF
8955 F4
8B45 F4
8945 EC
8B4D EC
D1E9
83F9 20
73 0C
C785 78FFFFFF
EB 0B
8B55 EC
D1EA
8995 78FFFFFF
8B85 78FFFFFF
8945 F8
837D F8 00
76 17
B9 FFFFFF7F
2B4D F8
3B4D EC
73 0A

JNB SHORT 00427BAB


MOV CL,BYTE PTR SS:[ARG.1]
MOV BYTE PTR SS:[LOCAL.14+3],CL
MOV ECX,DWORD PTR SS:[LOCAL.31]
CALL 0040FC80
MOV DL,BYTE PTR SS:[LOCAL.14+3]
MOV BYTE PTR DS:[EAX],DL
MOV EAX,DWORD PTR SS:[ARG.1]
JMP 00427E62
JMP 00427E62
MOV EAX,DWORD PTR SS:[LOCAL.31]
MOV ECX,DWORD PTR DS:[EAX+40]
AND ECX,00000002
JE SHORT 00427BC3
OR EAX,FFFFFFFF
JMP 00427E62
JMP 00427E62
MOV EDX,DWORD PTR SS:[LOCAL.31]
MOV EAX,DWORD PTR DS:[EDX+24]
MOV ECX,DWORD PTR DS:[EAX]
MOV DWORD PTR SS:[LOCAL.15],ECX
CMP DWORD PTR SS:[LOCAL.15],0
JNE SHORT 00427BE0
MOV DWORD PTR SS:[LOCAL.33],0
JMP SHORT 00427C0A
MOV EDX,DWORD PTR SS:[LOCAL.31]
MOV EAX,DWORD PTR DS:[EDX+24]
MOV ECX,DWORD PTR SS:[LOCAL.31]
MOV EDX,DWORD PTR DS:[ECX+34]
MOV EAX,DWORD PTR DS:[EAX]
ADD EAX,DWORD PTR DS:[EDX]
MOV DWORD PTR SS:[LOCAL.16],EAX
MOV ECX,DWORD PTR SS:[LOCAL.31]
MOV EDX,DWORD PTR DS:[ECX+10]
MOV EAX,DWORD PTR DS:[EDX]
MOV DWORD PTR SS:[LOCAL.17],EAX
MOV ECX,DWORD PTR SS:[LOCAL.16]
SUB ECX,DWORD PTR SS:[LOCAL.17]
MOV DWORD PTR SS:[LOCAL.33],ECX
MOV EDX,DWORD PTR SS:[LOCAL.33]
MOV DWORD PTR SS:[LOCAL.3],EDX
MOV EAX,DWORD PTR SS:[LOCAL.3]
MOV DWORD PTR SS:[LOCAL.5],EAX
MOV ECX,DWORD PTR SS:[LOCAL.5]
SHR ECX,1
CMP ECX,20
JNB SHORT 00427C2F
MOV DWORD PTR SS:[LOCAL.34],20
JMP SHORT 00427C3A
MOV EDX,DWORD PTR SS:[LOCAL.5]
SHR EDX,1
MOV DWORD PTR SS:[LOCAL.34],EDX
MOV EAX,DWORD PTR SS:[LOCAL.34]
MOV DWORD PTR SS:[LOCAL.2],EAX
/CMP DWORD PTR SS:[LOCAL.2],0
|JBE SHORT 00427C60
|MOV ECX,7FFFFFFF
|SUB ECX,DWORD PTR SS:[LOCAL.2]
|CMP ECX,DWORD PTR SS:[LOCAL.5]
|JNB SHORT 00427C60

00427C56 |.
00427C59 |.
00427C5B |.
00427C5E |.^
00427C60 |>
00427C64 |.
00427C66 |.
00427C69 |.
00427C6E |>
00427C71 |.
00427C74 |.
00427C77 |.
00427C7A |.
00427C7B |.
00427C7E |.
00427C81 |.
fo.00410160
00427C86 |.
00427C89 |.
00427C8C |.
00427C8F |.
00427C91 |.
00427C94 |.
00427C98 |.
00427C9A |.
00427C9D |.
00427CA0 |.
00427CA3 |.
00427CA4 |.
00427CA7 |.
[LOCAL.4]
00427CA8 |.
00427CAB |.
00427CAC |.
00427CAF |.
[LOCAL.1]
00427CB0 |.
fo.0042EA08
00427CB5 |.
00427CB8 |>
00427CBC |.
00427CC2 |.
00427CC5 |.
00427CC8 |.
00427CCB |.
00427CCE |.
00427CD1 |.
00427CD4 |.
00427CD6 |.
00427CD9 |.
00427CDC |.
00427CDF |.
00427CE1 |.
00427CE4 |.
00427CE7 |.
00427CEA |.
00427CED |.
00427CF0 |.
00427CF2 |.
00427CF5 |.

8B55 F8
D1EA
8955 F8
EB E3
837D F8 00
75 08
83C8 FF
E9 F4010000
8B45 EC
0345 F8
8945 EC
8B4D EC
51
8B4D 84
83C1 44
E8 DA84FEFF

|MOV EDX,DWORD PTR SS:[LOCAL.2]


|SHR EDX,1
|MOV DWORD PTR SS:[LOCAL.2],EDX
\JMP SHORT 00427C43
CMP DWORD PTR SS:[LOCAL.2],0
JNE SHORT 00427C6E
OR EAX,FFFFFFFF
JMP 00427E62
MOV EAX,DWORD PTR SS:[LOCAL.5]
ADD EAX,DWORD PTR SS:[LOCAL.2]
MOV DWORD PTR SS:[LOCAL.5],EAX
MOV ECX,DWORD PTR SS:[LOCAL.5]
PUSH ECX
MOV ECX,DWORD PTR SS:[LOCAL.31]
ADD ECX,44
CALL 00410160

;
;
;
;

8945 FC
8B55 84
8B42 10
8B08
894D F0
837D F4 00
76 1E
8A55 A6
8855 A7
8B45 F4
50
8B4D F0
51

MOV DWORD PTR SS:[LOCAL.1],EAX


MOV EDX,DWORD PTR SS:[LOCAL.31]
MOV EAX,DWORD PTR DS:[EDX+10]
MOV ECX,DWORD PTR DS:[EAX]
MOV DWORD PTR SS:[LOCAL.4],ECX
CMP DWORD PTR SS:[LOCAL.3],0
JBE SHORT 00427CB8
MOV DL,BYTE PTR SS:[LOCAL.23+2]
MOV BYTE PTR SS:[LOCAL.23+3],DL
MOV EAX,DWORD PTR SS:[LOCAL.3]
PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.4]
PUSH ECX

; /Arg4
; |
; |Arg3 =>

8B55 EC
52
8B45 FC
50

MOV EDX,DWORD PTR SS:[LOCAL.5]


PUSH EDX
MOV EAX,DWORD PTR SS:[LOCAL.1]
PUSH EAX

;
;
;
;

E8 536D0000

CALL 0042EA08

; \SystemIn

83C4
837D
0F85
8B4D
8B55
8951
8B45
8B48
8B55
8911
8B45
8B48
8B55
8911
8B45
0345
2B45
8B4D
8B51
8902
8B45
8B48

ADD
CMP
JNE
MOV
MOV
MOV
MOV
MOV
MOV
MOV
MOV
MOV
MOV
MOV
MOV
ADD
SUB
MOV
MOV
MOV
MOV
MOV

10
F4 00
8B000000
84
FC
3C
84
14
FC
84
24
FC
FC
EC
FC
84
34
84
40

ESP,10
DWORD PTR
00427D4D
ECX,DWORD
EDX,DWORD
DWORD PTR
EAX,DWORD
ECX,DWORD
EDX,DWORD
DWORD PTR
EAX,DWORD
ECX,DWORD
EDX,DWORD
DWORD PTR
EAX,DWORD
EAX,DWORD
EAX,DWORD
ECX,DWORD
EDX,DWORD
DWORD PTR
EAX,DWORD
ECX,DWORD

SS:[LOCAL.3],0
PTR SS:[LOCAL.31]
PTR SS:[LOCAL.1]
DS:[ECX+3C],EDX
PTR SS:[LOCAL.31]
PTR DS:[EAX+14]
PTR SS:[LOCAL.1]
DS:[ECX],EDX
PTR SS:[LOCAL.31]
PTR DS:[EAX+24]
PTR SS:[LOCAL.1]
DS:[ECX],EDX
PTR SS:[LOCAL.1]
PTR SS:[LOCAL.5]
PTR SS:[LOCAL.1]
PTR SS:[LOCAL.31]
PTR DS:[ECX+34]
DS:[EDX],EAX
PTR SS:[LOCAL.31]
PTR DS:[EAX+40]

/Arg1
|
|
\SystemIn

|
|Arg2
|
|Arg1 =>

00427CF8
00427CFB
00427CFD
00427D00
00427D03
00427D06
00427D08
00427D0B
00427D0E
00427D14
00427D17
00427D1A
00427D1D
00427D1F
00427D21
00427D24
00427D27
00427D2A
00427D2C
00427D2F
00427D32
00427D35
00427D37
00427D3A
00427D3D
00427D40
00427D43
00427D46
00427D48
00427D4D
00427D50
00427D53
00427D56
00427D59
00427D5C
00427D5F
00427D62
00427D65
00427D67
00427D6A
00427D6D
00427D70
00427D72
00427D75
00427D78
00427D7B
00427D7E
00427D81
00427D84
00427D87
00427D8A
00427D8D
00427D90
00427D92
00427D95
00427D98
00427D9B
00427D9D
00427DA0
00427DA3

|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.

83E1 04
74 24
8B55 84
8B42 10
8B4D FC
8908
8B55 84
8B42 20
C700 00000000
8B4D FC
8B55 84
8B42 30
8908
EB 27
8B4D 84
8B51 10
8B45 FC
8902
8B4D 84
8B51 20
8B45 FC
8902
8B4D FC
83C1 01
2B4D FC
8B55 84
8B42 30
8908
E9 D9000000
8B4D 84
8B51 3C
2B55 F0
0355 FC
8B45 84
8950 3C
8B4D 84
8B51 24
8B02
8945 A0
8B4D 84
8B51 14
8B02
8945 9C
8B4D A0
2B4D F0
034D FC
894D 98
8B55 84
8B42 14
8B4D 9C
2B4D F0
034D FC
8908
8B55 84
8B42 24
8B4D 98
8908
8B55 FC
0355 EC
2B55 98

AND ECX,00000004
JE SHORT 00427D21
MOV EDX,DWORD PTR SS:[LOCAL.31]
MOV EAX,DWORD PTR DS:[EDX+10]
MOV ECX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR DS:[EAX],ECX
MOV EDX,DWORD PTR SS:[LOCAL.31]
MOV EAX,DWORD PTR DS:[EDX+20]
MOV DWORD PTR DS:[EAX],0
MOV ECX,DWORD PTR SS:[LOCAL.1]
MOV EDX,DWORD PTR SS:[LOCAL.31]
MOV EAX,DWORD PTR DS:[EDX+30]
MOV DWORD PTR DS:[EAX],ECX
JMP SHORT 00427D48
MOV ECX,DWORD PTR SS:[LOCAL.31]
MOV EDX,DWORD PTR DS:[ECX+10]
MOV EAX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR DS:[EDX],EAX
MOV ECX,DWORD PTR SS:[LOCAL.31]
MOV EDX,DWORD PTR DS:[ECX+20]
MOV EAX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR DS:[EDX],EAX
MOV ECX,DWORD PTR SS:[LOCAL.1]
ADD ECX,1
SUB ECX,DWORD PTR SS:[LOCAL.1]
MOV EDX,DWORD PTR SS:[LOCAL.31]
MOV EAX,DWORD PTR DS:[EDX+30]
MOV DWORD PTR DS:[EAX],ECX
JMP 00427E26
MOV ECX,DWORD PTR SS:[LOCAL.31]
MOV EDX,DWORD PTR DS:[ECX+3C]
SUB EDX,DWORD PTR SS:[LOCAL.4]
ADD EDX,DWORD PTR SS:[LOCAL.1]
MOV EAX,DWORD PTR SS:[LOCAL.31]
MOV DWORD PTR DS:[EAX+3C],EDX
MOV ECX,DWORD PTR SS:[LOCAL.31]
MOV EDX,DWORD PTR DS:[ECX+24]
MOV EAX,DWORD PTR DS:[EDX]
MOV DWORD PTR SS:[LOCAL.24],EAX
MOV ECX,DWORD PTR SS:[LOCAL.31]
MOV EDX,DWORD PTR DS:[ECX+14]
MOV EAX,DWORD PTR DS:[EDX]
MOV DWORD PTR SS:[LOCAL.25],EAX
MOV ECX,DWORD PTR SS:[LOCAL.24]
SUB ECX,DWORD PTR SS:[LOCAL.4]
ADD ECX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR SS:[LOCAL.26],ECX
MOV EDX,DWORD PTR SS:[LOCAL.31]
MOV EAX,DWORD PTR DS:[EDX+14]
MOV ECX,DWORD PTR SS:[LOCAL.25]
SUB ECX,DWORD PTR SS:[LOCAL.4]
ADD ECX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR DS:[EAX],ECX
MOV EDX,DWORD PTR SS:[LOCAL.31]
MOV EAX,DWORD PTR DS:[EDX+24]
MOV ECX,DWORD PTR SS:[LOCAL.26]
MOV DWORD PTR DS:[EAX],ECX
MOV EDX,DWORD PTR SS:[LOCAL.1]
ADD EDX,DWORD PTR SS:[LOCAL.5]
SUB EDX,DWORD PTR SS:[LOCAL.26]

00427DA6
00427DA9
00427DAC
00427DAE
00427DB1
00427DB4
00427DB7
00427DB9
00427DBC
00427DBF
00427DC2
00427DC4
00427DC7
00427DCA
00427DD0
00427DD3
00427DD6
00427DD9
00427DDB
00427DDD
00427DE0
00427DE3
00427DE5
00427DE8
00427DEB
00427DEE
00427DF0
00427DF3
00427DF6
00427DF9
00427DFC
00427DFF
00427E02
00427E05
00427E08
00427E0A
00427E0D
00427E10
00427E13
00427E15
00427E18
00427E1B
00427E1E
00427E21
00427E24
00427E26
00427E29
00427E2C
00427E2F
00427E31
00427E34
00427E35
00427E3A
00427E3D
00427E40
00427E43
00427E46
00427E49
00427E4C
00427E4F

|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.

8B45 84
8B48 34
8911
8B55 84
8B42 40
83E0 04
74 24
8B4D 84
8B51 10
8B45 FC
8902
8B4D 84
8B51 20
C702 00000000
8B45 FC
8B4D 84
8B51 30
8902
EB 49
8B45 84
8B48 24
8B11
8955 94
8B45 84
8B48 20
8B11
8955 90
8B45 90
2B45 F0
0345 FC
8945 8C
8B4D 84
8B51 10
8B45 FC
8902
8B4D 84
8B51 20
8B45 8C
8902
8B4D 94
83C1 01
2B4D 8C
8B55 84
8B42 30
8908
8B4D 84
8B51 40
83E2 01
74 0C
8B45 F0
50
E8 E06A0000
83C4 04
8B4D 84
8B51 40
83CA 01
8B45 84
8950 40
8A4D 08
884D 8B

MOV EAX,DWORD PTR SS:[LOCAL.31]


MOV ECX,DWORD PTR DS:[EAX+34]
MOV DWORD PTR DS:[ECX],EDX
MOV EDX,DWORD PTR SS:[LOCAL.31]
MOV EAX,DWORD PTR DS:[EDX+40]
AND EAX,00000004
JE SHORT 00427DDD
MOV ECX,DWORD PTR SS:[LOCAL.31]
MOV EDX,DWORD PTR DS:[ECX+10]
MOV EAX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR DS:[EDX],EAX
MOV ECX,DWORD PTR SS:[LOCAL.31]
MOV EDX,DWORD PTR DS:[ECX+20]
MOV DWORD PTR DS:[EDX],0
MOV EAX,DWORD PTR SS:[LOCAL.1]
MOV ECX,DWORD PTR SS:[LOCAL.31]
MOV EDX,DWORD PTR DS:[ECX+30]
MOV DWORD PTR DS:[EDX],EAX
JMP SHORT 00427E26
MOV EAX,DWORD PTR SS:[LOCAL.31]
MOV ECX,DWORD PTR DS:[EAX+24]
MOV EDX,DWORD PTR DS:[ECX]
MOV DWORD PTR SS:[LOCAL.27],EDX
MOV EAX,DWORD PTR SS:[LOCAL.31]
MOV ECX,DWORD PTR DS:[EAX+20]
MOV EDX,DWORD PTR DS:[ECX]
MOV DWORD PTR SS:[LOCAL.28],EDX
MOV EAX,DWORD PTR SS:[LOCAL.28]
SUB EAX,DWORD PTR SS:[LOCAL.4]
ADD EAX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR SS:[LOCAL.29],EAX
MOV ECX,DWORD PTR SS:[LOCAL.31]
MOV EDX,DWORD PTR DS:[ECX+10]
MOV EAX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR DS:[EDX],EAX
MOV ECX,DWORD PTR SS:[LOCAL.31]
MOV EDX,DWORD PTR DS:[ECX+20]
MOV EAX,DWORD PTR SS:[LOCAL.29]
MOV DWORD PTR DS:[EDX],EAX
MOV ECX,DWORD PTR SS:[LOCAL.27]
ADD ECX,1
SUB ECX,DWORD PTR SS:[LOCAL.29]
MOV EDX,DWORD PTR SS:[LOCAL.31]
MOV EAX,DWORD PTR DS:[EDX+30]
MOV DWORD PTR DS:[EAX],ECX
MOV ECX,DWORD PTR SS:[LOCAL.31]
MOV EDX,DWORD PTR DS:[ECX+40]
AND EDX,00000001
JE SHORT 00427E3D
MOV EAX,DWORD PTR SS:[LOCAL.4]
PUSH EAX
CALL 0042E91A
ADD ESP,4
MOV ECX,DWORD PTR SS:[LOCAL.31]
MOV EDX,DWORD PTR DS:[ECX+40]
OR EDX,00000001
MOV EAX,DWORD PTR SS:[LOCAL.31]
MOV DWORD PTR DS:[EAX+40],EDX
MOV CL,BYTE PTR SS:[ARG.1]
MOV BYTE PTR SS:[LOCAL.30+3],CL

00427E52
00427E55
00427E5A
00427E5D
00427E5F
00427E62
00427E64
00427E65
00427E68
00427E69
00427E6A
00427E6B
00427E6C
00427E6D
00427E6E
00427E6F
00427E70
00427E71
00427E73
00427E76
00427E79
00427E7C
00427E7F
00427E81
00427E84
00427E88
00427E8A
00427E8D
00427E90
00427E92
00427E95
00427E98
00427E9B
00427E9D
00427EA0
00427EA3
00427EA6
00427EA8
00427EAF
00427EB2
00427EB4
00427EB7
00427EBA
00427EBD
00427EBF
00427EC1
00427EC4
00427EC7
00427ECA
00427ECD
00427ECF
00427ED2
00427ED5
00427ED9
00427EDD
00427EDF
00427EE1
00427EE4
00427EE7
00427EE9

|.
|.
|.
|.
|.
|>
|.
\.

/.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.

8B4D 84
E8 267EFEFF
8A55 8B
8810
8B45 08
8BE5
5D
C2 0400
CC
CC
CC
CC
CC
CC
CC
CC
55
8BEC
83EC 2C
894D D8
8B45 D8
8B48 20
8B11
8955 F0
837D F0 00
74 6C
8B45 D8
8B48 20
8B11
8955 EC
8B45 D8
8B48 10
8B11
8955 E8
8B45 EC
3B45 E8
76 4E
C745 FC FFFFF
8B4D FC
33D2
3B4D 08
0F94C2
0FB6C2
85C0
75 3C
8A4D 08
884D FB
8B55 D8
8B42 20
8B08
894D E4
8B55 E4
0FBE42 FF
0FBE4D FB
33D2
3BC8
0F94C2
0FB6C2
85C0
75 12

MOV ECX,DWORD PTR SS:[LOCAL.31]


CALL 0040FC80
MOV DL,BYTE PTR SS:[LOCAL.30+3]
MOV BYTE PTR DS:[EAX],DL
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ESP,EBP
POP EBP
RETN 4
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
SUB ESP,2C
MOV DWORD PTR SS:[LOCAL.10],ECX
MOV EAX,DWORD PTR SS:[LOCAL.10]
MOV ECX,DWORD PTR DS:[EAX+20]
MOV EDX,DWORD PTR DS:[ECX]
MOV DWORD PTR SS:[LOCAL.4],EDX
CMP DWORD PTR SS:[LOCAL.4],0
JE SHORT 00427EF6
MOV EAX,DWORD PTR SS:[LOCAL.10]
MOV ECX,DWORD PTR DS:[EAX+20]
MOV EDX,DWORD PTR DS:[ECX]
MOV DWORD PTR SS:[LOCAL.5],EDX
MOV EAX,DWORD PTR SS:[LOCAL.10]
MOV ECX,DWORD PTR DS:[EAX+10]
MOV EDX,DWORD PTR DS:[ECX]
MOV DWORD PTR SS:[LOCAL.6],EDX
MOV EAX,DWORD PTR SS:[LOCAL.5]
CMP EAX,DWORD PTR SS:[LOCAL.6]
JBE SHORT 00427EF6
MOV DWORD PTR SS:[LOCAL.1],-1
MOV ECX,DWORD PTR SS:[LOCAL.1]
XOR EDX,EDX
CMP ECX,DWORD PTR SS:[ARG.1]
SETE DL
MOVZX EAX,DL
TEST EAX,EAX
JNE SHORT 00427EFD
MOV CL,BYTE PTR SS:[ARG.1]
MOV BYTE PTR SS:[LOCAL.2+3],CL
MOV EDX,DWORD PTR SS:[LOCAL.10]
MOV EAX,DWORD PTR DS:[EDX+20]
MOV ECX,DWORD PTR DS:[EAX]
MOV DWORD PTR SS:[LOCAL.7],ECX
MOV EDX,DWORD PTR SS:[LOCAL.7]
MOVSX EAX,BYTE PTR DS:[EDX-1]
MOVSX ECX,BYTE PTR SS:[LOCAL.2+3]
XOR EDX,EDX
CMP ECX,EAX
SETE DL
MOVZX EAX,DL
TEST EAX,EAX
JNE SHORT 00427EFD

00427EEB
00427EEE
00427EF1
00427EF4
00427EF6
00427EF9
00427EFB
00427EFD
00427F00
00427F03
00427F05
00427F08
00427F0B
00427F0E
00427F10
00427F13
00427F16
00427F18
00427F1B
00427F1E
00427F21
00427F23
00427F2A
00427F2D
00427F2F
00427F32
00427F35
00427F38
00427F3A
00427F3C
00427F3F
00427F42
00427F45
00427F48
00427F4A
00427F4D
00427F50
00427F53
00427F55
00427F59
00427F5B
00427F5E
00427F61
00427F63
00427F66
00427F68
00427F6A
00427F6D
00427F70
00427F73
00427F75
00427F76
00427F79
00427F7A
00427F7B
00427F7C
00427F7D
00427F7E
00427F7F
00427F80

|.
|.
|.
|.
|>
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|>
|.
|.
|.
|.
|>
|>
|.
\.

8B4D D8
MOV ECX,DWORD PTR SS:[LOCAL.10]
8B51 40
MOV EDX,DWORD PTR DS:[ECX+40]
83E2 02
AND EDX,00000002
74 07
JE SHORT 00427EFD
83C8 FF
OR EAX,FFFFFFFF
EB 78
JMP SHORT 00427F73
EB 76
JMP SHORT 00427F73
8B45 D8
MOV EAX,DWORD PTR SS:[LOCAL.10]
8B48 30
MOV ECX,DWORD PTR DS:[EAX+30]
8B11
MOV EDX,DWORD PTR DS:[ECX]
83C2 01
ADD EDX,1
8B45 D8
MOV EAX,DWORD PTR SS:[LOCAL.10]
8B48 30
MOV ECX,DWORD PTR DS:[EAX+30]
8911
MOV DWORD PTR DS:[ECX],EDX
8B55 D8
MOV EDX,DWORD PTR SS:[LOCAL.10]
8B42 20
MOV EAX,DWORD PTR DS:[EDX+20]
8B08
MOV ECX,DWORD PTR DS:[EAX]
83E9 01
SUB ECX,1
8B55 D8
MOV EDX,DWORD PTR SS:[LOCAL.10]
8B42 20
MOV EAX,DWORD PTR DS:[EDX+20]
8908
MOV DWORD PTR DS:[EAX],ECX
C745 F4 FFFFF MOV DWORD PTR SS:[LOCAL.3],-1
8B4D F4
MOV ECX,DWORD PTR SS:[LOCAL.3]
33D2
XOR EDX,EDX
3B4D 08
CMP ECX,DWORD PTR SS:[ARG.1]
0F94C2
SETE DL
0FB6C2
MOVZX EAX,DL
85C0
TEST EAX,EAX
75 19
JNE SHORT 00427F55
8A4D 08
MOV CL,BYTE PTR SS:[ARG.1]
884D E3
MOV BYTE PTR SS:[LOCAL.8+3],CL
8B55 D8
MOV EDX,DWORD PTR SS:[LOCAL.10]
8B42 20
MOV EAX,DWORD PTR DS:[EDX+20]
8B08
MOV ECX,DWORD PTR DS:[EAX]
894D DC
MOV DWORD PTR SS:[LOCAL.9],ECX
8B55 DC
MOV EDX,DWORD PTR SS:[LOCAL.9]
8A45 E3
MOV AL,BYTE PTR SS:[LOCAL.8+3]
8802
MOV BYTE PTR DS:[EDX],AL
837D 08 FF
CMP DWORD PTR SS:[ARG.1],-1
74 08
JE SHORT 00427F63
8B4D 08
MOV ECX,DWORD PTR SS:[ARG.1]
894D D4
MOV DWORD PTR SS:[LOCAL.11],ECX
EB 0D
JMP SHORT 00427F70
83CA FF
OR EDX,FFFFFFFF
F7DA
NEG EDX
1BD2
SBB EDX,EDX
83C2 01
ADD EDX,1
8955 D4
MOV DWORD PTR SS:[LOCAL.11],EDX
8B45 D4
MOV EAX,DWORD PTR SS:[LOCAL.11]
8BE5
MOV ESP,EBP
5D
POP EBP
C2 0400
RETN 4
CC
INT3
CC
INT3
CC
INT3
CC
INT3
CC
INT3
CC
INT3
CC
INT3
/. 55
PUSH EBP

00427F81
00427F83
00427F86
00427F89
00427F8C
00427F8F
00427F91
00427F94
00427F98
00427F9A
00427F9D
00427FA2
00427FA7
00427FAA
00427FAD
00427FAF
00427FB2
00427FB5
00427FB8
00427FBB
00427FBE
00427FC0
00427FC2
00427FC5
00427FC7
00427FCA
00427FCD
00427FCF
00427FD2
00427FD5
00427FD8
00427FDD
00427FE2
00427FE5
00427FE8
00427FEB
00427FED
00427FF0
00427FF3
00427FF5
00427FF8
00427FFC
00427FFE
00428001
00428004
00428006
00428009
0042800C
0042800F
00428011
00428014
00428017
0042801A
0042801C
0042801F
00428022
00428024
00428027
0042802A
0042802D

|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.

8BEC
83EC 38
894D C8
8B45 C8
8B48 20
8B11
8955 FC
837D FC 00
75 0D
83C8 FF
E9 18010000
E9 13010000
8B45 C8
8B48 20
8B11
8955 F8
8B45 C8
8B48 30
8B55 C8
8B42 20
8B10
0311
3955 F8
73 1B
8B45 C8
8B48 20
8B11
8955 F4
8B45 F4
0FB600
E9 DD000000
E9 D8000000
8B4D C8
8B51 40
83E2 04
75 45
8B45 C8
8B48 24
8B11
8955 F0
837D F0 00
74 34
8B45 C8
8B48 24
8B11
8955 EC
8B45 C8
8B48 20
8B11
8955 E8
8B45 EC
3B45 E8
77 20
8B4D C8
8B51 20
8B02
8945 E4
8B4D C8
8B51 3C
3B55 E4

MOV EBP,ESP
SUB ESP,38
MOV DWORD PTR SS:[LOCAL.14],ECX
MOV EAX,DWORD PTR SS:[LOCAL.14]
MOV ECX,DWORD PTR DS:[EAX+20]
MOV EDX,DWORD PTR DS:[ECX]
MOV DWORD PTR SS:[LOCAL.1],EDX
CMP DWORD PTR SS:[LOCAL.1],0
JNE SHORT 00427FA7
OR EAX,FFFFFFFF
JMP 004280BA
JMP 004280BA
MOV EAX,DWORD PTR SS:[LOCAL.14]
MOV ECX,DWORD PTR DS:[EAX+20]
MOV EDX,DWORD PTR DS:[ECX]
MOV DWORD PTR SS:[LOCAL.2],EDX
MOV EAX,DWORD PTR SS:[LOCAL.14]
MOV ECX,DWORD PTR DS:[EAX+30]
MOV EDX,DWORD PTR SS:[LOCAL.14]
MOV EAX,DWORD PTR DS:[EDX+20]
MOV EDX,DWORD PTR DS:[EAX]
ADD EDX,DWORD PTR DS:[ECX]
CMP DWORD PTR SS:[LOCAL.2],EDX
JNB SHORT 00427FE2
MOV EAX,DWORD PTR SS:[LOCAL.14]
MOV ECX,DWORD PTR DS:[EAX+20]
MOV EDX,DWORD PTR DS:[ECX]
MOV DWORD PTR SS:[LOCAL.3],EDX
MOV EAX,DWORD PTR SS:[LOCAL.3]
MOVZX EAX,BYTE PTR DS:[EAX]
JMP 004280BA
JMP 004280BA
MOV ECX,DWORD PTR SS:[LOCAL.14]
MOV EDX,DWORD PTR DS:[ECX+40]
AND EDX,00000004
JNE SHORT 00428032
MOV EAX,DWORD PTR SS:[LOCAL.14]
MOV ECX,DWORD PTR DS:[EAX+24]
MOV EDX,DWORD PTR DS:[ECX]
MOV DWORD PTR SS:[LOCAL.4],EDX
CMP DWORD PTR SS:[LOCAL.4],0
JE SHORT 00428032
MOV EAX,DWORD PTR SS:[LOCAL.14]
MOV ECX,DWORD PTR DS:[EAX+24]
MOV EDX,DWORD PTR DS:[ECX]
MOV DWORD PTR SS:[LOCAL.5],EDX
MOV EAX,DWORD PTR SS:[LOCAL.14]
MOV ECX,DWORD PTR DS:[EAX+20]
MOV EDX,DWORD PTR DS:[ECX]
MOV DWORD PTR SS:[LOCAL.6],EDX
MOV EAX,DWORD PTR SS:[LOCAL.5]
CMP EAX,DWORD PTR SS:[LOCAL.6]
JA SHORT 0042803C
MOV ECX,DWORD PTR SS:[LOCAL.14]
MOV EDX,DWORD PTR DS:[ECX+20]
MOV EAX,DWORD PTR DS:[EDX]
MOV DWORD PTR SS:[LOCAL.7],EAX
MOV ECX,DWORD PTR SS:[LOCAL.14]
MOV EDX,DWORD PTR DS:[ECX+3C]
CMP EDX,DWORD PTR SS:[LOCAL.7]

00428030
00428032
00428035
0042803A
0042803C
0042803F
00428042
00428044
00428047
0042804A
0042804D
00428050
00428052
00428055
00428058
0042805A
0042805D
00428060
00428063
00428066
00428069
0042806C
0042806E
00428071
00428074
00428077
00428079
0042807C
0042807F
00428082
00428085
00428088
0042808B
0042808E
00428090
00428093
00428096
00428099
0042809B
0042809E
004280A1
004280A4
004280A7
004280A9
004280AC
004280AF
004280B1
004280B4
004280B7
004280BA
004280BC
004280BD
004280BE
004280BF
004280C0
004280C1
004280C3
004280C6
004280C9
004280CC

|.
|>
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
\.
/.
|.
|.
|.
|.
|.

77 0A
83C8 FF
E9 80000000
EB 7E
8B45 C8
8B48 24
8B11
8955 E0
8B45 C8
8B48 3C
3B4D E0
73 14
8B55 C8
8B42 24
8B08
894D DC
8B55 C8
8B45 DC
8942 3C
8B4D C8
8B51 20
8B02
8945 D8
8B4D C8
8B51 10
8B02
8945 D4
8B4D C8
8B51 3C
8955 D0
8B45 C8
8B48 10
8B55 D4
8911
8B45 C8
8B48 20
8B55 D8
8911
8B45 D0
2B45 D8
8B4D C8
8B51 30
8902
8B45 C8
8B48 20
8B11
8955 CC
8B45 CC
0FB600
8BE5
5D
C3
CC
CC
55
8BEC
83EC 60
894D A0
8B45 A0
8B48 24

JA SHORT 0042803C
OR EAX,FFFFFFFF
JMP 004280BA
JMP SHORT 004280BA
MOV EAX,DWORD PTR SS:[LOCAL.14]
MOV ECX,DWORD PTR DS:[EAX+24]
MOV EDX,DWORD PTR DS:[ECX]
MOV DWORD PTR SS:[LOCAL.8],EDX
MOV EAX,DWORD PTR SS:[LOCAL.14]
MOV ECX,DWORD PTR DS:[EAX+3C]
CMP ECX,DWORD PTR SS:[LOCAL.8]
JNB SHORT 00428066
MOV EDX,DWORD PTR SS:[LOCAL.14]
MOV EAX,DWORD PTR DS:[EDX+24]
MOV ECX,DWORD PTR DS:[EAX]
MOV DWORD PTR SS:[LOCAL.9],ECX
MOV EDX,DWORD PTR SS:[LOCAL.14]
MOV EAX,DWORD PTR SS:[LOCAL.9]
MOV DWORD PTR DS:[EDX+3C],EAX
MOV ECX,DWORD PTR SS:[LOCAL.14]
MOV EDX,DWORD PTR DS:[ECX+20]
MOV EAX,DWORD PTR DS:[EDX]
MOV DWORD PTR SS:[LOCAL.10],EAX
MOV ECX,DWORD PTR SS:[LOCAL.14]
MOV EDX,DWORD PTR DS:[ECX+10]
MOV EAX,DWORD PTR DS:[EDX]
MOV DWORD PTR SS:[LOCAL.11],EAX
MOV ECX,DWORD PTR SS:[LOCAL.14]
MOV EDX,DWORD PTR DS:[ECX+3C]
MOV DWORD PTR SS:[LOCAL.12],EDX
MOV EAX,DWORD PTR SS:[LOCAL.14]
MOV ECX,DWORD PTR DS:[EAX+10]
MOV EDX,DWORD PTR SS:[LOCAL.11]
MOV DWORD PTR DS:[ECX],EDX
MOV EAX,DWORD PTR SS:[LOCAL.14]
MOV ECX,DWORD PTR DS:[EAX+20]
MOV EDX,DWORD PTR SS:[LOCAL.10]
MOV DWORD PTR DS:[ECX],EDX
MOV EAX,DWORD PTR SS:[LOCAL.12]
SUB EAX,DWORD PTR SS:[LOCAL.10]
MOV ECX,DWORD PTR SS:[LOCAL.14]
MOV EDX,DWORD PTR DS:[ECX+30]
MOV DWORD PTR DS:[EDX],EAX
MOV EAX,DWORD PTR SS:[LOCAL.14]
MOV ECX,DWORD PTR DS:[EAX+20]
MOV EDX,DWORD PTR DS:[ECX]
MOV DWORD PTR SS:[LOCAL.13],EDX
MOV EAX,DWORD PTR SS:[LOCAL.13]
MOVZX EAX,BYTE PTR DS:[EAX]
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
PUSH EBP
MOV EBP,ESP
SUB ESP,60
MOV DWORD PTR SS:[LOCAL.24],ECX
MOV EAX,DWORD PTR SS:[LOCAL.24]
MOV ECX,DWORD PTR DS:[EAX+24]

004280CF
004280D1
004280D4
004280D8
004280DA
004280DD
004280E0
004280E2
004280E5
004280E8
004280EB
004280EE
004280F0
004280F3
004280F6
004280F8
004280FB
004280FE
00428101
00428104
00428107
0042810A
00428110
00428113
00428116
00428118
0042811B
0042811F
00428125
00428129
0042812B
0042812E
00428131
00428133
00428136
00428139
0042813C
0042813F
00428142
00428145
00428147
0042814B
0042814D
00428150
00428153
00428155
00428158
0042815B
0042815D
00428160
00428163
00428166
00428168
0042816B
0042816E
00428171
00428174
00428177
00428179
0042817D

|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.

8B11
8955 FC
837D FC 00
74 2A
8B45 A0
8B48 24
8B11
8955 F8
8B45 A0
8B48 3C
3B4D F8
73 14
8B55 A0
8B42 24
8B08
894D F4
8B55 A0
8B45 F4
8942 3C
8B4D 14
83E1 01
0F84 5C010000
8B55 A0
8B42 20
8B08
894D F0
837D F0 00
0F84 47010000
837D 10 02
75 1C
8B55 A0
8B42 10
8B08
894D EC
8B55 A0
8B42 3C
2B45 EC
0345 0C
8945 0C
EB 40
837D 10 01
75 2C
8B4D 14
83E1 02
75 24
8B55 A0
8B42 20
8B08
894D E8
8B55 A0
8B42 10
8B08
894D E4
8B55 E8
2B55 E4
0355 0C
8955 0C
EB 0E
837D 10 00
74 08

MOV EDX,DWORD PTR DS:[ECX]


MOV DWORD PTR SS:[LOCAL.1],EDX
CMP DWORD PTR SS:[LOCAL.1],0
JE SHORT 00428104
MOV EAX,DWORD PTR SS:[LOCAL.24]
MOV ECX,DWORD PTR DS:[EAX+24]
MOV EDX,DWORD PTR DS:[ECX]
MOV DWORD PTR SS:[LOCAL.2],EDX
MOV EAX,DWORD PTR SS:[LOCAL.24]
MOV ECX,DWORD PTR DS:[EAX+3C]
CMP ECX,DWORD PTR SS:[LOCAL.2]
JNB SHORT 00428104
MOV EDX,DWORD PTR SS:[LOCAL.24]
MOV EAX,DWORD PTR DS:[EDX+24]
MOV ECX,DWORD PTR DS:[EAX]
MOV DWORD PTR SS:[LOCAL.3],ECX
MOV EDX,DWORD PTR SS:[LOCAL.24]
MOV EAX,DWORD PTR SS:[LOCAL.3]
MOV DWORD PTR DS:[EDX+3C],EAX
MOV ECX,DWORD PTR SS:[ARG.4]
AND ECX,00000001
JE 0042826C
MOV EDX,DWORD PTR SS:[LOCAL.24]
MOV EAX,DWORD PTR DS:[EDX+20]
MOV ECX,DWORD PTR DS:[EAX]
MOV DWORD PTR SS:[LOCAL.4],ECX
CMP DWORD PTR SS:[LOCAL.4],0
JE 0042826C
CMP DWORD PTR SS:[ARG.3],2
JNE SHORT 00428147
MOV EDX,DWORD PTR SS:[LOCAL.24]
MOV EAX,DWORD PTR DS:[EDX+10]
MOV ECX,DWORD PTR DS:[EAX]
MOV DWORD PTR SS:[LOCAL.5],ECX
MOV EDX,DWORD PTR SS:[LOCAL.24]
MOV EAX,DWORD PTR DS:[EDX+3C]
SUB EAX,DWORD PTR SS:[LOCAL.5]
ADD EAX,DWORD PTR SS:[ARG.2]
MOV DWORD PTR SS:[ARG.2],EAX
JMP SHORT 00428187
CMP DWORD PTR SS:[ARG.3],1
JNE SHORT 00428179
MOV ECX,DWORD PTR SS:[ARG.4]
AND ECX,00000002
JNE SHORT 00428179
MOV EDX,DWORD PTR SS:[LOCAL.24]
MOV EAX,DWORD PTR DS:[EDX+20]
MOV ECX,DWORD PTR DS:[EAX]
MOV DWORD PTR SS:[LOCAL.6],ECX
MOV EDX,DWORD PTR SS:[LOCAL.24]
MOV EAX,DWORD PTR DS:[EDX+10]
MOV ECX,DWORD PTR DS:[EAX]
MOV DWORD PTR SS:[LOCAL.7],ECX
MOV EDX,DWORD PTR SS:[LOCAL.6]
SUB EDX,DWORD PTR SS:[LOCAL.7]
ADD EDX,DWORD PTR SS:[ARG.2]
MOV DWORD PTR SS:[ARG.2],EDX
JMP SHORT 00428187
CMP DWORD PTR SS:[ARG.3],0
JE SHORT 00428187

0042817F
00428184
00428187
0042818B
00428191
00428194
00428197
00428199
0042819C
0042819F
004281A2
004281A5
004281A8
004281AE
004281B1
004281B4
004281B6
004281B9
004281BC
004281BF
004281C1
004281C4
004281C7
004281CA
004281CD
004281D0
004281D3
004281D6
004281D8
004281DB
004281DE
004281E1
004281E3
004281E6
004281E9
004281EB
004281EE
004281F1
004281F4
004281F6
004281F9
004281FC
004281FE
00428201
00428204
00428206
00428209
0042820D
0042820F
00428212
00428215
00428218
0042821B
0042821D
0042821F
00428222
00428225
00428228
0042822A
0042822D

|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.

A1 049D4400
8945 0C
837D 0C 00
0F8C CD000000
8B4D A0
8B51 10
8B02
8945 E0
8B4D A0
8B51 3C
2B55 E0
3955 0C
0F8F B0000000
8B45 A0
8B48 10
8B11
8955 DC
8B45 A0
8B48 20
8B11
8955 D8
8B45 DC
2B45 D8
0345 0C
8945 D4
8B4D A0
8B51 30
8B02
2B45 D4
8B4D A0
8B51 30
8902
8B45 A0
8B48 20
8B11
0355 D4
8B45 A0
8B48 20
8911
8B55 14
83E2 02
74 5E
8B45 A0
8B48 24
8B11
8955 D0
837D D0 00
74 4D
8B45 A0
8B48 24
8B55 A0
8B42 34
8B09
0308
894D CC
8B55 A0
8B42 20
8B08
894D C8
8B55 A0

MOV EAX,DWORD PTR DS:[449D04]


MOV DWORD PTR SS:[ARG.2],EAX
CMP DWORD PTR SS:[ARG.2],0
JL 0042825E
MOV ECX,DWORD PTR SS:[LOCAL.24]
MOV EDX,DWORD PTR DS:[ECX+10]
MOV EAX,DWORD PTR DS:[EDX]
MOV DWORD PTR SS:[LOCAL.8],EAX
MOV ECX,DWORD PTR SS:[LOCAL.24]
MOV EDX,DWORD PTR DS:[ECX+3C]
SUB EDX,DWORD PTR SS:[LOCAL.8]
CMP DWORD PTR SS:[ARG.2],EDX
JG 0042825E
MOV EAX,DWORD PTR SS:[LOCAL.24]
MOV ECX,DWORD PTR DS:[EAX+10]
MOV EDX,DWORD PTR DS:[ECX]
MOV DWORD PTR SS:[LOCAL.9],EDX
MOV EAX,DWORD PTR SS:[LOCAL.24]
MOV ECX,DWORD PTR DS:[EAX+20]
MOV EDX,DWORD PTR DS:[ECX]
MOV DWORD PTR SS:[LOCAL.10],EDX
MOV EAX,DWORD PTR SS:[LOCAL.9]
SUB EAX,DWORD PTR SS:[LOCAL.10]
ADD EAX,DWORD PTR SS:[ARG.2]
MOV DWORD PTR SS:[LOCAL.11],EAX
MOV ECX,DWORD PTR SS:[LOCAL.24]
MOV EDX,DWORD PTR DS:[ECX+30]
MOV EAX,DWORD PTR DS:[EDX]
SUB EAX,DWORD PTR SS:[LOCAL.11]
MOV ECX,DWORD PTR SS:[LOCAL.24]
MOV EDX,DWORD PTR DS:[ECX+30]
MOV DWORD PTR DS:[EDX],EAX
MOV EAX,DWORD PTR SS:[LOCAL.24]
MOV ECX,DWORD PTR DS:[EAX+20]
MOV EDX,DWORD PTR DS:[ECX]
ADD EDX,DWORD PTR SS:[LOCAL.11]
MOV EAX,DWORD PTR SS:[LOCAL.24]
MOV ECX,DWORD PTR DS:[EAX+20]
MOV DWORD PTR DS:[ECX],EDX
MOV EDX,DWORD PTR SS:[ARG.4]
AND EDX,00000002
JE SHORT 0042825C
MOV EAX,DWORD PTR SS:[LOCAL.24]
MOV ECX,DWORD PTR DS:[EAX+24]
MOV EDX,DWORD PTR DS:[ECX]
MOV DWORD PTR SS:[LOCAL.12],EDX
CMP DWORD PTR SS:[LOCAL.12],0
JE SHORT 0042825C
MOV EAX,DWORD PTR SS:[LOCAL.24]
MOV ECX,DWORD PTR DS:[EAX+24]
MOV EDX,DWORD PTR SS:[LOCAL.24]
MOV EAX,DWORD PTR DS:[EDX+34]
MOV ECX,DWORD PTR DS:[ECX]
ADD ECX,DWORD PTR DS:[EAX]
MOV DWORD PTR SS:[LOCAL.13],ECX
MOV EDX,DWORD PTR SS:[LOCAL.24]
MOV EAX,DWORD PTR DS:[EDX+20]
MOV ECX,DWORD PTR DS:[EAX]
MOV DWORD PTR SS:[LOCAL.14],ECX
MOV EDX,DWORD PTR SS:[LOCAL.24]

00428230
00428233
00428235
00428238
0042823B
0042823E
00428241
00428243
00428246
00428249
0042824C
0042824E
00428251
00428254
00428257
0042825A
0042825C
0042825E
00428264
00428267
0042826C
0042826F
00428272
00428278
0042827B
0042827E
00428280
00428283
00428287
0042828D
00428291
00428293
00428296
00428299
0042829B
0042829E
004282A1
004282A4
004282A7
004282AA
004282AD
004282AF
004282B3
004282B5
004282B8
004282BB
004282BD
004282C0
004282C3
004282C6
004282C8
004282CB
004282CE
004282D1
004282D4
004282D7
004282D9
004282DD
004282DF
004282E5

|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|>
|.
|>
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.

8B42 14
8B08
894D C4
8B55 A0
8B42 14
8B4D C4
8908
8B55 A0
8B42 24
8B4D C8
8908
8B55 CC
2B55 C8
8B45 A0
8B48 34
8911
EB 09
8B15 049D4400
8955 0C
E9 F8000000
8B45 14
83E0 02
0F84 E3000000
8B4D A0
8B51 24
8B02
8945 C0
837D C0 00
0F84 CE000000
837D 10 02
75 1C
8B4D A0
8B51 10
8B02
8945 BC
8B4D A0
8B51 3C
2B55 BC
0355 0C
8955 0C
EB 39
837D 10 01
75 24
8B45 A0
8B48 24
8B11
8955 B8
8B45 A0
8B48 10
8B11
8955 B4
8B45 B8
2B45 B4
0345 0C
8945 0C
EB 0F
837D 10 00
74 09
8B0D 049D4400
894D 0C

MOV EAX,DWORD PTR DS:[EDX+14]


MOV ECX,DWORD PTR DS:[EAX]
MOV DWORD PTR SS:[LOCAL.15],ECX
MOV EDX,DWORD PTR SS:[LOCAL.24]
MOV EAX,DWORD PTR DS:[EDX+14]
MOV ECX,DWORD PTR SS:[LOCAL.15]
MOV DWORD PTR DS:[EAX],ECX
MOV EDX,DWORD PTR SS:[LOCAL.24]
MOV EAX,DWORD PTR DS:[EDX+24]
MOV ECX,DWORD PTR SS:[LOCAL.14]
MOV DWORD PTR DS:[EAX],ECX
MOV EDX,DWORD PTR SS:[LOCAL.13]
SUB EDX,DWORD PTR SS:[LOCAL.14]
MOV EAX,DWORD PTR SS:[LOCAL.24]
MOV ECX,DWORD PTR DS:[EAX+34]
MOV DWORD PTR DS:[ECX],EDX
JMP SHORT 00428267
MOV EDX,DWORD PTR DS:[449D04]
MOV DWORD PTR SS:[ARG.2],EDX
JMP 00428364
MOV EAX,DWORD PTR SS:[ARG.4]
AND EAX,00000002
JE 0042835B
MOV ECX,DWORD PTR SS:[LOCAL.24]
MOV EDX,DWORD PTR DS:[ECX+24]
MOV EAX,DWORD PTR DS:[EDX]
MOV DWORD PTR SS:[LOCAL.16],EAX
CMP DWORD PTR SS:[LOCAL.16],0
JE 0042835B
CMP DWORD PTR SS:[ARG.3],2
JNE SHORT 004282AF
MOV ECX,DWORD PTR SS:[LOCAL.24]
MOV EDX,DWORD PTR DS:[ECX+10]
MOV EAX,DWORD PTR DS:[EDX]
MOV DWORD PTR SS:[LOCAL.17],EAX
MOV ECX,DWORD PTR SS:[LOCAL.24]
MOV EDX,DWORD PTR DS:[ECX+3C]
SUB EDX,DWORD PTR SS:[LOCAL.17]
ADD EDX,DWORD PTR SS:[ARG.2]
MOV DWORD PTR SS:[ARG.2],EDX
JMP SHORT 004282E8
CMP DWORD PTR SS:[ARG.3],1
JNE SHORT 004282D9
MOV EAX,DWORD PTR SS:[LOCAL.24]
MOV ECX,DWORD PTR DS:[EAX+24]
MOV EDX,DWORD PTR DS:[ECX]
MOV DWORD PTR SS:[LOCAL.18],EDX
MOV EAX,DWORD PTR SS:[LOCAL.24]
MOV ECX,DWORD PTR DS:[EAX+10]
MOV EDX,DWORD PTR DS:[ECX]
MOV DWORD PTR SS:[LOCAL.19],EDX
MOV EAX,DWORD PTR SS:[LOCAL.18]
SUB EAX,DWORD PTR SS:[LOCAL.19]
ADD EAX,DWORD PTR SS:[ARG.2]
MOV DWORD PTR SS:[ARG.2],EAX
JMP SHORT 004282E8
CMP DWORD PTR SS:[ARG.3],0
JE SHORT 004282E8
MOV ECX,DWORD PTR DS:[449D04]
MOV DWORD PTR SS:[ARG.2],ECX

004282E8
004282EC
004282EE
004282F1
004282F4
004282F6
004282F9
004282FC
004282FF
00428302
00428305
00428307
0042830A
0042830D
0042830F
00428312
00428315
00428318
0042831A
0042831D
00428320
00428323
00428326
00428329
0042832C
0042832F
00428331
00428334
00428337
0042833A
0042833C
0042833F
00428342
00428344
00428347
0042834A
0042834D
0042834F
00428351
00428356
00428359
0042835B
00428361
00428364
00428367
0042836A
0042836C
0042836F
00428376
0042837D
00428380
00428385
00428388
0042838B
0042838D
0042838E
00428391
00428392
00428393
00428394

|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|>
|>
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
\.

837D 0C 00
7C 63
8B55 A0
8B42 10
8B08
894D B0
8B55 A0
8B42 3C
2B45 B0
3945 0C
7F 4A
8B4D A0
8B51 10
8B02
8945 AC
8B4D A0
8B51 24
8B02
8945 A8
8B4D AC
2B4D A8
034D 0C
894D A4
8B55 A0
8B42 34
8B08
2B4D A4
8B55 A0
8B42 34
8908
8B4D A0
8B51 24
8B02
0345 A4
8B4D A0
8B51 24
8902
EB 08
A1 049D4400
8945 0C
EB 09
8B0D 049D4400
894D 0C
8B55 08
8B45 0C
8902
8B4D 08
C741 08 00000
C741 0C 00000
8B55 08
A1 D49B4400
8942 10
8B45 08
8BE5
5D
C2 1000
CC
CC
CC
CC

CMP DWORD PTR SS:[ARG.2],0


JL SHORT 00428351
MOV EDX,DWORD PTR SS:[LOCAL.24]
MOV EAX,DWORD PTR DS:[EDX+10]
MOV ECX,DWORD PTR DS:[EAX]
MOV DWORD PTR SS:[LOCAL.20],ECX
MOV EDX,DWORD PTR SS:[LOCAL.24]
MOV EAX,DWORD PTR DS:[EDX+3C]
SUB EAX,DWORD PTR SS:[LOCAL.20]
CMP DWORD PTR SS:[ARG.2],EAX
JG SHORT 00428351
MOV ECX,DWORD PTR SS:[LOCAL.24]
MOV EDX,DWORD PTR DS:[ECX+10]
MOV EAX,DWORD PTR DS:[EDX]
MOV DWORD PTR SS:[LOCAL.21],EAX
MOV ECX,DWORD PTR SS:[LOCAL.24]
MOV EDX,DWORD PTR DS:[ECX+24]
MOV EAX,DWORD PTR DS:[EDX]
MOV DWORD PTR SS:[LOCAL.22],EAX
MOV ECX,DWORD PTR SS:[LOCAL.21]
SUB ECX,DWORD PTR SS:[LOCAL.22]
ADD ECX,DWORD PTR SS:[ARG.2]
MOV DWORD PTR SS:[LOCAL.23],ECX
MOV EDX,DWORD PTR SS:[LOCAL.24]
MOV EAX,DWORD PTR DS:[EDX+34]
MOV ECX,DWORD PTR DS:[EAX]
SUB ECX,DWORD PTR SS:[LOCAL.23]
MOV EDX,DWORD PTR SS:[LOCAL.24]
MOV EAX,DWORD PTR DS:[EDX+34]
MOV DWORD PTR DS:[EAX],ECX
MOV ECX,DWORD PTR SS:[LOCAL.24]
MOV EDX,DWORD PTR DS:[ECX+24]
MOV EAX,DWORD PTR DS:[EDX]
ADD EAX,DWORD PTR SS:[LOCAL.23]
MOV ECX,DWORD PTR SS:[LOCAL.24]
MOV EDX,DWORD PTR DS:[ECX+24]
MOV DWORD PTR DS:[EDX],EAX
JMP SHORT 00428359
MOV EAX,DWORD PTR DS:[449D04]
MOV DWORD PTR SS:[ARG.2],EAX
JMP SHORT 00428364
MOV ECX,DWORD PTR DS:[449D04]
MOV DWORD PTR SS:[ARG.2],ECX
MOV EDX,DWORD PTR SS:[ARG.1]
MOV EAX,DWORD PTR SS:[ARG.2]
MOV DWORD PTR DS:[EDX],EAX
MOV ECX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR DS:[ECX+8],0
MOV DWORD PTR DS:[ECX+0C],0
MOV EDX,DWORD PTR SS:[ARG.1]
MOV EAX,DWORD PTR DS:[449BD4]
MOV DWORD PTR DS:[EDX+10],EAX
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ESP,EBP
POP EBP
RETN 10
INT3
INT3
INT3
INT3

00428395
CC
00428396
CC
00428397
CC
00428398
CC
00428399
CC
0042839A
CC
0042839B
CC
0042839C
CC
0042839D
CC
0042839E
CC
0042839F
CC
004283A0 /$ 55
o.004283A0(guessed Arg1)
004283A1 |. 8BEC
004283A3 |. 6A FF
004283A5 |. 68 0E694400
004283AA |. 64:A1 0000000
004283B0 |. 50
004283B1 |. 83EC 74
004283B4 |. A1 A0154500
004283B9 |. 33C5
004283BB |. 50
004283BC |. 8D45 F4
004283BF |. 64:A3 0000000
004283C5 |. 894D 80
004283C8 |. 8B45 08
004283CB |. 50
[ARG.1]
004283CC |. 8B4D 80
004283CF |. E8 3C29FEFF
fo.0040AD10
004283D4 |. C745 FC 00000
004283DB |. 8B4D 08
004283DE |. 83C1 28
004283E1 |. 51
004283E2 |. 8B4D 80
004283E5 |. 83C1 28
004283E8 |. E8 2329FEFF
fo.0040AD10
004283ED |. C645 FC 01
004283F1 |. 8B55 08
004283F4 |. 83C2 50
004283F7 |. 52
004283F8 |. 8B4D 80
004283FB |. 83C1 50
004283FE |. E8 0D29FEFF
fo.0040AD10
00428403 |. C645 FC 02
00428407 |. 8B45 08
0042840A |. 83C0 78
0042840D |. 50
0042840E |. 8B4D 80
00428411 |. 83C1 78
00428414 |. E8 F728FEFF
fo.0040AD10
00428419 |. C745 FC FFFFF
00428420 |. 8B45 80
00428423 |. 8B4D F4
00428426 |. 64:890D 00000
0042842D |. 59

INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP

; SystemInf

MOV EBP,ESP
PUSH -1
PUSH 0044690E
MOV EAX,DWORD PTR FS:[0]
PUSH EAX
SUB ESP,74
MOV EAX,DWORD PTR DS:[4515A0]
XOR EAX,EBP
PUSH EAX
LEA EAX,[LOCAL.3]
MOV DWORD PTR FS:[0],EAX
MOV DWORD PTR SS:[LOCAL.32],ECX
MOV EAX,DWORD PTR SS:[ARG.1]
PUSH EAX

; /Arg1 =>

MOV ECX,DWORD PTR SS:[LOCAL.32]


CALL 0040AD10

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.1],0


MOV ECX,DWORD PTR SS:[ARG.1]
ADD ECX,28
PUSH ECX
MOV ECX,DWORD PTR SS:[LOCAL.32]
ADD ECX,28
CALL 0040AD10

;
;
;
;

/Arg1
|
|
\SystemIn

MOV BYTE PTR SS:[LOCAL.1],1


MOV EDX,DWORD PTR SS:[ARG.1]
ADD EDX,50
PUSH EDX
MOV ECX,DWORD PTR SS:[LOCAL.32]
ADD ECX,50
CALL 0040AD10

;
;
;
;

/Arg1
|
|
\SystemIn

MOV BYTE PTR SS:[LOCAL.1],2


MOV EAX,DWORD PTR SS:[ARG.1]
ADD EAX,78
PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.32]
ADD ECX,78
CALL 0040AD10

;
;
;
;

/Arg1
|
|
\SystemIn

MOV
MOV
MOV
MOV
POP

DWORD PTR
EAX,DWORD
ECX,DWORD
DWORD PTR
ECX

SS:[LOCAL.1],-1
PTR SS:[LOCAL.32]
PTR SS:[LOCAL.3]
FS:[0],ECX

0042842E
00428430
00428431
00428434
00428435
00428436
00428437
00428438
00428439
0042843A
0042843B
0042843C
0042843D
0042843E
0042843F
00428440
00428441
00428443
00428446
00428449
0042844C
0042844F
00428452
00428455
00428458
0042845A
0042845D
00428461
00428463
00428466
00428469
0042846B
0042846E
00428471
00428474
00428477
00428479
0042847C
0042847F
00428481
00428484
00428487
0042848A
0042848D
00428490
00428496
00428498
0042849D
004284A0
004284A3
004284A9
004284AC
004284AF
004284B1
004284B4
004284B8
004284BE
004284C2
004284C8
004284CB

|. 8BE5
|. 5D
\. C2 0400
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
/. 55
|. 8BEC
|. 83EC 4C
|. 894D B4
|. 8B45 14
|. 0345 0C
|. 8945 FC
|. 8B4D B4
|. 8B51 24
|. 8B02
|. 8945 F8
|. 837D F8 00
|. 74 2A
|. 8B4D B4
|. 8B51 24
|. 8B02
|. 8945 F4
|. 8B4D B4
|. 8B51 3C
|. 3B55 F4
|. 73 14
|. 8B45 B4
|. 8B48 24
|. 8B11
|. 8955 F0
|. 8B45 B4
|. 8B4D F0
|. 8948 3C
|> 8B55 FC
|. 3B15 049D4400
|. 75 05
|. E9 9F010000
|> 8B45 24
|. 83E0 01
|. 0F84 FA000000
|. 8B4D B4
|. 8B51 20
|. 8B02
|. 8945 EC
|. 837D EC 00
|. 0F84 E5000000
|. 837D FC 00
|. 0F8C CD000000
|. 8B4D B4
|. 8B51 10

MOV ESP,EBP
POP EBP
RETN 4
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
SUB ESP,4C
MOV DWORD PTR SS:[LOCAL.19],ECX
MOV EAX,DWORD PTR SS:[ARG.4]
ADD EAX,DWORD PTR SS:[ARG.2]
MOV DWORD PTR SS:[LOCAL.1],EAX
MOV ECX,DWORD PTR SS:[LOCAL.19]
MOV EDX,DWORD PTR DS:[ECX+24]
MOV EAX,DWORD PTR DS:[EDX]
MOV DWORD PTR SS:[LOCAL.2],EAX
CMP DWORD PTR SS:[LOCAL.2],0
JE SHORT 0042848D
MOV ECX,DWORD PTR SS:[LOCAL.19]
MOV EDX,DWORD PTR DS:[ECX+24]
MOV EAX,DWORD PTR DS:[EDX]
MOV DWORD PTR SS:[LOCAL.3],EAX
MOV ECX,DWORD PTR SS:[LOCAL.19]
MOV EDX,DWORD PTR DS:[ECX+3C]
CMP EDX,DWORD PTR SS:[LOCAL.3]
JNB SHORT 0042848D
MOV EAX,DWORD PTR SS:[LOCAL.19]
MOV ECX,DWORD PTR DS:[EAX+24]
MOV EDX,DWORD PTR DS:[ECX]
MOV DWORD PTR SS:[LOCAL.4],EDX
MOV EAX,DWORD PTR SS:[LOCAL.19]
MOV ECX,DWORD PTR SS:[LOCAL.4]
MOV DWORD PTR DS:[EAX+3C],ECX
MOV EDX,DWORD PTR SS:[LOCAL.1]
CMP EDX,DWORD PTR DS:[449D04]
JNE SHORT 0042849D
JMP 0042863C
MOV EAX,DWORD PTR SS:[ARG.8]
AND EAX,00000001
JE 004285A3
MOV ECX,DWORD PTR SS:[LOCAL.19]
MOV EDX,DWORD PTR DS:[ECX+20]
MOV EAX,DWORD PTR DS:[EDX]
MOV DWORD PTR SS:[LOCAL.5],EAX
CMP DWORD PTR SS:[LOCAL.5],0
JE 004285A3
CMP DWORD PTR SS:[LOCAL.1],0
JL 00428595
MOV ECX,DWORD PTR SS:[LOCAL.19]
MOV EDX,DWORD PTR DS:[ECX+10]

004284CE
004284D0
004284D3
004284D6
004284D9
004284DC
004284DF
004284E5
004284E8
004284EB
004284ED
004284F0
004284F3
004284F6
004284F8
004284FB
004284FE
00428501
00428504
00428507
0042850A
0042850D
0042850F
00428512
00428515
00428518
0042851A
0042851D
00428520
00428522
00428525
00428528
0042852B
0042852D
00428530
00428533
00428535
00428538
0042853B
0042853D
00428540
00428544
00428546
00428549
0042854C
0042854F
00428552
00428554
00428556
00428559
0042855C
0042855F
00428561
00428564
00428567
0042856A
0042856C
0042856F
00428572
00428575

|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.

8B02
8945 E8
8B4D B4
8B51 3C
2B55 E8
3955 FC
0F8F B0000000
8B45 B4
8B48 10
8B11
8955 E4
8B45 B4
8B48 20
8B11
8955 E0
8B45 E4
2B45 E0
0345 FC
8945 DC
8B4D B4
8B51 30
8B02
2B45 DC
8B4D B4
8B51 30
8902
8B45 B4
8B48 20
8B11
0355 DC
8B45 B4
8B48 20
8911
8B55 24
83E2 02
74 5E
8B45 B4
8B48 24
8B11
8955 D8
837D D8 00
74 4D
8B45 B4
8B48 24
8B55 B4
8B42 34
8B09
0308
894D D4
8B55 B4
8B42 20
8B08
894D D0
8B55 B4
8B42 14
8B08
894D CC
8B55 B4
8B42 14
8B4D CC

MOV EAX,DWORD PTR DS:[EDX]


MOV DWORD PTR SS:[LOCAL.6],EAX
MOV ECX,DWORD PTR SS:[LOCAL.19]
MOV EDX,DWORD PTR DS:[ECX+3C]
SUB EDX,DWORD PTR SS:[LOCAL.6]
CMP DWORD PTR SS:[LOCAL.1],EDX
JG 00428595
MOV EAX,DWORD PTR SS:[LOCAL.19]
MOV ECX,DWORD PTR DS:[EAX+10]
MOV EDX,DWORD PTR DS:[ECX]
MOV DWORD PTR SS:[LOCAL.7],EDX
MOV EAX,DWORD PTR SS:[LOCAL.19]
MOV ECX,DWORD PTR DS:[EAX+20]
MOV EDX,DWORD PTR DS:[ECX]
MOV DWORD PTR SS:[LOCAL.8],EDX
MOV EAX,DWORD PTR SS:[LOCAL.7]
SUB EAX,DWORD PTR SS:[LOCAL.8]
ADD EAX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR SS:[LOCAL.9],EAX
MOV ECX,DWORD PTR SS:[LOCAL.19]
MOV EDX,DWORD PTR DS:[ECX+30]
MOV EAX,DWORD PTR DS:[EDX]
SUB EAX,DWORD PTR SS:[LOCAL.9]
MOV ECX,DWORD PTR SS:[LOCAL.19]
MOV EDX,DWORD PTR DS:[ECX+30]
MOV DWORD PTR DS:[EDX],EAX
MOV EAX,DWORD PTR SS:[LOCAL.19]
MOV ECX,DWORD PTR DS:[EAX+20]
MOV EDX,DWORD PTR DS:[ECX]
ADD EDX,DWORD PTR SS:[LOCAL.9]
MOV EAX,DWORD PTR SS:[LOCAL.19]
MOV ECX,DWORD PTR DS:[EAX+20]
MOV DWORD PTR DS:[ECX],EDX
MOV EDX,DWORD PTR SS:[ARG.8]
AND EDX,00000002
JE SHORT 00428593
MOV EAX,DWORD PTR SS:[LOCAL.19]
MOV ECX,DWORD PTR DS:[EAX+24]
MOV EDX,DWORD PTR DS:[ECX]
MOV DWORD PTR SS:[LOCAL.10],EDX
CMP DWORD PTR SS:[LOCAL.10],0
JE SHORT 00428593
MOV EAX,DWORD PTR SS:[LOCAL.19]
MOV ECX,DWORD PTR DS:[EAX+24]
MOV EDX,DWORD PTR SS:[LOCAL.19]
MOV EAX,DWORD PTR DS:[EDX+34]
MOV ECX,DWORD PTR DS:[ECX]
ADD ECX,DWORD PTR DS:[EAX]
MOV DWORD PTR SS:[LOCAL.11],ECX
MOV EDX,DWORD PTR SS:[LOCAL.19]
MOV EAX,DWORD PTR DS:[EDX+20]
MOV ECX,DWORD PTR DS:[EAX]
MOV DWORD PTR SS:[LOCAL.12],ECX
MOV EDX,DWORD PTR SS:[LOCAL.19]
MOV EAX,DWORD PTR DS:[EDX+14]
MOV ECX,DWORD PTR DS:[EAX]
MOV DWORD PTR SS:[LOCAL.13],ECX
MOV EDX,DWORD PTR SS:[LOCAL.19]
MOV EAX,DWORD PTR DS:[EDX+14]
MOV ECX,DWORD PTR SS:[LOCAL.13]

00428578
0042857A
0042857D
00428580
00428583
00428585
00428588
0042858B
0042858E
00428591
00428593
00428595
0042859B
0042859E
004285A3
004285A6
004285A9
004285AF
004285B2
004285B5
004285B7
004285BA
004285BE
004285C0
004285C4
004285C6
004285C9
004285CC
004285CE
004285D1
004285D4
004285D7
004285DA
004285DD
004285DF
004285E2
004285E5
004285E7
004285EA
004285ED
004285F0
004285F2
004285F5
004285F8
004285FB
004285FE
00428601
00428604
00428607
00428609
0042860C
0042860F
00428612
00428614
00428617
0042861A
0042861C
0042861F
00428622
00428625

|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|>
|.
|>
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.

8908
8B55 B4
8B42 24
8B4D D0
8908
8B55 D4
2B55 D0
8B45 B4
8B48 34
8911
EB 09
8B15 049D4400
8955 FC
E9 99000000
8B45 24
83E0 02
0F84 85000000
8B4D B4
8B51 24
8B02
8945 C8
837D C8 00
74 74
837D FC 00
7C 63
8B4D B4
8B51 10
8B02
8945 C4
8B4D B4
8B51 3C
2B55 C4
3955 FC
7F 4A
8B45 B4
8B48 10
8B11
8955 C0
8B45 B4
8B48 24
8B11
8955 BC
8B45 C0
2B45 BC
0345 FC
8945 B8
8B4D B4
8B51 34
8B02
2B45 B8
8B4D B4
8B51 34
8902
8B45 B4
8B48 24
8B11
0355 B8
8B45 B4
8B48 24
8911

MOV DWORD PTR DS:[EAX],ECX


MOV EDX,DWORD PTR SS:[LOCAL.19]
MOV EAX,DWORD PTR DS:[EDX+24]
MOV ECX,DWORD PTR SS:[LOCAL.12]
MOV DWORD PTR DS:[EAX],ECX
MOV EDX,DWORD PTR SS:[LOCAL.11]
SUB EDX,DWORD PTR SS:[LOCAL.12]
MOV EAX,DWORD PTR SS:[LOCAL.19]
MOV ECX,DWORD PTR DS:[EAX+34]
MOV DWORD PTR DS:[ECX],EDX
JMP SHORT 0042859E
MOV EDX,DWORD PTR DS:[449D04]
MOV DWORD PTR SS:[LOCAL.1],EDX
JMP 0042863C
MOV EAX,DWORD PTR SS:[ARG.8]
AND EAX,00000002
JE 00428634
MOV ECX,DWORD PTR SS:[LOCAL.19]
MOV EDX,DWORD PTR DS:[ECX+24]
MOV EAX,DWORD PTR DS:[EDX]
MOV DWORD PTR SS:[LOCAL.14],EAX
CMP DWORD PTR SS:[LOCAL.14],0
JE SHORT 00428634
CMP DWORD PTR SS:[LOCAL.1],0
JL SHORT 00428629
MOV ECX,DWORD PTR SS:[LOCAL.19]
MOV EDX,DWORD PTR DS:[ECX+10]
MOV EAX,DWORD PTR DS:[EDX]
MOV DWORD PTR SS:[LOCAL.15],EAX
MOV ECX,DWORD PTR SS:[LOCAL.19]
MOV EDX,DWORD PTR DS:[ECX+3C]
SUB EDX,DWORD PTR SS:[LOCAL.15]
CMP DWORD PTR SS:[LOCAL.1],EDX
JG SHORT 00428629
MOV EAX,DWORD PTR SS:[LOCAL.19]
MOV ECX,DWORD PTR DS:[EAX+10]
MOV EDX,DWORD PTR DS:[ECX]
MOV DWORD PTR SS:[LOCAL.16],EDX
MOV EAX,DWORD PTR SS:[LOCAL.19]
MOV ECX,DWORD PTR DS:[EAX+24]
MOV EDX,DWORD PTR DS:[ECX]
MOV DWORD PTR SS:[LOCAL.17],EDX
MOV EAX,DWORD PTR SS:[LOCAL.16]
SUB EAX,DWORD PTR SS:[LOCAL.17]
ADD EAX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR SS:[LOCAL.18],EAX
MOV ECX,DWORD PTR SS:[LOCAL.19]
MOV EDX,DWORD PTR DS:[ECX+34]
MOV EAX,DWORD PTR DS:[EDX]
SUB EAX,DWORD PTR SS:[LOCAL.18]
MOV ECX,DWORD PTR SS:[LOCAL.19]
MOV EDX,DWORD PTR DS:[ECX+34]
MOV DWORD PTR DS:[EDX],EAX
MOV EAX,DWORD PTR SS:[LOCAL.19]
MOV ECX,DWORD PTR DS:[EAX+24]
MOV EDX,DWORD PTR DS:[ECX]
ADD EDX,DWORD PTR SS:[LOCAL.18]
MOV EAX,DWORD PTR SS:[LOCAL.19]
MOV ECX,DWORD PTR DS:[EAX+24]
MOV DWORD PTR DS:[ECX],EDX

00428627 |. EB 09
JMP SHORT 00428632
00428629 |> 8B15 049D4400 MOV EDX,DWORD PTR DS:[449D04]
0042862F |. 8955 FC
MOV DWORD PTR SS:[LOCAL.1],EDX
00428632 |> EB 08
JMP SHORT 0042863C
00428634 |> A1 049D4400 MOV EAX,DWORD PTR DS:[449D04]
00428639 |. 8945 FC
MOV DWORD PTR SS:[LOCAL.1],EAX
0042863C |> 8B4D 08
MOV ECX,DWORD PTR SS:[ARG.1]
0042863F |. 8B55 FC
MOV EDX,DWORD PTR SS:[LOCAL.1]
00428642 |. 8911
MOV DWORD PTR DS:[ECX],EDX
00428644 |. 8B45 08
MOV EAX,DWORD PTR SS:[ARG.1]
00428647 |. C740 08 00000 MOV DWORD PTR DS:[EAX+8],0
0042864E |. C740 0C 00000 MOV DWORD PTR DS:[EAX+0C],0
00428655 |. 8B4D 08
MOV ECX,DWORD PTR SS:[ARG.1]
00428658 |. 8B15 D49B4400 MOV EDX,DWORD PTR DS:[449BD4]
0042865E |. 8951 10
MOV DWORD PTR DS:[ECX+10],EDX
00428661 |. 8B45 08
MOV EAX,DWORD PTR SS:[ARG.1]
00428664 |. 8BE5
MOV ESP,EBP
00428666 |. 5D
POP EBP
00428667 \. C2 2000
RETN 20
0042866A
CC
INT3
0042866B
CC
INT3
0042866C
CC
INT3
0042866D
CC
INT3
0042866E
CC
INT3
0042866F
CC
INT3
00428670 /$ 55
PUSH EBP
o.00428670(guessed Arg1,Arg2)
00428671 |. 8BEC
MOV EBP,ESP
00428673 |. 81EC 54010000 SUB ESP,154
00428679 |. 898D B0FEFFFF MOV DWORD PTR SS:[LOCAL.84],ECX
0042867F |. 8B8D B0FEFFFF MOV ECX,DWORD PTR SS:[LOCAL.84]
00428685 |. E8 C6000000 CALL 00428750
0042868A |. 8B85 B0FEFFFF MOV EAX,DWORD PTR SS:[LOCAL.84]
00428690 |. 8B4D 08
MOV ECX,DWORD PTR SS:[ARG.1]
00428693 |. 8948 28
MOV DWORD PTR DS:[EAX+28],ECX
00428696 |. 8B95 B0FEFFFF MOV EDX,DWORD PTR SS:[LOCAL.84]
0042869C |. C742 2C 00000 MOV DWORD PTR DS:[EDX+2C],0
004286A3 |. 6A 20
PUSH 20
0
004286A5 |. 8B8D B0FEFFFF MOV ECX,DWORD PTR SS:[LOCAL.84]
004286AB |. E8 801C0000 CALL 0042A330
fo.0042A330
004286B0 |. 8B8D B0FEFFFF MOV ECX,DWORD PTR SS:[LOCAL.84]
004286B6 |. 8841 30
MOV BYTE PTR DS:[ECX+30],AL
004286B9 |. 8B95 B0FEFFFF MOV EDX,DWORD PTR SS:[LOCAL.84]
004286BF |. 837A 28 00
CMP DWORD PTR DS:[EDX+28],0
004286C3 |. 75 5E
JNE SHORT 00428723
004286C5 |. B8 04000000 MOV EAX,4
004286CA |. 85C0
TEST EAX,EAX
004286CC |. 74 55
JE SHORT 00428723
004286CE |. 8B8D B0FEFFFF MOV ECX,DWORD PTR SS:[LOCAL.84]
004286D4 |. 8B51 08
MOV EDX,DWORD PTR DS:[ECX+8]
004286D7 |. 8955 B4
MOV DWORD PTR SS:[LOCAL.19],EDX
004286DA |. 8B45 B4
MOV EAX,DWORD PTR SS:[LOCAL.19]
004286DD |. 83C8 04
OR EAX,00000004
004286E0 |. 8985 B4FEFFFF MOV DWORD PTR SS:[LOCAL.83],EAX
004286E6 |. 8B8D B0FEFFFF MOV ECX,DWORD PTR SS:[LOCAL.84]
004286EC |. 8379 28 00
CMP DWORD PTR DS:[ECX+28],0
004286F0 |. 75 11
JNE SHORT 00428703
004286F2 |. 8B95 B4FEFFFF MOV EDX,DWORD PTR SS:[LOCAL.83]

; SystemInf

; /Arg1 = 2
; |
; \SystemIn

004286F8 |.
004286FB |.
00428701 |.
00428703 |>
00428709 |.
0042870F |>
00428711 |.
00428717 |.
[LOCAL.85]
00428718 |.
0042871E |.
fo.004083E0
00428723 |>
00428727 |.
00428729 |.
0042872B |.
00428731 |.
00428732 |.
00428737 |.
0042873A |.
0042873C |>
00428742 |.
00428749 |>
0042874B |.
0042874C \.
0042874F
00428750 /$
00428751 |.
00428753 |.
00428759 |.
0042875F |.
00428765 |.
0042876C |.
00428772 |.
00428779 |.
0042877F |.
00428786 |.
0042878C |.
00428793 |.
00428799 |.
004287A0 |.
004287A6 |.
004287AD |.
004287B3 |.
004287BA |.
004287C0 |.
004287C7 |.
004287C9 |.
004287CB |.
004287D1 |.
fo.004083E0
004287D6 |.
004287D8 |.
fo.0042F570
004287DD |.
004287E0 |.
004287E3 |.
004287E7 |.
004287E9 |.
004287EE |.

83CA 04
8995 ACFEFFFF
EB 0C
8B85 B4FEFFFF
8985 ACFEFFFF
6A 00
8B8D ACFEFFFF
51

OR EDX,00000004
MOV DWORD PTR SS:[LOCAL.85],EDX
JMP SHORT 0042870F
MOV EAX,DWORD PTR SS:[LOCAL.83]
MOV DWORD PTR SS:[LOCAL.85],EAX
PUSH 0
MOV ECX,DWORD PTR SS:[LOCAL.85]
PUSH ECX

; /Arg2 = 0
; |
; |Arg1 =>

8B8D B0FEFFFF MOV ECX,DWORD PTR SS:[LOCAL.84]


E8 BDFCFDFF CALL 004083E0

; |
; \SystemIn

0FB655 0C
85D2
74 11
8B85 B0FEFFFF
50
E8 3C560000
83C4 04
EB 0D
8B8D B0FEFFFF
C741 04 00000
8BE5
5D
C2 0800
CC
55
8BEC
81EC FC000000
898D 08FFFFFF
8B85 08FFFFFF
C740 24 00000
8B8D 08FFFFFF
C741 04 00000
8B95 08FFFFFF
C742 0C 00000
8B85 08FFFFFF
C740 10 01020
8B8D 08FFFFFF
C741 14 06000
8B95 08FFFFFF
C742 18 00000
8B85 08FFFFFF
C740 1C 00000
8B8D 08FFFFFF
C741 20 00000
6A 00
6A 00
8B8D 08FFFFFF
E8 0AFCFDFF

MOVZX EDX,BYTE PTR SS:[ARG.2]


TEST EDX,EDX
JE SHORT 0042873C
MOV EAX,DWORD PTR SS:[LOCAL.84]
PUSH EAX
CALL 0042DD73
ADD ESP,4
JMP SHORT 00428749
MOV ECX,DWORD PTR SS:[LOCAL.84]
MOV DWORD PTR DS:[ECX+4],0
MOV ESP,EBP
POP EBP
RETN 8
INT3
PUSH EBP
MOV EBP,ESP
SUB ESP,0FC
MOV DWORD PTR SS:[LOCAL.62],ECX
MOV EAX,DWORD PTR SS:[LOCAL.62]
MOV DWORD PTR DS:[EAX+24],0
MOV ECX,DWORD PTR SS:[LOCAL.62]
MOV DWORD PTR DS:[ECX+4],0
MOV EDX,DWORD PTR SS:[LOCAL.62]
MOV DWORD PTR DS:[EDX+0C],0
MOV EAX,DWORD PTR SS:[LOCAL.62]
MOV DWORD PTR DS:[EAX+10],201
MOV ECX,DWORD PTR SS:[LOCAL.62]
MOV DWORD PTR DS:[ECX+14],6
MOV EDX,DWORD PTR SS:[LOCAL.62]
MOV DWORD PTR DS:[EDX+18],0
MOV EAX,DWORD PTR SS:[LOCAL.62]
MOV DWORD PTR DS:[EAX+1C],0
MOV ECX,DWORD PTR SS:[LOCAL.62]
MOV DWORD PTR DS:[ECX+20],0
PUSH 0
PUSH 0
MOV ECX,DWORD PTR SS:[LOCAL.62]
CALL 004083E0

;
;
;
;

6A 04
E8 936D0000

PUSH 4
CALL 0042F570

; /Arg1 = 4
; \SystemIn

83C4 04
8945 FC
837D FC 00
74 21
E8 F9520000
8B55 FC

ADD ESP,4
MOV DWORD PTR SS:[LOCAL.1],EAX
CMP DWORD PTR SS:[LOCAL.1],0
JE SHORT 0042880A
CALL 0042DAE7
MOV EDX,DWORD PTR SS:[LOCAL.1]

/Arg2 = 0
|Arg1 = 0
|
\SystemIn

004287F1 |. 8902
004287F3 |. E8 FC500000
fo.0042D8F4
004287F8 |. 8BC8
004287FA |. E8 8106FEFF
004287FF |. 8B45 FC
00428802 |. 8985 04FFFFFF
00428808 |. EB 0A
0042880A |> C785 04FFFFFF
00428814 |> 8B8D 08FFFFFF
0042881A |. 8B95 04FFFFFF
00428820 |. 8951 24
00428823 |. 8BE5
00428825 |. 5D
00428826 \. C3
00428827
CC
00428828
CC
00428829
CC
0042882A
CC
0042882B
CC
0042882C
CC
0042882D
CC
0042882E
CC
0042882F
CC
00428830 /$ 55
o.00428830(guessed void)
00428831 |. 8BEC
00428833 |. 6A FF
00428835 |. 68 3B694400
0042883A |. 64:A1 0000000
00428840 |. 50
00428841 |. 83EC 10
00428844 |. A1 A0154500
00428849 |. 33C5
0042884B |. 50
0042884C |. 8D45 F4
0042884F |. 64:A3 0000000
00428855 |. 894D E8
00428858 |. 8B45 E8
0042885B |. C700 189C4400
00428861 |. 8B4D E8
00428864 |. 83C1 04
00428867 |. E8 31540000
0042886C |. C745 FC 00000
00428873 |. 6A 04
00428875 |. E8 F66C0000
fo.0042F570
0042887A |. 83C4 04
0042887D |. 8945 F0
00428880 |. 837D F0 00
00428884 |. 74 1E
00428886 |. E8 5C520000
0042888B |. 8B4D F0
0042888E |. 8901
00428890 |. E8 5F500000
fo.0042D8F4
00428895 |. 8BC8
00428897 |. E8 E405FEFF
0042889C |. 8B55 F0
0042889F |. 8955 E4

MOV DWORD PTR DS:[EDX],EAX


CALL 0042D8F4

; [SystemIn

MOV ECX,EAX
CALL 00408E80
MOV EAX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR SS:[LOCAL.63],EAX
JMP SHORT 00428814
MOV DWORD PTR SS:[LOCAL.63],0
MOV ECX,DWORD PTR SS:[LOCAL.62]
MOV EDX,DWORD PTR SS:[LOCAL.63]
MOV DWORD PTR DS:[ECX+24],EDX
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP

; SystemInf

MOV EBP,ESP
PUSH -1
PUSH 0044693B
MOV EAX,DWORD PTR FS:[0]
PUSH EAX
SUB ESP,10
MOV EAX,DWORD PTR DS:[4515A0]
XOR EAX,EBP
PUSH EAX
LEA EAX,[LOCAL.3]
MOV DWORD PTR FS:[0],EAX
MOV DWORD PTR SS:[LOCAL.6],ECX
MOV EAX,DWORD PTR SS:[LOCAL.6]
MOV DWORD PTR DS:[EAX],OFFSET 00449C18
MOV ECX,DWORD PTR SS:[LOCAL.6]
ADD ECX,4
CALL 0042DC9D
MOV DWORD PTR SS:[LOCAL.1],0
PUSH 4
CALL 0042F570

; /Arg1 = 4
; \SystemIn

ADD ESP,4
MOV DWORD PTR SS:[LOCAL.4],EAX
CMP DWORD PTR SS:[LOCAL.4],0
JE SHORT 004288A4
CALL 0042DAE7
MOV ECX,DWORD PTR SS:[LOCAL.4]
MOV DWORD PTR DS:[ECX],EAX
CALL 0042D8F4

; [SystemIn

MOV ECX,EAX
CALL 00408E80
MOV EDX,DWORD PTR SS:[LOCAL.4]
MOV DWORD PTR SS:[LOCAL.7],EDX

004288A2
004288A4
004288AB
004288AE
004288B1
004288B4
004288B7
004288BC
004288C3
004288C6
004288C9
004288D0
004288D1
004288D3
004288D4
004288D5
004288D6
004288D7
004288D8
004288D9
004288DA
004288DB
004288DC
004288DD
004288DE
004288DF
004288E0
004288E1
004288E3
004288E6
004288E9
004288EC
004288EF
004288F4
004288F7
004288FA
004288FC
004288FF
00428902
00428903
00428908
0042890B
0042890E
00428911
00428913
00428914
00428917
00428918
00428919
0042891A
0042891B
0042891C
0042891D
0042891E
0042891F
00428920
00428921
00428923
00428924
00428927

|.
|>
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
\.

/.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
\.

/.
|.
|.
|.
|.

EB 07
C745 E4 00000
8B45 E8
8B4D E4
8948 38
8B4D E8
E8 F4000000
C745 FC FFFFF
8B45 E8
8B4D F4
64:890D 00000
59
8BE5
5D
C3
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
55
8BEC
83EC 0C
894D F4
8B4D F4
83E9 04
E8 7C020000
8B45 08
83E0 01
74 0F
8B4D F4
83E9 04
51
E8 12600000
83C4 04
8B45 F4
83E8 04
8BE5
5D
C2 0400
CC
CC
CC
CC
CC
CC
CC
CC
CC
55
8BEC
51
894D FC
8B45 FC

JMP SHORT 004288AB


MOV DWORD PTR SS:[LOCAL.7],0
MOV EAX,DWORD PTR SS:[LOCAL.6]
MOV ECX,DWORD PTR SS:[LOCAL.7]
MOV DWORD PTR DS:[EAX+38],ECX
MOV ECX,DWORD PTR SS:[LOCAL.6]
CALL 004289B0
MOV DWORD PTR SS:[LOCAL.1],-1
MOV EAX,DWORD PTR SS:[LOCAL.6]
MOV ECX,DWORD PTR SS:[LOCAL.3]
MOV DWORD PTR FS:[0],ECX
POP ECX
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
SUB ESP,0C
MOV DWORD PTR SS:[LOCAL.3],ECX
MOV ECX,DWORD PTR SS:[LOCAL.3]
SUB ECX,4
CALL 00428B70
MOV EAX,DWORD PTR SS:[ARG.1]
AND EAX,00000001
JE SHORT 0042890B
MOV ECX,DWORD PTR SS:[LOCAL.3]
SUB ECX,4
PUSH ECX
CALL 0042E91A
ADD ESP,4
MOV EAX,DWORD PTR SS:[LOCAL.3]
SUB EAX,4
MOV ESP,EBP
POP EBP
RETN 4
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
PUSH ECX
MOV DWORD PTR SS:[LOCAL.1],ECX
MOV EAX,DWORD PTR SS:[LOCAL.1]

0042892A |. C700 008A4400


00428930 |. 8B4D FC
00428933 |. C701 F8894400
00428939 |. 8B55 FC
0042893C |. 52
ARG.ECX
0042893D |. E8 83540000
fo.0042DDC5
00428942 |. 83C4 04
00428945 |. 8B45 08
00428948 |. 83E0 01
0042894B |. 74 0C
0042894D |. 8B4D FC
00428950 |. 51
00428951 |. E8 C45F0000
00428956 |. 83C4 04
00428959 |> 8B45 FC
0042895C |. 8BE5
0042895E |. 5D
0042895F \. C2 0400
00428962
CC
00428963
CC
00428964
CC
00428965
CC
00428966
CC
00428967
CC
00428968
CC
00428969
CC
0042896A
CC
0042896B
CC
0042896C
CC
0042896D
CC
0042896E
CC
0042896F
CC
00428970 /$ 55
o.00428970(guessed Arg1)
00428971 |. 8BEC
00428973 |. 83EC 10
00428976 |. 894D F0
00428979 |. C745 FC 00000
00428980 |. 8B45 F0
00428983 |. 8B48 38
00428986 |. 894D F4
00428989 |. 8B55 08
0042898C |. 8B45 F4
0042898F |. 8B08
00428991 |. 890A
00428993 |. 8B55 08
00428996 |. 8B0A
00428998 |. E8 E304FEFF
0042899D |. 8B45 FC
004289A0 |. 83C8 01
004289A3 |. 8945 FC
004289A6 |. 8B45 08
004289A9 |. 8BE5
004289AB |. 5D
004289AC \. C2 0400
004289AF
CC
004289B0 /$ 55
004289B1 |. 8BEC

MOV DWORD PTR


MOV ECX,DWORD
MOV DWORD PTR
MOV EDX,DWORD
PUSH EDX

DS:[EAX],OFFSET 00448A00
PTR SS:[LOCAL.1]
DS:[ECX],OFFSET 004489F8
PTR SS:[LOCAL.1]
; /Arg1 =>

CALL 0042DDC5

; \SystemIn

ADD ESP,4
MOV EAX,DWORD PTR SS:[ARG.1]
AND EAX,00000001
JE SHORT 00428959
MOV ECX,DWORD PTR SS:[LOCAL.1]
PUSH ECX
CALL 0042E91A
ADD ESP,4
MOV EAX,DWORD PTR SS:[LOCAL.1]
MOV ESP,EBP
POP EBP
RETN 4
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP

; SystemInf

MOV EBP,ESP
SUB ESP,10
MOV DWORD PTR SS:[LOCAL.4],ECX
MOV DWORD PTR SS:[LOCAL.1],0
MOV EAX,DWORD PTR SS:[LOCAL.4]
MOV ECX,DWORD PTR DS:[EAX+38]
MOV DWORD PTR SS:[LOCAL.3],ECX
MOV EDX,DWORD PTR SS:[ARG.1]
MOV EAX,DWORD PTR SS:[LOCAL.3]
MOV ECX,DWORD PTR DS:[EAX]
MOV DWORD PTR DS:[EDX],ECX
MOV EDX,DWORD PTR SS:[ARG.1]
MOV ECX,DWORD PTR DS:[EDX]
CALL 00408E80
MOV EAX,DWORD PTR SS:[LOCAL.1]
OR EAX,00000001
MOV DWORD PTR SS:[LOCAL.1],EAX
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ESP,EBP
POP EBP
RETN 4
INT3
PUSH EBP
MOV EBP,ESP

004289B3
004289B4
004289B7
004289BA
004289BD
004289C0
004289C3
004289C6
004289C9
004289CC
004289CF
004289D2
004289D5
004289D8
004289DB
004289DE
004289E1
004289E4
004289E7
004289EA
004289ED
004289F0
004289F3
004289F6
004289F9
004289FC
004289FF
00428A02
00428A05
00428A0B
00428A0E
00428A11
00428A17
00428A19
00428A1C
00428A1F
00428A21
00428A24
00428A27
00428A2D
00428A30
00428A33
00428A39
00428A3B
00428A3E
00428A41
00428A43
00428A45
00428A46
00428A47
00428A48
00428A49
00428A4A
00428A4B
00428A4C
00428A4D
00428A4E
00428A4F
00428A50
00428A51

|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
\.

51
894D
8B45
83C0
8B4D
8941
8B55
83C2
8B45
8950
8B4D
83C1
8B55
894A
8B45
83C0
8B4D
8941
8B55
83C2
8B45
8950
8B4D
83C1
8B55
894A
8B45
8B48
C701
8B55
8B42
C700
33C9
8B55
8B42
8908
8B4D
8B51
C702
8B45
8B48
C701
33D2
8B45
8B48
8911
8BE5
5D
C3
CC
CC
CC
CC
CC
CC
CC
CC
CC
/. 55
|. 8BEC

PUSH ECX
MOV DWORD PTR
MOV EAX,DWORD
ADD EAX,8
MOV ECX,DWORD
MOV DWORD PTR
MOV EDX,DWORD
ADD EDX,0C
MOV EAX,DWORD
MOV DWORD PTR
MOV ECX,DWORD
ADD ECX,18
MOV EDX,DWORD
MOV DWORD PTR
MOV EAX,DWORD
ADD EAX,1C
MOV ECX,DWORD
MOV DWORD PTR
MOV EDX,DWORD
ADD EDX,28
MOV EAX,DWORD
MOV DWORD PTR
MOV ECX,DWORD
ADD ECX,2C
MOV EDX,DWORD
MOV DWORD PTR
MOV EAX,DWORD
MOV ECX,DWORD
MOV DWORD PTR
MOV EDX,DWORD
MOV EAX,DWORD
MOV DWORD PTR
XOR ECX,ECX
FC
MOV EDX,DWORD
34
MOV EAX,DWORD
MOV DWORD PTR
FC
MOV ECX,DWORD
10
MOV EDX,DWORD
00000000 MOV DWORD PTR
FC
MOV EAX,DWORD
20
MOV ECX,DWORD
00000000 MOV DWORD PTR
XOR EDX,EDX
FC
MOV EAX,DWORD
30
MOV ECX,DWORD
MOV DWORD PTR
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
FC
FC
08
FC
10
FC
0C
FC
14
FC
18
FC
20
FC
1C
FC
24
FC
28
FC
30
FC
2C
FC
34
FC
14
00000000
FC
24
00000000

SS:[LOCAL.1],ECX
PTR SS:[LOCAL.1]
PTR SS:[LOCAL.1]
DS:[ECX+10],EAX
PTR SS:[LOCAL.1]
PTR SS:[LOCAL.1]
DS:[EAX+14],EDX
PTR SS:[LOCAL.1]
PTR SS:[LOCAL.1]
DS:[EDX+20],ECX
PTR SS:[LOCAL.1]
PTR SS:[LOCAL.1]
DS:[ECX+24],EAX
PTR SS:[LOCAL.1]
PTR SS:[LOCAL.1]
DS:[EAX+30],EDX
PTR SS:[LOCAL.1]
PTR SS:[LOCAL.1]
DS:[EDX+34],ECX
PTR SS:[LOCAL.1]
PTR DS:[EAX+14]
DS:[ECX],0
PTR SS:[LOCAL.1]
PTR DS:[EDX+24]
DS:[EAX],0
PTR SS:[LOCAL.1]
PTR DS:[EDX+34]
DS:[EAX],ECX
PTR SS:[LOCAL.1]
PTR DS:[ECX+10]
DS:[EDX],0
PTR SS:[LOCAL.1]
PTR DS:[EAX+20]
DS:[ECX],0
PTR SS:[LOCAL.1]
PTR DS:[EAX+30]
DS:[ECX],EDX

00428A53 |.
00428A56 |.
00428A59 |.
00428A5C |.
fo.00426F80
00428A61 |.
00428A64 |.
00428A67 |.
00428A69 |.
00428A6C |.
00428A6D |.
00428A72 |.
00428A75 |>
00428A78 |.
00428A7A |.
00428A7B \.
00428A7E
00428A7F
00428A80 /.
00428A81 |.
00428A83 |.
00428A86 |.
00428A89 |.
00428A8C |.
00428A8F |.
00428A92 |.
00428A95 |.
00428A98 |.
fo.004279F0
00428A9D |.
00428AA0 |.
00428AA3 |.
00428AA6 |.
00428AA9 |.
00428AAF |.
00428AB2 |.
00428AB8 |.
00428ABB |.
ARG.ECX
00428ABC |.
fo.0042DDC5
00428AC1 |.
00428AC4 |.
00428AC7 |.
00428ACA |.
00428ACC |.
00428ACF |.
00428AD2 |.
00428AD3 |.
00428AD8 |.
00428ADB |>
00428ADE |.
00428AE1 |.
00428AE3 |.
00428AE4 \.
00428AE7
00428AE8
00428AE9
00428AEA
00428AEB

83EC 1C
894D E4
8B4D E4
E8 1FE5FFFF

SUB ESP,1C
MOV DWORD PTR SS:[LOCAL.7],ECX
MOV ECX,DWORD PTR SS:[LOCAL.7]
CALL 00426F80

; [SystemIn

8B45 08
83E0 01
74 0C
8B4D E4
51
E8 A85E0000
83C4 04
8B45 E4
8BE5
5D
C2 0400
CC
CC
55
8BEC
83EC 20
894D E0
8B45 E0
83E8 4C
8945 E4
8B4D E4
83C1 4C
E8 53EFFFFF

MOV EAX,DWORD PTR SS:[ARG.1]


AND EAX,00000001
JE SHORT 00428A75
MOV ECX,DWORD PTR SS:[LOCAL.7]
PUSH ECX
CALL 0042E91A
ADD ESP,4
MOV EAX,DWORD PTR SS:[LOCAL.7]
MOV ESP,EBP
POP EBP
RETN 4
INT3
INT3
PUSH EBP
MOV EBP,ESP
SUB ESP,20
MOV DWORD PTR SS:[LOCAL.8],ECX
MOV EAX,DWORD PTR SS:[LOCAL.8]
SUB EAX,4C
MOV DWORD PTR SS:[LOCAL.7],EAX
MOV ECX,DWORD PTR SS:[LOCAL.7]
ADD ECX,4C
CALL 004279F0

; [SystemIn

8B4D
83C1
894D
8B55
C702
8B45
C700
8B4D
51

MOV ECX,DWORD
ADD ECX,4C
MOV DWORD PTR
MOV EDX,DWORD
MOV DWORD PTR
MOV EAX,DWORD
MOV DWORD PTR
MOV ECX,DWORD
PUSH ECX

; /Arg1 =>

E4
4C
E8
E8
008A4400
E8
F8894400
E8

PTR SS:[LOCAL.7]
SS:[LOCAL.6],ECX
PTR SS:[LOCAL.6]
DS:[EDX],OFFSET 00448A00
PTR SS:[LOCAL.6]
DS:[EAX],OFFSET 004489F8
PTR SS:[LOCAL.6]

E8 04530000

CALL 0042DDC5

83C4 04
8B55 08
83E2 01
74 0F
8B45 E0
83E8 4C
50
E8 425E0000
83C4 04
8B45 E0
83E8 4C
8BE5
5D
C2 0400
CC
CC
CC
CC
CC

ADD ESP,4
MOV EDX,DWORD PTR SS:[ARG.1]
AND EDX,00000001
JE SHORT 00428ADB
MOV EAX,DWORD PTR SS:[LOCAL.8]
SUB EAX,4C
PUSH EAX
CALL 0042E91A
ADD ESP,4
MOV EAX,DWORD PTR SS:[LOCAL.8]
SUB EAX,4C
MOV ESP,EBP
POP EBP
RETN 4
INT3
INT3
INT3
INT3
INT3

; \SystemIn

00428AEC
00428AED
00428AEE
00428AEF
00428AF0 /.
00428AF1 |.
00428AF3 |.
00428AF5 |.
00428AFA |.
00428B00 |.
00428B01 |.
00428B04 |.
00428B09 |.
00428B0B |.
00428B0C |.
00428B0F |.
00428B15 |.
00428B18 |.
00428B1B |.
00428B21 |.
00428B28 |.
00428B2B |.
00428B30 |.
00428B37 |.
00428B3A |.
fo.00426F80
00428B3F |.
00428B42 |.
00428B45 |.
00428B47 |.
00428B4A |.
00428B4B |.
00428B50 |.
00428B53 |>
00428B56 |.
00428B59 |.
00428B60 |.
00428B61 |.
00428B63 |.
00428B64 \.
00428B67
00428B68
00428B69
00428B6A
00428B6B
00428B6C
00428B6D
00428B6E
00428B6F
00428B70 /$
00428B71 |.
00428B73 |.
00428B76 |.
00428B79 |.
00428B7C |.
00428B7F |.
00428B82 |.
00428B85 |.
00428B88 |.
00428B8B |.

CC
CC
CC
CC
55
8BEC
6A FF
68 68694400
64:A1 0000000
50
83EC 28
A1 A0154500
33C5
50
8D45 F4
64:A3 0000000
894D CC
8B45 CC
C700 DC9B4400
C745 FC 00000
8B4D CC
E8 A071FEFF
C745 FC FFFFF
8B4D CC
E8 41E4FFFF

INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
PUSH -1
PUSH 00446968
MOV EAX,DWORD PTR FS:[0]
PUSH EAX
SUB ESP,28
MOV EAX,DWORD PTR DS:[4515A0]
XOR EAX,EBP
PUSH EAX
LEA EAX,[LOCAL.3]
MOV DWORD PTR FS:[0],EAX
MOV DWORD PTR SS:[LOCAL.13],ECX
MOV EAX,DWORD PTR SS:[LOCAL.13]
MOV DWORD PTR DS:[EAX],OFFSET 00449BDC
MOV DWORD PTR SS:[LOCAL.1],0
MOV ECX,DWORD PTR SS:[LOCAL.13]
CALL 0040FCD0
MOV DWORD PTR SS:[LOCAL.1],-1
MOV ECX,DWORD PTR SS:[LOCAL.13]
CALL 00426F80

8B4D 08
83E1 01
74 0C
8B55 CC
52
E8 CA5D0000
83C4 04
8B45 CC
8B4D F4
64:890D 00000
59
8BE5
5D
C2 0400
CC
CC
CC
CC
CC
CC
CC
CC
CC
55
8BEC
83EC 0C
894D F4
8B45 F4
83C0 04
8945 FC
8B4D FC
8B51 FC
8B42 04
8B4D FC

MOV ECX,DWORD PTR SS:[ARG.1]


AND ECX,00000001
JE SHORT 00428B53
MOV EDX,DWORD PTR SS:[LOCAL.13]
PUSH EDX
CALL 0042E91A
ADD ESP,4
MOV EAX,DWORD PTR SS:[LOCAL.13]
MOV ECX,DWORD PTR SS:[LOCAL.3]
MOV DWORD PTR FS:[0],ECX
POP ECX
MOV ESP,EBP
POP EBP
RETN 4
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
SUB ESP,0C
MOV DWORD PTR SS:[LOCAL.3],ECX
MOV EAX,DWORD PTR SS:[LOCAL.3]
ADD EAX,4
MOV DWORD PTR SS:[LOCAL.1],EAX
MOV ECX,DWORD PTR SS:[LOCAL.1]
MOV EDX,DWORD PTR DS:[ECX-4]
MOV EAX,DWORD PTR DS:[EDX+4]
MOV ECX,DWORD PTR SS:[LOCAL.1]

; [SystemIn

00428B8E |. C74401 FC 749 MOV DWORD PTR DS:[EAX+ECX-4],OFFSET 0044


00428B96 |. 8B55 F4
MOV EDX,DWORD PTR SS:[LOCAL.3]
00428B99 |. 83C2 04
ADD EDX,4
00428B9C |. 8955 F8
MOV DWORD PTR SS:[LOCAL.2],EDX
00428B9F |. 8B45 F8
MOV EAX,DWORD PTR SS:[LOCAL.2]
00428BA2 |. C700 008A4400 MOV DWORD PTR DS:[EAX],OFFSET 00448A00
00428BA8 |. 8B4D F8
MOV ECX,DWORD PTR SS:[LOCAL.2]
00428BAB |. C701 F8894400 MOV DWORD PTR DS:[ECX],OFFSET 004489F8
00428BB1 |. 8B55 F8
MOV EDX,DWORD PTR SS:[LOCAL.2]
00428BB4 |. 52
PUSH EDX
[LOCAL.2]
00428BB5 |. E8 0B520000 CALL 0042DDC5
fo.0042DDC5
00428BBA |. 83C4 04
ADD ESP,4
00428BBD |. 8BE5
MOV ESP,EBP
00428BBF |. 5D
POP EBP
00428BC0 \. C3
RETN
00428BC1
CC
INT3
00428BC2
CC
INT3
00428BC3
CC
INT3
00428BC4
CC
INT3
00428BC5
CC
INT3
00428BC6
CC
INT3
00428BC7
CC
INT3
00428BC8
CC
INT3
00428BC9
CC
INT3
00428BCA
CC
INT3
00428BCB
CC
INT3
00428BCC
CC
INT3
00428BCD
CC
INT3
00428BCE
CC
INT3
00428BCF
CC
INT3
00428BD0 /> 55
PUSH EBP
00428BD1 |. 8BEC
MOV EBP,ESP
00428BD3 |. 83EC 1C
SUB ESP,1C
00428BD6 |. 894D E4
MOV DWORD PTR SS:[EBP-1C],ECX
00428BD9 |. 8B4D E4
MOV ECX,DWORD PTR SS:[EBP-1C]
00428BDC |. 83C1 4C
ADD ECX,4C
00428BDF |. E8 0CEEFFFF CALL 004279F0
fo.004279F0
00428BE4 |. 8B45 E4
MOV EAX,DWORD PTR SS:[EBP-1C]
00428BE7 |. 83C0 4C
ADD EAX,4C
00428BEA |. 8945 E8
MOV DWORD PTR SS:[EBP-18],EAX
00428BED |. 8B4D E8
MOV ECX,DWORD PTR SS:[EBP-18]
00428BF0 |. C701 008A4400 MOV DWORD PTR DS:[ECX],OFFSET 00448A00
00428BF6 |. 8B55 E8
MOV EDX,DWORD PTR SS:[EBP-18]
00428BF9 |. C702 F8894400 MOV DWORD PTR DS:[EDX],OFFSET 004489F8
00428BFF |. 8B45 E8
MOV EAX,DWORD PTR SS:[EBP-18]
00428C02 |. 50
PUSH EAX
00428C03 |. E8 BD510000 CALL 0042DDC5
fo.0042DDC5
00428C08 |. 83C4 04
ADD ESP,4
00428C0B |. 8BE5
MOV ESP,EBP
00428C0D |. 5D
POP EBP
00428C0E \. C3
RETN
00428C0F
CC
INT3
00428C10 /$ 55
PUSH EBP
o.00428C10(guessed Arg1,Arg2,Arg3,Arg4,Arg5)
00428C11 |. 8BEC
MOV EBP,ESP
00428C13 |. 83EC 54
SUB ESP,54

; /Arg1 =>
; \SystemIn

; [SystemIn

; /Arg1
; \SystemIn

; SystemInf

00428C16
00428C19
00428C1C
00428C1F
00428C22
00428C25
00428C27
00428C2A
00428C31
00428C34
00428C37
00428C3B
00428C3D
00428C42
00428C44
00428C46
00428C49
00428C4B
00428C4E
00428C50
00428C54
00428C57
00428C5A
00428C5C
00428C5E
00428C61
00428C63
00428C66
00428C69
00428C6C
00428C6E
00428C70
00428C75
00428C77
00428C79
00428C7C
00428C7E
00428C81
00428C84
00428C87
00428C89
00428C8F
00428C92
00428C95
00428C98
00428C9F
00428CA2
00428CA5
00428CA9
00428CAB
00428CB0
00428CB2
00428CB4
00428CB7
00428CB9
00428CBC
00428CBE
00428CC2
00428CC5
00428CC8

|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.^
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|>
|.^
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.^
|.
|.
|.
|.
|.
|.
|.
|.

894D AC
8B45 AC
8B48 18
894D DC
8B55 DC
8B02
8945 D8
C745 F8 00000
8B4D D8
894D FC
837D AC 00
75 05
E8 465C0000
33D2
75 FC
8B45 AC
8B08
894D F8
33D2
837D 0C 00
0F95C2
0FB6C2
85C0
74 12
8B4D 0C
33D2
3B4D F8
0F94C2
0FB6C2
85C0
75 05
E8 135C0000
33C9
75 FC
8B55 10
33C0
3B55 FC
0F94C0
0FB6C8
85C9
0F84 BB000000
8B55 AC
8B42 18
8945 D4
C745 F0 00000
8B4D D4
894D F4
837D AC 00
75 05
E8 D85B0000
33D2
75 FC
8B45 AC
8B08
894D F0
33D2
837D 14 00
0F95C2
0FB6C2
85C0

MOV DWORD PTR SS:[LOCAL.21],ECX


MOV EAX,DWORD PTR SS:[LOCAL.21]
MOV ECX,DWORD PTR DS:[EAX+18]
MOV DWORD PTR SS:[LOCAL.9],ECX
MOV EDX,DWORD PTR SS:[LOCAL.9]
MOV EAX,DWORD PTR DS:[EDX]
MOV DWORD PTR SS:[LOCAL.10],EAX
MOV DWORD PTR SS:[LOCAL.2],0
MOV ECX,DWORD PTR SS:[LOCAL.10]
MOV DWORD PTR SS:[LOCAL.1],ECX
CMP DWORD PTR SS:[LOCAL.21],0
JNE SHORT 00428C42
CALL 0042E888
/XOR EDX,EDX
\JNE SHORT 00428C42
MOV EAX,DWORD PTR SS:[LOCAL.21]
MOV ECX,DWORD PTR DS:[EAX]
MOV DWORD PTR SS:[LOCAL.2],ECX
XOR EDX,EDX
CMP DWORD PTR SS:[ARG.2],0
SETNE DL
MOVZX EAX,DL
TEST EAX,EAX
JE SHORT 00428C70
MOV ECX,DWORD PTR SS:[ARG.2]
XOR EDX,EDX
CMP ECX,DWORD PTR SS:[LOCAL.2]
SETE DL
MOVZX EAX,DL
TEST EAX,EAX
JNE SHORT 00428C75
CALL 0042E888
/XOR ECX,ECX
\JNE SHORT 00428C75
MOV EDX,DWORD PTR SS:[ARG.3]
XOR EAX,EAX
CMP EDX,DWORD PTR SS:[LOCAL.1]
SETE AL
MOVZX ECX,AL
TEST ECX,ECX
JE 00428D4A
MOV EDX,DWORD PTR SS:[LOCAL.21]
MOV EAX,DWORD PTR DS:[EDX+18]
MOV DWORD PTR SS:[LOCAL.11],EAX
MOV DWORD PTR SS:[LOCAL.4],0
MOV ECX,DWORD PTR SS:[LOCAL.11]
MOV DWORD PTR SS:[LOCAL.3],ECX
CMP DWORD PTR SS:[LOCAL.21],0
JNE SHORT 00428CB0
CALL 0042E888
/XOR EDX,EDX
\JNE SHORT 00428CB0
MOV EAX,DWORD PTR SS:[LOCAL.21]
MOV ECX,DWORD PTR DS:[EAX]
MOV DWORD PTR SS:[LOCAL.4],ECX
XOR EDX,EDX
CMP DWORD PTR SS:[ARG.4],0
SETNE DL
MOVZX EAX,DL
TEST EAX,EAX

00428CCA
00428CCC
00428CCF
00428CD1
00428CD4
00428CD7
00428CDA
00428CDC
00428CDE
00428CE3
00428CE5
00428CE7
00428CEA
00428CEC
00428CEF
00428CF2
00428CF5
00428CF7
00428CF9
00428CFC
00428D01
00428D04
00428D07
00428D0A
00428D0D
00428D0F
00428D12
00428D15
00428D1B
00428D1E
00428D21
00428D24
00428D28
00428D2A
00428D2F
00428D31
00428D33
00428D36
00428D39
00428D3B
00428D3D
00428D40
00428D45
00428D4A
00428D4C
00428D50
00428D53
00428D56
00428D58
00428D5A
00428D5D
00428D5F
00428D62
00428D65
00428D68
00428D6A
00428D6C
00428D71
00428D73
00428D75

|.
|.
|.
|.
|.
|.
|.
|.
|>
|>
|.^
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.^
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|>
|.^
|.

74 12
8B4D 14
33D2
3B4D F0
0F94C2
0FB6C2
85C0
75 05
E8 A55B0000
33C9
75 FC
8B55 18
33C0
3B55 F4
0F94C0
0FB6C8
85C9
74 51
8B4D AC
E8 5F230000
8B55 AC
8B42 18
8945 CC
8B4D CC
8B11
8955 C8
8B45 08
C700 00000000
8B4D 08
8B55 C8
8951 04
837D AC 00
75 05
E8 595B0000
33C0
75 FC
8B4D 08
8B55 AC
8B02
8901
8B45 08
E9 C3000000
E9 BE000000
33C9
837D 0C 00
0F95C1
0FB6D1
85D2
74 12
8B45 0C
33C9
3B45 14
0F94C1
0FB6D1
85D2
75 05
E8 175B0000
33C0
75 FC
8B4D 10

JE SHORT 00428CDE
MOV ECX,DWORD PTR SS:[ARG.4]
XOR EDX,EDX
CMP ECX,DWORD PTR SS:[LOCAL.4]
SETE DL
MOVZX EAX,DL
TEST EAX,EAX
JNE SHORT 00428CE3
CALL 0042E888
/XOR ECX,ECX
\JNE SHORT 00428CE3
MOV EDX,DWORD PTR SS:[ARG.5]
XOR EAX,EAX
CMP EDX,DWORD PTR SS:[LOCAL.3]
SETE AL
MOVZX ECX,AL
TEST ECX,ECX
JE SHORT 00428D4A
MOV ECX,DWORD PTR SS:[LOCAL.21]
CALL 0042B060
MOV EDX,DWORD PTR SS:[LOCAL.21]
MOV EAX,DWORD PTR DS:[EDX+18]
MOV DWORD PTR SS:[LOCAL.13],EAX
MOV ECX,DWORD PTR SS:[LOCAL.13]
MOV EDX,DWORD PTR DS:[ECX]
MOV DWORD PTR SS:[LOCAL.14],EDX
MOV EAX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR DS:[EAX],0
MOV ECX,DWORD PTR SS:[ARG.1]
MOV EDX,DWORD PTR SS:[LOCAL.14]
MOV DWORD PTR DS:[ECX+4],EDX
CMP DWORD PTR SS:[LOCAL.21],0
JNE SHORT 00428D2F
CALL 0042E888
/XOR EAX,EAX
\JNE SHORT 00428D2F
MOV ECX,DWORD PTR SS:[ARG.1]
MOV EDX,DWORD PTR SS:[LOCAL.21]
MOV EAX,DWORD PTR DS:[EDX]
MOV DWORD PTR DS:[ECX],EAX
MOV EAX,DWORD PTR SS:[ARG.1]
JMP 00428E08
JMP 00428E08
/XOR ECX,ECX
|CMP DWORD PTR SS:[ARG.2],0
|SETNE CL
|MOVZX EDX,CL
|TEST EDX,EDX
|JE SHORT 00428D6C
|MOV EAX,DWORD PTR SS:[ARG.2]
|XOR ECX,ECX
|CMP EAX,DWORD PTR SS:[ARG.4]
|SETE CL
|MOVZX EDX,CL
|TEST EDX,EDX
|JNE SHORT 00428D71
|CALL 0042E888
|/XOR EAX,EAX
|\JNE SHORT 00428D71
|MOV ECX,DWORD PTR SS:[ARG.3]

00428D78 |. 33D2
00428D7A |. 3B4D 18
00428D7D |. 0F94C2
00428D80 |. 0FB6C2
00428D83 |. F7D8
00428D85 |. 1BC0
00428D87 |. 83C0 01
00428D8A |. 0FB6C8
00428D8D |. 85C9
00428D8F |. 74 36
00428D91 |. 8B55 0C
00428D94 |. 8B45 10
00428D97 |. 8955 C0
00428D9A |. 8945 C4
00428D9D |. 8D4D 0C
00428DA0 |. E8 8B030000
00428DA5 |. 8B4D C0
00428DA8 |. 894D E8
00428DAB |. 8B55 C4
00428DAE |. 8955 EC
00428DB1 |. 8B45 EC
00428DB4 |. 50
[ARG.3]
00428DB5 |. 8B4D E8
00428DB8 |. 51
[ARG.2]
00428DB9 |. 8D55 E0
00428DBC |. 52
OFFSET LOCAL.8
00428DBD |. 8B4D AC
00428DC0 |. E8 6B1C0000
fo.0042AA30
00428DC5 |.^ EB 83
00428DC7 |> 8B45 0C
00428DCA |. 8945 B0
00428DCD |. 8B4D 10
00428DD0 |. 894D B4
00428DD3 |. C745 B8 00000
00428DDA |. 8B55 B4
00428DDD |. 8955 BC
00428DE0 |. 837D AC 00
00428DE4 |. 75 05
00428DE6 |. E8 9D5A0000
00428DEB |> 33C0
00428DED |.^ 75 FC
00428DEF |. 8B4D AC
00428DF2 |. 8B11
00428DF4 |. 8955 B8
00428DF7 |. 8B45 B8
00428DFA |. 8B4D BC
00428DFD |. 8B55 08
00428E00 |. 8902
00428E02 |. 894A 04
00428E05 |. 8B45 08
00428E08 |> 8BE5
00428E0A |. 5D
00428E0B \. C2 1400
00428E0E
CC
00428E0F
CC
00428E10 /$ 55

|XOR EDX,EDX
|CMP ECX,DWORD PTR SS:[ARG.5]
|SETE DL
|MOVZX EAX,DL
|NEG EAX
|SBB EAX,EAX
|ADD EAX,1
|MOVZX ECX,AL
|TEST ECX,ECX
|JE SHORT 00428DC7
|MOV EDX,DWORD PTR SS:[ARG.2]
|MOV EAX,DWORD PTR SS:[ARG.3]
|MOV DWORD PTR SS:[LOCAL.16],EDX
|MOV DWORD PTR SS:[LOCAL.15],EAX
|LEA ECX,[ARG.2]
|CALL 00429130
|MOV ECX,DWORD PTR SS:[LOCAL.16]
|MOV DWORD PTR SS:[LOCAL.6],ECX
|MOV EDX,DWORD PTR SS:[LOCAL.15]
|MOV DWORD PTR SS:[LOCAL.5],EDX
|MOV EAX,DWORD PTR SS:[LOCAL.5]
|PUSH EAX

; /Arg3 =>

|MOV ECX,DWORD PTR SS:[LOCAL.6]


|PUSH ECX

; |
; |Arg2 =>

|LEA EDX,[LOCAL.8]
|PUSH EDX

; |
; |Arg1 =>

|MOV ECX,DWORD PTR SS:[LOCAL.21]


|CALL 0042AA30

; |
; \SystemIn

\JMP SHORT 00428D4A


MOV EAX,DWORD PTR SS:[ARG.2]
MOV DWORD PTR SS:[LOCAL.20],EAX
MOV ECX,DWORD PTR SS:[ARG.3]
MOV DWORD PTR SS:[LOCAL.19],ECX
MOV DWORD PTR SS:[LOCAL.18],0
MOV EDX,DWORD PTR SS:[LOCAL.19]
MOV DWORD PTR SS:[LOCAL.17],EDX
CMP DWORD PTR SS:[LOCAL.21],0
JNE SHORT 00428DEB
CALL 0042E888
/XOR EAX,EAX
\JNE SHORT 00428DEB
MOV ECX,DWORD PTR SS:[LOCAL.21]
MOV EDX,DWORD PTR DS:[ECX]
MOV DWORD PTR SS:[LOCAL.18],EDX
MOV EAX,DWORD PTR SS:[LOCAL.18]
MOV ECX,DWORD PTR SS:[LOCAL.17]
MOV EDX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR DS:[EDX],EAX
MOV DWORD PTR DS:[EDX+4],ECX
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ESP,EBP
POP EBP
RETN 14
INT3
INT3
PUSH EBP

00428E11 |. 8BEC
00428E13 |. 83EC 08
00428E16 |. 894D F8
00428E19 |. 8B4D F8
00428E1C |. E8 9F220000
00428E21 |. 8B4D F8
00428E24 |. 8941 18
00428E27 |. 8B55 F8
00428E2A |. 8B42 18
00428E2D |. C640 29 01
00428E31 |. 8B4D F8
00428E34 |. 8B51 18
00428E37 |. 8B45 F8
00428E3A |. 8B48 18
00428E3D |. 894A 04
00428E40 |. 8B55 F8
00428E43 |. 8B42 18
00428E46 |. 8945 FC
00428E49 |. 8B4D FC
00428E4C |. 8B55 F8
00428E4F |. 8B42 18
00428E52 |. 8901
00428E54 |. 8B4D F8
00428E57 |. 8B51 18
00428E5A |. 8B45 F8
00428E5D |. 8B48 18
00428E60 |. 894A 08
00428E63 |. 8B55 F8
00428E66 |. C742 1C 00000
00428E6D |. 8BE5
00428E6F |. 5D
00428E70 \. C3
00428E71
CC
00428E72
CC
00428E73
CC
00428E74
CC
00428E75
CC
00428E76
CC
00428E77
CC
00428E78
CC
00428E79
CC
00428E7A
CC
00428E7B
CC
00428E7C
CC
00428E7D
CC
00428E7E
CC
00428E7F
CC
00428E80 /$ 55
o.00428E80(guessed Arg1)
00428E81 |. 8BEC
00428E83 |. 83EC 10
00428E86 |. 894D F0
00428E89 |. 8B45 08
00428E8C |. 8B48 08
00428E8F |. 894D FC
00428E92 |. 8B55 08
00428E95 |. 8B45 FC
00428E98 |. 8B08
00428E9A |. 894A 08
00428E9D |. 8B55 FC

MOV EBP,ESP
SUB ESP,8
MOV DWORD PTR SS:[LOCAL.2],ECX
MOV ECX,DWORD PTR SS:[LOCAL.2]
CALL 0042B0C0
MOV ECX,DWORD PTR SS:[LOCAL.2]
MOV DWORD PTR DS:[ECX+18],EAX
MOV EDX,DWORD PTR SS:[LOCAL.2]
MOV EAX,DWORD PTR DS:[EDX+18]
MOV BYTE PTR DS:[EAX+29],1
MOV ECX,DWORD PTR SS:[LOCAL.2]
MOV EDX,DWORD PTR DS:[ECX+18]
MOV EAX,DWORD PTR SS:[LOCAL.2]
MOV ECX,DWORD PTR DS:[EAX+18]
MOV DWORD PTR DS:[EDX+4],ECX
MOV EDX,DWORD PTR SS:[LOCAL.2]
MOV EAX,DWORD PTR DS:[EDX+18]
MOV DWORD PTR SS:[LOCAL.1],EAX
MOV ECX,DWORD PTR SS:[LOCAL.1]
MOV EDX,DWORD PTR SS:[LOCAL.2]
MOV EAX,DWORD PTR DS:[EDX+18]
MOV DWORD PTR DS:[ECX],EAX
MOV ECX,DWORD PTR SS:[LOCAL.2]
MOV EDX,DWORD PTR DS:[ECX+18]
MOV EAX,DWORD PTR SS:[LOCAL.2]
MOV ECX,DWORD PTR DS:[EAX+18]
MOV DWORD PTR DS:[EDX+8],ECX
MOV EDX,DWORD PTR SS:[LOCAL.2]
MOV DWORD PTR DS:[EDX+1C],0
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV
SUB
MOV
MOV
MOV
MOV
MOV
MOV
MOV
MOV
MOV

EBP,ESP
ESP,10
DWORD PTR
EAX,DWORD
ECX,DWORD
DWORD PTR
EDX,DWORD
EAX,DWORD
ECX,DWORD
DWORD PTR
EDX,DWORD

SS:[LOCAL.4],ECX
PTR SS:[ARG.1]
PTR DS:[EAX+8]
SS:[LOCAL.1],ECX
PTR SS:[ARG.1]
PTR SS:[LOCAL.1]
PTR DS:[EAX]
DS:[EDX+8],ECX
PTR SS:[LOCAL.1]

; SystemInf

00428EA0
00428EA2
00428EA6
00428EA8
00428EAA
00428EAD
00428EAF
00428EB2
00428EB5
00428EB8
00428EBB
00428EBE
00428EC1
00428EC4
00428EC7
00428ECA
00428ECD
00428ECF
00428ED2
00428ED5
00428ED8
00428EDB
00428EDD
00428EE0
00428EE3
00428EE6
00428EE9
00428EEC
00428EEE
00428EF0
00428EF3
00428EF6
00428EF9
00428EFC
00428EFF
00428F01
00428F03
00428F06
00428F09
00428F0C
00428F0F
00428F12
00428F15
00428F17
00428F1A
00428F1D
00428F20
00428F22
00428F23
00428F26
00428F27
00428F28
00428F29
00428F2A
00428F2B
00428F2C
00428F2D
00428F2E
00428F2F
00428F30

|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
\.

8B02
0FBE48 29
85C9
75 0B
8B55 FC
8B02
8B4D 08
8948 04
8B55 FC
8B45 08
8B48 04
894A 04
8B55 F0
8B42 18
8B4D 08
3B48 04
75 0E
8B55 F0
8B42 18
8B4D FC
8948 04
EB 32
8B55 08
8B42 04
8945 F8
8B4D F8
8B55 08
3B11
75 13
8B45 08
8B48 04
894D F4
8B55 F4
8B45 FC
8902
EB 0C
8B4D 08
8B51 04
8B45 FC
8942 08
8B4D FC
8B55 08
8911
8B45 08
8B4D FC
8948 04
8BE5
5D
C2 0400
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
/$ 55

MOV EAX,DWORD PTR DS:[EDX]


MOVSX ECX,BYTE PTR DS:[EAX+29]
TEST ECX,ECX
JNE SHORT 00428EB5
MOV EDX,DWORD PTR SS:[LOCAL.1]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR DS:[EAX+4],ECX
MOV EDX,DWORD PTR SS:[LOCAL.1]
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR DS:[EDX+4],ECX
MOV EDX,DWORD PTR SS:[LOCAL.4]
MOV EAX,DWORD PTR DS:[EDX+18]
MOV ECX,DWORD PTR SS:[ARG.1]
CMP ECX,DWORD PTR DS:[EAX+4]
JNE SHORT 00428EDD
MOV EDX,DWORD PTR SS:[LOCAL.4]
MOV EAX,DWORD PTR DS:[EDX+18]
MOV ECX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR DS:[EAX+4],ECX
JMP SHORT 00428F0F
MOV EDX,DWORD PTR SS:[ARG.1]
MOV EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.2],EAX
MOV ECX,DWORD PTR SS:[LOCAL.2]
MOV EDX,DWORD PTR SS:[ARG.1]
CMP EDX,DWORD PTR DS:[ECX]
JNE SHORT 00428F03
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.3],ECX
MOV EDX,DWORD PTR SS:[LOCAL.3]
MOV EAX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR DS:[EDX],EAX
JMP SHORT 00428F0F
MOV ECX,DWORD PTR SS:[ARG.1]
MOV EDX,DWORD PTR DS:[ECX+4]
MOV EAX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR DS:[EDX+8],EAX
MOV ECX,DWORD PTR SS:[LOCAL.1]
MOV EDX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR DS:[ECX],EDX
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ECX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR DS:[EAX+4],ECX
MOV ESP,EBP
POP EBP
RETN 4
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP

; SystemInf

o.00428F30(guessed Arg1)
00428F31 |. 8BEC
00428F33 |. 83EC 0C
00428F36 |. 894D F4
00428F39 |. 8B45 08
00428F3C |. 8B08
00428F3E |. 894D FC
00428F41 |. 8B55 08
00428F44 |. 8B45 FC
00428F47 |. 8B48 08
00428F4A |. 890A
00428F4C |. 8B55 FC
00428F4F |. 8B42 08
00428F52 |. 0FBE48 29
00428F56 |. 85C9
00428F58 |. 75 0C
00428F5A |. 8B55 FC
00428F5D |. 8B42 08
00428F60 |. 8B4D 08
00428F63 |. 8948 04
00428F66 |> 8B55 FC
00428F69 |. 8B45 08
00428F6C |. 8B48 04
00428F6F |. 894A 04
00428F72 |. 8B55 F4
00428F75 |. 8B42 18
00428F78 |. 8B4D 08
00428F7B |. 3B48 04
00428F7E |. 75 0E
00428F80 |. 8B55 F4
00428F83 |. 8B42 18
00428F86 |. 8B4D FC
00428F89 |. 8948 04
00428F8C |. EB 2D
00428F8E |> 8B55 08
00428F91 |. 8B42 04
00428F94 |. 8B4D 08
00428F97 |. 3B48 08
00428F9A |. 75 0E
00428F9C |. 8B55 08
00428F9F |. 8B42 04
00428FA2 |. 8B4D FC
00428FA5 |. 8948 08
00428FA8 |. EB 11
00428FAA |> 8B55 08
00428FAD |. 8B42 04
00428FB0 |. 8945 F8
00428FB3 |. 8B4D F8
00428FB6 |. 8B55 FC
00428FB9 |. 8911
00428FBB |> 8B45 FC
00428FBE |. 8B4D 08
00428FC1 |. 8948 08
00428FC4 |. 8B55 08
00428FC7 |. 8B45 FC
00428FCA |. 8942 04
00428FCD |. 8BE5
00428FCF |. 5D
00428FD0 \. C2 0400
00428FD3
CC

MOV EBP,ESP
SUB ESP,0C
MOV DWORD PTR SS:[LOCAL.3],ECX
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ECX,DWORD PTR DS:[EAX]
MOV DWORD PTR SS:[LOCAL.1],ECX
MOV EDX,DWORD PTR SS:[ARG.1]
MOV EAX,DWORD PTR SS:[LOCAL.1]
MOV ECX,DWORD PTR DS:[EAX+8]
MOV DWORD PTR DS:[EDX],ECX
MOV EDX,DWORD PTR SS:[LOCAL.1]
MOV EAX,DWORD PTR DS:[EDX+8]
MOVSX ECX,BYTE PTR DS:[EAX+29]
TEST ECX,ECX
JNE SHORT 00428F66
MOV EDX,DWORD PTR SS:[LOCAL.1]
MOV EAX,DWORD PTR DS:[EDX+8]
MOV ECX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR DS:[EAX+4],ECX
MOV EDX,DWORD PTR SS:[LOCAL.1]
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR DS:[EDX+4],ECX
MOV EDX,DWORD PTR SS:[LOCAL.3]
MOV EAX,DWORD PTR DS:[EDX+18]
MOV ECX,DWORD PTR SS:[ARG.1]
CMP ECX,DWORD PTR DS:[EAX+4]
JNE SHORT 00428F8E
MOV EDX,DWORD PTR SS:[LOCAL.3]
MOV EAX,DWORD PTR DS:[EDX+18]
MOV ECX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR DS:[EAX+4],ECX
JMP SHORT 00428FBB
MOV EDX,DWORD PTR SS:[ARG.1]
MOV EAX,DWORD PTR DS:[EDX+4]
MOV ECX,DWORD PTR SS:[ARG.1]
CMP ECX,DWORD PTR DS:[EAX+8]
JNE SHORT 00428FAA
MOV EDX,DWORD PTR SS:[ARG.1]
MOV EAX,DWORD PTR DS:[EDX+4]
MOV ECX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR DS:[EAX+8],ECX
JMP SHORT 00428FBB
MOV EDX,DWORD PTR SS:[ARG.1]
MOV EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.2],EAX
MOV ECX,DWORD PTR SS:[LOCAL.2]
MOV EDX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR DS:[ECX],EDX
MOV EAX,DWORD PTR SS:[LOCAL.1]
MOV ECX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR DS:[EAX+8],ECX
MOV EDX,DWORD PTR SS:[ARG.1]
MOV EAX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR DS:[EDX+4],EAX
MOV ESP,EBP
POP EBP
RETN 4
INT3

00428FD4
CC
INT3
00428FD5
CC
INT3
00428FD6
CC
INT3
00428FD7
CC
INT3
00428FD8
CC
INT3
00428FD9
CC
INT3
00428FDA
CC
INT3
00428FDB
CC
INT3
00428FDC
CC
INT3
00428FDD
CC
INT3
00428FDE
CC
INT3
00428FDF
CC
INT3
00428FE0 /$ 55
PUSH EBP
o.00428FE0(guessed Arg1,Arg2,Arg3,Arg4,Arg5)
00428FE1 |. 8BEC
MOV EBP,ESP
00428FE3 |. 6A FF
PUSH -1
00428FE5 |. 68 A1694400 PUSH 004469A1
00428FEA |. 64:A1 0000000 MOV EAX,DWORD PTR FS:[0]
00428FF0 |. 50
PUSH EAX
00428FF1 |. 51
PUSH ECX
00428FF2 |. 83EC 58
SUB ESP,58
00428FF5 |. 53
PUSH EBX
00428FF6 |. 56
PUSH ESI
00428FF7 |. 57
PUSH EDI
00428FF8 |. A1 A0154500 MOV EAX,DWORD PTR DS:[4515A0]
00428FFD |. 33C5
XOR EAX,EBP
00428FFF |. 50
PUSH EAX
00429000 |. 8D45 F4
LEA EAX,[LOCAL.3]
00429003 |. 64:A3 0000000 MOV DWORD PTR FS:[0],EAX
00429009 |. 8965 F0
MOV DWORD PTR SS:[LOCAL.4],ESP
0042900C |. 894D 9C
MOV DWORD PTR SS:[LOCAL.25],ECX
0042900F |. 6A 00
PUSH 0
00429011 |. 6A 01
PUSH 1
00429013 |. E8 98420000 CALL 0042D2B0
00429018 |. 83C4 08
ADD ESP,8
0042901B |. 8945 EC
MOV DWORD PTR SS:[LOCAL.5],EAX
0042901E |. C745 FC 00000 MOV DWORD PTR SS:[LOCAL.1],0
00429025 |. 8B45 EC
MOV EAX,DWORD PTR SS:[LOCAL.5]
00429028 |. 8945 E4
MOV DWORD PTR SS:[LOCAL.7],EAX
0042902B |. C645 FC 01
MOV BYTE PTR SS:[LOCAL.1],1
0042902F |. 837D E4 00
CMP DWORD PTR SS:[LOCAL.7],0
00429033 |. 74 5C
JE SHORT 00429091
00429035 |. 8B4D E4
MOV ECX,DWORD PTR SS:[LOCAL.7]
00429038 |. 8B55 08
MOV EDX,DWORD PTR SS:[ARG.1]
0042903B |. 8911
MOV DWORD PTR DS:[ECX],EDX
0042903D |. 8B45 E4
MOV EAX,DWORD PTR SS:[LOCAL.7]
00429040 |. 8B4D 0C
MOV ECX,DWORD PTR SS:[ARG.2]
00429043 |. 8948 04
MOV DWORD PTR DS:[EAX+4],ECX
00429046 |. 8B55 E4
MOV EDX,DWORD PTR SS:[LOCAL.7]
00429049 |. 8B45 10
MOV EAX,DWORD PTR SS:[ARG.3]
0042904C |. 8942 08
MOV DWORD PTR DS:[EDX+8],EAX
0042904F |. 8B4D E4
MOV ECX,DWORD PTR SS:[LOCAL.7]
00429052 |. 83C1 0C
ADD ECX,0C
00429055 |. 894D A0
MOV DWORD PTR SS:[LOCAL.24],ECX
00429058 |. 6A 00
PUSH 0
0042905A |. 6A 00
PUSH 0
0042905C |. 8B4D A0
MOV ECX,DWORD PTR SS:[LOCAL.24]
0042905F |. E8 FC6AFEFF CALL 0040FB60
fo.0040FB60
00429064 |. 8B15 AC874400 MOV EDX,DWORD PTR DS:[4487AC]

; SystemInf

;
;
;
;

/Arg2 = 0
|Arg1 = 0
|
\SystemIn

0042906A |. 52
PUSH EDX
[4487AC] = -1
0042906B |. 6A 00
PUSH 0
0042906D |. 8B45 14
MOV EAX,DWORD PTR SS:[ARG.4]
00429070 |. 50
PUSH EAX
[ARG.4]
00429071 |. 8B4D A0
MOV ECX,DWORD PTR SS:[LOCAL.24]
00429074 |. E8 A75FFEFF CALL 0040F020
fo.0040F020
00429079 |. 8B4D E4
MOV ECX,DWORD PTR SS:[LOCAL.7]
0042907C |. 8A55 18
MOV DL,BYTE PTR SS:[ARG.5]
0042907F |. 8851 28
MOV BYTE PTR DS:[ECX+28],DL
00429082 |. 8B45 E4
MOV EAX,DWORD PTR SS:[LOCAL.7]
00429085 |. C640 29 00
MOV BYTE PTR DS:[EAX+29],0
00429089 |. 8B4D E4
MOV ECX,DWORD PTR SS:[LOCAL.7]
0042908C |. 894D 98
MOV DWORD PTR SS:[LOCAL.26],ECX
0042908F |. EB 07
JMP SHORT 00429098
00429091 |> C745 98 00000 MOV DWORD PTR SS:[LOCAL.26],0
00429098 |> 8B55 98
MOV EDX,DWORD PTR SS:[LOCAL.26]
0042909B |. 8955 E8
MOV DWORD PTR SS:[LOCAL.6],EDX
0042909E |. C645 FC 00
MOV BYTE PTR SS:[LOCAL.1],0
004290A2 \. EB 22
JMP SHORT 004290C6
004290A4 /. 8B45 EC
MOV EAX,DWORD PTR SS:[EBP-14]
004290A7 |. 50
PUSH EAX
004290A8 |. E8 6D580000 CALL 0042E91A
004290AD |. 83C4 04
ADD ESP,4
004290B0 |. 6A 00
PUSH 0
004290B2 |. 6A 00
PUSH 0
004290B4 |. E8 6C580000 CALL 0042E925
fo.0042E925
004290B9 |. C745 FC FFFFF MOV DWORD PTR SS:[EBP-4],-1
004290C0 |. B8 CD904200 MOV EAX,004290CD
004290C5 \. C3
RETN
004290C6 /> C745 FC FFFFF MOV DWORD PTR SS:[LOCAL.1],-1
004290CD |. 8B45 EC
MOV EAX,DWORD PTR SS:[LOCAL.5]
004290D0 |. 8B4D F4
MOV ECX,DWORD PTR SS:[LOCAL.3]
004290D3 |. 64:890D 00000 MOV DWORD PTR FS:[0],ECX
004290DA |. 59
POP ECX
004290DB |. 5F
POP EDI
004290DC |. 5E
POP ESI
004290DD |. 5B
POP EBX
004290DE |. 8BE5
MOV ESP,EBP
004290E0 |. 5D
POP EBP
004290E1 \. C2 1400
RETN 14
004290E4
CC
INT3
004290E5
CC
INT3
004290E6
CC
INT3
004290E7
CC
INT3
004290E8
CC
INT3
004290E9
CC
INT3
004290EA
CC
INT3
004290EB
CC
INT3
004290EC
CC
INT3
004290ED
CC
INT3
004290EE
CC
INT3
004290EF
CC
INT3
004290F0 /$ 55
PUSH EBP
o.004290F0(guessed Arg1,Arg2)
004290F1 |. 8BEC
MOV EBP,ESP
004290F3 |. 51
PUSH ECX

; /Arg3 =>
; |Arg2 = 0
; |
; |Arg1 =>
; |
; \SystemIn

; /Arg2 = 0
; |Arg1 = 0
; \SystemIn

; SystemInf

004290F4
004290F7
004290FA
00429100
00429103
00429106
00429109
0042910D
0042910F
00429114
00429116
00429118
0042911B
0042911E
00429120
00429122
00429125
00429127
00429128
0042912B
0042912C
0042912D
0042912E
0042912F
00429130
00429131
00429133
00429136
00429139
0042913C
0042913E
00429141
00429144
00429147
00429149
0042914B
00429150
00429152
00429154
00429157
0042915A
0042915E
00429160
00429162
00429167
0042916C
0042916F
00429172
00429175
00429178
0042917B
0042917D
00429181
00429183
00429185
00429188
0042918B
0042918E
00429191
00429194

|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.^
|.
|.
|.
|.
|.
|.
|.
\.

/$
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.^
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.

894D FC
8B45 FC
C700 00000000
8B4D FC
8B55 08
8951 04
837D 0C 00
75 05
E8 74570000
33C0
75 FC
8B4D FC
8B55 0C
8B02
8901
8B45 FC
8BE5
5D
C2 0800
CC
CC
CC
CC
CC
55
8BEC
83EC 14
894D EC
8B45 EC
33C9
8338 00
0F95C1
0FB6D1
85D2
75 05
E8 38570000
33C0
75 FC
8B4D EC
8B51 04
0FBE42 29
85C0
74 0A
E8 21570000
E9 88000000
8B4D EC
8B51 04
83C2 08
8955 F8
8B45 F8
8B08
0FBE51 29
85D2
75 36
8B45 EC
8B48 04
83C1 08
894D F4
8B55 F4
8B02

MOV DWORD PTR SS:[LOCAL.1],ECX


MOV EAX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR DS:[EAX],0
MOV ECX,DWORD PTR SS:[LOCAL.1]
MOV EDX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR DS:[ECX+4],EDX
CMP DWORD PTR SS:[ARG.2],0
JNE SHORT 00429114
CALL 0042E888
/XOR EAX,EAX
\JNE SHORT 00429114
MOV ECX,DWORD PTR SS:[LOCAL.1]
MOV EDX,DWORD PTR SS:[ARG.2]
MOV EAX,DWORD PTR DS:[EDX]
MOV DWORD PTR DS:[ECX],EAX
MOV EAX,DWORD PTR SS:[LOCAL.1]
MOV ESP,EBP
POP EBP
RETN 8
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
SUB ESP,14
MOV DWORD PTR SS:[LOCAL.5],ECX
MOV EAX,DWORD PTR SS:[LOCAL.5]
XOR ECX,ECX
CMP DWORD PTR DS:[EAX],0
SETNE CL
MOVZX EDX,CL
TEST EDX,EDX
JNE SHORT 00429150
CALL 0042E888
/XOR EAX,EAX
\JNE SHORT 00429150
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV EDX,DWORD PTR DS:[ECX+4]
MOVSX EAX,BYTE PTR DS:[EDX+29]
TEST EAX,EAX
JE SHORT 0042916C
CALL 0042E888
JMP 004291F4
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV EDX,DWORD PTR DS:[ECX+4]
ADD EDX,8
MOV DWORD PTR SS:[LOCAL.2],EDX
MOV EAX,DWORD PTR SS:[LOCAL.2]
MOV ECX,DWORD PTR DS:[EAX]
MOVSX EDX,BYTE PTR DS:[ECX+29]
TEST EDX,EDX
JNE SHORT 004291BB
MOV EAX,DWORD PTR SS:[LOCAL.5]
MOV ECX,DWORD PTR DS:[EAX+4]
ADD ECX,8
MOV DWORD PTR SS:[LOCAL.3],ECX
MOV EDX,DWORD PTR SS:[LOCAL.3]
MOV EAX,DWORD PTR DS:[EDX]

00429196 |. 8945 F0
MOV DWORD PTR SS:[LOCAL.4],EAX
00429199 |> 8B4D F0
/MOV ECX,DWORD PTR SS:[LOCAL.4]
0042919C |. 8B11
|MOV EDX,DWORD PTR DS:[ECX]
0042919E |. 0FBE42 29
|MOVSX EAX,BYTE PTR DS:[EDX+29]
004291A2 |. 85C0
|TEST EAX,EAX
004291A4 |. 75 0A
|JNE SHORT 004291B0
004291A6 |. 8B4D F0
|MOV ECX,DWORD PTR SS:[LOCAL.4]
004291A9 |. 8B11
|MOV EDX,DWORD PTR DS:[ECX]
004291AB |. 8955 F0
|MOV DWORD PTR SS:[LOCAL.4],EDX
004291AE |.^ EB E9
\JMP SHORT 00429199
004291B0 |> 8B45 EC
MOV EAX,DWORD PTR SS:[LOCAL.5]
004291B3 |. 8B4D F0
MOV ECX,DWORD PTR SS:[LOCAL.4]
004291B6 |. 8948 04
MOV DWORD PTR DS:[EAX+4],ECX
004291B9 |. EB 39
JMP SHORT 004291F4
004291BB |> 8B55 EC
/MOV EDX,DWORD PTR SS:[LOCAL.5]
004291BE |. 8B42 04
|MOV EAX,DWORD PTR DS:[EDX+4]
004291C1 |. 8B48 04
|MOV ECX,DWORD PTR DS:[EAX+4]
004291C4 |. 894D FC
|MOV DWORD PTR SS:[LOCAL.1],ECX
004291C7 |. 8B55 FC
|MOV EDX,DWORD PTR SS:[LOCAL.1]
004291CA |. 0FBE42 29
|MOVSX EAX,BYTE PTR DS:[EDX+29]
004291CE |. 85C0
|TEST EAX,EAX
004291D0 |. 75 19
|JNE SHORT 004291EB
004291D2 |. 8B4D EC
|MOV ECX,DWORD PTR SS:[LOCAL.5]
004291D5 |. 8B55 FC
|MOV EDX,DWORD PTR SS:[LOCAL.1]
004291D8 |. 8B41 04
|MOV EAX,DWORD PTR DS:[ECX+4]
004291DB |. 3B42 08
|CMP EAX,DWORD PTR DS:[EDX+8]
004291DE |. 75 0B
|JNE SHORT 004291EB
004291E0 |. 8B4D EC
|MOV ECX,DWORD PTR SS:[LOCAL.5]
004291E3 |. 8B55 FC
|MOV EDX,DWORD PTR SS:[LOCAL.1]
004291E6 |. 8951 04
|MOV DWORD PTR DS:[ECX+4],EDX
004291E9 |.^ EB D0
\JMP SHORT 004291BB
004291EB |> 8B45 EC
MOV EAX,DWORD PTR SS:[LOCAL.5]
004291EE |. 8B4D FC
MOV ECX,DWORD PTR SS:[LOCAL.1]
004291F1 |. 8948 04
MOV DWORD PTR DS:[EAX+4],ECX
004291F4 |> 8BE5
MOV ESP,EBP
004291F6 |. 5D
POP EBP
004291F7 \. C3
RETN
004291F8
CC
INT3
004291F9
CC
INT3
004291FA
CC
INT3
004291FB
CC
INT3
004291FC
CC
INT3
004291FD
CC
INT3
004291FE
CC
INT3
004291FF
CC
INT3
00429200 /$ 55
PUSH EBP
o.00429200(guessed Arg1,Arg2)
00429201 |. 8BEC
MOV EBP,ESP
00429203 |. 81EC B4000000 SUB ESP,0B4
00429209 |. 898D 50FFFFFF MOV DWORD PTR SS:[LOCAL.44],ECX
0042920F |. 8B85 50FFFFFF MOV EAX,DWORD PTR SS:[LOCAL.44]
00429215 |. 8B48 18
MOV ECX,DWORD PTR DS:[EAX+18]
00429218 |. 8B51 04
MOV EDX,DWORD PTR DS:[ECX+4]
0042921B |. 8955 F4
MOV DWORD PTR SS:[LOCAL.3],EDX
0042921E |. 8B85 50FFFFFF MOV EAX,DWORD PTR SS:[LOCAL.44]
00429224 |. 8B48 18
MOV ECX,DWORD PTR DS:[EAX+18]
00429227 |. 894D F8
MOV DWORD PTR SS:[LOCAL.2],ECX
0042922A |. C645 FF 01
MOV BYTE PTR SS:[LOCAL.1+3],1
0042922E |> 8B55 F4
/MOV EDX,DWORD PTR SS:[LOCAL.3]
00429231 |. 0FBE82 D50000 |MOVSX EAX,BYTE PTR DS:[EDX+0D5]

; SystemInf

00429238 |. 85C0
0042923A |. 75 59
0042923C |. 8B4D F4
0042923F |. 894D F8
00429242 |. 8B4D F4
00429245 |. 83C1 0C
00429248 |. E8 6354FEFF
0042924D |. 50
0042924E |. 8B4D 0C
00429251 |. E8 5A54FEFF
00429256 |. 50
00429257 |. E8 24570000
fo.0042E980
0042925C |. 83C4 08
0042925F |. 33D2
00429261 |. 85C0
00429263 |. 0F9CC2
00429266 |. 8855 FF
00429269 |. 0FB645 FF
0042926D |. 85C0
0042926F |. 74 0D
00429271 |. 8B4D F4
00429274 |. 8B11
00429276 |. 8995 4CFFFFFF
0042927C |. EB 0C
0042927E |> 8B45 F4
00429281 |. 8B48 08
00429284 |. 898D 4CFFFFFF
0042928A |> 8B95 4CFFFFFF
00429290 |. 8955 F4
00429293 |.^ EB 99
00429295 |> 33C0
00429297 |. 74 4F
00429299 |. C645 EB 01
0042929D |. 8B4D 0C
004292A0 |. 51
[ARG.2]
004292A1 |. 8B55 F8
004292A4 |. 52
[LOCAL.2]
004292A5 |. 0FB645 FF
004292A9 |. 50
004292AA |. 8D4D E0
004292AD |. 51
OFFSET LOCAL.8
004292AE |. 8B8D 50FFFFFF
004292B4 |. E8 77040000
fo.00429730
004292B9 |. 8985 68FFFFFF
004292BF |. 8B95 68FFFFFF
004292C5 |. 8B02
004292C7 |. 8B4A 04
004292CA |. 8B55 08
004292CD |. 8902
004292CF |. 894A 04
004292D2 |. 8B45 08
004292D5 |. 8A4D EB
004292D8 |. 8848 08
004292DB |. 8B45 08
004292DE |. E9 84010000

|TEST EAX,EAX
|JNE SHORT 00429295
|MOV ECX,DWORD PTR SS:[LOCAL.3]
|MOV DWORD PTR SS:[LOCAL.2],ECX
|MOV ECX,DWORD PTR SS:[LOCAL.3]
|ADD ECX,0C
|CALL 0040E6B0
|PUSH EAX
|MOV ECX,DWORD PTR SS:[ARG.2]
|CALL 0040E6B0
|PUSH EAX
|CALL 0042E980

;
;
;
;
;

|ADD ESP,8
|XOR EDX,EDX
|TEST EAX,EAX
|SETL DL
|MOV BYTE PTR SS:[LOCAL.1+3],DL
|MOVZX EAX,BYTE PTR SS:[LOCAL.1+3]
|TEST EAX,EAX
|JE SHORT 0042927E
|MOV ECX,DWORD PTR SS:[LOCAL.3]
|MOV EDX,DWORD PTR DS:[ECX]
|MOV DWORD PTR SS:[LOCAL.45],EDX
|JMP SHORT 0042928A
|MOV EAX,DWORD PTR SS:[LOCAL.3]
|MOV ECX,DWORD PTR DS:[EAX+8]
|MOV DWORD PTR SS:[LOCAL.45],ECX
|MOV EDX,DWORD PTR SS:[LOCAL.45]
|MOV DWORD PTR SS:[LOCAL.3],EDX
\JMP SHORT 0042922E
XOR EAX,EAX
JE SHORT 004292E8
MOV BYTE PTR SS:[LOCAL.6+3],1
MOV ECX,DWORD PTR SS:[ARG.2]
PUSH ECX

; /Arg4 =>

MOV EDX,DWORD PTR SS:[LOCAL.2]


PUSH EDX

; |
; |Arg3 =>

MOVZX EAX,BYTE PTR SS:[LOCAL.1+3]


PUSH EAX
LEA ECX,[LOCAL.8]
PUSH ECX

;
;
;
;

MOV ECX,DWORD PTR SS:[LOCAL.44]


CALL 00429730

; |
; \SystemIn

MOV
MOV
MOV
MOV
MOV
MOV
MOV
MOV
MOV
MOV
MOV
JMP

DWORD PTR SS:[LOCAL.38],EAX


EDX,DWORD PTR SS:[LOCAL.38]
EAX,DWORD PTR DS:[EDX]
ECX,DWORD PTR DS:[EDX+4]
EDX,DWORD PTR SS:[ARG.1]
DWORD PTR DS:[EDX],EAX
DWORD PTR DS:[EDX+4],ECX
EAX,DWORD PTR SS:[ARG.1]
CL,BYTE PTR SS:[LOCAL.6+3]
BYTE PTR DS:[EAX+8],CL
EAX,DWORD PTR SS:[ARG.1]
00429467

/Arg2
|
|
|Arg1
\SystemIn

|
|Arg2
|
|Arg1 =>

004292E3 |.
004292E8 |>
004292EE |.
ARG.ECX
004292EF |.
004292F2 |.
[LOCAL.2]
004292F3 |.
004292F6 |.
fo.004290F0
004292FB |.
004292FF |.
00429301 |.
00429303 |.
00429308 |>
0042930E |.
00429311 |.
00429317 |.
0042931D |.
0042931F |.
00429325 |.
0042932B |.
ARG.ECX
0042932C |.
00429332 |.
[LOCAL.40]
00429333 |.
00429336 |.
fo.004290F0
0042933B |.
0042933D |.
00429341 |.
00429344 |.
00429347 |.
00429349 |.
0042934B |.
0042934E |.
00429350 |.
00429353 |.
00429356 |.
00429359 |.
0042935B |.
0042935D |>
00429362 |>
00429364 |.^
00429366 |.
00429369 |.
0042936B |.
0042936E |.
00429371 |.
00429374 |.
00429376 |.
00429378 |.
0042937C |.
0042937F |.
[ARG.2]
00429380 |.
00429383 |.
[LOCAL.2]
00429384 |.

E9 7F010000 JMP 00429467


8B95 50FFFFFF MOV EDX,DWORD PTR SS:[LOCAL.44]
52
PUSH EDX

; /Arg2 =>

8B45 F8
50

MOV EAX,DWORD PTR SS:[LOCAL.2]


PUSH EAX

; |
; |Arg1 =>

8D4D EC
E8 F5FDFFFF

LEA ECX,[LOCAL.5]
CALL 004290F0

; |
; \SystemIn

0FB64D FF
85C9
75 05
E9 C1000000
8B95 50FFFFFF
8B42 18
8985 64FFFFFF
8B8D 64FFFFFF
8B11
8995 60FFFFFF
8B85 50FFFFFF
50

MOVZX ECX,BYTE PTR SS:[LOCAL.1+3]


TEST ECX,ECX
JNE SHORT 00429308
JMP 004293C9
MOV EDX,DWORD PTR SS:[LOCAL.44]
MOV EAX,DWORD PTR DS:[EDX+18]
MOV DWORD PTR SS:[LOCAL.39],EAX
MOV ECX,DWORD PTR SS:[LOCAL.39]
MOV EDX,DWORD PTR DS:[ECX]
MOV DWORD PTR SS:[LOCAL.40],EDX
MOV EAX,DWORD PTR SS:[LOCAL.44]
PUSH EAX

; /Arg2 =>

8B8D 60FFFFFF MOV ECX,DWORD PTR SS:[LOCAL.40]


51
PUSH ECX

; |
; |Arg1 =>

8D4D D8
E8 B5FDFFFF

LEA ECX,[LOCAL.10]
CALL 004290F0

; |
; \SystemIn

33D2
837D EC 00
0F95C2
0FB6C2
85C0
74 12
8B4D EC
33D2
3B4D D8
0F94C2
0FB6C2
85C0
75 05
E8 26550000
33C9
75 FC
8B55 F0
33C0
3B55 DC
0F94C0
0FB6C8
85C9
74 49
C645 D7 01
8B55 0C
52

XOR EDX,EDX
CMP DWORD PTR SS:[LOCAL.5],0
SETNE DL
MOVZX EAX,DL
TEST EAX,EAX
JE SHORT 0042935D
MOV ECX,DWORD PTR SS:[LOCAL.5]
XOR EDX,EDX
CMP ECX,DWORD PTR SS:[LOCAL.10]
SETE DL
MOVZX EAX,DL
TEST EAX,EAX
JNE SHORT 00429362
CALL 0042E888
/XOR ECX,ECX
\JNE SHORT 00429362
MOV EDX,DWORD PTR SS:[LOCAL.4]
XOR EAX,EAX
CMP EDX,DWORD PTR SS:[LOCAL.9]
SETE AL
MOVZX ECX,AL
TEST ECX,ECX
JE SHORT 004293C1
MOV BYTE PTR SS:[LOCAL.11+3],1
MOV EDX,DWORD PTR SS:[ARG.2]
PUSH EDX

; /Arg4 =>

8B45 F8
50

MOV EAX,DWORD PTR SS:[LOCAL.2]


PUSH EAX

; |
; |Arg3 =>

6A 01

PUSH 1

; |Arg2 = 1

00429386 |. 8D4D CC
00429389 |. 51
OFFSET LOCAL.13
0042938A |. 8B8D 50FFFFFF
00429390 |. E8 9B030000
fo.00429730
00429395 |. 8985 5CFFFFFF
0042939B |. 8B95 5CFFFFFF
004293A1 |. 8B02
004293A3 |. 8B4A 04
004293A6 |. 8B55 08
004293A9 |. 8902
004293AB |. 894A 04
004293AE |. 8B45 08
004293B1 |. 8A4D D7
004293B4 |. 8848 08
004293B7 |. 8B45 08
004293BA |. E9 A8000000
004293BF |. EB 08
004293C1 |> 8D4D EC
004293C4 |. E8 372A0000
004293C9 |> 8B55 F0
004293CC |. 8995 58FFFFFF
004293D2 |. 8B4D 0C
004293D5 |. E8 D652FEFF
004293DA |. 50
004293DB |. 8B8D 58FFFFFF
004293E1 |. 83C1 0C
004293E4 |. E8 C752FEFF
004293E9 |. 50
004293EA |. E8 91550000
fo.0042E980
004293EF |. 83C4 08
004293F2 |. 33C9
004293F4 |. 85C0
004293F6 |. 0F9CC1
004293F9 |. 0FB6D1
004293FC |. 85D2
004293FE |. 74 49
00429400 |. C645 CB 01
00429404 |. 8B45 0C
00429407 |. 50
00429408 |. 8B4D F8
0042940B |. 51
0042940C |. 0FB655 FF
00429410 |. 52
00429411 |. 8D45 C0
00429414 |. 50
00429415 |. 8B8D 50FFFFFF
0042941B |. E8 10030000
fo.00429730
00429420 |. 8985 54FFFFFF
00429426 |. 8B8D 54FFFFFF
0042942C |. 8B11
0042942E |. 8B41 04
00429431 |. 8B4D 08
00429434 |. 8911
00429436 |. 8941 04
00429439 |. 8B55 08
0042943C |. 8A45 CB

LEA ECX,[LOCAL.13]
PUSH ECX

; |
; |Arg1 =>

MOV ECX,DWORD PTR SS:[LOCAL.44]


CALL 00429730

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.41],EAX


MOV EDX,DWORD PTR SS:[LOCAL.41]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR DS:[EDX+4]
MOV EDX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR DS:[EDX],EAX
MOV DWORD PTR DS:[EDX+4],ECX
MOV EAX,DWORD PTR SS:[ARG.1]
MOV CL,BYTE PTR SS:[LOCAL.11+3]
MOV BYTE PTR DS:[EAX+8],CL
MOV EAX,DWORD PTR SS:[ARG.1]
JMP 00429467
JMP SHORT 004293C9
LEA ECX,[LOCAL.5]
CALL 0042BE00
MOV EDX,DWORD PTR SS:[EBP-10]
MOV DWORD PTR SS:[EBP-0A8],EDX
MOV ECX,DWORD PTR SS:[EBP+0C]
CALL 0040E6B0
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP-0A8]
ADD ECX,0C
CALL 0040E6B0
PUSH EAX
CALL 0042E980

;
;
;
;
;
;

/Arg2
|
|
|
|Arg1
\SystemIn

ADD ESP,8
XOR ECX,ECX
TEST EAX,EAX
SETL CL
MOVZX EDX,CL
TEST EDX,EDX
JE SHORT 00429449
MOV BYTE PTR SS:[EBP-35],1
MOV EAX,DWORD PTR SS:[EBP+0C]
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP-8]
PUSH ECX
MOVZX EDX,BYTE PTR SS:[EBP-1]
PUSH EDX
LEA EAX,[EBP-40]
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP-0B0]
CALL 00429730

;
;
;
;
;
;
;
;
;

/Arg4
|
|Arg3
|
|Arg2
|
|Arg1
|
\SystemIn

MOV
MOV
MOV
MOV
MOV
MOV
MOV
MOV
MOV

DWORD PTR SS:[EBP-0AC],EAX


ECX,DWORD PTR SS:[EBP-0AC]
EDX,DWORD PTR DS:[ECX]
EAX,DWORD PTR DS:[ECX+4]
ECX,DWORD PTR SS:[EBP+8]
DWORD PTR DS:[ECX],EDX
DWORD PTR DS:[ECX+4],EAX
EDX,DWORD PTR SS:[EBP+8]
AL,BYTE PTR SS:[EBP-35]

0042943F |. 8842 08
MOV BYTE PTR DS:[EDX+8],AL
00429442 |. 8B45 08
MOV EAX,DWORD PTR SS:[EBP+8]
00429445 |. EB 20
JMP SHORT 00429467
00429447 |. EB 1E
JMP SHORT 00429467
00429449 |> C645 BF 00
MOV BYTE PTR SS:[EBP-41],0
0042944D |. 8B4D EC
MOV ECX,DWORD PTR SS:[EBP-14]
00429450 |. 8B55 F0
MOV EDX,DWORD PTR SS:[EBP-10]
00429453 |. 8B45 08
MOV EAX,DWORD PTR SS:[EBP+8]
00429456 |. 8908
MOV DWORD PTR DS:[EAX],ECX
00429458 |. 8950 04
MOV DWORD PTR DS:[EAX+4],EDX
0042945B |. 8B4D 08
MOV ECX,DWORD PTR SS:[EBP+8]
0042945E |. 8A55 BF
MOV DL,BYTE PTR SS:[EBP-41]
00429461 |. 8851 08
MOV BYTE PTR DS:[ECX+8],DL
00429464 |. 8B45 08
MOV EAX,DWORD PTR SS:[EBP+8]
00429467 |> 8BE5
MOV ESP,EBP
00429469 |. 5D
POP EBP
0042946A \. C2 0800
RETN 8
0042946D
CC
INT3
0042946E
CC
INT3
0042946F
CC
INT3
00429470 /$ 55
PUSH EBP
o.00429470(guessed Arg1,Arg2,Arg3,Arg4,Arg5)
00429471 |. 8BEC
MOV EBP,ESP
00429473 |. 83EC 54
SUB ESP,54
00429476 |. 894D AC
MOV DWORD PTR SS:[LOCAL.21],ECX
00429479 |. 8B45 AC
MOV EAX,DWORD PTR SS:[LOCAL.21]
0042947C |. 8B48 18
MOV ECX,DWORD PTR DS:[EAX+18]
0042947F |. 894D DC
MOV DWORD PTR SS:[LOCAL.9],ECX
00429482 |. 8B55 DC
MOV EDX,DWORD PTR SS:[LOCAL.9]
00429485 |. 8B02
MOV EAX,DWORD PTR DS:[EDX]
00429487 |. 8945 D8
MOV DWORD PTR SS:[LOCAL.10],EAX
0042948A |. C745 F8 00000 MOV DWORD PTR SS:[LOCAL.2],0
00429491 |. 8B4D D8
MOV ECX,DWORD PTR SS:[LOCAL.10]
00429494 |. 894D FC
MOV DWORD PTR SS:[LOCAL.1],ECX
00429497 |. 837D AC 00
CMP DWORD PTR SS:[LOCAL.21],0
0042949B |. 75 05
JNE SHORT 004294A2
0042949D |. E8 E6530000 CALL 0042E888
004294A2 |> 33D2
/XOR EDX,EDX
004294A4 |.^ 75 FC
\JNE SHORT 004294A2
004294A6 |. 8B45 AC
MOV EAX,DWORD PTR SS:[LOCAL.21]
004294A9 |. 8B08
MOV ECX,DWORD PTR DS:[EAX]
004294AB |. 894D F8
MOV DWORD PTR SS:[LOCAL.2],ECX
004294AE |. 33D2
XOR EDX,EDX
004294B0 |. 837D 0C 00
CMP DWORD PTR SS:[ARG.2],0
004294B4 |. 0F95C2
SETNE DL
004294B7 |. 0FB6C2
MOVZX EAX,DL
004294BA |. 85C0
TEST EAX,EAX
004294BC |. 74 12
JE SHORT 004294D0
004294BE |. 8B4D 0C
MOV ECX,DWORD PTR SS:[ARG.2]
004294C1 |. 33D2
XOR EDX,EDX
004294C3 |. 3B4D F8
CMP ECX,DWORD PTR SS:[LOCAL.2]
004294C6 |. 0F94C2
SETE DL
004294C9 |. 0FB6C2
MOVZX EAX,DL
004294CC |. 85C0
TEST EAX,EAX
004294CE |. 75 05
JNE SHORT 004294D5
004294D0 |> E8 B3530000 CALL 0042E888
004294D5 |> 33C9
/XOR ECX,ECX
004294D7 |.^ 75 FC
\JNE SHORT 004294D5
004294D9 |. 8B55 10
MOV EDX,DWORD PTR SS:[ARG.3]
004294DC |. 33C0
XOR EAX,EAX

; SystemInf

004294DE
004294E1
004294E4
004294E7
004294E9
004294EF
004294F2
004294F5
004294F8
004294FF
00429502
00429505
00429509
0042950B
00429510
00429512
00429514
00429517
00429519
0042951C
0042951E
00429522
00429525
00429528
0042952A
0042952C
0042952F
00429531
00429534
00429537
0042953A
0042953C
0042953E
00429543
00429545
00429547
0042954A
0042954C
0042954F
00429552
00429555
00429557
00429559
0042955C
00429561
00429564
00429567
0042956A
0042956D
0042956F
00429572
00429575
0042957B
0042957E
00429581
00429584
00429588
0042958A
0042958F
00429591

|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.^
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|>
|.^
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.^

3B55 FC
0F94C0
0FB6C8
85C9
0F84 BB000000
8B55 AC
8B42 18
8945 D4
C745 F0 00000
8B4D D4
894D F4
837D AC 00
75 05
E8 78530000
33D2
75 FC
8B45 AC
8B08
894D F0
33D2
837D 14 00
0F95C2
0FB6C2
85C0
74 12
8B4D 14
33D2
3B4D F0
0F94C2
0FB6C2
85C0
75 05
E8 45530000
33C9
75 FC
8B55 18
33C0
3B55 F4
0F94C0
0FB6C8
85C9
74 51
8B4D AC
E8 6F240000
8B55 AC
8B42 18
8945 CC
8B4D CC
8B11
8955 C8
8B45 08
C700 00000000
8B4D 08
8B55 C8
8951 04
837D AC 00
75 05
E8 F9520000
33C0
75 FC

CMP EDX,DWORD PTR SS:[LOCAL.1]


SETE AL
MOVZX ECX,AL
TEST ECX,ECX
JE 004295AA
MOV EDX,DWORD PTR SS:[LOCAL.21]
MOV EAX,DWORD PTR DS:[EDX+18]
MOV DWORD PTR SS:[LOCAL.11],EAX
MOV DWORD PTR SS:[LOCAL.4],0
MOV ECX,DWORD PTR SS:[LOCAL.11]
MOV DWORD PTR SS:[LOCAL.3],ECX
CMP DWORD PTR SS:[LOCAL.21],0
JNE SHORT 00429510
CALL 0042E888
/XOR EDX,EDX
\JNE SHORT 00429510
MOV EAX,DWORD PTR SS:[LOCAL.21]
MOV ECX,DWORD PTR DS:[EAX]
MOV DWORD PTR SS:[LOCAL.4],ECX
XOR EDX,EDX
CMP DWORD PTR SS:[ARG.4],0
SETNE DL
MOVZX EAX,DL
TEST EAX,EAX
JE SHORT 0042953E
MOV ECX,DWORD PTR SS:[ARG.4]
XOR EDX,EDX
CMP ECX,DWORD PTR SS:[LOCAL.4]
SETE DL
MOVZX EAX,DL
TEST EAX,EAX
JNE SHORT 00429543
CALL 0042E888
/XOR ECX,ECX
\JNE SHORT 00429543
MOV EDX,DWORD PTR SS:[ARG.5]
XOR EAX,EAX
CMP EDX,DWORD PTR SS:[LOCAL.3]
SETE AL
MOVZX ECX,AL
TEST ECX,ECX
JE SHORT 004295AA
MOV ECX,DWORD PTR SS:[LOCAL.21]
CALL 0042B9D0
MOV EDX,DWORD PTR SS:[LOCAL.21]
MOV EAX,DWORD PTR DS:[EDX+18]
MOV DWORD PTR SS:[LOCAL.13],EAX
MOV ECX,DWORD PTR SS:[LOCAL.13]
MOV EDX,DWORD PTR DS:[ECX]
MOV DWORD PTR SS:[LOCAL.14],EDX
MOV EAX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR DS:[EAX],0
MOV ECX,DWORD PTR SS:[ARG.1]
MOV EDX,DWORD PTR SS:[LOCAL.14]
MOV DWORD PTR DS:[ECX+4],EDX
CMP DWORD PTR SS:[LOCAL.21],0
JNE SHORT 0042958F
CALL 0042E888
/XOR EAX,EAX
\JNE SHORT 0042958F

00429593 |. 8B4D 08
00429596 |. 8B55 AC
00429599 |. 8B02
0042959B |. 8901
0042959D |. 8B45 08
004295A0 |. E9 C3000000
004295A5 |. E9 BE000000
004295AA |> 33C9
004295AC |. 837D 0C 00
004295B0 |. 0F95C1
004295B3 |. 0FB6D1
004295B6 |. 85D2
004295B8 |. 74 12
004295BA |. 8B45 0C
004295BD |. 33C9
004295BF |. 3B45 14
004295C2 |. 0F94C1
004295C5 |. 0FB6D1
004295C8 |. 85D2
004295CA |. 75 05
004295CC |> E8 B7520000
004295D1 |> 33C0
004295D3 |.^ 75 FC
004295D5 |. 8B4D 10
004295D8 |. 33D2
004295DA |. 3B4D 18
004295DD |. 0F94C2
004295E0 |. 0FB6C2
004295E3 |. F7D8
004295E5 |. 1BC0
004295E7 |. 83C0 01
004295EA |. 0FB6C8
004295ED |. 85C9
004295EF |. 74 36
004295F1 |. 8B55 0C
004295F4 |. 8B45 10
004295F7 |. 8955 C0
004295FA |. 8945 C4
004295FD |. 8D4D 0C
00429600 |. E8 DBDBFFFF
fo.004271E0
00429605 |. 8B4D C0
00429608 |. 894D E8
0042960B |. 8B55 C4
0042960E |. 8955 EC
00429611 |. 8B45 EC
00429614 |. 50
[ARG.3]
00429615 |. 8B4D E8
00429618 |. 51
[ARG.2]
00429619 |. 8D55 E0
0042961C |. 52
OFFSET LOCAL.8
0042961D |. 8B4D AC
00429620 |. E8 0B1D0000
fo.0042B330
00429625 |.^ EB 83
00429627 |> 8B45 0C
0042962A |. 8945 B0

MOV ECX,DWORD PTR SS:[ARG.1]


MOV EDX,DWORD PTR SS:[LOCAL.21]
MOV EAX,DWORD PTR DS:[EDX]
MOV DWORD PTR DS:[ECX],EAX
MOV EAX,DWORD PTR SS:[ARG.1]
JMP 00429668
JMP 00429668
/XOR ECX,ECX
|CMP DWORD PTR SS:[ARG.2],0
|SETNE CL
|MOVZX EDX,CL
|TEST EDX,EDX
|JE SHORT 004295CC
|MOV EAX,DWORD PTR SS:[ARG.2]
|XOR ECX,ECX
|CMP EAX,DWORD PTR SS:[ARG.4]
|SETE CL
|MOVZX EDX,CL
|TEST EDX,EDX
|JNE SHORT 004295D1
|CALL 0042E888
|/XOR EAX,EAX
|\JNE SHORT 004295D1
|MOV ECX,DWORD PTR SS:[ARG.3]
|XOR EDX,EDX
|CMP ECX,DWORD PTR SS:[ARG.5]
|SETE DL
|MOVZX EAX,DL
|NEG EAX
|SBB EAX,EAX
|ADD EAX,1
|MOVZX ECX,AL
|TEST ECX,ECX
|JE SHORT 00429627
|MOV EDX,DWORD PTR SS:[ARG.2]
|MOV EAX,DWORD PTR SS:[ARG.3]
|MOV DWORD PTR SS:[LOCAL.16],EDX
|MOV DWORD PTR SS:[LOCAL.15],EAX
|LEA ECX,[ARG.2]
|CALL 004271E0

; [SystemIn

|MOV ECX,DWORD
|MOV DWORD PTR
|MOV EDX,DWORD
|MOV DWORD PTR
|MOV EAX,DWORD
|PUSH EAX

; /Arg3 =>

PTR SS:[LOCAL.16]
SS:[LOCAL.6],ECX
PTR SS:[LOCAL.15]
SS:[LOCAL.5],EDX
PTR SS:[LOCAL.5]

|MOV ECX,DWORD PTR SS:[LOCAL.6]


|PUSH ECX

; |
; |Arg2 =>

|LEA EDX,[LOCAL.8]
|PUSH EDX

; |
; |Arg1 =>

|MOV ECX,DWORD PTR SS:[LOCAL.21]


|CALL 0042B330

; |
; \SystemIn

\JMP SHORT 004295AA


MOV EAX,DWORD PTR SS:[ARG.2]
MOV DWORD PTR SS:[LOCAL.20],EAX

0042962D
00429630
00429633
0042963A
0042963D
00429640
00429644
00429646
0042964B
0042964D
0042964F
00429652
00429654
00429657
0042965A
0042965D
00429660
00429662
00429665
00429668
0042966A
0042966B
0042966E
0042966F
00429670
00429671
00429673
00429676
00429679
0042967C
0042967F
00429681
00429684
00429687
0042968A
0042968C
0042968F
00429692
00429694
00429697
0042969A
0042969D
0042969F
004296A2
004296A5
004296A8
004296AA
004296AD
004296AF
004296B0
004296B1
004296B2
004296B3
004296B4
004296B5
004296B6
004296B7
004296B8
004296B9
004296BA

|.
|.
|.
|.
|.
|.
|.
|.
|>
|.^
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
\.
/$
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
\.

8B4D 10
894D B4
C745 B8 00000
8B55 B4
8955 BC
837D AC 00
75 05
E8 3D520000
33C0
75 FC
8B4D AC
8B11
8955 B8
8B45 B8
8B4D BC
8B55 08
8902
894A 04
8B45 08
8BE5
5D
C2 1400
CC
CC
55
8BEC
83EC 08
894D FC
8B45 FC
8B48 30
8B11
83EA 01
8B45 FC
8B48 30
8911
8B55 FC
8B42 20
8B08
894D F8
8B55 FC
8B42 20
8B08
83C1 01
8B55 FC
8B42 20
8908
8B45 F8
8BE5
5D
C3
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC

MOV ECX,DWORD PTR SS:[ARG.3]


MOV DWORD PTR SS:[LOCAL.19],ECX
MOV DWORD PTR SS:[LOCAL.18],0
MOV EDX,DWORD PTR SS:[LOCAL.19]
MOV DWORD PTR SS:[LOCAL.17],EDX
CMP DWORD PTR SS:[LOCAL.21],0
JNE SHORT 0042964B
CALL 0042E888
/XOR EAX,EAX
\JNE SHORT 0042964B
MOV ECX,DWORD PTR SS:[LOCAL.21]
MOV EDX,DWORD PTR DS:[ECX]
MOV DWORD PTR SS:[LOCAL.18],EDX
MOV EAX,DWORD PTR SS:[LOCAL.18]
MOV ECX,DWORD PTR SS:[LOCAL.17]
MOV EDX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR DS:[EDX],EAX
MOV DWORD PTR DS:[EDX+4],ECX
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ESP,EBP
POP EBP
RETN 14
INT3
INT3
PUSH EBP
MOV EBP,ESP
SUB ESP,8
MOV DWORD PTR SS:[LOCAL.1],ECX
MOV EAX,DWORD PTR SS:[LOCAL.1]
MOV ECX,DWORD PTR DS:[EAX+30]
MOV EDX,DWORD PTR DS:[ECX]
SUB EDX,1
MOV EAX,DWORD PTR SS:[LOCAL.1]
MOV ECX,DWORD PTR DS:[EAX+30]
MOV DWORD PTR DS:[ECX],EDX
MOV EDX,DWORD PTR SS:[LOCAL.1]
MOV EAX,DWORD PTR DS:[EDX+20]
MOV ECX,DWORD PTR DS:[EAX]
MOV DWORD PTR SS:[LOCAL.2],ECX
MOV EDX,DWORD PTR SS:[LOCAL.1]
MOV EAX,DWORD PTR DS:[EDX+20]
MOV ECX,DWORD PTR DS:[EAX]
ADD ECX,1
MOV EDX,DWORD PTR SS:[LOCAL.1]
MOV EAX,DWORD PTR DS:[EDX+20]
MOV DWORD PTR DS:[EAX],ECX
MOV EAX,DWORD PTR SS:[LOCAL.2]
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3

004296BB
CC
INT3
004296BC
CC
INT3
004296BD
CC
INT3
004296BE
CC
INT3
004296BF
CC
INT3
004296C0 /$ 55
PUSH EBP
004296C1 |. 8BEC
MOV EBP,ESP
004296C3 |. 83EC 08
SUB ESP,8
004296C6 |. 894D F8
MOV DWORD PTR SS:[LOCAL.2],ECX
004296C9 |. 8B4D F8
MOV ECX,DWORD PTR SS:[LOCAL.2]
004296CC |. E8 BF240000 CALL 0042BB90
004296D1 |. 8B4D F8
MOV ECX,DWORD PTR SS:[LOCAL.2]
004296D4 |. 8941 18
MOV DWORD PTR DS:[ECX+18],EAX
004296D7 |. 8B55 F8
MOV EDX,DWORD PTR SS:[LOCAL.2]
004296DA |. 8B42 18
MOV EAX,DWORD PTR DS:[EDX+18]
004296DD |. C680 D5000000 MOV BYTE PTR DS:[EAX+0D5],1
004296E4 |. 8B4D F8
MOV ECX,DWORD PTR SS:[LOCAL.2]
004296E7 |. 8B51 18
MOV EDX,DWORD PTR DS:[ECX+18]
004296EA |. 8B45 F8
MOV EAX,DWORD PTR SS:[LOCAL.2]
004296ED |. 8B48 18
MOV ECX,DWORD PTR DS:[EAX+18]
004296F0 |. 894A 04
MOV DWORD PTR DS:[EDX+4],ECX
004296F3 |. 8B55 F8
MOV EDX,DWORD PTR SS:[LOCAL.2]
004296F6 |. 8B42 18
MOV EAX,DWORD PTR DS:[EDX+18]
004296F9 |. 8945 FC
MOV DWORD PTR SS:[LOCAL.1],EAX
004296FC |. 8B4D FC
MOV ECX,DWORD PTR SS:[LOCAL.1]
004296FF |. 8B55 F8
MOV EDX,DWORD PTR SS:[LOCAL.2]
00429702 |. 8B42 18
MOV EAX,DWORD PTR DS:[EDX+18]
00429705 |. 8901
MOV DWORD PTR DS:[ECX],EAX
00429707 |. 8B4D F8
MOV ECX,DWORD PTR SS:[LOCAL.2]
0042970A |. 8B51 18
MOV EDX,DWORD PTR DS:[ECX+18]
0042970D |. 8B45 F8
MOV EAX,DWORD PTR SS:[LOCAL.2]
00429710 |. 8B48 18
MOV ECX,DWORD PTR DS:[EAX+18]
00429713 |. 894A 08
MOV DWORD PTR DS:[EDX+8],ECX
00429716 |. 8B55 F8
MOV EDX,DWORD PTR SS:[LOCAL.2]
00429719 |. C742 1C 00000 MOV DWORD PTR DS:[EDX+1C],0
00429720 |. 8BE5
MOV ESP,EBP
00429722 |. 5D
POP EBP
00429723 \. C3
RETN
00429724
CC
INT3
00429725
CC
INT3
00429726
CC
INT3
00429727
CC
INT3
00429728
CC
INT3
00429729
CC
INT3
0042972A
CC
INT3
0042972B
CC
INT3
0042972C
CC
INT3
0042972D
CC
INT3
0042972E
CC
INT3
0042972F
CC
INT3
00429730 /$ 55
PUSH EBP
o.00429730(guessed Arg1,Arg2,Arg3,Arg4)
00429731 |. 8BEC
MOV EBP,ESP
00429733 |. 6A FF
PUSH -1
00429735 |. 68 38544400 PUSH 00445438
0042973A |. 64:A1 0000000 MOV EAX,DWORD PTR FS:[0]
00429740 |. 50
PUSH EAX
00429741 |. 81EC C8000000 SUB ESP,0C8
00429747 |. A1 A0154500 MOV EAX,DWORD PTR DS:[4515A0]
0042974C |. 33C5
XOR EAX,EBP

; SystemInf

0042974E |. 50
0042974F |. 8D45 F4
00429752 |. 64:A3 0000000
00429758 |. 898D 30FFFFFF
0042975E |. C745 A4 14AE4
00429765 |. 837D A4 00
00429769 |. 76 0B
0042976B |. 8B45 A4
0042976E |. 8985 2CFFFFFF
00429774 |. EB 0A
00429776 |> C785 2CFFFFFF
00429780 |> 8B8D 2CFFFFFF
00429786 |. 83E9 01
00429789 |. 8B95 30FFFFFF
0042978F |. 3B4A 1C
00429792 |. 77 48
00429794 |. 68 1C884400
SCII "map/set<T> too long"
00429799 |. 8D4D A8
0042979C |. E8 4F54FEFF
fo.0040EBF0
004297A1 |. C745 FC 00000
004297A8 |. 8D45 A8
004297AB |. 50
OFFSET LOCAL.22
004297AC |. 8D4D C4
004297AF |. E8 8CF3FDFF
fo.00408B40
004297B4 |. C745 C4 14884
004297BB |. 68 20D44400
ystemInfo.44D420
004297C0 |. 8D4D C4
004297C3 |. 51
OFFSET LOCAL.15
004297C4 |. E8 5C510000
fo.0042E925
004297C9 |. C745 FC FFFFF
004297D0 |. 6A 00
004297D2 |. 6A 01
004297D4 |. 8D4D A8
004297D7 |. E8 8463FEFF
fo.0040FB60
004297DC |> 6A 00
004297DE |. 8B55 14
004297E1 |. 52
[ARG.4]
004297E2 |. 8B85 30FFFFFF
004297E8 |. 8B48 18
004297EB |. 51
[ARG.ECX+18]
004297EC |. 8B55 10
004297EF |. 52
[ARG.3]
004297F0 |. 8B85 30FFFFFF
004297F6 |. 8B48 18
004297F9 |. 51
[ARG.ECX+18]
004297FA |. 8B8D 30FFFFFF
00429800 |. E8 DB240000
fo.0042BCE0

PUSH EAX
LEA EAX,[LOCAL.3]
MOV DWORD PTR FS:[0],EAX
MOV DWORD PTR SS:[LOCAL.52],ECX
MOV DWORD PTR SS:[LOCAL.23],147AE14
CMP DWORD PTR SS:[LOCAL.23],0
JBE SHORT 00429776
MOV EAX,DWORD PTR SS:[LOCAL.23]
MOV DWORD PTR SS:[LOCAL.53],EAX
JMP SHORT 00429780
MOV DWORD PTR SS:[LOCAL.53],1
MOV ECX,DWORD PTR SS:[LOCAL.53]
SUB ECX,1
MOV EDX,DWORD PTR SS:[LOCAL.52]
CMP ECX,DWORD PTR DS:[EDX+1C]
JA SHORT 004297DC
PUSH OFFSET 0044881C

; /Arg1 = A

LEA ECX,[LOCAL.22]
CALL 0040EBF0

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.1],0


LEA EAX,[LOCAL.22]
PUSH EAX

; /Arg1 =>

LEA ECX,[LOCAL.15]
CALL 00408B40

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.15],OFFSET 00448


PUSH OFFSET 0044D420
; /Arg2 = S
LEA ECX,[LOCAL.15]
PUSH ECX

; |
; |Arg1 =>

CALL 0042E925

; \SystemIn

MOV DWORD PTR SS:[LOCAL.1],-1


PUSH 0
PUSH 1
LEA ECX,[LOCAL.22]
CALL 0040FB60

;
;
;
;

PUSH 0
MOV EDX,DWORD PTR SS:[ARG.4]
PUSH EDX

; /Arg5 = 0
; |
; |Arg4 =>

MOV EAX,DWORD PTR SS:[LOCAL.52]


MOV ECX,DWORD PTR DS:[EAX+18]
PUSH ECX

; |
; |
; |Arg3 =>

MOV EDX,DWORD PTR SS:[ARG.3]


PUSH EDX

; |
; |Arg2 =>

MOV EAX,DWORD PTR SS:[LOCAL.52]


MOV ECX,DWORD PTR DS:[EAX+18]
PUSH ECX

; |
; |
; |Arg1 =>

MOV ECX,DWORD PTR SS:[LOCAL.52]


CALL 0042BCE0

; |
; \SystemIn

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

00429805
00429808
0042980E
00429811
00429814
0042981A
0042981D
00429823
00429826
00429829
0042982B
00429831
00429834
00429837
0042983A
00429840
00429843
00429846
00429849
0042984C
0042984E
00429854
00429857
0042985A
0042985D
0042985F
00429863
00429865
00429867
0042986A
0042986D
0042986F
00429875
00429878
0042987B
0042987E
00429881
00429883
00429885
0042988B
0042988E
00429891
00429894
00429897
00429899
0042989B
0042989E
004298A1
004298A4
004298AA
004298AD
004298B0
004298B3
004298B5
004298BB
004298BE
004298C1
004298C4
004298C7
004298CA

|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|>

8945 F0
8B95 30FFFFFF
8B42 1C
83C0 01
8B8D 30FFFFFF
8941 1C
8B95 30FFFFFF
8B45 10
3B42 18
75 34
8B8D 30FFFFFF
8B51 18
8B45 F0
8942 04
8B8D 30FFFFFF
8B51 18
8955 90
8B45 90
8B4D F0
8908
8B95 30FFFFFF
8B42 18
8B4D F0
8948 08
EB 65
0FB655 0C
85D2
74 34
8B45 10
8B4D F0
8908
8B95 30FFFFFF
8B42 18
8945 8C
8B4D 8C
8B55 10
3B11
75 14
8B85 30FFFFFF
8B48 18
894D 88
8B55 88
8B45 F0
8902
EB 29
8B4D 10
8B55 F0
8951 08
8B85 30FFFFFF
8B48 18
8B55 10
3B51 08
75 0F
8B85 30FFFFFF
8B48 18
8B55 F0
8951 08
8B45 F0
8945 EC
8B4D EC

MOV DWORD PTR SS:[LOCAL.4],EAX


MOV EDX,DWORD PTR SS:[LOCAL.52]
MOV EAX,DWORD PTR DS:[EDX+1C]
ADD EAX,1
MOV ECX,DWORD PTR SS:[LOCAL.52]
MOV DWORD PTR DS:[ECX+1C],EAX
MOV EDX,DWORD PTR SS:[LOCAL.52]
MOV EAX,DWORD PTR SS:[ARG.3]
CMP EAX,DWORD PTR DS:[EDX+18]
JNE SHORT 0042985F
MOV ECX,DWORD PTR SS:[LOCAL.52]
MOV EDX,DWORD PTR DS:[ECX+18]
MOV EAX,DWORD PTR SS:[LOCAL.4]
MOV DWORD PTR DS:[EDX+4],EAX
MOV ECX,DWORD PTR SS:[LOCAL.52]
MOV EDX,DWORD PTR DS:[ECX+18]
MOV DWORD PTR SS:[LOCAL.28],EDX
MOV EAX,DWORD PTR SS:[LOCAL.28]
MOV ECX,DWORD PTR SS:[LOCAL.4]
MOV DWORD PTR DS:[EAX],ECX
MOV EDX,DWORD PTR SS:[LOCAL.52]
MOV EAX,DWORD PTR DS:[EDX+18]
MOV ECX,DWORD PTR SS:[LOCAL.4]
MOV DWORD PTR DS:[EAX+8],ECX
JMP SHORT 004298C4
MOVZX EDX,BYTE PTR SS:[ARG.2]
TEST EDX,EDX
JE SHORT 0042989B
MOV EAX,DWORD PTR SS:[ARG.3]
MOV ECX,DWORD PTR SS:[LOCAL.4]
MOV DWORD PTR DS:[EAX],ECX
MOV EDX,DWORD PTR SS:[LOCAL.52]
MOV EAX,DWORD PTR DS:[EDX+18]
MOV DWORD PTR SS:[LOCAL.29],EAX
MOV ECX,DWORD PTR SS:[LOCAL.29]
MOV EDX,DWORD PTR SS:[ARG.3]
CMP EDX,DWORD PTR DS:[ECX]
JNE SHORT 00429899
MOV EAX,DWORD PTR SS:[LOCAL.52]
MOV ECX,DWORD PTR DS:[EAX+18]
MOV DWORD PTR SS:[LOCAL.30],ECX
MOV EDX,DWORD PTR SS:[LOCAL.30]
MOV EAX,DWORD PTR SS:[LOCAL.4]
MOV DWORD PTR DS:[EDX],EAX
JMP SHORT 004298C4
MOV ECX,DWORD PTR SS:[ARG.3]
MOV EDX,DWORD PTR SS:[LOCAL.4]
MOV DWORD PTR DS:[ECX+8],EDX
MOV EAX,DWORD PTR SS:[LOCAL.52]
MOV ECX,DWORD PTR DS:[EAX+18]
MOV EDX,DWORD PTR SS:[ARG.3]
CMP EDX,DWORD PTR DS:[ECX+8]
JNE SHORT 004298C4
MOV EAX,DWORD PTR SS:[LOCAL.52]
MOV ECX,DWORD PTR DS:[EAX+18]
MOV EDX,DWORD PTR SS:[LOCAL.4]
MOV DWORD PTR DS:[ECX+8],EDX
MOV EAX,DWORD PTR SS:[LOCAL.4]
MOV DWORD PTR SS:[LOCAL.5],EAX
MOV ECX,DWORD PTR SS:[LOCAL.5]

004298CD |.
004298D0 |.
004298D7 |.
004298D9 |.
004298DF |.
004298E2 |.
004298E5 |.
004298E8 |.
004298EB |.
004298EE |.
004298F0 |.
004298F3 |.
004298F6 |.
004298F9 |.
004298FC |.
004298FE |.
00429904 |.
00429907 |.
0042990A |.
0042990D |.
00429913 |.
00429919 |.
0042991B |.
0042991E |.
00429921 |.
00429924 |.
0042992B |.
0042992D |.
0042992F |.
00429932 |.
00429935 |.
0042993C |.
0042993F |.
00429946 |.
00429949 |.
0042994C |.
0042994F |.
00429955 |.
0042995B |.
0042995D |.
00429964 |.
00429967 |.
0042996A |.
0042996D |.
00429970 |.^
00429972 |>
00429975 |.
00429978 |.
0042997B |.
0042997E |.
00429980 |.
00429983 |.
00429986 |.
00429989 |.
0042998C |.
[LOCAL.5]
0042998D |.
00429993 |.
fo.0042BA30
00429998 |>

8B51 04
0FBE82 D40000
85C0
0F85 ED010000
8B4D EC
8B51 04
83C2 04
8955 84
8B45 84
8B08
894D 80
8B55 EC
8B45 80
8B4A 04
3B08
0F85 D9000000
8B55 EC
8B42 04
83C0 04
8985 7CFFFFFF
8B8D 7CFFFFFF
8B11
8B42 08
8945 10
8B4D 10
0FBE91 D40000
85D2
75 43
8B45 EC
8B48 04
C681 D4000000
8B55 10
C682 D4000000
8B45 EC
8B48 04
83C1 04
898D 78FFFFFF
8B95 78FFFFFF
8B02
C680 D4000000
8B4D EC
8B51 04
8B42 04
8945 EC
EB 66
8B4D EC
8B51 04
8B45 EC
3B42 08
75 18
8B4D EC
8B51 04
8955 EC
8B45 EC
50

MOV EDX,DWORD PTR DS:[ECX+4]


MOVSX EAX,BYTE PTR DS:[EDX+0D4]
TEST EAX,EAX
JNE 00429ACC
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV EDX,DWORD PTR DS:[ECX+4]
ADD EDX,4
MOV DWORD PTR SS:[LOCAL.31],EDX
MOV EAX,DWORD PTR SS:[LOCAL.31]
MOV ECX,DWORD PTR DS:[EAX]
MOV DWORD PTR SS:[LOCAL.32],ECX
MOV EDX,DWORD PTR SS:[LOCAL.5]
MOV EAX,DWORD PTR SS:[LOCAL.32]
MOV ECX,DWORD PTR DS:[EDX+4]
CMP ECX,DWORD PTR DS:[EAX]
JNE 004299DD
MOV EDX,DWORD PTR SS:[LOCAL.5]
MOV EAX,DWORD PTR DS:[EDX+4]
ADD EAX,4
MOV DWORD PTR SS:[LOCAL.33],EAX
MOV ECX,DWORD PTR SS:[LOCAL.33]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR DS:[EDX+8]
MOV DWORD PTR SS:[ARG.3],EAX
MOV ECX,DWORD PTR SS:[ARG.3]
MOVSX EDX,BYTE PTR DS:[ECX+0D4]
TEST EDX,EDX
JNE SHORT 00429972
MOV EAX,DWORD PTR SS:[LOCAL.5]
MOV ECX,DWORD PTR DS:[EAX+4]
MOV BYTE PTR DS:[ECX+0D4],1
MOV EDX,DWORD PTR SS:[ARG.3]
MOV BYTE PTR DS:[EDX+0D4],1
MOV EAX,DWORD PTR SS:[LOCAL.5]
MOV ECX,DWORD PTR DS:[EAX+4]
ADD ECX,4
MOV DWORD PTR SS:[LOCAL.34],ECX
MOV EDX,DWORD PTR SS:[LOCAL.34]
MOV EAX,DWORD PTR DS:[EDX]
MOV BYTE PTR DS:[EAX+0D4],0
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV EDX,DWORD PTR DS:[ECX+4]
MOV EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.5],EAX
JMP SHORT 004299D8
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV EDX,DWORD PTR DS:[ECX+4]
MOV EAX,DWORD PTR SS:[LOCAL.5]
CMP EAX,DWORD PTR DS:[EDX+8]
JNE SHORT 00429998
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[LOCAL.5],EDX
MOV EAX,DWORD PTR SS:[LOCAL.5]
PUSH EAX

8B8D 30FFFFFF MOV ECX,DWORD PTR SS:[LOCAL.52]


E8 98200000 CALL 0042BA30
8B4D EC

MOV ECX,DWORD PTR SS:[LOCAL.5]

; /Arg1 =>
; |
; \SystemIn

0042999B |.
0042999E |.
004299A5 |.
004299A8 |.
004299AB |.
004299AE |.
004299B4 |.
004299BA |.
004299BC |.
004299C3 |.
004299C6 |.
004299C9 |.
004299CC |.
004299CD |.
004299D3 |.
fo.0042BAE0
004299D8 |>^
004299DD |>
004299E0 |.
004299E3 |.
004299E6 |.
004299EC |.
004299F2 |.
004299F4 |.
004299FA |.
00429A00 |.
00429A02 |.
00429A05 |.
00429A08 |.
00429A0F |.
00429A11 |.
00429A13 |.
00429A16 |.
00429A19 |.
00429A20 |.
00429A23 |.
00429A2A |.
00429A2D |.
00429A30 |.
00429A33 |.
00429A39 |.
00429A3F |.
00429A41 |.
00429A48 |.
00429A4B |.
00429A4E |.
00429A51 |.
00429A54 |.^
00429A56 |>
00429A59 |.
00429A5C |.
00429A62 |.
00429A68 |.
00429A6B |.
00429A6D |.
00429A6F |.
00429A72 |.
00429A75 |.
00429A78 |.
00429A7B |.

8B51 04
C682 D4000000
8B45 EC
8B48 04
83C1 04
898D 68FFFFFF
8B95 68FFFFFF
8B02
C680 D4000000
8B4D EC
8B51 04
8B42 04
50
8B8D 30FFFFFF
E8 08210000

MOV EDX,DWORD PTR DS:[ECX+4]


MOV BYTE PTR DS:[EDX+0D4],1
MOV EAX,DWORD PTR SS:[LOCAL.5]
MOV ECX,DWORD PTR DS:[EAX+4]
ADD ECX,4
MOV DWORD PTR SS:[LOCAL.38],ECX
MOV EDX,DWORD PTR SS:[LOCAL.38]
MOV EAX,DWORD PTR DS:[EDX]
MOV BYTE PTR DS:[EAX+0D4],0
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV EDX,DWORD PTR DS:[ECX+4]
MOV EAX,DWORD PTR DS:[EDX+4]
PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.52]
CALL 0042BAE0

; /Arg1
; |
; \SystemIn

E9 EA000000
8B4D EC
8B51 04
83C2 04
8995 5CFFFFFF
8B85 5CFFFFFF
8B08
898D 58FFFFFF
8B95 58FFFFFF
8B02
8945 10
8B4D 10
0FBE91 D40000
85D2
75 43
8B45 EC
8B48 04
C681 D4000000
8B55 10
C682 D4000000
8B45 EC
8B48 04
83C1 04
898D 54FFFFFF
8B95 54FFFFFF
8B02
C680 D4000000
8B4D EC
8B51 04
8B42 04
8945 EC
EB 71
8B4D EC
8B51 04
8995 50FFFFFF
8B85 50FFFFFF
8B4D EC
3B08
75 18
8B55 EC
8B42 04
8945 EC
8B4D EC
51

JMP 00429AC7
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV EDX,DWORD PTR DS:[ECX+4]
ADD EDX,4
MOV DWORD PTR SS:[LOCAL.41],EDX
MOV EAX,DWORD PTR SS:[LOCAL.41]
MOV ECX,DWORD PTR DS:[EAX]
MOV DWORD PTR SS:[LOCAL.42],ECX
MOV EDX,DWORD PTR SS:[LOCAL.42]
MOV EAX,DWORD PTR DS:[EDX]
MOV DWORD PTR SS:[ARG.3],EAX
MOV ECX,DWORD PTR SS:[ARG.3]
MOVSX EDX,BYTE PTR DS:[ECX+0D4]
TEST EDX,EDX
JNE SHORT 00429A56
MOV EAX,DWORD PTR SS:[LOCAL.5]
MOV ECX,DWORD PTR DS:[EAX+4]
MOV BYTE PTR DS:[ECX+0D4],1
MOV EDX,DWORD PTR SS:[ARG.3]
MOV BYTE PTR DS:[EDX+0D4],1
MOV EAX,DWORD PTR SS:[LOCAL.5]
MOV ECX,DWORD PTR DS:[EAX+4]
ADD ECX,4
MOV DWORD PTR SS:[LOCAL.43],ECX
MOV EDX,DWORD PTR SS:[LOCAL.43]
MOV EAX,DWORD PTR DS:[EDX]
MOV BYTE PTR DS:[EAX+0D4],0
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV EDX,DWORD PTR DS:[ECX+4]
MOV EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.5],EAX
JMP SHORT 00429AC7
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[LOCAL.44],EDX
MOV EAX,DWORD PTR SS:[LOCAL.44]
MOV ECX,DWORD PTR SS:[LOCAL.5]
CMP ECX,DWORD PTR DS:[EAX]
JNE SHORT 00429A87
MOV EDX,DWORD PTR SS:[LOCAL.5]
MOV EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.5],EAX
MOV ECX,DWORD PTR SS:[LOCAL.5]
PUSH ECX

; /Arg1 =>

[LOCAL.5]
00429A7C |.
00429A82 |.
fo.0042BAE0
00429A87 |>
00429A8A |.
00429A8D |.
00429A94 |.
00429A97 |.
00429A9A |.
00429A9D |.
00429AA3 |.
00429AA9 |.
00429AAB |.
00429AB2 |.
00429AB5 |.
00429AB8 |.
00429ABB |.
00429ABC |.
00429AC2 |.
fo.0042BA30
00429AC7 |>^
00429ACC |>
00429AD2 |.
00429AD5 |.
00429AD8 |.
00429ADE |.
00429AE4 |.
00429AE6 |.
00429AED |.
00429AF0 |.
00429AF6 |.
00429AF9 |.
00429AFC |.
00429AFF |.
00429B06 |.
00429B08 |.
00429B0D |>
00429B0F |.^
00429B11 |.
00429B14 |.
00429B1A |.
00429B1C |.
00429B1E |.
00429B21 |.
00429B24 |.
00429B2B |.
00429B2C |.
00429B2E |.
00429B2F \.
00429B32
00429B33
00429B34
00429B35
00429B36
00429B37
00429B38
00429B39
00429B3A
00429B3B

8B8D 30FFFFFF MOV ECX,DWORD PTR SS:[LOCAL.52]


E8 59200000 CALL 0042BAE0

; |
; \SystemIn

8B55 EC
8B42 04
C680 D4000000
8B4D EC
8B51 04
83C2 04
8995 44FFFFFF
8B85 44FFFFFF
8B08
C681 D4000000
8B55 EC
8B42 04
8B48 04
51
8B8D 30FFFFFF
E8 691F0000

MOV EDX,DWORD PTR SS:[LOCAL.5]


MOV EAX,DWORD PTR DS:[EDX+4]
MOV BYTE PTR DS:[EAX+0D4],1
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV EDX,DWORD PTR DS:[ECX+4]
ADD EDX,4
MOV DWORD PTR SS:[LOCAL.47],EDX
MOV EAX,DWORD PTR SS:[LOCAL.47]
MOV ECX,DWORD PTR DS:[EAX]
MOV BYTE PTR DS:[ECX+0D4],0
MOV EDX,DWORD PTR SS:[LOCAL.5]
MOV EAX,DWORD PTR DS:[EDX+4]
MOV ECX,DWORD PTR DS:[EAX+4]
PUSH ECX
MOV ECX,DWORD PTR SS:[LOCAL.52]
CALL 0042BA30

; /Arg1
; |
; \SystemIn

E9 FEFDFFFF
8B95 30FFFFFF
8B42 18
83C0 04
8985 34FFFFFF
8B8D 34FFFFFF
8B11
C682 D4000000
8B45 08
C700 00000000
8B4D 08
8B55 F0
8951 04
83BD 30FFFFFF
75 05
E8 7B4D0000
33C0
75 FC
8B4D 08
8B95 30FFFFFF
8B02
8901
8B45 08
8B4D F4
64:890D 00000
59
8BE5
5D
C2 1000
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC

JMP 004298CA
MOV EDX,DWORD PTR SS:[LOCAL.52]
MOV EAX,DWORD PTR DS:[EDX+18]
ADD EAX,4
MOV DWORD PTR SS:[LOCAL.51],EAX
MOV ECX,DWORD PTR SS:[LOCAL.51]
MOV EDX,DWORD PTR DS:[ECX]
MOV BYTE PTR DS:[EDX+0D4],1
MOV EAX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR DS:[EAX],0
MOV ECX,DWORD PTR SS:[ARG.1]
MOV EDX,DWORD PTR SS:[LOCAL.4]
MOV DWORD PTR DS:[ECX+4],EDX
CMP DWORD PTR SS:[LOCAL.52],0
JNE SHORT 00429B0D
CALL 0042E888
/XOR EAX,EAX
\JNE SHORT 00429B0D
MOV ECX,DWORD PTR SS:[ARG.1]
MOV EDX,DWORD PTR SS:[LOCAL.52]
MOV EAX,DWORD PTR DS:[EDX]
MOV DWORD PTR DS:[ECX],EAX
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ECX,DWORD PTR SS:[LOCAL.3]
MOV DWORD PTR FS:[0],ECX
POP ECX
MOV ESP,EBP
POP EBP
RETN 10
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3

00429B3C
CC
00429B3D
CC
00429B3E
CC
00429B3F
CC
00429B40 /$ 55
o.00429B40(guessed Arg1)
00429B41 |. 8BEC
00429B43 |. 83EC 30
00429B46 |. 894D D0
00429B49 |. 8B45 D0
00429B4C |. 8B48 18
00429B4F |. 8B51 04
00429B52 |. 8955 F8
00429B55 |. 8B45 D0
00429B58 |. 8B48 18
00429B5B |. 894D FC
00429B5E |> 8B55 F8
00429B61 |. 0FBE82 D50000
00429B68 |. 85C0
00429B6A |. 75 46
00429B6C |. 8B4D 08
00429B6F |. E8 3C4BFEFF
00429B74 |. 50
00429B75 |. 8B4D F8
00429B78 |. 83C1 0C
00429B7B |. E8 304BFEFF
00429B80 |. 50
00429B81 |. E8 FA4D0000
fo.0042E980
00429B86 |. 83C4 08
00429B89 |. 33C9
00429B8B |. 85C0
00429B8D |. 0F9CC1
00429B90 |. 0FB6D1
00429B93 |. 85D2
00429B95 |. 74 0B
00429B97 |. 8B45 F8
00429B9A |. 8B48 08
00429B9D |. 894D F8
00429BA0 |.^ EB 0E
00429BA2 |> 8B55 F8
00429BA5 |. 8955 FC
00429BA8 |. 8B45 F8
00429BAB |. 8B08
00429BAD |. 894D F8
00429BB0 |>^ EB AC
00429BB2 |> 8B45 FC
00429BB5 |. 8BE5
00429BB7 |. 5D
00429BB8 \. C2 0400
00429BBB
CC
00429BBC
CC
00429BBD
CC
00429BBE
CC
00429BBF
CC
00429BC0 /$ 55
o.00429BC0(guessed void)
00429BC1 |. 8BEC
00429BC3 |. 83EC 0C
00429BC6 |. 894D F8

INT3
INT3
INT3
INT3
PUSH EBP

; SystemInf

MOV EBP,ESP
SUB ESP,30
MOV DWORD PTR SS:[LOCAL.12],ECX
MOV EAX,DWORD PTR SS:[LOCAL.12]
MOV ECX,DWORD PTR DS:[EAX+18]
MOV EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[LOCAL.2],EDX
MOV EAX,DWORD PTR SS:[LOCAL.12]
MOV ECX,DWORD PTR DS:[EAX+18]
MOV DWORD PTR SS:[LOCAL.1],ECX
/MOV EDX,DWORD PTR SS:[LOCAL.2]
|MOVSX EAX,BYTE PTR DS:[EDX+0D5]
|TEST EAX,EAX
|JNE SHORT 00429BB2
|MOV ECX,DWORD PTR SS:[ARG.1]
|CALL 0040E6B0
|PUSH EAX
|MOV ECX,DWORD PTR SS:[LOCAL.2]
|ADD ECX,0C
|CALL 0040E6B0
|PUSH EAX
|CALL 0042E980

;
;
;
;
;
;

|ADD ESP,8
|XOR ECX,ECX
|TEST EAX,EAX
|SETL CL
|MOVZX EDX,CL
|TEST EDX,EDX
|JE SHORT 00429BA2
|MOV EAX,DWORD PTR SS:[LOCAL.2]
|MOV ECX,DWORD PTR DS:[EAX+8]
|MOV DWORD PTR SS:[LOCAL.2],ECX
|JMP SHORT 00429BB0
|MOV EDX,DWORD PTR SS:[LOCAL.2]
|MOV DWORD PTR SS:[LOCAL.1],EDX
|MOV EAX,DWORD PTR SS:[LOCAL.2]
|MOV ECX,DWORD PTR DS:[EAX]
|MOV DWORD PTR SS:[LOCAL.2],ECX
\JMP SHORT 00429B5E
MOV EAX,DWORD PTR SS:[LOCAL.1]
MOV ESP,EBP
POP EBP
RETN 4
INT3
INT3
INT3
INT3
INT3
PUSH EBP

; SystemInf

MOV EBP,ESP
SUB ESP,0C
MOV DWORD PTR SS:[LOCAL.2],ECX

/Arg2
|
|
|
|Arg1
\SystemIn

00429BC9 |. 8B45 F8
MOV EAX,DWORD PTR SS:[LOCAL.2]
00429BCC |. 8338 FC
CMP DWORD PTR DS:[EAX],-4
00429BCF |. 74 5C
JE SHORT 00429C2D
00429BD1 |. 8B4D F8
MOV ECX,DWORD PTR SS:[LOCAL.2]
00429BD4 |. 33D2
XOR EDX,EDX
00429BD6 |. 8339 00
CMP DWORD PTR DS:[ECX],0
00429BD9 |. 0F95C2
SETNE DL
00429BDC |. 0FB6C2
MOVZX EAX,DL
00429BDF |. 85C0
TEST EAX,EAX
00429BE1 |. 75 05
JNE SHORT 00429BE8
00429BE3 |. E8 A04C0000 CALL 0042E888
00429BE8 |> 33C9
/XOR ECX,ECX
00429BEA |.^ 75 FC
\JNE SHORT 00429BE8
00429BEC |. 8B55 F8
MOV EDX,DWORD PTR SS:[LOCAL.2]
00429BEF |. 8B02
MOV EAX,DWORD PTR DS:[EDX]
00429BF1 |. 8945 FC
MOV DWORD PTR SS:[LOCAL.1],EAX
00429BF4 |. 8B4D FC
MOV ECX,DWORD PTR SS:[LOCAL.1]
00429BF7 |. 8379 18 10
CMP DWORD PTR DS:[ECX+18],10
00429BFB |. 72 0B
JB SHORT 00429C08
00429BFD |. 8B55 FC
MOV EDX,DWORD PTR SS:[LOCAL.1]
00429C00 |. 8B42 04
MOV EAX,DWORD PTR DS:[EDX+4]
00429C03 |. 8945 F4
MOV DWORD PTR SS:[LOCAL.3],EAX
00429C06 |. EB 09
JMP SHORT 00429C11
00429C08 |> 8B4D FC
MOV ECX,DWORD PTR SS:[LOCAL.1]
00429C0B |. 83C1 04
ADD ECX,4
00429C0E |. 894D F4
MOV DWORD PTR SS:[LOCAL.3],ECX
00429C11 |> 8B55 F8
MOV EDX,DWORD PTR SS:[LOCAL.2]
00429C14 |. 8B02
MOV EAX,DWORD PTR DS:[EDX]
00429C16 |. 8B4D F4
MOV ECX,DWORD PTR SS:[LOCAL.3]
00429C19 |. 0348 14
ADD ECX,DWORD PTR DS:[EAX+14]
00429C1C |. 8B55 F8
MOV EDX,DWORD PTR SS:[LOCAL.2]
00429C1F |. 394A 04
CMP DWORD PTR DS:[EDX+4],ECX
00429C22 |. 72 05
JB SHORT 00429C29
00429C24 |. E8 5F4C0000 CALL 0042E888
00429C29 |> 33C0
/XOR EAX,EAX
00429C2B |.^ 75 FC
\JNE SHORT 00429C29
00429C2D |> 8B4D F8
MOV ECX,DWORD PTR SS:[LOCAL.2]
00429C30 |. 8B41 04
MOV EAX,DWORD PTR DS:[ECX+4]
00429C33 |. 8BE5
MOV ESP,EBP
00429C35 |. 5D
POP EBP
00429C36 \. C3
RETN
00429C37
CC
INT3
00429C38
CC
INT3
00429C39
CC
INT3
00429C3A
CC
INT3
00429C3B
CC
INT3
00429C3C
CC
INT3
00429C3D
CC
INT3
00429C3E
CC
INT3
00429C3F
CC
INT3
00429C40 /$ 55
PUSH EBP
o.00429C40(guessed Arg1,Arg2,Arg3,Arg4,Arg5)
00429C41 |. 8BEC
MOV EBP,ESP
00429C43 |. 83EC 54
SUB ESP,54
00429C46 |. 894D AC
MOV DWORD PTR SS:[LOCAL.21],ECX
00429C49 |. 8B45 AC
MOV EAX,DWORD PTR SS:[LOCAL.21]
00429C4C |. 8B48 18
MOV ECX,DWORD PTR DS:[EAX+18]
00429C4F |. 894D DC
MOV DWORD PTR SS:[LOCAL.9],ECX
00429C52 |. 8B55 DC
MOV EDX,DWORD PTR SS:[LOCAL.9]
00429C55 |. 8B02
MOV EAX,DWORD PTR DS:[EDX]

; SystemInf

00429C57
00429C5A
00429C61
00429C64
00429C67
00429C6B
00429C6D
00429C72
00429C74
00429C76
00429C79
00429C7B
00429C7E
00429C80
00429C84
00429C87
00429C8A
00429C8C
00429C8E
00429C91
00429C93
00429C96
00429C99
00429C9C
00429C9E
00429CA0
00429CA5
00429CA7
00429CA9
00429CAC
00429CAE
00429CB1
00429CB4
00429CB7
00429CB9
00429CBF
00429CC2
00429CC5
00429CC8
00429CCF
00429CD2
00429CD5
00429CD9
00429CDB
00429CE0
00429CE2
00429CE4
00429CE7
00429CE9
00429CEC
00429CEE
00429CF2
00429CF5
00429CF8
00429CFA
00429CFC
00429CFF
00429D01
00429D04
00429D07

|.
|.
|.
|.
|.
|.
|.
|>
|.^
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|>
|.^
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.^
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.

8945 D8
C745 F8 00000
8B4D D8
894D FC
837D AC 00
75 05
E8 164C0000
33D2
75 FC
8B45 AC
8B08
894D F8
33D2
837D 0C 00
0F95C2
0FB6C2
85C0
74 12
8B4D 0C
33D2
3B4D F8
0F94C2
0FB6C2
85C0
75 05
E8 E34B0000
33C9
75 FC
8B55 10
33C0
3B55 FC
0F94C0
0FB6C8
85C9
0F84 BB000000
8B55 AC
8B42 18
8945 D4
C745 F0 00000
8B4D D4
894D F4
837D AC 00
75 05
E8 A84B0000
33D2
75 FC
8B45 AC
8B08
894D F0
33D2
837D 14 00
0F95C2
0FB6C2
85C0
74 12
8B4D 14
33D2
3B4D F0
0F94C2
0FB6C2

MOV DWORD PTR SS:[LOCAL.10],EAX


MOV DWORD PTR SS:[LOCAL.2],0
MOV ECX,DWORD PTR SS:[LOCAL.10]
MOV DWORD PTR SS:[LOCAL.1],ECX
CMP DWORD PTR SS:[LOCAL.21],0
JNE SHORT 00429C72
CALL 0042E888
/XOR EDX,EDX
\JNE SHORT 00429C72
MOV EAX,DWORD PTR SS:[LOCAL.21]
MOV ECX,DWORD PTR DS:[EAX]
MOV DWORD PTR SS:[LOCAL.2],ECX
XOR EDX,EDX
CMP DWORD PTR SS:[ARG.2],0
SETNE DL
MOVZX EAX,DL
TEST EAX,EAX
JE SHORT 00429CA0
MOV ECX,DWORD PTR SS:[ARG.2]
XOR EDX,EDX
CMP ECX,DWORD PTR SS:[LOCAL.2]
SETE DL
MOVZX EAX,DL
TEST EAX,EAX
JNE SHORT 00429CA5
CALL 0042E888
/XOR ECX,ECX
\JNE SHORT 00429CA5
MOV EDX,DWORD PTR SS:[ARG.3]
XOR EAX,EAX
CMP EDX,DWORD PTR SS:[LOCAL.1]
SETE AL
MOVZX ECX,AL
TEST ECX,ECX
JE 00429D7A
MOV EDX,DWORD PTR SS:[LOCAL.21]
MOV EAX,DWORD PTR DS:[EDX+18]
MOV DWORD PTR SS:[LOCAL.11],EAX
MOV DWORD PTR SS:[LOCAL.4],0
MOV ECX,DWORD PTR SS:[LOCAL.11]
MOV DWORD PTR SS:[LOCAL.3],ECX
CMP DWORD PTR SS:[LOCAL.21],0
JNE SHORT 00429CE0
CALL 0042E888
/XOR EDX,EDX
\JNE SHORT 00429CE0
MOV EAX,DWORD PTR SS:[LOCAL.21]
MOV ECX,DWORD PTR DS:[EAX]
MOV DWORD PTR SS:[LOCAL.4],ECX
XOR EDX,EDX
CMP DWORD PTR SS:[ARG.4],0
SETNE DL
MOVZX EAX,DL
TEST EAX,EAX
JE SHORT 00429D0E
MOV ECX,DWORD PTR SS:[ARG.4]
XOR EDX,EDX
CMP ECX,DWORD PTR SS:[LOCAL.4]
SETE DL
MOVZX EAX,DL

00429D0A
00429D0C
00429D0E
00429D13
00429D15
00429D17
00429D1A
00429D1C
00429D1F
00429D22
00429D25
00429D27
00429D29
00429D2C
00429D31
00429D34
00429D37
00429D3A
00429D3D
00429D3F
00429D42
00429D45
00429D4B
00429D4E
00429D51
00429D54
00429D58
00429D5A
00429D5F
00429D61
00429D63
00429D66
00429D69
00429D6B
00429D6D
00429D70
00429D75
00429D7A
00429D7C
00429D80
00429D83
00429D86
00429D88
00429D8A
00429D8D
00429D8F
00429D92
00429D95
00429D98
00429D9A
00429D9C
00429DA1
00429DA3
00429DA5
00429DA8
00429DAA
00429DAD
00429DB0
00429DB3
00429DB5

|.
|.
|>
|>
|.^
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.^
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|>
|.^
|.
|.
|.
|.
|.
|.
|.

85C0
75 05
E8 754B0000
33C9
75 FC
8B55 18
33C0
3B55 F4
0F94C0
0FB6C8
85C9
74 51
8B4D AC
E8 EF270000
8B55 AC
8B42 18
8945 CC
8B4D CC
8B11
8955 C8
8B45 08
C700 00000000
8B4D 08
8B55 C8
8951 04
837D AC 00
75 05
E8 294B0000
33C0
75 FC
8B4D 08
8B55 AC
8B02
8901
8B45 08
E9 C3000000
E9 BE000000
33C9
837D 0C 00
0F95C1
0FB6D1
85D2
74 12
8B45 0C
33C9
3B45 14
0F94C1
0FB6D1
85D2
75 05
E8 E74A0000
33C0
75 FC
8B4D 10
33D2
3B4D 18
0F94C2
0FB6C2
F7D8
1BC0

TEST EAX,EAX
JNE SHORT 00429D13
CALL 0042E888
/XOR ECX,ECX
\JNE SHORT 00429D13
MOV EDX,DWORD PTR SS:[ARG.5]
XOR EAX,EAX
CMP EDX,DWORD PTR SS:[LOCAL.3]
SETE AL
MOVZX ECX,AL
TEST ECX,ECX
JE SHORT 00429D7A
MOV ECX,DWORD PTR SS:[LOCAL.21]
CALL 0042C520
MOV EDX,DWORD PTR SS:[LOCAL.21]
MOV EAX,DWORD PTR DS:[EDX+18]
MOV DWORD PTR SS:[LOCAL.13],EAX
MOV ECX,DWORD PTR SS:[LOCAL.13]
MOV EDX,DWORD PTR DS:[ECX]
MOV DWORD PTR SS:[LOCAL.14],EDX
MOV EAX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR DS:[EAX],0
MOV ECX,DWORD PTR SS:[ARG.1]
MOV EDX,DWORD PTR SS:[LOCAL.14]
MOV DWORD PTR DS:[ECX+4],EDX
CMP DWORD PTR SS:[LOCAL.21],0
JNE SHORT 00429D5F
CALL 0042E888
/XOR EAX,EAX
\JNE SHORT 00429D5F
MOV ECX,DWORD PTR SS:[ARG.1]
MOV EDX,DWORD PTR SS:[LOCAL.21]
MOV EAX,DWORD PTR DS:[EDX]
MOV DWORD PTR DS:[ECX],EAX
MOV EAX,DWORD PTR SS:[ARG.1]
JMP 00429E38
JMP 00429E38
/XOR ECX,ECX
|CMP DWORD PTR SS:[ARG.2],0
|SETNE CL
|MOVZX EDX,CL
|TEST EDX,EDX
|JE SHORT 00429D9C
|MOV EAX,DWORD PTR SS:[ARG.2]
|XOR ECX,ECX
|CMP EAX,DWORD PTR SS:[ARG.4]
|SETE CL
|MOVZX EDX,CL
|TEST EDX,EDX
|JNE SHORT 00429DA1
|CALL 0042E888
|/XOR EAX,EAX
|\JNE SHORT 00429DA1
|MOV ECX,DWORD PTR SS:[ARG.3]
|XOR EDX,EDX
|CMP ECX,DWORD PTR SS:[ARG.5]
|SETE DL
|MOVZX EAX,DL
|NEG EAX
|SBB EAX,EAX

00429DB7 |. 83C0 01
00429DBA |. 0FB6C8
00429DBD |. 85C9
00429DBF |. 74 36
00429DC1 |. 8B55 0C
00429DC4 |. 8B45 10
00429DC7 |. 8955 C0
00429DCA |. 8945 C4
00429DCD |. 8D4D 0C
00429DD0 |. E8 4BDBFFFF
00429DD5 |. 8B4D C0
00429DD8 |. 894D E8
00429DDB |. 8B55 C4
00429DDE |. 8955 EC
00429DE1 |. 8B45 EC
00429DE4 |. 50
[ARG.3]
00429DE5 |. 8B4D E8
00429DE8 |. 51
[ARG.2]
00429DE9 |. 8D55 E0
00429DEC |. 52
OFFSET LOCAL.8
00429DED |. 8B4D AC
00429DF0 |. E8 1B210000
fo.0042BF10
00429DF5 |.^ EB 83
00429DF7 |> 8B45 0C
00429DFA |. 8945 B0
00429DFD |. 8B4D 10
00429E00 |. 894D B4
00429E03 |. C745 B8 00000
00429E0A |. 8B55 B4
00429E0D |. 8955 BC
00429E10 |. 837D AC 00
00429E14 |. 75 05
00429E16 |. E8 6D4A0000
00429E1B |> 33C0
00429E1D |.^ 75 FC
00429E1F |. 8B4D AC
00429E22 |. 8B11
00429E24 |. 8955 B8
00429E27 |. 8B45 B8
00429E2A |. 8B4D BC
00429E2D |. 8B55 08
00429E30 |. 8902
00429E32 |. 894A 04
00429E35 |. 8B45 08
00429E38 |> 8BE5
00429E3A |. 5D
00429E3B \. C2 1400
00429E3E
CC
00429E3F
CC
00429E40 /$ 55
00429E41 |. 8BEC
00429E43 |. 83EC 08
00429E46 |. 894D F8
00429E49 |. 8B4D F8
00429E4C |. E8 8F280000
00429E51 |. 8B4D F8

|ADD EAX,1
|MOVZX ECX,AL
|TEST ECX,ECX
|JE SHORT 00429DF7
|MOV EDX,DWORD PTR SS:[ARG.2]
|MOV EAX,DWORD PTR SS:[ARG.3]
|MOV DWORD PTR SS:[LOCAL.16],EDX
|MOV DWORD PTR SS:[LOCAL.15],EAX
|LEA ECX,[ARG.2]
|CALL 00427920
|MOV ECX,DWORD PTR SS:[LOCAL.16]
|MOV DWORD PTR SS:[LOCAL.6],ECX
|MOV EDX,DWORD PTR SS:[LOCAL.15]
|MOV DWORD PTR SS:[LOCAL.5],EDX
|MOV EAX,DWORD PTR SS:[LOCAL.5]
|PUSH EAX

; /Arg3 =>

|MOV ECX,DWORD PTR SS:[LOCAL.6]


|PUSH ECX

; |
; |Arg2 =>

|LEA EDX,[LOCAL.8]
|PUSH EDX

; |
; |Arg1 =>

|MOV ECX,DWORD PTR SS:[LOCAL.21]


|CALL 0042BF10

; |
; \SystemIn

\JMP SHORT 00429D7A


MOV EAX,DWORD PTR SS:[ARG.2]
MOV DWORD PTR SS:[LOCAL.20],EAX
MOV ECX,DWORD PTR SS:[ARG.3]
MOV DWORD PTR SS:[LOCAL.19],ECX
MOV DWORD PTR SS:[LOCAL.18],0
MOV EDX,DWORD PTR SS:[LOCAL.19]
MOV DWORD PTR SS:[LOCAL.17],EDX
CMP DWORD PTR SS:[LOCAL.21],0
JNE SHORT 00429E1B
CALL 0042E888
/XOR EAX,EAX
\JNE SHORT 00429E1B
MOV ECX,DWORD PTR SS:[LOCAL.21]
MOV EDX,DWORD PTR DS:[ECX]
MOV DWORD PTR SS:[LOCAL.18],EDX
MOV EAX,DWORD PTR SS:[LOCAL.18]
MOV ECX,DWORD PTR SS:[LOCAL.17]
MOV EDX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR DS:[EDX],EAX
MOV DWORD PTR DS:[EDX+4],ECX
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ESP,EBP
POP EBP
RETN 14
INT3
INT3
PUSH EBP
MOV EBP,ESP
SUB ESP,8
MOV DWORD PTR SS:[LOCAL.2],ECX
MOV ECX,DWORD PTR SS:[LOCAL.2]
CALL 0042C6E0
MOV ECX,DWORD PTR SS:[LOCAL.2]

00429E54 |. 8941 18
MOV DWORD PTR DS:[ECX+18],EAX
00429E57 |. 8B55 F8
MOV EDX,DWORD PTR SS:[LOCAL.2]
00429E5A |. 8B42 18
MOV EAX,DWORD PTR DS:[EDX+18]
00429E5D |. C640 3D 01
MOV BYTE PTR DS:[EAX+3D],1
00429E61 |. 8B4D F8
MOV ECX,DWORD PTR SS:[LOCAL.2]
00429E64 |. 8B51 18
MOV EDX,DWORD PTR DS:[ECX+18]
00429E67 |. 8B45 F8
MOV EAX,DWORD PTR SS:[LOCAL.2]
00429E6A |. 8B48 18
MOV ECX,DWORD PTR DS:[EAX+18]
00429E6D |. 894A 04
MOV DWORD PTR DS:[EDX+4],ECX
00429E70 |. 8B55 F8
MOV EDX,DWORD PTR SS:[LOCAL.2]
00429E73 |. 8B42 18
MOV EAX,DWORD PTR DS:[EDX+18]
00429E76 |. 8945 FC
MOV DWORD PTR SS:[LOCAL.1],EAX
00429E79 |. 8B4D FC
MOV ECX,DWORD PTR SS:[LOCAL.1]
00429E7C |. 8B55 F8
MOV EDX,DWORD PTR SS:[LOCAL.2]
00429E7F |. 8B42 18
MOV EAX,DWORD PTR DS:[EDX+18]
00429E82 |. 8901
MOV DWORD PTR DS:[ECX],EAX
00429E84 |. 8B4D F8
MOV ECX,DWORD PTR SS:[LOCAL.2]
00429E87 |. 8B51 18
MOV EDX,DWORD PTR DS:[ECX+18]
00429E8A |. 8B45 F8
MOV EAX,DWORD PTR SS:[LOCAL.2]
00429E8D |. 8B48 18
MOV ECX,DWORD PTR DS:[EAX+18]
00429E90 |. 894A 08
MOV DWORD PTR DS:[EDX+8],ECX
00429E93 |. 8B55 F8
MOV EDX,DWORD PTR SS:[LOCAL.2]
00429E96 |. C742 1C 00000 MOV DWORD PTR DS:[EDX+1C],0
00429E9D |. 8BE5
MOV ESP,EBP
00429E9F |. 5D
POP EBP
00429EA0 \. C3
RETN
00429EA1
CC
INT3
00429EA2
CC
INT3
00429EA3
CC
INT3
00429EA4
CC
INT3
00429EA5
CC
INT3
00429EA6
CC
INT3
00429EA7
CC
INT3
00429EA8
CC
INT3
00429EA9
CC
INT3
00429EAA
CC
INT3
00429EAB
CC
INT3
00429EAC
CC
INT3
00429EAD
CC
INT3
00429EAE
CC
INT3
00429EAF
CC
INT3
00429EB0 /$ 55
PUSH EBP
o.00429EB0(guessed Arg1,Arg2,Arg3,Arg4)
00429EB1 |. 8BEC
MOV EBP,ESP
00429EB3 |. 6A FF
PUSH -1
00429EB5 |. 68 38544400 PUSH 00445438
00429EBA |. 64:A1 0000000 MOV EAX,DWORD PTR FS:[0]
00429EC0 |. 50
PUSH EAX
00429EC1 |. 81EC C8000000 SUB ESP,0C8
00429EC7 |. A1 A0154500 MOV EAX,DWORD PTR DS:[4515A0]
00429ECC |. 33C5
XOR EAX,EBP
00429ECE |. 50
PUSH EAX
00429ECF |. 8D45 F4
LEA EAX,[LOCAL.3]
00429ED2 |. 64:A3 0000000 MOV DWORD PTR FS:[0],EAX
00429ED8 |. 898D 30FFFFFF MOV DWORD PTR SS:[LOCAL.52],ECX
00429EDE |. C745 A4 55555 MOV DWORD PTR SS:[LOCAL.23],5555555
00429EE5 |. 837D A4 00
CMP DWORD PTR SS:[LOCAL.23],0
00429EE9 |. 76 0B
JBE SHORT 00429EF6
00429EEB |. 8B45 A4
MOV EAX,DWORD PTR SS:[LOCAL.23]
00429EEE |. 8985 2CFFFFFF MOV DWORD PTR SS:[LOCAL.53],EAX

; SystemInf

00429EF4 |. EB 0A
00429EF6 |> C785 2CFFFFFF
00429F00 |> 8B8D 2CFFFFFF
00429F06 |. 83E9 01
00429F09 |. 8B95 30FFFFFF
00429F0F |. 3B4A 1C
00429F12 |. 77 48
00429F14 |. 68 1C884400
SCII "map/set<T> too long"
00429F19 |. 8D4D A8
00429F1C |. E8 CF4CFEFF
fo.0040EBF0
00429F21 |. C745 FC 00000
00429F28 |. 8D45 A8
00429F2B |. 50
OFFSET LOCAL.22
00429F2C |. 8D4D C4
00429F2F |. E8 0CECFDFF
fo.00408B40
00429F34 |. C745 C4 14884
00429F3B |. 68 20D44400
ystemInfo.44D420
00429F40 |. 8D4D C4
00429F43 |. 51
OFFSET LOCAL.15
00429F44 |. E8 DC490000
fo.0042E925
00429F49 |. C745 FC FFFFF
00429F50 |. 6A 00
00429F52 |. 6A 01
00429F54 |. 8D4D A8
00429F57 |. E8 045CFEFF
fo.0040FB60
00429F5C |> 6A 00
00429F5E |. 8B55 14
00429F61 |. 52
[ARG.4]
00429F62 |. 8B85 30FFFFFF
00429F68 |. 8B48 18
00429F6B |. 51
[ARG.ECX+18]
00429F6C |. 8B55 10
00429F6F |. 52
[ARG.3]
00429F70 |. 8B85 30FFFFFF
00429F76 |. 8B48 18
00429F79 |. 51
[ARG.ECX+18]
00429F7A |. 8B8D 30FFFFFF
00429F80 |. E8 AB280000
fo.0042C830
00429F85 |. 8945 F0
00429F88 |. 8B95 30FFFFFF
00429F8E |. 8B42 1C
00429F91 |. 83C0 01
00429F94 |. 8B8D 30FFFFFF
00429F9A |. 8941 1C
00429F9D |. 8B95 30FFFFFF
00429FA3 |. 8B45 10
00429FA6 |. 3B42 18

JMP SHORT 00429F00


MOV DWORD PTR SS:[LOCAL.53],1
MOV ECX,DWORD PTR SS:[LOCAL.53]
SUB ECX,1
MOV EDX,DWORD PTR SS:[LOCAL.52]
CMP ECX,DWORD PTR DS:[EDX+1C]
JA SHORT 00429F5C
PUSH OFFSET 0044881C

; /Arg1 = A

LEA ECX,[LOCAL.22]
CALL 0040EBF0

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.1],0


LEA EAX,[LOCAL.22]
PUSH EAX

; /Arg1 =>

LEA ECX,[LOCAL.15]
CALL 00408B40

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.15],OFFSET 00448


PUSH OFFSET 0044D420
; /Arg2 = S
LEA ECX,[LOCAL.15]
PUSH ECX

; |
; |Arg1 =>

CALL 0042E925

; \SystemIn

MOV DWORD PTR SS:[LOCAL.1],-1


PUSH 0
PUSH 1
LEA ECX,[LOCAL.22]
CALL 0040FB60

;
;
;
;

PUSH 0
MOV EDX,DWORD PTR SS:[ARG.4]
PUSH EDX

; /Arg5 = 0
; |
; |Arg4 =>

MOV EAX,DWORD PTR SS:[LOCAL.52]


MOV ECX,DWORD PTR DS:[EAX+18]
PUSH ECX

; |
; |
; |Arg3 =>

MOV EDX,DWORD PTR SS:[ARG.3]


PUSH EDX

; |
; |Arg2 =>

MOV EAX,DWORD PTR SS:[LOCAL.52]


MOV ECX,DWORD PTR DS:[EAX+18]
PUSH ECX

; |
; |
; |Arg1 =>

MOV ECX,DWORD PTR SS:[LOCAL.52]


CALL 0042C830

; |
; \SystemIn

MOV
MOV
MOV
ADD
MOV
MOV
MOV
MOV
CMP

DWORD PTR
EDX,DWORD
EAX,DWORD
EAX,1
ECX,DWORD
DWORD PTR
EDX,DWORD
EAX,DWORD
EAX,DWORD

SS:[LOCAL.4],EAX
PTR SS:[LOCAL.52]
PTR DS:[EDX+1C]
PTR SS:[LOCAL.52]
DS:[ECX+1C],EAX
PTR SS:[LOCAL.52]
PTR SS:[ARG.3]
PTR DS:[EDX+18]

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

00429FA9
00429FAB
00429FB1
00429FB4
00429FB7
00429FBA
00429FC0
00429FC3
00429FC6
00429FC9
00429FCC
00429FCE
00429FD4
00429FD7
00429FDA
00429FDD
00429FDF
00429FE3
00429FE5
00429FE7
00429FEA
00429FED
00429FEF
00429FF5
00429FF8
00429FFB
00429FFE
0042A001
0042A003
0042A005
0042A00B
0042A00E
0042A011
0042A014
0042A017
0042A019
0042A01B
0042A01E
0042A021
0042A024
0042A02A
0042A02D
0042A030
0042A033
0042A035
0042A03B
0042A03E
0042A041
0042A044
0042A047
0042A04A
0042A04D
0042A050
0042A054
0042A056
0042A05C
0042A05F
0042A062
0042A065
0042A068

|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.

75 34
8B8D 30FFFFFF
8B51 18
8B45 F0
8942 04
8B8D 30FFFFFF
8B51 18
8955 90
8B45 90
8B4D F0
8908
8B95 30FFFFFF
8B42 18
8B4D F0
8948 08
EB 65
0FB655 0C
85D2
74 34
8B45 10
8B4D F0
8908
8B95 30FFFFFF
8B42 18
8945 8C
8B4D 8C
8B55 10
3B11
75 14
8B85 30FFFFFF
8B48 18
894D 88
8B55 88
8B45 F0
8902
EB 29
8B4D 10
8B55 F0
8951 08
8B85 30FFFFFF
8B48 18
8B55 10
3B51 08
75 0F
8B85 30FFFFFF
8B48 18
8B55 F0
8951 08
8B45 F0
8945 EC
8B4D EC
8B51 04
0FBE42 3C
85C0
0F85 C9010000
8B4D EC
8B51 04
83C2 04
8955 84
8B45 84

JNE SHORT 00429FDF


MOV ECX,DWORD PTR SS:[LOCAL.52]
MOV EDX,DWORD PTR DS:[ECX+18]
MOV EAX,DWORD PTR SS:[LOCAL.4]
MOV DWORD PTR DS:[EDX+4],EAX
MOV ECX,DWORD PTR SS:[LOCAL.52]
MOV EDX,DWORD PTR DS:[ECX+18]
MOV DWORD PTR SS:[LOCAL.28],EDX
MOV EAX,DWORD PTR SS:[LOCAL.28]
MOV ECX,DWORD PTR SS:[LOCAL.4]
MOV DWORD PTR DS:[EAX],ECX
MOV EDX,DWORD PTR SS:[LOCAL.52]
MOV EAX,DWORD PTR DS:[EDX+18]
MOV ECX,DWORD PTR SS:[LOCAL.4]
MOV DWORD PTR DS:[EAX+8],ECX
JMP SHORT 0042A044
MOVZX EDX,BYTE PTR SS:[ARG.2]
TEST EDX,EDX
JE SHORT 0042A01B
MOV EAX,DWORD PTR SS:[ARG.3]
MOV ECX,DWORD PTR SS:[LOCAL.4]
MOV DWORD PTR DS:[EAX],ECX
MOV EDX,DWORD PTR SS:[LOCAL.52]
MOV EAX,DWORD PTR DS:[EDX+18]
MOV DWORD PTR SS:[LOCAL.29],EAX
MOV ECX,DWORD PTR SS:[LOCAL.29]
MOV EDX,DWORD PTR SS:[ARG.3]
CMP EDX,DWORD PTR DS:[ECX]
JNE SHORT 0042A019
MOV EAX,DWORD PTR SS:[LOCAL.52]
MOV ECX,DWORD PTR DS:[EAX+18]
MOV DWORD PTR SS:[LOCAL.30],ECX
MOV EDX,DWORD PTR SS:[LOCAL.30]
MOV EAX,DWORD PTR SS:[LOCAL.4]
MOV DWORD PTR DS:[EDX],EAX
JMP SHORT 0042A044
MOV ECX,DWORD PTR SS:[ARG.3]
MOV EDX,DWORD PTR SS:[LOCAL.4]
MOV DWORD PTR DS:[ECX+8],EDX
MOV EAX,DWORD PTR SS:[LOCAL.52]
MOV ECX,DWORD PTR DS:[EAX+18]
MOV EDX,DWORD PTR SS:[ARG.3]
CMP EDX,DWORD PTR DS:[ECX+8]
JNE SHORT 0042A044
MOV EAX,DWORD PTR SS:[LOCAL.52]
MOV ECX,DWORD PTR DS:[EAX+18]
MOV EDX,DWORD PTR SS:[LOCAL.4]
MOV DWORD PTR DS:[ECX+8],EDX
MOV EAX,DWORD PTR SS:[LOCAL.4]
MOV DWORD PTR SS:[LOCAL.5],EAX
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV EDX,DWORD PTR DS:[ECX+4]
MOVSX EAX,BYTE PTR DS:[EDX+3C]
TEST EAX,EAX
JNE 0042A225
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV EDX,DWORD PTR DS:[ECX+4]
ADD EDX,4
MOV DWORD PTR SS:[LOCAL.31],EDX
MOV EAX,DWORD PTR SS:[LOCAL.31]

0042A06B |.
0042A06D |.
0042A070 |.
0042A073 |.
0042A076 |.
0042A079 |.
0042A07B |.
0042A081 |.
0042A084 |.
0042A087 |.
0042A08A |.
0042A090 |.
0042A096 |.
0042A098 |.
0042A09B |.
0042A09E |.
0042A0A1 |.
0042A0A5 |.
0042A0A7 |.
0042A0A9 |.
0042A0AC |.
0042A0AF |.
0042A0B3 |.
0042A0B6 |.
0042A0BA |.
0042A0BD |.
0042A0C0 |.
0042A0C3 |.
0042A0C9 |.
0042A0CF |.
0042A0D1 |.
0042A0D5 |.
0042A0D8 |.
0042A0DB |.
0042A0DE |.
0042A0E1 |.^
0042A0E3 |>
0042A0E6 |.
0042A0E9 |.
0042A0EC |.
0042A0EF |.
0042A0F1 |.
0042A0F4 |.
0042A0F7 |.
0042A0FA |.
0042A0FD |.
[LOCAL.5]
0042A0FE |.
0042A104 |.
fo.0042C580
0042A109 |>
0042A10C |.
0042A10F |.
0042A113 |.
0042A116 |.
0042A119 |.
0042A11C |.
0042A122 |.
0042A128 |.
0042A12A |.

8B08
894D 80
8B55 EC
8B45 80
8B4A 04
3B08
0F85 C7000000
8B55 EC
8B42 04
83C0 04
8985 7CFFFFFF
8B8D 7CFFFFFF
8B11
8B42 08
8945 10
8B4D 10
0FBE51 3C
85D2
75 3A
8B45 EC
8B48 04
C641 3C 01
8B55 10
C642 3C 01
8B45 EC
8B48 04
83C1 04
898D 78FFFFFF
8B95 78FFFFFF
8B02
C640 3C 00
8B4D EC
8B51 04
8B42 04
8945 EC
EB 60
8B4D EC
8B51 04
8B45 EC
3B42 08
75 18
8B4D EC
8B51 04
8955 EC
8B45 EC
50

MOV ECX,DWORD PTR DS:[EAX]


MOV DWORD PTR SS:[LOCAL.32],ECX
MOV EDX,DWORD PTR SS:[LOCAL.5]
MOV EAX,DWORD PTR SS:[LOCAL.32]
MOV ECX,DWORD PTR DS:[EDX+4]
CMP ECX,DWORD PTR DS:[EAX]
JNE 0042A148
MOV EDX,DWORD PTR SS:[LOCAL.5]
MOV EAX,DWORD PTR DS:[EDX+4]
ADD EAX,4
MOV DWORD PTR SS:[LOCAL.33],EAX
MOV ECX,DWORD PTR SS:[LOCAL.33]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR DS:[EDX+8]
MOV DWORD PTR SS:[ARG.3],EAX
MOV ECX,DWORD PTR SS:[ARG.3]
MOVSX EDX,BYTE PTR DS:[ECX+3C]
TEST EDX,EDX
JNE SHORT 0042A0E3
MOV EAX,DWORD PTR SS:[LOCAL.5]
MOV ECX,DWORD PTR DS:[EAX+4]
MOV BYTE PTR DS:[ECX+3C],1
MOV EDX,DWORD PTR SS:[ARG.3]
MOV BYTE PTR DS:[EDX+3C],1
MOV EAX,DWORD PTR SS:[LOCAL.5]
MOV ECX,DWORD PTR DS:[EAX+4]
ADD ECX,4
MOV DWORD PTR SS:[LOCAL.34],ECX
MOV EDX,DWORD PTR SS:[LOCAL.34]
MOV EAX,DWORD PTR DS:[EDX]
MOV BYTE PTR DS:[EAX+3C],0
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV EDX,DWORD PTR DS:[ECX+4]
MOV EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.5],EAX
JMP SHORT 0042A143
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV EDX,DWORD PTR DS:[ECX+4]
MOV EAX,DWORD PTR SS:[LOCAL.5]
CMP EAX,DWORD PTR DS:[EDX+8]
JNE SHORT 0042A109
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[LOCAL.5],EDX
MOV EAX,DWORD PTR SS:[LOCAL.5]
PUSH EAX

8B8D 30FFFFFF MOV ECX,DWORD PTR SS:[LOCAL.52]


E8 77240000 CALL 0042C580
8B4D
8B51
C642
8B45
8B48
83C1
898D
8B95
8B02
C640

EC
04
3C 01
EC
04
04
68FFFFFF
68FFFFFF
3C 00

MOV
MOV
MOV
MOV
MOV
ADD
MOV
MOV
MOV
MOV

ECX,DWORD PTR SS:[LOCAL.5]


EDX,DWORD PTR DS:[ECX+4]
BYTE PTR DS:[EDX+3C],1
EAX,DWORD PTR SS:[LOCAL.5]
ECX,DWORD PTR DS:[EAX+4]
ECX,4
DWORD PTR SS:[LOCAL.38],ECX
EDX,DWORD PTR SS:[LOCAL.38]
EAX,DWORD PTR DS:[EDX]
BYTE PTR DS:[EAX+3C],0

; /Arg1 =>
; |
; \SystemIn

0042A12E |.
0042A131 |.
0042A134 |.
0042A137 |.
0042A138 |.
0042A13E |.
fo.0042C630
0042A143 |>^
0042A148 |>
0042A14B |.
0042A14E |.
0042A151 |.
0042A157 |.
0042A15D |.
0042A15F |.
0042A165 |.
0042A16B |.
0042A16D |.
0042A170 |.
0042A173 |.
0042A177 |.
0042A179 |.
0042A17B |.
0042A17E |.
0042A181 |.
0042A185 |.
0042A188 |.
0042A18C |.
0042A18F |.
0042A192 |.
0042A195 |.
0042A19B |.
0042A1A1 |.
0042A1A3 |.
0042A1A7 |.
0042A1AA |.
0042A1AD |.
0042A1B0 |.
0042A1B3 |.^
0042A1B5 |>
0042A1B8 |.
0042A1BB |.
0042A1C1 |.
0042A1C7 |.
0042A1CA |.
0042A1CC |.
0042A1CE |.
0042A1D1 |.
0042A1D4 |.
0042A1D7 |.
0042A1DA |.
[LOCAL.5]
0042A1DB |.
0042A1E1 |.
fo.0042C630
0042A1E6 |>
0042A1E9 |.
0042A1EC |.
0042A1F0 |.
0042A1F3 |.

8B4D EC
8B51 04
8B42 04
50
8B8D 30FFFFFF
E8 ED240000

MOV ECX,DWORD
MOV EDX,DWORD
MOV EAX,DWORD
PUSH EAX
MOV ECX,DWORD
CALL 0042C630

PTR SS:[LOCAL.5]
PTR DS:[ECX+4]
PTR DS:[EDX+4]

E9 D8000000
8B4D EC
8B51 04
83C2 04
8995 5CFFFFFF
8B85 5CFFFFFF
8B08
898D 58FFFFFF
8B95 58FFFFFF
8B02
8945 10
8B4D 10
0FBE51 3C
85D2
75 3A
8B45 EC
8B48 04
C641 3C 01
8B55 10
C642 3C 01
8B45 EC
8B48 04
83C1 04
898D 54FFFFFF
8B95 54FFFFFF
8B02
C640 3C 00
8B4D EC
8B51 04
8B42 04
8945 EC
EB 6B
8B4D EC
8B51 04
8995 50FFFFFF
8B85 50FFFFFF
8B4D EC
3B08
75 18
8B55 EC
8B42 04
8945 EC
8B4D EC
51

JMP 0042A220
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV EDX,DWORD PTR DS:[ECX+4]
ADD EDX,4
MOV DWORD PTR SS:[LOCAL.41],EDX
MOV EAX,DWORD PTR SS:[LOCAL.41]
MOV ECX,DWORD PTR DS:[EAX]
MOV DWORD PTR SS:[LOCAL.42],ECX
MOV EDX,DWORD PTR SS:[LOCAL.42]
MOV EAX,DWORD PTR DS:[EDX]
MOV DWORD PTR SS:[ARG.3],EAX
MOV ECX,DWORD PTR SS:[ARG.3]
MOVSX EDX,BYTE PTR DS:[ECX+3C]
TEST EDX,EDX
JNE SHORT 0042A1B5
MOV EAX,DWORD PTR SS:[LOCAL.5]
MOV ECX,DWORD PTR DS:[EAX+4]
MOV BYTE PTR DS:[ECX+3C],1
MOV EDX,DWORD PTR SS:[ARG.3]
MOV BYTE PTR DS:[EDX+3C],1
MOV EAX,DWORD PTR SS:[LOCAL.5]
MOV ECX,DWORD PTR DS:[EAX+4]
ADD ECX,4
MOV DWORD PTR SS:[LOCAL.43],ECX
MOV EDX,DWORD PTR SS:[LOCAL.43]
MOV EAX,DWORD PTR DS:[EDX]
MOV BYTE PTR DS:[EAX+3C],0
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV EDX,DWORD PTR DS:[ECX+4]
MOV EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.5],EAX
JMP SHORT 0042A220
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[LOCAL.44],EDX
MOV EAX,DWORD PTR SS:[LOCAL.44]
MOV ECX,DWORD PTR SS:[LOCAL.5]
CMP ECX,DWORD PTR DS:[EAX]
JNE SHORT 0042A1E6
MOV EDX,DWORD PTR SS:[LOCAL.5]
MOV EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.5],EAX
MOV ECX,DWORD PTR SS:[LOCAL.5]
PUSH ECX

PTR SS:[LOCAL.52]

8B8D 30FFFFFF MOV ECX,DWORD PTR SS:[LOCAL.52]


E8 4A240000 CALL 0042C630
8B55
8B42
C640
8B4D
8B51

EC
04
3C 01
EC
04

MOV
MOV
MOV
MOV
MOV

EDX,DWORD PTR SS:[LOCAL.5]


EAX,DWORD PTR DS:[EDX+4]
BYTE PTR DS:[EAX+3C],1
ECX,DWORD PTR SS:[LOCAL.5]
EDX,DWORD PTR DS:[ECX+4]

; /Arg1
; |
; \SystemIn

; /Arg1 =>
; |
; \SystemIn

0042A1F6 |. 83C2 04
ADD EDX,4
0042A1F9 |. 8995 44FFFFFF MOV DWORD PTR SS:[LOCAL.47],EDX
0042A1FF |. 8B85 44FFFFFF MOV EAX,DWORD PTR SS:[LOCAL.47]
0042A205 |. 8B08
MOV ECX,DWORD PTR DS:[EAX]
0042A207 |. C641 3C 00
MOV BYTE PTR DS:[ECX+3C],0
0042A20B |. 8B55 EC
MOV EDX,DWORD PTR SS:[LOCAL.5]
0042A20E |. 8B42 04
MOV EAX,DWORD PTR DS:[EDX+4]
0042A211 |. 8B48 04
MOV ECX,DWORD PTR DS:[EAX+4]
0042A214 |. 51
PUSH ECX
0042A215 |. 8B8D 30FFFFFF MOV ECX,DWORD PTR SS:[LOCAL.52]
0042A21B |. E8 60230000 CALL 0042C580
fo.0042C580
0042A220 |>^ E9 25FEFFFF JMP 0042A04A
0042A225 |> 8B95 30FFFFFF MOV EDX,DWORD PTR SS:[LOCAL.52]
0042A22B |. 8B42 18
MOV EAX,DWORD PTR DS:[EDX+18]
0042A22E |. 83C0 04
ADD EAX,4
0042A231 |. 8985 34FFFFFF MOV DWORD PTR SS:[LOCAL.51],EAX
0042A237 |. 8B8D 34FFFFFF MOV ECX,DWORD PTR SS:[LOCAL.51]
0042A23D |. 8B11
MOV EDX,DWORD PTR DS:[ECX]
0042A23F |. C642 3C 01
MOV BYTE PTR DS:[EDX+3C],1
0042A243 |. 8B45 08
MOV EAX,DWORD PTR SS:[ARG.1]
0042A246 |. C700 00000000 MOV DWORD PTR DS:[EAX],0
0042A24C |. 8B4D 08
MOV ECX,DWORD PTR SS:[ARG.1]
0042A24F |. 8B55 F0
MOV EDX,DWORD PTR SS:[LOCAL.4]
0042A252 |. 8951 04
MOV DWORD PTR DS:[ECX+4],EDX
0042A255 |. 83BD 30FFFFFF CMP DWORD PTR SS:[LOCAL.52],0
0042A25C |. 75 05
JNE SHORT 0042A263
0042A25E |. E8 25460000 CALL 0042E888
0042A263 |> 33C0
/XOR EAX,EAX
0042A265 |.^ 75 FC
\JNE SHORT 0042A263
0042A267 |. 8B4D 08
MOV ECX,DWORD PTR SS:[ARG.1]
0042A26A |. 8B95 30FFFFFF MOV EDX,DWORD PTR SS:[LOCAL.52]
0042A270 |. 8B02
MOV EAX,DWORD PTR DS:[EDX]
0042A272 |. 8901
MOV DWORD PTR DS:[ECX],EAX
0042A274 |. 8B45 08
MOV EAX,DWORD PTR SS:[ARG.1]
0042A277 |. 8B4D F4
MOV ECX,DWORD PTR SS:[LOCAL.3]
0042A27A |. 64:890D 00000 MOV DWORD PTR FS:[0],ECX
0042A281 |. 59
POP ECX
0042A282 |. 8BE5
MOV ESP,EBP
0042A284 |. 5D
POP EBP
0042A285 \. C2 1000
RETN 10
0042A288
CC
INT3
0042A289
CC
INT3
0042A28A
CC
INT3
0042A28B
CC
INT3
0042A28C
CC
INT3
0042A28D
CC
INT3
0042A28E
CC
INT3
0042A28F
CC
INT3
0042A290 /$ 55
PUSH EBP
o.0042A290(guessed Arg1,Arg2)
0042A291 |. 8BEC
MOV EBP,ESP
0042A293 |. 83EC 0C
SUB ESP,0C
0042A296 |. 894D FC
MOV DWORD PTR SS:[LOCAL.1],ECX
0042A299 |. 8B45 FC
MOV EAX,DWORD PTR SS:[LOCAL.1]
0042A29C |. C700 00000000 MOV DWORD PTR DS:[EAX],0
0042A2A2 |. 837D 0C 00
CMP DWORD PTR SS:[ARG.2],0
0042A2A6 |. 74 56
JE SHORT 0042A2FE
0042A2A8 |. 837D 08 00
CMP DWORD PTR SS:[ARG.1],0
0042A2AC |. 74 50
JE SHORT 0042A2FE

; /Arg1
; |
; \SystemIn

; SystemInf

0042A2AE |. 8B4D 0C
0042A2B1 |. 8379 18 10
0042A2B5 |. 72 0B
0042A2B7 |. 8B55 0C
0042A2BA |. 8B42 04
0042A2BD |. 8945 F8
0042A2C0 |. EB 09
0042A2C2 |> 8B4D 0C
0042A2C5 |. 83C1 04
0042A2C8 |. 894D F8
0042A2CB |> 8B55 F8
0042A2CE |. 3B55 08
0042A2D1 |. 77 2B
0042A2D3 |. 8B45 0C
0042A2D6 |. 8378 18 10
0042A2DA |. 72 0B
0042A2DC |. 8B4D 0C
0042A2DF |. 8B51 04
0042A2E2 |. 8955 F4
0042A2E5 |. EB 09
0042A2E7 |> 8B45 0C
0042A2EA |. 83C0 04
0042A2ED |. 8945 F4
0042A2F0 |> 8B4D 0C
0042A2F3 |. 8B55 F4
0042A2F6 |. 0351 14
0042A2F9 |. 3955 08
0042A2FC |. 76 05
0042A2FE |> E8 85450000
0042A303 |> 33C0
0042A305 |.^ 75 FC
0042A307 |. 8B4D FC
0042A30A |. 8B55 0C
0042A30D |. 8911
0042A30F |. 8B45 FC
0042A312 |. 8B4D 08
0042A315 |. 8948 04
0042A318 |. 8B45 FC
0042A31B |. 8BE5
0042A31D |. 5D
0042A31E \. C2 0800
0042A321
CC
0042A322
CC
0042A323
CC
0042A324
CC
0042A325
CC
0042A326
CC
0042A327
CC
0042A328
CC
0042A329
CC
0042A32A
CC
0042A32B
CC
0042A32C
CC
0042A32D
CC
0042A32E
CC
0042A32F
CC
0042A330 /$ 55
o.0042A330(guessed Arg1)
0042A331 |. 8BEC
0042A333 |. 6A FF

MOV ECX,DWORD PTR SS:[ARG.2]


CMP DWORD PTR DS:[ECX+18],10
JB SHORT 0042A2C2
MOV EDX,DWORD PTR SS:[ARG.2]
MOV EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.2],EAX
JMP SHORT 0042A2CB
MOV ECX,DWORD PTR SS:[ARG.2]
ADD ECX,4
MOV DWORD PTR SS:[LOCAL.2],ECX
MOV EDX,DWORD PTR SS:[LOCAL.2]
CMP EDX,DWORD PTR SS:[ARG.1]
JA SHORT 0042A2FE
MOV EAX,DWORD PTR SS:[ARG.2]
CMP DWORD PTR DS:[EAX+18],10
JB SHORT 0042A2E7
MOV ECX,DWORD PTR SS:[ARG.2]
MOV EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[LOCAL.3],EDX
JMP SHORT 0042A2F0
MOV EAX,DWORD PTR SS:[ARG.2]
ADD EAX,4
MOV DWORD PTR SS:[LOCAL.3],EAX
MOV ECX,DWORD PTR SS:[ARG.2]
MOV EDX,DWORD PTR SS:[LOCAL.3]
ADD EDX,DWORD PTR DS:[ECX+14]
CMP DWORD PTR SS:[ARG.1],EDX
JBE SHORT 0042A303
CALL 0042E888
/XOR EAX,EAX
\JNE SHORT 0042A303
MOV ECX,DWORD PTR SS:[LOCAL.1]
MOV EDX,DWORD PTR SS:[ARG.2]
MOV DWORD PTR DS:[ECX],EDX
MOV EAX,DWORD PTR SS:[LOCAL.1]
MOV ECX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR DS:[EAX+4],ECX
MOV EAX,DWORD PTR SS:[LOCAL.1]
MOV ESP,EBP
POP EBP
RETN 8
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
PUSH -1

; SystemInf

0042A335 |. 68 C8694400
0042A33A |. 64:A1 0000000
0042A340 |. 50
0042A341 |. 83EC 58
0042A344 |. A1 A0154500
0042A349 |. 33C5
0042A34B |. 50
0042A34C |. 8D45 F4
0042A34F |. 64:A3 0000000
0042A355 |. 894D A4
0042A358 |. 8D45 EC
0042A35B |. 50
OFFSET LOCAL.5
0042A35C |. 8B4D A4
0042A35F |. E8 DCEAFDFF
fo.00408E40
0042A364 |. 8945 A0
0042A367 |. 8B4D A0
0042A36A |. 894D 9C
0042A36D |. C745 FC 00000
0042A374 |. 8B55 9C
0042A377 |. 52
[LOCAL.24]
0042A378 |. E8 43000000
fo.0042A3C0
0042A37D |. 83C4 04
0042A380 |. 8945 F0
0042A383 |. C745 FC FFFFF
0042A38A |. 8D4D EC
0042A38D |. E8 4EC3FDFF
0042A392 |. 0FB645 08
0042A396 |. 50
0042A397 |. 8B4D F0
0042A39A |. 8B11
0042A39C |. 8B4D F0
0042A39F |. 8B42 18
0042A3A2 |. FFD0
0042A3A4 |. 8B4D F4
0042A3A7 |. 64:890D 00000
0042A3AE |. 59
0042A3AF |. 8BE5
0042A3B1 |. 5D
0042A3B2 \. C2 0400
0042A3B5
CC
0042A3B6
CC
0042A3B7
CC
0042A3B8
CC
0042A3B9
CC
0042A3BA
CC
0042A3BB
CC
0042A3BC
CC
0042A3BD
CC
0042A3BE
CC
0042A3BF
CC
0042A3C0 /$ 55
o.0042A3C0(guessed Arg1)
0042A3C1 |. 8BEC
0042A3C3 |. 6A FF
0042A3C5 |. 68 F8694400
0042A3CA |. 64:A1 0000000

PUSH 004469C8
MOV EAX,DWORD PTR FS:[0]
PUSH EAX
SUB ESP,58
MOV EAX,DWORD PTR DS:[4515A0]
XOR EAX,EBP
PUSH EAX
LEA EAX,[LOCAL.3]
MOV DWORD PTR FS:[0],EAX
MOV DWORD PTR SS:[LOCAL.23],ECX
LEA EAX,[LOCAL.5]
PUSH EAX

; /Arg1 =>

MOV ECX,DWORD PTR SS:[LOCAL.23]


CALL 00408E40

; |
; \SystemIn

MOV DWORD PTR


MOV ECX,DWORD
MOV DWORD PTR
MOV DWORD PTR
MOV EDX,DWORD
PUSH EDX

; /Arg1 =>

SS:[LOCAL.24],EAX
PTR SS:[LOCAL.24]
SS:[LOCAL.25],ECX
SS:[LOCAL.1],0
PTR SS:[LOCAL.25]

CALL 0042A3C0

; \SystemIn

ADD ESP,4
MOV DWORD PTR SS:[LOCAL.4],EAX
MOV DWORD PTR SS:[LOCAL.1],-1
LEA ECX,[LOCAL.5]
CALL 004066E0
MOVZX EAX,BYTE PTR SS:[ARG.1]
PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.4]
MOV EDX,DWORD PTR DS:[ECX]
MOV ECX,DWORD PTR SS:[LOCAL.4]
MOV EAX,DWORD PTR DS:[EDX+18]
CALL EAX
MOV ECX,DWORD PTR SS:[LOCAL.3]
MOV DWORD PTR FS:[0],ECX
POP ECX
MOV ESP,EBP
POP EBP
RETN 4
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP

; SystemInf

MOV EBP,ESP
PUSH -1
PUSH 004469F8
MOV EAX,DWORD PTR FS:[0]

0042A3D0 |. 50
0042A3D1 |. 81EC 00010000
0042A3D7 |. A1 A0154500
0042A3DC |. 33C5
0042A3DE |. 50
0042A3DF |. 8D45 F4
0042A3E2 |. 64:A3 0000000
0042A3E8 |. C785 28FFFFFF
0042A3F2 |. 6A 00
0042A3F4 |. 8D4D E8
0042A3F7 |. E8 11340000
fo.0042D80D
0042A3FC |. C745 FC 00000
0042A403 |. A1 8C2A4500
0042A408 |. 8945 E4
0042A40B |. 833D 0C2B4500
0042A412 |. 75 36
0042A414 |. 6A 00
0042A416 |. 8D4D CC
0042A419 |. E8 EF330000
fo.0042D80D
0042A41E |. 833D 0C2B4500
0042A425 |. 75 1B
0042A427 |. 8B0D 082B4500
0042A42D |. 83C1 01
0042A430 |. 890D 082B4500
0042A436 |. 8B15 082B4500
0042A43C |. 8915 0C2B4500
0042A442 |> 8D4D CC
0042A445 |. E8 EB330000
0042A44A |> A1 0C2B4500
0042A44F |. 8945 EC
0042A452 |. 8B4D EC
0042A455 |. 51
[452B0C] = 0
0042A456 |. 8B4D 08
0042A459 |. E8 7211FEFF
fo.0040B5D0
0042A45E |. 8945 F0
0042A461 |. 837D F0 00
0042A465 |. 74 02
0042A467 |. EB 69
0042A469 |> 837D E4 00
0042A46D |. 74 08
0042A46F |. 8B55 E4
0042A472 |. 8955 F0
0042A475 |. EB 5B
0042A477 |> 8B45 08
0042A47A |. 50
[ARG.1]
0042A47B |. 8D4D E4
0042A47E |. 51
OFFSET LOCAL.7
0042A47F |. E8 7C000000
fo.0042A500
0042A484 |. 83C4 08
0042A487 |. 83F8 FF
0042A48A |. 75 1D
0042A48C |. 68 78884400
SCII "bad cast"

PUSH EAX
SUB ESP,100
MOV EAX,DWORD PTR DS:[4515A0]
XOR EAX,EBP
PUSH EAX
LEA EAX,[LOCAL.3]
MOV DWORD PTR FS:[0],EAX
MOV DWORD PTR SS:[LOCAL.54],0
PUSH 0
LEA ECX,[LOCAL.6]
CALL 0042D80D

; /Arg1 = 0
; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.1],0


MOV EAX,DWORD PTR DS:[452A8C]
MOV DWORD PTR SS:[LOCAL.7],EAX
CMP DWORD PTR DS:[452B0C],0
JNE SHORT 0042A44A
PUSH 0
LEA ECX,[LOCAL.13]
CALL 0042D80D

; /Arg1 = 0
; |
; \SystemIn

CMP DWORD PTR DS:[452B0C],0


JNE SHORT 0042A442
MOV ECX,DWORD PTR DS:[452B08]
ADD ECX,1
MOV DWORD PTR DS:[452B08],ECX
MOV EDX,DWORD PTR DS:[452B08]
MOV DWORD PTR DS:[452B0C],EDX
LEA ECX,[LOCAL.13]
CALL 0042D835
MOV EAX,DWORD PTR DS:[452B0C]
MOV DWORD PTR SS:[LOCAL.5],EAX
MOV ECX,DWORD PTR SS:[LOCAL.5]
PUSH ECX

; /Arg1 =>

MOV ECX,DWORD PTR SS:[ARG.1]


CALL 0040B5D0

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.4],EAX


CMP DWORD PTR SS:[LOCAL.4],0
JE SHORT 0042A469
JMP SHORT 0042A4D2
CMP DWORD PTR SS:[LOCAL.7],0
JE SHORT 0042A477
MOV EDX,DWORD PTR SS:[LOCAL.7]
MOV DWORD PTR SS:[LOCAL.4],EDX
JMP SHORT 0042A4D2
MOV EAX,DWORD PTR SS:[ARG.1]
PUSH EAX

; /Arg2 =>

LEA ECX,[LOCAL.7]
PUSH ECX

; |
; |Arg1 =>

CALL 0042A500

; \SystemIn

ADD ESP,8
CMP EAX,-1
JNE SHORT 0042A4A9
PUSH OFFSET 00448878

; /Arg1 = A

0042A491 |. 8D4D D4
LEA ECX,[LOCAL.11]
0042A494 |. E8 ED460000 CALL 0042EB86
fo.0042EB86
0042A499 |. 68 CCD74400 PUSH OFFSET 0044D7CC
ystemInfo.44D7CC
0042A49E |. 8D55 D4
LEA EDX,[LOCAL.11]
0042A4A1 |. 52
PUSH EDX
OFFSET LOCAL.11
0042A4A2 |. E8 7E440000 CALL 0042E925
fo.0042E925
0042A4A7 |. EB 29
JMP SHORT 0042A4D2
0042A4A9 |> 8B45 E4
MOV EAX,DWORD PTR SS:[LOCAL.7]
0042A4AC |. 8945 F0
MOV DWORD PTR SS:[LOCAL.4],EAX
0042A4AF |. 8B4D E4
MOV ECX,DWORD PTR SS:[LOCAL.7]
0042A4B2 |. 890D 8C2A4500 MOV DWORD PTR DS:[452A8C],ECX
0042A4B8 |. 8B55 E4
MOV EDX,DWORD PTR SS:[LOCAL.7]
0042A4BB |. 8955 E0
MOV DWORD PTR SS:[LOCAL.8],EDX
0042A4BE |. 8B4D E0
MOV ECX,DWORD PTR SS:[LOCAL.8]
0042A4C1 |. E8 BAE9FDFF CALL 00408E80
0042A4C6 |. 8B45 E0
MOV EAX,DWORD PTR SS:[LOCAL.8]
0042A4C9 |. 50
PUSH EAX
0042A4CA |. E8 EA340000 CALL 0042D9B9
0042A4CF |. 83C4 04
ADD ESP,4
0042A4D2 |> 8B4D F0
MOV ECX,DWORD PTR SS:[LOCAL.4]
0042A4D5 |. 894D D0
MOV DWORD PTR SS:[LOCAL.12],ECX
0042A4D8 |. C745 FC FFFFF MOV DWORD PTR SS:[LOCAL.1],-1
0042A4DF |. 8D4D E8
LEA ECX,[LOCAL.6]
0042A4E2 |. E8 4E330000 CALL 0042D835
0042A4E7 |. 8B45 D0
MOV EAX,DWORD PTR SS:[LOCAL.12]
0042A4EA |. 8B4D F4
MOV ECX,DWORD PTR SS:[LOCAL.3]
0042A4ED |. 64:890D 00000 MOV DWORD PTR FS:[0],ECX
0042A4F4 |. 59
POP ECX
0042A4F5 |. 8BE5
MOV ESP,EBP
0042A4F7 |. 5D
POP EBP
0042A4F8 \. C3
RETN
0042A4F9
CC
INT3
0042A4FA
CC
INT3
0042A4FB
CC
INT3
0042A4FC
CC
INT3
0042A4FD
CC
INT3
0042A4FE
CC
INT3
0042A4FF
CC
INT3
0042A500 /$ 55
PUSH EBP
o.0042A500(guessed Arg1,Arg2)
0042A501 |. 8BEC
MOV EBP,ESP
0042A503 |. 6A FF
PUSH -1
0042A505 |. 68 4D6A4400 PUSH 00446A4D
0042A50A |. 64:A1 0000000 MOV EAX,DWORD PTR FS:[0]
0042A510 |. 50
PUSH EAX
0042A511 |. 81EC 48010000 SUB ESP,148
0042A517 |. A1 A0154500 MOV EAX,DWORD PTR DS:[4515A0]
0042A51C |. 33C5
XOR EAX,EBP
0042A51E |. 50
PUSH EAX
0042A51F |. 8D45 F4
LEA EAX,[LOCAL.3]
0042A522 |. 64:A3 0000000 MOV DWORD PTR FS:[0],EAX
0042A528 |. C785 58FFFFFF MOV DWORD PTR SS:[LOCAL.42],0
0042A532 |. 837D 08 00
CMP DWORD PTR SS:[ARG.1],0
0042A536 |. 0F84 A7010000 JE 0042A6E3
0042A53C |. 8B45 08
MOV EAX,DWORD PTR SS:[ARG.1]
0042A53F |. 8338 00
CMP DWORD PTR DS:[EAX],0

; |
; \SystemIn
; /Arg2 = S
; |
; |Arg1 =>
; \SystemIn

; SystemInf

0042A542 |. 0F85 9B010000


0042A548 |. 6A 18
8
0042A54A |. E8 21500000
fo.0042F570
0042A54F |. 83C4 04
0042A552 |. 8945 EC
0042A555 |. C745 FC 00000
0042A55C |. 837D EC 00
0042A560 |. 0F84 16010000
0042A566 |. 8D8D 5CFFFFFF
0042A56C |. 51
OFFSET LOCAL.41
0042A56D |. 8B4D 0C
0042A570 |. E8 1B16FEFF
fo.0040BB90
0042A575 |. 8985 B8FEFFFF
0042A57B |. 8B95 B8FEFFFF
0042A581 |. 8995 B4FEFFFF
0042A587 |. C645 FC 01
0042A58B |. 8B85 58FFFFFF
0042A591 |. 83C8 01
0042A594 |. 8985 58FFFFFF
0042A59A |. 8B8D B4FEFFFF
0042A5A0 |. 51
[LOCAL.82]
0042A5A1 |. 8D8D 78FFFFFF
0042A5A7 |. E8 2414FEFF
fo.0040B9D0
0042A5AC |. 8985 B0FEFFFF
0042A5B2 |. 8B95 58FFFFFF
0042A5B8 |. 83CA 02
0042A5BB |. 8995 58FFFFFF
0042A5C1 |. 8B45 EC
0042A5C4 |. C700 BC884400
0042A5CA |. 8B4D EC
0042A5CD |. C741 04 00000
0042A5D4 |. 8B55 EC
0042A5D7 |. C702 849C4400
0042A5DD |. 8B45 EC
0042A5E0 |. C700 549C4400
0042A5E6 |. 8D8D F8FEFFFF
0042A5EC |. 51
0042A5ED |. E8 313A0000
0042A5F2 |. 83C4 04
0042A5F5 |. 8B10
0042A5F7 |. 8995 08FFFFFF
0042A5FD |. 8B48 04
0042A600 |. 898D 0CFFFFFF
0042A606 |. 8B50 08
0042A609 |. 8995 10FFFFFF
0042A60F |. 8B40 0C
0042A612 |. 8985 14FFFFFF
0042A618 |. 8B8D 08FFFFFF
0042A61E |. 898D 18FFFFFF
0042A624 |. 8B95 0CFFFFFF
0042A62A |. 8995 1CFFFFFF
0042A630 |. 8B85 10FFFFFF
0042A636 |. 8985 20FFFFFF
0042A63C |. 8B8D 14FFFFFF

JNE 0042A6E3
PUSH 18

; /Arg1 = 1

CALL 0042F570

; \SystemIn

ADD ESP,4
MOV DWORD PTR SS:[LOCAL.5],EAX
MOV DWORD PTR SS:[LOCAL.1],0
CMP DWORD PTR SS:[LOCAL.5],0
JE 0042A67C
LEA ECX,[LOCAL.41]
PUSH ECX

; /Arg1 =>

MOV ECX,DWORD PTR SS:[ARG.2]


CALL 0040BB90

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.82],EAX


MOV EDX,DWORD PTR SS:[LOCAL.82]
MOV DWORD PTR SS:[LOCAL.83],EDX
MOV BYTE PTR SS:[LOCAL.1],1
MOV EAX,DWORD PTR SS:[LOCAL.42]
OR EAX,00000001
MOV DWORD PTR SS:[LOCAL.42],EAX
MOV ECX,DWORD PTR SS:[LOCAL.83]
PUSH ECX

; /Arg1 =>

LEA ECX,[LOCAL.34]
CALL 0040B9D0

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.84],EAX


MOV EDX,DWORD PTR SS:[LOCAL.42]
OR EDX,00000002
MOV DWORD PTR SS:[LOCAL.42],EDX
MOV EAX,DWORD PTR SS:[LOCAL.5]
MOV DWORD PTR DS:[EAX],OFFSET 004488BC
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV DWORD PTR DS:[ECX+4],0
MOV EDX,DWORD PTR SS:[LOCAL.5]
MOV DWORD PTR DS:[EDX],OFFSET 00449C84
MOV EAX,DWORD PTR SS:[LOCAL.5]
MOV DWORD PTR DS:[EAX],OFFSET 00449C54
LEA ECX,[LOCAL.66]
PUSH ECX
CALL 0042E023
ADD ESP,4
MOV EDX,DWORD PTR DS:[EAX]
MOV DWORD PTR SS:[LOCAL.62],EDX
MOV ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.61],ECX
MOV EDX,DWORD PTR DS:[EAX+8]
MOV DWORD PTR SS:[LOCAL.60],EDX
MOV EAX,DWORD PTR DS:[EAX+0C]
MOV DWORD PTR SS:[LOCAL.59],EAX
MOV ECX,DWORD PTR SS:[LOCAL.62]
MOV DWORD PTR SS:[LOCAL.58],ECX
MOV EDX,DWORD PTR SS:[LOCAL.61]
MOV DWORD PTR SS:[LOCAL.57],EDX
MOV EAX,DWORD PTR SS:[LOCAL.60]
MOV DWORD PTR SS:[LOCAL.56],EAX
MOV ECX,DWORD PTR SS:[LOCAL.59]

; ASCII "0B"

0042A642 |.
0042A648 |.
0042A64B |.
0042A64E |.
0042A654 |.
0042A656 |.
0042A65C |.
0042A65F |.
0042A665 |.
0042A668 |.
0042A66E |.
0042A671 |.
0042A674 |.
0042A67A |.
0042A67C |>
0042A686 |>
0042A68C |.
0042A68F |.
0042A696 |.
0042A699 |.
0042A69C |.
0042A69E |.
0042A6A4 |.
0042A6A7 |.
0042A6A9 |.
0042A6B0 |.
0042A6B6 |.
0042A6BB |>
0042A6C2 |.
0042A6C8 |.
0042A6CB |.
0042A6CD |.
0042A6D4 |.
0042A6D6 |.
0042A6D8 |.
0042A6DE |.
fo.0040FB60
0042A6E3 |>
0042A6E8 |.
0042A6EB |.
0042A6F2 |.
0042A6F3 |.
0042A6F5 |.
0042A6F6 \.
0042A6F7
0042A6F8
0042A6F9
0042A6FA
0042A6FB
0042A6FC
0042A6FD
0042A6FE
0042A6FF
0042A700 /.
0042A701 |.
0042A703 |.
0042A704 |.
0042A707 |.
0042A70A |.
0042A710 |.

898D 24FFFFFF
8B55 EC
83C2 08
8B85 18FFFFFF
8902
8B8D 1CFFFFFF
894A 04
8B85 20FFFFFF
8942 08
8B8D 24FFFFFF
894A 0C
8B55 EC
8995 ACFEFFFF
EB 0A
C785 ACFEFFFF
8B85 ACFEFFFF
8945 F0
C745 FC 02000
8B4D 08
8B55 F0
8911
8B85 58FFFFFF
83E0 02
74 12
83A5 58FFFFFF
8D8D 78FFFFFF
E8 2514FEFF
C745 FC FFFFF
8B8D 58FFFFFF
83E1 01
74 16
83A5 58FFFFFF
6A 00
6A 01
8D8D 5CFFFFFF
E8 7D54FEFF

MOV DWORD PTR SS:[LOCAL.55],ECX


MOV EDX,DWORD PTR SS:[LOCAL.5]
ADD EDX,8
MOV EAX,DWORD PTR SS:[LOCAL.58]
MOV DWORD PTR DS:[EDX],EAX
MOV ECX,DWORD PTR SS:[LOCAL.57]
MOV DWORD PTR DS:[EDX+4],ECX
MOV EAX,DWORD PTR SS:[LOCAL.56]
MOV DWORD PTR DS:[EDX+8],EAX
MOV ECX,DWORD PTR SS:[LOCAL.55]
MOV DWORD PTR DS:[EDX+0C],ECX
MOV EDX,DWORD PTR SS:[LOCAL.5]
MOV DWORD PTR SS:[LOCAL.85],EDX
JMP SHORT 0042A686
MOV DWORD PTR SS:[LOCAL.85],0
MOV EAX,DWORD PTR SS:[LOCAL.85]
MOV DWORD PTR SS:[LOCAL.4],EAX
MOV DWORD PTR SS:[LOCAL.1],2
MOV ECX,DWORD PTR SS:[ARG.1]
MOV EDX,DWORD PTR SS:[LOCAL.4]
MOV DWORD PTR DS:[ECX],EDX
MOV EAX,DWORD PTR SS:[LOCAL.42]
AND EAX,00000002
JE SHORT 0042A6BB
AND DWORD PTR SS:[LOCAL.42],FFFFFFFD
LEA ECX,[LOCAL.34]
CALL 0040BAE0
MOV DWORD PTR SS:[LOCAL.1],-1
MOV ECX,DWORD PTR SS:[LOCAL.42]
AND ECX,00000001
JE SHORT 0042A6E3
AND DWORD PTR SS:[LOCAL.42],FFFFFFFE
PUSH 0
PUSH 1
LEA ECX,[LOCAL.41]
CALL 0040FB60

B8 02000000
8B4D F4
64:890D 00000
59
8BE5
5D
C3
CC
CC
CC
CC
CC
CC
CC
CC
CC
55
8BEC
51
894D FC
8B45 FC
C700 849C4400
8B4D FC

MOV EAX,2
MOV ECX,DWORD
MOV DWORD PTR
POP ECX
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
PUSH ECX
MOV DWORD PTR
MOV EAX,DWORD
MOV DWORD PTR
MOV ECX,DWORD

PTR SS:[LOCAL.3]
FS:[0],ECX

SS:[LOCAL.1],ECX
PTR SS:[LOCAL.1]
DS:[EAX],OFFSET 00449C84
PTR SS:[LOCAL.1]

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

0042A713
0042A719
0042A71C
0042A71F
0042A721
0042A724
0042A725
0042A72A
0042A72D
0042A730
0042A732
0042A733
0042A736
0042A737
0042A738
0042A739
0042A73A
0042A73B
0042A73C
0042A73D
0042A73E
0042A73F
0042A740
0042A741
0042A743
0042A744
0042A747
0042A74A
0042A74D
0042A74E
0042A752
0042A753
0042A758
0042A75B
0042A75D
0042A75E
0042A761
0042A762
0042A763
0042A764
0042A765
0042A766
0042A767
0042A768
0042A769
0042A76A
0042A76B
0042A76C
0042A76D
0042A76E
0042A76F
0042A770
0042A771
0042A773
0042A774
0042A777
0042A779
0042A77C
0042A77F
0042A782

|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
\.

/.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
\.

/.
|.
|.
|.
|.
|>
|.
|.
|>

C701 BC884400
8B55 08
83E2 01
74 0C
8B45 FC
50
E8 F0410000
83C4 04
8B45 FC
8BE5
5D
C2 0400
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
55
8BEC
51
894D FC
8B45 FC
83C0 08
50
0FB64D 08
51
E8 BE370000
83C4 08
8BE5
5D
C2 0400
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
55
8BEC
51
894D FC
EB 09
8B45 08
83C0 01
8945 08
8B4D 08

MOV DWORD PTR DS:[ECX],OFFSET 004488BC


MOV EDX,DWORD PTR SS:[ARG.1]
AND EDX,00000001
JE SHORT 0042A72D
MOV EAX,DWORD PTR SS:[LOCAL.1]
PUSH EAX
CALL 0042E91A
ADD ESP,4
MOV EAX,DWORD PTR SS:[LOCAL.1]
MOV ESP,EBP
POP EBP
RETN 4
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
PUSH ECX
MOV DWORD PTR SS:[LOCAL.1],ECX
MOV EAX,DWORD PTR SS:[LOCAL.1]
ADD EAX,8
PUSH EAX
MOVZX ECX,BYTE PTR SS:[ARG.1]
PUSH ECX
CALL 0042DF16
ADD ESP,8
MOV ESP,EBP
POP EBP
RETN 4
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
PUSH ECX
MOV DWORD PTR SS:[LOCAL.1],ECX
JMP SHORT 0042A782
/MOV EAX,DWORD PTR SS:[ARG.1]
|ADD EAX,1
|MOV DWORD PTR SS:[ARG.1],EAX
|MOV ECX,DWORD PTR SS:[ARG.1]

0042A785
0042A788
0042A78A
0042A78D
0042A790
0042A791
0042A794
0042A797
0042A798
0042A79D
0042A7A0
0042A7A3
0042A7A5
0042A7A7
0042A7AA
0042A7AC
0042A7AD
0042A7B0
0042A7B1
0042A7B3
0042A7B4
0042A7B7
0042A7BA
0042A7BD
0042A7BE
0042A7C2
0042A7C3
0042A7C8
0042A7CB
0042A7CD
0042A7CE
0042A7D1
0042A7D2
0042A7D3
0042A7D4
0042A7D5
0042A7D6
0042A7D7
0042A7D8
0042A7D9
0042A7DA
0042A7DB
0042A7DC
0042A7DD
0042A7DE
0042A7DF
0042A7E0
0042A7E1
0042A7E3
0042A7E4
0042A7E7
0042A7E9
0042A7EC
0042A7EF
0042A7F2
0042A7F5
0042A7F8
0042A7FA
0042A7FD
0042A800

|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.^
|>
|.
|.
\.
/.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
\.

/.
|.
|.
|.
|.
|>
|.
|.
|>
|.
|.
|.
|.
|.

3B4D 0C
74 1D
8B55 FC
83C2 08
52
8B45 08
0FB608
51
E8 79370000
83C4 08
8B55 08
8802
EB D2
8B45 08
8BE5
5D
C2 0800
55
8BEC
51
894D FC
8B45 FC
83C0 08
50
0FB64D 08
51
E8 BB380000
83C4 08
8BE5
5D
C2 0400
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
55
8BEC
51
894D FC
EB 09
8B45 08
83C0 01
8945 08
8B4D 08
3B4D 0C
74 1D
8B55 FC
83C2 08
52

|CMP ECX,DWORD PTR SS:[ARG.2]


|JE SHORT 0042A7A7
|MOV EDX,DWORD PTR SS:[LOCAL.1]
|ADD EDX,8
|PUSH EDX
|MOV EAX,DWORD PTR SS:[ARG.1]
|MOVZX ECX,BYTE PTR DS:[EAX]
|PUSH ECX
|CALL 0042DF16
|ADD ESP,8
|MOV EDX,DWORD PTR SS:[ARG.1]
|MOV BYTE PTR DS:[EDX],AL
\JMP SHORT 0042A779
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ESP,EBP
POP EBP
RETN 8
PUSH EBP
MOV EBP,ESP
PUSH ECX
MOV DWORD PTR SS:[LOCAL.1],ECX
MOV EAX,DWORD PTR SS:[LOCAL.1]
ADD EAX,8
PUSH EAX
MOVZX ECX,BYTE PTR SS:[ARG.1]
PUSH ECX
CALL 0042E083
ADD ESP,8
MOV ESP,EBP
POP EBP
RETN 4
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
PUSH ECX
MOV DWORD PTR SS:[LOCAL.1],ECX
JMP SHORT 0042A7F2
/MOV EAX,DWORD PTR SS:[ARG.1]
|ADD EAX,1
|MOV DWORD PTR SS:[ARG.1],EAX
|MOV ECX,DWORD PTR SS:[ARG.1]
|CMP ECX,DWORD PTR SS:[ARG.2]
|JE SHORT 0042A817
|MOV EDX,DWORD PTR SS:[LOCAL.1]
|ADD EDX,8
|PUSH EDX

0042A801
0042A804
0042A807
0042A808
0042A80D
0042A810
0042A813
0042A815
0042A817
0042A81A
0042A81C
0042A81D
0042A820
0042A821
0042A823
0042A824
0042A827
0042A82A
0042A82C
0042A82D
0042A830
0042A831
0042A833
0042A834
0042A837
0042A83A
0042A83D
0042A83E
0042A841
0042A842
0042A845
0042A846
0042A849
0042A84A
0042A84D
0042A84F
0042A852
0042A855
0042A857
0042A859
0042A85A
0042A85D
0042A85E
0042A85F
0042A860
0042A861
0042A863
0042A864
0042A867
0042A86A
0042A86D
0042A870
0042A872
0042A877
0042A879
0042A87B
0042A87E
0042A881
0042A882
0042A885

|.
|.
|.
|.
|.
|.
|.
|.^
|>
|.
|.
\.
/.
|.
|.
|.
|.
|.
|.
\.
/.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
\.

/.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.^
|.
|.
|.
|.
|.

8B45 08
0FB608
51
E8 76380000
83C4 08
8B55 08
8802
EB D2
8B45 08
8BE5
5D
C2 0800
55
8BEC
51
894D FC
8A45 08
8BE5
5D
C2 0400
55
8BEC
51
894D FC
8B45 0C
2B45 08
50
8B4D 10
51
8B55 0C
52
8B45 08
50
8B4D FC
8B11
8B4D FC
8B42 1C
FFD0
8BE5
5D
C2 0C00
CC
CC
CC
55
8BEC
51
894D FC
8B45 0C
2B45 08
3945 14
73 05
E8 11400000
33C9
75 FC
8B55 0C
2B55 08
52
8B45 08
50

|MOV EAX,DWORD PTR SS:[ARG.1]


|MOVZX ECX,BYTE PTR DS:[EAX]
|PUSH ECX
|CALL 0042E083
|ADD ESP,8
|MOV EDX,DWORD PTR SS:[ARG.1]
|MOV BYTE PTR DS:[EDX],AL
\JMP SHORT 0042A7E9
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ESP,EBP
POP EBP
RETN 8
PUSH EBP
MOV EBP,ESP
PUSH ECX
MOV DWORD PTR SS:[LOCAL.1],ECX
MOV AL,BYTE PTR SS:[ARG.1]
MOV ESP,EBP
POP EBP
RETN 4
PUSH EBP
MOV EBP,ESP
PUSH ECX
MOV DWORD PTR SS:[LOCAL.1],ECX
MOV EAX,DWORD PTR SS:[ARG.2]
SUB EAX,DWORD PTR SS:[ARG.1]
PUSH EAX
MOV ECX,DWORD PTR SS:[ARG.3]
PUSH ECX
MOV EDX,DWORD PTR SS:[ARG.2]
PUSH EDX
MOV EAX,DWORD PTR SS:[ARG.1]
PUSH EAX
MOV ECX,DWORD PTR SS:[LOCAL.1]
MOV EDX,DWORD PTR DS:[ECX]
MOV ECX,DWORD PTR SS:[LOCAL.1]
MOV EAX,DWORD PTR DS:[EDX+1C]
CALL EAX
MOV ESP,EBP
POP EBP
RETN 0C
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
PUSH ECX
MOV DWORD PTR SS:[LOCAL.1],ECX
MOV EAX,DWORD PTR SS:[ARG.2]
SUB EAX,DWORD PTR SS:[ARG.1]
CMP DWORD PTR SS:[ARG.4],EAX
JNB SHORT 0042A877
CALL 0042E888
/XOR ECX,ECX
\JNE SHORT 0042A877
MOV EDX,DWORD PTR SS:[ARG.2]
SUB EDX,DWORD PTR SS:[ARG.1]
PUSH EDX
MOV EAX,DWORD PTR SS:[ARG.1]
PUSH EAX

; /Arg4
; |
; |Arg3 =>

[ARG.1]
0042A886 |.
0042A889 |.
[ARG.4]
0042A88A |.
0042A88D |.
[ARG.3]
0042A88E |.
fo.0042EA08
0042A893 |.
0042A896 |.
0042A899 |.
0042A89B |.
0042A89C \.
0042A89F
0042A8A0 /.
0042A8A1 |.
0042A8A3 |.
0042A8A4 |.
0042A8A7 |.
0042A8AA |.
0042A8AC |.
0042A8AD \.
0042A8B0 /.
0042A8B1 |.
0042A8B3 |.
0042A8B4 |.
0042A8B7 |.
0042A8BA |.
0042A8BD |.
0042A8BE |.
0042A8C1 |.
0042A8C2 |.
0042A8C6 |.
0042A8C7 |.
0042A8CA |.
0042A8CB |.
0042A8CE |.
0042A8CF |.
0042A8D2 |.
0042A8D4 |.
0042A8D7 |.
0042A8DA |.
0042A8DC |.
0042A8DE |.
0042A8DF \.
0042A8E2
0042A8E3
0042A8E4
0042A8E5
0042A8E6
0042A8E7
0042A8E8
0042A8E9
0042A8EA
0042A8EB
0042A8EC
0042A8ED
0042A8EE
0042A8EF

8B4D 14
51

MOV ECX,DWORD PTR SS:[ARG.4]


PUSH ECX

; |
; |Arg2 =>

8B55 10
52

MOV EDX,DWORD PTR SS:[ARG.3]


PUSH EDX

; |
; |Arg1 =>

E8 75410000

CALL 0042EA08

; \SystemIn

83C4 10
8B45 0C
8BE5
5D
C2 1000
CC
55
8BEC
51
894D FC
8A45 08
8BE5
5D
C2 0800
55
8BEC
51
894D FC
8B45 0C
2B45 08
50
8B4D 14
51
0FB655 10
52
8B45 0C
50
8B4D 08
51
8B55 FC
8B02
8B4D FC
8B50 28
FFD2
8BE5
5D
C2 1000
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC

ADD ESP,10
MOV EAX,DWORD PTR SS:[ARG.2]
MOV ESP,EBP
POP EBP
RETN 10
INT3
PUSH EBP
MOV EBP,ESP
PUSH ECX
MOV DWORD PTR SS:[LOCAL.1],ECX
MOV AL,BYTE PTR SS:[ARG.1]
MOV ESP,EBP
POP EBP
RETN 8
PUSH EBP
MOV EBP,ESP
PUSH ECX
MOV DWORD PTR SS:[LOCAL.1],ECX
MOV EAX,DWORD PTR SS:[ARG.2]
SUB EAX,DWORD PTR SS:[ARG.1]
PUSH EAX
MOV ECX,DWORD PTR SS:[ARG.4]
PUSH ECX
MOVZX EDX,BYTE PTR SS:[ARG.3]
PUSH EDX
MOV EAX,DWORD PTR SS:[ARG.2]
PUSH EAX
MOV ECX,DWORD PTR SS:[ARG.1]
PUSH ECX
MOV EDX,DWORD PTR SS:[LOCAL.1]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[LOCAL.1]
MOV EDX,DWORD PTR DS:[EAX+28]
CALL EDX
MOV ESP,EBP
POP EBP
RETN 10
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3

0042A8F0 /.
0042A8F1 |.
0042A8F3 |.
0042A8F4 |.
0042A8F7 |.
0042A8FA |.
0042A8FD |.
0042A900 |.
0042A902 |.
0042A907 |>
0042A909 |.^
0042A90B |.
0042A90E |.
0042A911 |.
0042A912 |.
0042A915 |.
[ARG.1]
0042A916 |.
0042A919 |.
[ARG.5]
0042A91A |.
0042A91D |.
[ARG.4]
0042A91E |.
fo.0042EA08
0042A923 |.
0042A926 |.
0042A929 |.
0042A92B |.
0042A92C \.
0042A92F
0042A930 /.
0042A931 |.
0042A933 |.
0042A935 |.
0042A93A |.
0042A940 |.
0042A941 |.
0042A944 |.
0042A949 |.
0042A94B |.
0042A94C |.
0042A94F |.
0042A955 |.
0042A958 |.
0042A95B |.
0042A961 |.
0042A968 |.
0042A96B |.
0042A970 |.
0042A977 |.
0042A97A |.
0042A980 |.
0042A983 |.
0042A989 |.
0042A98C |.
0042A98F |.
0042A991 |.
0042A994 |.
0042A995 |.

55
8BEC
51
894D FC
8B45 0C
2B45 08
3945 18
73 05
E8 813F0000
33C9
75 FC
8B55 0C
2B55 08
52
8B45 08
50

PUSH EBP
MOV EBP,ESP
PUSH ECX
MOV DWORD PTR SS:[LOCAL.1],ECX
MOV EAX,DWORD PTR SS:[ARG.2]
SUB EAX,DWORD PTR SS:[ARG.1]
CMP DWORD PTR SS:[ARG.5],EAX
JNB SHORT 0042A907
CALL 0042E888
/XOR ECX,ECX
\JNE SHORT 0042A907
MOV EDX,DWORD PTR SS:[ARG.2]
SUB EDX,DWORD PTR SS:[ARG.1]
PUSH EDX
MOV EAX,DWORD PTR SS:[ARG.1]
PUSH EAX

; /Arg4
; |
; |Arg3 =>

8B4D 18
51

MOV ECX,DWORD PTR SS:[ARG.5]


PUSH ECX

; |
; |Arg2 =>

8B55 14
52

MOV EDX,DWORD PTR SS:[ARG.4]


PUSH EDX

; |
; |Arg1 =>

E8 E5400000

CALL 0042EA08

; \SystemIn

83C4 10
8B45 0C
8BE5
5D
C2 1400
CC
55
8BEC
6A FF
68 786A4400
64:A1 0000000
50
83EC 08
A1 A0154500
33C5
50
8D45 F4
64:A3 0000000
894D EC
8B45 EC
C700 549C4400
C745 FC 00000
8B4D EC
E8 70000000
C745 FC FFFFF
8B4D EC
C701 849C4400
8B55 EC
C702 BC884400
8B45 08
83E0 01
74 0C
8B4D EC
51
E8 803F0000

ADD ESP,10
MOV EAX,DWORD PTR SS:[ARG.2]
MOV ESP,EBP
POP EBP
RETN 14
INT3
PUSH EBP
MOV EBP,ESP
PUSH -1
PUSH 00446A78
MOV EAX,DWORD PTR FS:[0]
PUSH EAX
SUB ESP,8
MOV EAX,DWORD PTR DS:[4515A0]
XOR EAX,EBP
PUSH EAX
LEA EAX,[LOCAL.3]
MOV DWORD PTR FS:[0],EAX
MOV DWORD PTR SS:[LOCAL.5],ECX
MOV EAX,DWORD PTR SS:[LOCAL.5]
MOV DWORD PTR DS:[EAX],OFFSET 00449C54
MOV DWORD PTR SS:[LOCAL.1],0
MOV ECX,DWORD PTR SS:[LOCAL.5]
CALL 0042A9E0
MOV DWORD PTR SS:[LOCAL.1],-1
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV DWORD PTR DS:[ECX],OFFSET 00449C84
MOV EDX,DWORD PTR SS:[LOCAL.5]
MOV DWORD PTR DS:[EDX],OFFSET 004488BC
MOV EAX,DWORD PTR SS:[ARG.1]
AND EAX,00000001
JE SHORT 0042A99D
MOV ECX,DWORD PTR SS:[LOCAL.5]
PUSH ECX
CALL 0042E91A

; ASCII "0B"

0042A99A |.
0042A99D |>
0042A9A0 |.
0042A9A3 |.
0042A9AA |.
0042A9AB |.
0042A9AD |.
0042A9AE \.
0042A9B1
0042A9B2
0042A9B3
0042A9B4
0042A9B5
0042A9B6
0042A9B7
0042A9B8
0042A9B9
0042A9BA
0042A9BB
0042A9BC
0042A9BD
0042A9BE
0042A9BF
0042A9C0 />
0042A9C1 |.
0042A9C3 |.
0042A9C4 |.
0042A9C7 |.
0042A9CA |.
0042A9D0 |.
0042A9D3 |.
0042A9D9 |.
0042A9DB |.
0042A9DC \.
0042A9DD
0042A9DE
0042A9DF
0042A9E0 /$
0042A9E1 |.
0042A9E3 |.
0042A9E6 |.
0042A9E9 |.
0042A9EC |.
0042A9F0 |.
0042A9F2 |.
0042A9F5 |.
0042A9F8 |.
[ARG.ECX+10]
0042A9F9 |.
fo.004331DE
0042A9FE |.
0042AA01 |.
0042AA03 |>
0042AA06 |.
0042AA0A |.
0042AA0C |.
0042AA0F |.
0042AA12 |.
0042AA15 |.
0042AA18 |.

83C4 04
8B45 EC
8B4D F4
64:890D 00000
59
8BE5
5D
C2 0400
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
55
8BEC
51
894D FC
8B45 FC
C700 849C4400
8B4D FC
C701 BC884400
8BE5
5D
C3
CC
CC
CC
55
8BEC
83EC 08
894D F8
8B45 F8
8378 14 00
7E 11
8B4D F8
8B51 10
52

ADD ESP,4
MOV EAX,DWORD PTR SS:[LOCAL.5]
MOV ECX,DWORD PTR SS:[LOCAL.3]
MOV DWORD PTR FS:[0],ECX
POP ECX
MOV ESP,EBP
POP EBP
RETN 4
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
PUSH ECX
MOV DWORD PTR SS:[EBP-4],ECX
MOV EAX,DWORD PTR SS:[EBP-4]
MOV DWORD PTR DS:[EAX],OFFSET 00449C84
MOV ECX,DWORD PTR SS:[EBP-4]
MOV DWORD PTR DS:[ECX],OFFSET 004488BC
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
SUB ESP,8
MOV DWORD PTR SS:[LOCAL.2],ECX
MOV EAX,DWORD PTR SS:[LOCAL.2]
CMP DWORD PTR DS:[EAX+14],0
JLE SHORT 0042AA03
MOV ECX,DWORD PTR SS:[LOCAL.2]
MOV EDX,DWORD PTR DS:[ECX+10]
PUSH EDX

; /Arg1 =>

E8 E0870000

CALL 004331DE

; \SystemIn

83C4 04
EB 1E
8B45 F8
8378 14 00
7D 15
8B4D F8
8B51 10
8955 FC
8B45 FC
50

ADD ESP,4
JMP SHORT 0042AA21
MOV EAX,DWORD PTR SS:[LOCAL.2]
CMP DWORD PTR DS:[EAX+14],0
JGE SHORT 0042AA21
MOV ECX,DWORD PTR SS:[LOCAL.2]
MOV EDX,DWORD PTR DS:[ECX+10]
MOV DWORD PTR SS:[LOCAL.1],EDX
MOV EAX,DWORD PTR SS:[LOCAL.1]
PUSH EAX

; /Arg1 =>

[ARG.ECX+10]
0042AA19 |. E8 E24D0000 CALL 0042F800
; \SystemIn
fo.0042F800
0042AA1E |. 83C4 04
ADD ESP,4
0042AA21 |> 8BE5
MOV ESP,EBP
0042AA23 |. 5D
POP EBP
0042AA24 \. C3
RETN
0042AA25
CC
INT3
0042AA26
CC
INT3
0042AA27
CC
INT3
0042AA28
CC
INT3
0042AA29
CC
INT3
0042AA2A
CC
INT3
0042AA2B
CC
INT3
0042AA2C
CC
INT3
0042AA2D
CC
INT3
0042AA2E
CC
INT3
0042AA2F
CC
INT3
0042AA30 /$ 55
PUSH EBP
; SystemInf
o.0042AA30(guessed Arg1,Arg2,Arg3)
0042AA31 |. 8BEC
MOV EBP,ESP
0042AA33 |. 6A FF
PUSH -1
0042AA35 |. 68 A86A4400 PUSH 00446AA8
0042AA3A |. 64:A1 0000000 MOV EAX,DWORD PTR FS:[0]
0042AA40 |. 50
PUSH EAX
0042AA41 |. 81EC F8000000 SUB ESP,0F8
0042AA47 |. A1 A0154500 MOV EAX,DWORD PTR DS:[4515A0]
0042AA4C |. 33C5
XOR EAX,EBP
0042AA4E |. 50
PUSH EAX
0042AA4F |. 8D45 F4
LEA EAX,[LOCAL.3]
0042AA52 |. 64:A3 0000000 MOV DWORD PTR FS:[0],EAX
0042AA58 |. 898D 04FFFFFF MOV DWORD PTR SS:[LOCAL.63],ECX
0042AA5E |. 8B45 10
MOV EAX,DWORD PTR SS:[ARG.3]
0042AA61 |. 8945 9C
MOV DWORD PTR SS:[LOCAL.25],EAX
0042AA64 |. 8B4D 9C
MOV ECX,DWORD PTR SS:[LOCAL.25]
0042AA67 |. 0FBE51 29
MOVSX EDX,BYTE PTR DS:[ECX+29]
0042AA6B |. 85D2
TEST EDX,EDX
0042AA6D |. 74 48
JE SHORT 0042AAB7
0042AA6F |. 68 5C884400 PUSH OFFSET 0044885C
; /Arg1 = A
SCII "invalid map/set<T> iterator"
0042AA74 |. 8D4D A0
LEA ECX,[LOCAL.24]
; |
0042AA77 |. E8 7441FEFF CALL 0040EBF0
; \SystemIn
fo.0040EBF0
0042AA7C |. C745 FC 00000 MOV DWORD PTR SS:[LOCAL.1],0
0042AA83 |. 8D45 A0
LEA EAX,[LOCAL.24]
0042AA86 |. 50
PUSH EAX
; /Arg1 =>
OFFSET LOCAL.24
0042AA87 |. 8D4D BC
LEA ECX,[LOCAL.17]
; |
0042AA8A |. E8 B1E0FDFF CALL 00408B40
; \SystemIn
fo.00408B40
0042AA8F |. C745 BC 54884 MOV DWORD PTR SS:[LOCAL.17],OFFSET 00448
0042AA96 |. 68 7CD54400 PUSH OFFSET 0044D57C
; /Arg2 = S
ystemInfo.44D57C
0042AA9B |. 8D4D BC
LEA ECX,[LOCAL.17]
; |
0042AA9E |. 51
PUSH ECX
; |Arg1 =>
OFFSET LOCAL.17
0042AA9F |. E8 813E0000 CALL 0042E925
; \SystemIn
fo.0042E925
0042AAA4 |. C745 FC FFFFF MOV DWORD PTR SS:[LOCAL.1],-1
0042AAAB |. 6A 00
PUSH 0
; /Arg2 = 0

0042AAAD |.
0042AAAF |.
0042AAB2 |.
fo.0040FB60
0042AAB7 |>
0042AABA |.
0042AABD |.
0042AAC0 |.
0042AAC5 |.
0042AAC8 |.
0042AACB |.
0042AACE |.
0042AAD0 |.
0042AAD4 |.
0042AAD6 |.
0042AAD8 |.
0042AADB |.
0042AADE |.
0042AAE1 |.
0042AAE3 |>
0042AAE6 |.
0042AAE9 |.
0042AAED |.
0042AAEF |.
0042AAF1 |.
0042AAF4 |.
0042AAF6 |.
0042AAF9 |.
0042AAFB |>
0042AAFE |.
0042AB01 |.
0042AB04 |.
0042AB07 |.
0042AB0A |>
0042AB0D |.
0042AB10 |.
0042AB16 |.
0042AB19 |.
0042AB1C |.
0042AB1F |.
0042AB22 |.
0042AB26 |.
0042AB28 |.
0042AB2A |.
0042AB2D |.
0042AB30 |.
0042AB33 |>
0042AB39 |.
0042AB3C |.
0042AB3F |.
0042AB42 |.
0042AB44 |.
0042AB4A |.
0042AB4D |.
0042AB50 |.
0042AB53 |.
0042AB55 |>
0042AB58 |.
0042AB5A |.
0042AB5D |.

6A 01
8D4D A0
E8 A950FEFF

PUSH 1
LEA ECX,[LOCAL.24]
CALL 0040FB60

8B55 10
8955 F0
8D4D 0C
E8 6BE6FFFF
8B45 F0
8945 E8
8B4D E8
8B11
0FBE42 29
85C0
74 0B
8B4D E8
8B51 08
8955 EC
EB 27
8B45 E8
8B48 08
0FBE51 29
85D2
74 0A
8B45 E8
8B08
894D EC
EB 0F
8B55 10
8955 E8
8B45 E8
8B48 08
894D EC
8B55 E8
3B55 F0
0F85 3A010000
8B45 F0
8B48 04
894D E4
8B55 EC
0FBE42 29
85C0
75 09
8B4D EC
8B55 E4
8951 04
8B85 04FFFFFF
8B48 18
8B51 04
3B55 F0
75 11
8B85 04FFFFFF
8B48 18
8B55 EC
8951 04
EB 1D
8B45 E4
8B08
3B4D F0
75 0A

MOV EDX,DWORD PTR SS:[ARG.3]


MOV DWORD PTR SS:[LOCAL.4],EDX
LEA ECX,[ARG.2]
CALL 00429130
MOV EAX,DWORD PTR SS:[LOCAL.4]
MOV DWORD PTR SS:[LOCAL.6],EAX
MOV ECX,DWORD PTR SS:[LOCAL.6]
MOV EDX,DWORD PTR DS:[ECX]
MOVSX EAX,BYTE PTR DS:[EDX+29]
TEST EAX,EAX
JE SHORT 0042AAE3
MOV ECX,DWORD PTR SS:[LOCAL.6]
MOV EDX,DWORD PTR DS:[ECX+8]
MOV DWORD PTR SS:[LOCAL.5],EDX
JMP SHORT 0042AB0A
MOV EAX,DWORD PTR SS:[LOCAL.6]
MOV ECX,DWORD PTR DS:[EAX+8]
MOVSX EDX,BYTE PTR DS:[ECX+29]
TEST EDX,EDX
JE SHORT 0042AAFB
MOV EAX,DWORD PTR SS:[LOCAL.6]
MOV ECX,DWORD PTR DS:[EAX]
MOV DWORD PTR SS:[LOCAL.5],ECX
JMP SHORT 0042AB0A
MOV EDX,DWORD PTR SS:[ARG.3]
MOV DWORD PTR SS:[LOCAL.6],EDX
MOV EAX,DWORD PTR SS:[LOCAL.6]
MOV ECX,DWORD PTR DS:[EAX+8]
MOV DWORD PTR SS:[LOCAL.5],ECX
MOV EDX,DWORD PTR SS:[LOCAL.6]
CMP EDX,DWORD PTR SS:[LOCAL.4]
JNE 0042AC50
MOV EAX,DWORD PTR SS:[LOCAL.4]
MOV ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.7],ECX
MOV EDX,DWORD PTR SS:[LOCAL.5]
MOVSX EAX,BYTE PTR DS:[EDX+29]
TEST EAX,EAX
JNE SHORT 0042AB33
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV EDX,DWORD PTR SS:[LOCAL.7]
MOV DWORD PTR DS:[ECX+4],EDX
MOV EAX,DWORD PTR SS:[LOCAL.63]
MOV ECX,DWORD PTR DS:[EAX+18]
MOV EDX,DWORD PTR DS:[ECX+4]
CMP EDX,DWORD PTR SS:[LOCAL.4]
JNE SHORT 0042AB55
MOV EAX,DWORD PTR SS:[LOCAL.63]
MOV ECX,DWORD PTR DS:[EAX+18]
MOV EDX,DWORD PTR SS:[LOCAL.5]
MOV DWORD PTR DS:[ECX+4],EDX
JMP SHORT 0042AB72
MOV EAX,DWORD PTR SS:[LOCAL.7]
MOV ECX,DWORD PTR DS:[EAX]
CMP ECX,DWORD PTR SS:[LOCAL.4]
JNE SHORT 0042AB69

; |Arg1 = 1
; |
; \SystemIn

0042AB5F
0042AB62
0042AB65
0042AB67
0042AB69
0042AB6C
0042AB6F
0042AB72
0042AB78
0042AB7B
0042AB7E
0042AB81
0042AB83
0042AB86
0042AB88
0042AB8B
0042AB8F
0042AB91
0042AB93
0042AB96
0042AB9C
0042AB9E
0042ABA1
0042ABA4
0042ABA7
0042ABA9
0042ABAD
0042ABAF
0042ABB1
0042ABB4
0042ABB6
0042ABB9
0042ABBB
0042ABBE
0042ABC4
0042ABCA
0042ABCD
0042ABD0
0042ABD3
0042ABD9
0042ABDB
0042ABE1
0042ABE4
0042ABE7
0042ABEA
0042ABEC
0042ABEF
0042ABF3
0042ABF5
0042ABF7
0042ABFA
0042AC00
0042AC02
0042AC05
0042AC0B
0042AC11
0042AC14
0042AC18
0042AC1A
0042AC1C

|.
|.
|.
|.
|>
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.^
|>
|.
|>
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|>
|.
|.
|.
|.
|.

8B55 E4
8B45 EC
8902
EB 09
8B4D E4
8B55 EC
8951 08
8B85 04FFFFFF
8B48 18
894D 88
8B55 88
8B02
3B45 F0
75 53
8B4D EC
0FBE51 29
85D2
74 0B
8B45 E4
8985 00FFFFFF
EB 26
8B4D EC
894D 84
8B55 84
8B02
0FBE48 29
85C9
75 0A
8B55 84
8B02
8945 84
EB E9
8B4D 84
898D 00FFFFFF
8B95 04FFFFFF
8B42 18
8945 80
8B4D 80
8B95 00FFFFFF
8911
8B85 04FFFFFF
8B48 18
8B51 08
3B55 F0
75 5F
8B45 EC
0FBE48 29
85C9
74 0B
8B55 E4
8995 FCFEFFFF
EB 37
8B45 EC
8985 7CFFFFFF
8B8D 7CFFFFFF
8B51 08
0FBE42 29
85C0
75 11
8B8D 7CFFFFFF

MOV EDX,DWORD PTR SS:[LOCAL.7]


MOV EAX,DWORD PTR SS:[LOCAL.5]
MOV DWORD PTR DS:[EDX],EAX
JMP SHORT 0042AB72
MOV ECX,DWORD PTR SS:[LOCAL.7]
MOV EDX,DWORD PTR SS:[LOCAL.5]
MOV DWORD PTR DS:[ECX+8],EDX
MOV EAX,DWORD PTR SS:[LOCAL.63]
MOV ECX,DWORD PTR DS:[EAX+18]
MOV DWORD PTR SS:[LOCAL.30],ECX
MOV EDX,DWORD PTR SS:[LOCAL.30]
MOV EAX,DWORD PTR DS:[EDX]
CMP EAX,DWORD PTR SS:[LOCAL.4]
JNE SHORT 0042ABDB
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOVSX EDX,BYTE PTR DS:[ECX+29]
TEST EDX,EDX
JE SHORT 0042AB9E
MOV EAX,DWORD PTR SS:[LOCAL.7]
MOV DWORD PTR SS:[LOCAL.64],EAX
JMP SHORT 0042ABC4
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV DWORD PTR SS:[LOCAL.31],ECX
/MOV EDX,DWORD PTR SS:[LOCAL.31]
|MOV EAX,DWORD PTR DS:[EDX]
|MOVSX ECX,BYTE PTR DS:[EAX+29]
|TEST ECX,ECX
|JNE SHORT 0042ABBB
|MOV EDX,DWORD PTR SS:[LOCAL.31]
|MOV EAX,DWORD PTR DS:[EDX]
|MOV DWORD PTR SS:[LOCAL.31],EAX
\JMP SHORT 0042ABA4
MOV ECX,DWORD PTR SS:[LOCAL.31]
MOV DWORD PTR SS:[LOCAL.64],ECX
MOV EDX,DWORD PTR SS:[LOCAL.63]
MOV EAX,DWORD PTR DS:[EDX+18]
MOV DWORD PTR SS:[LOCAL.32],EAX
MOV ECX,DWORD PTR SS:[LOCAL.32]
MOV EDX,DWORD PTR SS:[LOCAL.64]
MOV DWORD PTR DS:[ECX],EDX
MOV EAX,DWORD PTR SS:[LOCAL.63]
MOV ECX,DWORD PTR DS:[EAX+18]
MOV EDX,DWORD PTR DS:[ECX+8]
CMP EDX,DWORD PTR SS:[LOCAL.4]
JNE SHORT 0042AC4B
MOV EAX,DWORD PTR SS:[LOCAL.5]
MOVSX ECX,BYTE PTR DS:[EAX+29]
TEST ECX,ECX
JE SHORT 0042AC02
MOV EDX,DWORD PTR SS:[LOCAL.7]
MOV DWORD PTR SS:[LOCAL.65],EDX
JMP SHORT 0042AC39
MOV EAX,DWORD PTR SS:[LOCAL.5]
MOV DWORD PTR SS:[LOCAL.33],EAX
/MOV ECX,DWORD PTR SS:[LOCAL.33]
|MOV EDX,DWORD PTR DS:[ECX+8]
|MOVSX EAX,BYTE PTR DS:[EDX+29]
|TEST EAX,EAX
|JNE SHORT 0042AC2D
|MOV ECX,DWORD PTR SS:[LOCAL.33]

0042AC22
0042AC25
0042AC2B
0042AC2D
0042AC33
0042AC39
0042AC3F
0042AC42
0042AC48
0042AC4B
0042AC50
0042AC53
0042AC55
0042AC58
0042AC5B
0042AC5E
0042AC61
0042AC63
0042AC65
0042AC68
0042AC6B
0042AC6E
0042AC70
0042AC73
0042AC76
0042AC78
0042AC7B
0042AC7E
0042AC81
0042AC84
0042AC88
0042AC8A
0042AC8C
0042AC8F
0042AC92
0042AC95
0042AC98
0042AC9B
0042AC9D
0042ACA0
0042ACA3
0042ACA6
0042ACA9
0042ACAC
0042ACAF
0042ACB2
0042ACB5
0042ACBB
0042ACBE
0042ACC1
0042ACC4
0042ACC6
0042ACCC
0042ACCF
0042ACD2
0042ACD5
0042ACD7
0042ACDA
0042ACDD
0042ACE3

|.
|.
|.^
|>
|.
|>
|.
|.
|.
|>
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.

8B51 08
8995 7CFFFFFF
EB DE
8B85 7CFFFFFF
8985 FCFEFFFF
8B8D 04FFFFFF
8B51 18
8B85 FCFEFFFF
8942 08
E9 23010000
8B4D F0
8B11
8B45 E8
8942 04
8B4D E8
8B55 F0
8B02
8901
8B4D F0
8B55 E8
3B51 08
75 08
8B45 E8
8945 E4
EB 3D
8B4D E8
8B51 04
8955 E4
8B45 EC
0FBE48 29
85C9
75 09
8B55 EC
8B45 E4
8942 04
8B4D E4
8B55 EC
8911
8B45 E8
8B4D F0
8B51 08
8950 08
8B45 F0
8B48 08
8B55 E8
8951 04
8B85 04FFFFFF
8B48 18
8B51 04
3B55 F0
75 11
8B85 04FFFFFF
8B48 18
8B55 E8
8951 04
EB 3E
8B45 F0
8B48 04
898D 78FFFFFF
8B95 78FFFFFF

|MOV EDX,DWORD PTR DS:[ECX+8]


|MOV DWORD PTR SS:[LOCAL.33],EDX
\JMP SHORT 0042AC0B
MOV EAX,DWORD PTR SS:[LOCAL.33]
MOV DWORD PTR SS:[LOCAL.65],EAX
MOV ECX,DWORD PTR SS:[LOCAL.63]
MOV EDX,DWORD PTR DS:[ECX+18]
MOV EAX,DWORD PTR SS:[LOCAL.65]
MOV DWORD PTR DS:[EDX+8],EAX
JMP 0042AD73
MOV ECX,DWORD PTR SS:[LOCAL.4]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[LOCAL.6]
MOV DWORD PTR DS:[EDX+4],EAX
MOV ECX,DWORD PTR SS:[LOCAL.6]
MOV EDX,DWORD PTR SS:[LOCAL.4]
MOV EAX,DWORD PTR DS:[EDX]
MOV DWORD PTR DS:[ECX],EAX
MOV ECX,DWORD PTR SS:[LOCAL.4]
MOV EDX,DWORD PTR SS:[LOCAL.6]
CMP EDX,DWORD PTR DS:[ECX+8]
JNE SHORT 0042AC78
MOV EAX,DWORD PTR SS:[LOCAL.6]
MOV DWORD PTR SS:[LOCAL.7],EAX
JMP SHORT 0042ACB5
MOV ECX,DWORD PTR SS:[LOCAL.6]
MOV EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[LOCAL.7],EDX
MOV EAX,DWORD PTR SS:[LOCAL.5]
MOVSX ECX,BYTE PTR DS:[EAX+29]
TEST ECX,ECX
JNE SHORT 0042AC95
MOV EDX,DWORD PTR SS:[LOCAL.5]
MOV EAX,DWORD PTR SS:[LOCAL.7]
MOV DWORD PTR DS:[EDX+4],EAX
MOV ECX,DWORD PTR SS:[LOCAL.7]
MOV EDX,DWORD PTR SS:[LOCAL.5]
MOV DWORD PTR DS:[ECX],EDX
MOV EAX,DWORD PTR SS:[LOCAL.6]
MOV ECX,DWORD PTR SS:[LOCAL.4]
MOV EDX,DWORD PTR DS:[ECX+8]
MOV DWORD PTR DS:[EAX+8],EDX
MOV EAX,DWORD PTR SS:[LOCAL.4]
MOV ECX,DWORD PTR DS:[EAX+8]
MOV EDX,DWORD PTR SS:[LOCAL.6]
MOV DWORD PTR DS:[ECX+4],EDX
MOV EAX,DWORD PTR SS:[LOCAL.63]
MOV ECX,DWORD PTR DS:[EAX+18]
MOV EDX,DWORD PTR DS:[ECX+4]
CMP EDX,DWORD PTR SS:[LOCAL.4]
JNE SHORT 0042ACD7
MOV EAX,DWORD PTR SS:[LOCAL.63]
MOV ECX,DWORD PTR DS:[EAX+18]
MOV EDX,DWORD PTR SS:[LOCAL.6]
MOV DWORD PTR DS:[ECX+4],EDX
JMP SHORT 0042AD15
MOV EAX,DWORD PTR SS:[LOCAL.4]
MOV ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.34],ECX
MOV EDX,DWORD PTR SS:[LOCAL.34]

0042ACE9
0042ACEB
0042ACEE
0042ACF0
0042ACF3
0042ACF6
0042ACFC
0042AD02
0042AD05
0042AD07
0042AD09
0042AD0C
0042AD0F
0042AD12
0042AD15
0042AD18
0042AD1B
0042AD1E
0042AD21
0042AD24
0042AD27
0042AD2D
0042AD30
0042AD33
0042AD39
0042AD3F
0042AD45
0042AD47
0042AD4D
0042AD4F
0042AD55
0042AD5B
0042AD61
0042AD63
0042AD65
0042AD6B
0042AD71
0042AD73
0042AD76
0042AD7A
0042AD7D
0042AD83
0042AD85
0042AD88
0042AD8B
0042AD8E
0042AD94
0042AD97
0042AD9A
0042AD9D
0042ADA3
0042ADA6
0042ADAA
0042ADAD
0042ADB3
0042ADB6
0042ADB9
0042ADBB
0042ADC1
0042ADC4

|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|>
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.

8B02
3B45 F0
75 19
8B4D F0
8B51 04
8995 74FFFFFF
8B85 74FFFFFF
8B4D E8
8908
EB 0C
8B55 F0
8B42 04
8B4D E8
8948 08
8B55 E8
8B45 F0
8B48 04
894A 04
8B55 F0
83C2 28
8995 68FFFFFF
8B45 E8
83C0 28
8985 6CFFFFFF
8B8D 6CFFFFFF
3B8D 68FFFFFF
74 2C
8B95 6CFFFFFF
8A02
8885 73FFFFFF
8B8D 6CFFFFFF
8B95 68FFFFFF
8A02
8801
8B8D 68FFFFFF
8A95 73FFFFFF
8811
8B45 F0
0FBE48 28
83F9 01
0F85 10020000
EB 09
8B55 EC
8B42 04
8945 E4
8B8D 04FFFFFF
8B51 18
8B45 EC
3B42 04
0F84 E9010000
8B4D EC
0FBE51 28
83FA 01
0F85 D9010000
8B45 E4
8B4D EC
3B08
0F85 E9000000
8B55 E4
8B42 08

MOV EAX,DWORD PTR DS:[EDX]


CMP EAX,DWORD PTR SS:[LOCAL.4]
JNE SHORT 0042AD09
MOV ECX,DWORD PTR SS:[LOCAL.4]
MOV EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[LOCAL.35],EDX
MOV EAX,DWORD PTR SS:[LOCAL.35]
MOV ECX,DWORD PTR SS:[LOCAL.6]
MOV DWORD PTR DS:[EAX],ECX
JMP SHORT 0042AD15
MOV EDX,DWORD PTR SS:[LOCAL.4]
MOV EAX,DWORD PTR DS:[EDX+4]
MOV ECX,DWORD PTR SS:[LOCAL.6]
MOV DWORD PTR DS:[EAX+8],ECX
MOV EDX,DWORD PTR SS:[LOCAL.6]
MOV EAX,DWORD PTR SS:[LOCAL.4]
MOV ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR DS:[EDX+4],ECX
MOV EDX,DWORD PTR SS:[LOCAL.4]
ADD EDX,28
MOV DWORD PTR SS:[LOCAL.38],EDX
MOV EAX,DWORD PTR SS:[LOCAL.6]
ADD EAX,28
MOV DWORD PTR SS:[LOCAL.37],EAX
MOV ECX,DWORD PTR SS:[LOCAL.37]
CMP ECX,DWORD PTR SS:[LOCAL.38]
JE SHORT 0042AD73
MOV EDX,DWORD PTR SS:[LOCAL.37]
MOV AL,BYTE PTR DS:[EDX]
MOV BYTE PTR SS:[LOCAL.36+3],AL
MOV ECX,DWORD PTR SS:[LOCAL.37]
MOV EDX,DWORD PTR SS:[LOCAL.38]
MOV AL,BYTE PTR DS:[EDX]
MOV BYTE PTR DS:[ECX],AL
MOV ECX,DWORD PTR SS:[LOCAL.38]
MOV DL,BYTE PTR SS:[LOCAL.36+3]
MOV BYTE PTR DS:[ECX],DL
MOV EAX,DWORD PTR SS:[LOCAL.4]
MOVSX ECX,BYTE PTR DS:[EAX+28]
CMP ECX,1
JNE 0042AF93
JMP SHORT 0042AD8E
MOV EDX,DWORD PTR SS:[EBP-14]
MOV EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[EBP-1C],EAX
MOV ECX,DWORD PTR SS:[EBP-0FC]
MOV EDX,DWORD PTR DS:[ECX+18]
MOV EAX,DWORD PTR SS:[EBP-14]
CMP EAX,DWORD PTR DS:[EDX+4]
JE 0042AF8C
MOV ECX,DWORD PTR SS:[EBP-14]
MOVSX EDX,BYTE PTR DS:[ECX+28]
CMP EDX,1
JNE 0042AF8C
MOV EAX,DWORD PTR SS:[EBP-1C]
MOV ECX,DWORD PTR SS:[EBP-14]
CMP ECX,DWORD PTR DS:[EAX]
JNE 0042AEAA
MOV EDX,DWORD PTR SS:[EBP-1C]
MOV EAX,DWORD PTR DS:[EDX+8]

0042ADC7 |.
0042ADCA |.
0042ADCD |.
0042ADD1 |.
0042ADD3 |.
0042ADD5 |.
0042ADD8 |.
0042ADDC |.
0042ADDF |.
0042ADE3 |.
0042ADE6 |.
0042ADE7 |.
0042ADED |.
fo.00428E80
0042ADF2 |.
0042ADF5 |.
0042ADF8 |.
0042ADFB |>
0042ADFE |.
0042AE02 |.
0042AE04 |.
0042AE06 |.
0042AE09 |.
0042AE0C |.^
0042AE11 |>
0042AE14 |.
0042AE16 |.
0042AE1A |.
0042AE1D |.
0042AE1F |.
0042AE22 |.
0042AE25 |.
0042AE29 |.
0042AE2C |.
0042AE2E |.
0042AE31 |.
0042AE35 |.
0042AE38 |.
0042AE3B |.^
0042AE3D |>
0042AE40 |.
0042AE43 |.
0042AE47 |.
0042AE4A |.
0042AE4C |.
0042AE4F |.
0042AE51 |.
0042AE55 |.
0042AE58 |.
0042AE5C |.
0042AE5F |.
0042AE60 |.
0042AE66 |.
fo.00428F30
0042AE6B |.
0042AE6E |.
0042AE71 |.
0042AE74 |>
0042AE77 |.
0042AE7A |.

8945 E8
8B4D E8
0FBE51 28
85D2
75 26
8B45 E8
C640 28 01
8B4D E4
C641 28 00
8B55 E4
52
8B8D 04FFFFFF
E8 8EE0FFFF

MOV DWORD PTR SS:[EBP-18],EAX


MOV ECX,DWORD PTR SS:[EBP-18]
MOVSX EDX,BYTE PTR DS:[ECX+28]
TEST EDX,EDX
JNE SHORT 0042ADFB
MOV EAX,DWORD PTR SS:[EBP-18]
MOV BYTE PTR DS:[EAX+28],1
MOV ECX,DWORD PTR SS:[EBP-1C]
MOV BYTE PTR DS:[ECX+28],0
MOV EDX,DWORD PTR SS:[EBP-1C]
PUSH EDX
MOV ECX,DWORD PTR SS:[EBP-0FC]
CALL 00428E80

; /Arg1
; |
; \SystemIn

8B45 E4
8B48 08
894D E8
8B55 E8
0FBE42 29
85C0
74 0B
8B4D E4
894D EC
E9 94000000
8B55 E8
8B02
0FBE48 28
83F9 01
75 1E
8B55 E8
8B42 08
0FBE48 28
83F9 01
75 0F
8B55 E8
C642 28 00
8B45 E4
8945 EC
EB 68
8B4D E8
8B51 08
0FBE42 28
83F8 01
75 28
8B4D E8
8B11
C642 28 01
8B45 E8
C640 28 00
8B4D E8
51
8B8D 04FFFFFF
E8 C5E0FFFF

MOV EAX,DWORD PTR SS:[EBP-1C]


MOV ECX,DWORD PTR DS:[EAX+8]
MOV DWORD PTR SS:[EBP-18],ECX
MOV EDX,DWORD PTR SS:[EBP-18]
MOVSX EAX,BYTE PTR DS:[EDX+29]
TEST EAX,EAX
JE SHORT 0042AE11
MOV ECX,DWORD PTR SS:[EBP-1C]
MOV DWORD PTR SS:[EBP-14],ECX
JMP 0042AEA5
MOV EDX,DWORD PTR SS:[EBP-18]
MOV EAX,DWORD PTR DS:[EDX]
MOVSX ECX,BYTE PTR DS:[EAX+28]
CMP ECX,1
JNE SHORT 0042AE3D
MOV EDX,DWORD PTR SS:[EBP-18]
MOV EAX,DWORD PTR DS:[EDX+8]
MOVSX ECX,BYTE PTR DS:[EAX+28]
CMP ECX,1
JNE SHORT 0042AE3D
MOV EDX,DWORD PTR SS:[EBP-18]
MOV BYTE PTR DS:[EDX+28],0
MOV EAX,DWORD PTR SS:[EBP-1C]
MOV DWORD PTR SS:[EBP-14],EAX
JMP SHORT 0042AEA5
MOV ECX,DWORD PTR SS:[EBP-18]
MOV EDX,DWORD PTR DS:[ECX+8]
MOVSX EAX,BYTE PTR DS:[EDX+28]
CMP EAX,1
JNE SHORT 0042AE74
MOV ECX,DWORD PTR SS:[EBP-18]
MOV EDX,DWORD PTR DS:[ECX]
MOV BYTE PTR DS:[EDX+28],1
MOV EAX,DWORD PTR SS:[EBP-18]
MOV BYTE PTR DS:[EAX+28],0
MOV ECX,DWORD PTR SS:[EBP-18]
PUSH ECX
MOV ECX,DWORD PTR SS:[EBP-0FC]
CALL 00428F30

; /Arg1
; |
; \SystemIn

8B55
8B42
8945
8B4D
8B55
8A42

MOV
MOV
MOV
MOV
MOV
MOV

E4
08
E8
E8
E4
28

EDX,DWORD PTR SS:[EBP-1C]


EAX,DWORD PTR DS:[EDX+8]
DWORD PTR SS:[EBP-18],EAX
ECX,DWORD PTR SS:[EBP-18]
EDX,DWORD PTR SS:[EBP-1C]
AL,BYTE PTR DS:[EDX+28]

0042AE7D |.
0042AE80 |.
0042AE83 |.
0042AE87 |.
0042AE8A |.
0042AE8D |.
0042AE91 |.
0042AE94 |.
0042AE95 |.
0042AE9B |.
fo.00428E80
0042AEA0 |.
0042AEA5 |>^
0042AEAA |>
0042AEAD |.
0042AEAF |.
0042AEB2 |.
0042AEB5 |.
0042AEB9 |.
0042AEBB |.
0042AEBD |.
0042AEC0 |.
0042AEC4 |.
0042AEC7 |.
0042AECB |.
0042AECE |.
0042AECF |.
0042AED5 |.
fo.00428F30
0042AEDA |.
0042AEDD |.
0042AEDF |.
0042AEE2 |>
0042AEE5 |.
0042AEE9 |.
0042AEEB |.
0042AEED |.
0042AEF0 |.
0042AEF3 |.^
0042AEF8 |>
0042AEFB |.
0042AEFE |.
0042AF02 |.
0042AF05 |.
0042AF07 |.
0042AF0A |.
0042AF0C |.
0042AF10 |.
0042AF13 |.
0042AF15 |.
0042AF18 |.
0042AF1C |.
0042AF1F |.
0042AF22 |.^
0042AF24 |>
0042AF27 |.
0042AF29 |.
0042AF2D |.
0042AF30 |.
0042AF32 |.

8841 28
8B4D E4
C641 28 01
8B55 E8
8B42 08
C640 28 01
8B4D E4
51
8B8D 04FFFFFF
E8 E0DFFFFF

MOV BYTE PTR DS:[ECX+28],AL


MOV ECX,DWORD PTR SS:[EBP-1C]
MOV BYTE PTR DS:[ECX+28],1
MOV EDX,DWORD PTR SS:[EBP-18]
MOV EAX,DWORD PTR DS:[EDX+8]
MOV BYTE PTR DS:[EAX+28],1
MOV ECX,DWORD PTR SS:[EBP-1C]
PUSH ECX
MOV ECX,DWORD PTR SS:[EBP-0FC]
CALL 00428E80

; /Arg1
; |
; \SystemIn

E9 E7000000
E9 DD000000
8B55 E4
8B02
8945 E8
8B4D E8
0FBE51 28
85D2
75 25
8B45 E8
C640 28 01
8B4D E4
C641 28 00
8B55 E4
52
8B8D 04FFFFFF
E8 56E0FFFF

JMP 0042AF8C
JMP 0042AF87
MOV EDX,DWORD PTR SS:[EBP-1C]
MOV EAX,DWORD PTR DS:[EDX]
MOV DWORD PTR SS:[EBP-18],EAX
MOV ECX,DWORD PTR SS:[EBP-18]
MOVSX EDX,BYTE PTR DS:[ECX+28]
TEST EDX,EDX
JNE SHORT 0042AEE2
MOV EAX,DWORD PTR SS:[EBP-18]
MOV BYTE PTR DS:[EAX+28],1
MOV ECX,DWORD PTR SS:[EBP-1C]
MOV BYTE PTR DS:[ECX+28],0
MOV EDX,DWORD PTR SS:[EBP-1C]
PUSH EDX
MOV ECX,DWORD PTR SS:[EBP-0FC]
CALL 00428F30

; /Arg1
; |
; \SystemIn

8B45 E4
8B08
894D E8
8B55 E8
0FBE42 29
85C0
74 0B
8B4D E4
894D EC
E9 8F000000
8B55 E8
8B42 08
0FBE48 28
83F9 01
75 1D
8B55 E8
8B02
0FBE48 28
83F9 01
75 0F
8B55 E8
C642 28 00
8B45 E4
8945 EC
EB 63
8B4D E8
8B11
0FBE42 28
83F8 01
75 28
8B4D E8

MOV EAX,DWORD PTR SS:[EBP-1C]


MOV ECX,DWORD PTR DS:[EAX]
MOV DWORD PTR SS:[EBP-18],ECX
MOV EDX,DWORD PTR SS:[EBP-18]
MOVSX EAX,BYTE PTR DS:[EDX+29]
TEST EAX,EAX
JE SHORT 0042AEF8
MOV ECX,DWORD PTR SS:[EBP-1C]
MOV DWORD PTR SS:[EBP-14],ECX
JMP 0042AF87
MOV EDX,DWORD PTR SS:[EBP-18]
MOV EAX,DWORD PTR DS:[EDX+8]
MOVSX ECX,BYTE PTR DS:[EAX+28]
CMP ECX,1
JNE SHORT 0042AF24
MOV EDX,DWORD PTR SS:[EBP-18]
MOV EAX,DWORD PTR DS:[EDX]
MOVSX ECX,BYTE PTR DS:[EAX+28]
CMP ECX,1
JNE SHORT 0042AF24
MOV EDX,DWORD PTR SS:[EBP-18]
MOV BYTE PTR DS:[EDX+28],0
MOV EAX,DWORD PTR SS:[EBP-1C]
MOV DWORD PTR SS:[EBP-14],EAX
JMP SHORT 0042AF87
MOV ECX,DWORD PTR SS:[EBP-18]
MOV EDX,DWORD PTR DS:[ECX]
MOVSX EAX,BYTE PTR DS:[EDX+28]
CMP EAX,1
JNE SHORT 0042AF5A
MOV ECX,DWORD PTR SS:[EBP-18]

0042AF35 |.
0042AF38 |.
0042AF3C |.
0042AF3F |.
0042AF43 |.
0042AF46 |.
0042AF47 |.
0042AF4D |.
fo.00428E80
0042AF52 |.
0042AF55 |.
0042AF57 |.
0042AF5A |>
0042AF5D |.
0042AF60 |.
0042AF63 |.
0042AF66 |.
0042AF69 |.
0042AF6D |.
0042AF70 |.
0042AF72 |.
0042AF76 |.
0042AF79 |.
0042AF7A |.
0042AF80 |.
fo.00428F30
0042AF85 |.
0042AF87 |>^
0042AF8C |>
0042AF8F |.
0042AF93 |>
0042AF95 |.
0042AF97 |.
0042AF9A |.
0042AF9D |.
fo.0040FB60
0042AFA2 |.
0042AFA4 |.
0042AFA7 |.
0042AFA9 |.
0042AFAC |.
0042AFAD |.
0042AFB2 |.
0042AFB5 |>
0042AFB8 |.
0042AFB9 |.
0042AFBE |.
0042AFC1 |.
0042AFC7 |.
0042AFCB |.
0042AFCD |.
0042AFD3 |.
0042AFD6 |.
0042AFD9 |.
0042AFDF |.
0042AFE2 |>
0042AFE5 |.
0042AFEB |.
0042AFEE |.
0042AFF4 |.

8B51 08
C642 28 01
8B45 E8
C640 28 00
8B4D E8
51
8B8D 04FFFFFF
E8 2EDFFFFF

MOV EDX,DWORD PTR DS:[ECX+8]


MOV BYTE PTR DS:[EDX+28],1
MOV EAX,DWORD PTR SS:[EBP-18]
MOV BYTE PTR DS:[EAX+28],0
MOV ECX,DWORD PTR SS:[EBP-18]
PUSH ECX
MOV ECX,DWORD PTR SS:[EBP-0FC]
CALL 00428E80

; /Arg1
; |
; \SystemIn

8B55 E4
8B02
8945 E8
8B4D E8
8B55 E4
8A42 28
8841 28
8B4D E4
C641 28 01
8B55 E8
8B02
C640 28 01
8B4D E4
51
8B8D 04FFFFFF
E8 ABDFFFFF

MOV EDX,DWORD PTR SS:[EBP-1C]


MOV EAX,DWORD PTR DS:[EDX]
MOV DWORD PTR SS:[EBP-18],EAX
MOV ECX,DWORD PTR SS:[EBP-18]
MOV EDX,DWORD PTR SS:[EBP-1C]
MOV AL,BYTE PTR DS:[EDX+28]
MOV BYTE PTR DS:[ECX+28],AL
MOV ECX,DWORD PTR SS:[EBP-1C]
MOV BYTE PTR DS:[ECX+28],1
MOV EDX,DWORD PTR SS:[EBP-18]
MOV EAX,DWORD PTR DS:[EDX]
MOV BYTE PTR DS:[EAX+28],1
MOV ECX,DWORD PTR SS:[EBP-1C]
PUSH ECX
MOV ECX,DWORD PTR SS:[EBP-0FC]
CALL 00428F30

; /Arg1
; |
; \SystemIn

EB 05
E9 F9FDFFFF
8B55 EC
C642 28 01
6A 00
6A 01
8B4D F0
83C1 0C
E8 BE4BFEFF

JMP SHORT 0042AF8C


JMP 0042AD85
MOV EDX,DWORD PTR SS:[EBP-14]
MOV BYTE PTR DS:[EDX+28],1
PUSH 0
PUSH 1
MOV ECX,DWORD PTR SS:[EBP-10]
ADD ECX,0C
CALL 0040FB60

;
;
;
;
;

33C0
83E0 01
74 0C
8B4D F0
51
E8 68390000
83C4 04
8B55 F0
52
E8 5C390000
83C4 04
8B85 04FFFFFF
8378 1C 00
76 15
8B8D 04FFFFFF
8B51 1C
83EA 01
8B85 04FFFFFF
8950 1C
8B4D 0C
898D 08FFFFFF
8B55 10
8995 0CFFFFFF
C785 10FFFFFF

XOR EAX,EAX
AND EAX,00000001
JE SHORT 0042AFB5
MOV ECX,DWORD PTR SS:[EBP-10]
PUSH ECX
CALL 0042E91A
ADD ESP,4
MOV EDX,DWORD PTR SS:[EBP-10]
PUSH EDX
CALL 0042E91A
ADD ESP,4
MOV EAX,DWORD PTR SS:[EBP-0FC]
CMP DWORD PTR DS:[EAX+1C],0
JBE SHORT 0042AFE2
MOV ECX,DWORD PTR SS:[EBP-0FC]
MOV EDX,DWORD PTR DS:[ECX+1C]
SUB EDX,1
MOV EAX,DWORD PTR SS:[EBP-0FC]
MOV DWORD PTR DS:[EAX+1C],EDX
MOV ECX,DWORD PTR SS:[EBP+0C]
MOV DWORD PTR SS:[EBP-0F8],ECX
MOV EDX,DWORD PTR SS:[EBP+10]
MOV DWORD PTR SS:[EBP-0F4],EDX
MOV DWORD PTR SS:[EBP-0F0],0

/Arg2 = 0
|Arg1 = 1
|
|
\SystemIn

0042AFFE |.
0042B004 |.
0042B00A |.
0042B011 |.
0042B013 |.
0042B018 |>
0042B01A |.^
0042B01C |.
0042B022 |.
0042B024 |.
0042B02A |.
0042B030 |.
0042B036 |.
0042B039 |.
0042B03B |.
0042B03E |.
0042B041 |.
0042B044 |.
0042B04B |.
0042B04C |.
0042B04E |.
0042B04F \.
0042B052
0042B053
0042B054
0042B055
0042B056
0042B057
0042B058
0042B059
0042B05A
0042B05B
0042B05C
0042B05D
0042B05E
0042B05F
0042B060 /$
0042B061 |.
0042B063 |.
0042B066 |.
0042B069 |.
0042B06C |.
0042B06F |.
0042B072 |.
0042B073 |.
0042B076 |.
fo.0042C940
0042B07B |.
0042B07E |.
0042B081 |.
0042B084 |.
0042B087 |.
0042B08A |.
0042B08D |.
0042B094 |.
0042B097 |.
0042B09A |.
0042B09D |.
0042B0A0 |.
0042B0A3 |.

8B85 0CFFFFFF
8985 14FFFFFF
83BD 04FFFFFF
75 05
E8 70380000
33C9
75 FC
8B95 04FFFFFF
8B02
8985 10FFFFFF
8B8D 10FFFFFF
8B95 14FFFFFF
8B45 08
8908
8950 04
8B45 08
8B4D F4
64:890D 00000
59
8BE5
5D
C2 0C00
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
55
8BEC
83EC 0C
894D F4
8B45 F4
8B48 18
8B51 04
52
8B4D F4
E8 C5180000
8B45
8B48
8B55
8B42
8941
8B4D
C741
8B55
8B42
8945
8B4D
8B55
8B42

MOV EAX,DWORD PTR SS:[EBP-0F4]


MOV DWORD PTR SS:[EBP-0EC],EAX
CMP DWORD PTR SS:[EBP-0FC],0
JNE SHORT 0042B018
CALL 0042E888
/XOR ECX,ECX
\JNE SHORT 0042B018
MOV EDX,DWORD PTR SS:[EBP-0FC]
MOV EAX,DWORD PTR DS:[EDX]
MOV DWORD PTR SS:[EBP-0F0],EAX
MOV ECX,DWORD PTR SS:[EBP-0F0]
MOV EDX,DWORD PTR SS:[EBP-0EC]
MOV EAX,DWORD PTR SS:[EBP+8]
MOV DWORD PTR DS:[EAX],ECX
MOV DWORD PTR DS:[EAX+4],EDX
MOV EAX,DWORD PTR SS:[EBP+8]
MOV ECX,DWORD PTR SS:[EBP-0C]
MOV DWORD PTR FS:[0],ECX
POP ECX
MOV ESP,EBP
POP EBP
RETN 0C
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
SUB ESP,0C
MOV DWORD PTR SS:[LOCAL.3],ECX
MOV EAX,DWORD PTR SS:[LOCAL.3]
MOV ECX,DWORD PTR DS:[EAX+18]
MOV EDX,DWORD PTR DS:[ECX+4]
PUSH EDX
MOV ECX,DWORD PTR SS:[LOCAL.3]
CALL 0042C940

F4
MOV EAX,DWORD PTR SS:[LOCAL.3]
18
MOV ECX,DWORD PTR DS:[EAX+18]
F4
MOV EDX,DWORD PTR SS:[LOCAL.3]
18
MOV EAX,DWORD PTR DS:[EDX+18]
04
MOV DWORD PTR DS:[ECX+4],EAX
F4
MOV ECX,DWORD PTR SS:[LOCAL.3]
1C 00000 MOV DWORD PTR DS:[ECX+1C],0
F4
MOV EDX,DWORD PTR SS:[LOCAL.3]
18
MOV EAX,DWORD PTR DS:[EDX+18]
F8
MOV DWORD PTR SS:[LOCAL.2],EAX
F8
MOV ECX,DWORD PTR SS:[LOCAL.2]
F4
MOV EDX,DWORD PTR SS:[LOCAL.3]
18
MOV EAX,DWORD PTR DS:[EDX+18]

; /Arg1
; |
; \SystemIn

0042B0A6 |.
0042B0A8 |.
0042B0AB |.
0042B0AE |.
0042B0B1 |.
0042B0B4 |.
0042B0B7 |.
0042B0B9 |.
0042B0BA \.
0042B0BB
0042B0BC
0042B0BD
0042B0BE
0042B0BF
0042B0C0 /$
0042B0C1 |.
0042B0C3 |.
0042B0C5 |.
0042B0CA |.
0042B0D0 |.
0042B0D1 |.
0042B0D2 |.
0042B0D5 |.
0042B0D6 |.
0042B0D7 |.
0042B0D8 |.
0042B0DD |.
0042B0DF |.
0042B0E0 |.
0042B0E3 |.
0042B0E9 |.
0042B0EC |.
0042B0EF |.
0042B0F1 |.
0042B0F4 |.
0042B0F7 |.
fo.0042B210
0042B0FC |.
0042B0FF |.
0042B106 |.
0042B10D |.
0042B114 |.
0042B117 |.
0042B11A |.
0042B11D |.
0042B120 |.
0042B124 |.
0042B126 |.
0042B129 |.
0042B12C |.
0042B12E |.
0042B131 |.
0042B134 |.
0042B136 |>
0042B13D |>
0042B140 |.
0042B143 |.
0042B146 |.
0042B14D |.
0042B150 |.

8901
8B4D F4
8B51 18
8B45 F4
8B48 18
894A 08
8BE5
5D
C3
CC
CC
CC
CC
CC
55
8BEC
6A FF
68 D06A4400
64:A1 0000000
50
51
83EC 50
53
56
57
A1 A0154500
33C5
50
8D45 F4
64:A3 0000000
8965 F0
894D AC
6A 01
8B4D AC
83C1 0C
E8 14010000
8945 E8
C745 EC
C745 FC
C745 E4
8B45 E8
8945 C4
8B4D C4
894D C0
837D C0
74 10
8B55 C0
8B45 E4
8902
8B4D C0
894D A8
EB 07
C745 A8
8B55 EC
83C2 01
8955 EC
C745 E0
8B45 E8
83C0 04

MOV DWORD PTR DS:[ECX],EAX


MOV ECX,DWORD PTR SS:[LOCAL.3]
MOV EDX,DWORD PTR DS:[ECX+18]
MOV EAX,DWORD PTR SS:[LOCAL.3]
MOV ECX,DWORD PTR DS:[EAX+18]
MOV DWORD PTR DS:[EDX+8],ECX
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
PUSH -1
PUSH 00446AD0
MOV EAX,DWORD PTR FS:[0]
PUSH EAX
PUSH ECX
SUB ESP,50
PUSH EBX
PUSH ESI
PUSH EDI
MOV EAX,DWORD PTR DS:[4515A0]
XOR EAX,EBP
PUSH EAX
LEA EAX,[LOCAL.3]
MOV DWORD PTR FS:[0],EAX
MOV DWORD PTR SS:[LOCAL.4],ESP
MOV DWORD PTR SS:[LOCAL.21],ECX
PUSH 1
MOV ECX,DWORD PTR SS:[LOCAL.21]
ADD ECX,0C
CALL 0042B210

MOV DWORD PTR SS:[LOCAL.6],EAX


00000 MOV DWORD PTR SS:[LOCAL.5],0
00000 MOV DWORD PTR SS:[LOCAL.1],0
00000 MOV DWORD PTR SS:[LOCAL.7],0
MOV EAX,DWORD PTR SS:[LOCAL.6]
MOV DWORD PTR SS:[LOCAL.15],EAX
MOV ECX,DWORD PTR SS:[LOCAL.15]
MOV DWORD PTR SS:[LOCAL.16],ECX
00
CMP DWORD PTR SS:[LOCAL.16],0
JE SHORT 0042B136
MOV EDX,DWORD PTR SS:[LOCAL.16]
MOV EAX,DWORD PTR SS:[LOCAL.7]
MOV DWORD PTR DS:[EDX],EAX
MOV ECX,DWORD PTR SS:[LOCAL.16]
MOV DWORD PTR SS:[LOCAL.22],ECX
JMP SHORT 0042B13D
00000 MOV DWORD PTR SS:[LOCAL.22],0
MOV EDX,DWORD PTR SS:[LOCAL.5]
ADD EDX,1
MOV DWORD PTR SS:[LOCAL.5],EDX
00000 MOV DWORD PTR SS:[LOCAL.8],0
MOV EAX,DWORD PTR SS:[LOCAL.6]
ADD EAX,4

;
;
;
;

/Arg1 = 1
|
|
\SystemIn

0042B153 |.
0042B156 |.
0042B159 |.
0042B15C |.
0042B160 |.
0042B162 |.
0042B165 |.
0042B168 |.
0042B16A |.
0042B16D |.
0042B170 |.
0042B172 |>
0042B179 |>
0042B17C |.
0042B17F |.
0042B182 |.
0042B189 |.
0042B18C |.
0042B18F |.
0042B192 |.
0042B195 |.
0042B198 |.
0042B19C |.
0042B19E |.
0042B1A1 |.
0042B1A4 |.
0042B1A6 |.
0042B1A9 |.
0042B1AC |.
0042B1AE |>
0042B1B5 \>
0042B1B7 /.
0042B1BA |.
0042B1BB |.
0042B1C0 |.
0042B1C3 |.
0042B1C5 |.
0042B1C7 |.
fo.0042E925
0042B1CC |.
0042B1D3 |.
0042B1D8 \.
0042B1D9 />
0042B1E0 |.
0042B1E3 |.
0042B1E7 |.
0042B1EA |.
0042B1EE |.
0042B1F1 |.
0042B1F4 |.
0042B1FB |.
0042B1FC |.
0042B1FD |.
0042B1FE |.
0042B1FF |.
0042B201 |.
0042B202 \.
0042B203
0042B204
0042B205

8945 BC
8B4D BC
894D B8
837D B8 00
74 10
8B55 B8
8B45 E0
8902
8B4D B8
894D A4
EB 07
C745 A4 00000
8B55 EC
83C2 01
8955 EC
C745 DC 00000
8B45 E8
83C0 08
8945 B4
8B4D B4
894D B0
837D B0 00
74 10
8B55 B0
8B45 DC
8902
8B4D B0
894D A0
EB 07
C745 A0 00000
EB 22
8B55 E8
52
E8 5A370000
83C4 04
6A 00
6A 00
E8 59370000

MOV DWORD PTR SS:[LOCAL.17],EAX


MOV ECX,DWORD PTR SS:[LOCAL.17]
MOV DWORD PTR SS:[LOCAL.18],ECX
CMP DWORD PTR SS:[LOCAL.18],0
JE SHORT 0042B172
MOV EDX,DWORD PTR SS:[LOCAL.18]
MOV EAX,DWORD PTR SS:[LOCAL.8]
MOV DWORD PTR DS:[EDX],EAX
MOV ECX,DWORD PTR SS:[LOCAL.18]
MOV DWORD PTR SS:[LOCAL.23],ECX
JMP SHORT 0042B179
MOV DWORD PTR SS:[LOCAL.23],0
MOV EDX,DWORD PTR SS:[LOCAL.5]
ADD EDX,1
MOV DWORD PTR SS:[LOCAL.5],EDX
MOV DWORD PTR SS:[LOCAL.9],0
MOV EAX,DWORD PTR SS:[LOCAL.6]
ADD EAX,8
MOV DWORD PTR SS:[LOCAL.19],EAX
MOV ECX,DWORD PTR SS:[LOCAL.19]
MOV DWORD PTR SS:[LOCAL.20],ECX
CMP DWORD PTR SS:[LOCAL.20],0
JE SHORT 0042B1AE
MOV EDX,DWORD PTR SS:[LOCAL.20]
MOV EAX,DWORD PTR SS:[LOCAL.9]
MOV DWORD PTR DS:[EDX],EAX
MOV ECX,DWORD PTR SS:[LOCAL.20]
MOV DWORD PTR SS:[LOCAL.24],ECX
JMP SHORT 0042B1B5
MOV DWORD PTR SS:[LOCAL.24],0
JMP SHORT 0042B1D9
MOV EDX,DWORD PTR SS:[EBP-18]
PUSH EDX
CALL 0042E91A
ADD ESP,4
PUSH 0
PUSH 0
CALL 0042E925

C745 FC FFFFF
B8 E0B14200
C3
C745 FC FFFFF
8B45 E8
C640 28 01
8B4D E8
C641 29 00
8B45 E8
8B4D F4
64:890D 00000
59
5F
5E
5B
8BE5
5D
C3
CC
CC
CC

MOV DWORD PTR SS:[EBP-4],-1


MOV EAX,0042B1E0
RETN
MOV DWORD PTR SS:[LOCAL.1],-1
MOV EAX,DWORD PTR SS:[LOCAL.6]
MOV BYTE PTR DS:[EAX+28],1
MOV ECX,DWORD PTR SS:[LOCAL.6]
MOV BYTE PTR DS:[ECX+29],0
MOV EAX,DWORD PTR SS:[LOCAL.6]
MOV ECX,DWORD PTR SS:[LOCAL.3]
MOV DWORD PTR FS:[0],ECX
POP ECX
POP EDI
POP ESI
POP EBX
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3

; /Arg2 = 0
; |Arg1 = 0
; \SystemIn

0042B206
CC
0042B207
CC
0042B208
CC
0042B209
CC
0042B20A
CC
0042B20B
CC
0042B20C
CC
0042B20D
CC
0042B20E
CC
0042B20F
CC
0042B210 /$ 55
o.0042B210(guessed Arg1)
0042B211 |. 8BEC
0042B213 |. 83EC 14
0042B216 |. 894D EC
0042B219 |. 6A 00
0042B21B |. 8B45 08
0042B21E |. 50
0042B21F |. E8 8C200000
0042B224 |. 83C4 08
0042B227 |. 8BE5
0042B229 |. 5D
0042B22A \. C2 0400
0042B22D
CC
0042B22E
CC
0042B22F
CC
0042B230 /$ 55
0042B231 |. 8BEC
0042B233 |. 83EC 14
0042B236 |. 894D EC
0042B239 |. 8B45 EC
0042B23C |. 33C9
0042B23E |. 8338 00
0042B241 |. 0F95C1
0042B244 |. 0FB6D1
0042B247 |. 85D2
0042B249 |. 75 05
0042B24B |. E8 38360000
0042B250 |> 33C0
0042B252 |.^ 75 FC
0042B254 |. 8B4D EC
0042B257 |. 8B51 04
0042B25A |. 0FBE42 29
0042B25E |. 85C0
0042B260 |. 74 27
0042B262 |. 8B4D EC
0042B265 |. 8B51 04
0042B268 |. 8B45 EC
0042B26B |. 8B4A 08
0042B26E |. 8948 04
0042B271 |. 8B55 EC
0042B274 |. 8B42 04
0042B277 |. 0FBE48 29
0042B27B |. 85C9
0042B27D |. 74 05
0042B27F |. E8 04360000
0042B284 |> E9 98000000
0042B289 |> 8B55 EC
0042B28C |. 8B42 04
0042B28F |. 8945 F8

INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
SUB ESP,14
MOV DWORD PTR SS:[LOCAL.5],ECX
PUSH 0
MOV EAX,DWORD PTR SS:[ARG.1]
PUSH EAX
CALL 0042D2B0
ADD ESP,8
MOV ESP,EBP
POP EBP
RETN 4
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
SUB ESP,14
MOV DWORD PTR SS:[LOCAL.5],ECX
MOV EAX,DWORD PTR SS:[LOCAL.5]
XOR ECX,ECX
CMP DWORD PTR DS:[EAX],0
SETNE CL
MOVZX EDX,CL
TEST EDX,EDX
JNE SHORT 0042B250
CALL 0042E888
/XOR EAX,EAX
\JNE SHORT 0042B250
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV EDX,DWORD PTR DS:[ECX+4]
MOVSX EAX,BYTE PTR DS:[EDX+29]
TEST EAX,EAX
JE SHORT 0042B289
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV EDX,DWORD PTR DS:[ECX+4]
MOV EAX,DWORD PTR SS:[LOCAL.5]
MOV ECX,DWORD PTR DS:[EDX+8]
MOV DWORD PTR DS:[EAX+4],ECX
MOV EDX,DWORD PTR SS:[LOCAL.5]
MOV EAX,DWORD PTR DS:[EDX+4]
MOVSX ECX,BYTE PTR DS:[EAX+29]
TEST ECX,ECX
JE SHORT 0042B284
CALL 0042E888
JMP 0042B321
MOV EDX,DWORD PTR SS:[LOCAL.5]
MOV EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.2],EAX

; SystemInf

0042B292
0042B295
0042B297
0042B29B
0042B29D
0042B29F
0042B2A2
0042B2A5
0042B2A8
0042B2AB
0042B2AD
0042B2B0
0042B2B3
0042B2B6
0042B2BA
0042B2BC
0042B2BE
0042B2C1
0042B2C4
0042B2C7
0042B2C9
0042B2CC
0042B2CF
0042B2D2
0042B2D4
0042B2D7
0042B2DA
0042B2DD
0042B2E0
0042B2E3
0042B2E7
0042B2E9
0042B2EB
0042B2EE
0042B2F1
0042B2F4
0042B2F6
0042B2F8
0042B2FB
0042B2FE
0042B301
0042B303
0042B306
0042B309
0042B30D
0042B30F
0042B311
0042B316
0042B318
0042B31B
0042B31E
0042B321
0042B323
0042B324
0042B325
0042B326
0042B327
0042B328
0042B329
0042B32A

|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.^
|>
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.^
|>
|.
|.
|.
|.
|.
|.
|>
|.
|.
|>
|.
\.

8B4D F8
8B11
0FBE42 29
85C0
75 35
8B4D EC
8B51 04
8955 F4
8B45 F4
8B08
894D F0
8B55 F0
8B42 08
0FBE48 29
85C9
75 0B
8B55 F0
8B42 08
8945 F0
EB E7
8B4D EC
8B55 F0
8951 04
EB 4D
8B45 EC
8B48 04
8B51 04
8955 FC
8B45 FC
0FBE48 29
85C9
75 18
8B55 EC
8B45 FC
8B4A 04
3B08
75 0B
8B55 EC
8B45 FC
8942 04
EB D1
8B4D EC
8B51 04
0FBE42 29
85C0
74 07
E8 72350000
EB 09
8B4D EC
8B55 FC
8951 04
8BE5
5D
C3
CC
CC
CC
CC
CC
CC

MOV ECX,DWORD PTR SS:[LOCAL.2]


MOV EDX,DWORD PTR DS:[ECX]
MOVSX EAX,BYTE PTR DS:[EDX+29]
TEST EAX,EAX
JNE SHORT 0042B2D4
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[LOCAL.3],EDX
MOV EAX,DWORD PTR SS:[LOCAL.3]
MOV ECX,DWORD PTR DS:[EAX]
MOV DWORD PTR SS:[LOCAL.4],ECX
/MOV EDX,DWORD PTR SS:[LOCAL.4]
|MOV EAX,DWORD PTR DS:[EDX+8]
|MOVSX ECX,BYTE PTR DS:[EAX+29]
|TEST ECX,ECX
|JNE SHORT 0042B2C9
|MOV EDX,DWORD PTR SS:[LOCAL.4]
|MOV EAX,DWORD PTR DS:[EDX+8]
|MOV DWORD PTR SS:[LOCAL.4],EAX
\JMP SHORT 0042B2B0
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV EDX,DWORD PTR SS:[LOCAL.4]
MOV DWORD PTR DS:[ECX+4],EDX
JMP SHORT 0042B321
/MOV EAX,DWORD PTR SS:[LOCAL.5]
|MOV ECX,DWORD PTR DS:[EAX+4]
|MOV EDX,DWORD PTR DS:[ECX+4]
|MOV DWORD PTR SS:[LOCAL.1],EDX
|MOV EAX,DWORD PTR SS:[LOCAL.1]
|MOVSX ECX,BYTE PTR DS:[EAX+29]
|TEST ECX,ECX
|JNE SHORT 0042B303
|MOV EDX,DWORD PTR SS:[LOCAL.5]
|MOV EAX,DWORD PTR SS:[LOCAL.1]
|MOV ECX,DWORD PTR DS:[EDX+4]
|CMP ECX,DWORD PTR DS:[EAX]
|JNE SHORT 0042B303
|MOV EDX,DWORD PTR SS:[LOCAL.5]
|MOV EAX,DWORD PTR SS:[LOCAL.1]
|MOV DWORD PTR DS:[EDX+4],EAX
\JMP SHORT 0042B2D4
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV EDX,DWORD PTR DS:[ECX+4]
MOVSX EAX,BYTE PTR DS:[EDX+29]
TEST EAX,EAX
JE SHORT 0042B318
CALL 0042E888
JMP SHORT 0042B321
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV EDX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR DS:[ECX+4],EDX
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
INT3
INT3
INT3

0042B32B
CC
INT3
0042B32C
CC
INT3
0042B32D
CC
INT3
0042B32E
CC
INT3
0042B32F
CC
INT3
0042B330 /$ 55
PUSH EBP
; SystemInf
o.0042B330(guessed Arg1,Arg2,Arg3)
0042B331 |. 8BEC
MOV EBP,ESP
0042B333 |. 6A FF
PUSH -1
0042B335 |. 68 F86A4400 PUSH 00446AF8
0042B33A |. 64:A1 0000000 MOV EAX,DWORD PTR FS:[0]
0042B340 |. 50
PUSH EAX
0042B341 |. 81EC 20010000 SUB ESP,120
0042B347 |. A1 A0154500 MOV EAX,DWORD PTR DS:[4515A0]
0042B34C |. 33C5
XOR EAX,EBP
0042B34E |. 50
PUSH EAX
0042B34F |. 8D45 F4
LEA EAX,[LOCAL.3]
0042B352 |. 64:A3 0000000 MOV DWORD PTR FS:[0],EAX
0042B358 |. 898D DCFEFFFF MOV DWORD PTR SS:[LOCAL.73],ECX
0042B35E |. 8B45 10
MOV EAX,DWORD PTR SS:[ARG.3]
0042B361 |. 8945 9C
MOV DWORD PTR SS:[LOCAL.25],EAX
0042B364 |. 8B4D 9C
MOV ECX,DWORD PTR SS:[LOCAL.25]
0042B367 |. 0FBE91 D50000 MOVSX EDX,BYTE PTR DS:[ECX+0D5]
0042B36E |. 85D2
TEST EDX,EDX
0042B370 |. 74 48
JE SHORT 0042B3BA
0042B372 |. 68 5C884400 PUSH OFFSET 0044885C
; /Arg1 = A
SCII "invalid map/set<T> iterator"
0042B377 |. 8D4D A0
LEA ECX,[LOCAL.24]
; |
0042B37A |. E8 7138FEFF CALL 0040EBF0
; \SystemIn
fo.0040EBF0
0042B37F |. C745 FC 00000 MOV DWORD PTR SS:[LOCAL.1],0
0042B386 |. 8D45 A0
LEA EAX,[LOCAL.24]
0042B389 |. 50
PUSH EAX
; /Arg1 =>
OFFSET LOCAL.24
0042B38A |. 8D4D BC
LEA ECX,[LOCAL.17]
; |
0042B38D |. E8 AED7FDFF CALL 00408B40
; \SystemIn
fo.00408B40
0042B392 |. C745 BC 54884 MOV DWORD PTR SS:[LOCAL.17],OFFSET 00448
0042B399 |. 68 7CD54400 PUSH OFFSET 0044D57C
; /Arg2 = S
ystemInfo.44D57C
0042B39E |. 8D4D BC
LEA ECX,[LOCAL.17]
; |
0042B3A1 |. 51
PUSH ECX
; |Arg1 =>
OFFSET LOCAL.17
0042B3A2 |. E8 7E350000 CALL 0042E925
; \SystemIn
fo.0042E925
0042B3A7 |. C745 FC FFFFF MOV DWORD PTR SS:[LOCAL.1],-1
0042B3AE |. 6A 00
PUSH 0
; /Arg2 = 0
0042B3B0 |. 6A 01
PUSH 1
; |Arg1 = 1
0042B3B2 |. 8D4D A0
LEA ECX,[LOCAL.24]
; |
0042B3B5 |. E8 A647FEFF CALL 0040FB60
; \SystemIn
fo.0040FB60
0042B3BA |> 8B55 10
MOV EDX,DWORD PTR SS:[ARG.3]
0042B3BD |. 8955 F0
MOV DWORD PTR SS:[LOCAL.4],EDX
0042B3C0 |. 8D4D 0C
LEA ECX,[ARG.2]
0042B3C3 |. E8 18BEFFFF CALL 004271E0
; [SystemIn
fo.004271E0
0042B3C8 |. 8B45 F0
MOV EAX,DWORD PTR SS:[LOCAL.4]
0042B3CB |. 8945 E8
MOV DWORD PTR SS:[LOCAL.6],EAX
0042B3CE |. 8B4D E8
MOV ECX,DWORD PTR SS:[LOCAL.6]
0042B3D1 |. 8B11
MOV EDX,DWORD PTR DS:[ECX]

0042B3D3
0042B3DA
0042B3DC
0042B3DE
0042B3E1
0042B3E4
0042B3E7
0042B3E9
0042B3EC
0042B3EF
0042B3F6
0042B3F8
0042B3FA
0042B3FD
0042B3FF
0042B402
0042B404
0042B407
0042B40A
0042B40D
0042B410
0042B413
0042B416
0042B419
0042B41F
0042B422
0042B425
0042B428
0042B42B
0042B432
0042B434
0042B436
0042B439
0042B43C
0042B43F
0042B445
0042B448
0042B44B
0042B44E
0042B450
0042B456
0042B459
0042B45C
0042B45F
0042B461
0042B464
0042B466
0042B469
0042B46B
0042B46E
0042B471
0042B473
0042B475
0042B478
0042B47B
0042B47E
0042B484
0042B487
0042B48A
0042B48D

|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|>
|.
|.
|.
|.

0FBE82 D50000
85C0
74 0B
8B4D E8
8B51 08
8955 EC
EB 2A
8B45 E8
8B48 08
0FBE91 D50000
85D2
74 0A
8B45 E8
8B08
894D EC
EB 0F
8B55 10
8955 E8
8B45 E8
8B48 08
894D EC
8B55 E8
3B55 F0
0F85 49010000
8B45 F0
8B48 04
894D E4
8B55 EC
0FBE82 D50000
85C0
75 09
8B4D EC
8B55 E4
8951 04
8B85 DCFEFFFF
8B48 18
8B51 04
3B55 F0
75 11
8B85 DCFEFFFF
8B48 18
8B55 EC
8951 04
EB 1D
8B45 E4
8B08
3B4D F0
75 0A
8B55 E4
8B45 EC
8902
EB 09
8B4D E4
8B55 EC
8951 08
8B85 DCFEFFFF
8B48 18
894D 88
8B55 88
8B02

MOVSX EAX,BYTE PTR DS:[EDX+0D5]


TEST EAX,EAX
JE SHORT 0042B3E9
MOV ECX,DWORD PTR SS:[LOCAL.6]
MOV EDX,DWORD PTR DS:[ECX+8]
MOV DWORD PTR SS:[LOCAL.5],EDX
JMP SHORT 0042B413
MOV EAX,DWORD PTR SS:[LOCAL.6]
MOV ECX,DWORD PTR DS:[EAX+8]
MOVSX EDX,BYTE PTR DS:[ECX+0D5]
TEST EDX,EDX
JE SHORT 0042B404
MOV EAX,DWORD PTR SS:[LOCAL.6]
MOV ECX,DWORD PTR DS:[EAX]
MOV DWORD PTR SS:[LOCAL.5],ECX
JMP SHORT 0042B413
MOV EDX,DWORD PTR SS:[ARG.3]
MOV DWORD PTR SS:[LOCAL.6],EDX
MOV EAX,DWORD PTR SS:[LOCAL.6]
MOV ECX,DWORD PTR DS:[EAX+8]
MOV DWORD PTR SS:[LOCAL.5],ECX
MOV EDX,DWORD PTR SS:[LOCAL.6]
CMP EDX,DWORD PTR SS:[LOCAL.4]
JNE 0042B568
MOV EAX,DWORD PTR SS:[LOCAL.4]
MOV ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.7],ECX
MOV EDX,DWORD PTR SS:[LOCAL.5]
MOVSX EAX,BYTE PTR DS:[EDX+0D5]
TEST EAX,EAX
JNE SHORT 0042B43F
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV EDX,DWORD PTR SS:[LOCAL.7]
MOV DWORD PTR DS:[ECX+4],EDX
MOV EAX,DWORD PTR SS:[LOCAL.73]
MOV ECX,DWORD PTR DS:[EAX+18]
MOV EDX,DWORD PTR DS:[ECX+4]
CMP EDX,DWORD PTR SS:[LOCAL.4]
JNE SHORT 0042B461
MOV EAX,DWORD PTR SS:[LOCAL.73]
MOV ECX,DWORD PTR DS:[EAX+18]
MOV EDX,DWORD PTR SS:[LOCAL.5]
MOV DWORD PTR DS:[ECX+4],EDX
JMP SHORT 0042B47E
MOV EAX,DWORD PTR SS:[LOCAL.7]
MOV ECX,DWORD PTR DS:[EAX]
CMP ECX,DWORD PTR SS:[LOCAL.4]
JNE SHORT 0042B475
MOV EDX,DWORD PTR SS:[LOCAL.7]
MOV EAX,DWORD PTR SS:[LOCAL.5]
MOV DWORD PTR DS:[EDX],EAX
JMP SHORT 0042B47E
MOV ECX,DWORD PTR SS:[LOCAL.7]
MOV EDX,DWORD PTR SS:[LOCAL.5]
MOV DWORD PTR DS:[ECX+8],EDX
MOV EAX,DWORD PTR SS:[LOCAL.73]
MOV ECX,DWORD PTR DS:[EAX+18]
MOV DWORD PTR SS:[LOCAL.30],ECX
MOV EDX,DWORD PTR SS:[LOCAL.30]
MOV EAX,DWORD PTR DS:[EDX]

0042B48F
0042B492
0042B494
0042B497
0042B49E
0042B4A0
0042B4A2
0042B4A5
0042B4AB
0042B4AD
0042B4B0
0042B4B3
0042B4B6
0042B4B8
0042B4BF
0042B4C1
0042B4C3
0042B4C6
0042B4C8
0042B4CB
0042B4CD
0042B4D0
0042B4D6
0042B4DC
0042B4DF
0042B4E2
0042B4E5
0042B4EB
0042B4ED
0042B4F3
0042B4F6
0042B4F9
0042B4FC
0042B4FE
0042B501
0042B508
0042B50A
0042B50C
0042B50F
0042B515
0042B517
0042B51A
0042B520
0042B526
0042B529
0042B530
0042B532
0042B534
0042B53A
0042B53D
0042B543
0042B545
0042B54B
0042B551
0042B557
0042B55A
0042B560
0042B563
0042B568
0042B56B

|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.^
|>
|.
|>
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.^
|>
|.
|>
|.
|.
|.
|>
|>
|.

3B45 F0
75 59
8B4D EC
0FBE91 D50000
85D2
74 0B
8B45 E4
8985 D8FEFFFF
EB 29
8B4D EC
894D 84
8B55 84
8B02
0FBE88 D50000
85C9
75 0A
8B55 84
8B02
8945 84
EB E6
8B4D 84
898D D8FEFFFF
8B95 DCFEFFFF
8B42 18
8945 80
8B4D 80
8B95 D8FEFFFF
8911
8B85 DCFEFFFF
8B48 18
8B51 08
3B55 F0
75 65
8B45 EC
0FBE88 D50000
85C9
74 0B
8B55 E4
8995 D4FEFFFF
EB 3A
8B45 EC
8985 7CFFFFFF
8B8D 7CFFFFFF
8B51 08
0FBE82 D50000
85C0
75 11
8B8D 7CFFFFFF
8B51 08
8995 7CFFFFFF
EB DB
8B85 7CFFFFFF
8985 D4FEFFFF
8B8D DCFEFFFF
8B51 18
8B85 D4FEFFFF
8942 08
E9 2B010000
8B4D F0
8B11

CMP EAX,DWORD PTR SS:[LOCAL.4]


JNE SHORT 0042B4ED
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOVSX EDX,BYTE PTR DS:[ECX+0D5]
TEST EDX,EDX
JE SHORT 0042B4AD
MOV EAX,DWORD PTR SS:[LOCAL.7]
MOV DWORD PTR SS:[LOCAL.74],EAX
JMP SHORT 0042B4D6
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV DWORD PTR SS:[LOCAL.31],ECX
/MOV EDX,DWORD PTR SS:[LOCAL.31]
|MOV EAX,DWORD PTR DS:[EDX]
|MOVSX ECX,BYTE PTR DS:[EAX+0D5]
|TEST ECX,ECX
|JNE SHORT 0042B4CD
|MOV EDX,DWORD PTR SS:[LOCAL.31]
|MOV EAX,DWORD PTR DS:[EDX]
|MOV DWORD PTR SS:[LOCAL.31],EAX
\JMP SHORT 0042B4B3
MOV ECX,DWORD PTR SS:[LOCAL.31]
MOV DWORD PTR SS:[LOCAL.74],ECX
MOV EDX,DWORD PTR SS:[LOCAL.73]
MOV EAX,DWORD PTR DS:[EDX+18]
MOV DWORD PTR SS:[LOCAL.32],EAX
MOV ECX,DWORD PTR SS:[LOCAL.32]
MOV EDX,DWORD PTR SS:[LOCAL.74]
MOV DWORD PTR DS:[ECX],EDX
MOV EAX,DWORD PTR SS:[LOCAL.73]
MOV ECX,DWORD PTR DS:[EAX+18]
MOV EDX,DWORD PTR DS:[ECX+8]
CMP EDX,DWORD PTR SS:[LOCAL.4]
JNE SHORT 0042B563
MOV EAX,DWORD PTR SS:[LOCAL.5]
MOVSX ECX,BYTE PTR DS:[EAX+0D5]
TEST ECX,ECX
JE SHORT 0042B517
MOV EDX,DWORD PTR SS:[LOCAL.7]
MOV DWORD PTR SS:[LOCAL.75],EDX
JMP SHORT 0042B551
MOV EAX,DWORD PTR SS:[LOCAL.5]
MOV DWORD PTR SS:[LOCAL.33],EAX
/MOV ECX,DWORD PTR SS:[LOCAL.33]
|MOV EDX,DWORD PTR DS:[ECX+8]
|MOVSX EAX,BYTE PTR DS:[EDX+0D5]
|TEST EAX,EAX
|JNE SHORT 0042B545
|MOV ECX,DWORD PTR SS:[LOCAL.33]
|MOV EDX,DWORD PTR DS:[ECX+8]
|MOV DWORD PTR SS:[LOCAL.33],EDX
\JMP SHORT 0042B520
MOV EAX,DWORD PTR SS:[LOCAL.33]
MOV DWORD PTR SS:[LOCAL.75],EAX
MOV ECX,DWORD PTR SS:[LOCAL.73]
MOV EDX,DWORD PTR DS:[ECX+18]
MOV EAX,DWORD PTR SS:[LOCAL.75]
MOV DWORD PTR DS:[EDX+8],EAX
JMP 0042B693
MOV ECX,DWORD PTR SS:[LOCAL.4]
MOV EDX,DWORD PTR DS:[ECX]

0042B56D
0042B570
0042B573
0042B576
0042B579
0042B57B
0042B57D
0042B580
0042B583
0042B586
0042B588
0042B58B
0042B58E
0042B590
0042B593
0042B596
0042B599
0042B59C
0042B5A3
0042B5A5
0042B5A7
0042B5AA
0042B5AD
0042B5B0
0042B5B3
0042B5B6
0042B5B8
0042B5BB
0042B5BE
0042B5C1
0042B5C4
0042B5C7
0042B5CA
0042B5CD
0042B5D0
0042B5D6
0042B5D9
0042B5DC
0042B5DF
0042B5E1
0042B5E7
0042B5EA
0042B5ED
0042B5F0
0042B5F2
0042B5F5
0042B5F8
0042B5FE
0042B604
0042B606
0042B609
0042B60B
0042B60E
0042B611
0042B617
0042B61D
0042B620
0042B622
0042B624
0042B627

|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.

8B45 E8
8942 04
8B4D E8
8B55 F0
8B02
8901
8B4D F0
8B55 E8
3B51 08
75 08
8B45 E8
8945 E4
EB 40
8B4D E8
8B51 04
8955 E4
8B45 EC
0FBE88 D50000
85C9
75 09
8B55 EC
8B45 E4
8942 04
8B4D E4
8B55 EC
8911
8B45 E8
8B4D F0
8B51 08
8950 08
8B45 F0
8B48 08
8B55 E8
8951 04
8B85 DCFEFFFF
8B48 18
8B51 04
3B55 F0
75 11
8B85 DCFEFFFF
8B48 18
8B55 E8
8951 04
EB 3E
8B45 F0
8B48 04
898D 78FFFFFF
8B95 78FFFFFF
8B02
3B45 F0
75 19
8B4D F0
8B51 04
8995 74FFFFFF
8B85 74FFFFFF
8B4D E8
8908
EB 0C
8B55 F0
8B42 04

MOV EAX,DWORD PTR SS:[LOCAL.6]


MOV DWORD PTR DS:[EDX+4],EAX
MOV ECX,DWORD PTR SS:[LOCAL.6]
MOV EDX,DWORD PTR SS:[LOCAL.4]
MOV EAX,DWORD PTR DS:[EDX]
MOV DWORD PTR DS:[ECX],EAX
MOV ECX,DWORD PTR SS:[LOCAL.4]
MOV EDX,DWORD PTR SS:[LOCAL.6]
CMP EDX,DWORD PTR DS:[ECX+8]
JNE SHORT 0042B590
MOV EAX,DWORD PTR SS:[LOCAL.6]
MOV DWORD PTR SS:[LOCAL.7],EAX
JMP SHORT 0042B5D0
MOV ECX,DWORD PTR SS:[LOCAL.6]
MOV EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[LOCAL.7],EDX
MOV EAX,DWORD PTR SS:[LOCAL.5]
MOVSX ECX,BYTE PTR DS:[EAX+0D5]
TEST ECX,ECX
JNE SHORT 0042B5B0
MOV EDX,DWORD PTR SS:[LOCAL.5]
MOV EAX,DWORD PTR SS:[LOCAL.7]
MOV DWORD PTR DS:[EDX+4],EAX
MOV ECX,DWORD PTR SS:[LOCAL.7]
MOV EDX,DWORD PTR SS:[LOCAL.5]
MOV DWORD PTR DS:[ECX],EDX
MOV EAX,DWORD PTR SS:[LOCAL.6]
MOV ECX,DWORD PTR SS:[LOCAL.4]
MOV EDX,DWORD PTR DS:[ECX+8]
MOV DWORD PTR DS:[EAX+8],EDX
MOV EAX,DWORD PTR SS:[LOCAL.4]
MOV ECX,DWORD PTR DS:[EAX+8]
MOV EDX,DWORD PTR SS:[LOCAL.6]
MOV DWORD PTR DS:[ECX+4],EDX
MOV EAX,DWORD PTR SS:[LOCAL.73]
MOV ECX,DWORD PTR DS:[EAX+18]
MOV EDX,DWORD PTR DS:[ECX+4]
CMP EDX,DWORD PTR SS:[LOCAL.4]
JNE SHORT 0042B5F2
MOV EAX,DWORD PTR SS:[LOCAL.73]
MOV ECX,DWORD PTR DS:[EAX+18]
MOV EDX,DWORD PTR SS:[LOCAL.6]
MOV DWORD PTR DS:[ECX+4],EDX
JMP SHORT 0042B630
MOV EAX,DWORD PTR SS:[LOCAL.4]
MOV ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.34],ECX
MOV EDX,DWORD PTR SS:[LOCAL.34]
MOV EAX,DWORD PTR DS:[EDX]
CMP EAX,DWORD PTR SS:[LOCAL.4]
JNE SHORT 0042B624
MOV ECX,DWORD PTR SS:[LOCAL.4]
MOV EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[LOCAL.35],EDX
MOV EAX,DWORD PTR SS:[LOCAL.35]
MOV ECX,DWORD PTR SS:[LOCAL.6]
MOV DWORD PTR DS:[EAX],ECX
JMP SHORT 0042B630
MOV EDX,DWORD PTR SS:[LOCAL.4]
MOV EAX,DWORD PTR DS:[EDX+4]

0042B62A
0042B62D
0042B630
0042B633
0042B636
0042B639
0042B63C
0042B63F
0042B645
0042B64B
0042B64E
0042B653
0042B659
0042B65F
0042B665
0042B667
0042B66D
0042B66F
0042B675
0042B67B
0042B681
0042B683
0042B685
0042B68B
0042B691
0042B693
0042B696
0042B69D
0042B6A0
0042B6A6
0042B6A8
0042B6AB
0042B6AE
0042B6B1
0042B6B7
0042B6BA
0042B6BD
0042B6C0
0042B6C6
0042B6C9
0042B6D0
0042B6D3
0042B6D9
0042B6DC
0042B6DF
0042B6E1
0042B6E7
0042B6EA
0042B6ED
0042B6F0
0042B6F3
0042B6FA
0042B6FC
0042B6FE
0042B701
0042B708
0042B70B
0042B712
0042B715
0042B716

|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|>
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.

8B4D E8
8948 08
8B55 E8
8B45 F0
8B48 04
894A 04
8B55 F0
81C2 D4000000
8995 68FFFFFF
8B45 E8
05 D4000000
8985 6CFFFFFF
8B8D 6CFFFFFF
3B8D 68FFFFFF
74 2C
8B95 6CFFFFFF
8A02
8885 73FFFFFF
8B8D 6CFFFFFF
8B95 68FFFFFF
8A02
8801
8B8D 68FFFFFF
8A95 73FFFFFF
8811
8B45 F0
0FBE88 D40000
83F9 01
0F85 6A020000
EB 09
8B55 EC
8B42 04
8945 E4
8B8D DCFEFFFF
8B51 18
8B45 EC
3B42 04
0F84 40020000
8B4D EC
0FBE91 D40000
83FA 01
0F85 2D020000
8B45 E4
8B4D EC
3B08
0F85 13010000
8B55 E4
8B42 08
8945 E8
8B4D E8
0FBE91 D40000
85D2
75 2C
8B45 E8
C680 D4000000
8B4D E4
C681 D4000000
8B55 E4
52
8B8D DCFEFFFF

MOV ECX,DWORD PTR SS:[LOCAL.6]


MOV DWORD PTR DS:[EAX+8],ECX
MOV EDX,DWORD PTR SS:[LOCAL.6]
MOV EAX,DWORD PTR SS:[LOCAL.4]
MOV ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR DS:[EDX+4],ECX
MOV EDX,DWORD PTR SS:[LOCAL.4]
ADD EDX,0D4
MOV DWORD PTR SS:[LOCAL.38],EDX
MOV EAX,DWORD PTR SS:[LOCAL.6]
ADD EAX,0D4
MOV DWORD PTR SS:[LOCAL.37],EAX
MOV ECX,DWORD PTR SS:[LOCAL.37]
CMP ECX,DWORD PTR SS:[LOCAL.38]
JE SHORT 0042B693
MOV EDX,DWORD PTR SS:[LOCAL.37]
MOV AL,BYTE PTR DS:[EDX]
MOV BYTE PTR SS:[LOCAL.36+3],AL
MOV ECX,DWORD PTR SS:[LOCAL.37]
MOV EDX,DWORD PTR SS:[LOCAL.38]
MOV AL,BYTE PTR DS:[EDX]
MOV BYTE PTR DS:[ECX],AL
MOV ECX,DWORD PTR SS:[LOCAL.38]
MOV DL,BYTE PTR SS:[LOCAL.36+3]
MOV BYTE PTR DS:[ECX],DL
MOV EAX,DWORD PTR SS:[LOCAL.4]
MOVSX ECX,BYTE PTR DS:[EAX+0D4]
CMP ECX,1
JNE 0042B910
JMP SHORT 0042B6B1
MOV EDX,DWORD PTR SS:[EBP-14]
MOV EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[EBP-1C],EAX
MOV ECX,DWORD PTR SS:[EBP-124]
MOV EDX,DWORD PTR DS:[ECX+18]
MOV EAX,DWORD PTR SS:[EBP-14]
CMP EAX,DWORD PTR DS:[EDX+4]
JE 0042B906
MOV ECX,DWORD PTR SS:[EBP-14]
MOVSX EDX,BYTE PTR DS:[ECX+0D4]
CMP EDX,1
JNE 0042B906
MOV EAX,DWORD PTR SS:[EBP-1C]
MOV ECX,DWORD PTR SS:[EBP-14]
CMP ECX,DWORD PTR DS:[EAX]
JNE 0042B7FA
MOV EDX,DWORD PTR SS:[EBP-1C]
MOV EAX,DWORD PTR DS:[EDX+8]
MOV DWORD PTR SS:[EBP-18],EAX
MOV ECX,DWORD PTR SS:[EBP-18]
MOVSX EDX,BYTE PTR DS:[ECX+0D4]
TEST EDX,EDX
JNE SHORT 0042B72A
MOV EAX,DWORD PTR SS:[EBP-18]
MOV BYTE PTR DS:[EAX+0D4],1
MOV ECX,DWORD PTR SS:[EBP-1C]
MOV BYTE PTR DS:[ECX+0D4],0
MOV EDX,DWORD PTR SS:[EBP-1C]
PUSH EDX
MOV ECX,DWORD PTR SS:[EBP-124]

; /Arg1
; |

0042B71C |.
fo.0042BA30
0042B721 |.
0042B724 |.
0042B727 |.
0042B72A |>
0042B72D |.
0042B734 |.
0042B736 |.
0042B738 |.
0042B73B |.
0042B73E |.^
0042B743 |>
0042B746 |.
0042B748 |.
0042B74F |.
0042B752 |.
0042B754 |.
0042B757 |.
0042B75A |.
0042B761 |.
0042B764 |.
0042B766 |.
0042B769 |.
0042B770 |.
0042B773 |.
0042B776 |.^
0042B778 |>
0042B77B |.
0042B77E |.
0042B785 |.
0042B788 |.
0042B78A |.
0042B78D |.
0042B78F |.
0042B796 |.
0042B799 |.
0042B7A0 |.
0042B7A3 |.
0042B7A4 |.
0042B7AA |.
fo.0042BAE0
0042B7AF |.
0042B7B2 |.
0042B7B5 |.
0042B7B8 |>
0042B7BB |.
0042B7BE |.
0042B7C4 |.
0042B7CA |.
0042B7CD |.
0042B7D4 |.
0042B7D7 |.
0042B7DA |.
0042B7E1 |.
0042B7E4 |.
0042B7E5 |.
0042B7EB |.
fo.0042BA30
0042B7F0 |.

E8 0F030000

CALL 0042BA30

; \SystemIn

8B45 E4
8B48 08
894D E8
8B55 E8
0FBE82 D50000
85C0
74 0B
8B4D E4
894D EC
E9 B2000000
8B55 E8
8B02
0FBE88 D40000
83F9 01
75 24
8B55 E8
8B42 08
0FBE88 D40000
83F9 01
75 12
8B55 E8
C682 D4000000
8B45 E4
8945 EC
EB 7D
8B4D E8
8B51 08
0FBE82 D40000
83F8 01
75 2E
8B4D E8
8B11
C682 D4000000
8B45 E8
C680 D4000000
8B4D E8
51
8B8D DCFEFFFF
E8 31030000

MOV EAX,DWORD PTR SS:[EBP-1C]


MOV ECX,DWORD PTR DS:[EAX+8]
MOV DWORD PTR SS:[EBP-18],ECX
MOV EDX,DWORD PTR SS:[EBP-18]
MOVSX EAX,BYTE PTR DS:[EDX+0D5]
TEST EAX,EAX
JE SHORT 0042B743
MOV ECX,DWORD PTR SS:[EBP-1C]
MOV DWORD PTR SS:[EBP-14],ECX
JMP 0042B7F5
MOV EDX,DWORD PTR SS:[EBP-18]
MOV EAX,DWORD PTR DS:[EDX]
MOVSX ECX,BYTE PTR DS:[EAX+0D4]
CMP ECX,1
JNE SHORT 0042B778
MOV EDX,DWORD PTR SS:[EBP-18]
MOV EAX,DWORD PTR DS:[EDX+8]
MOVSX ECX,BYTE PTR DS:[EAX+0D4]
CMP ECX,1
JNE SHORT 0042B778
MOV EDX,DWORD PTR SS:[EBP-18]
MOV BYTE PTR DS:[EDX+0D4],0
MOV EAX,DWORD PTR SS:[EBP-1C]
MOV DWORD PTR SS:[EBP-14],EAX
JMP SHORT 0042B7F5
MOV ECX,DWORD PTR SS:[EBP-18]
MOV EDX,DWORD PTR DS:[ECX+8]
MOVSX EAX,BYTE PTR DS:[EDX+0D4]
CMP EAX,1
JNE SHORT 0042B7B8
MOV ECX,DWORD PTR SS:[EBP-18]
MOV EDX,DWORD PTR DS:[ECX]
MOV BYTE PTR DS:[EDX+0D4],1
MOV EAX,DWORD PTR SS:[EBP-18]
MOV BYTE PTR DS:[EAX+0D4],0
MOV ECX,DWORD PTR SS:[EBP-18]
PUSH ECX
MOV ECX,DWORD PTR SS:[EBP-124]
CALL 0042BAE0

; /Arg1
; |
; \SystemIn

8B55 E4
8B42 08
8945 E8
8B4D E8
8B55 E4
8A82 D4000000
8881 D4000000
8B4D E4
C681 D4000000
8B55 E8
8B42 08
C680 D4000000
8B4D E4
51
8B8D DCFEFFFF
E8 40020000

MOV EDX,DWORD PTR SS:[EBP-1C]


MOV EAX,DWORD PTR DS:[EDX+8]
MOV DWORD PTR SS:[EBP-18],EAX
MOV ECX,DWORD PTR SS:[EBP-18]
MOV EDX,DWORD PTR SS:[EBP-1C]
MOV AL,BYTE PTR DS:[EDX+0D4]
MOV BYTE PTR DS:[ECX+0D4],AL
MOV ECX,DWORD PTR SS:[EBP-1C]
MOV BYTE PTR DS:[ECX+0D4],1
MOV EDX,DWORD PTR SS:[EBP-18]
MOV EAX,DWORD PTR DS:[EDX+8]
MOV BYTE PTR DS:[EAX+0D4],1
MOV ECX,DWORD PTR SS:[EBP-1C]
PUSH ECX
MOV ECX,DWORD PTR SS:[EBP-124]
CALL 0042BA30

; /Arg1
; |
; \SystemIn

E9 11010000

JMP 0042B906

0042B7F5 |>^
0042B7FA |>
0042B7FD |.
0042B7FF |.
0042B802 |.
0042B805 |.
0042B80C |.
0042B80E |.
0042B810 |.
0042B813 |.
0042B81A |.
0042B81D |.
0042B824 |.
0042B827 |.
0042B828 |.
0042B82E |.
fo.0042BAE0
0042B833 |.
0042B836 |.
0042B838 |.
0042B83B |>
0042B83E |.
0042B845 |.
0042B847 |.
0042B849 |.
0042B84C |.
0042B84F |.^
0042B854 |>
0042B857 |.
0042B85A |.
0042B861 |.
0042B864 |.
0042B866 |.
0042B869 |.
0042B86B |.
0042B872 |.
0042B875 |.
0042B877 |.
0042B87A |.
0042B881 |.
0042B884 |.
0042B887 |.^
0042B889 |>
0042B88C |.
0042B88E |.
0042B895 |.
0042B898 |.
0042B89A |.
0042B89D |.
0042B8A0 |.
0042B8A7 |.
0042B8AA |.
0042B8B1 |.
0042B8B4 |.
0042B8B5 |.
0042B8BB |.
fo.0042BA30
0042B8C0 |.
0042B8C3 |.
0042B8C5 |.

E9 07010000
8B55 E4
8B02
8945 E8
8B4D E8
0FBE91 D40000
85D2
75 2B
8B45 E8
C680 D4000000
8B4D E4
C681 D4000000
8B55 E4
52
8B8D DCFEFFFF
E8 AD020000

JMP 0042B901
MOV EDX,DWORD PTR SS:[EBP-1C]
MOV EAX,DWORD PTR DS:[EDX]
MOV DWORD PTR SS:[EBP-18],EAX
MOV ECX,DWORD PTR SS:[EBP-18]
MOVSX EDX,BYTE PTR DS:[ECX+0D4]
TEST EDX,EDX
JNE SHORT 0042B83B
MOV EAX,DWORD PTR SS:[EBP-18]
MOV BYTE PTR DS:[EAX+0D4],1
MOV ECX,DWORD PTR SS:[EBP-1C]
MOV BYTE PTR DS:[ECX+0D4],0
MOV EDX,DWORD PTR SS:[EBP-1C]
PUSH EDX
MOV ECX,DWORD PTR SS:[EBP-124]
CALL 0042BAE0

; /Arg1
; |
; \SystemIn

8B45 E4
8B08
894D E8
8B55 E8
0FBE82 D50000
85C0
74 0B
8B4D E4
894D EC
E9 AD000000
8B55 E8
8B42 08
0FBE88 D40000
83F9 01
75 23
8B55 E8
8B02
0FBE88 D40000
83F9 01
75 12
8B55 E8
C682 D4000000
8B45 E4
8945 EC
EB 78
8B4D E8
8B11
0FBE82 D40000
83F8 01
75 2E
8B4D E8
8B51 08
C682 D4000000
8B45 E8
C680 D4000000
8B4D E8
51
8B8D DCFEFFFF
E8 70010000

MOV EAX,DWORD PTR SS:[EBP-1C]


MOV ECX,DWORD PTR DS:[EAX]
MOV DWORD PTR SS:[EBP-18],ECX
MOV EDX,DWORD PTR SS:[EBP-18]
MOVSX EAX,BYTE PTR DS:[EDX+0D5]
TEST EAX,EAX
JE SHORT 0042B854
MOV ECX,DWORD PTR SS:[EBP-1C]
MOV DWORD PTR SS:[EBP-14],ECX
JMP 0042B901
MOV EDX,DWORD PTR SS:[EBP-18]
MOV EAX,DWORD PTR DS:[EDX+8]
MOVSX ECX,BYTE PTR DS:[EAX+0D4]
CMP ECX,1
JNE SHORT 0042B889
MOV EDX,DWORD PTR SS:[EBP-18]
MOV EAX,DWORD PTR DS:[EDX]
MOVSX ECX,BYTE PTR DS:[EAX+0D4]
CMP ECX,1
JNE SHORT 0042B889
MOV EDX,DWORD PTR SS:[EBP-18]
MOV BYTE PTR DS:[EDX+0D4],0
MOV EAX,DWORD PTR SS:[EBP-1C]
MOV DWORD PTR SS:[EBP-14],EAX
JMP SHORT 0042B901
MOV ECX,DWORD PTR SS:[EBP-18]
MOV EDX,DWORD PTR DS:[ECX]
MOVSX EAX,BYTE PTR DS:[EDX+0D4]
CMP EAX,1
JNE SHORT 0042B8C8
MOV ECX,DWORD PTR SS:[EBP-18]
MOV EDX,DWORD PTR DS:[ECX+8]
MOV BYTE PTR DS:[EDX+0D4],1
MOV EAX,DWORD PTR SS:[EBP-18]
MOV BYTE PTR DS:[EAX+0D4],0
MOV ECX,DWORD PTR SS:[EBP-18]
PUSH ECX
MOV ECX,DWORD PTR SS:[EBP-124]
CALL 0042BA30

; /Arg1
; |
; \SystemIn

8B55 E4
8B02
8945 E8

MOV EDX,DWORD PTR SS:[EBP-1C]


MOV EAX,DWORD PTR DS:[EDX]
MOV DWORD PTR SS:[EBP-18],EAX

0042B8C8 |>
0042B8CB |.
0042B8CE |.
0042B8D4 |.
0042B8DA |.
0042B8DD |.
0042B8E4 |.
0042B8E7 |.
0042B8E9 |.
0042B8F0 |.
0042B8F3 |.
0042B8F4 |.
0042B8FA |.
fo.0042BAE0
0042B8FF |.
0042B901 |>^
0042B906 |>
0042B909 |.
0042B910 |>
0042B913 |.
fo.0042D460
0042B918 |.
0042B91A |.
0042B91D |.
0042B91F |.
0042B922 |.
0042B923 |.
0042B928 |.
0042B92B |>
0042B92E |.
0042B92F |.
0042B934 |.
0042B937 |.
0042B93D |.
0042B941 |.
0042B943 |.
0042B949 |.
0042B94C |.
0042B94F |.
0042B955 |.
0042B958 |>
0042B95B |.
0042B961 |.
0042B964 |.
0042B96A |.
0042B974 |.
0042B97A |.
0042B980 |.
0042B987 |.
0042B989 |.
0042B98E |>
0042B990 |.^
0042B992 |.
0042B998 |.
0042B99A |.
0042B9A0 |.
0042B9A6 |.
0042B9AC |.
0042B9AF |.
0042B9B1 |.

8B4D E8
8B55 E4
8A82 D4000000
8881 D4000000
8B4D E4
C681 D4000000
8B55 E8
8B02
C680 D4000000
8B4D E4
51
8B8D DCFEFFFF
E8 E1010000

MOV ECX,DWORD PTR SS:[EBP-18]


MOV EDX,DWORD PTR SS:[EBP-1C]
MOV AL,BYTE PTR DS:[EDX+0D4]
MOV BYTE PTR DS:[ECX+0D4],AL
MOV ECX,DWORD PTR SS:[EBP-1C]
MOV BYTE PTR DS:[ECX+0D4],1
MOV EDX,DWORD PTR SS:[EBP-18]
MOV EAX,DWORD PTR DS:[EDX]
MOV BYTE PTR DS:[EAX+0D4],1
MOV ECX,DWORD PTR SS:[EBP-1C]
PUSH ECX
MOV ECX,DWORD PTR SS:[EBP-124]
CALL 0042BAE0

; /Arg1
; |
; \SystemIn

EB 05
E9 A2FDFFFF
8B55 EC
C682 D4000000
8B4D F0
E8 481B0000

JMP SHORT 0042B906


JMP 0042B6A8
MOV EDX,DWORD PTR SS:[EBP-14]
MOV BYTE PTR DS:[EDX+0D4],1
MOV ECX,DWORD PTR SS:[EBP-10]
CALL 0042D460

; [SystemIn

33C0
83E0 01
74 0C
8B4D F0
51
E8 F22F0000
83C4 04
8B55 F0
52
E8 E62F0000
83C4 04
8B85 DCFEFFFF
8378 1C 00
76 15
8B8D DCFEFFFF
8B51 1C
83EA 01
8B85 DCFEFFFF
8950 1C
8B4D 0C
898D E0FEFFFF
8B55 10
8995 E4FEFFFF
C785 E8FEFFFF
8B85 E4FEFFFF
8985 ECFEFFFF
83BD DCFEFFFF
75 05
E8 FA2E0000
33C9
75 FC
8B95 DCFEFFFF
8B02
8985 E8FEFFFF
8B8D E8FEFFFF
8B95 ECFEFFFF
8B45 08
8908
8950 04

XOR EAX,EAX
AND EAX,00000001
JE SHORT 0042B92B
MOV ECX,DWORD PTR SS:[EBP-10]
PUSH ECX
CALL 0042E91A
ADD ESP,4
MOV EDX,DWORD PTR SS:[EBP-10]
PUSH EDX
CALL 0042E91A
ADD ESP,4
MOV EAX,DWORD PTR SS:[EBP-124]
CMP DWORD PTR DS:[EAX+1C],0
JBE SHORT 0042B958
MOV ECX,DWORD PTR SS:[EBP-124]
MOV EDX,DWORD PTR DS:[ECX+1C]
SUB EDX,1
MOV EAX,DWORD PTR SS:[EBP-124]
MOV DWORD PTR DS:[EAX+1C],EDX
MOV ECX,DWORD PTR SS:[EBP+0C]
MOV DWORD PTR SS:[EBP-120],ECX
MOV EDX,DWORD PTR SS:[EBP+10]
MOV DWORD PTR SS:[EBP-11C],EDX
MOV DWORD PTR SS:[EBP-118],0
MOV EAX,DWORD PTR SS:[EBP-11C]
MOV DWORD PTR SS:[EBP-114],EAX
CMP DWORD PTR SS:[EBP-124],0
JNE SHORT 0042B98E
CALL 0042E888
/XOR ECX,ECX
\JNE SHORT 0042B98E
MOV EDX,DWORD PTR SS:[EBP-124]
MOV EAX,DWORD PTR DS:[EDX]
MOV DWORD PTR SS:[EBP-118],EAX
MOV ECX,DWORD PTR SS:[EBP-118]
MOV EDX,DWORD PTR SS:[EBP-114]
MOV EAX,DWORD PTR SS:[EBP+8]
MOV DWORD PTR DS:[EAX],ECX
MOV DWORD PTR DS:[EAX+4],EDX

0042B9B4 |. 8B45 08
0042B9B7 |. 8B4D F4
0042B9BA |. 64:890D 00000
0042B9C1 |. 59
0042B9C2 |. 8BE5
0042B9C4 |. 5D
0042B9C5 \. C2 0C00
0042B9C8
CC
0042B9C9
CC
0042B9CA
CC
0042B9CB
CC
0042B9CC
CC
0042B9CD
CC
0042B9CE
CC
0042B9CF
CC
0042B9D0 /$ 55
0042B9D1 |. 8BEC
0042B9D3 |. 83EC 1C
0042B9D6 |. 894D E4
0042B9D9 |. 8B45 E4
0042B9DC |. 8B48 18
0042B9DF |. 8B51 04
0042B9E2 |. 52
0042B9E3 |. 8B4D E4
0042B9E6 |. E8 C50F0000
fo.0042C9B0
0042B9EB |. 8B45 E4
0042B9EE |. 8B48 18
0042B9F1 |. 8B55 E4
0042B9F4 |. 8B42 18
0042B9F7 |. 8941 04
0042B9FA |. 8B4D E4
0042B9FD |. C741 1C 00000
0042BA04 |. 8B55 E4
0042BA07 |. 8B42 18
0042BA0A |. 8945 E8
0042BA0D |. 8B4D E8
0042BA10 |. 8B55 E4
0042BA13 |. 8B42 18
0042BA16 |. 8901
0042BA18 |. 8B4D E4
0042BA1B |. 8B51 18
0042BA1E |. 8B45 E4
0042BA21 |. 8B48 18
0042BA24 |. 894A 08
0042BA27 |. 8BE5
0042BA29 |. 5D
0042BA2A \. C3
0042BA2B
CC
0042BA2C
CC
0042BA2D
CC
0042BA2E
CC
0042BA2F
CC
0042BA30 /$ 55
o.0042BA30(guessed Arg1)
0042BA31 |. 8BEC
0042BA33 |. 83EC 10
0042BA36 |. 894D F0
0042BA39 |. 8B45 08
0042BA3C |. 8B48 08

MOV EAX,DWORD
MOV ECX,DWORD
MOV DWORD PTR
POP ECX
MOV ESP,EBP
POP EBP
RETN 0C
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
SUB ESP,1C
MOV DWORD PTR
MOV EAX,DWORD
MOV ECX,DWORD
MOV EDX,DWORD
PUSH EDX
MOV ECX,DWORD
CALL 0042C9B0

PTR SS:[EBP+8]
PTR SS:[EBP-0C]
FS:[0],ECX

MOV EAX,DWORD
MOV ECX,DWORD
MOV EDX,DWORD
MOV EAX,DWORD
MOV DWORD PTR
MOV ECX,DWORD
MOV DWORD PTR
MOV EDX,DWORD
MOV EAX,DWORD
MOV DWORD PTR
MOV ECX,DWORD
MOV EDX,DWORD
MOV EAX,DWORD
MOV DWORD PTR
MOV ECX,DWORD
MOV EDX,DWORD
MOV EAX,DWORD
MOV ECX,DWORD
MOV DWORD PTR
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
INT3
INT3
PUSH EBP

PTR SS:[LOCAL.7]
PTR DS:[EAX+18]
PTR SS:[LOCAL.7]
PTR DS:[EDX+18]
DS:[ECX+4],EAX
PTR SS:[LOCAL.7]
DS:[ECX+1C],0
PTR SS:[LOCAL.7]
PTR DS:[EDX+18]
SS:[LOCAL.6],EAX
PTR SS:[LOCAL.6]
PTR SS:[LOCAL.7]
PTR DS:[EDX+18]
DS:[ECX],EAX
PTR SS:[LOCAL.7]
PTR DS:[ECX+18]
PTR SS:[LOCAL.7]
PTR DS:[EAX+18]
DS:[EDX+8],ECX

MOV
SUB
MOV
MOV
MOV

SS:[LOCAL.7],ECX
PTR SS:[LOCAL.7]
PTR DS:[EAX+18]
PTR DS:[ECX+4]
PTR SS:[LOCAL.7]

EBP,ESP
ESP,10
DWORD PTR SS:[LOCAL.4],ECX
EAX,DWORD PTR SS:[ARG.1]
ECX,DWORD PTR DS:[EAX+8]

; /Arg1
; |
; \SystemIn

; SystemInf

0042BA3F
0042BA42
0042BA45
0042BA48
0042BA4A
0042BA4D
0042BA50
0042BA52
0042BA59
0042BA5B
0042BA5D
0042BA60
0042BA62
0042BA65
0042BA68
0042BA6B
0042BA6E
0042BA71
0042BA74
0042BA77
0042BA7A
0042BA7D
0042BA80
0042BA82
0042BA85
0042BA88
0042BA8B
0042BA8E
0042BA90
0042BA93
0042BA96
0042BA99
0042BA9C
0042BA9F
0042BAA1
0042BAA3
0042BAA6
0042BAA9
0042BAAC
0042BAAF
0042BAB2
0042BAB4
0042BAB6
0042BAB9
0042BABC
0042BABF
0042BAC2
0042BAC5
0042BAC8
0042BACA
0042BACD
0042BAD0
0042BAD3
0042BAD5
0042BAD6
0042BAD9
0042BADA
0042BADB
0042BADC
0042BADD

|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
\.

894D FC
8B55 08
8B45 FC
8B08
894A 08
8B55 FC
8B02
0FBE88 D50000
85C9
75 0B
8B55 FC
8B02
8B4D 08
8948 04
8B55 FC
8B45 08
8B48 04
894A 04
8B55 F0
8B42 18
8B4D 08
3B48 04
75 0E
8B55 F0
8B42 18
8B4D FC
8948 04
EB 32
8B55 08
8B42 04
8945 F8
8B4D F8
8B55 08
3B11
75 13
8B45 08
8B48 04
894D F4
8B55 F4
8B45 FC
8902
EB 0C
8B4D 08
8B51 04
8B45 FC
8942 08
8B4D FC
8B55 08
8911
8B45 08
8B4D FC
8948 04
8BE5
5D
C2 0400
CC
CC
CC
CC
CC

MOV DWORD PTR SS:[LOCAL.1],ECX


MOV EDX,DWORD PTR SS:[ARG.1]
MOV EAX,DWORD PTR SS:[LOCAL.1]
MOV ECX,DWORD PTR DS:[EAX]
MOV DWORD PTR DS:[EDX+8],ECX
MOV EDX,DWORD PTR SS:[LOCAL.1]
MOV EAX,DWORD PTR DS:[EDX]
MOVSX ECX,BYTE PTR DS:[EAX+0D5]
TEST ECX,ECX
JNE SHORT 0042BA68
MOV EDX,DWORD PTR SS:[LOCAL.1]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR DS:[EAX+4],ECX
MOV EDX,DWORD PTR SS:[LOCAL.1]
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR DS:[EDX+4],ECX
MOV EDX,DWORD PTR SS:[LOCAL.4]
MOV EAX,DWORD PTR DS:[EDX+18]
MOV ECX,DWORD PTR SS:[ARG.1]
CMP ECX,DWORD PTR DS:[EAX+4]
JNE SHORT 0042BA90
MOV EDX,DWORD PTR SS:[LOCAL.4]
MOV EAX,DWORD PTR DS:[EDX+18]
MOV ECX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR DS:[EAX+4],ECX
JMP SHORT 0042BAC2
MOV EDX,DWORD PTR SS:[ARG.1]
MOV EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.2],EAX
MOV ECX,DWORD PTR SS:[LOCAL.2]
MOV EDX,DWORD PTR SS:[ARG.1]
CMP EDX,DWORD PTR DS:[ECX]
JNE SHORT 0042BAB6
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.3],ECX
MOV EDX,DWORD PTR SS:[LOCAL.3]
MOV EAX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR DS:[EDX],EAX
JMP SHORT 0042BAC2
MOV ECX,DWORD PTR SS:[ARG.1]
MOV EDX,DWORD PTR DS:[ECX+4]
MOV EAX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR DS:[EDX+8],EAX
MOV ECX,DWORD PTR SS:[LOCAL.1]
MOV EDX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR DS:[ECX],EDX
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ECX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR DS:[EAX+4],ECX
MOV ESP,EBP
POP EBP
RETN 4
INT3
INT3
INT3
INT3
INT3

0042BADE
CC
0042BADF
CC
0042BAE0 /$ 55
o.0042BAE0(guessed Arg1)
0042BAE1 |. 8BEC
0042BAE3 |. 83EC 0C
0042BAE6 |. 894D F4
0042BAE9 |. 8B45 08
0042BAEC |. 8B08
0042BAEE |. 894D FC
0042BAF1 |. 8B55 08
0042BAF4 |. 8B45 FC
0042BAF7 |. 8B48 08
0042BAFA |. 890A
0042BAFC |. 8B55 FC
0042BAFF |. 8B42 08
0042BB02 |. 0FBE88 D50000
0042BB09 |. 85C9
0042BB0B |. 75 0C
0042BB0D |. 8B55 FC
0042BB10 |. 8B42 08
0042BB13 |. 8B4D 08
0042BB16 |. 8948 04
0042BB19 |> 8B55 FC
0042BB1C |. 8B45 08
0042BB1F |. 8B48 04
0042BB22 |. 894A 04
0042BB25 |. 8B55 F4
0042BB28 |. 8B42 18
0042BB2B |. 8B4D 08
0042BB2E |. 3B48 04
0042BB31 |. 75 0E
0042BB33 |. 8B55 F4
0042BB36 |. 8B42 18
0042BB39 |. 8B4D FC
0042BB3C |. 8948 04
0042BB3F |. EB 2D
0042BB41 |> 8B55 08
0042BB44 |. 8B42 04
0042BB47 |. 8B4D 08
0042BB4A |. 3B48 08
0042BB4D |. 75 0E
0042BB4F |. 8B55 08
0042BB52 |. 8B42 04
0042BB55 |. 8B4D FC
0042BB58 |. 8948 08
0042BB5B |. EB 11
0042BB5D |> 8B55 08
0042BB60 |. 8B42 04
0042BB63 |. 8945 F8
0042BB66 |. 8B4D F8
0042BB69 |. 8B55 FC
0042BB6C |. 8911
0042BB6E |> 8B45 FC
0042BB71 |. 8B4D 08
0042BB74 |. 8948 08
0042BB77 |. 8B55 08
0042BB7A |. 8B45 FC
0042BB7D |. 8942 04
0042BB80 |. 8BE5

INT3
INT3
PUSH EBP
MOV EBP,ESP
SUB ESP,0C
MOV DWORD PTR SS:[LOCAL.3],ECX
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ECX,DWORD PTR DS:[EAX]
MOV DWORD PTR SS:[LOCAL.1],ECX
MOV EDX,DWORD PTR SS:[ARG.1]
MOV EAX,DWORD PTR SS:[LOCAL.1]
MOV ECX,DWORD PTR DS:[EAX+8]
MOV DWORD PTR DS:[EDX],ECX
MOV EDX,DWORD PTR SS:[LOCAL.1]
MOV EAX,DWORD PTR DS:[EDX+8]
MOVSX ECX,BYTE PTR DS:[EAX+0D5]
TEST ECX,ECX
JNE SHORT 0042BB19
MOV EDX,DWORD PTR SS:[LOCAL.1]
MOV EAX,DWORD PTR DS:[EDX+8]
MOV ECX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR DS:[EAX+4],ECX
MOV EDX,DWORD PTR SS:[LOCAL.1]
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR DS:[EDX+4],ECX
MOV EDX,DWORD PTR SS:[LOCAL.3]
MOV EAX,DWORD PTR DS:[EDX+18]
MOV ECX,DWORD PTR SS:[ARG.1]
CMP ECX,DWORD PTR DS:[EAX+4]
JNE SHORT 0042BB41
MOV EDX,DWORD PTR SS:[LOCAL.3]
MOV EAX,DWORD PTR DS:[EDX+18]
MOV ECX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR DS:[EAX+4],ECX
JMP SHORT 0042BB6E
MOV EDX,DWORD PTR SS:[ARG.1]
MOV EAX,DWORD PTR DS:[EDX+4]
MOV ECX,DWORD PTR SS:[ARG.1]
CMP ECX,DWORD PTR DS:[EAX+8]
JNE SHORT 0042BB5D
MOV EDX,DWORD PTR SS:[ARG.1]
MOV EAX,DWORD PTR DS:[EDX+4]
MOV ECX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR DS:[EAX+8],ECX
JMP SHORT 0042BB6E
MOV EDX,DWORD PTR SS:[ARG.1]
MOV EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.2],EAX
MOV ECX,DWORD PTR SS:[LOCAL.2]
MOV EDX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR DS:[ECX],EDX
MOV EAX,DWORD PTR SS:[LOCAL.1]
MOV ECX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR DS:[EAX+8],ECX
MOV EDX,DWORD PTR SS:[ARG.1]
MOV EAX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR DS:[EDX+4],EAX
MOV ESP,EBP

; SystemInf

0042BB82 |.
0042BB83 \.
0042BB86
0042BB87
0042BB88
0042BB89
0042BB8A
0042BB8B
0042BB8C
0042BB8D
0042BB8E
0042BB8F
0042BB90 /$
0042BB91 |.
0042BB93 |.
0042BB95 |.
0042BB9A |.
0042BBA0 |.
0042BBA1 |.
0042BBA2 |.
0042BBA5 |.
0042BBA6 |.
0042BBA7 |.
0042BBA8 |.
0042BBAD |.
0042BBAF |.
0042BBB0 |.
0042BBB3 |.
0042BBB9 |.
0042BBBC |.
0042BBBF |.
0042BBC1 |.
0042BBC4 |.
0042BBC7 |.
fo.0042CA20
0042BBCC |.
0042BBCF |.
0042BBD6 |.
0042BBDD |.
0042BBE4 |.
0042BBE7 |.
0042BBEA |.
0042BBED |.
0042BBF0 |.
0042BBF4 |.
0042BBF6 |.
0042BBF9 |.
0042BBFC |.
0042BBFE |.
0042BC01 |.
0042BC04 |.
0042BC06 |>
0042BC0D |>
0042BC10 |.
0042BC13 |.
0042BC16 |.
0042BC1D |.
0042BC20 |.
0042BC23 |.
0042BC26 |.

5D
C2 0400
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
55
8BEC
6A FF
68 206B4400
64:A1 0000000
50
51
83EC 50
53
56
57
A1 A0154500
33C5
50
8D45 F4
64:A3 0000000
8965 F0
894D AC
6A 01
8B4D AC
83C1 0C
E8 540E0000
8945 E8
C745 EC
C745 FC
C745 E4
8B45 E8
8945 C4
8B4D C4
894D C0
837D C0
74 10
8B55 C0
8B45 E4
8902
8B4D C0
894D A8
EB 07
C745 A8
8B55 EC
83C2 01
8955 EC
C745 E0
8B45 E8
83C0 04
8945 BC
8B4D BC

POP EBP
RETN 4
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
PUSH -1
PUSH 00446B20
MOV EAX,DWORD PTR FS:[0]
PUSH EAX
PUSH ECX
SUB ESP,50
PUSH EBX
PUSH ESI
PUSH EDI
MOV EAX,DWORD PTR DS:[4515A0]
XOR EAX,EBP
PUSH EAX
LEA EAX,[LOCAL.3]
MOV DWORD PTR FS:[0],EAX
MOV DWORD PTR SS:[LOCAL.4],ESP
MOV DWORD PTR SS:[LOCAL.21],ECX
PUSH 1
MOV ECX,DWORD PTR SS:[LOCAL.21]
ADD ECX,0C
CALL 0042CA20

MOV DWORD PTR SS:[LOCAL.6],EAX


00000 MOV DWORD PTR SS:[LOCAL.5],0
00000 MOV DWORD PTR SS:[LOCAL.1],0
00000 MOV DWORD PTR SS:[LOCAL.7],0
MOV EAX,DWORD PTR SS:[LOCAL.6]
MOV DWORD PTR SS:[LOCAL.15],EAX
MOV ECX,DWORD PTR SS:[LOCAL.15]
MOV DWORD PTR SS:[LOCAL.16],ECX
00
CMP DWORD PTR SS:[LOCAL.16],0
JE SHORT 0042BC06
MOV EDX,DWORD PTR SS:[LOCAL.16]
MOV EAX,DWORD PTR SS:[LOCAL.7]
MOV DWORD PTR DS:[EDX],EAX
MOV ECX,DWORD PTR SS:[LOCAL.16]
MOV DWORD PTR SS:[LOCAL.22],ECX
JMP SHORT 0042BC0D
00000 MOV DWORD PTR SS:[LOCAL.22],0
MOV EDX,DWORD PTR SS:[LOCAL.5]
ADD EDX,1
MOV DWORD PTR SS:[LOCAL.5],EDX
00000 MOV DWORD PTR SS:[LOCAL.8],0
MOV EAX,DWORD PTR SS:[LOCAL.6]
ADD EAX,4
MOV DWORD PTR SS:[LOCAL.17],EAX
MOV ECX,DWORD PTR SS:[LOCAL.17]

;
;
;
;

/Arg1 = 1
|
|
\SystemIn

0042BC29 |.
0042BC2C |.
0042BC30 |.
0042BC32 |.
0042BC35 |.
0042BC38 |.
0042BC3A |.
0042BC3D |.
0042BC40 |.
0042BC42 |>
0042BC49 |>
0042BC4C |.
0042BC4F |.
0042BC52 |.
0042BC59 |.
0042BC5C |.
0042BC5F |.
0042BC62 |.
0042BC65 |.
0042BC68 |.
0042BC6C |.
0042BC6E |.
0042BC71 |.
0042BC74 |.
0042BC76 |.
0042BC79 |.
0042BC7C |.
0042BC7E |>
0042BC85 \>
0042BC87 /.
0042BC8A |.
0042BC8B |.
0042BC90 |.
0042BC93 |.
0042BC95 |.
0042BC97 |.
fo.0042E925
0042BC9C |.
0042BCA3 |.
0042BCA8 \.
0042BCA9 />
0042BCB0 |.
0042BCB3 |.
0042BCBA |.
0042BCBD |.
0042BCC4 |.
0042BCC7 |.
0042BCCA |.
0042BCD1 |.
0042BCD2 |.
0042BCD3 |.
0042BCD4 |.
0042BCD5 |.
0042BCD7 |.
0042BCD8 \.
0042BCD9
0042BCDA
0042BCDB
0042BCDC
0042BCDD

894D B8
837D B8 00
74 10
8B55 B8
8B45 E0
8902
8B4D B8
894D A4
EB 07
C745 A4 00000
8B55 EC
83C2 01
8955 EC
C745 DC 00000
8B45 E8
83C0 08
8945 B4
8B4D B4
894D B0
837D B0 00
74 10
8B55 B0
8B45 DC
8902
8B4D B0
894D A0
EB 07
C745 A0 00000
EB 22
8B55 E8
52
E8 8A2C0000
83C4 04
6A 00
6A 00
E8 892C0000

MOV DWORD PTR SS:[LOCAL.18],ECX


CMP DWORD PTR SS:[LOCAL.18],0
JE SHORT 0042BC42
MOV EDX,DWORD PTR SS:[LOCAL.18]
MOV EAX,DWORD PTR SS:[LOCAL.8]
MOV DWORD PTR DS:[EDX],EAX
MOV ECX,DWORD PTR SS:[LOCAL.18]
MOV DWORD PTR SS:[LOCAL.23],ECX
JMP SHORT 0042BC49
MOV DWORD PTR SS:[LOCAL.23],0
MOV EDX,DWORD PTR SS:[LOCAL.5]
ADD EDX,1
MOV DWORD PTR SS:[LOCAL.5],EDX
MOV DWORD PTR SS:[LOCAL.9],0
MOV EAX,DWORD PTR SS:[LOCAL.6]
ADD EAX,8
MOV DWORD PTR SS:[LOCAL.19],EAX
MOV ECX,DWORD PTR SS:[LOCAL.19]
MOV DWORD PTR SS:[LOCAL.20],ECX
CMP DWORD PTR SS:[LOCAL.20],0
JE SHORT 0042BC7E
MOV EDX,DWORD PTR SS:[LOCAL.20]
MOV EAX,DWORD PTR SS:[LOCAL.9]
MOV DWORD PTR DS:[EDX],EAX
MOV ECX,DWORD PTR SS:[LOCAL.20]
MOV DWORD PTR SS:[LOCAL.24],ECX
JMP SHORT 0042BC85
MOV DWORD PTR SS:[LOCAL.24],0
JMP SHORT 0042BCA9
MOV EDX,DWORD PTR SS:[EBP-18]
PUSH EDX
CALL 0042E91A
ADD ESP,4
PUSH 0
PUSH 0
CALL 0042E925

C745 FC FFFFF
B8 B0BC4200
C3
C745 FC FFFFF
8B45 E8
C680 D4000000
8B4D E8
C681 D5000000
8B45 E8
8B4D F4
64:890D 00000
59
5F
5E
5B
8BE5
5D
C3
CC
CC
CC
CC
CC

MOV DWORD PTR SS:[EBP-4],-1


MOV EAX,0042BCB0
RETN
MOV DWORD PTR SS:[LOCAL.1],-1
MOV EAX,DWORD PTR SS:[LOCAL.6]
MOV BYTE PTR DS:[EAX+0D4],1
MOV ECX,DWORD PTR SS:[LOCAL.6]
MOV BYTE PTR DS:[ECX+0D5],0
MOV EAX,DWORD PTR SS:[LOCAL.6]
MOV ECX,DWORD PTR SS:[LOCAL.3]
MOV DWORD PTR FS:[0],ECX
POP ECX
POP EDI
POP ESI
POP EBX
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
INT3
INT3

; /Arg2 = 0
; |Arg1 = 0
; \SystemIn

0042BCDE
CC
INT3
0042BCDF
CC
INT3
0042BCE0 /$ 55
PUSH EBP
o.0042BCE0(guessed Arg1,Arg2,Arg3,Arg4,Arg5)
0042BCE1 |. 8BEC
MOV EBP,ESP
0042BCE3 |. 6A FF
PUSH -1
0042BCE5 |. 68 596B4400 PUSH 00446B59
0042BCEA |. 64:A1 0000000 MOV EAX,DWORD PTR FS:[0]
0042BCF0 |. 50
PUSH EAX
0042BCF1 |. 51
PUSH ECX
0042BCF2 |. 83EC 2C
SUB ESP,2C
0042BCF5 |. 53
PUSH EBX
0042BCF6 |. 56
PUSH ESI
0042BCF7 |. 57
PUSH EDI
0042BCF8 |. A1 A0154500 MOV EAX,DWORD PTR DS:[4515A0]
0042BCFD |. 33C5
XOR EAX,EBP
0042BCFF |. 50
PUSH EAX
0042BD00 |. 8D45 F4
LEA EAX,[LOCAL.3]
0042BD03 |. 64:A3 0000000 MOV DWORD PTR FS:[0],EAX
0042BD09 |. 8965 F0
MOV DWORD PTR SS:[LOCAL.4],ESP
0042BD0C |. 894D CC
MOV DWORD PTR SS:[LOCAL.13],ECX
0042BD0F |. 6A 00
PUSH 0
0042BD11 |. 6A 01
PUSH 1
0042BD13 |. E8 F8150000 CALL 0042D310
0042BD18 |. 83C4 08
ADD ESP,8
0042BD1B |. 8945 EC
MOV DWORD PTR SS:[LOCAL.5],EAX
0042BD1E |. C745 FC 00000 MOV DWORD PTR SS:[LOCAL.1],0
0042BD25 |. 8B45 EC
MOV EAX,DWORD PTR SS:[LOCAL.5]
0042BD28 |. 8945 E4
MOV DWORD PTR SS:[LOCAL.7],EAX
0042BD2B |. C645 FC 01
MOV BYTE PTR SS:[LOCAL.1],1
0042BD2F |. 837D E4 00
CMP DWORD PTR SS:[LOCAL.7],0
0042BD33 |. 74 6A
JE SHORT 0042BD9F
0042BD35 |. 8B4D E4
MOV ECX,DWORD PTR SS:[LOCAL.7]
0042BD38 |. 8B55 08
MOV EDX,DWORD PTR SS:[ARG.1]
0042BD3B |. 8911
MOV DWORD PTR DS:[ECX],EDX
0042BD3D |. 8B45 E4
MOV EAX,DWORD PTR SS:[LOCAL.7]
0042BD40 |. 8B4D 0C
MOV ECX,DWORD PTR SS:[ARG.2]
0042BD43 |. 8948 04
MOV DWORD PTR DS:[EAX+4],ECX
0042BD46 |. 8B55 E4
MOV EDX,DWORD PTR SS:[LOCAL.7]
0042BD49 |. 8B45 10
MOV EAX,DWORD PTR SS:[ARG.3]
0042BD4C |. 8942 08
MOV DWORD PTR DS:[EDX+8],EAX
0042BD4F |. 8B4D E4
MOV ECX,DWORD PTR SS:[LOCAL.7]
0042BD52 |. 83C1 0C
ADD ECX,0C
0042BD55 |. 894D D0
MOV DWORD PTR SS:[LOCAL.12],ECX
0042BD58 |. 8B55 14
MOV EDX,DWORD PTR SS:[ARG.4]
0042BD5B |. 52
PUSH EDX
[ARG.4]
0042BD5C |. 8B4D D0
MOV ECX,DWORD PTR SS:[LOCAL.12]
0042BD5F |. E8 ACEFFDFF CALL 0040AD10
fo.0040AD10
0042BD64 |. 8945 C8
MOV DWORD PTR SS:[LOCAL.14],EAX
0042BD67 |. C645 FC 02
MOV BYTE PTR SS:[LOCAL.1],2
0042BD6B |. 8B45 14
MOV EAX,DWORD PTR SS:[ARG.4]
0042BD6E |. 83C0 28
ADD EAX,28
0042BD71 |. 50
PUSH EAX
0042BD72 |. 8B4D D0
MOV ECX,DWORD PTR SS:[LOCAL.12]
0042BD75 |. 83C1 28
ADD ECX,28
0042BD78 |. E8 23C6FFFF CALL 004283A0
fo.004283A0
0042BD7D |. C645 FC 01
MOV BYTE PTR SS:[LOCAL.1],1

; SystemInf

; /Arg1 =>
; |
; \SystemIn

;
;
;
;

/Arg1
|
|
\SystemIn

0042BD81 |.
0042BD84 |.
0042BD87 |.
0042BD8D |.
0042BD90 |.
0042BD97 |.
0042BD9A |.
0042BD9D |.
0042BD9F |>
0042BDA6 |>
0042BDA9 |.
0042BDAC |.
0042BDB0 \.
0042BDB2 /.
0042BDB5 |.
0042BDB6 |.
0042BDBB |.
0042BDBE |.
0042BDC0 |.
0042BDC2 |.
fo.0042E925
0042BDC7 |.
0042BDCE |.
0042BDD3 \.
0042BDD4 />
0042BDDB |.
0042BDDE |.
0042BDE1 |.
0042BDE8 |.
0042BDE9 |.
0042BDEA |.
0042BDEB |.
0042BDEC |.
0042BDEE |.
0042BDEF \.
0042BDF2
0042BDF3
0042BDF4
0042BDF5
0042BDF6
0042BDF7
0042BDF8
0042BDF9
0042BDFA
0042BDFB
0042BDFC
0042BDFD
0042BDFE
0042BDFF
0042BE00 /$
0042BE01 |.
0042BE03 |.
0042BE06 |.
0042BE09 |.
0042BE0C |.
0042BE0E |.
0042BE11 |.
0042BE14 |.
0042BE17 |.
0042BE19 |.

8B4D E4
8A55 18
8891 D4000000
8B45 E4
C680 D5000000
8B4D E4
894D C4
EB 07
C745 C4 00000
8B55 C4
8955 E8
C645 FC 00
EB 22
8B45 EC
50
E8 5F2B0000
83C4 04
6A 00
6A 00
E8 5E2B0000

MOV ECX,DWORD PTR SS:[LOCAL.7]


MOV DL,BYTE PTR SS:[ARG.5]
MOV BYTE PTR DS:[ECX+0D4],DL
MOV EAX,DWORD PTR SS:[LOCAL.7]
MOV BYTE PTR DS:[EAX+0D5],0
MOV ECX,DWORD PTR SS:[LOCAL.7]
MOV DWORD PTR SS:[LOCAL.15],ECX
JMP SHORT 0042BDA6
MOV DWORD PTR SS:[LOCAL.15],0
MOV EDX,DWORD PTR SS:[LOCAL.15]
MOV DWORD PTR SS:[LOCAL.6],EDX
MOV BYTE PTR SS:[LOCAL.1],0
JMP SHORT 0042BDD4
MOV EAX,DWORD PTR SS:[EBP-14]
PUSH EAX
CALL 0042E91A
ADD ESP,4
PUSH 0
PUSH 0
CALL 0042E925

C745 FC FFFFF
B8 DBBD4200
C3
C745 FC FFFFF
8B45 EC
8B4D F4
64:890D 00000
59
5F
5E
5B
8BE5
5D
C2 1400
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
55
8BEC
83EC 14
894D EC
8B45 EC
33C9
8338 00
0F95C1
0FB6D1
85D2
75 05

MOV DWORD PTR SS:[EBP-4],-1


MOV EAX,0042BDDB
RETN
MOV DWORD PTR SS:[LOCAL.1],-1
MOV EAX,DWORD PTR SS:[LOCAL.5]
MOV ECX,DWORD PTR SS:[LOCAL.3]
MOV DWORD PTR FS:[0],ECX
POP ECX
POP EDI
POP ESI
POP EBX
MOV ESP,EBP
POP EBP
RETN 14
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
SUB ESP,14
MOV DWORD PTR SS:[LOCAL.5],ECX
MOV EAX,DWORD PTR SS:[LOCAL.5]
XOR ECX,ECX
CMP DWORD PTR DS:[EAX],0
SETNE CL
MOVZX EDX,CL
TEST EDX,EDX
JNE SHORT 0042BE20

; /Arg2 = 0
; |Arg1 = 0
; \SystemIn

0042BE1B
0042BE20
0042BE22
0042BE24
0042BE27
0042BE2A
0042BE31
0042BE33
0042BE35
0042BE38
0042BE3B
0042BE3E
0042BE41
0042BE44
0042BE47
0042BE4A
0042BE51
0042BE53
0042BE55
0042BE5A
0042BE5F
0042BE62
0042BE65
0042BE68
0042BE6B
0042BE6D
0042BE74
0042BE76
0042BE78
0042BE7B
0042BE7E
0042BE81
0042BE84
0042BE86
0042BE89
0042BE8C
0042BE8F
0042BE96
0042BE98
0042BE9A
0042BE9D
0042BEA0
0042BEA3
0042BEA5
0042BEA8
0042BEAB
0042BEAE
0042BEB0
0042BEB3
0042BEB6
0042BEB9
0042BEBC
0042BEBF
0042BEC6
0042BEC8
0042BECA
0042BECD
0042BED0
0042BED3
0042BED5

|.
|>
|.^
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.^
|>
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.

E8 682A0000
33C0
75 FC
8B4D EC
8B51 04
0FBE82 D50000
85C0
74 2A
8B4D EC
8B51 04
8B45 EC
8B4A 08
8948 04
8B55 EC
8B42 04
0FBE88 D50000
85C9
74 05
E8 2E2A0000
E9 A4000000
8B55 EC
8B42 04
8945 F8
8B4D F8
8B11
0FBE82 D50000
85C0
75 38
8B4D EC
8B51 04
8955 F4
8B45 F4
8B08
894D F0
8B55 F0
8B42 08
0FBE88 D50000
85C9
75 0B
8B55 F0
8B42 08
8945 F0
EB E4
8B4D EC
8B55 F0
8951 04
EB 53
8B45 EC
8B48 04
8B51 04
8955 FC
8B45 FC
0FBE88 D50000
85C9
75 18
8B55 EC
8B45 FC
8B4A 04
3B08
75 0B

CALL 0042E888
/XOR EAX,EAX
\JNE SHORT 0042BE20
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV EDX,DWORD PTR DS:[ECX+4]
MOVSX EAX,BYTE PTR DS:[EDX+0D5]
TEST EAX,EAX
JE SHORT 0042BE5F
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV EDX,DWORD PTR DS:[ECX+4]
MOV EAX,DWORD PTR SS:[LOCAL.5]
MOV ECX,DWORD PTR DS:[EDX+8]
MOV DWORD PTR DS:[EAX+4],ECX
MOV EDX,DWORD PTR SS:[LOCAL.5]
MOV EAX,DWORD PTR DS:[EDX+4]
MOVSX ECX,BYTE PTR DS:[EAX+0D5]
TEST ECX,ECX
JE SHORT 0042BE5A
CALL 0042E888
JMP 0042BF03
MOV EDX,DWORD PTR SS:[LOCAL.5]
MOV EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.2],EAX
MOV ECX,DWORD PTR SS:[LOCAL.2]
MOV EDX,DWORD PTR DS:[ECX]
MOVSX EAX,BYTE PTR DS:[EDX+0D5]
TEST EAX,EAX
JNE SHORT 0042BEB0
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[LOCAL.3],EDX
MOV EAX,DWORD PTR SS:[LOCAL.3]
MOV ECX,DWORD PTR DS:[EAX]
MOV DWORD PTR SS:[LOCAL.4],ECX
/MOV EDX,DWORD PTR SS:[LOCAL.4]
|MOV EAX,DWORD PTR DS:[EDX+8]
|MOVSX ECX,BYTE PTR DS:[EAX+0D5]
|TEST ECX,ECX
|JNE SHORT 0042BEA5
|MOV EDX,DWORD PTR SS:[LOCAL.4]
|MOV EAX,DWORD PTR DS:[EDX+8]
|MOV DWORD PTR SS:[LOCAL.4],EAX
\JMP SHORT 0042BE89
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV EDX,DWORD PTR SS:[LOCAL.4]
MOV DWORD PTR DS:[ECX+4],EDX
JMP SHORT 0042BF03
/MOV EAX,DWORD PTR SS:[LOCAL.5]
|MOV ECX,DWORD PTR DS:[EAX+4]
|MOV EDX,DWORD PTR DS:[ECX+4]
|MOV DWORD PTR SS:[LOCAL.1],EDX
|MOV EAX,DWORD PTR SS:[LOCAL.1]
|MOVSX ECX,BYTE PTR DS:[EAX+0D5]
|TEST ECX,ECX
|JNE SHORT 0042BEE2
|MOV EDX,DWORD PTR SS:[LOCAL.5]
|MOV EAX,DWORD PTR SS:[LOCAL.1]
|MOV ECX,DWORD PTR DS:[EDX+4]
|CMP ECX,DWORD PTR DS:[EAX]
|JNE SHORT 0042BEE2

0042BED7 |. 8B55 EC
|MOV EDX,DWORD PTR SS:[LOCAL.5]
0042BEDA |. 8B45 FC
|MOV EAX,DWORD PTR SS:[LOCAL.1]
0042BEDD |. 8942 04
|MOV DWORD PTR DS:[EDX+4],EAX
0042BEE0 |.^ EB CE
\JMP SHORT 0042BEB0
0042BEE2 |> 8B4D EC
MOV ECX,DWORD PTR SS:[LOCAL.5]
0042BEE5 |. 8B51 04
MOV EDX,DWORD PTR DS:[ECX+4]
0042BEE8 |. 0FBE82 D50000 MOVSX EAX,BYTE PTR DS:[EDX+0D5]
0042BEEF |. 85C0
TEST EAX,EAX
0042BEF1 |. 74 07
JE SHORT 0042BEFA
0042BEF3 |. E8 90290000 CALL 0042E888
0042BEF8 |. EB 09
JMP SHORT 0042BF03
0042BEFA |> 8B4D EC
MOV ECX,DWORD PTR SS:[LOCAL.5]
0042BEFD |. 8B55 FC
MOV EDX,DWORD PTR SS:[LOCAL.1]
0042BF00 |. 8951 04
MOV DWORD PTR DS:[ECX+4],EDX
0042BF03 |> 8BE5
MOV ESP,EBP
0042BF05 |. 5D
POP EBP
0042BF06 \. C3
RETN
0042BF07
CC
INT3
0042BF08
CC
INT3
0042BF09
CC
INT3
0042BF0A
CC
INT3
0042BF0B
CC
INT3
0042BF0C
CC
INT3
0042BF0D
CC
INT3
0042BF0E
CC
INT3
0042BF0F
CC
INT3
0042BF10 /$ 55
PUSH EBP
;
o.0042BF10(guessed Arg1,Arg2,Arg3)
0042BF11 |. 8BEC
MOV EBP,ESP
0042BF13 |. 6A FF
PUSH -1
0042BF15 |. 68 886B4400 PUSH 00446B88
0042BF1A |. 64:A1 0000000 MOV EAX,DWORD PTR FS:[0]
0042BF20 |. 50
PUSH EAX
0042BF21 |. 81EC 08010000 SUB ESP,108
0042BF27 |. A1 A0154500 MOV EAX,DWORD PTR DS:[4515A0]
0042BF2C |. 33C5
XOR EAX,EBP
0042BF2E |. 50
PUSH EAX
0042BF2F |. 8D45 F4
LEA EAX,[LOCAL.3]
0042BF32 |. 64:A3 0000000 MOV DWORD PTR FS:[0],EAX
0042BF38 |. 898D F4FEFFFF MOV DWORD PTR SS:[LOCAL.67],ECX
0042BF3E |. 8B45 10
MOV EAX,DWORD PTR SS:[ARG.3]
0042BF41 |. 8945 9C
MOV DWORD PTR SS:[LOCAL.25],EAX
0042BF44 |. 8B4D 9C
MOV ECX,DWORD PTR SS:[LOCAL.25]
0042BF47 |. 0FBE51 3D
MOVSX EDX,BYTE PTR DS:[ECX+3D]
0042BF4B |. 85D2
TEST EDX,EDX
0042BF4D |. 74 48
JE SHORT 0042BF97
0042BF4F |. 68 5C884400 PUSH OFFSET 0044885C
;
SCII "invalid map/set<T> iterator"
0042BF54 |. 8D4D A0
LEA ECX,[LOCAL.24]
;
0042BF57 |. E8 942CFEFF CALL 0040EBF0
;
fo.0040EBF0
0042BF5C |. C745 FC 00000 MOV DWORD PTR SS:[LOCAL.1],0
0042BF63 |. 8D45 A0
LEA EAX,[LOCAL.24]
0042BF66 |. 50
PUSH EAX
;
OFFSET LOCAL.24
0042BF67 |. 8D4D BC
LEA ECX,[LOCAL.17]
;
0042BF6A |. E8 D1CBFDFF CALL 00408B40
;
fo.00408B40
0042BF6F |. C745 BC 54884 MOV DWORD PTR SS:[LOCAL.17],OFFSET 00448
0042BF76 |. 68 7CD54400 PUSH OFFSET 0044D57C
;

SystemInf

/Arg1 = A
|
\SystemIn

/Arg1 =>
|
\SystemIn
/Arg2 = S

ystemInfo.44D57C
0042BF7B |. 8D4D BC
0042BF7E |. 51
OFFSET LOCAL.17
0042BF7F |. E8 A1290000
fo.0042E925
0042BF84 |. C745 FC FFFFF
0042BF8B |. 6A 00
0042BF8D |. 6A 01
0042BF8F |. 8D4D A0
0042BF92 |. E8 C93BFEFF
fo.0040FB60
0042BF97 |> 8B55 10
0042BF9A |. 8955 F0
0042BF9D |. 8D4D 0C
0042BFA0 |. E8 7BB9FFFF
0042BFA5 |. 8B45 F0
0042BFA8 |. 8945 E8
0042BFAB |. 8B4D E8
0042BFAE |. 8B11
0042BFB0 |. 0FBE42 3D
0042BFB4 |. 85C0
0042BFB6 |. 74 0B
0042BFB8 |. 8B4D E8
0042BFBB |. 8B51 08
0042BFBE |. 8955 EC
0042BFC1 |. EB 27
0042BFC3 |> 8B45 E8
0042BFC6 |. 8B48 08
0042BFC9 |. 0FBE51 3D
0042BFCD |. 85D2
0042BFCF |. 74 0A
0042BFD1 |. 8B45 E8
0042BFD4 |. 8B08
0042BFD6 |. 894D EC
0042BFD9 |. EB 0F
0042BFDB |> 8B55 10
0042BFDE |. 8955 E8
0042BFE1 |. 8B45 E8
0042BFE4 |. 8B48 08
0042BFE7 |. 894D EC
0042BFEA |> 8B55 E8
0042BFED |. 3B55 F0
0042BFF0 |. 0F85 3A010000
0042BFF6 |. 8B45 F0
0042BFF9 |. 8B48 04
0042BFFC |. 894D E4
0042BFFF |. 8B55 EC
0042C002 |. 0FBE42 3D
0042C006 |. 85C0
0042C008 |. 75 09
0042C00A |. 8B4D EC
0042C00D |. 8B55 E4
0042C010 |. 8951 04
0042C013 |> 8B85 F4FEFFFF
0042C019 |. 8B48 18
0042C01C |. 8B51 04
0042C01F |. 3B55 F0
0042C022 |. 75 11
0042C024 |. 8B85 F4FEFFFF

LEA ECX,[LOCAL.17]
PUSH ECX

; |
; |Arg1 =>

CALL 0042E925

; \SystemIn

MOV DWORD PTR SS:[LOCAL.1],-1


PUSH 0
PUSH 1
LEA ECX,[LOCAL.24]
CALL 0040FB60

;
;
;
;

MOV EDX,DWORD PTR SS:[ARG.3]


MOV DWORD PTR SS:[LOCAL.4],EDX
LEA ECX,[ARG.2]
CALL 00427920
MOV EAX,DWORD PTR SS:[LOCAL.4]
MOV DWORD PTR SS:[LOCAL.6],EAX
MOV ECX,DWORD PTR SS:[LOCAL.6]
MOV EDX,DWORD PTR DS:[ECX]
MOVSX EAX,BYTE PTR DS:[EDX+3D]
TEST EAX,EAX
JE SHORT 0042BFC3
MOV ECX,DWORD PTR SS:[LOCAL.6]
MOV EDX,DWORD PTR DS:[ECX+8]
MOV DWORD PTR SS:[LOCAL.5],EDX
JMP SHORT 0042BFEA
MOV EAX,DWORD PTR SS:[LOCAL.6]
MOV ECX,DWORD PTR DS:[EAX+8]
MOVSX EDX,BYTE PTR DS:[ECX+3D]
TEST EDX,EDX
JE SHORT 0042BFDB
MOV EAX,DWORD PTR SS:[LOCAL.6]
MOV ECX,DWORD PTR DS:[EAX]
MOV DWORD PTR SS:[LOCAL.5],ECX
JMP SHORT 0042BFEA
MOV EDX,DWORD PTR SS:[ARG.3]
MOV DWORD PTR SS:[LOCAL.6],EDX
MOV EAX,DWORD PTR SS:[LOCAL.6]
MOV ECX,DWORD PTR DS:[EAX+8]
MOV DWORD PTR SS:[LOCAL.5],ECX
MOV EDX,DWORD PTR SS:[LOCAL.6]
CMP EDX,DWORD PTR SS:[LOCAL.4]
JNE 0042C130
MOV EAX,DWORD PTR SS:[LOCAL.4]
MOV ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.7],ECX
MOV EDX,DWORD PTR SS:[LOCAL.5]
MOVSX EAX,BYTE PTR DS:[EDX+3D]
TEST EAX,EAX
JNE SHORT 0042C013
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV EDX,DWORD PTR SS:[LOCAL.7]
MOV DWORD PTR DS:[ECX+4],EDX
MOV EAX,DWORD PTR SS:[LOCAL.67]
MOV ECX,DWORD PTR DS:[EAX+18]
MOV EDX,DWORD PTR DS:[ECX+4]
CMP EDX,DWORD PTR SS:[LOCAL.4]
JNE SHORT 0042C035
MOV EAX,DWORD PTR SS:[LOCAL.67]

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

0042C02A
0042C02D
0042C030
0042C033
0042C035
0042C038
0042C03A
0042C03D
0042C03F
0042C042
0042C045
0042C047
0042C049
0042C04C
0042C04F
0042C052
0042C058
0042C05B
0042C05E
0042C061
0042C063
0042C066
0042C068
0042C06B
0042C06F
0042C071
0042C073
0042C076
0042C07C
0042C07E
0042C081
0042C084
0042C087
0042C089
0042C08D
0042C08F
0042C091
0042C094
0042C096
0042C099
0042C09B
0042C09E
0042C0A4
0042C0AA
0042C0AD
0042C0B0
0042C0B3
0042C0B9
0042C0BB
0042C0C1
0042C0C4
0042C0C7
0042C0CA
0042C0CC
0042C0CF
0042C0D3
0042C0D5
0042C0D7
0042C0DA
0042C0E0

|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.^
|>
|.
|>
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.

8B48 18
8B55 EC
8951 04
EB 1D
8B45 E4
8B08
3B4D F0
75 0A
8B55 E4
8B45 EC
8902
EB 09
8B4D E4
8B55 EC
8951 08
8B85 F4FEFFFF
8B48 18
894D 88
8B55 88
8B02
3B45 F0
75 53
8B4D EC
0FBE51 3D
85D2
74 0B
8B45 E4
8985 F0FEFFFF
EB 26
8B4D EC
894D 84
8B55 84
8B02
0FBE48 3D
85C9
75 0A
8B55 84
8B02
8945 84
EB E9
8B4D 84
898D F0FEFFFF
8B95 F4FEFFFF
8B42 18
8945 80
8B4D 80
8B95 F0FEFFFF
8911
8B85 F4FEFFFF
8B48 18
8B51 08
3B55 F0
75 5F
8B45 EC
0FBE48 3D
85C9
74 0B
8B55 E4
8995 ECFEFFFF
EB 37

MOV ECX,DWORD PTR DS:[EAX+18]


MOV EDX,DWORD PTR SS:[LOCAL.5]
MOV DWORD PTR DS:[ECX+4],EDX
JMP SHORT 0042C052
MOV EAX,DWORD PTR SS:[LOCAL.7]
MOV ECX,DWORD PTR DS:[EAX]
CMP ECX,DWORD PTR SS:[LOCAL.4]
JNE SHORT 0042C049
MOV EDX,DWORD PTR SS:[LOCAL.7]
MOV EAX,DWORD PTR SS:[LOCAL.5]
MOV DWORD PTR DS:[EDX],EAX
JMP SHORT 0042C052
MOV ECX,DWORD PTR SS:[LOCAL.7]
MOV EDX,DWORD PTR SS:[LOCAL.5]
MOV DWORD PTR DS:[ECX+8],EDX
MOV EAX,DWORD PTR SS:[LOCAL.67]
MOV ECX,DWORD PTR DS:[EAX+18]
MOV DWORD PTR SS:[LOCAL.30],ECX
MOV EDX,DWORD PTR SS:[LOCAL.30]
MOV EAX,DWORD PTR DS:[EDX]
CMP EAX,DWORD PTR SS:[LOCAL.4]
JNE SHORT 0042C0BB
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOVSX EDX,BYTE PTR DS:[ECX+3D]
TEST EDX,EDX
JE SHORT 0042C07E
MOV EAX,DWORD PTR SS:[LOCAL.7]
MOV DWORD PTR SS:[LOCAL.68],EAX
JMP SHORT 0042C0A4
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV DWORD PTR SS:[LOCAL.31],ECX
/MOV EDX,DWORD PTR SS:[LOCAL.31]
|MOV EAX,DWORD PTR DS:[EDX]
|MOVSX ECX,BYTE PTR DS:[EAX+3D]
|TEST ECX,ECX
|JNE SHORT 0042C09B
|MOV EDX,DWORD PTR SS:[LOCAL.31]
|MOV EAX,DWORD PTR DS:[EDX]
|MOV DWORD PTR SS:[LOCAL.31],EAX
\JMP SHORT 0042C084
MOV ECX,DWORD PTR SS:[LOCAL.31]
MOV DWORD PTR SS:[LOCAL.68],ECX
MOV EDX,DWORD PTR SS:[LOCAL.67]
MOV EAX,DWORD PTR DS:[EDX+18]
MOV DWORD PTR SS:[LOCAL.32],EAX
MOV ECX,DWORD PTR SS:[LOCAL.32]
MOV EDX,DWORD PTR SS:[LOCAL.68]
MOV DWORD PTR DS:[ECX],EDX
MOV EAX,DWORD PTR SS:[LOCAL.67]
MOV ECX,DWORD PTR DS:[EAX+18]
MOV EDX,DWORD PTR DS:[ECX+8]
CMP EDX,DWORD PTR SS:[LOCAL.4]
JNE SHORT 0042C12B
MOV EAX,DWORD PTR SS:[LOCAL.5]
MOVSX ECX,BYTE PTR DS:[EAX+3D]
TEST ECX,ECX
JE SHORT 0042C0E2
MOV EDX,DWORD PTR SS:[LOCAL.7]
MOV DWORD PTR SS:[LOCAL.69],EDX
JMP SHORT 0042C119

0042C0E2
0042C0E5
0042C0EB
0042C0F1
0042C0F4
0042C0F8
0042C0FA
0042C0FC
0042C102
0042C105
0042C10B
0042C10D
0042C113
0042C119
0042C11F
0042C122
0042C128
0042C12B
0042C130
0042C133
0042C135
0042C138
0042C13B
0042C13E
0042C141
0042C143
0042C145
0042C148
0042C14B
0042C14E
0042C150
0042C153
0042C156
0042C158
0042C15B
0042C15E
0042C161
0042C164
0042C168
0042C16A
0042C16C
0042C16F
0042C172
0042C175
0042C178
0042C17B
0042C17D
0042C180
0042C183
0042C186
0042C189
0042C18C
0042C18F
0042C192
0042C195
0042C19B
0042C19E
0042C1A1
0042C1A4
0042C1A6

|>
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.^
|>
|.
|>
|.
|.
|.
|>
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.

8B45 EC
8985 7CFFFFFF
8B8D 7CFFFFFF
8B51 08
0FBE42 3D
85C0
75 11
8B8D 7CFFFFFF
8B51 08
8995 7CFFFFFF
EB DE
8B85 7CFFFFFF
8985 ECFEFFFF
8B8D F4FEFFFF
8B51 18
8B85 ECFEFFFF
8942 08
E9 23010000
8B4D F0
8B11
8B45 E8
8942 04
8B4D E8
8B55 F0
8B02
8901
8B4D F0
8B55 E8
3B51 08
75 08
8B45 E8
8945 E4
EB 3D
8B4D E8
8B51 04
8955 E4
8B45 EC
0FBE48 3D
85C9
75 09
8B55 EC
8B45 E4
8942 04
8B4D E4
8B55 EC
8911
8B45 E8
8B4D F0
8B51 08
8950 08
8B45 F0
8B48 08
8B55 E8
8951 04
8B85 F4FEFFFF
8B48 18
8B51 04
3B55 F0
75 11
8B85 F4FEFFFF

MOV EAX,DWORD PTR SS:[LOCAL.5]


MOV DWORD PTR SS:[LOCAL.33],EAX
/MOV ECX,DWORD PTR SS:[LOCAL.33]
|MOV EDX,DWORD PTR DS:[ECX+8]
|MOVSX EAX,BYTE PTR DS:[EDX+3D]
|TEST EAX,EAX
|JNE SHORT 0042C10D
|MOV ECX,DWORD PTR SS:[LOCAL.33]
|MOV EDX,DWORD PTR DS:[ECX+8]
|MOV DWORD PTR SS:[LOCAL.33],EDX
\JMP SHORT 0042C0EB
MOV EAX,DWORD PTR SS:[LOCAL.33]
MOV DWORD PTR SS:[LOCAL.69],EAX
MOV ECX,DWORD PTR SS:[LOCAL.67]
MOV EDX,DWORD PTR DS:[ECX+18]
MOV EAX,DWORD PTR SS:[LOCAL.69]
MOV DWORD PTR DS:[EDX+8],EAX
JMP 0042C253
MOV ECX,DWORD PTR SS:[LOCAL.4]
MOV EDX,DWORD PTR DS:[ECX]
MOV EAX,DWORD PTR SS:[LOCAL.6]
MOV DWORD PTR DS:[EDX+4],EAX
MOV ECX,DWORD PTR SS:[LOCAL.6]
MOV EDX,DWORD PTR SS:[LOCAL.4]
MOV EAX,DWORD PTR DS:[EDX]
MOV DWORD PTR DS:[ECX],EAX
MOV ECX,DWORD PTR SS:[LOCAL.4]
MOV EDX,DWORD PTR SS:[LOCAL.6]
CMP EDX,DWORD PTR DS:[ECX+8]
JNE SHORT 0042C158
MOV EAX,DWORD PTR SS:[LOCAL.6]
MOV DWORD PTR SS:[LOCAL.7],EAX
JMP SHORT 0042C195
MOV ECX,DWORD PTR SS:[LOCAL.6]
MOV EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[LOCAL.7],EDX
MOV EAX,DWORD PTR SS:[LOCAL.5]
MOVSX ECX,BYTE PTR DS:[EAX+3D]
TEST ECX,ECX
JNE SHORT 0042C175
MOV EDX,DWORD PTR SS:[LOCAL.5]
MOV EAX,DWORD PTR SS:[LOCAL.7]
MOV DWORD PTR DS:[EDX+4],EAX
MOV ECX,DWORD PTR SS:[LOCAL.7]
MOV EDX,DWORD PTR SS:[LOCAL.5]
MOV DWORD PTR DS:[ECX],EDX
MOV EAX,DWORD PTR SS:[LOCAL.6]
MOV ECX,DWORD PTR SS:[LOCAL.4]
MOV EDX,DWORD PTR DS:[ECX+8]
MOV DWORD PTR DS:[EAX+8],EDX
MOV EAX,DWORD PTR SS:[LOCAL.4]
MOV ECX,DWORD PTR DS:[EAX+8]
MOV EDX,DWORD PTR SS:[LOCAL.6]
MOV DWORD PTR DS:[ECX+4],EDX
MOV EAX,DWORD PTR SS:[LOCAL.67]
MOV ECX,DWORD PTR DS:[EAX+18]
MOV EDX,DWORD PTR DS:[ECX+4]
CMP EDX,DWORD PTR SS:[LOCAL.4]
JNE SHORT 0042C1B7
MOV EAX,DWORD PTR SS:[LOCAL.67]

0042C1AC
0042C1AF
0042C1B2
0042C1B5
0042C1B7
0042C1BA
0042C1BD
0042C1C3
0042C1C9
0042C1CB
0042C1CE
0042C1D0
0042C1D3
0042C1D6
0042C1DC
0042C1E2
0042C1E5
0042C1E7
0042C1E9
0042C1EC
0042C1EF
0042C1F2
0042C1F5
0042C1F8
0042C1FB
0042C1FE
0042C201
0042C204
0042C207
0042C20D
0042C210
0042C213
0042C219
0042C21F
0042C225
0042C227
0042C22D
0042C22F
0042C235
0042C23B
0042C241
0042C243
0042C245
0042C24B
0042C251
0042C253
0042C256
0042C25A
0042C25D
0042C263
0042C265
0042C268
0042C26B
0042C26E
0042C274
0042C277
0042C27A
0042C27D
0042C283
0042C286

|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|>
|.
|.
|>
|.
|.
|.
|.
|.
|.

8B48 18
8B55 E8
8951 04
EB 3E
8B45 F0
8B48 04
898D 78FFFFFF
8B95 78FFFFFF
8B02
3B45 F0
75 19
8B4D F0
8B51 04
8995 74FFFFFF
8B85 74FFFFFF
8B4D E8
8908
EB 0C
8B55 F0
8B42 04
8B4D E8
8948 08
8B55 E8
8B45 F0
8B48 04
894A 04
8B55 F0
83C2 3C
8995 68FFFFFF
8B45 E8
83C0 3C
8985 6CFFFFFF
8B8D 6CFFFFFF
3B8D 68FFFFFF
74 2C
8B95 6CFFFFFF
8A02
8885 73FFFFFF
8B8D 6CFFFFFF
8B95 68FFFFFF
8A02
8801
8B8D 68FFFFFF
8A95 73FFFFFF
8811
8B45 F0
0FBE48 3C
83F9 01
0F85 10020000
EB 09
8B55 EC
8B42 04
8945 E4
8B8D F4FEFFFF
8B51 18
8B45 EC
3B42 04
0F84 E9010000
8B4D EC
0FBE51 3C

MOV ECX,DWORD PTR DS:[EAX+18]


MOV EDX,DWORD PTR SS:[LOCAL.6]
MOV DWORD PTR DS:[ECX+4],EDX
JMP SHORT 0042C1F5
MOV EAX,DWORD PTR SS:[LOCAL.4]
MOV ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.34],ECX
MOV EDX,DWORD PTR SS:[LOCAL.34]
MOV EAX,DWORD PTR DS:[EDX]
CMP EAX,DWORD PTR SS:[LOCAL.4]
JNE SHORT 0042C1E9
MOV ECX,DWORD PTR SS:[LOCAL.4]
MOV EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[LOCAL.35],EDX
MOV EAX,DWORD PTR SS:[LOCAL.35]
MOV ECX,DWORD PTR SS:[LOCAL.6]
MOV DWORD PTR DS:[EAX],ECX
JMP SHORT 0042C1F5
MOV EDX,DWORD PTR SS:[LOCAL.4]
MOV EAX,DWORD PTR DS:[EDX+4]
MOV ECX,DWORD PTR SS:[LOCAL.6]
MOV DWORD PTR DS:[EAX+8],ECX
MOV EDX,DWORD PTR SS:[LOCAL.6]
MOV EAX,DWORD PTR SS:[LOCAL.4]
MOV ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR DS:[EDX+4],ECX
MOV EDX,DWORD PTR SS:[LOCAL.4]
ADD EDX,3C
MOV DWORD PTR SS:[LOCAL.38],EDX
MOV EAX,DWORD PTR SS:[LOCAL.6]
ADD EAX,3C
MOV DWORD PTR SS:[LOCAL.37],EAX
MOV ECX,DWORD PTR SS:[LOCAL.37]
CMP ECX,DWORD PTR SS:[LOCAL.38]
JE SHORT 0042C253
MOV EDX,DWORD PTR SS:[LOCAL.37]
MOV AL,BYTE PTR DS:[EDX]
MOV BYTE PTR SS:[LOCAL.36+3],AL
MOV ECX,DWORD PTR SS:[LOCAL.37]
MOV EDX,DWORD PTR SS:[LOCAL.38]
MOV AL,BYTE PTR DS:[EDX]
MOV BYTE PTR DS:[ECX],AL
MOV ECX,DWORD PTR SS:[LOCAL.38]
MOV DL,BYTE PTR SS:[LOCAL.36+3]
MOV BYTE PTR DS:[ECX],DL
MOV EAX,DWORD PTR SS:[LOCAL.4]
MOVSX ECX,BYTE PTR DS:[EAX+3C]
CMP ECX,1
JNE 0042C473
JMP SHORT 0042C26E
MOV EDX,DWORD PTR SS:[EBP-14]
MOV EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[EBP-1C],EAX
MOV ECX,DWORD PTR SS:[EBP-10C]
MOV EDX,DWORD PTR DS:[ECX+18]
MOV EAX,DWORD PTR SS:[EBP-14]
CMP EAX,DWORD PTR DS:[EDX+4]
JE 0042C46C
MOV ECX,DWORD PTR SS:[EBP-14]
MOVSX EDX,BYTE PTR DS:[ECX+3C]

0042C28A |.
0042C28D |.
0042C293 |.
0042C296 |.
0042C299 |.
0042C29B |.
0042C2A1 |.
0042C2A4 |.
0042C2A7 |.
0042C2AA |.
0042C2AD |.
0042C2B1 |.
0042C2B3 |.
0042C2B5 |.
0042C2B8 |.
0042C2BC |.
0042C2BF |.
0042C2C3 |.
0042C2C6 |.
0042C2C7 |.
0042C2CD |.
fo.0042C580
0042C2D2 |.
0042C2D5 |.
0042C2D8 |.
0042C2DB |>
0042C2DE |.
0042C2E2 |.
0042C2E4 |.
0042C2E6 |.
0042C2E9 |.
0042C2EC |.^
0042C2F1 |>
0042C2F4 |.
0042C2F6 |.
0042C2FA |.
0042C2FD |.
0042C2FF |.
0042C302 |.
0042C305 |.
0042C309 |.
0042C30C |.
0042C30E |.
0042C311 |.
0042C315 |.
0042C318 |.
0042C31B |.^
0042C31D |>
0042C320 |.
0042C323 |.
0042C327 |.
0042C32A |.
0042C32C |.
0042C32F |.
0042C331 |.
0042C335 |.
0042C338 |.
0042C33C |.
0042C33F |.
0042C340 |.

83FA 01
0F85 D9010000
8B45 E4
8B4D EC
3B08
0F85 E9000000
8B55 E4
8B42 08
8945 E8
8B4D E8
0FBE51 3C
85D2
75 26
8B45 E8
C640 3C 01
8B4D E4
C641 3C 00
8B55 E4
52
8B8D F4FEFFFF
E8 AE020000

CMP EDX,1
JNE 0042C46C
MOV EAX,DWORD PTR SS:[EBP-1C]
MOV ECX,DWORD PTR SS:[EBP-14]
CMP ECX,DWORD PTR DS:[EAX]
JNE 0042C38A
MOV EDX,DWORD PTR SS:[EBP-1C]
MOV EAX,DWORD PTR DS:[EDX+8]
MOV DWORD PTR SS:[EBP-18],EAX
MOV ECX,DWORD PTR SS:[EBP-18]
MOVSX EDX,BYTE PTR DS:[ECX+3C]
TEST EDX,EDX
JNE SHORT 0042C2DB
MOV EAX,DWORD PTR SS:[EBP-18]
MOV BYTE PTR DS:[EAX+3C],1
MOV ECX,DWORD PTR SS:[EBP-1C]
MOV BYTE PTR DS:[ECX+3C],0
MOV EDX,DWORD PTR SS:[EBP-1C]
PUSH EDX
MOV ECX,DWORD PTR SS:[EBP-10C]
CALL 0042C580

; /Arg1
; |
; \SystemIn

8B45 E4
8B48 08
894D E8
8B55 E8
0FBE42 3D
85C0
74 0B
8B4D E4
894D EC
E9 94000000
8B55 E8
8B02
0FBE48 3C
83F9 01
75 1E
8B55 E8
8B42 08
0FBE48 3C
83F9 01
75 0F
8B55 E8
C642 3C 00
8B45 E4
8945 EC
EB 68
8B4D E8
8B51 08
0FBE42 3C
83F8 01
75 28
8B4D E8
8B11
C642 3C 01
8B45 E8
C640 3C 00
8B4D E8
51
8B8D F4FEFFFF

MOV EAX,DWORD PTR SS:[EBP-1C]


MOV ECX,DWORD PTR DS:[EAX+8]
MOV DWORD PTR SS:[EBP-18],ECX
MOV EDX,DWORD PTR SS:[EBP-18]
MOVSX EAX,BYTE PTR DS:[EDX+3D]
TEST EAX,EAX
JE SHORT 0042C2F1
MOV ECX,DWORD PTR SS:[EBP-1C]
MOV DWORD PTR SS:[EBP-14],ECX
JMP 0042C385
MOV EDX,DWORD PTR SS:[EBP-18]
MOV EAX,DWORD PTR DS:[EDX]
MOVSX ECX,BYTE PTR DS:[EAX+3C]
CMP ECX,1
JNE SHORT 0042C31D
MOV EDX,DWORD PTR SS:[EBP-18]
MOV EAX,DWORD PTR DS:[EDX+8]
MOVSX ECX,BYTE PTR DS:[EAX+3C]
CMP ECX,1
JNE SHORT 0042C31D
MOV EDX,DWORD PTR SS:[EBP-18]
MOV BYTE PTR DS:[EDX+3C],0
MOV EAX,DWORD PTR SS:[EBP-1C]
MOV DWORD PTR SS:[EBP-14],EAX
JMP SHORT 0042C385
MOV ECX,DWORD PTR SS:[EBP-18]
MOV EDX,DWORD PTR DS:[ECX+8]
MOVSX EAX,BYTE PTR DS:[EDX+3C]
CMP EAX,1
JNE SHORT 0042C354
MOV ECX,DWORD PTR SS:[EBP-18]
MOV EDX,DWORD PTR DS:[ECX]
MOV BYTE PTR DS:[EDX+3C],1
MOV EAX,DWORD PTR SS:[EBP-18]
MOV BYTE PTR DS:[EAX+3C],0
MOV ECX,DWORD PTR SS:[EBP-18]
PUSH ECX
MOV ECX,DWORD PTR SS:[EBP-10C]

; /Arg1
; |

0042C346 |.
fo.0042C630
0042C34B |.
0042C34E |.
0042C351 |.
0042C354 |>
0042C357 |.
0042C35A |.
0042C35D |.
0042C360 |.
0042C363 |.
0042C367 |.
0042C36A |.
0042C36D |.
0042C371 |.
0042C374 |.
0042C375 |.
0042C37B |.
fo.0042C580
0042C380 |.
0042C385 |>^
0042C38A |>
0042C38D |.
0042C38F |.
0042C392 |.
0042C395 |.
0042C399 |.
0042C39B |.
0042C39D |.
0042C3A0 |.
0042C3A4 |.
0042C3A7 |.
0042C3AB |.
0042C3AE |.
0042C3AF |.
0042C3B5 |.
fo.0042C630
0042C3BA |.
0042C3BD |.
0042C3BF |.
0042C3C2 |>
0042C3C5 |.
0042C3C9 |.
0042C3CB |.
0042C3CD |.
0042C3D0 |.
0042C3D3 |.^
0042C3D8 |>
0042C3DB |.
0042C3DE |.
0042C3E2 |.
0042C3E5 |.
0042C3E7 |.
0042C3EA |.
0042C3EC |.
0042C3F0 |.
0042C3F3 |.
0042C3F5 |.
0042C3F8 |.
0042C3FC |.

E8 E5020000

CALL 0042C630

; \SystemIn

8B55 E4
8B42 08
8945 E8
8B4D E8
8B55 E4
8A42 3C
8841 3C
8B4D E4
C641 3C 01
8B55 E8
8B42 08
C640 3C 01
8B4D E4
51
8B8D F4FEFFFF
E8 00020000

MOV EDX,DWORD PTR SS:[EBP-1C]


MOV EAX,DWORD PTR DS:[EDX+8]
MOV DWORD PTR SS:[EBP-18],EAX
MOV ECX,DWORD PTR SS:[EBP-18]
MOV EDX,DWORD PTR SS:[EBP-1C]
MOV AL,BYTE PTR DS:[EDX+3C]
MOV BYTE PTR DS:[ECX+3C],AL
MOV ECX,DWORD PTR SS:[EBP-1C]
MOV BYTE PTR DS:[ECX+3C],1
MOV EDX,DWORD PTR SS:[EBP-18]
MOV EAX,DWORD PTR DS:[EDX+8]
MOV BYTE PTR DS:[EAX+3C],1
MOV ECX,DWORD PTR SS:[EBP-1C]
PUSH ECX
MOV ECX,DWORD PTR SS:[EBP-10C]
CALL 0042C580

; /Arg1
; |
; \SystemIn

E9 E7000000
E9 DD000000
8B55 E4
8B02
8945 E8
8B4D E8
0FBE51 3C
85D2
75 25
8B45 E8
C640 3C 01
8B4D E4
C641 3C 00
8B55 E4
52
8B8D F4FEFFFF
E8 76020000

JMP 0042C46C
JMP 0042C467
MOV EDX,DWORD PTR SS:[EBP-1C]
MOV EAX,DWORD PTR DS:[EDX]
MOV DWORD PTR SS:[EBP-18],EAX
MOV ECX,DWORD PTR SS:[EBP-18]
MOVSX EDX,BYTE PTR DS:[ECX+3C]
TEST EDX,EDX
JNE SHORT 0042C3C2
MOV EAX,DWORD PTR SS:[EBP-18]
MOV BYTE PTR DS:[EAX+3C],1
MOV ECX,DWORD PTR SS:[EBP-1C]
MOV BYTE PTR DS:[ECX+3C],0
MOV EDX,DWORD PTR SS:[EBP-1C]
PUSH EDX
MOV ECX,DWORD PTR SS:[EBP-10C]
CALL 0042C630

; /Arg1
; |
; \SystemIn

8B45 E4
8B08
894D E8
8B55 E8
0FBE42 3D
85C0
74 0B
8B4D E4
894D EC
E9 8F000000
8B55 E8
8B42 08
0FBE48 3C
83F9 01
75 1D
8B55 E8
8B02
0FBE48 3C
83F9 01
75 0F
8B55 E8
C642 3C 00
8B45 E4

MOV EAX,DWORD PTR SS:[EBP-1C]


MOV ECX,DWORD PTR DS:[EAX]
MOV DWORD PTR SS:[EBP-18],ECX
MOV EDX,DWORD PTR SS:[EBP-18]
MOVSX EAX,BYTE PTR DS:[EDX+3D]
TEST EAX,EAX
JE SHORT 0042C3D8
MOV ECX,DWORD PTR SS:[EBP-1C]
MOV DWORD PTR SS:[EBP-14],ECX
JMP 0042C467
MOV EDX,DWORD PTR SS:[EBP-18]
MOV EAX,DWORD PTR DS:[EDX+8]
MOVSX ECX,BYTE PTR DS:[EAX+3C]
CMP ECX,1
JNE SHORT 0042C404
MOV EDX,DWORD PTR SS:[EBP-18]
MOV EAX,DWORD PTR DS:[EDX]
MOVSX ECX,BYTE PTR DS:[EAX+3C]
CMP ECX,1
JNE SHORT 0042C404
MOV EDX,DWORD PTR SS:[EBP-18]
MOV BYTE PTR DS:[EDX+3C],0
MOV EAX,DWORD PTR SS:[EBP-1C]

0042C3FF |.
0042C402 |.^
0042C404 |>
0042C407 |.
0042C409 |.
0042C40D |.
0042C410 |.
0042C412 |.
0042C415 |.
0042C418 |.
0042C41C |.
0042C41F |.
0042C423 |.
0042C426 |.
0042C427 |.
0042C42D |.
fo.0042C580
0042C432 |.
0042C435 |.
0042C437 |.
0042C43A |>
0042C43D |.
0042C440 |.
0042C443 |.
0042C446 |.
0042C449 |.
0042C44D |.
0042C450 |.
0042C452 |.
0042C456 |.
0042C459 |.
0042C45A |.
0042C460 |.
fo.0042C630
0042C465 |.
0042C467 |>^
0042C46C |>
0042C46F |.
0042C473 |>
0042C476 |.
0042C477 |.
fo.0042D3E0
0042C47C |.
0042C47F |.
0042C482 |.
0042C483 |.
0042C488 |.
0042C48B |.
0042C491 |.
0042C495 |.
0042C497 |.
0042C49D |.
0042C4A0 |.
0042C4A3 |.
0042C4A9 |.
0042C4AC |>
0042C4AF |.
0042C4B5 |.
0042C4B8 |.
0042C4BE |.

8945 EC
EB 63
8B4D E8
8B11
0FBE42 3C
83F8 01
75 28
8B4D E8
8B51 08
C642 3C 01
8B45 E8
C640 3C 00
8B4D E8
51
8B8D F4FEFFFF
E8 4E010000

MOV DWORD PTR SS:[EBP-14],EAX


JMP SHORT 0042C467
MOV ECX,DWORD PTR SS:[EBP-18]
MOV EDX,DWORD PTR DS:[ECX]
MOVSX EAX,BYTE PTR DS:[EDX+3C]
CMP EAX,1
JNE SHORT 0042C43A
MOV ECX,DWORD PTR SS:[EBP-18]
MOV EDX,DWORD PTR DS:[ECX+8]
MOV BYTE PTR DS:[EDX+3C],1
MOV EAX,DWORD PTR SS:[EBP-18]
MOV BYTE PTR DS:[EAX+3C],0
MOV ECX,DWORD PTR SS:[EBP-18]
PUSH ECX
MOV ECX,DWORD PTR SS:[EBP-10C]
CALL 0042C580

; /Arg1
; |
; \SystemIn

8B55 E4
8B02
8945 E8
8B4D E8
8B55 E4
8A42 3C
8841 3C
8B4D E4
C641 3C 01
8B55 E8
8B02
C640 3C 01
8B4D E4
51
8B8D F4FEFFFF
E8 CB010000

MOV EDX,DWORD PTR SS:[EBP-1C]


MOV EAX,DWORD PTR DS:[EDX]
MOV DWORD PTR SS:[EBP-18],EAX
MOV ECX,DWORD PTR SS:[EBP-18]
MOV EDX,DWORD PTR SS:[EBP-1C]
MOV AL,BYTE PTR DS:[EDX+3C]
MOV BYTE PTR DS:[ECX+3C],AL
MOV ECX,DWORD PTR SS:[EBP-1C]
MOV BYTE PTR DS:[ECX+3C],1
MOV EDX,DWORD PTR SS:[EBP-18]
MOV EAX,DWORD PTR DS:[EDX]
MOV BYTE PTR DS:[EAX+3C],1
MOV ECX,DWORD PTR SS:[EBP-1C]
PUSH ECX
MOV ECX,DWORD PTR SS:[EBP-10C]
CALL 0042C630

; /Arg1
; |
; \SystemIn

EB 05
E9 F9FDFFFF
8B55 EC
C642 3C 01
8B45 F0
50
E8 640F0000

JMP SHORT 0042C46C


JMP 0042C265
MOV EDX,DWORD PTR SS:[EBP-14]
MOV BYTE PTR DS:[EDX+3C],1
MOV EAX,DWORD PTR SS:[EBP-10]
PUSH EAX
CALL 0042D3E0

; /Arg1
; \SystemIn

83C4 04
8B4D F0
51
E8 92240000
83C4 04
8B95 F4FEFFFF
837A 1C 00
76 15
8B85 F4FEFFFF
8B48 1C
83E9 01
8B95 F4FEFFFF
894A 1C
8B45 0C
8985 F8FEFFFF
8B4D 10
898D FCFEFFFF
C785 00FFFFFF

ADD ESP,4
MOV ECX,DWORD PTR SS:[EBP-10]
PUSH ECX
CALL 0042E91A
ADD ESP,4
MOV EDX,DWORD PTR SS:[EBP-10C]
CMP DWORD PTR DS:[EDX+1C],0
JBE SHORT 0042C4AC
MOV EAX,DWORD PTR SS:[EBP-10C]
MOV ECX,DWORD PTR DS:[EAX+1C]
SUB ECX,1
MOV EDX,DWORD PTR SS:[EBP-10C]
MOV DWORD PTR DS:[EDX+1C],ECX
MOV EAX,DWORD PTR SS:[EBP+0C]
MOV DWORD PTR SS:[EBP-108],EAX
MOV ECX,DWORD PTR SS:[EBP+10]
MOV DWORD PTR SS:[EBP-104],ECX
MOV DWORD PTR SS:[EBP-100],0

0042C4C8 |.
0042C4CE |.
0042C4D4 |.
0042C4DB |.
0042C4DD |.
0042C4E2 |>
0042C4E4 |.^
0042C4E6 |.
0042C4EC |.
0042C4EE |.
0042C4F4 |.
0042C4FA |.
0042C500 |.
0042C503 |.
0042C505 |.
0042C508 |.
0042C50B |.
0042C50E |.
0042C515 |.
0042C516 |.
0042C518 |.
0042C519 \.
0042C51C
0042C51D
0042C51E
0042C51F
0042C520 /$
0042C521 |.
0042C523 |.
0042C526 |.
0042C529 |.
0042C52C |.
0042C52F |.
0042C532 |.
0042C533 |.
0042C536 |.
fo.0042CA40
0042C53B |.
0042C53E |.
0042C541 |.
0042C544 |.
0042C547 |.
0042C54A |.
0042C54D |.
0042C554 |.
0042C557 |.
0042C55A |.
0042C55D |.
0042C560 |.
0042C563 |.
0042C566 |.
0042C568 |.
0042C56B |.
0042C56E |.
0042C571 |.
0042C574 |.
0042C577 |.
0042C579 |.
0042C57A \.
0042C57B

8B95 FCFEFFFF
8995 04FFFFFF
83BD F4FEFFFF
75 05
E8 A6230000
33C0
75 FC
8B8D F4FEFFFF
8B11
8995 00FFFFFF
8B85 00FFFFFF
8B8D 04FFFFFF
8B55 08
8902
894A 04
8B45 08
8B4D F4
64:890D 00000
59
8BE5
5D
C2 0C00
CC
CC
CC
CC
55
8BEC
83EC 10
894D F0
8B45 F0
8B48 18
8B51 04
52
8B4D F0
E8 05050000
8B45
8B48
8B55
8B42
8941
8B4D
C741
8B55
8B42
8945
8B4D
8B55
8B42
8901
8B4D
8B51
8B45
8B48
894A
8BE5
5D
C3
CC

MOV EDX,DWORD PTR SS:[EBP-104]


MOV DWORD PTR SS:[EBP-0FC],EDX
CMP DWORD PTR SS:[EBP-10C],0
JNE SHORT 0042C4E2
CALL 0042E888
/XOR EAX,EAX
\JNE SHORT 0042C4E2
MOV ECX,DWORD PTR SS:[EBP-10C]
MOV EDX,DWORD PTR DS:[ECX]
MOV DWORD PTR SS:[EBP-100],EDX
MOV EAX,DWORD PTR SS:[EBP-100]
MOV ECX,DWORD PTR SS:[EBP-0FC]
MOV EDX,DWORD PTR SS:[EBP+8]
MOV DWORD PTR DS:[EDX],EAX
MOV DWORD PTR DS:[EDX+4],ECX
MOV EAX,DWORD PTR SS:[EBP+8]
MOV ECX,DWORD PTR SS:[EBP-0C]
MOV DWORD PTR FS:[0],ECX
POP ECX
MOV ESP,EBP
POP EBP
RETN 0C
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
SUB ESP,10
MOV DWORD PTR SS:[LOCAL.4],ECX
MOV EAX,DWORD PTR SS:[LOCAL.4]
MOV ECX,DWORD PTR DS:[EAX+18]
MOV EDX,DWORD PTR DS:[ECX+4]
PUSH EDX
MOV ECX,DWORD PTR SS:[LOCAL.4]
CALL 0042CA40

F0
MOV EAX,DWORD PTR SS:[LOCAL.4]
18
MOV ECX,DWORD PTR DS:[EAX+18]
F0
MOV EDX,DWORD PTR SS:[LOCAL.4]
18
MOV EAX,DWORD PTR DS:[EDX+18]
04
MOV DWORD PTR DS:[ECX+4],EAX
F0
MOV ECX,DWORD PTR SS:[LOCAL.4]
1C 00000 MOV DWORD PTR DS:[ECX+1C],0
F0
MOV EDX,DWORD PTR SS:[LOCAL.4]
18
MOV EAX,DWORD PTR DS:[EDX+18]
F4
MOV DWORD PTR SS:[LOCAL.3],EAX
F4
MOV ECX,DWORD PTR SS:[LOCAL.3]
F0
MOV EDX,DWORD PTR SS:[LOCAL.4]
18
MOV EAX,DWORD PTR DS:[EDX+18]
MOV DWORD PTR DS:[ECX],EAX
F0
MOV ECX,DWORD PTR SS:[LOCAL.4]
18
MOV EDX,DWORD PTR DS:[ECX+18]
F0
MOV EAX,DWORD PTR SS:[LOCAL.4]
18
MOV ECX,DWORD PTR DS:[EAX+18]
08
MOV DWORD PTR DS:[EDX+8],ECX
MOV ESP,EBP
POP EBP
RETN
INT3

; /Arg1
; |
; \SystemIn

0042C57C
CC
0042C57D
CC
0042C57E
CC
0042C57F
CC
0042C580 /$ 55
o.0042C580(guessed Arg1)
0042C581 |. 8BEC
0042C583 |. 83EC 10
0042C586 |. 894D F0
0042C589 |. 8B45 08
0042C58C |. 8B48 08
0042C58F |. 894D FC
0042C592 |. 8B55 08
0042C595 |. 8B45 FC
0042C598 |. 8B08
0042C59A |. 894A 08
0042C59D |. 8B55 FC
0042C5A0 |. 8B02
0042C5A2 |. 0FBE48 3D
0042C5A6 |. 85C9
0042C5A8 |. 75 0B
0042C5AA |. 8B55 FC
0042C5AD |. 8B02
0042C5AF |. 8B4D 08
0042C5B2 |. 8948 04
0042C5B5 |> 8B55 FC
0042C5B8 |. 8B45 08
0042C5BB |. 8B48 04
0042C5BE |. 894A 04
0042C5C1 |. 8B55 F0
0042C5C4 |. 8B42 18
0042C5C7 |. 8B4D 08
0042C5CA |. 3B48 04
0042C5CD |. 75 0E
0042C5CF |. 8B55 F0
0042C5D2 |. 8B42 18
0042C5D5 |. 8B4D FC
0042C5D8 |. 8948 04
0042C5DB |. EB 32
0042C5DD |> 8B55 08
0042C5E0 |. 8B42 04
0042C5E3 |. 8945 F8
0042C5E6 |. 8B4D F8
0042C5E9 |. 8B55 08
0042C5EC |. 3B11
0042C5EE |. 75 13
0042C5F0 |. 8B45 08
0042C5F3 |. 8B48 04
0042C5F6 |. 894D F4
0042C5F9 |. 8B55 F4
0042C5FC |. 8B45 FC
0042C5FF |. 8902
0042C601 |. EB 0C
0042C603 |> 8B4D 08
0042C606 |. 8B51 04
0042C609 |. 8B45 FC
0042C60C |. 8942 08
0042C60F |> 8B4D FC
0042C612 |. 8B55 08
0042C615 |. 8911

INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
SUB ESP,10
MOV DWORD PTR SS:[LOCAL.4],ECX
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ECX,DWORD PTR DS:[EAX+8]
MOV DWORD PTR SS:[LOCAL.1],ECX
MOV EDX,DWORD PTR SS:[ARG.1]
MOV EAX,DWORD PTR SS:[LOCAL.1]
MOV ECX,DWORD PTR DS:[EAX]
MOV DWORD PTR DS:[EDX+8],ECX
MOV EDX,DWORD PTR SS:[LOCAL.1]
MOV EAX,DWORD PTR DS:[EDX]
MOVSX ECX,BYTE PTR DS:[EAX+3D]
TEST ECX,ECX
JNE SHORT 0042C5B5
MOV EDX,DWORD PTR SS:[LOCAL.1]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR DS:[EAX+4],ECX
MOV EDX,DWORD PTR SS:[LOCAL.1]
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR DS:[EDX+4],ECX
MOV EDX,DWORD PTR SS:[LOCAL.4]
MOV EAX,DWORD PTR DS:[EDX+18]
MOV ECX,DWORD PTR SS:[ARG.1]
CMP ECX,DWORD PTR DS:[EAX+4]
JNE SHORT 0042C5DD
MOV EDX,DWORD PTR SS:[LOCAL.4]
MOV EAX,DWORD PTR DS:[EDX+18]
MOV ECX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR DS:[EAX+4],ECX
JMP SHORT 0042C60F
MOV EDX,DWORD PTR SS:[ARG.1]
MOV EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.2],EAX
MOV ECX,DWORD PTR SS:[LOCAL.2]
MOV EDX,DWORD PTR SS:[ARG.1]
CMP EDX,DWORD PTR DS:[ECX]
JNE SHORT 0042C603
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[LOCAL.3],ECX
MOV EDX,DWORD PTR SS:[LOCAL.3]
MOV EAX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR DS:[EDX],EAX
JMP SHORT 0042C60F
MOV ECX,DWORD PTR SS:[ARG.1]
MOV EDX,DWORD PTR DS:[ECX+4]
MOV EAX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR DS:[EDX+8],EAX
MOV ECX,DWORD PTR SS:[LOCAL.1]
MOV EDX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR DS:[ECX],EDX

; SystemInf

0042C617 |. 8B45 08
0042C61A |. 8B4D FC
0042C61D |. 8948 04
0042C620 |. 8BE5
0042C622 |. 5D
0042C623 \. C2 0400
0042C626
CC
0042C627
CC
0042C628
CC
0042C629
CC
0042C62A
CC
0042C62B
CC
0042C62C
CC
0042C62D
CC
0042C62E
CC
0042C62F
CC
0042C630 /$ 55
o.0042C630(guessed Arg1)
0042C631 |. 8BEC
0042C633 |. 83EC 0C
0042C636 |. 894D F4
0042C639 |. 8B45 08
0042C63C |. 8B08
0042C63E |. 894D FC
0042C641 |. 8B55 08
0042C644 |. 8B45 FC
0042C647 |. 8B48 08
0042C64A |. 890A
0042C64C |. 8B55 FC
0042C64F |. 8B42 08
0042C652 |. 0FBE48 3D
0042C656 |. 85C9
0042C658 |. 75 0C
0042C65A |. 8B55 FC
0042C65D |. 8B42 08
0042C660 |. 8B4D 08
0042C663 |. 8948 04
0042C666 |> 8B55 FC
0042C669 |. 8B45 08
0042C66C |. 8B48 04
0042C66F |. 894A 04
0042C672 |. 8B55 F4
0042C675 |. 8B42 18
0042C678 |. 8B4D 08
0042C67B |. 3B48 04
0042C67E |. 75 0E
0042C680 |. 8B55 F4
0042C683 |. 8B42 18
0042C686 |. 8B4D FC
0042C689 |. 8948 04
0042C68C |. EB 2D
0042C68E |> 8B55 08
0042C691 |. 8B42 04
0042C694 |. 8B4D 08
0042C697 |. 3B48 08
0042C69A |. 75 0E
0042C69C |. 8B55 08
0042C69F |. 8B42 04
0042C6A2 |. 8B4D FC
0042C6A5 |. 8948 08

MOV EAX,DWORD PTR SS:[ARG.1]


MOV ECX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR DS:[EAX+4],ECX
MOV ESP,EBP
POP EBP
RETN 4
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
SUB ESP,0C
MOV DWORD PTR SS:[LOCAL.3],ECX
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ECX,DWORD PTR DS:[EAX]
MOV DWORD PTR SS:[LOCAL.1],ECX
MOV EDX,DWORD PTR SS:[ARG.1]
MOV EAX,DWORD PTR SS:[LOCAL.1]
MOV ECX,DWORD PTR DS:[EAX+8]
MOV DWORD PTR DS:[EDX],ECX
MOV EDX,DWORD PTR SS:[LOCAL.1]
MOV EAX,DWORD PTR DS:[EDX+8]
MOVSX ECX,BYTE PTR DS:[EAX+3D]
TEST ECX,ECX
JNE SHORT 0042C666
MOV EDX,DWORD PTR SS:[LOCAL.1]
MOV EAX,DWORD PTR DS:[EDX+8]
MOV ECX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR DS:[EAX+4],ECX
MOV EDX,DWORD PTR SS:[LOCAL.1]
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR DS:[EDX+4],ECX
MOV EDX,DWORD PTR SS:[LOCAL.3]
MOV EAX,DWORD PTR DS:[EDX+18]
MOV ECX,DWORD PTR SS:[ARG.1]
CMP ECX,DWORD PTR DS:[EAX+4]
JNE SHORT 0042C68E
MOV EDX,DWORD PTR SS:[LOCAL.3]
MOV EAX,DWORD PTR DS:[EDX+18]
MOV ECX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR DS:[EAX+4],ECX
JMP SHORT 0042C6BB
MOV EDX,DWORD PTR SS:[ARG.1]
MOV EAX,DWORD PTR DS:[EDX+4]
MOV ECX,DWORD PTR SS:[ARG.1]
CMP ECX,DWORD PTR DS:[EAX+8]
JNE SHORT 0042C6AA
MOV EDX,DWORD PTR SS:[ARG.1]
MOV EAX,DWORD PTR DS:[EDX+4]
MOV ECX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR DS:[EAX+8],ECX

; SystemInf

0042C6A8 |.
0042C6AA |>
0042C6AD |.
0042C6B0 |.
0042C6B3 |.
0042C6B6 |.
0042C6B9 |.
0042C6BB |>
0042C6BE |.
0042C6C1 |.
0042C6C4 |.
0042C6C7 |.
0042C6CA |.
0042C6CD |.
0042C6CF |.
0042C6D0 \.
0042C6D3
0042C6D4
0042C6D5
0042C6D6
0042C6D7
0042C6D8
0042C6D9
0042C6DA
0042C6DB
0042C6DC
0042C6DD
0042C6DE
0042C6DF
0042C6E0 /$
0042C6E1 |.
0042C6E3 |.
0042C6E5 |.
0042C6EA |.
0042C6F0 |.
0042C6F1 |.
0042C6F2 |.
0042C6F5 |.
0042C6F6 |.
0042C6F7 |.
0042C6F8 |.
0042C6FD |.
0042C6FF |.
0042C700 |.
0042C703 |.
0042C709 |.
0042C70C |.
0042C70F |.
0042C711 |.
0042C714 |.
0042C717 |.
fo.0042CAA0
0042C71C |.
0042C71F |.
0042C726 |.
0042C72D |.
0042C734 |.
0042C737 |.
0042C73A |.
0042C73D |.

EB 11
8B55 08
8B42 04
8945 F8
8B4D F8
8B55 FC
8911
8B45 FC
8B4D 08
8948 08
8B55 08
8B45 FC
8942 04
8BE5
5D
C2 0400
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
55
8BEC
6A FF
68 B06B4400
64:A1 0000000
50
51
83EC 50
53
56
57
A1 A0154500
33C5
50
8D45 F4
64:A3 0000000
8965 F0
894D AC
6A 01
8B4D AC
83C1 0C
E8 84030000
8945
C745
C745
C745
8B45
8945
8B4D
894D

JMP SHORT 0042C6BB


MOV EDX,DWORD PTR SS:[ARG.1]
MOV EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.2],EAX
MOV ECX,DWORD PTR SS:[LOCAL.2]
MOV EDX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR DS:[ECX],EDX
MOV EAX,DWORD PTR SS:[LOCAL.1]
MOV ECX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR DS:[EAX+8],ECX
MOV EDX,DWORD PTR SS:[ARG.1]
MOV EAX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR DS:[EDX+4],EAX
MOV ESP,EBP
POP EBP
RETN 4
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
PUSH -1
PUSH 00446BB0
MOV EAX,DWORD PTR FS:[0]
PUSH EAX
PUSH ECX
SUB ESP,50
PUSH EBX
PUSH ESI
PUSH EDI
MOV EAX,DWORD PTR DS:[4515A0]
XOR EAX,EBP
PUSH EAX
LEA EAX,[LOCAL.3]
MOV DWORD PTR FS:[0],EAX
MOV DWORD PTR SS:[LOCAL.4],ESP
MOV DWORD PTR SS:[LOCAL.21],ECX
PUSH 1
MOV ECX,DWORD PTR SS:[LOCAL.21]
ADD ECX,0C
CALL 0042CAA0

E8
MOV DWORD PTR SS:[LOCAL.6],EAX
EC 00000 MOV DWORD PTR SS:[LOCAL.5],0
FC 00000 MOV DWORD PTR SS:[LOCAL.1],0
E4 00000 MOV DWORD PTR SS:[LOCAL.7],0
E8
MOV EAX,DWORD PTR SS:[LOCAL.6]
C4
MOV DWORD PTR SS:[LOCAL.15],EAX
C4
MOV ECX,DWORD PTR SS:[LOCAL.15]
C0
MOV DWORD PTR SS:[LOCAL.16],ECX

;
;
;
;

/Arg1 = 1
|
|
\SystemIn

0042C740 |.
0042C744 |.
0042C746 |.
0042C749 |.
0042C74C |.
0042C74E |.
0042C751 |.
0042C754 |.
0042C756 |>
0042C75D |>
0042C760 |.
0042C763 |.
0042C766 |.
0042C76D |.
0042C770 |.
0042C773 |.
0042C776 |.
0042C779 |.
0042C77C |.
0042C780 |.
0042C782 |.
0042C785 |.
0042C788 |.
0042C78A |.
0042C78D |.
0042C790 |.
0042C792 |>
0042C799 |>
0042C79C |.
0042C79F |.
0042C7A2 |.
0042C7A9 |.
0042C7AC |.
0042C7AF |.
0042C7B2 |.
0042C7B5 |.
0042C7B8 |.
0042C7BC |.
0042C7BE |.
0042C7C1 |.
0042C7C4 |.
0042C7C6 |.
0042C7C9 |.
0042C7CC |.
0042C7CE |>
0042C7D5 \>
0042C7D7 /.
0042C7DA |.
0042C7DB |.
0042C7E0 |.
0042C7E3 |.
0042C7E5 |.
0042C7E7 |.
fo.0042E925
0042C7EC |.
0042C7F3 |.
0042C7F8 \.
0042C7F9 />
0042C800 |.
0042C803 |.

837D C0 00
74 10
8B55 C0
8B45 E4
8902
8B4D C0
894D A8
EB 07
C745 A8 00000
8B55 EC
83C2 01
8955 EC
C745 E0 00000
8B45 E8
83C0 04
8945 BC
8B4D BC
894D B8
837D B8 00
74 10
8B55 B8
8B45 E0
8902
8B4D B8
894D A4
EB 07
C745 A4 00000
8B55 EC
83C2 01
8955 EC
C745 DC 00000
8B45 E8
83C0 08
8945 B4
8B4D B4
894D B0
837D B0 00
74 10
8B55 B0
8B45 DC
8902
8B4D B0
894D A0
EB 07
C745 A0 00000
EB 22
8B55 E8
52
E8 3A210000
83C4 04
6A 00
6A 00
E8 39210000

CMP DWORD PTR SS:[LOCAL.16],0


JE SHORT 0042C756
MOV EDX,DWORD PTR SS:[LOCAL.16]
MOV EAX,DWORD PTR SS:[LOCAL.7]
MOV DWORD PTR DS:[EDX],EAX
MOV ECX,DWORD PTR SS:[LOCAL.16]
MOV DWORD PTR SS:[LOCAL.22],ECX
JMP SHORT 0042C75D
MOV DWORD PTR SS:[LOCAL.22],0
MOV EDX,DWORD PTR SS:[LOCAL.5]
ADD EDX,1
MOV DWORD PTR SS:[LOCAL.5],EDX
MOV DWORD PTR SS:[LOCAL.8],0
MOV EAX,DWORD PTR SS:[LOCAL.6]
ADD EAX,4
MOV DWORD PTR SS:[LOCAL.17],EAX
MOV ECX,DWORD PTR SS:[LOCAL.17]
MOV DWORD PTR SS:[LOCAL.18],ECX
CMP DWORD PTR SS:[LOCAL.18],0
JE SHORT 0042C792
MOV EDX,DWORD PTR SS:[LOCAL.18]
MOV EAX,DWORD PTR SS:[LOCAL.8]
MOV DWORD PTR DS:[EDX],EAX
MOV ECX,DWORD PTR SS:[LOCAL.18]
MOV DWORD PTR SS:[LOCAL.23],ECX
JMP SHORT 0042C799
MOV DWORD PTR SS:[LOCAL.23],0
MOV EDX,DWORD PTR SS:[LOCAL.5]
ADD EDX,1
MOV DWORD PTR SS:[LOCAL.5],EDX
MOV DWORD PTR SS:[LOCAL.9],0
MOV EAX,DWORD PTR SS:[LOCAL.6]
ADD EAX,8
MOV DWORD PTR SS:[LOCAL.19],EAX
MOV ECX,DWORD PTR SS:[LOCAL.19]
MOV DWORD PTR SS:[LOCAL.20],ECX
CMP DWORD PTR SS:[LOCAL.20],0
JE SHORT 0042C7CE
MOV EDX,DWORD PTR SS:[LOCAL.20]
MOV EAX,DWORD PTR SS:[LOCAL.9]
MOV DWORD PTR DS:[EDX],EAX
MOV ECX,DWORD PTR SS:[LOCAL.20]
MOV DWORD PTR SS:[LOCAL.24],ECX
JMP SHORT 0042C7D5
MOV DWORD PTR SS:[LOCAL.24],0
JMP SHORT 0042C7F9
MOV EDX,DWORD PTR SS:[EBP-18]
PUSH EDX
CALL 0042E91A
ADD ESP,4
PUSH 0
PUSH 0
CALL 0042E925

C745 FC FFFFF
B8 00C84200
C3
C745 FC FFFFF
8B45 E8
C640 3C 01

MOV DWORD PTR SS:[EBP-4],-1


MOV EAX,0042C800
RETN
MOV DWORD PTR SS:[LOCAL.1],-1
MOV EAX,DWORD PTR SS:[LOCAL.6]
MOV BYTE PTR DS:[EAX+3C],1

; /Arg2 = 0
; |Arg1 = 0
; \SystemIn

0042C807 |. 8B4D E8
MOV ECX,DWORD PTR SS:[LOCAL.6]
0042C80A |. C641 3D 00
MOV BYTE PTR DS:[ECX+3D],0
0042C80E |. 8B45 E8
MOV EAX,DWORD PTR SS:[LOCAL.6]
0042C811 |. 8B4D F4
MOV ECX,DWORD PTR SS:[LOCAL.3]
0042C814 |. 64:890D 00000 MOV DWORD PTR FS:[0],ECX
0042C81B |. 59
POP ECX
0042C81C |. 5F
POP EDI
0042C81D |. 5E
POP ESI
0042C81E |. 5B
POP EBX
0042C81F |. 8BE5
MOV ESP,EBP
0042C821 |. 5D
POP EBP
0042C822 \. C3
RETN
0042C823
CC
INT3
0042C824
CC
INT3
0042C825
CC
INT3
0042C826
CC
INT3
0042C827
CC
INT3
0042C828
CC
INT3
0042C829
CC
INT3
0042C82A
CC
INT3
0042C82B
CC
INT3
0042C82C
CC
INT3
0042C82D
CC
INT3
0042C82E
CC
INT3
0042C82F
CC
INT3
0042C830 /$ 55
PUSH EBP
o.0042C830(guessed Arg1,Arg2,Arg3,Arg4,Arg5)
0042C831 |. 8BEC
MOV EBP,ESP
0042C833 |. 6A FF
PUSH -1
0042C835 |. 68 E16B4400 PUSH 00446BE1
0042C83A |. 64:A1 0000000 MOV EAX,DWORD PTR FS:[0]
0042C840 |. 50
PUSH EAX
0042C841 |. 51
PUSH ECX
0042C842 |. 83EC 40
SUB ESP,40
0042C845 |. 53
PUSH EBX
0042C846 |. 56
PUSH ESI
0042C847 |. 57
PUSH EDI
0042C848 |. A1 A0154500 MOV EAX,DWORD PTR DS:[4515A0]
0042C84D |. 33C5
XOR EAX,EBP
0042C84F |. 50
PUSH EAX
0042C850 |. 8D45 F4
LEA EAX,[LOCAL.3]
0042C853 |. 64:A3 0000000 MOV DWORD PTR FS:[0],EAX
0042C859 |. 8965 F0
MOV DWORD PTR SS:[LOCAL.4],ESP
0042C85C |. 894D B4
MOV DWORD PTR SS:[LOCAL.19],ECX
0042C85F |. 6A 00
PUSH 0
0042C861 |. 6A 01
PUSH 1
0042C863 |. E8 180B0000 CALL 0042D380
0042C868 |. 83C4 08
ADD ESP,8
0042C86B |. 8945 EC
MOV DWORD PTR SS:[LOCAL.5],EAX
0042C86E |. C745 FC 00000 MOV DWORD PTR SS:[LOCAL.1],0
0042C875 |. 8B45 EC
MOV EAX,DWORD PTR SS:[LOCAL.5]
0042C878 |. 8945 E4
MOV DWORD PTR SS:[LOCAL.7],EAX
0042C87B |. C645 FC 01
MOV BYTE PTR SS:[LOCAL.1],1
0042C87F |. 837D E4 00
CMP DWORD PTR SS:[LOCAL.7],0
0042C883 |. 74 59
JE SHORT 0042C8DE
0042C885 |. 8B4D E4
MOV ECX,DWORD PTR SS:[LOCAL.7]
0042C888 |. 8B55 08
MOV EDX,DWORD PTR SS:[ARG.1]
0042C88B |. 8911
MOV DWORD PTR DS:[ECX],EDX
0042C88D |. 8B45 E4
MOV EAX,DWORD PTR SS:[LOCAL.7]
0042C890 |. 8B4D 0C
MOV ECX,DWORD PTR SS:[ARG.2]

; SystemInf

0042C893 |.
0042C896 |.
0042C899 |.
0042C89C |.
0042C89F |.
0042C8A2 |.
0042C8A5 |.
0042C8A8 |.
0042C8AB |.
[ARG.4]
0042C8AC |.
0042C8AF |.
fo.0040AD10
0042C8B4 |.
0042C8B7 |.
0042C8BA |.
0042C8BD |.
0042C8C0 |.
0042C8C3 |.
0042C8C6 |.
0042C8C9 |.
0042C8CC |.
0042C8CF |.
0042C8D2 |.
0042C8D6 |.
0042C8D9 |.
0042C8DC |.
0042C8DE |>
0042C8E5 |>
0042C8E8 |.
0042C8EB |.
0042C8EF \.
0042C8F1 /.
0042C8F4 |.
0042C8F5 |.
0042C8FA |.
0042C8FD |.
0042C8FF |.
0042C901 |.
fo.0042E925
0042C906 |.
0042C90D |.
0042C912 \.
0042C913 />
0042C91A |.
0042C91D |.
0042C920 |.
0042C927 |.
0042C928 |.
0042C929 |.
0042C92A |.
0042C92B |.
0042C92D |.
0042C92E \.
0042C931
0042C932
0042C933
0042C934
0042C935
0042C936

8948
8B55
8B45
8942
8B4D
83C1
894D
8B55
52

04
E4
10
08
E4
0C
B8
14

MOV DWORD PTR


MOV EDX,DWORD
MOV EAX,DWORD
MOV DWORD PTR
MOV ECX,DWORD
ADD ECX,0C
MOV DWORD PTR
MOV EDX,DWORD
PUSH EDX

DS:[EAX+4],ECX
PTR SS:[LOCAL.7]
PTR SS:[ARG.3]
DS:[EDX+8],EAX
PTR SS:[LOCAL.7]
SS:[LOCAL.18],ECX
PTR SS:[ARG.4]
; /Arg1 =>

8B4D B8
E8 5CE4FDFF

MOV ECX,DWORD PTR SS:[LOCAL.18]


CALL 0040AD10

; |
; \SystemIn

8B45 14
8B48 28
8B50 2C
8B45 B8
8948 28
8950 2C
8B4D E4
8A55 18
8851 3C
8B45 E4
C640 3D 00
8B4D E4
894D B0
EB 07
C745 B0 00000
8B55 B0
8955 E8
C645 FC 00
EB 22
8B45 EC
50
E8 20200000
83C4 04
6A 00
6A 00
E8 1F200000

MOV EAX,DWORD PTR SS:[ARG.4]


MOV ECX,DWORD PTR DS:[EAX+28]
MOV EDX,DWORD PTR DS:[EAX+2C]
MOV EAX,DWORD PTR SS:[LOCAL.18]
MOV DWORD PTR DS:[EAX+28],ECX
MOV DWORD PTR DS:[EAX+2C],EDX
MOV ECX,DWORD PTR SS:[LOCAL.7]
MOV DL,BYTE PTR SS:[ARG.5]
MOV BYTE PTR DS:[ECX+3C],DL
MOV EAX,DWORD PTR SS:[LOCAL.7]
MOV BYTE PTR DS:[EAX+3D],0
MOV ECX,DWORD PTR SS:[LOCAL.7]
MOV DWORD PTR SS:[LOCAL.20],ECX
JMP SHORT 0042C8E5
MOV DWORD PTR SS:[LOCAL.20],0
MOV EDX,DWORD PTR SS:[LOCAL.20]
MOV DWORD PTR SS:[LOCAL.6],EDX
MOV BYTE PTR SS:[LOCAL.1],0
JMP SHORT 0042C913
MOV EAX,DWORD PTR SS:[EBP-14]
PUSH EAX
CALL 0042E91A
ADD ESP,4
PUSH 0
PUSH 0
CALL 0042E925

; /Arg2 = 0
; |Arg1 = 0
; \SystemIn

C745 FC FFFFF
B8 1AC94200
C3
C745 FC FFFFF
8B45 EC
8B4D F4
64:890D 00000
59
5F
5E
5B
8BE5
5D
C2 1400
CC
CC
CC
CC
CC
CC

MOV DWORD PTR SS:[EBP-4],-1


MOV EAX,0042C91A
RETN
MOV DWORD PTR SS:[LOCAL.1],-1
MOV EAX,DWORD PTR SS:[LOCAL.5]
MOV ECX,DWORD PTR SS:[LOCAL.3]
MOV DWORD PTR FS:[0],ECX
POP ECX
POP EDI
POP ESI
POP EBX
MOV ESP,EBP
POP EBP
RETN 14
INT3
INT3
INT3
INT3
INT3
INT3

0042C937
CC
0042C938
CC
0042C939
CC
0042C93A
CC
0042C93B
CC
0042C93C
CC
0042C93D
CC
0042C93E
CC
0042C93F
CC
0042C940 /$ 55
o.0042C940(guessed Arg1)
0042C941 |. 8BEC
0042C943 |. 83EC 1C
0042C946 |. 894D E4
0042C949 |. 8B45 08
0042C94C |. 8945 FC
0042C94F |. EB 06
0042C951 |> 8B4D FC
0042C954 |. 894D 08
0042C957 |> 8B55 FC
0042C95A |. 0FBE42 29
0042C95E |. 85C0
0042C960 |. 75 47
0042C962 |. 8B4D FC
0042C965 |. 8B51 08
0042C968 |. 52
0042C969 |. 8B4D E4
0042C96C |. E8 CFFFFFFF
fo.0042C940
0042C971 |. 8B45 FC
0042C974 |. 8B08
0042C976 |. 894D FC
0042C979 |. 6A 00
0042C97B |. 6A 01
0042C97D |. 8B4D 08
0042C980 |. 83C1 0C
0042C983 |. E8 D831FEFF
fo.0040FB60
0042C988 |. 33D2
0042C98A |. 83E2 01
0042C98D |. 74 0C
0042C98F |. 8B45 08
0042C992 |. 50
0042C993 |. E8 821F0000
0042C998 |. 83C4 04
0042C99B |> 8B4D 08
0042C99E |. 51
0042C99F |. E8 761F0000
0042C9A4 |. 83C4 04
0042C9A7 |.^ EB A8
0042C9A9 |> 8BE5
0042C9AB |. 5D
0042C9AC \. C2 0400
0042C9AF
CC
0042C9B0 /$ 55
o.0042C9B0(guessed Arg1)
0042C9B1 |. 8BEC
0042C9B3 |. 83EC 44
0042C9B6 |. 894D BC
0042C9B9 |. 8B45 08

INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP

; SystemInf

MOV EBP,ESP
SUB ESP,1C
MOV DWORD PTR SS:[LOCAL.7],ECX
MOV EAX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR SS:[LOCAL.1],EAX
JMP SHORT 0042C957
/MOV ECX,DWORD PTR SS:[LOCAL.1]
|MOV DWORD PTR SS:[ARG.1],ECX
|MOV EDX,DWORD PTR SS:[LOCAL.1]
|MOVSX EAX,BYTE PTR DS:[EDX+29]
|TEST EAX,EAX
|JNE SHORT 0042C9A9
|MOV ECX,DWORD PTR SS:[LOCAL.1]
|MOV EDX,DWORD PTR DS:[ECX+8]
|PUSH EDX
|MOV ECX,DWORD PTR SS:[LOCAL.7]
|CALL 0042C940

; /Arg1
; |
; \SystemIn

|MOV EAX,DWORD
|MOV ECX,DWORD
|MOV DWORD PTR
|PUSH 0
|PUSH 1
|MOV ECX,DWORD
|ADD ECX,0C
|CALL 0040FB60

;
;
;
;
;

PTR SS:[LOCAL.1]
PTR DS:[EAX]
SS:[LOCAL.1],ECX
PTR SS:[ARG.1]

|XOR EDX,EDX
|AND EDX,00000001
|JE SHORT 0042C99B
|MOV EAX,DWORD PTR SS:[ARG.1]
|PUSH EAX
|CALL 0042E91A
|ADD ESP,4
|MOV ECX,DWORD PTR SS:[ARG.1]
|PUSH ECX
|CALL 0042E91A
|ADD ESP,4
\JMP SHORT 0042C951
MOV ESP,EBP
POP EBP
RETN 4
INT3
PUSH EBP
MOV
SUB
MOV
MOV

EBP,ESP
ESP,44
DWORD PTR SS:[LOCAL.17],ECX
EAX,DWORD PTR SS:[ARG.1]

/Arg2 = 0
|Arg1 = 1
|
|
\SystemIn

; SystemInf

0042C9BC |. 8945 FC
0042C9BF |. EB 06
0042C9C1 |> 8B4D FC
0042C9C4 |. 894D 08
0042C9C7 |> 8B55 FC
0042C9CA |. 0FBE82 D50000
0042C9D1 |. 85C0
0042C9D3 |. 75 40
0042C9D5 |. 8B4D FC
0042C9D8 |. 8B51 08
0042C9DB |. 52
0042C9DC |. 8B4D BC
0042C9DF |. E8 CCFFFFFF
fo.0042C9B0
0042C9E4 |. 8B45 FC
0042C9E7 |. 8B08
0042C9E9 |. 894D FC
0042C9EC |. 8B4D 08
0042C9EF |. E8 6C0A0000
fo.0042D460
0042C9F4 |. 33D2
0042C9F6 |. 83E2 01
0042C9F9 |. 74 0C
0042C9FB |. 8B45 08
0042C9FE |. 50
0042C9FF |. E8 161F0000
0042CA04 |. 83C4 04
0042CA07 |> 8B4D 08
0042CA0A |. 51
0042CA0B |. E8 0A1F0000
0042CA10 |. 83C4 04
0042CA13 |.^ EB AC
0042CA15 |> 8BE5
0042CA17 |. 5D
0042CA18 \. C2 0400
0042CA1B
CC
0042CA1C
CC
0042CA1D
CC
0042CA1E
CC
0042CA1F
CC
0042CA20 /$ 55
o.0042CA20(guessed Arg1)
0042CA21 |. 8BEC
0042CA23 |. 83EC 14
0042CA26 |. 894D EC
0042CA29 |. 6A 00
0042CA2B |. 8B45 08
0042CA2E |. 50
0042CA2F |. E8 DC080000
0042CA34 |. 83C4 08
0042CA37 |. 8BE5
0042CA39 |. 5D
0042CA3A \. C2 0400
0042CA3D
CC
0042CA3E
CC
0042CA3F
CC
0042CA40 /$ 55
o.0042CA40(guessed Arg1)
0042CA41 |. 8BEC
0042CA43 |. 83EC 2C

MOV DWORD PTR SS:[LOCAL.1],EAX


JMP SHORT 0042C9C7
/MOV ECX,DWORD PTR SS:[LOCAL.1]
|MOV DWORD PTR SS:[ARG.1],ECX
|MOV EDX,DWORD PTR SS:[LOCAL.1]
|MOVSX EAX,BYTE PTR DS:[EDX+0D5]
|TEST EAX,EAX
|JNE SHORT 0042CA15
|MOV ECX,DWORD PTR SS:[LOCAL.1]
|MOV EDX,DWORD PTR DS:[ECX+8]
|PUSH EDX
|MOV ECX,DWORD PTR SS:[LOCAL.17]
|CALL 0042C9B0

; /Arg1
; |
; \SystemIn

|MOV EAX,DWORD
|MOV ECX,DWORD
|MOV DWORD PTR
|MOV ECX,DWORD
|CALL 0042D460

; [SystemIn

PTR SS:[LOCAL.1]
PTR DS:[EAX]
SS:[LOCAL.1],ECX
PTR SS:[ARG.1]

|XOR EDX,EDX
|AND EDX,00000001
|JE SHORT 0042CA07
|MOV EAX,DWORD PTR SS:[ARG.1]
|PUSH EAX
|CALL 0042E91A
|ADD ESP,4
|MOV ECX,DWORD PTR SS:[ARG.1]
|PUSH ECX
|CALL 0042E91A
|ADD ESP,4
\JMP SHORT 0042C9C1
MOV ESP,EBP
POP EBP
RETN 4
INT3
INT3
INT3
INT3
INT3
PUSH EBP

; SystemInf

MOV EBP,ESP
SUB ESP,14
MOV DWORD PTR SS:[LOCAL.5],ECX
PUSH 0
MOV EAX,DWORD PTR SS:[ARG.1]
PUSH EAX
CALL 0042D310
ADD ESP,8
MOV ESP,EBP
POP EBP
RETN 4
INT3
INT3
INT3
PUSH EBP

; SystemInf

MOV EBP,ESP
SUB ESP,2C

0042CA46 |. 894D D4
0042CA49 |. 8B45 08
0042CA4C |. 8945 FC
0042CA4F |. EB 06
0042CA51 |> 8B4D FC
0042CA54 |. 894D 08
0042CA57 |> 8B55 FC
0042CA5A |. 0FBE42 3D
0042CA5E |. 85C0
0042CA60 |. 75 31
0042CA62 |. 8B4D FC
0042CA65 |. 8B51 08
0042CA68 |. 52
0042CA69 |. 8B4D D4
0042CA6C |. E8 CFFFFFFF
fo.0042CA40
0042CA71 |. 8B45 FC
0042CA74 |. 8B08
0042CA76 |. 894D FC
0042CA79 |. 8B55 08
0042CA7C |. 52
[ARG.1]
0042CA7D |. E8 5E090000
fo.0042D3E0
0042CA82 |. 83C4 04
0042CA85 |. 8B45 08
0042CA88 |. 50
0042CA89 |. E8 8C1E0000
0042CA8E |. 83C4 04
0042CA91 |.^ EB BE
0042CA93 |> 8BE5
0042CA95 |. 5D
0042CA96 \. C2 0400
0042CA99
CC
0042CA9A
CC
0042CA9B
CC
0042CA9C
CC
0042CA9D
CC
0042CA9E
CC
0042CA9F
CC
0042CAA0 /$ 55
o.0042CAA0(guessed Arg1)
0042CAA1 |. 8BEC
0042CAA3 |. 83EC 14
0042CAA6 |. 894D EC
0042CAA9 |. 6A 00
0042CAAB |. 8B45 08
0042CAAE |. 50
0042CAAF |. E8 CC080000
0042CAB4 |. 83C4 08
0042CAB7 |. 8BE5
0042CAB9 |. 5D
0042CABA \. C2 0400
0042CABD
CC
0042CABE
CC
0042CABF
CC
0042CAC0 /$ 55
0042CAC1 |. 8BEC
0042CAC3 |. 83EC 14
0042CAC6 |. 894D EC

MOV DWORD PTR SS:[LOCAL.11],ECX


MOV EAX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR SS:[LOCAL.1],EAX
JMP SHORT 0042CA57
/MOV ECX,DWORD PTR SS:[LOCAL.1]
|MOV DWORD PTR SS:[ARG.1],ECX
|MOV EDX,DWORD PTR SS:[LOCAL.1]
|MOVSX EAX,BYTE PTR DS:[EDX+3D]
|TEST EAX,EAX
|JNE SHORT 0042CA93
|MOV ECX,DWORD PTR SS:[LOCAL.1]
|MOV EDX,DWORD PTR DS:[ECX+8]
|PUSH EDX
|MOV ECX,DWORD PTR SS:[LOCAL.11]
|CALL 0042CA40

; /Arg1
; |
; \SystemIn

|MOV EAX,DWORD
|MOV ECX,DWORD
|MOV DWORD PTR
|MOV EDX,DWORD
|PUSH EDX

; /Arg1 =>

PTR SS:[LOCAL.1]
PTR DS:[EAX]
SS:[LOCAL.1],ECX
PTR SS:[ARG.1]

|CALL 0042D3E0

; \SystemIn

|ADD ESP,4
|MOV EAX,DWORD PTR SS:[ARG.1]
|PUSH EAX
|CALL 0042E91A
|ADD ESP,4
\JMP SHORT 0042CA51
MOV ESP,EBP
POP EBP
RETN 4
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP

; SystemInf

MOV EBP,ESP
SUB ESP,14
MOV DWORD PTR SS:[LOCAL.5],ECX
PUSH 0
MOV EAX,DWORD PTR SS:[ARG.1]
PUSH EAX
CALL 0042D380
ADD ESP,8
MOV ESP,EBP
POP EBP
RETN 4
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
SUB ESP,14
MOV DWORD PTR SS:[LOCAL.5],ECX

0042CAC9
0042CACC
0042CACE
0042CAD1
0042CAD4
0042CAD7
0042CAD9
0042CADB
0042CAE0
0042CAE2
0042CAE4
0042CAE7
0042CAEA
0042CAEE
0042CAF0
0042CAF2
0042CAF5
0042CAF8
0042CAFB
0042CAFE
0042CB01
0042CB04
0042CB07
0042CB0B
0042CB0D
0042CB0F
0042CB14
0042CB19
0042CB1C
0042CB1F
0042CB22
0042CB25
0042CB27
0042CB2B
0042CB2D
0042CB2F
0042CB32
0042CB35
0042CB38
0042CB3B
0042CB3D
0042CB40
0042CB43
0042CB46
0042CB4A
0042CB4C
0042CB4E
0042CB51
0042CB54
0042CB57
0042CB59
0042CB5C
0042CB5F
0042CB62
0042CB64
0042CB67
0042CB6A
0042CB6D
0042CB70
0042CB73

|.
|.
|.
|.
|.
|.
|.
|.
|>
|.^
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.^
|>
|.
|.
|.
|>
|.
|.
|.
|.
|.

8B45 EC
33C9
8338 00
0F95C1
0FB6D1
85D2
75 05
E8 A81D0000
33C0
75 FC
8B4D EC
8B51 04
0FBE42 3D
85C0
74 27
8B4D EC
8B51 04
8B45 EC
8B4A 08
8948 04
8B55 EC
8B42 04
0FBE48 3D
85C9
74 05
E8 741D0000
E9 98000000
8B55 EC
8B42 04
8945 F8
8B4D F8
8B11
0FBE42 3D
85C0
75 35
8B4D EC
8B51 04
8955 F4
8B45 F4
8B08
894D F0
8B55 F0
8B42 08
0FBE48 3D
85C9
75 0B
8B55 F0
8B42 08
8945 F0
EB E7
8B4D EC
8B55 F0
8951 04
EB 4D
8B45 EC
8B48 04
8B51 04
8955 FC
8B45 FC
0FBE48 3D

MOV EAX,DWORD PTR SS:[LOCAL.5]


XOR ECX,ECX
CMP DWORD PTR DS:[EAX],0
SETNE CL
MOVZX EDX,CL
TEST EDX,EDX
JNE SHORT 0042CAE0
CALL 0042E888
/XOR EAX,EAX
\JNE SHORT 0042CAE0
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV EDX,DWORD PTR DS:[ECX+4]
MOVSX EAX,BYTE PTR DS:[EDX+3D]
TEST EAX,EAX
JE SHORT 0042CB19
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV EDX,DWORD PTR DS:[ECX+4]
MOV EAX,DWORD PTR SS:[LOCAL.5]
MOV ECX,DWORD PTR DS:[EDX+8]
MOV DWORD PTR DS:[EAX+4],ECX
MOV EDX,DWORD PTR SS:[LOCAL.5]
MOV EAX,DWORD PTR DS:[EDX+4]
MOVSX ECX,BYTE PTR DS:[EAX+3D]
TEST ECX,ECX
JE SHORT 0042CB14
CALL 0042E888
JMP 0042CBB1
MOV EDX,DWORD PTR SS:[LOCAL.5]
MOV EAX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR SS:[LOCAL.2],EAX
MOV ECX,DWORD PTR SS:[LOCAL.2]
MOV EDX,DWORD PTR DS:[ECX]
MOVSX EAX,BYTE PTR DS:[EDX+3D]
TEST EAX,EAX
JNE SHORT 0042CB64
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV EDX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR SS:[LOCAL.3],EDX
MOV EAX,DWORD PTR SS:[LOCAL.3]
MOV ECX,DWORD PTR DS:[EAX]
MOV DWORD PTR SS:[LOCAL.4],ECX
/MOV EDX,DWORD PTR SS:[LOCAL.4]
|MOV EAX,DWORD PTR DS:[EDX+8]
|MOVSX ECX,BYTE PTR DS:[EAX+3D]
|TEST ECX,ECX
|JNE SHORT 0042CB59
|MOV EDX,DWORD PTR SS:[LOCAL.4]
|MOV EAX,DWORD PTR DS:[EDX+8]
|MOV DWORD PTR SS:[LOCAL.4],EAX
\JMP SHORT 0042CB40
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV EDX,DWORD PTR SS:[LOCAL.4]
MOV DWORD PTR DS:[ECX+4],EDX
JMP SHORT 0042CBB1
/MOV EAX,DWORD PTR SS:[LOCAL.5]
|MOV ECX,DWORD PTR DS:[EAX+4]
|MOV EDX,DWORD PTR DS:[ECX+4]
|MOV DWORD PTR SS:[LOCAL.1],EDX
|MOV EAX,DWORD PTR SS:[LOCAL.1]
|MOVSX ECX,BYTE PTR DS:[EAX+3D]

0042CB77 |. 85C9
|TEST ECX,ECX
0042CB79 |. 75 18
|JNE SHORT 0042CB93
0042CB7B |. 8B55 EC
|MOV EDX,DWORD PTR SS:[LOCAL.5]
0042CB7E |. 8B45 FC
|MOV EAX,DWORD PTR SS:[LOCAL.1]
0042CB81 |. 8B4A 04
|MOV ECX,DWORD PTR DS:[EDX+4]
0042CB84 |. 3B08
|CMP ECX,DWORD PTR DS:[EAX]
0042CB86 |. 75 0B
|JNE SHORT 0042CB93
0042CB88 |. 8B55 EC
|MOV EDX,DWORD PTR SS:[LOCAL.5]
0042CB8B |. 8B45 FC
|MOV EAX,DWORD PTR SS:[LOCAL.1]
0042CB8E |. 8942 04
|MOV DWORD PTR DS:[EDX+4],EAX
0042CB91 |.^ EB D1
\JMP SHORT 0042CB64
0042CB93 |> 8B4D EC
MOV ECX,DWORD PTR SS:[LOCAL.5]
0042CB96 |. 8B51 04
MOV EDX,DWORD PTR DS:[ECX+4]
0042CB99 |. 0FBE42 3D
MOVSX EAX,BYTE PTR DS:[EDX+3D]
0042CB9D |. 85C0
TEST EAX,EAX
0042CB9F |. 74 07
JE SHORT 0042CBA8
0042CBA1 |. E8 E21C0000 CALL 0042E888
0042CBA6 |. EB 09
JMP SHORT 0042CBB1
0042CBA8 |> 8B4D EC
MOV ECX,DWORD PTR SS:[LOCAL.5]
0042CBAB |. 8B55 FC
MOV EDX,DWORD PTR SS:[LOCAL.1]
0042CBAE |. 8951 04
MOV DWORD PTR DS:[ECX+4],EDX
0042CBB1 |> 8BE5
MOV ESP,EBP
0042CBB3 |. 5D
POP EBP
0042CBB4 \. C3
RETN
0042CBB5
CC
INT3
0042CBB6
CC
INT3
0042CBB7
CC
INT3
0042CBB8
CC
INT3
0042CBB9
CC
INT3
0042CBBA
CC
INT3
0042CBBB
CC
INT3
0042CBBC
CC
INT3
0042CBBD
CC
INT3
0042CBBE
CC
INT3
0042CBBF
CC
INT3
0042CBC0 /$ 55
PUSH EBP
o.0042CBC0(guessed Arg1,Arg2)
0042CBC1 |. 8BEC
MOV EBP,ESP
0042CBC3 |. 6A FF
PUSH -1
0042CBC5 |. 68 086C4400 PUSH 00446C08
0042CBCA |. 64:A1 0000000 MOV EAX,DWORD PTR FS:[0]
0042CBD0 |. 50
PUSH EAX
0042CBD1 |. 83EC 34
SUB ESP,34
0042CBD4 |. A1 A0154500 MOV EAX,DWORD PTR DS:[4515A0]
0042CBD9 |. 33C5
XOR EAX,EBP
0042CBDB |. 50
PUSH EAX
0042CBDC |. 8D45 F4
LEA EAX,[LOCAL.3]
0042CBDF |. 64:A3 0000000 MOV DWORD PTR FS:[0],EAX
0042CBE5 |. 894D C8
MOV DWORD PTR SS:[LOCAL.14],ECX
0042CBE8 |. 8D45 CF
LEA EAX,[LOCAL.13+3]
0042CBEB |. 8945 EC
MOV DWORD PTR SS:[LOCAL.5],EAX
0042CBEE |. C745 FC 00000 MOV DWORD PTR SS:[LOCAL.1],0
0042CBF5 |. 6A 00
PUSH 0
0042CBF7 |. 6A 01
PUSH 1
0042CBF9 |. E8 62EBFDFF CALL 0040B760
0042CBFE |. 83C4 08
ADD ESP,8
0042CC01 |. 8945 E0
MOV DWORD PTR SS:[LOCAL.8],EAX
0042CC04 |. 8B4D E0
MOV ECX,DWORD PTR SS:[LOCAL.8]
0042CC07 |. 894D E4
MOV DWORD PTR SS:[LOCAL.7],ECX
0042CC0A |. 837D E4 00
CMP DWORD PTR SS:[LOCAL.7],0

; SystemInf

0042CC0E |. 74 10
JE SHORT 0042CC20
0042CC10 |. 8B55 E4
MOV EDX,DWORD PTR SS:[LOCAL.7]
0042CC13 |. 8B45 C8
MOV EAX,DWORD PTR SS:[LOCAL.14]
0042CC16 |. 8902
MOV DWORD PTR DS:[EDX],EAX
0042CC18 |. 8B4D E4
MOV ECX,DWORD PTR SS:[LOCAL.7]
0042CC1B |. 894D C4
MOV DWORD PTR SS:[LOCAL.15],ECX
0042CC1E |. EB 07
JMP SHORT 0042CC27
0042CC20 |> C745 C4 00000 MOV DWORD PTR SS:[LOCAL.15],0
0042CC27 |> 8B55 C4
MOV EDX,DWORD PTR SS:[LOCAL.15]
0042CC2A |. 8955 E8
MOV DWORD PTR SS:[LOCAL.6],EDX
0042CC2D |. 8B45 C8
MOV EAX,DWORD PTR SS:[LOCAL.14]
0042CC30 |. 8B4D E8
MOV ECX,DWORD PTR SS:[LOCAL.6]
0042CC33 |. 8908
MOV DWORD PTR DS:[EAX],ECX
0042CC35 |. C745 FC FFFFF MOV DWORD PTR SS:[LOCAL.1],-1
0042CC3C |. 8B55 C8
MOV EDX,DWORD PTR SS:[LOCAL.14]
0042CC3F |. 8955 C0
MOV DWORD PTR SS:[LOCAL.16],EDX
0042CC42 |. 8B45 C8
MOV EAX,DWORD PTR SS:[LOCAL.14]
0042CC45 |. 8B4D F4
MOV ECX,DWORD PTR SS:[LOCAL.3]
0042CC48 |. 64:890D 00000 MOV DWORD PTR FS:[0],ECX
0042CC4F |. 59
POP ECX
0042CC50 |. 8BE5
MOV ESP,EBP
0042CC52 |. 5D
POP EBP
0042CC53 \. C2 0800
RETN 8
0042CC56
CC
INT3
0042CC57
CC
INT3
0042CC58
CC
INT3
0042CC59
CC
INT3
0042CC5A
CC
INT3
0042CC5B
CC
INT3
0042CC5C
CC
INT3
0042CC5D
CC
INT3
0042CC5E
CC
INT3
0042CC5F
CC
INT3
0042CC60 /$ 55
PUSH EBP
o.0042CC60(guessed Arg1,Arg2,Arg3)
0042CC61 |. 8BEC
MOV EBP,ESP
0042CC63 |. 6A FF
PUSH -1
0042CC65 |. 68 516C4400 PUSH 00446C51
0042CC6A |. 64:A1 0000000 MOV EAX,DWORD PTR FS:[0]
0042CC70 |. 50
PUSH EAX
0042CC71 |. 81EC B8000000 SUB ESP,0B8
0042CC77 |. A1 A0154500 MOV EAX,DWORD PTR DS:[4515A0]
0042CC7C |. 33C5
XOR EAX,EBP
0042CC7E |. 50
PUSH EAX
0042CC7F |. 8D45 F4
LEA EAX,[LOCAL.3]
0042CC82 |. 64:A3 0000000 MOV DWORD PTR FS:[0],EAX
0042CC88 |. C745 D4 00000 MOV DWORD PTR SS:[LOCAL.11],0
0042CC8F |. 8B45 0C
MOV EAX,DWORD PTR SS:[ARG.2]
0042CC92 |. 50
PUSH EAX
[ARG.2]
0042CC93 |. 8D4D D8
LEA ECX,[LOCAL.10]
0042CC96 |. E8 551FFEFF CALL 0040EBF0
fo.0040EBF0
0042CC9B |. 8985 3CFFFFFF MOV DWORD PTR SS:[LOCAL.49],EAX
0042CCA1 |. 8B8D 3CFFFFFF MOV ECX,DWORD PTR SS:[LOCAL.49]
0042CCA7 |. 894D 88
MOV DWORD PTR SS:[LOCAL.30],ECX
0042CCAA |. C745 FC 01000 MOV DWORD PTR SS:[LOCAL.1],1
0042CCB1 |. 8B15 AC874400 MOV EDX,DWORD PTR DS:[4487AC]
0042CCB7 |. 52
PUSH EDX
[4487AC] = -1

; SystemInf

; /Arg1 =>
; |
; \SystemIn

; /Arg3 =>

0042CCB8 |. 6A 00
PUSH 0
0042CCBA |. 8B45 10
MOV EAX,DWORD PTR SS:[ARG.3]
0042CCBD |. 50
PUSH EAX
[ARG.3]
0042CCBE |. 8B4D 88
MOV ECX,DWORD PTR SS:[LOCAL.30]
0042CCC1 |. E8 2A20FEFF CALL 0040ECF0
fo.0040ECF0
0042CCC6 |. 8945 84
MOV DWORD PTR SS:[LOCAL.31],EAX
0042CCC9 |. 6A 00
PUSH 0
0042CCCB |. 6A 00
PUSH 0
0042CCCD |. 8B4D 08
MOV ECX,DWORD PTR SS:[ARG.1]
0042CCD0 |. E8 8B2EFEFF CALL 0040FB60
fo.0040FB60
0042CCD5 |. 8B0D AC874400 MOV ECX,DWORD PTR DS:[4487AC]
0042CCDB |. 51
PUSH ECX
[4487AC] = -1
0042CCDC |. 6A 00
PUSH 0
0042CCDE |. 8B55 84
MOV EDX,DWORD PTR SS:[LOCAL.31]
0042CCE1 |. 52
PUSH EDX
[LOCAL.31]
0042CCE2 |. 8B4D 08
MOV ECX,DWORD PTR SS:[ARG.1]
0042CCE5 |. E8 3623FEFF CALL 0040F020
fo.0040F020
0042CCEA |. 8B45 D4
MOV EAX,DWORD PTR SS:[LOCAL.11]
0042CCED |. 83C8 01
OR EAX,00000001
0042CCF0 |. 8945 D4
MOV DWORD PTR SS:[LOCAL.11],EAX
0042CCF3 |. C645 FC 00
MOV BYTE PTR SS:[LOCAL.1],0
0042CCF7 |. 6A 00
PUSH 0
0042CCF9 |. 6A 01
PUSH 1
0042CCFB |. 8D4D D8
LEA ECX,[LOCAL.10]
0042CCFE |. E8 5D2EFEFF CALL 0040FB60
fo.0040FB60
0042CD03 |. 8B45 08
MOV EAX,DWORD PTR SS:[ARG.1]
0042CD06 |. 8B4D F4
MOV ECX,DWORD PTR SS:[LOCAL.3]
0042CD09 |. 64:890D 00000 MOV DWORD PTR FS:[0],ECX
0042CD10 |. 59
POP ECX
0042CD11 |. 8BE5
MOV ESP,EBP
0042CD13 |. 5D
POP EBP
0042CD14 \. C3
RETN
0042CD15
CC
INT3
0042CD16
CC
INT3
0042CD17
CC
INT3
0042CD18
CC
INT3
0042CD19
CC
INT3
0042CD1A
CC
INT3
0042CD1B
CC
INT3
0042CD1C
CC
INT3
0042CD1D
CC
INT3
0042CD1E
CC
INT3
0042CD1F
CC
INT3
0042CD20 /$ 55
PUSH EBP
o.0042CD20(guessed Arg1,Arg2,Arg3)
0042CD21 |. 8BEC
MOV EBP,ESP
0042CD23 |. 6A FF
PUSH -1
0042CD25 |. 68 916C4400 PUSH 00446C91
0042CD2A |. 64:A1 0000000 MOV EAX,DWORD PTR FS:[0]
0042CD30 |. 50
PUSH EAX
0042CD31 |. 81EC 88000000 SUB ESP,88
0042CD37 |. A1 A0154500 MOV EAX,DWORD PTR DS:[4515A0]
0042CD3C |. 33C5
XOR EAX,EBP

; |Arg2 = 0
; |
; |Arg1 =>
; |
; \SystemIn
;
;
;
;

/Arg2 = 0
|Arg1 = 0
|
\SystemIn

; /Arg3 =>
; |Arg2 = 0
; |
; |Arg1 =>
; |
; \SystemIn

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

; SystemInf

0042CD3E |.
0042CD3F |.
0042CD42 |.
0042CD48 |.
0042CD4F |.
0042CD51 |.
0042CD53 |.
0042CD56 |.
fo.0040FB60
0042CD5B |.
0042CD60 |.
[4487AC] = -1
0042CD61 |.
0042CD63 |.
0042CD66 |.
[ARG.2]
0042CD67 |.
0042CD6A |.
fo.0040F020
0042CD6F |.
0042CD72 |.
0042CD75 |.
0042CD7C |.
0042CD80 |.
0042CD81 |.
0042CD83 |.
0042CD86 |.
fo.0040EF80
0042CD8B |.
0042CD8E |.
0042CD90 |.
0042CD92 |.
0042CD95 |.
fo.0040FB60
0042CD9A |.
0042CDA0 |.
[4487AC] = -1
0042CDA1 |.
0042CDA3 |.
0042CDA6 |.
[LOCAL.20]
0042CDA7 |.
0042CDAA |.
fo.0040F020
0042CDAF |.
0042CDB2 |.
0042CDB5 |.
0042CDB8 |.
0042CDBC |.
0042CDBE |.
0042CDC0 |.
0042CDC3 |.
fo.0040FB60
0042CDC8 |.
0042CDCB |.
0042CDCE |.
0042CDD5 |.
0042CDD6 |.
0042CDD8 |.
0042CDD9 \.

50
8D45 F4
64:A3 0000000
C745 D4 00000
6A 00
6A 00
8D4D D8
E8 052EFEFF

PUSH EAX
LEA EAX,[LOCAL.3]
MOV DWORD PTR FS:[0],EAX
MOV DWORD PTR SS:[LOCAL.11],0
PUSH 0
PUSH 0
LEA ECX,[LOCAL.10]
CALL 0040FB60

;
;
;
;

A1 AC874400
50

MOV EAX,DWORD PTR DS:[4487AC]


PUSH EAX

; /Arg3 =>

6A 00
8B4D 0C
51

PUSH 0
MOV ECX,DWORD PTR SS:[ARG.2]
PUSH ECX

; |Arg2 = 0
; |
; |Arg1 =>

8D4D D8
E8 B122FEFF

LEA ECX,[LOCAL.10]
CALL 0040F020

; |
; \SystemIn

8D55 D8
8955 B4
C745 FC 01000
0FB645 10
50
6A 01
8B4D B4
E8 F521FEFF

LEA EDX,[LOCAL.10]
MOV DWORD PTR SS:[LOCAL.19],EDX
MOV DWORD PTR SS:[LOCAL.1],1
MOVZX EAX,BYTE PTR SS:[ARG.3]
PUSH EAX
PUSH 1
MOV ECX,DWORD PTR SS:[LOCAL.19]
CALL 0040EF80

;
;
;
;

/Arg2
|Arg1 = 1
|
\SystemIn

8945 B0
6A 00
6A 00
8B4D 08
E8 C62DFEFF

MOV DWORD PTR SS:[LOCAL.20],EAX


PUSH 0
PUSH 0
MOV ECX,DWORD PTR SS:[ARG.1]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 0
|
\SystemIn

/Arg2 = 0
|Arg1 = 0
|
\SystemIn

8B0D AC874400 MOV ECX,DWORD PTR DS:[4487AC]


51
PUSH ECX

; /Arg3 =>

6A 00
8B55 B0
52

PUSH 0
MOV EDX,DWORD PTR SS:[LOCAL.20]
PUSH EDX

; |Arg2 = 0
; |
; |Arg1 =>

8B4D 08
E8 7122FEFF

MOV ECX,DWORD PTR SS:[ARG.1]


CALL 0040F020

; |
; \SystemIn

8B45 D4
83C8 01
8945 D4
C645 FC 00
6A 00
6A 01
8D4D D8
E8 982DFEFF

MOV EAX,DWORD PTR SS:[LOCAL.11]


OR EAX,00000001
MOV DWORD PTR SS:[LOCAL.11],EAX
MOV BYTE PTR SS:[LOCAL.1],0
PUSH 0
PUSH 1
LEA ECX,[LOCAL.10]
CALL 0040FB60

;
;
;
;

8B45 08
MOV EAX,DWORD PTR SS:[ARG.1]
8B4D F4
MOV ECX,DWORD PTR SS:[LOCAL.3]
64:890D 00000 MOV DWORD PTR FS:[0],ECX
59
POP ECX
8BE5
MOV ESP,EBP
5D
POP EBP
C3
RETN

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

0042CDDA
0042CDDB
0042CDDC
0042CDDD
0042CDDE
0042CDDF
0042CDE0 /$
0042CDE1 |.
0042CDE3 |.
0042CDE5 |.
0042CDEA |.
0042CDF0 |.
0042CDF1 |.
0042CDF2 |.
0042CDF8 |.
0042CDF9 |.
0042CDFA |.
0042CDFB |.
0042CE00 |.
0042CE02 |.
0042CE03 |.
0042CE06 |.
0042CE0C |.
0042CE0F |.
0042CE16 |.
0042CE19 |.
[ARG.1]
0042CE1A |.
0042CE1D |.
fo.0040FDA0
0042CE22 |.
0042CE29 |.
0042CE2C |.
0042CE2F |.
0042CE33 |.
0042CE35 |.
0042CE3B |.
0042CE3E |.
0042CE40 |.
0042CE43 |.
0042CE46 |.
0042CE4A |.
0042CE4D |.
0042CE51 |.
0042CE53 |.
0042CE5D |.
0042CE5F |>
0042CE62 |.
0042CE64 |.
0042CE67 |.
0042CE6A |.
0042CE6E |.
0042CE71 |.
0042CE74 |.
0042CE77 |.
0042CE7D |>
0042CE83 |.
0042CE86 |.
0042CE8A |.
0042CE8D |.

CC
CC
CC
CC
CC
CC
55
8BEC
6A FF
68 C06C4400
64:A1 0000000
50
51
81EC B8000000
53
56
57
A1 A0154500
33C5
50
8D45 F4
64:A3 0000000
8965 F0
C745 EC 00000
8B45 08
50

INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
PUSH -1
PUSH 00446CC0
MOV EAX,DWORD PTR FS:[0]
PUSH EAX
PUSH ECX
SUB ESP,0B8
PUSH EBX
PUSH ESI
PUSH EDI
MOV EAX,DWORD PTR DS:[4515A0]
XOR EAX,EBP
PUSH EAX
LEA EAX,[LOCAL.3]
MOV DWORD PTR FS:[0],EAX
MOV DWORD PTR SS:[LOCAL.4],ESP
MOV DWORD PTR SS:[LOCAL.5],0
MOV EAX,DWORD PTR SS:[ARG.1]
PUSH EAX

; /Arg1 =>

8D4D E4
E8 7E2FFEFF

LEA ECX,[LOCAL.7]
CALL 0040FDA0

; |
; \SystemIn

C745 FC 00000
8A4D E8
884D B3
0FB655 B3
85D2
0F84 49020000
8B45 08
8B08
8B51 04
8B45 08
8B4C10 18
894D AC
837D AC 01
7F 0C
C785 4CFFFFFF
EB 1E
8B55 08
8B02
8B48 04
8B55 08
8B440A 18
8945 A8
8B4D A8
83E9 01
898D 4CFFFFFF
8B95 4CFFFFFF
8955 E0
C645 FC 01
8B45 08
8B08

MOV DWORD PTR SS:[LOCAL.1],0


MOV CL,BYTE PTR SS:[LOCAL.6]
MOV BYTE PTR SS:[LOCAL.20+3],CL
MOVZX EDX,BYTE PTR SS:[LOCAL.20+3]
TEST EDX,EDX
JE 0042D084
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR DS:[ECX+4]
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ECX,DWORD PTR DS:[EDX+EAX+18]
MOV DWORD PTR SS:[LOCAL.21],ECX
CMP DWORD PTR SS:[LOCAL.21],1
JG SHORT 0042CE5F
MOV DWORD PTR SS:[LOCAL.45],0
JMP SHORT 0042CE7D
MOV EDX,DWORD PTR SS:[ARG.1]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR DS:[EAX+4]
MOV EDX,DWORD PTR SS:[ARG.1]
MOV EAX,DWORD PTR DS:[ECX+EDX+18]
MOV DWORD PTR SS:[LOCAL.22],EAX
MOV ECX,DWORD PTR SS:[LOCAL.22]
SUB ECX,1
MOV DWORD PTR SS:[LOCAL.45],ECX
MOV EDX,DWORD PTR SS:[LOCAL.45]
MOV DWORD PTR SS:[LOCAL.8],EDX
MOV BYTE PTR SS:[LOCAL.1],1
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ECX,DWORD PTR DS:[EAX]

0042CE8F |.
0042CE92 |.
0042CE95 |.
0042CE99 |.
0042CE9C |.
0042CE9F |.
0042CEA5 |.
0042CEA8 |.
0042CEAA |.
0042CEAC |>
0042CEAF |.
0042CEB2 |.
0042CEB5 |>
0042CEB9 |.
0042CEBB |.
0042CEBF |.
0042CEC1 |.
0042CEC4 |.
0042CEC6 |.
0042CEC9 |.
0042CECC |.
0042CED0 |.
0042CED3 |.
0042CED6 |.
0042CED8 |.
0042CEDB |.
0042CEDE |.
0042CEE2 |.
0042CEE5 |.
0042CEE9 |.
0042CEEA |.
0042CEED |.
fo.0040FC10
0042CEF2 |.
0042CEF8 |.
0042CEFE |.
0042CF01 |.
0042CF08 |.
0042CF0B |.
0042CF0D |.
0042CF10 |.
0042CF13 |.
0042CF16 |.
0042CF18 |.^
0042CF1A |.
0042CF1D |.
0042CF20 |.
0042CF23 |>^
0042CF25 |>
0042CF29 |.
0042CF2B |.
0042CF2E |.
0042CF30 |.
0042CF33 |.
0042CF36 |.
0042CF3A |.
0042CF3D |.
0042CF41 |.
0042CF42 |.
0042CF45 |.

8B51 04
8B45 08
8B4C10 10
894D A4
8B55 A4
81E2 C0010000
83FA 40
74 7B
EB 09
8B45 E0
83E8 01
8945 E0
837D EC 00
75 6A
837D E0 00
7E 64
8B4D 08
8B11
8B42 04
8B4D 08
8A5401 30
8855 A3
8B45 08
8B08
8B51 04
8B45 08
8B4C10 28
894D 9C
0FB655 A3
52
8B4D 9C
E8 1E2DFEFF

MOV EDX,DWORD PTR DS:[ECX+4]


MOV EAX,DWORD PTR SS:[ARG.1]
MOV ECX,DWORD PTR DS:[EDX+EAX+10]
MOV DWORD PTR SS:[LOCAL.23],ECX
MOV EDX,DWORD PTR SS:[LOCAL.23]
AND EDX,000001C0
CMP EDX,40
JE SHORT 0042CF25
JMP SHORT 0042CEB5
/MOV EAX,DWORD PTR SS:[LOCAL.8]
|SUB EAX,1
|MOV DWORD PTR SS:[LOCAL.8],EAX
|CMP DWORD PTR SS:[LOCAL.5],0
|JNE SHORT 0042CF25
|CMP DWORD PTR SS:[LOCAL.8],0
|JLE SHORT 0042CF25
|MOV ECX,DWORD PTR SS:[ARG.1]
|MOV EDX,DWORD PTR DS:[ECX]
|MOV EAX,DWORD PTR DS:[EDX+4]
|MOV ECX,DWORD PTR SS:[ARG.1]
|MOV DL,BYTE PTR DS:[EAX+ECX+30]
|MOV BYTE PTR SS:[LOCAL.24+3],DL
|MOV EAX,DWORD PTR SS:[ARG.1]
|MOV ECX,DWORD PTR DS:[EAX]
|MOV EDX,DWORD PTR DS:[ECX+4]
|MOV EAX,DWORD PTR SS:[ARG.1]
|MOV ECX,DWORD PTR DS:[EDX+EAX+28]
|MOV DWORD PTR SS:[LOCAL.25],ECX
|MOVZX EDX,BYTE PTR SS:[LOCAL.24+3]
|PUSH EDX
|MOV ECX,DWORD PTR SS:[LOCAL.25]
|CALL 0040FC10

; /Arg1
; |
; \SystemIn

8985 48FFFFFF
8B85 48FFFFFF
8945 DC
C745 D8 FFFFF
8B4D D8
33D2
3B4D DC
0F94C2
0FB6C2
85C0
74 09
8B4D EC
83C9 04
894D EC
EB 87
837D EC 00
75 50
8B55 08
8B02
8B48 04
8B55 08
8B440A 28
8945 90
0FB64D 0C
51
8B4D 90
E8 C62CFEFF

|MOV DWORD PTR SS:[LOCAL.46],EAX


|MOV EAX,DWORD PTR SS:[LOCAL.46]
|MOV DWORD PTR SS:[LOCAL.9],EAX
|MOV DWORD PTR SS:[LOCAL.10],-1
|MOV ECX,DWORD PTR SS:[LOCAL.10]
|XOR EDX,EDX
|CMP ECX,DWORD PTR SS:[LOCAL.9]
|SETE DL
|MOVZX EAX,DL
|TEST EAX,EAX
|JE SHORT 0042CF23
|MOV ECX,DWORD PTR SS:[LOCAL.5]
|OR ECX,00000004
|MOV DWORD PTR SS:[LOCAL.5],ECX
\JMP SHORT 0042CEAC
CMP DWORD PTR SS:[LOCAL.5],0
JNE SHORT 0042CF7B
MOV EDX,DWORD PTR SS:[ARG.1]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR DS:[EAX+4]
MOV EDX,DWORD PTR SS:[ARG.1]
MOV EAX,DWORD PTR DS:[ECX+EDX+28]
MOV DWORD PTR SS:[LOCAL.28],EAX
MOVZX ECX,BYTE PTR SS:[ARG.2]
PUSH ECX
MOV ECX,DWORD PTR SS:[LOCAL.28]
CALL 0040FC10

; /Arg1
; |
; \SystemIn

fo.0040FC10
0042CF4A |.
0042CF50 |.
0042CF56 |.
0042CF59 |.
0042CF60 |.
0042CF63 |.
0042CF65 |.
0042CF68 |.
0042CF6B |.
0042CF6E |.
0042CF70 |.
0042CF72 |.
0042CF75 |.
0042CF78 |.
0042CF7B |>
0042CF7D |>
0042CF80 |.
0042CF83 |.
0042CF86 |>
0042CF8A |.
0042CF8C |.
0042CF90 |.
0042CF92 |.
0042CF95 |.
0042CF97 |.
0042CF9A |.
0042CF9D |.
0042CFA1 |.
0042CFA4 |.
0042CFA7 |.
0042CFA9 |.
0042CFAC |.
0042CFAF |.
0042CFB3 |.
0042CFB6 |.
0042CFBA |.
0042CFBB |.
0042CFBE |.
fo.0040FC10
0042CFC3 |.
0042CFC9 |.
0042CFCF |.
0042CFD2 |.
0042CFD9 |.
0042CFDC |.
0042CFDE |.
0042CFE1 |.
0042CFE4 |.
0042CFE7 |.
0042CFE9 |.^
0042CFEB |.
0042CFEE |.
0042CFF1 |.
0042CFF4 \>^
0042CFF6 >
0042CFFB /.
0042CFFE |.
0042D000 |.
0042D003 |.

8985 44FFFFFF
8B95 44FFFFFF
8955 D4
C745 D0 FFFFF
8B45 D0
33C9
3B45 D4
0F94C1
0FB6D1
85D2
74 09
8B45 EC
83C8 04
8945 EC
EB 09
8B4D E0
83E9 01
894D E0
837D EC 00
75 6A
837D E0 00
7E 64
8B55 08
8B02
8B48 04
8B55 08
8A440A 30
8845 87
8B4D 08
8B11
8B42 04
8B4D 08
8B5401 28
8955 80
0FB645 87
50
8B4D 80
E8 4D2CFEFF

MOV DWORD PTR SS:[LOCAL.47],EAX


MOV EDX,DWORD PTR SS:[LOCAL.47]
MOV DWORD PTR SS:[LOCAL.11],EDX
MOV DWORD PTR SS:[LOCAL.12],-1
MOV EAX,DWORD PTR SS:[LOCAL.12]
XOR ECX,ECX
CMP EAX,DWORD PTR SS:[LOCAL.11]
SETE CL
MOVZX EDX,CL
TEST EDX,EDX
JE SHORT 0042CF7B
MOV EAX,DWORD PTR SS:[LOCAL.5]
OR EAX,00000004
MOV DWORD PTR SS:[LOCAL.5],EAX
JMP SHORT 0042CF86
/MOV ECX,DWORD PTR SS:[LOCAL.8]
|SUB ECX,1
|MOV DWORD PTR SS:[LOCAL.8],ECX
|CMP DWORD PTR SS:[LOCAL.5],0
|JNE SHORT 0042CFF6
|CMP DWORD PTR SS:[LOCAL.8],0
|JLE SHORT 0042CFF6
|MOV EDX,DWORD PTR SS:[ARG.1]
|MOV EAX,DWORD PTR DS:[EDX]
|MOV ECX,DWORD PTR DS:[EAX+4]
|MOV EDX,DWORD PTR SS:[ARG.1]
|MOV AL,BYTE PTR DS:[ECX+EDX+30]
|MOV BYTE PTR SS:[LOCAL.31+3],AL
|MOV ECX,DWORD PTR SS:[ARG.1]
|MOV EDX,DWORD PTR DS:[ECX]
|MOV EAX,DWORD PTR DS:[EDX+4]
|MOV ECX,DWORD PTR SS:[ARG.1]
|MOV EDX,DWORD PTR DS:[EAX+ECX+28]
|MOV DWORD PTR SS:[LOCAL.32],EDX
|MOVZX EAX,BYTE PTR SS:[LOCAL.31+3]
|PUSH EAX
|MOV ECX,DWORD PTR SS:[LOCAL.32]
|CALL 0040FC10

8985 40FFFFFF
8B8D 40FFFFFF
894D CC
C745 C8 FFFFF
8B55 C8
33C0
3B55 CC
0F94C0
0FB6C8
85C9
74 09
8B55 EC
83CA 04
8955 EC
EB 87
E9 82000000
8B45 08
8B08
8B55 08
0351 04

|MOV DWORD PTR SS:[LOCAL.48],EAX


|MOV ECX,DWORD PTR SS:[LOCAL.48]
|MOV DWORD PTR SS:[LOCAL.13],ECX
|MOV DWORD PTR SS:[LOCAL.14],-1
|MOV EDX,DWORD PTR SS:[LOCAL.14]
|XOR EAX,EAX
|CMP EDX,DWORD PTR SS:[LOCAL.13]
|SETE AL
|MOVZX ECX,AL
|TEST ECX,ECX
|JE SHORT 0042CFF4
|MOV EDX,DWORD PTR SS:[LOCAL.5]
|OR EDX,00000004
|MOV DWORD PTR SS:[LOCAL.5],EDX
\JMP SHORT 0042CF7D
JMP 0042D07D
MOV EAX,DWORD PTR SS:[EBP+8]
MOV ECX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR SS:[EBP+8]
ADD EDX,DWORD PTR DS:[ECX+4]

; /Arg1
; |
; \SystemIn

0042D006 |.
0042D00C |.
0042D011 |.
0042D013 |.
0042D015 |.
0042D01B |.
0042D01E |.
0042D024 |.
0042D02A |.
0042D02D |.
0042D033 |.
0042D039 |.
0042D03D |.
0042D03F |.
0042D045 |.
0042D048 |.
0042D04E |.
0042D050 |>
0042D056 |.
0042D05C |>
0042D05E |.
0042D064 |.
[ARG.EBP-0C4]
0042D065 |.
0042D06B |.
fo.004083E0
0042D070 |>
0042D077 |.
0042D07C \.
0042D07D />
0042D084 |>
0042D087 |.
0042D089 |.
0042D08C |.
0042D08F |.
0042D095 |.
0042D09B |.
0042D09E |.
0042D0A4 |.
0042D0AA |.
0042D0B1 |.
0042D0B4 |.
0042D0B6 |.
0042D0B9 |.
0042D0BC |.
0042D0C2 |.
0042D0C6 |.
0042D0C8 |.
0042D0CE |.
0042D0D1 |.
0042D0D7 |.
0042D0DD |.
0042D0E0 |.
0042D0E6 |.
0042D0EC |.
0042D0F0 |.
0042D0F2 |.
0042D0F8 |.
0042D0FB |.
0042D101 |.

8995 6CFFFFFF
B8 04000000
85C0
74 5B
8B8D 6CFFFFFF
8B51 08
8995 74FFFFFF
8B85 74FFFFFF
83C8 04
8985 70FFFFFF
8B8D 6CFFFFFF
8379 28 00
75 11
8B95 70FFFFFF
83CA 04
8995 3CFFFFFF
EB 0C
8B85 70FFFFFF
8985 3CFFFFFF
6A 01
8B8D 3CFFFFFF
51

MOV DWORD PTR SS:[EBP-94],EDX


MOV EAX,4
TEST EAX,EAX
JE SHORT 0042D070
MOV ECX,DWORD PTR SS:[EBP-94]
MOV EDX,DWORD PTR DS:[ECX+8]
MOV DWORD PTR SS:[EBP-8C],EDX
MOV EAX,DWORD PTR SS:[EBP-8C]
OR EAX,00000004
MOV DWORD PTR SS:[EBP-90],EAX
MOV ECX,DWORD PTR SS:[EBP-94]
CMP DWORD PTR DS:[ECX+28],0
JNE SHORT 0042D050
MOV EDX,DWORD PTR SS:[EBP-90]
OR EDX,00000004
MOV DWORD PTR SS:[EBP-0C4],EDX
JMP SHORT 0042D05C
MOV EAX,DWORD PTR SS:[EBP-90]
MOV DWORD PTR SS:[EBP-0C4],EAX
PUSH 1
MOV ECX,DWORD PTR SS:[EBP-0C4]
PUSH ECX

8B8D 6CFFFFFF MOV ECX,DWORD PTR SS:[EBP-94]


E8 70B3FDFF CALL 004083E0
C745 FC 00000
B8 84D04200
C3
C745 FC 00000
8B55 08
8B02
8B4D 08
0348 04
898D 64FFFFFF
8B95 64FFFFFF
8B42 18
8985 68FFFFFF
8B8D 64FFFFFF
C741 18 00000
8B55 08
8B02
8B4D 08
0348 04
898D 58FFFFFF
837D EC 00
74 5B
8B95 58FFFFFF
8B42 08
8985 60FFFFFF
8B8D 60FFFFFF
0B4D EC
898D 5CFFFFFF
8B95 58FFFFFF
837A 28 00
75 11
8B85 5CFFFFFF
83C8 04
8985 38FFFFFF
EB 0C

MOV DWORD PTR SS:[EBP-4],0


MOV EAX,0042D084
RETN
MOV DWORD PTR SS:[EBP-4],0
MOV EDX,DWORD PTR SS:[EBP+8]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[EBP+8]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[EBP-9C],ECX
MOV EDX,DWORD PTR SS:[EBP-9C]
MOV EAX,DWORD PTR DS:[EDX+18]
MOV DWORD PTR SS:[EBP-98],EAX
MOV ECX,DWORD PTR SS:[EBP-9C]
MOV DWORD PTR DS:[ECX+18],0
MOV EDX,DWORD PTR SS:[EBP+8]
MOV EAX,DWORD PTR DS:[EDX]
MOV ECX,DWORD PTR SS:[EBP+8]
ADD ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[EBP-0A8],ECX
CMP DWORD PTR SS:[EBP-14],0
JE SHORT 0042D123
MOV EDX,DWORD PTR SS:[EBP-0A8]
MOV EAX,DWORD PTR DS:[EDX+8]
MOV DWORD PTR SS:[EBP-0A0],EAX
MOV ECX,DWORD PTR SS:[EBP-0A0]
OR ECX,DWORD PTR SS:[EBP-14]
MOV DWORD PTR SS:[EBP-0A4],ECX
MOV EDX,DWORD PTR SS:[EBP-0A8]
CMP DWORD PTR DS:[EDX+28],0
JNE SHORT 0042D103
MOV EAX,DWORD PTR SS:[EBP-0A4]
OR EAX,00000004
MOV DWORD PTR SS:[EBP-0C8],EAX
JMP SHORT 0042D10F

; /Arg2 = 1
; |
; |Arg1 =>
; |
; \SystemIn

0042D103 |> 8B8D 5CFFFFFF


0042D109 |. 898D 38FFFFFF
0042D10F |> 6A 00
0042D111 |. 8B95 38FFFFFF
0042D117 |. 52
0042D118 |. 8B8D 58FFFFFF
0042D11E |. E8 BDB2FDFF
fo.004083E0
0042D123 |> 8B45 08
0042D126 |. 8945 C4
0042D129 |. C745 FC 03000
0042D130 |. E8 79060000
0042D135 |. 0FB6C8
0042D138 |. 85C9
0042D13A |. 75 08
0042D13C |. 8B4D E4
0042D13F |. E8 3C30FEFF
0042D144 |> C745 FC FFFFF
0042D14B |. 8D4D E4
0042D14E |. E8 1D31FEFF
0042D153 |. 8B45 C4
0042D156 |. 8B4D F4
0042D159 |. 64:890D 00000
0042D160 |. 59
0042D161 |. 5F
0042D162 |. 5E
0042D163 |. 5B
0042D164 |. 8BE5
0042D166 |. 5D
0042D167 \. C3
0042D168
CC
0042D169
CC
0042D16A
CC
0042D16B
CC
0042D16C
CC
0042D16D
CC
0042D16E
CC
0042D16F
CC
0042D170 /$ 55
o.0042D170(guessed Arg1)
0042D171 |. 8BEC
0042D173 |. 6A FF
0042D175 |. 68 E86C4400
0042D17A |. 64:A1 0000000
0042D180 |. 50
0042D181 |. 81EC D0000000
0042D187 |. A1 A0154500
0042D18C |. 33C5
0042D18E |. 50
0042D18F |. 8D45 F4
0042D192 |. 64:A3 0000000
0042D198 |. C785 28FFFFFF
0042D1A2 |. 6A 00
0042D1A4 |. 8D4D E8
0042D1A7 |. E8 61060000
fo.0042D80D
0042D1AC |. C745 FC 00000
0042D1B3 |. A1 902A4500
0042D1B8 |. 8945 E4
0042D1BB |. 833D EC284500

MOV ECX,DWORD
MOV DWORD PTR
PUSH 0
MOV EDX,DWORD
PUSH EDX
MOV ECX,DWORD
CALL 004083E0

PTR SS:[EBP-0A4]
SS:[EBP-0C8],ECX
PTR SS:[EBP-0C8]
PTR SS:[EBP-0A8]

;
;
;
;
;

/Arg2 = 0
|
|Arg1
|
\SystemIn

MOV EAX,DWORD PTR SS:[EBP+8]


MOV DWORD PTR SS:[EBP-3C],EAX
MOV DWORD PTR SS:[EBP-4],3
CALL 0042D7AE
MOVZX ECX,AL
TEST ECX,ECX
JNE SHORT 0042D144
MOV ECX,DWORD PTR SS:[EBP-1C]
CALL 00410180
MOV DWORD PTR SS:[EBP-4],-1
LEA ECX,[EBP-1C]
CALL 00410270
MOV EAX,DWORD PTR SS:[EBP-3C]
MOV ECX,DWORD PTR SS:[EBP-0C]
MOV DWORD PTR FS:[0],ECX
POP ECX
POP EDI
POP ESI
POP EBX
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP

; SystemInf

MOV EBP,ESP
PUSH -1
PUSH 00446CE8
MOV EAX,DWORD PTR FS:[0]
PUSH EAX
SUB ESP,0D0
MOV EAX,DWORD PTR DS:[4515A0]
XOR EAX,EBP
PUSH EAX
LEA EAX,[LOCAL.3]
MOV DWORD PTR FS:[0],EAX
MOV DWORD PTR SS:[LOCAL.54],0
PUSH 0
LEA ECX,[LOCAL.6]
CALL 0042D80D

; /Arg1 = 0
; |
; \SystemIn

MOV
MOV
MOV
CMP

DWORD PTR
EAX,DWORD
DWORD PTR
DWORD PTR

SS:[LOCAL.1],0
PTR DS:[452A90]
SS:[LOCAL.7],EAX
DS:[4528EC],0

0042D1C2 |. 75 36
0042D1C4 |. 6A 00
0042D1C6 |. 8D4D CC
0042D1C9 |. E8 3F060000
fo.0042D80D
0042D1CE |. 833D EC284500
0042D1D5 |. 75 1B
0042D1D7 |. 8B0D 082B4500
0042D1DD |. 83C1 01
0042D1E0 |. 890D 082B4500
0042D1E6 |. 8B15 082B4500
0042D1EC |. 8915 EC284500
0042D1F2 |> 8D4D CC
0042D1F5 |. E8 3B060000
0042D1FA |> A1 EC284500
0042D1FF |. 8945 EC
0042D202 |. 8B4D EC
0042D205 |. 51
[4528EC] = 0
0042D206 |. 8B4D 08
0042D209 |. E8 C2E3FDFF
fo.0040B5D0
0042D20E |. 8945 F0
0042D211 |. 837D F0 00
0042D215 |. 74 02
0042D217 |. EB 69
0042D219 |> 837D E4 00
0042D21D |. 74 08
0042D21F |. 8B55 E4
0042D222 |. 8955 F0
0042D225 |. EB 5B
0042D227 |> 8B45 08
0042D22A |. 50
[ARG.1]
0042D22B |. 8D4D E4
0042D22E |. 51
OFFSET LOCAL.7
0042D22F |. E8 AC020000
fo.0042D4E0
0042D234 |. 83C4 08
0042D237 |. 83F8 FF
0042D23A |. 75 1D
0042D23C |. 68 78884400
SCII "bad cast"
0042D241 |. 8D4D D4
0042D244 |. E8 3D190000
fo.0042EB86
0042D249 |. 68 CCD74400
ystemInfo.44D7CC
0042D24E |. 8D55 D4
0042D251 |. 52
OFFSET LOCAL.11
0042D252 |. E8 CE160000
fo.0042E925
0042D257 |. EB 29
0042D259 |> 8B45 E4
0042D25C |. 8945 F0
0042D25F |. 8B4D E4
0042D262 |. 890D 902A4500
0042D268 |. 8B55 E4

JNE SHORT 0042D1FA


PUSH 0
LEA ECX,[LOCAL.13]
CALL 0042D80D

; /Arg1 = 0
; |
; \SystemIn

CMP DWORD PTR DS:[4528EC],0


JNE SHORT 0042D1F2
MOV ECX,DWORD PTR DS:[452B08]
ADD ECX,1
MOV DWORD PTR DS:[452B08],ECX
MOV EDX,DWORD PTR DS:[452B08]
MOV DWORD PTR DS:[4528EC],EDX
LEA ECX,[LOCAL.13]
CALL 0042D835
MOV EAX,DWORD PTR DS:[4528EC]
MOV DWORD PTR SS:[LOCAL.5],EAX
MOV ECX,DWORD PTR SS:[LOCAL.5]
PUSH ECX

; /Arg1 =>

MOV ECX,DWORD PTR SS:[ARG.1]


CALL 0040B5D0

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.4],EAX


CMP DWORD PTR SS:[LOCAL.4],0
JE SHORT 0042D219
JMP SHORT 0042D282
CMP DWORD PTR SS:[LOCAL.7],0
JE SHORT 0042D227
MOV EDX,DWORD PTR SS:[LOCAL.7]
MOV DWORD PTR SS:[LOCAL.4],EDX
JMP SHORT 0042D282
MOV EAX,DWORD PTR SS:[ARG.1]
PUSH EAX

; /Arg2 =>

LEA ECX,[LOCAL.7]
PUSH ECX

; |
; |Arg1 =>

CALL 0042D4E0

; \SystemIn

ADD ESP,8
CMP EAX,-1
JNE SHORT 0042D259
PUSH OFFSET 00448878

; /Arg1 = A

LEA ECX,[LOCAL.11]
CALL 0042EB86

; |
; \SystemIn

PUSH OFFSET 0044D7CC

; /Arg2 = S

LEA EDX,[LOCAL.11]
PUSH EDX

; |
; |Arg1 =>

CALL 0042E925

; \SystemIn

JMP
MOV
MOV
MOV
MOV
MOV

SHORT 0042D282
EAX,DWORD PTR SS:[LOCAL.7]
DWORD PTR SS:[LOCAL.4],EAX
ECX,DWORD PTR SS:[LOCAL.7]
DWORD PTR DS:[452A90],ECX
EDX,DWORD PTR SS:[LOCAL.7]

0042D26B |. 8955 E0
0042D26E |. 8B4D E0
0042D271 |. E8 0ABCFDFF
0042D276 |. 8B45 E0
0042D279 |. 50
0042D27A |. E8 3A070000
0042D27F |. 83C4 04
0042D282 |> 8B4D F0
0042D285 |. 894D D0
0042D288 |. C745 FC FFFFF
0042D28F |. 8D4D E8
0042D292 |. E8 9E050000
0042D297 |. 8B45 D0
0042D29A |. 8B4D F4
0042D29D |. 64:890D 00000
0042D2A4 |. 59
0042D2A5 |. 8BE5
0042D2A7 |. 5D
0042D2A8 \. C3
0042D2A9
CC
0042D2AA
CC
0042D2AB
CC
0042D2AC
CC
0042D2AD
CC
0042D2AE
CC
0042D2AF
CC
0042D2B0 /$ 55
0042D2B1 |. 8BEC
0042D2B3 |. 83EC 10
0042D2B6 |. 837D 08 00
0042D2BA |. 77 09
0042D2BC |. C745 08 00000
0042D2C3 |. EB 35
0042D2C5 |> 83C8 FF
0042D2C8 |. 33D2
0042D2CA |. F775 08
0042D2CD |. 83F8 2C
0042D2D0 |. 73 28
0042D2D2 |. C745 F0 00000
0042D2D9 |. 8D45 F0
0042D2DC |. 50
OFFSET LOCAL.4
0042D2DD |. 8D4D F4
0042D2E0 |. E8 B1170000
fo.0042EA96
0042D2E5 |. C745 F4 88884
0042D2EC |. 68 30D84400
ystemInfo.44D830
0042D2F1 |. 8D4D F4
0042D2F4 |. 51
OFFSET LOCAL.3
0042D2F5 |. E8 2B160000
fo.0042E925
0042D2FA |> 8B55 08
0042D2FD |. 6BD2 2C
0042D300 |. 52
0042D301 |. E8 6A220000
fo.0042F570
0042D306 |. 83C4 04
0042D309 |. 8BE5

MOV DWORD PTR SS:[LOCAL.8],EDX


MOV ECX,DWORD PTR SS:[LOCAL.8]
CALL 00408E80
MOV EAX,DWORD PTR SS:[LOCAL.8]
PUSH EAX
CALL 0042D9B9
ADD ESP,4
MOV ECX,DWORD PTR SS:[LOCAL.4]
MOV DWORD PTR SS:[LOCAL.12],ECX
MOV DWORD PTR SS:[LOCAL.1],-1
LEA ECX,[LOCAL.6]
CALL 0042D835
MOV EAX,DWORD PTR SS:[LOCAL.12]
MOV ECX,DWORD PTR SS:[LOCAL.3]
MOV DWORD PTR FS:[0],ECX
POP ECX
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
SUB ESP,10
CMP DWORD PTR SS:[ARG.1],0
JA SHORT 0042D2C5
MOV DWORD PTR SS:[ARG.1],0
JMP SHORT 0042D2FA
OR EAX,FFFFFFFF
XOR EDX,EDX
DIV DWORD PTR SS:[ARG.1]
CMP EAX,2C
JNB SHORT 0042D2FA
MOV DWORD PTR SS:[LOCAL.4],0
LEA EAX,[LOCAL.4]
PUSH EAX

; /Arg1 =>

LEA ECX,[LOCAL.3]
CALL 0042EA96

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.3],OFFSET 004488


PUSH OFFSET 0044D830
; /Arg2 = S
LEA ECX,[LOCAL.3]
PUSH ECX

; |
; |Arg1 =>

CALL 0042E925

; \SystemIn

MOV EDX,DWORD PTR SS:[ARG.1]


IMUL EDX,EDX,2C
PUSH EDX
CALL 0042F570

; /Arg1
; \SystemIn

ADD ESP,4
MOV ESP,EBP

0042D30B |. 5D
0042D30C \. C3
0042D30D
CC
0042D30E
CC
0042D30F
CC
0042D310 /$ 55
0042D311 |. 8BEC
0042D313 |. 83EC 10
0042D316 |. 837D 08 00
0042D31A |. 77 09
0042D31C |. C745 08 00000
0042D323 |. EB 37
0042D325 |> 83C8 FF
0042D328 |. 33D2
0042D32A |. F775 08
0042D32D |. 3D D8000000
0042D332 |. 73 28
0042D334 |. C745 F0 00000
0042D33B |. 8D45 F0
0042D33E |. 50
OFFSET LOCAL.4
0042D33F |. 8D4D F4
0042D342 |. E8 4F170000
fo.0042EA96
0042D347 |. C745 F4 88884
0042D34E |. 68 30D84400
ystemInfo.44D830
0042D353 |. 8D4D F4
0042D356 |. 51
OFFSET LOCAL.3
0042D357 |. E8 C9150000
fo.0042E925
0042D35C |> 8B55 08
0042D35F |. 69D2 D8000000
0042D365 |. 52
0042D366 |. E8 05220000
fo.0042F570
0042D36B |. 83C4 04
0042D36E |. 8BE5
0042D370 |. 5D
0042D371 \. C3
0042D372
CC
0042D373
CC
0042D374
CC
0042D375
CC
0042D376
CC
0042D377
CC
0042D378
CC
0042D379
CC
0042D37A
CC
0042D37B
CC
0042D37C
CC
0042D37D
CC
0042D37E
CC
0042D37F
CC
0042D380 /$ 55
0042D381 |. 8BEC
0042D383 |. 83EC 10
0042D386 |. 837D 08 00
0042D38A |. 77 09

POP EBP
RETN
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
SUB ESP,10
CMP DWORD PTR SS:[ARG.1],0
JA SHORT 0042D325
MOV DWORD PTR SS:[ARG.1],0
JMP SHORT 0042D35C
OR EAX,FFFFFFFF
XOR EDX,EDX
DIV DWORD PTR SS:[ARG.1]
CMP EAX,0D8
JNB SHORT 0042D35C
MOV DWORD PTR SS:[LOCAL.4],0
LEA EAX,[LOCAL.4]
PUSH EAX

; /Arg1 =>

LEA ECX,[LOCAL.3]
CALL 0042EA96

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.3],OFFSET 004488


PUSH OFFSET 0044D830
; /Arg2 = S
LEA ECX,[LOCAL.3]
PUSH ECX

; |
; |Arg1 =>

CALL 0042E925

; \SystemIn

MOV EDX,DWORD PTR SS:[ARG.1]


IMUL EDX,EDX,0D8
PUSH EDX
CALL 0042F570

; /Arg1
; \SystemIn

ADD ESP,4
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
SUB ESP,10
CMP DWORD PTR SS:[ARG.1],0
JA SHORT 0042D395

0042D38C |. C745 08 00000


0042D393 |. EB 35
0042D395 |> 83C8 FF
0042D398 |. 33D2
0042D39A |. F775 08
0042D39D |. 83F8 40
0042D3A0 |. 73 28
0042D3A2 |. C745 F0 00000
0042D3A9 |. 8D45 F0
0042D3AC |. 50
OFFSET LOCAL.4
0042D3AD |. 8D4D F4
0042D3B0 |. E8 E1160000
fo.0042EA96
0042D3B5 |. C745 F4 88884
0042D3BC |. 68 30D84400
ystemInfo.44D830
0042D3C1 |. 8D4D F4
0042D3C4 |. 51
OFFSET LOCAL.3
0042D3C5 |. E8 5B150000
fo.0042E925
0042D3CA |> 8B55 08
0042D3CD |. C1E2 06
0042D3D0 |. 52
0042D3D1 |. E8 9A210000
fo.0042F570
0042D3D6 |. 83C4 04
0042D3D9 |. 8BE5
0042D3DB |. 5D
0042D3DC \. C3
0042D3DD
CC
0042D3DE
CC
0042D3DF
CC
0042D3E0 /$ 55
o.0042D3E0(guessed Arg1)
0042D3E1 |. 8BEC
0042D3E3 |. 6A FF
0042D3E5 |. 68 08564400
0042D3EA |. 64:A1 0000000
0042D3F0 |. 50
0042D3F1 |. 83EC 24
0042D3F4 |. A1 A0154500
0042D3F9 |. 33C5
0042D3FB |. 50
0042D3FC |. 8D45 F4
0042D3FF |. 64:A3 0000000
0042D405 |. 8B45 08
0042D408 |. 83C0 0C
0042D40B |. 8945 D0
0042D40E |. C745 FC 00000
0042D415 |. 8B4D D0
0042D418 |. E8 6313FEFF
fo.0040E780
0042D41D |. C745 FC FFFFF
0042D424 |. 6A 00
0042D426 |. 6A 01
0042D428 |. 8B4D D0
0042D42B |. E8 3027FEFF
fo.0040FB60

MOV DWORD PTR SS:[ARG.1],0


JMP SHORT 0042D3CA
OR EAX,FFFFFFFF
XOR EDX,EDX
DIV DWORD PTR SS:[ARG.1]
CMP EAX,40
JNB SHORT 0042D3CA
MOV DWORD PTR SS:[LOCAL.4],0
LEA EAX,[LOCAL.4]
PUSH EAX

; /Arg1 =>

LEA ECX,[LOCAL.3]
CALL 0042EA96

; |
; \SystemIn

MOV DWORD PTR SS:[LOCAL.3],OFFSET 004488


PUSH OFFSET 0044D830
; /Arg2 = S
LEA ECX,[LOCAL.3]
PUSH ECX

; |
; |Arg1 =>

CALL 0042E925

; \SystemIn

MOV EDX,DWORD PTR SS:[ARG.1]


SHL EDX,6
PUSH EDX
CALL 0042F570

; /Arg1
; \SystemIn

ADD ESP,4
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
PUSH EBP

; SystemInf

MOV EBP,ESP
PUSH -1
PUSH 00445608
MOV EAX,DWORD PTR FS:[0]
PUSH EAX
SUB ESP,24
MOV EAX,DWORD PTR DS:[4515A0]
XOR EAX,EBP
PUSH EAX
LEA EAX,[LOCAL.3]
MOV DWORD PTR FS:[0],EAX
MOV EAX,DWORD PTR SS:[ARG.1]
ADD EAX,0C
MOV DWORD PTR SS:[LOCAL.12],EAX
MOV DWORD PTR SS:[LOCAL.1],0
MOV ECX,DWORD PTR SS:[LOCAL.12]
CALL 0040E780

; [SystemIn

MOV DWORD PTR SS:[LOCAL.1],-1


PUSH 0
PUSH 1
MOV ECX,DWORD PTR SS:[LOCAL.12]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

0042D430 |. 33C9
0042D432 |. 83E1 01
0042D435 |. 74 0C
0042D437 |. 8B55 08
0042D43A |. 52
0042D43B |. E8 DA140000
0042D440 |. 83C4 04
0042D443 |> 8B4D F4
0042D446 |. 64:890D 00000
0042D44D |. 59
0042D44E |. 8BE5
0042D450 |. 5D
0042D451 \. C3
0042D452
CC
0042D453
CC
0042D454
CC
0042D455
CC
0042D456
CC
0042D457
CC
0042D458
CC
0042D459
CC
0042D45A
CC
0042D45B
CC
0042D45C
CC
0042D45D
CC
0042D45E
CC
0042D45F
CC
0042D460 /$ 55
o.0042D460(guessed void)
0042D461 |. 8BEC
0042D463 |. 6A FF
0042D465 |. 68 206D4400
0042D46A |. 64:A1 0000000
0042D470 |. 50
0042D471 |. 83EC 6C
0042D474 |. A1 A0154500
0042D479 |. 33C5
0042D47B |. 50
0042D47C |. 8D45 F4
0042D47F |. 64:A3 0000000
0042D485 |. 894D 88
0042D488 |. 8B45 88
0042D48B |. 83C0 0C
0042D48E |. 8945 8C
0042D491 |. C745 FC 00000
0042D498 |. 8B4D 8C
0042D49B |. 83C1 28
0042D49E |. E8 3D85FDFF
fo.004059E0
0042D4A3 |. C745 FC 01000
0042D4AA |. 8B4D 8C
0042D4AD |. E8 CE12FEFF
fo.0040E780
0042D4B2 |. C745 FC FFFFF
0042D4B9 |. 6A 00
0042D4BB |. 6A 01
0042D4BD |. 8B4D 8C
0042D4C0 |. E8 9B26FEFF
fo.0040FB60
0042D4C5 |. 8B4D F4

XOR ECX,ECX
AND ECX,00000001
JE SHORT 0042D443
MOV EDX,DWORD PTR SS:[ARG.1]
PUSH EDX
CALL 0042E91A
ADD ESP,4
MOV ECX,DWORD PTR SS:[LOCAL.3]
MOV DWORD PTR FS:[0],ECX
POP ECX
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP

; SystemInf

MOV EBP,ESP
PUSH -1
PUSH 00446D20
MOV EAX,DWORD PTR FS:[0]
PUSH EAX
SUB ESP,6C
MOV EAX,DWORD PTR DS:[4515A0]
XOR EAX,EBP
PUSH EAX
LEA EAX,[LOCAL.3]
MOV DWORD PTR FS:[0],EAX
MOV DWORD PTR SS:[LOCAL.30],ECX
MOV EAX,DWORD PTR SS:[LOCAL.30]
ADD EAX,0C
MOV DWORD PTR SS:[LOCAL.29],EAX
MOV DWORD PTR SS:[LOCAL.1],0
MOV ECX,DWORD PTR SS:[LOCAL.29]
ADD ECX,28
CALL 004059E0

; [SystemIn

MOV DWORD PTR SS:[LOCAL.1],1


MOV ECX,DWORD PTR SS:[LOCAL.29]
CALL 0040E780

; [SystemIn

MOV DWORD PTR SS:[LOCAL.1],-1


PUSH 0
PUSH 1
MOV ECX,DWORD PTR SS:[LOCAL.29]
CALL 0040FB60

;
;
;
;

MOV ECX,DWORD PTR SS:[LOCAL.3]

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

0042D4C8 |. 64:890D 00000 MOV DWORD PTR FS:[0],ECX


0042D4CF |. 59
POP ECX
0042D4D0 |. 8BE5
MOV ESP,EBP
0042D4D2 |. 5D
POP EBP
0042D4D3 \. C3
RETN
0042D4D4
CC
INT3
0042D4D5
CC
INT3
0042D4D6
CC
INT3
0042D4D7
CC
INT3
0042D4D8
CC
INT3
0042D4D9
CC
INT3
0042D4DA
CC
INT3
0042D4DB
CC
INT3
0042D4DC
CC
INT3
0042D4DD
CC
INT3
0042D4DE
CC
INT3
0042D4DF
CC
INT3
0042D4E0 /$ 55
PUSH EBP
o.0042D4E0(guessed Arg1,Arg2)
0042D4E1 |. 8BEC
MOV EBP,ESP
0042D4E3 |. 6A FF
PUSH -1
0042D4E5 |. 68 6D6D4400 PUSH 00446D6D
0042D4EA |. 64:A1 0000000 MOV EAX,DWORD PTR FS:[0]
0042D4F0 |. 50
PUSH EAX
0042D4F1 |. 81EC 18010000 SUB ESP,118
0042D4F7 |. A1 A0154500 MOV EAX,DWORD PTR DS:[4515A0]
0042D4FC |. 33C5
XOR EAX,EBP
0042D4FE |. 50
PUSH EAX
0042D4FF |. 8D45 F4
LEA EAX,[LOCAL.3]
0042D502 |. 64:A3 0000000 MOV DWORD PTR FS:[0],EAX
0042D508 |. C785 58FFFFFF MOV DWORD PTR SS:[LOCAL.42],0
0042D512 |. 837D 08 00
CMP DWORD PTR SS:[ARG.1],0
0042D516 |. 0F84 1C010000 JE 0042D638
0042D51C |. 8B45 08
MOV EAX,DWORD PTR SS:[ARG.1]
0042D51F |. 8338 00
CMP DWORD PTR DS:[EAX],0
0042D522 |. 0F85 10010000 JNE 0042D638
0042D528 |. 6A 08
PUSH 8
0042D52A |. E8 41200000 CALL 0042F570
fo.0042F570
0042D52F |. 83C4 04
ADD ESP,4
0042D532 |. 8945 EC
MOV DWORD PTR SS:[LOCAL.5],EAX
0042D535 |. C745 FC 00000 MOV DWORD PTR SS:[LOCAL.1],0
0042D53C |. 837D EC 00
CMP DWORD PTR SS:[LOCAL.5],0
0042D540 |. 0F84 8B000000 JE 0042D5D1
0042D546 |. 8D8D 5CFFFFFF LEA ECX,[LOCAL.41]
0042D54C |. 51
PUSH ECX
OFFSET LOCAL.41
0042D54D |. 8B4D 0C
MOV ECX,DWORD PTR SS:[ARG.2]
0042D550 |. E8 3BE6FDFF CALL 0040BB90
fo.0040BB90
0042D555 |. 8985 E8FEFFFF MOV DWORD PTR SS:[LOCAL.70],EAX
0042D55B |. 8B95 E8FEFFFF MOV EDX,DWORD PTR SS:[LOCAL.70]
0042D561 |. 8995 E4FEFFFF MOV DWORD PTR SS:[LOCAL.71],EDX
0042D567 |. C645 FC 01
MOV BYTE PTR SS:[LOCAL.1],1
0042D56B |. 8B85 58FFFFFF MOV EAX,DWORD PTR SS:[LOCAL.42]
0042D571 |. 83C8 01
OR EAX,00000001
0042D574 |. 8985 58FFFFFF MOV DWORD PTR SS:[LOCAL.42],EAX
0042D57A |. 8B8D E4FEFFFF MOV ECX,DWORD PTR SS:[LOCAL.71]
0042D580 |. 51
PUSH ECX
[LOCAL.70]

; SystemInf

; /Arg1 = 8
; \SystemIn

; /Arg1 =>
; |
; \SystemIn

; /Arg1 =>

0042D581 |.
0042D587 |.
fo.0040B9D0
0042D58C |.
0042D592 |.
0042D598 |.
0042D59B |.
0042D5A1 |.
0042D5A4 |.
0042D5AA |.
0042D5AD |.
0042D5B4 |.
0042D5B7 |.
0042D5BD |.
0042D5C0 |.
0042D5C6 |.
0042D5C9 |.
0042D5CF |.
0042D5D1 |>
0042D5DB |>
0042D5E1 |.
0042D5E4 |.
0042D5EB |.
0042D5EE |.
0042D5F1 |.
0042D5F3 |.
0042D5F9 |.
0042D5FC |.
0042D5FE |.
0042D605 |.
0042D60B |.
0042D610 |>
0042D617 |.
0042D61D |.
0042D620 |.
0042D622 |.
0042D629 |.
0042D62B |.
0042D62D |.
0042D633 |.
fo.0040FB60
0042D638 |>
0042D63D |.
0042D640 |.
0042D647 |.
0042D648 |.
0042D64A |.
0042D64B \.
0042D64C
0042D64D
0042D64E
0042D64F
0042D650 /.
0042D651 |.
0042D653 |.
0042D654 |.
0042D657 |.
0042D659 |.
0042D65B |.
0042D65C \.

8D8D 78FFFFFF LEA ECX,[LOCAL.34]


E8 44E4FDFF CALL 0040B9D0

; |
; \SystemIn

8985 E0FEFFFF
8B95 58FFFFFF
83CA 02
8995 58FFFFFF
8B45 EC
C700 BC884400
8B4D EC
C741 04 00000
8B55 EC
C702 B09C4400
8B45 EC
C700 8C9C4400
8B4D EC
898D DCFEFFFF
EB 0A
C785 DCFEFFFF
8B95 DCFEFFFF
8955 F0
C745 FC 02000
8B45 08
8B4D F0
8908
8B95 58FFFFFF
83E2 02
74 12
83A5 58FFFFFF
8D8D 78FFFFFF
E8 D0E4FDFF
C745 FC FFFFF
8B85 58FFFFFF
83E0 01
74 16
83A5 58FFFFFF
6A 00
6A 01
8D8D 5CFFFFFF
E8 2825FEFF

MOV DWORD PTR SS:[LOCAL.72],EAX


MOV EDX,DWORD PTR SS:[LOCAL.42]
OR EDX,00000002
MOV DWORD PTR SS:[LOCAL.42],EDX
MOV EAX,DWORD PTR SS:[LOCAL.5]
MOV DWORD PTR DS:[EAX],OFFSET 004488BC
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV DWORD PTR DS:[ECX+4],0
MOV EDX,DWORD PTR SS:[LOCAL.5]
MOV DWORD PTR DS:[EDX],OFFSET 00449CB0
MOV EAX,DWORD PTR SS:[LOCAL.5]
MOV DWORD PTR DS:[EAX],OFFSET 00449C8C
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV DWORD PTR SS:[LOCAL.73],ECX
JMP SHORT 0042D5DB
MOV DWORD PTR SS:[LOCAL.73],0
MOV EDX,DWORD PTR SS:[LOCAL.73]
MOV DWORD PTR SS:[LOCAL.4],EDX
MOV DWORD PTR SS:[LOCAL.1],2
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ECX,DWORD PTR SS:[LOCAL.4]
MOV DWORD PTR DS:[EAX],ECX
MOV EDX,DWORD PTR SS:[LOCAL.42]
AND EDX,00000002
JE SHORT 0042D610
AND DWORD PTR SS:[LOCAL.42],FFFFFFFD
LEA ECX,[LOCAL.34]
CALL 0040BAE0
MOV DWORD PTR SS:[LOCAL.1],-1
MOV EAX,DWORD PTR SS:[LOCAL.42]
AND EAX,00000001
JE SHORT 0042D638
AND DWORD PTR SS:[LOCAL.42],FFFFFFFE
PUSH 0
PUSH 1
LEA ECX,[LOCAL.41]
CALL 0040FB60

;
;
;
;

B8 02000000
8B4D F4
64:890D 00000
59
8BE5
5D
C3
CC
CC
CC
CC
55
8BEC
51
894D FC
B0 01
8BE5
5D
C3

MOV EAX,2
MOV ECX,DWORD PTR SS:[LOCAL.3]
MOV DWORD PTR FS:[0],ECX
POP ECX
MOV ESP,EBP
POP EBP
RETN
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
PUSH ECX
MOV DWORD PTR SS:[LOCAL.1],ECX
MOV AL,1
MOV ESP,EBP
POP EBP
RETN

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

0042D65D
0042D65E
0042D65F
0042D660
0042D661
0042D663
0042D664
0042D667
0042D66C
0042D66E
0042D66F
0042D670
0042D671
0042D673
0042D674
0042D677
0042D67A
0042D680
0042D683
0042D689
0042D68C
0042D68F
0042D691
0042D694
0042D695
0042D69A
0042D69D
0042D6A0
0042D6A2
0042D6A3
0042D6A6
0042D6A7
0042D6A8
0042D6A9
0042D6AA
0042D6AB
0042D6AC
0042D6AD
0042D6AE
0042D6AF
0042D6B0
0042D6B1
0042D6B3
0042D6B4
0042D6B7
0042D6BA
0042D6BD
0042D6BF
0042D6C2
0042D6C5
0042D6C7
0042D6CC
0042D6CE
0042D6CF
0042D6D2
0042D6D3
0042D6D4
0042D6D5
0042D6D6
0042D6D7

/.
|.
|.
|.
|.
|.
|.
\.
/.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
\.

/.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
\.

CC
CC
CC
55
8BEC
51
894D FC
B8 01000000
8BE5
5D
C3
55
8BEC
51
894D FC
8B45 FC
C700 B09C4400
8B4D FC
C701 BC884400
8B55 08
83E2 01
74 0C
8B45 FC
50
E8 80120000
83C4 04
8B45 FC
8BE5
5D
C2 0400
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
55
8BEC
51
894D FC
8B45 14
8B4D 0C
8908
8B55 20
8B45 18
8902
B8 03000000
8BE5
5D
C2 1C00
CC
CC
CC
CC
CC
CC

INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
PUSH ECX
MOV DWORD PTR SS:[LOCAL.1],ECX
MOV EAX,1
MOV ESP,EBP
POP EBP
RETN
PUSH EBP
MOV EBP,ESP
PUSH ECX
MOV DWORD PTR SS:[LOCAL.1],ECX
MOV EAX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR DS:[EAX],OFFSET 00449CB0
MOV ECX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR DS:[ECX],OFFSET 004488BC
MOV EDX,DWORD PTR SS:[ARG.1]
AND EDX,00000001
JE SHORT 0042D69D
MOV EAX,DWORD PTR SS:[LOCAL.1]
PUSH EAX
CALL 0042E91A
ADD ESP,4
MOV EAX,DWORD PTR SS:[LOCAL.1]
MOV ESP,EBP
POP EBP
RETN 4
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
PUSH ECX
MOV DWORD PTR SS:[LOCAL.1],ECX
MOV EAX,DWORD PTR SS:[ARG.4]
MOV ECX,DWORD PTR SS:[ARG.2]
MOV DWORD PTR DS:[EAX],ECX
MOV EDX,DWORD PTR SS:[ARG.7]
MOV EAX,DWORD PTR SS:[ARG.5]
MOV DWORD PTR DS:[EDX],EAX
MOV EAX,3
MOV ESP,EBP
POP EBP
RETN 1C
INT3
INT3
INT3
INT3
INT3
INT3

0042D6D8
0042D6D9
0042D6DA
0042D6DB
0042D6DC
0042D6DD
0042D6DE
0042D6DF
0042D6E0
0042D6E1
0042D6E3
0042D6E4
0042D6E7
0042D6EA
0042D6ED
0042D6EF
0042D6F4
0042D6F6
0042D6F7
0042D6FA
0042D6FB
0042D6FC
0042D6FD
0042D6FE
0042D6FF
0042D700
0042D701
0042D703
0042D706
0042D709
0042D70C
0042D70F
0042D712
0042D714
0042D717
0042D71A
0042D71C
0042D71F
0042D722
0042D725
0042D728
0042D72A
0042D72B
0042D72E
0042D72F
0042D730
0042D731
0042D733
0042D734
0042D737
0042D73A
0042D740
0042D743
0042D749
0042D74C
0042D752
0042D755
0042D758
0042D75A
0042D75D

/.
|.
|.
|.
|.
|.
|.
|.
|.
|.
\.

/.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|>
|.
|.
\.
/.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.

CC
CC
CC
CC
CC
CC
CC
CC
55
8BEC
51
894D FC
8B45 14
8B4D 0C
8908
B8 03000000
8BE5
5D
C2 1000
CC
CC
CC
CC
CC
CC
55
8BEC
83EC 08
894D FC
8B45 10
2B45 0C
3945 14
73 08
8B4D 14
894D F8
EB 09
8B55 10
2B55 0C
8955 F8
8B45 F8
8BE5
5D
C2 1000
CC
CC
55
8BEC
51
894D FC
8B45 FC
C700 8C9C4400
8B4D FC
C701 B09C4400
8B55 FC
C702 BC884400
8B45 08
83E0 01
74 0C
8B4D FC
51

INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
PUSH ECX
MOV DWORD PTR SS:[LOCAL.1],ECX
MOV EAX,DWORD PTR SS:[ARG.4]
MOV ECX,DWORD PTR SS:[ARG.2]
MOV DWORD PTR DS:[EAX],ECX
MOV EAX,3
MOV ESP,EBP
POP EBP
RETN 10
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
SUB ESP,8
MOV DWORD PTR SS:[LOCAL.1],ECX
MOV EAX,DWORD PTR SS:[ARG.3]
SUB EAX,DWORD PTR SS:[ARG.2]
CMP DWORD PTR SS:[ARG.4],EAX
JNB SHORT 0042D71C
MOV ECX,DWORD PTR SS:[ARG.4]
MOV DWORD PTR SS:[LOCAL.2],ECX
JMP SHORT 0042D725
MOV EDX,DWORD PTR SS:[ARG.3]
SUB EDX,DWORD PTR SS:[ARG.2]
MOV DWORD PTR SS:[LOCAL.2],EDX
MOV EAX,DWORD PTR SS:[LOCAL.2]
MOV ESP,EBP
POP EBP
RETN 10
INT3
INT3
PUSH EBP
MOV EBP,ESP
PUSH ECX
MOV DWORD PTR SS:[LOCAL.1],ECX
MOV EAX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR DS:[EAX],OFFSET 00449C8C
MOV ECX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR DS:[ECX],OFFSET 00449CB0
MOV EDX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR DS:[EDX],OFFSET 004488BC
MOV EAX,DWORD PTR SS:[ARG.1]
AND EAX,00000001
JE SHORT 0042D766
MOV ECX,DWORD PTR SS:[LOCAL.1]
PUSH ECX

0042D75E |. E8 B7110000 CALL 0042E91A


0042D763 |. 83C4 04
ADD ESP,4
0042D766 |> 8B45 FC
MOV EAX,DWORD PTR SS:[LOCAL.1]
0042D769 |. 8BE5
MOV ESP,EBP
0042D76B |. 5D
POP EBP
0042D76C \. C2 0400
RETN 4
0042D76F
CC
INT3
0042D770 $- FF25 1C824400 JMP DWORD PTR DS:[<&VERSION.VerQueryValu
0042D776 $- FF25 14824400 JMP DWORD PTR DS:[<&VERSION.GetFileVersi
0042D77C $- FF25 18824400 JMP DWORD PTR DS:[<&VERSION.GetFileVersi
0042D782 $- FF25 30824400 JMP DWORD PTR DS:[<&WINSPOOL_DRV.EnumPri
0042D788
8BFF
MOV EDI,EDI
0042D78A /. 55
PUSH EBP
0042D78B |. 8BEC
MOV EBP,ESP
0042D78D |. 8B45 0C
MOV EAX,DWORD PTR SS:[ARG.2]
0042D790 |. 8B4D 08
MOV ECX,DWORD PTR SS:[ARG.1]
0042D793 |. 8941 18
MOV DWORD PTR DS:[ECX+18],EAX
0042D796 |. 5D
POP EBP
0042D797 \. C3
RETN
0042D798 /$ 8BFF
MOV EDI,EDI
o.0042D798(guessed Arg1,Arg2)
0042D79A |. 55
PUSH EBP
0042D79B |. 8BEC
MOV EBP,ESP
0042D79D |. 8B45 08
MOV EAX,DWORD PTR SS:[ARG.1]
0042D7A0 |. 8B4D 0C
MOV ECX,DWORD PTR SS:[ARG.2]
0042D7A3 |. C700 88D74200 MOV DWORD PTR DS:[EAX],0042D788
0042D7A9 |. 8948 04
MOV DWORD PTR DS:[EAX+4],ECX
0042D7AC |. 5D
POP EBP
0042D7AD \. C3
RETN
0042D7AE $ E9 44600000 JMP 004337F7
0042D7B3 /$ 8BFF
MOV EDI,EDI
0042D7B5 |. 57
PUSH EDI
0042D7B6 |. 68 B4144500 PUSH OFFSET 004514B4
= SystemInfo.4514B4 -> -1
0042D7BB |. 8BF9
MOV EDI,ECX
0042D7BD |. FF15 30814400 CALL DWORD PTR DS:[<&KERNEL32.Interlocke
.InterlockedIncrement
0042D7C3 |. 85C0
TEST EAX,EAX
0042D7C5 |. 75 19
JNE SHORT 0042D7E0
0042D7C7 |. 56
PUSH ESI
0042D7C8 |. BE 982A4500 MOV ESI,OFFSET 00452A98
0042D7CD |> 56
/PUSH ESI
0042D7CE |. E8 C2090000 |CALL 0042E195
fo.0042E195
0042D7D3 |. 83C6 18
|ADD ESI,18
0042D7D6 |. 81FE F82A4500 |CMP ESI,OFFSET 00452AF8
0042D7DC |. 59
|POP ECX
0042D7DD |.^ 7C EE
\JL SHORT 0042D7CD
0042D7DF |. 5E
POP ESI
0042D7E0 |> 8BC7
MOV EAX,EDI
0042D7E2 |. 5F
POP EDI
0042D7E3 \. C3
RETN
0042D7E4 /> 68 B4144500 PUSH OFFSET 004514B4
= SystemInfo.4514B4 -> -1
0042D7E9 |. FF15 34814400 CALL DWORD PTR DS:[<&KERNEL32.Interlocke
.InterlockedDecrement
0042D7EF |. 85C0
TEST EAX,EAX
0042D7F1 |. 7D 19
JGE SHORT 0042D80C
0042D7F3 |. 56
PUSH ESI
0042D7F4 |. BE 982A4500 MOV ESI,OFFSET 00452A98

; SystemInf

; /pTarget
; |
; \KERNEL32

; /Arg1
; \SystemIn

; /pTarget
; \KERNEL32

0042D7F9 |> 56
0042D7FA |. E8 A6090000
fo.0042E1A5
0042D7FF |. 83C6 18
0042D802 |. 81FE F82A4500
0042D808 |. 59
0042D809 |.^ 7C EE
0042D80B |. 5E
0042D80C \> C3
0042D80D /$ 8BFF
o.0042D80D(guessed Arg1)
0042D80F |. 55
0042D810 |. 8BEC
0042D812 |. 8B45 08
0042D815 |. 83F8 04
0042D818 |. 56
0042D819 |. 8BF1
0042D81B |. 8906
0042D81D |. 7D 0F
0042D81F |. 6BC0 18
0042D822 |. 05 982A4500
0042D827 |. 50
0042D828 |. E8 88090000
0042D82D |. 59
0042D82E |> 8BC6
0042D830 |. 5E
0042D831 |. 5D
0042D832 \. C2 0400
0042D835 /$ 8B01
0042D837 |. 83F8 04
0042D83A |. 7D 0F
0042D83C |. 6BC0 18
0042D83F |. 05 982A4500
0042D844 |. 50
0042D845 |. E8 7B090000
0042D84A |. 59
0042D84B \> C3
0042D84C /$ 8BFF
o.0042D84C(guessed Arg1)
0042D84E |. 55
0042D84F |. 8BEC
0042D851 |. 5D
0042D852 \. E9 191D0000
0042D857 /$ 8BFF
0042D859 |. 55
0042D85A |. 8BEC
0042D85C |. FF75 08
[ARG.1]
0042D85F |. E8 2F5B0000
fo.00433393
0042D864 |. 59
0042D865 |. 85C0
0042D867 |. 74 06
0042D869 |. 5D
0042D86A |. E9 B8690000
0042D86F |> 5D
0042D870 \. C3
0042D871 /$ 8B49 04
0042D874 |. E8 B78EFDFF
0042D879 |. 85C0

/PUSH ESI
|CALL 0042E1A5

; /Arg1
; \SystemIn

|ADD ESI,18
|CMP ESI,OFFSET 00452AF8
|POP ECX
\JL SHORT 0042D7F9
POP ESI
RETN
MOV EDI,EDI

; SystemInf

PUSH EBP
MOV EBP,ESP
MOV EAX,DWORD PTR SS:[ARG.1]
CMP EAX,4
PUSH ESI
MOV ESI,ECX
MOV DWORD PTR DS:[ESI],EAX
JGE SHORT 0042D82E
IMUL EAX,EAX,18
ADD EAX,OFFSET 00452A98
PUSH EAX
CALL 0042E1B5
POP ECX
MOV EAX,ESI
POP ESI
POP EBP
RETN 4
MOV EAX,DWORD PTR DS:[ECX]
CMP EAX,4
JGE SHORT 0042D84B
IMUL EAX,EAX,18
ADD EAX,OFFSET 00452A98
PUSH EAX
CALL 0042E1C5
POP ECX
RETN
MOV EDI,EDI

; SystemInf

PUSH EBP
MOV EBP,ESP
POP EBP
JMP 0042F570
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
PUSH DWORD PTR SS:[ARG.1]

; /Arg1 =>

CALL 00433393

; \SystemIn

POP ECX
TEST EAX,EAX
JE SHORT 0042D86F
POP EBP
JMP 00434227
POP EBP
RETN
MOV ECX,DWORD PTR DS:[ECX+4]
CALL 00406730
TEST EAX,EAX

0042D87B |. 74 08
0042D87D |. 8B10
0042D87F |. 6A 01
0042D881 |. 8BC8
0042D883 |. FF12
0042D885 \> C3
0042D886 /$ 8BFF
o.0042D886(guessed Arg1)
0042D888 |. 55
0042D889 |. 8BEC
0042D88B |. 56
0042D88C |. 8BF1
0042D88E |. E8 DEFFFFFF
0042D893 |. F645 08 01
0042D897 |. 74 07
0042D899 |. 56
0042D89A |. E8 7B100000
0042D89F |. 59
0042D8A0 |> 8BC6
0042D8A2 |. 5E
0042D8A3 |. 5D
0042D8A4 \. C2 0400
0042D8A7 /$ 8BFF
o.0042D8A7(guessed Arg1)
0042D8A9 |. 55
0042D8AA |. 8BEC
0042D8AC |. 8B45 08
0042D8AF |. 8B08
0042D8B1 |. 85C9
0042D8B3 |. 74 11
0042D8B5 |. E8 768EFDFF
0042D8BA |. 85C0
0042D8BC |. 74 08
0042D8BE |. 8B10
0042D8C0 |. 6A 01
0042D8C2 |. 8BC8
0042D8C4 |. FF12
0042D8C6 |> 5D
0042D8C7 \. C3
0042D8C8
8BFF
0042D8CA /. 55
0042D8CB |. 8BEC
0042D8CD |. 51
0042D8CE |. 6A 00
0042D8D0 |. 8D4D FC
0042D8D3 |. E8 35FFFFFF
fo.0042D80D
0042D8D8 |. 68 002B4500
ystemInfo.452B00
0042D8DD |. E8 C5FFFFFF
fo.0042D8A7
0042D8E2 |. 8325 002B4500
0042D8E9 |. 59
0042D8EA |. 8D4D FC
0042D8ED |. E8 43FFFFFF
0042D8F2 |. C9
0042D8F3 \. C3
0042D8F4 /$ A1 002B4500
o.0042D8F4(guessed void)
0042D8F9 \. C3

JE SHORT 0042D885
MOV EDX,DWORD PTR DS:[EAX]
PUSH 1
MOV ECX,EAX
CALL DWORD PTR DS:[EDX]
RETN
MOV EDI,EDI

; SystemInf

PUSH EBP
MOV EBP,ESP
PUSH ESI
MOV ESI,ECX
CALL 0042D871
TEST BYTE PTR SS:[ARG.1],01
JE SHORT 0042D8A0
PUSH ESI
CALL 0042E91A
POP ECX
MOV EAX,ESI
POP ESI
POP EBP
RETN 4
MOV EDI,EDI

; SystemInf

PUSH EBP
MOV EBP,ESP
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ECX,DWORD PTR DS:[EAX]
TEST ECX,ECX
JE SHORT 0042D8C6
CALL 00406730
TEST EAX,EAX
JE SHORT 0042D8C6
MOV EDX,DWORD PTR DS:[EAX]
PUSH 1
MOV ECX,EAX
CALL DWORD PTR DS:[EDX]
POP EBP
RETN
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
PUSH ECX
PUSH 0
LEA ECX,[LOCAL.1]
CALL 0042D80D

; /Arg1 = 0
; |
; \SystemIn

PUSH OFFSET 00452B00

; /Arg1 = S

CALL 0042D8A7

; \SystemIn

AND DWORD PTR DS:[452B00],00000000


POP ECX
LEA ECX,[LOCAL.1]
CALL 0042D835
LEAVE
RETN
MOV EAX,DWORD PTR DS:[452B00]

; SystemInf

RETN

0042D8FA /$
0042D8FC |.
0042D8FD |.
0042D8FF |.
0042D906 |.
0042D908 |.
0042D90D |.
0042D914 |.
0042D919 |.
0042D91A |>
0042D91D |.
0042D922 |.
0042D923 \.
0042D924 /$
0042D926 |.
0042D92B |.
0042D930 |.
0042D932 |.
0042D935 |.
fo.0042D80D
0042D93A |.
0042D93D |.
0042D941 |.
0042D944 |.
0042D946 |>
0042D949 |.
0042D94A |.
0042D94D |.
0042D950 |.
0042D952 |.
0042D954 |.
0042D959 |.
0042D95B |.
0042D95D |.
0042D95F |.
0042D961 |.
0042D963 |.
0042D965 |>
0042D967 |.^
0042D969 |.
0042D96C |.
fo.004331DE
0042D971 |.
0042D975 |.
0042D976 |.
0042D979 |.
0042D97E |.
0042D983 \.
0042D984
0042D986 /.
0042D987 |.
0042D989 |.
0042D98A |.
0042D98C |.
0042D98F |.
fo.0042D80D
0042D994 |.
0042D996 |>
0042D998 |.
0042D99A |.

8BFF
55
8BEC
803D 242B4500
75 12
68 C8D84200
C605 242B4500
E8 BC080000
59
8B45 08
A3 002B4500
5D
C3
6A 04
B8 936D4400
E8 0E6A0000
6A 00
8D4D F0
E8 D3FEFFFF

MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
CMP BYTE PTR DS:[452B24],0
JNE SHORT 0042D91A
PUSH 0042D8C8
MOV BYTE PTR DS:[452B24],1
CALL 0042E1D5
POP ECX
MOV EAX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR DS:[452B00],EAX
POP EBP
RETN
PUSH 4
MOV EAX,00446D93
CALL 0043433E
PUSH 0
LEA ECX,[EBP-10]
CALL 0042D80D

; /Arg1 = 0
; |
; \SystemIn

8B7D 08
8365 FC 00
8B77 0C
EB 1F
8B47 08
4E
8D04B0
8338 00
74 13
8B08
E8 D78DFDFF
85C0
74 08
8B10
6A 01
8BC8
FF12
85F6
77 DD
FF77 08
E8 6D580000

MOV EDI,DWORD PTR SS:[EBP+8]


AND DWORD PTR SS:[EBP-4],00000000
MOV ESI,DWORD PTR DS:[EDI+0C]
JMP SHORT 0042D965
/MOV EAX,DWORD PTR DS:[EDI+8]
|DEC ESI
|LEA EAX,[ESI*4+EAX]
|CMP DWORD PTR DS:[EAX],0
|JE SHORT 0042D965
|MOV ECX,DWORD PTR DS:[EAX]
|CALL 00406730
|TEST EAX,EAX
|JE SHORT 0042D965
|MOV EDX,DWORD PTR DS:[EAX]
|PUSH 1
|MOV ECX,EAX
|CALL DWORD PTR DS:[EDX]
|TEST ESI,ESI
\JA SHORT 0042D946
PUSH DWORD PTR DS:[EDI+8]
CALL 004331DE

; /Arg1
; \SystemIn

834D FC FF
59
8D4D F0
E8 B7FEFFFF
E8 246A0000
C3
8BFF
55
8BEC
51
6A 00
8D4D FC
E8 79FEFFFF

OR DWORD PTR SS:[EBP-4],FFFFFFFF


POP ECX
LEA ECX,[EBP-10]
CALL 0042D835
CALL 004343A7
RETN
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
PUSH ECX
PUSH 0
LEA ECX,[LOCAL.1]
CALL 0042D80D

; /Arg1 = 0
; |
; \SystemIn

EB 10
8BC8
8B00
6A 01

JMP SHORT 0042D9A6


/MOV ECX,EAX
|MOV EAX,DWORD PTR DS:[EAX]
|PUSH 1

; /Arg1 = 1

0042D99C |. A3 FC2A4500
0042D9A1 |. E8 E0FEFFFF
fo.0042D886
0042D9A6 |> A1 FC2A4500
0042D9AB |. 85C0
0042D9AD |.^ 75 E7
0042D9AF |. 8D4D FC
0042D9B2 |. E8 7EFEFFFF
0042D9B7 |. C9
0042D9B8 \. C3
0042D9B9 /$ 8BFF
0042D9BB |. 55
0042D9BC |. 8BEC
0042D9BE |. 833D FC2A4500
0042D9C5 |. 75 0B
0042D9C7 |. 68 84D94200
0042D9CC |. E8 86FEFFFF
0042D9D1 |. 59
0042D9D2 |> 6A 08
0042D9D4 |. E8 971B0000
fo.0042F570
0042D9D9 |. 59
0042D9DA |. 85C0
0042D9DC |. 74 10
0042D9DE |. 8B0D FC2A4500
0042D9E4 |. 8908
0042D9E6 |. 8B4D 08
0042D9E9 |. 8948 04
0042D9EC |. EB 02
0042D9EE |> 33C0
0042D9F0 |> A3 FC2A4500
0042D9F5 |. 5D
0042D9F6 \. C3
0042D9F7 /$ 8BFF
o.0042D9F7(guessed Arg1)
0042D9F9 |. 55
0042D9FA |. 8BEC
0042D9FC |. 8B45 08
0042D9FF |. 8378 50 00
0042DA03 |. 76 18
0042DA05 |. 8378 54 10
0042DA09 |. 72 05
0042DA0B |. 8B40 40
0042DA0E |. EB 03
0042DA10 |> 83C0 40
0042DA13 |> 50
0042DA14 |. 6A 00
0042DA16 |. E8 71430000
fo.00431D8C
0042DA1B |. 59
0042DA1C |. 59
0042DA1D |> 5D
0042DA1E \. C3
0042DA1F /$ 8BFF
o.0042DA1F(guessed Arg1)
0042DA21 |. 55
0042DA22 |. 8BEC
0042DA24 |. 56
0042DA25 |. FF75 08
[ARG.1]

|MOV DWORD PTR DS:[452AFC],EAX


|CALL 0042D886

; |
; \SystemIn

|MOV EAX,DWORD PTR DS:[452AFC]


|TEST EAX,EAX
\JNE SHORT 0042D996
LEA ECX,[LOCAL.1]
CALL 0042D835
LEAVE
RETN
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
CMP DWORD PTR DS:[452AFC],0
JNE SHORT 0042D9D2
PUSH 0042D984
CALL 0042D857
POP ECX
PUSH 8
CALL 0042F570

; /Arg1 = 8
; \SystemIn

POP ECX
TEST EAX,EAX
JE SHORT 0042D9EE
MOV ECX,DWORD PTR DS:[452AFC]
MOV DWORD PTR DS:[EAX],ECX
MOV ECX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR DS:[EAX+4],ECX
JMP SHORT 0042D9F0
XOR EAX,EAX
MOV DWORD PTR DS:[452AFC],EAX
POP EBP
RETN
MOV EDI,EDI

; SystemInf

PUSH EBP
MOV EBP,ESP
MOV EAX,DWORD PTR SS:[ARG.1]
CMP DWORD PTR DS:[EAX+50],0
JBE SHORT 0042DA1D
CMP DWORD PTR DS:[EAX+54],10
JB SHORT 0042DA10
MOV EAX,DWORD PTR DS:[EAX+40]
JMP SHORT 0042DA13
ADD EAX,40
PUSH EAX
PUSH 0
CALL 00431D8C

; /Arg2
; |Arg1 = 0
; \SystemIn

POP ECX
POP ECX
POP EBP
RETN
MOV EDI,EDI

; SystemInf

PUSH EBP
MOV EBP,ESP
PUSH ESI
PUSH DWORD PTR SS:[ARG.1]

; /Arg1 =>

0042DA28 |. 8BF1
0042DA2A |. E8 51080000
fo.0042E280
0042DA2F |. 59
0042DA30 |. 50
0042DA31 |. FF75 08
[ARG.1]
0042DA34 |. 8BCE
0042DA36 |. E8 1517FEFF
fo.0040F150
0042DA3B |. 5E
0042DA3C |. 5D
0042DA3D \. C2 0400
0042DA40 /$ 6A 04
o.0042DA40(guessed Arg1)
0042DA42 |. B8 B66D4400
0042DA47 |. E8 F2680000
0042DA4C |. 8BF1
0042DA4E |. 8975 F0
0042DA51 |. C746 04 01000
0042DA58 |. 33C0
0042DA5A |. 8945 FC
0042DA5D |. 8946 08
0042DA60 |. 8946 0C
0042DA63 |. 8946 10
0042DA66 |. 8A45 08
0042DA69 |. 68 D89C4400
ystemInfo.449CD8
0042DA6E |. 8D4E 18
0042DA71 |. C706 D49C4400
0042DA77 |. 8846 14
0042DA7A |. E8 7111FEFF
fo.0040EBF0
0042DA7F |. 8BC6
0042DA81 |. E8 21690000
0042DA86 \. C2 0400
0042DA89 /$ 6A 04
0042DA8B |. B8 E46D4400
0042DA90 |. E8 A9680000
0042DA95 |. 8BF1
0042DA97 |. 8975 F0
0042DA9A |. C706 D49C4400
0042DAA0 |. 56
0042DAA1 |. C745 FC 01000
0042DAA8 |. E8 77FEFFFF
0042DAAD |. 59
0042DAAE |. 6A 00
0042DAB0 |. 6A 01
0042DAB2 |. 8D4E 18
0042DAB5 |. E8 A620FEFF
fo.0040FB60
0042DABA |. C706 BC884400
0042DAC0 |. E8 E2680000
0042DAC5 \. C3
0042DAC6
8BFF
0042DAC8 /. 55
0042DAC9 |. 8BEC
0042DACB |. 56
0042DACC |. 8BF1
0042DACE |. E8 B6FFFFFF

MOV ESI,ECX
CALL 0042E280

; |
; \SystemIn

POP ECX
PUSH EAX
PUSH DWORD PTR SS:[ARG.1]

; /Arg2
; |Arg1 =>

MOV ECX,ESI
CALL 0040F150

; |
; \SystemIn

POP ESI
POP EBP
RETN 4
PUSH 4

; SystemInf

MOV EAX,00446DB6
CALL 0043433E
MOV ESI,ECX
MOV DWORD PTR SS:[EBP-10],ESI
MOV DWORD PTR DS:[ESI+4],1
XOR EAX,EAX
MOV DWORD PTR SS:[EBP-4],EAX
MOV DWORD PTR DS:[ESI+8],EAX
MOV DWORD PTR DS:[ESI+0C],EAX
MOV DWORD PTR DS:[ESI+10],EAX
MOV AL,BYTE PTR SS:[EBP+8]
PUSH OFFSET 00449CD8

; /Arg1 = S

LEA ECX,[ESI+18]
MOV DWORD PTR DS:[ESI],OFFSET 00449CD4
MOV BYTE PTR DS:[ESI+14],AL
CALL 0040EBF0

;
;
;
;

|
|
|
\SystemIn

MOV EAX,ESI
CALL 004343A7
RETN 4
PUSH 4
MOV EAX,00446DE4
CALL 0043433E
MOV ESI,ECX
MOV DWORD PTR SS:[EBP-10],ESI
MOV DWORD PTR DS:[ESI],OFFSET 00449CD4
PUSH ESI
MOV DWORD PTR SS:[EBP-4],1
CALL 0042D924
POP ECX
PUSH 0
PUSH 1
LEA ECX,[ESI+18]
CALL 0040FB60

;
;
;
;

/Arg2 = 0
|Arg1 = 1
|
\SystemIn

MOV DWORD PTR DS:[ESI],OFFSET 004488BC


CALL 004343A7
RETN
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
PUSH ESI
MOV ESI,ECX
CALL 0042DA89

0042DAD3 |. F645 08 01
0042DAD7 |. 74 07
0042DAD9 |. 56
0042DADA |. E8 3B0E0000
0042DADF |. 59
0042DAE0 |> 8BC6
0042DAE2 |. 5E
0042DAE3 |. 5D
0042DAE4 \. C2 0400
0042DAE7 /$ 6A 08
0042DAE9 |. B8 116E4400
0042DAEE |. E8 4B680000
0042DAF3 |. A1 002B4500
0042DAF8 |. 8BF0
0042DAFA |. 85C0
0042DAFC |. 75 7B
0042DAFE |. 50
[452B00] = 0
0042DAFF |. 8D4D F0
0042DB02 |. E8 06FDFFFF
fo.0042D80D
0042DB07 |. A1 002B4500
0042DB0C |. 2175 FC
0042DB0F |. 8BF0
0042DB11 |. 85C0
0042DB13 |. 75 58
0042DB15 |. 6A 34
4
0042DB17 |. E8 541A0000
fo.0042F570
0042DB1C |. 59
0042DB1D |. 8BC8
0042DB1F |. 894D EC
0042DB22 |. C645 FC 01
0042DB26 |. 85C9
0042DB28 |. 74 0A
0042DB2A |. 56
0042DB2B |. E8 10FFFFFF
fo.0042DA40
0042DB30 |. 8BF0
0042DB32 |. EB 02
0042DB34 |> 33F6
0042DB36 |> 56
0042DB37 |. C645 FC 00
0042DB3B |. E8 BAFDFFFF
0042DB40 |. 8D4E 18
0042DB43 |. C746 10 3F000
0042DB4A |. C70424 488744
SystemInfo.448748
0042DB51 |. E8 C9FEFFFF
fo.0042DA1F
0042DB56 |. 8BCE
0042DB58 |. 8935 042B4500
0042DB5E |. E8 1DB3FDFF
0042DB63 |. A1 042B4500
0042DB68 |. A3 1C2B4500
0042DB6D |> 834D FC FF
0042DB71 |. 8D4D F0
0042DB74 |. E8 BCFCFFFF
0042DB79 |> 8BC6

TEST BYTE PTR SS:[ARG.1],01


JE SHORT 0042DAE0
PUSH ESI
CALL 0042E91A
POP ECX
MOV EAX,ESI
POP ESI
POP EBP
RETN 4
PUSH 8
MOV EAX,00446E11
CALL 0043433E
MOV EAX,DWORD PTR DS:[452B00]
MOV ESI,EAX
TEST EAX,EAX
JNE SHORT 0042DB79
PUSH EAX

; /Arg1 =>

LEA ECX,[EBP-10]
CALL 0042D80D

; |
; \SystemIn

MOV EAX,DWORD PTR DS:[452B00]


AND DWORD PTR SS:[EBP-4],ESI
MOV ESI,EAX
TEST EAX,EAX
JNE SHORT 0042DB6D
PUSH 34

; /Arg1 = 3

CALL 0042F570

; \SystemIn

POP ECX
MOV ECX,EAX
MOV DWORD PTR SS:[EBP-14],ECX
MOV BYTE PTR SS:[EBP-4],1
TEST ECX,ECX
JE SHORT 0042DB34
PUSH ESI
CALL 0042DA40

; /Arg1
; \SystemIn

MOV ESI,EAX
JMP SHORT 0042DB36
XOR ESI,ESI
PUSH ESI
MOV BYTE PTR SS:[EBP-4],0
CALL 0042D8FA
LEA ECX,[ESI+18]
MOV DWORD PTR DS:[ESI+10],3F
MOV DWORD PTR SS:[ESP],OFFSET 00448748

; /Arg1 =>

CALL 0042DA1F

; \SystemIn

MOV ECX,ESI
MOV DWORD PTR DS:[452B04],ESI
CALL 00408E80
MOV EAX,DWORD PTR DS:[452B04]
MOV DWORD PTR DS:[452B1C],EAX
OR DWORD PTR SS:[EBP-4],FFFFFFFF
LEA ECX,[EBP-10]
CALL 0042D835
MOV EAX,ESI

0042DB7B |. E8 27680000
0042DB80 \. C3
0042DB81 /$ 8BFF
0042DB83 |. 55
0042DB84 |. 8BEC
0042DB86 |. 8B45 0C
0042DB89 |. 8378 18 10
0042DB8D |. 56
0042DB8E |. 57
0042DB8F |. 72 05
0042DB91 |. 8B70 04
0042DB94 |. EB 03
0042DB96 |> 8D70 04
0042DB99 |> 6A 00
0042DB9B |. 6A 00
0042DB9D |. E8 EA410000
fo.00431D8C
0042DBA2 |. 59
0042DBA3 |. 59
0042DBA4 |. 85C0
0042DBA6 |. 75 05
0042DBA8 |. B8 77874400
0042DBAD |> 8B7D 08
0042DBB0 |. 50
0042DBB1 |. 8D4F 3C
0042DBB4 |. E8 66FEFFFF
fo.0042DA1F
0042DBB9 |. 85F6
0042DBBB |. 74 0E
0042DBBD |. 56
0042DBBE |. 6A 00
0042DBC0 |. E8 C7410000
fo.00431D8C
0042DBC5 |. 59
0042DBC6 |. 59
0042DBC7 |. 85C0
0042DBC9 |. 75 05
0042DBCB |> B8 D89C4400
0042DBD0 |> 50
0042DBD1 |. 8D4F 58
0042DBD4 |. E8 46FEFFFF
fo.0042DA1F
0042DBD9 |. 5F
0042DBDA |. 5E
0042DBDB |. 5D
0042DBDC \. C3
0042DBDD /$ 8BFF
o.0042DBDD(guessed void)
0042DBDF |. 56
0042DBE0 |. E8 DE150000
0042DBE5 |. 8B70 08
0042DBE8 |. E8 B0150000
fo.0042F19D
0042DBED |. 8BD0
0042DBEF |. 8BC6
0042DBF1 |. 5E
0042DBF2 \. C3
0042DBF3 /$ 8BFF
o.0042DBF3(guessed Arg1)
0042DBF5 |. 55

CALL 004343A7
RETN
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
MOV EAX,DWORD PTR SS:[ARG.2]
CMP DWORD PTR DS:[EAX+18],10
PUSH ESI
PUSH EDI
JB SHORT 0042DB96
MOV ESI,DWORD PTR DS:[EAX+4]
JMP SHORT 0042DB99
LEA ESI,[EAX+4]
PUSH 0
PUSH 0
CALL 00431D8C

; /Arg2 = 0
; |Arg1 = 0
; \SystemIn

POP ECX
POP ECX
TEST EAX,EAX
JNE SHORT 0042DBAD
MOV EAX,OFFSET 00448777
MOV EDI,DWORD PTR SS:[ARG.1]
PUSH EAX
LEA ECX,[EDI+3C]
CALL 0042DA1F

; /Arg1
; |
; \SystemIn

TEST ESI,ESI
JE SHORT 0042DBCB
PUSH ESI
PUSH 0
CALL 00431D8C

; /Arg2
; |Arg1 = 0
; \SystemIn

POP ECX
POP ECX
TEST EAX,EAX
JNE SHORT 0042DBD0
MOV EAX,OFFSET 00449CD8
PUSH EAX
LEA ECX,[EDI+58]
CALL 0042DA1F

; /Arg1
; |
; \SystemIn

POP EDI
POP ESI
POP EBP
RETN
MOV EDI,EDI

; SystemInf

PUSH ESI
CALL 0042F1C3
MOV ESI,DWORD PTR DS:[EAX+8]
CALL 0042F19D

; [SystemIn

MOV EDX,EAX
MOV EAX,ESI
POP ESI
RETN
MOV EDI,EDI

; SystemInf

PUSH EBP

0042DBF6 |. 8BEC
MOV EBP,ESP
0042DBF8 |. 56
PUSH ESI
0042DBF9 |. FF75 08
PUSH DWORD PTR SS:[ARG.1]
[ARG.1]
0042DBFC |. 8BF1
MOV ESI,ECX
0042DBFE |. E8 3DAFFDFF CALL 00408B40
fo.00408B40
0042DC03 |. C706 14884400 MOV DWORD PTR DS:[ESI],OFFSET 00448814
0042DC09 |. 8BC6
MOV EAX,ESI
0042DC0B |. 5E
POP ESI
0042DC0C |. 5D
POP EBP
0042DC0D \. C2 0400
RETN 4
0042DC10 /$ 8BFF
MOV EDI,EDI
o.0042DC10(guessed Arg1)
0042DC12 |. 55
PUSH EBP
0042DC13 |. 8BEC
MOV EBP,ESP
0042DC15 |. 56
PUSH ESI
0042DC16 |. FF75 08
PUSH DWORD PTR SS:[ARG.1]
[ARG.1]
0042DC19 |. 8BF1
MOV ESI,ECX
0042DC1B |. E8 20AFFDFF CALL 00408B40
fo.00408B40
0042DC20 |. C706 54884400 MOV DWORD PTR DS:[ESI],OFFSET 00448854
0042DC26 |. 8BC6
MOV EAX,ESI
0042DC28 |. 5E
POP ESI
0042DC29 |. 5D
POP EBP
0042DC2A \. C2 0400
RETN 4
0042DC2D /$ 6A 44
PUSH 44
0042DC2F |. B8 346E4400 MOV EAX,00446E34
0042DC34 |. E8 05670000 CALL 0043433E
0042DC39 |. 68 DC9C4400 PUSH OFFSET 00449CDC
SCII "string too long"
0042DC3E |. 8D4D D8
LEA ECX,[EBP-28]
0042DC41 |. E8 AA0FFEFF CALL 0040EBF0
fo.0040EBF0
0042DC46 |. 8365 FC 00
AND DWORD PTR SS:[EBP-4],00000000
0042DC4A |. 8D45 D8
LEA EAX,[EBP-28]
0042DC4D |. 50
PUSH EAX
ARG.EBP-28
0042DC4E |. 8D4D B0
LEA ECX,[EBP-50]
0042DC51 |. E8 9DFFFFFF CALL 0042DBF3
fo.0042DBF3
0042DC56 |. 68 20D44400 PUSH OFFSET 0044D420
ystemInfo.44D420
0042DC5B |. 8D45 B0
LEA EAX,[EBP-50]
0042DC5E |. 50
PUSH EAX
ARG.EBP-50
0042DC5F |. E8 C10C0000 CALL 0042E925
fo.0042E925
0042DC64 |. CC
INT3
0042DC65 |$ 6A 44
PUSH 44
0042DC67 |. B8 346E4400 MOV EAX,00446E34
0042DC6C |. E8 CD660000 CALL 0043433E
0042DC71 |. 68 EC9C4400 PUSH OFFSET 00449CEC
SCII "invalid string position"
0042DC76 |. 8D4D D8
LEA ECX,[EBP-28]
0042DC79 |. E8 720FFEFF CALL 0040EBF0
fo.0040EBF0
0042DC7E |. 8365 FC 00
AND DWORD PTR SS:[EBP-4],00000000
0042DC82 |. 8D45 D8
LEA EAX,[EBP-28]

; /Arg1 =>
; |
; \SystemIn

; SystemInf

; /Arg1 =>
; |
; \SystemIn

; /Arg1 = A
; |
; \SystemIn

; /Arg1 =>
; |
; \SystemIn
; /Arg2 = S
; |
; |Arg1 =>
; \SystemIn

; /Arg1 = A
; |
; \SystemIn

0042DC85 |. 50
ARG.EBP-28
0042DC86 |. 8D4D B0
0042DC89 |. E8 82FFFFFF
fo.0042DC10
0042DC8E |. 68 7CD54400
ystemInfo.44D57C
0042DC93 |. 8D45 B0
0042DC96 |. 50
ARG.EBP-50
0042DC97 |. E8 890C0000
fo.0042E925
0042DC9C |. CC
0042DC9D |$ 8BFF
0042DC9F |. 56
0042DCA0 |. 6A 18
8
0042DCA2 |. 8BF1
0042DCA4 |. E8 C7180000
fo.0042F570
0042DCA9 |. 50
0042DCAA |. 8906
0042DCAC |. E8 E4040000
fo.0042E195
0042DCB1 |. 59
0042DCB2 |. 59
0042DCB3 |. 8BC6
0042DCB5 |. 5E
0042DCB6 \. C3
0042DCB7 /$ 8BFF
0042DCB9 |. 56
0042DCBA |. 8BF1
0042DCBC |. FF36
0042DCBE |. E8 E2040000
fo.0042E1A5
0042DCC3 |. FF36
0042DCC5 |. E8 500C0000
0042DCCA |. 59
0042DCCB |. 59
0042DCCC |. 5E
0042DCCD \. C3
0042DCCE /$ FF31
0042DCD0 |. E8 E0040000
0042DCD5 |. 59
0042DCD6 \. C3
0042DCD7 /$ FF31
0042DCD9 |. E8 E7040000
0042DCDE |. 59
0042DCDF \. C3
0042DCE0 /$ 8BFF
o.0042DCE0(guessed Arg1)
0042DCE2 |. 55
0042DCE3 |. 8BEC
0042DCE5 |. 56
0042DCE6 |. 57
0042DCE7 |. 8BF9
0042DCE9 |. 8B77 20
0042DCEC |. EB 0F
0042DCEE |> FF76 04
0042DCF1 |. 57

PUSH EAX

; /Arg1 =>

LEA ECX,[EBP-50]
CALL 0042DC10

; |
; \SystemIn

PUSH OFFSET 0044D57C

; /Arg2 = S

LEA EAX,[EBP-50]
PUSH EAX

; |
; |Arg1 =>

CALL 0042E925

; \SystemIn

INT3
MOV EDI,EDI
PUSH ESI
PUSH 18

; /Arg1 = 1

MOV ESI,ECX
CALL 0042F570

; |
; \SystemIn

PUSH EAX
MOV DWORD PTR DS:[ESI],EAX
CALL 0042E195

; /Arg1
; |
; \SystemIn

POP ECX
POP ECX
MOV EAX,ESI
POP ESI
RETN
MOV EDI,EDI
PUSH ESI
MOV ESI,ECX
PUSH DWORD PTR DS:[ESI]
CALL 0042E1A5

; /Arg1
; \SystemIn

PUSH DWORD PTR DS:[ESI]


CALL 0042E91A
POP ECX
POP ECX
POP ESI
RETN
PUSH DWORD PTR DS:[ECX]
CALL 0042E1B5
POP ECX
RETN
PUSH DWORD PTR DS:[ECX]
CALL 0042E1C5
POP ECX
RETN
MOV EDI,EDI

; SystemInf

PUSH EBP
MOV EBP,ESP
PUSH ESI
PUSH EDI
MOV EDI,ECX
MOV ESI,DWORD PTR DS:[EDI+20]
JMP SHORT 0042DCFD
/PUSH DWORD PTR DS:[ESI+4]
|PUSH EDI

0042DCF2 |. FF75 08
0042DCF5 |. FF56 08
0042DCF8 |. 8B36
0042DCFA |. 83C4 0C
0042DCFD |> 85F6
0042DCFF |.^ 75 ED
0042DD01 |. 5F
0042DD02 |. 5E
0042DD03 |. 5D
0042DD04 \. C2 0400
0042DD07 /$ 8BFF
o.0042DD07(guessed Arg1)
0042DD09 |. 55
0042DD0A |. 8BEC
0042DD0C |. 56
0042DD0D |. 8B75 08
0042DD10 |. 57
0042DD11 |. 6A 00
0042DD13 |. 8BCE
0042DD15 |. E8 C6FFFFFF
fo.0042DCE0
0042DD1A |. 8B46 1C
0042DD1D |. 85C0
0042DD1F |. 74 0F
0042DD21 |> 8B38
0042DD23 |. 50
0042DD24 |. E8 F10B0000
0042DD29 |. 59
0042DD2A |. 8BC7
0042DD2C |. 85FF
0042DD2E |.^ 75 F1
0042DD30 |> 8B46 20
0042DD33 |. 8366 1C 00
0042DD37 |. 85C0
0042DD39 |. 74 0F
0042DD3B |> 8B38
0042DD3D |. 50
0042DD3E |. E8 D70B0000
0042DD43 |. 59
0042DD44 |. 8BC7
0042DD46 |. 85FF
0042DD48 |.^ 75 F1
0042DD4A |> 8366 20 00
0042DD4E |. 5F
0042DD4F |. 5E
0042DD50 |. 5D
0042DD51 \. C3
0042DD52 /$ 8BFF
o.0042DD52(guessed Arg1)
0042DD54 |. 55
0042DD55 |. 8BEC
0042DD57 |. 56
0042DD58 |. 8BF1
0042DD5A |. E8 8189FDFF
0042DD5F |. F645 08 01
0042DD63 |. 74 07
0042DD65 |. 56
0042DD66 |. E8 AF0B0000
0042DD6B |. 59
0042DD6C |> 8BC6

|PUSH DWORD PTR SS:[ARG.1]


|CALL DWORD PTR DS:[ESI+8]
|MOV ESI,DWORD PTR DS:[ESI]
|ADD ESP,0C
|TEST ESI,ESI
\JNE SHORT 0042DCEE
POP EDI
POP ESI
POP EBP
RETN 4
MOV EDI,EDI

; SystemInf

PUSH EBP
MOV EBP,ESP
PUSH ESI
MOV ESI,DWORD PTR SS:[ARG.1]
PUSH EDI
PUSH 0
MOV ECX,ESI
CALL 0042DCE0

; /Arg1 = 0
; |
; \SystemIn

MOV EAX,DWORD PTR DS:[ESI+1C]


TEST EAX,EAX
JE SHORT 0042DD30
/MOV EDI,DWORD PTR DS:[EAX]
|PUSH EAX
|CALL 0042E91A
|POP ECX
|MOV EAX,EDI
|TEST EDI,EDI
\JNE SHORT 0042DD21
MOV EAX,DWORD PTR DS:[ESI+20]
AND DWORD PTR DS:[ESI+1C],00000000
TEST EAX,EAX
JE SHORT 0042DD4A
/MOV EDI,DWORD PTR DS:[EAX]
|PUSH EAX
|CALL 0042E91A
|POP ECX
|MOV EAX,EDI
|TEST EDI,EDI
\JNE SHORT 0042DD3B
AND DWORD PTR DS:[ESI+20],00000000
POP EDI
POP ESI
POP EBP
RETN
MOV EDI,EDI

; SystemInf

PUSH EBP
MOV EBP,ESP
PUSH ESI
MOV ESI,ECX
CALL 004066E0
TEST BYTE PTR SS:[ARG.1],01
JE SHORT 0042DD6C
PUSH ESI
CALL 0042E91A
POP ECX
MOV EAX,ESI

0042DD6E |. 5E
0042DD6F |. 5D
0042DD70 \. C2 0400
0042DD73 /$ 8BFF
0042DD75 |. 55
0042DD76 |. 8BEC
0042DD78 |. 51
0042DD79 |. 6A 02
0042DD7B |. 8D4D FC
0042DD7E |. E8 8AFAFFFF
fo.0042D80D
0042DD83 |. 8B45 08
0042DD86 |. C740 04 01000
0042DD8D |> 8B48 04
0042DD90 |. 8B0C8D 342B45
0042DD97 |. 85C9
0042DD99 |. 74 0D
0042DD9B |. 3BC8
0042DD9D |. 74 09
0042DD9F |. FF40 04
0042DDA2 |. 8378 04 08
0042DDA6 |.^ 72 E5
0042DDA8 |> 8B48 04
0042DDAB |. 89048D 342B45
0042DDB2 |. 8B40 04
0042DDB5 |. FE80 5C2B4500
0042DDBB |. 8D4D FC
0042DDBE |. E8 72FAFFFF
0042DDC3 |. C9
0042DDC4 \. C3
0042DDC5 /$ 8BFF
o.0042DDC5(guessed Arg1)
0042DDC7 |. 55
0042DDC8 |. 8BEC
0042DDCA |. 56
0042DDCB |. 8B75 08
0042DDCE |. 837E 04 00
0042DDD2 |. 76 15
0042DDD4 |. 8B46 04
0042DDD7 |. FE88 5C2B4500
0042DDDD |. 8B46 04
0042DDE0 |. 80B8 5C2B4500
0042DDE7 |. 7F 15
0042DDE9 |> 56
[ARG.1]
0042DDEA |. E8 18FFFFFF
fo.0042DD07
0042DDEF |. 59
0042DDF0 |. 8B4E 24
0042DDF3 |. 85C9
0042DDF5 |. 74 07
0042DDF7 |. 6A 01
0042DDF9 |. E8 54FFFFFF
fo.0042DD52
0042DDFE |> 5E
0042DDFF |. 5D
0042DE00 \. C3
0042DE01 /$ 8BFF
0042DE03 |. 55
0042DE04 |. 8BEC

POP ESI
POP EBP
RETN 4
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
PUSH ECX
PUSH 2
LEA ECX,[LOCAL.1]
CALL 0042D80D

; /Arg1 = 2
; |
; \SystemIn

MOV EAX,DWORD PTR SS:[ARG.1]


MOV DWORD PTR DS:[EAX+4],1
/MOV ECX,DWORD PTR DS:[EAX+4]
|MOV ECX,DWORD PTR DS:[ECX*4+452B34]
|TEST ECX,ECX
|JE SHORT 0042DDA8
|CMP ECX,EAX
|JE SHORT 0042DDA8
|INC DWORD PTR DS:[EAX+4]
|CMP DWORD PTR DS:[EAX+4],8
\JB SHORT 0042DD8D
MOV ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR DS:[ECX*4+452B34],EAX
MOV EAX,DWORD PTR DS:[EAX+4]
INC BYTE PTR DS:[EAX+452B5C]
LEA ECX,[LOCAL.1]
CALL 0042D835
LEAVE
RETN
MOV EDI,EDI

; SystemInf

PUSH EBP
MOV EBP,ESP
PUSH ESI
MOV ESI,DWORD PTR SS:[ARG.1]
CMP DWORD PTR DS:[ESI+4],0
JBE SHORT 0042DDE9
MOV EAX,DWORD PTR DS:[ESI+4]
DEC BYTE PTR DS:[EAX+452B5C]
MOV EAX,DWORD PTR DS:[ESI+4]
CMP BYTE PTR DS:[EAX+452B5C],0
JG SHORT 0042DDFE
PUSH ESI

; /Arg1 =>

CALL 0042DD07

; \SystemIn

POP ECX
MOV ECX,DWORD PTR DS:[ESI+24]
TEST ECX,ECX
JE SHORT 0042DDFE
PUSH 1
CALL 0042DD52

; /Arg1 = 1
; \SystemIn

POP ESI
POP EBP
RETN
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP

0042DE06
0042DE09
0042DE0A
0042DE0B
0042DE0C
0042DE0E
0042DE10
0042DE13
0042DE19
0042DE1C
0042DE1E
0042DE21
0042DE24
0042DE26
0042DE29
0042DE2B
0042DE31
0042DE33
0042DE34
0042DE36
0042DE38
0042DE3F
0042DE40
0042DE42
0042DE44
0042DE46
0042DE49
0042DE50
0042DE52
0042DE54
0042DE56
0042DE58
0042DE5A
0042DE5D
0042DE5F
0042DE62
0042DE67
0042DE6A
0042DE6F
0042DE72
0042DE74
0042DE76
0042DE77
0042DE7C
0042DE7D
0042DE7F
0042DE82
0042DE88
0042DE89
0042DE8C
0042DE91
0042DE93
0042DE96
0042DE98
0042DE9A
0042DE9C
0042DE9E
0042DEA0
0042DEA2
0042DEA3

|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|>
|.
|.
|.
|>
|.
|.
|.
|.
|.^
|>
|.
|.
|.
|>
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.^
|>
|.
|.
|.
|.
|.
|.
|.
|.^
|.
|.
|.
|.
|.
|.

8B55 0C
53
56
57
8BDA
8BFA
83E3 04
81E7 80000000
F6C2 40
74 03
83CA 01
F6C2 08
74 03
83CA 02
33C9
81E2 3BFFFFFF
33C0
41
3BCA
74 0C
8B0C85 109D44
40
85C9
75 F0
8BF0
C1E6 02
83BE 0C9D4400
75 04
33C0
EB 5E
85FF
74 25
F6C2 01
74 20
FF75 10
68 089D4400
FF75 08
E8 D7650000
83C4 0C
85C0
74 09
50
E8 E6520000
59
EB D3
FF75 10
8BB6 F4144500
56
FF75 08
E8 B5650000
8BF0
83C4 0C
85F6
74 B8
85DB
74 14
6A 02
6A 00
56
E8 954E0000

MOV EDX,DWORD PTR SS:[ARG.2]


PUSH EBX
PUSH ESI
PUSH EDI
MOV EBX,EDX
MOV EDI,EDX
AND EBX,00000004
AND EDI,00000080
TEST DL,40
JE SHORT 0042DE21
OR EDX,00000001
TEST DL,08
JE SHORT 0042DE29
OR EDX,00000002
XOR ECX,ECX
AND EDX,FFFFFF3B
XOR EAX,EAX
INC ECX
/CMP ECX,EDX
|JE SHORT 0042DE44
|MOV ECX,DWORD PTR DS:[EAX*4+449D10]
|INC EAX
|TEST ECX,ECX
\JNE SHORT 0042DE34
MOV ESI,EAX
SHL ESI,2
CMP DWORD PTR DS:[ESI+449D0C],0
JNE SHORT 0042DE56
XOR EAX,EAX
JMP SHORT 0042DEB4
TEST EDI,EDI
JE SHORT 0042DE7F
TEST DL,01
JE SHORT 0042DE7F
PUSH DWORD PTR SS:[ARG.3]
PUSH OFFSET 00449D08
PUSH DWORD PTR SS:[ARG.1]
CALL 00434446
ADD ESP,0C
TEST EAX,EAX
JE SHORT 0042DE7F
PUSH EAX
CALL 00433162
POP ECX
JMP SHORT 0042DE52
PUSH DWORD PTR SS:[ARG.3]
MOV ESI,DWORD PTR DS:[ESI+4514F4]
PUSH ESI
PUSH DWORD PTR SS:[ARG.1]
CALL 00434446
MOV ESI,EAX
ADD ESP,0C
TEST ESI,ESI
JE SHORT 0042DE52
TEST EBX,EBX
JE SHORT 0042DEB2
PUSH 2
PUSH 0
PUSH ESI
CALL 00432D3D

0042DEA8 |. 83C4 0C
ADD ESP,0C
0042DEAB |. 85C0
TEST EAX,EAX
0042DEAD |. 74 03
JE SHORT 0042DEB2
0042DEAF |. 56
PUSH ESI
0042DEB0 |.^ EB C5
JMP SHORT 0042DE77
0042DEB2 |> 8BC6
MOV EAX,ESI
0042DEB4 |> 5F
POP EDI
0042DEB5 |. 5E
POP ESI
0042DEB6 |. 5B
POP EBX
0042DEB7 |. 5D
POP EBP
0042DEB8 \. C3
RETN
0042DEB9 /$ 8BFF
MOV EDI,EDI
o.0042DEB9(guessed Arg1,Arg2,Arg3)
0042DEBB |. 55
PUSH EBP
0042DEBC |. 8BEC
MOV EBP,ESP
0042DEBE |. 81EC 0C020000 SUB ESP,20C
0042DEC4 |. A1 A0154500 MOV EAX,DWORD PTR DS:[4515A0]
0042DEC9 |. 33C5
XOR EAX,EBP
0042DECB |. 8945 FC
MOV DWORD PTR SS:[LOCAL.1],EAX
0042DECE |. 8B45 08
MOV EAX,DWORD PTR SS:[ARG.1]
0042DED1 |. 68 03010000 PUSH 103
03
0042DED6 |. 50
PUSH EAX
[ARG.1]
0042DED7 |. 68 04010000 PUSH 104
04
0042DEDC |. 8D85 F4FDFFFF LEA EAX,[LOCAL.131]
0042DEE2 |. 50
PUSH EAX
OFFSET LOCAL.131
0042DEE3 |. 6A 00
PUSH 0
0042DEE5 |. E8 D3680000 CALL 004347BD
fo.004347BD
0042DEEA |. 83C4 14
ADD ESP,14
0042DEED |. 85C0
TEST EAX,EAX
0042DEEF |. 74 04
JE SHORT 0042DEF5
0042DEF1 |. 33C0
XOR EAX,EAX
0042DEF3 |. EB 15
JMP SHORT 0042DF0A
0042DEF5 |> FF75 10
PUSH DWORD PTR SS:[ARG.3]
0042DEF8 |. 8D85 F4FDFFFF LEA EAX,[LOCAL.131]
0042DEFE |. FF75 0C
PUSH DWORD PTR SS:[ARG.2]
0042DF01 |. 50
PUSH EAX
0042DF02 |. E8 FAFEFFFF CALL 0042DE01
0042DF07 |. 83C4 0C
ADD ESP,0C
0042DF0A |> 8B4D FC
MOV ECX,DWORD PTR SS:[LOCAL.1]
0042DF0D |. 33CD
XOR ECX,EBP
0042DF0F |. E8 DD070000 CALL 0042E6F1
0042DF14 |. C9
LEAVE
0042DF15 \. C3
RETN
0042DF16 /$ 8BFF
MOV EDI,EDI
0042DF18 |. 55
PUSH EBP
0042DF19 |. 8BEC
MOV EBP,ESP
0042DF1B |. 83EC 10
SUB ESP,10
0042DF1E |. 56
PUSH ESI
0042DF1F |. 8B75 0C
MOV ESI,DWORD PTR SS:[ARG.2]
0042DF22 |. 85F6
TEST ESI,ESI
0042DF24 |. 75 12
JNE SHORT 0042DF38
0042DF26 |. E8 98120000 CALL 0042F1C3
0042DF2B |. 8B40 08
MOV EAX,DWORD PTR DS:[EAX+8]
0042DF2E |. 8945 F4
MOV DWORD PTR SS:[LOCAL.3],EAX
0042DF31 |. E8 67120000 CALL 0042F19D

; SystemInf

; /Arg5 = 1
; |Arg4 =>
; |Arg3 = 1
; |
; |Arg2 =>
; |Arg1 = 0
; \SystemIn

; [SystemIn

fo.0042F19D
0042DF36 |.
0042DF38 |>
0042DF3A |.
0042DF3D |.
0042DF40 |>
0042DF44 |.
0042DF47 |.
0042DF49 |.
0042DF4C |.
0042DF4F |.
0042DF52 |.
0042DF58 |.
0042DF5B |.
0042DF60 |>
0042DF61 |.
0042DF64 |.
0042DF65 |.
0042DF6A |.
0042DF6C |.
0042DF6E |.
0042DF70 |.
0042DF72 |.
[ARG.1]
0042DF73 |.
fo.00434C61
0042DF78 |.
0042DF79 |.
0042DF7B |.
0042DF7D |.
0042DF82 |>
0042DF85 |.
0042DF89 |.
0042DF8B |>
0042DF8D |.
0042DF8F |>
0042DF92 |.
0042DF96 |.
0042DF9B |.
0042DF9F |.
0042DFA3 |.
0042DFA8 |.
0042DFAA |>
0042DFAD |.
0042DFB0 |.
0042DFB4 |.
0042DFB7 |.
0042DFBC |.
0042DFC0 |.
0042DFC3 |.
0042DFC6 |>
0042DFC8 |.
0042DFCA |.
0042DFCD |.
0042DFCF |.
0042DFD2 |.
0042DFD5 |.
0042DFD9 |.
0042DFDA |.
0042DFDC |>

EB 08
8B06
8945 F4
8B46 04
837D F4 00
8945 F0
75 17
8B45 08
8D48 BF
83F9 19
0F87 C8000000
83C0 20
E9 C0000000
53
8B5D 08
57
BF 00010000
3BDF
73 1D
85F6
75 10
53

JMP SHORT 0042DF40


MOV EAX,DWORD PTR DS:[ESI]
MOV DWORD PTR SS:[LOCAL.3],EAX
MOV EAX,DWORD PTR DS:[ESI+4]
CMP DWORD PTR SS:[LOCAL.3],0
MOV DWORD PTR SS:[LOCAL.4],EAX
JNE SHORT 0042DF60
MOV EAX,DWORD PTR SS:[ARG.1]
LEA ECX,[EAX-41]
CMP ECX,19
JA 0042E020
ADD EAX,20
JMP 0042E020
PUSH EBX
MOV EBX,DWORD PTR SS:[ARG.1]
PUSH EDI
MOV EDI,100
CMP EBX,EDI
JNB SHORT 0042DF8B
TEST ESI,ESI
JNE SHORT 0042DF82
PUSH EBX

; /Arg1 =>

E8 E96C0000

CALL 00434C61

; \SystemIn

59
85C0
75 12
E9 86000000
8B46 08
F60458 01
74 7D
85F6
75 1B
895D F8
C17D F8 08
E8 4C6C0000
0FB64D F8
0FB70448
25 00800000
EB 1C
8B4E 08
895D F8
C17D F8 08
8B45 F8
25 FF000000
0FBF0441
C1E8 0F
83E0 01
85C0
74 12
8A45 F8
6A 02
8845 0C
885D 0D
C645 0E 00
58
EB 0A
33C0

POP ECX
TEST EAX,EAX
JNE SHORT 0042DF8F
JMP 0042E008
MOV EAX,DWORD PTR DS:[ESI+8]
TEST BYTE PTR DS:[EBX*2+EAX],01
JE SHORT 0042E008
TEST ESI,ESI
JNE SHORT 0042DFAA
MOV DWORD PTR SS:[LOCAL.2],EBX
SAR DWORD PTR SS:[LOCAL.2],8
CALL 00434BE7
MOVZX ECX,BYTE PTR SS:[LOCAL.2]
MOVZX EAX,WORD PTR DS:[ECX*2+EAX]
AND EAX,00008000
JMP SHORT 0042DFC6
MOV ECX,DWORD PTR DS:[ESI+8]
MOV DWORD PTR SS:[LOCAL.2],EBX
SAR DWORD PTR SS:[LOCAL.2],8
MOV EAX,DWORD PTR SS:[LOCAL.2]
AND EAX,000000FF
MOVSX EAX,WORD PTR DS:[EAX*2+ECX]
SHR EAX,0F
AND EAX,00000001
TEST EAX,EAX
JE SHORT 0042DFDC
MOV AL,BYTE PTR SS:[LOCAL.2]
PUSH 2
MOV BYTE PTR SS:[ARG.2],AL
MOV BYTE PTR SS:[ARG.2+1],BL
MOV BYTE PTR SS:[ARG.2+2],0
POP EAX
JMP SHORT 0042DFE6
XOR EAX,EAX

0042DFDE |. 885D 0C
0042DFE1 |. C645 0D 00
0042DFE5 |. 40
0042DFE6 |> 6A 01
0042DFE8 |. FF75 F0
[LOCAL.4]
0042DFEB |. 8D4D FC
0042DFEE |. 6A 03
0042DFF0 |. 51
OFFSET LOCAL.1
0042DFF1 |. 50
0042DFF2 |. 8D45 0C
0042DFF5 |. 50
OFFSET ARG.2
0042DFF6 |. 57
0042DFF7 |. FF75 F4
[LOCAL.3]
0042DFFA |. 6A 00
0042DFFC |. E8 A16B0000
fo.00434BA2
0042E001 |. 83C4 24
0042E004 |. 85C0
0042E006 |. 75 04
0042E008 |> 8BC3
0042E00A |. EB 12
0042E00C |> 83F8 01
0042E00F |. 0FB645 FC
0042E013 |. 74 09
0042E015 |. 0FB64D FD
0042E019 |. C1E0 08
0042E01C |. 0BC1
0042E01E |> 5F
0042E01F |. 5B
0042E020 |> 5E
0042E021 |. C9
0042E022 \. C3
0042E023 /$ 8BFF
0042E025 |. 55
0042E026 |. 8BEC
0042E028 |. 56
0042E029 |. E8 95110000
0042E02E |. 8B40 04
0042E031 |. 8B75 08
0042E034 |. 8906
0042E036 |. E8 62110000
fo.0042F19D
0042E03B |. 6A 02
0042E03D |. 68 00010000
00
0042E042 |. 8946 04
0042E045 |. E8 0E6E0000
fo.00434E58
0042E04A |. 59
0042E04B |. 59
0042E04C |. 8946 08
0042E04F |. 85C0
0042E051 |. 74 1F
0042E053 |. 68 00020000
00
0042E058 |. E8 8A6B0000

MOV BYTE PTR SS:[ARG.2],BL


MOV BYTE PTR SS:[ARG.2+1],0
INC EAX
PUSH 1
PUSH DWORD PTR SS:[LOCAL.4]

; /Arg9 = 1
; |Arg8 =>

LEA ECX,[LOCAL.1]
PUSH 3
PUSH ECX

; |
; |Arg7 = 3
; |Arg6 =>

PUSH EAX
LEA EAX,[ARG.2]
PUSH EAX

; |Arg5
; |
; |Arg4 =>

PUSH EDI
PUSH DWORD PTR SS:[LOCAL.3]

; |Arg3
; |Arg2 =>

PUSH 0
CALL 00434BA2

; |Arg1 = 0
; \SystemIn

ADD ESP,24
TEST EAX,EAX
JNE SHORT 0042E00C
MOV EAX,EBX
JMP SHORT 0042E01E
CMP EAX,1
MOVZX EAX,BYTE PTR SS:[LOCAL.1]
JE SHORT 0042E01E
MOVZX ECX,BYTE PTR SS:[LOCAL.1+1]
SHL EAX,8
OR EAX,ECX
POP EDI
POP EBX
POP ESI
LEAVE
RETN
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
PUSH ESI
CALL 0042F1C3
MOV EAX,DWORD PTR DS:[EAX+4]
MOV ESI,DWORD PTR SS:[ARG.1]
MOV DWORD PTR DS:[ESI],EAX
CALL 0042F19D

; [SystemIn

PUSH 2
PUSH 100

; /Arg2 = 2
; |Arg1 = 1

MOV DWORD PTR DS:[ESI+4],EAX


CALL 00434E58

; |
; \SystemIn

POP ECX
POP ECX
MOV DWORD PTR DS:[ESI+8],EAX
TEST EAX,EAX
JE SHORT 0042E072
PUSH 200

; /Arg3 = 2

CALL 00434BE7

; |

0042E05D |.
0042E05E |.
0042E061 |.
fo.0042F1F0
0042E066 |.
0042E069 |.
0042E070 |.
0042E072 |>
0042E077 |.
0042E07B |.
0042E07E |>
0042E080 |.
0042E081 |.
0042E082 \.
0042E083 /$
0042E085 |.
0042E086 |.
0042E088 |.
0042E08B |.
0042E08C |.
0042E08F |.
0042E091 |.
0042E093 |.
0042E098 |.
0042E09B |.
0042E09E |.
fo.0042F19D
0042E0A3 |.
0042E0A5 |>
0042E0A7 |.
0042E0AA |.
0042E0AD |>
0042E0B1 |.
0042E0B4 |.
0042E0B6 |.
0042E0B9 |.
0042E0BC |.
0042E0BF |.
0042E0C5 |.
0042E0C8 |.
0042E0CD |>
0042E0CE |.
0042E0D1 |.
0042E0D7 |.
0042E0D9 |.
0042E0DB |.
0042E0DD |.
[ARG.1]
0042E0DE |.
fo.00434CE0
0042E0E3 |.
0042E0E4 |.
0042E0E6 |.
0042E0E8 |.
0042E0ED |>
0042E0F0 |.
0042E0F4 |.
0042E0FA |>
0042E0FC |.
0042E0FE |>

50
FF76 08
E8 8A110000

PUSH EAX
PUSH DWORD PTR DS:[ESI+8]
CALL 0042F1F0

; |Arg2
; |Arg1
; \SystemIn

83C4 0C
C746 0C 01000
EB 0C
E8 706B0000
8366 0C 00
8946 08
8BC6
5E
5D
C3
8BFF
55
8BEC
83EC 10
56
8B75 0C
85F6
75 12
E8 2B110000
8B40 08
8945 F4
E8 FA100000

ADD ESP,0C
MOV DWORD PTR DS:[ESI+0C],1
JMP SHORT 0042E07E
CALL 00434BE7
AND DWORD PTR DS:[ESI+0C],00000000
MOV DWORD PTR DS:[ESI+8],EAX
MOV EAX,ESI
POP ESI
POP EBP
RETN
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
SUB ESP,10
PUSH ESI
MOV ESI,DWORD PTR SS:[ARG.2]
TEST ESI,ESI
JNE SHORT 0042E0A5
CALL 0042F1C3
MOV EAX,DWORD PTR DS:[EAX+8]
MOV DWORD PTR SS:[LOCAL.3],EAX
CALL 0042F19D

; [SystemIn

EB 08
8B06
8945 F4
8B46 04
837D F4 00
8945 F0
75 17
8B45 08
8D48 9F
83F9 19
0F87 CD000000
83E8 20
E9 C5000000
53
8B5D 08
81FB 00010000
73 21
85F6
75 10
53

JMP SHORT 0042E0AD


MOV EAX,DWORD PTR DS:[ESI]
MOV DWORD PTR SS:[LOCAL.3],EAX
MOV EAX,DWORD PTR DS:[ESI+4]
CMP DWORD PTR SS:[LOCAL.3],0
MOV DWORD PTR SS:[LOCAL.4],EAX
JNE SHORT 0042E0CD
MOV EAX,DWORD PTR SS:[ARG.1]
LEA ECX,[EAX-61]
CMP ECX,19
JA 0042E192
SUB EAX,20
JMP 0042E192
PUSH EBX
MOV EBX,DWORD PTR SS:[ARG.1]
CMP EBX,100
JNB SHORT 0042E0FA
TEST ESI,ESI
JNE SHORT 0042E0ED
PUSH EBX

; /Arg1 =>

E8 FD6B0000

CALL 00434CE0

; \SystemIn

59
85C0
75 16
E9 8E000000
8B46 08
F60458 02
0F84 81000000
85F6
75 1B
895D F8

POP ECX
TEST EAX,EAX
JNE SHORT 0042E0FE
JMP 0042E17B
MOV EAX,DWORD PTR DS:[ESI+8]
TEST BYTE PTR DS:[EBX*2+EAX],02
JE 0042E17B
TEST ESI,ESI
JNE SHORT 0042E119
MOV DWORD PTR SS:[LOCAL.2],EBX

0042E101 |. C17D F8 08
0042E105 |. E8 DD6A0000
0042E10A |. 0FB64D F8
0042E10E |. 0FB70448
0042E112 |. 25 00800000
0042E117 |. EB 1C
0042E119 |> 8B4E 08
0042E11C |. 895D F8
0042E11F |. C17D F8 08
0042E123 |. 8B45 F8
0042E126 |. 25 FF000000
0042E12B |. 0FBF0441
0042E12F |. C1E8 0F
0042E132 |. 83E0 01
0042E135 |> 85C0
0042E137 |. 74 12
0042E139 |. 8A45 F8
0042E13C |. 6A 02
0042E13E |. 8845 0C
0042E141 |. 885D 0D
0042E144 |. C645 0E 00
0042E148 |. 58
0042E149 |. EB 0A
0042E14B |> 33C0
0042E14D |. 885D 0C
0042E150 |. C645 0D 00
0042E154 |. 40
0042E155 |> 6A 01
0042E157 |. FF75 F0
[LOCAL.4]
0042E15A |. 8D4D FC
0042E15D |. 6A 03
0042E15F |. 51
OFFSET LOCAL.1
0042E160 |. 50
0042E161 |. 8D45 0C
0042E164 |. 50
OFFSET ARG.2
0042E165 |. 68 00020000
00
0042E16A |. FF75 F4
[LOCAL.3]
0042E16D |. 6A 00
0042E16F |. E8 2E6A0000
fo.00434BA2
0042E174 |. 83C4 24
0042E177 |. 85C0
0042E179 |. 75 04
0042E17B |> 8BC3
0042E17D |. EB 12
0042E17F |> 83F8 01
0042E182 |. 0FB645 FC
0042E186 |. 74 09
0042E188 |. 0FB64D FD
0042E18C |. C1E0 08
0042E18F |. 0BC1
0042E191 |> 5B
0042E192 |> 5E
0042E193 |. C9
0042E194 \. C3

SAR DWORD PTR SS:[LOCAL.2],8


CALL 00434BE7
MOVZX ECX,BYTE PTR SS:[LOCAL.2]
MOVZX EAX,WORD PTR DS:[ECX*2+EAX]
AND EAX,00008000
JMP SHORT 0042E135
MOV ECX,DWORD PTR DS:[ESI+8]
MOV DWORD PTR SS:[LOCAL.2],EBX
SAR DWORD PTR SS:[LOCAL.2],8
MOV EAX,DWORD PTR SS:[LOCAL.2]
AND EAX,000000FF
MOVSX EAX,WORD PTR DS:[EAX*2+ECX]
SHR EAX,0F
AND EAX,00000001
TEST EAX,EAX
JE SHORT 0042E14B
MOV AL,BYTE PTR SS:[LOCAL.2]
PUSH 2
MOV BYTE PTR SS:[ARG.2],AL
MOV BYTE PTR SS:[ARG.2+1],BL
MOV BYTE PTR SS:[ARG.2+2],0
POP EAX
JMP SHORT 0042E155
XOR EAX,EAX
MOV BYTE PTR SS:[ARG.2],BL
MOV BYTE PTR SS:[ARG.2+1],0
INC EAX
PUSH 1
PUSH DWORD PTR SS:[LOCAL.4]

; /Arg9 = 1
; |Arg8 =>

LEA ECX,[LOCAL.1]
PUSH 3
PUSH ECX

; |
; |Arg7 = 3
; |Arg6 =>

PUSH EAX
LEA EAX,[ARG.2]
PUSH EAX

; |Arg5
; |
; |Arg4 =>

PUSH 200

; |Arg3 = 2

PUSH DWORD PTR SS:[LOCAL.3]

; |Arg2 =>

PUSH 0
CALL 00434BA2

; |Arg1 = 0
; \SystemIn

ADD ESP,24
TEST EAX,EAX
JNE SHORT 0042E17F
MOV EAX,EBX
JMP SHORT 0042E191
CMP EAX,1
MOVZX EAX,BYTE PTR SS:[LOCAL.1]
JE SHORT 0042E191
MOVZX ECX,BYTE PTR SS:[LOCAL.1+1]
SHL EAX,8
OR EAX,ECX
POP EBX
POP ESI
LEAVE
RETN

0042E195 /$ 8BFF
o.0042E195(guessed Arg1)
0042E197 |. 55
0042E198 |. 8BEC
0042E19A |. FF75 08
0042E19D |. FF15 40814400
0042E1A3 |. 5D
0042E1A4 \. C3
0042E1A5 /$ 8BFF
o.0042E1A5(guessed Arg1)
0042E1A7 |. 55
0042E1A8 |. 8BEC
0042E1AA |. FF75 08
lSection => [ARG.1]
0042E1AD |. FF15 44814400
lDeleteCriticalSection
0042E1B3 |. 5D
0042E1B4 \. C3
0042E1B5 /$ 8BFF
0042E1B7 |. 55
0042E1B8 |. 8BEC
0042E1BA |. FF75 08
lSection => [ARG.1]
0042E1BD |. FF15 48814400
lEnterCriticalSection
0042E1C3 |. 5D
0042E1C4 \. C3
0042E1C5 /$ 8BFF
0042E1C7 |. 55
0042E1C8 |. 8BEC
0042E1CA |. FF75 08
lSection => [ARG.1]
0042E1CD |. FF15 4C814400
lLeaveCriticalSection
0042E1D3 |. 5D
0042E1D4 \. C3
0042E1D5 /$ 8BFF
0042E1D7 |. 55
0042E1D8 |. 8BEC
0042E1DA |. A1 34154500
0042E1DF |. 85C0
0042E1E1 |. 75 06
0042E1E3 |. 5D
0042E1E4 |. E9 3E600000
0042E1E9 |> 8B4D 08
0042E1EC |. 48
0042E1ED |. A3 34154500
0042E1F2 |. 890C85 882B45
0042E1F9 |. 5D
0042E1FA \. C3
0042E1FB /> EB 18
0042E1FD |> 8B0C85 882B45
0042E204 |. 40
0042E205 |. A3 34154500
0042E20A |. 85C9
0042E20C |. 74 0C
0042E20E |. FF1485 842B45
0042E215 |> A1 34154500
0042E21A |> 83F8 0A
0042E21D |.^ 72 DE

MOV EDI,EDI

; SystemInf

PUSH EBP
MOV EBP,ESP
PUSH DWORD PTR SS:[ARG.1]
CALL DWORD PTR DS:[<&KERNEL32.Initialize
POP EBP
RETN
MOV EDI,EDI
; SystemInf
PUSH EBP
MOV EBP,ESP
PUSH DWORD PTR SS:[ARG.1]

; /pCritica

CALL DWORD PTR DS:[<&KERNEL32.DeleteCrit ; \NTDLL.Rt


POP EBP
RETN
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
PUSH DWORD PTR SS:[ARG.1]

; /pCritica

CALL DWORD PTR DS:[<&KERNEL32.EnterCriti ; \NTDLL.Rt


POP EBP
RETN
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
PUSH DWORD PTR SS:[ARG.1]

; /pCritica

CALL DWORD PTR DS:[<&KERNEL32.LeaveCriti ; \NTDLL.Rt


POP EBP
RETN
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
MOV EAX,DWORD PTR DS:[451534]
TEST EAX,EAX
JNE SHORT 0042E1E9
POP EBP
JMP 00434227
MOV ECX,DWORD PTR SS:[ARG.1]
DEC EAX
MOV DWORD PTR DS:[451534],EAX
MOV DWORD PTR DS:[EAX*4+452B88],ECX
POP EBP
RETN
JMP SHORT 0042E215
MOV ECX,DWORD PTR DS:[EAX*4+452B88]
INC EAX
MOV DWORD PTR DS:[451534],EAX
TEST ECX,ECX
JE SHORT 0042E21A
CALL DWORD PTR DS:[EAX*4+452B84]
MOV EAX,DWORD PTR DS:[451534]
CMP EAX,0A
JB SHORT 0042E1FD

0042E21F \. C3
0042E220 /. 8BFF
0042E222 |. 53
0042E223 |. 56
0042E224 |. 57
0042E225 |. BB B82B4500
0042E22A |> 6A 00
0
0042E22C |. 53
0042E22D |. FF15 3C814400
.InterlockedExchange
0042E233 |. 8BF0
0042E235 |. 85F6
0042E237 |. 74 18
0042E239 |> FF76 08
0042E23C |. 8B3E
0042E23E |. E8 E62F0000
0042E243 |. 56
0042E244 |. E8 954F0000
fo.004331DE
0042E249 |. 59
0042E24A |. 59
0042E24B |. 8BF7
0042E24D |. 85FF
0042E24F |.^ 75 E8
0042E251 |> 83C3 04
0042E254 |. 81FB B02C4500
0042E25A |.^ 7C CE
0042E25C |. 5F
0042E25D |. 5E
0042E25E |. 5B
0042E25F \. C3
0042E260 /. 68 20E24200
ystemInfo.42E220
0042E265 |. E8 29510000
fo.00433393
0042E26A |. F7D8
0042E26C |. 1BC0
0042E26E |. 59
0042E26F |. 83E0 18
0042E272 \. C3
0042E273
CC
0042E274
CC
0042E275
CC
0042E276
CC
0042E277
CC
0042E278
CC
0042E279
CC
0042E27A
CC
0042E27B
CC
0042E27C
CC
0042E27D
CC
0042E27E
CC
0042E27F
CC
0042E280 /$ 8B4C24 04
o.0042E280(guessed Arg1)
0042E284 |. F7C1 03000000
0042E28A |. 74 24
0042E28C |> 8A01
0042E28E |. 83C1 01

RETN
MOV EDI,EDI
PUSH EBX
PUSH ESI
PUSH EDI
MOV EBX,OFFSET 00452BB8
/PUSH 0

; /Value =

|PUSH EBX
; |pTarget
|CALL DWORD PTR DS:[<&KERNEL32.Interlock ; \KERNEL32
|MOV ESI,EAX
|TEST ESI,ESI
|JE SHORT 0042E251
|/PUSH DWORD PTR DS:[ESI+8]
||MOV EDI,DWORD PTR DS:[ESI]
||CALL 00431229
||PUSH ESI
||CALL 004331DE

; /Arg1
; \SystemIn

||POP ECX
||POP ECX
||MOV ESI,EDI
||TEST EDI,EDI
|\JNE SHORT 0042E239
|ADD EBX,4
|CMP EBX,OFFSET 00452CB0
\JL SHORT 0042E22A
POP EDI
POP ESI
POP EBX
RETN
PUSH 0042E220

; /Arg1 = S

CALL 00433393

; \SystemIn

NEG EAX
SBB EAX,EAX
POP ECX
AND EAX,00000018
RETN
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
MOV ECX,DWORD PTR SS:[ARG.1]

; SystemInf

TEST ECX,00000003
JE SHORT 0042E2B0
/MOV AL,BYTE PTR DS:[ECX]
|ADD ECX,1

0042E291
0042E293
0042E295
0042E29B
0042E29D
0042E2A2
0042E2A9
0042E2B0
0042E2B2
0042E2B7
0042E2B9
0042E2BC
0042E2BE
0042E2C1
0042E2C6
0042E2C8
0042E2CB
0042E2CD
0042E2CF
0042E2D1
0042E2D3
0042E2D8
0042E2DA
0042E2DF
0042E2E1
0042E2E3
0042E2E6
0042E2EA
0042E2EC
0042E2ED
0042E2F0
0042E2F4
0042E2F6
0042E2F7
0042E2FA
0042E2FE
0042E300
0042E301
0042E304
0042E308
0042E30A
0042E30B
0042E30D
0042E30E
0042E310
0042E311
0042E312
0042E315
0042E318
0042E31B
0042E322
0042E324
0042E32A
0042E32D
0042E330
0042E333
0042E336
0042E338
0042E339
0042E33A

|.
|.
|.
|.^
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.^
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.^
|>
|.
|.
|.
|>
|.
|.
|.
|>
|.
|.
|.
|>
|.
|.
\.
/$
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
\.
/.
|.
\.

84C0
74 4E
F7C1 03000000
75 EF
05 00000000
8DA424 000000
8DA424 000000
8B01
BA FFFEFE7E
03D0
83F0 FF
33C2
83C1 04
A9 00010181
74 E8
8B41 FC
84C0
74 32
84E4
74 24
A9 0000FF00
74 13
A9 000000FF
74 02
EB CD
8D41 FF
8B4C24 04
2BC1
C3
8D41 FE
8B4C24 04
2BC1
C3
8D41 FD
8B4C24 04
2BC1
C3
8D41 FC
8B4C24 04
2BC1
C3
8BFF
55
8BEC
51
53
8B45 0C
83C0 0C
8945 FC
64:8B1D 00000
8B03
64:A3 0000000
8B45 08
8B5D 0C
8B6D FC
8B63 FC
FFE0
5B
C9
C2 0800

|TEST AL,AL
|JE SHORT 0042E2E3
|TEST ECX,00000003
\JNE SHORT 0042E28C
ADD EAX,0
LEA ESP,[ARG.RETADDR]
LEA ESP,[ARG.RETADDR]
/MOV EAX,DWORD PTR DS:[ECX]
|MOV EDX,7EFEFEFF
|ADD EDX,EAX
|XOR EAX,FFFFFFFF
|XOR EAX,EDX
|ADD ECX,4
|TEST EAX,81010100
|JE SHORT 0042E2B0
|MOV EAX,DWORD PTR DS:[ECX-4]
|TEST AL,AL
|JE SHORT 0042E301
|TEST AH,AH
|JE SHORT 0042E2F7
|TEST EAX,00FF0000
|JE SHORT 0042E2ED
|TEST EAX,FF000000
|JE SHORT 0042E2E3
\JMP SHORT 0042E2B0
LEA EAX,[ECX-1]
MOV ECX,DWORD PTR SS:[ARG.1]
SUB EAX,ECX
RETN
LEA EAX,[ECX-2]
MOV ECX,DWORD PTR SS:[ARG.1]
SUB EAX,ECX
RETN
LEA EAX,[ECX-3]
MOV ECX,DWORD PTR SS:[ARG.1]
SUB EAX,ECX
RETN
LEA EAX,[ECX-4]
MOV ECX,DWORD PTR SS:[ARG.1]
SUB EAX,ECX
RETN
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
PUSH ECX
PUSH EBX
MOV EAX,DWORD PTR SS:[EBP+0C]
ADD EAX,0C
MOV DWORD PTR SS:[EBP-4],EAX
MOV EBX,DWORD PTR FS:[0]
MOV EAX,DWORD PTR DS:[EBX]
MOV DWORD PTR FS:[0],EAX
MOV EAX,DWORD PTR SS:[EBP+8]
MOV EBX,DWORD PTR SS:[EBP+0C]
MOV EBP,DWORD PTR SS:[EBP-4]
MOV ESP,DWORD PTR DS:[EBX-4]
JMP EAX
POP EBX
LEAVE
RETN 8

0042E33D /$ 58
POP EAX
0042E33E |. 59
POP ECX
0042E33F |. 870424
XCHG DWORD PTR SS:[ESP],EAX
0042E342 \. FFE0
JMP EAX
0042E344 /$ 8BFF
MOV EDI,EDI
o.0042E344(guessed Arg1,Arg2)
0042E346 |. 55
PUSH EBP
0042E347 |. 8BEC
MOV EBP,ESP
0042E349 |. 51
PUSH ECX
0042E34A |. 51
PUSH ECX
0042E34B |. 53
PUSH EBX
0042E34C |. 56
PUSH ESI
0042E34D |. 57
PUSH EDI
0042E34E |. 64:8B35 00000 MOV ESI,DWORD PTR FS:[0]
0042E355 |. 8975 FC
MOV DWORD PTR SS:[LOCAL.1],ESI
0042E358 |. C745 F8 6FE34 MOV DWORD PTR SS:[LOCAL.2],0042E36F
0042E35F |. 6A 00
PUSH 0
0042E361 |. FF75 0C
PUSH DWORD PTR SS:[ARG.2]
0042E364 |. FF75 F8
PUSH DWORD PTR SS:[LOCAL.2]
0042E367 |. FF75 08
PUSH DWORD PTR SS:[ARG.1]
0042E36A |. E8 8F660100 CALL <JMP.&KERNEL32.RtlUnwind>
ernel32.RtlUnwind
0042E36F |. 8B45 0C
MOV EAX,DWORD PTR SS:[ARG.2]
0042E372 |. 8B40 04
MOV EAX,DWORD PTR DS:[EAX+4]
0042E375 |. 83E0 FD
AND EAX,FFFFFFFD
0042E378 |. 8B4D 0C
MOV ECX,DWORD PTR SS:[ARG.2]
0042E37B |. 8941 04
MOV DWORD PTR DS:[ECX+4],EAX
0042E37E |. 64:8B3D 00000 MOV EDI,DWORD PTR FS:[0]
0042E385 |. 8B5D FC
MOV EBX,DWORD PTR SS:[LOCAL.1]
0042E388 |. 893B
MOV DWORD PTR DS:[EBX],EDI
0042E38A |. 64:891D 00000 MOV DWORD PTR FS:[0],EBX
0042E391 |. 5F
POP EDI
0042E392 |. 5E
POP ESI
0042E393 |. 5B
POP EBX
0042E394 |. C9
LEAVE
0042E395 \. C2 0800
RETN 8
0042E398 /> 55
PUSH EBP
0042E399 |. 8BEC
MOV EBP,ESP
0042E39B |. 83EC 08
SUB ESP,8
0042E39E |. 53
PUSH EBX
0042E39F |. 56
PUSH ESI
0042E3A0 |. 57
PUSH EDI
0042E3A1 |. FC
CLD
0042E3A2 |. 8945 FC
MOV DWORD PTR SS:[EBP-4],EAX
0042E3A5 |. 33C0
XOR EAX,EAX
0042E3A7 |. 50
PUSH EAX
0
0042E3A8 |. 50
PUSH EAX
0
0042E3A9 |. 50
PUSH EAX
0
0042E3AA |. FF75 FC
PUSH DWORD PTR SS:[EBP-4]
0042E3AD |. FF75 14
PUSH DWORD PTR SS:[EBP+14]
0042E3B0 |. FF75 10
PUSH DWORD PTR SS:[EBP+10]
0042E3B3 |. FF75 0C
PUSH DWORD PTR SS:[EBP+0C]
0042E3B6 |. FF75 08
PUSH DWORD PTR SS:[EBP+8]
0042E3B9 |. E8 835D0000 CALL 00434141
fo.00434141
0042E3BE |. 83C4 20
ADD ESP,20
0042E3C1 |. 8945 F8
MOV DWORD PTR SS:[EBP-8],EAX

; SystemInf

; Jump to k

; /Arg8 =>
; |Arg7 =>
; |Arg6 =>
;
;
;
;
;
;

|Arg5
|Arg4
|Arg3
|Arg2
|Arg1
\SystemIn

0042E3C4 |. 5F
POP EDI
0042E3C5 |. 5E
POP ESI
0042E3C6 |. 5B
POP EBX
0042E3C7 |. 8B45 F8
MOV EAX,DWORD PTR SS:[EBP-8]
0042E3CA |. 8BE5
MOV ESP,EBP
0042E3CC |. 5D
POP EBP
0042E3CD \. C3
RETN
0042E3CE
8BFF
MOV EDI,EDI
0042E3D0 /. 55
PUSH EBP
0042E3D1 |. 8BEC
MOV EBP,ESP
0042E3D3 |. 56
PUSH ESI
0042E3D4 |. FC
CLD
0042E3D5 |. 8B75 0C
MOV ESI,DWORD PTR SS:[ARG.2]
0042E3D8 |. 8B4E 08
MOV ECX,DWORD PTR DS:[ESI+8]
0042E3DB |. 33CE
XOR ECX,ESI
0042E3DD |. E8 0F030000 CALL 0042E6F1
0042E3E2 |. 6A 00
PUSH 0
0042E3E4 |. 56
PUSH ESI
0042E3E5 |. FF76 14
PUSH DWORD PTR DS:[ESI+14]
0042E3E8 |. FF76 0C
PUSH DWORD PTR DS:[ESI+0C]
0042E3EB |. 6A 00
PUSH 0
0042E3ED |. FF75 10
PUSH DWORD PTR SS:[ARG.3]
[ARG.3]
0042E3F0 |. FF76 10
PUSH DWORD PTR DS:[ESI+10]
0042E3F3 |. FF75 08
PUSH DWORD PTR SS:[ARG.1]
[ARG.1]
0042E3F6 |. E8 465D0000 CALL 00434141
fo.00434141
0042E3FB |. 83C4 20
ADD ESP,20
0042E3FE |. 5E
POP ESI
0042E3FF |. 5D
POP EBP
0042E400 \. C3
RETN
0042E401 /$ 8BFF
MOV EDI,EDI
o.0042E401(guessed Arg1,Arg2,Arg3,Arg4,Arg5,Arg6,Arg7)
0042E403 |. 55
PUSH EBP
0042E404 |. 8BEC
MOV EBP,ESP
0042E406 |. 83EC 38
SUB ESP,38
0042E409 |. 53
PUSH EBX
0042E40A |. 817D 08 23010 CMP DWORD PTR SS:[ARG.1],123
0042E411 |. 75 12
JNE SHORT 0042E425
0042E413 |. B8 ACE44200 MOV EAX,0042E4AC
0042E418 |. 8B4D 0C
MOV ECX,DWORD PTR SS:[ARG.2]
0042E41B |. 8901
MOV DWORD PTR DS:[ECX],EAX
0042E41D |. 33C0
XOR EAX,EAX
0042E41F |. 40
INC EAX
0042E420 |. E9 B0000000 JMP 0042E4D5
0042E425 |> 8365 D8 00
AND DWORD PTR SS:[LOCAL.10],00000000
0042E429 |. C745 DC D8E44 MOV DWORD PTR SS:[LOCAL.9],0042E4D8
0042E430 |. A1 A0154500 MOV EAX,DWORD PTR DS:[4515A0]
0042E435 |. 8D4D D8
LEA ECX,[LOCAL.10]
0042E438 |. 33C1
XOR EAX,ECX
0042E43A |. 8945 E0
MOV DWORD PTR SS:[LOCAL.8],EAX
0042E43D |. 8B45 18
MOV EAX,DWORD PTR SS:[ARG.5]
0042E440 |. 8945 E4
MOV DWORD PTR SS:[LOCAL.7],EAX
0042E443 |. 8B45 0C
MOV EAX,DWORD PTR SS:[ARG.2]
0042E446 |. 8945 E8
MOV DWORD PTR SS:[LOCAL.6],EAX
0042E449 |. 8B45 1C
MOV EAX,DWORD PTR SS:[ARG.6]
0042E44C |. 8945 EC
MOV DWORD PTR SS:[LOCAL.5],EAX
0042E44F |. 8B45 20
MOV EAX,DWORD PTR SS:[ARG.7]
0042E452 |. 8945 F0
MOV DWORD PTR SS:[LOCAL.4],EAX

;
;
;
;
;
;

/Arg8 = 0
|Arg7
|Arg6
|Arg5
|Arg4 = 0
|Arg3 =>

; |Arg2
; |Arg1 =>
; \SystemIn

; SystemInf

0042E455 |.
0042E459 |.
0042E45D |.
0042E461 |.
0042E464 |.
0042E467 |.
0042E46D |.
0042E470 |.
0042E473 |.
0042E479 |.
0042E480 |.
0042E483 |.
0042E486 |.
0042E489 |.
0042E48C |.
fo.00435312
0042E491 |.
0042E497 |.
0042E49A |.
0042E49D |.
0042E49E |.
0042E4A1 |.
0042E4A3 |.
0042E4A6 |.
0042E4A7 |.
0042E4A8 |.
0042E4AC |.
0042E4B0 |.
0042E4B2 |.
0042E4B9 |.
0042E4BB |.
0042E4BE |.
0042E4C0 |.
0042E4C7 |.
0042E4C9 |>
0042E4CC |.
0042E4D2 |>
0042E4D5 |>
0042E4D6 |.
0042E4D7 \.
0042E4D8
0042E4DA /.
0042E4DB |.
0042E4DD |.
0042E4DE |.
0042E4DF |.
0042E4E0 |.
0042E4E3 |.
0042E4E6 |.
0042E4E9 |.
0042E4EE |.
0042E4F1 |.
0042E4F4 |.
0042E4F7 |.
0042E4F9 |.
0042E4FC |.
0042E503 |.
0042E505 |.
0042E506 |.
0042E508 |.

8365 F4 00
8365 F8 00
8365 FC 00
8965 F4
896D F8
64:A1 0000000
8945 D8
8D45 D8
64:A3 0000000
C745 C8 01000
8B45 08
8945 CC
8B45 10
8945 D0
E8 816E0000

AND DWORD PTR SS:[LOCAL.3],00000000


AND DWORD PTR SS:[LOCAL.2],00000000
AND DWORD PTR SS:[LOCAL.1],00000000
MOV DWORD PTR SS:[LOCAL.3],ESP
MOV DWORD PTR SS:[LOCAL.2],EBP
MOV EAX,DWORD PTR FS:[0]
MOV DWORD PTR SS:[LOCAL.10],EAX
LEA EAX,[LOCAL.10]
MOV DWORD PTR FS:[0],EAX
MOV DWORD PTR SS:[LOCAL.14],1
MOV EAX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR SS:[LOCAL.13],EAX
MOV EAX,DWORD PTR SS:[ARG.3]
MOV DWORD PTR SS:[LOCAL.12],EAX
CALL 00435312

8B80 80000000
8945 D4
8D45 CC
50
8B45 08
FF30
FF55 D4
59
59
8365 C8 00
837D FC 00
74 17
64:8B1D 00000
8B03
8B5D D8
8903
64:891D 00000
EB 09
8B45 D8
64:A3 0000000
8B45 C8
5B
C9
C3
8BFF
55
8BEC
51
53
FC
8B45 0C
8B48 08
334D 0C
E8 03020000
8B45 08
8B40 04
83E0 66
74 11
8B45 0C
C740 24 01000
33C0
40
EB 6C
EB 6A

MOV EAX,DWORD PTR DS:[EAX+80]


MOV DWORD PTR SS:[LOCAL.11],EAX
LEA EAX,[LOCAL.13]
PUSH EAX
MOV EAX,DWORD PTR SS:[ARG.1]
PUSH DWORD PTR DS:[EAX]
CALL DWORD PTR SS:[LOCAL.11]
POP ECX
POP ECX
AND DWORD PTR SS:[LOCAL.14],00000000
CMP DWORD PTR SS:[LOCAL.1],0
JE SHORT 0042E4C9
MOV EBX,DWORD PTR FS:[0]
MOV EAX,DWORD PTR DS:[EBX]
MOV EBX,DWORD PTR SS:[LOCAL.10]
MOV DWORD PTR DS:[EBX],EAX
MOV DWORD PTR FS:[0],EBX
JMP SHORT 0042E4D2
MOV EAX,DWORD PTR SS:[LOCAL.10]
MOV DWORD PTR FS:[0],EAX
MOV EAX,DWORD PTR SS:[LOCAL.14]
POP EBX
LEAVE
RETN
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
PUSH ECX
PUSH EBX
CLD
MOV EAX,DWORD PTR SS:[EBP+0C]
MOV ECX,DWORD PTR DS:[EAX+8]
XOR ECX,DWORD PTR SS:[EBP+0C]
CALL 0042E6F1
MOV EAX,DWORD PTR SS:[EBP+8]
MOV EAX,DWORD PTR DS:[EAX+4]
AND EAX,00000066
JE SHORT 0042E50A
MOV EAX,DWORD PTR SS:[EBP+0C]
MOV DWORD PTR DS:[EAX+24],1
XOR EAX,EAX
INC EAX
JMP SHORT 0042E574
JMP SHORT 0042E574

; [SystemIn

0042E50A |> 6A 01
PUSH 1
0042E50C |. 8B45 0C
MOV EAX,DWORD PTR SS:[EBP+0C]
0042E50F |. FF70 18
PUSH DWORD PTR DS:[EAX+18]
0042E512 |. 8B45 0C
MOV EAX,DWORD PTR SS:[EBP+0C]
0042E515 |. FF70 14
PUSH DWORD PTR DS:[EAX+14]
0042E518 |. 8B45 0C
MOV EAX,DWORD PTR SS:[EBP+0C]
0042E51B |. FF70 0C
PUSH DWORD PTR DS:[EAX+0C]
0042E51E |. 6A 00
PUSH 0
0042E520 |. FF75 10
PUSH DWORD PTR SS:[EBP+10]
0042E523 |. 8B45 0C
MOV EAX,DWORD PTR SS:[EBP+0C]
0042E526 |. FF70 10
PUSH DWORD PTR DS:[EAX+10]
0042E529 |. FF75 08
PUSH DWORD PTR SS:[EBP+8]
0042E52C |. E8 105C0000 CALL 00434141
fo.00434141
0042E531 |. 83C4 20
ADD ESP,20
0042E534 |. 8B45 0C
MOV EAX,DWORD PTR SS:[EBP+0C]
0042E537 |. 8378 24 00
CMP DWORD PTR DS:[EAX+24],0
0042E53B |. 75 0B
JNE SHORT 0042E548
0042E53D |. FF75 08
PUSH DWORD PTR SS:[EBP+8]
0042E540 |. FF75 0C
PUSH DWORD PTR SS:[EBP+0C]
0042E543 |. E8 FCFDFFFF CALL 0042E344
fo.0042E344
0042E548 |> 6A 00
PUSH 0
0042E54A |. 6A 00
PUSH 0
0042E54C |. 6A 00
PUSH 0
0042E54E |. 6A 00
PUSH 0
0042E550 |. 6A 00
PUSH 0
0042E552 |. 8D45 FC
LEA EAX,[EBP-4]
0042E555 |. 50
PUSH EAX
0042E556 |. 68 23010000 PUSH 123
23
0042E55B |. E8 A1FEFFFF CALL 0042E401
fo.0042E401
0042E560 |. 83C4 1C
ADD ESP,1C
0042E563 |. 8B45 FC
MOV EAX,DWORD PTR SS:[EBP-4]
0042E566 |. 8B5D 0C
MOV EBX,DWORD PTR SS:[EBP+0C]
0042E569 |. 8B63 1C
MOV ESP,DWORD PTR DS:[EBX+1C]
0042E56C |. 8B6B 20
MOV EBP,DWORD PTR DS:[EBX+20]
0042E56F \. FFE0
JMP EAX
0042E571 /. 33C0
XOR EAX,EAX
0042E573 |. 40
INC EAX
0042E574 |> 5B
POP EBX
0042E575 |. C9
LEAVE
0042E576 \. C3
RETN
0042E577 /$ 8BFF
MOV EDI,EDI
o.0042E577(guessed Arg1,Arg2,Arg3,Arg4,Arg5)
0042E579 |. 55
PUSH EBP
0042E57A |. 8BEC
MOV EBP,ESP
0042E57C |. 51
PUSH ECX
0042E57D |. 53
PUSH EBX
0042E57E |. 56
PUSH ESI
0042E57F |. 57
PUSH EDI
0042E580 |. 8B7D 08
MOV EDI,DWORD PTR SS:[ARG.1]
0042E583 |. 8B47 10
MOV EAX,DWORD PTR DS:[EDI+10]
0042E586 |. 8B77 0C
MOV ESI,DWORD PTR DS:[EDI+0C]
0042E589 |. 8945 FC
MOV DWORD PTR SS:[LOCAL.1],EAX
0042E58C |. 8BDE
MOV EBX,ESI
0042E58E |. EB 2D
JMP SHORT 0042E5BD
0042E590 |> 83FE FF
/CMP ESI,-1
0042E593 |. 75 05
|JNE SHORT 0042E59A

;
;
;
;
;
;
;
;
;
;
;
;
;

/Arg8 = 1
|
|Arg7
|
|Arg6
|
|Arg5
|Arg4 = 0
|Arg3
|
|Arg2
|Arg1
\SystemIn

; /Arg2
; |Arg1
; \SystemIn
;
;
;
;
;
;
;
;

/Arg7
|Arg6
|Arg5
|Arg4
|Arg3
|
|Arg2
|Arg1

=
=
=
=
=

0
0
0
0
0

= 1

; \SystemIn

; SystemInf

0042E595 |. E8 9A700000 |CALL 00435634


0042E59A |> 8B4D FC
|MOV ECX,DWORD PTR SS:[LOCAL.1]
0042E59D |. 4E
|DEC ESI
0042E59E |. 8BC6
|MOV EAX,ESI
0042E5A0 |. 6BC0 14
|IMUL EAX,EAX,14
0042E5A3 |. 03C1
|ADD EAX,ECX
0042E5A5 |. 8B4D 10
|MOV ECX,DWORD PTR SS:[ARG.3]
0042E5A8 |. 3948 04
|CMP DWORD PTR DS:[EAX+4],ECX
0042E5AB |. 7D 05
|JGE SHORT 0042E5B2
0042E5AD |. 3B48 08
|CMP ECX,DWORD PTR DS:[EAX+8]
0042E5B0 |. 7E 05
|JLE SHORT 0042E5B7
0042E5B2 |> 83FE FF
|CMP ESI,-1
0042E5B5 |. 75 09
|JNE SHORT 0042E5C0
0042E5B7 |> FF4D 0C
|DEC DWORD PTR SS:[ARG.2]
0042E5BA |. 8B5D 08
|MOV EBX,DWORD PTR SS:[ARG.1]
0042E5BD |> 8975 08
|MOV DWORD PTR SS:[ARG.1],ESI
0042E5C0 |> 837D 0C 00
|CMP DWORD PTR SS:[ARG.2],0
0042E5C4 |.^ 7D CA
\JGE SHORT 0042E590
0042E5C6 |. 8B45 14
MOV EAX,DWORD PTR SS:[ARG.4]
0042E5C9 |. 46
INC ESI
0042E5CA |. 8930
MOV DWORD PTR DS:[EAX],ESI
0042E5CC |. 8B45 18
MOV EAX,DWORD PTR SS:[ARG.5]
0042E5CF |. 8918
MOV DWORD PTR DS:[EAX],EBX
0042E5D1 |. 3B5F 0C
CMP EBX,DWORD PTR DS:[EDI+0C]
0042E5D4 |. 77 04
JA SHORT 0042E5DA
0042E5D6 |. 3BF3
CMP ESI,EBX
0042E5D8 |. 76 05
JBE SHORT 0042E5DF
0042E5DA |> E8 55700000 CALL 00435634
0042E5DF |> 8BC6
MOV EAX,ESI
0042E5E1 |. 6BC0 14
IMUL EAX,EAX,14
0042E5E4 |. 0345 FC
ADD EAX,DWORD PTR SS:[LOCAL.1]
0042E5E7 |. 5F
POP EDI
0042E5E8 |. 5E
POP ESI
0042E5E9 |. 5B
POP EBX
0042E5EA |. C9
LEAVE
0042E5EB \. C3
RETN
0042E5EC /$ 8BFF
MOV EDI,EDI
o.0042E5EC(guessed Arg1,Arg2)
0042E5EE |. 55
PUSH EBP
0042E5EF |. 8BEC
MOV EBP,ESP
0042E5F1 |. 8B45 0C
MOV EAX,DWORD PTR SS:[ARG.2]
0042E5F4 |. 56
PUSH ESI
0042E5F5 |. 8B75 08
MOV ESI,DWORD PTR SS:[ARG.1]
0042E5F8 |. 8906
MOV DWORD PTR DS:[ESI],EAX
0042E5FA |. E8 136D0000 CALL 00435312
fo.00435312
0042E5FF |. 8B80 98000000 MOV EAX,DWORD PTR DS:[EAX+98]
0042E605 |. 8946 04
MOV DWORD PTR DS:[ESI+4],EAX
0042E608 |. E8 056D0000 CALL 00435312
fo.00435312
0042E60D |. 89B0 98000000 MOV DWORD PTR DS:[EAX+98],ESI
0042E613 |. 8BC6
MOV EAX,ESI
0042E615 |. 5E
POP ESI
0042E616 |. 5D
POP EBP
0042E617 \. C3
RETN
0042E618 /$ 8BFF
MOV EDI,EDI
o.0042E618(guessed Arg1)
0042E61A |. 55
PUSH EBP
0042E61B |. 8BEC
MOV EBP,ESP
0042E61D |. E8 F06C0000 CALL 00435312

; SystemInf

; [SystemIn

; [SystemIn

; SystemInf

; [SystemIn

fo.00435312
0042E622 |. 8B80 98000000
0042E628 |. EB 0A
0042E62A |> 8B08
0042E62C |. 3B4D 08
0042E62F |. 74 0A
0042E631 |. 8B40 04
0042E634 |> 85C0
0042E636 |.^ 75 F2
0042E638 |. 40
0042E639 |. 5D
0042E63A |. C3
0042E63B |> 33C0
0042E63D |. 5D
0042E63E \. C3
0042E63F /$ 8BFF
o.0042E63F(guessed Arg1)
0042E641 |. 55
0042E642 |. 8BEC
0042E644 |. 56
0042E645 |. E8 C86C0000
fo.00435312
0042E64A |. 8B75 08
0042E64D |. 3BB0 98000000
0042E653 |. 75 11
0042E655 |. E8 B86C0000
fo.00435312
0042E65A |. 8B4E 04
0042E65D |. 8988 98000000
0042E663 |> 5E
0042E664 |. 5D
0042E665 |. C3
0042E666 |> E8 A76C0000
fo.00435312
0042E66B |. 8B80 98000000
0042E671 |. EB 09
0042E673 |> 8B48 04
0042E676 |. 3BF1
0042E678 |. 74 0F
0042E67A |. 8BC1
0042E67C |> 8378 04 00
0042E680 |.^ 75 F1
0042E682 |. 5E
0042E683 |. 5D
0042E684 |. E9 AB6F0000
0042E689 |> 8B4E 04
0042E68C |. 8948 04
0042E68F \.^ EB D2
0042E691 /$ 8BFF
0042E693 |. 55
0042E694 |. 8BEC
0042E696 |. 83EC 18
0042E699 |. A1 A0154500
0042E69E |. 8365 E8 00
0042E6A2 |. 8D4D E8
0042E6A5 |. 33C1
0042E6A7 |. 8B4D 08
0042E6AA |. 8945 F0
0042E6AD |. 8B45 0C
0042E6B0 |. 8945 F4

MOV EAX,DWORD PTR DS:[EAX+98]


JMP SHORT 0042E634
/MOV ECX,DWORD PTR DS:[EAX]
|CMP ECX,DWORD PTR SS:[ARG.1]
|JE SHORT 0042E63B
|MOV EAX,DWORD PTR DS:[EAX+4]
|TEST EAX,EAX
\JNE SHORT 0042E62A
INC EAX
POP EBP
RETN
XOR EAX,EAX
POP EBP
RETN
MOV EDI,EDI

; SystemInf

PUSH EBP
MOV EBP,ESP
PUSH ESI
CALL 00435312

; [SystemIn

MOV ESI,DWORD PTR SS:[ARG.1]


CMP ESI,DWORD PTR DS:[EAX+98]
JNE SHORT 0042E666
CALL 00435312

; [SystemIn

MOV ECX,DWORD PTR DS:[ESI+4]


MOV DWORD PTR DS:[EAX+98],ECX
POP ESI
POP EBP
RETN
CALL 00435312

; [SystemIn

MOV EAX,DWORD PTR DS:[EAX+98]


JMP SHORT 0042E67C
/MOV ECX,DWORD PTR DS:[EAX+4]
|CMP ESI,ECX
|JE SHORT 0042E689
|MOV EAX,ECX
|CMP DWORD PTR DS:[EAX+4],0
\JNE SHORT 0042E673
POP ESI
POP EBP
JMP 00435634
MOV ECX,DWORD PTR DS:[ESI+4]
MOV DWORD PTR DS:[EAX+4],ECX
JMP SHORT 0042E663
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
SUB ESP,18
MOV EAX,DWORD PTR DS:[4515A0]
AND DWORD PTR SS:[LOCAL.6],00000000
LEA ECX,[LOCAL.6]
XOR EAX,ECX
MOV ECX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR SS:[LOCAL.4],EAX
MOV EAX,DWORD PTR SS:[ARG.2]
MOV DWORD PTR SS:[LOCAL.3],EAX

0042E6B3 |. 8B45 14
0042E6B6 |. 40
0042E6B7 |. C745 EC CEE34
0042E6BE |. 894D F8
0042E6C1 |. 8945 FC
0042E6C4 |. 64:A1 0000000
0042E6CA |. 8945 E8
0042E6CD |. 8D45 E8
0042E6D0 |. 64:A3 0000000
SE handler 42E3CE
0042E6D6 |. FF75 18
[ARG.5]
0042E6D9 |. 51
[ARG.1]
0042E6DA |. FF75 10
[ARG.3]
0042E6DD |. E8 9E6F0000
fo.00435680
0042E6E2 |. 8BC8
0042E6E4 |. 8B45 E8
0042E6E7 |. 64:A3 0000000
0042E6ED |. 8BC1
0042E6EF |. C9
0042E6F0 \. C3
0042E6F1 /$ 3B0D A0154500
0042E6F7 |. 75 02
0042E6F9 \. F3:C3
0042E6FB > E9 CC6F0000
0042E700 /$ 51
0042E701 |. 8D4C24 04
0042E705 |. 2BC8
0042E707 |. 1BC0
0042E709 |. F7D0
0042E70B |. 23C8
0042E70D |. 8BC4
0042E70F |. 25 00F0FFFF
0042E714 |> 3BC8
0042E716 |. 72 0A
0042E718 |. 8BC1
0042E71A |. 59
0042E71B |. 94
0042E71C |. 8B00
0042E71E |. 890424
0042E721 |. C3
0042E722 |> 2D 00100000
0042E727 |. 8500
0042E729 \.^ EB E9
0042E72B /$ 8BFF
0042E72D |. 55
0042E72E |. 8BEC
0042E730 |. 8B45 08
0042E733 |. A3 B02C4500
0042E738 |. 5D
0042E739 \. C3
0042E73A /$ 8BFF
0042E73C |. 55
0042E73D |. 8BEC
0042E73F |. 81EC 28030000
0042E745 |. A1 A0154500
0042E74A |. 33C5

MOV
INC
MOV
MOV
MOV
MOV
MOV
LEA
MOV

EAX,DWORD PTR SS:[ARG.4]


EAX
DWORD PTR SS:[LOCAL.5],0042E3CE
DWORD PTR SS:[LOCAL.2],ECX
DWORD PTR SS:[LOCAL.1],EAX
EAX,DWORD PTR FS:[0]
DWORD PTR SS:[LOCAL.6],EAX
EAX,[LOCAL.6]
DWORD PTR FS:[0],EAX

; Installs

PUSH DWORD PTR SS:[ARG.5]

; /Arg3 =>

PUSH ECX

; |Arg2 =>

PUSH DWORD PTR SS:[ARG.3]

; |Arg1 =>

CALL 00435680

; \SystemIn

MOV ECX,EAX
MOV EAX,DWORD PTR SS:[LOCAL.6]
MOV DWORD PTR FS:[0],EAX
MOV EAX,ECX
LEAVE
RETN
CMP ECX,DWORD PTR DS:[4515A0]
JNE SHORT 0042E6FB
REP RETN
JMP 004356CC
PUSH ECX
LEA ECX,[ESP+4]
SUB ECX,EAX
SBB EAX,EAX
NOT EAX
AND ECX,EAX
MOV EAX,ESP
AND EAX,FFFFF000
/CMP ECX,EAX
|JB SHORT 0042E722
|MOV EAX,ECX
|POP ECX
|XCHG EAX,ESP
|MOV EAX,DWORD PTR DS:[EAX]
|MOV DWORD PTR SS:[ARG.RETADDR],EAX
|RETN
|SUB EAX,1000
|TEST DWORD PTR DS:[EAX],EAX
\JMP SHORT 0042E714
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
MOV EAX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR DS:[452CB0],EAX
POP EBP
RETN
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
SUB ESP,328
MOV EAX,DWORD PTR DS:[4515A0]
XOR EAX,EBP

0042E74C |. 8945 FC
MOV DWORD PTR SS:[EBP-4],EAX
0042E74F |. 83A5 D8FCFFFF AND DWORD PTR SS:[EBP-328],00000000
0042E756 |. 53
PUSH EBX
0042E757 |. 6A 4C
PUSH 4C
C
0042E759 |. 8D85 DCFCFFFF LEA EAX,[EBP-324]
0042E75F |. 6A 00
PUSH 0
0042E761 |. 50
PUSH EAX
0042E762 |. E8 39010000 CALL 0042E8A0
fo.0042E8A0
0042E767 |. 8D85 D8FCFFFF LEA EAX,[EBP-328]
0042E76D |. 8985 28FDFFFF MOV DWORD PTR SS:[EBP-2D8],EAX
0042E773 |. 8D85 30FDFFFF LEA EAX,[EBP-2D0]
0042E779 |. 83C4 0C
ADD ESP,0C
0042E77C |. 8985 2CFDFFFF MOV DWORD PTR SS:[EBP-2D4],EAX
0042E782 |. 8985 E0FDFFFF MOV DWORD PTR SS:[EBP-220],EAX
0042E788 |. 898D DCFDFFFF MOV DWORD PTR SS:[EBP-224],ECX
0042E78E |. 8995 D8FDFFFF MOV DWORD PTR SS:[EBP-228],EDX
0042E794 |. 899D D4FDFFFF MOV DWORD PTR SS:[EBP-22C],EBX
0042E79A |. 89B5 D0FDFFFF MOV DWORD PTR SS:[EBP-230],ESI
0042E7A0 |. 89BD CCFDFFFF MOV DWORD PTR SS:[EBP-234],EDI
0042E7A6 |. 66:8C95 F8FDF MOV WORD PTR SS:[EBP-208],SS
us operand size prefix
0042E7AD |. 66:8C8D ECFDF MOV WORD PTR SS:[EBP-214],CS
us operand size prefix
0042E7B4 |. 66:8C9D C8FDF MOV WORD PTR SS:[EBP-238],DS
us operand size prefix
0042E7BB |. 66:8C85 C4FDF MOV WORD PTR SS:[EBP-23C],ES
us operand size prefix
0042E7C2 |. 66:8CA5 C0FDF MOV WORD PTR SS:[EBP-240],FS
us operand size prefix
0042E7C9 |. 66:8CAD BCFDF MOV WORD PTR SS:[EBP-244],GS
us operand size prefix
0042E7D0 |. 9C
PUSHFD
0042E7D1 |. 8F85 F0FDFFFF POP DWORD PTR SS:[EBP-210]
0042E7D7 |. 8B45 04
MOV EAX,DWORD PTR SS:[EBP+4]
0042E7DA |. 8D4D 04
LEA ECX,[EBP+4]
0042E7DD |. C785 30FDFFFF MOV DWORD PTR SS:[EBP-2D0],10001
0042E7E7 |. 8985 E8FDFFFF MOV DWORD PTR SS:[EBP-218],EAX
0042E7ED |. 898D F4FDFFFF MOV DWORD PTR SS:[EBP-20C],ECX
0042E7F3 |. 8B49 FC
MOV ECX,DWORD PTR DS:[ECX-4]
0042E7F6 |. 898D E4FDFFFF MOV DWORD PTR SS:[EBP-21C],ECX
0042E7FC |. C785 D8FCFFFF MOV DWORD PTR SS:[EBP-328],C0000417
0042E806 |. C785 DCFCFFFF MOV DWORD PTR SS:[EBP-324],1
0042E810 |. 8985 E4FCFFFF MOV DWORD PTR SS:[EBP-31C],EAX
0042E816 |. FF15 68814400 CALL DWORD PTR DS:[<&KERNEL32.IsDebugger
.IsDebuggerPresent
0042E81C |. 6A 00
PUSH 0
00000000
0042E81E |. 8BD8
MOV EBX,EAX
0042E820 |. FF15 64814400 CALL DWORD PTR DS:[<&KERNEL32.SetUnhandl
.SetUnhandledExceptionFilter
0042E826 |. 8D85 28FDFFFF LEA EAX,[EBP-2D8]
0042E82C |. 50
PUSH EAX
onInfo
0042E82D |. FF15 60814400 CALL DWORD PTR DS:[<&KERNEL32.UnhandledE
.UnhandledExceptionFilter
0042E833 |. 85C0
TEST EAX,EAX
0042E835 |. 75 0C
JNE SHORT 0042E843
0042E837 |. 85DB
TEST EBX,EBX

; /Arg3 = 4
;
;
;
;

|
|Arg2 = 0
|Arg1
\SystemIn

; Superfluo
; Superfluo
; Superfluo
; Superfluo
; Superfluo
; Superfluo

; [KERNEL32
; /Filter =
; |
; \KERNEL32
; /pExcepti
; \KERNEL32

0042E839 |. 75 08
JNE SHORT 0042E843
0042E83B |. 6A 02
PUSH 2
0042E83D |. E8 906F0000 CALL 004357D2
fo.004357D2
0042E842 |. 59
POP ECX
0042E843 |> 68 170400C0 PUSH C0000417
= 3221226519.
0042E848 |. FF15 5C814400 CALL DWORD PTR DS:[<&KERNEL32.GetCurrent
2.GetCurrentProcess
0042E84E |. 50
PUSH EAX
0042E84F |. FF15 58814400 CALL DWORD PTR DS:[<&KERNEL32.TerminateP
.TerminateProcess
0042E855 |. 8B4D FC
MOV ECX,DWORD PTR SS:[EBP-4]
0042E858 |. 33CD
XOR ECX,EBP
0042E85A |. 5B
POP EBX
0042E85B |. E8 91FEFFFF CALL 0042E6F1
0042E860 |. C9
LEAVE
0042E861 |. C3
RETN
0042E862 |$ 8BFF
MOV EDI,EDI
o.0042E862(guessed Arg1,Arg2,Arg3,Arg4,Arg5)
0042E864 |. 55
PUSH EBP
0042E865 |. 8BEC
MOV EBP,ESP
0042E867 |. FF35 B02C4500 PUSH DWORD PTR DS:[452CB0]
0042E86D |. E8 54680000 CALL 004350C6
fo.004350C6
0042E872 |. 59
POP ECX
0042E873 |. 85C0
TEST EAX,EAX
0042E875 |. 74 03
JE SHORT 0042E87A
0042E877 |. 5D
POP EBP
0042E878 |. FFE0
JMP EAX
0042E87A |> 6A 02
PUSH 2
0042E87C |. E8 516F0000 CALL 004357D2
fo.004357D2
0042E881 |. 59
POP ECX
0042E882 |. 5D
POP EBP
0042E883 \.^ E9 B2FEFFFF JMP 0042E73A
0042E888 /$ 33C0
XOR EAX,EAX
0042E88A |. 50
PUSH EAX
0
0042E88B |. 50
PUSH EAX
0
0042E88C |. 50
PUSH EAX
0
0042E88D |. 50
PUSH EAX
0
0042E88E |. 50
PUSH EAX
0
0042E88F |. E8 CEFFFFFF CALL 0042E862
fo.0042E862
0042E894 |. 83C4 14
ADD ESP,14
0042E897 \. C3
RETN
0042E898
CC
INT3
0042E899
CC
INT3
0042E89A
CC
INT3
0042E89B
CC
INT3
0042E89C
CC
INT3
0042E89D
CC
INT3
0042E89E
CC
INT3
0042E89F
CC
INT3
0042E8A0 /$ 8B5424 0C
MOV EDX,DWORD PTR SS:[ARG.3]

; /Arg1 = 2
; \SystemIn
; /ExitCode
; |[KERNEL3
; |hProcess
; \KERNEL32

; SystemInf

; /Arg1 = 0
; \SystemIn

; /Arg1 = 2
; \SystemIn

; /Arg5 =>
; |Arg4 =>
; |Arg3 =>
; |Arg2 =>
; |Arg1 =>
; \SystemIn

; SystemInf

o.0042E8A0(guessed Arg1,Arg2,Arg3)
0042E8A4 |. 8B4C24 04
MOV ECX,DWORD PTR SS:[ARG.1]
0042E8A8 |. 85D2
TEST EDX,EDX
0042E8AA |. 74 69
JE SHORT 0042E915
0042E8AC |. 33C0
XOR EAX,EAX
0042E8AE |. 8A4424 08
MOV AL,BYTE PTR SS:[ARG.2]
0042E8B2 |. 84C0
TEST AL,AL
0042E8B4 |. 75 16
JNE SHORT 0042E8CC
0042E8B6 |. 81FA 00010000 CMP EDX,100
0042E8BC |. 72 0E
JB SHORT 0042E8CC
0042E8BE |. 833D D8484500 CMP DWORD PTR DS:[4548D8],0
0042E8C5 |. 74 05
JE SHORT 0042E8CC
0042E8C7 |. E9 656F0000 JMP 00435831
0042E8CC |> 57
PUSH EDI
0042E8CD |. 8BF9
MOV EDI,ECX
0042E8CF |. 83FA 04
CMP EDX,4
0042E8D2 |. 72 31
JB SHORT 0042E905
0042E8D4 |. F7D9
NEG ECX
0042E8D6 |. 83E1 03
AND ECX,00000003
0042E8D9 |. 74 0C
JE SHORT 0042E8E7
0042E8DB |. 2BD1
SUB EDX,ECX
0042E8DD |> 8807
/MOV BYTE PTR DS:[EDI],AL
0042E8DF |. 83C7 01
|ADD EDI,1
0042E8E2 |. 83E9 01
|SUB ECX,1
0042E8E5 |.^ 75 F6
\JNE SHORT 0042E8DD
0042E8E7 |> 8BC8
MOV ECX,EAX
0042E8E9 |. C1E0 08
SHL EAX,8
0042E8EC |. 03C1
ADD EAX,ECX
0042E8EE |. 8BC8
MOV ECX,EAX
0042E8F0 |. C1E0 10
SHL EAX,10
0042E8F3 |. 03C1
ADD EAX,ECX
0042E8F5 |. 8BCA
MOV ECX,EDX
0042E8F7 |. 83E2 03
AND EDX,00000003
0042E8FA |. C1E9 02
SHR ECX,2
0042E8FD |. 74 06
JE SHORT 0042E905
0042E8FF |. F3:AB
REP STOS DWORD PTR ES:[EDI]
0042E901 |. 85D2
TEST EDX,EDX
0042E903 |. 74 0A
JE SHORT 0042E90F
0042E905 |> 8807
/MOV BYTE PTR DS:[EDI],AL
0042E907 |. 83C7 01
|ADD EDI,1
0042E90A |. 83EA 01
|SUB EDX,1
0042E90D |.^ 75 F6
\JNE SHORT 0042E905
0042E90F |> 8B4424 08
MOV EAX,DWORD PTR SS:[ARG.1]
0042E913 |. 5F
POP EDI
0042E914 |. C3
RETN
0042E915 |> 8B4424 04
MOV EAX,DWORD PTR SS:[ARG.1]
0042E919 \. C3
RETN
0042E91A /$ 8BFF
MOV EDI,EDI
0042E91C |. 55
PUSH EBP
0042E91D |. 8BEC
MOV EBP,ESP
0042E91F |. 5D
POP EBP
0042E920 \. E9 B9480000 JMP 004331DE
0042E925 /$ 8BFF
MOV EDI,EDI
o.0042E925(guessed Arg1,Arg2)
0042E927 |. 55
PUSH EBP
0042E928 |. 8BEC
MOV EBP,ESP
0042E92A |. 83EC 20
SUB ESP,20
0042E92D |. 8B45 08
MOV EAX,DWORD PTR SS:[ARG.1]
0042E930 |. 56
PUSH ESI
0042E931 |. 57
PUSH EDI

; SystemInf

0042E932 |. 6A 08
PUSH 8
0042E934 |. 59
POP ECX
0042E935 |. BE 989D4400 MOV ESI,OFFSET 00449D98
0042E93A |. 8D7D E0
LEA EDI,[LOCAL.8]
0042E93D |. F3:A5
REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS
0042E93F |. 8945 F8
MOV DWORD PTR SS:[LOCAL.2],EAX
0042E942 |. 8B45 0C
MOV EAX,DWORD PTR SS:[ARG.2]
0042E945 |. 5F
POP EDI
0042E946 |. 8945 FC
MOV DWORD PTR SS:[LOCAL.1],EAX
0042E949 |. 5E
POP ESI
0042E94A |. 85C0
TEST EAX,EAX
0042E94C |. 74 0C
JE SHORT 0042E95A
0042E94E |. F600 08
TEST BYTE PTR DS:[EAX],08
0042E951 |. 74 07
JE SHORT 0042E95A
0042E953 |. C745 F4 00409 MOV DWORD PTR SS:[LOCAL.3],1994000
0042E95A |> 8D45 F4
LEA EAX,[LOCAL.3]
0042E95D |. 50
PUSH EAX
s => OFFSET LOCAL.3
0042E95E |. FF75 F0
PUSH DWORD PTR SS:[LOCAL.4]
=> [LOCAL.4]
0042E961 |. FF75 E4
PUSH DWORD PTR SS:[LOCAL.7]
[LOCAL.7]
0042E964 |. FF75 E0
PUSH DWORD PTR SS:[LOCAL.8]
[LOCAL.8]
0042E967 |. FF15 6C814400 CALL DWORD PTR DS:[<&KERNEL32.RaiseExcep
.RaiseException
0042E96D |. C9
LEAVE
0042E96E \. C2 0800
RETN 8
0042E971
CC
INT3
0042E972
CC
INT3
0042E973
CC
INT3
0042E974
CC
INT3
0042E975
CC
INT3
0042E976
CC
INT3
0042E977
CC
INT3
0042E978
CC
INT3
0042E979
CC
INT3
0042E97A
CC
INT3
0042E97B
CC
INT3
0042E97C
CC
INT3
0042E97D
CC
INT3
0042E97E
CC
INT3
0042E97F
CC
INT3
0042E980 /$ 8B5424 04
MOV EDX,DWORD PTR SS:[ARG.1]
o.0042E980(guessed Arg1,Arg2)
0042E984 |. 8B4C24 08
MOV ECX,DWORD PTR SS:[ARG.2]
0042E988 |. F7C2 03000000 TEST EDX,00000003
0042E98E |. 75 3C
JNE SHORT 0042E9CC
0042E990 |> 8B02
MOV EAX,DWORD PTR DS:[EDX]
0042E992 |. 3A01
CMP AL,BYTE PTR DS:[ECX]
0042E994 |. 75 2E
JNE SHORT 0042E9C4
0042E996 |. 0AC0
OR AL,AL
0042E998 |. 74 26
JE SHORT 0042E9C0
0042E99A |. 3A61 01
CMP AH,BYTE PTR DS:[ECX+1]
0042E99D |. 75 25
JNE SHORT 0042E9C4
0042E99F |. 0AE4
OR AH,AH
0042E9A1 |. 74 1D
JE SHORT 0042E9C0
0042E9A3 |. C1E8 10
SHR EAX,10
0042E9A6 |. 3A41 02
CMP AL,BYTE PTR DS:[ECX+2]
0042E9A9 |. 75 19
JNE SHORT 0042E9C4

; /Argument
; |ArgCount
; |Flags =>
; |Code =>
; \KERNEL32

; SystemInf

0042E9AB |. 0AC0
OR AL,AL
0042E9AD |. 74 11
JE SHORT 0042E9C0
0042E9AF |. 3A61 03
CMP AH,BYTE PTR DS:[ECX+3]
0042E9B2 |. 75 10
JNE SHORT 0042E9C4
0042E9B4 |. 83C1 04
ADD ECX,4
0042E9B7 |. 83C2 04
ADD EDX,4
0042E9BA |. 0AE4
OR AH,AH
0042E9BC |.^ 75 D2
JNE SHORT 0042E990
0042E9BE |. 8BFF
MOV EDI,EDI
0042E9C0 |> 33C0
XOR EAX,EAX
0042E9C2 |. C3
RETN
0042E9C3 | 90
NOP
0042E9C4 |> 1BC0
SBB EAX,EAX
0042E9C6 |. D1E0
SHL EAX,1
0042E9C8 |. 83C0 01
ADD EAX,1
0042E9CB |. C3
RETN
0042E9CC |> F7C2 01000000 TEST EDX,00000001
0042E9D2 |. 74 18
JE SHORT 0042E9EC
0042E9D4 |. 8A02
MOV AL,BYTE PTR DS:[EDX]
0042E9D6 |. 83C2 01
ADD EDX,1
0042E9D9 |. 3A01
CMP AL,BYTE PTR DS:[ECX]
0042E9DB |.^ 75 E7
JNE SHORT 0042E9C4
0042E9DD |. 83C1 01
ADD ECX,1
0042E9E0 |. 0AC0
OR AL,AL
0042E9E2 |.^ 74 DC
JE SHORT 0042E9C0
0042E9E4 |. F7C2 02000000 TEST EDX,00000002
0042E9EA |.^ 74 A4
JE SHORT 0042E990
0042E9EC |> 66:8B02
MOV AX,WORD PTR DS:[EDX]
0042E9EF |. 83C2 02
ADD EDX,2
0042E9F2 |. 3A01
CMP AL,BYTE PTR DS:[ECX]
0042E9F4 |.^ 75 CE
JNE SHORT 0042E9C4
0042E9F6 |. 0AC0
OR AL,AL
0042E9F8 |.^ 74 C6
JE SHORT 0042E9C0
0042E9FA |. 3A61 01
CMP AH,BYTE PTR DS:[ECX+1]
0042E9FD |.^ 75 C5
JNE SHORT 0042E9C4
0042E9FF |. 0AE4
OR AH,AH
0042EA01 |.^ 74 BD
JE SHORT 0042E9C0
0042EA03 |. 83C1 02
ADD ECX,2
0042EA06 \.^ EB 88
JMP SHORT 0042E990
0042EA08 /$ 8BFF
MOV EDI,EDI
o.0042EA08(guessed Arg1,Arg2,Arg3,Arg4)
0042EA0A |. 55
PUSH EBP
0042EA0B |. 8BEC
MOV EBP,ESP
0042EA0D |. 56
PUSH ESI
0042EA0E |. 8B75 14
MOV ESI,DWORD PTR SS:[ARG.4]
0042EA11 |. 57
PUSH EDI
0042EA12 |. 33FF
XOR EDI,EDI
0042EA14 |. 3BF7
CMP ESI,EDI
0042EA16 |. 75 04
JNE SHORT 0042EA1C
0042EA18 |> 33C0
XOR EAX,EAX
0042EA1A |. EB 65
JMP SHORT 0042EA81
0042EA1C |> 397D 08
CMP DWORD PTR SS:[ARG.1],EDI
0042EA1F |. 75 1B
JNE SHORT 0042EA3C
0042EA21 |> E8 D7590000 CALL 004343FD
fo.004343FD
0042EA26 |. 6A 16
PUSH 16
0042EA28 |. 5E
POP ESI
0042EA29 |. 8930
MOV DWORD PTR DS:[EAX],ESI
0042EA2B |> 57
PUSH EDI
0042EA2C |. 57
PUSH EDI

; SystemInf

; [SystemIn

; /Arg5
; |Arg4

0042EA2D |. 57
0042EA2E |. 57
0042EA2F |. 57
0042EA30 |. E8 2DFEFFFF
fo.0042E862
0042EA35 |. 83C4 14
0042EA38 |. 8BC6
0042EA3A |. EB 45
0042EA3C |> 397D 10
0042EA3F |. 74 16
0042EA41 |. 3975 0C
0042EA44 |. 72 11
0042EA46 |. 56
[ARG.4]
0042EA47 |. FF75 10
[ARG.3]
0042EA4A |. FF75 08
[ARG.1]
0042EA4D |. E8 9E070000
fo.0042F1F0
0042EA52 |. 83C4 0C
0042EA55 |.^ EB C1
0042EA57 |> FF75 0C
[ARG.2]
0042EA5A |. 57
0
0042EA5B |. FF75 08
[ARG.1]
0042EA5E |. E8 3DFEFFFF
fo.0042E8A0
0042EA63 |. 83C4 0C
0042EA66 |. 397D 10
0042EA69 |.^ 74 B6
0042EA6B |. 3975 0C
0042EA6E |. 73 0E
0042EA70 |. E8 88590000
fo.004343FD
0042EA75 |. 6A 22
0042EA77 |. 59
0042EA78 |. 8908
0042EA7A |. 8BF1
0042EA7C |.^ EB AD
0042EA7E |> 6A 16
0042EA80 |. 58
0042EA81 |> 5F
0042EA82 |. 5E
0042EA83 |. 5D
0042EA84 \. C3
0042EA85 /$ 8BC1
o.0042EA85(guessed void)
0042EA87 |. 8360 04 00
0042EA8B |. 8360 08 00
0042EA8F |. C700 BC9D4400
0042EA95 \. C3
0042EA96 /$ 8BFF
o.0042EA96(guessed Arg1)
0042EA98 |. 55
0042EA99 |. 8BEC
0042EA9B |. 53
0042EA9C |. 8B5D 08

PUSH
PUSH
PUSH
CALL

EDI
EDI
EDI
0042E862

;
;
;
;

|Arg3
|Arg2
|Arg1
\SystemIn

ADD ESP,14
MOV EAX,ESI
JMP SHORT 0042EA81
CMP DWORD PTR SS:[ARG.3],EDI
JE SHORT 0042EA57
CMP DWORD PTR SS:[ARG.2],ESI
JB SHORT 0042EA57
PUSH ESI

; /Arg3 =>

PUSH DWORD PTR SS:[ARG.3]

; |Arg2 =>

PUSH DWORD PTR SS:[ARG.1]

; |Arg1 =>

CALL 0042F1F0

; \SystemIn

ADD ESP,0C
JMP SHORT 0042EA18
PUSH DWORD PTR SS:[ARG.2]

; /Arg3 =>

PUSH EDI

; |Arg2 =>

PUSH DWORD PTR SS:[ARG.1]

; |Arg1 =>

CALL 0042E8A0

; \SystemIn

ADD ESP,0C
CMP DWORD PTR SS:[ARG.3],EDI
JE SHORT 0042EA21
CMP DWORD PTR SS:[ARG.2],ESI
JNB SHORT 0042EA7E
CALL 004343FD

; [SystemIn

PUSH 22
POP ECX
MOV DWORD PTR DS:[EAX],ECX
MOV ESI,ECX
JMP SHORT 0042EA2B
PUSH 16
POP EAX
POP EDI
POP ESI
POP EBP
RETN
MOV EAX,ECX

; SystemInf

AND DWORD PTR DS:[EAX+4],00000000


AND DWORD PTR DS:[EAX+8],00000000
MOV DWORD PTR DS:[EAX],OFFSET 00449DBC
RETN
MOV EDI,EDI

; SystemInf

PUSH EBP
MOV EBP,ESP
PUSH EBX
MOV EBX,DWORD PTR SS:[ARG.1]

0042EA9F |. 56
PUSH ESI
0042EAA0 |. 57
PUSH EDI
0042EAA1 |. 8BF9
MOV EDI,ECX
0042EAA3 |. C707 BC9D4400 MOV DWORD PTR DS:[EDI],OFFSET 00449DBC
0042EAA9 |. 8B03
MOV EAX,DWORD PTR DS:[EBX]
0042EAAB |. 85C0
TEST EAX,EAX
0042EAAD |. 74 26
JE SHORT 0042EAD5
0042EAAF |. 50
PUSH EAX
0042EAB0 |. E8 CBF7FFFF CALL 0042E280
fo.0042E280
0042EAB5 |. 8BF0
MOV ESI,EAX
0042EAB7 |. 46
INC ESI
0042EAB8 |. 56
PUSH ESI
0042EAB9 |. E8 786F0000 CALL 00435A36
fo.00435A36
0042EABE |. 59
POP ECX
0042EABF |. 59
POP ECX
0042EAC0 |. 8947 04
MOV DWORD PTR DS:[EDI+4],EAX
0042EAC3 |. 85C0
TEST EAX,EAX
0042EAC5 |. 74 12
JE SHORT 0042EAD9
0042EAC7 |. FF33
PUSH DWORD PTR DS:[EBX]
0042EAC9 |. 56
PUSH ESI
0042EACA |. 50
PUSH EAX
0042EACB |. E8 AF6E0000 CALL 0043597F
fo.0043597F
0042EAD0 |. 83C4 0C
ADD ESP,0C
0042EAD3 |. EB 04
JMP SHORT 0042EAD9
0042EAD5 |> 8367 04 00
AND DWORD PTR DS:[EDI+4],00000000
0042EAD9 |> C747 08 01000 MOV DWORD PTR DS:[EDI+8],1
0042EAE0 |. 8BC7
MOV EAX,EDI
0042EAE2 |. 5F
POP EDI
0042EAE3 |. 5E
POP ESI
0042EAE4 |. 5B
POP EBX
0042EAE5 |. 5D
POP EBP
0042EAE6 \. C2 0400
RETN 4
0042EAE9 /$ 8BFF
MOV EDI,EDI
o.0042EAE9(guessed Arg1,Arg2)
0042EAEB |. 55
PUSH EBP
0042EAEC |. 8BEC
MOV EBP,ESP
0042EAEE |. 8BC1
MOV EAX,ECX
0042EAF0 |. 8B4D 08
MOV ECX,DWORD PTR SS:[ARG.1]
0042EAF3 |. C700 BC9D4400 MOV DWORD PTR DS:[EAX],OFFSET 00449DBC
0042EAF9 |. 8B09
MOV ECX,DWORD PTR DS:[ECX]
0042EAFB |. 8360 08 00
AND DWORD PTR DS:[EAX+8],00000000
0042EAFF |. 8948 04
MOV DWORD PTR DS:[EAX+4],ECX
0042EB02 |. 5D
POP EBP
0042EB03 \. C2 0800
RETN 8
0042EB06 /$ 8BFF
MOV EDI,EDI
o.0042EB06(guessed Arg1)
0042EB08 |. 55
PUSH EBP
0042EB09 |. 8BEC
MOV EBP,ESP
0042EB0B |. 53
PUSH EBX
0042EB0C |. 8B5D 08
MOV EBX,DWORD PTR SS:[ARG.1]
0042EB0F |. 56
PUSH ESI
0042EB10 |. 8BF1
MOV ESI,ECX
0042EB12 |. C706 BC9D4400 MOV DWORD PTR DS:[ESI],OFFSET 00449DBC
0042EB18 |. 8B43 08
MOV EAX,DWORD PTR DS:[EBX+8]
0042EB1B |. 8946 08
MOV DWORD PTR DS:[ESI+8],EAX
0042EB1E |. 85C0
TEST EAX,EAX
0042EB20 |. 8B43 04
MOV EAX,DWORD PTR DS:[EBX+4]

; /Arg1
; \SystemIn

; /Arg1
; \SystemIn

;
;
;
;

/Arg3
|Arg2
|Arg1
\SystemIn

; SystemInf

; SystemInf

0042EB23 |. 57
0042EB24 |. 74 31
0042EB26 |. 85C0
0042EB28 |. 74 27
0042EB2A |. 50
0042EB2B |. E8 50F7FFFF
fo.0042E280
0042EB30 |. 8BF8
0042EB32 |. 47
0042EB33 |. 57
0042EB34 |. E8 FD6E0000
fo.00435A36
0042EB39 |. 59
0042EB3A |. 59
0042EB3B |. 8946 04
0042EB3E |. 85C0
0042EB40 |. 74 18
0042EB42 |. FF73 04
0042EB45 |. 57
0042EB46 |. 50
0042EB47 |. E8 336E0000
fo.0043597F
0042EB4C |. 83C4 0C
0042EB4F |. EB 09
0042EB51 |> 8366 04 00
0042EB55 |. EB 03
0042EB57 |> 8946 04
0042EB5A |> 5F
0042EB5B |. 8BC6
0042EB5D |. 5E
0042EB5E |. 5B
0042EB5F |. 5D
0042EB60 \. C2 0400
0042EB63 /$ 8379 08 00
o.0042EB63(guessed void)
0042EB67 |. C701 BC9D4400
0042EB6D |. 74 09
0042EB6F |. FF71 04
0042EB72 |. E8 67460000
fo.004331DE
0042EB77 |. 59
0042EB78 \> C3
0042EB79 /. 8B41 04
0042EB7C |. 85C0
0042EB7E |. 75 05
0042EB80 |. B8 C49D4400
known exception"
0042EB85 \> C3
0042EB86 /$ 8BFF
o.0042EB86(guessed Arg1)
0042EB88 |. 55
0042EB89 |. 8BEC
0042EB8B |. 56
0042EB8C |. 8D45 08
0042EB8F |. 50
OFFSET ARG.1
0042EB90 |. 8BF1
0042EB92 |. E8 FFFEFFFF
fo.0042EA96
0042EB97 |. C706 DC9D4400

PUSH EDI
JE SHORT 0042EB57
TEST EAX,EAX
JE SHORT 0042EB51
PUSH EAX
CALL 0042E280

; /Arg1
; \SystemIn

MOV EDI,EAX
INC EDI
PUSH EDI
CALL 00435A36

; /Arg1
; \SystemIn

POP ECX
POP ECX
MOV DWORD PTR DS:[ESI+4],EAX
TEST EAX,EAX
JE SHORT 0042EB5A
PUSH DWORD PTR DS:[EBX+4]
PUSH EDI
PUSH EAX
CALL 0043597F

;
;
;
;

ADD ESP,0C
JMP SHORT 0042EB5A
AND DWORD PTR DS:[ESI+4],00000000
JMP SHORT 0042EB5A
MOV DWORD PTR DS:[ESI+4],EAX
POP EDI
MOV EAX,ESI
POP ESI
POP EBX
POP EBP
RETN 4
CMP DWORD PTR DS:[ECX+8],0

; SystemInf

MOV DWORD PTR DS:[ECX],OFFSET 00449DBC


JE SHORT 0042EB78
PUSH DWORD PTR DS:[ECX+4]
CALL 004331DE

; /Arg1
; \SystemIn

POP ECX
RETN
MOV EAX,DWORD PTR DS:[ECX+4]
TEST EAX,EAX
JNE SHORT 0042EB85
MOV EAX,OFFSET 00449DC4

; ASCII "Un

RETN
MOV EDI,EDI

; SystemInf

PUSH EBP
MOV EBP,ESP
PUSH ESI
LEA EAX,[ARG.1]
PUSH EAX

; /Arg1 =>

MOV ESI,ECX
CALL 0042EA96

; |
; \SystemIn

MOV DWORD PTR DS:[ESI],OFFSET 00449DDC

/Arg3
|Arg2
|Arg1
\SystemIn

0042EB9D |.
0042EB9F |.
0042EBA0 |.
0042EBA1 \.
0042EBA4
0042EBA6 /.
0042EBA7 |.
0042EBA9 |.
0042EBAA |.
[ARG.1]
0042EBAD |.
0042EBAF |.
fo.0042EB06
0042EBB4 |.
0042EBBA |.
0042EBBC |.
0042EBBD |.
0042EBBE \.
0042EBC1 /.
0042EBC7 \.^
0042EBCC
0042EBCE /.
0042EBCF |.
0042EBD1 |.
0042EBD2 |.
0042EBD4 |.
fo.0042EB63
0042EBD9 |.
0042EBDD |.
0042EBDF |.
0042EBE0 |.
0042EBE5 |.
0042EBE6 |>
0042EBE8 |.
0042EBE9 |.
0042EBEA \.
0042EBED
0042EBEF /.
0042EBF0 |.
0042EBF2 |.
0042EBF3 |.
0042EBF5 |.
0042EBFB |.
fo.0042EB63
0042EC00 |.
0042EC04 |.
0042EC06 |.
0042EC07 |.
0042EC0C |.
0042EC0D |>
0042EC0F |.
0042EC10 |.
0042EC11 \.
0042EC14 /$
0042EC16 |.
0042EC17 |.
0042EC1D |.
0042EC22 |.
0042EC23 \.
0042EC24

8BC6
5E
5D
C2 0400
8BFF
55
8BEC
56
FF75 08

MOV EAX,ESI
POP ESI
POP EBP
RETN 4
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
PUSH ESI
PUSH DWORD PTR SS:[ARG.1]

; /Arg1 =>

8BF1
E8 52FFFFFF

MOV ESI,ECX
CALL 0042EB06

; |
; \SystemIn

C706 DC9D4400
8BC6
5E
5D
C2 0400
C701 DC9D4400
E9 97FFFFFF
8BFF
55
8BEC
56
8BF1
E8 8AFFFFFF

MOV DWORD PTR DS:[ESI],OFFSET 00449DDC


MOV EAX,ESI
POP ESI
POP EBP
RETN 4
MOV DWORD PTR DS:[ECX],OFFSET 00449DDC
JMP 0042EB63
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
PUSH ESI
MOV ESI,ECX
CALL 0042EB63

; [SystemIn

F645 08 01
74 07
56
E8 35FDFFFF
59
8BC6
5E
5D
C2 0400
8BFF
55
8BEC
56
8BF1
C706 DC9D4400
E8 63FFFFFF

TEST BYTE PTR SS:[ARG.1],01


JE SHORT 0042EBE6
PUSH ESI
CALL 0042E91A
POP ECX
MOV EAX,ESI
POP ESI
POP EBP
RETN 4
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
PUSH ESI
MOV ESI,ECX
MOV DWORD PTR DS:[ESI],OFFSET 00449DDC
CALL 0042EB63

; [SystemIn

F645 08 01
74 07
56
E8 0EFDFFFF
59
8BC6
5E
5D
C2 0400
8BFF
51
C701 E89D4400
E8 DE6E0000
59
C3
8BFF

TEST BYTE PTR SS:[ARG.1],01


JE SHORT 0042EC0D
PUSH ESI
CALL 0042E91A
POP ECX
MOV EAX,ESI
POP ESI
POP EBP
RETN 4
MOV EDI,EDI
PUSH ECX
MOV DWORD PTR DS:[ECX],OFFSET 00449DE8
CALL 00435B00
POP ECX
RETN
MOV EDI,EDI

0042EC26 /. 55
0042EC27 |. 8BEC
0042EC29 |. 56
0042EC2A |. 8BF1
0042EC2C |. E8 E3FFFFFF
0042EC31 |. F645 08 01
0042EC35 |. 74 07
0042EC37 |. 56
0042EC38 |. E8 DDFCFFFF
0042EC3D |. 59
0042EC3E |> 8BC6
0042EC40 |. 5E
0042EC41 |. 5D
0042EC42 \. C2 0400
0042EC45 /$ 8BFF
o.0042EC45(guessed Arg1)
0042EC47 |. 55
0042EC48 |. 8BEC
0042EC4A |. 8B45 08
0042EC4D |. 83C1 09
0042EC50 |. 51
ARG.ECX+9
0042EC51 |. 83C0 09
0042EC54 |. 50
0042EC55 |. E8 26FDFFFF
fo.0042E980
0042EC5A |. F7D8
EAX to boolean
0042EC5C |. 59
0042EC5D |. 1BC0
0042EC5F |. 59
0042EC60 |. 40
0042EC61 |. 5D
0042EC62 \. C2 0400
0042EC65 /$ 8BFF
o.0042EC65(guessed Arg1)
0042EC67 |. 55
0042EC68 |. 8BEC
0042EC6A |. 8B45 08
0042EC6D |. 56
0042EC6E |. 8BF1
0042EC70 |. C646 0C 00
0042EC74 |. 85C0
0042EC76 |. 75 63
0042EC78 |. E8 95660000
fo.00435312
0042EC7D |. 8946 08
0042EC80 |. 8B48 6C
0042EC83 |. 890E
0042EC85 |. 8B48 68
0042EC88 |. 894E 04
0042EC8B |. 8B0E
0042EC8D |. 3B0D E01D4500
0042EC93 |. 74 12
0042EC95 |. 8B0D F81C4500
0042EC9B |. 8548 70
0042EC9E |. 75 07
0042ECA0 |. E8 BB240000
fo.00431160
0042ECA5 |. 8906

PUSH EBP
MOV EBP,ESP
PUSH ESI
MOV ESI,ECX
CALL 0042EC14
TEST BYTE PTR SS:[ARG.1],01
JE SHORT 0042EC3E
PUSH ESI
CALL 0042E91A
POP ECX
MOV EAX,ESI
POP ESI
POP EBP
RETN 4
MOV EDI,EDI

; SystemInf

PUSH EBP
MOV EBP,ESP
MOV EAX,DWORD PTR SS:[ARG.1]
ADD ECX,9
PUSH ECX

; /Arg2 =>

ADD EAX,9
PUSH EAX
CALL 0042E980

; |
; |Arg1
; \SystemIn

NEG EAX

; Converts

POP ECX
SBB EAX,EAX
POP ECX
INC EAX
POP EBP
RETN 4
MOV EDI,EDI

; SystemInf

PUSH EBP
MOV EBP,ESP
MOV EAX,DWORD PTR SS:[ARG.1]
PUSH ESI
MOV ESI,ECX
MOV BYTE PTR DS:[ESI+0C],0
TEST EAX,EAX
JNE SHORT 0042ECDB
CALL 00435312

; [SystemIn

MOV DWORD PTR DS:[ESI+8],EAX


MOV ECX,DWORD PTR DS:[EAX+6C]
MOV DWORD PTR DS:[ESI],ECX
MOV ECX,DWORD PTR DS:[EAX+68]
MOV DWORD PTR DS:[ESI+4],ECX
MOV ECX,DWORD PTR DS:[ESI]
CMP ECX,DWORD PTR DS:[451DE0]
JE SHORT 0042ECA7
MOV ECX,DWORD PTR DS:[451CF8]
TEST DWORD PTR DS:[EAX+70],ECX
JNE SHORT 0042ECA7
CALL 00431160

; [SystemIn

MOV DWORD PTR DS:[ESI],EAX

0042ECA7 |> 8B46 04


0042ECAA |. 3B05 001C4500
0042ECB0 |. 74 16
0042ECB2 |. 8B46 08
0042ECB5 |. 8B0D F81C4500
0042ECBB |. 8548 70
0042ECBE |. 75 08
0042ECC0 |. E8 D1700000
fo.00435D96
0042ECC5 |. 8946 04
0042ECC8 |> 8B46 08
0042ECCB |. F640 70 02
0042ECCF |. 75 14
0042ECD1 |. 8348 70 02
0042ECD5 |. C646 0C 01
0042ECD9 |. EB 0A
0042ECDB |> 8B08
0042ECDD |. 890E
0042ECDF |. 8B40 04
0042ECE2 |. 8946 04
0042ECE5 |> 8BC6
0042ECE7 |. 5E
0042ECE8 |. 5D
0042ECE9 \. C2 0400
0042ECEC /$ 8BFF
0042ECEE |. 55
0042ECEF |. 8BEC
0042ECF1 |. 83EC 10
0042ECF4 |. 53
0042ECF5 |. 56
0042ECF6 |. 8B75 08
0042ECF9 |. 33DB
0042ECFB |. 3BF3
0042ECFD |. 0F84 A2000000
0042ED03 |. 381E
0042ED05 |. 0F84 9A000000
0042ED0B |. 395D 0C
0042ED0E |. 0F84 91000000
0042ED14 |. FF75 10
[ARG.3]
0042ED17 |. 8D4D F0
0042ED1A |. E8 46FFFFFF
fo.0042EC65
0042ED1F |. 8D45 F0
0042ED22 |. 50
OFFSET LOCAL.4
0042ED23 |. 0FB606
0042ED26 |. 50
0042ED27 |. E8 27750000
fo.00436253
0042ED2C |. 59
0042ED2D |. 85C0
0042ED2F |. 8B45 F0
0042ED32 |. 59
0042ED33 |. 74 4B
0042ED35 |. 8B88 AC000000
0042ED3B |. 83F9 01
0042ED3E |. 7E 2F
0042ED40 |. 394D 0C
0042ED43 |. 7C 2A

MOV EAX,DWORD PTR DS:[ESI+4]


CMP EAX,DWORD PTR DS:[451C00]
JE SHORT 0042ECC8
MOV EAX,DWORD PTR DS:[ESI+8]
MOV ECX,DWORD PTR DS:[451CF8]
TEST DWORD PTR DS:[EAX+70],ECX
JNE SHORT 0042ECC8
CALL 00435D96

; [SystemIn

MOV DWORD PTR DS:[ESI+4],EAX


MOV EAX,DWORD PTR DS:[ESI+8]
TEST BYTE PTR DS:[EAX+70],02
JNE SHORT 0042ECE5
OR DWORD PTR DS:[EAX+70],00000002
MOV BYTE PTR DS:[ESI+0C],1
JMP SHORT 0042ECE5
MOV ECX,DWORD PTR DS:[EAX]
MOV DWORD PTR DS:[ESI],ECX
MOV EAX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR DS:[ESI+4],EAX
MOV EAX,ESI
POP ESI
POP EBP
RETN 4
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
SUB ESP,10
PUSH EBX
PUSH ESI
MOV ESI,DWORD PTR SS:[ARG.1]
XOR EBX,EBX
CMP ESI,EBX
JE 0042EDA5
CMP BYTE PTR DS:[ESI],BL
JE 0042EDA5
CMP DWORD PTR SS:[ARG.2],EBX
JE 0042EDA5
PUSH DWORD PTR SS:[ARG.3]

; /Arg1 =>

LEA ECX,[LOCAL.4]
CALL 0042EC65

; |
; \SystemIn

LEA EAX,[LOCAL.4]
PUSH EAX

; /Arg2 =>

MOVZX EAX,BYTE PTR DS:[ESI]


PUSH EAX
CALL 00436253

; |
; |Arg1
; \SystemIn

POP ECX
TEST EAX,EAX
MOV EAX,DWORD PTR SS:[LOCAL.4]
POP ECX
JE SHORT 0042ED80
MOV ECX,DWORD PTR DS:[EAX+0AC]
CMP ECX,1
JLE SHORT 0042ED6F
CMP DWORD PTR SS:[ARG.2],ECX
JL SHORT 0042ED6F

0042ED45 |. 53
PUSH EBX
t
0042ED46 |. 53
PUSH EBX
0042ED47 |. 51
PUSH ECX
nt
0042ED48 |. 56
PUSH ESI
e
0042ED49 |. 6A 09
PUSH 9
MB_PRECOMPOSED|MB_ERR_INVALID_CHARS
0042ED4B |. FF70 04
PUSH DWORD PTR DS:[EAX+4]
0042ED4E |. FF15 50814400 CALL DWORD PTR DS:[<&KERNEL32.MultiByteT
.MultiByteToWideChar
0042ED54 |. 85C0
TEST EAX,EAX
0042ED56 |. 74 17
JE SHORT 0042ED6F
0042ED58 |. 8B45 F0
MOV EAX,DWORD PTR SS:[LOCAL.4]
0042ED5B |. 8B80 AC000000 MOV EAX,DWORD PTR DS:[EAX+0AC]
0042ED61 |. 385D FC
CMP BYTE PTR SS:[LOCAL.1],BL
0042ED64 |. 74 41
JE SHORT 0042EDA7
0042ED66 |. 8B4D F8
MOV ECX,DWORD PTR SS:[LOCAL.2]
0042ED69 |. 8361 70 FD
AND DWORD PTR DS:[ECX+70],FFFFFFFD
0042ED6D |. EB 38
JMP SHORT 0042EDA7
0042ED6F |> 385D FC
CMP BYTE PTR SS:[LOCAL.1],BL
0042ED72 |. 74 07
JE SHORT 0042ED7B
0042ED74 |. 8B45 F8
MOV EAX,DWORD PTR SS:[LOCAL.2]
0042ED77 |. 8360 70 FD
AND DWORD PTR DS:[EAX+70],FFFFFFFD
0042ED7B |> 83C8 FF
OR EAX,FFFFFFFF
0042ED7E |. EB 27
JMP SHORT 0042EDA7
0042ED80 |> 53
PUSH EBX
t
0042ED81 |. 53
PUSH EBX
0042ED82 |. 6A 01
PUSH 1
nt = 1
0042ED84 |. 56
PUSH ESI
e
0042ED85 |. 6A 09
PUSH 9
MB_PRECOMPOSED|MB_ERR_INVALID_CHARS
0042ED87 |. FF70 04
PUSH DWORD PTR DS:[EAX+4]
0042ED8A |. FF15 50814400 CALL DWORD PTR DS:[<&KERNEL32.MultiByteT
.MultiByteToWideChar
0042ED90 |. 85C0
TEST EAX,EAX
0042ED92 |.^ 74 DB
JE SHORT 0042ED6F
0042ED94 |. 385D FC
CMP BYTE PTR SS:[LOCAL.1],BL
0042ED97 |. 74 07
JE SHORT 0042EDA0
0042ED99 |. 8B45 F8
MOV EAX,DWORD PTR SS:[LOCAL.2]
0042ED9C |. 8360 70 FD
AND DWORD PTR DS:[EAX+70],FFFFFFFD
0042EDA0 |> 33C0
XOR EAX,EAX
0042EDA2 |. 40
INC EAX
0042EDA3 |. EB 02
JMP SHORT 0042EDA7
0042EDA5 |> 33C0
XOR EAX,EAX
0042EDA7 |> 5E
POP ESI
0042EDA8 |. 5B
POP EBX
0042EDA9 |. C9
LEAVE
0042EDAA \. C3
RETN
0042EDAB /$ 8BFF
MOV EDI,EDI
o.0042EDAB(guessed Arg1,Arg2)
0042EDAD |. 55
PUSH EBP
0042EDAE |. 8BEC
MOV EBP,ESP
0042EDB0 |. 833D D02C4500 CMP DWORD PTR DS:[452CD0],0
0042EDB7 |. 75 07
JNE SHORT 0042EDC0
0042EDB9 |. 68 E81D4500 PUSH OFFSET 00451DE8

; /WideCoun
; |WideChar
; |MultiCou
; |MultiByt
; |Flags =
; |CodePage
; \KERNEL32

; /WideCoun
; |WideChar
; |MultiCou
; |MultiByt
; |Flags =
; |CodePage
; \KERNEL32

; SystemInf

0042EDBE |. EB 02
0042EDC0 |> 6A 00
0042EDC2 |> FF75 0C
0042EDC5 |. FF75 08
0042EDC8 |. E8 1FFFFFFF
0042EDCD |. 83C4 0C
0042EDD0 |. 5D
0042EDD1 \. C3
0042EDD2
8BFF
0042EDD4 /. 55
0042EDD5 |. 8BEC
0042EDD7 |. 83EC 4C
0042EDDA |. A1 A0154500
0042EDDF |. 33C5
0042EDE1 |. 8945 FC
0042EDE4 |. 53
0042EDE5 |. 33DB
0042EDE7 |. 56
0042EDE8 |. 8B75 08
0042EDEB |. 57
0042EDEC |. 895D D4
0042EDEF |. 895D E4
0042EDF2 |. 895D E0
0042EDF5 |. 895D D8
0042EDF8 |. 895D DC
0042EDFB |. 8975 B4
0042EDFE |. 895D B8
0042EE01 |. 395E 14
0042EE04 |. 0F84 16030000
0042EE0A |. 8D46 04
0042EE0D |. 3918
0042EE0F |. 75 20
0042EE11 |. 50
0042EE12 |. 0FB746 30
0042EE16 |. 68 04100000
004
0042EE1B |. 50
0042EE1C |. 8D45 B4
0042EE1F |. 53
0
0042EE20 |. 50
OFFSET LOCAL.19
0042EE21 |. E8 74760000
fo.0043649A
0042EE26 |. 83C4 14
0042EE29 |. 85C0
0042EE2B |. 0F85 C7020000
0042EE31 |> 6A 04
0042EE33 |. E8 DB5F0000
fo.00434E13
0042EE38 |. 6A 02
0042EE3A |. BF 80010000
0042EE3F |. 57
180
0042EE40 |. 8945 D4
0042EE43 |. E8 10600000
fo.00434E58
0042EE48 |. 6A 01
0042EE4A |. 57
0042EE4B |. 8945 E4

JMP SHORT 0042EDC2


PUSH 0
PUSH DWORD PTR SS:[ARG.2]
PUSH DWORD PTR SS:[ARG.1]
CALL 0042ECEC
ADD ESP,0C
POP EBP
RETN
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
SUB ESP,4C
MOV EAX,DWORD PTR DS:[4515A0]
XOR EAX,EBP
MOV DWORD PTR SS:[LOCAL.1],EAX
PUSH EBX
XOR EBX,EBX
PUSH ESI
MOV ESI,DWORD PTR SS:[ARG.1]
PUSH EDI
MOV DWORD PTR SS:[LOCAL.11],EBX
MOV DWORD PTR SS:[LOCAL.7],EBX
MOV DWORD PTR SS:[LOCAL.8],EBX
MOV DWORD PTR SS:[LOCAL.10],EBX
MOV DWORD PTR SS:[LOCAL.9],EBX
MOV DWORD PTR SS:[LOCAL.19],ESI
MOV DWORD PTR SS:[LOCAL.18],EBX
CMP DWORD PTR DS:[ESI+14],EBX
JE 0042F120
LEA EAX,[ESI+4]
CMP DWORD PTR DS:[EAX],EBX
JNE SHORT 0042EE31
PUSH EAX
MOVZX EAX,WORD PTR DS:[ESI+30]
PUSH 1004

; /Arg5
; |
; |Arg4 = 1

PUSH EAX
LEA EAX,[LOCAL.19]
PUSH EBX

; |Arg3
; |
; |Arg2 =>

PUSH EAX

; |Arg1 =>

CALL 0043649A

; \SystemIn

ADD ESP,14
TEST EAX,EAX
JNE 0042F0F8
PUSH 4
CALL 00434E13

; /Arg1 = 4
; \SystemIn

PUSH 2
MOV EDI,180
PUSH EDI

; /Arg2 = 2
; |
; |Arg1 =>

MOV DWORD PTR SS:[LOCAL.11],EAX


CALL 00434E58

; |
; \SystemIn

PUSH 1
PUSH EDI
MOV DWORD PTR SS:[LOCAL.7],EAX

; /Arg2 = 1
; |Arg1
; |

0042EE4E |. E8 05600000
fo.00434E58
0042EE53 |. 6A 01
0042EE55 |. 57
0042EE56 |. 8945 E0
0042EE59 |. E8 FA5F0000
fo.00434E58
0042EE5E |. 6A 01
0042EE60 |. 68 01010000
01
0042EE65 |. 8945 D8
0042EE68 |. E8 EB5F0000
fo.00434E58
0042EE6D |. 83C4 24
0042EE70 |. 8945 DC
0042EE73 |. 395D D4
0042EE76 |. 0F84 7C020000
0042EE7C |. 395D E4
0042EE7F |. 0F84 73020000
0042EE85 |. 3BC3
0042EE87 |. 0F84 6B020000
0042EE8D |. 395D E0
0042EE90 |. 0F84 62020000
0042EE96 |. 395D D8
0042EE99 |. 0F84 59020000
0042EE9F |. 8B45 D4
0042EEA2 |. 8918
0042EEA4 |. 33C0
0042EEA6 |> 8B4D DC
0042EEA9 |. 880408
0042EEAC |. 40
0042EEAD |. 3D 00010000
0042EEB2 |.^ 7C F2
0042EEB4 |. 8D45 E8
0042EEB7 |. 50
=> OFFSET LOCAL.6
0042EEB8 |. FF76 04
0042EEBB |. FF15 70814400
.GetCPInfo
0042EEC1 |. 85C0
0042EEC3 |. 0F84 2F020000
0042EEC9 |. 837D E8 05
0042EECD |. 0F87 25020000
0042EED3 |. 0FB745 E8
0042EED7 |. 83F8 01
0042EEDA |. 8945 D0
0042EEDD |. 7E 2D
0042EEDF |. 385D EE
0042EEE2 |. 74 28
0042EEE4 |. 8D45 EF
0042EEE7 |> 8A08
0042EEE9 |. 3ACB
0042EEEB |. 74 1F
0042EEED |. 0FB678 FF
0042EEF1 |. 0FB6C9
0042EEF4 |. EB 0B
0042EEF6 |> 8B4D DC
0042EEF9 |. C6040F 20
0042EEFD |. 0FB608
0042EF00 |. 47

CALL 00434E58

; \SystemIn

PUSH 1
PUSH EDI
MOV DWORD PTR SS:[LOCAL.8],EAX
CALL 00434E58

;
;
;
;

PUSH 1
PUSH 101

; /Arg2 = 1
; |Arg1 = 1

MOV DWORD PTR SS:[LOCAL.10],EAX


CALL 00434E58

; |
; \SystemIn

ADD ESP,24
MOV DWORD PTR SS:[LOCAL.9],EAX
CMP DWORD PTR SS:[LOCAL.11],EBX
JE 0042F0F8
CMP DWORD PTR SS:[LOCAL.7],EBX
JE 0042F0F8
CMP EAX,EBX
JE 0042F0F8
CMP DWORD PTR SS:[LOCAL.8],EBX
JE 0042F0F8
CMP DWORD PTR SS:[LOCAL.10],EBX
JE 0042F0F8
MOV EAX,DWORD PTR SS:[LOCAL.11]
MOV DWORD PTR DS:[EAX],EBX
XOR EAX,EAX
/MOV ECX,DWORD PTR SS:[LOCAL.9]
|MOV BYTE PTR DS:[ECX+EAX],AL
|INC EAX
|CMP EAX,100
\JL SHORT 0042EEA6
LEA EAX,[LOCAL.6]
PUSH EAX

; /pCPInfo

/Arg2 = 1
|Arg1
|
\SystemIn

PUSH DWORD PTR DS:[ESI+4]


; |CodePage
CALL DWORD PTR DS:[<&KERNEL32.GetCPInfo> ; \KERNEL32
TEST EAX,EAX
JE 0042F0F8
CMP DWORD PTR SS:[LOCAL.6],5
JA 0042F0F8
MOVZX EAX,WORD PTR SS:[LOCAL.6]
CMP EAX,1
MOV DWORD PTR SS:[LOCAL.12],EAX
JLE SHORT 0042EF0C
CMP BYTE PTR SS:[LOCAL.5+2],BL
JE SHORT 0042EF0C
LEA EAX,[LOCAL.5+3]
/MOV CL,BYTE PTR DS:[EAX]
|CMP CL,BL
|JE SHORT 0042EF0C
|MOVZX EDI,BYTE PTR DS:[EAX-1]
|MOVZX ECX,CL
|JMP SHORT 0042EF01
|/MOV ECX,DWORD PTR SS:[LOCAL.9]
||MOV BYTE PTR DS:[ECX+EDI],20
||MOVZX ECX,BYTE PTR DS:[EAX]
||INC EDI

0042EF01 |>
0042EF03 |.^
0042EF05 |.
0042EF06 |.
0042EF07 |.
0042EF0A |.^
0042EF0C |>
0042EF0F |.
0042EF10 |.
0042EF11 |.
0042EF14 |.
0042EF19 |.
0042EF1A |.
00
0042EF1F |.
[LOCAL.9]
0042EF22 |.
0042EF25 |.
0042EF27 |.
0042EF28 |.
fo.00436458
0042EF2D |.
0042EF30 |.
0042EF32 |.
0042EF38 |.
0042EF3B |.
0042EF3E |.
0042EF3F |.
0042EF42 |.
0042EF47 |.
0FF
0042EF48 |.
0042EF4E |.
0042EF4F |.
0FF
0042EF50 |.
0042EF51 |.
0042EF52 |.
00
0042EF57 |.
0042EF5A |.
0042EF5B |.
fo.00434BA2
0042EF60 |.
0042EF63 |.
0042EF65 |.
0042EF6B |.
0042EF6E |.
0042EF6F |.
0042EF72 |.
0042EF77 |.
0042EF78 |.
0042EF79 |.
0042EF7C |.
0042EF7D |.
0042EF7E |.
0042EF7F |.
00
0042EF84 |.
0042EF87 |.

3BF9
7E F1
40
40
3858 FF
75 DB
8B45 E4
53
53
FF76 04
05 00010000
50
68 00010000

||CMP EDI,ECX
|\JLE SHORT 0042EEF6
|INC EAX
|INC EAX
|CMP BYTE PTR DS:[EAX-1],BL
\JNE SHORT 0042EEE7
MOV EAX,DWORD PTR SS:[LOCAL.7]
PUSH EBX
PUSH EBX
PUSH DWORD PTR DS:[ESI+4]
ADD EAX,100
PUSH EAX
PUSH 100

;
;
;
;
;
;

FF75 DC

PUSH DWORD PTR SS:[LOCAL.9]

; |Arg3 =>

8945 C0
6A 01
53
E8 2B750000

MOV DWORD PTR SS:[LOCAL.16],EAX


PUSH 1
PUSH EBX
CALL 00436458

;
;
;
;

|
|Arg2 = 1
|Arg1
\SystemIn

83C4 20
85C0
0F84 C0010000
8B4D E0
8B45 DC
53
FF76 04
BF FF000000
57

ADD ESP,20
TEST EAX,EAX
JE 0042F0F8
MOV ECX,DWORD PTR SS:[LOCAL.8]
MOV EAX,DWORD PTR SS:[LOCAL.9]
PUSH EBX
PUSH DWORD PTR DS:[ESI+4]
MOV EDI,0FF
PUSH EDI

;
;
;
;

/Arg9
|Arg8
|
|Arg7 =>

/Arg8
|Arg7
|Arg6
|
|Arg5
|Arg4 = 1

81C1 81000000 ADD ECX,81


51
PUSH ECX
57
PUSH EDI

; |
; |Arg6
; |Arg5 =>

40
50
68 00010000

INC EAX
PUSH EAX
PUSH 100

; |
; |Arg4
; |Arg3 = 1

FF76 14
53
E8 425C0000

PUSH DWORD PTR DS:[ESI+14]


PUSH EBX
CALL 00434BA2

; |Arg2
; |Arg1
; \SystemIn

83C4 24
85C0
0F84 8D010000
8B45 D8
53
FF76 04
05 81000000
57
50
8B45 DC
57
40
50
68 00020000

ADD ESP,24
TEST EAX,EAX
JE 0042F0F8
MOV EAX,DWORD PTR SS:[LOCAL.10]
PUSH EBX
PUSH DWORD PTR DS:[ESI+4]
ADD EAX,81
PUSH EDI
PUSH EAX
MOV EAX,DWORD PTR SS:[LOCAL.9]
PUSH EDI
INC EAX
PUSH EAX
PUSH 200

;
;
;
;
;
;
;
;
;
;

FF76 14
53

PUSH DWORD PTR DS:[ESI+14]


PUSH EBX

; |Arg2
; |Arg1

/Arg9
|Arg8
|
|Arg7
|Arg6
|
|Arg5
|
|Arg4
|Arg3 = 2

0042EF88 |.
fo.00434BA2
0042EF8D |.
0042EF90 |.
0042EF92 |.
0042EF98 |.
0042EF9B |.
0042EF9E |.
0042EFA4 |.
0042EFA6 |.
0042EFAA |.
0042EFAD |.
0042EFB0 |.
0042EFB3 |.
0042EFB9 |.
0042EFBC |.
0042EFBF |.
0042EFC1 |.
0042EFC4 |.
0042EFCA |.
0042EFCD |.
0042EFCF |.
0042EFD1 |.
0042EFD4 |.
0042EFD6 |.
0042EFD9 |.
0042EFDC |>
0042EFDE |.
0042EFE0 |.
0042EFE2 |.
0042EFE6 |.
0042EFE9 |.
0042EFEB |.
0042EFEE |.
0042EFF0 |.
0042EFF7 |.
0042EFF9 |>
0042EFFC |>
0042EFFF |.
0042F004 |.
0042F007 |.
0042F008 |.
0042F009 |.
0042F00C |.
0042F00F |.
0042F012 |.
0042F015 |.^
0042F017 |>
0042F01A |.
0042F01B |.
0042F01C |.
0042F01F |.
0042F022 |.^
0042F024 |>
FE
0042F029 |.
0042F02F |.
0042F030 |.
[LOCAL.7]
0042F031 |.

E8 155C0000

CALL 00434BA2

; \SystemIn

83C4 24
85C0
0F84 60010000
8B45 E4
8B7D E0
8D88 FE000000
33D2
837D D0 01
66:8911
8B55 D8
894D C4
8D8F 80000000
885F 7F
885A 7F
8819
894D BC
8D8A 80000000
894D C8
8819
7E 53
385D EE
74 4E
8D4D EF
894D E4
8A11
3AD3
74 42
0FB649 FF
0FB6D2
3BCA
894D E0
7F 27
8D8C48 000100
EB 03
8B4D CC
FF45 E0
BA 00800000
66:8911
41
41
894D CC
8B4D E4
0FB609
394D E0
7E E2
8B4D E4
41
41
894D E4
3859 FF
75 B8
68 FE000000

ADD ESP,24
TEST EAX,EAX
JE 0042F0F8
MOV EAX,DWORD PTR SS:[LOCAL.7]
MOV EDI,DWORD PTR SS:[LOCAL.8]
LEA ECX,[EAX+0FE]
XOR EDX,EDX
CMP DWORD PTR SS:[LOCAL.12],1
MOV WORD PTR DS:[ECX],DX
MOV EDX,DWORD PTR SS:[LOCAL.10]
MOV DWORD PTR SS:[LOCAL.15],ECX
LEA ECX,[EDI+80]
MOV BYTE PTR DS:[EDI+7F],BL
MOV BYTE PTR DS:[EDX+7F],BL
MOV BYTE PTR DS:[ECX],BL
MOV DWORD PTR SS:[LOCAL.17],ECX
LEA ECX,[EDX+80]
MOV DWORD PTR SS:[LOCAL.14],ECX
MOV BYTE PTR DS:[ECX],BL
JLE SHORT 0042F024
CMP BYTE PTR SS:[LOCAL.5+2],BL
JE SHORT 0042F024
LEA ECX,[LOCAL.5+3]
MOV DWORD PTR SS:[LOCAL.7],ECX
/MOV DL,BYTE PTR DS:[ECX]
|CMP DL,BL
|JE SHORT 0042F024
|MOVZX ECX,BYTE PTR DS:[ECX-1]
|MOVZX EDX,DL
|CMP ECX,EDX
|MOV DWORD PTR SS:[LOCAL.8],ECX
|JG SHORT 0042F017
|LEA ECX,[ECX*2+EAX+100]
|JMP SHORT 0042EFFC
|/MOV ECX,DWORD PTR SS:[LOCAL.13]
||INC DWORD PTR SS:[LOCAL.8]
||MOV EDX,8000
||MOV WORD PTR DS:[ECX],DX
||INC ECX
||INC ECX
||MOV DWORD PTR SS:[LOCAL.13],ECX
||MOV ECX,DWORD PTR SS:[LOCAL.7]
||MOVZX ECX,BYTE PTR DS:[ECX]
||CMP DWORD PTR SS:[LOCAL.8],ECX
|\JLE SHORT 0042EFF9
|MOV ECX,DWORD PTR SS:[LOCAL.7]
|INC ECX
|INC ECX
|MOV DWORD PTR SS:[LOCAL.7],ECX
|CMP BYTE PTR DS:[ECX-1],BL
\JNE SHORT 0042EFDC
PUSH 0FE

; /Arg3 = 0

8D88 00020000 LEA ECX,[EAX+200]


51
PUSH ECX
50
PUSH EAX

; |
; |Arg2
; |Arg1 =>

E8 BA010000

; \SystemIn

CALL 0042F1F0

fo.0042F1F0
0042F036 |. 6A 7F
F
0042F038 |. 8D87 00010000
0042F03E |. 50
0042F03F |. 57
0042F040 |. E8 AB010000
fo.0042F1F0
0042F045 |. 8B45 D8
0042F048 |. 6A 7F
F
0042F04A |. 8D88 00010000
0042F050 |. 51
0042F051 |. 50
[LOCAL.10]
0042F052 |. E8 99010000
fo.0042F1F0
0042F057 |. 8B86 C0000000
0042F05D |. 83C4 24
0042F060 |. 3BC3
0042F062 |. 74 4B
0042F064 |. 50
0042F065 |. FF15 34814400
.InterlockedDecrement
0042F06B |. 85C0
0042F06D |. 75 40
0042F06F |. 8B86 C4000000
0042F075 |. 2D FE000000
0042F07A |. 50
0042F07B |. E8 5E410000
fo.004331DE
0042F080 |. 8B86 CC000000
0042F086 |. BF 80000000
0042F08B |. 2BC7
0042F08D |. 50
0042F08E |. E8 4B410000
fo.004331DE
0042F093 |. 8B86 D0000000
0042F099 |. 2BC7
0042F09B |. 50
0042F09C |. E8 3D410000
fo.004331DE
0042F0A1 |. FFB6 C0000000
0042F0A7 |. E8 32410000
fo.004331DE
0042F0AC |. 83C4 10
0042F0AF |> 8B45 D4
0042F0B2 |. C700 01000000
0042F0B8 |. 8986 C0000000
0042F0BE |. 8B45 C0
0042F0C1 |. 8986 C8000000
0042F0C7 |. 8B45 C4
0042F0CA |. 8986 C4000000
0042F0D0 |. 8B45 BC
0042F0D3 |. 8986 CC000000
0042F0D9 |. 8B45 C8
0042F0DC |. 8986 D0000000
0042F0E2 |. 8B45 D0
0042F0E5 |. 8986 AC000000
0042F0EB |> FF75 DC

PUSH 7F

; /Arg3 = 7

LEA EAX,[EDI+100]
PUSH EAX
PUSH EDI
CALL 0042F1F0

;
;
;
;

MOV EAX,DWORD PTR SS:[LOCAL.10]


PUSH 7F

; /Arg3 = 7

LEA ECX,[EAX+100]
PUSH ECX
PUSH EAX

; |
; |Arg2
; |Arg1 =>

CALL 0042F1F0

; \SystemIn

|
|Arg2
|Arg1
\SystemIn

MOV EAX,DWORD PTR DS:[ESI+0C0]


ADD ESP,24
CMP EAX,EBX
JE SHORT 0042F0AF
PUSH EAX
; /pTarget
CALL DWORD PTR DS:[<&KERNEL32.Interlocke ; \KERNEL32
TEST EAX,EAX
JNE SHORT 0042F0AF
MOV EAX,DWORD PTR DS:[ESI+0C4]
SUB EAX,0FE
PUSH EAX
CALL 004331DE

; /Arg1
; \SystemIn

MOV EAX,DWORD PTR DS:[ESI+0CC]


MOV EDI,80
SUB EAX,EDI
PUSH EAX
CALL 004331DE

; /Arg1
; \SystemIn

MOV EAX,DWORD PTR DS:[ESI+0D0]


SUB EAX,EDI
PUSH EAX
CALL 004331DE

; /Arg1
; \SystemIn

PUSH DWORD PTR DS:[ESI+0C0]


CALL 004331DE

; /Arg1
; \SystemIn

ADD ESP,10
MOV EAX,DWORD PTR SS:[LOCAL.11]
MOV DWORD PTR DS:[EAX],1
MOV DWORD PTR DS:[ESI+0C0],EAX
MOV EAX,DWORD PTR SS:[LOCAL.16]
MOV DWORD PTR DS:[ESI+0C8],EAX
MOV EAX,DWORD PTR SS:[LOCAL.15]
MOV DWORD PTR DS:[ESI+0C4],EAX
MOV EAX,DWORD PTR SS:[LOCAL.17]
MOV DWORD PTR DS:[ESI+0CC],EAX
MOV EAX,DWORD PTR SS:[LOCAL.14]
MOV DWORD PTR DS:[ESI+0D0],EAX
MOV EAX,DWORD PTR SS:[LOCAL.12]
MOV DWORD PTR DS:[ESI+0AC],EAX
PUSH DWORD PTR SS:[LOCAL.9]

; /Arg1 =>

[LOCAL.9]
0042F0EE |. E8 EB400000
fo.004331DE
0042F0F3 |. 59
0042F0F4 |. 8BC3
0042F0F6 |. EB 6D
0042F0F8 |> FF75 D4
[LOCAL.11]
0042F0FB |. E8 DE400000
fo.004331DE
0042F100 |. FF75 E4
[LOCAL.7]
0042F103 |. E8 D6400000
fo.004331DE
0042F108 |. FF75 E0
[LOCAL.8]
0042F10B |. E8 CE400000
fo.004331DE
0042F110 |. FF75 D8
[LOCAL.10]
0042F113 |. E8 C6400000
fo.004331DE
0042F118 |. 33DB
0042F11A |. 83C4 10
0042F11D |. 43
0042F11E |.^ EB CB
0042F120 |> 8DBE C0000000
0042F126 |. 8B07
0042F128 |. 3BC3
0042F12A |. 74 07
0042F12C |. 50
0042F12D |. FF15 34814400
.InterlockedDecrement
0042F133 |> 891F
0042F135 |. 899E C4000000
0042F13B |. C786 C8000000
0042F145 |. C786 CC000000
0042F14F |. C786 D0000000
0042F159 |. C786 AC000000
0042F163 |. 33C0
0042F165 |> 8B4D FC
0042F168 |. 5F
0042F169 |. 5E
0042F16A |. 33CD
0042F16C |. 5B
0042F16D |. E8 7FF5FFFF
0042F172 |. C9
0042F173 \. C3
0042F174 /$ E8 99610000
fo.00435312
0042F179 |. 8BC8
0042F17B |. 8B41 6C
0042F17E |. 3B05 E01D4500
0042F184 |. 74 10
0042F186 |. 8B15 F81C4500
0042F18C |. 8551 70
0042F18F |. 75 05
0042F191 |. E8 CA1F0000
fo.00431160
0042F196 |> 8B80 AC000000

CALL 004331DE

; \SystemIn

POP ECX
MOV EAX,EBX
JMP SHORT 0042F165
PUSH DWORD PTR SS:[LOCAL.11]

; /Arg1 =>

CALL 004331DE

; \SystemIn

PUSH DWORD PTR SS:[LOCAL.7]

; /Arg1 =>

CALL 004331DE

; \SystemIn

PUSH DWORD PTR SS:[LOCAL.8]

; /Arg1 =>

CALL 004331DE

; \SystemIn

PUSH DWORD PTR SS:[LOCAL.10]

; /Arg1 =>

CALL 004331DE

; \SystemIn

XOR EBX,EBX
ADD ESP,10
INC EBX
JMP SHORT 0042F0EB
LEA EDI,[ESI+0C0]
MOV EAX,DWORD PTR DS:[EDI]
CMP EAX,EBX
JE SHORT 0042F133
PUSH EAX
; /pTarget
CALL DWORD PTR DS:[<&KERNEL32.Interlocke ; \KERNEL32
MOV DWORD PTR
MOV DWORD PTR
MOV DWORD PTR
MOV DWORD PTR
MOV DWORD PTR
MOV DWORD PTR
XOR EAX,EAX
MOV ECX,DWORD
POP EDI
POP ESI
XOR ECX,EBP
POP EBX
CALL 0042E6F1
LEAVE
RETN
CALL 00435312

DS:[EDI],EBX
DS:[ESI+0C4],EBX
DS:[ESI+0C8],OFFSET 0044A0
DS:[ESI+0CC],OFFSET 0044A4
DS:[ESI+0D0],OFFSET 0044A6
DS:[ESI+0AC],1
PTR SS:[LOCAL.1]

MOV ECX,EAX
MOV EAX,DWORD PTR DS:[ECX+6C]
CMP EAX,DWORD PTR DS:[451DE0]
JE SHORT 0042F196
MOV EDX,DWORD PTR DS:[451CF8]
TEST DWORD PTR DS:[ECX+70],EDX
JNE SHORT 0042F196
CALL 00431160
MOV EAX,DWORD PTR DS:[EAX+0AC]

; [SystemIn

; [SystemIn

0042F19C \. C3
RETN
0042F19D /$ E8 70610000 CALL 00435312
fo.00435312
0042F1A2 |. 8BC8
MOV ECX,EAX
0042F1A4 |. 8B41 6C
MOV EAX,DWORD PTR DS:[ECX+6C]
0042F1A7 |. 3B05 E01D4500 CMP EAX,DWORD PTR DS:[451DE0]
0042F1AD |. 74 10
JE SHORT 0042F1BF
0042F1AF |. 8B15 F81C4500 MOV EDX,DWORD PTR DS:[451CF8]
0042F1B5 |. 8551 70
TEST DWORD PTR DS:[ECX+70],EDX
0042F1B8 |. 75 05
JNE SHORT 0042F1BF
0042F1BA |. E8 A11F0000 CALL 00431160
fo.00431160
0042F1BF |> 8B40 04
MOV EAX,DWORD PTR DS:[EAX+4]
0042F1C2 \. C3
RETN
0042F1C3 /$ E8 4A610000 CALL 00435312
fo.00435312
0042F1C8 |. 8BC8
MOV ECX,EAX
0042F1CA |. 8B41 6C
MOV EAX,DWORD PTR DS:[ECX+6C]
0042F1CD |. 3B05 E01D4500 CMP EAX,DWORD PTR DS:[451DE0]
0042F1D3 |. 74 10
JE SHORT 0042F1E5
0042F1D5 |. 8B15 F81C4500 MOV EDX,DWORD PTR DS:[451CF8]
0042F1DB |. 8551 70
TEST DWORD PTR DS:[ECX+70],EDX
0042F1DE |. 75 05
JNE SHORT 0042F1E5
0042F1E0 |. E8 7B1F0000 CALL 00431160
fo.00431160
0042F1E5 |> 83C0 0C
ADD EAX,0C
0042F1E8 \. C3
RETN
0042F1E9
CC
INT3
0042F1EA
CC
INT3
0042F1EB
CC
INT3
0042F1EC
CC
INT3
0042F1ED
CC
INT3
0042F1EE
CC
INT3
0042F1EF
CC
INT3
0042F1F0 /$ 55
PUSH EBP
o.0042F1F0(guessed Arg1,Arg2,Arg3)
0042F1F1 |. 8BEC
MOV EBP,ESP
0042F1F3 |. 57
PUSH EDI
0042F1F4 |. 56
PUSH ESI
0042F1F5 |. 8B75 0C
MOV ESI,DWORD PTR SS:[EBP+0C]
0042F1F8 |. 8B4D 10
MOV ECX,DWORD PTR SS:[EBP+10]
0042F1FB |. 8B7D 08
MOV EDI,DWORD PTR SS:[EBP+8]
0042F1FE |. 8BC1
MOV EAX,ECX
0042F200 |. 8BD1
MOV EDX,ECX
0042F202 |. 03C6
ADD EAX,ESI
0042F204 |. 3BFE
CMP EDI,ESI
0042F206 |. 76 08
JBE SHORT 0042F210
0042F208 |. 3BF8
CMP EDI,EAX
0042F20A |. 0F82 A4010000 JB 0042F3B4
0042F210 |> 81F9 00010000 CMP ECX,100
0042F216 |. 72 1F
JB SHORT 0042F237
0042F218 |. 833D D8484500 CMP DWORD PTR DS:[4548D8],0
0042F21F |. 74 16
JE SHORT 0042F237
0042F221 |. 57
PUSH EDI
0042F222 |. 56
PUSH ESI
0042F223 |. 83E7 0F
AND EDI,0000000F
0042F226 |. 83E6 0F
AND ESI,0000000F
0042F229 |. 3BFE
CMP EDI,ESI
0042F22B |. 5E
POP ESI
0042F22C |. 5F
POP EDI

; [SystemIn

; [SystemIn

; [SystemIn

; [SystemIn

; SystemInf

0042F22D |. 75 08
0042F22F |. 5E
0042F230 |. 5F
0042F231 |. 5D
0042F232 |. E9 78740000
0042F237 |> F7C7 03000000
0042F23D |. 75 15
0042F23F |. C1E9 02
0042F242 |. 83E2 03
0042F245 |. 83F9 08
0042F248 |. 72 2A
0042F24A |. F3:A5
0042F24C |. FF2495 64F342
0042F253 | 90
0042F254 |> 8BC7
0042F256 |. BA 03000000
0042F25B |. 83E9 04
0042F25E |. 72 0C
0042F260 |. 83E0 03
ases 1..3, 3 exits)
0042F263 |. 03C8
0042F265 |. FF2485 78F242
0042F26C |> FF248D 74F342
0042F273 | 90
0042F274 |> FF248D F8F242
0042F27B | 90
0042F27C |. 88F24200
0042F280 |. B4F24200
0042F284 |. D8F24200
0042F288 |> 23D1
switch SystemInfo.42F260
0042F28A |. 8A06
0042F28C |. 8807
0042F28E |. 8A46 01
0042F291 |. 8847 01
0042F294 |. 8A46 02
0042F297 |. C1E9 02
0042F29A |. 8847 02
0042F29D |. 83C6 03
0042F2A0 |. 83C7 03
0042F2A3 |. 83F9 08
0042F2A6 |.^ 72 CC
0042F2A8 |. F3:A5
0042F2AA |. FF2495 64F342
0042F2B1 | 8D49 00
0042F2B4 |> 23D1
switch SystemInfo.42F260
0042F2B6 |. 8A06
0042F2B8 |. 8807
0042F2BA |. 8A46 01
0042F2BD |. C1E9 02
0042F2C0 |. 8847 01
0042F2C3 |. 83C6 02
0042F2C6 |. 83C7 02
0042F2C9 |. 83F9 08
0042F2CC |.^ 72 A6
0042F2CE |. F3:A5
0042F2D0 |. FF2495 64F342
0042F2D7 | 90
0042F2D8 |> 23D1

JNE SHORT 0042F237


POP ESI
POP EDI
POP EBP
JMP 004366AF
TEST EDI,00000003
JNE SHORT 0042F254
SHR ECX,2
AND EDX,00000003
CMP ECX,8
JB SHORT 0042F274
REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS
JMP DWORD PTR DS:[EDX*4+42F364]
NOP
MOV EAX,EDI
MOV EDX,3
SUB ECX,4
JB SHORT 0042F26C
AND EAX,00000003
; Switch (c
ADD ECX,EAX
JMP DWORD PTR DS:[EAX*4+42F278]
JMP DWORD PTR DS:[ECX*4+42F374]
NOP
JMP DWORD PTR DS:[ECX*4+42F2F8]
NOP
DD 0042F288
DD 0042F2B4
DD 0042F2D8
AND EDX,ECX

; Case 1 of

MOV AL,BYTE PTR DS:[ESI]


MOV BYTE PTR DS:[EDI],AL
MOV AL,BYTE PTR DS:[ESI+1]
MOV BYTE PTR DS:[EDI+1],AL
MOV AL,BYTE PTR DS:[ESI+2]
SHR ECX,2
MOV BYTE PTR DS:[EDI+2],AL
ADD ESI,3
ADD EDI,3
CMP ECX,8
JB SHORT 0042F274
REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS
JMP DWORD PTR DS:[EDX*4+42F364]
LEA ECX,[ECX]
AND EDX,ECX
; Case 2 of
MOV AL,BYTE PTR DS:[ESI]
MOV BYTE PTR DS:[EDI],AL
MOV AL,BYTE PTR DS:[ESI+1]
SHR ECX,2
MOV BYTE PTR DS:[EDI+1],AL
ADD ESI,2
ADD EDI,2
CMP ECX,8
JB SHORT 0042F274
REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS
JMP DWORD PTR DS:[EDX*4+42F364]
NOP
AND EDX,ECX
; Case 3 of

switch SystemInfo.42F260
0042F2DA |. 8A06
0042F2DC |. 8807
0042F2DE |. 83C6 01
0042F2E1 |. C1E9 02
0042F2E4 |. 83C7 01
0042F2E7 |. 83F9 08
0042F2EA |.^ 72 88
0042F2EC |. F3:A5
0042F2EE \. FF2495 64F342
0042F2F5
8D49 00
0042F2F8 . 5BF34200
0042F2FC . 48F34200
0042F300 . 40F34200
0042F304 . 38F34200
0042F308 . 30F34200
0042F30C . 28F34200
0042F310 . 20F34200
0042F314 . 18F34200
0042F318 /> 8B448E E4
0042F31C |. 89448F E4
0042F320 |> 8B448E E8
0042F324 |. 89448F E8
0042F328 |> 8B448E EC
0042F32C |. 89448F EC
0042F330 |> 8B448E F0
0042F334 |. 89448F F0
0042F338 |> 8B448E F4
0042F33C |. 89448F F4
0042F340 |> 8B448E F8
0042F344 |. 89448F F8
0042F348 |> 8B448E FC
0042F34C |. 89448F FC
0042F350 |. 8D048D 000000
0042F357 |. 03F0
0042F359 |. 03F8
0042F35B \> FF2495 64F342
0042F362
8BFF
0042F364 . 74F34200
0042F368 . 7CF34200
0042F36C . 88F34200
0042F370 . 9CF34200
0042F374 /> 8B45 08
0042F377 |. 5E
0042F378 |. 5F
0042F379 |. C9
0042F37A \. C3
0042F37B
90
0042F37C /> 8A06
0042F37E |. 8807
0042F380 |. 8B45 08
0042F383 |. 5E
0042F384 |. 5F
0042F385 |. C9
0042F386 \. C3
0042F387
90
0042F388 /> 8A06
0042F38A |. 8807
0042F38C |. 8A46 01
0042F38F |. 8847 01

MOV AL,BYTE PTR DS:[ESI]


MOV BYTE PTR DS:[EDI],AL
ADD ESI,1
SHR ECX,2
ADD EDI,1
CMP ECX,8
JB SHORT 0042F274
REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS
JMP DWORD PTR DS:[EDX*4+42F364]
LEA ECX,[ECX]
DD 0042F35B
DD 0042F348
DD 0042F340
DD 0042F338
DD 0042F330
DD 0042F328
DD 0042F320
DD 0042F318
MOV EAX,DWORD PTR DS:[ECX*4+ESI-1C]
MOV DWORD PTR DS:[ECX*4+EDI-1C],EAX
MOV EAX,DWORD PTR DS:[ECX*4+ESI-18]
MOV DWORD PTR DS:[ECX*4+EDI-18],EAX
MOV EAX,DWORD PTR DS:[ECX*4+ESI-14]
MOV DWORD PTR DS:[ECX*4+EDI-14],EAX
MOV EAX,DWORD PTR DS:[ECX*4+ESI-10]
MOV DWORD PTR DS:[ECX*4+EDI-10],EAX
MOV EAX,DWORD PTR DS:[ECX*4+ESI-0C]
MOV DWORD PTR DS:[ECX*4+EDI-0C],EAX
MOV EAX,DWORD PTR DS:[ECX*4+ESI-8]
MOV DWORD PTR DS:[ECX*4+EDI-8],EAX
MOV EAX,DWORD PTR DS:[ECX*4+ESI-4]
MOV DWORD PTR DS:[ECX*4+EDI-4],EAX
LEA EAX,[ECX*4]
ADD ESI,EAX
ADD EDI,EAX
JMP DWORD PTR DS:[EDX*4+42F364]
MOV EDI,EDI
DD 0042F374
DD 0042F37C
DD 0042F388
DD 0042F39C
MOV EAX,DWORD PTR SS:[EBP+8]
POP ESI
POP EDI
LEAVE
RETN
NOP
MOV AL,BYTE PTR DS:[ESI]
MOV BYTE PTR DS:[EDI],AL
MOV EAX,DWORD PTR SS:[EBP+8]
POP ESI
POP EDI
LEAVE
RETN
NOP
MOV AL,BYTE PTR DS:[ESI]
MOV BYTE PTR DS:[EDI],AL
MOV AL,BYTE PTR DS:[ESI+1]
MOV BYTE PTR DS:[EDI+1],AL

0042F392 |. 8B45 08
MOV EAX,DWORD PTR SS:[EBP+8]
0042F395 |. 5E
POP ESI
0042F396 |. 5F
POP EDI
0042F397 |. C9
LEAVE
0042F398 \. C3
RETN
0042F399
8D49 00
LEA ECX,[ECX]
0042F39C /> 8A06
MOV AL,BYTE PTR DS:[ESI]
0042F39E |. 8807
MOV BYTE PTR DS:[EDI],AL
0042F3A0 |. 8A46 01
MOV AL,BYTE PTR DS:[ESI+1]
0042F3A3 |. 8847 01
MOV BYTE PTR DS:[EDI+1],AL
0042F3A6 |. 8A46 02
MOV AL,BYTE PTR DS:[ESI+2]
0042F3A9 |. 8847 02
MOV BYTE PTR DS:[EDI+2],AL
0042F3AC |. 8B45 08
MOV EAX,DWORD PTR SS:[EBP+8]
0042F3AF |. 5E
POP ESI
0042F3B0 |. 5F
POP EDI
0042F3B1 |. C9
LEAVE
0042F3B2 \. C3
RETN
0042F3B3
90
NOP
0042F3B4 /> 8D7431 FC
LEA ESI,[ESI+ECX-4]
0042F3B8 |. 8D7C39 FC
LEA EDI,[EDI+ECX-4]
0042F3BC |. F7C7 03000000 TEST EDI,00000003
0042F3C2 |. 75 24
JNE SHORT 0042F3E8
0042F3C4 |. C1E9 02
SHR ECX,2
0042F3C7 |. 83E2 03
AND EDX,00000003
0042F3CA |. 83F9 08
CMP ECX,8
0042F3CD |. 72 0D
JB SHORT 0042F3DC
0042F3CF |. FD
STD
0042F3D0 |. F3:A5
REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS
0042F3D2 |. FC
CLD
0042F3D3 |. FF2495 00F542 JMP DWORD PTR DS:[EDX*4+42F500]
0042F3DA | 8BFF
MOV EDI,EDI
0042F3DC |> F7D9
NEG ECX
0042F3DE |. FF248D B0F442 JMP DWORD PTR DS:[ECX*4+42F4B0]
0042F3E5 | 8D49 00
LEA ECX,[ECX]
0042F3E8 |> 8BC7
MOV EAX,EDI
0042F3EA |. BA 03000000 MOV EDX,3
; Switch (c
ases 0..3, 5 exits)
0042F3EF |. 83F9 04
CMP ECX,4
0042F3F2 |. 72 0C
JB SHORT 0042F400
0042F3F4 |. 83E0 03
AND EAX,00000003
; Default c
ase of switch SystemInfo.42F3EA
0042F3F7 |. 2BC8
SUB ECX,EAX
0042F3F9 |. FF2485 04F442 JMP DWORD PTR DS:[EAX*4+42F404]
0042F400 \> FF248D 00F542 JMP DWORD PTR DS:[ECX*4+42F500]
0042F407
90
NOP
0042F408 . 14F44200
DD 0042F414
0042F40C . 38F44200
DD 0042F438
0042F410 . 60F44200
DD 0042F460
0042F414 /> 8A46 03
MOV AL,BYTE PTR DS:[ESI+3]
0042F417 |. 23D1
AND EDX,ECX
0042F419 |. 8847 03
MOV BYTE PTR DS:[EDI+3],AL
0042F41C |. 83EE 01
SUB ESI,1
0042F41F |. C1E9 02
SHR ECX,2
0042F422 |. 83EF 01
SUB EDI,1
0042F425 |. 83F9 08
CMP ECX,8
0042F428 |.^ 72 B2
JB SHORT 0042F3DC
0042F42A |. FD
STD
0042F42B |. F3:A5
REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS
0042F42D |. FC
CLD
0042F42E \. FF2495 00F542 JMP DWORD PTR DS:[EDX*4+42F500]

0042F435
0042F438
0042F43B
0042F43D
0042F440
0042F443
0042F446
0042F449
0042F44C
0042F44F
0042F452
0042F454
0042F455
0042F457
0042F458
0042F45F
0042F460
0042F463
0042F465
0042F468
0042F46B
0042F46E
0042F471
0042F474
0042F477
0042F47A
0042F47D
0042F480
0042F486
0042F487
0042F489
0042F48A
0042F491
0042F494
0042F498
0042F49C
0042F4A0
0042F4A4
0042F4A8
0042F4AC
0042F4B0
0042F4B4
0042F4B8
0042F4BC
0042F4C0
0042F4C4
0042F4C8
0042F4CC
0042F4D0
0042F4D4
0042F4D8
0042F4DC
0042F4E0
0042F4E4
0042F4E8
0042F4EC
0042F4F3
0042F4F5
0042F4F7
0042F4FE

/>
|.
|.
|.
|.
|.
|.
|.
|.
|.^
|.
|.
|.
\.
/>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.^
|.
|.
|.
\.
.
.
.
.
.
.
.
.
/>
|.
|>
|.
|>
|.
|>
|.
|>
|.
|>
|.
|>
|.
|.
|.
|.
\>

8D49 00
8A46 03
23D1
8847 03
8A46 02
C1E9 02
8847 02
83EE 02
83EF 02
83F9 08
72 88
FD
F3:A5
FC
FF2495 00F542
90
8A46 03
23D1
8847 03
8A46 02
8847 02
8A46 01
C1E9 02
8847 01
83EE 03
83EF 03
83F9 08
0F82 56FFFFFF
FD
F3:A5
FC
FF2495 00F542
8D49 00
B4F44200
BCF44200
C4F44200
CCF44200
D4F44200
DCF44200
E4F44200
F7F44200
8B448E 1C
89448F 1C
8B448E 18
89448F 18
8B448E 14
89448F 14
8B448E 10
89448F 10
8B448E 0C
89448F 0C
8B448E 08
89448F 08
8B448E 04
89448F 04
8D048D 000000
03F0
03F8
FF2495 00F542
8BFF

LEA ECX,[ECX]
MOV AL,BYTE PTR DS:[ESI+3]
AND EDX,ECX
MOV BYTE PTR DS:[EDI+3],AL
MOV AL,BYTE PTR DS:[ESI+2]
SHR ECX,2
MOV BYTE PTR DS:[EDI+2],AL
SUB ESI,2
SUB EDI,2
CMP ECX,8
JB SHORT 0042F3DC
STD
REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS
CLD
JMP DWORD PTR DS:[EDX*4+42F500]
NOP
MOV AL,BYTE PTR DS:[ESI+3]
AND EDX,ECX
MOV BYTE PTR DS:[EDI+3],AL
MOV AL,BYTE PTR DS:[ESI+2]
MOV BYTE PTR DS:[EDI+2],AL
MOV AL,BYTE PTR DS:[ESI+1]
SHR ECX,2
MOV BYTE PTR DS:[EDI+1],AL
SUB ESI,3
SUB EDI,3
CMP ECX,8
JB 0042F3DC
STD
REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS
CLD
JMP DWORD PTR DS:[EDX*4+42F500]
LEA ECX,[ECX]
DD 0042F4B4
DD 0042F4BC
DD 0042F4C4
DD 0042F4CC
DD 0042F4D4
DD 0042F4DC
DD 0042F4E4
DD 0042F4F7
MOV EAX,DWORD PTR DS:[ECX*4+ESI+1C]
MOV DWORD PTR DS:[ECX*4+EDI+1C],EAX
MOV EAX,DWORD PTR DS:[ECX*4+ESI+18]
MOV DWORD PTR DS:[ECX*4+EDI+18],EAX
MOV EAX,DWORD PTR DS:[ECX*4+ESI+14]
MOV DWORD PTR DS:[ECX*4+EDI+14],EAX
MOV EAX,DWORD PTR DS:[ECX*4+ESI+10]
MOV DWORD PTR DS:[ECX*4+EDI+10],EAX
MOV EAX,DWORD PTR DS:[ECX*4+ESI+0C]
MOV DWORD PTR DS:[ECX*4+EDI+0C],EAX
MOV EAX,DWORD PTR DS:[ECX*4+ESI+8]
MOV DWORD PTR DS:[ECX*4+EDI+8],EAX
MOV EAX,DWORD PTR DS:[ECX*4+ESI+4]
MOV DWORD PTR DS:[ECX*4+EDI+4],EAX
LEA EAX,[ECX*4]
ADD ESI,EAX
ADD EDI,EAX
JMP DWORD PTR DS:[EDX*4+42F500]
MOV EDI,EDI

0042F500 . 10F54200
DD 0042F510
0042F504 . 18F54200
DD 0042F518
0042F508 . 28F54200
DD 0042F528
0042F50C . 3CF54200
DD 0042F53C
0042F510 /> 8B45 08
MOV EAX,DWORD PTR SS:[EBP+8]
switch SystemInfo.42F3EA
0042F513 |. 5E
POP ESI
0042F514 |. 5F
POP EDI
0042F515 |. C9
LEAVE
0042F516 |. C3
RETN
0042F517 | 90
NOP
0042F518 |> 8A46 03
MOV AL,BYTE PTR DS:[ESI+3]
switch SystemInfo.42F3EA
0042F51B |. 8847 03
MOV BYTE PTR DS:[EDI+3],AL
0042F51E |. 8B45 08
MOV EAX,DWORD PTR SS:[EBP+8]
0042F521 |. 5E
POP ESI
0042F522 |. 5F
POP EDI
0042F523 |. C9
LEAVE
0042F524 |. C3
RETN
0042F525 | 8D49 00
LEA ECX,[ECX]
0042F528 |> 8A46 03
MOV AL,BYTE PTR DS:[ESI+3]
switch SystemInfo.42F3EA
0042F52B |. 8847 03
MOV BYTE PTR DS:[EDI+3],AL
0042F52E |. 8A46 02
MOV AL,BYTE PTR DS:[ESI+2]
0042F531 |. 8847 02
MOV BYTE PTR DS:[EDI+2],AL
0042F534 |. 8B45 08
MOV EAX,DWORD PTR SS:[EBP+8]
0042F537 |. 5E
POP ESI
0042F538 |. 5F
POP EDI
0042F539 |. C9
LEAVE
0042F53A |. C3
RETN
0042F53B | 90
NOP
0042F53C |> 8A46 03
MOV AL,BYTE PTR DS:[ESI+3]
switch SystemInfo.42F3EA
0042F53F |. 8847 03
MOV BYTE PTR DS:[EDI+3],AL
0042F542 |. 8A46 02
MOV AL,BYTE PTR DS:[ESI+2]
0042F545 |. 8847 02
MOV BYTE PTR DS:[EDI+2],AL
0042F548 |. 8A46 01
MOV AL,BYTE PTR DS:[ESI+1]
0042F54B |. 8847 01
MOV BYTE PTR DS:[EDI+1],AL
0042F54E |. 8B45 08
MOV EAX,DWORD PTR SS:[EBP+8]
0042F551 |. 5E
POP ESI
0042F552 |. 5F
POP EDI
0042F553 |. C9
LEAVE
0042F554 \. C3
RETN
0042F555 /$ 8BFF
MOV EDI,EDI
0042F557 |. 56
PUSH ESI
0042F558 |. 6A 01
PUSH 1
0042F55A |. 68 D0154500 PUSH OFFSET 004515D0
ystemInfo.4515D0, PTR to ASCII "bad allocation"
0042F55F |. 8BF1
MOV ESI,ECX
0042F561 |. E8 83F5FFFF CALL 0042EAE9
fo.0042EAE9
0042F566 |. C706 88884400 MOV DWORD PTR DS:[ESI],OFFSET 00448888
0042F56C |. 8BC6
MOV EAX,ESI
0042F56E |. 5E
POP ESI
0042F56F \. C3
RETN
0042F570 /$ 8BFF
MOV EDI,EDI
o.0042F570(guessed Arg1)
0042F572 |. 55
PUSH EBP
0042F573 |. 8BEC
MOV EBP,ESP
0042F575 |. 83EC 0C
SUB ESP,0C

; Case 0 of

; Case 1 of

; Case 2 of

; Case 3 of

; /Arg2 = 1
; |Arg1 = S
; |
; \SystemIn

; SystemInf

0042F578 |. EB 0D
JMP SHORT 0042F587
0042F57A |> FF75 08
/PUSH DWORD PTR SS:[ARG.1]
[ARG.1]
0042F57D |. E8 1F720000 |CALL 004367A1
fo.004367A1
0042F582 |. 59
|POP ECX
0042F583 |. 85C0
|TEST EAX,EAX
0042F585 |. 74 0F
|JE SHORT 0042F596
0042F587 |> FF75 08
|PUSH DWORD PTR SS:[ARG.1]
[ARG.1]
0042F58A |. E8 A7640000 |CALL 00435A36
fo.00435A36
0042F58F |. 59
|POP ECX
0042F590 |. 85C0
|TEST EAX,EAX
0042F592 |.^ 74 E6
\JE SHORT 0042F57A
0042F594 |. C9
LEAVE
0042F595 |. C3
RETN
0042F596 |> F605 C02C4500 TEST BYTE PTR DS:[452CC0],01
0042F59D |. BE B42C4500 MOV ESI,OFFSET 00452CB4
0042F5A2 |. 75 19
JNE SHORT 0042F5BD
0042F5A4 |. 830D C02C4500 OR DWORD PTR DS:[452CC0],00000001
0042F5AB |. 8BCE
MOV ECX,ESI
0042F5AD |. E8 A3FFFFFF CALL 0042F555
0042F5B2 |. 68 F16F4400 PUSH 00446FF1
ystemInfo.446FF1
0042F5B7 |. E8 D73D0000 CALL 00433393
fo.00433393
0042F5BC |. 59
POP ECX
0042F5BD |> 56
PUSH ESI
0042F5BE |. 8D4D F4
LEA ECX,[LOCAL.3]
0042F5C1 |. E8 5A0DFEFF CALL 00410320
fo.00410320
0042F5C6 |. 68 30D84400 PUSH OFFSET 0044D830
ystemInfo.44D830
0042F5CB |. 8D45 F4
LEA EAX,[LOCAL.3]
0042F5CE |. 50
PUSH EAX
OFFSET LOCAL.3
0042F5CF |. E8 51F3FFFF CALL 0042E925
fo.0042E925
0042F5D4 |. CC
INT3
0042F5D5 |$ 8BFF
MOV EDI,EDI
o.0042F5D5(guessed Arg1,Arg2,Format)
0042F5D7 |. 55
PUSH EBP
0042F5D8 |. 8BEC
MOV EBP,ESP
0042F5DA |. 8D45 14
LEA EAX,[EBP+14]
0042F5DD |. 50
PUSH EAX
0042F5DE |. 6A 00
PUSH 0
0042F5E0 |. FF75 10
PUSH DWORD PTR SS:[EBP+10]
0042F5E3 |. FF75 0C
PUSH DWORD PTR SS:[EBP+0C]
0042F5E6 |. FF75 08
PUSH DWORD PTR SS:[EBP+8]
0042F5E9 |. E8 0B740000 CALL 004369F9
0042F5EE |. 83C4 14
ADD ESP,14
0042F5F1 |. 5D
POP EBP
0042F5F2 \. C3
RETN
0042F5F3 $ C3
RETN
0042F5F4 /$ B8 39754300 MOV EAX,00437539
0042F5F9 |. A3 F81D4500 MOV DWORD PTR DS:[451DF8],EAX
0042F5FE |. C705 FC1D4500 MOV DWORD PTR DS:[451DFC],00436C20
0042F608 |. C705 001E4500 MOV DWORD PTR DS:[451E00],00436BD4
0042F612 |. C705 041E4500 MOV DWORD PTR DS:[451E04],00436C0D

; /Arg1 =>
; \SystemIn

; /Arg1 =>
; \SystemIn

; /Arg1 = S
; \SystemIn
; /Arg1
; |
; \SystemIn
; /Arg2 = S
; |
; |Arg1 =>
; \SystemIn
; SystemInf

0042F61C |. C705 081E4500 MOV DWORD PTR DS:[451E08],00436B76


0042F626 |. A3 0C1E4500 MOV DWORD PTR DS:[451E0C],EAX
0042F62B |. C705 101E4500 MOV DWORD PTR DS:[451E10],004374B1
nt of procedure
0042F635 |. C705 141E4500 MOV DWORD PTR DS:[451E14],00436B92
nt of procedure
0042F63F |. C705 181E4500 MOV DWORD PTR DS:[451E18],00436AF4
nt of procedure
0042F649 |. C705 1C1E4500 MOV DWORD PTR DS:[451E1C],00436A81
nt of procedure
0042F653 \. C3
RETN
0042F654
8BFF
MOV EDI,EDI
0042F656 /. 55
PUSH EBP
0042F657 |. 8BEC
MOV EBP,ESP
0042F659 |. E8 96FFFFFF CALL 0042F5F4
0042F65E |. E8 837F0000 CALL 004375E6
fo.004375E6
0042F663 |. 837D 08 00
CMP DWORD PTR SS:[ARG.1],0
0042F667 |. A3 C82C4500 MOV DWORD PTR DS:[452CC8],EAX
0042F66C |. 74 05
JE SHORT 0042F673
0042F66E |. E8 0A7F0000 CALL 0043757D
0042F673 |> DBE2
FCLEX
0042F675 |. 5D
POP EBP
0042F676 \. C3
RETN
0042F677
CC
INT3
0042F678
CC
INT3
0042F679
CC
INT3
0042F67A
CC
INT3
0042F67B
CC
INT3
0042F67C
CC
INT3
0042F67D
CC
INT3
0042F67E
CC
INT3
0042F67F
CC
INT3
0042F680 /$ 55
PUSH EBP
o.0042F680(guessed Arg1,Arg2)
0042F681 |. 8BEC
MOV EBP,ESP
0042F683 |. 56
PUSH ESI
0042F684 |. 33C0
XOR EAX,EAX
0042F686 |. 50
PUSH EAX
0042F687 |. 50
PUSH EAX
0042F688 |. 50
PUSH EAX
0042F689 |. 50
PUSH EAX
0042F68A |. 50
PUSH EAX
0042F68B |. 50
PUSH EAX
0042F68C |. 50
PUSH EAX
0042F68D |. 50
PUSH EAX
0042F68E |. 8B55 0C
MOV EDX,DWORD PTR SS:[ARG.2]
0042F691 |. 8D49 00
LEA ECX,[ECX]
0042F694 |> 8A02
/MOV AL,BYTE PTR DS:[EDX]
0042F696 |. 0AC0
|OR AL,AL
0042F698 |. 74 09
|JE SHORT 0042F6A3
0042F69A |. 83C2 01
|ADD EDX,1
0042F69D |. 0FAB0424
|BTS DWORD PTR SS:[LOCAL.9],EAX
0042F6A1 |.^ EB F1
\JMP SHORT 0042F694
0042F6A3 |> 8B75 08
MOV ESI,DWORD PTR SS:[ARG.1]
0042F6A6 |. 83C9 FF
OR ECX,FFFFFFFF
0042F6A9 |. 8D49 00
LEA ECX,[ECX]
0042F6AC |> 83C1 01
/ADD ECX,1
0042F6AF |. 8A06
|MOV AL,BYTE PTR DS:[ESI]
0042F6B1 |. 0AC0
|OR AL,AL

; Entry poi
; Entry poi
; Entry poi
; Entry poi

; [SystemIn

; SystemInf

0042F6B3 |. 74 09
|JE SHORT 0042F6BE
0042F6B5 |. 83C6 01
|ADD ESI,1
0042F6B8 |. 0FA30424
|BT DWORD PTR SS:[LOCAL.9],EAX
0042F6BC |.^ 73 EE
\JNB SHORT 0042F6AC
0042F6BE |> 8BC1
MOV EAX,ECX
0042F6C0 |. 83C4 20
ADD ESP,20
0042F6C3 |. 5E
POP ESI
0042F6C4 |. C9
LEAVE
0042F6C5 \. C3
RETN
0042F6C6
CC
INT3
0042F6C7
CC
INT3
0042F6C8
CC
INT3
0042F6C9
CC
INT3
0042F6CA
CC
INT3
0042F6CB
CC
INT3
0042F6CC
CC
INT3
0042F6CD
CC
INT3
0042F6CE
CC
INT3
0042F6CF
CC
INT3
0042F6D0 /$ 8B4424 0C
MOV EAX,DWORD PTR SS:[ARG.3]
o.0042F6D0(guessed Arg1,Arg2,Arg3)
0042F6D4 |. 53
PUSH EBX
0042F6D5 |. 85C0
TEST EAX,EAX
0042F6D7 |. 74 52
JE SHORT 0042F72B
0042F6D9 |. 8B5424 08
MOV EDX,DWORD PTR SS:[ARG.1]
0042F6DD |. 33DB
XOR EBX,EBX
0042F6DF |. 8A5C24 0C
MOV BL,BYTE PTR SS:[ARG.2]
0042F6E3 |. F7C2 03000000 TEST EDX,00000003
0042F6E9 |. 74 16
JE SHORT 0042F701
0042F6EB |> 8A0A
/MOV CL,BYTE PTR DS:[EDX]
0042F6ED |. 83C2 01
|ADD EDX,1
0042F6F0 |. 32CB
|XOR CL,BL
0042F6F2 |. 74 72
|JE SHORT 0042F766
0042F6F4 |. 83E8 01
|SUB EAX,1
0042F6F7 |. 74 32
|JE SHORT 0042F72B
0042F6F9 |. F7C2 03000000 |TEST EDX,00000003
0042F6FF |.^ 75 EA
\JNE SHORT 0042F6EB
0042F701 |> 83E8 04
SUB EAX,4
ases 0..3, 2 exits)
0042F704 |. 72 12
JB SHORT 0042F718
0042F706 |. 57
PUSH EDI
0042F707 |. 8BFB
MOV EDI,EBX
0042F709 |. C1E3 08
SHL EBX,8
0042F70C |. 03DF
ADD EBX,EDI
0042F70E |. 8BFB
MOV EDI,EBX
0042F710 |. C1E3 10
SHL EBX,10
0042F713 |. 03DF
ADD EBX,EDI
0042F715 |. EB 1B
JMP SHORT 0042F732
0042F717 |> 5F
POP EDI
0042F718 |> 83C0 04
ADD EAX,4
1, 2, 3 of switch SystemInfo.42F701
0042F71B |. 74 0E
JE SHORT 0042F72B
0042F71D |> 8A0A
/MOV CL,BYTE PTR DS:[EDX]
0042F71F |. 83C2 01
|ADD EDX,1
0042F722 |. 32CB
|XOR CL,BL
0042F724 |. 74 40
|JE SHORT 0042F766
0042F726 |. 83E8 01
|SUB EAX,1
0042F729 |.^ 75 F2
\JNE SHORT 0042F71D
0042F72B |> 5B
POP EBX
0042F72C |. C3
RETN

; SystemInf

; Switch (c

; Cases 0,

0042F72D |> 83E8 04


/SUB EAX,4
0042F730 |.^ 72 E5
|JB SHORT 0042F717
0042F732 |> 8B0A
|MOV ECX,DWORD PTR DS:[EDX]
ase of switch SystemInfo.42F701
0042F734 |. 33CB
|XOR ECX,EBX
0042F736 |. BF FFFEFE7E |MOV EDI,7EFEFEFF
0042F73B |. 03F9
|ADD EDI,ECX
0042F73D |. 83F1 FF
|XOR ECX,FFFFFFFF
0042F740 |. 33CF
|XOR ECX,EDI
0042F742 |. 83C2 04
|ADD EDX,4
0042F745 |. 81E1 00010181 |AND ECX,81010100
0042F74B |.^ 74 E0
|JE SHORT 0042F72D
0042F74D |. 8B4A FC
|MOV ECX,DWORD PTR DS:[EDX-4]
0042F750 |. 32CB
|XOR CL,BL
0042F752 |. 74 23
|JE SHORT 0042F777
0042F754 |. 32EB
|XOR CH,BL
0042F756 |. 74 19
|JE SHORT 0042F771
0042F758 |. C1E9 10
|SHR ECX,10
0042F75B |. 32CB
|XOR CL,BL
0042F75D |. 74 0C
|JE SHORT 0042F76B
0042F75F |. 32EB
|XOR CH,BL
0042F761 |. 74 02
|JE SHORT 0042F765
0042F763 |.^ EB C8
\JMP SHORT 0042F72D
0042F765 |> 5F
POP EDI
0042F766 |> 8D42 FF
LEA EAX,[EDX-1]
0042F769 |. 5B
POP EBX
0042F76A |. C3
RETN
0042F76B |> 8D42 FE
LEA EAX,[EDX-2]
0042F76E |. 5F
POP EDI
0042F76F |. 5B
POP EBX
0042F770 |. C3
RETN
0042F771 |> 8D42 FD
LEA EAX,[EDX-3]
0042F774 |. 5F
POP EDI
0042F775 |. 5B
POP EBX
0042F776 |. C3
RETN
0042F777 |> 8D42 FC
LEA EAX,[EDX-4]
0042F77A |. 5F
POP EDI
0042F77B |. 5B
POP EBX
0042F77C \. C3
RETN
0042F77D /$ E8 905B0000 CALL 00435312
fo.00435312
0042F782 |. 8B48 6C
MOV ECX,DWORD PTR DS:[EAX+6C]
0042F785 |. 3B0D E01D4500 CMP ECX,DWORD PTR DS:[451DE0]
0042F78B |. 74 10
JE SHORT 0042F79D
0042F78D |. 8B0D F81C4500 MOV ECX,DWORD PTR DS:[451CF8]
0042F793 |. 8548 70
TEST DWORD PTR DS:[EAX+70],ECX
0042F796 |. 75 05
JNE SHORT 0042F79D
0042F798 |. E8 C3190000 CALL 00431160
fo.00431160
0042F79D |> A1 14164500 MOV EAX,DWORD PTR DS:[451614]
0042F7A2 \. C3
RETN
0042F7A3 /$ 8BFF
MOV EDI,EDI
o.0042F7A3(guessed Arg1,Arg2,Arg3,Arg4)
0042F7A5 |. 55
PUSH EBP
0042F7A6 |. 8BEC
MOV EBP,ESP
0042F7A8 |. 8B45 14
MOV EAX,DWORD PTR SS:[ARG.4]
0042F7AB |. 56
PUSH ESI
0042F7AC |. 57
PUSH EDI
0042F7AD |. 33FF
XOR EDI,EDI
0042F7AF |. 3BC7
CMP EAX,EDI

; Default c

; [SystemIn

; [SystemIn

; SystemInf

0042F7B1 |. 74 47
JE SHORT 0042F7FA
0042F7B3 |. 397D 08
CMP DWORD PTR SS:[ARG.1],EDI
0042F7B6 |. 75 1B
JNE SHORT 0042F7D3
0042F7B8 |> E8 404C0000 CALL 004343FD
fo.004343FD
0042F7BD |. 6A 16
PUSH 16
0042F7BF |. 5E
POP ESI
0042F7C0 |. 8930
MOV DWORD PTR DS:[EAX],ESI
0042F7C2 |> 57
PUSH EDI
0042F7C3 |. 57
PUSH EDI
0042F7C4 |. 57
PUSH EDI
0042F7C5 |. 57
PUSH EDI
0042F7C6 |. 57
PUSH EDI
0042F7C7 |. E8 96F0FFFF CALL 0042E862
fo.0042E862
0042F7CC |. 83C4 14
ADD ESP,14
0042F7CF |. 8BC6
MOV EAX,ESI
0042F7D1 |. EB 29
JMP SHORT 0042F7FC
0042F7D3 |> 397D 10
CMP DWORD PTR SS:[ARG.3],EDI
0042F7D6 |.^ 74 E0
JE SHORT 0042F7B8
0042F7D8 |. 3945 0C
CMP DWORD PTR SS:[ARG.2],EAX
0042F7DB |. 73 0E
JNB SHORT 0042F7EB
0042F7DD |. E8 1B4C0000 CALL 004343FD
fo.004343FD
0042F7E2 |. 6A 22
PUSH 22
0042F7E4 |. 59
POP ECX
0042F7E5 |. 8908
MOV DWORD PTR DS:[EAX],ECX
0042F7E7 |. 8BF1
MOV ESI,ECX
0042F7E9 |.^ EB D7
JMP SHORT 0042F7C2
0042F7EB |> 50
PUSH EAX
[ARG.4]
0042F7EC |. FF75 10
PUSH DWORD PTR SS:[ARG.3]
[ARG.3]
0042F7EF |. FF75 08
PUSH DWORD PTR SS:[ARG.1]
[ARG.1]
0042F7F2 |. E8 197E0000 CALL 00437610
fo.00437610
0042F7F7 |. 83C4 0C
ADD ESP,0C
0042F7FA |> 33C0
XOR EAX,EAX
0042F7FC |> 5F
POP EDI
0042F7FD |. 5E
POP ESI
0042F7FE |. 5D
POP EBP
0042F7FF \. C3
RETN
0042F800 /$ 8BFF
MOV EDI,EDI
o.0042F800(guessed Arg1)
0042F802 |. 55
PUSH EBP
0042F803 |. 8BEC
MOV EBP,ESP
0042F805 |. 5D
POP EBP
0042F806 \.^ E9 0FF1FFFF JMP 0042E91A
0042F80B /$ 8BFF
MOV EDI,EDI
o.0042F80B(guessed Arg1,Arg2,Arg3)
0042F80D |. 55
PUSH EBP
0042F80E |. 8BEC
MOV EBP,ESP
0042F810 |. 56
PUSH ESI
0042F811 |. 57
PUSH EDI
0042F812 |. 8B7D 10
MOV EDI,DWORD PTR SS:[ARG.3]
0042F815 |. 8BC7
MOV EAX,EDI
0042F817 |. 83E8 00
SUB EAX,0
ases 0..4, 6 exits)
0042F81A |. 0F84 E5150000 JE 00430E05

; [SystemIn

;
;
;
;
;
;

/Arg5
|Arg4
|Arg3
|Arg2
|Arg1
\SystemIn

; [SystemIn

; /Arg3 =>
; |Arg2 =>
; |Arg1 =>
; \SystemIn

; SystemInf

; SystemInf

; Switch (c

0042F820 |.
0042F821 |.
0042F827 |.
0042F828 |.
0042F82E |.
0042F82F |.
0042F835 |.
0042F836 |.
0042F83C |.
ase of switch
0042F83F |.
0042F842 |.
0042F843 |.
0042F845 |.
0042F846 |.
0042F84B |>
0042F84D |.
0042F84F |.
0042F851 |.
0042F854 |.
0042F857 |.
0042F859 |.
0042F85B |.
0042F85D |.
0042F85F |.
0042F862 |.
0042F866 |.
0042F868 |.
0042F86A |.
0042F870 |>
0042F874 |.
0042F878 |.
0042F87A |.
0042F87C |.
0042F87E |.
0042F880 |.
0042F883 |.
0042F887 |.
0042F889 |.
0042F88B |.
0042F891 |>
0042F895 |.
0042F899 |.
0042F89B |.
0042F89D |.
0042F89F |.
0042F8A1 |.
0042F8A4 |.
0042F8A8 |.
0042F8AA |.
0042F8AC |.
0042F8B2 |>
0042F8B6 |.
0042F8BA |.
0042F8BC |.
0042F8BE |.
0042F8C0 |.
0042F8C2 |.
0042F8C5 |.
0042F8C9 |.

48
DEC EAX
0F84 CD150000 JE 00430DF4
48
DEC EAX
0F84 98150000 JE 00430DC6
48
DEC EAX
0F84 49150000 JE 00430D7E
48
DEC EAX
0F84 B9140000 JE 00430CF5
8B4D 0C
MOV ECX,DWORD PTR SS:[ARG.2]
SystemInfo.42F817
8B45 08
MOV EAX,DWORD PTR SS:[ARG.1]
53
PUSH EBX
6A 20
PUSH 20
5A
POP EDX
E9 72040000 JMP 0042FCBD
8B30
/MOV ESI,DWORD PTR DS:[EAX]
3B31
|CMP ESI,DWORD PTR DS:[ECX]
74 7C
|JE SHORT 0042F8CD
0FB630
|MOVZX ESI,BYTE PTR DS:[EAX]
0FB619
|MOVZX EBX,BYTE PTR DS:[ECX]
2BF3
|SUB ESI,EBX
74 15
|JE SHORT 0042F870
33DB
|XOR EBX,EBX
85F6
|TEST ESI,ESI
0F9FC3
|SETG BL
8D5C1B FF
|LEA EBX,[EBX+EBX-1]
8BF3
|MOV ESI,EBX
85F6
|TEST ESI,ESI
0F85 69040000 |JNE 0042FCD9
0FB670 01
|MOVZX ESI,BYTE PTR DS:[EAX+1]
0FB659 01
|MOVZX EBX,BYTE PTR DS:[ECX+1]
2BF3
|SUB ESI,EBX
74 15
|JE SHORT 0042F891
33DB
|XOR EBX,EBX
85F6
|TEST ESI,ESI
0F9FC3
|SETG BL
8D5C1B FF
|LEA EBX,[EBX+EBX-1]
8BF3
|MOV ESI,EBX
85F6
|TEST ESI,ESI
0F85 48040000 |JNE 0042FCD9
0FB670 02
|MOVZX ESI,BYTE PTR DS:[EAX+2]
0FB659 02
|MOVZX EBX,BYTE PTR DS:[ECX+2]
2BF3
|SUB ESI,EBX
74 15
|JE SHORT 0042F8B2
33DB
|XOR EBX,EBX
85F6
|TEST ESI,ESI
0F9FC3
|SETG BL
8D5C1B FF
|LEA EBX,[EBX+EBX-1]
8BF3
|MOV ESI,EBX
85F6
|TEST ESI,ESI
0F85 27040000 |JNE 0042FCD9
0FB670 03
|MOVZX ESI,BYTE PTR DS:[EAX+3]
0FB659 03
|MOVZX EBX,BYTE PTR DS:[ECX+3]
2BF3
|SUB ESI,EBX
74 11
|JE SHORT 0042F8CF
33DB
|XOR EBX,EBX
85F6
|TEST ESI,ESI
0F9FC3
|SETG BL
8D5C1B FF
|LEA EBX,[EBX+EBX-1]
8BF3
|MOV ESI,EBX

; Default c

0042F8CB
0042F8CD
0042F8CF
0042F8D1
0042F8D7
0042F8DA
0042F8DD
0042F8DF
0042F8E3
0042F8E7
0042F8E9
0042F8EB
0042F8ED
0042F8EF
0042F8F2
0042F8F6
0042F8F8
0042F8FA
0042F900
0042F904
0042F908
0042F90A
0042F90C
0042F90E
0042F910
0042F913
0042F917
0042F919
0042F91B
0042F921
0042F925
0042F929
0042F92B
0042F92D
0042F92F
0042F931
0042F934
0042F938
0042F93A
0042F93C
0042F942
0042F946
0042F94A
0042F94C
0042F94E
0042F950
0042F952
0042F955
0042F959
0042F95B
0042F95D
0042F95F
0042F961
0042F967
0042F96A
0042F96D
0042F96F
0042F973
0042F977
0042F979

|.
|>
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|>
|.
|.
|.
|.
|.
|.
|.
|.

EB 02
33F6
85F6
0F85 02040000
8B70 04
3B71 04
74 7E
0FB670 04
0FB659 04
2BF3
74 15
33DB
85F6
0F9FC3
8D5C1B FF
8BF3
85F6
0F85 D9030000
0FB670 05
0FB659 05
2BF3
74 15
33DB
85F6
0F9FC3
8D5C1B FF
8BF3
85F6
0F85 B8030000
0FB670 06
0FB659 06
2BF3
74 15
33DB
85F6
0F9FC3
8D5C1B FF
8BF3
85F6
0F85 97030000
0FB670 07
0FB659 07
2BF3
74 11
33DB
85F6
0F9FC3
8D5C1B FF
8BF3
EB 02
33F6
85F6
0F85 72030000
8B70 08
3B71 08
74 7E
0FB670 08
0FB659 08
2BF3
74 15

|JMP SHORT 0042F8CF


|XOR ESI,ESI
|TEST ESI,ESI
|JNE 0042FCD9
|MOV ESI,DWORD PTR DS:[EAX+4]
|CMP ESI,DWORD PTR DS:[ECX+4]
|JE SHORT 0042F95D
|MOVZX ESI,BYTE PTR DS:[EAX+4]
|MOVZX EBX,BYTE PTR DS:[ECX+4]
|SUB ESI,EBX
|JE SHORT 0042F900
|XOR EBX,EBX
|TEST ESI,ESI
|SETG BL
|LEA EBX,[EBX+EBX-1]
|MOV ESI,EBX
|TEST ESI,ESI
|JNE 0042FCD9
|MOVZX ESI,BYTE PTR DS:[EAX+5]
|MOVZX EBX,BYTE PTR DS:[ECX+5]
|SUB ESI,EBX
|JE SHORT 0042F921
|XOR EBX,EBX
|TEST ESI,ESI
|SETG BL
|LEA EBX,[EBX+EBX-1]
|MOV ESI,EBX
|TEST ESI,ESI
|JNE 0042FCD9
|MOVZX ESI,BYTE PTR DS:[EAX+6]
|MOVZX EBX,BYTE PTR DS:[ECX+6]
|SUB ESI,EBX
|JE SHORT 0042F942
|XOR EBX,EBX
|TEST ESI,ESI
|SETG BL
|LEA EBX,[EBX+EBX-1]
|MOV ESI,EBX
|TEST ESI,ESI
|JNE 0042FCD9
|MOVZX ESI,BYTE PTR DS:[EAX+7]
|MOVZX EBX,BYTE PTR DS:[ECX+7]
|SUB ESI,EBX
|JE SHORT 0042F95F
|XOR EBX,EBX
|TEST ESI,ESI
|SETG BL
|LEA EBX,[EBX+EBX-1]
|MOV ESI,EBX
|JMP SHORT 0042F95F
|XOR ESI,ESI
|TEST ESI,ESI
|JNE 0042FCD9
|MOV ESI,DWORD PTR DS:[EAX+8]
|CMP ESI,DWORD PTR DS:[ECX+8]
|JE SHORT 0042F9ED
|MOVZX ESI,BYTE PTR DS:[EAX+8]
|MOVZX EBX,BYTE PTR DS:[ECX+8]
|SUB ESI,EBX
|JE SHORT 0042F990

0042F97B
0042F97D
0042F97F
0042F982
0042F986
0042F988
0042F98A
0042F990
0042F994
0042F998
0042F99A
0042F99C
0042F99E
0042F9A0
0042F9A3
0042F9A7
0042F9A9
0042F9AB
0042F9B1
0042F9B5
0042F9B9
0042F9BB
0042F9BD
0042F9BF
0042F9C1
0042F9C4
0042F9C8
0042F9CA
0042F9CC
0042F9D2
0042F9D6
0042F9DA
0042F9DC
0042F9DE
0042F9E0
0042F9E2
0042F9E5
0042F9E9
0042F9EB
0042F9ED
0042F9EF
0042F9F1
0042F9F7
0042F9FA
0042F9FD
0042F9FF
0042FA03
0042FA07
0042FA09
0042FA0B
0042FA0D
0042FA0F
0042FA12
0042FA16
0042FA18
0042FA1A
0042FA20
0042FA24
0042FA28
0042FA2A

|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.

33DB
85F6
0F9FC3
8D5C1B FF
8BF3
85F6
0F85 49030000
0FB670 09
0FB659 09
2BF3
74 15
33DB
85F6
0F9FC3
8D5C1B FF
8BF3
85F6
0F85 28030000
0FB670 0A
0FB659 0A
2BF3
74 15
33DB
85F6
0F9FC3
8D5C1B FF
8BF3
85F6
0F85 07030000
0FB670 0B
0FB659 0B
2BF3
74 11
33DB
85F6
0F9FC3
8D5C1B FF
8BF3
EB 02
33F6
85F6
0F85 E2020000
8B70 0C
3B71 0C
74 7E
0FB670 0C
0FB659 0C
2BF3
74 15
33DB
85F6
0F9FC3
8D5C1B FF
8BF3
85F6
0F85 B9020000
0FB670 0D
0FB659 0D
2BF3
74 15

|XOR EBX,EBX
|TEST ESI,ESI
|SETG BL
|LEA EBX,[EBX+EBX-1]
|MOV ESI,EBX
|TEST ESI,ESI
|JNE 0042FCD9
|MOVZX ESI,BYTE PTR DS:[EAX+9]
|MOVZX EBX,BYTE PTR DS:[ECX+9]
|SUB ESI,EBX
|JE SHORT 0042F9B1
|XOR EBX,EBX
|TEST ESI,ESI
|SETG BL
|LEA EBX,[EBX+EBX-1]
|MOV ESI,EBX
|TEST ESI,ESI
|JNE 0042FCD9
|MOVZX ESI,BYTE PTR DS:[EAX+0A]
|MOVZX EBX,BYTE PTR DS:[ECX+0A]
|SUB ESI,EBX
|JE SHORT 0042F9D2
|XOR EBX,EBX
|TEST ESI,ESI
|SETG BL
|LEA EBX,[EBX+EBX-1]
|MOV ESI,EBX
|TEST ESI,ESI
|JNE 0042FCD9
|MOVZX ESI,BYTE PTR DS:[EAX+0B]
|MOVZX EBX,BYTE PTR DS:[ECX+0B]
|SUB ESI,EBX
|JE SHORT 0042F9EF
|XOR EBX,EBX
|TEST ESI,ESI
|SETG BL
|LEA EBX,[EBX+EBX-1]
|MOV ESI,EBX
|JMP SHORT 0042F9EF
|XOR ESI,ESI
|TEST ESI,ESI
|JNE 0042FCD9
|MOV ESI,DWORD PTR DS:[EAX+0C]
|CMP ESI,DWORD PTR DS:[ECX+0C]
|JE SHORT 0042FA7D
|MOVZX ESI,BYTE PTR DS:[EAX+0C]
|MOVZX EBX,BYTE PTR DS:[ECX+0C]
|SUB ESI,EBX
|JE SHORT 0042FA20
|XOR EBX,EBX
|TEST ESI,ESI
|SETG BL
|LEA EBX,[EBX+EBX-1]
|MOV ESI,EBX
|TEST ESI,ESI
|JNE 0042FCD9
|MOVZX ESI,BYTE PTR DS:[EAX+0D]
|MOVZX EBX,BYTE PTR DS:[ECX+0D]
|SUB ESI,EBX
|JE SHORT 0042FA41

0042FA2C
0042FA2E
0042FA30
0042FA33
0042FA37
0042FA39
0042FA3B
0042FA41
0042FA45
0042FA49
0042FA4B
0042FA4D
0042FA4F
0042FA51
0042FA54
0042FA58
0042FA5A
0042FA5C
0042FA62
0042FA66
0042FA6A
0042FA6C
0042FA6E
0042FA70
0042FA72
0042FA75
0042FA79
0042FA7B
0042FA7D
0042FA7F
0042FA81
0042FA87
0042FA8A
0042FA8D
0042FA8F
0042FA93
0042FA97
0042FA99
0042FA9B
0042FA9D
0042FA9F
0042FAA2
0042FAA6
0042FAA8
0042FAAA
0042FAB0
0042FAB4
0042FAB8
0042FABA
0042FABC
0042FABE
0042FAC0
0042FAC3
0042FAC7
0042FAC9
0042FACB
0042FAD1
0042FAD5
0042FAD9
0042FADB

|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.

33DB
85F6
0F9FC3
8D5C1B FF
8BF3
85F6
0F85 98020000
0FB670 0E
0FB659 0E
2BF3
74 15
33DB
85F6
0F9FC3
8D5C1B FF
8BF3
85F6
0F85 77020000
0FB670 0F
0FB659 0F
2BF3
74 11
33DB
85F6
0F9FC3
8D5C1B FF
8BF3
EB 02
33F6
85F6
0F85 52020000
8B70 10
3B71 10
74 7E
0FB659 10
0FB670 10
2BF3
74 15
33DB
85F6
0F9FC3
8D5C1B FF
8BF3
85F6
0F85 29020000
0FB670 11
0FB659 11
2BF3
74 15
33DB
85F6
0F9FC3
8D5C1B FF
8BF3
85F6
0F85 08020000
0FB670 12
0FB659 12
2BF3
74 15

|XOR EBX,EBX
|TEST ESI,ESI
|SETG BL
|LEA EBX,[EBX+EBX-1]
|MOV ESI,EBX
|TEST ESI,ESI
|JNE 0042FCD9
|MOVZX ESI,BYTE PTR DS:[EAX+0E]
|MOVZX EBX,BYTE PTR DS:[ECX+0E]
|SUB ESI,EBX
|JE SHORT 0042FA62
|XOR EBX,EBX
|TEST ESI,ESI
|SETG BL
|LEA EBX,[EBX+EBX-1]
|MOV ESI,EBX
|TEST ESI,ESI
|JNE 0042FCD9
|MOVZX ESI,BYTE PTR DS:[EAX+0F]
|MOVZX EBX,BYTE PTR DS:[ECX+0F]
|SUB ESI,EBX
|JE SHORT 0042FA7F
|XOR EBX,EBX
|TEST ESI,ESI
|SETG BL
|LEA EBX,[EBX+EBX-1]
|MOV ESI,EBX
|JMP SHORT 0042FA7F
|XOR ESI,ESI
|TEST ESI,ESI
|JNE 0042FCD9
|MOV ESI,DWORD PTR DS:[EAX+10]
|CMP ESI,DWORD PTR DS:[ECX+10]
|JE SHORT 0042FB0D
|MOVZX EBX,BYTE PTR DS:[ECX+10]
|MOVZX ESI,BYTE PTR DS:[EAX+10]
|SUB ESI,EBX
|JE SHORT 0042FAB0
|XOR EBX,EBX
|TEST ESI,ESI
|SETG BL
|LEA EBX,[EBX+EBX-1]
|MOV ESI,EBX
|TEST ESI,ESI
|JNE 0042FCD9
|MOVZX ESI,BYTE PTR DS:[EAX+11]
|MOVZX EBX,BYTE PTR DS:[ECX+11]
|SUB ESI,EBX
|JE SHORT 0042FAD1
|XOR EBX,EBX
|TEST ESI,ESI
|SETG BL
|LEA EBX,[EBX+EBX-1]
|MOV ESI,EBX
|TEST ESI,ESI
|JNE 0042FCD9
|MOVZX ESI,BYTE PTR DS:[EAX+12]
|MOVZX EBX,BYTE PTR DS:[ECX+12]
|SUB ESI,EBX
|JE SHORT 0042FAF2

0042FADD
0042FADF
0042FAE1
0042FAE4
0042FAE8
0042FAEA
0042FAEC
0042FAF2
0042FAF6
0042FAFA
0042FAFC
0042FAFE
0042FB00
0042FB02
0042FB05
0042FB09
0042FB0B
0042FB0D
0042FB0F
0042FB11
0042FB17
0042FB1A
0042FB1D
0042FB1F
0042FB23
0042FB27
0042FB29
0042FB2B
0042FB2D
0042FB2F
0042FB32
0042FB36
0042FB38
0042FB3A
0042FB40
0042FB44
0042FB48
0042FB4A
0042FB4C
0042FB4E
0042FB50
0042FB53
0042FB57
0042FB59
0042FB5B
0042FB61
0042FB65
0042FB69
0042FB6B
0042FB6D
0042FB6F
0042FB71
0042FB74
0042FB78
0042FB7A
0042FB7C
0042FB82
0042FB86
0042FB8A
0042FB8C

|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.

33DB
85F6
0F9FC3
8D5C1B FF
8BF3
85F6
0F85 E7010000
0FB670 13
0FB659 13
2BF3
74 11
33DB
85F6
0F9FC3
8D5C1B FF
8BF3
EB 02
33F6
85F6
0F85 C2010000
8B70 14
3B71 14
74 7E
0FB670 14
0FB659 14
2BF3
74 15
33DB
85F6
0F9FC3
8D5C1B FF
8BF3
85F6
0F85 99010000
0FB670 15
0FB659 15
2BF3
74 15
33DB
85F6
0F9FC3
8D5C1B FF
8BF3
85F6
0F85 78010000
0FB670 16
0FB659 16
2BF3
74 15
33DB
85F6
0F9FC3
8D5C1B FF
8BF3
85F6
0F85 57010000
0FB670 17
0FB659 17
2BF3
74 11

|XOR EBX,EBX
|TEST ESI,ESI
|SETG BL
|LEA EBX,[EBX+EBX-1]
|MOV ESI,EBX
|TEST ESI,ESI
|JNE 0042FCD9
|MOVZX ESI,BYTE PTR DS:[EAX+13]
|MOVZX EBX,BYTE PTR DS:[ECX+13]
|SUB ESI,EBX
|JE SHORT 0042FB0F
|XOR EBX,EBX
|TEST ESI,ESI
|SETG BL
|LEA EBX,[EBX+EBX-1]
|MOV ESI,EBX
|JMP SHORT 0042FB0F
|XOR ESI,ESI
|TEST ESI,ESI
|JNE 0042FCD9
|MOV ESI,DWORD PTR DS:[EAX+14]
|CMP ESI,DWORD PTR DS:[ECX+14]
|JE SHORT 0042FB9D
|MOVZX ESI,BYTE PTR DS:[EAX+14]
|MOVZX EBX,BYTE PTR DS:[ECX+14]
|SUB ESI,EBX
|JE SHORT 0042FB40
|XOR EBX,EBX
|TEST ESI,ESI
|SETG BL
|LEA EBX,[EBX+EBX-1]
|MOV ESI,EBX
|TEST ESI,ESI
|JNE 0042FCD9
|MOVZX ESI,BYTE PTR DS:[EAX+15]
|MOVZX EBX,BYTE PTR DS:[ECX+15]
|SUB ESI,EBX
|JE SHORT 0042FB61
|XOR EBX,EBX
|TEST ESI,ESI
|SETG BL
|LEA EBX,[EBX+EBX-1]
|MOV ESI,EBX
|TEST ESI,ESI
|JNE 0042FCD9
|MOVZX ESI,BYTE PTR DS:[EAX+16]
|MOVZX EBX,BYTE PTR DS:[ECX+16]
|SUB ESI,EBX
|JE SHORT 0042FB82
|XOR EBX,EBX
|TEST ESI,ESI
|SETG BL
|LEA EBX,[EBX+EBX-1]
|MOV ESI,EBX
|TEST ESI,ESI
|JNE 0042FCD9
|MOVZX ESI,BYTE PTR DS:[EAX+17]
|MOVZX EBX,BYTE PTR DS:[ECX+17]
|SUB ESI,EBX
|JE SHORT 0042FB9F

0042FB8E
0042FB90
0042FB92
0042FB95
0042FB99
0042FB9B
0042FB9D
0042FB9F
0042FBA1
0042FBA7
0042FBAA
0042FBAD
0042FBAF
0042FBB3
0042FBB7
0042FBB9
0042FBBB
0042FBBD
0042FBBF
0042FBC2
0042FBC6
0042FBC8
0042FBCA
0042FBD0
0042FBD4
0042FBD8
0042FBDA
0042FBDC
0042FBDE
0042FBE0
0042FBE3
0042FBE7
0042FBE9
0042FBEB
0042FBF1
0042FBF5
0042FBF9
0042FBFB
0042FBFD
0042FBFF
0042FC01
0042FC04
0042FC08
0042FC0A
0042FC0C
0042FC12
0042FC16
0042FC1A
0042FC1C
0042FC1E
0042FC20
0042FC22
0042FC25
0042FC29
0042FC2B
0042FC2D
0042FC2F
0042FC31
0042FC37
0042FC3A

|.
|.
|.
|.
|.
|.
|>
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|>
|.
|.
|.

33DB
85F6
0F9FC3
8D5C1B FF
8BF3
EB 02
33F6
85F6
0F85 32010000
8B70 18
3B71 18
74 7E
0FB670 18
0FB659 18
2BF3
74 15
33DB
85F6
0F9FC3
8D5C1B FF
8BF3
85F6
0F85 09010000
0FB670 19
0FB659 19
2BF3
74 15
33DB
85F6
0F9FC3
8D5C1B FF
8BF3
85F6
0F85 E8000000
0FB670 1A
0FB659 1A
2BF3
74 15
33DB
85F6
0F9FC3
8D5C1B FF
8BF3
85F6
0F85 C7000000
0FB670 1B
0FB659 1B
2BF3
74 11
33DB
85F6
0F9FC3
8D5C1B FF
8BF3
EB 02
33F6
85F6
0F85 A2000000
8B70 1C
3B71 1C

|XOR EBX,EBX
|TEST ESI,ESI
|SETG BL
|LEA EBX,[EBX+EBX-1]
|MOV ESI,EBX
|JMP SHORT 0042FB9F
|XOR ESI,ESI
|TEST ESI,ESI
|JNE 0042FCD9
|MOV ESI,DWORD PTR DS:[EAX+18]
|CMP ESI,DWORD PTR DS:[ECX+18]
|JE SHORT 0042FC2D
|MOVZX ESI,BYTE PTR DS:[EAX+18]
|MOVZX EBX,BYTE PTR DS:[ECX+18]
|SUB ESI,EBX
|JE SHORT 0042FBD0
|XOR EBX,EBX
|TEST ESI,ESI
|SETG BL
|LEA EBX,[EBX+EBX-1]
|MOV ESI,EBX
|TEST ESI,ESI
|JNE 0042FCD9
|MOVZX ESI,BYTE PTR DS:[EAX+19]
|MOVZX EBX,BYTE PTR DS:[ECX+19]
|SUB ESI,EBX
|JE SHORT 0042FBF1
|XOR EBX,EBX
|TEST ESI,ESI
|SETG BL
|LEA EBX,[EBX+EBX-1]
|MOV ESI,EBX
|TEST ESI,ESI
|JNE 0042FCD9
|MOVZX ESI,BYTE PTR DS:[EAX+1A]
|MOVZX EBX,BYTE PTR DS:[ECX+1A]
|SUB ESI,EBX
|JE SHORT 0042FC12
|XOR EBX,EBX
|TEST ESI,ESI
|SETG BL
|LEA EBX,[EBX+EBX-1]
|MOV ESI,EBX
|TEST ESI,ESI
|JNE 0042FCD9
|MOVZX ESI,BYTE PTR DS:[EAX+1B]
|MOVZX EBX,BYTE PTR DS:[ECX+1B]
|SUB ESI,EBX
|JE SHORT 0042FC2F
|XOR EBX,EBX
|TEST ESI,ESI
|SETG BL
|LEA EBX,[EBX+EBX-1]
|MOV ESI,EBX
|JMP SHORT 0042FC2F
|XOR ESI,ESI
|TEST ESI,ESI
|JNE 0042FCD9
|MOV ESI,DWORD PTR DS:[EAX+1C]
|CMP ESI,DWORD PTR DS:[ECX+1C]

0042FC3D |. 74 72
0042FC3F |. 0FB670 1C
0042FC43 |. 0FB659 1C
0042FC47 |. 2BF3
0042FC49 |. 74 11
0042FC4B |. 33DB
0042FC4D |. 85F6
0042FC4F |. 0F9FC3
0042FC52 |. 8D5C1B FF
0042FC56 |. 8BF3
0042FC58 |. 85F6
0042FC5A |. 75 7D
0042FC5C |> 0FB670 1D
0042FC60 |. 0FB659 1D
0042FC64 |. 2BF3
0042FC66 |. 74 11
0042FC68 |. 33DB
0042FC6A |. 85F6
0042FC6C |. 0F9FC3
0042FC6F |. 8D5C1B FF
0042FC73 |. 8BF3
0042FC75 |. 85F6
0042FC77 |. 75 60
0042FC79 |> 0FB670 1E
0042FC7D |. 0FB659 1E
0042FC81 |. 2BF3
0042FC83 |. 74 11
0042FC85 |. 33DB
0042FC87 |. 85F6
0042FC89 |. 0F9FC3
0042FC8C |. 8D5C1B FF
0042FC90 |. 8BF3
0042FC92 |. 85F6
0042FC94 |. 75 43
0042FC96 |> 0FB670 1F
0042FC9A |. 0FB659 1F
0042FC9E |. 2BF3
0042FCA0 |. 74 11
0042FCA2 |. 33DB
0042FCA4 |. 85F6
0042FCA6 |. 0F9FC3
0042FCA9 |. 8D5C1B FF
0042FCAD |. 8BF3
0042FCAF |. EB 02
0042FCB1 |> 33F6
0042FCB3 |> 85F6
0042FCB5 |. 75 22
0042FCB7 |. 03C2
0042FCB9 |. 03CA
0042FCBB |. 2BFA
0042FCBD |> 3BFA
0042FCBF |.^ 0F83 86FBFFFF
0042FCC5 |. 03C7
0042FCC7 |. 03CF
0042FCC9 |. 83FF 1F
ases 1..1F, 32. exits)
0042FCCC |. 0F87 DA030000
0042FCD2 |. FF24BD 0B0E43
0042FCD9 |> 8BC6
0042FCDB |. E9 CE030000

|JE SHORT 0042FCB1


|MOVZX ESI,BYTE PTR DS:[EAX+1C]
|MOVZX EBX,BYTE PTR DS:[ECX+1C]
|SUB ESI,EBX
|JE SHORT 0042FC5C
|XOR EBX,EBX
|TEST ESI,ESI
|SETG BL
|LEA EBX,[EBX+EBX-1]
|MOV ESI,EBX
|TEST ESI,ESI
|JNE SHORT 0042FCD9
|MOVZX ESI,BYTE PTR DS:[EAX+1D]
|MOVZX EBX,BYTE PTR DS:[ECX+1D]
|SUB ESI,EBX
|JE SHORT 0042FC79
|XOR EBX,EBX
|TEST ESI,ESI
|SETG BL
|LEA EBX,[EBX+EBX-1]
|MOV ESI,EBX
|TEST ESI,ESI
|JNE SHORT 0042FCD9
|MOVZX ESI,BYTE PTR DS:[EAX+1E]
|MOVZX EBX,BYTE PTR DS:[ECX+1E]
|SUB ESI,EBX
|JE SHORT 0042FC96
|XOR EBX,EBX
|TEST ESI,ESI
|SETG BL
|LEA EBX,[EBX+EBX-1]
|MOV ESI,EBX
|TEST ESI,ESI
|JNE SHORT 0042FCD9
|MOVZX ESI,BYTE PTR DS:[EAX+1F]
|MOVZX EBX,BYTE PTR DS:[ECX+1F]
|SUB ESI,EBX
|JE SHORT 0042FCB3
|XOR EBX,EBX
|TEST ESI,ESI
|SETG BL
|LEA EBX,[EBX+EBX-1]
|MOV ESI,EBX
|JMP SHORT 0042FCB3
|XOR ESI,ESI
|TEST ESI,ESI
|JNE SHORT 0042FCD9
|ADD EAX,EDX
|ADD ECX,EDX
|SUB EDI,EDX
|CMP EDI,EDX
\JNB 0042F84B
ADD EAX,EDI
ADD ECX,EDI
CMP EDI,1F
JA 004300AC
JMP DWORD PTR DS:[EDI*4+430E0B]
MOV EAX,ESI
JMP 004300AE

; Switch (c

0042FCE0
f switch
0042FCE3
0042FCE6
0042FCE8
0042FCEB
0042FCEF
0042FCF1
0042FCF3
0042FCF5
0042FCF7
0042FCFA
0042FCFE
0042FD00
0042FD02
0042FD04
0042FD08
0042FD0C
0042FD0E
0042FD10
0042FD12
0042FD14
0042FD17
0042FD1B
0042FD1D
0042FD1F
0042FD21
0042FD25
0042FD29
0042FD2B
0042FD2D
0042FD2F
0042FD31
0042FD34
0042FD38
0042FD3A
0042FD3C
0042FD3E
0042FD42
0042FD46
0042FD48
0042FD4A
0042FD4C
0042FD4E
0042FD51
0042FD55
0042FD57
0042FD59
0042FD5B
0042FD5D
0042FD63
f switch
0042FD66
0042FD69
0042FD6B
0042FD6E
0042FD72
0042FD74
0042FD76
0042FD78

|> 8B50 E4
SystemInfo.42FCC9
|. 3B51 E4
|. 74 71
|. 0FB6F2
|. 0FB651 E4
|. 2BF2
|. 74 11
|. 33D2
|. 85F6
|. 0F9FC2
|. 8D5412 FF
|. 8BF2
|. 85F6
|.^ 75 D5
|> 0FB670 E5
|. 0FB651 E5
|. 2BF2
|. 74 11
|. 33D2
|. 85F6
|. 0F9FC2
|. 8D5412 FF
|. 8BF2
|. 85F6
|.^ 75 B8
|> 0FB670 E6
|. 0FB651 E6
|. 2BF2
|. 74 11
|. 33D2
|. 85F6
|. 0F9FC2
|. 8D5412 FF
|. 8BF2
|. 85F6
|.^ 75 9B
|> 0FB670 E7
|. 0FB651 E7
|. 2BF2
|. 74 11
|. 33D2
|. 85F6
|. 0F9FC2
|. 8D5412 FF
|. 8BF2
|. EB 02
|> 33F6
|> 85F6
|.^ 0F85 76FFFFFF
|> 8B50 E8
SystemInfo.42FCC9
|. 3B51 E8
|. 74 7D
|. 0FB6F2
|. 0FB651 E8
|. 2BF2
|. 74 15
|. 33D2
|. 85F6

MOV EDX,DWORD PTR DS:[EAX-1C]

; Case 1C o

CMP EDX,DWORD PTR DS:[ECX-1C]


JE SHORT 0042FD59
MOVZX ESI,DL
MOVZX EDX,BYTE PTR DS:[ECX-1C]
SUB ESI,EDX
JE SHORT 0042FD04
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
TEST ESI,ESI
JNE SHORT 0042FCD9
MOVZX ESI,BYTE PTR DS:[EAX-1B]
MOVZX EDX,BYTE PTR DS:[ECX-1B]
SUB ESI,EDX
JE SHORT 0042FD21
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
TEST ESI,ESI
JNE SHORT 0042FCD9
MOVZX ESI,BYTE PTR DS:[EAX-1A]
MOVZX EDX,BYTE PTR DS:[ECX-1A]
SUB ESI,EDX
JE SHORT 0042FD3E
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
TEST ESI,ESI
JNE SHORT 0042FCD9
MOVZX ESI,BYTE PTR DS:[EAX-19]
MOVZX EDX,BYTE PTR DS:[ECX-19]
SUB ESI,EDX
JE SHORT 0042FD5B
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
JMP SHORT 0042FD5B
XOR ESI,ESI
TEST ESI,ESI
JNE 0042FCD9
MOV EDX,DWORD PTR DS:[EAX-18]

; Case 18 o

CMP EDX,DWORD PTR DS:[ECX-18]


JE SHORT 0042FDE8
MOVZX ESI,DL
MOVZX EDX,BYTE PTR DS:[ECX-18]
SUB ESI,EDX
JE SHORT 0042FD8B
XOR EDX,EDX
TEST ESI,ESI

0042FD7A
0042FD7D
0042FD81
0042FD83
0042FD85
0042FD8B
0042FD8F
0042FD93
0042FD95
0042FD97
0042FD99
0042FD9B
0042FD9E
0042FDA2
0042FDA4
0042FDA6
0042FDAC
0042FDB0
0042FDB4
0042FDB6
0042FDB8
0042FDBA
0042FDBC
0042FDBF
0042FDC3
0042FDC5
0042FDC7
0042FDCD
0042FDD1
0042FDD5
0042FDD7
0042FDD9
0042FDDB
0042FDDD
0042FDE0
0042FDE4
0042FDE6
0042FDE8
0042FDEA
0042FDEC
0042FDF2
f switch
0042FDF5
0042FDF8
0042FDFA
0042FDFD
0042FE01
0042FE03
0042FE05
0042FE07
0042FE09
0042FE0C
0042FE10
0042FE12
0042FE14
0042FE1A
0042FE1E
0042FE22
0042FE24
0042FE26

|. 0F9FC2
|. 8D5412 FF
|. 8BF2
|. 85F6
|.^ 0F85 4EFFFFFF
|> 0FB670 E9
|. 0FB651 E9
|. 2BF2
|. 74 15
|. 33D2
|. 85F6
|. 0F9FC2
|. 8D5412 FF
|. 8BF2
|. 85F6
|.^ 0F85 2DFFFFFF
|> 0FB670 EA
|. 0FB651 EA
|. 2BF2
|. 74 15
|. 33D2
|. 85F6
|. 0F9FC2
|. 8D5412 FF
|. 8BF2
|. 85F6
|.^ 0F85 0CFFFFFF
|> 0FB670 EB
|. 0FB651 EB
|. 2BF2
|. 74 11
|. 33D2
|. 85F6
|. 0F9FC2
|. 8D5412 FF
|. 8BF2
|. EB 02
|> 33F6
|> 85F6
|.^ 0F85 E7FEFFFF
|> 8B50 EC
SystemInfo.42FCC9
|. 3B51 EC
|. 74 7D
|. 0FB6F2
|. 0FB651 EC
|. 2BF2
|. 74 15
|. 33D2
|. 85F6
|. 0F9FC2
|. 8D5412 FF
|. 8BF2
|. 85F6
|.^ 0F85 BFFEFFFF
|> 0FB670 ED
|. 0FB651 ED
|. 2BF2
|. 74 15
|. 33D2

SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
TEST ESI,ESI
JNE 0042FCD9
MOVZX ESI,BYTE PTR DS:[EAX-17]
MOVZX EDX,BYTE PTR DS:[ECX-17]
SUB ESI,EDX
JE SHORT 0042FDAC
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
TEST ESI,ESI
JNE 0042FCD9
MOVZX ESI,BYTE PTR DS:[EAX-16]
MOVZX EDX,BYTE PTR DS:[ECX-16]
SUB ESI,EDX
JE SHORT 0042FDCD
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
TEST ESI,ESI
JNE 0042FCD9
MOVZX ESI,BYTE PTR DS:[EAX-15]
MOVZX EDX,BYTE PTR DS:[ECX-15]
SUB ESI,EDX
JE SHORT 0042FDEA
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
JMP SHORT 0042FDEA
XOR ESI,ESI
TEST ESI,ESI
JNE 0042FCD9
MOV EDX,DWORD PTR DS:[EAX-14]
CMP EDX,DWORD PTR DS:[ECX-14]
JE SHORT 0042FE77
MOVZX ESI,DL
MOVZX EDX,BYTE PTR DS:[ECX-14]
SUB ESI,EDX
JE SHORT 0042FE1A
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
TEST ESI,ESI
JNE 0042FCD9
MOVZX ESI,BYTE PTR DS:[EAX-13]
MOVZX EDX,BYTE PTR DS:[ECX-13]
SUB ESI,EDX
JE SHORT 0042FE3B
XOR EDX,EDX

; Case 14 o

0042FE28
0042FE2A
0042FE2D
0042FE31
0042FE33
0042FE35
0042FE3B
0042FE3F
0042FE43
0042FE45
0042FE47
0042FE49
0042FE4B
0042FE4E
0042FE52
0042FE54
0042FE56
0042FE5C
0042FE60
0042FE64
0042FE66
0042FE68
0042FE6A
0042FE6C
0042FE6F
0042FE73
0042FE75
0042FE77
0042FE79
0042FE7B
0042FE81
f switch
0042FE84
0042FE87
0042FE89
0042FE8C
0042FE90
0042FE92
0042FE94
0042FE96
0042FE98
0042FE9B
0042FE9F
0042FEA1
0042FEA3
0042FEA9
0042FEAD
0042FEB1
0042FEB3
0042FEB5
0042FEB7
0042FEB9
0042FEBC
0042FEC0
0042FEC2
0042FEC4
0042FECA
0042FECE
0042FED2
0042FED4

|. 85F6
|. 0F9FC2
|. 8D5412 FF
|. 8BF2
|. 85F6
|.^ 0F85 9EFEFFFF
|> 0FB670 EE
|. 0FB651 EE
|. 2BF2
|. 74 15
|. 33D2
|. 85F6
|. 0F9FC2
|. 8D5412 FF
|. 8BF2
|. 85F6
|.^ 0F85 7DFEFFFF
|> 0FB670 EF
|. 0FB651 EF
|. 2BF2
|. 74 11
|. 33D2
|. 85F6
|. 0F9FC2
|. 8D5412 FF
|. 8BF2
|. EB 02
|> 33F6
|> 85F6
|.^ 0F85 58FEFFFF
|> 8B50 F0
SystemInfo.42FCC9
|. 3B51 F0
|. 74 7D
|. 0FB6F2
|. 0FB651 F0
|. 2BF2
|. 74 15
|. 33D2
|. 85F6
|. 0F9FC2
|. 8D5412 FF
|. 8BF2
|. 85F6
|.^ 0F85 30FEFFFF
|> 0FB670 F1
|. 0FB651 F1
|. 2BF2
|. 74 15
|. 33D2
|. 85F6
|. 0F9FC2
|. 8D5412 FF
|. 8BF2
|. 85F6
|.^ 0F85 0FFEFFFF
|> 0FB670 F2
|. 0FB651 F2
|. 2BF2
|. 74 15

TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
TEST ESI,ESI
JNE 0042FCD9
MOVZX ESI,BYTE PTR DS:[EAX-12]
MOVZX EDX,BYTE PTR DS:[ECX-12]
SUB ESI,EDX
JE SHORT 0042FE5C
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
TEST ESI,ESI
JNE 0042FCD9
MOVZX ESI,BYTE PTR DS:[EAX-11]
MOVZX EDX,BYTE PTR DS:[ECX-11]
SUB ESI,EDX
JE SHORT 0042FE79
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
JMP SHORT 0042FE79
XOR ESI,ESI
TEST ESI,ESI
JNE 0042FCD9
MOV EDX,DWORD PTR DS:[EAX-10]
CMP EDX,DWORD PTR DS:[ECX-10]
JE SHORT 0042FF06
MOVZX ESI,DL
MOVZX EDX,BYTE PTR DS:[ECX-10]
SUB ESI,EDX
JE SHORT 0042FEA9
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
TEST ESI,ESI
JNE 0042FCD9
MOVZX ESI,BYTE PTR DS:[EAX-0F]
MOVZX EDX,BYTE PTR DS:[ECX-0F]
SUB ESI,EDX
JE SHORT 0042FECA
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
TEST ESI,ESI
JNE 0042FCD9
MOVZX ESI,BYTE PTR DS:[EAX-0E]
MOVZX EDX,BYTE PTR DS:[ECX-0E]
SUB ESI,EDX
JE SHORT 0042FEEB

; Case 10 o

0042FED6 |. 33D2
0042FED8 |. 85F6
0042FEDA |. 0F9FC2
0042FEDD |. 8D5412 FF
0042FEE1 |. 8BF2
0042FEE3 |. 85F6
0042FEE5 |.^ 0F85 EEFDFFFF
0042FEEB |> 0FB670 F3
0042FEEF |. 0FB651 F3
0042FEF3 |. 2BF2
0042FEF5 |. 74 11
0042FEF7 |. 33D2
0042FEF9 |. 85F6
0042FEFB |. 0F9FC2
0042FEFE |. 8D5412 FF
0042FF02 |. 8BF2
0042FF04 |. EB 02
0042FF06 |> 33F6
0042FF08 |> 85F6
0042FF0A |.^ 0F85 C9FDFFFF
0042FF10 |> 8B50 F4
switch SystemInfo.42FCC9
0042FF13 |. 3B51 F4
0042FF16 |. 74 7E
0042FF18 |. 0FB651 F4
0042FF1C |. 0FB670 F4
0042FF20 |. 2BF2
0042FF22 |. 74 15
0042FF24 |. 33D2
0042FF26 |. 85F6
0042FF28 |. 0F9FC2
0042FF2B |. 8D5412 FF
0042FF2F |. 8BF2
0042FF31 |. 85F6
0042FF33 |.^ 0F85 A0FDFFFF
0042FF39 |> 0FB670 F5
0042FF3D |. 0FB651 F5
0042FF41 |. 2BF2
0042FF43 |. 74 15
0042FF45 |. 33D2
0042FF47 |. 85F6
0042FF49 |. 0F9FC2
0042FF4C |. 8D5412 FF
0042FF50 |. 8BF2
0042FF52 |. 85F6
0042FF54 |.^ 0F85 7FFDFFFF
0042FF5A |> 0FB670 F6
0042FF5E |. 0FB651 F6
0042FF62 |. 2BF2
0042FF64 |. 74 15
0042FF66 |. 33D2
0042FF68 |. 85F6
0042FF6A |. 0F9FC2
0042FF6D |. 8D5412 FF
0042FF71 |. 8BF2
0042FF73 |. 85F6
0042FF75 |.^ 0F85 5EFDFFFF
0042FF7B |> 0FB670 F7
0042FF7F |. 0FB651 F7
0042FF83 |. 2BF2

XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
TEST ESI,ESI
JNE 0042FCD9
MOVZX ESI,BYTE PTR DS:[EAX-0D]
MOVZX EDX,BYTE PTR DS:[ECX-0D]
SUB ESI,EDX
JE SHORT 0042FF08
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
JMP SHORT 0042FF08
XOR ESI,ESI
TEST ESI,ESI
JNE 0042FCD9
MOV EDX,DWORD PTR DS:[EAX-0C]
CMP EDX,DWORD PTR DS:[ECX-0C]
JE SHORT 0042FF96
MOVZX EDX,BYTE PTR DS:[ECX-0C]
MOVZX ESI,BYTE PTR DS:[EAX-0C]
SUB ESI,EDX
JE SHORT 0042FF39
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
TEST ESI,ESI
JNE 0042FCD9
MOVZX ESI,BYTE PTR DS:[EAX-0B]
MOVZX EDX,BYTE PTR DS:[ECX-0B]
SUB ESI,EDX
JE SHORT 0042FF5A
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
TEST ESI,ESI
JNE 0042FCD9
MOVZX ESI,BYTE PTR DS:[EAX-0A]
MOVZX EDX,BYTE PTR DS:[ECX-0A]
SUB ESI,EDX
JE SHORT 0042FF7B
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
TEST ESI,ESI
JNE 0042FCD9
MOVZX ESI,BYTE PTR DS:[EAX-9]
MOVZX EDX,BYTE PTR DS:[ECX-9]
SUB ESI,EDX

; Case C of

0042FF85 |. 74 11
0042FF87 |. 33D2
0042FF89 |. 85F6
0042FF8B |. 0F9FC2
0042FF8E |. 8D5412 FF
0042FF92 |. 8BF2
0042FF94 |. EB 02
0042FF96 |> 33F6
0042FF98 |> 85F6
0042FF9A |.^ 0F85 39FDFFFF
0042FFA0 |> 8B50 F8
switch SystemInfo.42FCC9
0042FFA3 |. 3B51 F8
0042FFA6 |. 74 7D
0042FFA8 |. 0FB6F2
0042FFAB |. 0FB651 F8
0042FFAF |. 2BF2
0042FFB1 |. 74 15
0042FFB3 |. 33D2
0042FFB5 |. 85F6
0042FFB7 |. 0F9FC2
0042FFBA |. 8D5412 FF
0042FFBE |. 8BF2
0042FFC0 |. 85F6
0042FFC2 |.^ 0F85 11FDFFFF
0042FFC8 |> 0FB670 F9
0042FFCC |. 0FB651 F9
0042FFD0 |. 2BF2
0042FFD2 |. 74 15
0042FFD4 |. 33D2
0042FFD6 |. 85F6
0042FFD8 |. 0F9FC2
0042FFDB |. 8D5412 FF
0042FFDF |. 8BF2
0042FFE1 |. 85F6
0042FFE3 |.^ 0F85 F0FCFFFF
0042FFE9 |> 0FB670 FA
0042FFED |. 0FB651 FA
0042FFF1 |. 2BF2
0042FFF3 |. 74 15
0042FFF5 |. 33D2
0042FFF7 |. 85F6
0042FFF9 |. 0F9FC2
0042FFFC |. 8D5412 FF
00430000 |. 8BF2
00430002 |. 85F6
00430004 |.^ 0F85 CFFCFFFF
0043000A |> 0FB670 FB
0043000E |. 0FB651 FB
00430012 |. 2BF2
00430014 |. 74 11
00430016 |. 33D2
00430018 |. 85F6
0043001A |. 0F9FC2
0043001D |. 8D5412 FF
00430021 |. 8BF2
00430023 |. EB 02
00430025 |> 33F6
00430027 |> 85F6
00430029 |.^ 0F85 AAFCFFFF

JE SHORT 0042FF98
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
JMP SHORT 0042FF98
XOR ESI,ESI
TEST ESI,ESI
JNE 0042FCD9
MOV EDX,DWORD PTR DS:[EAX-8]
CMP EDX,DWORD PTR DS:[ECX-8]
JE SHORT 00430025
MOVZX ESI,DL
MOVZX EDX,BYTE PTR DS:[ECX-8]
SUB ESI,EDX
JE SHORT 0042FFC8
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
TEST ESI,ESI
JNE 0042FCD9
MOVZX ESI,BYTE PTR DS:[EAX-7]
MOVZX EDX,BYTE PTR DS:[ECX-7]
SUB ESI,EDX
JE SHORT 0042FFE9
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
TEST ESI,ESI
JNE 0042FCD9
MOVZX ESI,BYTE PTR DS:[EAX-6]
MOVZX EDX,BYTE PTR DS:[ECX-6]
SUB ESI,EDX
JE SHORT 0043000A
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
TEST ESI,ESI
JNE 0042FCD9
MOVZX ESI,BYTE PTR DS:[EAX-5]
MOVZX EDX,BYTE PTR DS:[ECX-5]
SUB ESI,EDX
JE SHORT 00430027
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
JMP SHORT 00430027
XOR ESI,ESI
TEST ESI,ESI
JNE 0042FCD9

; Case 8 of

0043002F |> 8B50 FC


MOV EDX,DWORD PTR DS:[EAX-4]
switch SystemInfo.42FCC9
00430032 |. 3B51 FC
CMP EDX,DWORD PTR DS:[ECX-4]
00430035 |. 74 6F
JE SHORT 004300A6
00430037 |. 0FB6F2
MOVZX ESI,DL
0043003A |. 0FB651 FC
MOVZX EDX,BYTE PTR DS:[ECX-4]
0043003E |. 2BF2
SUB ESI,EDX
00430040 |. 74 0F
JE SHORT 00430051
00430042 |. 33D2
XOR EDX,EDX
00430044 |. 85F6
TEST ESI,ESI
00430046 |. 0F9FC2
SETG DL
00430049 |. 8D5412 FF
LEA EDX,[EDX+EDX-1]
0043004D |. 85D2
TEST EDX,EDX
0043004F |. 75 36
JNE SHORT 00430087
00430051 |> 0FB670 FD
MOVZX ESI,BYTE PTR DS:[EAX-3]
00430055 |. 0FB651 FD
MOVZX EDX,BYTE PTR DS:[ECX-3]
00430059 |. 2BF2
SUB ESI,EDX
0043005B |. 74 0F
JE SHORT 0043006C
0043005D |. 33D2
XOR EDX,EDX
0043005F |. 85F6
TEST ESI,ESI
00430061 |. 0F9FC2
SETG DL
00430064 |. 8D5412 FF
LEA EDX,[EDX+EDX-1]
00430068 |. 85D2
TEST EDX,EDX
0043006A |. 75 1B
JNE SHORT 00430087
0043006C |> 0FB670 FE
MOVZX ESI,BYTE PTR DS:[EAX-2]
00430070 |. 0FB651 FE
MOVZX EDX,BYTE PTR DS:[ECX-2]
00430074 |. 2BF2
SUB ESI,EDX
00430076 |. 74 13
JE SHORT 0043008B
00430078 |. 33D2
XOR EDX,EDX
0043007A |. 85F6
TEST ESI,ESI
0043007C |. 0F9FC2
SETG DL
0043007F |. 8D5412 FF
LEA EDX,[EDX+EDX-1]
00430083 |. 85D2
TEST EDX,EDX
00430085 |. 74 04
JE SHORT 0043008B
00430087 |> 8BC2
MOV EAX,EDX
00430089 |. EB 1D
JMP SHORT 004300A8
0043008B |> 0FB640 FF
MOVZX EAX,BYTE PTR DS:[EAX-1]
0043008F |. 0FB649 FF
MOVZX ECX,BYTE PTR DS:[ECX-1]
00430093 |. 2BC1
SUB EAX,ECX
00430095 |. 74 11
JE SHORT 004300A8
00430097 |. 33C9
XOR ECX,ECX
00430099 |. 85C0
TEST EAX,EAX
0043009B |. 0F9FC1
SETG CL
0043009E |. 8D4C09 FF
LEA ECX,[ECX+ECX-1]
004300A2 |. 8BC1
MOV EAX,ECX
004300A4 |. EB 02
JMP SHORT 004300A8
004300A6 |> 33C0
XOR EAX,EAX
004300A8 |> 85C0
TEST EAX,EAX
004300AA |. 75 02
JNE SHORT 004300AE
004300AC |> 33C0
XOR EAX,EAX
ase of switch SystemInfo.42FCC9
004300AE |> 5B
POP EBX
004300AF |. E9 530D0000 JMP 00430E07
004300B4 |> 8B50 E3
MOV EDX,DWORD PTR DS:[EAX-1D]
f switch SystemInfo.42FCC9
004300B7 |. 3B51 E3
CMP EDX,DWORD PTR DS:[ECX-1D]
004300BA |. 74 7D
JE SHORT 00430139
004300BC |. 0FB6F2
MOVZX ESI,DL
004300BF |. 0FB651 E3
MOVZX EDX,BYTE PTR DS:[ECX-1D]
004300C3 |. 2BF2
SUB ESI,EDX

; Case 4 of

; Default c

; Case 1D o

004300C5
004300C7
004300C9
004300CB
004300CE
004300D2
004300D4
004300D6
004300DC
004300E0
004300E4
004300E6
004300E8
004300EA
004300EC
004300EF
004300F3
004300F5
004300F7
004300FD
00430101
00430105
00430107
00430109
0043010B
0043010D
00430110
00430114
00430116
00430118
0043011E
00430122
00430126
00430128
0043012A
0043012C
0043012E
00430131
00430135
00430137
00430139
0043013B
0043013D
00430143
f switch
00430146
00430149
0043014B
0043014E
00430152
00430154
00430156
00430158
0043015A
0043015D
00430161
00430163
00430165
0043016B
0043016F

|. 74 15
|. 33D2
|. 85F6
|. 0F9FC2
|. 8D5412 FF
|. 8BF2
|. 85F6
|.^ 0F85 FDFBFFFF
|> 0FB670 E4
|. 0FB651 E4
|. 2BF2
|. 74 15
|. 33D2
|. 85F6
|. 0F9FC2
|. 8D5412 FF
|. 8BF2
|. 85F6
|.^ 0F85 DCFBFFFF
|> 0FB670 E5
|. 0FB651 E5
|. 2BF2
|. 74 15
|. 33D2
|. 85F6
|. 0F9FC2
|. 8D5412 FF
|. 8BF2
|. 85F6
|.^ 0F85 BBFBFFFF
|> 0FB670 E6
|. 0FB651 E6
|. 2BF2
|. 74 11
|. 33D2
|. 85F6
|. 0F9FC2
|. 8D5412 FF
|. 8BF2
|. EB 02
|> 33F6
|> 85F6
|.^ 0F85 96FBFFFF
|> 8B50 E7
SystemInfo.42FCC9
|. 3B51 E7
|. 74 7D
|. 0FB6F2
|. 0FB651 E7
|. 2BF2
|. 74 15
|. 33D2
|. 85F6
|. 0F9FC2
|. 8D5412 FF
|. 8BF2
|. 85F6
|.^ 0F85 6EFBFFFF
|> 0FB670 E8
|. 0FB651 E8

JE SHORT 004300DC
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
TEST ESI,ESI
JNE 0042FCD9
MOVZX ESI,BYTE PTR DS:[EAX-1C]
MOVZX EDX,BYTE PTR DS:[ECX-1C]
SUB ESI,EDX
JE SHORT 004300FD
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
TEST ESI,ESI
JNE 0042FCD9
MOVZX ESI,BYTE PTR DS:[EAX-1B]
MOVZX EDX,BYTE PTR DS:[ECX-1B]
SUB ESI,EDX
JE SHORT 0043011E
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
TEST ESI,ESI
JNE 0042FCD9
MOVZX ESI,BYTE PTR DS:[EAX-1A]
MOVZX EDX,BYTE PTR DS:[ECX-1A]
SUB ESI,EDX
JE SHORT 0043013B
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
JMP SHORT 0043013B
XOR ESI,ESI
TEST ESI,ESI
JNE 0042FCD9
MOV EDX,DWORD PTR DS:[EAX-19]
CMP EDX,DWORD PTR DS:[ECX-19]
JE SHORT 004301C8
MOVZX ESI,DL
MOVZX EDX,BYTE PTR DS:[ECX-19]
SUB ESI,EDX
JE SHORT 0043016B
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
TEST ESI,ESI
JNE 0042FCD9
MOVZX ESI,BYTE PTR DS:[EAX-18]
MOVZX EDX,BYTE PTR DS:[ECX-18]

; Case 19 o

00430173
00430175
00430177
00430179
0043017B
0043017E
00430182
00430184
00430186
0043018C
00430190
00430194
00430196
00430198
0043019A
0043019C
0043019F
004301A3
004301A5
004301A7
004301AD
004301B1
004301B5
004301B7
004301B9
004301BB
004301BD
004301C0
004301C4
004301C6
004301C8
004301CA
004301CC
004301D2
f switch
004301D5
004301D8
004301DA
004301DD
004301E1
004301E3
004301E5
004301E7
004301E9
004301EC
004301F0
004301F2
004301F4
004301FA
004301FE
00430202
00430204
00430206
00430208
0043020A
0043020D
00430211
00430213
00430215
0043021B

|. 2BF2
|. 74 15
|. 33D2
|. 85F6
|. 0F9FC2
|. 8D5412 FF
|. 8BF2
|. 85F6
|.^ 0F85 4DFBFFFF
|> 0FB670 E9
|. 0FB651 E9
|. 2BF2
|. 74 15
|. 33D2
|. 85F6
|. 0F9FC2
|. 8D5412 FF
|. 8BF2
|. 85F6
|.^ 0F85 2CFBFFFF
|> 0FB670 EA
|. 0FB651 EA
|. 2BF2
|. 74 11
|. 33D2
|. 85F6
|. 0F9FC2
|. 8D5412 FF
|. 8BF2
|. EB 02
|> 33F6
|> 85F6
|.^ 0F85 07FBFFFF
|> 8B50 EB
SystemInfo.42FCC9
|. 3B51 EB
|. 74 7D
|. 0FB6F2
|. 0FB651 EB
|. 2BF2
|. 74 15
|. 33D2
|. 85F6
|. 0F9FC2
|. 8D5412 FF
|. 8BF2
|. 85F6
|.^ 0F85 DFFAFFFF
|> 0FB670 EC
|. 0FB651 EC
|. 2BF2
|. 74 15
|. 33D2
|. 85F6
|. 0F9FC2
|. 8D5412 FF
|. 8BF2
|. 85F6
|.^ 0F85 BEFAFFFF
|> 0FB670 ED

SUB ESI,EDX
JE SHORT 0043018C
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
TEST ESI,ESI
JNE 0042FCD9
MOVZX ESI,BYTE PTR DS:[EAX-17]
MOVZX EDX,BYTE PTR DS:[ECX-17]
SUB ESI,EDX
JE SHORT 004301AD
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
TEST ESI,ESI
JNE 0042FCD9
MOVZX ESI,BYTE PTR DS:[EAX-16]
MOVZX EDX,BYTE PTR DS:[ECX-16]
SUB ESI,EDX
JE SHORT 004301CA
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
JMP SHORT 004301CA
XOR ESI,ESI
TEST ESI,ESI
JNE 0042FCD9
MOV EDX,DWORD PTR DS:[EAX-15]
CMP EDX,DWORD PTR DS:[ECX-15]
JE SHORT 00430257
MOVZX ESI,DL
MOVZX EDX,BYTE PTR DS:[ECX-15]
SUB ESI,EDX
JE SHORT 004301FA
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
TEST ESI,ESI
JNE 0042FCD9
MOVZX ESI,BYTE PTR DS:[EAX-14]
MOVZX EDX,BYTE PTR DS:[ECX-14]
SUB ESI,EDX
JE SHORT 0043021B
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
TEST ESI,ESI
JNE 0042FCD9
MOVZX ESI,BYTE PTR DS:[EAX-13]

; Case 15 o

0043021F
00430223
00430225
00430227
00430229
0043022B
0043022E
00430232
00430234
00430236
0043023C
00430240
00430244
00430246
00430248
0043024A
0043024C
0043024F
00430253
00430255
00430257
00430259
0043025B
00430261
f switch
00430264
00430267
00430269
0043026C
00430270
00430272
00430274
00430276
00430278
0043027B
0043027F
00430281
00430283
00430289
0043028D
00430291
00430293
00430295
00430297
00430299
0043029C
004302A0
004302A2
004302A4
004302AA
004302AE
004302B2
004302B4
004302B6
004302B8
004302BA
004302BD
004302C1
004302C3
004302C5

|. 0FB651 ED
|. 2BF2
|. 74 15
|. 33D2
|. 85F6
|. 0F9FC2
|. 8D5412 FF
|. 8BF2
|. 85F6
|.^ 0F85 9DFAFFFF
|> 0FB670 EE
|. 0FB651 EE
|. 2BF2
|. 74 11
|. 33D2
|. 85F6
|. 0F9FC2
|. 8D5412 FF
|. 8BF2
|. EB 02
|> 33F6
|> 85F6
|.^ 0F85 78FAFFFF
|> 8B50 EF
SystemInfo.42FCC9
|. 3B51 EF
|. 74 7D
|. 0FB6F2
|. 0FB651 EF
|. 2BF2
|. 74 15
|. 33D2
|. 85F6
|. 0F9FC2
|. 8D5412 FF
|. 8BF2
|. 85F6
|.^ 0F85 50FAFFFF
|> 0FB670 F0
|. 0FB651 F0
|. 2BF2
|. 74 15
|. 33D2
|. 85F6
|. 0F9FC2
|. 8D5412 FF
|. 8BF2
|. 85F6
|.^ 0F85 2FFAFFFF
|> 0FB670 F1
|. 0FB651 F1
|. 2BF2
|. 74 15
|. 33D2
|. 85F6
|. 0F9FC2
|. 8D5412 FF
|. 8BF2
|. 85F6
|.^ 0F85 0EFAFFFF

MOVZX EDX,BYTE PTR DS:[ECX-13]


SUB ESI,EDX
JE SHORT 0043023C
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
TEST ESI,ESI
JNE 0042FCD9
MOVZX ESI,BYTE PTR DS:[EAX-12]
MOVZX EDX,BYTE PTR DS:[ECX-12]
SUB ESI,EDX
JE SHORT 00430259
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
JMP SHORT 00430259
XOR ESI,ESI
TEST ESI,ESI
JNE 0042FCD9
MOV EDX,DWORD PTR DS:[EAX-11]
CMP EDX,DWORD PTR DS:[ECX-11]
JE SHORT 004302E6
MOVZX ESI,DL
MOVZX EDX,BYTE PTR DS:[ECX-11]
SUB ESI,EDX
JE SHORT 00430289
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
TEST ESI,ESI
JNE 0042FCD9
MOVZX ESI,BYTE PTR DS:[EAX-10]
MOVZX EDX,BYTE PTR DS:[ECX-10]
SUB ESI,EDX
JE SHORT 004302AA
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
TEST ESI,ESI
JNE 0042FCD9
MOVZX ESI,BYTE PTR DS:[EAX-0F]
MOVZX EDX,BYTE PTR DS:[ECX-0F]
SUB ESI,EDX
JE SHORT 004302CB
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
TEST ESI,ESI
JNE 0042FCD9

; Case 11 o

004302CB |> 0FB670 F2


004302CF |. 0FB651 F2
004302D3 |. 2BF2
004302D5 |. 74 11
004302D7 |. 33D2
004302D9 |. 85F6
004302DB |. 0F9FC2
004302DE |. 8D5412 FF
004302E2 |. 8BF2
004302E4 |. EB 02
004302E6 |> 33F6
004302E8 |> 85F6
004302EA |.^ 0F85 E9F9FFFF
004302F0 |> 8B50 F3
switch SystemInfo.42FCC9
004302F3 |. 3B51 F3
004302F6 |. 74 7D
004302F8 |. 0FB6F2
004302FB |. 0FB651 F3
004302FF |. 2BF2
00430301 |. 74 15
00430303 |. 33D2
00430305 |. 85F6
00430307 |. 0F9FC2
0043030A |. 8D5412 FF
0043030E |. 8BF2
00430310 |. 85F6
00430312 |.^ 0F85 C1F9FFFF
00430318 |> 0FB670 F4
0043031C |. 0FB651 F4
00430320 |. 2BF2
00430322 |. 74 15
00430324 |. 33D2
00430326 |. 85F6
00430328 |. 0F9FC2
0043032B |. 8D5412 FF
0043032F |. 8BF2
00430331 |. 85F6
00430333 |.^ 0F85 A0F9FFFF
00430339 |> 0FB670 F5
0043033D |. 0FB651 F5
00430341 |. 2BF2
00430343 |. 74 15
00430345 |. 33D2
00430347 |. 85F6
00430349 |. 0F9FC2
0043034C |. 8D5412 FF
00430350 |. 8BF2
00430352 |. 85F6
00430354 |.^ 0F85 7FF9FFFF
0043035A |> 0FB670 F6
0043035E |. 0FB651 F6
00430362 |. 2BF2
00430364 |. 74 11
00430366 |. 33D2
00430368 |. 85F6
0043036A |. 0F9FC2
0043036D |. 8D5412 FF
00430371 |. 8BF2
00430373 |. EB 02

MOVZX ESI,BYTE PTR DS:[EAX-0E]


MOVZX EDX,BYTE PTR DS:[ECX-0E]
SUB ESI,EDX
JE SHORT 004302E8
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
JMP SHORT 004302E8
XOR ESI,ESI
TEST ESI,ESI
JNE 0042FCD9
MOV EDX,DWORD PTR DS:[EAX-0D]
CMP EDX,DWORD PTR DS:[ECX-0D]
JE SHORT 00430375
MOVZX ESI,DL
MOVZX EDX,BYTE PTR DS:[ECX-0D]
SUB ESI,EDX
JE SHORT 00430318
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
TEST ESI,ESI
JNE 0042FCD9
MOVZX ESI,BYTE PTR DS:[EAX-0C]
MOVZX EDX,BYTE PTR DS:[ECX-0C]
SUB ESI,EDX
JE SHORT 00430339
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
TEST ESI,ESI
JNE 0042FCD9
MOVZX ESI,BYTE PTR DS:[EAX-0B]
MOVZX EDX,BYTE PTR DS:[ECX-0B]
SUB ESI,EDX
JE SHORT 0043035A
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
TEST ESI,ESI
JNE 0042FCD9
MOVZX ESI,BYTE PTR DS:[EAX-0A]
MOVZX EDX,BYTE PTR DS:[ECX-0A]
SUB ESI,EDX
JE SHORT 00430377
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
JMP SHORT 00430377

; Case D of

00430375 |> 33F6


00430377 |> 85F6
00430379 |.^ 0F85 5AF9FFFF
0043037F |> 8B50 F7
switch SystemInfo.42FCC9
00430382 |. 3B51 F7
00430385 |. 74 7E
00430387 |. 0FB651 F7
0043038B |. 0FB670 F7
0043038F |. 2BF2
00430391 |. 74 15
00430393 |. 33D2
00430395 |. 85F6
00430397 |. 0F9FC2
0043039A |. 8D5412 FF
0043039E |. 8BF2
004303A0 |. 85F6
004303A2 |.^ 0F85 31F9FFFF
004303A8 |> 0FB670 F8
004303AC |. 0FB651 F8
004303B0 |. 2BF2
004303B2 |. 74 15
004303B4 |. 33D2
004303B6 |. 85F6
004303B8 |. 0F9FC2
004303BB |. 8D5412 FF
004303BF |. 8BF2
004303C1 |. 85F6
004303C3 |.^ 0F85 10F9FFFF
004303C9 |> 0FB670 F9
004303CD |. 0FB651 F9
004303D1 |. 2BF2
004303D3 |. 74 15
004303D5 |. 33D2
004303D7 |. 85F6
004303D9 |. 0F9FC2
004303DC |. 8D5412 FF
004303E0 |. 8BF2
004303E2 |. 85F6
004303E4 |.^ 0F85 EFF8FFFF
004303EA |> 0FB670 FA
004303EE |. 0FB651 FA
004303F2 |. 2BF2
004303F4 |. 74 11
004303F6 |. 33D2
004303F8 |. 85F6
004303FA |. 0F9FC2
004303FD |. 8D5412 FF
00430401 |. 8BF2
00430403 |. EB 02
00430405 |> 33F6
00430407 |> 85F6
00430409 |.^ 0F85 CAF8FFFF
0043040F |> 8B50 FB
switch SystemInfo.42FCC9
00430412 |. 3B51 FB
00430415 |. 74 7D
00430417 |. 0FB6F2
0043041A |. 0FB651 FB
0043041E |. 2BF2

XOR ESI,ESI
TEST ESI,ESI
JNE 0042FCD9
MOV EDX,DWORD PTR DS:[EAX-9]

; Case 9 of

CMP EDX,DWORD PTR DS:[ECX-9]


JE SHORT 00430405
MOVZX EDX,BYTE PTR DS:[ECX-9]
MOVZX ESI,BYTE PTR DS:[EAX-9]
SUB ESI,EDX
JE SHORT 004303A8
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
TEST ESI,ESI
JNE 0042FCD9
MOVZX ESI,BYTE PTR DS:[EAX-8]
MOVZX EDX,BYTE PTR DS:[ECX-8]
SUB ESI,EDX
JE SHORT 004303C9
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
TEST ESI,ESI
JNE 0042FCD9
MOVZX ESI,BYTE PTR DS:[EAX-7]
MOVZX EDX,BYTE PTR DS:[ECX-7]
SUB ESI,EDX
JE SHORT 004303EA
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
TEST ESI,ESI
JNE 0042FCD9
MOVZX ESI,BYTE PTR DS:[EAX-6]
MOVZX EDX,BYTE PTR DS:[ECX-6]
SUB ESI,EDX
JE SHORT 00430407
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
JMP SHORT 00430407
XOR ESI,ESI
TEST ESI,ESI
JNE 0042FCD9
MOV EDX,DWORD PTR DS:[EAX-5]

; Case 5 of

CMP EDX,DWORD PTR DS:[ECX-5]


JE SHORT 00430494
MOVZX ESI,DL
MOVZX EDX,BYTE PTR DS:[ECX-5]
SUB ESI,EDX

00430420 |. 74 15
00430422 |. 33D2
00430424 |. 85F6
00430426 |. 0F9FC2
00430429 |. 8D5412 FF
0043042D |. 8BF2
0043042F |. 85F6
00430431 |.^ 0F85 A2F8FFFF
00430437 |> 0FB670 FC
0043043B |. 0FB651 FC
0043043F |. 2BF2
00430441 |. 74 15
00430443 |. 33D2
00430445 |. 85F6
00430447 |. 0F9FC2
0043044A |. 8D5412 FF
0043044E |. 8BF2
00430450 |. 85F6
00430452 |.^ 0F85 81F8FFFF
00430458 |> 0FB670 FD
0043045C |. 0FB651 FD
00430460 |. 2BF2
00430462 |. 74 15
00430464 |. 33D2
00430466 |. 85F6
00430468 |. 0F9FC2
0043046B |. 8D5412 FF
0043046F |. 8BF2
00430471 |. 85F6
00430473 |.^ 0F85 60F8FFFF
00430479 |> 0FB670 FE
0043047D |. 0FB651 FE
00430481 |. 2BF2
00430483 |. 74 11
00430485 |. 33D2
00430487 |. 85F6
00430489 |. 0F9FC2
0043048C |. 8D5412 FF
00430490 |. 8BF2
00430492 |. EB 02
00430494 |> 33F6
00430496 |> 85F6
00430498 |.^ 0F85 3BF8FFFF
0043049E |> 0FB649 FF
switch SystemInfo.42FCC9
004304A2 |. 0FB640 FF
004304A6 |. 2BC1
004304A8 |.^ 0F84 00FCFFFF
004304AE |. 33C9
004304B0 |. 85C0
004304B2 |. 0F9FC1
004304B5 |. 8D4C09 FF
004304B9 |. 8BC1
004304BB |.^ E9 EEFBFFFF
004304C0 |> 8B50 E2
f switch SystemInfo.42FCC9
004304C3 |. 3B51 E2
004304C6 |. 74 7D
004304C8 |. 0FB6F2
004304CB |. 0FB651 E2

JE SHORT 00430437
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
TEST ESI,ESI
JNE 0042FCD9
MOVZX ESI,BYTE PTR DS:[EAX-4]
MOVZX EDX,BYTE PTR DS:[ECX-4]
SUB ESI,EDX
JE SHORT 00430458
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
TEST ESI,ESI
JNE 0042FCD9
MOVZX ESI,BYTE PTR DS:[EAX-3]
MOVZX EDX,BYTE PTR DS:[ECX-3]
SUB ESI,EDX
JE SHORT 00430479
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
TEST ESI,ESI
JNE 0042FCD9
MOVZX ESI,BYTE PTR DS:[EAX-2]
MOVZX EDX,BYTE PTR DS:[ECX-2]
SUB ESI,EDX
JE SHORT 00430496
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
JMP SHORT 00430496
XOR ESI,ESI
TEST ESI,ESI
JNE 0042FCD9
MOVZX ECX,BYTE PTR DS:[ECX-1]

; Case 1 of

MOVZX EAX,BYTE PTR DS:[EAX-1]


SUB EAX,ECX
JE 004300AE
XOR ECX,ECX
TEST EAX,EAX
SETG CL
LEA ECX,[ECX+ECX-1]
MOV EAX,ECX
JMP 004300AE
MOV EDX,DWORD PTR DS:[EAX-1E]

; Case 1E o

CMP EDX,DWORD PTR DS:[ECX-1E]


JE SHORT 00430545
MOVZX ESI,DL
MOVZX EDX,BYTE PTR DS:[ECX-1E]

004304CF
004304D1
004304D3
004304D5
004304D7
004304DA
004304DE
004304E0
004304E2
004304E8
004304EC
004304F0
004304F2
004304F4
004304F6
004304F8
004304FB
004304FF
00430501
00430503
00430509
0043050D
00430511
00430513
00430515
00430517
00430519
0043051C
00430520
00430522
00430524
0043052A
0043052E
00430532
00430534
00430536
00430538
0043053A
0043053D
00430541
00430543
00430545
00430547
00430549
0043054F
f switch
00430552
00430555
00430557
0043055A
0043055E
00430560
00430562
00430564
00430566
00430569
0043056D
0043056F
00430571
00430577

|. 2BF2
|. 74 15
|. 33D2
|. 85F6
|. 0F9FC2
|. 8D5412 FF
|. 8BF2
|. 85F6
|.^ 0F85 F1F7FFFF
|> 0FB670 E3
|. 0FB651 E3
|. 2BF2
|. 74 15
|. 33D2
|. 85F6
|. 0F9FC2
|. 8D5412 FF
|. 8BF2
|. 85F6
|.^ 0F85 D0F7FFFF
|> 0FB670 E4
|. 0FB651 E4
|. 2BF2
|. 74 15
|. 33D2
|. 85F6
|. 0F9FC2
|. 8D5412 FF
|. 8BF2
|. 85F6
|.^ 0F85 AFF7FFFF
|> 0FB670 E5
|. 0FB651 E5
|. 2BF2
|. 74 11
|. 33D2
|. 85F6
|. 0F9FC2
|. 8D5412 FF
|. 8BF2
|. EB 02
|> 33F6
|> 85F6
|.^ 0F85 8AF7FFFF
|> 8B50 E6
SystemInfo.42FCC9
|. 3B51 E6
|. 74 7D
|. 0FB6F2
|. 0FB651 E6
|. 2BF2
|. 74 15
|. 33D2
|. 85F6
|. 0F9FC2
|. 8D5412 FF
|. 8BF2
|. 85F6
|.^ 0F85 62F7FFFF
|> 0FB670 E7

SUB ESI,EDX
JE SHORT 004304E8
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
TEST ESI,ESI
JNE 0042FCD9
MOVZX ESI,BYTE PTR DS:[EAX-1D]
MOVZX EDX,BYTE PTR DS:[ECX-1D]
SUB ESI,EDX
JE SHORT 00430509
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
TEST ESI,ESI
JNE 0042FCD9
MOVZX ESI,BYTE PTR DS:[EAX-1C]
MOVZX EDX,BYTE PTR DS:[ECX-1C]
SUB ESI,EDX
JE SHORT 0043052A
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
TEST ESI,ESI
JNE 0042FCD9
MOVZX ESI,BYTE PTR DS:[EAX-1B]
MOVZX EDX,BYTE PTR DS:[ECX-1B]
SUB ESI,EDX
JE SHORT 00430547
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
JMP SHORT 00430547
XOR ESI,ESI
TEST ESI,ESI
JNE 0042FCD9
MOV EDX,DWORD PTR DS:[EAX-1A]
CMP EDX,DWORD PTR DS:[ECX-1A]
JE SHORT 004305D4
MOVZX ESI,DL
MOVZX EDX,BYTE PTR DS:[ECX-1A]
SUB ESI,EDX
JE SHORT 00430577
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
TEST ESI,ESI
JNE 0042FCD9
MOVZX ESI,BYTE PTR DS:[EAX-19]

; Case 1A o

0043057B
0043057F
00430581
00430583
00430585
00430587
0043058A
0043058E
00430590
00430592
00430598
0043059C
004305A0
004305A2
004305A4
004305A6
004305A8
004305AB
004305AF
004305B1
004305B3
004305B9
004305BD
004305C1
004305C3
004305C5
004305C7
004305C9
004305CC
004305D0
004305D2
004305D4
004305D6
004305D8
004305DE
f switch
004305E1
004305E4
004305E6
004305E9
004305ED
004305EF
004305F1
004305F3
004305F5
004305F8
004305FC
004305FE
00430600
00430606
0043060A
0043060E
00430610
00430612
00430614
00430616
00430619
0043061D
0043061F
00430621

|. 0FB651 E7
|. 2BF2
|. 74 15
|. 33D2
|. 85F6
|. 0F9FC2
|. 8D5412 FF
|. 8BF2
|. 85F6
|.^ 0F85 41F7FFFF
|> 0FB670 E8
|. 0FB651 E8
|. 2BF2
|. 74 15
|. 33D2
|. 85F6
|. 0F9FC2
|. 8D5412 FF
|. 8BF2
|. 85F6
|.^ 0F85 20F7FFFF
|> 0FB670 E9
|. 0FB651 E9
|. 2BF2
|. 74 11
|. 33D2
|. 85F6
|. 0F9FC2
|. 8D5412 FF
|. 8BF2
|. EB 02
|> 33F6
|> 85F6
|.^ 0F85 FBF6FFFF
|> 8B50 EA
SystemInfo.42FCC9
|. 3B51 EA
|. 74 7D
|. 0FB6F2
|. 0FB651 EA
|. 2BF2
|. 74 15
|. 33D2
|. 85F6
|. 0F9FC2
|. 8D5412 FF
|. 8BF2
|. 85F6
|.^ 0F85 D3F6FFFF
|> 0FB670 EB
|. 0FB651 EB
|. 2BF2
|. 74 15
|. 33D2
|. 85F6
|. 0F9FC2
|. 8D5412 FF
|. 8BF2
|. 85F6
|.^ 0F85 B2F6FFFF

MOVZX EDX,BYTE PTR DS:[ECX-19]


SUB ESI,EDX
JE SHORT 00430598
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
TEST ESI,ESI
JNE 0042FCD9
MOVZX ESI,BYTE PTR DS:[EAX-18]
MOVZX EDX,BYTE PTR DS:[ECX-18]
SUB ESI,EDX
JE SHORT 004305B9
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
TEST ESI,ESI
JNE 0042FCD9
MOVZX ESI,BYTE PTR DS:[EAX-17]
MOVZX EDX,BYTE PTR DS:[ECX-17]
SUB ESI,EDX
JE SHORT 004305D6
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
JMP SHORT 004305D6
XOR ESI,ESI
TEST ESI,ESI
JNE 0042FCD9
MOV EDX,DWORD PTR DS:[EAX-16]
CMP EDX,DWORD PTR DS:[ECX-16]
JE SHORT 00430663
MOVZX ESI,DL
MOVZX EDX,BYTE PTR DS:[ECX-16]
SUB ESI,EDX
JE SHORT 00430606
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
TEST ESI,ESI
JNE 0042FCD9
MOVZX ESI,BYTE PTR DS:[EAX-15]
MOVZX EDX,BYTE PTR DS:[ECX-15]
SUB ESI,EDX
JE SHORT 00430627
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
TEST ESI,ESI
JNE 0042FCD9

; Case 16 o

00430627
0043062B
0043062F
00430631
00430633
00430635
00430637
0043063A
0043063E
00430640
00430642
00430648
0043064C
00430650
00430652
00430654
00430656
00430658
0043065B
0043065F
00430661
00430663
00430665
00430667
0043066D
f switch
00430670
00430673
00430675
00430678
0043067C
0043067E
00430680
00430682
00430684
00430687
0043068B
0043068D
0043068F
00430695
00430699
0043069D
0043069F
004306A1
004306A3
004306A5
004306A8
004306AC
004306AE
004306B0
004306B6
004306BA
004306BE
004306C0
004306C2
004306C4
004306C6
004306C9
004306CD
004306CF

|> 0FB670 EC
|. 0FB651 EC
|. 2BF2
|. 74 15
|. 33D2
|. 85F6
|. 0F9FC2
|. 8D5412 FF
|. 8BF2
|. 85F6
|.^ 0F85 91F6FFFF
|> 0FB670 ED
|. 0FB651 ED
|. 2BF2
|. 74 11
|. 33D2
|. 85F6
|. 0F9FC2
|. 8D5412 FF
|. 8BF2
|. EB 02
|> 33F6
|> 85F6
|.^ 0F85 6CF6FFFF
|> 8B50 EE
SystemInfo.42FCC9
|. 3B51 EE
|. 74 7D
|. 0FB6F2
|. 0FB651 EE
|. 2BF2
|. 74 15
|. 33D2
|. 85F6
|. 0F9FC2
|. 8D5412 FF
|. 8BF2
|. 85F6
|.^ 0F85 44F6FFFF
|> 0FB670 EF
|. 0FB651 EF
|. 2BF2
|. 74 15
|. 33D2
|. 85F6
|. 0F9FC2
|. 8D5412 FF
|. 8BF2
|. 85F6
|.^ 0F85 23F6FFFF
|> 0FB670 F0
|. 0FB651 F0
|. 2BF2
|. 74 15
|. 33D2
|. 85F6
|. 0F9FC2
|. 8D5412 FF
|. 8BF2
|. 85F6

MOVZX ESI,BYTE PTR DS:[EAX-14]


MOVZX EDX,BYTE PTR DS:[ECX-14]
SUB ESI,EDX
JE SHORT 00430648
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
TEST ESI,ESI
JNE 0042FCD9
MOVZX ESI,BYTE PTR DS:[EAX-13]
MOVZX EDX,BYTE PTR DS:[ECX-13]
SUB ESI,EDX
JE SHORT 00430665
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
JMP SHORT 00430665
XOR ESI,ESI
TEST ESI,ESI
JNE 0042FCD9
MOV EDX,DWORD PTR DS:[EAX-12]
CMP EDX,DWORD PTR DS:[ECX-12]
JE SHORT 004306F2
MOVZX ESI,DL
MOVZX EDX,BYTE PTR DS:[ECX-12]
SUB ESI,EDX
JE SHORT 00430695
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
TEST ESI,ESI
JNE 0042FCD9
MOVZX ESI,BYTE PTR DS:[EAX-11]
MOVZX EDX,BYTE PTR DS:[ECX-11]
SUB ESI,EDX
JE SHORT 004306B6
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
TEST ESI,ESI
JNE 0042FCD9
MOVZX ESI,BYTE PTR DS:[EAX-10]
MOVZX EDX,BYTE PTR DS:[ECX-10]
SUB ESI,EDX
JE SHORT 004306D7
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
TEST ESI,ESI

; Case 12 o

004306D1 |.^ 0F85 02F6FFFF


004306D7 |> 0FB670 F1
004306DB |. 0FB651 F1
004306DF |. 2BF2
004306E1 |. 74 11
004306E3 |. 33D2
004306E5 |. 85F6
004306E7 |. 0F9FC2
004306EA |. 8D5412 FF
004306EE |. 8BF2
004306F0 |. EB 02
004306F2 |> 33F6
004306F4 |> 85F6
004306F6 |.^ 0F85 DDF5FFFF
004306FC |> 8B50 F2
switch SystemInfo.42FCC9
004306FF |. 3B51 F2
00430702 |. 74 7D
00430704 |. 0FB6F2
00430707 |. 0FB651 F2
0043070B |. 2BF2
0043070D |. 74 15
0043070F |. 33D2
00430711 |. 85F6
00430713 |. 0F9FC2
00430716 |. 8D5412 FF
0043071A |. 8BF2
0043071C |. 85F6
0043071E |.^ 0F85 B5F5FFFF
00430724 |> 0FB670 F3
00430728 |. 0FB651 F3
0043072C |. 2BF2
0043072E |. 74 15
00430730 |. 33D2
00430732 |. 85F6
00430734 |. 0F9FC2
00430737 |. 8D5412 FF
0043073B |. 8BF2
0043073D |. 85F6
0043073F |.^ 0F85 94F5FFFF
00430745 |> 0FB670 F4
00430749 |. 0FB651 F4
0043074D |. 2BF2
0043074F |. 74 15
00430751 |. 33D2
00430753 |. 85F6
00430755 |. 0F9FC2
00430758 |. 8D5412 FF
0043075C |. 8BF2
0043075E |. 85F6
00430760 |.^ 0F85 73F5FFFF
00430766 |> 0FB670 F5
0043076A |. 0FB651 F5
0043076E |. 2BF2
00430770 |. 74 11
00430772 |. 33D2
00430774 |. 85F6
00430776 |. 0F9FC2
00430779 |. 8D5412 FF
0043077D |. 8BF2

JNE 0042FCD9
MOVZX ESI,BYTE PTR DS:[EAX-0F]
MOVZX EDX,BYTE PTR DS:[ECX-0F]
SUB ESI,EDX
JE SHORT 004306F4
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
JMP SHORT 004306F4
XOR ESI,ESI
TEST ESI,ESI
JNE 0042FCD9
MOV EDX,DWORD PTR DS:[EAX-0E]
CMP EDX,DWORD PTR DS:[ECX-0E]
JE SHORT 00430781
MOVZX ESI,DL
MOVZX EDX,BYTE PTR DS:[ECX-0E]
SUB ESI,EDX
JE SHORT 00430724
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
TEST ESI,ESI
JNE 0042FCD9
MOVZX ESI,BYTE PTR DS:[EAX-0D]
MOVZX EDX,BYTE PTR DS:[ECX-0D]
SUB ESI,EDX
JE SHORT 00430745
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
TEST ESI,ESI
JNE 0042FCD9
MOVZX ESI,BYTE PTR DS:[EAX-0C]
MOVZX EDX,BYTE PTR DS:[ECX-0C]
SUB ESI,EDX
JE SHORT 00430766
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
TEST ESI,ESI
JNE 0042FCD9
MOVZX ESI,BYTE PTR DS:[EAX-0B]
MOVZX EDX,BYTE PTR DS:[ECX-0B]
SUB ESI,EDX
JE SHORT 00430783
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX

; Case E of

0043077F |. EB 02
00430781 |> 33F6
00430783 |> 85F6
00430785 |.^ 0F85 4EF5FFFF
0043078B |> 8B50 F6
switch SystemInfo.42FCC9
0043078E |. 3B51 F6
00430791 |. 74 7E
00430793 |. 0FB651 F6
00430797 |. 0FB670 F6
0043079B |. 2BF2
0043079D |. 74 15
0043079F |. 33D2
004307A1 |. 85F6
004307A3 |. 0F9FC2
004307A6 |. 8D5412 FF
004307AA |. 8BF2
004307AC |. 85F6
004307AE |.^ 0F85 25F5FFFF
004307B4 |> 0FB651 F7
004307B8 |. 0FB670 F7
004307BC |. 2BF2
004307BE |. 74 15
004307C0 |. 33D2
004307C2 |. 85F6
004307C4 |. 0F9FC2
004307C7 |. 8D5412 FF
004307CB |. 8BF2
004307CD |. 85F6
004307CF |.^ 0F85 04F5FFFF
004307D5 |> 0FB651 F8
004307D9 |. 0FB670 F8
004307DD |. 2BF2
004307DF |. 74 15
004307E1 |. 33D2
004307E3 |. 85F6
004307E5 |. 0F9FC2
004307E8 |. 8D5412 FF
004307EC |. 8BF2
004307EE |. 85F6
004307F0 |.^ 0F85 E3F4FFFF
004307F6 |> 0FB651 F9
004307FA |. 0FB670 F9
004307FE |. 2BF2
00430800 |. 74 11
00430802 |. 33D2
00430804 |. 85F6
00430806 |. 0F9FC2
00430809 |. 8D5412 FF
0043080D |. 8BF2
0043080F |. EB 02
00430811 |> 33F6
00430813 |> 85F6
00430815 |.^ 0F85 BEF4FFFF
0043081B |> 8B50 FA
switch SystemInfo.42FCC9
0043081E |. 3B51 FA
00430821 |. 74 7D
00430823 |. 0FB6F2
00430826 |. 0FB651 FA

JMP SHORT 00430783


XOR ESI,ESI
TEST ESI,ESI
JNE 0042FCD9
MOV EDX,DWORD PTR DS:[EAX-0A]

; Case A of

CMP EDX,DWORD PTR DS:[ECX-0A]


JE SHORT 00430811
MOVZX EDX,BYTE PTR DS:[ECX-0A]
MOVZX ESI,BYTE PTR DS:[EAX-0A]
SUB ESI,EDX
JE SHORT 004307B4
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
TEST ESI,ESI
JNE 0042FCD9
MOVZX EDX,BYTE PTR DS:[ECX-9]
MOVZX ESI,BYTE PTR DS:[EAX-9]
SUB ESI,EDX
JE SHORT 004307D5
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
TEST ESI,ESI
JNE 0042FCD9
MOVZX EDX,BYTE PTR DS:[ECX-8]
MOVZX ESI,BYTE PTR DS:[EAX-8]
SUB ESI,EDX
JE SHORT 004307F6
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
TEST ESI,ESI
JNE 0042FCD9
MOVZX EDX,BYTE PTR DS:[ECX-7]
MOVZX ESI,BYTE PTR DS:[EAX-7]
SUB ESI,EDX
JE SHORT 00430813
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
JMP SHORT 00430813
XOR ESI,ESI
TEST ESI,ESI
JNE 0042FCD9
MOV EDX,DWORD PTR DS:[EAX-6]

; Case 6 of

CMP EDX,DWORD PTR DS:[ECX-6]


JE SHORT 004308A0
MOVZX ESI,DL
MOVZX EDX,BYTE PTR DS:[ECX-6]

0043082A |. 2BF2
0043082C |. 74 15
0043082E |. 33D2
00430830 |. 85F6
00430832 |. 0F9FC2
00430835 |. 8D5412 FF
00430839 |. 8BF2
0043083B |. 85F6
0043083D |.^ 0F85 96F4FFFF
00430843 |> 0FB670 FB
00430847 |. 0FB651 FB
0043084B |. 2BF2
0043084D |. 74 15
0043084F |. 33D2
00430851 |. 85F6
00430853 |. 0F9FC2
00430856 |. 8D5412 FF
0043085A |. 8BF2
0043085C |. 85F6
0043085E |.^ 0F85 75F4FFFF
00430864 |> 0FB670 FC
00430868 |. 0FB651 FC
0043086C |. 2BF2
0043086E |. 74 15
00430870 |. 33D2
00430872 |. 85F6
00430874 |. 0F9FC2
00430877 |. 8D5412 FF
0043087B |. 8BF2
0043087D |. 85F6
0043087F |.^ 0F85 54F4FFFF
00430885 |> 0FB670 FD
00430889 |. 0FB651 FD
0043088D |. 2BF2
0043088F |. 74 11
00430891 |. 33D2
00430893 |. 85F6
00430895 |. 0F9FC2
00430898 |. 8D5412 FF
0043089C |. 8BF2
0043089E |. EB 02
004308A0 |> 33F6
004308A2 |> 85F6
004308A4 |.^ 0F85 2FF4FFFF
004308AA |> 66:8B50 FE
switch SystemInfo.42FCC9
004308AE |. 66:3B51 FE
004308B2 |.^ 0F84 F4F7FFFF
004308B8 |> 0FB651 FE
004308BC |. 0FB670 FE
004308C0 |. 2BF2
004308C2 |.^ 0F84 D6FBFFFF
004308C8 |. 33D2
004308CA |. 85F6
004308CC |. 0F9FC2
004308CF |. 8D5412 FF
004308D3 |. 85D2
004308D5 |. 0F85 13040000
004308DB |.^ E9 BEFBFFFF
004308E0 |> 8B50 E1

SUB ESI,EDX
JE SHORT 00430843
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
TEST ESI,ESI
JNE 0042FCD9
MOVZX ESI,BYTE PTR DS:[EAX-5]
MOVZX EDX,BYTE PTR DS:[ECX-5]
SUB ESI,EDX
JE SHORT 00430864
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
TEST ESI,ESI
JNE 0042FCD9
MOVZX ESI,BYTE PTR DS:[EAX-4]
MOVZX EDX,BYTE PTR DS:[ECX-4]
SUB ESI,EDX
JE SHORT 00430885
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
TEST ESI,ESI
JNE 0042FCD9
MOVZX ESI,BYTE PTR DS:[EAX-3]
MOVZX EDX,BYTE PTR DS:[ECX-3]
SUB ESI,EDX
JE SHORT 004308A2
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
JMP SHORT 004308A2
XOR ESI,ESI
TEST ESI,ESI
JNE 0042FCD9
MOV DX,WORD PTR DS:[EAX-2]

; Case 2 of

CMP DX,WORD PTR DS:[ECX-2]


JE 004300AC
MOVZX EDX,BYTE PTR DS:[ECX-2]
MOVZX ESI,BYTE PTR DS:[EAX-2]
SUB ESI,EDX
JE 0043049E
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
TEST EDX,EDX
JNE 00430CEE
JMP 0043049E
MOV EDX,DWORD PTR DS:[EAX-1F]

; Case 1F o

f switch
004308E3
004308E6
004308E8
004308EC
004308F0
004308F2
004308F4
004308F6
004308F8
004308FB
004308FF
00430901
00430903
00430909
0043090D
00430911
00430913
00430915
00430917
00430919
0043091C
00430920
00430922
00430924
0043092A
0043092E
00430932
00430934
00430936
00430938
0043093A
0043093D
00430941
00430943
00430945
0043094B
0043094F
00430953
00430955
00430957
00430959
0043095B
0043095E
00430962
00430964
00430966
00430968
0043096A
00430970
f switch
00430973
00430976
00430978
0043097B
0043097F
00430981
00430983
00430985
00430987

SystemInfo.42FCC9
|. 3B51 E1
|. 74 7E
|. 0FB651 E1
|. 0FB670 E1
|. 2BF2
|. 74 15
|. 33D2
|. 85F6
|. 0F9FC2
|. 8D5412 FF
|. 8BF2
|. 85F6
|.^ 0F85 D0F3FFFF
|> 0FB670 E2
|. 0FB651 E2
|. 2BF2
|. 74 15
|. 33D2
|. 85F6
|. 0F9FC2
|. 8D5412 FF
|. 8BF2
|. 85F6
|.^ 0F85 AFF3FFFF
|> 0FB670 E3
|. 0FB651 E3
|. 2BF2
|. 74 15
|. 33D2
|. 85F6
|. 0F9FC2
|. 8D5412 FF
|. 8BF2
|. 85F6
|.^ 0F85 8EF3FFFF
|> 0FB670 E4
|. 0FB651 E4
|. 2BF2
|. 74 11
|. 33D2
|. 85F6
|. 0F9FC2
|. 8D5412 FF
|. 8BF2
|. EB 02
|> 33F6
|> 85F6
|.^ 0F85 69F3FFFF
|> 8B50 E5
SystemInfo.42FCC9
|. 3B51 E5
|. 74 7D
|. 0FB6F2
|. 0FB651 E5
|. 2BF2
|. 74 15
|. 33D2
|. 85F6
|. 0F9FC2

CMP EDX,DWORD PTR DS:[ECX-1F]


JE SHORT 00430966
MOVZX EDX,BYTE PTR DS:[ECX-1F]
MOVZX ESI,BYTE PTR DS:[EAX-1F]
SUB ESI,EDX
JE SHORT 00430909
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
TEST ESI,ESI
JNE 0042FCD9
MOVZX ESI,BYTE PTR DS:[EAX-1E]
MOVZX EDX,BYTE PTR DS:[ECX-1E]
SUB ESI,EDX
JE SHORT 0043092A
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
TEST ESI,ESI
JNE 0042FCD9
MOVZX ESI,BYTE PTR DS:[EAX-1D]
MOVZX EDX,BYTE PTR DS:[ECX-1D]
SUB ESI,EDX
JE SHORT 0043094B
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
TEST ESI,ESI
JNE 0042FCD9
MOVZX ESI,BYTE PTR DS:[EAX-1C]
MOVZX EDX,BYTE PTR DS:[ECX-1C]
SUB ESI,EDX
JE SHORT 00430968
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
JMP SHORT 00430968
XOR ESI,ESI
TEST ESI,ESI
JNE 0042FCD9
MOV EDX,DWORD PTR DS:[EAX-1B]
CMP EDX,DWORD PTR DS:[ECX-1B]
JE SHORT 004309F5
MOVZX ESI,DL
MOVZX EDX,BYTE PTR DS:[ECX-1B]
SUB ESI,EDX
JE SHORT 00430998
XOR EDX,EDX
TEST ESI,ESI
SETG DL

; Case 1B o

0043098A
0043098E
00430990
00430992
00430998
0043099C
004309A0
004309A2
004309A4
004309A6
004309A8
004309AB
004309AF
004309B1
004309B3
004309B9
004309BD
004309C1
004309C3
004309C5
004309C7
004309C9
004309CC
004309D0
004309D2
004309D4
004309DA
004309DE
004309E2
004309E4
004309E6
004309E8
004309EA
004309ED
004309F1
004309F3
004309F5
004309F7
004309F9
004309FF
f switch
00430A02
00430A05
00430A07
00430A0A
00430A0E
00430A10
00430A12
00430A14
00430A16
00430A19
00430A1D
00430A1F
00430A21
00430A27
00430A2B
00430A2F
00430A31
00430A33
00430A35

|. 8D5412 FF
|. 8BF2
|. 85F6
|.^ 0F85 41F3FFFF
|> 0FB670 E6
|. 0FB651 E6
|. 2BF2
|. 74 15
|. 33D2
|. 85F6
|. 0F9FC2
|. 8D5412 FF
|. 8BF2
|. 85F6
|.^ 0F85 20F3FFFF
|> 0FB670 E7
|. 0FB651 E7
|. 2BF2
|. 74 15
|. 33D2
|. 85F6
|. 0F9FC2
|. 8D5412 FF
|. 8BF2
|. 85F6
|.^ 0F85 FFF2FFFF
|> 0FB670 E8
|. 0FB651 E8
|. 2BF2
|. 74 11
|. 33D2
|. 85F6
|. 0F9FC2
|. 8D5412 FF
|. 8BF2
|. EB 02
|> 33F6
|> 85F6
|.^ 0F85 DAF2FFFF
|> 8B50 E9
SystemInfo.42FCC9
|. 3B51 E9
|. 74 7D
|. 0FB6F2
|. 0FB651 E9
|. 2BF2
|. 74 15
|. 33D2
|. 85F6
|. 0F9FC2
|. 8D5412 FF
|. 8BF2
|. 85F6
|.^ 0F85 B2F2FFFF
|> 0FB670 EA
|. 0FB651 EA
|. 2BF2
|. 74 15
|. 33D2
|. 85F6

LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
TEST ESI,ESI
JNE 0042FCD9
MOVZX ESI,BYTE PTR DS:[EAX-1A]
MOVZX EDX,BYTE PTR DS:[ECX-1A]
SUB ESI,EDX
JE SHORT 004309B9
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
TEST ESI,ESI
JNE 0042FCD9
MOVZX ESI,BYTE PTR DS:[EAX-19]
MOVZX EDX,BYTE PTR DS:[ECX-19]
SUB ESI,EDX
JE SHORT 004309DA
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
TEST ESI,ESI
JNE 0042FCD9
MOVZX ESI,BYTE PTR DS:[EAX-18]
MOVZX EDX,BYTE PTR DS:[ECX-18]
SUB ESI,EDX
JE SHORT 004309F7
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
JMP SHORT 004309F7
XOR ESI,ESI
TEST ESI,ESI
JNE 0042FCD9
MOV EDX,DWORD PTR DS:[EAX-17]
CMP EDX,DWORD PTR DS:[ECX-17]
JE SHORT 00430A84
MOVZX ESI,DL
MOVZX EDX,BYTE PTR DS:[ECX-17]
SUB ESI,EDX
JE SHORT 00430A27
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
TEST ESI,ESI
JNE 0042FCD9
MOVZX ESI,BYTE PTR DS:[EAX-16]
MOVZX EDX,BYTE PTR DS:[ECX-16]
SUB ESI,EDX
JE SHORT 00430A48
XOR EDX,EDX
TEST ESI,ESI

; Case 17 o

00430A37
00430A3A
00430A3E
00430A40
00430A42
00430A48
00430A4C
00430A50
00430A52
00430A54
00430A56
00430A58
00430A5B
00430A5F
00430A61
00430A63
00430A69
00430A6D
00430A71
00430A73
00430A75
00430A77
00430A79
00430A7C
00430A80
00430A82
00430A84
00430A86
00430A88
00430A8E
f switch
00430A91
00430A94
00430A96
00430A99
00430A9D
00430A9F
00430AA1
00430AA3
00430AA5
00430AA8
00430AAC
00430AAE
00430AB0
00430AB6
00430ABA
00430ABE
00430AC0
00430AC2
00430AC4
00430AC6
00430AC9
00430ACD
00430ACF
00430AD1
00430AD7
00430ADB
00430ADF
00430AE1
00430AE3

|. 0F9FC2
|. 8D5412 FF
|. 8BF2
|. 85F6
|.^ 0F85 91F2FFFF
|> 0FB670 EB
|. 0FB651 EB
|. 2BF2
|. 74 15
|. 33D2
|. 85F6
|. 0F9FC2
|. 8D5412 FF
|. 8BF2
|. 85F6
|.^ 0F85 70F2FFFF
|> 0FB670 EC
|. 0FB651 EC
|. 2BF2
|. 74 11
|. 33D2
|. 85F6
|. 0F9FC2
|. 8D5412 FF
|. 8BF2
|. EB 02
|> 33F6
|> 85F6
|.^ 0F85 4BF2FFFF
|> 8B50 ED
SystemInfo.42FCC9
|. 3B51 ED
|. 74 7D
|. 0FB6F2
|. 0FB651 ED
|. 2BF2
|. 74 15
|. 33D2
|. 85F6
|. 0F9FC2
|. 8D5412 FF
|. 8BF2
|. 85F6
|.^ 0F85 23F2FFFF
|> 0FB670 EE
|. 0FB651 EE
|. 2BF2
|. 74 15
|. 33D2
|. 85F6
|. 0F9FC2
|. 8D5412 FF
|. 8BF2
|. 85F6
|.^ 0F85 02F2FFFF
|> 0FB670 EF
|. 0FB651 EF
|. 2BF2
|. 74 15
|. 33D2

SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
TEST ESI,ESI
JNE 0042FCD9
MOVZX ESI,BYTE PTR DS:[EAX-15]
MOVZX EDX,BYTE PTR DS:[ECX-15]
SUB ESI,EDX
JE SHORT 00430A69
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
TEST ESI,ESI
JNE 0042FCD9
MOVZX ESI,BYTE PTR DS:[EAX-14]
MOVZX EDX,BYTE PTR DS:[ECX-14]
SUB ESI,EDX
JE SHORT 00430A86
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
JMP SHORT 00430A86
XOR ESI,ESI
TEST ESI,ESI
JNE 0042FCD9
MOV EDX,DWORD PTR DS:[EAX-13]
CMP EDX,DWORD PTR DS:[ECX-13]
JE SHORT 00430B13
MOVZX ESI,DL
MOVZX EDX,BYTE PTR DS:[ECX-13]
SUB ESI,EDX
JE SHORT 00430AB6
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
TEST ESI,ESI
JNE 0042FCD9
MOVZX ESI,BYTE PTR DS:[EAX-12]
MOVZX EDX,BYTE PTR DS:[ECX-12]
SUB ESI,EDX
JE SHORT 00430AD7
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
TEST ESI,ESI
JNE 0042FCD9
MOVZX ESI,BYTE PTR DS:[EAX-11]
MOVZX EDX,BYTE PTR DS:[ECX-11]
SUB ESI,EDX
JE SHORT 00430AF8
XOR EDX,EDX

; Case 13 o

00430AE5 |. 85F6
00430AE7 |. 0F9FC2
00430AEA |. 8D5412 FF
00430AEE |. 8BF2
00430AF0 |. 85F6
00430AF2 |.^ 0F85 E1F1FFFF
00430AF8 |> 0FB670 F0
00430AFC |. 0FB651 F0
00430B00 |. 2BF2
00430B02 |. 74 11
00430B04 |. 33D2
00430B06 |. 85F6
00430B08 |. 0F9FC2
00430B0B |. 8D5412 FF
00430B0F |. 8BF2
00430B11 |. EB 02
00430B13 |> 33F6
00430B15 |> 85F6
00430B17 |.^ 0F85 BCF1FFFF
00430B1D |> 8B50 F1
switch SystemInfo.42FCC9
00430B20 |. 3B51 F1
00430B23 |. 74 7E
00430B25 |. 0FB651 F1
00430B29 |. 0FB670 F1
00430B2D |. 2BF2
00430B2F |. 74 15
00430B31 |. 33D2
00430B33 |. 85F6
00430B35 |. 0F9FC2
00430B38 |. 8D5412 FF
00430B3C |. 8BF2
00430B3E |. 85F6
00430B40 |.^ 0F85 93F1FFFF
00430B46 |> 0FB670 F2
00430B4A |. 0FB651 F2
00430B4E |. 2BF2
00430B50 |. 74 15
00430B52 |. 33D2
00430B54 |. 85F6
00430B56 |. 0F9FC2
00430B59 |. 8D5412 FF
00430B5D |. 8BF2
00430B5F |. 85F6
00430B61 |.^ 0F85 72F1FFFF
00430B67 |> 0FB670 F3
00430B6B |. 0FB651 F3
00430B6F |. 2BF2
00430B71 |. 74 15
00430B73 |. 33D2
00430B75 |. 85F6
00430B77 |. 0F9FC2
00430B7A |. 8D5412 FF
00430B7E |. 8BF2
00430B80 |. 85F6
00430B82 |.^ 0F85 51F1FFFF
00430B88 |> 0FB670 F4
00430B8C |. 0FB651 F4
00430B90 |. 2BF2
00430B92 |. 74 11

TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
TEST ESI,ESI
JNE 0042FCD9
MOVZX ESI,BYTE PTR DS:[EAX-10]
MOVZX EDX,BYTE PTR DS:[ECX-10]
SUB ESI,EDX
JE SHORT 00430B15
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
JMP SHORT 00430B15
XOR ESI,ESI
TEST ESI,ESI
JNE 0042FCD9
MOV EDX,DWORD PTR DS:[EAX-0F]
CMP EDX,DWORD PTR DS:[ECX-0F]
JE SHORT 00430BA3
MOVZX EDX,BYTE PTR DS:[ECX-0F]
MOVZX ESI,BYTE PTR DS:[EAX-0F]
SUB ESI,EDX
JE SHORT 00430B46
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
TEST ESI,ESI
JNE 0042FCD9
MOVZX ESI,BYTE PTR DS:[EAX-0E]
MOVZX EDX,BYTE PTR DS:[ECX-0E]
SUB ESI,EDX
JE SHORT 00430B67
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
TEST ESI,ESI
JNE 0042FCD9
MOVZX ESI,BYTE PTR DS:[EAX-0D]
MOVZX EDX,BYTE PTR DS:[ECX-0D]
SUB ESI,EDX
JE SHORT 00430B88
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
TEST ESI,ESI
JNE 0042FCD9
MOVZX ESI,BYTE PTR DS:[EAX-0C]
MOVZX EDX,BYTE PTR DS:[ECX-0C]
SUB ESI,EDX
JE SHORT 00430BA5

; Case F of

00430B94 |. 33D2
00430B96 |. 85F6
00430B98 |. 0F9FC2
00430B9B |. 8D5412 FF
00430B9F |. 8BF2
00430BA1 |. EB 02
00430BA3 |> 33F6
00430BA5 |> 85F6
00430BA7 |.^ 0F85 2CF1FFFF
00430BAD |> 8B50 F5
switch SystemInfo.42FCC9
00430BB0 |. 3B51 F5
00430BB3 |. 74 7D
00430BB5 |. 0FB6F2
00430BB8 |. 0FB651 F5
00430BBC |. 2BF2
00430BBE |. 74 15
00430BC0 |. 33D2
00430BC2 |. 85F6
00430BC4 |. 0F9FC2
00430BC7 |. 8D5412 FF
00430BCB |. 8BF2
00430BCD |. 85F6
00430BCF |.^ 0F85 04F1FFFF
00430BD5 |> 0FB670 F6
00430BD9 |. 0FB651 F6
00430BDD |. 2BF2
00430BDF |. 74 15
00430BE1 |. 33D2
00430BE3 |. 85F6
00430BE5 |. 0F9FC2
00430BE8 |. 8D5412 FF
00430BEC |. 8BF2
00430BEE |. 85F6
00430BF0 |.^ 0F85 E3F0FFFF
00430BF6 |> 0FB670 F7
00430BFA |. 0FB651 F7
00430BFE |. 2BF2
00430C00 |. 74 15
00430C02 |. 33D2
00430C04 |. 85F6
00430C06 |. 0F9FC2
00430C09 |. 8D5412 FF
00430C0D |. 8BF2
00430C0F |. 85F6
00430C11 |.^ 0F85 C2F0FFFF
00430C17 |> 0FB670 F8
00430C1B |. 0FB651 F8
00430C1F |. 2BF2
00430C21 |. 74 11
00430C23 |. 33D2
00430C25 |. 85F6
00430C27 |. 0F9FC2
00430C2A |. 8D5412 FF
00430C2E |. 8BF2
00430C30 |. EB 02
00430C32 |> 33F6
00430C34 |> 85F6
00430C36 |.^ 0F85 9DF0FFFF
00430C3C |> 8B50 F9

XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
JMP SHORT 00430BA5
XOR ESI,ESI
TEST ESI,ESI
JNE 0042FCD9
MOV EDX,DWORD PTR DS:[EAX-0B]

; Case B of

CMP EDX,DWORD PTR DS:[ECX-0B]


JE SHORT 00430C32
MOVZX ESI,DL
MOVZX EDX,BYTE PTR DS:[ECX-0B]
SUB ESI,EDX
JE SHORT 00430BD5
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
TEST ESI,ESI
JNE 0042FCD9
MOVZX ESI,BYTE PTR DS:[EAX-0A]
MOVZX EDX,BYTE PTR DS:[ECX-0A]
SUB ESI,EDX
JE SHORT 00430BF6
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
TEST ESI,ESI
JNE 0042FCD9
MOVZX ESI,BYTE PTR DS:[EAX-9]
MOVZX EDX,BYTE PTR DS:[ECX-9]
SUB ESI,EDX
JE SHORT 00430C17
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
TEST ESI,ESI
JNE 0042FCD9
MOVZX ESI,BYTE PTR DS:[EAX-8]
MOVZX EDX,BYTE PTR DS:[ECX-8]
SUB ESI,EDX
JE SHORT 00430C34
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
JMP SHORT 00430C34
XOR ESI,ESI
TEST ESI,ESI
JNE 0042FCD9
MOV EDX,DWORD PTR DS:[EAX-7]

; Case 7 of

switch SystemInfo.42FCC9
00430C3F |. 3B51 F9
00430C42 |. 74 7D
00430C44 |. 0FB6F2
00430C47 |. 0FB651 F9
00430C4B |. 2BF2
00430C4D |. 74 15
00430C4F |. 33D2
00430C51 |. 85F6
00430C53 |. 0F9FC2
00430C56 |. 8D5412 FF
00430C5A |. 8BF2
00430C5C |. 85F6
00430C5E |.^ 0F85 75F0FFFF
00430C64 |> 0FB670 FA
00430C68 |. 0FB651 FA
00430C6C |. 2BF2
00430C6E |. 74 15
00430C70 |. 33D2
00430C72 |. 85F6
00430C74 |. 0F9FC2
00430C77 |. 8D5412 FF
00430C7B |. 8BF2
00430C7D |. 85F6
00430C7F |.^ 0F85 54F0FFFF
00430C85 |> 0FB670 FB
00430C89 |. 0FB651 FB
00430C8D |. 2BF2
00430C8F |. 74 15
00430C91 |. 33D2
00430C93 |. 85F6
00430C95 |. 0F9FC2
00430C98 |. 8D5412 FF
00430C9C |. 8BF2
00430C9E |. 85F6
00430CA0 |.^ 0F85 33F0FFFF
00430CA6 |> 0FB670 FC
00430CAA |. 0FB651 FC
00430CAE |. 2BF2
00430CB0 |. 74 11
00430CB2 |. 33D2
00430CB4 |. 85F6
00430CB6 |. 0F9FC2
00430CB9 |. 8D5412 FF
00430CBD |. 8BF2
00430CBF |. EB 02
00430CC1 |> 33F6
00430CC3 |> 85F6
00430CC5 |.^ 0F85 0EF0FFFF
00430CCB |> 0FB670 FD
switch SystemInfo.42FCC9
00430CCF |. 0FB651 FD
00430CD3 |. 2BF2
00430CD5 |.^ 0F84 DDFBFFFF
00430CDB |. 33D2
00430CDD |. 85F6
00430CDF |. 0F9FC2
00430CE2 |. 8D5412 FF
00430CE6 |. 85D2
00430CE8 |.^ 0F84 CAFBFFFF

CMP EDX,DWORD PTR DS:[ECX-7]


JE SHORT 00430CC1
MOVZX ESI,DL
MOVZX EDX,BYTE PTR DS:[ECX-7]
SUB ESI,EDX
JE SHORT 00430C64
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
TEST ESI,ESI
JNE 0042FCD9
MOVZX ESI,BYTE PTR DS:[EAX-6]
MOVZX EDX,BYTE PTR DS:[ECX-6]
SUB ESI,EDX
JE SHORT 00430C85
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
TEST ESI,ESI
JNE 0042FCD9
MOVZX ESI,BYTE PTR DS:[EAX-5]
MOVZX EDX,BYTE PTR DS:[ECX-5]
SUB ESI,EDX
JE SHORT 00430CA6
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
TEST ESI,ESI
JNE 0042FCD9
MOVZX ESI,BYTE PTR DS:[EAX-4]
MOVZX EDX,BYTE PTR DS:[ECX-4]
SUB ESI,EDX
JE SHORT 00430CC3
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
MOV ESI,EDX
JMP SHORT 00430CC3
XOR ESI,ESI
TEST ESI,ESI
JNE 0042FCD9
MOVZX ESI,BYTE PTR DS:[EAX-3]
MOVZX EDX,BYTE PTR DS:[ECX-3]
SUB ESI,EDX
JE 004308B8
XOR EDX,EDX
TEST ESI,ESI
SETG DL
LEA EDX,[EDX+EDX-1]
TEST EDX,EDX
JE 004308B8

; Case 3 of

00430CEE |> 8BC2


00430CF0 |.^ E9 B9F3FFFF
00430CF5 |> 8B4D 08
switch SystemInfo.42F817
00430CF8 |. 8B75 0C
00430CFB |. 0FB601
00430CFE |. 0FB616
00430D01 |. 2BC2
00430D03 |. 74 15
00430D05 |. 33D2
00430D07 |. 85C0
00430D09 |. 0F9FC2
00430D0C |. 8D5412 FF
00430D10 |. 8BC2
00430D12 |. 85C0
00430D14 |. 0F85 ED000000
00430D1A |> 0FB641 01
00430D1E |. 0FB656 01
00430D22 |. 2BC2
00430D24 |. 74 15
00430D26 |. 33D2
00430D28 |. 85C0
00430D2A |. 0F9FC2
00430D2D |. 8D5412 FF
00430D31 |. 8BC2
00430D33 |. 85C0
00430D35 |. 0F85 CC000000
00430D3B |> 0FB641 02
00430D3F |. 0FB656 02
00430D43 |. 2BC2
00430D45 |. 74 15
00430D47 |. 33D2
00430D49 |. 85C0
00430D4B |. 0F9FC2
00430D4E |. 8D5412 FF
00430D52 |. 8BC2
00430D54 |. 85C0
00430D56 |. 0F85 AB000000
00430D5C |> 0FB641 03
00430D60 |. 0FB64E 03
00430D64 |> 2BC1
00430D66 |. 0F84 9B000000
00430D6C |. 33C9
00430D6E |. 85C0
00430D70 |. 0F9FC1
00430D73 |. 8D4C09 FF
00430D77 |. 8BC1
00430D79 |. E9 89000000
00430D7E |> 8B4D 08
switch SystemInfo.42F817
00430D81 |. 8B75 0C
00430D84 |. 0FB601
00430D87 |. 0FB616
00430D8A |. 2BC2
00430D8C |. 74 11
00430D8E |. 33D2
00430D90 |. 85C0
00430D92 |. 0F9FC2
00430D95 |. 8D5412 FF
00430D99 |. 8BC2

MOV EAX,EDX
JMP 004300AE
MOV ECX,DWORD PTR SS:[ARG.1]

; Case 4 of

MOV ESI,DWORD PTR SS:[ARG.2]


MOVZX EAX,BYTE PTR DS:[ECX]
MOVZX EDX,BYTE PTR DS:[ESI]
SUB EAX,EDX
JE SHORT 00430D1A
XOR EDX,EDX
TEST EAX,EAX
SETG DL
LEA EDX,[EDX+EDX-1]
MOV EAX,EDX
TEST EAX,EAX
JNE 00430E07
MOVZX EAX,BYTE PTR DS:[ECX+1]
MOVZX EDX,BYTE PTR DS:[ESI+1]
SUB EAX,EDX
JE SHORT 00430D3B
XOR EDX,EDX
TEST EAX,EAX
SETG DL
LEA EDX,[EDX+EDX-1]
MOV EAX,EDX
TEST EAX,EAX
JNE 00430E07
MOVZX EAX,BYTE PTR DS:[ECX+2]
MOVZX EDX,BYTE PTR DS:[ESI+2]
SUB EAX,EDX
JE SHORT 00430D5C
XOR EDX,EDX
TEST EAX,EAX
SETG DL
LEA EDX,[EDX+EDX-1]
MOV EAX,EDX
TEST EAX,EAX
JNE 00430E07
MOVZX EAX,BYTE PTR DS:[ECX+3]
MOVZX ECX,BYTE PTR DS:[ESI+3]
SUB EAX,ECX
JE 00430E07
XOR ECX,ECX
TEST EAX,EAX
SETG CL
LEA ECX,[ECX+ECX-1]
MOV EAX,ECX
JMP 00430E07
MOV ECX,DWORD PTR SS:[ARG.1]

; Case 3 of

MOV ESI,DWORD PTR SS:[ARG.2]


MOVZX EAX,BYTE PTR DS:[ECX]
MOVZX EDX,BYTE PTR DS:[ESI]
SUB EAX,EDX
JE SHORT 00430D9F
XOR EDX,EDX
TEST EAX,EAX
SETG DL
LEA EDX,[EDX+EDX-1]
MOV EAX,EDX

00430D9B |. 85C0
00430D9D |. 75 68
00430D9F |> 0FB641 01
00430DA3 |. 0FB656 01
00430DA7 |. 2BC2
00430DA9 |. 74 11
00430DAB |. 33D2
00430DAD |. 85C0
00430DAF |. 0F9FC2
00430DB2 |. 8D5412 FF
00430DB6 |. 8BC2
00430DB8 |. 85C0
00430DBA |. 75 4B
00430DBC |> 0FB641 02
00430DC0 |. 0FB64E 02
00430DC4 |.^ EB 9E
00430DC6 |> 8B4D 08
switch SystemInfo.42F817
00430DC9 |. 8B75 0C
00430DCC |. 0FB601
00430DCF |. 0FB616
00430DD2 |. 2BC2
00430DD4 |. 74 11
00430DD6 |. 33D2
00430DD8 |. 85C0
00430DDA |. 0F9FC2
00430DDD |. 8D5412 FF
00430DE1 |. 8BC2
00430DE3 |. 85C0
00430DE5 |. 75 20
00430DE7 |> 0FB641 01
00430DEB |. 0FB64E 01
00430DEF |.^ E9 70FFFFFF
00430DF4 |> 8B45 08
switch SystemInfo.42F817
00430DF7 |. 8B4D 0C
00430DFA |. 0FB600
00430DFD |. 0FB609
00430E00 |.^ E9 5FFFFFFF
00430E05 |> 33C0
switch SystemInfo.42F817
00430E07 |> 5F
00430E08 |. 5E
00430E09 |. 5D
00430E0A \. C3
00430E0B . AC004300
00430E0F . 9E044300
00430E13 . AA084300
00430E17 . CB0C4300
00430E1B . 2F004300
00430E1F . 0F044300
00430E23 . 1B084300
00430E27 . 3C0C4300
00430E2B . A0FF4200
00430E2F . 7F034300
00430E33 . 8B074300
00430E37 . AD0B4300
00430E3B . 10FF4200
00430E3F . F0024300
00430E43 . FC064300

TEST EAX,EAX
JNE SHORT 00430E07
MOVZX EAX,BYTE PTR DS:[ECX+1]
MOVZX EDX,BYTE PTR DS:[ESI+1]
SUB EAX,EDX
JE SHORT 00430DBC
XOR EDX,EDX
TEST EAX,EAX
SETG DL
LEA EDX,[EDX+EDX-1]
MOV EAX,EDX
TEST EAX,EAX
JNE SHORT 00430E07
MOVZX EAX,BYTE PTR DS:[ECX+2]
MOVZX ECX,BYTE PTR DS:[ESI+2]
JMP SHORT 00430D64
MOV ECX,DWORD PTR SS:[ARG.1]

; Case 2 of

MOV ESI,DWORD PTR SS:[ARG.2]


MOVZX EAX,BYTE PTR DS:[ECX]
MOVZX EDX,BYTE PTR DS:[ESI]
SUB EAX,EDX
JE SHORT 00430DE7
XOR EDX,EDX
TEST EAX,EAX
SETG DL
LEA EDX,[EDX+EDX-1]
MOV EAX,EDX
TEST EAX,EAX
JNE SHORT 00430E07
MOVZX EAX,BYTE PTR DS:[ECX+1]
MOVZX ECX,BYTE PTR DS:[ESI+1]
JMP 00430D64
MOV EAX,DWORD PTR SS:[ARG.1]

; Case 1 of

MOV ECX,DWORD PTR SS:[ARG.2]


MOVZX EAX,BYTE PTR DS:[EAX]
MOVZX ECX,BYTE PTR DS:[ECX]
JMP 00430D64
XOR EAX,EAX

; Case 0 of

POP EDI
POP ESI
POP EBP
RETN
DD 004300AC
DD 0043049E
DD 004308AA
DD 00430CCB
DD 0043002F
DD 0043040F
DD 0043081B
DD 00430C3C
DD 0042FFA0
DD 0043037F
DD 0043078B
DD 00430BAD
DD 0042FF10
DD 004302F0
DD 004306FC

00430E47 .
00430E4B .
00430E4F .
00430E53 .
00430E57 .
00430E5B .
00430E5F .
00430E63 .
00430E67 .
00430E6B .
00430E6F .
00430E73 .
00430E77 .
00430E7B .
00430E7F .
00430E83 .
00430E87 .
00430E8B /$
00430E8D |.
00430E8E |.
00430E90 |.
00430E91 |.
00430E92 |.
00430E95 |.
00430E9B |.
00430E9D |.
00430E9E |.
00430EA0 |.
00430EA2 |.
00430EA7 |.
00430EA9 |.
00430EAF |.
00430EB1 |.
00430EB3 |.
00430EB5 |.
00430EB7 |.
00430EBD |.
00430EBF |.
00430EC1 |.
00430EC3 |.
00430EC5 |.
00430EC6 |.
fo.004331DE
00430ECB |.
00430ED1 |.
00430ED6 |.
00430ED7 |.
00430ED8 |>
00430EDE |.
00430EE0 |.
00430EE2 |.
00430EE4 |.
00430EE6 |.
00430EE7 |.
fo.004331DE
00430EEC |.
00430EF2 |.
fo.00437F9E
00430EF7 |.
00430EF8 |.

1D0B4300
81FE4200
61024300
6D064300
8E0A4300
F2FD4200
D2014300
DE054300
FF094300
63FD4200
43014300
4F054300
70094300
E0FC4200
B4004300
C0044300
E0084300
8BFF
55
8BEC
53
56
8B75 08
8B86 BC000000
33DB
57
3BC3
74 6F
3D E4154500
74 68
8B86 B0000000
3BC3
74 5E
3918
75 5A
8B86 B8000000
3BC3
74 17
3918
75 13
50
E8 13230000

DD 00430B1D
DD 0042FE81
DD 00430261
DD 0043066D
DD 00430A8E
DD 0042FDF2
DD 004301D2
DD 004305DE
DD 004309FF
DD 0042FD63
DD 00430143
DD 0043054F
DD 00430970
DD 0042FCE0
DD 004300B4
DD 004304C0
DD 004308E0
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
PUSH EBX
PUSH ESI
MOV ESI,DWORD PTR SS:[ARG.1]
MOV EAX,DWORD PTR DS:[ESI+0BC]
XOR EBX,EBX
PUSH EDI
CMP EAX,EBX
JE SHORT 00430F11
CMP EAX,OFFSET 004515E4
JE SHORT 00430F11
MOV EAX,DWORD PTR DS:[ESI+0B0]
CMP EAX,EBX
JE SHORT 00430F11
CMP DWORD PTR DS:[EAX],EBX
JNE SHORT 00430F11
MOV EAX,DWORD PTR DS:[ESI+0B8]
CMP EAX,EBX
JE SHORT 00430ED8
CMP DWORD PTR DS:[EAX],EBX
JNE SHORT 00430ED8
PUSH EAX
CALL 004331DE

; /Arg1
; \SystemIn

FFB6 BC000000
E8 D7720000
59
59
8B86 B4000000
3BC3
74 17
3918
75 13
50
E8 F2220000

PUSH DWORD PTR DS:[ESI+0BC]


CALL 004381AD
POP ECX
POP ECX
MOV EAX,DWORD PTR DS:[ESI+0B4]
CMP EAX,EBX
JE SHORT 00430EF9
CMP DWORD PTR DS:[EAX],EBX
JNE SHORT 00430EF9
PUSH EAX
CALL 004331DE

; /Arg1
; \SystemIn

FFB6 BC000000 PUSH DWORD PTR DS:[ESI+0BC]


E8 A7700000 CALL 00437F9E
59
59

POP ECX
POP ECX

; /Arg1
; \SystemIn

00430EF9 |>
00430EFF |.
fo.004331DE
00430F04 |.
00430F0A |.
fo.004331DE
00430F0F |.
00430F10 |.
00430F11 |>
00430F17 |.
00430F19 |.
00430F1B |.
00430F1D |.
00430F1F |.
00430F25 |.
00430F2A |.
00430F2B |.
fo.004331DE
00430F30 |.
00430F36 |.
00430F3B |.
00430F3D |.
00430F3E |.
fo.004331DE
00430F43 |.
00430F49 |.
00430F4B |.
00430F4C |.
fo.004331DE
00430F51 |.
00430F57 |.
fo.004331DE
00430F5C |.
00430F5F |>
00430F65 |.
00430F67 |.
CII "Sun"
00430F6C |.
00430F6E |.
00430F74 |.
00430F76 |.
00430F77 |.
00430F7C |.
00430F7E |.
fo.004331DE
00430F83 |.
00430F84 |.
00430F85 |>
00430F88 |.
00430F8F |>
00430F96 |.
00430F98 |.
00430F9A |.
00430F9C |.
00430F9E |.
00430FA0 |.
00430FA2 |.
00430FA3 |.
fo.004331DE
00430FA8 |.

FFB6 B0000000 PUSH DWORD PTR DS:[ESI+0B0]


E8 DA220000 CALL 004331DE

; /Arg1
; \SystemIn

FFB6 BC000000 PUSH DWORD PTR DS:[ESI+0BC]


E8 CF220000 CALL 004331DE

; /Arg1
; \SystemIn

59
59
8B86 C0000000
3BC3
74 44
3918
75 40
8B86 C4000000
2D FE000000
50
E8 AE220000

POP ECX
POP ECX
MOV EAX,DWORD PTR DS:[ESI+0C0]
CMP EAX,EBX
JE SHORT 00430F5F
CMP DWORD PTR DS:[EAX],EBX
JNE SHORT 00430F5F
MOV EAX,DWORD PTR DS:[ESI+0C4]
SUB EAX,0FE
PUSH EAX
CALL 004331DE

; /Arg1
; \SystemIn

8B86 CC000000
BF 80000000
2BC7
50
E8 9B220000

MOV EAX,DWORD PTR DS:[ESI+0CC]


MOV EDI,80
SUB EAX,EDI
PUSH EAX
CALL 004331DE

; /Arg1
; \SystemIn

8B86 D0000000
2BC7
50
E8 8D220000

MOV EAX,DWORD PTR DS:[ESI+0D0]


SUB EAX,EDI
PUSH EAX
CALL 004331DE

; /Arg1
; \SystemIn

FFB6 C0000000 PUSH DWORD PTR DS:[ESI+0C0]


E8 82220000 CALL 004331DE

; /Arg1
; \SystemIn

83C4 10
8DBE D4000000
8B07
3D 201E4500

ADD
LEA
MOV
CMP

ESP,10
EDI,[ESI+0D4]
EAX,DWORD PTR DS:[EDI]
EAX,OFFSET 00451E20

; PTR to AS

74 17
3998 B4000000
75 0F
50
E8 146E0000
FF37
E8 5B220000

JE SHORT 00430F85
CMP DWORD PTR DS:[EAX+0B4],EBX
JNE SHORT 00430F85
PUSH EAX
CALL 00437D90
PUSH DWORD PTR DS:[EDI]
CALL 004331DE

; /Arg1
; \SystemIn

59
59
8D7E 50
C745 08 06000
817F F8 001D4
74 11
8B07
3BC3
74 0B
3918
75 07
50
E8 36220000

POP ECX
POP ECX
LEA EDI,[ESI+50]
MOV DWORD PTR SS:[ARG.1],6
/CMP DWORD PTR DS:[EDI-8],OFFSET 00451D0
|JE SHORT 00430FA9
|MOV EAX,DWORD PTR DS:[EDI]
|CMP EAX,EBX
|JE SHORT 00430FA9
|CMP DWORD PTR DS:[EAX],EBX
|JNE SHORT 00430FA9
|PUSH EAX
; /Arg1
|CALL 004331DE
; \SystemIn

59

|POP ECX

00430FA9 |> 395F FC


00430FAC |. 74 12
00430FAE |. 8B47 04
00430FB1 |. 3BC3
00430FB3 |. 74 0B
00430FB5 |. 3918
00430FB7 |. 75 07
00430FB9 |. 50
00430FBA |. E8 1F220000
fo.004331DE
00430FBF |. 59
00430FC0 |> 83C7 10
00430FC3 |. FF4D 08
00430FC6 |.^ 75 C7
00430FC8 |. 56
00430FC9 |. E8 10220000
fo.004331DE
00430FCE |. 59
00430FCF |. 5F
00430FD0 |. 5E
00430FD1 |. 5B
00430FD2 |. 5D
00430FD3 \. C3
00430FD4 /$ 8BFF
o.00430FD4(guessed Arg1)
00430FD6 |. 55
00430FD7 |. 8BEC
00430FD9 |. 53
00430FDA |. 56
00430FDB |. 8B35 30814400
00430FE1 |. 57
00430FE2 |. 8B7D 08
00430FE5 |. 57
=> [ARG.1]
00430FE6 |. FFD6
.InterlockedIncrement
00430FE8 |. 8B87 B0000000
00430FEE |. 85C0
00430FF0 |. 74 03
00430FF2 |. 50
00430FF3 |. FFD6
.InterlockedIncrement
00430FF5 |> 8B87 B8000000
00430FFB |. 85C0
00430FFD |. 74 03
00430FFF |. 50
00431000 |. FFD6
.InterlockedIncrement
00431002 |> 8B87 B4000000
00431008 |. 85C0
0043100A |. 74 03
0043100C |. 50
0043100D |. FFD6
.InterlockedIncrement
0043100F |> 8B87 C0000000
00431015 |. 85C0
00431017 |. 74 03
00431019 |. 50
0043101A |. FFD6
.InterlockedIncrement

|CMP DWORD PTR DS:[EDI-4],EBX


|JE SHORT 00430FC0
|MOV EAX,DWORD PTR DS:[EDI+4]
|CMP EAX,EBX
|JE SHORT 00430FC0
|CMP DWORD PTR DS:[EAX],EBX
|JNE SHORT 00430FC0
|PUSH EAX
|CALL 004331DE

; /Arg1
; \SystemIn

|POP
|ADD
|DEC
\JNE
PUSH
CALL

; /Arg1
; \SystemIn

ECX
EDI,10
DWORD PTR SS:[ARG.1]
SHORT 00430F8F
ESI
004331DE

POP ECX
POP EDI
POP ESI
POP EBX
POP EBP
RETN
MOV EDI,EDI

; SystemInf

PUSH EBP
MOV EBP,ESP
PUSH EBX
PUSH ESI
MOV ESI,DWORD PTR DS:[<&KERNEL32.Interlo
PUSH EDI
MOV EDI,DWORD PTR SS:[ARG.1]
PUSH EDI
; /pTarget
CALL ESI

; \KERNEL32

MOV EAX,DWORD PTR DS:[EDI+0B0]


TEST EAX,EAX
JE SHORT 00430FF5
PUSH EAX
CALL ESI

; /pTarget
; \KERNEL32

MOV EAX,DWORD PTR DS:[EDI+0B8]


TEST EAX,EAX
JE SHORT 00431002
PUSH EAX
CALL ESI

; /pTarget
; \KERNEL32

MOV EAX,DWORD PTR DS:[EDI+0B4]


TEST EAX,EAX
JE SHORT 0043100F
PUSH EAX
CALL ESI

; /pTarget
; \KERNEL32

MOV EAX,DWORD PTR DS:[EDI+0C0]


TEST EAX,EAX
JE SHORT 0043101C
PUSH EAX
CALL ESI

; /pTarget
; \KERNEL32

0043101C |> 8D5F 50


0043101F |. C745 08 06000
00431026 |> 817B F8 001D4
0043102D |. 74 09
0043102F |. 8B03
00431031 |. 85C0
00431033 |. 74 03
00431035 |. 50
00431036 |. FFD6
.InterlockedIncrement
00431038 |> 837B FC 00
0043103C |. 74 0A
0043103E |. 8B43 04
00431041 |. 85C0
00431043 |. 74 03
00431045 |. 50
00431046 |. FFD6
.InterlockedIncrement
00431048 |> 83C3 10
0043104B |. FF4D 08
0043104E |.^ 75 D6
00431050 |. 8B87 D4000000
00431056 |. 05 B4000000
0043105B |. 50
0043105C |. FFD6
.InterlockedIncrement
0043105E |. 5F
0043105F |. 5E
00431060 |. 5B
00431061 |. 5D
00431062 \. C3
00431063 /$ 8BFF
o.00431063(guessed Arg1)
00431065 |. 55
00431066 |. 8BEC
00431068 |. 57
00431069 |. 8B7D 08
0043106C |. 85FF
0043106E |. 0F84 83000000
00431074 |. 53
00431075 |. 56
00431076 |. 8B35 34814400
0043107C |. 57
=> [ARG.1]
0043107D |. FFD6
.InterlockedDecrement
0043107F |. 8B87 B0000000
00431085 |. 85C0
00431087 |. 74 03
00431089 |. 50
0043108A |. FFD6
.InterlockedDecrement
0043108C |> 8B87 B8000000
00431092 |. 85C0
00431094 |. 74 03
00431096 |. 50
00431097 |. FFD6
.InterlockedDecrement
00431099 |> 8B87 B4000000
0043109F |. 85C0

LEA EBX,[EDI+50]
MOV DWORD PTR SS:[ARG.1],6
/CMP DWORD PTR DS:[EBX-8],OFFSET 00451D0
|JE SHORT 00431038
|MOV EAX,DWORD PTR DS:[EBX]
|TEST EAX,EAX
|JE SHORT 00431038
|PUSH EAX
; /pTarget
|CALL ESI
; \KERNEL32
|CMP DWORD PTR DS:[EBX-4],0
|JE SHORT 00431048
|MOV EAX,DWORD PTR DS:[EBX+4]
|TEST EAX,EAX
|JE SHORT 00431048
|PUSH EAX
|CALL ESI

; /pTarget
; \KERNEL32

|ADD EBX,10
|DEC DWORD PTR SS:[ARG.1]
\JNE SHORT 00431026
MOV EAX,DWORD PTR DS:[EDI+0D4]
ADD EAX,0B4
PUSH EAX
CALL ESI

; /pTarget
; \KERNEL32

POP EDI
POP ESI
POP EBX
POP EBP
RETN
MOV EDI,EDI

; SystemInf

PUSH EBP
MOV EBP,ESP
PUSH EDI
MOV EDI,DWORD PTR SS:[ARG.1]
TEST EDI,EDI
JE 004310F7
PUSH EBX
PUSH ESI
MOV ESI,DWORD PTR DS:[<&KERNEL32.Interlo
PUSH EDI
; /pTarget
CALL ESI

; \KERNEL32

MOV EAX,DWORD PTR DS:[EDI+0B0]


TEST EAX,EAX
JE SHORT 0043108C
PUSH EAX
CALL ESI

; /pTarget
; \KERNEL32

MOV EAX,DWORD PTR DS:[EDI+0B8]


TEST EAX,EAX
JE SHORT 00431099
PUSH EAX
CALL ESI

; /pTarget
; \KERNEL32

MOV EAX,DWORD PTR DS:[EDI+0B4]


TEST EAX,EAX

004310A1 |. 74 03
004310A3 |. 50
004310A4 |. FFD6
.InterlockedDecrement
004310A6 |> 8B87 C0000000
004310AC |. 85C0
004310AE |. 74 03
004310B0 |. 50
004310B1 |. FFD6
.InterlockedDecrement
004310B3 |> 8D5F 50
004310B6 |. C745 08 06000
004310BD |> 817B F8 001D4
004310C4 |. 74 09
004310C6 |. 8B03
004310C8 |. 85C0
004310CA |. 74 03
004310CC |. 50
004310CD |. FFD6
.InterlockedDecrement
004310CF |> 837B FC 00
004310D3 |. 74 0A
004310D5 |. 8B43 04
004310D8 |. 85C0
004310DA |. 74 03
004310DC |. 50
004310DD |. FFD6
.InterlockedDecrement
004310DF |> 83C3 10
004310E2 |. FF4D 08
004310E5 |.^ 75 D6
004310E7 |. 8B87 D4000000
004310ED |. 05 B4000000
004310F2 |. 50
004310F3 |. FFD6
.InterlockedDecrement
004310F5 |. 5E
004310F6 |. 5B
004310F7 |> 8BC7
004310F9 |. 5F
004310FA |. 5D
004310FB \. C3
004310FC /$ 8BFF
004310FE |. 56
004310FF |. 8BF1
00431101 |. 85F6
00431103 |. 74 1B
00431105 |. 85C0
00431107 |. 74 17
00431109 |. 3BC6
0043110B |. 74 13
0043110D |. 57
0043110E |. 6A 36
00431110 |. 59
00431111 |. 8BF8
00431113 |. F3:A5
00431115 |. 8320 00
00431118 |. 50
ARG.EAX
00431119 |. E8 B6FEFFFF

JE SHORT 004310A6
PUSH EAX
CALL ESI

; /pTarget
; \KERNEL32

MOV EAX,DWORD PTR DS:[EDI+0C0]


TEST EAX,EAX
JE SHORT 004310B3
PUSH EAX
CALL ESI

; /pTarget
; \KERNEL32

LEA EBX,[EDI+50]
MOV DWORD PTR SS:[ARG.1],6
/CMP DWORD PTR DS:[EBX-8],OFFSET 00451D0
|JE SHORT 004310CF
|MOV EAX,DWORD PTR DS:[EBX]
|TEST EAX,EAX
|JE SHORT 004310CF
|PUSH EAX
; /pTarget
|CALL ESI
; \KERNEL32
|CMP DWORD PTR DS:[EBX-4],0
|JE SHORT 004310DF
|MOV EAX,DWORD PTR DS:[EBX+4]
|TEST EAX,EAX
|JE SHORT 004310DF
|PUSH EAX
|CALL ESI

; /pTarget
; \KERNEL32

|ADD EBX,10
|DEC DWORD PTR SS:[ARG.1]
\JNE SHORT 004310BD
MOV EAX,DWORD PTR DS:[EDI+0D4]
ADD EAX,0B4
PUSH EAX
CALL ESI

; /pTarget
; \KERNEL32

POP ESI
POP EBX
MOV EAX,EDI
POP EDI
POP EBP
RETN
MOV EDI,EDI
PUSH ESI
MOV ESI,ECX
TEST ESI,ESI
JE SHORT 00431120
TEST EAX,EAX
JE SHORT 00431120
CMP EAX,ESI
JE SHORT 00431120
PUSH EDI
PUSH 36
POP ECX
MOV EDI,EAX
REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS
AND DWORD PTR DS:[EAX],00000000
PUSH EAX
; /Arg1 =>
CALL 00430FD4

; \SystemIn

fo.00430FD4
0043111E |. 59
0043111F |. 5F
00431120 |> 5E
00431121 \. C3
00431122 /$ 85FF
00431124 |. 74 37
00431126 |. 85C0
00431128 |. 74 33
0043112A |. 56
0043112B |. 8B30
0043112D |. 3BF7
0043112F |. 74 28
00431131 |. 57
ARG.EDI
00431132 |. 8938
00431134 |. E8 9BFEFFFF
fo.00430FD4
00431139 |. 59
0043113A |. 85F6
0043113C |. 74 1B
0043113E |. 56
[ARG.EAX]
0043113F |. E8 1FFFFFFF
fo.00431063
00431144 |. 833E 00
00431147 |. 59
00431148 |. 75 0F
0043114A |. 81FE 081D4500
00431150 |. 74 07
00431152 |. 56
00431153 |. E8 33FDFFFF
00431158 |. 59
00431159 |> 8BC7
0043115B |. 5E
0043115C |. C3
0043115D |> 33C0
0043115F \. C3
00431160 /$ 6A 0C
o.00431160(guessed void)
00431162 |. 68 88EF4400
00431167 |. E8 80780000
0043116C |. E8 A1410000
fo.00435312
00431171 |. 8BF0
00431173 |. A1 F81C4500
00431178 |. 8546 70
0043117B |. 74 22
0043117D |. 837E 6C 00
00431181 |. 74 1C
00431183 |. E8 8A410000
fo.00435312
00431188 |. 8B70 6C
0043118B |> 85F6
0043118D |. 75 08
0043118F |. 6A 20
0
00431191 |. E8 4D750000
fo.004386E3
00431196 |. 59

POP ECX
POP EDI
POP ESI
RETN
TEST EDI,EDI
JE SHORT 0043115D
TEST EAX,EAX
JE SHORT 0043115D
PUSH ESI
MOV ESI,DWORD PTR DS:[EAX]
CMP ESI,EDI
JE SHORT 00431159
PUSH EDI

; /Arg1 =>

MOV DWORD PTR DS:[EAX],EDI


CALL 00430FD4

; |
; \SystemIn

POP ECX
TEST ESI,ESI
JE SHORT 00431159
PUSH ESI

; /Arg1 =>

CALL 00431063

; \SystemIn

CMP DWORD PTR DS:[ESI],0


POP ECX
JNE SHORT 00431159
CMP ESI,OFFSET 00451D08
JE SHORT 00431159
PUSH ESI
CALL 00430E8B
POP ECX
MOV EAX,EDI
POP ESI
RETN
XOR EAX,EAX
RETN
PUSH 0C

; SystemInf

PUSH OFFSET 0044EF88


CALL 004389EC
CALL 00435312

; [SystemIn

MOV ESI,EAX
MOV EAX,DWORD PTR DS:[451CF8]
TEST DWORD PTR DS:[ESI+70],EAX
JE SHORT 0043119F
CMP DWORD PTR DS:[ESI+6C],0
JE SHORT 0043119F
CALL 00435312

; [SystemIn

MOV ESI,DWORD PTR DS:[EAX+6C]


TEST ESI,ESI
JNE SHORT 00431197
PUSH 20

; /Arg1 = 2

CALL 004386E3

; \SystemIn

POP ECX

00431197 |> 8BC6


00431199 |. E8 93780000
0043119E |. C3
0043119F |> 6A 0C
C
004311A1 |. E8 DA740000
fo.00438680
004311A6 |. 59
004311A7 |. 8365 FC 00
004311AB |. 8D46 6C
004311AE |. 8B3D E01D4500
004311B4 |. E8 69FFFFFF
004311B9 |. 8945 E4
004311BC |. C745 FC FEFFF
004311C3 |. E8 02000000
004311C8 \.^ EB C1
004311CA /$ 6A 0C
C
004311CC |. E8 D5730000
fo.004385A6
004311D1 |. 59
004311D2 |. 8B75 E4
004311D5 \. C3
004311D6 /$ A1 E01D4500
004311DB |. 8B48 04
004311DE |. 890D 60304500
004311E4 |. 8B48 08
004311E7 |. 890D 64304500
004311ED |. 8B88 A8000000
004311F3 |. 890D E41D4500
004311F9 |. 8B88 D4000000
004311FF |. 890D D81E4500
00431205 |. 8B88 BC000000
0043120B |. 890D 14164500
00431211 |. 8B88 C8000000
00431217 |. 890D C0174500
0043121D |. 8B80 AC000000
00431223 |. A3 04204500
00431228 \. C3
00431229 /$ 6A 08
0043122B |. 68 A8EF4400
00431230 |. E8 B7770000
00431235 |. 8B75 08
00431238 |. 85F6
0043123A |. 0F84 8D000000
00431240 |. 6A 0D
D
00431242 |. E8 39740000
fo.00438680
00431247 |. 59
00431248 |. 8365 FC 00
0043124C |. 8B46 04
0043124F |. 85C0
00431251 |. 74 1C
00431253 |. 50
00431254 |. FF15 34814400
.InterlockedDecrement
0043125A |. 85C0
0043125C |. 75 11
0043125E |. 8B46 04

MOV EAX,ESI
CALL 00438A31
RETN
PUSH 0C

; /Arg1 = 0

CALL 00438680

; \SystemIn

POP ECX
AND DWORD PTR SS:[EBP-4],00000000
LEA EAX,[ESI+6C]
MOV EDI,DWORD PTR DS:[451DE0]
CALL 00431122
MOV DWORD PTR SS:[EBP-1C],EAX
MOV DWORD PTR SS:[EBP-4],-2
CALL 004311CA
JMP SHORT 0043118B
PUSH 0C

; /Arg1 = 0

CALL 004385A6

; \SystemIn

POP ECX
MOV ESI,DWORD PTR SS:[EBP-1C]
RETN
MOV EAX,DWORD PTR DS:[451DE0]
MOV ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR DS:[453060],ECX
MOV ECX,DWORD PTR DS:[EAX+8]
MOV DWORD PTR DS:[453064],ECX
MOV ECX,DWORD PTR DS:[EAX+0A8]
MOV DWORD PTR DS:[451DE4],ECX
MOV ECX,DWORD PTR DS:[EAX+0D4]
MOV DWORD PTR DS:[451ED8],ECX
MOV ECX,DWORD PTR DS:[EAX+0BC]
MOV DWORD PTR DS:[451614],ECX
MOV ECX,DWORD PTR DS:[EAX+0C8]
MOV DWORD PTR DS:[4517C0],ECX
MOV EAX,DWORD PTR DS:[EAX+0AC]
MOV DWORD PTR DS:[452004],EAX
RETN
PUSH 8
PUSH OFFSET 0044EFA8
CALL 004389EC
MOV ESI,DWORD PTR SS:[EBP+8]
TEST ESI,ESI
JE 004312CD
PUSH 0D

; /Arg1 = 0

CALL 00438680

; \SystemIn

POP ECX
AND DWORD PTR SS:[EBP-4],00000000
MOV EAX,DWORD PTR DS:[ESI+4]
TEST EAX,EAX
JE SHORT 0043126F
PUSH EAX
; /pTarget
CALL DWORD PTR DS:[<&KERNEL32.Interlocke ; \KERNEL32
TEST EAX,EAX
JNE SHORT 0043126F
MOV EAX,DWORD PTR DS:[ESI+4]

00431261 |.
00431266 |.
00431268 |.
00431269 |.
fo.004331DE
0043126E |.
0043126F |>
00431276 |.
0043127B |.
0043127E |.
00431280 |.
C
00431282 |.
fo.00438680
00431287 |.
00431288 |.
0043128F |.
00431291 |.
fo.00431063
00431296 |.
00431297 |.
00431299 |.
0043129B |.
0043129D |.
004312A0 |.
004312A2 |.
004312A7 |.
004312A9 |.
004312AA |.
004312AF |.
004312B0 |>
004312B7 |.
004312BC |>
004312C1 |.
004312C3 |.
004312C6 |.
004312C7 |.
fo.004331DE
004312CC |.
004312CD |>
004312D2 \.
004312D3
004312D4
004312D5
004312D6 /$
D
004312D8 |.
fo.004385A6
004312DD |.
004312DE \.
004312DF
004312E0
004312E1
004312E2 /$
C
004312E4 |.
fo.004385A6
004312E9 |.
004312EA \.
004312EB /$

3D D8174500
74 07
50
E8 701F0000

CMP EAX,OFFSET 004517D8


JE SHORT 0043126F
PUSH EAX
CALL 004331DE

; /Arg1
; \SystemIn

59
C745 FC FEFFF
E8 5B000000
833E 00
74 3C
6A 0C

POP ECX
MOV DWORD PTR SS:[EBP-4],-2
CALL 004312D6
CMP DWORD PTR DS:[ESI],0
JE SHORT 004312BC
PUSH 0C

; /Arg1 = 0

E8 F9730000

CALL 00438680

; \SystemIn

59
C745 FC 01000
FF36
E8 CDFDFFFF

POP ECX
MOV DWORD PTR SS:[EBP-4],1
PUSH DWORD PTR DS:[ESI]
CALL 00431063

; /Arg1
; \SystemIn

59
8B06
85C0
74 13
8338 00
75 0E
3D 081D4500
74 07
50
E8 DCFBFFFF
59
C745 FC FEFFF
E8 26000000
B8 0DF0ADBA
8906
8946 04
56
E8 121F0000

POP ECX
MOV EAX,DWORD PTR DS:[ESI]
TEST EAX,EAX
JE SHORT 004312B0
CMP DWORD PTR DS:[EAX],0
JNE SHORT 004312B0
CMP EAX,OFFSET 00451D08
JE SHORT 004312B0
PUSH EAX
CALL 00430E8B
POP ECX
MOV DWORD PTR SS:[EBP-4],-2
CALL 004312E2
MOV EAX,BAADF00D
MOV DWORD PTR DS:[ESI],EAX
MOV DWORD PTR DS:[ESI+4],EAX
PUSH ESI
CALL 004331DE

; /Arg1
; \SystemIn

59
E8 5F770000
C3
8B
75
08
6A 0D

POP ECX
CALL 00438A31
RETN
DB 8B
DB 75
DB 08
PUSH 0D

; CHAR 'u'
; Backspace
; /Arg1 = 0

E8 C9720000

CALL 004385A6

; \SystemIn

59
C3
8B
75
08
6A 0C

POP ECX
RETN
DB 8B
DB 75
DB 08
PUSH 0C

; CHAR 'u'
; Backspace
; /Arg1 = 0

E8 BD720000

CALL 004385A6

; \SystemIn

59
C3
8BFF

POP ECX
RETN
MOV EDI,EDI

004312ED |. 55
PUSH EBP
004312EE |. 8BEC
MOV EBP,ESP
004312F0 |. 53
PUSH EBX
004312F1 |. 57
PUSH EDI
004312F2 |. 8B7D 10
MOV EDI,DWORD PTR SS:[ARG.3]
004312F5 |. 33DB
XOR EBX,EBX
004312F7 |. 3BFB
CMP EDI,EBX
004312F9 |. 7E 2C
JLE SHORT 00431327
004312FB |. 56
PUSH ESI
004312FC |. 8D75 10
LEA ESI,[ARG.3]
004312FF |> 83C6 04
/ADD ESI,4
00431302 |. FF36
|PUSH DWORD PTR DS:[ESI]
00431304 |. FF75 0C
|PUSH DWORD PTR SS:[ARG.2]
[ARG.2]
00431307 |. FF75 08
|PUSH DWORD PTR SS:[ARG.1]
[ARG.1]
0043130A |. E8 CD780000 |CALL 00438BDC
fo.00438BDC
0043130F |. 83C4 0C
|ADD ESP,0C
00431312 |. 85C0
|TEST EAX,EAX
00431314 |. 74 0D
|JE SHORT 00431323
00431316 |. 53
|PUSH EBX
00431317 |. 53
|PUSH EBX
00431318 |. 53
|PUSH EBX
00431319 |. 53
|PUSH EBX
0043131A |. 53
|PUSH EBX
0043131B |. E8 1AD4FFFF |CALL 0042E73A
00431320 |. 83C4 14
|ADD ESP,14
00431323 |> 4F
|DEC EDI
00431324 |.^ 75 D9
\JNE SHORT 004312FF
00431326 |. 5E
POP ESI
00431327 |> 5F
POP EDI
00431328 |. 5B
POP EBX
00431329 |. 5D
POP EBP
0043132A \. C3
RETN
0043132B /$ 8BFF
MOV EDI,EDI
o.0043132B(guessed Arg1,Arg2)
0043132D |. 55
PUSH EBP
0043132E |. 8BEC
MOV EBP,ESP
00431330 |. 53
PUSH EBX
00431331 |. 56
PUSH ESI
00431332 |. 57
PUSH EDI
00431333 |. 8B7D 08
MOV EDI,DWORD PTR SS:[ARG.1]
00431336 |. 68 90000000 PUSH 90
0
0043133B |. 33DB
XOR EBX,EBX
0043133D |. 53
PUSH EBX
0
0043133E |. 57
PUSH EDI
[ARG.1]
0043133F |. E8 5CD5FFFF CALL 0042E8A0
fo.0042E8A0
00431344 |. 8B75 0C
MOV ESI,DWORD PTR SS:[ARG.2]
00431347 |. 8A06
MOV AL,BYTE PTR DS:[ESI]
00431349 |. 83C4 0C
ADD ESP,0C
0043134C |. 84C0
TEST AL,AL
0043134E |. 75 07
JNE SHORT 00431357
00431350 |> 33C0
XOR EAX,EAX
00431352 |. E9 F8000000 JMP 0043144F
00431357 |> 3C 2E
CMP AL,2E

; /Arg3
; |Arg2 =>
; |Arg1 =>
; \SystemIn

; SystemInf

; /Arg3 = 9
; |
; |Arg2 =>
; |Arg1 =>
; \SystemIn

00431359 |.
0043135B |.
0043135E |.
00431360 |.
00431362 |.
F
00431364 |.
00431365 |.
0043136B |.
0
0043136D |.
0043136E |.
fo.00438C50
00431373 |.
00431376 |.
00431378 |.
0043137A |.
0043137B |.
0043137C |.
0043137D |.
0043137E |.
0043137F |.
00431384 |.
00431387 |>
0043138D |.^
0043138F |>
SCII "_.,"
00431394 |.
[ARG.2]
00431395 |.
00431398 |.
fo.0042F680
0043139D |.
0043139F |.
004313A4 |>
004313A8 |.
004313AB |.
004313AD |.
004313AF |.
004313B2 |.
004313B8 |.
004313BB |.
004313C1 |.
004313C2 |.
004313C3 |.
004313C5 |.
004313C8 |.
004313CA |>
004313CE |.
004313D0 |.
004313D3 |.
004313D5 |.
004313D8 |.
004313DA |.
004313DB |.
004313DE |.
004313DF |.
004313E1 |.
004313E4 |.
004313E6 |>

75 34
8D46 01
3818
74 2D
6A 0F

JNE SHORT 0043138F


LEA EAX,[ESI+1]
CMP BYTE PTR DS:[EAX],BL
JE SHORT 0043138F
PUSH 0F

; /Arg4 = 0

50
PUSH EAX
8D87 80000000 LEA EAX,[EDI+80]
6A 10
PUSH 10

; |Arg3
; |
; |Arg2 = 1

50
E8 DD780000

PUSH EAX
CALL 00438C50

; |Arg1
; \SystemIn

83C4 10
85C0
74 0D
53
53
53
53
53
E8 B6D3FFFF
83C4 14
889F 8F000000
EB C1
68 009F4400

ADD ESP,10
TEST EAX,EAX
JE SHORT 00431387
PUSH EBX
PUSH EBX
PUSH EBX
PUSH EBX
PUSH EBX
CALL 0042E73A
ADD ESP,14
MOV BYTE PTR DS:[EDI+8F],BL
JMP SHORT 00431350
PUSH OFFSET 00449F00

; /Arg2 = A

56

PUSH ESI

; |Arg1 =>

895D 0C
E8 E3E2FFFF

MOV DWORD PTR SS:[ARG.2],EBX


CALL 0042F680

; |
; \SystemIn

3BC3
E9 A0000000
837D 0C 00
8D3C30
8A1F
75 1B
83F8 40
0F83 94000000
80FB 2E
0F84 8B000000
50
56
6A 40
FF75 08
EB 3B
837D 0C 01
75 16
83F8 40
73 77
80FB 5F
74 72
50
8B45 08
56
6A 40
83C0 40
EB 1E
837D 0C 02

CMP EAX,EBX
JMP 00431444
/CMP DWORD PTR SS:[ARG.2],0
|LEA EDI,[ESI+EAX]
|MOV BL,BYTE PTR DS:[EDI]
|JNE SHORT 004313CA
|CMP EAX,40
|JNB 0043144C
|CMP BL,2E
|JE 0043144C
|PUSH EAX
|PUSH ESI
|PUSH 40
|PUSH DWORD PTR SS:[ARG.1]
|JMP SHORT 00431405
|CMP DWORD PTR SS:[ARG.2],1
|JNE SHORT 004313E6
|CMP EAX,40
|JNB SHORT 0043144C
|CMP BL,5F
|JE SHORT 0043144C
|PUSH EAX
|MOV EAX,DWORD PTR SS:[ARG.1]
|PUSH ESI
|PUSH 40
|ADD EAX,40
|JMP SHORT 00431404
|CMP DWORD PTR SS:[ARG.2],2

004313EA |. 75 60
|JNE SHORT 0043144C
004313EC |. 83F8 10
|CMP EAX,10
004313EF |. 73 5B
|JNB SHORT 0043144C
004313F1 |. 84DB
|TEST BL,BL
004313F3 |. 74 05
|JE SHORT 004313FA
004313F5 |. 80FB 2C
|CMP BL,2C
004313F8 |. 75 52
|JNE SHORT 0043144C
004313FA |> 50
|PUSH EAX
004313FB |. 8B45 08
|MOV EAX,DWORD PTR SS:[ARG.1]
004313FE |. 56
|PUSH ESI
004313FF |. 6A 10
|PUSH 10
00431401 |. 83E8 80
|SUB EAX,-80
00431404 |> 50
|PUSH EAX
00431405 |> E8 46780000 |CALL 00438C50
fo.00438C50
0043140A |. 83C4 10
|ADD ESP,10
0043140D |. 85C0
|TEST EAX,EAX
0043140F |. 74 0F
|JE SHORT 00431420
00431411 |. 33C0
|XOR EAX,EAX
00431413 |. 50
|PUSH EAX
00431414 |. 50
|PUSH EAX
00431415 |. 50
|PUSH EAX
00431416 |. 50
|PUSH EAX
00431417 |. 50
|PUSH EAX
00431418 |. E8 1DD3FFFF |CALL 0042E73A
0043141D |. 83C4 14
|ADD ESP,14
00431420 |> 80FB 2C
|CMP BL,2C
00431423 |.^ 0F84 27FFFFFF |JE 00431350
00431429 |. 84DB
|TEST BL,BL
0043142B |.^ 0F84 1FFFFFFF |JE 00431350
00431431 |. FF45 0C
|INC DWORD PTR SS:[ARG.2]
00431434 |. 8D77 01
|LEA ESI,[EDI+1]
00431437 |. 68 009F4400 |PUSH OFFSET 00449F00
SCII "_.,"
0043143C |. 56
|PUSH ESI
0043143D |. E8 3EE2FFFF |CALL 0042F680
fo.0042F680
00431442 |. 85C0
|TEST EAX,EAX
00431444 |> 59
|POP ECX
00431445 |. 59
|POP ECX
00431446 |.^ 0F85 58FFFFFF \JNE 004313A4
0043144C |> 83C8 FF
OR EAX,FFFFFFFF
0043144F |> 5F
POP EDI
00431450 |. 5E
POP ESI
00431451 |. 5B
POP EBX
00431452 |. 5D
POP EBP
00431453 \. C3
RETN
00431454 /$ 8BFF
MOV EDI,EDI
o.00431454(guessed Arg1,Arg2,Arg3)
00431456 |. 55
PUSH EBP
00431457 |. 8BEC
MOV EBP,ESP
00431459 |. 53
PUSH EBX
0043145A |. 56
PUSH ESI
0043145B |. 8B75 10
MOV ESI,DWORD PTR SS:[ARG.3]
0043145E |. 56
PUSH ESI
[ARG.3]
0043145F |. FF75 0C
PUSH DWORD PTR SS:[ARG.2]
[ARG.2]
00431462 |. FF75 08
PUSH DWORD PTR SS:[ARG.1]
[ARG.1]

; \SystemIn

; /Arg2 = A
; |Arg1
; \SystemIn

; SystemInf

; /Arg3 =>
; |Arg2 =>
; |Arg1 =>

00431465 |.
fo.0043597F
0043146A |.
0043146D |.
0043146F |.
00431471 |.
00431473 |.
00431474 |.
00431475 |.
00431476 |.
00431477 |.
00431478 |.
0043147D |.
00431480 |>
00431483 |.
00431485 |.
00431487 |.
00431488 |.
0043148D |.
0043148F |.
00431492 |.
00431495 |.
0043149A |.
0043149D |>
004314A3 |.
004314A5 |.
004314A6 |.
004314A7 |.
004314A9 |.
004314AA |.
004314AF |.
004314B1 |.
004314B4 |.
004314B7 |.
004314BC |.
004314BF |>
004314C0 \.
004314C1 /$
004314C3 |.
004314C4 |.
004314C6 |.
004314C9 |.
004314CA |.
004314CC |.
004314CD |.
55
004314D2 |.
004314D5 |.
fo.00434E13
004314DA |.
004314DB |.
004314DE |.
004314E0 |.
004314E6 |.
004314E7 |.
004314EA |.
004314ED |.
004314EF |.
004314F2 |.
004314F5 |.

E8 15450000

CALL 0043597F

; \SystemIn

83C4 0C
33DB
85C0
74 0D
53
53
53
53
53
E8 BDD2FFFF
83C4 14
8D46 40
3818
74 16
50
68 049F4400
6A 02
FF75 0C
FF75 08
E8 51FEFFFF
83C4 14
8D86 80000000
3818
5E
5B
74 16
50
68 D0914400
6A 02
FF75 0C
FF75 08
E8 2FFEFFFF
83C4 14
5D
C3
8BFF
55
8BEC
83EC 14
53
33DB
43
68 55030000

ADD ESP,0C
XOR EBX,EBX
TEST EAX,EAX
JE SHORT 00431480
PUSH EBX
PUSH EBX
PUSH EBX
PUSH EBX
PUSH EBX
CALL 0042E73A
ADD ESP,14
LEA EAX,[ESI+40]
CMP BYTE PTR DS:[EAX],BL
JE SHORT 0043149D
PUSH EAX
PUSH OFFSET 00449F04
PUSH 2
PUSH DWORD PTR SS:[ARG.2]
PUSH DWORD PTR SS:[ARG.1]
CALL 004312EB
ADD ESP,14
LEA EAX,[ESI+80]
CMP BYTE PTR DS:[EAX],BL
POP ESI
POP EBX
JE SHORT 004314BF
PUSH EAX
PUSH OFFSET 004491D0
PUSH 2
PUSH DWORD PTR SS:[ARG.2]
PUSH DWORD PTR SS:[ARG.1]
CALL 004312EB
ADD ESP,14
POP EBP
RETN
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
SUB ESP,14
PUSH EBX
XOR EBX,EBX
INC EBX
PUSH 355

; /Arg1 = 3

895D F0
E8 39390000

MOV DWORD PTR SS:[LOCAL.4],EBX


CALL 00434E13

; |
; \SystemIn

59
8945
85C0
0F84
57
8D78
C607
8918
895D
8D5E
8D43

POP ECX
MOV DWORD PTR SS:[LOCAL.5],EAX
TEST EAX,EAX
55010000 JE 0043163B
PUSH EDI
04
LEA EDI,[EAX+4]
00
MOV BYTE PTR DS:[EDI],0
MOV DWORD PTR DS:[EAX],EBX
F8
MOV DWORD PTR SS:[LOCAL.2],EBX
10
LEA EBX,[ESI+10]
48
LEA EAX,[EBX+48]
EC

004314F8 |. FF30
004314FA |. 8945 F4
004314FD |. 68 0C9F4400
00431502 |. FF35 449E4400
_COLLATE"
00431508 |. 6A 03
0043150A |. 68 51030000
0043150F |. 57
00431510 |. E8 D6FDFFFF
00431515 |. 8B45 F4
00431518 |. 83C4 18
0043151B |. 8945 F4
0043151E |. C745 FC 449E4
CII "LC_COLLATE"
00431525 |> 68 089F4400
ystemInfo.449F08
0043152A |. 68 51030000
51
0043152F |. 57
00431530 |. E8 A7760000
fo.00438BDC
00431535 |. 83C4 0C
00431538 |. 85C0
0043153A |. 74 0F
0043153C |. 33C0
0043153E |. 50
0043153F |. 50
00431540 |. 50
00431541 |. 50
00431542 |. 50
00431543 |. E8 F2D1FFFF
00431548 |. 83C4 14
0043154B |> FF73 58
0043154E |. 8B45 F4
00431551 |. FF30
00431553 |. E8 28D4FFFF
fo.0042E980
00431558 |. 59
00431559 |. 59
0043155A |. 85C0
0043155C |. 74 04
0043155E |. 8365 F0 00
00431562 |> FF45 F8
00431565 |. 8B45 F8
00431568 |. 8345 FC 0C
0043156C |. C1E0 04
0043156F |. 8D1C30
00431572 |. 8D43 48
00431575 |. FF30
00431577 |. 8945 F4
0043157A |. 8B45 FC
0043157D |. 68 0C9F4400
00431582 |. FF30
00431584 |. 6A 03
00431586 |. 68 51030000
0043158B |. 57
0043158C |. E8 5AFDFFFF
00431591 |. 83C4 18
00431594 |. 817D FC 749E4
CII "LC_TIME"

PUSH DWORD PTR DS:[EAX]


MOV DWORD PTR SS:[LOCAL.3],EAX
PUSH OFFSET 00449F0C
PUSH DWORD PTR DS:[449E44]

; ASCII "LC

PUSH 3
PUSH 351
PUSH EDI
CALL 004312EB
MOV EAX,DWORD PTR SS:[LOCAL.3]
ADD ESP,18
MOV DWORD PTR SS:[LOCAL.3],EAX
MOV DWORD PTR SS:[LOCAL.1],OFFSET 00449E ; PTR to AS
/PUSH OFFSET 00449F08

; /Arg3 = S

|PUSH 351

; |Arg2 = 3

|PUSH EDI
|CALL 00438BDC

; |Arg1
; \SystemIn

|ADD ESP,0C
|TEST EAX,EAX
|JE SHORT 0043154B
|XOR EAX,EAX
|PUSH EAX
|PUSH EAX
|PUSH EAX
|PUSH EAX
|PUSH EAX
|CALL 0042E73A
|ADD ESP,14
|PUSH DWORD PTR DS:[EBX+58]
|MOV EAX,DWORD PTR SS:[LOCAL.3]
|PUSH DWORD PTR DS:[EAX]
|CALL 0042E980

;
;
;
;

/Arg2
|
|Arg1
\SystemIn

|POP ECX
|POP ECX
|TEST EAX,EAX
|JE SHORT 00431562
|AND DWORD PTR SS:[LOCAL.4],00000000
|INC DWORD PTR SS:[LOCAL.2]
|MOV EAX,DWORD PTR SS:[LOCAL.2]
|ADD DWORD PTR SS:[LOCAL.1],0C
|SHL EAX,4
|LEA EBX,[ESI+EAX]
|LEA EAX,[EBX+48]
|PUSH DWORD PTR DS:[EAX]
|MOV DWORD PTR SS:[LOCAL.3],EAX
|MOV EAX,DWORD PTR SS:[LOCAL.1]
|PUSH OFFSET 00449F0C
|PUSH DWORD PTR DS:[EAX]
|PUSH 3
|PUSH 351
|PUSH EDI
|CALL 004312EB
|ADD ESP,18
|CMP DWORD PTR SS:[LOCAL.1],OFFSET 00449 ; PTR to AS

0043159B |.^ 7C 88
0043159D |. 837D F0 00
004315A1 |. 75 49
004315A3 |. 8B46 50
004315A6 |. 8B1D 34814400
004315AC |. 85C0
004315AE |. 74 10
004315B0 |. 50
004315B1 |. FFD3
.InterlockedDecrement
004315B3 |. 85C0
004315B5 |. 75 09
004315B7 |. FF76 50
004315BA |. E8 1F1C0000
fo.004331DE
004315BF |. 59
004315C0 |> 8B46 54
004315C3 |. 85C0
004315C5 |. 74 10
004315C7 |. 50
004315C8 |. FFD3
004315CA |. 85C0
004315CC |. 75 09
004315CE |. FF76 54
004315D1 |. E8 081C0000
fo.004331DE
004315D6 |. 59
004315D7 |> 8B45 EC
004315DA |. 8366 54 00
004315DE |. 8366 4C 00
004315E2 |. 8946 50
004315E5 |. 897E 48
004315E8 |. 8BC7
004315EA |. EB 4E
004315EC |> FF75 EC
[LOCAL.5]
004315EF |. E8 EA1B0000
fo.004331DE
004315F4 |. 8B46 50
004315F7 |. 8B3D 34814400
004315FD |. 33DB
004315FF |. 59
00431600 |. 3BC3
00431602 |. 74 10
00431604 |. 50
00431605 |. FFD7
.InterlockedDecrement
00431607 |. 85C0
00431609 |. 75 09
0043160B |. FF76 50
0043160E |. E8 CB1B0000
fo.004331DE
00431613 |. 59
00431614 |> 8B46 54
00431617 |. 3BC3
00431619 |. 74 10
0043161B |. 50
0043161C |. FFD7
0043161E |. 85C0
00431620 |. 75 09

\JL SHORT 00431525


CMP DWORD PTR SS:[LOCAL.4],0
JNE SHORT 004315EC
MOV EAX,DWORD PTR DS:[ESI+50]
MOV EBX,DWORD PTR DS:[<&KERNEL32.Interlo
TEST EAX,EAX
JE SHORT 004315C0
PUSH EAX
; /pTarget
CALL EBX
; \KERNEL32
TEST EAX,EAX
JNE SHORT 004315C0
PUSH DWORD PTR DS:[ESI+50]
CALL 004331DE

; /Arg1
; \SystemIn

POP ECX
MOV EAX,DWORD PTR DS:[ESI+54]
TEST EAX,EAX
JE SHORT 004315D7
PUSH EAX
CALL EBX
TEST EAX,EAX
JNE SHORT 004315D7
PUSH DWORD PTR DS:[ESI+54]
CALL 004331DE

; /Arg1
; \SystemIn

POP ECX
MOV EAX,DWORD PTR SS:[LOCAL.5]
AND DWORD PTR DS:[ESI+54],00000000
AND DWORD PTR DS:[ESI+4C],00000000
MOV DWORD PTR DS:[ESI+50],EAX
MOV DWORD PTR DS:[ESI+48],EDI
MOV EAX,EDI
JMP SHORT 0043163A
PUSH DWORD PTR SS:[LOCAL.5]

; /Arg1 =>

CALL 004331DE

; \SystemIn

MOV EAX,DWORD PTR DS:[ESI+50]


MOV EDI,DWORD PTR DS:[<&KERNEL32.Interlo
XOR EBX,EBX
POP ECX
CMP EAX,EBX
JE SHORT 00431614
PUSH EAX
; /pTarget
CALL EDI
; \KERNEL32
TEST EAX,EAX
JNE SHORT 00431614
PUSH DWORD PTR DS:[ESI+50]
CALL 004331DE
POP ECX
MOV EAX,DWORD PTR DS:[ESI+54]
CMP EAX,EBX
JE SHORT 0043162B
PUSH EAX
CALL EDI
TEST EAX,EAX
JNE SHORT 0043162B

; /Arg1
; \SystemIn

00431622 |. FF76 54
PUSH DWORD PTR DS:[ESI+54]
00431625 |. E8 B41B0000 CALL 004331DE
fo.004331DE
0043162A |. 59
POP ECX
0043162B |> 8B46 68
MOV EAX,DWORD PTR DS:[ESI+68]
0043162E |. 895E 54
MOV DWORD PTR DS:[ESI+54],EBX
00431631 |. 895E 4C
MOV DWORD PTR DS:[ESI+4C],EBX
00431634 |. 895E 50
MOV DWORD PTR DS:[ESI+50],EBX
00431637 |. 895E 48
MOV DWORD PTR DS:[ESI+48],EBX
0043163A |> 5F
POP EDI
0043163B |> 5B
POP EBX
0043163C |. C9
LEAVE
0043163D \. C3
RETN
0043163E /$ 8BFF
MOV EDI,EDI
o.0043163E(guessed Arg1,Arg2,Arg3,Arg4,Arg5,Arg6)
00431640 |. 55
PUSH EBP
00431641 |. 8BEC
MOV EBP,ESP
00431643 |. 81EC B4000000 SUB ESP,0B4
00431649 |. A1 A0154500 MOV EAX,DWORD PTR DS:[4515A0]
0043164E |. 33C5
XOR EAX,EBP
00431650 |. 8945 FC
MOV DWORD PTR SS:[LOCAL.1],EAX
00431653 |. 8B45 0C
MOV EAX,DWORD PTR SS:[ARG.2]
00431656 |. 53
PUSH EBX
00431657 |. 56
PUSH ESI
00431658 |. 8B75 08
MOV ESI,DWORD PTR SS:[ARG.1]
0043165B |. 57
PUSH EDI
0043165C |. 8B7D 14
MOV EDI,DWORD PTR SS:[ARG.4]
0043165F |. 8985 64FFFFFF MOV DWORD PTR SS:[LOCAL.39],EAX
00431665 |. 8B45 18
MOV EAX,DWORD PTR SS:[ARG.5]
00431668 |. 89BD 5CFFFFFF MOV DWORD PTR SS:[LOCAL.41],EDI
0043166E |. 8985 60FFFFFF MOV DWORD PTR SS:[LOCAL.40],EAX
00431674 |. E8 993C0000 CALL 00435312
fo.00435312
00431679 |. 05 9C000000 ADD EAX,9C
0043167E |. 8D48 28
LEA ECX,[EAX+28]
00431681 |. 898D 54FFFFFF MOV DWORD PTR SS:[LOCAL.43],ECX
00431687 |. 8D48 2C
LEA ECX,[EAX+2C]
0043168A |. 8D58 20
LEA EBX,[EAX+20]
0043168D |. 05 AF000000 ADD EAX,0AF
00431692 |. 898D 58FFFFFF MOV DWORD PTR SS:[LOCAL.42],ECX
00431698 |. 8985 68FFFFFF MOV DWORD PTR SS:[LOCAL.38],EAX
0043169E |. 85F6
TEST ESI,ESI
004316A0 |. 0F84 B8010000 JE 0043185E
004316A6 |. 83BD 64FFFFFF CMP DWORD PTR SS:[LOCAL.39],0
004316AD |. 0F84 AB010000 JE 0043185E
004316B3 |. 837D 10 00
CMP DWORD PTR SS:[ARG.3],0
004316B7 |. 0F84 A1010000 JE 0043185E
004316BD |. 803E 43
CMP BYTE PTR DS:[ESI],43
004316C0 |. 75 57
JNE SHORT 00431719
004316C2 |. 807E 01 00
CMP BYTE PTR DS:[ESI+1],0
004316C6 |. 75 51
JNE SHORT 00431719
004316C8 |. 68 48874400 PUSH OFFSET 00448748
ystemInfo.448748
004316CD |. FF75 10
PUSH DWORD PTR SS:[ARG.3]
[ARG.3]
004316D0 |. FFB5 64FFFFFF PUSH DWORD PTR SS:[LOCAL.39]
[ARG.2]
004316D6 |. E8 A4420000 CALL 0043597F
fo.0043597F
004316DB |. 83C4 0C
ADD ESP,0C

; /Arg1
; \SystemIn

; SystemInf

; [SystemIn

; /Arg3 = S
; |Arg2 =>
; |Arg1 =>
; \SystemIn

004316DE |. 33F6
004316E0 |. 85C0
004316E2 |. 74 0D
004316E4 |. 56
004316E5 |. 56
004316E6 |. 56
004316E7 |. 56
004316E8 |. 56
004316E9 |. E8 4CD0FFFF
004316EE |. 83C4 14
004316F1 |> 3BFE
004316F3 |. 74 0D
004316F5 |. 33C0
004316F7 |. 66:8907
004316FA |. 66:8947 02
004316FE |. 66:8947 04
00431702 |> 8B85 60FFFFFF
00431708 |. 3BC6
0043170A |. 74 02
0043170C |. 8930
0043170E |> 8B85 64FFFFFF
00431714 |. E9 47010000
00431719 |> 56
0043171A |. E8 61CBFFFF
fo.0042E280
0043171F |. BF 83000000
00431724 |. 59
00431725 |. 8985 50FFFFFF
0043172B |. 3BC7
0043172D |. 73 2C
0043172F |. 56
00431730 |. FFB5 68FFFFFF
[LOCAL.38]
00431736 |. E8 45D2FFFF
fo.0042E980
0043173B |. 59
0043173C |. 59
0043173D |. 85C0
0043173F |. 0F84 B0000000
00431745 |. 56
00431746 |. FFB5 58FFFFFF
[LOCAL.42]
0043174C |. E8 2FD2FFFF
fo.0042E980
00431751 |. 59
00431752 |. 59
00431753 |. 85C0
00431755 |. 0F84 9A000000
0043175B |> 83A5 4CFFFFFF
00431762 |. 8D85 6CFFFFFF
00431768 |. 56
00431769 |. 50
OFFSET LOCAL.37
0043176A |. E8 BCFBFFFF
fo.0043132B
0043176F |. 59
00431770 |. 59
00431771 |. 85C0
00431773 |. 0F85 E5000000
00431779 |. 8D85 6CFFFFFF

XOR ESI,ESI
TEST EAX,EAX
JE SHORT 004316F1
PUSH ESI
PUSH ESI
PUSH ESI
PUSH ESI
PUSH ESI
CALL 0042E73A
ADD ESP,14
CMP EDI,ESI
JE SHORT 00431702
XOR EAX,EAX
MOV WORD PTR DS:[EDI],AX
MOV WORD PTR DS:[EDI+2],AX
MOV WORD PTR DS:[EDI+4],AX
MOV EAX,DWORD PTR SS:[LOCAL.40]
CMP EAX,ESI
JE SHORT 0043170E
MOV DWORD PTR DS:[EAX],ESI
MOV EAX,DWORD PTR SS:[LOCAL.39]
JMP 00431860
PUSH ESI
CALL 0042E280

; /Arg1
; \SystemIn

MOV EDI,83
POP ECX
MOV DWORD PTR SS:[LOCAL.44],EAX
CMP EAX,EDI
JNB SHORT 0043175B
PUSH ESI
PUSH DWORD PTR SS:[LOCAL.38]

; /Arg2
; |Arg1 =>

CALL 0042E980

; \SystemIn

POP ECX
POP ECX
TEST EAX,EAX
JE 004317F5
PUSH ESI
PUSH DWORD PTR SS:[LOCAL.42]

; /Arg2
; |Arg1 =>

CALL 0042E980

; \SystemIn

POP ECX
POP ECX
TEST EAX,EAX
JE 004317F5
AND DWORD PTR SS:[LOCAL.45],00000000
LEA EAX,[LOCAL.37]
PUSH ESI
PUSH EAX

; /Arg2
; |Arg1 =>

CALL 0043132B

; \SystemIn

POP ECX
POP ECX
TEST EAX,EAX
JNE 0043185E
LEA EAX,[LOCAL.37]

0043177F |. 50
OFFSET LOCAL.37
00431780 |. 53
00431781 |. 50
OFFSET LOCAL.37
00431782 |. E8 397B0000
fo.004392C0
00431787 |. 83C4 0C
0043178A |. 85C0
0043178C |. 0F84 CC000000
00431792 |. 0FB743 04
00431796 |. 8B8D 54FFFFFF
0043179C |. 8901
0043179E |. 8D85 6CFFFFFF
004317A4 |. 50
OFFSET LOCAL.37
004317A5 |. 57
004317A6 |. FFB5 68FFFFFF
[LOCAL.38]
004317AC |. E8 A3FCFFFF
fo.00431454
004317B1 |. 83C4 0C
004317B4 |. 803E 00
004317B7 |. 74 0A
004317B9 |. 8B85 50FFFFFF
004317BF |. 3BC7
004317C1 |. 72 0B
004317C3 |> 8B85 4CFFFFFF
004317C9 |. BE 77874400
004317CE |> 40
004317CF |. 50
004317D0 |. 56
004317D1 |. 57
004317D2 |. FFB5 58FFFFFF
[LOCAL.42]
004317D8 |. E8 73740000
fo.00438C50
004317DD |. 83C4 10
004317E0 |. 85C0
004317E2 |. 74 11
004317E4 |. 33F6
004317E6 |. 56
004317E7 |. 56
004317E8 |. 56
004317E9 |. 56
004317EA |. 56
004317EB |. E8 4ACFFFFF
004317F0 |. 83C4 14
004317F3 |. EB 02
004317F5 |> 33F6
004317F7 |> 39B5 5CFFFFFF
004317FD |. 74 11
004317FF |. 6A 06
00431801 |. 53
00431802 |. FFB5 5CFFFFFF
[LOCAL.41]
00431808 |. E8 E3D9FFFF
fo.0042F1F0
0043180D |. 83C4 0C
00431810 |> 39B5 60FFFFFF

PUSH EAX

; /Arg3 =>

PUSH EBX
PUSH EAX

; |Arg2
; |Arg1 =>

CALL 004392C0

; \SystemIn

ADD ESP,0C
TEST EAX,EAX
JE 0043185E
MOVZX EAX,WORD PTR DS:[EBX+4]
MOV ECX,DWORD PTR SS:[LOCAL.43]
MOV DWORD PTR DS:[ECX],EAX
LEA EAX,[LOCAL.37]
PUSH EAX

; /Arg3 =>

PUSH EDI
PUSH DWORD PTR SS:[LOCAL.38]

; |Arg2
; |Arg1 =>

CALL 00431454

; \SystemIn

ADD ESP,0C
CMP BYTE PTR DS:[ESI],0
JE SHORT 004317C3
MOV EAX,DWORD PTR SS:[LOCAL.44]
CMP EAX,EDI
JB SHORT 004317CE
MOV EAX,DWORD PTR SS:[LOCAL.45]
MOV ESI,OFFSET 00448777
INC EAX
PUSH EAX
PUSH ESI
PUSH EDI
PUSH DWORD PTR SS:[LOCAL.42]

;
;
;
;

CALL 00438C50

; \SystemIn

ADD ESP,10
TEST EAX,EAX
JE SHORT 004317F5
XOR ESI,ESI
PUSH ESI
PUSH ESI
PUSH ESI
PUSH ESI
PUSH ESI
CALL 0042E73A
ADD ESP,14
JMP SHORT 004317F7
XOR ESI,ESI
CMP DWORD PTR SS:[LOCAL.41],ESI
JE SHORT 00431810
PUSH 6
PUSH EBX
PUSH DWORD PTR SS:[LOCAL.41]

; /Arg3 = 6
; |Arg2
; |Arg1 =>

CALL 0042F1F0

; \SystemIn

ADD ESP,0C
CMP DWORD PTR SS:[LOCAL.40],ESI

/Arg4
|Arg3
|Arg2
|Arg1 =>

00431816 |. 74 16
00431818 |. 6A 04
0043181A |. FFB5 54FFFFFF
[LOCAL.43]
00431820 |. FFB5 60FFFFFF
[LOCAL.40]
00431826 |. E8 C5D9FFFF
fo.0042F1F0
0043182B |. 83C4 0C
0043182E |> FFB5 68FFFFFF
[LOCAL.38]
00431834 |. FF75 10
[ARG.3]
00431837 |. FFB5 64FFFFFF
[LOCAL.39]
0043183D |. E8 3D410000
fo.0043597F
00431842 |. 83C4 0C
00431845 |. 85C0
00431847 |. 74 0D
00431849 |. 56
0043184A |. 56
0043184B |. 56
0043184C |. 56
0043184D |. 56
0043184E |. E8 E7CEFFFF
00431853 |. 83C4 14
00431856 |> 8B85 68FFFFFF
0043185C |. EB 02
0043185E |> 33C0
00431860 |> 8B4D FC
00431863 |. 5F
00431864 |. 5E
00431865 |. 33CD
00431867 |. 5B
00431868 |. E8 84CEFFFF
0043186D |. C9
0043186E \. C3
0043186F /$ 8BFF
o.0043186F(guessed Arg1)
00431871 |. 55
00431872 |. 8BEC
00431874 |. 81EC C4010000
0043187A |. A1 A0154500
0043187F |. 33C5
00431881 |. 8945 FC
00431884 |. 53
00431885 |. 57
00431886 |. 8BD9
00431888 |. E8 853A0000
fo.00435312
0043188D |. FF75 08
[ARG.1]
00431890 |. 8BF8
00431892 |. 8D85 68FEFFFF
00431898 |. 50
OFFSET LOCAL.102
00431899 |. 8D85 50FEFFFF
0043189F |. 50
OFFSET LOCAL.108

JE SHORT 0043182E
PUSH 4
PUSH DWORD PTR SS:[LOCAL.43]

; /Arg3 = 4
; |Arg2 =>

PUSH DWORD PTR SS:[LOCAL.40]

; |Arg1 =>

CALL 0042F1F0

; \SystemIn

ADD ESP,0C
PUSH DWORD PTR SS:[LOCAL.38]

; /Arg3 =>

PUSH DWORD PTR SS:[ARG.3]

; |Arg2 =>

PUSH DWORD PTR SS:[LOCAL.39]

; |Arg1 =>

CALL 0043597F

; \SystemIn

ADD ESP,0C
TEST EAX,EAX
JE SHORT 00431856
PUSH ESI
PUSH ESI
PUSH ESI
PUSH ESI
PUSH ESI
CALL 0042E73A
ADD ESP,14
MOV EAX,DWORD PTR SS:[LOCAL.38]
JMP SHORT 00431860
XOR EAX,EAX
MOV ECX,DWORD PTR SS:[LOCAL.1]
POP EDI
POP ESI
XOR ECX,EBP
POP EBX
CALL 0042E6F1
LEAVE
RETN
MOV EDI,EDI

; SystemInf

PUSH EBP
MOV EBP,ESP
SUB ESP,1C4
MOV EAX,DWORD PTR DS:[4515A0]
XOR EAX,EBP
MOV DWORD PTR SS:[LOCAL.1],EAX
PUSH EBX
PUSH EDI
MOV EBX,ECX
CALL 00435312

; [SystemIn

PUSH DWORD PTR SS:[ARG.1]

; /Arg6 =>

MOV EDI,EAX
LEA EAX,[LOCAL.102]
PUSH EAX

; |
; |
; |Arg5 =>

LEA EAX,[LOCAL.108]
PUSH EAX

; |
; |Arg4 =>

004318A0 |. 68 83000000
3
004318A5 |. 8D85 78FFFFFF
004318AB |. 50
OFFSET LOCAL.34
004318AC |. 53
004318AD |. 81C7 D0010000
004318B3 |. E8 86FDFFFF
fo.0043163E
004318B8 |. 83C4 18
004318BB |. 85C0
004318BD |. 75 07
004318BF |> 33C0
004318C1 |. E9 9D020000
004318C6 |> 8B45 08
004318C9 |. C1E0 04
004318CC |. 8D1C30
004318CF |. FF73 48
004318D2 |. 8D85 78FFFFFF
004318D8 |. 50
OFFSET LOCAL.34
004318D9 |. E8 A2D0FFFF
fo.0042E980
004318DE |. 59
004318DF |. 59
004318E0 |. 85C0
004318E2 |. 0F84 78020000
004318E8 |. 8D85 78FFFFFF
004318EE |. 50
OFFSET LOCAL.34
004318EF |. E8 8CC9FFFF
fo.0042E280
004318F4 |. 83C0 05
004318F7 |. 50
004318F8 |. 8985 74FEFFFF
004318FE |. E8 10350000
fo.00434E13
00431903 |. 59
00431904 |. 59
00431905 |. 8985 70FEFFFF
0043190B |. 85C0
0043190D |.^ 74 B0
0043190F |. 8B43 48
00431912 |. 8B4D 08
00431915 |. 8985 5CFEFFFF
0043191B |. 8D448E 0C
0043191F |. 83C1 06
00431922 |. 6BC9 06
00431925 |. 8985 6CFEFFFF
0043192B |. 8B00
0043192D |. 8985 58FEFFFF
00431933 |. 8D0431
00431936 |. 6A 06
00431938 |. 50
00431939 |. 8985 64FEFFFF
0043193F |. 8D85 3CFEFFFF
00431945 |. 50
OFFSET LOCAL.113
00431946 |. E8 A5D8FFFF
fo.0042F1F0

PUSH 83

; |Arg3 = 8

LEA EAX,[LOCAL.34]
PUSH EAX

; |
; |Arg2 =>

PUSH EBX
ADD EDI,1D0
CALL 0043163E

; |Arg1
; |
; \SystemIn

ADD ESP,18
TEST EAX,EAX
JNE SHORT 004318C6
XOR EAX,EAX
JMP 00431B63
MOV EAX,DWORD PTR SS:[ARG.1]
SHL EAX,4
LEA EBX,[ESI+EAX]
PUSH DWORD PTR DS:[EBX+48]
LEA EAX,[LOCAL.34]
PUSH EAX

; /Arg2
; |
; |Arg1 =>

CALL 0042E980

; \SystemIn

POP ECX
POP ECX
TEST EAX,EAX
JE 00431B60
LEA EAX,[LOCAL.34]
PUSH EAX

; /Arg1 =>

CALL 0042E280

; \SystemIn

ADD EAX,5
PUSH EAX
MOV DWORD PTR SS:[LOCAL.99],EAX
CALL 00434E13

; /Arg1
; |
; \SystemIn

POP ECX
POP ECX
MOV DWORD PTR SS:[LOCAL.100],EAX
TEST EAX,EAX
JE SHORT 004318BF
MOV EAX,DWORD PTR DS:[EBX+48]
MOV ECX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR SS:[LOCAL.105],EAX
LEA EAX,[ECX*4+ESI+0C]
ADD ECX,6
IMUL ECX,ECX,6
MOV DWORD PTR SS:[LOCAL.101],EAX
MOV EAX,DWORD PTR DS:[EAX]
MOV DWORD PTR SS:[LOCAL.106],EAX
LEA EAX,[ESI+ECX]
PUSH 6
PUSH EAX
MOV DWORD PTR SS:[LOCAL.103],EAX
LEA EAX,[LOCAL.113]
PUSH EAX

;
;
;
;
;

CALL 0042F1F0

; \SystemIn

/Arg3 = 6
|Arg2
|
|
|Arg1 =>

0043194B |. 8B46 04
0043194E |. 8D8D 78FFFFFF
00431954 |. 51
OFFSET LOCAL.34
00431955 |. 8B8D 74FEFFFF
0043195B |. 8985 4CFEFFFF
00431961 |. 8B85 70FEFFFF
00431967 |. 83C1 FC
0043196A |. 83C0 04
0043196D |. 51
0043196E |. 50
0043196F |. E8 0B400000
fo.0043597F
00431974 |. 83C4 18
00431977 |. 85C0
00431979 |. 74 0F
0043197B |. 33C0
0043197D |. 50
0043197E |. 50
0043197F |. 50
00431980 |. 50
00431981 |. 50
00431982 |. E8 B3CDFFFF
00431987 |. 83C4 14
0043198A |> 8B85 70FEFFFF
00431990 |. 8B8D 6CFEFFFF
00431996 |. 83C0 04
00431999 |. 8943 48
0043199C |. 0FB785 50FEFF
004319A3 |. 8901
004319A5 |. 6A 06
004319A7 |. 8D85 50FEFFFF
004319AD |. 50
OFFSET LOCAL.108
004319AE |. FFB5 64FEFFFF
[LOCAL.103]
004319B4 |. E8 37D8FFFF
fo.0042F1F0
004319B9 |. 83C4 0C
004319BC |. 837D 08 02
004319C0 |. 0F85 F7000000
004319C6 |. 8B85 68FEFFFF
004319CC |. 83A5 74FEFFFF
004319D3 |. 8946 04
004319D6 |. 8B47 24
004319D9 |. 8B4F 20
004319DC |. 8985 64FEFFFF
004319E2 |. 8BC7
004319E4 |> 8B56 04
004319E7 |. 3B10
004319E9 |. 74 36
004319EB |. 8B10
004319ED |. FF85 74FEFFFF
004319F3 |. 8908
004319F5 |. 8B8D 64FEFFFF
004319FB |. 8995 44FEFFFF
00431A01 |. 8B50 04
00431A04 |. 8948 04
00431A07 |. 8B8D 44FEFFFF
00431A0D |. 83C0 08

MOV EAX,DWORD PTR DS:[ESI+4]


LEA ECX,[LOCAL.34]
PUSH ECX

; /Arg3 =>

MOV ECX,DWORD PTR SS:[LOCAL.99]


MOV DWORD PTR SS:[LOCAL.109],EAX
MOV EAX,DWORD PTR SS:[LOCAL.100]
ADD ECX,-4
ADD EAX,4
PUSH ECX
PUSH EAX
CALL 0043597F

;
;
;
;
;
;
;
;

ADD ESP,18
TEST EAX,EAX
JE SHORT 0043198A
XOR EAX,EAX
PUSH EAX
PUSH EAX
PUSH EAX
PUSH EAX
PUSH EAX
CALL 0042E73A
ADD ESP,14
MOV EAX,DWORD PTR SS:[LOCAL.100]
MOV ECX,DWORD PTR SS:[LOCAL.101]
ADD EAX,4
MOV DWORD PTR DS:[EBX+48],EAX
MOVZX EAX,WORD PTR SS:[LOCAL.108]
MOV DWORD PTR DS:[ECX],EAX
PUSH 6
LEA EAX,[LOCAL.108]
PUSH EAX

; /Arg3 = 6
; |
; |Arg2 =>

PUSH DWORD PTR SS:[LOCAL.103]

; |Arg1 =>

CALL 0042F1F0

; \SystemIn

ADD ESP,0C
CMP DWORD PTR SS:[ARG.1],2
JNE 00431ABD
MOV EAX,DWORD PTR SS:[LOCAL.102]
AND DWORD PTR SS:[LOCAL.99],00000000
MOV DWORD PTR DS:[ESI+4],EAX
MOV EAX,DWORD PTR DS:[EDI+24]
MOV ECX,DWORD PTR DS:[EDI+20]
MOV DWORD PTR SS:[LOCAL.103],EAX
MOV EAX,EDI
/MOV EDX,DWORD PTR DS:[ESI+4]
|CMP EDX,DWORD PTR DS:[EAX]
|JE SHORT 00431A21
|MOV EDX,DWORD PTR DS:[EAX]
|INC DWORD PTR SS:[LOCAL.99]
|MOV DWORD PTR DS:[EAX],ECX
|MOV ECX,DWORD PTR SS:[LOCAL.103]
|MOV DWORD PTR SS:[LOCAL.111],EDX
|MOV EDX,DWORD PTR DS:[EAX+4]
|MOV DWORD PTR DS:[EAX+4],ECX
|MOV ECX,DWORD PTR SS:[LOCAL.111]
|ADD EAX,8

|
|
|
|
|
|Arg2
|Arg1
\SystemIn

00431A10 |. 83BD 74FEFFFF


00431A17 |. 8995 64FEFFFF
00431A1D |.^ 7C C5
00431A1F |. EB 22
00431A21 |> 8B85 74FEFFFF
00431A27 |. 85C0
00431A29 |. 74 18
00431A2B |. 8D04C7
00431A2E |. 8B10
00431A30 |. 8917
00431A32 |. 8B50 04
00431A35 |. 8957 04
00431A38 |. 8908
00431A3A |. 8B8D 64FEFFFF
00431A40 |. 8948 04
00431A43 |> 83BD 74FEFFFF
00431A4A |. 75 68
00431A4C |. 6A 01
00431A4E |. FF76 14
00431A51 |. 8D85 78FEFFFF
00431A57 |. FF76 04
00431A5A |. 50
OFFSET LOCAL.98
00431A5B |. 6A 7F
F
00431A5D |. 68 809E4400
ystemInfo.449E80
00431A62 |. 6A 01
00431A64 |. 6A 00
00431A66 |. E8 ED490000
fo.00436458
00431A6B |. 83C4 20
00431A6E |. 85C0
00431A70 |. 74 39
00431A72 |. 33C0
00431A74 |> B9 FF010000
00431A79 |. 66:218C45 78F
00431A81 |. 40
00431A82 |. 83F8 7F
00431A85 |.^ 72 ED
00431A87 |. 68 FE000000
FE
00431A8C |. FF35 18164500
ystemInfo.44A23C
00431A92 |. 8D85 78FEFFFF
00431A98 |. 50
OFFSET LOCAL.98
00431A99 |. E8 6DDDFFFF
fo.0042F80B
00431A9E |. 83C4 0C
00431AA1 |. F7D8
EAX to boolean
00431AA3 |. 1BC0
00431AA5 |. 40
00431AA6 |. 8947 04
00431AA9 |. EB 04
00431AAB |> 8367 04 00
00431AAF |> 8B46 04
00431AB2 |. 8907
00431AB4 |> 8B47 04

|CMP DWORD PTR SS:[LOCAL.99],5


|MOV DWORD PTR SS:[LOCAL.103],EDX
\JL SHORT 004319E4
JMP SHORT 00431A43
MOV EAX,DWORD PTR SS:[LOCAL.99]
TEST EAX,EAX
JE SHORT 00431A43
LEA EAX,[EAX*8+EDI]
MOV EDX,DWORD PTR DS:[EAX]
MOV DWORD PTR DS:[EDI],EDX
MOV EDX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR DS:[EDI+4],EDX
MOV DWORD PTR DS:[EAX],ECX
MOV ECX,DWORD PTR SS:[LOCAL.103]
MOV DWORD PTR DS:[EAX+4],ECX
CMP DWORD PTR SS:[LOCAL.99],5
JNE SHORT 00431AB4
PUSH 1
PUSH DWORD PTR DS:[ESI+14]
LEA EAX,[LOCAL.98]
PUSH DWORD PTR DS:[ESI+4]
PUSH EAX

;
;
;
;
;

PUSH 7F

; |Arg4 = 7

PUSH OFFSET 00449E80

; |Arg3 = S

PUSH 1
PUSH 0
CALL 00436458

; |Arg2 = 1
; |Arg1 = 0
; \SystemIn

ADD ESP,20
TEST EAX,EAX
JE SHORT 00431AAB
XOR EAX,EAX
/MOV ECX,1FF
|AND WORD PTR SS:[EAX*2+EBP-188],CX
|INC EAX
|CMP EAX,7F
\JB SHORT 00431A74
PUSH 0FE

; /Arg3 = 0

PUSH DWORD PTR DS:[451618]

; |Arg2 = S

LEA EAX,[LOCAL.98]
PUSH EAX

; |
; |Arg1 =>

CALL 0042F80B

; \SystemIn

ADD ESP,0C
NEG EAX

; Converts

SBB
INC
MOV
JMP
AND
MOV
MOV
MOV

EAX,EAX
EAX
DWORD PTR DS:[EDI+4],EAX
SHORT 00431AAF
DWORD PTR DS:[EDI+4],00000000
EAX,DWORD PTR DS:[ESI+4]
DWORD PTR DS:[EDI],EAX
EAX,DWORD PTR DS:[EDI+4]

/Arg8 = 1
|Arg7
|
|Arg6
|Arg5 =>

00431AB7 |. 8986 A8000000


00431ABD |> 837D 08 01
00431AC1 |. 75 09
00431AC3 |. 8B85 68FEFFFF
00431AC9 |. 8946 08
00431ACC |> 8B45 08
00431ACF |. 6BC0 0C
00431AD2 |. 56
00431AD3 |. FF90 409E4400
00431AD9 |. 59
00431ADA |. 85C0
00431ADC |. 74 31
00431ADE |. 8B85 5CFEFFFF
00431AE4 |. FFB5 70FEFFFF
[LOCAL.100]
00431AEA |. 8943 48
00431AED |. E8 EC160000
fo.004331DE
00431AF2 |. 8B85 58FEFFFF
00431AF8 |. 59
00431AF9 |. 8B8D 6CFEFFFF
00431AFF |. 8901
00431B01 |. 8B85 4CFEFFFF
00431B07 |. 8946 04
00431B0A |.^ E9 B0FDFFFF
00431B0F |> 81BD 5CFEFFFF
00431B19 |. 74 2D
00431B1B |. 8B45 08
00431B1E |. 83C0 05
00431B21 |. C1E0 04
00431B24 |. 8D3C30
00431B27 |. FF37
00431B29 |. FF15 34814400
.InterlockedDecrement
00431B2F |. 85C0
00431B31 |. 75 15
00431B33 |. FF37
00431B35 |. E8 A4160000
fo.004331DE
00431B3A |. FF73 54
00431B3D |. E8 9C160000
fo.004331DE
00431B42 |. 8363 4C 00
00431B46 |. 59
00431B47 |. 59
00431B48 |> 8B4D 08
00431B4B |. 8B85 70FEFFFF
00431B51 |. 83C1 05
00431B54 |. C1E1 04
00431B57 |. C700 01000000
00431B5D |. 890431
00431B60 |> 8B43 48
00431B63 |> 8B4D FC
00431B66 |. 5F
00431B67 |. 33CD
00431B69 |. 5B
00431B6A |. E8 82CBFFFF
00431B6F |. C9
00431B70 \. C3
00431B71 /$ 8BFF

MOV DWORD PTR DS:[ESI+0A8],EAX


CMP DWORD PTR SS:[ARG.1],1
JNE SHORT 00431ACC
MOV EAX,DWORD PTR SS:[LOCAL.102]
MOV DWORD PTR DS:[ESI+8],EAX
MOV EAX,DWORD PTR SS:[ARG.1]
IMUL EAX,EAX,0C
PUSH ESI
CALL DWORD PTR DS:[EAX+449E40]
POP ECX
TEST EAX,EAX
JE SHORT 00431B0F
MOV EAX,DWORD PTR SS:[LOCAL.105]
PUSH DWORD PTR SS:[LOCAL.100]

; /Arg1 =>

MOV DWORD PTR DS:[EBX+48],EAX


CALL 004331DE

; |
; \SystemIn

MOV EAX,DWORD PTR SS:[LOCAL.106]


POP ECX
MOV ECX,DWORD PTR SS:[LOCAL.101]
MOV DWORD PTR DS:[ECX],EAX
MOV EAX,DWORD PTR SS:[LOCAL.109]
MOV DWORD PTR DS:[ESI+4],EAX
JMP 004318BF
CMP DWORD PTR SS:[LOCAL.105],OFFSET 0045
JE SHORT 00431B48
MOV EAX,DWORD PTR SS:[ARG.1]
ADD EAX,5
SHL EAX,4
LEA EDI,[ESI+EAX]
PUSH DWORD PTR DS:[EDI]
; /pTarget
CALL DWORD PTR DS:[<&KERNEL32.Interlocke ; \KERNEL32
TEST EAX,EAX
JNE SHORT 00431B48
PUSH DWORD PTR DS:[EDI]
CALL 004331DE

; /Arg1
; \SystemIn

PUSH DWORD PTR DS:[EBX+54]


CALL 004331DE

; /Arg1
; \SystemIn

AND DWORD PTR


POP ECX
POP ECX
MOV ECX,DWORD
MOV EAX,DWORD
ADD ECX,5
SHL ECX,4
MOV DWORD PTR
MOV DWORD PTR
MOV EAX,DWORD
MOV ECX,DWORD
POP EDI
XOR ECX,EBP
POP EBX
CALL 0042E6F1
LEAVE
RETN
MOV EDI,EDI

; SystemInf

DS:[EBX+4C],00000000
PTR SS:[ARG.1]
PTR SS:[LOCAL.100]
DS:[EAX],1
DS:[ESI+ECX],EAX
PTR DS:[EBX+48]
PTR SS:[LOCAL.1]

o.00431B71(guessed Arg1)
00431B73 |. 55
00431B74 |. 8BEC
00431B76 |. 81EC 98000000
00431B7C |. A1 A0154500
00431B81 |. 33C5
00431B83 |. 8945 FC
00431B86 |. 8B45 08
00431B89 |. 53
00431B8A |. 56
00431B8B |. 33DB
00431B8D |. 8BF2
00431B8F |. 57
00431B90 |. 89B5 68FFFFFF
00431B96 |. 3BC3
00431B98 |. 74 1C
00431B9A |. 3BCB
00431B9C |. 74 0C
00431B9E |. 50
[ARG.1]
00431B9F |. E8 CBFCFFFF
fo.0043186F
00431BA4 |. 59
00431BA5 |. E9 D3010000
00431BAA |> C1E0 04
00431BAD |. 8B4430 48
00431BB1 |. E9 C7010000
00431BB6 |> C785 70FFFFFF
00431BC0 |. 899D 74FFFFFF
00431BC6 |. 3BCB
00431BC8 |. 0F84 AA010000
00431BCE |. 8039 4C
00431BD1 |. 0F85 30010000
00431BD7 |. 8079 01 43
00431BDB |. 0F85 26010000
00431BE1 |. 8079 02 5F
00431BE5 |. 0F85 1C010000
00431BEB |. 8BF9
00431BED |> 68 109F4400
SCII "=;"
00431BF2 |. 57
00431BF3 |. E8 88790000
fo.00439580
00431BF8 |. 8BD8
00431BFA |. 59
00431BFB |. 59
00431BFC |. 85DB
00431BFE |. 0F84 FF000000
00431C04 |. 2BC7
00431C06 |. 8985 70FFFFFF
00431C0C |. 0F84 F1000000
00431C12 |. 803B 3B
00431C15 |. 0F84 E8000000
00431C1B |. C785 6CFFFFFF
00431C25 |. BE 449E4400
CII "LC_COLLATE"
00431C2A |. EB 06
00431C2C |> 8B85 70FFFFFF
00431C32 |> 50
00431C33 |. 57

PUSH EBP
MOV EBP,ESP
SUB ESP,98
MOV EAX,DWORD PTR DS:[4515A0]
XOR EAX,EBP
MOV DWORD PTR SS:[LOCAL.1],EAX
MOV EAX,DWORD PTR SS:[ARG.1]
PUSH EBX
PUSH ESI
XOR EBX,EBX
MOV ESI,EDX
PUSH EDI
MOV DWORD PTR SS:[LOCAL.38],ESI
CMP EAX,EBX
JE SHORT 00431BB6
CMP ECX,EBX
JE SHORT 00431BAA
PUSH EAX

; /Arg1 =>

CALL 0043186F

; \SystemIn

POP ECX
JMP 00431D7D
SHL EAX,4
MOV EAX,DWORD PTR DS:[ESI+EAX+48]
JMP 00431D7D
MOV DWORD PTR SS:[LOCAL.36],1
MOV DWORD PTR SS:[LOCAL.35],EBX
CMP ECX,EBX
JE 00431D78
CMP BYTE PTR DS:[ECX],4C
JNE 00431D07
CMP BYTE PTR DS:[ECX+1],43
JNE 00431D07
CMP BYTE PTR DS:[ECX+2],5F
JNE 00431D07
MOV EDI,ECX
/PUSH OFFSET 00449F10

; /Arg2 = A

|PUSH EDI
|CALL 00439580

; |Arg1
; \SystemIn

|MOV EBX,EAX
|POP ECX
|POP ECX
|TEST EBX,EBX
|JE 00431D03
|SUB EAX,EDI
|MOV DWORD PTR SS:[LOCAL.36],EAX
|JE 00431D03
|CMP BYTE PTR DS:[EBX],3B
|JE 00431D03
|MOV DWORD PTR SS:[LOCAL.37],1
|MOV ESI,OFFSET 00449E44

; PTR to AS

|JMP SHORT 00431C32


|/MOV EAX,DWORD PTR SS:[LOCAL.36]
||PUSH EAX
||PUSH EDI

; /Arg3
; |Arg2

00431C34 |. FF36
00431C36 |. E8 76780000
fo.004394B1
00431C3B |. 83C4 0C
00431C3E |. 85C0
00431C40 |. 75 10
00431C42 |. FF36
00431C44 |. E8 37C6FFFF
fo.0042E280
00431C49 |. 59
00431C4A |. 3985 70FFFFFF
00431C50 |. 74 11
00431C52 |> FF85 6CFFFFFF
00431C58 |. 83C6 0C
00431C5B |. 81FE 749E4400
CII "LC_TIME"
00431C61 |.^ 7E C9
00431C63 |> 43
00431C64 |. 68 089F4400
ystemInfo.449F08
00431C69 |. 53
00431C6A |. E8 11DAFFFF
fo.0042F680
00431C6F |. 8BF8
00431C71 |. 33F6
00431C73 |. 59
00431C74 |. 59
00431C75 |. 3BFE
00431C77 |. 75 09
00431C79 |. 803B 3B
00431C7C |. 0F85 81000000
00431C82 |> 83BD 6CFFFFFF
00431C89 |. 7F 51
00431C8B |. 57
00431C8C |. 53
00431C8D |. 8D85 78FFFFFF
00431C93 |. 68 83000000
3
00431C98 |. 50
OFFSET LOCAL.34
00431C99 |. E8 B26F0000
fo.00438C50
00431C9E |. 83C4 10
00431CA1 |. 85C0
00431CA3 |. 74 0D
00431CA5 |. 56
00431CA6 |. 56
00431CA7 |. 56
00431CA8 |. 56
00431CA9 |. 56
00431CAA |. E8 8BCAFFFF
00431CAF |. 83C4 14
00431CB2 |> FFB5 6CFFFFFF
[LOCAL.37]
00431CB8 |. 8BB5 68FFFFFF
00431CBE |. 8D8D 78FFFFFF
00431CC4 |. C6843D 78FFFF
00431CCC |. E8 9EFBFFFF
fo.0043186F
00431CD1 |. 59

||PUSH DWORD PTR DS:[ESI]


||CALL 004394B1

; |Arg1
; \SystemIn

||ADD ESP,0C
||TEST EAX,EAX
||JNE SHORT 00431C52
||PUSH DWORD PTR DS:[ESI]
||CALL 0042E280

; /Arg1
; \SystemIn

||POP ECX
||CMP DWORD PTR SS:[LOCAL.36],EAX
||JE SHORT 00431C63
||INC DWORD PTR SS:[LOCAL.37]
||ADD ESI,0C
||CMP ESI,OFFSET 00449E74

; PTR to AS

|\JLE SHORT 00431C2C


|INC EBX
|PUSH OFFSET 00449F08

; /Arg2 = S

|PUSH EBX
|CALL 0042F680

; |Arg1
; \SystemIn

|MOV EDI,EAX
|XOR ESI,ESI
|POP ECX
|POP ECX
|CMP EDI,ESI
|JNE SHORT 00431C82
|CMP BYTE PTR DS:[EBX],3B
|JNE 00431D03
|CMP DWORD PTR SS:[LOCAL.37],5
|JG SHORT 00431CDC
|PUSH EDI
|PUSH EBX
|LEA EAX,[LOCAL.34]
|PUSH 83

;
;
;
;

|PUSH EAX

; |Arg1 =>

|CALL 00438C50

; \SystemIn

|ADD ESP,10
|TEST EAX,EAX
|JE SHORT 00431CB2
|PUSH ESI
|PUSH ESI
|PUSH ESI
|PUSH ESI
|PUSH ESI
|CALL 0042E73A
|ADD ESP,14
|PUSH DWORD PTR SS:[LOCAL.37]

; /Arg1 =>

|MOV ESI,DWORD PTR SS:[LOCAL.38]


|LEA ECX,[LOCAL.34]
|MOV BYTE PTR SS:[EDI+EBP-88],0
|CALL 0043186F

;
;
;
;

|POP ECX

/Arg4
|Arg3
|
|Arg2 = 8

|
|
|
\SystemIn

00431CD2 |. 85C0
00431CD4 |. 74 06
00431CD6 |. FF85 74FFFFFF
00431CDC |> 03FB
00431CDE |. 803F 00
00431CE1 |. 74 0A
00431CE3 |. 47
00431CE4 |. 803F 00
00431CE7 |.^ 0F85 00FFFFFF
00431CED |> 33C0
00431CEF |. 3985 74FFFFFF
00431CF5 |. 0F84 82000000
00431CFB |. 8BB5 68FFFFFF
00431D01 |. EB 75
00431D03 |> 33C0
00431D05 |. EB 76
00431D07 |> 53
0
00431D08 |. 53
0
00431D09 |. 53
0
00431D0A |. 68 83000000
3
00431D0F |. 8D85 78FFFFFF
00431D15 |. 50
OFFSET LOCAL.34
00431D16 |. 51
ARG.ECX
00431D17 |. E8 22F9FFFF
fo.0043163E
00431D1C |. 83C4 18
00431D1F |. 3BC3
00431D21 |. 74 5A
00431D23 |. 8D7E 48
00431D26 |> 85DB
00431D28 |. 74 33
00431D2A |. FF37
00431D2C |. 8D85 78FFFFFF
00431D32 |. 50
OFFSET LOCAL.34
00431D33 |. E8 48CCFFFF
fo.0042E980
00431D38 |. 59
00431D39 |. 59
00431D3A |. 85C0
00431D3C |. 74 19
00431D3E |. 53
00431D3F |. 8D8D 78FFFFFF
00431D45 |. E8 25FBFFFF
fo.0043186F
00431D4A |. 59
00431D4B |. 85C0
00431D4D |. 75 08
00431D4F |. 2185 70FFFFFF
00431D55 |. EB 06
00431D57 |> FF85 74FFFFFF
00431D5D |> 43
00431D5E |. 83C7 10
00431D61 |. 83FB 05

|TEST EAX,EAX
|JE SHORT 00431CDC
|INC DWORD PTR SS:[LOCAL.35]
|ADD EDI,EBX
|CMP BYTE PTR DS:[EDI],0
|JE SHORT 00431CED
|INC EDI
|CMP BYTE PTR DS:[EDI],0
\JNE 00431BED
XOR EAX,EAX
CMP DWORD PTR SS:[LOCAL.35],EAX
JE 00431D7D
MOV ESI,DWORD PTR SS:[LOCAL.38]
JMP SHORT 00431D78
XOR EAX,EAX
JMP SHORT 00431D7D
PUSH EBX

; /Arg6 =>

PUSH EBX

; |Arg5 =>

PUSH EBX

; |Arg4 =>

PUSH 83

; |Arg3 = 8

LEA EAX,[LOCAL.34]
PUSH EAX

; |
; |Arg2 =>

PUSH ECX

; |Arg1 =>

CALL 0043163E

; \SystemIn

ADD ESP,18
CMP EAX,EBX
JE SHORT 00431D7D
LEA EDI,[ESI+48]
/TEST EBX,EBX
|JE SHORT 00431D5D
|PUSH DWORD PTR DS:[EDI]
|LEA EAX,[LOCAL.34]
|PUSH EAX

; /Arg2
; |
; |Arg1 =>

|CALL 0042E980

; \SystemIn

|POP ECX
|POP ECX
|TEST EAX,EAX
|JE SHORT 00431D57
|PUSH EBX
|LEA ECX,[LOCAL.34]
|CALL 0043186F

; /Arg1
; |
; \SystemIn

|POP ECX
|TEST EAX,EAX
|JNE SHORT 00431D57
|AND DWORD PTR SS:[LOCAL.36],EAX
|JMP SHORT 00431D5D
|INC DWORD PTR SS:[LOCAL.35]
|INC EBX
|ADD EDI,10
|CMP EBX,5

00431D64 |.^ 7E C0
\JLE SHORT 00431D26
00431D66 |. 33C0
XOR EAX,EAX
00431D68 |. 3985 70FFFFFF CMP DWORD PTR SS:[LOCAL.36],EAX
00431D6E |. 75 08
JNE SHORT 00431D78
00431D70 |. 3985 74FFFFFF CMP DWORD PTR SS:[LOCAL.35],EAX
00431D76 |. 74 05
JE SHORT 00431D7D
00431D78 |> E8 44F7FFFF CALL 004314C1
00431D7D |> 8B4D FC
MOV ECX,DWORD PTR SS:[LOCAL.1]
00431D80 |. 5F
POP EDI
00431D81 |. 5E
POP ESI
00431D82 |. 33CD
XOR ECX,EBP
00431D84 |. 5B
POP EBX
00431D85 |. E8 67C9FFFF CALL 0042E6F1
00431D8A |. C9
LEAVE
00431D8B \. C3
RETN
00431D8C /$ 6A 14
PUSH 14
o.00431D8C(guessed Arg1,Arg2)
00431D8E |. 68 D0EF4400 PUSH OFFSET 0044EFD0
00431D93 |. E8 546C0000 CALL 004389EC
00431D98 |. 33DB
XOR EBX,EBX
00431D9A |. 895D E0
MOV DWORD PTR SS:[EBP-20],EBX
00431D9D |. 837D 08 05
CMP DWORD PTR SS:[EBP+8],5
00431DA1 |. 76 1F
JBE SHORT 00431DC2
00431DA3 |. E8 55260000 CALL 004343FD
fo.004343FD
00431DA8 |. C700 16000000 MOV DWORD PTR DS:[EAX],16
00431DAE |. 53
PUSH EBX
00431DAF |. 53
PUSH EBX
00431DB0 |. 53
PUSH EBX
00431DB1 |. 53
PUSH EBX
00431DB2 |. 53
PUSH EBX
00431DB3 |. E8 AACAFFFF CALL 0042E862
fo.0042E862
00431DB8 |. 83C4 14
ADD ESP,14
00431DBB |. 33C0
XOR EAX,EAX
00431DBD |. E9 2C010000 JMP 00431EEE
00431DC2 |> E8 4B350000 CALL 00435312
fo.00435312
00431DC7 |. 8BF0
MOV ESI,EAX
00431DC9 |. 8975 E4
MOV DWORD PTR SS:[EBP-1C],ESI
00431DCC |. E8 8FF3FFFF CALL 00431160
fo.00431160
00431DD1 |. 834E 70 10
OR DWORD PTR DS:[ESI+70],00000010
00431DD5 |. 895D FC
MOV DWORD PTR SS:[EBP-4],EBX
00431DD8 |. 6A 01
PUSH 1
00431DDA |. 68 D8000000 PUSH 0D8
D8
00431DDF |. E8 74300000 CALL 00434E58
fo.00434E58
00431DE4 |. 59
POP ECX
00431DE5 |. 59
POP ECX
00431DE6 |. 8BF8
MOV EDI,EAX
00431DE8 |. 897D DC
MOV DWORD PTR SS:[EBP-24],EDI
00431DEB |. 3BFB
CMP EDI,EBX
00431DED |. 0F84 EC000000 JE 00431EDF
00431DF3 |. 6A 0C
PUSH 0C
C
00431DF5 |. E8 86680000 CALL 00438680
fo.00438680
00431DFA |. 59
POP ECX

; SystemInf

; [SystemIn
;
;
;
;
;
;

/Arg5
|Arg4
|Arg3
|Arg2
|Arg1
\SystemIn

; [SystemIn

; [SystemIn

; /Arg2 = 1
; |Arg1 = 0
; \SystemIn

; /Arg1 = 0
; \SystemIn

00431DFB |. C745 FC 01000


00431E02 |. 8B4E 6C
00431E05 |. 8BC7
00431E07 |. E8 F0F2FFFF
00431E0C |. 895D FC
00431E0F |. E8 A6000000
fo.00431EBA
00431E14 |. FF75 08
[ARG.EBP+8]
00431E17 |. 8B4D 0C
00431E1A |. 8BD7
00431E1C |. E8 50FDFFFF
fo.00431B71
00431E21 |. 59
00431E22 |. 8945 E0
00431E25 |. 3BC3
00431E27 |. 0F84 A4000000
00431E2D |. 395D 0C
00431E30 |. 74 1D
00431E32 |. 68 001D4500
ystemInfo.451D00
00431E37 |. FF75 0C
[ARG.EBP+0C]
00431E3A |. E8 41CBFFFF
fo.0042E980
00431E3F |. 59
00431E40 |. 59
00431E41 |. 85C0
00431E43 |. 74 0A
00431E45 |. C705 D02C4500
00431E4F |> 6A 0C
C
00431E51 |. E8 2A680000
fo.00438680
00431E56 |. 59
00431E57 |. C745 FC 02000
00431E5E |. 8D5E 6C
00431E61 |. 8BC3
00431E63 |. E8 BAF2FFFF
00431E68 |. 57
00431E69 |. E8 F5F1FFFF
fo.00431063
00431E6E |. 59
00431E6F |. F646 70 02
00431E73 |. 75 32
00431E75 |. F605 F81C4500
00431E7C |. 75 29
00431E7E |. 8B3B
00431E80 |. B8 E01D4500
00431E85 |. E8 98F2FFFF
00431E8A |. 6A 18
8
00431E8C |. A1 E01D4500
00431E91 |. 83C0 0C
00431E94 |. 50
00431E95 |. 68 48304500
ystemInfo.453048
00431E9A |. E8 51D3FFFF
fo.0042F1F0
00431E9F |. 83C4 0C

MOV DWORD PTR SS:[EBP-4],1


MOV ECX,DWORD PTR DS:[ESI+6C]
MOV EAX,EDI
CALL 004310FC
MOV DWORD PTR SS:[EBP-4],EBX
CALL 00431EBA

; [SystemIn

PUSH DWORD PTR SS:[EBP+8]

; /Arg1 =>

MOV ECX,DWORD PTR SS:[EBP+0C]


MOV EDX,EDI
CALL 00431B71

; |
; |
; \SystemIn

POP ECX
MOV DWORD PTR SS:[EBP-20],EAX
CMP EAX,EBX
JE 00431ED1
CMP DWORD PTR SS:[EBP+0C],EBX
JE SHORT 00431E4F
PUSH OFFSET 00451D00

; /Arg2 = S

PUSH DWORD PTR SS:[EBP+0C]

; |Arg1 =>

CALL 0042E980

; \SystemIn

POP ECX
POP ECX
TEST EAX,EAX
JE SHORT 00431E4F
MOV DWORD PTR DS:[452CD0],1
PUSH 0C

; /Arg1 = 0

CALL 00438680

; \SystemIn

POP ECX
MOV DWORD PTR SS:[EBP-4],2
LEA EBX,[ESI+6C]
MOV EAX,EBX
CALL 00431122
PUSH EDI
CALL 00431063

; /Arg1
; \SystemIn

POP ECX
TEST BYTE PTR DS:[ESI+70],02
JNE SHORT 00431EA7
TEST BYTE PTR DS:[451CF8],01
JNE SHORT 00431EA7
MOV EDI,DWORD PTR DS:[EBX]
MOV EAX,OFFSET 00451DE0
CALL 00431122
PUSH 18

; /Arg3 = 1

MOV EAX,DWORD PTR DS:[451DE0]


ADD EAX,0C
PUSH EAX
PUSH OFFSET 00453048

;
;
;
;

CALL 0042F1F0

; \SystemIn

ADD ESP,0C

|
|
|Arg2
|Arg1 = S

00431EA2 |.
00431EA7 |>
00431EAB |.
00431EB0 \.
00431EB2
00431EB3
00431EB4
00431EB5
00431EB6
00431EB7
00431EB8
00431EB9
00431EBA /$
C
00431EBC |.
fo.004385A6
00431EC1 |.
00431EC2 \.
00431EC3
00431EC4
00431EC5
00431EC6 /$
C
00431EC8 |.
fo.004385A6
00431ECD |.
00431ECE \.
00431ECF .
00431ED1 />
00431ED2 |.
fo.00431063
00431ED7 |.
00431ED8 |.
00431EDD |.
00431EDE |.
00431EDF |>
00431EE6 |.
00431EEB |.
00431EEE |>
00431EF3 \.
00431EF4
00431EF5
00431EF6
00431EF7 /$
00431EFB \.
00431EFC
00431EFD
00431EFE
00431EFF
00431F00 /$
00431F01 |.
00431F05 \.
00431F07
00431F0E
00431F10 /$
00431F14 |.
00431F15 |.
00431F1B |.
00431F1D |>
00431F1F |.

E8 2FF3FFFF
8365 FC 00
E8 16000000
EB 2D
8B
7D
DC
8B
75
E4
33
DB
6A 0C

CALL 004311D6
AND DWORD PTR SS:[EBP-4],00000000
CALL 00431EC6
JMP SHORT 00431EDF
DB 8B
DB 7D
DB DC
DB 8B
DB 75
DB E4
DB 33
DB DB
PUSH 0C

E8 E5660000

CALL 004385A6

; \SystemIn

59
C3
8B
75
E4
6A 0C

POP ECX
RETN
DB 8B
DB 75
DB E4
PUSH 0C

; CHAR 'u'

E8 D9660000

CALL 004385A6

; \SystemIn

59
C3
EB 0E
57
E8 8CF1FFFF

POP ECX
RETN
JMP SHORT 00431EDF
PUSH EDI
CALL 00431063

; /Arg1
; \SystemIn

57
E8 AEEFFFFF
59
59
C745 FC FEFFF
E8 0C000000
8B45 E0
E8 3E6B0000
C3
8B
75
E4
8366 70 EF
C3
CC
CC
CC
CC
57
8B7C24 08
EB 6E
8DA424 000000
8BFF
8B4C24 04
57
F7C1 03000000
74 13
8A01
83C1 01

PUSH EDI
CALL 00430E8B
POP ECX
POP ECX
MOV DWORD PTR SS:[EBP-4],-2
CALL 00431EF7
MOV EAX,DWORD PTR SS:[EBP-20]
CALL 00438A31
RETN
DB 8B
DB 75
DB E4
AND DWORD PTR DS:[ESI+70],FFFFFFEF
RETN
INT3
INT3
INT3
INT3
PUSH EDI
MOV EDI,DWORD PTR SS:[ARG.1]
JMP SHORT 00431F75
LEA ESP,[ESP]
MOV EDI,EDI
MOV ECX,DWORD PTR SS:[ARG.1]
PUSH EDI
TEST ECX,00000003
JE SHORT 00431F30
/MOV AL,BYTE PTR DS:[ECX]
|ADD ECX,1

; CHAR '}'
; CHAR 'u'
; CHAR '3'
; /Arg1 = 0

; /Arg1 = 0

; CHAR 'u'

00431F22
00431F24
00431F26
00431F2C
00431F2E
00431F30
00431F32
00431F37
00431F39
00431F3C
00431F3E
00431F41
00431F46
00431F48
00431F4B
00431F4D
00431F4F
00431F51
00431F53
00431F58
00431F5A
00431F5F
00431F61
00431F63
00431F66
00431F68
00431F6B
00431F6D
00431F70
00431F72
00431F75
00431F79
00431F7F
00431F81
00431F83
00431F86
00431F88
00431F8A
00431F8C
00431F8F
00431F95
00431F97
00431F99
00431F9B
00431F9E
00431FA3
00431FA5
00431FA7
00431FAA
00431FAC
00431FAE
00431FB1
00431FB6
00431FB8
00431FBA
00431FBC
00431FBE
00431FC0
00431FC6
00431FC8

|.
|.
|.
|.^
|.
|>
|.
|.
|.
|.
|.
|.
|.^
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.^
|>
|.
|>
|.
|>
|.
|>
|>
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.^
|.
|>
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.^
|.
|.
|.
|.
|.
|.
|.

84C0
74 3D
F7C1 03000000
75 EF
8BFF
8B01
BA FFFEFE7E
03D0
83F0 FF
33C2
83C1 04
A9 00010181
74 E8
8B41 FC
84C0
74 23
84E4
74 1A
A9 0000FF00
74 0E
A9 000000FF
74 02
EB CD
8D79 FF
EB 0D
8D79 FE
EB 08
8D79 FD
EB 03
8D79 FC
8B4C24 0C
F7C1 03000000
74 1D
8A11
83C1 01
84D2
74 66
8817
83C7 01
F7C1 03000000
75 EA
EB 05
8917
83C7 04
BA FFFEFE7E
8B01
03D0
83F0 FF
33C2
8B11
83C1 04
A9 00010181
74 E1
84D2
74 34
84F6
74 27
F7C2 0000FF00
74 12
F7C2 000000FF

|TEST AL,AL
|JE SHORT 00431F63
|TEST ECX,00000003
\JNE SHORT 00431F1D
MOV EDI,EDI
/MOV EAX,DWORD PTR DS:[ECX]
|MOV EDX,7EFEFEFF
|ADD EDX,EAX
|XOR EAX,FFFFFFFF
|XOR EAX,EDX
|ADD ECX,4
|TEST EAX,81010100
|JE SHORT 00431F30
|MOV EAX,DWORD PTR DS:[ECX-4]
|TEST AL,AL
|JE SHORT 00431F72
|TEST AH,AH
|JE SHORT 00431F6D
|TEST EAX,00FF0000
|JE SHORT 00431F68
|TEST EAX,FF000000
|JE SHORT 00431F63
\JMP SHORT 00431F30
LEA EDI,[ECX-1]
JMP SHORT 00431F75
LEA EDI,[ECX-2]
JMP SHORT 00431F75
LEA EDI,[ECX-3]
JMP SHORT 00431F75
LEA EDI,[ECX-4]
MOV ECX,DWORD PTR SS:[ESP+0C]
TEST ECX,00000003
JE SHORT 00431F9E
/MOV DL,BYTE PTR DS:[ECX]
|ADD ECX,1
|TEST DL,DL
|JE SHORT 00431FF0
|MOV BYTE PTR DS:[EDI],DL
|ADD EDI,1
|TEST ECX,00000003
\JNE SHORT 00431F81
JMP SHORT 00431F9E
/MOV DWORD PTR DS:[EDI],EDX
|ADD EDI,4
|MOV EDX,7EFEFEFF
|MOV EAX,DWORD PTR DS:[ECX]
|ADD EDX,EAX
|XOR EAX,FFFFFFFF
|XOR EAX,EDX
|MOV EDX,DWORD PTR DS:[ECX]
|ADD ECX,4
|TEST EAX,81010100
|JE SHORT 00431F99
|TEST DL,DL
|JE SHORT 00431FF0
|TEST DH,DH
|JE SHORT 00431FE7
|TEST EDX,00FF0000
|JE SHORT 00431FDA
|TEST EDX,FF000000

00431FCE |. 74 02
|JE SHORT 00431FD2
00431FD0 |.^ EB C7
\JMP SHORT 00431F99
00431FD2 |> 8917
MOV DWORD PTR DS:[EDI],EDX
00431FD4 |. 8B4424 08
MOV EAX,DWORD PTR SS:[ARG.1]
00431FD8 |. 5F
POP EDI
00431FD9 |. C3
RETN
00431FDA |> 66:8917
MOV WORD PTR DS:[EDI],DX
00431FDD |. 8B4424 08
MOV EAX,DWORD PTR SS:[ARG.1]
00431FE1 |. C647 02 00
MOV BYTE PTR DS:[EDI+2],0
00431FE5 |. 5F
POP EDI
00431FE6 |. C3
RETN
00431FE7 |> 66:8917
MOV WORD PTR DS:[EDI],DX
00431FEA |. 8B4424 08
MOV EAX,DWORD PTR SS:[ARG.1]
00431FEE |. 5F
POP EDI
00431FEF |. C3
RETN
00431FF0 |> 8817
MOV BYTE PTR DS:[EDI],DL
00431FF2 |. 8B4424 08
MOV EAX,DWORD PTR SS:[ARG.1]
00431FF6 |. 5F
POP EDI
00431FF7 \. C3
RETN
00431FF8
CC
INT3
00431FF9
CC
INT3
00431FFA
CC
INT3
00431FFB
CC
INT3
00431FFC
CC
INT3
00431FFD
CC
INT3
00431FFE
CC
INT3
00431FFF
CC
INT3
00432000 /$ 53
PUSH EBX
o.00432000(guessed Arg1,Arg2,Arg3,Arg4)
00432001 |. 56
PUSH ESI
00432002 |. 8B4424 18
MOV EAX,DWORD PTR SS:[ARG.4]
00432006 |. 0BC0
OR EAX,EAX
00432008 |. 75 18
JNE SHORT 00432022
0043200A |. 8B4C24 14
MOV ECX,DWORD PTR SS:[ARG.3]
0043200E |. 8B4424 10
MOV EAX,DWORD PTR SS:[ARG.2]
00432012 |. 33D2
XOR EDX,EDX
00432014 |. F7F1
DIV ECX
00432016 |. 8BD8
MOV EBX,EAX
00432018 |. 8B4424 0C
MOV EAX,DWORD PTR SS:[ARG.1]
0043201C |. F7F1
DIV ECX
0043201E |. 8BD3
MOV EDX,EBX
00432020 |. EB 41
JMP SHORT 00432063
00432022 |> 8BC8
MOV ECX,EAX
00432024 |. 8B5C24 14
MOV EBX,DWORD PTR SS:[ARG.3]
00432028 |. 8B5424 10
MOV EDX,DWORD PTR SS:[ARG.2]
0043202C |. 8B4424 0C
MOV EAX,DWORD PTR SS:[ARG.1]
00432030 |> D1E9
/SHR ECX,1
00432032 |. D1DB
|RCR EBX,1
00432034 |. D1EA
|SHR EDX,1
00432036 |. D1D8
|RCR EAX,1
00432038 |. 0BC9
|OR ECX,ECX
0043203A |.^ 75 F4
\JNE SHORT 00432030
0043203C |. F7F3
DIV EBX
0043203E |. 8BF0
MOV ESI,EAX
00432040 |. F76424 18
MUL DWORD PTR SS:[ARG.4]
00432044 |. 8BC8
MOV ECX,EAX
00432046 |. 8B4424 14
MOV EAX,DWORD PTR SS:[ARG.3]
0043204A |. F7E6
MUL ESI
0043204C |. 03D1
ADD EDX,ECX
0043204E |. 72 0E
JB SHORT 0043205E

; SystemInf

00432050 |. 3B5424 10
CMP EDX,DWORD PTR SS:[ARG.2]
00432054 |. 77 08
JA SHORT 0043205E
00432056 |. 72 07
JB SHORT 0043205F
00432058 |. 3B4424 0C
CMP EAX,DWORD PTR SS:[ARG.1]
0043205C |. 76 01
JBE SHORT 0043205F
0043205E |> 4E
DEC ESI
0043205F |> 33D2
XOR EDX,EDX
00432061 |. 8BC6
MOV EAX,ESI
00432063 |> 5E
POP ESI
00432064 |. 5B
POP EBX
00432065 \. C2 1000
RETN 10
00432068
CC
INT3
00432069
CC
INT3
0043206A
CC
INT3
0043206B
CC
INT3
0043206C
CC
INT3
0043206D
CC
INT3
0043206E
CC
INT3
0043206F
CC
INT3
00432070 /$ 8B4424 08
MOV EAX,DWORD PTR SS:[ARG.2]
o.00432070(guessed Arg1,Arg2,Arg3,Arg4)
00432074 |. 8B4C24 10
MOV ECX,DWORD PTR SS:[ARG.4]
00432078 |. 0BC8
OR ECX,EAX
0043207A |. 8B4C24 0C
MOV ECX,DWORD PTR SS:[ARG.3]
0043207E |. 75 09
JNE SHORT 00432089
00432080 |. 8B4424 04
MOV EAX,DWORD PTR SS:[ARG.1]
00432084 |. F7E1
MUL ECX
00432086 |. C2 1000
RETN 10
00432089 |> 53
PUSH EBX
0043208A |. F7E1
MUL ECX
0043208C |. 8BD8
MOV EBX,EAX
0043208E |. 8B4424 08
MOV EAX,DWORD PTR SS:[ARG.1]
00432092 |. F76424 14
MUL DWORD PTR SS:[ARG.4]
00432096 |. 03D8
ADD EBX,EAX
00432098 |. 8B4424 08
MOV EAX,DWORD PTR SS:[ARG.1]
0043209C |. F7E1
MUL ECX
0043209E |. 03D3
ADD EDX,EBX
004320A0 |. 5B
POP EBX
004320A1 \. C2 1000
RETN 10
004320A4 /$ 8BFF
MOV EDI,EDI
004320A6 |. 55
PUSH EBP
004320A7 |. 8BEC
MOV EBP,ESP
004320A9 |. E8 64320000 CALL 00435312
fo.00435312
004320AE |. FF75 10
PUSH DWORD PTR SS:[ARG.3]
004320B1 |. 83C0 20
ADD EAX,20
004320B4 |. 50
PUSH EAX
004320B5 |. FF75 0C
PUSH DWORD PTR SS:[ARG.2]
004320B8 |. FF75 08
PUSH DWORD PTR SS:[ARG.1]
004320BB |. E8 00750000 CALL 004395C0
004320C0 |. 83C4 10
ADD ESP,10
004320C3 |. 5D
POP EBP
004320C4 \. C3
RETN
004320C5 /$ 8BFF
MOV EDI,EDI
o.004320C5(guessed Arg1,Arg2)
004320C7 |. 55
PUSH EBP
004320C8 |. 8BEC
MOV EBP,ESP
004320CA |. 6A 00
PUSH 0
004320CC |. FF75 0C
PUSH DWORD PTR SS:[ARG.2]
004320CF |. FF75 08
PUSH DWORD PTR SS:[ARG.1]

; SystemInf

; [SystemIn

; SystemInf

004320D2 |. E8 CDFFFFFF CALL 004320A4


004320D7 |. 83C4 0C
ADD ESP,0C
004320DA |. 5D
POP EBP
004320DB \. C3
RETN
004320DC /$ 8BFF
MOV EDI,EDI
o.004320DC(guessed Arg1,Arg2,Arg3,Arg4)
004320DE |. 55
PUSH EBP
004320DF |. 8BEC
MOV EBP,ESP
004320E1 |. 83EC 2C
SUB ESP,2C
004320E4 |. A1 A0154500 MOV EAX,DWORD PTR DS:[4515A0]
004320E9 |. 33C5
XOR EAX,EBP
004320EB |. 8945 FC
MOV DWORD PTR SS:[LOCAL.1],EAX
004320EE |. 53
PUSH EBX
004320EF |. 56
PUSH ESI
004320F0 |. 8B75 08
MOV ESI,DWORD PTR SS:[ARG.1]
004320F3 |. 33DB
XOR EBX,EBX
004320F5 |. 57
PUSH EDI
004320F6 |. 8B7D 0C
MOV EDI,DWORD PTR SS:[ARG.2]
004320F9 |. 8975 D8
MOV DWORD PTR SS:[LOCAL.10],ESI
004320FC |. 897D D4
MOV DWORD PTR SS:[LOCAL.11],EDI
004320FF |. 895D DC
MOV DWORD PTR SS:[LOCAL.9],EBX
00432102 |. 895D F0
MOV DWORD PTR SS:[LOCAL.4],EBX
00432105 |. 3BF3
CMP ESI,EBX
00432107 |. 74 0C
JE SHORT 00432115
00432109 |. 395D 10
CMP DWORD PTR SS:[ARG.3],EBX
0043210C |. 75 07
JNE SHORT 00432115
0043210E |. 33C0
XOR EAX,EAX
00432110 |. E9 4C010000 JMP 00432261
00432115 |> 3BFB
CMP EDI,EBX
00432117 |. 75 1D
JNE SHORT 00432136
00432119 |. E8 DF220000 CALL 004343FD
fo.004343FD
0043211E |. 53
PUSH EBX
0043211F |. 53
PUSH EBX
00432120 |. 53
PUSH EBX
00432121 |. 53
PUSH EBX
00432122 |. 53
PUSH EBX
00432123 |. C700 16000000 MOV DWORD PTR DS:[EAX],16
00432129 |. E8 34C7FFFF CALL 0042E862
fo.0042E862
0043212E |. 83C4 14
ADD ESP,14
00432131 |. E9 28010000 JMP 0043225E
00432136 |> FF75 14
PUSH DWORD PTR SS:[ARG.4]
[ARG.4]
00432139 |. 8D4D E0
LEA ECX,[LOCAL.8]
0043213C |. E8 24CBFFFF CALL 0042EC65
fo.0042EC65
00432141 |. 3BF3
CMP ESI,EBX
00432143 |. 0F84 96010000 JE 004322DF
00432149 |. 8B75 E0
MOV ESI,DWORD PTR SS:[LOCAL.8]
0043214C |. 395E 14
CMP DWORD PTR DS:[ESI+14],EBX
0043214F |. 75 5A
JNE SHORT 004321AB
00432151 |. 395D 10
CMP DWORD PTR SS:[ARG.3],EBX
00432154 |. 76 2C
JBE SHORT 00432182
00432156 |> B8 FF000000 /MOV EAX,0FF
0043215B |. 66:3907
|CMP WORD PTR DS:[EDI],AX
0043215E |. 0F87 E3000000 |JA 00432247
00432164 |. 8A0F
|MOV CL,BYTE PTR DS:[EDI]
00432166 |. 8B55 D8
|MOV EDX,DWORD PTR SS:[LOCAL.10]
00432169 |. 8B45 DC
|MOV EAX,DWORD PTR SS:[LOCAL.9]

; SystemInf

; [SystemIn
;
;
;
;
;
;
;

/Arg5
|Arg4
|Arg3
|Arg2
|Arg1
|
\SystemIn

; /Arg1 =>
; |
; \SystemIn

0043216C |. 880C02
0043216F |. 66:8B0F
00432172 |. 47
00432173 |. 47
00432174 |. 66:85C9
00432177 |. 74 1D
00432179 |. 40
0043217A |. 8945 DC
0043217D |. 3B45 10
00432180 |.^ 72 D4
00432182 |> 385D EC
00432185 |. 74 07
00432187 |. 8B45 E8
0043218A |. 8360 70 FD
0043218E |> 8B45 DC
00432191 |. E9 CB000000
00432196 |> 385D EC
00432199 |. 0F84 C2000000
0043219F |. 8B4D E8
004321A2 |. 8361 70 FD
004321A6 |. E9 B6000000
004321AB |> 83BE AC000000
004321B2 |. 75 54
004321B4 |. 8B4D 10
004321B7 |. 3BCB
004321B9 |. 76 1D
004321BB |. 8BC7
004321BD |> 66:3918
004321C0 |. 74 05
004321C2 |. 40
004321C3 |. 40
004321C4 |. 49
004321C5 |.^ 75 F6
004321C7 |> 3BCB
004321C9 |. 74 0D
004321CB |. 66:3918
004321CE |. 75 08
004321D0 |. 2BC7
004321D2 |. D1F8
004321D4 |. 40
004321D5 |. 8945 10
004321D8 |> 8D45 F0
004321DB |. 50
harUsed => OFFSET LOCAL.4
004321DC |. 53
har
004321DD |. FF75 10
nt => [ARG.3]
004321E0 |. FF75 D8
e => [ARG.1]
004321E3 |. FF75 10
t => [ARG.3]
004321E6 |. 57
004321E7 |. 53
004321E8 |. FF76 04
004321EB |. FF15 38814400
.WideCharToMultiByte
004321F1 |. 3BC3
004321F3 |. 74 52
004321F5 |. 395D F0

|MOV BYTE PTR DS:[EAX+EDX],CL


|MOV CX,WORD PTR DS:[EDI]
|INC EDI
|INC EDI
|TEST CX,CX
|JE SHORT 00432196
|INC EAX
|MOV DWORD PTR SS:[LOCAL.9],EAX
|CMP EAX,DWORD PTR SS:[ARG.3]
\JB SHORT 00432156
CMP BYTE PTR SS:[LOCAL.5],BL
JE SHORT 0043218E
MOV EAX,DWORD PTR SS:[LOCAL.6]
AND DWORD PTR DS:[EAX+70],FFFFFFFD
MOV EAX,DWORD PTR SS:[LOCAL.9]
JMP 00432261
CMP BYTE PTR SS:[LOCAL.5],BL
JE 00432261
MOV ECX,DWORD PTR SS:[LOCAL.6]
AND DWORD PTR DS:[ECX+70],FFFFFFFD
JMP 00432261
CMP DWORD PTR DS:[ESI+0AC],1
JNE SHORT 00432208
MOV ECX,DWORD PTR SS:[ARG.3]
CMP ECX,EBX
JBE SHORT 004321D8
MOV EAX,EDI
/CMP WORD PTR DS:[EAX],BX
|JE SHORT 004321C7
|INC EAX
|INC EAX
|DEC ECX
\JNE SHORT 004321BD
CMP ECX,EBX
JE SHORT 004321D8
CMP WORD PTR DS:[EAX],BX
JNE SHORT 004321D8
SUB EAX,EDI
SAR EAX,1
INC EAX
MOV DWORD PTR SS:[ARG.3],EAX
LEA EAX,[LOCAL.4]
PUSH EAX

; /DefaultC

PUSH EBX

; |DefaultC

PUSH DWORD PTR SS:[ARG.3]

; |MultiCou

PUSH DWORD PTR SS:[LOCAL.10]

; |MultiByt

PUSH DWORD PTR SS:[ARG.3]

; |WideCoun

PUSH
PUSH
PUSH
CALL

;
;
;
;

EDI
EBX
DWORD PTR DS:[ESI+4]
DWORD PTR DS:[<&KERNEL32.WideCharTo

CMP EAX,EBX
JE SHORT 00432247
CMP DWORD PTR SS:[LOCAL.4],EBX

|WideChar
|Flags
|CodePage
\KERNEL32

004321F8 |. 75 4D
JNE SHORT 00432247
004321FA |. 8B4D D8
MOV ECX,DWORD PTR SS:[LOCAL.10]
004321FD |. 385C01 FF
CMP BYTE PTR DS:[EAX+ECX-1],BL
00432201 |.^ 75 93
JNE SHORT 00432196
00432203 |. E9 10010000 JMP 00432318
00432208 |> 8D45 F0
LEA EAX,[LOCAL.4]
0043220B |. 50
PUSH EAX
harUsed => OFFSET LOCAL.4
0043220C |. 53
PUSH EBX
har
0043220D |. FF75 10
PUSH DWORD PTR SS:[ARG.3]
nt => [ARG.3]
00432210 |. FF75 D8
PUSH DWORD PTR SS:[LOCAL.10]
e => [ARG.1]
00432213 |. 6A FF
PUSH -1
t = -1.
00432215 |. 57
PUSH EDI
00432216 |. 53
PUSH EBX
00432217 |. FF76 04
PUSH DWORD PTR DS:[ESI+4]
0043221A |. FF15 38814400 CALL DWORD PTR DS:[<&KERNEL32.WideCharTo
.WideCharToMultiByte
00432220 |. 8BF8
MOV EDI,EAX
00432222 |. 3BFB
CMP EDI,EBX
00432224 |. 74 0D
JE SHORT 00432233
00432226 |. 395D F0
CMP DWORD PTR SS:[LOCAL.4],EBX
00432229 |. 75 1C
JNE SHORT 00432247
0043222B |. 8D47 FF
LEA EAX,[EDI-1]
0043222E |.^ E9 63FFFFFF JMP 00432196
00432233 |> 395D F0
CMP DWORD PTR SS:[LOCAL.4],EBX
00432236 |. 75 0F
JNE SHORT 00432247
00432238 |. FF15 58804400 CALL DWORD PTR DS:[<&KERNEL32.GetLastErr
.GetLastError
0043223E |. 83F8 7A
CMP EAX,7A
=> ERROR_INSUFFICIENT_BUFFER
00432241 |. 0F84 83000000 JE 004322CA
00432247 |> E8 B1210000 CALL 004343FD
fo.004343FD
0043224C |. C700 2A000000 MOV DWORD PTR DS:[EAX],2A
00432252 |. 385D EC
CMP BYTE PTR SS:[LOCAL.5],BL
00432255 |. 74 07
JE SHORT 0043225E
00432257 |. 8B45 E8
MOV EAX,DWORD PTR SS:[LOCAL.6]
0043225A |. 8360 70 FD
AND DWORD PTR DS:[EAX+70],FFFFFFFD
0043225E |> 83C8 FF
OR EAX,FFFFFFFF
00432261 |> 8B4D FC
MOV ECX,DWORD PTR SS:[LOCAL.1]
00432264 |. 5F
POP EDI
00432265 |. 5E
POP ESI
00432266 |. 33CD
XOR ECX,EBP
00432268 |. 5B
POP EBX
00432269 |. E8 83C4FFFF CALL 0042E6F1
0043226E |. C9
LEAVE
0043226F |. C3
RETN
00432270 |> 8D45 F0
/LEA EAX,[LOCAL.4]
00432273 |. 50
|PUSH EAX
harUsed => OFFSET LOCAL.4
00432274 |. 53
|PUSH EBX
har
00432275 |. FFB6 AC000000 |PUSH DWORD PTR DS:[ESI+0AC]
nt
0043227B |. 8D45 F4
|LEA EAX,[LOCAL.3]
0043227E |. 50
|PUSH EAX

; /DefaultC
; |DefaultC
; |MultiCou
; |MultiByt
; |WideCoun
;
;
;
;

|WideChar
|Flags
|CodePage
\KERNEL32

; [KERNEL32
; CONST 7A
; [SystemIn

; /DefaultC
; |DefaultC
; |MultiCou
; |
; |MultiByt

e => OFFSET LOCAL.3


0043227F |. 6A 01
t = 1
00432281 |. FF75 D4
=> [LOCAL.11]
00432284 |. 53
00432285 |. FF76 04
00432288 |. FF15 38814400
.WideCharToMultiByte
0043228E |. 8945 DC
00432291 |. 3BC3
00432293 |.^ 74 B2
00432295 |. 395D F0
00432298 |.^ 75 AD
0043229A |. 3BC3
0043229C |.^ 7C A9
0043229E |. 83F8 05
004322A1 |.^ 77 A4
004322A3 |. 8D0C38
004322A6 |. 3B4D 10
004322A9 |. 77 24
004322AB |. 33D2
004322AD |. 3BC3
004322AF |. 7E 15
004322B1 |> 8A4C15 F4
004322B5 |. 8B45 D8
004322B8 |. 880C38
004322BB |. 3ACB
004322BD |. 74 10
004322BF |. 42
004322C0 |. 47
004322C1 |. 3B55 DC
004322C4 |.^ 7C EB
004322C6 |> 8345 D4 02
004322CA |> 3B7D 10
004322CD |.^ 72 A1
004322CF |> 385D EC
004322D2 |. 74 07
004322D4 |. 8B45 E8
004322D7 |. 8360 70 FD
004322DB |> 8BC7
004322DD |.^ EB 82
004322DF |> 8B45 E0
004322E2 |. 3958 14
004322E5 |. 75 0C
004322E7 |. 57
004322E8 |. E8 5C010000
fo.00432449
004322ED |. 59
004322EE |.^ E9 A3FEFFFF
004322F3 |> 8D4D F0
004322F6 |. 51
harUsed => OFFSET LOCAL.4
004322F7 |. 53
har
004322F8 |. 53
nt
004322F9 |. 53
e
004322FA |. 6A FF

|PUSH 1

; |WideCoun

|PUSH DWORD PTR SS:[LOCAL.11]

; |WideChar

|PUSH EBX
; |Flags
|PUSH DWORD PTR DS:[ESI+4]
; |CodePage
|CALL DWORD PTR DS:[<&KERNEL32.WideCharT ; \KERNEL32
|MOV DWORD PTR SS:[LOCAL.9],EAX
|CMP EAX,EBX
|JE SHORT 00432247
|CMP DWORD PTR SS:[LOCAL.4],EBX
|JNE SHORT 00432247
|CMP EAX,EBX
|JL SHORT 00432247
|CMP EAX,5
|JA SHORT 00432247
|LEA ECX,[EDI+EAX]
|CMP ECX,DWORD PTR SS:[ARG.3]
|JA SHORT 004322CF
|XOR EDX,EDX
|CMP EAX,EBX
|JLE SHORT 004322C6
|/MOV CL,BYTE PTR SS:[EDX+EBP-0C]
||MOV EAX,DWORD PTR SS:[LOCAL.10]
||MOV BYTE PTR DS:[EDI+EAX],CL
||CMP CL,BL
||JE SHORT 004322CF
||INC EDX
||INC EDI
||CMP EDX,DWORD PTR SS:[LOCAL.9]
|\JL SHORT 004322B1
|ADD DWORD PTR SS:[LOCAL.11],2
|CMP EDI,DWORD PTR SS:[ARG.3]
\JB SHORT 00432270
CMP BYTE PTR SS:[LOCAL.5],BL
JE SHORT 004322DB
MOV EAX,DWORD PTR SS:[LOCAL.6]
AND DWORD PTR DS:[EAX+70],FFFFFFFD
MOV EAX,EDI
JMP SHORT 00432261
MOV EAX,DWORD PTR SS:[LOCAL.8]
CMP DWORD PTR DS:[EAX+14],EBX
JNE SHORT 004322F3
PUSH EDI
CALL 00432449

; /Arg1
; \SystemIn

POP ECX
JMP 00432196
LEA ECX,[LOCAL.4]
PUSH ECX

; /DefaultC

PUSH EBX

; |DefaultC

PUSH EBX

; |MultiCou

PUSH EBX

; |MultiByt

PUSH -1

; |WideCoun

t = -1.
004322FC |. 57
PUSH EDI
004322FD |. 53
PUSH EBX
004322FE |. FF70 04
PUSH DWORD PTR DS:[EAX+4]
00432301 |. FF15 38814400 CALL DWORD PTR DS:[<&KERNEL32.WideCharTo
.WideCharToMultiByte
00432307 |. 3BC3
CMP EAX,EBX
00432309 |.^ 0F84 38FFFFFF JE 00432247
0043230F |. 395D F0
CMP DWORD PTR SS:[LOCAL.4],EBX
00432312 |.^ 0F85 2FFFFFFF JNE 00432247
00432318 |> 48
DEC EAX
00432319 \.^ E9 78FEFFFF JMP 00432196
0043231E /$ 8BFF
MOV EDI,EDI
o.0043231E(guessed Arg1,Arg2,Arg3)
00432320 |. 55
PUSH EBP
00432321 |. 8BEC
MOV EBP,ESP
00432323 |. 6A 00
PUSH 0
00432325 |. FF75 10
PUSH DWORD PTR SS:[ARG.3]
[ARG.3]
00432328 |. FF75 0C
PUSH DWORD PTR SS:[ARG.2]
[ARG.2]
0043232B |. FF75 08
PUSH DWORD PTR SS:[ARG.1]
[ARG.1]
0043232E |. E8 A9FDFFFF CALL 004320DC
fo.004320DC
00432333 |. 83C4 10
ADD ESP,10
00432336 |. 5D
POP EBP
00432337 \. C3
RETN
00432338 /$ 8BFF
MOV EDI,EDI
0043233A |. 55
PUSH EBP
0043233B |. 8BEC
MOV EBP,ESP
0043233D |. 51
PUSH ECX
0043233E |. 53
PUSH EBX
0043233F |. 56
PUSH ESI
00432340 |. 8B75 0C
MOV ESI,DWORD PTR SS:[ARG.2]
00432343 |. 33DB
XOR EBX,EBX
00432345 |. 57
PUSH EDI
00432346 |. 8B7D 10
MOV EDI,DWORD PTR SS:[ARG.3]
00432349 |. 895D FC
MOV DWORD PTR SS:[LOCAL.1],EBX
0043234C |. 3BF3
CMP ESI,EBX
0043234E |. 74 47
JE SHORT 00432397
00432350 |. 3BFB
CMP EDI,EBX
00432352 |. 76 47
JBE SHORT 0043239B
00432354 |> 3BF3
CMP ESI,EBX
00432356 |. 74 02
JE SHORT 0043235A
00432358 |. 881E
MOV BYTE PTR DS:[ESI],BL
0043235A |> 8B45 08
MOV EAX,DWORD PTR SS:[ARG.1]
0043235D |. 3BC3
CMP EAX,EBX
0043235F |. 74 02
JE SHORT 00432363
00432361 |. 8918
MOV DWORD PTR DS:[EAX],EBX
00432363 |> 8B45 18
MOV EAX,DWORD PTR SS:[ARG.5]
00432366 |. 3BC7
CMP EAX,EDI
00432368 |. 76 02
JBE SHORT 0043236C
0043236A |. 8BC7
MOV EAX,EDI
0043236C |> 3D FFFFFF7F CMP EAX,7FFFFFFF
00432371 |. 77 28
JA SHORT 0043239B
00432373 |. FF75 1C
PUSH DWORD PTR SS:[ARG.6]
[ARG.6]
00432376 |. 50
PUSH EAX
00432377 |. FF75 14
PUSH DWORD PTR SS:[ARG.4]

;
;
;
;

|WideChar
|Flags
|CodePage
\KERNEL32

; SystemInf

; /Arg4 = 0
; |Arg3 =>
; |Arg2 =>
; |Arg1 =>
; \SystemIn

; /Arg4 =>
; |Arg3
; |Arg2 =>

[ARG.4]
0043237A |.
[ARG.2]
0043237B |.
fo.004320DC
00432380 |.
00432383 |.
00432386 |.
00432388 |.
0043238A |.
0043238C |.
0043238E |>
fo.004343FD
00432393 |.
00432395 |.
00432397 |>
00432399 |.^
0043239B |>
fo.004343FD
004323A0 |.
004323A2 |>
004323A3 |.
004323A4 |.
004323A5 |.
004323A6 |.
004323A7 |.
004323A8 |.
004323AA |.
fo.0042E862
004323AF |.
004323B2 |.
004323B4 |.
004323B6 |>
004323B7 |.
004323B9 |.
004323BB |.
004323BD |.
004323BF |.
004323C3 |.
004323C5 |.
004323C7 |.
004323C9 |.
004323CB |.
fo.004343FD
004323D0 |.
004323D2 |.^
004323D4 |>
004323D6 |.
004323DD |>
004323E1 |>
004323E4 |.
004323E6 |.
004323E8 |.
004323EA |>
004323ED |>
004323EE |.
004323EF |.
004323F0 |.
004323F1 \.
004323F2 /$

56

PUSH ESI

; |Arg1 =>

E8 5CFDFFFF

CALL 004320DC

; \SystemIn

83C4 10
83F8 FF
75 2E
3BF3
74 02
881E
E8 6A200000

ADD ESP,10
CMP EAX,-1
JNE SHORT 004323B6
CMP ESI,EBX
JE SHORT 0043238E
MOV BYTE PTR DS:[ESI],BL
CALL 004343FD

; [SystemIn

8B00
EB 56
3BFB
74 B9
E8 5D200000

MOV EAX,DWORD PTR DS:[EAX]


JMP SHORT 004323ED
CMP EDI,EBX
JE SHORT 00432354
CALL 004343FD

; [SystemIn

6A 16
5E
53
53
53
53
53
8930
E8 B3C4FFFF

PUSH 16
POP ESI
PUSH EBX
PUSH EBX
PUSH EBX
PUSH EBX
PUSH EBX
MOV DWORD PTR DS:[EAX],ESI
CALL 0042E862

;
;
;
;
;
;
;

83C4 14
8BC6
EB 37
40
3BF3
74 26
3BC7
76 1E
837D 18 FF
74 0F
881E
3BF8
77 09
E8 2D200000

ADD ESP,14
MOV EAX,ESI
JMP SHORT 004323ED
INC EAX
CMP ESI,EBX
JE SHORT 004323E1
CMP EAX,EDI
JBE SHORT 004323DD
CMP DWORD PTR SS:[ARG.5],-1
JE SHORT 004323D4
MOV BYTE PTR DS:[ESI],BL
CMP EDI,EAX
JA SHORT 004323D4
CALL 004343FD

; [SystemIn

6A 22
EB CE
8BC7
C745 FC 50000
885C30 FF
8B4D 08
3BCB
74 02
8901
8B45 FC
5F
5E
5B
C9
C3
8BFF

PUSH 22
JMP SHORT 004323A2
MOV EAX,EDI
MOV DWORD PTR SS:[LOCAL.1],50
MOV BYTE PTR DS:[ESI+EAX-1],BL
MOV ECX,DWORD PTR SS:[ARG.1]
CMP ECX,EBX
JE SHORT 004323EA
MOV DWORD PTR DS:[ECX],EAX
MOV EAX,DWORD PTR SS:[LOCAL.1]
POP EDI
POP ESI
POP EBX
LEAVE
RETN
MOV EDI,EDI

; SystemInf

/Arg5
|Arg4
|Arg3
|Arg2
|Arg1
|
\SystemIn

o.004323F2(guessed Arg1,Arg2,Arg3,Arg4,Arg5)
004323F4 |. 55
PUSH EBP
004323F5 |. 8BEC
MOV EBP,ESP
004323F7 |. 6A 00
PUSH 0
004323F9 |. FF75 18
PUSH DWORD PTR SS:[ARG.5]
004323FC |. FF75 14
PUSH DWORD PTR SS:[ARG.4]
004323FF |. FF75 10
PUSH DWORD PTR SS:[ARG.3]
00432402 |. FF75 0C
PUSH DWORD PTR SS:[ARG.2]
00432405 |. FF75 08
PUSH DWORD PTR SS:[ARG.1]
00432408 |. E8 2BFFFFFF CALL 00432338
0043240D |. 83C4 18
ADD ESP,18
00432410 |. 5D
POP EBP
00432411 \. C3
RETN
00432412 /$ 8BFF
MOV EDI,EDI
o.00432412(guessed Arg1,Arg2)
00432414 |. 55
PUSH EBP
00432415 |. 8BEC
MOV EBP,ESP
00432417 |. 8B55 08
MOV EDX,DWORD PTR SS:[ARG.1]
0043241A |. 56
PUSH ESI
0043241B |. 8B75 0C
MOV ESI,DWORD PTR SS:[ARG.2]
0043241E |. 57
PUSH EDI
0043241F |. EB 09
JMP SHORT 0043242A
00432421 |> 66:85C9
/TEST CX,CX
00432424 |. 74 11
|JE SHORT 00432437
00432426 |. 42
|INC EDX
00432427 |. 42
|INC EDX
00432428 |. 46
|INC ESI
00432429 |. 46
|INC ESI
0043242A |> 0FB70E
|MOVZX ECX,WORD PTR DS:[ESI]
0043242D |. 0FB702
|MOVZX EAX,WORD PTR DS:[EDX]
00432430 |. 0FB7F9
|MOVZX EDI,CX
00432433 |. 2BC7
|SUB EAX,EDI
00432435 |.^ 74 EA
\JE SHORT 00432421
00432437 |> 5F
POP EDI
00432438 |. 5E
POP ESI
00432439 |. 85C0
TEST EAX,EAX
0043243B |. 7D 05
JGE SHORT 00432442
0043243D |. 83C8 FF
OR EAX,FFFFFFFF
00432440 |. 5D
POP EBP
00432441 |. C3
RETN
00432442 |> 7E 03
JLE SHORT 00432447
00432444 |. 33C0
XOR EAX,EAX
00432446 |. 40
INC EAX
00432447 |> 5D
POP EBP
00432448 \. C3
RETN
00432449 /$ 8BFF
MOV EDI,EDI
o.00432449(guessed Arg1)
0043244B |. 55
PUSH EBP
0043244C |. 8BEC
MOV EBP,ESP
0043244E |. 8B45 08
MOV EAX,DWORD PTR SS:[ARG.1]
00432451 |> 66:8B08
/MOV CX,WORD PTR DS:[EAX]
00432454 |. 40
|INC EAX
00432455 |. 40
|INC EAX
00432456 |. 66:85C9
|TEST CX,CX
00432459 |.^ 75 F6
\JNE SHORT 00432451
0043245B |. 2B45 08
SUB EAX,DWORD PTR SS:[ARG.1]
0043245E |. D1F8
SAR EAX,1
00432460 |. 48
DEC EAX
00432461 |. 5D
POP EBP
00432462 \. C3
RETN

; SystemInf

; SystemInf

00432463 /$
00432465 |.
00432466 |.
00432468 |.
0043246B |.
0043246C |.
ARG.ESI
0043246D |.
fo.00432449
00432472 |.
00432474 |.
00432475 |.
00432477 |.
00432479 |>
fo.004343FD
0043247E |.
0043247F |.
00432480 |.
00432481 |.
00432482 |.
00432483 |.
00432489 |.
fo.0042E862
0043248E |.
00432491 |.
00432494 |.
00432496 |>
00432499 |.^
0043249B |.
004324A2 |.
004324A5 |.
004324A8 |.
004324AD |.
004324AF |.
004324B6 |.
004324B8 |>
004324BA |.
004324BD |>
004324C0 |.
004324C3 |.
004324C6 |.
004324C9 |.
004324CA |.
004324CD |.
004324D0 |>
004324D1 |.
004324D2 \.
004324D3 /$
004324D5 |.
004324D6 |.
004324D8 |.
004324D9 |.
004324DC |.
004324DF |.
004324E0 |.
004324E2 |.
004324E5 |.
004324EA |.
004324EF |.
004324F2 |.

8BFF
55
8BEC
83EC 20
57
56

MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
SUB ESP,20
PUSH EDI
PUSH ESI

; /Arg1 =>

E8 D7FFFFFF

CALL 00432449

; \SystemIn

33FF
59
3BF7
75 1D
E8 7F1F0000

XOR EDI,EDI
POP ECX
CMP ESI,EDI
JNE SHORT 00432496
CALL 004343FD

; [SystemIn

57
57
57
57
57
C700 16000000
E8 D4C3FFFF

PUSH EDI
PUSH EDI
PUSH EDI
PUSH EDI
PUSH EDI
MOV DWORD PTR DS:[EAX],16
CALL 0042E862

;
;
;
;
;
;
;

83C4 14
83C8 FF
EB 3A
397D 0C
74 DE
C745 EC 49000
8975 E8
8975 E0
3D FFFFFF3F
76 09
C745 E4 FFFFF
EB 05
03C0
8945 E4
FF75 14
8D45 E0
FF75 10
FF75 0C
50
FF55 08
83C4 10
5F
C9
C3
8BFF
55
8BEC
56
8B75 08
8D45 10
50
6A 00
FF75 0C
68 69984300
E8 74FFFFFF
83C4 10
5E

ADD ESP,14
OR EAX,FFFFFFFF
JMP SHORT 004324D0
CMP DWORD PTR SS:[ARG.2],EDI
JE SHORT 00432479
MOV DWORD PTR SS:[LOCAL.5],49
MOV DWORD PTR SS:[LOCAL.6],ESI
MOV DWORD PTR SS:[LOCAL.8],ESI
CMP EAX,3FFFFFFF
JBE SHORT 004324B8
MOV DWORD PTR SS:[LOCAL.7],7FFFFFFF
JMP SHORT 004324BD
ADD EAX,EAX
MOV DWORD PTR SS:[LOCAL.7],EAX
PUSH DWORD PTR SS:[ARG.4]
LEA EAX,[LOCAL.8]
PUSH DWORD PTR SS:[ARG.3]
PUSH DWORD PTR SS:[ARG.2]
PUSH EAX
CALL DWORD PTR SS:[ARG.1]
ADD ESP,10
POP EDI
LEAVE
RETN
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
PUSH ESI
MOV ESI,DWORD PTR SS:[ARG.1]
LEA EAX,[ARG.3]
PUSH EAX
PUSH 0
PUSH DWORD PTR SS:[ARG.2]
PUSH 00439869
CALL 00432463
ADD ESP,10
POP ESI

/Arg5
|Arg4
|Arg3
|Arg2
|Arg1
|
\SystemIn

004324F3 |. 5D
004324F4 \. C3
004324F5 /$ 8BFF
004324F7 |. 55
004324F8 |. 8BEC
004324FA |. B8 FFFF0000
004324FF |. 8BC8
00432501 |. 83EC 14
00432504 |. 66:394D 08
00432508 |. 0F84 9A000000
0043250E |. 53
0043250F |. FF75 0C
[ARG.2]
00432512 |. 8D4D EC
00432515 |. E8 4BC7FFFF
fo.0042EC65
0043251A |. 8B45 EC
0043251D |. 8B48 14
00432520 |. 33DB
00432522 |. 3BCB
00432524 |. 75 14
00432526 |. 8B45 08
00432529 |. 8D48 9F
0043252C |. 66:83F9 19
00432530 |. 77 03
00432532 |. 83C0 E0
00432535 |> 0FB7C0
00432538 |. EB 61
0043253A |> BA 00010000
0043253F |. 66:3955 08
00432543 |. 73 29
00432545 |. 8D45 EC
00432548 |. 50
OFFSET LOCAL.5
00432549 |. 6A 02
0043254B |. FF75 08
[ARG.1]
0043254E |. E8 6E840000
fo.0043A9C1
00432553 |. 83C4 0C
00432556 |. 85C0
00432558 |. 0FB745 08
0043255C |. 74 3D
0043255E |. 8B4D EC
00432561 |. 8B89 D0000000
00432567 |. 66:0FB60401
0043256C |.^ EB C7
0043256E |> FF70 04
00432571 |. 8D45 FC
00432574 |. 6A 01
00432576 |. 50
00432577 |. 6A 01
00432579 |. 8D45 08
0043257C |. 50
0043257D |. 68 00020000
00432582 |. 51
00432583 |. 8D45 EC
00432586 |. 50
00432587 |. E8 DE830000
0043258C |. 83C4 20

POP EBP
RETN
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
MOV EAX,0FFFF
MOV ECX,EAX
SUB ESP,14
CMP WORD PTR SS:[ARG.1],CX
JE 004325A8
PUSH EBX
PUSH DWORD PTR SS:[ARG.2]

; /Arg1 =>

LEA ECX,[LOCAL.5]
CALL 0042EC65

; |
; \SystemIn

MOV EAX,DWORD PTR SS:[LOCAL.5]


MOV ECX,DWORD PTR DS:[EAX+14]
XOR EBX,EBX
CMP ECX,EBX
JNE SHORT 0043253A
MOV EAX,DWORD PTR SS:[ARG.1]
LEA ECX,[EAX-61]
CMP CX,19
JA SHORT 00432535
ADD EAX,-20
MOVZX EAX,AX
JMP SHORT 0043259B
MOV EDX,100
CMP WORD PTR SS:[ARG.1],DX
JNB SHORT 0043256E
LEA EAX,[LOCAL.5]
PUSH EAX

; /Arg3 =>

PUSH 2
PUSH DWORD PTR SS:[ARG.1]

; |Arg2 = 2
; |Arg1 =>

CALL 0043A9C1

; \SystemIn

ADD ESP,0C
TEST EAX,EAX
MOVZX EAX,WORD PTR SS:[ARG.1]
JE SHORT 0043259B
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV ECX,DWORD PTR DS:[ECX+0D0]
MOVZX AX,BYTE PTR DS:[EAX+ECX]
JMP SHORT 00432535
PUSH DWORD PTR DS:[EAX+4]
LEA EAX,[LOCAL.1]
PUSH 1
PUSH EAX
PUSH 1
LEA EAX,[ARG.1]
PUSH EAX
PUSH 200
PUSH ECX
LEA EAX,[LOCAL.5]
PUSH EAX
CALL 0043A96A
ADD ESP,20

0043258F |. 85C0
TEST EAX,EAX
00432591 |. 0FB745 08
MOVZX EAX,WORD PTR SS:[ARG.1]
00432595 |. 74 04
JE SHORT 0043259B
00432597 |. 0FB745 FC
MOVZX EAX,WORD PTR SS:[LOCAL.1]
0043259B |> 385D F8
CMP BYTE PTR SS:[LOCAL.2],BL
0043259E |. 74 07
JE SHORT 004325A7
004325A0 |. 8B4D F4
MOV ECX,DWORD PTR SS:[LOCAL.3]
004325A3 |. 8361 70 FD
AND DWORD PTR DS:[ECX+70],FFFFFFFD
004325A7 |> 5B
POP EBX
004325A8 |> C9
LEAVE
004325A9 \. C3
RETN
004325AA /$ 8BFF
MOV EDI,EDI
o.004325AA(guessed Arg1)
004325AC |. 55
PUSH EBP
004325AD |. 8BEC
MOV EBP,ESP
004325AF |. 6A 00
PUSH 0
004325B1 |. FF75 08
PUSH DWORD PTR SS:[ARG.1]
004325B4 |. E8 3CFFFFFF CALL 004324F5
004325B9 |. 59
POP ECX
004325BA |. 59
POP ECX
004325BB |. 5D
POP EBP
004325BC \. C3
RETN
004325BD /$ 8BFF
MOV EDI,EDI
o.004325BD(guessed Arg1,Arg2,Arg3,Arg4)
004325BF |. 55
PUSH EBP
004325C0 |. 8BEC
MOV EBP,ESP
004325C2 |. 83EC 10
SUB ESP,10
004325C5 |. 53
PUSH EBX
004325C6 |. 56
PUSH ESI
004325C7 |. 8B75 0C
MOV ESI,DWORD PTR SS:[ARG.2]
004325CA |. 33DB
XOR EBX,EBX
004325CC |. 3BF3
CMP ESI,EBX
004325CE |. 74 15
JE SHORT 004325E5
004325D0 |. 395D 10
CMP DWORD PTR SS:[ARG.3],EBX
004325D3 |. 74 10
JE SHORT 004325E5
004325D5 |. 381E
CMP BYTE PTR DS:[ESI],BL
004325D7 |. 75 12
JNE SHORT 004325EB
004325D9 |. 8B45 08
MOV EAX,DWORD PTR SS:[ARG.1]
004325DC |. 3BC3
CMP EAX,EBX
004325DE |. 74 05
JE SHORT 004325E5
004325E0 |. 33C9
XOR ECX,ECX
004325E2 |. 66:8908
MOV WORD PTR DS:[EAX],CX
004325E5 |> 33C0
XOR EAX,EAX
004325E7 |> 5E
POP ESI
004325E8 |. 5B
POP EBX
004325E9 |. C9
LEAVE
004325EA |. C3
RETN
004325EB |> FF75 14
PUSH DWORD PTR SS:[ARG.4]
[ARG.4]
004325EE |. 8D4D F0
LEA ECX,[LOCAL.4]
004325F1 |. E8 6FC6FFFF CALL 0042EC65
fo.0042EC65
004325F6 |. 8B45 F0
MOV EAX,DWORD PTR SS:[LOCAL.4]
004325F9 |. 3958 14
CMP DWORD PTR DS:[EAX+14],EBX
004325FC |. 75 1F
JNE SHORT 0043261D
004325FE |. 8B45 08
MOV EAX,DWORD PTR SS:[ARG.1]
00432601 |. 3BC3
CMP EAX,EBX
00432603 |. 74 07
JE SHORT 0043260C
00432605 |. 66:0FB60E
MOVZX CX,BYTE PTR DS:[ESI]
00432609 |. 66:8908
MOV WORD PTR DS:[EAX],CX

; SystemInf

; SystemInf

; /Arg1 =>
; |
; \SystemIn

0043260C |> 385D FC


CMP BYTE PTR SS:[LOCAL.1],BL
0043260F |. 74 07
JE SHORT 00432618
00432611 |. 8B45 F8
MOV EAX,DWORD PTR SS:[LOCAL.2]
00432614 |. 8360 70 FD
AND DWORD PTR DS:[EAX+70],FFFFFFFD
00432618 |> 33C0
XOR EAX,EAX
0043261A |. 40
INC EAX
0043261B |.^ EB CA
JMP SHORT 004325E7
0043261D |> 8D45 F0
LEA EAX,[LOCAL.4]
00432620 |. 50
PUSH EAX
OFFSET LOCAL.4
00432621 |. 0FB606
MOVZX EAX,BYTE PTR DS:[ESI]
00432624 |. 50
PUSH EAX
00432625 |. E8 293C0000 CALL 00436253
fo.00436253
0043262A |. 59
POP ECX
0043262B |. 59
POP ECX
0043262C |. 85C0
TEST EAX,EAX
0043262E |. 74 7D
JE SHORT 004326AD
00432630 |. 8B45 F0
MOV EAX,DWORD PTR SS:[LOCAL.4]
00432633 |. 8B88 AC000000 MOV ECX,DWORD PTR DS:[EAX+0AC]
00432639 |. 83F9 01
CMP ECX,1
0043263C |. 7E 25
JLE SHORT 00432663
0043263E |. 394D 10
CMP DWORD PTR SS:[ARG.3],ECX
00432641 |. 7C 20
JL SHORT 00432663
00432643 |. 33D2
XOR EDX,EDX
00432645 |. 395D 08
CMP DWORD PTR SS:[ARG.1],EBX
00432648 |. 0F95C2
SETNE DL
0043264B |. 52
PUSH EDX
t
0043264C |. FF75 08
PUSH DWORD PTR SS:[ARG.1]
=> [ARG.1]
0043264F |. 51
PUSH ECX
nt
00432650 |. 56
PUSH ESI
e
00432651 |. 6A 09
PUSH 9
MB_PRECOMPOSED|MB_ERR_INVALID_CHARS
00432653 |. FF70 04
PUSH DWORD PTR DS:[EAX+4]
00432656 |. FF15 50814400 CALL DWORD PTR DS:[<&KERNEL32.MultiByteT
.MultiByteToWideChar
0043265C |. 85C0
TEST EAX,EAX
0043265E |. 8B45 F0
MOV EAX,DWORD PTR SS:[LOCAL.4]
00432661 |. 75 10
JNE SHORT 00432673
00432663 |> 8B4D 10
MOV ECX,DWORD PTR SS:[ARG.3]
00432666 |. 3B88 AC000000 CMP ECX,DWORD PTR DS:[EAX+0AC]
0043266C |. 72 20
JB SHORT 0043268E
0043266E |. 385E 01
CMP BYTE PTR DS:[ESI+1],BL
00432671 |. 74 1B
JE SHORT 0043268E
00432673 |> 8B80 AC000000 MOV EAX,DWORD PTR DS:[EAX+0AC]
00432679 |. 385D FC
CMP BYTE PTR SS:[LOCAL.1],BL
0043267C |.^ 0F84 65FFFFFF JE 004325E7
00432682 |. 8B4D F8
MOV ECX,DWORD PTR SS:[LOCAL.2]
00432685 |. 8361 70 FD
AND DWORD PTR DS:[ECX+70],FFFFFFFD
00432689 |.^ E9 59FFFFFF JMP 004325E7
0043268E |> E8 6A1D0000 CALL 004343FD
fo.004343FD
00432693 |. C700 2A000000 MOV DWORD PTR DS:[EAX],2A
00432699 |. 385D FC
CMP BYTE PTR SS:[LOCAL.1],BL
0043269C |. 74 07
JE SHORT 004326A5
0043269E |. 8B45 F8
MOV EAX,DWORD PTR SS:[LOCAL.2]

; /Arg2 =>
; |
; |Arg1
; \SystemIn

; /WideCoun
; |WideChar
; |MultiCou
; |MultiByt
; |Flags =
; |CodePage
; \KERNEL32

; [SystemIn

004326A1 |. 8360 70 FD
AND DWORD PTR DS:[EAX+70],FFFFFFFD
004326A5 |> 83C8 FF
OR EAX,FFFFFFFF
004326A8 |.^ E9 3AFFFFFF JMP 004325E7
004326AD |> 33C0
XOR EAX,EAX
004326AF |. 395D 08
CMP DWORD PTR SS:[ARG.1],EBX
004326B2 |. 0F95C0
SETNE AL
004326B5 |. 50
PUSH EAX
t
004326B6 |. FF75 08
PUSH DWORD PTR SS:[ARG.1]
=> [ARG.1]
004326B9 |. 8B45 F0
MOV EAX,DWORD PTR SS:[LOCAL.4]
004326BC |. 6A 01
PUSH 1
nt = 1
004326BE |. 56
PUSH ESI
e
004326BF |. 6A 09
PUSH 9
MB_PRECOMPOSED|MB_ERR_INVALID_CHARS
004326C1 |. FF70 04
PUSH DWORD PTR DS:[EAX+4]
004326C4 |. FF15 50814400 CALL DWORD PTR DS:[<&KERNEL32.MultiByteT
.MultiByteToWideChar
004326CA |. 85C0
TEST EAX,EAX
004326CC |.^ 0F85 3AFFFFFF JNE 0043260C
004326D2 \.^ EB BA
JMP SHORT 0043268E
004326D4 /$ 8BFF
MOV EDI,EDI
o.004326D4(guessed Arg1,Arg2,Arg3)
004326D6 |. 55
PUSH EBP
004326D7 |. 8BEC
MOV EBP,ESP
004326D9 |. 6A 00
PUSH 0
004326DB |. FF75 10
PUSH DWORD PTR SS:[ARG.3]
[ARG.3]
004326DE |. FF75 0C
PUSH DWORD PTR SS:[ARG.2]
[ARG.2]
004326E1 |. FF75 08
PUSH DWORD PTR SS:[ARG.1]
[ARG.1]
004326E4 |. E8 D4FEFFFF CALL 004325BD
fo.004325BD
004326E9 |. 83C4 10
ADD ESP,10
004326EC |. 5D
POP EBP
004326ED \. C3
RETN
004326EE /$ 8BFF
MOV EDI,EDI
o.004326EE(guessed Arg1,Arg2,Arg3,Arg4)
004326F0 |. 55
PUSH EBP
004326F1 |. 8BEC
MOV EBP,ESP
004326F3 |. 83EC 0C
SUB ESP,0C
004326F6 |. 53
PUSH EBX
004326F7 |. 56
PUSH ESI
004326F8 |. 57
PUSH EDI
004326F9 |. 33FF
XOR EDI,EDI
004326FB |. 397D 0C
CMP DWORD PTR SS:[ARG.2],EDI
004326FE |. 74 24
JE SHORT 00432724
00432700 |. 397D 10
CMP DWORD PTR SS:[ARG.3],EDI
00432703 |. 74 1F
JE SHORT 00432724
00432705 |. 8B75 14
MOV ESI,DWORD PTR SS:[ARG.4]
00432708 |. 3BF7
CMP ESI,EDI
0043270A |. 75 1F
JNE SHORT 0043272B
0043270C |> E8 EC1C0000 CALL 004343FD
fo.004343FD
00432711 |. 57
PUSH EDI
00432712 |. 57
PUSH EDI
00432713 |. 57
PUSH EDI

; /WideCoun
; |WideChar
; |
; |MultiCou
; |MultiByt
; |Flags =
; |CodePage
; \KERNEL32

; SystemInf

; /Arg4 = 0
; |Arg3 =>
; |Arg2 =>
; |Arg1 =>
; \SystemIn

; SystemInf

; [SystemIn
; /Arg5
; |Arg4
; |Arg3

00432714 |.
00432715 |.
00432716 |.
0043271C |.
fo.0042E862
00432721 |.
00432724 |>
00432726 |>
00432727 |.
00432728 |.
00432729 |.
0043272A |.
0043272B |>
0043272E |.
00432730 |.^
00432732 |.
00432735 |.
00432737 |.
0043273A |.
0043273D |.^
0043273F |.
00432742 |.
00432746 |.
0043274D |.
00432750 |.
00432753 |.
00432755 |.
00432757 |.
0043275A |.
0043275D |.
0043275F |>
00432766 |>
00432768 |.
0043276E |>
00432771 |.
00432777 |.
00432779 |.
0043277C |.
0043277E |.
00432780 |.
00432786 |.
00432788 |.
0043278A |.
0043278C |.
0043278E |>
0043278F |.
[LOCAL.1]
00432792 |.
00432794 |.
fo.0042F1F0
00432799 |.
0043279C |.
0043279E |.
004327A1 |.
004327A3 |.
004327A6 |.
004327A8 |>
004327AB |.
004327AD |.
004327AF |.

57
57
C700 16000000
E8 41C1FFFF

PUSH EDI
PUSH EDI
MOV DWORD PTR DS:[EAX],16
CALL 0042E862

;
;
;
;

|Arg2
|Arg1
|
\SystemIn

83C4 14
33C0
5F
5E
5B
C9
C3
8B4D 08
3BCF
74 DA
83C8 FF
33D2
F775 0C
3945 10
77 CD
8B7D 0C
0FAF7D 10
F746 0C 0C010
894D FC
897D F4
8BDF
74 08
8B46 18
8945 F8
EB 07
C745 F8 00100
85FF
0F84 BF000000
8B4E 0C
81E1 08010000
74 2F
8B46 04
85C0
74 28
0F8C AF000000
8BFB
3BD8
72 02
8BF8
57
FF75 FC

ADD ESP,14
XOR EAX,EAX
POP EDI
POP ESI
POP EBX
LEAVE
RETN
MOV ECX,DWORD PTR SS:[ARG.1]
CMP ECX,EDI
JE SHORT 0043270C
OR EAX,FFFFFFFF
XOR EDX,EDX
DIV DWORD PTR SS:[ARG.2]
CMP DWORD PTR SS:[ARG.3],EAX
JA SHORT 0043270C
MOV EDI,DWORD PTR SS:[ARG.2]
IMUL EDI,DWORD PTR SS:[ARG.3]
TEST DWORD PTR DS:[ESI+0C],0000010C
MOV DWORD PTR SS:[LOCAL.1],ECX
MOV DWORD PTR SS:[LOCAL.3],EDI
MOV EBX,EDI
JE SHORT 0043275F
MOV EAX,DWORD PTR DS:[ESI+18]
MOV DWORD PTR SS:[LOCAL.2],EAX
JMP SHORT 00432766
MOV DWORD PTR SS:[LOCAL.2],1000
TEST EDI,EDI
JE 0043282D
/MOV ECX,DWORD PTR DS:[ESI+0C]
|AND ECX,00000108
|JE SHORT 004327A8
|MOV EAX,DWORD PTR DS:[ESI+4]
|TEST EAX,EAX
|JE SHORT 004327A8
|JL 00432835
|MOV EDI,EBX
|CMP EBX,EAX
|JB SHORT 0043278E
|MOV EDI,EAX
|PUSH EDI
|PUSH DWORD PTR SS:[LOCAL.1]

; /Arg3
; |Arg2 =>

FF36
E8 57CAFFFF

|PUSH DWORD PTR DS:[ESI]


|CALL 0042F1F0

; |Arg1
; \SystemIn

297E 04
013E
83C4 0C
2BDF
017D FC
EB 4F
3B5D F8
72 4F
85C9
74 0B

|SUB DWORD PTR DS:[ESI+4],EDI


|ADD DWORD PTR DS:[ESI],EDI
|ADD ESP,0C
|SUB EBX,EDI
|ADD DWORD PTR SS:[LOCAL.1],EDI
|JMP SHORT 004327F7
|CMP EBX,DWORD PTR SS:[LOCAL.2]
|JB SHORT 004327FC
|TEST ECX,ECX
|JE SHORT 004327BC

004327B1 |.
004327B2 |.
fo.00432F05
004327B7 |.
004327B8 |.
004327BA |.
004327BC |>
004327C0 |.
004327C2 |.
004327C4 |.
004327C6 |.
004327C8 |.
004327CB |.
004327CD |>
004327CE |.
004327D1 |.
004327D2 |.
fo.0043B2D0
004327D7 |.
004327D8 |.
004327D9 |.
004327DE |.
004327E1 |.
004327E4 |.
004327E6 |.
004327E8 |.
004327EA |.
004327EC |.
004327EE |>
004327F1 |.
004327F3 |.
004327F5 |.
004327F7 |>
004327FA |.
004327FC |>
004327FF |.
00432802 |.
00432803 |.
00432804 |.
fo.004367C9
00432809 |.
0043280A |.
0043280B |.
0043280E |.
00432810 |.
00432813 |.
00432816 |.
00432817 |.
0043281A |.
0043281C |.
0043281E |.
00432825 |>
00432827 |.^
0043282D |>
00432830 |.^
00432835 |>
00432839 |>
0043283B |>
0043283D |.
0043283F |.

56
E8 4E070000

|PUSH ESI
|CALL 00432F05

; /Arg1
; \SystemIn

59
85C0
75 7D
837D F8 00
8BFB
74 09
33D2
8BC3
F775 F8
2BFA
57
FF75 FC
56
E8 F98A0000

|POP ECX
|TEST EAX,EAX
|JNE SHORT 00432839
|CMP DWORD PTR SS:[LOCAL.2],0
|MOV EDI,EBX
|JE SHORT 004327CD
|XOR EDX,EDX
|MOV EAX,EBX
|DIV DWORD PTR SS:[LOCAL.2]
|SUB EDI,EDX
|PUSH EDI
|PUSH DWORD PTR SS:[LOCAL.1]
|PUSH ESI
|CALL 0043B2D0

; /Arg1
; \SystemIn

59
50
E8 168A0000
83C4 0C
83F8 FF
74 61
8BCF
3BC7
77 02
8BC8
014D FC
2BD9
3BC7
72 50
8B7D F4
EB 29
8B45 FC
0FBE00
56
50
E8 C03F0000

|POP ECX
|PUSH EAX
|CALL 0043B1F4
|ADD ESP,0C
|CMP EAX,-1
|JE SHORT 00432847
|MOV ECX,EDI
|CMP EAX,EDI
|JA SHORT 004327EE
|MOV ECX,EAX
|ADD DWORD PTR SS:[LOCAL.1],ECX
|SUB EBX,ECX
|CMP EAX,EDI
|JB SHORT 00432847
|MOV EDI,DWORD PTR SS:[LOCAL.3]
|JMP SHORT 00432825
|MOV EAX,DWORD PTR SS:[LOCAL.1]
|MOVSX EAX,BYTE PTR DS:[EAX]
|PUSH ESI
|PUSH EAX
|CALL 004367C9

; /Arg2
; |Arg1
; \SystemIn

59
59
83F8 FF
74 29
FF45 FC
8B46 18
4B
8945 F8
85C0
7F 07
C745 F8 01000
85DB
0F85 41FFFFFF
8B45 10
E9 F1FEFFFF
834E 0C 20
8BC7
2BC3
33D2
F775 0C

|POP ECX
|POP ECX
|CMP EAX,-1
|JE SHORT 00432839
|INC DWORD PTR SS:[LOCAL.1]
|MOV EAX,DWORD PTR DS:[ESI+18]
|DEC EBX
|MOV DWORD PTR SS:[LOCAL.2],EAX
|TEST EAX,EAX
|JG SHORT 00432825
|MOV DWORD PTR SS:[LOCAL.2],1
|TEST EBX,EBX
\JNE 0043276E
MOV EAX,DWORD PTR SS:[ARG.3]
JMP 00432726
OR DWORD PTR DS:[ESI+0C],00000020
MOV EAX,EDI
SUB EAX,EBX
XOR EDX,EDX
DIV DWORD PTR SS:[ARG.2]

00432842 |.^
00432847 |>
0043284B |.
0043284E \.^
00432850 /$
00432852 |.
00432857 |.
0043285C |.
0043285E |.
00432861 |.
00432863 |.
00432866 |.
00432868 |.
0043286A |.
0043286D |.
00432870 |.
00432872 |.
00432874 |.
fo.004343FD
00432879 |.
0043287F |.
00432880 |.
00432881 |.
00432882 |.
00432883 |.
00432884 |.
fo.0042E862
00432889 |.
0043288C |>
0043288E |>
00432893 |.
00432894 |>
[ARG.EBP+14]
00432897 |.
fo.0043B3D9
0043289C |.
0043289D |.
004328A0 |.
[ARG.EBP+14]
004328A3 |.
[ARG.EBP+10]
004328A6 |.
[ARG.EBP+0C]
004328A9 |.
[ARG.EBP+8]
004328AC |.
fo.004326EE
004328B1 |.
004328B4 |.
004328B7 |.
004328BE |.
004328C3 |.
004328C6 \.^
004328C8 /$
004328CB |.
004328D0 |.
004328D1 \.
004328D2 /$
004328D4 |.
004328D9 |.

E9 DFFEFFFF
834E 0C 20
8B45 F4
EB EB
6A 0C
68 08F04400
E8 90610000
33F6
3975 0C
74 29
3975 10
74 24
33C0
3975 14
0F95C0
3BC6
75 20
E8 841B0000

JMP 00432726
OR DWORD PTR DS:[ESI+0C],00000020
MOV EAX,DWORD PTR SS:[LOCAL.3]
JMP SHORT 0043283B
PUSH 0C
PUSH OFFSET 0044F008
CALL 004389EC
XOR ESI,ESI
CMP DWORD PTR SS:[EBP+0C],ESI
JE SHORT 0043288C
CMP DWORD PTR SS:[EBP+10],ESI
JE SHORT 0043288C
XOR EAX,EAX
CMP DWORD PTR SS:[EBP+14],ESI
SETNE AL
CMP EAX,ESI
JNE SHORT 00432894
CALL 004343FD

; [SystemIn

C700 16000000
56
56
56
56
56
E8 D9BFFFFF

MOV DWORD PTR DS:[EAX],16


PUSH ESI
PUSH ESI
PUSH ESI
PUSH ESI
PUSH ESI
CALL 0042E862

;
;
;
;
;
;

83C4 14
33C0
E8 9E610000
C3
FF75 14

ADD ESP,14
XOR EAX,EAX
CALL 00438A31
RETN
PUSH DWORD PTR SS:[EBP+14]

; /Arg1 =>

E8 3D8B0000

CALL 0043B3D9

; \SystemIn

59
8975 FC
FF75 14

POP ECX
MOV DWORD PTR SS:[EBP-4],ESI
PUSH DWORD PTR SS:[EBP+14]

; /Arg4 =>

FF75 10

PUSH DWORD PTR SS:[EBP+10]

; |Arg3 =>

FF75 0C

PUSH DWORD PTR SS:[EBP+0C]

; |Arg2 =>

FF75 08

PUSH DWORD PTR SS:[EBP+8]

; |Arg1 =>

E8 3DFEFFFF

CALL 004326EE

; \SystemIn

83C4 10
8945 E4
C745 FC FEFFF
E8 05000000
8B45 E4
EB C6
FF75 14
E8 7C8B0000
59
C3
6A 0C
68 28F04400
E8 0E610000

ADD ESP,10
MOV DWORD PTR SS:[EBP-1C],EAX
MOV DWORD PTR SS:[EBP-4],-2
CALL 004328C8
MOV EAX,DWORD PTR SS:[EBP-1C]
JMP SHORT 0043288E
PUSH DWORD PTR SS:[EBP+14]
CALL 0043B44C
POP ECX
RETN
PUSH 0C
PUSH OFFSET 0044F028
CALL 004389EC

/Arg5
|Arg4
|Arg3
|Arg2
|Arg1
\SystemIn

004328DE |.
004328E0 |.
004328E3 |.
004328E5 |.
004328E8 |.
004328EA |.
004328ED |.
004328EF |.
004328F1 |.
fo.004343FD
004328F6 |.
004328FC |.
004328FD |.
004328FE |.
004328FF |.
00432900 |.
00432901 |.
fo.0042E862
00432906 |.
00432909 |.
0043290C |.
00432911 |>
[ARG.EBP+0C]
00432912 |.
fo.0043B3D9
00432917 |.
00432918 |.
0043291B |.
0043291F |.
00432921 |.
00432922 |.
fo.0043B2D0
00432927 |.
00432928 |.
0043292B |.
0043292D |.
00432930 |.
00432932 |.
00432934 |.
00432937 |.
00432939 |.
0043293C |.
0043293F |.
00432946 |.
00432948 |>
0043294D |>
00432951 |.
00432953 |.
00432956 |.
00432958 |.
0043295B |.
0043295D |.
0043295F |.
00432962 |.
00432965 |.
00432968 |.
0043296F |.
00432971 |>
00432976 |>
0043297A |.

33FF
897D E4
33C0
8B75 0C
3BF7
0F95C0
3BC7
75 20
E8 071B0000

XOR EDI,EDI
MOV DWORD PTR SS:[EBP-1C],EDI
XOR EAX,EAX
MOV ESI,DWORD PTR SS:[EBP+0C]
CMP ESI,EDI
SETNE AL
CMP EAX,EDI
JNE SHORT 00432911
CALL 004343FD

; [SystemIn

C700 16000000
57
57
57
57
57
E8 5CBFFFFF

MOV DWORD PTR DS:[EAX],16


PUSH EDI
PUSH EDI
PUSH EDI
PUSH EDI
PUSH EDI
CALL 0042E862

;
;
;
;
;
;

83C4 14
83C8 FF
E9 BC000000
56

ADD ESP,14
OR EAX,FFFFFFFF
JMP 004329CD
PUSH ESI

; /Arg1 =>

E8 C28A0000

CALL 0043B3D9

; \SystemIn

59
897D FC
F646 0C 40
75 77
56
E8 A9890000

POP ECX
MOV DWORD PTR SS:[EBP-4],EDI
TEST BYTE PTR DS:[ESI+0C],40
JNE SHORT 00432998
PUSH ESI
CALL 0043B2D0

; /Arg1
; \SystemIn

59
83F8 FF
74 1B
83F8 FE
74 16
8BD0
C1FA 05
8BC8
83E1 1F
C1E1 06
030C95 A03745
EB 05
B9 90224500
F641 24 7F
75 29
83F8 FF
74 19
83F8 FE
74 14
8BC8
C1F9 05
83E0 1F
C1E0 06
03048D A03745
EB 05
B8 90224500
F640 24 80
74 1C

POP ECX
CMP EAX,-1
JE SHORT 00432948
CMP EAX,-2
JE SHORT 00432948
MOV EDX,EAX
SAR EDX,5
MOV ECX,EAX
AND ECX,0000001F
SHL ECX,6
ADD ECX,DWORD PTR DS:[EDX*4+4537A0]
JMP SHORT 0043294D
MOV ECX,OFFSET 00452290
TEST BYTE PTR DS:[ECX+24],7F
JNE SHORT 0043297C
CMP EAX,-1
JE SHORT 00432971
CMP EAX,-2
JE SHORT 00432971
MOV ECX,EAX
SAR ECX,5
AND EAX,0000001F
SHL EAX,6
ADD EAX,DWORD PTR DS:[ECX*4+4537A0]
JMP SHORT 00432976
MOV EAX,OFFSET 00452290
TEST BYTE PTR DS:[EAX+24],80
JE SHORT 00432998

/Arg5
|Arg4
|Arg3
|Arg2
|Arg1
\SystemIn

0043297C |> E8 7C1A0000 CALL 004343FD


fo.004343FD
00432981 |. C700 16000000 MOV DWORD PTR DS:[EAX],16
00432987 |. 57
PUSH EDI
00432988 |. 57
PUSH EDI
00432989 |. 57
PUSH EDI
0043298A |. 57
PUSH EDI
0043298B |. 57
PUSH EDI
0043298C |. E8 D1BEFFFF CALL 0042E862
fo.0042E862
00432991 |. 83C4 14
ADD ESP,14
00432994 |. 834D E4 FF
OR DWORD PTR SS:[EBP-1C],FFFFFFFF
00432998 |> 397D E4
CMP DWORD PTR SS:[EBP-1C],EDI
0043299B |. 75 21
JNE SHORT 004329BE
0043299D |. FF4E 04
DEC DWORD PTR DS:[ESI+4]
004329A0 |. 78 0E
JS SHORT 004329B0
004329A2 |. 8B0E
MOV ECX,DWORD PTR DS:[ESI]
004329A4 |. 8A45 08
MOV AL,BYTE PTR SS:[EBP+8]
004329A7 |. 8801
MOV BYTE PTR DS:[ECX],AL
004329A9 |. 0FB6C0
MOVZX EAX,AL
004329AC |. FF06
INC DWORD PTR DS:[ESI]
004329AE |. EB 0B
JMP SHORT 004329BB
004329B0 |> 56
PUSH ESI
004329B1 |. FF75 08
PUSH DWORD PTR SS:[EBP+8]
[ARG.EBP+8]
004329B4 |. E8 103E0000 CALL 004367C9
fo.004367C9
004329B9 |. 59
POP ECX
004329BA |. 59
POP ECX
004329BB |> 8945 E4
MOV DWORD PTR SS:[EBP-1C],EAX
004329BE |> C745 FC FEFFF MOV DWORD PTR SS:[EBP-4],-2
004329C5 |. E8 0C000000 CALL 004329D6
004329CA |. 8B45 E4
MOV EAX,DWORD PTR SS:[EBP-1C]
004329CD |> E8 5F600000 CALL 00438A31
004329D2 \. C3
RETN
004329D3
8B
DB 8B
004329D4
75
DB 75
004329D5
0C
DB 0C
004329D6 /$ 56
PUSH ESI
004329D7 |. E8 708A0000 CALL 0043B44C
004329DC |. 59
POP ECX
004329DD \. C3
RETN
004329DE /$ 8BFF
MOV EDI,EDI
o.004329DE(guessed Arg1,Arg2)
004329E0 |. 55
PUSH EBP
004329E1 |. 8BEC
MOV EBP,ESP
004329E3 |. 56
PUSH ESI
004329E4 |. 8B75 0C
MOV ESI,DWORD PTR SS:[ARG.2]
004329E7 |. F646 0C 40
TEST BYTE PTR DS:[ESI+0C],40
004329EB |. 57
PUSH EDI
004329EC |. 75 79
JNE SHORT 00432A67
004329EE |. 56
PUSH ESI
[ARG.2]
004329EF |. E8 DC880000 CALL 0043B2D0
fo.0043B2D0
004329F4 |. 59
POP ECX
004329F5 |. BA 90224500 MOV EDX,OFFSET 00452290
004329FA |. 83F8 FF
CMP EAX,-1
004329FD |. 74 1B
JE SHORT 00432A1A
004329FF |. 83F8 FE
CMP EAX,-2

; [SystemIn
;
;
;
;
;
;

/Arg5
|Arg4
|Arg3
|Arg2
|Arg1
\SystemIn

; /Arg2
; |Arg1 =>
; \SystemIn

; CHAR 'u'
; Form Feed

; SystemInf

; /Arg1 =>
; \SystemIn

00432A02 |.
00432A04 |.
00432A06 |.
00432A09 |.
00432A0B |.
00432A0E |.
00432A11 |.
00432A18 |.
00432A1A |>
00432A1C |>
00432A20 |.
00432A22 |.
00432A25 |.
00432A27 |.
00432A2A |.
00432A2C |.
00432A2E |.
00432A31 |.
00432A34 |.
00432A37 |.
00432A3E |.
00432A40 |>
00432A42 |>
00432A46 |.
00432A48 |>
fo.004343FD
00432A4D |.
00432A4F |.
0
00432A50 |.
0
00432A51 |.
0
00432A52 |.
0
00432A53 |.
0
00432A54 |.
00432A5A |.
fo.0042E862
00432A5F |.
00432A62 |.
00432A65 |.
00432A67 |>
00432A68 |.
00432A6B |.
00432A6E |.
00432A70 |.
00432A73 |.
00432A75 |.
00432A77 |.
00432A79 |.
00432A7B |.
00432A7D |.
00432A7F |>
00432A81 |.
00432A84 |.
00432A86 |.
00432A87 |.
fo.0043B70B

74 16
8BC8
83E1 1F
8BF8
C1FF 05
C1E1 06
030CBD A03745
EB 02
8BCA
F641 24 7F
75 26
83F8 FF
74 19
83F8 FE
74 14
8BC8
83E0 1F
C1F9 05
C1E0 06
03048D A03745
EB 02
8BC2
F640 24 80
74 1F
E8 B0190000

JE SHORT 00432A1A
MOV ECX,EAX
AND ECX,0000001F
MOV EDI,EAX
SAR EDI,5
SHL ECX,6
ADD ECX,DWORD PTR DS:[EDI*4+4537A0]
JMP SHORT 00432A1C
MOV ECX,EDX
TEST BYTE PTR DS:[ECX+24],7F
JNE SHORT 00432A48
CMP EAX,-1
JE SHORT 00432A40
CMP EAX,-2
JE SHORT 00432A40
MOV ECX,EAX
AND EAX,0000001F
SAR ECX,5
SHL EAX,6
ADD EAX,DWORD PTR DS:[ECX*4+4537A0]
JMP SHORT 00432A42
MOV EAX,EDX
TEST BYTE PTR DS:[EAX+24],80
JE SHORT 00432A67
CALL 004343FD

; [SystemIn

33FF
57

XOR EDI,EDI
PUSH EDI

; /Arg5 =>

57

PUSH EDI

; |Arg4 =>

57

PUSH EDI

; |Arg3 =>

57

PUSH EDI

; |Arg2 =>

57

PUSH EDI

; |Arg1 =>

C700 16000000 MOV DWORD PTR DS:[EAX],16


E8 03BEFFFF CALL 0042E862

; |
; \SystemIn

83C4 14
83C8 FF
EB 4A
53
8B5D 08
83FB FF
74 3D
8B46 0C
A8 01
75 08
84C0
79 32
A8 02
75 2E
33FF
397E 08
75 07
56
E8 7F8C0000

; /Arg1
; \SystemIn

ADD ESP,14
OR EAX,FFFFFFFF
JMP SHORT 00432AB1
PUSH EBX
MOV EBX,DWORD PTR SS:[ARG.1]
CMP EBX,-1
JE SHORT 00432AAD
MOV EAX,DWORD PTR DS:[ESI+0C]
TEST AL,01
JNE SHORT 00432A7F
TEST AL,AL
JNS SHORT 00432AAD
TEST AL,02
JNE SHORT 00432AAD
XOR EDI,EDI
CMP DWORD PTR DS:[ESI+8],EDI
JNE SHORT 00432A8D
PUSH ESI
CALL 0043B70B

00432A8C |.
00432A8D |>
00432A8F |.
00432A92 |.
00432A94 |.
00432A97 |.
00432A99 |.
00432A9A |.
00432A9C |>
00432A9E |.
00432AA2 |.
00432AA4 |.
00432AA6 |.
00432AA8 |.
00432AAA |.
00432AAB |.
00432AAD |>
00432AB0 |>
00432AB1 |>
00432AB2 |.
00432AB3 |.
00432AB4 |.
00432AB5 |>
00432AB7 |>
00432ABA |.
00432ABD |.
00432AC0 |.
00432AC3 |.
00432AC6 |.
00432AC8 |.
00432ACD \.^
00432ACF /$
00432AD1 |.
00432AD6 |.
00432ADB |.
00432ADD |.
00432ADF |.
00432AE2 |.
00432AE5 |.
00432AE7 |.
00432AE9 |.
fo.004343FD
00432AEE |.
00432AF4 |.
00432AF5 |.
00432AF6 |.
00432AF7 |.
00432AF8 |.
00432AF9 |.
fo.0042E862
00432AFE |.
00432B01 |.
00432B04 |.
00432B06 |>
[ARG.EBP+0C]
00432B09 |.
fo.0043B3D9
00432B0E |.
00432B0F |.
00432B12 |.

59
8B06
3B46 08
75 08
397E 04
75 14
40
8906
FF0E
F646 0C 40
8B06
74 0F
3818
74 0D
40
8906
83C8 FF
5B
5F
5E
5D
C3
8818
8B46 0C
FF46 04
83E0 EF
83C8 01
8946 0C
8BC3
25 FF000000
EB E1
6A 0C
68 48F04400
E8 115F0000
33C0
33F6
3975 0C
0F95C0
3BC6
75 1D
E8 0F190000

POP ECX
MOV EAX,DWORD PTR DS:[ESI]
CMP EAX,DWORD PTR DS:[ESI+8]
JNE SHORT 00432A9C
CMP DWORD PTR DS:[ESI+4],EDI
JNE SHORT 00432AAD
INC EAX
MOV DWORD PTR DS:[ESI],EAX
DEC DWORD PTR DS:[ESI]
TEST BYTE PTR DS:[ESI+0C],40
MOV EAX,DWORD PTR DS:[ESI]
JE SHORT 00432AB5
CMP BYTE PTR DS:[EAX],BL
JE SHORT 00432AB7
INC EAX
MOV DWORD PTR DS:[ESI],EAX
OR EAX,FFFFFFFF
POP EBX
POP EDI
POP ESI
POP EBP
RETN
MOV BYTE PTR DS:[EAX],BL
MOV EAX,DWORD PTR DS:[ESI+0C]
INC DWORD PTR DS:[ESI+4]
AND EAX,FFFFFFEF
OR EAX,00000001
MOV DWORD PTR DS:[ESI+0C],EAX
MOV EAX,EBX
AND EAX,000000FF
JMP SHORT 00432AB0
PUSH 0C
PUSH OFFSET 0044F048
CALL 004389EC
XOR EAX,EAX
XOR ESI,ESI
CMP DWORD PTR SS:[EBP+0C],ESI
SETNE AL
CMP EAX,ESI
JNE SHORT 00432B06
CALL 004343FD

; [SystemIn

C700 16000000
56
56
56
56
56
E8 64BDFFFF

MOV DWORD PTR DS:[EAX],16


PUSH ESI
PUSH ESI
PUSH ESI
PUSH ESI
PUSH ESI
CALL 0042E862

;
;
;
;
;
;

83C4 14
83C8 FF
EB 2B
FF75 0C

ADD ESP,14
OR EAX,FFFFFFFF
JMP SHORT 00432B31
PUSH DWORD PTR SS:[EBP+0C]

; /Arg1 =>

E8 CB880000

CALL 0043B3D9

; \SystemIn

59
8975 FC
FF75 0C

POP ECX
MOV DWORD PTR SS:[EBP-4],ESI
PUSH DWORD PTR SS:[EBP+0C]

; /Arg2 =>

/Arg5
|Arg4
|Arg3
|Arg2
|Arg1
\SystemIn

[ARG.EBP+0C]
00432B15 |.
[ARG.EBP+8]
00432B18 |.
fo.004329DE
00432B1D |.
00432B1E |.
00432B1F |.
00432B22 |.
00432B29 |.
00432B2E |.
00432B31 |>
00432B36 \.
00432B37 /$
00432B3A |.
00432B3F |.
00432B40 \.
00432B41 /$
00432B43 |.
00432B48 |.
00432B4D |.
00432B4F |.
00432B52 |.
00432B54 |.
00432B57 |.
00432B59 |.
00432B5C |.
00432B5E |.
00432B60 |.
fo.004343FD
00432B65 |.
00432B6B |.
00432B6C |.
00432B6D |.
00432B6E |.
00432B6F |.
00432B70 |.
fo.0042E862
00432B75 |.
00432B78 |.
00432B7B |.
00432B80 |>
[ARG.EBP+8]
00432B81 |.
fo.0043B3D9
00432B86 |.
00432B87 |.
00432B8A |.
00432B8E |.
00432B90 |.
00432B91 |.
fo.0043B2D0
00432B96 |.
00432B97 |.
00432B9A |.
00432B9C |.
00432B9F |.
00432BA1 |.
00432BA3 |.
00432BA6 |.

FF75 08

PUSH DWORD PTR SS:[EBP+8]

; |Arg1 =>

E8 C1FEFFFF

CALL 004329DE

; \SystemIn

59
59
8945 E4
C745 FC FEFFF
E8 09000000
8B45 E4
E8 FB5E0000
C3
FF75 0C
E8 0D890000
59
C3
6A 0C
68 68F04400
E8 9F5E0000
33FF
897D E4
33C0
8B75 08
3BF7
0F95C0
3BC7
75 20
E8 98180000

POP ECX
POP ECX
MOV DWORD PTR SS:[EBP-1C],EAX
MOV DWORD PTR SS:[EBP-4],-2
CALL 00432B37
MOV EAX,DWORD PTR SS:[EBP-1C]
CALL 00438A31
RETN
PUSH DWORD PTR SS:[EBP+0C]
CALL 0043B44C
POP ECX
RETN
PUSH 0C
PUSH OFFSET 0044F068
CALL 004389EC
XOR EDI,EDI
MOV DWORD PTR SS:[EBP-1C],EDI
XOR EAX,EAX
MOV ESI,DWORD PTR SS:[EBP+8]
CMP ESI,EDI
SETNE AL
CMP EAX,EDI
JNE SHORT 00432B80
CALL 004343FD

; [SystemIn

C700 16000000
57
57
57
57
57
E8 EDBCFFFF

MOV DWORD PTR DS:[EAX],16


PUSH EDI
PUSH EDI
PUSH EDI
PUSH EDI
PUSH EDI
CALL 0042E862

;
;
;
;
;
;

83C4 14
83C8 FF
E9 B4000000
56

ADD ESP,14
OR EAX,FFFFFFFF
JMP 00432C34
PUSH ESI

; /Arg1 =>

E8 53880000

CALL 0043B3D9

; \SystemIn

59
897D FC
F646 0C 40
75 77
56
E8 3A870000

POP ECX
MOV DWORD PTR SS:[EBP-4],EDI
TEST BYTE PTR DS:[ESI+0C],40
JNE SHORT 00432C07
PUSH ESI
CALL 0043B2D0

; /Arg1
; \SystemIn

59
83F8 FF
74 1B
83F8 FE
74 16
8BD0
C1FA 05
8BC8

POP ECX
CMP EAX,-1
JE SHORT 00432BB7
CMP EAX,-2
JE SHORT 00432BB7
MOV EDX,EAX
SAR EDX,5
MOV ECX,EAX

/Arg5
|Arg4
|Arg3
|Arg2
|Arg1
\SystemIn

00432BA8 |. 83E1 1F
AND ECX,0000001F
00432BAB |. C1E1 06
SHL ECX,6
00432BAE |. 030C95 A03745 ADD ECX,DWORD PTR DS:[EDX*4+4537A0]
00432BB5 |. EB 05
JMP SHORT 00432BBC
00432BB7 |> B9 90224500 MOV ECX,OFFSET 00452290
00432BBC |> F641 24 7F
TEST BYTE PTR DS:[ECX+24],7F
00432BC0 |. 75 29
JNE SHORT 00432BEB
00432BC2 |. 83F8 FF
CMP EAX,-1
00432BC5 |. 74 19
JE SHORT 00432BE0
00432BC7 |. 83F8 FE
CMP EAX,-2
00432BCA |. 74 14
JE SHORT 00432BE0
00432BCC |. 8BC8
MOV ECX,EAX
00432BCE |. C1F9 05
SAR ECX,5
00432BD1 |. 83E0 1F
AND EAX,0000001F
00432BD4 |. C1E0 06
SHL EAX,6
00432BD7 |. 03048D A03745 ADD EAX,DWORD PTR DS:[ECX*4+4537A0]
00432BDE |. EB 05
JMP SHORT 00432BE5
00432BE0 |> B8 90224500 MOV EAX,OFFSET 00452290
00432BE5 |> F640 24 80
TEST BYTE PTR DS:[EAX+24],80
00432BE9 |. 74 1C
JE SHORT 00432C07
00432BEB |> E8 0D180000 CALL 004343FD
fo.004343FD
00432BF0 |. C700 16000000 MOV DWORD PTR DS:[EAX],16
00432BF6 |. 57
PUSH EDI
00432BF7 |. 57
PUSH EDI
00432BF8 |. 57
PUSH EDI
00432BF9 |. 57
PUSH EDI
00432BFA |. 57
PUSH EDI
00432BFB |. E8 62BCFFFF CALL 0042E862
fo.0042E862
00432C00 |. 83C4 14
ADD ESP,14
00432C03 |. 834D E4 FF
OR DWORD PTR SS:[EBP-1C],FFFFFFFF
00432C07 |> 397D E4
CMP DWORD PTR SS:[EBP-1C],EDI
00432C0A |. 75 19
JNE SHORT 00432C25
00432C0C |. FF4E 04
DEC DWORD PTR DS:[ESI+4]
00432C0F |. 78 0A
JS SHORT 00432C1B
00432C11 |. 8B0E
MOV ECX,DWORD PTR DS:[ESI]
00432C13 |. 0FB601
MOVZX EAX,BYTE PTR DS:[ECX]
00432C16 |. 41
INC ECX
00432C17 |. 890E
MOV DWORD PTR DS:[ESI],ECX
00432C19 |. EB 07
JMP SHORT 00432C22
00432C1B |> 56
PUSH ESI
00432C1C |. E8 338B0000 CALL 0043B754
00432C21 |. 59
POP ECX
00432C22 |> 8945 E4
MOV DWORD PTR SS:[EBP-1C],EAX
00432C25 |> C745 FC FEFFF MOV DWORD PTR SS:[EBP-4],-2
00432C2C |. E8 0C000000 CALL 00432C3D
00432C31 |. 8B45 E4
MOV EAX,DWORD PTR SS:[EBP-1C]
00432C34 |> E8 F85D0000 CALL 00438A31
00432C39 \. C3
RETN
00432C3A
8B
DB 8B
00432C3B
75
DB 75
00432C3C
08
DB 08
00432C3D /$ 56
PUSH ESI
00432C3E |. E8 09880000 CALL 0043B44C
00432C43 |. 59
POP ECX
00432C44 \. C3
RETN
00432C45 /$ 8BFF
MOV EDI,EDI
o.00432C45(guessed Arg1,Arg2)
00432C47 |. 55
PUSH EBP

; [SystemIn
;
;
;
;
;
;

/Arg5
|Arg4
|Arg3
|Arg2
|Arg1
\SystemIn

; CHAR 'u'
; Backspace

; SystemInf

00432C48 |. 8BEC
MOV EBP,ESP
00432C4A |. 57
PUSH EDI
00432C4B |. 33FF
XOR EDI,EDI
00432C4D |. 397D 08
CMP DWORD PTR SS:[ARG.1],EDI
00432C50 |. 75 1D
JNE SHORT 00432C6F
00432C52 |. E8 A6170000 CALL 004343FD
fo.004343FD
00432C57 |. 57
PUSH EDI
00432C58 |. 57
PUSH EDI
00432C59 |. 57
PUSH EDI
00432C5A |. 57
PUSH EDI
00432C5B |. 57
PUSH EDI
00432C5C |. C700 16000000 MOV DWORD PTR DS:[EAX],16
00432C62 |. E8 FBBBFFFF CALL 0042E862
fo.0042E862
00432C67 |. 83C4 14
ADD ESP,14
00432C6A |. 83C8 FF
OR EAX,FFFFFFFF
00432C6D |. EB 41
JMP SHORT 00432CB0
00432C6F |> 56
PUSH ESI
00432C70 |. 8B75 0C
MOV ESI,DWORD PTR SS:[ARG.2]
00432C73 |. 3BF7
CMP ESI,EDI
00432C75 |. 75 1D
JNE SHORT 00432C94
00432C77 |. E8 81170000 CALL 004343FD
fo.004343FD
00432C7C |. 57
PUSH EDI
00432C7D |. 57
PUSH EDI
00432C7E |. 57
PUSH EDI
00432C7F |. 57
PUSH EDI
00432C80 |. 57
PUSH EDI
00432C81 |. C700 16000000 MOV DWORD PTR DS:[EAX],16
00432C87 |. E8 D6BBFFFF CALL 0042E862
fo.0042E862
00432C8C |. 83C4 14
ADD ESP,14
00432C8F |. 83C8 FF
OR EAX,FFFFFFFF
00432C92 |. EB 1B
JMP SHORT 00432CAF
00432C94 |> FF75 08
PUSH DWORD PTR SS:[ARG.1]
00432C97 |. E8 2F8F0000 CALL 0043BBCB
00432C9C |. 59
POP ECX
00432C9D |. 8BC8
MOV ECX,EAX
00432C9F |. 8906
MOV DWORD PTR DS:[ESI],EAX
00432CA1 |. 23CA
AND ECX,EDX
00432CA3 |. 83C8 FF
OR EAX,FFFFFFFF
00432CA6 |. 8956 04
MOV DWORD PTR DS:[ESI+4],EDX
00432CA9 |. 3BC8
CMP ECX,EAX
00432CAB |. 74 02
JE SHORT 00432CAF
00432CAD |. 33C0
XOR EAX,EAX
00432CAF |> 5E
POP ESI
00432CB0 |> 5F
POP EDI
00432CB1 |. 5D
POP EBP
00432CB2 \. C3
RETN
00432CB3 /$ 8BFF
MOV EDI,EDI
o.00432CB3(guessed Arg1,Arg2,Arg3)
00432CB5 |. 55
PUSH EBP
00432CB6 |. 8BEC
MOV EBP,ESP
00432CB8 |. 56
PUSH ESI
00432CB9 |. 8B75 08
MOV ESI,DWORD PTR SS:[ARG.1]
00432CBC |. 8B46 0C
MOV EAX,DWORD PTR DS:[ESI+0C]
00432CBF |. A8 83
TEST AL,83
00432CC1 |. 75 10
JNE SHORT 00432CD3
00432CC3 |. E8 35170000 CALL 004343FD

; [SystemIn
;
;
;
;
;
;
;

/Arg5
|Arg4
|Arg3
|Arg2
|Arg1
|
\SystemIn

; [SystemIn
;
;
;
;
;
;
;

/Arg5
|Arg4
|Arg3
|Arg2
|Arg1
|
\SystemIn

; SystemInf

; [SystemIn

fo.004343FD
00432CC8 |.
00432CCE |.
00432CD1 |.
00432CD3 |>
00432CD6 |.
00432CDA |.
00432CDD |.
00432CDF |.
[ARG.1]
00432CE0 |.
fo.0043BD66
00432CE5 |.
00432CE8 |.
00432CEC |.
00432CED |>
00432CEE |.
fo.00432F05
00432CF3 |.
00432CF6 |.
00432CF7 |.
00432CF9 |.
00432CFB |.
00432CFE |.
00432D01 |.
00432D03 |>
00432D05 |.
00432D07 |.
00432D09 |.
00432D0B |.
00432D10 |.
00432D12 |.
00432D19 |>
00432D1C |.
00432D1F |.
00432D20 |.
fo.0043B2D0
00432D25 |.
00432D26 |.
00432D27 |.
00432D2C |.
00432D2E |.
00432D31 |.
00432D34 |.
00432D37 |.
00432D38 |.
00432D3A |>
00432D3B |.
00432D3C \.
00432D3D /$
00432D3F |.
00432D44 |.
00432D49 |.
00432D4B |.
00432D4D |.
00432D50 |.
00432D53 |.
00432D55 |.
00432D57 |>
fo.004343FD

C700 16000000
83C8 FF
EB 67
83E0 EF
837D 10 01
8946 0C
75 0E
56

MOV DWORD PTR DS:[EAX],16


OR EAX,FFFFFFFF
JMP SHORT 00432D3A
AND EAX,FFFFFFEF
CMP DWORD PTR SS:[ARG.3],1
MOV DWORD PTR DS:[ESI+0C],EAX
JNE SHORT 00432CED
PUSH ESI

; /Arg1 =>

E8 81900000

CALL 0043BD66

; \SystemIn

0145 0C
8365 10 00
59
56
E8 12020000

ADD DWORD PTR SS:[ARG.2],EAX


AND DWORD PTR SS:[ARG.3],00000000
POP ECX
PUSH ESI
CALL 00432F05

; /Arg1
; \SystemIn

8B46 0C
59
84C0
79 08
83E0 FC
8946 0C
EB 16
A8 01
74 12
A8 08
74 0E
A9 00040000
75 07
C746 18 00020
FF75 10
FF75 0C
56
E8 AB850000

MOV EAX,DWORD PTR DS:[ESI+0C]


POP ECX
TEST AL,AL
JNS SHORT 00432D03
AND EAX,FFFFFFFC
MOV DWORD PTR DS:[ESI+0C],EAX
JMP SHORT 00432D19
TEST AL,01
JE SHORT 00432D19
TEST AL,08
JE SHORT 00432D19
TEST EAX,00000400
JNE SHORT 00432D19
MOV DWORD PTR DS:[ESI+18],200
PUSH DWORD PTR SS:[ARG.3]
PUSH DWORD PTR SS:[ARG.2]
PUSH ESI
CALL 0043B2D0

; /Arg1
; \SystemIn

59
50
E8 5E8F0000
33C9
83C4 0C
83F8 FF
0F95C1
49
8BC1
5E
5D
C3
6A 0C
68 88F04400
E8 A35C0000
33C0
33F6
3975 08
0F95C0
3BC6
75 1D
E8 A1160000

POP ECX
PUSH EAX
CALL 0043BC8A
XOR ECX,ECX
ADD ESP,0C
CMP EAX,-1
SETNE CL
DEC ECX
MOV EAX,ECX
POP ESI
POP EBP
RETN
PUSH 0C
PUSH OFFSET 0044F088
CALL 004389EC
XOR EAX,EAX
XOR ESI,ESI
CMP DWORD PTR SS:[EBP+8],ESI
SETNE AL
CMP EAX,ESI
JNE SHORT 00432D74
CALL 004343FD

; [SystemIn

00432D5C |. C700 16000000 MOV DWORD PTR DS:[EAX],16


00432D62 |. 56
PUSH ESI
00432D63 |. 56
PUSH ESI
00432D64 |. 56
PUSH ESI
00432D65 |. 56
PUSH ESI
00432D66 |. 56
PUSH ESI
00432D67 |. E8 F6BAFFFF CALL 0042E862
fo.0042E862
00432D6C |. 83C4 14
ADD ESP,14
00432D6F |. 83C8 FF
OR EAX,FFFFFFFF
00432D72 |. EB 3E
JMP SHORT 00432DB2
00432D74 |> 8B7D 10
MOV EDI,DWORD PTR SS:[EBP+10]
00432D77 |. 3BFE
CMP EDI,ESI
00432D79 |. 74 0A
JE SHORT 00432D85
00432D7B |. 83FF 01
CMP EDI,1
00432D7E |. 74 05
JE SHORT 00432D85
00432D80 |. 83FF 02
CMP EDI,2
00432D83 |.^ 75 D2
JNE SHORT 00432D57
00432D85 |> FF75 08
PUSH DWORD PTR SS:[EBP+8]
[ARG.EBP+8]
00432D88 |. E8 4C860000 CALL 0043B3D9
fo.0043B3D9
00432D8D |. 59
POP ECX
00432D8E |. 8975 FC
MOV DWORD PTR SS:[EBP-4],ESI
00432D91 |. 57
PUSH EDI
00432D92 |. FF75 0C
PUSH DWORD PTR SS:[EBP+0C]
[ARG.EBP+0C]
00432D95 |. FF75 08
PUSH DWORD PTR SS:[EBP+8]
[ARG.EBP+8]
00432D98 |. E8 16FFFFFF CALL 00432CB3
fo.00432CB3
00432D9D |. 83C4 0C
ADD ESP,0C
00432DA0 |. 8945 E4
MOV DWORD PTR SS:[EBP-1C],EAX
00432DA3 |. C745 FC FEFFF MOV DWORD PTR SS:[EBP-4],-2
00432DAA |. E8 09000000 CALL 00432DB8
00432DAF |. 8B45 E4
MOV EAX,DWORD PTR SS:[EBP-1C]
00432DB2 |> E8 7A5C0000 CALL 00438A31
00432DB7 \. C3
RETN
00432DB8 /$ FF75 08
PUSH DWORD PTR SS:[EBP+8]
00432DBB |. E8 8C860000 CALL 0043B44C
00432DC0 |. 59
POP ECX
00432DC1 \. C3
RETN
00432DC2 /$ 8BFF
MOV EDI,EDI
o.00432DC2(guessed Arg1,Arg2)
00432DC4 |. 55
PUSH EBP
00432DC5 |. 8BEC
MOV EBP,ESP
00432DC7 |. 56
PUSH ESI
00432DC8 |. 33F6
XOR ESI,ESI
00432DCA |. 3975 08
CMP DWORD PTR SS:[ARG.1],ESI
00432DCD |. 75 1D
JNE SHORT 00432DEC
00432DCF |> E8 29160000 CALL 004343FD
fo.004343FD
00432DD4 |. 56
PUSH ESI
00432DD5 |. 56
PUSH ESI
00432DD6 |. 56
PUSH ESI
00432DD7 |. 56
PUSH ESI
00432DD8 |. 56
PUSH ESI
00432DD9 |. C700 16000000 MOV DWORD PTR DS:[EAX],16
00432DDF |. E8 7EBAFFFF CALL 0042E862
fo.0042E862

;
;
;
;
;
;

/Arg5
|Arg4
|Arg3
|Arg2
|Arg1
\SystemIn

; /Arg1 =>
; \SystemIn

; /Arg3
; |Arg2 =>
; |Arg1 =>
; \SystemIn

; SystemInf

; [SystemIn
;
;
;
;
;
;
;

/Arg5
|Arg4
|Arg3
|Arg2
|Arg1
|
\SystemIn

00432DE4 |.
00432DE7 |.
00432DEA |.
00432DEC |>
00432DEF |.
00432DF1 |.^
00432DF3 |.
00432DF4 |.
00432DF7 |.
00432DF9 |.
00432DFC |.
00432E01 |.
00432E04 |>
00432E05 |.
00432E06 \.
00432E07 /$
00432E09 |.
00432E0E |.
00432E13 |.
00432E15 |.
00432E18 |.
00432E1A |.
00432E1D |.
00432E1F |.
00432E22 |.
00432E24 |.
00432E26 |>
fo.004343FD
00432E2B |.
00432E31 |.
00432E32 |.
00432E33 |.
00432E34 |.
00432E35 |.
00432E36 |.
fo.0042E862
00432E3B |.
00432E3E |.
00432E41 |.
00432E46 |>
00432E49 |.
00432E4C |.
00432E4E |.
00432E50 |.
00432E52 |.
00432E55 |.^
00432E57 |>
00432E59 |.
00432E5B |.
00432E5E |.
00432E60 |>
00432E63 |.
00432E66 |.
00432E6B |.
00432E6D |.^
00432E6F |>
00432E72 |>
00432E75 |.
00432E78 |.
[ARG.EBP+8]

83C4 14
83C8 FF
EB 18
8B45 0C
3BC6
74 DC
56
FF70 04
FF30
FF75 08
E8 9E910000
83C4 10
5E
5D
C3
6A 0C
68 A8F04400
E8 D95B0000
33DB
895D E4
33C0
8B75 08
3BF3
0F95C0
3BC3
75 20
E8 D2150000

ADD ESP,14
OR EAX,FFFFFFFF
JMP SHORT 00432E04
MOV EAX,DWORD PTR SS:[ARG.2]
CMP EAX,ESI
JE SHORT 00432DCF
PUSH ESI
PUSH DWORD PTR DS:[EAX+4]
PUSH DWORD PTR DS:[EAX]
PUSH DWORD PTR SS:[ARG.1]
CALL 0043BF9F
ADD ESP,10
POP ESI
POP EBP
RETN
PUSH 0C
PUSH OFFSET 0044F0A8
CALL 004389EC
XOR EBX,EBX
MOV DWORD PTR SS:[EBP-1C],EBX
XOR EAX,EAX
MOV ESI,DWORD PTR SS:[EBP+8]
CMP ESI,EBX
SETNE AL
CMP EAX,EBX
JNE SHORT 00432E46
CALL 004343FD

; [SystemIn

C700 16000000
53
53
53
53
53
E8 27BAFFFF

MOV DWORD PTR DS:[EAX],16


PUSH EBX
PUSH EBX
PUSH EBX
PUSH EBX
PUSH EBX
CALL 0042E862

;
;
;
;
;
;

83C4 14
83C8 FF
E9 AF000000
8B45 10
83F8 04
74 09
3BC3
74 0E
83F8 40
75 CF
3BC3
74 05
83F8 40
75 0F
8B7D 14
8D47 FE
3D FDFFFF7F
76 05
EB B7
8B7D 14
83E7 FE
8975 08
56

ADD ESP,14
OR EAX,FFFFFFFF
JMP 00432EF5
MOV EAX,DWORD PTR SS:[EBP+10]
CMP EAX,4
JE SHORT 00432E57
CMP EAX,EBX
JE SHORT 00432E60
CMP EAX,40
JNE SHORT 00432E26
CMP EAX,EBX
JE SHORT 00432E60
CMP EAX,40
JNE SHORT 00432E6F
MOV EDI,DWORD PTR SS:[EBP+14]
LEA EAX,[EDI-2]
CMP EAX,7FFFFFFD
JBE SHORT 00432E72
JMP SHORT 00432E26
MOV EDI,DWORD PTR SS:[EBP+14]
AND EDI,FFFFFFFE
MOV DWORD PTR SS:[EBP+8],ESI
PUSH ESI

; /Arg1 =>

/Arg5
|Arg4
|Arg3
|Arg2
|Arg1
\SystemIn

00432E79 |. E8 5B850000
fo.0043B3D9
00432E7E |. 59
00432E7F |. 895D FC
00432E82 |. 56
00432E83 |. E8 7D000000
fo.00432F05
00432E88 |. 56
00432E89 |. E8 60910000
fo.0043BFEE
00432E8E |. 59
00432E8F |. 59
00432E90 |. 8166 0C F3C2F
00432E97 |. 8B4E 0C
00432E9A |. F645 10 04
00432E9E |. 74 0B
00432EA0 |. 83C9 04
00432EA3 |. 8D46 14
00432EA6 |. 6A 02
00432EA8 |. 5F
00432EA9 |. EB 2D
00432EAB |> 8B45 0C
00432EAE |. 3BC3
00432EB0 |. 75 20
00432EB2 |. 57
00432EB3 |. E8 5B1F0000
fo.00434E13
00432EB8 |. 59
00432EB9 |. 3BC3
00432EBB |. 75 0C
00432EBD |. FF05 04324500
00432EC3 |. 834D E4 FF
00432EC7 |. EB 1D
00432EC9 |> 814E 0C 08040
00432ED0 |. EB 09
00432ED2 |> 81C9 00050000
00432ED8 |> 894E 0C
00432EDB |> 897E 18
00432EDE |. 8946 08
00432EE1 |. 8906
00432EE3 |. 895E 04
00432EE6 |> C745 FC FEFFF
00432EED |. E8 09000000
00432EF2 |. 8B45 E4
00432EF5 |> E8 375B0000
00432EFA \. C3
00432EFB /$ FF75 08
00432EFE |. E8 49850000
00432F03 |. 59
00432F04 \. C3
00432F05 /$ 8BFF
o.00432F05(guessed Arg1)
00432F07 |. 55
00432F08 |. 8BEC
00432F0A |. 53
00432F0B |. 56
00432F0C |. 8B75 08
00432F0F |. 8B46 0C
00432F12 |. 8BC8
00432F14 |. 80E1 03

CALL 0043B3D9

; \SystemIn

POP ECX
MOV DWORD PTR SS:[EBP-4],EBX
PUSH ESI
CALL 00432F05

; /Arg1
; \SystemIn

PUSH ESI
CALL 0043BFEE

; /Arg1
; \SystemIn

POP ECX
POP ECX
AND DWORD PTR DS:[ESI+0C],FFFFC2F3
MOV ECX,DWORD PTR DS:[ESI+0C]
TEST BYTE PTR SS:[EBP+10],04
JE SHORT 00432EAB
OR ECX,00000004
LEA EAX,[ESI+14]
PUSH 2
POP EDI
JMP SHORT 00432ED8
MOV EAX,DWORD PTR SS:[EBP+0C]
CMP EAX,EBX
JNE SHORT 00432ED2
PUSH EDI
CALL 00434E13

; /Arg1
; \SystemIn

POP ECX
CMP EAX,EBX
JNE SHORT 00432EC9
INC DWORD PTR DS:[453204]
OR DWORD PTR SS:[EBP-1C],FFFFFFFF
JMP SHORT 00432EE6
OR DWORD PTR DS:[ESI+0C],00000408
JMP SHORT 00432EDB
OR ECX,00000500
MOV DWORD PTR DS:[ESI+0C],ECX
MOV DWORD PTR DS:[ESI+18],EDI
MOV DWORD PTR DS:[ESI+8],EAX
MOV DWORD PTR DS:[ESI],EAX
MOV DWORD PTR DS:[ESI+4],EBX
MOV DWORD PTR SS:[EBP-4],-2
CALL 00432EFB
MOV EAX,DWORD PTR SS:[EBP-1C]
CALL 00438A31
RETN
PUSH DWORD PTR SS:[EBP+8]
CALL 0043B44C
POP ECX
RETN
MOV EDI,EDI

; SystemInf

PUSH EBP
MOV EBP,ESP
PUSH EBX
PUSH ESI
MOV ESI,DWORD PTR SS:[ARG.1]
MOV EAX,DWORD PTR DS:[ESI+0C]
MOV ECX,EAX
AND CL,03

00432F17 |. 33DB
00432F19 |. 80F9 02
00432F1C |. 75 40
00432F1E |. A9 08010000
00432F23 |. 74 39
00432F25 |. 8B46 08
00432F28 |. 57
00432F29 |. 8B3E
00432F2B |. 2BF8
00432F2D |. 85FF
00432F2F |. 7E 2C
00432F31 |. 57
00432F32 |. 50
00432F33 |. 56
[ARG.1]
00432F34 |. E8 97830000
fo.0043B2D0
00432F39 |. 59
00432F3A |. 50
00432F3B |. E8 B4820000
00432F40 |. 83C4 0C
00432F43 |. 3BC7
00432F45 |. 75 0F
00432F47 |. 8B46 0C
00432F4A |. 84C0
00432F4C |. 79 0F
00432F4E |. 83E0 FD
00432F51 |. 8946 0C
00432F54 |. EB 07
00432F56 |> 834E 0C 20
00432F5A |. 83CB FF
00432F5D |> 5F
00432F5E |> 8B46 08
00432F61 |. 8366 04 00
00432F65 |. 8906
00432F67 |. 5E
00432F68 |. 8BC3
00432F6A |. 5B
00432F6B |. 5D
00432F6C \. C3
00432F6D /$ 8BFF
o.00432F6D(guessed Arg1)
00432F6F |. 55
00432F70 |. 8BEC
00432F72 |. 56
00432F73 |. 8B75 08
00432F76 |. 85F6
00432F78 |. 75 09
00432F7A |. 56
00432F7B |. E8 35000000
00432F80 |. 59
00432F81 |. EB 2F
00432F83 |> 56
[ARG.1]
00432F84 |. E8 7CFFFFFF
fo.00432F05
00432F89 |. 59
00432F8A |. 85C0
00432F8C |. 74 05
00432F8E |. 83C8 FF

XOR EBX,EBX
CMP CL,2
JNE SHORT 00432F5E
TEST EAX,00000108
JE SHORT 00432F5E
MOV EAX,DWORD PTR DS:[ESI+8]
PUSH EDI
MOV EDI,DWORD PTR DS:[ESI]
SUB EDI,EAX
TEST EDI,EDI
JLE SHORT 00432F5D
PUSH EDI
PUSH EAX
PUSH ESI

; /Arg1 =>

CALL 0043B2D0

; \SystemIn

POP ECX
PUSH EAX
CALL 0043B1F4
ADD ESP,0C
CMP EAX,EDI
JNE SHORT 00432F56
MOV EAX,DWORD PTR DS:[ESI+0C]
TEST AL,AL
JNS SHORT 00432F5D
AND EAX,FFFFFFFD
MOV DWORD PTR DS:[ESI+0C],EAX
JMP SHORT 00432F5D
OR DWORD PTR DS:[ESI+0C],00000020
OR EBX,FFFFFFFF
POP EDI
MOV EAX,DWORD PTR DS:[ESI+8]
AND DWORD PTR DS:[ESI+4],00000000
MOV DWORD PTR DS:[ESI],EAX
POP ESI
MOV EAX,EBX
POP EBX
POP EBP
RETN
MOV EDI,EDI

; SystemInf

PUSH EBP
MOV EBP,ESP
PUSH ESI
MOV ESI,DWORD PTR SS:[ARG.1]
TEST ESI,ESI
JNE SHORT 00432F83
PUSH ESI
CALL 00432FB5
POP ECX
JMP SHORT 00432FB2
PUSH ESI

; /Arg1 =>

CALL 00432F05

; \SystemIn

POP ECX
TEST EAX,EAX
JE SHORT 00432F93
OR EAX,FFFFFFFF

00432F91 |.
00432F93 |>
00432F9A |.
00432F9C |.
00432F9D |.
fo.0043B2D0
00432FA2 |.
00432FA3 |.
00432FA8 |.
00432FA9 |.
00432FAB |.
00432FAC |.
00432FAE |.
00432FB0 |>
00432FB2 |>
00432FB3 |.
00432FB4 \.
00432FB5 /$
00432FB7 |.
00432FBC |.
00432FC1 |.
00432FC3 |.
00432FC6 |.
00432FC9 |.
00432FCB |.
fo.00438680
00432FD0 |.
00432FD1 |.
00432FD4 |.
00432FD6 |>
00432FD9 |.
00432FDF |.
00432FE5 |.
00432FEA |.
00432FED |.
00432FEF |.
00432FF1 |.
00432FF3 |.
00432FF7 |.
00432FF9 |.
00432FFA |.
00432FFB |.
fo.0043B41A
00433000 |.
00433001 |.
00433002 |.
00433004 |.
00433005 |.
00433008 |.
0043300D |.
00433010 |.
00433013 |.
00433016 |.
00433018 |.
0043301B |.
0043301D |.
0043301E |.
fo.00432F6D
00433023 |.
00433024 |.

EB 1F
F746 0C 00400
74 14
56
E8 2E830000

JMP SHORT 00432FB2


TEST DWORD PTR DS:[ESI+0C],00004000
JE SHORT 00432FB0
PUSH ESI
CALL 0043B2D0

; /Arg1
; \SystemIn

50
E8 77900000
59
F7D8
59
1BC0
EB 02
33C0
5E
5D
C3
6A 14
68 C8F04400
E8 2B5A0000
33FF
897D E4
897D DC
6A 01
E8 B0560000

PUSH EAX
CALL 0043C01F
POP ECX
NEG EAX
POP ECX
SBB EAX,EAX
JMP SHORT 00432FB2
XOR EAX,EAX
POP ESI
POP EBP
RETN
PUSH 14
PUSH OFFSET 0044F0C8
CALL 004389EC
XOR EDI,EDI
MOV DWORD PTR SS:[EBP-1C],EDI
MOV DWORD PTR SS:[EBP-24],EDI
PUSH 1
CALL 00438680

; /Arg1 = 1
; \SystemIn

59
897D FC
33F6
8975 E0
3B35 C0484500
0F8D 83000000
A1 A0384500
8D04B0
3938
74 5E
8B00
F640 0C 83
74 56
50
56
E8 1A840000

POP ECX
MOV DWORD PTR SS:[EBP-4],EDI
XOR ESI,ESI
/MOV DWORD PTR SS:[EBP-20],ESI
|CMP ESI,DWORD PTR DS:[4548C0]
|JGE 00433068
|MOV EAX,DWORD PTR DS:[4538A0]
|LEA EAX,[ESI*4+EAX]
|CMP DWORD PTR DS:[EAX],EDI
|JE SHORT 0043304F
|MOV EAX,DWORD PTR DS:[EAX]
|TEST BYTE PTR DS:[EAX+0C],83
|JE SHORT 0043304F
|PUSH EAX
|PUSH ESI
|CALL 0043B41A

; /Arg2
; |Arg1
; \SystemIn

59
59
33D2
42
8955 FC
A1 A0384500
8B04B0
8B48 0C
F6C1 83
74 2F
3955 08
75 11
50
E8 4AFFFFFF

|POP ECX
|POP ECX
|XOR EDX,EDX
|INC EDX
|MOV DWORD PTR SS:[EBP-4],EDX
|MOV EAX,DWORD PTR DS:[4538A0]
|MOV EAX,DWORD PTR DS:[ESI*4+EAX]
|MOV ECX,DWORD PTR DS:[EAX+0C]
|TEST CL,83
|JE SHORT 00433047
|CMP DWORD PTR SS:[EBP+8],EDX
|JNE SHORT 0043302E
|PUSH EAX
|CALL 00432F6D

; /Arg1
; \SystemIn

59
83F8 FF

|POP ECX
|CMP EAX,-1

00433027 |.
00433029 |.
0043302C |.
0043302E |>
00433031 |.
00433033 |.
00433036 |.
00433038 |.
00433039 |.
fo.00432F6D
0043303E |.
0043303F |.
00433042 |.
00433044 |.
00433047 |>
0043304A |.
0043304F |>
00433050 \.^
00433052
00433053
00433054
00433055
00433056
00433057 /$
0043305C |.
0043305F |.
00433060 |.
00433065 |.
00433066 |.
00433067 \.
00433068 />
0043306F |.
00433074 |.
00433078 |.
0043307B |.
0043307D |.
00433080 |>
00433085 \.
00433086 /$
00433088 |.
fo.004385A6
0043308D |.
0043308E \.
0043308F /$
00433091 |.
00433096 |.
0043309B |.
0043309D |.
004330A0 |.
004330A2 |.
004330A3 |.
004330A8 |.
004330A9 |.
004330AB |>
[ARG.EBP+8]
004330AE |.
fo.0043B3D9
004330B3 |.
004330B4 |.
004330B7 |.

74 1E
FF45 E4
EB 19
397D 08
75 14
F6C1 02
74 0F
50
E8 2FFFFFFF

|JE SHORT 00433047


|INC DWORD PTR SS:[EBP-1C]
|JMP SHORT 00433047
|CMP DWORD PTR SS:[EBP+8],EDI
|JNE SHORT 00433047
|TEST CL,02
|JE SHORT 00433047
|PUSH EAX
|CALL 00432F6D

59
83F8 FF
75 03
0945 DC
897D FC
E8 08000000
46
EB 84
33
FF
8B
75
E0
A1 A0384500
FF34B0
56
E8 23840000
59
59
C3
C745 FC FEFFF
E8 12000000
837D 08 01
8B45 E4
74 03
8B45 DC
E8 AC590000
C3
6A 01
E8 19550000

|POP ECX
|CMP EAX,-1
|JNE SHORT 00433047
|OR DWORD PTR SS:[EBP-24],EAX
|MOV DWORD PTR SS:[EBP-4],EDI
|CALL 00433057
|INC ESI
\JMP SHORT 00432FD6
DB 33
DB FF
DB 8B
DB 75
DB E0
MOV EAX,DWORD PTR DS:[4538A0]
PUSH DWORD PTR DS:[ESI*4+EAX]
PUSH ESI
CALL 0043B488
POP ECX
POP ECX
RETN
MOV DWORD PTR SS:[EBP-4],-2
CALL 00433086
CMP DWORD PTR SS:[EBP+8],1
MOV EAX,DWORD PTR SS:[EBP-1C]
JE SHORT 00433080
MOV EAX,DWORD PTR SS:[EBP-24]
CALL 00438A31
RETN
PUSH 1
CALL 004385A6

59
C3
6A 0C
68 F0F04400
E8 51590000
33F6
3975 08
75 09
56
E8 0DFFFFFF
59
EB 27
FF75 08

POP ECX
RETN
PUSH 0C
PUSH OFFSET 0044F0F0
CALL 004389EC
XOR ESI,ESI
CMP DWORD PTR SS:[EBP+8],ESI
JNE SHORT 004330AB
PUSH ESI
CALL 00432FB5
POP ECX
JMP SHORT 004330D2
PUSH DWORD PTR SS:[EBP+8]

; /Arg1 =>

E8 26830000

CALL 0043B3D9

; \SystemIn

59
8975 FC
FF75 08

POP ECX
MOV DWORD PTR SS:[EBP-4],ESI
PUSH DWORD PTR SS:[EBP+8]

; /Arg1 =>

; /Arg1
; \SystemIn

; CHAR '3'
; CHAR 'u'

; /Arg1 = 1
; \SystemIn

[ARG.EBP+8]
004330BA |. E8 AEFEFFFF
fo.00432F6D
004330BF |. 59
004330C0 |. 8945 E4
004330C3 |. C745 FC FEFFF
004330CA |. E8 09000000
004330CF |. 8B45 E4
004330D2 |> E8 5A590000
004330D7 \. C3
004330D8 /$ FF75 08
004330DB |. E8 6C830000
004330E0 |. 59
004330E1 \. C3
004330E2 /$ 6A 01
004330E4 |. E8 CCFEFFFF
004330E9 |. 59
004330EA \. C3
004330EB /$ 8BFF
o.004330EB(guessed Arg1)
004330ED |. 55
004330EE |. 8BEC
004330F0 |. 53
004330F1 |. 56
004330F2 |. 8B75 08
004330F5 |. 57
004330F6 |. 33FF
004330F8 |. 83CB FF
004330FB |. 3BF7
004330FD |. 75 1C
004330FF |. E8 F9120000
fo.004343FD
00433104 |. 57
00433105 |. 57
00433106 |. 57
00433107 |. 57
00433108 |. 57
00433109 |. C700 16000000
0043310F |. E8 4EB7FFFF
fo.0042E862
00433114 |. 83C4 14
00433117 |. 0BC3
00433119 |. EB 42
0043311B |> F646 0C 83
0043311F |. 74 37
00433121 |. 56
[ARG.1]
00433122 |. E8 DEFDFFFF
fo.00432F05
00433127 |. 56
00433128 |. 8BD8
0043312A |. E8 BF8E0000
fo.0043BFEE
0043312F |. 56
00433130 |. E8 9B810000
fo.0043B2D0
00433135 |. 50
00433136 |. E8 61900000
0043313B |. 83C4 10
0043313E |. 85C0

CALL 00432F6D

; \SystemIn

POP ECX
MOV DWORD PTR SS:[EBP-1C],EAX
MOV DWORD PTR SS:[EBP-4],-2
CALL 004330D8
MOV EAX,DWORD PTR SS:[EBP-1C]
CALL 00438A31
RETN
PUSH DWORD PTR SS:[EBP+8]
CALL 0043B44C
POP ECX
RETN
PUSH 1
CALL 00432FB5
POP ECX
RETN
MOV EDI,EDI

; SystemInf

PUSH EBP
MOV EBP,ESP
PUSH EBX
PUSH ESI
MOV ESI,DWORD PTR SS:[ARG.1]
PUSH EDI
XOR EDI,EDI
OR EBX,FFFFFFFF
CMP ESI,EDI
JNE SHORT 0043311B
CALL 004343FD

; [SystemIn

PUSH EDI
PUSH EDI
PUSH EDI
PUSH EDI
PUSH EDI
MOV DWORD PTR DS:[EAX],16
CALL 0042E862

;
;
;
;
;
;
;

ADD ESP,14
OR EAX,EBX
JMP SHORT 0043315D
TEST BYTE PTR DS:[ESI+0C],83
JE SHORT 00433158
PUSH ESI

; /Arg1 =>

CALL 00432F05

; \SystemIn

PUSH ESI
MOV EBX,EAX
CALL 0043BFEE

; /Arg1
; |
; \SystemIn

PUSH ESI
CALL 0043B2D0

; /Arg1
; \SystemIn

PUSH EAX
CALL 0043C19C
ADD ESP,10
TEST EAX,EAX

/Arg5
|Arg4
|Arg3
|Arg2
|Arg1
|
\SystemIn

00433140 |.
00433142 |.
00433145 |.
00433147 |>
0043314A |.
0043314C |.
0043314E |.
0043314F |.
fo.004331DE
00433154 |.
00433155 |.
00433158 |>
0043315B |.
0043315D |>
0043315E |.
0043315F |.
00433160 |.
00433161 \.
00433162 /$
00433164 |.
00433169 |.
0043316E |.
00433172 |.
00433174 |.
00433177 |.
00433179 |.
0043317B |.
0043317E |.
00433180 |.
00433182 |.
fo.004343FD
00433187 |.
0043318D |.
0043318E |.
0043318F |.
00433190 |.
00433191 |.
00433192 |.
fo.0042E862
00433197 |.
0043319A |.
0043319D |.
0043319F |>
004331A3 |.
004331A5 |.
004331A8 |>
004331AB |>
004331B0 |.
004331B1 |>
[ARG.EBP+8]
004331B2 |.
fo.0043B3D9
004331B7 |.
004331B8 |.
004331BB |.
004331BC |.
fo.004330EB
004331C1 |.
004331C2 |.
004331C5 |.

7D 05
83CB FF
EB 11
8B46 1C
3BC7
74 0A
50
E8 8A000000

JGE SHORT 00433147


OR EBX,FFFFFFFF
JMP SHORT 00433158
MOV EAX,DWORD PTR DS:[ESI+1C]
CMP EAX,EDI
JE SHORT 00433158
PUSH EAX
CALL 004331DE

; /Arg1
; \SystemIn

59
897E 1C
897E 0C
8BC3
5F
5E
5B
5D
C3
6A 0C
68 10F14400
E8 7E580000
834D E4 FF
33C0
8B75 08
33FF
3BF7
0F95C0
3BC7
75 1D
E8 76120000

POP ECX
MOV DWORD PTR DS:[ESI+1C],EDI
MOV DWORD PTR DS:[ESI+0C],EDI
MOV EAX,EBX
POP EDI
POP ESI
POP EBX
POP EBP
RETN
PUSH 0C
PUSH OFFSET 0044F110
CALL 004389EC
OR DWORD PTR SS:[EBP-1C],FFFFFFFF
XOR EAX,EAX
MOV ESI,DWORD PTR SS:[EBP+8]
XOR EDI,EDI
CMP ESI,EDI
SETNE AL
CMP EAX,EDI
JNE SHORT 0043319F
CALL 004343FD

; [SystemIn

C700 16000000
57
57
57
57
57
E8 CBB6FFFF

MOV DWORD PTR DS:[EAX],16


PUSH EDI
PUSH EDI
PUSH EDI
PUSH EDI
PUSH EDI
CALL 0042E862

;
;
;
;
;
;

83C4 14
83C8 FF
EB 0C
F646 0C 40
74 0C
897E 0C
8B45 E4
E8 81580000
C3
56

ADD ESP,14
OR EAX,FFFFFFFF
JMP SHORT 004331AB
TEST BYTE PTR DS:[ESI+0C],40
JE SHORT 004331B1
MOV DWORD PTR DS:[ESI+0C],EDI
MOV EAX,DWORD PTR SS:[EBP-1C]
CALL 00438A31
RETN
PUSH ESI

; /Arg1 =>

E8 22820000

CALL 0043B3D9

; \SystemIn

59
897D FC
56
E8 2AFFFFFF

POP ECX
MOV DWORD PTR SS:[EBP-4],EDI
PUSH ESI
CALL 004330EB

; /Arg1
; \SystemIn

59
POP ECX
8945 E4
MOV DWORD PTR SS:[EBP-1C],EAX
C745 FC FEFFF MOV DWORD PTR SS:[EBP-4],-2

/Arg5
|Arg4
|Arg3
|Arg2
|Arg1
\SystemIn

004331CC |. E8 05000000
004331D1 \.^ EB D5
004331D3
8B
004331D4
75
004331D5
08
004331D6 /$ 56
004331D7 |. E8 70820000
004331DC |. 59
004331DD \. C3
004331DE /$ 6A 0C
o.004331DE(guessed Arg1)
004331E0 |. 68 30F14400
004331E5 |. E8 02580000
004331EA |. 8B75 08
004331ED |. 85F6
004331EF |. 74 75
004331F1 |. 833D 94374500
004331F8 |. 75 43
004331FA |. 6A 04
004331FC |. E8 7F540000
fo.00438680
00433201 |. 59
00433202 |. 8365 FC 00
00433206 |. 56
00433207 |. E8 8D900000
fo.0043C299
0043320C |. 59
0043320D |. 8945 E4
00433210 |. 85C0
00433212 |. 74 09
00433214 |. 56
00433215 |. 50
00433216 |. E8 AE900000
0043321B |. 59
0043321C |. 59
0043321D |> C745 FC FEFFF
00433224 |. E8 0B000000
00433229 |. 837D E4 00
0043322D |. 75 37
0043322F |. FF75 08
00433232 \. EB 0A
00433234 /$ 6A 04
00433236 |. E8 6B530000
fo.004385A6
0043323B |. 59
0043323C \. C3
0043323D /> 56
0043323E |> 6A 00
0
00433240 |. FF35 08324500
ULL
00433246 |. FF15 A0804400
.HeapFree
0043324C |. 85C0
0043324E |. 75 16
00433250 |. E8 A8110000
fo.004343FD
00433255 |. 8BF0
00433257 |. FF15 58804400
.GetLastError

CALL 004331D6
JMP SHORT 004331A8
DB 8B
DB 75
DB 08
PUSH ESI
CALL 0043B44C
POP ECX
RETN
PUSH 0C

; CHAR 'u'
; Backspace

; SystemInf

PUSH OFFSET 0044F130


CALL 004389EC
MOV ESI,DWORD PTR SS:[EBP+8]
TEST ESI,ESI
JE SHORT 00433266
CMP DWORD PTR DS:[453794],3
JNE SHORT 0043323D
PUSH 4
CALL 00438680

; /Arg1 = 4
; \SystemIn

POP ECX
AND DWORD PTR SS:[EBP-4],00000000
PUSH ESI
CALL 0043C299

; /Arg1
; \SystemIn

POP ECX
MOV DWORD PTR SS:[EBP-1C],EAX
TEST EAX,EAX
JE SHORT 0043321D
PUSH ESI
PUSH EAX
CALL 0043C2C9
POP ECX
POP ECX
MOV DWORD PTR SS:[EBP-4],-2
CALL 00433234
CMP DWORD PTR SS:[EBP-1C],0
JNE SHORT 00433266
PUSH DWORD PTR SS:[EBP+8]
JMP SHORT 0043323E
PUSH 4
CALL 004385A6

; /Arg1 = 4
; \SystemIn

POP ECX
RETN
PUSH ESI
PUSH 0

; |Flags =

PUSH DWORD PTR DS:[453208]

; |Heap = N

CALL DWORD PTR DS:[<&KERNEL32.HeapFree>] ; \KERNEL32


TEST EAX,EAX
JNE SHORT 00433266
CALL 004343FD

; [SystemIn

MOV ESI,EAX
CALL DWORD PTR DS:[<&KERNEL32.GetLastErr ; [KERNEL32

0043325D |. 50
PUSH EAX
0043325E |. E8 58110000 CALL 004343BB
fo.004343BB
00433263 |. 8906
MOV DWORD PTR DS:[ESI],EAX
00433265 |. 59
POP ECX
00433266 |> E8 C6570000 CALL 00438A31
0043326B \. C3
RETN
0043326C /$ 8BFF
MOV EDI,EDI
o.0043326C(guessed Arg1)
0043326E |. 55
PUSH EBP
0043326F |. 8BEC
MOV EBP,ESP
00433271 |. 51
PUSH ECX
00433272 |. 53
PUSH EBX
00433273 |. 56
PUSH ESI
00433274 |. 57
PUSH EDI
00433275 |. FF35 CC484500 PUSH DWORD PTR DS:[4548CC]
0043327B |. E8 461E0000 CALL 004350C6
fo.004350C6
00433280 |. FF35 C8484500 PUSH DWORD PTR DS:[4548C8]
00433286 |. 8BF8
MOV EDI,EAX
00433288 |. 897D FC
MOV DWORD PTR SS:[LOCAL.1],EDI
0043328B |. E8 361E0000 CALL 004350C6
fo.004350C6
00433290 |. 8BF0
MOV ESI,EAX
00433292 |. 59
POP ECX
00433293 |. 59
POP ECX
00433294 |. 3BF7
CMP ESI,EDI
00433296 |. 0F82 83000000 JB 0043331F
0043329C |. 8BDE
MOV EBX,ESI
0043329E |. 2BDF
SUB EBX,EDI
004332A0 |. 8D43 04
LEA EAX,[EBX+4]
ases FFFFFFFC..FFFFFFFF, 2 exits)
004332A3 |. 83F8 04
CMP EAX,4
004332A6 |. 72 77
JB SHORT 0043331F
004332A8 |. 57
PUSH EDI
ase of switch SystemInfo.4332A0
004332A9 |. E8 AF9A0000 CALL 0043CD5D
004332AE |. 8BF8
MOV EDI,EAX
004332B0 |. 8D43 04
LEA EAX,[EBX+4]
004332B3 |. 59
POP ECX
004332B4 |. 3BF8
CMP EDI,EAX
004332B6 |. 73 48
JNB SHORT 00433300
004332B8 |. B8 00080000 MOV EAX,800
004332BD |. 3BF8
CMP EDI,EAX
004332BF |. 73 02
JNB SHORT 004332C3
004332C1 |. 8BC7
MOV EAX,EDI
004332C3 |> 03C7
ADD EAX,EDI
004332C5 |. 3BC7
CMP EAX,EDI
004332C7 |. 72 0F
JB SHORT 004332D8
004332C9 |. 50
PUSH EAX
004332CA |. FF75 FC
PUSH DWORD PTR SS:[LOCAL.1]
[LOCAL.1]
004332CD |. E8 D21B0000 CALL 00434EA4
fo.00434EA4
004332D2 |. 59
POP ECX
004332D3 |. 59
POP ECX
004332D4 |. 85C0
TEST EAX,EAX
004332D6 |. 75 16
JNE SHORT 004332EE
004332D8 |> 8D47 10
LEA EAX,[EDI+10]
004332DB |. 3BC7
CMP EAX,EDI

; /Arg1
; \SystemIn

; SystemInf

; /Arg1 = 0
; \SystemIn
;
;
;
;

/Arg1 = 0
|
|
\SystemIn

; Switch (c

; Default c

; /Arg2
; |Arg1 =>
; \SystemIn

004332DD |. 72 40
004332DF |. 50
004332E0 |. FF75 FC
[LOCAL.1]
004332E3 |. E8 BC1B0000
fo.00434EA4
004332E8 |. 59
004332E9 |. 59
004332EA |. 85C0
004332EC |. 74 31
004332EE |> C1FB 02
004332F1 |. 50
004332F2 |. 8D3498
004332F5 |. E8 511D0000
fo.0043504B
004332FA |. 59
004332FB |. A3 CC484500
00433300 |> FF75 08
[ARG.1]
00433303 |. E8 431D0000
fo.0043504B
00433308 |. 8906
0043330A |. 83C6 04
0043330D |. 56
0043330E |. E8 381D0000
fo.0043504B
00433313 |. 59
00433314 |. A3 C8484500
00433319 |. 8B45 08
0043331C |. 59
0043331D |. EB 02
0043331F |> 33C0
FFFFC, FFFFFFFD, FFFFFFFE,
00433321 |> 5F
00433322 |. 5E
00433323 |. 5B
00433324 |. C9
00433325 \. C3
00433326
8BFF
00433328 /. 56
00433329 |. 6A 04
0043332B |. 6A 20
0
0043332D |. E8 261B0000
fo.00434E58
00433332 |. 8BF0
00433334 |. 56
00433335 |. E8 111D0000
fo.0043504B
0043333A |. 83C4 0C
0043333D |. A3 CC484500
00433342 |. A3 C8484500
00433347 |. 85F6
00433349 |. 75 05
0043334B |. 6A 18
0043334D |. 58
0043334E |. 5E
0043334F |. C3
00433350 |> 8326 00
00433353 |. 33C0

JB SHORT 0043331F
PUSH EAX
PUSH DWORD PTR SS:[LOCAL.1]

; /Arg2
; |Arg1 =>

CALL 00434EA4

; \SystemIn

POP ECX
POP ECX
TEST EAX,EAX
JE SHORT 0043331F
SAR EBX,2
PUSH EAX
LEA ESI,[EBX*4+EAX]
CALL 0043504B

; /Arg1
; |
; \SystemIn

POP ECX
MOV DWORD PTR DS:[4548CC],EAX
PUSH DWORD PTR SS:[ARG.1]

; /Arg1 =>

CALL 0043504B

; \SystemIn

MOV DWORD PTR DS:[ESI],EAX


ADD ESI,4
PUSH ESI
CALL 0043504B

; /Arg1
; \SystemIn

POP ECX
MOV DWORD PTR DS:[4548C8],EAX
MOV EAX,DWORD PTR SS:[ARG.1]
POP ECX
JMP SHORT 00433321
XOR EAX,EAX
FFFFFFFF of switch SystemInfo.4332A0
POP EDI
POP ESI
POP EBX
LEAVE
RETN
MOV EDI,EDI
PUSH ESI
PUSH 4
PUSH 20

; Cases FFF

; /Arg2 = 4
; |Arg1 = 2

CALL 00434E58

; \SystemIn

MOV ESI,EAX
PUSH ESI
CALL 0043504B

; /Arg1
; \SystemIn

ADD ESP,0C
MOV DWORD PTR DS:[4548CC],EAX
MOV DWORD PTR DS:[4548C8],EAX
TEST ESI,ESI
JNE SHORT 00433350
PUSH 18
POP EAX
POP ESI
RETN
AND DWORD PTR DS:[ESI],00000000
XOR EAX,EAX

00433355 |. 5E
00433356 \. C3
00433357 /$ 6A 0C
00433359 |. 68 50F14400
0043335E |. E8 89560000
00433363 |. E8 E7530000
fo.0043874F
00433368 |. 8365 FC 00
0043336C |. FF75 08
[ARG.EBP+8]
0043336F |. E8 F8FEFFFF
fo.0043326C
00433374 |. 59
00433375 |. 8945 E4
00433378 |. C745 FC FEFFF
0043337F |. E8 09000000
00433384 |. 8B45 E4
00433387 |. E8 A5560000
0043338C \. C3
0043338D /$ E8 C6530000
00433392 \. C3
00433393 /$ 8BFF
o.00433393(guessed Arg1)
00433395 |. 55
00433396 |. 8BEC
00433398 |. FF75 08
0043339B |. E8 B7FFFFFF
004333A0 |. F7D8
EAX to boolean
004333A2 |. 1BC0
004333A4 |. F7D8
004333A6 |. 59
004333A7 |. 48
004333A8 |. 5D
004333A9 \. C3
004333AA /$ 8BFF
o.004333AA(guessed Arg1)
004333AC |. 55
004333AD |. 8BEC
004333AF |. 833D DC2C4500
004333B6 |. 75 05
004333B8 |. E8 3E9C0000
fo.0043CFFB
004333BD |> FF75 08
[ARG.1]
004333C0 |. E8 8B9A0000
fo.0043CE50
004333C5 |. 68 FF000000
004333CA |. E8 68530000
004333CF |. 59
004333D0 |. 59
004333D1 |. 5D
004333D2 \. C3
004333D3 /> 6A 58
004333D5 |. 68 70F14400
004333DA |. E8 0D560000
004333DF |. 33F6
004333E1 |. 8975 FC
004333E4 |. 8D45 98
004333E7 |. 50

POP ESI
RETN
PUSH 0C
PUSH OFFSET 0044F150
CALL 004389EC
CALL 0043874F

; [SystemIn

AND DWORD PTR SS:[EBP-4],00000000


PUSH DWORD PTR SS:[EBP+8]

; /Arg1 =>

CALL 0043326C

; \SystemIn

POP ECX
MOV DWORD PTR SS:[EBP-1C],EAX
MOV DWORD PTR SS:[EBP-4],-2
CALL 0043338D
MOV EAX,DWORD PTR SS:[EBP-1C]
CALL 00438A31
RETN
CALL 00438758
RETN
MOV EDI,EDI

; SystemInf

PUSH EBP
MOV EBP,ESP
PUSH DWORD PTR SS:[ARG.1]
CALL 00433357
NEG EAX

; Converts

SBB EAX,EAX
NEG EAX
POP ECX
DEC EAX
POP EBP
RETN
MOV EDI,EDI

; SystemInf

PUSH EBP
MOV EBP,ESP
CMP DWORD PTR DS:[452CDC],1
JNE SHORT 004333BD
CALL 0043CFFB

; [SystemIn

PUSH DWORD PTR SS:[ARG.1]

; /Arg1 =>

CALL 0043CE50

; \SystemIn

PUSH 0FF
CALL 00438737
POP ECX
POP ECX
POP EBP
RETN
PUSH 58
PUSH OFFSET 0044F170
CALL 004389EC
XOR ESI,ESI
MOV DWORD PTR SS:[EBP-4],ESI
LEA EAX,[EBP-68]
PUSH EAX

; /pStartup

info
004333E8 |. FF15 78814400
.GetStartupInfoA
004333EE |. 6A FE
004333F0 |. 5F
004333F1 |. 897D FC
004333F4 |. B8 4D5A0000
004333F9 |. 66:3905 00004
00433400 |. 75 38
00433402 |. A1 3C004000
00433407 |. 81B8 00004000
00433411 |. 75 27
00433413 |. B9 0B010000
00433418 |. 66:3988 18004
0043341F |. 75 19
00433421 |. 83B8 74004000
$"
00433428 |. 76 10
0043342A |. 33C9
0043342C |. 39B0 E8004000
00433432 |. 0F95C1
00433435 |. 894D E4
00433438 |. EB 03
0043343A |> 8975 E4
0043343D |> 33DB
0043343F |. 43
00433440 |. 53
1
00433441 |. E8 238E0000
fo.0043C269
00433446 |. 59
00433447 |. 85C0
00433449 |. 75 08
0043344B |. 6A 1C
C
0043344D |. E8 58FFFFFF
fo.004333AA
00433452 |. 59
00433453 |> E8 03200000
00433458 |. 85C0
0043345A |. 75 08
0043345C |. 6A 10
0
0043345E |. E8 47FFFFFF
fo.004333AA
00433463 |. 59
00433464 |> E8 F4A10000
00433469 |. 895D FC
0043346C |. E8 46800000
fo.0043B4B7
00433471 |. 85C0
00433473 |. 7D 08
00433475 |. 6A 1B
B
00433477 |. E8 67520000
fo.004386E3
0043347C |. 59
0043347D |> FF15 74814400
.GetCommandLineA

CALL DWORD PTR DS:[<&KERNEL32.GetStartup ; \KERNEL32


PUSH -2
POP EDI
MOV DWORD PTR SS:[EBP-4],EDI
MOV EAX,5A4D
CMP WORD PTR DS:[<STRUCT IMAGE_DOS_HEADE
JNE SHORT 0043343A
MOV EAX,DWORD PTR DS:[40003C]
CMP DWORD PTR DS:[EAX+<STRUCT IMAGE_DOS_
JNE SHORT 0043343A
MOV ECX,10B
CMP WORD PTR DS:[EAX+400018],CX
JNE SHORT 0043343A
CMP DWORD PTR DS:[EAX+400074],0E
; ASCII ".
JBE SHORT 0043343A
XOR ECX,ECX
CMP DWORD PTR DS:[EAX+4000E8],ESI
SETNE CL
MOV DWORD PTR SS:[EBP-1C],ECX
JMP SHORT 0043343D
MOV DWORD PTR SS:[EBP-1C],ESI
XOR EBX,EBX
INC EBX
PUSH EBX

; /Arg1 =>

CALL 0043C269

; \SystemIn

POP ECX
TEST EAX,EAX
JNE SHORT 00433453
PUSH 1C

; /Arg1 = 1

CALL 004333AA

; \SystemIn

POP ECX
CALL 0043545B
TEST EAX,EAX
JNE SHORT 00433464
PUSH 10

; /Arg1 = 1

CALL 004333AA

; \SystemIn

POP ECX
CALL 0043D65D
MOV DWORD PTR SS:[EBP-4],EBX
CALL 0043B4B7

; [SystemIn

TEST EAX,EAX
JGE SHORT 0043347D
PUSH 1B

; /Arg1 = 1

CALL 004386E3

; \SystemIn

POP ECX
CALL DWORD PTR DS:[<&KERNEL32.GetCommand ; [KERNEL32

00433483 |. A3 E0484500 MOV DWORD PTR DS:[4548E0],EAX


00433488 |. E8 99A00000 CALL 0043D526
fo.0043D526
0043348D |. A3 D42C4500 MOV DWORD PTR DS:[452CD4],EAX
00433492 |. E8 D49F0000 CALL 0043D46B
fo.0043D46B
00433497 |. 85C0
TEST EAX,EAX
00433499 |. 7D 08
JGE SHORT 004334A3
0043349B |. 6A 08
PUSH 8
0043349D |. E8 41520000 CALL 004386E3
fo.004386E3
004334A2 |. 59
POP ECX
004334A3 |> E8 4B9D0000 CALL 0043D1F3
004334A8 |. 85C0
TEST EAX,EAX
004334AA |. 7D 08
JGE SHORT 004334B4
004334AC |. 6A 09
PUSH 9
004334AE |. E8 30520000 CALL 004386E3
fo.004386E3
004334B3 |. 59
POP ECX
004334B4 |> 53
PUSH EBX
004334B5 |. E8 E8520000 CALL 004387A2
fo.004387A2
004334BA |. 59
POP ECX
004334BB |. 3BC6
CMP EAX,ESI
004334BD |. 74 07
JE SHORT 004334C6
004334BF |. 50
PUSH EAX
004334C0 |. E8 1E520000 CALL 004386E3
fo.004386E3
004334C5 |. 59
POP ECX
004334C6 |> E8 C99C0000 CALL 0043D194
004334CB |. 845D C4
TEST BYTE PTR SS:[EBP-3C],BL
004334CE |. 74 06
JE SHORT 004334D6
004334D0 |. 0FB74D C8
MOVZX ECX,WORD PTR SS:[EBP-38]
004334D4 |. EB 03
JMP SHORT 004334D9
004334D6 |> 6A 0A
PUSH 0A
004334D8 |. 59
POP ECX
004334D9 |> 51
PUSH ECX
004334DA |. 50
PUSH EAX
004334DB |. 56
PUSH ESI
004334DC |. 68 00004000 PUSH OFFSET <STRUCT IMAGE_DOS_HEADER>
ystemInfo.<STRUCT IMAGE_DOS_HEADER>
004334E1 |. E8 6ACEFDFF CALL 00410350
fo.00410350
004334E6 |. 8945 E0
MOV DWORD PTR SS:[EBP-20],EAX
004334E9 |. 3975 E4
CMP DWORD PTR SS:[EBP-1C],ESI
004334EC |. 75 06
JNE SHORT 004334F4
004334EE |. 50
PUSH EAX
004334EF |. E8 5F540000 CALL 00438953
004334F4 |> E8 86540000 CALL 0043897F
004334F9 |. 897D FC
MOV DWORD PTR SS:[EBP-4],EDI
004334FC \. EB 35
JMP SHORT 00433533
004334FE /. 8B45 EC
MOV EAX,DWORD PTR SS:[EBP-14]
00433501 |. 8B08
MOV ECX,DWORD PTR DS:[EAX]
00433503 |. 8B09
MOV ECX,DWORD PTR DS:[ECX]
00433505 |. 894D DC
MOV DWORD PTR SS:[EBP-24],ECX
00433508 |. 50
PUSH EAX
00433509 |. 51
PUSH ECX
0043350A |. E8 259B0000 CALL 0043D034
0043350F |. 59
POP ECX
00433510 |. 59
POP ECX

; [SystemIn
; [SystemIn

; /Arg1 = 8
; \SystemIn

; /Arg1 = 9
; \SystemIn
; /Arg1
; \SystemIn

; /Arg1
; \SystemIn

;
;
;
;

/Arg4
|Arg3
|Arg2
|Arg1 = S

; \SystemIn

00433511 \. C3
RETN
00433512 /. 8B65 E8
MOV ESP,DWORD PTR SS:[EBP-18]
00433515 |. 8B45 DC
MOV EAX,DWORD PTR SS:[EBP-24]
00433518 |. 8945 E0
MOV DWORD PTR SS:[EBP-20],EAX
0043351B |. 837D E4 00
CMP DWORD PTR SS:[EBP-1C],0
0043351F |. 75 06
JNE SHORT 00433527
00433521 |. 50
PUSH EAX
00433522 |. E8 42540000 CALL 00438969
00433527 |> E8 62540000 CALL 0043898E
0043352C |. C745 FC FEFFF MOV DWORD PTR SS:[EBP-4],-2
00433533 |> 8B45 E0
MOV EAX,DWORD PTR SS:[EBP-20]
00433536 \. EB 13
JMP SHORT 0043354B
00433538 /. 33C0
XOR EAX,EAX
0043353A |. 40
INC EAX
0043353B \. C3
RETN
0043353C /. 8B65 E8
MOV ESP,DWORD PTR SS:[EBP-18]
0043353F |. C745 FC FEFFF MOV DWORD PTR SS:[EBP-4],-2
00433546 |. B8 FF000000 MOV EAX,0FF
0043354B |> E8 E1540000 CALL 00438A31
00433550 |. C3
RETN
00433551 |. E8 53A10000 CALL 0043D6A9
00433556 \.^ E9 78FEFFFF JMP 004333D3
0043355B /$ 8BFF
MOV EDI,EDI
o.0043355B(guessed Arg1)
0043355D |. 55
PUSH EBP
0043355E |. 8BEC
MOV EBP,ESP
00433560 |. 56
PUSH ESI
00433561 |. 8D45 08
LEA EAX,[ARG.1]
00433564 |. 50
PUSH EAX
OFFSET ARG.1
00433565 |. 8BF1
MOV ESI,ECX
00433567 |. E8 2AB5FFFF CALL 0042EA96
fo.0042EA96
0043356C |. C706 1C9F4400 MOV DWORD PTR DS:[ESI],OFFSET 00449F1C
00433572 |. 8BC6
MOV EAX,ESI
00433574 |. 5E
POP ESI
00433575 |. 5D
POP EBP
00433576 \. C2 0400
RETN 4
00433579 /. C701 1C9F4400 MOV DWORD PTR DS:[ECX],OFFSET 00449F1C
0043357F \.^ E9 DFB5FFFF JMP 0042EB63
00433584
8BFF
MOV EDI,EDI
00433586 /. 55
PUSH EBP
00433587 |. 8BEC
MOV EBP,ESP
00433589 |. 56
PUSH ESI
0043358A |. 8BF1
MOV ESI,ECX
0043358C |. C706 1C9F4400 MOV DWORD PTR DS:[ESI],OFFSET 00449F1C
00433592 |. E8 CCB5FFFF CALL 0042EB63
fo.0042EB63
00433597 |. F645 08 01
TEST BYTE PTR SS:[ARG.1],01
0043359B |. 74 07
JE SHORT 004335A4
0043359D |. 56
PUSH ESI
0043359E |. E8 77B3FFFF CALL 0042E91A
004335A3 |. 59
POP ECX
004335A4 |> 8BC6
MOV EAX,ESI
004335A6 |. 5E
POP ESI
004335A7 |. 5D
POP EBP
004335A8 \. C2 0400
RETN 4
004335AB /$ 8BFF
MOV EDI,EDI
o.004335AB(guessed Arg1,Arg2,Arg3)
004335AD |. 55
PUSH EBP

; SystemInf

; /Arg1 =>
; |
; \SystemIn

; [SystemIn

; SystemInf

004335AE |.
004335B0 |.
004335B1 |.
004335B2 |.
004335B5 |.
004335B8 |.
004335BA |.
004335BC |.
004335BF |.
004335C2 |.
004335C4 |.
004335C7 |.
004335CA |.
004335CC |.
004335CE |.
004335D1 |.
004335D2 |.
004335D3 |.
fo.0042E980
004335D8 |.
004335D9 |.
004335DA |.
004335DC |.
004335DE |>
004335E0 |.
004335E2 |>
004335E5 |.
004335E7 |.
004335EA |.^
004335EC |>
004335EF |.
004335F1 |.
004335F3 |.
004335F5 |.
004335F8 |.^
004335FA |>
004335FC |.
004335FE |.
00433601 |.^
00433603 |>
00433605 |.
00433606 |>
00433607 |.
00433608 |.
00433609 \.
0043360A /$
0043360C |.
0043360D |.
0043360F |.
00433612 |.
00433614 |.
00433616 |.
0043361B |.
0043361D |.
00433622 |.
00433624 |.
fo.00435312
00433629 |.
00433630 |.
00433635 |>

8BEC
56
57
8B7D 08
8B47 04
85C0
74 47
8D50 08
803A 00
74 3F
8B75 0C
8B4E 04
3BC1
74 14
83C1 08
51
52
E8 A8B3FFFF

MOV EBP,ESP
PUSH ESI
PUSH EDI
MOV EDI,DWORD PTR SS:[ARG.1]
MOV EAX,DWORD PTR DS:[EDI+4]
TEST EAX,EAX
JE SHORT 00433603
LEA EDX,[EAX+8]
CMP BYTE PTR DS:[EDX],0
JE SHORT 00433603
MOV ESI,DWORD PTR SS:[ARG.2]
MOV ECX,DWORD PTR DS:[ESI+4]
CMP EAX,ECX
JE SHORT 004335E2
ADD ECX,8
PUSH ECX
PUSH EDX
CALL 0042E980

; /Arg2
; |Arg1
; \SystemIn

59
59
85C0
74 04
33C0
EB 24
F606 02
74 05
F607 08
74 F2
8B45 10
8B00
A8 01
74 05
F607 01
74 E4
A8 02
74 05
F607 02
74 DB
33C0
40
5F
5E
5D
C3
8BFF
55
8BEC
8B45 08
8B00
8B00
3D 4D4F43E0
74 18
3D 63736DE0
75 2B
E8 E91C0000

POP ECX
POP ECX
TEST EAX,EAX
JE SHORT 004335E2
XOR EAX,EAX
JMP SHORT 00433606
TEST BYTE PTR DS:[ESI],02
JE SHORT 004335EC
TEST BYTE PTR DS:[EDI],08
JE SHORT 004335DE
MOV EAX,DWORD PTR SS:[ARG.3]
MOV EAX,DWORD PTR DS:[EAX]
TEST AL,01
JE SHORT 004335FA
TEST BYTE PTR DS:[EDI],01
JE SHORT 004335DE
TEST AL,02
JE SHORT 00433603
TEST BYTE PTR DS:[EDI],02
JE SHORT 004335DE
XOR EAX,EAX
INC EAX
POP EDI
POP ESI
POP EBP
RETN
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
MOV EAX,DWORD PTR SS:[ARG.1]
MOV EAX,DWORD PTR DS:[EAX]
MOV EAX,DWORD PTR DS:[EAX]
CMP EAX,E0434F4D
JE SHORT 00433635
CMP EAX,E06D7363
JNE SHORT 0043364F
CALL 00435312

; [SystemIn

83A0 90000000 AND DWORD PTR DS:[EAX+90],00000000


E9 B31F0000 JMP 004355E8
E8 D81C0000 CALL 00435312

; [SystemIn

fo.00435312
0043363A |.
00433641 |.
00433643 |.
fo.00435312
00433648 |.
0043364D |.
0043364F |>
00433651 |.
00433652 \.
00433653 /$
00433655 |.
0043365A |.
0043365F |.
00433662 |.
00433665 |.
0043366C |.
0043366E |.
00433672 |.
00433674 |>
00433677 |>
0043367A |.
fo.00435312
0043367F |.
00433684 |.
00433686 |.
0043368A |>
0043368D |.
0043368F |.
00433692 |.
00433694 |.
00433697 |.
00433699 |>
0043369E |>
004336A0 |.
004336A3 |.
004336A6 |.
004336A8 |.
004336AA |.
004336AD |.
004336B4 |.
004336B8 |.
004336BA |.
004336BD |.
03
004336C2 |.
004336C3 |.
004336C6 |.
004336CA |.
fo.00435680
004336CF |>
004336D3 \.
004336D5 /.
004336D8 |.
004336DD |.
004336DE \.
004336DF /.
004336E2 |.
004336E6 |.
004336E9 |.

83B8 90000000 CMP DWORD PTR DS:[EAX+90],0


7E 0C
JLE SHORT 0043364F
E8 CA1C0000 CALL 00435312

; [SystemIn

05 90000000
FF08
33C0
5D
C3
6A 10
68 98F14400
E8 8D530000
8B7D 10
8B5D 08
817F 04 80000
7F 06
0FBE73 08
EB 03
8B73 08
8975 E4
E8 931C0000

ADD EAX,90
DEC DWORD PTR DS:[EAX]
XOR EAX,EAX
POP EBP
RETN
PUSH 10
PUSH OFFSET 0044F198
CALL 004389EC
MOV EDI,DWORD PTR SS:[EBP+10]
MOV EBX,DWORD PTR SS:[EBP+8]
CMP DWORD PTR DS:[EDI+4],80
JG SHORT 00433674
MOVSX ESI,BYTE PTR DS:[EBX+8]
JMP SHORT 00433677
MOV ESI,DWORD PTR DS:[EBX+8]
MOV DWORD PTR SS:[EBP-1C],ESI
CALL 00435312

; [SystemIn

05 90000000
FF00
8365 FC 00
3B75 14
74 65
83FE FF
7E 05
3B77 04
7C 05
E8 961F0000
8BC6
C1E0 03
8B4F 08
03C8
8B31
8975 E0
C745 FC 01000
8379 04 00
74 15
8973 08
68 03010000

ADD EAX,90
INC DWORD PTR DS:[EAX]
AND DWORD PTR SS:[EBP-4],00000000
CMP ESI,DWORD PTR SS:[EBP+14]
JE SHORT 004336F4
CMP ESI,-1
JLE SHORT 00433699
CMP ESI,DWORD PTR DS:[EDI+4]
JL SHORT 0043369E
CALL 00435634
MOV EAX,ESI
SHL EAX,3
MOV ECX,DWORD PTR DS:[EDI+8]
ADD ECX,EAX
MOV ESI,DWORD PTR DS:[ECX]
MOV DWORD PTR SS:[EBP-20],ESI
MOV DWORD PTR SS:[EBP-4],1
CMP DWORD PTR DS:[ECX+4],0
JE SHORT 004336CF
MOV DWORD PTR DS:[EBX+8],ESI
PUSH 103

; /Arg3 = 1

53
8B4F 08
FF7401 04
E8 B11F0000

PUSH EBX
MOV ECX,DWORD PTR DS:[EDI+8]
PUSH DWORD PTR DS:[EAX+ECX+4]
CALL 00435680

;
;
;
;

8365 FC 00
EB 1A
FF75 EC
E8 2DFFFFFF
59
C3
8B65 E8
8365 FC 00
8B7D 10
8B5D 08

AND DWORD PTR SS:[EBP-4],00000000


JMP SHORT 004336EF
PUSH DWORD PTR SS:[EBP-14]
CALL 0043360A
POP ECX
RETN
MOV ESP,DWORD PTR SS:[EBP-18]
AND DWORD PTR SS:[EBP-4],00000000
MOV EDI,DWORD PTR SS:[EBP+10]
MOV EBX,DWORD PTR SS:[EBP+8]

|Arg2
|
|Arg1
\SystemIn

004336EC |.
004336EF |>
004336F2 |.^
004336F4 |>
004336FB |.
00433700 |.
00433703 |.
00433705 |.
0043370A |>
0043370D |.
00433712 \.
00433713
00433714
00433715
00433716
00433717
00433718
00433719 /$
fo.00435312
0043371E |.
00433725 |.
00433727 |.
fo.00435312
0043372C |.
00433731 |.
00433733 \>
00433734 /$
00433736 |.
0043373C |.
0043373E |.
00433742 |.
00433744 |.
00433747 |.
0043374D |.
0043374F |.
00433755 |.
00433757 |.
0043375D |.
0043375F |>
00433763 |.
00433765 |.
fo.00435312
0043376A |.
0043376C |.
0043376D |.
00433773 |.
00433775 |.
00433776 |>
00433778 \.
00433779 /$
0043377B |.
00433780 |.
00433785 |.
00433788 |.
0043378A |.
0043378C |.
00433792 |.
00433794 |.
00433797 |.
00433799 |.

8B75 E0
8975 E4
EB 96
C745 FC FEFFF
E8 19000000
3B75 14
74 05
E8 2A1F0000
8973 08
E8 1F530000
C3
8B
5D
08
8B
75
E4
E8 F41B0000

MOV ESI,DWORD PTR SS:[EBP-20]


MOV DWORD PTR SS:[EBP-1C],ESI
JMP SHORT 0043368A
MOV DWORD PTR SS:[EBP-4],-2
CALL 00433719
CMP ESI,DWORD PTR SS:[EBP+14]
JE SHORT 0043370A
CALL 00435634
MOV DWORD PTR DS:[EBX+8],ESI
CALL 00438A31
RETN
DB 8B
DB 5D
DB 08
DB 8B
DB 75
DB E4
CALL 00435312

; CHAR ']'
; Backspace
; CHAR 'u'
; [SystemIn

83B8 90000000 CMP DWORD PTR DS:[EAX+90],0


7E 0C
JLE SHORT 00433733
E8 E61B0000 CALL 00435312

; [SystemIn

05 90000000
FF08
C3
8B00
8138 63736DE0
75 38
8378 10 03
75 32
8B48 14
81F9 20059319
74 10
81F9 21059319
74 08
81F9 22059319
75 17
8378 1C 00
75 11
E8 A81B0000

ADD EAX,90
DEC DWORD PTR DS:[EAX]
RETN
MOV EAX,DWORD PTR DS:[EAX]
CMP DWORD PTR DS:[EAX],E06D7363
JNE SHORT 00433776
CMP DWORD PTR DS:[EAX+10],3
JNE SHORT 00433776
MOV ECX,DWORD PTR DS:[EAX+14]
CMP ECX,19930520
JE SHORT 0043375F
CMP ECX,19930521
JE SHORT 0043375F
CMP ECX,19930522
JNE SHORT 00433776
CMP DWORD PTR DS:[EAX+1C],0
JNE SHORT 00433776
CALL 00435312

; [SystemIn

33C9
41
8988 0C020000
8BC1
C3
33C0
C3
6A 08
68 C0F14400
E8 67520000
8B4D 08
85C9
74 2A
8139 63736DE0
75 22
8B41 1C
85C0
74 1B

XOR ECX,ECX
INC ECX
MOV DWORD PTR DS:[EAX+20C],ECX
MOV EAX,ECX
RETN
XOR EAX,EAX
RETN
PUSH 8
PUSH OFFSET 0044F1C0
CALL 004389EC
MOV ECX,DWORD PTR SS:[EBP+8]
TEST ECX,ECX
JE SHORT 004337B6
CMP DWORD PTR DS:[ECX],E06D7363
JNE SHORT 004337B6
MOV EAX,DWORD PTR DS:[ECX+1C]
TEST EAX,EAX
JE SHORT 004337B6

0043379B |. 8B40 04
MOV EAX,DWORD PTR DS:[EAX+4]
0043379E |. 85C0
TEST EAX,EAX
004337A0 |. 74 14
JE SHORT 004337B6
004337A2 |. 8365 FC 00
AND DWORD PTR SS:[EBP-4],00000000
004337A6 |. 50
PUSH EAX
004337A7 |. FF71 18
PUSH DWORD PTR DS:[ECX+18]
004337AA |. E8 8EABFFFF CALL 0042E33D
004337AF |. C745 FC FEFFF MOV DWORD PTR SS:[EBP-4],-2
004337B6 |> E8 76520000 CALL 00438A31
004337BB \. C3
RETN
004337BC /. 33C0
XOR EAX,EAX
004337BE |. 3845 0C
CMP BYTE PTR SS:[EBP+0C],AL
004337C1 |. 0F95C0
SETNE AL
004337C4 \. C3
RETN
004337C5
8B
DB 8B
004337C6
65
DB 65
004337C7
E8
DB E8
004337C8
E8
DB E8
004337C9
1B
DB 1B
004337CA
1E
DB 1E
004337CB
00
DB 00
004337CC
00
DB 00
004337CD
CC
INT3
004337CE /$ 8BFF
MOV EDI,EDI
o.004337CE(guessed Arg1,Arg2)
004337D0 |. 55
PUSH EBP
004337D1 |. 8BEC
MOV EBP,ESP
004337D3 |. 8B4D 0C
MOV ECX,DWORD PTR SS:[ARG.2]
004337D6 |. 8B01
MOV EAX,DWORD PTR DS:[ECX]
004337D8 |. 56
PUSH ESI
004337D9 |. 8B75 08
MOV ESI,DWORD PTR SS:[ARG.1]
004337DC |. 03C6
ADD EAX,ESI
004337DE |. 8379 04 00
CMP DWORD PTR DS:[ECX+4],0
004337E2 |. 7C 10
JL SHORT 004337F4
004337E4 |. 8B51 04
MOV EDX,DWORD PTR DS:[ECX+4]
004337E7 |. 8B49 08
MOV ECX,DWORD PTR DS:[ECX+8]
004337EA |. 8B3432
MOV ESI,DWORD PTR DS:[ESI+EDX]
004337ED |. 8B0C0E
MOV ECX,DWORD PTR DS:[ECX+ESI]
004337F0 |. 03CA
ADD ECX,EDX
004337F2 |. 03C1
ADD EAX,ECX
004337F4 |> 5E
POP ESI
004337F5 |. 5D
POP EBP
004337F6 \. C3
RETN
004337F7 /> E8 161B0000 CALL 00435312
fo.00435312
004337FC |. 33C9
XOR ECX,ECX
004337FE |. 3988 90000000 CMP DWORD PTR DS:[EAX+90],ECX
00433804 |. 0F95C1
SETNE CL
00433807 |. 8AC1
MOV AL,CL
00433809 \. C3
RETN
0043380A /$ 8BFF
MOV EDI,EDI
o.0043380A(guessed Arg1)
0043380C |. 55
PUSH EBP
0043380D |. 8BEC
MOV EBP,ESP
0043380F |. 83EC 0C
SUB ESP,0C
00433812 |. 85FF
TEST EDI,EDI
00433814 |. 75 0A
JNE SHORT 00433820
00433816 |. E8 191E0000 CALL 00435634
0043381B |. E8 C81D0000 CALL 004355E8
fo.004355E8

; CHAR 'e'
; ESC

; SystemInf

; [SystemIn

; SystemInf

; [SystemIn

00433820 |>
00433824 |.
00433827 |.
0043382B |.
0043382D |.
0043382E |.
0043382F |>
00433832 |.
00433835 |.
00433838 |.
0043383A |.
0043383D |.
0043383F |.
00433841 |.
00433844 |.
00433847 |.
0043384A |>
0043384D |.
00433850 |.
00433852 |.
00433853 |.
00433856 |.
00433859 |.
0043385A |.
fo.004335AB
0043385F |.
00433862 |.
00433864 |.
00433866 |.
00433867 |.
0043386A |.
0043386C |.^
0043386E |.
00433870 |>
00433874 |>
00433877 |.
0043387A |.
0043387C |.^
0043387E |.
0043387F |.
00433880 |>
00433883 |.
00433884 \.
00433885 /$
00433887 |.
0043388C |.
00433891 |.
fo.00435312
00433896 |.
0043389D |.
0043389F |.
004338A4 |>
004338A8 |.
004338AD |.
004338B1 |.
fo.004355E8
004338B6 |.
fo.00435312
004338BB |.
004338BE |.

8365 F8 00
833F 00
C645 FF 00
7E 53
53
56
8B45 08
8B40 1C
8B40 0C
8B18
8D70 04
85DB
7E 33
8B45 F8
C1E0 04
8945 F4
8B4D 08
FF71 1C
8B06
50
8B47 04
0345 F4
50
E8 4CFDFFFF

AND DWORD PTR SS:[LOCAL.2],00000000


CMP DWORD PTR DS:[EDI],0
MOV BYTE PTR SS:[LOCAL.1+3],0
JLE SHORT 00433880
PUSH EBX
PUSH ESI
/MOV EAX,DWORD PTR SS:[ARG.1]
|MOV EAX,DWORD PTR DS:[EAX+1C]
|MOV EAX,DWORD PTR DS:[EAX+0C]
|MOV EBX,DWORD PTR DS:[EAX]
|LEA ESI,[EAX+4]
|TEST EBX,EBX
|JLE SHORT 00433874
|MOV EAX,DWORD PTR SS:[LOCAL.2]
|SHL EAX,4
|MOV DWORD PTR SS:[LOCAL.3],EAX
|/MOV ECX,DWORD PTR SS:[ARG.1]
||PUSH DWORD PTR DS:[ECX+1C]
||MOV EAX,DWORD PTR DS:[ESI]
||PUSH EAX
||MOV EAX,DWORD PTR DS:[EDI+4]
||ADD EAX,DWORD PTR SS:[LOCAL.3]
||PUSH EAX
||CALL 004335AB

;
;
;
;
;
;
;

83C4 0C
85C0
75 0A
4B
83C6 04
85DB
7F DC
EB 04
C645 FF 01
FF45 F8
8B45 F8
3B07
7C B1
5E
5B
8A45 FF
C9
C3
6A 04
B8 4F6E4400
E8 E00A0000
E8 7C1A0000

||ADD ESP,0C
||TEST EAX,EAX
||JNE SHORT 00433870
||DEC EBX
||ADD ESI,4
||TEST EBX,EBX
|\JG SHORT 0043384A
|JMP SHORT 00433874
|MOV BYTE PTR SS:[LOCAL.1+3],1
|INC DWORD PTR SS:[LOCAL.2]
|MOV EAX,DWORD PTR SS:[LOCAL.2]
|CMP EAX,DWORD PTR DS:[EDI]
\JL SHORT 0043382F
POP ESI
POP EBX
MOV AL,BYTE PTR SS:[LOCAL.1+3]
LEAVE
RETN
PUSH 4
MOV EAX,00446E4F
CALL 00434371
CALL 00435312

; [SystemIn

83B8 94000000
74 05
E8 901D0000
8365 FC 00
E8 741D0000
834D FC FF
E8 321D0000

CMP DWORD PTR DS:[EAX+94],0


JE SHORT 004338A4
CALL 00435634
AND DWORD PTR SS:[EBP-4],00000000
CALL 00435621
OR DWORD PTR SS:[EBP-4],FFFFFFFF
CALL 004355E8

; [SystemIn

E8 571A0000

CALL 00435312

; [SystemIn

8B4D 08
6A 00

MOV ECX,DWORD PTR SS:[EBP+8]


PUSH 0

; /Arg2 = 0

/Arg3
|
|Arg2
|
|
|Arg1
\SystemIn

004338C0 |.
004338C2 |.
004338C8 |.
fo.0042E925
004338CD |.
004338CE |$
004338D0 |.
004338D5 |.
004338DA |.
004338DC |.
004338DF |.
004338E2 |.
004338E5 |.
004338E9 |.
004338EC |.
004338EF |.
004338F2 |.
004338F5 |.
ARG.EBP-3C
004338F6 |.
fo.0042E5EC
004338FB |.
004338FC |.
004338FD |.
00433900 |.
fo.00435312
00433905 |.
0043390B |.
0043390E |.
fo.00435312
00433913 |.
00433919 |.
0043391C |.
fo.00435312
00433921 |.
00433927 |.
fo.00435312
0043392C |.
0043392F |.
00433935 |.
00433939 |.
0043393B |.
0043393C |.
0043393F |.
00433942 |.
00433945 |.
00433948 |.
00433949 |.
0043394C |.
0043394D |.
00433952 |.
00433955 |.
00433958 |.
0043395C \.
0043395E /.
00433961 |.
00433966 \.
00433967 /.
0043396A |.
fo.00435312

6A 00
PUSH 0
8988 94000000 MOV DWORD PTR DS:[EAX+94],ECX
E8 58B0FFFF CALL 0042E925

; |Arg1 = 0
; |
; \SystemIn

CC
6A 2C
68 38F24400
E8 12510000
8BD9
8B7D 0C
8B75 08
895D E4
8365 CC 00
8B47 FC
8945 DC
FF76 18
8D45 C4
50

INT3
PUSH 2C
PUSH OFFSET 0044F238
CALL 004389EC
MOV EBX,ECX
MOV EDI,DWORD PTR SS:[EBP+0C]
MOV ESI,DWORD PTR SS:[EBP+8]
MOV DWORD PTR SS:[EBP-1C],EBX
AND DWORD PTR SS:[EBP-34],00000000
MOV EAX,DWORD PTR DS:[EDI-4]
MOV DWORD PTR SS:[EBP-24],EAX
PUSH DWORD PTR DS:[ESI+18]
LEA EAX,[EBP-3C]
PUSH EAX

; /Arg2
; |
; |Arg1 =>

E8 F1ACFFFF

CALL 0042E5EC

; \SystemIn

59
59
8945 D8
E8 0D1A0000

POP ECX
POP ECX
MOV DWORD PTR SS:[EBP-28],EAX
CALL 00435312

; [SystemIn

8B80 88000000 MOV EAX,DWORD PTR DS:[EAX+88]


8945 D4
MOV DWORD PTR SS:[EBP-2C],EAX
E8 FF190000 CALL 00435312

; [SystemIn

8B80 8C000000 MOV EAX,DWORD PTR DS:[EAX+8C]


8945 D0
MOV DWORD PTR SS:[EBP-30],EAX
E8 F1190000 CALL 00435312

; [SystemIn

89B0 88000000 MOV DWORD PTR DS:[EAX+88],ESI


E8 E6190000 CALL 00435312

; [SystemIn

8B4D 10
8988 8C000000
8365 FC 00
33C0
40
8945 10
8945 FC
FF75 1C
FF75 18
53
FF75 14
57
E8 3FADFFFF
83C4 14
8945 E4
8365 FC 00
EB 6F
8B45 EC
E8 CEFDFFFF
C3
8B65 E8
E8 A3190000

; [SystemIn

MOV ECX,DWORD PTR SS:[EBP+10]


MOV DWORD PTR DS:[EAX+8C],ECX
AND DWORD PTR SS:[EBP-4],00000000
XOR EAX,EAX
INC EAX
MOV DWORD PTR SS:[EBP+10],EAX
MOV DWORD PTR SS:[EBP-4],EAX
PUSH DWORD PTR SS:[EBP+1C]
PUSH DWORD PTR SS:[EBP+18]
PUSH EBX
PUSH DWORD PTR SS:[EBP+14]
PUSH EDI
CALL 0042E691
ADD ESP,14
MOV DWORD PTR SS:[EBP-1C],EAX
AND DWORD PTR SS:[EBP-4],00000000
JMP SHORT 004339CD
MOV EAX,DWORD PTR SS:[EBP-14]
CALL 00433734
RETN
MOV ESP,DWORD PTR SS:[EBP-18]
CALL 00435312

0043396F |.
00433976 |.
00433979 |.
0043397C |.
00433983 |.
00433985 |.
00433989 |.
0043398B |>
0043398E |>
00433991 |.
00433995 |>
00433998 |.
0043399B |.
0043399D |.
004339A0 |.
004339A2 |.
004339A5 |.
004339A7 |.
004339A9 |.
004339AC |.
004339AE |.
004339B1 |.
004339B5 |>
004339B6 |.
004339B7 |.
004339B9 |.
004339BA |.
004339BF |.
004339C2 |.
004339C6 |.
004339CA |.
004339CD |>
004339D4 |.
004339DB |.
004339E0 |.
004339E3 |.
004339E8 |.
004339E9 |>
004339EC \.^
004339EE
004339EF
004339F0
004339F1
004339F2
004339F3
004339F4 /$
004339F7 |.
004339FA |.
[ARG.EBP-28]
004339FD |.
fo.0042E63F
00433A02 |.
00433A03 |.
fo.00435312
00433A08 |.
00433A0B |.
00433A11 |.
fo.00435312
00433A16 |.
00433A19 |.

83A0 0C020000
8B75 14
8B7D 0C
817E 04 80000
7F 06
0FBE4F 08
EB 03
8B4F 08
8B5E 10
8365 E0 00
8B45 E0
3B46 0C
73 18
6BC0 14
03C3
8B50 04
3BCA
7E 40
3B48 08
7F 3B
8B46 08
8B4CD0 08
51
56
6A 00
57
E8 94FCFFFF
83C4 10
8365 E4 00
8365 FC 00
8B75 08
C745 FC FEFFF
C745 10 00000
E8 14000000
8B45 E4
E8 49500000
C3
FF45 E0
EB A7
8B
7D
0C
8B
75
08
8B45 DC
8947 FC
FF75 D8

AND DWORD PTR DS:[EAX+20C],00000000


MOV ESI,DWORD PTR SS:[EBP+14]
MOV EDI,DWORD PTR SS:[EBP+0C]
CMP DWORD PTR DS:[ESI+4],80
JG SHORT 0043398B
MOVSX ECX,BYTE PTR DS:[EDI+8]
JMP SHORT 0043398E
MOV ECX,DWORD PTR DS:[EDI+8]
MOV EBX,DWORD PTR DS:[ESI+10]
AND DWORD PTR SS:[EBP-20],00000000
MOV EAX,DWORD PTR SS:[EBP-20]
CMP EAX,DWORD PTR DS:[ESI+0C]
JNB SHORT 004339B5
IMUL EAX,EAX,14
ADD EAX,EBX
MOV EDX,DWORD PTR DS:[EAX+4]
CMP ECX,EDX
JLE SHORT 004339E9
CMP ECX,DWORD PTR DS:[EAX+8]
JG SHORT 004339E9
MOV EAX,DWORD PTR DS:[ESI+8]
MOV ECX,DWORD PTR DS:[EDX*8+EAX+8]
PUSH ECX
PUSH ESI
PUSH 0
PUSH EDI
CALL 00433653
ADD ESP,10
AND DWORD PTR SS:[EBP-1C],00000000
AND DWORD PTR SS:[EBP-4],00000000
MOV ESI,DWORD PTR SS:[EBP+8]
MOV DWORD PTR SS:[EBP-4],-2
MOV DWORD PTR SS:[EBP+10],0
CALL 004339F4
MOV EAX,DWORD PTR SS:[EBP-1C]
CALL 00438A31
RETN
INC DWORD PTR SS:[EBP-20]
JMP SHORT 00433995
DB 8B
DB 7D
DB 0C
DB 8B
DB 75
DB 08
MOV EAX,DWORD PTR SS:[EBP-24]
MOV DWORD PTR DS:[EDI-4],EAX
PUSH DWORD PTR SS:[EBP-28]

E8 3DACFFFF

CALL 0042E63F

; \SystemIn

59
E8 0A190000

POP ECX
CALL 00435312

; [SystemIn

8B4D D4
MOV ECX,DWORD PTR SS:[EBP-2C]
8988 88000000 MOV DWORD PTR DS:[EAX+88],ECX
E8 FC180000 CALL 00435312
8B4D D0
MOV ECX,DWORD PTR SS:[EBP-30]
8988 8C000000 MOV DWORD PTR DS:[EAX+8C],ECX

; CHAR '}'
; Form Feed
; CHAR 'u'
; Backspace
; /Arg1 =>

; [SystemIn

00433A1F |.
00433A25 |.
00433A27 |.
00433A2B |.
00433A2D |.
00433A30 |.
00433A35 |.
00433A37 |.
00433A3C |.
00433A3E |.
00433A43 |.
00433A45 |>
00433A49 |.
00433A4B |.
00433A4F |.
00433A51 |.
00433A54 |.
fo.0042E618
00433A59 |.
00433A5A |.
00433A5C |.
00433A5E |.
00433A61 |.
00433A62 |.
00433A67 |.
00433A68 |.
00433A69 \>
00433A6A /$
00433A6C |.
00433A71 |.
00433A76 |.
00433A78 |.
00433A7B |.
00433A7E |.
00433A81 |.
00433A83 |.
00433A89 |.
00433A8C |.
00433A92 |.
00433A95 |.
00433A97 |.
00433A99 |.
00433A9F |.
00433AA5 |>
00433AA7 |.
00433AAA |.
00433AAC |.
00433AAE |.
00433AB2 |>
00433AB5 |.
00433AB7 |.
00433AB8 |.
00433AB9 |.
00433ABB |.
00433ABD |.
00433AC0 |.
00433AC3 |.
fo.0043D73F
00433AC8 |.
00433AC9 |.

813E 63736DE0
75 42
837E 10 03
75 3C
8B46 14
3D 20059319
74 0E
3D 21059319
74 07
3D 22059319
75 24
837D CC 00
75 1E
837D E4 00
74 18
FF76 18
E8 BFABFFFF

CMP DWORD PTR DS:[ESI],E06D7363


JNE SHORT 00433A69
CMP DWORD PTR DS:[ESI+10],3
JNE SHORT 00433A69
MOV EAX,DWORD PTR DS:[ESI+14]
CMP EAX,19930520
JE SHORT 00433A45
CMP EAX,19930521
JE SHORT 00433A45
CMP EAX,19930522
JNE SHORT 00433A69
CMP DWORD PTR SS:[EBP-34],0
JNE SHORT 00433A69
CMP DWORD PTR SS:[EBP-1C],0
JE SHORT 00433A69
PUSH DWORD PTR DS:[ESI+18]
CALL 0042E618

; /Arg1
; \SystemIn

59
85C0
74 0B
FF75 10
56
E8 12FDFFFF
59
59
C3
6A 0C
68 60F24400
E8 764F0000
33D2
8955 E4
8B45 10
8B48 04
3BCA
0F84 58010000
3851 08
0F84 4F010000
8B48 08
3BCA
75 0C
F700 00000080
0F84 3C010000
8B00
8B75 0C
85C0
78 04
8D7431 0C
8955 FC
33DB
43
53
A8 08
74 41
8B7D 08
FF77 18
E8 779C0000

POP ECX
TEST EAX,EAX
JE SHORT 00433A69
PUSH DWORD PTR SS:[EBP+10]
PUSH ESI
CALL 00433779
POP ECX
POP ECX
RETN
PUSH 0C
PUSH OFFSET 0044F260
CALL 004389EC
XOR EDX,EDX
MOV DWORD PTR SS:[EBP-1C],EDX
MOV EAX,DWORD PTR SS:[EBP+10]
MOV ECX,DWORD PTR DS:[EAX+4]
CMP ECX,EDX
JE 00433BE1
CMP BYTE PTR DS:[ECX+8],DL
JE 00433BE1
MOV ECX,DWORD PTR DS:[EAX+8]
CMP ECX,EDX
JNE SHORT 00433AA5
TEST DWORD PTR DS:[EAX],80000000
JE 00433BE1
MOV EAX,DWORD PTR DS:[EAX]
MOV ESI,DWORD PTR SS:[EBP+0C]
TEST EAX,EAX
JS SHORT 00433AB2
LEA ESI,[ESI+ECX+0C]
MOV DWORD PTR SS:[EBP-4],EDX
XOR EBX,EBX
INC EBX
PUSH EBX
TEST AL,08
JE SHORT 00433AFE
MOV EDI,DWORD PTR SS:[EBP+8]
PUSH DWORD PTR DS:[EDI+18]
CALL 0043D73F

; /Arg1
; \SystemIn

59
59

POP ECX
POP ECX

00433ACA |.
00433ACC |.
00433AD2 |.
00433AD3 |.
00433AD4 |.
fo.0043D73F
00433AD9 |.
00433ADA |.
00433ADB |.
00433ADD |.
00433AE3 |.
00433AE6 |.
00433AE8 |.
00433AEB |.
00433AEE |.
00433AEF |>
00433AF0 |.
fo.004337CE
00433AF5 |.
00433AF6 |.
00433AF7 |.
00433AF9 |.
00433AFE |>
00433B01 |.
00433B04 |.
00433B07 |.
00433B09 |.
00433B0B |.
Info.0043D73F
00433B10 |.
00433B11 |.
00433B12 |.
00433B14 |.
00433B1A |.
00433B1B |.
00433B1C |.
Info.0043D73F
00433B21 |.
00433B22 |.
00433B23 |.
00433B25 |.
00433B2B |.
00433B2E |.
00433B31 |.
00433B34 |.
00433B35 |.
Info.00437610
00433B3A |.
00433B3D |.
00433B41 |.
00433B47 |.
00433B49 |.
00433B4B |.
00433B4D |.
00433B50 |.
00433B51 |.^
00433B53 |>
00433B56 |.
00433B58 |.
nfo.0043D73F

85C0
0F84 F2000000
53
56
E8 669C0000

TEST EAX,EAX
JE 00433BC4
PUSH EBX
PUSH ESI
CALL 0043D73F

; /Arg1
; \SystemIn

59
59
85C0
0F84 E1000000
8B47 18
8906
8B4D 14
83C1 08
51
50
E8 D9FCFFFF

POP ECX
POP ECX
TEST EAX,EAX
JE 00433BC4
MOV EAX,DWORD PTR DS:[EDI+18]
MOV DWORD PTR DS:[ESI],EAX
MOV ECX,DWORD PTR SS:[EBP+14]
ADD ECX,8
PUSH ECX
PUSH EAX
CALL 004337CE

; |Arg1
; \SystemIn

59
59
8906
E9 CB000000
8B7D 14
8B45 08
FF70 18
841F
74 48
E8 2F9C0000

POP ECX
POP ECX
MOV DWORD PTR DS:[ESI],EAX
JMP 00433BC9
MOV EDI,DWORD PTR SS:[EBP+14]
MOV EAX,DWORD PTR SS:[EBP+8]
PUSH DWORD PTR DS:[EAX+18]
TEST BYTE PTR DS:[EDI],BL
JE SHORT 00433B53
CALL 0043D73F

;
;
;
;

///Arg1
|||
|||
||\System

59
59
85C0
0F84 AA000000
53
56
E8 1E9C0000

POP ECX
POP ECX
TEST EAX,EAX
JE 00433BC4
PUSH EBX
PUSH ESI
CALL 0043D73F

;
;
;
;
;
;
;

||
||
||
||
||
||/Arg1
||\System

59
59
85C0
0F84 99000000
FF77 14
8B45 08
FF70 18
56
E8 D63A0000

POP ECX
POP ECX
TEST EAX,EAX
JE 00433BC4
PUSH DWORD PTR DS:[EDI+14]
MOV EAX,DWORD PTR SS:[EBP+8]
PUSH DWORD PTR DS:[EAX+18]
PUSH ESI
CALL 00437610

;
;
;
;
;
;
;
;
;

||
||
||
||
||/Arg3
|||
|||Arg2
|||Arg1
||\System

83C4 0C
837F 14 04
0F85 82000000
8B06
85C0
74 7C
83C7 08
57
EB 9C
3957 18
75 38
E8 E29B0000

ADD ESP,0C
CMP DWORD PTR DS:[EDI+14],4
JNE 00433BC9
MOV EAX,DWORD PTR DS:[ESI]
TEST EAX,EAX
JE SHORT 00433BC9
ADD EDI,8
PUSH EDI
JMP SHORT 00433AEF
CMP DWORD PTR DS:[EDI+18],EDX
JNE SHORT 00433B90
CALL 0043D73F

;
;
;
;
;
;
;
;
;
;
;
;

||
||
||
||
||
||
||
||
||
||
||
|\SystemI

00433B5D |.
00433B5E |.
00433B5F |.
00433B61 |.
00433B63 |.
00433B64 |.
00433B65 |.
nfo.0043D73F
00433B6A |.
00433B6B |.
00433B6C |.
00433B6E |.
00433B70 |.
00433B73 |.
00433B76 |.
00433B77 |.
00433B7A |.
00433B7D |.
Info.004337CE
00433B82 |.
00433B83 |.
00433B84 |.
00433B85 |.
00433B86 |.
nfo.00437610
00433B8B |.
00433B8E |.
00433B90 |>
fo.0043D73F
00433B95 |.
00433B96 |.
00433B97 |.
00433B99 |.
00433B9B |.
00433B9C |.
00433B9D |.
fo.0043D73F
00433BA2 |.
00433BA3 |.
00433BA4 |.
00433BA6 |.
00433BA8 |.
00433BAB |.
fo.0043D73F
00433BB0 |.
00433BB1 |.
00433BB3 |.
00433BB5 |.
00433BB8 |.
00433BBA |.
00433BBB |.
00433BBE |.
00433BBF |.
00433BC2 |.
00433BC4 |>
00433BC9 |>
00433BD0 |.
00433BD3 \.
00433BD5 /.
00433BD7 |.

59
59
85C0
74 61
53
56
E8 D59B0000

POP ECX
POP ECX
TEST EAX,EAX
JE SHORT 00433BC4
PUSH EBX
PUSH ESI
CALL 0043D73F

;
;
;
;
;
;
;

|
|
|
|
|
|/Arg1
|\SystemI

59
59
85C0
74 54
FF77 14
83C7 08
57
8B45 08
FF70 18
E8 4CFCFFFF

POP ECX
POP ECX
TEST EAX,EAX
JE SHORT 00433BC4
PUSH DWORD PTR DS:[EDI+14]
ADD EDI,8
PUSH EDI
MOV EAX,DWORD PTR SS:[EBP+8]
PUSH DWORD PTR DS:[EAX+18]
CALL 004337CE

;
;
;
;
;
;
;
;
;
;

|
|
|
|
|/Arg3
||
||/Arg2
|||
|||Arg1
||\System

59
59
50
56
E8 853A0000

POP ECX
POP ECX
PUSH EAX
PUSH ESI
CALL 00437610

;
;
;
;
;

||
||
||Arg2
||Arg1
|\SystemI

83C4 0C
EB 39
E8 AA9B0000

ADD ESP,0C
JMP SHORT 00433BC9
CALL 0043D73F

; |
; |
; \SystemIn

59
59
85C0
74 29
53
56
E8 9D9B0000

POP ECX
POP ECX
TEST EAX,EAX
JE SHORT 00433BC4
PUSH EBX
PUSH ESI
CALL 0043D73F

; /Arg1
; \SystemIn

59
59
85C0
74 1C
FF77 18
E8 8F9B0000

POP ECX
POP ECX
TEST EAX,EAX
JE SHORT 00433BC4
PUSH DWORD PTR DS:[EDI+18]
CALL 0043D73F

; /Arg1
; \SystemIn

59
85C0
74 0F
F607 04
6A 00
58
0F95C0
40
8945 E4
EB 05
E8 6B1A0000
C745 FC FEFFF
8B45 E4
EB 0E
33C0
40

POP ECX
TEST EAX,EAX
JE SHORT 00433BC4
TEST BYTE PTR DS:[EDI],04
PUSH 0
POP EAX
SETNE AL
INC EAX
MOV DWORD PTR SS:[EBP-1C],EAX
JMP SHORT 00433BC9
CALL 00435634
MOV DWORD PTR SS:[EBP-4],-2
MOV EAX,DWORD PTR SS:[EBP-1C]
JMP SHORT 00433BE3
XOR EAX,EAX
INC EAX

00433BD8 \. C3
RETN
00433BD9 /. 8B65 E8
MOV ESP,DWORD PTR SS:[EBP-18]
00433BDC |. E8 071A0000 CALL 004355E8
fo.004355E8
00433BE1 |> 33C0
XOR EAX,EAX
00433BE3 |> E8 494E0000 CALL 00438A31
00433BE8 \. C3
RETN
00433BE9 /$ 6A 08
PUSH 8
00433BEB |. 68 80F24400 PUSH OFFSET 0044F280
00433BF0 |. E8 F74D0000 CALL 004389EC
00433BF5 |. 8B45 10
MOV EAX,DWORD PTR SS:[EBP+10]
00433BF8 |. F700 00000080 TEST DWORD PTR DS:[EAX],80000000
00433BFE |. 74 05
JE SHORT 00433C05
00433C00 |. 8B5D 0C
MOV EBX,DWORD PTR SS:[EBP+0C]
00433C03 |. EB 0A
JMP SHORT 00433C0F
00433C05 |> 8B48 08
MOV ECX,DWORD PTR DS:[EAX+8]
00433C08 |. 8B55 0C
MOV EDX,DWORD PTR SS:[EBP+0C]
00433C0B |. 8D5C11 0C
LEA EBX,[EDX+ECX+0C]
00433C0F |> 8365 FC 00
AND DWORD PTR SS:[EBP-4],00000000
00433C13 |. 8B75 14
MOV ESI,DWORD PTR SS:[EBP+14]
00433C16 |. 56
PUSH ESI
00433C17 |. 50
PUSH EAX
00433C18 |. FF75 0C
PUSH DWORD PTR SS:[EBP+0C]
00433C1B |. 8B7D 08
MOV EDI,DWORD PTR SS:[EBP+8]
00433C1E |. 57
PUSH EDI
00433C1F |. E8 46FEFFFF CALL 00433A6A
00433C24 |. 83C4 10
ADD ESP,10
00433C27 |. 48
DEC EAX
ases 1..2, 3 exits)
00433C28 |. 74 1F
JE SHORT 00433C49
00433C2A |. 48
DEC EAX
00433C2B |. 75 34
JNE SHORT 00433C61
00433C2D |. 6A 01
PUSH 1
switch SystemInfo.433C27
00433C2F |. 8D46 08
LEA EAX,[ESI+8]
00433C32 |. 50
PUSH EAX
00433C33 |. FF77 18
PUSH DWORD PTR DS:[EDI+18]
00433C36 |. E8 93FBFFFF CALL 004337CE
fo.004337CE
00433C3B |. 59
POP ECX
00433C3C |. 59
POP ECX
00433C3D |. 50
PUSH EAX
00433C3E |. FF76 18
PUSH DWORD PTR DS:[ESI+18]
00433C41 |. 53
PUSH EBX
00433C42 |. E8 F6A6FFFF CALL 0042E33D
00433C47 |. EB 18
JMP SHORT 00433C61
00433C49 |> 8D46 08
LEA EAX,[ESI+8]
switch SystemInfo.433C27
00433C4C |. 50
PUSH EAX
00433C4D |. FF77 18
PUSH DWORD PTR DS:[EDI+18]
00433C50 |. E8 79FBFFFF CALL 004337CE
fo.004337CE
00433C55 |. 59
POP ECX
00433C56 |. 59
POP ECX
00433C57 |. 50
PUSH EAX
00433C58 |. FF76 18
PUSH DWORD PTR DS:[ESI+18]
00433C5B |. 53
PUSH EBX
00433C5C |. E8 DCA6FFFF CALL 0042E33D
00433C61 |> C745 FC FEFFF MOV DWORD PTR SS:[EBP-4],-2
ase of switch SystemInfo.433C27

; [SystemIn

; Switch (c

; Case 2 of
; /Arg2
; |Arg1
; \SystemIn

; Case 1 of
; /Arg2
; |Arg1
; \SystemIn

; Default c

00433C68 |. E8 C44D0000 CALL 00438A31


00433C6D \. C3
RETN
00433C6E /. 33C0
XOR EAX,EAX
00433C70 |. 40
INC EAX
00433C71 \. C3
RETN
00433C72
8B
DB 8B
00433C73
65
DB 65
00433C74
E8
DB E8
00433C75
E8
DB E8
00433C76
6E
DB 6E
00433C77
19
DB 19
00433C78
00
DB 00
00433C79
00
DB 00
00433C7A
CC
INT3
00433C7B /$ 8BFF
MOV EDI,EDI
00433C7D |. 55
PUSH EBP
00433C7E |. 8BEC
MOV EBP,ESP
00433C80 |. 837D 18 00
CMP DWORD PTR SS:[ARG.5],0
00433C84 |. 74 10
JE SHORT 00433C96
00433C86 |. FF75 18
PUSH DWORD PTR SS:[ARG.5]
00433C89 |. 53
PUSH EBX
00433C8A |. 56
PUSH ESI
00433C8B |. FF75 08
PUSH DWORD PTR SS:[ARG.1]
00433C8E |. E8 56FFFFFF CALL 00433BE9
00433C93 |. 83C4 10
ADD ESP,10
00433C96 |> 837D 20 00
CMP DWORD PTR SS:[ARG.7],0
00433C9A |. FF75 08
PUSH DWORD PTR SS:[ARG.1]
[ARG.1]
00433C9D |. 75 03
JNE SHORT 00433CA2
00433C9F |. 56
PUSH ESI
00433CA0 |. EB 03
JMP SHORT 00433CA5
00433CA2 |> FF75 20
PUSH DWORD PTR SS:[ARG.7]
00433CA5 |> E8 9AA6FFFF CALL 0042E344
fo.0042E344
00433CAA |. FF37
PUSH DWORD PTR DS:[EDI]
00433CAC |. FF75 14
PUSH DWORD PTR SS:[ARG.4]
00433CAF |. FF75 10
PUSH DWORD PTR SS:[ARG.3]
00433CB2 |. 56
PUSH ESI
00433CB3 |. E8 9BF9FFFF CALL 00433653
00433CB8 |. 8B47 04
MOV EAX,DWORD PTR DS:[EDI+4]
00433CBB |. 68 00010000 PUSH 100
00433CC0 |. FF75 1C
PUSH DWORD PTR SS:[ARG.6]
00433CC3 |. 40
INC EAX
00433CC4 |. FF75 14
PUSH DWORD PTR SS:[ARG.4]
00433CC7 |. 8946 08
MOV DWORD PTR DS:[ESI+8],EAX
00433CCA |. FF75 0C
PUSH DWORD PTR SS:[ARG.2]
00433CCD |. 8B4B 0C
MOV ECX,DWORD PTR DS:[EBX+0C]
00433CD0 |. 56
PUSH ESI
00433CD1 |. FF75 08
PUSH DWORD PTR SS:[ARG.1]
00433CD4 |. E8 F5FBFFFF CALL 004338CE
00433CD9 |. 83C4 28
ADD ESP,28
00433CDC |. 85C0
TEST EAX,EAX
00433CDE |. 74 07
JE SHORT 00433CE7
00433CE0 |. 56
PUSH ESI
00433CE1 |. 50
PUSH EAX
00433CE2 |. E8 24A6FFFF CALL 0042E30B
00433CE7 |> 5D
POP EBP
00433CE8 \. C3
RETN
00433CE9 /$ 8BFF
MOV EDI,EDI
o.00433CE9(guessed Arg1,Arg2,Arg3,Arg4,Arg5,Arg6,Arg7,Arg8)

; CHAR 'e'
; CHAR 'n'

; /Arg2 =>
;
;
;
;
;

|
|
|
|
\SystemIn

; SystemInf

00433CEB |. 55
00433CEC |. 8BEC
00433CEE |. 51
00433CEF |. 51
00433CF0 |. 56
00433CF1 |. 8B75 08
00433CF4 |. 813E 03000080
00433CFA |. 0F84 DA000000
00433D00 |. 57
00433D01 |. E8 0C160000
fo.00435312
00433D06 |. 83B8 80000000
00433D0D |. 74 3F
00433D0F |. E8 FE150000
fo.00435312
00433D14 |. 8DB8 80000000
00433D1A |. E8 9E130000
fo.004350BD
00433D1F |. 3907
00433D21 |. 74 2B
00433D23 |. 813E 4D4F43E0
00433D29 |. 74 23
00433D2B |. FF75 24
[ARG.8]
00433D2E |. FF75 20
[ARG.7]
00433D31 |. FF75 18
[ARG.5]
00433D34 |. FF75 14
[ARG.4]
00433D37 |. FF75 10
[ARG.3]
00433D3A |. FF75 0C
[ARG.2]
00433D3D |. 56
00433D3E |. E8 BEA6FFFF
fo.0042E401
00433D43 |. 83C4 1C
00433D46 |. 85C0
00433D48 |. 0F85 8B000000
00433D4E |> 8B7D 18
00433D51 |. 837F 0C 00
00433D55 |. 75 05
00433D57 |. E8 D8180000
00433D5C |> 8B75 1C
00433D5F |. 8D45 F8
00433D62 |. 50
OFFSET LOCAL.2
00433D63 |. 8D45 FC
00433D66 |. 50
OFFSET LOCAL.1
00433D67 |. 56
[ARG.6]
00433D68 |. FF75 20
[ARG.7]
00433D6B |. 57
00433D6C |. E8 06A8FFFF
fo.0042E577
00433D71 |. 8BF8
00433D73 |. 8B45 FC

PUSH EBP
MOV EBP,ESP
PUSH ECX
PUSH ECX
PUSH ESI
MOV ESI,DWORD PTR SS:[ARG.1]
CMP DWORD PTR DS:[ESI],80000003
JE 00433DDA
PUSH EDI
CALL 00435312

; [SystemIn

CMP DWORD PTR DS:[EAX+80],0


JE SHORT 00433D4E
CALL 00435312

; [SystemIn

LEA EDI,[EAX+80]
CALL 004350BD

; [SystemIn

CMP DWORD PTR DS:[EDI],EAX


JE SHORT 00433D4E
CMP DWORD PTR DS:[ESI],E0434F4D
JE SHORT 00433D4E
PUSH DWORD PTR SS:[ARG.8]

; /Arg7 =>

PUSH DWORD PTR SS:[ARG.7]

; |Arg6 =>

PUSH DWORD PTR SS:[ARG.5]

; |Arg5 =>

PUSH DWORD PTR SS:[ARG.4]

; |Arg4 =>

PUSH DWORD PTR SS:[ARG.3]

; |Arg3 =>

PUSH DWORD PTR SS:[ARG.2]

; |Arg2 =>

PUSH ESI
CALL 0042E401

; |Arg1
; \SystemIn

ADD ESP,1C
TEST EAX,EAX
JNE 00433DD9
MOV EDI,DWORD PTR SS:[ARG.5]
CMP DWORD PTR DS:[EDI+0C],0
JNE SHORT 00433D5C
CALL 00435634
MOV ESI,DWORD PTR SS:[ARG.6]
LEA EAX,[LOCAL.2]
PUSH EAX

; /Arg5 =>

LEA EAX,[LOCAL.1]
PUSH EAX

; |
; |Arg4 =>

PUSH ESI

; |Arg3 =>

PUSH DWORD PTR SS:[ARG.7]

; |Arg2 =>

PUSH EDI
CALL 0042E577

; |Arg1
; \SystemIn

MOV EDI,EAX
MOV EAX,DWORD PTR SS:[LOCAL.1]

00433D76
00433D79
00433D7C
00433D7E
00433D7F
00433D81
00433D83
00433D86
00433D88
00433D8B
00433D8E
00433D91
00433D93
00433D96
00433D98
00433D9A
00433D9E
00433DA0
00433DA3
00433DA6
00433DA8
00433DAB
00433DAE
00433DB1
00433DB3
00433DB6
00433DB9
00433DBC
00433DBF
00433DC4
00433DC7
00433DCA
00433DCD
00433DD0
00433DD3
00433DD6
00433DD8
00433DD9
00433DDA
00433DDB
00433DDC
00433DDD
00433DDF
00433DE0
00433DE2
00433DE5
00433DE8
00433DE9
00433DEC
00433DEF
00433DF4
00433DF5
00433DF6
00433DFA
00433DFC
00433E00
00433E02
00433E05
00433E08
00433E0B

|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.^
|.
|>
|>
|.
\.
/$
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|>
|.
|.

83C4 14
3B45 F8
73 5B
53
3B37
7C 47
3B77 04
7F 42
8B47 0C
8B4F 10
C1E0 04
03C1
8B48 F4
85C9
74 06
8079 08 00
75 2A
8D58 F0
F603 40
75 22
FF75 24
8B75 0C
FF75 20
6A 00
FF75 18
FF75 14
FF75 10
FF75 08
E8 B7FEFFFF
8B75 1C
83C4 1C
FF45 FC
8B45 FC
83C7 14
3B45 F8
72 A7
5B
5F
5E
C9
C3
8BFF
55
8BEC
83EC 2C
8B4D 0C
53
8B5D 18
8B43 04
3D 80000000
56
57
C645 FF 00
7F 06
0FBE49 08
EB 03
8B49 08
83F9 FF
894D F8
7C 04

ADD ESP,14
CMP EAX,DWORD PTR SS:[LOCAL.2]
JNB SHORT 00433DD9
PUSH EBX
/CMP ESI,DWORD PTR DS:[EDI]
|JL SHORT 00433DCA
|CMP ESI,DWORD PTR DS:[EDI+4]
|JG SHORT 00433DCA
|MOV EAX,DWORD PTR DS:[EDI+0C]
|MOV ECX,DWORD PTR DS:[EDI+10]
|SHL EAX,4
|ADD EAX,ECX
|MOV ECX,DWORD PTR DS:[EAX-0C]
|TEST ECX,ECX
|JE SHORT 00433DA0
|CMP BYTE PTR DS:[ECX+8],0
|JNE SHORT 00433DCA
|LEA EBX,[EAX-10]
|TEST BYTE PTR DS:[EBX],40
|JNE SHORT 00433DCA
|PUSH DWORD PTR SS:[ARG.8]
|MOV ESI,DWORD PTR SS:[ARG.2]
|PUSH DWORD PTR SS:[ARG.7]
|PUSH 0
|PUSH DWORD PTR SS:[ARG.5]
|PUSH DWORD PTR SS:[ARG.4]
|PUSH DWORD PTR SS:[ARG.3]
|PUSH DWORD PTR SS:[ARG.1]
|CALL 00433C7B
|MOV ESI,DWORD PTR SS:[ARG.6]
|ADD ESP,1C
|INC DWORD PTR SS:[LOCAL.1]
|MOV EAX,DWORD PTR SS:[LOCAL.1]
|ADD EDI,14
|CMP EAX,DWORD PTR SS:[LOCAL.2]
\JB SHORT 00433D7F
POP EBX
POP EDI
POP ESI
LEAVE
RETN
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
SUB ESP,2C
MOV ECX,DWORD PTR SS:[ARG.2]
PUSH EBX
MOV EBX,DWORD PTR SS:[ARG.5]
MOV EAX,DWORD PTR DS:[EBX+4]
CMP EAX,80
PUSH ESI
PUSH EDI
MOV BYTE PTR SS:[LOCAL.1+3],0
JG SHORT 00433E02
MOVSX ECX,BYTE PTR DS:[ECX+8]
JMP SHORT 00433E05
MOV ECX,DWORD PTR DS:[ECX+8]
CMP ECX,-1
MOV DWORD PTR SS:[LOCAL.2],ECX
JL SHORT 00433E11

00433E0D |.
00433E0F |.
00433E11 |>
00433E16 |>
00433E19 |.
00433E1E |.
00433E20 |.
00433E26 |.
00433E2A |.
00433E2F |.
00433E35 |.
00433E38 |.
00433E3A |.
00433E3C |.
00433E41 |.
00433E43 |.
00433E48 |.
00433E4E |>
00433E52 |.
00433E58 |.
fo.00435312
00433E5D |.
00433E64 |.
00433E6A |.
fo.00435312
00433E6F |.
00433E75 |.
00433E78 |.
fo.00435312
00433E7D |.
00433E83 |.
00433E85 |.
00433E86 |.
00433E89 |.
fo.0043D73F
00433E8E |.
00433E8F |.
00433E90 |.
00433E92 |.
00433E94 |.
00433E99 |>
00433E9B |.
00433E9D |.
00433EA1 |.
00433EA3 |.
00433EA6 |.
00433EA8 |.
00433EAA |.
00433EAF |.
00433EB1 |.
00433EB6 |.
00433EB8 |>
00433EBC |.
00433EBE |.
00433EC3 |>
fo.00435312
00433EC8 |.
00433ECF |.
00433ED1 |.
fo.00435312

3BC8
7C 05
E8 1E180000
8B75 08
BF 63736DE0
393E
0F85 BA020000
837E 10 03
BB 20059319
0F85 18010000
8B46 14
3BC3
74 12
3D 21059319
74 0B
3D 22059319
0F85 FF000000
837E 1C 00
0F85 F5000000
E8 B5140000

CMP ECX,EAX
JL SHORT 00433E16
CALL 00435634
MOV ESI,DWORD PTR SS:[ARG.1]
MOV EDI,E06D7363
CMP DWORD PTR DS:[ESI],EDI
JNE 004340E0
CMP DWORD PTR DS:[ESI+10],3
MOV EBX,19930520
JNE 00433F4D
MOV EAX,DWORD PTR DS:[ESI+14]
CMP EAX,EBX
JE SHORT 00433E4E
CMP EAX,19930521
JE SHORT 00433E4E
CMP EAX,19930522
JNE 00433F4D
CMP DWORD PTR DS:[ESI+1C],0
JNE 00433F4D
CALL 00435312

; [SystemIn

83B8 88000000 CMP DWORD PTR DS:[EAX+88],0


0F84 B5020000 JE 0043411F
E8 A3140000 CALL 00435312

; [SystemIn

8BB0 88000000 MOV ESI,DWORD PTR DS:[EAX+88]


8975 08
MOV DWORD PTR SS:[ARG.1],ESI
E8 95140000 CALL 00435312

; [SystemIn

8B80 8C000000
6A 01
56
8945 10
E8 B1980000

MOV EAX,DWORD PTR DS:[EAX+8C]


PUSH 1
PUSH ESI
MOV DWORD PTR SS:[ARG.3],EAX
CALL 0043D73F

; /Arg1
; |
; \SystemIn

59
59
85C0
75 05
E8 9B170000
393E
75 26
837E 10 03
75 20
8B46 14
3BC3
74 0E
3D 21059319
74 07
3D 22059319
75 0B
837E 1C 00
75 05
E8 71170000
E8 4A140000

POP ECX
POP ECX
TEST EAX,EAX
JNE SHORT 00433E99
CALL 00435634
CMP DWORD PTR DS:[ESI],EDI
JNE SHORT 00433EC3
CMP DWORD PTR DS:[ESI+10],3
JNE SHORT 00433EC3
MOV EAX,DWORD PTR DS:[ESI+14]
CMP EAX,EBX
JE SHORT 00433EB8
CMP EAX,19930521
JE SHORT 00433EB8
CMP EAX,19930522
JNE SHORT 00433EC3
CMP DWORD PTR DS:[ESI+1C],0
JNE SHORT 00433EC3
CALL 00435634
CALL 00435312

; [SystemIn

83B8 94000000 CMP DWORD PTR DS:[EAX+94],0


74 7C
JE SHORT 00433F4D
E8 3C140000 CALL 00435312

; [SystemIn

00433ED6 |. 8BB8 94000000


00433EDC |. E8 31140000
fo.00435312
00433EE1 |. FF75 08
[ARG.1]
00433EE4 |. 33F6
00433EE6 |. 89B0 94000000
00433EEC |. E8 19F9FFFF
fo.0043380A
00433EF1 |. 59
00433EF2 |. 84C0
00433EF4 |. 75 4F
00433EF6 |. 33DB
00433EF8 |. 391F
00433EFA |. 7E 1D
00433EFC |> 8B47 04
00433EFF |. 8B4C03 04
00433F03 |. 68 28164500
ystemInfo.451628
00433F08 |. E8 38ADFFFF
fo.0042EC45
00433F0D |. 84C0
00433F0F |. 75 0D
00433F11 |. 46
00433F12 |. 83C3 10
00433F15 |. 3B37
00433F17 |.^ 7C E3
00433F19 |> E8 CA160000
fo.004355E8
00433F1E |> 6A 01
00433F20 |. FF75 08
00433F23 |. E8 51F8FFFF
00433F28 |. 59
00433F29 |. 59
00433F2A |. 68 249F4400
SCII "bad exception"
00433F2F |. 8D4D D4
00433F32 |. E8 24F6FFFF
fo.0043355B
00433F37 |. 68 9CF24400
ystemInfo.44F29C
00433F3C |. 8D45 D4
00433F3F |. 50
OFFSET LOCAL.11
00433F40 |. E8 E0A9FFFF
fo.0042E925
00433F45 |> 8B75 08
00433F48 |. BF 63736DE0
00433F4D |> 393E
00433F4F |. 0F85 88010000
00433F55 |. 837E 10 03
00433F59 |. 0F85 7E010000
00433F5F |. 8B46 14
00433F62 |. 3BC3
00433F64 |. 74 12
00433F66 |. 3D 21059319
00433F6B |. 74 0B
00433F6D |. 3D 22059319
00433F72 |. 0F85 65010000
00433F78 |> 8B7D 18

MOV EDI,DWORD PTR DS:[EAX+94]


CALL 00435312

; [SystemIn

PUSH DWORD PTR SS:[ARG.1]

; /Arg1 =>

XOR ESI,ESI
MOV DWORD PTR DS:[EAX+94],ESI
CALL 0043380A

; |
; |
; \SystemIn

POP ECX
TEST AL,AL
JNE SHORT 00433F45
XOR EBX,EBX
CMP DWORD PTR DS:[EDI],EBX
JLE SHORT 00433F19
/MOV EAX,DWORD PTR DS:[EDI+4]
|MOV ECX,DWORD PTR DS:[EAX+EBX+4]
|PUSH OFFSET 00451628

; /Arg1 = S

|CALL 0042EC45

; \SystemIn

|TEST AL,AL
|JNE SHORT 00433F1E
|INC ESI
|ADD EBX,10
|CMP ESI,DWORD PTR DS:[EDI]
\JL SHORT 00433EFC
CALL 004355E8

; [SystemIn

PUSH 1
PUSH DWORD PTR SS:[ARG.1]
CALL 00433779
POP ECX
POP ECX
PUSH OFFSET 00449F24

; /Arg1 = A

LEA ECX,[LOCAL.11]
CALL 0043355B

; |
; \SystemIn

PUSH OFFSET 0044F29C

; /Arg2 = S

LEA EAX,[LOCAL.11]
PUSH EAX

; |
; |Arg1 =>

CALL 0042E925

; \SystemIn

MOV ESI,DWORD PTR SS:[ARG.1]


MOV EDI,E06D7363
CMP DWORD PTR DS:[ESI],EDI
JNE 004340DD
CMP DWORD PTR DS:[ESI+10],3
JNE 004340DD
MOV EAX,DWORD PTR DS:[ESI+14]
CMP EAX,EBX
JE SHORT 00433F78
CMP EAX,19930521
JE SHORT 00433F78
CMP EAX,19930522
JNE 004340DD
MOV EDI,DWORD PTR SS:[ARG.5]

00433F7B |. 837F 0C 00
00433F7F |. 0F86 BF000000
00433F85 |. 8D45 E4
00433F88 |. 50
OFFSET LOCAL.7
00433F89 |. 8D45 F0
00433F8C |. 50
OFFSET LOCAL.4
00433F8D |. FF75 F8
[LOCAL.2]
00433F90 |. FF75 20
[ARG.7]
00433F93 |. 57
[ARG.5]
00433F94 |. E8 DEA5FFFF
fo.0042E577
00433F99 |. 83C4 14
00433F9C |. 8BF8
00433F9E |> 8B45 F0
00433FA1 |. 3B45 E4
00433FA4 |. 0F83 97000000
00433FAA |. 8B45 F8
00433FAD |. 3907
00433FAF |. 0F8F 81000000
00433FB5 |. 3B47 04
00433FB8 |. 7F 7C
00433FBA |. 8B47 10
00433FBD |. 8945 F4
00433FC0 |. 8B47 0C
00433FC3 |. 8945 E8
00433FC6 |. 85C0
00433FC8 |. 7E 6C
00433FCA |> 8B46 1C
00433FCD |. 8B40 0C
00433FD0 |. 8D58 04
00433FD3 |. 8B00
00433FD5 |. 8945 EC
00433FD8 |. 85C0
00433FDA |. 7E 23
00433FDC |> FF76 1C
00433FDF |. 8B03
00433FE1 |. 50
00433FE2 |. FF75 F4
[LOCAL.3]
00433FE5 |. 8945 E0
00433FE8 |. E8 BEF5FFFF
fo.004335AB
00433FED |. 83C4 0C
00433FF0 |. 85C0
00433FF2 |. 75 1A
00433FF4 |. FF4D EC
00433FF7 |. 83C3 04
00433FFA |. 3945 EC
00433FFD |.^ 7F DD
00433FFF |> FF4D E8
00434002 |. 8345 F4 10
00434006 |. 837D E8 00
0043400A |.^ 7F BE
0043400C |. EB 28
0043400E |> FF75 24

CMP DWORD PTR DS:[EDI+0C],0


JBE 00434044
LEA EAX,[LOCAL.7]
PUSH EAX

; /Arg5 =>

LEA EAX,[LOCAL.4]
PUSH EAX

; |
; |Arg4 =>

PUSH DWORD PTR SS:[LOCAL.2]

; |Arg3 =>

PUSH DWORD PTR SS:[ARG.7]

; |Arg2 =>

PUSH EDI

; |Arg1 =>

CALL 0042E577

; \SystemIn

ADD ESP,14
MOV EDI,EAX
/MOV EAX,DWORD PTR SS:[LOCAL.4]
|CMP EAX,DWORD PTR SS:[LOCAL.7]
|JNB 00434041
|MOV EAX,DWORD PTR SS:[LOCAL.2]
|CMP DWORD PTR DS:[EDI],EAX
|JG 00434036
|CMP EAX,DWORD PTR DS:[EDI+4]
|JG SHORT 00434036
|MOV EAX,DWORD PTR DS:[EDI+10]
|MOV DWORD PTR SS:[LOCAL.3],EAX
|MOV EAX,DWORD PTR DS:[EDI+0C]
|MOV DWORD PTR SS:[LOCAL.6],EAX
|TEST EAX,EAX
|JLE SHORT 00434036
|/MOV EAX,DWORD PTR DS:[ESI+1C]
||MOV EAX,DWORD PTR DS:[EAX+0C]
||LEA EBX,[EAX+4]
||MOV EAX,DWORD PTR DS:[EAX]
||MOV DWORD PTR SS:[LOCAL.5],EAX
||TEST EAX,EAX
||JLE SHORT 00433FFF
||/PUSH DWORD PTR DS:[ESI+1C]
|||MOV EAX,DWORD PTR DS:[EBX]
|||PUSH EAX
|||PUSH DWORD PTR SS:[LOCAL.3]

;
;
;
;

|||MOV DWORD PTR SS:[LOCAL.8],EAX


|||CALL 004335AB

; |
; \SystemIn

|||ADD ESP,0C
|||TEST EAX,EAX
|||JNE SHORT 0043400E
|||DEC DWORD PTR SS:[LOCAL.5]
|||ADD EBX,4
|||CMP DWORD PTR SS:[LOCAL.5],EAX
||\JG SHORT 00433FDC
||DEC DWORD PTR SS:[LOCAL.6]
||ADD DWORD PTR SS:[LOCAL.3],10
||CMP DWORD PTR SS:[LOCAL.6],0
|\JG SHORT 00433FCA
|JMP SHORT 00434036
|PUSH DWORD PTR SS:[ARG.8]

/Arg3
|
|Arg2
|Arg1 =>

00434011 |.
00434014 |.
00434017 |.
0043401B |.
0043401E |.
00434021 |.
00434024 |.
00434027 |.
00434028 |.
0043402B |.
00434030 |.
00434033 |.
00434036 |>
00434039 |.
0043403C |.^
00434041 |>
00434044 |>
00434048 |.
0043404A |.
0043404C |.
0043404D |.
00434052 |.
00434053 |.
00434054 |>
00434058 |.
0043405E |.
00434060 |.
00434065 |.
0043406A |.
00434070 |.
00434073 |.
00434075 |.
0043407B |.
0043407C |.
fo.0043380A
00434081 |.
00434082 |.
00434084 |.
0043408A |.
fo.00435312
0043408F |.
fo.00435312
00434094 |.
fo.00435312
00434099 |.
0043409F |.
fo.00435312
004340A4 |.
004340A8 |.
004340AB |.
004340B1 |.
004340B2 |.
004340B4 |.
004340B7 |.
004340B9 |>
004340BC |>
fo.0042E344
004340C1 |.
004340C4 |.
004340C6 |.

8B5D F4
FF75 20
C645 FF 01
FF75 E0
FF75 18
FF75 14
FF75 10
56
8B75 0C
E8 4BFCFFFF
8B75 08
83C4 1C
FF45 F0
83C7 14
E9 5DFFFFFF
8B7D 18
807D 1C 00
74 0A
6A 01
56
E8 27F7FFFF
59
59
807D FF 00
0F85 AE000000
8B07
25 FFFFFF1F
3D 21059319
0F82 9C000000
8B7F 1C
85FF
0F84 91000000
56
E8 89F7FFFF

|MOV EBX,DWORD PTR SS:[LOCAL.3]


|PUSH DWORD PTR SS:[ARG.7]
|MOV BYTE PTR SS:[LOCAL.1+3],1
|PUSH DWORD PTR SS:[LOCAL.8]
|PUSH DWORD PTR SS:[ARG.5]
|PUSH DWORD PTR SS:[ARG.4]
|PUSH DWORD PTR SS:[ARG.3]
|PUSH ESI
|MOV ESI,DWORD PTR SS:[ARG.2]
|CALL 00433C7B
|MOV ESI,DWORD PTR SS:[ARG.1]
|ADD ESP,1C
|INC DWORD PTR SS:[LOCAL.4]
|ADD EDI,14
\JMP 00433F9E
MOV EDI,DWORD PTR SS:[ARG.5]
CMP BYTE PTR SS:[ARG.6],0
JE SHORT 00434054
PUSH 1
PUSH ESI
CALL 00433779
POP ECX
POP ECX
CMP BYTE PTR SS:[LOCAL.1+3],0
JNE 0043410C
MOV EAX,DWORD PTR DS:[EDI]
AND EAX,1FFFFFFF
CMP EAX,19930521
JB 0043410C
MOV EDI,DWORD PTR DS:[EDI+1C]
TEST EDI,EDI
JE 0043410C
PUSH ESI
CALL 0043380A

; /Arg1
; \SystemIn

59
84C0
0F85 82000000
E8 83120000

POP ECX
TEST AL,AL
JNE 0043410C
CALL 00435312

; [SystemIn

E8 7E120000

CALL 00435312

; [SystemIn

E8 79120000

CALL 00435312

; [SystemIn

89B0 88000000 MOV DWORD PTR DS:[EAX+88],ESI


E8 6E120000 CALL 00435312

; [SystemIn

837D 24 00
8B4D 10
8988 8C000000
56
75 05
FF75 0C
EB 03
FF75 24
E8 83A2FFFF

CMP DWORD PTR SS:[ARG.8],0


MOV ECX,DWORD PTR SS:[ARG.3]
MOV DWORD PTR DS:[EAX+8C],ECX
PUSH ESI
JNE SHORT 004340B9
PUSH DWORD PTR SS:[ARG.2]
JMP SHORT 004340BC
PUSH DWORD PTR SS:[ARG.8]
CALL 0042E344

; \SystemIn

8B75 18
6A FF
56

MOV ESI,DWORD PTR SS:[ARG.5]


PUSH -1
PUSH ESI

004340C7 |. FF75 14
PUSH DWORD PTR SS:[ARG.4]
004340CA |. FF75 0C
PUSH DWORD PTR SS:[ARG.2]
004340CD |. E8 81F5FFFF CALL 00433653
004340D2 |. 83C4 10
ADD ESP,10
004340D5 |. FF76 1C
PUSH DWORD PTR DS:[ESI+1C]
004340D8 |. E8 A8F7FFFF CALL 00433885
004340DD |> 8B5D 18
MOV EBX,DWORD PTR SS:[ARG.5]
004340E0 |> 837B 0C 00
CMP DWORD PTR DS:[EBX+0C],0
004340E4 |. 76 26
JBE SHORT 0043410C
004340E6 |. 807D 1C 00
CMP BYTE PTR SS:[ARG.6],0
004340EA |.^ 0F85 29FEFFFF JNE 00433F19
004340F0 |. FF75 24
PUSH DWORD PTR SS:[ARG.8]
[ARG.8]
004340F3 |. FF75 20
PUSH DWORD PTR SS:[ARG.7]
[ARG.7]
004340F6 |. FF75 F8
PUSH DWORD PTR SS:[LOCAL.2]
[LOCAL.2]
004340F9 |. 53
PUSH EBX
004340FA |. FF75 14
PUSH DWORD PTR SS:[ARG.4]
[ARG.4]
004340FD |. FF75 10
PUSH DWORD PTR SS:[ARG.3]
[ARG.3]
00434100 |. FF75 0C
PUSH DWORD PTR SS:[ARG.2]
[ARG.2]
00434103 |. 56
PUSH ESI
00434104 |. E8 E0FBFFFF CALL 00433CE9
fo.00433CE9
00434109 |. 83C4 20
ADD ESP,20
0043410C |> E8 01120000 CALL 00435312
fo.00435312
00434111 |. 83B8 94000000 CMP DWORD PTR DS:[EAX+94],0
00434118 |. 74 05
JE SHORT 0043411F
0043411A |. E8 15150000 CALL 00435634
0043411F |> 5F
POP EDI
00434120 |. 5E
POP ESI
00434121 |. 5B
POP EBX
00434122 |. C9
LEAVE
00434123 \. C3
RETN
00434124
8BFF
MOV EDI,EDI
00434126 /. 55
PUSH EBP
00434127 |. 8BEC
MOV EBP,ESP
00434129 |. 56
PUSH ESI
0043412A |. FF75 08
PUSH DWORD PTR SS:[ARG.1]
[ARG.1]
0043412D |. 8BF1
MOV ESI,ECX
0043412F |. E8 D2A9FFFF CALL 0042EB06
fo.0042EB06
00434134 |. C706 1C9F4400 MOV DWORD PTR DS:[ESI],OFFSET 00449F1C
0043413A |. 8BC6
MOV EAX,ESI
0043413C |. 5E
POP ESI
0043413D |. 5D
POP EBP
0043413E \. C2 0400
RETN 4
00434141 /$ 8BFF
MOV EDI,EDI
o.00434141(guessed Arg1,Arg2,Arg3,Arg4,Arg5,Arg6,Arg7,Arg8)
00434143 |. 55
PUSH EBP
00434144 |. 8BEC
MOV EBP,ESP
00434146 |. 53
PUSH EBX
00434147 |. 56
PUSH ESI
00434148 |. 57
PUSH EDI
00434149 |. E8 C4110000 CALL 00435312

; /Arg8 =>
; |Arg7 =>
; |Arg6 =>
; |Arg5
; |Arg4 =>
; |Arg3 =>
; |Arg2 =>
; |Arg1
; \SystemIn
; [SystemIn

; /Arg1 =>
; |
; \SystemIn

; SystemInf

; [SystemIn

fo.00435312
0043414E |.
00434155 |.
00434158 |.
0043415B |.
00434160 |.
00434165 |.
0043416A |.
0043416C |.
0043416E |.
00434170 |.
00434172 |.
00434178 |.
0043417A |.
0043417C |.
0043417E |.
00434180 |.
00434182 |.
00434186 |.
0043418C |>
00434190 |.
00434192 |.
00434196 |.
0043419C |.
004341A0 |.
004341A2 |.
004341A4 |.
004341A5 |.
004341A8 |.
004341AB |.
004341B0 |.
004341B3 |.
004341B5 |>
004341B9 |.
004341BB |.
004341BD |.
004341BF |.
004341C5 |.
004341C7 |.
004341CB |.
004341CD |>
004341CF |.
004341D1 |.
004341D5 |.
004341D7 |.
004341DA |.
004341DC |.
004341DF |.
004341E2 |.
004341E4 |.
004341E6 |.
004341EA |.
004341EB |.
004341EE |.
004341F1 |.
004341F2 |.
004341F5 |.
004341F8 |.
004341FB |.
004341FC |.

83B8 0C020000
8B45 18
8B4D 08
BF 63736DE0
BE FFFFFF1F
BB 22059319
75 20
8B11
3BD7
74 1A
81FA 26000080
74 12
8B10
23D6
3BD3
72 0A
F640 20 01
0F85 93000000
F641 04 66
74 23
8378 04 00
0F84 83000000
837D 1C 00
75 7D
6A FF
50
FF75 14
FF75 0C
E8 A3F4FFFF
83C4 10
EB 6A
8378 0C 00
75 12
8B10
23D6
81FA 21059319
72 58
8378 1C 00
74 52
3939
75 32
8379 10 03
72 2C
3959 14
76 27
8B51 1C
8B52 08
85D2
74 1D
0FB675 24
56
FF75 20
FF75 1C
50
FF75 14
FF75 10
FF75 0C
51
FFD2

CMP DWORD PTR DS:[EAX+20C],0


MOV EAX,DWORD PTR SS:[ARG.5]
MOV ECX,DWORD PTR SS:[ARG.1]
MOV EDI,E06D7363
MOV ESI,1FFFFFFF
MOV EBX,19930522
JNE SHORT 0043418C
MOV EDX,DWORD PTR DS:[ECX]
CMP EDX,EDI
JE SHORT 0043418C
CMP EDX,80000026
JE SHORT 0043418C
MOV EDX,DWORD PTR DS:[EAX]
AND EDX,ESI
CMP EDX,EBX
JB SHORT 0043418C
TEST BYTE PTR DS:[EAX+20],01
JNE 0043421F
TEST BYTE PTR DS:[ECX+4],66
JE SHORT 004341B5
CMP DWORD PTR DS:[EAX+4],0
JE 0043421F
CMP DWORD PTR SS:[ARG.6],0
JNE SHORT 0043421F
PUSH -1
PUSH EAX
PUSH DWORD PTR SS:[ARG.4]
PUSH DWORD PTR SS:[ARG.2]
CALL 00433653
ADD ESP,10
JMP SHORT 0043421F
CMP DWORD PTR DS:[EAX+0C],0
JNE SHORT 004341CD
MOV EDX,DWORD PTR DS:[EAX]
AND EDX,ESI
CMP EDX,19930521
JB SHORT 0043421F
CMP DWORD PTR DS:[EAX+1C],0
JE SHORT 0043421F
CMP DWORD PTR DS:[ECX],EDI
JNE SHORT 00434203
CMP DWORD PTR DS:[ECX+10],3
JB SHORT 00434203
CMP DWORD PTR DS:[ECX+14],EBX
JBE SHORT 00434203
MOV EDX,DWORD PTR DS:[ECX+1C]
MOV EDX,DWORD PTR DS:[EDX+8]
TEST EDX,EDX
JE SHORT 00434203
MOVZX ESI,BYTE PTR SS:[ARG.8]
PUSH ESI
PUSH DWORD PTR SS:[ARG.7]
PUSH DWORD PTR SS:[ARG.6]
PUSH EAX
PUSH DWORD PTR SS:[ARG.4]
PUSH DWORD PTR SS:[ARG.3]
PUSH DWORD PTR SS:[ARG.2]
PUSH ECX
CALL EDX

004341FE |. 83C4 20
00434201 |. EB 1F
00434203 |> FF75 20
00434206 |. FF75 1C
00434209 |. FF75 24
0043420C |. 50
0043420D |. FF75 14
00434210 |. FF75 10
00434213 |. FF75 0C
00434216 |. 51
00434217 |. E8 C1FBFFFF
0043421C |. 83C4 20
0043421F |> 33C0
00434221 |. 40
00434222 |> 5F
00434223 |. 5E
00434224 |. 5B
00434225 |. 5D
00434226 \. C3
00434227 /$ 8BFF
00434229 |. 55
0043422A |. 8BEC
0043422C |. 81EC 28030000
00434232 |. A1 A0154500
00434237 |. 33C5
00434239 |. 8945 FC
0043423C |. F605 48164500
00434243 |. 56
00434244 |. 74 08
00434246 |. 6A 0A
A
00434248 |. E8 038C0000
fo.0043CE50
0043424D |. 59
0043424E |> E8 53950000
00434253 |. 85C0
00434255 |. 74 08
00434257 |. 6A 16
00434259 |. E8 55950000
0043425E |. 59
0043425F |> F605 48164500
00434266 |. 0F84 CA000000
0043426C |. 8985 E0FDFFFF
00434272 |. 898D DCFDFFFF
00434278 |. 8995 D8FDFFFF
0043427E |. 899D D4FDFFFF
00434284 |. 89B5 D0FDFFFF
0043428A |. 89BD CCFDFFFF
00434290 |. 66:8C95 F8FDF
us operand size prefix
00434297 |. 66:8C8D ECFDF
us operand size prefix
0043429E |. 66:8C9D C8FDF
us operand size prefix
004342A5 |. 66:8C85 C4FDF
us operand size prefix
004342AC |. 66:8CA5 C0FDF
us operand size prefix
004342B3 |. 66:8CAD BCFDF
us operand size prefix

ADD ESP,20
JMP SHORT 00434222
PUSH DWORD PTR SS:[ARG.7]
PUSH DWORD PTR SS:[ARG.6]
PUSH DWORD PTR SS:[ARG.8]
PUSH EAX
PUSH DWORD PTR SS:[ARG.4]
PUSH DWORD PTR SS:[ARG.3]
PUSH DWORD PTR SS:[ARG.2]
PUSH ECX
CALL 00433DDD
ADD ESP,20
XOR EAX,EAX
INC EAX
POP EDI
POP ESI
POP EBX
POP EBP
RETN
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
SUB ESP,328
MOV EAX,DWORD PTR DS:[4515A0]
XOR EAX,EBP
MOV DWORD PTR SS:[LOCAL.1],EAX
TEST BYTE PTR DS:[451648],01
PUSH ESI
JE SHORT 0043424E
PUSH 0A

; /Arg1 = 0

CALL 0043CE50

; \SystemIn

POP ECX
CALL 0043D7A6
TEST EAX,EAX
JE SHORT 0043425F
PUSH 16
CALL 0043D7B3
POP ECX
TEST BYTE PTR DS:[451648],02
JE 00434336
MOV DWORD PTR SS:[LOCAL.136],EAX
MOV DWORD PTR SS:[LOCAL.137],ECX
MOV DWORD PTR SS:[LOCAL.138],EDX
MOV DWORD PTR SS:[LOCAL.139],EBX
MOV DWORD PTR SS:[LOCAL.140],ESI
MOV DWORD PTR SS:[LOCAL.141],EDI
MOV WORD PTR SS:[LOCAL.130],SS

; Superfluo

MOV WORD PTR SS:[LOCAL.133],CS

; Superfluo

MOV WORD PTR SS:[LOCAL.142],DS

; Superfluo

MOV WORD PTR SS:[LOCAL.143],ES

; Superfluo

MOV WORD PTR SS:[LOCAL.144],FS

; Superfluo

MOV WORD PTR SS:[LOCAL.145],GS

; Superfluo

004342BA |. 9C
PUSHFD
004342BB |. 8F85 F0FDFFFF POP DWORD PTR SS:[LOCAL.132]
004342C1 |. 8B75 04
MOV ESI,DWORD PTR SS:[ARG.RETADDR]
004342C4 |. 8D45 04
LEA EAX,[ARG.RETADDR]
004342C7 |. 8985 F4FDFFFF MOV DWORD PTR SS:[LOCAL.131],EAX
004342CD |. C785 30FDFFFF MOV DWORD PTR SS:[LOCAL.180],10001
004342D7 |. 89B5 E8FDFFFF MOV DWORD PTR SS:[LOCAL.134],ESI
004342DD |. 8B40 FC
MOV EAX,DWORD PTR DS:[EAX-4]
004342E0 |. 6A 50
PUSH 50
0
004342E2 |. 8985 E4FDFFFF MOV DWORD PTR SS:[LOCAL.135],EAX
004342E8 |. 8D85 D8FCFFFF LEA EAX,[LOCAL.202]
004342EE |. 6A 00
PUSH 0
004342F0 |. 50
PUSH EAX
OFFSET LOCAL.202
004342F1 |. E8 AAA5FFFF CALL 0042E8A0
fo.0042E8A0
004342F6 |. 8D85 D8FCFFFF LEA EAX,[LOCAL.202]
004342FC |. 83C4 0C
ADD ESP,0C
004342FF |. 8985 28FDFFFF MOV DWORD PTR SS:[LOCAL.182],EAX
00434305 |. 8D85 30FDFFFF LEA EAX,[LOCAL.180]
0043430B |. 6A 00
PUSH 0
00000000
0043430D |. C785 D8FCFFFF MOV DWORD PTR SS:[LOCAL.202],40000015
00434317 |. 89B5 E4FCFFFF MOV DWORD PTR SS:[LOCAL.199],ESI
0043431D |. 8985 2CFDFFFF MOV DWORD PTR SS:[LOCAL.181],EAX
00434323 |. FF15 64814400 CALL DWORD PTR DS:[<&KERNEL32.SetUnhandl
.SetUnhandledExceptionFilter
00434329 |. 8D85 28FDFFFF LEA EAX,[LOCAL.182]
0043432F |. 50
PUSH EAX
onInfo => OFFSET LOCAL.182
00434330 |. FF15 60814400 CALL DWORD PTR DS:[<&KERNEL32.UnhandledE
.UnhandledExceptionFilter
00434336 |> 6A 03
PUSH 3
00434338 |. E8 2C460000 CALL 00438969
0043433D |. CC
INT3
0043433E |$ 50
PUSH EAX
0043433F |. 64:FF35 00000 PUSH DWORD PTR FS:[0]
00434346 |. 8D4424 0C
LEA EAX,[ESP+0C]
0043434A |. 2B6424 0C
SUB ESP,DWORD PTR SS:[ESP+0C]
0043434E |. 53
PUSH EBX
0043434F |. 56
PUSH ESI
00434350 |. 57
PUSH EDI
00434351 |. 8928
MOV DWORD PTR DS:[EAX],EBP
00434353 |. 8BE8
MOV EBP,EAX
00434355 |. A1 A0154500 MOV EAX,DWORD PTR DS:[4515A0]
0043435A |. 33C5
XOR EAX,EBP
0043435C |. 50
PUSH EAX
0043435D |. FF75 FC
PUSH DWORD PTR SS:[EBP-4]
00434360 |. C745 FC FFFFF MOV DWORD PTR SS:[EBP-4],-1
00434367 |. 8D45 F4
LEA EAX,[EBP-0C]
0043436A |. 64:A3 0000000 MOV DWORD PTR FS:[0],EAX
00434370 \. C3
RETN
00434371 /$ 50
PUSH EAX
00434372 |. 64:FF35 00000 PUSH DWORD PTR FS:[0]
00434379 |. 8D4424 0C
LEA EAX,[ARG.1]
0043437D |. 2B6424 0C
SUB ESP,DWORD PTR SS:[ARG.1]
00434381 |. 53
PUSH EBX
00434382 |. 56
PUSH ESI
00434383 |. 57
PUSH EDI

; /Arg3 = 5
;
;
;
;

|
|
|Arg2 = 0
|Arg1 =>

; \SystemIn

; /Filter =
;
;
;
;

|
|
|
\KERNEL32

; /pExcepti
; \KERNEL32

00434384 |. 8928
MOV DWORD PTR DS:[EAX],EBP
00434386 |. 8BE8
MOV EBP,EAX
00434388 |. A1 A0154500 MOV EAX,DWORD PTR DS:[4515A0]
0043438D |. 33C5
XOR EAX,EBP
0043438F |. 50
PUSH EAX
00434390 |. 8965 F0
MOV DWORD PTR SS:[LOCAL.2],ESP
00434393 |. FF75 FC
PUSH DWORD PTR SS:[ARG.RETADDR]
00434396 |. C745 FC FFFFF MOV DWORD PTR SS:[ARG.RETADDR],-1
0043439D |. 8D45 F4
LEA EAX,[LOCAL.1]
004343A0 |. 64:A3 0000000 MOV DWORD PTR FS:[0],EAX
004343A6 \. C3
RETN
004343A7 /$ 8B4D F4
MOV ECX,DWORD PTR SS:[EBP-0C]
004343AA |. 64:890D 00000 MOV DWORD PTR FS:[0],ECX
004343B1 |. 59
POP ECX
004343B2 |. 5F
POP EDI
004343B3 |. 5F
POP EDI
004343B4 |. 5E
POP ESI
004343B5 |. 5B
POP EBX
004343B6 |. 8BE5
MOV ESP,EBP
004343B8 |. 5D
POP EBP
004343B9 |. 51
PUSH ECX
004343BA \. C3
RETN
004343BB /$ 8BFF
MOV EDI,EDI
; SystemInf
o.004343BB(guessed Arg1)
004343BD |. 55
PUSH EBP
004343BE |. 8BEC
MOV EBP,ESP
004343C0 |. 8B45 08
MOV EAX,DWORD PTR SS:[ARG.1]
004343C3 |. 33C9
XOR ECX,ECX
004343C5 |> 3B04CD 501645 /CMP EAX,DWORD PTR DS:[ECX*8+451650]
004343CC |. 74 13
|JE SHORT 004343E1
004343CE |. 41
|INC ECX
004343CF |. 83F9 2D
|CMP ECX,2D
004343D2 |.^ 72 F1
\JB SHORT 004343C5
004343D4 |. 8D48 ED
LEA ECX,[EAX-13]
; Switch (c
ases 13..24, 2 exits)
004343D7 |. 83F9 11
CMP ECX,11
004343DA |. 77 0E
JA SHORT 004343EA
004343DC |. 6A 0D
PUSH 0D
; Cases 13,
14, 15, 16, 17, 18, 19, 1A, 1B, 1C, 1D, 1E, 1F, 20, 21, 22, 23, 24 of switch Sy
stemInfo.4343D4
004343DE |. 58
POP EAX
004343DF |. 5D
POP EBP
004343E0 |. C3
RETN
004343E1 |> 8B04CD 541645 MOV EAX,DWORD PTR DS:[ECX*8+451654]
004343E8 |. 5D
POP EBP
004343E9 |. C3
RETN
004343EA |> 05 44FFFFFF ADD EAX,-0BC
; Default c
ase of switch SystemInfo.4343D4
004343EF |. 6A 0E
PUSH 0E
004343F1 |. 59
POP ECX
004343F2 |. 3BC8
CMP ECX,EAX
004343F4 |. 1BC0
SBB EAX,EAX
004343F6 |. 23C1
AND EAX,ECX
004343F8 |. 83C0 08
ADD EAX,8
004343FB |. 5D
POP EBP
004343FC \. C3
RETN
004343FD /$ E8 970E0000 CALL 00435299
; SystemInf
o.004343FD(guessed void)
00434402 |. 85C0
TEST EAX,EAX
00434404 |. 75 06
JNE SHORT 0043440C

00434406 |. B8 B8174500
0043440B |. C3
0043440C |> 83C0 08
0043440F \. C3
00434410 /$ E8 840E0000
o.00434410(guessed void)
00434415 |. 85C0
00434417 |. 75 06
00434419 |. B8 BC174500
0043441E |. C3
0043441F |> 83C0 0C
00434422 \. C3
00434423 /$ 8BFF
o.00434423(guessed Arg1)
00434425 |. 55
00434426 |. 8BEC
00434428 |. 56
00434429 |. E8 E2FFFFFF
fo.00434410
0043442E |. 8B4D 08
00434431 |. 51
[ARG.1]
00434432 |. 8908
00434434 |. E8 82FFFFFF
fo.004343BB
00434439 |. 59
0043443A |. 8BF0
0043443C |. E8 BCFFFFFF
fo.004343FD
00434441 |. 8930
00434443 |. 5E
00434444 |. 5D
00434445 \. C3
00434446 /$ 6A 0C
00434448 |. 68 D8F24400
0043444D |. E8 9A450000
00434452 |. 33F6
00434454 |. 8975 E4
00434457 |. 33C0
00434459 |. 8B5D 08
0043445C |. 3BDE
0043445E |. 0F95C0
00434461 |. 3BC6
00434463 |. 75 1C
00434465 |> E8 93FFFFFF
fo.004343FD
0043446A |. C700 16000000
00434470 |. 56
00434471 |. 56
00434472 |. 56
00434473 |. 56
00434474 |. 56
00434475 |. E8 E8A3FFFF
fo.0042E862
0043447A |. 83C4 14
0043447D |> 33C0
0043447F |. EB 7B
00434481 |> 33C0
00434483 |. 8B7D 0C
00434486 |. 3BFE

MOV EAX,OFFSET 004517B8


RETN
ADD EAX,8
RETN
CALL 00435299

; SystemInf

TEST EAX,EAX
JNE SHORT 0043441F
MOV EAX,OFFSET 004517BC
RETN
ADD EAX,0C
RETN
MOV EDI,EDI

; SystemInf

PUSH EBP
MOV EBP,ESP
PUSH ESI
CALL 00434410

; [SystemIn

MOV ECX,DWORD PTR SS:[ARG.1]


PUSH ECX

; /Arg1 =>

MOV DWORD PTR DS:[EAX],ECX


CALL 004343BB

; |
; \SystemIn

POP ECX
MOV ESI,EAX
CALL 004343FD

; [SystemIn

MOV DWORD PTR DS:[EAX],ESI


POP ESI
POP EBP
RETN
PUSH 0C
PUSH OFFSET 0044F2D8
CALL 004389EC
XOR ESI,ESI
MOV DWORD PTR SS:[EBP-1C],ESI
XOR EAX,EAX
MOV EBX,DWORD PTR SS:[EBP+8]
CMP EBX,ESI
SETNE AL
CMP EAX,ESI
JNE SHORT 00434481
CALL 004343FD

; [SystemIn

MOV DWORD PTR DS:[EAX],16


PUSH ESI
PUSH ESI
PUSH ESI
PUSH ESI
PUSH ESI
CALL 0042E862

;
;
;
;
;
;

ADD
XOR
JMP
XOR
MOV
CMP

ESP,14
EAX,EAX
SHORT 004344FC
EAX,EAX
EDI,DWORD PTR SS:[EBP+0C]
EDI,ESI

/Arg5
|Arg4
|Arg3
|Arg2
|Arg1
\SystemIn

00434488 |. 0F95C0
SETNE AL
0043448B |. 3BC6
CMP EAX,ESI
0043448D |.^ 74 D6
JE SHORT 00434465
0043448F |. 33C0
XOR EAX,EAX
00434491 |. 66:3937
CMP WORD PTR DS:[EDI],SI
00434494 |. 0F95C0
SETNE AL
00434497 |. 3BC6
CMP EAX,ESI
00434499 |.^ 74 CA
JE SHORT 00434465
0043449B |. E8 77970000 CALL 0043DC17
004344A0 |. 8945 08
MOV DWORD PTR SS:[EBP+8],EAX
004344A3 |. 3BC6
CMP EAX,ESI
004344A5 |. 75 0D
JNE SHORT 004344B4
004344A7 |. E8 51FFFFFF CALL 004343FD
fo.004343FD
004344AC |. C700 18000000 MOV DWORD PTR DS:[EAX],18
004344B2 |.^ EB C9
JMP SHORT 0043447D
004344B4 |> 8975 FC
MOV DWORD PTR SS:[EBP-4],ESI
004344B7 |. 66:3933
CMP WORD PTR DS:[EBX],SI
004344BA |. 75 20
JNE SHORT 004344DC
004344BC |. E8 3CFFFFFF CALL 004343FD
fo.004343FD
004344C1 |. C700 16000000 MOV DWORD PTR DS:[EAX],16
004344C7 |. 6A FE
PUSH -2
004344C9 |. 8D45 F0
LEA EAX,[EBP-10]
004344CC |. 50
PUSH EAX
004344CD |. 68 A0154500 PUSH OFFSET 004515A0
004344D2 |. E8 79980000 CALL 0043DD50
004344D7 |. 83C4 0C
ADD ESP,0C
004344DA |.^ EB A1
JMP SHORT 0043447D
004344DC |> 50
PUSH EAX
004344DD |. FF75 10
PUSH DWORD PTR SS:[EBP+10]
[ARG.EBP+10]
004344E0 |. 57
PUSH EDI
004344E1 |. 53
PUSH EBX
004344E2 |. E8 7C940000 CALL 0043D963
fo.0043D963
004344E7 |. 83C4 10
ADD ESP,10
004344EA |. 8945 E4
MOV DWORD PTR SS:[EBP-1C],EAX
004344ED |. C745 FC FEFFF MOV DWORD PTR SS:[EBP-4],-2
004344F4 |. E8 09000000 CALL 00434502
004344F9 |. 8B45 E4
MOV EAX,DWORD PTR SS:[EBP-1C]
004344FC |> E8 30450000 CALL 00438A31
00434501 \. C3
RETN
00434502 /$ FF75 08
PUSH DWORD PTR SS:[EBP+8]
00434505 |. E8 426F0000 CALL 0043B44C
0043450A |. 59
POP ECX
0043450B \. C3
RETN
0043450C /$ 8BFF
MOV EDI,EDI
o.0043450C(guessed Arg1,Arg2,Arg3,Arg4)
0043450E |. 55
PUSH EBP
0043450F |. 8BEC
MOV EBP,ESP
00434511 |. 83EC 14
SUB ESP,14
00434514 |. 53
PUSH EBX
00434515 |. 56
PUSH ESI
00434516 |. 8B75 08
MOV ESI,DWORD PTR SS:[ARG.1]
00434519 |. 33DB
XOR EBX,EBX
0043451B |. 895D FC
MOV DWORD PTR SS:[LOCAL.1],EBX
0043451E |. 3BF3
CMP ESI,EBX
00434520 |. 74 13
JE SHORT 00434535
00434522 |. 395D 10
CMP DWORD PTR SS:[ARG.3],EBX

; [SystemIn

; [SystemIn

; /Arg4
; |Arg3 =>
; |Arg2
; |Arg1
; \SystemIn

; SystemInf

00434525 |.
00434527 |.
00434529 |.
0043452E |>
00434530 |.
00434532 |.
00434535 |>
00434536 |.
00434539 |.
0043453B |.
0043453D |.
fo.004343FD
00434542 |.
00434543 |.
00434544 |.
00434545 |.
00434546 |.
00434547 |.
0043454D |.
fo.0042E862
00434552 |.
00434555 |.
0043455A |>
[ARG.4]
0043455D |.
00434560 |.
fo.0042EC65
00434565 |.
00434568 |.
0043456A |.
00434570 |.
00434573 |.
00434575 |.
00434578 |.
0043457A |>
0043457D |.
00434580 |.
00434584 |.
00434587 |.
00434589 |.
0043458B |.
0043458C |.
0043458D |.
0043458E |.
00434591 |.
00434594 |.^
00434596 |>
00434599 |.
0043459B |.
0043459E |.
004345A2 |>
004345A5 |.
004345AA |>
004345AD |.
004345AF |.
004345B2 |.
004345B6 |>
004345B8 |.
004345BD |>
t => [ARG.3]

75 07
33C0
E9 7B010000
76 05
33C0
66:8906
57
8B7D 0C
3BFB
75 1D
E8 BBFEFFFF

JNE SHORT 0043452E


XOR EAX,EAX
JMP 004346A9
JBE SHORT 00434535
XOR EAX,EAX
MOV WORD PTR DS:[ESI],AX
PUSH EDI
MOV EDI,DWORD PTR SS:[ARG.2]
CMP EDI,EBX
JNE SHORT 0043455A
CALL 004343FD

; [SystemIn

53
53
53
53
53
C700 16000000
E8 10A3FFFF

PUSH EBX
PUSH EBX
PUSH EBX
PUSH EBX
PUSH EBX
MOV DWORD PTR DS:[EAX],16
CALL 0042E862

;
;
;
;
;
;
;

83C4 14
E9 3C010000
FF75 14

ADD ESP,14
JMP 00434696
PUSH DWORD PTR SS:[ARG.4]

; /Arg1 =>

8D4D EC
E8 00A7FFFF

LEA ECX,[LOCAL.5]
CALL 0042EC65

; |
; \SystemIn

8B45 EC
3BF3
0F84 ED000000
3958 14
75 48
395D 10
76 1C
8B4D FC
8D0439
66:0FB610
66:8916
3818
74 1F
41
46
46
894D FC
3B4D 10
72 E4
385D F8
74 07
8B45 F4
8360 70 FD
8B45 FC
E9 FE000000
385D F8
74 07
8B45 F4
8360 70 FD
8BC1
E9 EB000000
FF75 10

MOV EAX,DWORD PTR SS:[LOCAL.5]


CMP ESI,EBX
JE 0043465D
CMP DWORD PTR DS:[EAX+14],EBX
JNE SHORT 004345BD
CMP DWORD PTR SS:[ARG.3],EBX
JBE SHORT 00434596
/MOV ECX,DWORD PTR SS:[LOCAL.1]
|LEA EAX,[EDI+ECX]
|MOVZX DX,BYTE PTR DS:[EAX]
|MOV WORD PTR DS:[ESI],DX
|CMP BYTE PTR DS:[EAX],BL
|JE SHORT 004345AA
|INC ECX
|INC ESI
|INC ESI
|MOV DWORD PTR SS:[LOCAL.1],ECX
|CMP ECX,DWORD PTR SS:[ARG.3]
\JB SHORT 0043457A
CMP BYTE PTR SS:[LOCAL.2],BL
JE SHORT 004345A2
MOV EAX,DWORD PTR SS:[LOCAL.3]
AND DWORD PTR DS:[EAX+70],FFFFFFFD
MOV EAX,DWORD PTR SS:[LOCAL.1]
JMP 004346A8
CMP BYTE PTR SS:[LOCAL.2],BL
JE SHORT 004345B6
MOV EAX,DWORD PTR SS:[LOCAL.3]
AND DWORD PTR DS:[EAX+70],FFFFFFFD
MOV EAX,ECX
JMP 004346A8
PUSH DWORD PTR SS:[ARG.3]

; /WideCoun

/Arg5
|Arg4
|Arg3
|Arg2
|Arg1
|
\SystemIn

004345C0 |. 56
PUSH ESI
004345C1 |. 6A FF
PUSH -1
nt = -1.
004345C3 |. 57
PUSH EDI
e
004345C4 |. 8B3D 50814400 MOV EDI,DWORD PTR DS:[<&KERNEL32.MultiBy
004345CA |. 6A 09
PUSH 9
MB_PRECOMPOSED|MB_ERR_INVALID_CHARS
004345CC |. FF70 04
PUSH DWORD PTR DS:[EAX+4]
004345CF |. FFD7
CALL EDI
.MultiByteToWideChar
004345D1 |. 3BC3
CMP EAX,EBX
004345D3 |. 0F85 C2000000 JNE 0043469B
004345D9 |. FF15 58804400 CALL DWORD PTR DS:[<&KERNEL32.GetLastErr
.GetLastError
004345DF |. 83F8 7A
CMP EAX,7A
=> ERROR_INSUFFICIENT_BUFFER
004345E2 |. 74 15
JE SHORT 004345F9
004345E4 |. E8 14FEFFFF CALL 004343FD
fo.004343FD
004345E9 |. C700 2A000000 MOV DWORD PTR DS:[EAX],2A
004345EF |. 33C0
XOR EAX,EAX
004345F1 |. 66:8906
MOV WORD PTR DS:[ESI],AX
004345F4 |. E9 91000000 JMP 0043468A
004345F9 |> 8B45 10
MOV EAX,DWORD PTR SS:[ARG.3]
004345FC |. 8B75 0C
MOV ESI,DWORD PTR SS:[ARG.2]
004345FF |. 8945 FC
MOV DWORD PTR SS:[LOCAL.1],EAX
00434602 |. 3BC3
CMP EAX,EBX
00434604 |. 74 27
JE SHORT 0043462D
00434606 |> 8A06
/MOV AL,BYTE PTR DS:[ESI]
00434608 |. FF4D FC
|DEC DWORD PTR SS:[LOCAL.1]
0043460B |. 3AC3
|CMP AL,BL
0043460D |. 74 1E
|JE SHORT 0043462D
0043460F |. 8D4D EC
|LEA ECX,[LOCAL.5]
00434612 |. 0FB6C0
|MOVZX EAX,AL
00434615 |. 51
|PUSH ECX
OFFSET LOCAL.5
00434616 |. 50
|PUSH EAX
00434617 |. E8 371C0000 |CALL 00436253
fo.00436253
0043461C |. 59
|POP ECX
0043461D |. 59
|POP ECX
0043461E |. 85C0
|TEST EAX,EAX
00434620 |. 74 05
|JE SHORT 00434627
00434622 |. 46
|INC ESI
00434623 |. 381E
|CMP BYTE PTR DS:[ESI],BL
00434625 |. 74 21
|JE SHORT 00434648
00434627 |> 46
|INC ESI
00434628 |. 395D FC
|CMP DWORD PTR SS:[LOCAL.1],EBX
0043462B |.^ 75 D9
\JNE SHORT 00434606
0043462D |> FF75 10
PUSH DWORD PTR SS:[ARG.3]
00434630 |. 2B75 0C
SUB ESI,DWORD PTR SS:[ARG.2]
00434633 |. FF75 08
PUSH DWORD PTR SS:[ARG.1]
00434636 |. 8B45 EC
MOV EAX,DWORD PTR SS:[LOCAL.5]
00434639 |. 56
PUSH ESI
0043463A |. FF75 0C
PUSH DWORD PTR SS:[ARG.2]
0043463D |. 6A 01
PUSH 1
0043463F |. FF70 04
PUSH DWORD PTR DS:[EAX+4]
00434642 |. FFD7
CALL EDI
00434644 |. 3BC3
CMP EAX,EBX

; |WideChar
; |MultiCou
; |MultiByt
; |
; |Flags =
; |CodePage
; \KERNEL32

; [KERNEL32
; CONST 7A
; [SystemIn

; /Arg2 =>
; |Arg1
; \SystemIn

00434646 |. 75 54
JNE SHORT 0043469C
00434648 |> E8 B0FDFFFF CALL 004343FD
fo.004343FD
0043464D |. 8B4D 08
MOV ECX,DWORD PTR SS:[ARG.1]
00434650 |. C700 2A000000 MOV DWORD PTR DS:[EAX],2A
00434656 |. 33C0
XOR EAX,EAX
00434658 |. 66:8901
MOV WORD PTR DS:[ECX],AX
0043465B |. EB 2D
JMP SHORT 0043468A
0043465D |> 3958 14
CMP DWORD PTR DS:[EAX+14],EBX
00434660 |. 75 09
JNE SHORT 0043466B
00434662 |. 57
PUSH EDI
00434663 |. E8 189CFFFF CALL 0042E280
fo.0042E280
00434668 |. 59
POP ECX
00434669 |. EB 31
JMP SHORT 0043469C
0043466B |> 53
PUSH EBX
t
0043466C |. 53
PUSH EBX
0043466D |. 6A FF
PUSH -1
nt = -1.
0043466F |. 57
PUSH EDI
e
00434670 |. 6A 09
PUSH 9
MB_PRECOMPOSED|MB_ERR_INVALID_CHARS
00434672 |. FF70 04
PUSH DWORD PTR DS:[EAX+4]
00434675 |. FF15 50814400 CALL DWORD PTR DS:[<&KERNEL32.MultiByteT
.MultiByteToWideChar
0043467B |. 3BC3
CMP EAX,EBX
0043467D |. 75 1C
JNE SHORT 0043469B
0043467F |. E8 79FDFFFF CALL 004343FD
fo.004343FD
00434684 |. C700 2A000000 MOV DWORD PTR DS:[EAX],2A
0043468A |> 385D F8
CMP BYTE PTR SS:[LOCAL.2],BL
0043468D |. 74 07
JE SHORT 00434696
0043468F |. 8B45 F4
MOV EAX,DWORD PTR SS:[LOCAL.3]
00434692 |. 8360 70 FD
AND DWORD PTR DS:[EAX+70],FFFFFFFD
00434696 |> 83C8 FF
OR EAX,FFFFFFFF
00434699 |. EB 0D
JMP SHORT 004346A8
0043469B |> 48
DEC EAX
0043469C |> 385D F8
CMP BYTE PTR SS:[LOCAL.2],BL
0043469F |. 74 07
JE SHORT 004346A8
004346A1 |. 8B4D F4
MOV ECX,DWORD PTR SS:[LOCAL.3]
004346A4 |. 8361 70 FD
AND DWORD PTR DS:[ECX+70],FFFFFFFD
004346A8 |> 5F
POP EDI
004346A9 |> 5E
POP ESI
004346AA |. 5B
POP EBX
004346AB |. C9
LEAVE
004346AC \. C3
RETN
004346AD /$ 8BFF
MOV EDI,EDI
004346AF |. 55
PUSH EBP
004346B0 |. 8BEC
MOV EBP,ESP
004346B2 |. 83EC 14
SUB ESP,14
004346B5 |. 53
PUSH EBX
004346B6 |. 56
PUSH ESI
004346B7 |. 8B75 0C
MOV ESI,DWORD PTR SS:[ARG.2]
004346BA |. 33DB
XOR EBX,EBX
004346BC |. 895D FC
MOV DWORD PTR SS:[LOCAL.1],EBX
004346BF |. 3BF3
CMP ESI,EBX
004346C1 |. 75 07
JNE SHORT 004346CA
004346C3 |. 395D 10
CMP DWORD PTR SS:[ARG.3],EBX

; [SystemIn

; /Arg1
; \SystemIn

; /WideCoun
; |WideChar
; |MultiCou
; |MultiByt
; |Flags =
; |CodePage
; \KERNEL32

; [SystemIn

004346C6 |. 74 2A
004346C8 |. EB 05
004346CA |> 395D 10
004346CD |. 77 1E
004346CF |> E8 29FDFFFF
fo.004343FD
004346D4 |. 6A 16
004346D6 |. 5E
004346D7 |. 53
004346D8 |. 53
004346D9 |. 53
004346DA |. 53
004346DB |. 53
004346DC |. 8930
004346DE |. E8 7FA1FFFF
fo.0042E862
004346E3 |. 83C4 14
004346E6 |. 8BC6
004346E8 |. E9 CC000000
004346ED |> 33C0
004346EF |. 66:8906
004346F2 |> 57
004346F3 |. 8B7D 08
004346F6 |. 3BFB
004346F8 |. 74 02
004346FA |. 891F
004346FC |> FF75 1C
[ARG.6]
004346FF |. 8D4D EC
00434702 |. E8 5EA5FFFF
fo.0042EC65
00434707 |. 8B45 18
0043470A |. 3B45 10
0043470D |. 76 03
0043470F |. 8B45 10
00434712 |> 3D FFFFFF7F
00434717 |. 76 09
00434719 |. E8 DFFCFFFF
fo.004343FD
0043471E |. 6A 16
00434720 |. EB 50
00434722 |> 8D4D EC
00434725 |. 51
OFFSET LOCAL.5
00434726 |. 50
00434727 |. FF75 14
[ARG.4]
0043472A |. 56
0043472B |. E8 DCFDFFFF
fo.0043450C
00434730 |. 83C4 10
00434733 |. 83F8 FF
00434736 |. 75 1E
00434738 |. 3BF3
0043473A |. 74 05
0043473C |. 33C0
0043473E |. 66:8906
00434741 |> E8 B7FCFFFF
fo.004343FD
00434746 |. 8B00

JE SHORT 004346F2
JMP SHORT 004346CF
CMP DWORD PTR SS:[ARG.3],EBX
JA SHORT 004346ED
CALL 004343FD

; [SystemIn

PUSH 16
POP ESI
PUSH EBX
PUSH EBX
PUSH EBX
PUSH EBX
PUSH EBX
MOV DWORD PTR DS:[EAX],ESI
CALL 0042E862

;
;
;
;
;
;
;

ADD ESP,14
MOV EAX,ESI
JMP 004347B9
XOR EAX,EAX
MOV WORD PTR DS:[ESI],AX
PUSH EDI
MOV EDI,DWORD PTR SS:[ARG.1]
CMP EDI,EBX
JE SHORT 004346FC
MOV DWORD PTR DS:[EDI],EBX
PUSH DWORD PTR SS:[ARG.6]

; /Arg1 =>

LEA ECX,[LOCAL.5]
CALL 0042EC65

; |
; \SystemIn

MOV EAX,DWORD PTR SS:[ARG.5]


CMP EAX,DWORD PTR SS:[ARG.3]
JBE SHORT 00434712
MOV EAX,DWORD PTR SS:[ARG.3]
CMP EAX,7FFFFFFF
JBE SHORT 00434722
CALL 004343FD

; [SystemIn

PUSH 16
JMP SHORT 00434772
LEA ECX,[LOCAL.5]
PUSH ECX

; /Arg4 =>

PUSH EAX
PUSH DWORD PTR SS:[ARG.4]

; |Arg3
; |Arg2 =>

PUSH ESI
CALL 0043450C

; |Arg1
; \SystemIn

ADD ESP,10
CMP EAX,-1
JNE SHORT 00434756
CMP ESI,EBX
JE SHORT 00434741
XOR EAX,EAX
MOV WORD PTR DS:[ESI],AX
CALL 004343FD

; [SystemIn

MOV EAX,DWORD PTR DS:[EAX]

/Arg5
|Arg4
|Arg3
|Arg2
|Arg1
|
\SystemIn

00434748 |. 385D F8
CMP BYTE PTR SS:[LOCAL.2],BL
0043474B |. 74 6B
JE SHORT 004347B8
0043474D |. 8B4D F4
MOV ECX,DWORD PTR SS:[LOCAL.3]
00434750 |. 8361 70 FD
AND DWORD PTR DS:[ECX+70],FFFFFFFD
00434754 |. EB 62
JMP SHORT 004347B8
00434756 |> 40
INC EAX
00434757 |. 3BF3
CMP ESI,EBX
00434759 |. 74 48
JE SHORT 004347A3
0043475B |. 3B45 10
CMP EAX,DWORD PTR SS:[ARG.3]
0043475E |. 76 3C
JBE SHORT 0043479C
00434760 |. 837D 18 FF
CMP DWORD PTR SS:[ARG.5],-1
00434764 |. 74 2C
JE SHORT 00434792
00434766 |. 33C0
XOR EAX,EAX
00434768 |. 66:8906
MOV WORD PTR DS:[ESI],AX
0043476B |. E8 8DFCFFFF CALL 004343FD
fo.004343FD
00434770 |. 6A 22
PUSH 22
00434772 |> 5E
POP ESI
00434773 |. 53
PUSH EBX
00434774 |. 53
PUSH EBX
00434775 |. 53
PUSH EBX
00434776 |. 53
PUSH EBX
00434777 |. 53
PUSH EBX
00434778 |. 8930
MOV DWORD PTR DS:[EAX],ESI
0043477A |. E8 E3A0FFFF CALL 0042E862
fo.0042E862
0043477F |. 83C4 14
ADD ESP,14
00434782 |. 385D F8
CMP BYTE PTR SS:[LOCAL.2],BL
00434785 |. 74 07
JE SHORT 0043478E
00434787 |. 8B45 F4
MOV EAX,DWORD PTR SS:[LOCAL.3]
0043478A |. 8360 70 FD
AND DWORD PTR DS:[EAX+70],FFFFFFFD
0043478E |> 8BC6
MOV EAX,ESI
00434790 |. EB 26
JMP SHORT 004347B8
00434792 |> 8B45 10
MOV EAX,DWORD PTR SS:[ARG.3]
00434795 |. C745 FC 50000 MOV DWORD PTR SS:[LOCAL.1],50
0043479C |> 33C9
XOR ECX,ECX
0043479E |. 66:894C46 FE MOV WORD PTR DS:[EAX*2+ESI-2],CX
004347A3 |> 3BFB
CMP EDI,EBX
004347A5 |. 74 02
JE SHORT 004347A9
004347A7 |. 8907
MOV DWORD PTR DS:[EDI],EAX
004347A9 |> 385D F8
CMP BYTE PTR SS:[LOCAL.2],BL
004347AC |. 74 07
JE SHORT 004347B5
004347AE |. 8B45 F4
MOV EAX,DWORD PTR SS:[LOCAL.3]
004347B1 |. 8360 70 FD
AND DWORD PTR DS:[EAX+70],FFFFFFFD
004347B5 |> 8B45 FC
MOV EAX,DWORD PTR SS:[LOCAL.1]
004347B8 |> 5F
POP EDI
004347B9 |> 5E
POP ESI
004347BA |. 5B
POP EBX
004347BB |. C9
LEAVE
004347BC \. C3
RETN
004347BD /$ 8BFF
MOV EDI,EDI
o.004347BD(guessed Arg1,Arg2,Arg3,Arg4,Arg5)
004347BF |. 55
PUSH EBP
004347C0 |. 8BEC
MOV EBP,ESP
004347C2 |. 6A 00
PUSH 0
004347C4 |. FF75 18
PUSH DWORD PTR SS:[ARG.5]
004347C7 |. FF75 14
PUSH DWORD PTR SS:[ARG.4]
004347CA |. FF75 10
PUSH DWORD PTR SS:[ARG.3]
004347CD |. FF75 0C
PUSH DWORD PTR SS:[ARG.2]
004347D0 |. FF75 08
PUSH DWORD PTR SS:[ARG.1]

; [SystemIn

;
;
;
;
;
;
;

/Arg5
|Arg4
|Arg3
|Arg2
|Arg1
|
\SystemIn

; SystemInf

004347D3 |. E8 D5FEFFFF CALL 004346AD


004347D8 |. 83C4 18
ADD ESP,18
004347DB |. 5D
POP EBP
004347DC \. C3
RETN
004347DD /$ 8BFF
MOV EDI,EDI
004347DF |. 55
PUSH EBP
004347E0 |. 8BEC
MOV EBP,ESP
004347E2 |. 8B45 08
MOV EAX,DWORD PTR SS:[ARG.1]
004347E5 |. 85C0
TEST EAX,EAX
004347E7 |. 74 12
JE SHORT 004347FB
004347E9 |. 83E8 08
SUB EAX,8
004347EC |. 8138 DDDD0000 CMP DWORD PTR DS:[EAX],0DDDD
004347F2 |. 75 07
JNE SHORT 004347FB
004347F4 |. 50
PUSH EAX
004347F5 |. E8 E4E9FFFF CALL 004331DE
fo.004331DE
004347FA |. 59
POP ECX
004347FB |> 5D
POP EBP
004347FC \. C3
RETN
004347FD /$ 8BFF
MOV EDI,EDI
o.004347FD(guessed Arg1,Arg2,Arg3,Arg4,Arg5,Arg6,Arg7,Arg8)
004347FF |. 55
PUSH EBP
00434800 |. 8BEC
MOV EBP,ESP
00434802 |. 83EC 14
SUB ESP,14
00434805 |. A1 A0154500 MOV EAX,DWORD PTR DS:[4515A0]
0043480A |. 33C5
XOR EAX,EBP
0043480C |. 8945 FC
MOV DWORD PTR SS:[LOCAL.1],EAX
0043480F |. 53
PUSH EBX
00434810 |. 56
PUSH ESI
00434811 |. 33DB
XOR EBX,EBX
00434813 |. 57
PUSH EDI
00434814 |. 8BF1
MOV ESI,ECX
00434816 |. 391D E02C4500 CMP DWORD PTR DS:[452CE0],EBX
0043481C |. 75 38
JNE SHORT 00434856
0043481E |. 53
PUSH EBX
=> 0
0043481F |. 53
PUSH EBX
NULL
00434820 |. 33FF
XOR EDI,EDI
00434822 |. 47
INC EDI
00434823 |. 57
PUSH EDI
> 1
00434824 |. 68 D49B4400 PUSH OFFSET 00449BD4
00434829 |. 68 00010000 PUSH 100
LCMAP_LOWERCASE
0043482E |. 53
PUSH EBX
> LOCALE_NEUTRAL
0043482F |. FF15 7C814400 CALL DWORD PTR DS:[<&KERNEL32.LCMapStrin
.LCMapStringW
00434835 |. 85C0
TEST EAX,EAX
00434837 |. 74 08
JE SHORT 00434841
00434839 |. 893D E02C4500 MOV DWORD PTR DS:[452CE0],EDI
0043483F |. EB 15
JMP SHORT 00434856
00434841 |> FF15 58804400 CALL DWORD PTR DS:[<&KERNEL32.GetLastErr
.GetLastError
00434847 |. 83F8 78
CMP EAX,78
=> ERROR_CALL_NOT_IMPLEMENTED
0043484A |. 75 0A
JNE SHORT 00434856
0043484C |. C705 E02C4500 MOV DWORD PTR DS:[452CE0],2
00434856 |> 395D 14
CMP DWORD PTR SS:[ARG.4],EBX

; /Arg1
; \SystemIn

; SystemInf

; /DestLen
; |Dest =>
; |
; |
; |SrcLen =
; |Src = ""
; |Flags =
; |Locale =
; \KERNEL32

; [KERNEL32
; CONST 78

00434859 |. 7E 22
0043485B |. 8B4D 14
0043485E |. 8B45 10
00434861 |> 49
00434862 |. 3818
00434864 |. 74 08
00434866 |. 40
00434867 |. 3BCB
00434869 |.^ 75 F6
0043486B |. 83C9 FF
0043486E |> 8B45 14
00434871 |. 2BC1
00434873 |. 48
00434874 |. 3B45 14
00434877 |. 7D 01
00434879 |. 40
0043487A |> 8945 14
0043487D |> A1 E02C4500
00434882 |. 83F8 02
00434885 |. 0F84 AC010000
0043488B |. 3BC3
0043488D |. 0F84 A4010000
00434893 |. 83F8 01
00434896 |. 0F85 CC010000
0043489C |. 895D F8
0043489F |. 395D 20
004348A2 |. 75 08
004348A4 |. 8B06
004348A6 |. 8B40 04
004348A9 |. 8945 20
004348AC |> 8B35 50814400
004348B2 |. 33C0
004348B4 |. 395D 24
004348B7 |. 53
t => 0
004348B8 |. 53
=> NULL
004348B9 |. FF75 14
nt => [ARG.4]
004348BC |. 0F95C0
004348BF |. FF75 10
e => [ARG.3]
004348C2 |. 8D04C5 010000
004348C9 |. 50
004348CA |. FF75 20
=> [ARG.7]
004348CD |. FFD6
.MultiByteToWideChar
004348CF |. 8BF8
004348D1 |. 3BFB
004348D3 |. 0F84 8F010000
004348D9 |. 7E 43
004348DB |. 6A E0
004348DD |. 33D2
004348DF |. 58
004348E0 |. F7F7
004348E2 |. 83F8 02
004348E5 |. 72 37
004348E7 |. 8D443F 08
004348EB |. 3D 00040000

JLE SHORT 0043487D


MOV ECX,DWORD PTR SS:[ARG.4]
MOV EAX,DWORD PTR SS:[ARG.3]
/DEC ECX
|CMP BYTE PTR DS:[EAX],BL
|JE SHORT 0043486E
|INC EAX
|CMP ECX,EBX
\JNE SHORT 00434861
OR ECX,FFFFFFFF
MOV EAX,DWORD PTR SS:[ARG.4]
SUB EAX,ECX
DEC EAX
CMP EAX,DWORD PTR SS:[ARG.4]
JGE SHORT 0043487A
INC EAX
MOV DWORD PTR SS:[ARG.4],EAX
MOV EAX,DWORD PTR DS:[452CE0]
CMP EAX,2
JE 00434A37
CMP EAX,EBX
JE 00434A37
CMP EAX,1
JNE 00434A68
MOV DWORD PTR SS:[LOCAL.2],EBX
CMP DWORD PTR SS:[ARG.7],EBX
JNE SHORT 004348AC
MOV EAX,DWORD PTR DS:[ESI]
MOV EAX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[ARG.7],EAX
MOV ESI,DWORD PTR DS:[<&KERNEL32.MultiBy
XOR EAX,EAX
CMP DWORD PTR SS:[ARG.8],EBX
PUSH EBX
; /WideCoun
PUSH EBX

; |WideChar

PUSH DWORD PTR SS:[ARG.4]

; |MultiCou

SETNE AL
PUSH DWORD PTR SS:[ARG.3]

; |
; |MultiByt

LEA EAX,[EAX*8+1]
PUSH EAX
PUSH DWORD PTR SS:[ARG.7]

; |
; |Flags
; |CodePage

CALL ESI

; \KERNEL32

MOV EDI,EAX
CMP EDI,EBX
JE 00434A68
JLE SHORT 0043491E
PUSH -20
XOR EDX,EDX
POP EAX
DIV EDI
CMP EAX,2
JB SHORT 0043491E
LEA EAX,[EDI+EDI+8]
CMP EAX,400

004348F0 |.
004348F2 |.
004348F7 |.
004348F9 |.
004348FB |.
004348FD |.
00434903 |.
00434905 |>
00434906 |.
fo.00435A36
0043490B |.
0043490C |.
0043490E |.
00434910 |.
00434916 |>
00434919 |>
0043491C |.
0043491E |>
00434921 |>
00434924 |.
0043492A |.
0043492B |.
0043492E |.
00434931 |.
00434934 |.
00434936 |.
00434939 |.
0043493B |.
0043493D |.
00434943 |.
00434949 |.
0043494A |.
0043494B |.
0043494C |.
LOCAL.3]
0043494F |.
[ARG.2]
00434952 |.
> [ARG.1]
00434955 |.
.LCMapStringW
00434957 |.
00434959 |.
0043495C |.
0043495E |.
00434964 |.
0043496B |.
0043496D |.
00434970 |.
00434976 |.
00434979 |.
0043497F |.
=> [ARG.6]
00434982 |.
[ARG.5]
00434985 |.
00434986 |.
LOCAL.3]
00434989 |.
[ARG.2]

77 13
E8 A9970000
8BC4
3BC3
74 1C
C700 CCCC0000
EB 11
50
E8 2B110000

JA SHORT 00434905
CALL 0043E0A0
MOV EAX,ESP
CMP EAX,EBX
JE SHORT 00434919
MOV DWORD PTR DS:[EAX],0CCCC
JMP SHORT 00434916
PUSH EAX
CALL 00435A36

; /Arg1
; \SystemIn

59
3BC3
74 09
C700 DDDD0000
83C0 08
8945 F4
EB 03
895D F4
395D F4
0F84 3E010000
57
FF75 F4
FF75 14
FF75 10
6A 01
FF75 20
FFD6
85C0
0F84 E3000000
8B35 7C814400
53
53
57
FF75 F4

POP ECX
CMP EAX,EBX
JE SHORT 00434919
MOV DWORD PTR DS:[EAX],0DDDD
ADD EAX,8
MOV DWORD PTR SS:[LOCAL.3],EAX
JMP SHORT 00434921
MOV DWORD PTR SS:[LOCAL.3],EBX
CMP DWORD PTR SS:[LOCAL.3],EBX
JE 00434A68
PUSH EDI
PUSH DWORD PTR SS:[LOCAL.3]
PUSH DWORD PTR SS:[ARG.4]
PUSH DWORD PTR SS:[ARG.3]
PUSH 1
PUSH DWORD PTR SS:[ARG.7]
CALL ESI
TEST EAX,EAX
JE 00434A26
MOV ESI,DWORD PTR DS:[<&KERNEL32.LCMapSt
PUSH EBX
PUSH EBX
PUSH EDI
PUSH DWORD PTR SS:[LOCAL.3]

;
;
;
;

FF75 0C

PUSH DWORD PTR SS:[ARG.2]

; |Flags =>

FF75 08

PUSH DWORD PTR SS:[ARG.1]

; |Locale =

FFD6

CALL ESI

; \KERNEL32

8BC8
894D F8
3BCB
0F84 C2000000
F745 0C 00040
74 29
395D 1C
0F84 B0000000
3B4D 1C
0F8F A7000000
FF75 1C

MOV ECX,EAX
MOV DWORD PTR SS:[LOCAL.2],ECX
CMP ECX,EBX
JE 00434A26
TEST DWORD PTR SS:[ARG.2],00000400
JE SHORT 00434996
CMP DWORD PTR SS:[ARG.6],EBX
JE 00434A26
CMP ECX,DWORD PTR SS:[ARG.6]
JG 00434A26
PUSH DWORD PTR SS:[ARG.6]

; /DestLen

FF75 18

PUSH DWORD PTR SS:[ARG.5]

; |Dest =>

57
FF75 F4

PUSH EDI
PUSH DWORD PTR SS:[LOCAL.3]

; |SrcLen
; |Src => [

FF75 0C

PUSH DWORD PTR SS:[ARG.2]

; |Flags =>

/DestLen
|Dest
|SrcLen
|Src => [

0043498C |.
> [ARG.1]
0043498F |.
.LCMapStringW
00434991 |.
00434996 |>
00434998 |.
0043499A |.
0043499C |.
0043499E |.
0043499F |.
004349A1 |.
004349A4 |.
004349A6 |.
004349AA |.
004349AF |.
004349B1 |.
004349B6 |.
004349B8 |.
004349BA |.
004349BC |.
004349C2 |.
004349C5 |.
004349C7 |>
004349C8 |.
fo.00435A36
004349CD |.
004349CE |.
004349D0 |.
004349D2 |.
004349D8 |.
004349DB |>
004349DD |.
004349DF |>
004349E1 |>
004349E3 |.
004349E5 |.
=> [LOCAL.2]
004349E8 |.
004349E9 |.
004349EA |.
LOCAL.3]
004349ED |.
[ARG.2]
004349F0 |.
> [ARG.1]
004349F3 |.
.LCMapStringW
004349F9 |.
004349FB |.
004349FD |.
harUsed
004349FE |.
har
004349FF |.
00434A02 |.
00434A04 |.
00434A05 |.
00434A06 |.
00434A08 |>

FF75 08

PUSH DWORD PTR SS:[ARG.1]

; |Locale =

FFD6

CALL ESI

; \KERNEL32

E9 90000000
3BCB
7E 45
6A E0
33D2
58
F7F1
83F8 02
72 39
8D4409 08
3D 00040000
77 16
E8 EA960000
8BF4
3BF3
74 6A
C706 CCCC0000
83C6 08
EB 1A
50
E8 69100000

JMP 00434A26
CMP ECX,EBX
JLE SHORT 004349DF
PUSH -20
XOR EDX,EDX
POP EAX
DIV ECX
CMP EAX,2
JB SHORT 004349DF
LEA EAX,[ECX+ECX+8]
CMP EAX,400
JA SHORT 004349C7
CALL 0043E0A0
MOV ESI,ESP
CMP ESI,EBX
JE SHORT 00434A26
MOV DWORD PTR DS:[ESI],0CCCC
ADD ESI,8
JMP SHORT 004349E1
PUSH EAX
CALL 00435A36

; /Arg1
; \SystemIn

59
3BC3
74 09
C700 DDDD0000
83C0 08
8BF0
EB 02
33F6
3BF3
74 41
FF75 F8

POP ECX
CMP EAX,EBX
JE SHORT 004349DB
MOV DWORD PTR DS:[EAX],0DDDD
ADD EAX,8
MOV ESI,EAX
JMP SHORT 004349E1
XOR ESI,ESI
CMP ESI,EBX
JE SHORT 00434A26
PUSH DWORD PTR SS:[LOCAL.2]

; /DestLen

56
57
FF75 F4

PUSH ESI
PUSH EDI
PUSH DWORD PTR SS:[LOCAL.3]

; |Dest
; |SrcLen
; |Src => [

FF75 0C

PUSH DWORD PTR SS:[ARG.2]

; |Flags =>

FF75 08

PUSH DWORD PTR SS:[ARG.1]

; |Locale =

FF15 7C814400 CALL DWORD PTR DS:[<&KERNEL32.LCMapStrin ; \KERNEL32


85C0
74 22
53

TEST EAX,EAX
JE SHORT 00434A1F
PUSH EBX

; /DefaultC

53

PUSH EBX

; |DefaultC

395D 1C
75 04
53
53
EB 06
FF75 1C

CMP DWORD PTR SS:[ARG.6],EBX


JNE SHORT 00434A08
PUSH EBX
PUSH EBX
JMP SHORT 00434A0E
PUSH DWORD PTR SS:[ARG.6]

;
;
;
;
;
;

|
|
|
|
|
|

00434A0B |. FF75 18
00434A0E |> FF75 F8
t => [LOCAL.2]
00434A11 |. 56
00434A12 |. 53
00434A13 |. FF75 20
=> [ARG.7]
00434A16 |. FF15 38814400
.WideCharToMultiByte
00434A1C |. 8945 F8
00434A1F |> 56
00434A20 |. E8 B8FDFFFF
00434A25 |. 59
00434A26 |> FF75 F4
00434A29 |. E8 AFFDFFFF
00434A2E |. 8B45 F8
00434A31 |. 59
00434A32 |. E9 59010000
00434A37 |> 895D F4
00434A3A |. 895D F0
00434A3D |. 395D 08
00434A40 |. 75 08
00434A42 |. 8B06
00434A44 |. 8B40 14
00434A47 |. 8945 08
00434A4A |> 395D 20
00434A4D |. 75 08
00434A4F |. 8B06
00434A51 |. 8B40 04
00434A54 |. 8945 20
00434A57 |> FF75 08
[ARG.1]
00434A5A |. E8 44940000
fo.0043DEA3
00434A5F |. 59
00434A60 |. 8945 EC
00434A63 |. 83F8 FF
00434A66 |. 75 07
00434A68 |> 33C0
00434A6A |. E9 21010000
00434A6F |> 3B45 20
00434A72 |. 0F84 DB000000
00434A78 |. 53
00434A79 |. 53
00434A7A |. 8D4D 14
00434A7D |. 51
OFFSET ARG.4
00434A7E |. FF75 10
[ARG.3]
00434A81 |. 50
00434A82 |. FF75 20
[ARG.7]
00434A85 |. E8 62940000
fo.0043DEEC
00434A8A |. 83C4 18
00434A8D |. 8945 F4
00434A90 |. 3BC3
00434A92 |.^ 74 D4
00434A94 |. 8B35 44804400
00434A9A |. 53

PUSH DWORD PTR SS:[ARG.5]


PUSH DWORD PTR SS:[LOCAL.2]

; |
; |WideCoun

PUSH ESI
PUSH EBX
PUSH DWORD PTR SS:[ARG.7]

; |WideChar
; |Flags
; |CodePage

CALL DWORD PTR DS:[<&KERNEL32.WideCharTo ; \KERNEL32


MOV DWORD PTR SS:[LOCAL.2],EAX
PUSH ESI
CALL 004347DD
POP ECX
PUSH DWORD PTR SS:[LOCAL.3]
CALL 004347DD
MOV EAX,DWORD PTR SS:[LOCAL.2]
POP ECX
JMP 00434B90
MOV DWORD PTR SS:[LOCAL.3],EBX
MOV DWORD PTR SS:[LOCAL.4],EBX
CMP DWORD PTR SS:[ARG.1],EBX
JNE SHORT 00434A4A
MOV EAX,DWORD PTR DS:[ESI]
MOV EAX,DWORD PTR DS:[EAX+14]
MOV DWORD PTR SS:[ARG.1],EAX
CMP DWORD PTR SS:[ARG.7],EBX
JNE SHORT 00434A57
MOV EAX,DWORD PTR DS:[ESI]
MOV EAX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[ARG.7],EAX
PUSH DWORD PTR SS:[ARG.1]

; /Arg1 =>

CALL 0043DEA3

; \SystemIn

POP ECX
MOV DWORD PTR SS:[LOCAL.5],EAX
CMP EAX,-1
JNE SHORT 00434A6F
XOR EAX,EAX
JMP 00434B90
CMP EAX,DWORD PTR SS:[ARG.7]
JE 00434B53
PUSH EBX
PUSH EBX
LEA ECX,[ARG.4]
PUSH ECX

;
;
;
;

PUSH DWORD PTR SS:[ARG.3]

; |Arg3 =>

PUSH EAX
PUSH DWORD PTR SS:[ARG.7]

; |Arg2
; |Arg1 =>

CALL 0043DEEC

; \SystemIn

/Arg6
|Arg5
|
|Arg4 =>

ADD ESP,18
MOV DWORD PTR SS:[LOCAL.3],EAX
CMP EAX,EBX
JE SHORT 00434A68
MOV ESI,DWORD PTR DS:[<&KERNEL32.LCMapSt
PUSH EBX
; /DestLen

00434A9B |.
00434A9C |.
> [ARG.4]
00434A9F |.
00434AA0 |.
[ARG.2]
00434AA3 |.
> [ARG.1]
00434AA6 |.
.LCMapStringA
00434AA8 |.
00434AAB |.
00434AAD |.
00434AAF |>
00434AB1 |.
00434AB6 |>
00434AB8 |.
00434ABB |.
00434ABD |.
00434AC0 |.
00434AC5 |.
00434AC7 |.
00434ACC |.
00434ACE |.
00434AD0 |.^
00434AD2 |.
00434AD8 |.
00434ADB |.
00434ADD |>
00434ADE |.
fo.00435A36
00434AE3 |.
00434AE4 |.
00434AE6 |.
00434AE8 |.
00434AEE |.
00434AF1 |>
00434AF3 |.
00434AF5 |>
00434AF7 |>
00434AF9 |.^
00434AFB |.
[LOCAL.2]
00434AFE |.
00434AFF |.
00434B00 |.
fo.0042E8A0
00434B05 |.
00434B08 |.
00434B0B |.
00434B0C |.
00434B0F |.
00434B12 |.
00434B15 |.
00434B18 |.
00434B1A |.
00434B1D |.
00434B1F |.
00434B21 |.
00434B23 |.

53
FF75 14

PUSH EBX
PUSH DWORD PTR SS:[ARG.4]

; |Dest
; |SrcLen =

50
FF75 0C

PUSH EAX
PUSH DWORD PTR SS:[ARG.2]

; |Src
; |Flags =>

FF75 08

PUSH DWORD PTR SS:[ARG.1]

; |Locale =

FFD6

CALL ESI

; \KERNEL32

8945 F8
3BC3
75 07
33F6
E9 B7000000
7E 3D
83F8 E0
77 38
83C0 08
3D 00040000
77 16
E8 D4950000
8BFC
3BFB
74 DD
C707 CCCC0000
83C7 08
EB 1A
50
E8 530F0000

MOV DWORD PTR SS:[LOCAL.2],EAX


CMP EAX,EBX
JNE SHORT 00434AB6
XOR ESI,ESI
JMP 00434B6D
JLE SHORT 00434AF5
CMP EAX,-20
JA SHORT 00434AF5
ADD EAX,8
CMP EAX,400
JA SHORT 00434ADD
CALL 0043E0A0
MOV EDI,ESP
CMP EDI,EBX
JE SHORT 00434AAF
MOV DWORD PTR DS:[EDI],0CCCC
ADD EDI,8
JMP SHORT 00434AF7
PUSH EAX
CALL 00435A36

; /Arg1
; \SystemIn

59
3BC3
74 09
C700 DDDD0000
83C0 08
8BF8
EB 02
33FF
3BFB
74 B4
FF75 F8

POP ECX
CMP EAX,EBX
JE SHORT 00434AF1
MOV DWORD PTR DS:[EAX],0DDDD
ADD EAX,8
MOV EDI,EAX
JMP SHORT 00434AF7
XOR EDI,EDI
CMP EDI,EBX
JE SHORT 00434AAF
PUSH DWORD PTR SS:[LOCAL.2]

; /Arg3 =>

53
57
E8 9B9DFFFF

PUSH EBX
PUSH EDI
CALL 0042E8A0

; |Arg2
; |Arg1
; \SystemIn

83C4 0C
FF75 F8
57
FF75 14
FF75 F4
FF75 0C
FF75 08
FFD6
8945 F8
3BC3
75 04
33F6
EB 25

ADD ESP,0C
PUSH DWORD PTR SS:[LOCAL.2]
PUSH EDI
PUSH DWORD PTR SS:[ARG.4]
PUSH DWORD PTR SS:[LOCAL.3]
PUSH DWORD PTR SS:[ARG.2]
PUSH DWORD PTR SS:[ARG.1]
CALL ESI
MOV DWORD PTR SS:[LOCAL.2],EAX
CMP EAX,EBX
JNE SHORT 00434B25
XOR ESI,ESI
JMP SHORT 00434B4A

00434B25 |> FF75 1C


[ARG.6]
00434B28 |. 8D45 F8
00434B2B |. FF75 18
[ARG.5]
00434B2E |. 50
OFFSET LOCAL.2
00434B2F |. 57
00434B30 |. FF75 20
[ARG.7]
00434B33 |. FF75 EC
[LOCAL.5]
00434B36 |. E8 B1930000
fo.0043DEEC
00434B3B |. 8BF0
00434B3D |. 8975 F0
00434B40 |. 83C4 18
00434B43 |. F7DE
00434B45 |. 1BF6
00434B47 |. 2375 F8
00434B4A |> 57
00434B4B |. E8 8DFCFFFF
00434B50 |. 59
00434B51 |. EB 1A
00434B53 |> FF75 1C
=> [ARG.6]
00434B56 |. FF75 18
[ARG.5]
00434B59 |. FF75 14
> [ARG.4]
00434B5C |. FF75 10
ARG.3]
00434B5F |. FF75 0C
[ARG.2]
00434B62 |. FF75 08
> [ARG.1]
00434B65 |. FF15 44804400
.LCMapStringA
00434B6B |. 8BF0
00434B6D |> 395D F4
00434B70 |. 74 09
00434B72 |. FF75 F4
[LOCAL.3]
00434B75 |. E8 64E6FFFF
fo.004331DE
00434B7A |. 59
00434B7B |> 8B45 F0
00434B7E |. 3BC3
00434B80 |. 74 0C
00434B82 |. 3945 18
00434B85 |. 74 07
00434B87 |. 50
00434B88 |. E8 51E6FFFF
fo.004331DE
00434B8D |. 59
00434B8E |> 8BC6
00434B90 |> 8D65 E0
00434B93 |. 5F
00434B94 |. 5E
00434B95 |. 5B

PUSH DWORD PTR SS:[ARG.6]

; /Arg6 =>

LEA EAX,[LOCAL.2]
PUSH DWORD PTR SS:[ARG.5]

; |
; |Arg5 =>

PUSH EAX

; |Arg4 =>

PUSH EDI
PUSH DWORD PTR SS:[ARG.7]

; |Arg3
; |Arg2 =>

PUSH DWORD PTR SS:[LOCAL.5]

; |Arg1 =>

CALL 0043DEEC

; \SystemIn

MOV ESI,EAX
MOV DWORD PTR SS:[LOCAL.4],ESI
ADD ESP,18
NEG ESI
SBB ESI,ESI
AND ESI,DWORD PTR SS:[LOCAL.2]
PUSH EDI
CALL 004347DD
POP ECX
JMP SHORT 00434B6D
PUSH DWORD PTR SS:[ARG.6]

; /DestLen

PUSH DWORD PTR SS:[ARG.5]

; |Dest =>

PUSH DWORD PTR SS:[ARG.4]

; |SrcLen =

PUSH DWORD PTR SS:[ARG.3]

; |Src => [

PUSH DWORD PTR SS:[ARG.2]

; |Flags =>

PUSH DWORD PTR SS:[ARG.1]

; |Locale =

CALL DWORD PTR DS:[<&KERNEL32.LCMapStrin ; \KERNEL32


MOV ESI,EAX
CMP DWORD PTR SS:[LOCAL.3],EBX
JE SHORT 00434B7B
PUSH DWORD PTR SS:[LOCAL.3]

; /Arg1 =>

CALL 004331DE

; \SystemIn

POP ECX
MOV EAX,DWORD PTR SS:[LOCAL.4]
CMP EAX,EBX
JE SHORT 00434B8E
CMP DWORD PTR SS:[ARG.5],EAX
JE SHORT 00434B8E
PUSH EAX
CALL 004331DE

; /Arg1
; \SystemIn

POP
MOV
LEA
POP
POP
POP

ECX
EAX,ESI
ESP,[LOCAL.8]
EDI
ESI
EBX

00434B96 |. 8B4D FC
MOV ECX,DWORD PTR SS:[LOCAL.1]
00434B99 |. 33CD
XOR ECX,EBP
00434B9B |. E8 519BFFFF CALL 0042E6F1
00434BA0 |. C9
LEAVE
00434BA1 \. C3
RETN
00434BA2 /$ 8BFF
MOV EDI,EDI
o.00434BA2(guessed Arg1,Arg2,Arg3,Arg4,Arg5,Arg6,Arg7,Arg8,Arg9)
00434BA4 |. 55
PUSH EBP
00434BA5 |. 8BEC
MOV EBP,ESP
00434BA7 |. 83EC 10
SUB ESP,10
00434BAA |. FF75 08
PUSH DWORD PTR SS:[ARG.1]
[ARG.1]
00434BAD |. 8D4D F0
LEA ECX,[LOCAL.4]
00434BB0 |. E8 B0A0FFFF CALL 0042EC65
fo.0042EC65
00434BB5 |. FF75 28
PUSH DWORD PTR SS:[ARG.9]
[ARG.9]
00434BB8 |. 8D4D F0
LEA ECX,[LOCAL.4]
00434BBB |. FF75 24
PUSH DWORD PTR SS:[ARG.8]
[ARG.8]
00434BBE |. FF75 20
PUSH DWORD PTR SS:[ARG.7]
[ARG.7]
00434BC1 |. FF75 1C
PUSH DWORD PTR SS:[ARG.6]
[ARG.6]
00434BC4 |. FF75 18
PUSH DWORD PTR SS:[ARG.5]
[ARG.5]
00434BC7 |. FF75 14
PUSH DWORD PTR SS:[ARG.4]
[ARG.4]
00434BCA |. FF75 10
PUSH DWORD PTR SS:[ARG.3]
[ARG.3]
00434BCD |. FF75 0C
PUSH DWORD PTR SS:[ARG.2]
[ARG.2]
00434BD0 |. E8 28FCFFFF CALL 004347FD
fo.004347FD
00434BD5 |. 83C4 20
ADD ESP,20
00434BD8 |. 807D FC 00
CMP BYTE PTR SS:[LOCAL.1],0
00434BDC |. 74 07
JE SHORT 00434BE5
00434BDE |. 8B4D F8
MOV ECX,DWORD PTR SS:[LOCAL.2]
00434BE1 |. 8361 70 FD
AND DWORD PTR DS:[ECX+70],FFFFFFFD
00434BE5 |> C9
LEAVE
00434BE6 \. C3
RETN
00434BE7 /$ E8 26070000 CALL 00435312
fo.00435312
00434BEC |. 8BC8
MOV ECX,EAX
00434BEE |. 8B41 6C
MOV EAX,DWORD PTR DS:[ECX+6C]
00434BF1 |. 3B05 E01D4500 CMP EAX,DWORD PTR DS:[451DE0]
00434BF7 |. 74 10
JE SHORT 00434C09
00434BF9 |. 8B15 F81C4500 MOV EDX,DWORD PTR DS:[451CF8]
00434BFF |. 8551 70
TEST DWORD PTR DS:[ECX+70],EDX
00434C02 |. 75 05
JNE SHORT 00434C09
00434C04 |. E8 57C5FFFF CALL 00431160
fo.00431160
00434C09 |> 8B80 C8000000 MOV EAX,DWORD PTR DS:[EAX+0C8]
00434C0F \. C3
RETN
00434C10 /$ 8BFF
MOV EDI,EDI
00434C12 |. 55
PUSH EBP
00434C13 |. 8BEC
MOV EBP,ESP
00434C15 |. 83EC 10
SUB ESP,10
00434C18 |. FF75 0C
PUSH DWORD PTR SS:[ARG.2]
[ARG.2]

; SystemInf

; /Arg1 =>
; |
; \SystemIn
; /Arg8 =>
; |
; |Arg7 =>
; |Arg6 =>
; |Arg5 =>
; |Arg4 =>
; |Arg3 =>
; |Arg2 =>
; |Arg1 =>
; \SystemIn

; [SystemIn

; [SystemIn

; /Arg1 =>

00434C1B |. 8D4D F0
00434C1E |. E8 42A0FFFF
fo.0042EC65
00434C23 |. 8B45 F0
00434C26 |. 83B8 AC000000
00434C2D |. 7E 13
00434C2F |. 8D45 F0
00434C32 |. 50
00434C33 |. 6A 01
00434C35 |. FF75 08
00434C38 |. E8 8F940000
00434C3D |. 83C4 0C
00434C40 |. EB 10
00434C42 |> 8B80 C8000000
00434C48 |. 8B4D 08
00434C4B |. 0FB70448
00434C4F |. 83E0 01
00434C52 |> 807D FC 00
00434C56 |. 74 07
00434C58 |. 8B4D F8
00434C5B |. 8361 70 FD
00434C5F |> C9
00434C60 \. C3
00434C61 /$ 8BFF
o.00434C61(guessed Arg1)
00434C63 |. 55
00434C64 |. 8BEC
00434C66 |. 833D D02C4500
00434C6D |. 75 12
00434C6F |. 8B45 08
00434C72 |. 8B0D D01D4500
00434C78 |. 0FB70441
00434C7C |. 83E0 01
00434C7F |. 5D
00434C80 |. C3
00434C81 |> 6A 00
00434C83 |. FF75 08
00434C86 |. E8 85FFFFFF
00434C8B |. 59
00434C8C |. 59
00434C8D |. 5D
00434C8E \. C3
00434C8F /$ 8BFF
00434C91 |. 55
00434C92 |. 8BEC
00434C94 |. 83EC 10
00434C97 |. FF75 0C
[ARG.2]
00434C9A |. 8D4D F0
00434C9D |. E8 C39FFFFF
fo.0042EC65
00434CA2 |. 8B45 F0
00434CA5 |. 83B8 AC000000
00434CAC |. 7E 13
00434CAE |. 8D45 F0
00434CB1 |. 50
00434CB2 |. 6A 02
00434CB4 |. FF75 08
00434CB7 |. E8 10940000
00434CBC |. 83C4 0C

LEA ECX,[LOCAL.4]
CALL 0042EC65

; |
; \SystemIn

MOV EAX,DWORD PTR SS:[LOCAL.4]


CMP DWORD PTR DS:[EAX+0AC],1
JLE SHORT 00434C42
LEA EAX,[LOCAL.4]
PUSH EAX
PUSH 1
PUSH DWORD PTR SS:[ARG.1]
CALL 0043E0CC
ADD ESP,0C
JMP SHORT 00434C52
MOV EAX,DWORD PTR DS:[EAX+0C8]
MOV ECX,DWORD PTR SS:[ARG.1]
MOVZX EAX,WORD PTR DS:[ECX*2+EAX]
AND EAX,00000001
CMP BYTE PTR SS:[LOCAL.1],0
JE SHORT 00434C5F
MOV ECX,DWORD PTR SS:[LOCAL.2]
AND DWORD PTR DS:[ECX+70],FFFFFFFD
LEAVE
RETN
MOV EDI,EDI

; SystemInf

PUSH EBP
MOV EBP,ESP
CMP DWORD PTR DS:[452CD0],0
JNE SHORT 00434C81
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ECX,DWORD PTR DS:[451DD0]
MOVZX EAX,WORD PTR DS:[EAX*2+ECX]
AND EAX,00000001
POP EBP
RETN
PUSH 0
PUSH DWORD PTR SS:[ARG.1]
CALL 00434C10
POP ECX
POP ECX
POP EBP
RETN
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
SUB ESP,10
PUSH DWORD PTR SS:[ARG.2]

; /Arg1 =>

LEA ECX,[LOCAL.4]
CALL 0042EC65

; |
; \SystemIn

MOV EAX,DWORD PTR SS:[LOCAL.4]


CMP DWORD PTR DS:[EAX+0AC],1
JLE SHORT 00434CC1
LEA EAX,[LOCAL.4]
PUSH EAX
PUSH 2
PUSH DWORD PTR SS:[ARG.1]
CALL 0043E0CC
ADD ESP,0C

00434CBF |. EB 10
00434CC1 |> 8B80 C8000000
00434CC7 |. 8B4D 08
00434CCA |. 0FB70448
00434CCE |. 83E0 02
00434CD1 |> 807D FC 00
00434CD5 |. 74 07
00434CD7 |. 8B4D F8
00434CDA |. 8361 70 FD
00434CDE |> C9
00434CDF \. C3
00434CE0 /$ 8BFF
o.00434CE0(guessed Arg1)
00434CE2 |. 55
00434CE3 |. 8BEC
00434CE5 |. 833D D02C4500
00434CEC |. 75 12
00434CEE |. 8B45 08
00434CF1 |. 8B0D D01D4500
00434CF7 |. 0FB70441
00434CFB |. 83E0 02
00434CFE |. 5D
00434CFF |. C3
00434D00 |> 6A 00
00434D02 |. FF75 08
00434D05 |. E8 85FFFFFF
00434D0A |. 59
00434D0B |. 59
00434D0C |. 5D
00434D0D \. C3
00434D0E /$ 8BFF
00434D10 |. 55
00434D11 |. 8BEC
00434D13 |. 83EC 10
00434D16 |. FF75 0C
[ARG.2]
00434D19 |. 8D4D F0
00434D1C |. E8 449FFFFF
fo.0042EC65
00434D21 |. 8B45 F0
00434D24 |. 83B8 AC000000
00434D2B |. 7E 13
00434D2D |. 8D45 F0
00434D30 |. 50
00434D31 |. 6A 04
00434D33 |. FF75 08
00434D36 |. E8 91930000
00434D3B |. 83C4 0C
00434D3E |. EB 10
00434D40 |> 8B80 C8000000
00434D46 |. 8B4D 08
00434D49 |. 0FB70448
00434D4D |. 83E0 04
00434D50 |> 807D FC 00
00434D54 |. 74 07
00434D56 |. 8B4D F8
00434D59 |. 8361 70 FD
00434D5D |> C9
00434D5E \. C3
00434D5F /$ 8BFF

JMP SHORT 00434CD1


MOV EAX,DWORD PTR DS:[EAX+0C8]
MOV ECX,DWORD PTR SS:[ARG.1]
MOVZX EAX,WORD PTR DS:[ECX*2+EAX]
AND EAX,00000002
CMP BYTE PTR SS:[LOCAL.1],0
JE SHORT 00434CDE
MOV ECX,DWORD PTR SS:[LOCAL.2]
AND DWORD PTR DS:[ECX+70],FFFFFFFD
LEAVE
RETN
MOV EDI,EDI

; SystemInf

PUSH EBP
MOV EBP,ESP
CMP DWORD PTR DS:[452CD0],0
JNE SHORT 00434D00
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ECX,DWORD PTR DS:[451DD0]
MOVZX EAX,WORD PTR DS:[EAX*2+ECX]
AND EAX,00000002
POP EBP
RETN
PUSH 0
PUSH DWORD PTR SS:[ARG.1]
CALL 00434C8F
POP ECX
POP ECX
POP EBP
RETN
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
SUB ESP,10
PUSH DWORD PTR SS:[ARG.2]

; /Arg1 =>

LEA ECX,[LOCAL.4]
CALL 0042EC65

; |
; \SystemIn

MOV EAX,DWORD PTR SS:[LOCAL.4]


CMP DWORD PTR DS:[EAX+0AC],1
JLE SHORT 00434D40
LEA EAX,[LOCAL.4]
PUSH EAX
PUSH 4
PUSH DWORD PTR SS:[ARG.1]
CALL 0043E0CC
ADD ESP,0C
JMP SHORT 00434D50
MOV EAX,DWORD PTR DS:[EAX+0C8]
MOV ECX,DWORD PTR SS:[ARG.1]
MOVZX EAX,WORD PTR DS:[ECX*2+EAX]
AND EAX,00000004
CMP BYTE PTR SS:[LOCAL.1],0
JE SHORT 00434D5D
MOV ECX,DWORD PTR SS:[LOCAL.2]
AND DWORD PTR DS:[ECX+70],FFFFFFFD
LEAVE
RETN
MOV EDI,EDI

; SystemInf

o.00434D5F(guessed Arg1)
00434D61 |. 55
00434D62 |. 8BEC
00434D64 |. 833D D02C4500
00434D6B |. 75 12
00434D6D |. 8B45 08
00434D70 |. 8B0D D01D4500
00434D76 |. 0FB70441
00434D7A |. 83E0 04
00434D7D |. 5D
00434D7E |. C3
00434D7F |> 6A 00
00434D81 |. FF75 08
00434D84 |. E8 85FFFFFF
00434D89 |. 59
00434D8A |. 59
00434D8B |. 5D
00434D8C \. C3
00434D8D /$ 8BFF
00434D8F |. 55
00434D90 |. 8BEC
00434D92 |. 83EC 10
00434D95 |. FF75 0C
[ARG.2]
00434D98 |. 8D4D F0
00434D9B |. E8 C59EFFFF
fo.0042EC65
00434DA0 |. 8B45 F0
00434DA3 |. 83B8 AC000000
00434DAA |. 7E 16
00434DAC |. 8D45 F0
00434DAF |. 50
00434DB0 |. 68 80000000
00434DB5 |. FF75 08
00434DB8 |. E8 0F930000
00434DBD |. 83C4 0C
00434DC0 |. EB 12
00434DC2 |> 8B80 C8000000
00434DC8 |. 8B4D 08
00434DCB |. 0FB70448
00434DCF |. 25 80000000
00434DD4 |> 807D FC 00
00434DD8 |. 74 07
00434DDA |. 8B4D F8
00434DDD |. 8361 70 FD
00434DE1 |> C9
00434DE2 \. C3
00434DE3 /$ 8BFF
o.00434DE3(guessed Arg1)
00434DE5 |. 55
00434DE6 |. 8BEC
00434DE8 |. 833D D02C4500
00434DEF |. 75 14
00434DF1 |. 8B45 08
00434DF4 |. 8B0D D01D4500
00434DFA |. 0FB70441
00434DFE |. 25 80000000
00434E03 |. 5D
00434E04 |. C3
00434E05 |> 6A 00

PUSH EBP
MOV EBP,ESP
CMP DWORD PTR DS:[452CD0],0
JNE SHORT 00434D7F
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ECX,DWORD PTR DS:[451DD0]
MOVZX EAX,WORD PTR DS:[EAX*2+ECX]
AND EAX,00000004
POP EBP
RETN
PUSH 0
PUSH DWORD PTR SS:[ARG.1]
CALL 00434D0E
POP ECX
POP ECX
POP EBP
RETN
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
SUB ESP,10
PUSH DWORD PTR SS:[ARG.2]

; /Arg1 =>

LEA ECX,[LOCAL.4]
CALL 0042EC65

; |
; \SystemIn

MOV EAX,DWORD PTR SS:[LOCAL.4]


CMP DWORD PTR DS:[EAX+0AC],1
JLE SHORT 00434DC2
LEA EAX,[LOCAL.4]
PUSH EAX
PUSH 80
PUSH DWORD PTR SS:[ARG.1]
CALL 0043E0CC
ADD ESP,0C
JMP SHORT 00434DD4
MOV EAX,DWORD PTR DS:[EAX+0C8]
MOV ECX,DWORD PTR SS:[ARG.1]
MOVZX EAX,WORD PTR DS:[ECX*2+EAX]
AND EAX,00000080
CMP BYTE PTR SS:[LOCAL.1],0
JE SHORT 00434DE1
MOV ECX,DWORD PTR SS:[LOCAL.2]
AND DWORD PTR DS:[ECX+70],FFFFFFFD
LEAVE
RETN
MOV EDI,EDI

; SystemInf

PUSH EBP
MOV EBP,ESP
CMP DWORD PTR DS:[452CD0],0
JNE SHORT 00434E05
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ECX,DWORD PTR DS:[451DD0]
MOVZX EAX,WORD PTR DS:[EAX*2+ECX]
AND EAX,00000080
POP EBP
RETN
PUSH 0

00434E07 |. FF75 08
PUSH DWORD PTR SS:[ARG.1]
00434E0A |. E8 7EFFFFFF CALL 00434D8D
00434E0F |. 59
POP ECX
00434E10 |. 59
POP ECX
00434E11 |. 5D
POP EBP
00434E12 \. C3
RETN
00434E13 /$ 8BFF
MOV EDI,EDI
o.00434E13(guessed Arg1)
00434E15 |. 55
PUSH EBP
00434E16 |. 8BEC
MOV EBP,ESP
00434E18 |. 56
PUSH ESI
00434E19 |. 57
PUSH EDI
00434E1A |. 33F6
XOR ESI,ESI
00434E1C |> FF75 08
/PUSH DWORD PTR SS:[ARG.1]
[ARG.1]
00434E1F |. E8 120C0000 |CALL 00435A36
fo.00435A36
00434E24 |. 8BF8
|MOV EDI,EAX
00434E26 |. 59
|POP ECX
00434E27 |. 85FF
|TEST EDI,EDI
00434E29 |. 75 27
|JNE SHORT 00434E52
00434E2B |. 3905 E42C4500 |CMP DWORD PTR DS:[452CE4],EAX
00434E31 |. 76 1F
|JBE SHORT 00434E52
00434E33 |. 56
|PUSH ESI
00434E34 |. FF15 50804400 |CALL DWORD PTR DS:[<&KERNEL32.Sleep>]
.Sleep
00434E3A |. 8D86 E8030000 |LEA EAX,[ESI+3E8]
00434E40 |. 3B05 E42C4500 |CMP EAX,DWORD PTR DS:[452CE4]
00434E46 |. 76 03
|JBE SHORT 00434E4B
00434E48 |. 83C8 FF
|OR EAX,FFFFFFFF
00434E4B |> 8BF0
|MOV ESI,EAX
00434E4D |. 83F8 FF
|CMP EAX,-1
00434E50 |.^ 75 CA
\JNE SHORT 00434E1C
00434E52 |> 8BC7
MOV EAX,EDI
00434E54 |. 5F
POP EDI
00434E55 |. 5E
POP ESI
00434E56 |. 5D
POP EBP
00434E57 \. C3
RETN
00434E58 /$ 8BFF
MOV EDI,EDI
o.00434E58(guessed Arg1,Arg2)
00434E5A |. 55
PUSH EBP
00434E5B |. 8BEC
MOV EBP,ESP
00434E5D |. 56
PUSH ESI
00434E5E |. 57
PUSH EDI
00434E5F |. 33F6
XOR ESI,ESI
00434E61 |> 6A 00
/PUSH 0
00434E63 |. FF75 0C
|PUSH DWORD PTR SS:[ARG.2]
00434E66 |. FF75 08
|PUSH DWORD PTR SS:[ARG.1]
00434E69 |. E8 16930000 |CALL 0043E184
00434E6E |. 8BF8
|MOV EDI,EAX
00434E70 |. 83C4 0C
|ADD ESP,0C
00434E73 |. 85FF
|TEST EDI,EDI
00434E75 |. 75 27
|JNE SHORT 00434E9E
00434E77 |. 3905 E42C4500 |CMP DWORD PTR DS:[452CE4],EAX
00434E7D |. 76 1F
|JBE SHORT 00434E9E
00434E7F |. 56
|PUSH ESI
00434E80 |. FF15 50804400 |CALL DWORD PTR DS:[<&KERNEL32.Sleep>]
.Sleep
00434E86 |. 8D86 E8030000 |LEA EAX,[ESI+3E8]
00434E8C |. 3B05 E42C4500 |CMP EAX,DWORD PTR DS:[452CE4]

; SystemInf

; /Arg1 =>
; \SystemIn

; /Time
; \KERNEL32

; SystemInf

; /Time
; \KERNEL32

00434E92 |. 76 03
|JBE SHORT 00434E97
00434E94 |. 83C8 FF
|OR EAX,FFFFFFFF
00434E97 |> 8BF0
|MOV ESI,EAX
00434E99 |. 83F8 FF
|CMP EAX,-1
00434E9C |.^ 75 C3
\JNE SHORT 00434E61
00434E9E |> 8BC7
MOV EAX,EDI
00434EA0 |. 5F
POP EDI
00434EA1 |. 5E
POP ESI
00434EA2 |. 5D
POP EBP
00434EA3 \. C3
RETN
00434EA4 /$ 8BFF
MOV EDI,EDI
o.00434EA4(guessed Arg1,Arg2)
00434EA6 |. 55
PUSH EBP
00434EA7 |. 8BEC
MOV EBP,ESP
00434EA9 |. 56
PUSH ESI
00434EAA |. 57
PUSH EDI
00434EAB |. 33F6
XOR ESI,ESI
00434EAD |> FF75 0C
/PUSH DWORD PTR SS:[ARG.2]
00434EB0 |. FF75 08
|PUSH DWORD PTR SS:[ARG.1]
00434EB3 |. E8 EA930000 |CALL 0043E2A2
00434EB8 |. 8BF8
|MOV EDI,EAX
00434EBA |. 59
|POP ECX
00434EBB |. 59
|POP ECX
00434EBC |. 85FF
|TEST EDI,EDI
00434EBE |. 75 2C
|JNE SHORT 00434EEC
00434EC0 |. 3945 0C
|CMP DWORD PTR SS:[ARG.2],EAX
00434EC3 |. 74 27
|JE SHORT 00434EEC
00434EC5 |. 3905 E42C4500 |CMP DWORD PTR DS:[452CE4],EAX
00434ECB |. 76 1F
|JBE SHORT 00434EEC
00434ECD |. 56
|PUSH ESI
00434ECE |. FF15 50804400 |CALL DWORD PTR DS:[<&KERNEL32.Sleep>]
.Sleep
00434ED4 |. 8D86 E8030000 |LEA EAX,[ESI+3E8]
00434EDA |. 3B05 E42C4500 |CMP EAX,DWORD PTR DS:[452CE4]
00434EE0 |. 76 03
|JBE SHORT 00434EE5
00434EE2 |. 83C8 FF
|OR EAX,FFFFFFFF
00434EE5 |> 8BF0
|MOV ESI,EAX
00434EE7 |. 83F8 FF
|CMP EAX,-1
00434EEA |.^ 75 C1
\JNE SHORT 00434EAD
00434EEC |> 8BC7
MOV EAX,EDI
00434EEE |. 5F
POP EDI
00434EEF |. 5E
POP ESI
00434EF0 |. 5D
POP EBP
00434EF1 \. C3
RETN
00434EF2 /$ 8BFF
MOV EDI,EDI
o.00434EF2(guessed Arg1,Arg2,Arg3)
00434EF4 |. 55
PUSH EBP
00434EF5 |. 8BEC
MOV EBP,ESP
00434EF7 |. 56
PUSH ESI
00434EF8 |. 57
PUSH EDI
00434EF9 |. 33F6
XOR ESI,ESI
00434EFB |> FF75 10
/PUSH DWORD PTR SS:[ARG.3]
[ARG.3]
00434EFE |. FF75 0C
|PUSH DWORD PTR SS:[ARG.2]
[ARG.2]
00434F01 |. FF75 08
|PUSH DWORD PTR SS:[ARG.1]
[ARG.1]
00434F04 |. E8 B4950000 |CALL 0043E4BD
fo.0043E4BD
00434F09 |. 8BF8
|MOV EDI,EAX

; SystemInf

; /Time
; \KERNEL32

; SystemInf

; /Arg3 =>
; |Arg2 =>
; |Arg1 =>
; \SystemIn

00434F0B |. 83C4 0C
|ADD ESP,0C
00434F0E |. 85FF
|TEST EDI,EDI
00434F10 |. 75 2C
|JNE SHORT 00434F3E
00434F12 |. 3945 10
|CMP DWORD PTR SS:[ARG.3],EAX
00434F15 |. 74 27
|JE SHORT 00434F3E
00434F17 |. 3905 E42C4500 |CMP DWORD PTR DS:[452CE4],EAX
00434F1D |. 76 1F
|JBE SHORT 00434F3E
00434F1F |. 56
|PUSH ESI
00434F20 |. FF15 50804400 |CALL DWORD PTR DS:[<&KERNEL32.Sleep>]
.Sleep
00434F26 |. 8D86 E8030000 |LEA EAX,[ESI+3E8]
00434F2C |. 3B05 E42C4500 |CMP EAX,DWORD PTR DS:[452CE4]
00434F32 |. 76 03
|JBE SHORT 00434F37
00434F34 |. 83C8 FF
|OR EAX,FFFFFFFF
00434F37 |> 8BF0
|MOV ESI,EAX
00434F39 |. 83F8 FF
|CMP EAX,-1
00434F3C |.^ 75 BD
\JNE SHORT 00434EFB
00434F3E |> 8BC7
MOV EAX,EDI
00434F40 |. 5F
POP EDI
00434F41 |. 5E
POP ESI
00434F42 |. 5D
POP EBP
00434F43 \. C3
RETN
00434F44 /$ 8BFF
MOV EDI,EDI
o.00434F44(guessed Arg1,Arg2,Arg3)
00434F46 |. 55
PUSH EBP
00434F47 |. 8BEC
MOV EBP,ESP
00434F49 |. 51
PUSH ECX
00434F4A |. 53
PUSH EBX
00434F4B |. 56
PUSH ESI
00434F4C |. 8BF1
MOV ESI,ECX
00434F4E |. 33DB
XOR EBX,EBX
00434F50 |. 3BF3
CMP ESI,EBX
00434F52 |. 75 1E
JNE SHORT 00434F72
00434F54 |. E8 A4F4FFFF CALL 004343FD
fo.004343FD
00434F59 |. 6A 16
PUSH 16
00434F5B |. 5E
POP ESI
00434F5C |. 53
PUSH EBX
00434F5D |. 53
PUSH EBX
00434F5E |. 53
PUSH EBX
00434F5F |. 53
PUSH EBX
00434F60 |. 53
PUSH EBX
00434F61 |. 8930
MOV DWORD PTR DS:[EAX],ESI
00434F63 |. E8 FA98FFFF CALL 0042E862
fo.0042E862
00434F68 |. 83C4 14
ADD ESP,14
00434F6B |. 8BC6
MOV EAX,ESI
00434F6D |. E9 A9000000 JMP 0043501B
00434F72 |> 57
PUSH EDI
00434F73 |. 395D 08
CMP DWORD PTR SS:[ARG.1],EBX
00434F76 |. 77 1E
JA SHORT 00434F96
00434F78 |> E8 80F4FFFF CALL 004343FD
fo.004343FD
00434F7D |. 6A 16
PUSH 16
00434F7F |> 5E
POP ESI
00434F80 |. 53
PUSH EBX
00434F81 |. 53
PUSH EBX
00434F82 |. 53
PUSH EBX
00434F83 |. 53
PUSH EBX
00434F84 |. 53
PUSH EBX

; /Time
; \KERNEL32

; SystemInf

; [SystemIn

;
;
;
;
;
;
;

/Arg5
|Arg4
|Arg3
|Arg2
|Arg1
|
\SystemIn

; [SystemIn

;
;
;
;
;

/Arg5
|Arg4
|Arg3
|Arg2
|Arg1

00434F85 |.
00434F87 |.
fo.0042E862
00434F8C |.
00434F8F |.
00434F91 |.
00434F96 |>
00434F98 |.
00434F9B |.
00434F9D |.
00434FA0 |.
00434FA1 |.
00434FA4 |.
00434FA6 |>
fo.004343FD
00434FAB |.
00434FAD |.^
00434FAF |>
00434FB2 |.
00434FB5 |.
00434FB8 |.^
00434FBA |.
00434FBD |.
00434FBF |.
00434FC2 |.
00434FC4 |.
00434FC7 |.
00434FCA |.
00434FD1 |.
00434FD3 |>
00434FD5 |>
00434FD7 |.
00434FDA |.
00434FDD |.
00434FDF |.
00434FE2 |.
00434FE4 |>
00434FE7 |>
00434FE9 |.
00434FEA |.
00434FED |.
00434FEF |.
00434FF1 |.
00434FF3 |.
00434FF6 |.
00434FF9 |.^
00434FFB |>
00434FFE |.
00435001 |.
00435003 |.
00435005 |.^
00435007 |>
00435009 |.
0043500A |>
0043500C |.
0043500E |.
00435010 |.
00435011 |.
00435013 |.
00435014 |.

8930
E8 D698FFFF

MOV DWORD PTR DS:[EAX],ESI


CALL 0042E862

; |
; \SystemIn

83C4 14
8BC6
E9 84000000
33C9
395D 10
881E
0F95C1
41
394D 08
77 09
E8 52F4FFFF

ADD ESP,14
MOV EAX,ESI
JMP 0043501A
XOR ECX,ECX
CMP DWORD PTR SS:[ARG.3],EBX
MOV BYTE PTR DS:[ESI],BL
SETNE CL
INC ECX
CMP DWORD PTR SS:[ARG.1],ECX
JA SHORT 00434FAF
CALL 004343FD

; [SystemIn

6A 22
PUSH 22
EB D0
JMP SHORT 00434F7F
8B4D 0C
MOV ECX,DWORD PTR SS:[ARG.2]
83C1 FE
ADD ECX,-2
83F9 22
CMP ECX,22
77 BE
JA SHORT 00434F78
895D FC
MOV DWORD PTR SS:[LOCAL.1],EBX
8BCE
MOV ECX,ESI
395D 10
CMP DWORD PTR SS:[ARG.3],EBX
74 0F
JE SHORT 00434FD3
C606 2D
MOV BYTE PTR DS:[ESI],2D
8D4E 01
LEA ECX,[ESI+1]
C745 FC 01000 MOV DWORD PTR SS:[LOCAL.1],1
F7D8
NEG EAX
8BF9
MOV EDI,ECX
33D2
/XOR EDX,EDX
F775 0C
|DIV DWORD PTR SS:[ARG.2]
83FA 09
|CMP EDX,9
76 05
|JBE SHORT 00434FE4
80C2 57
|ADD DL,57
EB 03
|JMP SHORT 00434FE7
80C2 30
|ADD DL,30
8811
|MOV BYTE PTR DS:[ECX],DL
41
|INC ECX
FF45 FC
|INC DWORD PTR SS:[LOCAL.1]
33DB
|XOR EBX,EBX
3BC3
|CMP EAX,EBX
76 08
|JBE SHORT 00434FFB
8B55 08
|MOV EDX,DWORD PTR SS:[ARG.1]
3955 FC
|CMP DWORD PTR SS:[LOCAL.1],EDX
72 DA
\JB SHORT 00434FD5
8B45 FC
MOV EAX,DWORD PTR SS:[LOCAL.1]
3B45 08
CMP EAX,DWORD PTR SS:[ARG.1]
72 04
JB SHORT 00435007
881E
MOV BYTE PTR DS:[ESI],BL
EB 9F
JMP SHORT 00434FA6
8819
MOV BYTE PTR DS:[ECX],BL
49
DEC ECX
8A17
/MOV DL,BYTE PTR DS:[EDI]
8A01
|MOV AL,BYTE PTR DS:[ECX]
8811
|MOV BYTE PTR DS:[ECX],DL
49
|DEC ECX
8807
|MOV BYTE PTR DS:[EDI],AL
47
|INC EDI
3BF9
|CMP EDI,ECX

00435016 |.^ 72 F2
00435018 |. 33C0
0043501A |> 5F
0043501B |> 5E
0043501C |. 5B
0043501D |. C9
0043501E \. C2 0C00
00435021 /$ 8BFF
00435023 |. 55
00435024 |. 8BEC
00435026 |. 837D 14 0A
0043502A |. 8B45 08
0043502D |. 75 0A
0043502F |. 85C0
00435031 |. 7D 06
00435033 |. 6A 01
00435035 |. 6A 0A
00435037 |. EB 05
00435039 |> 6A 00
0043503B |. FF75 14
0043503E |> FF75 10
[ARG.3]
00435041 |. 8B4D 0C
00435044 |. E8 FBFEFFFF
fo.00434F44
00435049 |. 5D
0043504A \. C3
0043504B /$ 8BFF
o.0043504B(guessed Arg1)
0043504D |. 55
0043504E |. 8BEC
00435050 |. 56
00435051 |. FF35 CC174500
4294967295.
00435057 |. 8B35 84814400
0043505D |. FFD6
.TlsGetValue
0043505F |. 85C0
00435061 |. 74 21
00435063 |. A1 C8174500
00435068 |. 83F8 FF
0043506B |. 74 17
0043506D |. 50
0043506E |. FF35 CC174500
4294967295.
00435074 |. FFD6
.TlsGetValue
00435076 |. FFD0
00435078 |. 85C0
0043507A |. 74 08
0043507C |. 8B80 F8010000
00435082 |. EB 27
00435084 |> BE 50A74400
KERNEL32.DLL"
00435089 |. 56
me => "KERNEL32.DLL"
0043508A |. FF15 80814400
.GetModuleHandleW
00435090 |. 85C0
00435092 |. 75 0B

\JB SHORT 0043500A


XOR EAX,EAX
POP EDI
POP ESI
POP EBX
LEAVE
RETN 0C
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
CMP DWORD PTR SS:[ARG.4],0A
MOV EAX,DWORD PTR SS:[ARG.1]
JNE SHORT 00435039
TEST EAX,EAX
JGE SHORT 00435039
PUSH 1
PUSH 0A
JMP SHORT 0043503E
PUSH 0
PUSH DWORD PTR SS:[ARG.4]
PUSH DWORD PTR SS:[ARG.3]

; |Arg1 =>

MOV ECX,DWORD PTR SS:[ARG.2]


CALL 00434F44

; |
; \SystemIn

POP EBP
RETN
MOV EDI,EDI

; SystemInf

PUSH EBP
MOV EBP,ESP
PUSH ESI
PUSH DWORD PTR DS:[4517CC]

; /Index =

MOV ESI,DWORD PTR DS:[<&KERNEL32.TlsGetV ; |


CALL ESI
; \KERNEL32
TEST EAX,EAX
JE SHORT 00435084
MOV EAX,DWORD PTR DS:[4517C8]
CMP EAX,-1
JE SHORT 00435084
PUSH EAX
PUSH DWORD PTR DS:[4517CC]

; /Index =

CALL ESI

; \KERNEL32

CALL EAX
TEST EAX,EAX
JE SHORT 00435084
MOV EAX,DWORD PTR DS:[EAX+1F8]
JMP SHORT 004350AB
MOV ESI,OFFSET 0044A750

; UNICODE "

PUSH ESI

; /ModuleNa

CALL DWORD PTR DS:[<&KERNEL32.GetModuleH ; \KERNEL32


TEST EAX,EAX
JNE SHORT 0043509F

00435094 |. 56
UNICODE "KERNEL32.DLL"
00435095 |. E8 19360000
fo.004386B3
0043509A |. 59
0043509B |. 85C0
0043509D |. 74 18
0043509F |> 68 40A74400
= "EncodePointer"
004350A4 |. 50
004350A5 |. FF15 7C804400
.GetProcAddress
004350AB |> 85C0
004350AD |. 74 08
004350AF |. FF75 08
004350B2 |. FFD0
004350B4 |. 8945 08
004350B7 |> 8B45 08
004350BA |. 5E
004350BB |. 5D
004350BC \. C3
004350BD /$ 6A 00
004350BF |. E8 87FFFFFF
fo.0043504B
004350C4 |. 59
004350C5 \. C3
004350C6 /$ 8BFF
o.004350C6(guessed Arg1)
004350C8 |. 55
004350C9 |. 8BEC
004350CB |. 56
004350CC |. FF35 CC174500
4294967295.
004350D2 |. 8B35 84814400
004350D8 |. FFD6
.TlsGetValue
004350DA |. 85C0
004350DC |. 74 21
004350DE |. A1 C8174500
004350E3 |. 83F8 FF
004350E6 |. 74 17
004350E8 |. 50
004350E9 |. FF35 CC174500
4294967295.
004350EF |. FFD6
.TlsGetValue
004350F1 |. FFD0
004350F3 |. 85C0
004350F5 |. 74 08
004350F7 |. 8B80 FC010000
004350FD |. EB 27
004350FF |> BE 50A74400
KERNEL32.DLL"
00435104 |. 56
me => "KERNEL32.DLL"
00435105 |. FF15 80814400
.GetModuleHandleW
0043510B |. 85C0
0043510D |. 75 0B
0043510F |. 56

PUSH ESI

; /Arg1 =>

CALL 004386B3

; \SystemIn

POP ECX
TEST EAX,EAX
JE SHORT 004350B7
PUSH OFFSET 0044A740

; /Procname

PUSH EAX
; |hModule
CALL DWORD PTR DS:[<&KERNEL32.GetProcAdd ; \KERNEL32
TEST EAX,EAX
JE SHORT 004350B7
PUSH DWORD PTR SS:[ARG.1]
CALL EAX
MOV DWORD PTR SS:[ARG.1],EAX
MOV EAX,DWORD PTR SS:[ARG.1]
POP ESI
POP EBP
RETN
PUSH 0
CALL 0043504B

; /Arg1 = 0
; \SystemIn

POP ECX
RETN
MOV EDI,EDI

; SystemInf

PUSH EBP
MOV EBP,ESP
PUSH ESI
PUSH DWORD PTR DS:[4517CC]

; /Index =

MOV ESI,DWORD PTR DS:[<&KERNEL32.TlsGetV ; |


CALL ESI
; \KERNEL32
TEST EAX,EAX
JE SHORT 004350FF
MOV EAX,DWORD PTR DS:[4517C8]
CMP EAX,-1
JE SHORT 004350FF
PUSH EAX
PUSH DWORD PTR DS:[4517CC]

; /Index =

CALL ESI

; \KERNEL32

CALL EAX
TEST EAX,EAX
JE SHORT 004350FF
MOV EAX,DWORD PTR DS:[EAX+1FC]
JMP SHORT 00435126
MOV ESI,OFFSET 0044A750

; UNICODE "

PUSH ESI

; /ModuleNa

CALL DWORD PTR DS:[<&KERNEL32.GetModuleH ; \KERNEL32


TEST EAX,EAX
JNE SHORT 0043511A
PUSH ESI

; /Arg1 =>

UNICODE "KERNEL32.DLL"
00435110 |. E8 9E350000
fo.004386B3
00435115 |. 59
00435116 |. 85C0
00435118 |. 74 18
0043511A |> 68 6CA74400
= "DecodePointer"
0043511F |. 50
00435120 |. FF15 7C804400
.GetProcAddress
00435126 |> 85C0
00435128 |. 74 08
0043512A |. FF75 08
0043512D |. FFD0
0043512F |. 8945 08
00435132 |> 8B45 08
00435135 |. 5E
00435136 |. 5D
00435137 \. C3
00435138 /. FF15 88814400
.TlsAlloc
0043513E \. C2 0400
00435141 /$ 8BFF
00435143 |. 56
00435144 |. FF35 CC174500
4294967295.
0043514A |. FF15 84814400
.TlsGetValue
00435150 |. 8BF0
00435152 |. 85F6
00435154 |. 75 1B
00435156 |. FF35 EC2C4500
0043515C |. E8 65FFFFFF
fo.004350C6
00435161 |. 59
00435162 |. 8BF0
00435164 |. 56
00435165 |. FF35 CC174500
4294967295.
0043516B |. FF15 8C814400
.TlsSetValue
00435171 |> 8BC6
00435173 |. 5E
00435174 \. C3
00435175 /$ A1 C8174500
0043517A |. 83F8 FF
0043517D |. 74 16
0043517F |. 50
00435180 |. FF35 F42C4500
00435186 |. E8 3BFFFFFF
fo.004350C6
0043518B |. 59
0043518C |. FFD0
0043518E |. 830D C8174500
00435195 |> A1 CC174500
0043519A |. 83F8 FF
0043519D |. 74 0E
0043519F |. 50
[4517CC] = 4294967295.

CALL 004386B3

; \SystemIn

POP ECX
TEST EAX,EAX
JE SHORT 00435132
PUSH OFFSET 0044A76C

; /Procname

PUSH EAX
; |hModule
CALL DWORD PTR DS:[<&KERNEL32.GetProcAdd ; \KERNEL32
TEST EAX,EAX
JE SHORT 00435132
PUSH DWORD PTR SS:[ARG.1]
CALL EAX
MOV DWORD PTR SS:[ARG.1],EAX
MOV EAX,DWORD PTR SS:[ARG.1]
POP ESI
POP EBP
RETN
CALL DWORD PTR DS:[<&KERNEL32.TlsAlloc>] ; [KERNEL32
RETN 4
MOV EDI,EDI
PUSH ESI
PUSH DWORD PTR DS:[4517CC]

; /Index =

CALL DWORD PTR DS:[<&KERNEL32.TlsGetValu ; \KERNEL32


MOV ESI,EAX
TEST ESI,ESI
JNE SHORT 00435171
PUSH DWORD PTR DS:[452CEC]
CALL 004350C6

; /Arg1 = 0
; \SystemIn

POP ECX
MOV ESI,EAX
PUSH ESI
PUSH DWORD PTR DS:[4517CC]

; /Value
; |Index =

CALL DWORD PTR DS:[<&KERNEL32.TlsSetValu ; \KERNEL32


MOV EAX,ESI
POP ESI
RETN
MOV EAX,DWORD PTR DS:[4517C8]
CMP EAX,-1
JE SHORT 00435195
PUSH EAX
PUSH DWORD PTR DS:[452CF4]
CALL 004350C6

; /Arg1 = 0
; \SystemIn

POP ECX
CALL EAX
OR DWORD PTR DS:[4517C8],FFFFFFFF
MOV EAX,DWORD PTR DS:[4517CC]
CMP EAX,-1
JE SHORT 004351AD
PUSH EAX

; /Index =>

004351A0 |. FF15 90814400


.TlsFree
004351A6 |. 830D CC174500
004351AD \> E9 9D330000
004351B2 /$ 6A 0C
004351B4 |. 68 F8F24400
004351B9 |. E8 2E380000
004351BE |. BE 50A74400
KERNEL32.DLL"
004351C3 |. 56
me => "KERNEL32.DLL"
004351C4 |. FF15 80814400
.GetModuleHandleW
004351CA |. 85C0
004351CC |. 75 07
004351CE |. 56
UNICODE "KERNEL32.DLL"
004351CF |. E8 DF340000
fo.004386B3
004351D4 |. 59
004351D5 |> 8945 E4
004351D8 |. 8B75 08
004351DB |. C746 5C 70B74
004351E2 |. 33FF
004351E4 |. 47
004351E5 |. 897E 14
004351E8 |. 85C0
004351EA |. 74 24
004351EC |. 68 40A74400
= "EncodePointer"
004351F1 |. 50
004351F2 |. 8B1D 7C804400
004351F8 |. FFD3
.GetProcAddress
004351FA |. 8986 F8010000
00435200 |. 68 6CA74400
= "DecodePointer"
00435205 |. FF75 E4
=> [ARG.EBP-1C]
00435208 |. FFD3
.GetProcAddress
0043520A |. 8986 FC010000
00435210 |> 897E 70
00435213 |. C686 C8000000
0043521A |. C686 4B010000
00435221 |. C746 68 D8174
00435228 |. 6A 0D
D
0043522A |. E8 51340000
fo.00438680
0043522F |. 59
00435230 |. 8365 FC 00
00435234 |. FF76 68
00435237 |. FF15 30814400
.InterlockedIncrement
0043523D |. C745 FC FEFFF
00435244 |. E8 3E000000
fo.00435287
00435249 |. 6A 0C
C

CALL DWORD PTR DS:[<&KERNEL32.TlsFree>] ; \KERNEL32


OR DWORD PTR DS:[4517CC],FFFFFFFF
JMP 0043854F
PUSH 0C
PUSH OFFSET 0044F2F8
CALL 004389EC
MOV ESI,OFFSET 0044A750

; UNICODE "

PUSH ESI

; /ModuleNa

CALL DWORD PTR DS:[<&KERNEL32.GetModuleH ; \KERNEL32


TEST EAX,EAX
JNE SHORT 004351D5
PUSH ESI

; /Arg1 =>

CALL 004386B3

; \SystemIn

POP ECX
MOV DWORD PTR SS:[EBP-1C],EAX
MOV ESI,DWORD PTR SS:[EBP+8]
MOV DWORD PTR DS:[ESI+5C],OFFSET 0044B77
XOR EDI,EDI
INC EDI
MOV DWORD PTR DS:[ESI+14],EDI
TEST EAX,EAX
JE SHORT 00435210
PUSH OFFSET 0044A740
; /Procname
PUSH EAX
; |hModule
MOV EBX,DWORD PTR DS:[<&KERNEL32.GetProc ; |
CALL EBX
; \KERNEL32
MOV DWORD PTR DS:[ESI+1F8],EAX
PUSH OFFSET 0044A76C

; /Procname

PUSH DWORD PTR SS:[EBP-1C]

; |hModule

CALL EBX

; \KERNEL32

MOV DWORD PTR DS:[ESI+1FC],EAX


MOV DWORD PTR DS:[ESI+70],EDI
MOV BYTE PTR DS:[ESI+0C8],43
MOV BYTE PTR DS:[ESI+14B],43
MOV DWORD PTR DS:[ESI+68],OFFSET 004517D
PUSH 0D
; /Arg1 = 0
CALL 00438680

; \SystemIn

POP ECX
AND DWORD PTR SS:[EBP-4],00000000
PUSH DWORD PTR DS:[ESI+68]
; /pTarget
CALL DWORD PTR DS:[<&KERNEL32.Interlocke ; \KERNEL32
MOV DWORD PTR SS:[EBP-4],-2
CALL 00435287

; [SystemIn

PUSH 0C

; /Arg1 = 0

0043524B |.
fo.00438680
00435250 |.
00435251 |.
00435254 |.
00435257 |.
0043525A |.
0043525C |.
0043525E |.
00435263 |.
00435266 |>
00435269 |.
fo.00430FD4
0043526E |.
0043526F |.
00435276 |.
0043527B |.
00435280 \.
00435281
00435282
00435283
00435284
00435285
00435286
00435287 /$
D
00435289 |.
fo.004385A6
0043528E |.
0043528F \.
00435290 /$
C
00435292 |.
fo.004385A6
00435297 |.
00435298 \.
00435299 /$
0043529B |.
0043529C |.
0043529D |.
.GetLastError
004352A3 |.
004352A9 |.
004352AB |.
004352B0 |.
004352B2 |.
004352B4 |.
004352B6 |.
004352B8 |.
14
004352BD |.
004352BF |.
fo.00434E58
004352C4 |.
004352C6 |.
004352C7 |.
004352C8 |.
004352CA |.
004352CC |.
004352CD |.

E8 30340000

CALL 00438680

; \SystemIn

59
897D FC
8B45 0C
8946 6C
85C0
75 08
A1 E01D4500
8946 6C
FF76 6C
E8 66BDFFFF

POP ECX
MOV DWORD PTR SS:[EBP-4],EDI
MOV EAX,DWORD PTR SS:[EBP+0C]
MOV DWORD PTR DS:[ESI+6C],EAX
TEST EAX,EAX
JNE SHORT 00435266
MOV EAX,DWORD PTR DS:[451DE0]
MOV DWORD PTR DS:[ESI+6C],EAX
PUSH DWORD PTR DS:[ESI+6C]
CALL 00430FD4

; /Arg1
; \SystemIn

59
C745 FC FEFFF
E8 15000000
E8 B1370000
C3
33
FF
47
8B
75
08
6A 0D

POP ECX
MOV DWORD PTR SS:[EBP-4],-2
CALL 00435290
CALL 00438A31
RETN
DB 33
DB FF
DB 47
DB 8B
DB 75
DB 08
PUSH 0D

E8 18330000

CALL 004385A6

; \SystemIn

59
C3
6A 0C

POP ECX
RETN
PUSH 0C

; /Arg1 = 0

E8 0F330000

CALL 004385A6

; \SystemIn

59
C3
8BFF
56
57
FF15 58804400

POP ECX
RETN
MOV EDI,EDI
PUSH ESI
PUSH EDI
CALL DWORD PTR DS:[<&KERNEL32.GetLastErr ; [KERNEL32

FF35 C8174500
8BF8
E8 91FEFFFF
FFD0
8BF0
85F6
75 4E
68 14020000

PUSH DWORD PTR DS:[4517C8]


MOV EDI,EAX
CALL 00435141
CALL EAX
MOV ESI,EAX
TEST ESI,ESI
JNE SHORT 00435306
PUSH 214

; /Arg2 = 2

6A 01
E8 94FBFFFF

PUSH 1
CALL 00434E58

; |Arg1 = 1
; \SystemIn

8BF0
59
59
85F6
74 3A
56
FF35 C8174500

MOV ESI,EAX
POP ECX
POP ECX
TEST ESI,ESI
JE SHORT 00435306
PUSH ESI
PUSH DWORD PTR DS:[4517C8]

; CHAR '3'
; CHAR 'G'
; CHAR 'u'
; Backspace
; /Arg1 = 0

004352D3 |. FF35 F02C4500


004352D9 |. E8 E8FDFFFF
fo.004350C6
004352DE |. 59
004352DF |. FFD0
004352E1 |. 85C0
004352E3 |. 74 18
004352E5 |. 6A 00
004352E7 |. 56
004352E8 |. E8 C5FEFFFF
004352ED |. 59
004352EE |. 59
004352EF |. FF15 98814400
.GetCurrentThreadId
004352F5 |. 834E 04 FF
004352F9 |. 8906
004352FB |. EB 09
004352FD |> 56
004352FE |. E8 DBDEFFFF
fo.004331DE
00435303 |. 59
00435304 |. 33F6
00435306 |> 57
00435307 |. FF15 94814400
.SetLastError
0043530D |. 5F
0043530E |. 8BC6
00435310 |. 5E
00435311 \. C3
00435312 /$ 8BFF
o.00435312(guessed void)
00435314 |. 56
00435315 |. E8 7FFFFFFF
0043531A |. 8BF0
0043531C |. 85F6
0043531E |. 75 08
00435320 |. 6A 10
0
00435322 |. E8 BC330000
fo.004386E3
00435327 |. 59
00435328 |> 8BC6
0043532A |. 5E
0043532B \. C3
0043532C /. 6A 08
0043532E |. 68 20F34400
00435333 |. E8 B4360000
00435338 |. 8B75 08
0043533B |. 85F6
0043533D |. 0F84 F8000000
00435343 |. 8B46 24
00435346 |. 85C0
00435348 |. 74 07
0043534A |. 50
0043534B |. E8 8EDEFFFF
fo.004331DE
00435350 |. 59
00435351 |> 8B46 2C
00435354 |. 85C0
00435356 |. 74 07

PUSH DWORD PTR DS:[452CF0]


CALL 004350C6

; /Arg1 = 0
; \SystemIn

POP ECX
CALL EAX
TEST EAX,EAX
JE SHORT 004352FD
PUSH 0
PUSH ESI
CALL 004351B2
POP ECX
POP ECX
CALL DWORD PTR DS:[<&KERNEL32.GetCurrent ; [KERNEL32
OR DWORD PTR DS:[ESI+4],FFFFFFFF
MOV DWORD PTR DS:[ESI],EAX
JMP SHORT 00435306
PUSH ESI
CALL 004331DE

; /Arg1
; \SystemIn

POP ECX
XOR ESI,ESI
PUSH EDI
; /ErrCode
CALL DWORD PTR DS:[<&KERNEL32.SetLastErr ; \KERNEL32
POP EDI
MOV EAX,ESI
POP ESI
RETN
MOV EDI,EDI

; SystemInf

PUSH ESI
CALL 00435299
MOV ESI,EAX
TEST ESI,ESI
JNE SHORT 00435328
PUSH 10

; /Arg1 = 1

CALL 004386E3

; \SystemIn

POP ECX
MOV EAX,ESI
POP ESI
RETN
PUSH 8
PUSH OFFSET 0044F320
CALL 004389EC
MOV ESI,DWORD PTR SS:[EBP+8]
TEST ESI,ESI
JE 0043543B
MOV EAX,DWORD PTR DS:[ESI+24]
TEST EAX,EAX
JE SHORT 00435351
PUSH EAX
CALL 004331DE

; /Arg1
; \SystemIn

POP ECX
MOV EAX,DWORD PTR DS:[ESI+2C]
TEST EAX,EAX
JE SHORT 0043535F

00435358 |. 50
00435359 |. E8 80DEFFFF
fo.004331DE
0043535E |. 59
0043535F |> 8B46 34
00435362 |. 85C0
00435364 |. 74 07
00435366 |. 50
00435367 |. E8 72DEFFFF
fo.004331DE
0043536C |. 59
0043536D |> 8B46 3C
00435370 |. 85C0
00435372 |. 74 07
00435374 |. 50
00435375 |. E8 64DEFFFF
fo.004331DE
0043537A |. 59
0043537B |> 8B46 40
0043537E |. 85C0
00435380 |. 74 07
00435382 |. 50
00435383 |. E8 56DEFFFF
fo.004331DE
00435388 |. 59
00435389 |> 8B46 44
0043538C |. 85C0
0043538E |. 74 07
00435390 |. 50
00435391 |. E8 48DEFFFF
fo.004331DE
00435396 |. 59
00435397 |> 8B46 48
0043539A |. 85C0
0043539C |. 74 07
0043539E |. 50
0043539F |. E8 3ADEFFFF
fo.004331DE
004353A4 |. 59
004353A5 |> 8B46 5C
004353A8 |. 3D 70B74400
004353AD |. 74 07
004353AF |. 50
004353B0 |. E8 29DEFFFF
fo.004331DE
004353B5 |. 59
004353B6 |> 6A 0D
D
004353B8 |. E8 C3320000
fo.00438680
004353BD |. 59
004353BE |. 8365 FC 00
004353C2 |. 8B7E 68
004353C5 |. 85FF
004353C7 |. 74 1A
004353C9 |. 57
004353CA |. FF15 34814400
.InterlockedDecrement
004353D0 |. 85C0
004353D2 |. 75 0F

PUSH EAX
CALL 004331DE

; /Arg1
; \SystemIn

POP ECX
MOV EAX,DWORD PTR DS:[ESI+34]
TEST EAX,EAX
JE SHORT 0043536D
PUSH EAX
CALL 004331DE

; /Arg1
; \SystemIn

POP ECX
MOV EAX,DWORD PTR DS:[ESI+3C]
TEST EAX,EAX
JE SHORT 0043537B
PUSH EAX
CALL 004331DE

; /Arg1
; \SystemIn

POP ECX
MOV EAX,DWORD PTR DS:[ESI+40]
TEST EAX,EAX
JE SHORT 00435389
PUSH EAX
CALL 004331DE

; /Arg1
; \SystemIn

POP ECX
MOV EAX,DWORD PTR DS:[ESI+44]
TEST EAX,EAX
JE SHORT 00435397
PUSH EAX
CALL 004331DE

; /Arg1
; \SystemIn

POP ECX
MOV EAX,DWORD PTR DS:[ESI+48]
TEST EAX,EAX
JE SHORT 004353A5
PUSH EAX
CALL 004331DE

; /Arg1
; \SystemIn

POP ECX
MOV EAX,DWORD PTR DS:[ESI+5C]
CMP EAX,OFFSET 0044B770
JE SHORT 004353B6
PUSH EAX
CALL 004331DE

; /Arg1
; \SystemIn

POP ECX
PUSH 0D

; /Arg1 = 0

CALL 00438680

; \SystemIn

POP ECX
AND DWORD PTR SS:[EBP-4],00000000
MOV EDI,DWORD PTR DS:[ESI+68]
TEST EDI,EDI
JE SHORT 004353E3
PUSH EDI
; /pTarget
CALL DWORD PTR DS:[<&KERNEL32.Interlocke ; \KERNEL32
TEST EAX,EAX
JNE SHORT 004353E3

004353D4 |.
004353DA |.
004353DC |.
004353DD |.
fo.004331DE
004353E2 |.
004353E3 |>
004353EA |.
004353EF |.
C
004353F1 |.
fo.00438680
004353F6 |.
004353F7 |.
004353FE |.
00435401 |.
00435403 |.
00435405 |.
00435406 |.
fo.00431063
0043540B |.
0043540C |.
00435412 |.
00435414 |.
0043541A |.
0043541C |.
0043541F |.
00435421 |.
00435422 |.
00435427 |.
00435428 |>
0043542F |.
00435434 |.
00435435 |.
fo.004331DE
0043543A |.
0043543B |>
00435440 \.
00435443
00435444
00435445
00435446 /$
D
00435448 |.
fo.004385A6
0043544D |.
0043544E \.
0043544F
00435450
00435451
00435452 /$
C
00435454 |.
fo.004385A6
00435459 |.
0043545A \.
0043545B /$
0043545D |.
0043545E |.
0043545F |.

81FF D8174500
74 07
57
E8 FCDDFFFF

CMP EDI,OFFSET 004517D8


JE SHORT 004353E3
PUSH EDI
CALL 004331DE

; /Arg1
; \SystemIn

59
C745 FC FEFFF
E8 57000000
6A 0C

POP ECX
MOV DWORD PTR SS:[EBP-4],-2
CALL 00435446
PUSH 0C

; /Arg1 = 0

E8 8A320000

CALL 00438680

; \SystemIn

59
C745 FC 01000
8B7E 6C
85FF
74 23
57
E8 58BCFFFF

POP ECX
MOV DWORD PTR SS:[EBP-4],1
MOV EDI,DWORD PTR DS:[ESI+6C]
TEST EDI,EDI
JE SHORT 00435428
PUSH EDI
CALL 00431063

; /Arg1
; \SystemIn

59
3B3D E01D4500
74 14
81FF 081D4500
74 0C
833F 00
75 07
57
E8 64BAFFFF
59
C745 FC FEFFF
E8 1E000000
56
E8 A4DDFFFF

POP ECX
CMP EDI,DWORD PTR DS:[451DE0]
JE SHORT 00435428
CMP EDI,OFFSET 00451D08
JE SHORT 00435428
CMP DWORD PTR DS:[EDI],0
JNE SHORT 00435428
PUSH EDI
CALL 00430E8B
POP ECX
MOV DWORD PTR SS:[EBP-4],-2
CALL 00435452
PUSH ESI
CALL 004331DE

; /Arg1
; \SystemIn

59
E8 F1350000
C2 0400
8B
75
08
6A 0D

POP ECX
CALL 00438A31
RETN 4
DB 8B
DB 75
DB 08
PUSH 0D

; CHAR 'u'
; Backspace
; /Arg1 = 0

E8 59310000

CALL 004385A6

; \SystemIn

59
C3
8B
75
08
6A 0C

POP ECX
RETN
DB 8B
DB 75
DB 08
PUSH 0C

; CHAR 'u'
; Backspace
; /Arg1 = 0

E8 4D310000

CALL 004385A6

; \SystemIn

59
C3
8BFF
56
57
BE 50A74400

POP ECX
RETN
MOV EDI,EDI
PUSH ESI
PUSH EDI
MOV ESI,OFFSET 0044A750

; UNICODE "

KERNEL32.DLL"
00435464 |. 56
me => "KERNEL32.DLL"
00435465 |. FF15 80814400
.GetModuleHandleW
0043546B |. 85C0
0043546D |. 75 07
0043546F |. 56
UNICODE "KERNEL32.DLL"
00435470 |. E8 3E320000
fo.004386B3
00435475 |. 59
00435476 |> 8BF8
00435478 |. 85FF
0043547A |. 0F84 5E010000
00435480 |. 8B35 7C804400
00435486 |. 68 9CA74400
= "FlsAlloc"
0043548B |. 57
0043548C |. FFD6
.GetProcAddress
0043548E |. 68 90A74400
= "FlsGetValue"
00435493 |. 57
00435494 |. A3 E82C4500
00435499 |. FFD6
.GetProcAddress
0043549B |. 68 84A74400
= "FlsSetValue"
004354A0 |. 57
004354A1 |. A3 EC2C4500
004354A6 |. FFD6
.GetProcAddress
004354A8 |. 68 7CA74400
= "FlsFree"
004354AD |. 57
004354AE |. A3 F02C4500
004354B3 |. FFD6
.GetProcAddress
004354B5 |. 833D E82C4500
004354BC |. 8B35 8C814400
004354C2 |. A3 F42C4500
004354C7 |. 74 16
004354C9 |. 833D EC2C4500
004354D0 |. 74 0D
004354D2 |. 833D F02C4500
004354D9 |. 74 04
004354DB |. 85C0
004354DD |. 75 24
004354DF |> A1 84814400
004354E4 |. A3 EC2C4500
004354E9 |. A1 90814400
004354EE |. C705 E82C4500
004354F8 |. 8935 F02C4500
004354FE |. A3 F42C4500
00435503 |> FF15 88814400
.TlsAlloc
00435509 |. A3 CC174500
0043550E |. 83F8 FF
00435511 |. 0F84 CC000000

PUSH ESI

; /ModuleNa

CALL DWORD PTR DS:[<&KERNEL32.GetModuleH ; \KERNEL32


TEST EAX,EAX
JNE SHORT 00435476
PUSH ESI

; /Arg1 =>

CALL 004386B3

; \SystemIn

POP ECX
MOV EDI,EAX
TEST EDI,EDI
JE 004355DE
MOV ESI,DWORD PTR DS:[<&KERNEL32.GetProc
PUSH OFFSET 0044A79C
; /Procname
PUSH EDI
CALL ESI

; |hModule
; \KERNEL32

PUSH OFFSET 0044A790

; /Procname

PUSH EDI
MOV DWORD PTR DS:[452CE8],EAX
CALL ESI

; |hModule
; |
; \KERNEL32

PUSH OFFSET 0044A784

; /Procname

PUSH EDI
MOV DWORD PTR DS:[452CEC],EAX
CALL ESI

; |hModule
; |
; \KERNEL32

PUSH OFFSET 0044A77C

; /Procname

PUSH EDI
MOV DWORD PTR DS:[452CF0],EAX
CALL ESI

; |hModule
; |
; \KERNEL32

CMP DWORD PTR DS:[452CE8],0


MOV ESI,DWORD PTR DS:[<&KERNEL32.TlsSetV
MOV DWORD PTR DS:[452CF4],EAX
JE SHORT 004354DF
CMP DWORD PTR DS:[452CEC],0
JE SHORT 004354DF
CMP DWORD PTR DS:[452CF0],0
JE SHORT 004354DF
TEST EAX,EAX
JNE SHORT 00435503
MOV EAX,DWORD PTR DS:[<&KERNEL32.TlsGetV
MOV DWORD PTR DS:[452CEC],EAX
MOV EAX,DWORD PTR DS:[<&KERNEL32.TlsFree
MOV DWORD PTR DS:[452CE8],00435138
MOV DWORD PTR DS:[452CF0],ESI
MOV DWORD PTR DS:[452CF4],EAX
CALL DWORD PTR DS:[<&KERNEL32.TlsAlloc>] ; [KERNEL32
MOV DWORD PTR DS:[4517CC],EAX
CMP EAX,-1
JE 004355E3

00435517 |.
0
0043551D |.
0043551E |.
.TlsSetValue
00435520 |.
00435522 |.
00435528 |.
fo.0043899D
0043552D |.
00435533 |.
fo.0043504B
00435538 |.
0043553E |.
00435543 |.
fo.0043504B
00435548 |.
0043554E |.
00435553 |.
fo.0043504B
00435558 |.
0043555E |.
00435563 |.
fo.0043504B
00435568 |.
0043556B |.
00435570 |.
00435575 |.
00435577 |.
00435579 |.
0043557E |.
00435584 |.
fo.004350C6
00435589 |.
0043558A |.
0043558C |.
00435591 |.
00435594 |.
00435596 |.
14
0043559B |.
0043559D |.
fo.00434E58
004355A2 |.
004355A4 |.
004355A5 |.
004355A6 |.
004355A8 |.
004355AA |.
004355AB |.
004355B1 |.
004355B7 |.
fo.004350C6
004355BC |.
004355BD |.
004355BF |.
004355C1 |.
004355C3 |.
004355C5 |.
004355C6 |.

FF35 EC2C4500 PUSH DWORD PTR DS:[452CEC]

; /Value =

50
FFD6

; |Index
; \KERNEL32

PUSH EAX
CALL ESI

85C0
TEST EAX,EAX
0F84 BB000000 JE 004355E3
E8 70340000 CALL 0043899D

; [SystemIn

FF35 E82C4500 PUSH DWORD PTR DS:[452CE8]


E8 13FBFFFF CALL 0043504B

; /Arg1 = 0
; \SystemIn

FF35 EC2C4500 PUSH DWORD PTR DS:[452CEC]


A3 E82C4500 MOV DWORD PTR DS:[452CE8],EAX
E8 03FBFFFF CALL 0043504B

; /Arg1 = 0
; |
; \SystemIn

FF35 F02C4500 PUSH DWORD PTR DS:[452CF0]


A3 EC2C4500 MOV DWORD PTR DS:[452CEC],EAX
E8 F3FAFFFF CALL 0043504B

; /Arg1 = 0
; |
; \SystemIn

FF35 F42C4500 PUSH DWORD PTR DS:[452CF4]


A3 F02C4500 MOV DWORD PTR DS:[452CF0],EAX
E8 E3FAFFFF CALL 0043504B

; /Arg1 = 0
; |
; \SystemIn

83C4 10
A3 F42C4500
E8 8F2F0000
85C0
74 65
68 2C534300
FF35 E82C4500
E8 3DFBFFFF

ADD ESP,10
MOV DWORD PTR DS:[452CF4],EAX
CALL 00438504
TEST EAX,EAX
JE SHORT 004355DE
PUSH 0043532C
PUSH DWORD PTR DS:[452CE8]
CALL 004350C6

; /Arg1 = 0
; \SystemIn

59
FFD0
A3 C8174500
83F8 FF
74 48
68 14020000

POP ECX
CALL EAX
MOV DWORD PTR DS:[4517C8],EAX
CMP EAX,-1
JE SHORT 004355DE
PUSH 214

; /Arg2 = 2

6A 01
E8 B6F8FFFF

PUSH 1
CALL 00434E58

; |Arg1 = 1
; \SystemIn

8BF0
59
59
85F6
74 34
56
FF35 C8174500
FF35 F02C4500
E8 0AFBFFFF

MOV ESI,EAX
POP ECX
POP ECX
TEST ESI,ESI
JE SHORT 004355DE
PUSH ESI
PUSH DWORD PTR DS:[4517C8]
PUSH DWORD PTR DS:[452CF0]
CALL 004350C6

; /Arg1 = 0
; \SystemIn

59
FFD0
85C0
74 1B
6A 00
56
E8 E7FBFFFF

POP ECX
CALL EAX
TEST EAX,EAX
JE SHORT 004355DE
PUSH 0
PUSH ESI
CALL 004351B2

004355CB |. 59
004355CC |. 59
004355CD |. FF15 98814400
.GetCurrentThreadId
004355D3 |. 834E 04 FF
004355D7 |. 8906
004355D9 |. 33C0
004355DB |. 40
004355DC |. EB 07
004355DE |> E8 92FBFFFF
004355E3 |> 33C0
004355E5 |> 5F
004355E6 |. 5E
004355E7 \. C3
004355E8 /$ 6A 08
o.004355E8(guessed void)
004355EA |. 68 48F34400
004355EF |. E8 F8330000
004355F4 |. E8 19FDFFFF
fo.00435312
004355F9 |. 8B40 78
004355FC |. 85C0
004355FE |. 74 16
00435600 |. 8365 FC 00
00435604 |. FFD0
00435606 \. EB 07
00435608 /. 33C0
0043560A |. 40
0043560B \. C3
0043560C /. 8B65 E8
0043560F |> C745 FC FEFFF
00435616 |> E8 0CECFFFF
0043561B |. E8 11340000
00435620 |. C3
00435621 |$ E8 ECFCFFFF
fo.00435312
00435626 |. 8B40 7C
00435629 |. 85C0
0043562B |.^ 74 02
0043562D |. FFD0
0043562F \>^ E9 B4FFFFFF
00435634 /$ 6A 08
00435636 |. 68 68F34400
0043563B |. E8 AC330000
00435640 |. FF35 F82C4500
00435646 |. E8 7BFAFFFF
fo.004350C6
0043564B |. 59
0043564C |. 85C0
0043564E |. 74 16
00435650 |. 8365 FC 00
00435654 |. FFD0
00435656 \. EB 07
00435658 /. 33C0
0043565A |. 40
0043565B \. C3
0043565C /. 8B65 E8
0043565F |> C745 FC FEFFF
00435666 |> E8 7DFFFFFF
fo.004355E8

POP ECX
POP ECX
CALL DWORD PTR DS:[<&KERNEL32.GetCurrent ; [KERNEL32
OR DWORD PTR DS:[ESI+4],FFFFFFFF
MOV DWORD PTR DS:[ESI],EAX
XOR EAX,EAX
INC EAX
JMP SHORT 004355E5
CALL 00435175
XOR EAX,EAX
POP EDI
POP ESI
RETN
PUSH 8

; SystemInf

PUSH OFFSET 0044F348


CALL 004389EC
CALL 00435312

; [SystemIn

MOV EAX,DWORD PTR DS:[EAX+78]


TEST EAX,EAX
JE SHORT 00435616
AND DWORD PTR SS:[EBP-4],00000000
CALL EAX
JMP SHORT 0043560F
XOR EAX,EAX
INC EAX
RETN
MOV ESP,DWORD PTR SS:[EBP-18]
MOV DWORD PTR SS:[EBP-4],-2
CALL 00434227
CALL 00438A31
RETN
CALL 00435312

; [SystemIn

MOV EAX,DWORD PTR DS:[EAX+7C]


TEST EAX,EAX
JE SHORT 0043562F
CALL EAX
JMP 004355E8
PUSH 8
PUSH OFFSET 0044F368
CALL 004389EC
PUSH DWORD PTR DS:[452CF8]
CALL 004350C6

; /Arg1 = 0
; \SystemIn

POP ECX
TEST EAX,EAX
JE SHORT 00435666
AND DWORD PTR SS:[EBP-4],00000000
CALL EAX
JMP SHORT 0043565F
XOR EAX,EAX
INC EAX
RETN
MOV ESP,DWORD PTR SS:[EBP-18]
MOV DWORD PTR SS:[EBP-4],-2
CALL 004355E8

; [SystemIn

0043566B |. CC
INT3
0043566C |$ 68 E8554300 PUSH 004355E8
ystemInfo.4355E8, Entry point of procedure
00435671 |. E8 D5F9FFFF CALL 0043504B
fo.0043504B
00435676 |. 59
POP ECX
00435677 |. A3 F82C4500 MOV DWORD PTR DS:[452CF8],EAX
0043567C \. C3
RETN
0043567D
CC
INT3
0043567E
CC
INT3
0043567F
CC
INT3
00435680 /$ 55
PUSH EBP
o.00435680(guessed Arg1,Arg2,Arg3)
00435681 |. 8BEC
MOV EBP,ESP
00435683 |. 83EC 04
SUB ESP,4
00435686 |. 53
PUSH EBX
00435687 |. 51
PUSH ECX
00435688 |. 8B45 0C
MOV EAX,DWORD PTR SS:[ARG.2]
0043568B |. 83C0 0C
ADD EAX,0C
0043568E |. 8945 FC
MOV DWORD PTR SS:[LOCAL.1],EAX
00435691 |. 8B45 08
MOV EAX,DWORD PTR SS:[ARG.1]
00435694 |. 55
PUSH EBP
00435695 |. FF75 10
PUSH DWORD PTR SS:[ARG.3]
[ARG.3]
00435698 |. 8B4D 10
MOV ECX,DWORD PTR SS:[ARG.3]
0043569B |. 8B6D FC
MOV EBP,DWORD PTR SS:[LOCAL.1]
0043569E |. E8 41900000 CALL 0043E6E4
fo.0043E6E4
004356A3 |. 56
PUSH ESI
004356A4 |. 57
PUSH EDI
004356A5 |. FFD0
CALL EAX
004356A7 |. 5F
POP EDI
004356A8 |. 5E
POP ESI
004356A9 |. 8BDD
MOV EBX,EBP
004356AB |. 5D
POP EBP
004356AC |. 8B4D 10
MOV ECX,DWORD PTR SS:[EBP+10]
004356AF |. 55
PUSH EBP
004356B0 |. 8BEB
MOV EBP,EBX
004356B2 |. 81F9 00010000 CMP ECX,100
004356B8 |. 75 05
JNE SHORT 004356BF
004356BA |. B9 02000000 MOV ECX,2
004356BF |> 51
PUSH ECX
004356C0 |. E8 1F900000 CALL 0043E6E4
fo.0043E6E4
004356C5 |. 5D
POP EBP
004356C6 |. 59
POP ECX
004356C7 |. 5B
POP EBX
004356C8 |. C9
LEAVE
004356C9 \. C2 0C00
RETN 0C
004356CC /> 8BFF
MOV EDI,EDI
004356CE |. 55
PUSH EBP
004356CF |. 8BEC
MOV EBP,ESP
004356D1 |. 81EC 28030000 SUB ESP,328
004356D7 |. A3 082E4500 MOV DWORD PTR DS:[452E08],EAX
004356DC |. 890D 042E4500 MOV DWORD PTR DS:[452E04],ECX
004356E2 |. 8915 002E4500 MOV DWORD PTR DS:[452E00],EDX
004356E8 |. 891D FC2D4500 MOV DWORD PTR DS:[452DFC],EBX
004356EE |. 8935 F82D4500 MOV DWORD PTR DS:[452DF8],ESI
004356F4 |. 893D F42D4500 MOV DWORD PTR DS:[452DF4],EDI
004356FA |. 66:8C15 202E4 MOV WORD PTR DS:[452E20],SS

; /Arg1 = S
; \SystemIn

; SystemInf

; /Arg1 =>
; |
; |
; \SystemIn

; /Arg1
; \SystemIn

; Superfluo

us operand size prefix


00435701 |. 66:8C0D 142E4 MOV WORD PTR DS:[452E14],CS
us operand size prefix
00435708 |. 66:8C1D F02D4 MOV WORD PTR DS:[452DF0],DS
us operand size prefix
0043570F |. 66:8C05 EC2D4 MOV WORD PTR DS:[452DEC],ES
us operand size prefix
00435716 |. 66:8C25 E82D4 MOV WORD PTR DS:[452DE8],FS
us operand size prefix
0043571D |. 66:8C2D E42D4 MOV WORD PTR DS:[452DE4],GS
us operand size prefix
00435724 |. 9C
PUSHFD
00435725 |. 8F05 182E4500 POP DWORD PTR DS:[452E18]
0043572B |. 8B45 00
MOV EAX,DWORD PTR SS:[LOCAL.0]
0043572E |. A3 0C2E4500 MOV DWORD PTR DS:[452E0C],EAX
00435733 |. 8B45 04
MOV EAX,DWORD PTR SS:[ARG.RETADDR]
00435736 |. A3 102E4500 MOV DWORD PTR DS:[452E10],EAX
0043573B |. 8D45 08
LEA EAX,[ARG.1]
0043573E |. A3 1C2E4500 MOV DWORD PTR DS:[452E1C],EAX
00435743 |. 8B85 E0FCFFFF MOV EAX,DWORD PTR SS:[LOCAL.200]
00435749 |. C705 582D4500 MOV DWORD PTR DS:[452D58],10001
00435753 |. A1 102E4500 MOV EAX,DWORD PTR DS:[452E10]
00435758 |. A3 0C2D4500 MOV DWORD PTR DS:[452D0C],EAX
0043575D |. C705 002D4500 MOV DWORD PTR DS:[452D00],C0000409
00435767 |. C705 042D4500 MOV DWORD PTR DS:[452D04],1
00435771 |. A1 A0154500 MOV EAX,DWORD PTR DS:[4515A0]
00435776 |. 8985 D8FCFFFF MOV DWORD PTR SS:[LOCAL.202],EAX
0043577C |. A1 A4154500 MOV EAX,DWORD PTR DS:[4515A4]
00435781 |. 8985 DCFCFFFF MOV DWORD PTR SS:[LOCAL.201],EAX
00435787 |. FF15 68814400 CALL DWORD PTR DS:[<&KERNEL32.IsDebugger
.IsDebuggerPresent
0043578D |. A3 502D4500 MOV DWORD PTR DS:[452D50],EAX
00435792 |. 6A 01
PUSH 1
00435794 |. E8 39000000 CALL 004357D2
fo.004357D2
00435799 |. 59
POP ECX
0043579A |. 6A 00
PUSH 0
00000000
0043579C |. FF15 64814400 CALL DWORD PTR DS:[<&KERNEL32.SetUnhandl
.SetUnhandledExceptionFilter
004357A2 |. 68 A8A74400 PUSH OFFSET 0044A7A8
onInfo = SystemInfo.44A7A8 -> {pExceptionRecord=???,pContext=???}
004357A7 |. FF15 60814400 CALL DWORD PTR DS:[<&KERNEL32.UnhandledE
.UnhandledExceptionFilter
004357AD |. 833D 502D4500 CMP DWORD PTR DS:[452D50],0
004357B4 |. 75 08
JNE SHORT 004357BE
004357B6 |. 6A 01
PUSH 1
004357B8 |. E8 15000000 CALL 004357D2
fo.004357D2
004357BD |. 59
POP ECX
004357BE |> 68 090400C0 PUSH C0000409
= 3221226505.
004357C3 |. FF15 5C814400 CALL DWORD PTR DS:[<&KERNEL32.GetCurrent
2.GetCurrentProcess
004357C9 |. 50
PUSH EAX
004357CA |. FF15 58814400 CALL DWORD PTR DS:[<&KERNEL32.TerminateP
.TerminateProcess
004357D0 |. C9
LEAVE
004357D1 \. C3
RETN
004357D2 /$ 8325 DC484500 AND DWORD PTR DS:[4548DC],00000000

; Superfluo
; Superfluo
; Superfluo
; Superfluo
; Superfluo

; [KERNEL32
; /Arg1 = 1
; \SystemIn
; /Filter =
; \KERNEL32
; /pExcepti
; \KERNEL32

; /Arg1 = 1
; \SystemIn
; /ExitCode
; |[KERNEL3
; |hProcess
; \KERNEL32

; SystemInf

o.004357D2(guessed Arg1)
004357D9 \. C3
004357DA /$ 55
004357DB |. 8BEC
004357DD |. 83EC 04
004357E0 |. 897D FC
004357E3 |. 8B7D 08
004357E6 |. 8B4D 0C
004357E9 |. C1E9 07
004357EC |. 660FEFC0
004357F0 |. EB 08
004357F2 | 8DA424 000000
004357F9 | 90
004357FA |> 660F7F07
004357FE |. 660F7F47 10
00435803 |. 660F7F47 20
00435808 |. 660F7F47 30
0043580D |. 660F7F47 40
00435812 |. 660F7F47 50
00435817 |. 660F7F47 60
0043581C |. 660F7F47 70
00435821 |. 8DBF 80000000
00435827 |. 49
00435828 |.^ 75 D0
0043582A |. 8B7D FC
0043582D |. 8BE5
0043582F |. 5D
00435830 \. C3
00435831 /$ 55
00435832 |. 8BEC
00435834 |. 83EC 10
00435837 |. 897D FC
0043583A |. 8B45 08
0043583D |. 99
0043583E |. 8BF8
00435840 |. 33FA
00435842 |. 2BFA
00435844 |. 83E7 0F
00435847 |. 33FA
00435849 |. 2BFA
0043584B |. 85FF
0043584D |. 75 3C
0043584F |. 8B4D 10
00435852 |. 8BD1
00435854 |. 83E2 7F
00435857 |. 8955 F4
0043585A |. 3BCA
0043585C |. 74 12
0043585E |. 2BCA
00435860 |. 51
00435861 |. 50
00435862 |. E8 73FFFFFF
00435867 |. 83C4 08
0043586A |. 8B45 08
0043586D |. 8B55 F4
00435870 |> 85D2
00435872 |. 74 45
00435874 |. 0345 10
00435877 |. 2BC2
00435879 |. 8945 F8

RETN
PUSH EBP
MOV EBP,ESP
SUB ESP,4
MOV DWORD PTR SS:[LOCAL.1],EDI
MOV EDI,DWORD PTR SS:[ARG.1]
MOV ECX,DWORD PTR SS:[ARG.2]
SHR ECX,7
PXOR XMM0,XMM0
JMP SHORT 004357FA
LEA ESP,[ESP]
NOP
/MOVDQA DQWORD PTR DS:[EDI],XMM0
|MOVDQA DQWORD PTR DS:[EDI+10],XMM0
|MOVDQA DQWORD PTR DS:[EDI+20],XMM0
|MOVDQA DQWORD PTR DS:[EDI+30],XMM0
|MOVDQA DQWORD PTR DS:[EDI+40],XMM0
|MOVDQA DQWORD PTR DS:[EDI+50],XMM0
|MOVDQA DQWORD PTR DS:[EDI+60],XMM0
|MOVDQA DQWORD PTR DS:[EDI+70],XMM0
|LEA EDI,[EDI+80]
|DEC ECX
\JNE SHORT 004357FA
MOV EDI,DWORD PTR SS:[LOCAL.1]
MOV ESP,EBP
POP EBP
RETN
PUSH EBP
MOV EBP,ESP
SUB ESP,10
MOV DWORD PTR SS:[LOCAL.1],EDI
MOV EAX,DWORD PTR SS:[ARG.1]
CDQ
MOV EDI,EAX
XOR EDI,EDX
SUB EDI,EDX
AND EDI,0000000F
XOR EDI,EDX
SUB EDI,EDX
TEST EDI,EDI
JNE SHORT 0043588B
MOV ECX,DWORD PTR SS:[ARG.3]
MOV EDX,ECX
AND EDX,0000007F
MOV DWORD PTR SS:[LOCAL.3],EDX
CMP ECX,EDX
JE SHORT 00435870
SUB ECX,EDX
PUSH ECX
PUSH EAX
CALL 004357DA
ADD ESP,8
MOV EAX,DWORD PTR SS:[ARG.1]
MOV EDX,DWORD PTR SS:[LOCAL.3]
TEST EDX,EDX
JE SHORT 004358B9
ADD EAX,DWORD PTR SS:[ARG.3]
SUB EAX,EDX
MOV DWORD PTR SS:[LOCAL.2],EAX

0043587C
0043587E
00435881
00435884
00435886
00435889
0043588B
0043588D
00435890
00435893
00435895
00435898
0043589B
0043589D
004358A0
004358A3
004358A6
004358A8
004358AA
004358AB
004358AD
004358AE
004358B3
004358B6
004358B9
004358BC
004358BE
004358BF
004358C0
004358C2
004358C7
004358CC
004358D0
004358D4
004358DB
004358DD
004358E0
004358E2
004358E4
004358E9
004358EB
004358F0
004358F2
004358F4
004358F5
004358F7
004358F8
004358F9
004358FC
00435900
00435907
0043590A
0043590F
00435910
00435912
00435913
00435915
00435918
0043591A
0043591B

|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
\.
/$
|.
|.
|.
|.
|.
\.
/.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
\.
/.
|.
|>
|.
|.
\.
/$
|.
|.
|.
|.
|.
|.

33C0
8B7D F8
8B4D F4
F3:AA
8B45 08
EB 2E
F7DF
83C7 10
897D F0
33C0
8B7D 08
8B4D F0
F3:AA
8B45 F0
8B4D 08
8B55 10
03C8
2BD0
52
6A 00
51
E8 7EFFFFFF
83C4 0C
8B45 08
8B7D FC
8BE5
5D
C3
6A 0C
68 88F34400
E8 20310000
8365 FC 00
660F28C1
C745 E4 01000
EB 23
8B45 EC
8B00
8B00
3D 050000C0
74 0A
3D 1D0000C0
74 03
33C0
C3
33C0
40
C3
8B65 E8
8365 E4 00
C745 FC FEFFF
8B45 E4
E8 22310000
C3
8BFF
55
8BEC
83EC 18
33C0
53
8945 FC

XOR EAX,EAX
MOV EDI,DWORD PTR SS:[LOCAL.2]
MOV ECX,DWORD PTR SS:[LOCAL.3]
REP STOS BYTE PTR ES:[EDI]
MOV EAX,DWORD PTR SS:[ARG.1]
JMP SHORT 004358B9
NEG EDI
ADD EDI,10
MOV DWORD PTR SS:[LOCAL.4],EDI
XOR EAX,EAX
MOV EDI,DWORD PTR SS:[ARG.1]
MOV ECX,DWORD PTR SS:[LOCAL.4]
REP STOS BYTE PTR ES:[EDI]
MOV EAX,DWORD PTR SS:[LOCAL.4]
MOV ECX,DWORD PTR SS:[ARG.1]
MOV EDX,DWORD PTR SS:[ARG.3]
ADD ECX,EAX
SUB EDX,EAX
PUSH EDX
PUSH 0
PUSH ECX
CALL 00435831
ADD ESP,0C
MOV EAX,DWORD PTR SS:[ARG.1]
MOV EDI,DWORD PTR SS:[LOCAL.1]
MOV ESP,EBP
POP EBP
RETN
PUSH 0C
PUSH OFFSET 0044F388
CALL 004389EC
AND DWORD PTR SS:[EBP-4],00000000
MOVAPD XMM0,XMM1
MOV DWORD PTR SS:[EBP-1C],1
JMP SHORT 00435900
MOV EAX,DWORD PTR SS:[EBP-14]
MOV EAX,DWORD PTR DS:[EAX]
MOV EAX,DWORD PTR DS:[EAX]
CMP EAX,C0000005
JE SHORT 004358F5
CMP EAX,C000001D
JE SHORT 004358F5
XOR EAX,EAX
RETN
XOR EAX,EAX
INC EAX
RETN
MOV ESP,DWORD PTR SS:[EBP-18]
AND DWORD PTR SS:[EBP-1C],00000000
MOV DWORD PTR SS:[EBP-4],-2
MOV EAX,DWORD PTR SS:[EBP-1C]
CALL 00438A31
RETN
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
SUB ESP,18
XOR EAX,EAX
PUSH EBX
MOV DWORD PTR SS:[LOCAL.1],EAX

0043591E |. 8945 F4
MOV DWORD PTR SS:[LOCAL.3],EAX
00435921 |. 8945 F8
MOV DWORD PTR SS:[LOCAL.2],EAX
00435924 |. 53
PUSH EBX
00435925 |. 9C
PUSHFD
00435926 |. 58
POP EAX
00435927 |. 8BC8
MOV ECX,EAX
00435929 |. 35 00002000 XOR EAX,00200000
0043592E |. 50
PUSH EAX
0043592F |. 9D
POPFD
00435930 |. 9C
PUSHFD
00435931 |. 5A
POP EDX
00435932 |. 2BD1
SUB EDX,ECX
00435934 |. 74 1F
JE SHORT 00435955
00435936 |. 51
PUSH ECX
00435937 |. 9D
POPFD
00435938 |. 33C0
XOR EAX,EAX
0043593A |. 0FA2
CPUID
0043593C |. 8945 F4
MOV DWORD PTR SS:[LOCAL.3],EAX
0043593F |. 895D E8
MOV DWORD PTR SS:[LOCAL.6],EBX
00435942 |. 8955 EC
MOV DWORD PTR SS:[LOCAL.5],EDX
00435945 |. 894D F0
MOV DWORD PTR SS:[LOCAL.4],ECX
00435948 |. B8 01000000 MOV EAX,1
0043594D |. 0FA2
CPUID
0043594F |. 8955 FC
MOV DWORD PTR SS:[LOCAL.1],EDX
00435952 |. 8945 F8
MOV DWORD PTR SS:[LOCAL.2],EAX
00435955 |> 5B
POP EBX
00435956 |. F745 FC 00000 TEST DWORD PTR SS:[LOCAL.1],04000000
0043595D |. 74 0E
JE SHORT 0043596D
0043595F |. E8 5CFFFFFF CALL 004358C0
00435964 |. 85C0
TEST EAX,EAX
00435966 |. 74 05
JE SHORT 0043596D
00435968 |. 33C0
XOR EAX,EAX
0043596A |. 40
INC EAX
0043596B |. EB 02
JMP SHORT 0043596F
0043596D |> 33C0
XOR EAX,EAX
0043596F |> 5B
POP EBX
00435970 |. C9
LEAVE
00435971 \. C3
RETN
00435972 /. E8 99FFFFFF CALL 00435910
00435977 |. A3 D8484500 MOV DWORD PTR DS:[4548D8],EAX
0043597C |. 33C0
XOR EAX,EAX
0043597E \. C3
RETN
0043597F /$ 8BFF
MOV EDI,EDI
o.0043597F(guessed Arg1,Arg2,Arg3)
00435981 |. 55
PUSH EBP
00435982 |. 8BEC
MOV EBP,ESP
00435984 |. 8B4D 08
MOV ECX,DWORD PTR SS:[ARG.1]
00435987 |. 53
PUSH EBX
00435988 |. 33DB
XOR EBX,EBX
0043598A |. 56
PUSH ESI
0043598B |. 57
PUSH EDI
0043598C |. 3BCB
CMP ECX,EBX
0043598E |. 74 07
JE SHORT 00435997
00435990 |. 8B7D 0C
MOV EDI,DWORD PTR SS:[ARG.2]
00435993 |. 3BFB
CMP EDI,EBX
00435995 |. 77 1B
JA SHORT 004359B2
00435997 |> E8 61EAFFFF CALL 004343FD
fo.004343FD
0043599C |. 6A 16
PUSH 16
0043599E |. 5E
POP ESI

; SystemInf

; [SystemIn

0043599F |.
004359A1 |>
004359A2 |.
004359A3 |.
004359A4 |.
004359A5 |.
004359A6 |.
fo.0042E862
004359AB |.
004359AE |.
004359B0 |.
004359B2 |>
004359B5 |.
004359B7 |.
004359B9 |.
004359BB |.^
004359BD |>
004359BF |>
004359C1 |.
004359C3 |.
004359C4 |.
004359C5 |.
004359C7 |.
004359C9 |.
004359CA |.^
004359CC |>
004359CE |.
004359D0 |.
004359D2 |.
fo.004343FD
004359D7 |.
004359D9 |.
004359DA |.
004359DC |.
004359DE |.^
004359E0 |>
004359E2 |>
004359E3 |.
004359E4 |.
004359E5 |.
004359E6 \.
004359E7 /$
004359E9 |.
004359EE |.
004359F3 |.
004359F7 |.
004359FA |.
00435A00 |.
00435A02 |.
00435A04 |.
fo.00438680
00435A09 |.
00435A0A |.
00435A0E |.
00435A0F |.
fo.0043CA78
00435A14 |.
00435A15 |.
00435A18 |.
00435A1F |.

8930
53
53
53
53
53
E8 B78EFFFF

MOV DWORD PTR DS:[EAX],ESI


PUSH EBX
PUSH EBX
PUSH EBX
PUSH EBX
PUSH EBX
CALL 0042E862

;
;
;
;
;
;

83C4 14
8BC6
EB 30
8B75 10
3BF3
75 04
8819
EB DA
8BD1
8A06
8802
42
46
3AC3
74 03
4F
75 F3
3BFB
75 10
8819
E8 26EAFFFF

ADD ESP,14
MOV EAX,ESI
JMP SHORT 004359E2
MOV ESI,DWORD PTR SS:[ARG.3]
CMP ESI,EBX
JNE SHORT 004359BD
MOV BYTE PTR DS:[ECX],BL
JMP SHORT 00435997
MOV EDX,ECX
/MOV AL,BYTE PTR DS:[ESI]
|MOV BYTE PTR DS:[EDX],AL
|INC EDX
|INC ESI
|CMP AL,BL
|JE SHORT 004359CC
|DEC EDI
\JNE SHORT 004359BF
CMP EDI,EBX
JNE SHORT 004359E0
MOV BYTE PTR DS:[ECX],BL
CALL 004343FD

; [SystemIn

6A 22
59
8908
8BF1
EB C1
33C0
5F
5E
5B
5D
C3
6A 0C
68 A8F34400
E8 F92F0000
8365 E4 00
8B75 08
3B35 84374500
77 22
6A 04
E8 772C0000

PUSH 22
POP ECX
MOV DWORD PTR DS:[EAX],ECX
MOV ESI,ECX
JMP SHORT 004359A1
XOR EAX,EAX
POP EDI
POP ESI
POP EBX
POP EBP
RETN
PUSH 0C
PUSH OFFSET 0044F3A8
CALL 004389EC
AND DWORD PTR SS:[EBP-1C],00000000
MOV ESI,DWORD PTR SS:[EBP+8]
CMP ESI,DWORD PTR DS:[453784]
JA SHORT 00435A24
PUSH 4
CALL 00438680

; /Arg1 = 4
; \SystemIn

59
8365 FC 00
56
E8 64700000

POP ECX
AND DWORD PTR SS:[EBP-4],00000000
PUSH ESI
CALL 0043CA78

; /Arg1
; \SystemIn

59
8945 E4
C745 FC FEFFF
E8 09000000

POP ECX
MOV DWORD PTR SS:[EBP-1C],EAX
MOV DWORD PTR SS:[EBP-4],-2
CALL 00435A2D

/Arg5
|Arg4
|Arg3
|Arg2
|Arg1
\SystemIn

00435A24 |> 8B45 E4


00435A27 |. E8 05300000
00435A2C \. C3
00435A2D /$ 6A 04
00435A2F |. E8 722B0000
fo.004385A6
00435A34 |. 59
00435A35 \. C3
00435A36 /$ 8BFF
o.00435A36(guessed Arg1)
00435A38 |. 55
00435A39 |. 8BEC
00435A3B |. 56
00435A3C |. 8B75 08
00435A3F |. 83FE E0
00435A42 |. 0F87 A1000000
00435A48 |. 53
00435A49 |. 57
00435A4A |. 8B3D A4804400
00435A50 |> 833D 08324500
00435A57 |. 75 18
00435A59 |. E8 9D750000
fo.0043CFFB
00435A5E |. 6A 1E
E
00435A60 |. E8 EB730000
fo.0043CE50
00435A65 |. 68 FF000000
00435A6A |. E8 C82C0000
00435A6F |. 59
00435A70 |. 59
00435A71 |> A1 94374500
00435A76 |. 83F8 01
00435A79 |. 75 0E
00435A7B |. 85F6
00435A7D |. 74 04
00435A7F |. 8BC6
00435A81 |. EB 03
00435A83 |> 33C0
00435A85 |. 40
00435A86 |> 50
00435A87 |. EB 1C
00435A89 |> 83F8 03
00435A8C |. 75 0B
00435A8E |. 56
00435A8F |. E8 53FFFFFF
00435A94 |. 59
00435A95 |. 85C0
00435A97 |. 75 16
00435A99 |> 85F6
00435A9B |. 75 01
00435A9D |. 46
00435A9E |> 83C6 0F
00435AA1 |. 83E6 F0
00435AA4 |. 56
00435AA5 |> 6A 00
00435AA7 |. FF35 08324500
00435AAD |. FFD7
00435AAF |> 8BD8
00435AB1 |. 85DB

MOV EAX,DWORD PTR SS:[EBP-1C]


CALL 00438A31
RETN
PUSH 4
CALL 004385A6

; /Arg1 = 4
; \SystemIn

POP ECX
RETN
MOV EDI,EDI

; SystemInf

PUSH EBP
MOV EBP,ESP
PUSH ESI
MOV ESI,DWORD PTR SS:[ARG.1]
CMP ESI,-20
JA 00435AE9
PUSH EBX
PUSH EDI
MOV EDI,DWORD PTR DS:[<&KERNEL32.HeapAll
/CMP DWORD PTR DS:[453208],0
|JNE SHORT 00435A71
|CALL 0043CFFB
; [SystemIn
|PUSH 1E

; /Arg1 = 1

|CALL 0043CE50

; \SystemIn

|PUSH 0FF
|CALL 00438737
|POP ECX
|POP ECX
|MOV EAX,DWORD PTR DS:[453794]
|CMP EAX,1
|JNE SHORT 00435A89
|TEST ESI,ESI
|JE SHORT 00435A83
|MOV EAX,ESI
|JMP SHORT 00435A86
|XOR EAX,EAX
|INC EAX
|PUSH EAX
|JMP SHORT 00435AA5
|CMP EAX,3
|JNE SHORT 00435A99
|PUSH ESI
|CALL 004359E7
|POP ECX
|TEST EAX,EAX
|JNE SHORT 00435AAF
|TEST ESI,ESI
|JNE SHORT 00435A9E
|INC ESI
|ADD ESI,0F
|AND ESI,FFFFFFF0
|PUSH ESI
|PUSH 0
|PUSH DWORD PTR DS:[453208]
|CALL EDI
|MOV EBX,EAX
|TEST EBX,EBX

00435AB3 |.
00435AB5 |.
00435AB7 |.
00435AB8 |.
00435ABE |.
00435AC0 |.
[ARG.1]
00435AC3 |.
fo.004367A1
00435AC8 |.
00435AC9 |.
00435ACB |.
00435ACD |.
00435AD0 |.^
00435AD5 |>
fo.004343FD
00435ADA |.
00435ADC |>
fo.004343FD
00435AE1 |.
00435AE3 |>
00435AE4 |.
00435AE6 |.
00435AE7 |.
00435AE9 |>
[ARG.1]
00435AEA |.
fo.004367A1
00435AEF |.
00435AF0 |.
fo.004343FD
00435AF5 |.
00435AFB |.
00435AFD |>
00435AFE |.
00435AFF \.
00435B00 /$
00435B02 |.
00435B07 |.
00435B0C |.
E
00435B0E |.
fo.00438680
00435B13 |.
00435B14 |.
00435B18 |.
00435B1B |.
00435B1E |.
00435B20 |.
00435B22 |.
00435B27 |.
00435B2C |>
00435B2F |.
00435B31 |.
00435B33 |.
00435B35 |.
00435B37 |.
00435B3A |.
00435B3D |.
[453028] = 0

75 2E
6A 0C
5E
3905 48364500
74 15
FF75 08

|JNE SHORT 00435AE3


|PUSH 0C
|POP ESI
|CMP DWORD PTR DS:[453648],EAX
|JE SHORT 00435AD5
|PUSH DWORD PTR SS:[ARG.1]

; /Arg1 =>

E8 D90C0000

|CALL 004367A1

; \SystemIn

59
85C0
74 0F
8B75 08
E9 7BFFFFFF
E8 23E9FFFF

|POP ECX
|TEST EAX,EAX
|JE SHORT 00435ADC
|MOV ESI,DWORD PTR SS:[ARG.1]
\JMP 00435A50
CALL 004343FD

; [SystemIn

8930
E8 1CE9FFFF

MOV DWORD PTR DS:[EAX],ESI


CALL 004343FD

; [SystemIn

8930
5F
8BC3
5B
EB 14
56

MOV DWORD PTR DS:[EAX],ESI


POP EDI
MOV EAX,EBX
POP EBX
JMP SHORT 00435AFD
PUSH ESI

; /Arg1 =>

E8 B20C0000

CALL 004367A1

; \SystemIn

59
E8 08E9FFFF

POP ECX
CALL 004343FD

; [SystemIn

C700 0C000000
33C0
5E
5D
C3
6A 0C
68 C8F34400
E8 E02E0000
6A 0E

MOV DWORD PTR DS:[EAX],0C


XOR EAX,EAX
POP ESI
POP EBP
RETN
PUSH 0C
PUSH OFFSET 0044F3C8
CALL 004389EC
PUSH 0E

; /Arg1 = 0

E8 6D2B0000

CALL 00438680

; \SystemIn

59
8365 FC 00
8B75 08
8B4E 04
85C9
74 2F
A1 28304500
BA 24304500
8945 E4
85C0
74 11
3908
75 2C
8B48 04
894A 04
50

POP ECX
AND DWORD PTR SS:[EBP-4],00000000
MOV ESI,DWORD PTR SS:[EBP+8]
MOV ECX,DWORD PTR DS:[ESI+4]
TEST ECX,ECX
JE SHORT 00435B51
MOV EAX,DWORD PTR DS:[453028]
MOV EDX,OFFSET 00453024
MOV DWORD PTR SS:[EBP-1C],EAX
TEST EAX,EAX
JE SHORT 00435B44
CMP DWORD PTR DS:[EAX],ECX
JNE SHORT 00435B63
MOV ECX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR DS:[EDX+4],ECX
PUSH EAX

; /Arg1 =>

00435B3E |. E8 9BD6FFFF CALL 004331DE


fo.004331DE
00435B43 |. 59
POP ECX
00435B44 |> FF76 04
PUSH DWORD PTR DS:[ESI+4]
00435B47 |. E8 92D6FFFF CALL 004331DE
fo.004331DE
00435B4C |. 59
POP ECX
00435B4D |. 8366 04 00
AND DWORD PTR DS:[ESI+4],00000000
00435B51 |> C745 FC FEFFF MOV DWORD PTR SS:[EBP-4],-2
00435B58 |. E8 0A000000 CALL 00435B67
00435B5D |. E8 CF2E0000 CALL 00438A31
00435B62 |. C3
RETN
00435B63 |> 8BD0
MOV EDX,EAX
00435B65 \.^ EB C5
JMP SHORT 00435B2C
00435B67 /$ 6A 0E
PUSH 0E
E
00435B69 |. E8 382A0000 CALL 004385A6
fo.004385A6
00435B6E |. 59
POP ECX
00435B6F \. C3
RETN
00435B70 /$ 2D A4030000 SUB EAX,3A4
00435B75 |. 74 22
JE SHORT 00435B99
00435B77 |. 83E8 04
SUB EAX,4
ases 4..12, 4 exits)
00435B7A |. 74 17
JE SHORT 00435B93
00435B7C |. 83E8 0D
SUB EAX,0D
00435B7F |. 74 0C
JE SHORT 00435B8D
00435B81 |. 48
DEC EAX
00435B82 |. 74 03
JE SHORT 00435B87
00435B84 |. 33C0
XOR EAX,EAX
ase of switch SystemInfo.435B77
00435B86 |. C3
RETN
00435B87 |> B8 04040000 MOV EAX,404
f switch SystemInfo.435B77
00435B8C |. C3
RETN
00435B8D |> B8 12040000 MOV EAX,412
f switch SystemInfo.435B77
00435B92 |. C3
RETN
00435B93 |> B8 04080000 MOV EAX,804
switch SystemInfo.435B77
00435B98 |. C3
RETN
00435B99 |> B8 11040000 MOV EAX,411
00435B9E \. C3
RETN
00435B9F /$ 8BFF
MOV EDI,EDI
00435BA1 |. 56
PUSH ESI
00435BA2 |. 57
PUSH EDI
00435BA3 |. 8BF0
MOV ESI,EAX
00435BA5 |. 68 01010000 PUSH 101
01
00435BAA |. 33FF
XOR EDI,EDI
00435BAC |. 8D46 1C
LEA EAX,[ESI+1C]
00435BAF |. 57
PUSH EDI
0
00435BB0 |. 50
PUSH EAX
ARG.EAX+1C
00435BB1 |. E8 EA8CFFFF CALL 0042E8A0
fo.0042E8A0
00435BB6 |. 33C0
XOR EAX,EAX
00435BB8 |. 0FB7C8
MOVZX ECX,AX
00435BBB |. 8BC1
MOV EAX,ECX

; \SystemIn
; /Arg1
; \SystemIn

; /Arg1 = 0
; \SystemIn

; Switch (c

; Default c
; Case 12 o
; Case 11 o
; Case 4 of

; /Arg3 = 1
; |
; |
; |Arg2 =>
; |Arg1 =>
; \SystemIn

00435BBD |. 897E 04
00435BC0 |. 897E 08
00435BC3 |. 897E 0C
00435BC6 |. C1E1 10
00435BC9 |. 0BC1
00435BCB |. 8D7E 10
00435BCE |. AB
00435BCF |. AB
00435BD0 |. AB
00435BD1 |. B9 D8174500
00435BD6 |. 83C4 0C
00435BD9 |. 8D46 1C
00435BDC |. 2BCE
00435BDE |. BF 01010000
00435BE3 |> 8A1401
00435BE6 |. 8810
00435BE8 |. 40
00435BE9 |. 4F
00435BEA |.^ 75 F7
00435BEC |. 8D86 1D010000
00435BF2 |. BE 00010000
00435BF7 |> 8A1408
00435BFA |. 8810
00435BFC |. 40
00435BFD |. 4E
00435BFE |.^ 75 F7
00435C00 |. 5F
00435C01 |. 5E
00435C02 \. C3
00435C03 /$ 8BFF
00435C05 |. 55
00435C06 |. 8BEC
00435C08 |. 81EC 1C050000
00435C0E |. A1 A0154500
00435C13 |. 33C5
00435C15 |. 8945 FC
00435C18 |. 53
00435C19 |. 57
00435C1A |. 8D85 E8FAFFFF
00435C20 |. 50
=> OFFSET LOCAL.326
00435C21 |. FF76 04
=> [ARG.ESI+4]
00435C24 |. FF15 70814400
.GetCPInfo
00435C2A |. BF 00010000
00435C2F |. 85C0
00435C31 |. 0F84 FB000000
00435C37 |. 33C0
00435C39 |> 888405 FCFEFF
00435C40 |. 40
00435C41 |. 3BC7
00435C43 |.^ 72 F4
00435C45 |. 8A85 EEFAFFFF
00435C4B |. C685 FCFEFFFF
00435C52 |. 84C0
00435C54 |. 74 2E
00435C56 |. 8D9D EFFAFFFF
00435C5C |> 0FB6C8
00435C5F |. 0FB603

MOV DWORD PTR DS:[ESI+4],EDI


MOV DWORD PTR DS:[ESI+8],EDI
MOV DWORD PTR DS:[ESI+0C],EDI
SHL ECX,10
OR EAX,ECX
LEA EDI,[ESI+10]
STOS DWORD PTR ES:[EDI]
STOS DWORD PTR ES:[EDI]
STOS DWORD PTR ES:[EDI]
MOV ECX,OFFSET 004517D8
ADD ESP,0C
LEA EAX,[ESI+1C]
SUB ECX,ESI
MOV EDI,101
/MOV DL,BYTE PTR DS:[EAX+ECX]
|MOV BYTE PTR DS:[EAX],DL
|INC EAX
|DEC EDI
\JNE SHORT 00435BE3
LEA EAX,[ESI+11D]
MOV ESI,100
/MOV DL,BYTE PTR DS:[ECX+EAX]
|MOV BYTE PTR DS:[EAX],DL
|INC EAX
|DEC ESI
\JNE SHORT 00435BF7
POP EDI
POP ESI
RETN
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
SUB ESP,51C
MOV EAX,DWORD PTR DS:[4515A0]
XOR EAX,EBP
MOV DWORD PTR SS:[LOCAL.1],EAX
PUSH EBX
PUSH EDI
LEA EAX,[LOCAL.326]
PUSH EAX

; /pCPInfo

PUSH DWORD PTR DS:[ESI+4]

; |CodePage

CALL DWORD PTR DS:[<&KERNEL32.GetCPInfo> ; \KERNEL32


MOV EDI,100
TEST EAX,EAX
JE 00435D32
XOR EAX,EAX
/MOV BYTE PTR SS:[EAX+EBP-104],AL
|INC EAX
|CMP EAX,EDI
\JB SHORT 00435C39
MOV AL,BYTE PTR SS:[LOCAL.325+2]
MOV BYTE PTR SS:[LOCAL.65],20
TEST AL,AL
JE SHORT 00435C84
LEA EBX,[LOCAL.325+3]
/MOVZX ECX,AL
|MOVZX EAX,BYTE PTR DS:[EBX]

00435C62 |. 3BC8
00435C64 |. 77 16
00435C66 |. 2BC1
00435C68 |. 40
00435C69 |. 50
00435C6A |. 8D940D FCFEFF
00435C71 |. 6A 20
0
00435C73 |. 52
00435C74 |. E8 278CFFFF
fo.0042E8A0
00435C79 |. 83C4 0C
00435C7C |> 43
00435C7D |. 8A03
00435C7F |. 43
00435C80 |. 84C0
00435C82 |.^ 75 D8
00435C84 |> 6A 00
00435C86 |. FF76 0C
00435C89 |. 8D85 FCFAFFFF
00435C8F |. FF76 04
00435C92 |. 50
OFFSET LOCAL.321
00435C93 |. 57
00435C94 |. 8D85 FCFEFFFF
00435C9A |. 50
OFFSET LOCAL.65
00435C9B |. 6A 01
00435C9D |. 6A 00
00435C9F |. E8 B4070000
fo.00436458
00435CA4 |. 33DB
00435CA6 |. 53
0
00435CA7 |. FF76 04
00435CAA |. 8D85 FCFDFFFF
00435CB0 |. 57
00435CB1 |. 50
OFFSET LOCAL.129
00435CB2 |. 57
00435CB3 |. 8D85 FCFEFFFF
00435CB9 |. 50
OFFSET LOCAL.65
00435CBA |. 57
00435CBB |. FF76 0C
00435CBE |. 53
0
00435CBF |. E8 DEEEFFFF
fo.00434BA2
00435CC4 |. 83C4 44
00435CC7 |. 53
00435CC8 |. FF76 04
00435CCB |. 8D85 FCFCFFFF
00435CD1 |. 57
00435CD2 |. 50
OFFSET LOCAL.193
00435CD3 |. 57
00435CD4 |. 8D85 FCFEFFFF
00435CDA |. 50
OFFSET LOCAL.65

|CMP ECX,EAX
|JA SHORT 00435C7C
|SUB EAX,ECX
|INC EAX
|PUSH EAX
|LEA EDX,[ECX+EBP-104]
|PUSH 20

; /Arg3
; |
; |Arg2 = 2

|PUSH EDX
|CALL 0042E8A0

; |Arg1
; \SystemIn

|ADD ESP,0C
|INC EBX
|MOV AL,BYTE PTR DS:[EBX]
|INC EBX
|TEST AL,AL
\JNE SHORT 00435C5C
PUSH 0
PUSH DWORD PTR DS:[ESI+0C]
LEA EAX,[LOCAL.321]
PUSH DWORD PTR DS:[ESI+4]
PUSH EAX

;
;
;
;
;

PUSH EDI
LEA EAX,[LOCAL.65]
PUSH EAX

; |Arg4
; |
; |Arg3 =>

PUSH 1
PUSH 0
CALL 00436458

; |Arg2 = 1
; |Arg1 = 0
; \SystemIn

XOR EBX,EBX
PUSH EBX

; /Arg9 =>

PUSH DWORD PTR DS:[ESI+4]


LEA EAX,[LOCAL.129]
PUSH EDI
PUSH EAX

;
;
;
;

PUSH EDI
LEA EAX,[LOCAL.65]
PUSH EAX

; |Arg5
; |
; |Arg4 =>

PUSH EDI
PUSH DWORD PTR DS:[ESI+0C]
PUSH EBX

; |Arg3
; |Arg2
; |Arg1 =>

CALL 00434BA2

; \SystemIn

ADD ESP,44
PUSH EBX
PUSH DWORD PTR DS:[ESI+4]
LEA EAX,[LOCAL.193]
PUSH EDI
PUSH EAX

;
;
;
;
;

PUSH EDI
LEA EAX,[LOCAL.65]
PUSH EAX

; |Arg5
; |
; |Arg4 =>

/Arg8 = 0
|Arg7
|
|Arg6
|Arg5 =>

|Arg8
|
|Arg7
|Arg6 =>

/Arg9
|Arg8
|
|Arg7
|Arg6 =>

00435CDB |. 68 00020000 PUSH 200


; |Arg3 = 2
00
00435CE0 |. FF76 0C
PUSH DWORD PTR DS:[ESI+0C]
; |Arg2
00435CE3 |. 53
PUSH EBX
; |Arg1
00435CE4 |. E8 B9EEFFFF CALL 00434BA2
; \SystemIn
fo.00434BA2
00435CE9 |. 83C4 24
ADD ESP,24
00435CEC |. 33C0
XOR EAX,EAX
00435CEE |> 0FB78C45 FCFA /MOVZX ECX,WORD PTR SS:[EAX*2+EBP-504]
00435CF6 |. F6C1 01
|TEST CL,01
00435CF9 |. 74 0E
|JE SHORT 00435D09
00435CFB |. 804C06 1D 10 |OR BYTE PTR DS:[EAX+ESI+1D],10
00435D00 |. 8A8C05 FCFDFF |MOV CL,BYTE PTR SS:[EAX+EBP-204]
00435D07 |. EB 11
|JMP SHORT 00435D1A
00435D09 |> F6C1 02
|TEST CL,02
00435D0C |. 74 15
|JE SHORT 00435D23
00435D0E |. 804C06 1D 20 |OR BYTE PTR DS:[EAX+ESI+1D],20
00435D13 |. 8A8C05 FCFCFF |MOV CL,BYTE PTR SS:[EAX+EBP-304]
00435D1A |> 888C06 1D0100 |MOV BYTE PTR DS:[EAX+ESI+11D],CL
00435D21 |. EB 08
|JMP SHORT 00435D2B
00435D23 |> C68406 1D0100 |MOV BYTE PTR DS:[EAX+ESI+11D],0
00435D2B |> 40
|INC EAX
00435D2C |. 3BC7
|CMP EAX,EDI
00435D2E |.^ 72 BE
\JB SHORT 00435CEE
00435D30 |. EB 56
JMP SHORT 00435D88
00435D32 |> 8D86 1D010000 LEA EAX,[ESI+11D]
00435D38 |. C785 E4FAFFFF MOV DWORD PTR SS:[LOCAL.327],-61
00435D42 |. 33C9
XOR ECX,ECX
00435D44 |. 2985 E4FAFFFF SUB DWORD PTR SS:[LOCAL.327],EAX
00435D4A |> 8B95 E4FAFFFF /MOV EDX,DWORD PTR SS:[LOCAL.327]
00435D50 |. 8D840E 1D0100 |LEA EAX,[ECX+ESI+11D]
00435D57 |. 03D0
|ADD EDX,EAX
00435D59 |. 8D5A 20
|LEA EBX,[EDX+20]
; Switch (c
ases FFFFFFE0..FFFFFFF9, 2 exits)
00435D5C |. 83FB 19
|CMP EBX,19
00435D5F |. 77 0C
|JA SHORT 00435D6D
00435D61 |. 804C0E 1D 10 |OR BYTE PTR DS:[ECX+ESI+1D],10
00435D66 |. 8AD1
|MOV DL,CL
00435D68 |. 80C2 20
|ADD DL,20
00435D6B |. EB 0F
|JMP SHORT 00435D7C
00435D6D |> 83FA 19
|CMP EDX,19
; Default c
ase of switch SystemInfo.435D59
00435D70 |. 77 0E
|JA SHORT 00435D80
00435D72 |. 804C0E 1D 20 |OR BYTE PTR DS:[ECX+ESI+1D],20
00435D77 |. 8AD1
|MOV DL,CL
00435D79 |. 80EA 20
|SUB DL,20
00435D7C |> 8810
|MOV BYTE PTR DS:[EAX],DL
; Cases FFF
FFFE0, FFFFFFE1, FFFFFFE2, FFFFFFE3, FFFFFFE4, FFFFFFE5, FFFFFFE6, FFFFFFE7, FFF
FFFE8, FFFFFFE9, FFFFFFEA, FFFFFFEB, FFFFFFEC, FFFFFFED, FFFFFFEE, FFFFFFEF, FFF
FFFF0, FFFFFFF1, FFFFFFF2, FFFFFFF3, FFFFFFF4, FFFFFFF5, FFFFFFF6, FFFFFFF7, FFF
FFF...
00435D7E |. EB 03
|JMP SHORT 00435D83
00435D80 |> C600 00
|MOV BYTE PTR DS:[EAX],0
00435D83 |> 41
|INC ECX
00435D84 |. 3BCF
|CMP ECX,EDI
00435D86 |.^ 72 C2
\JB SHORT 00435D4A
00435D88 |> 8B4D FC
MOV ECX,DWORD PTR SS:[LOCAL.1]
00435D8B |. 5F
POP EDI
00435D8C |. 33CD
XOR ECX,EBP
00435D8E |. 5B
POP EBX

00435D8F |. E8 5D89FFFF CALL 0042E6F1


00435D94 |. C9
LEAVE
00435D95 \. C3
RETN
00435D96 /$ 6A 0C
PUSH 0C
o.00435D96(guessed void)
00435D98 |. 68 E8F34400 PUSH OFFSET 0044F3E8
00435D9D |. E8 4A2C0000 CALL 004389EC
00435DA2 |. E8 6BF5FFFF CALL 00435312
fo.00435312
00435DA7 |. 8BF8
MOV EDI,EAX
00435DA9 |. A1 F81C4500 MOV EAX,DWORD PTR DS:[451CF8]
00435DAE |. 8547 70
TEST DWORD PTR DS:[EDI+70],EAX
00435DB1 |. 74 1D
JE SHORT 00435DD0
00435DB3 |. 837F 6C 00
CMP DWORD PTR DS:[EDI+6C],0
00435DB7 |. 74 17
JE SHORT 00435DD0
00435DB9 |. 8B77 68
MOV ESI,DWORD PTR DS:[EDI+68]
00435DBC |> 85F6
TEST ESI,ESI
00435DBE |. 75 08
JNE SHORT 00435DC8
00435DC0 |. 6A 20
PUSH 20
0
00435DC2 |. E8 1C290000 CALL 004386E3
fo.004386E3
00435DC7 |. 59
POP ECX
00435DC8 |> 8BC6
MOV EAX,ESI
00435DCA |. E8 622C0000 CALL 00438A31
00435DCF |. C3
RETN
00435DD0 |> 6A 0D
PUSH 0D
D
00435DD2 |. E8 A9280000 CALL 00438680
fo.00438680
00435DD7 |. 59
POP ECX
00435DD8 |. 8365 FC 00
AND DWORD PTR SS:[EBP-4],00000000
00435DDC |. 8B77 68
MOV ESI,DWORD PTR DS:[EDI+68]
00435DDF |. 8975 E4
MOV DWORD PTR SS:[EBP-1C],ESI
00435DE2 |. 3B35 001C4500 CMP ESI,DWORD PTR DS:[451C00]
00435DE8 |. 74 36
JE SHORT 00435E20
00435DEA |. 85F6
TEST ESI,ESI
00435DEC |. 74 1A
JE SHORT 00435E08
00435DEE |. 56
PUSH ESI
00435DEF |. FF15 34814400 CALL DWORD PTR DS:[<&KERNEL32.Interlocke
.InterlockedDecrement
00435DF5 |. 85C0
TEST EAX,EAX
00435DF7 |. 75 0F
JNE SHORT 00435E08
00435DF9 |. 81FE D8174500 CMP ESI,OFFSET 004517D8
00435DFF |. 74 07
JE SHORT 00435E08
00435E01 |. 56
PUSH ESI
00435E02 |. E8 D7D3FFFF CALL 004331DE
fo.004331DE
00435E07 |. 59
POP ECX
00435E08 |> A1 001C4500 MOV EAX,DWORD PTR DS:[451C00]
00435E0D |. 8947 68
MOV DWORD PTR DS:[EDI+68],EAX
00435E10 |. 8B35 001C4500 MOV ESI,DWORD PTR DS:[451C00]
00435E16 |. 8975 E4
MOV DWORD PTR SS:[EBP-1C],ESI
00435E19 |. 56
PUSH ESI
=> [451C00] = SystemInfo.4517D8 -> 0
00435E1A |. FF15 30814400 CALL DWORD PTR DS:[<&KERNEL32.Interlocke
.InterlockedIncrement
00435E20 |> C745 FC FEFFF MOV DWORD PTR SS:[EBP-4],-2
00435E27 |. E8 05000000 CALL 00435E31
00435E2C \.^ EB 8E
JMP SHORT 00435DBC

; SystemInf

; [SystemIn

; /Arg1 = 2
; \SystemIn

; /Arg1 = 0
; \SystemIn

; /pTarget
; \KERNEL32

; /Arg1
; \SystemIn

; /pTarget
; \KERNEL32

00435E2E
8B
DB 8B
00435E2F
75
DB 75
00435E30
E4
DB E4
00435E31 /$ 6A 0D
PUSH 0D
D
00435E33 |. E8 6E270000 CALL 004385A6
fo.004385A6
00435E38 |. 59
POP ECX
00435E39 \. C3
RETN
00435E3A /$ 8BFF
MOV EDI,EDI
o.00435E3A(guessed void)
00435E3C |. 55
PUSH EBP
00435E3D |. 8BEC
MOV EBP,ESP
00435E3F |. 83EC 10
SUB ESP,10
00435E42 |. 53
PUSH EBX
00435E43 |. 33DB
XOR EBX,EBX
00435E45 |. 53
PUSH EBX
0
00435E46 |. 8D4D F0
LEA ECX,[LOCAL.4]
00435E49 |. E8 178EFFFF CALL 0042EC65
fo.0042EC65
00435E4E |. 891D 2C304500 MOV DWORD PTR DS:[45302C],EBX
00435E54 |. 83FE FE
CMP ESI,-2
00435E57 |. 75 1E
JNE SHORT 00435E77
00435E59 |. C705 2C304500 MOV DWORD PTR DS:[45302C],1
00435E63 |. FF15 A0814400 CALL DWORD PTR DS:[<&KERNEL32.GetOEMCP>]
.GetOEMCP
00435E69 |> 385D FC
CMP BYTE PTR SS:[LOCAL.1],BL
00435E6C |. 74 45
JE SHORT 00435EB3
00435E6E |. 8B4D F8
MOV ECX,DWORD PTR SS:[LOCAL.2]
00435E71 |. 8361 70 FD
AND DWORD PTR DS:[ECX+70],FFFFFFFD
00435E75 |. EB 3C
JMP SHORT 00435EB3
00435E77 |> 83FE FD
CMP ESI,-3
00435E7A |. 75 12
JNE SHORT 00435E8E
00435E7C |. C705 2C304500 MOV DWORD PTR DS:[45302C],1
00435E86 |. FF15 9C814400 CALL DWORD PTR DS:[<&KERNEL32.GetACP>]
.GetACP
00435E8C |.^ EB DB
JMP SHORT 00435E69
00435E8E |> 83FE FC
CMP ESI,-4
00435E91 |. 75 12
JNE SHORT 00435EA5
00435E93 |. 8B45 F0
MOV EAX,DWORD PTR SS:[LOCAL.4]
00435E96 |. 8B40 04
MOV EAX,DWORD PTR DS:[EAX+4]
00435E99 |. C705 2C304500 MOV DWORD PTR DS:[45302C],1
00435EA3 |.^ EB C4
JMP SHORT 00435E69
00435EA5 |> 385D FC
CMP BYTE PTR SS:[LOCAL.1],BL
00435EA8 |. 74 07
JE SHORT 00435EB1
00435EAA |. 8B45 F8
MOV EAX,DWORD PTR SS:[LOCAL.2]
00435EAD |. 8360 70 FD
AND DWORD PTR DS:[EAX+70],FFFFFFFD
00435EB1 |> 8BC6
MOV EAX,ESI
00435EB3 |> 5B
POP EBX
00435EB4 |. C9
LEAVE
00435EB5 \. C3
RETN
00435EB6 /$ 8BFF
MOV EDI,EDI
o.00435EB6(guessed Arg1,Arg2)
00435EB8 |. 55
PUSH EBP
00435EB9 |. 8BEC
MOV EBP,ESP
00435EBB |. 83EC 20
SUB ESP,20
00435EBE |. A1 A0154500 MOV EAX,DWORD PTR DS:[4515A0]
00435EC3 |. 33C5
XOR EAX,EBP
00435EC5 |. 8945 FC
MOV DWORD PTR SS:[LOCAL.1],EAX

; CHAR 'u'
; /Arg1 = 0
; \SystemIn

; SystemInf

; /Arg1 =>
; |
; \SystemIn

; [KERNEL32

; [KERNEL32

; SystemInf

00435EC8 |. 53
00435EC9 |. 8B5D 0C
00435ECC |. 56
00435ECD |. 8B75 08
00435ED0 |. 57
00435ED1 |. E8 64FFFFFF
fo.00435E3A
00435ED6 |. 8BF8
00435ED8 |. 33F6
00435EDA |. 897D 08
00435EDD |. 3BFE
00435EDF |. 75 0E
00435EE1 |> 8BC3
00435EE3 |. E8 B7FCFFFF
00435EE8 |> 33C0
00435EEA |. E9 9D010000
00435EEF |> 8975 E4
00435EF2 |. 33C0
00435EF4 |> 39B8 081C4500
00435EFA |. 0F84 91000000
00435F00 |. FF45 E4
00435F03 |. 83C0 30
00435F06 |. 3D F0000000
00435F0B |.^ 72 E7
00435F0D |. 81FF E8FD0000
00435F13 |. 0F84 70010000
00435F19 |. 81FF E9FD0000
00435F1F |. 0F84 64010000
00435F25 |. 0FB7C7
00435F28 |. 50
00435F29 |. FF15 B0804400
.IsValidCodePage
00435F2F |. 85C0
00435F31 |. 0F84 52010000
00435F37 |. 8D45 E8
00435F3A |. 50
=> OFFSET LOCAL.6
00435F3B |. 57
00435F3C |. FF15 70814400
.GetCPInfo
00435F42 |. 85C0
00435F44 |. 0F84 33010000
00435F4A |. 68 01010000
01
00435F4F |. 8D43 1C
00435F52 |. 56
0
00435F53 |. 50
00435F54 |. E8 4789FFFF
fo.0042E8A0
00435F59 |. 33D2
00435F5B |. 42
00435F5C |. 83C4 0C
00435F5F |. 897B 04
00435F62 |. 8973 0C
00435F65 |. 3955 E8
00435F68 |. 0F86 F8000000
00435F6E |. 807D EE 00
00435F72 |. 0F84 CF000000
00435F78 |. 8D75 EF

PUSH EBX
MOV EBX,DWORD PTR SS:[ARG.2]
PUSH ESI
MOV ESI,DWORD PTR SS:[ARG.1]
PUSH EDI
CALL 00435E3A

; [SystemIn

MOV EDI,EAX
XOR ESI,ESI
MOV DWORD PTR SS:[ARG.1],EDI
CMP EDI,ESI
JNE SHORT 00435EEF
MOV EAX,EBX
CALL 00435B9F
XOR EAX,EAX
JMP 0043608C
MOV DWORD PTR SS:[LOCAL.7],ESI
XOR EAX,EAX
/CMP DWORD PTR DS:[EAX+451C08],EDI
|JE 00435F91
|INC DWORD PTR SS:[LOCAL.7]
|ADD EAX,30
|CMP EAX,0F0
\JB SHORT 00435EF4
CMP EDI,0FDE8
JE 00436089
CMP EDI,0FDE9
JE 00436089
MOVZX EAX,DI
PUSH EAX
; /Code
CALL DWORD PTR DS:[<&KERNEL32.IsValidCod ; \KERNEL32
TEST EAX,EAX
JE 00436089
LEA EAX,[LOCAL.6]
PUSH EAX

; /pCPInfo

PUSH EDI
; |CodePage
CALL DWORD PTR DS:[<&KERNEL32.GetCPInfo> ; \KERNEL32
TEST EAX,EAX
JE 0043607D
PUSH 101

; /Arg3 = 1

LEA EAX,[EBX+1C]
PUSH ESI

; |
; |Arg2 =>

PUSH EAX
CALL 0042E8A0

; |Arg1
; \SystemIn

XOR EDX,EDX
INC EDX
ADD ESP,0C
MOV DWORD PTR DS:[EBX+4],EDI
MOV DWORD PTR DS:[EBX+0C],ESI
CMP DWORD PTR SS:[LOCAL.6],EDX
JBE 00436066
CMP BYTE PTR SS:[LOCAL.5+2],0
JE 00436047
LEA ESI,[LOCAL.5+3]

00435F7B |>
00435F7D |.
00435F7F |.
00435F85 |.
00435F89 |.
00435F8C |.
00435F91 |>
01
00435F96 |.
00435F99 |.
0
00435F9A |.
00435F9B |.
fo.0042E8A0
00435FA0 |.
00435FA3 |.
00435FA6 |.
00435FA9 |.
00435FAC |.
00435FB2 |.
00435FB5 |.
00435FB7 |>
00435FBA |.
00435FBC |.
00435FBE |.
00435FC1 |.
00435FC4 |.
00435FC6 |>
00435FC9 |.
00435FCF |.
00435FD3 |.
00435FD7 |.
00435FD8 |>
00435FDA |.^
00435FDC |.
00435FDF |.
00435FE0 |.
00435FE1 |>
00435FE4 |.^
00435FE6 |>
00435FE9 |.
00435FEC |.
00435FEF |.
00435FF3 |.
00435FF6 |.^
00435FF8 |.
00435FFA |.
00435FFD |.
00436004 |.
00436009 |.
0043600B |.
0043600E |.
00436011 |.
00436017 |.
00436018 |>
0043601B |.
0043601C |.
0043601F |.
00436020 |.
00436021 |.

8A0E
84C9
0F84 C2000000
0FB646 FF
0FB6C9
E9 A6000000
68 01010000

MOV CL,BYTE PTR DS:[ESI]


TEST CL,CL
JE 00436047
MOVZX EAX,BYTE PTR DS:[ESI-1]
MOVZX ECX,CL
JMP 00436037
PUSH 101

; /Arg3 = 1

8D43 1C
56

LEA EAX,[EBX+1C]
PUSH ESI

; |
; |Arg2 =>

50
E8 0089FFFF

PUSH EAX
CALL 0042E8A0

; |Arg1
; \SystemIn

8B4D E4
83C4 0C
6BC9 30
8975 E0
8DB1 181C4500
8975 E4
EB 2A
8A46 01
84C0
74 28
0FB63E
0FB6C0
EB 12
8B45 E0
8A80 041C4500
08443B 1D
0FB646 01
47
3BF8
76 EA
8B7D 08
46
46
803E 00
75 D1
8B75 E4
FF45 E0
83C6 08
837D E0 04
8975 E4
72 E9
8BC7
897B 04
C743 08 01000
E8 67FBFFFF
6A 06
8943 0C
8D43 10
8D89 0C1C4500
5A
66:8B31
41
66:8930
41
40
40

MOV ECX,DWORD PTR SS:[LOCAL.7]


ADD ESP,0C
IMUL ECX,ECX,30
MOV DWORD PTR SS:[LOCAL.8],ESI
LEA ESI,[ECX+451C18]
MOV DWORD PTR SS:[LOCAL.7],ESI
JMP SHORT 00435FE1
MOV AL,BYTE PTR DS:[ESI+1]
TEST AL,AL
JE SHORT 00435FE6
MOVZX EDI,BYTE PTR DS:[ESI]
MOVZX EAX,AL
JMP SHORT 00435FD8
/MOV EAX,DWORD PTR SS:[LOCAL.8]
|MOV AL,BYTE PTR DS:[EAX+451C04]
|OR BYTE PTR DS:[EDI+EBX+1D],AL
|MOVZX EAX,BYTE PTR DS:[ESI+1]
|INC EDI
|CMP EDI,EAX
\JBE SHORT 00435FC6
MOV EDI,DWORD PTR SS:[ARG.1]
INC ESI
INC ESI
CMP BYTE PTR DS:[ESI],0
JNE SHORT 00435FB7
MOV ESI,DWORD PTR SS:[LOCAL.7]
INC DWORD PTR SS:[LOCAL.8]
ADD ESI,8
CMP DWORD PTR SS:[LOCAL.8],4
MOV DWORD PTR SS:[LOCAL.7],ESI
JB SHORT 00435FE1
MOV EAX,EDI
MOV DWORD PTR DS:[EBX+4],EDI
MOV DWORD PTR DS:[EBX+8],1
CALL 00435B70
PUSH 6
MOV DWORD PTR DS:[EBX+0C],EAX
LEA EAX,[EBX+10]
LEA ECX,[ECX+451C0C]
POP EDX
/MOV SI,WORD PTR DS:[ECX]
|INC ECX
|MOV WORD PTR DS:[EAX],SI
|INC ECX
|INC EAX
|INC EAX

00436022 |.
00436023 |.^
00436025 |>
00436027 |.
0043602C |.^
00436031 |>
00436036 |.
00436037 |>
00436039 |.^
0043603B |.
0043603C |.
0043603D |.
00436041 |.^
00436047 |>
0043604A |.
0043604F |>
00436052 |.
00436053 |.
00436054 |.^
00436056 |.
00436059 |.
0043605E |.
00436061 |.
00436064 |.
00436066 |>
00436069 |>
0043606B |.
0043606E |.
00436070 |.
00436073 |.
00436075 |.
00436078 |.
00436079 |.
0043607A |.
0043607B |.^
0043607D |>
00436083 |.^
00436089 |>
0043608C |>
0043608F |.
00436090 |.
00436091 |.
00436093 |.
00436094 |.
00436099 |.
0043609A \.
0043609B /$
0043609D |.
004360A2 |.
004360A7 |.
004360AB |.
fo.00435312
004360B0 |.
004360B2 |.
004360B5 |.
fo.00435D96
004360BA |.
004360BD |.
004360C0 |.
fo.00435E3A

4A
75 F3
8BF3
E8 D7FBFFFF
E9 B7FEFFFF
804C03 1D 04
40
3BC1
76 F6
46
46
807E FF 00
0F85 34FFFFFF
8D43 1E
B9 FE000000
8008 08
40
49
75 F9
8B43 04
E8 12FBFFFF
8943 0C
8953 08
EB 03
8973 08
33C0
0FB7C8
8BC1
C1E1 10
0BC1
8D7B 10
AB
AB
AB
EB A8
3935 2C304500
0F85 58FEFFFF
83C8 FF
8B4D FC
5F
5E
33CD
5B
E8 5886FFFF
C9
C3
6A 14
68 08F44400
E8 45290000
834D E0 FF
E8 62F2FFFF

|DEC EDX
\JNE SHORT 00436018
MOV ESI,EBX
CALL 00435C03
JMP 00435EE8
/OR BYTE PTR DS:[EAX+EBX+1D],04
|INC EAX
|CMP EAX,ECX
\JBE SHORT 00436031
INC ESI
INC ESI
CMP BYTE PTR DS:[ESI-1],0
JNE 00435F7B
LEA EAX,[EBX+1E]
MOV ECX,0FE
/OR BYTE PTR DS:[EAX],08
|INC EAX
|DEC ECX
\JNE SHORT 0043604F
MOV EAX,DWORD PTR DS:[EBX+4]
CALL 00435B70
MOV DWORD PTR DS:[EBX+0C],EAX
MOV DWORD PTR DS:[EBX+8],EDX
JMP SHORT 00436069
MOV DWORD PTR DS:[EBX+8],ESI
XOR EAX,EAX
MOVZX ECX,AX
MOV EAX,ECX
SHL ECX,10
OR EAX,ECX
LEA EDI,[EBX+10]
STOS DWORD PTR ES:[EDI]
STOS DWORD PTR ES:[EDI]
STOS DWORD PTR ES:[EDI]
JMP SHORT 00436025
CMP DWORD PTR DS:[45302C],ESI
JNE 00435EE1
OR EAX,FFFFFFFF
MOV ECX,DWORD PTR SS:[LOCAL.1]
POP EDI
POP ESI
XOR ECX,EBP
POP EBX
CALL 0042E6F1
LEAVE
RETN
PUSH 14
PUSH OFFSET 0044F408
CALL 004389EC
OR DWORD PTR SS:[EBP-20],FFFFFFFF
CALL 00435312

; [SystemIn

8BF8
897D DC
E8 DCFCFFFF

MOV EDI,EAX
MOV DWORD PTR SS:[EBP-24],EDI
CALL 00435D96

; [SystemIn

8B5F 68
8B75 08
E8 75FDFFFF

MOV EBX,DWORD PTR DS:[EDI+68]


MOV ESI,DWORD PTR SS:[EBP+8]
CALL 00435E3A

; [SystemIn

004360C5 |. 8945 08
004360C8 |. 3B43 04
004360CB |. 0F84 57010000
004360D1 |. 68 20020000
20
004360D6 |. E8 38EDFFFF
fo.00434E13
004360DB |. 59
004360DC |. 8BD8
004360DE |. 85DB
004360E0 |. 0F84 46010000
004360E6 |. B9 88000000
004360EB |. 8B77 68
004360EE |. 8BFB
004360F0 |. F3:A5
004360F2 |. 8323 00
004360F5 |. 53
004360F6 |. FF75 08
[ARG.EBP+8]
004360F9 |. E8 B8FDFFFF
fo.00435EB6
004360FE |. 59
004360FF |. 59
00436100 |. 8945 E0
00436103 |. 85C0
00436105 |. 0F85 FC000000
0043610B |. 8B75 DC
0043610E |. FF76 68
00436111 |. FF15 34814400
.InterlockedDecrement
00436117 |. 85C0
00436119 |. 75 11
0043611B |. 8B46 68
0043611E |. 3D D8174500
00436123 |. 74 07
00436125 |. 50
00436126 |. E8 B3D0FFFF
fo.004331DE
0043612B |. 59
0043612C |> 895E 68
0043612F |. 53
00436130 |. 8B3D 30814400
00436136 |. FFD7
.InterlockedIncrement
00436138 |. F646 70 02
0043613C |. 0F85 EA000000
00436142 |. F605 F81C4500
00436149 |. 0F85 DD000000
0043614F |. 6A 0D
D
00436151 |. E8 2A250000
fo.00438680
00436156 |. 59
00436157 |. 8365 FC 00
0043615B |. 8B43 04
0043615E |. A3 3C304500
00436163 |. 8B43 08
00436166 |. A3 40304500
0043616B |. 8B43 0C
0043616E |. A3 44304500

MOV DWORD PTR SS:[EBP+8],EAX


CMP EAX,DWORD PTR DS:[EBX+4]
JE 00436228
PUSH 220

; /Arg1 = 2

CALL 00434E13

; \SystemIn

POP ECX
MOV EBX,EAX
TEST EBX,EBX
JE 0043622C
MOV ECX,88
MOV ESI,DWORD PTR DS:[EDI+68]
MOV EDI,EBX
REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS
AND DWORD PTR DS:[EBX],00000000
PUSH EBX
; /Arg2
PUSH DWORD PTR SS:[EBP+8]
; |Arg1 =>
CALL 00435EB6

; \SystemIn

POP ECX
POP ECX
MOV DWORD PTR SS:[EBP-20],EAX
TEST EAX,EAX
JNE 00436207
MOV ESI,DWORD PTR SS:[EBP-24]
PUSH DWORD PTR DS:[ESI+68]
; /pTarget
CALL DWORD PTR DS:[<&KERNEL32.Interlocke ; \KERNEL32
TEST EAX,EAX
JNE SHORT 0043612C
MOV EAX,DWORD PTR DS:[ESI+68]
CMP EAX,OFFSET 004517D8
JE SHORT 0043612C
PUSH EAX
CALL 004331DE

; /Arg1
; \SystemIn

POP ECX
MOV DWORD PTR DS:[ESI+68],EBX
PUSH EBX
; /pTarget
MOV EDI,DWORD PTR DS:[<&KERNEL32.Interlo ; |
CALL EDI
; \KERNEL32
TEST BYTE PTR DS:[ESI+70],02
JNE 0043622C
TEST BYTE PTR DS:[451CF8],01
JNE 0043622C
PUSH 0D

; /Arg1 = 0

CALL 00438680

; \SystemIn

POP
AND
MOV
MOV
MOV
MOV
MOV
MOV

ECX
DWORD PTR
EAX,DWORD
DWORD PTR
EAX,DWORD
DWORD PTR
EAX,DWORD
DWORD PTR

SS:[EBP-4],00000000
PTR DS:[EBX+4]
DS:[45303C],EAX
PTR DS:[EBX+8]
DS:[453040],EAX
PTR DS:[EBX+0C]
DS:[453044],EAX

00436173 |. 33C0
XOR EAX,EAX
00436175 |> 8945 E4
/MOV DWORD PTR SS:[EBP-1C],EAX
00436178 |. 83F8 05
|CMP EAX,5
0043617B |. 7D 10
|JGE SHORT 0043618D
0043617D |. 66:8B4C43 10 |MOV CX,WORD PTR DS:[EAX*2+EBX+10]
00436182 |. 66:890C45 303 |MOV WORD PTR DS:[EAX*2+453030],CX
0043618A |. 40
|INC EAX
0043618B |.^ EB E8
\JMP SHORT 00436175
0043618D |> 33C0
XOR EAX,EAX
0043618F |> 8945 E4
/MOV DWORD PTR SS:[EBP-1C],EAX
00436192 |. 3D 01010000 |CMP EAX,101
00436197 |. 7D 0D
|JGE SHORT 004361A6
00436199 |. 8A4C18 1C
|MOV CL,BYTE PTR DS:[EBX+EAX+1C]
0043619D |. 8888 F8194500 |MOV BYTE PTR DS:[EAX+4519F8],CL
004361A3 |. 40
|INC EAX
004361A4 |.^ EB E9
\JMP SHORT 0043618F
004361A6 |> 33C0
XOR EAX,EAX
004361A8 |> 8945 E4
/MOV DWORD PTR SS:[EBP-1C],EAX
004361AB |. 3D 00010000 |CMP EAX,100
004361B0 |. 7D 10
|JGE SHORT 004361C2
004361B2 |. 8A8C18 1D0100 |MOV CL,BYTE PTR DS:[EBX+EAX+11D]
004361B9 |. 8888 001B4500 |MOV BYTE PTR DS:[EAX+451B00],CL
004361BF |. 40
|INC EAX
004361C0 |.^ EB E6
\JMP SHORT 004361A8
004361C2 |> FF35 001C4500 PUSH DWORD PTR DS:[451C00]
= SystemInfo.4517D8 -> 0
004361C8 |. FF15 34814400 CALL DWORD PTR DS:[<&KERNEL32.Interlocke
.InterlockedDecrement
004361CE |. 85C0
TEST EAX,EAX
004361D0 |. 75 13
JNE SHORT 004361E5
004361D2 |. A1 001C4500 MOV EAX,DWORD PTR DS:[451C00]
004361D7 |. 3D D8174500 CMP EAX,OFFSET 004517D8
004361DC |. 74 07
JE SHORT 004361E5
004361DE |. 50
PUSH EAX
[451C00] = SystemInfo.4517D8
004361DF |. E8 FACFFFFF CALL 004331DE
fo.004331DE
004361E4 |. 59
POP ECX
004361E5 |> 891D 001C4500 MOV DWORD PTR DS:[451C00],EBX
004361EB |. 53
PUSH EBX
004361EC |. FFD7
CALL EDI
004361EE |. C745 FC FEFFF MOV DWORD PTR SS:[EBP-4],-2
004361F5 |. E8 02000000 CALL 004361FC
004361FA \. EB 30
JMP SHORT 0043622C
004361FC /$ 6A 0D
PUSH 0D
D
004361FE |. E8 A3230000 CALL 004385A6
fo.004385A6
00436203 |. 59
POP ECX
00436204 \. C3
RETN
00436205 . EB 25
JMP SHORT 0043622C
00436207 /> 83F8 FF
CMP EAX,-1
0043620A |. 75 20
JNE SHORT 0043622C
0043620C |. 81FB D8174500 CMP EBX,OFFSET 004517D8
00436212 |. 74 07
JE SHORT 0043621B
00436214 |. 53
PUSH EBX
00436215 |. E8 C4CFFFFF CALL 004331DE
fo.004331DE
0043621A |. 59
POP ECX
0043621B |> E8 DDE1FFFF CALL 004343FD

; /pTarget
; \KERNEL32

; /Arg1 =>
; \SystemIn

; /Arg1 = 0
; \SystemIn

; /Arg1
; \SystemIn
; [SystemIn

fo.004343FD
00436220 |. C700 16000000 MOV DWORD PTR DS:[EAX],16
00436226 |. EB 04
JMP SHORT 0043622C
00436228 |> 8365 E0 00
AND DWORD PTR SS:[EBP-20],00000000
0043622C |> 8B45 E0
MOV EAX,DWORD PTR SS:[EBP-20]
0043622F |. E8 FD270000 CALL 00438A31
00436234 \. C3
RETN
00436235 /$ 833D D0484500 CMP DWORD PTR DS:[4548D0],0
0043623C |. 75 12
JNE SHORT 00436250
0043623E |. 6A FD
PUSH -3
00436240 |. E8 56FEFFFF CALL 0043609B
00436245 |. 59
POP ECX
00436246 |. C705 D0484500 MOV DWORD PTR DS:[4548D0],1
00436250 |> 33C0
XOR EAX,EAX
00436252 \. C3
RETN
00436253 /$ 8BFF
MOV EDI,EDI
o.00436253(guessed Arg1,Arg2)
00436255 |. 55
PUSH EBP
00436256 |. 8BEC
MOV EBP,ESP
00436258 |. 83EC 10
SUB ESP,10
0043625B |. FF75 0C
PUSH DWORD PTR SS:[ARG.2]
[ARG.2]
0043625E |. 8D4D F0
LEA ECX,[LOCAL.4]
00436261 |. E8 FF89FFFF CALL 0042EC65
fo.0042EC65
00436266 |. 0FB645 08
MOVZX EAX,BYTE PTR SS:[ARG.1]
0043626A |. 8B4D F0
MOV ECX,DWORD PTR SS:[LOCAL.4]
0043626D |. 8B89 C8000000 MOV ECX,DWORD PTR DS:[ECX+0C8]
00436273 |. 0FB70441
MOVZX EAX,WORD PTR DS:[EAX*2+ECX]
00436277 |. 25 00800000 AND EAX,00008000
0043627C |. 807D FC 00
CMP BYTE PTR SS:[LOCAL.1],0
00436280 |. 74 07
JE SHORT 00436289
00436282 |. 8B4D F8
MOV ECX,DWORD PTR SS:[LOCAL.2]
00436285 |. 8361 70 FD
AND DWORD PTR DS:[ECX+70],FFFFFFFD
00436289 |> C9
LEAVE
0043628A \. C3
RETN
0043628B /$ 8BFF
MOV EDI,EDI
o.0043628B(guessed Arg1)
0043628D |. 55
PUSH EBP
0043628E |. 8BEC
MOV EBP,ESP
00436290 |. 6A 00
PUSH 0
00436292 |. FF75 08
PUSH DWORD PTR SS:[ARG.1]
[ARG.1]
00436295 |. E8 B9FFFFFF CALL 00436253
fo.00436253
0043629A |. 59
POP ECX
0043629B |. 59
POP ECX
0043629C |. 5D
POP EBP
0043629D \. C3
RETN
0043629E /$ 8BFF
MOV EDI,EDI
o.0043629E(guessed Arg1,Arg2,Arg3,Arg4,Arg5,Arg6,Arg7)
004362A0 |. 55
PUSH EBP
004362A1 |. 8BEC
MOV EBP,ESP
004362A3 |. 51
PUSH ECX
004362A4 |. 51
PUSH ECX
004362A5 |. A1 A0154500 MOV EAX,DWORD PTR DS:[4515A0]
004362AA |. 33C5
XOR EAX,EBP
004362AC |. 8945 FC
MOV DWORD PTR SS:[LOCAL.1],EAX
004362AF |. A1 68304500 MOV EAX,DWORD PTR DS:[453068]
004362B4 |. 53
PUSH EBX

; SystemInf

; /Arg1 =>
; |
; \SystemIn

; SystemInf

; /Arg2 = 0
; |Arg1 =>
; \SystemIn

; SystemInf

004362B5 |. 56
PUSH ESI
004362B6 |. 33DB
XOR EBX,EBX
004362B8 |. 57
PUSH EDI
004362B9 |. 8BF9
MOV EDI,ECX
004362BB |. 3BC3
CMP EAX,EBX
004362BD |. 75 3A
JNE SHORT 004362F9
004362BF |. 8D45 F8
LEA EAX,[LOCAL.2]
004362C2 |. 50
PUSH EAX
e => OFFSET LOCAL.2
004362C3 |. 33F6
XOR ESI,ESI
004362C5 |. 46
INC ESI
004362C6 |. 56
PUSH ESI
1
004362C7 |. 68 D49B4400 PUSH OFFSET 00449BD4
""
004362CC |. 56
PUSH ESI
=> CT_CTYPE1
004362CD |. FF15 A8814400 CALL DWORD PTR DS:[<&KERNEL32.GetStringT
.GetStringTypeW
004362D3 |. 85C0
TEST EAX,EAX
004362D5 |. 74 08
JE SHORT 004362DF
004362D7 |. 8935 68304500 MOV DWORD PTR DS:[453068],ESI
004362DD |. EB 34
JMP SHORT 00436313
004362DF |> FF15 58804400 CALL DWORD PTR DS:[<&KERNEL32.GetLastErr
.GetLastError
004362E5 |. 83F8 78
CMP EAX,78
=> ERROR_CALL_NOT_IMPLEMENTED
004362E8 |. 75 0A
JNE SHORT 004362F4
004362EA |. 6A 02
PUSH 2
004362EC |. 58
POP EAX
004362ED |. A3 68304500 MOV DWORD PTR DS:[453068],EAX
004362F2 |. EB 05
JMP SHORT 004362F9
004362F4 |> A1 68304500 MOV EAX,DWORD PTR DS:[453068]
004362F9 |> 83F8 02
CMP EAX,2
004362FC |. 0F84 CF000000 JE 004363D1
00436302 |. 3BC3
CMP EAX,EBX
00436304 |. 0F84 C7000000 JE 004363D1
0043630A |. 83F8 01
CMP EAX,1
0043630D |. 0F85 E8000000 JNE 004363FB
00436313 |> 895D F8
MOV DWORD PTR SS:[LOCAL.2],EBX
00436316 |. 395D 18
CMP DWORD PTR SS:[ARG.5],EBX
00436319 |. 75 08
JNE SHORT 00436323
0043631B |. 8B07
MOV EAX,DWORD PTR DS:[EDI]
0043631D |. 8B40 04
MOV EAX,DWORD PTR DS:[EAX+4]
00436320 |. 8945 18
MOV DWORD PTR SS:[ARG.5],EAX
00436323 |> 8B35 50814400 MOV ESI,DWORD PTR DS:[<&KERNEL32.MultiBy
00436329 |. 33C0
XOR EAX,EAX
0043632B |. 395D 20
CMP DWORD PTR SS:[ARG.7],EBX
0043632E |. 53
PUSH EBX
t => 0
0043632F |. 53
PUSH EBX
=> NULL
00436330 |. FF75 10
PUSH DWORD PTR SS:[ARG.3]
nt => [ARG.3]
00436333 |. 0F95C0
SETNE AL
00436336 |. FF75 0C
PUSH DWORD PTR SS:[ARG.2]
e => [ARG.2]
00436339 |. 8D04C5 010000 LEA EAX,[EAX*8+1]
00436340 |. 50
PUSH EAX
00436341 |. FF75 18
PUSH DWORD PTR SS:[ARG.5]

; /pCharTyp
; |
; |
; |Count =>
; |String =
; |InfoType
; \KERNEL32

; [KERNEL32
; CONST 78

; /WideCoun
; |WideChar
; |MultiCou
; |
; |MultiByt
; |
; |Flags
; |CodePage

=> [ARG.5]
00436344 |. FFD6
.MultiByteToWideChar
00436346 |. 8BF8
00436348 |. 3BFB
0043634A |. 0F84 AB000000
00436350 |. 7E 3C
00436352 |. 81FF F0FFFF7F
00436358 |. 77 34
0043635A |. 8D443F 08
0043635E |. 3D 00040000
00436363 |. 77 13
00436365 |. E8 367D0000
0043636A |. 8BC4
0043636C |. 3BC3
0043636E |. 74 1C
00436370 |. C700 CCCC0000
00436376 |. EB 11
00436378 |> 50
00436379 |. E8 B8F6FFFF
fo.00435A36
0043637E |. 59
0043637F |. 3BC3
00436381 |. 74 09
00436383 |. C700 DDDD0000
00436389 |> 83C0 08
0043638C |> 8BD8
0043638E |> 85DB
00436390 |. 74 69
00436392 |. 8D043F
00436395 |. 50
00436396 |. 6A 00
00436398 |. 53
00436399 |. E8 0285FFFF
fo.0042E8A0
0043639E |. 83C4 0C
004363A1 |. 57
004363A2 |. 53
004363A3 |. FF75 10
004363A6 |. FF75 0C
004363A9 |. 6A 01
004363AB |. FF75 18
004363AE |. FFD6
004363B0 |. 85C0
004363B2 |. 74 11
004363B4 |. FF75 14
e => [ARG.4]
004363B7 |. 50
004363B8 |. 53
004363B9 |. FF75 08
=> [ARG.1]
004363BC |. FF15 A8814400
.GetStringTypeW
004363C2 |. 8945 F8
004363C5 |> 53
004363C6 |. E8 12E4FFFF
004363CB |. 8B45 F8
004363CE |. 59
004363CF |. EB 75
004363D1 |> 33F6

CALL ESI

; \KERNEL32

MOV EDI,EAX
CMP EDI,EBX
JE 004363FB
JLE SHORT 0043638E
CMP EDI,7FFFFFF0
JA SHORT 0043638E
LEA EAX,[EDI+EDI+8]
CMP EAX,400
JA SHORT 00436378
CALL 0043E0A0
MOV EAX,ESP
CMP EAX,EBX
JE SHORT 0043638C
MOV DWORD PTR DS:[EAX],0CCCC
JMP SHORT 00436389
PUSH EAX
CALL 00435A36

; /Arg1
; \SystemIn

POP ECX
CMP EAX,EBX
JE SHORT 0043638C
MOV DWORD PTR DS:[EAX],0DDDD
ADD EAX,8
MOV EBX,EAX
TEST EBX,EBX
JE SHORT 004363FB
LEA EAX,[EDI+EDI]
PUSH EAX
PUSH 0
PUSH EBX
CALL 0042E8A0

;
;
;
;

ADD ESP,0C
PUSH EDI
PUSH EBX
PUSH DWORD PTR SS:[ARG.3]
PUSH DWORD PTR SS:[ARG.2]
PUSH 1
PUSH DWORD PTR SS:[ARG.5]
CALL ESI
TEST EAX,EAX
JE SHORT 004363C5
PUSH DWORD PTR SS:[ARG.4]

; /pCharTyp

PUSH EAX
PUSH EBX
PUSH DWORD PTR SS:[ARG.1]

; |Count
; |String
; |InfoType

/Arg3
|Arg2 = 0
|Arg1
\SystemIn

CALL DWORD PTR DS:[<&KERNEL32.GetStringT ; \KERNEL32


MOV DWORD PTR SS:[LOCAL.2],EAX
PUSH EBX
CALL 004347DD
MOV EAX,DWORD PTR SS:[LOCAL.2]
POP ECX
JMP SHORT 00436446
XOR ESI,ESI

004363D3 |. 395D 1C
004363D6 |. 75 08
004363D8 |. 8B07
004363DA |. 8B40 14
004363DD |. 8945 1C
004363E0 |> 395D 18
004363E3 |. 75 08
004363E5 |. 8B07
004363E7 |. 8B40 04
004363EA |. 8945 18
004363ED |> FF75 1C
[ARG.6]
004363F0 |. E8 AE7A0000
fo.0043DEA3
004363F5 |. 59
004363F6 |. 83F8 FF
004363F9 |. 75 04
004363FB |> 33C0
004363FD |. EB 47
004363FF |> 3B45 18
00436402 |. 74 1E
00436404 |. 53
00436405 |. 53
00436406 |. 8D4D 10
00436409 |. 51
OFFSET ARG.3
0043640A |. FF75 0C
[ARG.2]
0043640D |. 50
0043640E |. FF75 18
[ARG.5]
00436411 |. E8 D67A0000
fo.0043DEEC
00436416 |. 8BF0
00436418 |. 83C4 18
0043641B |. 3BF3
0043641D |.^ 74 DC
0043641F |. 8975 0C
00436422 |> FF75 14
e => [ARG.4]
00436425 |. FF75 10
[ARG.3]
00436428 |. FF75 0C
> [ARG.2]
0043642B |. FF75 08
=> [ARG.1]
0043642E |. FF75 1C
> [ARG.6]
00436431 |. FF15 A4814400
.GetStringTypeExA
00436437 |. 8BF8
00436439 |. 3BF3
0043643B |. 74 07
0043643D |. 56
0043643E |. E8 9BCDFFFF
fo.004331DE
00436443 |. 59
00436444 |> 8BC7
00436446 |> 8D65 EC
00436449 |. 5F

CMP DWORD PTR SS:[ARG.6],EBX


JNE SHORT 004363E0
MOV EAX,DWORD PTR DS:[EDI]
MOV EAX,DWORD PTR DS:[EAX+14]
MOV DWORD PTR SS:[ARG.6],EAX
CMP DWORD PTR SS:[ARG.5],EBX
JNE SHORT 004363ED
MOV EAX,DWORD PTR DS:[EDI]
MOV EAX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[ARG.5],EAX
PUSH DWORD PTR SS:[ARG.6]

; /Arg1 =>

CALL 0043DEA3

; \SystemIn

POP ECX
CMP EAX,-1
JNE SHORT 004363FF
XOR EAX,EAX
JMP SHORT 00436446
CMP EAX,DWORD PTR SS:[ARG.5]
JE SHORT 00436422
PUSH EBX
PUSH EBX
LEA ECX,[ARG.3]
PUSH ECX

;
;
;
;

PUSH DWORD PTR SS:[ARG.2]

; |Arg3 =>

PUSH EAX
PUSH DWORD PTR SS:[ARG.5]

; |Arg2
; |Arg1 =>

CALL 0043DEEC

; \SystemIn

MOV ESI,EAX
ADD ESP,18
CMP ESI,EBX
JE SHORT 004363FB
MOV DWORD PTR SS:[ARG.2],ESI
PUSH DWORD PTR SS:[ARG.4]

; /pCharTyp

PUSH DWORD PTR SS:[ARG.3]

; |Count =>

PUSH DWORD PTR SS:[ARG.2]

; |String =

PUSH DWORD PTR SS:[ARG.1]

; |InfoType

PUSH DWORD PTR SS:[ARG.6]

; |Locale =

/Arg6
|Arg5
|
|Arg4 =>

CALL DWORD PTR DS:[<&KERNEL32.GetStringT ; \KERNEL32


MOV EDI,EAX
CMP ESI,EBX
JE SHORT 00436444
PUSH ESI
CALL 004331DE
POP
MOV
LEA
POP

ECX
EAX,EDI
ESP,[LOCAL.5]
EDI

; /Arg1
; \SystemIn

0043644A |. 5E
POP ESI
0043644B |. 5B
POP EBX
0043644C |. 8B4D FC
MOV ECX,DWORD PTR SS:[LOCAL.1]
0043644F |. 33CD
XOR ECX,EBP
00436451 |. E8 9B82FFFF CALL 0042E6F1
00436456 |. C9
LEAVE
00436457 \. C3
RETN
00436458 /$ 8BFF
MOV EDI,EDI
o.00436458(guessed Arg1,Arg2,Arg3,Arg4,Arg5,Arg6,Arg7,Arg8)
0043645A |. 55
PUSH EBP
0043645B |. 8BEC
MOV EBP,ESP
0043645D |. 83EC 10
SUB ESP,10
00436460 |. FF75 08
PUSH DWORD PTR SS:[ARG.1]
[ARG.1]
00436463 |. 8D4D F0
LEA ECX,[LOCAL.4]
00436466 |. E8 FA87FFFF CALL 0042EC65
fo.0042EC65
0043646B |. FF75 24
PUSH DWORD PTR SS:[ARG.8]
[ARG.8]
0043646E |. 8D4D F0
LEA ECX,[LOCAL.4]
00436471 |. FF75 20
PUSH DWORD PTR SS:[ARG.7]
[ARG.7]
00436474 |. FF75 1C
PUSH DWORD PTR SS:[ARG.6]
[ARG.6]
00436477 |. FF75 18
PUSH DWORD PTR SS:[ARG.5]
[ARG.5]
0043647A |. FF75 14
PUSH DWORD PTR SS:[ARG.4]
[ARG.4]
0043647D |. FF75 10
PUSH DWORD PTR SS:[ARG.3]
[ARG.3]
00436480 |. FF75 0C
PUSH DWORD PTR SS:[ARG.2]
[ARG.2]
00436483 |. E8 16FEFFFF CALL 0043629E
fo.0043629E
00436488 |. 83C4 1C
ADD ESP,1C
0043648B |. 807D FC 00
CMP BYTE PTR SS:[LOCAL.1],0
0043648F |. 74 07
JE SHORT 00436498
00436491 |. 8B4D F8
MOV ECX,DWORD PTR SS:[LOCAL.2]
00436494 |. 8361 70 FD
AND DWORD PTR DS:[ECX+70],FFFFFFFD
00436498 |> C9
LEAVE
00436499 \. C3
RETN
0043649A /$ 8BFF
MOV EDI,EDI
o.0043649A(guessed Arg1,Arg2,Arg3,Arg4,Arg5)
0043649C |. 55
PUSH EBP
0043649D |. 8BEC
MOV EBP,ESP
0043649F |. 81EC 94000000 SUB ESP,94
004364A5 |. A1 A0154500 MOV EAX,DWORD PTR DS:[4515A0]
004364AA |. 33C5
XOR EAX,EBP
004364AC |. 8945 FC
MOV DWORD PTR SS:[LOCAL.1],EAX
004364AF |. 8B45 08
MOV EAX,DWORD PTR SS:[ARG.1]
004364B2 |. 53
PUSH EBX
004364B3 |. 56
PUSH ESI
004364B4 |. 8B75 18
MOV ESI,DWORD PTR SS:[ARG.5]
004364B7 |. 33DB
XOR EBX,EBX
004364B9 |. 837D 0C 01
CMP DWORD PTR SS:[ARG.2],1
004364BD |. 57
PUSH EDI
004364BE |. 8985 74FFFFFF MOV DWORD PTR SS:[LOCAL.35],EAX
004364C4 |. 89B5 6CFFFFFF MOV DWORD PTR SS:[LOCAL.37],ESI
004364CA |. 0F85 FE000000 JNE 004365CE
004364D0 |. 53
PUSH EBX

; SystemInf

; /Arg1 =>
; |
; \SystemIn
; /Arg7 =>
; |
; |Arg6 =>
; |Arg5 =>
; |Arg4 =>
; |Arg3 =>
; |Arg2 =>
; |Arg1 =>
; \SystemIn

; SystemInf

; /Arg6 =>

0
004364D1 |. 68 80000000 PUSH 80
0
004364D6 |. 8DBD 7CFFFFFF LEA EDI,[LOCAL.33]
004364DC |. 8BCF
MOV ECX,EDI
004364DE |. 51
PUSH ECX
OFFSET LOCAL.33
004364DF |. FF75 14
PUSH DWORD PTR SS:[ARG.4]
[ARG.4]
004364E2 |. 899D 78FFFFFF MOV DWORD PTR SS:[LOCAL.34],EBX
004364E8 |. FF75 10
PUSH DWORD PTR SS:[ARG.3]
[ARG.3]
004364EB |. 50
PUSH EAX
[ARG.1]
004364EC |. E8 91830000 CALL 0043E882
fo.0043E882
004364F1 |. 8BF0
MOV ESI,EAX
004364F3 |. 83C4 18
ADD ESP,18
004364F6 |. 3BF3
CMP ESI,EBX
004364F8 |. 75 6A
JNE SHORT 00436564
004364FA |. FF15 58804400 CALL DWORD PTR DS:[<&KERNEL32.GetLastErr
.GetLastError
00436500 |. 83F8 7A
CMP EAX,7A
=> ERROR_INSUFFICIENT_BUFFER
00436503 |. 0F85 80000000 JNE 00436589
00436509 |. 53
PUSH EBX
0043650A |. 53
PUSH EBX
0043650B |. 53
PUSH EBX
0043650C |. FF75 14
PUSH DWORD PTR SS:[ARG.4]
[ARG.4]
0043650F |. FF75 10
PUSH DWORD PTR SS:[ARG.3]
[ARG.3]
00436512 |. FFB5 74FFFFFF PUSH DWORD PTR SS:[LOCAL.35]
[ARG.1]
00436518 |. E8 65830000 CALL 0043E882
fo.0043E882
0043651D |. 83C4 18
ADD ESP,18
00436520 |. 8985 70FFFFFF MOV DWORD PTR SS:[LOCAL.36],EAX
00436526 |. 3BC3
CMP EAX,EBX
00436528 |. 74 5F
JE SHORT 00436589
0043652A |. 33F6
XOR ESI,ESI
0043652C |. 46
INC ESI
0043652D |. 56
PUSH ESI
1
0043652E |. 50
PUSH EAX
0043652F |. E8 24E9FFFF CALL 00434E58
fo.00434E58
00436534 |. 8BF8
MOV EDI,EAX
00436536 |. 59
POP ECX
00436537 |. 59
POP ECX
00436538 |. 3BFB
CMP EDI,EBX
0043653A |. 74 4D
JE SHORT 00436589
0043653C |. 53
PUSH EBX
0043653D |. FFB5 70FFFFFF PUSH DWORD PTR SS:[LOCAL.36]
[LOCAL.36]
00436543 |. 89B5 78FFFFFF MOV DWORD PTR SS:[LOCAL.34],ESI
00436549 |. 57
PUSH EDI
0043654A |. FF75 14
PUSH DWORD PTR SS:[ARG.4]
[ARG.4]
0043654D |. FF75 10
PUSH DWORD PTR SS:[ARG.3]

; |Arg5 = 8
; |
; |
; |Arg4 =>
; |Arg3 =>
; |
; |Arg2 =>
; |Arg1 =>
; \SystemIn

; [KERNEL32
; CONST 7A
;
;
;
;

/Arg6
|Arg5
|Arg4
|Arg3 =>

; |Arg2 =>
; |Arg1 =>
; \SystemIn

; /Arg2 =>
; |Arg1
; \SystemIn

; /Arg6
; |Arg5 =>
; |
; |Arg4
; |Arg3 =>
; |Arg2 =>

[ARG.3]
00436550 |.
[ARG.1]
00436556 |.
fo.0043E882
0043655B |.
0043655D |.
00436560 |.
00436562 |.
00436564 |>
00436566 |.
00436567 |.
fo.00434E58
0043656C |.
0043656D |.
0043656E |.
00436574 |.
00436576 |.
00436578 |.
0043657A |.
00436580 |.
00436582 |>
00436583 |.
fo.004331DE
00436588 |.
00436589 |>
0043658C |>
0043658F |.
00436590 |.
00436591 |.
00436593 |.
00436594 |.
00436599 |.
0043659A |.
0043659B |>
0043659E |.
0043659F |.
004365A0 |.
004365A1 |.
004365A2 |.
fo.00438C50
004365A7 |.
004365AA |.
004365AC |.
004365AE |.
004365AF |.
004365B0 |.
004365B1 |.
004365B2 |.
004365B3 |.
004365B8 |.
004365BB |>
004365C1 |.
004365C3 |.
004365C4 |.
fo.004331DE
004365C9 |.
004365CA |>
004365CC |.^
004365CE |>

FFB5 74FFFFFF PUSH DWORD PTR SS:[LOCAL.35]

; |Arg1 =>

E8 27830000

CALL 0043E882

; \SystemIn

8BF0
83C4 18
3BF3
74 1E
6A 01
56
E8 ECE8FFFF

MOV ESI,EAX
ADD ESP,18
CMP ESI,EBX
JE SHORT 00436582
PUSH 1
PUSH ESI
CALL 00434E58

; /Arg2 = 1
; |Arg1
; \SystemIn

59
59
8B8D 6CFFFFFF
8901
3BC3
75 21
399D 78FFFFFF
74 07
57
E8 56CCFFFF

POP ECX
POP ECX
MOV ECX,DWORD PTR SS:[LOCAL.37]
MOV DWORD PTR DS:[ECX],EAX
CMP EAX,EBX
JNE SHORT 0043659B
CMP DWORD PTR SS:[LOCAL.34],EBX
JE SHORT 00436589
PUSH EDI
CALL 004331DE

; /Arg1
; \SystemIn

59
83C8 FF
8B4D FC
5F
5E
33CD
5B
E8 5881FFFF
C9
C3
8D4E FF
51
57
56
50
E8 A9260000

POP ECX
OR EAX,FFFFFFFF
MOV ECX,DWORD PTR SS:[LOCAL.1]
POP EDI
POP ESI
XOR ECX,EBP
POP EBX
CALL 0042E6F1
LEAVE
RETN
LEA ECX,[ESI-1]
PUSH ECX
PUSH EDI
PUSH ESI
PUSH EAX
CALL 00438C50

;
;
;
;
;

83C4 10
85C0
74 0D
53
53
53
53
53
E8 8281FFFF
83C4 14
399D 78FFFFFF
74 07
57
E8 15CCFFFF

ADD ESP,10
TEST EAX,EAX
JE SHORT 004365BB
PUSH EBX
PUSH EBX
PUSH EBX
PUSH EBX
PUSH EBX
CALL 0042E73A
ADD ESP,14
CMP DWORD PTR SS:[LOCAL.34],EBX
JE SHORT 004365CA
PUSH EDI
CALL 004331DE

; /Arg1
; \SystemIn

59
33C0
EB BE
395D 0C

POP
XOR
JMP
CMP

ECX
EAX,EAX
SHORT 0043658C
DWORD PTR SS:[ARG.2],EBX

/Arg4
|Arg3
|Arg2
|Arg1
\SystemIn

004365D1 |.^
004365D3 |.
004365D4 |.
004365D6 |.
004365DB |.
004365DC |.
004365DF |.
004365E2 |.
004365E3 |.
004365E8 |.
004365EB |.
004365ED |.^
004365EF |.
004365F1 |>
004365F3 |.
004365F6 |.
004365F7 |.
fo.00434D5F
004365FC |.
004365FD |.
004365FF |.^
00436601 |.
00436603 |.
00436605 |.
00436607 |.
00436609 |.
0043660B |.
0043660C |.
0043660D |.
00436613 |.
00436615 |.^
00436617 \.^
00436619 /$
0043661B |.
0043661C |.
0043661E |.
00436621 |.
00436626 |.
00436627 \.
00436628 /$
00436629 |.
0043662B |.
0043662E |.
00436631 |.
00436634 |.
00436637 |.
0043663A |.
0043663D |.
00436640 |.
00436642 |
00436648 |>
0043664C |.
00436651 |.
00436656 |.
0043665B |.
0043665F |.
00436664 |.
00436669 |.
0043666E |.
00436673 |.

75 B6
53
6A 04
BF 6C304500
57
FF75 14
FF75 10
50
E8 27810000
83C4 18
85C0
74 9A
881E
8A1F
0FB6C3
50
E8 63E7FFFF

JNE SHORT 00436589


PUSH EBX
PUSH 4
MOV EDI,OFFSET 0045306C
PUSH EDI
PUSH DWORD PTR SS:[ARG.4]
PUSH DWORD PTR SS:[ARG.3]
PUSH EAX
CALL 0043E70F
ADD ESP,18
TEST EAX,EAX
JE SHORT 00436589
MOV BYTE PTR DS:[ESI],BL
/MOV BL,BYTE PTR DS:[EDI]
|MOVZX EAX,BL
|PUSH EAX
|CALL 00434D5F

59
85C0
74 C9
8A06
B1 0A
F6E9
02C3
2C 30
47
47
81FF 74304500
8806
7C DA
EB B1
8BFF
55
8BEC
8B45 08
A3 74304500
5D
C3
55
8BEC
83EC 08
897D FC
8975 F8
8B75 0C
8B7D 08
8B4D 10
C1E9 07
EB 06
8D9B 00000000
660F6F06
660F6F4E 10
660F6F56 20
660F6F5E 30
660F7F07
660F7F4F 10
660F7F57 20
660F7F5F 30
660F6F66 40
660F6F6E 50

|POP ECX
|TEST EAX,EAX
|JE SHORT 004365CA
|MOV AL,BYTE PTR DS:[ESI]
|MOV CL,0A
|IMUL CL
|ADD AL,BL
|SUB AL,30
|INC EDI
|INC EDI
|CMP EDI,OFFSET 00453074
|MOV BYTE PTR DS:[ESI],AL
\JL SHORT 004365F1
JMP SHORT 004365CA
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
MOV EAX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR DS:[453074],EAX
POP EBP
RETN
PUSH EBP
MOV EBP,ESP
SUB ESP,8
MOV DWORD PTR SS:[LOCAL.1],EDI
MOV DWORD PTR SS:[LOCAL.2],ESI
MOV ESI,DWORD PTR SS:[ARG.2]
MOV EDI,DWORD PTR SS:[ARG.1]
MOV ECX,DWORD PTR SS:[ARG.3]
SHR ECX,7
JMP SHORT 00436648
LEA EBX,[EBX]
/MOVDQA XMM0,DQWORD PTR DS:[ESI]
|MOVDQA XMM1,DQWORD PTR DS:[ESI+10]
|MOVDQA XMM2,DQWORD PTR DS:[ESI+20]
|MOVDQA XMM3,DQWORD PTR DS:[ESI+30]
|MOVDQA DQWORD PTR DS:[EDI],XMM0
|MOVDQA DQWORD PTR DS:[EDI+10],XMM1
|MOVDQA DQWORD PTR DS:[EDI+20],XMM2
|MOVDQA DQWORD PTR DS:[EDI+30],XMM3
|MOVDQA XMM4,DQWORD PTR DS:[ESI+40]
|MOVDQA XMM5,DQWORD PTR DS:[ESI+50]

; /Arg1
; \SystemIn

00436678
0043667D
00436682
00436687
0043668C
00436691
00436696
0043669C
004366A2
004366A3
004366A5
004366A8
004366AB
004366AD
004366AE
004366AF
004366B0
004366B2
004366B5
004366B8
004366BB
004366BE
004366C1
004366C3
004366C4
004366C6
004366C9
004366CB
004366CD
004366D0
004366D2
004366D4
004366D5
004366D7
004366D9
004366DB
004366DE
004366E0
004366E2
004366E4
004366E6
004366E8
004366EB
004366ED
004366F0
004366F3
004366F5
004366F7
004366F9
004366FA
004366FB
004366FC
00436701
00436704
00436707
0043670A
0043670C
0043670E
00436711
00436714

|.
|.
|.
|.
|.
|.
|.
|.
|.
|.^
|.
|.
|.
|.
\.
/$
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.

660F6F76 60
660F6F7E 70
660F7F67 40
660F7F6F 50
660F7F77 60
660F7F7F 70
8DB6 80000000
8DBF 80000000
49
75 A3
8B75 F8
8B7D FC
8BE5
5D
C3
55
8BEC
83EC 1C
897D F4
8975 F8
895D FC
8B5D 0C
8BC3
99
8BC8
8B45 08
33CA
2BCA
83E1 0F
33CA
2BCA
99
8BF8
33FA
2BFA
83E7 0F
33FA
2BFA
8BD1
0BD7
75 4A
8B75 10
8BCE
83E1 7F
894D E8
3BF1
74 13
2BF1
56
53
50
E8 27FFFFFF
83C4 0C
8B45 08
8B4D E8
85C9
74 77
8B5D 10
8B55 0C
03D3

|MOVDQA XMM6,DQWORD PTR DS:[ESI+60]


|MOVDQA XMM7,DQWORD PTR DS:[ESI+70]
|MOVDQA DQWORD PTR DS:[EDI+40],XMM4
|MOVDQA DQWORD PTR DS:[EDI+50],XMM5
|MOVDQA DQWORD PTR DS:[EDI+60],XMM6
|MOVDQA DQWORD PTR DS:[EDI+70],XMM7
|LEA ESI,[ESI+80]
|LEA EDI,[EDI+80]
|DEC ECX
\JNE SHORT 00436648
MOV ESI,DWORD PTR SS:[LOCAL.2]
MOV EDI,DWORD PTR SS:[LOCAL.1]
MOV ESP,EBP
POP EBP
RETN
PUSH EBP
MOV EBP,ESP
SUB ESP,1C
MOV DWORD PTR SS:[EBP-0C],EDI
MOV DWORD PTR SS:[EBP-8],ESI
MOV DWORD PTR SS:[EBP-4],EBX
MOV EBX,DWORD PTR SS:[EBP+0C]
MOV EAX,EBX
CDQ
MOV ECX,EAX
MOV EAX,DWORD PTR SS:[EBP+8]
XOR ECX,EDX
SUB ECX,EDX
AND ECX,0000000F
XOR ECX,EDX
SUB ECX,EDX
CDQ
MOV EDI,EAX
XOR EDI,EDX
SUB EDI,EDX
AND EDI,0000000F
XOR EDI,EDX
SUB EDI,EDX
MOV EDX,ECX
OR EDX,EDI
JNE SHORT 00436732
MOV ESI,DWORD PTR SS:[EBP+10]
MOV ECX,ESI
AND ECX,0000007F
MOV DWORD PTR SS:[EBP-18],ECX
CMP ESI,ECX
JE SHORT 0043670A
SUB ESI,ECX
PUSH ESI
PUSH EBX
PUSH EAX
CALL 00436628
ADD ESP,0C
MOV EAX,DWORD PTR SS:[EBP+8]
MOV ECX,DWORD PTR SS:[EBP-18]
TEST ECX,ECX
JE SHORT 00436785
MOV EBX,DWORD PTR SS:[EBP+10]
MOV EDX,DWORD PTR SS:[EBP+0C]
ADD EDX,EBX

00436716 |. 2BD1
00436718 |. 8955 EC
0043671B |. 03D8
0043671D |. 2BD9
0043671F |. 895D F0
00436722 |. 8B75 EC
00436725 |. 8B7D F0
00436728 |. 8B4D E8
0043672B |. F3:A4
0043672D |. 8B45 08
00436730 |. EB 53
00436732 |> 3BCF
00436734 |. 75 35
00436736 |. F7D9
00436738 |. 83C1 10
0043673B |. 894D E4
0043673E |. 8B75 0C
00436741 |. 8B7D 08
00436744 |. 8B4D E4
00436747 |. F3:A4
00436749 |. 8B4D 08
0043674C |. 034D E4
0043674F |. 8B55 0C
00436752 |. 0355 E4
00436755 |. 8B45 10
00436758 |. 2B45 E4
0043675B |. 50
0043675C |. 52
0043675D |. 51
0043675E |. E8 4CFFFFFF
00436763 |. 83C4 0C
00436766 |. 8B45 08
00436769 |. EB 1A
0043676B |> 8B75 0C
0043676E |. 8B7D 08
00436771 |. 8B4D 10
00436774 |. 8BD1
00436776 |. C1E9 02
00436779 |. F3:A5
0043677B |. 8BCA
0043677D |. 83E1 03
00436780 |. F3:A4
00436782 |. 8B45 08
00436785 |> 8B5D FC
00436788 |. 8B75 F8
0043678B |. 8B7D F4
0043678E |. 8BE5
00436790 |. 5D
00436791 \. C3
00436792 /$ 8BFF
00436794 |. 55
00436795 |. 8BEC
00436797 |. 8B45 08
0043679A |. A3 78304500
0043679F |. 5D
004367A0 \. C3
004367A1 /$ 8BFF
o.004367A1(guessed Arg1)
004367A3 |. 55
004367A4 |. 8BEC

SUB EDX,ECX
MOV DWORD PTR SS:[EBP-14],EDX
ADD EBX,EAX
SUB EBX,ECX
MOV DWORD PTR SS:[EBP-10],EBX
MOV ESI,DWORD PTR SS:[EBP-14]
MOV EDI,DWORD PTR SS:[EBP-10]
MOV ECX,DWORD PTR SS:[EBP-18]
REP MOVS BYTE PTR ES:[EDI],BYTE PTR DS:[
MOV EAX,DWORD PTR SS:[EBP+8]
JMP SHORT 00436785
CMP ECX,EDI
JNE SHORT 0043676B
NEG ECX
ADD ECX,10
MOV DWORD PTR SS:[EBP-1C],ECX
MOV ESI,DWORD PTR SS:[EBP+0C]
MOV EDI,DWORD PTR SS:[EBP+8]
MOV ECX,DWORD PTR SS:[EBP-1C]
REP MOVS BYTE PTR ES:[EDI],BYTE PTR DS:[
MOV ECX,DWORD PTR SS:[EBP+8]
ADD ECX,DWORD PTR SS:[EBP-1C]
MOV EDX,DWORD PTR SS:[EBP+0C]
ADD EDX,DWORD PTR SS:[EBP-1C]
MOV EAX,DWORD PTR SS:[EBP+10]
SUB EAX,DWORD PTR SS:[EBP-1C]
PUSH EAX
PUSH EDX
PUSH ECX
CALL 004366AF
ADD ESP,0C
MOV EAX,DWORD PTR SS:[EBP+8]
JMP SHORT 00436785
MOV ESI,DWORD PTR SS:[EBP+0C]
MOV EDI,DWORD PTR SS:[EBP+8]
MOV ECX,DWORD PTR SS:[EBP+10]
MOV EDX,ECX
SHR ECX,2
REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS
MOV ECX,EDX
AND ECX,00000003
REP MOVS BYTE PTR ES:[EDI],BYTE PTR DS:[
MOV EAX,DWORD PTR SS:[EBP+8]
MOV EBX,DWORD PTR SS:[EBP-4]
MOV ESI,DWORD PTR SS:[EBP-8]
MOV EDI,DWORD PTR SS:[EBP-0C]
MOV ESP,EBP
POP EBP
RETN
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
MOV EAX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR DS:[453078],EAX
POP EBP
RETN
MOV EDI,EDI
; SystemInf
PUSH EBP
MOV EBP,ESP

004367A6 |. FF35 78304500 PUSH DWORD PTR DS:[453078]


004367AC |. E8 15E9FFFF CALL 004350C6
fo.004350C6
004367B1 |. 59
POP ECX
004367B2 |. 85C0
TEST EAX,EAX
004367B4 |. 74 0F
JE SHORT 004367C5
004367B6 |. FF75 08
PUSH DWORD PTR SS:[ARG.1]
004367B9 |. FFD0
CALL EAX
004367BB |. 59
POP ECX
004367BC |. 85C0
TEST EAX,EAX
004367BE |. 74 05
JE SHORT 004367C5
004367C0 |. 33C0
XOR EAX,EAX
004367C2 |. 40
INC EAX
004367C3 |. 5D
POP EBP
004367C4 |. C3
RETN
004367C5 |> 33C0
XOR EAX,EAX
004367C7 |. 5D
POP EBP
004367C8 \. C3
RETN
004367C9 /$ 8BFF
MOV EDI,EDI
o.004367C9(guessed Arg1,Arg2)
004367CB |. 55
PUSH EBP
004367CC |. 8BEC
MOV EBP,ESP
004367CE |. 51
PUSH ECX
004367CF |. 56
PUSH ESI
004367D0 |. 8B75 0C
MOV ESI,DWORD PTR SS:[ARG.2]
004367D3 |. 56
PUSH ESI
[ARG.2]
004367D4 |. E8 F74A0000 CALL 0043B2D0
fo.0043B2D0
004367D9 |. 8945 0C
MOV DWORD PTR SS:[ARG.2],EAX
004367DC |. 8B46 0C
MOV EAX,DWORD PTR DS:[ESI+0C]
004367DF |. 59
POP ECX
004367E0 |. A8 82
TEST AL,82
004367E2 |. 75 17
JNE SHORT 004367FB
004367E4 |. E8 14DCFFFF CALL 004343FD
fo.004343FD
004367E9 |. C700 09000000 MOV DWORD PTR DS:[EAX],9
004367EF |> 834E 0C 20
OR DWORD PTR DS:[ESI+0C],00000020
004367F3 |. 83C8 FF
OR EAX,FFFFFFFF
004367F6 |. E9 2F010000 JMP 0043692A
004367FB |> A8 40
TEST AL,40
004367FD |. 74 0D
JE SHORT 0043680C
004367FF |. E8 F9DBFFFF CALL 004343FD
fo.004343FD
00436804 |. C700 22000000 MOV DWORD PTR DS:[EAX],22
0043680A |.^ EB E3
JMP SHORT 004367EF
0043680C |> 53
PUSH EBX
0043680D |. 33DB
XOR EBX,EBX
0043680F |. A8 01
TEST AL,01
00436811 |. 74 16
JE SHORT 00436829
00436813 |. 895E 04
MOV DWORD PTR DS:[ESI+4],EBX
00436816 |. A8 10
TEST AL,10
00436818 |. 0F84 87000000 JE 004368A5
0043681E |. 8B4E 08
MOV ECX,DWORD PTR DS:[ESI+8]
00436821 |. 83E0 FE
AND EAX,FFFFFFFE
00436824 |. 890E
MOV DWORD PTR DS:[ESI],ECX
00436826 |. 8946 0C
MOV DWORD PTR DS:[ESI+0C],EAX
00436829 |> 8B46 0C
MOV EAX,DWORD PTR DS:[ESI+0C]
0043682C |. 83E0 EF
AND EAX,FFFFFFEF
0043682F |. 83C8 02
OR EAX,00000002

; /Arg1 = 0
; \SystemIn

; SystemInf

; /Arg1 =>
; \SystemIn

; [SystemIn

; [SystemIn

00436832 |.
00436835 |.
00436838 |.
0043683B |.
00436840 |.
00436842 |.
fo.0043B302
00436847 |.
0043684A |.
0043684C |.
0043684E |.
fo.0043B302
00436853 |.
00436856 |.
00436858 |.
0043685A |>
[ARG.2]
0043685D |.
fo.0043EA5D
00436862 |.
00436863 |.
00436865 |.
00436867 |>
00436868 |.
fo.0043B70B
0043686D |.
0043686E |>
00436875 |.
00436876 |.
0043687C |.
0043687F |.
00436881 |.
00436884 |.
00436886 |.
00436889 |.
0043688B |.
0043688C |.
0043688E |.
00436891 |.
00436893 |.
00436894 |.
00436895 |.
00436898 |.
0043689D |.
004368A0 |.
004368A3 |.
004368A5 |>
004368A8 |.
004368AB |.
004368AE |.
004368B0 |>
004368B3 |.
004368B6 |.
004368B8 |.
004368BB |.
004368BD |.
004368BF |.
004368C2 |.
004368C4 |.
004368C7 |.

8946 0C
895E 04
895D FC
A9 0C010000
75 2C
E8 BB4A0000

MOV DWORD PTR DS:[ESI+0C],EAX


MOV DWORD PTR DS:[ESI+4],EBX
MOV DWORD PTR SS:[LOCAL.1],EBX
TEST EAX,0000010C
JNE SHORT 0043686E
CALL 0043B302

; [SystemIn

83C0 20
3BF0
74 0C
E8 AF4A0000

ADD EAX,20
CMP ESI,EAX
JE SHORT 0043685A
CALL 0043B302

; [SystemIn

83C0 40
3BF0
75 0D
FF75 0C

ADD EAX,40
CMP ESI,EAX
JNE SHORT 00436867
PUSH DWORD PTR SS:[ARG.2]

; /Arg1 =>

E8 FB810000

CALL 0043EA5D

; \SystemIn

59
85C0
75 07
56
E8 9E4E0000

POP ECX
TEST EAX,EAX
JNE SHORT 0043686E
PUSH ESI
CALL 0043B70B

; /Arg1
; \SystemIn

59
F746 0C 08010
57
0F84 80000000
8B46 08
8B3E
8D48 01
890E
8B4E 18
2BF8
49
3BFB
894E 04
7E 1D
57
50
FF75 0C
E8 57490000
83C4 0C
8945 FC
EB 4D
83C8 20
8946 0C
83C8 FF
EB 79
8B4D 0C
83F9 FF
74 1B
83F9 FE
74 16
8BC1
83E0 1F
8BD1
C1FA 05
C1E0 06

POP ECX
TEST DWORD PTR DS:[ESI+0C],00000108
PUSH EDI
JE 004368FC
MOV EAX,DWORD PTR DS:[ESI+8]
MOV EDI,DWORD PTR DS:[ESI]
LEA ECX,[EAX+1]
MOV DWORD PTR DS:[ESI],ECX
MOV ECX,DWORD PTR DS:[ESI+18]
SUB EDI,EAX
DEC ECX
CMP EDI,EBX
MOV DWORD PTR DS:[ESI+4],ECX
JLE SHORT 004368B0
PUSH EDI
PUSH EAX
PUSH DWORD PTR SS:[ARG.2]
CALL 0043B1F4
ADD ESP,0C
MOV DWORD PTR SS:[LOCAL.1],EAX
JMP SHORT 004368F2
OR EAX,00000020
MOV DWORD PTR DS:[ESI+0C],EAX
OR EAX,FFFFFFFF
JMP SHORT 00436929
MOV ECX,DWORD PTR SS:[ARG.2]
CMP ECX,-1
JE SHORT 004368D3
CMP ECX,-2
JE SHORT 004368D3
MOV EAX,ECX
AND EAX,0000001F
MOV EDX,ECX
SAR EDX,5
SHL EAX,6

004368CA |. 030495 A03745 ADD EAX,DWORD PTR DS:[EDX*4+4537A0]


004368D1 |. EB 05
JMP SHORT 004368D8
004368D3 |> B8 90224500 MOV EAX,OFFSET 00452290
004368D8 |> F640 04 20
TEST BYTE PTR DS:[EAX+4],20
004368DC |. 74 14
JE SHORT 004368F2
004368DE |. 6A 02
PUSH 2
004368E0 |. 53
PUSH EBX
004368E1 |. 53
PUSH EBX
004368E2 |. 51
PUSH ECX
[ARG.2]
004368E3 |. E8 5C800000 CALL 0043E944
fo.0043E944
004368E8 |. 23C2
AND EAX,EDX
004368EA |. 83C4 10
ADD ESP,10
004368ED |. 83F8 FF
CMP EAX,-1
004368F0 |. 74 25
JE SHORT 00436917
004368F2 |> 8B46 08
MOV EAX,DWORD PTR DS:[ESI+8]
004368F5 |. 8A4D 08
MOV CL,BYTE PTR SS:[ARG.1]
004368F8 |. 8808
MOV BYTE PTR DS:[EAX],CL
004368FA |. EB 16
JMP SHORT 00436912
004368FC |> 33FF
XOR EDI,EDI
004368FE |. 47
INC EDI
004368FF |. 57
PUSH EDI
00436900 |. 8D45 08
LEA EAX,[ARG.1]
00436903 |. 50
PUSH EAX
00436904 |. FF75 0C
PUSH DWORD PTR SS:[ARG.2]
00436907 |. E8 E8480000 CALL 0043B1F4
0043690C |. 83C4 0C
ADD ESP,0C
0043690F |. 8945 FC
MOV DWORD PTR SS:[LOCAL.1],EAX
00436912 |> 397D FC
CMP DWORD PTR SS:[LOCAL.1],EDI
00436915 |. 74 09
JE SHORT 00436920
00436917 |> 834E 0C 20
OR DWORD PTR DS:[ESI+0C],00000020
0043691B |. 83C8 FF
OR EAX,FFFFFFFF
0043691E |. EB 08
JMP SHORT 00436928
00436920 |> 8B45 08
MOV EAX,DWORD PTR SS:[ARG.1]
00436923 |. 25 FF000000 AND EAX,000000FF
00436928 |> 5F
POP EDI
00436929 |> 5B
POP EBX
0043692A |> 5E
POP ESI
0043692B |. C9
LEAVE
0043692C \. C3
RETN
0043692D /$ 8BFF
MOV EDI,EDI
o.0043692D(guessed Arg1,Arg2,Arg3,Arg4,Arg5,Arg6)
0043692F |. 55
PUSH EBP
00436930 |. 8BEC
MOV EBP,ESP
00436932 |. 83EC 20
SUB ESP,20
00436935 |. 53
PUSH EBX
00436936 |. 33DB
XOR EBX,EBX
00436938 |. 395D 14
CMP DWORD PTR SS:[ARG.4],EBX
0043693B |. 75 20
JNE SHORT 0043695D
0043693D |. E8 BBDAFFFF CALL 004343FD
fo.004343FD
00436942 |. 53
PUSH EBX
00436943 |. 53
PUSH EBX
00436944 |. 53
PUSH EBX
00436945 |. 53
PUSH EBX
00436946 |. 53
PUSH EBX
00436947 |. C700 16000000 MOV DWORD PTR DS:[EAX],16
0043694D |. E8 107FFFFF CALL 0042E862
fo.0042E862

;
;
;
;

/Arg4 = 2
|Arg3
|Arg2
|Arg1 =>

; \SystemIn

; SystemInf

; [SystemIn
;
;
;
;
;
;
;

/Arg5
|Arg4
|Arg3
|Arg2
|Arg1
|
\SystemIn

00436952 |. 83C4 14
00436955 |. 83C8 FF
00436958 |. E9 99000000
0043695D |> 56
0043695E |. 8B75 0C
00436961 |. 57
00436962 |. 8B7D 10
00436965 |. 3BFB
00436967 |. 74 21
00436969 |. 3BF3
0043696B |. 75 1D
0043696D |. E8 8BDAFFFF
fo.004343FD
00436972 |. 53
00436973 |. 53
00436974 |. 53
00436975 |. 53
00436976 |. 53
00436977 |. C700 16000000
0043697D |. E8 E07EFFFF
fo.0042E862
00436982 |. 83C4 14
00436985 |. 83C8 FF
00436988 |. EB 6A
0043698A |> B8 FFFFFF7F
0043698F |. 8945 E4
00436992 |. 3BF8
00436994 |. 77 03
00436996 |. 897D E4
00436999 |> FF75 1C
0043699C |. 8D45 E0
0043699F |. FF75 18
004369A2 |. C745 EC 42000
004369A9 |. FF75 14
004369AC |. 8975 E8
004369AF |. 50
004369B0 |. 8975 E0
004369B3 |. FF55 08
004369B6 |. 83C4 10
004369B9 |. 8945 14
004369BC |. 3BF3
004369BE |. 74 34
004369C0 |. 3BC3
004369C2 |. 7C 22
004369C4 |. FF4D E4
004369C7 |. 78 07
004369C9 |. 8B45 E0
004369CC |. 8818
004369CE |. EB 11
004369D0 |> 8D45 E0
004369D3 |. 50
OFFSET LOCAL.8
004369D4 |. 53
004369D5 |. E8 EFFDFFFF
fo.004367C9
004369DA |. 59
004369DB |. 59
004369DC |. 83F8 FF
004369DF |. 74 05
004369E1 |> 8B45 14

ADD ESP,14
OR EAX,FFFFFFFF
JMP 004369F6
PUSH ESI
MOV ESI,DWORD PTR SS:[ARG.2]
PUSH EDI
MOV EDI,DWORD PTR SS:[ARG.3]
CMP EDI,EBX
JE SHORT 0043698A
CMP ESI,EBX
JNE SHORT 0043698A
CALL 004343FD

; [SystemIn

PUSH EBX
PUSH EBX
PUSH EBX
PUSH EBX
PUSH EBX
MOV DWORD PTR DS:[EAX],16
CALL 0042E862

;
;
;
;
;
;
;

ADD ESP,14
OR EAX,FFFFFFFF
JMP SHORT 004369F4
MOV EAX,7FFFFFFF
MOV DWORD PTR SS:[LOCAL.7],EAX
CMP EDI,EAX
JA SHORT 00436999
MOV DWORD PTR SS:[LOCAL.7],EDI
PUSH DWORD PTR SS:[ARG.6]
LEA EAX,[LOCAL.8]
PUSH DWORD PTR SS:[ARG.5]
MOV DWORD PTR SS:[LOCAL.5],42
PUSH DWORD PTR SS:[ARG.4]
MOV DWORD PTR SS:[LOCAL.6],ESI
PUSH EAX
MOV DWORD PTR SS:[LOCAL.8],ESI
CALL DWORD PTR SS:[ARG.1]
ADD ESP,10
MOV DWORD PTR SS:[ARG.4],EAX
CMP ESI,EBX
JE SHORT 004369F4
CMP EAX,EBX
JL SHORT 004369E6
DEC DWORD PTR SS:[LOCAL.7]
JS SHORT 004369D0
MOV EAX,DWORD PTR SS:[LOCAL.8]
MOV BYTE PTR DS:[EAX],BL
JMP SHORT 004369E1
LEA EAX,[LOCAL.8]
PUSH EAX

; /Arg2 =>

PUSH EBX
CALL 004367C9

; |Arg1
; \SystemIn

POP ECX
POP ECX
CMP EAX,-1
JE SHORT 004369E6
MOV EAX,DWORD PTR SS:[ARG.4]

/Arg5
|Arg4
|Arg3
|Arg2
|Arg1
|
\SystemIn

004369E4 |. EB 0E
004369E6 |> 33C0
004369E8 |. 395D E4
004369EB |. 885C3E FF
004369EF |. 0F9DC0
004369F2 |. 48
004369F3 |. 48
004369F4 |> 5F
004369F5 |. 5E
004369F6 |> 5B
004369F7 |. C9
004369F8 \. C3
004369F9 /$ 8BFF
004369FB |. 55
004369FC |. 8BEC
004369FE |. 53
004369FF |. 33DB
00436A01 |. 395D 10
00436A04 |. 75 1D
00436A06 |. E8 F2D9FFFF
fo.004343FD
00436A0B |. 53
00436A0C |. 53
00436A0D |. 53
00436A0E |. 53
00436A0F |. 53
00436A10 |. C700 16000000
00436A16 |. E8 477EFFFF
fo.0042E862
00436A1B |. 83C4 14
00436A1E |. 83C8 FF
00436A21 |. EB 5B
00436A23 |> 56
00436A24 |. 8B75 08
00436A27 |. 3BF3
00436A29 |. 74 05
00436A2B |. 395D 0C
00436A2E |. 77 0D
00436A30 |> E8 C8D9FFFF
fo.004343FD
00436A35 |. C700 16000000
00436A3B |. EB 30
00436A3D |> FF75 18
[ARG.5]
00436A40 |. FF75 14
[ARG.4]
00436A43 |. FF75 10
[ARG.3]
00436A46 |. FF75 0C
[ARG.2]
00436A49 |. 56
[ARG.1]
00436A4A |. 68 06ED4300
ystemInfo.43ED06
00436A4F |. E8 D9FEFFFF
fo.0043692D
00436A54 |. 83C4 18
00436A57 |. 3BC3
00436A59 |. 7D 02
00436A5B |. 881E

JMP SHORT 004369F4


XOR EAX,EAX
CMP DWORD PTR SS:[LOCAL.7],EBX
MOV BYTE PTR DS:[EDI+ESI-1],BL
SETGE AL
DEC EAX
DEC EAX
POP EDI
POP ESI
POP EBX
LEAVE
RETN
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
PUSH EBX
XOR EBX,EBX
CMP DWORD PTR SS:[ARG.3],EBX
JNE SHORT 00436A23
CALL 004343FD

; [SystemIn

PUSH EBX
PUSH EBX
PUSH EBX
PUSH EBX
PUSH EBX
MOV DWORD PTR DS:[EAX],16
CALL 0042E862

;
;
;
;
;
;
;

ADD ESP,14
OR EAX,FFFFFFFF
JMP SHORT 00436A7E
PUSH ESI
MOV ESI,DWORD PTR SS:[ARG.1]
CMP ESI,EBX
JE SHORT 00436A30
CMP DWORD PTR SS:[ARG.2],EBX
JA SHORT 00436A3D
CALL 004343FD

; [SystemIn

MOV DWORD PTR DS:[EAX],16


JMP SHORT 00436A6D
PUSH DWORD PTR SS:[ARG.5]

; /Arg6 =>

PUSH DWORD PTR SS:[ARG.4]

; |Arg5 =>

PUSH DWORD PTR SS:[ARG.3]

; |Arg4 =>

PUSH DWORD PTR SS:[ARG.2]

; |Arg3 =>

PUSH ESI

; |Arg2 =>

PUSH 0043ED06

; |Arg1 = S

CALL 0043692D

; \SystemIn

ADD
CMP
JGE
MOV

ESP,18
EAX,EBX
SHORT 00436A5D
BYTE PTR DS:[ESI],BL

/Arg5
|Arg4
|Arg3
|Arg2
|Arg1
|
\SystemIn

00436A5D |>
00436A60 |.
00436A62 |.
fo.004343FD
00436A67 |.
00436A6D |>
00436A6E |.
00436A6F |.
00436A70 |.
00436A71 |.
00436A72 |.
fo.0042E862
00436A77 |.
00436A7A |.
00436A7D |>
00436A7E |>
00436A7F |.
00436A80 \.
00436A81 /$
00436A83 |.
00436A84 |.
00436A86 |.
00436A89 |.
00436A8A |.
[ARG.2]
00436A8D |.
00436A90 |.
fo.0042EC65
00436A95 |.
00436A98 |.
00436A9B |.
00436A9C |.
fo.0043FA22
00436AA1 |.
00436AA4 |.
00436AA6 |>
00436AA7 |.
00436AAA |.
00436AAB |.
fo.00434D5F
00436AB0 |.
00436AB2 |>
00436AB3 |.^
00436AB5 |.
00436AB8 |.
00436AB9 |.
fo.0043FA22
00436ABE |.
00436ABF |.
00436AC2 |.
00436AC4 |.
00436AC5 |.
00436AC6 |>
00436AC9 |.
00436ACF |.
00436AD1 |.
00436AD3 |.
00436AD5 |.
00436AD7 |.
00436AD8 |>

83F8 FE
75 1B
E8 96D9FFFF

CMP EAX,-2
JNE SHORT 00436A7D
CALL 004343FD

; [SystemIn

C700 22000000
53
53
53
53
53
E8 EB7DFFFF

MOV DWORD PTR DS:[EAX],22


PUSH EBX
PUSH EBX
PUSH EBX
PUSH EBX
PUSH EBX
CALL 0042E862

;
;
;
;
;
;

83C4
83C8
5E
5B
5D
C3
8BFF
55
8BEC
83EC
56
FF75

ADD ESP,14
OR EAX,FFFFFFFF
POP ESI
POP EBX
POP EBP
RETN
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
SUB ESP,10
PUSH ESI
PUSH DWORD PTR SS:[ARG.2]

; /Arg1 =>

8D4D F0
E8 D081FFFF

LEA ECX,[LOCAL.4]
CALL 0042EC65

; |
; \SystemIn

8B75 08
0FBE06
50
E8 818F0000

MOV ESI,DWORD PTR SS:[ARG.1]


MOVSX EAX,BYTE PTR DS:[ESI]
PUSH EAX
CALL 0043FA22

; /Arg1
; \SystemIn

83F8 65
EB 0C
46
0FB606
50
E8 AFE2FFFF

CMP EAX,65
JMP SHORT 00436AB2
/INC ESI
|MOVZX EAX,BYTE PTR DS:[ESI]
|PUSH EAX
|CALL 00434D5F

; /Arg1
; \SystemIn

85C0
59
75 F1
0FBE06
50
E8 648F0000

|TEST EAX,EAX
|POP ECX
\JNE SHORT 00436AA6
MOVSX EAX,BYTE PTR DS:[ESI]
PUSH EAX
CALL 0043FA22

; /Arg1
; \SystemIn

59
83F8 78
75 02
46
46
8B4D F0
8B89 BC000000
8B09
8A06
8A09
880E
46
8A0E

POP ECX
CMP EAX,78
JNE SHORT 00436AC6
INC ESI
INC ESI
MOV ECX,DWORD PTR SS:[LOCAL.4]
MOV ECX,DWORD PTR DS:[ECX+0BC]
MOV ECX,DWORD PTR DS:[ECX]
MOV AL,BYTE PTR DS:[ESI]
MOV CL,BYTE PTR DS:[ECX]
MOV BYTE PTR DS:[ESI],CL
INC ESI
/MOV CL,BYTE PTR DS:[ESI]

14
FF

10
0C

/Arg5
|Arg4
|Arg3
|Arg2
|Arg1
\SystemIn

00436ADA |.
00436ADC |.
00436ADE |.
00436AE0 |.
00436AE1 |.
00436AE3 |.^
00436AE5 |.
00436AE6 |.
00436AE9 |.
00436AEB |.
00436AEE |.
00436AF2 |>
00436AF3 \.
00436AF4 /$
00436AF6 |.
00436AF7 |.
00436AF9 |.
00436AFC |.
00436AFD |.
[ARG.2]
00436B00 |.
00436B03 |.
fo.0042EC65
00436B08 |.
00436B0B |.
00436B0D |.
00436B10 |.
00436B12 |.
00436B14 |.
00436B1A |.
00436B1C |.
00436B1E |>
00436B20 |.
00436B22 |.
00436B23 |.
00436B25 |.
00436B27 |.^
00436B29 |>
00436B2B |.
00436B2C |.
00436B2E |.
00436B30 |.
00436B32 |>
00436B35 |.
00436B37 |.
00436B3A |.
00436B3C |.
00436B3D |>
00436B3F |.
00436B41 |.^
00436B43 |>
00436B45 |>
00436B46 |.
00436B49 |.^
00436B4B |.
00436B51 |.
00436B53 |.
00436B54 |.
00436B56 |.
00436B58 |.

8806
8AC1
8A0E
46
84C9
75 F3
5E
384D FC
74 07
8B45 F8
8360 70 FD
C9
C3
8BFF
55
8BEC
83EC 10
56
FF75 0C

|MOV BYTE PTR DS:[ESI],AL


|MOV AL,CL
|MOV CL,BYTE PTR DS:[ESI]
|INC ESI
|TEST CL,CL
\JNE SHORT 00436AD8
POP ESI
CMP BYTE PTR SS:[LOCAL.1],CL
JE SHORT 00436AF2
MOV EAX,DWORD PTR SS:[LOCAL.2]
AND DWORD PTR DS:[EAX+70],FFFFFFFD
LEAVE
RETN
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
SUB ESP,10
PUSH ESI
PUSH DWORD PTR SS:[ARG.2]

; /Arg1 =>

8D4D F0
E8 5D81FFFF

LEA ECX,[LOCAL.4]
CALL 0042EC65

; |
; \SystemIn

8B45 08
8A08
8B75 F0
84C9
74 15
8B96 BC000000
8B12
8A12
3ACA
74 07
40
8A08
84C9
75 F5
8A08
40
84C9
74 36
EB 0B
80F9 65
74 0C
80F9 45
74 07
40
8A08
84C9
75 EF
8BD0
48
8038 30
74 FA
8B8E BC000000
8B09
53
8A18
3A19
5B

MOV EAX,DWORD PTR SS:[ARG.1]


MOV CL,BYTE PTR DS:[EAX]
MOV ESI,DWORD PTR SS:[LOCAL.4]
TEST CL,CL
JE SHORT 00436B29
MOV EDX,DWORD PTR DS:[ESI+0BC]
MOV EDX,DWORD PTR DS:[EDX]
MOV DL,BYTE PTR DS:[EDX]
/CMP CL,DL
|JE SHORT 00436B29
|INC EAX
|MOV CL,BYTE PTR DS:[EAX]
|TEST CL,CL
\JNE SHORT 00436B1E
MOV CL,BYTE PTR DS:[EAX]
INC EAX
TEST CL,CL
JE SHORT 00436B66
JMP SHORT 00436B3D
/CMP CL,65
|JE SHORT 00436B43
|CMP CL,45
|JE SHORT 00436B43
|INC EAX
|MOV CL,BYTE PTR DS:[EAX]
|TEST CL,CL
\JNE SHORT 00436B32
MOV EDX,EAX
/DEC EAX
|CMP BYTE PTR DS:[EAX],30
\JE SHORT 00436B45
MOV ECX,DWORD PTR DS:[ESI+0BC]
MOV ECX,DWORD PTR DS:[ECX]
PUSH EBX
MOV BL,BYTE PTR DS:[EAX]
CMP BL,BYTE PTR DS:[ECX]
POP EBX

00436B59
00436B5B
00436B5C
00436B5E
00436B5F
00436B60
00436B62
00436B64
00436B66
00436B6A
00436B6B
00436B6D
00436B70
00436B74
00436B75
00436B76
00436B78
00436B79
00436B7B
00436B7D
00436B80
00436B82
00436B84
00436B87
00436B89
00436B8B
00436B8C
00436B8D
00436B8E
00436B90
00436B91
00436B92
00436B94
00436B95
00436B97
00436B98
00436B99
00436B9D
00436BA0
00436BA3
00436BA5
00436BA8
00436BA9
00436BAE
00436BB1
00436BB4
00436BB6
00436BB9
00436BBC
00436BBE
00436BC1
00436BC2
00436BC7
00436BCA
00436BCD
00436BCF
00436BD2
00436BD3
00436BD4
00436BD6

|.
|.
|>
|.
|.
|.
|.
|.^
|>
|.
|.
|.
|.
|>
\.
/.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
\.
/$
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|>
|.
\.
/.

75 01
48
8A0A
40
42
8808
84C9
75 F6
807D FC 00
5E
74 07
8B45 F8
8360 70 FD
C9
C3
8BFF
55
8BEC
D9EE
8B45 08
DC18
DFE0
F6C4 41
7A 05
33C0
40
5D
C3
33C0
5D
C3
8BFF
55
8BEC
51
51
837D 08 00
FF75 14
FF75 10
74 19
8D45 F8
50
E8 A08E0000
8B4D F8
8B45 0C
8908
8B4D FC
8948 04
EB 11
8D45 08
50
E8 2F8F0000
8B45 0C
8B4D 08
8908
83C4 0C
C9
C3
8BFF
55

JNE SHORT 00436B5C


DEC EAX
/MOV CL,BYTE PTR DS:[EDX]
|INC EAX
|INC EDX
|MOV BYTE PTR DS:[EAX],CL
|TEST CL,CL
\JNE SHORT 00436B5C
CMP BYTE PTR SS:[LOCAL.1],0
POP ESI
JE SHORT 00436B74
MOV EAX,DWORD PTR SS:[LOCAL.2]
AND DWORD PTR DS:[EAX+70],FFFFFFFD
LEAVE
RETN
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
FLDZ
MOV EAX,DWORD PTR SS:[ARG.1]
FCOMP QWORD PTR DS:[EAX]
FSTSW AX
TEST AH,41
JPE SHORT 00436B8E
XOR EAX,EAX
INC EAX
POP EBP
RETN
XOR EAX,EAX
POP EBP
RETN
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
PUSH ECX
PUSH ECX
CMP DWORD PTR SS:[ARG.1],0
PUSH DWORD PTR SS:[ARG.4]
PUSH DWORD PTR SS:[ARG.3]
JE SHORT 00436BBE
LEA EAX,[LOCAL.2]
PUSH EAX
CALL 0043FA4E
MOV ECX,DWORD PTR SS:[LOCAL.2]
MOV EAX,DWORD PTR SS:[ARG.2]
MOV DWORD PTR DS:[EAX],ECX
MOV ECX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR DS:[EAX+4],ECX
JMP SHORT 00436BCF
LEA EAX,[ARG.1]
PUSH EAX
CALL 0043FAF6
MOV EAX,DWORD PTR SS:[ARG.2]
MOV ECX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR DS:[EAX],ECX
ADD ESP,0C
LEAVE
RETN
MOV EDI,EDI
PUSH EBP

00436BD7 |.
00436BD9 |.
00436BDB |.
00436BDE |.
00436BE1 |.
00436BE4 |.
00436BE9 |.
00436BEC |.
00436BED \.
00436BEE /$
00436BF0 |.
00436BF1 |.
00436BF3 |.
00436BF5 |.
00436BF7 |.
ARG.EAX
00436BF8 |.
fo.0042E280
00436BFD |.
00436BFE |.
00436BFF |.
ARG.EAX
00436C00 |.
00436C02 |.
00436C03 |.
fo.00437610
00436C08 |.
00436C0B |>
00436C0C \.
00436C0D
00436C0F /.
00436C10 |.
00436C12 |.
00436C14 |.
00436C17 |.
00436C1C |.
00436C1D |.
00436C1E |.
00436C1F \.
00436C20 /.
00436C22 |.
00436C23 |.
00436C25 |.
00436C27 |.
00436C2A |.
00436C2F |.
00436C30 |.
00436C31 |.
00436C32 \.
00436C33 /$
00436C35 |.
00436C36 |.
00436C38 |.
00436C3B |.
00436C3C |.
00436C3D |.
00436C3E |.
[ARG.6]
00436C41 |.
00436C44 |.

8BEC
6A 00
FF75 10
FF75 0C
FF75 08
E8 A9FFFFFF
83C4 10
5D
C3
8BFF
56
8BF0
85FF
74 14
56

MOV EBP,ESP
PUSH 0
PUSH DWORD PTR SS:[ARG.3]
PUSH DWORD PTR SS:[ARG.2]
PUSH DWORD PTR SS:[ARG.1]
CALL 00436B92
ADD ESP,10
POP EBP
RETN
MOV EDI,EDI
PUSH ESI
MOV ESI,EAX
TEST EDI,EDI
JE SHORT 00436C0B
PUSH ESI

; /Arg1 =>

E8 8376FFFF

CALL 0042E280

; \SystemIn

40
50
56

INC EAX
PUSH EAX
PUSH ESI

; /Arg3
; |Arg2 =>

03F7
56
E8 080A0000

ADD ESI,EDI
PUSH ESI
CALL 00437610

; |
; |Arg1
; \SystemIn

83C4 10
5E
C3
8BFF
55
8BEC
6A 00
FF75 08
E8 65FEFFFF
59
59
5D
C3
8BFF
55
8BEC
6A 00
FF75 08
E8 C5FEFFFF
59
59
5D
C3
8BFF
55
8BEC
83EC 10
53
56
57
FF75 1C

ADD ESP,10
POP ESI
RETN
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
PUSH 0
PUSH DWORD PTR SS:[ARG.1]
CALL 00436A81
POP ECX
POP ECX
POP EBP
RETN
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
PUSH 0
PUSH DWORD PTR SS:[ARG.1]
CALL 00436AF4
POP ECX
POP ECX
POP EBP
RETN
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
SUB ESP,10
PUSH EBX
PUSH ESI
PUSH EDI
PUSH DWORD PTR SS:[ARG.6]

; /Arg1 =>

8D4D F0
8BD8

LEA ECX,[LOCAL.4]
MOV EBX,EAX

; |
; |

00436C46 |.
fo.0042EC65
00436C4B |.
00436C4D |.
00436C4F |.
00436C51 |>
fo.004343FD
00436C56 |.
00436C58 |>
00436C59 |.
00436C5A |.
00436C5B |.
00436C5C |.
00436C5D |.
00436C5E |.
00436C60 |.
fo.0042E862
00436C65 |.
00436C68 |.
00436C6C |.
00436C6E |.
00436C71 |.
00436C75 |>
00436C77 |.
00436C7C |>
00436C7F |.^
00436C81 |.
00436C84 |.
00436C86 |.
00436C89 |.
00436C8B |>
00436C8D |>
00436C90 |.
00436C93 |.
00436C95 |.
fo.004343FD
00436C9A |.
00436C9C |.^
00436C9E |>
00436CA2 |.
00436CA4 |.
00436CA7 |.
00436CA9 |.
00436CAC |.
00436CAF |.
00436CB1 |.
00436CB4 |.
00436CB7 |.
00436CB9 |.
00436CBB |.
00436CBD |.
00436CC2 |>
00436CC5 |.
00436CC8 |.
00436CCA |.
00436CCC |.
00436CCF |.
00436CD2 |>
00436CD6 |.
00436CD8 |.

E8 1A80FFFF

CALL 0042EC65

; \SystemIn

33F6
3BDE
75 2B
E8 A7D7FFFF

XOR ESI,ESI
CMP EBX,ESI
JNE SHORT 00436C7C
CALL 004343FD

; [SystemIn

6A 16
5F
56
56
56
56
56
8938
E8 FD7BFFFF

PUSH 16
POP EDI
PUSH ESI
PUSH ESI
PUSH ESI
PUSH ESI
PUSH ESI
MOV DWORD PTR DS:[EAX],EDI
CALL 0042E862

;
;
;
;
;
;
;

83C4 14
807D FC 00
74 07
8B45 F8
8360 70 FD
8BC7
E9 21010000
3975 08
76 D0
3975 0C
7E 05
8B45 0C
EB 02
33C0
83C0 09
3945 08
77 09
E8 63D7FFFF

ADD ESP,14
CMP BYTE PTR SS:[LOCAL.1],0
JE SHORT 00436C75
MOV EAX,DWORD PTR SS:[LOCAL.2]
AND DWORD PTR DS:[EAX+70],FFFFFFFD
MOV EAX,EDI
JMP 00436D9D
CMP DWORD PTR SS:[ARG.1],ESI
JBE SHORT 00436C51
CMP DWORD PTR SS:[ARG.2],ESI
JLE SHORT 00436C8B
MOV EAX,DWORD PTR SS:[ARG.2]
JMP SHORT 00436C8D
XOR EAX,EAX
ADD EAX,9
CMP DWORD PTR SS:[ARG.1],EAX
JA SHORT 00436C9E
CALL 004343FD

; [SystemIn

6A 22
EB BA
807D 18 00
74 1E
8B55 14
33C0
3975 0C
0F9FC0
33C9
833A 2D
0F94C1
8BF8
03CB
8BC1
E8 2CFFFFFF
8B7D 14
833F 2D
8BF3
75 06
C603 2D
8D73 01
837D 0C 00
7E 18
8D46 01

PUSH 22
JMP SHORT 00436C58
CMP BYTE PTR SS:[ARG.5],0
JE SHORT 00436CC2
MOV EDX,DWORD PTR SS:[ARG.4]
XOR EAX,EAX
CMP DWORD PTR SS:[ARG.2],ESI
SETG AL
XOR ECX,ECX
CMP DWORD PTR DS:[EDX],2D
SETE CL
MOV EDI,EAX
ADD ECX,EBX
MOV EAX,ECX
CALL 00436BEE
MOV EDI,DWORD PTR SS:[ARG.4]
CMP DWORD PTR DS:[EDI],2D
MOV ESI,EBX
JNE SHORT 00436CD2
MOV BYTE PTR DS:[EBX],2D
LEA ESI,[EBX+1]
CMP DWORD PTR SS:[ARG.2],0
JLE SHORT 00436CF0
LEA EAX,[ESI+1]

/Arg5
|Arg4
|Arg3
|Arg2
|Arg1
|
\SystemIn

00436CDB |.
00436CDD |.
00436CDF |.
00436CE1 |.
00436CE4 |.
00436CEA |.
00436CEC |.
00436CEE |.
00436CF0 |>
00436CF2 |.
00436CF5 |.
00436CF8 |.
00436CFB |.
00436CFD |.
00436D01 |.
00436D03 |.
00436D06 |.
00436D08 |>
00436D0A |.
00436D0D |>
SCII "e+000"
00436D12 |.
00436D13 |.
00436D14 |.
fo.0043597F
00436D19 |.
00436D1C |.
00436D1E |.
00436D20 |.
00436D22 |.
00436D23 |.
00436D24 |.
00436D25 |.
00436D26 |.
00436D27 |.
00436D2C |.
00436D2F |>
00436D32 |.
00436D35 |.
00436D37 |.
00436D3A |>
00436D3D |.
00436D3E |.
00436D41 |.
00436D43 |.
00436D46 |.
00436D47 |.
00436D49 |.
00436D4B |.
00436D4E |>
00436D4F |.
00436D52 |.
00436D54 |.
00436D55 |.
00436D57 |.
00436D58 |.
00436D5A |.
00436D5C |.
00436D5E |>
00436D5F |.

8A08
880E
8BF0
8B45 F0
8B80 BC000000
8B00
8A00
8806
33C0
3845 18
0F94C0
0345 0C
03F0
837D 08 FF
75 05
83CB FF
EB 05
2BDE
035D 08
68 24A84400

MOV CL,BYTE PTR DS:[EAX]


MOV BYTE PTR DS:[ESI],CL
MOV ESI,EAX
MOV EAX,DWORD PTR SS:[LOCAL.4]
MOV EAX,DWORD PTR DS:[EAX+0BC]
MOV EAX,DWORD PTR DS:[EAX]
MOV AL,BYTE PTR DS:[EAX]
MOV BYTE PTR DS:[ESI],AL
XOR EAX,EAX
CMP BYTE PTR SS:[ARG.5],AL
SETE AL
ADD EAX,DWORD PTR SS:[ARG.2]
ADD ESI,EAX
CMP DWORD PTR SS:[ARG.1],-1
JNE SHORT 00436D08
OR EBX,FFFFFFFF
JMP SHORT 00436D0D
SUB EBX,ESI
ADD EBX,DWORD PTR SS:[ARG.1]
PUSH OFFSET 0044A824

; /Arg3 = A

53
56
E8 66ECFFFF

PUSH EBX
PUSH ESI
CALL 0043597F

; |Arg2
; |Arg1
; \SystemIn

83C4 0C
33DB
85C0
74 0D
53
53
53
53
53
E8 0E7AFFFF
83C4 14
8D4E 02
395D 10
74 03
C606 45
8B47 0C
46
8038 30
74 2E
8B47 04
48
79 05
F7D8
C606 2D
46
83F8 64
7C 0A
99
6A 64
5F
F7FF
0006
8BC2
46
83F8 0A

ADD ESP,0C
XOR EBX,EBX
TEST EAX,EAX
JE SHORT 00436D2F
PUSH EBX
PUSH EBX
PUSH EBX
PUSH EBX
PUSH EBX
CALL 0042E73A
ADD ESP,14
LEA ECX,[ESI+2]
CMP DWORD PTR SS:[ARG.3],EBX
JE SHORT 00436D3A
MOV BYTE PTR DS:[ESI],45
MOV EAX,DWORD PTR DS:[EDI+0C]
INC ESI
CMP BYTE PTR DS:[EAX],30
JE SHORT 00436D71
MOV EAX,DWORD PTR DS:[EDI+4]
DEC EAX
JNS SHORT 00436D4E
NEG EAX
MOV BYTE PTR DS:[ESI],2D
INC ESI
CMP EAX,64
JL SHORT 00436D5E
CDQ
PUSH 64
POP EDI
IDIV EDI
ADD BYTE PTR DS:[ESI],AL
MOV EAX,EDX
INC ESI
CMP EAX,0A

00436D62 |. 7C 0A
00436D64 |. 99
00436D65 |. 6A 0A
00436D67 |. 5F
00436D68 |. F7FF
00436D6A |. 0006
00436D6C |. 8BC2
00436D6E |> 0046 01
00436D71 |> F605 90364500
00436D78 |. 74 14
00436D7A |. 8039 30
00436D7D |. 75 0F
00436D7F |. 6A 03
00436D81 |. 8D41 01
00436D84 |. 50
00436D85 |. 51
00436D86 |. E8 85080000
fo.00437610
00436D8B |. 83C4 0C
00436D8E |> 807D FC 00
00436D92 |. 74 07
00436D94 |. 8B45 F8
00436D97 |. 8360 70 FD
00436D9B |> 33C0
00436D9D |> 5F
00436D9E |. 5E
00436D9F |. 5B
00436DA0 |. C9
00436DA1 \. C3
00436DA2 /$ 8BFF
00436DA4 |. 55
00436DA5 |. 8BEC
00436DA7 |. 83EC 2C
00436DAA |. A1 A0154500
00436DAF |. 33C5
00436DB1 |. 8945 FC
00436DB4 |. 8B45 08
00436DB7 |. 53
00436DB8 |. 56
00436DB9 |. 57
00436DBA |. 8B7D 0C
00436DBD |. 6A 16
00436DBF |. 5E
00436DC0 |. 56
16
00436DC1 |. 8D4D E4
00436DC4 |. 51
OFFSET LOCAL.7
00436DC5 |. 8D4D D4
00436DC8 |. 51
OFFSET LOCAL.11
00436DC9 |. FF70 04
00436DCC |. FF30
00436DCE |. E8 478F0000
fo.0043FD1A
00436DD3 |. 33DB
00436DD5 |. 83C4 14
00436DD8 |. 3BFB
00436DDA |. 75 18
00436DDC |> E8 1CD6FFFF

JL SHORT 00436D6E
CDQ
PUSH 0A
POP EDI
IDIV EDI
ADD BYTE PTR DS:[ESI],AL
MOV EAX,EDX
ADD BYTE PTR DS:[ESI+1],AL
TEST BYTE PTR DS:[453690],01
JE SHORT 00436D8E
CMP BYTE PTR DS:[ECX],30
JNE SHORT 00436D8E
PUSH 3
LEA EAX,[ECX+1]
PUSH EAX
PUSH ECX
CALL 00437610

;
;
;
;
;

ADD ESP,0C
CMP BYTE PTR SS:[LOCAL.1],0
JE SHORT 00436D9B
MOV EAX,DWORD PTR SS:[LOCAL.2]
AND DWORD PTR DS:[EAX+70],FFFFFFFD
XOR EAX,EAX
POP EDI
POP ESI
POP EBX
LEAVE
RETN
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
SUB ESP,2C
MOV EAX,DWORD PTR DS:[4515A0]
XOR EAX,EBP
MOV DWORD PTR SS:[LOCAL.1],EAX
MOV EAX,DWORD PTR SS:[ARG.1]
PUSH EBX
PUSH ESI
PUSH EDI
MOV EDI,DWORD PTR SS:[ARG.2]
PUSH 16
POP ESI
PUSH ESI

; /Arg5 =>

LEA ECX,[LOCAL.7]
PUSH ECX

; |
; |Arg4 =>

LEA ECX,[LOCAL.11]
PUSH ECX

; |
; |Arg3 =>

PUSH DWORD PTR DS:[EAX+4]


PUSH DWORD PTR DS:[EAX]
CALL 0043FD1A

; |Arg2
; |Arg1
; \SystemIn

XOR EBX,EBX
ADD ESP,14
CMP EDI,EBX
JNE SHORT 00436DF4
CALL 004343FD

; [SystemIn

/Arg3 = 3
|
|Arg2
|Arg1
\SystemIn

fo.004343FD
00436DE1 |. 53
00436DE2 |. 53
00436DE3 |. 53
00436DE4 |. 53
00436DE5 |. 53
00436DE6 |. 8930
00436DE8 |. E8 757AFFFF
fo.0042E862
00436DED |. 83C4 14
00436DF0 |. 8BC6
00436DF2 |. EB 6F
00436DF4 |> 8B45 10
00436DF7 |. 3BC3
00436DF9 |.^ 76 E1
00436DFB |. 8B75 14
00436DFE |. 83F8 FF
00436E01 |. 75 05
00436E03 |. 83C8 FF
00436E06 |. EB 14
00436E08 |> 33C9
00436E0A |. 837D D4 2D
00436E0E |. 0F94C1
00436E11 |. 2BC1
00436E13 |. 33C9
00436E15 |. 3BF3
00436E17 |. 0F9FC1
00436E1A |. 2BC1
00436E1C |> 8D4D D4
00436E1F |. 51
OFFSET LOCAL.11
00436E20 |. 8D4E 01
00436E23 |. 51
00436E24 |. 50
00436E25 |. 33C0
00436E27 |. 837D D4 2D
00436E2B |. 0F94C0
00436E2E |. 33C9
00436E30 |. 3BF3
00436E32 |. 0F9FC1
00436E35 |. 03C7
00436E37 |. 03C8
00436E39 |. 51
00436E3A |. E8 5F8D0000
fo.0043FB9E
00436E3F |. 83C4 10
00436E42 |. 3BC3
00436E44 |. 74 04
00436E46 |. 881F
00436E48 |. EB 19
00436E4A |> FF75 1C
00436E4D |. 8D45 D4
00436E50 |. 53
00436E51 |. 50
00436E52 |. FF75 18
00436E55 |. 8BC7
00436E57 |. 56
00436E58 |. FF75 10
00436E5B |. E8 D3FDFFFF
00436E60 |. 83C4 18

PUSH EBX
PUSH EBX
PUSH EBX
PUSH EBX
PUSH EBX
MOV DWORD PTR DS:[EAX],ESI
CALL 0042E862

;
;
;
;
;
;
;

ADD ESP,14
MOV EAX,ESI
JMP SHORT 00436E63
MOV EAX,DWORD PTR SS:[ARG.3]
CMP EAX,EBX
JBE SHORT 00436DDC
MOV ESI,DWORD PTR SS:[ARG.4]
CMP EAX,-1
JNE SHORT 00436E08
OR EAX,FFFFFFFF
JMP SHORT 00436E1C
XOR ECX,ECX
CMP DWORD PTR SS:[LOCAL.11],2D
SETE CL
SUB EAX,ECX
XOR ECX,ECX
CMP ESI,EBX
SETG CL
SUB EAX,ECX
LEA ECX,[LOCAL.11]
PUSH ECX

; /Arg4 =>

LEA ECX,[ESI+1]
PUSH ECX
PUSH EAX
XOR EAX,EAX
CMP DWORD PTR SS:[LOCAL.11],2D
SETE AL
XOR ECX,ECX
CMP ESI,EBX
SETG CL
ADD EAX,EDI
ADD ECX,EAX
PUSH ECX
CALL 0043FB9E

;
;
;
;
;
;
;
;
;
;
;
;
;

ADD ESP,10
CMP EAX,EBX
JE SHORT 00436E4A
MOV BYTE PTR DS:[EDI],BL
JMP SHORT 00436E63
PUSH DWORD PTR SS:[ARG.6]
LEA EAX,[LOCAL.11]
PUSH EBX
PUSH EAX
PUSH DWORD PTR SS:[ARG.5]
MOV EAX,EDI
PUSH ESI
PUSH DWORD PTR SS:[ARG.3]
CALL 00436C33
ADD ESP,18

/Arg5
|Arg4
|Arg3
|Arg2
|Arg1
|
\SystemIn

|
|Arg3
|Arg2
|
|
|
|
|
|
|
|
|Arg1
\SystemIn

00436E63 |> 8B4D FC


MOV ECX,DWORD PTR SS:[LOCAL.1]
00436E66 |. 5F
POP EDI
00436E67 |. 5E
POP ESI
00436E68 |. 33CD
XOR ECX,EBP
00436E6A |. 5B
POP EBX
00436E6B |. E8 8178FFFF CALL 0042E6F1
00436E70 |. C9
LEAVE
00436E71 \. C3
RETN
00436E72 /$ 8BFF
MOV EDI,EDI
o.00436E72(guessed Arg1,Arg2,Arg3,Arg4,Arg5)
00436E74 |. 55
PUSH EBP
00436E75 |. 8BEC
MOV EBP,ESP
00436E77 |. 6A 00
PUSH 0
00436E79 |. FF75 18
PUSH DWORD PTR SS:[ARG.5]
00436E7C |. FF75 14
PUSH DWORD PTR SS:[ARG.4]
00436E7F |. FF75 10
PUSH DWORD PTR SS:[ARG.3]
00436E82 |. FF75 0C
PUSH DWORD PTR SS:[ARG.2]
00436E85 |. FF75 08
PUSH DWORD PTR SS:[ARG.1]
00436E88 |. E8 15FFFFFF CALL 00436DA2
00436E8D |. 83C4 18
ADD ESP,18
00436E90 |. 5D
POP EBP
00436E91 \. C3
RETN
00436E92 /$ 8BFF
MOV EDI,EDI
00436E94 |. 55
PUSH EBP
00436E95 |. 8BEC
MOV EBP,ESP
00436E97 |. 83EC 24
SUB ESP,24
00436E9A |. 56
PUSH ESI
00436E9B |. 57
PUSH EDI
00436E9C |. FF75 1C
PUSH DWORD PTR SS:[ARG.6]
[ARG.6]
00436E9F |. 8D4D DC
LEA ECX,[LOCAL.9]
00436EA2 |. C745 EC FF030 MOV DWORD PTR SS:[LOCAL.5],3FF
00436EA9 |. 33FF
XOR EDI,EDI
00436EAB |. C745 FC 30000 MOV DWORD PTR SS:[LOCAL.1],30
00436EB2 |. E8 AE7DFFFF CALL 0042EC65
fo.0042EC65
00436EB7 |. 397D 14
CMP DWORD PTR SS:[ARG.4],EDI
00436EBA |. 7D 03
JGE SHORT 00436EBF
00436EBC |. 897D 14
MOV DWORD PTR SS:[ARG.4],EDI
00436EBF |> 8B75 0C
MOV ESI,DWORD PTR SS:[ARG.2]
00436EC2 |. 3BF7
CMP ESI,EDI
00436EC4 |. 75 2B
JNE SHORT 00436EF1
00436EC6 |> E8 32D5FFFF CALL 004343FD
fo.004343FD
00436ECB |. 6A 16
PUSH 16
00436ECD |> 5E
POP ESI
00436ECE |. 57
PUSH EDI
00436ECF |. 57
PUSH EDI
00436ED0 |. 57
PUSH EDI
00436ED1 |. 57
PUSH EDI
00436ED2 |. 57
PUSH EDI
00436ED3 |. 8930
MOV DWORD PTR DS:[EAX],ESI
00436ED5 |. E8 8879FFFF CALL 0042E862
fo.0042E862
00436EDA |. 83C4 14
ADD ESP,14
00436EDD |. 807D E8 00
CMP BYTE PTR SS:[LOCAL.6],0
00436EE1 |. 74 07
JE SHORT 00436EEA
00436EE3 |. 8B45 E4
MOV EAX,DWORD PTR SS:[LOCAL.7]
00436EE6 |. 8360 70 FD
AND DWORD PTR DS:[EAX+70],FFFFFFFD
00436EEA |> 8BC6
MOV EAX,ESI

; SystemInf

; /Arg1 =>
;
;
;
;
;

|
|
|
|
\SystemIn

; [SystemIn

;
;
;
;
;
;
;

/Arg5
|Arg4
|Arg3
|Arg2
|Arg1
|
\SystemIn

00436EEC |.
00436EF1 |>
00436EF4 |.^
00436EF6 |.
00436EF9 |.
00436EFC |.
00436EFF |.
00436F02 |.
00436F04 |.
fo.004343FD
00436F09 |.
00436F0B |.^
00436F0D |>
00436F10 |.
00436F12 |.
00436F15 |.
00436F18 |.
00436F1A |.
00436F1D |.
00436F22 |.
00436F23 |.
00436F25 |.
00436F27 |.
00436F29 |.
00436F2F |.
00436F31 |.
00436F37 |.
00436F3A |.
00436F3D |.
00436F3F |.
00436F41 |.
00436F43 |>
00436F46 |>
00436F48 |.
[ARG.4]
00436F4B |.
00436F4E |.
00436F4F |.
00436F50 |.
[ARG.1]
00436F51 |.
fo.00436E72
00436F56 |.
00436F59 |.
00436F5B |.
00436F5D |.
00436F61 |.
00436F64 |.
00436F6A |.
00436F6D |.
00436F71 |.
00436F76 |>
00436F79 |.
00436F7B |.
00436F7E |.
00436F7F |>
00436F82 |.
00436F83 |.
00436F87 |.
5

E9 10030000
397D 10
76 D0
8B45 14
83C0 0B
C606 00
3945 10
77 09
E8 F4D4FFFF

JMP 00437201
CMP DWORD PTR SS:[ARG.3],EDI
JBE SHORT 00436EC6
MOV EAX,DWORD PTR SS:[ARG.4]
ADD EAX,0B
MOV BYTE PTR DS:[ESI],0
CMP DWORD PTR SS:[ARG.3],EAX
JA SHORT 00436F0D
CALL 004343FD

; [SystemIn

6A 22
EB C0
8B7D 08
8B07
8945 F4
8B47 04
8BC8
C1E9 14
BA FF070000
53
23CA
33DB
3BCA
0F85 90000000
85DB
0F85 88000000
8B45 10
83F8 FF
75 04
0BC0
EB 03
83C0 FE
6A 00
FF75 14

PUSH 22
JMP SHORT 00436ECD
MOV EDI,DWORD PTR SS:[ARG.1]
MOV EAX,DWORD PTR DS:[EDI]
MOV DWORD PTR SS:[LOCAL.3],EAX
MOV EAX,DWORD PTR DS:[EDI+4]
MOV ECX,EAX
SHR ECX,14
MOV EDX,7FF
PUSH EBX
AND ECX,EDX
XOR EBX,EBX
CMP ECX,EDX
JNE 00436FBF
TEST EBX,EBX
JNE 00436FBF
MOV EAX,DWORD PTR SS:[ARG.3]
CMP EAX,-1
JNE SHORT 00436F43
OR EAX,EAX
JMP SHORT 00436F46
ADD EAX,-2
PUSH 0
PUSH DWORD PTR SS:[ARG.4]

; /Arg5 = 0
; |Arg4 =>

8D5E 02
50
53
57

LEA EBX,[ESI+2]
PUSH EAX
PUSH EBX
PUSH EDI

;
;
;
;

E8 1CFFFFFF

CALL 00436E72

; \SystemIn

83C4 14
85C0
74 19
807D E8 00
C606 00
0F84 96020000
8B4D E4
8361 70 FD
E9 8A020000
803B 2D
75 04
C606 2D
46
C606 30
46
837D 18 00
6A 65

ADD ESP,14
TEST EAX,EAX
JE SHORT 00436F76
CMP BYTE PTR SS:[LOCAL.6],0
MOV BYTE PTR DS:[ESI],0
JE 00437200
MOV ECX,DWORD PTR SS:[LOCAL.7]
AND DWORD PTR DS:[ECX+70],FFFFFFFD
JMP 00437200
CMP BYTE PTR DS:[EBX],2D
JNE SHORT 00436F7F
MOV BYTE PTR DS:[ESI],2D
INC ESI
MOV BYTE PTR DS:[ESI],30
INC ESI
CMP DWORD PTR SS:[ARG.5],0
PUSH 65

; /Arg2 = 6

|
|Arg3
|Arg2
|Arg1 =>

00436F89 |.
00436F8C |.
00436F8E |.
00436F90 |.
00436F92 |.
00436F94 |.
00436F95 |.
00436F96 |.
fo.0043F8E0
00436F9B |.
00436F9C |.
00436F9D |.
00436F9F |.
00436FA5 |.
00436FA9 |.
00436FAC |.
00436FAE |.
00436FB1 |.
00436FB4 |.
00436FB6 |.
00436FBA |.
00436FBF |>
00436FC4 |.
00436FC6 |.
00436FC8 |.
00436FCA |.
00436FCD |.
00436FCE |>
00436FD1 |.
00436FD4 |.
00436FD5 |.
00436FD7 |.
00436FDA |.
00436FDC |.
00436FDE |.
00436FE0 |.
00436FE2 |.
00436FE5 |.
00436FE6 |.
00436FE8 |.
00436FEA |.
00436FED |.
00436FF3 |.
00436FF5 |.
00436FF8 |.
00436FFA |.
00436FFC |.
00436FFE |.
00437001 |.
00437004 |.
00437006 |.
0043700C |.
0043700D |.
0043700F |.
00437011 |.
00437014 |.
00437016 |>
0043701D |.
0043701F |>
00437022 |.

0F94C0
FEC8
24 E0
04 78
8806
46
56
E8 45890000

SETE AL
DEC AL
AND AL,E0
ADD AL,78
MOV BYTE PTR DS:[ESI],AL
INC ESI
PUSH ESI
CALL 0043F8E0

59
59
85C0
0F84 4C020000
837D 18 00
0F94C1
FEC9
80E1 E0
80C1 70
8808
C640 03 00
E9 32020000
25 00000080
33C9
0BC8
74 04
C606 2D
46
8B5D 18
C606 30
46
85DB
0F94C0
FEC8
24 E0
04 78
8806
8B4F 04
46
F7DB
1BDB
83E3 E0
81E1 0000F07F
33C0
83C3 27
33D2
0BC1
75 21
C606 30
8B4F 04
8B07
81E1 FFFF0F00
46
0BC1
75 05
8955 EC
EB 0D
C745 EC FE030
EB 04
C606 31
46

POP ECX
POP ECX
TEST EAX,EAX
JE 004371F1
CMP DWORD PTR SS:[ARG.5],0
SETE CL
DEC CL
AND CL,E0
ADD CL,70
MOV BYTE PTR DS:[EAX],CL
MOV BYTE PTR DS:[EAX+3],0
JMP 004371F1
AND EAX,80000000
XOR ECX,ECX
OR ECX,EAX
JE SHORT 00436FCE
MOV BYTE PTR DS:[ESI],2D
INC ESI
MOV EBX,DWORD PTR SS:[ARG.5]
MOV BYTE PTR DS:[ESI],30
INC ESI
TEST EBX,EBX
SETE AL
DEC AL
AND AL,E0
ADD AL,78
MOV BYTE PTR DS:[ESI],AL
MOV ECX,DWORD PTR DS:[EDI+4]
INC ESI
NEG EBX
SBB EBX,EBX
AND EBX,FFFFFFE0
AND ECX,7FF00000
XOR EAX,EAX
ADD EBX,27
XOR EDX,EDX
OR EAX,ECX
JNE SHORT 0043701F
MOV BYTE PTR DS:[ESI],30
MOV ECX,DWORD PTR DS:[EDI+4]
MOV EAX,DWORD PTR DS:[EDI]
AND ECX,000FFFFF
INC ESI
OR EAX,ECX
JNE SHORT 00437016
MOV DWORD PTR SS:[LOCAL.5],EDX
JMP SHORT 00437023
MOV DWORD PTR SS:[LOCAL.5],3FE
JMP SHORT 00437023
MOV BYTE PTR DS:[ESI],31
INC ESI

;
;
;
;
;
;
;
;

|
|
|
|
|
|
|Arg1
\SystemIn

00437023
00437025
00437026
00437029
0043702C
0043702E
00437030
00437032
00437035
0043703B
0043703D
0043703F
00437041
00437044
00437046
0043704C
0043704F
00437051
00437053
00437059
0043705C
00437063
00437067
00437069
0043706C
0043706F
00437071
00437075
00437078
0043707E
00437083
00437087
0043708A
0043708E
00437090
00437092
00437095
00437099
0043709B
0043709E
004370A2
004370A5
004370A6
004370A9
004370AE
004370B1
004370B4
004370B6
004370BB
004370BD
004370C0
004370C3
004370C5
004370C9
004370CC
004370D2
004370D7
004370DB
004370DD
004370E0

|>
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|>
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.^
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>

8BC6
46
8945 0C
3955 14
75 04
8810
EB 0F
8B4D DC
8B89 BC000000
8B09
8A09
8808
8B4F 04
8B07
81E1 FFFF0F00
894D F8
77 08
3BC2
0F86 B5000000
8955 F4
C745 F8 00000
837D 14 00
7E 4D
8B57 04
2355 F8
8B07
0FBF4D FC
2345 F4
81E2 FFFF0F00
E8 0D8E0000
66:83C0 30
0FB7C0
66:83F8 39
76 02
03C3
8B4D F8
836D FC 04
8806
8B45 F4
0FACC8 04
C1E9 04
46
FF4D 14
66:837D FC 00
8945 F4
894D F8
7D AD
66:837D FC 00
7C 51
8B57 04
2355 F8
8B07
0FBF4D FC
2345 F4
81E2 FFFF0F00
E8 B98D0000
66:83F8 08
76 31
8D46 FF
8A08

MOV EAX,ESI
INC ESI
MOV DWORD PTR SS:[ARG.2],EAX
CMP DWORD PTR SS:[ARG.4],EDX
JNE SHORT 00437032
MOV BYTE PTR DS:[EAX],DL
JMP SHORT 00437041
MOV ECX,DWORD PTR SS:[LOCAL.9]
MOV ECX,DWORD PTR DS:[ECX+0BC]
MOV ECX,DWORD PTR DS:[ECX]
MOV CL,BYTE PTR DS:[ECX]
MOV BYTE PTR DS:[EAX],CL
MOV ECX,DWORD PTR DS:[EDI+4]
MOV EAX,DWORD PTR DS:[EDI]
AND ECX,000FFFFF
MOV DWORD PTR SS:[LOCAL.2],ECX
JA SHORT 00437059
CMP EAX,EDX
JBE 0043710E
MOV DWORD PTR SS:[LOCAL.3],EDX
MOV DWORD PTR SS:[LOCAL.2],0F0000
/CMP DWORD PTR SS:[ARG.4],0
|JLE SHORT 004370B6
|MOV EDX,DWORD PTR DS:[EDI+4]
|AND EDX,DWORD PTR SS:[LOCAL.2]
|MOV EAX,DWORD PTR DS:[EDI]
|MOVSX ECX,WORD PTR SS:[LOCAL.1]
|AND EAX,DWORD PTR SS:[LOCAL.3]
|AND EDX,000FFFFF
|CALL 0043FE90
|ADD AX,30
|MOVZX EAX,AX
|CMP AX,39
|JBE SHORT 00437092
|ADD EAX,EBX
|MOV ECX,DWORD PTR SS:[LOCAL.2]
|SUB DWORD PTR SS:[LOCAL.1],4
|MOV BYTE PTR DS:[ESI],AL
|MOV EAX,DWORD PTR SS:[LOCAL.3]
|SHRD EAX,ECX,4
|SHR ECX,4
|INC ESI
|DEC DWORD PTR SS:[ARG.4]
|CMP WORD PTR SS:[LOCAL.1],0
|MOV DWORD PTR SS:[LOCAL.3],EAX
|MOV DWORD PTR SS:[LOCAL.2],ECX
\JGE SHORT 00437063
CMP WORD PTR SS:[LOCAL.1],0
JL SHORT 0043710E
MOV EDX,DWORD PTR DS:[EDI+4]
AND EDX,DWORD PTR SS:[LOCAL.2]
MOV EAX,DWORD PTR DS:[EDI]
MOVSX ECX,WORD PTR SS:[LOCAL.1]
AND EAX,DWORD PTR SS:[LOCAL.3]
AND EDX,000FFFFF
CALL 0043FE90
CMP AX,8
JBE SHORT 0043710E
LEA EAX,[ESI-1]
/MOV CL,BYTE PTR DS:[EAX]

004370E2 |.
004370E5 |.
004370E7 |.
004370EA |.
004370EC |>
004370EF |.
004370F0 |.^
004370F2 |>
004370F5 |.
004370F7 |.
004370F9 |.
004370FC |.
004370FE |.
00437101 |.
00437103 |.
00437105 |>
00437107 |.
00437109 |.
0043710B |>
0043710E |>
00437112 |.
00437114 |.
[ARG.4]
00437117 |.
0
00437119 |.
0043711A |.
fo.0042E8A0
0043711F |.
00437122 |.
00437125 |>
00437128 |.
0043712B |.
0043712D |.
0043712F |>
00437133 |.
00437135 |.
00437138 |.
0043713A |.
0043713C |.
0043713E |.
00437140 |.
00437142 |.
00437145 |.
00437146 |.
0043714B |.
0043714D |.
00437152 |.
00437154 |.
00437157 |.
00437158 |.
00437159 |.
0043715B |.
0043715D |.
0043715F |.
00437161 |.
00437163 |>
00437166 |.
00437167 |.
00437169 |>

80F9 66
74 05
80F9 46
75 06
C600 30
48
EB EE
3B45 0C
74 14
8A08
80F9 39
75 07
80C3 3A
8818
EB 09
FEC1
8808
EB 03
FE40 FF
837D 14 00
7E 11
FF75 14

|CMP CL,66
|JE SHORT 004370EC
|CMP CL,46
|JNE SHORT 004370F2
|MOV BYTE PTR DS:[EAX],30
|DEC EAX
\JMP SHORT 004370E0
CMP EAX,DWORD PTR SS:[ARG.2]
JE SHORT 0043710B
MOV CL,BYTE PTR DS:[EAX]
CMP CL,39
JNE SHORT 00437105
ADD BL,3A
MOV BYTE PTR DS:[EAX],BL
JMP SHORT 0043710E
INC CL
MOV BYTE PTR DS:[EAX],CL
JMP SHORT 0043710E
INC BYTE PTR DS:[EAX-1]
CMP DWORD PTR SS:[ARG.4],0
JLE SHORT 00437125
PUSH DWORD PTR SS:[ARG.4]

; /Arg3 =>

6A 30

PUSH 30

; |Arg2 = 3

56
E8 8177FFFF

PUSH ESI
CALL 0042E8A0

; |Arg1
; \SystemIn

83C4 0C
0375 14
8B45 0C
8038 00
75 02
8BF0
837D 18 00
B1 34
0F94C0
FEC8
24 E0
04 70
8806
8B07
8B57 04
46
E8 458D0000
33DB
25 FF070000
23D3
2B45 EC
53
59
1BD1
78 0C
7F 04
3BC3
72 06
C606 2B
46
EB 0A
C606 2D

ADD ESP,0C
ADD ESI,DWORD PTR SS:[ARG.4]
MOV EAX,DWORD PTR SS:[ARG.2]
CMP BYTE PTR DS:[EAX],0
JNE SHORT 0043712F
MOV ESI,EAX
CMP DWORD PTR SS:[ARG.5],0
MOV CL,34
SETE AL
DEC AL
AND AL,E0
ADD AL,70
MOV BYTE PTR DS:[ESI],AL
MOV EAX,DWORD PTR DS:[EDI]
MOV EDX,DWORD PTR DS:[EDI+4]
INC ESI
CALL 0043FE90
XOR EBX,EBX
AND EAX,000007FF
AND EDX,EBX
SUB EAX,DWORD PTR SS:[LOCAL.5]
PUSH EBX
POP ECX
SBB EDX,ECX
JS SHORT 00437169
JG SHORT 00437163
CMP EAX,EBX
JB SHORT 00437169
MOV BYTE PTR DS:[ESI],2B
INC ESI
JMP SHORT 00437173
MOV BYTE PTR DS:[ESI],2D

0043716C |.
0043716D |.
0043716F |.
00437171 |.
00437173 |>
00437175 |.
00437177 |.
0043717A |.
0043717C |.
00437181 |.
00437183 |.
00437185 |.
00437187 |>
0
00437188 |.
3E8
00437189 |.
0043718A |.
0043718B |.
fo.0043FDB0
00437190 |.
00437192 |.
00437194 |.
00437195 |.
00437198 |.
0043719A |.
0043719C |.
0043719E |.
004371A0 |>
004371A2 |.
004371A4 |.
004371A6 |.
004371A9 |.
004371AB |>
004371AD |.
4
004371AF |.
004371B0 |.
004371B1 |.
fo.0043FDB0
004371B6 |.
004371B8 |.
004371BA |.
004371BD |.
004371BE |.
004371C0 |.
004371C2 |>
004371C4 |.
004371C6 |.
004371C8 |.
004371CA |.
004371CC |.
004371CF |.
004371D1 |>
004371D3 |.
A
004371D5 |.
004371D6 |.
004371D7 |.
fo.0043FDB0

46
F7D8
13D3
F7DA
3BD3
8BFE
C606 30
7C 24
B9 E8030000
7F 04
3BC1
72 19
53

INC ESI
NEG EAX
ADC EDX,EBX
NEG EDX
CMP EDX,EBX
MOV EDI,ESI
MOV BYTE PTR DS:[ESI],30
JL SHORT 004371A0
MOV ECX,3E8
JG SHORT 00437187
CMP EAX,ECX
JB SHORT 004371A0
PUSH EBX

; /Arg4 =>

51

PUSH ECX

; |Arg3 =>

52
50
E8 208C0000

PUSH EDX
PUSH EAX
CALL 0043FDB0

; |Arg2
; |Arg1
; \SystemIn

04 30
8806
46
8955 F0
8BC1
8BD3
3BF7
75 0B
85D2
7C 1E
7F 05
83F8 64
72 17
6A 00
6A 64

ADD AL,30
MOV BYTE PTR DS:[ESI],AL
INC ESI
MOV DWORD PTR SS:[LOCAL.4],EDX
MOV EAX,ECX
MOV EDX,EBX
CMP ESI,EDI
JNE SHORT 004371AB
TEST EDX,EDX
JL SHORT 004371C2
JG SHORT 004371AB
CMP EAX,64
JB SHORT 004371C2
PUSH 0
PUSH 64

; /Arg4 = 0
; |Arg3 = 6

52
50
E8 FA8B0000

PUSH EDX
PUSH EAX
CALL 0043FDB0

; |Arg2
; |Arg1
; \SystemIn

04 30
8806
8955 F0
46
8BC1
8BD3
3BF7
75 0B
85D2
7C 1F
7F 05
83F8 0A
72 18
6A 00
6A 0A

ADD AL,30
MOV BYTE PTR DS:[ESI],AL
MOV DWORD PTR SS:[LOCAL.4],EDX
INC ESI
MOV EAX,ECX
MOV EDX,EBX
CMP ESI,EDI
JNE SHORT 004371D1
TEST EDX,EDX
JL SHORT 004371E9
JG SHORT 004371D1
CMP EAX,0A
JB SHORT 004371E9
PUSH 0
PUSH 0A

; /Arg4 = 0
; |Arg3 = 0

52
50
E8 D48B0000

PUSH EDX
PUSH EAX
CALL 0043FDB0

; |Arg2
; |Arg1
; \SystemIn

004371DC |.
004371DE |.
004371E0 |.
004371E3 |.
004371E4 |.
004371E6 |.
004371E9 |>
004371EB |.
004371ED |.
004371F1 |>
004371F5 |.
004371F7 |.
004371FA |.
004371FE |>
00437200 |>
00437201 |>
00437202 |.
00437203 |.
00437204 \.
00437205 /$
00437207 |.
00437208 |.
0043720A |.
0043720D |.
0043720E |.
0043720F |.
00437210 |.
[ARG.4]
00437213 |.
00437215 |.
00437218 |.
0043721A |.
0043721D |.
0043721E |.
fo.0042EC65
00437223 |.
00437225 |.
00437227 |>
fo.004343FD
0043722C |.
0043722E |.
0043722F |.
00437231 |.
00437233 |.
0
00437234 |.
0
00437235 |.
0
00437236 |.
0
00437237 |.
0
00437238 |.
fo.0042E862
0043723D |.
00437240 |.
00437244 |.
00437246 |.
00437249 |.

04 30
8806
8955 F0
46
8BC1
895D F0
04 30
8806
C646 01 00
807D E8 00
74 07
8B45 E4
8360 70 FD
33C0
5B
5F
5E
C9
C3
8BFF
55
8BEC
83EC 10
53
56
57
FF75 14

ADD AL,30
MOV BYTE PTR DS:[ESI],AL
MOV DWORD PTR SS:[LOCAL.4],EDX
INC ESI
MOV EAX,ECX
MOV DWORD PTR SS:[LOCAL.4],EBX
ADD AL,30
MOV BYTE PTR DS:[ESI],AL
MOV BYTE PTR DS:[ESI+1],0
CMP BYTE PTR SS:[LOCAL.6],0
JE SHORT 004371FE
MOV EAX,DWORD PTR SS:[LOCAL.7]
AND DWORD PTR DS:[EAX+70],FFFFFFFD
XOR EAX,EAX
POP EBX
POP EDI
POP ESI
LEAVE
RETN
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
SUB ESP,10
PUSH EBX
PUSH ESI
PUSH EDI
PUSH DWORD PTR SS:[ARG.4]

; /Arg1 =>

8BD8
8B73 04
8BF9
8D4D F0
4E
E8 427AFFFF

MOV EBX,EAX
MOV ESI,DWORD PTR DS:[EBX+4]
MOV EDI,ECX
LEA ECX,[LOCAL.4]
DEC ESI
CALL 0042EC65

;
;
;
;
;
;

85FF
75 2D
E8 D1D1FFFF

TEST EDI,EDI
JNE SHORT 00437254
CALL 004343FD

; [SystemIn

6A 16
5E
8930
33C0
50

PUSH 16
POP ESI
MOV DWORD PTR DS:[EAX],ESI
XOR EAX,EAX
PUSH EAX

; /Arg5 =>

50

PUSH EAX

; |Arg4 =>

50

PUSH EAX

; |Arg3 =>

50

PUSH EAX

; |Arg2 =>

50

PUSH EAX

; |Arg1 =>

E8 2576FFFF

CALL 0042E862

; \SystemIn

83C4 14
807D FC 00
74 07
8B45 F8
8360 70 FD

ADD ESP,14
CMP BYTE PTR SS:[LOCAL.1],0
JE SHORT 0043724D
MOV EAX,DWORD PTR SS:[LOCAL.2]
AND DWORD PTR DS:[EAX+70],FFFFFFFD

|
|
|
|
|
\SystemIn

0043724D |>
0043724F |.
00437254 |>
00437258 |.^
0043725A |.
0043725E |.
00437260 |.
00437263 |.
00437265 |.
00437267 |.
0043726A |.
0043726D |.
0043726F |.
00437271 |.
00437274 |.
00437278 |>
0043727B |.
0043727D |.
0043727F |.
00437282 |.
00437285 |>
00437288 |.
0043728A |.
0043728B |.
0043728D |.
0043728F |.
00437291 |.
00437296 |.
00437299 |.
0043729A |.
0043729C |>
0043729E |>
004372A2 |.
004372A4 |.
004372A6 |.
004372AB |.
004372AE |.
004372B4 |.
004372B6 |.
004372B8 |.
004372BA |.
004372BD |.
004372BE |.
004372C0 |.
004372C2 |.
004372C4 |.
004372C8 |.
004372CA |.
004372CD |.
004372CF |>
004372D2 |>
004372D5 |.
004372D7 |.
004372DC |.
004372DD |.
0
004372DF |.
004372E0 |.
fo.0042E8A0
004372E5 |.

8BC6
E9 A3000000
837D 08 00
76 CD
807D 10 00
74 18
3B75 0C
75 13
33C0
833B 2D
0F94C0
03C6
03C7
C600 30
C640 01 00
833B 2D
8BF7
75 06
C607 2D
8D77 01
8B43 04
33FF
47
85C0
7F 0D
8BC6
E8 58F9FFFF
C606 30
46
EB 02
03F0
837D 0C 00
7E 44
8BC6
E8 43F9FFFF
8B45 F0
8B80 BC000000
8B00
8A00
8806
8B5B 04
46
85DB
7D 26
F7DB
807D 10 00
75 05
395D 0C
7C 03
895D 0C
8B7D 0C
8BC6
E8 12F9FFFF
57
6A 30

MOV EAX,ESI
JMP 004372F7
CMP DWORD PTR SS:[ARG.1],0
JBE SHORT 00437227
CMP BYTE PTR SS:[ARG.3],0
JE SHORT 00437278
CMP ESI,DWORD PTR SS:[ARG.2]
JNE SHORT 00437278
XOR EAX,EAX
CMP DWORD PTR DS:[EBX],2D
SETE AL
ADD EAX,ESI
ADD EAX,EDI
MOV BYTE PTR DS:[EAX],30
MOV BYTE PTR DS:[EAX+1],0
CMP DWORD PTR DS:[EBX],2D
MOV ESI,EDI
JNE SHORT 00437285
MOV BYTE PTR DS:[EDI],2D
LEA ESI,[EDI+1]
MOV EAX,DWORD PTR DS:[EBX+4]
XOR EDI,EDI
INC EDI
TEST EAX,EAX
JG SHORT 0043729C
MOV EAX,ESI
CALL 00436BEE
MOV BYTE PTR DS:[ESI],30
INC ESI
JMP SHORT 0043729E
ADD ESI,EAX
CMP DWORD PTR SS:[ARG.2],0
JLE SHORT 004372E8
MOV EAX,ESI
CALL 00436BEE
MOV EAX,DWORD PTR SS:[LOCAL.4]
MOV EAX,DWORD PTR DS:[EAX+0BC]
MOV EAX,DWORD PTR DS:[EAX]
MOV AL,BYTE PTR DS:[EAX]
MOV BYTE PTR DS:[ESI],AL
MOV EBX,DWORD PTR DS:[EBX+4]
INC ESI
TEST EBX,EBX
JGE SHORT 004372E8
NEG EBX
CMP BYTE PTR SS:[ARG.3],0
JNE SHORT 004372CF
CMP DWORD PTR SS:[ARG.2],EBX
JL SHORT 004372D2
MOV DWORD PTR SS:[ARG.2],EBX
MOV EDI,DWORD PTR SS:[ARG.2]
MOV EAX,ESI
CALL 00436BEE
PUSH EDI
PUSH 30

; /Arg3
; |Arg2 = 3

56
E8 BB75FFFF

PUSH ESI
CALL 0042E8A0

; |Arg1
; \SystemIn

83C4 0C

ADD ESP,0C

004372E8 |> 807D FC 00


004372EC |. 74 07
004372EE |. 8B45 F8
004372F1 |. 8360 70 FD
004372F5 |> 33C0
004372F7 |> 5F
004372F8 |. 5E
004372F9 |. 5B
004372FA |. C9
004372FB \. C3
004372FC /$ 8BFF
004372FE |. 55
004372FF |. 8BEC
00437301 |. 83EC 2C
00437304 |. A1 A0154500
00437309 |. 33C5
0043730B |. 8945 FC
0043730E |. 8B45 08
00437311 |. 53
00437312 |. 56
00437313 |. 57
00437314 |. 8B7D 0C
00437317 |. 6A 16
00437319 |. 5E
0043731A |. 56
16
0043731B |. 8D4D E4
0043731E |. 51
OFFSET LOCAL.7
0043731F |. 8D4D D4
00437322 |. 51
OFFSET LOCAL.11
00437323 |. FF70 04
00437326 |. FF30
00437328 |. E8 ED890000
fo.0043FD1A
0043732D |. 33DB
0043732F |. 83C4 14
00437332 |. 3BFB
00437334 |. 75 18
00437336 |> E8 C2D0FFFF
fo.004343FD
0043733B |. 53
0043733C |. 53
0043733D |. 53
0043733E |. 53
0043733F |. 53
00437340 |. 8930
00437342 |. E8 1B75FFFF
fo.0042E862
00437347 |. 83C4 14
0043734A |. 8BC6
0043734C |. EB 5A
0043734E |> 8B45 10
00437351 |. 3BC3
00437353 |.^ 76 E1
00437355 |. 83F8 FF
00437358 |. 75 04
0043735A |. 0BC0
0043735C |. EB 0B

CMP BYTE PTR SS:[LOCAL.1],0


JE SHORT 004372F5
MOV EAX,DWORD PTR SS:[LOCAL.2]
AND DWORD PTR DS:[EAX+70],FFFFFFFD
XOR EAX,EAX
POP EDI
POP ESI
POP EBX
LEAVE
RETN
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
SUB ESP,2C
MOV EAX,DWORD PTR DS:[4515A0]
XOR EAX,EBP
MOV DWORD PTR SS:[LOCAL.1],EAX
MOV EAX,DWORD PTR SS:[ARG.1]
PUSH EBX
PUSH ESI
PUSH EDI
MOV EDI,DWORD PTR SS:[ARG.2]
PUSH 16
POP ESI
PUSH ESI

; /Arg5 =>

LEA ECX,[LOCAL.7]
PUSH ECX

; |
; |Arg4 =>

LEA ECX,[LOCAL.11]
PUSH ECX

; |
; |Arg3 =>

PUSH DWORD PTR DS:[EAX+4]


PUSH DWORD PTR DS:[EAX]
CALL 0043FD1A

; |Arg2
; |Arg1
; \SystemIn

XOR EBX,EBX
ADD ESP,14
CMP EDI,EBX
JNE SHORT 0043734E
CALL 004343FD

; [SystemIn

PUSH EBX
PUSH EBX
PUSH EBX
PUSH EBX
PUSH EBX
MOV DWORD PTR DS:[EAX],ESI
CALL 0042E862

;
;
;
;
;
;
;

ADD ESP,14
MOV EAX,ESI
JMP SHORT 004373A8
MOV EAX,DWORD PTR SS:[ARG.3]
CMP EAX,EBX
JBE SHORT 00437336
CMP EAX,-1
JNE SHORT 0043735E
OR EAX,EAX
JMP SHORT 00437369

/Arg5
|Arg4
|Arg3
|Arg2
|Arg1
|
\SystemIn

0043735E |> 33C9


00437360 |. 837D D4 2D
00437364 |. 0F94C1
00437367 |. 2BC1
00437369 |> 8B75 14
0043736C |. 8D4D D4
0043736F |. 51
OFFSET LOCAL.11
00437370 |. 8B4D D8
00437373 |. 03CE
00437375 |. 51
00437376 |. 50
00437377 |. 33C0
00437379 |. 837D D4 2D
0043737D |. 0F94C0
00437380 |. 03C7
00437382 |. 50
00437383 |. E8 16880000
fo.0043FB9E
00437388 |. 83C4 10
0043738B |. 3BC3
0043738D |. 74 04
0043738F |. 881F
00437391 |. EB 15
00437393 |> FF75 18
00437396 |. 8D45 D4
00437399 |. 53
0043739A |. 56
0043739B |. FF75 10
0043739E |. 8BCF
004373A0 |. E8 60FEFFFF
004373A5 |. 83C4 10
004373A8 |> 8B4D FC
004373AB |. 5F
004373AC |. 5E
004373AD |. 33CD
004373AF |. 5B
004373B0 |. E8 3C73FFFF
004373B5 |. C9
004373B6 \. C3
004373B7 /$ 8BFF
004373B9 |. 55
004373BA |. 8BEC
004373BC |. 83EC 30
004373BF |. A1 A0154500
004373C4 |. 33C5
004373C6 |. 8945 FC
004373C9 |. 8B45 08
004373CC |. 53
004373CD |. 56
004373CE |. 8B75 0C
004373D1 |. 57
004373D2 |. 6A 16
004373D4 |. 5F
004373D5 |. 57
16
004373D6 |. 8D4D E4
004373D9 |. 51
OFFSET LOCAL.7
004373DA |. 8D4D D0

XOR ECX,ECX
CMP DWORD PTR SS:[LOCAL.11],2D
SETE CL
SUB EAX,ECX
MOV ESI,DWORD PTR SS:[ARG.4]
LEA ECX,[LOCAL.11]
PUSH ECX

; /Arg4 =>

MOV ECX,DWORD PTR SS:[LOCAL.10]


ADD ECX,ESI
PUSH ECX
PUSH EAX
XOR EAX,EAX
CMP DWORD PTR SS:[LOCAL.11],2D
SETE AL
ADD EAX,EDI
PUSH EAX
CALL 0043FB9E

;
;
;
;
;
;
;
;
;
;

ADD ESP,10
CMP EAX,EBX
JE SHORT 00437393
MOV BYTE PTR DS:[EDI],BL
JMP SHORT 004373A8
PUSH DWORD PTR SS:[ARG.5]
LEA EAX,[LOCAL.11]
PUSH EBX
PUSH ESI
PUSH DWORD PTR SS:[ARG.3]
MOV ECX,EDI
CALL 00437205
ADD ESP,10
MOV ECX,DWORD PTR SS:[LOCAL.1]
POP EDI
POP ESI
XOR ECX,EBP
POP EBX
CALL 0042E6F1
LEAVE
RETN
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
SUB ESP,30
MOV EAX,DWORD PTR DS:[4515A0]
XOR EAX,EBP
MOV DWORD PTR SS:[LOCAL.1],EAX
MOV EAX,DWORD PTR SS:[ARG.1]
PUSH EBX
PUSH ESI
MOV ESI,DWORD PTR SS:[ARG.2]
PUSH EDI
PUSH 16
POP EDI
PUSH EDI

; /Arg5 =>

LEA ECX,[LOCAL.7]
PUSH ECX

; |
; |Arg4 =>

LEA ECX,[LOCAL.12]

; |

|
|
|Arg3
|Arg2
|
|
|
|
|Arg1
\SystemIn

004373DD |. 51
OFFSET LOCAL.12
004373DE |. FF70 04
004373E1 |. FF30
004373E3 |. E8 32890000
fo.0043FD1A
004373E8 |. 33DB
004373EA |. 83C4 14
004373ED |. 3BF3
004373EF |. 75 1B
004373F1 |> E8 07D0FFFF
fo.004343FD
004373F6 |. 53
004373F7 |. 53
004373F8 |. 53
004373F9 |. 53
004373FA |. 53
004373FB |. 8938
004373FD |. E8 6074FFFF
fo.0042E862
00437402 |. 83C4 14
00437405 |. 8BC7
00437407 |. E9 96000000
0043740C |> 8B4D 10
0043740F |. 3BCB
00437411 |.^ 76 DE
00437413 |. 8B45 D4
00437416 |. 48
00437417 |. 8945 E0
0043741A |. 33C0
0043741C |. 837D D0 2D
00437420 |. 0F94C0
00437423 |. 8D3C30
00437426 |. 83F9 FF
00437429 |. 75 04
0043742B |. 0BC9
0043742D |. EB 02
0043742F |> 2BC8
00437431 |> 8D45 D0
00437434 |. 50
OFFSET LOCAL.12
00437435 |. FF75 14
[ARG.4]
00437438 |. 51
00437439 |. 57
0043743A |. E8 5F870000
fo.0043FB9E
0043743F |. 83C4 10
00437442 |. 3BC3
00437444 |. 74 04
00437446 |. 881E
00437448 |. EB 58
0043744A |> 8B45 D4
0043744D |. 48
0043744E |. 3945 E0
00437451 |. 0F9CC1
00437454 |. 83F8 FC
00437457 |. 7C 2D
00437459 |. 3B45 14
0043745C |. 7D 28

PUSH ECX

; |Arg3 =>

PUSH DWORD PTR DS:[EAX+4]


PUSH DWORD PTR DS:[EAX]
CALL 0043FD1A

; |Arg2
; |Arg1
; \SystemIn

XOR EBX,EBX
ADD ESP,14
CMP ESI,EBX
JNE SHORT 0043740C
CALL 004343FD

; [SystemIn

PUSH EBX
PUSH EBX
PUSH EBX
PUSH EBX
PUSH EBX
MOV DWORD PTR DS:[EAX],EDI
CALL 0042E862

;
;
;
;
;
;
;

ADD ESP,14
MOV EAX,EDI
JMP 004374A2
MOV ECX,DWORD PTR SS:[ARG.3]
CMP ECX,EBX
JBE SHORT 004373F1
MOV EAX,DWORD PTR SS:[LOCAL.11]
DEC EAX
MOV DWORD PTR SS:[LOCAL.8],EAX
XOR EAX,EAX
CMP DWORD PTR SS:[LOCAL.12],2D
SETE AL
LEA EDI,[ESI+EAX]
CMP ECX,-1
JNE SHORT 0043742F
OR ECX,ECX
JMP SHORT 00437431
SUB ECX,EAX
LEA EAX,[LOCAL.12]
PUSH EAX

; /Arg4 =>

PUSH DWORD PTR SS:[ARG.4]

; |Arg3 =>

PUSH ECX
PUSH EDI
CALL 0043FB9E

; |Arg2
; |Arg1
; \SystemIn

ADD ESP,10
CMP EAX,EBX
JE SHORT 0043744A
MOV BYTE PTR DS:[ESI],BL
JMP SHORT 004374A2
MOV EAX,DWORD PTR SS:[LOCAL.11]
DEC EAX
CMP DWORD PTR SS:[LOCAL.8],EAX
SETL CL
CMP EAX,-4
JL SHORT 00437486
CMP EAX,DWORD PTR SS:[ARG.4]
JGE SHORT 00437486

/Arg5
|Arg4
|Arg3
|Arg2
|Arg1
|
\SystemIn

0043745E
00437460
00437462
00437464
00437465
00437467
00437469
0043746C
0043746F
00437472
00437474
00437477
00437479
0043747C
00437481
00437484
00437486
00437489
0043748C
0043748E
0043748F
00437492
00437494
00437497
0043749A
0043749F
004374A2
004374A5
004374A6
004374A7
004374A9
004374AA
004374AF
004374B0
004374B1
004374B3
004374B4
004374B6
004374B9
004374BC
004374BE
004374C1
004374C3
004374C6
004374C8
004374CB
004374CE
004374D1
004374D4
004374D7
004374DC
004374DF
004374E0
004374E1
004374E4
004374E6
004374E9
004374EB
004374EE
004374F1

|.
|.
|>
|.
|.
|.^
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
\.
/$
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.

3ACB
74 0A
8A07
47
84C0
75 F9
885F FE
FF75 1C
8D45 D0
6A 01
FF75 14
8BCE
FF75 10
E8 84FDFFFF
83C4 10
EB 1C
FF75 1C
8D45 D0
6A 01
50
FF75 18
8BC6
FF75 14
FF75 10
E8 94F7FFFF
83C4 18
8B4D FC
5F
5E
33CD
5B
E8 4272FFFF
C9
C3
8BFF
55
8BEC
8B45 14
83F8 65
74 5F
83F8 45
74 5A
83F8 66
75 19
FF75 20
FF75 18
FF75 10
FF75 0C
FF75 08
E8 20FEFFFF
83C4 14
5D
C3
83F8 61
74 1E
83F8 41
74 19
FF75 20
FF75 1C
FF75 18

CMP CL,BL
JE SHORT 0043746C
/MOV AL,BYTE PTR DS:[EDI]
|INC EDI
|TEST AL,AL
\JNE SHORT 00437462
MOV BYTE PTR DS:[EDI-2],BL
PUSH DWORD PTR SS:[ARG.6]
LEA EAX,[LOCAL.12]
PUSH 1
PUSH DWORD PTR SS:[ARG.4]
MOV ECX,ESI
PUSH DWORD PTR SS:[ARG.3]
CALL 00437205
ADD ESP,10
JMP SHORT 004374A2
PUSH DWORD PTR SS:[ARG.6]
LEA EAX,[LOCAL.12]
PUSH 1
PUSH EAX
PUSH DWORD PTR SS:[ARG.5]
MOV EAX,ESI
PUSH DWORD PTR SS:[ARG.4]
PUSH DWORD PTR SS:[ARG.3]
CALL 00436C33
ADD ESP,18
MOV ECX,DWORD PTR SS:[LOCAL.1]
POP EDI
POP ESI
XOR ECX,EBP
POP EBX
CALL 0042E6F1
LEAVE
RETN
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
MOV EAX,DWORD PTR SS:[ARG.4]
CMP EAX,65
JE SHORT 0043751D
CMP EAX,45
JE SHORT 0043751D
CMP EAX,66
JNE SHORT 004374E1
PUSH DWORD PTR SS:[ARG.7]
PUSH DWORD PTR SS:[ARG.5]
PUSH DWORD PTR SS:[ARG.3]
PUSH DWORD PTR SS:[ARG.2]
PUSH DWORD PTR SS:[ARG.1]
CALL 004372FC
ADD ESP,14
POP EBP
RETN
CMP EAX,61
JE SHORT 00437504
CMP EAX,41
JE SHORT 00437504
PUSH DWORD PTR SS:[ARG.7]
PUSH DWORD PTR SS:[ARG.6]
PUSH DWORD PTR SS:[ARG.5]

004374F4 |.
004374F7 |.
004374FA |.
004374FD |.
00437502 |.
00437504 |>
00437507 |.
0043750A |.
0043750D |.
00437510 |.
00437513 |.
00437516 |.
0043751B |.
0043751D |>
00437520 |.
00437523 |.
00437526 |.
00437529 |.
0043752C |.
0043752F |.
00437534 |>
00437537 |.
00437538 \.
00437539
0043753B /.
0043753C |.
0043753E |.
00437540 |.
00437543 |.
00437546 |.
00437549 |.
0043754C |.
0043754F |.
00437552 |.
00437557 |.
0043755A |.
0043755B \.
0043755C /$
0043755E |.
0043755F |.
00437560 |.
00437562 |>
00437568 |.
0043756A |.
fo.0043504B
0043756F |.
00437572 |.
00437573 |.
00437575 |.
00437578 |.^
0043757A |.
0043757B |.
0043757C \.
0043757D /$
0043757F |.
00437580 |.
0000
00437585 |.
0000
0043758A |.

FF75 10
FF75 0C
FF75 08
E8 B5FEFFFF
EB 30
FF75 20
FF75 1C
FF75 18
FF75 10
FF75 0C
FF75 08
E8 77F9FFFF
EB 17
FF75 20
FF75 1C
FF75 18
FF75 10
FF75 0C
FF75 08
E8 6EF8FFFF
83C4 18
5D
C3
8BFF
55
8BEC
6A 00
FF75 1C
FF75 18
FF75 14
FF75 10
FF75 0C
FF75 08
E8 5AFFFFFF
83C4 1C
5D
C3
8BFF
56
57
33FF
8DB7 F81D4500
FF36
E8 DCDAFFFF

PUSH DWORD PTR SS:[ARG.3]


PUSH DWORD PTR SS:[ARG.2]
PUSH DWORD PTR SS:[ARG.1]
CALL 004373B7
JMP SHORT 00437534
PUSH DWORD PTR SS:[ARG.7]
PUSH DWORD PTR SS:[ARG.6]
PUSH DWORD PTR SS:[ARG.5]
PUSH DWORD PTR SS:[ARG.3]
PUSH DWORD PTR SS:[ARG.2]
PUSH DWORD PTR SS:[ARG.1]
CALL 00436E92
JMP SHORT 00437534
PUSH DWORD PTR SS:[ARG.7]
PUSH DWORD PTR SS:[ARG.6]
PUSH DWORD PTR SS:[ARG.5]
PUSH DWORD PTR SS:[ARG.3]
PUSH DWORD PTR SS:[ARG.2]
PUSH DWORD PTR SS:[ARG.1]
CALL 00436DA2
ADD ESP,18
POP EBP
RETN
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
PUSH 0
PUSH DWORD PTR SS:[ARG.6]
PUSH DWORD PTR SS:[ARG.5]
PUSH DWORD PTR SS:[ARG.4]
PUSH DWORD PTR SS:[ARG.3]
PUSH DWORD PTR SS:[ARG.2]
PUSH DWORD PTR SS:[ARG.1]
CALL 004374B1
ADD ESP,1C
POP EBP
RETN
MOV EDI,EDI
PUSH ESI
PUSH EDI
XOR EDI,EDI
/LEA ESI,[EDI+451DF8]
|PUSH DWORD PTR DS:[ESI]
|CALL 0043504B

; /Arg1
; \SystemIn

83C7 04
59
8906
83FF 28
72 E8
5F
5E
C3
8BFF
56
68 00000300

|ADD EDI,4
|POP ECX
|MOV DWORD PTR DS:[ESI],EAX
|CMP EDI,28
\JB SHORT 00437562
POP EDI
POP ESI
RETN
MOV EDI,EDI
PUSH ESI
PUSH 30000

; /Arg3 = 3

68 00000100

PUSH 10000

; |Arg2 = 1

33F6

XOR ESI,ESI

; |

0043758C |. 56
PUSH ESI
0
0043758D |. E8 26890000 CALL 0043FEB8
fo.0043FEB8
00437592 |. 83C4 0C
ADD ESP,0C
00437595 |. 85C0
TEST EAX,EAX
00437597 |. 74 0D
JE SHORT 004375A6
00437599 |. 56
PUSH ESI
0043759A |. 56
PUSH ESI
0043759B |. 56
PUSH ESI
0043759C |. 56
PUSH ESI
0043759D |. 56
PUSH ESI
0043759E |. E8 9771FFFF CALL 0042E73A
004375A3 |. 83C4 14
ADD ESP,14
004375A6 |> 5E
POP ESI
004375A7 \. C3
RETN
004375A8 /> 8BFF
MOV EDI,EDI
004375AA |. 55
PUSH EBP
004375AB |. 8BEC
MOV EBP,ESP
004375AD |. 83EC 18
SUB ESP,18
004375B0 |. DD05 38A84400 FLD QWORD PTR DS:[44A838]
5727.000000000
004375B6 |. DD5D F0
FSTP QWORD PTR SS:[EBP-10]
004375B9 |. DD05 30A84400 FLD QWORD PTR DS:[44A830]
5835.000000000
004375BF |. DD5D E8
FSTP QWORD PTR SS:[EBP-18]
004375C2 |. DD45 E8
FLD QWORD PTR SS:[EBP-18]
004375C5 |. DC75 F0
FDIV QWORD PTR SS:[EBP-10]
004375C8 |. DC4D F0
FMUL QWORD PTR SS:[EBP-10]
004375CB |. DC6D E8
FSUBR QWORD PTR SS:[EBP-18]
004375CE |. DD5D F8
FSTP QWORD PTR SS:[EBP-8]
004375D1 |. D9E8
FLD1
004375D3 |. DC5D F8
FCOMP QWORD PTR SS:[EBP-8]
004375D6 |. DFE0
FSTSW AX
004375D8 |. F6C4 05
TEST AH,05
004375DB |. 7A 05
JPE SHORT 004375E2
004375DD |. 33C0
XOR EAX,EAX
004375DF |. 40
INC EAX
004375E0 |. C9
LEAVE
004375E1 |. C3
RETN
004375E2 |> 33C0
XOR EAX,EAX
004375E4 |. C9
LEAVE
004375E5 |. C3
RETN
004375E6 |$ 68 94924400 PUSH OFFSET 00449294
me = "KERNEL32"
004375EB |. FF15 80804400 CALL DWORD PTR DS:[<&KERNEL32.GetModuleH
.GetModuleHandleA
004375F1 |. 85C0
TEST EAX,EAX
004375F3 |.^ 74 15
JE SHORT 0043760A
004375F5 |. 68 40A84400 PUSH OFFSET 0044A840
= "IsProcessorFeaturePresent"
004375FA |. 50
PUSH EAX
004375FB |. FF15 7C804400 CALL DWORD PTR DS:[<&KERNEL32.GetProcAdd
.GetProcAddress
00437601 |. 85C0
TEST EAX,EAX
00437603 |.^ 74 05
JE SHORT 0043760A
00437605 |. 6A 00
PUSH 0
00437607 |. FFD0
CALL EAX
00437609 \. C3
RETN
0043760A >^ E9 99FFFFFF JMP 004375A8

; |Arg1 =>
; \SystemIn

; FLOAT 314
; FLOAT 419

; /ModuleNa
; \KERNEL32

; /Procname
; |hModule
; \KERNEL32

0043760F
CC
INT3
00437610 /$ 55
PUSH EBP
; SystemInf
o.00437610(guessed Arg1,Arg2,Arg3)
00437611 |. 8BEC
MOV EBP,ESP
00437613 |. 57
PUSH EDI
00437614 |. 56
PUSH ESI
00437615 |. 8B75 0C
MOV ESI,DWORD PTR SS:[EBP+0C]
00437618 |. 8B4D 10
MOV ECX,DWORD PTR SS:[EBP+10]
0043761B |. 8B7D 08
MOV EDI,DWORD PTR SS:[EBP+8]
0043761E |. 8BC1
MOV EAX,ECX
00437620 |. 8BD1
MOV EDX,ECX
00437622 |. 03C6
ADD EAX,ESI
00437624 |. 3BFE
CMP EDI,ESI
00437626 |. 76 08
JBE SHORT 00437630
00437628 |. 3BF8
CMP EDI,EAX
0043762A |. 0F82 A4010000 JB 004377D4
00437630 |> 81F9 00010000 CMP ECX,100
00437636 |. 72 1F
JB SHORT 00437657
00437638 |. 833D D8484500 CMP DWORD PTR DS:[4548D8],0
0043763F |. 74 16
JE SHORT 00437657
00437641 |. 57
PUSH EDI
00437642 |. 56
PUSH ESI
00437643 |. 83E7 0F
AND EDI,0000000F
00437646 |. 83E6 0F
AND ESI,0000000F
00437649 |. 3BFE
CMP EDI,ESI
0043764B |. 5E
POP ESI
0043764C |. 5F
POP EDI
0043764D |. 75 08
JNE SHORT 00437657
0043764F |. 5E
POP ESI
00437650 |. 5F
POP EDI
00437651 |. 5D
POP EBP
00437652 |.^ E9 58F0FFFF JMP 004366AF
00437657 |> F7C7 03000000 TEST EDI,00000003
0043765D |. 75 15
JNE SHORT 00437674
0043765F |. C1E9 02
SHR ECX,2
00437662 |. 83E2 03
AND EDX,00000003
00437665 |. 83F9 08
CMP ECX,8
00437668 |. 72 2A
JB SHORT 00437694
0043766A |. F3:A5
REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS
0043766C |. FF2495 847743 JMP DWORD PTR DS:[EDX*4+437784]
00437673 | 90
NOP
00437674 |> 8BC7
MOV EAX,EDI
00437676 |. BA 03000000 MOV EDX,3
0043767B |. 83E9 04
SUB ECX,4
0043767E |. 72 0C
JB SHORT 0043768C
00437680 |. 83E0 03
AND EAX,00000003
; Switch (c
ases 1..3, 3 exits)
00437683 |. 03C8
ADD ECX,EAX
00437685 |. FF2485 987643 JMP DWORD PTR DS:[EAX*4+437698]
0043768C |> FF248D 947743 JMP DWORD PTR DS:[ECX*4+437794]
00437693 | 90
NOP
00437694 |> FF248D 187743 JMP DWORD PTR DS:[ECX*4+437718]
0043769B | 90
NOP
0043769C |. A8764300
DD 004376A8
004376A0 |. D4764300
DD 004376D4
004376A4 |. F8764300
DD 004376F8
004376A8 |> 23D1
AND EDX,ECX
; Case 1 of
switch SystemInfo.437680
004376AA |. 8A06
MOV AL,BYTE PTR DS:[ESI]
004376AC |. 8807
MOV BYTE PTR DS:[EDI],AL

004376AE |. 8A46 01
004376B1 |. 8847 01
004376B4 |. 8A46 02
004376B7 |. C1E9 02
004376BA |. 8847 02
004376BD |. 83C6 03
004376C0 |. 83C7 03
004376C3 |. 83F9 08
004376C6 |.^ 72 CC
004376C8 |. F3:A5
004376CA |. FF2495 847743
004376D1 | 8D49 00
004376D4 |> 23D1
switch SystemInfo.437680
004376D6 |. 8A06
004376D8 |. 8807
004376DA |. 8A46 01
004376DD |. C1E9 02
004376E0 |. 8847 01
004376E3 |. 83C6 02
004376E6 |. 83C7 02
004376E9 |. 83F9 08
004376EC |.^ 72 A6
004376EE |. F3:A5
004376F0 |. FF2495 847743
004376F7 | 90
004376F8 |> 23D1
switch SystemInfo.437680
004376FA |. 8A06
004376FC |. 8807
004376FE |. 83C6 01
00437701 |. C1E9 02
00437704 |. 83C7 01
00437707 |. 83F9 08
0043770A |.^ 72 88
0043770C |. F3:A5
0043770E \. FF2495 847743
00437715
8D49 00
00437718 . 7B774300
0043771C . 68774300
00437720 . 60774300
00437724 . 58774300
00437728 . 50774300
0043772C . 48774300
00437730 . 40774300
00437734 . 38774300
00437738 /> 8B448E E4
0043773C |. 89448F E4
00437740 |> 8B448E E8
00437744 |. 89448F E8
00437748 |> 8B448E EC
0043774C |. 89448F EC
00437750 |> 8B448E F0
00437754 |. 89448F F0
00437758 |> 8B448E F4
0043775C |. 89448F F4
00437760 |> 8B448E F8
00437764 |. 89448F F8
00437768 |> 8B448E FC
0043776C |. 89448F FC

MOV AL,BYTE PTR DS:[ESI+1]


MOV BYTE PTR DS:[EDI+1],AL
MOV AL,BYTE PTR DS:[ESI+2]
SHR ECX,2
MOV BYTE PTR DS:[EDI+2],AL
ADD ESI,3
ADD EDI,3
CMP ECX,8
JB SHORT 00437694
REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS
JMP DWORD PTR DS:[EDX*4+437784]
LEA ECX,[ECX]
AND EDX,ECX
; Case 2 of
MOV AL,BYTE PTR DS:[ESI]
MOV BYTE PTR DS:[EDI],AL
MOV AL,BYTE PTR DS:[ESI+1]
SHR ECX,2
MOV BYTE PTR DS:[EDI+1],AL
ADD ESI,2
ADD EDI,2
CMP ECX,8
JB SHORT 00437694
REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS
JMP DWORD PTR DS:[EDX*4+437784]
NOP
AND EDX,ECX
; Case 3 of
MOV AL,BYTE PTR DS:[ESI]
MOV BYTE PTR DS:[EDI],AL
ADD ESI,1
SHR ECX,2
ADD EDI,1
CMP ECX,8
JB SHORT 00437694
REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS
JMP DWORD PTR DS:[EDX*4+437784]
LEA ECX,[ECX]
DD 0043777B
DD 00437768
DD 00437760
DD 00437758
DD 00437750
DD 00437748
DD 00437740
DD 00437738
MOV EAX,DWORD PTR DS:[ECX*4+ESI-1C]
MOV DWORD PTR DS:[ECX*4+EDI-1C],EAX
MOV EAX,DWORD PTR DS:[ECX*4+ESI-18]
MOV DWORD PTR DS:[ECX*4+EDI-18],EAX
MOV EAX,DWORD PTR DS:[ECX*4+ESI-14]
MOV DWORD PTR DS:[ECX*4+EDI-14],EAX
MOV EAX,DWORD PTR DS:[ECX*4+ESI-10]
MOV DWORD PTR DS:[ECX*4+EDI-10],EAX
MOV EAX,DWORD PTR DS:[ECX*4+ESI-0C]
MOV DWORD PTR DS:[ECX*4+EDI-0C],EAX
MOV EAX,DWORD PTR DS:[ECX*4+ESI-8]
MOV DWORD PTR DS:[ECX*4+EDI-8],EAX
MOV EAX,DWORD PTR DS:[ECX*4+ESI-4]
MOV DWORD PTR DS:[ECX*4+EDI-4],EAX

00437770
00437777
00437779
0043777B
00437782
00437784
00437788
0043778C
00437790
00437794
00437797
00437798
00437799
0043779A
0043779B
0043779C
0043779E
004377A0
004377A3
004377A4
004377A5
004377A6
004377A7
004377A8
004377AA
004377AC
004377AF
004377B2
004377B5
004377B6
004377B7
004377B8
004377B9
004377BC
004377BE
004377C0
004377C3
004377C6
004377C9
004377CC
004377CF
004377D0
004377D1
004377D2
004377D3
004377D4
004377D8
004377DC
004377E2
004377E4
004377E7
004377EA
004377ED
004377EF
004377F0
004377F2
004377F3
004377FA
004377FC
004377FE

|.
|.
|.
\>
.
.
.
.
/>
|.
|.
|.
\.
/>
|.
|.
|.
|.
|.
\.
/>
|.
|.
|.
|.
|.
|.
|.
\.
/>
|.
|.
|.
|.
|.
|.
|.
|.
|.
\.
/>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|
|>
|.

8D048D 000000
03F0
03F8
FF2495 847743
8BFF
94774300
9C774300
A8774300
BC774300
8B45 08
5E
5F
C9
C3
90
8A06
8807
8B45 08
5E
5F
C9
C3
90
8A06
8807
8A46 01
8847 01
8B45 08
5E
5F
C9
C3
8D49 00
8A06
8807
8A46 01
8847 01
8A46 02
8847 02
8B45 08
5E
5F
C9
C3
90
8D7431 FC
8D7C39 FC
F7C7 03000000
75 24
C1E9 02
83E2 03
83F9 08
72 0D
FD
F3:A5
FC
FF2495 207943
8BFF
F7D9
FF248D D07843

LEA EAX,[ECX*4]
ADD ESI,EAX
ADD EDI,EAX
JMP DWORD PTR DS:[EDX*4+437784]
MOV EDI,EDI
DD 00437794
DD 0043779C
DD 004377A8
DD 004377BC
MOV EAX,DWORD PTR SS:[EBP+8]
POP ESI
POP EDI
LEAVE
RETN
NOP
MOV AL,BYTE PTR DS:[ESI]
MOV BYTE PTR DS:[EDI],AL
MOV EAX,DWORD PTR SS:[EBP+8]
POP ESI
POP EDI
LEAVE
RETN
NOP
MOV AL,BYTE PTR DS:[ESI]
MOV BYTE PTR DS:[EDI],AL
MOV AL,BYTE PTR DS:[ESI+1]
MOV BYTE PTR DS:[EDI+1],AL
MOV EAX,DWORD PTR SS:[EBP+8]
POP ESI
POP EDI
LEAVE
RETN
LEA ECX,[ECX]
MOV AL,BYTE PTR DS:[ESI]
MOV BYTE PTR DS:[EDI],AL
MOV AL,BYTE PTR DS:[ESI+1]
MOV BYTE PTR DS:[EDI+1],AL
MOV AL,BYTE PTR DS:[ESI+2]
MOV BYTE PTR DS:[EDI+2],AL
MOV EAX,DWORD PTR SS:[EBP+8]
POP ESI
POP EDI
LEAVE
RETN
NOP
LEA ESI,[ESI+ECX-4]
LEA EDI,[EDI+ECX-4]
TEST EDI,00000003
JNE SHORT 00437808
SHR ECX,2
AND EDX,00000003
CMP ECX,8
JB SHORT 004377FC
STD
REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS
CLD
JMP DWORD PTR DS:[EDX*4+437920]
MOV EDI,EDI
NEG ECX
JMP DWORD PTR DS:[ECX*4+4378D0]

00437805 | 8D49 00
LEA ECX,[ECX]
00437808 |> 8BC7
MOV EAX,EDI
0043780A |. BA 03000000 MOV EDX,3
; Switch (c
ases 0..3, 5 exits)
0043780F |. 83F9 04
CMP ECX,4
00437812 |. 72 0C
JB SHORT 00437820
00437814 |. 83E0 03
AND EAX,00000003
; Default c
ase of switch SystemInfo.43780A
00437817 |. 2BC8
SUB ECX,EAX
00437819 |. FF2485 247843 JMP DWORD PTR DS:[EAX*4+437824]
00437820 \> FF248D 207943 JMP DWORD PTR DS:[ECX*4+437920]
00437827
90
NOP
00437828 . 34784300
DD 00437834
0043782C . 58784300
DD 00437858
00437830 . 80784300
DD 00437880
00437834 /> 8A46 03
MOV AL,BYTE PTR DS:[ESI+3]
00437837 |. 23D1
AND EDX,ECX
00437839 |. 8847 03
MOV BYTE PTR DS:[EDI+3],AL
0043783C |. 83EE 01
SUB ESI,1
0043783F |. C1E9 02
SHR ECX,2
00437842 |. 83EF 01
SUB EDI,1
00437845 |. 83F9 08
CMP ECX,8
00437848 |.^ 72 B2
JB SHORT 004377FC
0043784A |. FD
STD
0043784B |. F3:A5
REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS
0043784D |. FC
CLD
0043784E \. FF2495 207943 JMP DWORD PTR DS:[EDX*4+437920]
00437855
8D49 00
LEA ECX,[ECX]
00437858 /> 8A46 03
MOV AL,BYTE PTR DS:[ESI+3]
0043785B |. 23D1
AND EDX,ECX
0043785D |. 8847 03
MOV BYTE PTR DS:[EDI+3],AL
00437860 |. 8A46 02
MOV AL,BYTE PTR DS:[ESI+2]
00437863 |. C1E9 02
SHR ECX,2
00437866 |. 8847 02
MOV BYTE PTR DS:[EDI+2],AL
00437869 |. 83EE 02
SUB ESI,2
0043786C |. 83EF 02
SUB EDI,2
0043786F |. 83F9 08
CMP ECX,8
00437872 |.^ 72 88
JB SHORT 004377FC
00437874 |. FD
STD
00437875 |. F3:A5
REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS
00437877 |. FC
CLD
00437878 \. FF2495 207943 JMP DWORD PTR DS:[EDX*4+437920]
0043787F
90
NOP
00437880 /> 8A46 03
MOV AL,BYTE PTR DS:[ESI+3]
00437883 |. 23D1
AND EDX,ECX
00437885 |. 8847 03
MOV BYTE PTR DS:[EDI+3],AL
00437888 |. 8A46 02
MOV AL,BYTE PTR DS:[ESI+2]
0043788B |. 8847 02
MOV BYTE PTR DS:[EDI+2],AL
0043788E |. 8A46 01
MOV AL,BYTE PTR DS:[ESI+1]
00437891 |. C1E9 02
SHR ECX,2
00437894 |. 8847 01
MOV BYTE PTR DS:[EDI+1],AL
00437897 |. 83EE 03
SUB ESI,3
0043789A |. 83EF 03
SUB EDI,3
0043789D |. 83F9 08
CMP ECX,8
004378A0 |.^ 0F82 56FFFFFF JB 004377FC
004378A6 |. FD
STD
004378A7 |. F3:A5
REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS
004378A9 |. FC
CLD
004378AA \. FF2495 207943 JMP DWORD PTR DS:[EDX*4+437920]
004378B1
8D49 00
LEA ECX,[ECX]

004378B4 . D4784300
004378B8 . DC784300
004378BC . E4784300
004378C0 . EC784300
004378C4 . F4784300
004378C8 . FC784300
004378CC . 04794300
004378D0 . 17794300
004378D4 /> 8B448E 1C
004378D8 |. 89448F 1C
004378DC |> 8B448E 18
004378E0 |. 89448F 18
004378E4 |> 8B448E 14
004378E8 |. 89448F 14
004378EC |> 8B448E 10
004378F0 |. 89448F 10
004378F4 |> 8B448E 0C
004378F8 |. 89448F 0C
004378FC |> 8B448E 08
00437900 |. 89448F 08
00437904 |> 8B448E 04
00437908 |. 89448F 04
0043790C |. 8D048D 000000
00437913 |. 03F0
00437915 |. 03F8
00437917 \> FF2495 207943
0043791E
8BFF
00437920 . 30794300
00437924 . 38794300
00437928 . 48794300
0043792C . 5C794300
00437930 /> 8B45 08
switch SystemInfo.43780A
00437933 |. 5E
00437934 |. 5F
00437935 |. C9
00437936 |. C3
00437937 | 90
00437938 |> 8A46 03
switch SystemInfo.43780A
0043793B |. 8847 03
0043793E |. 8B45 08
00437941 |. 5E
00437942 |. 5F
00437943 |. C9
00437944 |. C3
00437945 | 8D49 00
00437948 |> 8A46 03
switch SystemInfo.43780A
0043794B |. 8847 03
0043794E |. 8A46 02
00437951 |. 8847 02
00437954 |. 8B45 08
00437957 |. 5E
00437958 |. 5F
00437959 |. C9
0043795A |. C3
0043795B | 90
0043795C |> 8A46 03
switch SystemInfo.43780A

DD 004378D4
DD 004378DC
DD 004378E4
DD 004378EC
DD 004378F4
DD 004378FC
DD 00437904
DD 00437917
MOV EAX,DWORD PTR DS:[ECX*4+ESI+1C]
MOV DWORD PTR DS:[ECX*4+EDI+1C],EAX
MOV EAX,DWORD PTR DS:[ECX*4+ESI+18]
MOV DWORD PTR DS:[ECX*4+EDI+18],EAX
MOV EAX,DWORD PTR DS:[ECX*4+ESI+14]
MOV DWORD PTR DS:[ECX*4+EDI+14],EAX
MOV EAX,DWORD PTR DS:[ECX*4+ESI+10]
MOV DWORD PTR DS:[ECX*4+EDI+10],EAX
MOV EAX,DWORD PTR DS:[ECX*4+ESI+0C]
MOV DWORD PTR DS:[ECX*4+EDI+0C],EAX
MOV EAX,DWORD PTR DS:[ECX*4+ESI+8]
MOV DWORD PTR DS:[ECX*4+EDI+8],EAX
MOV EAX,DWORD PTR DS:[ECX*4+ESI+4]
MOV DWORD PTR DS:[ECX*4+EDI+4],EAX
LEA EAX,[ECX*4]
ADD ESI,EAX
ADD EDI,EAX
JMP DWORD PTR DS:[EDX*4+437920]
MOV EDI,EDI
DD 00437930
DD 00437938
DD 00437948
DD 0043795C
MOV EAX,DWORD PTR SS:[EBP+8]

; Case 0 of

POP ESI
POP EDI
LEAVE
RETN
NOP
MOV AL,BYTE PTR DS:[ESI+3]

; Case 1 of

MOV BYTE PTR DS:[EDI+3],AL


MOV EAX,DWORD PTR SS:[EBP+8]
POP ESI
POP EDI
LEAVE
RETN
LEA ECX,[ECX]
MOV AL,BYTE PTR DS:[ESI+3]

; Case 2 of

MOV BYTE PTR DS:[EDI+3],AL


MOV AL,BYTE PTR DS:[ESI+2]
MOV BYTE PTR DS:[EDI+2],AL
MOV EAX,DWORD PTR SS:[EBP+8]
POP ESI
POP EDI
LEAVE
RETN
NOP
MOV AL,BYTE PTR DS:[ESI+3]

; Case 3 of

0043795F |. 8847 03
00437962 |. 8A46 02
00437965 |. 8847 02
00437968 |. 8A46 01
0043796B |. 8847 01
0043796E |. 8B45 08
00437971 |. 5E
00437972 |. 5F
00437973 |. C9
00437974 \. C3
00437975 /$ 8BFF
00437977 |. 55
00437978 |. 8BEC
0043797A |. 83EC 10
0043797D |. 0FB748 42
00437981 |. 0FB750 44
00437985 |. 894D FC
00437988 |. 8955 F8
0043798B |. 85F6
0043798D |. 75 05
0043798F |. 83C8 FF
00437992 |. C9
00437993 |. C3
00437994 |> 8365 F4 00
00437998 |. 53
00437999 |. 57
0043799A |. 8945 F0
0043799D |. 8D46 04
004379A0 |. 50
ARG.ESI+4
004379A1 |. 6A 31
1
004379A3 |. 51
004379A4 |. 33DB
004379A6 |. 43
004379A7 |. 8D45 F0
004379AA |. 53
1
004379AB |. 50
OFFSET LOCAL.4
004379AC |. E8 E9EAFFFF
fo.0043649A
004379B1 |. 8BF8
004379B3 |. 8D46 08
004379B6 |. 50
004379B7 |. 6A 32
2
004379B9 |. FF75 FC
[LOCAL.1]
004379BC |. 8D45 F0
004379BF |. 53
004379C0 |. 50
OFFSET LOCAL.4
004379C1 |. E8 D4EAFFFF
fo.0043649A
004379C6 |. 0BF8
004379C8 |. 8D46 0C
004379CB |. 50
004379CC |. 6A 33
3

MOV BYTE PTR DS:[EDI+3],AL


MOV AL,BYTE PTR DS:[ESI+2]
MOV BYTE PTR DS:[EDI+2],AL
MOV AL,BYTE PTR DS:[ESI+1]
MOV BYTE PTR DS:[EDI+1],AL
MOV EAX,DWORD PTR SS:[EBP+8]
POP ESI
POP EDI
LEAVE
RETN
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
SUB ESP,10
MOVZX ECX,WORD PTR DS:[EAX+42]
MOVZX EDX,WORD PTR DS:[EAX+44]
MOV DWORD PTR SS:[LOCAL.1],ECX
MOV DWORD PTR SS:[LOCAL.2],EDX
TEST ESI,ESI
JNE SHORT 00437994
OR EAX,FFFFFFFF
LEAVE
RETN
AND DWORD PTR SS:[LOCAL.3],00000000
PUSH EBX
PUSH EDI
MOV DWORD PTR SS:[LOCAL.4],EAX
LEA EAX,[ESI+4]
PUSH EAX

; /Arg5 =>

PUSH 31

; |Arg4 = 3

PUSH ECX
XOR EBX,EBX
INC EBX
LEA EAX,[LOCAL.4]
PUSH EBX

;
;
;
;
;

PUSH EAX

; |Arg1 =>

CALL 0043649A

; \SystemIn

MOV EDI,EAX
LEA EAX,[ESI+8]
PUSH EAX
PUSH 32

; /Arg5
; |Arg4 = 3

PUSH DWORD PTR SS:[LOCAL.1]

; |Arg3 =>

LEA EAX,[LOCAL.4]
PUSH EBX
PUSH EAX

; |
; |Arg2
; |Arg1 =>

CALL 0043649A

; \SystemIn

OR EDI,EAX
LEA EAX,[ESI+0C]
PUSH EAX
PUSH 33

; /Arg5
; |Arg4 = 3

|Arg3
|
|
|
|Arg2 =>

004379CE |. FF75 FC
[LOCAL.1]
004379D1 |. 8D45 F0
004379D4 |. 53
004379D5 |. 50
OFFSET LOCAL.4
004379D6 |. E8 BFEAFFFF
fo.0043649A
004379DB |. 0BF8
004379DD |. 8D46 10
004379E0 |. 50
004379E1 |. 6A 34
4
004379E3 |. FF75 FC
[LOCAL.1]
004379E6 |. 8D45 F0
004379E9 |. 53
004379EA |. 50
OFFSET LOCAL.4
004379EB |. E8 AAEAFFFF
fo.0043649A
004379F0 |. 83C4 50
004379F3 |. 0BF8
004379F5 |. 8D46 14
004379F8 |. 50
004379F9 |. 6A 35
5
004379FB |. FF75 FC
[LOCAL.1]
004379FE |. 8D45 F0
00437A01 |. 53
00437A02 |. 50
OFFSET LOCAL.4
00437A03 |. E8 92EAFFFF
fo.0043649A
00437A08 |. 0BF8
00437A0A |. 8D46 18
00437A0D |. 50
00437A0E |. 6A 36
6
00437A10 |. FF75 FC
[LOCAL.1]
00437A13 |. 8D45 F0
00437A16 |. 53
00437A17 |. 50
OFFSET LOCAL.4
00437A18 |. E8 7DEAFFFF
fo.0043649A
00437A1D |. 56
00437A1E |. 6A 37
7
00437A20 |. FF75 FC
[LOCAL.1]
00437A23 |. 0BF8
00437A25 |. 8D45 F0
00437A28 |. 53
00437A29 |. 50
OFFSET LOCAL.4
00437A2A |. E8 6BEAFFFF
fo.0043649A

PUSH DWORD PTR SS:[LOCAL.1]

; |Arg3 =>

LEA EAX,[LOCAL.4]
PUSH EBX
PUSH EAX

; |
; |Arg2
; |Arg1 =>

CALL 0043649A

; \SystemIn

OR EDI,EAX
LEA EAX,[ESI+10]
PUSH EAX
PUSH 34

; /Arg5
; |Arg4 = 3

PUSH DWORD PTR SS:[LOCAL.1]

; |Arg3 =>

LEA EAX,[LOCAL.4]
PUSH EBX
PUSH EAX

; |
; |Arg2
; |Arg1 =>

CALL 0043649A

; \SystemIn

ADD ESP,50
OR EDI,EAX
LEA EAX,[ESI+14]
PUSH EAX
PUSH 35

; /Arg5
; |Arg4 = 3

PUSH DWORD PTR SS:[LOCAL.1]

; |Arg3 =>

LEA EAX,[LOCAL.4]
PUSH EBX
PUSH EAX

; |
; |Arg2
; |Arg1 =>

CALL 0043649A

; \SystemIn

OR EDI,EAX
LEA EAX,[ESI+18]
PUSH EAX
PUSH 36

; /Arg5
; |Arg4 = 3

PUSH DWORD PTR SS:[LOCAL.1]

; |Arg3 =>

LEA EAX,[LOCAL.4]
PUSH EBX
PUSH EAX

; |
; |Arg2
; |Arg1 =>

CALL 0043649A

; \SystemIn

PUSH ESI
PUSH 37

; /Arg5
; |Arg4 = 3

PUSH DWORD PTR SS:[LOCAL.1]

; |Arg3 =>

OR EDI,EAX
LEA EAX,[LOCAL.4]
PUSH EBX
PUSH EAX

;
;
;
;

CALL 0043649A

; \SystemIn

|
|
|Arg2
|Arg1 =>

00437A2F |. 0BF8
00437A31 |. 8D46 20
00437A34 |. 50
00437A35 |. 6A 2A
A
00437A37 |. FF75 FC
[LOCAL.1]
00437A3A |. 8D45 F0
00437A3D |. 53
00437A3E |. 50
OFFSET LOCAL.4
00437A3F |. E8 56EAFFFF
fo.0043649A
00437A44 |. 83C4 50
00437A47 |. 0BF8
00437A49 |. 8D46 24
00437A4C |. 50
00437A4D |. 6A 2B
B
00437A4F |. FF75 FC
[LOCAL.1]
00437A52 |. 8D45 F0
00437A55 |. 53
00437A56 |. 50
OFFSET LOCAL.4
00437A57 |. E8 3EEAFFFF
fo.0043649A
00437A5C |. 0BF8
00437A5E |. 8D46 28
00437A61 |. 50
00437A62 |. 6A 2C
C
00437A64 |. FF75 FC
[LOCAL.1]
00437A67 |. 8D45 F0
00437A6A |. 53
00437A6B |. 50
OFFSET LOCAL.4
00437A6C |. E8 29EAFFFF
fo.0043649A
00437A71 |. 0BF8
00437A73 |. 8D46 2C
00437A76 |. 50
00437A77 |. 6A 2D
D
00437A79 |. FF75 FC
[LOCAL.1]
00437A7C |. 8D45 F0
00437A7F |. 53
00437A80 |. 50
OFFSET LOCAL.4
00437A81 |. E8 14EAFFFF
fo.0043649A
00437A86 |. 0BF8
00437A88 |. 8D46 30
00437A8B |. 50
00437A8C |. 6A 2E
E
00437A8E |. FF75 FC
[LOCAL.1]

OR EDI,EAX
LEA EAX,[ESI+20]
PUSH EAX
PUSH 2A

; /Arg5
; |Arg4 = 2

PUSH DWORD PTR SS:[LOCAL.1]

; |Arg3 =>

LEA EAX,[LOCAL.4]
PUSH EBX
PUSH EAX

; |
; |Arg2
; |Arg1 =>

CALL 0043649A

; \SystemIn

ADD ESP,50
OR EDI,EAX
LEA EAX,[ESI+24]
PUSH EAX
PUSH 2B

; /Arg5
; |Arg4 = 2

PUSH DWORD PTR SS:[LOCAL.1]

; |Arg3 =>

LEA EAX,[LOCAL.4]
PUSH EBX
PUSH EAX

; |
; |Arg2
; |Arg1 =>

CALL 0043649A

; \SystemIn

OR EDI,EAX
LEA EAX,[ESI+28]
PUSH EAX
PUSH 2C

; /Arg5
; |Arg4 = 2

PUSH DWORD PTR SS:[LOCAL.1]

; |Arg3 =>

LEA EAX,[LOCAL.4]
PUSH EBX
PUSH EAX

; |
; |Arg2
; |Arg1 =>

CALL 0043649A

; \SystemIn

OR EDI,EAX
LEA EAX,[ESI+2C]
PUSH EAX
PUSH 2D

; /Arg5
; |Arg4 = 2

PUSH DWORD PTR SS:[LOCAL.1]

; |Arg3 =>

LEA EAX,[LOCAL.4]
PUSH EBX
PUSH EAX

; |
; |Arg2
; |Arg1 =>

CALL 0043649A

; \SystemIn

OR EDI,EAX
LEA EAX,[ESI+30]
PUSH EAX
PUSH 2E

; /Arg5
; |Arg4 = 2

PUSH DWORD PTR SS:[LOCAL.1]

; |Arg3 =>

00437A91 |. 8D45 F0
00437A94 |. 53
00437A95 |. 50
OFFSET LOCAL.4
00437A96 |. E8 FFE9FFFF
fo.0043649A
00437A9B |. 83C4 50
00437A9E |. 0BF8
00437AA0 |. 8D46 34
00437AA3 |. 50
00437AA4 |. 6A 2F
F
00437AA6 |. FF75 FC
[LOCAL.1]
00437AA9 |. 8D45 F0
00437AAC |. 53
00437AAD |. 50
OFFSET LOCAL.4
00437AAE |. E8 E7E9FFFF
fo.0043649A
00437AB3 |. 0BF8
00437AB5 |. 8D46 1C
00437AB8 |. 50
00437AB9 |. 6A 30
0
00437ABB |. FF75 FC
[LOCAL.1]
00437ABE |. 8D45 F0
00437AC1 |. 53
00437AC2 |. 50
OFFSET LOCAL.4
00437AC3 |. E8 D2E9FFFF
fo.0043649A
00437AC8 |. 0BF8
00437ACA |. 8D46 38
00437ACD |. 50
00437ACE |. 6A 44
4
00437AD0 |. FF75 FC
[LOCAL.1]
00437AD3 |. 8D45 F0
00437AD6 |. 53
00437AD7 |. 50
OFFSET LOCAL.4
00437AD8 |. E8 BDE9FFFF
fo.0043649A
00437ADD |. 0BF8
00437ADF |. 8D46 3C
00437AE2 |. 50
00437AE3 |. 6A 45
5
00437AE5 |. FF75 FC
[LOCAL.1]
00437AE8 |. 8D45 F0
00437AEB |. 53
00437AEC |. 50
OFFSET LOCAL.4
00437AED |. E8 A8E9FFFF
fo.0043649A
00437AF2 |. 83C4 50

LEA EAX,[LOCAL.4]
PUSH EBX
PUSH EAX

; |
; |Arg2
; |Arg1 =>

CALL 0043649A

; \SystemIn

ADD ESP,50
OR EDI,EAX
LEA EAX,[ESI+34]
PUSH EAX
PUSH 2F

; /Arg5
; |Arg4 = 2

PUSH DWORD PTR SS:[LOCAL.1]

; |Arg3 =>

LEA EAX,[LOCAL.4]
PUSH EBX
PUSH EAX

; |
; |Arg2
; |Arg1 =>

CALL 0043649A

; \SystemIn

OR EDI,EAX
LEA EAX,[ESI+1C]
PUSH EAX
PUSH 30

; /Arg5
; |Arg4 = 3

PUSH DWORD PTR SS:[LOCAL.1]

; |Arg3 =>

LEA EAX,[LOCAL.4]
PUSH EBX
PUSH EAX

; |
; |Arg2
; |Arg1 =>

CALL 0043649A

; \SystemIn

OR EDI,EAX
LEA EAX,[ESI+38]
PUSH EAX
PUSH 44

; /Arg5
; |Arg4 = 4

PUSH DWORD PTR SS:[LOCAL.1]

; |Arg3 =>

LEA EAX,[LOCAL.4]
PUSH EBX
PUSH EAX

; |
; |Arg2
; |Arg1 =>

CALL 0043649A

; \SystemIn

OR EDI,EAX
LEA EAX,[ESI+3C]
PUSH EAX
PUSH 45

; /Arg5
; |Arg4 = 4

PUSH DWORD PTR SS:[LOCAL.1]

; |Arg3 =>

LEA EAX,[LOCAL.4]
PUSH EBX
PUSH EAX

; |
; |Arg2
; |Arg1 =>

CALL 0043649A

; \SystemIn

ADD ESP,50

00437AF5 |. 0BF8
00437AF7 |. 8D46 40
00437AFA |. 50
00437AFB |. 6A 46
6
00437AFD |. FF75 FC
[LOCAL.1]
00437B00 |. 8D45 F0
00437B03 |. 53
00437B04 |. 50
OFFSET LOCAL.4
00437B05 |. E8 90E9FFFF
fo.0043649A
00437B0A |. 0BF8
00437B0C |. 8D46 44
00437B0F |. 50
00437B10 |. 6A 47
7
00437B12 |. FF75 FC
[LOCAL.1]
00437B15 |. 8D45 F0
00437B18 |. 53
00437B19 |. 50
OFFSET LOCAL.4
00437B1A |. E8 7BE9FFFF
fo.0043649A
00437B1F |. 0BF8
00437B21 |. 8D46 48
00437B24 |. 50
00437B25 |. 6A 48
8
00437B27 |. FF75 FC
[LOCAL.1]
00437B2A |. 8D45 F0
00437B2D |. 53
00437B2E |. 50
OFFSET LOCAL.4
00437B2F |. E8 66E9FFFF
fo.0043649A
00437B34 |. 0BF8
00437B36 |. 8D46 4C
00437B39 |. 50
00437B3A |. 6A 49
9
00437B3C |. FF75 FC
[LOCAL.1]
00437B3F |. 8D45 F0
00437B42 |. 53
00437B43 |. 50
OFFSET LOCAL.4
00437B44 |. E8 51E9FFFF
fo.0043649A
00437B49 |. 83C4 50
00437B4C |. 0BF8
00437B4E |. 8D46 50
00437B51 |. 50
00437B52 |. 6A 4A
A
00437B54 |. FF75 FC
[LOCAL.1]

OR EDI,EAX
LEA EAX,[ESI+40]
PUSH EAX
PUSH 46

; /Arg5
; |Arg4 = 4

PUSH DWORD PTR SS:[LOCAL.1]

; |Arg3 =>

LEA EAX,[LOCAL.4]
PUSH EBX
PUSH EAX

; |
; |Arg2
; |Arg1 =>

CALL 0043649A

; \SystemIn

OR EDI,EAX
LEA EAX,[ESI+44]
PUSH EAX
PUSH 47

; /Arg5
; |Arg4 = 4

PUSH DWORD PTR SS:[LOCAL.1]

; |Arg3 =>

LEA EAX,[LOCAL.4]
PUSH EBX
PUSH EAX

; |
; |Arg2
; |Arg1 =>

CALL 0043649A

; \SystemIn

OR EDI,EAX
LEA EAX,[ESI+48]
PUSH EAX
PUSH 48

; /Arg5
; |Arg4 = 4

PUSH DWORD PTR SS:[LOCAL.1]

; |Arg3 =>

LEA EAX,[LOCAL.4]
PUSH EBX
PUSH EAX

; |
; |Arg2
; |Arg1 =>

CALL 0043649A

; \SystemIn

OR EDI,EAX
LEA EAX,[ESI+4C]
PUSH EAX
PUSH 49

; /Arg5
; |Arg4 = 4

PUSH DWORD PTR SS:[LOCAL.1]

; |Arg3 =>

LEA EAX,[LOCAL.4]
PUSH EBX
PUSH EAX

; |
; |Arg2
; |Arg1 =>

CALL 0043649A

; \SystemIn

ADD ESP,50
OR EDI,EAX
LEA EAX,[ESI+50]
PUSH EAX
PUSH 4A

; /Arg5
; |Arg4 = 4

PUSH DWORD PTR SS:[LOCAL.1]

; |Arg3 =>

00437B57 |. 8D45 F0
00437B5A |. 53
00437B5B |. 50
OFFSET LOCAL.4
00437B5C |. E8 39E9FFFF
fo.0043649A
00437B61 |. 0BF8
00437B63 |. 8D46 54
00437B66 |. 50
00437B67 |. 6A 4B
B
00437B69 |. FF75 FC
[LOCAL.1]
00437B6C |. 8D45 F0
00437B6F |. 53
00437B70 |. 50
OFFSET LOCAL.4
00437B71 |. E8 24E9FFFF
fo.0043649A
00437B76 |. 0BF8
00437B78 |. 8D46 58
00437B7B |. 50
00437B7C |. 6A 4C
C
00437B7E |. FF75 FC
[LOCAL.1]
00437B81 |. 8D45 F0
00437B84 |. 53
00437B85 |. 50
OFFSET LOCAL.4
00437B86 |. E8 0FE9FFFF
fo.0043649A
00437B8B |. 0BF8
00437B8D |. 8D46 5C
00437B90 |. 50
00437B91 |. 6A 4D
D
00437B93 |. FF75 FC
[LOCAL.1]
00437B96 |. 8D45 F0
00437B99 |. 53
00437B9A |. 50
OFFSET LOCAL.4
00437B9B |. E8 FAE8FFFF
fo.0043649A
00437BA0 |. 83C4 50
00437BA3 |. 0BF8
00437BA5 |. 8D46 60
00437BA8 |. 50
00437BA9 |. 6A 4E
E
00437BAB |. FF75 FC
[LOCAL.1]
00437BAE |. 8D45 F0
00437BB1 |. 53
00437BB2 |. 50
OFFSET LOCAL.4
00437BB3 |. E8 E2E8FFFF
fo.0043649A
00437BB8 |. 0BF8

LEA EAX,[LOCAL.4]
PUSH EBX
PUSH EAX

; |
; |Arg2
; |Arg1 =>

CALL 0043649A

; \SystemIn

OR EDI,EAX
LEA EAX,[ESI+54]
PUSH EAX
PUSH 4B

; /Arg5
; |Arg4 = 4

PUSH DWORD PTR SS:[LOCAL.1]

; |Arg3 =>

LEA EAX,[LOCAL.4]
PUSH EBX
PUSH EAX

; |
; |Arg2
; |Arg1 =>

CALL 0043649A

; \SystemIn

OR EDI,EAX
LEA EAX,[ESI+58]
PUSH EAX
PUSH 4C

; /Arg5
; |Arg4 = 4

PUSH DWORD PTR SS:[LOCAL.1]

; |Arg3 =>

LEA EAX,[LOCAL.4]
PUSH EBX
PUSH EAX

; |
; |Arg2
; |Arg1 =>

CALL 0043649A

; \SystemIn

OR EDI,EAX
LEA EAX,[ESI+5C]
PUSH EAX
PUSH 4D

; /Arg5
; |Arg4 = 4

PUSH DWORD PTR SS:[LOCAL.1]

; |Arg3 =>

LEA EAX,[LOCAL.4]
PUSH EBX
PUSH EAX

; |
; |Arg2
; |Arg1 =>

CALL 0043649A

; \SystemIn

ADD ESP,50
OR EDI,EAX
LEA EAX,[ESI+60]
PUSH EAX
PUSH 4E

; /Arg5
; |Arg4 = 4

PUSH DWORD PTR SS:[LOCAL.1]

; |Arg3 =>

LEA EAX,[LOCAL.4]
PUSH EBX
PUSH EAX

; |
; |Arg2
; |Arg1 =>

CALL 0043649A

; \SystemIn

OR EDI,EAX

00437BBA |. 8D46 64
00437BBD |. 50
00437BBE |. 6A 4F
F
00437BC0 |. FF75 FC
[LOCAL.1]
00437BC3 |. 8D45 F0
00437BC6 |. 53
00437BC7 |. 50
OFFSET LOCAL.4
00437BC8 |. E8 CDE8FFFF
fo.0043649A
00437BCD |. 0BF8
00437BCF |. 8D46 68
00437BD2 |. 50
00437BD3 |. 6A 38
8
00437BD5 |. FF75 FC
[LOCAL.1]
00437BD8 |. 8D45 F0
00437BDB |. 53
00437BDC |. 50
OFFSET LOCAL.4
00437BDD |. E8 B8E8FFFF
fo.0043649A
00437BE2 |. 0BF8
00437BE4 |. 8D46 6C
00437BE7 |. 50
00437BE8 |. 6A 39
9
00437BEA |. FF75 FC
[LOCAL.1]
00437BED |. 8D45 F0
00437BF0 |. 53
00437BF1 |. 50
OFFSET LOCAL.4
00437BF2 |. E8 A3E8FFFF
fo.0043649A
00437BF7 |. 83C4 50
00437BFA |. 0BF8
00437BFC |. 8D46 70
00437BFF |. 50
00437C00 |. 6A 3A
A
00437C02 |. FF75 FC
[LOCAL.1]
00437C05 |. 8D45 F0
00437C08 |. 53
00437C09 |. 50
OFFSET LOCAL.4
00437C0A |. E8 8BE8FFFF
fo.0043649A
00437C0F |. 0BF8
00437C11 |. 8D46 74
00437C14 |. 50
00437C15 |. 6A 3B
B
00437C17 |. FF75 FC
[LOCAL.1]
00437C1A |. 8D45 F0

LEA EAX,[ESI+64]
PUSH EAX
PUSH 4F

; /Arg5
; |Arg4 = 4

PUSH DWORD PTR SS:[LOCAL.1]

; |Arg3 =>

LEA EAX,[LOCAL.4]
PUSH EBX
PUSH EAX

; |
; |Arg2
; |Arg1 =>

CALL 0043649A

; \SystemIn

OR EDI,EAX
LEA EAX,[ESI+68]
PUSH EAX
PUSH 38

; /Arg5
; |Arg4 = 3

PUSH DWORD PTR SS:[LOCAL.1]

; |Arg3 =>

LEA EAX,[LOCAL.4]
PUSH EBX
PUSH EAX

; |
; |Arg2
; |Arg1 =>

CALL 0043649A

; \SystemIn

OR EDI,EAX
LEA EAX,[ESI+6C]
PUSH EAX
PUSH 39

; /Arg5
; |Arg4 = 3

PUSH DWORD PTR SS:[LOCAL.1]

; |Arg3 =>

LEA EAX,[LOCAL.4]
PUSH EBX
PUSH EAX

; |
; |Arg2
; |Arg1 =>

CALL 0043649A

; \SystemIn

ADD ESP,50
OR EDI,EAX
LEA EAX,[ESI+70]
PUSH EAX
PUSH 3A

; /Arg5
; |Arg4 = 3

PUSH DWORD PTR SS:[LOCAL.1]

; |Arg3 =>

LEA EAX,[LOCAL.4]
PUSH EBX
PUSH EAX

; |
; |Arg2
; |Arg1 =>

CALL 0043649A

; \SystemIn

OR EDI,EAX
LEA EAX,[ESI+74]
PUSH EAX
PUSH 3B

; /Arg5
; |Arg4 = 3

PUSH DWORD PTR SS:[LOCAL.1]

; |Arg3 =>

LEA EAX,[LOCAL.4]

; |

00437C1D |. 53
00437C1E |. 50
OFFSET LOCAL.4
00437C1F |. E8 76E8FFFF
fo.0043649A
00437C24 |. 0BF8
00437C26 |. 8D46 78
00437C29 |. 50
00437C2A |. 6A 3C
C
00437C2C |. FF75 FC
[LOCAL.1]
00437C2F |. 8D45 F0
00437C32 |. 53
00437C33 |. 50
OFFSET LOCAL.4
00437C34 |. E8 61E8FFFF
fo.0043649A
00437C39 |. 0BF8
00437C3B |. 8D46 7C
00437C3E |. 50
00437C3F |. 6A 3D
D
00437C41 |. FF75 FC
[LOCAL.1]
00437C44 |. 8D45 F0
00437C47 |. 53
00437C48 |. 50
OFFSET LOCAL.4
00437C49 |. E8 4CE8FFFF
fo.0043649A
00437C4E |. 83C4 50
00437C51 |. 0BF8
00437C53 |. 8D86 80000000
00437C59 |. 50
00437C5A |. 6A 3E
E
00437C5C |. FF75 FC
[LOCAL.1]
00437C5F |. 8D45 F0
00437C62 |. 53
00437C63 |. 50
OFFSET LOCAL.4
00437C64 |. E8 31E8FFFF
fo.0043649A
00437C69 |. 0BF8
00437C6B |. 8D86 84000000
00437C71 |. 50
00437C72 |. 6A 3F
F
00437C74 |. FF75 FC
[LOCAL.1]
00437C77 |. 8D45 F0
00437C7A |. 53
00437C7B |. 50
OFFSET LOCAL.4
00437C7C |. E8 19E8FFFF
fo.0043649A
00437C81 |. 0BF8
00437C83 |. 8D86 88000000

PUSH EBX
PUSH EAX

; |Arg2
; |Arg1 =>

CALL 0043649A

; \SystemIn

OR EDI,EAX
LEA EAX,[ESI+78]
PUSH EAX
PUSH 3C

; /Arg5
; |Arg4 = 3

PUSH DWORD PTR SS:[LOCAL.1]

; |Arg3 =>

LEA EAX,[LOCAL.4]
PUSH EBX
PUSH EAX

; |
; |Arg2
; |Arg1 =>

CALL 0043649A

; \SystemIn

OR EDI,EAX
LEA EAX,[ESI+7C]
PUSH EAX
PUSH 3D

; /Arg5
; |Arg4 = 3

PUSH DWORD PTR SS:[LOCAL.1]

; |Arg3 =>

LEA EAX,[LOCAL.4]
PUSH EBX
PUSH EAX

; |
; |Arg2
; |Arg1 =>

CALL 0043649A

; \SystemIn

ADD ESP,50
OR EDI,EAX
LEA EAX,[ESI+80]
PUSH EAX
PUSH 3E

; /Arg5
; |Arg4 = 3

PUSH DWORD PTR SS:[LOCAL.1]

; |Arg3 =>

LEA EAX,[LOCAL.4]
PUSH EBX
PUSH EAX

; |
; |Arg2
; |Arg1 =>

CALL 0043649A

; \SystemIn

OR EDI,EAX
LEA EAX,[ESI+84]
PUSH EAX
PUSH 3F

; /Arg5
; |Arg4 = 3

PUSH DWORD PTR SS:[LOCAL.1]

; |Arg3 =>

LEA EAX,[LOCAL.4]
PUSH EBX
PUSH EAX

; |
; |Arg2
; |Arg1 =>

CALL 0043649A

; \SystemIn

OR EDI,EAX
LEA EAX,[ESI+88]

00437C89 |. 50
00437C8A |. 6A 40
0
00437C8C |. FF75 FC
[LOCAL.1]
00437C8F |. 53
00437C90 |. 8D45 F0
00437C93 |. 50
OFFSET LOCAL.4
00437C94 |. E8 01E8FFFF
fo.0043649A
00437C99 |. 0BF8
00437C9B |. 8D86 8C000000
00437CA1 |. 50
00437CA2 |. 6A 41
1
00437CA4 |. FF75 FC
[LOCAL.1]
00437CA7 |. 8D45 F0
00437CAA |. 53
00437CAB |. 50
OFFSET LOCAL.4
00437CAC |. E8 E9E7FFFF
fo.0043649A
00437CB1 |. 83C4 50
00437CB4 |. 0BF8
00437CB6 |. 8D86 90000000
00437CBC |. 50
00437CBD |. 6A 42
2
00437CBF |. FF75 FC
[LOCAL.1]
00437CC2 |. 8D45 F0
00437CC5 |. 53
00437CC6 |. 50
OFFSET LOCAL.4
00437CC7 |. E8 CEE7FFFF
fo.0043649A
00437CCC |. 0BF8
00437CCE |. 8D86 94000000
00437CD4 |. 50
00437CD5 |. 6A 43
3
00437CD7 |. FF75 FC
[LOCAL.1]
00437CDA |. 8D45 F0
00437CDD |. 53
00437CDE |. 50
OFFSET LOCAL.4
00437CDF |. E8 B6E7FFFF
fo.0043649A
00437CE4 |. 0BF8
00437CE6 |. 8D86 98000000
00437CEC |. 50
00437CED |. 6A 28
8
00437CEF |. FF75 FC
[LOCAL.1]
00437CF2 |. 8D45 F0
00437CF5 |. 53

PUSH EAX
PUSH 40

; /Arg5
; |Arg4 = 4

PUSH DWORD PTR SS:[LOCAL.1]

; |Arg3 =>

PUSH EBX
LEA EAX,[LOCAL.4]
PUSH EAX

; |Arg2
; |
; |Arg1 =>

CALL 0043649A

; \SystemIn

OR EDI,EAX
LEA EAX,[ESI+8C]
PUSH EAX
PUSH 41

; /Arg5
; |Arg4 = 4

PUSH DWORD PTR SS:[LOCAL.1]

; |Arg3 =>

LEA EAX,[LOCAL.4]
PUSH EBX
PUSH EAX

; |
; |Arg2
; |Arg1 =>

CALL 0043649A

; \SystemIn

ADD ESP,50
OR EDI,EAX
LEA EAX,[ESI+90]
PUSH EAX
PUSH 42

; /Arg5
; |Arg4 = 4

PUSH DWORD PTR SS:[LOCAL.1]

; |Arg3 =>

LEA EAX,[LOCAL.4]
PUSH EBX
PUSH EAX

; |
; |Arg2
; |Arg1 =>

CALL 0043649A

; \SystemIn

OR EDI,EAX
LEA EAX,[ESI+94]
PUSH EAX
PUSH 43

; /Arg5
; |Arg4 = 4

PUSH DWORD PTR SS:[LOCAL.1]

; |Arg3 =>

LEA EAX,[LOCAL.4]
PUSH EBX
PUSH EAX

; |
; |Arg2
; |Arg1 =>

CALL 0043649A

; \SystemIn

OR EDI,EAX
LEA EAX,[ESI+98]
PUSH EAX
PUSH 28

; /Arg5
; |Arg4 = 2

PUSH DWORD PTR SS:[LOCAL.1]

; |Arg3 =>

LEA EAX,[LOCAL.4]
PUSH EBX

; |
; |Arg2

00437CF6 |. 50
OFFSET LOCAL.4
00437CF7 |. E8 9EE7FFFF
fo.0043649A
00437CFC |. 0BF8
00437CFE |. 8D86 9C000000
00437D04 |. 50
00437D05 |. 6A 29
9
00437D07 |. FF75 FC
[LOCAL.1]
00437D0A |. 8D45 F0
00437D0D |. 53
00437D0E |. 50
OFFSET LOCAL.4
00437D0F |. E8 86E7FFFF
fo.0043649A
00437D14 |. 83C4 50
00437D17 |. 0BF8
00437D19 |. 8D86 A0000000
00437D1F |. 50
00437D20 |. 6A 1F
F
00437D22 |. FF75 F8
[LOCAL.2]
00437D25 |. 8D45 F0
00437D28 |. 53
00437D29 |. 50
OFFSET LOCAL.4
00437D2A |. E8 6BE7FFFF
fo.0043649A
00437D2F |. 0BF8
00437D31 |. 8D86 A4000000
00437D37 |. 50
00437D38 |. 6A 20
0
00437D3A |. FF75 F8
[LOCAL.2]
00437D3D |. 8D45 F0
00437D40 |. 53
00437D41 |. 50
OFFSET LOCAL.4
00437D42 |. E8 53E7FFFF
fo.0043649A
00437D47 |. 0BF8
00437D49 |. 8D86 A8000000
00437D4F |. 50
00437D50 |. 68 03100000
003
00437D55 |. FF75 F8
[LOCAL.2]
00437D58 |. 8D45 F0
00437D5B |. 53
00437D5C |. 50
OFFSET LOCAL.4
00437D5D |. E8 38E7FFFF
fo.0043649A
00437D62 |. 0BF8
00437D64 |. 8D86 B0000000
00437D6A |. 50

PUSH EAX

; |Arg1 =>

CALL 0043649A

; \SystemIn

OR EDI,EAX
LEA EAX,[ESI+9C]
PUSH EAX
PUSH 29

; /Arg5
; |Arg4 = 2

PUSH DWORD PTR SS:[LOCAL.1]

; |Arg3 =>

LEA EAX,[LOCAL.4]
PUSH EBX
PUSH EAX

; |
; |Arg2
; |Arg1 =>

CALL 0043649A

; \SystemIn

ADD ESP,50
OR EDI,EAX
LEA EAX,[ESI+0A0]
PUSH EAX
PUSH 1F

; /Arg5
; |Arg4 = 1

PUSH DWORD PTR SS:[LOCAL.2]

; |Arg3 =>

LEA EAX,[LOCAL.4]
PUSH EBX
PUSH EAX

; |
; |Arg2
; |Arg1 =>

CALL 0043649A

; \SystemIn

OR EDI,EAX
LEA EAX,[ESI+0A4]
PUSH EAX
PUSH 20

; /Arg5
; |Arg4 = 2

PUSH DWORD PTR SS:[LOCAL.2]

; |Arg3 =>

LEA EAX,[LOCAL.4]
PUSH EBX
PUSH EAX

; |
; |Arg2
; |Arg1 =>

CALL 0043649A

; \SystemIn

OR EDI,EAX
LEA EAX,[ESI+0A8]
PUSH EAX
PUSH 1003

; /Arg5
; |Arg4 = 1

PUSH DWORD PTR SS:[LOCAL.2]

; |Arg3 =>

LEA EAX,[LOCAL.4]
PUSH EBX
PUSH EAX

; |
; |Arg2
; |Arg1 =>

CALL 0043649A

; \SystemIn

OR EDI,EAX
LEA EAX,[ESI+0B0]
PUSH EAX

; /Arg5

00437D6B |. 68 09100000
009
00437D70 |. 8B5D F8
00437D73 |. 53
[LOCAL.2]
00437D74 |. 8D45 F0
00437D77 |. 6A 00
00437D79 |. 50
OFFSET LOCAL.4
00437D7A |. E8 1BE7FFFF
fo.0043649A
00437D7F |. 83C4 50
00437D82 |. 0BF8
00437D84 |. 8BC7
00437D86 |. 5F
00437D87 |. 899E AC000000
00437D8D |. 5B
00437D8E |. C9
00437D8F \. C3
00437D90 /$ 8BFF
00437D92 |. 55
00437D93 |. 8BEC
00437D95 |. 56
00437D96 |. 8B75 08
00437D99 |. 85F6
00437D9B |. 0F84 81010000
00437DA1 |. FF76 04
00437DA4 |. E8 35B4FFFF
fo.004331DE
00437DA9 |. FF76 08
00437DAC |. E8 2DB4FFFF
fo.004331DE
00437DB1 |. FF76 0C
00437DB4 |. E8 25B4FFFF
fo.004331DE
00437DB9 |. FF76 10
00437DBC |. E8 1DB4FFFF
fo.004331DE
00437DC1 |. FF76 14
00437DC4 |. E8 15B4FFFF
fo.004331DE
00437DC9 |. FF76 18
00437DCC |. E8 0DB4FFFF
fo.004331DE
00437DD1 |. FF36
00437DD3 |. E8 06B4FFFF
fo.004331DE
00437DD8 |. FF76 20
00437DDB |. E8 FEB3FFFF
fo.004331DE
00437DE0 |. FF76 24
00437DE3 |. E8 F6B3FFFF
fo.004331DE
00437DE8 |. FF76 28
00437DEB |. E8 EEB3FFFF
fo.004331DE
00437DF0 |. FF76 2C
00437DF3 |. E8 E6B3FFFF
fo.004331DE
00437DF8 |. FF76 30

PUSH 1009

; |Arg4 = 1

MOV EBX,DWORD PTR SS:[LOCAL.2]


PUSH EBX

; |
; |Arg3 =>

LEA EAX,[LOCAL.4]
PUSH 0
PUSH EAX

; |
; |Arg2 = 0
; |Arg1 =>

CALL 0043649A

; \SystemIn

ADD ESP,50
OR EDI,EAX
MOV EAX,EDI
POP EDI
MOV DWORD PTR DS:[ESI+0AC],EBX
POP EBX
LEAVE
RETN
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
PUSH ESI
MOV ESI,DWORD PTR SS:[ARG.1]
TEST ESI,ESI
JE 00437F22
PUSH DWORD PTR DS:[ESI+4]
CALL 004331DE

; /Arg1
; \SystemIn

PUSH DWORD PTR DS:[ESI+8]


CALL 004331DE

; /Arg1
; \SystemIn

PUSH DWORD PTR DS:[ESI+0C]


CALL 004331DE

; /Arg1
; \SystemIn

PUSH DWORD PTR DS:[ESI+10]


CALL 004331DE

; /Arg1
; \SystemIn

PUSH DWORD PTR DS:[ESI+14]


CALL 004331DE

; /Arg1
; \SystemIn

PUSH DWORD PTR DS:[ESI+18]


CALL 004331DE

; /Arg1
; \SystemIn

PUSH DWORD PTR DS:[ESI]


CALL 004331DE

; /Arg1
; \SystemIn

PUSH DWORD PTR DS:[ESI+20]


CALL 004331DE

; /Arg1
; \SystemIn

PUSH DWORD PTR DS:[ESI+24]


CALL 004331DE

; /Arg1
; \SystemIn

PUSH DWORD PTR DS:[ESI+28]


CALL 004331DE

; /Arg1
; \SystemIn

PUSH DWORD PTR DS:[ESI+2C]


CALL 004331DE

; /Arg1
; \SystemIn

PUSH DWORD PTR DS:[ESI+30]

; /Arg1

00437DFB |.
fo.004331DE
00437E00 |.
00437E03 |.
fo.004331DE
00437E08 |.
00437E0B |.
fo.004331DE
00437E10 |.
00437E13 |.
fo.004331DE
00437E18 |.
00437E1B |.
fo.004331DE
00437E20 |.
00437E23 |.
00437E26 |.
fo.004331DE
00437E2B |.
00437E2E |.
fo.004331DE
00437E33 |.
00437E36 |.
fo.004331DE
00437E3B |.
00437E3E |.
fo.004331DE
00437E43 |.
00437E46 |.
fo.004331DE
00437E4B |.
00437E4E |.
fo.004331DE
00437E53 |.
00437E56 |.
fo.004331DE
00437E5B |.
00437E5E |.
fo.004331DE
00437E63 |.
00437E66 |.
fo.004331DE
00437E6B |.
00437E6E |.
fo.004331DE
00437E73 |.
00437E76 |.
fo.004331DE
00437E7B |.
00437E7E |.
fo.004331DE
00437E83 |.
00437E86 |.
fo.004331DE
00437E8B |.
00437E8E |.
fo.004331DE
00437E93 |.
00437E96 |.
fo.004331DE

E8 DEB3FFFF

CALL 004331DE

; \SystemIn

FF76 34
E8 D6B3FFFF

PUSH DWORD PTR DS:[ESI+34]


CALL 004331DE

; /Arg1
; \SystemIn

FF76 1C
E8 CEB3FFFF

PUSH DWORD PTR DS:[ESI+1C]


CALL 004331DE

; /Arg1
; \SystemIn

FF76 38
E8 C6B3FFFF

PUSH DWORD PTR DS:[ESI+38]


CALL 004331DE

; /Arg1
; \SystemIn

FF76 3C
E8 BEB3FFFF

PUSH DWORD PTR DS:[ESI+3C]


CALL 004331DE

; /Arg1
; \SystemIn

83C4 40
FF76 40
E8 B3B3FFFF

ADD ESP,40
PUSH DWORD PTR DS:[ESI+40]
CALL 004331DE

; /Arg1
; \SystemIn

FF76 44
E8 ABB3FFFF

PUSH DWORD PTR DS:[ESI+44]


CALL 004331DE

; /Arg1
; \SystemIn

FF76 48
E8 A3B3FFFF

PUSH DWORD PTR DS:[ESI+48]


CALL 004331DE

; /Arg1
; \SystemIn

FF76 4C
E8 9BB3FFFF

PUSH DWORD PTR DS:[ESI+4C]


CALL 004331DE

; /Arg1
; \SystemIn

FF76 50
E8 93B3FFFF

PUSH DWORD PTR DS:[ESI+50]


CALL 004331DE

; /Arg1
; \SystemIn

FF76 54
E8 8BB3FFFF

PUSH DWORD PTR DS:[ESI+54]


CALL 004331DE

; /Arg1
; \SystemIn

FF76 58
E8 83B3FFFF

PUSH DWORD PTR DS:[ESI+58]


CALL 004331DE

; /Arg1
; \SystemIn

FF76 5C
E8 7BB3FFFF

PUSH DWORD PTR DS:[ESI+5C]


CALL 004331DE

; /Arg1
; \SystemIn

FF76 60
E8 73B3FFFF

PUSH DWORD PTR DS:[ESI+60]


CALL 004331DE

; /Arg1
; \SystemIn

FF76 64
E8 6BB3FFFF

PUSH DWORD PTR DS:[ESI+64]


CALL 004331DE

; /Arg1
; \SystemIn

FF76 68
E8 63B3FFFF

PUSH DWORD PTR DS:[ESI+68]


CALL 004331DE

; /Arg1
; \SystemIn

FF76 6C
E8 5BB3FFFF

PUSH DWORD PTR DS:[ESI+6C]


CALL 004331DE

; /Arg1
; \SystemIn

FF76 70
E8 53B3FFFF

PUSH DWORD PTR DS:[ESI+70]


CALL 004331DE

; /Arg1
; \SystemIn

FF76 74
E8 4BB3FFFF

PUSH DWORD PTR DS:[ESI+74]


CALL 004331DE

; /Arg1
; \SystemIn

FF76 78
E8 43B3FFFF

PUSH DWORD PTR DS:[ESI+78]


CALL 004331DE

; /Arg1
; \SystemIn

00437E9B |.
00437E9E |.
fo.004331DE
00437EA3 |.
00437EA6 |.
00437EAC |.
fo.004331DE
00437EB1 |.
00437EB7 |.
fo.004331DE
00437EBC |.
00437EC2 |.
fo.004331DE
00437EC7 |.
00437ECD |.
fo.004331DE
00437ED2 |.
00437ED8 |.
fo.004331DE
00437EDD |.
00437EE3 |.
fo.004331DE
00437EE8 |.
00437EEE |.
fo.004331DE
00437EF3 |.
00437EF9 |.
fo.004331DE
00437EFE |.
00437F04 |.
fo.004331DE
00437F09 |.
00437F0F |.
fo.004331DE
00437F14 |.
00437F1A |.
fo.004331DE
00437F1F |.
00437F22 |>
00437F23 |.
00437F24 \.
00437F25
00437F27 /.
00437F28 |.
00437F2A |.
00437F2B |.
00437F2C |.
00437F2D |.
00437F30 |.
00437F34 |.
CII "Sun"
00437F39 |.
00437F3B |.
B8
00437F40 |.
00437F42 |.
fo.00434E58
00437F47 |.
00437F49 |.
00437F4A |.

FF76 7C
E8 3BB3FFFF

PUSH DWORD PTR DS:[ESI+7C]


CALL 004331DE

; /Arg1
; \SystemIn

83C4 40
ADD ESP,40
FFB6 80000000 PUSH DWORD PTR DS:[ESI+80]
E8 2DB3FFFF CALL 004331DE

; /Arg1
; \SystemIn

FFB6 84000000 PUSH DWORD PTR DS:[ESI+84]


E8 22B3FFFF CALL 004331DE

; /Arg1
; \SystemIn

FFB6 88000000 PUSH DWORD PTR DS:[ESI+88]


E8 17B3FFFF CALL 004331DE

; /Arg1
; \SystemIn

FFB6 8C000000 PUSH DWORD PTR DS:[ESI+8C]


E8 0CB3FFFF CALL 004331DE

; /Arg1
; \SystemIn

FFB6 90000000 PUSH DWORD PTR DS:[ESI+90]


E8 01B3FFFF CALL 004331DE

; /Arg1
; \SystemIn

FFB6 94000000 PUSH DWORD PTR DS:[ESI+94]


E8 F6B2FFFF CALL 004331DE

; /Arg1
; \SystemIn

FFB6 98000000 PUSH DWORD PTR DS:[ESI+98]


E8 EBB2FFFF CALL 004331DE

; /Arg1
; \SystemIn

FFB6 9C000000 PUSH DWORD PTR DS:[ESI+9C]


E8 E0B2FFFF CALL 004331DE

; /Arg1
; \SystemIn

FFB6 A0000000 PUSH DWORD PTR DS:[ESI+0A0]


E8 D5B2FFFF CALL 004331DE

; /Arg1
; \SystemIn

FFB6 A4000000 PUSH DWORD PTR DS:[ESI+0A4]


E8 CAB2FFFF CALL 004331DE

; /Arg1
; \SystemIn

FFB6 A8000000 PUSH DWORD PTR DS:[ESI+0A8]


E8 BFB2FFFF CALL 004331DE

; /Arg1
; \SystemIn

83C4 2C
5E
5D
C3
8BFF
55
8BEC
53
56
57
8B7D 08
837F 20 00
BB 201E4500

ADD ESP,2C
POP ESI
POP EBP
RETN
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
PUSH EBX
PUSH ESI
PUSH EDI
MOV EDI,DWORD PTR SS:[ARG.1]
CMP DWORD PTR DS:[EDI+20],0
MOV EBX,OFFSET 00451E20

; PTR to AS

74 40
68 B8000000

JE SHORT 00437F7B
PUSH 0B8

; /Arg2 = 0

6A 01
E8 11CFFFFF

PUSH 1
CALL 00434E58

; |Arg1 = 1
; \SystemIn

8BF0
59
59

MOV ESI,EAX
POP ECX
POP ECX

00437F4B |. 85F6
00437F4D |. 75 05
00437F4F |> 33C0
00437F51 |. 40
00437F52 |. EB 45
00437F54 |> 8BC7
00437F56 |. E8 1AFAFFFF
00437F5B |. 85C0
00437F5D |. 74 10
00437F5F |. 56
00437F60 |. E8 2BFEFFFF
00437F65 |. 56
00437F66 |. E8 73B2FFFF
fo.004331DE
00437F6B |. 59
00437F6C |. 59
00437F6D |.^ EB E0
00437F6F |> C786 B4000000
00437F79 |. EB 02
00437F7B |> 8BF3
00437F7D |> 81C7 D4000000
00437F83 |. 8B07
00437F85 |. 3BC3
00437F87 |. 74 0C
00437F89 |. 05 B4000000
00437F8E |. 50
00437F8F |. FF15 34814400
.InterlockedDecrement
00437F95 |> 8937
00437F97 |. 33C0
00437F99 |> 5F
00437F9A |. 5E
00437F9B |. 5B
00437F9C |. 5D
00437F9D \. C3
00437F9E /$ 8BFF
o.00437F9E(guessed Arg1)
00437FA0 |. 55
00437FA1 |. 8BEC
00437FA3 |. 56
00437FA4 |. 8B75 08
00437FA7 |. 85F6
00437FA9 |. 74 35
00437FAB |. 8B06
00437FAD |. 3B05 E4154500
00437FB3 |. 74 07
00437FB5 |. 50
00437FB6 |. E8 23B2FFFF
fo.004331DE
00437FBB |. 59
00437FBC |> 8B46 04
00437FBF |. 3B05 E8154500
00437FC5 |. 74 07
00437FC7 |. 50
00437FC8 |. E8 11B2FFFF
fo.004331DE
00437FCD |. 59
00437FCE |> 8B76 08
00437FD1 |. 3B35 EC154500
00437FD7 |. 74 07

TEST ESI,ESI
JNE SHORT 00437F54
XOR EAX,EAX
INC EAX
JMP SHORT 00437F99
MOV EAX,EDI
CALL 00437975
TEST EAX,EAX
JE SHORT 00437F6F
PUSH ESI
CALL 00437D90
PUSH ESI
CALL 004331DE

; /Arg1
; \SystemIn

POP ECX
POP ECX
JMP SHORT 00437F4F
MOV DWORD PTR DS:[ESI+0B4],1
JMP SHORT 00437F7D
MOV ESI,EBX
ADD EDI,0D4
MOV EAX,DWORD PTR DS:[EDI]
CMP EAX,EBX
JE SHORT 00437F95
ADD EAX,0B4
PUSH EAX
; /pTarget
CALL DWORD PTR DS:[<&KERNEL32.Interlocke ; \KERNEL32
MOV DWORD PTR DS:[EDI],ESI
XOR EAX,EAX
POP EDI
POP ESI
POP EBX
POP EBP
RETN
MOV EDI,EDI

; SystemInf

PUSH EBP
MOV EBP,ESP
PUSH ESI
MOV ESI,DWORD PTR SS:[ARG.1]
TEST ESI,ESI
JE SHORT 00437FE0
MOV EAX,DWORD PTR DS:[ESI]
CMP EAX,DWORD PTR DS:[4515E4]
JE SHORT 00437FBC
PUSH EAX
CALL 004331DE

; /Arg1
; \SystemIn

POP ECX
MOV EAX,DWORD PTR DS:[ESI+4]
CMP EAX,DWORD PTR DS:[4515E8]
JE SHORT 00437FCE
PUSH EAX
CALL 004331DE

; /Arg1
; \SystemIn

POP ECX
MOV ESI,DWORD PTR DS:[ESI+8]
CMP ESI,DWORD PTR DS:[4515EC]
JE SHORT 00437FE0

00437FD9 |.
00437FDA |.
fo.004331DE
00437FDF |.
00437FE0 |>
00437FE1 |.
00437FE2 \.
00437FE3
00437FE5 /.
00437FE6 |.
00437FE8 |.
00437FEB |.
00437FEC |.
00437FEF |.
00437FF0 |.
00437FF2 |.
00437FF3 |.
00437FF6 |.
00437FF9 |.
00437FFC |.
00437FFE |.
00438001 |.
00438003 |.
00438006 |.
00438009 |.
00438010 |.
00438015 |>
0
00438017 |.
00438019 |.
fo.00434E58
0043801E |.
00438020 |.
00438021 |.
00438022 |.
00438025 |.
00438027 |.
00438029 |>
0043802B |.
0043802C |.
00438031 |>
00438037 |.
00438039 |.
0043803A |.
0043803C |.
0043803E |.
fo.00434E13
00438043 |.
00438045 |.
00438046 |.
00438049 |.
0043804B |.
0043804D |.
[ARG.1]
00438050 |.
fo.004331DE
00438055 |.
00438056 |.^
00438058 |>
0043805A |.

56
E8 FFB1FFFF

PUSH ESI
CALL 004331DE

59
5E
5D
C3
8BFF
55
8BEC
83EC 18
53
8B5D 08
56
33F6
57
895D E8
8975 EC
3973 1C
75 17
3973 18
75 12
8975 FC
8975 F8
C745 08 E4154
E9 3A010000
6A 30

POP ECX
POP ESI
POP EBP
RETN
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
SUB ESP,18
PUSH EBX
MOV EBX,DWORD PTR SS:[ARG.1]
PUSH ESI
XOR ESI,ESI
PUSH EDI
MOV DWORD PTR SS:[LOCAL.6],EBX
MOV DWORD PTR SS:[LOCAL.5],ESI
CMP DWORD PTR DS:[EBX+1C],ESI
JNE SHORT 00438015
CMP DWORD PTR DS:[EBX+18],ESI
JNE SHORT 00438015
MOV DWORD PTR SS:[LOCAL.1],ESI
MOV DWORD PTR SS:[LOCAL.2],ESI
MOV DWORD PTR SS:[ARG.1],OFFSET 004515E4
JMP 0043814F
PUSH 30
; /Arg2 = 3

6A 01
E8 3ACEFFFF

PUSH 1
CALL 00434E58

8BF8
59
59
897D 08
3BFE
75 08
33C0
40
E9 77010000
8BB3 BC000000
6A 0C
59
6A 04
F3:A5
E8 D0CDFFFF

MOV EDI,EAX
POP ECX
POP ECX
MOV DWORD PTR SS:[ARG.1],EDI
CMP EDI,ESI
JNE SHORT 00438031
XOR EAX,EAX
INC EAX
JMP 004381A8
MOV ESI,DWORD PTR DS:[EBX+0BC]
PUSH 0C
POP ECX
PUSH 4
; /Arg1 = 4
REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS ; |
CALL 00434E13
; \SystemIn

33F6
59
8945 F8
3BC6
75 0B
FF75 08

XOR ESI,ESI
POP ECX
MOV DWORD PTR SS:[LOCAL.2],EAX
CMP EAX,ESI
JNE SHORT 00438058
PUSH DWORD PTR SS:[ARG.1]

; /Arg1 =>

E8 89B1FFFF

CALL 004331DE

; \SystemIn

59
EB D1
8930
3973 1C

POP
JMP
MOV
CMP

ECX
SHORT 00438029
DWORD PTR DS:[EAX],ESI
DWORD PTR DS:[EBX+1C],ESI

; /Arg1
; \SystemIn

; |Arg1 = 1
; \SystemIn

0043805D |. 0F84 BB000000


00438063 |. 6A 04
00438065 |. E8 A9CDFFFF
fo.00434E13
0043806A |. 59
0043806B |. 8945 FC
0043806E |. 3BC6
00438070 |. 75 1C
00438072 |. 33F6
00438074 |. 46
00438075 |> FF75 08
[ARG.1]
00438078 |. E8 61B1FFFF
fo.004331DE
0043807D |. FF75 F8
[LOCAL.2]
00438080 |. E8 59B1FFFF
fo.004331DE
00438085 |. 59
00438086 |. 59
00438087 |. 8BC6
00438089 |. E9 1A010000
0043808E |> 8930
00438090 |. 8B75 08
00438093 |. 0FB77B 3E
00438097 |. 56
[ARG.1]
00438098 |. 6A 0E
E
0043809A |. 57
0043809B |. 8D45 E8
0043809E |. 6A 01
004380A0 |. 50
OFFSET LOCAL.6
004380A1 |. E8 F4E3FFFF
fo.0043649A
004380A6 |. 8945 F4
004380A9 |. 8D46 04
004380AC |. 50
004380AD |. 6A 0F
F
004380AF |. 57
004380B0 |. 8D45 E8
004380B3 |. 6A 01
004380B5 |. 50
OFFSET LOCAL.6
004380B6 |. E8 DFE3FFFF
fo.0043649A
004380BB |. 0945 F4
004380BE |. 8D46 08
004380C1 |. 50
004380C2 |. 6A 10
0
004380C4 |. 57
004380C5 |. 8945 F0
004380C8 |. 8D45 E8
004380CB |. 6A 01
004380CD |. 50
OFFSET LOCAL.6
004380CE |. E8 C7E3FFFF

JE 0043811E
PUSH 4
CALL 00434E13

; /Arg1 = 4
; \SystemIn

POP ECX
MOV DWORD PTR SS:[LOCAL.1],EAX
CMP EAX,ESI
JNE SHORT 0043808E
XOR ESI,ESI
INC ESI
PUSH DWORD PTR SS:[ARG.1]

; /Arg1 =>

CALL 004331DE

; \SystemIn

PUSH DWORD PTR SS:[LOCAL.2]

; /Arg1 =>

CALL 004331DE

; \SystemIn

POP ECX
POP ECX
MOV EAX,ESI
JMP 004381A8
MOV DWORD PTR DS:[EAX],ESI
MOV ESI,DWORD PTR SS:[ARG.1]
MOVZX EDI,WORD PTR DS:[EBX+3E]
PUSH ESI

; /Arg5 =>

PUSH 0E

; |Arg4 = 0

PUSH EDI
LEA EAX,[LOCAL.6]
PUSH 1
PUSH EAX

;
;
;
;

CALL 0043649A

; \SystemIn

MOV DWORD PTR SS:[LOCAL.3],EAX


LEA EAX,[ESI+4]
PUSH EAX
PUSH 0F

; /Arg5
; |Arg4 = 0

PUSH EDI
LEA EAX,[LOCAL.6]
PUSH 1
PUSH EAX

;
;
;
;

CALL 0043649A

; \SystemIn

OR DWORD PTR SS:[LOCAL.3],EAX


LEA EAX,[ESI+8]
PUSH EAX
PUSH 10

; /Arg5
; |Arg4 = 1

PUSH EDI
MOV DWORD PTR SS:[LOCAL.4],EAX
LEA EAX,[LOCAL.6]
PUSH 1
PUSH EAX

;
;
;
;
;

CALL 0043649A

; \SystemIn

|Arg3
|
|Arg2 = 1
|Arg1 =>

|Arg3
|
|Arg2 = 1
|Arg1 =>

|Arg3
|
|
|Arg2 = 1
|Arg1 =>

fo.0043649A
004380D3 |. 83C4 3C
ADD ESP,3C
004380D6 |. 0B45 F4
OR EAX,DWORD PTR SS:[LOCAL.3]
004380D9 |. 74 0C
JE SHORT 004380E7
004380DB |. 56
PUSH ESI
; /Arg1
004380DC |. E8 BDFEFFFF CALL 00437F9E
; \SystemIn
fo.00437F9E
004380E1 |. 59
POP ECX
004380E2 |. 83CE FF
OR ESI,FFFFFFFF
004380E5 |.^ EB 8E
JMP SHORT 00438075
004380E7 |> 8B45 F0
MOV EAX,DWORD PTR SS:[LOCAL.4]
004380EA |. 8B00
MOV EAX,DWORD PTR DS:[EAX]
004380EC |. EB 12
JMP SHORT 00438100
004380EE |> 8A08
MOV CL,BYTE PTR DS:[EAX]
004380F0 |. 80F9 30
CMP CL,30
; Switch (c
ases 30..39, 2 exits)
004380F3 |. 7C 12
JL SHORT 00438107
004380F5 |. 80F9 39
CMP CL,39
004380F8 |. 7F 0D
JG SHORT 00438107
004380FA |. 80E9 30
SUB CL,30
; Cases 30
('0'), 31 ('1'), 32 ('2'), 33 ('3'), 34 ('4'), 35 ('5'), 36 ('6'), 37 ('7'), 38
('8'), 39 ('9') of switch SystemInfo.4380F0
004380FD |. 8808
MOV BYTE PTR DS:[EAX],CL
004380FF |> 40
INC EAX
00438100 |> 8038 00
CMP BYTE PTR DS:[EAX],0
00438103 |.^ 75 E9
JNE SHORT 004380EE
00438105 |. EB 37
JMP SHORT 0043813E
00438107 |> 80F9 3B
CMP CL,3B
; Default c
ase of switch SystemInfo.4380F0
0043810A |.^ 75 F3
JNE SHORT 004380FF
0043810C |. 8BF0
MOV ESI,EAX
0043810E |> 8D7E 01
/LEA EDI,[ESI+1]
00438111 |. 8A0F
|MOV CL,BYTE PTR DS:[EDI]
00438113 |. 880E
|MOV BYTE PTR DS:[ESI],CL
00438115 |. 8BF7
|MOV ESI,EDI
00438117 |. 803E 00
|CMP BYTE PTR DS:[ESI],0
0043811A |.^ 75 F2
\JNE SHORT 0043810E
0043811C |.^ EB E2
JMP SHORT 00438100
0043811E |> 8B0D E4154500 MOV ECX,DWORD PTR DS:[4515E4]
00438124 |. 8B45 08
MOV EAX,DWORD PTR SS:[ARG.1]
00438127 |. 8908
MOV DWORD PTR DS:[EAX],ECX
00438129 |. 8B0D E8154500 MOV ECX,DWORD PTR DS:[4515E8]
0043812F |. 8948 04
MOV DWORD PTR DS:[EAX+4],ECX
00438132 |. 8B0D EC154500 MOV ECX,DWORD PTR DS:[4515EC]
00438138 |. 8975 FC
MOV DWORD PTR SS:[LOCAL.1],ESI
0043813B |. 8948 08
MOV DWORD PTR DS:[EAX+8],ECX
0043813E |> 8B45 F8
MOV EAX,DWORD PTR SS:[LOCAL.2]
00438141 |. 33C9
XOR ECX,ECX
00438143 |. 41
INC ECX
00438144 |. 8908
MOV DWORD PTR DS:[EAX],ECX
00438146 |. 8B45 FC
MOV EAX,DWORD PTR SS:[LOCAL.1]
00438149 |. 85C0
TEST EAX,EAX
0043814B |. 74 02
JE SHORT 0043814F
0043814D |. 8908
MOV DWORD PTR DS:[EAX],ECX
0043814F |> 8B83 B4000000 MOV EAX,DWORD PTR DS:[EBX+0B4]
00438155 |. 8B35 34814400 MOV ESI,DWORD PTR DS:[<&KERNEL32.Interlo
0043815B |. 85C0
TEST EAX,EAX
0043815D |. 74 03
JE SHORT 00438162
0043815F |. 50
PUSH EAX
; /pTarget
00438160 |. FFD6
CALL ESI
; \KERNEL32

.InterlockedDecrement
00438162 |> 8B83 B0000000
00438168 |. 85C0
0043816A |. 74 1F
0043816C |. 50
0043816D |. FFD6
.InterlockedDecrement
0043816F |. 85C0
00438171 |. 75 18
00438173 |. FFB3 B0000000
00438179 |. E8 60B0FFFF
fo.004331DE
0043817E |. FFB3 BC000000
00438184 |. E8 55B0FFFF
fo.004331DE
00438189 |. 59
0043818A |. 59
0043818B |> 8B45 FC
0043818E |. 8983 B4000000
00438194 |. 8B45 F8
00438197 |. 8983 B0000000
0043819D |. 8B45 08
004381A0 |. 8983 BC000000
004381A6 |. 33C0
004381A8 |> 5F
004381A9 |. 5E
004381AA |. 5B
004381AB |. C9
004381AC \. C3
004381AD /$ 8BFF
004381AF |. 55
004381B0 |. 8BEC
004381B2 |. 56
004381B3 |. 8B75 08
004381B6 |. 85F6
004381B8 |. 74 7E
004381BA |. 8B46 0C
004381BD |. 3B05 F0154500
004381C3 |. 74 07
004381C5 |. 50
004381C6 |. E8 13B0FFFF
fo.004331DE
004381CB |. 59
004381CC |> 8B46 10
004381CF |. 3B05 F4154500
004381D5 |. 74 07
004381D7 |. 50
004381D8 |. E8 01B0FFFF
fo.004331DE
004381DD |. 59
004381DE |> 8B46 14
004381E1 |. 3B05 F8154500
004381E7 |. 74 07
004381E9 |. 50
004381EA |. E8 EFAFFFFF
fo.004331DE
004381EF |. 59
004381F0 |> 8B46 18
004381F3 |. 3B05 FC154500
004381F9 |. 74 07

MOV EAX,DWORD PTR DS:[EBX+0B0]


TEST EAX,EAX
JE SHORT 0043818B
PUSH EAX
CALL ESI

; /pTarget
; \KERNEL32

TEST EAX,EAX
JNE SHORT 0043818B
PUSH DWORD PTR DS:[EBX+0B0]
CALL 004331DE

; /Arg1
; \SystemIn

PUSH DWORD PTR DS:[EBX+0BC]


CALL 004331DE

; /Arg1
; \SystemIn

POP ECX
POP ECX
MOV EAX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR DS:[EBX+0B4],EAX
MOV EAX,DWORD PTR SS:[LOCAL.2]
MOV DWORD PTR DS:[EBX+0B0],EAX
MOV EAX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR DS:[EBX+0BC],EAX
XOR EAX,EAX
POP EDI
POP ESI
POP EBX
LEAVE
RETN
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
PUSH ESI
MOV ESI,DWORD PTR SS:[ARG.1]
TEST ESI,ESI
JE SHORT 00438238
MOV EAX,DWORD PTR DS:[ESI+0C]
CMP EAX,DWORD PTR DS:[4515F0]
JE SHORT 004381CC
PUSH EAX
CALL 004331DE

; /Arg1
; \SystemIn

POP ECX
MOV EAX,DWORD PTR DS:[ESI+10]
CMP EAX,DWORD PTR DS:[4515F4]
JE SHORT 004381DE
PUSH EAX
CALL 004331DE

; /Arg1
; \SystemIn

POP ECX
MOV EAX,DWORD PTR DS:[ESI+14]
CMP EAX,DWORD PTR DS:[4515F8]
JE SHORT 004381F0
PUSH EAX
CALL 004331DE

; /Arg1
; \SystemIn

POP ECX
MOV EAX,DWORD PTR DS:[ESI+18]
CMP EAX,DWORD PTR DS:[4515FC]
JE SHORT 00438202

004381FB |.
004381FC |.
fo.004331DE
00438201 |.
00438202 |>
00438205 |.
0043820B |.
0043820D |.
0043820E |.
fo.004331DE
00438213 |.
00438214 |>
00438217 |.
0043821D |.
0043821F |.
00438220 |.
fo.004331DE
00438225 |.
00438226 |>
00438229 |.
0043822F |.
00438231 |.
00438232 |.
fo.004331DE
00438237 |.
00438238 |>
00438239 |.
0043823A \.
0043823B
0043823D /.
0043823E |.
00438240 |.
00438243 |.
00438244 |.
00438245 |.
00438248 |.
00438249 |.
0043824B |.
0043824E |.
00438251 |.
00438254 |.
00438257 |.
00438259 |.
0043825C |.
0043825E |.
00438261 |.
00438264 |.
00438269 |.
0043826E |>
0
00438270 |.
00438272 |.
fo.00434E58
00438277 |.
00438279 |.
0043827A |.
0043827B |.
0043827D |.
0043827F |>
00438281 |.

50
E8 DDAFFFFF

PUSH EAX
CALL 004331DE

; /Arg1
; \SystemIn

59
8B46 1C
3B05 00164500
74 07
50
E8 CBAFFFFF

POP ECX
MOV EAX,DWORD PTR DS:[ESI+1C]
CMP EAX,DWORD PTR DS:[451600]
JE SHORT 00438214
PUSH EAX
CALL 004331DE

; /Arg1
; \SystemIn

59
8B46 20
3B05 04164500
74 07
50
E8 B9AFFFFF

POP ECX
MOV EAX,DWORD PTR DS:[ESI+20]
CMP EAX,DWORD PTR DS:[451604]
JE SHORT 00438226
PUSH EAX
CALL 004331DE

; /Arg1
; \SystemIn

59
8B76 24
3B35 08164500
74 07
56
E8 A7AFFFFF

POP ECX
MOV ESI,DWORD PTR DS:[ESI+24]
CMP ESI,DWORD PTR DS:[451608]
JE SHORT 00438238
PUSH ESI
CALL 004331DE

; /Arg1
; \SystemIn

59
5E
5D
C3
8BFF
55
8BEC
83EC 10
53
56
8B75 08
57
33FF
897D FC
8975 F0
897D F4
397E 18
75 15
397E 1C
75 10
897D FC
897D F8
BB E4154500
E9 36020000
6A 30

POP ECX
POP ESI
POP EBP
RETN
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
SUB ESP,10
PUSH EBX
PUSH ESI
MOV ESI,DWORD PTR SS:[ARG.1]
PUSH EDI
XOR EDI,EDI
MOV DWORD PTR SS:[LOCAL.1],EDI
MOV DWORD PTR SS:[LOCAL.4],ESI
MOV DWORD PTR SS:[LOCAL.3],EDI
CMP DWORD PTR DS:[ESI+18],EDI
JNE SHORT 0043826E
CMP DWORD PTR DS:[ESI+1C],EDI
JNE SHORT 0043826E
MOV DWORD PTR SS:[LOCAL.1],EDI
MOV DWORD PTR SS:[LOCAL.2],EDI
MOV EBX,OFFSET 004515E4
JMP 004384A4
PUSH 30

; /Arg2 = 3

6A 01
E8 E1CBFFFF

PUSH 1
CALL 00434E58

; |Arg1 = 1
; \SystemIn

8BD8
59
59
3BDF
75 08
33C0
40

MOV
POP
POP
CMP
JNE
XOR
INC

EBX,EAX
ECX
ECX
EBX,EDI
SHORT 00438287
EAX,EAX
EAX

00438282 |. E9 75020000
00438287 |> 6A 04
00438289 |. E8 85CBFFFF
fo.00434E13
0043828E |. 59
0043828F |. 8945 F8
00438292 |. 3BC7
00438294 |. 75 09
00438296 |. 53
00438297 |. E8 42AFFFFF
fo.004331DE
0043829C |> 59
0043829D |.^ EB E0
0043829F |> 8938
004382A1 |. 397E 18
004382A4 |. 0F84 B9010000
004382AA |. 6A 04
004382AC |. E8 62CBFFFF
fo.00434E13
004382B1 |. 59
004382B2 |. 8945 FC
004382B5 |. 3BC7
004382B7 |. 75 11
004382B9 |. 53
004382BA |. E8 1FAFFFFF
fo.004331DE
004382BF |. FF75 F8
[LOCAL.2]
004382C2 |. E8 17AFFFFF
fo.004331DE
004382C7 |. 59
004382C8 |.^ EB D2
004382CA |> 8938
004382CC |. 0FB776 38
004382D0 |. 8D43 0C
004382D3 |. 50
004382D4 |. 6A 15
5
004382D6 |. 56
004382D7 |. 8D45 F0
004382DA |. 6A 01
004382DC |. 50
OFFSET LOCAL.4
004382DD |. E8 B8E1FFFF
fo.0043649A
004382E2 |. 8BF8
004382E4 |. 8D43 10
004382E7 |. 50
004382E8 |. 6A 14
4
004382EA |. 56
004382EB |. 8D45 F0
004382EE |. 6A 01
004382F0 |. 50
OFFSET LOCAL.4
004382F1 |. E8 A4E1FFFF
fo.0043649A
004382F6 |. 0BF8
004382F8 |. 8D43 14
004382FB |. 50

JMP 004384FC
PUSH 4
CALL 00434E13

; /Arg1 = 4
; \SystemIn

POP ECX
MOV DWORD PTR SS:[LOCAL.2],EAX
CMP EAX,EDI
JNE SHORT 0043829F
PUSH EBX
CALL 004331DE

; /Arg1
; \SystemIn

POP ECX
JMP SHORT 0043827F
MOV DWORD PTR DS:[EAX],EDI
CMP DWORD PTR DS:[ESI+18],EDI
JE 00438463
PUSH 4
CALL 00434E13

; /Arg1 = 4
; \SystemIn

POP ECX
MOV DWORD PTR SS:[LOCAL.1],EAX
CMP EAX,EDI
JNE SHORT 004382CA
PUSH EBX
CALL 004331DE

; /Arg1
; \SystemIn

PUSH DWORD PTR SS:[LOCAL.2]

; /Arg1 =>

CALL 004331DE

; \SystemIn

POP ECX
JMP SHORT 0043829C
MOV DWORD PTR DS:[EAX],EDI
MOVZX ESI,WORD PTR DS:[ESI+38]
LEA EAX,[EBX+0C]
PUSH EAX
PUSH 15

; /Arg5
; |Arg4 = 1

PUSH ESI
LEA EAX,[LOCAL.4]
PUSH 1
PUSH EAX

;
;
;
;

CALL 0043649A

; \SystemIn

MOV EDI,EAX
LEA EAX,[EBX+10]
PUSH EAX
PUSH 14

; /Arg5
; |Arg4 = 1

PUSH ESI
LEA EAX,[LOCAL.4]
PUSH 1
PUSH EAX

;
;
;
;

CALL 0043649A

; \SystemIn

OR EDI,EAX
LEA EAX,[EBX+14]
PUSH EAX

; /Arg5

|Arg3
|
|Arg2 = 1
|Arg1 =>

|Arg3
|
|Arg2 = 1
|Arg1 =>

004382FC |. 6A 16
6
004382FE |. 56
004382FF |. 8D45 F0
00438302 |. 6A 01
00438304 |. 50
OFFSET LOCAL.4
00438305 |. E8 90E1FFFF
fo.0043649A
0043830A |. 0BF8
0043830C |. 8D43 18
0043830F |. 50
00438310 |. 6A 17
7
00438312 |. 56
00438313 |. 8D45 F0
00438316 |. 6A 01
00438318 |. 50
OFFSET LOCAL.4
00438319 |. E8 7CE1FFFF
fo.0043649A
0043831E |. 83C4 50
00438321 |. 0BF8
00438323 |. 8D43 1C
00438326 |. 50
00438327 |. 6A 18
8
00438329 |. 56
0043832A |. 8D45 F0
0043832D |. 6A 01
0043832F |. 50
OFFSET LOCAL.4
00438330 |. E8 65E1FFFF
fo.0043649A
00438335 |. 0BF8
00438337 |. 8D43 20
0043833A |. 50
0043833B |. 6A 50
0
0043833D |. 56
0043833E |. 8D45 F0
00438341 |. 6A 01
00438343 |. 50
OFFSET LOCAL.4
00438344 |. E8 51E1FFFF
fo.0043649A
00438349 |. 0BF8
0043834B |. 8D43 24
0043834E |. 50
0043834F |. 6A 51
1
00438351 |. 56
00438352 |. 8D45 F0
00438355 |. 6A 01
00438357 |. 50
OFFSET LOCAL.4
00438358 |. E8 3DE1FFFF
fo.0043649A
0043835D |. 0BF8
0043835F |. 8D43 28

PUSH 16

; |Arg4 = 1

PUSH ESI
LEA EAX,[LOCAL.4]
PUSH 1
PUSH EAX

;
;
;
;

CALL 0043649A

; \SystemIn

OR EDI,EAX
LEA EAX,[EBX+18]
PUSH EAX
PUSH 17

; /Arg5
; |Arg4 = 1

PUSH ESI
LEA EAX,[LOCAL.4]
PUSH 1
PUSH EAX

;
;
;
;

CALL 0043649A

; \SystemIn

ADD ESP,50
OR EDI,EAX
LEA EAX,[EBX+1C]
PUSH EAX
PUSH 18

; /Arg5
; |Arg4 = 1

PUSH ESI
LEA EAX,[LOCAL.4]
PUSH 1
PUSH EAX

;
;
;
;

CALL 0043649A

; \SystemIn

OR EDI,EAX
LEA EAX,[EBX+20]
PUSH EAX
PUSH 50

; /Arg5
; |Arg4 = 5

PUSH ESI
LEA EAX,[LOCAL.4]
PUSH 1
PUSH EAX

;
;
;
;

CALL 0043649A

; \SystemIn

OR EDI,EAX
LEA EAX,[EBX+24]
PUSH EAX
PUSH 51

; /Arg5
; |Arg4 = 5

PUSH ESI
LEA EAX,[LOCAL.4]
PUSH 1
PUSH EAX

;
;
;
;

CALL 0043649A

; \SystemIn

OR EDI,EAX
LEA EAX,[EBX+28]

|Arg3
|
|Arg2 = 1
|Arg1 =>

|Arg3
|
|Arg2 = 1
|Arg1 =>

|Arg3
|
|Arg2 = 1
|Arg1 =>

|Arg3
|
|Arg2 = 1
|Arg1 =>

|Arg3
|
|Arg2 = 1
|Arg1 =>

00438362 |. 50
00438363 |. 6A 1A
A
00438365 |. 56
00438366 |. 8D45 F0
00438369 |. 6A 00
0043836B |. 50
OFFSET LOCAL.4
0043836C |. E8 29E1FFFF
fo.0043649A
00438371 |. 83C4 50
00438374 |. 0BF8
00438376 |. 8D43 29
00438379 |. 50
0043837A |. 6A 19
9
0043837C |. 56
0043837D |. 6A 00
0043837F |. 8D45 F0
00438382 |. 50
OFFSET LOCAL.4
00438383 |. E8 12E1FFFF
fo.0043649A
00438388 |. 0BF8
0043838A |. 8D43 2A
0043838D |. 50
0043838E |. 6A 54
4
00438390 |. 56
00438391 |. 8D45 F0
00438394 |. 6A 00
00438396 |. 50
OFFSET LOCAL.4
00438397 |. E8 FEE0FFFF
fo.0043649A
0043839C |. 0BF8
0043839E |. 8D43 2B
004383A1 |. 50
004383A2 |. 6A 55
5
004383A4 |. 56
004383A5 |. 8D45 F0
004383A8 |. 6A 00
004383AA |. 50
OFFSET LOCAL.4
004383AB |. E8 EAE0FFFF
fo.0043649A
004383B0 |. 0BF8
004383B2 |. 8D43 2C
004383B5 |. 50
004383B6 |. 6A 56
6
004383B8 |. 56
004383B9 |. 8D45 F0
004383BC |. 6A 00
004383BE |. 50
OFFSET LOCAL.4
004383BF |. E8 D6E0FFFF
fo.0043649A
004383C4 |. 83C4 50

PUSH EAX
PUSH 1A

; /Arg5
; |Arg4 = 1

PUSH ESI
LEA EAX,[LOCAL.4]
PUSH 0
PUSH EAX

;
;
;
;

CALL 0043649A

; \SystemIn

ADD ESP,50
OR EDI,EAX
LEA EAX,[EBX+29]
PUSH EAX
PUSH 19

; /Arg5
; |Arg4 = 1

PUSH ESI
PUSH 0
LEA EAX,[LOCAL.4]
PUSH EAX

;
;
;
;

CALL 0043649A

; \SystemIn

OR EDI,EAX
LEA EAX,[EBX+2A]
PUSH EAX
PUSH 54

; /Arg5
; |Arg4 = 5

PUSH ESI
LEA EAX,[LOCAL.4]
PUSH 0
PUSH EAX

;
;
;
;

CALL 0043649A

; \SystemIn

OR EDI,EAX
LEA EAX,[EBX+2B]
PUSH EAX
PUSH 55

; /Arg5
; |Arg4 = 5

PUSH ESI
LEA EAX,[LOCAL.4]
PUSH 0
PUSH EAX

;
;
;
;

CALL 0043649A

; \SystemIn

OR EDI,EAX
LEA EAX,[EBX+2C]
PUSH EAX
PUSH 56

; /Arg5
; |Arg4 = 5

PUSH ESI
LEA EAX,[LOCAL.4]
PUSH 0
PUSH EAX

;
;
;
;

CALL 0043649A

; \SystemIn

ADD ESP,50

|Arg3
|
|Arg2 = 0
|Arg1 =>

|Arg3
|Arg2 = 0
|
|Arg1 =>

|Arg3
|
|Arg2 = 0
|Arg1 =>

|Arg3
|
|Arg2 = 0
|Arg1 =>

|Arg3
|
|Arg2 = 0
|Arg1 =>

004383C7 |. 0BF8
004383C9 |. 8D43 2D
004383CC |. 50
004383CD |. 6A 57
7
004383CF |. 56
004383D0 |. 8D45 F0
004383D3 |. 6A 00
004383D5 |. 50
OFFSET LOCAL.4
004383D6 |. E8 BFE0FFFF
fo.0043649A
004383DB |. 0BF8
004383DD |. 8D43 2E
004383E0 |. 50
004383E1 |. 6A 52
2
004383E3 |. 56
004383E4 |. 8D45 F0
004383E7 |. 6A 00
004383E9 |. 50
OFFSET LOCAL.4
004383EA |. E8 ABE0FFFF
fo.0043649A
004383EF |. 0BF8
004383F1 |. 8D43 2F
004383F4 |. 50
004383F5 |. 6A 53
3
004383F7 |. 56
004383F8 |. 8D45 F0
004383FB |. 6A 00
004383FD |. 50
OFFSET LOCAL.4
004383FE |. E8 97E0FFFF
fo.0043649A
00438403 |. 83C4 3C
00438406 |. 0BC7
00438408 |. 74 24
0043840A |. 53
0043840B |. E8 9DFDFFFF
00438410 |. 53
00438411 |. E8 C8ADFFFF
fo.004331DE
00438416 |. FF75 F8
[LOCAL.2]
00438419 |. E8 C0ADFFFF
fo.004331DE
0043841E |. FF75 FC
[LOCAL.1]
00438421 |. E8 B8ADFFFF
fo.004331DE
00438426 |. 83C4 10
00438429 |.^ E9 51FEFFFF
0043842E |> 8B43 1C
00438431 |. EB 12
00438433 |> 8A08
00438435 |. 80F9 30
ases 30..39, 2 exits)
00438438 |. 7C 12

OR EDI,EAX
LEA EAX,[EBX+2D]
PUSH EAX
PUSH 57

; /Arg5
; |Arg4 = 5

PUSH ESI
LEA EAX,[LOCAL.4]
PUSH 0
PUSH EAX

;
;
;
;

CALL 0043649A

; \SystemIn

OR EDI,EAX
LEA EAX,[EBX+2E]
PUSH EAX
PUSH 52

; /Arg5
; |Arg4 = 5

PUSH ESI
LEA EAX,[LOCAL.4]
PUSH 0
PUSH EAX

;
;
;
;

CALL 0043649A

; \SystemIn

OR EDI,EAX
LEA EAX,[EBX+2F]
PUSH EAX
PUSH 53

; /Arg5
; |Arg4 = 5

PUSH ESI
LEA EAX,[LOCAL.4]
PUSH 0
PUSH EAX

;
;
;
;

CALL 0043649A

; \SystemIn

ADD ESP,3C
OR EAX,EDI
JE SHORT 0043842E
PUSH EBX
CALL 004381AD
PUSH EBX
CALL 004331DE

; /Arg1
; \SystemIn

PUSH DWORD PTR SS:[LOCAL.2]

; /Arg1 =>

CALL 004331DE

; \SystemIn

PUSH DWORD PTR SS:[LOCAL.1]

; /Arg1 =>

CALL 004331DE

; \SystemIn

ADD
JMP
MOV
JMP
MOV
CMP

; Switch (c

ESP,10
0043827F
EAX,DWORD PTR DS:[EBX+1C]
SHORT 00438445
CL,BYTE PTR DS:[EAX]
CL,30

JL SHORT 0043844C

|Arg3
|
|Arg2 = 0
|Arg1 =>

|Arg3
|
|Arg2 = 0
|Arg1 =>

|Arg3
|
|Arg2 = 0
|Arg1 =>

0043843A |. 80F9 39
CMP CL,39
0043843D |. 7F 0D
JG SHORT 0043844C
0043843F |. 80E9 30
SUB CL,30
; Cases 30
('0'), 31 ('1'), 32 ('2'), 33 ('3'), 34 ('4'), 35 ('5'), 36 ('6'), 37 ('7'), 38
('8'), 39 ('9') of switch SystemInfo.438435
00438442 |. 8808
MOV BYTE PTR DS:[EAX],CL
00438444 |> 40
INC EAX
00438445 |> 8038 00
CMP BYTE PTR DS:[EAX],0
00438448 |.^ 75 E9
JNE SHORT 00438433
0043844A |. EB 23
JMP SHORT 0043846F
0043844C |> 80F9 3B
CMP CL,3B
; Default c
ase of switch SystemInfo.438435
0043844F |.^ 75 F3
JNE SHORT 00438444
00438451 |. 8BF0
MOV ESI,EAX
00438453 |> 8D7E 01
/LEA EDI,[ESI+1]
00438456 |. 8A0F
|MOV CL,BYTE PTR DS:[EDI]
00438458 |. 880E
|MOV BYTE PTR DS:[ESI],CL
0043845A |. 8BF7
|MOV ESI,EDI
0043845C |. 803E 00
|CMP BYTE PTR DS:[ESI],0
0043845F |.^ 75 F2
\JNE SHORT 00438453
00438461 |.^ EB E2
JMP SHORT 00438445
00438463 |> 6A 0C
PUSH 0C
00438465 |. 59
POP ECX
00438466 |. BE E4154500 MOV ESI,OFFSET 004515E4
0043846B |. 8BFB
MOV EDI,EBX
0043846D |. F3:A5
REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS
0043846F |> 8B45 08
MOV EAX,DWORD PTR SS:[ARG.1]
00438472 |. 8B75 08
MOV ESI,DWORD PTR SS:[ARG.1]
00438475 |. 05 BC000000 ADD EAX,0BC
0043847A |. 8B08
MOV ECX,DWORD PTR DS:[EAX]
0043847C |. 8B09
MOV ECX,DWORD PTR DS:[ECX]
0043847E |. 890B
MOV DWORD PTR DS:[EBX],ECX
00438480 |. 8B08
MOV ECX,DWORD PTR DS:[EAX]
00438482 |. 8B49 04
MOV ECX,DWORD PTR DS:[ECX+4]
00438485 |. 894B 04
MOV DWORD PTR DS:[EBX+4],ECX
00438488 |. 8B00
MOV EAX,DWORD PTR DS:[EAX]
0043848A |. 8B40 08
MOV EAX,DWORD PTR DS:[EAX+8]
0043848D |. 8B4D F8
MOV ECX,DWORD PTR SS:[LOCAL.2]
00438490 |. 8943 08
MOV DWORD PTR DS:[EBX+8],EAX
00438493 |. 33C0
XOR EAX,EAX
00438495 |. 40
INC EAX
00438496 |. 33FF
XOR EDI,EDI
00438498 |. 8901
MOV DWORD PTR DS:[ECX],EAX
0043849A |. 397D FC
CMP DWORD PTR SS:[LOCAL.1],EDI
0043849D |. 74 05
JE SHORT 004384A4
0043849F |. 8B4D FC
MOV ECX,DWORD PTR SS:[LOCAL.1]
004384A2 |. 8901
MOV DWORD PTR DS:[ECX],EAX
004384A4 |> 8B86 B8000000 MOV EAX,DWORD PTR DS:[ESI+0B8]
004384AA |. 3BC7
CMP EAX,EDI
004384AC |. 74 07
JE SHORT 004384B5
004384AE |. 50
PUSH EAX
; /pTarget
004384AF |. FF15 34814400 CALL DWORD PTR DS:[<&KERNEL32.Interlocke ; \KERNEL32
.InterlockedDecrement
004384B5 |> 8B86 B0000000 MOV EAX,DWORD PTR DS:[ESI+0B0]
004384BB |. 3BC7
CMP EAX,EDI
004384BD |. 74 23
JE SHORT 004384E2
004384BF |. 50
PUSH EAX
; /pTarget
004384C0 |. FF15 34814400 CALL DWORD PTR DS:[<&KERNEL32.Interlocke ; \KERNEL32
.InterlockedDecrement
004384C6 |. 85C0
TEST EAX,EAX

004384C8 |.
004384CA |.
004384D0 |.
fo.004331DE
004384D5 |.
004384DB |.
fo.004331DE
004384E0 |.
004384E1 |.
004384E2 |>
004384E5 |.
004384EB |.
004384EE |.
004384F4 |.
004384FA |.
004384FC |>
004384FD |.
004384FE |.
004384FF |.
00438500 \.
00438501 /$
00438503 \.
00438504 /$
00438506 |.
00438507 |.
00438508 |.
0043850A |.
0043850F |>
00438517 |.
00438519 |.
00438520 |.
00438522 |.
00438527 |.
00438529 |.
0043852C |.
00438531 |.
00438532 |.
00438533 |.
00438535 |.
00438537 |>
00438538 |.
0043853B |.^
0043853D |.
0043853F |.
00438540 |>
00438541 |.
00438542 |.
00438543 |>
0043854B |.
0043854D \.^
0043854F />
00438551 |.
00438552 |.
00438558 |.
00438559 |.
0043855E |.
0043855F |>
00438561 |.
00438563 |.
00438565 |.

75 18
JNE SHORT 004384E2
FFB6 BC000000 PUSH DWORD PTR DS:[ESI+0BC]
E8 09ADFFFF CALL 004331DE

; /Arg1
; \SystemIn

FFB6 B0000000 PUSH DWORD PTR DS:[ESI+0B0]


E8 FEACFFFF CALL 004331DE

; /Arg1
; \SystemIn

59
59
8B45 FC
8986 B8000000
8B45 F8
8986 B0000000
899E BC000000
33C0
5F
5E
5B
C9
C3
33C0
C3
8BFF
56
57
33F6
BF 80304500
833CF5 E41E45
75 1E
8D04F5 E01E45
8938
68 A00F0000
FF30
83C7 18
E8 627B0000
59
59
85C0
74 0C
46
83FE 24
7C D2
33C0
40
5F
5E
C3
8324F5 E01E45
33C0
EB F1
8BFF
53
8B1D 44814400
56
BE E01E4500
57
8B3E
85FF
74 13
837E 04 01

POP ECX
POP ECX
MOV EAX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR DS:[ESI+0B8],EAX
MOV EAX,DWORD PTR SS:[LOCAL.2]
MOV DWORD PTR DS:[ESI+0B0],EAX
MOV DWORD PTR DS:[ESI+0BC],EBX
XOR EAX,EAX
POP EDI
POP ESI
POP EBX
LEAVE
RETN
XOR EAX,EAX
RETN
MOV EDI,EDI
PUSH ESI
PUSH EDI
XOR ESI,ESI
MOV EDI,OFFSET 00453080
/CMP DWORD PTR DS:[ESI*8+451EE4],1
|JNE SHORT 00438537
|LEA EAX,[ESI*8+451EE0]
|MOV DWORD PTR DS:[EAX],EDI
|PUSH 0FA0
|PUSH DWORD PTR DS:[EAX]
|ADD EDI,18
|CALL 00440093
|POP ECX
|POP ECX
|TEST EAX,EAX
|JE SHORT 00438543
|INC ESI
|CMP ESI,24
\JL SHORT 0043850F
XOR EAX,EAX
INC EAX
POP EDI
POP ESI
RETN
AND DWORD PTR DS:[ESI*8+451EE0],00000000
XOR EAX,EAX
JMP SHORT 00438540
MOV EDI,EDI
PUSH EBX
MOV EBX,DWORD PTR DS:[<&KERNEL32.DeleteC
PUSH ESI
MOV ESI,OFFSET 00451EE0
PUSH EDI
/MOV EDI,DWORD PTR DS:[ESI]
|TEST EDI,EDI
|JE SHORT 00438578
|CMP DWORD PTR DS:[ESI+4],1

00438569 |. 74 0D
0043856B |. 57
0043856C |. FFD3
0043856E |. 57
0043856F |. E8 6AACFFFF
fo.004331DE
00438574 |. 8326 00
00438577 |. 59
00438578 |> 83C6 08
0043857B |. 81FE 00204500
00438581 |.^ 7C DC
00438583 |. BE E01E4500
00438588 |. 5F
00438589 |> 8B06
0043858B |. 85C0
0043858D |. 74 09
0043858F |. 837E 04 01
00438593 |. 75 03
00438595 |. 50
00438596 |. FFD3
00438598 |> 83C6 08
0043859B |. 81FE 00204500
004385A1 |.^ 7C E6
004385A3 |. 5E
004385A4 |. 5B
004385A5 \. C3
004385A6 /$ 8BFF
o.004385A6(guessed Arg1)
004385A8 |. 55
004385A9 |. 8BEC
004385AB |. 8B45 08
004385AE |. FF34C5 E01E45
lSection
004385B5 |. FF15 4C814400
lLeaveCriticalSection
004385BB |. 5D
004385BC \. C3
004385BD /$ 6A 0C
004385BF |. 68 28F44400
004385C4 |. E8 23040000
004385C9 |. 33FF
004385CB |. 47
004385CC |. 897D E4
004385CF |. 33DB
004385D1 |. 391D 08324500
004385D7 |. 75 18
004385D9 |. E8 1D4A0000
fo.0043CFFB
004385DE |. 6A 1E
E
004385E0 |. E8 6B480000
fo.0043CE50
004385E5 |. 68 FF000000
004385EA |. E8 48010000
004385EF |. 59
004385F0 |. 59
004385F1 |> 8B75 08
004385F4 |. 8D34F5 E01E45
004385FB |. 391E
004385FD |. 74 04

|JE SHORT 00438578


|PUSH EDI
|CALL EBX
|PUSH EDI
|CALL 004331DE

; /Arg1
; \SystemIn

|AND DWORD PTR DS:[ESI],00000000


|POP ECX
|ADD ESI,8
|CMP ESI,OFFSET 00452000
\JL SHORT 0043855F
MOV ESI,OFFSET 00451EE0
POP EDI
/MOV EAX,DWORD PTR DS:[ESI]
|TEST EAX,EAX
|JE SHORT 00438598
|CMP DWORD PTR DS:[ESI+4],1
|JNE SHORT 00438598
|PUSH EAX
|CALL EBX
|ADD ESI,8
|CMP ESI,OFFSET 00452000
\JL SHORT 00438589
POP ESI
POP EBX
RETN
MOV EDI,EDI

; SystemInf

PUSH EBP
MOV EBP,ESP
MOV EAX,DWORD PTR SS:[ARG.1]
PUSH DWORD PTR DS:[EAX*8+451EE0]

; /pCritica

CALL DWORD PTR DS:[<&KERNEL32.LeaveCriti ; \NTDLL.Rt


POP EBP
RETN
PUSH 0C
PUSH OFFSET 0044F428
CALL 004389EC
XOR EDI,EDI
INC EDI
MOV DWORD PTR SS:[EBP-1C],EDI
XOR EBX,EBX
CMP DWORD PTR DS:[453208],EBX
JNE SHORT 004385F1
CALL 0043CFFB

; [SystemIn

PUSH 1E

; /Arg1 = 1

CALL 0043CE50

; \SystemIn

PUSH 0FF
CALL 00438737
POP ECX
POP ECX
MOV ESI,DWORD PTR SS:[EBP+8]
LEA ESI,[ESI*8+451EE0]
CMP DWORD PTR DS:[ESI],EBX
JE SHORT 00438603

004385FF |. 8BC7
00438601 |. EB 6E
00438603 |> 6A 18
8
00438605 |. E8 09C8FFFF
fo.00434E13
0043860A |. 59
0043860B |. 8BF8
0043860D |. 3BFB
0043860F |. 75 0F
00438611 |. E8 E7BDFFFF
fo.004343FD
00438616 |. C700 0C000000
0043861C |. 33C0
0043861E |. EB 51
00438620 |> 6A 0A
A
00438622 |. E8 59000000
fo.00438680
00438627 |. 59
00438628 |. 895D FC
0043862B |. 391E
0043862D |. 75 2C
0043862F |. 68 A00F0000
00438634 |. 57
00438635 |. E8 597A0000
0043863A |. 59
0043863B |. 59
0043863C |. 85C0
0043863E |. 75 17
00438640 |. 57
00438641 |. E8 98ABFFFF
fo.004331DE
00438646 |. 59
00438647 |. E8 B1BDFFFF
fo.004343FD
0043864C |. C700 0C000000
00438652 |. 895D E4
00438655 |. EB 0B
00438657 |> 893E
00438659 |. EB 07
0043865B |> 57
0043865C |. E8 7DABFFFF
fo.004331DE
00438661 |. 59
00438662 |> C745 FC FEFFF
00438669 |. E8 09000000
0043866E |. 8B45 E4
00438671 |> E8 BB030000
00438676 \. C3
00438677 /$ 6A 0A
A
00438679 |. E8 28FFFFFF
fo.004385A6
0043867E |. 59
0043867F \. C3
00438680 /$ 8BFF
o.00438680(guessed Arg1)
00438682 |. 55
00438683 |. 8BEC

MOV EAX,EDI
JMP SHORT 00438671
PUSH 18

; /Arg1 = 1

CALL 00434E13

; \SystemIn

POP ECX
MOV EDI,EAX
CMP EDI,EBX
JNE SHORT 00438620
CALL 004343FD

; [SystemIn

MOV DWORD PTR DS:[EAX],0C


XOR EAX,EAX
JMP SHORT 00438671
PUSH 0A

; /Arg1 = 0

CALL 00438680

; \SystemIn

POP ECX
MOV DWORD PTR SS:[EBP-4],EBX
CMP DWORD PTR DS:[ESI],EBX
JNE SHORT 0043865B
PUSH 0FA0
PUSH EDI
CALL 00440093
POP ECX
POP ECX
TEST EAX,EAX
JNE SHORT 00438657
PUSH EDI
CALL 004331DE

; /Arg1
; \SystemIn

POP ECX
CALL 004343FD

; [SystemIn

MOV DWORD PTR DS:[EAX],0C


MOV DWORD PTR SS:[EBP-1C],EBX
JMP SHORT 00438662
MOV DWORD PTR DS:[ESI],EDI
JMP SHORT 00438662
PUSH EDI
CALL 004331DE

; /Arg1
; \SystemIn

POP ECX
MOV DWORD PTR SS:[EBP-4],-2
CALL 00438677
MOV EAX,DWORD PTR SS:[EBP-1C]
CALL 00438A31
RETN
PUSH 0A

; /Arg1 = 0

CALL 004385A6

; \SystemIn

POP ECX
RETN
MOV EDI,EDI

; SystemInf

PUSH EBP
MOV EBP,ESP

00438685 |. 8B45 08
MOV EAX,DWORD PTR SS:[ARG.1]
00438688 |. 56
PUSH ESI
00438689 |. 8D34C5 E01E45 LEA ESI,[EAX*8+451EE0]
00438690 |. 833E 00
CMP DWORD PTR DS:[ESI],0
00438693 |. 75 13
JNE SHORT 004386A8
00438695 |. 50
PUSH EAX
00438696 |. E8 22FFFFFF CALL 004385BD
0043869B |. 59
POP ECX
0043869C |. 85C0
TEST EAX,EAX
0043869E |. 75 08
JNE SHORT 004386A8
004386A0 |. 6A 11
PUSH 11
1
004386A2 |. E8 3C000000 CALL 004386E3
fo.004386E3
004386A7 |. 59
POP ECX
004386A8 |> FF36
PUSH DWORD PTR DS:[ESI]
lSection
004386AA |. FF15 48814400 CALL DWORD PTR DS:[<&KERNEL32.EnterCriti
lEnterCriticalSection
004386B0 |. 5E
POP ESI
004386B1 |. 5D
POP EBP
004386B2 \. C3
RETN
004386B3 /$ 8BFF
MOV EDI,EDI
o.004386B3(guessed Arg1)
004386B5 |. 55
PUSH EBP
004386B6 |. 8BEC
MOV EBP,ESP
004386B8 |. 57
PUSH EDI
004386B9 |. BF E8030000 MOV EDI,3E8
004386BE |> 57
/PUSH EDI
004386BF |. FF15 50804400 |CALL DWORD PTR DS:[<&KERNEL32.Sleep>]
.Sleep
004386C5 |. FF75 08
|PUSH DWORD PTR SS:[ARG.1]
me => [ARG.1]
004386C8 |. FF15 80814400 |CALL DWORD PTR DS:[<&KERNEL32.GetModule
.GetModuleHandleW
004386CE |. 81C7 E8030000 |ADD EDI,3E8
004386D4 |. 81FF 60EA0000 |CMP EDI,0EA60
004386DA |. 77 04
|JA SHORT 004386E0
004386DC |. 85C0
|TEST EAX,EAX
004386DE |.^ 74 DE
\JE SHORT 004386BE
004386E0 |> 5F
POP EDI
004386E1 |. 5D
POP EBP
004386E2 \. C3
RETN
004386E3 /$ 8BFF
MOV EDI,EDI
o.004386E3(guessed Arg1)
004386E5 |. 55
PUSH EBP
004386E6 |. 8BEC
MOV EBP,ESP
004386E8 |. E8 0E490000 CALL 0043CFFB
fo.0043CFFB
004386ED |. FF75 08
PUSH DWORD PTR SS:[ARG.1]
[ARG.1]
004386F0 |. E8 5B470000 CALL 0043CE50
fo.0043CE50
004386F5 |. FF35 00204500 PUSH DWORD PTR DS:[452000]
ystemInfo.438969, Entry point of procedure
004386FB |. E8 C6C9FFFF CALL 004350C6
fo.004350C6
00438700 |. 68 FF000000 PUSH 0FF
00438705 |. FFD0
CALL EAX
00438707 |. 83C4 0C
ADD ESP,0C

; /Arg1 = 1
; \SystemIn
; /pCritica
; \NTDLL.Rt

; SystemInf

; /Time
; \KERNEL32
; /ModuleNa
; \KERNEL32

; SystemInf

; [SystemIn
; /Arg1 =>
; \SystemIn
; /Arg1 = S
; \SystemIn

0043870A |. 5D
0043870B \. C3
0043870C /$ 8BFF
o.0043870C(guessed Arg1)
0043870E |. 55
0043870F |. 8BEC
00438711 |. 68 98A94400
me = "mscoree.dll"
00438716 |. FF15 80814400
.GetModuleHandleW
0043871C |. 85C0
0043871E |. 74 15
00438720 |. 68 88A94400
= "CorExitProcess"
00438725 |. 50
00438726 |. FF15 7C804400
.GetProcAddress
0043872C |. 85C0
0043872E |. 74 05
00438730 |. FF75 08
00438733 |. FFD0
00438735 |> 5D
00438736 \. C3
00438737 /$ 8BFF
00438739 |. 55
0043873A |. 8BEC
0043873C |. FF75 08
[ARG.1]
0043873F |. E8 C8FFFFFF
fo.0043870C
00438744 |. 59
00438745 |. FF75 08
=> [ARG.1]
00438748 |. FF15 AC814400
.ExitProcess
0043874E |. CC
0043874F |$ 6A 08
00438751 |. E8 2AFFFFFF
fo.00438680
00438756 |. 59
00438757 \. C3
00438758 /$ 6A 08
0043875A |. E8 47FEFFFF
fo.004385A6
0043875F |. 59
00438760 \. C3
00438761 /$ 8BFF
o.00438761(guessed Arg1)
00438763 |. 55
00438764 |. 8BEC
00438766 |. 56
00438767 |. 8BF0
00438769 |. EB 0B
0043876B |> 8B06
0043876D |. 85C0
0043876F |. 74 02
00438771 |. FFD0
00438773 |> 83C6 04
00438776 |> 3B75 08
00438779 |.^ 72 F0

POP EBP
RETN
MOV EDI,EDI

; SystemInf

PUSH EBP
MOV EBP,ESP
PUSH OFFSET 0044A998

; /ModuleNa

CALL DWORD PTR DS:[<&KERNEL32.GetModuleH ; \KERNEL32


TEST EAX,EAX
JE SHORT 00438735
PUSH OFFSET 0044A988

; /Procname

PUSH EAX
; |hModule
CALL DWORD PTR DS:[<&KERNEL32.GetProcAdd ; \KERNEL32
TEST EAX,EAX
JE SHORT 00438735
PUSH DWORD PTR SS:[ARG.1]
CALL EAX
POP EBP
RETN
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
PUSH DWORD PTR SS:[ARG.1]

; /Arg1 =>

CALL 0043870C

; \SystemIn

POP ECX
PUSH DWORD PTR SS:[ARG.1]

; /ExitCode

CALL DWORD PTR DS:[<&KERNEL32.ExitProces ; \KERNEL32


INT3
PUSH 8
CALL 00438680

; /Arg1 = 8
; \SystemIn

POP ECX
RETN
PUSH 8
CALL 004385A6

; /Arg1 = 8
; \SystemIn

POP ECX
RETN
MOV EDI,EDI

; SystemInf

PUSH EBP
MOV EBP,ESP
PUSH ESI
MOV ESI,EAX
JMP SHORT 00438776
/MOV EAX,DWORD PTR DS:[ESI]
|TEST EAX,EAX
|JE SHORT 00438773
|CALL EAX
|ADD ESI,4
|CMP ESI,DWORD PTR SS:[ARG.1]
\JB SHORT 0043876B

0043877B |. 5E
POP ESI
0043877C |. 5D
POP EBP
0043877D \. C3
RETN
0043877E /$ 8BFF
MOV EDI,EDI
o.0043877E(guessed Arg1,Arg2)
00438780 |. 55
PUSH EBP
00438781 |. 8BEC
MOV EBP,ESP
00438783 |. 56
PUSH ESI
00438784 |. 8B75 08
MOV ESI,DWORD PTR SS:[ARG.1]
00438787 |. 33C0
XOR EAX,EAX
00438789 |. EB 0F
JMP SHORT 0043879A
0043878B |> 85C0
/TEST EAX,EAX
0043878D |. 75 10
|JNE SHORT 0043879F
0043878F |. 8B0E
|MOV ECX,DWORD PTR DS:[ESI]
00438791 |. 85C9
|TEST ECX,ECX
00438793 |. 74 02
|JE SHORT 00438797
00438795 |. FFD1
|CALL ECX
00438797 |> 83C6 04
|ADD ESI,4
0043879A |> 3B75 0C
|CMP ESI,DWORD PTR SS:[ARG.2]
0043879D |.^ 72 EC
\JB SHORT 0043878B
0043879F |> 5E
POP ESI
004387A0 |. 5D
POP EBP
004387A1 \. C3
RETN
004387A2 /$ 8BFF
MOV EDI,EDI
o.004387A2(guessed Arg1)
004387A4 |. 55
PUSH EBP
004387A5 |. 8BEC
MOV EBP,ESP
004387A7 |. 833D EC9D4400 CMP DWORD PTR DS:[449DEC],0
004387AE |. 74 19
JE SHORT 004387C9
004387B0 |. 68 EC9D4400 PUSH OFFSET 00449DEC
ystemInfo.449DEC
004387B5 |. E8 D6790000 CALL 00440190
fo.00440190
004387BA |. 59
POP ECX
004387BB |. 85C0
TEST EAX,EAX
004387BD |. 74 0A
JE SHORT 004387C9
004387BF |. FF75 08
PUSH DWORD PTR SS:[ARG.1]
004387C2 |. FF15 EC9D4400 CALL DWORD PTR DS:[449DEC]
004387C8 |. 59
POP ECX
004387C9 |> E8 8EEDFFFF CALL 0043755C
004387CE |. 68 98824400 PUSH OFFSET 00448298
ystemInfo.448298
004387D3 |. 68 7C824400 PUSH OFFSET 0044827C
ystemInfo.44827C
004387D8 |. E8 A1FFFFFF CALL 0043877E
fo.0043877E
004387DD |. 59
POP ECX
004387DE |. 59
POP ECX
004387DF |. 85C0
TEST EAX,EAX
004387E1 |. 75 42
JNE SHORT 00438825
004387E3 |. 68 83D64300 PUSH 0043D683
ystemInfo.43D683
004387E8 |. E8 A6ABFFFF CALL 00433393
fo.00433393
004387ED |. B8 38824400 MOV EAX,OFFSET 00448238
004387F2 |. C70424 788244 MOV DWORD PTR SS:[ESP],OFFSET 00448278
SystemInfo.448278
004387F9 |. E8 63FFFFFF CALL 00438761
fo.00438761
004387FE |. 833D D4484500 CMP DWORD PTR DS:[4548D4],0

; SystemInf

; SystemInf

; /Arg1 = S
; \SystemIn

; /Arg2 = S
; |Arg1 = S
; \SystemIn

; /Arg1 = S
; \SystemIn
; /Arg1 =>
; \SystemIn

00438805 |. 59
00438806 |. 74 1B
00438808 |. 68 D4484500
ystemInfo.4548D4
0043880D |. E8 7E790000
fo.00440190
00438812 |. 59
00438813 |. 85C0
00438815 |. 74 0C
00438817 |. 6A 00
00438819 |. 6A 02
0043881B |. 6A 00
0043881D |. FF15 D4484500
00438823 |> 33C0
00438825 |> 5D
00438826 \. C3
00438827 /$ 6A 18
00438829 |. 68 48F44400
0043882E |. E8 B9010000
00438833 |. 6A 08
00438835 |. E8 46FEFFFF
fo.00438680
0043883A |. 59
0043883B |. 8365 FC 00
0043883F |. 33DB
00438841 |. 43
00438842 |. 391D 00324500
00438848 |. 0F84 C5000000
0043884E |. 891D FC314500
00438854 |. 8A45 10
00438857 |. A2 F8314500
0043885C |. 837D 0C 00
00438860 |. 0F85 9D000000
00438866 |. FF35 CC484500
0043886C |. E8 55C8FFFF
fo.004350C6
00438871 |. 59
00438872 |. 8BF8
00438874 |. 897D D8
00438877 |. 85FF
00438879 |. 74 78
0043887B |. FF35 C8484500
00438881 |. E8 40C8FFFF
fo.004350C6
00438886 |. 59
00438887 |. 8BF0
00438889 |. 8975 DC
0043888C |. 897D E4
0043888F |. 8975 E0
00438892 |> 83EE 04
00438895 |. 8975 DC
00438898 |. 3BF7
0043889A |. 72 57
0043889C |. E8 1CC8FFFF
fo.004350BD
004388A1 |. 3906
004388A3 |.^ 74 ED
004388A5 |. 3BF7
004388A7 |. 72 4A
004388A9 |. FF36

POP ECX
JE SHORT 00438823
PUSH OFFSET 004548D4

; /Arg1 = S

CALL 00440190

; \SystemIn

POP ECX
TEST EAX,EAX
JE SHORT 00438823
PUSH 0
PUSH 2
PUSH 0
CALL DWORD PTR DS:[4548D4]
XOR EAX,EAX
POP EBP
RETN
PUSH 18
PUSH OFFSET 0044F448
CALL 004389EC
PUSH 8
CALL 00438680

; /Arg1 = 8
; \SystemIn

POP ECX
AND DWORD PTR SS:[EBP-4],00000000
XOR EBX,EBX
INC EBX
CMP DWORD PTR DS:[453200],EBX
JE 00438913
MOV DWORD PTR DS:[4531FC],EBX
MOV AL,BYTE PTR SS:[EBP+10]
MOV BYTE PTR DS:[4531F8],AL
CMP DWORD PTR SS:[EBP+0C],0
JNE 00438903
PUSH DWORD PTR DS:[4548CC]
CALL 004350C6

; /Arg1 = 0
; \SystemIn

POP ECX
MOV EDI,EAX
MOV DWORD PTR SS:[EBP-28],EDI
TEST EDI,EDI
JE SHORT 004388F3
PUSH DWORD PTR DS:[4548C8]
CALL 004350C6

; /Arg1 = 0
; \SystemIn

POP ECX
MOV ESI,EAX
MOV DWORD PTR SS:[EBP-24],ESI
MOV DWORD PTR SS:[EBP-1C],EDI
MOV DWORD PTR SS:[EBP-20],ESI
/SUB ESI,4
|MOV DWORD PTR SS:[EBP-24],ESI
|CMP ESI,EDI
|JB SHORT 004388F3
|CALL 004350BD

; [SystemIn

|CMP DWORD PTR DS:[ESI],EAX


|JE SHORT 00438892
|CMP ESI,EDI
|JB SHORT 004388F3
|PUSH DWORD PTR DS:[ESI]

; /Arg1

004388AB |. E8 16C8FFFF
fo.004350C6
004388B0 |. 8BF8
004388B2 |. E8 06C8FFFF
fo.004350BD
004388B7 |. 8906
004388B9 |. FFD7
004388BB |. FF35 CC484500
004388C1 |. E8 00C8FFFF
fo.004350C6
004388C6 |. 8BF8
004388C8 |. FF35 C8484500
004388CE |. E8 F3C7FFFF
fo.004350C6
004388D3 |. 83C4 0C
004388D6 |. 397D E4
004388D9 |. 75 05
004388DB |. 3945 E0
004388DE |. 74 0E
004388E0 |> 897D E4
004388E3 |. 897D D8
004388E6 |. 8945 E0
004388E9 |. 8BF0
004388EB |. 8975 DC
004388EE |> 8B7D D8
004388F1 |.^ EB 9F
004388F3 |> 68 A8824400
ystemInfo.4482A8
004388F8 |. B8 9C824400
004388FD |. E8 5FFEFFFF
fo.00438761
00438902 |. 59
00438903 |> 68 B0824400
ystemInfo.4482B0
00438908 |. B8 AC824400
0043890D |. E8 4FFEFFFF
fo.00438761
00438912 |. 59
00438913 |> C745 FC FEFFF
0043891A |. E8 1F000000
0043891F |. 837D 10 00
00438923 |. 75 28
00438925 |. 891D 00324500
0043892B |. 6A 08
0043892D |. E8 74FCFFFF
fo.004385A6
00438932 |. 59
00438933 |. FF75 08
00438936 |. E8 FCFDFFFF
0043893B |. 33DB
0043893D |. 43
0043893E |$ 837D 10 00
00438942 |. 74 08
00438944 |. 6A 08
00438946 |. E8 5BFCFFFF
fo.004385A6
0043894B |. 59
0043894C |> C3
0043894D |> E8 DF000000
00438952 \. C3

|CALL 004350C6

; \SystemIn

|MOV EDI,EAX
|CALL 004350BD

; [SystemIn

|MOV DWORD PTR DS:[ESI],EAX


|CALL EDI
|PUSH DWORD PTR DS:[4548CC]
|CALL 004350C6

; /Arg1 = 0
; \SystemIn

|MOV EDI,EAX
|PUSH DWORD PTR DS:[4548C8]
|CALL 004350C6

; /Arg1 = 0
; \SystemIn

|ADD ESP,0C
|CMP DWORD PTR SS:[EBP-1C],EDI
|JNE SHORT 004388E0
|CMP DWORD PTR SS:[EBP-20],EAX
|JE SHORT 004388EE
|MOV DWORD PTR SS:[EBP-1C],EDI
|MOV DWORD PTR SS:[EBP-28],EDI
|MOV DWORD PTR SS:[EBP-20],EAX
|MOV ESI,EAX
|MOV DWORD PTR SS:[EBP-24],ESI
|MOV EDI,DWORD PTR SS:[EBP-28]
\JMP SHORT 00438892
PUSH OFFSET 004482A8

; /Arg1 = S

MOV EAX,OFFSET 0044829C


CALL 00438761

; |
; \SystemIn

POP ECX
PUSH OFFSET 004482B0

; /Arg1 = S

MOV EAX,OFFSET 004482AC


CALL 00438761

; |
; \SystemIn

POP ECX
MOV DWORD PTR SS:[EBP-4],-2
CALL 0043893E
CMP DWORD PTR SS:[EBP+10],0
JNE SHORT 0043894D
MOV DWORD PTR DS:[453200],EBX
PUSH 8
CALL 004385A6

; /Arg1 = 8
; \SystemIn

POP ECX
PUSH DWORD PTR SS:[EBP+8]
CALL 00438737
XOR EBX,EBX
INC EBX
CMP DWORD PTR SS:[EBP+10],0
JE SHORT 0043894C
PUSH 8
CALL 004385A6

; /Arg1 = 8
; \SystemIn

POP ECX
RETN
CALL 00438A31
RETN

00438953 /$ 8BFF
MOV EDI,EDI
00438955 |. 55
PUSH EBP
00438956 |. 8BEC
MOV EBP,ESP
00438958 |. 6A 00
PUSH 0
0043895A |. 6A 00
PUSH 0
0043895C |. FF75 08
PUSH DWORD PTR SS:[ARG.1]
0043895F |. E8 C3FEFFFF CALL 00438827
00438964 |. 83C4 0C
ADD ESP,0C
00438967 |. 5D
POP EBP
00438968 \. C3
RETN
00438969 /$ 8BFF
MOV EDI,EDI
0043896B |. 55
PUSH EBP
0043896C |. 8BEC
MOV EBP,ESP
0043896E |. 6A 00
PUSH 0
00438970 |. 6A 01
PUSH 1
00438972 |. FF75 08
PUSH DWORD PTR SS:[ARG.1]
00438975 |. E8 ADFEFFFF CALL 00438827
0043897A |. 83C4 0C
ADD ESP,0C
0043897D |. 5D
POP EBP
0043897E \. C3
RETN
0043897F /$ 6A 01
PUSH 1
00438981 |. 6A 00
PUSH 0
00438983 |. 6A 00
PUSH 0
00438985 |. E8 9DFEFFFF CALL 00438827
0043898A |. 83C4 0C
ADD ESP,0C
0043898D \. C3
RETN
0043898E /$ 6A 01
PUSH 1
00438990 |. 6A 01
PUSH 1
00438992 |. 6A 00
PUSH 0
00438994 |. E8 8EFEFFFF CALL 00438827
00438999 |. 83C4 0C
ADD ESP,0C
0043899C \. C3
RETN
0043899D /$ 8BFF
MOV EDI,EDI
o.0043899D(guessed void)
0043899F |. 56
PUSH ESI
004389A0 |. E8 18C7FFFF CALL 004350BD
fo.004350BD
004389A5 |. 8BF0
MOV ESI,EAX
004389A7 |. 56
PUSH ESI
004389A8 |. E8 E5DDFFFF CALL 00436792
004389AD |. 56
PUSH ESI
004389AE |. E8 D1760000 CALL 00440084
004389B3 |. 56
PUSH ESI
004389B4 |. E8 725DFFFF CALL 0042E72B
004389B9 |. 56
PUSH ESI
004389BA |. E8 5ADCFFFF CALL 00436619
004389BF |. 56
PUSH ESI
004389C0 |. E8 88780000 CALL 0044024D
004389C5 |. 56
PUSH ESI
004389C6 |. E8 864D0000 CALL 0043D751
004389CB |. 56
PUSH ESI
004389CC |. E8 226CFFFF CALL 0042F5F3
004389D1 |. 56
PUSH ESI
004389D2 |. E8 95CCFFFF CALL 0043566C
004389D7 |. 68 69894300 PUSH 00438969
ystemInfo.438969, Entry point of procedure
004389DC |. E8 6AC6FFFF CALL 0043504B
fo.0043504B
004389E1 |. 83C4 24
ADD ESP,24
004389E4 |. A3 00204500 MOV DWORD PTR DS:[452000],EAX

; SystemInf
; [SystemIn

; /Arg1 = S
; \SystemIn

004389E9
004389EA
004389EB
004389EC
004389F1
004389F8
004389FC
00438A00
00438A04
00438A06
00438A07
00438A08
00438A09
00438A0E
00438A11
00438A13
00438A14
00438A17
00438A1A
00438A1D
00438A24
00438A27
00438A2A
00438A30
00438A31
00438A34
00438A3B
00438A3C
00438A3D
00438A3E
00438A3F
00438A40
00438A42
00438A43
00438A44
00438A45
00438A46
00438A47
00438A48
00438A49
00438A4A
00438A4B
00438A4C
00438A4D
00438A4E
00438A4F
00438A50
00438A52
00438A53
00438A55
00438A58
00438A59
00438A5C
00438A5D
00438A60
00438A66
00438A67
00438A69
00438A6D
00438A74

|. 5E
\. C3
CC
/$ 68 508A4300
|. 64:FF35 00000
|. 8B4424 10
|. 896C24 10
|. 8D6C24 10
|. 2BE0
|. 53
|. 56
|. 57
|. A1 A0154500
|. 3145 FC
|. 33C5
|. 50
|. 8965 E8
|. FF75 F8
|. 8B45 FC
|. C745 FC FEFFF
|. 8945 F8
|. 8D45 F0
|. 64:A3 0000000
\. C3
/$ 8B4D F0
|. 64:890D 00000
|. 59
|. 5F
|. 5F
|. 5E
|. 5B
|. 8BE5
|. 5D
|. 51
\. C3
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
/. 8BFF
|. 55
|. 8BEC
|. 83EC 18
|. 53
|. 8B5D 0C
|. 56
|. 8B73 08
|. 3335 A0154500
|. 57
|. 8B06
|. C645 FF 00
|. C745 F4 01000
|. 8D7B 10

POP ESI
RETN
INT3
PUSH 00438A50
PUSH DWORD PTR FS:[0]
MOV EAX,DWORD PTR SS:[ARG.2]
MOV DWORD PTR SS:[ARG.2],EBP
LEA EBP,[ARG.2]
SUB ESP,EAX
PUSH EBX
PUSH ESI
PUSH EDI
MOV EAX,DWORD PTR DS:[4515A0]
XOR DWORD PTR SS:[ARG.1],EAX
XOR EAX,EBP
PUSH EAX
MOV DWORD PTR SS:[LOCAL.3],ESP
PUSH DWORD PTR SS:[ARG.RETADDR]
MOV EAX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR SS:[ARG.1],-2
MOV DWORD PTR SS:[ARG.RETADDR],EAX
LEA EAX,[LOCAL.1]
MOV DWORD PTR FS:[0],EAX
RETN
MOV ECX,DWORD PTR SS:[EBP-10]
MOV DWORD PTR FS:[0],ECX
POP ECX
POP EDI
POP EDI
POP ESI
POP EBX
MOV ESP,EBP
POP EBP
PUSH ECX
RETN
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
SUB ESP,18
PUSH EBX
MOV EBX,DWORD PTR SS:[ARG.2]
PUSH ESI
MOV ESI,DWORD PTR DS:[EBX+8]
XOR ESI,DWORD PTR DS:[4515A0]
PUSH EDI
MOV EAX,DWORD PTR DS:[ESI]
MOV BYTE PTR SS:[LOCAL.1+3],0
MOV DWORD PTR SS:[LOCAL.3],1
LEA EDI,[EBX+10]

00438A77
00438A7A
00438A7C
00438A7F
00438A81
00438A84
00438A89
00438A8C
00438A8F
00438A91
00438A94
00438A99
00438A9C
00438AA0
00438AA6
00438AA9
00438AAC
00438AAF
00438AB2
00438AB5
00438AB8
00438ABB
00438ABD
00438AC0
00438AC3
00438AC7
00438ACB
00438ACE
00438AD0
00438AD3
00438AD5
00438AD7
00438AD9
00438ADE
00438AE2
00438AE4
00438AE6
00438AE8
00438AEB
00438AED
00438AF0
00438AF2
00438AF6
00438AF8
00438AFA
00438AFD
00438AFF
00438B02
00438B04
00438B07
00438B0C
00438B0F
00438B12
00438B14
00438B17
00438B1C
00438B1F
00438B20
00438B21
00438B22

|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.^
|.
|.
|>
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|>
|.
|.
|.
|.

83F8 FE
74 0D
8B4E 04
03CF
330C38
E8 685CFFFF
8B4E 0C
8B46 08
03CF
330C38
E8 585CFFFF
8B45 08
F640 04 66
0F85 16010000
8B4D 10
8D55 E8
8953 FC
8B5B 0C
8945 E8
894D EC
83FB FE
74 5F
8D49 00
8D045B
8B4C86 14
8D4486 10
8945 F0
8B00
8945 F8
85C9
74 14
8BD7
E8 64530000
C645 FF 01
85C0
7C 40
7F 47
8B45 F8
8BD8
83F8 FE
75 CE
807D FF 00
74 24
8B06
83F8 FE
74 0D
8B4E 04
03CF
330C38
E8 E55BFFFF
8B4E 0C
8B56 08
03CF
330C3A
E8 D55BFFFF
8B45 F4
5F
5E
5B
8BE5

CMP EAX,-2
JE SHORT 00438A89
MOV ECX,DWORD PTR DS:[ESI+4]
ADD ECX,EDI
XOR ECX,DWORD PTR DS:[EDI+EAX]
CALL 0042E6F1
MOV ECX,DWORD PTR DS:[ESI+0C]
MOV EAX,DWORD PTR DS:[ESI+8]
ADD ECX,EDI
XOR ECX,DWORD PTR DS:[EDI+EAX]
CALL 0042E6F1
MOV EAX,DWORD PTR SS:[ARG.1]
TEST BYTE PTR DS:[EAX+4],66
JNE 00438BBC
MOV ECX,DWORD PTR SS:[ARG.3]
LEA EDX,[LOCAL.6]
MOV DWORD PTR DS:[EBX-4],EDX
MOV EBX,DWORD PTR DS:[EBX+0C]
MOV DWORD PTR SS:[LOCAL.6],EAX
MOV DWORD PTR SS:[LOCAL.5],ECX
CMP EBX,-2
JE SHORT 00438B1C
LEA ECX,[ECX]
/LEA EAX,[EBX*2+EBX]
|MOV ECX,DWORD PTR DS:[EAX*4+ESI+14]
|LEA EAX,[EAX*4+ESI+10]
|MOV DWORD PTR SS:[LOCAL.4],EAX
|MOV EAX,DWORD PTR DS:[EAX]
|MOV DWORD PTR SS:[LOCAL.2],EAX
|TEST ECX,ECX
|JE SHORT 00438AEB
|MOV EDX,EDI
|CALL 0043DE42
|MOV BYTE PTR SS:[LOCAL.1+3],1
|TEST EAX,EAX
|JL SHORT 00438B26
|JG SHORT 00438B2F
|MOV EAX,DWORD PTR SS:[LOCAL.2]
|MOV EBX,EAX
|CMP EAX,-2
\JNE SHORT 00438AC0
CMP BYTE PTR SS:[LOCAL.1+3],0
JE SHORT 00438B1C
MOV EAX,DWORD PTR DS:[ESI]
CMP EAX,-2
JE SHORT 00438B0C
MOV ECX,DWORD PTR DS:[ESI+4]
ADD ECX,EDI
XOR ECX,DWORD PTR DS:[EDI+EAX]
CALL 0042E6F1
MOV ECX,DWORD PTR DS:[ESI+0C]
MOV EDX,DWORD PTR DS:[ESI+8]
ADD ECX,EDI
XOR ECX,DWORD PTR DS:[EDI+EDX]
CALL 0042E6F1
MOV EAX,DWORD PTR SS:[LOCAL.3]
POP EDI
POP ESI
POP EBX
MOV ESP,EBP

00438B24 |. 5D
00438B25 |. C3
00438B26 |> C745 F4 00000
00438B2D |.^ EB C9
00438B2F |> 8B4D 08
00438B32 |. 8139 63736DE0
00438B38 |. 75 29
00438B3A |. 833D 149F4400
nt of procedure
00438B41 |. 74 20
00438B43 |. 68 149F4400
ystemInfo.449F14
00438B48 |. E8 43760000
fo.00440190
00438B4D |. 83C4 04
00438B50 |. 85C0
00438B52 |. 74 0F
00438B54 |. 8B55 08
00438B57 |. 6A 01
00438B59 |. 52
00438B5A |. FF15 149F4400
00438B60 |. 83C4 08
00438B63 |> 8B4D 0C
00438B66 |. E8 07530000
00438B6B |. 8B45 0C
00438B6E |. 3958 0C
00438B71 |. 74 12
00438B73 |. 68 A0154500
ystemInfo.4515A0
00438B78 |. 57
00438B79 |. 8BD3
00438B7B |. 8BC8
00438B7D |. E8 0A530000
fo.0043DE8C
00438B82 |. 8B45 0C
00438B85 |> 8B4D F8
00438B88 |. 8948 0C
00438B8B |. 8B06
00438B8D |. 83F8 FE
00438B90 |. 74 0D
00438B92 |. 8B4E 04
00438B95 |. 03CF
00438B97 |. 330C38
00438B9A |. E8 525BFFFF
00438B9F |> 8B4E 0C
00438BA2 |. 8B56 08
00438BA5 |. 03CF
00438BA7 |. 330C3A
00438BAA |. E8 425BFFFF
00438BAF |. 8B45 F0
00438BB2 |. 8B48 08
00438BB5 |. 8BD7
00438BB7 |. E8 9D520000
00438BBC |> BA FEFFFFFF
00438BC1 |. 3953 0C
00438BC4 |.^ 0F84 52FFFFFF
00438BCA |. 68 A0154500
ystemInfo.4515A0
00438BCF |. 57
00438BD0 |. 8BCB

POP EBP
RETN
MOV DWORD PTR SS:[LOCAL.3],0
JMP SHORT 00438AF8
MOV ECX,DWORD PTR SS:[ARG.1]
CMP DWORD PTR DS:[ECX],E06D7363
JNE SHORT 00438B63
CMP DWORD PTR DS:[449F14],0

; Entry poi

JE SHORT 00438B63
PUSH OFFSET 00449F14

; /Arg1 = S

CALL 00440190

; \SystemIn

ADD ESP,4
TEST EAX,EAX
JE SHORT 00438B63
MOV EDX,DWORD PTR SS:[ARG.1]
PUSH 1
PUSH EDX
CALL DWORD PTR DS:[449F14]
ADD ESP,8
MOV ECX,DWORD PTR SS:[ARG.2]
CALL 0043DE72
MOV EAX,DWORD PTR SS:[ARG.2]
CMP DWORD PTR DS:[EAX+0C],EBX
JE SHORT 00438B85
PUSH OFFSET 004515A0

; /Arg2 = S

PUSH EDI
MOV EDX,EBX
MOV ECX,EAX
CALL 0043DE8C

;
;
;
;

MOV EAX,DWORD PTR SS:[ARG.2]


MOV ECX,DWORD PTR SS:[LOCAL.2]
MOV DWORD PTR DS:[EAX+0C],ECX
MOV EAX,DWORD PTR DS:[ESI]
CMP EAX,-2
JE SHORT 00438B9F
MOV ECX,DWORD PTR DS:[ESI+4]
ADD ECX,EDI
XOR ECX,DWORD PTR DS:[EDI+EAX]
CALL 0042E6F1
MOV ECX,DWORD PTR DS:[ESI+0C]
MOV EDX,DWORD PTR DS:[ESI+8]
ADD ECX,EDI
XOR ECX,DWORD PTR DS:[EDI+EDX]
CALL 0042E6F1
MOV EAX,DWORD PTR SS:[LOCAL.4]
MOV ECX,DWORD PTR DS:[EAX+8]
MOV EDX,EDI
CALL 0043DE59
MOV EDX,-2
CMP DWORD PTR DS:[EBX+0C],EDX
JE 00438B1C
PUSH OFFSET 004515A0

; /Arg2 = S

PUSH EDI
MOV ECX,EBX

; |Arg1
; |

|Arg1
|
|
\SystemIn

00438BD2 |. E8 B5520000 CALL 0043DE8C


fo.0043DE8C
00438BD7 \.^ E9 1CFFFFFF JMP 00438AF8
00438BDC /$ 8BFF
MOV EDI,EDI
o.00438BDC(guessed Arg1,Arg2,Arg3)
00438BDE |. 55
PUSH EBP
00438BDF |. 8BEC
MOV EBP,ESP
00438BE1 |. 8B45 08
MOV EAX,DWORD PTR SS:[ARG.1]
00438BE4 |. 53
PUSH EBX
00438BE5 |. 33DB
XOR EBX,EBX
00438BE7 |. 56
PUSH ESI
00438BE8 |. 57
PUSH EDI
00438BE9 |. 3BC3
CMP EAX,EBX
00438BEB |. 74 07
JE SHORT 00438BF4
00438BED |. 8B7D 0C
MOV EDI,DWORD PTR SS:[ARG.2]
00438BF0 |. 3BFB
CMP EDI,EBX
00438BF2 |. 77 1B
JA SHORT 00438C0F
00438BF4 |> E8 04B8FFFF CALL 004343FD
fo.004343FD
00438BF9 |. 6A 16
PUSH 16
00438BFB |. 5E
POP ESI
00438BFC |. 8930
MOV DWORD PTR DS:[EAX],ESI
00438BFE |> 53
PUSH EBX
00438BFF |. 53
PUSH EBX
00438C00 |. 53
PUSH EBX
00438C01 |. 53
PUSH EBX
00438C02 |. 53
PUSH EBX
00438C03 |. E8 5A5CFFFF CALL 0042E862
fo.0042E862
00438C08 |. 83C4 14
ADD ESP,14
00438C0B |. 8BC6
MOV EAX,ESI
00438C0D |. EB 3C
JMP SHORT 00438C4B
00438C0F |> 8B75 10
MOV ESI,DWORD PTR SS:[ARG.3]
00438C12 |. 3BF3
CMP ESI,EBX
00438C14 |. 75 04
JNE SHORT 00438C1A
00438C16 |> 8818
MOV BYTE PTR DS:[EAX],BL
00438C18 |.^ EB DA
JMP SHORT 00438BF4
00438C1A |> 8BD0
MOV EDX,EAX
00438C1C |> 381A
/CMP BYTE PTR DS:[EDX],BL
00438C1E |. 74 04
|JE SHORT 00438C24
00438C20 |. 42
|INC EDX
00438C21 |. 4F
|DEC EDI
00438C22 |.^ 75 F8
\JNE SHORT 00438C1C
00438C24 |> 3BFB
CMP EDI,EBX
00438C26 |.^ 74 EE
JE SHORT 00438C16
00438C28 |> 8A0E
/MOV CL,BYTE PTR DS:[ESI]
00438C2A |. 880A
|MOV BYTE PTR DS:[EDX],CL
00438C2C |. 42
|INC EDX
00438C2D |. 46
|INC ESI
00438C2E |. 3ACB
|CMP CL,BL
00438C30 |. 74 03
|JE SHORT 00438C35
00438C32 |. 4F
|DEC EDI
00438C33 |.^ 75 F3
\JNE SHORT 00438C28
00438C35 |> 3BFB
CMP EDI,EBX
00438C37 |. 75 10
JNE SHORT 00438C49
00438C39 |. 8818
MOV BYTE PTR DS:[EAX],BL
00438C3B |. E8 BDB7FFFF CALL 004343FD
fo.004343FD
00438C40 |. 6A 22
PUSH 22
00438C42 |. 59
POP ECX

; \SystemIn
; SystemInf

; [SystemIn

;
;
;
;
;
;

/Arg5
|Arg4
|Arg3
|Arg2
|Arg1
\SystemIn

; [SystemIn

00438C43 |. 8908
MOV DWORD PTR DS:[EAX],ECX
00438C45 |. 8BF1
MOV ESI,ECX
00438C47 |.^ EB B5
JMP SHORT 00438BFE
00438C49 |> 33C0
XOR EAX,EAX
00438C4B |> 5F
POP EDI
00438C4C |. 5E
POP ESI
00438C4D |. 5B
POP EBX
00438C4E |. 5D
POP EBP
00438C4F \. C3
RETN
00438C50 /$ 8BFF
MOV EDI,EDI
o.00438C50(guessed Arg1,Arg2,Arg3,Arg4)
00438C52 |. 55
PUSH EBP
00438C53 |. 8BEC
MOV EBP,ESP
00438C55 |. 53
PUSH EBX
00438C56 |. 56
PUSH ESI
00438C57 |. 8B75 08
MOV ESI,DWORD PTR SS:[ARG.1]
00438C5A |. 33DB
XOR EBX,EBX
00438C5C |. 57
PUSH EDI
00438C5D |. 395D 14
CMP DWORD PTR SS:[ARG.4],EBX
00438C60 |. 75 10
JNE SHORT 00438C72
00438C62 |. 3BF3
CMP ESI,EBX
00438C64 |. 75 10
JNE SHORT 00438C76
00438C66 |. 395D 0C
CMP DWORD PTR SS:[ARG.2],EBX
00438C69 |. 75 12
JNE SHORT 00438C7D
00438C6B |> 33C0
XOR EAX,EAX
00438C6D |> 5F
POP EDI
00438C6E |. 5E
POP ESI
00438C6F |. 5B
POP EBX
00438C70 |. 5D
POP EBP
00438C71 |. C3
RETN
00438C72 |> 3BF3
CMP ESI,EBX
00438C74 |. 74 07
JE SHORT 00438C7D
00438C76 |> 8B7D 0C
MOV EDI,DWORD PTR SS:[ARG.2]
00438C79 |. 3BFB
CMP EDI,EBX
00438C7B |. 77 1B
JA SHORT 00438C98
00438C7D |> E8 7BB7FFFF CALL 004343FD
fo.004343FD
00438C82 |. 6A 16
PUSH 16
00438C84 |. 5E
POP ESI
00438C85 |. 8930
MOV DWORD PTR DS:[EAX],ESI
00438C87 |> 53
PUSH EBX
00438C88 |. 53
PUSH EBX
00438C89 |. 53
PUSH EBX
00438C8A |. 53
PUSH EBX
00438C8B |. 53
PUSH EBX
00438C8C |. E8 D15BFFFF CALL 0042E862
fo.0042E862
00438C91 |. 83C4 14
ADD ESP,14
00438C94 |. 8BC6
MOV EAX,ESI
00438C96 |.^ EB D5
JMP SHORT 00438C6D
00438C98 |> 395D 14
CMP DWORD PTR SS:[ARG.4],EBX
00438C9B |. 75 04
JNE SHORT 00438CA1
00438C9D |. 881E
MOV BYTE PTR DS:[ESI],BL
00438C9F |.^ EB CA
JMP SHORT 00438C6B
00438CA1 |> 8B55 10
MOV EDX,DWORD PTR SS:[ARG.3]
00438CA4 |. 3BD3
CMP EDX,EBX
00438CA6 |. 75 04
JNE SHORT 00438CAC
00438CA8 |. 881E
MOV BYTE PTR DS:[ESI],BL
00438CAA |.^ EB D1
JMP SHORT 00438C7D
00438CAC |> 837D 14 FF
CMP DWORD PTR SS:[ARG.4],-1

; SystemInf

; [SystemIn

;
;
;
;
;
;

/Arg5
|Arg4
|Arg3
|Arg2
|Arg1
\SystemIn

00438CB0 |. 8BC6
MOV EAX,ESI
00438CB2 |. 75 0F
JNE SHORT 00438CC3
00438CB4 |> 8A0A
/MOV CL,BYTE PTR DS:[EDX]
00438CB6 |. 8808
|MOV BYTE PTR DS:[EAX],CL
00438CB8 |. 40
|INC EAX
00438CB9 |. 42
|INC EDX
00438CBA |. 3ACB
|CMP CL,BL
00438CBC |. 74 1E
|JE SHORT 00438CDC
00438CBE |. 4F
|DEC EDI
00438CBF |.^ 75 F3
\JNE SHORT 00438CB4
00438CC1 |. EB 19
JMP SHORT 00438CDC
00438CC3 |> 8A0A
/MOV CL,BYTE PTR DS:[EDX]
00438CC5 |. 8808
|MOV BYTE PTR DS:[EAX],CL
00438CC7 |. 40
|INC EAX
00438CC8 |. 42
|INC EDX
00438CC9 |. 3ACB
|CMP CL,BL
00438CCB |. 74 08
|JE SHORT 00438CD5
00438CCD |. 4F
|DEC EDI
00438CCE |. 74 05
|JE SHORT 00438CD5
00438CD0 |. FF4D 14
|DEC DWORD PTR SS:[ARG.4]
00438CD3 |.^ 75 EE
\JNE SHORT 00438CC3
00438CD5 |> 395D 14
CMP DWORD PTR SS:[ARG.4],EBX
00438CD8 |. 75 02
JNE SHORT 00438CDC
00438CDA |. 8818
MOV BYTE PTR DS:[EAX],BL
00438CDC |> 3BFB
CMP EDI,EBX
00438CDE |.^ 75 8B
JNE SHORT 00438C6B
00438CE0 |. 837D 14 FF
CMP DWORD PTR SS:[ARG.4],-1
00438CE4 |. 75 0F
JNE SHORT 00438CF5
00438CE6 |. 8B45 0C
MOV EAX,DWORD PTR SS:[ARG.2]
00438CE9 |. 6A 50
PUSH 50
00438CEB |. 885C06 FF
MOV BYTE PTR DS:[EAX+ESI-1],BL
00438CEF |. 58
POP EAX
00438CF0 |.^ E9 78FFFFFF JMP 00438C6D
00438CF5 |> 881E
MOV BYTE PTR DS:[ESI],BL
00438CF7 |. E8 01B7FFFF CALL 004343FD
fo.004343FD
00438CFC |. 6A 22
PUSH 22
00438CFE |. 59
POP ECX
00438CFF |. 8908
MOV DWORD PTR DS:[EAX],ECX
00438D01 |. 8BF1
MOV ESI,ECX
00438D03 \.^ EB 82
JMP SHORT 00438C87
00438D05 /$ 8BFF
MOV EDI,EDI
o.00438D05(guessed Arg1,Arg2,Arg3)
00438D07 |. 55
PUSH EBP
00438D08 |. 8BEC
MOV EBP,ESP
00438D0A |. 33C0
XOR EAX,EAX
00438D0C |. 53
PUSH EBX
00438D0D |. 33DB
XOR EBX,EBX
00438D0F |. 40
INC EAX
00438D10 |. 395D 0C
CMP DWORD PTR SS:[ARG.2],EBX
00438D13 |. 7C 46
JL SHORT 00438D5B
00438D15 |. 56
PUSH ESI
00438D16 |. 57
PUSH EDI
00438D17 |> 85C0
/TEST EAX,EAX
00438D19 |. 74 3E
|JE SHORT 00438D59
00438D1B |. 8B45 0C
|MOV EAX,DWORD PTR SS:[ARG.2]
00438D1E |. 03C3
|ADD EAX,EBX
00438D20 |. 99
|CDQ
00438D21 |. 2BC2
|SUB EAX,EDX
00438D23 |. 8BF0
|MOV ESI,EAX

; [SystemIn

; SystemInf

00438D25 |.
00438D28 |.
00438D2A |.
00438D2D |.
00438D2F |.
00438D32 |.
00438D34 |.
fo.00440032
00438D39 |.
00438D3A |.
00438D3B |.
00438D3D |.
00438D3F |.
00438D42 |.
00438D45 |.
00438D47 |.
00438D49 |>
00438D4B |.
00438D4C |.
00438D4F |.
00438D51 |>
00438D54 |>
00438D57 |.^
00438D59 |>
00438D5A |.
00438D5B |>
00438D5D |.
00438D5F |.
00438D62 |.
00438D63 |.
00438D65 |.
00438D66 \.
00438D67 /$
00438D69 |.
00438D6A |.
00438D6C |.
00438D6F |.
00438D74 |.
00438D76 |.
00438D79 |.
00438D7A |.
00438D7C |.
00438D7E |.
00438D80 |.
00438D83 |.
00438D85 |.
SCII "ACP"
00438D8A |.
ARG.ECX
00438D8B |.
fo.0042E980
00438D90 |.
00438D91 |.
00438D92 |.
00438D94 |.
00438D96 |.
SCII "OCP"
00438D9B |.
ARG.ECX
00438D9C |.

8B45 08
D1FE
8D3CF0
FF37
8B45 10
FF30
E8 F9720000

|MOV EAX,DWORD PTR SS:[ARG.1]


|SAR ESI,1
|LEA EDI,[ESI*8+EAX]
|PUSH DWORD PTR DS:[EDI]
|MOV EAX,DWORD PTR SS:[ARG.3]
|PUSH DWORD PTR DS:[EAX]
|CALL 00440032

;
;
;
;

59
59
85C0
75 0A
8B4D 10
83C7 04
8939
EB 0B
7D 06
4E
8975 0C
EB 03
8D5E 01
3B5D 0C
7E BE
5F
5E
33C9
85C0
0F94C1
5B
8BC1
5D
C3
8BFF
55
8BEC
83EC 0C
A1 A0154500
33C5
8945 FC
56
8BF1
85F6
74 53
803E 00
74 4E
68 94B14400

|POP ECX
|POP ECX
|TEST EAX,EAX
|JNE SHORT 00438D49
|MOV ECX,DWORD PTR SS:[ARG.3]
|ADD EDI,4
|MOV DWORD PTR DS:[ECX],EDI
|JMP SHORT 00438D54
|JGE SHORT 00438D51
|DEC ESI
|MOV DWORD PTR SS:[ARG.2],ESI
|JMP SHORT 00438D54
|LEA EBX,[ESI+1]
|CMP EBX,DWORD PTR SS:[ARG.2]
\JLE SHORT 00438D17
POP EDI
POP ESI
XOR ECX,ECX
TEST EAX,EAX
SETE CL
POP EBX
MOV EAX,ECX
POP EBP
RETN
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
SUB ESP,0C
MOV EAX,DWORD PTR DS:[4515A0]
XOR EAX,EBP
MOV DWORD PTR SS:[LOCAL.1],EAX
PUSH ESI
MOV ESI,ECX
TEST ESI,ESI
JE SHORT 00438DD3
CMP BYTE PTR DS:[ESI],0
JE SHORT 00438DD3
PUSH OFFSET 0044B194

; /Arg2 = A

56

PUSH ESI

; |Arg1 =>

E8 F05BFFFF

CALL 0042E980

; \SystemIn

59
59
85C0
74 3D
68 90B14400

POP ECX
POP ECX
TEST EAX,EAX
JE SHORT 00438DD3
PUSH OFFSET 0044B190

; /Arg2 = A

56

PUSH ESI

; |Arg1 =>

E8 DF5BFFFF

CALL 0042E980

; \SystemIn

/Arg2
|
|Arg1
\SystemIn

fo.0042E980
00438DA1 |. 59
00438DA2 |. 59
00438DA3 |. 85C0
00438DA5 |. 75 18
00438DA7 |. 6A 08
8
00438DA9 |. 8D45 F4
00438DAC |. 50
OFFSET LOCAL.3
00438DAD |. 6A 0B
0B
00438DAF |. FF77 1C
> [ARG.EDI+1C]
00438DB2 |. FF15 64804400
.GetLocaleInfoA
00438DB8 |. 85C0
00438DBA |. 74 2F
00438DBC |> 8D75 F4
00438DBF |> 56
00438DC0 |. E8 97740000
00438DC5 |. 59
00438DC6 |> 8B4D FC
00438DC9 |. 33CD
00438DCB |. 5E
00438DCC |. E8 2059FFFF
00438DD1 |. C9
00438DD2 |. C3
00438DD3 |> 6A 08
8
00438DD5 |. 8D45 F4
00438DD8 |. 50
OFFSET LOCAL.3
00438DD9 |. 68 04100000
1004
00438DDE |. FF77 1C
> [ARG.EDI+1C]
00438DE1 |. FF15 64804400
.GetLocaleInfoA
00438DE7 |. 85C0
00438DE9 |. 75 04
00438DEB |> 33C0
00438DED |.^ EB D7
00438DEF |> 8D45 F4
00438DF2 |. 68 8CB14400
ystemInfo.44B18C
00438DF7 |. 50
OFFSET LOCAL.3
00438DF8 |. E8 835BFFFF
fo.0042E980
00438DFD |. 59
00438DFE |. 59
00438DFF |. 85C0
00438E01 |.^ 75 B9
00438E03 |. FF15 9C814400
.GetACP
00438E09 \.^ EB BB
00438E0B /$ 8BFF
o.00438E0B(guessed Arg1)
00438E0D |. 55

POP ECX
POP ECX
TEST EAX,EAX
JNE SHORT 00438DBF
PUSH 8

; /Count =

LEA EAX,[LOCAL.3]
PUSH EAX

; |
; |pData =>

PUSH 0B

; |LCType =

PUSH DWORD PTR DS:[EDI+1C]

; |Locale =

CALL DWORD PTR DS:[<&KERNEL32.GetLocaleI ; \KERNEL32


TEST EAX,EAX
JE SHORT 00438DEB
LEA ESI,[LOCAL.3]
PUSH ESI
CALL 0044025C
POP ECX
MOV ECX,DWORD PTR SS:[LOCAL.1]
XOR ECX,EBP
POP ESI
CALL 0042E6F1
LEAVE
RETN
PUSH 8

; /Count =

LEA EAX,[LOCAL.3]
PUSH EAX

; |
; |pData =>

PUSH 1004

; |LCType =

PUSH DWORD PTR DS:[EDI+1C]

; |Locale =

CALL DWORD PTR DS:[<&KERNEL32.GetLocaleI ; \KERNEL32


TEST EAX,EAX
JNE SHORT 00438DEF
XOR EAX,EAX
JMP SHORT 00438DC6
LEA EAX,[LOCAL.3]
PUSH OFFSET 0044B18C

; /Arg2 = S

PUSH EAX

; |Arg1 =>

CALL 0042E980

; \SystemIn

POP ECX
POP ECX
TEST EAX,EAX
JNE SHORT 00438DBC
CALL DWORD PTR DS:[<&KERNEL32.GetACP>]

; [KERNEL32

JMP SHORT 00438DC6


MOV EDI,EDI

; SystemInf

PUSH EBP

00438E0E |. 8BEC
MOV EBP,ESP
00438E10 |. 33C0
XOR EAX,EAX
00438E12 |> 66:8B4D 08
/MOV CX,WORD PTR SS:[ARG.1]
00438E16 |. 66:3B88 78B14 |CMP CX,WORD PTR DS:[EAX+44B178]
00438E1D |. 74 0C
|JE SHORT 00438E2B
00438E1F |. 40
|INC EAX
00438E20 |. 40
|INC EAX
00438E21 |. 83F8 14
|CMP EAX,14
00438E24 |.^ 72 EC
\JB SHORT 00438E12
00438E26 |. 33C0
XOR EAX,EAX
00438E28 |. 40
INC EAX
00438E29 |. 5D
POP EBP
00438E2A |. C3
RETN
00438E2B |> 33C0
XOR EAX,EAX
00438E2D |. 5D
POP EBP
00438E2E \. C3
RETN
00438E2F /$ 8BFF
MOV EDI,EDI
; SystemInf
o.00438E2F(guessed void)
00438E31 |. 56
PUSH ESI
00438E32 |. 33F6
XOR ESI,ESI
00438E34 |. EB 23
JMP SHORT 00438E59
00438E36 |> 8AC1
/MOV AL,CL
00438E38 |. 2C 61
|SUB AL,61
; Switch (c
ases 61..66, 2 exits)
00438E3A |. 42
|INC EDX
00438E3B |. 3C 05
|CMP AL,5
00438E3D |. 77 05
|JA SHORT 00438E44
00438E3F |. 80C1 D9
|ADD CL,0D9
00438E42 |. EB 0B
|JMP SHORT 00438E4F
00438E44 |> 8AC1
|MOV AL,CL
; Default c
ase of switch SystemInfo.438E38
00438E46 |. 2C 41
|SUB AL,41
; Switch (c
ases 41..46, 2 exits)
00438E48 |. 3C 05
|CMP AL,5
00438E4A |. 77 03
|JA SHORT 00438E4F
00438E4C |. 80C1 F9
|ADD CL,0F9
; Cases 41
('A'), 42 ('B'), 43 ('C'), 44 ('D'), 45 ('E'), 46 ('F') of switch SystemInfo.438
E46
00438E4F |> 0FBEC1
|MOVSX EAX,CL
; Cases 61
('a'), 62 ('b'), 63 ('c'), 64 ('d'), 65 ('e'), 66 ('f') of switch SystemInfo.438
E38
00438E52 |. C1E6 04
|SHL ESI,4
00438E55 |. 8D7406 D0
|LEA ESI,[EAX+ESI-30]
00438E59 |> 8A0A
|MOV CL,BYTE PTR DS:[EDX]
00438E5B |. 84C9
|TEST CL,CL
00438E5D |.^ 75 D7
\JNE SHORT 00438E36
00438E5F |. 8BC6
MOV EAX,ESI
00438E61 |. 5E
POP ESI
00438E62 \. C3
RETN
00438E63 /$ 33C0
XOR EAX,EAX
00438E65 |> 8A0A
/MOV CL,BYTE PTR DS:[EDX]
00438E67 |. 42
|INC EDX
00438E68 |. 80F9 41
|CMP CL,41
00438E6B |. 7C 05
|JL SHORT 00438E72
00438E6D |. 80F9 5A
|CMP CL,5A
00438E70 |. 7E 08
|JLE SHORT 00438E7A
00438E72 |> 80E9 61
|SUB CL,61
; Switch (c
ases 61..7A, 2 exits)
00438E75 |. 80F9 19
|CMP CL,19
00438E78 |. 77 03
|JA SHORT 00438E7D

00438E7A |> 40
|INC EAX
; Cases 61
('a'), 62 ('b'), 63 ('c'), 64 ('d'), 65 ('e'), 66 ('f'), 67 ('g'), 68 ('h'), 69
('i'), 6A ('j'), 6B ('k'), 6C ('l'), 6D ('m'), 6E ('n'), 6F ('o'), 70 ('p'), 71
('q'), 72 ('r'), 73 ('s'), 74 ('t'), 75 ('u'), 76 ('v'), 77 ('w'), 78 ('x'), 79
('y...
00438E7B |.^ EB E8
\JMP SHORT 00438E65
00438E7D \> C3
RETN
; Default c
ase of switch SystemInfo.438E72
00438E7E
8BFF
MOV EDI,EDI
; Callback
00438E80 /. 55
PUSH EBP
00438E81 |. 8BEC
MOV EBP,ESP
00438E83 |. 83EC 7C
SUB ESP,7C
00438E86 |. A1 A0154500 MOV EAX,DWORD PTR DS:[4515A0]
00438E8B |. 33C5
XOR EAX,EBP
00438E8D |. 8945 FC
MOV DWORD PTR SS:[LOCAL.1],EAX
00438E90 |. 56
PUSH ESI
00438E91 |. 57
PUSH EDI
00438E92 |. 8B7D 08
MOV EDI,DWORD PTR SS:[ARG.1]
00438E95 |. E8 78C4FFFF CALL 00435312
; [SystemIn
fo.00435312
00438E9A |. 8BF0
MOV ESI,EAX
00438E9C |. 8BD7
MOV EDX,EDI
00438E9E |. 81C6 9C000000 ADD ESI,9C
00438EA4 |. E8 86FFFFFF CALL 00438E2F
; [SystemIn
fo.00438E2F
00438EA9 |. 8BF8
MOV EDI,EAX
00438EAB |. 6A 78
PUSH 78
; /Count =
120.
00438EAD |. 8D45 84
LEA EAX,[LOCAL.31]
; |
00438EB0 |. 50
PUSH EAX
; |pData =>
OFFSET LOCAL.31
00438EB1 |. 8B46 14
MOV EAX,DWORD PTR DS:[ESI+14]
; |
00438EB4 |. F7D8
NEG EAX
; |
00438EB6 |. 1BC0
SBB EAX,EAX
; |
00438EB8 |. 25 05F0FFFF AND EAX,FFFFF005
; |
00438EBD |. 05 02100000 ADD EAX,1002
; |
00438EC2 |. 50
PUSH EAX
; |LCType
00438EC3 |. 57
PUSH EDI
; |Locale
00438EC4 |. FF15 64804400 CALL DWORD PTR DS:[<&KERNEL32.GetLocaleI ; \KERNEL32
.GetLocaleInfoA
00438ECA |. 85C0
TEST EAX,EAX
00438ECC |. 75 06
JNE SHORT 00438ED4
00438ECE |. 2146 08
AND DWORD PTR DS:[ESI+8],EAX
00438ED1 |. 40
INC EAX
00438ED2 |. EB 32
JMP SHORT 00438F06
00438ED4 |> 8D45 84
LEA EAX,[LOCAL.31]
00438ED7 |. 50
PUSH EAX
; /Arg2 =>
OFFSET LOCAL.31
00438ED8 |. FF76 04
PUSH DWORD PTR DS:[ESI+4]
; |Arg1
00438EDB |. E8 52710000 CALL 00440032
; \SystemIn
fo.00440032
00438EE0 |. 59
POP ECX
00438EE1 |. 59
POP ECX
00438EE2 |. 85C0
TEST EAX,EAX
00438EE4 |. 75 15
JNE SHORT 00438EFB
00438EE6 |. 57
PUSH EDI
; /Arg1
00438EE7 |. E8 1FFFFFFF CALL 00438E0B
; \SystemIn
fo.00438E0B
00438EEC |. 59
POP ECX
00438EED |. 85C0
TEST EAX,EAX

00438EEF |. 74 0A
JE SHORT 00438EFB
00438EF1 |. 834E 08 04
OR DWORD PTR DS:[ESI+8],00000004
00438EF5 |. 897E 1C
MOV DWORD PTR DS:[ESI+1C],EDI
00438EF8 |. 897E 18
MOV DWORD PTR DS:[ESI+18],EDI
00438EFB |> 8B46 08
MOV EAX,DWORD PTR DS:[ESI+8]
00438EFE |. C1E8 02
SHR EAX,2
00438F01 |. F7D0
NOT EAX
00438F03 |. 83E0 01
AND EAX,00000001
00438F06 |> 8B4D FC
MOV ECX,DWORD PTR SS:[LOCAL.1]
00438F09 |. 5F
POP EDI
00438F0A |. 33CD
XOR ECX,EBP
00438F0C |. 5E
POP ESI
00438F0D |. E8 DF57FFFF CALL 0042E6F1
00438F12 |. C9
LEAVE
00438F13 \. C2 0400
RETN 4
00438F16 /$ 8BFF
MOV EDI,EDI
o.00438F16(guessed Arg1,Arg2)
00438F18 |. 55
PUSH EBP
00438F19 |. 8BEC
MOV EBP,ESP
00438F1B |. 83EC 7C
SUB ESP,7C
00438F1E |. A1 A0154500 MOV EAX,DWORD PTR DS:[4515A0]
00438F23 |. 33C5
XOR EAX,EBP
00438F25 |. 8945 FC
MOV DWORD PTR SS:[LOCAL.1],EAX
00438F28 |. 56
PUSH ESI
00438F29 |. 6A 78
PUSH 78
120.
00438F2B |. 8D45 84
LEA EAX,[LOCAL.31]
00438F2E |. 50
PUSH EAX
OFFSET LOCAL.31
00438F2F |. 8B45 08
MOV EAX,DWORD PTR SS:[ARG.1]
00438F32 |. 25 FF030000 AND EAX,000003FF
00438F37 |. 6A 01
PUSH 1
1
00438F39 |. 0D 00040000 OR EAX,00000400
00438F3E |. 50
PUSH EAX
00438F3F |. 8BF1
MOV ESI,ECX
00438F41 |. FF15 64804400 CALL DWORD PTR DS:[<&KERNEL32.GetLocaleI
.GetLocaleInfoA
00438F47 |. 85C0
TEST EAX,EAX
00438F49 |. 75 04
JNE SHORT 00438F4F
00438F4B |> 33C0
XOR EAX,EAX
00438F4D |. EB 2E
JMP SHORT 00438F7D
00438F4F |> 8D55 84
LEA EDX,[LOCAL.31]
00438F52 |. E8 D8FEFFFF CALL 00438E2F
fo.00438E2F
00438F57 |. 3945 08
CMP DWORD PTR SS:[ARG.1],EAX
00438F5A |. 74 1E
JE SHORT 00438F7A
00438F5C |. 837D 0C 00
CMP DWORD PTR SS:[ARG.2],0
00438F60 |. 74 18
JE SHORT 00438F7A
00438F62 |. 8B36
MOV ESI,DWORD PTR DS:[ESI]
00438F64 |. 57
PUSH EDI
00438F65 |. 8BD6
MOV EDX,ESI
00438F67 |. E8 F7FEFFFF CALL 00438E63
00438F6C |. 56
PUSH ESI
[ARG.ECX]
00438F6D |. 8BF8
MOV EDI,EAX
00438F6F |. E8 0C53FFFF CALL 0042E280
fo.0042E280
00438F74 |. 59
POP ECX
00438F75 |. 3BF8
CMP EDI,EAX

; SystemInf

; /Count =
; |
; |pData =>
; |
; |
; |LCType =
;
;
;
;

|
|Locale
|
\KERNEL32

; [SystemIn

; /Arg1 =>
; |
; \SystemIn

00438F77 |. 5F
00438F78 |.^ 74 D1
00438F7A |> 33C0
00438F7C |. 40
00438F7D |> 8B4D FC
00438F80 |. 33CD
00438F82 |. 5E
00438F83 |. E8 6957FFFF
00438F88 |. C9
00438F89 \. C3
00438F8A
8BFF
00438F8C /. 55
00438F8D |. 8BEC
00438F8F |. 83EC 7C
00438F92 |. A1 A0154500
00438F97 |. 33C5
00438F99 |. 8945 FC
00438F9C |. 53
00438F9D |. 56
00438F9E |. 57
00438F9F |. 8B7D 08
00438FA2 |. E8 6BC3FFFF
fo.00435312
00438FA7 |. 8BF0
00438FA9 |. 8BD7
00438FAB |. 81C6 9C000000
00438FB1 |. E8 79FEFFFF
fo.00438E2F
00438FB6 |. 8B1D 64804400
00438FBC |. 8BF8
00438FBE |. 6A 78
120.
00438FC0 |. 8D45 84
00438FC3 |. 50
OFFSET LOCAL.31
00438FC4 |. 8B46 14
00438FC7 |. F7D8
00438FC9 |. 1BC0
00438FCB |. 25 05F0FFFF
00438FD0 |. 05 02100000
00438FD5 |. 50
00438FD6 |. 57
00438FD7 |. FFD3
.GetLocaleInfoA
00438FD9 |. 85C0
00438FDB |. 75 0C
00438FDD |> 8366 08 00
00438FE1 |. 33C0
00438FE3 |. 40
00438FE4 |. E9 62010000
00438FE9 |> 8D45 84
00438FEC |. 50
OFFSET LOCAL.31
00438FED |. FF76 04
00438FF0 |. E8 3D700000
fo.00440032
00438FF5 |. 59
00438FF6 |. 59
00438FF7 |. 85C0
00438FF9 |. 0F85 91000000

POP EDI
JE SHORT 00438F4B
XOR EAX,EAX
INC EAX
MOV ECX,DWORD PTR SS:[LOCAL.1]
XOR ECX,EBP
POP ESI
CALL 0042E6F1
LEAVE
RETN
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
SUB ESP,7C
MOV EAX,DWORD PTR DS:[4515A0]
XOR EAX,EBP
MOV DWORD PTR SS:[LOCAL.1],EAX
PUSH EBX
PUSH ESI
PUSH EDI
MOV EDI,DWORD PTR SS:[ARG.1]
CALL 00435312
MOV ESI,EAX
MOV EDX,EDI
ADD ESI,9C
CALL 00438E2F

; Callback

; [SystemIn

; [SystemIn

MOV EBX,DWORD PTR DS:[<&KERNEL32.GetLoca


MOV EDI,EAX
PUSH 78
; /Count =
LEA EAX,[LOCAL.31]
PUSH EAX

; |
; |pData =>

MOV EAX,DWORD PTR DS:[ESI+14]


NEG EAX
SBB EAX,EAX
AND EAX,FFFFF005
ADD EAX,1002
PUSH EAX
PUSH EDI
CALL EBX

;
;
;
;
;
;
;
;

TEST EAX,EAX
JNE SHORT 00438FE9
AND DWORD PTR DS:[ESI+8],00000000
XOR EAX,EAX
INC EAX
JMP 0043914B
LEA EAX,[LOCAL.31]
PUSH EAX

; /Arg2 =>

PUSH DWORD PTR DS:[ESI+4]


CALL 00440032

; |Arg1
; \SystemIn

POP ECX
POP ECX
TEST EAX,EAX
JNE 00439090

|
|
|
|
|
|LCType
|Locale
\KERNEL32

00438FFF |. 6A 78
00439001 |. 8D45 84
00439004 |. 50
00439005 |. 8B46 10
00439008 |. F7D8
0043900A |. 1BC0
0043900C |. 25 02F0FFFF
00439011 |. 05 01100000
00439016 |. 50
00439017 |. 57
00439018 |. FFD3
0043901A |. 85C0
0043901C |.^ 74 BF
0043901E |. 8D45 84
00439021 |. 50
OFFSET LOCAL.31
00439022 |. FF36
00439024 |. E8 09700000
fo.00440032
00439029 |. 59
0043902A |. 59
0043902B |. 85C0
0043902D |. 75 0C
0043902F |. 814E 08 04030
00439036 |. 897E 18
00439039 |. EB 52
0043903B |> F646 08 02
0043903F |. 75 4F
00439041 |. 8B46 0C
00439044 |. 85C0
00439046 |. 74 2C
00439048 |. 50
00439049 |. 8D45 84
0043904C |. 50
OFFSET LOCAL.31
0043904D |. FF36
0043904F |. E8 10730000
fo.00440364
00439054 |. 83C4 0C
00439057 |. 85C0
00439059 |. 75 19
0043905B |. FF36
0043905D |. 834E 08 02
00439061 |. 897E 1C
00439064 |. E8 1752FFFF
fo.0042E280
00439069 |. 59
0043906A |. 3B46 0C
0043906D |. 75 21
0043906F |. 897E 18
00439072 |. EB 1C
00439074 |> 8B56 08
00439077 |. F6C2 01
0043907A |. 75 14
0043907C |. 57
0043907D |. E8 89FDFFFF
fo.00438E0B
00439082 |. 59
00439083 |. 85C0
00439085 |. 74 09

PUSH 78
LEA EAX,[LOCAL.31]
PUSH EAX
MOV EAX,DWORD PTR DS:[ESI+10]
NEG EAX
SBB EAX,EAX
AND EAX,FFFFF002
ADD EAX,1001
PUSH EAX
PUSH EDI
CALL EBX
TEST EAX,EAX
JE SHORT 00438FDD
LEA EAX,[LOCAL.31]
PUSH EAX

; /Arg2 =>

PUSH DWORD PTR DS:[ESI]


CALL 00440032

; |Arg1
; \SystemIn

POP ECX
POP ECX
TEST EAX,EAX
JNE SHORT 0043903B
OR DWORD PTR DS:[ESI+8],00000304
MOV DWORD PTR DS:[ESI+18],EDI
JMP SHORT 0043908D
TEST BYTE PTR DS:[ESI+8],02
JNE SHORT 00439090
MOV EAX,DWORD PTR DS:[ESI+0C]
TEST EAX,EAX
JE SHORT 00439074
PUSH EAX
LEA EAX,[LOCAL.31]
PUSH EAX

; /Arg3
; |
; |Arg2 =>

PUSH DWORD PTR DS:[ESI]


CALL 00440364

; |Arg1
; \SystemIn

ADD ESP,0C
TEST EAX,EAX
JNE SHORT 00439074
PUSH DWORD PTR DS:[ESI]
OR DWORD PTR DS:[ESI+8],00000002
MOV DWORD PTR DS:[ESI+1C],EDI
CALL 0042E280

;
;
;
;

POP ECX
CMP EAX,DWORD PTR DS:[ESI+0C]
JNE SHORT 00439090
MOV DWORD PTR DS:[ESI+18],EDI
JMP SHORT 00439090
MOV EDX,DWORD PTR DS:[ESI+8]
TEST DL,01
JNE SHORT 00439090
PUSH EDI
CALL 00438E0B

; /Arg1
; \SystemIn

POP ECX
TEST EAX,EAX
JE SHORT 00439090

/Arg1
|
|
\SystemIn

00439087 |. 83CA 01
0043908A |. 8956 08
0043908D |> 897E 1C
00439090 |> 8B4E 08
00439093 |. B8 00030000
00439098 |. 23C8
0043909A |. 3BC8
0043909C |. 0F84 9E000000
004390A2 |. 6A 78
004390A4 |. 8D45 84
004390A7 |. 50
004390A8 |. 8B46 10
004390AB |. F7D8
004390AD |. 1BC0
004390AF |. 25 02F0FFFF
004390B4 |. 05 01100000
004390B9 |. 50
004390BA |. 57
004390BB |. FFD3
004390BD |. 85C0
004390BF |.^ 0F84 18FFFFFF
004390C5 |. 8D45 84
004390C8 |. 50
OFFSET LOCAL.31
004390C9 |. FF36
004390CB |. E8 626F0000
fo.00440032
004390D0 |. 59
004390D1 |. 33DB
004390D3 |. 59
004390D4 |. 85C0
004390D6 |. 75 2F
004390D8 |. 814E 08 00020
004390DF |. 8B46 08
004390E2 |. 395E 10
004390E5 |. 74 0A
004390E7 |. 0D 00010000
004390EC |. 8946 08
004390EF |. EB 47
004390F1 |> 395E 0C
004390F4 |. 74 3B
004390F6 |. FF36
004390F8 |. E8 8351FFFF
fo.0042E280
004390FD |. 59
004390FE |. 3B46 0C
00439101 |. 75 2E
00439103 |. 6A 01
00439105 |. EB 1C
00439107 |> 395E 10
0043910A |. 75 34
0043910C |. 395E 0C
0043910F |. 74 2F
00439111 |. 8D45 84
00439114 |. 50
OFFSET LOCAL.31
00439115 |. FF36
00439117 |. E8 166F0000
fo.00440032
0043911C |. 59

OR EDX,00000001
MOV DWORD PTR DS:[ESI+8],EDX
MOV DWORD PTR DS:[ESI+1C],EDI
MOV ECX,DWORD PTR DS:[ESI+8]
MOV EAX,300
AND ECX,EAX
CMP ECX,EAX
JE 00439140
PUSH 78
LEA EAX,[LOCAL.31]
PUSH EAX
MOV EAX,DWORD PTR DS:[ESI+10]
NEG EAX
SBB EAX,EAX
AND EAX,FFFFF002
ADD EAX,1001
PUSH EAX
PUSH EDI
CALL EBX
TEST EAX,EAX
JE 00438FDD
LEA EAX,[LOCAL.31]
PUSH EAX

; /Arg2 =>

PUSH DWORD PTR DS:[ESI]


CALL 00440032

; |Arg1
; \SystemIn

POP ECX
XOR EBX,EBX
POP ECX
TEST EAX,EAX
JNE SHORT 00439107
OR DWORD PTR DS:[ESI+8],00000200
MOV EAX,DWORD PTR DS:[ESI+8]
CMP DWORD PTR DS:[ESI+10],EBX
JE SHORT 004390F1
OR EAX,00000100
MOV DWORD PTR DS:[ESI+8],EAX
JMP SHORT 00439138
CMP DWORD PTR DS:[ESI+0C],EBX
JE SHORT 00439131
PUSH DWORD PTR DS:[ESI]
CALL 0042E280

; /Arg1
; \SystemIn

POP ECX
CMP EAX,DWORD PTR DS:[ESI+0C]
JNE SHORT 00439131
PUSH 1
JMP SHORT 00439123
CMP DWORD PTR DS:[ESI+10],EBX
JNE SHORT 00439140
CMP DWORD PTR DS:[ESI+0C],EBX
JE SHORT 00439140
LEA EAX,[LOCAL.31]
PUSH EAX

; /Arg2 =>

PUSH DWORD PTR DS:[ESI]


CALL 00440032

; |Arg1
; \SystemIn

POP ECX

0043911D |. 59
0043911E |. 85C0
00439120 |. 75 1E
00439122 |. 53
00439123 |> 57
00439124 |. 8BCE
00439126 |. E8 EBFDFFFF
fo.00438F16
0043912B |. 59
0043912C |. 59
0043912D |. 85C0
0043912F |. 74 0F
00439131 |> 814E 08 00010
00439138 |> 395E 18
0043913B |. 75 03
0043913D |. 897E 18
00439140 |> 8B46 08
00439143 |. C1E8 02
00439146 |. F7D0
00439148 |. 83E0 01
0043914B |> 8B4D FC
0043914E |. 5F
0043914F |. 5E
00439150 |. 33CD
00439152 |. 5B
00439153 |. E8 9955FFFF
00439158 |. C9
00439159 \. C2 0400
0043915C
8BFF
0043915E /. 55
0043915F |. 8BEC
00439161 |. 83EC 7C
00439164 |. A1 A0154500
00439169 |. 33C5
0043916B |. 8945 FC
0043916E |. 56
0043916F |. 57
00439170 |. 8B7D 08
00439173 |. E8 9AC1FFFF
fo.00435312
00439178 |. 8BF0
0043917A |. 8BD7
0043917C |. 81C6 9C000000
00439182 |. E8 A8FCFFFF
fo.00438E2F
00439187 |. 8BF8
00439189 |. 6A 78
120.
0043918B |. 8D45 84
0043918E |. 50
OFFSET LOCAL.31
0043918F |. 8B46 10
00439192 |. F7D8
00439194 |. 1BC0
00439196 |. 25 02F0FFFF
0043919B |. 05 01100000
004391A0 |. 50
004391A1 |. 57
004391A2 |. FF15 64804400
.GetLocaleInfoA

POP ECX
TEST EAX,EAX
JNE SHORT 00439140
PUSH EBX
PUSH EDI
MOV ECX,ESI
CALL 00438F16
POP ECX
POP ECX
TEST EAX,EAX
JE SHORT 00439140
OR DWORD PTR DS:[ESI+8],00000100
CMP DWORD PTR DS:[ESI+18],EBX
JNE SHORT 00439140
MOV DWORD PTR DS:[ESI+18],EDI
MOV EAX,DWORD PTR DS:[ESI+8]
SHR EAX,2
NOT EAX
AND EAX,00000001
MOV ECX,DWORD PTR SS:[LOCAL.1]
POP EDI
POP ESI
XOR ECX,EBP
POP EBX
CALL 0042E6F1
LEAVE
RETN 4
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
SUB ESP,7C
MOV EAX,DWORD PTR DS:[4515A0]
XOR EAX,EBP
MOV DWORD PTR SS:[LOCAL.1],EAX
PUSH ESI
PUSH EDI
MOV EDI,DWORD PTR SS:[ARG.1]
CALL 00435312

; |Arg1
; |
; \SystemIn

; Callback

; [SystemIn

MOV ESI,EAX
MOV EDX,EDI
ADD ESI,9C
CALL 00438E2F

; [SystemIn

MOV EDI,EAX
PUSH 78

; /Count =

LEA EAX,[LOCAL.31]
PUSH EAX

; |
; |pData =>

MOV EAX,DWORD PTR DS:[ESI+10]


NEG EAX
SBB EAX,EAX
AND EAX,FFFFF002
ADD EAX,1001
PUSH EAX
PUSH EDI
CALL DWORD PTR DS:[<&KERNEL32.GetLocaleI

;
;
;
;
;
;
;
;

|
|
|
|
|
|LCType
|Locale
\KERNEL32

004391A8 |. 85C0
004391AA |. 75 06
004391AC |. 2146 08
004391AF |. 40
004391B0 |. EB 5B
004391B2 |> 8D45 84
004391B5 |. 50
OFFSET LOCAL.31
004391B6 |. FF36
004391B8 |. E8 756E0000
fo.00440032
004391BD |. 59
004391BE |. 59
004391BF |. 85C0
004391C1 |. 75 09
004391C3 |. 3946 10
004391C6 |. 75 30
004391C8 |. 6A 01
004391CA |. EB 1E
004391CC |> 837E 10 00
004391D0 |. 75 30
004391D2 |. 837E 0C 00
004391D6 |. 74 2A
004391D8 |. 8D45 84
004391DB |. 50
OFFSET LOCAL.31
004391DC |. FF36
004391DE |. E8 4F6E0000
fo.00440032
004391E3 |. 59
004391E4 |. 59
004391E5 |. 85C0
004391E7 |. 75 19
004391E9 |. 50
004391EA |> 57
004391EB |. 8BCE
004391ED |. E8 24FDFFFF
fo.00438F16
004391F2 |. 59
004391F3 |. 59
004391F4 |. 85C0
004391F6 |. 74 0A
004391F8 |> 834E 08 04
004391FC |. 897E 18
004391FF |. 897E 1C
00439202 |> 8B46 08
00439205 |. C1E8 02
00439208 |. F7D0
0043920A |. 83E0 01
0043920D |> 8B4D FC
00439210 |. 5F
00439211 |. 33CD
00439213 |. 5E
00439214 |. E8 D854FFFF
00439219 |. C9
0043921A \. C2 0400
0043921D /$ FF36
[ARG.ESI]
0043921F |. E8 5C50FFFF
fo.0042E280

TEST EAX,EAX
JNE SHORT 004391B2
AND DWORD PTR DS:[ESI+8],EAX
INC EAX
JMP SHORT 0043920D
LEA EAX,[LOCAL.31]
PUSH EAX

; /Arg2 =>

PUSH DWORD PTR DS:[ESI]


CALL 00440032

; |Arg1
; \SystemIn

POP ECX
POP ECX
TEST EAX,EAX
JNE SHORT 004391CC
CMP DWORD PTR DS:[ESI+10],EAX
JNE SHORT 004391F8
PUSH 1
JMP SHORT 004391EA
CMP DWORD PTR DS:[ESI+10],0
JNE SHORT 00439202
CMP DWORD PTR DS:[ESI+0C],0
JE SHORT 00439202
LEA EAX,[LOCAL.31]
PUSH EAX

; /Arg2 =>

PUSH DWORD PTR DS:[ESI]


CALL 00440032

; |Arg1
; \SystemIn

POP ECX
POP ECX
TEST EAX,EAX
JNE SHORT 00439202
PUSH EAX
PUSH EDI
MOV ECX,ESI
CALL 00438F16

; |Arg1
; |
; \SystemIn

POP ECX
POP ECX
TEST EAX,EAX
JE SHORT 00439202
OR DWORD PTR DS:[ESI+8],00000004
MOV DWORD PTR DS:[ESI+18],EDI
MOV DWORD PTR DS:[ESI+1C],EDI
MOV EAX,DWORD PTR DS:[ESI+8]
SHR EAX,2
NOT EAX
AND EAX,00000001
MOV ECX,DWORD PTR SS:[LOCAL.1]
POP EDI
XOR ECX,EBP
POP ESI
CALL 0042E6F1
LEAVE
RETN 4
PUSH DWORD PTR DS:[ESI]

; /Arg1 =>

CALL 0042E280

; \SystemIn

00439224 |. FF76 04
[ARG.ESI+4]
00439227 |. 83E8 03
0043922A |. F7D8
EAX to boolean
0043922C |. 1BC0
0043922E |. 40
0043922F |. 8946 10
00439232 |. E8 4950FFFF
fo.0042E280
00439237 |. 83E8 03
0043923A |. F7D8
EAX to boolean
0043923C |. 1BC0
0043923E |. 8366 18 00
00439242 |. 40
00439243 |. 837E 10 00
00439247 |. 59
00439248 |. 59
00439249 |. 8946 14
0043924C |. 74 05
0043924E |. 6A 02
00439250 |. 58
00439251 |. EB 07
00439253 |> 8B16
00439255 |. E8 09FCFFFF
0043925A |> 6A 01
LCID_INSTALLED
0043925C |. 68 8A8F4300
= SystemInfo.438F8A
00439261 |. 8946 0C
00439264 |. FF15 B4814400
.EnumSystemLocalesA
0043926A |. 8B46 08
0043926D |. A9 00010000
00439272 |. 74 0B
00439274 |. A9 00020000
00439279 |. 74 04
0043927B |. A8 07
0043927D |. 75 04
0043927F |> 8366 08 00
00439283 \> C3
00439284 /$ FF36
[ARG.ESI]
00439286 |. E8 F54FFFFF
fo.0042E280
0043928B |. 83E8 03
0043928E |. F7D8
EAX to boolean
00439290 |. 1BC0
00439292 |. 40
00439293 |. 59
00439294 |. 8946 10
00439297 |. 74 05
00439299 |. 6A 02
0043929B |. 58
0043929C |. EB 07
0043929E |> 8B16
004392A0 |. E8 BEFBFFFF
004392A5 |> 6A 01

PUSH DWORD PTR DS:[ESI+4]

; /Arg1 =>

SUB EAX,3
NEG EAX

; |
; |Converts

SBB EAX,EAX
INC EAX
MOV DWORD PTR DS:[ESI+10],EAX
CALL 0042E280

;
;
;
;

SUB EAX,3
NEG EAX

; Converts

SBB EAX,EAX
AND DWORD PTR DS:[ESI+18],00000000
INC EAX
CMP DWORD PTR DS:[ESI+10],0
POP ECX
POP ECX
MOV DWORD PTR DS:[ESI+14],EAX
JE SHORT 00439253
PUSH 2
POP EAX
JMP SHORT 0043925A
MOV EDX,DWORD PTR DS:[ESI]
CALL 00438E63
PUSH 1

; /Flags =

PUSH 00438F8A

; |EnumProc

|
|
|
\SystemIn

MOV DWORD PTR DS:[ESI+0C],EAX


; |
CALL DWORD PTR DS:[<&KERNEL32.EnumSystem ; \KERNEL32
MOV EAX,DWORD PTR DS:[ESI+8]
TEST EAX,00000100
JE SHORT 0043927F
TEST EAX,00000200
JE SHORT 0043927F
TEST AL,07
JNE SHORT 00439283
AND DWORD PTR DS:[ESI+8],00000000
RETN
PUSH DWORD PTR DS:[ESI]

; /Arg1 =>

CALL 0042E280

; \SystemIn

SUB EAX,3
NEG EAX

; Converts

SBB EAX,EAX
INC EAX
POP ECX
MOV DWORD PTR DS:[ESI+10],EAX
JE SHORT 0043929E
PUSH 2
POP EAX
JMP SHORT 004392A5
MOV EDX,DWORD PTR DS:[ESI]
CALL 00438E63
PUSH 1

; /Flags =

LCID_INSTALLED
004392A7 |. 68 5C914300 PUSH 0043915C
= SystemInfo.43915C
004392AC |. 8946 0C
MOV DWORD PTR DS:[ESI+0C],EAX
004392AF |. FF15 B4814400 CALL DWORD PTR DS:[<&KERNEL32.EnumSystem
.EnumSystemLocalesA
004392B5 |. F646 08 04
TEST BYTE PTR DS:[ESI+8],04
004392B9 |. 75 04
JNE SHORT 004392BF
004392BB |. 8366 08 00
AND DWORD PTR DS:[ESI+8],00000000
004392BF \> C3
RETN
004392C0 /$ 8BFF
MOV EDI,EDI
o.004392C0(guessed Arg1,Arg2,Arg3)
004392C2 |. 55
PUSH EBP
004392C3 |. 8BEC
MOV EBP,ESP
004392C5 |. 53
PUSH EBX
004392C6 |. 56
PUSH ESI
004392C7 |. 57
PUSH EDI
004392C8 |. E8 45C0FFFF CALL 00435312
fo.00435312
004392CD |. 8B5D 08
MOV EBX,DWORD PTR SS:[ARG.1]
004392D0 |. 8BF0
MOV ESI,EAX
004392D2 |. 81C6 9C000000 ADD ESI,9C
004392D8 |. 85DB
TEST EBX,EBX
ases 0..FFFFFFC0, 3 exits)
004392DA |. 75 0C
JNE SHORT 004392E8
004392DC |. 814E 08 04010 OR DWORD PTR DS:[ESI+8],00000104
switch SystemInfo.4392D8
004392E3 |. E9 BD000000 JMP 004393A5
004392E8 |> 8D43 40
LEA EAX,[EBX+40]
004392EB |. 8D7E 04
LEA EDI,[ESI+4]
004392EE |. 891E
MOV DWORD PTR DS:[ESI],EBX
004392F0 |. 8907
MOV DWORD PTR DS:[EDI],EAX
004392F2 |. 85C0
TEST EAX,EAX
004392F4 |. 74 15
JE SHORT 0043930B
004392F6 |. 8038 00
CMP BYTE PTR DS:[EAX],0
ase of switch SystemInfo.4392D8
004392F9 |. 74 10
JE SHORT 0043930B
004392FB |. 57
PUSH EDI
004392FC |. 6A 16
PUSH 16
6
004392FE |. 68 C0B04400 PUSH OFFSET 0044B0C0
ystemInfo.44B0C0, PTR to ASCII "america"
00439303 |. E8 FDF9FFFF CALL 00438D05
fo.00438D05
00439308 |. 83C4 0C
ADD ESP,0C
0043930B |> 8B06
MOV EAX,DWORD PTR DS:[ESI]
FFC0 of switch SystemInfo.4392D8
0043930D |. 8366 08 00
AND DWORD PTR DS:[ESI+8],00000000
00439311 |. 85C0
TEST EAX,EAX
00439313 |. 74 53
JE SHORT 00439368
00439315 |. 8038 00
CMP BYTE PTR DS:[EAX],0
00439318 |. 74 4E
JE SHORT 00439368
0043931A |. 8B07
MOV EAX,DWORD PTR DS:[EDI]
0043931C |. 85C0
TEST EAX,EAX
0043931E |. 74 0C
JE SHORT 0043932C
00439320 |. 8038 00
CMP BYTE PTR DS:[EAX],0
00439323 |. 74 07
JE SHORT 0043932C
00439325 |. E8 F3FEFFFF CALL 0043921D
0043932A |. EB 05
JMP SHORT 00439331
0043932C |> E8 53FFFFFF CALL 00439284

; |EnumProc
; |
; \KERNEL32

; SystemInf

; [SystemIn

; Switch (c
; Case 0 of

; Default c
; /Arg3
; |Arg2 = 1
; |Arg1 = S
; \SystemIn
; Case FFFF

00439331 |> 837E 08 00


CMP DWORD PTR DS:[ESI+8],0
00439335 |. 0F85 80000000 JNE 004393BB
0043933B |. 56
PUSH ESI
0043933C |. 6A 40
PUSH 40
0
0043933E |. 68 B8AE4400 PUSH OFFSET 0044AEB8
ystemInfo.44AEB8, PTR to ASCII "american"
00439343 |. E8 BDF9FFFF CALL 00438D05
fo.00438D05
00439348 |. 83C4 0C
ADD ESP,0C
0043934B |. 85C0
TEST EAX,EAX
0043934D |. 74 62
JE SHORT 004393B1
0043934F |. 8B3F
MOV EDI,DWORD PTR DS:[EDI]
00439351 |. 85FF
TEST EDI,EDI
00439353 |. 74 0C
JE SHORT 00439361
00439355 |. 803F 00
CMP BYTE PTR DS:[EDI],0
00439358 |. 74 07
JE SHORT 00439361
0043935A |. E8 BEFEFFFF CALL 0043921D
0043935F |. EB 50
JMP SHORT 004393B1
00439361 |> E8 1EFFFFFF CALL 00439284
00439366 |. EB 49
JMP SHORT 004393B1
00439368 |> 8B3F
MOV EDI,DWORD PTR DS:[EDI]
0043936A |. 85FF
TEST EDI,EDI
0043936C |. 74 30
JE SHORT 0043939E
0043936E |. 803F 00
CMP BYTE PTR DS:[EDI],0
00439371 |. 74 2B
JE SHORT 0043939E
00439373 |. 57
PUSH EDI
00439374 |. E8 074FFFFF CALL 0042E280
fo.0042E280
00439379 |. 83E8 03
SUB EAX,3
0043937C |. F7D8
NEG EAX
EAX to boolean
0043937E |. 59
POP ECX
0043937F |. 1BC0
SBB EAX,EAX
00439381 |. 6A 01
PUSH 1
LCID_INSTALLED
00439383 |. 40
INC EAX
00439384 |. 68 7E8E4300 PUSH 00438E7E
= SystemInfo.438E7E
00439389 |. 8946 14
MOV DWORD PTR DS:[ESI+14],EAX
0043938C |. FF15 B4814400 CALL DWORD PTR DS:[<&KERNEL32.EnumSystem
.EnumSystemLocalesA
00439392 |. F646 08 04
TEST BYTE PTR DS:[ESI+8],04
00439396 |. 75 19
JNE SHORT 004393B1
00439398 |. 8366 08 00
AND DWORD PTR DS:[ESI+8],00000000
0043939C |. EB 13
JMP SHORT 004393B1
0043939E |> C746 08 04010 MOV DWORD PTR DS:[ESI+8],104
004393A5 |> FF15 B0814400 CALL DWORD PTR DS:[<&KERNEL32.GetUserDef
004393AB |. 8946 18
MOV DWORD PTR DS:[ESI+18],EAX
004393AE |. 8946 1C
MOV DWORD PTR DS:[ESI+1C],EAX
004393B1 |> 837E 08 00
CMP DWORD PTR DS:[ESI+8],0
004393B5 |. 0F84 EF000000 JE 004394AA
004393BB |> 8BCB
MOV ECX,EBX
004393BD |. 83EB 80
SUB EBX,-80
004393C0 |. F7D9
NEG ECX
004393C2 |. 1BC9
SBB ECX,ECX
004393C4 |. 23CB
AND ECX,EBX
004393C6 |. 8BFE
MOV EDI,ESI
004393C8 |. E8 9AF9FFFF CALL 00438D67
004393CD |. 8BF8
MOV EDI,EAX

; /Arg3
; |Arg2 = 4
; |Arg1 = S
; \SystemIn

; /Arg1
; \SystemIn
; Converts

; /Flags =
; |
; |EnumProc
; |
; \KERNEL32

004393CF |. 897D 08
004393D2 |. 85FF
004393D4 |. 0F84 D0000000
004393DA |. 81FF E8FD0000
004393E0 |. 0F84 C4000000
004393E6 |. 81FF E9FD0000
004393EC |. 0F84 B8000000
004393F2 |. 0FB7C7
004393F5 |. 50
004393F6 |. FF15 B0804400
.IsValidCodePage
004393FC |. 85C0
004393FE |. 0F84 A6000000
00439404 |. 6A 01
LCID_INSTALLED
00439406 |. FF76 18
00439409 |. FF15 B8814400
.IsValidLocale
0043940F |. 85C0
00439411 |. 0F84 93000000
00439417 |. 8B45 0C
0043941A |. 85C0
0043941C |. 74 13
0043941E |. 66:8B4E 18
00439422 |. 66:8908
00439425 |. 66:8B4E 1C
00439429 |. 66:8948 02
0043942D |. 66:8978 04
00439431 |> 8B5D 10
00439434 |. 85DB
00439436 |. 74 6D
00439438 |. 8B3D 64804400
0043943E |. B9 14080000
00439443 |. 66:3908
00439446 |. 75 25
00439448 |. 68 98B14400
SCII "Norwegian-Nynorsk"
0043944D |. 6A 40
0
0043944F |. 53
[ARG.3]
00439450 |. E8 2AC5FFFF
fo.0043597F
00439455 |. 83C4 0C
00439458 |. 85C0
0043945A |. 74 22
0043945C |. 33C0
0043945E |. 50
0043945F |. 50
00439460 |. 50
00439461 |. 50
00439462 |. 50
00439463 |. E8 D252FFFF
00439468 |. 83C4 14
0043946B |. EB 11
0043946D |> 6A 40
64.
0043946F |. 53
[ARG.3]
00439470 |. 68 01100000

MOV DWORD PTR SS:[ARG.1],EDI


TEST EDI,EDI
JE 004394AA
CMP EDI,0FDE8
JE 004394AA
CMP EDI,0FDE9
JE 004394AA
MOVZX EAX,DI
PUSH EAX
; /Code
CALL DWORD PTR DS:[<&KERNEL32.IsValidCod ; \KERNEL32
TEST EAX,EAX
JE 004394AA
PUSH 1

; /Flags =

PUSH DWORD PTR DS:[ESI+18]


; |Locale
CALL DWORD PTR DS:[<&KERNEL32.IsValidLoc ; \KERNEL32
TEST EAX,EAX
JE 004394AA
MOV EAX,DWORD PTR SS:[ARG.2]
TEST EAX,EAX
JE SHORT 00439431
MOV CX,WORD PTR DS:[ESI+18]
MOV WORD PTR DS:[EAX],CX
MOV CX,WORD PTR DS:[ESI+1C]
MOV WORD PTR DS:[EAX+2],CX
MOV WORD PTR DS:[EAX+4],DI
MOV EBX,DWORD PTR SS:[ARG.3]
TEST EBX,EBX
JE SHORT 004394A5
MOV EDI,DWORD PTR DS:[<&KERNEL32.GetLoca
MOV ECX,814
CMP WORD PTR DS:[EAX],CX
JNE SHORT 0043946D
PUSH OFFSET 0044B198
; /Arg3 = A
PUSH 40

; |Arg2 = 4

PUSH EBX

; |Arg1 =>

CALL 0043597F

; \SystemIn

ADD ESP,0C
TEST EAX,EAX
JE SHORT 0043947E
XOR EAX,EAX
PUSH EAX
PUSH EAX
PUSH EAX
PUSH EAX
PUSH EAX
CALL 0042E73A
ADD ESP,14
JMP SHORT 0043947E
PUSH 40

; /Count =

PUSH EBX

; |pData =>

PUSH 1001

; |LCType =

1001
00439475 |. FF76 18
PUSH DWORD PTR DS:[ESI+18]
00439478 |. FFD7
CALL EDI
.GetLocaleInfoA
0043947A |. 85C0
TEST EAX,EAX
0043947C |. 74 2C
JE SHORT 004394AA
0043947E |> 6A 40
PUSH 40
00439480 |. 8D43 40
LEA EAX,[EBX+40]
00439483 |. 50
PUSH EAX
00439484 |. 68 02100000 PUSH 1002
00439489 |. FF76 1C
PUSH DWORD PTR DS:[ESI+1C]
0043948C |. FFD7
CALL EDI
0043948E |. 85C0
TEST EAX,EAX
00439490 |. 74 18
JE SHORT 004394AA
00439492 |. 6A 0A
PUSH 0A
00439494 |. 6A 10
PUSH 10
00439496 |. 83EB 80
SUB EBX,-80
00439499 |. 53
PUSH EBX
0043949A |. FF75 08
PUSH DWORD PTR SS:[ARG.1]
0043949D |. E8 7FBBFFFF CALL 00435021
004394A2 |. 83C4 10
ADD ESP,10
004394A5 |> 33C0
XOR EAX,EAX
004394A7 |. 40
INC EAX
004394A8 |. EB 02
JMP SHORT 004394AC
004394AA |> 33C0
XOR EAX,EAX
004394AC |> 5F
POP EDI
004394AD |. 5E
POP ESI
004394AE |. 5B
POP EBX
004394AF |. 5D
POP EBP
004394B0 \. C3
RETN
004394B1 /$ 8BFF
MOV EDI,EDI
o.004394B1(guessed Arg1,Arg2,Arg3)
004394B3 |. 55
PUSH EBP
004394B4 |. 8BEC
MOV EBP,ESP
004394B6 |. 51
PUSH ECX
004394B7 |. 8365 FC 00
AND DWORD PTR SS:[LOCAL.1],00000000
004394BB |. 53
PUSH EBX
004394BC |. 8B5D 10
MOV EBX,DWORD PTR SS:[ARG.3]
004394BF |. 85DB
TEST EBX,EBX
ases 0..4, 3 exits)
004394C1 |. 75 07
JNE SHORT 004394CA
004394C3 |. 33C0
XOR EAX,EAX
switch SystemInfo.4394BF
004394C5 |. E9 9A000000 JMP 00439564
004394CA |> 57
PUSH EDI
004394CB |. 83FB 04
CMP EBX,4
004394CE |. 72 75
JB SHORT 00439545
004394D0 |. 8D7B FC
LEA EDI,[EBX-4]
004394D3 |. 85FF
TEST EDI,EDI
004394D5 |. 76 6E
JBE SHORT 00439545
004394D7 |. 8B4D 0C
MOV ECX,DWORD PTR SS:[ARG.2]
ase of switch SystemInfo.4394BF
004394DA |. 8B45 08
MOV EAX,DWORD PTR SS:[ARG.1]
004394DD |> 8A10
/MOV DL,BYTE PTR DS:[EAX]
004394DF |. 83C0 04
|ADD EAX,4
004394E2 |. 83C1 04
|ADD ECX,4
004394E5 |. 84D2
|TEST DL,DL
004394E7 |. 74 52
|JE SHORT 0043953B
004394E9 |. 3A51 FC
|CMP DL,BYTE PTR DS:[ECX-4]
004394EC |. 75 4D
|JNE SHORT 0043953B

; |Locale
; \KERNEL32

; SystemInf

; Switch (c
; Case 0 of

; Default c

004394EE |. 8A50 FD
|MOV DL,BYTE PTR DS:[EAX-3]
004394F1 |. 84D2
|TEST DL,DL
004394F3 |. 74 3C
|JE SHORT 00439531
004394F5 |. 3A51 FD
|CMP DL,BYTE PTR DS:[ECX-3]
004394F8 |. 75 37
|JNE SHORT 00439531
004394FA |. 8A50 FE
|MOV DL,BYTE PTR DS:[EAX-2]
004394FD |. 84D2
|TEST DL,DL
004394FF |. 74 26
|JE SHORT 00439527
00439501 |. 3A51 FE
|CMP DL,BYTE PTR DS:[ECX-2]
00439504 |. 75 21
|JNE SHORT 00439527
00439506 |. 8A50 FF
|MOV DL,BYTE PTR DS:[EAX-1]
00439509 |. 84D2
|TEST DL,DL
0043950B |. 74 10
|JE SHORT 0043951D
0043950D |. 3A51 FF
|CMP DL,BYTE PTR DS:[ECX-1]
00439510 |. 75 0B
|JNE SHORT 0043951D
00439512 |. 8345 FC 04
|ADD DWORD PTR SS:[LOCAL.1],4
00439516 |. 397D FC
|CMP DWORD PTR SS:[LOCAL.1],EDI
00439519 |.^ 72 C2
\JB SHORT 004394DD
0043951B |. EB 3F
JMP SHORT 0043955C
0043951D |> 0FB640 FF
MOVZX EAX,BYTE PTR DS:[EAX-1]
00439521 |. 0FB649 FF
MOVZX ECX,BYTE PTR DS:[ECX-1]
00439525 |. EB 46
JMP SHORT 0043956D
00439527 |> 0FB640 FE
MOVZX EAX,BYTE PTR DS:[EAX-2]
0043952B |. 0FB649 FE
MOVZX ECX,BYTE PTR DS:[ECX-2]
0043952F |. EB 3C
JMP SHORT 0043956D
00439531 |> 0FB640 FD
MOVZX EAX,BYTE PTR DS:[EAX-3]
00439535 |. 0FB649 FD
MOVZX ECX,BYTE PTR DS:[ECX-3]
00439539 |. EB 32
JMP SHORT 0043956D
0043953B |> 0FB640 FC
MOVZX EAX,BYTE PTR DS:[EAX-4]
0043953F |. 0FB649 FC
MOVZX ECX,BYTE PTR DS:[ECX-4]
00439543 |. EB 28
JMP SHORT 0043956D
00439545 |> 8B4D 0C
MOV ECX,DWORD PTR SS:[ARG.2]
2, 3, 4 of switch SystemInfo.4394BF
00439548 |. 8B45 08
MOV EAX,DWORD PTR SS:[ARG.1]
0043954B |. EB 0F
JMP SHORT 0043955C
0043954D |> 8A10
/MOV DL,BYTE PTR DS:[EAX]
0043954F |. 84D2
|TEST DL,DL
00439551 |. 74 14
|JE SHORT 00439567
00439553 |. 3A11
|CMP DL,BYTE PTR DS:[ECX]
00439555 |. 75 10
|JNE SHORT 00439567
00439557 |. 40
|INC EAX
00439558 |. 41
|INC ECX
00439559 |. FF45 FC
|INC DWORD PTR SS:[LOCAL.1]
0043955C |> 395D FC
|CMP DWORD PTR SS:[LOCAL.1],EBX
0043955F |.^ 72 EC
\JB SHORT 0043954D
00439561 |. 33C0
XOR EAX,EAX
00439563 |> 5F
POP EDI
00439564 |> 5B
POP EBX
00439565 |. C9
LEAVE
00439566 |. C3
RETN
00439567 |> 0FB600
MOVZX EAX,BYTE PTR DS:[EAX]
0043956A |. 0FB609
MOVZX ECX,BYTE PTR DS:[ECX]
0043956D |> 2BC1
SUB EAX,ECX
0043956F \.^ EB F2
JMP SHORT 00439563
00439571
CC
INT3
00439572
CC
INT3
00439573
CC
INT3
00439574
CC
INT3
00439575
CC
INT3
00439576
CC
INT3

; Cases 1,

00439577
CC
INT3
00439578
CC
INT3
00439579
CC
INT3
0043957A
CC
INT3
0043957B
CC
INT3
0043957C
CC
INT3
0043957D
CC
INT3
0043957E
CC
INT3
0043957F
CC
INT3
00439580 /$ 55
PUSH EBP
o.00439580(guessed Arg1,Arg2)
00439581 |. 8BEC
MOV EBP,ESP
00439583 |. 56
PUSH ESI
00439584 |. 33C0
XOR EAX,EAX
00439586 |. 50
PUSH EAX
00439587 |. 50
PUSH EAX
00439588 |. 50
PUSH EAX
00439589 |. 50
PUSH EAX
0043958A |. 50
PUSH EAX
0043958B |. 50
PUSH EAX
0043958C |. 50
PUSH EAX
0043958D |. 50
PUSH EAX
0043958E |. 8B55 0C
MOV EDX,DWORD PTR SS:[ARG.2]
00439591 |. 8D49 00
LEA ECX,[ECX]
00439594 |> 8A02
/MOV AL,BYTE PTR DS:[EDX]
00439596 |. 0AC0
|OR AL,AL
00439598 |. 74 09
|JE SHORT 004395A3
0043959A |. 83C2 01
|ADD EDX,1
0043959D |. 0FAB0424
|BTS DWORD PTR SS:[LOCAL.9],EAX
004395A1 |.^ EB F1
\JMP SHORT 00439594
004395A3 |> 8B75 08
MOV ESI,DWORD PTR SS:[ARG.1]
004395A6 |. 8BFF
MOV EDI,EDI
004395A8 |> 8A06
/MOV AL,BYTE PTR DS:[ESI]
004395AA |. 0AC0
|OR AL,AL
004395AC |. 74 0C
|JE SHORT 004395BA
004395AE |. 83C6 01
|ADD ESI,1
004395B1 |. 0FA30424
|BT DWORD PTR SS:[LOCAL.9],EAX
004395B5 |.^ 73 F1
\JNB SHORT 004395A8
004395B7 |. 8D46 FF
LEA EAX,[ESI-1]
004395BA |> 83C4 20
ADD ESP,20
004395BD |. 5E
POP ESI
004395BE |. C9
LEAVE
004395BF \. C3
RETN
004395C0 /$ 8BFF
MOV EDI,EDI
004395C2 |. 55
PUSH EBP
004395C3 |. 8BEC
MOV EBP,ESP
004395C5 |. 83EC 18
SUB ESP,18
004395C8 |. 53
PUSH EBX
004395C9 |. 57
PUSH EDI
004395CA |. 8B7D 10
MOV EDI,DWORD PTR SS:[ARG.3]
004395CD |. 33DB
XOR EBX,EBX
004395CF |. 3BFB
CMP EDI,EBX
004395D1 |. 75 1F
JNE SHORT 004395F2
004395D3 |> E8 25AEFFFF CALL 004343FD
fo.004343FD
004395D8 |. 53
PUSH EBX
004395D9 |. 53
PUSH EBX
004395DA |. 53
PUSH EBX
004395DB |. 53
PUSH EBX
004395DC |. 53
PUSH EBX

; SystemInf

; [SystemIn
;
;
;
;
;

/Arg5
|Arg4
|Arg3
|Arg2
|Arg1

004395DD |. C700 16000000


004395E3 |. E8 7A52FFFF
fo.0042E862
004395E8 |. 83C4 14
004395EB |. 33C0
004395ED |. E9 99010000
004395F2 |> 395D 0C
004395F5 |.^ 74 DC
004395F7 |. 56
004395F8 |. 8B75 08
004395FB |. 3BF3
004395FD |. 75 21
004395FF |. 391F
00439601 |. 75 1D
00439603 |. E8 F5ADFFFF
fo.004343FD
00439608 |. 53
00439609 |. 53
0043960A |. 53
0043960B |. 53
0043960C |. 53
0043960D |. C700 16000000
00439613 |. E8 4A52FFFF
fo.0042E862
00439618 |. 83C4 14
0043961B |. E9 57010000
00439620 |> FF75 14
[ARG.4]
00439623 |. 8D4D E8
00439626 |. E8 3A56FFFF
fo.0042EC65
0043962B |. 8B45 EC
0043962E |. 3958 08
00439631 |. 75 22
00439633 |. 57
00439634 |. FF75 0C
[ARG.2]
00439637 |. 56
00439638 |. E8 096E0000
fo.00440446
0043963D |. 83C4 0C
00439640 |. 385D F4
00439643 |. 0F84 41010000
00439649 |. 8B4D F0
0043964C |. 8361 70 FD
00439650 |. E9 35010000
00439655 |> 3BF3
00439657 |. 75 6E
00439659 |. 8B37
0043965B |. EB 6A
0043965D |> 8B7D 0C
00439660 |. 8BC7
00439662 |. 3818
00439664 |. 74 44
00439666 |> 8D45 E8
00439669 |. 50
OFFSET LOCAL.6
0043966A |. 0FB607
0043966D |. 50
0043966E |. E8 A26D0000

MOV DWORD PTR DS:[EAX],16


CALL 0042E862

; |
; \SystemIn

ADD ESP,14
XOR EAX,EAX
JMP 0043978B
CMP DWORD PTR SS:[ARG.2],EBX
JE SHORT 004395D3
PUSH ESI
MOV ESI,DWORD PTR SS:[ARG.1]
CMP ESI,EBX
JNE SHORT 00439620
CMP DWORD PTR DS:[EDI],EBX
JNE SHORT 00439620
CALL 004343FD

; [SystemIn

PUSH EBX
PUSH EBX
PUSH EBX
PUSH EBX
PUSH EBX
MOV DWORD PTR DS:[EAX],16
CALL 0042E862

;
;
;
;
;
;
;

ADD ESP,14
JMP 00439777
PUSH DWORD PTR SS:[ARG.4]

; /Arg1 =>

LEA ECX,[LOCAL.6]
CALL 0042EC65

; |
; \SystemIn

MOV EAX,DWORD PTR SS:[LOCAL.5]


CMP DWORD PTR DS:[EAX+8],EBX
JNE SHORT 00439655
PUSH EDI
PUSH DWORD PTR SS:[ARG.2]

; /Arg3
; |Arg2 =>

PUSH ESI
CALL 00440446

; |Arg1
; \SystemIn

ADD ESP,0C
CMP BYTE PTR SS:[LOCAL.3],BL
JE 0043978A
MOV ECX,DWORD PTR SS:[LOCAL.4]
AND DWORD PTR DS:[ECX+70],FFFFFFFD
JMP 0043978A
CMP ESI,EBX
JNE SHORT 004396C7
MOV ESI,DWORD PTR DS:[EDI]
JMP SHORT 004396C7
/MOV EDI,DWORD PTR SS:[ARG.2]
|MOV EAX,EDI
|CMP BYTE PTR DS:[EAX],BL
|JE SHORT 004396AA
|/LEA EAX,[LOCAL.6]
||PUSH EAX

; /Arg2 =>

||MOVZX EAX,BYTE PTR DS:[EDI]


||PUSH EAX
||CALL 00440415

; |
; |Arg1
; \SystemIn

/Arg5
|Arg4
|Arg3
|Arg2
|Arg1
|
\SystemIn

fo.00440415
00439673 |. 59
00439674 |. 59
00439675 |. 85C0
00439677 |. 74 18
00439679 |. 8D47 01
0043967C |. 8A08
0043967E |. 3ACB
00439680 |. 74 1C
00439682 |. 8A17
00439684 |. 3A16
00439686 |. 75 05
00439688 |. 3A4E 01
0043968B |. 74 1D
0043968D |> 8BF8
0043968F |. EB 06
00439691 |> 8A07
00439693 |. 3A06
00439695 |. 74 13
00439697 |> 47
00439698 |. 381F
0043969A |.^ 75 CA
0043969C |. EB 0C
0043969E |> 47
0043969F |. E8 59ADFFFF
fo.004343FD
004396A4 |. C700 2A000000
004396AA |> 381F
004396AC |. 74 2A
004396AE |. 8D45 E8
004396B1 |. 50
OFFSET LOCAL.6
004396B2 |. 0FB606
004396B5 |. 50
004396B6 |. E8 5A6D0000
fo.00440415
004396BB |. 59
004396BC |. 59
004396BD |. 85C0
004396BF |. 74 05
004396C1 |. 46
004396C2 |. 381E
004396C4 |. 74 07
004396C6 |> 46
004396C7 |> 381E
004396C9 |.^ 75 92
004396CB |. EB 0B
004396CD |> E8 2BADFFFF
fo.004343FD
004396D2 |. C700 2A000000
004396D8 |> 8975 F8
004396DB |. EB 6F
004396DD |> 8B7D 0C
004396E0 |. 8BC7
004396E2 |. 895D FC
004396E5 |. 3818
004396E7 |. 74 42
004396E9 |> 8D45 E8
004396EC |. 50
OFFSET LOCAL.6

||POP ECX
||POP ECX
||TEST EAX,EAX
||JE SHORT 00439691
||LEA EAX,[EDI+1]
||MOV CL,BYTE PTR DS:[EAX]
||CMP CL,BL
||JE SHORT 0043969E
||MOV DL,BYTE PTR DS:[EDI]
||CMP DL,BYTE PTR DS:[ESI]
||JNE SHORT 0043968D
||CMP CL,BYTE PTR DS:[ESI+1]
||JE SHORT 004396AA
||MOV EDI,EAX
||JMP SHORT 00439697
||MOV AL,BYTE PTR DS:[EDI]
||CMP AL,BYTE PTR DS:[ESI]
||JE SHORT 004396AA
||INC EDI
||CMP BYTE PTR DS:[EDI],BL
|\JNE SHORT 00439666
|JMP SHORT 004396AA
|INC EDI
|CALL 004343FD

; [SystemIn

|MOV DWORD PTR DS:[EAX],2A


|CMP BYTE PTR DS:[EDI],BL
|JE SHORT 004396D8
|LEA EAX,[LOCAL.6]
|PUSH EAX

; /Arg2 =>

|MOVZX EAX,BYTE PTR DS:[ESI]


|PUSH EAX
|CALL 00440415

; |
; |Arg1
; \SystemIn

|POP ECX
|POP ECX
|TEST EAX,EAX
|JE SHORT 004396C6
|INC ESI
|CMP BYTE PTR DS:[ESI],BL
|JE SHORT 004396CD
|INC ESI
|CMP BYTE PTR DS:[ESI],BL
\JNE SHORT 0043965D
JMP SHORT 004396D8
CALL 004343FD

; [SystemIn

MOV DWORD PTR DS:[EAX],2A


MOV DWORD PTR SS:[LOCAL.2],ESI
JMP SHORT 0043974C
/MOV EDI,DWORD PTR SS:[ARG.2]
|MOV EAX,EDI
|MOV DWORD PTR SS:[LOCAL.1],EBX
|CMP BYTE PTR DS:[EAX],BL
|JE SHORT 0043972B
|/LEA EAX,[LOCAL.6]
||PUSH EAX

; /Arg2 =>

004396ED |. 0FB607
004396F0 |. 50
004396F1 |. E8 1F6D0000
fo.00440415
004396F6 |. 59
004396F7 |. 59
004396F8 |. 85C0
004396FA |. 74 18
004396FC |. 8D47 01
004396FF |. 8A08
00439701 |. 3ACB
00439703 |. 74 1C
00439705 |. 8A17
00439707 |. 3A16
00439709 |. 75 05
0043970B |. 3A4E 01
0043970E |. 74 14
00439710 |> 8BF8
00439712 |. EB 06
00439714 |> 8A07
00439716 |. 3A06
00439718 |. 74 11
0043971A |> 47
0043971B |. 381F
0043971D |.^ 75 CA
0043971F |. EB 0A
00439721 |> 47
00439722 |. EB 07
00439724 |> C745 FC 01000
0043972B |> 381F
0043972D |. 75 23
0043972F |. 8D45 E8
00439732 |. 50
OFFSET LOCAL.6
00439733 |. 0FB606
00439736 |. 50
00439737 |. E8 D96C0000
fo.00440415
0043973C |. 59
0043973D |. 59
0043973E |. 85C0
00439740 |. 74 09
00439742 |. 8D46 01
00439745 |. 3818
00439747 |. 74 16
00439749 |. 8BF0
0043974B |> 46
0043974C |> 381E
0043974E |.^ 75 8D
00439750 |. EB 0F
00439752 |> 881E
00439754 |. 46
00439755 |. 395D FC
00439758 |. 74 07
0043975A |. 881E
0043975C |. 46
0043975D |. EB 02
0043975F |> 881E
00439761 |> 8B45 10
00439764 |. 8930

||MOVZX EAX,BYTE PTR DS:[EDI]


||PUSH EAX
||CALL 00440415

; |
; |Arg1
; \SystemIn

||POP ECX
||POP ECX
||TEST EAX,EAX
||JE SHORT 00439714
||LEA EAX,[EDI+1]
||MOV CL,BYTE PTR DS:[EAX]
||CMP CL,BL
||JE SHORT 00439721
||MOV DL,BYTE PTR DS:[EDI]
||CMP DL,BYTE PTR DS:[ESI]
||JNE SHORT 00439710
||CMP CL,BYTE PTR DS:[ESI+1]
||JE SHORT 00439724
||MOV EDI,EAX
||JMP SHORT 0043971A
||MOV AL,BYTE PTR DS:[EDI]
||CMP AL,BYTE PTR DS:[ESI]
||JE SHORT 0043972B
||INC EDI
||CMP BYTE PTR DS:[EDI],BL
|\JNE SHORT 004396E9
|JMP SHORT 0043972B
|INC EDI
|JMP SHORT 0043972B
|MOV DWORD PTR SS:[LOCAL.1],1
|CMP BYTE PTR DS:[EDI],BL
|JNE SHORT 00439752
|LEA EAX,[LOCAL.6]
|PUSH EAX

; /Arg2 =>

|MOVZX EAX,BYTE PTR DS:[ESI]


|PUSH EAX
|CALL 00440415

; |
; |Arg1
; \SystemIn

|POP ECX
|POP ECX
|TEST EAX,EAX
|JE SHORT 0043974B
|LEA EAX,[ESI+1]
|CMP BYTE PTR DS:[EAX],BL
|JE SHORT 0043975F
|MOV ESI,EAX
|INC ESI
|CMP BYTE PTR DS:[ESI],BL
\JNE SHORT 004396DD
JMP SHORT 00439761
MOV BYTE PTR DS:[ESI],BL
INC ESI
CMP DWORD PTR SS:[LOCAL.1],EBX
JE SHORT 00439761
MOV BYTE PTR DS:[ESI],BL
INC ESI
JMP SHORT 00439761
MOV BYTE PTR DS:[ESI],BL
MOV EAX,DWORD PTR SS:[ARG.3]
MOV DWORD PTR DS:[EAX],ESI

00439766 |. 3975 F8
CMP DWORD PTR SS:[LOCAL.2],ESI
00439769 |. 75 10
JNE SHORT 0043977B
0043976B |. 385D F4
CMP BYTE PTR SS:[LOCAL.3],BL
0043976E |. 74 07
JE SHORT 00439777
00439770 |. 8B45 F0
MOV EAX,DWORD PTR SS:[LOCAL.4]
00439773 |. 8360 70 FD
AND DWORD PTR DS:[EAX+70],FFFFFFFD
00439777 |> 33C0
XOR EAX,EAX
00439779 |. EB 0F
JMP SHORT 0043978A
0043977B |> 385D F4
CMP BYTE PTR SS:[LOCAL.3],BL
0043977E |. 74 07
JE SHORT 00439787
00439780 |. 8B45 F0
MOV EAX,DWORD PTR SS:[LOCAL.4]
00439783 |. 8360 70 FD
AND DWORD PTR DS:[EAX+70],FFFFFFFD
00439787 |> 8B45 F8
MOV EAX,DWORD PTR SS:[LOCAL.2]
0043978A |> 5E
POP ESI
0043978B |> 5F
POP EDI
0043978C |. 5B
POP EBX
0043978D |. C9
LEAVE
0043978E \. C3
RETN
0043978F /$ 8BFF
MOV EDI,EDI
o.0043978F(guessed Arg1,Arg2,Arg3)
00439791 |. 55
PUSH EBP
00439792 |. 8BEC
MOV EBP,ESP
00439794 |. 8B06
MOV EAX,DWORD PTR DS:[ESI]
00439796 |. 3945 08
CMP DWORD PTR SS:[ARG.1],EAX
00439799 |. 75 49
JNE SHORT 004397E4
0043979B |. 8B0F
MOV ECX,DWORD PTR DS:[EDI]
0043979D |. 6A 04
PUSH 4
0043979F |. 50
PUSH EAX
[ARG.ESI]
004397A0 |. 3B4D 0C
CMP ECX,DWORD PTR SS:[ARG.2]
004397A3 |. 75 2E
JNE SHORT 004397D3
004397A5 |. E8 AEB6FFFF CALL 00434E58
fo.00434E58
004397AA |. 59
POP ECX
004397AB |. 59
POP ECX
004397AC |. 8907
MOV DWORD PTR DS:[EDI],EAX
004397AE |. 85C0
TEST EAX,EAX
004397B0 |. 75 04
JNE SHORT 004397B6
004397B2 |> 33C0
XOR EAX,EAX
004397B4 |. 5D
POP EBP
004397B5 |. C3
RETN
004397B6 |> 8B45 10
MOV EAX,DWORD PTR SS:[ARG.3]
004397B9 |. C700 01000000 MOV DWORD PTR DS:[EAX],1
004397BF |. 8B06
MOV EAX,DWORD PTR DS:[ESI]
004397C1 |. 03C0
ADD EAX,EAX
004397C3 |. 50
PUSH EAX
004397C4 |. FF75 0C
PUSH DWORD PTR SS:[ARG.2]
[ARG.2]
004397C7 |. FF37
PUSH DWORD PTR DS:[EDI]
[ARG.EDI]
004397C9 |. E8 225AFFFF CALL 0042F1F0
fo.0042F1F0
004397CE |. 83C4 0C
ADD ESP,0C
004397D1 |. EB 0F
JMP SHORT 004397E2
004397D3 |> 51
PUSH ECX
[ARG.EDI]
004397D4 |. E8 19B7FFFF CALL 00434EF2
fo.00434EF2
004397D9 |. 83C4 0C
ADD ESP,0C
004397DC |. 85C0
TEST EAX,EAX

; SystemInf

; /Arg2 = 4
; |Arg1 =>
; |
; |
; \SystemIn

; /Arg3
; |Arg2 =>
; |Arg1 =>
; \SystemIn

; |Arg1 =>
; \SystemIn

004397DE |.^ 74 D2
JE SHORT 004397B2
004397E0 |. 8907
MOV DWORD PTR DS:[EDI],EAX
004397E2 |> D126
SHL DWORD PTR DS:[ESI],1
004397E4 |> 33C0
XOR EAX,EAX
004397E6 |. 40
INC EAX
004397E7 |. 5D
POP EBP
004397E8 \. C3
RETN
004397E9 /$ 8BFF
MOV EDI,EDI
004397EB |. 55
PUSH EBP
004397EC |. 8BEC
MOV EBP,ESP
004397EE |. F745 08 00FF0 TEST DWORD PTR SS:[ARG.1],0000FF00
004397F5 |. 56
PUSH ESI
004397F6 |. 75 1A
JNE SHORT 00439812
004397F8 |. 0FB775 08
MOVZX ESI,WORD PTR SS:[ARG.1]
004397FC |. 8BC6
MOV EAX,ESI
004397FE |. 25 FF000000 AND EAX,000000FF
00439803 |. 50
PUSH EAX
00439804 |. E8 56B5FFFF CALL 00434D5F
fo.00434D5F
00439809 |. 59
POP ECX
0043980A |. 85C0
TEST EAX,EAX
0043980C |. 74 04
JE SHORT 00439812
0043980E |. 8BC6
MOV EAX,ESI
00439810 |. EB 0A
JMP SHORT 0043981C
00439812 |> 0FB745 08
MOVZX EAX,WORD PTR SS:[ARG.1]
00439816 |. 83E0 DF
AND EAX,FFFFFFDF
00439819 |. 83E8 07
SUB EAX,7
0043981C |> 5E
POP ESI
0043981D |. 5D
POP EBP
0043981E \. C3
RETN
0043981F /$ 8BFF
MOV EDI,EDI
o.0043981F(guessed Arg1,Arg2)
00439821 |. 55
PUSH EBP
00439822 |. 8BEC
MOV EBP,ESP
00439824 |. B8 FFFF0000 MOV EAX,0FFFF
00439829 |. 66:3B45 08
CMP AX,WORD PTR SS:[ARG.1]
0043982D |. 74 06
JE SHORT 00439835
0043982F |. 5D
POP EBP
00439830 |. E9 AA6E0000 JMP 004406DF
00439835 |> 5D
POP EBP
00439836 \. C3
RETN
00439837 /$ 8BFF
MOV EDI,EDI
o.00439837(guessed Arg1)
00439839 |. 55
PUSH EBP
0043983A |. 8BEC
MOV EBP,ESP
0043983C |. 57
PUSH EDI
0043983D |> FF75 08
/PUSH DWORD PTR SS:[ARG.1]
[ARG.1]
00439840 |. FF06
|INC DWORD PTR DS:[ESI]
00439842 |. E8 ED6C0000 |CALL 00440534
fo.00440534
00439847 |. 0FB7F8
|MOVZX EDI,AX
0043984A |. B8 FFFF0000 |MOV EAX,0FFFF
0043984F |. 59
|POP ECX
00439850 |. 66:3BF8
|CMP DI,AX
00439853 |. 74 0E
|JE SHORT 00439863
00439855 |. 6A 08
|PUSH 8
00439857 |. 57
|PUSH EDI
00439858 |. E8 EE110000 |CALL 0043AA4B
fo.0043AA4B

; /Arg1
; \SystemIn

; SystemInf

; SystemInf

; /Arg1 =>
; |
; \SystemIn

; /Arg2 = 8
; |Arg1
; \SystemIn

0043985D |.
0043985E |.
0043985F |.
00439861 |.^
00439863 |>
00439866 |.
00439867 |.
00439868 \.
00439869
0043986B /.
0043986C |.
0043986E |.
00439874 |.
00439879 |.
0043987B |.
0043987E |.
00439881 |.
00439884 |.
00439885 |.
00439887 |.
00439888 |.
0043988B |.
00439891 |.
00439897 |.
0043989D |.
004398A3 |.
004398AD |.
004398B3 |.
004398B9 |.
004398BF |.
004398C5 |.
004398C7 |.
004398C9 |>
fo.004343FD
004398CE |.
004398CF |.
004398D0 |.
004398D1 |.
004398D2 |.
004398D3 |.
004398D9 |.
fo.0042E862
004398DE |.
004398E1 |.
004398E4 |.
004398E9 |>
004398EB |.^
004398ED |.
[ARG.3]
004398F0 |.
004398F6 |.
fo.0042EC65
004398FB |.
004398FE |.
00439905 |.
0043990B |.
00439911 |.
00439914 |.
0043991A |.
0043991B |>

59
59
85C0
75 DA
66:8BC7
5F
5D
C3
8BFF
55
8BEC
81EC 40030000
A1 A0154500
33C5
8945 FC
8B4D 14
8B45 08
56
33F6
57
8B7D 0C
898D DCFCFFFF
8D8D 40FDFFFF
8985 24FDFFFF
898D 1CFDFFFF
C785 ECFCFFFF
89B5 F0FCFFFF
89B5 F4FCFFFF
89B5 D8FCFFFF
89B5 34FDFFFF
3BFE
75 20
E8 2FABFFFF

|POP ECX
|POP ECX
|TEST EAX,EAX
\JNE SHORT 0043983D
MOV AX,DI
POP EDI
POP EBP
RETN
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
SUB ESP,340
MOV EAX,DWORD PTR DS:[4515A0]
XOR EAX,EBP
MOV DWORD PTR SS:[LOCAL.1],EAX
MOV ECX,DWORD PTR SS:[ARG.4]
MOV EAX,DWORD PTR SS:[ARG.1]
PUSH ESI
XOR ESI,ESI
PUSH EDI
MOV EDI,DWORD PTR SS:[ARG.2]
MOV DWORD PTR SS:[LOCAL.201],ECX
LEA ECX,[LOCAL.176]
MOV DWORD PTR SS:[LOCAL.183],EAX
MOV DWORD PTR SS:[LOCAL.185],ECX
MOV DWORD PTR SS:[LOCAL.197],15E
MOV DWORD PTR SS:[LOCAL.196],ESI
MOV DWORD PTR SS:[LOCAL.195],ESI
MOV DWORD PTR SS:[LOCAL.202],ESI
MOV DWORD PTR SS:[LOCAL.179],ESI
CMP EDI,ESI
JNE SHORT 004398E9
CALL 004343FD

; [SystemIn

56
56
56
56
56
C700 16000000
E8 844FFFFF

PUSH ESI
PUSH ESI
PUSH ESI
PUSH ESI
PUSH ESI
MOV DWORD PTR DS:[EAX],16
CALL 0042E862

;
;
;
;
;
;
;

83C4 14
83C8 FF
E9 73100000
3BC6
74 DC
FF75 10

ADD ESP,14
OR EAX,FFFFFFFF
JMP 0043A95C
CMP EAX,ESI
JE SHORT 004398C9
PUSH DWORD PTR SS:[ARG.3]

; /Arg1 =>

/Arg5
|Arg4
|Arg3
|Arg2
|Arg1
|
\SystemIn

8D8D C4FCFFFF LEA ECX,[LOCAL.207]


E8 6A53FFFF CALL 0042EC65

; |
; \SystemIn

0FB707
C685 23FDFFFF
89B5 38FDFFFF
89B5 F8FCFFFF
66:3BC6
0F84 29100000
53
6A 08

; /Arg2 = 8

MOVZX EAX,WORD PTR DS:[EDI]


MOV BYTE PTR SS:[LOCAL.184+3],0
MOV DWORD PTR SS:[LOCAL.178],ESI
MOV DWORD PTR SS:[LOCAL.194],ESI
CMP AX,SI
JE 0043A943
PUSH EBX
/PUSH 8

0043991D |.
0043991E |.
00439920 |.
fo.0043AA4B
00439925 |.
00439926 |.
00439927 |.
00439929 |.
0043992B |.
[LOCAL.183]
00439931 |.
00439937 |.
[LOCAL.183]
0043993D |.
00439943 |.
nfo.00439837
00439948 |.
0043994B |.
0043994C |.
0043994D |.
fo.0043981F
00439952 |.
00439953 |.
00439954 |>
00439955 |.
00439956 |.
00439959 |.
0043995B |.
0043995C |.
fo.0043AA4B
00439961 |.
00439962 |.
00439963 |.
00439965 |.^
00439967 |.
0043996C |>
0043996F |.
00439971 |.
00439972 |.
00439974 |.
00439977 |.
0043997D |.
00439981 |.
00439987 |.
0043998D |.
00439993 |.
00439999 |.
0043999F |.
004399A5 |.
004399AB |.
004399B2 |.
004399B9 |.
004399C0 |.
004399C7 |.
004399CE |.
004399D5 |.
004399DC |.
004399DE |>
004399DF |.
004399E0 |.

50
33F6
E8 26110000

|PUSH EAX
|XOR ESI,ESI
|CALL 0043AA4B

; |Arg1
; |
; \SystemIn

59
59
85C0
74 41
FFB5 24FDFFFF

|POP ECX
|POP ECX
|TEST EAX,EAX
|JE SHORT 0043996C
|PUSH DWORD PTR SS:[LOCAL.183]

; /Arg2 =>

FF8D 38FDFFFF |DEC DWORD PTR SS:[LOCAL.178]


FFB5 24FDFFFF |PUSH DWORD PTR SS:[LOCAL.183]

; |
; |/Arg1 =>

8DB5 38FDFFFF |LEA ESI,[LOCAL.178]


E8 EFFEFFFF |CALL 00439837

; ||
; |\SystemI

0FB7C0
59
50
E8 CDFEFFFF

|MOVZX EAX,AX
|POP ECX
|PUSH EAX
|CALL 0043981F

;
;
;
;

59
59
47
47
0FB707
6A 08
50
E8 EA100000

|POP ECX
|POP ECX
|/INC EDI
||INC EDI
||MOVZX EAX,WORD PTR DS:[EDI]
||PUSH 8
||PUSH EAX
||CALL 0043AA4B

; /Arg2 = 8
; |Arg1
; \SystemIn

59
59
85C0
75 ED
E9 4A0F0000
0FB707
6A 25
59
8BD1
66:3BD0
0F85 DA0E0000
66:3B57 02
0F84 D00E0000
89B5 E8FCFFFF
89B5 C0FCFFFF
89B5 18FDFFFF
89B5 0CFDFFFF
89B5 2CFDFFFF
89B5 E4FCFFFF
C685 13FDFFFF
C685 21FDFFFF
C685 2BFDFFFF
C685 3FFDFFFF
C685 22FDFFFF
C685 33FDFFFF
C685 2AFDFFFF
33F6
47
47
0FB71F

||POP ECX
||POP ECX
||TEST EAX,EAX
|\JNE SHORT 00439954
|JMP 0043A8B6
|MOVZX EAX,WORD PTR DS:[EDI]
|PUSH 25
|POP ECX
|MOV EDX,ECX
|CMP DX,AX
|JNE 0043A857
|CMP DX,WORD PTR DS:[EDI+2]
|JE 0043A857
|MOV DWORD PTR SS:[LOCAL.198],ESI
|MOV DWORD PTR SS:[LOCAL.208],ESI
|MOV DWORD PTR SS:[LOCAL.186],ESI
|MOV DWORD PTR SS:[LOCAL.189],ESI
|MOV DWORD PTR SS:[LOCAL.181],ESI
|MOV DWORD PTR SS:[LOCAL.199],ESI
|MOV BYTE PTR SS:[LOCAL.188+3],0
|MOV BYTE PTR SS:[LOCAL.184+1],0
|MOV BYTE PTR SS:[LOCAL.182+3],0
|MOV BYTE PTR SS:[LOCAL.177+3],0
|MOV BYTE PTR SS:[LOCAL.184+2],0
|MOV BYTE PTR SS:[LOCAL.180+3],0
|MOV BYTE PTR SS:[LOCAL.182+2],1
|XOR ESI,ESI
|/INC EDI
||INC EDI
||MOVZX EBX,WORD PTR DS:[EDI]

|
|
|Arg1
\SystemIn

004399E3 |.
004399E9 |.
004399EB |.
004399EE |.
004399EF |.
fo.00434D5F
004399F4 |.
004399F5 |.
004399F7 |.
004399F9 |.
004399FF |.
00439A05 |.
00439A08 |.
00439A0C |.
00439A12 |.
00439A17 |>
00439A1A |.
00439A20 |.
00439A26 |.
00439A29 |.
00439A2B |.
00439A2E |.
00439A34 |.
00439A37 |.
00439A39 |.
00439A3C |.
00439A3E |.
00439A44 |.
00439A49 |>
00439A4D |.
00439A51 |.
00439A53 |.
00439A56 |.
00439A5A |.
00439A5C |>
00439A62 |.
00439A64 |.
00439A6A |.
00439A70 |.
00439A72 |>
00439A76 |.
00439A78 |.
00439A7B |.
00439A7F |.
00439A81 |.
00439A83 |.
00439A85 |>
00439A89 |.
00439A8B |.
00439A8F |.
00439A91 |.
00439A95 |.
00439A97 |.
00439A9B |.
00439A9D |.
00439AA1 |.
00439AA3 |.
00439AA5 |>
00439AAB |.
00439AAD |>

F7C3 00FF0000
75 2C
0FB6C3
50
E8 6BB3FFFF

||TEST EBX,0000FF00
||JNE SHORT 00439A17
||MOVZX EAX,BL
||PUSH EAX
||CALL 00434D5F

59
85C0
74 1E
8B85 2CFDFFFF
FF85 0CFDFFFF
6BC0 0A
8D4418 D0
8985 2CFDFFFF
E9 D0000000
83FB 4E
0F8F 8D000000
0F84 C1000000
83FB 2A
74 7A
83FB 46
0F84 B3000000
83FB 49
74 10
83FB 4C
75 7E
FE85 2AFDFFFF
E9 9E000000
0FB74F 02
66:83F9 36
75 1F
8D47 04
66:8338 34
75 16
FF85 E4FCFFFF
8BF8
89B5 04FDFFFF
89B5 08FDFFFF
EB 75
66:83F9 33
75 0D
8D47 04
66:8338 32
75 04
8BF8
EB 62
66:83F9 64
74 5C
66:83F9 69
74 56
66:83F9 6F
74 50
66:83F9 78
74 4A
66:83F9 58
75 19
EB 42
FE85 2BFDFFFF
EB 3A
83FB 68

||POP ECX
||TEST EAX,EAX
||JE SHORT 00439A17
||MOV EAX,DWORD PTR SS:[LOCAL.181]
||INC DWORD PTR SS:[LOCAL.189]
||IMUL EAX,EAX,0A
||LEA EAX,[EBX+EAX-30]
||MOV DWORD PTR SS:[LOCAL.181],EAX
||JMP 00439AE7
||CMP EBX,4E
||JG 00439AAD
||JE 00439AE7
||CMP EBX,2A
||JE SHORT 00439AA5
||CMP EBX,46
||JE 00439AE7
||CMP EBX,49
||JE SHORT 00439A49
||CMP EBX,4C
||JNE SHORT 00439ABC
||INC BYTE PTR SS:[LOCAL.182+2]
||JMP 00439AE7
||MOVZX ECX,WORD PTR DS:[EDI+2]
||CMP CX,36
||JNE SHORT 00439A72
||LEA EAX,[EDI+4]
||CMP WORD PTR DS:[EAX],34
||JNE SHORT 00439A72
||INC DWORD PTR SS:[LOCAL.199]
||MOV EDI,EAX
||MOV DWORD PTR SS:[LOCAL.191],ESI
||MOV DWORD PTR SS:[LOCAL.190],ESI
||JMP SHORT 00439AE7
||CMP CX,33
||JNE SHORT 00439A85
||LEA EAX,[EDI+4]
||CMP WORD PTR DS:[EAX],32
||JNE SHORT 00439A85
||MOV EDI,EAX
||JMP SHORT 00439AE7
||CMP CX,64
||JE SHORT 00439AE7
||CMP CX,69
||JE SHORT 00439AE7
||CMP CX,6F
||JE SHORT 00439AE7
||CMP CX,78
||JE SHORT 00439AE7
||CMP CX,58
||JNE SHORT 00439ABC
||JMP SHORT 00439AE7
||INC BYTE PTR SS:[LOCAL.182+3]
||JMP SHORT 00439AE7
||CMP EBX,68

; /Arg1
; \SystemIn

00439AB0 |.
00439AB2 |.
00439AB5 |.
00439AB7 |.
00439ABA |.
00439ABC |>
00439AC2 |.
00439AC4 |>
00439AC7 |.
00439ACB |.^
00439ACD |.
00439AD3 |>
00439AD9 |.
00439ADB |>
00439AE1 |.
00439AE7 |>
00439AEE |.^
00439AF4 |.
00439AFB |.
00439B01 |.
00439B03 |.
00439B09 |.
00439B0B |.
00439B11 |.
00439B14 |.
00439B1A |>
00439B21 |.
00439B27 |.
00439B2E |.
00439B30 |.
00439B33 |.
00439B37 |.
00439B39 |.
00439B40 |.
00439B44 |.
00439B46 |>
00439B4D |>
00439B50 |.
00439B53 |.
00439B59 |.
00439B5C |.
00439B5E |.
00439B61 |.
00439B63 |.
00439B66 |.
00439B68 |.
[LOCAL.183]
00439B6E |.
00439B74 |.
fo.00439837
00439B79 |.
00439B7B |>
[LOCAL.183]
00439B81 |.
00439B87 |.
fo.00440534
00439B8C |>
00439B8F |.
00439B90 |.
00439B95 |.

74 29
83FB 6C
74 0D
83FB 77
74 17
FE85 3FFDFFFF
EB 23
8D47 02
66:8338 6C
74 8F
FE85 2AFDFFFF
FE85 33FDFFFF
EB 0C
FE8D 2AFDFFFF
FE8D 33FDFFFF
80BD 3FFDFFFF
0F84 EAFEFFFF
80BD 2BFDFFFF
89BD 00FDFFFF
75 17
8B85 DCFCFFFF
8B30
8985 D4FCFFFF
83C0 04
8985 DCFCFFFF
80BD 33FDFFFF
89B5 FCFCFFFF
C685 3FFDFFFF
75 1D
0FB707
66:83F8 53
74 0D
C685 33FDFFFF
66:83F8 43
75 07
C685 33FDFFFF
0FB71F
83CB 20
899D 14FDFFFF
83FB 6E
74 52
83FB 63
74 18
83FB 7B
74 13
FFB5 24FDFFFF

||JE SHORT 00439ADB


||CMP EBX,6C
||JE SHORT 00439AC4
||CMP EBX,77
||JE SHORT 00439AD3
||INC BYTE PTR SS:[LOCAL.177+3]
||JMP SHORT 00439AE7
||LEA EAX,[EDI+2]
||CMP WORD PTR DS:[EAX],6C
||JE SHORT 00439A5C
||INC BYTE PTR SS:[LOCAL.182+2]
||INC BYTE PTR SS:[LOCAL.180+3]
||JMP SHORT 00439AE7
||DEC BYTE PTR SS:[LOCAL.182+2]
||DEC BYTE PTR SS:[LOCAL.180+3]
||CMP BYTE PTR SS:[LOCAL.177+3],0
|\JE 004399DE
|CMP BYTE PTR SS:[LOCAL.182+3],0
|MOV DWORD PTR SS:[LOCAL.192],EDI
|JNE SHORT 00439B1A
|MOV EAX,DWORD PTR SS:[LOCAL.201]
|MOV ESI,DWORD PTR DS:[EAX]
|MOV DWORD PTR SS:[LOCAL.203],EAX
|ADD EAX,4
|MOV DWORD PTR SS:[LOCAL.201],EAX
|CMP BYTE PTR SS:[LOCAL.180+3],0
|MOV DWORD PTR SS:[LOCAL.193],ESI
|MOV BYTE PTR SS:[LOCAL.177+3],0
|JNE SHORT 00439B4D
|MOVZX EAX,WORD PTR DS:[EDI]
|CMP AX,53
|JE SHORT 00439B46
|MOV BYTE PTR SS:[LOCAL.180+3],1
|CMP AX,43
|JNE SHORT 00439B4D
|MOV BYTE PTR SS:[LOCAL.180+3],0FF
|MOVZX EBX,WORD PTR DS:[EDI]
|OR EBX,00000020
|MOV DWORD PTR SS:[LOCAL.187],EBX
|CMP EBX,6E
|JE SHORT 00439BB0
|CMP EBX,63
|JE SHORT 00439B7B
|CMP EBX,7B
|JE SHORT 00439B7B
|PUSH DWORD PTR SS:[LOCAL.183]

; /Arg1 =>

8DB5 38FDFFFF |LEA ESI,[LOCAL.178]


E8 BEFCFFFF |CALL 00439837

; |
; \SystemIn

EB 11
|JMP SHORT 00439B8C
FFB5 24FDFFFF |PUSH DWORD PTR SS:[LOCAL.183]

; /Arg1 =>

FF85 38FDFFFF |INC DWORD PTR SS:[LOCAL.178]


E8 A8690000 |CALL 00440534

; |
; \SystemIn

0FB7C0
59
B9 FFFF0000
8985 34FDFFFF

|MOVZX EAX,AX
|POP ECX
|MOV ECX,0FFFF
|MOV DWORD PTR SS:[LOCAL.179],EAX

00439B9B |. 66:3BC8
|CMP CX,AX
00439B9E |. 0F84 3C0D0000 |JE 0043A8E0
00439BA4 |. 8BB5 FCFCFFFF |MOV ESI,DWORD PTR SS:[LOCAL.193]
00439BAA |. 8BBD 00FDFFFF |MOV EDI,DWORD PTR SS:[LOCAL.192]
00439BB0 |> 8B8D 0CFDFFFF |MOV ECX,DWORD PTR SS:[LOCAL.189]
00439BB6 |. 85C9
|TEST ECX,ECX
00439BB8 |. 74 0D
|JE SHORT 00439BC7
00439BBA |. 83BD 2CFDFFFF |CMP DWORD PTR SS:[LOCAL.181],0
00439BC1 |. 0F84 060D0000 |JE 0043A8CD
00439BC7 |> 83FB 6F
|CMP EBX,6F
ases 63..7B, 10. exits)
00439BCA |. 0F8F 1B060000 |JG 0043A1EB
00439BD0 |. 0F84 71090000 |JE 0043A547
00439BD6 |. 83FB 63
|CMP EBX,63
00439BD9 |. 0F84 09050000 |JE 0043A0E8
00439BDF |. 6A 64
|PUSH 64
00439BE1 |. 58
|POP EAX
00439BE2 |. 3BD8
|CMP EBX,EAX
00439BE4 |. 0F84 5D090000 |JE 0043A547
00439BEA |. 0F8E 25060000 |JLE 0043A215
00439BF0 |. 83FB 67
|CMP EBX,67
00439BF3 |. 7E 4A
|JLE SHORT 00439C3F
00439BF5 |. 83FB 69
|CMP EBX,69
00439BF8 |. 74 21
|JE SHORT 00439C1B
00439BFA |. 83FB 6E
|CMP EBX,6E
00439BFD |. 0F85 12060000 |JNE 0043A215
00439C03 |. 80BD 2BFDFFFF |CMP BYTE PTR SS:[LOCAL.182+3],0
'n') of switch SystemInfo.439BC7
00439C0A |. 8BBD 38FDFFFF |MOV EDI,DWORD PTR SS:[LOCAL.178]
00439C10 |. 0F84 FF0B0000 |JE 0043A815
00439C16 |. E9 260C0000 |JMP 0043A841
00439C1B |> 8985 14FDFFFF |MOV DWORD PTR SS:[LOCAL.187],EAX
'i') of switch SystemInfo.439BC7
00439C21 |> 8B9D 34FDFFFF |MOV EBX,DWORD PTR SS:[LOCAL.179]
'x') of switch SystemInfo.439BC7
00439C27 |. 6A 2D
|PUSH 2D
00439C29 |. 58
|POP EAX
00439C2A |. 66:3BC3
|CMP AX,BX
00439C2D |. 0F85 4C070000 |JNE 0043A37F
00439C33 |. C685 21FDFFFF |MOV BYTE PTR SS:[LOCAL.184+1],1
00439C3A |. E9 48070000 |JMP 0043A387
00439C3F |> 6A 2D
|PUSH 2D
('e'), 66 ('f'), 67 ('g') of switch SystemInfo.439BC7
00439C41 |. 58
|POP EAX
00439C42 |. 33DB
|XOR EBX,EBX
00439C44 |. 66:3B85 34FDF |CMP AX,WORD PTR SS:[LOCAL.179]
00439C4B |. 75 0C
|JNE SHORT 00439C59
00439C4D |. 8B8D 1CFDFFFF |MOV ECX,DWORD PTR SS:[LOCAL.185]
00439C53 |. 66:8901
|MOV WORD PTR DS:[ECX],AX
00439C56 |. 43
|INC EBX
00439C57 |. EB 0C
|JMP SHORT 00439C65
00439C59 |> 6A 2B
|PUSH 2B
00439C5B |. 58
|POP EAX
00439C5C |. 66:3B85 34FDF |CMP AX,WORD PTR SS:[LOCAL.179]
00439C63 |. 75 21
|JNE SHORT 00439C86
00439C65 |> FF8D 2CFDFFFF |DEC DWORD PTR SS:[LOCAL.181]
00439C6B |. FFB5 24FDFFFF |PUSH DWORD PTR SS:[LOCAL.183]
[LOCAL.183]
00439C71 |. FF85 38FDFFFF |INC DWORD PTR SS:[LOCAL.178]
00439C77 |. E8 B8680000 |CALL 00440534

; Switch (c

; Case 6E (

; Case 69 (
; Case 78 (

; Cases 65

; /Arg1 =>
; |
; \SystemIn

fo.00440534
00439C7C |. 0FB7C0
00439C7F |. 59
00439C80 |. 8985 34FDFFFF
00439C86 |> 83BD 0CFDFFFF
00439C8D |. 75 07
00439C8F |. 838D 2CFDFFFF
00439C96 |> F785 34FDFFFF
00439CA0 |. 0F85 8C000000
00439CA6 |> 0FB685 34FDFF
00439CAD |. 50
00439CAE |. E8 ACB0FFFF
fo.00434D5F
00439CB3 |. 59
00439CB4 |. 85C0
00439CB6 |. 74 7A
00439CB8 |. 8B85 2CFDFFFF
00439CBE |. FF8D 2CFDFFFF
00439CC4 |. 85C0
00439CC6 |. 74 6A
00439CC8 |. 66:0FBE85 34F
00439CD0 |. 8B8D 1CFDFFFF
00439CD6 |. FF85 18FDFFFF
00439CDC |. 66:890459
00439CE0 |. 8D85 F0FCFFFF
00439CE6 |. 50
OFFSET LOCAL.196
00439CE7 |. 8D85 40FDFFFF
00439CED |. 50
OFFSET LOCAL.176
00439CEE |. 43
00439CEF |. 53
00439CF0 |. 8DBD 1CFDFFFF
00439CF6 |. 8DB5 ECFCFFFF
00439CFC |. E8 8EFAFFFF
fo.0043978F
00439D01 |. 83C4 0C
00439D04 |. 85C0
00439D06 |. 0F84 D40B0000
00439D0C |. FFB5 24FDFFFF
[LOCAL.183]
00439D12 |. FF85 38FDFFFF
00439D18 |. E8 17680000
fo.00440534
00439D1D |. 0FB7C0
00439D20 |. 59
00439D21 |. 8985 34FDFFFF
00439D27 |. A9 00FF0000
00439D2C |.^ 0F84 74FFFFFF
00439D32 |> 8D85 C4FCFFFF
00439D38 |. 50
OFFSET LOCAL.207
00439D39 |. 8B85 C4FCFFFF
00439D3F |. C785 E0FCFFFF
00439D49 |. FFB0 AC000000
00439D4F |. 8B80 BC000000
00439D55 |. FF30
00439D57 |. 8D85 E0FCFFFF
00439D5D |. 50
OFFSET LOCAL.200

|MOVZX EAX,AX
|POP ECX
|MOV DWORD PTR SS:[LOCAL.179],EAX
|CMP DWORD PTR SS:[LOCAL.189],0
|JNE SHORT 00439C96
|OR DWORD PTR SS:[LOCAL.181],FFFFFFFF
|TEST DWORD PTR SS:[LOCAL.179],0000FF00
|JNE 00439D32
|/MOVZX EAX,BYTE PTR SS:[LOCAL.179]
||PUSH EAX
; /Arg1
||CALL 00434D5F
; \SystemIn
||POP ECX
||TEST EAX,EAX
||JE SHORT 00439D32
||MOV EAX,DWORD PTR SS:[LOCAL.181]
||DEC DWORD PTR SS:[LOCAL.181]
||TEST EAX,EAX
||JE SHORT 00439D32
||MOVSX AX,BYTE PTR SS:[LOCAL.179]
||MOV ECX,DWORD PTR SS:[LOCAL.185]
||INC DWORD PTR SS:[LOCAL.186]
||MOV WORD PTR DS:[EBX*2+ECX],AX
||LEA EAX,[LOCAL.196]
||PUSH EAX

; /Arg3 =>

||LEA EAX,[LOCAL.176]
||PUSH EAX

; |
; |Arg2 =>

||INC EBX
||PUSH EBX
||LEA EDI,[LOCAL.185]
||LEA ESI,[LOCAL.197]
||CALL 0043978F

;
;
;
;
;

||ADD ESP,0C
||TEST EAX,EAX
||JE 0043A8E0
||PUSH DWORD PTR SS:[LOCAL.183]

; /Arg1 =>

||INC DWORD PTR SS:[LOCAL.178]


||CALL 00440534

; |
; \SystemIn

||MOVZX EAX,AX
||POP ECX
||MOV DWORD PTR SS:[LOCAL.179],EAX
||TEST EAX,0000FF00
|\JE 00439CA6
|LEA EAX,[LOCAL.207]
|PUSH EAX

; /Arg4 =>

|MOV EAX,DWORD PTR SS:[LOCAL.207]


|MOV DWORD PTR SS:[LOCAL.200],2E
|PUSH DWORD PTR DS:[EAX+0AC]
|MOV EAX,DWORD PTR DS:[EAX+0BC]
|PUSH DWORD PTR DS:[EAX]
|LEA EAX,[LOCAL.200]
|PUSH EAX

;
;
;
;
;
;
;

|
|Arg1
|
|
\SystemIn

|
|
|Arg3
|
|Arg2
|
|Arg1 =>

00439D5E |. E8 5A88FFFF
fo.004325BD
00439D63 |. 0FB785 E0FCFF
00439D6A |. 0FBE8D 34FDFF
00439D71 |. 83C4 10
00439D74 |. 3BC1
00439D76 |. 0F85 06010000
00439D7C |. 8B85 2CFDFFFF
00439D82 |. FF8D 2CFDFFFF
00439D88 |. 85C0
00439D8A |. 0F84 F2000000
00439D90 |. FFB5 24FDFFFF
[LOCAL.183]
00439D96 |. FF85 38FDFFFF
00439D9C |. E8 93670000
fo.00440534
00439DA1 |. 8B8D 1CFDFFFF
00439DA7 |. 0FB7C0
00439DAA |. 8985 34FDFFFF
00439DB0 |. 66:8B85 E0FCF
00439DB7 |. 66:890459
00439DBB |. 8D85 F0FCFFFF
00439DC1 |. 50
OFFSET LOCAL.196
00439DC2 |. 8D85 40FDFFFF
00439DC8 |. 50
OFFSET LOCAL.176
00439DC9 |. 43
00439DCA |. 53
00439DCB |. 8DBD 1CFDFFFF
00439DD1 |. 8DB5 ECFCFFFF
00439DD7 |. E8 B3F9FFFF
fo.0043978F
00439DDC |. 83C4 10
00439DDF |. 85C0
00439DE1 |. 0F84 F90A0000
00439DE7 |. F785 34FDFFFF
00439DF1 |. 0F85 8B000000
00439DF7 |> 0FB685 34FDFF
00439DFE |. 50
00439DFF |. E8 5BAFFFFF
fo.00434D5F
00439E04 |. 59
00439E05 |. 85C0
00439E07 |. 74 79
00439E09 |. 8B85 2CFDFFFF
00439E0F |. FF8D 2CFDFFFF
00439E15 |. 85C0
00439E17 |. 74 69
00439E19 |. 8B85 1CFDFFFF
00439E1F |. 66:8B8D 34FDF
00439E26 |. FF85 18FDFFFF
00439E2C |. 66:890C58
00439E30 |. 8D85 F0FCFFFF
00439E36 |. 50
OFFSET LOCAL.196
00439E37 |. 8D85 40FDFFFF
00439E3D |. 50
OFFSET LOCAL.176
00439E3E |. 43

|CALL 004325BD

; \SystemIn

|MOVZX EAX,WORD PTR SS:[LOCAL.200]


|MOVSX ECX,BYTE PTR SS:[LOCAL.179]
|ADD ESP,10
|CMP EAX,ECX
|JNE 00439E82
|MOV EAX,DWORD PTR SS:[LOCAL.181]
|DEC DWORD PTR SS:[LOCAL.181]
|TEST EAX,EAX
|JE 00439E82
|PUSH DWORD PTR SS:[LOCAL.183]

; /Arg1 =>

|INC DWORD PTR SS:[LOCAL.178]


|CALL 00440534

; |
; \SystemIn

|MOV ECX,DWORD PTR SS:[LOCAL.185]


|MOVZX EAX,AX
|MOV DWORD PTR SS:[LOCAL.179],EAX
|MOV AX,WORD PTR SS:[LOCAL.200]
|MOV WORD PTR DS:[EBX*2+ECX],AX
|LEA EAX,[LOCAL.196]
|PUSH EAX

; /Arg3 =>

|LEA EAX,[LOCAL.176]
|PUSH EAX

; |
; |Arg2 =>

|INC EBX
|PUSH EBX
|LEA EDI,[LOCAL.185]
|LEA ESI,[LOCAL.197]
|CALL 0043978F

;
;
;
;
;

|
|Arg1
|
|
\SystemIn

|ADD ESP,10
|TEST EAX,EAX
|JE 0043A8E0
|TEST DWORD PTR SS:[LOCAL.179],0000FF00
|JNE 00439E82
|/MOVZX EAX,BYTE PTR SS:[LOCAL.179]
||PUSH EAX
; /Arg1
||CALL 00434D5F
; \SystemIn
||POP ECX
||TEST EAX,EAX
||JE SHORT 00439E82
||MOV EAX,DWORD PTR SS:[LOCAL.181]
||DEC DWORD PTR SS:[LOCAL.181]
||TEST EAX,EAX
||JE SHORT 00439E82
||MOV EAX,DWORD PTR SS:[LOCAL.185]
||MOV CX,WORD PTR SS:[LOCAL.179]
||INC DWORD PTR SS:[LOCAL.186]
||MOV WORD PTR DS:[EBX*2+EAX],CX
||LEA EAX,[LOCAL.196]
||PUSH EAX

; /Arg3 =>

||LEA EAX,[LOCAL.176]
||PUSH EAX

; |
; |Arg2 =>

||INC EBX

; |

00439E3F |. 53
00439E40 |. 8DBD 1CFDFFFF
00439E46 |. 8DB5 ECFCFFFF
00439E4C |. E8 3EF9FFFF
fo.0043978F
00439E51 |. 83C4 0C
00439E54 |. 85C0
00439E56 |. 0F84 840A0000
00439E5C |. FFB5 24FDFFFF
[LOCAL.183]
00439E62 |. FF85 38FDFFFF
00439E68 |. E8 C7660000
fo.00440534
00439E6D |. 0FB7C0
00439E70 |. 59
00439E71 |. 8985 34FDFFFF
00439E77 |. A9 00FF0000
00439E7C |.^ 0F84 75FFFFFF
00439E82 |> 83BD 18FDFFFF
00439E89 |. 0F84 94010000
00439E8F |. 6A 65
00439E91 |. 58
00439E92 |. 66:3B85 34FDF
00439E99 |. 74 10
00439E9B |. 6A 45
00439E9D |. 58
00439E9E |. 66:3B85 34FDF
00439EA5 |. 0F85 78010000
00439EAB |> 8B85 2CFDFFFF
00439EB1 |. FF8D 2CFDFFFF
00439EB7 |. 85C0
00439EB9 |. 0F84 64010000
00439EBF |. 8B8D 1CFDFFFF
00439EC5 |. 6A 65
00439EC7 |. 58
00439EC8 |. 66:890459
00439ECC |. 8D85 F0FCFFFF
00439ED2 |. 50
OFFSET LOCAL.196
00439ED3 |. 8D85 40FDFFFF
00439ED9 |. 50
OFFSET LOCAL.176
00439EDA |. 43
00439EDB |. 53
00439EDC |. 8DBD 1CFDFFFF
00439EE2 |. 8DB5 ECFCFFFF
00439EE8 |. E8 A2F8FFFF
fo.0043978F
00439EED |. 83C4 0C
00439EF0 |. 85C0
00439EF2 |. 0F84 E8090000
00439EF8 |. FFB5 24FDFFFF
[LOCAL.183]
00439EFE |. FF85 38FDFFFF
00439F04 |. E8 2B660000
fo.00440534
00439F09 |. 59
00439F0A |. 0FB7C0
00439F0D |. 6A 2D
00439F0F |. 59

||PUSH EBX
||LEA EDI,[LOCAL.185]
||LEA ESI,[LOCAL.197]
||CALL 0043978F

;
;
;
;

||ADD ESP,0C
||TEST EAX,EAX
||JE 0043A8E0
||PUSH DWORD PTR SS:[LOCAL.183]

; /Arg1 =>

||INC DWORD PTR SS:[LOCAL.178]


||CALL 00440534

; |
; \SystemIn

||MOVZX EAX,AX
||POP ECX
||MOV DWORD PTR SS:[LOCAL.179],EAX
||TEST EAX,0000FF00
|\JE 00439DF7
|CMP DWORD PTR SS:[LOCAL.186],0
|JE 0043A023
|PUSH 65
|POP EAX
|CMP AX,WORD PTR SS:[LOCAL.179]
|JE SHORT 00439EAB
|PUSH 45
|POP EAX
|CMP AX,WORD PTR SS:[LOCAL.179]
|JNE 0043A023
|MOV EAX,DWORD PTR SS:[LOCAL.181]
|DEC DWORD PTR SS:[LOCAL.181]
|TEST EAX,EAX
|JE 0043A023
|MOV ECX,DWORD PTR SS:[LOCAL.185]
|PUSH 65
|POP EAX
|MOV WORD PTR DS:[EBX*2+ECX],AX
|LEA EAX,[LOCAL.196]
|PUSH EAX

; /Arg3 =>

|LEA EAX,[LOCAL.176]
|PUSH EAX

; |
; |Arg2 =>

|INC EBX
|PUSH EBX
|LEA EDI,[LOCAL.185]
|LEA ESI,[LOCAL.197]
|CALL 0043978F

;
;
;
;
;

|ADD ESP,0C
|TEST EAX,EAX
|JE 0043A8E0
|PUSH DWORD PTR SS:[LOCAL.183]

; /Arg1 =>

|INC DWORD PTR SS:[LOCAL.178]


|CALL 00440534

; |
; \SystemIn

|POP ECX
|MOVZX EAX,AX
|PUSH 2D
|POP ECX

|Arg1
|
|
\SystemIn

|
|Arg1
|
|
\SystemIn

00439F10 |. 8985 34FDFFFF


00439F16 |. 66:3BC8
00439F19 |. 75 2E
00439F1B |. 51
00439F1C |. 8B8D 1CFDFFFF
00439F22 |. 58
00439F23 |. 66:890459
00439F27 |. 8D85 F0FCFFFF
00439F2D |. 50
OFFSET LOCAL.196
00439F2E |. 8D85 40FDFFFF
00439F34 |. 50
OFFSET LOCAL.176
00439F35 |. 43
00439F36 |. 53
00439F37 |. E8 53F8FFFF
fo.0043978F
00439F3C |. 83C4 0C
00439F3F |. 85C0
00439F41 |. 0F84 99090000
00439F47 |. EB 0C
00439F49 |> 6A 2B
00439F4B |. 58
00439F4C |. 66:3B85 34FDF
00439F53 |. 75 33
00439F55 |> 8B85 2CFDFFFF
00439F5B |. FF8D 2CFDFFFF
00439F61 |. 85C0
00439F63 |. 75 08
00439F65 |. 2185 2CFDFFFF
00439F6B |. EB 1B
00439F6D |> FFB5 24FDFFFF
[LOCAL.183]
00439F73 |. FF85 38FDFFFF
00439F79 |. E8 B6650000
fo.00440534
00439F7E |. 0FB7C0
00439F81 |. 59
00439F82 |. 8985 34FDFFFF
00439F88 |> F785 34FDFFFF
00439F92 |. 0F85 8B000000
00439F98 |> 0FB685 34FDFF
00439F9F |. 50
00439FA0 |. E8 BAADFFFF
fo.00434D5F
00439FA5 |. 59
00439FA6 |. 85C0
00439FA8 |. 74 79
00439FAA |. 8B85 2CFDFFFF
00439FB0 |. FF8D 2CFDFFFF
00439FB6 |. 85C0
00439FB8 |. 74 69
00439FBA |. 8B85 1CFDFFFF
00439FC0 |. 66:8B8D 34FDF
00439FC7 |. FF85 18FDFFFF
00439FCD |. 66:890C58
00439FD1 |. 8D85 F0FCFFFF
00439FD7 |. 50
OFFSET LOCAL.196
00439FD8 |. 8D85 40FDFFFF

|MOV DWORD PTR SS:[LOCAL.179],EAX


|CMP CX,AX
|JNE SHORT 00439F49
|PUSH ECX
|MOV ECX,DWORD PTR SS:[LOCAL.185]
|POP EAX
|MOV WORD PTR DS:[EBX*2+ECX],AX
|LEA EAX,[LOCAL.196]
|PUSH EAX

; /Arg3 =>

|LEA EAX,[LOCAL.176]
|PUSH EAX

; |
; |Arg2 =>

|INC EBX
|PUSH EBX
|CALL 0043978F

; |
; |Arg1
; \SystemIn

|ADD ESP,0C
|TEST EAX,EAX
|JE 0043A8E0
|JMP SHORT 00439F55
|PUSH 2B
|POP EAX
|CMP AX,WORD PTR SS:[LOCAL.179]
|JNE SHORT 00439F88
|MOV EAX,DWORD PTR SS:[LOCAL.181]
|DEC DWORD PTR SS:[LOCAL.181]
|TEST EAX,EAX
|JNE SHORT 00439F6D
|AND DWORD PTR SS:[LOCAL.181],EAX
|JMP SHORT 00439F88
|PUSH DWORD PTR SS:[LOCAL.183]

; /Arg1 =>

|INC DWORD PTR SS:[LOCAL.178]


|CALL 00440534

; |
; \SystemIn

|MOVZX EAX,AX
|POP ECX
|MOV DWORD PTR SS:[LOCAL.179],EAX
|TEST DWORD PTR SS:[LOCAL.179],0000FF00
|JNE 0043A023
|/MOVZX EAX,BYTE PTR SS:[LOCAL.179]
||PUSH EAX
; /Arg1
||CALL 00434D5F
; \SystemIn
||POP ECX
||TEST EAX,EAX
||JE SHORT 0043A023
||MOV EAX,DWORD PTR SS:[LOCAL.181]
||DEC DWORD PTR SS:[LOCAL.181]
||TEST EAX,EAX
||JE SHORT 0043A023
||MOV EAX,DWORD PTR SS:[LOCAL.185]
||MOV CX,WORD PTR SS:[LOCAL.179]
||INC DWORD PTR SS:[LOCAL.186]
||MOV WORD PTR DS:[EBX*2+EAX],CX
||LEA EAX,[LOCAL.196]
||PUSH EAX

; /Arg3 =>

||LEA EAX,[LOCAL.176]

; |

00439FDE |. 50
OFFSET LOCAL.176
00439FDF |. 43
00439FE0 |. 53
00439FE1 |. 8DBD 1CFDFFFF
00439FE7 |. 8DB5 ECFCFFFF
00439FED |. E8 9DF7FFFF
fo.0043978F
00439FF2 |. 83C4 0C
00439FF5 |. 85C0
00439FF7 |. 0F84 E3080000
00439FFD |. FFB5 24FDFFFF
[LOCAL.183]
0043A003 |. FF85 38FDFFFF
0043A009 |. E8 26650000
fo.00440534
0043A00E |. 0FB7C0
0043A011 |. 59
0043A012 |. 8985 34FDFFFF
0043A018 |. A9 00FF0000
0043A01D |.^ 0F84 75FFFFFF
0043A023 |> FFB5 24FDFFFF
[LOCAL.183]
0043A029 |. FF8D 38FDFFFF
0043A02F |. FFB5 34FDFFFF
[LOCAL.179]
0043A035 |. E8 E5F7FFFF
fo.0043981F
0043A03A |. 83BD 18FDFFFF
0043A041 |. 59
0043A042 |. 59
0043A043 |. 0F84 97080000
0043A049 |. 80BD 2BFDFFFF
0043A050 |. 0F85 EB070000
0043A056 |. 8BB5 ECFCFFFF
0043A05C |. 8B8D 1CFDFFFF
0043A062 |. FF85 F8FCFFFF
0043A068 |. 33C0
0043A06A |. 8D7436 02
0043A06E |. 56
0043A06F |. 66:890459
0043A073 |. E8 9BADFFFF
fo.00434E13
0043A078 |. 8BF8
0043A07A |. 59
0043A07B |. 85FF
0043A07D |. 0F84 5D080000
0043A083 |. 8D46 FF
0043A086 |. 50
0043A087 |. FFB5 1CFDFFFF
[LOCAL.185]
0043A08D |. 56
0043A08E |. 57
0043A08F |. 33F6
0043A091 |. 56
0
0043A092 |. E8 5B83FFFF
fo.004323F2
0043A097 |. 83C4 14
0043A09A |. 3BC6

||PUSH EAX

; |Arg2 =>

||INC EBX
||PUSH EBX
||LEA EDI,[LOCAL.185]
||LEA ESI,[LOCAL.197]
||CALL 0043978F

;
;
;
;
;

||ADD ESP,0C
||TEST EAX,EAX
||JE 0043A8E0
||PUSH DWORD PTR SS:[LOCAL.183]

; /Arg1 =>

||INC DWORD PTR SS:[LOCAL.178]


||CALL 00440534

; |
; \SystemIn

||MOVZX EAX,AX
||POP ECX
||MOV DWORD PTR SS:[LOCAL.179],EAX
||TEST EAX,0000FF00
|\JE 00439F98
|PUSH DWORD PTR SS:[LOCAL.183]

; /Arg2 =>

|DEC DWORD PTR SS:[LOCAL.178]


|PUSH DWORD PTR SS:[LOCAL.179]

; |
; |Arg1 =>

|CALL 0043981F

; \SystemIn

|CMP DWORD PTR SS:[LOCAL.186],0


|POP ECX
|POP ECX
|JE 0043A8E0
|CMP BYTE PTR SS:[LOCAL.182+3],0
|JNE 0043A841
|MOV ESI,DWORD PTR SS:[LOCAL.197]
|MOV ECX,DWORD PTR SS:[LOCAL.185]
|INC DWORD PTR SS:[LOCAL.194]
|XOR EAX,EAX
|LEA ESI,[ESI+ESI+2]
|PUSH ESI
|MOV WORD PTR DS:[EBX*2+ECX],AX
|CALL 00434E13

; /Arg1
; |
; \SystemIn

|MOV EDI,EAX
|POP ECX
|TEST EDI,EDI
|JE 0043A8E0
|LEA EAX,[ESI-1]
|PUSH EAX
|PUSH DWORD PTR SS:[LOCAL.185]

; /Arg5
; |Arg4 =>

|PUSH ESI
|PUSH EDI
|XOR ESI,ESI
|PUSH ESI

;
;
;
;

|CALL 004323F2

; \SystemIn

|ADD ESP,14
|CMP EAX,ESI

|
|Arg1
|
|
\SystemIn

|Arg3
|Arg2
|
|Arg1 =>

0043A09C |. 74 17
|JE SHORT 0043A0B5
0043A09E |. 83F8 16
|CMP EAX,16
0043A0A1 |. 74 05
|JE SHORT 0043A0A8
0043A0A3 |. 83F8 22
|CMP EAX,22
0043A0A6 |. 75 0D
|JNE SHORT 0043A0B5
0043A0A8 |> 56
|PUSH ESI
0043A0A9 |. 56
|PUSH ESI
0043A0AA |. 56
|PUSH ESI
0043A0AB |. 56
|PUSH ESI
0043A0AC |. 56
|PUSH ESI
0043A0AD |. E8 8846FFFF |CALL 0042E73A
0043A0B2 |. 83C4 14
|ADD ESP,14
0043A0B5 |> 8D85 C4FCFFFF |LEA EAX,[LOCAL.207]
0043A0BB |. 50
|PUSH EAX
0043A0BC |. 0FBE85 2AFDFF |MOVSX EAX,BYTE PTR SS:[LOCAL.182+2]
0043A0C3 |. 57
|PUSH EDI
0043A0C4 |. FFB5 FCFCFFFF |PUSH DWORD PTR SS:[LOCAL.193]
0043A0CA |. 48
|DEC EAX
0043A0CB |. 50
|PUSH EAX
0043A0CC |. FF35 141E4500 |PUSH DWORD PTR DS:[451E14]
ystemInfo.43FEAF
0043A0D2 |. E8 EFAFFFFF |CALL 004350C6
fo.004350C6
0043A0D7 |. 59
|POP ECX
0043A0D8 |. FFD0
|CALL EAX
0043A0DA |. 57
|PUSH EDI
0043A0DB |. E8 FE90FFFF |CALL 004331DE
fo.004331DE
0043A0E0 |. 83C4 14
|ADD ESP,14
0043A0E3 |. E9 59070000 |JMP 0043A841
0043A0E8 |> 85C9
|TEST ECX,ECX
'c') of switch SystemInfo.439BC7
0043A0EA |. 75 10
|JNE SHORT 0043A0FC
0043A0EC |. FF85 2CFDFFFF |INC DWORD PTR SS:[LOCAL.181]
0043A0F2 |. C785 0CFDFFFF |MOV DWORD PTR SS:[LOCAL.189],1
0043A0FC |> 80BD 33FDFFFF |CMP BYTE PTR SS:[LOCAL.180+3],0
's') of switch SystemInfo.439BC7
0043A103 |. 7E 07
|JLE SHORT 0043A10C
0043A105 |. C685 22FDFFFF |MOV BYTE PTR SS:[LOCAL.184+2],1
0043A10C |> FFB5 24FDFFFF |PUSH DWORD PTR SS:[LOCAL.183]
[LOCAL.183]
0043A112 |. FF8D 38FDFFFF |DEC DWORD PTR SS:[LOCAL.178]
0043A118 |. FFB5 34FDFFFF |PUSH DWORD PTR SS:[LOCAL.179]
[LOCAL.179]
0043A11E |. 8BFE
|MOV EDI,ESI
0043A120 |. E8 FAF6FFFF |CALL 0043981F
fo.0043981F
0043A125 |. 59
|POP ECX
0043A126 |. 59
|POP ECX
0043A127 |> 83BD 0CFDFFFF |CMP DWORD PTR SS:[LOCAL.189],0
0043A12E |. 74 14
|JE SHORT 0043A144
0043A130 |. 8B85 2CFDFFFF |MOV EAX,DWORD PTR SS:[LOCAL.181]
0043A136 |. FF8D 2CFDFFFF |DEC DWORD PTR SS:[LOCAL.181]
0043A13C |. 85C0
|TEST EAX,EAX
0043A13E |. 0F84 B1030000 |JE 0043A4F5
0043A144 |> FFB5 24FDFFFF |PUSH DWORD PTR SS:[LOCAL.183]
[LOCAL.183]
0043A14A |. FF85 38FDFFFF |INC DWORD PTR SS:[LOCAL.178]
0043A150 |. E8 DF630000 |CALL 00440534
fo.00440534

; /Arg1 = S
; \SystemIn

; /Arg1
; \SystemIn

; Case 63 (

; Case 73 (

; /Arg2 =>
; |
; |Arg1 =>
; |
; \SystemIn

; /Arg1 =>
; |
; \SystemIn

0043A155 |.
0043A158 |.
0043A15D |.
0043A15E |.
0043A164 |.
0043A167 |.
0043A16D |.
0043A170 |.
0043A172 |.
0043A175 |.
0043A177 |.
0043A17B |.
0043A17D |.
0043A181 |.
0043A187 |>
0043A18B |.
0043A18D |>
0043A190 |.
0043A196 |.
0043A199 |.
0043A19B |.
0043A19D |.
0043A1A0 |.
0043A1A1 |.
0043A1A3 |.
0043A1A9 |.
0043A1AC |.
0043A1B0 |.
0043A1B7 |.
0043A1B9 |.
0043A1BB |.
0043A1C1 |.
0043A1C7 |>
0043A1CE |.
0043A1D4 |.
0043A1DB |.
0043A1E1 |.
0043A1E4 |.
0043A1E5 |.
0043A1E6 |.
0043A1EB |>
0043A1ED |.
0043A1F0 |.
0043A1F6 |.
0043A1F9 |.^
0043A1FF |.
0043A200 |.
0043A201 |.
0043A207 |.
0043A20A |.^
0043A210 |.
0043A213 |.
0043A215 |>
ase of switch
0043A21B |.
0043A21E |.
0043A224 |.
0043A22A |.
0043A231 |.
0043A237 |.

0FB7D0
|MOVZX EDX,AX
B8 FFFF0000 |MOV EAX,0FFFF
59
|POP ECX
8995 34FDFFFF |MOV DWORD PTR SS:[LOCAL.179],EDX
66:3BC2
|CMP AX,DX
0F84 74030000 |JE 0043A4E1
83FB 63
|CMP EBX,63
74 55
|JE SHORT 0043A1C7
83FB 73
|CMP EBX,73
75 16
|JNE SHORT 0043A18D
66:83FA 09
|CMP DX,9
72 0A
|JB SHORT 0043A187
66:83FA 0D
|CMP DX,0D
0F86 5A030000 |JBE 0043A4E1
66:83FA 20
|CMP DX,20
75 3A
|JNE SHORT 0043A1C7
83FB 7B
|CMP EBX,7B
0F85 4B030000 |JNE 0043A4E1
0FB7C2
|MOVZX EAX,DX
8BC8
|MOV ECX,EAX
33DB
|XOR EBX,EBX
83E1 07
|AND ECX,00000007
43
|INC EBX
D3E3
|SHL EBX,CL
8B8D F4FCFFFF |MOV ECX,DWORD PTR SS:[LOCAL.195]
C1E8 03
|SHR EAX,3
0FBE0408
|MOVSX EAX,BYTE PTR DS:[ECX+EAX]
0FBE8D 13FDFF |MOVSX ECX,BYTE PTR SS:[LOCAL.188+3]
33C1
|XOR EAX,ECX
85D8
|TEST EAX,EBX
8B9D 14FDFFFF |MOV EBX,DWORD PTR SS:[LOCAL.187]
0F84 1A030000 |JE 0043A4E1
80BD 2BFDFFFF |CMP BYTE PTR SS:[LOCAL.182+3],0
0F85 06030000 |JNE 0043A4DA
80BD 22FDFFFF |CMP BYTE PTR SS:[LOCAL.184+2],0
0F84 A8020000 |JE 0043A489
66:8916
|MOV WORD PTR DS:[ESI],DX
46
|INC ESI
46
|INC ESI
E9 E4020000 |JMP 0043A4CF
8BC3
|MOV EAX,EBX
83E8 70
|SUB EAX,70
0F84 4A030000 |JE 0043A540
83E8 03
|SUB EAX,3
0F84 FDFEFFFF |JE 0043A0FC
48
|DEC EAX
48
|DEC EAX
0F84 40030000 |JE 0043A547
83E8 03
|SUB EAX,3
0F84 11FAFFFF |JE 00439C21
83E8 03
|SUB EAX,3
74 33
|JE SHORT 0043A248
8B85 34FDFFFF |MOV EAX,DWORD PTR SS:[LOCAL.179]
SystemInfo.439BC7
66:3907
|CMP WORD PTR DS:[EDI],AX
0F85 A0060000 |JNE 0043A8C4
FE8D 23FDFFFF |DEC BYTE PTR SS:[LOCAL.184+3]
80BD 2BFDFFFF |CMP BYTE PTR SS:[LOCAL.182+3],0
0F85 0A060000 |JNE 0043A841
8B85 D4FCFFFF |MOV EAX,DWORD PTR SS:[LOCAL.203]

; Default c

0043A23D |. 8985 DCFCFFFF |MOV DWORD PTR SS:[LOCAL.201],EAX


0043A243 |. E9 F9050000 |JMP 0043A841
0043A248 |> 80BD 33FDFFFF |CMP BYTE PTR SS:[LOCAL.180+3],0
'{') of switch SystemInfo.439BC7
0043A24F |. 7E 07
|JLE SHORT 0043A258
0043A251 |. C685 22FDFFFF |MOV BYTE PTR SS:[LOCAL.184+2],1
0043A258 |> 47
|INC EDI
0043A259 |. 6A 5E
|PUSH 5E
0043A25B |. 47
|INC EDI
0043A25C |. 58
|POP EAX
0043A25D |. 66:3B07
|CMP AX,WORD PTR DS:[EDI]
0043A260 |. 75 0A
|JNE SHORT 0043A26C
0043A262 |. 83C7 02
|ADD EDI,2
0043A265 |. C685 13FDFFFF |MOV BYTE PTR SS:[LOCAL.188+3],0FF
0043A26C |> 83BD F4FCFFFF |CMP DWORD PTR SS:[LOCAL.195],0
0043A273 |. 75 23
|JNE SHORT 0043A298
0043A275 |. 68 00200000 |PUSH 2000
000
0043A27A |. E8 94ABFFFF |CALL 00434E13
fo.00434E13
0043A27F |. 59
|POP ECX
0043A280 |. 8985 F4FCFFFF |MOV DWORD PTR SS:[LOCAL.195],EAX
0043A286 |. 85C0
|TEST EAX,EAX
0043A288 |. 0F84 52060000 |JE 0043A8E0
0043A28E |. C785 D8FCFFFF |MOV DWORD PTR SS:[LOCAL.202],1
0043A298 |> 68 00200000 |PUSH 2000
000
0043A29D |. 6A 00
|PUSH 0
0043A29F |. FFB5 F4FCFFFF |PUSH DWORD PTR SS:[LOCAL.195]
[LOCAL.195]
0043A2A5 |. E8 F645FFFF |CALL 0042E8A0
fo.0042E8A0
0043A2AA |. 83C4 0C
|ADD ESP,0C
0043A2AD |. 6A 5D
|PUSH 5D
0043A2AF |. 58
|POP EAX
0043A2B0 |. 66:3B07
|CMP AX,WORD PTR DS:[EDI]
0043A2B3 |. 75 13
|JNE SHORT 0043A2C8
0043A2B5 |. 50
|PUSH EAX
0043A2B6 |. 8B85 F4FCFFFF |MOV EAX,DWORD PTR SS:[LOCAL.195]
0043A2BC |. 47
|INC EDI
0043A2BD |. 5E
|POP ESI
0043A2BE |. 47
|INC EDI
0043A2BF |. C640 0B 20
|MOV BYTE PTR DS:[EAX+0B],20
0043A2C3 |. E9 8D000000 |JMP 0043A355
0043A2C8 |> 8BB5 C0FCFFFF |MOV ESI,DWORD PTR SS:[LOCAL.208]
0043A2CE |. E9 82000000 |JMP 0043A355
0043A2D3 |> 0FB7C0
|/MOVZX EAX,AX
0043A2D6 |. 47
||INC EDI
0043A2D7 |. 6A 2D
||PUSH 2D
0043A2D9 |. 59
||POP ECX
0043A2DA |. 47
||INC EDI
0043A2DB |. 66:3BC8
||CMP CX,AX
0043A2DE |. 75 59
||JNE SHORT 0043A339
0043A2E0 |. 66:85F6
||TEST SI,SI
0043A2E3 |. 74 54
||JE SHORT 0043A339
0043A2E5 |. 0FB70F
||MOVZX ECX,WORD PTR DS:[EDI]
0043A2E8 |. 6A 5D
||PUSH 5D
0043A2EA |. 5A
||POP EDX
0043A2EB |. 66:3BD1
||CMP DX,CX
0043A2EE |. 74 49
||JE SHORT 0043A339

; Case 7B (

; /Arg1 = 2
; \SystemIn

; /Arg3 = 2
; |Arg2 = 0
; |Arg1 =>
; \SystemIn

0043A2F0
0043A2F3
0043A2F4
0043A2F5
0043A2F8
0043A2FA
0043A2FD
0043A2FF
0043A302
0043A305
0043A308
0043A30A
0043A30C
0043A30D
0043A310
0043A313
0043A319
0043A31B
0043A31E
0043A320
0043A322
0043A325
0043A327
0043A329
0043A32B
0043A32C
0043A32D
0043A32F
0043A335
0043A337
0043A339
0043A33F
0043A342
0043A345
0043A347
0043A34A
0043A34C
0043A34F
0043A351
0043A353
0043A355
0043A358
0043A35A
0043A35B
0043A35E
0043A364
0043A368
0043A36E
0043A374
0043A37A
0043A37F
0043A381
0043A382
0043A385
0043A387
0043A38D
0043A38F
0043A391
0043A393
0043A39A

|.
|.
|.
|.
|.
|.
|.
|>
|.
|>
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.^
|.
|>
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.^
|.
|.
|.
|.
|.^
|>
|.
|.
|.
|>
|.
|.
|.
|.
|.

0FB7C9
47
47
66:3BF1
73 05
0FB7C1
EB 06
0FB7C6
0FB7F1
66:3BF0
77 2B
2BC6
40
0FB7D6
0FB7F0
8B8D F4FCFFFF
8BC2
C1E8 03
03C1
8BCA
83E1 07
B3 01
D2E3
0818
42
4E
75 E4
8B9D 14FDFFFF
33F6
EB 1C
8B95 F4FCFFFF
0FB7C8
0FB7F0
8BC1
C1E8 03
03C2
83E1 07
B2 01
D2E2
0810
0FB707
6A 5D
59
66:3BC8
0F85 6FFFFFFF
66:833F 00
0F84 72050000
8BB5 FCFCFFFF
89BD 00FDFFFF
E9 8DFDFFFF
6A 2B
58
66:3BC3
75 30
FF8D 2CFDFFFF
75 0D
85C9
74 09
C685 3FFDFFFF
EB 1B

||MOVZX ECX,CX
||INC EDI
||INC EDI
||CMP SI,CX
||JNB SHORT 0043A2FF
||MOVZX EAX,CX
||JMP SHORT 0043A305
||MOVZX EAX,SI
||MOVZX ESI,CX
||CMP SI,AX
||JA SHORT 0043A335
||SUB EAX,ESI
||INC EAX
||MOVZX EDX,SI
||MOVZX ESI,AX
||/MOV ECX,DWORD PTR SS:[LOCAL.195]
|||MOV EAX,EDX
|||SHR EAX,3
|||ADD EAX,ECX
|||MOV ECX,EDX
|||AND ECX,00000007
|||MOV BL,1
|||SHL BL,CL
|||OR BYTE PTR DS:[EAX],BL
|||INC EDX
|||DEC ESI
||\JNE SHORT 0043A313
||MOV EBX,DWORD PTR SS:[LOCAL.187]
||XOR ESI,ESI
||JMP SHORT 0043A355
||MOV EDX,DWORD PTR SS:[LOCAL.195]
||MOVZX ECX,AX
||MOVZX ESI,AX
||MOV EAX,ECX
||SHR EAX,3
||ADD EAX,EDX
||AND ECX,00000007
||MOV DL,1
||SHL DL,CL
||OR BYTE PTR DS:[EAX],DL
||MOVZX EAX,WORD PTR DS:[EDI]
||PUSH 5D
||POP ECX
||CMP CX,AX
|\JNE 0043A2D3
|CMP WORD PTR DS:[EDI],0
|JE 0043A8E0
|MOV ESI,DWORD PTR SS:[LOCAL.193]
|MOV DWORD PTR SS:[LOCAL.192],EDI
|JMP 0043A10C
|PUSH 2B
|POP EAX
|CMP AX,BX
|JNE SHORT 0043A3B7
|DEC DWORD PTR SS:[LOCAL.181]
|JNE SHORT 0043A39C
|TEST ECX,ECX
|JE SHORT 0043A39C
|MOV BYTE PTR SS:[LOCAL.177+3],1
|JMP SHORT 0043A3B7

0043A39C |>
[LOCAL.183]
0043A3A2 |.
0043A3A8 |.
fo.00440534
0043A3AD |.
0043A3B0 |.
0043A3B1 |.
0043A3B7 |>
0043A3B9 |.
0043A3BA |.
0043A3BD |.
0043A3C3 |.
[LOCAL.183]
0043A3C9 |.
0043A3CF |.
fo.00440534
0043A3D4 |.
0043A3D5 |.
0043A3D8 |.
0043A3DA |.
0043A3DB |.
0043A3DD |.
0043A3E3 |.
0043A3E6 |.
0043A3E8 |.
0043A3EA |.
0043A3EB |.
0043A3EE |.
0043A3F0 |.
0043A3FA |.
0043A400 |.
0043A402 |.
0043A409 |.
0043A40B |.
0043A411 |.
0043A413 |.
0043A419 |>
0043A423 |.
0043A428 |>
[LOCAL.183]
0043A42E |.
0043A434 |.
0043A435 |.
fo.0043981F
0043A43A |.
0043A43B |.
0043A43C |.
0043A43E |.
0043A43F |.
0043A444 |>
[LOCAL.183]
0043A44A |.
0043A450 |.
fo.00440534
0043A455 |.
0043A45C |.
0043A45F |.
0043A460 |.
0043A466 |.

FFB5 24FDFFFF |PUSH DWORD PTR SS:[LOCAL.183]

; /Arg1 =>

FF85 38FDFFFF |INC DWORD PTR SS:[LOCAL.178]


E8 87610000 |CALL 00440534

; |
; \SystemIn

0FB7D8
59
899D 34FDFFFF
6A 30
58
66:3BC3
0F85 D3010000
FFB5 24FDFFFF

; /Arg1 =>

|MOVZX EBX,AX
|POP ECX
|MOV DWORD PTR SS:[LOCAL.179],EBX
|PUSH 30
|POP EAX
|CMP AX,BX
|JNE 0043A596
|PUSH DWORD PTR SS:[LOCAL.183]

FF85 38FDFFFF |INC DWORD PTR SS:[LOCAL.178]


E8 60610000 |CALL 00440534

; |
; \SystemIn

59
0FB7D8
6A 78
5E
8BC6
899D 34FDFFFF
66:3BC3
74 5C
6A 58
58
66:3BC3
74 54
C785 18FDFFFF
39B5 14FDFFFF
74 26
83BD 0CFDFFFF
74 0E
FF8D 2CFDFFFF
75 06
FE85 3FFDFFFF
C785 14FDFFFF
E9 6E010000
FFB5 24FDFFFF

; /Arg2 =>

|POP ECX
|MOVZX EBX,AX
|PUSH 78
|POP ESI
|MOV EAX,ESI
|MOV DWORD PTR SS:[LOCAL.179],EBX
|CMP AX,BX
|JE SHORT 0043A444
|PUSH 58
|POP EAX
|CMP AX,BX
|JE SHORT 0043A444
|MOV DWORD PTR SS:[LOCAL.186],1
|CMP DWORD PTR SS:[LOCAL.187],ESI
|JE SHORT 0043A428
|CMP DWORD PTR SS:[LOCAL.189],0
|JE SHORT 0043A419
|DEC DWORD PTR SS:[LOCAL.181]
|JNE SHORT 0043A419
|INC BYTE PTR SS:[LOCAL.177+3]
|MOV DWORD PTR SS:[LOCAL.187],6F
|JMP 0043A596
|PUSH DWORD PTR SS:[LOCAL.183]

FF8D 38FDFFFF |DEC DWORD PTR SS:[LOCAL.178]


53
|PUSH EBX
E8 E5F3FFFF |CALL 0043981F

; |
; |Arg1
; \SystemIn

59
59
6A 30
5B
E9 4C010000
FFB5 24FDFFFF

; /Arg1 =>

|POP ECX
|POP ECX
|PUSH 30
|POP EBX
|JMP 0043A590
|PUSH DWORD PTR SS:[LOCAL.183]

FF85 38FDFFFF |INC DWORD PTR SS:[LOCAL.178]


E8 DF600000 |CALL 00440534
83BD 0CFDFFFF
0FB7D8
59
899D 34FDFFFF
74 16

|CMP DWORD PTR SS:[LOCAL.189],0


|MOVZX EBX,AX
|POP ECX
|MOV DWORD PTR SS:[LOCAL.179],EBX
|JE SHORT 0043A47E

; |
; \SystemIn

0043A468 |. 83AD 2CFDFFFF


0043A46F |. 83BD 2CFDFFFF
0043A476 |. 7D 06
0043A478 |. FE85 3FFDFFFF
0043A47E |> 89B5 14FDFFFF
0043A484 |. E9 0D010000
0043A489 |> 83A5 E8FCFFFF
0043A490 |. 52
0043A491 |. 6A 05
0043A493 |. 8D85 E8FCFFFF
0043A499 |. 56
0043A49A |. 50
OFFSET LOCAL.198
0043A49B |. E8 A3470000
fo.0043EC43
0043A4A0 |. 83C4 10
0043A4A3 |. 85C0
0043A4A5 |. 74 22
0043A4A7 |. 83F8 16
0043A4AA |. 74 09
0043A4AC |. 83F8 22
0043A4AF |.^ 0F85 72FCFFFF
0043A4B5 |> 33C0
0043A4B7 |. 50
0043A4B8 |. 50
0043A4B9 |. 50
0043A4BA |. 50
0043A4BB |. 50
0043A4BC |. E8 7942FFFF
0043A4C1 |. 83C4 14
0043A4C4 |.^ E9 5EFCFFFF
0043A4C9 |> 03B5 E8FCFFFF
0043A4CF |> 89B5 FCFCFFFF
0043A4D5 |.^ E9 4DFCFFFF
0043A4DA |> 47
0043A4DB |. 47
0043A4DC |.^ E9 46FCFFFF
0043A4E1 |> FFB5 24FDFFFF
[LOCAL.183]
0043A4E7 |. FF8D 38FDFFFF
0043A4ED |. 52
0043A4EE |. E8 2CF3FFFF
fo.0043981F
0043A4F3 |. 59
0043A4F4 |. 59
0043A4F5 |> 3BFE
0043A4F7 |. 0F84 E3030000
0043A4FD |. 80BD 2BFDFFFF
0043A504 |. 0F85 37030000
0043A50A |. FF85 F8FCFFFF
0043A510 |. 83FB 63
0043A513 |. 0F84 28030000
0043A519 |. 80BD 22FDFFFF
0043A520 |. 74 10
0043A522 |. 8B8D FCFCFFFF
0043A528 |. 33C0
0043A52A |. 66:8901
0043A52D |. E9 0F030000
0043A532 |> 8B85 FCFCFFFF
0043A538 |. C600 00

|SUB DWORD PTR SS:[LOCAL.181],2


|CMP DWORD PTR SS:[LOCAL.181],1
|JGE SHORT 0043A47E
|INC BYTE PTR SS:[LOCAL.177+3]
|MOV DWORD PTR SS:[LOCAL.187],ESI
|JMP 0043A596
|AND DWORD PTR SS:[LOCAL.198],00000000
|PUSH EDX
|PUSH 5
|LEA EAX,[LOCAL.198]
|PUSH ESI
|PUSH EAX

;
;
;
;
;

|CALL 0043EC43

; \SystemIn

|ADD ESP,10
|TEST EAX,EAX
|JE SHORT 0043A4C9
|CMP EAX,16
|JE SHORT 0043A4B5
|CMP EAX,22
|JNE 0043A127
|XOR EAX,EAX
|PUSH EAX
|PUSH EAX
|PUSH EAX
|PUSH EAX
|PUSH EAX
|CALL 0042E73A
|ADD ESP,14
|JMP 0043A127
|ADD ESI,DWORD PTR SS:[LOCAL.198]
|MOV DWORD PTR SS:[LOCAL.193],ESI
|JMP 0043A127
|INC EDI
|INC EDI
|JMP 0043A127
|PUSH DWORD PTR SS:[LOCAL.183]

; /Arg2 =>

|DEC DWORD PTR SS:[LOCAL.178]


|PUSH EDX
|CALL 0043981F

; |
; |Arg1
; \SystemIn

|POP ECX
|POP ECX
|CMP EDI,ESI
|JE 0043A8E0
|CMP BYTE PTR SS:[LOCAL.182+3],0
|JNE 0043A841
|INC DWORD PTR SS:[LOCAL.194]
|CMP EBX,63
|JE 0043A841
|CMP BYTE PTR SS:[LOCAL.184+2],0
|JE SHORT 0043A532
|MOV ECX,DWORD PTR SS:[LOCAL.193]
|XOR EAX,EAX
|MOV WORD PTR DS:[ECX],AX
|JMP 0043A841
|MOV EAX,DWORD PTR SS:[LOCAL.193]
|MOV BYTE PTR DS:[EAX],0

/Arg4
|Arg3 = 5
|
|Arg2
|Arg1 =>

0043A53B |. E9 01030000 |JMP 0043A841


0043A540 |> C685 2AFDFFFF |MOV BYTE PTR SS:[LOCAL.182+2],1
'p') of switch SystemInfo.439BC7
0043A547 |> 8B9D 34FDFFFF |MOV EBX,DWORD PTR SS:[LOCAL.179]
('d'), 6F ('o'), 75 ('u') of switch SystemInfo.439BC7
0043A54D |. 6A 2D
|PUSH 2D
0043A54F |. 58
|POP EAX
0043A550 |. 66:3BC3
|CMP AX,BX
0043A553 |. 75 09
|JNE SHORT 0043A55E
0043A555 |. C685 21FDFFFF |MOV BYTE PTR SS:[LOCAL.184+1],1
0043A55C |. EB 08
|JMP SHORT 0043A566
0043A55E |> 6A 2B
|PUSH 2B
0043A560 |. 58
|POP EAX
0043A561 |. 66:3BC3
|CMP AX,BX
0043A564 |. 75 30
|JNE SHORT 0043A596
0043A566 |> FF8D 2CFDFFFF |DEC DWORD PTR SS:[LOCAL.181]
0043A56C |. 75 0D
|JNE SHORT 0043A57B
0043A56E |. 85C9
|TEST ECX,ECX
0043A570 |. 74 09
|JE SHORT 0043A57B
0043A572 |. C685 3FFDFFFF |MOV BYTE PTR SS:[LOCAL.177+3],1
0043A579 |. EB 1B
|JMP SHORT 0043A596
0043A57B |> FFB5 24FDFFFF |PUSH DWORD PTR SS:[LOCAL.183]
[LOCAL.183]
0043A581 |. FF85 38FDFFFF |INC DWORD PTR SS:[LOCAL.178]
0043A587 |. E8 A85F0000 |CALL 00440534
fo.00440534
0043A58C |. 59
|POP ECX
0043A58D |. 0FB7D8
|MOVZX EBX,AX
0043A590 |> 899D 34FDFFFF |MOV DWORD PTR SS:[LOCAL.179],EBX
0043A596 |> 83BD E4FCFFFF |CMP DWORD PTR SS:[LOCAL.199],0
0043A59D |. 0F84 63010000 |JE 0043A706
0043A5A3 |. 80BD 3FFDFFFF |CMP BYTE PTR SS:[LOCAL.177+3],0
0043A5AA |. 0F85 1F010000 |JNE 0043A6CF
0043A5B0 |. BF 00FF0000 |MOV EDI,0FF00
0043A5B5 |> 83BD 14FDFFFF |/CMP DWORD PTR SS:[LOCAL.187],78
0043A5BC |. 74 72
||JE SHORT 0043A630
0043A5BE |. 83BD 14FDFFFF ||CMP DWORD PTR SS:[LOCAL.187],70
0043A5C5 |. 74 69
||JE SHORT 0043A630
0043A5C7 |. 85DF
||TEST EDI,EBX
0043A5C9 |. 0F85 EC000000 ||JNE 0043A6BB
0043A5CF |. 0FB6C3
||MOVZX EAX,BL
0043A5D2 |. 50
||PUSH EAX
0043A5D3 |. E8 87A7FFFF ||CALL 00434D5F
fo.00434D5F
0043A5D8 |. 59
||POP ECX
0043A5D9 |. 85C0
||TEST EAX,EAX
0043A5DB |. 0F84 DA000000 ||JE 0043A6BB
0043A5E1 |. 83BD 14FDFFFF ||CMP DWORD PTR SS:[LOCAL.187],6F
0043A5E8 |. 75 27
||JNE SHORT 0043A611
0043A5EA |. 6A 38
||PUSH 38
0043A5EC |. 58
||POP EAX
0043A5ED |. 66:3BC3
||CMP AX,BX
0043A5F0 |. 0F86 C5000000 ||JBE 0043A6BB
0043A5F6 |. 8B85 08FDFFFF ||MOV EAX,DWORD PTR SS:[LOCAL.190]
0043A5FC |. 8BB5 04FDFFFF ||MOV ESI,DWORD PTR SS:[LOCAL.191]
0043A602 |. 0FA4F0 03
||SHLD EAX,ESI,3
0043A606 |. C1E6 03
||SHL ESI,3
0043A609 |. 8985 08FDFFFF ||MOV DWORD PTR SS:[LOCAL.190],EAX
0043A60F |. EB 5E
||JMP SHORT 0043A66F
0043A611 |> 6A 00
||PUSH 0

; Case 70 (
; Cases 64

; /Arg1 =>
; |
; \SystemIn

; /Arg1
; \SystemIn

; /Arg4 = 0

0043A613 |.
A
0043A615 |.
[LOCAL.190]
0043A61B |.
[LOCAL.191]
0043A621 |.
fo.00432070
0043A626 |.
0043A628 |.
0043A62E |.
0043A630 |>
0043A632 |.
0043A638 |.
0043A63B |.
0043A63C |.
fo.00434DE3
0043A641 |.
0043A642 |.
0043A644 |.
0043A646 |.
0043A64C |.
0043A652 |.
0043A656 |.
0043A657 |.
0043A65A |.
0043A660 |.
0043A665 |.
0043A668 |.
0043A669 |.
0043A66F |>
0043A675 |.
0043A678 |.
0043A67B |.
0043A67C |.
0043A67E |.
0043A684 |.
0043A68B |.
0043A691 |.
0043A693 |.
0043A699 |.
0043A69B |>
[LOCAL.183]
0043A6A1 |.
0043A6A7 |.
fo.00440534
0043A6AC |.
0043A6AF |.
0043A6B0 |.
0043A6B6 |.^
0043A6BB |>
[LOCAL.183]
0043A6C1 |.
0043A6C7 |.
0043A6C8 |.
fo.0043981F
0043A6CD |.
0043A6CE |.
0043A6CF |>
0043A6D6 |.

6A 0A

||PUSH 0A

; |Arg3 = 0

FFB5 08FDFFFF ||PUSH DWORD PTR SS:[LOCAL.190]

; |Arg2 =>

FFB5 04FDFFFF ||PUSH DWORD PTR SS:[LOCAL.191]

; |Arg1 =>

E8 4A7AFFFF

||CALL 00432070

; \SystemIn

8BF0
8995 08FDFFFF
EB 3F
85DF
0F85 83000000
0FB6C3
50
E8 A2A7FFFF

||MOV ESI,EAX
||MOV DWORD PTR SS:[LOCAL.190],EDX
||JMP SHORT 0043A66F
||TEST EDI,EBX
||JNE 0043A6BB
||MOVZX EAX,BL
||PUSH EAX
||CALL 00434DE3

; /Arg1
; \SystemIn

59
85C0
74 75
8B85 08FDFFFF
8BB5 04FDFFFF
0FA4F0 04
53
C1E6 04
8985 08FDFFFF
E8 84F1FFFF
0FB7D8
59
899D 34FDFFFF
FF85 18FDFFFF
0FB7C3
83E8 30
99
03F0
1195 08FDFFFF
83BD 0CFDFFFF
89B5 04FDFFFF
74 08
FF8D 2CFDFFFF
74 34
FFB5 24FDFFFF

||POP ECX
||TEST EAX,EAX
||JE SHORT 0043A6BB
||MOV EAX,DWORD PTR SS:[LOCAL.190]
||MOV ESI,DWORD PTR SS:[LOCAL.191]
||SHLD EAX,ESI,4
||PUSH EBX
||SHL ESI,4
||MOV DWORD PTR SS:[LOCAL.190],EAX
||CALL 004397E9
||MOVZX EBX,AX
||POP ECX
||MOV DWORD PTR SS:[LOCAL.179],EBX
||INC DWORD PTR SS:[LOCAL.186]
||MOVZX EAX,BX
||SUB EAX,30
||CDQ
||ADD ESI,EAX
||ADC DWORD PTR SS:[LOCAL.190],EDX
||CMP DWORD PTR SS:[LOCAL.189],0
||MOV DWORD PTR SS:[LOCAL.191],ESI
||JE SHORT 0043A69B
||DEC DWORD PTR SS:[LOCAL.181]
||JE SHORT 0043A6CF
||PUSH DWORD PTR SS:[LOCAL.183]

; /Arg1 =>

FF85 38FDFFFF ||INC DWORD PTR SS:[LOCAL.178]


E8 885E0000 ||CALL 00440534

; |
; \SystemIn

0FB7D8
59
899D 34FDFFFF
E9 FAFEFFFF
FFB5 24FDFFFF

; /Arg2 =>

||MOVZX EBX,AX
||POP ECX
||MOV DWORD PTR SS:[LOCAL.179],EBX
|\JMP 0043A5B5
|PUSH DWORD PTR SS:[LOCAL.183]

FF8D 38FDFFFF |DEC DWORD PTR SS:[LOCAL.178]


53
|PUSH EBX
E8 52F1FFFF |CALL 0043981F
59
|POP
59
|POP
80BD 21FDFFFF |CMP
8BBD E8FCFFFF |MOV

ECX
ECX
BYTE PTR SS:[LOCAL.184+1],0
EDI,DWORD PTR SS:[LOCAL.198]

; |
; |Arg1
; \SystemIn

0043A6DC |.
0043A6E2 |.
0043A6E8 |.
0043A6EE |.
0043A6F0 |.
0043A6F3 |.
0043A6F5 |.
0043A6FB |.
0043A701 |.
0043A706 |>
0043A70D |.
0043A713 |.
0043A719 |.
0043A71E |>
0043A725 |.
0043A727 |.
0043A72E |.
0043A730 |.
0043A732 |.
0043A738 |.
0043A73B |.
0043A73C |.
fo.00434D5F
0043A741 |.
0043A742 |.
0043A744 |.
0043A746 |.
0043A74D |.
0043A74F |.
0043A751 |.
0043A752 |.
0043A755 |.
0043A757 |.
0043A75A |.
0043A75C |>
0043A75F |.
0043A761 |>
0043A763 |.
0043A765 |.
0043A768 |.
0043A769 |.
fo.00434DE3
0043A76E |.
0043A76F |.
0043A771 |.
0043A773 |.
0043A774 |.
0043A777 |.
0043A77C |.
0043A77F |.
0043A780 |.
0043A786 |>
0043A78C |.
0043A793 |.
0043A796 |.
0043A79A |.
0043A79C |.
0043A7A2 |.
0043A7A4 |>
[LOCAL.183]

0F84 01010000
8B85 04FDFFFF
8B8D 08FDFFFF
F7D8
83D1 00
F7D9
8985 04FDFFFF
898D 08FDFFFF
E9 DD000000
80BD 3FFDFFFF
8BBD E8FCFFFF
0F85 BF000000
BE 00FF0000
83BD 14FDFFFF
74 3A
83BD 14FDFFFF
74 31
85DE
0F85 8C000000
0FB6C3
50
E8 1EA6FFFF

|JE 0043A7E3
|MOV EAX,DWORD PTR SS:[LOCAL.191]
|MOV ECX,DWORD PTR SS:[LOCAL.190]
|NEG EAX
|ADC ECX,0
|NEG ECX
|MOV DWORD PTR SS:[LOCAL.191],EAX
|MOV DWORD PTR SS:[LOCAL.190],ECX
|JMP 0043A7E3
|CMP BYTE PTR SS:[LOCAL.177+3],0
|MOV EDI,DWORD PTR SS:[LOCAL.198]
|JNE 0043A7D8
|MOV ESI,0FF00
|/CMP DWORD PTR SS:[LOCAL.187],78
||JE SHORT 0043A761
||CMP DWORD PTR SS:[LOCAL.187],70
||JE SHORT 0043A761
||TEST ESI,EBX
||JNE 0043A7C4
||MOVZX EAX,BL
||PUSH EAX
||CALL 00434D5F

; /Arg1
; \SystemIn

59
85C0
74 7E
83BD 14FDFFFF
75 0D
6A 38
58
66:3BC3
76 6D
C1E7 03
EB 2A
6BFF 0A
EB 25
85DE
75 5F
0FB6C3
50
E8 75A6FFFF

||POP ECX
||TEST EAX,EAX
||JE SHORT 0043A7C4
||CMP DWORD PTR SS:[LOCAL.187],6F
||JNE SHORT 0043A75C
||PUSH 38
||POP EAX
||CMP AX,BX
||JBE SHORT 0043A7C4
||SHL EDI,3
||JMP SHORT 0043A786
||IMUL EDI,EDI,0A
||JMP SHORT 0043A786
||TEST ESI,EBX
||JNE SHORT 0043A7C4
||MOVZX EAX,BL
||PUSH EAX
||CALL 00434DE3

; /Arg1
; \SystemIn

59
85C0
74 51
53
C1E7 04
E8 6DF0FFFF
0FB7D8
59
899D 34FDFFFF
FF85 18FDFFFF
83BD 0CFDFFFF
0FB7C3
8D7C07 D0
74 08
FF8D 2CFDFFFF
74 34
FFB5 24FDFFFF

||POP ECX
||TEST EAX,EAX
||JE SHORT 0043A7C4
||PUSH EBX
||SHL EDI,4
||CALL 004397E9
||MOVZX EBX,AX
||POP ECX
||MOV DWORD PTR SS:[LOCAL.179],EBX
||INC DWORD PTR SS:[LOCAL.186]
||CMP DWORD PTR SS:[LOCAL.189],0
||MOVZX EAX,BX
||LEA EDI,[EAX+EDI-30]
||JE SHORT 0043A7A4
||DEC DWORD PTR SS:[LOCAL.181]
||JE SHORT 0043A7D8
||PUSH DWORD PTR SS:[LOCAL.183]

; /Arg1 =>

0043A7AA |.
0043A7B0 |.
fo.00440534
0043A7B5 |.
0043A7B8 |.
0043A7B9 |.
0043A7BF |.^
0043A7C4 |>
[LOCAL.183]
0043A7CA |.
0043A7D0 |.
0043A7D1 |.
fo.0043981F
0043A7D6 |.
0043A7D7 |.
0043A7D8 |>
0043A7DF |.
0043A7E1 |.
0043A7E3 |>
0043A7EA |.
0043A7EC |.
0043A7F3 |>
0043A7FA |.
0043A800 |.
0043A807 |.
0043A809 |.
0043A80F |.
0043A815 |>
0043A81C |.
0043A81E |.
0043A824 |.
0043A826 |.
0043A82C |.
0043A82F |.
0043A831 |>
0043A838 |.
0043A83A |.
0043A83C |.
0043A83E |>
0043A841 |>
0043A847 |.
0043A84D |.
0043A84E |.
0043A84F |.
0043A855 |.
0043A857 |>
0043A859 |.
0043A85C |.
0043A85E |.
0043A861 |.
0043A864 |.
0043A866 |.
0043A868 |>
[LOCAL.183]
0043A86E |.
0043A874 |.
fo.00440534
0043A879 |.
0043A87A |.
0043A87D |.

FF85 38FDFFFF ||INC DWORD PTR SS:[LOCAL.178]


E8 7F5D0000 ||CALL 00440534

; |
; \SystemIn

0FB7D8
59
899D 34FDFFFF
E9 5AFFFFFF
FFB5 24FDFFFF

; /Arg2 =>

||MOVZX EBX,AX
||POP ECX
||MOV DWORD PTR SS:[LOCAL.179],EBX
|\JMP 0043A71E
|PUSH DWORD PTR SS:[LOCAL.183]

FF8D 38FDFFFF |DEC DWORD PTR SS:[LOCAL.178]


53
|PUSH EBX
E8 49F0FFFF |CALL 0043981F

; |
; |Arg1
; \SystemIn

59
59
80BD 21FDFFFF
74 02
F7DF
83BD 14FDFFFF
75 07
83A5 18FDFFFF
83BD 18FDFFFF
0F84 E0000000
80BD 2BFDFFFF
75 38
FF85 F8FCFFFF
8BB5 FCFCFFFF
83BD E4FCFFFF
74 13
8B85 04FDFFFF
8906
8B85 08FDFFFF
8946 04
EB 10
80BD 2AFDFFFF
74 04
893E
EB 03
66:893E
8BBD 00FDFFFF
FE85 23FDFFFF
47
47
89BD 00FDFFFF
EB 3C
8BD1
66:3BD0
75 0A
8D47 02
66:3B08
75 02
8BF8
FFB5 24FDFFFF

; /Arg1 =>

|POP ECX
|POP ECX
|CMP BYTE PTR SS:[LOCAL.184+1],0
|JE SHORT 0043A7E3
|NEG EDI
|CMP DWORD PTR SS:[LOCAL.187],46
|JNE SHORT 0043A7F3
|AND DWORD PTR SS:[LOCAL.186],00000000
|CMP DWORD PTR SS:[LOCAL.186],0
|JE 0043A8E0
|CMP BYTE PTR SS:[LOCAL.182+3],0
|JNE SHORT 0043A841
|INC DWORD PTR SS:[LOCAL.194]
|MOV ESI,DWORD PTR SS:[LOCAL.193]
|CMP DWORD PTR SS:[LOCAL.199],0
|JE SHORT 0043A831
|MOV EAX,DWORD PTR SS:[LOCAL.191]
|MOV DWORD PTR DS:[ESI],EAX
|MOV EAX,DWORD PTR SS:[LOCAL.190]
|MOV DWORD PTR DS:[ESI+4],EAX
|JMP SHORT 0043A841
|CMP BYTE PTR SS:[LOCAL.182+2],0
|JE SHORT 0043A83E
|MOV DWORD PTR DS:[ESI],EDI
|JMP SHORT 0043A841
|MOV WORD PTR DS:[ESI],DI
|MOV EDI,DWORD PTR SS:[LOCAL.192]
|INC BYTE PTR SS:[LOCAL.184+3]
|INC EDI
|INC EDI
|MOV DWORD PTR SS:[LOCAL.192],EDI
|JMP SHORT 0043A893
|MOV EDX,ECX
|CMP DX,AX
|JNE SHORT 0043A868
|LEA EAX,[EDI+2]
|CMP CX,WORD PTR DS:[EAX]
|JNE SHORT 0043A868
|MOV EDI,EAX
|PUSH DWORD PTR SS:[LOCAL.183]

FF85 38FDFFFF |INC DWORD PTR SS:[LOCAL.178]


E8 BB5C0000 |CALL 00440534
59
66:8B0F
0FB7C0

|POP ECX
|MOV CX,WORD PTR DS:[EDI]
|MOVZX EAX,AX

; |
; \SystemIn

0043A880 |.
0043A881 |.
0043A882 |.
0043A888 |.
0043A88E |.
0043A891 |.
0043A893 |>
0043A898 |.
0043A89F |.
0043A8A1 |.
0043A8A5 |.
0043A8A7 |.
0043A8AD |.
0043A8B2 |.
0043A8B4 |.
0043A8B6 |>
0043A8B9 |.
0043A8BC |.^
0043A8C2 |.
0043A8C4 |>
0043A8CA |.
0043A8CB |.
0043A8CD |>
0043A8D3 |.
0043A8D9 |>
fo.0043981F
0043A8DE |.
0043A8DF |.
0043A8E0 |>
0043A8E7 |.
0043A8E8 |.
0043A8EA |.
[LOCAL.195]
0043A8F0 |.
fo.004331DE
0043A8F5 |.
0043A8F6 |>
0043A8FD |.
0043A8FF |.
[LOCAL.185]
0043A905 |.
fo.004331DE
0043A90A |.
0043A90B |>
0043A910 |.
0043A917 |.
0043A919 |.
0043A91F |.
0043A921 |.
0043A923 |.
0043A929 |.
0043A92B |.
0043A92E |>
0043A935 |.
0043A937 |.
0043A93D |.
0043A941 |.
0043A943 |>
0043A94A |.
0043A94C |.

47
47
8985 34FDFFFF
89BD 00FDFFFF
66:3BC8
75 3A
B8 FFFF0000
66:3B85 34FDF
75 15
66:833F 25
75 39
8B85 00FDFFFF
66:8378 02 6E
75 2C
8BF8
0FB707
66:85C0
0F85 59F0FFFF
EB 1C
FFB5 24FDFFFF
50
EB 0C
FFB5 24FDFFFF
FFB5 34FDFFFF
E8 41EFFFFF

|INC EDI
|INC EDI
|MOV DWORD PTR SS:[LOCAL.179],EAX
|MOV DWORD PTR SS:[LOCAL.192],EDI
|CMP CX,AX
|JNE SHORT 0043A8CD
|MOV EAX,0FFFF
|CMP AX,WORD PTR SS:[LOCAL.179]
|JNE SHORT 0043A8B6
|CMP WORD PTR DS:[EDI],25
|JNE SHORT 0043A8E0
|MOV EAX,DWORD PTR SS:[LOCAL.192]
|CMP WORD PTR DS:[EAX+2],6E
|JNE SHORT 0043A8E0
|MOV EDI,EAX
|MOVZX EAX,WORD PTR DS:[EDI]
|TEST AX,AX
\JNE 0043991B
JMP SHORT 0043A8E0
PUSH DWORD PTR SS:[LOCAL.183]
PUSH EAX
JMP SHORT 0043A8D9
PUSH DWORD PTR SS:[LOCAL.183]
PUSH DWORD PTR SS:[LOCAL.179]
CALL 0043981F

; \SystemIn

59
59
83BD D8FCFFFF
5B
75 0C
FFB5 F4FCFFFF

POP ECX
POP ECX
CMP DWORD PTR SS:[LOCAL.202],1
POP EBX
JNE SHORT 0043A8F6
PUSH DWORD PTR SS:[LOCAL.195]

; /Arg1 =>

E8 E988FFFF

CALL 004331DE

; \SystemIn

59
83BD F0FCFFFF
75 0C
FFB5 1CFDFFFF

POP ECX
CMP DWORD PTR SS:[LOCAL.196],1
JNE SHORT 0043A90B
PUSH DWORD PTR SS:[LOCAL.185]

; /Arg1 =>

E8 D488FFFF

CALL 004331DE

; \SystemIn

59
B8 FFFF0000
66:3B85 34FDF
75 2A
8B85 F8FCFFFF
85C0
75 0B
3885 23FDFFFF
75 03
83C8 FF
80BD D0FCFFFF
74 25
8B8D CCFCFFFF
8361 70 FD
EB 19
80BD D0FCFFFF
74 0A
8B85 CCFCFFFF

POP ECX
MOV EAX,0FFFF
CMP AX,WORD PTR SS:[LOCAL.179]
JNE SHORT 0043A943
MOV EAX,DWORD PTR SS:[LOCAL.194]
TEST EAX,EAX
JNE SHORT 0043A92E
CMP BYTE PTR SS:[LOCAL.184+3],AL
JNE SHORT 0043A92E
OR EAX,FFFFFFFF
CMP BYTE PTR SS:[LOCAL.204],0
JE SHORT 0043A95C
MOV ECX,DWORD PTR SS:[LOCAL.205]
AND DWORD PTR DS:[ECX+70],FFFFFFFD
JMP SHORT 0043A95C
CMP BYTE PTR SS:[LOCAL.204],0
JE SHORT 0043A956
MOV EAX,DWORD PTR SS:[LOCAL.205]

0043A952 |. 8360 70 FD
AND DWORD PTR DS:[EAX+70],FFFFFFFD
0043A956 |> 8B85 F8FCFFFF MOV EAX,DWORD PTR SS:[LOCAL.194]
0043A95C |> 8B4D FC
MOV ECX,DWORD PTR SS:[LOCAL.1]
0043A95F |. 5F
POP EDI
0043A960 |. 33CD
XOR ECX,EBP
0043A962 |. 5E
POP ESI
0043A963 |. E8 893DFFFF CALL 0042E6F1
0043A968 |. C9
LEAVE
0043A969 \. C3
RETN
0043A96A /$ 8BFF
MOV EDI,EDI
0043A96C |. 55
PUSH EBP
0043A96D |. 8BEC
MOV EBP,ESP
0043A96F |. 83EC 10
SUB ESP,10
0043A972 |. FF75 08
PUSH DWORD PTR SS:[ARG.1]
[ARG.1]
0043A975 |. 8D4D F0
LEA ECX,[LOCAL.4]
0043A978 |. E8 E842FFFF CALL 0042EC65
fo.0042EC65
0043A97D |. 8B45 18
MOV EAX,DWORD PTR SS:[ARG.5]
0043A980 |. 85C0
TEST EAX,EAX
0043A982 |. 7E 18
JLE SHORT 0043A99C
0043A984 |. 8B4D 14
MOV ECX,DWORD PTR SS:[ARG.4]
0043A987 |. 8BD0
MOV EDX,EAX
0043A989 |> 4A
/DEC EDX
0043A98A |. 66:8339 00
|CMP WORD PTR DS:[ECX],0
0043A98E |. 74 09
|JE SHORT 0043A999
0043A990 |. 41
|INC ECX
0043A991 |. 41
|INC ECX
0043A992 |. 85D2
|TEST EDX,EDX
0043A994 |.^ 75 F3
\JNE SHORT 0043A989
0043A996 |. 83CA FF
OR EDX,FFFFFFFF
0043A999 |> 2BC2
SUB EAX,EDX
0043A99B |. 48
DEC EAX
0043A99C |> FF75 20
PUSH DWORD PTR SS:[ARG.7]
=> [ARG.7]
0043A99F |. FF75 1C
PUSH DWORD PTR SS:[ARG.6]
[ARG.6]
0043A9A2 |. 50
PUSH EAX
0043A9A3 |. FF75 14
PUSH DWORD PTR SS:[ARG.4]
ARG.4]
0043A9A6 |. FF75 10
PUSH DWORD PTR SS:[ARG.3]
[ARG.3]
0043A9A9 |. FF75 0C
PUSH DWORD PTR SS:[ARG.2]
> [ARG.2]
0043A9AC |. FF15 7C814400 CALL DWORD PTR DS:[<&KERNEL32.LCMapStrin
.LCMapStringW
0043A9B2 |. 807D FC 00
CMP BYTE PTR SS:[LOCAL.1],0
0043A9B6 |. 74 07
JE SHORT 0043A9BF
0043A9B8 |. 8B4D F8
MOV ECX,DWORD PTR SS:[LOCAL.2]
0043A9BB |. 8361 70 FD
AND DWORD PTR DS:[ECX+70],FFFFFFFD
0043A9BF |> C9
LEAVE
0043A9C0 \. C3
RETN
0043A9C1 /$ 8BFF
MOV EDI,EDI
o.0043A9C1(guessed Arg1,Arg2,Arg3)
0043A9C3 |. 55
PUSH EBP
0043A9C4 |. 8BEC
MOV EBP,ESP
0043A9C6 |. B8 FFFF0000 MOV EAX,0FFFF
0043A9CB |. 83EC 14
SUB ESP,14
0043A9CE |. 66:3945 08
CMP WORD PTR SS:[ARG.1],AX
0043A9D2 |. 75 06
JNE SHORT 0043A9DA

; /Arg1 =>
; |
; \SystemIn

; /DestLen
; |Dest =>
; |SrcLen
; |Src => [
; |Flags =>
; |Locale =
; \KERNEL32

; SystemInf

0043A9D4 |. 8365 FC 00
AND DWORD PTR SS:[LOCAL.1],00000000
0043A9D8 |. EB 65
JMP SHORT 0043AA3F
0043A9DA |> B8 00010000 MOV EAX,100
0043A9DF |. 66:3945 08
CMP WORD PTR SS:[ARG.1],AX
0043A9E3 |. 73 1A
JNB SHORT 0043A9FF
0043A9E5 |. 0FB745 08
MOVZX EAX,WORD PTR SS:[ARG.1]
0043A9E9 |. 8B0D C4174500 MOV ECX,DWORD PTR DS:[4517C4]
0043A9EF |. 66:8B0441
MOV AX,WORD PTR DS:[EAX*2+ECX]
0043A9F3 |. 66:2345 0C
AND AX,WORD PTR SS:[ARG.2]
0043A9F7 |. 0FB7C0
MOVZX EAX,AX
0043A9FA |. 8945 FC
MOV DWORD PTR SS:[LOCAL.1],EAX
0043A9FD |. EB 40
JMP SHORT 0043AA3F
0043A9FF |> FF75 10
PUSH DWORD PTR SS:[ARG.3]
[ARG.3]
0043AA02 |. 8D4D EC
LEA ECX,[LOCAL.5]
0043AA05 |. E8 5B42FFFF CALL 0042EC65
fo.0042EC65
0043AA0A |. 8B45 EC
MOV EAX,DWORD PTR SS:[LOCAL.5]
0043AA0D |. FF70 14
PUSH DWORD PTR DS:[EAX+14]
0043AA10 |. FF70 04
PUSH DWORD PTR DS:[EAX+4]
0043AA13 |. 8D45 FC
LEA EAX,[LOCAL.1]
0043AA16 |. 50
PUSH EAX
OFFSET LOCAL.1
0043AA17 |. 6A 01
PUSH 1
0043AA19 |. 8D45 08
LEA EAX,[ARG.1]
0043AA1C |. 50
PUSH EAX
OFFSET ARG.1
0043AA1D |. 8D45 EC
LEA EAX,[LOCAL.5]
0043AA20 |. 6A 01
PUSH 1
0043AA22 |. 50
PUSH EAX
OFFSET LOCAL.5
0043AA23 |. E8 715E0000 CALL 00440899
fo.00440899
0043AA28 |. 83C4 1C
ADD ESP,1C
0043AA2B |. 85C0
TEST EAX,EAX
0043AA2D |. 75 03
JNE SHORT 0043AA32
0043AA2F |. 2145 FC
AND DWORD PTR SS:[LOCAL.1],EAX
0043AA32 |> 807D F8 00
CMP BYTE PTR SS:[LOCAL.2],0
0043AA36 |. 74 07
JE SHORT 0043AA3F
0043AA38 |. 8B45 F4
MOV EAX,DWORD PTR SS:[LOCAL.3]
0043AA3B |. 8360 70 FD
AND DWORD PTR DS:[EAX+70],FFFFFFFD
0043AA3F |> 0FB745 FC
MOVZX EAX,WORD PTR SS:[LOCAL.1]
0043AA43 |. 0FB74D 0C
MOVZX ECX,WORD PTR SS:[ARG.2]
0043AA47 |. 23C1
AND EAX,ECX
0043AA49 |. C9
LEAVE
0043AA4A \. C3
RETN
0043AA4B /$ 8BFF
MOV EDI,EDI
o.0043AA4B(guessed Arg1,Arg2)
0043AA4D |. 55
PUSH EBP
0043AA4E |. 8BEC
MOV EBP,ESP
0043AA50 |. 51
PUSH ECX
0043AA51 |. B8 FFFF0000 MOV EAX,0FFFF
0043AA56 |. 66:3945 08
CMP WORD PTR SS:[ARG.1],AX
0043AA5A |. 75 04
JNE SHORT 0043AA60
0043AA5C |. 33C0
XOR EAX,EAX
0043AA5E |. C9
LEAVE
0043AA5F |. C3
RETN
0043AA60 |> B8 00010000 MOV EAX,100
0043AA65 |. 66:3945 08
CMP WORD PTR SS:[ARG.1],AX
0043AA69 |. 73 16
JNB SHORT 0043AA81

; /Arg1 =>
; |
; \SystemIn
;
;
;
;

/Arg7
|Arg6
|
|Arg5 =>

; |Arg4 = 1
; |
; |Arg3 =>
; |
; |Arg2 = 1
; |Arg1 =>
; \SystemIn

; SystemInf

0043AA6B |. 0FB745 08
MOVZX EAX,WORD PTR SS:[ARG.1]
0043AA6F |. 8B0D C4174500 MOV ECX,DWORD PTR DS:[4517C4]
0043AA75 |. 0FB70441
MOVZX EAX,WORD PTR DS:[EAX*2+ECX]
0043AA79 |. 0FB74D 0C
MOVZX ECX,WORD PTR SS:[ARG.2]
0043AA7D |. 23C1
AND EAX,ECX
0043AA7F |. C9
LEAVE
0043AA80 |. C3
RETN
0043AA81 |> 833D D02C4500 CMP DWORD PTR DS:[452CD0],0
0043AA88 |. 75 25
JNE SHORT 0043AAAF
0043AA8A |. FF35 1C1D4500 PUSH DWORD PTR DS:[451D1C]
0043AA90 |. 8D45 FC
LEA EAX,[LOCAL.1]
0043AA93 |. FF35 0C1D4500 PUSH DWORD PTR DS:[451D0C]
0043AA99 |. 50
PUSH EAX
OFFSET LOCAL.1
0043AA9A |. 6A 01
PUSH 1
0043AA9C |. 8D45 08
LEA EAX,[ARG.1]
0043AA9F |. 50
PUSH EAX
OFFSET ARG.1
0043AAA0 |. 6A 01
PUSH 1
0043AAA2 |. 68 E81D4500 PUSH OFFSET 00451DE8
ystemInfo.451DE8
0043AAA7 |. E8 ED5D0000 CALL 00440899
fo.00440899
0043AAAC |. 83C4 1C
ADD ESP,1C
0043AAAF |> 6A 00
PUSH 0
0043AAB1 |. FF75 0C
PUSH DWORD PTR SS:[ARG.2]
[ARG.2]
0043AAB4 |. FF75 08
PUSH DWORD PTR SS:[ARG.1]
[ARG.1]
0043AAB7 |. E8 05FFFFFF CALL 0043A9C1
fo.0043A9C1
0043AABC |. 83C4 0C
ADD ESP,0C
0043AABF |. C9
LEAVE
0043AAC0 \. C3
RETN
0043AAC1 /$ 8BFF
MOV EDI,EDI
o.0043AAC1(guessed Arg1,Arg2,Arg3)
0043AAC3 |. 55
PUSH EBP
0043AAC4 |. 8BEC
MOV EBP,ESP
0043AAC6 |. B8 E41A0000 MOV EAX,1AE4
0043AACB |. E8 303CFFFF CALL 0042E700
6884. bytes on stack
0043AAD0 |. A1 A0154500 MOV EAX,DWORD PTR DS:[4515A0]
0043AAD5 |. 33C5
XOR EAX,EBP
0043AAD7 |. 8945 FC
MOV DWORD PTR SS:[LOCAL.1],EAX
0043AADA |. 8B45 0C
MOV EAX,DWORD PTR SS:[ARG.2]
0043AADD |. 56
PUSH ESI
0043AADE |. 33F6
XOR ESI,ESI
0043AAE0 |. 8985 34E5FFFF MOV DWORD PTR SS:[LOCAL.1715],EAX
0043AAE6 |. 89B5 38E5FFFF MOV DWORD PTR SS:[LOCAL.1714],ESI
0043AAEC |. 89B5 30E5FFFF MOV DWORD PTR SS:[LOCAL.1716],ESI
0043AAF2 |. 3975 10
CMP DWORD PTR SS:[ARG.3],ESI
0043AAF5 |. 75 07
JNE SHORT 0043AAFE
0043AAF7 |. 33C0
XOR EAX,EAX
0043AAF9 |. E9 E9060000 JMP 0043B1E7
0043AAFE |> 3BC6
CMP EAX,ESI
0043AB00 |. 75 27
JNE SHORT 0043AB29
0043AB02 |. E8 0999FFFF CALL 00434410
fo.00434410
0043AB07 |. 8930
MOV DWORD PTR DS:[EAX],ESI
0043AB09 |. E8 EF98FFFF CALL 004343FD

;
;
;
;

/Arg7 = 0
|
|Arg6 = 0
|Arg5 =>

; |Arg4 = 1
; |
; |Arg3 =>
; |Arg2 = 1
; |Arg1 = S
; \SystemIn
; /Arg3 = 0
; |Arg2 =>
; |Arg1 =>
; \SystemIn

; SystemInf

; Allocates

; [SystemIn
; [SystemIn

fo.004343FD
0043AB0E |.
0043AB0F |.
0043AB10 |.
0043AB11 |.
0043AB12 |.
0043AB13 |.
0043AB19 |.
fo.0042E862
0043AB1E |.
0043AB21 |.
0043AB24 |.
0043AB29 |>
0043AB2A |.
0043AB2B |.
0043AB2E |.
0043AB30 |.
0043AB33 |.
0043AB3A |.
0043AB3C |.
0043AB3F |.
0043AB42 |.
0043AB44 |.
0043AB47 |.
0043AB49 |.
0043AB4B |.
0043AB51 |.
0043AB57 |.
0043AB5A |.
0043AB5C |.
0043AB5F |.
0043AB61 |>
0043AB64 |.
0043AB66 |.
0043AB69 |.
0043AB6B |.
fo.00434410
0043AB70 |.
0043AB72 |.
0043AB74 |.
fo.004343FD
0043AB79 |.
0043AB7A |.
0043AB7B |.
0043AB7C |.
0043AB7D |.
0043AB7E |.
0043AB84 |.
fo.0042E862
0043AB89 |.
0043AB8C |.
0043AB91 |>
0043AB95 |.
0043AB97 |.
0043AB99 |.
0043AB9B |.
0043AB9D |.
[ARG.1]
0043ABA0 |.
fo.0043E8BF

56
56
56
56
56
C700 16000000
E8 443DFFFF

PUSH ESI
PUSH ESI
PUSH ESI
PUSH ESI
PUSH ESI
MOV DWORD PTR DS:[EAX],16
CALL 0042E862

;
;
;
;
;
;
;

/Arg5
|Arg4
|Arg3
|Arg2
|Arg1
|
\SystemIn

83C4 14
83C8 FF
E9 BE060000
53
57
8B7D 08
8BC7
C1F8 05
8D3485 A03745
8B06
83E7 1F
C1E7 06
03C7
8A58 24
02DB
D0FB
89B5 28E5FFFF
889D 27E5FFFF
80FB 02
74 05
80FB 01
75 30
8B4D 10
F7D1
F6C1 01
75 26
E8 A098FFFF

ADD ESP,14
OR EAX,FFFFFFFF
JMP 0043B1E7
PUSH EBX
PUSH EDI
MOV EDI,DWORD PTR SS:[ARG.1]
MOV EAX,EDI
SAR EAX,5
LEA ESI,[EAX*4+4537A0]
MOV EAX,DWORD PTR DS:[ESI]
AND EDI,0000001F
SHL EDI,6
ADD EAX,EDI
MOV BL,BYTE PTR DS:[EAX+24]
ADD BL,BL
SAR BL,1
MOV DWORD PTR SS:[LOCAL.1718],ESI
MOV BYTE PTR SS:[LOCAL.1719+3],BL
CMP BL,2
JE SHORT 0043AB61
CMP BL,1
JNE SHORT 0043AB91
MOV ECX,DWORD PTR SS:[ARG.3]
NOT ECX
TEST CL,01
JNE SHORT 0043AB91
CALL 00434410

; [SystemIn

33F6
8930
E8 8498FFFF

XOR ESI,ESI
MOV DWORD PTR DS:[EAX],ESI
CALL 004343FD

; [SystemIn

56
56
56
56
56
C700 16000000
E8 D93CFFFF

PUSH ESI
PUSH ESI
PUSH ESI
PUSH ESI
PUSH ESI
MOV DWORD PTR DS:[EAX],16
CALL 0042E862

;
;
;
;
;
;
;

/Arg5
|Arg4
|Arg3
|Arg2
|Arg1
|
\SystemIn

83C4 14
E9 43060000
F640 04 20
74 11
6A 02
6A 00
6A 00
FF75 08

ADD ESP,14
JMP 0043B1D4
TEST BYTE PTR DS:[EAX+4],20
JE SHORT 0043ABA8
PUSH 2
PUSH 0
PUSH 0
PUSH DWORD PTR SS:[ARG.1]

;
;
;
;

/Arg4
|Arg3
|Arg2
|Arg1

E8 1A3D0000

CALL 0043E8BF

; \SystemIn

= 2
= 0
= 0
=>

0043ABA5 |.
0043ABA8 |>
[ARG.1]
0043ABAB |.
fo.0043EA5D
0043ABB0 |.
0043ABB1 |.
0043ABB3 |.
0043ABB9 |.
0043ABBB |.
0043ABC0 |.
0043ABC6 |.
fo.00435312
0043ABCB |.
0043ABCE |.
0043ABD0 |.
0043ABD3 |.
0043ABD9 |.
0043ABDC |.
0043ABDD |.
0043ABDF |.
0043ABE2 |.
0043ABE8 |.
0043ABEE |.
0043ABF0 |.
0043ABF6 |.
0043ABF8 |.
0043ABFE |.
0043AC00 |.
0043AC02 |.
0043AC08 |>
.GetConsoleCP
0043AC0E |.
0043AC14 |.
0043AC1A |.
0043AC1C |.
0043AC22 |.
0043AC25 |.
0043AC2B |.
0043AC31 |>
0043AC37 |.
0043AC39 |.
0043AC3F |.
0043AC41 |.
0043AC47 |.
0043AC49 |.
0043AC4C |.
0043AC4F |.
0043AC55 |.
0043AC57 |.
0043AC59 |.
0043AC5D |.
0043AC5F |.
0043AC62 |.
0043AC65 |.
0043AC68 |.
0043AC6C |.
0043AC6E |.
0043AC71 |.
0043AC72 |.

83C4 10
FF75 08

ADD ESP,10
PUSH DWORD PTR SS:[ARG.1]

; /Arg1 =>

E8 AD3E0000

CALL 0043EA5D

; \SystemIn

59
85C0
0F84 9D020000
8B06
F64407 04 80
0F84 90020000
E8 47A7FFFF

POP ECX
TEST EAX,EAX
JE 0043AE56
MOV EAX,DWORD PTR DS:[ESI]
TEST BYTE PTR DS:[EAX+EDI+4],80
JE 0043AE56
CALL 00435312

; [SystemIn

8B40 6C
33C9
3948 14
8D85 1CE5FFFF
0F94C1
50
8B06
FF3407
898D 20E5FFFF
FF15 C4814400
85C0
0F84 60020000
33C9
398D 20E5FFFF
74 08
84DB
0F84 50020000
FF15 C0814400

MOV EAX,DWORD PTR DS:[EAX+6C]


XOR ECX,ECX
CMP DWORD PTR DS:[EAX+14],ECX
LEA EAX,[LOCAL.1721]
SETE CL
PUSH EAX
MOV EAX,DWORD PTR DS:[ESI]
PUSH DWORD PTR DS:[EAX+EDI]
MOV DWORD PTR SS:[LOCAL.1720],ECX
CALL DWORD PTR DS:[<&KERNEL32.GetConsole
TEST EAX,EAX
JE 0043AE56
XOR ECX,ECX
CMP DWORD PTR SS:[LOCAL.1720],ECX
JE SHORT 0043AC08
TEST BL,BL
JE 0043AE58
CALL DWORD PTR DS:[<&KERNEL32.GetConsole ; [KERNEL32

8B9D 34E5FFFF
8985 1CE5FFFF
33C0
8985 3CE5FFFF
3945 10
0F86 42050000
8985 44E5FFFF
8A85 27E5FFFF
84C0
0F85 67010000
8A0B
8BB5 28E5FFFF
33C0
80F9 0A
0F94C0
8985 20E5FFFF
8B06
03C7
8378 38 00
74 15
8A50 34
8855 F4
884D F5
8360 38 00
6A 02
8D45 F4
50
EB 4B

MOV EBX,DWORD PTR SS:[LOCAL.1715]


MOV DWORD PTR SS:[LOCAL.1721],EAX
XOR EAX,EAX
MOV DWORD PTR SS:[LOCAL.1713],EAX
CMP DWORD PTR SS:[ARG.3],EAX
JBE 0043B16D
MOV DWORD PTR SS:[LOCAL.1711],EAX
/MOV AL,BYTE PTR SS:[LOCAL.1719+3]
|TEST AL,AL
|JNE 0043ADA6
|MOV CL,BYTE PTR DS:[EBX]
|MOV ESI,DWORD PTR SS:[LOCAL.1718]
|XOR EAX,EAX
|CMP CL,0A
|SETE AL
|MOV DWORD PTR SS:[LOCAL.1720],EAX
|MOV EAX,DWORD PTR DS:[ESI]
|ADD EAX,EDI
|CMP DWORD PTR DS:[EAX+38],0
|JE SHORT 0043AC74
|MOV DL,BYTE PTR DS:[EAX+34]
|MOV BYTE PTR SS:[LOCAL.3],DL
|MOV BYTE PTR SS:[LOCAL.3+1],CL
|AND DWORD PTR DS:[EAX+38],00000000
|PUSH 2
|LEA EAX,[LOCAL.3]
|PUSH EAX
|JMP SHORT 0043ACBF

0043AC74 |> 0FBEC1


0043AC77 |. 50
0043AC78 |. E8 0EB6FFFF
fo.0043628B
0043AC7D |. 59
0043AC7E |. 85C0
0043AC80 |. 74 3A
0043AC82 |. 8B8D 34E5FFFF
0043AC88 |. 2BCB
0043AC8A |. 034D 10
0043AC8D |. 33C0
0043AC8F |. 40
0043AC90 |. 3BC8
0043AC92 |. 0F86 A5010000
0043AC98 |. 6A 02
0043AC9A |. 8D85 40E5FFFF
0043ACA0 |. 53
0043ACA1 |. 50
OFFSET LOCAL.1712
0043ACA2 |. E8 2D7AFFFF
fo.004326D4
0043ACA7 |. 83C4 0C
0043ACAA |. 83F8 FF
0043ACAD |. 0F84 B1040000
0043ACB3 |. 43
0043ACB4 |. FF85 44E5FFFF
0043ACBA |. EB 1B
0043ACBC |> 6A 01
0043ACBE |. 53
0043ACBF |> 8D85 40E5FFFF
0043ACC5 |. 50
OFFSET LOCAL.1712
0043ACC6 |. E8 097AFFFF
fo.004326D4
0043ACCB |. 83C4 0C
0043ACCE |. 83F8 FF
0043ACD1 |. 0F84 8D040000
0043ACD7 |> 33C0
0043ACD9 |. 50
harUsed => NULL
0043ACDA |. 50
har => NULL
0043ACDB |. 6A 05
nt = 5
0043ACDD |. 8D4D F4
0043ACE0 |. 51
e => OFFSET LOCAL.3
0043ACE1 |. 6A 01
t = 1
0043ACE3 |. 8D8D 40E5FFFF
0043ACE9 |. 51
=> OFFSET LOCAL.1712
0043ACEA |. 50
0
0043ACEB |. FFB5 1CE5FFFF
=> [LOCAL.1721]
0043ACF1 |. 43
0043ACF2 |. FF85 44E5FFFF
0043ACF8 |. FF15 38814400
.WideCharToMultiByte

|MOVSX EAX,CL
|PUSH EAX
|CALL 0043628B

; /Arg1
; \SystemIn

|POP ECX
|TEST EAX,EAX
|JE SHORT 0043ACBC
|MOV ECX,DWORD PTR SS:[LOCAL.1715]
|SUB ECX,EBX
|ADD ECX,DWORD PTR SS:[ARG.3]
|XOR EAX,EAX
|INC EAX
|CMP ECX,EAX
|JBE 0043AE3D
|PUSH 2
|LEA EAX,[LOCAL.1712]
|PUSH EBX
|PUSH EAX

;
;
;
;

|CALL 004326D4

; \SystemIn

|ADD ESP,0C
|CMP EAX,-1
|JE 0043B164
|INC EBX
|INC DWORD PTR SS:[LOCAL.1711]
|JMP SHORT 0043ACD7
|PUSH 1
|PUSH EBX
|LEA EAX,[LOCAL.1712]
|PUSH EAX

; |Arg1 =>

|CALL 004326D4

; \SystemIn

|ADD ESP,0C
|CMP EAX,-1
|JE 0043B164
|XOR EAX,EAX
|PUSH EAX

; /DefaultC

|PUSH EAX

; |DefaultC

|PUSH 5

; |MultiCou

|LEA ECX,[LOCAL.3]
|PUSH ECX

; |
; |MultiByt

|PUSH 1

; |WideCoun

|LEA ECX,[LOCAL.1712]
|PUSH ECX

; |
; |WideChar

|PUSH EAX

; |Flags =>

|PUSH DWORD PTR SS:[LOCAL.1721]

; |CodePage

/Arg3 = 2
|
|Arg2
|Arg1 =>

|INC EBX
; |
|INC DWORD PTR SS:[LOCAL.1711]
; |
|CALL DWORD PTR DS:[<&KERNEL32.WideCharT ; \KERNEL32

0043ACFE |. 8BF0
0043AD00 |. 85F6
0043AD02 |. 0F84 5C040000
0043AD08 |. 6A 00
ped = NULL
0043AD0A |. 8D85 3CE5FFFF
0043AD10 |. 50
itten => OFFSET LOCAL.1713
0043AD11 |. 56
0043AD12 |. 8D45 F4
0043AD15 |. 50
> OFFSET LOCAL.3
0043AD16 |. 8B85 28E5FFFF
0043AD1C |. 8B00
0043AD1E |. FF3407
0043AD21 |. FF15 BC814400
.WriteFile
0043AD27 |. 85C0
0043AD29 |. 0F84 29040000
0043AD2F |. 8B85 44E5FFFF
0043AD35 |. 8B8D 30E5FFFF
0043AD3B |. 03C1
0043AD3D |. 39B5 3CE5FFFF
0043AD43 |. 8985 38E5FFFF
0043AD49 |. 0F8C 15040000
0043AD4F |. 83BD 20E5FFFF
0043AD56 |. 0F84 CD000000
0043AD5C |. 6A 00
ped = NULL
0043AD5E |. 8D85 3CE5FFFF
0043AD64 |. 50
itten => OFFSET LOCAL.1713
0043AD65 |. 6A 01
0043AD67 |. 8D45 F4
0043AD6A |. 50
> OFFSET LOCAL.3
0043AD6B |. 8B85 28E5FFFF
0043AD71 |. 8B00
0043AD73 |. C645 F4 0D
0043AD77 |. FF3407
0043AD7A |. FF15 BC814400
.WriteFile
0043AD80 |. 85C0
0043AD82 |. 0F84 D0030000
0043AD88 |. 83BD 3CE5FFFF
0043AD8F |. 0F8C CF030000
0043AD95 |. FF85 30E5FFFF
0043AD9B |. FF85 38E5FFFF
0043ADA1 |. E9 83000000
0043ADA6 |> 3C 01
0043ADA8 |. 74 04
0043ADAA |. 3C 02
0043ADAC |. 75 21
0043ADAE |> 0FB733
0043ADB1 |. 33C9
0043ADB3 |. 66:83FE 0A
0043ADB7 |. 0F94C1
0043ADBA |. 43
0043ADBB |. 43
0043ADBC |. 8385 44E5FFFF

|MOV ESI,EAX
|TEST ESI,ESI
|JE 0043B164
|PUSH 0

; /pOverlap

|LEA EAX,[LOCAL.1713]
|PUSH EAX

; |
; |pBytesWr

|PUSH ESI
|LEA EAX,[LOCAL.3]
|PUSH EAX

; |Size
; |
; |Buffer =

|MOV EAX,DWORD PTR SS:[LOCAL.1718]


|MOV EAX,DWORD PTR DS:[EAX]
|PUSH DWORD PTR DS:[EAX+EDI]
|CALL DWORD PTR DS:[<&KERNEL32.WriteFile

;
;
;
;

|TEST EAX,EAX
|JE 0043B158
|MOV EAX,DWORD
|MOV ECX,DWORD
|ADD EAX,ECX
|CMP DWORD PTR
|MOV DWORD PTR
|JL 0043B164
|CMP DWORD PTR
|JE 0043AE29
|PUSH 0

; /pOverlap

|
|
|hFile
\KERNEL32

PTR SS:[LOCAL.1711]
PTR SS:[LOCAL.1716]
SS:[LOCAL.1713],ESI
SS:[LOCAL.1714],EAX
SS:[LOCAL.1720],0

|LEA EAX,[LOCAL.1713]
|PUSH EAX

; |
; |pBytesWr

|PUSH 1
|LEA EAX,[LOCAL.3]
|PUSH EAX

; |Size = 1
; |
; |Buffer =

|MOV EAX,DWORD PTR SS:[LOCAL.1718]


|MOV EAX,DWORD PTR DS:[EAX]
|MOV BYTE PTR SS:[LOCAL.3],0D
|PUSH DWORD PTR DS:[EAX+EDI]
|CALL DWORD PTR DS:[<&KERNEL32.WriteFile

;
;
;
;
;

|TEST EAX,EAX
|JE 0043B158
|CMP DWORD PTR SS:[LOCAL.1713],1
|JL 0043B164
|INC DWORD PTR SS:[LOCAL.1716]
|INC DWORD PTR SS:[LOCAL.1714]
|JMP 0043AE29
|CMP AL,1
|JE SHORT 0043ADAE
|CMP AL,2
|JNE SHORT 0043ADCF
|MOVZX ESI,WORD PTR DS:[EBX]
|XOR ECX,ECX
|CMP SI,0A
|SETE CL
|INC EBX
|INC EBX
|ADD DWORD PTR SS:[LOCAL.1711],2

|
|
|
|hFile
\KERNEL32

0043ADC3 |.
0043ADC9 |.
0043ADCF |>
0043ADD1 |.
0043ADD3 |.
0043ADD5 |.
0043ADD7 |>
[LOCAL.1712]
0043ADDD |.
fo.004408D7
0043ADE2 |.
0043ADE3 |.
0043ADEA |.
0043ADF0 |.
0043ADF7 |.
0043ADFE |.
0043AE00 |.
0043AE02 |.
0043AE03 |.
0D
0043AE04 |.
0043AE0A |.
fo.004408D7
0043AE0F |.
0043AE10 |.
0043AE17 |.
0043AE1D |.
0043AE23 |.
0043AE29 |>
0043AE2C |.
0043AE32 |.^
0043AE38 |.
0043AE3D |>
0043AE3F |.
0043AE41 |.
0043AE47 |.
0043AE4B |.
0043AE4D |.
0043AE51 |.
0043AE56 |>
0043AE58 |>
0043AE5A |.
0043AE5C |.
0043AE60 |.
0043AE66 |.
0043AE6C |.
0043AE72 |.
0043AE74 |.
0043AE7A |.
0043AE80 |.
0043AE83 |.
0043AE89 |.
0043AE8B |>
0043AE91 |>
0043AE97 |.
0043AE9E |.
0043AEA4 |.
0043AEAA |>
0043AEAD |.
0043AEAF |.

89B5 40E5FFFF
898D 20E5FFFF
3C 01
74 04
3C 02
75 52
FFB5 40E5FFFF

|MOV DWORD PTR SS:[LOCAL.1712],ESI


|MOV DWORD PTR SS:[LOCAL.1720],ECX
|CMP AL,1
|JE SHORT 0043ADD7
|CMP AL,2
|JNE SHORT 0043AE29
|PUSH DWORD PTR SS:[LOCAL.1712]

; /Arg1 =>

E8 F55A0000

|CALL 004408D7

; \SystemIn

59
66:3B85 40E5F
0F85 68030000
8385 38E5FFFF
83BD 20E5FFFF
74 29
6A 0D
58
50

|POP ECX
|CMP AX,WORD PTR SS:[LOCAL.1712]
|JNE 0043B158
|ADD DWORD PTR SS:[LOCAL.1714],2
|CMP DWORD PTR SS:[LOCAL.1720],0
|JE SHORT 0043AE29
|PUSH 0D
|POP EAX
|PUSH EAX

; /Arg1 =>

8985 40E5FFFF |MOV DWORD PTR SS:[LOCAL.1712],EAX


E8 C85A0000 |CALL 004408D7
59
66:3B85 40E5F
0F85 3B030000
FF85 38E5FFFF
FF85 30E5FFFF
8B45 10
3985 44E5FFFF
0F82 F9FDFFFF
E9 27030000
8B0E
8A13
FF85 38E5FFFF
88540F 34
8B0E
89440F 38
E9 0E030000
33C9
8B06
03C7
F640 04 80
0F84 BF020000
8B85 34E5FFFF
898D 40E5FFFF
84DB
0F85 CA000000
8985 3CE5FFFF
394D 10
0F86 20030000
EB 06
8BB5 28E5FFFF
8B8D 3CE5FFFF
83A5 44E5FFFF
2B8D 34E5FFFF
8D85 48E5FFFF
3B4D 10
73 39
8B95 3CE5FFFF

|POP ECX
|CMP AX,WORD PTR SS:[LOCAL.1712]
|JNE 0043B158
|INC DWORD PTR SS:[LOCAL.1714]
|INC DWORD PTR SS:[LOCAL.1716]
|MOV EAX,DWORD PTR SS:[ARG.3]
|CMP DWORD PTR SS:[LOCAL.1711],EAX
\JB 0043AC31
JMP 0043B164
MOV ECX,DWORD PTR DS:[ESI]
MOV DL,BYTE PTR DS:[EBX]
INC DWORD PTR SS:[LOCAL.1714]
MOV BYTE PTR DS:[ECX+EDI+34],DL
MOV ECX,DWORD PTR DS:[ESI]
MOV DWORD PTR DS:[ECX+EDI+38],EAX
JMP 0043B164
XOR ECX,ECX
MOV EAX,DWORD PTR DS:[ESI]
ADD EAX,EDI
TEST BYTE PTR DS:[EAX+4],80
JE 0043B125
MOV EAX,DWORD PTR SS:[LOCAL.1715]
MOV DWORD PTR SS:[LOCAL.1712],ECX
TEST BL,BL
JNE 0043AF44
MOV DWORD PTR SS:[LOCAL.1713],EAX
CMP DWORD PTR SS:[ARG.3],ECX
JBE 0043B1A9
JMP SHORT 0043AE91
/MOV ESI,DWORD PTR SS:[LOCAL.1718]
|MOV ECX,DWORD PTR SS:[LOCAL.1713]
|AND DWORD PTR SS:[LOCAL.1711],00000000
|SUB ECX,DWORD PTR SS:[LOCAL.1715]
|LEA EAX,[LOCAL.1710]
|/CMP ECX,DWORD PTR SS:[ARG.3]
||JNB SHORT 0043AEE8
||MOV EDX,DWORD PTR SS:[LOCAL.1713]

; |
; \SystemIn

0043AEB5 |. FF85 3CE5FFFF


0043AEBB |. 8A12
0043AEBD |. 41
0043AEBE |. 80FA 0A
0043AEC1 |. 75 10
0043AEC3 |. FF85 30E5FFFF
0043AEC9 |. C600 0D
0043AECC |. 40
0043AECD |. FF85 44E5FFFF
0043AED3 |> 8810
0043AED5 |. 40
0043AED6 |. FF85 44E5FFFF
0043AEDC |. 81BD 44E5FFFF
0043AEE6 |.^ 72 C2
0043AEE8 |> 8BD8
0043AEEA |. 8D85 48E5FFFF
0043AEF0 |. 2BD8
0043AEF2 |. 6A 00
ped = NULL
0043AEF4 |. 8D85 2CE5FFFF
0043AEFA |. 50
itten => OFFSET LOCAL.1717
0043AEFB |. 53
0043AEFC |. 8D85 48E5FFFF
0043AF02 |. 50
> OFFSET LOCAL.1710
0043AF03 |. 8B06
0043AF05 |. FF3407
0043AF08 |. FF15 BC814400
.WriteFile
0043AF0E |. 85C0
0043AF10 |. 0F84 42020000
0043AF16 |. 8B85 2CE5FFFF
0043AF1C |. 0185 38E5FFFF
0043AF22 |. 3BC3
0043AF24 |. 0F8C 3A020000
0043AF2A |. 8B85 3CE5FFFF
0043AF30 |. 2B85 34E5FFFF
0043AF36 |. 3B45 10
0043AF39 |.^ 0F82 4CFFFFFF
0043AF3F |. E9 20020000
0043AF44 |> 8985 44E5FFFF
0043AF4A |. 80FB 02
0043AF4D |. 0F85 D1000000
0043AF53 |. 394D 10
0043AF56 |. 0F86 4D020000
0043AF5C |. EB 06
0043AF5E |> 8BB5 28E5FFFF
0043AF64 |> 8B8D 44E5FFFF
0043AF6A |. 83A5 3CE5FFFF
0043AF71 |. 2B8D 34E5FFFF
0043AF77 |. 8D85 48E5FFFF
0043AF7D |> 3B4D 10
0043AF80 |. 73 46
0043AF82 |. 8B95 44E5FFFF
0043AF88 |. 8385 44E5FFFF
0043AF8F |. 0FB712
0043AF92 |. 41
0043AF93 |. 41
0043AF94 |. 66:83FA 0A

||INC DWORD PTR SS:[LOCAL.1713]


||MOV DL,BYTE PTR DS:[EDX]
||INC ECX
||CMP DL,0A
||JNE SHORT 0043AED3
||INC DWORD PTR SS:[LOCAL.1716]
||MOV BYTE PTR DS:[EAX],0D
||INC EAX
||INC DWORD PTR SS:[LOCAL.1711]
||MOV BYTE PTR DS:[EAX],DL
||INC EAX
||INC DWORD PTR SS:[LOCAL.1711]
||CMP DWORD PTR SS:[LOCAL.1711],13FF
|\JB SHORT 0043AEAA
|MOV EBX,EAX
|LEA EAX,[LOCAL.1710]
|SUB EBX,EAX
|PUSH 0

; /pOverlap

|LEA EAX,[LOCAL.1717]
|PUSH EAX

; |
; |pBytesWr

|PUSH EBX
|LEA EAX,[LOCAL.1710]
|PUSH EAX

; |Size
; |
; |Buffer =

|MOV EAX,DWORD PTR DS:[ESI]


; |
|PUSH DWORD PTR DS:[EAX+EDI]
; |hFile
|CALL DWORD PTR DS:[<&KERNEL32.WriteFile ; \KERNEL32
|TEST EAX,EAX
|JE 0043B158
|MOV EAX,DWORD PTR SS:[LOCAL.1717]
|ADD DWORD PTR SS:[LOCAL.1714],EAX
|CMP EAX,EBX
|JL 0043B164
|MOV EAX,DWORD PTR SS:[LOCAL.1713]
|SUB EAX,DWORD PTR SS:[LOCAL.1715]
|CMP EAX,DWORD PTR SS:[ARG.3]
\JB 0043AE8B
JMP 0043B164
MOV DWORD PTR SS:[LOCAL.1711],EAX
CMP BL,2
JNE 0043B024
CMP DWORD PTR SS:[ARG.3],ECX
JBE 0043B1A9
JMP SHORT 0043AF64
/MOV ESI,DWORD PTR SS:[LOCAL.1718]
|MOV ECX,DWORD PTR SS:[LOCAL.1711]
|AND DWORD PTR SS:[LOCAL.1713],00000000
|SUB ECX,DWORD PTR SS:[LOCAL.1715]
|LEA EAX,[LOCAL.1710]
|/CMP ECX,DWORD PTR SS:[ARG.3]
||JNB SHORT 0043AFC8
||MOV EDX,DWORD PTR SS:[LOCAL.1711]
||ADD DWORD PTR SS:[LOCAL.1711],2
||MOVZX EDX,WORD PTR DS:[EDX]
||INC ECX
||INC ECX
||CMP DX,0A

0043AF98 |. 75 16
0043AF9A |. 8385 30E5FFFF
0043AFA1 |. 6A 0D
0043AFA3 |. 5B
0043AFA4 |. 66:8918
0043AFA7 |. 40
0043AFA8 |. 40
0043AFA9 |. 8385 3CE5FFFF
0043AFB0 |> 8385 3CE5FFFF
0043AFB7 |. 66:8910
0043AFBA |. 40
0043AFBB |. 40
0043AFBC |. 81BD 3CE5FFFF
0043AFC6 |.^ 72 B5
0043AFC8 |> 8BD8
0043AFCA |. 8D85 48E5FFFF
0043AFD0 |. 2BD8
0043AFD2 |. 6A 00
ped = NULL
0043AFD4 |. 8D85 2CE5FFFF
0043AFDA |. 50
itten => OFFSET LOCAL.1717
0043AFDB |. 53
0043AFDC |. 8D85 48E5FFFF
0043AFE2 |. 50
> OFFSET LOCAL.1710
0043AFE3 |. 8B06
0043AFE5 |. FF3407
0043AFE8 |. FF15 BC814400
.WriteFile
0043AFEE |. 85C0
0043AFF0 |. 0F84 62010000
0043AFF6 |. 8B85 2CE5FFFF
0043AFFC |. 0185 38E5FFFF
0043B002 |. 3BC3
0043B004 |. 0F8C 5A010000
0043B00A |. 8B85 44E5FFFF
0043B010 |. 2B85 34E5FFFF
0043B016 |. 3B45 10
0043B019 |.^ 0F82 3FFFFFFF
0043B01F |. E9 40010000
0043B024 |> 394D 10
0043B027 |. 0F86 7C010000
0043B02D |> 8B8D 44E5FFFF
0043B033 |. 83A5 3CE5FFFF
0043B03A |. 2B8D 34E5FFFF
0043B040 |. 6A 02
0043B042 |. 8D85 48F9FFFF
0043B048 |. 5E
0043B049 |> 3B4D 10
0043B04C |. 73 3C
0043B04E |. 8B95 44E5FFFF
0043B054 |. 0FB712
0043B057 |. 01B5 44E5FFFF
0043B05D |. 03CE
0043B05F |. 66:83FA 0A
0043B063 |. 75 0E
0043B065 |. 6A 0D
0043B067 |. 5B
0043B068 |. 66:8918

||JNE SHORT 0043AFB0


||ADD DWORD PTR SS:[LOCAL.1716],2
||PUSH 0D
||POP EBX
||MOV WORD PTR DS:[EAX],BX
||INC EAX
||INC EAX
||ADD DWORD PTR SS:[LOCAL.1713],2
||ADD DWORD PTR SS:[LOCAL.1713],2
||MOV WORD PTR DS:[EAX],DX
||INC EAX
||INC EAX
||CMP DWORD PTR SS:[LOCAL.1713],13FE
|\JB SHORT 0043AF7D
|MOV EBX,EAX
|LEA EAX,[LOCAL.1710]
|SUB EBX,EAX
|PUSH 0

; /pOverlap

|LEA EAX,[LOCAL.1717]
|PUSH EAX

; |
; |pBytesWr

|PUSH EBX
|LEA EAX,[LOCAL.1710]
|PUSH EAX

; |Size
; |
; |Buffer =

|MOV EAX,DWORD PTR DS:[ESI]


; |
|PUSH DWORD PTR DS:[EAX+EDI]
; |hFile
|CALL DWORD PTR DS:[<&KERNEL32.WriteFile ; \KERNEL32
|TEST EAX,EAX
|JE 0043B158
|MOV EAX,DWORD PTR SS:[LOCAL.1717]
|ADD DWORD PTR SS:[LOCAL.1714],EAX
|CMP EAX,EBX
|JL 0043B164
|MOV EAX,DWORD PTR SS:[LOCAL.1711]
|SUB EAX,DWORD PTR SS:[LOCAL.1715]
|CMP EAX,DWORD PTR SS:[ARG.3]
\JB 0043AF5E
JMP 0043B164
CMP DWORD PTR SS:[ARG.3],ECX
JBE 0043B1A9
/MOV ECX,DWORD PTR SS:[LOCAL.1711]
|AND DWORD PTR SS:[LOCAL.1713],00000000
|SUB ECX,DWORD PTR SS:[LOCAL.1715]
|PUSH 2
|LEA EAX,[LOCAL.430]
|POP ESI
|/CMP ECX,DWORD PTR SS:[ARG.3]
||JNB SHORT 0043B08A
||MOV EDX,DWORD PTR SS:[LOCAL.1711]
||MOVZX EDX,WORD PTR DS:[EDX]
||ADD DWORD PTR SS:[LOCAL.1711],ESI
||ADD ECX,ESI
||CMP DX,0A
||JNE SHORT 0043B073
||PUSH 0D
||POP EBX
||MOV WORD PTR DS:[EAX],BX

0043B06B |. 03C6
0043B06D |. 01B5 3CE5FFFF
0043B073 |> 01B5 3CE5FFFF
0043B079 |. 66:8910
0043B07C |. 03C6
0043B07E |. 81BD 3CE5FFFF
0043B088 |.^ 72 BF
0043B08A |> 33F6
0043B08C |. 56
harUsed => NULL
0043B08D |. 56
har => NULL
0043B08E |. 68 550D0000
nt = 3413.
0043B093 |. 8D8D F0EBFFFF
0043B099 |. 51
e => OFFSET LOCAL.1284
0043B09A |. 8D8D 48F9FFFF
0043B0A0 |. 2BC1
0043B0A2 |. 99
0043B0A3 |. 2BC2
0043B0A5 |. D1F8
0043B0A7 |. 50
t
0043B0A8 |. 8BC1
0043B0AA |. 50
=> OFFSET LOCAL.430
0043B0AB |. 56
0
0043B0AC |. 68 E9FD0000
= CP_UTF8
0043B0B1 |. FF15 38814400
.WideCharToMultiByte
0043B0B7 |. 8BD8
0043B0B9 |. 3BDE
0043B0BB |. 0F84 97000000
0043B0C1 |> 6A 00
ped = NULL
0043B0C3 |. 8D85 2CE5FFFF
0043B0C9 |. 50
itten => OFFSET LOCAL.1717
0043B0CA |. 8BC3
0043B0CC |. 2BC6
0043B0CE |. 50
0043B0CF |. 8D8435 F0EBFF
0043B0D6 |. 50
0043B0D7 |. 8B85 28E5FFFF
0043B0DD |. 8B00
0043B0DF |. FF3407
0043B0E2 |. FF15 BC814400
.WriteFile
0043B0E8 |. 85C0
0043B0EA |. 74 0C
0043B0EC |. 03B5 2CE5FFFF
0043B0F2 |. 3BDE
0043B0F4 |.^ 7F CB
0043B0F6 |. EB 0C
0043B0F8 |> FF15 58804400
.GetLastError
0043B0FE |. 8985 40E5FFFF

||ADD EAX,ESI
||ADD DWORD PTR SS:[LOCAL.1713],ESI
||ADD DWORD PTR SS:[LOCAL.1713],ESI
||MOV WORD PTR DS:[EAX],DX
||ADD EAX,ESI
||CMP DWORD PTR SS:[LOCAL.1713],6A8
|\JB SHORT 0043B049
|XOR ESI,ESI
|PUSH ESI

; /DefaultC

|PUSH ESI

; |DefaultC

|PUSH 0D55

; |MultiCou

|LEA ECX,[LOCAL.1284]
|PUSH ECX

; |
; |MultiByt

|LEA ECX,[LOCAL.430]
|SUB EAX,ECX
|CDQ
|SUB EAX,EDX
|SAR EAX,1
|PUSH EAX

;
;
;
;
;
;

|MOV EAX,ECX
|PUSH EAX

; |
; |WideChar

|PUSH ESI

; |Flags =>

|PUSH 0FDE9

; |CodePage

|
|
|
|
|
|WideCoun

|CALL DWORD PTR DS:[<&KERNEL32.WideCharT ; \KERNEL32


|MOV EBX,EAX
|CMP EBX,ESI
|JE 0043B158
|/PUSH 0

; /pOverlap

||LEA EAX,[LOCAL.1717]
||PUSH EAX

; |
; |pBytesWr

||MOV EAX,EBX
||SUB EAX,ESI
||PUSH EAX
||LEA EAX,[ESI+EBP-1410]
||PUSH EAX
||MOV EAX,DWORD PTR SS:[LOCAL.1718]
||MOV EAX,DWORD PTR DS:[EAX]
||PUSH DWORD PTR DS:[EAX+EDI]
||CALL DWORD PTR DS:[<&KERNEL32.WriteFil

;
;
;
;
;
;
;
;
;

|
|
|Size
|
|Buffer
|
|
|hFile
\KERNEL32

||TEST EAX,EAX
||JE SHORT 0043B0F8
||ADD ESI,DWORD PTR SS:[LOCAL.1717]
||CMP EBX,ESI
|\JG SHORT 0043B0C1
|JMP SHORT 0043B104
|CALL DWORD PTR DS:[<&KERNEL32.GetLastEr ; [KERNEL32
|MOV DWORD PTR SS:[LOCAL.1712],EAX

0043B104 |> 3BDE


0043B106 |. 7F 5C
0043B108 |. 8B85 44E5FFFF
0043B10E |. 2B85 34E5FFFF
0043B114 |. 8985 38E5FFFF
0043B11A |. 3B45 10
0043B11D |.^ 0F82 0AFFFFFF
0043B123 |. EB 3F
0043B125 |> 6A 00
ped = NULL
0043B127 |. 8D8D 2CE5FFFF
0043B12D |. 51
itten => OFFSET LOCAL.1717
0043B12E |. FF75 10
[ARG.3]
0043B131 |. FFB5 34E5FFFF
> [LOCAL.1715]
0043B137 |. FF30
0043B139 |. FF15 BC814400
.WriteFile
0043B13F |. 85C0
0043B141 |. 74 15
0043B143 |. 8B85 2CE5FFFF
0043B149 |. 83A5 40E5FFFF
0043B150 |. 8985 38E5FFFF
0043B156 |. EB 0C
0043B158 |> FF15 58804400
.GetLastError
0043B15E |. 8985 40E5FFFF
0043B164 |> 83BD 38E5FFFF
0043B16B |. 75 6C
0043B16D |> 83BD 40E5FFFF
0043B174 |. 74 2D
0043B176 |. 6A 05
0043B178 |. 5E
0043B179 |. 39B5 40E5FFFF
0043B17F |. 75 14
0043B181 |. E8 7792FFFF
fo.004343FD
0043B186 |. C700 09000000
0043B18C |. E8 7F92FFFF
fo.00434410
0043B191 |. 8930
0043B193 |. EB 3F
0043B195 |> FFB5 40E5FFFF
[LOCAL.1712]
0043B19B |. E8 8392FFFF
fo.00434423
0043B1A0 |. 59
0043B1A1 |. EB 31
0043B1A3 |> 8BB5 28E5FFFF
0043B1A9 |> 8B06
0043B1AB |. F64407 04 40
0043B1B0 |. 74 0F
0043B1B2 |. 8B85 34E5FFFF
0043B1B8 |. 8038 1A
0043B1BB |. 75 04
0043B1BD |. 33C0
0043B1BF |. EB 24
0043B1C1 |> E8 3792FFFF

|CMP EBX,ESI
|JG SHORT 0043B164
|MOV EAX,DWORD PTR SS:[LOCAL.1711]
|SUB EAX,DWORD PTR SS:[LOCAL.1715]
|MOV DWORD PTR SS:[LOCAL.1714],EAX
|CMP EAX,DWORD PTR SS:[ARG.3]
\JB 0043B02D
JMP SHORT 0043B164
PUSH 0

; /pOverlap

LEA ECX,[LOCAL.1717]
PUSH ECX

; |
; |pBytesWr

PUSH DWORD PTR SS:[ARG.3]

; |Size =>

PUSH DWORD PTR SS:[LOCAL.1715]

; |Buffer =

PUSH DWORD PTR DS:[EAX]


; |hFile
CALL DWORD PTR DS:[<&KERNEL32.WriteFile> ; \KERNEL32
TEST EAX,EAX
JE SHORT 0043B158
MOV EAX,DWORD PTR SS:[LOCAL.1717]
AND DWORD PTR SS:[LOCAL.1712],00000000
MOV DWORD PTR SS:[LOCAL.1714],EAX
JMP SHORT 0043B164
CALL DWORD PTR DS:[<&KERNEL32.GetLastErr ; [KERNEL32
MOV DWORD PTR SS:[LOCAL.1712],EAX
CMP DWORD PTR SS:[LOCAL.1714],0
JNE SHORT 0043B1D9
CMP DWORD PTR SS:[LOCAL.1712],0
JE SHORT 0043B1A3
PUSH 5
POP ESI
CMP DWORD PTR SS:[LOCAL.1712],ESI
JNE SHORT 0043B195
CALL 004343FD

; [SystemIn

MOV DWORD PTR DS:[EAX],9


CALL 00434410

; [SystemIn

MOV DWORD PTR DS:[EAX],ESI


JMP SHORT 0043B1D4
PUSH DWORD PTR SS:[LOCAL.1712]

; /Arg1 =>

CALL 00434423

; \SystemIn

POP ECX
JMP SHORT 0043B1D4
MOV ESI,DWORD PTR SS:[LOCAL.1718]
MOV EAX,DWORD PTR DS:[ESI]
TEST BYTE PTR DS:[EAX+EDI+4],40
JE SHORT 0043B1C1
MOV EAX,DWORD PTR SS:[LOCAL.1715]
CMP BYTE PTR DS:[EAX],1A
JNE SHORT 0043B1C1
XOR EAX,EAX
JMP SHORT 0043B1E5
CALL 004343FD

; [SystemIn

fo.004343FD
0043B1C6 |.
0043B1CC |.
fo.00434410
0043B1D1 |.
0043B1D4 |>
0043B1D7 |.
0043B1D9 |>
0043B1DF |.
0043B1E5 |>
0043B1E6 |.
0043B1E7 |>
0043B1EA |.
0043B1EC |.
0043B1ED |.
0043B1F2 |.
0043B1F3 \.
0043B1F4 /$
0043B1F6 |.
0043B1FB |.
0043B200 |.
0043B203 |.
0043B206 |.
0043B208 |.
fo.00434410
0043B20D |.
0043B210 |.
fo.004343FD
0043B215 |.
0043B21B |>
0043B21E |.
0043B223 |>
0043B225 |.
0043B227 |.
0043B229 |.
0043B22F |.
0043B231 |>
fo.00434410
0043B236 |.
0043B238 |.
fo.004343FD
0043B23D |.
0043B243 |.
0043B244 |.
0043B245 |.
0043B246 |.
0043B247 |.
0043B248 |.
fo.0042E862
0043B24D |.
0043B250 |.^
0043B252 |>
0043B254 |.
0043B257 |.
0043B25E |.
0043B260 |.
0043B263 |.
0043B266 |.
0043B268 |.
0043B26D |.

C700 1C000000 MOV DWORD PTR DS:[EAX],1C


E8 3F92FFFF CALL 00434410

; [SystemIn

8320 00
83C8 FF
EB 0C
8B85 38E5FFFF
2B85 30E5FFFF
5F
5B
8B4D FC
33CD
5E
E8 FF34FFFF
C9
C3
6A 10
68 68F44400
E8 ECD7FFFF
8B45 08
83F8 FE
75 1B
E8 0392FFFF

AND DWORD PTR DS:[EAX],00000000


OR EAX,FFFFFFFF
JMP SHORT 0043B1E5
MOV EAX,DWORD PTR SS:[LOCAL.1714]
SUB EAX,DWORD PTR SS:[LOCAL.1716]
POP EDI
POP EBX
MOV ECX,DWORD PTR SS:[LOCAL.1]
XOR ECX,EBP
POP ESI
CALL 0042E6F1
LEAVE
RETN
PUSH 10
PUSH OFFSET 0044F468
CALL 004389EC
MOV EAX,DWORD PTR SS:[EBP+8]
CMP EAX,-2
JNE SHORT 0043B223
CALL 00434410

; [SystemIn

8320 00
E8 E891FFFF

AND DWORD PTR DS:[EAX],00000000


CALL 004343FD

; [SystemIn

C700 09000000
83C8 FF
E9 9D000000
33FF
3BC7
7C 08
3B05 98374500
72 21
E8 DA91FFFF

MOV DWORD PTR DS:[EAX],9


OR EAX,FFFFFFFF
JMP 0043B2C0
XOR EDI,EDI
CMP EAX,EDI
JL SHORT 0043B231
CMP EAX,DWORD PTR DS:[453798]
JB SHORT 0043B252
CALL 00434410

; [SystemIn

8938
E8 C091FFFF

MOV DWORD PTR DS:[EAX],EDI


CALL 004343FD

; [SystemIn

C700 09000000
57
57
57
57
57
E8 1536FFFF

MOV DWORD PTR DS:[EAX],9


PUSH EDI
PUSH EDI
PUSH EDI
PUSH EDI
PUSH EDI
CALL 0042E862

;
;
;
;
;
;

83C4 14
EB C9
8BC8
C1F9 05
8D1C8D A03745
8BF0
83E6 1F
C1E6 06
8B0B
0FBE4C31 04
83E1 01

ADD ESP,14
JMP SHORT 0043B21B
MOV ECX,EAX
SAR ECX,5
LEA EBX,[ECX*4+4537A0]
MOV ESI,EAX
AND ESI,0000001F
SHL ESI,6
MOV ECX,DWORD PTR DS:[EBX]
MOVSX ECX,BYTE PTR DS:[ESI+ECX+4]
AND ECX,00000001

/Arg5
|Arg4
|Arg3
|Arg2
|Arg1
\SystemIn

0043B270 |.^ 74 BF
0043B272 |. 50
0043B273 |. E8 A2580000
0043B278 |. 59
0043B279 |. 897D FC
0043B27C |. 8B03
0043B27E |. F64430 04 01
0043B283 |. 74 16
0043B285 |. FF75 10
[ARG.EBP+10]
0043B288 |. FF75 0C
[ARG.EBP+0C]
0043B28B |. FF75 08
[ARG.EBP+8]
0043B28E |. E8 2EF8FFFF
fo.0043AAC1
0043B293 |. 83C4 0C
0043B296 |. 8945 E4
0043B299 |. EB 16
0043B29B |> E8 5D91FFFF
fo.004343FD
0043B2A0 |. C700 09000000
0043B2A6 |. E8 6591FFFF
fo.00434410
0043B2AB |. 8938
0043B2AD |. 834D E4 FF
0043B2B1 |> C745 FC FEFFF
0043B2B8 |. E8 09000000
0043B2BD |. 8B45 E4
0043B2C0 |> E8 6CD7FFFF
0043B2C5 \. C3
0043B2C6 /$ FF75 08
0043B2C9 |. E8 EC580000
0043B2CE |. 59
0043B2CF \. C3
0043B2D0 /$ 8BFF
o.0043B2D0(guessed Arg1)
0043B2D2 |. 55
0043B2D3 |. 8BEC
0043B2D5 |. 8B45 08
0043B2D8 |. 56
0043B2D9 |. 33F6
0043B2DB |. 3BC6
0043B2DD |. 75 1D
0043B2DF |. E8 1991FFFF
fo.004343FD
0043B2E4 |. 56
0043B2E5 |. 56
0043B2E6 |. 56
0043B2E7 |. 56
0043B2E8 |. 56
0043B2E9 |. C700 16000000
0043B2EF |. E8 6E35FFFF
fo.0042E862
0043B2F4 |. 83C4 14
0043B2F7 |. 83C8 FF
0043B2FA |. EB 03
0043B2FC |> 8B40 10
0043B2FF |> 5E
0043B300 |. 5D

JE SHORT 0043B231
PUSH EAX
CALL 00440B1A
POP ECX
MOV DWORD PTR SS:[EBP-4],EDI
MOV EAX,DWORD PTR DS:[EBX]
TEST BYTE PTR DS:[ESI+EAX+4],01
JE SHORT 0043B29B
PUSH DWORD PTR SS:[EBP+10]

; /Arg3 =>

PUSH DWORD PTR SS:[EBP+0C]

; |Arg2 =>

PUSH DWORD PTR SS:[EBP+8]

; |Arg1 =>

CALL 0043AAC1

; \SystemIn

ADD ESP,0C
MOV DWORD PTR SS:[EBP-1C],EAX
JMP SHORT 0043B2B1
CALL 004343FD

; [SystemIn

MOV DWORD PTR DS:[EAX],9


CALL 00434410

; [SystemIn

MOV DWORD PTR DS:[EAX],EDI


OR DWORD PTR SS:[EBP-1C],FFFFFFFF
MOV DWORD PTR SS:[EBP-4],-2
CALL 0043B2C6
MOV EAX,DWORD PTR SS:[EBP-1C]
CALL 00438A31
RETN
PUSH DWORD PTR SS:[EBP+8]
CALL 00440BBA
POP ECX
RETN
MOV EDI,EDI

; SystemInf

PUSH EBP
MOV EBP,ESP
MOV EAX,DWORD PTR SS:[ARG.1]
PUSH ESI
XOR ESI,ESI
CMP EAX,ESI
JNE SHORT 0043B2FC
CALL 004343FD

; [SystemIn

PUSH ESI
PUSH ESI
PUSH ESI
PUSH ESI
PUSH ESI
MOV DWORD PTR DS:[EAX],16
CALL 0042E862

;
;
;
;
;
;
;

ADD ESP,14
OR EAX,FFFFFFFF
JMP SHORT 0043B2FF
MOV EAX,DWORD PTR DS:[EAX+10]
POP ESI
POP EBP

/Arg5
|Arg4
|Arg3
|Arg2
|Arg1
|
\SystemIn

0043B301 \. C3
0043B302 /$ B8 10204500
o.0043B302(guessed void)
0043B307 \. C3
0043B308 /. A1 C0484500
0043B30D |. 56
0043B30E |. 6A 14
0043B310 |. 5E
0043B311 |. 85C0
0043B313 |. 75 07
0043B315 |. B8 00020000
0043B31A |. EB 06
0043B31C |> 3BC6
0043B31E |. 7D 07
0043B320 |. 8BC6
0043B322 |> A3 C0484500
0043B327 |> 6A 04
0043B329 |. 50
0043B32A |. E8 299BFFFF
fo.00434E58
0043B32F |. 59
0043B330 |. 59
0043B331 |. A3 A0384500
0043B336 |. 85C0
0043B338 |. 75 1E
0043B33A |. 6A 04
0043B33C |. 56
14
0043B33D |. 8935 C0484500
0043B343 |. E8 109BFFFF
fo.00434E58
0043B348 |. 59
0043B349 |. 59
0043B34A |. A3 A0384500
0043B34F |. 85C0
0043B351 |. 75 05
0043B353 |. 6A 1A
0043B355 |. 58
0043B356 |. 5E
0043B357 |. C3
0043B358 |> 33D2
0043B35A |. B9 10204500
0043B35F |. EB 05
0043B361 |> A1 A0384500
0043B366 |> 890C02
0043B369 |. 83C1 20
0043B36C |. 83C2 04
0043B36F |. 81F9 90224500
0043B375 |.^ 7C EA
0043B377 |. 6A FE
0043B379 |. 5E
0043B37A |. 33D2
0043B37C |. B9 20204500
0043B381 |. 57
0043B382 |> 8BC2
0043B384 |. C1F8 05
0043B387 |. 8B0485 A03745
0043B38E |. 8BFA
0043B390 |. 83E7 1F
0043B393 |. C1E7 06

RETN
MOV EAX,OFFSET 00452010

; SystemInf

RETN
MOV EAX,DWORD PTR DS:[4548C0]
PUSH ESI
PUSH 14
POP ESI
TEST EAX,EAX
JNE SHORT 0043B31C
MOV EAX,200
JMP SHORT 0043B322
CMP EAX,ESI
JGE SHORT 0043B327
MOV EAX,ESI
MOV DWORD PTR DS:[4548C0],EAX
PUSH 4
PUSH EAX
CALL 00434E58

; /Arg2 = 4
; |Arg1
; \SystemIn

POP ECX
POP ECX
MOV DWORD PTR DS:[4538A0],EAX
TEST EAX,EAX
JNE SHORT 0043B358
PUSH 4
PUSH ESI

; /Arg2 = 4
; |Arg1 =>

MOV DWORD PTR DS:[4548C0],ESI


CALL 00434E58

; |
; \SystemIn

POP ECX
POP ECX
MOV DWORD PTR DS:[4538A0],EAX
TEST EAX,EAX
JNE SHORT 0043B358
PUSH 1A
POP EAX
POP ESI
RETN
XOR EDX,EDX
MOV ECX,OFFSET 00452010
JMP SHORT 0043B366
/MOV EAX,DWORD PTR DS:[4538A0]
|MOV DWORD PTR DS:[EAX+EDX],ECX
|ADD ECX,20
|ADD EDX,4
|CMP ECX,OFFSET 00452290
\JL SHORT 0043B361
PUSH -2
POP ESI
XOR EDX,EDX
MOV ECX,OFFSET 00452020
PUSH EDI
/MOV EAX,EDX
|SAR EAX,5
|MOV EAX,DWORD PTR DS:[EAX*4+4537A0]
|MOV EDI,EDX
|AND EDI,0000001F
|SHL EDI,6

0043B396 |. 8B0407
|MOV EAX,DWORD PTR DS:[EAX+EDI]
0043B399 |. 83F8 FF
|CMP EAX,-1
0043B39C |. 74 08
|JE SHORT 0043B3A6
0043B39E |. 3BC6
|CMP EAX,ESI
0043B3A0 |. 74 04
|JE SHORT 0043B3A6
0043B3A2 |. 85C0
|TEST EAX,EAX
0043B3A4 |. 75 02
|JNE SHORT 0043B3A8
0043B3A6 |> 8931
|MOV DWORD PTR DS:[ECX],ESI
0043B3A8 |> 83C1 20
|ADD ECX,20
0043B3AB |. 42
|INC EDX
0043B3AC |. 81F9 80204500 |CMP ECX,OFFSET 00452080
0043B3B2 |.^ 7C CE
\JL SHORT 0043B382
0043B3B4 |. 5F
POP EDI
0043B3B5 |. 33C0
XOR EAX,EAX
0043B3B7 |. 5E
POP ESI
0043B3B8 \. C3
RETN
0043B3B9 /. E8 247DFFFF CALL 004330E2
0043B3BE |. 803D F8314500 CMP BYTE PTR DS:[4531F8],0
0043B3C5 |. 74 05
JE SHORT 0043B3CC
0043B3C7 |. E8 AF590000 CALL 00440D7B
fo.00440D7B
0043B3CC |> FF35 A0384500 PUSH DWORD PTR DS:[4538A0]
0043B3D2 |. E8 077EFFFF CALL 004331DE
fo.004331DE
0043B3D7 |. 59
POP ECX
0043B3D8 \. C3
RETN
0043B3D9 /$ 8BFF
MOV EDI,EDI
o.0043B3D9(guessed Arg1)
0043B3DB |. 55
PUSH EBP
0043B3DC |. 8BEC
MOV EBP,ESP
0043B3DE |. 56
PUSH ESI
0043B3DF |. 8B75 08
MOV ESI,DWORD PTR SS:[ARG.1]
0043B3E2 |. B8 10204500 MOV EAX,OFFSET 00452010
0043B3E7 |. 3BF0
CMP ESI,EAX
0043B3E9 |. 72 22
JB SHORT 0043B40D
0043B3EB |. 81FE 70224500 CMP ESI,OFFSET 00452270
0043B3F1 |. 77 1A
JA SHORT 0043B40D
0043B3F3 |. 8BCE
MOV ECX,ESI
0043B3F5 |. 2BC8
SUB ECX,EAX
0043B3F7 |. C1F9 05
SAR ECX,5
0043B3FA |. 83C1 10
ADD ECX,10
0043B3FD |. 51
PUSH ECX
0043B3FE |. E8 7DD2FFFF CALL 00438680
fo.00438680
0043B403 |. 814E 0C 00800 OR DWORD PTR DS:[ESI+0C],00008000
0043B40A |. 59
POP ECX
0043B40B |. EB 0A
JMP SHORT 0043B417
0043B40D |> 83C6 20
ADD ESI,20
0043B410 |. 56
PUSH ESI
lSection
0043B411 |. FF15 48814400 CALL DWORD PTR DS:[<&KERNEL32.EnterCriti
lEnterCriticalSection
0043B417 |> 5E
POP ESI
0043B418 |. 5D
POP EBP
0043B419 \. C3
RETN
0043B41A /$ 8BFF
MOV EDI,EDI
o.0043B41A(guessed Arg1,Arg2)
0043B41C |. 55
PUSH EBP
0043B41D |. 8BEC
MOV EBP,ESP
0043B41F |. 8B45 08
MOV EAX,DWORD PTR SS:[ARG.1]

; [SystemIn
; /Arg1 = 0
; \SystemIn

; SystemInf

; /Arg1
; \SystemIn

; /pCritica
; \NTDLL.Rt

; SystemInf

0043B422 |. 83F8 14
0043B425 |. 7D 16
0043B427 |. 83C0 10
0043B42A |. 50
0043B42B |. E8 50D2FFFF
fo.00438680
0043B430 |. 8B45 0C
0043B433 |. 8148 0C 00800
0043B43A |. 59
0043B43B |. 5D
0043B43C |. C3
0043B43D |> 8B45 0C
0043B440 |. 83C0 20
0043B443 |. 50
lSection
0043B444 |. FF15 48814400
lEnterCriticalSection
0043B44A |. 5D
0043B44B \. C3
0043B44C /$ 8BFF
0043B44E |. 55
0043B44F |. 8BEC
0043B451 |. 8B45 08
0043B454 |. B9 10204500
0043B459 |. 3BC1
0043B45B |. 72 1F
0043B45D |. 3D 70224500
0043B462 |. 77 18
0043B464 |. 8160 0C FF7FF
0043B46B |. 2BC1
0043B46D |. C1F8 05
0043B470 |. 83C0 10
0043B473 |. 50
0043B474 |. E8 2DD1FFFF
fo.004385A6
0043B479 |. 59
0043B47A |. 5D
0043B47B |. C3
0043B47C |> 83C0 20
0043B47F |. 50
lSection
0043B480 |. FF15 4C814400
lLeaveCriticalSection
0043B486 |. 5D
0043B487 \. C3
0043B488 /$ 8BFF
0043B48A |. 55
0043B48B |. 8BEC
0043B48D |. 8B4D 08
0043B490 |. 83F9 14
0043B493 |. 8B45 0C
0043B496 |. 7D 13
0043B498 |. 8160 0C FF7FF
0043B49F |. 83C1 10
0043B4A2 |. 51
0043B4A3 |. E8 FED0FFFF
fo.004385A6
0043B4A8 |. 59
0043B4A9 |. 5D
0043B4AA |. C3

CMP EAX,14
JGE SHORT 0043B43D
ADD EAX,10
PUSH EAX
CALL 00438680

; /Arg1
; \SystemIn

MOV EAX,DWORD PTR SS:[ARG.2]


OR DWORD PTR DS:[EAX+0C],00008000
POP ECX
POP EBP
RETN
MOV EAX,DWORD PTR SS:[ARG.2]
ADD EAX,20
PUSH EAX

; /pCritica

CALL DWORD PTR DS:[<&KERNEL32.EnterCriti ; \NTDLL.Rt


POP EBP
RETN
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ECX,OFFSET 00452010
CMP EAX,ECX
JB SHORT 0043B47C
CMP EAX,OFFSET 00452270
JA SHORT 0043B47C
AND DWORD PTR DS:[EAX+0C],FFFF7FFF
SUB EAX,ECX
SAR EAX,5
ADD EAX,10
PUSH EAX
CALL 004385A6

; /Arg1
; \SystemIn

POP ECX
POP EBP
RETN
ADD EAX,20
PUSH EAX

; /pCritica

CALL DWORD PTR DS:[<&KERNEL32.LeaveCriti ; \NTDLL.Rt


POP EBP
RETN
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
MOV ECX,DWORD PTR SS:[ARG.1]
CMP ECX,14
MOV EAX,DWORD PTR SS:[ARG.2]
JGE SHORT 0043B4AB
AND DWORD PTR DS:[EAX+0C],FFFF7FFF
ADD ECX,10
PUSH ECX
CALL 004385A6
POP ECX
POP EBP
RETN

; /Arg1
; \SystemIn

0043B4AB |> 83C0 20


0043B4AE |. 50
lSection
0043B4AF |. FF15 4C814400
lLeaveCriticalSection
0043B4B5 |. 5D
0043B4B6 \. C3
0043B4B7 /$ 6A 54
o.0043B4B7(guessed void)
0043B4B9 |. 68 88F44400
0043B4BE |. E8 29D5FFFF
0043B4C3 |. 33FF
0043B4C5 |. 897D FC
0043B4C8 |. 8D45 9C
0043B4CB |. 50
info => ARG.EBP-64
0043B4CC |. FF15 78814400
.GetStartupInfoA
0043B4D2 |. C745 FC FEFFF
0043B4D9 |. 6A 40
0
0043B4DB |. 6A 20
0043B4DD |. 5E
0043B4DE |. 56
20
0043B4DF |. E8 7499FFFF
fo.00434E58
0043B4E4 |. 59
0043B4E5 |. 59
0043B4E6 |. 3BC7
0043B4E8 |. 0F84 14020000
0043B4EE |. A3 A0374500
0043B4F3 |. 8935 98374500
0043B4F9 |. 8D88 00080000
0043B4FF |. EB 30
0043B501 |> C640 04 00
0043B505 |. 8308 FF
0043B508 |. C640 05 0A
0043B50C |. 8978 08
0043B50F |. C640 24 00
0043B513 |. C640 25 0A
0043B517 |. C640 26 0A
0043B51B |. 8978 38
0043B51E |. C640 34 00
0043B522 |. 83C0 40
0043B525 |. 8B0D A0374500
0043B52B |. 81C1 00080000
0043B531 |> 3BC1
0043B533 |.^ 72 CC
0043B535 |. 66:397D CE
0043B539 |. 0F84 0A010000
0043B53F |. 8B45 D0
0043B542 |. 3BC7
0043B544 |. 0F84 FF000000
0043B54A |. 8B38
0043B54C |. 8D58 04
0043B54F |. 8D043B
0043B552 |. 8945 E4
0043B555 |. BE 00080000
0043B55A |. 3BFE

ADD EAX,20
PUSH EAX

; /pCritica

CALL DWORD PTR DS:[<&KERNEL32.LeaveCriti ; \NTDLL.Rt


POP EBP
RETN
PUSH 54

; SystemInf

PUSH OFFSET 0044F488


CALL 004389EC
XOR EDI,EDI
MOV DWORD PTR SS:[EBP-4],EDI
LEA EAX,[EBP-64]
PUSH EAX

; /pStartup

CALL DWORD PTR DS:[<&KERNEL32.GetStartup ; \KERNEL32


MOV DWORD PTR SS:[EBP-4],-2
PUSH 40

; /Arg2 = 4

PUSH 20
POP ESI
PUSH ESI

; |
; |
; |Arg1 =>

CALL 00434E58

; \SystemIn

POP ECX
POP ECX
CMP EAX,EDI
JE 0043B702
MOV DWORD PTR DS:[4537A0],EAX
MOV DWORD PTR DS:[453798],ESI
LEA ECX,[EAX+800]
JMP SHORT 0043B531
/MOV BYTE PTR DS:[EAX+4],0
|OR DWORD PTR DS:[EAX],FFFFFFFF
|MOV BYTE PTR DS:[EAX+5],0A
|MOV DWORD PTR DS:[EAX+8],EDI
|MOV BYTE PTR DS:[EAX+24],0
|MOV BYTE PTR DS:[EAX+25],0A
|MOV BYTE PTR DS:[EAX+26],0A
|MOV DWORD PTR DS:[EAX+38],EDI
|MOV BYTE PTR DS:[EAX+34],0
|ADD EAX,40
|MOV ECX,DWORD PTR DS:[4537A0]
|ADD ECX,800
|CMP EAX,ECX
\JB SHORT 0043B501
CMP WORD PTR SS:[EBP-32],DI
JE 0043B649
MOV EAX,DWORD PTR SS:[EBP-30]
CMP EAX,EDI
JE 0043B649
MOV EDI,DWORD PTR DS:[EAX]
LEA EBX,[EAX+4]
LEA EAX,[EDI+EBX]
MOV DWORD PTR SS:[EBP-1C],EAX
MOV ESI,800
CMP EDI,ESI

0043B55C |.
0043B55E |.
0043B560 |>
0043B567 |.
0043B569 |>
0
0043B56B |.
0
0043B56D |.
fo.00434E58
0043B572 |.
0043B573 |.
0043B574 |.
0043B576 |.
0043B578 |.
0043B57B |.
0043B582 |.
0043B584 |.
0043B58B |.
0043B591 |.
0043B593 |>
0043B597 |.
0043B59A |.
0043B59E |.
0043B5A2 |.
0043B5A6 |.
0043B5AA |.
0043B5AE |.
0043B5B2 |.
0043B5B6 |.
0043B5B9 |.
0043B5BB |.
0043B5BD |>
0043B5BF |.^
0043B5C1 |.
0043B5C4 |>
0043B5CA |.^
0043B5CC |.
0043B5CE |>
0043B5D4 |>
0043B5D8 |.
0043B5DA |.
0043B5DC |>
0043B5DF |.
0043B5E1 |.
0043B5E4 |.
0043B5E6 |.
0043B5E9 |.
0043B5EB |.
0043B5ED |.
0043B5EF |.
0043B5F1 |.
0043B5F3 |.
0043B5F5 |.
0043B5F6 |.
.GetFileType
0043B5FC |.
0043B5FE |.
0043B600 |>
0043B603 |.

7C 02
JL SHORT 0043B560
8BFE
MOV EDI,ESI
C745 E0 01000 MOV DWORD PTR SS:[EBP-20],1
EB 5B
JMP SHORT 0043B5C4
6A 40
/PUSH 40

; /Arg2 = 4

6A 20

|PUSH 20

; |Arg1 = 2

E8 E698FFFF

|CALL 00434E58

; \SystemIn

59
59
85C0
74 56
8B4D E0
8D0C8D A03745
8901
8305 98374500
8D90 00080000
EB 2A
C640 04 00
8308 FF
C640 05 0A
8360 08 00
8060 24 80
C640 25 0A
C640 26 0A
8360 38 00
C640 34 00
83C0 40
8B11
03D6
3BC2
72 D2
FF45 E0
393D 98374500
7C 9D
EB 06
8B3D 98374500
8365 E0 00
85FF
7E 6D
8B45 E4
8B08
83F9 FF
74 56
83F9 FE
74 51
8A03
A8 01
74 4B
A8 08
75 0B
51
FF15 D0814400

|POP ECX
|POP ECX
|TEST EAX,EAX
|JE SHORT 0043B5CE
|MOV ECX,DWORD PTR SS:[EBP-20]
|LEA ECX,[ECX*4+4537A0]
|MOV DWORD PTR DS:[ECX],EAX
|ADD DWORD PTR DS:[453798],20
|LEA EDX,[EAX+800]
|JMP SHORT 0043B5BD
|/MOV BYTE PTR DS:[EAX+4],0
||OR DWORD PTR DS:[EAX],FFFFFFFF
||MOV BYTE PTR DS:[EAX+5],0A
||AND DWORD PTR DS:[EAX+8],00000000
||AND BYTE PTR DS:[EAX+24],80
||MOV BYTE PTR DS:[EAX+25],0A
||MOV BYTE PTR DS:[EAX+26],0A
||AND DWORD PTR DS:[EAX+38],00000000
||MOV BYTE PTR DS:[EAX+34],0
||ADD EAX,40
||MOV EDX,DWORD PTR DS:[ECX]
||ADD EDX,ESI
||CMP EAX,EDX
|\JB SHORT 0043B593
|INC DWORD PTR SS:[EBP-20]
|CMP DWORD PTR DS:[453798],EDI
\JL SHORT 0043B569
JMP SHORT 0043B5D4
MOV EDI,DWORD PTR DS:[453798]
AND DWORD PTR SS:[EBP-20],00000000
TEST EDI,EDI
JLE SHORT 0043B649
/MOV EAX,DWORD PTR SS:[EBP-1C]
|MOV ECX,DWORD PTR DS:[EAX]
|CMP ECX,-1
|JE SHORT 0043B63C
|CMP ECX,-2
|JE SHORT 0043B63C
|MOV AL,BYTE PTR DS:[EBX]
|TEST AL,01
|JE SHORT 0043B63C
|TEST AL,08
|JNE SHORT 0043B600
|PUSH ECX
; /hFile
|CALL DWORD PTR DS:[<&KERNEL32.GetFileTy ; \KERNEL32

85C0
74 3C
8B75 E0
8BC6

|TEST EAX,EAX
|JE SHORT 0043B63C
|MOV ESI,DWORD PTR SS:[EBP-20]
|MOV EAX,ESI

0043B605 |.
0043B608 |.
0043B60B |.
0043B60E |.
0043B615 |.
0043B618 |.
0043B61A |.
0043B61C |.
0043B61E |.
0043B621 |.
0043B626 |.
0043B629 |.
0043B62A |.
0043B62F |.
0043B630 |.
0043B631 |.
0043B633 |.
0043B639 |.
0043B63C |>
0043B63F |.
0043B640 |.
0043B644 |.
0043B647 |.^
0043B649 |>
0043B64B |>
0043B64D |.
0043B650 |.
0043B656 |.
0043B658 |.
0043B65B |.
0043B65D |.
0043B660 |.
0043B662 |.
0043B666 |.
0043B668 |>
0043B66C |.
0043B66E |.
0043B670 |.
0043B672 |.
0043B673 |.
0043B675 |>
0043B677 |.
0043B678 |.
0043B67A |.
0043B67C |.
0043B67F |>
e
0043B680 |.
.GetStdHandle
0043B686 |.
0043B688 |.
0043B68B |.
0043B68D |.
0043B68F |.
0043B691 |.
0043B692 |.
.GetFileType
0043B698 |.
0043B69A |.
0043B69C |.

C1F8 05
83E6 1F
C1E6 06
033485 A03745
8B45 E4
8B00
8906
8A03
8846 04
68 A00F0000
8D46 0C
50
E8 644A0000
59
59
85C0
0F84 C9000000
FF46 08
FF45 E0
43
8345 E4 04
397D E0
7C 93
33DB
8BF3
C1E6 06
0335 A0374500
8B06
83F8 FF
74 0B
83F8 FE
74 06
804E 04 80
EB 72
C646 04 81
85DB
75 05
6A F6
58
EB 0A
8BC3
48
F7D8
1BC0
83C0 F5
50

|SAR EAX,5
|AND ESI,0000001F
|SHL ESI,6
|ADD ESI,DWORD PTR DS:[EAX*4+4537A0]
|MOV EAX,DWORD PTR SS:[EBP-1C]
|MOV EAX,DWORD PTR DS:[EAX]
|MOV DWORD PTR DS:[ESI],EAX
|MOV AL,BYTE PTR DS:[EBX]
|MOV BYTE PTR DS:[ESI+4],AL
|PUSH 0FA0
|LEA EAX,[ESI+0C]
|PUSH EAX
|CALL 00440093
|POP ECX
|POP ECX
|TEST EAX,EAX
|JE 0043B702
|INC DWORD PTR DS:[ESI+8]
|INC DWORD PTR SS:[EBP-20]
|INC EBX
|ADD DWORD PTR SS:[EBP-1C],4
|CMP DWORD PTR SS:[EBP-20],EDI
\JL SHORT 0043B5DC
XOR EBX,EBX
/MOV ESI,EBX
|SHL ESI,6
|ADD ESI,DWORD PTR DS:[4537A0]
|MOV EAX,DWORD PTR DS:[ESI]
|CMP EAX,-1
|JE SHORT 0043B668
|CMP EAX,-2
|JE SHORT 0043B668
|OR BYTE PTR DS:[ESI+4],80
|JMP SHORT 0043B6DA
|MOV BYTE PTR DS:[ESI+4],81
|TEST EBX,EBX
|JNE SHORT 0043B675
|PUSH -0A
|POP EAX
|JMP SHORT 0043B67F
|MOV EAX,EBX
|DEC EAX
|NEG EAX
|SBB EAX,EAX
|ADD EAX,-0B
|PUSH EAX

; /StdHandl

FF15 CC814400 |CALL DWORD PTR DS:[<&KERNEL32.GetStdHan ; \KERNEL32


8BF8
83FF FF
74 43
85FF
74 3F
57
FF15 D0814400

|MOV EDI,EAX
|CMP EDI,-1
|JE SHORT 0043B6D0
|TEST EDI,EDI
|JE SHORT 0043B6D0
|PUSH EDI
; /hFile
|CALL DWORD PTR DS:[<&KERNEL32.GetFileTy ; \KERNEL32

85C0
74 34
893E

|TEST EAX,EAX
|JE SHORT 0043B6D0
|MOV DWORD PTR DS:[ESI],EDI

0043B69E |. 25 FF000000
0043B6A3 |. 83F8 02
0043B6A6 |. 75 06
0043B6A8 |. 804E 04 40
0043B6AC |. EB 09
0043B6AE |> 83F8 03
0043B6B1 |. 75 04
0043B6B3 |. 804E 04 08
0043B6B7 |> 68 A00F0000
0043B6BC |. 8D46 0C
0043B6BF |. 50
0043B6C0 |. E8 CE490000
0043B6C5 |. 59
0043B6C6 |. 59
0043B6C7 |. 85C0
0043B6C9 |. 74 37
0043B6CB |. FF46 08
0043B6CE |. EB 0A
0043B6D0 |> 804E 04 40
0043B6D4 |. C706 FEFFFFFF
0043B6DA |> 43
0043B6DB |. 83FB 03
0043B6DE |.^ 0F8C 67FFFFFF
0043B6E4 |. FF35 98374500
0
0043B6EA |. FF15 C8814400
.SetHandleCount
0043B6F0 |. 33C0
0043B6F2 \. EB 11
0043B6F4 /. 33C0
0043B6F6 |. 40
0043B6F7 \. C3
0043B6F8 /. 8B65 E8
0043B6FB |. C745 FC FEFFF
0043B702 |> 83C8 FF
0043B705 |> E8 27D3FFFF
0043B70A \. C3
0043B70B /$ 8BFF
o.0043B70B(guessed Arg1)
0043B70D |. 55
0043B70E |. 8BEC
0043B710 |. FF05 04324500
0043B716 |. 68 00100000
000
0043B71B |. E8 F396FFFF
fo.00434E13
0043B720 |. 59
0043B721 |. 8B4D 08
0043B724 |. 8941 08
0043B727 |. 85C0
0043B729 |. 74 0D
0043B72B |. 8349 0C 08
0043B72F |. C741 18 00100
0043B736 |. EB 11
0043B738 |> 8349 0C 04
0043B73C |. 8D41 14
0043B73F |. 8941 08
0043B742 |. C741 18 02000
0043B749 |> 8B41 08
0043B74C |. 8361 04 00

|AND EAX,000000FF
|CMP EAX,2
|JNE SHORT 0043B6AE
|OR BYTE PTR DS:[ESI+4],40
|JMP SHORT 0043B6B7
|CMP EAX,3
|JNE SHORT 0043B6B7
|OR BYTE PTR DS:[ESI+4],08
|PUSH 0FA0
|LEA EAX,[ESI+0C]
|PUSH EAX
|CALL 00440093
|POP ECX
|POP ECX
|TEST EAX,EAX
|JE SHORT 0043B702
|INC DWORD PTR DS:[ESI+8]
|JMP SHORT 0043B6DA
|OR BYTE PTR DS:[ESI+4],40
|MOV DWORD PTR DS:[ESI],-2
|INC EBX
|CMP EBX,3
\JL 0043B64B
PUSH DWORD PTR DS:[453798]

; /Count =

CALL DWORD PTR DS:[<&KERNEL32.SetHandleC ; \KERNEL32


XOR EAX,EAX
JMP SHORT 0043B705
XOR EAX,EAX
INC EAX
RETN
MOV ESP,DWORD PTR SS:[EBP-18]
MOV DWORD PTR SS:[EBP-4],-2
OR EAX,FFFFFFFF
CALL 00438A31
RETN
MOV EDI,EDI

; SystemInf

PUSH EBP
MOV EBP,ESP
INC DWORD PTR DS:[453204]
PUSH 1000

; /Arg1 = 1

CALL 00434E13

; \SystemIn

POP ECX
MOV ECX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR DS:[ECX+8],EAX
TEST EAX,EAX
JE SHORT 0043B738
OR DWORD PTR DS:[ECX+0C],00000008
MOV DWORD PTR DS:[ECX+18],1000
JMP SHORT 0043B749
OR DWORD PTR DS:[ECX+0C],00000004
LEA EAX,[ECX+14]
MOV DWORD PTR DS:[ECX+8],EAX
MOV DWORD PTR DS:[ECX+18],2
MOV EAX,DWORD PTR DS:[ECX+8]
AND DWORD PTR DS:[ECX+4],00000000

0043B750 |.
0043B752 |.
0043B753 \.
0043B754 /$
0043B756 |.
0043B757 |.
0043B759 |.
0043B75A |.
0043B75D |.
0043B75E |.
0043B760 |.
0043B762 |.
0043B764 |.
fo.004343FD
0043B769 |.
0043B76A |.
0043B76B |.
0043B76C |.
0043B76D |.
0043B76E |.
0043B774 |.
fo.0042E862
0043B779 |.
0043B77C |.
0043B781 |>
0043B784 |.
0043B786 |.
0043B78C |.
0043B78E |.
0043B794 |.
0043B796 |.
0043B798 |.
0043B79B |.
0043B79E |.
0043B7A3 |>
0043B7A6 |.
0043B7A9 |.
0043B7AE |.
0043B7B0 |.
[ARG.1]
0043B7B1 |.
fo.0043B70B
0043B7B6 |.
0043B7B7 |.
0043B7B9 |>
0043B7BC |.
0043B7BE |>
0043B7C1 |.
0043B7C4 |.
[ARG.1]
0043B7C5 |.
fo.0043B2D0
0043B7CA |.
0043B7CB |.
0043B7CC |.
0043B7D1 |.
0043B7D4 |.
0043B7D7 |.
0043B7D9 |.
0043B7DF |.

8901
5D
C3
8BFF
55
8BEC
56
8B75 08
57
33FF
3BF7
75 1D
E8 948CFFFF

MOV DWORD PTR DS:[ECX],EAX


POP EBP
RETN
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
PUSH ESI
MOV ESI,DWORD PTR SS:[ARG.1]
PUSH EDI
XOR EDI,EDI
CMP ESI,EDI
JNE SHORT 0043B781
CALL 004343FD

; [SystemIn

57
57
57
57
57
C700 16000000
E8 E930FFFF

PUSH EDI
PUSH EDI
PUSH EDI
PUSH EDI
PUSH EDI
MOV DWORD PTR DS:[EAX],16
CALL 0042E862

;
;
;
;
;
;
;

83C4 14
E9 F7000000
8B46 0C
A8 83
0F84 EC000000
A8 40
0F85 E4000000
A8 02
74 0B
83C8 20
8946 0C
E9 D5000000
83C8 01
8946 0C
A9 0C010000
75 09
56

ADD ESP,14
JMP 0043B878
MOV EAX,DWORD PTR DS:[ESI+0C]
TEST AL,83
JE 0043B878
TEST AL,40
JNE 0043B878
TEST AL,02
JE SHORT 0043B7A3
OR EAX,00000020
MOV DWORD PTR DS:[ESI+0C],EAX
JMP 0043B878
OR EAX,00000001
MOV DWORD PTR DS:[ESI+0C],EAX
TEST EAX,0000010C
JNE SHORT 0043B7B9
PUSH ESI

; /Arg1 =>

E8 55FFFFFF

CALL 0043B70B

; \SystemIn

59
EB 05
8B46 08
8906
FF76 18
FF76 08
56

POP ECX
JMP SHORT 0043B7BE
MOV EAX,DWORD PTR DS:[ESI+8]
MOV DWORD PTR DS:[ESI],EAX
PUSH DWORD PTR DS:[ESI+18]
PUSH DWORD PTR DS:[ESI+8]
PUSH ESI

; /Arg1 =>

E8 06FBFFFF

CALL 0043B2D0

; \SystemIn

59
50
E8 0B5C0000
83C4 0C
8946 04
3BC7
0F84 89000000
83F8 FF

POP ECX
PUSH EAX
CALL 004413DC
ADD ESP,0C
MOV DWORD PTR DS:[ESI+4],EAX
CMP EAX,EDI
JE 0043B868
CMP EAX,-1

/Arg5
|Arg4
|Arg3
|Arg2
|Arg1
|
\SystemIn

0043B7E2 |.
0043B7E8 |.
0043B7EC |.
0043B7EE |.
0043B7EF |.
fo.0043B2D0
0043B7F4 |.
0043B7F5 |.
0043B7F8 |.
0043B7FA |.
0043B7FB |.
fo.0043B2D0
0043B800 |.
0043B801 |.
0043B804 |.
0043B806 |.
0043B807 |.
fo.0043B2D0
0043B80C |.
0043B80F |.
0043B810 |.
0043B817 |.
fo.0043B2D0
0043B81C |.
0043B81F |.
0043B820 |.
0043B823 |.
0043B825 |.
0043B826 |.
0043B828 |>
0043B82D |>
0043B830 |.
0043B832 |.
0043B834 |.
0043B836 |.
0043B83D |>
0043B844 |.
0043B846 |.
0043B849 |.
0043B84B |.
0043B84D |.
0043B852 |.
0043B854 |.
0043B85B |>
0043B85D |.
0043B860 |.
0043B863 |.
0043B864 |.
0043B866 |.
0043B868 |>
0043B86A |.
0043B86C |.
0043B86F |.
0043B872 |.
0043B875 |.
0043B878 |>
0043B87B |>
0043B87C |.
0043B87D |.
0043B87E \.

0F84 80000000
F646 0C 82
75 4F
56
E8 DCFAFFFF

JE 0043B868
TEST BYTE PTR DS:[ESI+0C],82
JNE SHORT 0043B83D
PUSH ESI
CALL 0043B2D0

; /Arg1
; \SystemIn

59
83F8 FF
74 2E
56
E8 D0FAFFFF

POP ECX
CMP EAX,-1
JE SHORT 0043B828
PUSH ESI
CALL 0043B2D0

; /Arg1
; \SystemIn

59
83F8 FE
74 22
56
E8 C4FAFFFF

POP ECX
CMP EAX,-2
JE SHORT 0043B828
PUSH ESI
CALL 0043B2D0

; /Arg1
; \SystemIn

C1F8 05
56
8D3C85 A03745
E8 B4FAFFFF

SAR EAX,5
PUSH ESI
LEA EDI,[EAX*4+4537A0]
CALL 0043B2D0

; /Arg1
; |
; \SystemIn

83E0 1F
59
C1E0 06
0307
59
EB 05
B8 90224500
8A40 04
24 82
3C 82
75 07
814E 0C 00200
817E 18 00020
75 15
8B46 0C
A8 08
74 0E
A9 00040000
75 07
C746 18 00100
8B0E
FF4E 04
0FB601
41
890E
EB 13
F7D8
1BC0
83E0 10
83C0 10
0946 0C
897E 04
83C8 FF
5F
5E
5D
C3

AND EAX,0000001F
POP ECX
SHL EAX,6
ADD EAX,DWORD PTR DS:[EDI]
POP ECX
JMP SHORT 0043B82D
MOV EAX,OFFSET 00452290
MOV AL,BYTE PTR DS:[EAX+4]
AND AL,82
CMP AL,82
JNE SHORT 0043B83D
OR DWORD PTR DS:[ESI+0C],00002000
CMP DWORD PTR DS:[ESI+18],200
JNE SHORT 0043B85B
MOV EAX,DWORD PTR DS:[ESI+0C]
TEST AL,08
JE SHORT 0043B85B
TEST EAX,00000400
JNE SHORT 0043B85B
MOV DWORD PTR DS:[ESI+18],1000
MOV ECX,DWORD PTR DS:[ESI]
DEC DWORD PTR DS:[ESI+4]
MOVZX EAX,BYTE PTR DS:[ECX]
INC ECX
MOV DWORD PTR DS:[ESI],ECX
JMP SHORT 0043B87B
NEG EAX
SBB EAX,EAX
AND EAX,00000010
ADD EAX,10
OR DWORD PTR DS:[ESI+0C],EAX
MOV DWORD PTR DS:[ESI+4],EDI
OR EAX,FFFFFFFF
POP EDI
POP ESI
POP EBP
RETN

0043B87F /$ 8BFF
o.0043B87F(guessed Arg1)
0043B881 |. 55
0043B882 |. 8BEC
0043B884 |. B8 20100000
0043B889 |. E8 722EFFFF
4128. bytes on stack
0043B88E |. A1 A0154500
0043B893 |. 33C5
0043B895 |. 8945 FC
0043B898 |. 53
0043B899 |. 56
0043B89A |. 8B75 08
0043B89D |. 57
0043B89E |. 56
[ARG.1]
0043B89F |. E8 2CFAFFFF
fo.0043B2D0
0043B8A4 |. 8BD8
0043B8A6 |. 33C0
0043B8A8 |. 3946 04
0043B8AB |. 59
0043B8AC |. 899D E8EFFFFF
0043B8B2 |. 7D 03
0043B8B4 |. 8946 04
0043B8B7 |> 6A 01
0043B8B9 |. 50
0
0043B8BA |. 50
0
0043B8BB |. 53
0043B8BC |. E8 83300000
fo.0043E944
0043B8C1 |. 83C4 10
0043B8C4 |. 8BF8
0043B8C6 |. 89BD ECEFFFFF
0043B8CC |. 8995 F0EFFFFF
0043B8D2 |. 85D2
0043B8D4 |. 7F 10
0043B8D6 |. 7C 04
0043B8D8 |. 85FF
0043B8DA |. 73 0A
0043B8DC |> 83C8 FF
0043B8DF |. 0BD0
0043B8E1 |. E9 D6020000
0043B8E6 |> 8BC3
0043B8E8 |. C1F8 05
0043B8EB |. 8D0485 A03745
0043B8F2 |. 83E3 1F
0043B8F5 |. 8985 E4EFFFFF
0043B8FB |. 8B00
0043B8FD |. C1E3 06
0043B900 |. 03C3
0043B902 |. 8A48 24
0043B905 |. 02C9
0043B907 |. D0F9
0043B909 |. F746 0C 08010
0043B910 |. 888D FBEFFFFF
0043B916 |. 75 17
0043B918 |. 8B46 04

MOV EDI,EDI

; SystemInf

PUSH EBP
MOV EBP,ESP
MOV EAX,1020
CALL 0042E700

; Allocates

MOV EAX,DWORD PTR DS:[4515A0]


XOR EAX,EBP
MOV DWORD PTR SS:[LOCAL.1],EAX
PUSH EBX
PUSH ESI
MOV ESI,DWORD PTR SS:[ARG.1]
PUSH EDI
PUSH ESI

; /Arg1 =>

CALL 0043B2D0

; \SystemIn

MOV EBX,EAX
XOR EAX,EAX
CMP DWORD PTR DS:[ESI+4],EAX
POP ECX
MOV DWORD PTR SS:[LOCAL.1030],EBX
JGE SHORT 0043B8B7
MOV DWORD PTR DS:[ESI+4],EAX
PUSH 1
PUSH EAX

; /Arg4 = 1
; |Arg3 =>

PUSH EAX

; |Arg2 =>

PUSH EBX
CALL 0043E944

; |Arg1
; \SystemIn

ADD ESP,10
MOV EDI,EAX
MOV DWORD PTR SS:[LOCAL.1029],EDI
MOV DWORD PTR SS:[LOCAL.1028],EDX
TEST EDX,EDX
JG SHORT 0043B8E6
JL SHORT 0043B8DC
TEST EDI,EDI
JNB SHORT 0043B8E6
OR EAX,FFFFFFFF
OR EDX,EAX
JMP 0043BBBC
MOV EAX,EBX
SAR EAX,5
LEA EAX,[EAX*4+4537A0]
AND EBX,0000001F
MOV DWORD PTR SS:[LOCAL.1031],EAX
MOV EAX,DWORD PTR DS:[EAX]
SHL EBX,6
ADD EAX,EBX
MOV CL,BYTE PTR DS:[EAX+24]
ADD CL,CL
SAR CL,1
TEST DWORD PTR DS:[ESI+0C],00000108
MOV BYTE PTR SS:[LOCAL.1026+3],CL
JNE SHORT 0043B92F
MOV EAX,DWORD PTR DS:[ESI+4]

0043B91B |. 8B8D F0EFFFFF


0043B921 |. 99
0043B922 |. 2BF8
0043B924 |. 1BCA
0043B926 |. 8BC7
0043B928 |. 8BD1
0043B92A |. E9 8D020000
0043B92F |> 8B0E
0043B931 |. 8B56 08
0043B934 |. 8BF9
0043B936 |. 2BFA
0043B938 |. 8B56 0C
0043B93B |. 89BD F4EFFFFF
0043B941 |. F6C2 03
0043B944 |. 0F84 5A010000
0043B94A |. 80BD FBEFFFFF
0043B951 |. 0F85 19010000
0043B957 |. 33D2
0043B959 |. 3950 30
0043B95C |. 0F84 0E010000
0043B962 |. D1EF
0043B964 |. 89BD E0EFFFFF
0043B96A |. 3956 04
0043B96D |. 75 11
0043B96F |. 8B85 ECEFFFFF
0043B975 |. 8B95 F0EFFFFF
0043B97B |. E9 3C020000
0043B980 |> 52
0
0043B981 |. FF70 2C
0043B984 |. FF70 28
0043B987 |. FFB5 E8EFFFFF
[LOCAL.1030]
0043B98D |. E8 B22F0000
fo.0043E944
0043B992 |. 8BF0
0043B994 |. 8B85 E4EFFFFF
0043B99A |. 8B00
0043B99C |. 03C3
0043B99E |. 83C4 10
0043B9A1 |. 8BFA
0043B9A3 |. 3B70 28
0043B9A6 |.^ 0F85 30FFFFFF
0043B9AC |. 3B78 2C
0043B9AF |.^ 0F85 27FFFFFF
0043B9B5 |. 6A 00
ped = NULL
0043B9B7 |. 8D8D F4EFFFFF
0043B9BD |. 51
ad => OFFSET LOCAL.1027
0043B9BE |. 68 00100000
096.
0043B9C3 |. 8D8D FCEFFFFF
0043B9C9 |. 51
> OFFSET LOCAL.1025
0043B9CA |. FF30
0043B9CC |. FF15 D4814400
.ReadFile
0043B9D2 |. 85C0
0043B9D4 |.^ 0F84 02FFFFFF

MOV ECX,DWORD PTR SS:[LOCAL.1028]


CDQ
SUB EDI,EAX
SBB ECX,EDX
MOV EAX,EDI
MOV EDX,ECX
JMP 0043BBBC
MOV ECX,DWORD PTR DS:[ESI]
MOV EDX,DWORD PTR DS:[ESI+8]
MOV EDI,ECX
SUB EDI,EDX
MOV EDX,DWORD PTR DS:[ESI+0C]
MOV DWORD PTR SS:[LOCAL.1027],EDI
TEST DL,03
JE 0043BAA4
CMP BYTE PTR SS:[LOCAL.1026+3],1
JNE 0043BA70
XOR EDX,EDX
CMP DWORD PTR DS:[EAX+30],EDX
JE 0043BA70
SHR EDI,1
MOV DWORD PTR SS:[LOCAL.1032],EDI
CMP DWORD PTR DS:[ESI+4],EDX
JNE SHORT 0043B980
MOV EAX,DWORD PTR SS:[LOCAL.1029]
MOV EDX,DWORD PTR SS:[LOCAL.1028]
JMP 0043BBBC
PUSH EDX

; /Arg4 =>

PUSH DWORD PTR DS:[EAX+2C]


PUSH DWORD PTR DS:[EAX+28]
PUSH DWORD PTR SS:[LOCAL.1030]

; |Arg3
; |Arg2
; |Arg1 =>

CALL 0043E944

; \SystemIn

MOV ESI,EAX
MOV EAX,DWORD
MOV EAX,DWORD
ADD EAX,EBX
ADD ESP,10
MOV EDI,EDX
CMP ESI,DWORD
JNE 0043B8DC
CMP EDI,DWORD
JNE 0043B8DC
PUSH 0

PTR SS:[LOCAL.1031]
PTR DS:[EAX]

PTR DS:[EAX+28]
PTR DS:[EAX+2C]
; /pOverlap

LEA ECX,[LOCAL.1027]
PUSH ECX

; |
; |pBytesRe

PUSH 1000

; |Size = 4

LEA ECX,[LOCAL.1025]
PUSH ECX

; |
; |Buffer =

PUSH DWORD PTR DS:[EAX]


; |hFile
CALL DWORD PTR DS:[<&KERNEL32.ReadFile>] ; \KERNEL32
TEST EAX,EAX
JE 0043B8DC

0043B9DA |.
0043B9DC |.
[LOCAL.1028]
0043B9E2 |.
[LOCAL.1029]
0043B9E8 |.
[LOCAL.1030]
0043B9EE |.
fo.0043E944
0043B9F3 |.
0043B9F6 |.
0043B9F8 |.
0043B9FA |.^
0043BA00 |.
0043BA02 |.^
0043BA08 |>
0043BA0E |.
0043BA14 |.
0043BA16 |.^
0043BA1C |.
0043BA22 |.
0043BA24 |.
0043BA26 |.
0043BA2D |>
0043BA2E |.
0043BA30 |.
0043BA32 |.
0043BA34 |.
0043BA37 |.
0043BA39 |.
0043BA3C |.
0043BA3E |.
0043BA40 |.
0043BA43 |.
0043BA46 |.
0043BA48 |.
0043BA4A |.
0043BA4C |>
0043BA4F |.
0043BA56 |.
0043BA58 |>
0043BA59 |.
0043BA5B |.^
0043BA5D |>
0043BA63 |.
0043BA65 |.
0043BA67 |.
0043BA69 |.
0043BA6B |.
0043BA70 |>
0043BA74 |.
0043BA76 |.
0043BA79 |.
0043BA7B |>
0043BA7E |.
0043BA80 |.
0043BA86 |>
0043BA87 |>
0043BA89 |.^
0043BA8B |>

6A 00
PUSH 0
FFB5 F0EFFFFF PUSH DWORD PTR SS:[LOCAL.1028]

; /Arg4 = 0
; |Arg3 =>

FFB5 ECEFFFFF PUSH DWORD PTR SS:[LOCAL.1029]

; |Arg2 =>

FFB5 E8EFFFFF PUSH DWORD PTR SS:[LOCAL.1030]

; |Arg1 =>

E8 512F0000

CALL 0043E944

; \SystemIn

83C4 10
85D2
7F 0E
0F8C DCFEFFFF
85C0
0F82 D4FEFFFF
8B8D F4EFFFFF
8B9D E0EFFFFF
3BD9
0F87 C0FEFFFF
8D85 FCEFFFFF
85DB
74 37
8D940D FCEFFF
4B
3BC2
73 2B
8A08
80F9 0D
75 13
8D4A FF
3BC1
73 18
8D48 01
8039 0A
75 10
8BC1
EB 0C
0FB6C9
0FBE89 682445
03C1
40
85DB
75 D0
8D8D FCEFFFFF
2BC1
33D2
03C6
13D7
E9 4C010000
F640 04 80
74 15
8B56 08
EB 0C
803A 0A
75 06
FF85 F4EFFFFF
42
3BD1
72 F0
8B95 ECEFFFFF

ADD ESP,10
TEST EDX,EDX
JG SHORT 0043BA08
JL 0043B8DC
TEST EAX,EAX
JB 0043B8DC
MOV ECX,DWORD PTR SS:[LOCAL.1027]
MOV EBX,DWORD PTR SS:[LOCAL.1032]
CMP EBX,ECX
JA 0043B8DC
LEA EAX,[LOCAL.1025]
TEST EBX,EBX
JE SHORT 0043BA5D
LEA EDX,[ECX+EBP-1004]
/DEC EBX
|CMP EAX,EDX
|JNB SHORT 0043BA5D
|MOV CL,BYTE PTR DS:[EAX]
|CMP CL,0D
|JNE SHORT 0043BA4C
|LEA ECX,[EDX-1]
|CMP EAX,ECX
|JNB SHORT 0043BA58
|LEA ECX,[EAX+1]
|CMP BYTE PTR DS:[ECX],0A
|JNE SHORT 0043BA58
|MOV EAX,ECX
|JMP SHORT 0043BA58
|MOVZX ECX,CL
|MOVSX ECX,BYTE PTR DS:[ECX+452468]
|ADD EAX,ECX
|INC EAX
|TEST EBX,EBX
\JNE SHORT 0043BA2D
LEA ECX,[LOCAL.1025]
SUB EAX,ECX
XOR EDX,EDX
ADD EAX,ESI
ADC EDX,EDI
JMP 0043BBBC
TEST BYTE PTR DS:[EAX+4],80
JE SHORT 0043BA8B
MOV EDX,DWORD PTR DS:[ESI+8]
JMP SHORT 0043BA87
/CMP BYTE PTR DS:[EDX],0A
|JNE SHORT 0043BA86
|INC DWORD PTR SS:[LOCAL.1027]
|INC EDX
|CMP EDX,ECX
\JB SHORT 0043BA7B
MOV EDX,DWORD PTR SS:[LOCAL.1029]

0043BA91 |.
0043BA97 |.
0043BA99 |.
0043BA9F |.
0043BAA4 |>
0043BAA6 |.^
0043BAA8 |.
fo.004343FD
0043BAAD |.
0043BAB3 |.^
0043BAB8 |>
0043BABC |.
0043BAC2 |.
0043BAC5 |.
0043BAC7 |.
0043BAC9 |.
0043BACF |.
0043BAD4 |>
0043BAD7 |.
0043BAD9 |.
0043BADD |.
0043BADF |.
0043BAE5 |.
0043BAE7 |.
0043BAE9 |.
0043BAEB |.
[LOCAL.1030]
0043BAF1 |.
fo.0043E944
0043BAF6 |.
0043BAF9 |.
0043BAFF |.
0043BB01 |.
0043BB07 |.
0043BB09 |.
0043BB0C |.
0043BB0F |.
0043BB11 |>
0043BB14 |.
0043BB16 |.
0043BB17 |>
0043BB18 |>
0043BB1A |.^
0043BB1C |.
0043BB23 |.
0043BB25 |>
0043BB27 |.
[LOCAL.1028]
0043BB2D |.
[LOCAL.1029]
0043BB33 |.
[LOCAL.1030]
0043BB39 |.
fo.0043E944
0043BB3E |.
0043BB41 |.
0043BB43 |.
0043BB45 |.^
0043BB4B |.
0043BB4D |.^

0B95 F0EFFFFF
75 1F
8B85 F4EFFFFF
E9 18010000
84D2
78 E3
E8 5089FFFF

OR EDX,DWORD PTR SS:[LOCAL.1028]


JNE SHORT 0043BAB8
MOV EAX,DWORD PTR SS:[LOCAL.1027]
JMP 0043BBBC
TEST DL,DL
JS SHORT 0043BA8B
CALL 004343FD

; [SystemIn

C700 16000000
E9 24FEFFFF
F646 0C 01
0F84 D7000000
8B56 04
85D2
75 0B
2195 F4EFFFFF
E9 C5000000
2B4E 08
03CA
F640 04 80
8BF9
0F84 9C000000
6A 02
6A 00
6A 00
FFB5 E8EFFFFF

MOV DWORD PTR DS:[EAX],16


JMP 0043B8DC
TEST BYTE PTR DS:[ESI+0C],01
JE 0043BB99
MOV EDX,DWORD PTR DS:[ESI+4]
TEST EDX,EDX
JNE SHORT 0043BAD4
AND DWORD PTR SS:[LOCAL.1027],EDX
JMP 0043BB99
SUB ECX,DWORD PTR DS:[ESI+8]
ADD ECX,EDX
TEST BYTE PTR DS:[EAX+4],80
MOV EDI,ECX
JE 0043BB81
PUSH 2
PUSH 0
PUSH 0
PUSH DWORD PTR SS:[LOCAL.1030]

;
;
;
;

E8 4E2E0000

CALL 0043E944

; \SystemIn

83C4 10
3B85 ECEFFFFF
75 24
3B95 F0EFFFFF
75 1C
8B46 08
8D0C38
EB 07
8038 0A
75 01
47
40
3BC1
72 F5
F746 0C 00200
EB 59
6A 00
FFB5 F0EFFFFF

ADD ESP,10
CMP EAX,DWORD PTR SS:[LOCAL.1029]
JNE SHORT 0043BB25
CMP EDX,DWORD PTR SS:[LOCAL.1028]
JNE SHORT 0043BB25
MOV EAX,DWORD PTR DS:[ESI+8]
LEA ECX,[EDI+EAX]
JMP SHORT 0043BB18
/CMP BYTE PTR DS:[EAX],0A
|JNE SHORT 0043BB17
|INC EDI
|INC EAX
|CMP EAX,ECX
\JB SHORT 0043BB11
TEST DWORD PTR DS:[ESI+0C],00002000
JMP SHORT 0043BB7E
PUSH 0
PUSH DWORD PTR SS:[LOCAL.1028]

; /Arg4 = 0
; |Arg3 =>

/Arg4
|Arg3
|Arg2
|Arg1

= 2
= 0
= 0
=>

FFB5 ECEFFFFF PUSH DWORD PTR SS:[LOCAL.1029]

; |Arg2 =>

FFB5 E8EFFFFF PUSH DWORD PTR SS:[LOCAL.1030]

; |Arg1 =>

E8 062E0000

CALL 0043E944

; \SystemIn

83C4 10
85D2
7F 0E
0F8C 91FDFFFF
85C0
0F82 89FDFFFF

ADD ESP,10
TEST EDX,EDX
JG SHORT 0043BB53
JL 0043B8DC
TEST EAX,EAX
JB 0043B8DC

0043BB53 |>
0043BB58 |.
0043BB5A |.
0043BB5C |.
0043BB5F |.
0043BB62 |.
0043BB64 |.
0043BB66 |.
0043BB6C |.
0043BB6E |>
0043BB71 |>
0043BB77 |.
0043BB79 |.
0043BB7E |>
0043BB80 |.
0043BB81 |>
0043BB88 |.
0043BB8A |.
0043BB8C |>
0043BB92 |.
0043BB99 |>
0043BBA0 |.
0043BBA2 |.
0043BBA8 |>
0043BBAE |.
0043BBB0 |.
0043BBB6 |.
0043BBBC |>
0043BBBF |.
0043BBC0 |.
0043BBC1 |.
0043BBC3 |.
0043BBC4 |.
0043BBC9 |.
0043BBCA \.
0043BBCB /$
0043BBCD |.
0043BBD2 |.
0043BBD7 |.
[ARG.EBP+8]
0043BBDA |.
fo.0043B3D9
0043BBDF |.
0043BBE0 |.
0043BBE4 |.
[ARG.EBP+8]
0043BBE7 |.
fo.0043B87F
0043BBEC |.
0043BBED |.
0043BBF0 |.
0043BBF3 |.
0043BBFA |.
0043BBFF |.
0043BC02 |.
0043BC05 |.
0043BC0A \.
0043BC0B /$
0043BC0E |.
0043BC13 |.

B8 00020000
3BF8
77 12
8B4E 0C
F6C1 08
74 0A
8BF8
F7C1 00040000
74 03
8B7E 18
8B85 E4EFFFFF
8B00
F64418 04 04
74 01
47
80BD FBEFFFFF
75 02
D1EF
29BD ECEFFFFF
839D F0EFFFFF
80BD FBEFFFFF
75 06
D1AD F4EFFFFF
8B85 F4EFFFFF
33D2
0385 ECEFFFFF
1395 F0EFFFFF
8B4D FC
5F
5E
33CD
5B
E8 282BFFFF
C9
C3
6A 10
68 A8F44400
E8 15CEFFFF
FF75 08

MOV EAX,200
CMP EDI,EAX
JA SHORT 0043BB6E
MOV ECX,DWORD PTR DS:[ESI+0C]
TEST CL,08
JE SHORT 0043BB6E
MOV EDI,EAX
TEST ECX,00000400
JE SHORT 0043BB71
MOV EDI,DWORD PTR DS:[ESI+18]
MOV EAX,DWORD PTR SS:[LOCAL.1031]
MOV EAX,DWORD PTR DS:[EAX]
TEST BYTE PTR DS:[EBX+EAX+4],04
JE SHORT 0043BB81
INC EDI
CMP BYTE PTR SS:[LOCAL.1026+3],1
JNE SHORT 0043BB8C
SHR EDI,1
SUB DWORD PTR SS:[LOCAL.1029],EDI
SBB DWORD PTR SS:[LOCAL.1028],0
CMP BYTE PTR SS:[LOCAL.1026+3],1
JNE SHORT 0043BBA8
SHR DWORD PTR SS:[LOCAL.1027],1
MOV EAX,DWORD PTR SS:[LOCAL.1027]
XOR EDX,EDX
ADD EAX,DWORD PTR SS:[LOCAL.1029]
ADC EDX,DWORD PTR SS:[LOCAL.1028]
MOV ECX,DWORD PTR SS:[LOCAL.1]
POP EDI
POP ESI
XOR ECX,EBP
POP EBX
CALL 0042E6F1
LEAVE
RETN
PUSH 10
PUSH OFFSET 0044F4A8
CALL 004389EC
PUSH DWORD PTR SS:[EBP+8]

; /Arg1 =>

E8 FAF7FFFF

CALL 0043B3D9

; \SystemIn

59
8365 FC 00
FF75 08

POP ECX
AND DWORD PTR SS:[EBP-4],00000000
PUSH DWORD PTR SS:[EBP+8]

; /Arg1 =>

E8 93FCFFFF

CALL 0043B87F

; \SystemIn

59
8945 E0
8955 E4
C745 FC FEFFF
E8 0C000000
8B45 E0
8B55 E4
E8 27CEFFFF
C3
FF75 08
E8 39F8FFFF
59

POP ECX
MOV DWORD PTR SS:[EBP-20],EAX
MOV DWORD PTR SS:[EBP-1C],EDX
MOV DWORD PTR SS:[EBP-4],-2
CALL 0043BC0B
MOV EAX,DWORD PTR SS:[EBP-20]
MOV EDX,DWORD PTR SS:[EBP-1C]
CALL 00438A31
RETN
PUSH DWORD PTR SS:[EBP+8]
CALL 0043B44C
POP ECX

0043BC14 \. C3
RETN
0043BC15 /$ 8BFF
MOV EDI,EDI
o.0043BC15(guessed Arg1,Arg2,Arg3)
0043BC17 |. 55
PUSH EBP
0043BC18 |. 8BEC
MOV EBP,ESP
0043BC1A |. 56
PUSH ESI
0043BC1B |. 8B75 08
MOV ESI,DWORD PTR SS:[ARG.1]
0043BC1E |. 56
PUSH ESI
[ARG.1]
0043BC1F |. E8 7F4E0000 CALL 00440AA3
fo.00440AA3
0043BC24 |. 59
POP ECX
0043BC25 |. 83F8 FF
CMP EAX,-1
0043BC28 |. 75 10
JNE SHORT 0043BC3A
0043BC2A |. E8 CE87FFFF CALL 004343FD
fo.004343FD
0043BC2F |. C700 09000000 MOV DWORD PTR DS:[EAX],9
0043BC35 |. 83C8 FF
OR EAX,FFFFFFFF
0043BC38 |. EB 4D
JMP SHORT 0043BC87
0043BC3A |> 57
PUSH EDI
0043BC3B |. FF75 10
PUSH DWORD PTR SS:[ARG.3]
> [ARG.3]
0043BC3E |. 6A 00
PUSH 0
eHi = NULL
0043BC40 |. FF75 0C
PUSH DWORD PTR SS:[ARG.2]
Lo => [ARG.2]
0043BC43 |. 50
PUSH EAX
0043BC44 |. FF15 D8814400 CALL DWORD PTR DS:[<&KERNEL32.SetFilePoi
.SetFilePointer
0043BC4A |. 8BF8
MOV EDI,EAX
0043BC4C |. 83FF FF
CMP EDI,-1
0043BC4F |. 75 08
JNE SHORT 0043BC59
0043BC51 |. FF15 58804400 CALL DWORD PTR DS:[<&KERNEL32.GetLastErr
.GetLastError
0043BC57 |. EB 02
JMP SHORT 0043BC5B
0043BC59 |> 33C0
XOR EAX,EAX
0043BC5B |> 85C0
TEST EAX,EAX
0043BC5D |. 74 0C
JE SHORT 0043BC6B
0043BC5F |. 50
PUSH EAX
0043BC60 |. E8 BE87FFFF CALL 00434423
fo.00434423
0043BC65 |. 59
POP ECX
0043BC66 |. 83C8 FF
OR EAX,FFFFFFFF
0043BC69 |. EB 1B
JMP SHORT 0043BC86
0043BC6B |> 8BC6
MOV EAX,ESI
0043BC6D |. C1F8 05
SAR EAX,5
0043BC70 |. 8B0485 A03745 MOV EAX,DWORD PTR DS:[EAX*4+4537A0]
0043BC77 |. 83E6 1F
AND ESI,0000001F
0043BC7A |. C1E6 06
SHL ESI,6
0043BC7D |. 8D4430 04
LEA EAX,[ESI+EAX+4]
0043BC81 |. 8020 FD
AND BYTE PTR DS:[EAX],FD
0043BC84 |. 8BC7
MOV EAX,EDI
0043BC86 |> 5F
POP EDI
0043BC87 |> 5E
POP ESI
0043BC88 |. 5D
POP EBP
0043BC89 \. C3
RETN
0043BC8A /$ 6A 10
PUSH 10
0043BC8C |. 68 C8F44400 PUSH OFFSET 0044F4C8
0043BC91 |. E8 56CDFFFF CALL 004389EC
0043BC96 |. 8B45 08
MOV EAX,DWORD PTR SS:[EBP+8]

; SystemInf

; /Arg1 =>
; \SystemIn

; [SystemIn

; /Origin =
; |pDistanc
; |Distance
; |hFile
; \KERNEL32

; [KERNEL32

; /Arg1
; \SystemIn

0043BC99 |.
0043BC9C |.
0043BC9E |.
fo.00434410
0043BCA3 |.
0043BCA6 |.
fo.004343FD
0043BCAB |.
0043BCB1 |>
0043BCB4 |.
0043BCB9 |>
0043BCBB |.
0043BCBD |.
0043BCBF |.
0043BCC5 |.
0043BCC7 |>
fo.00434410
0043BCCC |.
0043BCCE |.
fo.004343FD
0043BCD3 |.
0043BCD9 |.
0043BCDA |.
0043BCDB |.
0043BCDC |.
0043BCDD |.
0043BCDE |.
fo.0042E862
0043BCE3 |.
0043BCE6 |.^
0043BCE8 |>
0043BCEA |.
0043BCED |.
0043BCF4 |.
0043BCF6 |.
0043BCF9 |.
0043BCFC |.
0043BCFE |.
0043BD03 |.
0043BD06 |.^
0043BD08 |.
0043BD09 |.
0043BD0E |.
0043BD0F |.
0043BD12 |.
0043BD14 |.
0043BD19 |.
0043BD1B |.
[ARG.EBP+10]
0043BD1E |.
[ARG.EBP+0C]
0043BD21 |.
[ARG.EBP+8]
0043BD24 |.
fo.0043BC15
0043BD29 |.
0043BD2C |.
0043BD2F |.
0043BD31 |>
fo.004343FD

83F8 FE
75 1B
E8 6D87FFFF

CMP EAX,-2
JNE SHORT 0043BCB9
CALL 00434410

; [SystemIn

8320 00
E8 5287FFFF

AND DWORD PTR DS:[EAX],00000000


CALL 004343FD

; [SystemIn

C700 09000000
83C8 FF
E9 9D000000
33FF
3BC7
7C 08
3B05 98374500
72 21
E8 4487FFFF

MOV DWORD PTR DS:[EAX],9


OR EAX,FFFFFFFF
JMP 0043BD56
XOR EDI,EDI
CMP EAX,EDI
JL SHORT 0043BCC7
CMP EAX,DWORD PTR DS:[453798]
JB SHORT 0043BCE8
CALL 00434410

; [SystemIn

8938
E8 2A87FFFF

MOV DWORD PTR DS:[EAX],EDI


CALL 004343FD

; [SystemIn

C700 09000000
57
57
57
57
57
E8 7F2BFFFF

MOV DWORD PTR DS:[EAX],9


PUSH EDI
PUSH EDI
PUSH EDI
PUSH EDI
PUSH EDI
CALL 0042E862

;
;
;
;
;
;

83C4 14
EB C9
8BC8
C1F9 05
8D1C8D A03745
8BF0
83E6 1F
C1E6 06
8B0B
0FBE4C31 04
83E1 01
74 BF
50
E8 0C4E0000
59
897D FC
8B03
F64430 04 01
74 16
FF75 10

ADD ESP,14
JMP SHORT 0043BCB1
MOV ECX,EAX
SAR ECX,5
LEA EBX,[ECX*4+4537A0]
MOV ESI,EAX
AND ESI,0000001F
SHL ESI,6
MOV ECX,DWORD PTR DS:[EBX]
MOVSX ECX,BYTE PTR DS:[ESI+ECX+4]
AND ECX,00000001
JE SHORT 0043BCC7
PUSH EAX
CALL 00440B1A
POP ECX
MOV DWORD PTR SS:[EBP-4],EDI
MOV EAX,DWORD PTR DS:[EBX]
TEST BYTE PTR DS:[ESI+EAX+4],01
JE SHORT 0043BD31
PUSH DWORD PTR SS:[EBP+10]

; /Arg3 =>

FF75 0C

PUSH DWORD PTR SS:[EBP+0C]

; |Arg2 =>

FF75 08

PUSH DWORD PTR SS:[EBP+8]

; |Arg1 =>

E8 ECFEFFFF

CALL 0043BC15

; \SystemIn

83C4 0C
8945 E4
EB 16
E8 C786FFFF

ADD ESP,0C
MOV DWORD PTR SS:[EBP-1C],EAX
JMP SHORT 0043BD47
CALL 004343FD

; [SystemIn

/Arg5
|Arg4
|Arg3
|Arg2
|Arg1
\SystemIn

0043BD36 |. C700 09000000


0043BD3C |. E8 CF86FFFF
fo.00434410
0043BD41 |. 8938
0043BD43 |. 834D E4 FF
0043BD47 |> C745 FC FEFFF
0043BD4E |. E8 09000000
0043BD53 |. 8B45 E4
0043BD56 |> E8 D6CCFFFF
0043BD5B \. C3
0043BD5C /$ FF75 08
0043BD5F |. E8 564E0000
0043BD64 |. 59
0043BD65 \. C3
0043BD66 /$ 8BFF
o.0043BD66(guessed Arg1)
0043BD68 |. 55
0043BD69 |. 8BEC
0043BD6B |. 83EC 0C
0043BD6E |. 53
0043BD6F |. 57
0043BD70 |. 8B7D 08
0043BD73 |. 33DB
0043BD75 |. 3BFB
0043BD77 |. 75 20
0043BD79 |. E8 7F86FFFF
fo.004343FD
0043BD7E |. 53
0043BD7F |. 53
0043BD80 |. 53
0043BD81 |. 53
0043BD82 |. 53
0043BD83 |. C700 16000000
0043BD89 |. E8 D42AFFFF
fo.0042E862
0043BD8E |. 83C4 14
0043BD91 |> 83C8 FF
0043BD94 |. E9 66010000
0043BD99 |> 57
[ARG.1]
0043BD9A |. E8 31F5FFFF
fo.0043B2D0
0043BD9F |. 395F 04
0043BDA2 |. 59
0043BDA3 |. 8945 FC
0043BDA6 |. 7D 03
0043BDA8 |. 895F 04
0043BDAB |> 6A 01
0043BDAD |. 53
0043BDAE |. 50
0043BDAF |. E8 D6FEFFFF
0043BDB4 |. 83C4 0C
0043BDB7 |. 3BC3
0043BDB9 |. 8945 F8
0043BDBC |.^ 7C D3
0043BDBE |. 8B57 0C
0043BDC1 |. F7C2 08010000
0043BDC7 |. 75 08
0043BDC9 |. 2B47 04
0043BDCC |. E9 2E010000

MOV DWORD PTR DS:[EAX],9


CALL 00434410

; [SystemIn

MOV DWORD PTR DS:[EAX],EDI


OR DWORD PTR SS:[EBP-1C],FFFFFFFF
MOV DWORD PTR SS:[EBP-4],-2
CALL 0043BD5C
MOV EAX,DWORD PTR SS:[EBP-1C]
CALL 00438A31
RETN
PUSH DWORD PTR SS:[EBP+8]
CALL 00440BBA
POP ECX
RETN
MOV EDI,EDI

; SystemInf

PUSH EBP
MOV EBP,ESP
SUB ESP,0C
PUSH EBX
PUSH EDI
MOV EDI,DWORD PTR SS:[ARG.1]
XOR EBX,EBX
CMP EDI,EBX
JNE SHORT 0043BD99
CALL 004343FD

; [SystemIn

PUSH EBX
PUSH EBX
PUSH EBX
PUSH EBX
PUSH EBX
MOV DWORD PTR DS:[EAX],16
CALL 0042E862

;
;
;
;
;
;
;

ADD ESP,14
OR EAX,FFFFFFFF
JMP 0043BEFF
PUSH EDI

; /Arg1 =>

CALL 0043B2D0

; \SystemIn

CMP DWORD PTR DS:[EDI+4],EBX


POP ECX
MOV DWORD PTR SS:[LOCAL.1],EAX
JGE SHORT 0043BDAB
MOV DWORD PTR DS:[EDI+4],EBX
PUSH 1
PUSH EBX
PUSH EAX
CALL 0043BC8A
ADD ESP,0C
CMP EAX,EBX
MOV DWORD PTR SS:[LOCAL.2],EAX
JL SHORT 0043BD91
MOV EDX,DWORD PTR DS:[EDI+0C]
TEST EDX,00000108
JNE SHORT 0043BDD1
SUB EAX,DWORD PTR DS:[EDI+4]
JMP 0043BEFF

/Arg5
|Arg4
|Arg3
|Arg2
|Arg1
|
\SystemIn

0043BDD1 |>
0043BDD3 |.
0043BDD6 |.
0043BDD7 |.
0043BDD9 |.
0043BDDB |.
0043BDDE |.
0043BDE1 |.
0043BDE3 |.
0043BDE6 |.
0043BDE9 |.
0043BDEC |.
0043BDF3 |.
0043BDF6 |.
0043BDF9 |.
0043BDFE |.
0043BE00 |.
0043BE02 |.
0043BE04 |.
0043BE06 |.
0043BE08 |>
0043BE0B |.
0043BE0D |.
0043BE10 |.
0043BE12 |>
0043BE13 |.
0043BE15 |.^
0043BE17 |>
0043BE1A |.
0043BE1C |.
0043BE1F |.
0043BE24 |>
0043BE26 |.^
0043BE28 |.
fo.004343FD
0043BE2D |.
0043BE33 |.
0043BE38 |>
0043BE3C |.
0043BE42 |.
0043BE45 |.
0043BE47 |.
0043BE49 |.
0043BE4C |.
0043BE51 |>
0043BE54 |.
0043BE57 |.
0043BE59 |.
0043BE5B |.
0043BE5E |.
0043BE61 |.
0043BE68 |.
0043BE6B |.
0043BE6D |.
0043BE70 |.
0043BE75 |.
0043BE77 |.
0043BE79 |.
0043BE7B |.
0043BE7E |.

8B07
8B4F 08
56
8BF0
2BF1
8975 F4
F6C2 03
74 41
8B55 FC
8B75 FC
C1FA 05
8B1495 A03745
83E6 1F
C1E6 06
F64432 04 80
74 17
8BD1
3BD0
73 11
8BF0
803A 0A
75 05
FF45 F4
33DB
42
3BD6
72 F1
395D F8
75 1C
8B45 F4
E9 DA000000
84D2
78 EF
E8 D085FFFF

MOV EAX,DWORD PTR DS:[EDI]


MOV ECX,DWORD PTR DS:[EDI+8]
PUSH ESI
MOV ESI,EAX
SUB ESI,ECX
MOV DWORD PTR SS:[LOCAL.3],ESI
TEST DL,03
JE SHORT 0043BE24
MOV EDX,DWORD PTR SS:[LOCAL.1]
MOV ESI,DWORD PTR SS:[LOCAL.1]
SAR EDX,5
MOV EDX,DWORD PTR DS:[EDX*4+4537A0]
AND ESI,0000001F
SHL ESI,6
TEST BYTE PTR DS:[ESI+EDX+4],80
JE SHORT 0043BE17
MOV EDX,ECX
CMP EDX,EAX
JNB SHORT 0043BE17
MOV ESI,EAX
/CMP BYTE PTR DS:[EDX],0A
|JNE SHORT 0043BE12
|INC DWORD PTR SS:[LOCAL.3]
|XOR EBX,EBX
|INC EDX
|CMP EDX,ESI
\JB SHORT 0043BE08
CMP DWORD PTR SS:[LOCAL.2],EBX
JNE SHORT 0043BE38
MOV EAX,DWORD PTR SS:[LOCAL.3]
JMP 0043BEFE
TEST DL,DL
JS SHORT 0043BE17
CALL 004343FD

C700 16000000
E9 87000000
F647 0C 01
0F84 B4000000
8B57 04
3BD3
75 08
895D F4
E9 A5000000
8B5D FC
8B75 FC
2BC1
03C2
C1FB 05
83E6 1F
8D1C9D A03745
8945 08
8B03
C1E6 06
F64430 04 80
74 79
6A 02
6A 00
FF75 FC
E8 07FEFFFF

MOV DWORD PTR DS:[EAX],16


JMP 0043BEBF
TEST BYTE PTR DS:[EDI+0C],01
JE 0043BEF6
MOV EDX,DWORD PTR DS:[EDI+4]
CMP EDX,EBX
JNE SHORT 0043BE51
MOV DWORD PTR SS:[LOCAL.3],EBX
JMP 0043BEF6
MOV EBX,DWORD PTR SS:[LOCAL.1]
MOV ESI,DWORD PTR SS:[LOCAL.1]
SUB EAX,ECX
ADD EAX,EDX
SAR EBX,5
AND ESI,0000001F
LEA EBX,[EBX*4+4537A0]
MOV DWORD PTR SS:[ARG.1],EAX
MOV EAX,DWORD PTR DS:[EBX]
SHL ESI,6
TEST BYTE PTR DS:[ESI+EAX+4],80
JE SHORT 0043BEF0
PUSH 2
PUSH 0
PUSH DWORD PTR SS:[LOCAL.1]
CALL 0043BC8A

; [SystemIn

0043BE83 |. 83C4 0C
ADD ESP,0C
0043BE86 |. 3B45 F8
CMP EAX,DWORD PTR SS:[LOCAL.2]
0043BE89 |. 75 20
JNE SHORT 0043BEAB
0043BE8B |. 8B47 08
MOV EAX,DWORD PTR DS:[EDI+8]
0043BE8E |. 8B4D 08
MOV ECX,DWORD PTR SS:[ARG.1]
0043BE91 |. 03C8
ADD ECX,EAX
0043BE93 |. EB 09
JMP SHORT 0043BE9E
0043BE95 |> 8038 0A
/CMP BYTE PTR DS:[EAX],0A
0043BE98 |. 75 03
|JNE SHORT 0043BE9D
0043BE9A |. FF45 08
|INC DWORD PTR SS:[ARG.1]
0043BE9D |> 40
|INC EAX
0043BE9E |> 3BC1
|CMP EAX,ECX
0043BEA0 |.^ 72 F3
\JB SHORT 0043BE95
0043BEA2 |. F747 0C 00200 TEST DWORD PTR DS:[EDI+0C],00002000
0043BEA9 |. EB 40
JMP SHORT 0043BEEB
0043BEAB |> 6A 00
PUSH 0
0043BEAD |. FF75 F8
PUSH DWORD PTR SS:[LOCAL.2]
0043BEB0 |. FF75 FC
PUSH DWORD PTR SS:[LOCAL.1]
0043BEB3 |. E8 D2FDFFFF CALL 0043BC8A
0043BEB8 |. 83C4 0C
ADD ESP,0C
0043BEBB |. 85C0
TEST EAX,EAX
0043BEBD |. 7D 05
JGE SHORT 0043BEC4
0043BEBF |> 83C8 FF
OR EAX,FFFFFFFF
0043BEC2 |. EB 3A
JMP SHORT 0043BEFE
0043BEC4 |> B8 00020000 MOV EAX,200
0043BEC9 |. 3945 08
CMP DWORD PTR SS:[ARG.1],EAX
0043BECC |. 77 10
JA SHORT 0043BEDE
0043BECE |. 8B4F 0C
MOV ECX,DWORD PTR DS:[EDI+0C]
0043BED1 |. F6C1 08
TEST CL,08
0043BED4 |. 74 08
JE SHORT 0043BEDE
0043BED6 |. F7C1 00040000 TEST ECX,00000400
0043BEDC |. 74 03
JE SHORT 0043BEE1
0043BEDE |> 8B47 18
MOV EAX,DWORD PTR DS:[EDI+18]
0043BEE1 |> 8945 08
MOV DWORD PTR SS:[ARG.1],EAX
0043BEE4 |. 8B03
MOV EAX,DWORD PTR DS:[EBX]
0043BEE6 |. F64430 04 04 TEST BYTE PTR DS:[ESI+EAX+4],04
0043BEEB |> 74 03
JE SHORT 0043BEF0
0043BEED |. FF45 08
INC DWORD PTR SS:[ARG.1]
0043BEF0 |> 8B45 08
MOV EAX,DWORD PTR SS:[ARG.1]
0043BEF3 |. 2945 F8
SUB DWORD PTR SS:[LOCAL.2],EAX
0043BEF6 |> 8B45 F4
MOV EAX,DWORD PTR SS:[LOCAL.3]
0043BEF9 |. 8B4D F8
MOV ECX,DWORD PTR SS:[LOCAL.2]
0043BEFC |. 03C1
ADD EAX,ECX
0043BEFE |> 5E
POP ESI
0043BEFF |> 5F
POP EDI
0043BF00 |. 5B
POP EBX
0043BF01 |. C9
LEAVE
0043BF02 \. C3
RETN
0043BF03 /$ 8BFF
MOV EDI,EDI
o.0043BF03(guessed Arg1,Arg2,Arg3,Arg4)
0043BF05 |. 55
PUSH EBP
0043BF06 |. 8BEC
MOV EBP,ESP
0043BF08 |. 56
PUSH ESI
0043BF09 |. 8B75 08
MOV ESI,DWORD PTR SS:[ARG.1]
0043BF0C |. 8B46 0C
MOV EAX,DWORD PTR DS:[ESI+0C]
0043BF0F |. 57
PUSH EDI
0043BF10 |. A8 83
TEST AL,83
0043BF12 |. 74 79
JE SHORT 0043BF8D
0043BF14 |. 8B7D 14
MOV EDI,DWORD PTR SS:[ARG.4]
0043BF17 |. 85FF
TEST EDI,EDI

; SystemInf

0043BF19 |.
0043BF1B |.
0043BF1E |.
0043BF20 |.
0043BF23 |.
0043BF25 |>
0043BF28 |.
0043BF2B |.
0043BF2E |.
0043BF30 |.
[ARG.1]
0043BF31 |.
fo.0043B87F
0043BF36 |.
0043BF39 |.
0043BF3A |.
0043BF3D |.
0043BF3F |>
0043BF40 |.
fo.00432F05
0043BF45 |.
0043BF48 |.
0043BF49 |.
0043BF4B |.
0043BF4D |.
0043BF50 |.
0043BF53 |.
0043BF55 |>
0043BF57 |.
0043BF59 |.
0043BF5B |.
0043BF5D |.
0043BF62 |.
0043BF64 |.
0043BF6B |>
0043BF6C |.
[ARG.3]
0043BF6F |.
[ARG.2]
0043BF72 |.
0043BF73 |.
nfo.0043B2D0
0043BF78 |.
0043BF79 |.
0043BF7A |.
fo.0043E944
0043BF7F |.
0043BF81 |.
0043BF84 |.
0043BF87 |.
0043BF89 |.
0043BF8B |.
0043BF8D |>
fo.004343FD
0043BF92 |.
0043BF98 |>
0043BF9B |>
0043BF9C |.
0043BF9D |.
0043BF9E \.

74 0A
83FF 01
74 05
83FF 02
75 68
83E0 EF
8946 0C
83FF 01
75 0F
56

JE SHORT 0043BF25
CMP EDI,1
JE SHORT 0043BF25
CMP EDI,2
JNE SHORT 0043BF8D
AND EAX,FFFFFFEF
MOV DWORD PTR DS:[ESI+0C],EAX
CMP EDI,1
JNE SHORT 0043BF3F
PUSH ESI

; /Arg1 =>

E8 49F9FFFF

CALL 0043B87F

; \SystemIn

0145 0C
59
1155 10
33FF
56
E8 C06FFFFF

ADD DWORD PTR SS:[ARG.2],EAX


POP ECX
ADC DWORD PTR SS:[ARG.3],EDX
XOR EDI,EDI
PUSH ESI
CALL 00432F05

; /Arg1
; \SystemIn

8B46 0C
59
84C0
79 08
83E0 FC
8946 0C
EB 16
A8 01
74 12
A8 08
74 0E
A9 00040000
75 07
C746 18 00020
57
FF75 10

MOV EAX,DWORD PTR DS:[ESI+0C]


POP ECX
TEST AL,AL
JNS SHORT 0043BF55
AND EAX,FFFFFFFC
MOV DWORD PTR DS:[ESI+0C],EAX
JMP SHORT 0043BF6B
TEST AL,01
JE SHORT 0043BF6B
TEST AL,08
JE SHORT 0043BF6B
TEST EAX,00000400
JNE SHORT 0043BF6B
MOV DWORD PTR DS:[ESI+18],200
PUSH EDI
PUSH DWORD PTR SS:[ARG.3]

; /Arg4
; |Arg3 =>

FF75 0C

PUSH DWORD PTR SS:[ARG.2]

; |Arg2 =>

56
E8 58F3FFFF

PUSH ESI
CALL 0043B2D0

; |/Arg1
; |\SystemI

59
50
E8 C5290000

POP ECX
PUSH EAX
CALL 0043E944

; |
; |Arg1
; \SystemIn

23C2
83C4 10
83F8 FF
74 0F
33C0
EB 0E
E8 6B84FFFF

AND EAX,EDX
ADD ESP,10
CMP EAX,-1
JE SHORT 0043BF98
XOR EAX,EAX
JMP SHORT 0043BF9B
CALL 004343FD

; [SystemIn

C700 16000000 MOV DWORD PTR DS:[EAX],16


83C8 FF
OR EAX,FFFFFFFF
5F
POP EDI
5E
POP ESI
5D
POP EBP
C3
RETN

0043BF9F /$ 6A 0C
0043BFA1 |. 68 E8F44400
0043BFA6 |. E8 41CAFFFF
0043BFAB |. FF75 08
[ARG.EBP+8]
0043BFAE |. E8 26F4FFFF
fo.0043B3D9
0043BFB3 |. 59
0043BFB4 |. 8365 FC 00
0043BFB8 |. FF75 14
[ARG.EBP+14]
0043BFBB |. FF75 10
[ARG.EBP+10]
0043BFBE |. FF75 0C
[ARG.EBP+0C]
0043BFC1 |. FF75 08
[ARG.EBP+8]
0043BFC4 |. E8 3AFFFFFF
fo.0043BF03
0043BFC9 |. 83C4 10
0043BFCC |. 8945 E4
0043BFCF |. C745 FC FEFFF
0043BFD6 |. E8 09000000
0043BFDB |. 8B45 E4
0043BFDE |. E8 4ECAFFFF
0043BFE3 \. C3
0043BFE4 /$ FF75 08
0043BFE7 |. E8 60F4FFFF
0043BFEC |. 59
0043BFED \. C3
0043BFEE /$ 8BFF
o.0043BFEE(guessed Arg1)
0043BFF0 |. 55
0043BFF1 |. 8BEC
0043BFF3 |. 56
0043BFF4 |. 8B75 08
0043BFF7 |. 8B46 0C
0043BFFA |. A8 83
0043BFFC |. 74 1E
0043BFFE |. A8 08
0043C000 |. 74 1A
0043C002 |. FF76 08
0043C005 |. E8 D471FFFF
fo.004331DE
0043C00A |. 8166 0C F7FBF
0043C011 |. 33C0
0043C013 |. 59
0043C014 |. 8906
0043C016 |. 8946 08
0043C019 |. 8946 04
0043C01C |> 5E
0043C01D |. 5D
0043C01E \. C3
0043C01F /$ 6A 10
0043C021 |. 68 08F54400
0043C026 |. E8 C1C9FFFF
0043C02B |. 8B45 08
0043C02E |. 83F8 FE
0043C031 |. 75 13
0043C033 |. E8 C583FFFF

PUSH
PUSH
CALL
PUSH

0C
OFFSET 0044F4E8
004389EC
DWORD PTR SS:[EBP+8]

; /Arg1 =>

CALL 0043B3D9

; \SystemIn

POP ECX
AND DWORD PTR SS:[EBP-4],00000000
PUSH DWORD PTR SS:[EBP+14]

; /Arg4 =>

PUSH DWORD PTR SS:[EBP+10]

; |Arg3 =>

PUSH DWORD PTR SS:[EBP+0C]

; |Arg2 =>

PUSH DWORD PTR SS:[EBP+8]

; |Arg1 =>

CALL 0043BF03

; \SystemIn

ADD ESP,10
MOV DWORD PTR SS:[EBP-1C],EAX
MOV DWORD PTR SS:[EBP-4],-2
CALL 0043BFE4
MOV EAX,DWORD PTR SS:[EBP-1C]
CALL 00438A31
RETN
PUSH DWORD PTR SS:[EBP+8]
CALL 0043B44C
POP ECX
RETN
MOV EDI,EDI

; SystemInf

PUSH EBP
MOV EBP,ESP
PUSH ESI
MOV ESI,DWORD PTR SS:[ARG.1]
MOV EAX,DWORD PTR DS:[ESI+0C]
TEST AL,83
JE SHORT 0043C01C
TEST AL,08
JE SHORT 0043C01C
PUSH DWORD PTR DS:[ESI+8]
CALL 004331DE

; /Arg1
; \SystemIn

AND DWORD PTR DS:[ESI+0C],FFFFFBF7


XOR EAX,EAX
POP ECX
MOV DWORD PTR DS:[ESI],EAX
MOV DWORD PTR DS:[ESI+8],EAX
MOV DWORD PTR DS:[ESI+4],EAX
POP ESI
POP EBP
RETN
PUSH 10
PUSH OFFSET 0044F508
CALL 004389EC
MOV EAX,DWORD PTR SS:[EBP+8]
CMP EAX,-2
JNE SHORT 0043C046
CALL 004343FD

; [SystemIn

fo.004343FD
0043C038 |. C700 09000000
0043C03E |> 83C8 FF
0043C041 |. E9 AA000000
0043C046 |> 33DB
0043C048 |. 3BC3
0043C04A |. 7C 08
0043C04C |. 3B05 98374500
0043C052 |. 72 1A
0043C054 |> E8 A483FFFF
fo.004343FD
0043C059 |. C700 09000000
0043C05F |. 53
0043C060 |. 53
0043C061 |. 53
0043C062 |. 53
0043C063 |. 53
0043C064 |. E8 F927FFFF
fo.0042E862
0043C069 |. 83C4 14
0043C06C |.^ EB D0
0043C06E |> 8BC8
0043C070 |. C1F9 05
0043C073 |. 8D3C8D A03745
0043C07A |. 8BF0
0043C07C |. 83E6 1F
0043C07F |. C1E6 06
0043C082 |. 8B0F
0043C084 |. 0FBE4C0E 04
0043C089 |. 83E1 01
0043C08C |.^ 74 C6
0043C08E |. 50
0043C08F |. E8 864A0000
0043C094 |. 59
0043C095 |. 895D FC
0043C098 |. 8B07
0043C09A |. F64406 04 01
0043C09F |. 74 31
0043C0A1 |. FF75 08
[ARG.EBP+8]
0043C0A4 |. E8 FA490000
fo.00440AA3
0043C0A9 |. 59
0043C0AA |. 50
0043C0AB |. FF15 DC814400
.FlushFileBuffers
0043C0B1 |. 85C0
0043C0B3 |. 75 0B
0043C0B5 |. FF15 58804400
.GetLastError
0043C0BB |. 8945 E4
0043C0BE |. EB 03
0043C0C0 |> 895D E4
0043C0C3 |> 395D E4
0043C0C6 |. 74 19
0043C0C8 |. E8 4383FFFF
fo.00434410
0043C0CD |. 8B4D E4
0043C0D0 |. 8908
0043C0D2 |> E8 2683FFFF

MOV DWORD PTR DS:[EAX],9


OR EAX,FFFFFFFF
JMP 0043C0F0
XOR EBX,EBX
CMP EAX,EBX
JL SHORT 0043C054
CMP EAX,DWORD PTR DS:[453798]
JB SHORT 0043C06E
CALL 004343FD

; [SystemIn

MOV DWORD PTR DS:[EAX],9


PUSH EBX
PUSH EBX
PUSH EBX
PUSH EBX
PUSH EBX
CALL 0042E862

;
;
;
;
;
;

ADD ESP,14
JMP SHORT 0043C03E
MOV ECX,EAX
SAR ECX,5
LEA EDI,[ECX*4+4537A0]
MOV ESI,EAX
AND ESI,0000001F
SHL ESI,6
MOV ECX,DWORD PTR DS:[EDI]
MOVSX ECX,BYTE PTR DS:[ECX+ESI+4]
AND ECX,00000001
JE SHORT 0043C054
PUSH EAX
CALL 00440B1A
POP ECX
MOV DWORD PTR SS:[EBP-4],EBX
MOV EAX,DWORD PTR DS:[EDI]
TEST BYTE PTR DS:[EAX+ESI+4],01
JE SHORT 0043C0D2
PUSH DWORD PTR SS:[EBP+8]

; /Arg1 =>

CALL 00440AA3

; \SystemIn

/Arg5
|Arg4
|Arg3
|Arg2
|Arg1
\SystemIn

POP ECX
PUSH EAX
; /hFile
CALL DWORD PTR DS:[<&KERNEL32.FlushFileB ; \KERNEL32
TEST EAX,EAX
JNE SHORT 0043C0C0
CALL DWORD PTR DS:[<&KERNEL32.GetLastErr ; [KERNEL32
MOV DWORD PTR SS:[EBP-1C],EAX
JMP SHORT 0043C0C3
MOV DWORD PTR SS:[EBP-1C],EBX
CMP DWORD PTR SS:[EBP-1C],EBX
JE SHORT 0043C0E1
CALL 00434410

; [SystemIn

MOV ECX,DWORD PTR SS:[EBP-1C]


MOV DWORD PTR DS:[EAX],ECX
CALL 004343FD

; [SystemIn

fo.004343FD
0043C0D7 |. C700 09000000
0043C0DD |. 834D E4 FF
0043C0E1 |> C745 FC FEFFF
0043C0E8 |. E8 09000000
0043C0ED |. 8B45 E4
0043C0F0 |> E8 3CC9FFFF
0043C0F5 \. C3
0043C0F6 /$ FF75 08
0043C0F9 |. E8 BC4A0000
0043C0FE |. 59
0043C0FF \. C3
0043C100 /$ 8BFF
o.0043C100(guessed Arg1)
0043C102 |. 55
0043C103 |. 8BEC
0043C105 |. 56
0043C106 |. 8B75 08
0043C109 |. 57
0043C10A |. 56
[ARG.1]
0043C10B |. E8 93490000
fo.00440AA3
0043C110 |. 59
0043C111 |. 83F8 FF
0043C114 |. 74 50
0043C116 |. A1 A0374500
0043C11B |. 83FE 01
0043C11E |. 75 09
0043C120 |. F680 84000000
0043C127 |. 75 0B
0043C129 |> 83FE 02
0043C12C |. 75 1C
0043C12E |. F640 44 01
0043C132 |. 74 16
0043C134 |> 6A 02
0043C136 |. E8 68490000
fo.00440AA3
0043C13B |. 6A 01
0043C13D |. 8BF8
0043C13F |. E8 5F490000
fo.00440AA3
0043C144 |. 59
0043C145 |. 59
0043C146 |. 3BC7
0043C148 |. 74 1C
0043C14A |> 56
0043C14B |. E8 53490000
fo.00440AA3
0043C150 |. 59
0043C151 |. 50
0043C152 |. FF15 30804400
.CloseHandle
0043C158 |. 85C0
0043C15A |. 75 0A
0043C15C |. FF15 58804400
.GetLastError
0043C162 |. 8BF8
0043C164 |. EB 02
0043C166 |> 33FF

MOV DWORD PTR DS:[EAX],9


OR DWORD PTR SS:[EBP-1C],FFFFFFFF
MOV DWORD PTR SS:[EBP-4],-2
CALL 0043C0F6
MOV EAX,DWORD PTR SS:[EBP-1C]
CALL 00438A31
RETN
PUSH DWORD PTR SS:[EBP+8]
CALL 00440BBA
POP ECX
RETN
MOV EDI,EDI

; SystemInf

PUSH EBP
MOV EBP,ESP
PUSH ESI
MOV ESI,DWORD PTR SS:[ARG.1]
PUSH EDI
PUSH ESI

; /Arg1 =>

CALL 00440AA3

; \SystemIn

POP ECX
CMP EAX,-1
JE SHORT 0043C166
MOV EAX,DWORD PTR DS:[4537A0]
CMP ESI,1
JNE SHORT 0043C129
TEST BYTE PTR DS:[EAX+84],01
JNE SHORT 0043C134
CMP ESI,2
JNE SHORT 0043C14A
TEST BYTE PTR DS:[EAX+44],01
JE SHORT 0043C14A
PUSH 2
CALL 00440AA3

; /Arg1 = 2
; \SystemIn

PUSH 1
MOV EDI,EAX
CALL 00440AA3

; /Arg1 = 1
; |
; \SystemIn

POP ECX
POP ECX
CMP EAX,EDI
JE SHORT 0043C166
PUSH ESI
CALL 00440AA3

; /Arg1
; \SystemIn

POP ECX
PUSH EAX
; /hObject
CALL DWORD PTR DS:[<&KERNEL32.CloseHandl ; \KERNEL32
TEST EAX,EAX
JNE SHORT 0043C166
CALL DWORD PTR DS:[<&KERNEL32.GetLastErr ; [KERNEL32
MOV EDI,EAX
JMP SHORT 0043C168
XOR EDI,EDI

0043C168 |>
0043C169 |.
fo.00440A1D
0043C16E |.
0043C170 |.
0043C173 |.
0043C17A |.
0043C17D |.
0043C180 |.
0043C181 |.
0043C186 |.
0043C188 |.
0043C18A |.
0043C18B |.
fo.00434423
0043C190 |.
0043C191 |.
0043C194 |.
0043C196 |>
0043C198 |>
0043C199 |.
0043C19A |.
0043C19B \.
0043C19C /$
0043C19E |.
0043C1A3 |.
0043C1A8 |.
0043C1AB |.
0043C1AE |.
0043C1B0 |.
fo.00434410
0043C1B5 |.
0043C1B8 |.
fo.004343FD
0043C1BD |.
0043C1C3 |>
0043C1C6 |.
0043C1CB |>
0043C1CD |.
0043C1CF |.
0043C1D1 |.
0043C1D7 |.
0043C1D9 |>
fo.00434410
0043C1DE |.
0043C1E0 |.
fo.004343FD
0043C1E5 |.
0043C1EB |.
0043C1EC |.
0043C1ED |.
0043C1EE |.
0043C1EF |.
0043C1F0 |.
fo.0042E862
0043C1F5 |.
0043C1F8 |.^
0043C1FA |>
0043C1FC |.
0043C1FF |.

56
E8 AF480000

PUSH ESI
CALL 00440A1D

; /Arg1
; \SystemIn

8BC6
C1F8 05
8B0485 A03745
83E6 1F
C1E6 06
59
C64430 04 00
85FF
74 0C
57
E8 9382FFFF

MOV EAX,ESI
SAR EAX,5
MOV EAX,DWORD PTR DS:[EAX*4+4537A0]
AND ESI,0000001F
SHL ESI,6
POP ECX
MOV BYTE PTR DS:[ESI+EAX+4],0
TEST EDI,EDI
JE SHORT 0043C196
PUSH EDI
CALL 00434423

; /Arg1
; \SystemIn

59
83C8 FF
EB 02
33C0
5F
5E
5D
C3
6A 10
68 28F54400
E8 44C8FFFF
8B45 08
83F8 FE
75 1B
E8 5B82FFFF

POP ECX
OR EAX,FFFFFFFF
JMP SHORT 0043C198
XOR EAX,EAX
POP EDI
POP ESI
POP EBP
RETN
PUSH 10
PUSH OFFSET 0044F528
CALL 004389EC
MOV EAX,DWORD PTR SS:[EBP+8]
CMP EAX,-2
JNE SHORT 0043C1CB
CALL 00434410

; [SystemIn

8320 00
E8 4082FFFF

AND DWORD PTR DS:[EAX],00000000


CALL 004343FD

; [SystemIn

C700 09000000
83C8 FF
E9 8E000000
33FF
3BC7
7C 08
3B05 98374500
72 21
E8 3282FFFF

MOV DWORD PTR DS:[EAX],9


OR EAX,FFFFFFFF
JMP 0043C259
XOR EDI,EDI
CMP EAX,EDI
JL SHORT 0043C1D9
CMP EAX,DWORD PTR DS:[453798]
JB SHORT 0043C1FA
CALL 00434410

; [SystemIn

8938
E8 1882FFFF

MOV DWORD PTR DS:[EAX],EDI


CALL 004343FD

; [SystemIn

C700 09000000
57
57
57
57
57
E8 6D26FFFF

MOV DWORD PTR DS:[EAX],9


PUSH EDI
PUSH EDI
PUSH EDI
PUSH EDI
PUSH EDI
CALL 0042E862

;
;
;
;
;
;

83C4 14
EB C9
8BC8
C1F9 05
8D1C8D A03745

ADD
JMP
MOV
SAR
LEA

ESP,14
SHORT 0043C1C3
ECX,EAX
ECX,5
EBX,[ECX*4+4537A0]

/Arg5
|Arg4
|Arg3
|Arg2
|Arg1
\SystemIn

0043C206 |. 8BF0
0043C208 |. 83E6 1F
0043C20B |. C1E6 06
0043C20E |. 8B0B
0043C210 |. 0FBE4C31 04
0043C215 |. 83E1 01
0043C218 |.^ 74 BF
0043C21A |. 50
0043C21B |. E8 FA480000
0043C220 |. 59
0043C221 |. 897D FC
0043C224 |. 8B03
0043C226 |. F64430 04 01
0043C22B |. 74 0E
0043C22D |. FF75 08
[ARG.EBP+8]
0043C230 |. E8 CBFEFFFF
fo.0043C100
0043C235 |. 59
0043C236 |. 8945 E4
0043C239 |. EB 0F
0043C23B |> E8 BD81FFFF
fo.004343FD
0043C240 |. C700 09000000
0043C246 |. 834D E4 FF
0043C24A |> C745 FC FEFFF
0043C251 |. E8 09000000
0043C256 |. 8B45 E4
0043C259 |> E8 D3C7FFFF
0043C25E \. C3
0043C25F /$ FF75 08
0043C262 |. E8 53490000
0043C267 |. 59
0043C268 \. C3
0043C269 /$ 8BFF
o.0043C269(guessed Arg1)
0043C26B |. 55
0043C26C |. 8BEC
0043C26E |. 33C0
0043C270 |. 3945 08
0043C273 |. 6A 00
ize = 0
0043C275 |. 0F94C0
0043C278 |. 68 00100000
ize = 4096.
0043C27D |. 50
0043C27E |. FF15 E0814400
.HeapCreate
0043C284 |. A3 08324500
0043C289 |. 85C0
0043C28B |. 75 02
0043C28D |. 5D
0043C28E |. C3
0043C28F |> 33C0
0043C291 |. 40
0043C292 |. A3 94374500
0043C297 |. 5D
0043C298 \. C3
0043C299 /$ 8BFF
o.0043C299(guessed Arg1)

MOV ESI,EAX
AND ESI,0000001F
SHL ESI,6
MOV ECX,DWORD PTR DS:[EBX]
MOVSX ECX,BYTE PTR DS:[ESI+ECX+4]
AND ECX,00000001
JE SHORT 0043C1D9
PUSH EAX
CALL 00440B1A
POP ECX
MOV DWORD PTR SS:[EBP-4],EDI
MOV EAX,DWORD PTR DS:[EBX]
TEST BYTE PTR DS:[ESI+EAX+4],01
JE SHORT 0043C23B
PUSH DWORD PTR SS:[EBP+8]

; /Arg1 =>

CALL 0043C100

; \SystemIn

POP ECX
MOV DWORD PTR SS:[EBP-1C],EAX
JMP SHORT 0043C24A
CALL 004343FD

; [SystemIn

MOV DWORD PTR DS:[EAX],9


OR DWORD PTR SS:[EBP-1C],FFFFFFFF
MOV DWORD PTR SS:[EBP-4],-2
CALL 0043C25F
MOV EAX,DWORD PTR SS:[EBP-1C]
CALL 00438A31
RETN
PUSH DWORD PTR SS:[EBP+8]
CALL 00440BBA
POP ECX
RETN
MOV EDI,EDI

; SystemInf

PUSH EBP
MOV EBP,ESP
XOR EAX,EAX
CMP DWORD PTR SS:[ARG.1],EAX
PUSH 0

; /MaximumS

SETE AL
PUSH 1000

; |
; |InitialS

PUSH EAX
; |Flags
CALL DWORD PTR DS:[<&KERNEL32.HeapCreate ; \KERNEL32
MOV DWORD PTR DS:[453208],EAX
TEST EAX,EAX
JNE SHORT 0043C28F
POP EBP
RETN
XOR EAX,EAX
INC EAX
MOV DWORD PTR DS:[453794],EAX
POP EBP
RETN
MOV EDI,EDI

; SystemInf

0043C29B |. 55
PUSH EBP
0043C29C |. 8BEC
MOV EBP,ESP
0043C29E |. 8B0D 7C374500 MOV ECX,DWORD PTR DS:[45377C]
0043C2A4 |. A1 80374500 MOV EAX,DWORD PTR DS:[453780]
0043C2A9 |. 6BC9 14
IMUL ECX,ECX,14
0043C2AC |. 03C8
ADD ECX,EAX
0043C2AE |. EB 11
JMP SHORT 0043C2C1
0043C2B0 |> 8B55 08
/MOV EDX,DWORD PTR SS:[ARG.1]
0043C2B3 |. 2B50 0C
|SUB EDX,DWORD PTR DS:[EAX+0C]
0043C2B6 |. 81FA 00001000 |CMP EDX,100000
0043C2BC |. 72 09
|JB SHORT 0043C2C7
0043C2BE |. 83C0 14
|ADD EAX,14
0043C2C1 |> 3BC1
|CMP EAX,ECX
0043C2C3 |.^ 72 EB
\JB SHORT 0043C2B0
0043C2C5 |. 33C0
XOR EAX,EAX
0043C2C7 |> 5D
POP EBP
0043C2C8 \. C3
RETN
0043C2C9 /$ 8BFF
MOV EDI,EDI
0043C2CB |. 55
PUSH EBP
0043C2CC |. 8BEC
MOV EBP,ESP
0043C2CE |. 83EC 10
SUB ESP,10
0043C2D1 |. 8B4D 08
MOV ECX,DWORD PTR SS:[ARG.1]
0043C2D4 |. 8B41 10
MOV EAX,DWORD PTR DS:[ECX+10]
0043C2D7 |. 56
PUSH ESI
0043C2D8 |. 8B75 0C
MOV ESI,DWORD PTR SS:[ARG.2]
0043C2DB |. 57
PUSH EDI
0043C2DC |. 8BFE
MOV EDI,ESI
0043C2DE |. 2B79 0C
SUB EDI,DWORD PTR DS:[ECX+0C]
0043C2E1 |. 83C6 FC
ADD ESI,-4
0043C2E4 |. C1EF 0F
SHR EDI,0F
0043C2E7 |. 8BCF
MOV ECX,EDI
0043C2E9 |. 69C9 04020000 IMUL ECX,ECX,204
0043C2EF |. 8D8C01 440100 LEA ECX,[EAX+ECX+144]
0043C2F6 |. 894D F0
MOV DWORD PTR SS:[LOCAL.4],ECX
0043C2F9 |. 8B0E
MOV ECX,DWORD PTR DS:[ESI]
0043C2FB |. 49
DEC ECX
0043C2FC |. 894D FC
MOV DWORD PTR SS:[LOCAL.1],ECX
0043C2FF |. F6C1 01
TEST CL,01
0043C302 |. 0F85 D3020000 JNE 0043C5DB
0043C308 |. 53
PUSH EBX
0043C309 |. 8D1C31
LEA EBX,[ESI+ECX]
0043C30C |. 8B13
MOV EDX,DWORD PTR DS:[EBX]
0043C30E |. 8955 F4
MOV DWORD PTR SS:[LOCAL.3],EDX
0043C311 |. 8B56 FC
MOV EDX,DWORD PTR DS:[ESI-4]
0043C314 |. 8955 F8
MOV DWORD PTR SS:[LOCAL.2],EDX
0043C317 |. 8B55 F4
MOV EDX,DWORD PTR SS:[LOCAL.3]
0043C31A |. 895D 0C
MOV DWORD PTR SS:[ARG.2],EBX
0043C31D |. F6C2 01
TEST DL,01
0043C320 |. 75 74
JNE SHORT 0043C396
0043C322 |. C1FA 04
SAR EDX,4
0043C325 |. 4A
DEC EDX
; Switch (c
ases 1..40, 2 exits)
0043C326 |. 83FA 3F
CMP EDX,3F
0043C329 |. 76 03
JBE SHORT 0043C32E
0043C32B |. 6A 3F
PUSH 3F
; Default c
ase of switch SystemInfo.43C325
0043C32D |. 5A
POP EDX
0043C32E |> 8B4B 04
MOV ECX,DWORD PTR DS:[EBX+4]
; Cases 1,
2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, F, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19
, 1A, 1B, 1C, 1D, 1E, 1F, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 2A, 2B, 2C, 2D

, 2E, 2F, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 3A, 3B, 3C, 3D, 3E, 3F, 40 of
swi...
0043C331 |. 3B4B 08
CMP ECX,DWORD PTR DS:[EBX+8]
0043C334 |. 75 42
JNE SHORT 0043C378
0043C336 |. BB 00000080 MOV EBX,80000000
; Switch (c
ases 0..1F, 2 exits)
0043C33B |. 83FA 20
CMP EDX,20
0043C33E |. 73 19
JNB SHORT 0043C359
0043C340 |. 8BCA
MOV ECX,EDX
; Cases 0,
1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, F, 10, 11, 12, 13, 14, 15, 16, 17, 18,
19, 1A, 1B, 1C, 1D, 1E, 1F of switch SystemInfo.43C336
0043C342 |. D3EB
SHR EBX,CL
0043C344 |. 8D4C02 04
LEA ECX,[EAX+EDX+4]
0043C348 |. F7D3
NOT EBX
0043C34A |. 215CB8 44
AND DWORD PTR DS:[EDI*4+EAX+44],EBX
0043C34E |. FE09
DEC BYTE PTR DS:[ECX]
0043C350 |. 75 23
JNE SHORT 0043C375
0043C352 |. 8B4D 08
MOV ECX,DWORD PTR SS:[ARG.1]
0043C355 |. 2119
AND DWORD PTR DS:[ECX],EBX
0043C357 |. EB 1C
JMP SHORT 0043C375
0043C359 |> 8D4A E0
LEA ECX,[EDX-20]
; Default c
ase of switch SystemInfo.43C336
0043C35C |. D3EB
SHR EBX,CL
0043C35E |. 8D4C02 04
LEA ECX,[EAX+EDX+4]
0043C362 |. F7D3
NOT EBX
0043C364 |. 219CB8 C40000 AND DWORD PTR DS:[EDI*4+EAX+0C4],EBX
0043C36B |. FE09
DEC BYTE PTR DS:[ECX]
0043C36D |. 75 06
JNE SHORT 0043C375
0043C36F |. 8B4D 08
MOV ECX,DWORD PTR SS:[ARG.1]
0043C372 |. 2159 04
AND DWORD PTR DS:[ECX+4],EBX
0043C375 |> 8B5D 0C
MOV EBX,DWORD PTR SS:[ARG.2]
0043C378 |> 8B53 08
MOV EDX,DWORD PTR DS:[EBX+8]
0043C37B |. 8B5B 04
MOV EBX,DWORD PTR DS:[EBX+4]
0043C37E |. 8B4D FC
MOV ECX,DWORD PTR SS:[LOCAL.1]
0043C381 |. 034D F4
ADD ECX,DWORD PTR SS:[LOCAL.3]
0043C384 |. 895A 04
MOV DWORD PTR DS:[EDX+4],EBX
0043C387 |. 8B55 0C
MOV EDX,DWORD PTR SS:[ARG.2]
0043C38A |. 8B5A 04
MOV EBX,DWORD PTR DS:[EDX+4]
0043C38D |. 8B52 08
MOV EDX,DWORD PTR DS:[EDX+8]
0043C390 |. 8953 08
MOV DWORD PTR DS:[EBX+8],EDX
0043C393 |. 894D FC
MOV DWORD PTR SS:[LOCAL.1],ECX
0043C396 |> 8BD1
MOV EDX,ECX
0043C398 |. C1FA 04
SAR EDX,4
0043C39B |. 4A
DEC EDX
; Switch (c
ases 1..40, 2 exits)
0043C39C |. 83FA 3F
CMP EDX,3F
0043C39F |. 76 03
JBE SHORT 0043C3A4
0043C3A1 |. 6A 3F
PUSH 3F
; Default c
ase of switch SystemInfo.43C39B
0043C3A3 |. 5A
POP EDX
0043C3A4 |> 8B5D F8
MOV EBX,DWORD PTR SS:[LOCAL.2]
; Cases 1,
2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, F, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19
, 1A, 1B, 1C, 1D, 1E, 1F, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 2A, 2B, 2C, 2D
, 2E, 2F, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 3A, 3B, 3C, 3D, 3E, 3F, 40 of
swi...
0043C3A7 |. 83E3 01
AND EBX,00000001
0043C3AA |. 895D F4
MOV DWORD PTR SS:[LOCAL.3],EBX
0043C3AD |. 0F85 8F000000 JNE 0043C442
0043C3B3 |. 2B75 F8
SUB ESI,DWORD PTR SS:[LOCAL.2]
0043C3B6 |. 8B5D F8
MOV EBX,DWORD PTR SS:[LOCAL.2]

0043C3B9 |. C1FB 04
SAR EBX,4
0043C3BC |. 6A 3F
PUSH 3F
0043C3BE |. 8975 0C
MOV DWORD PTR SS:[ARG.2],ESI
0043C3C1 |. 4B
DEC EBX
0043C3C2 |. 5E
POP ESI
0043C3C3 |. 3BDE
CMP EBX,ESI
0043C3C5 |. 76 02
JBE SHORT 0043C3C9
0043C3C7 |. 8BDE
MOV EBX,ESI
0043C3C9 |> 034D F8
ADD ECX,DWORD PTR SS:[LOCAL.2]
0043C3CC |. 8BD1
MOV EDX,ECX
0043C3CE |. C1FA 04
SAR EDX,4
0043C3D1 |. 4A
DEC EDX
0043C3D2 |. 894D FC
MOV DWORD PTR SS:[LOCAL.1],ECX
0043C3D5 |. 3BD6
CMP EDX,ESI
0043C3D7 |. 76 02
JBE SHORT 0043C3DB
0043C3D9 |. 8BD6
MOV EDX,ESI
0043C3DB |> 3BDA
CMP EBX,EDX
0043C3DD |. 74 5E
JE SHORT 0043C43D
0043C3DF |. 8B4D 0C
MOV ECX,DWORD PTR SS:[ARG.2]
0043C3E2 |. 8B71 04
MOV ESI,DWORD PTR DS:[ECX+4]
0043C3E5 |. 3B71 08
CMP ESI,DWORD PTR DS:[ECX+8]
0043C3E8 |. 75 3B
JNE SHORT 0043C425
0043C3EA |. BE 00000080 MOV ESI,80000000
; Switch (c
ases 0..1F, 2 exits)
0043C3EF |. 83FB 20
CMP EBX,20
0043C3F2 |. 73 17
JNB SHORT 0043C40B
0043C3F4 |. 8BCB
MOV ECX,EBX
; Cases 0,
1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, F, 10, 11, 12, 13, 14, 15, 16, 17, 18,
19, 1A, 1B, 1C, 1D, 1E, 1F of switch SystemInfo.43C3EA
0043C3F6 |. D3EE
SHR ESI,CL
0043C3F8 |. F7D6
NOT ESI
0043C3FA |. 2174B8 44
AND DWORD PTR DS:[EDI*4+EAX+44],ESI
0043C3FE |. FE4C03 04
DEC BYTE PTR DS:[EAX+EBX+4]
0043C402 |. 75 21
JNE SHORT 0043C425
0043C404 |. 8B4D 08
MOV ECX,DWORD PTR SS:[ARG.1]
0043C407 |. 2131
AND DWORD PTR DS:[ECX],ESI
0043C409 |. EB 1A
JMP SHORT 0043C425
0043C40B |> 8D4B E0
LEA ECX,[EBX-20]
; Default c
ase of switch SystemInfo.43C3EA
0043C40E |. D3EE
SHR ESI,CL
0043C410 |. F7D6
NOT ESI
0043C412 |. 21B4B8 C40000 AND DWORD PTR DS:[EDI*4+EAX+0C4],ESI
0043C419 |. FE4C03 04
DEC BYTE PTR DS:[EAX+EBX+4]
0043C41D |. 75 06
JNE SHORT 0043C425
0043C41F |. 8B4D 08
MOV ECX,DWORD PTR SS:[ARG.1]
0043C422 |. 2171 04
AND DWORD PTR DS:[ECX+4],ESI
0043C425 |> 8B4D 0C
MOV ECX,DWORD PTR SS:[ARG.2]
0043C428 |. 8B71 08
MOV ESI,DWORD PTR DS:[ECX+8]
0043C42B |. 8B49 04
MOV ECX,DWORD PTR DS:[ECX+4]
0043C42E |. 894E 04
MOV DWORD PTR DS:[ESI+4],ECX
0043C431 |. 8B4D 0C
MOV ECX,DWORD PTR SS:[ARG.2]
0043C434 |. 8B71 04
MOV ESI,DWORD PTR DS:[ECX+4]
0043C437 |. 8B49 08
MOV ECX,DWORD PTR DS:[ECX+8]
0043C43A |. 894E 08
MOV DWORD PTR DS:[ESI+8],ECX
0043C43D |> 8B75 0C
MOV ESI,DWORD PTR SS:[ARG.2]
0043C440 |. EB 03
JMP SHORT 0043C445
0043C442 |> 8B5D 08
MOV EBX,DWORD PTR SS:[ARG.1]
0043C445 |> 837D F4 00
CMP DWORD PTR SS:[LOCAL.3],0
0043C449 |. 75 08
JNE SHORT 0043C453
0043C44B |. 3BDA
CMP EBX,EDX

0043C44D |. 0F84 80000000


0043C453 |> 8B4D F0
0043C456 |. 8D0CD1
0043C459 |. 8B59 04
0043C45C |. 894E 08
0043C45F |. 895E 04
0043C462 |. 8971 04
0043C465 |. 8B4E 04
0043C468 |. 8971 08
0043C46B |. 8B4E 04
0043C46E |. 3B4E 08
0043C471 |. 75 60
0043C473 |. 8A4C02 04
0043C477 |. 884D 0F
0043C47A |. FEC1
0043C47C |. 884C02 04
0043C480 |. 83FA 20
0043C483 |. 73 25
0043C485 |. 807D 0F 00
0043C489 |. 75 0E
0043C48B |. 8BCA
0043C48D |. BB 00000080
0043C492 |. D3EB
0043C494 |. 8B4D 08
0043C497 |. 0919
0043C499 |> BB 00000080
0043C49E |. 8BCA
0043C4A0 |. D3EB
0043C4A2 |. 8D44B8 44
0043C4A6 |. 0918
0043C4A8 |. EB 29
0043C4AA |> 807D 0F 00
0043C4AE |. 75 10
0043C4B0 |. 8D4A E0
0043C4B3 |. BB 00000080
0043C4B8 |. D3EB
0043C4BA |. 8B4D 08
0043C4BD |. 0959 04
0043C4C0 |> 8D4A E0
0043C4C3 |. BA 00000080
0043C4C8 |. D3EA
0043C4CA |. 8D84B8 C40000
0043C4D1 |. 0910
0043C4D3 |> 8B45 FC
0043C4D6 |. 8906
0043C4D8 |. 894430 FC
0043C4DC |. 8B45 F0
0043C4DF |. FF08
0043C4E1 |. 0F85 F3000000
0043C4E7 |. A1 0C324500
0043C4EC |. 85C0
0043C4EE |. 0F84 D8000000
0043C4F4 |. 8B0D 90374500
0043C4FA |. 8B35 E4814400
0043C500 |. 68 00400000
= MEM_DECOMMIT
0043C505 |. C1E1 0F
0043C508 |. 0348 0C
0043C50B |. BB 00800000
0043C510 |. 53

JE 0043C4D3
MOV ECX,DWORD PTR SS:[LOCAL.4]
LEA ECX,[EDX*8+ECX]
MOV EBX,DWORD PTR DS:[ECX+4]
MOV DWORD PTR DS:[ESI+8],ECX
MOV DWORD PTR DS:[ESI+4],EBX
MOV DWORD PTR DS:[ECX+4],ESI
MOV ECX,DWORD PTR DS:[ESI+4]
MOV DWORD PTR DS:[ECX+8],ESI
MOV ECX,DWORD PTR DS:[ESI+4]
CMP ECX,DWORD PTR DS:[ESI+8]
JNE SHORT 0043C4D3
MOV CL,BYTE PTR DS:[EAX+EDX+4]
MOV BYTE PTR SS:[ARG.2+3],CL
INC CL
MOV BYTE PTR DS:[EAX+EDX+4],CL
CMP EDX,20
JNB SHORT 0043C4AA
CMP BYTE PTR SS:[ARG.2+3],0
JNE SHORT 0043C499
MOV ECX,EDX
MOV EBX,80000000
SHR EBX,CL
MOV ECX,DWORD PTR SS:[ARG.1]
OR DWORD PTR DS:[ECX],EBX
MOV EBX,80000000
MOV ECX,EDX
SHR EBX,CL
LEA EAX,[EDI*4+EAX+44]
OR DWORD PTR DS:[EAX],EBX
JMP SHORT 0043C4D3
CMP BYTE PTR SS:[ARG.2+3],0
JNE SHORT 0043C4C0
LEA ECX,[EDX-20]
MOV EBX,80000000
SHR EBX,CL
MOV ECX,DWORD PTR SS:[ARG.1]
OR DWORD PTR DS:[ECX+4],EBX
LEA ECX,[EDX-20]
MOV EDX,80000000
SHR EDX,CL
LEA EAX,[EDI*4+EAX+0C4]
OR DWORD PTR DS:[EAX],EDX
MOV EAX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR DS:[ESI],EAX
MOV DWORD PTR DS:[ESI+EAX-4],EAX
MOV EAX,DWORD PTR SS:[LOCAL.4]
DEC DWORD PTR DS:[EAX]
JNE 0043C5DA
MOV EAX,DWORD PTR DS:[45320C]
TEST EAX,EAX
JE 0043C5CC
MOV ECX,DWORD PTR DS:[453790]
MOV ESI,DWORD PTR DS:[<&KERNEL32.Virtual
PUSH 4000
; /FreeType
SHL ECX,0F
ADD ECX,DWORD PTR DS:[EAX+0C]
MOV EBX,8000
PUSH EBX

;
;
;
;

|
|
|
|Size =>

32768.
0043C511 |. 51
0043C512 |. FFD6
.VirtualFree
0043C514 |. 8B0D 90374500
0043C51A |. A1 0C324500
0043C51F |. BA 00000080
0043C524 |. D3EA
0043C526 |. 0950 08
0043C529 |. A1 0C324500
0043C52E |. 8B40 10
0043C531 |. 8B0D 90374500
0043C537 |. 83A488 C40000
0043C53F |. A1 0C324500
0043C544 |. 8B40 10
0043C547 |. FE48 43
0043C54A |. A1 0C324500
0043C54F |. 8B48 10
0043C552 |. 8079 43 00
0043C556 |. 75 09
0043C558 |. 8360 04 FE
0043C55C |. A1 0C324500
0043C561 |> 8378 08 FF
0043C565 |. 75 65
0043C567 |. 53
=> MEM_RELEASE
0043C568 |. 6A 00
0043C56A |. FF70 0C
0043C56D |. FFD6
.VirtualFree
0043C56F |. A1 0C324500
0043C574 |. FF70 10
0043C577 |. 6A 00
0
0043C579 |. FF35 08324500
ULL
0043C57F |. FF15 A0804400
.HeapFree
0043C585 |. 8B0D 7C374500
0043C58B |. A1 0C324500
0043C590 |. 6BC9 14
0043C593 |. 8B15 80374500
0043C599 |. 2BC8
0043C59B |. 8D4C11 EC
0043C59F |. 51
0043C5A0 |. 8D48 14
0043C5A3 |. 51
0043C5A4 |. 50
[45320C] = 0
0043C5A5 |. E8 66B0FFFF
fo.00437610
0043C5AA |. 8B45 08
0043C5AD |. 83C4 0C
0043C5B0 |. FF0D 7C374500
0043C5B6 |. 3B05 0C324500
0043C5BC |. 76 04
0043C5BE |. 836D 08 14
0043C5C2 |> A1 80374500
0043C5C7 |. A3 88374500
0043C5CC |> 8B45 08

PUSH ECX
CALL ESI

; |Address
; \KERNEL32

MOV ECX,DWORD PTR DS:[453790]


MOV EAX,DWORD PTR DS:[45320C]
MOV EDX,80000000
SHR EDX,CL
OR DWORD PTR DS:[EAX+8],EDX
MOV EAX,DWORD PTR DS:[45320C]
MOV EAX,DWORD PTR DS:[EAX+10]
MOV ECX,DWORD PTR DS:[453790]
AND DWORD PTR DS:[ECX*4+EAX+0C4],0000000
MOV EAX,DWORD PTR DS:[45320C]
MOV EAX,DWORD PTR DS:[EAX+10]
DEC BYTE PTR DS:[EAX+43]
MOV EAX,DWORD PTR DS:[45320C]
MOV ECX,DWORD PTR DS:[EAX+10]
CMP BYTE PTR DS:[ECX+43],0
JNE SHORT 0043C561
AND DWORD PTR DS:[EAX+4],FFFFFFFE
MOV EAX,DWORD PTR DS:[45320C]
CMP DWORD PTR DS:[EAX+8],-1
JNE SHORT 0043C5CC
PUSH EBX
; /FreeType
PUSH 0
PUSH DWORD PTR DS:[EAX+0C]
CALL ESI

; |Size = 0
; |Address
; \KERNEL32

MOV EAX,DWORD PTR DS:[45320C]


PUSH DWORD PTR DS:[EAX+10]
PUSH 0

; /pMem
; |Flags =

PUSH DWORD PTR DS:[453208]

; |Heap = N

CALL DWORD PTR DS:[<&KERNEL32.HeapFree>] ; \KERNEL32


MOV ECX,DWORD PTR DS:[45377C]
MOV EAX,DWORD PTR DS:[45320C]
IMUL ECX,ECX,14
MOV EDX,DWORD PTR DS:[453780]
SUB ECX,EAX
LEA ECX,[EDX+ECX-14]
PUSH ECX
LEA ECX,[EAX+14]
PUSH ECX
PUSH EAX

;
;
;
;

CALL 00437610

; \SystemIn

MOV
ADD
DEC
CMP
JBE
SUB
MOV
MOV
MOV

EAX,DWORD PTR SS:[ARG.1]


ESP,0C
DWORD PTR DS:[45377C]
EAX,DWORD PTR DS:[45320C]
SHORT 0043C5C2
DWORD PTR SS:[ARG.1],14
EAX,DWORD PTR DS:[453780]
DWORD PTR DS:[453788],EAX
EAX,DWORD PTR SS:[ARG.1]

/Arg3
|
|Arg2
|Arg1 =>

0043C5CF |. A3 0C324500
0043C5D4 |. 893D 90374500
0043C5DA |> 5B
0043C5DB |> 5F
0043C5DC |. 5E
0043C5DD |. C9
0043C5DE \. C3
0043C5DF /$ A1 8C374500
0043C5E4 |. 56
0043C5E5 |. 8B35 7C374500
0043C5EB |. 57
0043C5EC |. 33FF
0043C5EE |. 3BF0
0043C5F0 |. 75 34
0043C5F2 |. 83C0 10
0043C5F5 |. 6BC0 14
0043C5F8 |. 50
0043C5F9 |. FF35 80374500
ULL
0043C5FF |. 57
0
0043C600 |. FF35 08324500
ULL
0043C606 |. FF15 9C804400
lReAllocateHeap
0043C60C |. 3BC7
0043C60E |. 75 04
0043C610 |> 33C0
0043C612 |. EB 78
0043C614 |> 8305 8C374500
0043C61B |. 8B35 7C374500
0043C621 |. A3 80374500
0043C626 |> 6BF6 14
0043C629 |. 0335 80374500
0043C62F |. 68 C4410000
6836.
0043C634 |. 6A 08
HEAP_ZERO_MEMORY
0043C636 |. FF35 08324500
ULL
0043C63C |. FF15 A4804400
lAllocateHeap
0043C642 |. 8946 10
0043C645 |. 3BC7
0043C647 |.^ 74 C7
0043C649 |. 6A 04
= PAGE_READWRITE
0043C64B |. 68 00200000
e = MEM_RESERVE
0043C650 |. 68 00001000
048576.
0043C655 |. 57
=> NULL
0043C656 |. FF15 2C814400
.VirtualAlloc
0043C65C |. 8946 0C
0043C65F |. 3BC7
0043C661 |. 75 12
0043C663 |. FF76 10
0043C666 |. 57

MOV DWORD PTR DS:[45320C],EAX


MOV DWORD PTR DS:[453790],EDI
POP EBX
POP EDI
POP ESI
LEAVE
RETN
MOV EAX,DWORD PTR DS:[45378C]
PUSH ESI
MOV ESI,DWORD PTR DS:[45377C]
PUSH EDI
XOR EDI,EDI
CMP ESI,EAX
JNE SHORT 0043C626
ADD EAX,10
IMUL EAX,EAX,14
PUSH EAX
PUSH DWORD PTR DS:[453780]

; /Size
; |pMem = N

PUSH EDI

; |Flags =>

PUSH DWORD PTR DS:[453208]

; |Heap = N

CALL DWORD PTR DS:[<&KERNEL32.HeapReAllo ; \NTDLL.Rt


CMP EAX,EDI
JNE SHORT 0043C614
XOR EAX,EAX
JMP SHORT 0043C68C
ADD DWORD PTR DS:[45378C],10
MOV ESI,DWORD PTR DS:[45377C]
MOV DWORD PTR DS:[453780],EAX
IMUL ESI,ESI,14
ADD ESI,DWORD PTR DS:[453780]
PUSH 41C4

; /Size = 1

PUSH 8

; |Flags =

PUSH DWORD PTR DS:[453208]

; |Heap = N

CALL DWORD PTR DS:[<&KERNEL32.HeapAlloc> ; \NTDLL.Rt


MOV DWORD PTR DS:[ESI+10],EAX
CMP EAX,EDI
JE SHORT 0043C610
PUSH 4

; /Protect

PUSH 2000

; |AllocTyp

PUSH 100000

; |Size = 1

PUSH EDI

; |Address

CALL DWORD PTR DS:[<&KERNEL32.VirtualAll ; \KERNEL32


MOV DWORD PTR DS:[ESI+0C],EAX
CMP EAX,EDI
JNE SHORT 0043C675
PUSH DWORD PTR DS:[ESI+10]
PUSH EDI

; /pMem
; |Flags =>

0
0043C667 |. FF35 08324500
ULL
0043C66D |. FF15 A0804400
.HeapFree
0043C673 |.^ EB 9B
0043C675 |> 834E 08 FF
0043C679 |. 893E
0043C67B |. 897E 04
0043C67E |. FF05 7C374500
0043C684 |. 8B46 10
0043C687 |. 8308 FF
0043C68A |. 8BC6
0043C68C |> 5F
0043C68D |. 5E
0043C68E \. C3
0043C68F /$ 8BFF
o.0043C68F(guessed Arg1)
0043C691 |. 55
0043C692 |. 8BEC
0043C694 |. 51
0043C695 |. 51
0043C696 |. 8B4D 08
0043C699 |. 8B41 08
0043C69C |. 53
0043C69D |. 56
0043C69E |. 8B71 10
0043C6A1 |. 57
0043C6A2 |. 33DB
0043C6A4 |. EB 03
0043C6A6 |> 03C0
0043C6A8 |. 43
0043C6A9 |> 85C0
0043C6AB |.^ 7D F9
0043C6AD |. 8BC3
0043C6AF |. 69C0 04020000
0043C6B5 |. 8D8430 440100
0043C6BC |. 6A 3F
0043C6BE |. 8945 F8
0043C6C1 |. 5A
0043C6C2 |> 8940 08
0043C6C5 |. 8940 04
0043C6C8 |. 83C0 08
0043C6CB |. 4A
0043C6CC |.^ 75 F4
0043C6CE |. 6A 04
= PAGE_READWRITE
0043C6D0 |. 8BFB
0043C6D2 |. 68 00100000
e = MEM_COMMIT
0043C6D7 |. C1E7 0F
0043C6DA |. 0379 0C
0043C6DD |. 68 00800000
2768.
0043C6E2 |. 57
0043C6E3 |. FF15 2C814400
.VirtualAlloc
0043C6E9 |. 85C0
0043C6EB |. 75 08
0043C6ED |. 83C8 FF

PUSH DWORD PTR DS:[453208]

; |Heap = N

CALL DWORD PTR DS:[<&KERNEL32.HeapFree>] ; \KERNEL32


JMP SHORT 0043C610
OR DWORD PTR DS:[ESI+8],FFFFFFFF
MOV DWORD PTR DS:[ESI],EDI
MOV DWORD PTR DS:[ESI+4],EDI
INC DWORD PTR DS:[45377C]
MOV EAX,DWORD PTR DS:[ESI+10]
OR DWORD PTR DS:[EAX],FFFFFFFF
MOV EAX,ESI
POP EDI
POP ESI
RETN
MOV EDI,EDI

; SystemInf

PUSH EBP
MOV EBP,ESP
PUSH ECX
PUSH ECX
MOV ECX,DWORD PTR SS:[ARG.1]
MOV EAX,DWORD PTR DS:[ECX+8]
PUSH EBX
PUSH ESI
MOV ESI,DWORD PTR DS:[ECX+10]
PUSH EDI
XOR EBX,EBX
JMP SHORT 0043C6A9
/ADD EAX,EAX
|INC EBX
|TEST EAX,EAX
\JGE SHORT 0043C6A6
MOV EAX,EBX
IMUL EAX,EAX,204
LEA EAX,[ESI+EAX+144]
PUSH 3F
MOV DWORD PTR SS:[LOCAL.2],EAX
POP EDX
/MOV DWORD PTR DS:[EAX+8],EAX
|MOV DWORD PTR DS:[EAX+4],EAX
|ADD EAX,8
|DEC EDX
\JNE SHORT 0043C6C2
PUSH 4

; /Protect

MOV EDI,EBX
PUSH 1000

; |
; |AllocTyp

SHL EDI,0F
ADD EDI,DWORD PTR DS:[ECX+0C]
PUSH 8000

; |
; |
; |Size = 3

PUSH EDI
; |Address
CALL DWORD PTR DS:[<&KERNEL32.VirtualAll ; \KERNEL32
TEST EAX,EAX
JNE SHORT 0043C6F5
OR EAX,FFFFFFFF

0043C6F0 |. E9 9D000000 JMP 0043C792


0043C6F5 |> 8D97 00700000 LEA EDX,[EDI+7000]
0043C6FB |. 8955 FC
MOV DWORD PTR SS:[LOCAL.1],EDX
0043C6FE |. 3BFA
CMP EDI,EDX
0043C700 |. 77 43
JA SHORT 0043C745
0043C702 |. 8BCA
MOV ECX,EDX
0043C704 |. 2BCF
SUB ECX,EDI
0043C706 |. C1E9 0C
SHR ECX,0C
0043C709 |. 8D47 10
LEA EAX,[EDI+10]
0043C70C |. 41
INC ECX
0043C70D |> 8348 F8 FF
/OR DWORD PTR DS:[EAX-8],FFFFFFFF
0043C711 |. 8388 EC0F0000 |OR DWORD PTR DS:[EAX+0FEC],FFFFFFFF
0043C718 |. 8D90 FC0F0000 |LEA EDX,[EAX+0FFC]
0043C71E |. 8910
|MOV DWORD PTR DS:[EAX],EDX
0043C720 |. 8D90 FCEFFFFF |LEA EDX,[EAX-1004]
0043C726 |. C740 FC F00F0 |MOV DWORD PTR DS:[EAX-4],0FF0
0043C72D |. 8950 04
|MOV DWORD PTR DS:[EAX+4],EDX
0043C730 |. C780 E80F0000 |MOV DWORD PTR DS:[EAX+0FE8],0FF0
0043C73A |. 05 00100000 |ADD EAX,1000
0043C73F |. 49
|DEC ECX
0043C740 |.^ 75 CB
\JNE SHORT 0043C70D
0043C742 |. 8B55 FC
MOV EDX,DWORD PTR SS:[LOCAL.1]
0043C745 |> 8B45 F8
MOV EAX,DWORD PTR SS:[LOCAL.2]
0043C748 |. 05 F8010000 ADD EAX,1F8
0043C74D |. 8D4F 0C
LEA ECX,[EDI+0C]
0043C750 |. 8948 04
MOV DWORD PTR DS:[EAX+4],ECX
0043C753 |. 8941 08
MOV DWORD PTR DS:[ECX+8],EAX
0043C756 |. 8D4A 0C
LEA ECX,[EDX+0C]
0043C759 |. 8948 08
MOV DWORD PTR DS:[EAX+8],ECX
0043C75C |. 8941 04
MOV DWORD PTR DS:[ECX+4],EAX
0043C75F |. 83649E 44 00 AND DWORD PTR DS:[EBX*4+ESI+44],00000000
0043C764 |. 33FF
XOR EDI,EDI
0043C766 |. 47
INC EDI
0043C767 |. 89BC9E C40000 MOV DWORD PTR DS:[EBX*4+ESI+0C4],EDI
0043C76E |. 8A46 43
MOV AL,BYTE PTR DS:[ESI+43]
0043C771 |. 8AC8
MOV CL,AL
0043C773 |. FEC1
INC CL
0043C775 |. 84C0
TEST AL,AL
0043C777 |. 8B45 08
MOV EAX,DWORD PTR SS:[ARG.1]
0043C77A |. 884E 43
MOV BYTE PTR DS:[ESI+43],CL
0043C77D |. 75 03
JNE SHORT 0043C782
0043C77F |. 0978 04
OR DWORD PTR DS:[EAX+4],EDI
0043C782 |> BA 00000080 MOV EDX,80000000
0043C787 |. 8BCB
MOV ECX,EBX
0043C789 |. D3EA
SHR EDX,CL
0043C78B |. F7D2
NOT EDX
0043C78D |. 2150 08
AND DWORD PTR DS:[EAX+8],EDX
0043C790 |. 8BC3
MOV EAX,EBX
0043C792 |> 5F
POP EDI
0043C793 |. 5E
POP ESI
0043C794 |. 5B
POP EBX
0043C795 |. C9
LEAVE
0043C796 \. C3
RETN
0043C797 /$ 8BFF
MOV EDI,EDI
; SystemInf
o.0043C797(guessed Arg1,Arg2,Arg3)
0043C799 |. 55
PUSH EBP
0043C79A |. 8BEC
MOV EBP,ESP
0043C79C |. 83EC 0C
SUB ESP,0C
0043C79F |. 8B4D 08
MOV ECX,DWORD PTR SS:[ARG.1]
0043C7A2 |. 8B41 10
MOV EAX,DWORD PTR DS:[ECX+10]

0043C7A5 |. 53
PUSH EBX
0043C7A6 |. 56
PUSH ESI
0043C7A7 |. 8B75 10
MOV ESI,DWORD PTR SS:[ARG.3]
0043C7AA |. 57
PUSH EDI
0043C7AB |. 8B7D 0C
MOV EDI,DWORD PTR SS:[ARG.2]
0043C7AE |. 8BD7
MOV EDX,EDI
0043C7B0 |. 2B51 0C
SUB EDX,DWORD PTR DS:[ECX+0C]
0043C7B3 |. 83C6 17
ADD ESI,17
0043C7B6 |. C1EA 0F
SHR EDX,0F
0043C7B9 |. 8BCA
MOV ECX,EDX
0043C7BB |. 69C9 04020000 IMUL ECX,ECX,204
0043C7C1 |. 8D8C01 440100 LEA ECX,[EAX+ECX+144]
0043C7C8 |. 894D F4
MOV DWORD PTR SS:[LOCAL.3],ECX
0043C7CB |. 8B4F FC
MOV ECX,DWORD PTR DS:[EDI-4]
0043C7CE |. 83E6 F0
AND ESI,FFFFFFF0
0043C7D1 |. 49
DEC ECX
0043C7D2 |. 3BF1
CMP ESI,ECX
0043C7D4 |. 8D7C39 FC
LEA EDI,[EDI+ECX-4]
0043C7D8 |. 8B1F
MOV EBX,DWORD PTR DS:[EDI]
0043C7DA |. 894D 10
MOV DWORD PTR SS:[ARG.3],ECX
0043C7DD |. 895D FC
MOV DWORD PTR SS:[LOCAL.1],EBX
0043C7E0 |. 0F8E 55010000 JLE 0043C93B
0043C7E6 |. F6C3 01
TEST BL,01
0043C7E9 |. 0F85 45010000 JNE 0043C934
0043C7EF |. 03D9
ADD EBX,ECX
0043C7F1 |. 3BF3
CMP ESI,EBX
0043C7F3 |. 0F8F 3B010000 JG 0043C934
0043C7F9 |. 8B4D FC
MOV ECX,DWORD PTR SS:[LOCAL.1]
0043C7FC |. C1F9 04
SAR ECX,4
0043C7FF |. 49
DEC ECX
; Switch (c
ases 1..40, 2 exits)
0043C800 |. 894D F8
MOV DWORD PTR SS:[LOCAL.2],ECX
0043C803 |. 83F9 3F
CMP ECX,3F
0043C806 |. 76 06
JBE SHORT 0043C80E
0043C808 |. 6A 3F
PUSH 3F
; Default c
ase of switch SystemInfo.43C7FF
0043C80A |. 59
POP ECX
0043C80B |. 894D F8
MOV DWORD PTR SS:[LOCAL.2],ECX
0043C80E |> 8B5F 04
MOV EBX,DWORD PTR DS:[EDI+4]
; Cases 1,
2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, F, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19
, 1A, 1B, 1C, 1D, 1E, 1F, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 2A, 2B, 2C, 2D
, 2E, 2F, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 3A, 3B, 3C, 3D, 3E, 3F, 40 of
swi...
0043C811 |. 3B5F 08
CMP EBX,DWORD PTR DS:[EDI+8]
0043C814 |. 75 43
JNE SHORT 0043C859
0043C816 |. BB 00000080 MOV EBX,80000000
; Switch (c
ases 0..1F, 2 exits)
0043C81B |. 83F9 20
CMP ECX,20
0043C81E |. 73 1A
JNB SHORT 0043C83A
0043C820 |. D3EB
SHR EBX,CL
; Cases 0,
1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, F, 10, 11, 12, 13, 14, 15, 16, 17, 18,
19, 1A, 1B, 1C, 1D, 1E, 1F of switch SystemInfo.43C816
0043C822 |. 8B4D F8
MOV ECX,DWORD PTR SS:[LOCAL.2]
0043C825 |. 8D4C01 04
LEA ECX,[EAX+ECX+4]
0043C829 |. F7D3
NOT EBX
0043C82B |. 215C90 44
AND DWORD PTR DS:[EDX*4+EAX+44],EBX
0043C82F |. FE09
DEC BYTE PTR DS:[ECX]
0043C831 |. 75 26
JNE SHORT 0043C859
0043C833 |. 8B4D 08
MOV ECX,DWORD PTR SS:[ARG.1]
0043C836 |. 2119
AND DWORD PTR DS:[ECX],EBX

0043C838 |. EB 1F
JMP SHORT 0043C859
0043C83A |> 83C1 E0
ADD ECX,-20
; Default c
ase of switch SystemInfo.43C816
0043C83D |. D3EB
SHR EBX,CL
0043C83F |. 8B4D F8
MOV ECX,DWORD PTR SS:[LOCAL.2]
0043C842 |. 8D4C01 04
LEA ECX,[EAX+ECX+4]
0043C846 |. F7D3
NOT EBX
0043C848 |. 219C90 C40000 AND DWORD PTR DS:[EDX*4+EAX+0C4],EBX
0043C84F |. FE09
DEC BYTE PTR DS:[ECX]
0043C851 |. 75 06
JNE SHORT 0043C859
0043C853 |. 8B4D 08
MOV ECX,DWORD PTR SS:[ARG.1]
0043C856 |. 2159 04
AND DWORD PTR DS:[ECX+4],EBX
0043C859 |> 8B4F 08
MOV ECX,DWORD PTR DS:[EDI+8]
0043C85C |. 8B5F 04
MOV EBX,DWORD PTR DS:[EDI+4]
0043C85F |. 8959 04
MOV DWORD PTR DS:[ECX+4],EBX
0043C862 |. 8B4F 04
MOV ECX,DWORD PTR DS:[EDI+4]
0043C865 |. 8B7F 08
MOV EDI,DWORD PTR DS:[EDI+8]
0043C868 |. 8979 08
MOV DWORD PTR DS:[ECX+8],EDI
0043C86B |. 8B4D 10
MOV ECX,DWORD PTR SS:[ARG.3]
0043C86E |. 2BCE
SUB ECX,ESI
0043C870 |. 014D FC
ADD DWORD PTR SS:[LOCAL.1],ECX
0043C873 |. 837D FC 00
CMP DWORD PTR SS:[LOCAL.1],0
0043C877 |. 0F8E A5000000 JLE 0043C922
0043C87D |. 8B7D FC
MOV EDI,DWORD PTR SS:[LOCAL.1]
0043C880 |. 8B4D 0C
MOV ECX,DWORD PTR SS:[ARG.2]
0043C883 |. C1FF 04
SAR EDI,4
0043C886 |. 4F
DEC EDI
; Switch (c
ases 1..40, 2 exits)
0043C887 |. 8D4C31 FC
LEA ECX,[ESI+ECX-4]
0043C88B |. 83FF 3F
CMP EDI,3F
0043C88E |. 76 03
JBE SHORT 0043C893
0043C890 |. 6A 3F
PUSH 3F
; Default c
ase of switch SystemInfo.43C886
0043C892 |. 5F
POP EDI
0043C893 |> 8B5D F4
MOV EBX,DWORD PTR SS:[LOCAL.3]
; Cases 1,
2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, F, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19
, 1A, 1B, 1C, 1D, 1E, 1F, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 2A, 2B, 2C, 2D
, 2E, 2F, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 3A, 3B, 3C, 3D, 3E, 3F, 40 of
swi...
0043C896 |. 8D1CFB
LEA EBX,[EDI*8+EBX]
0043C899 |. 895D 10
MOV DWORD PTR SS:[ARG.3],EBX
0043C89C |. 8B5B 04
MOV EBX,DWORD PTR DS:[EBX+4]
0043C89F |. 8959 04
MOV DWORD PTR DS:[ECX+4],EBX
0043C8A2 |. 8B5D 10
MOV EBX,DWORD PTR SS:[ARG.3]
0043C8A5 |. 8959 08
MOV DWORD PTR DS:[ECX+8],EBX
0043C8A8 |. 894B 04
MOV DWORD PTR DS:[EBX+4],ECX
0043C8AB |. 8B59 04
MOV EBX,DWORD PTR DS:[ECX+4]
0043C8AE |. 894B 08
MOV DWORD PTR DS:[EBX+8],ECX
0043C8B1 |. 8B59 04
MOV EBX,DWORD PTR DS:[ECX+4]
0043C8B4 |. 3B59 08
CMP EBX,DWORD PTR DS:[ECX+8]
0043C8B7 |. 75 57
JNE SHORT 0043C910
0043C8B9 |. 8A4C07 04
MOV CL,BYTE PTR DS:[EAX+EDI+4]
0043C8BD |. 884D 13
MOV BYTE PTR SS:[ARG.3+3],CL
0043C8C0 |. FEC1
INC CL
0043C8C2 |. 884C07 04
MOV BYTE PTR DS:[EAX+EDI+4],CL
0043C8C6 |. 83FF 20
CMP EDI,20
0043C8C9 |. 73 1C
JNB SHORT 0043C8E7
0043C8CB |. 807D 13 00
CMP BYTE PTR SS:[ARG.3+3],0
0043C8CF |. 75 0E
JNE SHORT 0043C8DF
0043C8D1 |. 8BCF
MOV ECX,EDI

0043C8D3 |. BB 00000080 MOV EBX,80000000


0043C8D8 |. D3EB
SHR EBX,CL
0043C8DA |. 8B4D 08
MOV ECX,DWORD PTR SS:[ARG.1]
0043C8DD |. 0919
OR DWORD PTR DS:[ECX],EBX
0043C8DF |> 8D4490 44
LEA EAX,[EDX*4+EAX+44]
0043C8E3 |. 8BCF
MOV ECX,EDI
0043C8E5 |. EB 20
JMP SHORT 0043C907
0043C8E7 |> 807D 13 00
CMP BYTE PTR SS:[ARG.3+3],0
0043C8EB |. 75 10
JNE SHORT 0043C8FD
0043C8ED |. 8D4F E0
LEA ECX,[EDI-20]
0043C8F0 |. BB 00000080 MOV EBX,80000000
0043C8F5 |. D3EB
SHR EBX,CL
0043C8F7 |. 8B4D 08
MOV ECX,DWORD PTR SS:[ARG.1]
0043C8FA |. 0959 04
OR DWORD PTR DS:[ECX+4],EBX
0043C8FD |> 8D8490 C40000 LEA EAX,[EDX*4+EAX+0C4]
0043C904 |. 8D4F E0
LEA ECX,[EDI-20]
0043C907 |> BA 00000080 MOV EDX,80000000
0043C90C |. D3EA
SHR EDX,CL
0043C90E |. 0910
OR DWORD PTR DS:[EAX],EDX
0043C910 |> 8B55 0C
MOV EDX,DWORD PTR SS:[ARG.2]
0043C913 |. 8B4D FC
MOV ECX,DWORD PTR SS:[LOCAL.1]
0043C916 |. 8D4432 FC
LEA EAX,[ESI+EDX-4]
0043C91A |. 8908
MOV DWORD PTR DS:[EAX],ECX
0043C91C |. 894C01 FC
MOV DWORD PTR DS:[EAX+ECX-4],ECX
0043C920 |. EB 03
JMP SHORT 0043C925
0043C922 |> 8B55 0C
MOV EDX,DWORD PTR SS:[ARG.2]
0043C925 |> 8D46 01
LEA EAX,[ESI+1]
0043C928 |. 8942 FC
MOV DWORD PTR DS:[EDX-4],EAX
0043C92B |. 894432 F8
MOV DWORD PTR DS:[ESI+EDX-8],EAX
0043C92F |. E9 3C010000 JMP 0043CA70
0043C934 |> 33C0
XOR EAX,EAX
0043C936 |. E9 38010000 JMP 0043CA73
0043C93B |> 0F8D 2F010000 JGE 0043CA70
0043C941 |. 8B5D 0C
MOV EBX,DWORD PTR SS:[ARG.2]
0043C944 |. 2975 10
SUB DWORD PTR SS:[ARG.3],ESI
0043C947 |. 8D4E 01
LEA ECX,[ESI+1]
0043C94A |. 894B FC
MOV DWORD PTR DS:[EBX-4],ECX
0043C94D |. 8D5C33 FC
LEA EBX,[ESI+EBX-4]
0043C951 |. 8B75 10
MOV ESI,DWORD PTR SS:[ARG.3]
0043C954 |. C1FE 04
SAR ESI,4
0043C957 |. 4E
DEC ESI
; Switch (c
ases 1..40, 2 exits)
0043C958 |. 895D 0C
MOV DWORD PTR SS:[ARG.2],EBX
0043C95B |. 894B FC
MOV DWORD PTR DS:[EBX-4],ECX
0043C95E |. 83FE 3F
CMP ESI,3F
0043C961 |. 76 03
JBE SHORT 0043C966
0043C963 |. 6A 3F
PUSH 3F
; Default c
ase of switch SystemInfo.43C957
0043C965 |. 5E
POP ESI
0043C966 |> F645 FC 01
TEST BYTE PTR SS:[LOCAL.1],01
; Cases 1,
2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, F, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19
, 1A, 1B, 1C, 1D, 1E, 1F, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 2A, 2B, 2C, 2D
, 2E, 2F, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 3A, 3B, 3C, 3D, 3E, 3F, 40 of
swi...
0043C96A |. 0F85 80000000 JNE 0043C9F0
0043C970 |. 8B75 FC
MOV ESI,DWORD PTR SS:[LOCAL.1]
0043C973 |. C1FE 04
SAR ESI,4
0043C976 |. 4E
DEC ESI
; Switch (c
ases 1..40, 2 exits)
0043C977 |. 83FE 3F
CMP ESI,3F

0043C97A |. 76 03
JBE SHORT 0043C97F
0043C97C |. 6A 3F
PUSH 3F
; Default c
ase of switch SystemInfo.43C976
0043C97E |. 5E
POP ESI
0043C97F |> 8B4F 04
MOV ECX,DWORD PTR DS:[EDI+4]
; Cases 1,
2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, F, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19
, 1A, 1B, 1C, 1D, 1E, 1F, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 2A, 2B, 2C, 2D
, 2E, 2F, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 3A, 3B, 3C, 3D, 3E, 3F, 40 of
swi...
0043C982 |. 3B4F 08
CMP ECX,DWORD PTR DS:[EDI+8]
0043C985 |. 75 42
JNE SHORT 0043C9C9
0043C987 |. BB 00000080 MOV EBX,80000000
; Switch (c
ases 0..1F, 2 exits)
0043C98C |. 83FE 20
CMP ESI,20
0043C98F |. 73 19
JNB SHORT 0043C9AA
0043C991 |. 8BCE
MOV ECX,ESI
; Cases 0,
1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, F, 10, 11, 12, 13, 14, 15, 16, 17, 18,
19, 1A, 1B, 1C, 1D, 1E, 1F of switch SystemInfo.43C987
0043C993 |. D3EB
SHR EBX,CL
0043C995 |. 8D7406 04
LEA ESI,[EAX+ESI+4]
0043C999 |. F7D3
NOT EBX
0043C99B |. 215C90 44
AND DWORD PTR DS:[EDX*4+EAX+44],EBX
0043C99F |. FE0E
DEC BYTE PTR DS:[ESI]
0043C9A1 |. 75 23
JNE SHORT 0043C9C6
0043C9A3 |. 8B4D 08
MOV ECX,DWORD PTR SS:[ARG.1]
0043C9A6 |. 2119
AND DWORD PTR DS:[ECX],EBX
0043C9A8 |. EB 1C
JMP SHORT 0043C9C6
0043C9AA |> 8D4E E0
LEA ECX,[ESI-20]
; Default c
ase of switch SystemInfo.43C987
0043C9AD |. D3EB
SHR EBX,CL
0043C9AF |. 8D4C06 04
LEA ECX,[EAX+ESI+4]
0043C9B3 |. F7D3
NOT EBX
0043C9B5 |. 219C90 C40000 AND DWORD PTR DS:[EDX*4+EAX+0C4],EBX
0043C9BC |. FE09
DEC BYTE PTR DS:[ECX]
0043C9BE |. 75 06
JNE SHORT 0043C9C6
0043C9C0 |. 8B4D 08
MOV ECX,DWORD PTR SS:[ARG.1]
0043C9C3 |. 2159 04
AND DWORD PTR DS:[ECX+4],EBX
0043C9C6 |> 8B5D 0C
MOV EBX,DWORD PTR SS:[ARG.2]
0043C9C9 |> 8B4F 08
MOV ECX,DWORD PTR DS:[EDI+8]
0043C9CC |. 8B77 04
MOV ESI,DWORD PTR DS:[EDI+4]
0043C9CF |. 8971 04
MOV DWORD PTR DS:[ECX+4],ESI
0043C9D2 |. 8B77 08
MOV ESI,DWORD PTR DS:[EDI+8]
0043C9D5 |. 8B4F 04
MOV ECX,DWORD PTR DS:[EDI+4]
0043C9D8 |. 8971 08
MOV DWORD PTR DS:[ECX+8],ESI
0043C9DB |. 8B75 10
MOV ESI,DWORD PTR SS:[ARG.3]
0043C9DE |. 0375 FC
ADD ESI,DWORD PTR SS:[LOCAL.1]
0043C9E1 |. 8975 10
MOV DWORD PTR SS:[ARG.3],ESI
0043C9E4 |. C1FE 04
SAR ESI,4
0043C9E7 |. 4E
DEC ESI
; Switch (c
ases 1..40, 2 exits)
0043C9E8 |. 83FE 3F
CMP ESI,3F
0043C9EB |. 76 03
JBE SHORT 0043C9F0
0043C9ED |. 6A 3F
PUSH 3F
; Default c
ase of switch SystemInfo.43C9E7
0043C9EF |. 5E
POP ESI
0043C9F0 |> 8B4D F4
MOV ECX,DWORD PTR SS:[LOCAL.3]
; Cases 1,
2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, F, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19
, 1A, 1B, 1C, 1D, 1E, 1F, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 2A, 2B, 2C, 2D
, 2E, 2F, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 3A, 3B, 3C, 3D, 3E, 3F, 40 of
swi...

0043C9F3 |. 8D0CF1
0043C9F6 |. 8B79 04
0043C9F9 |. 894B 08
0043C9FC |. 897B 04
0043C9FF |. 8959 04
0043CA02 |. 8B4B 04
0043CA05 |. 8959 08
0043CA08 |. 8B4B 04
0043CA0B |. 3B4B 08
0043CA0E |. 75 57
0043CA10 |. 8A4C06 04
0043CA14 |. 884D 0F
0043CA17 |. FEC1
0043CA19 |. 884C06 04
0043CA1D |. 83FE 20
0043CA20 |. 73 1C
0043CA22 |. 807D 0F 00
0043CA26 |. 75 0E
0043CA28 |. 8BCE
0043CA2A |. BF 00000080
0043CA2F |. D3EF
0043CA31 |. 8B4D 08
0043CA34 |. 0939
0043CA36 |> 8D4490 44
0043CA3A |. 8BCE
0043CA3C |. EB 20
0043CA3E |> 807D 0F 00
0043CA42 |. 75 10
0043CA44 |. 8D4E E0
0043CA47 |. BF 00000080
0043CA4C |. D3EF
0043CA4E |. 8B4D 08
0043CA51 |. 0979 04
0043CA54 |> 8D8490 C40000
0043CA5B |. 8D4E E0
0043CA5E |> BA 00000080
0043CA63 |. D3EA
0043CA65 |. 0910
0043CA67 |> 8B45 10
0043CA6A |. 8903
0043CA6C |. 894418 FC
0043CA70 |> 33C0
0043CA72 |. 40
0043CA73 |> 5F
0043CA74 |. 5E
0043CA75 |. 5B
0043CA76 |. C9
0043CA77 \. C3
0043CA78 /$ 8BFF
o.0043CA78(guessed Arg1)
0043CA7A |. 55
0043CA7B |. 8BEC
0043CA7D |. 83EC 14
0043CA80 |. A1 7C374500
0043CA85 |. 8B4D 08
0043CA88 |. 6BC0 14
0043CA8B |. 0305 80374500
0043CA91 |. 83C1 17
0043CA94 |. 83E1 F0
0043CA97 |. 894D F0

LEA ECX,[ESI*8+ECX]
MOV EDI,DWORD PTR DS:[ECX+4]
MOV DWORD PTR DS:[EBX+8],ECX
MOV DWORD PTR DS:[EBX+4],EDI
MOV DWORD PTR DS:[ECX+4],EBX
MOV ECX,DWORD PTR DS:[EBX+4]
MOV DWORD PTR DS:[ECX+8],EBX
MOV ECX,DWORD PTR DS:[EBX+4]
CMP ECX,DWORD PTR DS:[EBX+8]
JNE SHORT 0043CA67
MOV CL,BYTE PTR DS:[EAX+ESI+4]
MOV BYTE PTR SS:[ARG.2+3],CL
INC CL
MOV BYTE PTR DS:[EAX+ESI+4],CL
CMP ESI,20
JNB SHORT 0043CA3E
CMP BYTE PTR SS:[ARG.2+3],0
JNE SHORT 0043CA36
MOV ECX,ESI
MOV EDI,80000000
SHR EDI,CL
MOV ECX,DWORD PTR SS:[ARG.1]
OR DWORD PTR DS:[ECX],EDI
LEA EAX,[EDX*4+EAX+44]
MOV ECX,ESI
JMP SHORT 0043CA5E
CMP BYTE PTR SS:[ARG.2+3],0
JNE SHORT 0043CA54
LEA ECX,[ESI-20]
MOV EDI,80000000
SHR EDI,CL
MOV ECX,DWORD PTR SS:[ARG.1]
OR DWORD PTR DS:[ECX+4],EDI
LEA EAX,[EDX*4+EAX+0C4]
LEA ECX,[ESI-20]
MOV EDX,80000000
SHR EDX,CL
OR DWORD PTR DS:[EAX],EDX
MOV EAX,DWORD PTR SS:[ARG.3]
MOV DWORD PTR DS:[EBX],EAX
MOV DWORD PTR DS:[EBX+EAX-4],EAX
XOR EAX,EAX
INC EAX
POP EDI
POP ESI
POP EBX
LEAVE
RETN
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
SUB ESP,14
MOV EAX,DWORD PTR DS:[45377C]
MOV ECX,DWORD PTR SS:[ARG.1]
IMUL EAX,EAX,14
ADD EAX,DWORD PTR DS:[453780]
ADD ECX,17
AND ECX,FFFFFFF0
MOV DWORD PTR SS:[LOCAL.4],ECX

; SystemInf

0043CA9A
0043CA9D
0043CA9E
0043CA9F
0043CAA2
0043CAA3
0043CAA4
0043CAA6
0043CAA9
0043CAAB
0043CAAF
0043CAB1
0043CAB4
0043CAB7
0043CAB9
0043CABB
0043CABE
0043CAC4
0043CAC6
0043CAC8
0043CACB
0043CACD
0043CAD0
0043CAD2
0043CAD4
0043CAD6
0043CAD9
0043CADC
0043CADE
0043CAE0
0043CAE2
0043CAE4
0043CAEA
0043CAEC
0043CAEF
0043CAF1
0043CAF4
0043CAF6
0043CAF8
0043CAFA
0043CAFD
0043CB00
0043CB02
0043CB04
0043CB06
0043CB08
0043CB0A
0043CB0E
0043CB10
0043CB13
0043CB16
0043CB18
0043CB1A
0043CB1C
0043CB1E
0043CB24
0043CB26
0043CB2A
0043CB2C
0043CB2F

|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|>
|.
|.
|>
|.
|.
|.
|.
|.
|.
|>
|.
|.^
|>
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|>
|.
|.^
|>
|.
|.
|>
|.
|.
|.
|>
|.^
|>
|.
|.
|.
|>
|.
|.
|>

C1F9 04
53
49
83F9 20
56
57
7D 0B
83CE FF
D3EE
834D F8 FF
EB 0D
83C1 E0
83CA FF
33F6
D3EA
8955 F8
8B0D 88374500
8BD9
EB 11
8B53 04
8B3B
2355 F8
23FE
0BD7
75 0A
83C3 14
895D 08
3BD8
72 E8
3BD8
75 7F
8B1D 80374500
EB 11
8B53 04
8B3B
2355 F8
23FE
0BD7
75 0A
83C3 14
895D 08
3BD9
72 E8
3BD9
75 5B
EB 0C
837B 08 00
75 0A
83C3 14
895D 08
3BD8
72 F0
3BD8
75 31
8B1D 80374500
EB 09
837B 08 00
75 0A
83C3 14
895D 08

SAR ECX,4
PUSH EBX
DEC ECX
CMP ECX,20
PUSH ESI
PUSH EDI
JGE SHORT 0043CAB1
OR ESI,FFFFFFFF
SHR ESI,CL
OR DWORD PTR SS:[LOCAL.2],FFFFFFFF
JMP SHORT 0043CABE
ADD ECX,-20
OR EDX,FFFFFFFF
XOR ESI,ESI
SHR EDX,CL
MOV DWORD PTR SS:[LOCAL.2],EDX
MOV ECX,DWORD PTR DS:[453788]
MOV EBX,ECX
JMP SHORT 0043CAD9
/MOV EDX,DWORD PTR DS:[EBX+4]
|MOV EDI,DWORD PTR DS:[EBX]
|AND EDX,DWORD PTR SS:[LOCAL.2]
|AND EDI,ESI
|OR EDX,EDI
|JNE SHORT 0043CAE0
|ADD EBX,14
|MOV DWORD PTR SS:[ARG.1],EBX
|CMP EBX,EAX
\JB SHORT 0043CAC8
CMP EBX,EAX
JNE SHORT 0043CB63
MOV EBX,DWORD PTR DS:[453780]
JMP SHORT 0043CAFD
/MOV EDX,DWORD PTR DS:[EBX+4]
|MOV EDI,DWORD PTR DS:[EBX]
|AND EDX,DWORD PTR SS:[LOCAL.2]
|AND EDI,ESI
|OR EDX,EDI
|JNE SHORT 0043CB04
|ADD EBX,14
|MOV DWORD PTR SS:[ARG.1],EBX
|CMP EBX,ECX
\JB SHORT 0043CAEC
CMP EBX,ECX
JNE SHORT 0043CB63
JMP SHORT 0043CB16
/CMP DWORD PTR DS:[EBX+8],0
|JNE SHORT 0043CB1A
|ADD EBX,14
|MOV DWORD PTR SS:[ARG.1],EBX
|CMP EBX,EAX
\JB SHORT 0043CB0A
CMP EBX,EAX
JNE SHORT 0043CB4F
MOV EBX,DWORD PTR DS:[453780]
JMP SHORT 0043CB2F
/CMP DWORD PTR DS:[EBX+8],0
|JNE SHORT 0043CB36
|ADD EBX,14
|MOV DWORD PTR SS:[ARG.1],EBX

0043CB32 |.
0043CB34 |.^
0043CB36 |>
0043CB38 |.
0043CB3A |.
0043CB3F |.
0043CB41 |.
0043CB44 |.
0043CB46 |.
0043CB48 |>
0043CB4A |.
0043CB4F |>
0043CB50 |.
fo.0043C68F
0043CB55 |.
0043CB56 |.
0043CB59 |.
0043CB5B |.
0043CB5E |.
0043CB61 |.^
0043CB63 |>
0043CB69 |.
0043CB6C |.
0043CB6E |.
0043CB71 |.
0043CB74 |.
0043CB76 |.
0043CB7D |.
0043CB81 |.
0043CB84 |.
0043CB86 |.
0043CB88 |.
0043CB8A |>
0043CB8E |.
0043CB94 |.
0043CB97 |>
0043CB99 |.
0043CB9C |.
0043CB9E |.
0043CBA0 |.
0043CBA2 |.
0043CBA5 |.
0043CBAB |.
0043CBAE |.^
0043CBB0 |>
0043CBB3 |>
0043CBB5 |.
0043CBBB |.
0043CBC2 |.
0043CBC5 |.
0043CBC9 |.
0043CBCB |.
0043CBCD |.
0043CBCF |.
0043CBD6 |.
0043CBD9 |.
0043CBDB |.
0043CBDC |.
0043CBDE |>
0043CBE0 |.

3BD9
72 F0
3BD9
75 15
E8 A0FAFFFF
8BD8
895D 08
85DB
75 07
33C0
E9 09020000
53
E8 3AFBFFFF

|CMP EBX,ECX
\JB SHORT 0043CB26
CMP EBX,ECX
JNE SHORT 0043CB4F
CALL 0043C5DF
MOV EBX,EAX
MOV DWORD PTR SS:[ARG.1],EBX
TEST EBX,EBX
JNE SHORT 0043CB4F
XOR EAX,EAX
JMP 0043CD58
PUSH EBX
CALL 0043C68F

59
8B4B 10
8901
8B43 10
8338 FF
74 E5
891D 88374500
8B43 10
8B10
8955 FC
83FA FF
74 14
8B8C90 C40000
8B7C90 44
234D F8
23FE
0BCF
75 29
8365 FC 00
8B90 C4000000
8D48 44
8B39
2355 F8
23FE
0BD7
75 0E
FF45 FC
8B91 84000000
83C1 04
EB E7
8B55 FC
8BCA
69C9 04020000
8D8C01 440100
894D F4
8B4C90 44
33FF
23CE
75 12
8B8C90 C40000
234D F8
6A 20
5F
EB 03
03C9
47

POP ECX
MOV ECX,DWORD PTR DS:[EBX+10]
MOV DWORD PTR DS:[ECX],EAX
MOV EAX,DWORD PTR DS:[EBX+10]
CMP DWORD PTR DS:[EAX],-1
JE SHORT 0043CB48
MOV DWORD PTR DS:[453788],EBX
MOV EAX,DWORD PTR DS:[EBX+10]
MOV EDX,DWORD PTR DS:[EAX]
MOV DWORD PTR SS:[LOCAL.1],EDX
CMP EDX,-1
JE SHORT 0043CB8A
MOV ECX,DWORD PTR DS:[EDX*4+EAX+0C4]
MOV EDI,DWORD PTR DS:[EDX*4+EAX+44]
AND ECX,DWORD PTR SS:[LOCAL.2]
AND EDI,ESI
OR ECX,EDI
JNE SHORT 0043CBB3
AND DWORD PTR SS:[LOCAL.1],00000000
MOV EDX,DWORD PTR DS:[EAX+0C4]
LEA ECX,[EAX+44]
/MOV EDI,DWORD PTR DS:[ECX]
|AND EDX,DWORD PTR SS:[LOCAL.2]
|AND EDI,ESI
|OR EDX,EDI
|JNE SHORT 0043CBB0
|INC DWORD PTR SS:[LOCAL.1]
|MOV EDX,DWORD PTR DS:[ECX+84]
|ADD ECX,4
\JMP SHORT 0043CB97
MOV EDX,DWORD PTR SS:[LOCAL.1]
MOV ECX,EDX
IMUL ECX,ECX,204
LEA ECX,[EAX+ECX+144]
MOV DWORD PTR SS:[LOCAL.3],ECX
MOV ECX,DWORD PTR DS:[EDX*4+EAX+44]
XOR EDI,EDI
AND ECX,ESI
JNE SHORT 0043CBE1
MOV ECX,DWORD PTR DS:[EDX*4+EAX+0C4]
AND ECX,DWORD PTR SS:[LOCAL.2]
PUSH 20
POP EDI
JMP SHORT 0043CBE1
/ADD ECX,ECX
|INC EDI

; /Arg1
; \SystemIn

0043CBE1
0043CBE3
0043CBE5
0043CBE8
0043CBEC
0043CBEE
0043CBF1
0043CBF3
0043CBF6
0043CBF7
0043CBFA
0043CBFD
0043CBFF
0043CC01
0043CC02
0043CC04
0043CC0A
0043CC0D
0043CC10
0043CC12
0043CC15
0043CC1A
0043CC1C
0043CC1E
0043CC20
0043CC23
0043CC27
0043CC29
0043CC2C
0043CC30
0043CC34
0043CC36
0043CC38
0043CC3B
0043CC3E
0043CC40
0043CC42
0043CC45
0043CC47
0043CC4A
0043CC51
0043CC55
0043CC57
0043CC59
0043CC5B
0043CC5E
0043CC60
0043CC63
0043CC66
0043CC69
0043CC6B
0043CC6E
0043CC72
0043CC75
0043CC78
0043CC7B
0043CC7E
0043CC81
0043CC84
0043CC8A

|>
|.^
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|>
|.
|.
|.
|.
|.
|.
|.
|.

85C9
7D F9
8B4D F4
8B54F9 04
8B0A
2B4D F0
8BF1
C1FE 04
4E
83FE 3F
894D F8
7E 03
6A 3F
5E
3BF7
0F84 01010000
8B4A 04
3B4A 08
75 5C
83FF 20
BB 00000080
7D 26
8BCF
D3EB
8B4D FC
8D7C38 04
F7D3
895D EC
235C88 44
895C88 44
FE0F
75 33
8B4D EC
8B5D 08
210B
EB 2C
8D4F E0
D3EB
8B4D FC
8D8C88 C40000
8D7C38 04
F7D3
2119
FE0F
895D EC
75 0B
8B5D 08
8B4D EC
214B 04
EB 03
8B5D 08
837D F8 00
8B4A 08
8B7A 04
8979 04
8B4A 04
8B7A 08
8979 08
0F84 8D000000
8B4D F4

|TEST ECX,ECX
\JGE SHORT 0043CBDE
MOV ECX,DWORD PTR SS:[LOCAL.3]
MOV EDX,DWORD PTR DS:[EDI*8+ECX+4]
MOV ECX,DWORD PTR DS:[EDX]
SUB ECX,DWORD PTR SS:[LOCAL.4]
MOV ESI,ECX
SAR ESI,4
DEC ESI
CMP ESI,3F
MOV DWORD PTR SS:[LOCAL.2],ECX
JLE SHORT 0043CC02
PUSH 3F
POP ESI
CMP ESI,EDI
JE 0043CD0B
MOV ECX,DWORD PTR DS:[EDX+4]
CMP ECX,DWORD PTR DS:[EDX+8]
JNE SHORT 0043CC6E
CMP EDI,20
MOV EBX,80000000
JGE SHORT 0043CC42
MOV ECX,EDI
SHR EBX,CL
MOV ECX,DWORD PTR SS:[LOCAL.1]
LEA EDI,[EDI+EAX+4]
NOT EBX
MOV DWORD PTR SS:[LOCAL.5],EBX
AND EBX,DWORD PTR DS:[ECX*4+EAX+44]
MOV DWORD PTR DS:[ECX*4+EAX+44],EBX
DEC BYTE PTR DS:[EDI]
JNE SHORT 0043CC6B
MOV ECX,DWORD PTR SS:[LOCAL.5]
MOV EBX,DWORD PTR SS:[ARG.1]
AND DWORD PTR DS:[EBX],ECX
JMP SHORT 0043CC6E
LEA ECX,[EDI-20]
SHR EBX,CL
MOV ECX,DWORD PTR SS:[LOCAL.1]
LEA ECX,[ECX*4+EAX+0C4]
LEA EDI,[EDI+EAX+4]
NOT EBX
AND DWORD PTR DS:[ECX],EBX
DEC BYTE PTR DS:[EDI]
MOV DWORD PTR SS:[LOCAL.5],EBX
JNE SHORT 0043CC6B
MOV EBX,DWORD PTR SS:[ARG.1]
MOV ECX,DWORD PTR SS:[LOCAL.5]
AND DWORD PTR DS:[EBX+4],ECX
JMP SHORT 0043CC6E
MOV EBX,DWORD PTR SS:[ARG.1]
CMP DWORD PTR SS:[LOCAL.2],0
MOV ECX,DWORD PTR DS:[EDX+8]
MOV EDI,DWORD PTR DS:[EDX+4]
MOV DWORD PTR DS:[ECX+4],EDI
MOV ECX,DWORD PTR DS:[EDX+4]
MOV EDI,DWORD PTR DS:[EDX+8]
MOV DWORD PTR DS:[ECX+8],EDI
JE 0043CD17
MOV ECX,DWORD PTR SS:[LOCAL.3]

0043CC8D
0043CC90
0043CC93
0043CC96
0043CC99
0043CC9C
0043CC9F
0043CCA2
0043CCA5
0043CCA8
0043CCAA
0043CCAE
0043CCB1
0043CCB3
0043CCB6
0043CCBA
0043CCBC
0043CCC0
0043CCC2
0043CCC7
0043CCC9
0043CCCB
0043CCCD
0043CCCF
0043CCD4
0043CCD6
0043CCD9
0043CCDD
0043CCDF
0043CCE3
0043CCE5
0043CCE8
0043CCED
0043CCEF
0043CCF2
0043CCF5
0043CCFC
0043CCFF
0043CD04
0043CD06
0043CD08
0043CD0B
0043CD0D
0043CD0F
0043CD11
0043CD15
0043CD17
0043CD1A
0043CD1D
0043CD1F
0043CD22
0043CD24
0043CD28
0043CD2B
0043CD2D
0043CD30
0043CD32
0043CD34
0043CD36
0043CD3C

|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|>
|>
|.
|.
|.
|.
|>
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.

8D0CF1
8B79 04
894A 08
897A 04
8951 04
8B4A 04
8951 08
8B4A 04
3B4A 08
75 5E
8A4C06 04
884D 0B
FEC1
83FE 20
884C06 04
7D 23
807D 0B 00
75 0B
BF 00000080
8BCE
D3EF
093B
8BCE
BF 00000080
D3EF
8B4D FC
097C88 44
EB 29
807D 0B 00
75 0D
8D4E E0
BF 00000080
D3EF
097B 04
8B4D FC
8DBC88 C40000
8D4E E0
BE 00000080
D3EE
0937
8B4D F8
85C9
74 0B
890A
894C11 FC
EB 03
8B4D F8
8B75 F0
03D1
8D4E 01
890A
894C32 FC
8B75 F4
8B0E
8D79 01
893E
85C9
75 1A
3B1D 0C324500
75 12

LEA ECX,[ESI*8+ECX]
MOV EDI,DWORD PTR DS:[ECX+4]
MOV DWORD PTR DS:[EDX+8],ECX
MOV DWORD PTR DS:[EDX+4],EDI
MOV DWORD PTR DS:[ECX+4],EDX
MOV ECX,DWORD PTR DS:[EDX+4]
MOV DWORD PTR DS:[ECX+8],EDX
MOV ECX,DWORD PTR DS:[EDX+4]
CMP ECX,DWORD PTR DS:[EDX+8]
JNE SHORT 0043CD08
MOV CL,BYTE PTR DS:[EAX+ESI+4]
MOV BYTE PTR SS:[ARG.1+3],CL
INC CL
CMP ESI,20
MOV BYTE PTR DS:[EAX+ESI+4],CL
JGE SHORT 0043CCDF
CMP BYTE PTR SS:[ARG.1+3],0
JNE SHORT 0043CCCD
MOV EDI,80000000
MOV ECX,ESI
SHR EDI,CL
OR DWORD PTR DS:[EBX],EDI
MOV ECX,ESI
MOV EDI,80000000
SHR EDI,CL
MOV ECX,DWORD PTR SS:[LOCAL.1]
OR DWORD PTR DS:[ECX*4+EAX+44],EDI
JMP SHORT 0043CD08
CMP BYTE PTR SS:[ARG.1+3],0
JNE SHORT 0043CCF2
LEA ECX,[ESI-20]
MOV EDI,80000000
SHR EDI,CL
OR DWORD PTR DS:[EBX+4],EDI
MOV ECX,DWORD PTR SS:[LOCAL.1]
LEA EDI,[ECX*4+EAX+0C4]
LEA ECX,[ESI-20]
MOV ESI,80000000
SHR ESI,CL
OR DWORD PTR DS:[EDI],ESI
MOV ECX,DWORD PTR SS:[LOCAL.2]
TEST ECX,ECX
JE SHORT 0043CD1A
MOV DWORD PTR DS:[EDX],ECX
MOV DWORD PTR DS:[EDX+ECX-4],ECX
JMP SHORT 0043CD1A
MOV ECX,DWORD PTR SS:[LOCAL.2]
MOV ESI,DWORD PTR SS:[LOCAL.4]
ADD EDX,ECX
LEA ECX,[ESI+1]
MOV DWORD PTR DS:[EDX],ECX
MOV DWORD PTR DS:[ESI+EDX-4],ECX
MOV ESI,DWORD PTR SS:[LOCAL.3]
MOV ECX,DWORD PTR DS:[ESI]
LEA EDI,[ECX+1]
MOV DWORD PTR DS:[ESI],EDI
TEST ECX,ECX
JNE SHORT 0043CD50
CMP EBX,DWORD PTR DS:[45320C]
JNE SHORT 0043CD50

0043CD3E |.
0043CD41 |.
0043CD47 |.
0043CD49 |.
0043CD50 |>
0043CD53 |.
0043CD55 |.
0043CD58 |>
0043CD59 |.
0043CD5A |.
0043CD5B |.
0043CD5C \.
0043CD5D /$
0043CD5F |.
0043CD64 |.
0043CD69 |.
0043CD6B |.
0043CD6E |.
0043CD70 |.
0043CD72 |.
0043CD75 |.
0043CD77 |.
0043CD79 |.
fo.004343FD
0043CD7E |.
0043CD84 |.
0043CD85 |.
0043CD86 |.
0043CD87 |.
0043CD88 |.
0043CD89 |.
fo.0042E862
0043CD8E |.
0043CD91 |.
0043CD94 |.
0043CD96 |>
0043CD9D |.
0043CD9F |.
0043CDA1 |.
fo.00438680
0043CDA6 |.
0043CDA7 |.
0043CDAA |.
0043CDAB |.
fo.0043C299
0043CDB0 |.
0043CDB1 |.
0043CDB4 |.
0043CDB6 |.
0043CDB8 |.
0043CDBB |.
0043CDBE |.
0043CDC1 |.
0043CDC3 |>
0043CDC6 |>
0043CDCD |.
0043CDD2 |.
0043CDD5 |.
0043CDD7 |>
0043CDD8 |.

8B4D FC
3B0D 90374500
75 07
8325 0C324500
8B4D FC
8908
8D42 04
5F
5E
5B
C9
C3
6A 10
68 48F54400
E8 83BCFFFF
33C0
8B5D 08
33FF
3BDF
0F95C0
3BC7
75 1D
E8 7F76FFFF

MOV ECX,DWORD PTR SS:[LOCAL.1]


CMP ECX,DWORD PTR DS:[453790]
JNE SHORT 0043CD50
AND DWORD PTR DS:[45320C],00000000
MOV ECX,DWORD PTR SS:[LOCAL.1]
MOV DWORD PTR DS:[EAX],ECX
LEA EAX,[EDX+4]
POP EDI
POP ESI
POP EBX
LEAVE
RETN
PUSH 10
PUSH OFFSET 0044F548
CALL 004389EC
XOR EAX,EAX
MOV EBX,DWORD PTR SS:[EBP+8]
XOR EDI,EDI
CMP EBX,EDI
SETNE AL
CMP EAX,EDI
JNE SHORT 0043CD96
CALL 004343FD

; [SystemIn

C700 16000000
57
57
57
57
57
E8 D41AFFFF

MOV DWORD PTR DS:[EAX],16


PUSH EDI
PUSH EDI
PUSH EDI
PUSH EDI
PUSH EDI
CALL 0042E862

;
;
;
;
;
;

83C4 14
83C8 FF
EB 53
833D 94374500
75 38
6A 04
E8 DAB8FFFF

ADD ESP,14
OR EAX,FFFFFFFF
JMP SHORT 0043CDE9
CMP DWORD PTR DS:[453794],3
JNE SHORT 0043CDD7
PUSH 4
CALL 00438680

; /Arg1 = 4
; \SystemIn

59
897D FC
53
E8 E9F4FFFF

POP ECX
MOV DWORD PTR SS:[EBP-4],EDI
PUSH EBX
CALL 0043C299

; /Arg1
; \SystemIn

59
8945 E0
3BC7
74 0B
8B73 FC
83EE 09
8975 E4
EB 03
8B75 E4
C745 FC FEFFF
E8 25000000
397D E0
75 10
53
57

POP ECX
MOV DWORD PTR SS:[EBP-20],EAX
CMP EAX,EDI
JE SHORT 0043CDC3
MOV ESI,DWORD PTR DS:[EBX-4]
SUB ESI,9
MOV DWORD PTR SS:[EBP-1C],ESI
JMP SHORT 0043CDC6
MOV ESI,DWORD PTR SS:[EBP-1C]
MOV DWORD PTR SS:[EBP-4],-2
CALL 0043CDF7
CMP DWORD PTR SS:[EBP-20],EDI
JNE SHORT 0043CDE7
PUSH EBX
PUSH EDI

; /pMem
; |Flags

/Arg5
|Arg4
|Arg3
|Arg2
|Arg1
\SystemIn

0043CDD9 |. FF35 08324500 PUSH DWORD PTR DS:[453208]


ULL
0043CDDF |. FF15 28814400 CALL DWORD PTR DS:[<&KERNEL32.HeapSize>]
lSizeHeap
0043CDE5 |. 8BF0
MOV ESI,EAX
0043CDE7 |> 8BC6
MOV EAX,ESI
0043CDE9 |> E8 43BCFFFF CALL 00438A31
0043CDEE \. C3
RETN
0043CDEF
33
DB 33
0043CDF0
FF
DB FF
0043CDF1
8B
DB 8B
0043CDF2
5D
DB 5D
0043CDF3
08
DB 08
0043CDF4
8B
DB 8B
0043CDF5
75
DB 75
0043CDF6
E4
DB E4
0043CDF7 /$ 6A 04
PUSH 4
0043CDF9 |. E8 A8B7FFFF CALL 004385A6
fo.004385A6
0043CDFE |. 59
POP ECX
0043CDFF \. C3
RETN
0043CE00 /$ 8BFF
MOV EDI,EDI
0043CE02 |. 55
PUSH EBP
0043CE03 |. 8BEC
MOV EBP,ESP
0043CE05 |. 8B45 08
MOV EAX,DWORD PTR SS:[ARG.1]
0043CE08 |. 8B00
MOV EAX,DWORD PTR DS:[EAX]
0043CE0A |. 8138 63736DE0 CMP DWORD PTR DS:[EAX],E06D7363
0043CE10 |. 75 2A
JNE SHORT 0043CE3C
0043CE12 |. 8378 10 03
CMP DWORD PTR DS:[EAX+10],3
0043CE16 |. 75 24
JNE SHORT 0043CE3C
0043CE18 |. 8B40 14
MOV EAX,DWORD PTR DS:[EAX+14]
0043CE1B |. 3D 20059319 CMP EAX,19930520
0043CE20 |. 74 15
JE SHORT 0043CE37
0043CE22 |. 3D 21059319 CMP EAX,19930521
0043CE27 |. 74 0E
JE SHORT 0043CE37
0043CE29 |. 3D 22059319 CMP EAX,19930522
0043CE2E |. 74 07
JE SHORT 0043CE37
0043CE30 |. 3D 00409901 CMP EAX,1994000
0043CE35 |. 75 05
JNE SHORT 0043CE3C
0043CE37 |> E8 AC87FFFF CALL 004355E8
fo.004355E8
0043CE3C |> 33C0
XOR EAX,EAX
0043CE3E |. 5D
POP EBP
0043CE3F \. C2 0400
RETN 4
0043CE42 /. 68 00CE4300 PUSH 0043CE00
SystemInfo.43CE00
0043CE47 |. FF15 64814400 CALL DWORD PTR DS:[<&KERNEL32.SetUnhandl
.SetUnhandledExceptionFilter
0043CE4D |. 33C0
XOR EAX,EAX
0043CE4F \. C3
RETN
0043CE50 /$ 8BFF
MOV EDI,EDI
o.0043CE50(guessed Arg1)
0043CE52 |. 55
PUSH EBP
0043CE53 |. 8BEC
MOV EBP,ESP
0043CE55 |. 51
PUSH ECX
0043CE56 |. 51
PUSH ECX
0043CE57 |. 53
PUSH EBX
0043CE58 |. 8B5D 08
MOV EBX,DWORD PTR SS:[ARG.1]
0043CE5B |. 56
PUSH ESI
0043CE5C |. 57
PUSH EDI

; |Heap = N
; \NTDLL.Rt

; CHAR '3'
; CHAR ']'
; Backspace
; CHAR 'u'
; /Arg1 = 4
; \SystemIn

; Callback

; [SystemIn

; /Filter =
; \KERNEL32

; SystemInf

0043CE5D |.
0043CE5F |.
0043CE61 |.
0043CE64 |>
0043CE6B |.
0043CE6D |.
0043CE6E |.
0043CE71 |.
0043CE74 |.^
0043CE76 |>
0043CE79 |.
0043CE7F |.
0043CE81 |.
fo.00441642
0043CE86 |.
0043CE87 |.
0043CE8A |.
0043CE90 |.
0043CE92 |.
fo.00441642
0043CE97 |.
0043CE98 |.
0043CE9A |.
0043CE9C |.
0043CEA3 |.
0043CEA9 |>
0043CEAF |.
0043CEB5 |.
SCII "Runtime

33F6
33FF
897D FC
3B1CFD D82245
74 09
47
897D FC
83FF 17
72 EE
83FF 17
0F83 77010000
6A 03
E8 BC470000

XOR ESI,ESI
XOR EDI,EDI
MOV DWORD PTR SS:[LOCAL.1],EDI
/CMP EBX,DWORD PTR DS:[EDI*8+4522D8]
|JE SHORT 0043CE76
|INC EDI
|MOV DWORD PTR SS:[LOCAL.1],EDI
|CMP EDI,17
\JB SHORT 0043CE64
CMP EDI,17
JNB 0043CFF6
PUSH 3
CALL 00441642

; /Arg1 = 3
; \SystemIn

59
83F8 01
0F84 34010000
6A 03
E8 AB470000

POP ECX
CMP EAX,1
JE 0043CFC4
PUSH 3
CALL 00441642

; /Arg1 = 3
; \SystemIn

59
85C0
75 0D
833D 20164500
0F84 1B010000
81FB FC000000
0F84 41010000
68 50B74400
Error!

POP ECX
TEST EAX,EAX
JNE SHORT 0043CEA9
CMP DWORD PTR DS:[451620],1
JE 0043CFC4
CMP EBX,0FC
JE 0043CFF6
PUSH OFFSET 0044B750

; /Arg3 = A

MOV EBX,314
PUSH EBX

; |
; |Arg2 =>

MOV EDI,OFFSET 00453210


PUSH EDI

; |
; |Arg1 =>

CALL 0043597F

; \SystemIn

ADD ESP,0C
TEST EAX,EAX
JE SHORT 0043CEDF
PUSH ESI
PUSH ESI
PUSH ESI
PUSH ESI
PUSH ESI
CALL 0042E73A
ADD ESP,14
PUSH 104

; /Count =

MOV ESI,OFFSET 00453229


PUSH ESI
PUSH 0

; |
; |Buffer
; |hModule

Program: "
0043CEBA |. BB 14030000
0043CEBF |. 53
314
0043CEC0 |. BF 10324500
0043CEC5 |. 57
SystemInfo.453210
0043CEC6 |. E8 B48AFFFF
fo.0043597F
0043CECB |. 83C4 0C
0043CECE |. 85C0
0043CED0 |. 74 0D
0043CED2 |. 56
0043CED3 |. 56
0043CED4 |. 56
0043CED5 |. 56
0043CED6 |. 56
0043CED7 |. E8 5E18FFFF
0043CEDC |. 83C4 14
0043CEDF |> 68 04010000
260.
0043CEE4 |. BE 29324500
0043CEE9 |. 56
0043CEEA |. 6A 00
= NULL
0043CEEC |. C605 2D334500
0043CEF3 |. FF15 10814400
.GetModuleFileNameA
0043CEF9 |. 85C0
0043CEFB |. 75 26

MOV BYTE PTR DS:[45332D],0


; |
CALL DWORD PTR DS:[<&KERNEL32.GetModuleF ; \KERNEL32
TEST EAX,EAX
JNE SHORT 0043CF23

0043CEFD |. 68 38B74400 PUSH OFFSET 0044B738


; /Arg3 = A
SCII "<program name unknown>"
0043CF02 |. 68 FB020000 PUSH 2FB
; |Arg2 = 2
FB
0043CF07 |. 56
PUSH ESI
; |Arg1 =>
SystemInfo.453229
0043CF08 |. E8 728AFFFF CALL 0043597F
; \SystemIn
fo.0043597F
0043CF0D |. 83C4 0C
ADD ESP,0C
0043CF10 |. 85C0
TEST EAX,EAX
0043CF12 |. 74 0F
JE SHORT 0043CF23
0043CF14 |. 33C0
XOR EAX,EAX
0043CF16 |. 50
PUSH EAX
0043CF17 |. 50
PUSH EAX
0043CF18 |. 50
PUSH EAX
0043CF19 |. 50
PUSH EAX
0043CF1A |. 50
PUSH EAX
0043CF1B |. E8 1A18FFFF CALL 0042E73A
0043CF20 |. 83C4 14
ADD ESP,14
0043CF23 |> 56
PUSH ESI
; /Arg1
0043CF24 |. E8 5713FFFF CALL 0042E280
; \SystemIn
fo.0042E280
0043CF29 |. 40
INC EAX
; Switch (c
ases -1..3B, 2 exits)
0043CF2A |. 59
POP ECX
0043CF2B |. 83F8 3C
CMP EAX,3C
0043CF2E |. 76 38
JBE SHORT 0043CF68
0043CF30 |. 56
PUSH ESI
; /Arg1, de
fault case of switch SystemInfo.43CF29
0043CF31 |. E8 4A13FFFF CALL 0042E280
; \SystemIn
fo.0042E280
0043CF36 |. 83EE 3B
SUB ESI,3B
0043CF39 |. 03C6
ADD EAX,ESI
0043CF3B |. 6A 03
PUSH 3
; /Arg4 = 3
0043CF3D |. B9 24354500 MOV ECX,OFFSET 00453524
; |
0043CF42 |. 68 34B74400 PUSH OFFSET 0044B734
; |Arg3 = A
SCII "..."
0043CF47 |. 2BC8
SUB ECX,EAX
; |
0043CF49 |. 51
PUSH ECX
; |Arg2
0043CF4A |. 50
PUSH EAX
; |Arg1
0043CF4B |. E8 00BDFFFF CALL 00438C50
; \SystemIn
fo.00438C50
0043CF50 |. 83C4 14
ADD ESP,14
0043CF53 |. 85C0
TEST EAX,EAX
0043CF55 |. 74 11
JE SHORT 0043CF68
0043CF57 |. 33F6
XOR ESI,ESI
0043CF59 |. 56
PUSH ESI
0043CF5A |. 56
PUSH ESI
0043CF5B |. 56
PUSH ESI
0043CF5C |. 56
PUSH ESI
0043CF5D |. 56
PUSH ESI
0043CF5E |. E8 D717FFFF CALL 0042E73A
0043CF63 |. 83C4 14
ADD ESP,14
0043CF66 |. EB 02
JMP SHORT 0043CF6A
0043CF68 |> 33F6
XOR ESI,ESI
; Cases -1,
0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, F, 10, 11, 12, 13, 14, 15, 16, 17,
18, 19, 1A, 1B, 1C, 1D, 1E, 1F, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 2A, 2B,
2C, 2D, 2E, 2F, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 3A, 3B of switch System
Inf...
0043CF6A |> 68 30B74400 PUSH OFFSET 0044B730
; /Arg3 = A

SCII "
"
0043CF6F |. 53
PUSH EBX
0043CF70 |. 57
PUSH EDI
0043CF71 |. E8 66BCFFFF CALL 00438BDC
fo.00438BDC
0043CF76 |. 83C4 0C
ADD ESP,0C
0043CF79 |. 85C0
TEST EAX,EAX
0043CF7B |. 74 0D
JE SHORT 0043CF8A
0043CF7D |. 56
PUSH ESI
0043CF7E |. 56
PUSH ESI
0043CF7F |. 56
PUSH ESI
0043CF80 |. 56
PUSH ESI
0043CF81 |. 56
PUSH ESI
0043CF82 |. E8 B317FFFF CALL 0042E73A
0043CF87 |. 83C4 14
ADD ESP,14
0043CF8A |> 8B45 FC
MOV EAX,DWORD PTR SS:[LOCAL.1]
0043CF8D |. FF34C5 DC2245 PUSH DWORD PTR DS:[EAX*8+4522DC]
0043CF94 |. 53
PUSH EBX
0043CF95 |. 57
PUSH EDI
0043CF96 |. E8 41BCFFFF CALL 00438BDC
fo.00438BDC
0043CF9B |. 83C4 0C
ADD ESP,0C
0043CF9E |. 85C0
TEST EAX,EAX
0043CFA0 |. 74 0D
JE SHORT 0043CFAF
0043CFA2 |. 56
PUSH ESI
0043CFA3 |. 56
PUSH ESI
0043CFA4 |. 56
PUSH ESI
0043CFA5 |. 56
PUSH ESI
0043CFA6 |. 56
PUSH ESI
0043CFA7 |. E8 8E17FFFF CALL 0042E73A
0043CFAC |. 83C4 14
ADD ESP,14
0043CFAF |> 68 10200100 PUSH 12010
0043CFB4 |. 68 08B74400 PUSH OFFSET 0044B708
crosoft Visual C++ Runtime Library"
0043CFB9 |. 57
PUSH EDI
0043CFBA |. E8 1A450000 CALL 004414D9
0043CFBF |. 83C4 0C
ADD ESP,0C
0043CFC2 |. EB 32
JMP SHORT 0043CFF6
0043CFC4 |> 6A F4
PUSH -0C
e = STD_ERROR_HANDLE
0043CFC6 |. FF15 CC814400 CALL DWORD PTR DS:[<&KERNEL32.GetStdHand
.GetStdHandle
0043CFCC |. 8BD8
MOV EBX,EAX
0043CFCE |. 3BDE
CMP EBX,ESI
0043CFD0 |. 74 24
JE SHORT 0043CFF6
0043CFD2 |. 83FB FF
CMP EBX,-1
0043CFD5 |. 74 1F
JE SHORT 0043CFF6
0043CFD7 |. 6A 00
PUSH 0
0043CFD9 |. 8D45 F8
LEA EAX,[LOCAL.2]
0043CFDC |. 50
PUSH EAX
0043CFDD |. 8D34FD DC2245 LEA ESI,[EDI*8+4522DC]
CII "R6002
- floating point support not loaded
"
0043CFE4 |. FF36
PUSH DWORD PTR DS:[ESI]
0043CFE6 |. E8 9512FFFF CALL 0042E280
fo.0042E280
0043CFEB |. 59
POP ECX

; |Arg2
; |Arg1
; \SystemIn

;
;
;
;

/Arg3
|Arg2
|Arg1
\SystemIn

; ASCII "Mi

; /StdHandl
; \KERNEL32

; PTR to AS

; /Arg1
; \SystemIn

0043CFEC |.
0043CFED |.
0043CFEF |.
0043CFF0 |.
.WriteFile
0043CFF6 |>
0043CFF7 |.
0043CFF8 |.
0043CFF9 |.
0043CFFA \.
0043CFFB /$
0043CFFD |.
fo.00441642
0043D002 |.
0043D003 |.
0043D006 |.
0043D008 |.
0043D00A |.
fo.00441642
0043D00F |.
0043D010 |.
0043D012 |.
0043D014 |.
0043D01B |.
0043D01D |>
FC
0043D022 |.
fo.0043CE50
0043D027 |.
FF
0043D02C |.
fo.0043CE50
0043D031 |.
0043D032 |.
0043D033 \>
0043D034 /$
0043D036 |.
0043D037 |.
0043D039 |.
0043D03A |.
0043D03B |.
0043D03C |.
0043D041 |.
0043D043 |.
0043D045 |.
0043D04B |.
0043D04E |.
0043D053 |.
0043D054 |.
0043D057 |.
0043D059 |.
0043D05A |>
0043D05C |.
0043D05E |.
0043D060 |.
0043D063 |.
0043D066 |.
0043D068 |.
0043D06A |.^
0043D06C |>

50
FF36
53
FF15 BC814400

PUSH
PUSH
PUSH
CALL

EAX
DWORD PTR DS:[ESI]
EBX
DWORD PTR DS:[<&KERNEL32.WriteFile>

;
;
;
;

|Size
|Buffer
|hFile
\KERNEL32

5F
5E
5B
C9
C3
6A 03
E8 40460000

POP EDI
POP ESI
POP EBX
LEAVE
RETN
PUSH 3
CALL 00441642

; /Arg1 = 3
; \SystemIn

59
83F8 01
74 15
6A 03
E8 33460000

POP ECX
CMP EAX,1
JE SHORT 0043D01D
PUSH 3
CALL 00441642

; /Arg1 = 3
; \SystemIn

59
85C0
75 1F
833D 20164500
75 16
68 FC000000

POP ECX
TEST EAX,EAX
JNE SHORT 0043D033
CMP DWORD PTR DS:[451620],1
JNE SHORT 0043D033
PUSH 0FC

; /Arg1 = 0

E8 29FEFFFF

CALL 0043CE50

; \SystemIn

68 FF000000

PUSH 0FF

; /Arg1 = 0

E8 1FFEFFFF

CALL 0043CE50

; \SystemIn

59
59
C3
8BFF
55
8BEC
51
51
56
E8 5882FFFF
8BF0
85F6
0F84 46010000
8B56 5C
A1 9C234500
57
8B7D 08
8BCA
53
3939
74 0E
8BD8
6BDB 0C
83C1 0C
03DA
3BCB
72 EE
6BC0 0C

POP ECX
POP ECX
RETN
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
PUSH ECX
PUSH ECX
PUSH ESI
CALL 00435299
MOV ESI,EAX
TEST ESI,ESI
JE 0043D191
MOV EDX,DWORD PTR DS:[ESI+5C]
MOV EAX,DWORD PTR DS:[45239C]
PUSH EDI
MOV EDI,DWORD PTR SS:[ARG.1]
MOV ECX,EDX
PUSH EBX
/CMP DWORD PTR DS:[ECX],EDI
|JE SHORT 0043D06C
|MOV EBX,EAX
|IMUL EBX,EBX,0C
|ADD ECX,0C
|ADD EBX,EDX
|CMP ECX,EBX
\JB SHORT 0043D05A
IMUL EAX,EAX,0C

0043D06F
0043D071
0043D073
0043D075
0043D077
0043D079
0043D07B
0043D07D
0043D07F
0043D081
0043D083
0043D086
0043D089
0043D08B
0043D08D
0043D08F
0043D094
0043D097
0043D099
0043D09D
0043D09F
0043D0A0
0043D0A5
0043D0A8
0043D0AE
0043D0B1
0043D0B4
0043D0B7
0043D0BA
0043D0BD
0043D0C0
0043D0C6
0043D0CC
0043D0D2
0043D0D4
0043D0D6
0043D0D8
0043D0DA
0043D0DD
0043D0E0
0043D0E5
0043D0EB
0043D0F1
0043D0F2
0043D0F4
0043D0F7
0043D0F9
0043D0FB
0043D0FE
0043D100
0043D103
0043D108
0043D10A
0043D111
0043D113
0043D118
0043D11A
0043D121
0043D123
0043D128

|.
|.
|.
|.
|.
|.
|.
|>
|>
|.
|.
|.
|.
|.
|>
|.
|>
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.^
|.
|>
|.
|.
|.
|.
|.
|>
|.
|.
|.
|>
|.

03C2
3BC8
73 08
3939
75 04
8BC1
EB 02
33C0
85C0
74 0A
8B58 08
895D FC
85DB
75 07
33C0
E9 FB000000
83FB 05
75 0C
8360 08 00
33C0
40
E9 EA000000
83FB 01
0F84 DE000000
8B4E 60
894D F8
8B4D 0C
894E 60
8B48 04
83F9 08
0F85 B8000000
8B0D 90234500
8B3D 94234500
8BD1
03F9
3BD7
7D 24
6BC9 0C
8B7E 5C
836439 08 00
8B3D 90234500
8B1D 94234500
42
03DF
83C1 0C
3BD3
7C E2
8B5D FC
8B00
8B7E 64
3D 8E0000C0
75 09
C746 64 83000
EB 5E
3D 900000C0
75 09
C746 64 81000
EB 4E
3D 910000C0
75 09

ADD EAX,EDX
CMP ECX,EAX
JNB SHORT 0043D07D
CMP DWORD PTR DS:[ECX],EDI
JNE SHORT 0043D07D
MOV EAX,ECX
JMP SHORT 0043D07F
XOR EAX,EAX
TEST EAX,EAX
JE SHORT 0043D08D
MOV EBX,DWORD PTR DS:[EAX+8]
MOV DWORD PTR SS:[LOCAL.1],EBX
TEST EBX,EBX
JNE SHORT 0043D094
XOR EAX,EAX
JMP 0043D18F
CMP EBX,5
JNE SHORT 0043D0A5
AND DWORD PTR DS:[EAX+8],00000000
XOR EAX,EAX
INC EAX
JMP 0043D18F
CMP EBX,1
JE 0043D18C
MOV ECX,DWORD PTR DS:[ESI+60]
MOV DWORD PTR SS:[LOCAL.2],ECX
MOV ECX,DWORD PTR SS:[ARG.2]
MOV DWORD PTR DS:[ESI+60],ECX
MOV ECX,DWORD PTR DS:[EAX+4]
CMP ECX,8
JNE 0043D17E
MOV ECX,DWORD PTR DS:[452390]
MOV EDI,DWORD PTR DS:[452394]
MOV EDX,ECX
ADD EDI,ECX
CMP EDX,EDI
JGE SHORT 0043D0FE
IMUL ECX,ECX,0C
/MOV EDI,DWORD PTR DS:[ESI+5C]
|AND DWORD PTR DS:[EDI+ECX+8],00000000
|MOV EDI,DWORD PTR DS:[452390]
|MOV EBX,DWORD PTR DS:[452394]
|INC EDX
|ADD EBX,EDI
|ADD ECX,0C
|CMP EDX,EBX
\JL SHORT 0043D0DD
MOV EBX,DWORD PTR SS:[LOCAL.1]
MOV EAX,DWORD PTR DS:[EAX]
MOV EDI,DWORD PTR DS:[ESI+64]
CMP EAX,C000008E
JNE SHORT 0043D113
MOV DWORD PTR DS:[ESI+64],83
JMP SHORT 0043D171
CMP EAX,C0000090
JNE SHORT 0043D123
MOV DWORD PTR DS:[ESI+64],81
JMP SHORT 0043D171
CMP EAX,C0000091
JNE SHORT 0043D133

0043D12A
0043D131
0043D133
0043D138
0043D13A
0043D141
0043D143
0043D148
0043D14A
0043D151
0043D153
0043D158
0043D15A
0043D161
0043D163
0043D168
0043D16A
0043D171
0043D174
0043D176
0043D178
0043D179
0043D17C
0043D17E
0043D182
0043D183
0043D185
0043D188
0043D189
0043D18C
0043D18F
0043D190
0043D191
0043D192
0043D193
0043D194
0043D196
0043D197
0043D198
0043D19A
0043D1A0
0043D1A2
0043D1A7
0043D1AD
0043D1AF
0043D1B1
0043D1B6
0043D1B8
0043D1BA
0043D1BC
0043D1BE
0043D1C0
0043D1C2
0043D1C4
0043D1C6
0043D1C8
0043D1CA
0043D1CC
0043D1CF
0043D1D1

|.
|.
|>
|.
|.
|.
|>
|.
|.
|.
|>
|.
|.
|.
|>
|.
|.
|>
|.
|.
|.
|.
|.
|>
|.
|.
|>
|.
|.
|>
|>
|.
|>
|.
\.
/$
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|>

C746 64 84000
EB 3E
3D 930000C0
75 09
C746 64 85000
EB 2E
3D 8D0000C0
75 09
C746 64 82000
EB 1E
3D 8F0000C0
75 09
C746 64 86000
EB 0E
3D 920000C0
75 07
C746 64 8A000
FF76 64
6A 08
FFD3
59
897E 64
EB 07
8360 08 00
51
FFD3
8B45 F8
59
8946 60
83C8 FF
5B
5F
5E
C9
C3
8BFF
56
57
33FF
393D D0484500
75 05
E8 8E90FFFF
8B35 E0484500
85F6
75 05
BE 77874400
8A06
3C 20
77 08
84C0
74 2E
85FF
74 24
3C 22
75 09
33C9
85FF
0F94C1
8BF9
0FB6C0

MOV DWORD PTR DS:[ESI+64],84


JMP SHORT 0043D171
CMP EAX,C0000093
JNE SHORT 0043D143
MOV DWORD PTR DS:[ESI+64],85
JMP SHORT 0043D171
CMP EAX,C000008D
JNE SHORT 0043D153
MOV DWORD PTR DS:[ESI+64],82
JMP SHORT 0043D171
CMP EAX,C000008F
JNE SHORT 0043D163
MOV DWORD PTR DS:[ESI+64],86
JMP SHORT 0043D171
CMP EAX,C0000092
JNE SHORT 0043D171
MOV DWORD PTR DS:[ESI+64],8A
PUSH DWORD PTR DS:[ESI+64]
PUSH 8
CALL EBX
POP ECX
MOV DWORD PTR DS:[ESI+64],EDI
JMP SHORT 0043D185
AND DWORD PTR DS:[EAX+8],00000000
PUSH ECX
CALL EBX
MOV EAX,DWORD PTR SS:[LOCAL.2]
POP ECX
MOV DWORD PTR DS:[ESI+60],EAX
OR EAX,FFFFFFFF
POP EBX
POP EDI
POP ESI
LEAVE
RETN
MOV EDI,EDI
PUSH ESI
PUSH EDI
XOR EDI,EDI
CMP DWORD PTR DS:[4548D0],EDI
JNE SHORT 0043D1A7
CALL 00436235
MOV ESI,DWORD PTR DS:[4548E0]
TEST ESI,ESI
JNE SHORT 0043D1B6
MOV ESI,OFFSET 00448777
/MOV AL,BYTE PTR DS:[ESI]
|CMP AL,20
|JA SHORT 0043D1C4
|TEST AL,AL
|JE SHORT 0043D1EE
|TEST EDI,EDI
|JE SHORT 0043D1E8
|CMP AL,22
|JNE SHORT 0043D1D1
|XOR ECX,ECX
|TEST EDI,EDI
|SETE CL
|MOV EDI,ECX
|MOVZX EAX,AL

0043D1D4 |.
0043D1D5 |.
fo.0044042E
0043D1DA |.
0043D1DB |.
0043D1DD |.
0043D1DF |.
0043D1E0 |>
0043D1E1 |.^
0043D1E3 |>
0043D1E5 |.
0043D1E7 |.
0043D1E8 |>
0043D1EA |.
0043D1EC |.^
0043D1EE |>
0043D1EF |.
0043D1F1 |.
0043D1F2 \.
0043D1F3 /$
0043D1FA |.
0043D1FC |.
0043D201 |>
0043D202 |.
0043D208 |.
0043D209 |.
0043D20B |.
0043D20D |.
0043D20F |>
0043D212 |.
0043D217 |>
0043D219 |.
0043D21B |.
0043D21C |>
0043D21D |.
fo.0042E280
0043D222 |.
0043D223 |.
0043D227 |>
0043D229 |.
0043D22B |.^
0043D22D |.
0043D22F |.
0043D230 |.
0043D231 |.
fo.00434E58
0043D236 |.
0043D238 |.
0043D239 |.
0043D23A |.
0043D240 |.
0043D242 |.^
0043D244 |.
0043D24A |.
0043D24B |.
0043D24D |>
0043D24E |.
fo.0042E280
0043D253 |.
0043D255 |.

50
E8 54320000

|PUSH EAX
|CALL 0044042E

; /Arg1
; \SystemIn

59
85C0
74 01
46
46
EB D3
3C 20
77 07
46
8A06
84C0
75 F5
5F
8BC6
5E
C3
833D D0484500
75 05
E8 3490FFFF
56
8B35 D42C4500
57
33FF
85F6
75 18
83C8 FF
E9 A0000000
3C 3D
74 01
47
56
E8 5E10FFFF

|POP ECX
|TEST EAX,EAX
|JE SHORT 0043D1E0
|INC ESI
|INC ESI
\JMP SHORT 0043D1B6
/CMP AL,20
|JA SHORT 0043D1EE
|INC ESI
|MOV AL,BYTE PTR DS:[ESI]
|TEST AL,AL
\JNE SHORT 0043D1E3
POP EDI
MOV EAX,ESI
POP ESI
RETN
CMP DWORD PTR DS:[4548D0],0
JNE SHORT 0043D201
CALL 00436235
PUSH ESI
MOV ESI,DWORD PTR DS:[452CD4]
PUSH EDI
XOR EDI,EDI
TEST ESI,ESI
JNE SHORT 0043D227
OR EAX,FFFFFFFF
JMP 0043D2B7
/CMP AL,3D
|JE SHORT 0043D21C
|INC EDI
|PUSH ESI
|CALL 0042E280

; /Arg1
; \SystemIn

59
8D7406 01
8A06
84C0
75 EA
6A 04
47
57
E8 227CFFFF

|POP ECX
|LEA ESI,[EAX+ESI+1]
|MOV AL,BYTE PTR DS:[ESI]
|TEST AL,AL
\JNE SHORT 0043D217
PUSH 4
INC EDI
PUSH EDI
CALL 00434E58

;
;
;
;

8BF8
59
59
893D E0314500
85FF
74 CB
8B35 D42C4500
53
EB 42
56
E8 2D10FFFF

MOV EDI,EAX
POP ECX
POP ECX
MOV DWORD PTR DS:[4531E0],EDI
TEST EDI,EDI
JE SHORT 0043D20F
MOV ESI,DWORD PTR DS:[452CD4]
PUSH EBX
JMP SHORT 0043D28F
/PUSH ESI
|CALL 0042E280

; /Arg1
; \SystemIn

8BD8
43

|MOV EBX,EAX
|INC EBX

/Arg2 = 4
|
|Arg1
\SystemIn

0043D256 |. 803E 3D
|CMP BYTE PTR DS:[ESI],3D
0043D259 |. 59
|POP ECX
0043D25A |. 74 31
|JE SHORT 0043D28D
0043D25C |. 6A 01
|PUSH 1
0043D25E |. 53
|PUSH EBX
0043D25F |. E8 F47BFFFF |CALL 00434E58
fo.00434E58
0043D264 |. 59
|POP ECX
0043D265 |. 59
|POP ECX
0043D266 |. 8907
|MOV DWORD PTR DS:[EDI],EAX
0043D268 |. 85C0
|TEST EAX,EAX
0043D26A |. 74 4E
|JE SHORT 0043D2BA
0043D26C |. 56
|PUSH ESI
0043D26D |. 53
|PUSH EBX
0043D26E |. 50
|PUSH EAX
0043D26F |. E8 0B87FFFF |CALL 0043597F
fo.0043597F
0043D274 |. 83C4 0C
|ADD ESP,0C
0043D277 |. 85C0
|TEST EAX,EAX
0043D279 |. 74 0F
|JE SHORT 0043D28A
0043D27B |. 33C0
|XOR EAX,EAX
0043D27D |. 50
|PUSH EAX
0043D27E |. 50
|PUSH EAX
0043D27F |. 50
|PUSH EAX
0043D280 |. 50
|PUSH EAX
0043D281 |. 50
|PUSH EAX
0043D282 |. E8 B314FFFF |CALL 0042E73A
0043D287 |. 83C4 14
|ADD ESP,14
0043D28A |> 83C7 04
|ADD EDI,4
0043D28D |> 03F3
|ADD ESI,EBX
0043D28F |> 803E 00
|CMP BYTE PTR DS:[ESI],0
0043D292 |.^ 75 B9
\JNE SHORT 0043D24D
0043D294 |. FF35 D42C4500 PUSH DWORD PTR DS:[452CD4]
0043D29A |. E8 3F5FFFFF CALL 004331DE
fo.004331DE
0043D29F |. 8325 D42C4500 AND DWORD PTR DS:[452CD4],00000000
0043D2A6 |. 8327 00
AND DWORD PTR DS:[EDI],00000000
0043D2A9 |. C705 C4484500 MOV DWORD PTR DS:[4548C4],1
0043D2B3 |. 33C0
XOR EAX,EAX
0043D2B5 |> 59
POP ECX
0043D2B6 |. 5B
POP EBX
0043D2B7 |> 5F
POP EDI
0043D2B8 |. 5E
POP ESI
0043D2B9 |. C3
RETN
0043D2BA |> FF35 E0314500 PUSH DWORD PTR DS:[4531E0]
0043D2C0 |. E8 195FFFFF CALL 004331DE
fo.004331DE
0043D2C5 |. 8325 E0314500 AND DWORD PTR DS:[4531E0],00000000
0043D2CC |. 83C8 FF
OR EAX,FFFFFFFF
0043D2CF \.^ EB E4
JMP SHORT 0043D2B5
0043D2D1 /$ 8BFF
MOV EDI,EDI
o.0043D2D1(guessed Arg1,Arg2,Arg3)
0043D2D3 |. 55
PUSH EBP
0043D2D4 |. 8BEC
MOV EBP,ESP
0043D2D6 |. 51
PUSH ECX
0043D2D7 |. 8B4D 10
MOV ECX,DWORD PTR SS:[ARG.3]
0043D2DA |. 53
PUSH EBX
0043D2DB |. 33C0
XOR EAX,EAX
0043D2DD |. 56
PUSH ESI
0043D2DE |. 8907
MOV DWORD PTR DS:[EDI],EAX

; /Arg2 = 1
; |Arg1
; \SystemIn

;
;
;
;

/Arg3
|Arg2
|Arg1
\SystemIn

; /Arg1 = 0
; \SystemIn

; /Arg1 = 0
; \SystemIn

; SystemInf

0043D2E0 |.
0043D2E2 |.
0043D2E5 |.
0043D2EB |.
0043D2EE |.
0043D2F0 |.
0043D2F3 |.
0043D2F7 |.
0043D2F9 |>
0043D2FC |>
0043D2FF |.
0043D301 |.
0043D303 |.
0043D306 |.
0043D308 |.
0043D30B |.
0043D30C |.
0043D30F |.
0043D311 |>
0043D313 |.
0043D315 |.
0043D317 |.
0043D319 |.
0043D31B |.
0043D31C |.
0043D31F |>
0043D321 |.
0043D324 |.
0043D325 |.
0043D326 |.
fo.0044042E
0043D32B |.
0043D32C |.
0043D32E |.
0043D330 |.
0043D332 |.
0043D336 |.
0043D338 |.
0043D33B |.
0043D33D |.
0043D340 |.
0043D342 |>
0043D343 |>
0043D346 |.
0043D349 |.
0043D34B |.
0043D34D |>
0043D351 |.^
0043D353 |.
0043D356 |.
0043D358 |.
0043D35B |.^
0043D35D |>
0043D35F |.
0043D361 |.
0043D365 |>
0043D369 |>
0043D36C |.
0043D372 |>
0043D374 |.

8BF2
8B55 0C
C701 01000000
3945 08
74 09
8B5D 08
8345 08 04
8913
8945 FC
803E 22
75 10
33C0
3945 FC
B3 22
0F94C0
46
8945 FC
EB 3C
FF07
85D2
74 08
8A06
8802
42
8955 0C
8A1E
0FB6C3
50
46
E8 03310000

MOV ESI,EDX
MOV EDX,DWORD PTR SS:[ARG.2]
MOV DWORD PTR DS:[ECX],1
CMP DWORD PTR SS:[ARG.1],EAX
JE SHORT 0043D2F9
MOV EBX,DWORD PTR SS:[ARG.1]
ADD DWORD PTR SS:[ARG.1],4
MOV DWORD PTR DS:[EBX],EDX
MOV DWORD PTR SS:[LOCAL.1],EAX
/CMP BYTE PTR DS:[ESI],22
|JNE SHORT 0043D311
|XOR EAX,EAX
|CMP DWORD PTR SS:[LOCAL.1],EAX
|MOV BL,22
|SETE AL
|INC ESI
|MOV DWORD PTR SS:[LOCAL.1],EAX
|JMP SHORT 0043D34D
|INC DWORD PTR DS:[EDI]
|TEST EDX,EDX
|JE SHORT 0043D31F
|MOV AL,BYTE PTR DS:[ESI]
|MOV BYTE PTR DS:[EDX],AL
|INC EDX
|MOV DWORD PTR SS:[ARG.2],EDX
|MOV BL,BYTE PTR DS:[ESI]
|MOVZX EAX,BL
|PUSH EAX
|INC ESI
|CALL 0044042E

59
85C0
74 13
FF07
837D 0C 00
74 0A
8B4D 0C
8A06
FF45 0C
8801
46
8B55 0C
8B4D 10
84DB
74 32
837D FC 00
75 A9
80FB 20
74 05
80FB 09
75 9F
85D2
74 04
C642 FF 00
8365 FC 00
803E 00
0F84 E9000000
8A06
3C 20

|POP ECX
|TEST EAX,EAX
|JE SHORT 0043D343
|INC DWORD PTR DS:[EDI]
|CMP DWORD PTR SS:[ARG.2],0
|JE SHORT 0043D342
|MOV ECX,DWORD PTR SS:[ARG.2]
|MOV AL,BYTE PTR DS:[ESI]
|INC DWORD PTR SS:[ARG.2]
|MOV BYTE PTR DS:[ECX],AL
|INC ESI
|MOV EDX,DWORD PTR SS:[ARG.2]
|MOV ECX,DWORD PTR SS:[ARG.3]
|TEST BL,BL
|JE SHORT 0043D37F
|CMP DWORD PTR SS:[LOCAL.1],0
|JNE SHORT 0043D2FC
|CMP BL,20
|JE SHORT 0043D35D
|CMP BL,9
\JNE SHORT 0043D2FC
TEST EDX,EDX
JE SHORT 0043D365
MOV BYTE PTR DS:[EDX-1],0
AND DWORD PTR SS:[LOCAL.1],00000000
CMP BYTE PTR DS:[ESI],0
JE 0043D45B
/MOV AL,BYTE PTR DS:[ESI]
|CMP AL,20

; /Arg1
; |
; \SystemIn

0043D376
0043D378
0043D37A
0043D37C
0043D37D
0043D37F
0043D380
0043D382
0043D385
0043D38B
0043D38F
0043D391
0043D394
0043D398
0043D39A
0043D39C
0043D39E
0043D39F
0043D3A1
0043D3A3
0043D3A4
0043D3A5
0043D3A8
0043D3AA
0043D3AD
0043D3AF
0043D3B2
0043D3B4
0043D3B8
0043D3BA
0043D3BD
0043D3C0
0043D3C2
0043D3C4
0043D3C6
0043D3C8
0043D3CA
0043D3CD
0043D3D0
0043D3D3
0043D3D5
0043D3D7
0043D3D9
0043D3DA
0043D3DC
0043D3DE
0043D3E1
0043D3E2
0043D3E4
0043D3E6
0043D3E8
0043D3EB
0043D3ED
0043D3EF
0043D3F1
0043D3F5
0043D3F7
0043D3F9
0043D3FB
0043D3FD

|.
|.
|.
|>
|.^
|>
|.^
|>
|.
|.
|.
|.
|.
|.
|>
|>
|.
|.
|.
|>
|.
|>
|.^
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|>
|>
|.
|>
|.
|.
|.
|.
|>
|.
|.^
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.

74 04
3C 09
75 06
46
EB F3
4E
EB E3
803E 00
0F84 D0000000
837D 08 00
74 09
8B45 08
8345 08 04
8910
FF01
33DB
43
33C9
EB 02
46
41
803E 5C
74 F9
803E 22
75 26
F6C1 01
75 1F
837D FC 00
74 0C
8D46 01
8038 22
75 04
8BF0
EB 0D
33C0
33DB
3945 FC
0F94C0
8945 FC
D1E9
85C9
74 12
49
85D2
74 04
C602 5C
42
FF07
85C9
75 F1
8955 0C
8A06
84C0
74 55
837D FC 00
75 08
3C 20
74 4B
3C 09
74 47

|JE SHORT 0043D37C


|CMP AL,9
|JNE SHORT 0043D382
|INC ESI
\JMP SHORT 0043D372
DEC ESI
JMP SHORT 0043D365
CMP BYTE PTR DS:[ESI],0
JE 0043D45B
CMP DWORD PTR SS:[ARG.1],0
JE SHORT 0043D39A
MOV EAX,DWORD PTR SS:[ARG.1]
ADD DWORD PTR SS:[ARG.1],4
MOV DWORD PTR DS:[EAX],EDX
INC DWORD PTR DS:[ECX]
/XOR EBX,EBX
|INC EBX
|XOR ECX,ECX
|JMP SHORT 0043D3A5
|/INC ESI
||INC ECX
||CMP BYTE PTR DS:[ESI],5C
|\JE SHORT 0043D3A3
|CMP BYTE PTR DS:[ESI],22
|JNE SHORT 0043D3D5
|TEST CL,01
|JNE SHORT 0043D3D3
|CMP DWORD PTR SS:[LOCAL.1],0
|JE SHORT 0043D3C6
|LEA EAX,[ESI+1]
|CMP BYTE PTR DS:[EAX],22
|JNE SHORT 0043D3C6
|MOV ESI,EAX
|JMP SHORT 0043D3D3
|XOR EAX,EAX
|XOR EBX,EBX
|CMP DWORD PTR SS:[LOCAL.1],EAX
|SETE AL
|MOV DWORD PTR SS:[LOCAL.1],EAX
|SHR ECX,1
|TEST ECX,ECX
|JE SHORT 0043D3EB
|/DEC ECX
||TEST EDX,EDX
||JE SHORT 0043D3E2
||MOV BYTE PTR DS:[EDX],5C
||INC EDX
||INC DWORD PTR DS:[EDI]
||TEST ECX,ECX
|\JNE SHORT 0043D3D9
|MOV DWORD PTR SS:[ARG.2],EDX
|MOV AL,BYTE PTR DS:[ESI]
|TEST AL,AL
|JE SHORT 0043D446
|CMP DWORD PTR SS:[LOCAL.1],0
|JNE SHORT 0043D3FF
|CMP AL,20
|JE SHORT 0043D446
|CMP AL,9
|JE SHORT 0043D446

0043D3FF |> 85DB


0043D401 |. 74 3D
0043D403 |. 0FBEC0
0043D406 |. 50
0043D407 |. 85D2
0043D409 |. 74 23
0043D40B |. E8 1E300000
nfo.0044042E
0043D410 |. 59
0043D411 |. 85C0
0043D413 |. 74 0D
0043D415 |. 8A06
0043D417 |. 8B4D 0C
0043D41A |. FF45 0C
0043D41D |. 8801
0043D41F |. 46
0043D420 |. FF07
0043D422 |> 8B4D 0C
0043D425 |. 8A06
0043D427 |. FF45 0C
0043D42A |. 8801
0043D42C |. EB 0D
0043D42E |> E8 FB2F0000
fo.0044042E
0043D433 |. 59
0043D434 |. 85C0
0043D436 |. 74 03
0043D438 |. 46
0043D439 |. FF07
0043D43B |> FF07
0043D43D |. 8B55 0C
0043D440 |> 46
0043D441 |.^ E9 56FFFFFF
0043D446 |> 85D2
0043D448 |. 74 07
0043D44A |. C602 00
0043D44D |. 42
0043D44E |. 8955 0C
0043D451 |> FF07
0043D453 |. 8B4D 10
0043D456 |.^ E9 0EFFFFFF
0043D45B |> 8B45 08
0043D45E |. 5E
0043D45F |. 5B
0043D460 |. 85C0
0043D462 |. 74 03
0043D464 |. 8320 00
0043D467 |> FF01
0043D469 |. C9
0043D46A \. C3
0043D46B /$ 8BFF
o.0043D46B(guessed void)
0043D46D |. 55
0043D46E |. 8BEC
0043D470 |. 83EC 0C
0043D473 |. 53
0043D474 |. 33DB
0043D476 |. 56
0043D477 |. 57
0043D478 |. 391D D0484500

|TEST EBX,EBX
|JE SHORT 0043D440
|MOVSX EAX,AL
|PUSH EAX
|TEST EDX,EDX
|JE SHORT 0043D42E
|CALL 0044042E

;
;
;
;

//Arg1
||
||
|\SystemI

|POP ECX
|TEST EAX,EAX
|JE SHORT 0043D422
|MOV AL,BYTE PTR DS:[ESI]
|MOV ECX,DWORD PTR SS:[ARG.2]
|INC DWORD PTR SS:[ARG.2]
|MOV BYTE PTR DS:[ECX],AL
|INC ESI
|INC DWORD PTR DS:[EDI]
|MOV ECX,DWORD PTR SS:[ARG.2]
|MOV AL,BYTE PTR DS:[ESI]
|INC DWORD PTR SS:[ARG.2]
|MOV BYTE PTR DS:[ECX],AL
|JMP SHORT 0043D43B
|CALL 0044042E

;
;
;
;
;
;
;
;
;
;
;
;
;
;
;

|
|
|
|
|
|
|
|
|
|
|
|
|
|
\SystemIn

|POP ECX
|TEST EAX,EAX
|JE SHORT 0043D43B
|INC ESI
|INC DWORD PTR DS:[EDI]
|INC DWORD PTR DS:[EDI]
|MOV EDX,DWORD PTR SS:[ARG.2]
|INC ESI
\JMP 0043D39C
TEST EDX,EDX
JE SHORT 0043D451
MOV BYTE PTR DS:[EDX],0
INC EDX
MOV DWORD PTR SS:[ARG.2],EDX
INC DWORD PTR DS:[EDI]
MOV ECX,DWORD PTR SS:[ARG.3]
JMP 0043D369
MOV EAX,DWORD PTR SS:[ARG.1]
POP ESI
POP EBX
TEST EAX,EAX
JE SHORT 0043D467
AND DWORD PTR DS:[EAX],00000000
INC DWORD PTR DS:[ECX]
LEAVE
RETN
MOV EDI,EDI

; SystemInf

PUSH EBP
MOV EBP,ESP
SUB ESP,0C
PUSH EBX
XOR EBX,EBX
PUSH ESI
PUSH EDI
CMP DWORD PTR DS:[4548D0],EBX

0043D47E |. 75 05
0043D480 |. E8 B08DFFFF
0043D485 |> 68 04010000
260.
0043D48A |. BE 28354500
0043D48F |. 56
0043D490 |. 53
0043D491 |. 881D 2C364500
0043D497 |. FF15 10814400
.GetModuleFileNameA
0043D49D |. A1 E0484500
0043D4A2 |. 8935 F0314500
0043D4A8 |. 3BC3
0043D4AA |. 74 07
0043D4AC |. 8945 FC
0043D4AF |. 3818
0043D4B1 |. 75 03
0043D4B3 |> 8975 FC
0043D4B6 |> 8B55 FC
0043D4B9 |. 8D45 F8
0043D4BC |. 50
OFFSET LOCAL.2
0043D4BD |. 53
0043D4BE |. 53
0043D4BF |. 8D7D F4
0043D4C2 |. E8 0AFEFFFF
fo.0043D2D1
0043D4C7 |. 8B45 F8
0043D4CA |. 83C4 0C
0043D4CD |. 3D FFFFFF3F
0043D4D2 |. 73 4A
0043D4D4 |. 8B4D F4
0043D4D7 |. 83F9 FF
0043D4DA |. 73 42
0043D4DC |. 8BF8
0043D4DE |. C1E7 02
0043D4E1 |. 8D040F
0043D4E4 |. 3BC1
0043D4E6 |. 72 36
0043D4E8 |. 50
0043D4E9 |. E8 2579FFFF
fo.00434E13
0043D4EE |. 8BF0
0043D4F0 |. 59
0043D4F1 |. 3BF3
0043D4F3 |. 74 29
0043D4F5 |. 8B55 FC
0043D4F8 |. 8D45 F8
0043D4FB |. 50
OFFSET LOCAL.2
0043D4FC |. 03FE
0043D4FE |. 57
0043D4FF |. 56
0043D500 |. 8D7D F4
0043D503 |. E8 C9FDFFFF
fo.0043D2D1
0043D508 |. 8B45 F8
0043D50B |. 83C4 0C
0043D50E |. 48
0043D50F |. A3 D4314500

JNE SHORT 0043D485


CALL 00436235
PUSH 104

; /Count =

MOV ESI,OFFSET 00453528


PUSH ESI
PUSH EBX
MOV BYTE PTR DS:[45362C],BL
CALL DWORD PTR DS:[<&KERNEL32.GetModuleF

;
;
;
;
;

MOV EAX,DWORD PTR DS:[4548E0]


MOV DWORD PTR DS:[4531F0],ESI
CMP EAX,EBX
JE SHORT 0043D4B3
MOV DWORD PTR SS:[LOCAL.1],EAX
CMP BYTE PTR DS:[EAX],BL
JNE SHORT 0043D4B6
MOV DWORD PTR SS:[LOCAL.1],ESI
MOV EDX,DWORD PTR SS:[LOCAL.1]
LEA EAX,[LOCAL.2]
PUSH EAX

; /Arg3 =>

PUSH EBX
PUSH EBX
LEA EDI,[LOCAL.3]
CALL 0043D2D1

;
;
;
;

MOV EAX,DWORD PTR SS:[LOCAL.2]


ADD ESP,0C
CMP EAX,3FFFFFFF
JNB SHORT 0043D51E
MOV ECX,DWORD PTR SS:[LOCAL.3]
CMP ECX,-1
JNB SHORT 0043D51E
MOV EDI,EAX
SHL EDI,2
LEA EAX,[ECX+EDI]
CMP EAX,ECX
JB SHORT 0043D51E
PUSH EAX
CALL 00434E13

; /Arg1
; \SystemIn

MOV ESI,EAX
POP ECX
CMP ESI,EBX
JE SHORT 0043D51E
MOV EDX,DWORD PTR SS:[LOCAL.1]
LEA EAX,[LOCAL.2]
PUSH EAX

; /Arg3 =>

ADD EDI,ESI
PUSH EDI
PUSH ESI
LEA EDI,[LOCAL.3]
CALL 0043D2D1

;
;
;
;
;

MOV
ADD
DEC
MOV

EAX,DWORD PTR SS:[LOCAL.2]


ESP,0C
EAX
DWORD PTR DS:[4531D4],EAX

|
|Buffer
|hModule
|
\KERNEL32

|Arg2
|Arg1
|
\SystemIn

|
|Arg2
|Arg1
|
\SystemIn

0043D514 |. 8935 D8314500 MOV DWORD PTR DS:[4531D8],ESI


0043D51A |. 33C0
XOR EAX,EAX
0043D51C |. EB 03
JMP SHORT 0043D521
0043D51E |> 83C8 FF
OR EAX,FFFFFFFF
0043D521 |> 5F
POP EDI
0043D522 |. 5E
POP ESI
0043D523 |. 5B
POP EBX
0043D524 |. C9
LEAVE
0043D525 \. C3
RETN
0043D526 /$ 8BFF
MOV EDI,EDI
o.0043D526(guessed void)
0043D528 |. 55
PUSH EBP
0043D529 |. 8BEC
MOV EBP,ESP
0043D52B |. A1 30364500 MOV EAX,DWORD PTR DS:[453630]
0043D530 |. 83EC 0C
SUB ESP,0C
0043D533 |. 53
PUSH EBX
0043D534 |. 56
PUSH ESI
0043D535 |. 8B35 F8804400 MOV ESI,DWORD PTR DS:[<&KERNEL32.GetEnvi
ERNELBASE.GetEnvironmentStringsW
0043D53B |. 57
PUSH EDI
0043D53C |. 33DB
XOR EBX,EBX
0043D53E |. 33FF
XOR EDI,EDI
0043D540 |. 3BC3
CMP EAX,EBX
0043D542 |. 75 2E
JNE SHORT 0043D572
0043D544 |. FFD6
CALL ESI
.GetEnvironmentStringsW
0043D546 |. 8BF8
MOV EDI,EAX
0043D548 |. 3BFB
CMP EDI,EBX
0043D54A |. 74 0C
JE SHORT 0043D558
0043D54C |. C705 30364500 MOV DWORD PTR DS:[453630],1
0043D556 |. EB 23
JMP SHORT 0043D57B
0043D558 |> FF15 58804400 CALL DWORD PTR DS:[<&KERNEL32.GetLastErr
.GetLastError
0043D55E |. 83F8 78
CMP EAX,78
=> ERROR_CALL_NOT_IMPLEMENTED
0043D561 |. 75 0A
JNE SHORT 0043D56D
0043D563 |. 6A 02
PUSH 2
0043D565 |. 58
POP EAX
0043D566 |. A3 30364500 MOV DWORD PTR DS:[453630],EAX
0043D56B |. EB 05
JMP SHORT 0043D572
0043D56D |> A1 30364500 MOV EAX,DWORD PTR DS:[453630]
0043D572 |> 83F8 01
CMP EAX,1
0043D575 |. 0F85 81000000 JNE 0043D5FC
0043D57B |> 3BFB
CMP EDI,EBX
0043D57D |. 75 0F
JNE SHORT 0043D58E
0043D57F |. FFD6
CALL ESI
.GetEnvironmentStringsW
0043D581 |. 8BF8
MOV EDI,EAX
0043D583 |. 3BFB
CMP EDI,EBX
0043D585 |. 75 07
JNE SHORT 0043D58E
0043D587 |> 33C0
XOR EAX,EAX
0043D589 |. E9 CA000000 JMP 0043D658
0043D58E |> 8BC7
MOV EAX,EDI
0043D590 |. 66:391F
CMP WORD PTR DS:[EDI],BX
0043D593 |. 74 0E
JE SHORT 0043D5A3
0043D595 |> 40
/INC EAX
0043D596 |. 40
|INC EAX
0043D597 |. 66:3918
|CMP WORD PTR DS:[EAX],BX
0043D59A |.^ 75 F9
|JNE SHORT 0043D595
0043D59C |. 40
|INC EAX

; SystemInf

; Jump to K

; [KERNEL32

; [KERNEL32
; CONST 78

; [KERNEL32

0043D59D |. 40
0043D59E |. 66:3918
0043D5A1 |.^ 75 F2
0043D5A3 |> 8B35 38814400
0043D5A9 |. 53
harUsed => NULL
0043D5AA |. 53
har => NULL
0043D5AB |. 53
nt => 0
0043D5AC |. 2BC7
0043D5AE |. 53
e => NULL
0043D5AF |. D1F8
0043D5B1 |. 40
0043D5B2 |. 50
t
0043D5B3 |. 57
0043D5B4 |. 53
0
0043D5B5 |. 53
=> CP_ACP
0043D5B6 |. 8945 F4
0043D5B9 |. FFD6
.WideCharToMultiByte
0043D5BB |. 8945 F8
0043D5BE |. 3BC3
0043D5C0 |. 74 2F
0043D5C2 |. 50
0043D5C3 |. E8 4B78FFFF
fo.00434E13
0043D5C8 |. 59
0043D5C9 |. 8945 FC
0043D5CC |. 3BC3
0043D5CE |. 74 21
0043D5D0 |. 53
harUsed
0043D5D1 |. 53
har
0043D5D2 |. FF75 F8
nt => [LOCAL.2]
0043D5D5 |. 50
e
0043D5D6 |. FF75 F4
t => [LOCAL.3]
0043D5D9 |. 57
0043D5DA |. 53
0043D5DB |. 53
0043D5DC |. FFD6
.WideCharToMultiByte
0043D5DE |. 85C0
0043D5E0 |. 75 0C
0043D5E2 |. FF75 FC
[LOCAL.1]
0043D5E5 |. E8 F45BFFFF
fo.004331DE
0043D5EA |. 59
0043D5EB |. 895D FC
0043D5EE |> 8B5D FC
0043D5F1 |> 57

|INC EAX
|CMP WORD PTR DS:[EAX],BX
\JNE SHORT 0043D595
MOV ESI,DWORD PTR DS:[<&KERNEL32.WideCha
PUSH EBX
; /DefaultC
PUSH EBX

; |DefaultC

PUSH EBX

; |MultiCou

SUB EAX,EDI
PUSH EBX

; |
; |MultiByt

SAR EAX,1
INC EAX
PUSH EAX

; |
; |
; |WideCoun

PUSH EDI
PUSH EBX

; |WideChar
; |Flags =>

PUSH EBX

; |CodePage

MOV DWORD PTR SS:[LOCAL.3],EAX


CALL ESI

; |
; \KERNEL32

MOV DWORD PTR SS:[LOCAL.2],EAX


CMP EAX,EBX
JE SHORT 0043D5F1
PUSH EAX
CALL 00434E13

; /Arg1
; \SystemIn

POP ECX
MOV DWORD PTR SS:[LOCAL.1],EAX
CMP EAX,EBX
JE SHORT 0043D5F1
PUSH EBX

; /DefaultC

PUSH EBX

; |DefaultC

PUSH DWORD PTR SS:[LOCAL.2]

; |MultiCou

PUSH EAX

; |MultiByt

PUSH DWORD PTR SS:[LOCAL.3]

; |WideCoun

PUSH
PUSH
PUSH
CALL

;
;
;
;

EDI
EBX
EBX
ESI

|WideChar
|Flags
|CodePage
\KERNEL32

TEST EAX,EAX
JNE SHORT 0043D5EE
PUSH DWORD PTR SS:[LOCAL.1]

; /Arg1 =>

CALL 004331DE

; \SystemIn

POP ECX
MOV DWORD PTR SS:[LOCAL.1],EBX
MOV EBX,DWORD PTR SS:[LOCAL.1]
PUSH EDI

; /pBlock

0043D5F2 |. FF15 FC804400


.FreeEnvironmentStringsW
0043D5F8 |. 8BC3
0043D5FA |. EB 5C
0043D5FC |> 83F8 02
0043D5FF |. 74 04
0043D601 |. 3BC3
0043D603 |.^ 75 82
0043D605 |> FF15 00814400
.GetEnvironmentStrings
0043D60B |. 8BF0
0043D60D |. 3BF3
0043D60F |.^ 0F84 72FFFFFF
0043D615 |. 381E
0043D617 |. 74 0A
0043D619 |> 40
0043D61A |. 3818
0043D61C |.^ 75 FB
0043D61E |. 40
0043D61F |. 3818
0043D621 |.^ 75 F6
0043D623 |> 2BC6
0043D625 |. 40
0043D626 |. 50
0043D627 |. 8945 F8
0043D62A |. E8 E477FFFF
fo.00434E13
0043D62F |. 8BF8
0043D631 |. 59
0043D632 |. 3BFB
0043D634 |. 75 0C
0043D636 |. 56
0043D637 |. FF15 0C814400
.FreeEnvironmentStringsA
0043D63D |.^ E9 45FFFFFF
0043D642 |> FF75 F8
[LOCAL.2]
0043D645 |. 56
0043D646 |. 57
0043D647 |. E8 A41BFFFF
fo.0042F1F0
0043D64C |. 83C4 0C
0043D64F |. 56
0043D650 |. FF15 0C814400
.FreeEnvironmentStringsA
0043D656 |. 8BC7
0043D658 |> 5F
0043D659 |. 5E
0043D65A |. 5B
0043D65B |. C9
0043D65C \. C3
0043D65D /$ 8BFF
0043D65F |. 56
0043D660 |. B8 ECCA4400
0043D665 |. BE ECCA4400
0043D66A |. 57
0043D66B |. 8BF8
0043D66D |. 3BC6
0043D66F |. 73 0F
0043D671 |> 8B07

CALL DWORD PTR DS:[<&KERNEL32.FreeEnviro ; \KERNEL32


MOV EAX,EBX
JMP SHORT 0043D658
CMP EAX,2
JE SHORT 0043D605
CMP EAX,EBX
JNE SHORT 0043D587
CALL DWORD PTR DS:[<&KERNEL32.GetEnviron ; [KERNEL32
MOV ESI,EAX
CMP ESI,EBX
JE 0043D587
CMP BYTE PTR DS:[ESI],BL
JE SHORT 0043D623
/INC EAX
|CMP BYTE PTR DS:[EAX],BL
|JNE SHORT 0043D619
|INC EAX
|CMP BYTE PTR DS:[EAX],BL
\JNE SHORT 0043D619
SUB EAX,ESI
INC EAX
PUSH EAX
MOV DWORD PTR SS:[LOCAL.2],EAX
CALL 00434E13

; /Arg1
; |
; \SystemIn

MOV EDI,EAX
POP ECX
CMP EDI,EBX
JNE SHORT 0043D642
PUSH ESI
; /pBlock
CALL DWORD PTR DS:[<&KERNEL32.FreeEnviro ; \KERNEL32
JMP 0043D587
PUSH DWORD PTR SS:[LOCAL.2]

; /Arg3 =>

PUSH ESI
PUSH EDI
CALL 0042F1F0

; |Arg2
; |Arg1
; \SystemIn

ADD ESP,0C
PUSH ESI
; /pBlock
CALL DWORD PTR DS:[<&KERNEL32.FreeEnviro ; \KERNEL32
MOV EAX,EDI
POP EDI
POP ESI
POP EBX
LEAVE
RETN
MOV EDI,EDI
PUSH ESI
MOV EAX,OFFSET 0044CAEC
MOV ESI,OFFSET 0044CAEC
PUSH EDI
MOV EDI,EAX
CMP EAX,ESI
JNB SHORT 0043D680
/MOV EAX,DWORD PTR DS:[EDI]

0043D673 |. 85C0
0043D675 |. 74 02
0043D677 |. FFD0
0043D679 |> 83C7 04
0043D67C |. 3BFE
0043D67E |.^ 72 F1
0043D680 |> 5F
0043D681 |. 5E
0043D682 \. C3
0043D683
8BFF
0043D685 /. 56
0043D686 |. B8 F4CA4400
0043D68B |. BE F4CA4400
0043D690 |. 57
0043D691 |. 8BF8
0043D693 |. 3BC6
0043D695 |. 73 0F
0043D697 |> 8B07
0043D699 |. 85C0
0043D69B |. 74 02
0043D69D |. FFD0
0043D69F |> 83C7 04
0043D6A2 |. 3BFE
0043D6A4 |.^ 72 F1
0043D6A6 |> 5F
0043D6A7 |. 5E
0043D6A8 \. C3
0043D6A9 /$ 8BFF
0043D6AB |. 55
0043D6AC |. 8BEC
0043D6AE |. 83EC 10
0043D6B1 |. A1 A0154500
0043D6B6 |. 8365 F8 00
0043D6BA |. 8365 FC 00
0043D6BE |. 53
0043D6BF |. 57
0043D6C0 |. BF 4EE640BB
0043D6C5 |. BB 0000FFFF
0043D6CA |. 3BC7
0043D6CC |. 74 0D
0043D6CE |. 85C3
0043D6D0 |. 74 09
0043D6D2 |. F7D0
0043D6D4 |. A3 A4154500
0043D6D9 |. EB 60
0043D6DB |> 56
0043D6DC |. 8D45 F8
0043D6DF |. 50
e => OFFSET LOCAL.2
0043D6E0 |. FF15 E8804400
.GetSystemTimeAsFileTime
0043D6E6 |. 8B75 FC
0043D6E9 |. 3375 F8
0043D6EC |. FF15 EC804400
.GetCurrentProcessId
0043D6F2 |. 33F0
0043D6F4 |. FF15 98814400
.GetCurrentThreadId
0043D6FA |. 33F0
0043D6FC |. FF15 F0804400

|TEST EAX,EAX
|JE SHORT 0043D679
|CALL EAX
|ADD EDI,4
|CMP EDI,ESI
\JB SHORT 0043D671
POP EDI
POP ESI
RETN
MOV EDI,EDI
PUSH ESI
MOV EAX,OFFSET 0044CAF4
MOV ESI,OFFSET 0044CAF4
PUSH EDI
MOV EDI,EAX
CMP EAX,ESI
JNB SHORT 0043D6A6
/MOV EAX,DWORD PTR DS:[EDI]
|TEST EAX,EAX
|JE SHORT 0043D69F
|CALL EAX
|ADD EDI,4
|CMP EDI,ESI
\JB SHORT 0043D697
POP EDI
POP ESI
RETN
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
SUB ESP,10
MOV EAX,DWORD PTR DS:[4515A0]
AND DWORD PTR SS:[LOCAL.2],00000000
AND DWORD PTR SS:[LOCAL.1],00000000
PUSH EBX
PUSH EDI
MOV EDI,BB40E64E
MOV EBX,FFFF0000
CMP EAX,EDI
JE SHORT 0043D6DB
TEST EBX,EAX
JE SHORT 0043D6DB
NOT EAX
MOV DWORD PTR DS:[4515A4],EAX
JMP SHORT 0043D73B
PUSH ESI
LEA EAX,[LOCAL.2]
PUSH EAX

; /pFiletim

CALL DWORD PTR DS:[<&KERNEL32.GetSystemT ; \KERNEL32


MOV ESI,DWORD PTR SS:[LOCAL.1]
XOR ESI,DWORD PTR SS:[LOCAL.2]
CALL DWORD PTR DS:[<&KERNEL32.GetCurrent ; [KERNEL32
XOR ESI,EAX
CALL DWORD PTR DS:[<&KERNEL32.GetCurrent ; [KERNEL32
XOR ESI,EAX
CALL DWORD PTR DS:[<&KERNEL32.GetTickCou ; [KERNEL32

.GetTickCount
0043D702 |. 33F0
0043D704 |. 8D45 F0
0043D707 |. 50
0043D708 |. FF15 F4804400
0043D70E |. 8B45 F4
0043D711 |. 3345 F0
0043D714 |. 33F0
0043D716 |. 3BF7
0043D718 |. 75 07
0043D71A |. BE 4FE640BB
0043D71F |. EB 0B
0043D721 |> 85F3
0043D723 |. 75 07
0043D725 |. 8BC6
0043D727 |. C1E0 10
0043D72A |. 0BF0
0043D72C |> 8935 A0154500
0043D732 |. F7D6
0043D734 |. 8935 A4154500
0043D73A |. 5E
0043D73B |> 5F
0043D73C |. 5B
0043D73D |. C9
0043D73E \. C3
0043D73F /$ 8BFF
o.0043D73F(guessed Arg1)
0043D741 |. 55
0043D742 |. 8BEC
0043D744 |. 33C0
0043D746 |. 40
0043D747 |. 837D 08 00
0043D74B |. 75 02
0043D74D |. 33C0
0043D74F |> 5D
0043D750 \. C3
0043D751 /$ 8BFF
0043D753 |. 55
0043D754 |. 8BEC
0043D756 |. 8B45 08
0043D759 |. A3 34364500
0043D75E |. A3 38364500
0043D763 |. A3 3C364500
0043D768 |. A3 40364500
0043D76D |. 5D
0043D76E \. C3
0043D76F /$ 8BFF
0043D771 |. 55
0043D772 |. 8BEC
0043D774 |. 8B45 08
0043D777 |. 8B0D 9C234500
0043D77D |. 56
0043D77E |> 3950 04
0043D781 |. 74 0F
0043D783 |. 8BF1
0043D785 |. 6BF6 0C
0043D788 |. 0375 08
0043D78B |. 83C0 0C
0043D78E |. 3BC6
0043D790 |.^ 72 EC

XOR ESI,EAX
LEA EAX,[LOCAL.4]
PUSH EAX
CALL DWORD PTR DS:[<&KERNEL32.QueryPerfo
MOV EAX,DWORD PTR SS:[LOCAL.3]
XOR EAX,DWORD PTR SS:[LOCAL.4]
XOR ESI,EAX
CMP ESI,EDI
JNE SHORT 0043D721
MOV ESI,BB40E64F
JMP SHORT 0043D72C
TEST EBX,ESI
JNE SHORT 0043D72C
MOV EAX,ESI
SHL EAX,10
OR ESI,EAX
MOV DWORD PTR DS:[4515A0],ESI
NOT ESI
MOV DWORD PTR DS:[4515A4],ESI
POP ESI
POP EDI
POP EBX
LEAVE
RETN
MOV EDI,EDI
; SystemInf
PUSH EBP
MOV EBP,ESP
XOR EAX,EAX
INC EAX
CMP DWORD PTR SS:[ARG.1],0
JNE SHORT 0043D74F
XOR EAX,EAX
POP EBP
RETN
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
MOV EAX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR DS:[453634],EAX
MOV DWORD PTR DS:[453638],EAX
MOV DWORD PTR DS:[45363C],EAX
MOV DWORD PTR DS:[453640],EAX
POP EBP
RETN
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ECX,DWORD PTR DS:[45239C]
PUSH ESI
/CMP DWORD PTR DS:[EAX+4],EDX
|JE SHORT 0043D792
|MOV ESI,ECX
|IMUL ESI,ESI,0C
|ADD ESI,DWORD PTR SS:[ARG.1]
|ADD EAX,0C
|CMP EAX,ESI
\JB SHORT 0043D77E

0043D792 |> 6BC9 0C


0043D795 |. 034D 08
0043D798 |. 5E
0043D799 |. 3BC1
0043D79B |. 73 05
0043D79D |. 3950 04
0043D7A0 |. 74 02
0043D7A2 |> 33C0
0043D7A4 |> 5D
0043D7A5 \. C3
0043D7A6 /$ FF35 3C364500
0043D7AC |. E8 1579FFFF
fo.004350C6
0043D7B1 |. 59
0043D7B2 \. C3
0043D7B3 /$ 6A 20
0043D7B5 |. 68 68F54400
0043D7BA |. E8 2DB2FFFF
0043D7BF |. 33FF
0043D7C1 |. 897D E4
0043D7C4 |. 897D D8
0043D7C7 |. 8B5D 08
0043D7CA |. 83FB 0B
ases B..16, 4 exits)
0043D7CD |. 7F 4C
0043D7CF |. 74 15
0043D7D1 |. 8BC3
0043D7D3 |. 6A 02
0043D7D5 |. 59
0043D7D6 |. 2BC1
0043D7D8 |. 74 22
0043D7DA |. 2BC1
0043D7DC |. 74 08
0043D7DE |. 2BC1
0043D7E0 |. 74 64
0043D7E2 |. 2BC1
0043D7E4 |. 75 44
0043D7E6 |> E8 AE7AFFFF
switch SystemInfo.43D7CA
0043D7EB |. 8BF8
0043D7ED |. 897D D8
0043D7F0 |. 85FF
0043D7F2 |. 75 14
0043D7F4 |> 83C8 FF
0043D7F7 |. E9 61010000
0043D7FC |> BE 34364500
0043D801 |. A1 34364500
0043D806 |. EB 60
0043D808 |> FF77 5C
0043D80B |. 8BD3
0043D80D |. E8 5DFFFFFF
0043D812 |. 8BF0
0043D814 |. 83C6 08
0043D817 |. 8B06
0043D819 |. EB 5A
0043D81B |> 8BC3
0043D81D |. 83E8 0F
0043D820 |. 74 3C
0043D822 |. 83E8 06
0043D825 |. 74 2B

IMUL ECX,ECX,0C
ADD ECX,DWORD PTR SS:[ARG.1]
POP ESI
CMP EAX,ECX
JNB SHORT 0043D7A2
CMP DWORD PTR DS:[EAX+4],EDX
JE SHORT 0043D7A4
XOR EAX,EAX
POP EBP
RETN
PUSH DWORD PTR DS:[45363C]
CALL 004350C6

; /Arg1 = 0
; \SystemIn

POP ECX
RETN
PUSH 20
PUSH OFFSET 0044F568
CALL 004389EC
XOR EDI,EDI
MOV DWORD PTR SS:[EBP-1C],EDI
MOV DWORD PTR SS:[EBP-28],EDI
MOV EBX,DWORD PTR SS:[EBP+8]
CMP EBX,0B

; Switch (c

JG SHORT 0043D81B
JE SHORT 0043D7E6
MOV EAX,EBX
PUSH 2
POP ECX
SUB EAX,ECX
JE SHORT 0043D7FC
SUB EAX,ECX
JE SHORT 0043D7E6
SUB EAX,ECX
JE SHORT 0043D846
SUB EAX,ECX
JNE SHORT 0043D82A
CALL 00435299

; Case B of

MOV EDI,EAX
MOV DWORD PTR SS:[EBP-28],EDI
TEST EDI,EDI
JNE SHORT 0043D808
OR EAX,FFFFFFFF
JMP 0043D95D
MOV ESI,OFFSET 00453634
MOV EAX,DWORD PTR DS:[453634]
JMP SHORT 0043D868
PUSH DWORD PTR DS:[EDI+5C]
MOV EDX,EBX
CALL 0043D76F
MOV ESI,EAX
ADD ESI,8
MOV EAX,DWORD PTR DS:[ESI]
JMP SHORT 0043D875
MOV EAX,EBX
SUB EAX,0F
JE SHORT 0043D85E
SUB EAX,6
JE SHORT 0043D852

0043D827 |. 48
0043D828 |. 74 1C
0043D82A |> E8 CE6BFFFF
fo.004343FD
0043D82F |. C700 16000000
0043D835 |. 33C0
0043D837 |. 50
0
0043D838 |. 50
0
0043D839 |. 50
0
0043D83A |. 50
0
0043D83B |. 50
0
0043D83C |. E8 2110FFFF
fo.0042E862
0043D841 |. 83C4 14
0043D844 |.^ EB AE
0043D846 |> BE 3C364500
f switch SystemInfo.43D7CA
0043D84B |. A1 3C364500
0043D850 |. EB 16
0043D852 |> BE 38364500
f switch SystemInfo.43D7CA
0043D857 |. A1 38364500
0043D85C |. EB 0A
0043D85E |> BE 40364500
switch SystemInfo.43D7CA
0043D863 |. A1 40364500
0043D868 |> C745 E4 01000
0043D86F |. 50
0043D870 |. E8 5178FFFF
fo.004350C6
0043D875 |> 8945 E0
0043D878 |. 59
0043D879 |. 33C0
0043D87B |. 837D E0 01
0043D87F |. 0F84 D8000000
0043D885 |. 3945 E0
0043D888 |. 75 07
0043D88A |. 6A 03
0043D88C |. E8 D8B0FFFF
0043D891 |> 3945 E4
0043D894 |. 74 07
0043D896 |. 50
0043D897 |. E8 E4ADFFFF
fo.00438680
0043D89C |. 59
0043D89D |> 33C0
0043D89F |. 8945 FC
0043D8A2 |. 83FB 08
0043D8A5 |. 74 0A
0043D8A7 |. 83FB 0B
0043D8AA |. 74 05
0043D8AC |. 83FB 04
0043D8AF |. 75 1B
0043D8B1 |> 8B4F 60
0043D8B4 |. 894D D4

DEC EAX
JE SHORT 0043D846
CALL 004343FD

; [SystemIn

MOV DWORD PTR DS:[EAX],16


XOR EAX,EAX
PUSH EAX

; /Arg5 =>

PUSH EAX

; |Arg4 =>

PUSH EAX

; |Arg3 =>

PUSH EAX

; |Arg2 =>

PUSH EAX

; |Arg1 =>

CALL 0042E862

; \SystemIn

ADD ESP,14
JMP SHORT 0043D7F4
MOV ESI,OFFSET 0045363C

; Case 16 o

MOV EAX,DWORD PTR DS:[45363C]


JMP SHORT 0043D868
MOV ESI,OFFSET 00453638

; Case 15 o

MOV EAX,DWORD PTR DS:[453638]


JMP SHORT 0043D868
MOV ESI,OFFSET 00453640

; Case F of

MOV EAX,DWORD PTR DS:[453640]


MOV DWORD PTR SS:[EBP-1C],1
PUSH EAX
CALL 004350C6

; /Arg1
; \SystemIn

MOV DWORD PTR SS:[EBP-20],EAX


POP ECX
XOR EAX,EAX
CMP DWORD PTR SS:[EBP-20],1
JE 0043D95D
CMP DWORD PTR SS:[EBP-20],EAX
JNE SHORT 0043D891
PUSH 3
CALL 00438969
CMP DWORD PTR SS:[EBP-1C],EAX
JE SHORT 0043D89D
PUSH EAX
CALL 00438680

; /Arg1
; \SystemIn

POP ECX
XOR EAX,EAX
MOV DWORD PTR SS:[EBP-4],EAX
CMP EBX,8
JE SHORT 0043D8B1
CMP EBX,0B
JE SHORT 0043D8B1
CMP EBX,4
JNE SHORT 0043D8CC
MOV ECX,DWORD PTR DS:[EDI+60]
MOV DWORD PTR SS:[EBP-2C],ECX

0043D8B7 |.
0043D8BA |.
0043D8BD |.
0043D8BF |.
0043D8C2 |.
0043D8C5 |.
0043D8CC |>
0043D8CF |.
0043D8D1 |.
0043D8D7 |.
0043D8DA |>
0043D8E0 |.
0043D8E6 |.
0043D8E8 |.
0043D8EB |.
0043D8ED |.
0043D8F0 |.
0043D8F3 |.
0043D8F6 |.
0043D8FA |.
0043D8FD |.^
0043D8FF |>
fo.004350BD
0043D904 |.
0043D906 |>
0043D90D |.
0043D912 |.
0043D915 |.
0043D917 |.
0043D91A |.
0043D91B |.
0043D91E |.
0043D91F \.
0043D921
0043D922
0043D923
0043D924
0043D925
0043D926
0043D927 /$
0043D92B |.
0043D92D |.
0043D92F |.
fo.004385A6
0043D934 |.
0043D935 \>
0043D936 />
0043D937 |.
0043D93A |>
0043D93B |.
0043D93E |.
0043D940 |.
0043D943 |.
0043D945 |.
0043D948 |.
0043D94A |>
0043D94D |.
0043D950 |.
0043D953 |.
0043D955 |.

8947 60
83FB 08
75 40
8B4F 64
894D D0
C747 64 8C000
83FB 08
75 2E
8B0D 90234500
894D DC
8B0D 94234500
8B15 90234500
03CA
394D DC
7D 19
8B4D DC
6BC9 0C
8B57 5C
894411 08
FF45 DC
EB DB
E8 B977FFFF

MOV DWORD PTR DS:[EDI+60],EAX


CMP EBX,8
JNE SHORT 0043D8FF
MOV ECX,DWORD PTR DS:[EDI+64]
MOV DWORD PTR SS:[EBP-30],ECX
MOV DWORD PTR DS:[EDI+64],8C
CMP EBX,8
JNE SHORT 0043D8FF
MOV ECX,DWORD PTR DS:[452390]
MOV DWORD PTR SS:[EBP-24],ECX
/MOV ECX,DWORD PTR DS:[452394]
|MOV EDX,DWORD PTR DS:[452390]
|ADD ECX,EDX
|CMP DWORD PTR SS:[EBP-24],ECX
|JGE SHORT 0043D906
|MOV ECX,DWORD PTR SS:[EBP-24]
|IMUL ECX,ECX,0C
|MOV EDX,DWORD PTR DS:[EDI+5C]
|MOV DWORD PTR DS:[EDX+ECX+8],EAX
|INC DWORD PTR SS:[EBP-24]
\JMP SHORT 0043D8DA
CALL 004350BD

8906
C745 FC FEFFF
E8 15000000
83FB 08
75 1F
FF77 64
53
FF55 E0
59
EB 19
8B
5D
08
8B
7D
D8
837D E4 00
74 08
6A 00
E8 72ACFFFF

MOV DWORD PTR DS:[ESI],EAX


MOV DWORD PTR SS:[EBP-4],-2
CALL 0043D927
CMP EBX,8
JNE SHORT 0043D936
PUSH DWORD PTR DS:[EDI+64]
PUSH EBX
CALL DWORD PTR SS:[EBP-20]
POP ECX
JMP SHORT 0043D93A
DB 8B
DB 5D
DB 08
DB 8B
DB 7D
DB D8
CMP DWORD PTR SS:[EBP-1C],0
JE SHORT 0043D935
PUSH 0
CALL 004385A6

59
C3
53
FF55 E0
59
83FB 08
74 0A
83FB 0B
74 05
83FB 04
75 11
8B45 D4
8947 60
83FB 08
75 06
8B45 D0

POP ECX
RETN
PUSH EBX
CALL DWORD PTR SS:[EBP-20]
POP ECX
CMP EBX,8
JE SHORT 0043D94A
CMP EBX,0B
JE SHORT 0043D94A
CMP EBX,4
JNE SHORT 0043D95B
MOV EAX,DWORD PTR SS:[EBP-2C]
MOV DWORD PTR DS:[EDI+60],EAX
CMP EBX,8
JNE SHORT 0043D95B
MOV EAX,DWORD PTR SS:[EBP-30]

; [SystemIn

; CHAR ']'
; Backspace
; CHAR '}'

; /Arg1 = 0
; \SystemIn

0043D958 |. 8947 64
MOV DWORD PTR DS:[EDI+64],EAX
0043D95B |> 33C0
XOR EAX,EAX
0043D95D |> E8 CFB0FFFF CALL 00438A31
0043D962 \. C3
RETN
0043D963 /$ 8BFF
MOV EDI,EDI
o.0043D963(guessed Arg1,Arg2,Arg3,Arg4)
0043D965 |. 55
PUSH EBP
0043D966 |. 8BEC
MOV EBP,ESP
0043D968 |. 83EC 10
SUB ESP,10
0043D96B |. A1 6C374500 MOV EAX,DWORD PTR DS:[45376C]
0043D970 |. 53
PUSH EBX
0043D971 |. 56
PUSH ESI
0043D972 |. 8B75 0C
MOV ESI,DWORD PTR SS:[ARG.2]
0043D975 |. 57
PUSH EDI
0043D976 |. 33FF
XOR EDI,EDI
0043D978 |. 8945 FC
MOV DWORD PTR SS:[LOCAL.1],EAX
0043D97B |. 897D F4
MOV DWORD PTR SS:[LOCAL.3],EDI
0043D97E |. 897D F8
MOV DWORD PTR SS:[LOCAL.2],EDI
0043D981 |. 897D F0
MOV DWORD PTR SS:[LOCAL.4],EDI
0043D984 |. EB 02
JMP SHORT 0043D988
0043D986 |> 46
/INC ESI
0043D987 |. 46
|INC ESI
0043D988 |> 66:833E 20
|CMP WORD PTR DS:[ESI],20
0043D98C |.^ 74 F8
\JE SHORT 0043D986
0043D98E |. 0FB706
MOVZX EAX,WORD PTR DS:[ESI]
0043D991 |. 83F8 61
CMP EAX,61
0043D994 |. 74 38
JE SHORT 0043D9CE
0043D996 |. 83F8 72
CMP EAX,72
0043D999 |. 74 2B
JE SHORT 0043D9C6
0043D99B |. 83F8 77
CMP EAX,77
0043D99E |. 74 1F
JE SHORT 0043D9BF
0043D9A0 |> E8 586AFFFF CALL 004343FD
fo.004343FD
0043D9A5 |. 57
PUSH EDI
0043D9A6 |. 57
PUSH EDI
0043D9A7 |. 57
PUSH EDI
0043D9A8 |. 57
PUSH EDI
0043D9A9 |. 57
PUSH EDI
0043D9AA |. C700 16000000 MOV DWORD PTR DS:[EAX],16
0043D9B0 |. E8 AD0EFFFF CALL 0042E862
fo.0042E862
0043D9B5 |. 83C4 14
ADD ESP,14
0043D9B8 |> 33C0
XOR EAX,EAX
0043D9BA |. E9 53020000 JMP 0043DC12
0043D9BF |> BB 01030000 MOV EBX,301
0043D9C4 |. EB 0D
JMP SHORT 0043D9D3
0043D9C6 |> 33DB
XOR EBX,EBX
0043D9C8 |. 834D FC 01
OR DWORD PTR SS:[LOCAL.1],00000001
0043D9CC |. EB 09
JMP SHORT 0043D9D7
0043D9CE |> BB 09010000 MOV EBX,109
0043D9D3 |> 834D FC 02
OR DWORD PTR SS:[LOCAL.1],00000002
0043D9D7 |> 33C9
XOR ECX,ECX
0043D9D9 |. 41
INC ECX
0043D9DA |. 46
INC ESI
0043D9DB |. 46
INC ESI
0043D9DC |. 0FB706
MOVZX EAX,WORD PTR DS:[ESI]
0043D9DF |. 66:3BC7
CMP AX,DI
0043D9E2 |. 0F84 DB010000 JE 0043DBC3
0043D9E8 |. BA 00400000 MOV EDX,4000
0043D9ED |> 3BCF
/CMP ECX,EDI

; SystemInf

; [SystemIn
;
;
;
;
;
;
;

/Arg5
|Arg4
|Arg3
|Arg2
|Arg1
|
\SystemIn

0043D9EF
0043D9F5
0043D9F8
0043D9FB
0043DA01
0043DA07
0043DA0A
0043DA10
0043DA13
0043DA15
0043DA16
0043DA18
0043DA1B
0043DA1D
0043DA20
0043DA22
0043DA25
0043DA2B
0043DA2E
0043DA34
0043DA3B
0043DA3E
0043DA43
0043DA49
0043DA4E
0043DA51
0043DA57
0043DA5A
0043DA5F
0043DA66
0043DA6B
0043DA6E
0043DA74
0043DA77
0043DA7A
0043DA7D
0043DA80
0043DA85
0043DA88
0043DA8A
0043DA8D
0043DA8F
0043DA96
0043DA99
0043DA9B
0043DA9E
0043DAA0
0043DAA3
0043DAA5
0043DAA6
0043DAA8
0043DAAB
0043DAAD
0043DAB0
0043DAB6
0043DABC
0043DABE
0043DAC0
0043DAC2
0043DAC5

|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.^
|.
|.
|.
|.
|.
|>
|.
|>
|.
|.
|.
|>
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.^
|.
|.
|.
|.
|>
|.

0F84 20010000
0FB7C0
83F8 53
0F8F 9A000000
0F84 83000000
83E8 20
0F84 F7000000
83E8 0B
74 56
48
74 47
83E8 18
74 31
83E8 0A
74 21
83E8 04
0F85 75FFFFFF
397D F8
0F85 CD000000
C745 F8 01000
83CB 10
E9 C4000000
81CB 80000000
E9 B9000000
F6C3 40
0F85 AA000000
83CB 40
E9 A8000000
C745 F0 01000
E9 96000000
F6C3 02
0F85 8D000000
8B45 FC
83E3 FE
83E0 FC
83CB 02
0D 80000000
8945 FC
EB 7D
397D F8
75 72
C745 F8 01000
83CB 20
EB 6C
83E8 54
74 58
83E8 0E
74 43
48
74 2F
83E8 0B
74 15
83E8 06
0F85 EAFEFFFF
F7C3 00C00000
75 43
0BDA
EB 45
397D F4
75 3A

|JE 0043DB15
|MOVZX EAX,AX
|CMP EAX,53
|JG 0043DA9B
|JE 0043DA8A
|SUB EAX,20
|JE 0043DB07
|SUB EAX,0B
|JE SHORT 0043DA6B
|DEC EAX
|JE SHORT 0043DA5F
|SUB EAX,18
|JE SHORT 0043DA4E
|SUB EAX,0A
|JE SHORT 0043DA43
|SUB EAX,4
|JNE 0043D9A0
|CMP DWORD PTR SS:[LOCAL.2],EDI
|JNE 0043DB01
|MOV DWORD PTR SS:[LOCAL.2],1
|OR EBX,00000010
|JMP 0043DB07
|OR EBX,00000080
|JMP 0043DB07
|TEST BL,40
|JNE 0043DB01
|OR EBX,00000040
|JMP 0043DB07
|MOV DWORD PTR SS:[LOCAL.4],1
|JMP 0043DB01
|TEST BL,02
|JNE 0043DB01
|MOV EAX,DWORD PTR SS:[LOCAL.1]
|AND EBX,FFFFFFFE
|AND EAX,FFFFFFFC
|OR EBX,00000002
|OR EAX,00000080
|MOV DWORD PTR SS:[LOCAL.1],EAX
|JMP SHORT 0043DB07
|CMP DWORD PTR SS:[LOCAL.2],EDI
|JNE SHORT 0043DB01
|MOV DWORD PTR SS:[LOCAL.2],1
|OR EBX,00000020
|JMP SHORT 0043DB07
|SUB EAX,54
|JE SHORT 0043DAF8
|SUB EAX,0E
|JE SHORT 0043DAE8
|DEC EAX
|JE SHORT 0043DAD7
|SUB EAX,0B
|JE SHORT 0043DAC2
|SUB EAX,6
|JNE 0043D9A0
|TEST EBX,0000C000
|JNE SHORT 0043DB01
|OR EBX,EDX
|JMP SHORT 0043DB07
|CMP DWORD PTR SS:[LOCAL.3],EDI
|JNE SHORT 0043DB01

0043DAC7 |. 8165 FC FFBFF


0043DACE |. C745 F4 01000
0043DAD5 |. EB 30
0043DAD7 |> 397D F4
0043DADA |. 75 25
0043DADC |. 0955 FC
0043DADF |. C745 F4 01000
0043DAE6 |. EB 1F
0043DAE8 |> F7C3 00C00000
0043DAEE |. 75 11
0043DAF0 |. 81CB 00800000
0043DAF6 |. EB 0F
0043DAF8 |> B8 00100000
0043DAFD |. 85D8
0043DAFF |. 74 04
0043DB01 |> 33C9
0043DB03 |. EB 02
0043DB05 |> 0BD8
0043DB07 |> 46
0043DB08 |. 46
0043DB09 |. 0FB706
0043DB0C |. 66:3BC7
0043DB0F |.^ 0F85 D8FEFFFF
0043DB15 |> 397D F0
0043DB18 |. 0F84 A5000000
0043DB1E |. EB 02
0043DB20 |> 46
0043DB21 |. 46
0043DB22 |> 66:833E 20
0043DB26 |.^ 74 F8
0043DB28 |. 6A 03
0043DB2A |. 56
0043DB2B |. 68 E8B74400
NICODE "ccs"
0043DB30 |. E8 F4440000
fo.00442029
0043DB35 |. 83C4 0C
0043DB38 |. 85C0
0043DB3A |.^ 0F85 60FEFFFF
0043DB40 |. 6A 20
0043DB42 |. 83C6 06
0043DB45 |. 58
0043DB46 |. EB 02
0043DB48 |> 46
0043DB49 |. 46
0043DB4A |> 66:3906
0043DB4D |.^ 74 F9
0043DB4F |. 66:833E 3D
0043DB53 |.^ 0F85 47FEFFFF
0043DB59 |> 46
0043DB5A |. 46
0043DB5B |. 66:3906
0043DB5E |.^ 74 F9
0043DB60 |. 6A 05
0043DB62 |. 68 F0B74400
NICODE "UTF-8"
0043DB67 |. 56
0043DB68 |. E8 16440000
fo.00441F83
0043DB6D |. 83C4 0C

|AND DWORD PTR SS:[LOCAL.1],FFFFBFFF


|MOV DWORD PTR SS:[LOCAL.3],1
|JMP SHORT 0043DB07
|CMP DWORD PTR SS:[LOCAL.3],EDI
|JNE SHORT 0043DB01
|OR DWORD PTR SS:[LOCAL.1],EDX
|MOV DWORD PTR SS:[LOCAL.3],1
|JMP SHORT 0043DB07
|TEST EBX,0000C000
|JNE SHORT 0043DB01
|OR EBX,00008000
|JMP SHORT 0043DB07
|MOV EAX,1000
|TEST EAX,EBX
|JE SHORT 0043DB05
|XOR ECX,ECX
|JMP SHORT 0043DB07
|OR EBX,EAX
|INC ESI
|INC ESI
|MOVZX EAX,WORD PTR DS:[ESI]
|CMP AX,DI
\JNE 0043D9ED
CMP DWORD PTR SS:[LOCAL.4],EDI
JE 0043DBC3
JMP SHORT 0043DB22
/INC ESI
|INC ESI
|CMP WORD PTR DS:[ESI],20
\JE SHORT 0043DB20
PUSH 3
PUSH ESI
PUSH OFFSET 0044B7E8

; /Arg3 = 3
; |Arg2
; |Arg1 = U

CALL 00442029

; \SystemIn

ADD ESP,0C
TEST EAX,EAX
JNE 0043D9A0
PUSH 20
ADD ESI,6
POP EAX
JMP SHORT 0043DB4A
/INC ESI
|INC ESI
|CMP WORD PTR DS:[ESI],AX
\JE SHORT 0043DB48
CMP WORD PTR DS:[ESI],3D
JNE 0043D9A0
/INC ESI
|INC ESI
|CMP WORD PTR DS:[ESI],AX
\JE SHORT 0043DB59
PUSH 5
PUSH OFFSET 0044B7F0

; /Arg3 = 5
; |Arg2 = U

PUSH ESI
CALL 00441F83

; |Arg1
; \SystemIn

ADD ESP,0C

0043DB70 |. 85C0
0043DB72 |. 75 0B
0043DB74 |. 83C6 0A
0043DB77 |. 81CB 00000400
0043DB7D |. EB 44
0043DB7F |> 6A 08
0043DB81 |. 68 FCB74400
NICODE "UTF-16LE"
0043DB86 |. 56
0043DB87 |. E8 F7430000
fo.00441F83
0043DB8C |. 83C4 0C
0043DB8F |. 85C0
0043DB91 |. 75 0B
0043DB93 |. 83C6 10
0043DB96 |. 81CB 00000200
0043DB9C |. EB 25
0043DB9E |> 6A 07
0043DBA0 |. 68 10B84400
NICODE "UNICODE"
0043DBA5 |. 56
0043DBA6 |. E8 D8430000
fo.00441F83
0043DBAB |. 83C4 0C
0043DBAE |. 85C0
0043DBB0 |.^ 0F85 EAFDFFFF
0043DBB6 |. 83C6 0E
0043DBB9 |. 81CB 00000100
0043DBBF |. EB 02
0043DBC1 |> 46
0043DBC2 |. 46
0043DBC3 |> 66:833E 20
0043DBC7 |.^ 74 F8
0043DBC9 |. 66:393E
0043DBCC |.^ 0F85 CEFDFFFF
0043DBD2 |. 68 80010000
80
0043DBD7 |. FF75 10
[ARG.3]
0043DBDA |. 8D45 0C
0043DBDD |. 53
0043DBDE |. FF75 08
[ARG.1]
0043DBE1 |. 50
OFFSET ARG.2
0043DBE2 |. E8 92420000
fo.00441E79
0043DBE7 |. 83C4 14
0043DBEA |. 85C0
0043DBEC |.^ 0F85 C6FDFFFF
0043DBF2 |. 8B45 14
0043DBF5 |. FF05 04324500
0043DBFB |. 8B4D FC
0043DBFE |. 8948 0C
0043DC01 |. 8B4D 0C
0043DC04 |. 8978 04
0043DC07 |. 8938
0043DC09 |. 8978 08
0043DC0C |. 8978 1C
0043DC0F |. 8948 10

TEST EAX,EAX
JNE SHORT 0043DB7F
ADD ESI,0A
OR EBX,00040000
JMP SHORT 0043DBC3
PUSH 8
PUSH OFFSET 0044B7FC

; /Arg3 = 8
; |Arg2 = U

PUSH ESI
CALL 00441F83

; |Arg1
; \SystemIn

ADD ESP,0C
TEST EAX,EAX
JNE SHORT 0043DB9E
ADD ESI,10
OR EBX,00020000
JMP SHORT 0043DBC3
PUSH 7
PUSH OFFSET 0044B810

; /Arg3 = 7
; |Arg2 = U

PUSH ESI
CALL 00441F83

; |Arg1
; \SystemIn

ADD ESP,0C
TEST EAX,EAX
JNE 0043D9A0
ADD ESI,0E
OR EBX,00010000
JMP SHORT 0043DBC3
/INC ESI
|INC ESI
|CMP WORD PTR DS:[ESI],20
\JE SHORT 0043DBC1
CMP WORD PTR DS:[ESI],DI
JNE 0043D9A0
PUSH 180

; /Arg5 = 1

PUSH DWORD PTR SS:[ARG.3]

; |Arg4 =>

LEA EAX,[ARG.2]
PUSH EBX
PUSH DWORD PTR SS:[ARG.1]

; |
; |Arg3
; |Arg2 =>

PUSH EAX

; |Arg1 =>

CALL 00441E79

; \SystemIn

ADD ESP,14
TEST EAX,EAX
JNE 0043D9B8
MOV EAX,DWORD
INC DWORD PTR
MOV ECX,DWORD
MOV DWORD PTR
MOV ECX,DWORD
MOV DWORD PTR
MOV DWORD PTR
MOV DWORD PTR
MOV DWORD PTR
MOV DWORD PTR

PTR SS:[ARG.4]
DS:[453204]
PTR SS:[LOCAL.1]
DS:[EAX+0C],ECX
PTR SS:[ARG.2]
DS:[EAX+4],EDI
DS:[EAX],EDI
DS:[EAX+8],EDI
DS:[EAX+1C],EDI
DS:[EAX+10],ECX

0043DC12 |> 5F
POP EDI
0043DC13 |. 5E
POP ESI
0043DC14 |. 5B
POP EBX
0043DC15 |. C9
LEAVE
0043DC16 \. C3
RETN
0043DC17 /$ 6A 10
PUSH 10
0043DC19 |. 68 88F54400 PUSH OFFSET 0044F588
0043DC1E |. E8 C9ADFFFF CALL 004389EC
0043DC23 |. 33DB
XOR EBX,EBX
0043DC25 |. 33FF
XOR EDI,EDI
0043DC27 |. 897D E4
MOV DWORD PTR SS:[EBP-1C],EDI
0043DC2A |. 6A 01
PUSH 1
; /Arg1 = 1
0043DC2C |. E8 4FAAFFFF CALL 00438680
; \SystemIn
fo.00438680
0043DC31 |. 59
POP ECX
0043DC32 |. 895D FC
MOV DWORD PTR SS:[EBP-4],EBX
0043DC35 |. 33F6
XOR ESI,ESI
0043DC37 |> 8975 E0
/MOV DWORD PTR SS:[EBP-20],ESI
0043DC3A |. 3B35 C0484500 |CMP ESI,DWORD PTR DS:[4548C0]
0043DC40 |. 0F8D CF000000 |JGE 0043DD15
0043DC46 |. A1 A0384500 |MOV EAX,DWORD PTR DS:[4538A0]
0043DC4B |. 8D04B0
|LEA EAX,[ESI*4+EAX]
0043DC4E |. 3918
|CMP DWORD PTR DS:[EAX],EBX
0043DC50 |. 74 5B
|JE SHORT 0043DCAD
0043DC52 |. 8B00
|MOV EAX,DWORD PTR DS:[EAX]
0043DC54 |. 8B40 0C
|MOV EAX,DWORD PTR DS:[EAX+0C]
0043DC57 |. A8 83
|TEST AL,83
0043DC59 |. 75 48
|JNE SHORT 0043DCA3
0043DC5B |. A9 00800000 |TEST EAX,00008000
0043DC60 |. 75 41
|JNE SHORT 0043DCA3
0043DC62 |. 8D46 FD
|LEA EAX,[ESI-3]
; Switch (c
ases 3..13, 2 exits)
0043DC65 |. 83F8 10
|CMP EAX,10
0043DC68 |. 77 12
|JA SHORT 0043DC7C
0043DC6A |. 8D46 10
|LEA EAX,[ESI+10]
; Cases 3,
4, 5, 6, 7, 8, 9, A, B, C, D, E, F, 10, 11, 12, 13 of switch SystemInfo.43DC62
0043DC6D |. 50
|PUSH EAX
0043DC6E |. E8 4AA9FFFF |CALL 004385BD
0043DC73 |. 59
|POP ECX
0043DC74 |. 85C0
|TEST EAX,EAX
0043DC76 |. 0F84 99000000 |JE 0043DD15
0043DC7C |> A1 A0384500 |MOV EAX,DWORD PTR DS:[4538A0]
; Default c
ase of switch SystemInfo.43DC62
0043DC81 |. FF34B0
|PUSH DWORD PTR DS:[ESI*4+EAX]
; /Arg2
0043DC84 |. 56
|PUSH ESI
; |Arg1
0043DC85 |. E8 90D7FFFF |CALL 0043B41A
; \SystemIn
fo.0043B41A
0043DC8A |. 59
|POP ECX
0043DC8B |. 59
|POP ECX
0043DC8C |. A1 A0384500 |MOV EAX,DWORD PTR DS:[4538A0]
0043DC91 |. 8B04B0
|MOV EAX,DWORD PTR DS:[ESI*4+EAX]
0043DC94 |. F640 0C 83
|TEST BYTE PTR DS:[EAX+0C],83
0043DC98 |. 74 0C
|JE SHORT 0043DCA6
0043DC9A |. 50
|PUSH EAX
0043DC9B |. 56
|PUSH ESI
0043DC9C |. E8 E7D7FFFF |CALL 0043B488
0043DCA1 |. 59
|POP ECX
0043DCA2 |. 59
|POP ECX
0043DCA3 |> 46
|INC ESI
0043DCA4 |.^ EB 91
\JMP SHORT 0043DC37

0043DCA6 |> 8BF8


0043DCA8 |. 897D E4
0043DCAB |. EB 68
0043DCAD |> C1E6 02
0043DCB0 |. 6A 38
8
0043DCB2 |. E8 5C71FFFF
fo.00434E13
0043DCB7 |. 59
0043DCB8 |. 8B0D A0384500
0043DCBE |. 89040E
0043DCC1 |. A1 A0384500
0043DCC6 |. 03C6
0043DCC8 |. 3918
0043DCCA |. 74 49
0043DCCC |. 68 A00F0000
0043DCD1 |. 8B00
0043DCD3 |. 83C0 20
0043DCD6 |. 50
0043DCD7 |. E8 B7230000
0043DCDC |. 59
0043DCDD |. 59
0043DCDE |. 85C0
0043DCE0 |. A1 A0384500
0043DCE5 |. 75 13
0043DCE7 |. FF3406
0043DCEA |. E8 EF54FFFF
fo.004331DE
0043DCEF |. 59
0043DCF0 |. A1 A0384500
0043DCF5 |. 891C06
0043DCF8 |. EB 1B
0043DCFA |> 8B0406
0043DCFD |. 83C0 20
0043DD00 |. 50
lSection
0043DD01 |. FF15 48814400
lEnterCriticalSection
0043DD07 |. A1 A0384500
0043DD0C |. 8B3C06
0043DD0F |. 897D E4
0043DD12 |. 895F 0C
0043DD15 |> 3BFB
0043DD17 |. 74 16
0043DD19 |. 8167 0C 00800
0043DD20 |. 895F 04
0043DD23 |. 895F 08
0043DD26 |. 891F
0043DD28 |. 895F 1C
0043DD2B |. 834F 10 FF
0043DD2F |> C745 FC FEFFF
0043DD36 |. E8 0B000000
0043DD3B |. 8BC7
0043DD3D |. E8 EFACFFFF
0043DD42 \. C3
0043DD43
8B
0043DD44
7D
0043DD45
E4
0043DD46 /$ 6A 01
0043DD48 |. E8 59A8FFFF

MOV EDI,EAX
MOV DWORD PTR SS:[EBP-1C],EDI
JMP SHORT 0043DD15
SHL ESI,2
PUSH 38

; /Arg1 = 3

CALL 00434E13

; \SystemIn

POP ECX
MOV ECX,DWORD PTR DS:[4538A0]
MOV DWORD PTR DS:[ECX+ESI],EAX
MOV EAX,DWORD PTR DS:[4538A0]
ADD EAX,ESI
CMP DWORD PTR DS:[EAX],EBX
JE SHORT 0043DD15
PUSH 0FA0
MOV EAX,DWORD PTR DS:[EAX]
ADD EAX,20
PUSH EAX
CALL 00440093
POP ECX
POP ECX
TEST EAX,EAX
MOV EAX,DWORD PTR DS:[4538A0]
JNE SHORT 0043DCFA
PUSH DWORD PTR DS:[EAX+ESI]
CALL 004331DE

; /Arg1
; \SystemIn

POP ECX
MOV EAX,DWORD PTR DS:[4538A0]
MOV DWORD PTR DS:[EAX+ESI],EBX
JMP SHORT 0043DD15
MOV EAX,DWORD PTR DS:[EAX+ESI]
ADD EAX,20
PUSH EAX

; /pCritica

CALL DWORD PTR DS:[<&KERNEL32.EnterCriti ; \NTDLL.Rt


MOV EAX,DWORD PTR DS:[4538A0]
MOV EDI,DWORD PTR DS:[EAX+ESI]
MOV DWORD PTR SS:[EBP-1C],EDI
MOV DWORD PTR DS:[EDI+0C],EBX
CMP EDI,EBX
JE SHORT 0043DD2F
AND DWORD PTR DS:[EDI+0C],00008000
MOV DWORD PTR DS:[EDI+4],EBX
MOV DWORD PTR DS:[EDI+8],EBX
MOV DWORD PTR DS:[EDI],EBX
MOV DWORD PTR DS:[EDI+1C],EBX
OR DWORD PTR DS:[EDI+10],FFFFFFFF
MOV DWORD PTR SS:[EBP-4],-2
CALL 0043DD46
MOV EAX,EDI
CALL 00438A31
RETN
DB 8B
DB 7D
DB E4
PUSH 1
CALL 004385A6

; CHAR '}'
; /Arg1 = 1
; \SystemIn

fo.004385A6
0043DD4D |. 59
0043DD4E \. C3
0043DD4F
CC
0043DD50 /$ 53
0043DD51 |. 56
0043DD52 |. 57
0043DD53 |. 8B5424 10
0043DD57 |. 8B4424 14
0043DD5B |. 8B4C24 18
0043DD5F |. 55
0043DD60 |. 52
0043DD61 |. 50
0043DD62 |. 51
0043DD63 |. 51
0043DD64 |. 68 E0DD4300
0043DD69 |. 64:FF35 00000
0043DD70 |. A1 A0154500
0043DD75 |. 33C4
0043DD77 |. 894424 08
0043DD7B |. 64:8925 00000
SE handler 43DDE0
0043DD82 |> 8B4424 30
0043DD86 |. 8B58 08
0043DD89 |. 8B4C24 2C
0043DD8D |. 3319
0043DD8F |. 8B70 0C
0043DD92 |. 83FE FE
0043DD95 |. 74 3B
0043DD97 |. 8B5424 34
0043DD9B |. 83FA FE
0043DD9E |. 74 04
0043DDA0 |. 3BF2
0043DDA2 |. 76 2E
0043DDA4 |> 8D3476
0043DDA7 |. 8D5CB3 10
0043DDAB |. 8B0B
0043DDAD |. 8948 0C
0043DDB0 |. 837B 04 00
0043DDB4 |.^ 75 CC
0043DDB6 |. 68 01010000
01
0043DDBB |. 8B43 08
0043DDBE |. E8 2A090000
fo.0043E6ED
0043DDC3 |. B9 01000000
0043DDC8 |. 8B43 08
0043DDCB |. E8 3C090000
0043DDD0 |.^ EB B0
0043DDD2 |> 64:8F05 00000
0043DDD9 |. 83C4 18
0043DDDC |. 5F
0043DDDD |. 5E
0043DDDE |. 5B
0043DDDF \. C3
0043DDE0 /$ 8B4C24 04
ng routine
0043DDE4 |. F741 04 06000
0043DDEB |. B8 01000000
0043DDF0 |. 74 33

POP ECX
RETN
INT3
PUSH EBX
PUSH ESI
PUSH EDI
MOV EDX,DWORD PTR SS:[ARG.1]
MOV EAX,DWORD PTR SS:[ARG.2]
MOV ECX,DWORD PTR SS:[ARG.3]
PUSH EBP
PUSH EDX
PUSH EAX
PUSH ECX
PUSH ECX
PUSH 0043DDE0
PUSH DWORD PTR FS:[0]
MOV EAX,DWORD PTR DS:[4515A0]
XOR EAX,ESP
MOV DWORD PTR SS:[LOCAL.7],EAX
MOV DWORD PTR FS:[0],ESP

; Installs

/MOV EAX,DWORD PTR SS:[ARG.2]


|MOV EBX,DWORD PTR DS:[EAX+8]
|MOV ECX,DWORD PTR SS:[ARG.1]
|XOR EBX,DWORD PTR DS:[ECX]
|MOV ESI,DWORD PTR DS:[EAX+0C]
|CMP ESI,-2
|JE SHORT 0043DDD2
|MOV EDX,DWORD PTR SS:[ARG.3]
|CMP EDX,-2
|JE SHORT 0043DDA4
|CMP ESI,EDX
|JBE SHORT 0043DDD2
|LEA ESI,[ESI*2+ESI]
|LEA EBX,[ESI*4+EBX+10]
|MOV ECX,DWORD PTR DS:[EBX]
|MOV DWORD PTR DS:[EAX+0C],ECX
|CMP DWORD PTR DS:[EBX+4],0
|JNE SHORT 0043DD82
|PUSH 101

; /Arg1 = 1

|MOV EAX,DWORD PTR DS:[EBX+8]


|CALL 0043E6ED

; |
; \SystemIn

|MOV ECX,1
|MOV EAX,DWORD PTR DS:[EBX+8]
|CALL 0043E70C
\JMP SHORT 0043DD82
POP DWORD PTR FS:[0]
ADD ESP,18
POP EDI
POP ESI
POP EBX
RETN
MOV ECX,DWORD PTR SS:[ARG.1]

; SE handli

TEST DWORD PTR DS:[ECX+4],00000006


MOV EAX,1
JE SHORT 0043DE25

0043DDF2 |.
0043DDF6 |.
0043DDF9 |.
0043DDFB |.
0043DE00 |.
0043DE01 |.
0043DE04 |.
0043DE07 |.
0043DE0A |.
0043DE0D |.
0043DE12 |.
0043DE15 |.
0043DE16 |.
0043DE1A |.
0043DE1E |.
0043DE20 |.
0043DE25 \>
0043DE26 /.
0043DE27 |.
0043DE2B |.
0043DE2D |.
0043DE30 |.
0043DE33 |.
0043DE36 |.
0043DE3B |.
0043DE3E |.
0043DE3F \.
0043DE42 /$
0043DE43 |.
0043DE44 |.
0043DE45 |.
0043DE46 |.
0043DE48 |.
0043DE4A |.
0043DE4C |.
0043DE4E |.
0043DE50 |.
0043DE52 |.
0043DE54 |.
0043DE55 |.
0043DE56 |.
0043DE57 |.
0043DE58 \.
0043DE59 /$
0043DE5B |.
0043DE5D |.
0043DE5F |.
0043DE61 |.
fo.0043E6ED
0043DE66 |.
0043DE68 |.
0043DE6A |.
0043DE6C |.
0043DE6E |.
0043DE70 \.
0043DE72 /$
0043DE73 |.
0043DE75 |.
0043DE76 |.
0043DE77 |.

8B4424 08
8B48 08
33C8
E8 F108FFFF
55
8B68 18
FF70 0C
FF70 10
FF70 14
E8 3EFFFFFF
83C4 0C
5D
8B4424 08
8B5424 10
8902
B8 03000000
C3
55
8B4C24 08
8B29
FF71 1C
FF71 18
FF71 28
E8 15FFFFFF
83C4 0C
5D
C2 0400
55
56
57
53
8BEA
33C0
33DB
33D2
33F6
33FF
FFD1
5B
5F
5E
5D
C3
8BEA
8BF1
8BC1
6A 01
E8 87080000

MOV EAX,DWORD PTR SS:[ARG.2]


MOV ECX,DWORD PTR DS:[EAX+8]
XOR ECX,EAX
CALL 0042E6F1
PUSH EBP
MOV EBP,DWORD PTR DS:[EAX+18]
PUSH DWORD PTR DS:[EAX+0C]
PUSH DWORD PTR DS:[EAX+10]
PUSH DWORD PTR DS:[EAX+14]
CALL 0043DD50
ADD ESP,0C
POP EBP
MOV EAX,DWORD PTR SS:[ARG.2]
MOV EDX,DWORD PTR SS:[ARG.4]
MOV DWORD PTR DS:[EDX],EAX
MOV EAX,3
RETN
PUSH EBP
MOV ECX,DWORD PTR SS:[ARG.1]
MOV EBP,DWORD PTR DS:[ECX]
PUSH DWORD PTR DS:[ECX+1C]
PUSH DWORD PTR DS:[ECX+18]
PUSH DWORD PTR DS:[ECX+28]
CALL 0043DD50
ADD ESP,0C
POP EBP
RETN 4
PUSH EBP
PUSH ESI
PUSH EDI
PUSH EBX
MOV EBP,EDX
XOR EAX,EAX
XOR EBX,EBX
XOR EDX,EDX
XOR ESI,ESI
XOR EDI,EDI
CALL ECX
POP EBX
POP EDI
POP ESI
POP EBP
RETN
MOV EBP,EDX
MOV ESI,ECX
MOV EAX,ECX
PUSH 1
CALL 0043E6ED

33C0
33DB
33C9
33D2
33FF
FFE6
55
8BEC
53
56
57

XOR EAX,EAX
XOR EBX,EBX
XOR ECX,ECX
XOR EDX,EDX
XOR EDI,EDI
JMP ESI
PUSH EBP
MOV EBP,ESP
PUSH EBX
PUSH ESI
PUSH EDI

; /Arg1 = 1
; \SystemIn

0043DE78 |. 6A 00
PUSH 0
0043DE7A |. 6A 00
PUSH 0
0043DE7C |. 68 87DE4300 PUSH 0043DE87
0043DE81 |. 51
PUSH ECX
0043DE82 |. E8 776B0000 CALL <JMP.&KERNEL32.RtlUnwind>
ernel32.RtlUnwind
0043DE87 |. 5F
POP EDI
0043DE88 |. 5E
POP ESI
0043DE89 |. 5B
POP EBX
0043DE8A |. 5D
POP EBP
0043DE8B \. C3
RETN
0043DE8C /$ 55
PUSH EBP
o.0043DE8C(guessed Arg1,Arg2)
0043DE8D |. 8B6C24 08
MOV EBP,DWORD PTR SS:[ARG.1]
0043DE91 |. 52
PUSH EDX
0043DE92 |. 51
PUSH ECX
0043DE93 |. FF7424 14
PUSH DWORD PTR SS:[ARG.2]
0043DE97 |. E8 B4FEFFFF CALL 0043DD50
0043DE9C |. 83C4 0C
ADD ESP,0C
0043DE9F |. 5D
POP EBP
0043DEA0 \. C2 0800
RETN 8
0043DEA3 /$ 8BFF
MOV EDI,EDI
o.0043DEA3(guessed Arg1)
0043DEA5 |. 55
PUSH EBP
0043DEA6 |. 8BEC
MOV EBP,ESP
0043DEA8 |. 83EC 0C
SUB ESP,0C
0043DEAB |. A1 A0154500 MOV EAX,DWORD PTR DS:[4515A0]
0043DEB0 |. 33C5
XOR EAX,EBP
0043DEB2 |. 8945 FC
MOV DWORD PTR SS:[LOCAL.1],EAX
0043DEB5 |. 6A 06
PUSH 6
6
0043DEB7 |. 8D45 F4
LEA EAX,[LOCAL.3]
0043DEBA |. 50
PUSH EAX
OFFSET LOCAL.3
0043DEBB |. 68 04100000 PUSH 1004
1004
0043DEC0 |. FF75 08
PUSH DWORD PTR SS:[ARG.1]
> [ARG.1]
0043DEC3 |. C645 FA 00
MOV BYTE PTR SS:[LOCAL.2+2],0
0043DEC7 |. FF15 64804400 CALL DWORD PTR DS:[<&KERNEL32.GetLocaleI
.GetLocaleInfoA
0043DECD |. 85C0
TEST EAX,EAX
0043DECF |. 75 05
JNE SHORT 0043DED6
0043DED1 |. 83C8 FF
OR EAX,FFFFFFFF
0043DED4 |. EB 0A
JMP SHORT 0043DEE0
0043DED6 |> 8D45 F4
LEA EAX,[LOCAL.3]
0043DED9 |. 50
PUSH EAX
0043DEDA |. E8 7D230000 CALL 0044025C
0043DEDF |. 59
POP ECX
0043DEE0 |> 8B4D FC
MOV ECX,DWORD PTR SS:[LOCAL.1]
0043DEE3 |. 33CD
XOR ECX,EBP
0043DEE5 |. E8 0708FFFF CALL 0042E6F1
0043DEEA |. C9
LEAVE
0043DEEB \. C3
RETN
0043DEEC /$ 8BFF
MOV EDI,EDI
o.0043DEEC(guessed Arg1,Arg2,Arg3,Arg4,Arg5,Arg6)
0043DEEE |. 55
PUSH EBP
0043DEEF |. 8BEC
MOV EBP,ESP
0043DEF1 |. 83EC 34
SUB ESP,34
0043DEF4 |. A1 A0154500 MOV EAX,DWORD PTR DS:[4515A0]

; Jump to k

; SystemInf

; SystemInf

; /Count =
; |
; |pData =>
; |LCType =
; |Locale =
; |
; \KERNEL32

; SystemInf

0043DEF9 |. 33C5
0043DEFB |. 8945 FC
0043DEFE |. 8B45 10
0043DF01 |. 8B4D 18
0043DF04 |. 8945 D8
0043DF07 |. 8B45 14
0043DF0A |. 53
0043DF0B |. 8945 D0
0043DF0E |. 8B00
0043DF10 |. 56
0043DF11 |. 8945 DC
0043DF14 |. 8B45 08
0043DF17 |. 57
0043DF18 |. 33FF
0043DF1A |. 894D CC
0043DF1D |. 897D E0
0043DF20 |. 897D D4
0043DF23 |. 3B45 0C
0043DF26 |. 0F84 5F010000
0043DF2C |. 8B35 70814400
0043DF32 |. 8D4D E8
0043DF35 |. 51
=> OFFSET LOCAL.6
0043DF36 |. 50
=> [ARG.1]
0043DF37 |. FFD6
.GetCPInfo
0043DF39 |. 8B1D 50814400
0043DF3F |. 85C0
0043DF41 |. 74 5E
0043DF43 |. 837D E8 01
0043DF47 |. 75 58
0043DF49 |. 8D45 E8
0043DF4C |. 50
=> OFFSET LOCAL.6
0043DF4D |. FF75 0C
=> [ARG.2]
0043DF50 |. FFD6
.GetCPInfo
0043DF52 |. 85C0
0043DF54 |. 74 4B
0043DF56 |. 837D E8 01
0043DF5A |. 75 45
0043DF5C |. 8B75 DC
0043DF5F |. C745 D4 01000
0043DF66 |. 83FE FF
0043DF69 |. 75 0C
0043DF6B |. FF75 D8
[ARG.3]
0043DF6E |. E8 0D03FFFF
fo.0042E280
0043DF73 |. 8BF0
0043DF75 |. 59
0043DF76 |. 46
0043DF77 |> 3BF7
0043DF79 |> 7E 5B
0043DF7B |. 81FE F0FFFF7F
0043DF81 |. 77 53
0043DF83 |. 8D4436 08
0043DF87 |. 3D 00040000

XOR EAX,EBP
MOV DWORD PTR SS:[LOCAL.1],EAX
MOV EAX,DWORD PTR SS:[ARG.3]
MOV ECX,DWORD PTR SS:[ARG.5]
MOV DWORD PTR SS:[LOCAL.10],EAX
MOV EAX,DWORD PTR SS:[ARG.4]
PUSH EBX
MOV DWORD PTR SS:[LOCAL.12],EAX
MOV EAX,DWORD PTR DS:[EAX]
PUSH ESI
MOV DWORD PTR SS:[LOCAL.9],EAX
MOV EAX,DWORD PTR SS:[ARG.1]
PUSH EDI
XOR EDI,EDI
MOV DWORD PTR SS:[LOCAL.13],ECX
MOV DWORD PTR SS:[LOCAL.8],EDI
MOV DWORD PTR SS:[LOCAL.11],EDI
CMP EAX,DWORD PTR SS:[ARG.2]
JE 0043E08B
MOV ESI,DWORD PTR DS:[<&KERNEL32.GetCPIn
LEA ECX,[LOCAL.6]
PUSH ECX
; /pCPInfo
PUSH EAX

; |CodePage

CALL ESI

; \KERNEL32

MOV EBX,DWORD PTR DS:[<&KERNEL32.MultiBy


TEST EAX,EAX
JE SHORT 0043DFA1
CMP DWORD PTR SS:[LOCAL.6],1
JNE SHORT 0043DFA1
LEA EAX,[LOCAL.6]
PUSH EAX
; /pCPInfo
PUSH DWORD PTR SS:[ARG.2]

; |CodePage

CALL ESI

; \KERNEL32

TEST EAX,EAX
JE SHORT 0043DFA1
CMP DWORD PTR SS:[LOCAL.6],1
JNE SHORT 0043DFA1
MOV ESI,DWORD PTR SS:[LOCAL.9]
MOV DWORD PTR SS:[LOCAL.11],1
CMP ESI,-1
JNE SHORT 0043DF77
PUSH DWORD PTR SS:[LOCAL.10]

; /Arg1 =>

CALL 0042E280

; \SystemIn

MOV ESI,EAX
POP ECX
INC ESI
CMP ESI,EDI
JLE SHORT 0043DFD6
CMP ESI,7FFFFFF0
JA SHORT 0043DFD6
LEA EAX,[ESI+ESI+8]
CMP EAX,400

0043DF8C |. 77 2F
0043DF8E |. E8 0D010000
0043DF93 |. 8BC4
0043DF95 |. 3BC7
0043DF97 |. 74 38
0043DF99 |. C700 CCCC0000
0043DF9F |. EB 2D
0043DFA1 |> 57
t => 0
0043DFA2 |. 57
=> NULL
0043DFA3 |. FF75 DC
nt => [LOCAL.9]
0043DFA6 |. FF75 D8
e => [ARG.3]
0043DFA9 |. 6A 01
MB_PRECOMPOSED
0043DFAB |. FF75 08
=> [ARG.1]
0043DFAE |. FFD3
.MultiByteToWideChar
0043DFB0 |. 8BF0
0043DFB2 |. 3BF7
0043DFB4 |.^ 75 C3
0043DFB6 |> 33C0
0043DFB8 |. E9 D1000000
0043DFBD |> 50
0043DFBE |. E8 737AFFFF
fo.00435A36
0043DFC3 |. 59
0043DFC4 |. 3BC7
0043DFC6 |. 74 09
0043DFC8 |. C700 DDDD0000
0043DFCE |> 83C0 08
0043DFD1 |> 8945 E4
0043DFD4 |. EB 03
0043DFD6 |> 897D E4
0043DFD9 |> 397D E4
0043DFDC |.^ 74 D8
0043DFDE |. 8D0436
0043DFE1 |. 50
0043DFE2 |. 57
0043DFE3 |. FF75 E4
[LOCAL.7]
0043DFE6 |. E8 B508FFFF
fo.0042E8A0
0043DFEB |. 83C4 0C
0043DFEE |. 56
0043DFEF |. FF75 E4
0043DFF2 |. FF75 DC
0043DFF5 |. FF75 D8
0043DFF8 |. 6A 01
0043DFFA |. FF75 08
0043DFFD |. FFD3
0043DFFF |. 85C0
0043E001 |. 74 7F
0043E003 |. 8B5D CC
0043E006 |. 3BDF
0043E008 |. 74 1D
0043E00A |. 57

JA SHORT 0043DFBD
CALL 0043E0A0
MOV EAX,ESP
CMP EAX,EDI
JE SHORT 0043DFD1
MOV DWORD PTR DS:[EAX],0CCCC
JMP SHORT 0043DFCE
PUSH EDI

; /WideCoun

PUSH EDI

; |WideChar

PUSH DWORD PTR SS:[LOCAL.9]

; |MultiCou

PUSH DWORD PTR SS:[LOCAL.10]

; |MultiByt

PUSH 1

; |Flags =

PUSH DWORD PTR SS:[ARG.1]

; |CodePage

CALL EBX

; \KERNEL32

MOV ESI,EAX
CMP ESI,EDI
JNE SHORT 0043DF79
XOR EAX,EAX
JMP 0043E08E
PUSH EAX
CALL 00435A36

; /Arg1
; \SystemIn

POP ECX
CMP EAX,EDI
JE SHORT 0043DFD1
MOV DWORD PTR DS:[EAX],0DDDD
ADD EAX,8
MOV DWORD PTR SS:[LOCAL.7],EAX
JMP SHORT 0043DFD9
MOV DWORD PTR SS:[LOCAL.7],EDI
CMP DWORD PTR SS:[LOCAL.7],EDI
JE SHORT 0043DFB6
LEA EAX,[ESI+ESI]
PUSH EAX
PUSH EDI
PUSH DWORD PTR SS:[LOCAL.7]

; /Arg3
; |Arg2
; |Arg1 =>

CALL 0042E8A0

; \SystemIn

ADD ESP,0C
PUSH ESI
PUSH DWORD PTR SS:[LOCAL.7]
PUSH DWORD PTR SS:[LOCAL.9]
PUSH DWORD PTR SS:[LOCAL.10]
PUSH 1
PUSH DWORD PTR SS:[ARG.1]
CALL EBX
TEST EAX,EAX
JE SHORT 0043E082
MOV EBX,DWORD PTR SS:[LOCAL.13]
CMP EBX,EDI
JE SHORT 0043E027
PUSH EDI

; /DefaultC

harUsed
0043E00B |. 57
har
0043E00C |. FF75 1C
nt => [ARG.6]
0043E00F |. 53
e => [LOCAL.13]
0043E010 |. 56
t
0043E011 |. FF75 E4
=> [LOCAL.7]
0043E014 |. 57
0043E015 |. FF75 0C
=> [ARG.2]
0043E018 |. FF15 38814400
.WideCharToMultiByte
0043E01E |. 85C0
0043E020 |. 74 60
0043E022 |. 895D E0
0043E025 |. EB 5B
0043E027 |> 8B1D 38814400
0043E02D |. 397D D4
0043E030 |. 75 14
0043E032 |. 57
harUsed
0043E033 |. 57
har
0043E034 |. 57
nt
0043E035 |. 57
e
0043E036 |. 56
t
0043E037 |. FF75 E4
=> [LOCAL.7]
0043E03A |. 57
0043E03B |. FF75 0C
=> [ARG.2]
0043E03E |. FFD3
.WideCharToMultiByte
0043E040 |. 8BF0
0043E042 |. 3BF7
0043E044 |. 74 3C
0043E046 |> 56
0043E047 |. 6A 01
0043E049 |. E8 0A6EFFFF
fo.00434E58
0043E04E |. 59
0043E04F |. 59
0043E050 |. 8945 E0
0043E053 |. 3BC7
0043E055 |. 74 2B
0043E057 |. 57
0043E058 |. 57
0043E059 |. 56
0043E05A |. 50
0043E05B |. 56
0043E05C |. FF75 E4
0043E05F |. 57
0043E060 |. FF75 0C

PUSH EDI

; |DefaultC

PUSH DWORD PTR SS:[ARG.6]

; |MultiCou

PUSH EBX

; |MultiByt

PUSH ESI

; |WideCoun

PUSH DWORD PTR SS:[LOCAL.7]

; |WideChar

PUSH EDI
PUSH DWORD PTR SS:[ARG.2]

; |Flags
; |CodePage

CALL DWORD PTR DS:[<&KERNEL32.WideCharTo ; \KERNEL32


TEST EAX,EAX
JE SHORT 0043E082
MOV DWORD PTR SS:[LOCAL.8],EBX
JMP SHORT 0043E082
MOV EBX,DWORD PTR DS:[<&KERNEL32.WideCha
CMP DWORD PTR SS:[LOCAL.11],EDI
JNE SHORT 0043E046
PUSH EDI
; /DefaultC
PUSH EDI

; |DefaultC

PUSH EDI

; |MultiCou

PUSH EDI

; |MultiByt

PUSH ESI

; |WideCoun

PUSH DWORD PTR SS:[LOCAL.7]

; |WideChar

PUSH EDI
PUSH DWORD PTR SS:[ARG.2]

; |Flags
; |CodePage

CALL EBX

; \KERNEL32

MOV ESI,EAX
CMP ESI,EDI
JE SHORT 0043E082
PUSH ESI
PUSH 1
CALL 00434E58

; /Arg2
; |Arg1 = 1
; \SystemIn

POP ECX
POP ECX
MOV DWORD PTR SS:[LOCAL.8],EAX
CMP EAX,EDI
JE SHORT 0043E082
PUSH EDI
PUSH EDI
PUSH ESI
PUSH EAX
PUSH ESI
PUSH DWORD PTR SS:[LOCAL.7]
PUSH EDI
PUSH DWORD PTR SS:[ARG.2]

0043E063 |.
0043E065 |.
0043E067 |.
0043E069 |.
[LOCAL.8]
0043E06C |.
fo.004331DE
0043E071 |.
0043E072 |.
0043E075 |.
0043E077 |>
0043E07B |.
0043E07D |.
0043E080 |.
0043E082 |>
0043E085 |.
0043E08A |.
0043E08B |>
0043E08E |>
0043E091 |.
0043E092 |.
0043E093 |.
0043E094 |.
0043E097 |.
0043E099 |.
0043E09E |.
0043E09F \.
0043E0A0 /$
0043E0A1 |.
0043E0A5 |.
0043E0A7 |.
0043E0AA |.
0043E0AC |.
0043E0AE |.
0043E0B0 |.
0043E0B1 \.^
0043E0B6 /.
0043E0B7 |.
0043E0BB |.
0043E0BD |.
0043E0C0 |.
0043E0C2 |.
0043E0C4 |.
0043E0C6 |.
0043E0C7 \.^
0043E0CC /$
0043E0CE |.
0043E0CF |.
0043E0D1 |.
0043E0D4 |.
0043E0D5 |.
[ARG.3]
0043E0D8 |.
0043E0DB |.
fo.0042EC65
0043E0E0 |.
0043E0E3 |.
0043E0E6 |.
0043E0EB |.
0043E0ED |.

FFD3
3BC7
75 0E
FF75 E0

CALL EBX
CMP EAX,EDI
JNE SHORT 0043E077
PUSH DWORD PTR SS:[LOCAL.8]

; /Arg1 =>

E8 6D51FFFF

CALL 004331DE

; \SystemIn

59
897D E0
EB 0B
837D DC FF
74 05
8B4D D0
8901
FF75 E4
E8 5367FFFF
59
8B45 E0
8D65 C0
5F
5E
5B
8B4D FC
33CD
E8 5306FFFF
C9
C3
51
8D4C24 08
2BC8
83E1 0F
03C1
1BC9
0BC1
59
E9 4A06FFFF
51
8D4C24 08
2BC8
83E1 07
03C1
1BC9
0BC1
59
E9 3406FFFF
8BFF
55
8BEC
83EC 18
53
FF75 10

POP ECX
MOV DWORD PTR SS:[LOCAL.8],EDI
JMP SHORT 0043E082
CMP DWORD PTR SS:[LOCAL.9],-1
JE SHORT 0043E082
MOV ECX,DWORD PTR SS:[LOCAL.12]
MOV DWORD PTR DS:[ECX],EAX
PUSH DWORD PTR SS:[LOCAL.7]
CALL 004347DD
POP ECX
MOV EAX,DWORD PTR SS:[LOCAL.8]
LEA ESP,[LOCAL.16]
POP EDI
POP ESI
POP EBX
MOV ECX,DWORD PTR SS:[LOCAL.1]
XOR ECX,EBP
CALL 0042E6F1
LEAVE
RETN
PUSH ECX
LEA ECX,[ARG.1]
SUB ECX,EAX
AND ECX,0000000F
ADD EAX,ECX
SBB ECX,ECX
OR EAX,ECX
POP ECX
JMP 0042E700
PUSH ECX
LEA ECX,[ARG.1]
SUB ECX,EAX
AND ECX,00000007
ADD EAX,ECX
SBB ECX,ECX
OR EAX,ECX
POP ECX
JMP 0042E700
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
SUB ESP,18
PUSH EBX
PUSH DWORD PTR SS:[ARG.3]

; /Arg1 =>

8D4D E8
E8 850BFFFF

LEA ECX,[LOCAL.6]
CALL 0042EC65

; |
; \SystemIn

8B5D 08
8D43 01
3D 00010000
77 0F
8B45 E8

MOV EBX,DWORD PTR SS:[ARG.1]


LEA EAX,[EBX+1]
CMP EAX,100
JA SHORT 0043E0FC
MOV EAX,DWORD PTR SS:[LOCAL.6]

0043E0F0 |. 8B80 C8000000


0043E0F6 |. 0FB70458
0043E0FA |. EB 75
0043E0FC |> 895D 08
0043E0FF |. C17D 08 08
0043E103 |. 8D45 E8
0043E106 |. 50
OFFSET LOCAL.6
0043E107 |. 8B45 08
0043E10A |. 25 FF000000
0043E10F |. 50
0043E110 |. E8 3E81FFFF
fo.00436253
0043E115 |. 59
0043E116 |. 59
0043E117 |. 85C0
0043E119 |. 74 12
0043E11B |. 8A45 08
0043E11E |. 6A 02
0043E120 |. 8845 F8
0043E123 |. 885D F9
0043E126 |. C645 FA 00
0043E12A |. 59
0043E12B |. EB 0A
0043E12D |> 33C9
0043E12F |. 885D F8
0043E132 |. C645 F9 00
0043E136 |. 41
0043E137 |> 8B45 E8
0043E13A |. 6A 01
0043E13C |. FF70 14
0043E13F |. FF70 04
0043E142 |. 8D45 FC
0043E145 |. 50
OFFSET LOCAL.1
0043E146 |. 51
0043E147 |. 8D45 F8
0043E14A |. 50
OFFSET LOCAL.2
0043E14B |. 8D45 E8
0043E14E |. 6A 01
0043E150 |. 50
OFFSET LOCAL.6
0043E151 |. E8 0283FFFF
fo.00436458
0043E156 |. 83C4 20
0043E159 |. 85C0
0043E15B |. 75 10
0043E15D |. 3845 F4
0043E160 |. 74 07
0043E162 |. 8B45 F0
0043E165 |. 8360 70 FD
0043E169 |> 33C0
0043E16B |. EB 14
0043E16D |> 0FB745 FC
0043E171 |> 2345 0C
0043E174 |. 807D F4 00
0043E178 |. 74 07
0043E17A |. 8B4D F0
0043E17D |. 8361 70 FD

MOV EAX,DWORD PTR DS:[EAX+0C8]


MOVZX EAX,WORD PTR DS:[EBX*2+EAX]
JMP SHORT 0043E171
MOV DWORD PTR SS:[ARG.1],EBX
SAR DWORD PTR SS:[ARG.1],8
LEA EAX,[LOCAL.6]
PUSH EAX

; /Arg2 =>

MOV EAX,DWORD PTR SS:[ARG.1]


AND EAX,000000FF
PUSH EAX
CALL 00436253

;
;
;
;

|
|
|Arg1
\SystemIn

POP ECX
POP ECX
TEST EAX,EAX
JE SHORT 0043E12D
MOV AL,BYTE PTR SS:[ARG.1]
PUSH 2
MOV BYTE PTR SS:[LOCAL.2],AL
MOV BYTE PTR SS:[LOCAL.2+1],BL
MOV BYTE PTR SS:[LOCAL.2+2],0
POP ECX
JMP SHORT 0043E137
XOR ECX,ECX
MOV BYTE PTR SS:[LOCAL.2],BL
MOV BYTE PTR SS:[LOCAL.2+1],0
INC ECX
MOV EAX,DWORD PTR SS:[LOCAL.6]
PUSH 1
PUSH DWORD PTR DS:[EAX+14]
PUSH DWORD PTR DS:[EAX+4]
LEA EAX,[LOCAL.1]
PUSH EAX

;
;
;
;
;

/Arg8 = 1
|Arg7
|Arg6
|
|Arg5 =>

PUSH ECX
LEA EAX,[LOCAL.2]
PUSH EAX

; |Arg4
; |
; |Arg3 =>

LEA EAX,[LOCAL.6]
PUSH 1
PUSH EAX

; |
; |Arg2 = 1
; |Arg1 =>

CALL 00436458

; \SystemIn

ADD ESP,20
TEST EAX,EAX
JNE SHORT 0043E16D
CMP BYTE PTR SS:[LOCAL.3],AL
JE SHORT 0043E169
MOV EAX,DWORD PTR SS:[LOCAL.4]
AND DWORD PTR DS:[EAX+70],FFFFFFFD
XOR EAX,EAX
JMP SHORT 0043E181
MOVZX EAX,WORD PTR SS:[LOCAL.1]
AND EAX,DWORD PTR SS:[ARG.2]
CMP BYTE PTR SS:[LOCAL.3],0
JE SHORT 0043E181
MOV ECX,DWORD PTR SS:[LOCAL.4]
AND DWORD PTR DS:[ECX+70],FFFFFFFD

0043E181 |>
0043E182 |.
0043E183 \.
0043E184 /$
0043E186 |.
0043E18B |.
0043E190 |.
0043E193 |.
0043E195 |.
0043E197 |.
0043E199 |.
0043E19B |.
0043E19C |.
0043E19E |.
0043E1A0 |.
0043E1A3 |.
0043E1A5 |.
0043E1A6 |.
0043E1A8 |.
fo.004343FD
0043E1AD |.
0043E1B3 |.
0043E1B4 |.
0043E1B5 |.
0043E1B6 |.
0043E1B7 |.
0043E1B8 |.
fo.0042E862
0043E1BD |.
0043E1C0 |>
0043E1C2 |.
0043E1C7 |>
0043E1CB |.
0043E1CD |.
0043E1D0 |.
0043E1D2 |.
0043E1D4 |.
0043E1D6 |.
0043E1D7 |>
0043E1D9 |.
0043E1DC |.
0043E1DF |.
0043E1E1 |.
0043E1E8 |.
0043E1EA |.
0043E1ED |.
0043E1F0 |.
0043E1F3 |.
0043E1F6 |.
0043E1FC |.
0043E1FE |.
0043E200 |.
fo.00438680
0043E205 |.
0043E206 |.
0043E209 |.
[ARG.EBP+8]
0043E20C |.
fo.0043CA78
0043E211 |.

5B
C9
C3
6A 0C
68 A8F54400
E8 5CA8FFFF
8B4D 08
33FF
3BCF
76 2E
6A E0
58
33D2
F7F1
3B45 0C
1BC0
40
75 1F
E8 5062FFFF

POP EBX
LEAVE
RETN
PUSH 0C
PUSH OFFSET 0044F5A8
CALL 004389EC
MOV ECX,DWORD PTR SS:[EBP+8]
XOR EDI,EDI
CMP ECX,EDI
JBE SHORT 0043E1C7
PUSH -20
POP EAX
XOR EDX,EDX
DIV ECX
CMP EAX,DWORD PTR SS:[EBP+0C]
SBB EAX,EAX
INC EAX
JNE SHORT 0043E1C7
CALL 004343FD

; [SystemIn

C700 0C000000
57
57
57
57
57
E8 A506FFFF

MOV DWORD PTR DS:[EAX],0C


PUSH EDI
PUSH EDI
PUSH EDI
PUSH EDI
PUSH EDI
CALL 0042E862

;
;
;
;
;
;

83C4 14
33C0
E9 D5000000
0FAF4D 0C
8BF1
8975 08
3BF7
75 03
33F6
46
33DB
895D E4
83FE E0
77 69
833D 94374500
75 4B
83C6 0F
83E6 F0
8975 0C
8B45 08
3B05 84374500
77 37
6A 04
E8 7BA4FFFF

ADD ESP,14
XOR EAX,EAX
JMP 0043E29C
IMUL ECX,DWORD PTR SS:[EBP+0C]
MOV ESI,ECX
MOV DWORD PTR SS:[EBP+8],ESI
CMP ESI,EDI
JNE SHORT 0043E1D7
XOR ESI,ESI
INC ESI
/XOR EBX,EBX
|MOV DWORD PTR SS:[EBP-1C],EBX
|CMP ESI,-20
|JA SHORT 0043E24A
|CMP DWORD PTR DS:[453794],3
|JNE SHORT 0043E235
|ADD ESI,0F
|AND ESI,FFFFFFF0
|MOV DWORD PTR SS:[EBP+0C],ESI
|MOV EAX,DWORD PTR SS:[EBP+8]
|CMP EAX,DWORD PTR DS:[453784]
|JA SHORT 0043E235
|PUSH 4
|CALL 00438680

; /Arg1 = 4
; \SystemIn

59
897D FC
FF75 08

|POP ECX
|MOV DWORD PTR SS:[EBP-4],EDI
|PUSH DWORD PTR SS:[EBP+8]

; /Arg1 =>

E8 67E8FFFF

|CALL 0043CA78

; \SystemIn

59

|POP ECX

/Arg5
|Arg4
|Arg3
|Arg2
|Arg1
\SystemIn

0043E212 |. 8945 E4
0043E215 |. C745 FC FEFFF
0043E21C |. E8 5F000000
0043E221 |. 8B5D E4
0043E224 |. 3BDF
0043E226 |. 74 11
0043E228 |. FF75 08
[ARG.EBP+8]
0043E22B |. 57
0043E22C |. 53
[ARG.EBP-1C]
0043E22D |. E8 6E06FFFF
fo.0042E8A0
0043E232 |. 83C4 0C
0043E235 |> 3BDF
0043E237 |. 75 61
0043E239 |> 56
0043E23A |. 6A 08
HEAP_ZERO_MEMORY
0043E23C |. FF35 08324500
ULL
0043E242 |. FF15 A4804400
lAllocateHeap
0043E248 |. 8BD8
0043E24A |> 3BDF
0043E24C |. 75 4C
0043E24E |. 393D 48364500
0043E254 |. 74 33
0043E256 |. 56
0043E257 |. E8 4585FFFF
fo.004367A1
0043E25C |. 59
0043E25D |. 85C0
0043E25F |.^ 0F85 72FFFFFF
0043E265 |. 8B45 10
0043E268 |. 3BC7
0043E26A |.^ 0F84 50FFFFFF
0043E270 |. C700 0C000000
0043E276 \.^ E9 45FFFFFF
0043E27B
33
0043E27C
FF
0043E27D
8B
0043E27E
75
0043E27F
0C
0043E280 /$ 6A 04
0043E282 |. E8 1FA3FFFF
fo.004385A6
0043E287 |. 59
0043E288 \. C3
0043E289 /> 3BDF
0043E28B |. 75 0D
0043E28D |. 8B45 10
0043E290 |. 3BC7
0043E292 |. 74 06
0043E294 |. C700 0C000000
0043E29A |> 8BC3
0043E29C |> E8 90A7FFFF
0043E2A1 \. C3
0043E2A2 /$ 6A 10
0043E2A4 |. 68 C8F54400

|MOV DWORD PTR SS:[EBP-1C],EAX


|MOV DWORD PTR SS:[EBP-4],-2
|CALL 0043E280
|MOV EBX,DWORD PTR SS:[EBP-1C]
|CMP EBX,EDI
|JE SHORT 0043E239
|PUSH DWORD PTR SS:[EBP+8]

; /Arg3 =>

|PUSH EDI
|PUSH EBX

; |Arg2
; |Arg1 =>

|CALL 0042E8A0

; \SystemIn

|ADD ESP,0C
|CMP EBX,EDI
|JNE SHORT 0043E29A
|PUSH ESI
|PUSH 8

; /Size
; |Flags =

|PUSH DWORD PTR DS:[453208]

; |Heap = N

|CALL DWORD PTR DS:[<&KERNEL32.HeapAlloc ; \NTDLL.Rt


|MOV EBX,EAX
|CMP EBX,EDI
|JNE SHORT 0043E29A
|CMP DWORD PTR DS:[453648],EDI
|JE SHORT 0043E289
|PUSH ESI
|CALL 004367A1
|POP ECX
|TEST EAX,EAX
\JNE 0043E1D7
MOV EAX,DWORD PTR SS:[EBP+10]
CMP EAX,EDI
JE 0043E1C0
MOV DWORD PTR DS:[EAX],0C
JMP 0043E1C0
DB 33
DB FF
DB 8B
DB 75
DB 0C
PUSH 4
CALL 004385A6
POP ECX
RETN
CMP EBX,EDI
JNE SHORT 0043E29A
MOV EAX,DWORD PTR SS:[EBP+10]
CMP EAX,EDI
JE SHORT 0043E29A
MOV DWORD PTR DS:[EAX],0C
MOV EAX,EBX
CALL 00438A31
RETN
PUSH 10
PUSH OFFSET 0044F5C8

; /Arg1
; \SystemIn

; CHAR '3'
;
;
;
;

CHAR 'u'
Form Feed
/Arg1 = 4
\SystemIn

0043E2A9 |.
0043E2AE |.
0043E2B1 |.
0043E2B3 |.
0043E2B5 |.
[ARG.EBP+0C]
0043E2B8 |.
fo.00435A36
0043E2BD |.
0043E2BE |.
0043E2C3 |>
0043E2C6 |.
0043E2C8 |.
0043E2CA |.
[ARG.EBP+8]
0043E2CB |.
fo.004331DE
0043E2D0 |.
0043E2D1 |.
0043E2D6 |>
0043E2DD |.
0043E2E3 |>
0043E2E5 |.
0043E2E8 |.
0043E2EB |.
0043E2F1 |.
0043E2F3 |.
fo.00438680
0043E2F8 |.
0043E2F9 |.
0043E2FC |.
0043E2FD |.
fo.0043C299
0043E302 |.
0043E303 |.
0043E306 |.
0043E308 |.
0043E30E |.
0043E314 |.
0043E316 |.
0043E317 |.
0043E318 |.
0043E319 |.
fo.0043C797
0043E31E |.
0043E321 |.
0043E323 |.
0043E325 |.
0043E328 |.
0043E32A |>
0043E32B |.
fo.0043CA78
0043E330 |.
0043E331 |.
0043E334 |.
0043E336 |.
0043E338 |.
0043E33B |.
0043E33C |.
0043E33E |.

E8 3EA7FFFF
8B5D 08
85DB
75 0E
FF75 0C

CALL 004389EC
MOV EBX,DWORD PTR SS:[EBP+8]
TEST EBX,EBX
JNE SHORT 0043E2C3
PUSH DWORD PTR SS:[EBP+0C]

; /Arg1 =>

E8 7977FFFF

CALL 00435A36

; \SystemIn

59
E9 CC010000
8B75 0C
85F6
75 0C
53

POP ECX
JMP 0043E48F
MOV ESI,DWORD PTR SS:[EBP+0C]
TEST ESI,ESI
JNE SHORT 0043E2D6
PUSH EBX

; /Arg1 =>

E8 0E4FFFFF

CALL 004331DE

; \SystemIn

59
E9 B7010000
833D 94374500
0F85 93010000
33FF
897D E4
83FE E0
0F87 8A010000
6A 04
E8 88A3FFFF

POP ECX
JMP 0043E48D
CMP DWORD PTR DS:[453794],3
JNE 0043E476
XOR EDI,EDI
MOV DWORD PTR SS:[EBP-1C],EDI
CMP ESI,-20
JA 0043E47B
PUSH 4
CALL 00438680

; /Arg1 = 4
; \SystemIn

59
897D FC
53
E8 97DFFFFF

POP ECX
MOV DWORD PTR SS:[EBP-4],EDI
PUSH EBX
CALL 0043C299

; /Arg1
; \SystemIn

59
8945 E0
3BC7
0F84 9E000000
3B35 84374500
77 49
56
53
50
E8 79E4FFFF

POP ECX
MOV DWORD PTR SS:[EBP-20],EAX
CMP EAX,EDI
JE 0043E3AC
CMP ESI,DWORD PTR DS:[453784]
JA SHORT 0043E35F
PUSH ESI
PUSH EBX
PUSH EAX
CALL 0043C797

;
;
;
;

83C4 0C
85C0
74 05
895D E4
EB 35
56
E8 48E7FFFF

ADD ESP,0C
TEST EAX,EAX
JE SHORT 0043E32A
MOV DWORD PTR SS:[EBP-1C],EBX
JMP SHORT 0043E35F
PUSH ESI
CALL 0043CA78

; /Arg1
; \SystemIn

59
8945 E4
3BC7
74 27
8B43 FC
48
3BC6
72 02

POP ECX
MOV DWORD PTR SS:[EBP-1C],EAX
CMP EAX,EDI
JE SHORT 0043E35F
MOV EAX,DWORD PTR DS:[EBX-4]
DEC EAX
CMP EAX,ESI
JB SHORT 0043E342

/Arg3
|Arg2
|Arg1
\SystemIn

0043E340 |.
0043E342 |>
0043E343 |.
0043E344 |.
[ARG.EBP-1C]
0043E347 |.
fo.0042F1F0
0043E34C |.
0043E34D |.
fo.0043C299
0043E352 |.
0043E355 |.
0043E356 |.
0043E357 |.
0043E35C |.
0043E35F |>
0043E362 |.
0043E364 |.
0043E366 |.
0043E368 |.
0043E36A |.
0043E36B |.
0043E36E |>
0043E371 |.
0043E374 |.
0043E377 |.
0043E378 |.
0043E379 |.
ULL
0043E37F |.
lAllocateHeap
0043E385 |.
0043E388 |.
0043E38A |.
0043E38C |.
0043E38F |.
0043E390 |.
0043E392 |.
0043E394 |.
0043E396 |>
0043E397 |.
0043E398 |.
[ARG.EBP-1C]
0043E39B |.
fo.0042F1F0
0043E3A0 |.
0043E3A1 |.
0043E3A4 |.
0043E3A9 |.
0043E3AC |>
0043E3B3 |.
0043E3B8 |.
0043E3BC |.
0043E3BE |.
0043E3C0 |.
0043E3C2 |.
0043E3C3 |>
0043E3C6 |.
0043E3C9 |.
0043E3CC |.

8BC6
50
53
FF75 E4

MOV EAX,ESI
PUSH EAX
PUSH EBX
PUSH DWORD PTR SS:[EBP-1C]

; /Arg3
; |Arg2
; |Arg1 =>

E8 A40EFFFF

CALL 0042F1F0

; \SystemIn

53
E8 47DFFFFF

PUSH EBX
CALL 0043C299

; /Arg1
; \SystemIn

8945 E0
53
50
E8 6DDFFFFF
83C4 18
397D E4
75 48
3BF7
75 06
33F6
46
8975 0C
83C6 0F
83E6 F0
8975 0C
56
57
FF35 08324500

MOV DWORD PTR SS:[EBP-20],EAX


PUSH EBX
PUSH EAX
CALL 0043C2C9
ADD ESP,18
CMP DWORD PTR SS:[EBP-1C],EDI
JNE SHORT 0043E3AC
CMP ESI,EDI
JNE SHORT 0043E36E
XOR ESI,ESI
INC ESI
MOV DWORD PTR SS:[EBP+0C],ESI
ADD ESI,0F
AND ESI,FFFFFFF0
MOV DWORD PTR SS:[EBP+0C],ESI
PUSH ESI
PUSH EDI
PUSH DWORD PTR DS:[453208]

; /Size
; |Flags
; |Heap = N

FF15 A4804400 CALL DWORD PTR DS:[<&KERNEL32.HeapAlloc> ; \NTDLL.Rt


8945 E4
3BC7
74 20
8B43 FC
48
3BC6
72 02
8BC6
50
53
FF75 E4

MOV DWORD PTR SS:[EBP-1C],EAX


CMP EAX,EDI
JE SHORT 0043E3AC
MOV EAX,DWORD PTR DS:[EBX-4]
DEC EAX
CMP EAX,ESI
JB SHORT 0043E396
MOV EAX,ESI
PUSH EAX
PUSH EBX
PUSH DWORD PTR SS:[EBP-1C]

; /Arg3
; |Arg2
; |Arg1 =>

E8 500EFFFF

CALL 0042F1F0

; \SystemIn

53
FF75 E0
E8 20DFFFFF
83C4 14
C745 FC FEFFF
E8 2E000000
837D E0 00
75 31
85F6
75 01
46
83C6 0F
83E6 F0
8975 0C
56

PUSH EBX
PUSH DWORD PTR SS:[EBP-20]
CALL 0043C2C9
ADD ESP,14
MOV DWORD PTR SS:[EBP-4],-2
CALL 0043E3E6
CMP DWORD PTR SS:[EBP-20],0
JNE SHORT 0043E3EF
TEST ESI,ESI
JNE SHORT 0043E3C3
INC ESI
ADD ESI,0F
AND ESI,FFFFFFF0
MOV DWORD PTR SS:[EBP+0C],ESI
PUSH ESI

; /Size

0043E3CD |. 53
0043E3CE |. 6A 00
0
0043E3D0 |. FF35 08324500
ULL
0043E3D6 |. FF15 9C804400
lReAllocateHeap
0043E3DC |. 8BF8
0043E3DE \. EB 12
0043E3E0
8B
0043E3E1
75
0043E3E2
0C
0043E3E3
8B
0043E3E4
5D
0043E3E5
08
0043E3E6 /$ 6A 04
0043E3E8 |. E8 B9A1FFFF
fo.004385A6
0043E3ED |. 59
0043E3EE \. C3
0043E3EF /> 8B7D E4
0043E3F2 |> 85FF
0043E3F4 |. 0F85 BF000000
0043E3FA |. 393D 48364500
0043E400 |. 74 2C
0043E402 |. 56
0043E403 |. E8 9983FFFF
fo.004367A1
0043E408 |. 59
0043E409 |. 85C0
0043E40B |.^ 0F85 D2FEFFFF
0043E411 |. E8 E75FFFFF
fo.004343FD
0043E416 |. 397D E0
0043E419 |. 75 6C
0043E41B |> 8BF0
0043E41D |. FF15 58804400
.GetLastError
0043E423 |. 50
0043E424 |. E8 925FFFFF
fo.004343BB
0043E429 |. 59
0043E42A |. 8906
0043E42C |. EB 5F
0043E42E |> 85FF
0043E430 |. 0F85 83000000
0043E436 |. E8 C25FFFFF
fo.004343FD
0043E43B |. 397D E0
0043E43E |. 74 68
0043E440 |. C700 0C000000
0043E446 |. EB 71
0043E448 |> 85F6
0043E44A |. 75 01
0043E44C |. 46
0043E44D |> 56
0043E44E |. 53
0043E44F |. 6A 00
0
0043E451 |. FF35 08324500

PUSH EBX
PUSH 0

; |pMem
; |Flags =

PUSH DWORD PTR DS:[453208]

; |Heap = N

CALL DWORD PTR DS:[<&KERNEL32.HeapReAllo ; \NTDLL.Rt


MOV EDI,EAX
JMP SHORT 0043E3F2
DB 8B
DB 75
DB 0C
DB 8B
DB 5D
DB 08
PUSH 4
CALL 004385A6

; CHAR 'u'
; Form Feed
;
;
;
;

CHAR ']'
Backspace
/Arg1 = 4
\SystemIn

POP ECX
RETN
MOV EDI,DWORD PTR SS:[EBP-1C]
TEST EDI,EDI
JNE 0043E4B9
CMP DWORD PTR DS:[453648],EDI
JE SHORT 0043E42E
PUSH ESI
CALL 004367A1

; /Arg1
; \SystemIn

POP ECX
TEST EAX,EAX
JNE 0043E2E3
CALL 004343FD

; [SystemIn

CMP DWORD PTR SS:[EBP-20],EDI


JNE SHORT 0043E487
MOV ESI,EAX
CALL DWORD PTR DS:[<&KERNEL32.GetLastErr ; [KERNEL32
PUSH EAX
CALL 004343BB

; /Arg1
; \SystemIn

POP ECX
MOV DWORD PTR DS:[ESI],EAX
JMP SHORT 0043E48D
TEST EDI,EDI
JNE 0043E4B9
CALL 004343FD

; [SystemIn

CMP DWORD PTR SS:[EBP-20],EDI


JE SHORT 0043E4A8
MOV DWORD PTR DS:[EAX],0C
JMP SHORT 0043E4B9
/TEST ESI,ESI
|JNE SHORT 0043E44D
|INC ESI
|PUSH ESI
|PUSH EBX
|PUSH 0

; /Size
; |pMem
; |Flags =

|PUSH DWORD PTR DS:[453208]

; |Heap = N

ULL
0043E457 |. FF15 9C804400 |CALL DWORD PTR DS:[<&KERNEL32.HeapReAll
lReAllocateHeap
0043E45D |. 8BF8
|MOV EDI,EAX
0043E45F |. 85FF
|TEST EDI,EDI
0043E461 |. 75 56
|JNE SHORT 0043E4B9
0043E463 |. 3905 48364500 |CMP DWORD PTR DS:[453648],EAX
0043E469 |. 74 34
|JE SHORT 0043E49F
0043E46B |. 56
|PUSH ESI
0043E46C |. E8 3083FFFF |CALL 004367A1
fo.004367A1
0043E471 |. 59
|POP ECX
0043E472 |. 85C0
|TEST EAX,EAX
0043E474 |. 74 1F
|JE SHORT 0043E495
0043E476 |> 83FE E0
|CMP ESI,-20
0043E479 |.^ 76 CD
\JBE SHORT 0043E448
0043E47B |> 56
PUSH ESI
0043E47C |. E8 2083FFFF CALL 004367A1
fo.004367A1
0043E481 |. 59
POP ECX
0043E482 |. E8 765FFFFF CALL 004343FD
fo.004343FD
0043E487 |> C700 0C000000 MOV DWORD PTR DS:[EAX],0C
0043E48D |> 33C0
XOR EAX,EAX
0043E48F |> E8 9DA5FFFF CALL 00438A31
0043E494 |. C3
RETN
0043E495 |> E8 635FFFFF CALL 004343FD
fo.004343FD
0043E49A |.^ E9 7CFFFFFF JMP 0043E41B
0043E49F |> 85FF
TEST EDI,EDI
0043E4A1 |. 75 16
JNE SHORT 0043E4B9
0043E4A3 |. E8 555FFFFF CALL 004343FD
fo.004343FD
0043E4A8 |> 8BF0
MOV ESI,EAX
0043E4AA |. FF15 58804400 CALL DWORD PTR DS:[<&KERNEL32.GetLastErr
.GetLastError
0043E4B0 |. 50
PUSH EAX
0043E4B1 |. E8 055FFFFF CALL 004343BB
fo.004343BB
0043E4B6 |. 8906
MOV DWORD PTR DS:[ESI],EAX
0043E4B8 |. 59
POP ECX
0043E4B9 |> 8BC7
MOV EAX,EDI
0043E4BB \.^ EB D2
JMP SHORT 0043E48F
0043E4BD /$ 8BFF
MOV EDI,EDI
o.0043E4BD(guessed Arg1,Arg2,Arg3)
0043E4BF |. 55
PUSH EBP
0043E4C0 |. 8BEC
MOV EBP,ESP
0043E4C2 |. 8B4D 0C
MOV ECX,DWORD PTR SS:[ARG.2]
0043E4C5 |. 53
PUSH EBX
0043E4C6 |. 33DB
XOR EBX,EBX
0043E4C8 |. 3BCB
CMP ECX,EBX
0043E4CA |. 76 28
JBE SHORT 0043E4F4
0043E4CC |. 6A E0
PUSH -20
0043E4CE |. 33D2
XOR EDX,EDX
0043E4D0 |. 58
POP EAX
0043E4D1 |. F7F1
DIV ECX
0043E4D3 |. 3B45 10
CMP EAX,DWORD PTR SS:[ARG.3]
0043E4D6 |. 73 1C
JNB SHORT 0043E4F4
0043E4D8 |. E8 205FFFFF CALL 004343FD
fo.004343FD

; \NTDLL.Rt

; /Arg1
; \SystemIn

; /Arg1
; \SystemIn
; [SystemIn

; [SystemIn

; [SystemIn
; [KERNEL32
; /Arg1
; \SystemIn

; SystemInf

; [SystemIn

0043E4DD |. 53
PUSH EBX
0043E4DE |. 53
PUSH EBX
0043E4DF |. 53
PUSH EBX
0043E4E0 |. 53
PUSH EBX
0043E4E1 |. 53
PUSH EBX
0043E4E2 |. C700 0C000000 MOV DWORD PTR DS:[EAX],0C
0043E4E8 |. E8 7503FFFF CALL 0042E862
fo.0042E862
0043E4ED |. 83C4 14
ADD ESP,14
0043E4F0 |. 33C0
XOR EAX,EAX
0043E4F2 |. EB 41
JMP SHORT 0043E535
0043E4F4 |> 0FAF4D 10
IMUL ECX,DWORD PTR SS:[ARG.3]
0043E4F8 |. 56
PUSH ESI
0043E4F9 |. 57
PUSH EDI
0043E4FA |. 8BF1
MOV ESI,ECX
0043E4FC |. 395D 08
CMP DWORD PTR SS:[ARG.1],EBX
0043E4FF |. 74 0B
JE SHORT 0043E50C
0043E501 |. FF75 08
PUSH DWORD PTR SS:[ARG.1]
0043E504 |. E8 54E8FFFF CALL 0043CD5D
0043E509 |. 59
POP ECX
0043E50A |. 8BD8
MOV EBX,EAX
0043E50C |> 56
PUSH ESI
0043E50D |. FF75 08
PUSH DWORD PTR SS:[ARG.1]
0043E510 |. E8 8DFDFFFF CALL 0043E2A2
0043E515 |. 8BF8
MOV EDI,EAX
0043E517 |. 59
POP ECX
0043E518 |. 59
POP ECX
0043E519 |. 85FF
TEST EDI,EDI
0043E51B |. 74 14
JE SHORT 0043E531
0043E51D |. 3BDE
CMP EBX,ESI
0043E51F |. 73 10
JNB SHORT 0043E531
0043E521 |. 2BF3
SUB ESI,EBX
0043E523 |. 56
PUSH ESI
0043E524 |. 6A 00
PUSH 0
0043E526 |. 03DF
ADD EBX,EDI
0043E528 |. 53
PUSH EBX
0043E529 |. E8 7203FFFF CALL 0042E8A0
fo.0042E8A0
0043E52E |. 83C4 0C
ADD ESP,0C
0043E531 |> 8BC7
MOV EAX,EDI
0043E533 |. 5F
POP EDI
0043E534 |. 5E
POP ESI
0043E535 |> 5B
POP EBX
0043E536 |. 5D
POP EBP
0043E537 \. C3
RETN
0043E538
CC
INT3
0043E539
CC
INT3
0043E53A
CC
INT3
0043E53B
CC
INT3
0043E53C
CC
INT3
0043E53D
CC
INT3
0043E53E
CC
INT3
0043E53F
CC
INT3
0043E540 /$ 56
PUSH ESI
o.0043E540(guessed Arg1,Arg2,Arg3,Arg4)
0043E541 |. 8B4424 14
MOV EAX,DWORD PTR SS:[ARG.4]
0043E545 |. 0BC0
OR EAX,EAX
0043E547 |. 75 28
JNE SHORT 0043E571
0043E549 |. 8B4C24 10
MOV ECX,DWORD PTR SS:[ARG.3]
0043E54D |. 8B4424 0C
MOV EAX,DWORD PTR SS:[ARG.2]

;
;
;
;
;
;
;

/Arg5
|Arg4
|Arg3
|Arg2
|Arg1
|
\SystemIn

;
;
;
;
;

/Arg3
|Arg2 = 0
|
|Arg1
\SystemIn

; SystemInf

0043E551
0043E553
0043E555
0043E557
0043E55B
0043E55D
0043E55F
0043E561
0043E565
0043E567
0043E569
0043E56D
0043E56F
0043E571
0043E573
0043E577
0043E57B
0043E57F
0043E581
0043E583
0043E585
0043E587
0043E589
0043E58B
0043E58D
0043E58F
0043E593
0043E595
0043E599
0043E59B
0043E59D
0043E59F
0043E5A3
0043E5A5
0043E5A7
0043E5AB
0043E5AD
0043E5AE
0043E5B2
0043E5B6
0043E5B8
0043E5BC
0043E5C0
0043E5C2
0043E5C4
0043E5C7
0043E5C9
0043E5CB
0043E5CD
0043E5CF
0043E5D1
0043E5D2
0043E5D5
0043E5D6
0043E5D7
0043E5D8
0043E5D9
0043E5DB
0043E5DC
0043E5DD

|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|>
|.
|.
|.
|.
|.^
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|>
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
\.

/.
|.
|.
|.
|.

33D2
F7F1
8BD8
8B4424 08
F7F1
8BF0
8BC3
F76424 10
8BC8
8BC6
F76424 10
03D1
EB 47
8BC8
8B5C24 10
8B5424 0C
8B4424 08
D1E9
D1DB
D1EA
D1D8
0BC9
75 F4
F7F3
8BF0
F76424 14
8BC8
8B4424 10
F7E6
03D1
72 0E
3B5424 0C
77 08
72 0F
3B4424 08
76 09
4E
2B4424 10
1B5424 14
33DB
2B4424 08
1B5424 0C
F7DA
F7D8
83DA 00
8BCA
8BD3
8BD9
8BC8
8BC6
5E
C2 1000
CC
CC
CC
55
8BEC
53
56
57

XOR EDX,EDX
DIV ECX
MOV EBX,EAX
MOV EAX,DWORD PTR SS:[ARG.1]
DIV ECX
MOV ESI,EAX
MOV EAX,EBX
MUL DWORD PTR SS:[ARG.3]
MOV ECX,EAX
MOV EAX,ESI
MUL DWORD PTR SS:[ARG.3]
ADD EDX,ECX
JMP SHORT 0043E5B8
MOV ECX,EAX
MOV EBX,DWORD PTR SS:[ARG.3]
MOV EDX,DWORD PTR SS:[ARG.2]
MOV EAX,DWORD PTR SS:[ARG.1]
/SHR ECX,1
|RCR EBX,1
|SHR EDX,1
|RCR EAX,1
|OR ECX,ECX
\JNE SHORT 0043E57F
DIV EBX
MOV ESI,EAX
MUL DWORD PTR SS:[ARG.4]
MOV ECX,EAX
MOV EAX,DWORD PTR SS:[ARG.3]
MUL ESI
ADD EDX,ECX
JB SHORT 0043E5AD
CMP EDX,DWORD PTR SS:[ARG.2]
JA SHORT 0043E5AD
JB SHORT 0043E5B6
CMP EAX,DWORD PTR SS:[ARG.1]
JBE SHORT 0043E5B6
DEC ESI
SUB EAX,DWORD PTR SS:[ARG.3]
SBB EDX,DWORD PTR SS:[ARG.4]
XOR EBX,EBX
SUB EAX,DWORD PTR SS:[ARG.1]
SBB EDX,DWORD PTR SS:[ARG.2]
NEG EDX
NEG EAX
SBB EDX,0
MOV ECX,EDX
MOV EDX,EBX
MOV EBX,ECX
MOV ECX,EAX
MOV EAX,ESI
POP ESI
RETN 10
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
PUSH EBX
PUSH ESI
PUSH EDI

0043E5DE |. 55
0043E5DF |. 6A 00
0043E5E1 |. 6A 00
0043E5E3 |. 68 F0E54300
0043E5E8 |. FF75 08
0043E5EB |. E8 0E640000
ernel32.RtlUnwind
0043E5F0 |. 5D
0043E5F1 |. 5F
0043E5F2 |. 5E
0043E5F3 |. 5B
0043E5F4 |. 8BE5
0043E5F6 |. 5D
0043E5F7 \. C3
0043E5F8 /. 8B4C24 04
0043E5FC |. F741 04 06000
0043E603 |. B8 01000000
0043E608 |. 74 32
0043E60A |. 8B4424 14
0043E60E |. 8B48 FC
0043E611 |. 33C8
0043E613 |. E8 D900FFFF
0043E618 |. 55
0043E619 |. 8B68 10
0043E61C |. 8B50 28
0043E61F |. 52
0043E620 |. 8B50 24
0043E623 |. 52
0043E624 |. E8 14000000
0043E629 |. 83C4 08
0043E62C |. 5D
0043E62D |. 8B4424 08
0043E631 |. 8B5424 10
0043E635 |. 8902
0043E637 |. B8 03000000
0043E63C \> C3
0043E63D /$ 53
0043E63E |. 56
0043E63F |. 57
0043E640 |. 8B4424 10
0043E644 |. 55
0043E645 |. 50
0043E646 |. 6A FE
0043E648 |. 68 F8E54300
0043E64D |. 64:FF35 00000
0043E654 |. A1 A0154500
0043E659 |. 33C4
0043E65B |. 50
0043E65C |. 8D4424 04
0043E660 |. 64:A3 0000000
0043E666 |> 8B4424 28
0043E66A |. 8B58 08
0043E66D |. 8B70 0C
0043E670 |. 83FE FF
0043E673 |. 74 3A
0043E675 |. 837C24 2C FF
0043E67A |. 74 06
0043E67C |. 3B7424 2C
0043E680 |. 76 2D
0043E682 |> 8D3476

PUSH
PUSH
PUSH
PUSH
PUSH
CALL

EBP
0
0
0043E5F0
DWORD PTR SS:[ARG.1]
<JMP.&KERNEL32.RtlUnwind>

POP EBP
POP EDI
POP ESI
POP EBX
MOV ESP,EBP
POP EBP
RETN
MOV ECX,DWORD PTR SS:[ARG.1]
TEST DWORD PTR DS:[ECX+4],00000006
MOV EAX,1
JE SHORT 0043E63C
MOV EAX,DWORD PTR SS:[ARG.5]
MOV ECX,DWORD PTR DS:[EAX-4]
XOR ECX,EAX
CALL 0042E6F1
PUSH EBP
MOV EBP,DWORD PTR DS:[EAX+10]
MOV EDX,DWORD PTR DS:[EAX+28]
PUSH EDX
MOV EDX,DWORD PTR DS:[EAX+24]
PUSH EDX
CALL 0043E63D
ADD ESP,8
POP EBP
MOV EAX,DWORD PTR SS:[ARG.2]
MOV EDX,DWORD PTR SS:[ARG.4]
MOV DWORD PTR DS:[EDX],EAX
MOV EAX,3
RETN
PUSH EBX
PUSH ESI
PUSH EDI
MOV EAX,DWORD PTR SS:[ARG.1]
PUSH EBP
PUSH EAX
PUSH -2
PUSH 0043E5F8
PUSH DWORD PTR FS:[0]
MOV EAX,DWORD PTR DS:[4515A0]
XOR EAX,ESP
PUSH EAX
LEA EAX,[LOCAL.7]
MOV DWORD PTR FS:[0],EAX
/MOV EAX,DWORD PTR SS:[ARG.1]
|MOV EBX,DWORD PTR DS:[EAX+8]
|MOV ESI,DWORD PTR DS:[EAX+0C]
|CMP ESI,-1
|JE SHORT 0043E6AF
|CMP DWORD PTR SS:[ARG.2],-1
|JE SHORT 0043E682
|CMP ESI,DWORD PTR SS:[ARG.2]
|JBE SHORT 0043E6AF
|LEA ESI,[ESI*2+ESI]

; Jump to k

0043E685 |. 8B0CB3
0043E688 |. 894C24 0C
0043E68C |. 8948 0C
0043E68F |. 837CB3 04 00
0043E694 |.^ 75 17
0043E696 |. 68 01010000
01
0043E69B |. 8B44B3 08
0043E69F |. E8 49000000
fo.0043E6ED
0043E6A4 |. 8B44B3 08
0043E6A8 |. E8 5F000000
0043E6AD |>^ EB B7
0043E6AF |> 8B4C24 04
0043E6B3 |. 64:890D 00000
0043E6BA |. 83C4 18
0043E6BD |. 5F
0043E6BE |. 5E
0043E6BF |. 5B
0043E6C0 \. C3
0043E6C1 /. 33C0
0043E6C3 |. 64:8B0D 00000
0043E6CA |. 8179 04 F8E54
0043E6D1 |. 75 10
0043E6D3 |. 8B51 0C
0043E6D6 |. 8B52 0C
0043E6D9 |. 3951 08
0043E6DC |. 75 05
0043E6DE |. B8 01000000
0043E6E3 \> C3
0043E6E4 /$ 53
o.0043E6E4(guessed Arg1)
0043E6E5 |. 51
0043E6E6 |. BB A0234500
0043E6EB \. EB 0B
0043E6ED /$ 53
o.0043E6ED(guessed Arg1)
0043E6EE |. 51
0043E6EF |. BB A0234500
0043E6F4 |. 8B4C24 0C
0043E6F8 |> 894B 08
0043E6FB |. 8943 04
0043E6FE |. 896B 0C
0043E701 |. 55
0043E702 |. 51
0043E703 |. 50
0043E704 |. 58
0043E705 |. 59
0043E706 |. 5D
0043E707 |. 59
0043E708 |. 5B
0043E709 \. C2 0400
0043E70C /$ FFD0
0043E70E \. C3
0043E70F /$ 8BFF
0043E711 |. 55
0043E712 |. 8BEC
0043E714 |. 83EC 10
0043E717 |. FF75 08
[ARG.1]

|MOV ECX,DWORD PTR DS:[ESI*4+EBX]


|MOV DWORD PTR SS:[LOCAL.5],ECX
|MOV DWORD PTR DS:[EAX+0C],ECX
|CMP DWORD PTR DS:[ESI*4+EBX+4],0
|JNE SHORT 0043E6AD
|PUSH 101

; /Arg1 = 1

|MOV EAX,DWORD PTR DS:[ESI*4+EBX+8]


|CALL 0043E6ED

; |
; \SystemIn

|MOV EAX,DWORD PTR DS:[ESI*4+EBX+8]


|CALL 0043E70C
\JMP SHORT 0043E666
MOV ECX,DWORD PTR SS:[LOCAL.7]
MOV DWORD PTR FS:[0],ECX
ADD ESP,18
POP EDI
POP ESI
POP EBX
RETN
XOR EAX,EAX
MOV ECX,DWORD PTR FS:[0]
CMP DWORD PTR DS:[ECX+4],0043E5F8
JNE SHORT 0043E6E3
MOV EDX,DWORD PTR DS:[ECX+0C]
MOV EDX,DWORD PTR DS:[EDX+0C]
CMP DWORD PTR DS:[ECX+8],EDX
JNE SHORT 0043E6E3
MOV EAX,1
RETN
PUSH EBX

; SystemInf

PUSH ECX
MOV EBX,OFFSET 004523A0
JMP SHORT 0043E6F8
PUSH EBX

; SystemInf

PUSH ECX
MOV EBX,OFFSET 004523A0
MOV ECX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR DS:[EBX+8],ECX
MOV DWORD PTR DS:[EBX+4],EAX
MOV DWORD PTR DS:[EBX+0C],EBP
PUSH EBP
PUSH ECX
PUSH EAX
POP EAX
POP ECX
POP EBP
POP ECX
POP EBX
RETN 4
CALL EAX
RETN
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
SUB ESP,10
PUSH DWORD PTR SS:[ARG.1]

; /Arg1 =>

0043E71A |. 8D4D F0
LEA ECX,[LOCAL.4]
0043E71D |. E8 4305FFFF CALL 0042EC65
fo.0042EC65
0043E722 |. FF75 18
PUSH DWORD PTR SS:[ARG.5]
[ARG.5]
0043E725 |. FF75 14
PUSH DWORD PTR SS:[ARG.4]
[ARG.4]
0043E728 |. FF75 10
PUSH DWORD PTR SS:[ARG.3]
> [ARG.3]
0043E72B |. FF75 0C
PUSH DWORD PTR SS:[ARG.2]
> [ARG.2]
0043E72E |. FF15 28804400 CALL DWORD PTR DS:[<&KERNEL32.GetLocaleI
.GetLocaleInfoW
0043E734 |. 807D FC 00
CMP BYTE PTR SS:[LOCAL.1],0
0043E738 |. 74 07
JE SHORT 0043E741
0043E73A |. 8B4D F8
MOV ECX,DWORD PTR SS:[LOCAL.2]
0043E73D |. 8361 70 FD
AND DWORD PTR DS:[ECX+70],FFFFFFFD
0043E741 |> C9
LEAVE
0043E742 \. C3
RETN
0043E743 /$ 8BFF
MOV EDI,EDI
o.0043E743(guessed Arg1,Arg2,Arg3,Arg4,Arg5,Arg6)
0043E745 |. 55
PUSH EBP
0043E746 |. 8BEC
MOV EBP,ESP
0043E748 |. 51
PUSH ECX
0043E749 |. 51
PUSH ECX
0043E74A |. A1 A0154500 MOV EAX,DWORD PTR DS:[4515A0]
0043E74F |. 33C5
XOR EAX,EBP
0043E751 |. 8945 FC
MOV DWORD PTR SS:[LOCAL.1],EAX
0043E754 |. A1 88364500 MOV EAX,DWORD PTR DS:[453688]
0043E759 |. 53
PUSH EBX
0043E75A |. 8B1D 28804400 MOV EBX,DWORD PTR DS:[<&KERNEL32.GetLoca
0043E760 |. 56
PUSH ESI
0043E761 |. 57
PUSH EDI
0043E762 |. 33FF
XOR EDI,EDI
0043E764 |. 33F6
XOR ESI,ESI
0043E766 |. 47
INC EDI
0043E767 |. 3BC6
CMP EAX,ESI
0043E769 |. 75 2C
JNE SHORT 0043E797
0043E76B |. 56
PUSH ESI
0
0043E76C |. 56
PUSH ESI
NULL
0043E76D |. 57
PUSH EDI
> 1
0043E76E |. 56
PUSH ESI
> LOCALE_NEUTRAL
0043E76F |. FFD3
CALL EBX
.GetLocaleInfoW
0043E771 |. 85C0
TEST EAX,EAX
0043E773 |. 74 08
JE SHORT 0043E77D
0043E775 |. 893D 88364500 MOV DWORD PTR DS:[453688],EDI
0043E77B |. EB 2F
JMP SHORT 0043E7AC
0043E77D |> FF15 58804400 CALL DWORD PTR DS:[<&KERNEL32.GetLastErr
.GetLastError
0043E783 |. 83F8 78
CMP EAX,78
=> ERROR_CALL_NOT_IMPLEMENTED
0043E786 |. 75 0A
JNE SHORT 0043E792
0043E788 |. 6A 02
PUSH 2
0043E78A |. 58
POP EAX
0043E78B |. A3 88364500 MOV DWORD PTR DS:[453688],EAX

; |
; \SystemIn
; /Count =>
; |pData =>
; |LCType =
; |Locale =
; \KERNEL32

; SystemInf

; /Count =>
; |pData =>
; |LCType =
; |Locale =
; \KERNEL32

; [KERNEL32
; CONST 78

0043E790 |. EB 05
0043E792 |> A1 88364500
0043E797 |> 83F8 02
0043E79A |. 0F84 BE000000
0043E7A0 |. 3BC6
0043E7A2 |. 0F84 B6000000
0043E7A8 |. 3BC7
0043E7AA |. 75 23
0043E7AC |> 3975 1C
0043E7AF |. 75 0B
0043E7B1 |. 8B45 08
0043E7B4 |. 8B00
0043E7B6 |. 8B40 04
0043E7B9 |. 8945 1C
0043E7BC |> 56
0
0043E7BD |. 56
NULL
0043E7BE |. FF75 10
> [ARG.3]
0043E7C1 |. FF75 0C
> [ARG.2]
0043E7C4 |. FFD3
.GetLocaleInfoW
0043E7C6 |. 8BC8
0043E7C8 |. 894D F8
0043E7CB |. 3BCE
0043E7CD |. 75 07
0043E7CF |> 33C0
0043E7D1 |. E9 9A000000
0043E7D6 |> 7E 45
0043E7D8 |. 6A E0
0043E7DA |. 33D2
0043E7DC |. 58
0043E7DD |. F7F1
0043E7DF |. 83F8 02
0043E7E2 |. 72 39
0043E7E4 |. 8D4409 08
0043E7E8 |. 3D 00040000
0043E7ED |. 77 16
0043E7EF |. E8 ACF8FFFF
0043E7F4 |. 8BFC
0043E7F6 |. 3BFE
0043E7F8 |.^ 74 D5
0043E7FA |. C707 CCCC0000
0043E800 |. 83C7 08
0043E803 |. EB 1A
0043E805 |> 50
0043E806 |. E8 2B72FFFF
fo.00435A36
0043E80B |. 59
0043E80C |. 3BC6
0043E80E |. 74 09
0043E810 |. C700 DDDD0000
0043E816 |. 83C0 08
0043E819 |> 8BF8
0043E81B |. EB 02
0043E81D |> 33FF
0043E81F |> 3BFE
0043E821 |.^ 74 AC

JMP SHORT 0043E797


MOV EAX,DWORD PTR DS:[453688]
CMP EAX,2
JE 0043E85E
CMP EAX,ESI
JE 0043E85E
CMP EAX,EDI
JNE SHORT 0043E7CF
CMP DWORD PTR SS:[ARG.6],ESI
JNE SHORT 0043E7BC
MOV EAX,DWORD PTR SS:[ARG.1]
MOV EAX,DWORD PTR DS:[EAX]
MOV EAX,DWORD PTR DS:[EAX+4]
MOV DWORD PTR SS:[ARG.6],EAX
PUSH ESI

; /Count =>

PUSH ESI

; |pData =>

PUSH DWORD PTR SS:[ARG.3]

; |LCType =

PUSH DWORD PTR SS:[ARG.2]

; |Locale =

CALL EBX

; \KERNEL32

MOV ECX,EAX
MOV DWORD PTR SS:[LOCAL.2],ECX
CMP ECX,ESI
JNE SHORT 0043E7D6
XOR EAX,EAX
JMP 0043E870
JLE SHORT 0043E81D
PUSH -20
XOR EDX,EDX
POP EAX
DIV ECX
CMP EAX,2
JB SHORT 0043E81D
LEA EAX,[ECX+ECX+8]
CMP EAX,400
JA SHORT 0043E805
CALL 0043E0A0
MOV EDI,ESP
CMP EDI,ESI
JE SHORT 0043E7CF
MOV DWORD PTR DS:[EDI],0CCCC
ADD EDI,8
JMP SHORT 0043E81F
PUSH EAX
CALL 00435A36

; /Arg1
; \SystemIn

POP ECX
CMP EAX,ESI
JE SHORT 0043E819
MOV DWORD PTR DS:[EAX],0DDDD
ADD EAX,8
MOV EDI,EAX
JMP SHORT 0043E81F
XOR EDI,EDI
CMP EDI,ESI
JE SHORT 0043E7CF

0043E823 |. FF75 F8
PUSH DWORD PTR SS:[LOCAL.2]
0043E826 |. 57
PUSH EDI
0043E827 |. FF75 10
PUSH DWORD PTR SS:[ARG.3]
0043E82A |. FF75 0C
PUSH DWORD PTR SS:[ARG.2]
0043E82D |. FFD3
CALL EBX
0043E82F |. 85C0
TEST EAX,EAX
0043E831 |. 74 20
JE SHORT 0043E853
0043E833 |. 56
PUSH ESI
harUsed
0043E834 |. 56
PUSH ESI
har
0043E835 |. 3975 18
CMP DWORD PTR SS:[ARG.5],ESI
0043E838 |. 75 04
JNE SHORT 0043E83E
0043E83A |. 56
PUSH ESI
0043E83B |. 56
PUSH ESI
0043E83C |. EB 06
JMP SHORT 0043E844
0043E83E |> FF75 18
PUSH DWORD PTR SS:[ARG.5]
0043E841 |. FF75 14
PUSH DWORD PTR SS:[ARG.4]
0043E844 |> 6A FF
PUSH -1
t = -1.
0043E846 |. 57
PUSH EDI
0043E847 |. 56
PUSH ESI
0043E848 |. FF75 1C
PUSH DWORD PTR SS:[ARG.6]
=> [ARG.6]
0043E84B |. FF15 38814400 CALL DWORD PTR DS:[<&KERNEL32.WideCharTo
.WideCharToMultiByte
0043E851 |. 8BF0
MOV ESI,EAX
0043E853 |> 57
PUSH EDI
0043E854 |. E8 845FFFFF CALL 004347DD
0043E859 |. 59
POP ECX
0043E85A |. 8BC6
MOV EAX,ESI
0043E85C |. EB 12
JMP SHORT 0043E870
0043E85E |> FF75 18
PUSH DWORD PTR SS:[ARG.5]
[ARG.5]
0043E861 |. FF75 14
PUSH DWORD PTR SS:[ARG.4]
[ARG.4]
0043E864 |. FF75 10
PUSH DWORD PTR SS:[ARG.3]
> [ARG.3]
0043E867 |. FF75 0C
PUSH DWORD PTR SS:[ARG.2]
> [ARG.2]
0043E86A |. FF15 64804400 CALL DWORD PTR DS:[<&KERNEL32.GetLocaleI
.GetLocaleInfoA
0043E870 |> 8D65 EC
LEA ESP,[LOCAL.5]
0043E873 |. 5F
POP EDI
0043E874 |. 5E
POP ESI
0043E875 |. 5B
POP EBX
0043E876 |. 8B4D FC
MOV ECX,DWORD PTR SS:[LOCAL.1]
0043E879 |. 33CD
XOR ECX,EBP
0043E87B |. E8 71FEFEFF CALL 0042E6F1
0043E880 |. C9
LEAVE
0043E881 \. C3
RETN
0043E882 /$ 8BFF
MOV EDI,EDI
o.0043E882(guessed Arg1,Arg2,Arg3,Arg4,Arg5,Arg6)
0043E884 |. 55
PUSH EBP
0043E885 |. 8BEC
MOV EBP,ESP
0043E887 |. 83EC 10
SUB ESP,10
0043E88A |. FF75 08
PUSH DWORD PTR SS:[ARG.1]
[ARG.1]
0043E88D |. 8D4D F0
LEA ECX,[LOCAL.4]
0043E890 |. E8 D003FFFF CALL 0042EC65

; /DefaultC
; |DefaultC
;
;
;
;
;
;
;
;

|
|
|
|
|
|
|
|WideCoun

; |WideChar
; |Flags
; |CodePage
; \KERNEL32

; /Count =>
; |pData =>
; |LCType =
; |Locale =
; \KERNEL32

; SystemInf

; /Arg1 =>
; |
; \SystemIn

fo.0042EC65
0043E895 |. FF75 1C
PUSH DWORD PTR SS:[ARG.6]
[ARG.6]
0043E898 |. 8D45 F0
LEA EAX,[LOCAL.4]
0043E89B |. FF75 18
PUSH DWORD PTR SS:[ARG.5]
[ARG.5]
0043E89E |. FF75 14
PUSH DWORD PTR SS:[ARG.4]
[ARG.4]
0043E8A1 |. FF75 10
PUSH DWORD PTR SS:[ARG.3]
[ARG.3]
0043E8A4 |. FF75 0C
PUSH DWORD PTR SS:[ARG.2]
[ARG.2]
0043E8A7 |. 50
PUSH EAX
OFFSET LOCAL.4
0043E8A8 |. E8 96FEFFFF CALL 0043E743
fo.0043E743
0043E8AD |. 83C4 18
ADD ESP,18
0043E8B0 |. 807D FC 00
CMP BYTE PTR SS:[LOCAL.1],0
0043E8B4 |. 74 07
JE SHORT 0043E8BD
0043E8B6 |. 8B4D F8
MOV ECX,DWORD PTR SS:[LOCAL.2]
0043E8B9 |. 8361 70 FD
AND DWORD PTR DS:[ECX+70],FFFFFFFD
0043E8BD |> C9
LEAVE
0043E8BE \. C3
RETN
0043E8BF /$ 8BFF
MOV EDI,EDI
o.0043E8BF(guessed Arg1,Arg2,Arg3,Arg4)
0043E8C1 |. 55
PUSH EBP
0043E8C2 |. 8BEC
MOV EBP,ESP
0043E8C4 |. 51
PUSH ECX
0043E8C5 |. 51
PUSH ECX
0043E8C6 |. 8B45 0C
MOV EAX,DWORD PTR SS:[ARG.2]
0043E8C9 |. 56
PUSH ESI
0043E8CA |. 8B75 08
MOV ESI,DWORD PTR SS:[ARG.1]
0043E8CD |. 8945 F8
MOV DWORD PTR SS:[LOCAL.2],EAX
0043E8D0 |. 8B45 10
MOV EAX,DWORD PTR SS:[ARG.3]
0043E8D3 |. 57
PUSH EDI
0043E8D4 |. 56
PUSH ESI
[ARG.1]
0043E8D5 |. 8945 FC
MOV DWORD PTR SS:[LOCAL.1],EAX
0043E8D8 |. E8 C6210000 CALL 00440AA3
fo.00440AA3
0043E8DD |. 83CF FF
OR EDI,FFFFFFFF
0043E8E0 |. 59
POP ECX
0043E8E1 |. 3BC7
CMP EAX,EDI
0043E8E3 |. 75 11
JNE SHORT 0043E8F6
0043E8E5 |. E8 135BFFFF CALL 004343FD
fo.004343FD
0043E8EA |. C700 09000000 MOV DWORD PTR DS:[EAX],9
0043E8F0 |> 8BC7
MOV EAX,EDI
0043E8F2 |. 8BD7
MOV EDX,EDI
0043E8F4 |. EB 4A
JMP SHORT 0043E940
0043E8F6 |> FF75 14
PUSH DWORD PTR SS:[ARG.4]
> [ARG.4]
0043E8F9 |. 8D4D FC
LEA ECX,[LOCAL.1]
0043E8FC |. 51
PUSH ECX
eHi => OFFSET LOCAL.1
0043E8FD |. FF75 F8
PUSH DWORD PTR SS:[LOCAL.2]
Lo => [ARG.2]
0043E900 |. 50
PUSH EAX
0043E901 |. FF15 D8814400 CALL DWORD PTR DS:[<&KERNEL32.SetFilePoi
.SetFilePointer

; /Arg6 =>
; |
; |Arg5 =>
; |Arg4 =>
; |Arg3 =>
; |Arg2 =>
; |Arg1 =>
; \SystemIn

; SystemInf

; /Arg1 =>
; |
; \SystemIn

; [SystemIn

; /Origin =
; |
; |pDistanc
; |Distance
; |hFile
; \KERNEL32

0043E907 |. 8945 F8
MOV DWORD PTR SS:[LOCAL.2],EAX
0043E90A |. 3BC7
CMP EAX,EDI
0043E90C |. 75 13
JNE SHORT 0043E921
0043E90E |. FF15 58804400 CALL DWORD PTR DS:[<&KERNEL32.GetLastErr
.GetLastError
0043E914 |. 85C0
TEST EAX,EAX
0043E916 |. 74 09
JE SHORT 0043E921
0043E918 |. 50
PUSH EAX
0043E919 |. E8 055BFFFF CALL 00434423
fo.00434423
0043E91E |. 59
POP ECX
0043E91F |.^ EB CF
JMP SHORT 0043E8F0
0043E921 |> 8BC6
MOV EAX,ESI
0043E923 |. C1F8 05
SAR EAX,5
0043E926 |. 8B0485 A03745 MOV EAX,DWORD PTR DS:[EAX*4+4537A0]
0043E92D |. 83E6 1F
AND ESI,0000001F
0043E930 |. C1E6 06
SHL ESI,6
0043E933 |. 8D4430 04
LEA EAX,[ESI+EAX+4]
0043E937 |. 8020 FD
AND BYTE PTR DS:[EAX],FD
0043E93A |. 8B45 F8
MOV EAX,DWORD PTR SS:[LOCAL.2]
0043E93D |. 8B55 FC
MOV EDX,DWORD PTR SS:[LOCAL.1]
0043E940 |> 5F
POP EDI
0043E941 |. 5E
POP ESI
0043E942 |. C9
LEAVE
0043E943 \. C3
RETN
0043E944 /$ 6A 14
PUSH 14
o.0043E944(guessed Arg1,Arg2,Arg3,Arg4)
0043E946 |. 68 E8F54400 PUSH OFFSET 0044F5E8
0043E94B |. E8 9CA0FFFF CALL 004389EC
0043E950 |. 83CE FF
OR ESI,FFFFFFFF
0043E953 |. 8975 DC
MOV DWORD PTR SS:[EBP-24],ESI
0043E956 |. 8975 E0
MOV DWORD PTR SS:[EBP-20],ESI
0043E959 |. 8B45 08
MOV EAX,DWORD PTR SS:[EBP+8]
0043E95C |. 83F8 FE
CMP EAX,-2
0043E95F |. 75 1C
JNE SHORT 0043E97D
0043E961 |. E8 AA5AFFFF CALL 00434410
fo.00434410
0043E966 |. 8320 00
AND DWORD PTR DS:[EAX],00000000
0043E969 |. E8 8F5AFFFF CALL 004343FD
fo.004343FD
0043E96E |. C700 09000000 MOV DWORD PTR DS:[EAX],9
0043E974 |> 8BC6
MOV EAX,ESI
0043E976 |. 8BD6
MOV EDX,ESI
0043E978 |. E9 D0000000 JMP 0043EA4D
0043E97D |> 33FF
XOR EDI,EDI
0043E97F |. 3BC7
CMP EAX,EDI
0043E981 |. 7C 08
JL SHORT 0043E98B
0043E983 |. 3B05 98374500 CMP EAX,DWORD PTR DS:[453798]
0043E989 |. 72 21
JB SHORT 0043E9AC
0043E98B |> E8 805AFFFF CALL 00434410
fo.00434410
0043E990 |. 8938
MOV DWORD PTR DS:[EAX],EDI
0043E992 |. E8 665AFFFF CALL 004343FD
fo.004343FD
0043E997 |. C700 09000000 MOV DWORD PTR DS:[EAX],9
0043E99D |. 57
PUSH EDI
0043E99E |. 57
PUSH EDI
0043E99F |. 57
PUSH EDI
0043E9A0 |. 57
PUSH EDI
0043E9A1 |. 57
PUSH EDI

; [KERNEL32

; /Arg1
; \SystemIn

; SystemInf

; [SystemIn
; [SystemIn

; [SystemIn
; [SystemIn
;
;
;
;
;

/Arg5
|Arg4
|Arg3
|Arg2
|Arg1

0043E9A2 |.
fo.0042E862
0043E9A7 |.
0043E9AA |.^
0043E9AC |>
0043E9AE |.
0043E9B1 |.
0043E9B8 |.
0043E9BA |.
0043E9BD |.
0043E9C0 |.
0043E9C2 |.
0043E9C7 |.
0043E9CA |.
0043E9CC |.
fo.00434410
0043E9D1 |.
0043E9D3 |.
fo.004343FD
0043E9D8 |.
0043E9DE |.
0043E9DF |.
0043E9E0 |.
0043E9E1 |.
0043E9E2 |.
0043E9E3 |.
fo.0042E862
0043E9E8 |.
0043E9EB |.
0043E9EE |.
0043E9F0 |.
0043E9F2 |>
0043E9F3 |.
0043E9F8 |.
0043E9F9 |.
0043E9FC |.
0043E9FE |.
0043EA03 |.
0043EA05 |.
[ARG.EBP+14]
0043EA08 |.
[ARG.EBP+10]
0043EA0B |.
[ARG.EBP+0C]
0043EA0E |.
[ARG.EBP+8]
0043EA11 |.
fo.0043E8BF
0043EA16 |.
0043EA19 |.
0043EA1C |.
0043EA1F |.
0043EA21 |>
fo.004343FD
0043EA26 |.
0043EA2C |.
fo.00434410
0043EA31 |.
0043EA33 |.
0043EA37 |.

E8 BBFEFEFF

CALL 0042E862

; \SystemIn

83C4 14
EB C8
8BC8
C1F9 05
8D1C8D A03745
8BF0
83E6 1F
C1E6 06
8B0B
0FBE4C31 04
83E1 01
75 26
E8 3F5AFFFF

ADD ESP,14
JMP SHORT 0043E974
MOV ECX,EAX
SAR ECX,5
LEA EBX,[ECX*4+4537A0]
MOV ESI,EAX
AND ESI,0000001F
SHL ESI,6
MOV ECX,DWORD PTR DS:[EBX]
MOVSX ECX,BYTE PTR DS:[ESI+ECX+4]
AND ECX,00000001
JNE SHORT 0043E9F2
CALL 00434410

; [SystemIn

8938
E8 255AFFFF

MOV DWORD PTR DS:[EAX],EDI


CALL 004343FD

; [SystemIn

C700 09000000
57
57
57
57
57
E8 7AFEFEFF

MOV DWORD PTR DS:[EAX],9


PUSH EDI
PUSH EDI
PUSH EDI
PUSH EDI
PUSH EDI
CALL 0042E862

;
;
;
;
;
;

83C4 14
83CA FF
8BC2
EB 5B
50
E8 22210000
59
897D FC
8B03
F64430 04 01
74 1C
FF75 14

ADD ESP,14
OR EDX,FFFFFFFF
MOV EAX,EDX
JMP SHORT 0043EA4D
PUSH EAX
CALL 00440B1A
POP ECX
MOV DWORD PTR SS:[EBP-4],EDI
MOV EAX,DWORD PTR DS:[EBX]
TEST BYTE PTR DS:[ESI+EAX+4],01
JE SHORT 0043EA21
PUSH DWORD PTR SS:[EBP+14]

; /Arg4 =>

FF75 10

PUSH DWORD PTR SS:[EBP+10]

; |Arg3 =>

FF75 0C

PUSH DWORD PTR SS:[EBP+0C]

; |Arg2 =>

FF75 08

PUSH DWORD PTR SS:[EBP+8]

; |Arg1 =>

E8 A9FEFFFF

CALL 0043E8BF

; \SystemIn

83C4 10
8945 DC
8955 E0
EB 1A
E8 D759FFFF

ADD ESP,10
MOV DWORD PTR SS:[EBP-24],EAX
MOV DWORD PTR SS:[EBP-20],EDX
JMP SHORT 0043EA3B
CALL 004343FD

; [SystemIn

C700 09000000 MOV DWORD PTR DS:[EAX],9


E8 DF59FFFF CALL 00434410
8938
834D DC FF
834D E0 FF

MOV DWORD PTR DS:[EAX],EDI


OR DWORD PTR SS:[EBP-24],FFFFFFFF
OR DWORD PTR SS:[EBP-20],FFFFFFFF

/Arg5
|Arg4
|Arg3
|Arg2
|Arg1
\SystemIn

; [SystemIn

0043EA3B |> C745 FC FEFFF


0043EA42 |. E8 0C000000
0043EA47 |. 8B45 DC
0043EA4A |. 8B55 E0
0043EA4D |> E8 DF9FFFFF
0043EA52 \. C3
0043EA53 /$ FF75 08
0043EA56 |. E8 5F210000
0043EA5B |. 59
0043EA5C \. C3
0043EA5D /$ 8BFF
o.0043EA5D(guessed Arg1)
0043EA5F |. 55
0043EA60 |. 8BEC
0043EA62 |. 8B45 08
0043EA65 |. 83F8 FE
0043EA68 |. 75 0F
0043EA6A |. E8 8E59FFFF
fo.004343FD
0043EA6F |. C700 09000000
0043EA75 |. 33C0
0043EA77 |. 5D
0043EA78 |. C3
0043EA79 |> 56
0043EA7A |. 33F6
0043EA7C |. 3BC6
0043EA7E |. 7C 08
0043EA80 |. 3B05 98374500
0043EA86 |. 72 1C
0043EA88 |> E8 7059FFFF
fo.004343FD
0043EA8D |. 56
0043EA8E |. 56
0043EA8F |. 56
0043EA90 |. 56
0043EA91 |. 56
0043EA92 |. C700 09000000
0043EA98 |. E8 C5FDFEFF
fo.0042E862
0043EA9D |. 83C4 14
0043EAA0 |. 33C0
0043EAA2 |. EB 1A
0043EAA4 |> 8BC8
0043EAA6 |. 83E0 1F
0043EAA9 |. C1F9 05
0043EAAC |. 8B0C8D A03745
0043EAB3 |. C1E0 06
0043EAB6 |. 0FBE4401 04
0043EABB |. 83E0 40
0043EABE |> 5E
0043EABF |. 5D
0043EAC0 \. C3
0043EAC1 /$ A1 A0154500
0043EAC6 |. 83C8 01
0043EAC9 |. 33C9
0043EACB |. 3905 8C364500
0043EAD1 |. 0F94C1
0043EAD4 |. 8BC1
0043EAD6 \. C3
0043EAD7 /$ 8BFF

MOV DWORD PTR SS:[EBP-4],-2


CALL 0043EA53
MOV EAX,DWORD PTR SS:[EBP-24]
MOV EDX,DWORD PTR SS:[EBP-20]
CALL 00438A31
RETN
PUSH DWORD PTR SS:[EBP+8]
CALL 00440BBA
POP ECX
RETN
MOV EDI,EDI

; SystemInf

PUSH EBP
MOV EBP,ESP
MOV EAX,DWORD PTR SS:[ARG.1]
CMP EAX,-2
JNE SHORT 0043EA79
CALL 004343FD

; [SystemIn

MOV DWORD PTR DS:[EAX],9


XOR EAX,EAX
POP EBP
RETN
PUSH ESI
XOR ESI,ESI
CMP EAX,ESI
JL SHORT 0043EA88
CMP EAX,DWORD PTR DS:[453798]
JB SHORT 0043EAA4
CALL 004343FD

; [SystemIn

PUSH ESI
PUSH ESI
PUSH ESI
PUSH ESI
PUSH ESI
MOV DWORD PTR DS:[EAX],9
CALL 0042E862

;
;
;
;
;
;
;

ADD ESP,14
XOR EAX,EAX
JMP SHORT 0043EABE
MOV ECX,EAX
AND EAX,0000001F
SAR ECX,5
MOV ECX,DWORD PTR DS:[ECX*4+4537A0]
SHL EAX,6
MOVSX EAX,BYTE PTR DS:[EAX+ECX+4]
AND EAX,00000040
POP ESI
POP EBP
RETN
MOV EAX,DWORD PTR DS:[4515A0]
OR EAX,00000001
XOR ECX,ECX
CMP DWORD PTR DS:[45368C],EAX
SETE CL
MOV EAX,ECX
RETN
MOV EDI,EDI

/Arg5
|Arg4
|Arg3
|Arg2
|Arg1
|
\SystemIn

0043EAD9 |.
0043EADA |.
0043EADC |.
0043EADF |.
0043EAE0 |.
0043EAE1 |.
0043EAE4 |.
0043EAE6 |.
0043EAE7 |.
0043EAEA |.
0043EAEC |.
0043EAEE |.
0043EAF0 |.
0043EAF2 |.
0043EAF5 |.
0043EAF7 |.
0043EAF9 |.
0043EAFB |>
0043EAFD |.
0043EB02 |>
0043EB05 |.
0043EB07 |.
0043EB09 |.
0043EB0C |>
0043EB12 |.
0043EB14 |.
fo.004343FD
0043EB19 |.
0043EB1B |.
0043EB1C |.
0043EB1D |.
0043EB1E |.
0043EB1F |.
0043EB20 |.
0043EB21 |.
0043EB23 |.
fo.0042E862
0043EB28 |.
0043EB2B |>
0043EB2D |.
0043EB2F |>
[ARG.5]
0043EB32 |.
0043EB35 |.
fo.0042EC65
0043EB3A |.
0043EB3D |.
0043EB40 |.
0043EB46 |.
0043EB4A |.
0043EB4F |.
0043EB52 |.
0043EB54 |.
0043EB56 |.
0043EB58 |.
0043EB5A |.
0043EB5C |.
0043EB5D |.
0043EB5E |.
0043EB5F |.

55
8BEC
83EC 10
53
56
8B75 0C
33DB
57
8B7D 10
3BF3
75 14
3BFB
76 10
8B45 08
3BC3
74 02
8918
33C0
E9 83000000
8B45 08
3BC3
74 03
8308 FF
81FF FFFFFF7F
76 1B
E8 E458FFFF

PUSH EBP
MOV EBP,ESP
SUB ESP,10
PUSH EBX
PUSH ESI
MOV ESI,DWORD PTR SS:[ARG.2]
XOR EBX,EBX
PUSH EDI
MOV EDI,DWORD PTR SS:[ARG.3]
CMP ESI,EBX
JNE SHORT 0043EB02
CMP EDI,EBX
JBE SHORT 0043EB02
MOV EAX,DWORD PTR SS:[ARG.1]
CMP EAX,EBX
JE SHORT 0043EAFB
MOV DWORD PTR DS:[EAX],EBX
XOR EAX,EAX
JMP 0043EB85
MOV EAX,DWORD PTR SS:[ARG.1]
CMP EAX,EBX
JE SHORT 0043EB0C
OR DWORD PTR DS:[EAX],FFFFFFFF
CMP EDI,7FFFFFFF
JBE SHORT 0043EB2F
CALL 004343FD

; [SystemIn

6A 16
5E
53
53
53
53
53
8930
E8 3AFDFEFF

PUSH 16
POP ESI
PUSH EBX
PUSH EBX
PUSH EBX
PUSH EBX
PUSH EBX
MOV DWORD PTR DS:[EAX],ESI
CALL 0042E862

;
;
;
;
;
;
;

83C4 14
8BC6
EB 56
FF75 18

ADD ESP,14
MOV EAX,ESI
JMP SHORT 0043EB85
PUSH DWORD PTR SS:[ARG.5]

; /Arg1 =>

8D4D F0
E8 2B01FFFF

LEA ECX,[LOCAL.4]
CALL 0042EC65

; |
; \SystemIn

8B45 F0
3958 14
0F85 9C000000
66:8B45 14
B9 FF000000
66:3BC1
76 36
3BF3
74 0F
3BFB
76 0B
57
53
56
E8 3CFDFEFF

MOV EAX,DWORD PTR SS:[LOCAL.4]


CMP DWORD PTR DS:[EAX+14],EBX
JNE 0043EBE2
MOV AX,WORD PTR SS:[ARG.4]
MOV ECX,0FF
CMP AX,CX
JBE SHORT 0043EB8A
CMP ESI,EBX
JE SHORT 0043EB67
CMP EDI,EBX
JBE SHORT 0043EB67
PUSH EDI
PUSH EBX
PUSH ESI
CALL 0042E8A0

;
;
;
;

/Arg5
|Arg4
|Arg3
|Arg2
|Arg1
|
\SystemIn

/Arg3
|Arg2
|Arg1
\SystemIn

fo.0042E8A0
0043EB64 |. 83C4 0C
0043EB67 |> E8 9158FFFF
fo.004343FD
0043EB6C |. C700 2A000000
0043EB72 |. E8 8658FFFF
fo.004343FD
0043EB77 |. 8B00
0043EB79 |. 385D FC
0043EB7C |. 74 07
0043EB7E |. 8B4D F8
0043EB81 |. 8361 70 FD
0043EB85 |> 5F
0043EB86 |. 5E
0043EB87 |. 5B
0043EB88 |. C9
0043EB89 |. C3
0043EB8A |> 3BF3
0043EB8C |. 74 32
0043EB8E |. 3BFB
0043EB90 |. 77 2C
0043EB92 |> E8 6658FFFF
fo.004343FD
0043EB97 |. 6A 22
0043EB99 |. 5E
0043EB9A |. 53
0043EB9B |. 53
0043EB9C |. 53
0043EB9D |. 53
0043EB9E |. 53
0043EB9F |. 8930
0043EBA1 |. E8 BCFCFEFF
fo.0042E862
0043EBA6 |. 83C4 14
0043EBA9 |. 385D FC
0043EBAC |.^ 0F84 79FFFFFF
0043EBB2 |. 8B45 F8
0043EBB5 |. 8360 70 FD
0043EBB9 |.^ E9 6DFFFFFF
0043EBBE |> 8806
0043EBC0 |> 8B45 08
0043EBC3 |. 3BC3
0043EBC5 |. 74 06
0043EBC7 |. C700 01000000
0043EBCD |> 385D FC
0043EBD0 |.^ 0F84 25FFFFFF
0043EBD6 |. 8B45 F8
0043EBD9 |. 8360 70 FD
0043EBDD |.^ E9 19FFFFFF
0043EBE2 |> 8D4D 0C
0043EBE5 |. 51
harUsed => OFFSET ARG.2
0043EBE6 |. 53
har
0043EBE7 |. 57
nt
0043EBE8 |. 56
e
0043EBE9 |. 6A 01
t = 1

ADD ESP,0C
CALL 004343FD

; [SystemIn

MOV DWORD PTR DS:[EAX],2A


CALL 004343FD

; [SystemIn

MOV EAX,DWORD PTR DS:[EAX]


CMP BYTE PTR SS:[LOCAL.1],BL
JE SHORT 0043EB85
MOV ECX,DWORD PTR SS:[LOCAL.2]
AND DWORD PTR DS:[ECX+70],FFFFFFFD
POP EDI
POP ESI
POP EBX
LEAVE
RETN
CMP ESI,EBX
JE SHORT 0043EBC0
CMP EDI,EBX
JA SHORT 0043EBBE
CALL 004343FD

; [SystemIn

PUSH 22
POP ESI
PUSH EBX
PUSH EBX
PUSH EBX
PUSH EBX
PUSH EBX
MOV DWORD PTR DS:[EAX],ESI
CALL 0042E862

;
;
;
;
;
;
;

ADD ESP,14
CMP BYTE PTR SS:[LOCAL.1],BL
JE 0043EB2B
MOV EAX,DWORD PTR SS:[LOCAL.2]
AND DWORD PTR DS:[EAX+70],FFFFFFFD
JMP 0043EB2B
MOV BYTE PTR DS:[ESI],AL
MOV EAX,DWORD PTR SS:[ARG.1]
CMP EAX,EBX
JE SHORT 0043EBCD
MOV DWORD PTR DS:[EAX],1
CMP BYTE PTR SS:[LOCAL.1],BL
JE 0043EAFB
MOV EAX,DWORD PTR SS:[LOCAL.2]
AND DWORD PTR DS:[EAX+70],FFFFFFFD
JMP 0043EAFB
LEA ECX,[ARG.2]
PUSH ECX

; /DefaultC

PUSH EBX

; |DefaultC

PUSH EDI

; |MultiCou

PUSH ESI

; |MultiByt

PUSH 1

; |WideCoun

/Arg5
|Arg4
|Arg3
|Arg2
|Arg1
|
\SystemIn

0043EBEB |. 8D4D 14
LEA ECX,[ARG.4]
0043EBEE |. 51
PUSH ECX
=> OFFSET ARG.4
0043EBEF |. 53
PUSH EBX
0043EBF0 |. 895D 0C
MOV DWORD PTR SS:[ARG.2],EBX
0043EBF3 |. FF70 04
PUSH DWORD PTR DS:[EAX+4]
0043EBF6 |. FF15 38814400 CALL DWORD PTR DS:[<&KERNEL32.WideCharTo
.WideCharToMultiByte
0043EBFC |. 3BC3
CMP EAX,EBX
0043EBFE |. 74 14
JE SHORT 0043EC14
0043EC00 |. 395D 0C
CMP DWORD PTR SS:[ARG.2],EBX
0043EC03 |.^ 0F85 5EFFFFFF JNE 0043EB67
0043EC09 |. 8B4D 08
MOV ECX,DWORD PTR SS:[ARG.1]
0043EC0C |. 3BCB
CMP ECX,EBX
0043EC0E |.^ 74 BD
JE SHORT 0043EBCD
0043EC10 |. 8901
MOV DWORD PTR DS:[ECX],EAX
0043EC12 |.^ EB B9
JMP SHORT 0043EBCD
0043EC14 |> FF15 58804400 CALL DWORD PTR DS:[<&KERNEL32.GetLastErr
.GetLastError
0043EC1A |. 83F8 7A
CMP EAX,7A
=> ERROR_INSUFFICIENT_BUFFER
0043EC1D |.^ 0F85 44FFFFFF JNE 0043EB67
0043EC23 |. 3BF3
CMP ESI,EBX
0043EC25 |.^ 0F84 67FFFFFF JE 0043EB92
0043EC2B |. 3BFB
CMP EDI,EBX
0043EC2D |.^ 0F86 5FFFFFFF JBE 0043EB92
0043EC33 |. 57
PUSH EDI
0043EC34 |. 53
PUSH EBX
0043EC35 |. 56
PUSH ESI
0043EC36 |. E8 65FCFEFF CALL 0042E8A0
fo.0042E8A0
0043EC3B |. 83C4 0C
ADD ESP,0C
0043EC3E \.^ E9 4FFFFFFF JMP 0043EB92
0043EC43 /$ 8BFF
MOV EDI,EDI
o.0043EC43(guessed Arg1,Arg2,Arg3,Arg4)
0043EC45 |. 55
PUSH EBP
0043EC46 |. 8BEC
MOV EBP,ESP
0043EC48 |. 6A 00
PUSH 0
0043EC4A |. FF75 14
PUSH DWORD PTR SS:[ARG.4]
0043EC4D |. FF75 10
PUSH DWORD PTR SS:[ARG.3]
0043EC50 |. FF75 0C
PUSH DWORD PTR SS:[ARG.2]
0043EC53 |. FF75 08
PUSH DWORD PTR SS:[ARG.1]
0043EC56 |. E8 7CFEFFFF CALL 0043EAD7
0043EC5B |. 83C4 14
ADD ESP,14
0043EC5E |. 5D
POP EBP
0043EC5F \. C3
RETN
0043EC60 /$ F641 0C 40
TEST BYTE PTR DS:[ECX+0C],40
0043EC64 |. 74 06
JE SHORT 0043EC6C
0043EC66 |. 8379 08 00
CMP DWORD PTR DS:[ECX+8],0
0043EC6A |. 74 24
JE SHORT 0043EC90
0043EC6C |> FF49 04
DEC DWORD PTR DS:[ECX+4]
0043EC6F |. 78 0B
JS SHORT 0043EC7C
0043EC71 |. 8B11
MOV EDX,DWORD PTR DS:[ECX]
0043EC73 |. 8802
MOV BYTE PTR DS:[EDX],AL
0043EC75 |. FF01
INC DWORD PTR DS:[ECX]
0043EC77 |. 0FB6C0
MOVZX EAX,AL
0043EC7A |. EB 0C
JMP SHORT 0043EC88
0043EC7C |> 0FBEC0
MOVSX EAX,AL
0043EC7F |. 51
PUSH ECX
ARG.ECX

; |
; |WideChar
;
;
;
;

|Flags
|
|CodePage
\KERNEL32

; [KERNEL32
; CONST 7A

;
;
;
;

/Arg3
|Arg2
|Arg1
\SystemIn

; SystemInf

; /Arg2 =>

0043EC80 |. 50
PUSH EAX
0043EC81 |. E8 437BFFFF CALL 004367C9
fo.004367C9
0043EC86 |. 59
POP ECX
0043EC87 |. 59
POP ECX
0043EC88 |> 83F8 FF
CMP EAX,-1
0043EC8B |. 75 03
JNE SHORT 0043EC90
0043EC8D |. 0906
OR DWORD PTR DS:[ESI],EAX
0043EC8F |. C3
RETN
0043EC90 |> FF06
INC DWORD PTR DS:[ESI]
0043EC92 \. C3
RETN
0043EC93 /$ 8BFF
MOV EDI,EDI
o.0043EC93(guessed Arg1,Arg2,Arg3)
0043EC95 |. 55
PUSH EBP
0043EC96 |. 8BEC
MOV EBP,ESP
0043EC98 |. 56
PUSH ESI
0043EC99 |. 8BF0
MOV ESI,EAX
0043EC9B |. EB 13
JMP SHORT 0043ECB0
0043EC9D |> 8B4D 10
/MOV ECX,DWORD PTR SS:[ARG.3]
0043ECA0 |. 8A45 08
|MOV AL,BYTE PTR SS:[ARG.1]
0043ECA3 |. FF4D 0C
|DEC DWORD PTR SS:[ARG.2]
0043ECA6 |. E8 B5FFFFFF |CALL 0043EC60
0043ECAB |. 833E FF
|CMP DWORD PTR DS:[ESI],-1
0043ECAE |. 74 06
|JE SHORT 0043ECB6
0043ECB0 |> 837D 0C 00
|CMP DWORD PTR SS:[ARG.2],0
0043ECB4 |.^ 7F E7
\JG SHORT 0043EC9D
0043ECB6 |> 5E
POP ESI
0043ECB7 |. 5D
POP EBP
0043ECB8 \. C3
RETN
0043ECB9 /$ 8BFF
MOV EDI,EDI
o.0043ECB9(guessed Arg1)
0043ECBB |. 55
PUSH EBP
0043ECBC |. 8BEC
MOV EBP,ESP
0043ECBE |. F647 0C 40
TEST BYTE PTR DS:[EDI+0C],40
0043ECC2 |. 53
PUSH EBX
0043ECC3 |. 56
PUSH ESI
0043ECC4 |. 8BF0
MOV ESI,EAX
0043ECC6 |. 8BD9
MOV EBX,ECX
0043ECC8 |. 74 32
JE SHORT 0043ECFC
0043ECCA |. 837F 08 00
CMP DWORD PTR DS:[EDI+8],0
0043ECCE |. 75 2C
JNE SHORT 0043ECFC
0043ECD0 |. 8B45 08
MOV EAX,DWORD PTR SS:[ARG.1]
0043ECD3 |. 0106
ADD DWORD PTR DS:[ESI],EAX
0043ECD5 |. EB 2B
JMP SHORT 0043ED02
0043ECD7 |> 8A03
/MOV AL,BYTE PTR DS:[EBX]
0043ECD9 |. FF4D 08
|DEC DWORD PTR SS:[ARG.1]
0043ECDC |. 8BCF
|MOV ECX,EDI
0043ECDE |. E8 7DFFFFFF |CALL 0043EC60
0043ECE3 |. 43
|INC EBX
0043ECE4 |. 833E FF
|CMP DWORD PTR DS:[ESI],-1
0043ECE7 |. 75 13
|JNE SHORT 0043ECFC
0043ECE9 |. E8 0F57FFFF |CALL 004343FD
fo.004343FD
0043ECEE |. 8338 2A
|CMP DWORD PTR DS:[EAX],2A
0043ECF1 |. 75 0F
|JNE SHORT 0043ED02
0043ECF3 |. 8BCF
|MOV ECX,EDI
0043ECF5 |. B0 3F
|MOV AL,3F
0043ECF7 |. E8 64FFFFFF |CALL 0043EC60
0043ECFC |> 837D 08 00
|CMP DWORD PTR SS:[ARG.1],0
0043ED00 |.^ 7F D5
\JG SHORT 0043ECD7

; |Arg1
; \SystemIn

; SystemInf

; SystemInf

; [SystemIn

0043ED02 |>
0043ED03 |.
0043ED04 |.
0043ED05 \.
0043ED06
0043ED08 /.
0043ED09 |.
0043ED0B |.
0043ED11 |.
0043ED16 |.
0043ED18 |.
0043ED1B |.
0043ED1C |.
0043ED1F |.
0043ED20 |.
0043ED23 |.
0043ED25 |.
0043ED26 |.
0043ED29 |.
0043ED2C |.
0043ED32 |.
0043ED38 |.
0043ED3E |.
0043ED44 |.
0043ED4A |.
0043ED50 |.
0043ED56 |.
0043ED5C |.
0043ED62 |.
0043ED68 |.
fo.0042EC65
0043ED6D |.
0043ED6F |.
0043ED71 |>
fo.004343FD
0043ED76 |.
0043ED7C |.
0043ED7E |.
0043ED7F |.
0043ED80 |.
0043ED81 |.
0043ED82 |.
0043ED83 |>
fo.0042E862
0043ED88 |.
0043ED8B |.
0043ED92 |.
0043ED94 |.
0043ED9A |.
0043ED9E |>
0043EDA1 |.
0043EDA6 |>
0043EDAA |.
0043EDAC |.
0043EDAD |.
fo.0043B2D0
0043EDB2 |.
0043EDB3 |.
0043EDB8 |.
0043EDBB |.

5E
5B
5D
C3
8BFF
55
8BEC
81EC 78020000
A1 A0154500
33C5
8945 FC
53
8B5D 0C
56
8B75 08
33C0
57
8B7D 14
FF75 10
8D8D B0FDFFFF
89B5 A0FDFFFF
89BD DCFDFFFF
8985 A4FDFFFF
8985 F0FDFFFF
8985 CCFDFFFF
8985 E8FDFFFF
8985 D0FDFFFF
8985 A8FDFFFF
8985 C8FDFFFF
E8 F8FEFEFF

POP ESI
POP EBX
POP EBP
RETN
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
SUB ESP,278
MOV EAX,DWORD PTR DS:[4515A0]
XOR EAX,EBP
MOV DWORD PTR SS:[EBP-4],EAX
PUSH EBX
MOV EBX,DWORD PTR SS:[EBP+0C]
PUSH ESI
MOV ESI,DWORD PTR SS:[EBP+8]
XOR EAX,EAX
PUSH EDI
MOV EDI,DWORD PTR SS:[EBP+14]
PUSH DWORD PTR SS:[EBP+10]
LEA ECX,[EBP-250]
MOV DWORD PTR SS:[EBP-260],ESI
MOV DWORD PTR SS:[EBP-224],EDI
MOV DWORD PTR SS:[EBP-25C],EAX
MOV DWORD PTR SS:[EBP-210],EAX
MOV DWORD PTR SS:[EBP-234],EAX
MOV DWORD PTR SS:[EBP-218],EAX
MOV DWORD PTR SS:[EBP-230],EAX
MOV DWORD PTR SS:[EBP-258],EAX
MOV DWORD PTR SS:[EBP-238],EAX
CALL 0042EC65

;
;
;
;
;
;
;
;
;
;
;
;

85F6
75 35
E8 8756FFFF

TEST ESI,ESI
JNE SHORT 0043EDA6
CALL 004343FD

; [SystemIn

C700 16000000
33C0
50
50
50
50
50
E8 DAFAFEFF

MOV DWORD PTR DS:[EAX],16


XOR EAX,EAX
PUSH EAX
PUSH EAX
PUSH EAX
PUSH EAX
PUSH EAX
CALL 0042E862

; \SystemIn

83C4 14
80BD BCFDFFFF
74 0A
8B85 B8FDFFFF
8360 70 FD
83C8 FF
E9 FF0A0000
F646 0C 40
75 5E
56
E8 1EC5FFFF

ADD ESP,14
CMP BYTE PTR SS:[EBP-244],0
JE SHORT 0043ED9E
MOV EAX,DWORD PTR SS:[EBP-248]
AND DWORD PTR DS:[EAX+70],FFFFFFFD
OR EAX,FFFFFFFF
JMP 0043F8A5
TEST BYTE PTR DS:[ESI+0C],40
JNE SHORT 0043EE0A
PUSH ESI
CALL 0043B2D0

; /Arg1
; \SystemIn

59
BA 90224500
83F8 FF
74 1B

POP ECX
MOV EDX,OFFSET 00452290
CMP EAX,-1
JE SHORT 0043EDD8

/Arg1
|
|
|
|
|
|
|
|
|
|
\SystemIn

0043EDBD
0043EDC0
0043EDC2
0043EDC4
0043EDC7
0043EDC9
0043EDCC
0043EDCF
0043EDD6
0043EDD8
0043EDDA
0043EDDE
0043EDE0
0043EDE3
0043EDE5
0043EDE8
0043EDEA
0043EDEC
0043EDEF
0043EDF2
0043EDF5
0043EDFC
0043EDFE
0043EE00
0043EE04
0043EE0A
0043EE0C
0043EE0E
0043EE14
0043EE16
0043EE1C
0043EE22
0043EE28
0043EE2E
0043EE34
0043EE36
0043EE3C
0043EE3D
0043EE3F
0043EE45
0043EE4B
0043EE51
0043EE53
0043EE56
0043EE59
0043EE5B
0043EE5E
CII "`eh
0043EE65
0043EE68
0043EE6E
0043EE71
0043EE79
0043EE7B
0043EE7E
0043EE7F
0043EE85
0043EE87
0043EE8D
0043EE8F

|. 83F8 FE
CMP EAX,-2
|. 74 16
JE SHORT 0043EDD8
|. 8BC8
MOV ECX,EAX
|. 83E1 1F
AND ECX,0000001F
|. 8BF0
MOV ESI,EAX
|. C1FE 05
SAR ESI,5
|. C1E1 06
SHL ECX,6
|. 030CB5 A03745 ADD ECX,DWORD PTR DS:[ESI*4+4537A0]
|. EB 02
JMP SHORT 0043EDDA
|> 8BCA
MOV ECX,EDX
|> F641 24 7F
TEST BYTE PTR DS:[ECX+24],7F
|.^ 75 91
JNE SHORT 0043ED71
|. 83F8 FF
CMP EAX,-1
|. 74 19
JE SHORT 0043EDFE
|. 83F8 FE
CMP EAX,-2
|. 74 14
JE SHORT 0043EDFE
|. 8BC8
MOV ECX,EAX
|. 83E0 1F
AND EAX,0000001F
|. C1F9 05
SAR ECX,5
|. C1E0 06
SHL EAX,6
|. 03048D A03745 ADD EAX,DWORD PTR DS:[ECX*4+4537A0]
|. EB 02
JMP SHORT 0043EE00
|> 8BC2
MOV EAX,EDX
|> F640 24 80
TEST BYTE PTR DS:[EAX+24],80
|.^ 0F85 67FFFFFF JNE 0043ED71
|> 33C0
XOR EAX,EAX
|. 3BD8
CMP EBX,EAX
|.^ 0F84 5DFFFFFF JE 0043ED71
|. 8A13
MOV DL,BYTE PTR DS:[EBX]
|. 8985 D8FDFFFF MOV DWORD PTR SS:[EBP-228],EAX
|. 8985 E0FDFFFF MOV DWORD PTR SS:[EBP-220],EAX
|. 8985 C0FDFFFF MOV DWORD PTR SS:[EBP-240],EAX
|. 8985 ACFDFFFF MOV DWORD PTR SS:[EBP-254],EAX
|. 8895 EFFDFFFF MOV BYTE PTR SS:[EBP-211],DL
|. 84D2
TEST DL,DL
|. 0F84 500A0000 JE 0043F88C
|> 43
INC EBX
|. 33C0
XOR EAX,EAX
|. 3985 D8FDFFFF CMP DWORD PTR SS:[EBP-228],EAX
|. 899D C4FDFFFF MOV DWORD PTR SS:[EBP-23C],EBX
|. 0F8C 130A0000 JL 0043F864
|. 8ACA
MOV CL,DL
|. 80E9 20
SUB CL,20
|. 80F9 58
CMP CL,58
|. 77 0D
JA SHORT 0043EE68
|. 0FBEC2
MOVSX EAX,DL
|. 0FB680 08BF44 MOVZX EAX,BYTE PTR DS:[EAX+44BF08]
vector vbase copy constructor iterator'"
|. 83E0 0F
AND EAX,0000000F
|> 8B8D C0FDFFFF MOV ECX,DWORD PTR SS:[EBP-240]
|. 6BC0 09
IMUL EAX,EAX,9
|. 0FB68408 28BF MOVZX EAX,BYTE PTR DS:[ECX+EAX+44BF28]
|. 6A 08
PUSH 8
|. C1E8 04
SHR EAX,4
|. 5E
POP ESI
|. 8985 C0FDFFFF MOV DWORD PTR SS:[EBP-240],EAX
|. 3BC6
CMP EAX,ESI
|.^ 0F84 E4FEFFFF JE 0043ED71
|. 6A 07
PUSH 7
|. 59
POP ECX

; PTR to AS

0043EE90 |. 3BC1
CMP EAX,ECX
0043EE92 |. 0F87 AD090000 JA 0043F845
0043EE98 |. FF2485 B6F843 JMP DWORD PTR DS:[EAX*4+43F8B6]
0043EE9F |> 33C0
XOR EAX,EAX
0043EEA1 |. 838D E8FDFFFF OR DWORD PTR SS:[EBP-218],FFFFFFFF
0043EEA8 |. 8985 94FDFFFF MOV DWORD PTR SS:[EBP-26C],EAX
0043EEAE |. 8985 A8FDFFFF MOV DWORD PTR SS:[EBP-258],EAX
0043EEB4 |. 8985 CCFDFFFF MOV DWORD PTR SS:[EBP-234],EAX
0043EEBA |. 8985 D0FDFFFF MOV DWORD PTR SS:[EBP-230],EAX
0043EEC0 |. 8985 F0FDFFFF MOV DWORD PTR SS:[EBP-210],EAX
0043EEC6 |. 8985 C8FDFFFF MOV DWORD PTR SS:[EBP-238],EAX
0043EECC \. E9 74090000 JMP 0043F845
0043EED1 /> 0FBEC2
MOVSX EAX,DL
0043EED4 |. 83E8 20
SUB EAX,20
ases 20..23, 3 exits)
0043EED7 |. 74 48
JE SHORT 0043EF21
0043EED9 |. 83E8 03
SUB EAX,3
0043EEDC |. 74 34
JE SHORT 0043EF12
0043EEDE |. 2BC6
SUB EAX,ESI
ase of switch SystemInfo.43EED4
0043EEE0 |. 74 24
JE SHORT 0043EF06
0043EEE2 |. 48
DEC EAX
ases 2..5, 3 exits)
0043EEE3 |. 48
DEC EAX
0043EEE4 |. 74 14
JE SHORT 0043EEFA
0043EEE6 |. 83E8 03
SUB EAX,3
0043EEE9 |. 0F85 56090000 JNE 0043F845
0043EEEF |. 09B5 F0FDFFFF OR DWORD PTR SS:[EBP-210],ESI
switch SystemInfo.43EEE2
0043EEF5 |. E9 4B090000 JMP 0043F845
0043EEFA |> 838D F0FDFFFF OR DWORD PTR SS:[EBP-210],00000004
switch SystemInfo.43EEE2
0043EF01 |. E9 3F090000 JMP 0043F845
0043EF06 |> 838D F0FDFFFF OR DWORD PTR SS:[EBP-210],00000001
0043EF0D |. E9 33090000 JMP 0043F845
0043EF12 |> 818D F0FDFFFF OR DWORD PTR SS:[EBP-210],00000080
'#') of switch SystemInfo.43EED4
0043EF1C |. E9 24090000 JMP 0043F845
0043EF21 |> 838D F0FDFFFF OR DWORD PTR SS:[EBP-210],00000002
' ') of switch SystemInfo.43EED4
0043EF28 \. E9 18090000 JMP 0043F845
0043EF2D /> 80FA 2A
CMP DL,2A
0043EF30 |. 75 2C
JNE SHORT 0043EF5E
0043EF32 |. 83C7 04
ADD EDI,4
0043EF35 |. 89BD DCFDFFFF MOV DWORD PTR SS:[EBP-224],EDI
0043EF3B |. 8B7F FC
MOV EDI,DWORD PTR DS:[EDI-4]
0043EF3E |. 89BD CCFDFFFF MOV DWORD PTR SS:[EBP-234],EDI
0043EF44 |. 85FF
TEST EDI,EDI
0043EF46 |. 0F8D F9080000 JGE 0043F845
0043EF4C |. 838D F0FDFFFF OR DWORD PTR SS:[EBP-210],00000004
0043EF53 |. F79D CCFDFFFF NEG DWORD PTR SS:[EBP-234]
0043EF59 |. E9 E7080000 JMP 0043F845
0043EF5E |> 8B85 CCFDFFFF MOV EAX,DWORD PTR SS:[EBP-234]
0043EF64 |. 6BC0 0A
IMUL EAX,EAX,0A
0043EF67 |. 0FBECA
MOVSX ECX,DL
0043EF6A |. 8D4408 D0
LEA EAX,[ECX+EAX-30]
0043EF6E |. 8985 CCFDFFFF MOV DWORD PTR SS:[EBP-234],EAX
0043EF74 \. E9 CC080000 JMP 0043F845
0043EF79 /> 83A5 E8FDFFFF AND DWORD PTR SS:[EBP-218],00000000
0043EF80 \. E9 C0080000 JMP 0043F845

; Switch (c

; Default c
; Switch (c

; Case 5 of
; Case 2 of

; Case 23 (
; Case 20 (

0043EF85
0043EF88
0043EF8A
0043EF8D
0043EF93
0043EF96
0043EF9C
0043EF9E
0043EFA4
0043EFAB
0043EFB0
0043EFB6
0043EFB9
0043EFBC
0043EFC0
0043EFC6
0043EFCB
0043EFCE
0043EFD0
0043EFD3
0043EFD5
0043EFD8
0043EFDA
0043EFDD
0043EFE3
0043EFED
0043EFF2
0043EFF5
0043EFF7
0043EFF8
0043F002
0043F008
0043F00D
0043F014
0043F019
0043F020
0043F025
0043F027
0043F029
0043F02B
0043F02F
0043F031
0043F032
0043F033
0043F03D
0043F043
0043F048
0043F04A
0043F04C
0043F050
0043F052
0043F053
0043F054
0043F05E
0043F064
0043F069
0043F06B
0043F071
0043F073
0043F079

/>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
\.
/>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|>
|.
|>
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.

80FA 2A
75 26
83C7 04
89BD DCFDFFFF
8B7F FC
89BD E8FDFFFF
85FF
0F8D A1080000
838D E8FDFFFF
E9 95080000
8B85 E8FDFFFF
6BC0 0A
0FBECA
8D4408 D0
8985 E8FDFFFF
E9 7A080000
80FA 49
74 55
80FA 68
74 44
80FA 6C
74 18
80FA 77
0F85 62080000
818D F0FDFFFF
E9 53080000
803B 6C
75 16
43
818D F0FDFFFF
899D C4FDFFFF
E9 38080000
838D F0FDFFFF
E9 2C080000
838D F0FDFFFF
E9 20080000
8A03
3C 36
75 1D
807B 01 34
75 17
43
43
818D F0FDFFFF
899D C4FDFFFF
E9 FD070000
3C 33
75 1D
807B 01 32
75 17
43
43
81A5 F0FDFFFF
899D C4FDFFFF
E9 DC070000
3C 64
0F84 D4070000
3C 69
0F84 CC070000
3C 6F

CMP DL,2A
JNE SHORT 0043EFB0
ADD EDI,4
MOV DWORD PTR SS:[EBP-224],EDI
MOV EDI,DWORD PTR DS:[EDI-4]
MOV DWORD PTR SS:[EBP-218],EDI
TEST EDI,EDI
JGE 0043F845
OR DWORD PTR SS:[EBP-218],FFFFFFFF
JMP 0043F845
MOV EAX,DWORD PTR SS:[EBP-218]
IMUL EAX,EAX,0A
MOVSX ECX,DL
LEA EAX,[ECX+EAX-30]
MOV DWORD PTR SS:[EBP-218],EAX
JMP 0043F845
CMP DL,49
JE SHORT 0043F025
CMP DL,68
JE SHORT 0043F019
CMP DL,6C
JE SHORT 0043EFF2
CMP DL,77
JNE 0043F845
OR DWORD PTR SS:[EBP-210],00000800
JMP 0043F845
CMP BYTE PTR DS:[EBX],6C
JNE SHORT 0043F00D
INC EBX
OR DWORD PTR SS:[EBP-210],00001000
MOV DWORD PTR SS:[EBP-23C],EBX
JMP 0043F845
OR DWORD PTR SS:[EBP-210],00000010
JMP 0043F845
OR DWORD PTR SS:[EBP-210],00000020
JMP 0043F845
MOV AL,BYTE PTR DS:[EBX]
CMP AL,36
JNE SHORT 0043F048
CMP BYTE PTR DS:[EBX+1],34
JNE SHORT 0043F048
INC EBX
INC EBX
OR DWORD PTR SS:[EBP-210],00008000
MOV DWORD PTR SS:[EBP-23C],EBX
JMP 0043F845
CMP AL,33
JNE SHORT 0043F069
CMP BYTE PTR DS:[EBX+1],32
JNE SHORT 0043F069
INC EBX
INC EBX
AND DWORD PTR SS:[EBP-210],FFFF7FFF
MOV DWORD PTR SS:[EBP-23C],EBX
JMP 0043F845
CMP AL,64
JE 0043F845
CMP AL,69
JE 0043F845
CMP AL,6F

0043F07B |. 0F84 C4070000 JE 0043F845


0043F081 |. 3C 75
CMP AL,75
0043F083 |. 0F84 BC070000 JE 0043F845
0043F089 |. 3C 78
CMP AL,78
0043F08B |. 0F84 B4070000 JE 0043F845
0043F091 |. 3C 58
CMP AL,58
0043F093 |. 0F84 AC070000 JE 0043F845
0043F099 |. 83A5 C0FDFFFF AND DWORD PTR SS:[EBP-240],00000000
0043F0A0 |> 83A5 C8FDFFFF AND DWORD PTR SS:[EBP-238],00000000
0043F0A7 |. 8D85 B0FDFFFF LEA EAX,[EBP-250]
0043F0AD |. 50
PUSH EAX
0043F0AE |. 0FB6C2
MOVZX EAX,DL
0043F0B1 |. 50
PUSH EAX
0043F0B2 |. E8 9C71FFFF CALL 00436253
fo.00436253
0043F0B7 |. 59
POP ECX
0043F0B8 |. 85C0
TEST EAX,EAX
0043F0BA |. 8A85 EFFDFFFF MOV AL,BYTE PTR SS:[EBP-211]
0043F0C0 |. 59
POP ECX
0043F0C1 |. 74 22
JE SHORT 0043F0E5
0043F0C3 |. 8B8D A0FDFFFF MOV ECX,DWORD PTR SS:[EBP-260]
0043F0C9 |. 8DB5 D8FDFFFF LEA ESI,[EBP-228]
0043F0CF |. E8 8CFBFFFF CALL 0043EC60
0043F0D4 |. 8A03
MOV AL,BYTE PTR DS:[EBX]
0043F0D6 |. 43
INC EBX
0043F0D7 |. 899D C4FDFFFF MOV DWORD PTR SS:[EBP-23C],EBX
0043F0DD |. 84C0
TEST AL,AL
0043F0DF |.^ 0F84 8CFCFFFF JE 0043ED71
0043F0E5 |> 8B8D A0FDFFFF MOV ECX,DWORD PTR SS:[EBP-260]
0043F0EB |. 8DB5 D8FDFFFF LEA ESI,[EBP-228]
0043F0F1 |. E8 6AFBFFFF CALL 0043EC60
0043F0F6 \. E9 4A070000 JMP 0043F845
0043F0FB /> 0FBEC2
MOVSX EAX,DL
0043F0FE |. 83F8 64
CMP EAX,64
ases 41..78, 15. exits)
0043F101 |. 0F8F EA010000 JG 0043F2F1
0043F107 |. 0F84 77020000 JE 0043F384
0043F10D |. 83F8 53
CMP EAX,53
0043F110 |. 0F8F F3000000 JG 0043F209
0043F116 |. 0F84 81000000 JE 0043F19D
0043F11C |. 83E8 41
SUB EAX,41
0043F11F |. 74 10
JE SHORT 0043F131
0043F121 |. 48
DEC EAX
0043F122 |. 48
DEC EAX
0043F123 |. 74 59
JE SHORT 0043F17E
0043F125 |. 48
DEC EAX
0043F126 |. 48
DEC EAX
0043F127 |. 74 08
JE SHORT 0043F131
0043F129 |. 48
DEC EAX
0043F12A |. 48
DEC EAX
0043F12B |. 0F85 8F050000 JNE 0043F6C0
0043F131 |> 80C2 20
ADD DL,20
('A'), 45 ('E'), 47 ('G') of switch SystemInfo.43F0FE
0043F134 |. C785 94FDFFFF MOV DWORD PTR SS:[EBP-26C],1
0043F13E |. 8895 EFFDFFFF MOV BYTE PTR SS:[EBP-211],DL
0043F144 |> 838D F0FDFFFF OR DWORD PTR SS:[EBP-210],00000040
('e'), 66 ('f'), 67 ('g') of switch SystemInfo.43F0FE
0043F14B |. 83BD E8FDFFFF CMP DWORD PTR SS:[EBP-218],0
0043F152 |. 8D9D F4FDFFFF LEA EBX,[EBP-20C]
0043F158 |. B8 00020000 MOV EAX,200

;
;
;
;

/Arg2
|
|Arg1
\SystemIn

; Switch (c

; Cases 41

; Cases 65

0043F15D |. 899D E4FDFFFF MOV DWORD PTR SS:[EBP-21C],EBX


0043F163 |. 8985 9CFDFFFF MOV DWORD PTR SS:[EBP-264],EAX
0043F169 |. 0F8D 45020000 JGE 0043F3B4
0043F16F |. C785 E8FDFFFF MOV DWORD PTR SS:[EBP-218],6
0043F179 |. E9 A3020000 JMP 0043F421
0043F17E |> F785 F0FDFFFF TEST DWORD PTR SS:[EBP-210],00000830
; Case 43 (
'C') of switch SystemInfo.43F0FE
0043F188 |. 0F85 98000000 JNE 0043F226
0043F18E |. 818D F0FDFFFF OR DWORD PTR SS:[EBP-210],00000800
0043F198 |. E9 89000000 JMP 0043F226
0043F19D |> F785 F0FDFFFF TEST DWORD PTR SS:[EBP-210],00000830
; Case 53 (
'S') of switch SystemInfo.43F0FE
0043F1A7 |. 75 0A
JNE SHORT 0043F1B3
0043F1A9 |. 818D F0FDFFFF OR DWORD PTR SS:[EBP-210],00000800
0043F1B3 |> 8B8D E8FDFFFF MOV ECX,DWORD PTR SS:[EBP-218]
; Case 73 (
's') of switch SystemInfo.43F0FE
0043F1B9 |. 83F9 FF
CMP ECX,-1
0043F1BC |. 75 05
JNE SHORT 0043F1C3
0043F1BE |. B9 FFFFFF7F MOV ECX,7FFFFFFF
0043F1C3 |> 83C7 04
ADD EDI,4
0043F1C6 |. F785 F0FDFFFF TEST DWORD PTR SS:[EBP-210],00000810
0043F1D0 |. 89BD DCFDFFFF MOV DWORD PTR SS:[EBP-224],EDI
0043F1D6 |. 8B7F FC
MOV EDI,DWORD PTR DS:[EDI-4]
0043F1D9 |. 89BD E4FDFFFF MOV DWORD PTR SS:[EBP-21C],EDI
0043F1DF |. 0F84 AD040000 JE 0043F692
0043F1E5 |. 85FF
TEST EDI,EDI
0043F1E7 |. 75 0B
JNE SHORT 0043F1F4
0043F1E9 |. A1 F41D4500 MOV EAX,DWORD PTR DS:[451DF4]
; UNICODE "
(null)"
0043F1EE |. 8985 E4FDFFFF MOV DWORD PTR SS:[EBP-21C],EAX
0043F1F4 |> 8B85 E4FDFFFF MOV EAX,DWORD PTR SS:[EBP-21C]
0043F1FA |. C785 C8FDFFFF MOV DWORD PTR SS:[EBP-238],1
0043F204 |. E9 7B040000 JMP 0043F684
0043F209 |> 83E8 58
SUB EAX,58
0043F20C |. 0F84 D5020000 JE 0043F4E7
0043F212 |. 48
DEC EAX
0043F213 |. 48
DEC EAX
0043F214 |. 74 79
JE SHORT 0043F28F
0043F216 |. 2BC1
SUB EAX,ECX
; Cases 54
('T'), 55 ('U'), 56 ('V'), 57 ('W'), 59 ('Y'), 5B ('['), 5C ('\'), 5D (']'), 5E
('^'), 5F ('_'), 60 ('`'), 61 ('a'), 62 ('b'), 63 ('c') of switch SystemInfo.43F
0FE
0043F218 |.^ 0F84 26FFFFFF JE 0043F144
0043F21E |. 48
DEC EAX
0043F21F |. 48
DEC EAX
0043F220 |. 0F85 9A040000 JNE 0043F6C0
0043F226 |> 83C7 04
ADD EDI,4
0043F229 |. F785 F0FDFFFF TEST DWORD PTR SS:[EBP-210],00000810
0043F233 |. 89BD DCFDFFFF MOV DWORD PTR SS:[EBP-224],EDI
0043F239 |. 74 30
JE SHORT 0043F26B
0043F23B |. 0FB747 FC
MOVZX EAX,WORD PTR DS:[EDI-4]
0043F23F |. 50
PUSH EAX
; /Arg4
0043F240 |. 68 00020000 PUSH 200
; |Arg3 = 2
00
0043F245 |. 8D85 F4FDFFFF LEA EAX,[EBP-20C]
; |
0043F24B |. 50
PUSH EAX
; |Arg2
0043F24C |. 8D85 E0FDFFFF LEA EAX,[EBP-220]
; |
0043F252 |. 50
PUSH EAX
; |Arg1
0043F253 |. E8 EBF9FFFF CALL 0043EC43
; \SystemIn
fo.0043EC43

0043F258 |. 83C4 10
ADD ESP,10
0043F25B |. 85C0
TEST EAX,EAX
0043F25D |. 74 1F
JE SHORT 0043F27E
0043F25F |. C785 A8FDFFFF MOV DWORD PTR SS:[EBP-258],1
0043F269 |. EB 13
JMP SHORT 0043F27E
0043F26B |> 8A47 FC
MOV AL,BYTE PTR DS:[EDI-4]
0043F26E |. 8885 F4FDFFFF MOV BYTE PTR SS:[EBP-20C],AL
0043F274 |. C785 E0FDFFFF MOV DWORD PTR SS:[EBP-220],1
0043F27E |> 8D85 F4FDFFFF LEA EAX,[EBP-20C]
0043F284 |. 8985 E4FDFFFF MOV DWORD PTR SS:[EBP-21C],EAX
0043F28A |. E9 31040000 JMP 0043F6C0
0043F28F |> 8B07
MOV EAX,DWORD PTR DS:[EDI]
'Z') of switch SystemInfo.43F0FE
0043F291 |. 83C7 04
ADD EDI,4
0043F294 |. 89BD DCFDFFFF MOV DWORD PTR SS:[EBP-224],EDI
0043F29A |. 85C0
TEST EAX,EAX
0043F29C |. 74 3C
JE SHORT 0043F2DA
0043F29E |. 8B48 04
MOV ECX,DWORD PTR DS:[EAX+4]
0043F2A1 |. 85C9
TEST ECX,ECX
0043F2A3 |. 74 35
JE SHORT 0043F2DA
0043F2A5 |. F785 F0FDFFFF TEST DWORD PTR SS:[EBP-210],00000800
0043F2AF |. 0FBF00
MOVSX EAX,WORD PTR DS:[EAX]
0043F2B2 |. 898D E4FDFFFF MOV DWORD PTR SS:[EBP-21C],ECX
0043F2B8 |. 74 14
JE SHORT 0043F2CE
0043F2BA |. 99
CDQ
0043F2BB |. 2BC2
SUB EAX,EDX
0043F2BD |. D1F8
SAR EAX,1
0043F2BF |. C785 C8FDFFFF MOV DWORD PTR SS:[EBP-238],1
0043F2C9 |. E9 EC030000 JMP 0043F6BA
0043F2CE |> 83A5 C8FDFFFF AND DWORD PTR SS:[EBP-238],00000000
0043F2D5 |. E9 E0030000 JMP 0043F6BA
0043F2DA |> A1 F01D4500 MOV EAX,DWORD PTR DS:[451DF0]
ull)"
0043F2DF |. 8985 E4FDFFFF MOV DWORD PTR SS:[EBP-21C],EAX
0043F2E5 |. 50
PUSH EAX
0043F2E6 |> E8 95EFFEFF CALL 0042E280
fo.0042E280
0043F2EB |. 59
POP ECX
0043F2EC |. E9 C9030000 JMP 0043F6BA
0043F2F1 |> 83F8 70
CMP EAX,70
0043F2F4 |. 0F8F F5010000 JG 0043F4EF
0043F2FA |. 0F84 E1010000 JE 0043F4E1
0043F300 |. 83F8 65
CMP EAX,65
0043F303 |. 0F8C B7030000 JL 0043F6C0
0043F309 |. 83F8 67
CMP EAX,67
0043F30C |.^ 0F8E 32FEFFFF JLE 0043F144
0043F312 |. 83F8 69
CMP EAX,69
0043F315 |. 74 6D
JE SHORT 0043F384
0043F317 |. 83F8 6E
CMP EAX,6E
0043F31A |. 74 24
JE SHORT 0043F340
0043F31C |. 83F8 6F
CMP EAX,6F
0043F31F |. 0F85 9B030000 JNE 0043F6C0
0043F325 |. F685 F0FDFFFF TEST BYTE PTR SS:[EBP-210],80
'o') of switch SystemInfo.43F0FE
0043F32C |. 89B5 E0FDFFFF MOV DWORD PTR SS:[EBP-220],ESI
0043F332 |. 74 61
JE SHORT 0043F395
0043F334 |. 818D F0FDFFFF OR DWORD PTR SS:[EBP-210],00000200
0043F33E |. EB 55
JMP SHORT 0043F395
0043F340 |> 8B37
MOV ESI,DWORD PTR DS:[EDI]
'n') of switch SystemInfo.43F0FE

; Case 5A (

; ASCII "(n

; \SystemIn

; Case 6F (

; Case 6E (

0043F342 |. 83C7 04
ADD EDI,4
0043F345 |. 89BD DCFDFFFF MOV DWORD PTR SS:[EBP-224],EDI
0043F34B |. E8 71F7FFFF CALL 0043EAC1
0043F350 |. 85C0
TEST EAX,EAX
0043F352 |.^ 0F84 19FAFFFF JE 0043ED71
0043F358 |. F685 F0FDFFFF TEST BYTE PTR SS:[EBP-210],20
0043F35F |. 74 0C
JE SHORT 0043F36D
0043F361 |. 66:8B85 D8FDF MOV AX,WORD PTR SS:[EBP-228]
0043F368 |. 66:8906
MOV WORD PTR DS:[ESI],AX
0043F36B |. EB 08
JMP SHORT 0043F375
0043F36D |> 8B85 D8FDFFFF MOV EAX,DWORD PTR SS:[EBP-228]
0043F373 |. 8906
MOV DWORD PTR DS:[ESI],EAX
0043F375 |> C785 A8FDFFFF MOV DWORD PTR SS:[EBP-258],1
0043F37F |. E9 A5040000 JMP 0043F829
0043F384 |> 838D F0FDFFFF OR DWORD PTR SS:[EBP-210],00000040
('d'), 69 ('i') of switch SystemInfo.43F0FE
0043F38B |> C785 E0FDFFFF MOV DWORD PTR SS:[EBP-220],0A
'u') of switch SystemInfo.43F0FE
0043F395 |> 8B8D F0FDFFFF MOV ECX,DWORD PTR SS:[EBP-210]
0043F39B |. F7C1 00800000 TEST ECX,00008000
0043F3A1 |. 0F84 A7010000 JE 0043F54E
0043F3A7 |> 03FE
ADD EDI,ESI
0043F3A9 |. 8B47 F8
MOV EAX,DWORD PTR DS:[EDI-8]
0043F3AC |. 8B57 FC
MOV EDX,DWORD PTR DS:[EDI-4]
0043F3AF |. E9 D3010000 JMP 0043F587
0043F3B4 |> 75 11
JNE SHORT 0043F3C7
0043F3B6 |. 80FA 67
CMP DL,67
0043F3B9 |. 75 66
JNE SHORT 0043F421
0043F3BB |. C785 E8FDFFFF MOV DWORD PTR SS:[EBP-218],1
0043F3C5 |. EB 5A
JMP SHORT 0043F421
0043F3C7 |> 3985 E8FDFFFF CMP DWORD PTR SS:[EBP-218],EAX
0043F3CD |. 7E 06
JLE SHORT 0043F3D5
0043F3CF |. 8985 E8FDFFFF MOV DWORD PTR SS:[EBP-218],EAX
0043F3D5 |> 81BD E8FDFFFF CMP DWORD PTR SS:[EBP-218],0A3
0043F3DF |. 7E 40
JLE SHORT 0043F421
0043F3E1 |. 8BB5 E8FDFFFF MOV ESI,DWORD PTR SS:[EBP-218]
0043F3E7 |. 81C6 5D010000 ADD ESI,15D
0043F3ED |. 56
PUSH ESI
0043F3EE |. E8 205AFFFF CALL 00434E13
fo.00434E13
0043F3F3 |. 8A95 EFFDFFFF MOV DL,BYTE PTR SS:[EBP-211]
0043F3F9 |. 59
POP ECX
0043F3FA |. 8985 ACFDFFFF MOV DWORD PTR SS:[EBP-254],EAX
0043F400 |. 6A 08
PUSH 8
0043F402 |. 85C0
TEST EAX,EAX
0043F404 |. 74 10
JE SHORT 0043F416
0043F406 |. 8985 E4FDFFFF MOV DWORD PTR SS:[EBP-21C],EAX
0043F40C |. 89B5 9CFDFFFF MOV DWORD PTR SS:[EBP-264],ESI
0043F412 |. 8BD8
MOV EBX,EAX
0043F414 |. EB 0A
JMP SHORT 0043F420
0043F416 |> C785 E8FDFFFF MOV DWORD PTR SS:[EBP-218],0A3
0043F420 |> 5E
POP ESI
0043F421 |> 03FE
ADD EDI,ESI
0043F423 |. 8B47 F8
MOV EAX,DWORD PTR DS:[EDI-8]
0043F426 |. 8985 88FDFFFF MOV DWORD PTR SS:[EBP-278],EAX
0043F42C |. 8B47 FC
MOV EAX,DWORD PTR DS:[EDI-4]
0043F42F |. 8985 8CFDFFFF MOV DWORD PTR SS:[EBP-274],EAX
0043F435 |. 8D85 B0FDFFFF LEA EAX,[EBP-250]
0043F43B |. 50
PUSH EAX
0043F43C |. FFB5 94FDFFFF PUSH DWORD PTR SS:[EBP-26C]

; Cases 64
; Case 75 (

; /Arg1
; \SystemIn

0043F442 |. 0FBEC2
MOVSX EAX,DL
0043F445 |. FFB5 E8FDFFFF PUSH DWORD PTR SS:[EBP-218]
0043F44B |. 89BD DCFDFFFF MOV DWORD PTR SS:[EBP-224],EDI
0043F451 |. 50
PUSH EAX
0043F452 |. FFB5 9CFDFFFF PUSH DWORD PTR SS:[EBP-264]
0043F458 |. 8D85 88FDFFFF LEA EAX,[EBP-278]
0043F45E |. 53
PUSH EBX
0043F45F |. 50
PUSH EAX
0043F460 |. FF35 101E4500 PUSH DWORD PTR DS:[451E10]
ystemInfo.43FEAF
0043F466 |. E8 5B5CFFFF CALL 004350C6
fo.004350C6
0043F46B |. 59
POP ECX
0043F46C |. FFD0
CALL EAX
0043F46E |. 8BBD F0FDFFFF MOV EDI,DWORD PTR SS:[EBP-210]
0043F474 |. 83C4 1C
ADD ESP,1C
0043F477 |. 81E7 80000000 AND EDI,00000080
0043F47D |. 74 21
JE SHORT 0043F4A0
0043F47F |. 83BD E8FDFFFF CMP DWORD PTR SS:[EBP-218],0
0043F486 |. 75 18
JNE SHORT 0043F4A0
0043F488 |. 8D85 B0FDFFFF LEA EAX,[EBP-250]
0043F48E |. 50
PUSH EAX
0043F48F |. 53
PUSH EBX
0043F490 |. FF35 1C1E4500 PUSH DWORD PTR DS:[451E1C]
ystemInfo.43FEAF
0043F496 |. E8 2B5CFFFF CALL 004350C6
fo.004350C6
0043F49B |. 59
POP ECX
0043F49C |. FFD0
CALL EAX
0043F49E |. 59
POP ECX
0043F49F |. 59
POP ECX
0043F4A0 |> 80BD EFFDFFFF CMP BYTE PTR SS:[EBP-211],67
0043F4A7 |. 75 1C
JNE SHORT 0043F4C5
0043F4A9 |. 85FF
TEST EDI,EDI
0043F4AB |. 75 18
JNE SHORT 0043F4C5
0043F4AD |. 8D85 B0FDFFFF LEA EAX,[EBP-250]
0043F4B3 |. 50
PUSH EAX
0043F4B4 |. 53
PUSH EBX
0043F4B5 |. FF35 181E4500 PUSH DWORD PTR DS:[451E18]
ystemInfo.43FEAF
0043F4BB |. E8 065CFFFF CALL 004350C6
fo.004350C6
0043F4C0 |. 59
POP ECX
0043F4C1 |. FFD0
CALL EAX
0043F4C3 |. 59
POP ECX
0043F4C4 |. 59
POP ECX
0043F4C5 |> 803B 2D
CMP BYTE PTR DS:[EBX],2D
0043F4C8 |. 75 11
JNE SHORT 0043F4DB
0043F4CA |. 818D F0FDFFFF OR DWORD PTR SS:[EBP-210],00000100
0043F4D4 |. 43
INC EBX
0043F4D5 |. 899D E4FDFFFF MOV DWORD PTR SS:[EBP-21C],EBX
0043F4DB |> 53
PUSH EBX
0043F4DC |.^ E9 05FEFFFF JMP 0043F2E6
0043F4E1 |> 89B5 E8FDFFFF MOV DWORD PTR SS:[EBP-218],ESI
'p') of switch SystemInfo.43F0FE
0043F4E7 |> 898D A4FDFFFF MOV DWORD PTR SS:[EBP-25C],ECX
'X') of switch SystemInfo.43F0FE
0043F4ED |. EB 24
JMP SHORT 0043F513
0043F4EF |> 83E8 73
SUB EAX,73
0043F4F2 |.^ 0F84 BBFCFFFF JE 0043F1B3

; /Arg1 = S
; \SystemIn

; /Arg1 = S
; \SystemIn

; /Arg1 = S
; \SystemIn

; Case 70 (
; Case 58 (

0043F4F8 |. 48
DEC EAX
0043F4F9 |. 48
DEC EAX
0043F4FA |.^ 0F84 8BFEFFFF JE 0043F38B
0043F500 |. 83E8 03
SUB EAX,3
0043F503 |. 0F85 B7010000 JNE 0043F6C0
0043F509 |. C785 A4FDFFFF MOV DWORD PTR SS:[EBP-25C],27
'x') of switch SystemInfo.43F0FE
0043F513 |> F685 F0FDFFFF TEST BYTE PTR SS:[EBP-210],80
0043F51A |. C785 E0FDFFFF MOV DWORD PTR SS:[EBP-220],10
0043F524 |.^ 0F84 6BFEFFFF JE 0043F395
0043F52A |. 8A85 A4FDFFFF MOV AL,BYTE PTR SS:[EBP-25C]
0043F530 |. 04 51
ADD AL,51
0043F532 |. C685 D4FDFFFF MOV BYTE PTR SS:[EBP-22C],30
0043F539 |. 8885 D5FDFFFF MOV BYTE PTR SS:[EBP-22B],AL
0043F53F |. C785 D0FDFFFF MOV DWORD PTR SS:[EBP-230],2
0043F549 |.^ E9 47FEFFFF JMP 0043F395
0043F54E |> F7C1 00100000 TEST ECX,00001000
0043F554 |.^ 0F85 4DFEFFFF JNE 0043F3A7
0043F55A |. 83C7 04
ADD EDI,4
0043F55D |. F6C1 20
TEST CL,20
0043F560 |. 74 18
JE SHORT 0043F57A
0043F562 |. 89BD DCFDFFFF MOV DWORD PTR SS:[EBP-224],EDI
0043F568 |. F6C1 40
TEST CL,40
0043F56B |. 74 06
JE SHORT 0043F573
0043F56D |. 0FBF47 FC
MOVSX EAX,WORD PTR DS:[EDI-4]
0043F571 |. EB 04
JMP SHORT 0043F577
0043F573 |> 0FB747 FC
MOVZX EAX,WORD PTR DS:[EDI-4]
0043F577 |> 99
CDQ
0043F578 |. EB 13
JMP SHORT 0043F58D
0043F57A |> 8B47 FC
MOV EAX,DWORD PTR DS:[EDI-4]
0043F57D |. F6C1 40
TEST CL,40
0043F580 |. 74 03
JE SHORT 0043F585
0043F582 |. 99
CDQ
0043F583 |. EB 02
JMP SHORT 0043F587
0043F585 |> 33D2
XOR EDX,EDX
0043F587 |> 89BD DCFDFFFF MOV DWORD PTR SS:[EBP-224],EDI
0043F58D |> F6C1 40
TEST CL,40
0043F590 |. 74 1B
JE SHORT 0043F5AD
0043F592 |. 85D2
TEST EDX,EDX
0043F594 |. 7F 17
JG SHORT 0043F5AD
0043F596 |. 7C 04
JL SHORT 0043F59C
0043F598 |. 85C0
TEST EAX,EAX
0043F59A |. 73 11
JNB SHORT 0043F5AD
0043F59C |> F7D8
NEG EAX
0043F59E |. 83D2 00
ADC EDX,0
0043F5A1 |. F7DA
NEG EDX
0043F5A3 |. 818D F0FDFFFF OR DWORD PTR SS:[EBP-210],00000100
0043F5AD |> F785 F0FDFFFF TEST DWORD PTR SS:[EBP-210],00009000
0043F5B7 |. 8BDA
MOV EBX,EDX
0043F5B9 |. 8BF8
MOV EDI,EAX
0043F5BB |. 75 02
JNE SHORT 0043F5BF
0043F5BD |. 33DB
XOR EBX,EBX
0043F5BF |> 83BD E8FDFFFF CMP DWORD PTR SS:[EBP-218],0
0043F5C6 |. 7D 0C
JGE SHORT 0043F5D4
0043F5C8 |. C785 E8FDFFFF MOV DWORD PTR SS:[EBP-218],1
0043F5D2 |. EB 1A
JMP SHORT 0043F5EE
0043F5D4 |> 83A5 F0FDFFFF AND DWORD PTR SS:[EBP-210],FFFFFFF7
0043F5DB |. B8 00020000 MOV EAX,200
0043F5E0 |. 3985 E8FDFFFF CMP DWORD PTR SS:[EBP-218],EAX
0043F5E6 |. 7E 06
JLE SHORT 0043F5EE

; Case 78 (

0043F5E8 |.
0043F5EE |>
0043F5F0 |.
0043F5F2 |.
0043F5F4 |.
0043F5FA |>
0043F5FD |>
0043F603 |.
0043F609 |.
0043F60B |.
0043F60D |.
0043F60F |.
0043F611 |.
0043F613 |>
0043F619 |.
0043F61A |.
0043F61B |.
0043F61C |.
0043F61D |.
0043F61E |.
fo.0043E540
0043F623 |.
0043F626 |.
0043F629 |.
0043F62F |.
0043F631 |.
0043F633 |.
0043F635 |.
0043F63B |>
0043F63D |.
0043F63E |.^
0043F640 |>
0043F643 |.
0043F645 |.
0043F646 |.
0043F650 |.
0043F656 |.
0043F65C |.
0043F65E |.
0043F660 |.
0043F662 |.
0043F664 |.
0043F667 |.
0043F669 |>
0043F66F |.
0043F675 |.
0043F678 |.
0043F679 |.
0043F67B |>
0043F67C |.
0043F680 |.
0043F682 |.
0043F683 |.
0043F684 |>
0043F686 |.^
0043F688 |>
0043F68E |.
0043F690 |.
0043F692 |>
0043F694 |.

8985 E8FDFFFF
8BC7
0BC3
75 06
2185 D0FDFFFF
8D75 F3
8B85 E8FDFFFF
FF8D E8FDFFFF
85C0
7F 06
8BC7
0BC3
74 2D
8B85 E0FDFFFF
99
52
50
53
57
E8 1DEFFFFF

MOV DWORD PTR SS:[EBP-218],EAX


MOV EAX,EDI
OR EAX,EBX
JNE SHORT 0043F5FA
AND DWORD PTR SS:[EBP-230],EAX
LEA ESI,[EBP-0D]
/MOV EAX,DWORD PTR SS:[EBP-218]
|DEC DWORD PTR SS:[EBP-218]
|TEST EAX,EAX
|JG SHORT 0043F613
|MOV EAX,EDI
|OR EAX,EBX
|JE SHORT 0043F640
|MOV EAX,DWORD PTR SS:[EBP-220]
|CDQ
|PUSH EDX
|PUSH EAX
|PUSH EBX
|PUSH EDI
|CALL 0043E540

83C1 30
83F9 39
899D 9CFDFFFF
8BF8
8BDA
7E 06
038D A4FDFFFF
880E
4E
EB BD
8D45 F3
2BC6
46
F785 F0FDFFFF
8985 E0FDFFFF
89B5 E4FDFFFF
74 62
85C0
74 07
8BCE
8039 30
74 57
FF8D E4FDFFFF
8B8D E4FDFFFF
C601 30
40
EB 3F
49
66:8338 00
74 06
40
40
85C9
75 F3
2B85 E4FDFFFF
D1F8
EB 28
85FF
75 0B

|ADD ECX,30
|CMP ECX,39
|MOV DWORD PTR SS:[EBP-264],EBX
|MOV EDI,EAX
|MOV EBX,EDX
|JLE SHORT 0043F63B
|ADD ECX,DWORD PTR SS:[EBP-25C]
|MOV BYTE PTR DS:[ESI],CL
|DEC ESI
\JMP SHORT 0043F5FD
LEA EAX,[EBP-0D]
SUB EAX,ESI
INC ESI
TEST DWORD PTR SS:[EBP-210],00000200
MOV DWORD PTR SS:[EBP-220],EAX
MOV DWORD PTR SS:[EBP-21C],ESI
JE SHORT 0043F6C0
TEST EAX,EAX
JE SHORT 0043F669
MOV ECX,ESI
CMP BYTE PTR DS:[ECX],30
JE SHORT 0043F6C0
DEC DWORD PTR SS:[EBP-21C]
MOV ECX,DWORD PTR SS:[EBP-21C]
MOV BYTE PTR DS:[ECX],30
INC EAX
JMP SHORT 0043F6BA
/DEC ECX
|CMP WORD PTR DS:[EAX],0
|JE SHORT 0043F688
|INC EAX
|INC EAX
|TEST ECX,ECX
\JNE SHORT 0043F67B
SUB EAX,DWORD PTR SS:[EBP-21C]
SAR EAX,1
JMP SHORT 0043F6BA
TEST EDI,EDI
JNE SHORT 0043F6A1

;
;
;
;
;

/Arg4
|Arg3
|Arg2
|Arg1
\SystemIn

0043F696 |.
ull)"
0043F69B |.
0043F6A1 |>
0043F6A7 |.
0043F6A9 |>
0043F6AA |.
0043F6AD |.
0043F6AF |.
0043F6B0 |>
0043F6B2 |.^
0043F6B4 |>
0043F6BA |>
0043F6C0 |>
ase of switch
0043F6C7 |.
0043F6CD |.
0043F6D3 |.
0043F6D5 |.
0043F6D7 |.
0043F6DC |.
0043F6DE |.
0043F6E5 |.
0043F6E7 |>
0043F6E9 |.
0043F6EB |.
0043F6F2 |.
0043F6F4 |>
0043F6F6 |.
0043F6F8 |.
0043F6FF |>
0043F709 |>
0043F70F |.
0043F715 |.
0043F71B |.
0043F722 |.
0043F724 |.
0043F72A |.
0043F730 |.
0043F731 |.
0
0043F733 |.
fo.0043EC93
0043F738 |.
0043F73B |>
0043F741 |.
0043F747 |.
0043F74D |.
0043F753 |.
fo.0043ECB9
0043F758 |.
0043F75F |.
0043F760 |.
0043F762 |.
0043F769 |.
0043F76B |.
0043F76C |.
0043F76D |.
0
0043F76F |.

A1 F01D4500

MOV EAX,DWORD PTR DS:[451DF0]

8985 E4FDFFFF MOV DWORD PTR SS:[EBP-21C],EAX


8B85 E4FDFFFF MOV EAX,DWORD PTR SS:[EBP-21C]
EB 07
JMP SHORT 0043F6B0
49
/DEC ECX
8038 00
|CMP BYTE PTR DS:[EAX],0
74 05
|JE SHORT 0043F6B4
40
|INC EAX
85C9
|TEST ECX,ECX
75 F5
\JNE SHORT 0043F6A9
2B85 E4FDFFFF SUB EAX,DWORD PTR SS:[EBP-21C]
8985 E0FDFFFF MOV DWORD PTR SS:[EBP-220],EAX
83BD A8FDFFFF CMP DWORD PTR SS:[EBP-258],0
SystemInfo.43F0FE
0F85 5C010000 JNE 0043F829
8B85 F0FDFFFF MOV EAX,DWORD PTR SS:[EBP-210]
A8 40
TEST AL,40
74 32
JE SHORT 0043F709
A9 00010000 TEST EAX,00000100
74 09
JE SHORT 0043F6E7
C685 D4FDFFFF MOV BYTE PTR SS:[EBP-22C],2D
EB 18
JMP SHORT 0043F6FF
A8 01
TEST AL,01
74 09
JE SHORT 0043F6F4
C685 D4FDFFFF MOV BYTE PTR SS:[EBP-22C],2B
EB 0B
JMP SHORT 0043F6FF
A8 02
TEST AL,02
74 11
JE SHORT 0043F709
C685 D4FDFFFF MOV BYTE PTR SS:[EBP-22C],20
C785 D0FDFFFF MOV DWORD PTR SS:[EBP-230],1
8B9D CCFDFFFF MOV EBX,DWORD PTR SS:[EBP-234]
2B9D E0FDFFFF SUB EBX,DWORD PTR SS:[EBP-220]
2B9D D0FDFFFF SUB EBX,DWORD PTR SS:[EBP-230]
F685 F0FDFFFF TEST BYTE PTR SS:[EBP-210],0C
75 17
JNE SHORT 0043F73B
FFB5 A0FDFFFF PUSH DWORD PTR SS:[EBP-260]
8D85 D8FDFFFF LEA EAX,[EBP-228]
53
PUSH EBX
6A 20
PUSH 20

; ASCII "(n

; Default c

;
;
;
;

/Arg3
|
|Arg2
|Arg1 = 2

E8 5BF5FFFF

CALL 0043EC93

; \SystemIn

83C4 0C
FFB5 D0FDFFFF
8BBD A0FDFFFF
8D85 D8FDFFFF
8D8D D4FDFFFF
E8 61F5FFFF

ADD ESP,0C
PUSH DWORD PTR SS:[EBP-230]
MOV EDI,DWORD PTR SS:[EBP-260]
LEA EAX,[EBP-228]
LEA ECX,[EBP-22C]
CALL 0043ECB9

;
;
;
;
;

F685 F0FDFFFF
59
74 1B
F685 F0FDFFFF
75 12
57
53
6A 30

TEST BYTE PTR SS:[EBP-210],08


POP ECX
JE SHORT 0043F77D
TEST BYTE PTR SS:[EBP-210],04
JNE SHORT 0043F77D
PUSH EDI
PUSH EBX
PUSH 30

; /Arg3
; |Arg2
; |Arg1 = 3

8D85 D8FDFFFF LEA EAX,[EBP-228]

/Arg1
|
|
|
\SystemIn

; |

0043F775 |.
fo.0043EC93
0043F77A |.
0043F77D |>
0043F784 |.
0043F78A |.
0043F78C |.
0043F78E |.
0043F790 |.
0043F796 |.
0043F79C |>
0043F79F |.
0043F7A5 |.
0043F7A6 |.
0043F7A8 |.
0043F7AB |.
0043F7AC |.
0043F7B2 |.
0043F7B3 |.
0043F7B4 |.
0043F7B5 |.
fo.0043EC43
0043F7BA |.
0043F7BD |.
0043F7BF |.
0043F7C1 |.
0043F7C7 |.
0043F7C9 |.
0043F7CF |.
0043F7D5 |.
0043F7D8 |.
fo.0043ECB9
0043F7DD |.
0043F7E4 |.
0043F7E5 |.^
0043F7E7 |.
0043F7E9 |>
0043F7F0 |.
0043F7F2 |>
0043F7F8 |.
0043F7F9 |.
0043F7FF |.
fo.0043ECB9
0043F804 |.
0043F805 |>
0043F80C |.
0043F80E |.
0043F815 |.
0043F817 |.
0043F818 |.
0043F819 |.
0
0043F81B |.
0043F821 |.
fo.0043EC93
0043F826 |.
0043F829 |>
0043F830 |.
0043F832 |.
0043F838 |.

E8 19F5FFFF

CALL 0043EC93

; \SystemIn

83C4 0C
83BD C8FDFFFF
8B85 E0FDFFFF
74 66
85C0
7E 62
8BB5 E4FDFFFF
8985 9CFDFFFF
0FB706
FF8D 9CFDFFFF
50
6A 06
8D45 F4
50
8D85 90FDFFFF
46
50
46
E8 89F4FFFF

ADD ESP,0C
CMP DWORD PTR SS:[EBP-238],0
MOV EAX,DWORD PTR SS:[EBP-220]
JE SHORT 0043F7F2
TEST EAX,EAX
JLE SHORT 0043F7F2
MOV ESI,DWORD PTR SS:[EBP-21C]
MOV DWORD PTR SS:[EBP-264],EAX
/MOVZX EAX,WORD PTR DS:[ESI]
|DEC DWORD PTR SS:[EBP-264]
|PUSH EAX
|PUSH 6
|LEA EAX,[EBP-0C]
|PUSH EAX
|LEA EAX,[EBP-270]
|INC ESI
|PUSH EAX
|INC ESI
|CALL 0043EC43

;
;
;
;
;
;
;
;
;

/Arg4
|Arg3 = 6
|
|Arg2
|
|
|Arg1
|
\SystemIn

83C4 10
85C0
75 28
3985 90FDFFFF
74 20
FFB5 90FDFFFF
8D85 D8FDFFFF
8D4D F4
E8 DCF4FFFF

|ADD ESP,10
|TEST EAX,EAX
|JNE SHORT 0043F7E9
|CMP DWORD PTR SS:[EBP-270],EAX
|JE SHORT 0043F7E9
|PUSH DWORD PTR SS:[EBP-270]
|LEA EAX,[EBP-228]
|LEA ECX,[EBP-0C]
|CALL 0043ECB9

;
;
;
;

/Arg1
|
|
\SystemIn

83BD 9CFDFFFF
59
75 B5
EB 1C
838D D8FDFFFF
EB 13
8B8D E4FDFFFF
50
8D85 D8FDFFFF
E8 B5F4FFFF

|CMP DWORD PTR SS:[EBP-264],0


|POP ECX
\JNE SHORT 0043F79C
JMP SHORT 0043F805
OR DWORD PTR SS:[EBP-228],FFFFFFFF
JMP SHORT 0043F805
MOV ECX,DWORD PTR SS:[EBP-21C]
PUSH EAX
LEA EAX,[EBP-228]
CALL 0043ECB9

; /Arg1
; |
; \SystemIn

59
83BD D8FDFFFF
7C 1B
F685 F0FDFFFF
74 12
57
53
6A 20

POP ECX
CMP DWORD PTR SS:[EBP-228],0
JL SHORT 0043F829
TEST BYTE PTR SS:[EBP-210],04
JE SHORT 0043F829
PUSH EDI
PUSH EBX
PUSH 20

; /Arg3
; |Arg2
; |Arg1 = 2

8D85 D8FDFFFF LEA EAX,[EBP-228]


E8 6DF4FFFF CALL 0043EC93

; |
; \SystemIn

83C4 0C
83BD ACFDFFFF
74 13
FFB5 ACFDFFFF
E8 A139FFFF

; /Arg1
; \SystemIn

ADD ESP,0C
CMP DWORD PTR SS:[EBP-254],0
JE SHORT 0043F845
PUSH DWORD PTR SS:[EBP-254]
CALL 004331DE

fo.004331DE
0043F83D |. 83A5 ACFDFFFF AND DWORD PTR SS:[EBP-254],00000000
0043F844 |. 59
POP ECX
0043F845 |> 8B9D C4FDFFFF MOV EBX,DWORD PTR SS:[EBP-23C]
ase of switch SystemInfo.43EEE2
0043F84B |. 8A03
MOV AL,BYTE PTR DS:[EBX]
0043F84D |. 8885 EFFDFFFF MOV BYTE PTR SS:[EBP-211],AL
0043F853 |. 84C0
TEST AL,AL
0043F855 |. 74 0D
JE SHORT 0043F864
0043F857 |. 8BBD DCFDFFFF MOV EDI,DWORD PTR SS:[EBP-224]
0043F85D |. 8AD0
MOV DL,AL
0043F85F |.^ E9 D8F5FFFF JMP 0043EE3C
0043F864 |> 33F6
XOR ESI,ESI
0043F866 |. 39B5 C0FDFFFF CMP DWORD PTR SS:[EBP-240],ESI
0043F86C |. 74 1E
JE SHORT 0043F88C
0043F86E |. 83BD C0FDFFFF CMP DWORD PTR SS:[EBP-240],7
0043F875 |. 74 15
JE SHORT 0043F88C
0043F877 |. E8 814BFFFF CALL 004343FD
fo.004343FD
0043F87C |. 56
PUSH ESI
0043F87D |. 56
PUSH ESI
0043F87E |. 56
PUSH ESI
0043F87F |. 56
PUSH ESI
0043F880 |. C700 16000000 MOV DWORD PTR DS:[EAX],16
0043F886 |. 56
PUSH ESI
0043F887 |.^ E9 F7F4FFFF JMP 0043ED83
0043F88C |> 80BD BCFDFFFF CMP BYTE PTR SS:[EBP-244],0
0043F893 |. 74 0A
JE SHORT 0043F89F
0043F895 |. 8B85 B8FDFFFF MOV EAX,DWORD PTR SS:[EBP-248]
0043F89B |. 8360 70 FD
AND DWORD PTR DS:[EAX+70],FFFFFFFD
0043F89F |> 8B85 D8FDFFFF MOV EAX,DWORD PTR SS:[EBP-228]
0043F8A5 |> 8B4D FC
MOV ECX,DWORD PTR SS:[EBP-4]
0043F8A8 |. 5F
POP EDI
0043F8A9 |. 5E
POP ESI
0043F8AA |. 33CD
XOR ECX,EBP
0043F8AC |. 5B
POP EBX
0043F8AD |. E8 3FEEFEFF CALL 0042E6F1
0043F8B2 |. C9
LEAVE
0043F8B3 \. C3
RETN
0043F8B4
8BFF
MOV EDI,EDI
0043F8B6 . A0F04300
DD 0043F0A0
0043F8BA . 9FEE4300
DD 0043EE9F
0043F8BE . D1EE4300
DD 0043EED1
0043F8C2 . 2DEF4300
DD 0043EF2D
0043F8C6 . 79EF4300
DD 0043EF79
0043F8CA . 85EF4300
DD 0043EF85
0043F8CE . CBEF4300
DD 0043EFCB
0043F8D2 . FBF04300
DD 0043F0FB
0043F8D6
CC
INT3
0043F8D7
CC
INT3
0043F8D8
CC
INT3
0043F8D9
CC
INT3
0043F8DA
CC
INT3
0043F8DB
CC
INT3
0043F8DC
CC
INT3
0043F8DD
CC
INT3
0043F8DE
CC
INT3
0043F8DF
CC
INT3
0043F8E0 /$ 55
PUSH EBP
o.0043F8E0(guessed Arg1,Arg2)

; Default c

; [SystemIn

; SystemInf

0043F8E1 |. 8BEC
MOV EBP,ESP
0043F8E3 |. 57
PUSH EDI
0043F8E4 |. 8B7D 08
MOV EDI,DWORD PTR SS:[ARG.1]
0043F8E7 |. 33C0
XOR EAX,EAX
0043F8E9 |. 83C9 FF
OR ECX,FFFFFFFF
0043F8EC |. F2:AE
REPNE SCAS BYTE PTR ES:[EDI]
0043F8EE |. 83C1 01
ADD ECX,1
0043F8F1 |. F7D9
NEG ECX
0043F8F3 |. 83EF 01
SUB EDI,1
0043F8F6 |. 8A45 0C
MOV AL,BYTE PTR SS:[ARG.2]
0043F8F9 |. FD
STD
0043F8FA |. F2:AE
REPNE SCAS BYTE PTR ES:[EDI]
0043F8FC |. 83C7 01
ADD EDI,1
0043F8FF |. 3807
CMP BYTE PTR DS:[EDI],AL
0043F901 |. 74 04
JE SHORT 0043F907
0043F903 |. 33C0
XOR EAX,EAX
0043F905 |. EB 02
JMP SHORT 0043F909
0043F907 |> 8BC7
MOV EAX,EDI
0043F909 |> FC
CLD
0043F90A |. 5F
POP EDI
0043F90B |. C9
LEAVE
0043F90C \. C3
RETN
0043F90D /$ 8BFF
MOV EDI,EDI
o.0043F90D(guessed Arg1,Arg2)
0043F90F |. 55
PUSH EBP
0043F910 |. 8BEC
MOV EBP,ESP
0043F912 |. 83EC 18
SUB ESP,18
0043F915 |. 53
PUSH EBX
0043F916 |. 56
PUSH ESI
0043F917 |. FF75 0C
PUSH DWORD PTR SS:[ARG.2]
[ARG.2]
0043F91A |. 8D4D E8
LEA ECX,[LOCAL.6]
0043F91D |. E8 43F3FEFF CALL 0042EC65
fo.0042EC65
0043F922 |. 8B5D 08
MOV EBX,DWORD PTR SS:[ARG.1]
0043F925 |. BE 00010000 MOV ESI,100
0043F92A |. 3BDE
CMP EBX,ESI
0043F92C |. 73 54
JNB SHORT 0043F982
0043F92E |. 8B4D E8
MOV ECX,DWORD PTR SS:[LOCAL.6]
0043F931 |. 83B9 AC000000 CMP DWORD PTR DS:[ECX+0AC],1
0043F938 |. 7E 14
JLE SHORT 0043F94E
0043F93A |. 8D45 E8
LEA EAX,[LOCAL.6]
0043F93D |. 50
PUSH EAX
0043F93E |. 6A 01
PUSH 1
0043F940 |. 53
PUSH EBX
0043F941 |. E8 86E7FFFF CALL 0043E0CC
0043F946 |. 8B4D E8
MOV ECX,DWORD PTR SS:[LOCAL.6]
0043F949 |. 83C4 0C
ADD ESP,0C
0043F94C |. EB 0D
JMP SHORT 0043F95B
0043F94E |> 8B81 C8000000 MOV EAX,DWORD PTR DS:[ECX+0C8]
0043F954 |. 0FB70458
MOVZX EAX,WORD PTR DS:[EBX*2+EAX]
0043F958 |. 83E0 01
AND EAX,00000001
0043F95B |> 85C0
TEST EAX,EAX
0043F95D |. 74 0F
JE SHORT 0043F96E
0043F95F |. 8B81 CC000000 MOV EAX,DWORD PTR DS:[ECX+0CC]
0043F965 |. 0FB60418
MOVZX EAX,BYTE PTR DS:[EBX+EAX]
0043F969 |. E9 A3000000 JMP 0043FA11
0043F96E |> 807D F4 00
CMP BYTE PTR SS:[LOCAL.3],0
0043F972 |. 74 07
JE SHORT 0043F97B
0043F974 |. 8B45 F0
MOV EAX,DWORD PTR SS:[LOCAL.4]

; SystemInf

; /Arg1 =>
; |
; \SystemIn

0043F977 |. 8360 70 FD
0043F97B |> 8BC3
0043F97D |. E9 9C000000
0043F982 |> 8B45 E8
0043F985 |. 83B8 AC000000
0043F98C |. 7E 31
0043F98E |. 895D 08
0043F991 |. C17D 08 08
0043F995 |. 8D45 E8
0043F998 |. 50
OFFSET LOCAL.6
0043F999 |. 8B45 08
0043F99C |. 25 FF000000
0043F9A1 |. 50
0043F9A2 |. E8 AC68FFFF
fo.00436253
0043F9A7 |. 59
0043F9A8 |. 59
0043F9A9 |. 85C0
0043F9AB |. 74 12
0043F9AD |. 8A45 08
0043F9B0 |. 6A 02
0043F9B2 |. 8845 FC
0043F9B5 |. 885D FD
0043F9B8 |. C645 FE 00
0043F9BC |. 59
0043F9BD |. EB 15
0043F9BF |> E8 394AFFFF
fo.004343FD
0043F9C4 |. C700 2A000000
0043F9CA |. 33C9
0043F9CC |. 885D FC
0043F9CF |. C645 FD 00
0043F9D3 |. 41
0043F9D4 |> 8B45 E8
0043F9D7 |. 6A 01
0043F9D9 |. FF70 04
0043F9DC |. 8D55 F8
0043F9DF |. 6A 03
0043F9E1 |. 52
OFFSET LOCAL.2
0043F9E2 |. 51
0043F9E3 |. 8D4D FC
0043F9E6 |. 51
OFFSET LOCAL.1
0043F9E7 |. 56
0043F9E8 |. FF70 14
0043F9EB |. 8D45 E8
0043F9EE |. 50
OFFSET LOCAL.6
0043F9EF |. E8 AE51FFFF
fo.00434BA2
0043F9F4 |. 83C4 24
0043F9F7 |. 85C0
0043F9F9 |.^ 0F84 6FFFFFFF
0043F9FF |. 83F8 01
0043FA02 |. 0FB645 F8
0043FA06 |. 74 09
0043FA08 |. 0FB64D F9
0043FA0C |. C1E0 08

AND DWORD PTR DS:[EAX+70],FFFFFFFD


MOV EAX,EBX
JMP 0043FA1E
MOV EAX,DWORD PTR SS:[LOCAL.6]
CMP DWORD PTR DS:[EAX+0AC],1
JLE SHORT 0043F9BF
MOV DWORD PTR SS:[ARG.1],EBX
SAR DWORD PTR SS:[ARG.1],8
LEA EAX,[LOCAL.6]
PUSH EAX

; /Arg2 =>

MOV EAX,DWORD PTR SS:[ARG.1]


AND EAX,000000FF
PUSH EAX
CALL 00436253

;
;
;
;

POP ECX
POP ECX
TEST EAX,EAX
JE SHORT 0043F9BF
MOV AL,BYTE PTR SS:[ARG.1]
PUSH 2
MOV BYTE PTR SS:[LOCAL.1],AL
MOV BYTE PTR SS:[LOCAL.1+1],BL
MOV BYTE PTR SS:[LOCAL.1+2],0
POP ECX
JMP SHORT 0043F9D4
CALL 004343FD

; [SystemIn

MOV DWORD PTR DS:[EAX],2A


XOR ECX,ECX
MOV BYTE PTR SS:[LOCAL.1],BL
MOV BYTE PTR SS:[LOCAL.1+1],0
INC ECX
MOV EAX,DWORD PTR SS:[LOCAL.6]
PUSH 1
PUSH DWORD PTR DS:[EAX+4]
LEA EDX,[LOCAL.2]
PUSH 3
PUSH EDX

;
;
;
;
;

PUSH ECX
LEA ECX,[LOCAL.1]
PUSH ECX

; |Arg5
; |
; |Arg4 =>

PUSH ESI
PUSH DWORD PTR DS:[EAX+14]
LEA EAX,[LOCAL.6]
PUSH EAX

;
;
;
;

CALL 00434BA2

; \SystemIn

ADD ESP,24
TEST EAX,EAX
JE 0043F96E
CMP EAX,1
MOVZX EAX,BYTE PTR SS:[LOCAL.2]
JE SHORT 0043FA11
MOVZX ECX,BYTE PTR SS:[LOCAL.2+1]
SHL EAX,8

|
|
|Arg1
\SystemIn

/Arg9 = 1
|Arg8
|
|Arg7 = 3
|Arg6 =>

|Arg3
|Arg2
|
|Arg1 =>

0043FA0F |. 0BC1
OR EAX,ECX
0043FA11 |> 807D F4 00
CMP BYTE PTR SS:[LOCAL.3],0
0043FA15 |. 74 07
JE SHORT 0043FA1E
0043FA17 |. 8B4D F0
MOV ECX,DWORD PTR SS:[LOCAL.4]
0043FA1A |. 8361 70 FD
AND DWORD PTR DS:[ECX+70],FFFFFFFD
0043FA1E |> 5E
POP ESI
0043FA1F |. 5B
POP EBX
0043FA20 |. C9
LEAVE
0043FA21 \. C3
RETN
0043FA22 /$ 8BFF
MOV EDI,EDI
; SystemInf
o.0043FA22(guessed Arg1)
0043FA24 |. 55
PUSH EBP
0043FA25 |. 8BEC
MOV EBP,ESP
0043FA27 |. 833D D02C4500 CMP DWORD PTR DS:[452CD0],0
0043FA2E |. 75 10
JNE SHORT 0043FA40
0043FA30 |. 8B45 08
MOV EAX,DWORD PTR SS:[ARG.1]
0043FA33 |. 8D48 BF
LEA ECX,[EAX-41]
; Switch (c
ases 41..5A, 2 exits)
0043FA36 |. 83F9 19
CMP ECX,19
0043FA39 |. 77 11
JA SHORT 0043FA4C
0043FA3B |. 83C0 20
ADD EAX,20
; Cases 41
('A'), 42 ('B'), 43 ('C'), 44 ('D'), 45 ('E'), 46 ('F'), 47 ('G'), 48 ('H'), 49
('I'), 4A ('J'), 4B ('K'), 4C ('L'), 4D ('M'), 4E ('N'), 4F ('O'), 50 ('P'), 51
('Q'), 52 ('R'), 53 ('S'), 54 ('T'), 55 ('U'), 56 ('V'), 57 ('W'), 58 ('X'), 59
('Y...
0043FA3E |. 5D
POP EBP
0043FA3F |. C3
RETN
0043FA40 |> 6A 00
PUSH 0
; /Arg2 = 0
0043FA42 |. FF75 08
PUSH DWORD PTR SS:[ARG.1]
; |Arg1 =>
[ARG.1]
0043FA45 |. E8 C3FEFFFF CALL 0043F90D
; \SystemIn
fo.0043F90D
0043FA4A |. 59
POP ECX
0043FA4B |. 59
POP ECX
0043FA4C |> 5D
POP EBP
; Default c
ase of switch SystemInfo.43FA33
0043FA4D \. C3
RETN
0043FA4E /$ 8BFF
MOV EDI,EDI
0043FA50 |. 55
PUSH EBP
0043FA51 |. 8BEC
MOV EBP,ESP
0043FA53 |. 83EC 28
SUB ESP,28
0043FA56 |. A1 A0154500 MOV EAX,DWORD PTR DS:[4515A0]
0043FA5B |. 33C5
XOR EAX,EBP
0043FA5D |. 8945 FC
MOV DWORD PTR SS:[LOCAL.1],EAX
0043FA60 |. 53
PUSH EBX
0043FA61 |. 56
PUSH ESI
0043FA62 |. 8B75 08
MOV ESI,DWORD PTR SS:[ARG.1]
0043FA65 |. 57
PUSH EDI
0043FA66 |. FF75 10
PUSH DWORD PTR SS:[ARG.3]
; /Arg1 =>
[ARG.3]
0043FA69 |. 8B7D 0C
MOV EDI,DWORD PTR SS:[ARG.2]
; |
0043FA6C |. 8D4D DC
LEA ECX,[LOCAL.9]
; |
0043FA6F |. E8 F1F1FEFF CALL 0042EC65
; \SystemIn
fo.0042EC65
0043FA74 |. 8D45 DC
LEA EAX,[LOCAL.9]
0043FA77 |. 50
PUSH EAX
0043FA78 |. 33DB
XOR EBX,EBX
0043FA7A |. 53
PUSH EBX
0043FA7B |. 53
PUSH EBX
0043FA7C |. 53
PUSH EBX

0043FA7D |. 53
0043FA7E |. 57
0043FA7F |. 8D45 D8
0043FA82 |. 50
0043FA83 |. 8D45 F0
0043FA86 |. 50
0043FA87 |. E8 B6320000
0043FA8C |. 8945 EC
0043FA8F |. 8D45 F0
0043FA92 |. 56
0043FA93 |. 50
OFFSET LOCAL.4
0043FA94 |. E8 21280000
fo.004422BA
0043FA99 |. 83C4 28
0043FA9C |. F645 EC 03
0043FAA0 |. 75 2B
0043FAA2 |. 83F8 01
0043FAA5 |. 75 11
0043FAA7 |> 385D E8
0043FAAA |. 74 07
0043FAAC |. 8B45 E4
0043FAAF |. 8360 70 FD
0043FAB3 |> 6A 03
0043FAB5 |> 58
0043FAB6 |. EB 2F
0043FAB8 |> 83F8 02
0043FABB |. 75 1C
0043FABD |> 385D E8
0043FAC0 |. 74 07
0043FAC2 |. 8B45 E4
0043FAC5 |. 8360 70 FD
0043FAC9 |> 6A 04
0043FACB |.^ EB E8
0043FACD |> F645 EC 01
0043FAD1 |.^ 75 EA
0043FAD3 |. F645 EC 02
0043FAD7 |.^ 75 CE
0043FAD9 |> 385D E8
0043FADC |. 74 07
0043FADE |. 8B45 E4
0043FAE1 |. 8360 70 FD
0043FAE5 |> 33C0
0043FAE7 |> 8B4D FC
0043FAEA |. 5F
0043FAEB |. 5E
0043FAEC |. 33CD
0043FAEE |. 5B
0043FAEF |. E8 FDEBFEFF
0043FAF4 |. C9
0043FAF5 \. C3
0043FAF6 /$ 8BFF
0043FAF8 |. 55
0043FAF9 |. 8BEC
0043FAFB |. 83EC 28
0043FAFE |. A1 A0154500
0043FB03 |. 33C5
0043FB05 |. 8945 FC
0043FB08 |. 53
0043FB09 |. 56

PUSH EBX
PUSH EDI
LEA EAX,[LOCAL.10]
PUSH EAX
LEA EAX,[LOCAL.4]
PUSH EAX
CALL 00442D42
MOV DWORD PTR SS:[LOCAL.5],EAX
LEA EAX,[LOCAL.4]
PUSH ESI
PUSH EAX

; /Arg2
; |Arg1 =>

CALL 004422BA

; \SystemIn

ADD ESP,28
TEST BYTE PTR SS:[LOCAL.5],03
JNE SHORT 0043FACD
CMP EAX,1
JNE SHORT 0043FAB8
CMP BYTE PTR SS:[LOCAL.6],BL
JE SHORT 0043FAB3
MOV EAX,DWORD PTR SS:[LOCAL.7]
AND DWORD PTR DS:[EAX+70],FFFFFFFD
PUSH 3
POP EAX
JMP SHORT 0043FAE7
CMP EAX,2
JNE SHORT 0043FAD9
CMP BYTE PTR SS:[LOCAL.6],BL
JE SHORT 0043FAC9
MOV EAX,DWORD PTR SS:[LOCAL.7]
AND DWORD PTR DS:[EAX+70],FFFFFFFD
PUSH 4
JMP SHORT 0043FAB5
TEST BYTE PTR SS:[LOCAL.5],01
JNE SHORT 0043FABD
TEST BYTE PTR SS:[LOCAL.5],02
JNE SHORT 0043FAA7
CMP BYTE PTR SS:[LOCAL.6],BL
JE SHORT 0043FAE5
MOV EAX,DWORD PTR SS:[LOCAL.7]
AND DWORD PTR DS:[EAX+70],FFFFFFFD
XOR EAX,EAX
MOV ECX,DWORD PTR SS:[LOCAL.1]
POP EDI
POP ESI
XOR ECX,EBP
POP EBX
CALL 0042E6F1
LEAVE
RETN
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
SUB ESP,28
MOV EAX,DWORD PTR DS:[4515A0]
XOR EAX,EBP
MOV DWORD PTR SS:[LOCAL.1],EAX
PUSH EBX
PUSH ESI

0043FB0A |. 8B75 08
0043FB0D |. 57
0043FB0E |. FF75 10
[ARG.3]
0043FB11 |. 8B7D 0C
0043FB14 |. 8D4D DC
0043FB17 |. E8 49F1FEFF
fo.0042EC65
0043FB1C |. 8D45 DC
0043FB1F |. 50
0043FB20 |. 33DB
0043FB22 |. 53
0043FB23 |. 53
0043FB24 |. 53
0043FB25 |. 53
0043FB26 |. 57
0043FB27 |. 8D45 D8
0043FB2A |. 50
0043FB2B |. 8D45 F0
0043FB2E |. 50
0043FB2F |. E8 0E320000
0043FB34 |. 8945 EC
0043FB37 |. 8D45 F0
0043FB3A |. 56
0043FB3B |. 50
OFFSET LOCAL.4
0043FB3C |. E8 BD2C0000
fo.004427FE
0043FB41 |. 83C4 28
0043FB44 |. F645 EC 03
0043FB48 |. 75 2B
0043FB4A |. 83F8 01
0043FB4D |. 75 11
0043FB4F |> 385D E8
0043FB52 |. 74 07
0043FB54 |. 8B45 E4
0043FB57 |. 8360 70 FD
0043FB5B |> 6A 03
0043FB5D |> 58
0043FB5E |. EB 2F
0043FB60 |> 83F8 02
0043FB63 |. 75 1C
0043FB65 |> 385D E8
0043FB68 |. 74 07
0043FB6A |. 8B45 E4
0043FB6D |. 8360 70 FD
0043FB71 |> 6A 04
0043FB73 |.^ EB E8
0043FB75 |> F645 EC 01
0043FB79 |.^ 75 EA
0043FB7B |. F645 EC 02
0043FB7F |.^ 75 CE
0043FB81 |> 385D E8
0043FB84 |. 74 07
0043FB86 |. 8B45 E4
0043FB89 |. 8360 70 FD
0043FB8D |> 33C0
0043FB8F |> 8B4D FC
0043FB92 |. 5F
0043FB93 |. 5E

MOV ESI,DWORD PTR SS:[ARG.1]


PUSH EDI
PUSH DWORD PTR SS:[ARG.3]

; /Arg1 =>

MOV EDI,DWORD PTR SS:[ARG.2]


LEA ECX,[LOCAL.9]
CALL 0042EC65

; |
; |
; \SystemIn

LEA EAX,[LOCAL.9]
PUSH EAX
XOR EBX,EBX
PUSH EBX
PUSH EBX
PUSH EBX
PUSH EBX
PUSH EDI
LEA EAX,[LOCAL.10]
PUSH EAX
LEA EAX,[LOCAL.4]
PUSH EAX
CALL 00442D42
MOV DWORD PTR SS:[LOCAL.5],EAX
LEA EAX,[LOCAL.4]
PUSH ESI
PUSH EAX

; /Arg2
; |Arg1 =>

CALL 004427FE

; \SystemIn

ADD ESP,28
TEST BYTE PTR SS:[LOCAL.5],03
JNE SHORT 0043FB75
CMP EAX,1
JNE SHORT 0043FB60
CMP BYTE PTR SS:[LOCAL.6],BL
JE SHORT 0043FB5B
MOV EAX,DWORD PTR SS:[LOCAL.7]
AND DWORD PTR DS:[EAX+70],FFFFFFFD
PUSH 3
POP EAX
JMP SHORT 0043FB8F
CMP EAX,2
JNE SHORT 0043FB81
CMP BYTE PTR SS:[LOCAL.6],BL
JE SHORT 0043FB71
MOV EAX,DWORD PTR SS:[LOCAL.7]
AND DWORD PTR DS:[EAX+70],FFFFFFFD
PUSH 4
JMP SHORT 0043FB5D
TEST BYTE PTR SS:[LOCAL.5],01
JNE SHORT 0043FB65
TEST BYTE PTR SS:[LOCAL.5],02
JNE SHORT 0043FB4F
CMP BYTE PTR SS:[LOCAL.6],BL
JE SHORT 0043FB8D
MOV EAX,DWORD PTR SS:[LOCAL.7]
AND DWORD PTR DS:[EAX+70],FFFFFFFD
XOR EAX,EAX
MOV ECX,DWORD PTR SS:[LOCAL.1]
POP EDI
POP ESI

0043FB94 |. 33CD
XOR ECX,EBP
0043FB96 |. 5B
POP EBX
0043FB97 |. E8 55EBFEFF CALL 0042E6F1
0043FB9C |. C9
LEAVE
0043FB9D \. C3
RETN
0043FB9E /$ 8BFF
MOV EDI,EDI
o.0043FB9E(guessed Arg1,Arg2,Arg3,Arg4)
0043FBA0 |. 55
PUSH EBP
0043FBA1 |. 8BEC
MOV EBP,ESP
0043FBA3 |. 8B4D 14
MOV ECX,DWORD PTR SS:[ARG.4]
0043FBA6 |. 53
PUSH EBX
0043FBA7 |. 56
PUSH ESI
0043FBA8 |. 8B75 08
MOV ESI,DWORD PTR SS:[ARG.1]
0043FBAB |. 33DB
XOR EBX,EBX
0043FBAD |. 57
PUSH EDI
0043FBAE |. 8B79 0C
MOV EDI,DWORD PTR DS:[ECX+0C]
0043FBB1 |. 3BF3
CMP ESI,EBX
0043FBB3 |. 75 1E
JNE SHORT 0043FBD3
0043FBB5 |> E8 4348FFFF CALL 004343FD
fo.004343FD
0043FBBA |. 6A 16
PUSH 16
0043FBBC |. 5E
POP ESI
0043FBBD |. 8930
MOV DWORD PTR DS:[EAX],ESI
0043FBBF |> 53
PUSH EBX
0043FBC0 |. 53
PUSH EBX
0043FBC1 |. 53
PUSH EBX
0043FBC2 |. 53
PUSH EBX
0043FBC3 |. 53
PUSH EBX
0043FBC4 |. E8 99ECFEFF CALL 0042E862
fo.0042E862
0043FBC9 |. 83C4 14
ADD ESP,14
0043FBCC |. 8BC6
MOV EAX,ESI
0043FBCE |. E9 85000000 JMP 0043FC58
0043FBD3 |> 395D 0C
CMP DWORD PTR SS:[ARG.2],EBX
0043FBD6 |.^ 76 DD
JBE SHORT 0043FBB5
0043FBD8 |. 8B55 10
MOV EDX,DWORD PTR SS:[ARG.3]
0043FBDB |. 3BD3
CMP EDX,EBX
0043FBDD |. 881E
MOV BYTE PTR DS:[ESI],BL
0043FBDF |. 7E 04
JLE SHORT 0043FBE5
0043FBE1 |. 8BC2
MOV EAX,EDX
0043FBE3 |. EB 02
JMP SHORT 0043FBE7
0043FBE5 |> 33C0
XOR EAX,EAX
0043FBE7 |> 40
INC EAX
0043FBE8 |. 3945 0C
CMP DWORD PTR SS:[ARG.2],EAX
0043FBEB |. 77 0E
JA SHORT 0043FBFB
0043FBED |. E8 0B48FFFF CALL 004343FD
fo.004343FD
0043FBF2 |. 6A 22
PUSH 22
0043FBF4 |. 59
POP ECX
0043FBF5 |. 8908
MOV DWORD PTR DS:[EAX],ECX
0043FBF7 |. 8BF1
MOV ESI,ECX
0043FBF9 |.^ EB C4
JMP SHORT 0043FBBF
0043FBFB |> 3BD3
CMP EDX,EBX
0043FBFD |. C606 30
MOV BYTE PTR DS:[ESI],30
0043FC00 |. 8D46 01
LEA EAX,[ESI+1]
0043FC03 |. 7E 1A
JLE SHORT 0043FC1F
0043FC05 |> 8A0F
/MOV CL,BYTE PTR DS:[EDI]
0043FC07 |. 3ACB
|CMP CL,BL
0043FC09 |. 74 06
|JE SHORT 0043FC11
0043FC0B |. 0FBEC9
|MOVSX ECX,CL

; SystemInf

; [SystemIn

;
;
;
;
;
;

/Arg5
|Arg4
|Arg3
|Arg2
|Arg1
\SystemIn

; [SystemIn

0043FC0E |. 47
|INC EDI
0043FC0F |. EB 03
|JMP SHORT 0043FC14
0043FC11 |> 6A 30
|PUSH 30
0043FC13 |. 59
|POP ECX
0043FC14 |> 8808
|MOV BYTE PTR DS:[EAX],CL
0043FC16 |. 40
|INC EAX
0043FC17 |. 4A
|DEC EDX
0043FC18 |. 3BD3
|CMP EDX,EBX
0043FC1A |.^ 7F E9
\JG SHORT 0043FC05
0043FC1C |. 8B4D 14
MOV ECX,DWORD PTR SS:[ARG.4]
0043FC1F |> 3BD3
CMP EDX,EBX
0043FC21 |. 8818
MOV BYTE PTR DS:[EAX],BL
0043FC23 |. 7C 12
JL SHORT 0043FC37
0043FC25 |. 803F 35
CMP BYTE PTR DS:[EDI],35
0043FC28 |. 7C 0D
JL SHORT 0043FC37
0043FC2A |. EB 03
JMP SHORT 0043FC2F
0043FC2C |> C600 30
/MOV BYTE PTR DS:[EAX],30
0043FC2F |> 48
|DEC EAX
0043FC30 |. 8038 39
|CMP BYTE PTR DS:[EAX],39
0043FC33 |.^ 74 F7
\JE SHORT 0043FC2C
0043FC35 |. FE00
INC BYTE PTR DS:[EAX]
0043FC37 |> 803E 31
CMP BYTE PTR DS:[ESI],31
0043FC3A |. 75 05
JNE SHORT 0043FC41
0043FC3C |. FF41 04
INC DWORD PTR DS:[ECX+4]
0043FC3F |. EB 15
JMP SHORT 0043FC56
0043FC41 |> 8D7E 01
LEA EDI,[ESI+1]
0043FC44 |. 57
PUSH EDI
0043FC45 |. E8 36E6FEFF CALL 0042E280
fo.0042E280
0043FC4A |. 40
INC EAX
0043FC4B |. 50
PUSH EAX
0043FC4C |. 57
PUSH EDI
0043FC4D |. 56
PUSH ESI
[ARG.1]
0043FC4E |. E8 BD79FFFF CALL 00437610
fo.00437610
0043FC53 |. 83C4 10
ADD ESP,10
0043FC56 |> 33C0
XOR EAX,EAX
0043FC58 |> 5F
POP EDI
0043FC59 |. 5E
POP ESI
0043FC5A |. 5B
POP EBX
0043FC5B |. 5D
POP EBP
0043FC5C \. C3
RETN
0043FC5D /$ 8BFF
MOV EDI,EDI
o.0043FC5D(guessed Arg1,Arg2)
0043FC5F |. 55
PUSH EBP
0043FC60 |. 8BEC
MOV EBP,ESP
0043FC62 |. 51
PUSH ECX
0043FC63 |. 8B55 0C
MOV EDX,DWORD PTR SS:[ARG.2]
0043FC66 |. 0FB742 06
MOVZX EAX,WORD PTR DS:[EDX+6]
0043FC6A |. 53
PUSH EBX
0043FC6B |. 8BC8
MOV ECX,EAX
0043FC6D |. 56
PUSH ESI
0043FC6E |. 57
PUSH EDI
0043FC6F |. C1E9 04
SHR ECX,4
0043FC72 |. 25 00800000 AND EAX,00008000
0043FC77 |. BF FF070000 MOV EDI,7FF
0043FC7C |. 23CF
AND ECX,EDI
0043FC7E |. 8945 0C
MOV DWORD PTR SS:[ARG.2],EAX
0043FC81 |. 8B42 04
MOV EAX,DWORD PTR DS:[EDX+4]

; /Arg1
; \SystemIn
; /Arg3
; |Arg2
; |Arg1 =>
; \SystemIn

; SystemInf

0043FC84 |. 8B12
MOV EDX,DWORD PTR DS:[EDX]
0043FC86 |. 0FB7D9
MOVZX EBX,CX
0043FC89 |. BE 00000080 MOV ESI,80000000
0043FC8E |. 25 FFFF0F00 AND EAX,000FFFFF
0043FC93 |. 8975 FC
MOV DWORD PTR SS:[LOCAL.1],ESI
0043FC96 |. 85DB
TEST EBX,EBX
0043FC98 |. 74 13
JE SHORT 0043FCAD
0043FC9A |. 3BDF
CMP EBX,EDI
0043FC9C |. 74 08
JE SHORT 0043FCA6
0043FC9E |. 81C1 003C0000 ADD ECX,3C00
0043FCA4 |. EB 28
JMP SHORT 0043FCCE
0043FCA6 |> BF FF7F0000 MOV EDI,7FFF
0043FCAB |. EB 24
JMP SHORT 0043FCD1
0043FCAD |> 33DB
XOR EBX,EBX
0043FCAF |. 3BC3
CMP EAX,EBX
0043FCB1 |. 75 12
JNE SHORT 0043FCC5
0043FCB3 |. 3BD3
CMP EDX,EBX
0043FCB5 |. 75 0E
JNE SHORT 0043FCC5
0043FCB7 |. 8B45 08
MOV EAX,DWORD PTR SS:[ARG.1]
0043FCBA |. 66:8B4D 0C
MOV CX,WORD PTR SS:[ARG.2]
0043FCBE |. 8958 04
MOV DWORD PTR DS:[EAX+4],EBX
0043FCC1 |. 8918
MOV DWORD PTR DS:[EAX],EBX
0043FCC3 |. EB 4C
JMP SHORT 0043FD11
0043FCC5 |> 81C1 013C0000 ADD ECX,3C01
0043FCCB |. 895D FC
MOV DWORD PTR SS:[LOCAL.1],EBX
0043FCCE |> 0FB7F9
MOVZX EDI,CX
0043FCD1 |> 8BCA
MOV ECX,EDX
0043FCD3 |. C1E9 15
SHR ECX,15
0043FCD6 |. C1E0 0B
SHL EAX,0B
0043FCD9 |. 0BC8
OR ECX,EAX
0043FCDB |. 0B4D FC
OR ECX,DWORD PTR SS:[LOCAL.1]
0043FCDE |. 8B45 08
MOV EAX,DWORD PTR SS:[ARG.1]
0043FCE1 |. C1E2 0B
SHL EDX,0B
0043FCE4 |. 8948 04
MOV DWORD PTR DS:[EAX+4],ECX
0043FCE7 |. 8910
MOV DWORD PTR DS:[EAX],EDX
0043FCE9 |. 85CE
TEST ESI,ECX
0043FCEB |. 75 1F
JNE SHORT 0043FD0C
0043FCED |> 8B08
/MOV ECX,DWORD PTR DS:[EAX]
0043FCEF |. 8B50 04
|MOV EDX,DWORD PTR DS:[EAX+4]
0043FCF2 |. 8BD9
|MOV EBX,ECX
0043FCF4 |. 03D2
|ADD EDX,EDX
0043FCF6 |. C1EB 1F
|SHR EBX,1F
0043FCF9 |. 0BD3
|OR EDX,EBX
0043FCFB |. 03C9
|ADD ECX,ECX
0043FCFD |. 81C7 FFFF0000 |ADD EDI,0FFFF
0043FD03 |. 8950 04
|MOV DWORD PTR DS:[EAX+4],EDX
0043FD06 |. 8908
|MOV DWORD PTR DS:[EAX],ECX
0043FD08 |. 85D6
|TEST ESI,EDX
0043FD0A |.^ 74 E1
\JE SHORT 0043FCED
0043FD0C |> 8B4D 0C
MOV ECX,DWORD PTR SS:[ARG.2]
0043FD0F |. 0BCF
OR ECX,EDI
0043FD11 |> 5F
POP EDI
0043FD12 |. 5E
POP ESI
0043FD13 |. 66:8948 08
MOV WORD PTR DS:[EAX+8],CX
0043FD17 |. 5B
POP EBX
0043FD18 |. C9
LEAVE
0043FD19 \. C3
RETN
0043FD1A /$ 8BFF
MOV EDI,EDI
o.0043FD1A(guessed Arg1,Arg2,Arg3,Arg4,Arg5)
0043FD1C |. 55
PUSH EBP

; SystemInf

0043FD1D |. 8BEC
0043FD1F |. 83EC 30
0043FD22 |. A1 A0154500
0043FD27 |. 33C5
0043FD29 |. 8945 FC
0043FD2C |. 8B45 14
0043FD2F |. 53
0043FD30 |. 8B5D 10
0043FD33 |. 56
0043FD34 |. 8945 D0
0043FD37 |. 57
0043FD38 |. 8D45 08
0043FD3B |. 50
OFFSET ARG.1
0043FD3C |. 8D45 F0
0043FD3F |. 50
OFFSET LOCAL.4
0043FD40 |. E8 18FFFFFF
fo.0043FC5D
0043FD45 |. 59
0043FD46 |. 59
0043FD47 |. 8D45 D4
0043FD4A |. 50
0043FD4B |. 6A 00
0043FD4D |. 6A 11
0043FD4F |. 83EC 0C
0043FD52 |. 8D75 F0
0043FD55 |. 8BFC
0043FD57 |. A5
0043FD58 |. A5
0043FD59 |. 66:A5
0043FD5B |. E8 DA360000
0043FD60 |. 8B75 D0
0043FD63 |. 8943 08
0043FD66 |. 0FBE45 D6
0043FD6A |. 8903
0043FD6C |. 0FBF45 D4
0043FD70 |. 8943 04
0043FD73 |. 8D45 D8
0043FD76 |. 50
OFFSET LOCAL.10
0043FD77 |. FF75 18
[ARG.5]
0043FD7A |. 56
[ARG.4]
0043FD7B |. E8 FF5BFFFF
fo.0043597F
0043FD80 |. 83C4 24
0043FD83 |. 85C0
0043FD85 |. 74 0F
0043FD87 |. 33C0
0043FD89 |. 50
0043FD8A |. 50
0043FD8B |. 50
0043FD8C |. 50
0043FD8D |. 50
0043FD8E |. E8 A7E9FEFF
0043FD93 |. 83C4 14
0043FD96 |> 8B4D FC
0043FD99 |. 5F

MOV EBP,ESP
SUB ESP,30
MOV EAX,DWORD PTR DS:[4515A0]
XOR EAX,EBP
MOV DWORD PTR SS:[LOCAL.1],EAX
MOV EAX,DWORD PTR SS:[ARG.4]
PUSH EBX
MOV EBX,DWORD PTR SS:[ARG.3]
PUSH ESI
MOV DWORD PTR SS:[LOCAL.12],EAX
PUSH EDI
LEA EAX,[ARG.1]
PUSH EAX

; /Arg2 =>

LEA EAX,[LOCAL.4]
PUSH EAX

; |
; |Arg1 =>

CALL 0043FC5D

; \SystemIn

POP ECX
POP ECX
LEA EAX,[LOCAL.11]
PUSH EAX
PUSH 0
PUSH 11
SUB ESP,0C
LEA ESI,[LOCAL.4]
MOV EDI,ESP
MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ES
MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ES
MOVS WORD PTR ES:[EDI],WORD PTR DS:[ESI]
CALL 0044343A
MOV ESI,DWORD PTR SS:[LOCAL.12]
MOV DWORD PTR DS:[EBX+8],EAX
MOVSX EAX,BYTE PTR SS:[LOCAL.11+2]
MOV DWORD PTR DS:[EBX],EAX
MOVSX EAX,WORD PTR SS:[LOCAL.11]
MOV DWORD PTR DS:[EBX+4],EAX
LEA EAX,[LOCAL.10]
PUSH EAX
; /Arg3 =>
PUSH DWORD PTR SS:[ARG.5]

; |Arg2 =>

PUSH ESI

; |Arg1 =>

CALL 0043597F

; \SystemIn

ADD ESP,24
TEST EAX,EAX
JE SHORT 0043FD96
XOR EAX,EAX
PUSH EAX
PUSH EAX
PUSH EAX
PUSH EAX
PUSH EAX
CALL 0042E73A
ADD ESP,14
MOV ECX,DWORD PTR SS:[LOCAL.1]
POP EDI

0043FD9A |. 8973 0C
MOV DWORD PTR DS:[EBX+0C],ESI
0043FD9D |. 5E
POP ESI
0043FD9E |. 8BC3
MOV EAX,EBX
0043FDA0 |. 33CD
XOR ECX,EBP
0043FDA2 |. 5B
POP EBX
0043FDA3 |. E8 49E9FEFF CALL 0042E6F1
0043FDA8 |. C9
LEAVE
0043FDA9 \. C3
RETN
0043FDAA
CC
INT3
0043FDAB
CC
INT3
0043FDAC
CC
INT3
0043FDAD
CC
INT3
0043FDAE
CC
INT3
0043FDAF
CC
INT3
0043FDB0 /$ 57
PUSH EDI
o.0043FDB0(guessed Arg1,Arg2,Arg3,Arg4)
0043FDB1 |. 56
PUSH ESI
0043FDB2 |. 55
PUSH EBP
0043FDB3 |. 33FF
XOR EDI,EDI
0043FDB5 |. 33ED
XOR EBP,EBP
0043FDB7 |. 8B4424 14
MOV EAX,DWORD PTR SS:[ARG.2]
0043FDBB |. 0BC0
OR EAX,EAX
0043FDBD |. 7D 15
JGE SHORT 0043FDD4
0043FDBF |. 47
INC EDI
0043FDC0 |. 45
INC EBP
0043FDC1 |. 8B5424 10
MOV EDX,DWORD PTR SS:[ARG.1]
0043FDC5 |. F7D8
NEG EAX
0043FDC7 |. F7DA
NEG EDX
0043FDC9 |. 83D8 00
SBB EAX,0
0043FDCC |. 894424 14
MOV DWORD PTR SS:[ARG.2],EAX
0043FDD0 |. 895424 10
MOV DWORD PTR SS:[ARG.1],EDX
0043FDD4 |> 8B4424 1C
MOV EAX,DWORD PTR SS:[ARG.4]
0043FDD8 |. 0BC0
OR EAX,EAX
0043FDDA |. 7D 14
JGE SHORT 0043FDF0
0043FDDC |. 47
INC EDI
0043FDDD |. 8B5424 18
MOV EDX,DWORD PTR SS:[ARG.3]
0043FDE1 |. F7D8
NEG EAX
0043FDE3 |. F7DA
NEG EDX
0043FDE5 |. 83D8 00
SBB EAX,0
0043FDE8 |. 894424 1C
MOV DWORD PTR SS:[ARG.4],EAX
0043FDEC |. 895424 18
MOV DWORD PTR SS:[ARG.3],EDX
0043FDF0 |> 0BC0
OR EAX,EAX
0043FDF2 |. 75 28
JNE SHORT 0043FE1C
0043FDF4 |. 8B4C24 18
MOV ECX,DWORD PTR SS:[ARG.3]
0043FDF8 |. 8B4424 14
MOV EAX,DWORD PTR SS:[ARG.2]
0043FDFC |. 33D2
XOR EDX,EDX
0043FDFE |. F7F1
DIV ECX
0043FE00 |. 8BD8
MOV EBX,EAX
0043FE02 |. 8B4424 10
MOV EAX,DWORD PTR SS:[ARG.1]
0043FE06 |. F7F1
DIV ECX
0043FE08 |. 8BF0
MOV ESI,EAX
0043FE0A |. 8BC3
MOV EAX,EBX
0043FE0C |. F76424 18
MUL DWORD PTR SS:[ARG.3]
0043FE10 |. 8BC8
MOV ECX,EAX
0043FE12 |. 8BC6
MOV EAX,ESI
0043FE14 |. F76424 18
MUL DWORD PTR SS:[ARG.3]
0043FE18 |. 03D1
ADD EDX,ECX
0043FE1A |. EB 47
JMP SHORT 0043FE63
0043FE1C |> 8BD8
MOV EBX,EAX
0043FE1E |. 8B4C24 18
MOV ECX,DWORD PTR SS:[ARG.3]

; SystemInf

0043FE22
0043FE26
0043FE2A
0043FE2C
0043FE2E
0043FE30
0043FE32
0043FE34
0043FE36
0043FE38
0043FE3A
0043FE3E
0043FE40
0043FE44
0043FE46
0043FE48
0043FE4A
0043FE4E
0043FE50
0043FE52
0043FE56
0043FE58
0043FE59
0043FE5D
0043FE61
0043FE63
0043FE67
0043FE6B
0043FE6C
0043FE6E
0043FE70
0043FE72
0043FE75
0043FE77
0043FE79
0043FE7B
0043FE7D
0043FE7F
0043FE80
0043FE82
0043FE84
0043FE86
0043FE89
0043FE8A
0043FE8B
0043FE8C
0043FE8F
0043FE90
0043FE93
0043FE95
0043FE98
0043FE9A
0043FE9D
0043FE9F
0043FEA0
0043FEA2
0043FEA4
0043FEA7
0043FEA9
0043FEAA

|.
|.
|>
|.
|.
|.
|.
|.^
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|>
|>
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
\.
/$
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|>

8B5424 14
8B4424 10
D1EB
D1D9
D1EA
D1D8
0BDB
75 F4
F7F1
8BF0
F76424 1C
8BC8
8B4424 18
F7E6
03D1
72 0E
3B5424 14
77 08
72 0F
3B4424 10
76 09
4E
2B4424 18
1B5424 1C
33DB
2B4424 10
1B5424 14
4D
79 07
F7DA
F7D8
83DA 00
8BCA
8BD3
8BD9
8BC8
8BC6
4F
75 07
F7DA
F7D8
83DA 00
5D
5E
5F
C2 1000
CC
80F9 40
73 15
80F9 20
73 06
0FADD0
D3EA
C3
8BC2
33D2
80E1 1F
D3E8
C3
33C0

MOV EDX,DWORD PTR SS:[ARG.2]


MOV EAX,DWORD PTR SS:[ARG.1]
/SHR EBX,1
|RCR ECX,1
|SHR EDX,1
|RCR EAX,1
|OR EBX,EBX
\JNE SHORT 0043FE2A
DIV ECX
MOV ESI,EAX
MUL DWORD PTR SS:[ARG.4]
MOV ECX,EAX
MOV EAX,DWORD PTR SS:[ARG.3]
MUL ESI
ADD EDX,ECX
JB SHORT 0043FE58
CMP EDX,DWORD PTR SS:[ARG.2]
JA SHORT 0043FE58
JB SHORT 0043FE61
CMP EAX,DWORD PTR SS:[ARG.1]
JBE SHORT 0043FE61
DEC ESI
SUB EAX,DWORD PTR SS:[ARG.3]
SBB EDX,DWORD PTR SS:[ARG.4]
XOR EBX,EBX
SUB EAX,DWORD PTR SS:[ARG.1]
SBB EDX,DWORD PTR SS:[ARG.2]
DEC EBP
JNS SHORT 0043FE75
NEG EDX
NEG EAX
SBB EDX,0
MOV ECX,EDX
MOV EDX,EBX
MOV EBX,ECX
MOV ECX,EAX
MOV EAX,ESI
DEC EDI
JNE SHORT 0043FE89
NEG EDX
NEG EAX
SBB EDX,0
POP EBP
POP ESI
POP EDI
RETN 10
INT3
CMP CL,40
JNB SHORT 0043FEAA
CMP CL,20
JNB SHORT 0043FEA0
SHRD EAX,EDX,CL
SHR EDX,CL
RETN
MOV EAX,EDX
XOR EDX,EDX
AND CL,1F
SHR EAX,CL
RETN
XOR EAX,EAX

0043FEAC |. 33D2
XOR EDX,EDX
0043FEAE \. C3
RETN
0043FEAF /. 6A 02
PUSH 2
0043FEB1 |. E8 2D88FFFF CALL 004386E3
fo.004386E3
0043FEB6 |. 59
POP ECX
0043FEB7 \. C3
RETN
0043FEB8 /$ 8BFF
MOV EDI,EDI
o.0043FEB8(guessed Arg1,Arg2,Arg3)
0043FEBA |. 55
PUSH EBP
0043FEBB |. 8BEC
MOV EBP,ESP
0043FEBD |. 8B45 10
MOV EAX,DWORD PTR SS:[ARG.3]
0043FEC0 |. 8B4D 0C
MOV ECX,DWORD PTR SS:[ARG.2]
0043FEC3 |. 25 FFFFF7FF AND EAX,FFF7FFFF
0043FEC8 |. 23C8
AND ECX,EAX
0043FECA |. 56
PUSH ESI
0043FECB |. F7C1 E0FCF0FC TEST ECX,FCF0FCE0
0043FED1 |. 74 31
JE SHORT 0043FF04
0043FED3 |. 57
PUSH EDI
0043FED4 |. 8B7D 08
MOV EDI,DWORD PTR SS:[ARG.1]
0043FED7 |. 33F6
XOR ESI,ESI
0043FED9 |. 3BFE
CMP EDI,ESI
0043FEDB |. 74 0B
JE SHORT 0043FEE8
0043FEDD |. 56
PUSH ESI
0
0043FEDE |. 56
PUSH ESI
0
0043FEDF |. E8 A83F0000 CALL 00443E8C
fo.00443E8C
0043FEE4 |. 59
POP ECX
0043FEE5 |. 59
POP ECX
0043FEE6 |. 8907
MOV DWORD PTR DS:[EDI],EAX
0043FEE8 |> E8 1045FFFF CALL 004343FD
fo.004343FD
0043FEED |. 6A 16
PUSH 16
0043FEEF |. 5F
POP EDI
0043FEF0 |. 56
PUSH ESI
0043FEF1 |. 56
PUSH ESI
0043FEF2 |. 56
PUSH ESI
0043FEF3 |. 56
PUSH ESI
0043FEF4 |. 56
PUSH ESI
0043FEF5 |. 8938
MOV DWORD PTR DS:[EAX],EDI
0043FEF7 |. E8 66E9FEFF CALL 0042E862
fo.0042E862
0043FEFC |. 83C4 14
ADD ESP,14
0043FEFF |. 8BC7
MOV EAX,EDI
0043FF01 |. 5F
POP EDI
0043FF02 |. EB 1D
JMP SHORT 0043FF21
0043FF04 |> 8B75 08
MOV ESI,DWORD PTR SS:[ARG.1]
0043FF07 |. 50
PUSH EAX
0043FF08 |. FF75 0C
PUSH DWORD PTR SS:[ARG.2]
[ARG.2]
0043FF0B |. 85F6
TEST ESI,ESI
0043FF0D |. 74 09
JE SHORT 0043FF18
0043FF0F |. E8 783F0000 CALL 00443E8C
nfo.00443E8C
0043FF14 |. 8906
MOV DWORD PTR DS:[ESI],EAX
0043FF16 |. EB 05
JMP SHORT 0043FF1D
0043FF18 |> E8 6F3F0000 CALL 00443E8C
fo.00443E8C

; /Arg1 = 2
; \SystemIn

; SystemInf

; /Arg2 =>
; |Arg1 =>
; \SystemIn

; [SystemIn

;
;
;
;
;
;
;

/Arg5
|Arg4
|Arg3
|Arg2
|Arg1
|
\SystemIn

; //Arg2
; ||Arg1 =>
; ||
; ||
; |\SystemI
; |
; |
; \SystemIn

0043FF1D |> 59
POP ECX
0043FF1E |. 59
POP ECX
0043FF1F |. 33C0
XOR EAX,EAX
0043FF21 |> 5E
POP ESI
0043FF22 |. 5D
POP EBP
0043FF23 \. C3
RETN
0043FF24 /$ 8BFF
MOV EDI,EDI
0043FF26 |. 55
PUSH EBP
0043FF27 |. 8BEC
MOV EBP,ESP
0043FF29 |. 8B55 0C
MOV EDX,DWORD PTR SS:[EBP+0C]
0043FF2C |. 56
PUSH ESI
0043FF2D |. 8B75 08
MOV ESI,DWORD PTR SS:[EBP+8]
0043FF30 |. 57
PUSH EDI
0043FF31 |> 0FB606
/MOVZX EAX,BYTE PTR DS:[ESI]
ases 41..5A, 2 exits)
0043FF34 |. 8D48 BF
|LEA ECX,[EAX-41]
0043FF37 |. 46
|INC ESI
0043FF38 |. 83F9 19
|CMP ECX,19
0043FF3B |. 77 03
|JA SHORT 0043FF40
0043FF3D |. 83C0 20
|ADD EAX,20
('A'), 42 ('B'), 43 ('C'), 44 ('D'), 45 ('E'), 46 ('F'), 47
('I'), 4A ('J'), 4B ('K'), 4C ('L'), 4D ('M'), 4E ('N'), 4F
('Q'), 52 ('R'), 53 ('S'), 54 ('T'), 55 ('U'), 56 ('V'), 57
('Y...
0043FF40 |> 0FB60A
|MOVZX ECX,BYTE PTR DS:[EDX]
ases 41..5A, 2 exits)
0043FF43 |. 8D79 BF
|LEA EDI,[ECX-41]
0043FF46 |. 42
|INC EDX
0043FF47 |. 83FF 19
|CMP EDI,19
0043FF4A |. 77 03
|JA SHORT 0043FF4F
0043FF4C |. 83C1 20
|ADD ECX,20
('A'), 42 ('B'), 43 ('C'), 44 ('D'), 45 ('E'), 46 ('F'), 47
('I'), 4A ('J'), 4B ('K'), 4C ('L'), 4D ('M'), 4E ('N'), 4F
('Q'), 52 ('R'), 53 ('S'), 54 ('T'), 55 ('U'), 56 ('V'), 57
('Y...
0043FF4F |> 85C0
|TEST EAX,EAX
ase of switch SystemInfo.43FF40
0043FF51 |. 74 04
|JE SHORT 0043FF57
0043FF53 |. 3BC1
|CMP EAX,ECX
0043FF55 |.^ 74 DA
\JE SHORT 0043FF31
0043FF57 |> 5F
POP EDI
0043FF58 |. 2BC1
SUB EAX,ECX
0043FF5A |. 5E
POP ESI
0043FF5B |. 5D
POP EBP
0043FF5C \. C3
RETN
0043FF5D /$ 8BFF
MOV EDI,EDI
0043FF5F |. 55
PUSH EBP
0043FF60 |. 8BEC
MOV EBP,ESP
0043FF62 |. 83EC 10
SUB ESP,10
0043FF65 |. 53
PUSH EBX
0043FF66 |. FF75 10
PUSH DWORD PTR SS:[ARG.3]
[ARG.3]
0043FF69 |. 8D4D F0
LEA ECX,[LOCAL.4]
0043FF6C |. E8 F4ECFEFF CALL 0042EC65
fo.0042EC65
0043FF71 |. 33DB
XOR EBX,EBX
0043FF73 |. 395D 08
CMP DWORD PTR SS:[ARG.1],EBX
0043FF76 |. 75 2E
JNE SHORT 0043FFA6
0043FF78 |. E8 8044FFFF CALL 004343FD
fo.004343FD

; Switch (c

; Cases 41
('G'), 48 ('H'), 49
('O'), 50 ('P'), 51
('W'), 58 ('X'), 59
; Switch (c

; Cases 41
('G'), 48 ('H'), 49
('O'), 50 ('P'), 51
('W'), 58 ('X'), 59
; Default c

; /Arg1 =>
; |
; \SystemIn

; [SystemIn

0043FF7D |. 53
0043FF7E |. 53
0043FF7F |. 53
0043FF80 |. 53
0043FF81 |. 53
0043FF82 |. C700 16000000
0043FF88 |. E8 D5E8FEFF
fo.0042E862
0043FF8D |. 83C4 14
0043FF90 |. 385D FC
0043FF93 |. 74 07
0043FF95 |. 8B45 F8
0043FF98 |. 8360 70 FD
0043FF9C |> B8 FFFFFF7F
0043FFA1 |. E9 89000000
0043FFA6 |> 57
0043FFA7 |. 8B7D 0C
0043FFAA |. 3BFB
0043FFAC |. 75 2B
0043FFAE |. E8 4A44FFFF
fo.004343FD
0043FFB3 |. 53
0043FFB4 |. 53
0043FFB5 |. 53
0043FFB6 |. 53
0043FFB7 |. 53
0043FFB8 |. C700 16000000
0043FFBE |. E8 9FE8FEFF
fo.0042E862
0043FFC3 |. 83C4 14
0043FFC6 |. 385D FC
0043FFC9 |. 74 07
0043FFCB |. 8B45 F8
0043FFCE |. 8360 70 FD
0043FFD2 |> B8 FFFFFF7F
0043FFD7 |. EB 55
0043FFD9 |> 8B45 F0
0043FFDC |. 3958 14
0043FFDF |. 75 0D
0043FFE1 |. 57
0043FFE2 |. FF75 08
0043FFE5 |. E8 3AFFFFFF
0043FFEA |. 59
0043FFEB |. 59
0043FFEC |. EB 34
0043FFEE |> 56
0043FFEF |> 8B45 08
0043FFF2 |. 0FB600
0043FFF5 |. 8D4D F0
0043FFF8 |. 51
OFFSET LOCAL.4
0043FFF9 |. 50
0043FFFA |. E8 0EF9FFFF
fo.0043F90D
0043FFFF |. FF45 08
00440002 |. 8BF0
00440004 |. 0FB607
00440007 |. 8D4D F0
0044000A |. 51
OFFSET LOCAL.4

PUSH EBX
PUSH EBX
PUSH EBX
PUSH EBX
PUSH EBX
MOV DWORD PTR DS:[EAX],16
CALL 0042E862

;
;
;
;
;
;
;

/Arg5
|Arg4
|Arg3
|Arg2
|Arg1
|
\SystemIn

ADD ESP,14
CMP BYTE PTR SS:[LOCAL.1],BL
JE SHORT 0043FF9C
MOV EAX,DWORD PTR SS:[LOCAL.2]
AND DWORD PTR DS:[EAX+70],FFFFFFFD
MOV EAX,7FFFFFFF
JMP 0044002F
PUSH EDI
MOV EDI,DWORD PTR SS:[ARG.2]
CMP EDI,EBX
JNE SHORT 0043FFD9
CALL 004343FD

; [SystemIn

PUSH EBX
PUSH EBX
PUSH EBX
PUSH EBX
PUSH EBX
MOV DWORD PTR DS:[EAX],16
CALL 0042E862

;
;
;
;
;
;
;

ADD ESP,14
CMP BYTE PTR SS:[LOCAL.1],BL
JE SHORT 0043FFD2
MOV EAX,DWORD PTR SS:[LOCAL.2]
AND DWORD PTR DS:[EAX+70],FFFFFFFD
MOV EAX,7FFFFFFF
JMP SHORT 0044002E
MOV EAX,DWORD PTR SS:[LOCAL.4]
CMP DWORD PTR DS:[EAX+14],EBX
JNE SHORT 0043FFEE
PUSH EDI
PUSH DWORD PTR SS:[ARG.1]
CALL 0043FF24
POP ECX
POP ECX
JMP SHORT 00440022
PUSH ESI
/MOV EAX,DWORD PTR SS:[ARG.1]
|MOVZX EAX,BYTE PTR DS:[EAX]
|LEA ECX,[LOCAL.4]
|PUSH ECX

; /Arg2 =>

|PUSH EAX
|CALL 0043F90D

; |Arg1
; \SystemIn

|INC DWORD PTR SS:[ARG.1]


|MOV ESI,EAX
|MOVZX EAX,BYTE PTR DS:[EDI]
|LEA ECX,[LOCAL.4]
|PUSH ECX

; /Arg2 =>

/Arg5
|Arg4
|Arg3
|Arg2
|Arg1
|
\SystemIn

0044000B |. 50
|PUSH EAX
0044000C |. E8 FCF8FFFF |CALL 0043F90D
fo.0043F90D
00440011 |. 83C4 10
|ADD ESP,10
00440014 |. 47
|INC EDI
00440015 |. 3BF3
|CMP ESI,EBX
00440017 |. 74 04
|JE SHORT 0044001D
00440019 |. 3BF0
|CMP ESI,EAX
0044001B |.^ 74 D2
\JE SHORT 0043FFEF
0044001D |> 2BF0
SUB ESI,EAX
0044001F |. 8BC6
MOV EAX,ESI
00440021 |. 5E
POP ESI
00440022 |> 385D FC
CMP BYTE PTR SS:[LOCAL.1],BL
00440025 |. 74 07
JE SHORT 0044002E
00440027 |. 8B4D F8
MOV ECX,DWORD PTR SS:[LOCAL.2]
0044002A |. 8361 70 FD
AND DWORD PTR DS:[ECX+70],FFFFFFFD
0044002E |> 5F
POP EDI
0044002F |> 5B
POP EBX
00440030 |. C9
LEAVE
00440031 \. C3
RETN
00440032 /$ 8BFF
MOV EDI,EDI
o.00440032(guessed Arg1,Arg2)
00440034 |. 55
PUSH EBP
00440035 |. 8BEC
MOV EBP,ESP
00440037 |. 56
PUSH ESI
00440038 |. 33F6
XOR ESI,ESI
0044003A |. 3935 D02C4500 CMP DWORD PTR DS:[452CD0],ESI
00440040 |. 75 30
JNE SHORT 00440072
00440042 |. 3975 08
CMP DWORD PTR SS:[ARG.1],ESI
00440045 |. 75 1F
JNE SHORT 00440066
00440047 |> E8 B143FFFF CALL 004343FD
fo.004343FD
0044004C |. 56
PUSH ESI
0044004D |. 56
PUSH ESI
0044004E |. 56
PUSH ESI
0044004F |. 56
PUSH ESI
00440050 |. 56
PUSH ESI
00440051 |. C700 16000000 MOV DWORD PTR DS:[EAX],16
00440057 |. E8 06E8FEFF CALL 0042E862
fo.0042E862
0044005C |. 83C4 14
ADD ESP,14
0044005F |. B8 FFFFFF7F MOV EAX,7FFFFFFF
00440064 |. EB 1B
JMP SHORT 00440081
00440066 |> 3975 0C
CMP DWORD PTR SS:[ARG.2],ESI
00440069 |.^ 74 DC
JE SHORT 00440047
0044006B |. 5E
POP ESI
0044006C |. 5D
POP EBP
0044006D |.^ E9 B2FEFFFF JMP 0043FF24
00440072 |> 56
PUSH ESI
00440073 |. FF75 0C
PUSH DWORD PTR SS:[ARG.2]
00440076 |. FF75 08
PUSH DWORD PTR SS:[ARG.1]
00440079 |. E8 DFFEFFFF CALL 0043FF5D
0044007E |. 83C4 0C
ADD ESP,0C
00440081 |> 5E
POP ESI
00440082 |. 5D
POP EBP
00440083 \. C3
RETN
00440084 /$ 8BFF
MOV EDI,EDI
00440086 |. 55
PUSH EBP
00440087 |. 8BEC
MOV EBP,ESP
00440089 |. 8B45 08
MOV EAX,DWORD PTR SS:[ARG.1]

; |Arg1
; \SystemIn

; SystemInf

; [SystemIn
;
;
;
;
;
;
;

/Arg5
|Arg4
|Arg3
|Arg2
|Arg1
|
\SystemIn

0044008C |. A3 50374500 MOV DWORD PTR DS:[453750],EAX


00440091 |. 5D
POP EBP
00440092 \. C3
RETN
00440093 /$ 6A 10
PUSH 10
00440095 |. 68 08F64400 PUSH OFFSET 0044F608
0044009A |. E8 4D89FFFF CALL 004389EC
0044009F |. 8365 FC 00
AND DWORD PTR SS:[EBP-4],00000000
004400A3 |. FF75 0C
PUSH DWORD PTR SS:[EBP+0C]
t => [ARG.EBP+0C]
004400A6 |. FF75 08
PUSH DWORD PTR SS:[EBP+8]
lSection => [ARG.EBP+8]
004400A9 |. FF15 94804400 CALL DWORD PTR DS:[<&KERNEL32.Initialize
.InitializeCriticalSectionAndSpinCount
004400AF |. 8945 E4
MOV DWORD PTR SS:[EBP-1C],EAX
004400B2 \. EB 2F
JMP SHORT 004400E3
004400B4 /. 8B45 EC
MOV EAX,DWORD PTR SS:[EBP-14]
004400B7 |. 8B00
MOV EAX,DWORD PTR DS:[EAX]
004400B9 |. 8B00
MOV EAX,DWORD PTR DS:[EAX]
004400BB |. 8945 E0
MOV DWORD PTR SS:[EBP-20],EAX
004400BE |. 33C9
XOR ECX,ECX
004400C0 |. 3D 170000C0 CMP EAX,C0000017
004400C5 |. 0F94C1
SETE CL
004400C8 |. 8BC1
MOV EAX,ECX
004400CA \. C3
RETN
004400CB /. 8B65 E8
MOV ESP,DWORD PTR SS:[EBP-18]
004400CE |. 817D E0 17000 CMP DWORD PTR SS:[EBP-20],C0000017
004400D5 |. 75 08
JNE SHORT 004400DF
004400D7 |. 6A 08
PUSH 8
= ERROR_NOT_ENOUGH_MEMORY
004400D9 |. FF15 94814400 CALL DWORD PTR DS:[<&KERNEL32.SetLastErr
.SetLastError
004400DF |> 8365 E4 00
AND DWORD PTR SS:[EBP-1C],00000000
004400E3 |> C745 FC FEFFF MOV DWORD PTR SS:[EBP-4],-2
004400EA |. 8B45 E4
MOV EAX,DWORD PTR SS:[EBP-1C]
004400ED |. E8 3F89FFFF CALL 00438A31
004400F2 \. C3
RETN
004400F3
CC
INT3
004400F4
CC
INT3
004400F5
CC
INT3
004400F6
CC
INT3
004400F7
CC
INT3
004400F8
CC
INT3
004400F9
CC
INT3
004400FA
CC
INT3
004400FB
CC
INT3
004400FC
CC
INT3
004400FD
CC
INT3
004400FE
CC
INT3
004400FF
CC
INT3
00440100 /$ 8BFF
MOV EDI,EDI
o.00440100(guessed Arg1)
00440102 |. 55
PUSH EBP
00440103 |. 8BEC
MOV EBP,ESP
00440105 |. 8B4D 08
MOV ECX,DWORD PTR SS:[ARG.1]
00440108 |. B8 4D5A0000 MOV EAX,5A4D
0044010D |. 66:3901
CMP WORD PTR DS:[ECX],AX
00440110 |. 74 04
JE SHORT 00440116
00440112 |> 33C0
XOR EAX,EAX
00440114 |. 5D
POP EBP
00440115 |. C3
RETN

; /SpinCoun
; |pCritica
; \KERNEL32

; /ErrCode
; \KERNEL32

; SystemInf

00440116 |> 8B41 3C


MOV EAX,DWORD PTR DS:[ECX+3C]
00440119 |. 03C1
ADD EAX,ECX
0044011B |. 8138 50450000 CMP DWORD PTR DS:[EAX],4550
00440121 |.^ 75 EF
JNE SHORT 00440112
00440123 |. 33D2
XOR EDX,EDX
00440125 |. B9 0B010000 MOV ECX,10B
0044012A |. 66:3948 18
CMP WORD PTR DS:[EAX+18],CX
0044012E |. 0F94C2
SETE DL
00440131 |. 8BC2
MOV EAX,EDX
00440133 |. 5D
POP EBP
00440134 \. C3
RETN
00440135
CC
INT3
00440136
CC
INT3
00440137
CC
INT3
00440138
CC
INT3
00440139
CC
INT3
0044013A
CC
INT3
0044013B
CC
INT3
0044013C
CC
INT3
0044013D
CC
INT3
0044013E
CC
INT3
0044013F
CC
INT3
00440140 /$ 8BFF
MOV EDI,EDI
o.00440140(guessed Arg1,Arg2)
00440142 |. 55
PUSH EBP
00440143 |. 8BEC
MOV EBP,ESP
00440145 |. 8B45 08
MOV EAX,DWORD PTR SS:[ARG.1]
00440148 |. 8B48 3C
MOV ECX,DWORD PTR DS:[EAX+3C]
0044014B |. 03C8
ADD ECX,EAX
0044014D |. 0FB741 14
MOVZX EAX,WORD PTR DS:[ECX+14]
00440151 |. 53
PUSH EBX
00440152 |. 56
PUSH ESI
00440153 |. 0FB771 06
MOVZX ESI,WORD PTR DS:[ECX+6]
00440157 |. 33D2
XOR EDX,EDX
00440159 |. 57
PUSH EDI
0044015A |. 8D4408 18
LEA EAX,[ECX+EAX+18]
0044015E |. 85F6
TEST ESI,ESI
00440160 |. 76 1B
JBE SHORT 0044017D
00440162 |. 8B7D 0C
MOV EDI,DWORD PTR SS:[ARG.2]
00440165 |> 8B48 0C
/MOV ECX,DWORD PTR DS:[EAX+0C]
00440168 |. 3BF9
|CMP EDI,ECX
0044016A |. 72 09
|JB SHORT 00440175
0044016C |. 8B58 08
|MOV EBX,DWORD PTR DS:[EAX+8]
0044016F |. 03D9
|ADD EBX,ECX
00440171 |. 3BFB
|CMP EDI,EBX
00440173 |. 72 0A
|JB SHORT 0044017F
00440175 |> 42
|INC EDX
00440176 |. 83C0 28
|ADD EAX,28
00440179 |. 3BD6
|CMP EDX,ESI
0044017B |.^ 72 E8
\JB SHORT 00440165
0044017D |> 33C0
XOR EAX,EAX
0044017F |> 5F
POP EDI
00440180 |. 5E
POP ESI
00440181 |. 5B
POP EBX
00440182 |. 5D
POP EBP
00440183 \. C3
RETN
00440184
CC
INT3
00440185
CC
INT3
00440186
CC
INT3
00440187
CC
INT3

; SystemInf

00440188
CC
INT3
00440189
CC
INT3
0044018A
CC
INT3
0044018B
CC
INT3
0044018C
CC
INT3
0044018D
CC
INT3
0044018E
CC
INT3
0044018F
CC
INT3
00440190 /$ 8BFF
MOV EDI,EDI
o.00440190(guessed Arg1)
00440192 |. 55
PUSH EBP
00440193 |. 8BEC
MOV EBP,ESP
00440195 |. 6A FE
PUSH -2
00440197 |. 68 28F64400 PUSH OFFSET 0044F628
0044019C |. 68 508A4300 PUSH 00438A50
004401A1 |. 64:A1 0000000 MOV EAX,DWORD PTR FS:[0]
004401A7 |. 50
PUSH EAX
004401A8 |. 83EC 08
SUB ESP,8
004401AB |. 53
PUSH EBX
004401AC |. 56
PUSH ESI
004401AD |. 57
PUSH EDI
004401AE |. A1 A0154500 MOV EAX,DWORD PTR DS:[4515A0]
004401B3 |. 3145 F8
XOR DWORD PTR SS:[LOCAL.2],EAX
004401B6 |. 33C5
XOR EAX,EBP
004401B8 |. 50
PUSH EAX
004401B9 |. 8D45 F0
LEA EAX,[LOCAL.4]
004401BC |. 64:A3 0000000 MOV DWORD PTR FS:[0],EAX
004401C2 |. 8965 E8
MOV DWORD PTR SS:[LOCAL.6],ESP
004401C5 |. C745 FC 00000 MOV DWORD PTR SS:[LOCAL.1],0
004401CC |. 68 00004000 PUSH OFFSET <STRUCT IMAGE_DOS_HEADER>
ystemInfo.<STRUCT IMAGE_DOS_HEADER>
004401D1 |. E8 2AFFFFFF CALL 00440100
fo.00440100
004401D6 |. 83C4 04
ADD ESP,4
004401D9 |. 85C0
TEST EAX,EAX
004401DB |. 74 55
JE SHORT 00440232
004401DD |. 8B45 08
MOV EAX,DWORD PTR SS:[ARG.1]
004401E0 |. 2D 00004000 SUB EAX,OFFSET <STRUCT IMAGE_DOS_HEADER>
004401E5 |. 50
PUSH EAX
004401E6 |. 68 00004000 PUSH OFFSET <STRUCT IMAGE_DOS_HEADER>
ystemInfo.<STRUCT IMAGE_DOS_HEADER>
004401EB |. E8 50FFFFFF CALL 00440140
fo.00440140
004401F0 |. 83C4 08
ADD ESP,8
004401F3 |. 85C0
TEST EAX,EAX
004401F5 |. 74 3B
JE SHORT 00440232
004401F7 |. 8B40 24
MOV EAX,DWORD PTR DS:[EAX+24]
004401FA |. C1E8 1F
SHR EAX,1F
004401FD |. F7D0
NOT EAX
004401FF |. 83E0 01
AND EAX,00000001
00440202 |. C745 FC FEFFF MOV DWORD PTR SS:[LOCAL.1],-2
00440209 |. 8B4D F0
MOV ECX,DWORD PTR SS:[LOCAL.4]
0044020C |. 64:890D 00000 MOV DWORD PTR FS:[0],ECX
00440213 |. 59
POP ECX
00440214 |. 5F
POP EDI
00440215 |. 5E
POP ESI
00440216 |. 5B
POP EBX
00440217 |. 8BE5
MOV ESP,EBP
00440219 |. 5D
POP EBP
0044021A \. C3
RETN

; SystemInf

; /Arg1 = S
; \SystemIn

; /Arg2
; |Arg1 = S
; \SystemIn

0044021B /.
0044021E |.
00440220 |.
00440222 |.
00440224 |.
00440229 |.
0044022C |.
0044022E \.
0044022F /.
00440232 |>
00440239 |.
0044023B |.
0044023E |.
00440245 |.
00440246 |.
00440247 |.
00440248 |.
00440249 |.
0044024B |.
0044024C \.
0044024D /$
0044024F |.
00440250 |.
00440252 |.
00440255 |.
0044025A |.
0044025B \.
0044025C /$
0044025E |.
0044025F |.
00440261 |.
00440263 |.
00440265 |.
00440268 |.
0044026D |.
00440270 |.
00440271 \.
00440272 /$
00440274 |.
00440275 |.
00440277 |.
0044027A |.
0044027B |.
0044027D |.
0044027E |.
0044027F |.
00440282 |.
00440288 |.
[ARG.4]
0044028B |.
0044028E |.
fo.0042EC65
00440293 |.
00440296 |.
00440298 |>
fo.004343FD
0044029D |.
0044029E |.
0044029F |.
004402A0 |.

8B45 EC
8B08
8B01
33D2
3D 050000C0
0F94C2
8BC2
C3
8B65 E8
C745 FC FEFFF
33C0
8B4D F0
64:890D 00000
59
5F
5E
5B
8BE5
5D
C3
8BFF
55
8BEC
8B45 08
A3 54374500
5D
C3
8BFF
55
8BEC
6A 0A
6A 00
FF75 08
E8 22200000
83C4 0C
5D
C3
8BFF
55
8BEC
83EC 10
53
33DB
56
57
395D 10
0F84 D5000000
FF75 14

MOV EAX,DWORD PTR SS:[EBP-14]


MOV ECX,DWORD PTR DS:[EAX]
MOV EAX,DWORD PTR DS:[ECX]
XOR EDX,EDX
CMP EAX,C0000005
SETE DL
MOV EAX,EDX
RETN
MOV ESP,DWORD PTR SS:[EBP-18]
MOV DWORD PTR SS:[LOCAL.1],-2
XOR EAX,EAX
MOV ECX,DWORD PTR SS:[LOCAL.4]
MOV DWORD PTR FS:[0],ECX
POP ECX
POP EDI
POP ESI
POP EBX
MOV ESP,EBP
POP EBP
RETN
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
MOV EAX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR DS:[453754],EAX
POP EBP
RETN
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
PUSH 0A
PUSH 0
PUSH DWORD PTR SS:[ARG.1]
CALL 0044228F
ADD ESP,0C
POP EBP
RETN
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
SUB ESP,10
PUSH EBX
XOR EBX,EBX
PUSH ESI
PUSH EDI
CMP DWORD PTR SS:[ARG.3],EBX
JE 0044035D
PUSH DWORD PTR SS:[ARG.4]

; /Arg1 =>

8D4D F0
E8 D2E9FEFF

LEA ECX,[LOCAL.4]
CALL 0042EC65

; |
; \SystemIn

395D 08
75 2E
E8 6041FFFF

CMP DWORD PTR SS:[ARG.1],EBX


JNE SHORT 004402C6
CALL 004343FD

; [SystemIn

53
53
53
53

PUSH
PUSH
PUSH
PUSH

;
;
;
;

EBX
EBX
EBX
EBX

/Arg5
|Arg4
|Arg3
|Arg2

004402A1 |. 53
004402A2 |. C700 16000000
004402A8 |. E8 B5E5FEFF
fo.0042E862
004402AD |. 83C4 14
004402B0 |. 385D FC
004402B3 |. 74 07
004402B5 |. 8B45 F8
004402B8 |. 8360 70 FD
004402BC |> B8 FFFFFF7F
004402C1 |. E9 99000000
004402C6 |> 8B7D 0C
004402C9 |. 3BFB
004402CB |.^ 74 CB
004402CD |. BE FFFFFF7F
004402D2 |. 3975 10
004402D5 |. 76 28
004402D7 |. E8 2141FFFF
fo.004343FD
004402DC |. 53
004402DD |. 53
004402DE |. 53
004402DF |. 53
004402E0 |. 53
004402E1 |. C700 16000000
004402E7 |. E8 76E5FEFF
fo.0042E862
004402EC |. 83C4 14
004402EF |. 385D FC
004402F2 |. 74 07
004402F4 |. 8B45 F8
004402F7 |. 8360 70 FD
004402FB |> 8BC6
004402FD |. EB 60
004402FF |> 8B45 F0
00440302 |. 3958 14
00440305 |. 75 1D
00440307 |. FF75 10
0044030A |. 57
0044030B |. FF75 08
0044030E |. E8 8D3E0000
00440313 |. 83C4 0C
00440316 |> 385D FC
00440319 |. 74 44
0044031B |. 8B4D F8
0044031E |. 8361 70 FD
00440322 |. EB 3B
00440324 |> 8B45 08
00440327 |. 0FB600
0044032A |. 8D4D F0
0044032D |. 51
OFFSET LOCAL.4
0044032E |. 50
0044032F |. E8 D9F5FFFF
fo.0043F90D
00440334 |. FF45 08
00440337 |. 8BF0
00440339 |. 0FB607
0044033C |. 8D4D F0
0044033F |. 51

PUSH EBX
MOV DWORD PTR DS:[EAX],16
CALL 0042E862

; |Arg1
; |
; \SystemIn

ADD ESP,14
CMP BYTE PTR SS:[LOCAL.1],BL
JE SHORT 004402BC
MOV EAX,DWORD PTR SS:[LOCAL.2]
AND DWORD PTR DS:[EAX+70],FFFFFFFD
MOV EAX,7FFFFFFF
JMP 0044035F
MOV EDI,DWORD PTR SS:[ARG.2]
CMP EDI,EBX
JE SHORT 00440298
MOV ESI,7FFFFFFF
CMP DWORD PTR SS:[ARG.3],ESI
JBE SHORT 004402FF
CALL 004343FD

; [SystemIn

PUSH EBX
PUSH EBX
PUSH EBX
PUSH EBX
PUSH EBX
MOV DWORD PTR DS:[EAX],16
CALL 0042E862

;
;
;
;
;
;
;

ADD ESP,14
CMP BYTE PTR SS:[LOCAL.1],BL
JE SHORT 004402FB
MOV EAX,DWORD PTR SS:[LOCAL.2]
AND DWORD PTR DS:[EAX+70],FFFFFFFD
MOV EAX,ESI
JMP SHORT 0044035F
MOV EAX,DWORD PTR SS:[LOCAL.4]
CMP DWORD PTR DS:[EAX+14],EBX
JNE SHORT 00440324
PUSH DWORD PTR SS:[ARG.3]
PUSH EDI
PUSH DWORD PTR SS:[ARG.1]
CALL 004441A0
ADD ESP,0C
CMP BYTE PTR SS:[LOCAL.1],BL
JE SHORT 0044035F
MOV ECX,DWORD PTR SS:[LOCAL.2]
AND DWORD PTR DS:[ECX+70],FFFFFFFD
JMP SHORT 0044035F
/MOV EAX,DWORD PTR SS:[ARG.1]
|MOVZX EAX,BYTE PTR DS:[EAX]
|LEA ECX,[LOCAL.4]
|PUSH ECX

; /Arg2 =>

|PUSH EAX
|CALL 0043F90D

; |Arg1
; \SystemIn

|INC DWORD PTR SS:[ARG.1]


|MOV ESI,EAX
|MOVZX EAX,BYTE PTR DS:[EDI]
|LEA ECX,[LOCAL.4]
|PUSH ECX

; /Arg2 =>

/Arg5
|Arg4
|Arg3
|Arg2
|Arg1
|
\SystemIn

OFFSET LOCAL.4
00440340 |. 50
|PUSH EAX
00440341 |. E8 C7F5FFFF |CALL 0043F90D
fo.0043F90D
00440346 |. 83C4 10
|ADD ESP,10
00440349 |. 47
|INC EDI
0044034A |. FF4D 10
|DEC DWORD PTR SS:[ARG.3]
0044034D |. 74 08
|JE SHORT 00440357
0044034F |. 3BF3
|CMP ESI,EBX
00440351 |. 74 04
|JE SHORT 00440357
00440353 |. 3BF0
|CMP ESI,EAX
00440355 |.^ 74 CD
\JE SHORT 00440324
00440357 |> 2BF0
SUB ESI,EAX
00440359 |. 8BC6
MOV EAX,ESI
0044035B |.^ EB B9
JMP SHORT 00440316
0044035D |> 33C0
XOR EAX,EAX
0044035F |> 5F
POP EDI
00440360 |. 5E
POP ESI
00440361 |. 5B
POP EBX
00440362 |. C9
LEAVE
00440363 \. C3
RETN
00440364 /$ 8BFF
MOV EDI,EDI
o.00440364(guessed Arg1,Arg2,Arg3)
00440366 |. 55
PUSH EBP
00440367 |. 8BEC
MOV EBP,ESP
00440369 |. 56
PUSH ESI
0044036A |. 33F6
XOR ESI,ESI
0044036C |. 3935 D02C4500 CMP DWORD PTR DS:[452CD0],ESI
00440372 |. 75 39
JNE SHORT 004403AD
00440374 |. 3975 08
CMP DWORD PTR SS:[ARG.1],ESI
00440377 |. 75 1F
JNE SHORT 00440398
00440379 |> E8 7F40FFFF CALL 004343FD
fo.004343FD
0044037E |. 56
PUSH ESI
0044037F |. 56
PUSH ESI
00440380 |. 56
PUSH ESI
00440381 |. 56
PUSH ESI
00440382 |. 56
PUSH ESI
00440383 |. C700 16000000 MOV DWORD PTR DS:[EAX],16
00440389 |. E8 D4E4FEFF CALL 0042E862
fo.0042E862
0044038E |. 83C4 14
ADD ESP,14
00440391 |. B8 FFFFFF7F MOV EAX,7FFFFFFF
00440396 |. EB 27
JMP SHORT 004403BF
00440398 |> 3975 0C
CMP DWORD PTR SS:[ARG.2],ESI
0044039B |.^ 74 DC
JE SHORT 00440379
0044039D |. 817D 10 FFFFF CMP DWORD PTR SS:[ARG.3],7FFFFFFF
004403A4 |.^ 77 D3
JA SHORT 00440379
004403A6 |. 5E
POP ESI
004403A7 |. 5D
POP EBP
004403A8 |. E9 F33D0000 JMP 004441A0
004403AD |> 56
PUSH ESI
004403AE |. FF75 10
PUSH DWORD PTR SS:[ARG.3]
004403B1 |. FF75 0C
PUSH DWORD PTR SS:[ARG.2]
004403B4 |. FF75 08
PUSH DWORD PTR SS:[ARG.1]
004403B7 |. E8 B6FEFFFF CALL 00440272
004403BC |. 83C4 10
ADD ESP,10
004403BF |> 5E
POP ESI
004403C0 |. 5D
POP EBP
004403C1 \. C3
RETN

; |Arg1
; \SystemIn

; SystemInf

; [SystemIn
;
;
;
;
;
;
;

/Arg5
|Arg4
|Arg3
|Arg2
|Arg1
|
\SystemIn

004403C2 /$ 8BFF
MOV EDI,EDI
004403C4 |. 55
PUSH EBP
004403C5 |. 8BEC
MOV EBP,ESP
004403C7 |. 83EC 10
SUB ESP,10
004403CA |. FF75 08
PUSH DWORD PTR SS:[ARG.1]
[ARG.1]
004403CD |. 8D4D F0
LEA ECX,[LOCAL.4]
004403D0 |. E8 90E8FEFF CALL 0042EC65
fo.0042EC65
004403D5 |. 0FB645 0C
MOVZX EAX,BYTE PTR SS:[ARG.2]
004403D9 |. 8B4D F4
MOV ECX,DWORD PTR SS:[LOCAL.3]
004403DC |. 8A55 14
MOV DL,BYTE PTR SS:[ARG.4]
004403DF |. 845401 1D
TEST BYTE PTR DS:[EAX+ECX+1D],DL
004403E3 |. 75 1E
JNE SHORT 00440403
004403E5 |. 837D 10 00
CMP DWORD PTR SS:[ARG.3],0
004403E9 |. 74 12
JE SHORT 004403FD
004403EB |. 8B4D F0
MOV ECX,DWORD PTR SS:[LOCAL.4]
004403EE |. 8B89 C8000000 MOV ECX,DWORD PTR DS:[ECX+0C8]
004403F4 |. 0FB70441
MOVZX EAX,WORD PTR DS:[EAX*2+ECX]
004403F8 |. 2345 10
AND EAX,DWORD PTR SS:[ARG.3]
004403FB |. EB 02
JMP SHORT 004403FF
004403FD |> 33C0
XOR EAX,EAX
004403FF |> 85C0
TEST EAX,EAX
00440401 |. 74 03
JE SHORT 00440406
00440403 |> 33C0
XOR EAX,EAX
00440405 |. 40
INC EAX
00440406 |> 807D FC 00
CMP BYTE PTR SS:[LOCAL.1],0
0044040A |. 74 07
JE SHORT 00440413
0044040C |. 8B4D F8
MOV ECX,DWORD PTR SS:[LOCAL.2]
0044040F |. 8361 70 FD
AND DWORD PTR DS:[ECX+70],FFFFFFFD
00440413 |> C9
LEAVE
00440414 \. C3
RETN
00440415 /$ 8BFF
MOV EDI,EDI
o.00440415(guessed Arg1,Arg2)
00440417 |. 55
PUSH EBP
00440418 |. 8BEC
MOV EBP,ESP
0044041A |. 6A 04
PUSH 4
0044041C |. 6A 00
PUSH 0
0044041E |. FF75 08
PUSH DWORD PTR SS:[ARG.1]
00440421 |. FF75 0C
PUSH DWORD PTR SS:[ARG.2]
00440424 |. E8 99FFFFFF CALL 004403C2
00440429 |. 83C4 10
ADD ESP,10
0044042C |. 5D
POP EBP
0044042D \. C3
RETN
0044042E /$ 8BFF
MOV EDI,EDI
o.0044042E(guessed Arg1)
00440430 |. 55
PUSH EBP
00440431 |. 8BEC
MOV EBP,ESP
00440433 |. 6A 04
PUSH 4
00440435 |. 6A 00
PUSH 0
00440437 |. FF75 08
PUSH DWORD PTR SS:[ARG.1]
0044043A |. 6A 00
PUSH 0
0044043C |. E8 81FFFFFF CALL 004403C2
00440441 |. 83C4 10
ADD ESP,10
00440444 |. 5D
POP EBP
00440445 \. C3
RETN
00440446 /$ 8BFF
MOV EDI,EDI
o.00440446(guessed Arg1,Arg2,Arg3)
00440448 |. 55
PUSH EBP
00440449 |. 8BEC
MOV EBP,ESP

; /Arg1 =>
; |
; \SystemIn

; SystemInf

; SystemInf

; SystemInf

0044044B |.
0044044E |.
00440453 |.
00440455 |.
00440458 |.
0044045B |.
0044045E |.
0044045F |.
00440462 |.
00440463 |.
00440465 |.
00440468 |.
0044046B |.
0044046D |.
0044046F |>
fo.004343FD
00440474 |.
00440475 |.
00440476 |.
00440477 |.
00440478 |.
00440479 |.
0044047F |.
fo.0042E862
00440484 |.
00440487 |.
00440489 |.
0044048E |>
00440490 |.^
00440492 |.
00440494 |.
00440496 |.
00440498 |.^
0044049A |>
0044049C |.
0044049D |.
0044049F |.
004404A2 |.
004404A4 |.
004404A6 |.
004404A7 |.
004404A8 |>
004404AA |.
004404AD |.
004404AF |.
004404B1 |.
004404B3 |.
004404B5 |.
004404B8 |.
004404BC |.
004404BE |.
004404BF |.
004404C1 |.^
004404C3 |.
004404C6 |.
004404C8 |.
004404CA |.
004404CD |.
004404CF |.
004404D1 |>

83EC 2C
A1 A0154500
33C5
8945 FC
8B45 10
8B4D 08
56
8B75 0C
57
33FF
894D D4
8945 D8
3BC7
75 1F
E8 893FFFFF

SUB ESP,2C
MOV EAX,DWORD PTR DS:[4515A0]
XOR EAX,EBP
MOV DWORD PTR SS:[LOCAL.1],EAX
MOV EAX,DWORD PTR SS:[ARG.3]
MOV ECX,DWORD PTR SS:[ARG.1]
PUSH ESI
MOV ESI,DWORD PTR SS:[ARG.2]
PUSH EDI
XOR EDI,EDI
MOV DWORD PTR SS:[LOCAL.11],ECX
MOV DWORD PTR SS:[LOCAL.10],EAX
CMP EAX,EDI
JNE SHORT 0044048E
CALL 004343FD

; [SystemIn

57
57
57
57
57
C700 16000000
E8 DEE3FEFF

PUSH EDI
PUSH EDI
PUSH EDI
PUSH EDI
PUSH EDI
MOV DWORD PTR DS:[EAX],16
CALL 0042E862

;
;
;
;
;
;
;

83C4 14
33C0
E9 98000000
3BF7
74 DD
3BCF
75 04
3938
74 D5
6A 08
59
33C0
8D7D DC
6A 07
F3:AB
5F
53
8A16
0FB6CA
8BC1
23CF
B3 01
D2E3
C1E8 03
8D4405 DC
0818
46
84D2
75 E5
8B55 D4
85D2
75 0C
8B45 D8
8B10
EB 05
84C0

ADD ESP,14
XOR EAX,EAX
JMP 00440526
CMP ESI,EDI
JE SHORT 0044046F
CMP ECX,EDI
JNE SHORT 0044049A
CMP DWORD PTR DS:[EAX],EDI
JE SHORT 0044046F
PUSH 8
POP ECX
XOR EAX,EAX
LEA EDI,[LOCAL.9]
PUSH 7
REP STOS DWORD PTR ES:[EDI]
POP EDI
PUSH EBX
/MOV DL,BYTE PTR DS:[ESI]
|MOVZX ECX,DL
|MOV EAX,ECX
|AND ECX,EDI
|MOV BL,1
|SHL BL,CL
|SHR EAX,3
|LEA EAX,[EAX+EBP-24]
|OR BYTE PTR DS:[EAX],BL
|INC ESI
|TEST DL,DL
\JNE SHORT 004404A8
MOV EDX,DWORD PTR SS:[LOCAL.11]
TEST EDX,EDX
JNE SHORT 004404D6
MOV EAX,DWORD PTR SS:[LOCAL.10]
MOV EDX,DWORD PTR DS:[EAX]
JMP SHORT 004404D6
/TEST AL,AL

/Arg5
|Arg4
|Arg3
|Arg2
|Arg1
|
\SystemIn

004404D3 |. 74 1A
004404D5 |. 42
004404D6 |> 8A02
004404D8 |. 0FB6F0
004404DB |. 33DB
004404DD |. 8BCE
004404DF |. 23CF
004404E1 |. 43
004404E2 |. D3E3
004404E4 |. C1EE 03
004404E7 |. 8A4C35 DC
004404EB |. 84D9
004404ED |.^ 75 E2
004404EF |> 8BDA
004404F1 |. EB 18
004404F3 |> 0FB632
004404F6 |. 33C0
004404F8 |. 8BCE
004404FA |. 23CF
004404FC |. 40
004404FD |. D3E0
004404FF |. C1EE 03
00440502 |. 8A4C35 DC
00440506 |. 84C1
00440508 |. 75 08
0044050A |. 42
0044050B |> 803A 00
0044050E |.^ 75 E3
00440510 |. EB 04
00440512 |> C602 00
00440515 |. 42
00440516 |> 8B45 D8
00440519 |. 8910
0044051B |. 8BC3
0044051D |. 2BC2
0044051F |. F7D8
00440521 |. 1BC0
00440523 |. 23C3
00440525 |. 5B
00440526 |> 8B4D FC
00440529 |. 5F
0044052A |. 33CD
0044052C |. 5E
0044052D |. E8 BFE1FEFF
00440532 |. C9
00440533 \. C3
00440534 /$ 8BFF
o.00440534(guessed Arg1)
00440536 |. 55
00440537 |. 8BEC
00440539 |. 51
0044053A |. 53
0044053B |. 56
0044053C |. 8B75 08
0044053F |. F646 0C 40
00440543 |. 57
00440544 |. BB 90224500
00440549 |. 0F85 72010000
0044054F |. 56
[ARG.1]

|JE SHORT 004404EF


|INC EDX
|MOV AL,BYTE PTR DS:[EDX]
|MOVZX ESI,AL
|XOR EBX,EBX
|MOV ECX,ESI
|AND ECX,EDI
|INC EBX
|SHL EBX,CL
|SHR ESI,3
|MOV CL,BYTE PTR SS:[ESI+EBP-24]
|TEST CL,BL
\JNE SHORT 004404D1
MOV EBX,EDX
JMP SHORT 0044050B
/MOVZX ESI,BYTE PTR DS:[EDX]
|XOR EAX,EAX
|MOV ECX,ESI
|AND ECX,EDI
|INC EAX
|SHL EAX,CL
|SHR ESI,3
|MOV CL,BYTE PTR SS:[ESI+EBP-24]
|TEST CL,AL
|JNE SHORT 00440512
|INC EDX
|CMP BYTE PTR DS:[EDX],0
\JNE SHORT 004404F3
JMP SHORT 00440516
MOV BYTE PTR DS:[EDX],0
INC EDX
MOV EAX,DWORD PTR SS:[LOCAL.10]
MOV DWORD PTR DS:[EAX],EDX
MOV EAX,EBX
SUB EAX,EDX
NEG EAX
SBB EAX,EAX
AND EAX,EBX
POP EBX
MOV ECX,DWORD PTR SS:[LOCAL.1]
POP EDI
XOR ECX,EBP
POP ESI
CALL 0042E6F1
LEAVE
RETN
MOV EDI,EDI

; SystemInf

PUSH EBP
MOV EBP,ESP
PUSH ECX
PUSH EBX
PUSH ESI
MOV ESI,DWORD PTR SS:[ARG.1]
TEST BYTE PTR DS:[ESI+0C],40
PUSH EDI
MOV EBX,OFFSET 00452290
JNE 004406C1
PUSH ESI

; /Arg1 =>

00440550 |.
fo.0043B2D0
00440555 |.
00440556 |.
00440559 |.
0044055B |.
0044055C |.
fo.0043B2D0
00440561 |.
00440562 |.
00440565 |.
00440567 |.
00440568 |.
fo.0043B2D0
0044056D |.
00440570 |.
00440571 |.
00440578 |.
fo.0043B2D0
0044057D |.
00440580 |.
00440581 |.
00440584 |.
00440586 |.
00440587 |.
00440589 |>
0044058B |>
0044058F |.
00440591 |.
00440594 |.
00440596 |.
00440598 |.
0044059B |.
0044059C |.
0044059E |.
004405A0 |>
004405A1 |.
004405A6 |.
004405A7 |>
004405AA |.
004405AC |>
004405B1 |.
004405B6 |>
004405B9 |.
004405BC |.
004405BE |.
004405C0 |.
004405C3 |.
004405C4 |.
004405C6 |.
004405C8 |>
004405C9 |.
004405CE |.
004405CF |>
004405D2 |.^
004405D4 |.
004405D7 |>
004405DB |.
004405E0 |>
004405E4 |.

E8 7BADFFFF

CALL 0043B2D0

; \SystemIn

59
83F8 FF
74 2E
56
E8 6FADFFFF

POP ECX
CMP EAX,-1
JE SHORT 00440589
PUSH ESI
CALL 0043B2D0

; /Arg1
; \SystemIn

59
83F8 FE
74 22
56
E8 63ADFFFF

POP ECX
CMP EAX,-2
JE SHORT 00440589
PUSH ESI
CALL 0043B2D0

; /Arg1
; \SystemIn

C1F8 05
56
8D3C85 A03745
E8 53ADFFFF

SAR EAX,5
PUSH ESI
LEA EDI,[EAX*4+4537A0]
CALL 0043B2D0

; /Arg1
; |
; \SystemIn

83E0 1F
59
C1E0 06
0307
59
EB 02
8BC3
F640 24 7F
74 4F
FF4E 04
78 0A
8B0E
0FB601
41
890E
EB 07
56
E8 AEB1FFFF
59
83F8 FF
75 0A
B8 FFFF0000
E9 24010000
FF4E 04
8845 08
78 0A
8B0E
0FB601
41
890E
EB 07
56
E8 86B1FFFF
59
83F8 FF
74 D8
8845 09
66:8B45 08
E9 FA000000
F646 0C 40
0F85 D7000000

AND EAX,0000001F
POP ECX
SHL EAX,6
ADD EAX,DWORD PTR DS:[EDI]
POP ECX
JMP SHORT 0044058B
MOV EAX,EBX
TEST BYTE PTR DS:[EAX+24],7F
JE SHORT 004405E0
DEC DWORD PTR DS:[ESI+4]
JS SHORT 004405A0
MOV ECX,DWORD PTR DS:[ESI]
MOVZX EAX,BYTE PTR DS:[ECX]
INC ECX
MOV DWORD PTR DS:[ESI],ECX
JMP SHORT 004405A7
PUSH ESI
CALL 0043B754
POP ECX
CMP EAX,-1
JNE SHORT 004405B6
MOV EAX,0FFFF
JMP 004406DA
DEC DWORD PTR DS:[ESI+4]
MOV BYTE PTR SS:[ARG.1],AL
JS SHORT 004405C8
MOV ECX,DWORD PTR DS:[ESI]
MOVZX EAX,BYTE PTR DS:[ECX]
INC ECX
MOV DWORD PTR DS:[ESI],ECX
JMP SHORT 004405CF
PUSH ESI
CALL 0043B754
POP ECX
CMP EAX,-1
JE SHORT 004405AC
MOV BYTE PTR SS:[ARG.1+1],AL
MOV AX,WORD PTR SS:[ARG.1]
JMP 004406DA
TEST BYTE PTR DS:[ESI+0C],40
JNE 004406C1

004405EA |.
004405EB |.
fo.0043B2D0
004405F0 |.
004405F1 |.
004405F4 |.
004405F6 |.
004405F7 |.
fo.0043B2D0
004405FC |.
004405FD |.
00440600 |.
00440602 |.
00440603 |.
fo.0043B2D0
00440608 |.
0044060B |.
0044060C |.
00440613 |.
fo.0043B2D0
00440618 |.
0044061B |.
0044061C |.
0044061F |.
00440621 |.
00440622 |.
00440624 |>
00440626 |>
0044062A |.
00440630 |.
00440632 |.
00440633 |.
00440636 |.
00440638 |.
0044063A |.
0044063D |.
0044063E |.
00440640 |.
00440642 |>
00440643 |.
00440648 |.
00440649 |>
0044064C |.^
00440652 |.
00440655 |.
00440658 |.
00440659 |.
fo.0043628B
0044065E |.
0044065F |.
00440661 |.
00440663 |.
00440666 |.
00440668 |.
0044066A |.
0044066D |.
0044066E |.
00440670 |.
00440672 |>
00440673 |.

56
E8 E0ACFFFF

PUSH ESI
CALL 0043B2D0

; /Arg1
; \SystemIn

59
83F8 FF
74 2E
56
E8 D4ACFFFF

POP ECX
CMP EAX,-1
JE SHORT 00440624
PUSH ESI
CALL 0043B2D0

; /Arg1
; \SystemIn

59
83F8 FE
74 22
56
E8 C8ACFFFF

POP ECX
CMP EAX,-2
JE SHORT 00440624
PUSH ESI
CALL 0043B2D0

; /Arg1
; \SystemIn

C1F8 05
56
8D3C85 A03745
E8 B8ACFFFF

SAR EAX,5
PUSH ESI
LEA EDI,[EAX*4+4537A0]
CALL 0043B2D0

; /Arg1
; |
; \SystemIn

83E0 1F
59
C1E0 06
0307
59
EB 02
8BC3
F640 04 80
0F84 91000000
33FF
47
FF4E 04
78 0A
8B0E
0FB601
41
890E
EB 07
56
E8 0CB1FFFF
59
83F8 FF
0F84 5AFFFFFF
8845 FC
0FB6C0
50
E8 2D5CFFFF

AND EAX,0000001F
POP ECX
SHL EAX,6
ADD EAX,DWORD PTR DS:[EDI]
POP ECX
JMP SHORT 00440626
MOV EAX,EBX
TEST BYTE PTR DS:[EAX+4],80
JE 004406C1
XOR EDI,EDI
INC EDI
DEC DWORD PTR DS:[ESI+4]
JS SHORT 00440642
MOV ECX,DWORD PTR DS:[ESI]
MOVZX EAX,BYTE PTR DS:[ECX]
INC ECX
MOV DWORD PTR DS:[ESI],ECX
JMP SHORT 00440649
PUSH ESI
CALL 0043B754
POP ECX
CMP EAX,-1
JE 004405AC
MOV BYTE PTR SS:[LOCAL.1],AL
MOVZX EAX,AL
PUSH EAX
CALL 0043628B

; /Arg1
; \SystemIn

59
85C0
74 34
FF4E 04
78 0A
8B0E
0FB601
41
890E
EB 07
56
E8 DCB0FFFF

POP ECX
TEST EAX,EAX
JE SHORT 00440697
DEC DWORD PTR DS:[ESI+4]
JS SHORT 00440672
MOV ECX,DWORD PTR DS:[ESI]
MOVZX EAX,BYTE PTR DS:[ECX]
INC ECX
MOV DWORD PTR DS:[ESI],ECX
JMP SHORT 00440679
PUSH ESI
CALL 0043B754

00440678 |. 59
00440679 |> 83F8 FF
0044067C |. 75 13
0044067E |. 0FBE45 FC
00440682 |. 56
00440683 |. 50
00440684 |. E8 4624FFFF
00440689 |. 59
0044068A |. B8 FFFF0000
0044068F |. EB 48
00440691 |> 6A 02
00440693 |. 8845 FD
00440696 |. 5F
00440697 |> 57
00440698 |. 8D45 FC
0044069B |. 50
OFFSET LOCAL.1
0044069C |. 8D45 08
0044069F |. 50
OFFSET ARG.1
004406A0 |. E8 2F20FFFF
fo.004326D4
004406A5 |. 83C4 0C
004406A8 |. 83F8 FF
004406AB |.^ 0F85 26FFFFFF
004406B1 |. E8 473DFFFF
fo.004343FD
004406B6 |. C700 2A000000
004406BC |.^ E9 EBFEFFFF
004406C1 |> 8346 04 FE
004406C5 |. 78 0C
004406C7 |. 8B0E
004406C9 |. 0FB701
004406CC |. 83C1 02
004406CF |. 890E
004406D1 |. EB 07
004406D3 |> 56
004406D4 |. E8 283B0000
004406D9 |> 59
004406DA |> 5F
004406DB |. 5E
004406DC |. 5B
004406DD |. C9
004406DE \. C3
004406DF /> 8BFF
004406E1 |. 55
004406E2 |. 8BEC
004406E4 |. 83EC 10
004406E7 |. A1 A0154500
004406EC |. 33C5
004406EE |. 8945 FC
004406F1 |. 53
004406F2 |. 8B5D 08
004406F5 |. 56
004406F6 |. 8B75 0C
004406F9 |. 57
004406FA |. BF FFFF0000
004406FF |. 8BC7
00440701 |. 66:3BD8
00440704 |. 0F84 66010000

POP ECX
CMP EAX,-1
JNE SHORT 00440691
MOVSX EAX,BYTE PTR SS:[LOCAL.1]
PUSH ESI
PUSH EAX
CALL 00432ACF
POP ECX
MOV EAX,0FFFF
JMP SHORT 004406D9
PUSH 2
MOV BYTE PTR SS:[LOCAL.1+1],AL
POP EDI
PUSH EDI
LEA EAX,[LOCAL.1]
PUSH EAX

; /Arg3
; |
; |Arg2 =>

LEA EAX,[ARG.1]
PUSH EAX

; |
; |Arg1 =>

CALL 004326D4

; \SystemIn

ADD ESP,0C
CMP EAX,-1
JNE 004405D7
CALL 004343FD

; [SystemIn

MOV DWORD PTR DS:[EAX],2A


JMP 004405AC
ADD DWORD PTR DS:[ESI+4],-2
JS SHORT 004406D3
MOV ECX,DWORD PTR DS:[ESI]
MOVZX EAX,WORD PTR DS:[ECX]
ADD ECX,2
MOV DWORD PTR DS:[ESI],ECX
JMP SHORT 004406DA
PUSH ESI
CALL 00444201
POP ECX
POP EDI
POP ESI
POP EBX
LEAVE
RETN
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
SUB ESP,10
MOV EAX,DWORD PTR DS:[4515A0]
XOR EAX,EBP
MOV DWORD PTR SS:[LOCAL.1],EAX
PUSH EBX
MOV EBX,DWORD PTR SS:[ARG.1]
PUSH ESI
MOV ESI,DWORD PTR SS:[ARG.2]
PUSH EDI
MOV EDI,0FFFF
MOV EAX,EDI
CMP BX,AX
JE 00440870

0044070A |.
0044070D |.
0044070F |.
00440711 |.
00440713 |.
00440719 |.
0044071B |.
00440721 |>
00440725 |.
00440727 |.
[ARG.2]
00440728 |.
fo.0043B70B
0044072D |.
0044072E |>
00440732 |.
00440738 |.
00440739 |.
fo.0043B2D0
0044073E |.
0044073F |.
00440744 |.
00440747 |.
00440749 |.
0044074A |.
fo.0043B2D0
0044074F |.
00440750 |.
00440753 |.
00440755 |.
00440756 |.
fo.0043B2D0
0044075B |.
0044075E |.
0044075F |.
00440766 |.
fo.0043B2D0
0044076B |.
0044076E |.
00440771 |.
00440773 |.
00440774 |.
00440775 |.
0044077A |.
0044077C |>
0044077E |>
00440782 |.
00440788 |.
00440789 |.
fo.0043B2D0
0044078E |.
0044078F |.
00440792 |.
00440794 |.
00440795 |.
fo.0043B2D0
0044079A |.
0044079B |.
0044079E |.
004407A0 |.

8B46 0C
A8 01
75 10
84C0
0F89 57010000
A8 02
0F85 4F010000
837E 08 00
75 07
56

MOV EAX,DWORD PTR DS:[ESI+0C]


TEST AL,01
JNE SHORT 00440721
TEST AL,AL
JNS 00440870
TEST AL,02
JNE 00440870
CMP DWORD PTR DS:[ESI+8],0
JNE SHORT 0044072E
PUSH ESI

; /Arg1 =>

E8 DEAFFFFF

CALL 0043B70B

; \SystemIn

59
F646 0C 40
0F85 0B010000
56
E8 92ABFFFF

POP ECX
TEST BYTE PTR DS:[ESI+0C],40
JNE 00440843
PUSH ESI
CALL 0043B2D0

; /Arg1
; \SystemIn

59
BB 90224500
83F8 FF
74 33
56
E8 81ABFFFF

POP ECX
MOV EBX,OFFSET 00452290
CMP EAX,-1
JE SHORT 0044077C
PUSH ESI
CALL 0043B2D0

; /Arg1
; \SystemIn

59
83F8 FE
74 27
56
E8 75ABFFFF

POP ECX
CMP EAX,-2
JE SHORT 0044077C
PUSH ESI
CALL 0043B2D0

; /Arg1
; \SystemIn

C1F8 05
56
8D3C85 A03745
E8 65ABFFFF

SAR EAX,5
PUSH ESI
LEA EDI,[EAX*4+4537A0]
CALL 0043B2D0

; /Arg1
; |
; \SystemIn

83E0 1F
C1E0 06
0307
59
59
BF FFFF0000
EB 02
8BC3
F640 04 80
0F84 B8000000
56
E8 42ABFFFF

AND EAX,0000001F
SHL EAX,6
ADD EAX,DWORD PTR DS:[EDI]
POP ECX
POP ECX
MOV EDI,0FFFF
JMP SHORT 0044077E
MOV EAX,EBX
TEST BYTE PTR DS:[EAX+4],80
JE 00440840
PUSH ESI
CALL 0043B2D0

; /Arg1
; \SystemIn

59
83F8 FF
74 33
56
E8 36ABFFFF

POP ECX
CMP EAX,-1
JE SHORT 004407C7
PUSH ESI
CALL 0043B2D0

; /Arg1
; \SystemIn

59
83F8 FE
74 27
56

POP ECX
CMP EAX,-2
JE SHORT 004407C7
PUSH ESI

; /Arg1

004407A1 |. E8 2AABFFFF
fo.0043B2D0
004407A6 |. C1F8 05
004407A9 |. 56
004407AA |. 8D3C85 A03745
004407B1 |. E8 1AABFFFF
fo.0043B2D0
004407B6 |. 83E0 1F
004407B9 |. C1E0 06
004407BC |. 0307
004407BE |. 59
004407BF |. 59
004407C0 |. BF FFFF0000
004407C5 |. EB 02
004407C7 |> 8BC3
004407C9 |> F640 24 7F
004407CD |. 74 11
004407CF |. 8B55 08
004407D2 |. 6A 02
004407D4 |. 58
004407D5 |. 8855 F4
004407D8 |. 8875 F5
004407DB |. 8945 F0
004407DE |. EB 1F
004407E0 |> FF75 08
[ARG.1]
004407E3 |. 8D45 F4
004407E6 |. 6A 05
004407E8 |. 50
OFFSET LOCAL.3
004407E9 |. 8D45 F0
004407EC |. 50
OFFSET LOCAL.4
004407ED |. E8 51E4FFFF
fo.0043EC43
004407F2 |. 83C4 10
004407F5 |. 85C0
004407F7 |. 75 77
004407F9 |. 8B45 F0
004407FC |. 8B55 08
004407FF |> 8B4E 08
00440802 |. 03C8
00440804 |. 390E
00440806 |. 73 0D
00440808 |. 837E 04 00
0044080C |. 75 62
0044080E |. 3B46 18
00440811 |. 7F 5D
00440813 |. 890E
00440815 |> 8D48 FF
00440818 |. 85C9
0044081A |. 7C 10
0044081C |> FF0E
0044081E |. 49
0044081F |. 8A5C0D F5
00440823 |. 8B06
00440825 |. 8818
00440827 |.^ 79 F3
00440829 |. 8B45 F0
0044082C |> 0146 04

CALL 0043B2D0

; \SystemIn

SAR EAX,5
PUSH ESI
LEA EDI,[EAX*4+4537A0]
CALL 0043B2D0

; /Arg1
; |
; \SystemIn

AND EAX,0000001F
SHL EAX,6
ADD EAX,DWORD PTR DS:[EDI]
POP ECX
POP ECX
MOV EDI,0FFFF
JMP SHORT 004407C9
MOV EAX,EBX
TEST BYTE PTR DS:[EAX+24],7F
JE SHORT 004407E0
MOV EDX,DWORD PTR SS:[ARG.1]
PUSH 2
POP EAX
MOV BYTE PTR SS:[LOCAL.3],DL
MOV BYTE PTR SS:[LOCAL.3+1],DH
MOV DWORD PTR SS:[LOCAL.4],EAX
JMP SHORT 004407FF
PUSH DWORD PTR SS:[ARG.1]

; /Arg4 =>

LEA EAX,[LOCAL.3]
PUSH 5
PUSH EAX

; |
; |Arg3 = 5
; |Arg2 =>

LEA EAX,[LOCAL.4]
PUSH EAX

; |
; |Arg1 =>

CALL 0043EC43

; \SystemIn

ADD ESP,10
TEST EAX,EAX
JNE SHORT 00440870
MOV EAX,DWORD PTR SS:[LOCAL.4]
MOV EDX,DWORD PTR SS:[ARG.1]
MOV ECX,DWORD PTR DS:[ESI+8]
ADD ECX,EAX
CMP DWORD PTR DS:[ESI],ECX
JNB SHORT 00440815
CMP DWORD PTR DS:[ESI+4],0
JNE SHORT 00440870
CMP EAX,DWORD PTR DS:[ESI+18]
JG SHORT 00440870
MOV DWORD PTR DS:[ESI],ECX
LEA ECX,[EAX-1]
TEST ECX,ECX
JL SHORT 0044082C
/DEC DWORD PTR DS:[ESI]
|DEC ECX
|MOV BL,BYTE PTR SS:[ECX+EBP-0B]
|MOV EAX,DWORD PTR DS:[ESI]
|MOV BYTE PTR DS:[EAX],BL
\JNS SHORT 0044081C
MOV EAX,DWORD PTR SS:[LOCAL.4]
ADD DWORD PTR DS:[ESI+4],EAX

0044082F |. 8B46 0C
MOV EAX,DWORD PTR DS:[ESI+0C]
00440832 |. 83E0 EF
AND EAX,FFFFFFEF
00440835 |. 83C8 01
OR EAX,00000001
00440838 |. 8946 0C
MOV DWORD PTR DS:[ESI+0C],EAX
0044083B |. 66:8BC2
MOV AX,DX
0044083E |. EB 32
JMP SHORT 00440872
00440840 |> 8B5D 08
MOV EBX,DWORD PTR SS:[ARG.1]
00440843 |> 8B46 08
MOV EAX,DWORD PTR DS:[ESI+8]
00440846 |. 83C0 02
ADD EAX,2
00440849 |. 3906
CMP DWORD PTR DS:[ESI],EAX
0044084B |. 73 0E
JNB SHORT 0044085B
0044084D |. 837E 04 00
CMP DWORD PTR DS:[ESI+4],0
00440851 |. 75 1D
JNE SHORT 00440870
00440853 |. 837E 18 02
CMP DWORD PTR DS:[ESI+18],2
00440857 |. 72 17
JB SHORT 00440870
00440859 |. 8906
MOV DWORD PTR DS:[ESI],EAX
0044085B |> 8306 FE
ADD DWORD PTR DS:[ESI],-2
0044085E |. F646 0C 40
TEST BYTE PTR DS:[ESI+0C],40
00440862 |. 8B06
MOV EAX,DWORD PTR DS:[ESI]
00440864 |. 74 1B
JE SHORT 00440881
00440866 |. 66:3918
CMP WORD PTR DS:[EAX],BX
00440869 |. 74 19
JE SHORT 00440884
0044086B |. 83C0 02
ADD EAX,2
0044086E |. 8906
MOV DWORD PTR DS:[ESI],EAX
00440870 |> 8BC7
MOV EAX,EDI
00440872 |> 8B4D FC
MOV ECX,DWORD PTR SS:[LOCAL.1]
00440875 |. 5F
POP EDI
00440876 |. 5E
POP ESI
00440877 |. 33CD
XOR ECX,EBP
00440879 |. 5B
POP EBX
0044087A |. E8 72DEFEFF CALL 0042E6F1
0044087F |. C9
LEAVE
00440880 |. C3
RETN
00440881 |> 66:8918
MOV WORD PTR DS:[EAX],BX
00440884 |> 8B46 0C
MOV EAX,DWORD PTR DS:[ESI+0C]
00440887 |. 8346 04 02
ADD DWORD PTR DS:[ESI+4],2
0044088B |. 83E0 EF
AND EAX,FFFFFFEF
0044088E |. 83C8 01
OR EAX,00000001
00440891 |. 8946 0C
MOV DWORD PTR DS:[ESI+0C],EAX
00440894 |. 66:8BC3
MOV AX,BX
00440897 \.^ EB D9
JMP SHORT 00440872
00440899 /$ 8BFF
MOV EDI,EDI
o.00440899(guessed Arg1,Arg2,Arg3,Arg4,Arg5,Arg6,Arg7)
0044089B |. 55
PUSH EBP
0044089C |. 8BEC
MOV EBP,ESP
0044089E |. 83EC 10
SUB ESP,10
004408A1 |. FF75 08
PUSH DWORD PTR SS:[ARG.1]
[ARG.1]
004408A4 |. 8D4D F0
LEA ECX,[LOCAL.4]
004408A7 |. E8 B9E3FEFF CALL 0042EC65
fo.0042EC65
004408AC |. 837D 14 FF
CMP DWORD PTR SS:[ARG.4],-1
004408B0 |. 7D 04
JGE SHORT 004408B6
004408B2 |. 33C0
XOR EAX,EAX
004408B4 |. EB 12
JMP SHORT 004408C8
004408B6 |> FF75 18
PUSH DWORD PTR SS:[ARG.5]
e => [ARG.5]
004408B9 |. FF75 14
PUSH DWORD PTR SS:[ARG.4]
[ARG.4]
004408BC |. FF75 10
PUSH DWORD PTR SS:[ARG.3]

; SystemInf

; /Arg1 =>
; |
; \SystemIn

; /pCharTyp
; |Count =>
; |String =

> [ARG.3]
004408BF |. FF75 0C
PUSH DWORD PTR SS:[ARG.2]
=> [ARG.2]
004408C2 |. FF15 A8814400 CALL DWORD PTR DS:[<&KERNEL32.GetStringT
.GetStringTypeW
004408C8 |> 807D FC 00
CMP BYTE PTR SS:[LOCAL.1],0
004408CC |. 74 07
JE SHORT 004408D5
004408CE |. 8B4D F8
MOV ECX,DWORD PTR SS:[LOCAL.2]
004408D1 |. 8361 70 FD
AND DWORD PTR DS:[ECX+70],FFFFFFFD
004408D5 |> C9
LEAVE
004408D6 \. C3
RETN
004408D7 /$ 8BFF
MOV EDI,EDI
o.004408D7(guessed Arg1)
004408D9 |. 55
PUSH EBP
004408DA |. 8BEC
MOV EBP,ESP
004408DC |. 83EC 10
SUB ESP,10
004408DF |. A1 A0154500 MOV EAX,DWORD PTR DS:[4515A0]
004408E4 |. 33C5
XOR EAX,EBP
004408E6 |. 8945 FC
MOV DWORD PTR SS:[LOCAL.1],EAX
004408E9 |. 56
PUSH ESI
004408EA |. 33F6
XOR ESI,ESI
004408EC |. 3935 60244500 CMP DWORD PTR DS:[452460],ESI
004408F2 |. 74 4F
JE SHORT 00440943
004408F4 |. 833D 04264500 CMP DWORD PTR DS:[452604],-2
004408FB |. 75 05
JNE SHORT 00440902
004408FD |. E8 383A0000 CALL 0044433A
00440902 |> A1 04264500 MOV EAX,DWORD PTR DS:[452604]
00440907 |. 83F8 FF
CMP EAX,-1
0044090A |. 75 07
JNE SHORT 00440913
0044090C |> B8 FFFF0000 MOV EAX,0FFFF
00440911 |. EB 70
JMP SHORT 00440983
00440913 |> 56
PUSH ESI
00440914 |. 8D4D F0
LEA ECX,[LOCAL.4]
00440917 |. 51
PUSH ECX
=> OFFSET LOCAL.4
00440918 |. 6A 01
PUSH 1
1
0044091A |. 8D4D 08
LEA ECX,[ARG.1]
0044091D |. 51
PUSH ECX
> OFFSET ARG.1
0044091E |. 50
PUSH EAX
=> [452604] = FFFFFFFE
0044091F |. FF15 14814400 CALL DWORD PTR DS:[<&KERNEL32.WriteConso
.WriteConsoleW
00440925 |. 85C0
TEST EAX,EAX
00440927 |. 75 67
JNE SHORT 00440990
00440929 |. 833D 60244500 CMP DWORD PTR DS:[452460],2
00440930 |.^ 75 DA
JNE SHORT 0044090C
00440932 |. FF15 58804400 CALL DWORD PTR DS:[<&KERNEL32.GetLastErr
.GetLastError
00440938 |. 83F8 78
CMP EAX,78
=> ERROR_CALL_NOT_IMPLEMENTED
0044093B |.^ 75 CF
JNE SHORT 0044090C
0044093D |. 8935 60244500 MOV DWORD PTR DS:[452460],ESI
00440943 |> 56
PUSH ESI
00440944 |. 56
PUSH ESI
00440945 |. 6A 05
PUSH 5
00440947 |. 8D45 F4
LEA EAX,[LOCAL.3]
0044094A |. 50
PUSH EAX
0044094B |. 6A 01
PUSH 1

; |InfoType
; \KERNEL32

; SystemInf

; /Reserved
; |
; |pWritten
; |Count =
; |
; |Buffer =
; |hConsole
; \KERNEL32

; [KERNEL32
; CONST 78

0044094D |. 8D45 08
LEA EAX,[ARG.1]
00440950 |. 50
PUSH EAX
00440951 |. 56
PUSH ESI
00440952 |. FF15 98804400 CALL DWORD PTR DS:[<&KERNEL32.GetConsole
00440958 |. 50
PUSH EAX
00440959 |. FF15 38814400 CALL DWORD PTR DS:[<&KERNEL32.WideCharTo
.WideCharToMultiByte
0044095F |. 8B0D 04264500 MOV ECX,DWORD PTR DS:[452604]
00440965 |. 83F9 FF
CMP ECX,-1
00440968 |.^ 74 A2
JE SHORT 0044090C
0044096A |. 56
PUSH ESI
0044096B |. 8D55 F0
LEA EDX,[LOCAL.4]
0044096E |. 52
PUSH EDX
=> OFFSET LOCAL.4
0044096F |. 50
PUSH EAX
00440970 |. 8D45 F4
LEA EAX,[LOCAL.3]
00440973 |. 50
PUSH EAX
> OFFSET LOCAL.3
00440974 |. 51
PUSH ECX
=> [452604] = FFFFFFFE
00440975 |. FF15 08814400 CALL DWORD PTR DS:[<&KERNEL32.WriteConso
.WriteConsoleA
0044097B |. 85C0
TEST EAX,EAX
0044097D |.^ 74 8D
JE SHORT 0044090C
0044097F |> 66:8B45 08
MOV AX,WORD PTR SS:[ARG.1]
00440983 |> 8B4D FC
MOV ECX,DWORD PTR SS:[LOCAL.1]
00440986 |. 33CD
XOR ECX,EBP
00440988 |. 5E
POP ESI
00440989 |. E8 63DDFEFF CALL 0042E6F1
0044098E |. C9
LEAVE
0044098F |. C3
RETN
00440990 |> C705 60244500 MOV DWORD PTR DS:[452460],1
0044099A \.^ EB E3
JMP SHORT 0044097F
0044099C /$ 8BFF
MOV EDI,EDI
o.0044099C(guessed Arg1,Arg2)
0044099E |. 55
PUSH EBP
0044099F |. 8BEC
MOV EBP,ESP
004409A1 |. 8B45 08
MOV EAX,DWORD PTR SS:[ARG.1]
004409A4 |. 56
PUSH ESI
004409A5 |. 57
PUSH EDI
004409A6 |. 85C0
TEST EAX,EAX
004409A8 |. 7C 59
JL SHORT 00440A03
004409AA |. 3B05 98374500 CMP EAX,DWORD PTR DS:[453798]
004409B0 |. 73 51
JNB SHORT 00440A03
004409B2 |. 8BC8
MOV ECX,EAX
004409B4 |. C1F9 05
SAR ECX,5
004409B7 |. 8BF0
MOV ESI,EAX
004409B9 |. 83E6 1F
AND ESI,0000001F
004409BC |. 8D3C8D A03745 LEA EDI,[ECX*4+4537A0]
004409C3 |. 8B0F
MOV ECX,DWORD PTR DS:[EDI]
004409C5 |. C1E6 06
SHL ESI,6
004409C8 |. 833C0E FF
CMP DWORD PTR DS:[ECX+ESI],-1
004409CC |. 75 35
JNE SHORT 00440A03
004409CE |. 833D 20164500 CMP DWORD PTR DS:[451620],1
004409D5 |. 53
PUSH EBX
004409D6 |. 8B5D 0C
MOV EBX,DWORD PTR SS:[ARG.2]
004409D9 |. 75 1E
JNE SHORT 004409F9
004409DB |. 83E8 00
SUB EAX,0
ases 0..2, 4 exits)
004409DE |. 74 10
JE SHORT 004409F0

; |CodePage
; \KERNEL32

; /Reserved
; |
; |pWritten
; |Count
; |
; |Buffer =
; |hConsole
; \KERNEL32

; SystemInf

; Switch (c

004409E0 |. 48
DEC EAX
004409E1 |. 74 08
JE SHORT 004409EB
004409E3 |. 48
DEC EAX
004409E4 |. 75 13
JNE SHORT 004409F9
004409E6 |. 53
PUSH EBX
switch SystemInfo.4409DB
004409E7 |. 6A F4
PUSH -0C
004409E9 |. EB 08
JMP SHORT 004409F3
004409EB |> 53
PUSH EBX
switch SystemInfo.4409DB
004409EC |. 6A F5
PUSH -0B
004409EE |. EB 03
JMP SHORT 004409F3
004409F0 |> 53
PUSH EBX
switch SystemInfo.4409DB
004409F1 |. 6A F6
PUSH -0A
004409F3 |> FF15 18814400 CALL DWORD PTR DS:[<&KERNEL32.SetStdHand
.SetStdHandle
004409F9 |> 8B07
MOV EAX,DWORD PTR DS:[EDI]
ase of switch SystemInfo.4409DB
004409FB |. 891C06
MOV DWORD PTR DS:[EAX+ESI],EBX
004409FE |. 33C0
XOR EAX,EAX
00440A00 |. 5B
POP EBX
00440A01 |. EB 16
JMP SHORT 00440A19
00440A03 |> E8 F539FFFF CALL 004343FD
fo.004343FD
00440A08 |. C700 09000000 MOV DWORD PTR DS:[EAX],9
00440A0E |. E8 FD39FFFF CALL 00434410
fo.00434410
00440A13 |. 8320 00
AND DWORD PTR DS:[EAX],00000000
00440A16 |. 83C8 FF
OR EAX,FFFFFFFF
00440A19 |> 5F
POP EDI
00440A1A |. 5E
POP ESI
00440A1B |. 5D
POP EBP
00440A1C \. C3
RETN
00440A1D /$ 8BFF
MOV EDI,EDI
o.00440A1D(guessed Arg1)
00440A1F |. 55
PUSH EBP
00440A20 |. 8BEC
MOV EBP,ESP
00440A22 |. 8B4D 08
MOV ECX,DWORD PTR SS:[ARG.1]
00440A25 |. 53
PUSH EBX
00440A26 |. 33DB
XOR EBX,EBX
00440A28 |. 3BCB
CMP ECX,EBX
00440A2A |. 56
PUSH ESI
00440A2B |. 57
PUSH EDI
00440A2C |. 7C 5B
JL SHORT 00440A89
00440A2E |. 3B0D 98374500 CMP ECX,DWORD PTR DS:[453798]
00440A34 |. 73 53
JNB SHORT 00440A89
00440A36 |. 8BC1
MOV EAX,ECX
00440A38 |. C1F8 05
SAR EAX,5
00440A3B |. 8BF1
MOV ESI,ECX
00440A3D |. 8D3C85 A03745 LEA EDI,[EAX*4+4537A0]
00440A44 |. 8B07
MOV EAX,DWORD PTR DS:[EDI]
00440A46 |. 83E6 1F
AND ESI,0000001F
00440A49 |. C1E6 06
SHL ESI,6
00440A4C |. 03C6
ADD EAX,ESI
00440A4E |. F640 04 01
TEST BYTE PTR DS:[EAX+4],01
00440A52 |. 74 35
JE SHORT 00440A89
00440A54 |. 8338 FF
CMP DWORD PTR DS:[EAX],-1
00440A57 |. 74 30
JE SHORT 00440A89
00440A59 |. 833D 20164500 CMP DWORD PTR DS:[451620],1

; Case 2 of

; Case 1 of

; Case 0 of
; \KERNEL32
; Default c

; [SystemIn
; [SystemIn

; SystemInf

00440A60 |. 75 1D
JNE SHORT 00440A7F
00440A62 |. 2BCB
SUB ECX,EBX
00440A64 |. 74 10
JE SHORT 00440A76
00440A66 |. 49
DEC ECX
ases 1..2, 3 exits)
00440A67 |. 74 08
JE SHORT 00440A71
00440A69 |. 49
DEC ECX
00440A6A |. 75 13
JNE SHORT 00440A7F
00440A6C |. 53
PUSH EBX
switch SystemInfo.440A66
00440A6D |. 6A F4
PUSH -0C
00440A6F |. EB 08
JMP SHORT 00440A79
00440A71 |> 53
PUSH EBX
switch SystemInfo.440A66
00440A72 |. 6A F5
PUSH -0B
00440A74 |. EB 03
JMP SHORT 00440A79
00440A76 |> 53
PUSH EBX
00440A77 |. 6A F6
PUSH -0A
00440A79 |> FF15 18814400 CALL DWORD PTR DS:[<&KERNEL32.SetStdHand
.SetStdHandle
00440A7F |> 8B07
MOV EAX,DWORD PTR DS:[EDI]
ase of switch SystemInfo.440A66
00440A81 |. 830C06 FF
OR DWORD PTR DS:[EAX+ESI],FFFFFFFF
00440A85 |. 33C0
XOR EAX,EAX
00440A87 |. EB 15
JMP SHORT 00440A9E
00440A89 |> E8 6F39FFFF CALL 004343FD
fo.004343FD
00440A8E |. C700 09000000 MOV DWORD PTR DS:[EAX],9
00440A94 |. E8 7739FFFF CALL 00434410
fo.00434410
00440A99 |. 8918
MOV DWORD PTR DS:[EAX],EBX
00440A9B |. 83C8 FF
OR EAX,FFFFFFFF
00440A9E |> 5F
POP EDI
00440A9F |. 5E
POP ESI
00440AA0 |. 5B
POP EBX
00440AA1 |. 5D
POP EBP
00440AA2 \. C3
RETN
00440AA3 /$ 8BFF
MOV EDI,EDI
o.00440AA3(guessed Arg1)
00440AA5 |. 55
PUSH EBP
00440AA6 |. 8BEC
MOV EBP,ESP
00440AA8 |. 8B45 08
MOV EAX,DWORD PTR SS:[ARG.1]
00440AAB |. 83F8 FE
CMP EAX,-2
00440AAE |. 75 18
JNE SHORT 00440AC8
00440AB0 |. E8 5B39FFFF CALL 00434410
fo.00434410
00440AB5 |. 8320 00
AND DWORD PTR DS:[EAX],00000000
00440AB8 |. E8 4039FFFF CALL 004343FD
fo.004343FD
00440ABD |. C700 09000000 MOV DWORD PTR DS:[EAX],9
00440AC3 |. 83C8 FF
OR EAX,FFFFFFFF
00440AC6 |. 5D
POP EBP
00440AC7 |. C3
RETN
00440AC8 |> 56
PUSH ESI
00440AC9 |. 33F6
XOR ESI,ESI
00440ACB |. 3BC6
CMP EAX,ESI
00440ACD |. 7C 22
JL SHORT 00440AF1
00440ACF |. 3B05 98374500 CMP EAX,DWORD PTR DS:[453798]
00440AD5 |. 73 1A
JNB SHORT 00440AF1
00440AD7 |. 8BC8
MOV ECX,EAX

; Switch (c

; Case 2 of

; Case 1 of

; \KERNEL32
; Default c

; [SystemIn
; [SystemIn

; SystemInf

; [SystemIn
; [SystemIn

00440AD9 |.
00440ADC |.
00440ADF |.
00440AE6 |.
00440AE9 |.
00440AEB |.
00440AEF |.
00440AF1 |>
fo.00434410
00440AF6 |.
00440AF8 |.
fo.004343FD
00440AFD |.
00440AFE |.
00440AFF |.
00440B00 |.
00440B01 |.
00440B02 |.
00440B08 |.
fo.0042E862
00440B0D |.
00440B10 |.
00440B13 |.
00440B15 |>
00440B17 |>
00440B18 |.
00440B19 \.
00440B1A /$
00440B1C |.
00440B21 |.
00440B26 |.
00440B29 |.
00440B2B |.
00440B2E |.
00440B30 |.
00440B33 |.
00440B36 |.
00440B3D |.
00440B44 |.
00440B46 |.
00440B49 |.
00440B4B |.
A
00440B4D |.
fo.00438680
00440B52 |.
00440B53 |.
00440B56 |.
00440B59 |.
00440B5B |.
00440B60 |.
00440B63 |.
00440B64 |.
00440B69 |.
00440B6A |.
00440B6B |.
00440B6D |.
00440B6F |.
00440B72 |>
00440B75 |>

83E0 1F
C1F9 05
8B0C8D A03745
C1E0 06
03C1
F640 04 01
75 24
E8 1A39FFFF

AND EAX,0000001F
SAR ECX,5
MOV ECX,DWORD PTR DS:[ECX*4+4537A0]
SHL EAX,6
ADD EAX,ECX
TEST BYTE PTR DS:[EAX+4],01
JNE SHORT 00440B15
CALL 00434410

; [SystemIn

8930
E8 0039FFFF

MOV DWORD PTR DS:[EAX],ESI


CALL 004343FD

; [SystemIn

56
56
56
56
56
C700 09000000
E8 55DDFEFF

PUSH ESI
PUSH ESI
PUSH ESI
PUSH ESI
PUSH ESI
MOV DWORD PTR DS:[EAX],9
CALL 0042E862

;
;
;
;
;
;
;

83C4 14
83C8 FF
EB 02
8B00
5E
5D
C3
6A 0C
68 48F64400
E8 C67EFFFF
8B7D 08
8BC7
C1F8 05
8BF7
83E6 1F
C1E6 06
033485 A03745
C745 E4 01000
33DB
395E 08
75 36
6A 0A

ADD ESP,14
OR EAX,FFFFFFFF
JMP SHORT 00440B17
MOV EAX,DWORD PTR DS:[EAX]
POP ESI
POP EBP
RETN
PUSH 0C
PUSH OFFSET 0044F648
CALL 004389EC
MOV EDI,DWORD PTR SS:[EBP+8]
MOV EAX,EDI
SAR EAX,5
MOV ESI,EDI
AND ESI,0000001F
SHL ESI,6
ADD ESI,DWORD PTR DS:[EAX*4+4537A0]
MOV DWORD PTR SS:[EBP-1C],1
XOR EBX,EBX
CMP DWORD PTR DS:[ESI+8],EBX
JNE SHORT 00440B81
PUSH 0A

; /Arg1 = 0

E8 2E7BFFFF

CALL 00438680

; \SystemIn

59
895D FC
395E 08
75 1A
68 A00F0000
8D46 0C
50
E8 2AF5FFFF
59
59
85C0
75 03
895D E4
FF46 08
C745 FC FEFFF

POP ECX
MOV DWORD PTR SS:[EBP-4],EBX
CMP DWORD PTR DS:[ESI+8],EBX
JNE SHORT 00440B75
PUSH 0FA0
LEA EAX,[ESI+0C]
PUSH EAX
CALL 00440093
POP ECX
POP ECX
TEST EAX,EAX
JNE SHORT 00440B72
MOV DWORD PTR SS:[EBP-1C],EBX
INC DWORD PTR DS:[ESI+8]
MOV DWORD PTR SS:[EBP-4],-2

/Arg5
|Arg4
|Arg3
|Arg2
|Arg1
|
\SystemIn

00440B7C |. E8 30000000
00440B81 |> 395D E4
00440B84 |. 74 1D
00440B86 |. 8BC7
00440B88 |. C1F8 05
00440B8B |. 83E7 1F
00440B8E |. C1E7 06
00440B91 |. 8B0485 A03745
00440B98 |. 8D4438 0C
00440B9C |. 50
lSection
00440B9D |. FF15 48814400
lEnterCriticalSection
00440BA3 |> 8B45 E4
00440BA6 |. E8 867EFFFF
00440BAB \. C3
00440BAC
33
00440BAD
DB
00440BAE
8B
00440BAF
7D
00440BB0
08
00440BB1 /$ 6A 0A
A
00440BB3 |. E8 EE79FFFF
fo.004385A6
00440BB8 |. 59
00440BB9 \. C3
00440BBA /$ 8BFF
00440BBC |. 55
00440BBD |. 8BEC
00440BBF |. 8B45 08
00440BC2 |. 8BC8
00440BC4 |. 83E0 1F
00440BC7 |. C1F9 05
00440BCA |. 8B0C8D A03745
00440BD1 |. C1E0 06
00440BD4 |. 8D4401 0C
00440BD8 |. 50
lSection
00440BD9 |. FF15 4C814400
lLeaveCriticalSection
00440BDF |. 5D
00440BE0 \. C3
00440BE1 /$ 6A 18
00440BE3 |. 68 68F64400
00440BE8 |. E8 FF7DFFFF
00440BED |. 834D E4 FF
00440BF1 |. 33FF
00440BF3 |. 897D DC
00440BF6 |. 6A 0B
00440BF8 |. E8 C079FFFF
00440BFD |. 59
00440BFE |. 85C0
00440C00 |. 75 08
00440C02 |. 83C8 FF
00440C05 |. E9 62010000
00440C0A |> 6A 0B
B
00440C0C |. E8 6F7AFFFF
fo.00438680

CALL 00440BB1
CMP DWORD PTR SS:[EBP-1C],EBX
JE SHORT 00440BA3
MOV EAX,EDI
SAR EAX,5
AND EDI,0000001F
SHL EDI,6
MOV EAX,DWORD PTR DS:[EAX*4+4537A0]
LEA EAX,[EDI+EAX+0C]
PUSH EAX

; /pCritica

CALL DWORD PTR DS:[<&KERNEL32.EnterCriti ; \NTDLL.Rt


MOV EAX,DWORD PTR SS:[EBP-1C]
CALL 00438A31
RETN
DB 33
DB DB
DB 8B
DB 7D
DB 08
PUSH 0A

; CHAR '3'
; CHAR '}'
; Backspace
; /Arg1 = 0

CALL 004385A6

; \SystemIn

POP ECX
RETN
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
MOV EAX,DWORD PTR SS:[ARG.1]
MOV ECX,EAX
AND EAX,0000001F
SAR ECX,5
MOV ECX,DWORD PTR DS:[ECX*4+4537A0]
SHL EAX,6
LEA EAX,[EAX+ECX+0C]
PUSH EAX

; /pCritica

CALL DWORD PTR DS:[<&KERNEL32.LeaveCriti ; \NTDLL.Rt


POP EBP
RETN
PUSH 18
PUSH OFFSET 0044F668
CALL 004389EC
OR DWORD PTR SS:[EBP-1C],FFFFFFFF
XOR EDI,EDI
MOV DWORD PTR SS:[EBP-24],EDI
PUSH 0B
CALL 004385BD
POP ECX
TEST EAX,EAX
JNE SHORT 00440C0A
OR EAX,FFFFFFFF
JMP 00440D6C
PUSH 0B

; /Arg1 = 0

CALL 00438680

; \SystemIn

00440C11 |. 59
00440C12 |. 897D FC
00440C15 |> 897D D8
00440C18 |. 83FF 40
00440C1B |. 0F8D 3C010000
00440C21 |. 8B34BD A03745
00440C28 |. 85F6
00440C2A |. 0F84 BA000000
00440C30 |> 8975 E0
00440C33 |. 8B04BD A03745
00440C3A |. 05 00080000
00440C3F |. 3BF0
00440C41 |. 0F83 97000000
00440C47 |. F646 04 01
00440C4B |. 75 5C
00440C4D |. 837E 08 00
00440C51 |. 75 39
00440C53 |. 6A 0A
A
00440C55 |. E8 267AFFFF
fo.00438680
00440C5A |. 59
00440C5B |. 33DB
00440C5D |. 43
00440C5E |. 895D FC
00440C61 |. 837E 08 00
00440C65 |. 75 1C
00440C67 |. 68 A00F0000
00440C6C |. 8D46 0C
00440C6F |. 50
00440C70 |. E8 1EF4FFFF
00440C75 |. 59
00440C76 |. 59
00440C77 |. 85C0
00440C79 |. 75 05
00440C7B |. 895D DC
00440C7E |. EB 03
00440C80 |> FF46 08
00440C83 |> 8365 FC 00
00440C87 |. E8 28000000
00440C8C |> 837D DC 00
00440C90 |. 75 17
00440C92 |. 8D5E 0C
00440C95 |. 53
lSection
00440C96 |. FF15 48814400
lEnterCriticalSection
00440C9C |. F646 04 01
00440CA0 |. 74 1B
00440CA2 |. 53
lSection
00440CA3 |. FF15 4C814400
lLeaveCriticalSection
00440CA9 |> 83C6 40
00440CAC \.^ EB 82
00440CAE
8B
00440CAF
7D
00440CB0
D8
00440CB1
8B
00440CB2
75

POP ECX
MOV DWORD PTR SS:[EBP-4],EDI
MOV DWORD PTR SS:[EBP-28],EDI
CMP EDI,40
JGE 00440D5D
MOV ESI,DWORD PTR DS:[EDI*4+4537A0]
TEST ESI,ESI
JE 00440CEA
MOV DWORD PTR SS:[EBP-20],ESI
MOV EAX,DWORD PTR DS:[EDI*4+4537A0]
ADD EAX,800
CMP ESI,EAX
JNB 00440CDE
TEST BYTE PTR DS:[ESI+4],01
JNE SHORT 00440CA9
CMP DWORD PTR DS:[ESI+8],0
JNE SHORT 00440C8C
PUSH 0A

; /Arg1 = 0

CALL 00438680

; \SystemIn

POP ECX
XOR EBX,EBX
INC EBX
MOV DWORD PTR SS:[EBP-4],EBX
CMP DWORD PTR DS:[ESI+8],0
JNE SHORT 00440C83
PUSH 0FA0
LEA EAX,[ESI+0C]
PUSH EAX
CALL 00440093
POP ECX
POP ECX
TEST EAX,EAX
JNE SHORT 00440C80
MOV DWORD PTR SS:[EBP-24],EBX
JMP SHORT 00440C83
INC DWORD PTR DS:[ESI+8]
AND DWORD PTR SS:[EBP-4],00000000
CALL 00440CB4
CMP DWORD PTR SS:[EBP-24],0
JNE SHORT 00440CA9
LEA EBX,[ESI+0C]
PUSH EBX

; /pCritica

CALL DWORD PTR DS:[<&KERNEL32.EnterCriti ; \NTDLL.Rt


TEST BYTE PTR DS:[ESI+4],01
JE SHORT 00440CBD
PUSH EBX

; /pCritica

CALL DWORD PTR DS:[<&KERNEL32.LeaveCriti ; \NTDLL.Rt


ADD ESI,40
JMP SHORT 00440C30
DB 8B
DB 7D
DB D8
DB 8B
DB 75

; CHAR '}'
; CHAR 'u'

00440CB3
00440CB4 /$
A
00440CB6 |.
fo.004385A6
00440CBB |.
00440CBC \.
00440CBD />
00440CC1 |.^
00440CC3 |.
00440CC7 |.
00440CCA |.
00440CD1 |.
00440CD4 |.
00440CD6 |.
00440CD9 |.
00440CDB |.
00440CDE |>
00440CE2 |.
00440CE4 |.
00440CE5 |.^
00440CEA |>
0
00440CEC |.
0
00440CEE |.
fo.00434E58
00440CF3 |.
00440CF4 |.
00440CF5 |.
00440CF8 |.
00440CFA |.
00440CFC |.
00440D03 |.
00440D05 |.
00440D0C |>
00440D0E |.
00440D14 |.
00440D16 |.
00440D18 |.
00440D1C |.
00440D1F |.
00440D23 |.
00440D27 |.
00440D2A |.
00440D2D |.^
00440D2F |>
00440D32 |.
00440D35 |.
00440D37 |.
00440D3A |.
00440D3C |.
00440D3F |.
00440D42 |.
00440D49 |.
00440D4E |.
00440D4F |.
00440D54 |.
00440D55 |.
00440D57 |.

E0
6A 0A

DB E0
PUSH 0A

; /Arg1 = 0

E8 EB78FFFF

CALL 004385A6

; \SystemIn

59
C3
837D DC 00
75 E6
C646 04 01
830E FF
2B34BD A03745
C1FE 06
8BC7
C1E0 05
03F0
8975 E4
837D E4 FF
75 79
47
E9 2BFFFFFF
6A 40

POP ECX
RETN
CMP DWORD PTR SS:[EBP-24],0
JNE SHORT 00440CA9
MOV BYTE PTR DS:[ESI+4],1
OR DWORD PTR DS:[ESI],FFFFFFFF
SUB ESI,DWORD PTR DS:[EDI*4+4537A0]
SAR ESI,6
MOV EAX,EDI
SHL EAX,5
ADD ESI,EAX
MOV DWORD PTR SS:[EBP-1C],ESI
CMP DWORD PTR SS:[EBP-1C],-1
JNE SHORT 00440D5D
INC EDI
JMP 00440C15
PUSH 40

; /Arg2 = 4

6A 20

PUSH 20

; |Arg1 = 2

E8 6541FFFF

CALL 00434E58

; \SystemIn

59
59
8945 E0
85C0
74 61
8D0CBD A03745
8901
8305 98374500
8B11
81C2 00080000
3BC2
73 17
C640 04 00
8308 FF
C640 05 0A
8360 08 00
83C0 40
8945 E0
EB DD
C1E7 05
897D E4
8BC7
C1F8 05
8BCF
83E1 1F
C1E1 06
8B0485 A03745
C64408 04 01
57
E8 C6FDFFFF
59
85C0
75 04

POP ECX
POP ECX
MOV DWORD PTR SS:[EBP-20],EAX
TEST EAX,EAX
JE SHORT 00440D5D
LEA ECX,[EDI*4+4537A0]
MOV DWORD PTR DS:[ECX],EAX
ADD DWORD PTR DS:[453798],20
/MOV EDX,DWORD PTR DS:[ECX]
|ADD EDX,800
|CMP EAX,EDX
|JNB SHORT 00440D2F
|MOV BYTE PTR DS:[EAX+4],0
|OR DWORD PTR DS:[EAX],FFFFFFFF
|MOV BYTE PTR DS:[EAX+5],0A
|AND DWORD PTR DS:[EAX+8],00000000
|ADD EAX,40
|MOV DWORD PTR SS:[EBP-20],EAX
\JMP SHORT 00440D0C
SHL EDI,5
MOV DWORD PTR SS:[EBP-1C],EDI
MOV EAX,EDI
SAR EAX,5
MOV ECX,EDI
AND ECX,0000001F
SHL ECX,6
MOV EAX,DWORD PTR DS:[EAX*4+4537A0]
MOV BYTE PTR DS:[ECX+EAX+4],1
PUSH EDI
CALL 00440B1A
POP ECX
TEST EAX,EAX
JNE SHORT 00440D5D

00440D59 |. 834D E4 FF
00440D5D |> C745 FC FEFFF
00440D64 |. E8 09000000
00440D69 |. 8B45 E4
00440D6C |> E8 C07CFFFF
00440D71 \. C3
00440D72 /$ 6A 0B
B
00440D74 |. E8 2D78FFFF
fo.004385A6
00440D79 |. 59
00440D7A \. C3
00440D7B /$ 6A 10
o.00440D7B(guessed void)
00440D7D |. 68 90F64400
00440D82 |. E8 657CFFFF
00440D87 |. 33DB
00440D89 |. 895D E4
00440D8C |. 6A 01
00440D8E |. E8 ED78FFFF
fo.00438680
00440D93 |. 59
00440D94 |. 895D FC
00440D97 |. 6A 03
00440D99 |. 5F
00440D9A |> 897D E0
00440D9D |. 3B3D C0484500
00440DA3 |. 7D 57
00440DA5 |. 8BF7
00440DA7 |. C1E6 02
00440DAA |. A1 A0384500
00440DAF |. 03C6
00440DB1 |. 3918
00440DB3 |. 74 44
00440DB5 |. 8B00
00440DB7 |. F640 0C 83
00440DBB |. 74 0F
00440DBD |. 50
00440DBE |. E8 9F23FFFF
00440DC3 |. 59
00440DC4 |. 83F8 FF
00440DC7 |. 74 03
00440DC9 |. FF45 E4
00440DCC |> 83FF 14
00440DCF |. 7C 28
00440DD1 |. A1 A0384500
00440DD6 |. 8B0406
00440DD9 |. 83C0 20
00440DDC |. 50
lSection
00440DDD |. FF15 44814400
lDeleteCriticalSection
00440DE3 |. A1 A0384500
00440DE8 |. FF3406
00440DEB |. E8 EE23FFFF
fo.004331DE
00440DF0 |. 59
00440DF1 |. A1 A0384500
00440DF6 |. 891C06
00440DF9 |> 47

OR DWORD PTR SS:[EBP-1C],FFFFFFFF


MOV DWORD PTR SS:[EBP-4],-2
CALL 00440D72
MOV EAX,DWORD PTR SS:[EBP-1C]
CALL 00438A31
RETN
PUSH 0B

; /Arg1 = 0

CALL 004385A6

; \SystemIn

POP ECX
RETN
PUSH 10

; SystemInf

PUSH OFFSET 0044F690


CALL 004389EC
XOR EBX,EBX
MOV DWORD PTR SS:[EBP-1C],EBX
PUSH 1
CALL 00438680

; /Arg1 = 1
; \SystemIn

POP ECX
MOV DWORD PTR SS:[EBP-4],EBX
PUSH 3
POP EDI
/MOV DWORD PTR SS:[EBP-20],EDI
|CMP EDI,DWORD PTR DS:[4548C0]
|JGE SHORT 00440DFC
|MOV ESI,EDI
|SHL ESI,2
|MOV EAX,DWORD PTR DS:[4538A0]
|ADD EAX,ESI
|CMP DWORD PTR DS:[EAX],EBX
|JE SHORT 00440DF9
|MOV EAX,DWORD PTR DS:[EAX]
|TEST BYTE PTR DS:[EAX+0C],83
|JE SHORT 00440DCC
|PUSH EAX
|CALL 00433162
|POP ECX
|CMP EAX,-1
|JE SHORT 00440DCC
|INC DWORD PTR SS:[EBP-1C]
|CMP EDI,14
|JL SHORT 00440DF9
|MOV EAX,DWORD PTR DS:[4538A0]
|MOV EAX,DWORD PTR DS:[EAX+ESI]
|ADD EAX,20
|PUSH EAX

; /pCritica

|CALL DWORD PTR DS:[<&KERNEL32.DeleteCri ; \NTDLL.Rt


|MOV EAX,DWORD PTR DS:[4538A0]
|PUSH DWORD PTR DS:[EAX+ESI]
|CALL 004331DE
|POP
|MOV
|MOV
|INC

ECX
EAX,DWORD PTR DS:[4538A0]
DWORD PTR DS:[EAX+ESI],EBX
EDI

; /Arg1
; \SystemIn

00440DFA |.^ EB 9E
\JMP SHORT 00440D9A
00440DFC |> C745 FC FEFFF MOV DWORD PTR SS:[EBP-4],-2
00440E03 |. E8 09000000 CALL 00440E11
00440E08 |. 8B45 E4
MOV EAX,DWORD PTR SS:[EBP-1C]
00440E0B |. E8 217CFFFF CALL 00438A31
00440E10 \. C3
RETN
00440E11 /$ 6A 01
PUSH 1
00440E13 |. E8 8E77FFFF CALL 004385A6
fo.004385A6
00440E18 |. 59
POP ECX
00440E19 \. C3
RETN
00440E1A /$ 8BFF
MOV EDI,EDI
o.00440E1A(guessed Arg1,Arg2,Arg3)
00440E1C |. 55
PUSH EBP
00440E1D |. 8BEC
MOV EBP,ESP
00440E1F |. 83EC 1C
SUB ESP,1C
00440E22 |. 8B55 10
MOV EDX,DWORD PTR SS:[ARG.3]
00440E25 |. 56
PUSH ESI
00440E26 |. 8B75 08
MOV ESI,DWORD PTR SS:[ARG.1]
00440E29 |. 6A FE
PUSH -2
00440E2B |. 58
POP EAX
00440E2C |. 8945 EC
MOV DWORD PTR SS:[LOCAL.5],EAX
00440E2F |. 8955 E4
MOV DWORD PTR SS:[LOCAL.7],EDX
00440E32 |. 3BF0
CMP ESI,EAX
00440E34 |. 75 1B
JNE SHORT 00440E51
00440E36 |. E8 D535FFFF CALL 00434410
fo.00434410
00440E3B |. 8320 00
AND DWORD PTR DS:[EAX],00000000
00440E3E |. E8 BA35FFFF CALL 004343FD
fo.004343FD
00440E43 |. C700 09000000 MOV DWORD PTR DS:[EAX],9
00440E49 |. 83C8 FF
OR EAX,FFFFFFFF
00440E4C |. E9 88050000 JMP 004413D9
00440E51 |> 53
PUSH EBX
00440E52 |. 33DB
XOR EBX,EBX
00440E54 |. 3BF3
CMP ESI,EBX
00440E56 |. 7C 08
JL SHORT 00440E60
00440E58 |. 3B35 98374500 CMP ESI,DWORD PTR DS:[453798]
00440E5E |. 72 27
JB SHORT 00440E87
00440E60 |> E8 AB35FFFF CALL 00434410
fo.00434410
00440E65 |. 8918
MOV DWORD PTR DS:[EAX],EBX
00440E67 |. E8 9135FFFF CALL 004343FD
fo.004343FD
00440E6C |. 53
PUSH EBX
00440E6D |. 53
PUSH EBX
00440E6E |. 53
PUSH EBX
00440E6F |. 53
PUSH EBX
00440E70 |. 53
PUSH EBX
00440E71 |. C700 09000000 MOV DWORD PTR DS:[EAX],9
00440E77 |. E8 E6D9FEFF CALL 0042E862
fo.0042E862
00440E7C |. 83C4 14
ADD ESP,14
00440E7F |. 83C8 FF
OR EAX,FFFFFFFF
00440E82 |. E9 51050000 JMP 004413D8
00440E87 |> 8BC6
MOV EAX,ESI
00440E89 |. C1F8 05
SAR EAX,5
00440E8C |. 57
PUSH EDI
00440E8D |. 8D3C85 A03745 LEA EDI,[EAX*4+4537A0]
00440E94 |. 8B07
MOV EAX,DWORD PTR DS:[EDI]

; /Arg1 = 1
; \SystemIn

; SystemInf

; [SystemIn
; [SystemIn

; [SystemIn
; [SystemIn
;
;
;
;
;
;
;

/Arg5
|Arg4
|Arg3
|Arg2
|Arg1
|
\SystemIn

00440E96 |. 83E6 1F
AND ESI,0000001F
00440E99 |. C1E6 06
SHL ESI,6
00440E9C |. 03C6
ADD EAX,ESI
00440E9E |. 8A48 04
MOV CL,BYTE PTR DS:[EAX+4]
00440EA1 |. F6C1 01
TEST CL,01
00440EA4 |. 75 14
JNE SHORT 00440EBA
00440EA6 |. E8 6535FFFF CALL 00434410
fo.00434410
00440EAB |. 8918
MOV DWORD PTR DS:[EAX],EBX
00440EAD |. E8 4B35FFFF CALL 004343FD
fo.004343FD
00440EB2 |. C700 09000000 MOV DWORD PTR DS:[EAX],9
00440EB8 |. EB 6A
JMP SHORT 00440F24
00440EBA |> 81FA FFFFFF7F CMP EDX,7FFFFFFF
00440EC0 |. 77 50
JA SHORT 00440F12
00440EC2 |. 895D F0
MOV DWORD PTR SS:[LOCAL.4],EBX
00440EC5 |. 3BD3
CMP EDX,EBX
00440EC7 |. 0F84 08050000 JE 004413D5
00440ECD |. F6C1 02
TEST CL,02
00440ED0 |. 0F85 FF040000 JNE 004413D5
00440ED6 |. 395D 0C
CMP DWORD PTR SS:[ARG.2],EBX
00440ED9 |. 74 37
JE SHORT 00440F12
00440EDB |. 8A40 24
MOV AL,BYTE PTR DS:[EAX+24]
00440EDE |. 02C0
ADD AL,AL
00440EE0 |. D0F8
SAR AL,1
00440EE2 |. 8845 FE
MOV BYTE PTR SS:[LOCAL.1+2],AL
00440EE5 |. 0FBEC0
MOVSX EAX,AL
00440EE8 |. 48
DEC EAX
ases 1..2, 3 exits)
00440EE9 |. 6A 04
PUSH 4
00440EEB |. 59
POP ECX
00440EEC |. 74 1C
JE SHORT 00440F0A
00440EEE |. 48
DEC EAX
00440EEF |. 75 0E
JNE SHORT 00440EFF
00440EF1 |. 8BC2
MOV EAX,EDX
switch SystemInfo.440EE8
00440EF3 |. F7D0
NOT EAX
00440EF5 |. A8 01
TEST AL,01
00440EF7 |. 74 19
JE SHORT 00440F12
00440EF9 |. 83E2 FE
AND EDX,FFFFFFFE
00440EFC |. 8955 10
MOV DWORD PTR SS:[ARG.3],EDX
00440EFF |> 8B45 0C
MOV EAX,DWORD PTR SS:[ARG.2]
ase of switch SystemInfo.440EE8
00440F02 |. 8945 F4
MOV DWORD PTR SS:[LOCAL.3],EAX
00440F05 |. E9 81000000 JMP 00440F8B
00440F0A |> 8BC2
MOV EAX,EDX
switch SystemInfo.440EE8
00440F0C |. F7D0
NOT EAX
00440F0E |. A8 01
TEST AL,01
00440F10 |. 75 21
JNE SHORT 00440F33
00440F12 |> E8 F934FFFF CALL 00434410
fo.00434410
00440F17 |. 8918
MOV DWORD PTR DS:[EAX],EBX
00440F19 |. E8 DF34FFFF CALL 004343FD
fo.004343FD
00440F1E |. C700 16000000 MOV DWORD PTR DS:[EAX],16
00440F24 |> 53
PUSH EBX
00440F25 |. 53
PUSH EBX
00440F26 |. 53
PUSH EBX
00440F27 |. 53
PUSH EBX

; [SystemIn
; [SystemIn

; Switch (c

; Case 2 of

; Default c

; Case 1 of

; [SystemIn
; [SystemIn
;
;
;
;

/Arg5
|Arg4
|Arg3
|Arg2

00440F28 |.
00440F29 |.
fo.0042E862
00440F2E |.
00440F31 |.
00440F33 |>
00440F35 |.
00440F37 |.
00440F3A |.
00440F3C |.
00440F3E |.
00440F41 |>
[ARG.3]
00440F44 |.
fo.00434E13
00440F49 |.
00440F4A |.
00440F4D |.
00440F4F |.
00440F51 |.
fo.004343FD
00440F56 |.
00440F5C |.
fo.00434410
00440F61 |.
00440F67 |>
00440F6A |.
00440F6F |>
00440F71 |.
00440F72 |.
00440F73 |.
[ARG.1]
00440F76 |.
fo.0043E8BF
00440F7B |.
00440F7D |.
00440F81 |.
00440F84 |.
00440F87 |.
00440F8B |>
00440F8D |.
00440F8F |.
00440F93 |.
00440F95 |.
00440F98 |.
00440F9B |.
00440F9D |.
00440FA0 |.
00440FA2 |.
00440FA4 |.
00440FA6 |.
00440FA7 |.
00440FAA |.
00440FB1 |.
00440FB6 |.
00440FB9 |.
00440FBB |.
00440FBD |.
00440FC1 |.
00440FC4 |.

53
E8 34D9FEFF

PUSH EBX
CALL 0042E862

; |Arg1
; \SystemIn

83C4 14
EB 34
8BC2
D1E8
894D 10
3BC1
72 03
8945 10
FF75 10

ADD ESP,14
JMP SHORT 00440F67
MOV EAX,EDX
SHR EAX,1
MOV DWORD PTR SS:[ARG.3],ECX
CMP EAX,ECX
JB SHORT 00440F41
MOV DWORD PTR SS:[ARG.3],EAX
PUSH DWORD PTR SS:[ARG.3]

; /Arg1 =>

E8 CA3EFFFF

CALL 00434E13

; \SystemIn

59
8945 F4
3BC3
75 1E
E8 A734FFFF

POP ECX
MOV DWORD PTR SS:[LOCAL.3],EAX
CMP EAX,EBX
JNE SHORT 00440F6F
CALL 004343FD

; [SystemIn

C700 0C000000 MOV DWORD PTR DS:[EAX],0C


E8 AF34FFFF CALL 00434410

; [SystemIn

C700 08000000
83C8 FF
E9 68040000
6A 01
53
53
FF75 08

MOV DWORD PTR DS:[EAX],8


OR EAX,FFFFFFFF
JMP 004413D7
PUSH 1
PUSH EBX
PUSH EBX
PUSH DWORD PTR SS:[ARG.1]

;
;
;
;

E8 44D9FFFF

CALL 0043E8BF

; \SystemIn

8B0F
89440E 28
8B45 F4
83C4 10
89540E 2C
8B0F
03CE
F641 04 48
74 74
8A49 05
80F9 0A
74 6C
395D 10
74 67
8808
8B0F
40
FF4D 10
C745 F0 01000
C6440E 05 0A
385D FE
74 4E
8B0F
8A4C0E 25
80F9 0A
74 43

MOV ECX,DWORD PTR DS:[EDI]


MOV DWORD PTR DS:[ECX+ESI+28],EAX
MOV EAX,DWORD PTR SS:[LOCAL.3]
ADD ESP,10
MOV DWORD PTR DS:[ECX+ESI+2C],EDX
MOV ECX,DWORD PTR DS:[EDI]
ADD ECX,ESI
TEST BYTE PTR DS:[ECX+4],48
JE SHORT 00441009
MOV CL,BYTE PTR DS:[ECX+5]
CMP CL,0A
JE SHORT 00441009
CMP DWORD PTR SS:[ARG.3],EBX
JE SHORT 00441009
MOV BYTE PTR DS:[EAX],CL
MOV ECX,DWORD PTR DS:[EDI]
INC EAX
DEC DWORD PTR SS:[ARG.3]
MOV DWORD PTR SS:[LOCAL.4],1
MOV BYTE PTR DS:[ECX+ESI+5],0A
CMP BYTE PTR SS:[LOCAL.1+2],BL
JE SHORT 00441009
MOV ECX,DWORD PTR DS:[EDI]
MOV CL,BYTE PTR DS:[ECX+ESI+25]
CMP CL,0A
JE SHORT 00441009

/Arg4 = 1
|Arg3
|Arg2
|Arg1 =>

00440FC6 |.
00440FC9 |.
00440FCB |.
00440FCD |.
00440FCF |.
00440FD0 |.
00440FD3 |.
00440FD7 |.
00440FDE |.
00440FE3 |.
00440FE5 |.
00440FE7 |.
00440FEB |.
00440FEE |.
00440FF0 |.
00440FF3 |.
00440FF5 |.
00440FF7 |.
00440FF9 |.
00440FFA |.
00440FFD |.
00441004 |.
00441009 |>
ped
0044100A |.
0044100D |.
ad => OFFSET
0044100E |.
[ARG.3]
00441011 |.
00441012 |.
00441014 |.
00441017 |.
.ReadFile
0044101D |.
0044101F |.
00441025 |.
00441028 |.
0044102A |.
00441030 |.
00441033 |.
00441039 |.
0044103B |.
0044103E |.
00441042 |.
00441045 |.
0044104B |.
0044104F |.
00441055 |.
00441057 |.
00441059 |.
0044105C |.
0044105F |.
00441061 |.
00441064 |.
00441066 |>
00441069 |>
0044106C |.
0044106F |.
00441071 |.

395D 10
74 3E
8808
8B0F
40
FF4D 10
807D FE 01
C745 F0 02000
C6440E 25 0A
75 24
8B0F
8A4C0E 26
80F9 0A
74 19
395D 10
74 14
8808
8B0F
40
FF4D 10
C745 F0 03000
C6440E 26 0A
53

CMP DWORD PTR SS:[ARG.3],EBX


JE SHORT 00441009
MOV BYTE PTR DS:[EAX],CL
MOV ECX,DWORD PTR DS:[EDI]
INC EAX
DEC DWORD PTR SS:[ARG.3]
CMP BYTE PTR SS:[LOCAL.1+2],1
MOV DWORD PTR SS:[LOCAL.4],2
MOV BYTE PTR DS:[ECX+ESI+25],0A
JNE SHORT 00441009
MOV ECX,DWORD PTR DS:[EDI]
MOV CL,BYTE PTR DS:[ECX+ESI+26]
CMP CL,0A
JE SHORT 00441009
CMP DWORD PTR SS:[ARG.3],EBX
JE SHORT 00441009
MOV BYTE PTR DS:[EAX],CL
MOV ECX,DWORD PTR DS:[EDI]
INC EAX
DEC DWORD PTR SS:[ARG.3]
MOV DWORD PTR SS:[LOCAL.4],3
MOV BYTE PTR DS:[ECX+ESI+26],0A
PUSH EBX

; /pOverlap

LEA ECX,[LOCAL.6]
PUSH ECX

; |
; |pBytesRe

PUSH DWORD PTR SS:[ARG.3]

; |Size =>

50
8B07
FF3406
FF15 D4814400

PUSH EAX
MOV EAX,DWORD PTR DS:[EDI]
PUSH DWORD PTR DS:[EAX+ESI]
CALL DWORD PTR DS:[<&KERNEL32.ReadFile>]

;
;
;
;

85C0
0F84 7B030000
8B4D E8
3BCB
0F8C 70030000
3B4D 10
0F87 67030000
8B07
014D F0
8D4406 04
F600 80
0F84 E6010000
807D FE 02
0F84 16020000
3BCB
74 0D
8B4D F4
8039 0A
75 05
8008 04
EB 03
8020 FB
8B5D F4
8B45 F0
03C3
895D 10

TEST EAX,EAX
JE 004413A0
MOV ECX,DWORD PTR SS:[LOCAL.6]
CMP ECX,EBX
JL 004413A0
CMP ECX,DWORD PTR SS:[ARG.3]
JA 004413A0
MOV EAX,DWORD PTR DS:[EDI]
ADD DWORD PTR SS:[LOCAL.4],ECX
LEA EAX,[EAX+ESI+4]
TEST BYTE PTR DS:[EAX],80
JE 00441231
CMP BYTE PTR SS:[LOCAL.1+2],2
JE 0044126B
CMP ECX,EBX
JE SHORT 00441066
MOV ECX,DWORD PTR SS:[LOCAL.3]
CMP BYTE PTR DS:[ECX],0A
JNE SHORT 00441066
OR BYTE PTR DS:[EAX],04
JMP SHORT 00441069
AND BYTE PTR DS:[EAX],FB
MOV EBX,DWORD PTR SS:[LOCAL.3]
MOV EAX,DWORD PTR SS:[LOCAL.4]
ADD EAX,EBX
MOV DWORD PTR SS:[ARG.3],EBX

8D4D E8
51
LOCAL.6
FF75 10

|Buffer
|
|hFile
\KERNEL32

00441074 |. 8945 F0
00441077 |. 3BD8
00441079 |. 0F83 D0000000
0044107F |> 8B4D 10
00441082 |. 8A01
00441084 |. 3C 1A
00441086 |. 0F84 AE000000
0044108C |. 3C 0D
0044108E |. 74 0C
00441090 |. 8803
00441092 |. 43
00441093 |. 41
00441094 |. 894D 10
00441097 |. E9 90000000
0044109C |> 8B45 F0
0044109F |. 48
004410A0 |. 3BC8
004410A2 |. 73 17
004410A4 |. 8D41 01
004410A7 |. 8038 0A
004410AA |. 75 0A
004410AC |. 41
004410AD |. 41
004410AE |. 894D 10
004410B1 |> C603 0A
004410B4 |. EB 75
004410B6 |> 8945 10
004410B9 |. EB 6D
004410BB |> FF45 10
004410BE |. 6A 00
ped = NULL
004410C0 |. 8D45 E8
004410C3 |. 50
ad => OFFSET LOCAL.6
004410C4 |. 6A 01
004410C6 |. 8D45 FF
004410C9 |. 50
004410CA |. 8B07
004410CC |. FF3406
004410CF |. FF15 D4814400
.ReadFile
004410D5 |. 85C0
004410D7 |. 75 0A
004410D9 |. FF15 58804400
.GetLastError
004410DF |. 85C0
004410E1 |. 75 45
004410E3 |> 837D E8 00
004410E7 |. 74 3F
004410E9 |. 8B07
004410EB |. F64406 04 48
004410F0 |. 74 14
004410F2 |. 807D FF 0A
004410F6 |.^ 74 B9
004410F8 |. C603 0D
004410FB |. 8B07
004410FD |. 8A4D FF
00441100 |. 884C06 05
00441104 |. EB 25
00441106 |> 3B5D F4

MOV DWORD PTR SS:[LOCAL.4],EAX


CMP EBX,EAX
JNB 0044114F
/MOV ECX,DWORD PTR SS:[ARG.3]
|MOV AL,BYTE PTR DS:[ECX]
|CMP AL,1A
|JE 0044113A
|CMP AL,0D
|JE SHORT 0044109C
|MOV BYTE PTR DS:[EBX],AL
|INC EBX
|INC ECX
|MOV DWORD PTR SS:[ARG.3],ECX
|JMP 0044112C
|MOV EAX,DWORD PTR SS:[LOCAL.4]
|DEC EAX
|CMP ECX,EAX
|JNB SHORT 004410BB
|LEA EAX,[ECX+1]
|CMP BYTE PTR DS:[EAX],0A
|JNE SHORT 004410B6
|INC ECX
|INC ECX
|MOV DWORD PTR SS:[ARG.3],ECX
|MOV BYTE PTR DS:[EBX],0A
|JMP SHORT 0044112B
|MOV DWORD PTR SS:[ARG.3],EAX
|JMP SHORT 00441128
|INC DWORD PTR SS:[ARG.3]
|PUSH 0

; /pOverlap

|LEA EAX,[LOCAL.6]
|PUSH EAX

; |
; |pBytesRe

|PUSH 1
|LEA EAX,[LOCAL.1+3]
|PUSH EAX
|MOV EAX,DWORD PTR DS:[EDI]
|PUSH DWORD PTR DS:[EAX+ESI]
|CALL DWORD PTR DS:[<&KERNEL32.ReadFile>

;
;
;
;
;
;

|Size = 1
|
|Buffer
|
|hFile
\KERNEL32

|TEST EAX,EAX
|JNE SHORT 004410E3
|CALL DWORD PTR DS:[<&KERNEL32.GetLastEr ; [KERNEL32
|TEST EAX,EAX
|JNE SHORT 00441128
|CMP DWORD PTR SS:[LOCAL.6],0
|JE SHORT 00441128
|MOV EAX,DWORD PTR DS:[EDI]
|TEST BYTE PTR DS:[EAX+ESI+4],48
|JE SHORT 00441106
|CMP BYTE PTR SS:[LOCAL.1+3],0A
|JE SHORT 004410B1
|MOV BYTE PTR DS:[EBX],0D
|MOV EAX,DWORD PTR DS:[EDI]
|MOV CL,BYTE PTR SS:[LOCAL.1+3]
|MOV BYTE PTR DS:[EAX+ESI+5],CL
|JMP SHORT 0044112B
|CMP EBX,DWORD PTR SS:[LOCAL.3]

00441109 |.
0044110B |.
0044110F |.^
00441111 |>
00441113 |.
1
00441115 |.
1
00441117 |.
[ARG.1]
0044111A |.
fo.0043E8BF
0044111F |.
00441122 |.
00441126 |.
00441128 |>
0044112B |>
0044112C |>
0044112F |.
00441132 |.^
00441138 |.
0044113A |>
0044113C |.
00441140 |.
00441143 |.
00441145 |.
00441148 |.
0044114A |>
0044114C |.
0044114E |.
0044114F |>
00441151 |.
00441154 |.
00441158 |.
0044115B |.
00441161 |.
00441163 |.
00441169 |.
0044116A |.
0044116C |.
0044116E |.
00441170 |.
00441171 |.
00441176 |>
00441178 |.
00441179 |.
0044117C |.
0044117E |>
00441181 |.
00441183 |.
00441186 |.
00441188 |.
00441189 |.
0044118C |.
0044118D |>
00441194 |.^
00441196 |>
00441198 |.
0044119B |.
004411A2 |.

75 06
807D FF 0A
74 A0
6A 01
6A FF

|JNE SHORT 00441111


|CMP BYTE PTR SS:[LOCAL.1+3],0A
|JE SHORT 004410B1
|PUSH 1
|PUSH -1

; /Arg4 = 1
; |Arg3 = -

6A FF

|PUSH -1

; |Arg2 = -

FF75 08

|PUSH DWORD PTR SS:[ARG.1]

; |Arg1 =>

E8 A0D7FFFF

|CALL 0043E8BF

; \SystemIn

83C4 10
807D FF 0A
74 04
C603 0D
43
8B45 F0
3945 10
0F82 47FFFFFF
EB 15
8B07
8D4406 04
F600 40
75 05
8008 02
EB 05
8A01
8803
43
8BC3
2B45 F4
807D FE 01
8945 F0
0F85 D0000000
85C0
0F84 C8000000
4B
8A0B
84C9
78 06
43
E9 86000000
33C0
40
0FB6C9
EB 0F
83F8 04
7F 13
3B5D F4
72 0E
4B
0FB60B
40
80B9 68244500
74 E8
8A13
0FB6CA
0FBE89 682445
85C9

|ADD ESP,10
|CMP BYTE PTR SS:[LOCAL.1+3],0A
|JE SHORT 0044112C
|MOV BYTE PTR DS:[EBX],0D
|INC EBX
|MOV EAX,DWORD PTR SS:[LOCAL.4]
|CMP DWORD PTR SS:[ARG.3],EAX
\JB 0044107F
JMP SHORT 0044114F
MOV EAX,DWORD PTR DS:[EDI]
LEA EAX,[EAX+ESI+4]
TEST BYTE PTR DS:[EAX],40
JNE SHORT 0044114A
OR BYTE PTR DS:[EAX],02
JMP SHORT 0044114F
MOV AL,BYTE PTR DS:[ECX]
MOV BYTE PTR DS:[EBX],AL
INC EBX
MOV EAX,EBX
SUB EAX,DWORD PTR SS:[LOCAL.3]
CMP BYTE PTR SS:[LOCAL.1+2],1
MOV DWORD PTR SS:[LOCAL.4],EAX
JNE 00441231
TEST EAX,EAX
JE 00441231
DEC EBX
MOV CL,BYTE PTR DS:[EBX]
TEST CL,CL
JS SHORT 00441176
INC EBX
JMP 004411FC
XOR EAX,EAX
INC EAX
MOVZX ECX,CL
JMP SHORT 0044118D
/CMP EAX,4
|JG SHORT 00441196
|CMP EBX,DWORD PTR SS:[LOCAL.3]
|JB SHORT 00441196
|DEC EBX
|MOVZX ECX,BYTE PTR DS:[EBX]
|INC EAX
|CMP BYTE PTR DS:[ECX+452468],0
\JE SHORT 0044117E
MOV DL,BYTE PTR DS:[EBX]
MOVZX ECX,DL
MOVSX ECX,BYTE PTR DS:[ECX+452468]
TEST ECX,ECX

004411A4 |. 75 0D
004411A6 |. E8 5232FFFF
fo.004343FD
004411AB |. C700 2A000000
004411B1 |. EB 7A
004411B3 |> 41
004411B4 |. 3BC8
004411B6 |. 75 04
004411B8 |. 03D8
004411BA |. EB 40
004411BC |> 8B0F
004411BE |. 03CE
004411C0 |. F641 04 48
004411C4 |. 74 24
004411C6 |. 43
004411C7 |. 83F8 02
004411CA |. 8851 05
004411CD |. 7C 09
004411CF |. 8A13
004411D1 |. 8B0F
004411D3 |. 88540E 25
004411D7 |. 43
004411D8 |> 83F8 03
004411DB |. 75 09
004411DD |. 8A13
004411DF |. 8B0F
004411E1 |. 88540E 26
004411E5 |. 43
004411E6 |> 2BD8
004411E8 |. EB 12
004411EA |> F7D8
004411EC |. 99
004411ED |. 6A 01
004411EF |. 52
004411F0 |. 50
004411F1 |. FF75 08
[ARG.1]
004411F4 |. E8 C6D6FFFF
fo.0043E8BF
004411F9 |. 83C4 10
004411FC |> 8B45 E4
004411FF |. 2B5D F4
00441202 |. D1E8
00441204 |. 50
t
00441205 |. FF75 0C
=> [ARG.2]
00441208 |. 53
nt
00441209 |. FF75 F4
e => [LOCAL.3]
0044120C |. 6A 00
0
0044120E |. 68 E9FD0000
= CP_UTF8
00441213 |. FF15 50814400
.MultiByteToWideChar
00441219 |. 8945 F0
0044121C |. 85C0
0044121E |. 75 34

JNE SHORT 004411B3


CALL 004343FD

; [SystemIn

MOV DWORD PTR DS:[EAX],2A


JMP SHORT 0044122D
INC ECX
CMP ECX,EAX
JNE SHORT 004411BC
ADD EBX,EAX
JMP SHORT 004411FC
MOV ECX,DWORD PTR DS:[EDI]
ADD ECX,ESI
TEST BYTE PTR DS:[ECX+4],48
JE SHORT 004411EA
INC EBX
CMP EAX,2
MOV BYTE PTR DS:[ECX+5],DL
JL SHORT 004411D8
MOV DL,BYTE PTR DS:[EBX]
MOV ECX,DWORD PTR DS:[EDI]
MOV BYTE PTR DS:[ECX+ESI+25],DL
INC EBX
CMP EAX,3
JNE SHORT 004411E6
MOV DL,BYTE PTR DS:[EBX]
MOV ECX,DWORD PTR DS:[EDI]
MOV BYTE PTR DS:[ECX+ESI+26],DL
INC EBX
SUB EBX,EAX
JMP SHORT 004411FC
NEG EAX
CDQ
PUSH 1
PUSH EDX
PUSH EAX
PUSH DWORD PTR SS:[ARG.1]

;
;
;
;

CALL 0043E8BF

; \SystemIn

ADD ESP,10
MOV EAX,DWORD PTR SS:[LOCAL.7]
SUB EBX,DWORD PTR SS:[LOCAL.3]
SHR EAX,1
PUSH EAX

; /WideCoun

PUSH DWORD PTR SS:[ARG.2]

; |WideChar

PUSH EBX

; |MultiCou

PUSH DWORD PTR SS:[LOCAL.3]

; |MultiByt

PUSH 0

; |Flags =

PUSH 0FDE9

; |CodePage

/Arg4 = 1
|Arg3
|Arg2
|Arg1 =>

CALL DWORD PTR DS:[<&KERNEL32.MultiByteT ; \KERNEL32


MOV DWORD PTR SS:[LOCAL.4],EAX
TEST EAX,EAX
JNE SHORT 00441254

00441220 |.
.GetLastError
00441226 |>
00441227 |.
fo.00434423
0044122C |.
0044122D |>
00441231 |>
00441234 |.
00441237 |.
00441239 |.
[LOCAL.3]
0044123A |.
fo.004331DE
0044123F |.
00441240 |>
00441243 |.
00441246 |.
0044124C |.
0044124F |.
00441254 |>
00441257 |.
00441259 |.
0044125B |.
0044125D |.
00441260 |.
00441262 |.
00441265 |.
00441269 |.^
0044126B |>
0044126D |.
0044126F |.
00441272 |.
00441276 |.
00441278 |.
0044127B |.
0044127D |>
00441280 |>
00441283 |.
00441286 |.
00441288 |.
0044128B |.
0044128E |.
00441290 |.
00441296 |>
00441299 |.
0044129C |.
004412A0 |.
004412A6 |.
004412AA |.
004412AC |.
004412AF |.
004412B0 |.
004412B1 |.
004412B2 |.
004412B3 |.
004412B6 |.
004412BB |>
004412BE |.
004412C1 |.

FF15 58804400 CALL DWORD PTR DS:[<&KERNEL32.GetLastErr ; [KERNEL32


50
E8 F731FFFF

PUSH EAX
CALL 00434423

; /Arg1
; \SystemIn

59
834D EC FF
8B45 F4
3B45 0C
74 07
50

POP ECX
OR DWORD PTR SS:[LOCAL.5],FFFFFFFF
MOV EAX,DWORD PTR SS:[LOCAL.3]
CMP EAX,DWORD PTR SS:[ARG.2]
JE SHORT 00441240
PUSH EAX

; /Arg1 =>

E8 9F1FFFFF

CALL 004331DE

; \SystemIn

59
8B45 EC
83F8 FE
0F85 8B010000
8B45 F0
E9 83010000
8B45 F0
8B17
33C9
3BC3
0F95C1
03C0
8945 F0
894C16 30
EB C6
3BCB
74 0E
8B4D F4
66:8339 0A
75 05
8008 04
EB 03
8020 FB
8B5D F4
8B45 F0
03C3
895D 10
8945 F0
3BD8
0F83 FF000000
8B45 10
0FB708
66:83F9 1A
0F84 D7000000
66:83F9 0D
74 0F
66:890B
43
43
40
40
8945 10
E9 B4000000
8B4D F0
83C1 FE
3BC1

POP ECX
MOV EAX,DWORD PTR SS:[LOCAL.5]
CMP EAX,-2
JNE 004413D7
MOV EAX,DWORD PTR SS:[LOCAL.4]
JMP 004413D7
MOV EAX,DWORD PTR SS:[LOCAL.4]
MOV EDX,DWORD PTR DS:[EDI]
XOR ECX,ECX
CMP EAX,EBX
SETNE CL
ADD EAX,EAX
MOV DWORD PTR SS:[LOCAL.4],EAX
MOV DWORD PTR DS:[EDX+ESI+30],ECX
JMP SHORT 00441231
CMP ECX,EBX
JE SHORT 0044127D
MOV ECX,DWORD PTR SS:[LOCAL.3]
CMP WORD PTR DS:[ECX],0A
JNE SHORT 0044127D
OR BYTE PTR DS:[EAX],04
JMP SHORT 00441280
AND BYTE PTR DS:[EAX],FB
MOV EBX,DWORD PTR SS:[LOCAL.3]
MOV EAX,DWORD PTR SS:[LOCAL.4]
ADD EAX,EBX
MOV DWORD PTR SS:[ARG.3],EBX
MOV DWORD PTR SS:[LOCAL.4],EAX
CMP EBX,EAX
JNB 00441395
/MOV EAX,DWORD PTR SS:[ARG.3]
|MOVZX ECX,WORD PTR DS:[EAX]
|CMP CX,1A
|JE 0044137D
|CMP CX,0D
|JE SHORT 004412BB
|MOV WORD PTR DS:[EBX],CX
|INC EBX
|INC EBX
|INC EAX
|INC EAX
|MOV DWORD PTR SS:[ARG.3],EAX
|JMP 0044136F
|MOV ECX,DWORD PTR SS:[LOCAL.4]
|ADD ECX,-2
|CMP EAX,ECX

004412C3 |. 73 1E
004412C5 |. 8D48 02
004412C8 |. 66:8339 0A
004412CC |. 75 0D
004412CE |. 83C0 04
004412D1 |. 8945 10
004412D4 |> 6A 0A
004412D6 |. E9 8E000000
004412DB |> 894D 10
004412DE |. E9 84000000
004412E3 |> 8345 10 02
004412E7 |. 6A 00
ped = NULL
004412E9 |. 8D45 E8
004412EC |. 50
ad => OFFSET LOCAL.6
004412ED |. 6A 02
004412EF |. 8D45 F8
004412F2 |. 50
> OFFSET LOCAL.2
004412F3 |. 8B07
004412F5 |. FF3406
004412F8 |. FF15 D4814400
.ReadFile
004412FE |. 85C0
00441300 |. 75 0A
00441302 |. FF15 58804400
.GetLastError
00441308 |. 85C0
0044130A |. 75 5B
0044130C |> 837D E8 00
00441310 |. 74 55
00441312 |. 8B07
00441314 |. F64406 04 48
00441319 |. 74 28
0044131B |. 66:837D F8 0A
00441320 |.^ 74 B2
00441322 |. 6A 0D
00441324 |. 58
00441325 |. 66:8903
00441328 |. 8B07
0044132A |. 8A4D F8
0044132D |. 884C06 05
00441331 |. 8B07
00441333 |. 8A4D F9
00441336 |. 884C06 25
0044133A |. 8B07
0044133C |. C64406 26 0A
00441341 |. EB 2A
00441343 |> 3B5D F4
00441346 |. 75 07
00441348 |. 66:837D F8 0A
0044134D |.^ 74 85
0044134F |> 6A 01
00441351 |. 6A FF
1
00441353 |. 6A FE
2
00441355 |. FF75 08
[ARG.1]

|JNB SHORT 004412E3


|LEA ECX,[EAX+2]
|CMP WORD PTR DS:[ECX],0A
|JNE SHORT 004412DB
|ADD EAX,4
|MOV DWORD PTR SS:[ARG.3],EAX
|PUSH 0A
|JMP 00441369
|MOV DWORD PTR SS:[ARG.3],ECX
|JMP 00441367
|ADD DWORD PTR SS:[ARG.3],2
|PUSH 0

; /pOverlap

|LEA EAX,[LOCAL.6]
|PUSH EAX

; |
; |pBytesRe

|PUSH 2
|LEA EAX,[LOCAL.2]
|PUSH EAX

; |Size = 2
; |
; |Buffer =

|MOV EAX,DWORD PTR DS:[EDI]


; |
|PUSH DWORD PTR DS:[EAX+ESI]
; |hFile
|CALL DWORD PTR DS:[<&KERNEL32.ReadFile> ; \KERNEL32
|TEST EAX,EAX
|JNE SHORT 0044130C
|CALL DWORD PTR DS:[<&KERNEL32.GetLastEr ; [KERNEL32
|TEST EAX,EAX
|JNE SHORT 00441367
|CMP DWORD PTR SS:[LOCAL.6],0
|JE SHORT 00441367
|MOV EAX,DWORD PTR DS:[EDI]
|TEST BYTE PTR DS:[EAX+ESI+4],48
|JE SHORT 00441343
|CMP WORD PTR SS:[LOCAL.2],0A
|JE SHORT 004412D4
|PUSH 0D
|POP EAX
|MOV WORD PTR DS:[EBX],AX
|MOV EAX,DWORD PTR DS:[EDI]
|MOV CL,BYTE PTR SS:[LOCAL.2]
|MOV BYTE PTR DS:[EAX+ESI+5],CL
|MOV EAX,DWORD PTR DS:[EDI]
|MOV CL,BYTE PTR SS:[LOCAL.2+1]
|MOV BYTE PTR DS:[EAX+ESI+25],CL
|MOV EAX,DWORD PTR DS:[EDI]
|MOV BYTE PTR DS:[EAX+ESI+26],0A
|JMP SHORT 0044136D
|CMP EBX,DWORD PTR SS:[LOCAL.3]
|JNE SHORT 0044134F
|CMP WORD PTR SS:[LOCAL.2],0A
|JE SHORT 004412D4
|PUSH 1
|PUSH -1

; /Arg4 = 1
; |Arg3 = -

|PUSH -2

; |Arg2 = -

|PUSH DWORD PTR SS:[ARG.1]

; |Arg1 =>

00441358 |.
fo.0043E8BF
0044135D |.
00441360 |.
00441365 |.
00441367 |>
00441369 |>
0044136A |.
0044136D |>
0044136E |.
0044136F |>
00441372 |.
00441375 |.^
0044137B |.
0044137D |>
0044137F |.
00441383 |.
00441386 |.
00441388 |.
0044138B |.
0044138D |>
00441390 |.
00441393 |.
00441394 |.
00441395 |>
00441398 |.
0044139B |.^
004413A0 |>
.GetLastError
004413A6 |.
004413A8 |.
004413A9 |.
004413AB |.
004413AD |.
fo.004343FD
004413B2 |.
004413B8 |.
fo.00434410
004413BD |.
004413BF |.^
004413C4 |>
004413C7 |.^
004413CD |.
004413D0 |.^
004413D5 |>
004413D7 |>
004413D8 |>
004413D9 |>
004413DA |.
004413DB \.
004413DC /$
004413DE |.
004413E3 |.
004413E8 |.
004413EB |.
004413EE |.
004413F0 |.
fo.00434410
004413F5 |.
004413F8 |.

E8 62D5FFFF

|CALL 0043E8BF

; \SystemIn

83C4 10
66:837D F8 0A
74 08
6A 0D
58
66:8903
43
43
8B45 F0
3945 10
0F82 1BFFFFFF
EB 18
8B0F
8D740E 04
F606 40
75 05
800E 02
EB 08
66:8B00
66:8903
43
43
2B5D F4
895D F0
E9 91FEFFFF
FF15 58804400

|ADD ESP,10
|CMP WORD PTR SS:[LOCAL.2],0A
|JE SHORT 0044136F
|PUSH 0D
|POP EAX
|MOV WORD PTR DS:[EBX],AX
|INC EBX
|INC EBX
|MOV EAX,DWORD PTR SS:[LOCAL.4]
|CMP DWORD PTR SS:[ARG.3],EAX
\JB 00441296
JMP SHORT 00441395
MOV ECX,DWORD PTR DS:[EDI]
LEA ESI,[ECX+ESI+4]
TEST BYTE PTR DS:[ESI],40
JNE SHORT 0044138D
OR BYTE PTR DS:[ESI],02
JMP SHORT 00441395
MOV AX,WORD PTR DS:[EAX]
MOV WORD PTR DS:[EBX],AX
INC EBX
INC EBX
SUB EBX,DWORD PTR SS:[LOCAL.3]
MOV DWORD PTR SS:[LOCAL.4],EBX
JMP 00441231
CALL DWORD PTR DS:[<&KERNEL32.GetLastErr ; [KERNEL32

6A 05
5E
3BC6
75 17
E8 4B30FFFF

PUSH 5
POP ESI
CMP EAX,ESI
JNE SHORT 004413C4
CALL 004343FD

; [SystemIn

C700 09000000 MOV DWORD PTR DS:[EAX],9


E8 5330FFFF CALL 00434410

; [SystemIn

8930
E9 69FEFFFF
83F8 6D
0F85 59FEFFFF
895D EC
E9 5CFEFFFF
33C0
5F
5B
5E
C9
C3
6A 10
68 B0F64400
E8 0476FFFF
8B45 08
83F8 FE
75 1B
E8 1B30FFFF

MOV DWORD PTR DS:[EAX],ESI


JMP 0044122D
CMP EAX,6D
JNE 00441226
MOV DWORD PTR SS:[LOCAL.5],EBX
JMP 00441231
XOR EAX,EAX
POP EDI
POP EBX
POP ESI
LEAVE
RETN
PUSH 10
PUSH OFFSET 0044F6B0
CALL 004389EC
MOV EAX,DWORD PTR SS:[EBP+8]
CMP EAX,-2
JNE SHORT 0044140B
CALL 00434410

; [SystemIn

8320 00
E8 0030FFFF

AND DWORD PTR DS:[EAX],00000000


CALL 004343FD

; [SystemIn

fo.004343FD
004413FD |.
00441403 |>
00441406 |.
0044140B |>
0044140D |.
0044140F |.
00441411 |.
00441417 |.
00441419 |>
fo.00434410
0044141E |.
00441420 |.
fo.004343FD
00441425 |.
0044142B |>
0044142C |.
0044142D |.
0044142E |.
0044142F |.
00441430 |.
fo.0042E862
00441435 |.
00441438 |.^
0044143A |>
0044143C |.
0044143F |.
00441446 |.
00441448 |.
0044144B |.
0044144E |.
00441450 |.
00441455 |.
00441458 |.^
0044145A |.
0044145F |.
00441462 |.
00441464 |.
00441465 |.
00441467 |.
fo.00434410
0044146C |.
0044146E |.
fo.004343FD
00441473 |.
00441479 |.^
0044147B |>
0044147C |.
00441481 |.
00441482 |.
00441485 |.
00441487 |.
0044148C |.
0044148E |.
[ARG.EBP+10]
00441491 |.
[ARG.EBP+0C]
00441494 |.
[ARG.EBP+8]
00441497 |.

C700 09000000
83C8 FF
E9 BE000000
33F6
3BC6
7C 08
3B05 98374500
72 21
E8 F22FFFFF

MOV DWORD PTR DS:[EAX],9


OR EAX,FFFFFFFF
JMP 004414C9
XOR ESI,ESI
CMP EAX,ESI
JL SHORT 00441419
CMP EAX,DWORD PTR DS:[453798]
JB SHORT 0044143A
CALL 00434410

; [SystemIn

8930
E8 D82FFFFF

MOV DWORD PTR DS:[EAX],ESI


CALL 004343FD

; [SystemIn

C700 09000000
56
56
56
56
56
E8 2DD4FEFF

MOV DWORD PTR DS:[EAX],9


PUSH ESI
PUSH ESI
PUSH ESI
PUSH ESI
PUSH ESI
CALL 0042E862

;
;
;
;
;
;

83C4 14
EB C9
8BC8
C1F9 05
8D1C8D A03745
8BF8
83E7 1F
C1E7 06
8B0B
0FBE4C39 04
83E1 01
74 BF
B9 FFFFFF7F
3B4D 10
1BC9
41
75 14
E8 A42FFFFF

ADD ESP,14
JMP SHORT 00441403
MOV ECX,EAX
SAR ECX,5
LEA EBX,[ECX*4+4537A0]
MOV EDI,EAX
AND EDI,0000001F
SHL EDI,6
MOV ECX,DWORD PTR DS:[EBX]
MOVSX ECX,BYTE PTR DS:[EDI+ECX+4]
AND ECX,00000001
JE SHORT 00441419
MOV ECX,7FFFFFFF
CMP ECX,DWORD PTR SS:[EBP+10]
SBB ECX,ECX
INC ECX
JNE SHORT 0044147B
CALL 00434410

; [SystemIn

8930
E8 8A2FFFFF

MOV DWORD PTR DS:[EAX],ESI


CALL 004343FD

; [SystemIn

C700 16000000
EB B0
50
E8 99F6FFFF
59
8975 FC
8B03
F64438 04 01
74 16
FF75 10

MOV DWORD PTR DS:[EAX],16


JMP SHORT 0044142B
PUSH EAX
CALL 00440B1A
POP ECX
MOV DWORD PTR SS:[EBP-4],ESI
MOV EAX,DWORD PTR DS:[EBX]
TEST BYTE PTR DS:[EDI+EAX+4],01
JE SHORT 004414A4
PUSH DWORD PTR SS:[EBP+10]

; /Arg3 =>

FF75 0C

PUSH DWORD PTR SS:[EBP+0C]

; |Arg2 =>

FF75 08

PUSH DWORD PTR SS:[EBP+8]

; |Arg1 =>

E8 7EF9FFFF

CALL 00440E1A

; \SystemIn

/Arg5
|Arg4
|Arg3
|Arg2
|Arg1
\SystemIn

fo.00440E1A
0044149C |. 83C4 0C
0044149F |. 8945 E4
004414A2 |. EB 16
004414A4 |> E8 542FFFFF
fo.004343FD
004414A9 |. C700 09000000
004414AF |. E8 5C2FFFFF
fo.00434410
004414B4 |. 8930
004414B6 |. 834D E4 FF
004414BA |> C745 FC FEFFF
004414C1 |. E8 09000000
004414C6 |. 8B45 E4
004414C9 |> E8 6375FFFF
004414CE \. C3
004414CF /$ FF75 08
004414D2 |. E8 E3F6FFFF
004414D7 |. 59
004414D8 \. C3
004414D9 /$ 8BFF
004414DB |. 55
004414DC |. 8BEC
004414DE |. 83EC 14
004414E1 |. 53
004414E2 |. 56
004414E3 |. 57
004414E4 |. E8 D43BFFFF
fo.004350BD
004414E9 |. 8365 FC 00
004414ED |. 833D 58374500
004414F4 |. 8BD8
004414F6 |. 0F85 8E000000
004414FC |. 68 28C04400
= "USER32.DLL"
00441501 |. FF15 24814400
.LoadLibraryA
00441507 |. 8BF8
00441509 |. 85FF
0044150B |. 0F84 2A010000
00441511 |. 8B35 7C804400
00441517 |. 68 1CC04400
= "MessageBoxA"
0044151C |. 57
0044151D |. FFD6
.GetProcAddress
0044151F |. 85C0
00441521 |. 0F84 14010000
00441527 |. 50
00441528 |. E8 1E3BFFFF
fo.0043504B
0044152D |. C70424 0CC044
tActiveWindow"
00441534 |. 57
00441535 |. A3 58374500
0044153A |. FFD6
0044153C |. 50
0044153D |. E8 093BFFFF
fo.0043504B
00441542 |. C70424 F8BF44

ADD ESP,0C
MOV DWORD PTR SS:[EBP-1C],EAX
JMP SHORT 004414BA
CALL 004343FD

; [SystemIn

MOV DWORD PTR DS:[EAX],9


CALL 00434410

; [SystemIn

MOV DWORD PTR DS:[EAX],ESI


OR DWORD PTR SS:[EBP-1C],FFFFFFFF
MOV DWORD PTR SS:[EBP-4],-2
CALL 004414CF
MOV EAX,DWORD PTR SS:[EBP-1C]
CALL 00438A31
RETN
PUSH DWORD PTR SS:[EBP+8]
CALL 00440BBA
POP ECX
RETN
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
SUB ESP,14
PUSH EBX
PUSH ESI
PUSH EDI
CALL 004350BD

; [SystemIn

AND DWORD PTR SS:[LOCAL.1],00000000


CMP DWORD PTR DS:[453758],0
MOV EBX,EAX
JNE 0044158A
PUSH OFFSET 0044C028

; /FileName

CALL DWORD PTR DS:[<&KERNEL32.LoadLibrar ; \KERNEL32


MOV EDI,EAX
TEST EDI,EDI
JE 0044163B
MOV ESI,DWORD PTR DS:[<&KERNEL32.GetProc
PUSH OFFSET 0044C01C
; /Procname
PUSH EDI
CALL ESI

; |hModule
; \KERNEL32

TEST EAX,EAX
JE 0044163B
PUSH EAX
CALL 0043504B

; /Arg1
; \SystemIn

MOV DWORD PTR SS:[LOCAL.9],OFFSET 0044C0 ; ASCII "Ge


PUSH EDI
MOV DWORD PTR DS:[453758],EAX
CALL ESI
PUSH EAX
CALL 0043504B

; /Arg1
; \SystemIn

MOV DWORD PTR SS:[ESP],OFFSET 0044BFF8

; ASCII "Ge

tLastActivePopup"
00441549 |. 57
0044154A |. A3 5C374500
0044154F |. FFD6
00441551 |. 50
00441552 |. E8 F43AFFFF
fo.0043504B
00441557 |. C70424 DCBF44
tUserObjectInformationA"
0044155E |. 57
0044155F |. A3 60374500
00441564 |. FFD6
00441566 |. 50
00441567 |. E8 DF3AFFFF
fo.0043504B
0044156C |. 59
0044156D |. A3 68374500
00441572 |. 85C0
00441574 |. 74 14
00441576 |. 68 C4BF4400
tProcessWindowStation"
0044157B |. 57
0044157C |. FFD6
0044157E |. 50
0044157F |. E8 C73AFFFF
fo.0043504B
00441584 |. 59
00441585 |. A3 64374500
0044158A |> A1 64374500
0044158F |. 3BC3
00441591 |. 74 4F
00441593 |. 391D 68374500
00441599 |. 74 47
0044159B |. 50
[453764] = 0
0044159C |. E8 253BFFFF
fo.004350C6
004415A1 |. FF35 68374500
004415A7 |. 8BF0
004415A9 |. E8 183BFFFF
fo.004350C6
004415AE |. 59
004415AF |. 59
004415B0 |. 8BF8
004415B2 |. 85F6
004415B4 |. 74 2C
004415B6 |. 85FF
004415B8 |. 74 28
004415BA |. FFD6
004415BC |. 85C0
004415BE |. 74 19
004415C0 |. 8D4D F8
004415C3 |. 51
004415C4 |. 6A 0C
004415C6 |. 8D4D EC
004415C9 |. 51
004415CA |. 6A 01
004415CC |. 50
004415CD |. FFD7
004415CF |. 85C0

PUSH EDI
MOV DWORD PTR DS:[45375C],EAX
CALL ESI
PUSH EAX
CALL 0043504B

; /Arg1
; \SystemIn

MOV DWORD PTR SS:[ESP],OFFSET 0044BFDC

; ASCII "Ge

PUSH EDI
MOV DWORD PTR DS:[453760],EAX
CALL ESI
PUSH EAX
CALL 0043504B

; /Arg1
; \SystemIn

POP ECX
MOV DWORD PTR DS:[453768],EAX
TEST EAX,EAX
JE SHORT 0044158A
PUSH OFFSET 0044BFC4

; ASCII "Ge

PUSH
CALL
PUSH
CALL

; /Arg1
; \SystemIn

EDI
ESI
EAX
0043504B

POP ECX
MOV DWORD PTR DS:[453764],EAX
MOV EAX,DWORD PTR DS:[453764]
CMP EAX,EBX
JE SHORT 004415E2
CMP DWORD PTR DS:[453768],EBX
JE SHORT 004415E2
PUSH EAX

; /Arg1 =>

CALL 004350C6

; \SystemIn

PUSH DWORD PTR DS:[453768]


MOV ESI,EAX
CALL 004350C6

; /Arg1 = 0
; |
; \SystemIn

POP ECX
POP ECX
MOV EDI,EAX
TEST ESI,ESI
JE SHORT 004415E2
TEST EDI,EDI
JE SHORT 004415E2
CALL ESI
TEST EAX,EAX
JE SHORT 004415D9
LEA ECX,[LOCAL.2]
PUSH ECX
PUSH 0C
LEA ECX,[LOCAL.5]
PUSH ECX
PUSH 1
PUSH EAX
CALL EDI
TEST EAX,EAX

004415D1 |. 74 06
004415D3 |. F645 F4 01
004415D7 |. 75 09
004415D9 |> 814D 10 00002
004415E0 |. EB 39
004415E2 |> A1 5C374500
004415E7 |. 3BC3
004415E9 |. 74 30
004415EB |. 50
[45375C] = 0
004415EC |. E8 D53AFFFF
fo.004350C6
004415F1 |. 59
004415F2 |. 85C0
004415F4 |. 74 25
004415F6 |. FFD0
004415F8 |. 8945 FC
004415FB |. 85C0
004415FD |. 74 1C
004415FF |. A1 60374500
00441604 |. 3BC3
00441606 |. 74 13
00441608 |. 50
[453760] = 0
00441609 |. E8 B83AFFFF
fo.004350C6
0044160E |. 59
0044160F |. 85C0
00441611 |. 74 08
00441613 |. FF75 FC
00441616 |. FFD0
00441618 |. 8945 FC
0044161B |> FF35 58374500
00441621 |. E8 A03AFFFF
fo.004350C6
00441626 |. 59
00441627 |. 85C0
00441629 |. 74 10
0044162B |. FF75 10
0044162E |. FF75 0C
00441631 |. FF75 08
00441634 |. FF75 FC
00441637 |. FFD0
00441639 |. EB 02
0044163B |> 33C0
0044163D |> 5F
0044163E |. 5E
0044163F |. 5B
00441640 |. C9
00441641 \. C3
00441642 /$ 8BFF
o.00441642(guessed Arg1)
00441644 |. 55
00441645 |. 8BEC
00441647 |. 8B4D 08
0044164A |. 56
0044164B |. 33F6
0044164D |. 3BCE
0044164F |. 7C 1E
00441651 |. 83F9 02

JE SHORT 004415D9
TEST BYTE PTR SS:[LOCAL.3],01
JNE SHORT 004415E2
OR DWORD PTR SS:[ARG.3],00200000
JMP SHORT 0044161B
MOV EAX,DWORD PTR DS:[45375C]
CMP EAX,EBX
JE SHORT 0044161B
PUSH EAX

; /Arg1 =>

CALL 004350C6

; \SystemIn

POP ECX
TEST EAX,EAX
JE SHORT 0044161B
CALL EAX
MOV DWORD PTR SS:[LOCAL.1],EAX
TEST EAX,EAX
JE SHORT 0044161B
MOV EAX,DWORD PTR DS:[453760]
CMP EAX,EBX
JE SHORT 0044161B
PUSH EAX

; /Arg1 =>

CALL 004350C6

; \SystemIn

POP ECX
TEST EAX,EAX
JE SHORT 0044161B
PUSH DWORD PTR SS:[LOCAL.1]
CALL EAX
MOV DWORD PTR SS:[LOCAL.1],EAX
PUSH DWORD PTR DS:[453758]
CALL 004350C6

; /Arg1 = 0
; \SystemIn

POP ECX
TEST EAX,EAX
JE SHORT 0044163B
PUSH DWORD PTR SS:[ARG.3]
PUSH DWORD PTR SS:[ARG.2]
PUSH DWORD PTR SS:[ARG.1]
PUSH DWORD PTR SS:[LOCAL.1]
CALL EAX
JMP SHORT 0044163D
XOR EAX,EAX
POP EDI
POP ESI
POP EBX
LEAVE
RETN
MOV EDI,EDI

; SystemInf

PUSH EBP
MOV EBP,ESP
MOV ECX,DWORD PTR SS:[ARG.1]
PUSH ESI
XOR ESI,ESI
CMP ECX,ESI
JL SHORT 0044166F
CMP ECX,2

00441654 |. 7E 0C
JLE SHORT 00441662
00441656 |. 83F9 03
CMP ECX,3
00441659 |. 75 14
JNE SHORT 0044166F
0044165B |. A1 DC2C4500 MOV EAX,DWORD PTR DS:[452CDC]
00441660 |. EB 28
JMP SHORT 0044168A
00441662 |> A1 DC2C4500 MOV EAX,DWORD PTR DS:[452CDC]
00441667 |. 890D DC2C4500 MOV DWORD PTR DS:[452CDC],ECX
0044166D |. EB 1B
JMP SHORT 0044168A
0044166F |> E8 892DFFFF CALL 004343FD
fo.004343FD
00441674 |. 56
PUSH ESI
00441675 |. 56
PUSH ESI
00441676 |. 56
PUSH ESI
00441677 |. 56
PUSH ESI
00441678 |. 56
PUSH ESI
00441679 |. C700 16000000 MOV DWORD PTR DS:[EAX],16
0044167F |. E8 DED1FEFF CALL 0042E862
fo.0042E862
00441684 |. 83C4 14
ADD ESP,14
00441687 |. 83C8 FF
OR EAX,FFFFFFFF
0044168A |> 5E
POP ESI
0044168B |. 5D
POP EBP
0044168C \. C3
RETN
0044168D /$ 8BFF
MOV EDI,EDI
o.0044168D(guessed Arg1,Arg2,Arg3,Arg4,Arg5)
0044168F |. 55
PUSH EBP
00441690 |. 8BEC
MOV EBP,ESP
00441692 |. 83EC 34
SUB ESP,34
00441695 |. 53
PUSH EBX
00441696 |. 33DB
XOR EBX,EBX
00441698 |. F645 10 80
TEST BYTE PTR SS:[ARG.3],80
0044169C |. 56
PUSH ESI
0044169D |. 57
PUSH EDI
0044169E |. 8BF0
MOV ESI,EAX
004416A0 |. 895D E0
MOV DWORD PTR SS:[LOCAL.8],EBX
004416A3 |. 885D FE
MOV BYTE PTR SS:[LOCAL.1+2],BL
004416A6 |. C745 CC 0C000 MOV DWORD PTR SS:[LOCAL.13],0C
004416AD |. 895D D0
MOV DWORD PTR SS:[LOCAL.12],EBX
004416B0 |. 74 09
JE SHORT 004416BB
004416B2 |. 895D D4
MOV DWORD PTR SS:[LOCAL.11],EBX
004416B5 |. C645 FF 10
MOV BYTE PTR SS:[LOCAL.1+3],10
004416B9 |. EB 0A
JMP SHORT 004416C5
004416BB |> C745 D4 01000 MOV DWORD PTR SS:[LOCAL.11],1
004416C2 |. 885D FF
MOV BYTE PTR SS:[LOCAL.1+3],BL
004416C5 |> 8D45 E0
LEA EAX,[LOCAL.8]
004416C8 |. 50
PUSH EAX
OFFSET LOCAL.8
004416C9 |. E8 2A2F0000 CALL 004445F8
fo.004445F8
004416CE |. 59
POP ECX
004416CF |. 85C0
TEST EAX,EAX
004416D1 |. 74 0D
JE SHORT 004416E0
004416D3 |. 53
PUSH EBX
004416D4 |. 53
PUSH EBX
004416D5 |. 53
PUSH EBX
004416D6 |. 53
PUSH EBX
004416D7 |. 53
PUSH EBX
004416D8 |. E8 5DD0FEFF CALL 0042E73A
004416DD |. 83C4 14
ADD ESP,14
004416E0 |> 8B4D 10
MOV ECX,DWORD PTR SS:[ARG.3]

; [SystemIn
;
;
;
;
;
;
;

/Arg5
|Arg4
|Arg3
|Arg2
|Arg1
|
\SystemIn

; SystemInf

; /Arg1 =>
; \SystemIn

004416E3 |. B8 00800000 MOV EAX,8000


004416E8 |. 85C8
TEST EAX,ECX
004416EA |. 75 11
JNE SHORT 004416FD
004416EC |. F7C1 00400700 TEST ECX,00074000
004416F2 |. 75 05
JNE SHORT 004416F9
004416F4 |. 3945 E0
CMP DWORD PTR SS:[LOCAL.8],EAX
004416F7 |. 74 04
JE SHORT 004416FD
004416F9 |> 804D FF 80
OR BYTE PTR SS:[LOCAL.1+3],80
004416FD |> 8BC1
MOV EAX,ECX
004416FF |. 83E0 03
AND EAX,00000003
00441702 |. 2BC3
SUB EAX,EBX
00441704 |. BA 000000C0 MOV EDX,C0000000
00441709 |. BF 00000080 MOV EDI,80000000
0044170E |. 74 47
JE SHORT 00441757
00441710 |. 48
DEC EAX
ases 1..2, 3 exits)
00441711 |. 74 2E
JE SHORT 00441741
00441713 |. 48
DEC EAX
00441714 |. 74 26
JE SHORT 0044173C
00441716 |> E8 F52CFFFF CALL 00434410
fo.00434410, default case of switch SystemInfo.441710
0044171B |. 8918
MOV DWORD PTR DS:[EAX],EBX
0044171D |. 830E FF
OR DWORD PTR DS:[ESI],FFFFFFFF
00441720 |. E8 D82CFFFF CALL 004343FD
fo.004343FD
00441725 |. 6A 16
PUSH 16
00441727 |. 5E
POP ESI
00441728 |. 53
PUSH EBX
00441729 |. 53
PUSH EBX
0044172A |. 53
PUSH EBX
0044172B |. 53
PUSH EBX
0044172C |. 53
PUSH EBX
0044172D |. 8930
MOV DWORD PTR DS:[EAX],ESI
0044172F |. E8 2ED1FEFF CALL 0042E862
fo.0042E862
00441734 |. 83C4 14
ADD ESP,14
00441737 |. E9 01050000 JMP 00441C3D
0044173C |> 8955 F8
MOV DWORD PTR SS:[LOCAL.2],EDX
switch SystemInfo.441710
0044173F |. EB 19
JMP SHORT 0044175A
00441741 |> F6C1 08
TEST CL,08
switch SystemInfo.441710
00441744 |. 74 08
JE SHORT 0044174E
00441746 |. F7C1 00000700 TEST ECX,00070000
0044174C |.^ 75 EE
JNE SHORT 0044173C
0044174E |> C745 F8 00000 MOV DWORD PTR SS:[LOCAL.2],40000000
00441755 |. EB 03
JMP SHORT 0044175A
00441757 |> 897D F8
MOV DWORD PTR SS:[LOCAL.2],EDI
0044175A |> 8B45 14
MOV EAX,DWORD PTR SS:[ARG.4]
0044175D |. 6A 10
PUSH 10
0044175F |. 59
POP ECX
00441760 |. 2BC1
SUB EAX,ECX
00441762 |. 74 37
JE SHORT 0044179B
00441764 |. 2BC1
SUB EAX,ECX
00441766 |. 74 2A
JE SHORT 00441792
00441768 |. 2BC1
SUB EAX,ECX
0044176A |. 74 1D
JE SHORT 00441789
0044176C |. 2BC1
SUB EAX,ECX
0044176E |. 74 10
JE SHORT 00441780
00441770 |. 83E8 40
SUB EAX,40

; Switch (c

; [SystemIn

; [SystemIn

;
;
;
;
;
;
;

/Arg5
|Arg4
|Arg3
|Arg2
|Arg1
|
\SystemIn

; Case 2 of
; Case 1 of

00441773
00441775
00441778
0044177B
0044177E
00441780
00441787
00441789
00441790
00441792
00441799
0044179B
0044179E
004417A1
004417A6
004417A8
004417AD
004417AF
004417B4
004417B6
004417B8
004417BA
004417BC
004417BE
004417C0
004417C5
004417CB
004417D0
004417D6
004417DD
004417DF
004417E6
004417E8
004417EF
004417F1
004417F6
004417F8
004417FD
004417FF
00441801
00441807
0044180E
00441811
00441818
0044181A
0044181C
00441822
00441824
00441827
00441829
0044182B
00441832
00441834
00441836
0044183D
00441844
00441848
0044184D
0044184F
00441852

|.^
|.
|.
|.
|.
|>
|.
|>
|.
|>
|.
|>
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.^
|.
|.
|>
|.
|>
|.
|>
|.
|.
|.
|.
|.^
|>
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|>
|.
|.
|>

75 A1
397D F8
0F94C0
8945 F0
EB 1E
C745 F0 03000
EB 15
C745 F0 02000
EB 0C
C745 F0 01000
EB 03
895D F0
8B45 10
BA 00070000
23C2
B9 00040000
3BC1
BF 00010000
7F 3B
74 30
3BC3
74 2C
3BC7
74 1F
3D 00020000
0F84 94000000
3D 00030000
0F85 40FFFFFF
C745 EC 02000
EB 2F
C745 EC 04000
EB 26
C745 EC 03000
EB 1D
3D 00050000
74 0F
3D 00060000
74 60
3BC2
0F85 0FFFFFFF
C745 EC 01000
8B45 10
C745 F4 80000
85C7
74 16
8B0D D0314500
F7D1
234D 18
84C9
78 07
C745 F4 01000
A8 40
74 12
814D F4 00000
814D F8 00000
834D F0 04
A9 00100000
74 03
097D F4
A8 20

JNE SHORT 00441716


CMP DWORD PTR SS:[LOCAL.2],EDI
SETE AL
MOV DWORD PTR SS:[LOCAL.4],EAX
JMP SHORT 0044179E
MOV DWORD PTR SS:[LOCAL.4],3
JMP SHORT 0044179E
MOV DWORD PTR SS:[LOCAL.4],2
JMP SHORT 0044179E
MOV DWORD PTR SS:[LOCAL.4],1
JMP SHORT 0044179E
MOV DWORD PTR SS:[LOCAL.4],EBX
MOV EAX,DWORD PTR SS:[ARG.3]
MOV EDX,700
AND EAX,EDX
MOV ECX,400
CMP EAX,ECX
MOV EDI,100
JG SHORT 004417F1
JE SHORT 004417E8
CMP EAX,EBX
JE SHORT 004417E8
CMP EAX,EDI
JE SHORT 004417DF
CMP EAX,200
JE 0044185F
CMP EAX,300
JNE 00441716
MOV DWORD PTR SS:[LOCAL.5],2
JMP SHORT 0044180E
MOV DWORD PTR SS:[LOCAL.5],4
JMP SHORT 0044180E
MOV DWORD PTR SS:[LOCAL.5],3
JMP SHORT 0044180E
CMP EAX,500
JE SHORT 00441807
CMP EAX,600
JE SHORT 0044185F
CMP EAX,EDX
JNE 00441716
MOV DWORD PTR SS:[LOCAL.5],1
MOV EAX,DWORD PTR SS:[ARG.3]
MOV DWORD PTR SS:[LOCAL.3],80
TEST EDI,EAX
JE SHORT 00441832
MOV ECX,DWORD PTR DS:[4531D0]
NOT ECX
AND ECX,DWORD PTR SS:[ARG.5]
TEST CL,CL
JS SHORT 00441832
MOV DWORD PTR SS:[LOCAL.3],1
TEST AL,40
JE SHORT 00441848
OR DWORD PTR SS:[LOCAL.3],04000000
OR DWORD PTR SS:[LOCAL.2],00010000
OR DWORD PTR SS:[LOCAL.4],00000004
TEST EAX,00001000
JE SHORT 00441852
OR DWORD PTR SS:[LOCAL.3],EDI
TEST AL,20

00441854 |. 74 12
00441856 |. 814D F4 00000
0044185D |. EB 14
0044185F |> C745 EC 05000
00441866 |.^ EB A6
00441868 |> A8 10
0044186A |. 74 07
0044186C |. 814D F4 00000
00441873 |> E8 69F3FFFF
00441878 |. 8906
0044187A |. 83F8 FF
0044187D |. 75 1A
0044187F |. E8 8C2BFFFF
fo.00434410
00441884 |. 8918
00441886 |. 830E FF
00441889 |. E8 6F2BFFFF
fo.004343FD
0044188E |. C700 18000000
00441894 |. E9 8E000000
00441899 |> 8B45 08
0044189C |. 8B3D 1C814400
004418A2 |. 53
e
004418A3 |. FF75 F4
es => [LOCAL.3]
004418A6 |. C700 01000000
004418AC |. FF75 EC
Distribution => [LOCAL.5]
004418AF |. 8D45 CC
004418B2 |. 50
y => OFFSET LOCAL.13
004418B3 |. FF75 F0
e => [LOCAL.4]
004418B6 |. FF75 F8
ccess => [LOCAL.2]
004418B9 |. FF75 0C
=> [ARG.2]
004418BC |. FFD7
.CreateFileW
004418BE |. 8945 E4
004418C1 |. 83F8 FF
004418C4 |. 75 6D
004418C6 |. 8B4D F8
004418C9 |. B8 000000C0
004418CE |. 23C8
004418D0 |. 3BC8
004418D2 |. 75 2B
004418D4 |. F645 10 01
004418D8 |. 74 25
004418DA |. 8165 F8 FFFFF
004418E1 |. 53
e
004418E2 |. FF75 F4
es => [LOCAL.3]
004418E5 |. 8D45 CC
004418E8 |. FF75 EC
Distribution => [LOCAL.5]
004418EB |. 50
y => OFFSET LOCAL.13

JE SHORT 00441868
OR DWORD PTR SS:[LOCAL.3],08000000
JMP SHORT 00441873
MOV DWORD PTR SS:[LOCAL.5],5
JMP SHORT 0044180E
TEST AL,10
JE SHORT 00441873
OR DWORD PTR SS:[LOCAL.3],10000000
CALL 00440BE1
MOV DWORD PTR DS:[ESI],EAX
CMP EAX,-1
JNE SHORT 00441899
CALL 00434410

; [SystemIn

MOV DWORD PTR DS:[EAX],EBX


OR DWORD PTR DS:[ESI],FFFFFFFF
CALL 004343FD

; [SystemIn

MOV DWORD PTR DS:[EAX],18


JMP 00441927
MOV EAX,DWORD PTR SS:[ARG.1]
MOV EDI,DWORD PTR DS:[<&KERNEL32.CreateF
PUSH EBX
; /hTemplat
PUSH DWORD PTR SS:[LOCAL.3]

; |Attribut

MOV DWORD PTR DS:[EAX],1


PUSH DWORD PTR SS:[LOCAL.5]

; |
; |Creation

LEA EAX,[LOCAL.13]
PUSH EAX

; |
; |pSecurit

PUSH DWORD PTR SS:[LOCAL.4]

; |ShareMod

PUSH DWORD PTR SS:[LOCAL.2]

; |DesiredA

PUSH DWORD PTR SS:[ARG.2]

; |FileName

CALL EDI

; \KERNEL32

MOV DWORD PTR SS:[LOCAL.7],EAX


CMP EAX,-1
JNE SHORT 00441933
MOV ECX,DWORD PTR SS:[LOCAL.2]
MOV EAX,C0000000
AND ECX,EAX
CMP ECX,EAX
JNE SHORT 004418FF
TEST BYTE PTR SS:[ARG.3],01
JE SHORT 004418FF
AND DWORD PTR SS:[LOCAL.2],7FFFFFFF
PUSH EBX

; /hTemplat

PUSH DWORD PTR SS:[LOCAL.3]

; |Attribut

LEA EAX,[LOCAL.13]
PUSH DWORD PTR SS:[LOCAL.5]

; |
; |Creation

PUSH EAX

; |pSecurit

004418EC |. FF75 F0
e => [LOCAL.4]
004418EF |. FF75 F8
ccess => [LOCAL.2]
004418F2 |. FF75 0C
=> [ARG.2]
004418F5 |. FFD7
.CreateFileW
004418F7 |. 8945 E4
004418FA |. 83F8 FF
004418FD |. 75 34
004418FF |> 8B36
00441901 |. 8BC6
00441903 |. C1F8 05
00441906 |. 8B0485 A03745
0044190D |. 83E6 1F
00441910 |. C1E6 06
00441913 |. 8D4430 04
00441917 |. 8020 FE
0044191A |. FF15 58804400
.GetLastError
00441920 |. 50
00441921 |. E8 FD2AFFFF
fo.00434423
00441926 |> 59
00441927 |> E8 D12AFFFF
fo.004343FD
0044192C |. 8B00
0044192E |. E9 75040000
00441933 |> FF75 E4
[LOCAL.7]
00441936 |. FF15 D0814400
.GetFileType
0044193C |. 3BC3
0044193E |. 75 44
00441940 |. 8B36
00441942 |. 8BC6
00441944 |. C1F8 05
00441947 |. 8B0485 A03745
0044194E |. 83E6 1F
00441951 |. C1E6 06
00441954 |. 8D4430 04
00441958 |. 8020 FE
0044195B |. FF15 58804400
.GetLastError
00441961 |. 8BF0
00441963 |. 56
00441964 |. E8 BA2AFFFF
fo.00434423
00441969 |. 59
0044196A |. FF75 E4
=> [LOCAL.7]
0044196D |. FF15 30804400
.CloseHandle
00441973 |. 3BF3
00441975 |.^ 75 B0
00441977 |. E8 812AFFFF
fo.004343FD
0044197C |. C700 0D000000
00441982 |.^ EB A3

PUSH DWORD PTR SS:[LOCAL.4]

; |ShareMod

PUSH DWORD PTR SS:[LOCAL.2]

; |DesiredA

PUSH DWORD PTR SS:[ARG.2]

; |FileName

CALL EDI

; \KERNEL32

MOV DWORD PTR SS:[LOCAL.7],EAX


CMP EAX,-1
JNE SHORT 00441933
MOV ESI,DWORD PTR DS:[ESI]
MOV EAX,ESI
SAR EAX,5
MOV EAX,DWORD PTR DS:[EAX*4+4537A0]
AND ESI,0000001F
SHL ESI,6
LEA EAX,[ESI+EAX+4]
AND BYTE PTR DS:[EAX],FE
CALL DWORD PTR DS:[<&KERNEL32.GetLastErr ; [KERNEL32
PUSH EAX
CALL 00434423

; /Arg1
; \SystemIn

POP ECX
CALL 004343FD

; [SystemIn

MOV EAX,DWORD PTR DS:[EAX]


JMP 00441DA8
PUSH DWORD PTR SS:[LOCAL.7]

; /hFile =>

CALL DWORD PTR DS:[<&KERNEL32.GetFileTyp ; \KERNEL32


CMP EAX,EBX
JNE SHORT 00441984
MOV ESI,DWORD PTR DS:[ESI]
MOV EAX,ESI
SAR EAX,5
MOV EAX,DWORD PTR DS:[EAX*4+4537A0]
AND ESI,0000001F
SHL ESI,6
LEA EAX,[ESI+EAX+4]
AND BYTE PTR DS:[EAX],FE
CALL DWORD PTR DS:[<&KERNEL32.GetLastErr ; [KERNEL32
MOV ESI,EAX
PUSH ESI
CALL 00434423

; /Arg1
; \SystemIn

POP ECX
PUSH DWORD PTR SS:[LOCAL.7]

; /hObject

CALL DWORD PTR DS:[<&KERNEL32.CloseHandl ; \KERNEL32


CMP ESI,EBX
JNE SHORT 00441927
CALL 004343FD
MOV DWORD PTR DS:[EAX],0D
JMP SHORT 00441927

; [SystemIn

00441984 |>
00441987 |.
00441989 |.
0044198D |.
0044198F |>
00441992 |.
00441994 |.
00441998 |>
[LOCAL.7]
0044199B |.
0044199D |.
fo.0044099C
004419A2 |.
004419A4 |.
004419A6 |.
004419A9 |.
004419AC |.
004419B3 |.
004419B4 |.
004419B7 |.
004419B8 |.
004419BB |.
004419BE |.
004419C2 |.
004419C4 |.
004419C6 |.
004419C9 |.
004419CC |.
004419D3 |.
004419D6 |.
004419DA |.
004419DD |.
004419E0 |.
004419E4 |.
004419E7 |.
004419ED |.
004419F0 |.
004419F6 |.
004419FA |.
004419FC |.
004419FE |.
00441A01 |.
-1
00441A02 |.
00441A04 |.
fo.0043BC15
00441A09 |.
00441A0C |.
00441A0F |.
00441A11 |.
00441A13 |.
fo.00434410
00441A18 |.
00441A1E |.
00441A20 |>
00441A22 |.
fo.0043C100
00441A27 |.^
00441A2C |>
00441A2E |.

83F8 02
75 06
804D FF 40
EB 09
83F8 03
75 04
804D FF 08
FF75 E4

CMP EAX,2
JNE SHORT 0044198F
OR BYTE PTR SS:[LOCAL.1+3],40
JMP SHORT 00441998
CMP EAX,3
JNE SHORT 00441998
OR BYTE PTR SS:[LOCAL.1+3],08
PUSH DWORD PTR SS:[LOCAL.7]

; /Arg2 =>

FF36
E8 FAEFFFFF

PUSH DWORD PTR DS:[ESI]


CALL 0044099C

; |Arg1
; \SystemIn

8B06
8BD0
83E0 1F
C1FA 05
8B1495 A03745
59
C1E0 06
59
8A4D FF
80C9 01
884C02 04
8B06
8BD0
83E0 1F
C1FA 05
8B1495 A03745
C1E0 06
8D4402 24
8020 80
884D FD
8065 FD 48
884D FF
0F85 81000000
F6C1 80
0F84 B2020000
F645 10 02
74 72
6A 02
83CF FF
57

MOV EAX,DWORD PTR DS:[ESI]


MOV EDX,EAX
AND EAX,0000001F
SAR EDX,5
MOV EDX,DWORD PTR DS:[EDX*4+4537A0]
POP ECX
SHL EAX,6
POP ECX
MOV CL,BYTE PTR SS:[LOCAL.1+3]
OR CL,01
MOV BYTE PTR DS:[EAX+EDX+4],CL
MOV EAX,DWORD PTR DS:[ESI]
MOV EDX,EAX
AND EAX,0000001F
SAR EDX,5
MOV EDX,DWORD PTR DS:[EDX*4+4537A0]
SHL EAX,6
LEA EAX,[EAX+EDX+24]
AND BYTE PTR DS:[EAX],80
MOV BYTE PTR SS:[LOCAL.1+1],CL
AND BYTE PTR SS:[LOCAL.1+1],48
MOV BYTE PTR SS:[LOCAL.1+3],CL
JNE 00441A6E
TEST CL,80
JE 00441CA8
TEST BYTE PTR SS:[ARG.3],02
JE SHORT 00441A6E
PUSH 2
OR EDI,FFFFFFFF
PUSH EDI

; /Arg3 = 2
; |
; |Arg2 =>

FF36
E8 0CA2FFFF

PUSH DWORD PTR DS:[ESI]


CALL 0043BC15

; |Arg1
; \SystemIn

83C4 0C
8945 E8
3BC7
75 19
E8 F829FFFF

ADD ESP,0C
MOV DWORD PTR SS:[LOCAL.6],EAX
CMP EAX,EDI
JNE SHORT 00441A2C
CALL 00434410

; [SystemIn

8138 83000000
74 4E
FF36
E8 D9A6FFFF

CMP DWORD PTR DS:[EAX],83


JE SHORT 00441A6E
PUSH DWORD PTR DS:[ESI]
CALL 0043C100

; /Arg1
; \SystemIn

E9 FAFEFFFF
6A 01
8D45 DC

JMP 00441926
PUSH 1
LEA EAX,[LOCAL.9]

; /Arg3 = 1
; |

00441A31 |. 50
OFFSET LOCAL.9
00441A32 |. FF36
00441A34 |. 895D DC
00441A37 |. E8 DEF3FFFF
fo.00440E1A
00441A3C |. 83C4 0C
00441A3F |. 85C0
00441A41 |. 75 1B
00441A43 |. 66:837D DC 1A
00441A48 |. 75 14
00441A4A |. 8B45 E8
00441A4D |. 99
00441A4E |. 52
00441A4F |. 50
[LOCAL.6]
00441A50 |. FF36
00441A52 |. E8 2F290000
fo.00444386
00441A57 |. 83C4 0C
00441A5A |. 3BC7
00441A5C |.^ 74 C2
00441A5E |> 53
00441A5F |. 53
00441A60 |. FF36
00441A62 |. E8 AEA1FFFF
fo.0043BC15
00441A67 |. 83C4 0C
00441A6A |. 3BC7
00441A6C |.^ 74 B2
00441A6E |> F645 FF 80
00441A72 |. 0F84 30020000
00441A78 |. BF 00400700
00441A7D |. B9 00400000
00441A82 |. 857D 10
00441A85 |. 75 0F
00441A87 |. 8B45 E0
00441A8A |. 23C7
00441A8C |. 75 05
00441A8E |. 094D 10
00441A91 |. EB 03
00441A93 |> 0945 10
00441A96 |> 8B45 10
00441A99 |. 23C7
00441A9B |. 3BC1
00441A9D |. 74 44
00441A9F |. 3D 00000100
00441AA4 |. 74 29
00441AA6 |. 3D 00400100
00441AAB |. 74 22
00441AAD |. 3D 00000200
00441AB2 |. 74 29
00441AB4 |. 3D 00400200
00441AB9 |. 74 22
00441ABB |. 3D 00000400
00441AC0 |. 74 07
00441AC2 |. 3D 00400400
00441AC7 |. 75 1D
00441AC9 |> C645 FE 01
00441ACD |. EB 17

PUSH EAX

; |Arg2 =>

PUSH DWORD PTR DS:[ESI]


MOV DWORD PTR SS:[LOCAL.9],EBX
CALL 00440E1A

; |Arg1
; |
; \SystemIn

ADD ESP,0C
TEST EAX,EAX
JNE SHORT 00441A5E
CMP WORD PTR SS:[LOCAL.9],1A
JNE SHORT 00441A5E
MOV EAX,DWORD PTR SS:[LOCAL.6]
CDQ
PUSH EDX
PUSH EAX

; /Arg3
; |Arg2 =>

PUSH DWORD PTR DS:[ESI]


CALL 00444386

; |Arg1
; \SystemIn

ADD ESP,0C
CMP EAX,EDI
JE SHORT 00441A20
PUSH EBX
PUSH EBX
PUSH DWORD PTR DS:[ESI]
CALL 0043BC15

;
;
;
;

ADD ESP,0C
CMP EAX,EDI
JE SHORT 00441A20
TEST BYTE PTR SS:[LOCAL.1+3],80
JE 00441CA8
MOV EDI,74000
MOV ECX,4000
TEST DWORD PTR SS:[ARG.3],EDI
JNE SHORT 00441A96
MOV EAX,DWORD PTR SS:[LOCAL.8]
AND EAX,EDI
JNE SHORT 00441A93
OR DWORD PTR SS:[ARG.3],ECX
JMP SHORT 00441A96
OR DWORD PTR SS:[ARG.3],EAX
MOV EAX,DWORD PTR SS:[ARG.3]
AND EAX,EDI
CMP EAX,ECX
JE SHORT 00441AE3
CMP EAX,10000
JE SHORT 00441ACF
CMP EAX,14000
JE SHORT 00441ACF
CMP EAX,20000
JE SHORT 00441ADD
CMP EAX,24000
JE SHORT 00441ADD
CMP EAX,40000
JE SHORT 00441AC9
CMP EAX,44000
JNE SHORT 00441AE6
MOV BYTE PTR SS:[LOCAL.1+2],1
JMP SHORT 00441AE6

/Arg3
|Arg2
|Arg1
\SystemIn

00441ACF |> 8B4D 10


00441AD2 |. B8 01030000
00441AD7 |. 23C8
00441AD9 |. 3BC8
00441ADB |. 75 09
00441ADD |> C645 FE 02
00441AE1 |. EB 03
00441AE3 |> 885D FE
00441AE6 |> F745 10 00000
00441AED |. 0F84 B5010000
00441AF3 |. F645 FF 40
00441AF7 |. 895D E8
00441AFA |. 0F85 A8010000
00441B00 |. 8B45 F8
00441B03 |. B9 000000C0
00441B08 |. 23C1
00441B0A |. 3D 00000040
00441B0F |. 0F84 B7000000
00441B15 |. 3D 00000080
00441B1A |. 74 77
00441B1C |. 3BC1
00441B1E |. 0F85 84010000
00441B24 |. 8B45 EC
00441B27 |. 3BC3
00441B29 |. 0F86 79010000
00441B2F |. 83F8 02
00441B32 |. 76 0E
00441B34 |. 83F8 04
00441B37 |. 76 30
00441B39 |> 83F8 05
00441B3C |. 0F85 66010000
00441B42 |> 0FBE45 FE
00441B46 |. 33FF
ases 1..2, 3 exits)
00441B48 |. 48
00441B49 |. 0F84 26010000
00441B4F |. 48
00441B50 |. 0F85 52010000
00441B56 |. C745 E8 FFFE0
switch SystemInfo.441B46
00441B5D |. C745 EC 02000
00441B64 |. E9 1A010000
00441B69 |> 6A 02
00441B6B |. 53
00441B6C |. 53
00441B6D |. FF36
00441B6F |. E8 4BCDFFFF
fo.0043E8BF
00441B74 |. 83C4 10
00441B77 |. 0BC2
00441B79 |.^ 74 C7
00441B7B |. 53
00441B7C |. 53
00441B7D |. 53
00441B7E |. FF36
00441B80 |. E8 3ACDFFFF
fo.0043E8BF
00441B85 |. 23C2
00441B87 |. 83C4 10
00441B8A |. 83F8 FF

MOV ECX,DWORD PTR SS:[ARG.3]


MOV EAX,301
AND ECX,EAX
CMP ECX,EAX
JNE SHORT 00441AE6
MOV BYTE PTR SS:[LOCAL.1+2],2
JMP SHORT 00441AE6
MOV BYTE PTR SS:[LOCAL.1+2],BL
TEST DWORD PTR SS:[ARG.3],00070000
JE 00441CA8
TEST BYTE PTR SS:[LOCAL.1+3],40
MOV DWORD PTR SS:[LOCAL.6],EBX
JNE 00441CA8
MOV EAX,DWORD PTR SS:[LOCAL.2]
MOV ECX,C0000000
AND EAX,ECX
CMP EAX,40000000
JE 00441BCC
CMP EAX,80000000
JE SHORT 00441B93
CMP EAX,ECX
JNE 00441CA8
MOV EAX,DWORD PTR SS:[LOCAL.5]
CMP EAX,EBX
JBE 00441CA8
CMP EAX,2
JBE SHORT 00441B42
CMP EAX,4
JBE SHORT 00441B69
CMP EAX,5
JNE 00441CA8
MOVSX EAX,BYTE PTR SS:[LOCAL.1+2]
XOR EDI,EDI

; Switch (c

DEC EAX
JE 00441C75
DEC EAX
JNE 00441CA8
MOV DWORD PTR SS:[LOCAL.6],0FEFF

; Case 2 of

MOV DWORD PTR SS:[LOCAL.5],2


JMP 00441C83
PUSH 2
PUSH EBX
PUSH EBX
PUSH DWORD PTR DS:[ESI]
CALL 0043E8BF

;
;
;
;
;

/Arg4 = 2
|Arg3
|Arg2
|Arg1
\SystemIn

ADD ESP,10
OR EAX,EDX
JE SHORT 00441B42
PUSH EBX
PUSH EBX
PUSH EBX
PUSH DWORD PTR DS:[ESI]
CALL 0043E8BF

;
;
;
;
;

/Arg4
|Arg3
|Arg2
|Arg1
\SystemIn

AND EAX,EDX
ADD ESP,10
CMP EAX,-1

00441B8D |.^ 0F84 8DFEFFFF


00441B93 |> 6A 03
00441B95 |. 8D45 E8
00441B98 |. 50
OFFSET LOCAL.6
00441B99 |. FF36
00441B9B |. E8 7AF2FFFF
fo.00440E1A
00441BA0 |. 83C4 0C
00441BA3 |. 83F8 FF
00441BA6 |.^ 0F84 74FEFFFF
00441BAC |. 83F8 02
00441BAF |. 74 6B
00441BB1 |. 83F8 03
00441BB4 |. 0F85 AD000000
00441BBA |. 817D E8 EFBBB
00441BC1 |. 75 59
00441BC3 |. C645 FE 01
00441BC7 |. E9 DC000000
00441BCC |> 8B45 EC
00441BCF |. 3BC3
00441BD1 |. 0F86 D1000000
00441BD7 |. 83F8 02
00441BDA |.^ 0F86 62FFFFFF
00441BE0 |. 83F8 04
00441BE3 |.^ 0F87 50FFFFFF
00441BE9 |. 6A 02
00441BEB |. 53
00441BEC |. 53
00441BED |. FF36
00441BEF |. E8 CBCCFFFF
fo.0043E8BF
00441BF4 |. 83C4 10
00441BF7 |. 0BC2
00441BF9 |.^ 0F84 43FFFFFF
00441BFF |. 53
00441C00 |. 53
00441C01 |. 53
00441C02 |. FF36
00441C04 |. E8 B6CCFFFF
fo.0043E8BF
00441C09 |. 83C4 10
00441C0C |. 23C2
00441C0E |> 83F8 FF
00441C11 |. 0F85 91000000
00441C17 |.^ E9 04FEFFFF
00441C1C |> 8B45 E8
00441C1F |. 25 FFFF0000
00441C24 |. 3D FEFF0000
00441C29 |. 75 19
00441C2B |. FF36
00441C2D |. E8 CEA4FFFF
fo.0043C100
00441C32 |. 59
00441C33 |. E8 C527FFFF
fo.004343FD
00441C38 |. 6A 16
00441C3A |. 5E
00441C3B |. 8930
00441C3D |> 8BC6

JE 00441A20
PUSH 3
LEA EAX,[LOCAL.6]
PUSH EAX

; /Arg3 = 3
; |
; |Arg2 =>

PUSH DWORD PTR DS:[ESI]


CALL 00440E1A

; |Arg1
; \SystemIn

ADD ESP,0C
CMP EAX,-1
JE 00441A20
CMP EAX,2
JE SHORT 00441C1C
CMP EAX,3
JNE 00441C67
CMP DWORD PTR SS:[LOCAL.6],0BFBBEF
JNE SHORT 00441C1C
MOV BYTE PTR SS:[LOCAL.1+2],1
JMP 00441CA8
MOV EAX,DWORD PTR SS:[LOCAL.5]
CMP EAX,EBX
JBE 00441CA8
CMP EAX,2
JBE 00441B42
CMP EAX,4
JA 00441B39
PUSH 2
PUSH EBX
PUSH EBX
PUSH DWORD PTR DS:[ESI]
CALL 0043E8BF

;
;
;
;
;

/Arg4 = 2
|Arg3
|Arg2
|Arg1
\SystemIn

ADD ESP,10
OR EAX,EDX
JE 00441B42
PUSH EBX
PUSH EBX
PUSH EBX
PUSH DWORD PTR DS:[ESI]
CALL 0043E8BF

;
;
;
;
;

/Arg4
|Arg3
|Arg2
|Arg1
\SystemIn

ADD ESP,10
AND EAX,EDX
CMP EAX,-1
JNE 00441CA8
JMP 00441A20
MOV EAX,DWORD PTR SS:[LOCAL.6]
AND EAX,0000FFFF
CMP EAX,0FFFE
JNE SHORT 00441C44
PUSH DWORD PTR DS:[ESI]
CALL 0043C100

; /Arg1
; \SystemIn

POP ECX
CALL 004343FD

; [SystemIn

PUSH 16
POP ESI
MOV DWORD PTR DS:[EAX],ESI
MOV EAX,ESI

00441C3F |. E9 64010000 JMP 00441DA8


00441C44 |> 3D FFFE0000 CMP EAX,0FEFF
00441C49 |. 75 1C
JNE SHORT 00441C67
00441C4B |. 53
PUSH EBX
00441C4C |. 6A 02
PUSH 2
00441C4E |. FF36
PUSH DWORD PTR DS:[ESI]
00441C50 |. E8 C09FFFFF CALL 0043BC15
fo.0043BC15
00441C55 |. 83C4 0C
ADD ESP,0C
00441C58 |. 83F8 FF
CMP EAX,-1
00441C5B |.^ 0F84 BFFDFFFF JE 00441A20
00441C61 |. C645 FE 02
MOV BYTE PTR SS:[LOCAL.1+2],2
00441C65 |. EB 41
JMP SHORT 00441CA8
00441C67 |> 53
PUSH EBX
00441C68 |. 53
PUSH EBX
00441C69 |. FF36
PUSH DWORD PTR DS:[ESI]
00441C6B |. E8 A59FFFFF CALL 0043BC15
fo.0043BC15
00441C70 |. 83C4 0C
ADD ESP,0C
00441C73 |.^ EB 99
JMP SHORT 00441C0E
00441C75 |> C745 E8 EFBBB MOV DWORD PTR SS:[LOCAL.6],0BFBBEF
switch SystemInfo.441B46
00441C7C |. C745 EC 03000 MOV DWORD PTR SS:[LOCAL.5],3
00441C83 |> 8B45 EC
/MOV EAX,DWORD PTR SS:[LOCAL.5]
00441C86 |. 2BC7
|SUB EAX,EDI
00441C88 |. 50
|PUSH EAX
00441C89 |. 8D443D E8
|LEA EAX,[EDI+EBP-18]
00441C8D |. 50
|PUSH EAX
00441C8E |. FF36
|PUSH DWORD PTR DS:[ESI]
00441C90 |. E8 5F95FFFF |CALL 0043B1F4
00441C95 |. 83C4 0C
|ADD ESP,0C
00441C98 |. 83F8 FF
|CMP EAX,-1
00441C9B |.^ 0F84 7FFDFFFF |JE 00441A20
00441CA1 |. 03F8
|ADD EDI,EAX
00441CA3 |. 397D EC
|CMP DWORD PTR SS:[LOCAL.5],EDI
00441CA6 |.^ 7F DB
\JG SHORT 00441C83
00441CA8 |> 8B06
MOV EAX,DWORD PTR DS:[ESI]
ase of switch SystemInfo.441B46
00441CAA |. 8BC8
MOV ECX,EAX
00441CAC |. C1F9 05
SAR ECX,5
00441CAF |. 8B0C8D A03745 MOV ECX,DWORD PTR DS:[ECX*4+4537A0]
00441CB6 |. 83E0 1F
AND EAX,0000001F
00441CB9 |. C1E0 06
SHL EAX,6
00441CBC |. 8D4401 24
LEA EAX,[EAX+ECX+24]
00441CC0 |. 8A08
MOV CL,BYTE PTR DS:[EAX]
00441CC2 |. 324D FE
XOR CL,BYTE PTR SS:[LOCAL.1+2]
00441CC5 |. 80E1 7F
AND CL,7F
00441CC8 |. 3008
XOR BYTE PTR DS:[EAX],CL
00441CCA |. 8B06
MOV EAX,DWORD PTR DS:[ESI]
00441CCC |. 8BC8
MOV ECX,EAX
00441CCE |. C1F9 05
SAR ECX,5
00441CD1 |. 8B0C8D A03745 MOV ECX,DWORD PTR DS:[ECX*4+4537A0]
00441CD8 |. 83E0 1F
AND EAX,0000001F
00441CDB |. C1E0 06
SHL EAX,6
00441CDE |. 8D4401 24
LEA EAX,[EAX+ECX+24]
00441CE2 |. 8B4D 10
MOV ECX,DWORD PTR SS:[ARG.3]
00441CE5 |. 8A10
MOV DL,BYTE PTR DS:[EAX]
00441CE7 |. C1E9 10
SHR ECX,10
00441CEA |. C0E1 07
SHL CL,7
00441CED |. 80E2 7F
AND DL,7F

;
;
;
;

/Arg3
|Arg2 = 2
|Arg1
\SystemIn

;
;
;
;

/Arg3
|Arg2
|Arg1
\SystemIn

; Case 1 of

; Default c

00441CF0 |. 0ACA
OR CL,DL
00441CF2 |. 8808
MOV BYTE PTR DS:[EAX],CL
00441CF4 |. 385D FD
CMP BYTE PTR SS:[LOCAL.1+1],BL
00441CF7 |. 75 21
JNE SHORT 00441D1A
00441CF9 |. F645 10 08
TEST BYTE PTR SS:[ARG.3],08
00441CFD |. 74 1B
JE SHORT 00441D1A
00441CFF |. 8B06
MOV EAX,DWORD PTR DS:[ESI]
00441D01 |. 8BC8
MOV ECX,EAX
00441D03 |. 83E0 1F
AND EAX,0000001F
00441D06 |. C1F9 05
SAR ECX,5
00441D09 |. 8B0C8D A03745 MOV ECX,DWORD PTR DS:[ECX*4+4537A0]
00441D10 |. C1E0 06
SHL EAX,6
00441D13 |. 8D4401 04
LEA EAX,[EAX+ECX+4]
00441D17 |. 8008 20
OR BYTE PTR DS:[EAX],20
00441D1A |> 8B7D F8
MOV EDI,DWORD PTR SS:[LOCAL.2]
00441D1D |. B8 000000C0 MOV EAX,C0000000
00441D22 |. 8BCF
MOV ECX,EDI
00441D24 |. 23C8
AND ECX,EAX
00441D26 |. 3BC8
CMP ECX,EAX
00441D28 |. 75 7C
JNE SHORT 00441DA6
00441D2A |. F645 10 01
TEST BYTE PTR SS:[ARG.3],01
00441D2E |. 74 76
JE SHORT 00441DA6
00441D30 |. FF75 E4
PUSH DWORD PTR SS:[LOCAL.7]
=> [LOCAL.7]
00441D33 |. FF15 30804400 CALL DWORD PTR DS:[<&KERNEL32.CloseHandl
.CloseHandle
00441D39 |. 53
PUSH EBX
e
00441D3A |. FF75 F4
PUSH DWORD PTR SS:[LOCAL.3]
es => [LOCAL.3]
00441D3D |. 8D45 CC
LEA EAX,[LOCAL.13]
00441D40 |. 6A 03
PUSH 3
Distribution = OPEN_EXISTING
00441D42 |. 50
PUSH EAX
y => OFFSET LOCAL.13
00441D43 |. FF75 F0
PUSH DWORD PTR SS:[LOCAL.4]
e => [LOCAL.4]
00441D46 |. 81E7 FFFFFF7F AND EDI,7FFFFFFF
00441D4C |. 57
PUSH EDI
ccess
00441D4D |. FF75 0C
PUSH DWORD PTR SS:[ARG.2]
=> [ARG.2]
00441D50 |. FF15 1C814400 CALL DWORD PTR DS:[<&KERNEL32.CreateFile
.CreateFileW
00441D56 |. 83F8 FF
CMP EAX,-1
FFFFF => INVALID_HANDLE_VALUE
00441D59 |. 75 34
JNE SHORT 00441D8F
00441D5B |. FF15 58804400 CALL DWORD PTR DS:[<&KERNEL32.GetLastErr
.GetLastError
00441D61 |. 50
PUSH EAX
00441D62 |. E8 BC26FFFF CALL 00434423
fo.00434423
00441D67 |. 8B06
MOV EAX,DWORD PTR DS:[ESI]
00441D69 |. 8BC8
MOV ECX,EAX
00441D6B |. 83E0 1F
AND EAX,0000001F
00441D6E |. C1F9 05
SAR ECX,5
00441D71 |. 8B0C8D A03745 MOV ECX,DWORD PTR DS:[ECX*4+4537A0]
00441D78 |. C1E0 06
SHL EAX,6
00441D7B |. 8D4401 04
LEA EAX,[EAX+ECX+4]
00441D7F |. 8020 FE
AND BYTE PTR DS:[EAX],FE

; /hObject
; \KERNEL32
; /hTemplat
; |Attribut
; |
; |Creation
; |pSecurit
; |ShareMod
; |
; |DesiredA
; |FileName
; \KERNEL32
; CONST FFF
; [KERNEL32
; /Arg1
; \SystemIn

00441D82 |. FF36
00441D84 |. E8 94ECFFFF
fo.00440A1D
00441D89 |. 59
00441D8A |.^ E9 97FBFFFF
00441D8F |> 8B36
00441D91 |. 8BCE
00441D93 |. C1F9 05
00441D96 |. 8B0C8D A03745
00441D9D |. 83E6 1F
00441DA0 |. C1E6 06
00441DA3 |. 89040E
00441DA6 |> 8BC3
00441DA8 |> 5F
00441DA9 |. 5E
00441DAA |. 5B
00441DAB |. C9
00441DAC \. C3
00441DAD /$ 6A 14
00441DAF |. 68 D0F64400
00441DB4 |. E8 336CFFFF
00441DB9 |. 33F6
00441DBB |. 8975 E4
00441DBE |. 33C0
00441DC0 |. 8B7D 18
00441DC3 |. 3BFE
00441DC5 |. 0F95C0
00441DC8 |. 3BC6
00441DCA |. 75 1B
00441DCC |> E8 2C26FFFF
fo.004343FD
00441DD1 |. 6A 16
00441DD3 |. 5F
00441DD4 |. 8938
00441DD6 |. 56
00441DD7 |. 56
00441DD8 |. 56
00441DD9 |. 56
00441DDA |. 56
00441DDB |. E8 82CAFEFF
fo.0042E862
00441DE0 |. 83C4 14
00441DE3 |. 8BC7
00441DE5 |. EB 59
00441DE7 |> 830F FF
00441DEA |. 33C0
00441DEC |. 3975 08
00441DEF |. 0F95C0
00441DF2 |. 3BC6
00441DF4 |.^ 74 D6
00441DF6 |. 3975 1C
00441DF9 |. 74 0F
00441DFB |. 8B45 14
00441DFE |. 25 7FFEFFFF
00441E03 |. F7D8
EAX to boolean
00441E05 |. 1BC0
00441E07 |. 40
00441E08 |.^ 74 C2
00441E0A |> 8975 FC

PUSH DWORD PTR DS:[ESI]


CALL 00440A1D

; /Arg1
; \SystemIn

POP ECX
JMP 00441926
MOV ESI,DWORD PTR DS:[ESI]
MOV ECX,ESI
SAR ECX,5
MOV ECX,DWORD PTR DS:[ECX*4+4537A0]
AND ESI,0000001F
SHL ESI,6
MOV DWORD PTR DS:[ECX+ESI],EAX
MOV EAX,EBX
POP EDI
POP ESI
POP EBX
LEAVE
RETN
PUSH 14
PUSH OFFSET 0044F6D0
CALL 004389EC
XOR ESI,ESI
MOV DWORD PTR SS:[EBP-1C],ESI
XOR EAX,EAX
MOV EDI,DWORD PTR SS:[EBP+18]
CMP EDI,ESI
SETNE AL
CMP EAX,ESI
JNE SHORT 00441DE7
CALL 004343FD

; [SystemIn

PUSH 16
POP EDI
MOV DWORD PTR DS:[EAX],EDI
PUSH ESI
PUSH ESI
PUSH ESI
PUSH ESI
PUSH ESI
CALL 0042E862

;
;
;
;
;
;

ADD ESP,14
MOV EAX,EDI
JMP SHORT 00441E40
OR DWORD PTR DS:[EDI],FFFFFFFF
XOR EAX,EAX
CMP DWORD PTR SS:[EBP+8],ESI
SETNE AL
CMP EAX,ESI
JE SHORT 00441DCC
CMP DWORD PTR SS:[EBP+1C],ESI
JE SHORT 00441E0A
MOV EAX,DWORD PTR SS:[EBP+14]
AND EAX,FFFFFE7F
NEG EAX

; Converts

SBB EAX,EAX
INC EAX
JE SHORT 00441DCC
MOV DWORD PTR SS:[EBP-4],ESI

/Arg5
|Arg4
|Arg3
|Arg2
|Arg1
\SystemIn

00441E0D |. FF75 14
PUSH DWORD PTR SS:[EBP+14]
[ARG.EBP+14]
00441E10 |. FF75 10
PUSH DWORD PTR SS:[EBP+10]
[ARG.EBP+10]
00441E13 |. FF75 0C
PUSH DWORD PTR SS:[EBP+0C]
[ARG.EBP+0C]
00441E16 |. FF75 08
PUSH DWORD PTR SS:[EBP+8]
[ARG.EBP+8]
00441E19 |. 8D45 E4
LEA EAX,[EBP-1C]
00441E1C |. 50
PUSH EAX
ARG.EBP-1C
00441E1D |. 8BC7
MOV EAX,EDI
00441E1F |. E8 69F8FFFF CALL 0044168D
fo.0044168D
00441E24 |. 83C4 14
ADD ESP,14
00441E27 |. 8945 E0
MOV DWORD PTR SS:[EBP-20],EAX
00441E2A |. C745 FC FEFFF MOV DWORD PTR SS:[EBP-4],-2
00441E31 |. E8 15000000 CALL 00441E4B
00441E36 |. 8B45 E0
MOV EAX,DWORD PTR SS:[EBP-20]
00441E39 |. 3BC6
CMP EAX,ESI
00441E3B |. 74 03
JE SHORT 00441E40
00441E3D |. 830F FF
OR DWORD PTR DS:[EDI],FFFFFFFF
00441E40 |> E8 EC6BFFFF CALL 00438A31
00441E45 \. C3
RETN
00441E46
33
DB 33
00441E47
F6
DB F6
00441E48
8B
DB 8B
00441E49
7D
DB 7D
00441E4A
18
DB 18
00441E4B /$ 3975 E4
CMP DWORD PTR SS:[EBP-1C],ESI
00441E4E |. 74 28
JE SHORT 00441E78
00441E50 |. 3975 E0
CMP DWORD PTR SS:[EBP-20],ESI
00441E53 |. 74 1B
JE SHORT 00441E70
00441E55 |. 8B07
MOV EAX,DWORD PTR DS:[EDI]
00441E57 |. 8BC8
MOV ECX,EAX
00441E59 |. C1F9 05
SAR ECX,5
00441E5C |. 83E0 1F
AND EAX,0000001F
00441E5F |. C1E0 06
SHL EAX,6
00441E62 |. 8B0C8D A03745 MOV ECX,DWORD PTR DS:[ECX*4+4537A0]
00441E69 |. 8D4401 04
LEA EAX,[EAX+ECX+4]
00441E6D |. 8020 FE
AND BYTE PTR DS:[EAX],FE
00441E70 |> FF37
PUSH DWORD PTR DS:[EDI]
00441E72 |. E8 43EDFFFF CALL 00440BBA
00441E77 |. 59
POP ECX
00441E78 \> C3
RETN
00441E79 /$ 8BFF
MOV EDI,EDI
o.00441E79(guessed Arg1,Arg2,Arg3,Arg4,Arg5)
00441E7B |. 55
PUSH EBP
00441E7C |. 8BEC
MOV EBP,ESP
00441E7E |. 6A 01
PUSH 1
00441E80 |. FF75 08
PUSH DWORD PTR SS:[ARG.1]
00441E83 |. FF75 18
PUSH DWORD PTR SS:[ARG.5]
00441E86 |. FF75 14
PUSH DWORD PTR SS:[ARG.4]
00441E89 |. FF75 10
PUSH DWORD PTR SS:[ARG.3]
00441E8C |. FF75 0C
PUSH DWORD PTR SS:[ARG.2]
00441E8F |. E8 19FFFFFF CALL 00441DAD
00441E94 |. 83C4 18
ADD ESP,18
00441E97 |. 5D
POP EBP
00441E98 \. C3
RETN
00441E99 /$ 8BFF
MOV EDI,EDI

; /Arg5 =>
; |Arg4 =>
; |Arg3 =>
; |Arg2 =>
; |
; |Arg1 =>
; |
; \SystemIn

; CHAR '3'
; CHAR '}'

; SystemInf

00441E9B |.
00441E9C |.
00441E9E |.
00441EA1 |.
00441EA2 |.
00441EA3 |.
00441EA5 |.
00441EA7 |.
00441EA8 |.
00441EAB |.
00441EB1 |.
00441EB4 |.
00441EB6 |.
00441EB8 |>
fo.004343FD
00441EBD |.
00441EBE |.
00441EBF |.
00441EC0 |.
00441EC1 |.
00441EC2 |.
00441EC8 |.
fo.0042E862
00441ECD |.
00441ED0 |.
00441ED5 |.
00441EDA |>
00441EDD |.
00441EDF |.^
00441EE1 |.
[ARG.4]
00441EE4 |.
00441EE7 |.
fo.0042EC65
00441EEC |.
00441EEF |.
00441EF2 |.
00441EF4 |>
00441EF7 |.
00441EFB |.
00441EFD |.
00441F01 |.
00441F03 |.
00441F06 |>
00441F09 |.
00441F0C |.
00441F10 |.
00441F12 |.
00441F16 |.
00441F18 |.
00441F1B |>
00441F1C |.
00441F1D |.
00441F1E |.
00441F1F |.
00441F22 |.
00441F25 |.
00441F27 |.
00441F2A |.
00441F2C |.

55
8BEC
83EC 10
53
56
33F6
33C0
57
3975 10
0F84 CD000000
8B5D 08
3BDE
75 22
E8 4025FFFF

PUSH EBP
MOV EBP,ESP
SUB ESP,10
PUSH EBX
PUSH ESI
XOR ESI,ESI
XOR EAX,EAX
PUSH EDI
CMP DWORD PTR SS:[ARG.3],ESI
JE 00441F7E
MOV EBX,DWORD PTR SS:[ARG.1]
CMP EBX,ESI
JNE SHORT 00441EDA
CALL 004343FD

; [SystemIn

56
56
56
56
56
C700 16000000
E8 95C9FEFF

PUSH ESI
PUSH ESI
PUSH ESI
PUSH ESI
PUSH ESI
MOV DWORD PTR DS:[EAX],16
CALL 0042E862

;
;
;
;
;
;
;

83C4 14
B8 FFFFFF7F
E9 A4000000
8B7D 0C
3BFE
74 D7
FF75 14

ADD ESP,14
MOV EAX,7FFFFFFF
JMP 00441F7E
MOV EDI,DWORD PTR SS:[ARG.2]
CMP EDI,ESI
JE SHORT 00441EB8
PUSH DWORD PTR SS:[ARG.4]

; /Arg1 =>

8D4D F0
E8 79CDFEFF

LEA ECX,[LOCAL.4]
CALL 0042EC65

; |
; \SystemIn

8B45 F0
3970 14
75 3F
0FB703
66:83F8
72 09
66:83F8
77 03
83C0 20
0FB7F0
0FB707
66:83F8
72 09
66:83F8
77 03
83C0 20
43
43
47
47
FF4D 10
0FB7C0
74 42
66:85F6
74 3D
66:3BF0

MOV EAX,DWORD PTR SS:[LOCAL.4]


CMP DWORD PTR DS:[EAX+14],ESI
JNE SHORT 00441F33
/MOVZX EAX,WORD PTR DS:[EBX]
|CMP AX,41
|JB SHORT 00441F06
|CMP AX,5A
|JA SHORT 00441F06
|ADD EAX,20
|MOVZX ESI,AX
|MOVZX EAX,WORD PTR DS:[EDI]
|CMP AX,41
|JB SHORT 00441F1B
|CMP AX,5A
|JA SHORT 00441F1B
|ADD EAX,20
|INC EBX
|INC EBX
|INC EDI
|INC EDI
|DEC DWORD PTR SS:[ARG.3]
|MOVZX EAX,AX
|JE SHORT 00441F69
|TEST SI,SI
|JE SHORT 00441F69
|CMP SI,AX

41
5A

41
5A

/Arg5
|Arg4
|Arg3
|Arg2
|Arg1
|
\SystemIn

00441F2F |.^ 74 C3
\JE SHORT 00441EF4
00441F31 |. EB 36
JMP SHORT 00441F69
00441F33 |> 8D45 F0
/LEA EAX,[LOCAL.4]
00441F36 |. 50
|PUSH EAX
OFFSET LOCAL.4
00441F37 |. 0FB703
|MOVZX EAX,WORD PTR DS:[EBX]
00441F3A |. 50
|PUSH EAX
00441F3B |. E8 F1260000 |CALL 00444631
fo.00444631
00441F40 |. 0FB7F0
|MOVZX ESI,AX
00441F43 |. 8D45 F0
|LEA EAX,[LOCAL.4]
00441F46 |. 50
|PUSH EAX
OFFSET LOCAL.4
00441F47 |. 0FB707
|MOVZX EAX,WORD PTR DS:[EDI]
00441F4A |. 50
|PUSH EAX
00441F4B |. E8 E1260000 |CALL 00444631
fo.00444631
00441F50 |. 83C4 10
|ADD ESP,10
00441F53 |. 43
|INC EBX
00441F54 |. 43
|INC EBX
00441F55 |. 47
|INC EDI
00441F56 |. 47
|INC EDI
00441F57 |. FF4D 10
|DEC DWORD PTR SS:[ARG.3]
00441F5A |. 0FB7C0
|MOVZX EAX,AX
00441F5D |. 74 0A
|JE SHORT 00441F69
00441F5F |. 66:85F6
|TEST SI,SI
00441F62 |. 74 05
|JE SHORT 00441F69
00441F64 |. 66:3BF0
|CMP SI,AX
00441F67 |.^ 74 CA
\JE SHORT 00441F33
00441F69 |> 0FB7C8
MOVZX ECX,AX
00441F6C |. 0FB7C6
MOVZX EAX,SI
00441F6F |. 2BC1
SUB EAX,ECX
00441F71 |. 807D FC 00
CMP BYTE PTR SS:[LOCAL.1],0
00441F75 |. 74 07
JE SHORT 00441F7E
00441F77 |. 8B4D F8
MOV ECX,DWORD PTR SS:[LOCAL.2]
00441F7A |. 8361 70 FD
AND DWORD PTR DS:[ECX+70],FFFFFFFD
00441F7E |> 5F
POP EDI
00441F7F |. 5E
POP ESI
00441F80 |. 5B
POP EBX
00441F81 |. C9
LEAVE
00441F82 \. C3
RETN
00441F83 /$ 8BFF
MOV EDI,EDI
o.00441F83(guessed Arg1,Arg2,Arg3)
00441F85 |. 55
PUSH EBP
00441F86 |. 8BEC
MOV EBP,ESP
00441F88 |. 56
PUSH ESI
00441F89 |. 33F6
XOR ESI,ESI
00441F8B |. 57
PUSH EDI
00441F8C |. 3935 D02C4500 CMP DWORD PTR DS:[452CD0],ESI
00441F92 |. 75 7F
JNE SHORT 00442013
00441F94 |. 33C0
XOR EAX,EAX
00441F96 |. 3975 10
CMP DWORD PTR SS:[ARG.3],ESI
00441F99 |. 0F84 86000000 JE 00442025
00441F9F |. 8B7D 08
MOV EDI,DWORD PTR SS:[ARG.1]
00441FA2 |. 3BFE
CMP EDI,ESI
00441FA4 |. 75 1F
JNE SHORT 00441FC5
00441FA6 |> E8 5224FFFF CALL 004343FD
fo.004343FD
00441FAB |. 56
PUSH ESI
00441FAC |. 56
PUSH ESI

; /Arg2 =>
; |
; |Arg1
; \SystemIn

; /Arg2 =>
; |
; |Arg1
; \SystemIn

; SystemInf

; [SystemIn
; /Arg5
; |Arg4

00441FAD |. 56
PUSH ESI
00441FAE |. 56
PUSH ESI
00441FAF |. 56
PUSH ESI
00441FB0 |. C700 16000000 MOV DWORD PTR DS:[EAX],16
00441FB6 |. E8 A7C8FEFF CALL 0042E862
fo.0042E862
00441FBB |. 83C4 14
ADD ESP,14
00441FBE |. B8 FFFFFF7F MOV EAX,7FFFFFFF
00441FC3 |. EB 60
JMP SHORT 00442025
00441FC5 |> 8B55 0C
MOV EDX,DWORD PTR SS:[ARG.2]
00441FC8 |. 3BD6
CMP EDX,ESI
00441FCA |.^ 74 DA
JE SHORT 00441FA6
00441FCC |> 0FB707
/MOVZX EAX,WORD PTR DS:[EDI]
00441FCF |. 66:83F8 41
|CMP AX,41
00441FD3 |. 72 09
|JB SHORT 00441FDE
00441FD5 |. 66:83F8 5A
|CMP AX,5A
00441FD9 |. 77 03
|JA SHORT 00441FDE
00441FDB |. 83C0 20
|ADD EAX,20
00441FDE |> 0FB7C8
|MOVZX ECX,AX
00441FE1 |. 0FB702
|MOVZX EAX,WORD PTR DS:[EDX]
00441FE4 |. 66:83F8 41
|CMP AX,41
00441FE8 |. 72 09
|JB SHORT 00441FF3
00441FEA |. 66:83F8 5A
|CMP AX,5A
00441FEE |. 77 03
|JA SHORT 00441FF3
00441FF0 |. 83C0 20
|ADD EAX,20
00441FF3 |> 47
|INC EDI
00441FF4 |. 47
|INC EDI
00441FF5 |. 42
|INC EDX
00441FF6 |. 42
|INC EDX
00441FF7 |. FF4D 10
|DEC DWORD PTR SS:[ARG.3]
00441FFA |. 0FB7C0
|MOVZX EAX,AX
00441FFD |. 74 0A
|JE SHORT 00442009
00441FFF |. 66:3BCE
|CMP CX,SI
00442002 |. 74 05
|JE SHORT 00442009
00442004 |. 66:3BC8
|CMP CX,AX
00442007 |.^ 74 C3
\JE SHORT 00441FCC
00442009 |> 0FB7D0
MOVZX EDX,AX
0044200C |. 0FB7C1
MOVZX EAX,CX
0044200F |. 2BC2
SUB EAX,EDX
00442011 |. EB 12
JMP SHORT 00442025
00442013 |> 56
PUSH ESI
00442014 |. FF75 10
PUSH DWORD PTR SS:[ARG.3]
00442017 |. FF75 0C
PUSH DWORD PTR SS:[ARG.2]
0044201A |. FF75 08
PUSH DWORD PTR SS:[ARG.1]
0044201D |. E8 77FEFFFF CALL 00441E99
00442022 |. 83C4 10
ADD ESP,10
00442025 |> 5F
POP EDI
00442026 |. 5E
POP ESI
00442027 |. 5D
POP EBP
00442028 \. C3
RETN
00442029 /$ 8BFF
MOV EDI,EDI
o.00442029(guessed Arg1,Arg2,Arg3)
0044202B |. 55
PUSH EBP
0044202C |. 8BEC
MOV EBP,ESP
0044202E |. 837D 10 00
CMP DWORD PTR SS:[ARG.3],0
00442032 |. 75 04
JNE SHORT 00442038
00442034 |. 33C0
XOR EAX,EAX
00442036 |. 5D
POP EBP
00442037 |. C3
RETN
00442038 |> 8B55 0C
MOV EDX,DWORD PTR SS:[ARG.2]

;
;
;
;
;

|Arg3
|Arg2
|Arg1
|
\SystemIn

; SystemInf

0044203B |.
0044203E |>
00442041 |.
00442043 |.
00442046 |.
00442049 |.
0044204B |.
0044204E |.
00442050 |.
00442051 |.
00442052 |.
00442053 |.
00442054 |.^
00442056 |>
00442059 |.
0044205C |.
0044205E |.
0044205F \.
00442060 /$
00442062 |.
00442063 |.
00442065 |.
00442068 |.
00442069 |.
0044206A |.
[ARG.1]
0044206D |.
00442070 |.
fo.0042EC65
00442075 |.
00442078 |.
0044207B |.
0044207D |.
0044207F |.
00442081 |.
00442083 |>
00442085 |.
00442087 |>
fo.004343FD
0044208C |.
0044208D |.
0044208E |.
0044208F |.
00442090 |.
00442091 |.
00442097 |.
fo.0042E862
0044209C |.
0044209F |.
004420A3 |.
004420A5 |.
004420A8 |.
004420AC |>
004420AE |.
004420B3 |>
004420B6 |.
004420B8 |.
004420BC |.^
004420BE |.
004420C2 |.^

8B4D 08
FF4D 10
74 13
0FB701
66:85C0
74 0B
66:3B02
75 06
41
41
42
42
EB E8
0FB701
0FB70A
2BC1
5D
C3
8BFF
55
8BEC
83EC 14
56
57
FF75 08

MOV ECX,DWORD PTR SS:[ARG.1]


/DEC DWORD PTR SS:[ARG.3]
|JE SHORT 00442056
|MOVZX EAX,WORD PTR DS:[ECX]
|TEST AX,AX
|JE SHORT 00442056
|CMP AX,WORD PTR DS:[EDX]
|JNE SHORT 00442056
|INC ECX
|INC ECX
|INC EDX
|INC EDX
\JMP SHORT 0044203E
MOVZX EAX,WORD PTR DS:[ECX]
MOVZX ECX,WORD PTR DS:[EDX]
SUB EAX,ECX
POP EBP
RETN
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
SUB ESP,14
PUSH ESI
PUSH EDI
PUSH DWORD PTR SS:[ARG.1]

; /Arg1 =>

8D4D EC
E8 F0CBFEFF

LEA ECX,[LOCAL.5]
CALL 0042EC65

; |
; \SystemIn

8B45 10
8B75 0C
33FF
3BC7
74 02
8930
3BF7
75 2C
E8 7123FFFF

MOV EAX,DWORD PTR SS:[ARG.3]


MOV ESI,DWORD PTR SS:[ARG.2]
XOR EDI,EDI
CMP EAX,EDI
JE SHORT 00442083
MOV DWORD PTR DS:[EAX],ESI
CMP ESI,EDI
JNE SHORT 004420B3
CALL 004343FD

; [SystemIn

57
57
57
57
57
C700 16000000
E8 C6C7FEFF

PUSH EDI
PUSH EDI
PUSH EDI
PUSH EDI
PUSH EDI
MOV DWORD PTR DS:[EAX],16
CALL 0042E862

;
;
;
;
;
;
;

83C4 14
807D F8 00
74 07
8B45 F4
8360 70 FD
33C0
E9 D8010000
397D 14
74 0C
837D 14 02
7C C9
837D 14 24
7F C3

ADD ESP,14
CMP BYTE PTR SS:[LOCAL.2],0
JE SHORT 004420AC
MOV EAX,DWORD PTR SS:[LOCAL.3]
AND DWORD PTR DS:[EAX+70],FFFFFFFD
XOR EAX,EAX
JMP 0044228B
CMP DWORD PTR SS:[ARG.4],EDI
JE SHORT 004420C4
CMP DWORD PTR SS:[ARG.4],2
JL SHORT 00442087
CMP DWORD PTR SS:[ARG.4],24
JG SHORT 00442087

/Arg5
|Arg4
|Arg3
|Arg2
|Arg1
|
\SystemIn

004420C4
004420C7
004420C8
004420CA
004420CD
004420D0
004420D7
004420D9
004420DC
004420DD
004420E0
004420E2
004420E3
004420E8
004420EB
004420EE
004420F0
004420F6
004420F9
004420FD
00442100
00442102
00442104
00442106
00442107
00442109
0044210C
0044210E
00442112
00442114
00442117
00442119
0044211B
0044211C
0044211F
00442121
00442127
0044212A
00442130
00442133
00442139
0044213B
0044213D
00442140
00442142
00442149
0044214B
0044214D
0044214F
00442151
00442153
00442155
0044215C
0044215E
00442165
00442167
0044216A
0044216C
0044216F
00442171

|>
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|>
|.
|.
|.
|.^
|>
|.
|.
|.
|>
|.
|>
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|>
|.
|>
|.
|.
|.
|>

8B4D EC
53
8A1E
897D FC
8D7E 01
83B9 AC000000
7E 17
8D45 EC
50
0FB6C3
6A 08
50
E8 E4BFFFFF
8B4D EC
83C4 0C
EB 10
8B91 C8000000
0FB6C3
0FB70442
83E0 08
85C0
74 05
8A1F
47
EB C7
80FB 2D
75 06
834D 18 02
EB 05
80FB 2B
75 03
8A1F
47
8B45 14
85C0
0F8C 4B010000
83F8 01
0F84 42010000
83F8 24
0F8F 39010000
85C0
75 2A
80FB 30
74 09
C745 14 0A000
EB 34
8A07
3C 78
74 0D
3C 58
74 09
C745 14 08000
EB 21
C745 14 10000
EB 0A
83F8 10
75 13
80FB 30
75 0E
8A07

MOV ECX,DWORD PTR SS:[LOCAL.5]


PUSH EBX
MOV BL,BYTE PTR DS:[ESI]
MOV DWORD PTR SS:[LOCAL.1],EDI
LEA EDI,[ESI+1]
/CMP DWORD PTR DS:[ECX+0AC],1
|JLE SHORT 004420F0
|LEA EAX,[LOCAL.5]
|PUSH EAX
|MOVZX EAX,BL
|PUSH 8
|PUSH EAX
|CALL 0043E0CC
|MOV ECX,DWORD PTR SS:[LOCAL.5]
|ADD ESP,0C
|JMP SHORT 00442100
|MOV EDX,DWORD PTR DS:[ECX+0C8]
|MOVZX EAX,BL
|MOVZX EAX,WORD PTR DS:[EAX*2+EDX]
|AND EAX,00000008
|TEST EAX,EAX
|JE SHORT 00442109
|MOV BL,BYTE PTR DS:[EDI]
|INC EDI
\JMP SHORT 004420D0
CMP BL,2D
JNE SHORT 00442114
OR DWORD PTR SS:[ARG.5],00000002
JMP SHORT 00442119
CMP BL,2B
JNE SHORT 0044211C
MOV BL,BYTE PTR DS:[EDI]
INC EDI
MOV EAX,DWORD PTR SS:[ARG.4]
TEST EAX,EAX
JL 00442272
CMP EAX,1
JE 00442272
CMP EAX,24
JG 00442272
TEST EAX,EAX
JNE SHORT 00442167
CMP BL,30
JE SHORT 0044214B
MOV DWORD PTR SS:[ARG.4],0A
JMP SHORT 0044217F
MOV AL,BYTE PTR DS:[EDI]
CMP AL,78
JE SHORT 0044215E
CMP AL,58
JE SHORT 0044215E
MOV DWORD PTR SS:[ARG.4],8
JMP SHORT 0044217F
MOV DWORD PTR SS:[ARG.4],10
JMP SHORT 00442171
CMP EAX,10
JNE SHORT 0044217F
CMP BL,30
JNE SHORT 0044217F
MOV AL,BYTE PTR DS:[EDI]

00442173
00442175
00442177
00442179
0044217B
0044217C
0044217E
0044217F
00442185
0044218A
0044218C
0044218F
00442192
00442196
00442199
0044219B
0044219E
004421A1
004421A3
004421A9
004421AB
004421AD
004421B0
004421B3
004421B6
004421B8
004421BB
004421BE
004421C1
004421C3
004421C7
004421CA
004421CC
004421CE
004421D0
004421D2
004421D6
004421DA
004421DC
004421DF
004421E0
004421E2
004421E4
004421E8
004421EA
004421ED
004421F1
004421F3
004421F6
004421FA
004421FC
004421FF
00442201
00442202
00442204
00442209
0044220B
0044220D
0044220F
00442211

|.
|.
|.
|.
|>
|.
|.
|>
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|>
|>
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|>
|.
|.
|.
|.
|.
|.
|>
|.
|>
|.
|.
|.
|>
|.
|.^
|>
|.
|.
|.
|.
|.

3C 78
74 04
3C 58
75 04
47
8A1F
47
8BB1 C8000000
B8 FFFFFFFF
33D2
F775 14
0FB6CB
0FB70C4E
F6C1 04
74 08
0FBECB
83E9 30
EB 1B
F7C1 03010000
74 31
8ACB
80E9 61
80F9 19
0FBECB
77 03
83E9 20
83C1 C9
3B4D 14
73 19
834D 18 08
3945 FC
72 27
75 04
3BCA
76 21
834D 18 04
837D 10 00
75 23
8B45 18
4F
A8 08
75 20
837D 10 00
74 03
8B7D 0C
8365 FC 00
EB 5B
8B5D FC
0FAF5D 14
03D9
895D FC
8A1F
47
EB 8B
BE FFFFFF7F
A8 04
75 1B
A8 01
75 3D
83E0 02

CMP AL,78
JE SHORT 0044217B
CMP AL,58
JNE SHORT 0044217F
INC EDI
MOV BL,BYTE PTR DS:[EDI]
INC EDI
MOV ESI,DWORD PTR DS:[ECX+0C8]
MOV EAX,-1
XOR EDX,EDX
DIV DWORD PTR SS:[ARG.4]
/MOVZX ECX,BL
|MOVZX ECX,WORD PTR DS:[ECX*2+ESI]
|TEST CL,04
|JE SHORT 004421A3
|MOVSX ECX,BL
|SUB ECX,30
|JMP SHORT 004421BE
|TEST ECX,00000103
|JE SHORT 004421DC
|MOV CL,BL
|SUB CL,61
|CMP CL,19
|MOVSX ECX,BL
|JA SHORT 004421BB
|SUB ECX,20
|ADD ECX,-37
|CMP ECX,DWORD PTR SS:[ARG.4]
|JNB SHORT 004421DC
|OR DWORD PTR SS:[ARG.5],00000008
|CMP DWORD PTR SS:[LOCAL.1],EAX
|JB SHORT 004421F3
|JNE SHORT 004421D2
|CMP ECX,EDX
|JBE SHORT 004421F3
|OR DWORD PTR SS:[ARG.5],00000004
|CMP DWORD PTR SS:[ARG.3],0
|JNE SHORT 004421FF
|MOV EAX,DWORD PTR SS:[ARG.5]
|DEC EDI
|TEST AL,08
|JNE SHORT 00442204
|CMP DWORD PTR SS:[ARG.3],0
|JE SHORT 004421ED
|MOV EDI,DWORD PTR SS:[ARG.2]
|AND DWORD PTR SS:[LOCAL.1],00000000
|JMP SHORT 0044224E
|MOV EBX,DWORD PTR SS:[LOCAL.1]
|IMUL EBX,DWORD PTR SS:[ARG.4]
|ADD EBX,ECX
|MOV DWORD PTR SS:[LOCAL.1],EBX
|MOV BL,BYTE PTR DS:[EDI]
|INC EDI
\JMP SHORT 0044218F
MOV ESI,7FFFFFFF
TEST AL,04
JNE SHORT 00442228
TEST AL,01
JNE SHORT 0044224E
AND EAX,00000002

00442214 |.
00442216 |.
0044221D |.
0044221F |>
00442221 |.
00442223 |.
00442226 |.
00442228 |>
fo.004343FD
0044222D |.
00442231 |.
00442237 |.
00442239 |.
0044223D |.
0044223F |>
00442243 |.
00442245 |.
00442246 |.
00442249 |.
0044224B |.
0044224E |>
00442251 |.
00442253 |.
00442255 |.
00442257 |>
0044225B |.
0044225D |.
00442260 |>
00442264 |.
00442266 |.
00442269 |.
0044226D |>
00442270 |.
00442272 |>
00442275 |.
00442277 |.
00442279 |.
0044227B |>
0044227F |.
00442281 |.
00442284 |.
00442288 |>
0044228A |>
0044228B |>
0044228C |.
0044228D |.
0044228E \.
0044228F /$
00442291 |.
00442292 |.
00442294 |.
00442296 |.
00442297 |.
0044229A |.
0044229D |.
004422A0 |.
004422A6 |.
004422A8 |.
004422AD |.
004422AF |>

74 09
817D FC 00000
77 09
85C0
75 2B
3975 FC
76 26
E8 D021FFFF

JE SHORT 0044221F
CMP DWORD PTR SS:[LOCAL.1],80000000
JA SHORT 00442228
TEST EAX,EAX
JNE SHORT 0044224E
CMP DWORD PTR SS:[LOCAL.1],ESI
JBE SHORT 0044224E
CALL 004343FD

F645 18 01
C700 22000000
74 06
834D FC FF
EB 0F
F645 18 02
6A 00
58
0F95C0
03C6
8945 FC
8B45 10
85C0
74 02
8938
F645 18 02
74 03
F75D FC
807D F8 00
74 07
8B45 F4
8360 70 FD
8B45 FC
EB 18
8B45 10
85C0
74 02
8930
807D F8 00
74 07
8B45 F4
8360 70 FD
33C0
5B
5F
5E
C9
C3
8BFF
55
8BEC
33C0
50
FF75 10
FF75 0C
FF75 08
3905 D02C4500
75 07
68 E81D4500
EB 01
50

TEST BYTE PTR SS:[ARG.5],01


MOV DWORD PTR DS:[EAX],22
JE SHORT 0044223F
OR DWORD PTR SS:[LOCAL.1],FFFFFFFF
JMP SHORT 0044224E
TEST BYTE PTR SS:[ARG.5],02
PUSH 0
POP EAX
SETNE AL
ADD EAX,ESI
MOV DWORD PTR SS:[LOCAL.1],EAX
MOV EAX,DWORD PTR SS:[ARG.3]
TEST EAX,EAX
JE SHORT 00442257
MOV DWORD PTR DS:[EAX],EDI
TEST BYTE PTR SS:[ARG.5],02
JE SHORT 00442260
NEG DWORD PTR SS:[LOCAL.1]
CMP BYTE PTR SS:[LOCAL.2],0
JE SHORT 0044226D
MOV EAX,DWORD PTR SS:[LOCAL.3]
AND DWORD PTR DS:[EAX+70],FFFFFFFD
MOV EAX,DWORD PTR SS:[LOCAL.1]
JMP SHORT 0044228A
MOV EAX,DWORD PTR SS:[ARG.3]
TEST EAX,EAX
JE SHORT 0044227B
MOV DWORD PTR DS:[EAX],ESI
CMP BYTE PTR SS:[LOCAL.2],0
JE SHORT 00442288
MOV EAX,DWORD PTR SS:[LOCAL.3]
AND DWORD PTR DS:[EAX+70],FFFFFFFD
XOR EAX,EAX
POP EBX
POP EDI
POP ESI
LEAVE
RETN
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
XOR EAX,EAX
PUSH EAX
PUSH DWORD PTR SS:[ARG.3]
PUSH DWORD PTR SS:[ARG.2]
PUSH DWORD PTR SS:[ARG.1]
CMP DWORD PTR DS:[452CD0],EAX
JNE SHORT 004422AF
PUSH OFFSET 00451DE8
JMP SHORT 004422B0
PUSH EAX

; [SystemIn

004422B0 |> E8 ABFDFFFF CALL 00442060


004422B5 |. 83C4 14
ADD ESP,14
004422B8 |. 5D
POP EBP
004422B9 \. C3
RETN
004422BA /$ 8BFF
MOV EDI,EDI
; SystemInf
o.004422BA(guessed Arg1,Arg2)
004422BC |. 55
PUSH EBP
004422BD |. 8BEC
MOV EBP,ESP
004422BF |. 83EC 2C
SUB ESP,2C
004422C2 |. 8B45 08
MOV EAX,DWORD PTR SS:[ARG.1]
004422C5 |. 0FB748 0A
MOVZX ECX,WORD PTR DS:[EAX+0A]
004422C9 |. 53
PUSH EBX
004422CA |. 8BD9
MOV EBX,ECX
004422CC |. 81E1 00800000 AND ECX,00008000
004422D2 |. 894D EC
MOV DWORD PTR SS:[LOCAL.5],ECX
004422D5 |. 8B48 06
MOV ECX,DWORD PTR DS:[EAX+6]
004422D8 |. 894D E0
MOV DWORD PTR SS:[LOCAL.8],ECX
004422DB |. 8B48 02
MOV ECX,DWORD PTR DS:[EAX+2]
004422DE |. 0FB700
MOVZX EAX,WORD PTR DS:[EAX]
004422E1 |. 81E3 FF7F0000 AND EBX,00007FFF
004422E7 |. 81EB FF3F0000 SUB EBX,3FFF
004422ED |. C1E0 10
SHL EAX,10
004422F0 |. 57
PUSH EDI
004422F1 |. 894D E4
MOV DWORD PTR SS:[LOCAL.7],ECX
004422F4 |. 8945 E8
MOV DWORD PTR SS:[LOCAL.6],EAX
004422F7 |. 81FB 01C0FFFF CMP EBX,-3FFF
004422FD |. 75 27
JNE SHORT 00442326
004422FF |. 33DB
XOR EBX,EBX
00442301 |. 33C0
XOR EAX,EAX
00442303 |> 395C85 E0
/CMP DWORD PTR SS:[EAX*4+EBP-20],EBX
00442307 |. 75 0D
|JNE SHORT 00442316
00442309 |. 40
|INC EAX
0044230A |. 83F8 03
|CMP EAX,3
0044230D |.^ 7C F4
\JL SHORT 00442303
0044230F |. 33C0
XOR EAX,EAX
00442311 |. E9 A5040000 JMP 004427BB
00442316 |> 33C0
XOR EAX,EAX
00442318 |. 8D7D E0
LEA EDI,[LOCAL.8]
0044231B |. AB
STOS DWORD PTR ES:[EDI]
0044231C |. AB
STOS DWORD PTR ES:[EDI]
0044231D |. 6A 02
PUSH 2
0044231F |. AB
STOS DWORD PTR ES:[EDI]
00442320 |. 58
POP EAX
00442321 |. E9 95040000 JMP 004427BB
00442326 |> 8365 08 00
AND DWORD PTR SS:[ARG.1],00000000
0044232A |. 56
PUSH ESI
0044232B |. 8D75 E0
LEA ESI,[LOCAL.8]
0044232E |. 8D7D D4
LEA EDI,[LOCAL.11]
00442331 |. A5
MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ES
00442332 |. A5
MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ES
00442333 |. A5
MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ES
00442334 |. 8B35 70254500 MOV ESI,DWORD PTR DS:[452570]
0044233A |. 4E
DEC ESI
0044233B |. 8D4E 01
LEA ECX,[ESI+1]
0044233E |. 8BC1
MOV EAX,ECX
00442340 |. 99
CDQ
00442341 |. 83E2 1F
AND EDX,0000001F
00442344 |. 03C2
ADD EAX,EDX
00442346 |. C1F8 05
SAR EAX,5
00442349 |. 8BD1
MOV EDX,ECX

0044234B
00442351
00442354
00442357
00442359
0044235A
0044235D
0044235E
00442362
00442364
00442366
00442367
00442369
0044236A
0044236C
0044236F
00442371
00442377
0044237A
0044237D
0044237F
00442381
00442385
00442387
0044238C
0044238E
0044238F
00442392
00442394
00442396
00442398
00442399
0044239B
0044239C
0044239E
004423A0
004423A3
004423A9
004423AB
004423AC
004423AF
004423B0
004423B4
004423B6
004423B8
004423B9
004423BB
004423BF
004423C1
004423C3
004423C6
004423C8
004423CB
004423CD
004423D0
004423D2
004423D4
004423D6
004423DA
004423DE

|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|>
|.
|.
|.^
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.

81E2 1F000080
895D F0
8945 F4
79 05
4A
83CA E0
42
8D7C85 E0
6A 1F
33C0
59
2BCA
40
D3E0
894D F8
8507
0F84 8D000000
8B45 F4
83CA FF
D3E2
F7D2
855485 E0
EB 05
837C85 E0 00
75 08
40
83F8 03
7C F3
EB 6E
8BC6
99
6A 1F
59
23D1
03C2
C1F8 05
81E6 1F000080
79 05
4E
83CE E0
46
8365 FC 00
2BCE
33D2
42
D3E2
8D4C85 E0
8B31
03F2
8975 08
8B31
3975 08
72 22
3955 08
EB 1B
85C9
74 2B
8365 FC 00
8D4C85 E0
8B11

AND EDX,8000001F
MOV DWORD PTR SS:[LOCAL.4],EBX
MOV DWORD PTR SS:[LOCAL.3],EAX
JNS SHORT 0044235E
DEC EDX
OR EDX,FFFFFFE0
INC EDX
LEA EDI,[EAX*4+EBP-20]
PUSH 1F
XOR EAX,EAX
POP ECX
SUB ECX,EDX
INC EAX
SHL EAX,CL
MOV DWORD PTR SS:[LOCAL.2],ECX
TEST DWORD PTR DS:[EDI],EAX
JE 00442404
MOV EAX,DWORD PTR SS:[LOCAL.3]
OR EDX,FFFFFFFF
SHL EDX,CL
NOT EDX
TEST DWORD PTR SS:[EAX*4+EBP-20],EDX
JMP SHORT 0044238C
/CMP DWORD PTR SS:[EAX*4+EBP-20],0
|JNE SHORT 00442396
|INC EAX
|CMP EAX,3
\JL SHORT 00442387
JMP SHORT 00442404
MOV EAX,ESI
CDQ
PUSH 1F
POP ECX
AND EDX,ECX
ADD EAX,EDX
SAR EAX,5
AND ESI,8000001F
JNS SHORT 004423B0
DEC ESI
OR ESI,FFFFFFE0
INC ESI
AND DWORD PTR SS:[LOCAL.1],00000000
SUB ECX,ESI
XOR EDX,EDX
INC EDX
SHL EDX,CL
LEA ECX,[EAX*4+EBP-20]
MOV ESI,DWORD PTR DS:[ECX]
ADD ESI,EDX
MOV DWORD PTR SS:[ARG.1],ESI
MOV ESI,DWORD PTR DS:[ECX]
CMP DWORD PTR SS:[ARG.1],ESI
JB SHORT 004423EF
CMP DWORD PTR SS:[ARG.1],EDX
JMP SHORT 004423ED
TEST ECX,ECX
JE SHORT 00442401
AND DWORD PTR SS:[LOCAL.1],00000000
LEA ECX,[EAX*4+EBP-20]
MOV EDX,DWORD PTR DS:[ECX]

004423E0
004423E3
004423E6
004423E8
004423EA
004423ED
004423EF
004423F6
004423F7
004423FA
004423FC
004423FF
00442401
00442404
00442407
0044240A
0044240C
0044240E
00442411
00442412
00442415
00442417
00442419
0044241A
0044241E
00442420
00442422
00442424
00442428
0044242A
0044242B
00442430
00442432
00442438
0044243A
0044243C
0044243E
00442441
00442442
00442443
00442444
00442449
0044244B
00442451
00442454
00442457
00442459
0044245C
0044245D
0044245E
00442461
00442463
00442464
00442466
00442469
0044246F
00442470
00442472
00442473
00442476

|.
|.
|.
|.
|.
|>
|>
|>
|.
|.
|.
|.^
|>
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.

8D72 01
8975 08
3BF2
72 05
83FE 01
73 07
C745 FC 01000
48
8B55 08
8911
8B4D FC
79 D1
894D 08
8B4D F8
83C8 FF
D3E0
2107
8B45 F4
40
83F8 03
7D 0D
6A 03
59
8D7C85 E0
2BC8
33C0
F3:AB
837D 08 00
74 01
43
A1 6C254500
8BC8
2B0D 70254500
3BD9
7D 0D
33C0
8D7D E0
AB
AB
AB
E9 0D020000
3BD8
0F8F 0F020000
2B45 F0
8D75 D4
8BC8
8D7D E0
A5
99
83E2 1F
03C2
A5
8BD1
C1F8 05
81E2 1F000080
A5
79 05
4A
83CA E0
42

LEA ESI,[EDX+1]
MOV DWORD PTR SS:[ARG.1],ESI
CMP ESI,EDX
JB SHORT 004423EF
CMP ESI,1
JNB SHORT 004423F6
MOV DWORD PTR SS:[LOCAL.1],1
DEC EAX
MOV EDX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR DS:[ECX],EDX
MOV ECX,DWORD PTR SS:[LOCAL.1]
JNS SHORT 004423D2
MOV DWORD PTR SS:[ARG.1],ECX
MOV ECX,DWORD PTR SS:[LOCAL.2]
OR EAX,FFFFFFFF
SHL EAX,CL
AND DWORD PTR DS:[EDI],EAX
MOV EAX,DWORD PTR SS:[LOCAL.3]
INC EAX
CMP EAX,3
JGE SHORT 00442424
PUSH 3
POP ECX
LEA EDI,[EAX*4+EBP-20]
SUB ECX,EAX
XOR EAX,EAX
REP STOS DWORD PTR ES:[EDI]
CMP DWORD PTR SS:[ARG.1],0
JE SHORT 0044242B
INC EBX
MOV EAX,DWORD PTR DS:[45256C]
MOV ECX,EAX
SUB ECX,DWORD PTR DS:[452570]
CMP EBX,ECX
JGE SHORT 00442449
XOR EAX,EAX
LEA EDI,[LOCAL.8]
STOS DWORD PTR ES:[EDI]
STOS DWORD PTR ES:[EDI]
STOS DWORD PTR ES:[EDI]
JMP 00442656
CMP EBX,EAX
JG 00442660
SUB EAX,DWORD PTR SS:[LOCAL.4]
LEA ESI,[LOCAL.11]
MOV ECX,EAX
LEA EDI,[LOCAL.8]
MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ES
CDQ
AND EDX,0000001F
ADD EAX,EDX
MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ES
MOV EDX,ECX
SAR EAX,5
AND EDX,8000001F
MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ES
JNS SHORT 00442477
DEC EDX
OR EDX,FFFFFFE0
INC EDX

00442477
0044247B
0044247F
00442482
00442484
00442486
0044248D
00442490
00442492
00442495
00442499
0044249B
0044249D
0044249F
004424A2
004424A4
004424A6
004424A9
004424AC
004424AE
004424B1
004424B3
004424B6
004424BA
004424BD
004424BF
004424C1
004424C3
004424C6
004424C9
004424CA
004424CC
004424CE
004424D0
004424D2
004424D6
004424D8
004424DD
004424DE
004424E1
004424E3
004424E5
004424EB
004424EC
004424EF
004424F1
004424F2
004424F5
004424F7
004424FA
004424FC
00442502
00442505
00442507
00442508
0044250B
0044250C
0044250E
0044250F
00442511

|>
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.^
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|>
|>
|.
|.
|.^
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.

8365 F4 00
8365 08 00
83CF FF
8BCA
D3E7
C745 FC 20000
2955 FC
F7D7
8B5D 08
8D5C9D E0
8B33
8BCE
23CF
894D F0
8BCA
D3EE
8B4D FC
0B75 F4
8933
8B75 F0
D3E6
FF45 08
837D 08 03
8975 F4
7C D3
8BF0
6A 02
C1E6 02
8D4D E8
5A
2BCE
3BD0
7C 08
8B31
897495 E0
EB 05
836495 E0 00
4A
83E9 04
85D2
7D E7
8B35 70254500
4E
8D4E 01
8BC1
99
83E2 1F
03C2
C1F8 05
8BD1
81E2 1F000080
8945 F4
79 05
4A
83CA E0
42
6A 1F
59
2BCA
33D2

AND DWORD PTR SS:[LOCAL.3],00000000


AND DWORD PTR SS:[ARG.1],00000000
OR EDI,FFFFFFFF
MOV ECX,EDX
SHL EDI,CL
MOV DWORD PTR SS:[LOCAL.1],20
SUB DWORD PTR SS:[LOCAL.1],EDX
NOT EDI
/MOV EBX,DWORD PTR SS:[ARG.1]
|LEA EBX,[EBX*4+EBP-20]
|MOV ESI,DWORD PTR DS:[EBX]
|MOV ECX,ESI
|AND ECX,EDI
|MOV DWORD PTR SS:[LOCAL.4],ECX
|MOV ECX,EDX
|SHR ESI,CL
|MOV ECX,DWORD PTR SS:[LOCAL.1]
|OR ESI,DWORD PTR SS:[LOCAL.3]
|MOV DWORD PTR DS:[EBX],ESI
|MOV ESI,DWORD PTR SS:[LOCAL.4]
|SHL ESI,CL
|INC DWORD PTR SS:[ARG.1]
|CMP DWORD PTR SS:[ARG.1],3
|MOV DWORD PTR SS:[LOCAL.3],ESI
\JL SHORT 00442492
MOV ESI,EAX
PUSH 2
SHL ESI,2
LEA ECX,[LOCAL.6]
POP EDX
SUB ECX,ESI
/CMP EDX,EAX
|JL SHORT 004424D8
|MOV ESI,DWORD PTR DS:[ECX]
|MOV DWORD PTR SS:[EDX*4+EBP-20],ESI
|JMP SHORT 004424DD
|AND DWORD PTR SS:[EDX*4+EBP-20],0000000
|DEC EDX
|SUB ECX,4
|TEST EDX,EDX
\JGE SHORT 004424CC
MOV ESI,DWORD PTR DS:[452570]
DEC ESI
LEA ECX,[ESI+1]
MOV EAX,ECX
CDQ
AND EDX,0000001F
ADD EAX,EDX
SAR EAX,5
MOV EDX,ECX
AND EDX,8000001F
MOV DWORD PTR SS:[LOCAL.3],EAX
JNS SHORT 0044250C
DEC EDX
OR EDX,FFFFFFE0
INC EDX
PUSH 1F
POP ECX
SUB ECX,EDX
XOR EDX,EDX

00442513
00442514
00442516
0044251A
0044251D
0044251F
00442525
00442528
0044252A
0044252C
00442530
00442532
00442537
00442539
0044253A
0044253D
0044253F
00442541
00442543
00442544
00442546
00442547
00442549
0044254B
0044254E
00442554
00442556
00442557
0044255A
0044255B
0044255F
00442561
00442563
00442564
00442566
0044256A
0044256C
0044256F
00442571
00442573
00442575
00442577
0044257E
00442580
00442583
00442585
00442587
00442589
0044258D
0044258F
00442592
00442594
00442596
00442598
0044259B
0044259D
0044259F
004425A0
004425A2
004425A4

|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|>
|.
|.
|.^
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|>
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|>
|.
|>

42
D3E2
8D5C85 E0
894D F0
8513
0F84 82000000
83CA FF
D3E2
F7D2
855485 E0
EB 05
837C85 E0 00
75 08
40
83F8 03
7C F3
EB 66
8BC6
99
6A 1F
59
23D1
03C2
C1F8 05
81E6 1F000080
79 05
4E
83CE E0
46
8365 08 00
33D2
2BCE
42
D3E2
8D4C85 E0
8B31
8D3C16
3BFE
72 04
3BFA
73 07
C745 08 01000
8939
8B4D 08
EB 1F
85C9
74 1E
8D4C85 E0
8B11
8D72 01
33FF
3BF2
72 05
83FE 01
73 03
33FF
47
8931
8BCF
48

INC EDX
SHL EDX,CL
LEA EBX,[EAX*4+EBP-20]
MOV DWORD PTR SS:[LOCAL.4],ECX
TEST DWORD PTR DS:[EBX],EDX
JE 004425A7
OR EDX,FFFFFFFF
SHL EDX,CL
NOT EDX
TEST DWORD PTR SS:[EAX*4+EBP-20],EDX
JMP SHORT 00442537
/CMP DWORD PTR SS:[EAX*4+EBP-20],0
|JNE SHORT 00442541
|INC EAX
|CMP EAX,3
\JL SHORT 00442532
JMP SHORT 004425A7
MOV EAX,ESI
CDQ
PUSH 1F
POP ECX
AND EDX,ECX
ADD EAX,EDX
SAR EAX,5
AND ESI,8000001F
JNS SHORT 0044255B
DEC ESI
OR ESI,FFFFFFE0
INC ESI
AND DWORD PTR SS:[ARG.1],00000000
XOR EDX,EDX
SUB ECX,ESI
INC EDX
SHL EDX,CL
LEA ECX,[EAX*4+EBP-20]
MOV ESI,DWORD PTR DS:[ECX]
LEA EDI,[EDX+ESI]
CMP EDI,ESI
JB SHORT 00442577
CMP EDI,EDX
JNB SHORT 0044257E
MOV DWORD PTR SS:[ARG.1],1
MOV DWORD PTR DS:[ECX],EDI
MOV ECX,DWORD PTR SS:[ARG.1]
JMP SHORT 004425A4
/TEST ECX,ECX
|JE SHORT 004425A7
|LEA ECX,[EAX*4+EBP-20]
|MOV EDX,DWORD PTR DS:[ECX]
|LEA ESI,[EDX+1]
|XOR EDI,EDI
|CMP ESI,EDX
|JB SHORT 0044259D
|CMP ESI,1
|JNB SHORT 004425A0
|XOR EDI,EDI
|INC EDI
|MOV DWORD PTR DS:[ECX],ESI
|MOV ECX,EDI
|DEC EAX

004425A5
004425A7
004425AA
004425AD
004425AF
004425B1
004425B4
004425B5
004425B8
004425BA
004425BC
004425BD
004425C1
004425C3
004425C5
004425C7
004425CD
004425CE
004425D0
004425D1
004425D4
004425D6
004425D8
004425DB
004425E1
004425E3
004425E4
004425E7
004425E8
004425EC
004425F0
004425F3
004425F5
004425F7
004425FE
00442601
00442603
00442606
0044260A
0044260C
0044260E
00442610
00442613
00442615
00442617
0044261A
0044261D
0044261F
00442622
00442624
00442627
0044262B
0044262E
00442630
00442632
00442634
00442637
0044263A
0044263B
0044263D

|.^
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.^
|.
|.
|.
|.
|.
|.
|>

79 DE
8B4D F0
83C8 FF
D3E0
2103
8B45 F4
40
83F8 03
7D 0D
6A 03
59
8D7C85 E0
2BC8
33C0
F3:AB
8B0D 74254500
41
8BC1
99
83E2 1F
03C2
8BD1
C1F8 05
81E2 1F000080
79 05
4A
83CA E0
42
8365 F4 00
8365 08 00
83CF FF
8BCA
D3E7
C745 FC 20000
2955 FC
F7D7
8B5D 08
8D5C9D E0
8B33
8BCE
23CF
894D F0
8BCA
D3EE
8B4D FC
0B75 F4
8933
8B75 F0
D3E6
FF45 08
837D 08 03
8975 F4
7C D3
8BF0
6A 02
C1E6 02
8D4D E8
5A
2BCE
3BD0

\JNS SHORT 00442585


MOV ECX,DWORD PTR SS:[LOCAL.4]
OR EAX,FFFFFFFF
SHL EAX,CL
AND DWORD PTR DS:[EBX],EAX
MOV EAX,DWORD PTR SS:[LOCAL.3]
INC EAX
CMP EAX,3
JGE SHORT 004425C7
PUSH 3
POP ECX
LEA EDI,[EAX*4+EBP-20]
SUB ECX,EAX
XOR EAX,EAX
REP STOS DWORD PTR ES:[EDI]
MOV ECX,DWORD PTR DS:[452574]
INC ECX
MOV EAX,ECX
CDQ
AND EDX,0000001F
ADD EAX,EDX
MOV EDX,ECX
SAR EAX,5
AND EDX,8000001F
JNS SHORT 004425E8
DEC EDX
OR EDX,FFFFFFE0
INC EDX
AND DWORD PTR SS:[LOCAL.3],00000000
AND DWORD PTR SS:[ARG.1],00000000
OR EDI,FFFFFFFF
MOV ECX,EDX
SHL EDI,CL
MOV DWORD PTR SS:[LOCAL.1],20
SUB DWORD PTR SS:[LOCAL.1],EDX
NOT EDI
/MOV EBX,DWORD PTR SS:[ARG.1]
|LEA EBX,[EBX*4+EBP-20]
|MOV ESI,DWORD PTR DS:[EBX]
|MOV ECX,ESI
|AND ECX,EDI
|MOV DWORD PTR SS:[LOCAL.4],ECX
|MOV ECX,EDX
|SHR ESI,CL
|MOV ECX,DWORD PTR SS:[LOCAL.1]
|OR ESI,DWORD PTR SS:[LOCAL.3]
|MOV DWORD PTR DS:[EBX],ESI
|MOV ESI,DWORD PTR SS:[LOCAL.4]
|SHL ESI,CL
|INC DWORD PTR SS:[ARG.1]
|CMP DWORD PTR SS:[ARG.1],3
|MOV DWORD PTR SS:[LOCAL.3],ESI
\JL SHORT 00442603
MOV ESI,EAX
PUSH 2
SHL ESI,2
LEA ECX,[LOCAL.6]
POP EDX
SUB ECX,ESI
/CMP EDX,EAX

0044263F
00442641
00442643
00442647
00442649
0044264E
0044264F
00442652
00442654
00442656
00442658
0044265A
0044265B
00442660
00442666
0044266C
00442672
00442674
00442677
00442678
00442679
0044267A
00442681
00442683
00442684
00442687
00442689
0044268B
0044268E
00442694
00442696
00442697
0044269A
0044269B
0044269F
004426A3
004426A6
004426A8
004426AA
004426B1
004426B4
004426B6
004426B9
004426BD
004426BF
004426C1
004426C3
004426C6
004426C8
004426CA
004426CD
004426D0
004426D2
004426D5
004426D7
004426DA
004426DE
004426E1
004426E3
004426E5

|.
|.
|.
|.
|>
|>
|.
|.
|.^
|>
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.^
|.
|.

7C 08
8B31
897495 E0
EB 05
836495 E0 00
4A
83E9 04
85D2
7D E7
6A 02
33DB
58
E9 5A010000
3B1D 68254500
8B0D 74254500
0F8C AD000000
33C0
8D7D E0
AB
AB
AB
814D E0 00000
8BC1
99
83E2 1F
03C2
8BD1
C1F8 05
81E2 1F000080
79 05
4A
83CA E0
42
8365 F4 00
8365 08 00
83CF FF
8BCA
D3E7
C745 FC 20000
2955 FC
F7D7
8B5D 08
8D5C9D E0
8B33
8BCE
23CF
894D F0
8BCA
D3EE
8B4D FC
0B75 F4
8933
8B75 F0
D3E6
FF45 08
837D 08 03
8975 F4
7C D3
8BF0
6A 02

|JL SHORT 00442649


|MOV ESI,DWORD PTR DS:[ECX]
|MOV DWORD PTR SS:[EDX*4+EBP-20],ESI
|JMP SHORT 0044264E
|AND DWORD PTR SS:[EDX*4+EBP-20],0000000
|DEC EDX
|SUB ECX,4
|TEST EDX,EDX
\JGE SHORT 0044263D
PUSH 2
XOR EBX,EBX
POP EAX
JMP 004427BA
CMP EBX,DWORD PTR DS:[452568]
MOV ECX,DWORD PTR DS:[452574]
JL 0044271F
XOR EAX,EAX
LEA EDI,[LOCAL.8]
STOS DWORD PTR ES:[EDI]
STOS DWORD PTR ES:[EDI]
STOS DWORD PTR ES:[EDI]
OR DWORD PTR SS:[LOCAL.8],80000000
MOV EAX,ECX
CDQ
AND EDX,0000001F
ADD EAX,EDX
MOV EDX,ECX
SAR EAX,5
AND EDX,8000001F
JNS SHORT 0044269B
DEC EDX
OR EDX,FFFFFFE0
INC EDX
AND DWORD PTR SS:[LOCAL.3],00000000
AND DWORD PTR SS:[ARG.1],00000000
OR EDI,FFFFFFFF
MOV ECX,EDX
SHL EDI,CL
MOV DWORD PTR SS:[LOCAL.1],20
SUB DWORD PTR SS:[LOCAL.1],EDX
NOT EDI
/MOV EBX,DWORD PTR SS:[ARG.1]
|LEA EBX,[EBX*4+EBP-20]
|MOV ESI,DWORD PTR DS:[EBX]
|MOV ECX,ESI
|AND ECX,EDI
|MOV DWORD PTR SS:[LOCAL.4],ECX
|MOV ECX,EDX
|SHR ESI,CL
|MOV ECX,DWORD PTR SS:[LOCAL.1]
|OR ESI,DWORD PTR SS:[LOCAL.3]
|MOV DWORD PTR DS:[EBX],ESI
|MOV ESI,DWORD PTR SS:[LOCAL.4]
|SHL ESI,CL
|INC DWORD PTR SS:[ARG.1]
|CMP DWORD PTR SS:[ARG.1],3
|MOV DWORD PTR SS:[LOCAL.3],ESI
\JL SHORT 004426B6
MOV ESI,EAX
PUSH 2

004426E7
004426EA
004426ED
004426EE
004426F0
004426F2
004426F4
004426F6
004426FA
004426FC
00442701
00442702
00442705
00442707
00442709
0044270E
00442714
00442717
00442719
0044271A
0044271F
00442724
0044272B
0044272D
0044272F
00442730
00442733
00442735
00442737
0044273A
00442740
00442742
00442743
00442746
00442747
0044274B
0044274F
00442752
00442754
00442756
0044275D
00442760
00442762
00442765
00442769
0044276B
0044276D
00442770
00442772
00442774
00442777
0044277A
0044277E
00442781
00442784
00442786
00442789
0044278D
00442790
00442792

|.
|.
|.
|.
|>
|.
|.
|.
|.
|>
|>
|.
|.
|.^
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.^
|.

C1E6 02
8D4D E8
5A
2BCE
3BD0
7C 08
8B31
897495 E0
EB 05
836495 E0 00
4A
83E9 04
85D2
7D E7
A1 68254500
8B0D 7C254500
8D1C01
33C0
40
E9 9B000000
A1 7C254500
8165 E0 FFFFF
03D8
8BC1
99
83E2 1F
03C2
8BD1
C1F8 05
81E2 1F000080
79 05
4A
83CA E0
42
8365 F4 00
8365 08 00
83CE FF
8BCA
D3E6
C745 FC 20000
2955 FC
F7D6
8B4D 08
8B7C8D E0
8BCF
23CE
894D F0
8BCA
D3EF
8B4D 08
0B7D F4
897C8D E0
8B7D F0
8B4D FC
D3E7
FF45 08
837D 08 03
897D F4
7C D0
8BF0

SHL ESI,2
LEA ECX,[LOCAL.6]
POP EDX
SUB ECX,ESI
/CMP EDX,EAX
|JL SHORT 004426FC
|MOV ESI,DWORD PTR DS:[ECX]
|MOV DWORD PTR SS:[EDX*4+EBP-20],ESI
|JMP SHORT 00442701
|AND DWORD PTR SS:[EDX*4+EBP-20],0000000
|DEC EDX
|SUB ECX,4
|TEST EDX,EDX
\JGE SHORT 004426F0
MOV EAX,DWORD PTR DS:[452568]
MOV ECX,DWORD PTR DS:[45257C]
LEA EBX,[EAX+ECX]
XOR EAX,EAX
INC EAX
JMP 004427BA
MOV EAX,DWORD PTR DS:[45257C]
AND DWORD PTR SS:[LOCAL.8],7FFFFFFF
ADD EBX,EAX
MOV EAX,ECX
CDQ
AND EDX,0000001F
ADD EAX,EDX
MOV EDX,ECX
SAR EAX,5
AND EDX,8000001F
JNS SHORT 00442747
DEC EDX
OR EDX,FFFFFFE0
INC EDX
AND DWORD PTR SS:[LOCAL.3],00000000
AND DWORD PTR SS:[ARG.1],00000000
OR ESI,FFFFFFFF
MOV ECX,EDX
SHL ESI,CL
MOV DWORD PTR SS:[LOCAL.1],20
SUB DWORD PTR SS:[LOCAL.1],EDX
NOT ESI
/MOV ECX,DWORD PTR SS:[ARG.1]
|MOV EDI,DWORD PTR SS:[ECX*4+EBP-20]
|MOV ECX,EDI
|AND ECX,ESI
|MOV DWORD PTR SS:[LOCAL.4],ECX
|MOV ECX,EDX
|SHR EDI,CL
|MOV ECX,DWORD PTR SS:[ARG.1]
|OR EDI,DWORD PTR SS:[LOCAL.3]
|MOV DWORD PTR SS:[ECX*4+EBP-20],EDI
|MOV EDI,DWORD PTR SS:[LOCAL.4]
|MOV ECX,DWORD PTR SS:[LOCAL.1]
|SHL EDI,CL
|INC DWORD PTR SS:[ARG.1]
|CMP DWORD PTR SS:[ARG.1],3
|MOV DWORD PTR SS:[LOCAL.3],EDI
\JL SHORT 00442762
MOV ESI,EAX

00442794 |. 6A 02
PUSH 2
00442796 |. C1E6 02
SHL ESI,2
00442799 |. 8D4D E8
LEA ECX,[LOCAL.6]
0044279C |. 5A
POP EDX
0044279D |. 2BCE
SUB ECX,ESI
0044279F |> 3BD0
/CMP EDX,EAX
004427A1 |. 7C 08
|JL SHORT 004427AB
004427A3 |. 8B31
|MOV ESI,DWORD PTR DS:[ECX]
004427A5 |. 897495 E0
|MOV DWORD PTR SS:[EDX*4+EBP-20],ESI
004427A9 |. EB 05
|JMP SHORT 004427B0
004427AB |> 836495 E0 00 |AND DWORD PTR SS:[EDX*4+EBP-20],0000000
004427B0 |> 4A
|DEC EDX
004427B1 |. 83E9 04
|SUB ECX,4
004427B4 |. 85D2
|TEST EDX,EDX
004427B6 |.^ 7D E7
\JGE SHORT 0044279F
004427B8 |. 33C0
XOR EAX,EAX
004427BA |> 5E
POP ESI
004427BB |> 6A 1F
PUSH 1F
004427BD |. 59
POP ECX
004427BE |. 2B0D 74254500 SUB ECX,DWORD PTR DS:[452574]
004427C4 |. D3E3
SHL EBX,CL
004427C6 |. 8B4D EC
MOV ECX,DWORD PTR SS:[LOCAL.5]
004427C9 |. F7D9
NEG ECX
004427CB |. 1BC9
SBB ECX,ECX
004427CD |. 81E1 00000080 AND ECX,80000000
004427D3 |. 0BD9
OR EBX,ECX
004427D5 |. 8B0D 78254500 MOV ECX,DWORD PTR DS:[452578]
004427DB |. 0B5D E0
OR EBX,DWORD PTR SS:[LOCAL.8]
004427DE |. 83F9 40
CMP ECX,40
004427E1 |. 75 0D
JNE SHORT 004427F0
004427E3 |. 8B4D 0C
MOV ECX,DWORD PTR SS:[ARG.2]
004427E6 |. 8B55 E4
MOV EDX,DWORD PTR SS:[LOCAL.7]
004427E9 |. 8959 04
MOV DWORD PTR DS:[ECX+4],EBX
004427EC |. 8911
MOV DWORD PTR DS:[ECX],EDX
004427EE |. EB 0A
JMP SHORT 004427FA
004427F0 |> 83F9 20
CMP ECX,20
004427F3 |. 75 05
JNE SHORT 004427FA
004427F5 |. 8B4D 0C
MOV ECX,DWORD PTR SS:[ARG.2]
004427F8 |. 8919
MOV DWORD PTR DS:[ECX],EBX
004427FA |> 5F
POP EDI
004427FB |. 5B
POP EBX
004427FC |. C9
LEAVE
004427FD \. C3
RETN
004427FE /$ 8BFF
MOV EDI,EDI
; SystemInf
o.004427FE(guessed Arg1,Arg2)
00442800 |. 55
PUSH EBP
00442801 |. 8BEC
MOV EBP,ESP
00442803 |. 83EC 2C
SUB ESP,2C
00442806 |. 8B45 08
MOV EAX,DWORD PTR SS:[ARG.1]
00442809 |. 0FB748 0A
MOVZX ECX,WORD PTR DS:[EAX+0A]
0044280D |. 53
PUSH EBX
0044280E |. 8BD9
MOV EBX,ECX
00442810 |. 81E1 00800000 AND ECX,00008000
00442816 |. 894D EC
MOV DWORD PTR SS:[LOCAL.5],ECX
00442819 |. 8B48 06
MOV ECX,DWORD PTR DS:[EAX+6]
0044281C |. 894D E0
MOV DWORD PTR SS:[LOCAL.8],ECX
0044281F |. 8B48 02
MOV ECX,DWORD PTR DS:[EAX+2]
00442822 |. 0FB700
MOVZX EAX,WORD PTR DS:[EAX]
00442825 |. 81E3 FF7F0000 AND EBX,00007FFF
0044282B |. 81EB FF3F0000 SUB EBX,3FFF

00442831
00442834
00442835
00442838
0044283B
00442841
00442843
00442845
00442847
0044284B
0044284D
0044284E
00442851
00442853
00442855
0044285A
0044285C
0044285F
00442860
00442861
00442863
00442864
00442865
0044286A
0044286E
0044286F
00442872
00442875
00442876
00442877
00442878
0044287E
0044287F
00442882
00442884
00442885
00442888
0044288A
0044288D
0044288F
00442895
00442898
0044289B
0044289D
0044289E
004428A1
004428A2
004428A6
004428A8
004428AA
004428AB
004428AD
004428AE
004428B0
004428B3
004428B5
004428BB
004428BE
004428C1
004428C3

|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.^
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.

C1E0 10
57
894D E4
8945 E8
81FB 01C0FFFF
75 27
33DB
33C0
395C85 E0
75 0D
40
83F8 03
7C F4
33C0
E9 A5040000
33C0
8D7D E0
AB
AB
6A 02
AB
58
E9 95040000
8365 08 00
56
8D75 E0
8D7D D4
A5
A5
A5
8B35 88254500
4E
8D4E 01
8BC1
99
83E2 1F
03C2
C1F8 05
8BD1
81E2 1F000080
895D F0
8945 F4
79 05
4A
83CA E0
42
8D7C85 E0
6A 1F
33C0
59
2BCA
40
D3E0
894D F8
8507
0F84 8D000000
8B45 F4
83CA FF
D3E2
F7D2

SHL EAX,10
PUSH EDI
MOV DWORD PTR SS:[LOCAL.7],ECX
MOV DWORD PTR SS:[LOCAL.6],EAX
CMP EBX,-3FFF
JNE SHORT 0044286A
XOR EBX,EBX
XOR EAX,EAX
/CMP DWORD PTR SS:[EAX*4+EBP-20],EBX
|JNE SHORT 0044285A
|INC EAX
|CMP EAX,3
\JL SHORT 00442847
XOR EAX,EAX
JMP 00442CFF
XOR EAX,EAX
LEA EDI,[LOCAL.8]
STOS DWORD PTR ES:[EDI]
STOS DWORD PTR ES:[EDI]
PUSH 2
STOS DWORD PTR ES:[EDI]
POP EAX
JMP 00442CFF
AND DWORD PTR SS:[ARG.1],00000000
PUSH ESI
LEA ESI,[LOCAL.8]
LEA EDI,[LOCAL.11]
MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ES
MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ES
MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ES
MOV ESI,DWORD PTR DS:[452588]
DEC ESI
LEA ECX,[ESI+1]
MOV EAX,ECX
CDQ
AND EDX,0000001F
ADD EAX,EDX
SAR EAX,5
MOV EDX,ECX
AND EDX,8000001F
MOV DWORD PTR SS:[LOCAL.4],EBX
MOV DWORD PTR SS:[LOCAL.3],EAX
JNS SHORT 004428A2
DEC EDX
OR EDX,FFFFFFE0
INC EDX
LEA EDI,[EAX*4+EBP-20]
PUSH 1F
XOR EAX,EAX
POP ECX
SUB ECX,EDX
INC EAX
SHL EAX,CL
MOV DWORD PTR SS:[LOCAL.2],ECX
TEST DWORD PTR DS:[EDI],EAX
JE 00442948
MOV EAX,DWORD PTR SS:[LOCAL.3]
OR EDX,FFFFFFFF
SHL EDX,CL
NOT EDX

004428C5
004428C9
004428CB
004428D0
004428D2
004428D3
004428D6
004428D8
004428DA
004428DC
004428DD
004428DF
004428E0
004428E2
004428E4
004428E7
004428ED
004428EF
004428F0
004428F3
004428F4
004428F8
004428FA
004428FC
004428FD
004428FF
00442903
00442905
00442907
0044290A
0044290C
0044290F
00442911
00442914
00442916
00442918
0044291A
0044291E
00442922
00442924
00442927
0044292A
0044292C
0044292E
00442931
00442933
0044293A
0044293B
0044293E
00442940
00442943
00442945
00442948
0044294B
0044294E
00442950
00442952
00442955
00442956
00442959

|.
|.
|>
|>
|.
|.
|.^
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|>
|>
|.
|.
|.
|.^
|>
|>
|.
|.
|.
|.
|.
|.
|.

855485 E0
EB 05
837C85 E0 00
75 08
40
83F8 03
7C F3
EB 6E
8BC6
99
6A 1F
59
23D1
03C2
C1F8 05
81E6 1F000080
79 05
4E
83CE E0
46
8365 FC 00
2BCE
33D2
42
D3E2
8D4C85 E0
8B31
03F2
8975 08
8B31
3975 08
72 22
3955 08
EB 1B
85C9
74 2B
8365 FC 00
8D4C85 E0
8B11
8D72 01
8975 08
3BF2
72 05
83FE 01
73 07
C745 FC 01000
48
8B55 08
8911
8B4D FC
79 D1
894D 08
8B4D F8
83C8 FF
D3E0
2107
8B45 F4
40
83F8 03
7D 0D

TEST DWORD PTR SS:[EAX*4+EBP-20],EDX


JMP SHORT 004428D0
/CMP DWORD PTR SS:[EAX*4+EBP-20],0
|JNE SHORT 004428DA
|INC EAX
|CMP EAX,3
\JL SHORT 004428CB
JMP SHORT 00442948
MOV EAX,ESI
CDQ
PUSH 1F
POP ECX
AND EDX,ECX
ADD EAX,EDX
SAR EAX,5
AND ESI,8000001F
JNS SHORT 004428F4
DEC ESI
OR ESI,FFFFFFE0
INC ESI
AND DWORD PTR SS:[LOCAL.1],00000000
SUB ECX,ESI
XOR EDX,EDX
INC EDX
SHL EDX,CL
LEA ECX,[EAX*4+EBP-20]
MOV ESI,DWORD PTR DS:[ECX]
ADD ESI,EDX
MOV DWORD PTR SS:[ARG.1],ESI
MOV ESI,DWORD PTR DS:[ECX]
CMP DWORD PTR SS:[ARG.1],ESI
JB SHORT 00442933
CMP DWORD PTR SS:[ARG.1],EDX
JMP SHORT 00442931
TEST ECX,ECX
JE SHORT 00442945
AND DWORD PTR SS:[LOCAL.1],00000000
LEA ECX,[EAX*4+EBP-20]
MOV EDX,DWORD PTR DS:[ECX]
LEA ESI,[EDX+1]
MOV DWORD PTR SS:[ARG.1],ESI
CMP ESI,EDX
JB SHORT 00442933
CMP ESI,1
JNB SHORT 0044293A
MOV DWORD PTR SS:[LOCAL.1],1
DEC EAX
MOV EDX,DWORD PTR SS:[ARG.1]
MOV DWORD PTR DS:[ECX],EDX
MOV ECX,DWORD PTR SS:[LOCAL.1]
JNS SHORT 00442916
MOV DWORD PTR SS:[ARG.1],ECX
MOV ECX,DWORD PTR SS:[LOCAL.2]
OR EAX,FFFFFFFF
SHL EAX,CL
AND DWORD PTR DS:[EDI],EAX
MOV EAX,DWORD PTR SS:[LOCAL.3]
INC EAX
CMP EAX,3
JGE SHORT 00442968

0044295B
0044295D
0044295E
00442962
00442964
00442966
00442968
0044296C
0044296E
0044296F
00442974
00442976
0044297C
0044297E
00442980
00442982
00442985
00442986
00442987
00442988
0044298D
0044298F
00442995
00442998
0044299B
0044299D
004429A0
004429A1
004429A2
004429A5
004429A7
004429A8
004429AA
004429AD
004429B3
004429B4
004429B6
004429B7
004429BA
004429BB
004429BF
004429C3
004429C6
004429C8
004429CA
004429D1
004429D4
004429D6
004429D9
004429DD
004429DF
004429E1
004429E3
004429E6
004429E8
004429EA
004429ED
004429F0
004429F2
004429F5

|.
|.
|.
|.
|.
|.
|>
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.

6A 03
59
8D7C85 E0
2BC8
33C0
F3:AB
837D 08 00
74 01
43
A1 84254500
8BC8
2B0D 88254500
3BD9
7D 0D
33C0
8D7D E0
AB
AB
AB
E9 0D020000
3BD8
0F8F 0F020000
2B45 F0
8D75 D4
8BC8
8D7D E0
A5
99
83E2 1F
03C2
A5
8BD1
C1F8 05
81E2 1F000080
A5
79 05
4A
83CA E0
42
8365 F4 00
8365 08 00
83CF FF
8BCA
D3E7
C745 FC 20000
2955 FC
F7D7
8B5D 08
8D5C9D E0
8B33
8BCE
23CF
894D F0
8BCA
D3EE
8B4D FC
0B75 F4
8933
8B75 F0
D3E6

PUSH 3
POP ECX
LEA EDI,[EAX*4+EBP-20]
SUB ECX,EAX
XOR EAX,EAX
REP STOS DWORD PTR ES:[EDI]
CMP DWORD PTR SS:[ARG.1],0
JE SHORT 0044296F
INC EBX
MOV EAX,DWORD PTR DS:[452584]
MOV ECX,EAX
SUB ECX,DWORD PTR DS:[452588]
CMP EBX,ECX
JGE SHORT 0044298D
XOR EAX,EAX
LEA EDI,[LOCAL.8]
STOS DWORD PTR ES:[EDI]
STOS DWORD PTR ES:[EDI]
STOS DWORD PTR ES:[EDI]
JMP 00442B9A
CMP EBX,EAX
JG 00442BA4
SUB EAX,DWORD PTR SS:[LOCAL.4]
LEA ESI,[LOCAL.11]
MOV ECX,EAX
LEA EDI,[LOCAL.8]
MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ES
CDQ
AND EDX,0000001F
ADD EAX,EDX
MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ES
MOV EDX,ECX
SAR EAX,5
AND EDX,8000001F
MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ES
JNS SHORT 004429BB
DEC EDX
OR EDX,FFFFFFE0
INC EDX
AND DWORD PTR SS:[LOCAL.3],00000000
AND DWORD PTR SS:[ARG.1],00000000
OR EDI,FFFFFFFF
MOV ECX,EDX
SHL EDI,CL
MOV DWORD PTR SS:[LOCAL.1],20
SUB DWORD PTR SS:[LOCAL.1],EDX
NOT EDI
/MOV EBX,DWORD PTR SS:[ARG.1]
|LEA EBX,[EBX*4+EBP-20]
|MOV ESI,DWORD PTR DS:[EBX]
|MOV ECX,ESI
|AND ECX,EDI
|MOV DWORD PTR SS:[LOCAL.4],ECX
|MOV ECX,EDX
|SHR ESI,CL
|MOV ECX,DWORD PTR SS:[LOCAL.1]
|OR ESI,DWORD PTR SS:[LOCAL.3]
|MOV DWORD PTR DS:[EBX],ESI
|MOV ESI,DWORD PTR SS:[LOCAL.4]
|SHL ESI,CL

004429F7
004429FA
004429FE
00442A01
00442A03
00442A05
00442A07
00442A0A
00442A0D
00442A0E
00442A10
00442A12
00442A14
00442A16
00442A1A
00442A1C
00442A21
00442A22
00442A25
00442A27
00442A29
00442A2F
00442A30
00442A33
00442A35
00442A36
00442A39
00442A3B
00442A3E
00442A40
00442A46
00442A49
00442A4B
00442A4C
00442A4F
00442A50
00442A52
00442A53
00442A55
00442A57
00442A58
00442A5A
00442A5E
00442A61
00442A63
00442A69
00442A6C
00442A6E
00442A70
00442A74
00442A76
00442A7B
00442A7D
00442A7E
00442A81
00442A83
00442A85
00442A87
00442A88
00442A8A

|.
|.
|.
|.^
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|>
|>
|.
|.
|.^
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|>
|.
|.
|.^
|.
|>
|.
|.
|.

FF45 08
837D 08 03
8975 F4
7C D3
8BF0
6A 02
C1E6 02
8D4D E8
5A
2BCE
3BD0
7C 08
8B31
897495 E0
EB 05
836495 E0 00
4A
83E9 04
85D2
7D E7
8B35 88254500
4E
8D4E 01
8BC1
99
83E2 1F
03C2
C1F8 05
8BD1
81E2 1F000080
8945 F4
79 05
4A
83CA E0
42
6A 1F
59
2BCA
33D2
42
D3E2
8D5C85 E0
894D F0
8513
0F84 82000000
83CA FF
D3E2
F7D2
855485 E0
EB 05
837C85 E0 00
75 08
40
83F8 03
7C F3
EB 66
8BC6
99
6A 1F
59

|INC DWORD PTR SS:[ARG.1]


|CMP DWORD PTR SS:[ARG.1],3
|MOV DWORD PTR SS:[LOCAL.3],ESI
\JL SHORT 004429D6
MOV ESI,EAX
PUSH 2
SHL ESI,2
LEA ECX,[LOCAL.6]
POP EDX
SUB ECX,ESI
/CMP EDX,EAX
|JL SHORT 00442A1C
|MOV ESI,DWORD PTR DS:[ECX]
|MOV DWORD PTR SS:[EDX*4+EBP-20],ESI
|JMP SHORT 00442A21
|AND DWORD PTR SS:[EDX*4+EBP-20],0000000
|DEC EDX
|SUB ECX,4
|TEST EDX,EDX
\JGE SHORT 00442A10
MOV ESI,DWORD PTR DS:[452588]
DEC ESI
LEA ECX,[ESI+1]
MOV EAX,ECX
CDQ
AND EDX,0000001F
ADD EAX,EDX
SAR EAX,5
MOV EDX,ECX
AND EDX,8000001F
MOV DWORD PTR SS:[LOCAL.3],EAX
JNS SHORT 00442A50
DEC EDX
OR EDX,FFFFFFE0
INC EDX
PUSH 1F
POP ECX
SUB ECX,EDX
XOR EDX,EDX
INC EDX
SHL EDX,CL
LEA EBX,[EAX*4+EBP-20]
MOV DWORD PTR SS:[LOCAL.4],ECX
TEST DWORD PTR DS:[EBX],EDX
JE 00442AEB
OR EDX,FFFFFFFF
SHL EDX,CL
NOT EDX
TEST DWORD PTR SS:[EAX*4+EBP-20],EDX
JMP SHORT 00442A7B
/CMP DWORD PTR SS:[EAX*4+EBP-20],0
|JNE SHORT 00442A85
|INC EAX
|CMP EAX,3
\JL SHORT 00442A76
JMP SHORT 00442AEB
MOV EAX,ESI
CDQ
PUSH 1F
POP ECX

00442A8B
00442A8D
00442A8F
00442A92
00442A98
00442A9A
00442A9B
00442A9E
00442A9F
00442AA3
00442AA5
00442AA7
00442AA8
00442AAA
00442AAE
00442AB0
00442AB3
00442AB5
00442AB7
00442AB9
00442ABB
00442AC2
00442AC4
00442AC7
00442AC9
00442ACB
00442ACD
00442AD1
00442AD3
00442AD6
00442AD8
00442ADA
00442ADC
00442ADF
00442AE1
00442AE3
00442AE4
00442AE6
00442AE8
00442AE9
00442AEB
00442AEE
00442AF1
00442AF3
00442AF5
00442AF8
00442AF9
00442AFC
00442AFE
00442B00
00442B01
00442B05
00442B07
00442B09
00442B0B
00442B11
00442B12
00442B14
00442B15
00442B18

|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|>
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|>
|.
|>
|.^
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.

23D1
03C2
C1F8 05
81E6 1F000080
79 05
4E
83CE E0
46
8365 08 00
33D2
2BCE
42
D3E2
8D4C85 E0
8B31
8D3C16
3BFE
72 04
3BFA
73 07
C745 08 01000
8939
8B4D 08
EB 1F
85C9
74 1E
8D4C85 E0
8B11
8D72 01
33FF
3BF2
72 05
83FE 01
73 03
33FF
47
8931
8BCF
48
79 DE
8B4D F0
83C8 FF
D3E0
2103
8B45 F4
40
83F8 03
7D 0D
6A 03
59
8D7C85 E0
2BC8
33C0
F3:AB
8B0D 8C254500
41
8BC1
99
83E2 1F
03C2

AND EDX,ECX
ADD EAX,EDX
SAR EAX,5
AND ESI,8000001F
JNS SHORT 00442A9F
DEC ESI
OR ESI,FFFFFFE0
INC ESI
AND DWORD PTR SS:[ARG.1],00000000
XOR EDX,EDX
SUB ECX,ESI
INC EDX
SHL EDX,CL
LEA ECX,[EAX*4+EBP-20]
MOV ESI,DWORD PTR DS:[ECX]
LEA EDI,[EDX+ESI]
CMP EDI,ESI
JB SHORT 00442ABB
CMP EDI,EDX
JNB SHORT 00442AC2
MOV DWORD PTR SS:[ARG.1],1
MOV DWORD PTR DS:[ECX],EDI
MOV ECX,DWORD PTR SS:[ARG.1]
JMP SHORT 00442AE8
/TEST ECX,ECX
|JE SHORT 00442AEB
|LEA ECX,[EAX*4+EBP-20]
|MOV EDX,DWORD PTR DS:[ECX]
|LEA ESI,[EDX+1]
|XOR EDI,EDI
|CMP ESI,EDX
|JB SHORT 00442AE1
|CMP ESI,1
|JNB SHORT 00442AE4
|XOR EDI,EDI
|INC EDI
|MOV DWORD PTR DS:[ECX],ESI
|MOV ECX,EDI
|DEC EAX
\JNS SHORT 00442AC9
MOV ECX,DWORD PTR SS:[LOCAL.4]
OR EAX,FFFFFFFF
SHL EAX,CL
AND DWORD PTR DS:[EBX],EAX
MOV EAX,DWORD PTR SS:[LOCAL.3]
INC EAX
CMP EAX,3
JGE SHORT 00442B0B
PUSH 3
POP ECX
LEA EDI,[EAX*4+EBP-20]
SUB ECX,EAX
XOR EAX,EAX
REP STOS DWORD PTR ES:[EDI]
MOV ECX,DWORD PTR DS:[45258C]
INC ECX
MOV EAX,ECX
CDQ
AND EDX,0000001F
ADD EAX,EDX

00442B1A
00442B1C
00442B1F
00442B25
00442B27
00442B28
00442B2B
00442B2C
00442B30
00442B34
00442B37
00442B39
00442B3B
00442B42
00442B45
00442B47
00442B4A
00442B4E
00442B50
00442B52
00442B54
00442B57
00442B59
00442B5B
00442B5E
00442B61
00442B63
00442B66
00442B68
00442B6B
00442B6F
00442B72
00442B74
00442B76
00442B78
00442B7B
00442B7E
00442B7F
00442B81
00442B83
00442B85
00442B87
00442B8B
00442B8D
00442B92
00442B93
00442B96
00442B98
00442B9A
00442B9C
00442B9E
00442B9F
00442BA4
00442BAA
00442BB0
00442BB6
00442BB8
00442BBB
00442BBC
00442BBD

|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.^
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|>
|>
|.
|.
|.^
|>
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.

8BD1
C1F8 05
81E2 1F000080
79 05
4A
83CA E0
42
8365 F4 00
8365 08 00
83CF FF
8BCA
D3E7
C745 FC 20000
2955 FC
F7D7
8B5D 08
8D5C9D E0
8B33
8BCE
23CF
894D F0
8BCA
D3EE
8B4D FC
0B75 F4
8933
8B75 F0
D3E6
FF45 08
837D 08 03
8975 F4
7C D3
8BF0
6A 02
C1E6 02
8D4D E8
5A
2BCE
3BD0
7C 08
8B31
897495 E0
EB 05
836495 E0 00
4A
83E9 04
85D2
7D E7
6A 02
33DB
58
E9 5A010000
3B1D 80254500
8B0D 8C254500
0F8C AD000000
33C0
8D7D E0
AB
AB
AB

MOV EDX,ECX
SAR EAX,5
AND EDX,8000001F
JNS SHORT 00442B2C
DEC EDX
OR EDX,FFFFFFE0
INC EDX
AND DWORD PTR SS:[LOCAL.3],00000000
AND DWORD PTR SS:[ARG.1],00000000
OR EDI,FFFFFFFF
MOV ECX,EDX
SHL EDI,CL
MOV DWORD PTR SS:[LOCAL.1],20
SUB DWORD PTR SS:[LOCAL.1],EDX
NOT EDI
/MOV EBX,DWORD PTR SS:[ARG.1]
|LEA EBX,[EBX*4+EBP-20]
|MOV ESI,DWORD PTR DS:[EBX]
|MOV ECX,ESI
|AND ECX,EDI
|MOV DWORD PTR SS:[LOCAL.4],ECX
|MOV ECX,EDX
|SHR ESI,CL
|MOV ECX,DWORD PTR SS:[LOCAL.1]
|OR ESI,DWORD PTR SS:[LOCAL.3]
|MOV DWORD PTR DS:[EBX],ESI
|MOV ESI,DWORD PTR SS:[LOCAL.4]
|SHL ESI,CL
|INC DWORD PTR SS:[ARG.1]
|CMP DWORD PTR SS:[ARG.1],3
|MOV DWORD PTR SS:[LOCAL.3],ESI
\JL SHORT 00442B47
MOV ESI,EAX
PUSH 2
SHL ESI,2
LEA ECX,[LOCAL.6]
POP EDX
SUB ECX,ESI
/CMP EDX,EAX
|JL SHORT 00442B8D
|MOV ESI,DWORD PTR DS:[ECX]
|MOV DWORD PTR SS:[EDX*4+EBP-20],ESI
|JMP SHORT 00442B92
|AND DWORD PTR SS:[EDX*4+EBP-20],0000000
|DEC EDX
|SUB ECX,4
|TEST EDX,EDX
\JGE SHORT 00442B81
PUSH 2
XOR EBX,EBX
POP EAX
JMP 00442CFE
CMP EBX,DWORD PTR DS:[452580]
MOV ECX,DWORD PTR DS:[45258C]
JL 00442C63
XOR EAX,EAX
LEA EDI,[LOCAL.8]
STOS DWORD PTR ES:[EDI]
STOS DWORD PTR ES:[EDI]
STOS DWORD PTR ES:[EDI]

00442BBE
00442BC5
00442BC7
00442BC8
00442BCB
00442BCD
00442BCF
00442BD2
00442BD8
00442BDA
00442BDB
00442BDE
00442BDF
00442BE3
00442BE7
00442BEA
00442BEC
00442BEE
00442BF5
00442BF8
00442BFA
00442BFD
00442C01
00442C03
00442C05
00442C07
00442C0A
00442C0C
00442C0E
00442C11
00442C14
00442C16
00442C19
00442C1B
00442C1E
00442C22
00442C25
00442C27
00442C29
00442C2B
00442C2E
00442C31
00442C32
00442C34
00442C36
00442C38
00442C3A
00442C3E
00442C40
00442C45
00442C46
00442C49
00442C4B
00442C4D
00442C52
00442C58
00442C5B
00442C5D
00442C5E
00442C63

|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.^
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|>
|>
|.
|.
|.^
|.
|.
|.
|.
|.
|.
|>

814D E0 00000
8BC1
99
83E2 1F
03C2
8BD1
C1F8 05
81E2 1F000080
79 05
4A
83CA E0
42
8365 F4 00
8365 08 00
83CF FF
8BCA
D3E7
C745 FC 20000
2955 FC
F7D7
8B5D 08
8D5C9D E0
8B33
8BCE
23CF
894D F0
8BCA
D3EE
8B4D FC
0B75 F4
8933
8B75 F0
D3E6
FF45 08
837D 08 03
8975 F4
7C D3
8BF0
6A 02
C1E6 02
8D4D E8
5A
2BCE
3BD0
7C 08
8B31
897495 E0
EB 05
836495 E0 00
4A
83E9 04
85D2
7D E7
A1 80254500
8B0D 94254500
8D1C01
33C0
40
E9 9B000000
A1 94254500

OR DWORD PTR SS:[LOCAL.8],80000000


MOV EAX,ECX
CDQ
AND EDX,0000001F
ADD EAX,EDX
MOV EDX,ECX
SAR EAX,5
AND EDX,8000001F
JNS SHORT 00442BDF
DEC EDX
OR EDX,FFFFFFE0
INC EDX
AND DWORD PTR SS:[LOCAL.3],00000000
AND DWORD PTR SS:[ARG.1],00000000
OR EDI,FFFFFFFF
MOV ECX,EDX
SHL EDI,CL
MOV DWORD PTR SS:[LOCAL.1],20
SUB DWORD PTR SS:[LOCAL.1],EDX
NOT EDI
/MOV EBX,DWORD PTR SS:[ARG.1]
|LEA EBX,[EBX*4+EBP-20]
|MOV ESI,DWORD PTR DS:[EBX]
|MOV ECX,ESI
|AND ECX,EDI
|MOV DWORD PTR SS:[LOCAL.4],ECX
|MOV ECX,EDX
|SHR ESI,CL
|MOV ECX,DWORD PTR SS:[LOCAL.1]
|OR ESI,DWORD PTR SS:[LOCAL.3]
|MOV DWORD PTR DS:[EBX],ESI
|MOV ESI,DWORD PTR SS:[LOCAL.4]
|SHL ESI,CL
|INC DWORD PTR SS:[ARG.1]
|CMP DWORD PTR SS:[ARG.1],3
|MOV DWORD PTR SS:[LOCAL.3],ESI
\JL SHORT 00442BFA
MOV ESI,EAX
PUSH 2
SHL ESI,2
LEA ECX,[LOCAL.6]
POP EDX
SUB ECX,ESI
/CMP EDX,EAX
|JL SHORT 00442C40
|MOV ESI,DWORD PTR DS:[ECX]
|MOV DWORD PTR SS:[EDX*4+EBP-20],ESI
|JMP SHORT 00442C45
|AND DWORD PTR SS:[EDX*4+EBP-20],0000000
|DEC EDX
|SUB ECX,4
|TEST EDX,EDX
\JGE SHORT 00442C34
MOV EAX,DWORD PTR DS:[452580]
MOV ECX,DWORD PTR DS:[452594]
LEA EBX,[EAX+ECX]
XOR EAX,EAX
INC EAX
JMP 00442CFE
MOV EAX,DWORD PTR DS:[452594]

00442C68
00442C6F
00442C71
00442C73
00442C74
00442C77
00442C79
00442C7B
00442C7E
00442C84
00442C86
00442C87
00442C8A
00442C8B
00442C8F
00442C93
00442C96
00442C98
00442C9A
00442CA1
00442CA4
00442CA6
00442CA9
00442CAD
00442CAF
00442CB1
00442CB4
00442CB6
00442CB8
00442CBB
00442CBE
00442CC2
00442CC5
00442CC8
00442CCA
00442CCD
00442CD1
00442CD4
00442CD6
00442CD8
00442CDA
00442CDD
00442CE0
00442CE1
00442CE3
00442CE5
00442CE7
00442CE9
00442CED
00442CEF
00442CF4
00442CF5
00442CF8
00442CFA
00442CFC
00442CFE
00442CFF
00442D01
00442D02
00442D08

|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.^
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|>
|>
|.
|.
|.^
|.
|>
|>
|.
|.
|.

8165 E0 FFFFF
03D8
8BC1
99
83E2 1F
03C2
8BD1
C1F8 05
81E2 1F000080
79 05
4A
83CA E0
42
8365 F4 00
8365 08 00
83CE FF
8BCA
D3E6
C745 FC 20000
2955 FC
F7D6
8B4D 08
8B7C8D E0
8BCF
23CE
894D F0
8BCA
D3EF
8B4D 08
0B7D F4
897C8D E0
8B7D F0
8B4D FC
D3E7
FF45 08
837D 08 03
897D F4
7C D0
8BF0
6A 02
C1E6 02
8D4D E8
5A
2BCE
3BD0
7C 08
8B31
897495 E0
EB 05
836495 E0 00
4A
83E9 04
85D2
7D E7
33C0
5E
6A 1F
59
2B0D 8C254500
D3E3

AND DWORD PTR SS:[LOCAL.8],7FFFFFFF


ADD EBX,EAX
MOV EAX,ECX
CDQ
AND EDX,0000001F
ADD EAX,EDX
MOV EDX,ECX
SAR EAX,5
AND EDX,8000001F
JNS SHORT 00442C8B
DEC EDX
OR EDX,FFFFFFE0
INC EDX
AND DWORD PTR SS:[LOCAL.3],00000000
AND DWORD PTR SS:[ARG.1],00000000
OR ESI,FFFFFFFF
MOV ECX,EDX
SHL ESI,CL
MOV DWORD PTR SS:[LOCAL.1],20
SUB DWORD PTR SS:[LOCAL.1],EDX
NOT ESI
/MOV ECX,DWORD PTR SS:[ARG.1]
|MOV EDI,DWORD PTR SS:[ECX*4+EBP-20]
|MOV ECX,EDI
|AND ECX,ESI
|MOV DWORD PTR SS:[LOCAL.4],ECX
|MOV ECX,EDX
|SHR EDI,CL
|MOV ECX,DWORD PTR SS:[ARG.1]
|OR EDI,DWORD PTR SS:[LOCAL.3]
|MOV DWORD PTR SS:[ECX*4+EBP-20],EDI
|MOV EDI,DWORD PTR SS:[LOCAL.4]
|MOV ECX,DWORD PTR SS:[LOCAL.1]
|SHL EDI,CL
|INC DWORD PTR SS:[ARG.1]
|CMP DWORD PTR SS:[ARG.1],3
|MOV DWORD PTR SS:[LOCAL.3],EDI
\JL SHORT 00442CA6
MOV ESI,EAX
PUSH 2
SHL ESI,2
LEA ECX,[LOCAL.6]
POP EDX
SUB ECX,ESI
/CMP EDX,EAX
|JL SHORT 00442CEF
|MOV ESI,DWORD PTR DS:[ECX]
|MOV DWORD PTR SS:[EDX*4+EBP-20],ESI
|JMP SHORT 00442CF4
|AND DWORD PTR SS:[EDX*4+EBP-20],0000000
|DEC EDX
|SUB ECX,4
|TEST EDX,EDX
\JGE SHORT 00442CE3
XOR EAX,EAX
POP ESI
PUSH 1F
POP ECX
SUB ECX,DWORD PTR DS:[45258C]
SHL EBX,CL

00442D0A |.
00442D0D |.
00442D0F |.
00442D11 |.
00442D17 |.
00442D19 |.
00442D1F |.
00442D22 |.
00442D25 |.
00442D27 |.
00442D2A |.
00442D2D |.
00442D30 |.
00442D32 |.
00442D34 |>
00442D37 |.
00442D39 |.
00442D3C |.
00442D3E |>
00442D3F |.
00442D40 |.
00442D41 \.
00442D42 /$
00442D44 |.
00442D45 |.
00442D47 |.
00442D4A |.
00442D4F |.
00442D51 |.
00442D54 |.
00442D57 |.
00442D58 |.
00442D5A |.
00442D5B |.
00442D5D |.
00442D60 |.
00442D63 |.
00442D64 |.
00442D66 |.
00442D67 |.
00442D6A |.
00442D6D |.
00442D70 |.
00442D73 |.
00442D76 |.
00442D79 |.
00442D7C |.
00442D7F |.
00442D82 |.
00442D85 |.
00442D88 |.
00442D8B |.
00442D8D |.
fo.004343FD
00442D92 |.
00442D93 |.
00442D94 |.
00442D95 |.
00442D96 |.
00442D97 |.

8B4D EC
F7D9
1BC9
81E1 00000080
0BD9
8B0D 90254500
0B5D E0
83F9 40
75 0D
8B4D 0C
8B55 E4
8959 04
8911
EB 0A
83F9 20
75 05
8B4D 0C
8919
5F
5B
C9
C3
8BFF
55
8BEC
83EC 7C
A1 A0154500
33C5
8945 FC
8B45 08
53
33DB
56
33F6
8945 88
8B45 0C
46
33C9
57
8945 90
8D7D E0
895D 8C
8975 98
895D B4
895D A8
895D A4
895D A0
895D 9C
895D B0
895D 94
395D 24
75 1F
E8 6B16FFFF

MOV ECX,DWORD PTR SS:[LOCAL.5]


NEG ECX
SBB ECX,ECX
AND ECX,80000000
OR EBX,ECX
MOV ECX,DWORD PTR DS:[452590]
OR EBX,DWORD PTR SS:[LOCAL.8]
CMP ECX,40
JNE SHORT 00442D34
MOV ECX,DWORD PTR SS:[ARG.2]
MOV EDX,DWORD PTR SS:[LOCAL.7]
MOV DWORD PTR DS:[ECX+4],EBX
MOV DWORD PTR DS:[ECX],EDX
JMP SHORT 00442D3E
CMP ECX,20
JNE SHORT 00442D3E
MOV ECX,DWORD PTR SS:[ARG.2]
MOV DWORD PTR DS:[ECX],EBX
POP EDI
POP EBX
LEAVE
RETN
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
SUB ESP,7C
MOV EAX,DWORD PTR DS:[4515A0]
XOR EAX,EBP
MOV DWORD PTR SS:[LOCAL.1],EAX
MOV EAX,DWORD PTR SS:[ARG.1]
PUSH EBX
XOR EBX,EBX
PUSH ESI
XOR ESI,ESI
MOV DWORD PTR SS:[LOCAL.30],EAX
MOV EAX,DWORD PTR SS:[ARG.2]
INC ESI
XOR ECX,ECX
PUSH EDI
MOV DWORD PTR SS:[LOCAL.28],EAX
LEA EDI,[LOCAL.8]
MOV DWORD PTR SS:[LOCAL.29],EBX
MOV DWORD PTR SS:[LOCAL.26],ESI
MOV DWORD PTR SS:[LOCAL.19],EBX
MOV DWORD PTR SS:[LOCAL.22],EBX
MOV DWORD PTR SS:[LOCAL.23],EBX
MOV DWORD PTR SS:[LOCAL.24],EBX
MOV DWORD PTR SS:[LOCAL.25],EBX
MOV DWORD PTR SS:[LOCAL.20],EBX
MOV DWORD PTR SS:[LOCAL.27],EBX
CMP DWORD PTR SS:[ARG.8],EBX
JNE SHORT 00442DAC
CALL 004343FD

; [SystemIn

53
53
53
53
53
C700 16000000

PUSH EBX
PUSH EBX
PUSH EBX
PUSH EBX
PUSH EBX
MOV DWORD PTR DS:[EAX],16

;
;
;
;
;
;

/Arg5
|Arg4
|Arg3
|Arg2
|Arg1
|

00442D9D |. E8 C0BAFEFF CALL 0042E862


; \SystemIn
fo.0042E862
00442DA2 |. 83C4 14
ADD ESP,14
00442DA5 |. 33C0
XOR EAX,EAX
00442DA7 |. E9 4E060000 JMP 004433FA
00442DAC |> 8B55 10
MOV EDX,DWORD PTR SS:[ARG.3]
00442DAF |. 8955 AC
MOV DWORD PTR SS:[LOCAL.21],EDX
00442DB2 |> 8A02
/MOV AL,BYTE PTR DS:[EDX]
00442DB4 |. 3C 20
|CMP AL,20
00442DB6 |. 74 0C
|JE SHORT 00442DC4
00442DB8 |. 3C 09
|CMP AL,9
00442DBA |. 74 08
|JE SHORT 00442DC4
00442DBC |. 3C 0A
|CMP AL,0A
00442DBE |. 74 04
|JE SHORT 00442DC4
00442DC0 |. 3C 0D
|CMP AL,0D
00442DC2 |. 75 03
|JNE SHORT 00442DC7
00442DC4 |> 42
|INC EDX
00442DC5 |.^ EB EB
\JMP SHORT 00442DB2
00442DC7 |> B3 30
MOV BL,30
00442DC9 |> 8A02
MOV AL,BYTE PTR DS:[EDX]
00442DCB |. 42
INC EDX
00442DCC |. 83F9 0B
CMP ECX,0B
; Switch (c
ases 0..B, 12. exits)
00442DCF |. 0F87 2F020000 JA 00443004
00442DD5 |. FF248D 0A3444 JMP DWORD PTR DS:[ECX*4+44340A]
00442DDC |> 8AC8
MOV CL,AL
; Case 0 of
switch SystemInfo.442DCC
00442DDE |. 80E9 31
SUB CL,31
; Switch (c
ases 31..39, 2 exits)
00442DE1 |. 80F9 08
CMP CL,8
00442DE4 |. 77 06
JA SHORT 00442DEC
00442DE6 |> 6A 03
PUSH 3
; Cases 31
('1'), 32 ('2'), 33 ('3'), 34 ('4'), 35 ('5'), 36 ('6'), 37 ('7'), 38 ('8'), 39
('9') of switch SystemInfo.442DDE
00442DE8 |> 59
POP ECX
00442DE9 |. 4A
DEC EDX
00442DEA |.^ EB DD
JMP SHORT 00442DC9
00442DEC |> 8B4D 24
MOV ECX,DWORD PTR SS:[ARG.8]
; Default c
ase of switch SystemInfo.442DDE
00442DEF |. 8B09
MOV ECX,DWORD PTR DS:[ECX]
00442DF1 |. 8B89 BC000000 MOV ECX,DWORD PTR DS:[ECX+0BC]
00442DF7 |. 8B09
MOV ECX,DWORD PTR DS:[ECX]
00442DF9 |. 3A01
CMP AL,BYTE PTR DS:[ECX]
00442DFB |. 75 05
JNE SHORT 00442E02
00442DFD |> 6A 05
PUSH 5
00442DFF |> 59
POP ECX
00442E00 |.^ EB C7
JMP SHORT 00442DC9
00442E02 |> 0FBEC0
MOVSX EAX,AL
00442E05 |. 83E8 2B
SUB EAX,2B
; Switch (c
ases 2B..30, 4 exits)
00442E08 |. 74 1D
JE SHORT 00442E27
00442E0A |. 48
DEC EAX
00442E0B |. 48
DEC EAX
00442E0C |. 74 0D
JE SHORT 00442E1B
00442E0E |. 83E8 03
SUB EAX,3
00442E11 |. 0F85 8B010000 JNE 00442FA2
00442E17 |> 8BCE
MOV ECX,ESI
; Case 30 (
'0') of switch SystemInfo.442E05
00442E19 |.^ EB AE
JMP SHORT 00442DC9
00442E1B |> 6A 02
PUSH 2
; Case 2D (

'-') of switch SystemInfo.442E05


00442E1D |. 59
POP ECX
00442E1E |. C745 8C 00800 MOV DWORD PTR SS:[LOCAL.29],8000
00442E25 |.^ EB A2
JMP SHORT 00442DC9
00442E27 |> 8365 8C 00
AND DWORD PTR SS:[LOCAL.29],00000000
'+') of switch SystemInfo.442E05
00442E2B |. 6A 02
PUSH 2
00442E2D |. 59
POP ECX
00442E2E |.^ EB 99
JMP SHORT 00442DC9
00442E30 |> 8AC8
MOV CL,AL
switch SystemInfo.442DCC
00442E32 |. 80E9 31
SUB CL,31
00442E35 |. 8975 A8
MOV DWORD PTR SS:[LOCAL.22],ESI
00442E38 |. 80F9 08
CMP CL,8
00442E3B |.^ 76 A9
JBE SHORT 00442DE6
00442E3D |. 8B4D 24
MOV ECX,DWORD PTR SS:[ARG.8]
00442E40 |. 8B09
MOV ECX,DWORD PTR DS:[ECX]
00442E42 |. 8B89 BC000000 MOV ECX,DWORD PTR DS:[ECX+0BC]
00442E48 |. 8B09
MOV ECX,DWORD PTR DS:[ECX]
00442E4A |. 3A01
CMP AL,BYTE PTR DS:[ECX]
00442E4C |. 75 04
JNE SHORT 00442E52
00442E4E |> 6A 04
PUSH 4
00442E50 |.^ EB AD
JMP SHORT 00442DFF
00442E52 |> 3C 2B
CMP AL,2B
00442E54 |. 74 28
JE SHORT 00442E7E
00442E56 |. 3C 2D
CMP AL,2D
00442E58 |. 74 24
JE SHORT 00442E7E
00442E5A |. 3AC3
CMP AL,BL
00442E5C |.^ 74 B9
JE SHORT 00442E17
00442E5E |> 3C 43
CMP AL,43
00442E60 |. 0F8E 3C010000 JLE 00442FA2
00442E66 |. 3C 45
CMP AL,45
00442E68 |. 7E 10
JLE SHORT 00442E7A
00442E6A |. 3C 63
CMP AL,63
00442E6C |. 0F8E 30010000 JLE 00442FA2
00442E72 |. 3C 65
CMP AL,65
00442E74 |. 0F8F 28010000 JG 00442FA2
00442E7A |> 6A 06
PUSH 6
00442E7C |.^ EB 81
JMP SHORT 00442DFF
00442E7E |> 4A
DEC EDX
00442E7F |. 6A 0B
PUSH 0B
00442E81 |.^ E9 79FFFFFF JMP 00442DFF
00442E86 |> 8AC8
MOV CL,AL
switch SystemInfo.442DCC
00442E88 |. 80E9 31
SUB CL,31
00442E8B |. 80F9 08
CMP CL,8
00442E8E |.^ 0F86 52FFFFFF JBE 00442DE6
00442E94 |. 8B4D 24
MOV ECX,DWORD PTR SS:[ARG.8]
00442E97 |. 8B09
MOV ECX,DWORD PTR DS:[ECX]
00442E99 |. 8B89 BC000000 MOV ECX,DWORD PTR DS:[ECX+0BC]
00442E9F |. 8B09
MOV ECX,DWORD PTR DS:[ECX]
00442EA1 |. 3A01
CMP AL,BYTE PTR DS:[ECX]
00442EA3 |.^ 0F84 54FFFFFF JE 00442DFD
00442EA9 |. 3AC3
CMP AL,BL
00442EAB |.^ 0F84 66FFFFFF JE 00442E17
00442EB1 |> 8B55 AC
MOV EDX,DWORD PTR SS:[LOCAL.21]
00442EB4 |. E9 14010000 JMP 00442FCD
00442EB9 |> 8975 A8
MOV DWORD PTR SS:[LOCAL.22],ESI
switch SystemInfo.442DCC
00442EBC |. EB 1A
JMP SHORT 00442ED8

; Case 2B (

; Case 1 of

; Case 2 of

; Case 3 of

00442EBE |> 3C 39
00442EC0 |. 7F 1A
00442EC2 |. 837D B4 19
00442EC6 |. 73 0A
00442EC8 |. FF45 B4
00442ECB |. 2AC3
00442ECD |. 8807
00442ECF |. 47
00442ED0 |. EB 03
00442ED2 |> FF45 B0
00442ED5 |> 8A02
00442ED7 |. 42
00442ED8 |> 3AC3
00442EDA |.^ 7D E2
00442EDC |> 8B4D 24
00442EDF |. 8B09
00442EE1 |. 8B89 BC000000
00442EE7 |. 8B09
00442EE9 |. 3A01
00442EEB |.^ 0F84 5DFFFFFF
00442EF1 |> 3C 2B
00442EF3 |.^ 74 89
00442EF5 |. 3C 2D
00442EF7 |.^ 74 85
00442EF9 |.^ E9 60FFFFFF
00442EFE |> 837D B4 00
switch SystemInfo.442DCC
00442F02 |. 8975 A8
00442F05 |. 8975 A4
00442F08 |. 75 26
00442F0A |. EB 06
00442F0C |> FF4D B0
00442F0F |. 8A02
00442F11 |. 42
00442F12 |> 3AC3
00442F14 |.^ 74 F6
00442F16 |. EB 18
00442F18 |> 3C 39
00442F1A |.^ 7F D5
00442F1C |. 837D B4 19
00442F20 |. 73 0B
00442F22 |. FF45 B4
00442F25 |. 2AC3
00442F27 |. 8807
00442F29 |. 47
00442F2A |. FF4D B0
00442F2D |> 8A02
00442F2F |. 42
00442F30 |> 3AC3
00442F32 |.^ 7D E4
00442F34 |.^ EB BB
00442F36 |> 2AC3
switch SystemInfo.442DCC
00442F38 |. 8975 A4
00442F3B |. 3C 09
00442F3D |.^ 0F87 6EFFFFFF
00442F43 |. 6A 04
00442F45 |.^ E9 9EFEFFFF
00442F4A |> 8D4A FE
switch SystemInfo.442DCC

/CMP AL,39
|JG SHORT 00442EDC
|CMP DWORD PTR SS:[LOCAL.19],19
|JNB SHORT 00442ED2
|INC DWORD PTR SS:[LOCAL.19]
|SUB AL,BL
|MOV BYTE PTR DS:[EDI],AL
|INC EDI
|JMP SHORT 00442ED5
|INC DWORD PTR SS:[LOCAL.20]
|MOV AL,BYTE PTR DS:[EDX]
|INC EDX
|CMP AL,BL
\JGE SHORT 00442EBE
MOV ECX,DWORD PTR SS:[ARG.8]
MOV ECX,DWORD PTR DS:[ECX]
MOV ECX,DWORD PTR DS:[ECX+0BC]
MOV ECX,DWORD PTR DS:[ECX]
CMP AL,BYTE PTR DS:[ECX]
JE 00442E4E
CMP AL,2B
JE SHORT 00442E7E
CMP AL,2D
JE SHORT 00442E7E
JMP 00442E5E
CMP DWORD PTR SS:[LOCAL.19],0

; Case 4 of

MOV DWORD PTR SS:[LOCAL.22],ESI


MOV DWORD PTR SS:[LOCAL.23],ESI
JNE SHORT 00442F30
JMP SHORT 00442F12
/DEC DWORD PTR SS:[LOCAL.20]
|MOV AL,BYTE PTR DS:[EDX]
|INC EDX
|CMP AL,BL
\JE SHORT 00442F0C
JMP SHORT 00442F30
/CMP AL,39
|JG SHORT 00442EF1
|CMP DWORD PTR SS:[LOCAL.19],19
|JNB SHORT 00442F2D
|INC DWORD PTR SS:[LOCAL.19]
|SUB AL,BL
|MOV BYTE PTR DS:[EDI],AL
|INC EDI
|DEC DWORD PTR SS:[LOCAL.20]
|MOV AL,BYTE PTR DS:[EDX]
|INC EDX
|CMP AL,BL
\JGE SHORT 00442F18
JMP SHORT 00442EF1
SUB AL,BL

; Case 5 of

MOV DWORD PTR SS:[LOCAL.23],ESI


CMP AL,9
JA 00442EB1
PUSH 4
JMP 00442DE8
LEA ECX,[EDX-2]

; Case 6 of

00442F4D |. 894D AC
MOV DWORD PTR SS:[LOCAL.21],ECX
00442F50 |. 8AC8
MOV CL,AL
00442F52 |. 80E9 31
SUB CL,31
; Switch (c
ases 31..39, 2 exits)
00442F55 |. 80F9 08
CMP CL,8
00442F58 |. 77 07
JA SHORT 00442F61
00442F5A |> 6A 09
PUSH 9
; Cases 31
('1'), 32 ('2'), 33 ('3'), 34 ('4'), 35 ('5'), 36 ('6'), 37 ('7'), 38 ('8'), 39
('9') of switch SystemInfo.442F52
00442F5C |.^ E9 87FEFFFF JMP 00442DE8
00442F61 |> 0FBEC0
MOVSX EAX,AL
; Default c
ase of switch SystemInfo.442F52
00442F64 |. 83E8 2B
SUB EAX,2B
00442F67 |. 74 20
JE SHORT 00442F89
00442F69 |. 48
DEC EAX
00442F6A |. 48
DEC EAX
00442F6B |. 74 10
JE SHORT 00442F7D
00442F6D |. 83E8 03
SUB EAX,3
00442F70 |>^ 0F85 3BFFFFFF JNE 00442EB1
00442F76 |. 6A 08
PUSH 8
00442F78 |.^ E9 82FEFFFF JMP 00442DFF
00442F7D |> 834D 98 FF
OR DWORD PTR SS:[LOCAL.26],FFFFFFFF
00442F81 |. 6A 07
PUSH 7
00442F83 |. 59
POP ECX
00442F84 |.^ E9 40FEFFFF JMP 00442DC9
00442F89 |> 6A 07
PUSH 7
00442F8B |.^ E9 6FFEFFFF JMP 00442DFF
00442F90 |> 8975 A0
MOV DWORD PTR SS:[LOCAL.24],ESI
; Case 8 of
switch SystemInfo.442DCC
00442F93 |. EB 03
JMP SHORT 00442F98
00442F95 |> 8A02
/MOV AL,BYTE PTR DS:[EDX]
00442F97 |. 42
|INC EDX
00442F98 |> 3AC3
|CMP AL,BL
00442F9A |.^ 74 F9
\JE SHORT 00442F95
00442F9C |. 2C 31
SUB AL,31
00442F9E |. 3C 08
CMP AL,8
00442FA0 |.^ 76 B8
JBE SHORT 00442F5A
00442FA2 |> 4A
DEC EDX
; Default c
ase of switch SystemInfo.442E05
00442FA3 |. EB 28
JMP SHORT 00442FCD
00442FA5 |> 8AC8
MOV CL,AL
; Case 7 of
switch SystemInfo.442DCC
00442FA7 |. 80E9 31
SUB CL,31
00442FAA |. 80F9 08
CMP CL,8
00442FAD |.^ 76 AB
JBE SHORT 00442F5A
00442FAF |. 3AC3
CMP AL,BL
00442FB1 |.^ EB BD
JMP SHORT 00442F70
00442FB3 |> 837D 20 00
CMP DWORD PTR SS:[ARG.7],0
; Case B of
switch SystemInfo.442DCC
00442FB7 |. 74 47
JE SHORT 00443000
00442FB9 |. 0FBEC0
MOVSX EAX,AL
00442FBC |. 83E8 2B
SUB EAX,2B
00442FBF |. 8D4A FF
LEA ECX,[EDX-1]
00442FC2 |. 894D AC
MOV DWORD PTR SS:[LOCAL.21],ECX
00442FC5 |.^ 74 C2
JE SHORT 00442F89
00442FC7 |. 48
DEC EAX
00442FC8 |. 48
DEC EAX
00442FC9 |.^ 74 B2
JE SHORT 00442F7D
00442FCB |. 8BD1
MOV EDX,ECX
00442FCD |> 837D A8 00
CMP DWORD PTR SS:[LOCAL.22],0

00442FD1 |. 8B45 90
MOV EAX,DWORD PTR SS:[LOCAL.28]
00442FD4 |. 8910
MOV DWORD PTR DS:[EAX],EDX
00442FD6 |. 0F84 D9030000 JE 004433B5
00442FDC |. 6A 18
PUSH 18
00442FDE |. 58
POP EAX
00442FDF |. 3945 B4
CMP DWORD PTR SS:[LOCAL.19],EAX
00442FE2 |. 76 10
JBE SHORT 00442FF4
00442FE4 |. 807D F7 05
CMP BYTE PTR SS:[LOCAL.3+3],5
00442FE8 |. 7C 03
JL SHORT 00442FED
00442FEA |. FE45 F7
INC BYTE PTR SS:[LOCAL.3+3]
00442FED |> 4F
DEC EDI
00442FEE |. FF45 B0
INC DWORD PTR SS:[LOCAL.20]
00442FF1 |. 8945 B4
MOV DWORD PTR SS:[LOCAL.19],EAX
00442FF4 |> 837D B4 00
CMP DWORD PTR SS:[LOCAL.19],0
00442FF8 |. 0F86 DE030000 JBE 004433DC
00442FFE |. EB 59
JMP SHORT 00443059
00443000 |> 6A 0A
PUSH 0A
00443002 |. 59
POP ECX
00443003 |. 4A
DEC EDX
00443004 |> 83F9 0A
CMP ECX,0A
ase of switch SystemInfo.442DCC
00443007 |.^ 0F85 BCFDFFFF JNE 00442DC9
0044300D |.^ EB BE
JMP SHORT 00442FCD
0044300F |> 8975 A0
MOV DWORD PTR SS:[LOCAL.24],ESI
switch SystemInfo.442DCC
00443012 |. 33C9
XOR ECX,ECX
00443014 |. EB 19
JMP SHORT 0044302F
00443016 |> 3C 39
/CMP AL,39
00443018 |. 7F 20
|JG SHORT 0044303A
0044301A |. 6BC9 0A
|IMUL ECX,ECX,0A
0044301D |. 0FBEF0
|MOVSX ESI,AL
00443020 |. 8D4C31 D0
|LEA ECX,[ESI+ECX-30]
00443024 |. 81F9 50140000 |CMP ECX,1450
0044302A |. 7F 09
|JG SHORT 00443035
0044302C |. 8A02
|MOV AL,BYTE PTR DS:[EDX]
0044302E |. 42
|INC EDX
0044302F |> 3AC3
|CMP AL,BL
00443031 |.^ 7D E3
\JGE SHORT 00443016
00443033 |. EB 05
JMP SHORT 0044303A
00443035 |> B9 51140000 MOV ECX,1451
0044303A |> 894D 9C
MOV DWORD PTR SS:[LOCAL.25],ECX
0044303D |. EB 0B
JMP SHORT 0044304A
0044303F |> 3C 39
/CMP AL,39
00443041 |.^ 0F8F 5BFFFFFF |JG 00442FA2
00443047 |. 8A02
|MOV AL,BYTE PTR DS:[EDX]
00443049 |. 42
|INC EDX
0044304A |> 3AC3
|CMP AL,BL
0044304C |.^ 7D F1
\JGE SHORT 0044303F
0044304E |.^ E9 4FFFFFFF JMP 00442FA2
00443053 |> FF4D B4
/DEC DWORD PTR SS:[LOCAL.19]
00443056 |. FF45 B0
|INC DWORD PTR SS:[LOCAL.20]
00443059 |> 4F
|DEC EDI
0044305A |. 803F 00
|CMP BYTE PTR DS:[EDI],0
0044305D |.^ 74 F4
\JE SHORT 00443053
0044305F |. 8D45 C4
LEA EAX,[LOCAL.15]
00443062 |. 50
PUSH EAX
OFFSET LOCAL.15
00443063 |. FF75 B4
PUSH DWORD PTR SS:[LOCAL.19]
[LOCAL.19]
00443066 |. 8D45 E0
LEA EAX,[LOCAL.8]

; Default c

; Case 9 of

; /Arg3 =>
; |Arg2 =>
; |

00443069 |. 50
OFFSET LOCAL.8
0044306A |. E8 77160000
fo.004446E6
0044306F |. 8B45 9C
00443072 |. 33D2
00443074 |. 83C4 0C
00443077 |. 3955 98
0044307A |. 7D 02
0044307C |. F7D8
0044307E |> 0345 B0
00443081 |. 3955 A0
00443084 |. 75 03
00443086 |. 0345 18
00443089 |> 3955 A4
0044308C |. 75 03
0044308E |. 2B45 1C
00443091 |> 3D 50140000
00443096 |. 0F8F 22030000
0044309C |. 3D B0EBFFFF
004430A1 |. 0F8C 2E030000
004430A7 |. B9 08264500
004430AC |. 83E9 60
004430AF |. 8945 AC
004430B2 |. 3BC2
004430B4 |. 0F84 E9020000
004430BA |. 7D 0D
004430BC |. F7D8
004430BE |. B9 68274500
004430C3 |. 8945 AC
004430C6 |. 83E9 60
004430C9 |> 3955 14
004430CC |. 75 06
004430CE |. 33C0
004430D0 |. 66:8945 C4
004430D4 |> 3955 AC
004430D7 |. 0F84 C6020000
004430DD |. EB 05
004430DF |> 8B4D 84
004430E2 |. 33D2
004430E4 |> 8B45 AC
004430E7 |. C17D AC 03
004430EB |. 83C1 54
004430EE |. 83E0 07
004430F1 |. 894D 84
004430F4 |. 3BC2
004430F6 |. 0F84 9D020000
004430FC |. 6BC0 0C
004430FF |. 03C1
00443101 |. 8BD8
00443103 |. B8 00800000
00443108 |. 66:3903
0044310B |. 72 0E
0044310D |. 8BF3
0044310F |. 8D7D B8
00443112 |. A5
00443113 |. A5
00443114 |. A5
00443115 |. FF4D BA
00443118 |. 8D5D B8

PUSH EAX

; |Arg1 =>

CALL 004446E6

; \SystemIn

MOV EAX,DWORD PTR SS:[LOCAL.25]


XOR EDX,EDX
ADD ESP,0C
CMP DWORD PTR SS:[LOCAL.26],EDX
JGE SHORT 0044307E
NEG EAX
ADD EAX,DWORD PTR SS:[LOCAL.20]
CMP DWORD PTR SS:[LOCAL.24],EDX
JNE SHORT 00443089
ADD EAX,DWORD PTR SS:[ARG.5]
CMP DWORD PTR SS:[LOCAL.23],EDX
JNE SHORT 00443091
SUB EAX,DWORD PTR SS:[ARG.6]
CMP EAX,1450
JG 004433BE
CMP EAX,-1450
JL 004433D5
MOV ECX,OFFSET 00452608
SUB ECX,60
MOV DWORD PTR SS:[LOCAL.21],EAX
CMP EAX,EDX
JE 004433A3
JGE SHORT 004430C9
NEG EAX
MOV ECX,OFFSET 00452768
MOV DWORD PTR SS:[LOCAL.21],EAX
SUB ECX,60
CMP DWORD PTR SS:[ARG.4],EDX
JNE SHORT 004430D4
XOR EAX,EAX
MOV WORD PTR SS:[LOCAL.15],AX
CMP DWORD PTR SS:[LOCAL.21],EDX
JE 004433A3
JMP SHORT 004430E4
/MOV ECX,DWORD PTR SS:[LOCAL.31]
|XOR EDX,EDX
|MOV EAX,DWORD PTR SS:[LOCAL.21]
|SAR DWORD PTR SS:[LOCAL.21],3
|ADD ECX,54
|AND EAX,00000007
|MOV DWORD PTR SS:[LOCAL.31],ECX
|CMP EAX,EDX
|JE 00443399
|IMUL EAX,EAX,0C
|ADD EAX,ECX
|MOV EBX,EAX
|MOV EAX,8000
|CMP WORD PTR DS:[EBX],AX
|JB SHORT 0044311B
|MOV ESI,EBX
|LEA EDI,[LOCAL.18]
|MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[E
|MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[E
|MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[E
|DEC DWORD PTR SS:[EBP-46]
|LEA EBX,[LOCAL.18]

0044311B
0044311F
00443121
00443124
00443127
0044312A
0044312D
00443130
00443132
00443137
00443139
0044313B
0044313D
00443143
00443148
0044314B
0044314E
00443151
00443154
0044315A
0044315D
00443163
00443168
0044316B
00443171
00443176
00443179
0044317B
0044317D
00443180
00443183
00443188
0044318A
0044318D
0044318F
00443190
00443197
00443199
0044319C
0044319E
004431A1
004431A3
004431A5
004431A9
004431AE
004431B1
004431B3
004431B4
004431BB
004431BD
004431C0
004431C2
004431C4
004431C6
004431C9
004431CC
004431CF
004431D4
004431D7
004431DA

|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.

0FB74B 0A
33C0
8945 B0
8945 D4
8945 D8
8945 DC
8B45 CE
8BF1
BA FF7F0000
33F0
23C2
23CA
81E6 00800000
BF FF7F0000
8D1401
8975 90
0FB7D2
66:3BC7
0F83 21020000
66:3BCF
0F83 18020000
BF FDBF0000
66:3BD7
0F87 0A020000
BE BF3F0000
66:3BD6
77 0D
33C0
8945 C8
8945 C4
E9 0E020000
33F6
66:3BC6
75 1F
42
F745 CC FFFFF
75 15
3975 C8
75 10
3975 C4
75 0B
33C0
66:8945 CE
E9 EB010000
66:3BCE
75 21
42
F743 08 FFFFF
75 17
3973 04
75 12
3933
75 0E
8975 CC
8975 C8
8975 C4
E9 C5010000
8975 98
8D7D D8
C745 A8 05000

|MOVZX ECX,WORD PTR DS:[EBX+0A]


|XOR EAX,EAX
|MOV DWORD PTR SS:[LOCAL.20],EAX
|MOV DWORD PTR SS:[LOCAL.11],EAX
|MOV DWORD PTR SS:[LOCAL.10],EAX
|MOV DWORD PTR SS:[LOCAL.9],EAX
|MOV EAX,DWORD PTR SS:[EBP-32]
|MOV ESI,ECX
|MOV EDX,7FFF
|XOR ESI,EAX
|AND EAX,EDX
|AND ECX,EDX
|AND ESI,00008000
|MOV EDI,7FFF
|LEA EDX,[EAX+ECX]
|MOV DWORD PTR SS:[LOCAL.28],ESI
|MOVZX EDX,DX
|CMP AX,DI
|JNB 0044337B
|CMP CX,DI
|JNB 0044337B
|MOV EDI,0BFFD
|CMP DX,DI
|JA 0044337B
|MOV ESI,3FBF
|CMP DX,SI
|JA SHORT 00443188
|XOR EAX,EAX
|MOV DWORD PTR SS:[LOCAL.14],EAX
|MOV DWORD PTR SS:[LOCAL.15],EAX
|JMP 00443396
|XOR ESI,ESI
|CMP AX,SI
|JNE SHORT 004431AE
|INC EDX
|TEST DWORD PTR SS:[LOCAL.13],7FFFFFFF
|JNE SHORT 004431AE
|CMP DWORD PTR SS:[LOCAL.14],ESI
|JNE SHORT 004431AE
|CMP DWORD PTR SS:[LOCAL.15],ESI
|JNE SHORT 004431AE
|XOR EAX,EAX
|MOV WORD PTR SS:[LOCAL.13+2],AX
|JMP 00443399
|CMP CX,SI
|JNE SHORT 004431D4
|INC EDX
|TEST DWORD PTR DS:[EBX+8],7FFFFFFF
|JNE SHORT 004431D4
|CMP DWORD PTR DS:[EBX+4],ESI
|JNE SHORT 004431D4
|CMP DWORD PTR DS:[EBX],ESI
|JNE SHORT 004431D4
|MOV DWORD PTR SS:[LOCAL.13],ESI
|MOV DWORD PTR SS:[LOCAL.14],ESI
|MOV DWORD PTR SS:[LOCAL.15],ESI
|JMP 00443399
|MOV DWORD PTR SS:[LOCAL.26],ESI
|LEA EDI,[LOCAL.10]
|MOV DWORD PTR SS:[LOCAL.22],5

004431E1
004431E4
004431E7
004431E9
004431EC
004431EE
004431F0
004431F4
004431F7
004431FA
004431FD
00443200
00443203
00443206
00443209
0044320D
00443210
00443213
00443216
00443218
0044321A
0044321C
0044321E
00443225
00443229
0044322C
0044322E
00443231
00443235
00443239
0044323C
00443240
00443242
00443243
00443244
00443247
0044324A
0044324E
00443250
00443256
00443259
0044325B
0044325E
00443260
00443262
00443265
00443268
0044326B
0044326E
00443270
00443272
00443274
00443277
0044327A
0044327C
00443282
00443285
00443288
0044328B
0044328D

|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|>
|.
|.
|.
|>
|.
|.
|.
|.^
|>
|.
|.
|.
|.
|.^
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.^
|>

8B45 98
8B4D A8
03C0
894D 9C
85C9
7E 52
8D4405 C4
8945 A4
8D43 08
8945 A0
8B45 A0
8B4D A4
0FB709
0FB700
8365 B4 00
0FAFC1
8B4F FC
8D3401
3BF1
72 04
3BF0
73 07
C745 B4 01000
837D B4 00
8977 FC
74 03
66:FF07
8345 A4 02
836D A0 02
FF4D 9C
837D 9C 00
7F BB
47
47
FF45 98
FF4D A8
837D A8 00
7F 91
81C2 02C00000
66:85D2
7E 37
8B7D DC
85FF
78 2B
8B75 D8
8B45 D4
D165 D4
C1E8 1F
8BCE
03F6
0BF0
C1E9 1F
8D043F
0BC1
81C2 FFFF0000
8975 D8
8945 DC
66:85D2
7F CE
66:85D2

|/MOV EAX,DWORD PTR SS:[LOCAL.26]


||MOV ECX,DWORD PTR SS:[LOCAL.22]
||ADD EAX,EAX
||MOV DWORD PTR SS:[LOCAL.25],ECX
||TEST ECX,ECX
||JLE SHORT 00443242
||LEA EAX,[EAX+EBP-3C]
||MOV DWORD PTR SS:[LOCAL.23],EAX
||LEA EAX,[EBX+8]
||MOV DWORD PTR SS:[LOCAL.24],EAX
||/MOV EAX,DWORD PTR SS:[LOCAL.24]
|||MOV ECX,DWORD PTR SS:[LOCAL.23]
|||MOVZX ECX,WORD PTR DS:[ECX]
|||MOVZX EAX,WORD PTR DS:[EAX]
|||AND DWORD PTR SS:[LOCAL.19],00000000
|||IMUL EAX,ECX
|||MOV ECX,DWORD PTR DS:[EDI-4]
|||LEA ESI,[EAX+ECX]
|||CMP ESI,ECX
|||JB SHORT 0044321E
|||CMP ESI,EAX
|||JNB SHORT 00443225
|||MOV DWORD PTR SS:[LOCAL.19],1
|||CMP DWORD PTR SS:[LOCAL.19],0
|||MOV DWORD PTR DS:[EDI-4],ESI
|||JE SHORT 00443231
|||INC WORD PTR DS:[EDI]
|||ADD DWORD PTR SS:[LOCAL.23],2
|||SUB DWORD PTR SS:[LOCAL.24],2
|||DEC DWORD PTR SS:[LOCAL.25]
|||CMP DWORD PTR SS:[LOCAL.25],0
||\JG SHORT 004431FD
||INC EDI
||INC EDI
||INC DWORD PTR SS:[LOCAL.26]
||DEC DWORD PTR SS:[LOCAL.22]
||CMP DWORD PTR SS:[LOCAL.22],0
|\JG SHORT 004431E1
|ADD EDX,0C002
|TEST DX,DX
|JLE SHORT 00443292
|/MOV EDI,DWORD PTR SS:[LOCAL.9]
||TEST EDI,EDI
||JS SHORT 0044328D
||MOV ESI,DWORD PTR SS:[LOCAL.10]
||MOV EAX,DWORD PTR SS:[LOCAL.11]
||SHL DWORD PTR SS:[LOCAL.11],1
||SHR EAX,1F
||MOV ECX,ESI
||ADD ESI,ESI
||OR ESI,EAX
||SHR ECX,1F
||LEA EAX,[EDI+EDI]
||OR EAX,ECX
||ADD EDX,0FFFF
||MOV DWORD PTR SS:[LOCAL.10],ESI
||MOV DWORD PTR SS:[LOCAL.9],EAX
||TEST DX,DX
|\JG SHORT 0044325B
|TEST DX,DX

00443290
00443292
00443298
0044329B
0044329D
0044329F
004432A1
004432A4
004432A6
004432AA
004432AC
004432AF
004432B2
004432B5
004432B8
004432BB
004432BE
004432C0
004432C2
004432C5
004432C8
004432CA
004432CC
004432CD
004432D0
004432D3
004432D5
004432D8
004432DA
004432DF
004432E4
004432E6
004432EA
004432EC
004432EF
004432F5
004432FB
004432FD
00443301
00443303
00443307
0044330B
0044330D
00443311
00443316
0044331A
0044331C
00443320
00443321
00443323
00443327
00443329
0044332C
0044332E
00443331
00443336
00443339
0044333B
0044333D
0044333F

|.
|>
|.
|.
|.
|.
|.
|.
|>
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.^
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|>
|.
|>
|>
|.
|.
|.
|.
|.

7F 4D
81C2 FFFF0000
66:85D2
7D 42
8BC2
F7D8
0FB7F0
03D6
F645 D4 01
74 03
FF45 B0
8B45 DC
8B7D D8
8B4D D8
D16D DC
C1E0 1F
D1EF
0BF8
8B45 D4
C1E1 1F
D1E8
0BC1
4E
897D D8
8945 D4
75 D1
3975 B0
74 05
66:834D D4 01
B8 00800000
8BC8
66:394D D4
77 11
8B4D D4
81E1 FFFF0100
81F9 00800100
75 34
837D D6 FF
75 2B
8365 D6 00
837D DA FF
75 1C
8365 DA 00
B9 FFFF0000
66:394D DE
75 07
66:8945 DE
42
EB 0E
66:FF45 DE
EB 08
FF45 DA
EB 03
FF45 D6
B8 FF7F0000
66:3BD0
72 23
33C0
33C9
66:3945 90

|JG SHORT 004432DF


|ADD EDX,0FFFF
|TEST DX,DX
|JGE SHORT 004432DF
|MOV EAX,EDX
|NEG EAX
|MOVZX ESI,AX
|ADD EDX,ESI
|/TEST BYTE PTR SS:[LOCAL.11],01
||JE SHORT 004432AF
||INC DWORD PTR SS:[LOCAL.20]
||MOV EAX,DWORD PTR SS:[LOCAL.9]
||MOV EDI,DWORD PTR SS:[LOCAL.10]
||MOV ECX,DWORD PTR SS:[LOCAL.10]
||SHR DWORD PTR SS:[LOCAL.9],1
||SHL EAX,1F
||SHR EDI,1
||OR EDI,EAX
||MOV EAX,DWORD PTR SS:[LOCAL.11]
||SHL ECX,1F
||SHR EAX,1
||OR EAX,ECX
||DEC ESI
||MOV DWORD PTR SS:[LOCAL.10],EDI
||MOV DWORD PTR SS:[LOCAL.11],EAX
|\JNE SHORT 004432A6
|CMP DWORD PTR SS:[LOCAL.20],ESI
|JE SHORT 004432DF
|OR WORD PTR SS:[LOCAL.11],0001
|MOV EAX,8000
|MOV ECX,EAX
|CMP WORD PTR SS:[LOCAL.11],CX
|JA SHORT 004432FD
|MOV ECX,DWORD PTR SS:[LOCAL.11]
|AND ECX,0001FFFF
|CMP ECX,18000
|JNE SHORT 00443331
|CMP DWORD PTR SS:[EBP-2A],-1
|JNE SHORT 0044332E
|AND DWORD PTR SS:[EBP-2A],00000000
|CMP DWORD PTR SS:[EBP-26],-1
|JNE SHORT 00443329
|AND DWORD PTR SS:[EBP-26],00000000
|MOV ECX,0FFFF
|CMP WORD PTR SS:[LOCAL.9+2],CX
|JNE SHORT 00443323
|MOV WORD PTR SS:[LOCAL.9+2],AX
|INC EDX
|JMP SHORT 00443331
|INC WORD PTR SS:[LOCAL.9+2]
|JMP SHORT 00443331
|INC DWORD PTR SS:[EBP-26]
|JMP SHORT 00443331
|INC DWORD PTR SS:[EBP-2A]
|MOV EAX,7FFF
|CMP DX,AX
|JB SHORT 0044335E
|XOR EAX,EAX
|XOR ECX,ECX
|CMP WORD PTR SS:[LOCAL.28],AX

00443343
00443346
00443349
0044334C
0044334D
00443353
00443359
0044335C
0044335E
00443362
00443365
00443369
0044336C
0044336F
00443372
00443375
00443379
0044337B
0044337D
00443380
00443383
00443387
00443388
0044338D
00443392
00443396
00443399
0044339D
004433A3
004433A6
004433AA
004433AD
004433B0
004433B3
004433B5
004433BC
004433BE
004433C0
004433C5
004433CA
004433CC
004433D3
004433D5
004433DC
004433DE
004433E0
004433E2
004433E4
004433E7
004433EA
004433ED
004433F1
004433F4
004433F7
004433FA
004433FD
004433FE
004433FF
00443401
00443402

|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|>
|>
|.^
|>
|.
|.
|.
|.
|.
|>
|.
|>
|.
|.
|.
|.
|.
|>
|>
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.

8945 C8
0F94C1
8945 C4
49
81E1 00000080
81C1 0080FF7F
894D CC
EB 3B
66:8B45 D6
0B55 90
66:8945 C4
8B45 D8
8945 C6
8B45 DC
8945 CA
66:8955 CE
EB 1E
33C0
66:85F6
0F94C0
8365 C8 00
48
25 00000080
05 0080FF7F
8365 C4 00
8945 CC
837D AC 00
0F85 3CFDFFFF
8B45 CC
0FB74D C4
8B75 C6
8B55 CA
C1E8 10
EB 2F
C745 94 04000
EB 1E
33F6
B8 FF7F0000
BA 00000080
33C9
C745 94 02000
EB 0F
C745 94 01000
33C9
33C0
33D2
33F6
8B7D 88
0B45 8C
66:890F
66:8947 0A
8B45 94
8977 02
8957 06
8B4D FC
5F
5E
33CD
5B
E8 EAB2FEFF

|MOV DWORD PTR SS:[LOCAL.14],EAX


|SETE CL
|MOV DWORD PTR SS:[LOCAL.15],EAX
|DEC ECX
|AND ECX,80000000
|ADD ECX,7FFF8000
|MOV DWORD PTR SS:[LOCAL.13],ECX
|JMP SHORT 00443399
|MOV AX,WORD PTR SS:[LOCAL.11+2]
|OR EDX,DWORD PTR SS:[LOCAL.28]
|MOV WORD PTR SS:[LOCAL.15],AX
|MOV EAX,DWORD PTR SS:[LOCAL.10]
|MOV DWORD PTR SS:[EBP-3A],EAX
|MOV EAX,DWORD PTR SS:[LOCAL.9]
|MOV DWORD PTR SS:[EBP-36],EAX
|MOV WORD PTR SS:[LOCAL.13+2],DX
|JMP SHORT 00443399
|XOR EAX,EAX
|TEST SI,SI
|SETE AL
|AND DWORD PTR SS:[LOCAL.14],00000000
|DEC EAX
|AND EAX,80000000
|ADD EAX,7FFF8000
|AND DWORD PTR SS:[LOCAL.15],00000000
|MOV DWORD PTR SS:[LOCAL.13],EAX
|CMP DWORD PTR SS:[LOCAL.21],0
\JNE 004430DF
MOV EAX,DWORD PTR SS:[LOCAL.13]
MOVZX ECX,WORD PTR SS:[LOCAL.15]
MOV ESI,DWORD PTR SS:[EBP-3A]
MOV EDX,DWORD PTR SS:[EBP-36]
SHR EAX,10
JMP SHORT 004433E4
MOV DWORD PTR SS:[LOCAL.27],4
JMP SHORT 004433DC
XOR ESI,ESI
MOV EAX,7FFF
MOV EDX,80000000
XOR ECX,ECX
MOV DWORD PTR SS:[LOCAL.27],2
JMP SHORT 004433E4
MOV DWORD PTR SS:[LOCAL.27],1
XOR ECX,ECX
XOR EAX,EAX
XOR EDX,EDX
XOR ESI,ESI
MOV EDI,DWORD PTR SS:[LOCAL.30]
OR EAX,DWORD PTR SS:[LOCAL.29]
MOV WORD PTR DS:[EDI],CX
MOV WORD PTR DS:[EDI+0A],AX
MOV EAX,DWORD PTR SS:[LOCAL.27]
MOV DWORD PTR DS:[EDI+2],ESI
MOV DWORD PTR DS:[EDI+6],EDX
MOV ECX,DWORD PTR SS:[LOCAL.1]
POP EDI
POP ESI
XOR ECX,EBP
POP EBX
CALL 0042E6F1

00443407
00443408
00443409
0044340A
0044340E
00443412
00443416
0044341A
0044341E
00443422
00443426
0044342A
0044342E
00443432
00443436
0044343A
0044343C
0044343D
0044343F
00443442
00443447
00443449
0044344C
0044344D
00443450
00443451
00443452
00443455
00443458
00443459
0044345A
0044345C
0044345F
00443461
00443466
00443468
0044346E
00443471
00443475
00443479
0044347D
00443481
00443485
00443489
0044348D
00443491
00443495
00443499
0044349D
004434A1
004434A8
004434AB
004434AE
004434B0
004434B4
004434B6
004434BA
004434BD
004434C0
004434C3

|. C9
\. C3
90
. DC2D4400
. 302E4400
. 862E4400
. B92E4400
. FE2E4400
. 362F4400
. 4A2F4400
. A52F4400
. 902F4400
. 0F304400
. 04304400
. B32F4400
/$ 8BFF
|. 55
|. 8BEC
|. 83EC 74
|. A1 A0154500
|. 33C5
|. 8945 FC
|. 53
|. 8B5D 1C
|. 56
|. 57
|. 8D75 08
|. 8D7D F0
|. A5
|. A5
|. 66:A5
|. 8B55 F8
|. 8BCA
|. B8 00800000
|. 23C8
|. 81E2 FF7F0000
|. 895D A0
|. C645 D0 CC
|. C645 D1 CC
|. C645 D2 CC
|. C645 D3 CC
|. C645 D4 CC
|. C645 D5 CC
|. C645 D6 CC
|. C645 D7 CC
|. C645 D8 CC
|. C645 D9 CC
|. C645 DA FB
|. C645 DB 3F
|. C745 8C 01000
|. 894D 90
|. 66:85C9
|. 74 06
|. C643 02 2D
|. EB 04
|> C643 02 20
|> 8B75 F4
|. 8B7D F0
|. 66:85D2
|. 75 2F

LEAVE
RETN
NOP
DD 00442DDC
DD 00442E30
DD 00442E86
DD 00442EB9
DD 00442EFE
DD 00442F36
DD 00442F4A
DD 00442FA5
DD 00442F90
DD 0044300F
DD 00443004
DD 00442FB3
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
SUB ESP,74
MOV EAX,DWORD PTR DS:[4515A0]
XOR EAX,EBP
MOV DWORD PTR SS:[LOCAL.1],EAX
PUSH EBX
MOV EBX,DWORD PTR SS:[ARG.6]
PUSH ESI
PUSH EDI
LEA ESI,[ARG.1]
LEA EDI,[LOCAL.4]
MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ES
MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ES
MOVS WORD PTR ES:[EDI],WORD PTR DS:[ESI]
MOV EDX,DWORD PTR SS:[LOCAL.2]
MOV ECX,EDX
MOV EAX,8000
AND ECX,EAX
AND EDX,00007FFF
MOV DWORD PTR SS:[LOCAL.24],EBX
MOV BYTE PTR SS:[LOCAL.12],0CC
MOV BYTE PTR SS:[LOCAL.12+1],0CC
MOV BYTE PTR SS:[LOCAL.12+2],0CC
MOV BYTE PTR SS:[LOCAL.12+3],0CC
MOV BYTE PTR SS:[LOCAL.11],0CC
MOV BYTE PTR SS:[LOCAL.11+1],0CC
MOV BYTE PTR SS:[LOCAL.11+2],0CC
MOV BYTE PTR SS:[LOCAL.11+3],0CC
MOV BYTE PTR SS:[LOCAL.10],0CC
MOV BYTE PTR SS:[LOCAL.10+1],0CC
MOV BYTE PTR SS:[LOCAL.10+2],0FB
MOV BYTE PTR SS:[LOCAL.10+3],3F
MOV DWORD PTR SS:[LOCAL.29],1
MOV DWORD PTR SS:[LOCAL.28],ECX
TEST CX,CX
JE SHORT 004434B6
MOV BYTE PTR DS:[EBX+2],2D
JMP SHORT 004434BA
MOV BYTE PTR DS:[EBX+2],20
MOV ESI,DWORD PTR SS:[LOCAL.3]
MOV EDI,DWORD PTR SS:[LOCAL.4]
TEST DX,DX
JNE SHORT 004434F4

004434C5 |.
004434C7 |.
004434C9 |.
004434CB |.
004434CD |.
004434CF |.
004434D2 |.
004434D5 |.
004434D7 |.
004434D9 |.
004434DB |.
004434DE |.
004434E1 |.
004434E5 |.
004434E9 |.
004434EC |>
004434EE |.
004434EF |.
004434F4 |>
004434F9 |.
004434FC |.
00443502 |.
00443504 |.
00443505 |.
00443508 |.
0044350D |.
0044350F |.
00443511 |.
00443513 |.
00443515 |>
0044351B |.
0044351D |.
SNAN"
00443522 |.
00443524 |>
00443527 |.
00443529 |.
0044352F |.
00443531 |.
00443533 |.
00443535 |.
IND"
0044353A |.
0044353C |>
0044353E |.
00443540 |.
00443542 |.
00443544 |.
INF"
00443549 |>
0044354C |.
6
0044354E |.
0044354F |.
fo.0043597F
00443554 |.
00443557 |.
00443559 |.
0044355B |.
0044355D |.

85F6
75 2B
85FF
75 27
33D2
66:3BC8
0F95C0
FEC8
24 0D
04 20
66:8913
8843 02
C643 03 01
C643 04 30
8853 05
33C0
40
E9 1E080000
B8 FF7F0000
66:3BD0
0F85 9F000000
33C0
40
66:8903
B8 00000080
3BF0
75 04
85FF
74 0F
F7C6 00000040
75 07
68 4CC04400

TEST ESI,ESI
JNE SHORT 004434F4
TEST EDI,EDI
JNE SHORT 004434F4
XOR EDX,EDX
CMP CX,AX
SETNE AL
DEC AL
AND AL,0D
ADD AL,20
MOV WORD PTR DS:[EBX],DX
MOV BYTE PTR DS:[EBX+2],AL
MOV BYTE PTR DS:[EBX+3],1
MOV BYTE PTR DS:[EBX+4],30
MOV BYTE PTR DS:[EBX+5],DL
XOR EAX,EAX
INC EAX
JMP 00443D12
MOV EAX,7FFF
CMP DX,AX
JNE 004435A1
XOR EAX,EAX
INC EAX
MOV WORD PTR DS:[EBX],AX
MOV EAX,80000000
CMP ESI,EAX
JNE SHORT 00443515
TEST EDI,EDI
JE SHORT 00443524
TEST ESI,40000000
JNE SHORT 00443524
PUSH OFFSET 0044C04C

; ASCII "1#

EB 51
66:85C9
74 13
81FE 000000C0
75 0B
85FF
75 3B
68 44C04400

JMP SHORT 00443575


TEST CX,CX
JE SHORT 0044353C
CMP ESI,C0000000
JNE SHORT 0044353C
TEST EDI,EDI
JNE SHORT 00443570
PUSH OFFSET 0044C044

; ASCII "1#

EB 0D
3BF0
75 30
85FF
75 2C
68 3CC04400

JMP SHORT 00443549


CMP ESI,EAX
JNE SHORT 00443570
TEST EDI,EDI
JNE SHORT 00443570
PUSH OFFSET 0044C03C

; ASCII "1#

8D43 04
6A 16

LEA EAX,[EBX+4]
PUSH 16

; |Arg2 = 1

50
E8 2B24FFFF

PUSH EAX
CALL 0043597F

; |Arg1
; \SystemIn

83C4 0C
33F6
85C0
74 0D
56

ADD ESP,0C
XOR ESI,ESI
TEST EAX,EAX
JE SHORT 0044356A
PUSH ESI

0044355E |.
0044355F |.
00443560 |.
00443561 |.
00443562 |.
00443567 |.
0044356A |>
0044356E |.
00443570 |>
QNAN"
00443575 |>
00443578 |.
6
0044357A |.
0044357B |.
fo.0043597F
00443580 |.
00443583 |.
00443585 |.
00443587 |.
00443589 |.
0044358A |.
0044358B |.
0044358C |.
0044358D |.
0044358E |.
00443593 |.
00443596 |>
0044359A |>
0044359C |.
004435A1 |>
004435A4 |.
004435A6 |.
004435AC |.
004435AF |.
004435B1 |.
004435B4 |.
004435B7 |.
004435BA |.
004435C1 |.
004435C4 |.
004435C7 |.
004435C9 |.
004435CC |.
004435D0 |.
004435D5 |.
004435D7 |.
004435DA |.
004435DD |.
004435E1 |.
004435E4 |.
004435E7 |.
004435EA |.
004435EC |.
004435F2 |.
004435F4 |.
004435F9 |.
004435FB |.
004435FE |.
00443601 |>

56
56
56
56
E8 D3B1FEFF
83C4 14
C643 03 05
EB 2A
68 34C04400

PUSH ESI
PUSH ESI
PUSH ESI
PUSH ESI
CALL 0042E73A
ADD ESP,14
MOV BYTE PTR DS:[EBX+3],5
JMP SHORT 0044359A
PUSH OFFSET 0044C034

; ASCII "1#

8D43 04
6A 16

LEA EAX,[EBX+4]
PUSH 16

; |Arg2 = 1

50
E8 FF23FFFF

PUSH EAX
CALL 0043597F

; |Arg1
; \SystemIn

83C4 0C
33F6
85C0
74 0D
56
56
56
56
56
E8 A7B1FEFF
83C4 14
C643 03 06
33C0
E9 71070000
0FB7CA
8BD9
69C9 104D0000
C1EB 08
8BC6
C1E8 18
8D0443
6BC0 4D
8D8408 0CEDBC
C1F8 10
0FB7C0
33C9
0FBFD8
66:894D E0
B9 08264500
F7DB
83E9 60
8945 B4
66:8955 EA
8975 E6
897D E2
894D 9C
85DB
0F84 9C020000
7D 0D
B8 68274500
F7DB
83E8 60
8945 9C
85DB

ADD ESP,0C
XOR ESI,ESI
TEST EAX,EAX
JE SHORT 00443596
PUSH ESI
PUSH ESI
PUSH ESI
PUSH ESI
PUSH ESI
CALL 0042E73A
ADD ESP,14
MOV BYTE PTR DS:[EBX+3],6
XOR EAX,EAX
JMP 00443D12
MOVZX ECX,DX
MOV EBX,ECX
IMUL ECX,ECX,4D10
SHR EBX,8
MOV EAX,ESI
SHR EAX,18
LEA EAX,[EAX*2+EBX]
IMUL EAX,EAX,4D
LEA EAX,[ECX+EAX+ECBCED0C]
SAR EAX,10
MOVZX EAX,AX
XOR ECX,ECX
MOVSX EBX,AX
MOV WORD PTR SS:[LOCAL.8],CX
MOV ECX,OFFSET 00452608
NEG EBX
SUB ECX,60
MOV DWORD PTR SS:[LOCAL.19],EAX
MOV WORD PTR SS:[LOCAL.6+2],DX
MOV DWORD PTR SS:[EBP-1A],ESI
MOV DWORD PTR SS:[EBP-1E],EDI
MOV DWORD PTR SS:[LOCAL.25],ECX
TEST EBX,EBX
JE 0044388E
JGE SHORT 00443601
MOV EAX,OFFSET 00452768
NEG EBX
SUB EAX,60
MOV DWORD PTR SS:[LOCAL.25],EAX
TEST EBX,EBX

00443603
00443609
0044360D
0044360F
00443612
00443615
00443617
0044361D
00443620
00443623
00443625
00443628
0044362D
00443630
00443632
00443634
00443637
00443638
00443639
0044363C
0044363D
00443640
00443643
00443647
00443649
0044364C
0044364F
00443652
00443655
00443658
0044365A
0044365C
00443662
00443665
0044366A
0044366C
0044366E
00443671
00443674
00443679
0044367C
00443682
00443685
0044368B
00443690
00443693
00443699
0044369E
004436A1
004436A3
004436A5
004436A8
004436AB
004436AE
004436B3
004436B5
004436B8
004436BA
004436BB
004436C2

|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|>
|.
|.
|>
|.
|.
|.
|.
|.

0F84 85020000
8345 9C 54
8BCB
83E1 07
C1FB 03
85C9
0F84 67020000
6BC9 0C
034D 9C
8BC1
894D BC
B9 00800000
66:3908
72 11
8BF0
8D7D C4
A5
A5
8D45 C4
A5
FF4D C6
8945 BC
0FB750 0A
33C9
894D AC
894D F0
894D F4
894D F8
8B4D EA
8BF2
33F1
81E6 00800000
8975 B8
BE FF7F0000
23CE
23D6
8D340A
0FB7FE
BE FF7F0000
66:3BCE
0F83 AC020000
66:3BD6
0F83 A3020000
BE FDBF0000
66:3BFE
0F87 95020000
BE BF3F0000
66:3BFE
77 10
33F6
8975 E8
8975 E4
8975 E0
E9 D3010000
33F6
66:3BCE
75 1F
47
F745 E8 FFFFF
75 15

JE 0044388E
ADD DWORD PTR SS:[LOCAL.25],54
MOV ECX,EBX
AND ECX,00000007
SAR EBX,3
TEST ECX,ECX
JE 00443884
IMUL ECX,ECX,0C
ADD ECX,DWORD PTR SS:[LOCAL.25]
MOV EAX,ECX
MOV DWORD PTR SS:[LOCAL.17],ECX
MOV ECX,8000
CMP WORD PTR DS:[EAX],CX
JB SHORT 00443643
MOV ESI,EAX
LEA EDI,[LOCAL.15]
MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ES
MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ES
LEA EAX,[LOCAL.15]
MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ES
DEC DWORD PTR SS:[EBP-3A]
MOV DWORD PTR SS:[LOCAL.17],EAX
MOVZX EDX,WORD PTR DS:[EAX+0A]
XOR ECX,ECX
MOV DWORD PTR SS:[LOCAL.21],ECX
MOV DWORD PTR SS:[LOCAL.4],ECX
MOV DWORD PTR SS:[LOCAL.3],ECX
MOV DWORD PTR SS:[LOCAL.2],ECX
MOV ECX,DWORD PTR SS:[EBP-16]
MOV ESI,EDX
XOR ESI,ECX
AND ESI,00008000
MOV DWORD PTR SS:[LOCAL.18],ESI
MOV ESI,7FFF
AND ECX,ESI
AND EDX,ESI
LEA ESI,[ECX+EDX]
MOVZX EDI,SI
MOV ESI,7FFF
CMP CX,SI
JNB 0044392E
CMP DX,SI
JNB 0044392E
MOV ESI,0BFFD
CMP DI,SI
JA 0044392E
MOV ESI,3FBF
CMP DI,SI
JA SHORT 004436B3
XOR ESI,ESI
MOV DWORD PTR SS:[LOCAL.6],ESI
MOV DWORD PTR SS:[LOCAL.7],ESI
MOV DWORD PTR SS:[LOCAL.8],ESI
JMP 00443886
XOR ESI,ESI
CMP CX,SI
JNE SHORT 004436D9
INC EDI
TEST DWORD PTR SS:[LOCAL.6],7FFFFFFF
JNE SHORT 004436D9

004436C4
004436C7
004436C9
004436CC
004436CE
004436D0
004436D4
004436D9
004436DC
004436DE
004436DF
004436E6
004436E8
004436EB
004436ED
004436EF
004436F1
004436F4
004436F7
004436FE
00443701
00443704
00443706
00443709
0044370B
0044370D
00443711
00443714
00443717
0044371A
0044371D
00443720
00443723
00443726
00443729
0044372C
00443730
00443733
00443735
00443737
00443739
0044373B
00443742
00443746
00443749
0044374B
0044374E
00443752
00443756
00443759
0044375D
0044375F
00443762
00443763
00443764
00443767
0044376A
0044376E
00443770
00443776

|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.^
|>
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|>
|.
|.
|.
|>
|.
|.
|.
|.^
|.
|>
|.
|.
|.
|.
|.^
|.
|.

3975 E4
75 10
3975 E0
75 0B
33C0
66:8945 EA
E9 AD010000
66:3BD6
75 13
47
F740 08 FFFFF
75 09
3970 04
75 04
3930
74 B4
2175 A8
8D75 F4
C745 C0 05000
8B4D A8
8B55 C0
03C9
8955 B0
85D2
7E 55
8D4C0D E0
83C0 08
894D 94
8945 98
8B45 94
0FB708
8B45 98
0FB700
8B56 FC
0FAFC8
8365 A4 00
8D040A
3BC2
72 04
3BC1
73 07
C745 A4 01000
837D A4 00
8946 FC
74 03
66:FF06
8345 94 02
836D 98 02
FF4D B0
837D B0 00
7F BB
8B45 BC
46
46
FF45 A8
FF4D C0
837D C0 00
7F 8E
81C7 02C00000
66:85FF

CMP DWORD PTR SS:[LOCAL.7],ESI


JNE SHORT 004436D9
CMP DWORD PTR SS:[LOCAL.8],ESI
JNE SHORT 004436D9
XOR EAX,EAX
MOV WORD PTR SS:[LOCAL.6+2],AX
JMP 00443886
CMP DX,SI
JNE SHORT 004436F1
INC EDI
TEST DWORD PTR DS:[EAX+8],7FFFFFFF
JNE SHORT 004436F1
CMP DWORD PTR DS:[EAX+4],ESI
JNE SHORT 004436F1
CMP DWORD PTR DS:[EAX],ESI
JE SHORT 004436A5
AND DWORD PTR SS:[LOCAL.22],ESI
LEA ESI,[LOCAL.3]
MOV DWORD PTR SS:[LOCAL.16],5
/MOV ECX,DWORD PTR SS:[LOCAL.22]
|MOV EDX,DWORD PTR SS:[LOCAL.16]
|ADD ECX,ECX
|MOV DWORD PTR SS:[LOCAL.20],EDX
|TEST EDX,EDX
|JLE SHORT 00443762
|LEA ECX,[ECX+EBP-20]
|ADD EAX,8
|MOV DWORD PTR SS:[LOCAL.27],ECX
|MOV DWORD PTR SS:[LOCAL.26],EAX
|/MOV EAX,DWORD PTR SS:[LOCAL.27]
||MOVZX ECX,WORD PTR DS:[EAX]
||MOV EAX,DWORD PTR SS:[LOCAL.26]
||MOVZX EAX,WORD PTR DS:[EAX]
||MOV EDX,DWORD PTR DS:[ESI-4]
||IMUL ECX,EAX
||AND DWORD PTR SS:[LOCAL.23],00000000
||LEA EAX,[ECX+EDX]
||CMP EAX,EDX
||JB SHORT 0044373B
||CMP EAX,ECX
||JNB SHORT 00443742
||MOV DWORD PTR SS:[LOCAL.23],1
||CMP DWORD PTR SS:[LOCAL.23],0
||MOV DWORD PTR DS:[ESI-4],EAX
||JE SHORT 0044374E
||INC WORD PTR DS:[ESI]
||ADD DWORD PTR SS:[LOCAL.27],2
||SUB DWORD PTR SS:[LOCAL.26],2
||DEC DWORD PTR SS:[LOCAL.20]
||CMP DWORD PTR SS:[LOCAL.20],0
|\JG SHORT 0044371A
|MOV EAX,DWORD PTR SS:[LOCAL.17]
|INC ESI
|INC ESI
|INC DWORD PTR SS:[LOCAL.22]
|DEC DWORD PTR SS:[LOCAL.16]
|CMP DWORD PTR SS:[LOCAL.16],0
\JG SHORT 004436FE
ADD EDI,0C002
TEST DI,DI

00443779
0044377B
00443782
00443784
00443787
0044378A
0044378D
0044378F
00443791
00443794
00443796
00443799
0044379C
0044379F
004437A1
004437A3
004437A9
004437AC
004437AF
004437B1
004437B4
004437B6
004437BC
004437BF
004437C1
004437C3
004437C5
004437C8
004437CA
004437CE
004437D0
004437D3
004437D6
004437D9
004437DC
004437DF
004437E2
004437E4
004437E6
004437E9
004437EC
004437EE
004437F0
004437F1
004437F4
004437F7
004437F9
004437FC
004437FE
00443803
00443808
0044380A
0044380E
00443810
00443813
00443819
0044381F
00443821
00443825
00443827

|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.^
|>
|.
|>
|.
|.
|.
|.
|.
|.
|>
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.^
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.

7E 3B
F745 F8 00000
75 2D
8B45 F4
8B4D F0
D165 F0
8BD0
03C0
C1E9 1F
0BC1
8945 F4
8B45 F8
C1EA 1F
03C0
0BC2
81C7 FFFF0000
8945 F8
66:85FF
7F CA
66:85FF
7F 4D
81C7 FFFF0000
66:85FF
7D 42
8BC7
F7D8
0FB7C0
03F8
F645 F0 01
74 03
FF45 AC
8B4D F8
8B75 F4
8B55 F4
D16D F8
C1E1 1F
D1EE
0BF1
8B4D F0
C1E2 1F
D1E9
0BCA
48
8975 F4
894D F0
75 D1
3945 AC
74 05
66:834D F0 01
B8 00800000
8BC8
66:394D F0
77 11
8B4D F0
81E1 FFFF0100
81F9 00800100
75 34
837D F2 FF
75 2B
8365 F2 00

JLE SHORT 004437B6


/TEST DWORD PTR SS:[LOCAL.2],80000000
|JNE SHORT 004437B1
|MOV EAX,DWORD PTR SS:[LOCAL.3]
|MOV ECX,DWORD PTR SS:[LOCAL.4]
|SHL DWORD PTR SS:[LOCAL.4],1
|MOV EDX,EAX
|ADD EAX,EAX
|SHR ECX,1F
|OR EAX,ECX
|MOV DWORD PTR SS:[LOCAL.3],EAX
|MOV EAX,DWORD PTR SS:[LOCAL.2]
|SHR EDX,1F
|ADD EAX,EAX
|OR EAX,EDX
|ADD EDI,0FFFF
|MOV DWORD PTR SS:[LOCAL.2],EAX
|TEST DI,DI
\JG SHORT 0044377B
TEST DI,DI
JG SHORT 00443803
ADD EDI,0FFFF
TEST DI,DI
JGE SHORT 00443803
MOV EAX,EDI
NEG EAX
MOVZX EAX,AX
ADD EDI,EAX
/TEST BYTE PTR SS:[LOCAL.4],01
|JE SHORT 004437D3
|INC DWORD PTR SS:[LOCAL.21]
|MOV ECX,DWORD PTR SS:[LOCAL.2]
|MOV ESI,DWORD PTR SS:[LOCAL.3]
|MOV EDX,DWORD PTR SS:[LOCAL.3]
|SHR DWORD PTR SS:[LOCAL.2],1
|SHL ECX,1F
|SHR ESI,1
|OR ESI,ECX
|MOV ECX,DWORD PTR SS:[LOCAL.4]
|SHL EDX,1F
|SHR ECX,1
|OR ECX,EDX
|DEC EAX
|MOV DWORD PTR SS:[LOCAL.3],ESI
|MOV DWORD PTR SS:[LOCAL.4],ECX
\JNE SHORT 004437CA
CMP DWORD PTR SS:[LOCAL.21],EAX
JE SHORT 00443803
OR WORD PTR SS:[LOCAL.4],0001
MOV EAX,8000
MOV ECX,EAX
CMP WORD PTR SS:[LOCAL.4],CX
JA SHORT 00443821
MOV ECX,DWORD PTR SS:[LOCAL.4]
AND ECX,0001FFFF
CMP ECX,18000
JNE SHORT 00443855
CMP DWORD PTR SS:[EBP-0E],-1
JNE SHORT 00443852
AND DWORD PTR SS:[EBP-0E],00000000

0044382B
0044382F
00443831
00443835
0044383A
0044383E
00443840
00443844
00443845
00443847
0044384B
0044384D
00443850
00443852
00443855
0044385A
0044385D
00443863
00443865
00443867
0044386B
0044386E
00443871
00443874
00443875
0044387B
00443881
00443884
00443886
00443888
0044388E
00443891
00443894
00443899
0044389E
004438A1
004438A7
004438AA
004438AC
004438AF
004438B2
004438B5
004438B8
004438BB
004438BE
004438C0
004438C2
004438C4
004438C6
004438CC
004438CE
004438D1
004438D4
004438D7
004438DA
004438E0
004438E3
004438E9
004438EE
004438F1

|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|>
|.
|>
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|>
|.^
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.

837D F6 FF
75 1C
8365 F6 00
B9 FFFF0000
66:394D FA
75 07
66:8945 FA
47
EB 0E
66:FF45 FA
EB 08
FF45 F6
EB 03
FF45 F2
B8 FF7F0000
66:3BF8
0F82 AB000000
33C0
33C9
66:3945 B8
8945 E4
0F94C1
8945 E0
49
81E1 00000080
81C1 0080FF7F
894D E8
33F6
3BDE
0F85 7BFDFFFF
8B4D E8
C1E9 10
BA FF3F0000
B8 FF7F0000
66:3BCA
0F82 A3020000
FF45 B4
33D2
8955 B0
8955 F0
8955 F4
8955 F8
8B55 DA
0FB7C9
8BDA
33D9
23C8
23D0
81E3 00800000
8BF8
8D340A
895D A4
0FB7F6
66:3BCF
0F83 4C020000
66:3BD0
0F83 43020000
B8 FDBF0000
66:3BF0
0F87 35020000

CMP DWORD PTR SS:[EBP-0A],-1


JNE SHORT 0044384D
AND DWORD PTR SS:[EBP-0A],00000000
MOV ECX,0FFFF
CMP WORD PTR SS:[LOCAL.2+2],CX
JNE SHORT 00443847
MOV WORD PTR SS:[LOCAL.2+2],AX
INC EDI
JMP SHORT 00443855
INC WORD PTR SS:[LOCAL.2+2]
JMP SHORT 00443855
INC DWORD PTR SS:[EBP-0A]
JMP SHORT 00443855
INC DWORD PTR SS:[EBP-0E]
MOV EAX,7FFF
CMP DI,AX
JB 0044390E
XOR EAX,EAX
XOR ECX,ECX
CMP WORD PTR SS:[LOCAL.18],AX
MOV DWORD PTR SS:[LOCAL.7],EAX
SETE CL
MOV DWORD PTR SS:[LOCAL.8],EAX
DEC ECX
AND ECX,80000000
ADD ECX,7FFF8000
MOV DWORD PTR SS:[LOCAL.6],ECX
XOR ESI,ESI
CMP EBX,ESI
JNE 00443609
MOV ECX,DWORD PTR SS:[LOCAL.6]
SHR ECX,10
MOV EDX,3FFF
MOV EAX,7FFF
CMP CX,DX
JB 00443B4A
INC DWORD PTR SS:[LOCAL.19]
XOR EDX,EDX
MOV DWORD PTR SS:[LOCAL.20],EDX
MOV DWORD PTR SS:[LOCAL.4],EDX
MOV DWORD PTR SS:[LOCAL.3],EDX
MOV DWORD PTR SS:[LOCAL.2],EDX
MOV EDX,DWORD PTR SS:[EBP-26]
MOVZX ECX,CX
MOV EBX,EDX
XOR EBX,ECX
AND ECX,EAX
AND EDX,EAX
AND EBX,00008000
MOV EDI,EAX
LEA ESI,[ECX+EDX]
MOV DWORD PTR SS:[LOCAL.23],EBX
MOVZX ESI,SI
CMP CX,DI
JNB 00443B2C
CMP DX,AX
JNB 00443B2C
MOV EAX,0BFFD
CMP SI,AX
JA 00443B2C

004438F7
004438FC
004438FF
00443901
00443903
00443906
00443909
0044390E
00443912
00443915
00443919
0044391C
0044391F
00443922
00443925
00443929
0044392E
00443930
00443932
00443936
00443939
0044393A
0044393F
00443944
00443947
0044394C
0044394E
00443951
00443953
00443954
0044395B
0044395D
00443960
00443962
00443965
00443967
0044396B
00443970
00443973
00443975
00443976
0044397D
0044397F
00443982
00443984
00443987
0044398D
00443990
00443993
0044399A
0044399D
004439A0
004439A2
004439A5
004439A7
004439A9
004439AC
004439AF
004439B3
004439B6

|.
|.
|.
|.
|>
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.^
|>
|.
|.
|.
|.
|.
|.
|.
|.^
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.^
|>
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.

B8 BF3F0000
66:3BF0
77 4B
33C0
8945 E4
8945 E0
E9 39020000
66:8B45 F2
0B7D B8
66:8945 E0
8B45 F4
8945 E2
8B45 F8
8945 E6
66:897D EA
E9 56FFFFFF
33C0
33F6
66:3975 B8
0F94C0
48
25 00000080
05 0080FF7F
8945 E8
E9 5CFDFFFF
33C0
66:3BC8
75 1D
46
F745 E8 FFFFF
75 13
3945 E4
75 0E
3945 E0
75 09
66:8945 EA
E9 DA010000
66:3BD0
75 18
46
F745 D8 FFFFF
75 0E
3945 D4
75 09
3945 D0
0F84 76FFFFFF
8945 A8
8D7D F4
C745 C0 05000
8B45 A8
8B4D C0
03C0
894D AC
85C9
7E 4A
8D4D D8
894D B8
8D4405 E0
8B4D B8
0FB710

MOV EAX,3FBF
CMP SI,AX
JA SHORT 0044394C
XOR EAX,EAX
MOV DWORD PTR SS:[LOCAL.7],EAX
MOV DWORD PTR SS:[LOCAL.8],EAX
JMP 00443B47
MOV AX,WORD PTR SS:[LOCAL.4+2]
OR EDI,DWORD PTR SS:[LOCAL.18]
MOV WORD PTR SS:[LOCAL.8],AX
MOV EAX,DWORD PTR SS:[LOCAL.3]
MOV DWORD PTR SS:[EBP-1E],EAX
MOV EAX,DWORD PTR SS:[LOCAL.2]
MOV DWORD PTR SS:[EBP-1A],EAX
MOV WORD PTR SS:[LOCAL.6+2],DI
JMP 00443884
XOR EAX,EAX
XOR ESI,ESI
CMP WORD PTR SS:[LOCAL.18],SI
SETE AL
DEC EAX
AND EAX,80000000
ADD EAX,7FFF8000
MOV DWORD PTR SS:[LOCAL.6],EAX
JMP 004436A8
XOR EAX,EAX
CMP CX,AX
JNE SHORT 00443970
INC ESI
TEST DWORD PTR SS:[LOCAL.6],7FFFFFFF
JNE SHORT 00443970
CMP DWORD PTR SS:[LOCAL.7],EAX
JNE SHORT 00443970
CMP DWORD PTR SS:[LOCAL.8],EAX
JNE SHORT 00443970
MOV WORD PTR SS:[LOCAL.6+2],AX
JMP 00443B4A
CMP DX,AX
JNE SHORT 0044398D
INC ESI
TEST DWORD PTR SS:[LOCAL.10],7FFFFFFF
JNE SHORT 0044398D
CMP DWORD PTR SS:[LOCAL.11],EAX
JNE SHORT 0044398D
CMP DWORD PTR SS:[LOCAL.12],EAX
JE 00443903
MOV DWORD PTR SS:[LOCAL.22],EAX
LEA EDI,[LOCAL.3]
MOV DWORD PTR SS:[LOCAL.16],5
/MOV EAX,DWORD PTR SS:[LOCAL.22]
|MOV ECX,DWORD PTR SS:[LOCAL.16]
|ADD EAX,EAX
|MOV DWORD PTR SS:[LOCAL.21],ECX
|TEST ECX,ECX
|JLE SHORT 004439F3
|LEA ECX,[LOCAL.10]
|MOV DWORD PTR SS:[LOCAL.18],ECX
|LEA EAX,[EAX+EBP-20]
|/MOV ECX,DWORD PTR SS:[LOCAL.18]
||MOVZX EDX,WORD PTR DS:[EAX]

004439B9
004439BC
004439C0
004439C3
004439C6
004439C9
004439CB
004439CD
004439CF
004439D1
004439D8
004439DC
004439DF
004439E1
004439E4
004439E8
004439E9
004439EA
004439ED
004439F1
004439F3
004439F4
004439F5
004439F8
004439FB
004439FF
00443A01
00443A07
00443A0A
00443A0C
00443A0F
00443A11
00443A13
00443A16
00443A19
00443A1C
00443A1E
00443A20
00443A23
00443A25
00443A28
00443A2B
00443A2E
00443A30
00443A36
00443A39
00443A3C
00443A3E
00443A41
00443A43
00443A49
00443A4C
00443A4E
00443A50
00443A52
00443A55
00443A57
00443A5B
00443A5D
00443A60

|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|>
|.
|.
|.
|>
|.
|.
|.
|.
|.^
|>
|.
|.
|.
|.
|.^
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.^
|>
|.
|>
|.
|.
|.
|.
|.
|.
|>
|.
|.
|>

0FB709
8365 BC 00
0FAFCA
8B57 FC
8D1C0A
3BDA
72 04
3BD9
73 07
C745 BC 01000
837D BC 00
895F FC
74 03
66:FF07
836D B8 02
40
40
FF4D AC
837D AC 00
7F C0
47
47
FF45 A8
FF4D C0
837D C0 00
7F 99
81C6 02C00000
66:85F6
7E 37
8B7D F8
85FF
78 2B
8B45 F4
8B4D F0
D165 F0
8BD0
03C0
C1E9 1F
0BC1
8945 F4
C1EA 1F
8D043F
0BC2
81C6 FFFF0000
8945 F8
66:85F6
7F CE
66:85F6
7F 4D
81C6 FFFF0000
66:85F6
7D 42
8BC6
F7D8
0FB7C0
03F0
F645 F0 01
74 03
FF45 B0
8B4D F8

||MOVZX ECX,WORD PTR DS:[ECX]


||AND DWORD PTR SS:[LOCAL.17],00000000
||IMUL ECX,EDX
||MOV EDX,DWORD PTR DS:[EDI-4]
||LEA EBX,[ECX+EDX]
||CMP EBX,EDX
||JB SHORT 004439D1
||CMP EBX,ECX
||JNB SHORT 004439D8
||MOV DWORD PTR SS:[LOCAL.17],1
||CMP DWORD PTR SS:[LOCAL.17],0
||MOV DWORD PTR DS:[EDI-4],EBX
||JE SHORT 004439E4
||INC WORD PTR DS:[EDI]
||SUB DWORD PTR SS:[LOCAL.18],2
||INC EAX
||INC EAX
||DEC DWORD PTR SS:[LOCAL.21]
||CMP DWORD PTR SS:[LOCAL.21],0
|\JG SHORT 004439B3
|INC EDI
|INC EDI
|INC DWORD PTR SS:[LOCAL.22]
|DEC DWORD PTR SS:[LOCAL.16]
|CMP DWORD PTR SS:[LOCAL.16],0
\JG SHORT 0044399A
ADD ESI,0C002
TEST SI,SI
JLE SHORT 00443A43
/MOV EDI,DWORD PTR SS:[LOCAL.2]
|TEST EDI,EDI
|JS SHORT 00443A3E
|MOV EAX,DWORD PTR SS:[LOCAL.3]
|MOV ECX,DWORD PTR SS:[LOCAL.4]
|SHL DWORD PTR SS:[LOCAL.4],1
|MOV EDX,EAX
|ADD EAX,EAX
|SHR ECX,1F
|OR EAX,ECX
|MOV DWORD PTR SS:[LOCAL.3],EAX
|SHR EDX,1F
|LEA EAX,[EDI+EDI]
|OR EAX,EDX
|ADD ESI,0FFFF
|MOV DWORD PTR SS:[LOCAL.2],EAX
|TEST SI,SI
\JG SHORT 00443A0C
TEST SI,SI
JG SHORT 00443A90
ADD ESI,0FFFF
TEST SI,SI
JGE SHORT 00443A90
MOV EAX,ESI
NEG EAX
MOVZX EAX,AX
ADD ESI,EAX
/TEST BYTE PTR SS:[LOCAL.4],01
|JE SHORT 00443A60
|INC DWORD PTR SS:[LOCAL.20]
|MOV ECX,DWORD PTR SS:[LOCAL.2]

00443A63
00443A66
00443A69
00443A6C
00443A6F
00443A71
00443A73
00443A76
00443A79
00443A7B
00443A7D
00443A7E
00443A81
00443A84
00443A86
00443A89
00443A8B
00443A90
00443A95
00443A97
00443A9B
00443A9D
00443AA0
00443AA6
00443AAC
00443AAE
00443AB2
00443AB4
00443AB8
00443ABC
00443ABE
00443AC2
00443AC7
00443ACB
00443ACD
00443AD1
00443AD2
00443AD4
00443AD8
00443ADA
00443ADD
00443ADF
00443AE2
00443AE7
00443AEA
00443AEC
00443AEE
00443AF0
00443AF4
00443AF7
00443AFA
00443AFD
00443AFE
00443B04
00443B0A
00443B0D
00443B0F
00443B13
00443B16
00443B1A

|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.^
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|>
|.
|>
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.

8B7D F4
8B55 F4
D16D F8
C1E1 1F
D1EF
0BF9
8B4D F0
C1E2 1F
D1E9
0BCA
48
897D F4
894D F0
75 D1
3945 B0
74 05
66:834D F0 01
B8 00800000
8BC8
66:394D F0
77 11
8B4D F0
81E1 FFFF0100
81F9 00800100
75 34
837D F2 FF
75 2B
8365 F2 00
837D F6 FF
75 1C
8365 F6 00
B9 FFFF0000
66:394D FA
75 07
66:8945 FA
46
EB 0E
66:FF45 FA
EB 08
FF45 F6
EB 03
FF45 F2
B8 FF7F0000
66:3BF0
72 23
33C0
33C9
66:3945 A4
8945 E4
0F94C1
8945 E0
49
81E1 00000080
81C1 0080FF7F
894D E8
EB 3B
66:8B45 F2
0B75 A4
66:8945 E0
8B45 F4

|MOV EDI,DWORD PTR SS:[LOCAL.3]


|MOV EDX,DWORD PTR SS:[LOCAL.3]
|SHR DWORD PTR SS:[LOCAL.2],1
|SHL ECX,1F
|SHR EDI,1
|OR EDI,ECX
|MOV ECX,DWORD PTR SS:[LOCAL.4]
|SHL EDX,1F
|SHR ECX,1
|OR ECX,EDX
|DEC EAX
|MOV DWORD PTR SS:[LOCAL.3],EDI
|MOV DWORD PTR SS:[LOCAL.4],ECX
\JNE SHORT 00443A57
CMP DWORD PTR SS:[LOCAL.20],EAX
JE SHORT 00443A90
OR WORD PTR SS:[LOCAL.4],0001
MOV EAX,8000
MOV ECX,EAX
CMP WORD PTR SS:[LOCAL.4],CX
JA SHORT 00443AAE
MOV ECX,DWORD PTR SS:[LOCAL.4]
AND ECX,0001FFFF
CMP ECX,18000
JNE SHORT 00443AE2
CMP DWORD PTR SS:[EBP-0E],-1
JNE SHORT 00443ADF
AND DWORD PTR SS:[EBP-0E],00000000
CMP DWORD PTR SS:[EBP-0A],-1
JNE SHORT 00443ADA
AND DWORD PTR SS:[EBP-0A],00000000
MOV ECX,0FFFF
CMP WORD PTR SS:[LOCAL.2+2],CX
JNE SHORT 00443AD4
MOV WORD PTR SS:[LOCAL.2+2],AX
INC ESI
JMP SHORT 00443AE2
INC WORD PTR SS:[LOCAL.2+2]
JMP SHORT 00443AE2
INC DWORD PTR SS:[EBP-0A]
JMP SHORT 00443AE2
INC DWORD PTR SS:[EBP-0E]
MOV EAX,7FFF
CMP SI,AX
JB SHORT 00443B0F
XOR EAX,EAX
XOR ECX,ECX
CMP WORD PTR SS:[LOCAL.23],AX
MOV DWORD PTR SS:[LOCAL.7],EAX
SETE CL
MOV DWORD PTR SS:[LOCAL.8],EAX
DEC ECX
AND ECX,80000000
ADD ECX,7FFF8000
MOV DWORD PTR SS:[LOCAL.6],ECX
JMP SHORT 00443B4A
MOV AX,WORD PTR SS:[LOCAL.4+2]
OR ESI,DWORD PTR SS:[LOCAL.23]
MOV WORD PTR SS:[LOCAL.8],AX
MOV EAX,DWORD PTR SS:[LOCAL.3]

00443B1D
00443B20
00443B23
00443B26
00443B2A
00443B2C
00443B2E
00443B31
00443B34
00443B38
00443B39
00443B3E
00443B43
00443B47
00443B4A
00443B4E
00443B51
00443B54
00443B57
00443B5A
00443B5C
00443B5D
00443B5F
00443B61
00443B63
00443B65
00443B68
00443B6D
00443B71
00443B75
00443B78
00443B7A
00443B7C
00443B7E
00443B81
00443B85
00443B89
00443B8E
00443B91
00443B93
00443B95
00443B96
00443B99
00443B9C
00443BA2
00443BA4
00443BA8
00443BAF
00443BB2
00443BB5
00443BB8
00443BBB
00443BBE
00443BC0
00443BC2
00443BC5
00443BC8
00443BCA
00443BCC
00443BCF

|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|>
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.^
|>
|.
|.
|.
|>
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.

8945 E2
8B45 F8
8945 E6
66:8975 EA
EB 1E
33C0
66:85DB
0F94C0
8365 E4 00
48
25 00000080
05 0080FF7F
8365 E0 00
8945 E8
F645 18 01
8B55 A0
8B45 B4
8B7D 14
66:8902
74 32
98
03F8
85FF
7F 2B
33C0
66:8902
B8 00800000
66:3945 90
C642 03 01
0F95C0
FEC8
24 0D
04 20
8842 02
C642 04 30
C642 05 00
E9 5EF9FFFF
83FF 15
7E 03
6A 15
5F
8B75 E8
C1EE 10
81EE FE3F0000
33C0
66:8945 EA
C745 BC 08000
8B45 E0
8B5D E4
8B4D E4
D165 E0
C1E8 1F
03DB
0BD8
8B45 E8
C1E9 1F
03C0
0BC1
FF4D BC
895D E4

MOV DWORD PTR SS:[EBP-1E],EAX


MOV EAX,DWORD PTR SS:[LOCAL.2]
MOV DWORD PTR SS:[EBP-1A],EAX
MOV WORD PTR SS:[LOCAL.6+2],SI
JMP SHORT 00443B4A
XOR EAX,EAX
TEST BX,BX
SETE AL
AND DWORD PTR SS:[LOCAL.7],00000000
DEC EAX
AND EAX,80000000
ADD EAX,7FFF8000
AND DWORD PTR SS:[LOCAL.8],00000000
MOV DWORD PTR SS:[LOCAL.6],EAX
TEST BYTE PTR SS:[ARG.5],01
MOV EDX,DWORD PTR SS:[LOCAL.24]
MOV EAX,DWORD PTR SS:[LOCAL.19]
MOV EDI,DWORD PTR SS:[ARG.4]
MOV WORD PTR DS:[EDX],AX
JE SHORT 00443B8E
CWDE
ADD EDI,EAX
TEST EDI,EDI
JG SHORT 00443B8E
XOR EAX,EAX
MOV WORD PTR DS:[EDX],AX
MOV EAX,8000
CMP WORD PTR SS:[LOCAL.28],AX
MOV BYTE PTR DS:[EDX+3],1
SETNE AL
DEC AL
AND AL,0D
ADD AL,20
MOV BYTE PTR DS:[EDX+2],AL
MOV BYTE PTR DS:[EDX+4],30
MOV BYTE PTR DS:[EDX+5],0
JMP 004434EC
CMP EDI,15
JLE SHORT 00443B96
PUSH 15
POP EDI
MOV ESI,DWORD PTR SS:[LOCAL.6]
SHR ESI,10
SUB ESI,3FFE
XOR EAX,EAX
MOV WORD PTR SS:[LOCAL.6+2],AX
MOV DWORD PTR SS:[LOCAL.17],8
/MOV EAX,DWORD PTR SS:[LOCAL.8]
|MOV EBX,DWORD PTR SS:[LOCAL.7]
|MOV ECX,DWORD PTR SS:[LOCAL.7]
|SHL DWORD PTR SS:[LOCAL.8],1
|SHR EAX,1F
|ADD EBX,EBX
|OR EBX,EAX
|MOV EAX,DWORD PTR SS:[LOCAL.6]
|SHR ECX,1F
|ADD EAX,EAX
|OR EAX,ECX
|DEC DWORD PTR SS:[LOCAL.17]
|MOV DWORD PTR SS:[LOCAL.7],EBX

00443BD2
00443BD5
00443BD7
00443BD9
00443BDB
00443BDD
00443BE3
00443BE5
00443BE8
00443BEB
00443BEE
00443BF1
00443BF4
00443BF6
00443BF8
00443BFB
00443BFE
00443C00
00443C02
00443C03
00443C06
00443C09
00443C0B
00443C0D
00443C10
00443C13
00443C16
00443C19
00443C1B
00443C21
00443C24
00443C27
00443C2A
00443C2D
00443C2E
00443C2F
00443C30
00443C33
00443C36
00443C39
00443C3C
00443C3F
00443C41
00443C44
00443C46
00443C49
00443C4B
00443C4D
00443C4F
00443C52
00443C55
00443C58
00443C5B
00443C5E
00443C60
00443C63
00443C65
00443C68
00443C6A
00443C6C

|.
|.^
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.^
|>
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.

8945 E8
75 D8
85F6
7D 32
F7DE
81E6 FF000000
7E 28
8B45 E8
8B5D E4
8B4D E4
D16D E8
C1E0 1F
D1EB
0BD8
8B45 E0
C1E1 1F
D1E8
0BC1
4E
895D E4
8945 E0
85F6
7F D8
8D47 01
8D5A 04
895D C0
8945 B4
85C0
0F8E B5000000
8B55 E0
8B45 E4
8D75 E0
8D7D C4
A5
A5
A5
D165 E0
8B7D E0
D165 E0
C1EA 1F
8D0C00
0BCA
8B55 E8
8BF0
C1EE 1F
03D2
0BD6
8BC1
8D3409
C1E8 1F
8D0C12
8B55 C4
C1EF 1F
0BC8
8B45 E0
0BF7
8D3C02
3BF8
72 04
3BFA

|MOV DWORD PTR SS:[LOCAL.6],EAX


\JNE SHORT 00443BAF
TEST ESI,ESI
JGE SHORT 00443C0D
NEG ESI
AND ESI,000000FF
JLE SHORT 00443C0D
/MOV EAX,DWORD PTR SS:[LOCAL.6]
|MOV EBX,DWORD PTR SS:[LOCAL.7]
|MOV ECX,DWORD PTR SS:[LOCAL.7]
|SHR DWORD PTR SS:[LOCAL.6],1
|SHL EAX,1F
|SHR EBX,1
|OR EBX,EAX
|MOV EAX,DWORD PTR SS:[LOCAL.8]
|SHL ECX,1F
|SHR EAX,1
|OR EAX,ECX
|DEC ESI
|MOV DWORD PTR SS:[LOCAL.7],EBX
|MOV DWORD PTR SS:[LOCAL.8],EAX
|TEST ESI,ESI
\JG SHORT 00443BE5
LEA EAX,[EDI+1]
LEA EBX,[EDX+4]
MOV DWORD PTR SS:[LOCAL.16],EBX
MOV DWORD PTR SS:[LOCAL.19],EAX
TEST EAX,EAX
JLE 00443CD6
/MOV EDX,DWORD PTR SS:[LOCAL.8]
|MOV EAX,DWORD PTR SS:[LOCAL.7]
|LEA ESI,[LOCAL.8]
|LEA EDI,[LOCAL.15]
|MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[E
|MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[E
|MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[E
|SHL DWORD PTR SS:[LOCAL.8],1
|MOV EDI,DWORD PTR SS:[LOCAL.8]
|SHL DWORD PTR SS:[LOCAL.8],1
|SHR EDX,1F
|LEA ECX,[EAX+EAX]
|OR ECX,EDX
|MOV EDX,DWORD PTR SS:[LOCAL.6]
|MOV ESI,EAX
|SHR ESI,1F
|ADD EDX,EDX
|OR EDX,ESI
|MOV EAX,ECX
|LEA ESI,[ECX+ECX]
|SHR EAX,1F
|LEA ECX,[EDX+EDX]
|MOV EDX,DWORD PTR SS:[LOCAL.15]
|SHR EDI,1F
|OR ECX,EAX
|MOV EAX,DWORD PTR SS:[LOCAL.8]
|OR ESI,EDI
|LEA EDI,[EAX+EDX]
|CMP EDI,EAX
|JB SHORT 00443C70
|CMP EDI,EDX

00443C6E
00443C70
00443C73
00443C75
00443C77
00443C79
00443C7C
00443C7E
00443C80
00443C81
00443C83
00443C85
00443C87
00443C88
00443C8B
00443C8E
00443C91
00443C93
00443C95
00443C97
00443C99
00443C9A
00443C9D
00443CA0
00443CA2
00443CA4
00443CA7
00443CAA
00443CAD
00443CB0
00443CB3
00443CB5
00443CB8
00443CBA
00443CBD
00443CBF
00443CC1
00443CC2
00443CC5
00443CC9
00443CCC
00443CD0
00443CD6
00443CD7
00443CD9
00443CDA
00443CDC
00443CDE
00443CE1
00443CE3
00443CE6
00443CE8
00443CEB
00443CEC
00443CEF
00443CF1
00443CF4
00443CF7
00443CF9
00443CFA

|.
|>
|.
|.
|.
|.
|.
|>
|.
|>
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|>
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.^
|>
|.
|.
|.
|.
|.
|.
|>
|.
|.
|.
|>
|.^
|>
|.
|.
|.
|.

73 18
8D46 01
33D2
3BC6
72 05
83F8 01
73 03
33D2
42
8BF0
85D2
74 01
41
8B45 C8
8D1430
8955 BC
3BD6
72 04
3BD0
73 01
41
034D CC
C1EA 1F
03C9
0BCA
8D343F
8975 E0
8B75 BC
894D E8
C1E9 18
03F6
80C1 30
8BC7
C1E8 1F
0BF0
880B
43
FF4D B4
837D B4 00
8975 E4
C645 EB 00
0F8F 4BFFFFFF
4B
8A03
4B
3C 35
7D 0E
8B4D C0
EB 44
803B 39
75 09
C603 30
4B
3B5D C0
73 F2
8B45 A0
3B5D C0
73 04
43
66:FF00

|JNB SHORT 00443C88


|LEA EAX,[ESI+1]
|XOR EDX,EDX
|CMP EAX,ESI
|JB SHORT 00443C7E
|CMP EAX,1
|JNB SHORT 00443C81
|XOR EDX,EDX
|INC EDX
|MOV ESI,EAX
|TEST EDX,EDX
|JE SHORT 00443C88
|INC ECX
|MOV EAX,DWORD PTR SS:[LOCAL.14]
|LEA EDX,[ESI+EAX]
|MOV DWORD PTR SS:[LOCAL.17],EDX
|CMP EDX,ESI
|JB SHORT 00443C99
|CMP EDX,EAX
|JNB SHORT 00443C9A
|INC ECX
|ADD ECX,DWORD PTR SS:[LOCAL.13]
|SHR EDX,1F
|ADD ECX,ECX
|OR ECX,EDX
|LEA ESI,[EDI+EDI]
|MOV DWORD PTR SS:[LOCAL.8],ESI
|MOV ESI,DWORD PTR SS:[LOCAL.17]
|MOV DWORD PTR SS:[LOCAL.6],ECX
|SHR ECX,18
|ADD ESI,ESI
|ADD CL,30
|MOV EAX,EDI
|SHR EAX,1F
|OR ESI,EAX
|MOV BYTE PTR DS:[EBX],CL
|INC EBX
|DEC DWORD PTR SS:[LOCAL.19]
|CMP DWORD PTR SS:[LOCAL.19],0
|MOV DWORD PTR SS:[LOCAL.7],ESI
|MOV BYTE PTR SS:[LOCAL.6+3],0
\JG 00443C21
DEC EBX
MOV AL,BYTE PTR DS:[EBX]
DEC EBX
CMP AL,35
JGE SHORT 00443CEC
MOV ECX,DWORD PTR SS:[LOCAL.16]
JMP SHORT 00443D27
/CMP BYTE PTR DS:[EBX],39
|JNE SHORT 00443CF1
|MOV BYTE PTR DS:[EBX],30
|DEC EBX
|CMP EBX,DWORD PTR SS:[LOCAL.16]
\JNB SHORT 00443CE3
MOV EAX,DWORD PTR SS:[LOCAL.24]
CMP EBX,DWORD PTR SS:[LOCAL.16]
JNB SHORT 00443CFD
INC EBX
INC WORD PTR DS:[EAX]

00443CFD
00443CFF
00443D01
00443D04
00443D07
00443D0A
00443D0F
00443D12
00443D15
00443D16
00443D17
00443D19
00443D1A
00443D1F
00443D20
00443D21
00443D24
00443D26
00443D27
00443D29
00443D2B
00443D2E
00443D30
00443D32
00443D34
00443D37
00443D3C
00443D40
00443D44
00443D47
00443D49
00443D4C
00443D4F
00443D52
00443D55
00443D59
00443D5E
00443D60
00443D63
00443D65
00443D66
00443D69
00443D6B
00443D6E
00443D71
00443D73
00443D76
00443D79
00443D7B
00443D7E
00443D81
00443D83
00443D86
00443D8C
00443D8E
00443D91
00443D93
00443D98
00443D9A
00443D9B

|>
|>
|.
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|>
|.^
|>
|.
|.^
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
\.^
/$
|.
|.
|.
|>
|.
|.
|>
|.
|.
|>
|.
|.
|>
|.
|.
|>
|.
|.
|>
|.
|.
|.
|.

FE03
2AD8
80EB 03
0FBECB
8858 03
C64401 04 00
8B45 8C
8B4D FC
5F
5E
33CD
5B
E8 D2A9FEFF
C9
C3
803B 30
75 05
4B
3BD9
73 F6
8B45 A0
3BD9
73 CD
33D2
66:8910
BA 00800000
66:3955 90
C640 03 01
0F95C2
FECA
80E2 0D
80C2 20
8850 02
C601 30
C640 05 00
E9 8EF7FFFF
33C0
F6C3 10
74 01
40
F6C3 08
74 03
83C8 04
F6C3 04
74 03
83C8 08
F6C3 02
74 03
83C8 10
F6C3 01
74 03
83C8 20
F7C3 00000800
74 03
83C8 02
8BCB
BA 00030000
23CA
56
BE 00020000

INC BYTE PTR DS:[EBX]


SUB BL,AL
SUB BL,3
MOVSX ECX,BL
MOV BYTE PTR DS:[EAX+3],BL
MOV BYTE PTR DS:[EAX+ECX+4],0
MOV EAX,DWORD PTR SS:[LOCAL.29]
MOV ECX,DWORD PTR SS:[LOCAL.1]
POP EDI
POP ESI
XOR ECX,EBP
POP EBX
CALL 0042E6F1
LEAVE
RETN
/CMP BYTE PTR DS:[EBX],30
|JNE SHORT 00443D2B
|DEC EBX
|CMP EBX,ECX
\JNB SHORT 00443D21
MOV EAX,DWORD PTR SS:[LOCAL.24]
CMP EBX,ECX
JNB SHORT 00443CFF
XOR EDX,EDX
MOV WORD PTR DS:[EAX],DX
MOV EDX,8000
CMP WORD PTR SS:[LOCAL.28],DX
MOV BYTE PTR DS:[EAX+3],1
SETNE DL
DEC DL
AND DL,0D
ADD DL,20
MOV BYTE PTR DS:[EAX+2],DL
MOV BYTE PTR DS:[ECX],30
MOV BYTE PTR DS:[EAX+5],0
JMP 004434EC
XOR EAX,EAX
TEST BL,10
JE SHORT 00443D66
INC EAX
TEST BL,08
JE SHORT 00443D6E
OR EAX,00000004
TEST BL,04
JE SHORT 00443D76
OR EAX,00000008
TEST BL,02
JE SHORT 00443D7E
OR EAX,00000010
TEST BL,01
JE SHORT 00443D86
OR EAX,00000020
TEST EBX,00080000
JE SHORT 00443D91
OR EAX,00000002
MOV ECX,EBX
MOV EDX,300
AND ECX,EDX
PUSH ESI
MOV ESI,200

00443DA0
00443DA2
00443DA8
00443DAA
00443DAC
00443DAE
00443DB0
00443DB2
00443DB7
00443DB9
00443DBE
00443DC0
00443DC5
00443DC7
00443DCD
00443DCF
00443DD5
00443DD7
00443DD9
00443DDB
00443DDD
00443DDE
00443DE4
00443DE6
00443DEB
00443DEC
00443DEE
00443DF1
00443DF3
00443DF8
00443DF9
00443DFA
00443DFB
00443E00
00443E03
00443E05
00443E07
00443E0A
00443E0C
00443E11
00443E14
00443E16
00443E1B
00443E1E
00443E20
00443E25
00443E2A
00443E30
00443E32
00443E34
00443E36
00443E3B
00443E3D
00443E3F
00443E41
00443E43
00443E45
00443E47
00443E49
00443E4B

|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|>
|>
|.
|.
|.
|.
|.
|.
|>
|>
|.
|.
|.
\>
/$
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|>
|.
|.
|>
|.
|.
|>
|.
|.
|>
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.

74 23
81F9 00010000
74 16
3BCE
74 0B
3BCA
75 13
0D 000C0000
EB 0C
0D 00080000
EB 05
0D 00040000
8BCB
81E1 00000300
74 0C
81F9 00000100
75 06
0BC6
EB 02
0BC2
5E
F7C3 00000400
74 05
0D 00100000
C3
33C0
F6C2 10
74 05
B8 80000000
53
56
57
BB 00020000
F6C2 08
74 02
0BC3
F6C2 04
74 05
0D 00040000
F6C2 02
74 05
0D 00080000
F6C2 01
74 05
0D 00100000
BF 00010000
F7C2 00000800
74 02
0BC7
8BCA
BE 00030000
23CE
74 1F
3BCF
74 16
3BCB
74 0B
3BCE
75 13
0D 00600000

JE SHORT 00443DC5
CMP ECX,100
JE SHORT 00443DC0
CMP ECX,ESI
JE SHORT 00443DB9
CMP ECX,EDX
JNE SHORT 00443DC5
OR EAX,00000C00
JMP SHORT 00443DC5
OR EAX,00000800
JMP SHORT 00443DC5
OR EAX,00000400
MOV ECX,EBX
AND ECX,00030000
JE SHORT 00443DDB
CMP ECX,10000
JNE SHORT 00443DDD
OR EAX,ESI
JMP SHORT 00443DDD
OR EAX,EDX
POP ESI
TEST EBX,00040000
JE SHORT 00443DEB
OR EAX,00001000
RETN
XOR EAX,EAX
TEST DL,10
JE SHORT 00443DF8
MOV EAX,80
PUSH EBX
PUSH ESI
PUSH EDI
MOV EBX,200
TEST DL,08
JE SHORT 00443E07
OR EAX,EBX
TEST DL,04
JE SHORT 00443E11
OR EAX,00000400
TEST DL,02
JE SHORT 00443E1B
OR EAX,00000800
TEST DL,01
JE SHORT 00443E25
OR EAX,00001000
MOV EDI,100
TEST EDX,00080000
JE SHORT 00443E34
OR EAX,EDI
MOV ECX,EDX
MOV ESI,300
AND ECX,ESI
JE SHORT 00443E5E
CMP ECX,EDI
JE SHORT 00443E59
CMP ECX,EBX
JE SHORT 00443E52
CMP ECX,ESI
JNE SHORT 00443E5E
OR EAX,00006000

00443E50 |. EB 0C
JMP SHORT 00443E5E
00443E52 |> 0D 00400000 OR EAX,00004000
00443E57 |. EB 05
JMP SHORT 00443E5E
00443E59 |> 0D 00200000 OR EAX,00002000
00443E5E |> B9 00000003 MOV ECX,3000000
00443E63 |. 5F
POP EDI
00443E64 |. 23D1
AND EDX,ECX
00443E66 |. 5E
POP ESI
00443E67 |. 5B
POP EBX
00443E68 |. 81FA 00000001 CMP EDX,1000000
00443E6E |. 74 16
JE SHORT 00443E86
00443E70 |. 81FA 00000002 CMP EDX,2000000
00443E76 |. 74 0A
JE SHORT 00443E82
00443E78 |. 3BD1
CMP EDX,ECX
00443E7A |. 75 0F
JNE SHORT 00443E8B
00443E7C |. 0D 00800000 OR EAX,00008000
00443E81 |. C3
RETN
00443E82 |> 83C8 40
OR EAX,00000040
00443E85 |. C3
RETN
00443E86 |> 0D 40800000 OR EAX,00008040
00443E8B \> C3
RETN
00443E8C /$ 8BFF
MOV EDI,EDI
o.00443E8C(guessed Arg1,Arg2)
00443E8E |. 55
PUSH EBP
00443E8F |. 8BEC
MOV EBP,ESP
00443E91 |. 83EC 14
SUB ESP,14
00443E94 |. 53
PUSH EBX
00443E95 |. 56
PUSH ESI
00443E96 |. 57
PUSH EDI
00443E97 |. 9B
WAIT
00443E98 |. D97D F8
FSTCW WORD PTR SS:[LOCAL.2]
00443E9B |. 8B5D F8
MOV EBX,DWORD PTR SS:[LOCAL.2]
00443E9E |. 33D2
XOR EDX,EDX
00443EA0 |. F6C3 01
TEST BL,01
00443EA3 |. 74 03
JE SHORT 00443EA8
00443EA5 |. 6A 10
PUSH 10
00443EA7 |. 5A
POP EDX
00443EA8 |> F6C3 04
TEST BL,04
00443EAB |. 74 03
JE SHORT 00443EB0
00443EAD |. 83CA 08
OR EDX,00000008
00443EB0 |> F6C3 08
TEST BL,08
00443EB3 |. 74 03
JE SHORT 00443EB8
00443EB5 |. 83CA 04
OR EDX,00000004
00443EB8 |> F6C3 10
TEST BL,10
00443EBB |. 74 03
JE SHORT 00443EC0
00443EBD |. 83CA 02
OR EDX,00000002
00443EC0 |> F6C3 20
TEST BL,20
00443EC3 |. 74 03
JE SHORT 00443EC8
00443EC5 |. 83CA 01
OR EDX,00000001
00443EC8 |> F6C3 02
TEST BL,02
00443ECB |. 74 06
JE SHORT 00443ED3
00443ECD |. 81CA 00000800 OR EDX,00080000
00443ED3 |> 0FB7CB
MOVZX ECX,BX
00443ED6 |. 8BC1
MOV EAX,ECX
00443ED8 |. BE 000C0000 MOV ESI,0C00
00443EDD |. 23C6
AND EAX,ESI
00443EDF |. BF 00030000 MOV EDI,300
00443EE4 |. 74 24
JE SHORT 00443F0A
00443EE6 |. 3D 00040000 CMP EAX,400
00443EEB |. 74 17
JE SHORT 00443F04

; SystemInf

00443EED
00443EF2
00443EF4
00443EF6
00443EF8
00443EFA
00443EFC
00443F02
00443F04
00443F0A
00443F0C
00443F0E
00443F14
00443F16
00443F1C
00443F1E
00443F24
00443F2A
00443F2C
00443F32
00443F35
00443F38
00443F3A
00443F3C
00443F3E
00443F40
00443F42
00443F45
00443F47
00443F4D
00443F4F
00443F54
00443F57
00443F5A
00443F5D
00443F5E
00443F61
00443F64
00443F66
00443F69
00443F6B
00443F6D
00443F6E
00443F71
00443F73
00443F76
00443F79
00443F7B
00443F7E
00443F81
00443F83
00443F86
00443F89
00443F8B
00443F8E
00443F91
00443F93
00443F99
00443F9C
00443F9E

|.
|.
|.
|.
|.
|.
|>
|.
|>
|>
|.
|.
|.
|.
|.
|>
|>
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|>
|.
|.
|>
|.
|.
|>
|.
|.
|>
|.
|.
|>
|.
|.

3D 00080000
74 08
3BC6
75 12
0BD7
EB 0E
81CA 00020000
EB 06
81CA 00010000
23CF
74 10
81F9 00020000
75 0E
81CA 00000100
EB 06
81CA 00000200
F7C3 00100000
74 06
81CA 00000400
8B7D 0C
8B4D 08
8BC7
F7D0
23C2
23CF
0BC1
8945 0C
3BC2
0F84 AE000000
8BD8
E8 0AFEFFFF
0FB7C0
8945 FC
D96D FC
9B
D97D FC
8B5D FC
33D2
F6C3 01
74 03
6A 10
5A
F6C3 04
74 03
83CA 08
F6C3 08
74 03
83CA 04
F6C3 10
74 03
83CA 02
F6C3 20
74 03
83CA 01
F6C3 02
74 06
81CA 00000800
0FB7CB
8BC1
23C6

CMP EAX,800
JE SHORT 00443EFC
CMP EAX,ESI
JNE SHORT 00443F0A
OR EDX,EDI
JMP SHORT 00443F0A
OR EDX,00000200
JMP SHORT 00443F0A
OR EDX,00000100
AND ECX,EDI
JE SHORT 00443F1E
CMP ECX,200
JNE SHORT 00443F24
OR EDX,00010000
JMP SHORT 00443F24
OR EDX,00020000
TEST EBX,00001000
JE SHORT 00443F32
OR EDX,00040000
MOV EDI,DWORD PTR SS:[ARG.2]
MOV ECX,DWORD PTR SS:[ARG.1]
MOV EAX,EDI
NOT EAX
AND EAX,EDX
AND ECX,EDI
OR EAX,ECX
MOV DWORD PTR SS:[ARG.2],EAX
CMP EAX,EDX
JE 00443FFB
MOV EBX,EAX
CALL 00443D5E
MOVZX EAX,AX
MOV DWORD PTR SS:[LOCAL.1],EAX
FLDCW WORD PTR SS:[LOCAL.1]
WAIT
FSTCW WORD PTR SS:[LOCAL.1]
MOV EBX,DWORD PTR SS:[LOCAL.1]
XOR EDX,EDX
TEST BL,01
JE SHORT 00443F6E
PUSH 10
POP EDX
TEST BL,04
JE SHORT 00443F76
OR EDX,00000008
TEST BL,08
JE SHORT 00443F7E
OR EDX,00000004
TEST BL,10
JE SHORT 00443F86
OR EDX,00000002
TEST BL,20
JE SHORT 00443F8E
OR EDX,00000001
TEST BL,02
JE SHORT 00443F99
OR EDX,00080000
MOVZX ECX,BX
MOV EAX,ECX
AND EAX,ESI

00443FA0
00443FA2
00443FA7
00443FA9
00443FAE
00443FB0
00443FB2
00443FB4
00443FBA
00443FBC
00443FC2
00443FC4
00443FCA
00443FD0
00443FD2
00443FD8
00443FDA
00443FE0
00443FE2
00443FE8
00443FEE
00443FF0
00443FF6
00443FF9
00443FFB
00443FFD
00444003
00444009
0044400F
00444012
00444016
00444019
0044401B
0044401D
0044401F
00444020
00444025
00444027
0044402A
0044402F
00444031
00444034
00444039
0044403B
0044403E
00444043
00444045
00444048
0044404D
0044404F
00444055
00444057
0044405C
0044405E
00444060
00444066
00444068
0044406E
00444070
00444072

|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|>
|>
|.
|.
|.
|.
|.
|>
|>
|.
|.
|>
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|.
|>
|.
|.
|>
|.
|.
|>
|.
|.
|>
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.

74 28
3D 00040000
74 1B
3D 00080000
74 0C
3BC6
75 16
81CA 00030000
EB 0E
81CA 00020000
EB 06
81CA 00010000
81E1 00030000
74 10
81F9 00020000
75 0E
81CA 00000100
EB 06
81CA 00000200
F7C3 00100000
74 06
81CA 00000400
8955 0C
8BC2
33F6
3935 D8484500
0F84 8D010000
81E7 1F030803
897D EC
0FAE5D F0
8B45 F0
84C0
79 03
6A 10
5E
A9 00020000
74 03
83CE 08
A9 00040000
74 03
83CE 04
A9 00080000
74 03
83CE 02
A9 00100000
74 03
83CE 01
A9 00010000
74 06
81CE 00000800
8BC8
BB 00600000
23CB
74 2A
81F9 00200000
74 1C
81F9 00400000
74 0C
3BCB
75 16

JE SHORT 00443FCA
CMP EAX,400
JE SHORT 00443FC4
CMP EAX,800
JE SHORT 00443FBC
CMP EAX,ESI
JNE SHORT 00443FCA
OR EDX,00000300
JMP SHORT 00443FCA
OR EDX,00000200
JMP SHORT 00443FCA
OR EDX,00000100
AND ECX,00000300
JE SHORT 00443FE2
CMP ECX,200
JNE SHORT 00443FE8
OR EDX,00010000
JMP SHORT 00443FE8
OR EDX,00020000
TEST EBX,00001000
JE SHORT 00443FF6
OR EDX,00040000
MOV DWORD PTR SS:[ARG.2],EDX
MOV EAX,EDX
XOR ESI,ESI
CMP DWORD PTR DS:[4548D8],ESI
JE 00444196
AND EDI,0308031F
MOV DWORD PTR SS:[LOCAL.5],EDI
STMXCSR DWORD PTR SS:[LOCAL.4]
MOV EAX,DWORD PTR SS:[LOCAL.4]
TEST AL,AL
JNS SHORT 00444020
PUSH 10
POP ESI
TEST EAX,00000200
JE SHORT 0044402A
OR ESI,00000008
TEST EAX,00000400
JE SHORT 00444034
OR ESI,00000004
TEST EAX,00000800
JE SHORT 0044403E
OR ESI,00000002
TEST EAX,00001000
JE SHORT 00444048
OR ESI,00000001
TEST EAX,00000100
JE SHORT 00444055
OR ESI,00080000
MOV ECX,EAX
MOV EBX,6000
AND ECX,EBX
JE SHORT 0044408A
CMP ECX,2000
JE SHORT 00444084
CMP ECX,4000
JE SHORT 0044407C
CMP ECX,EBX
JNE SHORT 0044408A

00444074 |. 81CE 00030000 OR ESI,00000300


0044407A |. EB 0E
JMP SHORT 0044408A
0044407C |> 81CE 00020000 OR ESI,00000200
00444082 |. EB 06
JMP SHORT 0044408A
00444084 |> 81CE 00010000 OR ESI,00000100
0044408A |> BF 40800000 MOV EDI,8040
0044408F |. 23C7
AND EAX,EDI
00444091 |. 83E8 40
SUB EAX,40
ases 40..8040, 4 exits)
00444094 |. 74 1C
JE SHORT 004440B2
00444096 |. 2D C07F0000 SUB EAX,7FC0
0044409B |. 74 0D
JE SHORT 004440AA
0044409D |. 83E8 40
SUB EAX,40
004440A0 |. 75 16
JNE SHORT 004440B8
004440A2 |. 81CE 00000001 OR ESI,01000000
of switch SystemInfo.444091
004440A8 |. EB 0E
JMP SHORT 004440B8
004440AA |> 81CE 00000003 OR ESI,03000000
of switch SystemInfo.444091
004440B0 |. EB 06
JMP SHORT 004440B8
004440B2 |> 81CE 00000002 OR ESI,02000000
f switch SystemInfo.444091
004440B8 |> 8B45 EC
MOV EAX,DWORD PTR SS:[LOCAL.5]
ase of switch SystemInfo.444091
004440BB |. 8BD0
MOV EDX,EAX
004440BD |. 2345 08
AND EAX,DWORD PTR SS:[ARG.1]
004440C0 |. F7D2
NOT EDX
004440C2 |. 23D6
AND EDX,ESI
004440C4 |. 0BD0
OR EDX,EAX
004440C6 |. 3BD6
CMP EDX,ESI
004440C8 |. 75 07
JNE SHORT 004440D1
004440CA |. 8BC6
MOV EAX,ESI
004440CC |. E9 B0000000 JMP 00444181
004440D1 |> E8 16FDFFFF CALL 00443DEC
004440D6 |. 50
PUSH EAX
004440D7 |. 8945 F4
MOV DWORD PTR SS:[LOCAL.3],EAX
004440DA |. E8 D5070000 CALL 004448B4
fo.004448B4
004440DF |. 59
POP ECX
004440E0 |. 0FAE5D F4
STMXCSR DWORD PTR SS:[LOCAL.3]
004440E4 |. 8B4D F4
MOV ECX,DWORD PTR SS:[LOCAL.3]
004440E7 |. 33D2
XOR EDX,EDX
004440E9 |. 84C9
TEST CL,CL
004440EB |. 79 03
JNS SHORT 004440F0
004440ED |. 6A 10
PUSH 10
004440EF |. 5A
POP EDX
004440F0 |> F7C1 00020000 TEST ECX,00000200
004440F6 |. 74 03
JE SHORT 004440FB
004440F8 |. 83CA 08
OR EDX,00000008
004440FB |> F7C1 00040000 TEST ECX,00000400
00444101 |. 74 03
JE SHORT 00444106
00444103 |. 83CA 04
OR EDX,00000004
00444106 |> F7C1 00080000 TEST ECX,00000800
0044410C |. 74 03
JE SHORT 00444111
0044410E |. 83CA 02
OR EDX,00000002
00444111 |> F7C1 00100000 TEST ECX,00001000
00444117 |. 74 03
JE SHORT 0044411C
00444119 |. 83CA 01
OR EDX,00000001
0044411C |> BE 00010000 MOV ESI,100
00444121 |. 85CE
TEST ESI,ECX

; Switch (c

; Case 8040
; Case 8000
; Case 40 o
; Default c

; /Arg1
; |
; \SystemIn

00444123 |. 74 06
JE SHORT 0044412B
00444125 |. 81CA 00000800 OR EDX,00080000
0044412B |> 8BC1
MOV EAX,ECX
0044412D |. 23C3
AND EAX,EBX
0044412F |. 74 24
JE SHORT 00444155
00444131 |. 3D 00200000 CMP EAX,2000
00444136 |. 74 1B
JE SHORT 00444153
00444138 |. 3D 00400000 CMP EAX,4000
0044413D |. 74 0C
JE SHORT 0044414B
0044413F |. 3BC3
CMP EAX,EBX
00444141 |. 75 12
JNE SHORT 00444155
00444143 |. 81CA 00030000 OR EDX,00000300
00444149 |. EB 0A
JMP SHORT 00444155
0044414B |> 81CA 00020000 OR EDX,00000200
00444151 |. EB 02
JMP SHORT 00444155
00444153 |> 0BD6
OR EDX,ESI
00444155 |> 23CF
AND ECX,EDI
00444157 |. 83E9 40
SUB ECX,40
ases 40..8040, 4 exits)
0044415A |. 74 1D
JE SHORT 00444179
0044415C |. 81E9 C07F0000 SUB ECX,7FC0
00444162 |. 74 0D
JE SHORT 00444171
00444164 |. 83E9 40
SUB ECX,40
00444167 |. 75 16
JNE SHORT 0044417F
00444169 |. 81CA 00000001 OR EDX,01000000
of switch SystemInfo.444157
0044416F |. EB 0E
JMP SHORT 0044417F
00444171 |> 81CA 00000003 OR EDX,03000000
of switch SystemInfo.444157
00444177 |. EB 06
JMP SHORT 0044417F
00444179 |> 81CA 00000002 OR EDX,02000000
f switch SystemInfo.444157
0044417F |> 8BC2
MOV EAX,EDX
ase of switch SystemInfo.444157
00444181 |> 8BC8
MOV ECX,EAX
00444183 |. 334D 0C
XOR ECX,DWORD PTR SS:[ARG.2]
00444186 |. 0B45 0C
OR EAX,DWORD PTR SS:[ARG.2]
00444189 |. F7C1 1F030800 TEST ECX,0008031F
0044418F |. 74 05
JE SHORT 00444196
00444191 |. 0D 00000080 OR EAX,80000000
00444196 |> 5F
POP EDI
00444197 |. 5E
POP ESI
00444198 |. 5B
POP EBX
00444199 |. C9
LEAVE
0044419A \. C3
RETN
0044419B
CC
INT3
0044419C
CC
INT3
0044419D
CC
INT3
0044419E
CC
INT3
0044419F
CC
INT3
004441A0 /$ 55
PUSH EBP
004441A1 |. 8BEC
MOV EBP,ESP
004441A3 |. 57
PUSH EDI
004441A4 |. 56
PUSH ESI
004441A5 |. 53
PUSH EBX
004441A6 |. 8B4D 10
MOV ECX,DWORD PTR SS:[ARG.3]
004441A9 |. 0BC9
OR ECX,ECX
004441AB |. 74 4D
JE SHORT 004441FA
004441AD |. 8B75 08
MOV ESI,DWORD PTR SS:[ARG.1]
004441B0 |. 8B7D 0C
MOV EDI,DWORD PTR SS:[ARG.2]

; Switch (c

; Case 8040
; Case 8000
; Case 40 o
; Default c

004441B3 |.
004441B5 |.
004441B7 |.
004441B9 |.
004441BC |>
004441BE |.
004441C0 |.
004441C2 |.
004441C4 |.
004441C6 |.
004441C8 |.
004441CB |.
004441CE |.
004441D0 |.
004441D2 |.
004441D4 |.
004441D6 |.
004441D8 |>
004441DA |.
004441DC |.
004441DE |.
004441E0 |.
004441E2 |>
004441E4 |.
004441E6 |.
004441E9 |.^
004441EB |>
004441ED |.
004441EF |.
004441F1 |>
004441F6 |.
004441F8 |.
004441FA |>
004441FC |.
004441FD |.
004441FE |.
004441FF |.
00444200 \.
00444201 /$
00444203 |.
00444204 |.
00444206 |.
00444207 |.
0044420A |.
0044420B |.
0044420D |.
0044420F |.
00444211 |.
fo.004343FD
00444216 |.
00444217 |.
00444218 |.
00444219 |.
0044421A |.
0044421B |.
00444221 |.
fo.0042E862
00444226 |.
00444229 |.
0044422E |>

B7 41
B3 5A
B6 20
8D49 00
8A26
0AE4
8A07
74 27
0AC0
74 23
83C6 01
83C7 01
3AE7
72 06
3AE3
77 02
02E6
3AC7
72 06
3AC3
77 02
02C6
3AE0
75 0B
83E9 01
75 D1
33C9
3AE0
74 09
B9 FFFFFFFF
72 02
F7D9
8BC1
5B
5E
5F
C9
C3
8BFF
55
8BEC
56
8B75 08
57
33FF
3BF7
75 1D
E8 E701FFFF

MOV BH,41
MOV BL,5A
MOV DH,20
LEA ECX,[ECX]
/MOV AH,BYTE PTR DS:[ESI]
|OR AH,AH
|MOV AL,BYTE PTR DS:[EDI]
|JE SHORT 004441EB
|OR AL,AL
|JE SHORT 004441EB
|ADD ESI,1
|ADD EDI,1
|CMP AH,BH
|JB SHORT 004441D8
|CMP AH,BL
|JA SHORT 004441D8
|ADD AH,DH
|CMP AL,BH
|JB SHORT 004441E2
|CMP AL,BL
|JA SHORT 004441E2
|ADD AL,DH
|CMP AH,AL
|JNE SHORT 004441F1
|SUB ECX,1
\JNE SHORT 004441BC
XOR ECX,ECX
CMP AH,AL
JE SHORT 004441FA
MOV ECX,-1
JB SHORT 004441FA
NEG ECX
MOV EAX,ECX
POP EBX
POP ESI
POP EDI
LEAVE
RETN
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
PUSH ESI
MOV ESI,DWORD PTR SS:[ARG.1]
PUSH EDI
XOR EDI,EDI
CMP ESI,EDI
JNE SHORT 0044422E
CALL 004343FD

; [SystemIn

57
57
57
57
57
C700 16000000
E8 3CA6FEFF

PUSH EDI
PUSH EDI
PUSH EDI
PUSH EDI
PUSH EDI
MOV DWORD PTR DS:[EAX],16
CALL 0042E862

;
;
;
;
;
;
;

83C4 14
E9 03010000
8B46 0C

ADD ESP,14
JMP 00444331
MOV EAX,DWORD PTR DS:[ESI+0C]

/Arg5
|Arg4
|Arg3
|Arg2
|Arg1
|
\SystemIn

00444231 |.
00444233 |.
00444239 |.
0044423B |.
00444241 |.
00444243 |.
00444245 |.
00444248 |.
0044424B |.
00444250 |>
00444253 |.
00444256 |.
0044425B |.
0044425D |.
[ARG.1]
0044425E |.
fo.0043B70B
00444263 |.
00444264 |.
00444266 |>
00444269 |.
0044426B |>
0044426E |.
00444271 |.
[ARG.1]
00444272 |.
fo.0043B2D0
00444277 |.
00444278 |.
00444279 |.
0044427E |.
00444281 |.
00444284 |.
00444286 |.
0044428C |.
0044428F |.
00444295 |.
00444298 |.
0044429E |.
004442A2 |.
004442A4 |.
004442A5 |.
fo.0043B2D0
004442AA |.
004442AB |.
004442AE |.
004442B0 |.
004442B1 |.
fo.0043B2D0
004442B6 |.
004442B7 |.
004442BA |.
004442BC |.
004442BD |.
fo.0043B2D0
004442C2 |.
004442C5 |.
004442C6 |.
004442CD |.
fo.0043B2D0

A8 83
0F84 F8000000
A8 40
0F85 F0000000
A8 02
74 0B
83C8 20
8946 0C
E9 E1000000
83C8 01
8946 0C
A9 0C010000
75 09
56

TEST AL,83
JE 00444331
TEST AL,40
JNE 00444331
TEST AL,02
JE SHORT 00444250
OR EAX,00000020
MOV DWORD PTR DS:[ESI+0C],EAX
JMP 00444331
OR EAX,00000001
MOV DWORD PTR DS:[ESI+0C],EAX
TEST EAX,0000010C
JNE SHORT 00444266
PUSH ESI

; /Arg1 =>

E8 A874FFFF

CALL 0043B70B

; \SystemIn

59
EB 05
8B46 08
8906
FF76 18
FF76 08
56

POP ECX
JMP SHORT 0044426B
MOV EAX,DWORD PTR DS:[ESI+8]
MOV DWORD PTR DS:[ESI],EAX
PUSH DWORD PTR DS:[ESI+18]
PUSH DWORD PTR DS:[ESI+8]
PUSH ESI

; /Arg1 =>

E8 5970FFFF

CALL 0043B2D0

; \SystemIn

59
50
E8 5ED1FFFF
83C4 0C
8946 04
3BC7
0F84 95000000
83F8 01
0F84 8C000000
83F8 FF
0F84 83000000
F646 0C 82
75 4F
56
E8 2670FFFF

POP ECX
PUSH EAX
CALL 004413DC
ADD ESP,0C
MOV DWORD PTR DS:[ESI+4],EAX
CMP EAX,EDI
JE 00444321
CMP EAX,1
JE 00444321
CMP EAX,-1
JE 00444321
TEST BYTE PTR DS:[ESI+0C],82
JNE SHORT 004442F3
PUSH ESI
CALL 0043B2D0

; /Arg1
; \SystemIn

59
83F8 FF
74 2E
56
E8 1A70FFFF

POP ECX
CMP EAX,-1
JE SHORT 004442DE
PUSH ESI
CALL 0043B2D0

; /Arg1
; \SystemIn

59
83F8 FE
74 22
56
E8 0E70FFFF

POP ECX
CMP EAX,-2
JE SHORT 004442DE
PUSH ESI
CALL 0043B2D0

; /Arg1
; \SystemIn

C1F8 05
56
8D3C85 A03745
E8 FE6FFFFF

SAR EAX,5
PUSH ESI
LEA EDI,[EAX*4+4537A0]
CALL 0043B2D0

; /Arg1
; |
; \SystemIn

004442D2 |. 83E0 1F
AND EAX,0000001F
004442D5 |. 59
POP ECX
004442D6 |. C1E0 06
SHL EAX,6
004442D9 |. 0307
ADD EAX,DWORD PTR DS:[EDI]
004442DB |. 59
POP ECX
004442DC |. EB 05
JMP SHORT 004442E3
004442DE |> B8 90224500 MOV EAX,OFFSET 00452290
004442E3 |> 8A40 04
MOV AL,BYTE PTR DS:[EAX+4]
004442E6 |. 24 82
AND AL,82
004442E8 |. 3C 82
CMP AL,82
004442EA |. 75 07
JNE SHORT 004442F3
004442EC |. 814E 0C 00200 OR DWORD PTR DS:[ESI+0C],00002000
004442F3 |> 817E 18 00020 CMP DWORD PTR DS:[ESI+18],200
004442FA |. 75 15
JNE SHORT 00444311
004442FC |. 8B46 0C
MOV EAX,DWORD PTR DS:[ESI+0C]
004442FF |. A8 08
TEST AL,08
00444301 |. 74 0E
JE SHORT 00444311
00444303 |. A9 00040000 TEST EAX,00000400
00444308 |. 75 07
JNE SHORT 00444311
0044430A |. C746 18 00100 MOV DWORD PTR DS:[ESI+18],1000
00444311 |> 8B0E
MOV ECX,DWORD PTR DS:[ESI]
00444313 |. 8346 04 FE
ADD DWORD PTR DS:[ESI+4],-2
00444317 |. 0FB701
MOVZX EAX,WORD PTR DS:[ECX]
0044431A |. 83C1 02
ADD ECX,2
0044431D |. 890E
MOV DWORD PTR DS:[ESI],ECX
0044431F |. EB 15
JMP SHORT 00444336
00444321 |> F7D8
NEG EAX
00444323 |. 1BC0
SBB EAX,EAX
00444325 |. 83E0 10
AND EAX,00000010
00444328 |. 83C0 10
ADD EAX,10
0044432B |. 0946 0C
OR DWORD PTR DS:[ESI+0C],EAX
0044432E |. 897E 04
MOV DWORD PTR DS:[ESI+4],EDI
00444331 |> B8 FFFF0000 MOV EAX,0FFFF
00444336 |> 5F
POP EDI
00444337 |. 5E
POP ESI
00444338 |. 5D
POP EBP
00444339 \. C3
RETN
0044433A /$ 33C0
XOR EAX,EAX
0044433C |. 50
PUSH EAX
e => NULL
0044433D |. 50
PUSH EAX
es => 0
0044433E |. 6A 03
PUSH 3
Distribution = OPEN_EXISTING
00444340 |. 50
PUSH EAX
y => NULL
00444341 |. 6A 03
PUSH 3
e = FILE_SHARE_READ|FILE_SHARE_WRITE
00444343 |. 68 00000040 PUSH 40000000
ccess = GENERIC_WRITE
00444348 |. 68 54C04400 PUSH OFFSET 0044C054
= "CONOUT$"
0044434D |. FF15 34804400 CALL DWORD PTR DS:[<&KERNEL32.CreateFile
.CreateFileA
00444353 |. A3 04264500 MOV DWORD PTR DS:[452604],EAX
00444358 \. C3
RETN
00444359 /. A1 04264500 MOV EAX,DWORD PTR DS:[452604]
0044435E |. 56
PUSH ESI
0044435F |. 8B35 30804400 MOV ESI,DWORD PTR DS:[<&KERNEL32.CloseHa
00444365 |. 83F8 FF
CMP EAX,-1

; /hTemplat
; |Attribut
; |Creation
; |pSecurit
; |ShareMod
; |DesiredA
; |FileName
; \KERNEL32

00444368 |. 74 08
JE SHORT 00444372
0044436A |. 83F8 FE
CMP EAX,-2
0044436D |. 74 03
JE SHORT 00444372
0044436F |. 50
PUSH EAX
=> [452604] = FFFFFFFE
00444370 |. FFD6
CALL ESI
.CloseHandle
00444372 |> A1 00264500 MOV EAX,DWORD PTR DS:[452600]
00444377 |. 83F8 FF
CMP EAX,-1
0044437A |. 74 08
JE SHORT 00444384
0044437C |. 83F8 FE
CMP EAX,-2
0044437F |. 74 03
JE SHORT 00444384
00444381 |. 50
PUSH EAX
=> [452600] = FFFFFFFE
00444382 |. FFD6
CALL ESI
.CloseHandle
00444384 |> 5E
POP ESI
00444385 \. C3
RETN
00444386 /$ 8BFF
MOV EDI,EDI
o.00444386(guessed Arg1,Arg2,Arg3)
00444388 |. 55
PUSH EBP
00444389 |. 8BEC
MOV EBP,ESP
0044438B |. 83EC 18
SUB ESP,18
0044438E |. 53
PUSH EBX
0044438F |. 56
PUSH ESI
00444390 |. 57
PUSH EDI
00444391 |. 33DB
XOR EBX,EBX
00444393 |. 6A 01
PUSH 1
00444395 |. 53
PUSH EBX
0
00444396 |. 53
PUSH EBX
0
00444397 |. FF75 08
PUSH DWORD PTR SS:[ARG.1]
[ARG.1]
0044439A |. 895D F0
MOV DWORD PTR SS:[LOCAL.4],EBX
0044439D |. 895D F4
MOV DWORD PTR SS:[LOCAL.3],EBX
004443A0 |. E8 1AA5FFFF CALL 0043E8BF
fo.0043E8BF
004443A5 |. 8945 E8
MOV DWORD PTR SS:[LOCAL.6],EAX
004443A8 |. 23C2
AND EAX,EDX
004443AA |. 83C4 10
ADD ESP,10
004443AD |. 8955 EC
MOV DWORD PTR SS:[LOCAL.5],EDX
004443B0 |. 83F8 FF
CMP EAX,-1
004443B3 |. 74 59
JE SHORT 0044440E
004443B5 |. 6A 02
PUSH 2
004443B7 |. 53
PUSH EBX
004443B8 |. 53
PUSH EBX
004443B9 |. FF75 08
PUSH DWORD PTR SS:[ARG.1]
[ARG.1]
004443BC |. E8 FEA4FFFF CALL 0043E8BF
fo.0043E8BF
004443C1 |. 8BC8
MOV ECX,EAX
004443C3 |. 23CA
AND ECX,EDX
004443C5 |. 83C4 10
ADD ESP,10
004443C8 |. 83F9 FF
CMP ECX,-1
004443CB |. 74 41
JE SHORT 0044440E
004443CD |. 8B75 0C
MOV ESI,DWORD PTR SS:[ARG.2]
004443D0 |. 8B7D 10
MOV EDI,DWORD PTR SS:[ARG.3]
004443D3 |. 2BF0
SUB ESI,EAX
004443D5 |. 1BFA
SBB EDI,EDX

; /hObject
; \KERNEL32

; /hObject
; \KERNEL32

; SystemInf

; /Arg4 = 1
; |Arg3 =>
; |Arg2 =>
; |Arg1 =>
; |
; |
; \SystemIn

;
;
;
;

/Arg4 = 2
|Arg3
|Arg2
|Arg1 =>

; \SystemIn

004443D7 |. 0F88 C6000000


004443DD |. 7F 08
004443DF |. 3BF3
004443E1 |. 0F86 BC000000
004443E7 |> BB 00100000
004443EC |. 53
4096.
004443ED |. 6A 08
HEAP_ZERO_MEMORY
004443EF |. FF15 A8804400
2.GetProcessHeap
004443F5 |. 50
004443F6 |. FF15 A4804400
lAllocateHeap
004443FC |. 8945 FC
004443FF |. 85C0
00444401 |. 75 17
00444403 |. E8 F5FFFEFF
fo.004343FD
00444408 |. C700 0C000000
0044440E |> E8 EAFFFEFF
fo.004343FD
00444413 |. 8B00
00444415 |> 5F
00444416 |. 5E
00444417 |. 5B
00444418 |. C9
00444419 |. C3
0044441A |> 68 00800000
000
0044441F |. FF75 08
[ARG.1]
00444422 |. E8 15010000
fo.0044453C
00444427 |. 59
00444428 |. 59
00444429 |. 8945 F8
0044442C |> 85FF
0044442E |. 7C 0A
00444430 |. 7F 04
00444432 |. 3BF3
00444434 |. 72 04
00444436 |> 8BC3
00444438 |. EB 02
0044443A |> 8BC6
0044443C |> 50
0044443D |. FF75 FC
[LOCAL.1]
00444440 |. FF75 08
[ARG.1]
00444443 |. E8 7966FFFF
fo.0043AAC1
00444448 |. 83C4 0C
0044444B |. 83F8 FF
0044444E |. 74 36
00444450 |. 99
00444451 |. 2BF0
00444453 |. 1BFA
00444455 |. 78 06
00444457 |.^ 7F D3

JS 004444A3
JG SHORT 004443E7
CMP ESI,EBX
JBE 004444A3
MOV EBX,1000
PUSH EBX

; /Size =>

PUSH 8

; |Flags =

CALL DWORD PTR DS:[<&KERNEL32.GetProcess ; |[KERNEL3


PUSH EAX
; |Heap
CALL DWORD PTR DS:[<&KERNEL32.HeapAlloc> ; \NTDLL.Rt
MOV DWORD PTR SS:[LOCAL.1],EAX
TEST EAX,EAX
JNE SHORT 0044441A
CALL 004343FD

; [SystemIn

MOV DWORD PTR DS:[EAX],0C


CALL 004343FD

; [SystemIn

MOV EAX,DWORD PTR DS:[EAX]


POP EDI
POP ESI
POP EBX
LEAVE
RETN
PUSH 8000

; /Arg2 = 8

PUSH DWORD PTR SS:[ARG.1]

; |Arg1 =>

CALL 0044453C

; \SystemIn

POP ECX
POP ECX
MOV DWORD PTR SS:[LOCAL.2],EAX
/TEST EDI,EDI
|JL SHORT 0044443A
|JG SHORT 00444436
|CMP ESI,EBX
|JB SHORT 0044443A
|MOV EAX,EBX
|JMP SHORT 0044443C
|MOV EAX,ESI
|PUSH EAX
|PUSH DWORD PTR SS:[LOCAL.1]

; /Arg3
; |Arg2 =>

|PUSH DWORD PTR SS:[ARG.1]

; |Arg1 =>

|CALL 0043AAC1

; \SystemIn

|ADD ESP,0C
|CMP EAX,-1
|JE SHORT 00444486
|CDQ
|SUB ESI,EAX
|SBB EDI,EDX
|JS SHORT 0044445D
|JG SHORT 0044442C

00444459 |. 85F6
0044445B |.^ 77 CF
0044445D |> 8B75 F0
00444460 |> FF75 F8
[LOCAL.2]
00444463 |. FF75 08
[ARG.1]
00444466 |. E8 D1000000
fo.0044453C
0044446B |. 59
0044446C |. 59
0044446D |. FF75 FC
[LOCAL.1]
00444470 |. 6A 00
0
00444472 |. FF15 A8804400
2.GetProcessHeap
00444478 |. 50
00444479 |. FF15 A0804400
.HeapFree
0044447F |. 33DB
00444481 |. E9 86000000
00444486 |> E8 85FFFEFF
fo.00434410
0044448B |. 8338 05
0044448E |. 75 0B
00444490 |. E8 68FFFEFF
fo.004343FD
00444495 |. C700 0D000000
0044449B |> 83CE FF
0044449E |. 8975 F4
004444A1 |.^ EB BD
004444A3 |> 3BFB
004444A5 |. 7F 71
004444A7 |. 7C 04
004444A9 |. 3BF3
004444AB |. 73 6B
004444AD |> 53
004444AE |. FF75 10
[ARG.3]
004444B1 |. FF75 0C
[ARG.2]
004444B4 |. FF75 08
[ARG.1]
004444B7 |. E8 03A4FFFF
fo.0043E8BF
004444BC |. 23C2
004444BE |. 83C4 10
004444C1 |. 83F8 FF
004444C4 |.^ 0F84 44FFFFFF
004444CA |. FF75 08
[ARG.1]
004444CD |. E8 D1C5FFFF
fo.00440AA3
004444D2 |. 59
004444D3 |. 50
004444D4 |. FF15 20814400
.SetEndOfFile
004444DA |. F7D8
EAX to boolean

|TEST ESI,ESI
\JA SHORT 0044442C
MOV ESI,DWORD PTR SS:[LOCAL.4]
PUSH DWORD PTR SS:[LOCAL.2]

; /Arg2 =>

PUSH DWORD PTR SS:[ARG.1]

; |Arg1 =>

CALL 0044453C

; \SystemIn

POP ECX
POP ECX
PUSH DWORD PTR SS:[LOCAL.1]

; /pMem =>

PUSH 0

; |Flags =

CALL DWORD PTR DS:[<&KERNEL32.GetProcess ; |[KERNEL3


PUSH EAX
; |Heap
CALL DWORD PTR DS:[<&KERNEL32.HeapFree>] ; \KERNEL32
XOR EBX,EBX
JMP 0044450C
CALL 00434410

; [SystemIn

CMP DWORD PTR DS:[EAX],5


JNE SHORT 0044449B
CALL 004343FD

; [SystemIn

MOV DWORD PTR DS:[EAX],0D


OR ESI,FFFFFFFF
MOV DWORD PTR SS:[LOCAL.3],ESI
JMP SHORT 00444460
CMP EDI,EBX
JG SHORT 00444518
JL SHORT 004444AD
CMP ESI,EBX
JNB SHORT 00444518
PUSH EBX
PUSH DWORD PTR SS:[ARG.3]

; /Arg4
; |Arg3 =>

PUSH DWORD PTR SS:[ARG.2]

; |Arg2 =>

PUSH DWORD PTR SS:[ARG.1]

; |Arg1 =>

CALL 0043E8BF

; \SystemIn

AND EAX,EDX
ADD ESP,10
CMP EAX,-1
JE 0044440E
PUSH DWORD PTR SS:[ARG.1]

; /Arg1 =>

CALL 00440AA3

; \SystemIn

POP ECX
PUSH EAX
; /hFile
CALL DWORD PTR DS:[<&KERNEL32.SetEndOfFi ; \KERNEL32
NEG EAX

; Converts

004444DC |. 1BC0
SBB EAX,EAX
004444DE |. F7D8
NEG EAX
004444E0 |. 48
DEC EAX
004444E1 |. 99
CDQ
004444E2 |. 8945 F0
MOV DWORD PTR SS:[LOCAL.4],EAX
004444E5 |. 23C2
AND EAX,EDX
004444E7 |. 8955 F4
MOV DWORD PTR SS:[LOCAL.3],EDX
004444EA |. 83F8 FF
CMP EAX,-1
004444ED |. 75 29
JNE SHORT 00444518
004444EF |. E8 09FFFEFF CALL 004343FD
fo.004343FD
004444F4 |. C700 0D000000 MOV DWORD PTR DS:[EAX],0D
004444FA |. E8 11FFFEFF CALL 00434410
fo.00434410
004444FF |. 8BF0
MOV ESI,EAX
00444501 |. FF15 58804400 CALL DWORD PTR DS:[<&KERNEL32.GetLastErr
.GetLastError
00444507 |. 8906
MOV DWORD PTR DS:[ESI],EAX
00444509 |. 8B75 F0
MOV ESI,DWORD PTR SS:[LOCAL.4]
0044450C |> 2375 F4
AND ESI,DWORD PTR SS:[LOCAL.3]
0044450F |. 83FE FF
CMP ESI,-1
00444512 |.^ 0F84 F6FEFFFF JE 0044440E
00444518 |> 53
PUSH EBX
00444519 |. FF75 EC
PUSH DWORD PTR SS:[LOCAL.5]
[LOCAL.5]
0044451C |. FF75 E8
PUSH DWORD PTR SS:[LOCAL.6]
[LOCAL.6]
0044451F |. FF75 08
PUSH DWORD PTR SS:[ARG.1]
[ARG.1]
00444522 |. E8 98A3FFFF CALL 0043E8BF
fo.0043E8BF
00444527 |. 23C2
AND EAX,EDX
00444529 |. 83C4 10
ADD ESP,10
0044452C |. 83F8 FF
CMP EAX,-1
0044452F |.^ 0F84 D9FEFFFF JE 0044440E
00444535 |. 33C0
XOR EAX,EAX
00444537 \.^ E9 D9FEFFFF JMP 00444415
0044453C /$ 8BFF
MOV EDI,EDI
o.0044453C(guessed Arg1,Arg2)
0044453E |. 55
PUSH EBP
0044453F |. 8BEC
MOV EBP,ESP
00444541 |. 53
PUSH EBX
00444542 |. 8B5D 0C
MOV EBX,DWORD PTR SS:[ARG.2]
00444545 |. 56
PUSH ESI
00444546 |. 8B75 08
MOV ESI,DWORD PTR SS:[ARG.1]
00444549 |. 8BC6
MOV EAX,ESI
0044454B |. C1F8 05
SAR EAX,5
0044454E |. 8D1485 A03745 LEA EDX,[EAX*4+4537A0]
00444555 |. 8B02
MOV EAX,DWORD PTR DS:[EDX]
00444557 |. 83E6 1F
AND ESI,0000001F
0044455A |. C1E6 06
SHL ESI,6
0044455D |. 8D0C30
LEA ECX,[ESI+EAX]
00444560 |. 8A41 24
MOV AL,BYTE PTR DS:[ECX+24]
00444563 |. 02C0
ADD AL,AL
00444565 |. 57
PUSH EDI
00444566 |. 0FB679 04
MOVZX EDI,BYTE PTR DS:[ECX+4]
0044456A |. 0FBEC0
MOVSX EAX,AL
0044456D |. 81E7 80000000 AND EDI,00000080
00444573 |. D1F8
SAR EAX,1
00444575 |. 81FB 00400000 CMP EBX,4000

; [SystemIn
; [SystemIn
; [KERNEL32

; /Arg4
; |Arg3 =>
; |Arg2 =>
; |Arg1 =>
; \SystemIn

; SystemInf

0044457B |. 74 50
0044457D |. 81FB 00800000
00444583 |. 74 42
00444585 |. 81FB 00000100
0044458B |. 74 26
0044458D |. 81FB 00000200
00444593 |. 74 1E
00444595 |. 81FB 00000400
0044459B |. 75 3D
0044459D |. 8049 04 80
004445A1 |. 8B0A
004445A3 |. 8D4C31 24
004445A7 |. 8A11
004445A9 |. 80E2 81
004445AC |. 80CA 01
004445AF |> 8811
004445B1 |. EB 27
004445B3 |> 8049 04 80
004445B7 |. 8B0A
004445B9 |. 8D4C31 24
004445BD |. 8A11
004445BF |. 80E2 82
004445C2 |. 80CA 02
004445C5 |.^ EB E8
004445C7 |> 8061 04 7F
004445CB |. EB 0D
004445CD |> 8049 04 80
004445D1 |. 8B0A
004445D3 |. 8D4C31 24
004445D7 |. 8021 80
004445DA |> 85FF
004445DC |. 5F
004445DD |. 5E
004445DE |. 5B
004445DF |. 75 07
004445E1 |. B8 00800000
004445E6 |. 5D
004445E7 |. C3
004445E8 |> F7D8
004445EA |. 1BC0
004445EC |. 25 00C00000
004445F1 |. 05 00400000
004445F6 |. 5D
004445F7 \. C3
004445F8 /$ 8BFF
o.004445F8(guessed Arg1)
004445FA |. 55
004445FB |. 8BEC
004445FD |. 8B45 08
00444600 |. 56
00444601 |. 33F6
00444603 |. 3BC6
00444605 |. 75 1D
00444607 |. E8 F1FDFEFF
fo.004343FD
0044460C |. 56
0044460D |. 56
0044460E |. 56
0044460F |. 56
00444610 |. 56

JE SHORT 004445CD
CMP EBX,8000
JE SHORT 004445C7
CMP EBX,10000
JE SHORT 004445B3
CMP EBX,20000
JE SHORT 004445B3
CMP EBX,40000
JNE SHORT 004445DA
OR BYTE PTR DS:[ECX+4],80
MOV ECX,DWORD PTR DS:[EDX]
LEA ECX,[ESI+ECX+24]
MOV DL,BYTE PTR DS:[ECX]
AND DL,81
OR DL,01
MOV BYTE PTR DS:[ECX],DL
JMP SHORT 004445DA
OR BYTE PTR DS:[ECX+4],80
MOV ECX,DWORD PTR DS:[EDX]
LEA ECX,[ESI+ECX+24]
MOV DL,BYTE PTR DS:[ECX]
AND DL,82
OR DL,02
JMP SHORT 004445AF
AND BYTE PTR DS:[ECX+4],7F
JMP SHORT 004445DA
OR BYTE PTR DS:[ECX+4],80
MOV ECX,DWORD PTR DS:[EDX]
LEA ECX,[ESI+ECX+24]
AND BYTE PTR DS:[ECX],80
TEST EDI,EDI
POP EDI
POP ESI
POP EBX
JNE SHORT 004445E8
MOV EAX,8000
POP EBP
RETN
NEG EAX
SBB EAX,EAX
AND EAX,0000C000
ADD EAX,4000
POP EBP
RETN
MOV EDI,EDI

; SystemInf

PUSH EBP
MOV EBP,ESP
MOV EAX,DWORD PTR SS:[ARG.1]
PUSH ESI
XOR ESI,ESI
CMP EAX,ESI
JNE SHORT 00444624
CALL 004343FD

; [SystemIn

PUSH
PUSH
PUSH
PUSH
PUSH

;
;
;
;
;

ESI
ESI
ESI
ESI
ESI

/Arg5
|Arg4
|Arg3
|Arg2
|Arg1

00444611 |. C700 16000000 MOV DWORD PTR DS:[EAX],16


00444617 |. E8 46A2FEFF CALL 0042E862
fo.0042E862
0044461C |. 83C4 14
ADD ESP,14
0044461F |. 6A 16
PUSH 16
00444621 |. 58
POP EAX
00444622 |. EB 0A
JMP SHORT 0044462E
00444624 |> 8B0D 78374500 MOV ECX,DWORD PTR DS:[453778]
0044462A |. 8908
MOV DWORD PTR DS:[EAX],ECX
0044462C |. 33C0
XOR EAX,EAX
0044462E |> 5E
POP ESI
0044462F |. 5D
POP EBP
00444630 \. C3
RETN
00444631 /$ 8BFF
MOV EDI,EDI
o.00444631(guessed Arg1,Arg2)
00444633 |. 55
PUSH EBP
00444634 |. 8BEC
MOV EBP,ESP
00444636 |. B8 FFFF0000 MOV EAX,0FFFF
0044463B |. 8BC8
MOV ECX,EAX
0044463D |. 83EC 14
SUB ESP,14
00444640 |. 66:394D 08
CMP WORD PTR SS:[ARG.1],CX
00444644 |. 0F84 9A000000 JE 004446E4
0044464A |. 53
PUSH EBX
0044464B |. FF75 0C
PUSH DWORD PTR SS:[ARG.2]
[ARG.2]
0044464E |. 8D4D EC
LEA ECX,[LOCAL.5]
00444651 |. E8 0FA6FEFF CALL 0042EC65
fo.0042EC65
00444656 |. 8B4D EC
MOV ECX,DWORD PTR SS:[LOCAL.5]
00444659 |. 8B51 14
MOV EDX,DWORD PTR DS:[ECX+14]
0044465C |. 33DB
XOR EBX,EBX
0044465E |. 3BD3
CMP EDX,EBX
00444660 |. 75 14
JNE SHORT 00444676
00444662 |. 8B45 08
MOV EAX,DWORD PTR SS:[ARG.1]
00444665 |. 8D48 BF
LEA ECX,[EAX-41]
00444668 |. 66:83F9 19
CMP CX,19
0044466C |. 77 03
JA SHORT 00444671
0044466E |. 83C0 20
ADD EAX,20
00444671 |> 0FB7C0
MOVZX EAX,AX
00444674 |. EB 61
JMP SHORT 004446D7
00444676 |> 56
PUSH ESI
00444677 |. B8 00010000 MOV EAX,100
0044467C |. 8BF0
MOV ESI,EAX
0044467E |. 66:3975 08
CMP WORD PTR SS:[ARG.1],SI
00444682 |. 5E
POP ESI
00444683 |. 73 29
JNB SHORT 004446AE
00444685 |. 8D45 EC
LEA EAX,[LOCAL.5]
00444688 |. 50
PUSH EAX
OFFSET LOCAL.5
00444689 |. 6A 01
PUSH 1
0044468B |. FF75 08
PUSH DWORD PTR SS:[ARG.1]
[ARG.1]
0044468E |. E8 2E63FFFF CALL 0043A9C1
fo.0043A9C1
00444693 |. 83C4 0C
ADD ESP,0C
00444696 |. 85C0
TEST EAX,EAX
00444698 |. 0FB745 08
MOVZX EAX,WORD PTR SS:[ARG.1]
0044469C |. 74 39
JE SHORT 004446D7
0044469E |. 8B4D EC
MOV ECX,DWORD PTR SS:[LOCAL.5]
004446A1 |. 8B89 CC000000 MOV ECX,DWORD PTR DS:[ECX+0CC]

; |
; \SystemIn

; SystemInf

; /Arg1 =>
; |
; \SystemIn

; /Arg3 =>
; |Arg2 = 1
; |Arg1 =>
; \SystemIn

004446A7 |. 66:0FB60401 MOVZX AX,BYTE PTR DS:[EAX+ECX]


004446AC |.^ EB C3
JMP SHORT 00444671
004446AE |> FF71 04
PUSH DWORD PTR DS:[ECX+4]
004446B1 |. 8D4D FC
LEA ECX,[LOCAL.1]
004446B4 |. 6A 01
PUSH 1
004446B6 |. 51
PUSH ECX
004446B7 |. 6A 01
PUSH 1
004446B9 |. 8D4D 08
LEA ECX,[ARG.1]
004446BC |. 51
PUSH ECX
004446BD |. 50
PUSH EAX
004446BE |. 52
PUSH EDX
004446BF |. 8D45 EC
LEA EAX,[LOCAL.5]
004446C2 |. 50
PUSH EAX
004446C3 |. E8 A262FFFF CALL 0043A96A
004446C8 |. 83C4 20
ADD ESP,20
004446CB |. 85C0
TEST EAX,EAX
004446CD |. 0FB745 08
MOVZX EAX,WORD PTR SS:[ARG.1]
004446D1 |. 74 04
JE SHORT 004446D7
004446D3 |. 0FB745 FC
MOVZX EAX,WORD PTR SS:[LOCAL.1]
004446D7 |> 385D F8
CMP BYTE PTR SS:[LOCAL.2],BL
004446DA |. 74 07
JE SHORT 004446E3
004446DC |. 8B4D F4
MOV ECX,DWORD PTR SS:[LOCAL.3]
004446DF |. 8361 70 FD
AND DWORD PTR DS:[ECX+70],FFFFFFFD
004446E3 |> 5B
POP EBX
004446E4 |> C9
LEAVE
004446E5 \. C3
RETN
004446E6 /$ 8BFF
MOV EDI,EDI
; SystemInf
o.004446E6(guessed Arg1,Arg2,Arg3)
004446E8 |. 55
PUSH EBP
004446E9 |. 8BEC
MOV EBP,ESP
004446EB |. 83EC 18
SUB ESP,18
004446EE |. A1 A0154500 MOV EAX,DWORD PTR DS:[4515A0]
004446F3 |. 33C5
XOR EAX,EBP
004446F5 |. 8945 FC
MOV DWORD PTR SS:[LOCAL.1],EAX
004446F8 |. 8B45 10
MOV EAX,DWORD PTR SS:[ARG.3]
004446FB |. 53
PUSH EBX
004446FC |. 56
PUSH ESI
004446FD |. 33F6
XOR ESI,ESI
004446FF |. 57
PUSH EDI
00444700 |. C745 E8 4E400 MOV DWORD PTR SS:[LOCAL.6],404E
00444707 |. 8930
MOV DWORD PTR DS:[EAX],ESI
00444709 |. 8970 04
MOV DWORD PTR DS:[EAX+4],ESI
0044470C |. 8970 08
MOV DWORD PTR DS:[EAX+8],ESI
0044470F |. 3975 0C
CMP DWORD PTR SS:[ARG.2],ESI
00444712 |. 0F86 46010000 JBE 0044485E
00444718 |> 8B10
/MOV EDX,DWORD PTR DS:[EAX]
0044471A |. 8B58 04
|MOV EBX,DWORD PTR DS:[EAX+4]
0044471D |. 8BF0
|MOV ESI,EAX
0044471F |. 8D7D F0
|LEA EDI,[LOCAL.4]
00444722 |. A5
|MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[E
00444723 |. A5
|MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[E
00444724 |. A5
|MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[E
00444725 |. 8BCA
|MOV ECX,EDX
00444727 |. C1E9 1F
|SHR ECX,1F
0044472A |. 8D3C12
|LEA EDI,[EDX+EDX]
0044472D |. 8D141B
|LEA EDX,[EBX+EBX]
00444730 |. 0BD1
|OR EDX,ECX
00444732 |. 8B48 08
|MOV ECX,DWORD PTR DS:[EAX+8]
00444735 |. 8BF3
|MOV ESI,EBX
00444737 |. C1EE 1F
|SHR ESI,1F

0044473A
0044473C
0044473E
00444741
00444743
00444747
00444749
0044474C
0044474E
00444751
00444753
00444756
00444758
0044475A
0044475C
0044475F
00444761
00444764
00444767
00444769
0044476B
0044476D
0044476F
00444776
00444778
0044477A
0044477D
0044477F
00444782
00444784
00444786
00444789
0044478B
0044478D
0044478E
00444791
00444793
00444795
00444796
00444799
0044479C
0044479F
004447A2
004447A4
004447A6
004447A8
004447AA
004447AC
004447AE
004447AF
004447B2
004447B4
004447B6
004447B9
004447BC
004447BF
004447C3
004447C6
004447C8
004447CB

|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|>
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|>
|.
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|>
|.
|>
|.
|.
|.
|>
|.
|.
|.
|.
|.
|.

03C9
0BCE
897D EC
8BF7
8365 EC 00
8BDA
C1EB 1F
03C9
C1EF 1F
0BCB
8B5D F0
03F6
03D2
0BD7
8D3C1E
8930
8950 04
8948 08
3BFE
72 04
3BFB
73 07
C745 EC 01000
33DB
8938
395D EC
74 1A
8D72 01
3BF2
72 05
83FE 01
73 03
33DB
43
8970 04
85DB
74 04
41
8948 08
8B48 04
8B55 F4
8D1C11
33F6
3BD9
72 04
3BDA
73 03
33F6
46
8958 04
85F6
74 03
FF40 08
8B4D F8
0148 08
8365 EC 00
8D0C3F
8BD7
C1EA 1F
8D3C1B

|ADD ECX,ECX
|OR ECX,ESI
|MOV DWORD PTR SS:[LOCAL.5],EDI
|MOV ESI,EDI
|AND DWORD PTR SS:[LOCAL.5],00000000
|MOV EBX,EDX
|SHR EBX,1F
|ADD ECX,ECX
|SHR EDI,1F
|OR ECX,EBX
|MOV EBX,DWORD PTR SS:[LOCAL.4]
|ADD ESI,ESI
|ADD EDX,EDX
|OR EDX,EDI
|LEA EDI,[EBX+ESI]
|MOV DWORD PTR DS:[EAX],ESI
|MOV DWORD PTR DS:[EAX+4],EDX
|MOV DWORD PTR DS:[EAX+8],ECX
|CMP EDI,ESI
|JB SHORT 0044476F
|CMP EDI,EBX
|JNB SHORT 00444776
|MOV DWORD PTR SS:[LOCAL.5],1
|XOR EBX,EBX
|MOV DWORD PTR DS:[EAX],EDI
|CMP DWORD PTR SS:[LOCAL.5],EBX
|JE SHORT 00444799
|LEA ESI,[EDX+1]
|CMP ESI,EDX
|JB SHORT 0044478B
|CMP ESI,1
|JNB SHORT 0044478E
|XOR EBX,EBX
|INC EBX
|MOV DWORD PTR DS:[EAX+4],ESI
|TEST EBX,EBX
|JE SHORT 00444799
|INC ECX
|MOV DWORD PTR DS:[EAX+8],ECX
|MOV ECX,DWORD PTR DS:[EAX+4]
|MOV EDX,DWORD PTR SS:[LOCAL.3]
|LEA EBX,[EDX+ECX]
|XOR ESI,ESI
|CMP EBX,ECX
|JB SHORT 004447AC
|CMP EBX,EDX
|JNB SHORT 004447AF
|XOR ESI,ESI
|INC ESI
|MOV DWORD PTR DS:[EAX+4],EBX
|TEST ESI,ESI
|JE SHORT 004447B9
|INC DWORD PTR DS:[EAX+8]
|MOV ECX,DWORD PTR SS:[LOCAL.2]
|ADD DWORD PTR DS:[EAX+8],ECX
|AND DWORD PTR SS:[LOCAL.5],00000000
|LEA ECX,[EDI+EDI]
|MOV EDX,EDI
|SHR EDX,1F
|LEA EDI,[EBX+EBX]

004447CE
004447D0
004447D3
004447D5
004447D8
004447DB
004447DE
004447E0
004447E2
004447E5
004447E8
004447EB
004447EE
004447F1
004447F3
004447F5
004447F7
004447F9
00444800
00444804
00444806
00444808
0044480B
0044480D
0044480F
00444811
00444814
00444816
00444818
00444819
0044481C
0044481E
00444820
00444821
00444824
00444827
0044482A
0044482E
00444834
00444836
00444838
0044483B
0044483D
00444840
00444843
00444845
00444847
0044484A
0044484D
0044484F
00444852
00444859
0044485C
0044485E
00444861
00444863
00444868
0044486B
0044486D
0044486F

|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|>
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.
|>
|.
|.
|.
|.
|>
|.
|.
|.^
|.
|.
|>
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|.
|>
|.^
|.
|.
|.
|>
|.

0BFA
8B50 08
8BF3
C1EE 1F
8D1C12
8B55 08
0BDE
8908
8978 04
8958 08
0FBE12
8D3411
8955 F0
3BF1
72 04
3BF2
73 07
C745 EC 01000
837D EC 00
8930
74 1C
8D4F 01
33D2
3BCF
72 05
83F9 01
73 03
33D2
42
8948 04
85D2
74 04
43
8958 08
FF4D 0C
FF45 08
837D 0C 00
0F87 E4FEFFFF
33F6
EB 26
8B48 04
8BD1
C1EA 10
8950 08
8B10
8BFA
C1E1 10
C1EF 10
0BCF
C1E2 10
8145 E8 F0FF0
8948 04
8910
3970 08
74 D5
BB 00800000
8558 08
75 30
8B30
8B78 04

|OR EDI,EDX
|MOV EDX,DWORD PTR DS:[EAX+8]
|MOV ESI,EBX
|SHR ESI,1F
|LEA EBX,[EDX+EDX]
|MOV EDX,DWORD PTR SS:[ARG.1]
|OR EBX,ESI
|MOV DWORD PTR DS:[EAX],ECX
|MOV DWORD PTR DS:[EAX+4],EDI
|MOV DWORD PTR DS:[EAX+8],EBX
|MOVSX EDX,BYTE PTR DS:[EDX]
|LEA ESI,[EDX+ECX]
|MOV DWORD PTR SS:[LOCAL.4],EDX
|CMP ESI,ECX
|JB SHORT 004447F9
|CMP ESI,EDX
|JNB SHORT 00444800
|MOV DWORD PTR SS:[LOCAL.5],1
|CMP DWORD PTR SS:[LOCAL.5],0
|MOV DWORD PTR DS:[EAX],ESI
|JE SHORT 00444824
|LEA ECX,[EDI+1]
|XOR EDX,EDX
|CMP ECX,EDI
|JB SHORT 00444816
|CMP ECX,1
|JNB SHORT 00444819
|XOR EDX,EDX
|INC EDX
|MOV DWORD PTR DS:[EAX+4],ECX
|TEST EDX,EDX
|JE SHORT 00444824
|INC EBX
|MOV DWORD PTR DS:[EAX+8],EBX
|DEC DWORD PTR SS:[ARG.2]
|INC DWORD PTR SS:[ARG.1]
|CMP DWORD PTR SS:[ARG.2],0
\JA 00444718
XOR ESI,ESI
JMP SHORT 0044485E
/MOV ECX,DWORD PTR DS:[EAX+4]
|MOV EDX,ECX
|SHR EDX,10
|MOV DWORD PTR DS:[EAX+8],EDX
|MOV EDX,DWORD PTR DS:[EAX]
|MOV EDI,EDX
|SHL ECX,10
|SHR EDI,10
|OR ECX,EDI
|SHL EDX,10
|ADD DWORD PTR SS:[LOCAL.6],0FFF0
|MOV DWORD PTR DS:[EAX+4],ECX
|MOV DWORD PTR DS:[EAX],EDX
|CMP DWORD PTR DS:[EAX+8],ESI
\JE SHORT 00444838
MOV EBX,8000
TEST DWORD PTR DS:[EAX+8],EBX
JNE SHORT 0044489D
/MOV ESI,DWORD PTR DS:[EAX]
|MOV EDI,DWORD PTR DS:[EAX+4]

00444872 |. 8145 E8 FFFF0


00444879 |. 8BCE
0044487B |. 03F6
0044487D |. C1E9 1F
00444880 |. 8930
00444882 |. 8D343F
00444885 |. 0BF1
00444887 |. 8B48 08
0044488A |. 8BD7
0044488C |. C1EA 1F
0044488F |. 03C9
00444891 |. 0BCA
00444893 |. 8970 04
00444896 |. 8948 08
00444899 |. 85CB
0044489B |.^ 74 D0
0044489D |> 66:8B4D E8
004448A1 |. 66:8948 0A
004448A5 |. 8B4D FC
004448A8 |. 5F
004448A9 |. 5E
004448AA |. 33CD
004448AC |. 5B
004448AD |. E8 3F9EFEFF
004448B2 |. C9
004448B3 \. C3
004448B4 /$ 6A 08
o.004448B4(guessed Arg1)
004448B6 |. 68 F0F64400
004448BB |. E8 2C41FFFF
004448C0 |. 33C0
004448C2 |. 3905 D8484500
004448C8 |. 74 56
004448CA |. F645 08 40
004448CE |. 74 48
004448D0 |. 3905 DC284500
004448D6 |. 74 40
004448D8 |. 8945 FC
004448DB |. 0FAE55 08
004448DF \. EB 2E
004448E1 /. 8B45 EC
004448E4 |. 8B00
004448E6 |. 8B00
004448E8 |. 3D 050000C0
004448ED |. 74 0A
004448EF |. 3D 1D0000C0
004448F4 |. 74 03
004448F6 |. 33C0
004448F8 |. C3
004448F9 |> 33C0
004448FB |. 40
004448FC \. C3
004448FD /. 8B65 E8
00444900 |. 8325 DC284500
00444907 |. 8365 08 BF
0044490B |. 0FAE55 08
0044490F |> C745 FC FEFFF
00444916 |. EB 08
00444918 |> 8365 08 BF
0044491C |. 0FAE55 08

|ADD DWORD PTR SS:[LOCAL.6],0FFFF


|MOV ECX,ESI
|ADD ESI,ESI
|SHR ECX,1F
|MOV DWORD PTR DS:[EAX],ESI
|LEA ESI,[EDI+EDI]
|OR ESI,ECX
|MOV ECX,DWORD PTR DS:[EAX+8]
|MOV EDX,EDI
|SHR EDX,1F
|ADD ECX,ECX
|OR ECX,EDX
|MOV DWORD PTR DS:[EAX+4],ESI
|MOV DWORD PTR DS:[EAX+8],ECX
|TEST EBX,ECX
\JE SHORT 0044486D
MOV CX,WORD PTR SS:[LOCAL.6]
MOV WORD PTR DS:[EAX+0A],CX
MOV ECX,DWORD PTR SS:[LOCAL.1]
POP EDI
POP ESI
XOR ECX,EBP
POP EBX
CALL 0042E6F1
LEAVE
RETN
PUSH 8
PUSH OFFSET 0044F6F0
CALL 004389EC
XOR EAX,EAX
CMP DWORD PTR DS:[4548D8],EAX
JE SHORT 00444920
TEST BYTE PTR SS:[EBP+8],40
JE SHORT 00444918
CMP DWORD PTR DS:[4528DC],EAX
JE SHORT 00444918
MOV DWORD PTR SS:[EBP-4],EAX
LDMXCSR DWORD PTR SS:[EBP+8]
JMP SHORT 0044490F
MOV EAX,DWORD PTR SS:[EBP-14]
MOV EAX,DWORD PTR DS:[EAX]
MOV EAX,DWORD PTR DS:[EAX]
CMP EAX,C0000005
JE SHORT 004448F9
CMP EAX,C000001D
JE SHORT 004448F9
XOR EAX,EAX
RETN
XOR EAX,EAX
INC EAX
RETN
MOV ESP,DWORD PTR SS:[EBP-18]
AND DWORD PTR DS:[4528DC],00000000
AND DWORD PTR SS:[EBP+8],FFFFFFBF
LDMXCSR DWORD PTR SS:[EBP+8]
MOV DWORD PTR SS:[EBP-4],-2
JMP SHORT 00444920
AND DWORD PTR SS:[EBP+8],FFFFFFBF
LDMXCSR DWORD PTR SS:[EBP+8]

; SystemInf

00444920
00444925
00444926
00444927
00444928
00444929
0044492A
0044492B
0044492C
0044492D
0044492E
0044492F
00444930
00444933
00444934
00444935
0044493C
00444940
00444942
00444946
00444947
00444949
0044494C
00444950
00444956
00444958
0044495A
0044495D
0044495F
00444961
00444963
00444965
0044496B
0044496D
0044496F
00444970
00444972
00444975
00444976
00444978
0044497A
0044497F
00444981
00444983
00444985
00444987
00444989
0044498C
0044498F
00444991
00444993
00444996
0044499C
0044499E
004449A3
004449A5
004449AA
004449AC
004449B2
004449B4

|> E8 0C41FFFF
\. C3
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
/> 8D42 FF
|. 5B
|. C3
| 8DA424 000000
| 8D6424 00
|. 33C0
|. 8A4424 08
|. 53
|. 8BD8
|. C1E0 08
|. 8B5424 08
|. F7C2 03000000
|. 74 15
|> 8A0A
|. 83C2 01
|. 3ACB
|.^ 74 CF
|. 84C9
|. 74 51
|. F7C2 03000000
|.^ 75 EB
|> 0BD8
|. 57
|. 8BC3
|. C1E3 10
|. 56
|. 0BD8
|> 8B0A
|. BF FFFEFE7E
|. 8BC1
|. 8BF7
|. 33CB
|. 03F0
|. 03F9
|. 83F1 FF
|. 83F0 FF
|. 33CF
|. 33C6
|. 83C2 04
|. 81E1 00010181
|. 75 1C
|. 25 00010181
|.^ 74 D3
|. 25 00010101
|. 75 08
|. 81E6 00000080
|.^ 75 C4
|> 5E

CALL 00438A31
RETN
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
LEA EAX,[EDX-1]
POP EBX
RETN
LEA ESP,[ESP]
LEA ESP,[ESP]
XOR EAX,EAX
MOV AL,BYTE PTR SS:[ARG.2]
PUSH EBX
MOV EBX,EAX
SHL EAX,8
MOV EDX,DWORD PTR SS:[ARG.1]
TEST EDX,00000003
JE SHORT 0044496D
/MOV CL,BYTE PTR DS:[EDX]
|ADD EDX,1
|CMP CL,BL
|JE SHORT 00444930
|TEST CL,CL
|JE SHORT 004449B6
|TEST EDX,00000003
\JNE SHORT 00444958
OR EBX,EAX
PUSH EDI
MOV EAX,EBX
SHL EBX,10
PUSH ESI
OR EBX,EAX
MOV ECX,DWORD PTR DS:[EDX]
MOV EDI,7EFEFEFF
MOV EAX,ECX
MOV ESI,EDI
XOR ECX,EBX
ADD ESI,EAX
ADD EDI,ECX
XOR ECX,FFFFFFFF
XOR EAX,FFFFFFFF
XOR ECX,EDI
XOR EAX,ESI
ADD EDX,4
AND ECX,81010100
JNE SHORT 004449BA
AND EAX,81010100
JE SHORT 00444978
AND EAX,01010100
JNE SHORT 004449B4
AND ESI,80000000
JNE SHORT 00444978
POP ESI

004449B5
004449B6
004449B7
004449B9
004449BA
004449BD
004449BF
004449C1
004449C3
004449C5
004449C7
004449C9
004449CB
004449CD
004449D0
004449D2
004449D4
004449D6
004449D8
004449DA
004449DC
004449DE
004449E0
004449E2
004449E3
004449E4
004449E7
004449E8
004449E9
004449EC
004449ED
004449EE
004449EF
004449F0
004449F3
004449F4
004449F5
004449F6
004449F7
004449FA
004449FB
004449FC
004449FD
004449FE
00444A04
00444A05
00444A06
00444A07
00444A08
00444A09
00444A0A
00444A0B
00444A0C
00444A0D
00444A0E
00444A0F
00444A10
00444A13
00444A18
00444A1E

|.
|>
|.
|.
|>
|.
|.
|.
|.^
|.
|.
|.
|.^
|.
|.
|.
|.
|.^
|.
|.
|.
|.^
|.^
|>
|.
|.
|.
|.
|>
|.
|.
|.
|.
|>
|.
|.
|.
|.
|>
|.
|.
|.
\.
$-

/.
\.^
/.
\.^

5F
5B
33C0
C3
8B42 FC
3AC3
74 36
84C0
74 EF
3AE3
74 27
84E4
74 E7
C1E8 10
3AC3
74 15
84C0
74 DC
3AE3
74 06
84E4
74 D4
EB 96
5E
5F
8D42 FF
5B
C3
8D42 FE
5E
5F
5B
C3
8D42 FD
5E
5F
5B
C3
8D42 FC
5E
5F
5B
C3
FF25 54814400
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
8D4D C4
E9 180EFCFF
8D8D 1CF9FFFF
E9 ADA2FCFF

POP EDI
POP EBX
XOR EAX,EAX
RETN
MOV EAX,DWORD PTR DS:[EDX-4]
CMP AL,BL
JE SHORT 004449F7
TEST AL,AL
JE SHORT 004449B4
CMP AH,BL
JE SHORT 004449F0
TEST AH,AH
JE SHORT 004449B4
SHR EAX,10
CMP AL,BL
JE SHORT 004449E9
TEST AL,AL
JE SHORT 004449B4
CMP AH,BL
JE SHORT 004449E2
TEST AH,AH
JE SHORT 004449B4
JMP SHORT 00444978
POP ESI
POP EDI
LEA EAX,[EDX-1]
POP EBX
RETN
LEA EAX,[EDX-2]
POP ESI
POP EDI
POP EBX
RETN
LEA EAX,[EDX-3]
POP ESI
POP EDI
POP EBX
RETN
LEA EAX,[EDX-4]
POP ESI
POP EDI
POP EBX
RETN
JMP DWORD PTR DS:[<&KERNEL32.RtlUnwind>]
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
LEA ECX,[EBP-3C]
JMP 00405830
LEA ECX,[EBP-6E4]
JMP 0040ECD0

00444A23
00444A29
00444A2E
00444A34
00444A39
00444A3F
00444A44
00444A4A
00444A4F
00444A55
00444A5A
00444A60
00444A65
00444A6B
00444A70
00444A76
00444A7B
00444A81
00444A86
00444A8C
00444A91
00444A97
00444A9C
00444AA2
00444AA7
00444AAD
00444AB2
00444AB8
00444ABD
00444AC3
00444AC8
00444ACE
00444AD3
00444AD9
00444ADE
00444AE4
00444AE9
00444AEF
00444AF4
00444AFA
00444AFF
00444B05
00444B0A
00444B10
00444B15
00444B1B
00444B20
00444B26
00444B2B
00444B31
00444B36
00444B3C
00444B41
00444B47
00444B4C
00444B52
00444B57
00444B5D
00444B62
00444B68

/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^

8D8D 00F9FFFF
E9 A2A2FCFF
8D8D D0F8FFFF
E9 2769FCFF
8D8D D0F8FFFF
E9 8CA2FCFF
8D8D A4F8FFFF
E9 1169FCFF
8D8D A4F8FFFF
E9 76A2FCFF
8D8D 78F8FFFF
E9 FB68FCFF
8D8D 78F8FFFF
E9 60A2FCFF
8D8D 4CF8FFFF
E9 E568FCFF
8D8D 4CF8FFFF
E9 4AA2FCFF
8D8D 20F8FFFF
E9 CF68FCFF
8D8D 20F8FFFF
E9 34A2FCFF
8D8D F4F7FFFF
E9 B968FCFF
8D8D F4F7FFFF
E9 1EA2FCFF
8D8D C8F7FFFF
E9 A368FCFF
8D8D C8F7FFFF
E9 08A2FCFF
8D8D 9CF7FFFF
E9 8D68FCFF
8D8D 9CF7FFFF
E9 F2A1FCFF
8D8D 70F7FFFF
E9 7768FCFF
8D8D 70F7FFFF
E9 DCA1FCFF
8D8D 44F7FFFF
E9 6168FCFF
8D8D 44F7FFFF
E9 C6A1FCFF
8D8D 18F7FFFF
E9 4B68FCFF
8D8D 18F7FFFF
E9 B0A1FCFF
8D8D ECF6FFFF
E9 3568FCFF
8D8D ECF6FFFF
E9 9AA1FCFF
8D8D C0F6FFFF
E9 1F68FCFF
8D8D C0F6FFFF
E9 84A1FCFF
8D8D 94F6FFFF
E9 0968FCFF
8D8D 94F6FFFF
E9 6EA1FCFF
8D8D 68F6FFFF
E9 F367FCFF

LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP

ECX,[EBP-700]
0040ECD0
ECX,[EBP-730]
0040B360
ECX,[EBP-730]
0040ECD0
ECX,[EBP-75C]
0040B360
ECX,[EBP-75C]
0040ECD0
ECX,[EBP-788]
0040B360
ECX,[EBP-788]
0040ECD0
ECX,[EBP-7B4]
0040B360
ECX,[EBP-7B4]
0040ECD0
ECX,[EBP-7E0]
0040B360
ECX,[EBP-7E0]
0040ECD0
ECX,[EBP-80C]
0040B360
ECX,[EBP-80C]
0040ECD0
ECX,[EBP-838]
0040B360
ECX,[EBP-838]
0040ECD0
ECX,[EBP-864]
0040B360
ECX,[EBP-864]
0040ECD0
ECX,[EBP-890]
0040B360
ECX,[EBP-890]
0040ECD0
ECX,[EBP-8BC]
0040B360
ECX,[EBP-8BC]
0040ECD0
ECX,[EBP-8E8]
0040B360
ECX,[EBP-8E8]
0040ECD0
ECX,[EBP-914]
0040B360
ECX,[EBP-914]
0040ECD0
ECX,[EBP-940]
0040B360
ECX,[EBP-940]
0040ECD0
ECX,[EBP-96C]
0040B360
ECX,[EBP-96C]
0040ECD0
ECX,[EBP-998]
0040B360

00444B6D
00444B73
00444B78
00444B7E
00444B83
00444B89
00444B8E
00444B94
00444B99
00444B9F
00444BA4
00444BAA
00444BAF
00444BB5
00444BBA
00444BC0
00444BC5
00444BCB
00444BD0
00444BD6
00444BDB
00444BE1
00444BE6
00444BEC
00444BF1
00444BF7
00444BFC
00444C02
00444C07
00444C0D
00444C12
00444C18
00444C1D
00444C23
00444C28
00444C2E
00444C33
00444C39
00444C3E
00444C44
00444C49
00444C4F
00444C54
00444C5A
00444C5F
00444C65
00444C6A
00444C70
00444C75
00444C7B
00444C80
00444C86
00444C8B
00444C8E
00444C93
00444C99
00444C9E
00444CA4
00444CA9
00444CAF

/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^

8D8D 68F6FFFF
E9 58A1FCFF
8D8D 3CF6FFFF
E9 DD67FCFF
8D8D 3CF6FFFF
E9 42A1FCFF
8D8D 10F6FFFF
E9 C767FCFF
8D8D 10F6FFFF
E9 2CA1FCFF
8D8D E4F5FFFF
E9 B167FCFF
8D8D E4F5FFFF
E9 16A1FCFF
8D8D B8F5FFFF
E9 9B67FCFF
8D8D B8F5FFFF
E9 00A1FCFF
8D8D 8CF5FFFF
E9 8567FCFF
8D8D 8CF5FFFF
E9 EAA0FCFF
8D8D 60F5FFFF
E9 6F67FCFF
8D8D 60F5FFFF
E9 D4A0FCFF
8D8D 34F5FFFF
E9 5967FCFF
8D8D 34F5FFFF
E9 BEA0FCFF
8D8D 08F5FFFF
E9 4367FCFF
8D8D 08F5FFFF
E9 A8A0FCFF
8D8D DCF4FFFF
E9 2D67FCFF
8D8D DCF4FFFF
E9 92A0FCFF
8D8D B0F4FFFF
E9 1767FCFF
8D8D B0F4FFFF
E9 7CA0FCFF
8D8D 84F4FFFF
E9 0167FCFF
8D8D 58F4FFFF
E9 F666FCFF
8D8D 2CF4FFFF
E9 EB66FCFF
8D8D 00F4FFFF
E9 E066FCFF
8D8D D4F3FFFF
E9 D566FCFF
8D4D A8
E9 2D1EFCFF
8D8D 9CF3FFFF
E9 C266FCFF
8D8D 5CF3FFFF
E9 B766FCFF
8D8D 30F3FFFF
E9 AC66FCFF

LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP

ECX,[EBP-998]
0040ECD0
ECX,[EBP-9C4]
0040B360
ECX,[EBP-9C4]
0040ECD0
ECX,[EBP-9F0]
0040B360
ECX,[EBP-9F0]
0040ECD0
ECX,[EBP-0A1C]
0040B360
ECX,[EBP-0A1C]
0040ECD0
ECX,[EBP-0A48]
0040B360
ECX,[EBP-0A48]
0040ECD0
ECX,[EBP-0A74]
0040B360
ECX,[EBP-0A74]
0040ECD0
ECX,[EBP-0AA0]
0040B360
ECX,[EBP-0AA0]
0040ECD0
ECX,[EBP-0ACC]
0040B360
ECX,[EBP-0ACC]
0040ECD0
ECX,[EBP-0AF8]
0040B360
ECX,[EBP-0AF8]
0040ECD0
ECX,[EBP-0B24]
0040B360
ECX,[EBP-0B24]
0040ECD0
ECX,[EBP-0B50]
0040B360
ECX,[EBP-0B50]
0040ECD0
ECX,[EBP-0B7C]
0040B360
ECX,[EBP-0BA8]
0040B360
ECX,[EBP-0BD4]
0040B360
ECX,[EBP-0C00]
0040B360
ECX,[EBP-0C2C]
0040B360
ECX,[EBP-58]
00406AC0
ECX,[EBP-0C64]
0040B360
ECX,[EBP-0CA4]
0040B360
ECX,[EBP-0CD0]
0040B360

00444CB4
00444CBA
00444CBF
00444CC5
00444CCA
00444CD0
00444CD5
00444CDB
00444CE0
00444CE6
00444CEB
00444CF1
00444CF6
00444CFC
00444D01
00444D07
00444D0C
00444D12
00444D17
00444D1D
00444D22
00444D28
00444D2D
00444D33
00444D38
00444D3E
00444D43
00444D49
00444D4E
00444D54
00444D59
00444D5F
00444D64
00444D6A
00444D6F
00444D75
00444D7A
00444D80
00444D85
00444D8B
00444D90
00444D96
00444D9B
00444DA1
00444DA6
00444DAC
00444DB1
00444DB7
00444DBC
00444DC2
00444DC7
00444DCD
00444DD2
00444DD8
00444DDD
00444DE3
00444DE8
00444DEE
00444DF3
00444DF9

/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^

8D8D 08F3FFFF
E9 A166FCFF
8D8D C8F2FFFF
E9 9666FCFF
8D8D 9CF2FFFF
E9 8B66FCFF
8D8D 74F2FFFF
E9 8066FCFF
8D8D 4CF2FFFF
E9 7566FCFF
8D8D D4FBFFFF
E9 EA0CFCFF
8D8D 08F2FFFF
E9 5F66FCFF
8D8D A8FBFFFF
E9 5466FCFF
8D8D B8F1FFFF
E9 4966FCFF
8D8D 7CF1FFFF
E9 3E66FCFF
8D8D 50F1FFFF
E9 3366FCFF
8D8D 28F1FFFF
E9 2866FCFF
8B8D 24F1FFFF
E9 1D66FCFF
8B8D 1CF1FFFF
E9 1266FCFF
8B8D 0CF1FFFF
E9 0766FCFF
8B8D 04F1FFFF
E9 FC65FCFF
8B8D F4F0FFFF
E9 F165FCFF
8B8D ECF0FFFF
E9 E665FCFF
8D8D B4F0FFFF
E9 DB65FCFF
8D8D 88F0FFFF
E9 D065FCFF
8B8D DCF0FFFF
E9 C565FCFF
8B8D 84F0FFFF
E9 BA65FCFF
8D8D 4CF0FFFF
E9 AF65FCFF
8D8D 20F0FFFF
E9 A465FCFF
8B8D 74F0FFFF
E9 9965FCFF
8B8D 1CF0FFFF
E9 8E65FCFF
8D8D E4EFFFFF
E9 8365FCFF
8D8D 7CFBFFFF
E9 7865FCFF
8D8D 94EFFFFF
E9 6D65FCFF
8D8D 58EFFFFF
E9 6265FCFF

LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
MOV
JMP
MOV
JMP
MOV
JMP
MOV
JMP
MOV
JMP
MOV
JMP
LEA
JMP
LEA
JMP
MOV
JMP
MOV
JMP
LEA
JMP
LEA
JMP
MOV
JMP
MOV
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP

ECX,[EBP-0CF8]
0040B360
ECX,[EBP-0D38]
0040B360
ECX,[EBP-0D64]
0040B360
ECX,[EBP-0D8C]
0040B360
ECX,[EBP-0DB4]
0040B360
ECX,[EBP-42C]
004059E0
ECX,[EBP-0DF8]
0040B360
ECX,[EBP-458]
0040B360
ECX,[EBP-0E48]
0040B360
ECX,[EBP-0E84]
0040B360
ECX,[EBP-0EB0]
0040B360
ECX,[EBP-0ED8]
0040B360
ECX,DWORD PTR SS:[EBP-0EDC]
0040B360
ECX,DWORD PTR SS:[EBP-0EE4]
0040B360
ECX,DWORD PTR SS:[EBP-0EF4]
0040B360
ECX,DWORD PTR SS:[EBP-0EFC]
0040B360
ECX,DWORD PTR SS:[EBP-0F0C]
0040B360
ECX,DWORD PTR SS:[EBP-0F14]
0040B360
ECX,[EBP-0F4C]
0040B360
ECX,[EBP-0F78]
0040B360
ECX,DWORD PTR SS:[EBP-0F24]
0040B360
ECX,DWORD PTR SS:[EBP-0F7C]
0040B360
ECX,[EBP-0FB4]
0040B360
ECX,[EBP-0FE0]
0040B360
ECX,DWORD PTR SS:[EBP-0F8C]
0040B360
ECX,DWORD PTR SS:[EBP-0FE4]
0040B360
ECX,[EBP-101C]
0040B360
ECX,[EBP-484]
0040B360
ECX,[EBP-106C]
0040B360
ECX,[EBP-10A8]
0040B360

00444DFE
00444E04
00444E09
00444E0F
00444E14
00444E1A
00444E1F
00444E25
00444E2A
00444E30
00444E35
00444E3B
00444E40
00444E46
00444E4B
00444E51
00444E56
00444E5C
00444E61
00444E67
00444E6C
00444E72
00444E77
00444E7D
00444E82
00444E88
00444E8D
00444E93
00444E98
00444E9E
00444EA3
00444EA9
00444EAE
00444EB4
00444EB9
00444EBF
00444EC4
00444ECA
00444ECF
00444ED5
00444EDA
00444EE0
00444EE5
00444EEB
00444EF0
00444EF6
00444EFB
00444F01
00444F06
00444F0C
00444F11
00444F17
00444F1C
00444F22
00444F27
00444F2D
00444F32
00444F38
00444F3D
00444F43

/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^

8D8D 2CEFFFFF
E9 5765FCFF
8D8D 04EFFFFF
E9 4C65FCFF
8B8D 00EFFFFF
E9 4165FCFF
8B8D F8EEFFFF
E9 3665FCFF
8B8D E8EEFFFF
E9 2B65FCFF
8B8D E0EEFFFF
E9 2065FCFF
8B8D D0EEFFFF
E9 1565FCFF
8B8D C8EEFFFF
E9 0A65FCFF
8D8D 90EEFFFF
E9 FF64FCFF
8D8D 54FBFFFF
E9 F464FCFF
8D8D 40EEFFFF
E9 E964FCFF
8B8D 28EEFFFF
E9 DE64FCFF
8B8D 20EEFFFF
E9 D364FCFF
8B8D 00EEFFFF
E9 C864FCFF
8D8D CCEDFFFF
E9 BD64FCFF
8B8D A8EDFFFF
E9 B264FCFF
8B8D A0EDFFFF
E9 A764FCFF
8B8D 94EDFFFF
E9 9C64FCFF
8B8D 8CEDFFFF
E9 9164FCFF
8B8D 80EDFFFF
E9 8664FCFF
8B8D 78EDFFFF
E9 7B64FCFF
8B8D 6CEDFFFF
E9 7064FCFF
8B8D 64EDFFFF
E9 6564FCFF
8B8D 58EDFFFF
E9 5A64FCFF
8B8D 50EDFFFF
E9 4F64FCFF
8B8D 44EDFFFF
E9 4464FCFF
8B8D 3CEDFFFF
E9 3964FCFF
8D8D E8ECFFFF
E9 9E9DFCFF
8D8D CCECFFFF
E9 939DFCFF
8D8D 8CECFFFF
E9 1864FCFF

LEA
JMP
LEA
JMP
MOV
JMP
MOV
JMP
MOV
JMP
MOV
JMP
MOV
JMP
MOV
JMP
LEA
JMP
LEA
JMP
LEA
JMP
MOV
JMP
MOV
JMP
MOV
JMP
LEA
JMP
MOV
JMP
MOV
JMP
MOV
JMP
MOV
JMP
MOV
JMP
MOV
JMP
MOV
JMP
MOV
JMP
MOV
JMP
MOV
JMP
MOV
JMP
MOV
JMP
LEA
JMP
LEA
JMP
LEA
JMP

ECX,[EBP-10D4]
0040B360
ECX,[EBP-10FC]
0040B360
ECX,DWORD PTR SS:[EBP-1100]
0040B360
ECX,DWORD PTR SS:[EBP-1108]
0040B360
ECX,DWORD PTR SS:[EBP-1118]
0040B360
ECX,DWORD PTR SS:[EBP-1120]
0040B360
ECX,DWORD PTR SS:[EBP-1130]
0040B360
ECX,DWORD PTR SS:[EBP-1138]
0040B360
ECX,[EBP-1170]
0040B360
ECX,[EBP-4AC]
0040B360
ECX,[EBP-11C0]
0040B360
ECX,DWORD PTR SS:[EBP-11D8]
0040B360
ECX,DWORD PTR SS:[EBP-11E0]
0040B360
ECX,DWORD PTR SS:[EBP-1200]
0040B360
ECX,[EBP-1234]
0040B360
ECX,DWORD PTR SS:[EBP-1258]
0040B360
ECX,DWORD PTR SS:[EBP-1260]
0040B360
ECX,DWORD PTR SS:[EBP-126C]
0040B360
ECX,DWORD PTR SS:[EBP-1274]
0040B360
ECX,DWORD PTR SS:[EBP-1280]
0040B360
ECX,DWORD PTR SS:[EBP-1288]
0040B360
ECX,DWORD PTR SS:[EBP-1294]
0040B360
ECX,DWORD PTR SS:[EBP-129C]
0040B360
ECX,DWORD PTR SS:[EBP-12A8]
0040B360
ECX,DWORD PTR SS:[EBP-12B0]
0040B360
ECX,DWORD PTR SS:[EBP-12BC]
0040B360
ECX,DWORD PTR SS:[EBP-12C4]
0040B360
ECX,[EBP-1318]
0040ECD0
ECX,[EBP-1334]
0040ECD0
ECX,[EBP-1374]
0040B360

00444F48
00444F4C
00444F4F
00444F55
00444F57
00444F5C
00444F5F
00444F61
00444F66
00444F6B
00444F70
00444F73
00444F78
00444F7C
00444F7F
00444F82
00444F84
00444F89
00444F8E
00444F93
00444F94
00444F95
00444F96
00444F97
00444F98
00444F99
00444F9A
00444F9B
00444F9C
00444F9D
00444F9E
00444F9F
00444FA0
00444FA3
00444FA8
00444FAB
00444FB0
00444FB3
00444FB8
00444FBB
00444FC0
00444FC3
00444FC6
00444FCC
00444FD0
00444FD3
00444FD8
00444FD9
00444FDC
00444FE1
00444FE4
00444FE9
00444FEC
00444FF1
00444FF4
00444FF9
00444FFC
00445001
00445004
00445009

/.
|.
|.
|.
|.
|.
|.
|.
|.
\.^
/.
\.^
/.
|.
|.
|.
|.
|.
\.^

/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
|.
|.
|.
|.
|.^
\>
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.

8B5424 08
8D42 0C
8B8A B8D7FFFF
33C8
E8 9597FEFF
8B4A AC
33C8
E8 8B97FEFF
B8 F8CA4400
E9 2894FEFF
8D4D 08
E9 589DFCFF
8B5424 08
8D42 0C
8B4A CC
33C8
E8 6897FEFF
B8 F4CE4400
E9 0594FEFF
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
8D4D 38
E9 B863FCFF
8D4D 10
E9 B063FCFF
8D4D B8
E9 A863FCFF
8D4D 90
E9 A063FCFF
8B45 8C
83E0 01
0F84 0C000000
8365 8C FE
8B4D 08
E9 8863FCFF
C3
8D4D 90
E9 EF9CFCFF
8D4D B8
E9 E79CFCFF
8D4D 10
E9 DF9CFCFF
8D4D 38
E9 D79CFCFF
8D4D 10
E9 CF9CFCFF
8D4D 38
E9 C79CFCFF
8D4D 10

MOV EDX,DWORD PTR SS:[ARG.2]


LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-2848]
XOR ECX,EAX
CALL 0042E6F1
MOV ECX,DWORD PTR DS:[EDX-54]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044CAF8
JMP 0042E398
LEA ECX,[EBP+8]
JMP 0040ECD0
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-34]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044CEF4
JMP 0042E398
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
LEA ECX,[EBP+38]
JMP 0040B360
LEA ECX,[EBP+10]
JMP 0040B360
LEA ECX,[EBP-48]
JMP 0040B360
LEA ECX,[EBP-70]
JMP 0040B360
MOV EAX,DWORD PTR SS:[EBP-74]
AND EAX,00000001
JE 00444FD8
AND DWORD PTR SS:[EBP-74],FFFFFFFE
MOV ECX,DWORD PTR SS:[EBP+8]
JMP 0040B360
RETN
LEA ECX,[EBP-70]
JMP 0040ECD0
LEA ECX,[EBP-48]
JMP 0040ECD0
LEA ECX,[EBP+10]
JMP 0040ECD0
LEA ECX,[EBP+38]
JMP 0040ECD0
LEA ECX,[EBP+10]
JMP 0040ECD0
LEA ECX,[EBP+38]
JMP 0040ECD0
LEA ECX,[EBP+10]

0044500C
00445011
00445014
00445019
0044501D
00445020
00445026
00445028
0044502D
00445032
00445037
00445038
00445039
0044503A
0044503B
0044503C
0044503D
0044503E
0044503F
00445040
00445043
00445048
0044504B
00445050
00445053
00445058
0044505E
00445063
00445069
0044506E
00445074
00445079
0044507F
00445084
0044508A
0044508F
00445092
00445097
0044509A
0044509F
004450A2
004450A7
004450AB
004450AE
004450B4
004450B6
004450BB
004450C0
004450C5
004450C6
004450C7
004450C8
004450C9
004450CA
004450CB
004450CC
004450CD
004450CE
004450CF
004450D0

\.^
/.
\.^
/.
|.
|.
|.
|.
|.
\.^

/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
|.
|.
|.
|.
|.
\.^

/.

E9 BF9CFCFF
8D4D 38
E9 B79CFCFF
8B5424 08
8D42 0C
8B8A 10FFFFFF
33C8
E8 C496FEFF
B8 18CF4400
E9 6193FEFF
CC
CC
CC
CC
CC
CC
CC
CC
CC
8D4D 5C
E9 1863FCFF
8D4D 34
E9 1063FCFF
8D4D 0C
E9 0863FCFF
8D8D 78FFFFFF
E9 FD62FCFF
8D8D 50FFFFFF
E9 629CFCFF
8D8D 78FFFFFF
E9 579CFCFF
8D8D 24FFFFFF
E9 DC62FCFF
8D8D 24FFFFFF
E9 419CFCFF
8D4D 0C
E9 399CFCFF
8D4D 34
E9 319CFCFF
8D4D 5C
E9 299CFCFF
8B5424 08
8D42 0C
8B8A A4FDFFFF
33C8
E8 3696FEFF
B8 A4CF4400
E9 D392FEFF
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
8B4D 8C

JMP 0040ECD0
LEA ECX,[EBP+38]
JMP 0040ECD0
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-0F0]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044CF18
JMP 0042E398
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
LEA ECX,[EBP+5C]
JMP 0040B360
LEA ECX,[EBP+34]
JMP 0040B360
LEA ECX,[EBP+0C]
JMP 0040B360
LEA ECX,[EBP-88]
JMP 0040B360
LEA ECX,[EBP-0B0]
JMP 0040ECD0
LEA ECX,[EBP-88]
JMP 0040ECD0
LEA ECX,[EBP-0DC]
JMP 0040B360
LEA ECX,[EBP-0DC]
JMP 0040ECD0
LEA ECX,[EBP+0C]
JMP 0040ECD0
LEA ECX,[EBP+34]
JMP 0040ECD0
LEA ECX,[EBP+5C]
JMP 0040ECD0
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-25C]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044CFA4
JMP 0042E398
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
MOV ECX,DWORD PTR SS:[EBP-74]

004450D3
004450D8
004450DB
004450DE
004450E3
004450E6
004450E9
004450EE
004450F2
004450F5
004450F8
004450FA
004450FF
00445104
00445109
0044510A
0044510B
0044510C
0044510D
0044510E
0044510F
00445110
00445116
0044511B
00445121
00445124
00445129
0044512F
00445132
00445137
0044513A
0044513F
00445142
00445147
0044514A
0044514F
00445155
0044515A
0044515E
00445161
00445167
00445169
0044516E
00445173
00445178
00445179
0044517A
0044517B
0044517C
0044517D
0044517E
0044517F
00445180
00445183
00445188
0044518B
00445190
00445193
00445198
0044519C

\.^
/.
|.
\.^
/.
|.
\.^
/.
|.
|.
|.
|.
|.
\.^

/.
\.^
/.
|.
\.^
/.
|.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
|.
|.
|.
|.
|.
\.^

/.
\.^
/.
\.^
/.
\.^
/.
|.

E9 8862FCFF
8B4D 8C
83C1 28
E9 7D62FCFF
8B4D 8C
83C1 50
E9 7262FCFF
8B5424 08
8D42 0C
8B4A 94
33C8
E8 F295FEFF
B8 38D04400
E9 8F92FEFF
CC
CC
CC
CC
CC
CC
CC
8B8D 70FFFFFF
E9 4562FCFF
8B8D 70FFFFFF
83C1 28
E9 3762FCFF
8B8D 70FFFFFF
83C1 50
E9 2962FCFF
8B4D D4
E9 919BFCFF
8B4D B4
E9 899BFCFF
8B4D 94
E9 819BFCFF
8B8D 70FFFFFF
E9 769BFCFF
8B5424 08
8D42 0C
8B8A 78FFFFFF
33C8
E8 8395FEFF
B8 5CD04400
E9 2092FEFF
CC
CC
CC
CC
CC
CC
CC
CC
8D4D E4
E9 F8ACFCFF
8D4D DC
E9 5015FCFF
8D4D E4
E9 D8B0FCFF
8B5424 08
8D42 0C

JMP 0040B360
MOV ECX,DWORD PTR SS:[EBP-74]
ADD ECX,28
JMP 0040B360
MOV ECX,DWORD PTR SS:[EBP-74]
ADD ECX,50
JMP 0040B360
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-6C]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044D038
JMP 0042E398
INT3
INT3
INT3
INT3
INT3
INT3
INT3
MOV ECX,DWORD PTR SS:[EBP-90]
JMP 0040B360
MOV ECX,DWORD PTR SS:[EBP-90]
ADD ECX,28
JMP 0040B360
MOV ECX,DWORD PTR SS:[EBP-90]
ADD ECX,50
JMP 0040B360
MOV ECX,DWORD PTR SS:[EBP-2C]
JMP 0040ECD0
MOV ECX,DWORD PTR SS:[EBP-4C]
JMP 0040ECD0
MOV ECX,DWORD PTR SS:[EBP-6C]
JMP 0040ECD0
MOV ECX,DWORD PTR SS:[EBP-90]
JMP 0040ECD0
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-88]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044D05C
JMP 0042E398
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
LEA ECX,[EBP-1C]
JMP 0040FE80
LEA ECX,[EBP-24]
JMP 004066E0
LEA ECX,[EBP-1C]
JMP 00410270
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]

0044519F
004451A5
004451A7
004451AC
004451B1
004451B6
004451B7
004451B8
004451B9
004451BA
004451BB
004451BC
004451BD
004451BE
004451BF
004451C0
004451C3
004451C8
004451CB
004451D0
004451D3
004451D8
004451DC
004451DF
004451E5
004451E7
004451EC
004451F1
004451F6
004451F7
004451F8
004451F9
004451FA
004451FB
004451FC
004451FD
004451FE
004451FF
00445200
00445203
00445208
0044520B
00445210
00445213
00445218
0044521C
0044521F
00445225
00445227
0044522C
00445231
00445236
00445237
00445238
00445239
0044523A
0044523B
0044523C
0044523D
0044523E

|.
|.
|.
|.
\.^

/.
\.^
/.
\.^
/.
\.^
/.
|.
|.
|.
|.
|.
\.^

/.
\.^
/.
\.^
/.
\.^
/.
|.
|.
|.
|.
|.
\.^

8B8A 38FFFFFF
33C8
E8 4595FEFF
B8 DCD04400
E9 E291FEFF
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
8D4D E4
E9 B8ACFCFF
8D4D D4
E9 1015FCFF
8D4D E4
E9 98B0FCFF
8B5424 08
8D42 0C
8B8A 28FFFFFF
33C8
E8 0595FEFF
B8 4CD14400
E9 A291FEFF
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
8D4D E4
E9 78ACFCFF
8D4D DC
E9 D014FCFF
8D4D E4
E9 58B0FCFF
8B5424 08
8D42 0C
8B8A 38FFFFFF
33C8
E8 C594FEFF
B8 BCD14400
E9 6291FEFF
CC
CC
CC
CC
CC
CC
CC
CC
CC

MOV ECX,DWORD PTR DS:[EDX-0C8]


XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044D0DC
JMP 0042E398
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
LEA ECX,[EBP-1C]
JMP 0040FE80
LEA ECX,[EBP-2C]
JMP 004066E0
LEA ECX,[EBP-1C]
JMP 00410270
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-0D8]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044D14C
JMP 0042E398
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
LEA ECX,[EBP-1C]
JMP 0040FE80
LEA ECX,[EBP-24]
JMP 004066E0
LEA ECX,[EBP-1C]
JMP 00410270
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-0C8]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044D1BC
JMP 0042E398
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3

0044523F
00445240
00445246
0044524B
0044524E
00445253
00445256
0044525B
00445261
00445266
0044526A
0044526D
00445273
00445275
0044527A
0044527F
00445284
00445285
00445286
00445287
00445288
00445289
0044528A
0044528B
0044528C
0044528D
0044528E
0044528F
00445290
00445296
0044529B
004452A1
004452A6
004452AA
004452AD
004452B3
004452B5
004452BA
004452BF
004452C4
004452C5
004452C6
004452C7
004452C8
004452C9
004452CA
004452CB
004452CC
004452CD
004452CE
004452CF
004452D0
004452D3
004452D8
004452DC
004452DF
004452E2
004452E4
004452E9
004452EE

/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
|.
|.
|.
|.
|.
\.^

/.
\.^
/.
\.^
/.
|.
|.
|.
|.
|.
\.^

/.
\.^
/.
|.
|.
|.
|.
|.
\.^

CC
8D8D 6CFFFFFF
E9 1561FCFF
8D4D 94
E9 0D61FCFF
8D4D 94
E9 551BFCFF
8D8D 6CFFFFFF
E9 6A9AFCFF
8B5424 08
8D42 0C
8B8A 04FFFFFF
33C8
E8 7794FEFF
B8 28D24400
E9 1491FEFF
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
8B8D 54FFFFFF
E9 1518FCFF
8B8D 54FFFFFF
E9 9A1BFCFF
8B5424 08
8D42 0C
8B8A 50FFFFFF
33C8
E8 3794FEFF
B8 5CD24400
E9 D490FEFF
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
8B4D BC
E9 681BFCFF
8B5424 08
8D42 0C
8B4A C4
33C8
E8 0894FEFF
B8 88D24400
E9 A590FEFF

INT3
LEA ECX,[EBP-94]
JMP 0040B360
LEA ECX,[EBP-6C]
JMP 0040B360
LEA ECX,[EBP-6C]
JMP 00406DB0
LEA ECX,[EBP-94]
JMP 0040ECD0
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-0FC]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044D228
JMP 0042E398
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
MOV ECX,DWORD PTR SS:[EBP-0AC]
JMP 00406AB0
MOV ECX,DWORD PTR SS:[EBP-0AC]
JMP 00406E40
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-0B0]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044D25C
JMP 0042E398
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
MOV ECX,DWORD PTR SS:[EBP-44]
JMP 00406E40
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-3C]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044D288
JMP 0042E398

004452F3
004452F4
004452F5
004452F6
004452F7
004452F8
004452F9
004452FA
004452FB
004452FC
004452FD
004452FE
004452FF
00445300
00445303
00445308
0044530B
00445310
00445313
00445318
0044531C
0044531F
00445322
00445324
00445329
0044532E
00445333
00445334
00445335
00445336
00445337
00445338
00445339
0044533A
0044533B
0044533C
0044533D
0044533E
0044533F
00445340
00445343
00445348
0044534B
0044534E
00445354
00445358
0044535B
00445360
00445361
00445364
00445369
0044536C
00445371
00445375
00445378
0044537E
00445380
00445385
00445388
0044538A

/.
\.^
/.
\.^
/.
\.^
/.
|.
|.
|.
|.
|.
\.^

/.
\.^
/.
|.
|.
|.
|.
|.^
\>
/.
\.^
/.
\.^
/.
|.
|.
|.
|.
|.
|.
|.

CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
8B4D AC
E9 5860FCFF
8B4D D0
E9 C099FCFF
8B4D AC
E9 B899FCFF
8B5424 08
8D42 0C
8B4A B4
33C8
E8 C893FEFF
B8 C4D24400
E9 6590FEFF
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
8D4D D4
E9 8899FCFF
8B45 98
83E0 01
0F84 0C000000
8365 98 FE
8B4D 08
E9 7099FCFF
C3
8D4D B8
E9 6799FCFF
8D4D 9C
E9 5F99FCFF
8B5424 08
8D42 0C
8B8A 0CFFFFFF
33C8
E8 6C93FEFF
8B4A FC
33C8
E8 6293FEFF

INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
MOV ECX,DWORD PTR SS:[EBP-54]
JMP 0040B360
MOV ECX,DWORD PTR SS:[EBP-30]
JMP 0040ECD0
MOV ECX,DWORD PTR SS:[EBP-54]
JMP 0040ECD0
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-4C]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044D2C4
JMP 0042E398
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
LEA ECX,[EBP-2C]
JMP 0040ECD0
MOV EAX,DWORD PTR SS:[EBP-68]
AND EAX,00000001
JE 00445360
AND DWORD PTR SS:[EBP-68],FFFFFFFE
MOV ECX,DWORD PTR SS:[EBP+8]
JMP 0040ECD0
RETN
LEA ECX,[EBP-48]
JMP 0040ECD0
LEA ECX,[EBP-64]
JMP 0040ECD0
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-0F4]
XOR ECX,EAX
CALL 0042E6F1
MOV ECX,DWORD PTR DS:[EDX-4]
XOR ECX,EAX
CALL 0042E6F1

0044538F
00445394
00445399
0044539A
0044539B
0044539C
0044539D
0044539E
0044539F
004453A0
004453A3
004453A8
004453AB
004453B0
004453B6
004453BB
004453BE
004453C3
004453C9
004453CE
004453D4
004453D9
004453DD
004453E0
004453E6
004453E8
004453ED
004453F2
004453F7
004453F8
004453F9
004453FA
004453FB
004453FC
004453FD
004453FE
004453FF
00445400
00445403
00445408
0044540C
0044540F
00445412
00445414
00445419
0044541E
00445423
00445424
00445425
00445426
00445427
00445428
00445429
0044542A
0044542B
0044542C
0044542D
0044542E
0044542F
00445430

|. B8 08D34400
\.^ E9 FF8FFEFF
CC
CC
CC
CC
CC
CC
CC
/. 8D4D B0
\.^ E9 2899FCFF
/. 8D4D CC
\.^ E9 B397FEFF
/. 8D8D 6CFFFFFF
\.^ E9 1599FCFF
/. 8D4D 88
\.^ E9 A097FEFF
/. 8D8D 28FFFFFF
\.^ E9 0299FCFF
/. 8D8D 44FFFFFF
\.^ E9 8A97FEFF
/. 8B5424 08
|. 8D42 0C
|. 8B8A ACFEFFFF
|. 33C8
|. E8 0493FEFF
|. B8 3CD34400
\.^ E9 A18FFEFF
CC
CC
CC
CC
CC
CC
CC
CC
CC
/. 8B4D 84
\.^ E9 5B97FEFF
/. 8B5424 08
|. 8D42 0C
|. 8B4A 8C
|. 33C8
|. E8 D892FEFF
|. B8 FCD34400
\.^ E9 758FFEFF
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
/. 8D4D A8

MOV EAX,OFFSET 0044D308


JMP 0042E398
INT3
INT3
INT3
INT3
INT3
INT3
INT3
LEA ECX,[EBP-50]
JMP 0040ECD0
LEA ECX,[EBP-34]
JMP 0042EB63
LEA ECX,[EBP-94]
JMP 0040ECD0
LEA ECX,[EBP-78]
JMP 0042EB63
LEA ECX,[EBP-0D8]
JMP 0040ECD0
LEA ECX,[EBP-0BC]
JMP 0042EB63
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-154]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044D33C
JMP 0042E398
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
MOV ECX,DWORD PTR SS:[EBP-7C]
JMP 0042EB63
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-74]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044D3FC
JMP 0042E398
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
LEA ECX,[EBP-58]

00445433
00445438
0044543C
0044543F
00445445
00445447
0044544C
00445451
00445456
00445457
00445458
00445459
0044545A
0044545B
0044545C
0044545D
0044545E
0044545F
00445460
00445463
00445468
0044546B
00445470
00445473
00445478
0044547B
00445480
00445484
00445487
0044548D
0044548F
00445494
00445497
00445499
0044549E
004454A3
004454A8
004454A9
004454AA
004454AB
004454AC
004454AD
004454AE
004454AF
004454B0
004454B3
004454B8
004454BC
004454BF
004454C5
004454C7
004454CC
004454D1
004454D6
004454D7
004454D8
004454D9
004454DA
004454DB
004454DC

\.^
/.
|.
|.
|.
|.
|.
\.^

/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
|.
|.
|.
|.
|.
|.
|.
|.
\.^

/.
\.^
/.
|.
|.
|.
|.
|.
\.^

E9 9898FCFF
8B5424 08
8D42 0C
8B8A 34FFFFFF
33C8
E8 A592FEFF
B8 38D44400
E9 428FFEFF
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
8D4D B4
E9 F85EFCFF
8D4D B4
E9 6098FCFF
8D4D 88
E9 E85EFCFF
8D4D 88
E9 5098FCFF
8B5424 08
8D42 0C
8B8A 54FDFFFF
33C8
E8 5D92FEFF
8B4A E8
33C8
E8 5392FEFF
B8 C4D44400
E9 F08EFEFF
CC
CC
CC
CC
CC
CC
CC
CC
8D4D B0
E9 1898FCFF
8B5424 08
8D42 0C
8B8A 44FFFFFF
33C8
E8 2592FEFF
B8 58D54400
E9 C28EFEFF
CC
CC
CC
CC
CC
CC
CC

JMP 0040ECD0
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-0CC]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044D438
JMP 0042E398
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
LEA ECX,[EBP-4C]
JMP 0040B360
LEA ECX,[EBP-4C]
JMP 0040ECD0
LEA ECX,[EBP-78]
JMP 0040B360
LEA ECX,[EBP-78]
JMP 0040ECD0
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-2AC]
XOR ECX,EAX
CALL 0042E6F1
MOV ECX,DWORD PTR DS:[EDX-18]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044D4C4
JMP 0042E398
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
LEA ECX,[EBP-50]
JMP 0040ECD0
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-0BC]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044D558
JMP 0042E398
INT3
INT3
INT3
INT3
INT3
INT3
INT3

004454DD
004454DE
004454DF
004454E0
004454E3
004454E8
004454EC
004454EF
004454F5
004454F7
004454FC
00445501
00445506
00445507
00445508
00445509
0044550A
0044550B
0044550C
0044550D
0044550E
0044550F
00445510
00445514
00445517
0044551A
0044551C
00445521
00445526
0044552B
0044552C
0044552D
0044552E
0044552F
00445530
00445533
00445534
00445537
00445538
0044553D
00445540
00445541
00445544
00445549
0044554D
00445550
00445553
00445555
0044555A
0044555F
00445564
00445565
00445566
00445567
00445568
00445569
0044556A
0044556B
0044556C
0044556D

/.
\.^
/.
|.
|.
|.
|.
|.
\.^

/.
|.
|.
|.
|.
|.
\.^

/.
|.
|.
|.
|.
|.
\.
/.
\.^
/.
|.
|.
|.
|.
|.
\.^

CC
CC
CC
8D4D A0
E9 E897FCFF
8B5424 08
8D42 0C
8B8A ECFEFFFF
33C8
E8 F591FEFF
B8 94D54400
E9 928EFEFF
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
8B5424 08
8D42 0C
8B4A 9C
33C8
E8 D091FEFF
B8 18D64400
E9 6D8EFEFF
CC
CC
CC
CC
CC
8B45 EC
50
8B4D E4
51
E8 6350FCFF
83C4 08
C3
8B4D C4
E9 175EFCFF
8B5424 08
8D42 0C
8B4A B4
33C8
E8 9791FEFF
B8 80D64400
E9 348EFEFF
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC

INT3
INT3
INT3
LEA ECX,[EBP-60]
JMP 0040ECD0
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-114]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044D594
JMP 0042E398
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-64]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044D618
JMP 0042E398
INT3
INT3
INT3
INT3
INT3
MOV EAX,DWORD PTR SS:[EBP-14]
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP-1C]
PUSH ECX
CALL 0040A5A0
ADD ESP,8
RETN
MOV ECX,DWORD PTR SS:[EBP-3C]
JMP 0040B360
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-4C]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044D680
JMP 0042E398
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3

0044556E
0044556F
00445570
00445573
00445578
0044557B
00445580
00445584
00445587
0044558D
0044558F
00445594
00445599
0044559E
0044559F
004455A0
004455A3
004455A8
004455AC
004455AF
004455B2
004455B4
004455B9
004455BE
004455C3
004455C4
004455C5
004455C6
004455C7
004455C8
004455C9
004455CA
004455CB
004455CC
004455CD
004455CE
004455CF
004455D0
004455D3
004455D8
004455DB
004455E0
004455E4
004455E7
004455ED
004455EF
004455F4
004455F9
004455FE
004455FF
00445600
00445603
00445608
0044560C
0044560F
00445612
00445614
00445619
0044561E
00445623

/.
\.^
/.
\.^
/.
|.
|.
|.
|.
|.
\.^
/.
\.^
/.
|.
|.
|.
|.
|.
\.^

/.
\.^
/.
\.^
/.
|.
|.
|.
|.
|.
\.^
/.
\.^
/.
|.
|.
|.
|.
|.
\.^

CC
CC
8D4D DC
E9 08A9FCFF
8D4D DC
E9 F0ACFCFF
8B5424 08
8D42 0C
8B8A 70FEFFFF
33C8
E8 5D91FEFF
B8 E8D64400
E9 FA8DFEFF
CC
CC
8B4D A8
E9 2897FCFF
8B5424 08
8D42 0C
8B4A B0
33C8
E8 3891FEFF
B8 14D74400
E9 D58DFEFF
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
8D4D E0
E9 A8A8FCFF
8D4D E0
E9 90ACFCFF
8B5424 08
8D42 0C
8B8A 58FEFFFF
33C8
E8 FD90FEFF
B8 7CD74400
E9 9A8DFEFF
CC
CC
8B4D D0
E9 C896FCFF
8B5424 08
8D42 0C
8B4A D8
33C8
E8 D890FEFF
B8 A8D74400
E9 758DFEFF
CC

INT3
INT3
LEA ECX,[EBP-24]
JMP 0040FE80
LEA ECX,[EBP-24]
JMP 00410270
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-190]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044D6E8
JMP 0042E398
INT3
INT3
MOV ECX,DWORD PTR SS:[EBP-58]
JMP 0040ECD0
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-50]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044D714
JMP 0042E398
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
LEA ECX,[EBP-20]
JMP 0040FE80
LEA ECX,[EBP-20]
JMP 00410270
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-1A8]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044D77C
JMP 0042E398
INT3
INT3
MOV ECX,DWORD PTR SS:[EBP-30]
JMP 0040ECD0
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-28]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044D7A8
JMP 0042E398
INT3

00445624
00445625
00445626
00445627
00445628
00445629
0044562A
0044562B
0044562C
0044562D
0044562E
0044562F
00445630
00445633
00445638
0044563C
0044563F
00445645
00445647
0044564C
00445651
00445656
00445657
00445658
00445659
0044565A
0044565B
0044565C
0044565D
0044565E
0044565F
00445660
00445663
00445664
00445669
0044566A
0044566B
00445671
00445674
0044567A
00445681
00445687
0044568C
0044568D
00445691
00445694
0044569A
0044569C
004456A1
004456A6
004456AB
004456AC
004456AD
004456AE
004456AF
004456B0
004456B6
004456BB
004456C1
004456C4

/.
\.^
/.
|.
|.
|.
|.
|.
\.^

/.
|.
|.
|.
\.
/.
|.
|.
|.
|.
|.^
\>
/.
|.
|.
|.
|.
|.
\.^

/.
\.^
/.
|.
\.^

CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
8D4D E8
E9 FD81FEFF
8B5424 08
8D42 0C
8B8A 1CFFFFFF
33C8
E8 A590FEFF
B8 E4D74400
E9 428DFEFF
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
8B45 EC
50
E8 B192FEFF
59
C3
8B85 58FFFFFF
83E0 01
0F84 12000000
83A5 58FFFFFF
8D8D 5CFFFFFF
E9 4496FCFF
C3
8B5424 08
8D42 0C
8B8A CCFEFFFF
33C8
E8 5090FEFF
B8 80D84400
E9 ED8CFEFF
CC
CC
CC
CC
CC
8B8D 60FFFFFF
E9 7A81FEFF
8B8D 60FFFFFF
83C1 04
E9 0796FCFF

INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
LEA ECX,[EBP-18]
JMP 0042D835
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-0E4]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044D7E4
JMP 0042E398
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
MOV EAX,DWORD PTR SS:[EBP-14]
PUSH EAX
CALL 0042E91A
POP ECX
RETN
MOV EAX,DWORD PTR SS:[EBP-0A8]
AND EAX,00000001
JE 0044568C
AND DWORD PTR SS:[EBP-0A8],FFFFFFFE
LEA ECX,[EBP-0A4]
JMP 0040ECD0
RETN
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-134]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044D880
JMP 0042E398
INT3
INT3
INT3
INT3
INT3
MOV ECX,DWORD PTR SS:[EBP-0A0]
JMP 0042D835
MOV ECX,DWORD PTR SS:[EBP-0A0]
ADD ECX,4
JMP 0040ECD0

004456C9
004456CF
004456D2
004456D7
004456DD
004456E0
004456E5
004456EB
004456EE
004456F3
004456F7
004456FA
00445700
00445702
00445707
0044570C
00445711
00445712
00445713
00445714
00445715
00445716
00445717
00445718
00445719
0044571A
0044571B
0044571C
0044571D
0044571E
0044571F
00445720
00445723
00445728
0044572B
0044572E
00445733
00445736
00445739
0044573E
00445741
00445744
00445749
0044574C
0044574F
00445754
00445758
0044575B
0044575E
00445760
00445765
0044576A
0044576F
00445770
00445773
00445778
0044577B
00445780
00445783
00445788

/.
|.
\.^
/.
|.
\.^
/.
|.
\.^
/.
|.
|.
|.
|.
|.
\.^

/.
\.^
/.
|.
\.^
/.
|.
\.^
/.
|.
\.^
/.
|.
\.^
/.
|.
|.
|.
|.
|.
\.^
/.
\.^
/.
\.^
/.
\.^
/.

8B8D 60FFFFFF
83C1 20
E9 F995FCFF
8B8D 60FFFFFF
83C1 3C
E9 EB95FCFF
8B8D 60FFFFFF
83C1 58
E9 DD95FCFF
8B5424 08
8D42 0C
8B8A 68FFFFFF
33C8
E8 EA8FFEFF
B8 A4D84400
E9 878CFEFF
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
8B4D A0
E9 0D81FEFF
8B4D A0
83C1 04
E9 9D95FCFF
8B4D A0
83C1 20
E9 9295FCFF
8B4D A0
83C1 3C
E9 8795FCFF
8B4D A0
83C1 58
E9 7C95FCFF
8B5424 08
8D42 0C
8B4A A8
33C8
E8 8C8FFEFF
B8 F0D84400
E9 298CFEFF
CC
8D4D C8
E9 680FFCFF
8D4D CC
E9 5095FCFF
8D4D AC
E9 4895FCFF
8D4D 90

MOV ECX,DWORD PTR SS:[EBP-0A0]


ADD ECX,20
JMP 0040ECD0
MOV ECX,DWORD PTR SS:[EBP-0A0]
ADD ECX,3C
JMP 0040ECD0
MOV ECX,DWORD PTR SS:[EBP-0A0]
ADD ECX,58
JMP 0040ECD0
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-98]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044D8A4
JMP 0042E398
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
MOV ECX,DWORD PTR SS:[EBP-60]
JMP 0042D835
MOV ECX,DWORD PTR SS:[EBP-60]
ADD ECX,4
JMP 0040ECD0
MOV ECX,DWORD PTR SS:[EBP-60]
ADD ECX,20
JMP 0040ECD0
MOV ECX,DWORD PTR SS:[EBP-60]
ADD ECX,3C
JMP 0040ECD0
MOV ECX,DWORD PTR SS:[EBP-60]
ADD ECX,58
JMP 0040ECD0
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-58]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044D8F0
JMP 0042E398
INT3
LEA ECX,[EBP-38]
JMP 004066E0
LEA ECX,[EBP-34]
JMP 0040ECD0
LEA ECX,[EBP-54]
JMP 0040ECD0
LEA ECX,[EBP-70]

0044578B
00445790
00445794
00445797
0044579D
0044579F
004457A4
004457A7
004457A9
004457AE
004457B3
004457B8
004457B9
004457BA
004457BB
004457BC
004457BD
004457BE
004457BF
004457C0
004457C3
004457C8
004457CB
004457D0
004457D3
004457D8
004457DC
004457DF
004457E5
004457E7
004457EC
004457EF
004457F1
004457F6
004457FB
00445800
00445803
00445808
0044580B
00445810
00445814
00445817
0044581D
0044581F
00445824
00445827
00445829
0044582E
00445833
00445838
00445839
0044583A
0044583B
0044583C
0044583D
0044583E
0044583F
00445840
00445843
00445848

\.^
/.
|.
|.
|.
|.
|.
|.
|.
|.
\.^

/.
\.^
/.
\.^
/.
\.^
/.
|.
|.
|.
|.
|.
|.
|.
|.
\.^
/.
\.^
/.
\.^
/.
|.
|.
|.
|.
|.
|.
|.
|.
\.^

/.
\.^
/.

E9 4095FCFF
8B5424 08
8D42 0C
8B8A A0FEFFFF
33C8
E8 4D8FFEFF
8B4A F4
33C8
E8 438FFEFF
B8 5CD94400
E9 E08BFEFF
CC
CC
CC
CC
CC
CC
CC
CC
8D4D 80
E9 180FFCFF
8D4D B0
E9 0095FCFF
8D4D 94
E9 F894FCFF
8B5424 08
8D42 0C
8B8A CCFDFFFF
33C8
E8 058FFEFF
8B4A D8
33C8
E8 FB8EFEFF
B8 98D94400
E9 988BFEFF
8D4D B8
E9 D80EFCFF
8D4D C4
E9 C094FCFF
8B5424 08
8D42 0C
8B8A CCFEFFFF
33C8
E8 CD8EFEFF
8B4A EC
33C8
E8 C38EFEFF
B8 CCD94400
E9 608BFEFF
CC
CC
CC
CC
CC
CC
CC
CC
8D4D E8
E9 ED7FFEFF
8B5424 08

JMP 0040ECD0
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-160]
XOR ECX,EAX
CALL 0042E6F1
MOV ECX,DWORD PTR DS:[EDX-0C]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044D95C
JMP 0042E398
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
LEA ECX,[EBP-80]
JMP 004066E0
LEA ECX,[EBP-50]
JMP 0040ECD0
LEA ECX,[EBP-6C]
JMP 0040ECD0
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-234]
XOR ECX,EAX
CALL 0042E6F1
MOV ECX,DWORD PTR DS:[EDX-28]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044D998
JMP 0042E398
LEA ECX,[EBP-48]
JMP 004066E0
LEA ECX,[EBP-3C]
JMP 0040ECD0
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-134]
XOR ECX,EAX
CALL 0042E6F1
MOV ECX,DWORD PTR DS:[EDX-14]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044D9CC
JMP 0042E398
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
LEA ECX,[EBP-18]
JMP 0042D835
MOV EDX,DWORD PTR SS:[ARG.2]

0044584C
0044584F
00445855
00445857
0044585C
00445861
00445866
00445867
00445868
00445869
0044586A
0044586B
0044586C
0044586D
0044586E
0044586F
00445870
00445873
00445874
00445879
0044587A
0044587B
00445881
00445884
0044588A
00445891
00445897
0044589C
0044589D
004458A3
004458A6
004458AC
004458B3
004458B9
004458BE
004458BF
004458C2
004458C7
004458CB
004458CE
004458D4
004458D6
004458DB
004458E0
004458E5
004458E6
004458E7
004458E8
004458E9
004458EA
004458EB
004458EC
004458ED
004458EE
004458EF
004458F0
004458F3
004458F8
004458FC
004458FF

|.
|.
|.
|.
|.
\.^

/.
|.
|.
|.
\.
/.
|.
|.
|.
|.
|.^
\>
/.
|.
|.
|.
|.
|.^
\>
/.
\.^
/.
|.
|.
|.
|.
|.
\.^

/.
\.^
/.
|.
|.

8D42 0C
8B8A 28FFFFFF
33C8
E8 958EFEFF
B8 F8D94400
E9 328BFEFF
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
8B45 EC
50
E8 A190FEFF
59
C3
8B85 58FFFFFF
83E0 01
0F84 12000000
83A5 58FFFFFF
8D8D 5CFFFFFF
E9 3494FCFF
C3
8B85 58FFFFFF
83E0 02
0F84 12000000
83A5 58FFFFFF
8D8D 78FFFFFF
E9 2262FCFF
C3
8B4D EC
E9 5987FCFF
8B5424 08
8D42 0C
8B8A D8FEFFFF
33C8
E8 168EFEFF
B8 1CDA4400
E9 B38AFEFF
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
8B4D E4
E9 2887FCFF
8B5424 08
8D42 0C
8B4A EC

LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-0D8]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044D9F8
JMP 0042E398
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
MOV EAX,DWORD PTR SS:[EBP-14]
PUSH EAX
CALL 0042E91A
POP ECX
RETN
MOV EAX,DWORD PTR SS:[EBP-0A8]
AND EAX,00000001
JE 0044589C
AND DWORD PTR SS:[EBP-0A8],FFFFFFFE
LEA ECX,[EBP-0A4]
JMP 0040ECD0
RETN
MOV EAX,DWORD PTR SS:[EBP-0A8]
AND EAX,00000002
JE 004458BE
AND DWORD PTR SS:[EBP-0A8],FFFFFFFD
LEA ECX,[EBP-88]
JMP 0040BAE0
RETN
MOV ECX,DWORD PTR SS:[EBP-14]
JMP 0040E020
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-128]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044DA1C
JMP 0042E398
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
MOV ECX,DWORD PTR SS:[EBP-1C]
JMP 0040E020
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-14]

00445902
00445904
00445909
0044590E
00445913
00445914
00445915
00445916
00445917
00445918
00445919
0044591A
0044591B
0044591C
0044591D
0044591E
0044591F
00445920
00445924
00445927
0044592D
0044592F
00445934
00445939
0044593E
0044593F
00445940
00445943
00445944
00445947
00445948
0044594D
00445950
00445951
00445955
00445958
0044595B
0044595D
00445962
00445967
0044596C
0044596D
0044596E
0044596F
00445970
00445973
00445978
0044597C
0044597F
00445982
00445984
00445989
0044598E
00445993
00445994
00445995
00445996
00445997
00445998
00445999

|.
|.
|.
\.^

/.
|.
|.
|.
|.
|.
\.^
/.
|.
|.
|.
|.
|.
\.
/.
|.
|.
|.
|.
|.
\.^

/.
\.^
/.
|.
|.
|.
|.
|.
\.^

33C8
E8 E88DFEFF
B8 78DA4400
E9 858AFEFF
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
8B5424 08
8D42 0C
8B8A 04FFFFFF
33C8
E8 BD8DFEFF
B8 D0DA4400
E9 5A8AFEFF
CC
CC
8B45 E8
50
8B4D E0
51
E8 534CFCFF
83C4 08
C3
8B5424 08
8D42 0C
8B4A 9C
33C8
E8 8F8DFEFF
B8 30DB4400
E9 2C8AFEFF
CC
CC
CC
CC
8B4D 08
E9 5893FCFF
8B5424 08
8D42 0C
8B4A DC
33C8
E8 688DFEFF
B8 5CDB4400
E9 058AFEFF
CC
CC
CC
CC
CC
CC
CC

XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044DA78
JMP 0042E398
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-0FC]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044DAD0
JMP 0042E398
INT3
INT3
MOV EAX,DWORD PTR SS:[EBP-18]
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP-20]
PUSH ECX
CALL 0040A5A0
ADD ESP,8
RETN
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-64]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044DB30
JMP 0042E398
INT3
INT3
INT3
INT3
MOV ECX,DWORD PTR SS:[EBP+8]
JMP 0040ECD0
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-24]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044DB5C
JMP 0042E398
INT3
INT3
INT3
INT3
INT3
INT3
INT3

0044599A
0044599B
0044599C
0044599D
0044599E
0044599F
004459A0
004459A3
004459A8
004459AB
004459AE
004459B4
004459B8
004459BB
004459C0
004459C1
004459C4
004459C9
004459CD
004459D0
004459D6
004459D8
004459DD
004459E2
004459E7
004459E8
004459E9
004459EA
004459EB
004459EC
004459ED
004459EE
004459EF
004459F0
004459F3
004459F8
004459FB
004459FE
00445A04
00445A08
00445A0B
00445A10
00445A11
00445A14
00445A19
00445A1D
00445A20
00445A26
00445A28
00445A2D
00445A32
00445A37
00445A38
00445A39
00445A3A
00445A3B
00445A3C
00445A3D
00445A3E
00445A3F

/.
\.^
/.
|.
|.
|.
|.
|.^
\>
/.
\.^
/.
|.
|.
|.
|.
|.
\.^

/.
\.^
/.
|.
|.
|.
|.
|.^
\>
/.
\.^
/.
|.
|.
|.
|.
|.
\.^

CC
CC
CC
CC
CC
CC
8D4D CC
E9 B859FCFF
8B45 C8
83E0 01
0F84 0C000000
8365 C8 FE
8B4D 08
E9 A059FCFF
C3
8D4D CC
E9 0793FCFF
8B5424 08
8D42 0C
8B8A 54FFFFFF
33C8
E8 148DFEFF
B8 98DB4400
E9 B189FEFF
CC
CC
CC
CC
CC
CC
CC
CC
CC
8D4D CC
E9 6859FCFF
8B45 C8
83E0 01
0F84 0C000000
8365 C8 FE
8B4D 08
E9 5059FCFF
C3
8D4D CC
E9 B792FCFF
8B5424 08
8D42 0C
8B8A 58FFFFFF
33C8
E8 C48CFEFF
B8 D4DB4400
E9 6189FEFF
CC
CC
CC
CC
CC
CC
CC
CC
CC

INT3
INT3
INT3
INT3
INT3
INT3
LEA ECX,[EBP-34]
JMP 0040B360
MOV EAX,DWORD PTR SS:[EBP-38]
AND EAX,00000001
JE 004459C0
AND DWORD PTR SS:[EBP-38],FFFFFFFE
MOV ECX,DWORD PTR SS:[EBP+8]
JMP 0040B360
RETN
LEA ECX,[EBP-34]
JMP 0040ECD0
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-0AC]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044DB98
JMP 0042E398
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
LEA ECX,[EBP-34]
JMP 0040B360
MOV EAX,DWORD PTR SS:[EBP-38]
AND EAX,00000001
JE 00445A10
AND DWORD PTR SS:[EBP-38],FFFFFFFE
MOV ECX,DWORD PTR SS:[EBP+8]
JMP 0040B360
RETN
LEA ECX,[EBP-34]
JMP 0040ECD0
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-0A8]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044DBD4
JMP 0042E398
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3

00445A40
00445A43
00445A44
00445A47
00445A48
00445A4D
00445A50
00445A51
00445A55
00445A58
00445A5B
00445A5D
00445A62
00445A67
00445A6C
00445A6D
00445A6E
00445A6F
00445A70
00445A73
00445A78
00445A7B
00445A80
00445A84
00445A87
00445A8D
00445A8F
00445A94
00445A99
00445A9E
00445A9F
00445AA0
00445AA6
00445AAB
00445AAF
00445AB2
00445AB8
00445ABA
00445ABF
00445AC4
00445AC9
00445ACA
00445ACB
00445ACC
00445ACD
00445ACE
00445ACF
00445AD0
00445AD3
00445AD8
00445ADC
00445ADF
00445AE2
00445AE4
00445AE9
00445AEE
00445AF3
00445AF4
00445AF5
00445AF6

/.
|.
|.
|.
|.
|.
\.
/.
|.
|.
|.
|.
|.
\.^

/.
\.^
/.
\.^
/.
|.
|.
|.
|.
|.
\.^
/.
\.^
/.
|.
|.
|.
|.
|.
\.^

/.
\.^
/.
|.
|.
|.
|.
|.
\.^

8B45 E8
50
8B4D E0
51
E8 534BFCFF
83C4 08
C3
8B5424 08
8D42 0C
8B4A 9C
33C8
E8 8F8CFEFF
B8 34DC4400
E9 2C89FEFF
CC
CC
CC
CC
8D4D E4
E9 08A4FCFF
8D4D E4
E9 F0A7FCFF
8B5424 08
8D42 0C
8B8A B0FEFFFF
33C8
E8 5D8CFEFF
B8 9CDC4400
E9 FA88FEFF
CC
CC
8B8D E4FEFFFF
E9 C5A7FCFF
8B5424 08
8D42 0C
8B8A ECFEFFFF
33C8
E8 328CFEFF
B8 C8DC4400
E9 CF88FEFF
CC
CC
CC
CC
CC
CC
CC
8B4D E8
E9 98A7FCFF
8B5424 08
8D42 0C
8B4A F0
33C8
E8 088CFEFF
B8 F4DC4400
E9 A588FEFF
CC
CC
CC
CC

MOV EAX,DWORD PTR SS:[EBP-18]


PUSH EAX
MOV ECX,DWORD PTR SS:[EBP-20]
PUSH ECX
CALL 0040A5A0
ADD ESP,8
RETN
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-64]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044DC34
JMP 0042E398
INT3
INT3
INT3
INT3
LEA ECX,[EBP-1C]
JMP 0040FE80
LEA ECX,[EBP-1C]
JMP 00410270
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-150]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044DC9C
JMP 0042E398
INT3
INT3
MOV ECX,DWORD PTR SS:[EBP-11C]
JMP 00410270
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-114]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044DCC8
JMP 0042E398
INT3
INT3
INT3
INT3
INT3
INT3
INT3
MOV ECX,DWORD PTR SS:[EBP-18]
JMP 00410270
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-10]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044DCF4
JMP 0042E398
INT3
INT3
INT3
INT3

00445AF7
00445AF8
00445AF9
00445AFA
00445AFB
00445AFC
00445AFD
00445AFE
00445AFF
00445B00
00445B04
00445B07
00445B0D
00445B0F
00445B14
00445B19
00445B1E
00445B1F
00445B20
00445B24
00445B27
00445B2D
00445B2F
00445B34
00445B39
00445B3E
00445B3F
00445B40
00445B46
00445B4B
00445B51
00445B56
00445B5A
00445B5D
00445B63
00445B65
00445B6A
00445B6F
00445B74
00445B75
00445B76
00445B77
00445B78
00445B79
00445B7A
00445B7B
00445B7C
00445B7D
00445B7E
00445B7F
00445B80
00445B86
00445B8B
00445B91
00445B96
00445B9C
00445BA1
00445BA7
00445BAC
00445BB2

/.
|.
|.
|.
|.
|.
\.^
/.
|.
|.
|.
|.
|.
\.^
/.
\.^
/.
\.^
/.
|.
|.
|.
|.
|.
\.^

/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^

CC
CC
CC
CC
CC
CC
CC
CC
CC
8B5424 08
8D42 0C
8B8A 64FFFFFF
33C8
E8 DD8BFEFF
B8 58DD4400
E9 7A88FEFF
CC
CC
8B5424 08
8D42 0C
8B8A C0FEFFFF
33C8
E8 BD8BFEFF
B8 D8DD4400
E9 5A88FEFF
CC
CC
8D8D 3CFFFFFF
E9 8530FEFF
8D8D CCFEFFFF
E9 7A91FCFF
8B5424 08
8D42 0C
8B8A ECFDFFFF
33C8
E8 878BFEFF
B8 0CDE4400
E9 2488FEFF
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
8D8D C0FAFFFF
E9 4591FCFF
8D8D A4FAFFFF
E9 3A91FCFF
8D8D 74FAFFFF
E9 2F91FCFF
8D8D 58FAFFFF
E9 2491FCFF
8D8D 14FAFFFF
E9 1991FCFF

INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-9C]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044DD58
JMP 0042E398
INT3
INT3
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-140]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044DDD8
JMP 0042E398
INT3
INT3
LEA ECX,[EBP-0C4]
JMP 00428BD0
LEA ECX,[EBP-134]
JMP 0040ECD0
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-214]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044DE0C
JMP 0042E398
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
LEA ECX,[EBP-540]
JMP 0040ECD0
LEA ECX,[EBP-55C]
JMP 0040ECD0
LEA ECX,[EBP-58C]
JMP 0040ECD0
LEA ECX,[EBP-5A8]
JMP 0040ECD0
LEA ECX,[EBP-5EC]
JMP 0040ECD0

00445BB7
00445BBD
00445BC2
00445BC8
00445BCD
00445BD3
00445BD8
00445BDE
00445BE3
00445BE9
00445BEE
00445BF4
00445BF9
00445BFF
00445C04
00445C0A
00445C0F
00445C15
00445C1A
00445C20
00445C25
00445C2B
00445C30
00445C36
00445C3B
00445C41
00445C46
00445C4C
00445C51
00445C57
00445C5C
00445C62
00445C67
00445C6D
00445C72
00445C78
00445C7D
00445C83
00445C88
00445C8E
00445C93
00445C99
00445C9E
00445CA4
00445CA9
00445CAF
00445CB4
00445CBA
00445CBF
00445CC5
00445CCA
00445CD0
00445CD5
00445CDB
00445CE0
00445CE6
00445CEB
00445CF1
00445CF6
00445CFC

/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^

8D8D F8F9FFFF
E9 0E91FCFF
8D8D BCF9FFFF
E9 0391FCFF
8D8D A0F9FFFF
E9 F890FCFF
8D8D 70F9FFFF
E9 7D57FCFF
8D8D 70F9FFFF
E9 E290FCFF
8D8D 3CF9FFFF
E9 D790FCFF
8D8D 20F9FFFF
E9 CC90FCFF
8D8D D8F8FFFF
E9 C190FCFF
8D8D BCF8FFFF
E9 B690FCFF
8D8D 88F8FFFF
E9 AB90FCFF
8D8D 6CF8FFFF
E9 A090FCFF
8D8D 3CF8FFFF
E9 9590FCFF
8D8D 20F8FFFF
E9 8A90FCFF
8D8D C8F7FFFF
E9 7F90FCFF
8D8D ACF7FFFF
E9 7490FCFF
8D8D 7CF7FFFF
E9 6990FCFF
8D8D 60F7FFFF
E9 5E90FCFF
8D8D 30F7FFFF
E9 5390FCFF
8D8D 14F7FFFF
E9 4890FCFF
8D8D E4F6FFFF
E9 3D90FCFF
8D8D C8F6FFFF
E9 3290FCFF
8D8D A4F6FFFF
E9 2790FCFF
8D8D 88F6FFFF
E9 1C90FCFF
8D8D 58F6FFFF
E9 1190FCFF
8D8D 3CF6FFFF
E9 0690FCFF
8D8D 0CF6FFFF
E9 FB8FFCFF
8D8D F0F5FFFF
E9 F08FFCFF
8D8D C0F5FFFF
E9 E58FFCFF
8D8D A4F5FFFF
E9 DA8FFCFF
8D8D 74F5FFFF
E9 CF8FFCFF

LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP

ECX,[EBP-608]
0040ECD0
ECX,[EBP-644]
0040ECD0
ECX,[EBP-660]
0040ECD0
ECX,[EBP-690]
0040B360
ECX,[EBP-690]
0040ECD0
ECX,[EBP-6C4]
0040ECD0
ECX,[EBP-6E0]
0040ECD0
ECX,[EBP-728]
0040ECD0
ECX,[EBP-744]
0040ECD0
ECX,[EBP-778]
0040ECD0
ECX,[EBP-794]
0040ECD0
ECX,[EBP-7C4]
0040ECD0
ECX,[EBP-7E0]
0040ECD0
ECX,[EBP-838]
0040ECD0
ECX,[EBP-854]
0040ECD0
ECX,[EBP-884]
0040ECD0
ECX,[EBP-8A0]
0040ECD0
ECX,[EBP-8D0]
0040ECD0
ECX,[EBP-8EC]
0040ECD0
ECX,[EBP-91C]
0040ECD0
ECX,[EBP-938]
0040ECD0
ECX,[EBP-95C]
0040ECD0
ECX,[EBP-978]
0040ECD0
ECX,[EBP-9A8]
0040ECD0
ECX,[EBP-9C4]
0040ECD0
ECX,[EBP-9F4]
0040ECD0
ECX,[EBP-0A10]
0040ECD0
ECX,[EBP-0A40]
0040ECD0
ECX,[EBP-0A5C]
0040ECD0
ECX,[EBP-0A8C]
0040ECD0

00445D01
00445D07
00445D0C
00445D12
00445D17
00445D1D
00445D22
00445D28
00445D2D
00445D33
00445D38
00445D3E
00445D43
00445D49
00445D4E
00445D54
00445D59
00445D5F
00445D64
00445D6A
00445D6F
00445D75
00445D7A
00445D80
00445D85
00445D8B
00445D90
00445D96
00445D9B
00445DA1
00445DA6
00445DAC
00445DB1
00445DB7
00445DBC
00445DC2
00445DC7
00445DCD
00445DD2
00445DD5
00445DDA
00445DE0
00445DE5
00445DEB
00445DF0
00445DF6
00445DFB
00445E01
00445E06
00445E0C
00445E11
00445E15
00445E18
00445E1E
00445E20
00445E25
00445E2B
00445E2D
00445E32
00445E37

/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
|.
|.
|.
|.
|.
|.
|.
|.
\.^

8D8D 58F5FFFF
E9 C48FFCFF
8D8D 04F5FFFF
E9 B98FFCFF
8D8D E8F4FFFF
E9 AE8FFCFF
8D8D B8F4FFFF
E9 A38FFCFF
8D8D 9CF4FFFF
E9 988FFCFF
8D8D 6CF4FFFF
E9 8D8FFCFF
8D8D 50F4FFFF
E9 828FFCFF
8D8D 20F4FFFF
E9 778FFCFF
8D8D 04F4FFFF
E9 6C8FFCFF
8D8D D4F3FFFF
E9 618FFCFF
8D8D B8F3FFFF
E9 568FFCFF
8D8D 8CF3FFFF
E9 4B8FFCFF
8D8D 70F3FFFF
E9 408FFCFF
8D8D 44F3FFFF
E9 358FFCFF
8D8D 28F3FFFF
E9 2A8FFCFF
8D8D FCF2FFFF
E9 1F8FFCFF
8D8D E0F2FFFF
E9 148FFCFF
8D8D B4F2FFFF
E9 098FFCFF
8D8D 98F2FFFF
E9 FE8EFCFF
8D4D A0
E9 961CFDFF
8D8D 78FFFFFF
E9 8B1CFDFF
8D8D 5CF2FFFF
E9 E08EFCFF
8D8D 40F2FFFF
E9 D58EFCFF
8D8D 00F2FFFF
E9 CA8EFCFF
8D8D E4F1FFFF
E9 BF8EFCFF
8B5424 08
8D42 0C
8B8A 70E9FFFF
33C8
E8 CC88FEFF
8B8A 1CFFFFFF
33C8
E8 BF88FEFF
B8 30DE4400
E9 5C85FEFF

LEA ECX,[EBP-0AA8]
JMP 0040ECD0
LEA ECX,[EBP-0AFC]
JMP 0040ECD0
LEA ECX,[EBP-0B18]
JMP 0040ECD0
LEA ECX,[EBP-0B48]
JMP 0040ECD0
LEA ECX,[EBP-0B64]
JMP 0040ECD0
LEA ECX,[EBP-0B94]
JMP 0040ECD0
LEA ECX,[EBP-0BB0]
JMP 0040ECD0
LEA ECX,[EBP-0BE0]
JMP 0040ECD0
LEA ECX,[EBP-0BFC]
JMP 0040ECD0
LEA ECX,[EBP-0C2C]
JMP 0040ECD0
LEA ECX,[EBP-0C48]
JMP 0040ECD0
LEA ECX,[EBP-0C74]
JMP 0040ECD0
LEA ECX,[EBP-0C90]
JMP 0040ECD0
LEA ECX,[EBP-0CBC]
JMP 0040ECD0
LEA ECX,[EBP-0CD8]
JMP 0040ECD0
LEA ECX,[EBP-0D04]
JMP 0040ECD0
LEA ECX,[EBP-0D20]
JMP 0040ECD0
LEA ECX,[EBP-0D4C]
JMP 0040ECD0
LEA ECX,[EBP-0D68]
JMP 0040ECD0
LEA ECX,[EBP-60]
JMP 00417A70
LEA ECX,[EBP-88]
JMP 00417A70
LEA ECX,[EBP-0DA4]
JMP 0040ECD0
LEA ECX,[EBP-0DC0]
JMP 0040ECD0
LEA ECX,[EBP-0E00]
JMP 0040ECD0
LEA ECX,[EBP-0E1C]
JMP 0040ECD0
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-1690]
XOR ECX,EAX
CALL 0042E6F1
MOV ECX,DWORD PTR DS:[EDX-0E4]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044DE30
JMP 0042E398

00445E3C
00445E3D
00445E3E
00445E3F
00445E40
00445E46
00445E4B
00445E4F
00445E52
00445E58
00445E5A
00445E5F
00445E64
00445E69
00445E6A
00445E6B
00445E6C
00445E6D
00445E6E
00445E6F
00445E70
00445E73
00445E78
00445E7B
00445E80
00445E86
00445E8B
00445E91
00445E96
00445E9C
00445EA1
00445EA7
00445EAC
00445EB2
00445EB7
00445EBD
00445EC2
00445EC8
00445ECD
00445ED3
00445ED8
00445EDC
00445EDF
00445EE5
00445EE7
00445EEC
00445EF1
00445EF6
00445EF7
00445EF8
00445EF9
00445EFA
00445EFB
00445EFC
00445EFD
00445EFE
00445EFF
00445F00
00445F06
00445F0B

/.
\.^
/.
|.
|.
|.
|.
|.
\.^

/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
|.
|.
|.
|.
|.
\.^

/.
\.^
/.

CC
CC
CC
CC
8B8D 64FFFFFF
E9 F50FFCFF
8B5424 08
8D42 0C
8B8A 6CFFFFFF
33C8
E8 9288FEFF
B8 3CE04400
E9 2F85FEFF
CC
CC
CC
CC
CC
CC
CC
8D4D A0
E9 588EFCFF
8D4D 84
E9 508EFCFF
8D8D 44FFFFFF
E9 458EFCFF
8D8D 28FFFFFF
E9 3A8EFCFF
8D8D E8FEFFFF
E9 2F8EFCFF
8D8D CCFEFFFF
E9 248EFCFF
8D8D 8CFEFFFF
E9 198EFCFF
8D8D 70FEFFFF
E9 0E8EFCFF
8D8D 40FEFFFF
E9 038EFCFF
8D8D 24FEFFFF
E9 F88DFCFF
8B5424 08
8D42 0C
8B8A 2CFCFFFF
33C8
E8 0588FEFF
B8 60E04400
E9 A284FEFF
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
8D8D 68FCFFFF
E9 C58DFCFF
8D8D 4CFCFFFF

INT3
INT3
INT3
INT3
MOV ECX,DWORD PTR SS:[EBP-9C]
JMP 00406E40
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-94]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044E03C
JMP 0042E398
INT3
INT3
INT3
INT3
INT3
INT3
INT3
LEA ECX,[EBP-60]
JMP 0040ECD0
LEA ECX,[EBP-7C]
JMP 0040ECD0
LEA ECX,[EBP-0BC]
JMP 0040ECD0
LEA ECX,[EBP-0D8]
JMP 0040ECD0
LEA ECX,[EBP-118]
JMP 0040ECD0
LEA ECX,[EBP-134]
JMP 0040ECD0
LEA ECX,[EBP-174]
JMP 0040ECD0
LEA ECX,[EBP-190]
JMP 0040ECD0
LEA ECX,[EBP-1C0]
JMP 0040ECD0
LEA ECX,[EBP-1DC]
JMP 0040ECD0
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-3D4]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044E060
JMP 0042E398
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
LEA ECX,[EBP-398]
JMP 0040ECD0
LEA ECX,[EBP-3B4]

00445F11
00445F16
00445F1C
00445F21
00445F27
00445F2C
00445F30
00445F33
00445F39
00445F3B
00445F40
00445F43
00445F45
00445F4A
00445F4F
00445F54
00445F55
00445F56
00445F57
00445F58
00445F59
00445F5A
00445F5B
00445F5C
00445F5D
00445F5E
00445F5F
00445F60
00445F66
00445F6B
00445F71
00445F76
00445F7C
00445F81
00445F87
00445F8C
00445F92
00445F97
00445F9D
00445FA2
00445FA8
00445FAD
00445FB1
00445FB4
00445FBA
00445FBC
00445FC1
00445FC7
00445FC9
00445FCE
00445FD3
00445FD8
00445FD9
00445FDA
00445FDB
00445FDC
00445FDD
00445FDE
00445FDF
00445FE0

\.^
/.
\.^
/.
\.^
/.
|.
|.
|.
|.
|.
|.
|.
|.
\.^

/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
|.
|.
|.
|.
|.
|.
|.
|.
\.^

/.

E9 BA8DFCFF
8D8D 94FCFFFF
E9 AF2CFEFF
8D8D 1CFCFFFF
E9 A48DFCFF
8B5424 08
8D42 0C
8B8A CCFAFFFF
33C8
E8 B187FEFF
8B4A C4
33C8
E8 A787FEFF
B8 F4E04400
E9 4484FEFF
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
8D8D A4FDFFFF
E9 658DFCFF
8D8D 88FDFFFF
E9 5A8DFCFF
8D8D DCFEFFFF
E9 4F2CFEFF
8D8D 40FDFFFF
E9 448DFCFF
8D8D 5CFFFFFF
E9 392CFEFF
8D8D F0FCFFFF
E9 2E8DFCFF
8D8D D4FCFFFF
E9 238DFCFF
8B5424 08
8D42 0C
8B8A A4F9FFFF
33C8
E8 3087FEFF
8B8A D0FEFFFF
33C8
E8 2387FEFF
B8 18E14400
E9 C083FEFF
CC
CC
CC
CC
CC
CC
CC
CC
8D4D 08

JMP 0040ECD0
LEA ECX,[EBP-36C]
JMP 00428BD0
LEA ECX,[EBP-3E4]
JMP 0040ECD0
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-534]
XOR ECX,EAX
CALL 0042E6F1
MOV ECX,DWORD PTR DS:[EDX-3C]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044E0F4
JMP 0042E398
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
LEA ECX,[EBP-25C]
JMP 0040ECD0
LEA ECX,[EBP-278]
JMP 0040ECD0
LEA ECX,[EBP-124]
JMP 00428BD0
LEA ECX,[EBP-2C0]
JMP 0040ECD0
LEA ECX,[EBP-0A4]
JMP 00428BD0
LEA ECX,[EBP-310]
JMP 0040ECD0
LEA ECX,[EBP-32C]
JMP 0040ECD0
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-65C]
XOR ECX,EAX
CALL 0042E6F1
MOV ECX,DWORD PTR DS:[EDX-130]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044E118
JMP 0042E398
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
LEA ECX,[EBP+8]

00445FE3
00445FE8
00445FEB
00445FF0
00445FF3
00445FF8
00445FFB
00446000
00446003
00446008
0044600B
00446010
00446014
00446017
0044601D
0044601F
00446024
00446027
00446029
0044602E
00446033
00446038
00446039
0044603A
0044603B
0044603C
0044603D
0044603E
0044603F
00446040
00446043
00446048
0044604E
00446053
00446056
0044605B
0044605F
00446062
00446068
0044606A
0044606F
00446072
00446074
00446079
0044607E
00446083
00446084
00446085
00446086
00446087
00446088
00446089
0044608A
0044608B
0044608C
0044608D
0044608E
0044608F
00446090
00446096

\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
|.
|.
|.
|.
|.
|.
|.
|.
\.^

/.
\.^
/.
\.^
/.
\.^
/.
|.
|.
|.
|.
|.
|.
|.
|.
\.^

/.
\.^

E9 7853FCFF
8D4D 08
E9 E08CFCFF
8D4D 08
E9 D88CFCFF
8D4D 08
E9 D08CFCFF
8D4D 08
E9 C88CFCFF
8D4D 08
E9 C08CFCFF
8B5424 08
8D42 0C
8B8A A8FCFFFF
33C8
E8 CD86FEFF
8B4A FC
33C8
E8 C386FEFF
B8 74E14400
E9 6083FEFF
CC
CC
CC
CC
CC
CC
CC
CC
8D4D 0C
E9 1853FCFF
8D8D 4CFFFFFF
E9 8DF9FBFF
8D4D 0C
E9 758CFCFF
8B5424 08
8D42 0C
8B8A 48FEFFFF
33C8
E8 8286FEFF
8B4A FC
33C8
E8 7886FEFF
B8 E0E14400
E9 1583FEFF
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
8D8D CCFAFFFF
E9 358CFCFF

JMP 0040B360
LEA ECX,[EBP+8]
JMP 0040ECD0
LEA ECX,[EBP+8]
JMP 0040ECD0
LEA ECX,[EBP+8]
JMP 0040ECD0
LEA ECX,[EBP+8]
JMP 0040ECD0
LEA ECX,[EBP+8]
JMP 0040ECD0
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-358]
XOR ECX,EAX
CALL 0042E6F1
MOV ECX,DWORD PTR DS:[EDX-4]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044E174
JMP 0042E398
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
LEA ECX,[EBP+0C]
JMP 0040B360
LEA ECX,[EBP-0B4]
JMP 004059E0
LEA ECX,[EBP+0C]
JMP 0040ECD0
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-1B8]
XOR ECX,EAX
CALL 0042E6F1
MOV ECX,DWORD PTR DS:[EDX-4]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044E1E0
JMP 0042E398
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
LEA ECX,[EBP-534]
JMP 0040ECD0

0044609B
004460A1
004460A6
004460AC
004460B1
004460B7
004460BC
004460C2
004460C7
004460CD
004460D2
004460D8
004460DD
004460E3
004460E8
004460EE
004460F3
004460F9
004460FE
00446104
00446109
0044610F
00446114
0044611A
0044611F
00446125
0044612A
00446130
00446135
0044613B
00446140
00446146
0044614B
00446151
00446156
0044615C
00446161
00446167
0044616C
00446172
00446177
0044617D
00446182
00446188
0044618D
00446193
00446198
0044619E
004461A3
004461A9
004461AE
004461B4
004461B9
004461BF
004461C4
004461CA
004461CF
004461D5
004461DA
004461E0

/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^

8D8D B0FAFFFF
E9 2A8CFCFF
8D8D 4CFDFFFF
E9 AF52FCFF
8D8D A4FDFFFF
E9 A452FCFF
8D8D F0F9FFFF
E9 9952FCFF
8D8D F0F9FFFF
E9 FE8BFCFF
8D8D C0F9FFFF
E9 8352FCFF
8D8D 98F9FFFF
E9 7852FCFF
8D8D 74FDFFFF
E9 6D52FCFF
8D8D 98F9FFFF
E9 D28BFCFF
8D8D C0F9FFFF
E9 C78BFCFF
8D8D 54F9FFFF
E9 BC8BFCFF
8D8D 10F9FFFF
E9 4152FCFF
8D8D E4F8FFFF
E9 3652FCFF
8D8D E4F8FFFF
E9 9B8BFCFF
8D8D 10F9FFFF
E9 908BFCFF
8D8D A4F8FFFF
E9 1552FCFF
8D8D 78F8FFFF
E9 0A52FCFF
8D8D 78F8FFFF
E9 6F8BFCFF
8D8D A4F8FFFF
E9 648BFCFF
8D8D 74FDFFFF
E9 598BFCFF
8D8D A4FDFFFF
E9 4E8BFCFF
8D8D 4CFDFFFF
E9 438BFCFF
8D8D 38F8FFFF
E9 C851FCFF
8D8D 0CF8FFFF
E9 2D8BFCFF
8D8D 38F8FFFF
E9 228BFCFF
8D8D E0F7FFFF
E9 A751FCFF
8D8D B4F7FFFF
E9 9C51FCFF
8D8D B4F7FFFF
E9 018BFCFF
8D8D E0F7FFFF
E9 F68AFCFF
8D8D 74F7FFFF
E9 7B51FCFF

LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP
LEA
JMP

ECX,[EBP-550]
0040ECD0
ECX,[EBP-2B4]
0040B360
ECX,[EBP-25C]
0040B360
ECX,[EBP-610]
0040B360
ECX,[EBP-610]
0040ECD0
ECX,[EBP-640]
0040B360
ECX,[EBP-668]
0040B360
ECX,[EBP-28C]
0040B360
ECX,[EBP-668]
0040ECD0
ECX,[EBP-640]
0040ECD0
ECX,[EBP-6AC]
0040ECD0
ECX,[EBP-6F0]
0040B360
ECX,[EBP-71C]
0040B360
ECX,[EBP-71C]
0040ECD0
ECX,[EBP-6F0]
0040ECD0
ECX,[EBP-75C]
0040B360
ECX,[EBP-788]
0040B360
ECX,[EBP-788]
0040ECD0
ECX,[EBP-75C]
0040ECD0
ECX,[EBP-28C]
0040ECD0
ECX,[EBP-25C]
0040ECD0
ECX,[EBP-2B4]
0040ECD0
ECX,[EBP-7C8]
0040B360
ECX,[EBP-7F4]
0040ECD0
ECX,[EBP-7C8]
0040ECD0
ECX,[EBP-820]
0040B360
ECX,[EBP-84C]
0040B360
ECX,[EBP-84C]
0040ECD0
ECX,[EBP-820]
0040ECD0
ECX,[EBP-88C]
0040B360

004461E5
004461EB
004461F0
004461F6
004461FB
00446201
00446206
0044620A
0044620D
00446213
00446215
0044621A
0044621D
0044621F
00446224
00446229
0044622E
0044622F
00446230
00446233
00446238
0044623E
00446243
00446249
0044624E
00446254
00446259
0044625F
00446264
0044626A
0044626F
00446275
0044627A
00446280
00446285
0044628B
00446290
00446293
00446298
0044629E
004462A3
004462A9
004462AE
004462B4
004462B9
004462BF
004462C4
004462CA
004462CF
004462D5
004462DA
004462E0
004462E5
004462EB
004462F0
004462F6
004462FB
00446301
00446306
0044630C

/.
\.^
/.
\.^
/.
\.^
/.
|.
|.
|.
|.
|.
|.
|.
|.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^

8D8D 48F7FFFF
E9 7051FCFF
8D8D 48F7FFFF
E9 D58AFCFF
8D8D 74F7FFFF
E9 CA8AFCFF
8B5424 08
8D42 0C
8B8A 50F1FFFF
33C8
E8 D784FEFF
8B4A F0
33C8
E8 CD84FEFF
B8 04E24400
E9 6A81FEFF
CC
CC
8D4D A0
E9 58E2FDFF
8D8D A0F8FFFF
E9 8D8AFCFF
8D8D 84F8FFFF
E9 828AFCFF
8D8D 24FEFFFF
E9 0751FCFF
8D8D 48F8FFFF
E9 FC50FCFF
8D8D B8FCFFFF
E9 F150FCFF
8D8D 48F8FFFF
E9 568AFCFF
8D8D B8FCFFFF
E9 4B8AFCFF
8D8D 24FEFFFF
E9 408AFCFF
8D4D A0
E9 A80BFCFF
8D8D 7CFAFFFF
E9 BD50FCFF
8D8D 10F8FFFF
E9 228AFCFF
8D8D E8F7FFFF
E9 A750FCFF
8D8D 10F9FFFF
E9 9C50FCFF
8D8D E8F7FFFF
E9 018AFCFF
8D8D 10F9FFFF
E9 F689FCFF
8D8D 7CFAFFFF
E9 EB89FCFF
8D8D 9CF7FFFF
E9 7050FCFF
8D8D 9CF7FFFF
E9 D589FCFF
8D8D 68F7FFFF
E9 5A50FCFF
8D8D 3CF7FFFF
E9 4F50FCFF

LEA ECX,[EBP-8B8]
JMP 0040B360
LEA ECX,[EBP-8B8]
JMP 0040ECD0
LEA ECX,[EBP-88C]
JMP 0040ECD0
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-0EB0]
XOR ECX,EAX
CALL 0042E6F1
MOV ECX,DWORD PTR DS:[EDX-10]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044E204
JMP 0042E398
INT3
INT3
LEA ECX,[EBP-60]
JMP 00424490
LEA ECX,[EBP-760]
JMP 0040ECD0
LEA ECX,[EBP-77C]
JMP 0040ECD0
LEA ECX,[EBP-1DC]
JMP 0040B360
LEA ECX,[EBP-7B8]
JMP 0040B360
LEA ECX,[EBP-348]
JMP 0040B360
LEA ECX,[EBP-7B8]
JMP 0040ECD0
LEA ECX,[EBP-348]
JMP 0040ECD0
LEA ECX,[EBP-1DC]
JMP 0040ECD0
LEA ECX,[EBP-60]
JMP 00406E40
LEA ECX,[EBP-584]
JMP 0040B360
LEA ECX,[EBP-7F0]
JMP 0040ECD0
LEA ECX,[EBP-818]
JMP 0040B360
LEA ECX,[EBP-6F0]
JMP 0040B360
LEA ECX,[EBP-818]
JMP 0040ECD0
LEA ECX,[EBP-6F0]
JMP 0040ECD0
LEA ECX,[EBP-584]
JMP 0040ECD0
LEA ECX,[EBP-864]
JMP 0040B360
LEA ECX,[EBP-864]
JMP 0040ECD0
LEA ECX,[EBP-898]
JMP 0040B360
LEA ECX,[EBP-8C4]
JMP 0040B360

00446311
00446317
0044631C
00446322
00446327
0044632A
0044632F
00446335
0044633A
00446340
00446345
0044634B
00446350
00446356
0044635B
00446361
00446366
0044636C
00446371
00446377
0044637C
00446382
00446387
0044638D
00446392
00446398
0044639D
004463A3
004463A8
004463AE
004463B3
004463B9
004463BE
004463C4
004463C9
004463CF
004463D4
004463DA
004463DF
004463E5
004463EA
004463F0
004463F5
004463F9
004463FC
00446402
00446404
00446409
0044640C
0044640E
00446413
00446418
0044641D
0044641E
0044641F
00446420
00446426
0044642B
00446431
00446436

/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
|.
|.
|.
|.
|.
|.
|.
|.
\.^

/.
\.^
/.
\.^
/.

8D8D 3CF7FFFF
E9 B489FCFF
8D8D 68F7FFFF
E9 A989FCFF
8D4D C0
E9 41B0FDFF
8D8D B8F6FFFF
E9 9689FCFF
8D8D D4F6FFFF
E9 1B50FCFF
8D8D FCF6FFFF
E9 1050FCFF
8D8D FCF6FFFF
E9 7589FCFF
8D8D D4F6FFFF
E9 6A89FCFF
8D8D 5CFEFFFF
E9 EF4FFCFF
8D8D 80F6FFFF
E9 5489FCFF
8D8D C0F8FFFF
E9 D94FFCFF
8D8D 38F6FFFF
E9 CE4FFCFF
8D8D 38F6FFFF
E9 3389FCFF
8D8D FCF5FFFF
E9 B84FFCFF
8D8D FCF5FFFF
E9 1D89FCFF
8D8D C4F5FFFF
E9 A24FFCFF
8D8D 94F5FFFF
E9 974FFCFF
8D8D 94F5FFFF
E9 FC88FCFF
8D8D C4F5FFFF
E9 F188FCFF
8D8D C0F8FFFF
E9 E688FCFF
8D8D 5CFEFFFF
E9 DB88FCFF
8B5424 08
8D42 0C
8B8A 08ECFFFF
33C8
E8 E882FEFF
8B4A 90
33C8
E8 DE82FEFF
B8 48E34400
E9 7B7FFEFF
CC
CC
CC
8D8D 64FCFFFF
E9 354FFCFF
8D8D 38FCFFFF
E9 2A4FFCFF
8D8D 38FCFFFF

LEA ECX,[EBP-8C4]
JMP 0040ECD0
LEA ECX,[EBP-898]
JMP 0040ECD0
LEA ECX,[EBP-40]
JMP 00421370
LEA ECX,[EBP-948]
JMP 0040ECD0
LEA ECX,[EBP-92C]
JMP 0040B360
LEA ECX,[EBP-904]
JMP 0040B360
LEA ECX,[EBP-904]
JMP 0040ECD0
LEA ECX,[EBP-92C]
JMP 0040ECD0
LEA ECX,[EBP-1A4]
JMP 0040B360
LEA ECX,[EBP-980]
JMP 0040ECD0
LEA ECX,[EBP-740]
JMP 0040B360
LEA ECX,[EBP-9C8]
JMP 0040B360
LEA ECX,[EBP-9C8]
JMP 0040ECD0
LEA ECX,[EBP-0A04]
JMP 0040B360
LEA ECX,[EBP-0A04]
JMP 0040ECD0
LEA ECX,[EBP-0A3C]
JMP 0040B360
LEA ECX,[EBP-0A6C]
JMP 0040B360
LEA ECX,[EBP-0A6C]
JMP 0040ECD0
LEA ECX,[EBP-0A3C]
JMP 0040ECD0
LEA ECX,[EBP-740]
JMP 0040ECD0
LEA ECX,[EBP-1A4]
JMP 0040ECD0
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-13F8]
XOR ECX,EAX
CALL 0042E6F1
MOV ECX,DWORD PTR DS:[EDX-70]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044E348
JMP 0042E398
INT3
INT3
INT3
LEA ECX,[EBP-39C]
JMP 0040B360
LEA ECX,[EBP-3C8]
JMP 0040B360
LEA ECX,[EBP-3C8]

0044643C
00446441
00446447
0044644C
00446450
00446453
00446459
0044645B
00446460
00446463
00446465
0044646A
0044646F
00446474
00446475
00446476
00446477
00446478
00446479
0044647A
0044647B
0044647C
0044647D
0044647E
0044647F
00446480
00446483
00446486
0044648C
00446490
00446493
00446498
00446499
0044649C
004464A1
004464A5
004464A8
004464AE
004464B0
004464B5
004464B8
004464BA
004464BF
004464C4
004464C9
004464CA
004464CB
004464CC
004464CD
004464CE
004464CF
004464D0
004464D3
004464D8
004464DE
004464E3
004464E7
004464EA
004464F0
004464F2

\.^
/.
\.^
/.
|.
|.
|.
|.
|.
|.
|.
|.
\.^

/.
|.
|.
|.
|.
|.^
\>
/.
\.^
/.
|.
|.
|.
|.
|.
|.
|.
|.
\.^

/.
\.^
/.
\.^
/.
|.
|.
|.
|.

E9 8F88FCFF
8D8D 64FCFFFF
E9 8488FCFF
8B5424 08
8D42 0C
8B8A 5CFBFFFF
33C8
E8 9182FEFF
8B4A F0
33C8
E8 8782FEFF
B8 F4E44400
E9 247FFEFF
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
8B45 A4
83E0 01
0F84 0C000000
8365 A4 FE
8B4D 08
E9 3888FCFF
C3
8D4D C8
E9 2F88FCFF
8B5424 08
8D42 0C
8B8A FCFEFFFF
33C8
E8 3C82FEFF
8B4A F0
33C8
E8 3282FEFF
B8 28E54400
E9 CF7EFEFF
CC
CC
CC
CC
CC
CC
CC
8D4D D0
E9 F887FCFF
8D8D 44FFFFFF
E9 CDBEFDFF
8B5424 08
8D42 0C
8B8A B4FEFFFF
33C8
E8 FA81FEFF

JMP 0040ECD0
LEA ECX,[EBP-39C]
JMP 0040ECD0
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-4A4]
XOR ECX,EAX
CALL 0042E6F1
MOV ECX,DWORD PTR DS:[EDX-10]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044E4F4
JMP 0042E398
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
MOV EAX,DWORD PTR SS:[EBP-5C]
AND EAX,00000001
JE 00446498
AND DWORD PTR SS:[EBP-5C],FFFFFFFE
MOV ECX,DWORD PTR SS:[EBP+8]
JMP 0040ECD0
RETN
LEA ECX,[EBP-38]
JMP 0040ECD0
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-104]
XOR ECX,EAX
CALL 0042E6F1
MOV ECX,DWORD PTR DS:[EDX-10]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044E528
JMP 0042E398
INT3
INT3
INT3
INT3
INT3
INT3
INT3
LEA ECX,[EBP-30]
JMP 0040ECD0
LEA ECX,[EBP-0BC]
JMP 004223B0
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-14C]
XOR ECX,EAX
CALL 0042E6F1

004464F7
004464FA
004464FC
00446501
00446506
0044650B
0044650C
0044650D
0044650E
0044650F
00446510
00446513
00446518
0044651B
00446520
00446523
00446528
0044652C
0044652F
00446535
00446537
0044653C
00446541
00446546
00446547
00446548
00446549
0044654A
0044654B
0044654C
0044654D
0044654E
0044654F
00446550
00446553
00446556
0044655C
00446560
00446563
00446566
0044656B
0044656C
0044656F
00446572
00446578
0044657C
0044657F
00446582
00446587
00446588
0044658B
0044658E
00446593
00446597
0044659A
0044659D
0044659F
004465A4
004465A9
004465AE

|.
|.
|.
|.
\.^

/.
\.^
/.
\.^
/.
\.^
/.
|.
|.
|.
|.
|.
\.^

/.
|.
|.
|.
|.
|.
|.^
\>
/.
|.
|.
|.
|.
|.
|.^
\>
/.
|.
\.^
/.
|.
|.
|.
|.
|.
\.^

8B4A F8
33C8
E8 F081FEFF
B8 5CE54400
E9 8D7EFEFF
CC
CC
CC
CC
CC
8D4D E4
E9 6899FCFF
8D4D DC
E9 C001FCFF
8D4D E4
E9 489DFCFF
8B5424 08
8D42 0C
8B8A 38FFFFFF
33C8
E8 B581FEFF
B8 A4E54400
E9 527EFEFF
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
8B45 F0
83E0 01
0F84 0F000000
8365 F0 FE
8B4D B8
83C1 4C
E9 5508FEFF
C3
8B45 F0
83E0 02
0F84 0F000000
8365 F0 FD
8B4D B8
83C1 04
E9 3908FEFF
C3
8B4D B8
83C1 04
E9 0D08FEFF
8B5424 08
8D42 0C
8B4A C0
33C8
E8 4D81FEFF
B8 08E64400
E9 EA7DFEFF
CC

MOV ECX,DWORD PTR DS:[EDX-8]


XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044E55C
JMP 0042E398
INT3
INT3
INT3
INT3
INT3
LEA ECX,[EBP-1C]
JMP 0040FE80
LEA ECX,[EBP-24]
JMP 004066E0
LEA ECX,[EBP-1C]
JMP 00410270
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-0C8]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044E5A4
JMP 0042E398
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
MOV EAX,DWORD PTR SS:[EBP-10]
AND EAX,00000001
JE 0044656B
AND DWORD PTR SS:[EBP-10],FFFFFFFE
MOV ECX,DWORD PTR SS:[EBP-48]
ADD ECX,4C
JMP 00426DC0
RETN
MOV EAX,DWORD PTR SS:[EBP-10]
AND EAX,00000002
JE 00446587
AND DWORD PTR SS:[EBP-10],FFFFFFFD
MOV ECX,DWORD PTR SS:[EBP-48]
ADD ECX,4
JMP 00426DC0
RETN
MOV ECX,DWORD PTR SS:[EBP-48]
ADD ECX,4
JMP 00426DA0
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-40]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044E608
JMP 0042E398
INT3

004465AF
004465B0
004465B3
004465B6
004465BC
004465C0
004465C6
004465C9
004465CE
004465CF
004465D2
004465D5
004465DB
004465DF
004465E5
004465E8
004465ED
004465EE
004465F4
004465F7
004465FC
004465FF
00446604
0044660A
0044660D
00446612
00446616
00446619
0044661F
00446621
00446626
0044662B
00446630
00446633
00446636
0044663B
0044663E
00446643
00446647
0044664A
0044664D
0044664F
00446654
00446659
0044665E
0044665F
00446660
00446666
0044666B
0044666F
00446672
00446678
0044667A
0044667F
00446684
00446689
0044668A
0044668B
0044668C
0044668D

/.
|.
|.
|.
|.
|.
|.^
\>
/.
|.
|.
|.
|.
|.
|.^
\>
/.
|.
\.^
/.
\.^
/.
|.
\.^
/.
|.
|.
|.
|.
|.
\.^
/.
|.
\.^
/.
\.^
/.
|.
|.
|.
|.
|.
\.^
/.
\.^
/.
|.
|.
|.
|.
|.
\.^

CC
8B45 F0
83E0 01
0F84 12000000
8365 F0 FE
8B8D E8FEFFFF
83C1 54
E9 F207FEFF
C3
8B45 F0
83E0 02
0F84 12000000
8365 F0 FD
8B8D E8FEFFFF
83C1 04
E9 D307FEFF
C3
8B8D E8FEFFFF
83C1 04
E9 A407FEFF
8B4D E0
E9 7C09FEFF
8B8D E8FEFFFF
83C1 04
E9 7EC9FDFF
8B5424 08
8D42 0C
8B8A ECFEFFFF
33C8
E8 CB80FEFF
B8 2CE64400
E9 687DFEFF
8B4D BC
83E9 50
E9 6507FEFF
8B4D C4
E9 3D09FEFF
8B5424 08
8D42 0C
8B4A C4
33C8
E8 9D80FEFF
B8 88E64400
E9 3A7DFEFF
CC
CC
8B8D 44FFFFFF
E9 1509FEFF
8B5424 08
8D42 0C
8B8A 4CFFFFFF
33C8
E8 7280FEFF
B8 B4E64400
E9 0F7DFEFF
CC
CC
CC
CC
CC

INT3
MOV EAX,DWORD PTR SS:[EBP-10]
AND EAX,00000001
JE 004465CE
AND DWORD PTR SS:[EBP-10],FFFFFFFE
MOV ECX,DWORD PTR SS:[EBP-118]
ADD ECX,54
JMP 00426DC0
RETN
MOV EAX,DWORD PTR SS:[EBP-10]
AND EAX,00000002
JE 004465ED
AND DWORD PTR SS:[EBP-10],FFFFFFFD
MOV ECX,DWORD PTR SS:[EBP-118]
ADD ECX,4
JMP 00426DC0
RETN
MOV ECX,DWORD PTR SS:[EBP-118]
ADD ECX,4
JMP 00426DA0
MOV ECX,DWORD PTR SS:[EBP-20]
JMP 00426F80
MOV ECX,DWORD PTR SS:[EBP-118]
ADD ECX,4
JMP 00422F90
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-114]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044E62C
JMP 0042E398
MOV ECX,DWORD PTR SS:[EBP-44]
SUB ECX,50
JMP 00426DA0
MOV ECX,DWORD PTR SS:[EBP-3C]
JMP 00426F80
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-3C]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044E688
JMP 0042E398
INT3
INT3
MOV ECX,DWORD PTR SS:[EBP-0BC]
JMP 00426F80
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-0B4]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044E6B4
JMP 0042E398
INT3
INT3
INT3
INT3
INT3

0044668E
0044668F
00446690
00446693
00446698
0044669C
0044669F
004466A5
004466A7
004466AC
004466AF
004466B1
004466B6
004466BB
004466C0
004466C3
004466C8
004466CC
004466CF
004466D5
004466D7
004466DC
004466DF
004466E1
004466E6
004466EB
004466F0
004466F6
004466FB
00446701
00446706
0044670C
00446711
00446717
0044671C
00446722
00446727
0044672B
0044672E
00446734
00446736
0044673B
00446740
00446745
00446746
00446747
00446748
00446749
0044674A
0044674B
0044674C
0044674D
0044674E
0044674F
00446750
00446753
00446758
0044675B
0044675E
00446764

/.
\.^
/.
|.
|.
|.
|.
|.
|.
|.
|.
\.^
/.
\.^
/.
|.
|.
|.
|.
|.
|.
|.
|.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
\.^
/.
|.
|.
|.
|.
|.
\.^

/.
\.^
/.
|.
|.
|.

CC
CC
8D4D C4
E9 3886FCFF
8B5424 08
8D42 0C
8B8A ECFEFFFF
33C8
E8 4580FEFF
8B4A EC
33C8
E8 3B80FEFF
B8 E0E64400
E9 D87CFEFF
8D4D D0
E9 0886FCFF
8B5424 08
8D42 0C
8B8A E4FEFFFF
33C8
E8 1580FEFF
8B4A F8
33C8
E8 0B80FEFF
B8 0CE74400
E9 A87CFEFF
8D8D 7CFEFFFF
E9 E5F2FBFF
8D8D 1CFFFFFF
E9 5A4CFCFF
8D8D 1CFFFFFF
E9 8FE1FDFF
8D8D 1CFFFFFF
E9 444CFCFF
8D8D 1CFFFFFF
E9 A985FCFF
8B5424 08
8D42 0C
8B8A 18FEFFFF
33C8
E8 B67FFEFF
B8 30E74400
E9 537CFEFF
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
8D4D CC
E9 084CFCFF
8B45 C4
83E0 01
0F84 0C000000
8365 C4 FE

INT3
INT3
LEA ECX,[EBP-3C]
JMP 0040ECD0
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-114]
XOR ECX,EAX
CALL 0042E6F1
MOV ECX,DWORD PTR DS:[EDX-14]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044E6E0
JMP 0042E398
LEA ECX,[EBP-30]
JMP 0040ECD0
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-11C]
XOR ECX,EAX
CALL 0042E6F1
MOV ECX,DWORD PTR DS:[EDX-8]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044E70C
JMP 0042E398
LEA ECX,[EBP-184]
JMP 004059E0
LEA ECX,[EBP-0E4]
JMP 0040B360
LEA ECX,[EBP-0E4]
JMP 004248A0
LEA ECX,[EBP-0E4]
JMP 0040B360
LEA ECX,[EBP-0E4]
JMP 0040ECD0
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-1E8]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044E730
JMP 0042E398
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
LEA ECX,[EBP-34]
JMP 0040B360
MOV EAX,DWORD PTR SS:[EBP-3C]
AND EAX,00000001
JE 00446770
AND DWORD PTR SS:[EBP-3C],FFFFFFFE

00446768
0044676B
00446770
00446771
00446774
00446779
0044677D
00446780
00446786
00446788
0044678D
00446792
00446797
00446798
00446799
0044679A
0044679B
0044679C
0044679D
0044679E
0044679F
004467A0
004467A6
004467AB
004467AF
004467B2
004467B8
004467BA
004467BF
004467C4
004467C9
004467CA
004467CB
004467CC
004467CD
004467CE
004467CF
004467D0
004467D3
004467D8
004467DB
004467E0
004467E4
004467E7
004467EA
004467EC
004467F1
004467F6
004467FB
004467FC
004467FD
004467FE
004467FF
00446800
00446803
00446808
0044680C
0044680F
00446812
00446814

|.
|.^
\>
/.
\.^
/.
|.
|.
|.
|.
|.
\.^

/.
\.^
/.
|.
|.
|.
|.
|.
\.^

/.
\.^
/.
\.^
/.
|.
|.
|.
|.
|.
\.^

/.
\.^
/.
|.
|.
|.
|.

8B4D 08
E9 F04BFCFF
C3
8D4D CC
E9 5785FCFF
8B5424 08
8D42 0C
8B8A 48FFFFFF
33C8
E8 647FFEFF
B8 94E74400
E9 017CFEFF
CC
CC
CC
CC
CC
CC
CC
CC
CC
8B8D 54FFFFFF
E9 D507FEFF
8B5424 08
8D42 0C
8B8A 5CFFFFFF
33C8
E8 327FFEFF
B8 C0E74400
E9 CF7BFEFF
CC
CC
CC
CC
CC
CC
CC
8B4D 8C
E9 884BFCFF
8B4D 8C
E9 F084FCFF
8B5424 08
8D42 0C
8B4A 94
33C8
E8 007FFEFF
B8 F4E74400
E9 9D7BFEFF
CC
CC
CC
CC
CC
8B4D C0
E9 7807FEFF
8B5424 08
8D42 0C
8B4A C8
33C8
E8 D87EFEFF

MOV ECX,DWORD PTR SS:[EBP+8]


JMP 0040B360
RETN
LEA ECX,[EBP-34]
JMP 0040ECD0
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-0B8]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044E794
JMP 0042E398
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
MOV ECX,DWORD PTR SS:[EBP-0AC]
JMP 00426F80
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-0A4]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044E7C0
JMP 0042E398
INT3
INT3
INT3
INT3
INT3
INT3
INT3
MOV ECX,DWORD PTR SS:[EBP-74]
JMP 0040B360
MOV ECX,DWORD PTR SS:[EBP-74]
JMP 0040ECD0
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-6C]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044E7F4
JMP 0042E398
INT3
INT3
INT3
INT3
INT3
MOV ECX,DWORD PTR SS:[EBP-40]
JMP 00426F80
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-38]
XOR ECX,EAX
CALL 0042E6F1

00446819
0044681E
00446823
00446824
00446825
00446826
00446827
00446828
00446829
0044682A
0044682B
0044682C
0044682D
0044682E
0044682F
00446830
00446833
00446838
0044683C
0044683F
00446842
00446844
00446849
0044684E
00446853
00446854
00446855
00446856
00446857
00446858
00446859
0044685A
0044685B
0044685C
0044685D
0044685E
0044685F
00446860
00446863
00446868
0044686C
0044686F
00446875
00446877
0044687C
0044687F
00446881
00446886
0044688B
00446890
00446893
00446898
0044689C
0044689F
004468A2
004468A4
004468A9
004468AE
004468B3
004468B4

|. B8 20E84400
\.^ E9 757BFEFF
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
/. 8D4D EC
\.^ E9 A8FEFBFF
/. 8B5424 08
|. 8D42 0C
|. 8B4A 90
|. 33C8
|. E8 A87EFEFF
|. B8 4CE84400
\.^ E9 457BFEFF
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
/. 8D4D CC
\.^ E9 6884FCFF
/. 8B5424 08
|. 8D42 0C
|. 8B8A 08FFFFFF
|. 33C8
|. E8 757EFEFF
|. 8B4A F4
|. 33C8
|. E8 6B7EFEFF
|. B8 78E84400
\.^ E9 087BFEFF
/. 8B4D C8
\.^ E9 A805FCFF
/. 8B5424 08
|. 8D42 0C
|. 8B4A C0
|. 33C8
|. E8 487EFEFF
|. B8 A4E84400
\.^ E9 E57AFEFF
CC
CC

MOV EAX,OFFSET 0044E820


JMP 0042E398
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
LEA ECX,[EBP-14]
JMP 004066E0
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-70]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044E84C
JMP 0042E398
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
LEA ECX,[EBP-34]
JMP 0040ECD0
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-0F8]
XOR ECX,EAX
CALL 0042E6F1
MOV ECX,DWORD PTR DS:[EDX-0C]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044E878
JMP 0042E398
MOV ECX,DWORD PTR SS:[EBP-38]
JMP 00406E40
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-40]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044E8A4
JMP 0042E398
INT3
INT3

004468B5
004468B6
004468B7
004468B8
004468B9
004468BA
004468BB
004468BC
004468BD
004468BE
004468BF
004468C0
004468C3
004468C6
004468CB
004468CE
004468D3
004468D7
004468DA
004468DD
004468DF
004468E4
004468E9
004468EE
004468EF
004468F0
004468F3
004468F8
004468FB
004468FE
00446903
00446906
00446909
0044690E
00446912
00446915
00446918
0044691A
0044691F
00446924
00446929
0044692A
0044692B
0044692C
0044692D
0044692E
0044692F
00446930
00446933
00446936
0044693B
0044693F
00446942
00446945
00446947
0044694C
00446951
00446956
00446957
00446958

/.
|.
\.^
/.
\.^
/.
|.
|.
|.
|.
|.
\.^
/.
\.^
/.
|.
\.^
/.
|.
\.^
/.
|.
|.
|.
|.
|.
\.^

/.
|.
\.^
/.
|.
|.
|.
|.
|.
\.^

CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
8B4D C4
83E9 48
E9 D504FEFF
8B4D CC
E9 AD06FEFF
8B5424 08
8D42 0C
8B4A CC
33C8
E8 0D7EFEFF
B8 D8E84400
E9 AA7AFEFF
CC
CC
8B4D 80
E9 684AFCFF
8B4D 80
83C1 28
E9 5D4AFCFF
8B4D 80
83C1 50
E9 524AFCFF
8B5424 08
8D42 0C
8B4A 88
33C8
E8 D27DFEFF
B8 14E94400
E9 6F7AFEFF
CC
CC
CC
CC
CC
CC
CC
8B4D E8
83C1 04
E9 7C73FEFF
8B5424 08
8D42 0C
8B4A EC
33C8
E8 A57DFEFF
B8 40E94400
E9 427AFEFF
CC
CC
CC

INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
MOV ECX,DWORD PTR SS:[EBP-3C]
SUB ECX,48
JMP 00426DA0
MOV ECX,DWORD PTR SS:[EBP-34]
JMP 00426F80
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-34]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044E8D8
JMP 0042E398
INT3
INT3
MOV ECX,DWORD PTR SS:[EBP-80]
JMP 0040B360
MOV ECX,DWORD PTR SS:[EBP-80]
ADD ECX,28
JMP 0040B360
MOV ECX,DWORD PTR SS:[EBP-80]
ADD ECX,50
JMP 0040B360
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-78]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044E914
JMP 0042E398
INT3
INT3
INT3
INT3
INT3
INT3
INT3
MOV ECX,DWORD PTR SS:[EBP-18]
ADD ECX,4
JMP 0042DCB7
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-14]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044E940
JMP 0042E398
INT3
INT3
INT3

00446959
0044695A
0044695B
0044695C
0044695D
0044695E
0044695F
00446960
00446963
00446968
0044696C
0044696F
00446972
00446974
00446979
0044697E
00446983
00446984
00446985
00446986
00446987
00446988
00446989
0044698A
0044698B
0044698C
0044698D
0044698E
0044698F
00446990
00446993
00446994
00446997
00446998
0044699D
004469A0
004469A1
004469A5
004469A8
004469AB
004469AD
004469B2
004469B7
004469BC
004469BD
004469BE
004469BF
004469C0
004469C3
004469C8
004469CC
004469CF
004469D2
004469D4
004469D9
004469DE
004469E3
004469E4
004469E5
004469E6

/.
\.^
/.
|.
|.
|.
|.
|.
\.^

/.
|.
|.
|.
|.
|.
\.
/.
|.
|.
|.
|.
|.
\.^

/.
\.^
/.
|.
|.
|.
|.
|.
\.^

CC
CC
CC
CC
CC
CC
CC
8B4D CC
E9 1806FEFF
8B5424 08
8D42 0C
8B4A D4
33C8
E8 787DFEFF
B8 6CE94400
E9 157AFEFF
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
8B45 EC
50
8B4D E4
51
E8 033CFCFF
83C4 08
C3
8B5424 08
8D42 0C
8B4A 94
33C8
E8 3F7DFEFF
B8 CCE94400
E9 DC79FEFF
CC
CC
CC
CC
8D4D EC
E9 18FDFBFF
8B5424 08
8D42 0C
8B4A A4
33C8
E8 187DFEFF
B8 F8E94400
E9 B579FEFF
CC
CC
CC
CC

INT3
INT3
INT3
INT3
INT3
INT3
INT3
MOV ECX,DWORD PTR SS:[EBP-34]
JMP 00426F80
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-2C]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044E96C
JMP 0042E398
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
MOV EAX,DWORD PTR SS:[EBP-14]
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP-1C]
PUSH ECX
CALL 0040A5A0
ADD ESP,8
RETN
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-6C]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044E9CC
JMP 0042E398
INT3
INT3
INT3
INT3
LEA ECX,[EBP-14]
JMP 004066E0
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-5C]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044E9F8
JMP 0042E398
INT3
INT3
INT3
INT3

004469E7
004469E8
004469E9
004469EA
004469EB
004469EC
004469ED
004469EE
004469EF
004469F0
004469F3
004469F8
004469FC
004469FF
00446A05
00446A07
00446A0C
00446A11
00446A16
00446A17
00446A18
00446A19
00446A1A
00446A1B
00446A1C
00446A1D
00446A1E
00446A1F
00446A20
00446A23
00446A24
00446A29
00446A2A
00446A2B
00446A31
00446A34
00446A3A
00446A41
00446A47
00446A4C
00446A4D
00446A51
00446A54
00446A5A
00446A5C
00446A61
00446A66
00446A6B
00446A6C
00446A6D
00446A6E
00446A6F
00446A70
00446A73
00446A78
00446A7C
00446A7F
00446A82
00446A84
00446A89

/.
\.^
/.
|.
|.
|.
|.
|.
\.^

/.
|.
|.
|.
\.
/.
|.
|.
|.
|.
|.^
\>
/.
|.
|.
|.
|.
|.
\.^

/.
\.^
/.
|.
|.
|.
|.
|.

CC
CC
CC
CC
CC
CC
CC
CC
CC
8D4D E8
E9 3D6EFEFF
8B5424 08
8D42 0C
8B8A FCFEFFFF
33C8
E8 E57CFEFF
B8 24EA4400
E9 8279FEFF
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
8B45 EC
50
E8 F17EFEFF
59
C3
8B85 58FFFFFF
83E0 01
0F84 12000000
83A5 58FFFFFF
8D8D 5CFFFFFF
E9 8482FCFF
C3
8B5424 08
8D42 0C
8B8A B4FEFFFF
33C8
E8 907CFEFF
B8 60EA4400
E9 2D79FEFF
CC
CC
CC
CC
CC
8B4D EC
E9 483FFEFF
8B5424 08
8D42 0C
8B4A F4
33C8
E8 687CFEFF
B8 8CEA4400

INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
LEA ECX,[EBP-18]
JMP 0042D835
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-104]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044EA24
JMP 0042E398
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
MOV EAX,DWORD PTR SS:[EBP-14]
PUSH EAX
CALL 0042E91A
POP ECX
RETN
MOV EAX,DWORD PTR SS:[EBP-0A8]
AND EAX,00000001
JE 00446A4C
AND DWORD PTR SS:[EBP-0A8],FFFFFFFE
LEA ECX,[EBP-0A4]
JMP 0040ECD0
RETN
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-14C]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044EA60
JMP 0042E398
INT3
INT3
INT3
INT3
INT3
MOV ECX,DWORD PTR SS:[EBP-14]
JMP 0042A9C0
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-0C]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044EA8C

00446A8E
00446A93
00446A94
00446A95
00446A96
00446A97
00446A98
00446A99
00446A9A
00446A9B
00446A9C
00446A9D
00446A9E
00446A9F
00446AA0
00446AA3
00446AA8
00446AAC
00446AAF
00446AB5
00446AB7
00446ABC
00446AC1
00446AC6
00446AC7
00446AC8
00446AC9
00446ACA
00446ACB
00446ACC
00446ACD
00446ACE
00446ACF
00446AD0
00446AD4
00446AD7
00446ADA
00446ADC
00446AE1
00446AE6
00446AEB
00446AEC
00446AED
00446AEE
00446AEF
00446AF0
00446AF3
00446AF8
00446AFC
00446AFF
00446B05
00446B07
00446B0C
00446B11
00446B16
00446B17
00446B18
00446B19
00446B1A
00446B1B

\.^ E9 0579FEFF
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
/. 8D4D A0
\.^ E9 2882FCFF
/. 8B5424 08
|. 8D42 0C
|. 8B8A 04FFFFFF
|. 33C8
|. E8 357CFEFF
|. B8 B8EA4400
\.^ E9 D278FEFF
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
/. 8B5424 08
|. 8D42 0C
|. 8B4A 9C
|. 33C8
|. E8 107CFEFF
|. B8 10EB4400
\.^ E9 AD78FEFF
CC
CC
CC
CC
CC
/. 8D4D A0
\.^ E9 D881FCFF
/. 8B5424 08
|. 8D42 0C
|. 8B8A DCFEFFFF
|. 33C8
|. E8 E57BFEFF
|. B8 3CEB4400
\.^ E9 8278FEFF
CC
CC
CC
CC
CC
CC

JMP 0042E398
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
LEA ECX,[EBP-60]
JMP 0040ECD0
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-0FC]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044EAB8
JMP 0042E398
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-64]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044EB10
JMP 0042E398
INT3
INT3
INT3
INT3
INT3
LEA ECX,[EBP-60]
JMP 0040ECD0
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-124]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044EB3C
JMP 0042E398
INT3
INT3
INT3
INT3
INT3
INT3

00446B1C
00446B1D
00446B1E
00446B1F
00446B20
00446B24
00446B27
00446B2A
00446B2C
00446B31
00446B36
00446B3B
00446B3C
00446B3D
00446B3E
00446B3F
00446B40
00446B43
00446B44
00446B47
00446B48
00446B4D
00446B50
00446B51
00446B54
00446B59
00446B5D
00446B60
00446B63
00446B65
00446B6A
00446B6F
00446B74
00446B75
00446B76
00446B77
00446B78
00446B79
00446B7A
00446B7B
00446B7C
00446B7D
00446B7E
00446B7F
00446B80
00446B83
00446B88
00446B8C
00446B8F
00446B95
00446B97
00446B9C
00446BA1
00446BA6
00446BA7
00446BA8
00446BA9
00446BAA
00446BAB
00446BAC

/.
|.
|.
|.
|.
|.
\.^

/.
|.
|.
|.
|.
|.
\.
/.
\.^
/.
|.
|.
|.
|.
|.
\.^

/.
\.^
/.
|.
|.
|.
|.
|.
\.^

CC
CC
CC
CC
8B5424 08
8D42 0C
8B4A 9C
33C8
E8 C07BFEFF
B8 94EB4400
E9 5D78FEFF
CC
CC
CC
CC
CC
8B45 EC
50
8B4D E4
51
E8 533AFCFF
83C4 08
C3
8B4D D0
E9 0748FCFF
8B5424 08
8D42 0C
8B4A C0
33C8
E8 877BFEFF
B8 FCEB4400
E9 2478FEFF
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
8D4D A0
E9 4881FCFF
8B5424 08
8D42 0C
8B8A F4FEFFFF
33C8
E8 557BFEFF
B8 28EC4400
E9 F277FEFF
CC
CC
CC
CC
CC
CC
CC

INT3
INT3
INT3
INT3
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-64]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044EB94
JMP 0042E398
INT3
INT3
INT3
INT3
INT3
MOV EAX,DWORD PTR SS:[EBP-14]
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP-1C]
PUSH ECX
CALL 0040A5A0
ADD ESP,8
RETN
MOV ECX,DWORD PTR SS:[EBP-30]
JMP 0040B360
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-40]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044EBFC
JMP 0042E398
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
LEA ECX,[EBP-60]
JMP 0040ECD0
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-10C]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044EC28
JMP 0042E398
INT3
INT3
INT3
INT3
INT3
INT3
INT3

00446BAD
00446BAE
00446BAF
00446BB0
00446BB4
00446BB7
00446BBA
00446BBC
00446BC1
00446BC6
00446BCB
00446BCC
00446BCD
00446BCE
00446BCF
00446BD0
00446BD3
00446BD4
00446BD7
00446BD8
00446BDD
00446BE0
00446BE1
00446BE5
00446BE8
00446BEB
00446BED
00446BF2
00446BF7
00446BFC
00446BFD
00446BFE
00446BFF
00446C00
00446C03
00446C08
00446C0C
00446C0F
00446C12
00446C14
00446C19
00446C1E
00446C23
00446C24
00446C25
00446C26
00446C27
00446C28
00446C29
00446C2A
00446C2B
00446C2C
00446C2D
00446C2E
00446C2F
00446C30
00446C33
00446C38
00446C3B
00446C3E

/.
|.
|.
|.
|.
|.
\.^

/.
|.
|.
|.
|.
|.
\.
/.
|.
|.
|.
|.
|.
\.^

/.
\.^
/.
|.
|.
|.
|.
|.
\.^

/.
\.^
/.
|.
|.

CC
CC
CC
8B5424 08
8D42 0C
8B4A 9C
33C8
E8 307BFEFF
B8 80EC4400
E9 CD77FEFF
CC
CC
CC
CC
CC
8B45 EC
50
8B4D E4
51
E8 C339FCFF
83C4 08
C3
8B5424 08
8D42 0C
8B4A AC
33C8
E8 FF7AFEFF
B8 E0EC4400
E9 9C77FEFF
CC
CC
CC
CC
8B4D C8
E9 A8FEFBFF
8B5424 08
8D42 0C
8B4A C8
33C8
E8 D87AFEFF
B8 0CED4400
E9 7577FEFF
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
CC
8D4D D8
E9 9880FCFF
8B45 D4
83E0 01
0F84 0C000000

INT3
INT3
INT3
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-64]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044EC80
JMP 0042E398
INT3
INT3
INT3
INT3
INT3
MOV EAX,DWORD PTR SS:[EBP-14]
PUSH EAX
MOV ECX,DWORD PTR SS:[EBP-1C]
PUSH ECX
CALL 0040A5A0
ADD ESP,8
RETN
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-54]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044ECE0
JMP 0042E398
INT3
INT3
INT3
INT3
MOV ECX,DWORD PTR SS:[EBP-38]
JMP 00406AB0
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-38]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044ED0C
JMP 0042E398
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
LEA ECX,[EBP-28]
JMP 0040ECD0
MOV EAX,DWORD PTR SS:[EBP-2C]
AND EAX,00000001
JE 00446C50

00446C44
00446C48
00446C4B
00446C50
00446C51
00446C55
00446C58
00446C5E
00446C60
00446C65
00446C6A
00446C6F
00446C70
00446C73
00446C78
00446C7B
00446C7E
00446C84
00446C88
00446C8B
00446C90
00446C91
00446C95
00446C98
00446C9E
00446CA0
00446CA5
00446CAA
00446CAF
00446CB0
00446CB3
00446CB8
00446CBB
00446CC0
00446CC4
00446CC7
00446CCD
00446CCF
00446CD4
00446CD9
00446CDE
00446CDF
00446CE0
00446CE3
00446CE8
00446CEC
00446CEF
00446CF5
00446CF7
00446CFC
00446D01
00446D06
00446D07
00446D08
00446D09
00446D0A
00446D0B
00446D0C
00446D0D
00446D0E

|.
|.
|.^
\>
/.
|.
|.
|.
|.
|.
\.^
/.
\.^
/.
|.
|.
|.
|.
|.^
\>
/.
|.
|.
|.
|.
|.
\.^
/.
\.^
/.
\.^
/.
|.
|.
|.
|.
|.
\.^
/.
\.^
/.
|.
|.
|.
|.
|.
\.^

8365 D4 FE
8B4D 08
E9 8080FCFF
C3
8B5424 08
8D42 0C
8B8A 44FFFFFF
33C8
E8 8C7AFEFF
B8 40ED4400
E9 2977FEFF
CC
8D4D D8
E9 5880FCFF
8B45 D4
83E0 01
0F84 0C000000
8365 D4 FE
8B4D 08
E9 4080FCFF
C3
8B5424 08
8D42 0C
8B8A 74FFFFFF
33C8
E8 4C7AFEFF
B8 74ED4400
E9 E976FEFF
CC
8D4D E4
E9 C891FCFF
8D4D E4
E9 B095FCFF
8B5424 08
8D42 0C
8B8A 34FFFFFF
33C8
E8 1D7AFEFF
B8 DCED4400
E9 BA76FEFF
CC
CC
8D4D E8
E9 4D6BFEFF
8B5424 08
8D42 0C
8B8A 2CFFFFFF
33C8
E8 F579FEFF
B8 08EE4400
E9 9276FEFF
CC
CC
CC
CC
CC
CC
CC
CC
CC

AND DWORD PTR SS:[EBP-2C],FFFFFFFE


MOV ECX,DWORD PTR SS:[EBP+8]
JMP 0040ECD0
RETN
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-0BC]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044ED40
JMP 0042E398
INT3
LEA ECX,[EBP-28]
JMP 0040ECD0
MOV EAX,DWORD PTR SS:[EBP-2C]
AND EAX,00000001
JE 00446C90
AND DWORD PTR SS:[EBP-2C],FFFFFFFE
MOV ECX,DWORD PTR SS:[EBP+8]
JMP 0040ECD0
RETN
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-8C]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044ED74
JMP 0042E398
INT3
LEA ECX,[EBP-1C]
JMP 0040FE80
LEA ECX,[EBP-1C]
JMP 00410270
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-0CC]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044EDDC
JMP 0042E398
INT3
INT3
LEA ECX,[EBP-18]
JMP 0042D835
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-0D4]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044EE08
JMP 0042E398
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3
INT3

00446D0F
00446D10
00446D13
00446D18
00446D1B
00446D20
00446D24
00446D27
00446D2A
00446D2C
00446D31
00446D36
00446D3B
00446D3C
00446D3D
00446D3E
00446D3F
00446D40
00446D43
00446D44
00446D49
00446D4A
00446D4B
00446D51
00446D54
00446D5A
00446D61
00446D67
00446D6C
00446D6D
00446D71
00446D74
00446D7A
00446D7C
00446D81
00446D86
00446D8B
00446D8E
00446D93
00446D97
00446D9A
00446D9D
00446D9F
00446DA4
00446DA9
00446DAE
00446DB1
00446DB6
00446DBA
00446DBD
00446DC0
00446DC2
00446DC7
00446DCC
00446DD1
00446DD4
00446DD9
00446DDC
00446DDF
00446DE4

/.
\.^
/.
\.^
/.
|.
|.
|.
|.
|.
\.^

/.
|.
|.
|.
\.
/.
|.
|.
|.
|.
|.^
\>
/.
|.
|.
|.
|.
|.
\.^
/.
\.^
/.
|.
|.
|.
|.
|.
\.^
/.
\.^
/.
|.
|.
|.
|.
|.
\.^
/.
\.^
/.
|.
\.^
/.

CC
8B4D 8C
E9 4846FCFF
8B4D 8C
E9 B07FFCFF
8B5424 08
8D42 0C
8B4A 90
33C8
E8 C079FEFF
B8 3CEE4400
E9 5D76FEFF
CC
CC
CC
CC
CC
8B45 EC
50
E8 D17BFEFF
59
C3
8B85 58FFFFFF
83E0 01
0F84 12000000
83A5 58FFFFFF
8D8D 5CFFFFFF
E9 647FFCFF
C3
8B5424 08
8D42 0C
8B8A E4FEFFFF
33C8
E8 7079FEFF
B8 78EE4400
E9 0D76FEFF
8D4D F0
E9 A26AFEFF
8B5424 08
8D42 0C
8B4A EC
33C8
E8 4D79FEFF
B8 A4EE4400
E9 EA75FEFF
8B4D F0
E9 6A72FCFF
8B5424 08
8D42 0C
8B4A EC
33C8
E8 2A79FEFF
B8 D0EE4400
E9 C775FEFF
8B4D F0
E9 4772FCFF
8B4D F0
83C1 18
E9 EC7EFCFF
8B5424 08

INT3
MOV ECX,DWORD PTR SS:[EBP-74]
JMP 0040B360
MOV ECX,DWORD PTR SS:[EBP-74]
JMP 0040ECD0
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-70]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044EE3C
JMP 0042E398
INT3
INT3
INT3
INT3
INT3
MOV EAX,DWORD PTR SS:[EBP-14]
PUSH EAX
CALL 0042E91A
POP ECX
RETN
MOV EAX,DWORD PTR SS:[EBP-0A8]
AND EAX,00000001
JE 00446D6C
AND DWORD PTR SS:[EBP-0A8],FFFFFFFE
LEA ECX,[EBP-0A4]
JMP 0040ECD0
RETN
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-11C]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044EE78
JMP 0042E398
LEA ECX,[EBP-10]
JMP 0042D835
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-14]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044EEA4
JMP 0042E398
MOV ECX,DWORD PTR SS:[EBP-10]
JMP 0040E020
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-14]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044EED0
JMP 0042E398
MOV ECX,DWORD PTR SS:[EBP-10]
JMP 0040E020
MOV ECX,DWORD PTR SS:[EBP-10]
ADD ECX,18
JMP 0040ECD0
MOV EDX,DWORD PTR SS:[ARG.2]

00446DE8
00446DEB
00446DEE
00446DF0
00446DF5
00446DFA
00446DFF
00446E02
00446E07
00446E0A
00446E0F
00446E10
00446E11
00446E15
00446E18
00446E1B
00446E1D
00446E22
00446E27
00446E2C
00446E2F
00446E34
00446E38
00446E3B
00446E3E
00446E40
00446E45
00446E4A
00446E4F
00446E53
00446E56
00446E59
00446E5B
00446E60
00446E65
00446E6A
00446E6B
00446E6C
00446E6D
00446E6E
00446E6F
00446E70
00446E71
00446E73
00446E7D
00446E7E
00446E7F
00446E80
00446E81
00446E83
00446E8D
00446E8E
00446E8F
00446E90
00446E91
00446E93
00446E9D
00446E9E
00446E9F
00446EA0

|.
|.
|.
|.
|.
\.^
/.
\.^
/.
|.
|.
\.
/.
|.
|.
|.
|.
|.
\.^
/.
\.^
/.
|.
|.
|.
|.
|.
\.^
/.
|.
|.
|.
|.
|.
\.^

/.
|.
|.
|.
\.
/.
|.
|.
|.
\.
/.
|.
|.
|.
\.
/.

8D42 0C
8B4A EC
33C8
E8 FC78FEFF
B8 04EF4400
E9 9975FEFF
8D4D F0
E9 2E6AFEFF
FF75 EC
E8 0B7BFEFF
59
C3
8B5424 08
8D42 0C
8B4A E8
33C8
E8 CF78FEFF
B8 38EF4400
E9 6C75FEFF
8D4D D8
E9 9C7EFCFF
8B5424 08
8D42 0C
8B4A AC
33C8
E8 AC78FEFF
B8 64EF4400
E9 4975FEFF
8B5424 08
8D42 0C
8B4A EC
33C8
E8 9178FEFF
B8 10F24400
E9 2E75FEFF
CC
CC
CC
CC
CC
CC
55
8BEC
C705 F0284500
5D
C3
CC
55
8BEC
C705 EC284500
5D
C3
CC
55
8BEC
C705 E8284500
5D
C3
CC
55

LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-14]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044EF04
JMP 0042E398
LEA ECX,[EBP-10]
JMP 0042D835
PUSH DWORD PTR SS:[EBP-14]
CALL 0042E91A
POP ECX
RETN
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-18]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044EF38
JMP 0042E398
LEA ECX,[EBP-28]
JMP 0040ECD0
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-54]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044EF64
JMP 0042E398
MOV EDX,DWORD PTR SS:[ARG.2]
LEA EAX,[EDX+0C]
MOV ECX,DWORD PTR DS:[EDX-14]
XOR ECX,EAX
CALL 0042E6F1
MOV EAX,OFFSET 0044F210
JMP 0042E398
INT3
INT3
INT3
INT3
INT3
INT3
PUSH EBP
MOV EBP,ESP
MOV DWORD PTR DS:[4528F0],0
POP EBP
RETN
INT3
PUSH EBP
MOV EBP,ESP
MOV DWORD PTR DS:[4528EC],0
POP EBP
RETN
INT3
PUSH EBP
MOV EBP,ESP
MOV DWORD PTR DS:[4528E8],0
POP EBP
RETN
INT3
PUSH EBP

00446EA1 |. 8BEC
MOV EBP,ESP
00446EA3 |. 51
PUSH ECX
00446EA4 |. 68 C09C4400 PUSH OFFSET 00449CC0
; /Procname
= "GetVersionExA"
00446EA9 |. 68 94924400 PUSH OFFSET 00449294
; |/ModuleN
ame = "KERNEL32"
00446EAE |. FF15 80804400 CALL DWORD PTR DS:[<&KERNEL32.GetModuleH ; |\KERNEL3
2.GetModuleHandleA
00446EB4 |. 50
PUSH EAX
; |hModule
00446EB5 |. FF15 7C804400 CALL DWORD PTR DS:[<&KERNEL32.GetProcAdd ; \KERNEL32
.GetProcAddress
00446EBB |. 85C0
TEST EAX,EAX
00446EBD |. 74 49
JE SHORT 00446F08
00446EBF |. C705 90114500 MOV DWORD PTR DS:[451190],9C
00446EC9 |. 68 90114500 PUSH OFFSET 00451190
; /OsVersio
nInfo = SystemInfo.451190 -> {Size=4294967295.,MajorVersion=0,MinorVersion=0,Bui
ldNumber=0,PlatformId=VER_PLATFORM_WIN32s,Version=""}
00446ECE |. FF15 E4804400 CALL DWORD PTR DS:[<&KERNEL32.GetVersion ; \KERNEL32
.GetVersionExA
00446ED4 |. 85C0
TEST EAX,EAX
00446ED6 |. 75 27
JNE SHORT 00446EFF
00446ED8 |. C705 90114500 MOV DWORD PTR DS:[451190],94
00446EE2 |. 68 90114500 PUSH OFFSET 00451190
; /OsVersio
nInfo = SystemInfo.451190 -> {Size=4294967295.,MajorVersion=0,MinorVersion=0,Bui
ldNumber=0,PlatformId=VER_PLATFORM_WIN32s,Version=""}
00446EE7 |. FF15 E4804400 CALL DWORD PTR DS:[<&KERNEL32.GetVersion ; \KERNEL32
.GetVersionExA
00446EED |. 85C0
TEST EAX,EAX
00446EEF |. 75 0E
JNE SHORT 00446EFF
00446EF1 |. C705 90114500 MOV DWORD PTR DS:[451190],0
00446EFB |. 33C0
XOR EAX,EAX
00446EFD |. 74 09
JE SHORT 00446F08
00446EFF |> C745 FC 01000 MOV DWORD PTR SS:[LOCAL.1],1
00446F06 |. EB 07
JMP SHORT 00446F0F
00446F08 |> C745 FC 00000 MOV DWORD PTR SS:[LOCAL.1],0
00446F0F |> 8B4D FC
MOV ECX,DWORD PTR SS:[LOCAL.1]
00446F12 |. 890D 00294500 MOV DWORD PTR DS:[452900],ECX
00446F18 |. 8BE5
MOV ESP,EBP
00446F1A |. 5D
POP EBP
00446F1B \. C3
RETN
00446F1C
CC
INT3
00446F1D
CC
INT3
00446F1E
CC
INT3
00446F1F
CC
INT3
00446F20 /. 55
PUSH EBP
00446F21 |. 8BEC
MOV EBP,ESP
00446F23 |. 83EC 30
SUB ESP,30
00446F26 |. C745 FC 00000 MOV DWORD PTR SS:[LOCAL.1],0
00446F2D |. 6A 01
PUSH 1
; /Arg2 = 1
00446F2F |. 6A 02
PUSH 2
; |Arg1 = 2
00446F31 |. B9 08294500 MOV ECX,OFFSET 00452908
; |
00446F36 |. E8 A5B8FDFF CALL 004227E0
; \SystemIn
fo.004227E0
00446F3B |. 68 906F4400 PUSH 00446F90
; /Arg1 = S
ystemInfo.446F90
00446F40 |. E8 4EC4FEFF CALL 00433393
; \SystemIn
fo.00433393
00446F45 |. 83C4 04
ADD ESP,4
00446F48 |. 8BE5
MOV ESP,EBP
00446F4A |. 5D
POP EBP

00446F4B \. C3
00446F4C /. B9 F82A4500
00446F51 |. E8 5D68FEFF
00446F56 |. 68 C96F4400
ystemInfo.446FC9
00446F5B |. E8 33C4FEFF
fo.00433393
00446F60 |. 59
00446F61 \. C3
00446F62 /. 68 D36F4400
ystemInfo.446FD3
00446F67 |. E8 27C4FEFF
fo.00433393
00446F6C |. 59
00446F6D \. C3
00446F6E /. B9 B02B4500
00446F73 |. E8 3B68FEFF
00446F78 |. 68 DD6F4400
ystemInfo.446FDD
00446F7D |. E8 11C4FEFF
fo.00433393
00446F82 |. 59
00446F83 \. C3
00446F84 /. 68 E76F4400
ystemInfo.446FE7
00446F89 |. E8 05C4FEFF
fo.00433393
00446F8E |. 59
00446F8F \. C3
00446F90 /. 55
00446F91 |. 8BEC
00446F93 |. 83EC 18
00446F96 |. B9 54294500
00446F9B |. E8 500AFEFF
fo.004279F0
00446FA0 |. C745 E8 54294
00446FA7 |. 8B45 E8
00446FAA |. C700 008A4400
00446FB0 |. 8B4D E8
00446FB3 |. C701 F8894400
00446FB9 |. 8B55 E8
00446FBC |. 52
SystemInfo.452954
00446FBD |. E8 036EFEFF
fo.0042DDC5
00446FC2 |. 83C4 04
00446FC5 |. 8BE5
00446FC7 |. 5D
00446FC8 \. C3
00446FC9 /. B9 F82A4500
00446FCE \.^ E9 1168FEFF
00446FD3 /. B9 1C2B4500
00446FD8 \.^ E9 03F7FBFF
00446FDD /. B9 B02B4500
00446FE2 \.^ E9 FD67FEFF
00446FE7 /. B9 B12B4500
00446FEC \.^ E9 0A72FEFF
00446FF1 /. C705 B42C4500
00446FFB |. B9 B42C4500
00447000 \.^ E9 5E7BFEFF

RETN
MOV ECX,OFFSET 00452AF8
CALL 0042D7B3
PUSH 00446FC9

; /Arg1 = S

CALL 00433393

; \SystemIn

POP ECX
RETN
PUSH 00446FD3

; /Arg1 = S

CALL 00433393

; \SystemIn

POP ECX
RETN
MOV ECX,OFFSET 00452BB0
CALL 0042D7B3
PUSH 00446FDD

; /Arg1 = S

CALL 00433393

; \SystemIn

POP ECX
RETN
PUSH 00446FE7

; /Arg1 = S

CALL 00433393

; \SystemIn

POP ECX
RETN
PUSH EBP
MOV EBP,ESP
SUB ESP,18
MOV ECX,OFFSET 00452954
CALL 004279F0

; [SystemIn

MOV DWORD PTR


MOV EAX,DWORD
MOV DWORD PTR
MOV ECX,DWORD
MOV DWORD PTR
MOV EDX,DWORD
PUSH EDX

; /Arg1 =>

SS:[LOCAL.6],OFFSET 004529
PTR SS:[LOCAL.6]
DS:[EAX],OFFSET 00448A00
PTR SS:[LOCAL.6]
DS:[ECX],OFFSET 004489F8
PTR SS:[LOCAL.6]

CALL 0042DDC5
ADD ESP,4
MOV ESP,EBP
POP EBP
RETN
MOV ECX,OFFSET 00452AF8
JMP 0042D7E4
MOV ECX,OFFSET 00452B1C
JMP 004066E0
MOV ECX,OFFSET 00452BB0
JMP 0042D7E4
MOV ECX,OFFSET 00452BB1
JMP 0042E1FB
MOV DWORD PTR DS:[452CB4],OFFSET 0044888
MOV ECX,OFFSET 00452CB4
JMP 0042EB63

; \SystemIn

00447005
00447006
00447007
00447008
00447009
0044700A
0044700B
0044700C
0044700D
0044700E
0044700F
00447010
00447011
00447012
00447013
00447014
00447015
00447016
00447017
00447018
00447019
0044701A
0044701B
0044701C
0044701D
0044701E
0044701F
00447020
00447021
00447022
00447023
00447024
00447025
00447026
00447027
00447028
00447029
0044702A
0044702B
0044702C
0044702D
0044702E
0044702F
00447030
00447031
00447032
00447033
00447034
00447035
00447036
00447037
00447038
00447039
0044703A
0044703B
0044703C
0044703D
0044703E
0044703F
00447040

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

00447041
00447042
00447043
00447044
00447045
00447046
00447047
00447048
00447049
0044704A
0044704B
0044704C
0044704D
0044704E
0044704F
00447050
00447051
00447052
00447053
00447054
00447055
00447056
00447057
00447058
00447059
0044705A
0044705B
0044705C
0044705D
0044705E
0044705F
00447060
00447061
00447062
00447063
00447064
00447065
00447066
00447067
00447068
00447069
0044706A
0044706B
0044706C
0044706D
0044706E
0044706F
00447070
00447071
00447072
00447073
00447074
00447075
00447076
00447077
00447078
00447079
0044707A
0044707B
0044707C

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

0044707D
0044707E
0044707F
00447080
00447081
00447082
00447083
00447084
00447085
00447086
00447087
00447088
00447089
0044708A
0044708B
0044708C
0044708D
0044708E
0044708F
00447090
00447091
00447092
00447093
00447094
00447095
00447096
00447097
00447098
00447099
0044709A
0044709B
0044709C
0044709D
0044709E
0044709F
004470A0
004470A1
004470A2
004470A3
004470A4
004470A5
004470A6
004470A7
004470A8
004470A9
004470AA
004470AB
004470AC
004470AD
004470AE
004470AF
004470B0
004470B1
004470B2
004470B3
004470B4
004470B5
004470B6
004470B7
004470B8

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

004470B9
004470BA
004470BB
004470BC
004470BD
004470BE
004470BF
004470C0
004470C1
004470C2
004470C3
004470C4
004470C5
004470C6
004470C7
004470C8
004470C9
004470CA
004470CB
004470CC
004470CD
004470CE
004470CF
004470D0
004470D1
004470D2
004470D3
004470D4
004470D5
004470D6
004470D7
004470D8
004470D9
004470DA
004470DB
004470DC
004470DD
004470DE
004470DF
004470E0
004470E1
004470E2
004470E3
004470E4
004470E5
004470E6
004470E7
004470E8
004470E9
004470EA
004470EB
004470EC
004470ED
004470EE
004470EF
004470F0
004470F1
004470F2
004470F3
004470F4

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

004470F5
004470F6
004470F7
004470F8
004470F9
004470FA
004470FB
004470FC
004470FD
004470FE
004470FF
00447100
00447101
00447102
00447103
00447104
00447105
00447106
00447107
00447108
00447109
0044710A
0044710B
0044710C
0044710D
0044710E
0044710F
00447110
00447111
00447112
00447113
00447114
00447115
00447116
00447117
00447118
00447119
0044711A
0044711B
0044711C
0044711D
0044711E
0044711F
00447120
00447121
00447122
00447123
00447124
00447125
00447126
00447127
00447128
00447129
0044712A
0044712B
0044712C
0044712D
0044712E
0044712F
00447130

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

00447131
00447132
00447133
00447134
00447135
00447136
00447137
00447138
00447139
0044713A
0044713B
0044713C
0044713D
0044713E
0044713F
00447140
00447141
00447142
00447143
00447144
00447145
00447146
00447147
00447148
00447149
0044714A
0044714B
0044714C
0044714D
0044714E
0044714F
00447150
00447151
00447152
00447153
00447154
00447155
00447156
00447157
00447158
00447159
0044715A
0044715B
0044715C
0044715D
0044715E
0044715F
00447160
00447161
00447162
00447163
00447164
00447165
00447166
00447167
00447168
00447169
0044716A
0044716B
0044716C

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

0044716D
0044716E
0044716F
00447170
00447171
00447172
00447173
00447174
00447175
00447176
00447177
00447178
00447179
0044717A
0044717B
0044717C
0044717D
0044717E
0044717F
00447180
00447181
00447182
00447183
00447184
00447185
00447186
00447187
00447188
00447189
0044718A
0044718B
0044718C
0044718D
0044718E
0044718F
00447190
00447191
00447192
00447193
00447194
00447195
00447196
00447197
00447198
00447199
0044719A
0044719B
0044719C
0044719D
0044719E
0044719F
004471A0
004471A1
004471A2
004471A3
004471A4
004471A5
004471A6
004471A7
004471A8

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

004471A9
004471AA
004471AB
004471AC
004471AD
004471AE
004471AF
004471B0
004471B1
004471B2
004471B3
004471B4
004471B5
004471B6
004471B7
004471B8
004471B9
004471BA
004471BB
004471BC
004471BD
004471BE
004471BF
004471C0
004471C1
004471C2
004471C3
004471C4
004471C5
004471C6
004471C7
004471C8
004471C9
004471CA
004471CB
004471CC
004471CD
004471CE
004471CF
004471D0
004471D1
004471D2
004471D3
004471D4
004471D5
004471D6
004471D7
004471D8
004471D9
004471DA
004471DB
004471DC
004471DD
004471DE
004471DF
004471E0
004471E1
004471E2
004471E3
004471E4

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

004471E5
004471E6
004471E7
004471E8
004471E9
004471EA
004471EB
004471EC
004471ED
004471EE
004471EF
004471F0
004471F1
004471F2
004471F3
004471F4
004471F5
004471F6
004471F7
004471F8
004471F9
004471FA
004471FB
004471FC
004471FD
004471FE
004471FF
00447200
00447201
00447202
00447203
00447204
00447205
00447206
00447207
00447208
00447209
0044720A
0044720B
0044720C
0044720D
0044720E
0044720F
00447210
00447211
00447212
00447213
00447214
00447215
00447216
00447217
00447218
00447219
0044721A
0044721B
0044721C
0044721D
0044721E
0044721F
00447220

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

00447221
00447222
00447223
00447224
00447225
00447226
00447227
00447228
00447229
0044722A
0044722B
0044722C
0044722D
0044722E
0044722F
00447230
00447231
00447232
00447233
00447234
00447235
00447236
00447237
00447238
00447239
0044723A
0044723B
0044723C
0044723D
0044723E
0044723F
00447240
00447241
00447242
00447243
00447244
00447245
00447246
00447247
00447248
00447249
0044724A
0044724B
0044724C
0044724D
0044724E
0044724F
00447250
00447251
00447252
00447253
00447254
00447255
00447256
00447257
00447258
00447259
0044725A
0044725B
0044725C

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

0044725D
0044725E
0044725F
00447260
00447261
00447262
00447263
00447264
00447265
00447266
00447267
00447268
00447269
0044726A
0044726B
0044726C
0044726D
0044726E
0044726F
00447270
00447271
00447272
00447273
00447274
00447275
00447276
00447277
00447278
00447279
0044727A
0044727B
0044727C
0044727D
0044727E
0044727F
00447280
00447281
00447282
00447283
00447284
00447285
00447286
00447287
00447288
00447289
0044728A
0044728B
0044728C
0044728D
0044728E
0044728F
00447290
00447291
00447292
00447293
00447294
00447295
00447296
00447297
00447298

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

00447299
0044729A
0044729B
0044729C
0044729D
0044729E
0044729F
004472A0
004472A1
004472A2
004472A3
004472A4
004472A5
004472A6
004472A7
004472A8
004472A9
004472AA
004472AB
004472AC
004472AD
004472AE
004472AF
004472B0
004472B1
004472B2
004472B3
004472B4
004472B5
004472B6
004472B7
004472B8
004472B9
004472BA
004472BB
004472BC
004472BD
004472BE
004472BF
004472C0
004472C1
004472C2
004472C3
004472C4
004472C5
004472C6
004472C7
004472C8
004472C9
004472CA
004472CB
004472CC
004472CD
004472CE
004472CF
004472D0
004472D1
004472D2
004472D3
004472D4

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

004472D5
004472D6
004472D7
004472D8
004472D9
004472DA
004472DB
004472DC
004472DD
004472DE
004472DF
004472E0
004472E1
004472E2
004472E3
004472E4
004472E5
004472E6
004472E7
004472E8
004472E9
004472EA
004472EB
004472EC
004472ED
004472EE
004472EF
004472F0
004472F1
004472F2
004472F3
004472F4
004472F5
004472F6
004472F7
004472F8
004472F9
004472FA
004472FB
004472FC
004472FD
004472FE
004472FF
00447300
00447301
00447302
00447303
00447304
00447305
00447306
00447307
00447308
00447309
0044730A
0044730B
0044730C
0044730D
0044730E
0044730F
00447310

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

00447311
00447312
00447313
00447314
00447315
00447316
00447317
00447318
00447319
0044731A
0044731B
0044731C
0044731D
0044731E
0044731F
00447320
00447321
00447322
00447323
00447324
00447325
00447326
00447327
00447328
00447329
0044732A
0044732B
0044732C
0044732D
0044732E
0044732F
00447330
00447331
00447332
00447333
00447334
00447335
00447336
00447337
00447338
00447339
0044733A
0044733B
0044733C
0044733D
0044733E
0044733F
00447340
00447341
00447342
00447343
00447344
00447345
00447346
00447347
00447348
00447349
0044734A
0044734B
0044734C

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

0044734D
0044734E
0044734F
00447350
00447351
00447352
00447353
00447354
00447355
00447356
00447357
00447358
00447359
0044735A
0044735B
0044735C
0044735D
0044735E
0044735F
00447360
00447361
00447362
00447363
00447364
00447365
00447366
00447367
00447368
00447369
0044736A
0044736B
0044736C
0044736D
0044736E
0044736F
00447370
00447371
00447372
00447373
00447374
00447375
00447376
00447377
00447378
00447379
0044737A
0044737B
0044737C
0044737D
0044737E
0044737F
00447380
00447381
00447382
00447383
00447384
00447385
00447386
00447387
00447388

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

00447389
0044738A
0044738B
0044738C
0044738D
0044738E
0044738F
00447390
00447391
00447392
00447393
00447394
00447395
00447396
00447397
00447398
00447399
0044739A
0044739B
0044739C
0044739D
0044739E
0044739F
004473A0
004473A1
004473A2
004473A3
004473A4
004473A5
004473A6
004473A7
004473A8
004473A9
004473AA
004473AB
004473AC
004473AD
004473AE
004473AF
004473B0
004473B1
004473B2
004473B3
004473B4
004473B5
004473B6
004473B7
004473B8
004473B9
004473BA
004473BB
004473BC
004473BD
004473BE
004473BF
004473C0
004473C1
004473C2
004473C3
004473C4

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

004473C5
004473C6
004473C7
004473C8
004473C9
004473CA
004473CB
004473CC
004473CD
004473CE
004473CF
004473D0
004473D1
004473D2
004473D3
004473D4
004473D5
004473D6
004473D7
004473D8
004473D9
004473DA
004473DB
004473DC
004473DD
004473DE
004473DF
004473E0
004473E1
004473E2
004473E3
004473E4
004473E5
004473E6
004473E7
004473E8
004473E9
004473EA
004473EB
004473EC
004473ED
004473EE
004473EF
004473F0
004473F1
004473F2
004473F3
004473F4
004473F5
004473F6
004473F7
004473F8
004473F9
004473FA
004473FB
004473FC
004473FD
004473FE
004473FF
00447400

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

00447401
00447402
00447403
00447404
00447405
00447406
00447407
00447408
00447409
0044740A
0044740B
0044740C
0044740D
0044740E
0044740F
00447410
00447411
00447412
00447413
00447414
00447415
00447416
00447417
00447418
00447419
0044741A
0044741B
0044741C
0044741D
0044741E
0044741F
00447420
00447421
00447422
00447423
00447424
00447425
00447426
00447427
00447428
00447429
0044742A
0044742B
0044742C
0044742D
0044742E
0044742F
00447430
00447431
00447432
00447433
00447434
00447435
00447436
00447437
00447438
00447439
0044743A
0044743B
0044743C

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

0044743D
0044743E
0044743F
00447440
00447441
00447442
00447443
00447444
00447445
00447446
00447447
00447448
00447449
0044744A
0044744B
0044744C
0044744D
0044744E
0044744F
00447450
00447451
00447452
00447453
00447454
00447455
00447456
00447457
00447458
00447459
0044745A
0044745B
0044745C
0044745D
0044745E
0044745F
00447460
00447461
00447462
00447463
00447464
00447465
00447466
00447467
00447468
00447469
0044746A
0044746B
0044746C
0044746D
0044746E
0044746F
00447470
00447471
00447472
00447473
00447474
00447475
00447476
00447477
00447478

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

00447479
0044747A
0044747B
0044747C
0044747D
0044747E
0044747F
00447480
00447481
00447482
00447483
00447484
00447485
00447486
00447487
00447488
00447489
0044748A
0044748B
0044748C
0044748D
0044748E
0044748F
00447490
00447491
00447492
00447493
00447494
00447495
00447496
00447497
00447498
00447499
0044749A
0044749B
0044749C
0044749D
0044749E
0044749F
004474A0
004474A1
004474A2
004474A3
004474A4
004474A5
004474A6
004474A7
004474A8
004474A9
004474AA
004474AB
004474AC
004474AD
004474AE
004474AF
004474B0
004474B1
004474B2
004474B3
004474B4

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

004474B5
004474B6
004474B7
004474B8
004474B9
004474BA
004474BB
004474BC
004474BD
004474BE
004474BF
004474C0
004474C1
004474C2
004474C3
004474C4
004474C5
004474C6
004474C7
004474C8
004474C9
004474CA
004474CB
004474CC
004474CD
004474CE
004474CF
004474D0
004474D1
004474D2
004474D3
004474D4
004474D5
004474D6
004474D7
004474D8
004474D9
004474DA
004474DB
004474DC
004474DD
004474DE
004474DF
004474E0
004474E1
004474E2
004474E3
004474E4
004474E5
004474E6
004474E7
004474E8
004474E9
004474EA
004474EB
004474EC
004474ED
004474EE
004474EF
004474F0

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

004474F1
004474F2
004474F3
004474F4
004474F5
004474F6
004474F7
004474F8
004474F9
004474FA
004474FB
004474FC
004474FD
004474FE
004474FF
00447500
00447501
00447502
00447503
00447504
00447505
00447506
00447507
00447508
00447509
0044750A
0044750B
0044750C
0044750D
0044750E
0044750F
00447510
00447511
00447512
00447513
00447514
00447515
00447516
00447517
00447518
00447519
0044751A
0044751B
0044751C
0044751D
0044751E
0044751F
00447520
00447521
00447522
00447523
00447524
00447525
00447526
00447527
00447528
00447529
0044752A
0044752B
0044752C

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

0044752D
0044752E
0044752F
00447530
00447531
00447532
00447533
00447534
00447535
00447536
00447537
00447538
00447539
0044753A
0044753B
0044753C
0044753D
0044753E
0044753F
00447540
00447541
00447542
00447543
00447544
00447545
00447546
00447547
00447548
00447549
0044754A
0044754B
0044754C
0044754D
0044754E
0044754F
00447550
00447551
00447552
00447553
00447554
00447555
00447556
00447557
00447558
00447559
0044755A
0044755B
0044755C
0044755D
0044755E
0044755F
00447560
00447561
00447562
00447563
00447564
00447565
00447566
00447567
00447568

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

00447569
0044756A
0044756B
0044756C
0044756D
0044756E
0044756F
00447570
00447571
00447572
00447573
00447574
00447575
00447576
00447577
00447578
00447579
0044757A
0044757B
0044757C
0044757D
0044757E
0044757F
00447580
00447581
00447582
00447583
00447584
00447585
00447586
00447587
00447588
00447589
0044758A
0044758B
0044758C
0044758D
0044758E
0044758F
00447590
00447591
00447592
00447593
00447594
00447595
00447596
00447597
00447598
00447599
0044759A
0044759B
0044759C
0044759D
0044759E
0044759F
004475A0
004475A1
004475A2
004475A3
004475A4

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

004475A5
004475A6
004475A7
004475A8
004475A9
004475AA
004475AB
004475AC
004475AD
004475AE
004475AF
004475B0
004475B1
004475B2
004475B3
004475B4
004475B5
004475B6
004475B7
004475B8
004475B9
004475BA
004475BB
004475BC
004475BD
004475BE
004475BF
004475C0
004475C1
004475C2
004475C3
004475C4
004475C5
004475C6
004475C7
004475C8
004475C9
004475CA
004475CB
004475CC
004475CD
004475CE
004475CF
004475D0
004475D1
004475D2
004475D3
004475D4
004475D5
004475D6
004475D7
004475D8
004475D9
004475DA
004475DB
004475DC
004475DD
004475DE
004475DF
004475E0

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

004475E1
004475E2
004475E3
004475E4
004475E5
004475E6
004475E7
004475E8
004475E9
004475EA
004475EB
004475EC
004475ED
004475EE
004475EF
004475F0
004475F1
004475F2
004475F3
004475F4
004475F5
004475F6
004475F7
004475F8
004475F9
004475FA
004475FB
004475FC
004475FD
004475FE
004475FF
00447600
00447601
00447602
00447603
00447604
00447605
00447606
00447607
00447608
00447609
0044760A
0044760B
0044760C
0044760D
0044760E
0044760F
00447610
00447611
00447612
00447613
00447614
00447615
00447616
00447617
00447618
00447619
0044761A
0044761B
0044761C

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

0044761D
0044761E
0044761F
00447620
00447621
00447622
00447623
00447624
00447625
00447626
00447627
00447628
00447629
0044762A
0044762B
0044762C
0044762D
0044762E
0044762F
00447630
00447631
00447632
00447633
00447634
00447635
00447636
00447637
00447638
00447639
0044763A
0044763B
0044763C
0044763D
0044763E
0044763F
00447640
00447641
00447642
00447643
00447644
00447645
00447646
00447647
00447648
00447649
0044764A
0044764B
0044764C
0044764D
0044764E
0044764F
00447650
00447651
00447652
00447653
00447654
00447655
00447656
00447657
00447658

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

00447659
0044765A
0044765B
0044765C
0044765D
0044765E
0044765F
00447660
00447661
00447662
00447663
00447664
00447665
00447666
00447667
00447668
00447669
0044766A
0044766B
0044766C
0044766D
0044766E
0044766F
00447670
00447671
00447672
00447673
00447674
00447675
00447676
00447677
00447678
00447679
0044767A
0044767B
0044767C
0044767D
0044767E
0044767F
00447680
00447681
00447682
00447683
00447684
00447685
00447686
00447687
00447688
00447689
0044768A
0044768B
0044768C
0044768D
0044768E
0044768F
00447690
00447691
00447692
00447693
00447694

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

00447695
00447696
00447697
00447698
00447699
0044769A
0044769B
0044769C
0044769D
0044769E
0044769F
004476A0
004476A1
004476A2
004476A3
004476A4
004476A5
004476A6
004476A7
004476A8
004476A9
004476AA
004476AB
004476AC
004476AD
004476AE
004476AF
004476B0
004476B1
004476B2
004476B3
004476B4
004476B5
004476B6
004476B7
004476B8
004476B9
004476BA
004476BB
004476BC
004476BD
004476BE
004476BF
004476C0
004476C1
004476C2
004476C3
004476C4
004476C5
004476C6
004476C7
004476C8
004476C9
004476CA
004476CB
004476CC
004476CD
004476CE
004476CF
004476D0

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

004476D1
004476D2
004476D3
004476D4
004476D5
004476D6
004476D7
004476D8
004476D9
004476DA
004476DB
004476DC
004476DD
004476DE
004476DF
004476E0
004476E1
004476E2
004476E3
004476E4
004476E5
004476E6
004476E7
004476E8
004476E9
004476EA
004476EB
004476EC
004476ED
004476EE
004476EF
004476F0
004476F1
004476F2
004476F3
004476F4
004476F5
004476F6
004476F7
004476F8
004476F9
004476FA
004476FB
004476FC
004476FD
004476FE
004476FF
00447700
00447701
00447702
00447703
00447704
00447705
00447706
00447707
00447708
00447709
0044770A
0044770B
0044770C

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

0044770D
0044770E
0044770F
00447710
00447711
00447712
00447713
00447714
00447715
00447716
00447717
00447718
00447719
0044771A
0044771B
0044771C
0044771D
0044771E
0044771F
00447720
00447721
00447722
00447723
00447724
00447725
00447726
00447727
00447728
00447729
0044772A
0044772B
0044772C
0044772D
0044772E
0044772F
00447730
00447731
00447732
00447733
00447734
00447735
00447736
00447737
00447738
00447739
0044773A
0044773B
0044773C
0044773D
0044773E
0044773F
00447740
00447741
00447742
00447743
00447744
00447745
00447746
00447747
00447748

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

00447749
0044774A
0044774B
0044774C
0044774D
0044774E
0044774F
00447750
00447751
00447752
00447753
00447754
00447755
00447756
00447757
00447758
00447759
0044775A
0044775B
0044775C
0044775D
0044775E
0044775F
00447760
00447761
00447762
00447763
00447764
00447765
00447766
00447767
00447768
00447769
0044776A
0044776B
0044776C
0044776D
0044776E
0044776F
00447770
00447771
00447772
00447773
00447774
00447775
00447776
00447777
00447778
00447779
0044777A
0044777B
0044777C
0044777D
0044777E
0044777F
00447780
00447781
00447782
00447783
00447784

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

00447785
00447786
00447787
00447788
00447789
0044778A
0044778B
0044778C
0044778D
0044778E
0044778F
00447790
00447791
00447792
00447793
00447794
00447795
00447796
00447797
00447798
00447799
0044779A
0044779B
0044779C
0044779D
0044779E
0044779F
004477A0
004477A1
004477A2
004477A3
004477A4
004477A5
004477A6
004477A7
004477A8
004477A9
004477AA
004477AB
004477AC
004477AD
004477AE
004477AF
004477B0
004477B1
004477B2
004477B3
004477B4
004477B5
004477B6
004477B7
004477B8
004477B9
004477BA
004477BB
004477BC
004477BD
004477BE
004477BF
004477C0

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

004477C1
004477C2
004477C3
004477C4
004477C5
004477C6
004477C7
004477C8
004477C9
004477CA
004477CB
004477CC
004477CD
004477CE
004477CF
004477D0
004477D1
004477D2
004477D3
004477D4
004477D5
004477D6
004477D7
004477D8
004477D9
004477DA
004477DB
004477DC
004477DD
004477DE
004477DF
004477E0
004477E1
004477E2
004477E3
004477E4
004477E5
004477E6
004477E7
004477E8
004477E9
004477EA
004477EB
004477EC
004477ED
004477EE
004477EF
004477F0
004477F1
004477F2
004477F3
004477F4
004477F5
004477F6
004477F7
004477F8
004477F9
004477FA
004477FB
004477FC

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

004477FD
004477FE
004477FF
00447800
00447801
00447802
00447803
00447804
00447805
00447806
00447807
00447808
00447809
0044780A
0044780B
0044780C
0044780D
0044780E
0044780F
00447810
00447811
00447812
00447813
00447814
00447815
00447816
00447817
00447818
00447819
0044781A
0044781B
0044781C
0044781D
0044781E
0044781F
00447820
00447821
00447822
00447823
00447824
00447825
00447826
00447827
00447828
00447829
0044782A
0044782B
0044782C
0044782D
0044782E
0044782F
00447830
00447831
00447832
00447833
00447834
00447835
00447836
00447837
00447838

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

00447839
0044783A
0044783B
0044783C
0044783D
0044783E
0044783F
00447840
00447841
00447842
00447843
00447844
00447845
00447846
00447847
00447848
00447849
0044784A
0044784B
0044784C
0044784D
0044784E
0044784F
00447850
00447851
00447852
00447853
00447854
00447855
00447856
00447857
00447858
00447859
0044785A
0044785B
0044785C
0044785D
0044785E
0044785F
00447860
00447861
00447862
00447863
00447864
00447865
00447866
00447867
00447868
00447869
0044786A
0044786B
0044786C
0044786D
0044786E
0044786F
00447870
00447871
00447872
00447873
00447874

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

00447875
00447876
00447877
00447878
00447879
0044787A
0044787B
0044787C
0044787D
0044787E
0044787F
00447880
00447881
00447882
00447883
00447884
00447885
00447886
00447887
00447888
00447889
0044788A
0044788B
0044788C
0044788D
0044788E
0044788F
00447890
00447891
00447892
00447893
00447894
00447895
00447896
00447897
00447898
00447899
0044789A
0044789B
0044789C
0044789D
0044789E
0044789F
004478A0
004478A1
004478A2
004478A3
004478A4
004478A5
004478A6
004478A7
004478A8
004478A9
004478AA
004478AB
004478AC
004478AD
004478AE
004478AF
004478B0

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

004478B1
004478B2
004478B3
004478B4
004478B5
004478B6
004478B7
004478B8
004478B9
004478BA
004478BB
004478BC
004478BD
004478BE
004478BF
004478C0
004478C1
004478C2
004478C3
004478C4
004478C5
004478C6
004478C7
004478C8
004478C9
004478CA
004478CB
004478CC
004478CD
004478CE
004478CF
004478D0
004478D1
004478D2
004478D3
004478D4
004478D5
004478D6
004478D7
004478D8
004478D9
004478DA
004478DB
004478DC
004478DD
004478DE
004478DF
004478E0
004478E1
004478E2
004478E3
004478E4
004478E5
004478E6
004478E7
004478E8
004478E9
004478EA
004478EB
004478EC

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

004478ED
004478EE
004478EF
004478F0
004478F1
004478F2
004478F3
004478F4
004478F5
004478F6
004478F7
004478F8
004478F9
004478FA
004478FB
004478FC
004478FD
004478FE
004478FF
00447900
00447901
00447902
00447903
00447904
00447905
00447906
00447907
00447908
00447909
0044790A
0044790B
0044790C
0044790D
0044790E
0044790F
00447910
00447911
00447912
00447913
00447914
00447915
00447916
00447917
00447918
00447919
0044791A
0044791B
0044791C
0044791D
0044791E
0044791F
00447920
00447921
00447922
00447923
00447924
00447925
00447926
00447927
00447928

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

00447929
0044792A
0044792B
0044792C
0044792D
0044792E
0044792F
00447930
00447931
00447932
00447933
00447934
00447935
00447936
00447937
00447938
00447939
0044793A
0044793B
0044793C
0044793D
0044793E
0044793F
00447940
00447941
00447942
00447943
00447944
00447945
00447946
00447947
00447948
00447949
0044794A
0044794B
0044794C
0044794D
0044794E
0044794F
00447950
00447951
00447952
00447953
00447954
00447955
00447956
00447957
00447958
00447959
0044795A
0044795B
0044795C
0044795D
0044795E
0044795F
00447960
00447961
00447962
00447963
00447964

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

00447965
00447966
00447967
00447968
00447969
0044796A
0044796B
0044796C
0044796D
0044796E
0044796F
00447970
00447971
00447972
00447973
00447974
00447975
00447976
00447977
00447978
00447979
0044797A
0044797B
0044797C
0044797D
0044797E
0044797F
00447980
00447981
00447982
00447983
00447984
00447985
00447986
00447987
00447988
00447989
0044798A
0044798B
0044798C
0044798D
0044798E
0044798F
00447990
00447991
00447992
00447993
00447994
00447995
00447996
00447997
00447998
00447999
0044799A
0044799B
0044799C
0044799D
0044799E
0044799F
004479A0

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

004479A1
004479A2
004479A3
004479A4
004479A5
004479A6
004479A7
004479A8
004479A9
004479AA
004479AB
004479AC
004479AD
004479AE
004479AF
004479B0
004479B1
004479B2
004479B3
004479B4
004479B5
004479B6
004479B7
004479B8
004479B9
004479BA
004479BB
004479BC
004479BD
004479BE
004479BF
004479C0
004479C1
004479C2
004479C3
004479C4
004479C5
004479C6
004479C7
004479C8
004479C9
004479CA
004479CB
004479CC
004479CD
004479CE
004479CF
004479D0
004479D1
004479D2
004479D3
004479D4
004479D5
004479D6
004479D7
004479D8
004479D9
004479DA
004479DB
004479DC

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

004479DD
004479DE
004479DF
004479E0
004479E1
004479E2
004479E3
004479E4
004479E5
004479E6
004479E7
004479E8
004479E9
004479EA
004479EB
004479EC
004479ED
004479EE
004479EF
004479F0
004479F1
004479F2
004479F3
004479F4
004479F5
004479F6
004479F7
004479F8
004479F9
004479FA
004479FB
004479FC
004479FD
004479FE
004479FF
00447A00
00447A01
00447A02
00447A03
00447A04
00447A05
00447A06
00447A07
00447A08
00447A09
00447A0A
00447A0B
00447A0C
00447A0D
00447A0E
00447A0F
00447A10
00447A11
00447A12
00447A13
00447A14
00447A15
00447A16
00447A17
00447A18

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

00447A19
00447A1A
00447A1B
00447A1C
00447A1D
00447A1E
00447A1F
00447A20
00447A21
00447A22
00447A23
00447A24
00447A25
00447A26
00447A27
00447A28
00447A29
00447A2A
00447A2B
00447A2C
00447A2D
00447A2E
00447A2F
00447A30
00447A31
00447A32
00447A33
00447A34
00447A35
00447A36
00447A37
00447A38
00447A39
00447A3A
00447A3B
00447A3C
00447A3D
00447A3E
00447A3F
00447A40
00447A41
00447A42
00447A43
00447A44
00447A45
00447A46
00447A47
00447A48
00447A49
00447A4A
00447A4B
00447A4C
00447A4D
00447A4E
00447A4F
00447A50
00447A51
00447A52
00447A53
00447A54

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

00447A55
00447A56
00447A57
00447A58
00447A59
00447A5A
00447A5B
00447A5C
00447A5D
00447A5E
00447A5F
00447A60
00447A61
00447A62
00447A63
00447A64
00447A65
00447A66
00447A67
00447A68
00447A69
00447A6A
00447A6B
00447A6C
00447A6D
00447A6E
00447A6F
00447A70
00447A71
00447A72
00447A73
00447A74
00447A75
00447A76
00447A77
00447A78
00447A79
00447A7A
00447A7B
00447A7C
00447A7D
00447A7E
00447A7F
00447A80
00447A81
00447A82
00447A83
00447A84
00447A85
00447A86
00447A87
00447A88
00447A89
00447A8A
00447A8B
00447A8C
00447A8D
00447A8E
00447A8F
00447A90

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

00447A91
00447A92
00447A93
00447A94
00447A95
00447A96
00447A97
00447A98
00447A99
00447A9A
00447A9B
00447A9C
00447A9D
00447A9E
00447A9F
00447AA0
00447AA1
00447AA2
00447AA3
00447AA4
00447AA5
00447AA6
00447AA7
00447AA8
00447AA9
00447AAA
00447AAB
00447AAC
00447AAD
00447AAE
00447AAF
00447AB0
00447AB1
00447AB2
00447AB3
00447AB4
00447AB5
00447AB6
00447AB7
00447AB8
00447AB9
00447ABA
00447ABB
00447ABC
00447ABD
00447ABE
00447ABF
00447AC0
00447AC1
00447AC2
00447AC3
00447AC4
00447AC5
00447AC6
00447AC7
00447AC8
00447AC9
00447ACA
00447ACB
00447ACC

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

00447ACD
00447ACE
00447ACF
00447AD0
00447AD1
00447AD2
00447AD3
00447AD4
00447AD5
00447AD6
00447AD7
00447AD8
00447AD9
00447ADA
00447ADB
00447ADC
00447ADD
00447ADE
00447ADF
00447AE0
00447AE1
00447AE2
00447AE3
00447AE4
00447AE5
00447AE6
00447AE7
00447AE8
00447AE9
00447AEA
00447AEB
00447AEC
00447AED
00447AEE
00447AEF
00447AF0
00447AF1
00447AF2
00447AF3
00447AF4
00447AF5
00447AF6
00447AF7
00447AF8
00447AF9
00447AFA
00447AFB
00447AFC
00447AFD
00447AFE
00447AFF
00447B00
00447B01
00447B02
00447B03
00447B04
00447B05
00447B06
00447B07
00447B08

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

00447B09
00447B0A
00447B0B
00447B0C
00447B0D
00447B0E
00447B0F
00447B10
00447B11
00447B12
00447B13
00447B14
00447B15
00447B16
00447B17
00447B18
00447B19
00447B1A
00447B1B
00447B1C
00447B1D
00447B1E
00447B1F
00447B20
00447B21
00447B22
00447B23
00447B24
00447B25
00447B26
00447B27
00447B28
00447B29
00447B2A
00447B2B
00447B2C
00447B2D
00447B2E
00447B2F
00447B30
00447B31
00447B32
00447B33
00447B34
00447B35
00447B36
00447B37
00447B38
00447B39
00447B3A
00447B3B
00447B3C
00447B3D
00447B3E
00447B3F
00447B40
00447B41
00447B42
00447B43
00447B44

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

00447B45
00447B46
00447B47
00447B48
00447B49
00447B4A
00447B4B
00447B4C
00447B4D
00447B4E
00447B4F
00447B50
00447B51
00447B52
00447B53
00447B54
00447B55
00447B56
00447B57
00447B58
00447B59
00447B5A
00447B5B
00447B5C
00447B5D
00447B5E
00447B5F
00447B60
00447B61
00447B62
00447B63
00447B64
00447B65
00447B66
00447B67
00447B68
00447B69
00447B6A
00447B6B
00447B6C
00447B6D
00447B6E
00447B6F
00447B70
00447B71
00447B72
00447B73
00447B74
00447B75
00447B76
00447B77
00447B78
00447B79
00447B7A
00447B7B
00447B7C
00447B7D
00447B7E
00447B7F
00447B80

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

00447B81
00447B82
00447B83
00447B84
00447B85
00447B86
00447B87
00447B88
00447B89
00447B8A
00447B8B
00447B8C
00447B8D
00447B8E
00447B8F
00447B90
00447B91
00447B92
00447B93
00447B94
00447B95
00447B96
00447B97
00447B98
00447B99
00447B9A
00447B9B
00447B9C
00447B9D
00447B9E
00447B9F
00447BA0
00447BA1
00447BA2
00447BA3
00447BA4
00447BA5
00447BA6
00447BA7
00447BA8
00447BA9
00447BAA
00447BAB
00447BAC
00447BAD
00447BAE
00447BAF
00447BB0
00447BB1
00447BB2
00447BB3
00447BB4
00447BB5
00447BB6
00447BB7
00447BB8
00447BB9
00447BBA
00447BBB
00447BBC

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

00447BBD
00447BBE
00447BBF
00447BC0
00447BC1
00447BC2
00447BC3
00447BC4
00447BC5
00447BC6
00447BC7
00447BC8
00447BC9
00447BCA
00447BCB
00447BCC
00447BCD
00447BCE
00447BCF
00447BD0
00447BD1
00447BD2
00447BD3
00447BD4
00447BD5
00447BD6
00447BD7
00447BD8
00447BD9
00447BDA
00447BDB
00447BDC
00447BDD
00447BDE
00447BDF
00447BE0
00447BE1
00447BE2
00447BE3
00447BE4
00447BE5
00447BE6
00447BE7
00447BE8
00447BE9
00447BEA
00447BEB
00447BEC
00447BED
00447BEE
00447BEF
00447BF0
00447BF1
00447BF2
00447BF3
00447BF4
00447BF5
00447BF6
00447BF7
00447BF8

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

00447BF9
00447BFA
00447BFB
00447BFC
00447BFD
00447BFE
00447BFF
00447C00
00447C01
00447C02
00447C03
00447C04
00447C05
00447C06
00447C07
00447C08
00447C09
00447C0A
00447C0B
00447C0C
00447C0D
00447C0E
00447C0F
00447C10
00447C11
00447C12
00447C13
00447C14
00447C15
00447C16
00447C17
00447C18
00447C19
00447C1A
00447C1B
00447C1C
00447C1D
00447C1E
00447C1F
00447C20
00447C21
00447C22
00447C23
00447C24
00447C25
00447C26
00447C27
00447C28
00447C29
00447C2A
00447C2B
00447C2C
00447C2D
00447C2E
00447C2F
00447C30
00447C31
00447C32
00447C33
00447C34

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

00447C35
00447C36
00447C37
00447C38
00447C39
00447C3A
00447C3B
00447C3C
00447C3D
00447C3E
00447C3F
00447C40
00447C41
00447C42
00447C43
00447C44
00447C45
00447C46
00447C47
00447C48
00447C49
00447C4A
00447C4B
00447C4C
00447C4D
00447C4E
00447C4F
00447C50
00447C51
00447C52
00447C53
00447C54
00447C55
00447C56
00447C57
00447C58
00447C59
00447C5A
00447C5B
00447C5C
00447C5D
00447C5E
00447C5F
00447C60
00447C61
00447C62
00447C63
00447C64
00447C65
00447C66
00447C67
00447C68
00447C69
00447C6A
00447C6B
00447C6C
00447C6D
00447C6E
00447C6F
00447C70

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

00447C71
00447C72
00447C73
00447C74
00447C75
00447C76
00447C77
00447C78
00447C79
00447C7A
00447C7B
00447C7C
00447C7D
00447C7E
00447C7F
00447C80
00447C81
00447C82
00447C83
00447C84
00447C85
00447C86
00447C87
00447C88
00447C89
00447C8A
00447C8B
00447C8C
00447C8D
00447C8E
00447C8F
00447C90
00447C91
00447C92
00447C93
00447C94
00447C95
00447C96
00447C97
00447C98
00447C99
00447C9A
00447C9B
00447C9C
00447C9D
00447C9E
00447C9F
00447CA0
00447CA1
00447CA2
00447CA3
00447CA4
00447CA5
00447CA6
00447CA7
00447CA8
00447CA9
00447CAA
00447CAB
00447CAC

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

00447CAD
00447CAE
00447CAF
00447CB0
00447CB1
00447CB2
00447CB3
00447CB4
00447CB5
00447CB6
00447CB7
00447CB8
00447CB9
00447CBA
00447CBB
00447CBC
00447CBD
00447CBE
00447CBF
00447CC0
00447CC1
00447CC2
00447CC3
00447CC4
00447CC5
00447CC6
00447CC7
00447CC8
00447CC9
00447CCA
00447CCB
00447CCC
00447CCD
00447CCE
00447CCF
00447CD0
00447CD1
00447CD2
00447CD3
00447CD4
00447CD5
00447CD6
00447CD7
00447CD8
00447CD9
00447CDA
00447CDB
00447CDC
00447CDD
00447CDE
00447CDF
00447CE0
00447CE1
00447CE2
00447CE3
00447CE4
00447CE5
00447CE6
00447CE7
00447CE8

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

00447CE9
00447CEA
00447CEB
00447CEC
00447CED
00447CEE
00447CEF
00447CF0
00447CF1
00447CF2
00447CF3
00447CF4
00447CF5
00447CF6
00447CF7
00447CF8
00447CF9
00447CFA
00447CFB
00447CFC
00447CFD
00447CFE
00447CFF
00447D00
00447D01
00447D02
00447D03
00447D04
00447D05
00447D06
00447D07
00447D08
00447D09
00447D0A
00447D0B
00447D0C
00447D0D
00447D0E
00447D0F
00447D10
00447D11
00447D12
00447D13
00447D14
00447D15
00447D16
00447D17
00447D18
00447D19
00447D1A
00447D1B
00447D1C
00447D1D
00447D1E
00447D1F
00447D20
00447D21
00447D22
00447D23
00447D24

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

00447D25
00447D26
00447D27
00447D28
00447D29
00447D2A
00447D2B
00447D2C
00447D2D
00447D2E
00447D2F
00447D30
00447D31
00447D32
00447D33
00447D34
00447D35
00447D36
00447D37
00447D38
00447D39
00447D3A
00447D3B
00447D3C
00447D3D
00447D3E
00447D3F
00447D40
00447D41
00447D42
00447D43
00447D44
00447D45
00447D46
00447D47
00447D48
00447D49
00447D4A
00447D4B
00447D4C
00447D4D
00447D4E
00447D4F
00447D50
00447D51
00447D52
00447D53
00447D54
00447D55
00447D56
00447D57
00447D58
00447D59
00447D5A
00447D5B
00447D5C
00447D5D
00447D5E
00447D5F
00447D60

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

00447D61
00447D62
00447D63
00447D64
00447D65
00447D66
00447D67
00447D68
00447D69
00447D6A
00447D6B
00447D6C
00447D6D
00447D6E
00447D6F
00447D70
00447D71
00447D72
00447D73
00447D74
00447D75
00447D76
00447D77
00447D78
00447D79
00447D7A
00447D7B
00447D7C
00447D7D
00447D7E
00447D7F
00447D80
00447D81
00447D82
00447D83
00447D84
00447D85
00447D86
00447D87
00447D88
00447D89
00447D8A
00447D8B
00447D8C
00447D8D
00447D8E
00447D8F
00447D90
00447D91
00447D92
00447D93
00447D94
00447D95
00447D96
00447D97
00447D98
00447D99
00447D9A
00447D9B
00447D9C

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

00447D9D
00447D9E
00447D9F
00447DA0
00447DA1
00447DA2
00447DA3
00447DA4
00447DA5
00447DA6
00447DA7
00447DA8
00447DA9
00447DAA
00447DAB
00447DAC
00447DAD
00447DAE
00447DAF
00447DB0
00447DB1
00447DB2
00447DB3
00447DB4
00447DB5
00447DB6
00447DB7
00447DB8
00447DB9
00447DBA
00447DBB
00447DBC
00447DBD
00447DBE
00447DBF
00447DC0
00447DC1
00447DC2
00447DC3
00447DC4
00447DC5
00447DC6
00447DC7
00447DC8
00447DC9
00447DCA
00447DCB
00447DCC
00447DCD
00447DCE
00447DCF
00447DD0
00447DD1
00447DD2
00447DD3
00447DD4
00447DD5
00447DD6
00447DD7
00447DD8

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

00447DD9
00447DDA
00447DDB
00447DDC
00447DDD
00447DDE
00447DDF
00447DE0
00447DE1
00447DE2
00447DE3
00447DE4
00447DE5
00447DE6
00447DE7
00447DE8
00447DE9
00447DEA
00447DEB
00447DEC
00447DED
00447DEE
00447DEF
00447DF0
00447DF1
00447DF2
00447DF3
00447DF4
00447DF5
00447DF6
00447DF7
00447DF8
00447DF9
00447DFA
00447DFB
00447DFC
00447DFD
00447DFE
00447DFF
00447E00
00447E01
00447E02
00447E03
00447E04
00447E05
00447E06
00447E07
00447E08
00447E09
00447E0A
00447E0B
00447E0C
00447E0D
00447E0E
00447E0F
00447E10
00447E11
00447E12
00447E13
00447E14

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

00447E15
00447E16
00447E17
00447E18
00447E19
00447E1A
00447E1B
00447E1C
00447E1D
00447E1E
00447E1F
00447E20
00447E21
00447E22
00447E23
00447E24
00447E25
00447E26
00447E27
00447E28
00447E29
00447E2A
00447E2B
00447E2C
00447E2D
00447E2E
00447E2F
00447E30
00447E31
00447E32
00447E33
00447E34
00447E35
00447E36
00447E37
00447E38
00447E39
00447E3A
00447E3B
00447E3C
00447E3D
00447E3E
00447E3F
00447E40
00447E41
00447E42
00447E43
00447E44
00447E45
00447E46
00447E47
00447E48
00447E49
00447E4A
00447E4B
00447E4C
00447E4D
00447E4E
00447E4F
00447E50

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

00447E51
00447E52
00447E53
00447E54
00447E55
00447E56
00447E57
00447E58
00447E59
00447E5A
00447E5B
00447E5C
00447E5D
00447E5E
00447E5F
00447E60
00447E61
00447E62
00447E63
00447E64
00447E65
00447E66
00447E67
00447E68
00447E69
00447E6A
00447E6B
00447E6C
00447E6D
00447E6E
00447E6F
00447E70
00447E71
00447E72
00447E73
00447E74
00447E75
00447E76
00447E77
00447E78
00447E79
00447E7A
00447E7B
00447E7C
00447E7D
00447E7E
00447E7F
00447E80
00447E81
00447E82
00447E83
00447E84
00447E85
00447E86
00447E87
00447E88
00447E89
00447E8A
00447E8B
00447E8C

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

00447E8D
00447E8E
00447E8F
00447E90
00447E91
00447E92
00447E93
00447E94
00447E95
00447E96
00447E97
00447E98
00447E99
00447E9A
00447E9B
00447E9C
00447E9D
00447E9E
00447E9F
00447EA0
00447EA1
00447EA2
00447EA3
00447EA4
00447EA5
00447EA6
00447EA7
00447EA8
00447EA9
00447EAA
00447EAB
00447EAC
00447EAD
00447EAE
00447EAF
00447EB0
00447EB1
00447EB2
00447EB3
00447EB4
00447EB5
00447EB6
00447EB7
00447EB8
00447EB9
00447EBA
00447EBB
00447EBC
00447EBD
00447EBE
00447EBF
00447EC0
00447EC1
00447EC2
00447EC3
00447EC4
00447EC5
00447EC6
00447EC7
00447EC8

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

00447EC9
00447ECA
00447ECB
00447ECC
00447ECD
00447ECE
00447ECF
00447ED0
00447ED1
00447ED2
00447ED3
00447ED4
00447ED5
00447ED6
00447ED7
00447ED8
00447ED9
00447EDA
00447EDB
00447EDC
00447EDD
00447EDE
00447EDF
00447EE0
00447EE1
00447EE2
00447EE3
00447EE4
00447EE5
00447EE6
00447EE7
00447EE8
00447EE9
00447EEA
00447EEB
00447EEC
00447EED
00447EEE
00447EEF
00447EF0
00447EF1
00447EF2
00447EF3
00447EF4
00447EF5
00447EF6
00447EF7
00447EF8
00447EF9
00447EFA
00447EFB
00447EFC
00447EFD
00447EFE
00447EFF
00447F00
00447F01
00447F02
00447F03
00447F04

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

00447F05
00447F06
00447F07
00447F08
00447F09
00447F0A
00447F0B
00447F0C
00447F0D
00447F0E
00447F0F
00447F10
00447F11
00447F12
00447F13
00447F14
00447F15
00447F16
00447F17
00447F18
00447F19
00447F1A
00447F1B
00447F1C
00447F1D
00447F1E
00447F1F
00447F20
00447F21
00447F22
00447F23
00447F24
00447F25
00447F26
00447F27
00447F28
00447F29
00447F2A
00447F2B
00447F2C
00447F2D
00447F2E
00447F2F
00447F30
00447F31
00447F32
00447F33
00447F34
00447F35
00447F36
00447F37
00447F38
00447F39
00447F3A
00447F3B
00447F3C
00447F3D
00447F3E
00447F3F
00447F40

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

00447F41
00447F42
00447F43
00447F44
00447F45
00447F46
00447F47
00447F48
00447F49
00447F4A
00447F4B
00447F4C
00447F4D
00447F4E
00447F4F
00447F50
00447F51
00447F52
00447F53
00447F54
00447F55
00447F56
00447F57
00447F58
00447F59
00447F5A
00447F5B
00447F5C
00447F5D
00447F5E
00447F5F
00447F60
00447F61
00447F62
00447F63
00447F64
00447F65
00447F66
00447F67
00447F68
00447F69
00447F6A
00447F6B
00447F6C
00447F6D
00447F6E
00447F6F
00447F70
00447F71
00447F72
00447F73
00447F74
00447F75
00447F76
00447F77
00447F78
00447F79
00447F7A
00447F7B
00447F7C

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

00447F7D
00447F7E
00447F7F
00447F80
00447F81
00447F82
00447F83
00447F84
00447F85
00447F86
00447F87
00447F88
00447F89
00447F8A
00447F8B
00447F8C
00447F8D
00447F8E
00447F8F
00447F90
00447F91
00447F92
00447F93
00447F94
00447F95
00447F96
00447F97
00447F98
00447F99
00447F9A
00447F9B
00447F9C
00447F9D
00447F9E
00447F9F
00447FA0
00447FA1
00447FA2
00447FA3
00447FA4
00447FA5
00447FA6
00447FA7
00447FA8
00447FA9
00447FAA
00447FAB
00447FAC
00447FAD
00447FAE
00447FAF
00447FB0
00447FB1
00447FB2
00447FB3
00447FB4
00447FB5
00447FB6
00447FB7
00447FB8

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

00447FB9
00447FBA
00447FBB
00447FBC
00447FBD
00447FBE
00447FBF
00447FC0
00447FC1
00447FC2
00447FC3
00447FC4
00447FC5
00447FC6
00447FC7
00447FC8
00447FC9
00447FCA
00447FCB
00447FCC
00447FCD
00447FCE
00447FCF
00447FD0
00447FD1
00447FD2
00447FD3
00447FD4
00447FD5
00447FD6
00447FD7
00447FD8
00447FD9
00447FDA
00447FDB
00447FDC
00447FDD
00447FDE
00447FDF
00447FE0
00447FE1
00447FE2
00447FE3
00447FE4
00447FE5
00447FE6
00447FE7
00447FE8
00447FE9
00447FEA
00447FEB
00447FEC
00447FED
00447FEE
00447FEF
00447FF0
00447FF1
00447FF2
00447FF3
00447FF4

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB

00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00

00447FF5
00447FF6
00447FF7
00447FF8
00447FF9
00447FFA
00447FFB
00447FFC
00447FFD
00447FFE
00447FFF

00
00
00
00
00
00
00
00
00
00
00

DB
DB
DB
DB
DB
DB
DB
DB
DB
DB
DB

00
00
00
00
00
00
00
00
00
00
00

S-ar putea să vă placă și