Disassembly of File: D:\RevEng\crackme01\crackme01_mod.exe Code Offset = 00001000, Code Size = 00005000 Data Offset = 00007000, Data Size = 00001000 Number of Objects = 0003 (dec), Imagebase = 00400000h Object01: .text RVA: 00001000 Offset: 00001000 Size: 00005000 Flags: 60000020 Object02: .rdata RVA: 00006000 Offset: 00006000 Size: 00001000 Flags: 40000040 Object03: .data RVA: 00007000 Offset: 00007000 Size: 00001000 Flags: C0000040 +++++++++++++++++++ MENU INFORMATION ++++++++++++++++++ There Are No Menu Resources in This Application +++++++++++++++++ DIALOG INFORMATION ++++++++++++++++++ There Are No Dialog Resources in This Application +++++++++++++++++++ IMPORTED FUNCTIONS ++++++++++++++++++ Number of Imported Modules = 1 (decimal) Import Module 001: KERNEL32.dll +++++++++++++++++++ IMPORT MODULE DETAILS +++++++++++++++ Import Module 001: KERNEL32.dll Addr:00006558 hint(00CA) Name: GetCommandLineA Addr:0000656A hint(0174) Name: GetVersion Addr:00006578 hint(007D) Name: ExitProcess Addr:00006586 hint(029E) Name: TerminateProcess Addr:0000659A hint(00F7) Name: GetCurrentProcess Addr:000065AE hint(02AD) Name: UnhandledExceptionFilter Addr:000065CA hint(0124) Name: GetModuleFileNameA Addr:000065E0 hint(00B2) Name: FreeEnvironmentStringsA Addr:000065FA hint(00B3) Name: FreeEnvironmentStringsW Addr:00006614 hint(02D2) Name: WideCharToMultiByte Addr:0000662A hint(0106) Name: GetEnvironmentStrings Addr:00006642 hint(0108) Name: GetEnvironmentStringsW Addr:0000665C hint(026D) Name: SetHandleCount Addr:0000666E hint(0152) Name: GetStdHandle Addr:0000667E hint(0115) Name: GetFileType Addr:0000668C hint(0150) Name: GetStartupInfoA Addr:0000669E hint(019D) Name: HeapDestroy Addr:000066AC hint(019B) Name: HeapCreate Addr:000066BA hint(02BF) Name: VirtualFree Addr:000066C8 hint(019F) Name: HeapFree Addr:000066D4 hint(022F) Name: RtlUnwind Addr:000066E0 hint(02DF) Name: WriteFile Addr:000066EC hint(01E4) Name: MultiByteToWideChar Addr:00006702 hint(0199) Name: HeapAlloc Addr:0000670E hint(00BF) Name: GetCPInfo Addr:0000671A hint(00B9) Name: GetACP Addr:00006724 hint(0131) Name: GetOEMCP Addr:00006730 hint(02BB) Name: VirtualAlloc Addr:00006740 hint(01A2) Name: HeapReAlloc Addr:0000674E hint(013E) Name: GetProcAddress Addr:00006760 hint(01C2) Name: LoadLibraryA Addr:00006770 hint(0153) Name: GetStringTypeA Addr:00006782 hint(0156) Name: GetStringTypeW Addr:00006794 hint(011A) Name: GetLastError Addr:000067A4 hint(0218) Name: ReadFile Addr:000067B0 hint(00AA) Name: FlushFileBuffers Addr:000067C4 hint(026A) Name: SetFilePointer Addr:000067D6 hint(01BF) Name: LCMapStringA Addr:000067E6 hint(01C0) Name: LCMapStringW Addr:000067F6 hint(001B) Name: CloseHandle Addr:00006804 hint(027C) Name: SetStdHandle +++++++++++++++++++ EXPORTED FUNCTIONS ++++++++++++++++++ Number of Exported Functions = 0000 (decimal) +++++++++++++++++++ ASSEMBLY CODE LISTING ++++++++++++++++++ //********************** Start of Code in Object .text ************** Program Entry Point = 0040116C (D:\RevEng\crackme01\crackme01_mod.exe File Offset:0000716C) :00401000 55 push ebp :00401001 8BEC mov ebp, esp :00401003 83EC1C sub esp, 0000001C :00401006 C645E469 mov [ebp-1C], 69 :0040100A C645E56F mov [ebp-1B], 6F :0040100E C645E670 mov [ebp-1A], 70 :00401012 C645E772 mov [ebp-19], 72 :00401016 C645E86F mov [ebp-18], 6F :0040101A C645E967 mov [ebp-17], 67 :0040101E C645EA72 mov [ebp-16], 72 :00401022 C645EB61 mov [ebp-15], 61 :00401026 C645EC6D mov [ebp-14], 6D :0040102A C645ED6D mov [ebp-13], 6D :0040102E C645EE6F mov [ebp-12], 6F :00401032 6830704000 push 00407030 :00401037 E8FF000000 call 0040113B :0040103C 83C404 add esp, 00000004 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00401074(C) | :0040103F 684C704000 push 0040704C :00401044 E8F2000000 call 0040113B :00401049 83C404 add esp, 00000004 :0040104C 8D45F4 lea eax, dword ptr [ebp-0C] :0040104F 50 push eax * Possible StringData Ref from Data Obj ->"%s" | :00401050 686C704000 push 0040706C :00401055 E8CA000000 call 00401124 :0040105A 83C408 add esp, 00000008 :0040105D 8D4DE4 lea ecx, dword ptr [ebp-1C] :00401060 51 push ecx :00401061 8D55F4 lea edx, dword ptr [ebp-0C] :00401064 52 push edx :00401065 E836000000 call 004010A0 :0040106A 83C408 add esp, 00000008 :0040106D 8945F0 mov dword ptr [ebp-10], eax :00401070 837DF000 cmp dword ptr [ebp-10], 00000000 :00401074 75C9 jne 0040103F :00401076 6870704000 push 00407070 :0040107B E8BB000000 call 0040113B :00401080 83C404 add esp, 00000004 :00401083 6884704000 push 00407084 :00401088 E8AE000000 call 0040113B :0040108D 83C404 add esp, 00000004 :00401090 8BE5 mov esp, ebp :00401092 5D pop ebp :00401093 C3 ret :00401094 CC int 03 :00401095 CC int 03 :00401096 CC int 03 :00401097 CC int 03 :00401098 CC int 03 :00401099 CC int 03 :0040109A CC int 03 :0040109B CC int 03 :0040109C CC int 03 :0040109D CC int 03 :0040109E CC int 03 :0040109F CC int 03 * Referenced by a CALL at Address: |:00401065 | :004010A0 8B542404 mov edx, dword ptr [esp+04] :004010A4 8B4C2408 mov ecx, dword ptr [esp+08] :004010A8 F7C203000000 test edx, 00000003 :004010AE 753C jne 004010EC * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:004010DC(C), :00401106(C), :00401122(U) | :004010B0 8B02 mov eax, dword ptr [edx] :004010B2 3A01 cmp al, byte ptr [ecx] :004010B4 752E jne 004010E4 :004010B6 0AC0 or al, al :004010B8 7426 je 004010E0 :004010BA 3A6101 cmp ah, byte ptr [ecx+01] :004010BD 7525 jne 004010E4 :004010BF 0AE4 or ah, ah :004010C1 741D je 004010E0 :004010C3 C1E810 shr eax, 10 :004010C6 3A4102 cmp al, byte ptr [ecx+02] :004010C9 7519 jne 004010E4 :004010CB 0AC0 or al, al :004010CD 7411 je 004010E0 :004010CF 3A6103 cmp ah, byte ptr [ecx+03] :004010D2 7510 jne 004010E4 :004010D4 83C104 add ecx, 00000004 :004010D7 83C204 add edx, 00000004 :004010DA 0AE4 or ah, ah :004010DC 75D2 jne 004010B0 :004010DE 8BFF mov edi, edi * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:004010B8(C), :004010C1(C), :004010CD(C), :004010FE(C), :00401114(C) |:0040111D(C) | :004010E0 33C0 xor eax, eax :004010E2 C3 ret :004010E3 90 nop * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:004010B4(C), :004010BD(C), :004010C9(C), :004010D2(C), :004010F9(C) |:00401110(C), :00401119(C) | :004010E4 1BC0 sbb eax, eax :004010E6 D1E0 shl eax, 1 :004010E8 40 inc eax :004010E9 C3 ret :004010EA 8BFF mov edi, edi * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004010AE(C) | :004010EC F7C201000000 test edx, 00000001 :004010F2 7414 je 00401108 :004010F4 8A02 mov al, byte ptr [edx] :004010F6 42 inc edx :004010F7 3A01 cmp al, byte ptr [ecx] :004010F9 75E9 jne 004010E4 :004010FB 41 inc ecx :004010FC 0AC0 or al, al :004010FE 74E0 je 004010E0 :00401100 F7C202000000 test edx, 00000002 :00401106 74A8 je 004010B0 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004010F2(C) | :00401108 668B02 mov ax, word ptr [edx] :0040110B 83C202 add edx, 00000002 :0040110E 3A01 cmp al, byte ptr [ecx] :00401110 75D2 jne 004010E4 :00401112 0AC0 or al, al :00401114 74CA je 004010E0 :00401116 3A6101 cmp ah, byte ptr [ecx+01] :00401119 75C9 jne 004010E4 :0040111B 0AE4 or ah, ah :0040111D 74C1 je 004010E0 :0040111F 83C102 add ecx, 00000002 :00401122 EB8C jmp 004010B0 * Referenced by a CALL at Address: |:00401055 | :00401124 8D442408 lea eax, dword ptr [esp+08] :00401128 50 push eax :00401129 FF742408 push [esp+08] :0040112D 68C8704000 push 004070C8 :00401132 E85D010000 call 00401294 :00401137 83C40C add esp, 0000000C :0040113A C3 ret * Referenced by a CALL at Addresses: |:00401037 , :00401044 , :0040107B , :00401088 | :0040113B 53 push ebx :0040113C 56 push esi :0040113D BEE8704000 mov esi, 004070E8 :00401142 57 push edi :00401143 56 push esi :00401144 E8B50C0000 call 00401DFE :00401149 8BF8 mov edi, eax :0040114B 8D442418 lea eax, dword ptr [esp+18] :0040114F 50 push eax :00401150 FF742418 push [esp+18] :00401154 56 push esi :00401155 E86E0D0000 call 00401EC8 :0040115A 56 push esi :0040115B 57 push edi :0040115C 8BD8 mov ebx, eax :0040115E E8280D0000 call 00401E8B :00401163 83C418 add esp, 00000018 :00401166 8BC3 mov eax, ebx :00401168 5F pop edi :00401169 5E pop esi :0040116A 5B pop ebx :0040116B C3 ret //******************** Program Entry Point ******** :0040116C 55 push ebp :0040116D 8BEC mov ebp, esp :0040116F 6AFF push FFFFFFFF :00401171 68A8604000 push 004060A8 :00401176 6870304000 push 00403070 :0040117B 64A100000000 mov eax, dword ptr fs:[00000000] :00401181 50 push eax :00401182 64892500000000 mov dword ptr fs:[00000000], esp :00401189 83EC10 sub esp, 00000010 :0040118C 53 push ebx :0040118D 56 push esi :0040118E 57 push edi :0040118F 8965E8 mov dword ptr [ebp-18], esp * Reference To: KERNEL32.GetVersion, Ord:0174h | :00401192 FF1504604000 Call dword ptr [00406004] :00401198 33D2 xor edx, edx :0040119A 8AD4 mov dl, ah :0040119C 891568794000 mov dword ptr [00407968], edx :004011A2 8BC8 mov ecx, eax :004011A4 81E1FF000000 and ecx, 000000FF :004011AA 890D64794000 mov dword ptr [00407964], ecx :004011B0 C1E108 shl ecx, 08 :004011B3 03CA add ecx, edx :004011B5 890D60794000 mov dword ptr [00407960], ecx :004011BB C1E810 shr eax, 10 :004011BE A35C794000 mov dword ptr [0040795C], eax :004011C3 6A00 push 00000000 :004011C5 E8711D0000 call 00402F3B :004011CA 59 pop ecx :004011CB 85C0 test eax, eax :004011CD 7508 jne 004011D7 :004011CF 6A1C push 0000001C :004011D1 E89A000000 call 00401270 :004011D6 59 pop ecx * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004011CD(C) | :004011D7 8365FC00 and dword ptr [ebp-04], 00000000 :004011DB E8B01B0000 call 00402D90 * Reference To: KERNEL32.GetCommandLineA, Ord:00CAh | :004011E0 FF1500604000 Call dword ptr [00406000] :004011E6 A3648E4000 mov dword ptr [00408E64], eax :004011EB E86E1A0000 call 00402C5E :004011F0 A338794000 mov dword ptr [00407938], eax :004011F5 E817180000 call 00402A11 :004011FA E859170000 call 00402958 :004011FF E8CE140000 call 004026D2 :00401204 A178794000 mov eax, dword ptr [00407978] :00401209 A37C794000 mov dword ptr [0040797C], eax :0040120E 50 push eax :0040120F FF3570794000 push dword ptr [00407970] :00401215 FF356C794000 push dword ptr [0040796C] :0040121B E8E0FDFFFF call 00401000 :00401220 83C40C add esp, 0000000C :00401223 8945E4 mov dword ptr [ebp-1C], eax :00401226 50 push eax :00401227 E8D3140000 call 004026FF :0040122C 8B45EC mov eax, dword ptr [ebp-14] :0040122F 8B08 mov ecx, dword ptr [eax] :00401231 8B09 mov ecx, dword ptr [ecx] :00401233 894DE0 mov dword ptr [ebp-20], ecx :00401236 50 push eax :00401237 51 push ecx :00401238 E897150000 call 004027D4 :0040123D 59 pop ecx :0040123E 59 pop ecx :0040123F C3 ret :00401240 8B65E8 mov esp, dword ptr [ebp-18] :00401243 FF75E0 push [ebp-20] :00401246 E8C5140000 call 00402710 * Referenced by a CALL at Addresses: |:00401D92 , :004029A6 , :004029D5 , :00402A77 , :00402DAA |:00404DD0 | :0040124B 833D4079400002 cmp dword ptr [00407940], 00000002 :00401252 7405 je 00401259 :00401254 E8EF1E0000 call 00403148 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00401252(C) | :00401259 FF742404 push [esp+04] :0040125D E81F1F0000 call 00403181 :00401262 68FF000000 push 000000FF :00401267 FF15B0704000 call dword ptr [004070B0] :0040126D 59 pop ecx :0040126E 59 pop ecx :0040126F C3 ret * Referenced by a CALL at Address: |:004011D1 | :00401270 833D4079400002 cmp dword ptr [00407940], 00000002 :00401277 7405 je 0040127E :00401279 E8CA1E0000 call 00403148 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00401277(C) | :0040127E FF742404 push [esp+04] :00401282 E8FA1E0000 call 00403181 :00401287 59 pop ecx :00401288 68FF000000 push 000000FF * Reference To: KERNEL32.ExitProcess, Ord:007Dh | :0040128D FF1508604000 Call dword ptr [00406008] :00401293 C3 ret * Referenced by a CALL at Address: |:00401132 | :00401294 55 push ebp :00401295 8BEC mov ebp, esp :00401297 81ECC4010000 sub esp, 000001C4 :0040129D 8065EB00 and byte ptr [ebp-15], 00 :004012A1 53 push ebx :004012A2 56 push esi :004012A3 8B750C mov esi, dword ptr [ebp+0C] :004012A6 33DB xor ebx, ebx :004012A8 57 push edi :004012A9 8A06 mov al, byte ptr [esi] :004012AB 895DFC mov dword ptr [ebp-04], ebx :004012AE 84C0 test al, al :004012B0 895DCC mov dword ptr [ebp-34], ebx :004012B3 0F84E1090000 je 00401C9A :004012B9 8B7D08 mov edi, dword ptr [ebp+08] :004012BC EB05 jmp 004012C3 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00401C62(C) | :004012BE 8B7D08 mov edi, dword ptr [ebp+08] :004012C1 33DB xor ebx, ebx * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004012BC(U) | :004012C3 833DA874400001 cmp dword ptr [004074A8], 00000001 :004012CA 7E0F jle 004012DB :004012CC 0FB6C0 movzx eax, al :004012CF 6A08 push 00000008 :004012D1 50 push eax :004012D2 E849210000 call 00403420 :004012D7 59 pop ecx :004012D8 59 pop ecx :004012D9 EB0F jmp 004012EA * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004012CA(C) | * Possible StringData Ref from Data Obj ->" ((((( " ->" H" | :004012DB 8B0DB4744000 mov ecx, dword ptr [004074B4] :004012E1 0FB6C0 movzx eax, al :004012E4 8A0441 mov al, byte ptr [ecx+2*eax] :004012E7 83E008 and eax, 00000008 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004012D9(U) | :004012EA 3BC3 cmp eax, ebx :004012EC 7436 je 00401324 :004012EE FF4DFC dec [ebp-04] :004012F1 57 push edi :004012F2 8D45FC lea eax, dword ptr [ebp-04] :004012F5 57 push edi :004012F6 50 push eax :004012F7 E8250A0000 call 00401D21 :004012FC 59 pop ecx :004012FD 59 pop ecx :004012FE 50 push eax :004012FF E8060A0000 call 00401D0A :00401304 0FB64601 movzx eax, byte ptr [esi+01] :00401308 46 inc esi :00401309 50 push eax :0040130A E8E9200000 call 004033F8 :0040130F 83C40C add esp, 0000000C * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00401322(U) | :00401312 85C0 test eax, eax :00401314 740E je 00401324 :00401316 0FB64601 movzx eax, byte ptr [esi+01] :0040131A 46 inc esi :0040131B 50 push eax :0040131C E8D7200000 call 004033F8 :00401321 59 pop ecx :00401322 EBEE jmp 00401312 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:004012EC(C), :00401314(C) | :00401324 803E25 cmp byte ptr [esi], 25 :00401327 0F85D9080000 jne 00401C06 :0040132D 8065CB00 and byte ptr [ebp-35], 00 :00401331 8065E800 and byte ptr [ebp-18], 00 :00401335 8065E900 and byte ptr [ebp-17], 00 :00401339 8065F200 and byte ptr [ebp-0E], 00 :0040133D 8065F100 and byte ptr [ebp-0F], 00 :00401341 8065EA00 and byte ptr [ebp-16], 00 :00401345 33FF xor edi, edi :00401347 8065FB00 and byte ptr [ebp-05], 00 :0040134B 895DE4 mov dword ptr [ebp-1C], ebx :0040134E 895DE0 mov dword ptr [ebp-20], ebx :00401351 895DF4 mov dword ptr [ebp-0C], ebx :00401354 C645F301 mov [ebp-0D], 01 :00401358 895DD0 mov dword ptr [ebp-30], ebx * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00401406(C) | :0040135B 0FB65E01 movzx ebx, byte ptr [esi+01] :0040135F 46 inc esi :00401360 833DA874400001 cmp dword ptr [004074A8], 00000001 :00401367 7E0F jle 00401378 :00401369 0FB6C3 movzx eax, bl :0040136C 6A04 push 00000004 :0040136E 50 push eax :0040136F E8AC200000 call 00403420 :00401374 59 pop ecx :00401375 59 pop ecx :00401376 EB0F jmp 00401387 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00401367(C) | * Possible StringData Ref from Data Obj ->" ((((( " ->" H" | :00401378 8B0DB4744000 mov ecx, dword ptr [004074B4] :0040137E 0FB6C3 movzx eax, bl :00401381 8A0441 mov al, byte ptr [ecx+2*eax] :00401384 83E004 and eax, 00000004 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00401376(U) | :00401387 85C0 test eax, eax :00401389 7412 je 0040139D :0040138B 8B45F4 mov eax, dword ptr [ebp-0C] :0040138E FF45E0 inc [ebp-20] :00401391 8D0480 lea eax, dword ptr [eax+4*eax] :00401394 8D4443D0 lea eax, dword ptr [ebx+2*eax-30] :00401398 8945F4 mov dword ptr [ebp-0C], eax :0040139B EB65 jmp 00401402 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00401389(C) | :0040139D 83FB4E cmp ebx, 0000004E :004013A0 7F3E jg 004013E0 :004013A2 745E je 00401402 :004013A4 83FB2A cmp ebx, 0000002A :004013A7 7432 je 004013DB :004013A9 83FB46 cmp ebx, 00000046 :004013AC 7454 je 00401402 :004013AE 83FB49 cmp ebx, 00000049 :004013B1 740A je 004013BD :004013B3 83FB4C cmp ebx, 0000004C :004013B6 7537 jne 004013EF :004013B8 FE45F3 inc [ebp-0D] :004013BB EB45 jmp 00401402 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004013B1(C) | :004013BD 807E0136 cmp byte ptr [esi+01], 36 :004013C1 752C jne 004013EF :004013C3 807E0234 cmp byte ptr [esi+02], 34 :004013C7 8D4602 lea eax, dword ptr [esi+02] :004013CA 7523 jne 004013EF :004013CC FF45D0 inc [ebp-30] :004013CF 8365D800 and dword ptr [ebp-28], 00000000 :004013D3 8365DC00 and dword ptr [ebp-24], 00000000 :004013D7 8BF0 mov esi, eax :004013D9 EB27 jmp 00401402 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004013A7(C) | :004013DB FE45F2 inc [ebp-0E] :004013DE EB22 jmp 00401402 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004013A0(C) | :004013E0 83FB68 cmp ebx, 00000068 :004013E3 7417 je 004013FC :004013E5 83FB6C cmp ebx, 0000006C :004013E8 740A je 004013F4 :004013EA 83FB77 cmp ebx, 00000077 :004013ED 7408 je 004013F7 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:004013B6(C), :004013C1(C), :004013CA(C) | :004013EF FE45F1 inc [ebp-0F] :004013F2 EB0E jmp 00401402 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004013E8(C) | :004013F4 FE45F3 inc [ebp-0D] * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004013ED(C) | :004013F7 FE45FB inc [ebp-05] :004013FA EB06 jmp 00401402 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004013E3(C) | :004013FC FE4DF3 dec [ebp-0D] :004013FF FE4DFB dec [ebp-05] * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:0040139B(U), :004013A2(C), :004013AC(C), :004013BB(U), :004013D9(U) |:004013DE(U), :004013F2(U), :004013FA(U) | :00401402 807DF100 cmp byte ptr [ebp-0F], 00 :00401406 0F844FFFFFFF je 0040135B :0040140C 807DF200 cmp byte ptr [ebp-0E], 00 :00401410 89750C mov dword ptr [ebp+0C], esi :00401413 7512 jne 00401427 :00401415 8B4510 mov eax, dword ptr [ebp+10] :00401418 8945BC mov dword ptr [ebp-44], eax :0040141B 83C004 add eax, 00000004 :0040141E 894510 mov dword ptr [ebp+10], eax :00401421 8B40FC mov eax, dword ptr [eax-04] :00401424 8945D4 mov dword ptr [ebp-2C], eax * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00401413(C) | :00401427 8065F100 and byte ptr [ebp-0F], 00 :0040142B 807DFB00 cmp byte ptr [ebp-05], 00 :0040142F 7514 jne 00401445 :00401431 8A06 mov al, byte ptr [esi] :00401433 3C53 cmp al, 53 :00401435 740A je 00401441 :00401437 3C43 cmp al, 43 :00401439 7406 je 00401441 :0040143B 804DFBFF or byte ptr [ebp-05], FF :0040143F EB04 jmp 00401445 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00401435(C), :00401439(C) | :00401441 C645FB01 mov [ebp-05], 01 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:0040142F(C), :0040143F(U) | :00401445 8B5D0C mov ebx, dword ptr [ebp+0C] :00401448 0FB633 movzx esi, byte ptr [ebx] :0040144B 83CE20 or esi, 00000020 :0040144E 83FE6E cmp esi, 0000006E :00401451 8975C4 mov dword ptr [ebp-3C], esi :00401454 7428 je 0040147E :00401456 83FE63 cmp esi, 00000063 :00401459 7414 je 0040146F :0040145B 83FE7B cmp esi, 0000007B :0040145E 740F je 0040146F :00401460 FF7508 push [ebp+08] :00401463 8D45FC lea eax, dword ptr [ebp-04] :00401466 50 push eax :00401467 E8B5080000 call 00401D21 :0040146C 59 pop ecx :0040146D EB0B jmp 0040147A * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00401459(C), :0040145E(C) | :0040146F FF7508 push [ebp+08] :00401472 FF45FC inc [ebp-04] :00401475 E876080000 call 00401CF0 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0040146D(U) | :0040147A 59 pop ecx :0040147B 8945EC mov dword ptr [ebp-14], eax * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00401454(C) | :0040147E 33C0 xor eax, eax :00401480 3945E0 cmp dword ptr [ebp-20], eax :00401483 7409 je 0040148E :00401485 3945F4 cmp dword ptr [ebp-0C], eax :00401488 0F84DC070000 je 00401C6A * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00401483(C) | :0040148E 83FE6F cmp esi, 0000006F :00401491 0F8F5E020000 jg 004016F5 :00401497 0F840A050000 je 004019A7 :0040149D 83FE63 cmp esi, 00000063 :004014A0 0F842C020000 je 004016D2 :004014A6 83FE64 cmp esi, 00000064 :004014A9 0F84F8040000 je 004019A7 :004014AF 0F8E6A020000 jle 0040171F :004014B5 83FE67 cmp esi, 00000067 :004014B8 7E38 jle 004014F2 :004014BA 83FE69 cmp esi, 00000069 :004014BD 741B je 004014DA :004014BF 83FE6E cmp esi, 0000006E :004014C2 0F8557020000 jne 0040171F :004014C8 807DF200 cmp byte ptr [ebp-0E], 00 :004014CC 8B7DFC mov edi, dword ptr [ebp-04] :004014CF 0F8400070000 je 00401BD5 :004014D5 E921070000 jmp 00401BFB * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004014BD(C) | :004014DA 6A64 push 00000064 :004014DC 5E pop esi * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00401714(C) | :004014DD 8B5DEC mov ebx, dword ptr [ebp-14] :004014E0 83FB2D cmp ebx, 0000002D :004014E3 0F857E020000 jne 00401767 :004014E9 C645E901 mov [ebp-17], 01 :004014ED E97A020000 jmp 0040176C * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004014B8(C) | :004014F2 8B5DEC mov ebx, dword ptr [ebp-14] :004014F5 8DB53CFEFFFF lea esi, dword ptr [ebp+FFFFFE3C] :004014FB 83FB2D cmp ebx, 0000002D :004014FE 750E jne 0040150E :00401500 889D3CFEFFFF mov byte ptr [ebp+FFFFFE3C], bl :00401506 8DB53DFEFFFF lea esi, dword ptr [ebp+FFFFFE3D] :0040150C EB05 jmp 00401513 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004014FE(C) | :0040150E 83FB2B cmp ebx, 0000002B :00401511 7517 jne 0040152A * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0040150C(U) | :00401513 8B7D08 mov edi, dword ptr [ebp+08] :00401516 FF4DF4 dec [ebp-0C] :00401519 FF45FC inc [ebp-04] :0040151C 57 push edi :0040151D E8CE070000 call 00401CF0 :00401522 8BD8 mov ebx, eax :00401524 59 pop ecx :00401525 895DEC mov dword ptr [ebp-14], ebx :00401528 EB03 jmp 0040152D * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00401511(C) | :0040152A 8B7D08 mov edi, dword ptr [ebp+08] * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00401528(U) | :0040152D 837DE000 cmp dword ptr [ebp-20], 00000000 :00401531 7409 je 0040153C :00401533 817DF45D010000 cmp dword ptr [ebp-0C], 0000015D :0040153A 7E07 jle 00401543 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00401531(C) | :0040153C C745F45D010000 mov [ebp-0C], 0000015D * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:0040153A(C), :00401586(U) | :00401543 833DA874400001 cmp dword ptr [004074A8], 00000001 :0040154A 7E0C jle 00401558 :0040154C 6A04 push 00000004 :0040154E 53 push ebx :0040154F E8CC1E0000 call 00403420 :00401554 59 pop ecx :00401555 59 pop ecx :00401556 EB0B jmp 00401563 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0040154A(C) | * Possible StringData Ref from Data Obj ->" ((((( " ->" H" | :00401558 A1B4744000 mov eax, dword ptr [004074B4] :0040155D 8A0458 mov al, byte ptr [eax+2*ebx] :00401560 83E004 and eax, 00000004 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00401556(U) | :00401563 85C0 test eax, eax :00401565 7421 je 00401588 :00401567 8B45F4 mov eax, dword ptr [ebp-0C] :0040156A FF4DF4 dec [ebp-0C] :0040156D 85C0 test eax, eax :0040156F 7417 je 00401588 :00401571 FF45E4 inc [ebp-1C] :00401574 881E mov byte ptr [esi], bl :00401576 46 inc esi :00401577 FF45FC inc [ebp-04] :0040157A 57 push edi :0040157B E870070000 call 00401CF0 :00401580 8BD8 mov ebx, eax :00401582 59 pop ecx :00401583 895DEC mov dword ptr [ebp-14], ebx :00401586 EBBB jmp 00401543 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00401565(C), :0040156F(C) | :00401588 381DAC744000 cmp byte ptr [004074AC], bl :0040158E 7566 jne 004015F6 :00401590 8B45F4 mov eax, dword ptr [ebp-0C] :00401593 FF4DF4 dec [ebp-0C] :00401596 85C0 test eax, eax :00401598 745C je 004015F6 :0040159A FF45FC inc [ebp-04] :0040159D 57 push edi :0040159E E84D070000 call 00401CF0 :004015A3 8BD8 mov ebx, eax :004015A5 A0AC744000 mov al, byte ptr [004074AC] :004015AA 8806 mov byte ptr [esi], al :004015AC 59 pop ecx :004015AD 895DEC mov dword ptr [ebp-14], ebx :004015B0 46 inc esi * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004015F4(U) | :004015B1 833DA874400001 cmp dword ptr [004074A8], 00000001 :004015B8 7E0C jle 004015C6 :004015BA 6A04 push 00000004 :004015BC 53 push ebx :004015BD E85E1E0000 call 00403420 :004015C2 59 pop ecx :004015C3 59 pop ecx :004015C4 EB0B jmp 004015D1 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004015B8(C) | * Possible StringData Ref from Data Obj ->" ((((( " ->" H" | :004015C6 A1B4744000 mov eax, dword ptr [004074B4] :004015CB 8A0458 mov al, byte ptr [eax+2*ebx] :004015CE 83E004 and eax, 00000004 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004015C4(U) | :004015D1 85C0 test eax, eax :004015D3 7421 je 004015F6 :004015D5 8B45F4 mov eax, dword ptr [ebp-0C] :004015D8 FF4DF4 dec [ebp-0C] :004015DB 85C0 test eax, eax :004015DD 7417 je 004015F6 :004015DF FF45E4 inc [ebp-1C] :004015E2 881E mov byte ptr [esi], bl :004015E4 46 inc esi :004015E5 FF45FC inc [ebp-04] :004015E8 57 push edi :004015E9 E802070000 call 00401CF0 :004015EE 8BD8 mov ebx, eax :004015F0 59 pop ecx :004015F1 895DEC mov dword ptr [ebp-14], ebx :004015F4 EBBB jmp 004015B1 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:0040158E(C), :00401598(C), :004015D3(C), :004015DD(C) | :004015F6 837DE400 cmp dword ptr [ebp-1C], 00000000 :004015FA 0F848E000000 je 0040168E :00401600 83FB65 cmp ebx, 00000065 :00401603 7409 je 0040160E :00401605 83FB45 cmp ebx, 00000045 :00401608 0F8580000000 jne 0040168E * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00401603(C) | :0040160E 8B45F4 mov eax, dword ptr [ebp-0C] :00401611 FF4DF4 dec [ebp-0C] :00401614 85C0 test eax, eax :00401616 7476 je 0040168E :00401618 C60665 mov byte ptr [esi], 65 :0040161B 46 inc esi :0040161C FF45FC inc [ebp-04] :0040161F 57 push edi :00401620 E8CB060000 call 00401CF0 :00401625 8BD8 mov ebx, eax :00401627 59 pop ecx :00401628 83FB2D cmp ebx, 0000002D :0040162B 895DEC mov dword ptr [ebp-14], ebx :0040162E 7505 jne 00401635 :00401630 8806 mov byte ptr [esi], al :00401632 46 inc esi :00401633 EB05 jmp 0040163A * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0040162E(C) | :00401635 83FB2B cmp ebx, 0000002B :00401638 751E jne 00401658 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00401633(U) | :0040163A 8B45F4 mov eax, dword ptr [ebp-0C] :0040163D FF4DF4 dec [ebp-0C] :00401640 85C0 test eax, eax :00401642 7505 jne 00401649 :00401644 2145F4 and dword ptr [ebp-0C], eax :00401647 EB0F jmp 00401658 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00401642(C), :0040168C(U) | :00401649 FF45FC inc [ebp-04] :0040164C 57 push edi :0040164D E89E060000 call 00401CF0 :00401652 8BD8 mov ebx, eax :00401654 59 pop ecx :00401655 895DEC mov dword ptr [ebp-14], ebx * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00401638(C), :00401647(U) | :00401658 833DA874400001 cmp dword ptr [004074A8], 00000001 :0040165F 7E0C jle 0040166D :00401661 6A04 push 00000004 :00401663 53 push ebx :00401664 E8B71D0000 call 00403420 :00401669 59 pop ecx :0040166A 59 pop ecx :0040166B EB0B jmp 00401678 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0040165F(C) | * Possible StringData Ref from Data Obj ->" ((((( " ->" H" | :0040166D A1B4744000 mov eax, dword ptr [004074B4] :00401672 8A0458 mov al, byte ptr [eax+2*ebx] :00401675 83E004 and eax, 00000004 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0040166B(U) | :00401678 85C0 test eax, eax :0040167A 7412 je 0040168E :0040167C 8B45F4 mov eax, dword ptr [ebp-0C] :0040167F FF4DF4 dec [ebp-0C] :00401682 85C0 test eax, eax :00401684 7408 je 0040168E :00401686 FF45E4 inc [ebp-1C] :00401689 881E mov byte ptr [esi], bl :0040168B 46 inc esi :0040168C EBBB jmp 00401649 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:004015FA(C), :00401608(C), :00401616(C), :0040167A(C), :00401684(C) | :0040168E FF4DFC dec [ebp-04] :00401691 57 push edi :00401692 53 push ebx :00401693 E872060000 call 00401D0A :00401698 837DE400 cmp dword ptr [ebp-1C], 00000000 :0040169C 59 pop ecx :0040169D 59 pop ecx :0040169E 0F84F6050000 je 00401C9A :004016A4 807DF200 cmp byte ptr [ebp-0E], 00 :004016A8 0F854D050000 jne 00401BFB :004016AE FF45CC inc [ebp-34] :004016B1 802600 and byte ptr [esi], 00 :004016B4 8D853CFEFFFF lea eax, dword ptr [ebp+FFFFFE3C] :004016BA 50 push eax :004016BB 0FBE45F3 movsx eax, byte ptr [ebp-0D] :004016BF FF75D4 push [ebp-2C] :004016C2 48 dec eax :004016C3 50 push eax :004016C4 FF1598744000 call dword ptr [00407498] :004016CA 83C40C add esp, 0000000C :004016CD E929050000 jmp 00401BFB * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004014A0(C) | :004016D2 3945E0 cmp dword ptr [ebp-20], eax :004016D5 750A jne 004016E1 :004016D7 FF45F4 inc [ebp-0C] :004016DA C745E001000000 mov [ebp-20], 00000001 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004016D5(C) | :004016E1 807DFB00 cmp byte ptr [ebp-05], 00 :004016E5 7E04 jle 004016EB :004016E7 C645EA01 mov [ebp-16], 01 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004016E5(C) | * Possible StringData Ref from Data Obj ->"]" | :004016EB BFC0704000 mov edi, 004070C0 :004016F0 E90B010000 jmp 00401800 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00401491(C) | :004016F5 8BC6 mov eax, esi :004016F7 83E870 sub eax, 00000070 :004016FA 0F84A3020000 je 004019A3 :00401700 83E803 sub eax, 00000003 :00401703 0F84E8000000 je 004017F1 :00401709 48 dec eax :0040170A 48 dec eax :0040170B 0F8496020000 je 004019A7 :00401711 83E803 sub eax, 00000003 :00401714 0F84C3FDFFFF je 004014DD :0040171A 83E803 sub eax, 00000003 :0040171D 7424 je 00401743 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:004014AF(C), :004014C2(C) | :0040171F 0FB603 movzx eax, byte ptr [ebx] :00401722 3B45EC cmp eax, dword ptr [ebp-14] :00401725 0F853F050000 jne 00401C6A :0040172B FE4DEB dec [ebp-15] :0040172E 807DF200 cmp byte ptr [ebp-0E], 00 :00401732 0F85C3040000 jne 00401BFB :00401738 8B45BC mov eax, dword ptr [ebp-44] :0040173B 894510 mov dword ptr [ebp+10], eax :0040173E E9B8040000 jmp 00401BFB * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0040171D(C) | :00401743 807DFB00 cmp byte ptr [ebp-05], 00 :00401747 7E04 jle 0040174D :00401749 C645EA01 mov [ebp-16], 01 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00401747(C) | :0040174D 8B7D0C mov edi, dword ptr [ebp+0C] :00401750 47 inc edi :00401751 897D0C mov dword ptr [ebp+0C], edi :00401754 803F5E cmp byte ptr [edi], 5E :00401757 0F85A7000000 jne 00401804 :0040175D 8BC7 mov eax, edi :0040175F 8D7801 lea edi, dword ptr [eax+01] :00401762 E999000000 jmp 00401800 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004014E3(C) | :00401767 83FB2B cmp ebx, 0000002B :0040176A 7522 jne 0040178E * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004014ED(U) | :0040176C FF4DF4 dec [ebp-0C] :0040176F 750C jne 0040177D :00401771 837DE000 cmp dword ptr [ebp-20], 00000000 :00401775 7406 je 0040177D :00401777 C645F101 mov [ebp-0F], 01 :0040177B EB11 jmp 0040178E * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:0040176F(C), :00401775(C) | :0040177D FF7508 push [ebp+08] :00401780 FF45FC inc [ebp-04] :00401783 E868050000 call 00401CF0 :00401788 8BD8 mov ebx, eax :0040178A 59 pop ecx :0040178B 895DEC mov dword ptr [ebp-14], ebx * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:0040176A(C), :0040177B(U) | :0040178E 83FB30 cmp ebx, 00000030 :00401791 0F8545020000 jne 004019DC :00401797 FF7508 push [ebp+08] :0040179A FF45FC inc [ebp-04] :0040179D E84E050000 call 00401CF0 :004017A2 8BD8 mov ebx, eax :004017A4 59 pop ecx :004017A5 80FB78 cmp bl, 78 :004017A8 895DEC mov dword ptr [ebp-14], ebx :004017AB 742F je 004017DC :004017AD 80FB58 cmp bl, 58 :004017B0 742A je 004017DC :004017B2 83FE78 cmp esi, 00000078 :004017B5 C745E401000000 mov [ebp-1C], 00000001 :004017BC 7408 je 004017C6 :004017BE 6A6F push 0000006F * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004017EF(U) | :004017C0 5E pop esi :004017C1 E916020000 jmp 004019DC * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004017BC(C) | :004017C6 FF7508 push [ebp+08] :004017C9 FF4DFC dec [ebp-04] :004017CC 53 push ebx :004017CD E838050000 call 00401D0A :004017D2 59 pop ecx :004017D3 59 pop ecx :004017D4 6A30 push 00000030 :004017D6 5B pop ebx :004017D7 E9FD010000 jmp 004019D9 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:004017AB(C), :004017B0(C) | :004017DC FF7508 push [ebp+08] :004017DF FF45FC inc [ebp-04] :004017E2 E809050000 call 00401CF0 :004017E7 59 pop ecx :004017E8 8BD8 mov ebx, eax :004017EA 895DEC mov dword ptr [ebp-14], ebx :004017ED 6A78 push 00000078 :004017EF EBCF jmp 004017C0 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00401703(C) | :004017F1 807DFB00 cmp byte ptr [ebp-05], 00 :004017F5 7E04 jle 004017FB :004017F7 C645EA01 mov [ebp-16], 01 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004017F5(C) | * Possible StringData Ref from Data Obj ->" " | :004017FB BFB8704000 mov edi, 004070B8 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:004016F0(U), :00401762(U) | :00401800 804DE8FF or byte ptr [ebp-18], FF * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00401757(C) | :00401804 6A20 push 00000020 :00401806 8D459C lea eax, dword ptr [ebp-64] :00401809 6A00 push 00000000 :0040180B 50 push eax :0040180C E88F1B0000 call 004033A0 :00401811 83C40C add esp, 0000000C :00401814 837DC47B cmp dword ptr [ebp-3C], 0000007B :00401818 750E jne 00401828 :0040181A 803F5D cmp byte ptr [edi], 5D :0040181D 7509 jne 00401828 :0040181F B25D mov dl, 5D :00401821 47 inc edi :00401822 C645A720 mov [ebp-59], 20 :00401826 EB03 jmp 0040182B * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00401818(C), :0040181D(C) | :00401828 8A55CB mov dl, byte ptr [ebp-35] * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00401826(U), :00401875(U), :0040188E(U) | :0040182B 8A07 mov al, byte ptr [edi] :0040182D 3C5D cmp al, 5D :0040182F 745F je 00401890 :00401831 47 inc edi :00401832 3C2D cmp al, 2D :00401834 7541 jne 00401877 :00401836 84D2 test dl, dl :00401838 743D je 00401877 :0040183A 8A0F mov cl, byte ptr [edi] :0040183C 80F95D cmp cl, 5D :0040183F 7436 je 00401877 :00401841 47 inc edi :00401842 3AD1 cmp dl, cl :00401844 7304 jnb 0040184A :00401846 8AC1 mov al, cl :00401848 EB04 jmp 0040184E * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00401844(C) | :0040184A 8AC2 mov al, dl :0040184C 8AD1 mov dl, cl * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00401848(U) | :0040184E 3AD0 cmp dl, al :00401850 7721 ja 00401873 :00401852 0FB6D2 movzx edx, dl :00401855 0FB6F0 movzx esi, al :00401858 2BF2 sub esi, edx :0040185A 46 inc esi * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00401871(C) | :0040185B 8BCA mov ecx, edx :0040185D 8BC2 mov eax, edx :0040185F 83E107 and ecx, 00000007 :00401862 B301 mov bl, 01 :00401864 C1E803 shr eax, 03 :00401867 D2E3 shl bl, cl :00401869 8D44059C lea eax, dword ptr [ebp+eax-64] :0040186D 0818 or byte ptr [eax], bl :0040186F 42 inc edx :00401870 4E dec esi :00401871 75E8 jne 0040185B * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00401850(C) | :00401873 32D2 xor dl, dl :00401875 EBB4 jmp 0040182B * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00401834(C), :00401838(C), :0040183F(C) | :00401877 0FB6C8 movzx ecx, al :0040187A 8AD0 mov dl, al :0040187C 8BC1 mov eax, ecx :0040187E 83E107 and ecx, 00000007 :00401881 B301 mov bl, 01 :00401883 C1E803 shr eax, 03 :00401886 D2E3 shl bl, cl :00401888 8D44059C lea eax, dword ptr [ebp+eax-64] :0040188C 0818 or byte ptr [eax], bl :0040188E EB9B jmp 0040182B * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0040182F(C) | :00401890 803F00 cmp byte ptr [edi], 00 :00401893 0F8401040000 je 00401C9A :00401899 837DC47B cmp dword ptr [ebp-3C], 0000007B :0040189D 7503 jne 004018A2 :0040189F 897D0C mov dword ptr [ebp+0C], edi * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0040189D(C) | :004018A2 8B7D08 mov edi, dword ptr [ebp+08] :004018A5 8B75D4 mov esi, dword ptr [ebp-2C] :004018A8 FF4DFC dec [ebp-04] :004018AB 57 push edi :004018AC FF75EC push [ebp-14] :004018AF 8975D0 mov dword ptr [ebp-30], esi :004018B2 E853040000 call 00401D0A :004018B7 59 pop ecx :004018B8 59 pop ecx * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00401950(U), :00401958(U) | :004018B9 837DE000 cmp dword ptr [ebp-20], 00000000 :004018BD 740E je 004018CD :004018BF 8B45F4 mov eax, dword ptr [ebp-0C] :004018C2 FF4DF4 dec [ebp-0C] :004018C5 85C0 test eax, eax :004018C7 0F849C000000 je 00401969 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004018BD(C) | :004018CD FF45FC inc [ebp-04] :004018D0 57 push edi :004018D1 E81A040000 call 00401CF0 :004018D6 83F8FF cmp eax, FFFFFFFF :004018D9 59 pop ecx :004018DA 8945EC mov dword ptr [ebp-14], eax :004018DD 747E je 0040195D :004018DF 8BC8 mov ecx, eax :004018E1 6A01 push 00000001 :004018E3 83E107 and ecx, 00000007 :004018E6 5A pop edx :004018E7 0FBE5DE8 movsx ebx, byte ptr [ebp-18] :004018EB D3E2 shl edx, cl :004018ED 8BC8 mov ecx, eax :004018EF C1F903 sar ecx, 03 :004018F2 0FBE4C0D9C movsx ecx, byte ptr [ebp+ecx-64] :004018F7 33CB xor ecx, ebx :004018F9 85D1 test ecx, edx :004018FB 7460 je 0040195D :004018FD 807DF200 cmp byte ptr [ebp-0E], 00 :00401901 7552 jne 00401955 :00401903 807DEA00 cmp byte ptr [ebp-16], 00 :00401907 7441 je 0040194A * Possible StringData Ref from Data Obj ->" ((((( " ->" H" | :00401909 8B0DB4744000 mov ecx, dword ptr [004074B4] :0040190F 8845C8 mov byte ptr [ebp-38], al :00401912 0FB6C0 movzx eax, al :00401915 F644410180 test [ecx+2*eax+01], 80 :0040191A 740D je 00401929 :0040191C FF45FC inc [ebp-04] :0040191F 57 push edi :00401920 E8CB030000 call 00401CF0 :00401925 59 pop ecx :00401926 8845C9 mov byte ptr [ebp-37], al * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0040191A(C) | :00401929 FF35A8744000 push dword ptr [004074A8] :0040192F 8D45C8 lea eax, dword ptr [ebp-38] :00401932 50 push eax :00401933 8D45C2 lea eax, dword ptr [ebp-3E] :00401936 50 push eax :00401937 E898190000 call 004032D4 :0040193C 668B45C2 mov ax, word ptr [ebp-3E] :00401940 83C40C add esp, 0000000C :00401943 668906 mov word ptr [esi], ax :00401946 46 inc esi :00401947 46 inc esi :00401948 EB03 jmp 0040194D * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00401907(C) | :0040194A 8806 mov byte ptr [esi], al :0040194C 46 inc esi * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00401948(U) | :0040194D 8975D4 mov dword ptr [ebp-2C], esi :00401950 E964FFFFFF jmp 004018B9 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00401901(C) | :00401955 FF45D0 inc [ebp-30] :00401958 E95CFFFFFF jmp 004018B9 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:004018DD(C), :004018FB(C) | :0040195D FF4DFC dec [ebp-04] :00401960 57 push edi :00401961 50 push eax :00401962 E8A3030000 call 00401D0A :00401967 59 pop ecx :00401968 59 pop ecx * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004018C7(C) | :00401969 3975D0 cmp dword ptr [ebp-30], esi :0040196C 0F8428030000 je 00401C9A :00401972 807DF200 cmp byte ptr [ebp-0E], 00 :00401976 0F857F020000 jne 00401BFB :0040197C FF45CC inc [ebp-34] :0040197F 837DC463 cmp dword ptr [ebp-3C], 00000063 :00401983 0F8472020000 je 00401BFB :00401989 807DEA00 cmp byte ptr [ebp-16], 00 :0040198D 8B45D4 mov eax, dword ptr [ebp-2C] :00401990 7409 je 0040199B :00401992 66832000 and word ptr [eax], 0000 :00401996 E960020000 jmp 00401BFB * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00401990(C) | :0040199B 802000 and byte ptr [eax], 00 :0040199E E958020000 jmp 00401BFB * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004016FA(C) | :004019A3 C645F301 mov [ebp-0D], 01 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00401497(C), :004014A9(C), :0040170B(C) | :004019A7 8B5DEC mov ebx, dword ptr [ebp-14] :004019AA 83FB2D cmp ebx, 0000002D :004019AD 7506 jne 004019B5 :004019AF C645E901 mov [ebp-17], 01 :004019B3 EB05 jmp 004019BA * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004019AD(C) | :004019B5 83FB2B cmp ebx, 0000002B :004019B8 7522 jne 004019DC * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004019B3(U) | :004019BA FF4DF4 dec [ebp-0C] :004019BD 750C jne 004019CB :004019BF 837DE000 cmp dword ptr [ebp-20], 00000000 :004019C3 7406 je 004019CB :004019C5 C645F101 mov [ebp-0F], 01 :004019C9 EB11 jmp 004019DC * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:004019BD(C), :004019C3(C) | :004019CB FF7508 push [ebp+08] :004019CE FF45FC inc [ebp-04] :004019D1 E81A030000 call 00401CF0 :004019D6 59 pop ecx :004019D7 8BD8 mov ebx, eax * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004017D7(U) | :004019D9 895DEC mov dword ptr [ebp-14], ebx * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00401791(C), :004017C1(U), :004019B8(C), :004019C9(U) | :004019DC 837DD000 cmp dword ptr [ebp-30], 00000000 :004019E0 0F840F010000 je 00401AF5 :004019E6 807DF100 cmp byte ptr [ebp-0F], 00 :004019EA 0F85E3000000 jne 00401AD3 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00401AC0(U) | :004019F0 83FE78 cmp esi, 00000078 :004019F3 754F jne 00401A44 :004019F5 833DA874400001 cmp dword ptr [004074A8], 00000001 :004019FC 7E0F jle 00401A0D :004019FE 6880000000 push 00000080 :00401A03 53 push ebx :00401A04 E8171A0000 call 00403420 :00401A09 59 pop ecx :00401A0A 59 pop ecx :00401A0B EB0D jmp 00401A1A * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004019FC(C) | * Possible StringData Ref from Data Obj ->" ((((( " ->" H" | :00401A0D A1B4744000 mov eax, dword ptr [004074B4] :00401A12 8A0458 mov al, byte ptr [eax+2*ebx] :00401A15 2580000000 and eax, 00000080 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00401A0B(U) | :00401A1A 85C0 test eax, eax :00401A1C 0F84A3000000 je 00401AC5 :00401A22 8B45D8 mov eax, dword ptr [ebp-28] :00401A25 8B55DC mov edx, dword ptr [ebp-24] :00401A28 6A04 push 00000004 :00401A2A 59 pop ecx :00401A2B E8B01A0000 call 004034E0 :00401A30 53 push ebx :00401A31 8945D8 mov dword ptr [ebp-28], eax :00401A34 8955DC mov dword ptr [ebp-24], edx :00401A37 E87D020000 call 00401CB9 :00401A3C 8BD8 mov ebx, eax :00401A3E 59 pop ecx :00401A3F 895DEC mov dword ptr [ebp-14], ebx :00401A42 EB53 jmp 00401A97 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004019F3(C) | :00401A44 833DA874400001 cmp dword ptr [004074A8], 00000001 :00401A4B 7E0C jle 00401A59 :00401A4D 6A04 push 00000004 :00401A4F 53 push ebx :00401A50 E8CB190000 call 00403420 :00401A55 59 pop ecx :00401A56 59 pop ecx :00401A57 EB0B jmp 00401A64 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00401A4B(C) | * Possible StringData Ref from Data Obj ->" ((((( " ->" H" | :00401A59 A1B4744000 mov eax, dword ptr [004074B4] :00401A5E 8A0458 mov al, byte ptr [eax+2*ebx] :00401A61 83E004 and eax, 00000004 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00401A57(U) | :00401A64 85C0 test eax, eax :00401A66 745D je 00401AC5 :00401A68 83FE6F cmp esi, 0000006F :00401A6B 7515 jne 00401A82 :00401A6D 83FB38 cmp ebx, 00000038 :00401A70 7D53 jge 00401AC5 :00401A72 8B45D8 mov eax, dword ptr [ebp-28] :00401A75 8B55DC mov edx, dword ptr [ebp-24] :00401A78 6A03 push 00000003 :00401A7A 59 pop ecx :00401A7B E8601A0000 call 004034E0 :00401A80 EB0F jmp 00401A91 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00401A6B(C) | :00401A82 6A00 push 00000000 :00401A84 6A0A push 0000000A :00401A86 FF75DC push [ebp-24] :00401A89 FF75D8 push [ebp-28] :00401A8C E80F1A0000 call 004034A0 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00401A80(U) | :00401A91 8945D8 mov dword ptr [ebp-28], eax :00401A94 8955DC mov dword ptr [ebp-24], edx * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00401A42(U) | :00401A97 FF45E4 inc [ebp-1C] :00401A9A 8D43D0 lea eax, dword ptr [ebx-30] :00401A9D 99 cdq :00401A9E 0145D8 add dword ptr [ebp-28], eax :00401AA1 1155DC adc dword ptr [ebp-24], edx :00401AA4 837DE000 cmp dword ptr [ebp-20], 00000000 :00401AA8 7405 je 00401AAF :00401AAA FF4DF4 dec [ebp-0C] :00401AAD 7424 je 00401AD3 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00401AA8(C) | :00401AAF FF7508 push [ebp+08] :00401AB2 FF45FC inc [ebp-04] :00401AB5 E836020000 call 00401CF0 :00401ABA 8BD8 mov ebx, eax :00401ABC 59 pop ecx :00401ABD 895DEC mov dword ptr [ebp-14], ebx :00401AC0 E92BFFFFFF jmp 004019F0 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00401A1C(C), :00401A66(C), :00401A70(C) | :00401AC5 FF7508 push [ebp+08] :00401AC8 FF4DFC dec [ebp-04] :00401ACB 53 push ebx :00401ACC E839020000 call 00401D0A :00401AD1 59 pop ecx :00401AD2 59 pop ecx * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:004019EA(C), :00401AAD(C) | :00401AD3 807DE900 cmp byte ptr [ebp-17], 00 :00401AD7 0F84DC000000 je 00401BB9 :00401ADD 8B45D8 mov eax, dword ptr [ebp-28] :00401AE0 8B4DDC mov ecx, dword ptr [ebp-24] :00401AE3 F7D8 neg eax :00401AE5 83D100 adc ecx, 00000000 :00401AE8 8945D8 mov dword ptr [ebp-28], eax :00401AEB F7D9 neg ecx :00401AED 894DDC mov dword ptr [ebp-24], ecx :00401AF0 E9C4000000 jmp 00401BB9 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004019E0(C) | :00401AF5 807DF100 cmp byte ptr [ebp-0F], 00 :00401AF9 0F85B2000000 jne 00401BB1 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00401B9E(U) | :00401AFF 83FE78 cmp esi, 00000078 :00401B02 743F je 00401B43 :00401B04 83FE70 cmp esi, 00000070 :00401B07 743A je 00401B43 :00401B09 833DA874400001 cmp dword ptr [004074A8], 00000001 :00401B10 7E0C jle 00401B1E :00401B12 6A04 push 00000004 :00401B14 53 push ebx :00401B15 E806190000 call 00403420 :00401B1A 59 pop ecx :00401B1B 59 pop ecx :00401B1C EB0B jmp 00401B29 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00401B10(C) | * Possible StringData Ref from Data Obj ->" ((((( " ->" H" | :00401B1E A1B4744000 mov eax, dword ptr [004074B4] :00401B23 8A0458 mov al, byte ptr [eax+2*ebx] :00401B26 83E004 and eax, 00000004 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00401B1C(U) | :00401B29 85C0 test eax, eax :00401B2B 7476 je 00401BA3 :00401B2D 83FE6F cmp esi, 0000006F :00401B30 750A jne 00401B3C :00401B32 83FB38 cmp ebx, 00000038 :00401B35 7D6C jge 00401BA3 :00401B37 C1E703 shl edi, 03 :00401B3A EB3F jmp 00401B7B * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00401B30(C) | :00401B3C 8D3CBF lea edi, dword ptr [edi+4*edi] :00401B3F D1E7 shl edi, 1 :00401B41 EB38 jmp 00401B7B * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00401B02(C), :00401B07(C) | :00401B43 833DA874400001 cmp dword ptr [004074A8], 00000001 :00401B4A 7E0F jle 00401B5B :00401B4C 6880000000 push 00000080 :00401B51 53 push ebx :00401B52 E8C9180000 call 00403420 :00401B57 59 pop ecx :00401B58 59 pop ecx :00401B59 EB0D jmp 00401B68 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00401B4A(C) | * Possible StringData Ref from Data Obj ->" ((((( " ->" H" | :00401B5B A1B4744000 mov eax, dword ptr [004074B4] :00401B60 8A0458 mov al, byte ptr [eax+2*ebx] :00401B63 2580000000 and eax, 00000080 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00401B59(U) | :00401B68 85C0 test eax, eax :00401B6A 7437 je 00401BA3 :00401B6C 53 push ebx :00401B6D C1E704 shl edi, 04 :00401B70 E844010000 call 00401CB9 :00401B75 8BD8 mov ebx, eax :00401B77 59 pop ecx :00401B78 895DEC mov dword ptr [ebp-14], ebx * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00401B3A(U), :00401B41(U) | :00401B7B FF45E4 inc [ebp-1C] :00401B7E 837DE000 cmp dword ptr [ebp-20], 00000000 :00401B82 8D7C1FD0 lea edi, dword ptr [edi+ebx-30] :00401B86 7405 je 00401B8D :00401B88 FF4DF4 dec [ebp-0C] :00401B8B 7424 je 00401BB1 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00401B86(C) | :00401B8D FF7508 push [ebp+08] :00401B90 FF45FC inc [ebp-04] :00401B93 E858010000 call 00401CF0 :00401B98 8BD8 mov ebx, eax :00401B9A 59 pop ecx :00401B9B 895DEC mov dword ptr [ebp-14], ebx :00401B9E E95CFFFFFF jmp 00401AFF * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00401B2B(C), :00401B35(C), :00401B6A(C) | :00401BA3 FF7508 push [ebp+08] :00401BA6 FF4DFC dec [ebp-04] :00401BA9 53 push ebx :00401BAA E85B010000 call 00401D0A :00401BAF 59 pop ecx :00401BB0 59 pop ecx * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00401AF9(C), :00401B8B(C) | :00401BB1 807DE900 cmp byte ptr [ebp-17], 00 :00401BB5 7402 je 00401BB9 :00401BB7 F7DF neg edi * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00401AD7(C), :00401AF0(U), :00401BB5(C) | :00401BB9 83FE46 cmp esi, 00000046 :00401BBC 7504 jne 00401BC2 :00401BBE 8365E400 and dword ptr [ebp-1C], 00000000 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00401BBC(C) | :00401BC2 837DE400 cmp dword ptr [ebp-1C], 00000000 :00401BC6 0F84CE000000 je 00401C9A :00401BCC 807DF200 cmp byte ptr [ebp-0E], 00 :00401BD0 7529 jne 00401BFB :00401BD2 FF45CC inc [ebp-34] * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004014CF(C) | :00401BD5 837DD000 cmp dword ptr [ebp-30], 00000000 :00401BD9 7410 je 00401BEB :00401BDB 8B45D4 mov eax, dword ptr [ebp-2C] :00401BDE 8B4DD8 mov ecx, dword ptr [ebp-28] :00401BE1 8908 mov dword ptr [eax], ecx :00401BE3 8B4DDC mov ecx, dword ptr [ebp-24] :00401BE6 894804 mov dword ptr [eax+04], ecx :00401BE9 EB10 jmp 00401BFB * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00401BD9(C) | :00401BEB 807DF300 cmp byte ptr [ebp-0D], 00 :00401BEF 8B45D4 mov eax, dword ptr [ebp-2C] :00401BF2 7404 je 00401BF8 :00401BF4 8938 mov dword ptr [eax], edi :00401BF6 EB03 jmp 00401BFB * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00401BF2(C) | :00401BF8 668938 mov word ptr [eax], di * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:004014D5(U), :004016A8(C), :004016CD(U), :00401732(C), :0040173E(U) |:00401976(C), :00401983(C), :00401996(U), :0040199E(U), :00401BD0(C) |:00401BE9(U), :00401BF6(U) | :00401BFB FE45EB inc [ebp-15] :00401BFE FF450C inc [ebp+0C] :00401C01 8B750C mov esi, dword ptr [ebp+0C] :00401C04 EB42 jmp 00401C48 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00401327(C) | :00401C06 FF45FC inc [ebp-04] :00401C09 57 push edi :00401C0A E8E1000000 call 00401CF0 :00401C0F 8BD8 mov ebx, eax :00401C11 59 pop ecx :00401C12 0FB606 movzx eax, byte ptr [esi] :00401C15 46 inc esi :00401C16 3BC3 cmp eax, ebx :00401C18 895DEC mov dword ptr [ebp-14], ebx :00401C1B 89750C mov dword ptr [ebp+0C], esi :00401C1E 7555 jne 00401C75 * Possible StringData Ref from Data Obj ->" ((((( " ->" H" | :00401C20 8B0DB4744000 mov ecx, dword ptr [004074B4] :00401C26 0FB6C3 movzx eax, bl :00401C29 F644410180 test [ecx+2*eax+01], 80 :00401C2E 7418 je 00401C48 :00401C30 FF45FC inc [ebp-04] :00401C33 57 push edi :00401C34 E8B7000000 call 00401CF0 :00401C39 59 pop ecx :00401C3A 0FB60E movzx ecx, byte ptr [esi] :00401C3D 46 inc esi :00401C3E 3BC8 cmp ecx, eax :00401C40 89750C mov dword ptr [ebp+0C], esi :00401C43 753E jne 00401C83 :00401C45 FF4DFC dec [ebp-04] * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00401C04(U), :00401C2E(C) | :00401C48 837DECFF cmp dword ptr [ebp-14], FFFFFFFF :00401C4C 7510 jne 00401C5E :00401C4E 803E25 cmp byte ptr [esi], 25 :00401C51 754D jne 00401CA0 :00401C53 8B450C mov eax, dword ptr [ebp+0C] :00401C56 8078016E cmp byte ptr [eax+01], 6E :00401C5A 7544 jne 00401CA0 :00401C5C 8BF0 mov esi, eax * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00401C4C(C) | :00401C5E 8A06 mov al, byte ptr [esi] :00401C60 84C0 test al, al :00401C62 0F8556F6FFFF jne 004012BE :00401C68 EB30 jmp 00401C9A * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00401488(C), :00401725(C) | :00401C6A FF7508 push [ebp+08] :00401C6D FF4DFC dec [ebp-04] :00401C70 FF75EC push [ebp-14] :00401C73 EB05 jmp 00401C7A * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00401C1E(C) | :00401C75 FF4DFC dec [ebp-04] :00401C78 57 push edi :00401C79 53 push ebx * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00401C73(U) | :00401C7A E88B000000 call 00401D0A :00401C7F 59 pop ecx :00401C80 59 pop ecx :00401C81 EB17 jmp 00401C9A * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00401C43(C) | :00401C83 FF4DFC dec [ebp-04] :00401C86 57 push edi :00401C87 50 push eax :00401C88 E87D000000 call 00401D0A :00401C8D FF4DFC dec [ebp-04] :00401C90 57 push edi :00401C91 53 push ebx :00401C92 E873000000 call 00401D0A :00401C97 83C410 add esp, 00000010 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:004012B3(C), :0040169E(C), :00401893(C), :0040196C(C), :00401BC6(C) |:00401C68(U), :00401C81(U) | :00401C9A 837DECFF cmp dword ptr [ebp-14], FFFFFFFF :00401C9E 7511 jne 00401CB1 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00401C51(C), :00401C5A(C) | :00401CA0 8B45CC mov eax, dword ptr [ebp-34] :00401CA3 85C0 test eax, eax :00401CA5 750D jne 00401CB4 :00401CA7 3845EB cmp byte ptr [ebp-15], al :00401CAA 7508 jne 00401CB4 :00401CAC 83C8FF or eax, FFFFFFFF :00401CAF EB03 jmp 00401CB4 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00401C9E(C) | :00401CB1 8B45CC mov eax, dword ptr [ebp-34] * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00401CA5(C), :00401CAA(C), :00401CAF(U) | :00401CB4 5F pop edi :00401CB5 5E pop esi :00401CB6 5B pop ebx :00401CB7 C9 leave :00401CB8 C3 ret * Referenced by a CALL at Addresses: |:00401A37 , :00401B70 | :00401CB9 833DA874400001 cmp dword ptr [004074A8], 00000001 :00401CC0 56 push esi :00401CC1 7E10 jle 00401CD3 :00401CC3 8B742408 mov esi, dword ptr [esp+08] :00401CC7 6A04 push 00000004 :00401CC9 56 push esi :00401CCA E851170000 call 00403420 :00401CCF 59 pop ecx :00401CD0 59 pop ecx :00401CD1 EB0F jmp 00401CE2 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00401CC1(C) | :00401CD3 8B742408 mov esi, dword ptr [esp+08] * Possible StringData Ref from Data Obj ->" ((((( " ->" H" | :00401CD7 A1B4744000 mov eax, dword ptr [004074B4] :00401CDC 8A0470 mov al, byte ptr [eax+2*esi] :00401CDF 83E004 and eax, 00000004 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00401CD1(U) | :00401CE2 85C0 test eax, eax :00401CE4 7506 jne 00401CEC :00401CE6 83E6DF and esi, FFFFFFDF :00401CE9 83EE07 sub esi, 00000007 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00401CE4(C) | :00401CEC 8BC6 mov eax, esi :00401CEE 5E pop esi :00401CEF C3 ret * Referenced by a CALL at Addresses: |:00401475 , :0040151D , :0040157B , :0040159E , :004015E9 |:00401620 , :0040164D , :00401783 , :0040179D , :004017E2 |:004018D1 , :00401920 , :004019D1 , :00401AB5 , :00401B93 |:00401C0A , :00401C34 , :00401D2D | :00401CF0 8B542404 mov edx, dword ptr [esp+04] :00401CF4 FF4A04 dec [edx+04] :00401CF7 7809 js 00401D02 :00401CF9 8B0A mov ecx, dword ptr [edx] :00401CFB 0FB601 movzx eax, byte ptr [ecx] :00401CFE 41 inc ecx :00401CFF 890A mov dword ptr [edx], ecx :00401D01 C3 ret * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00401CF7(C) | :00401D02 52 push edx :00401D03 E8F7170000 call 004034FF :00401D08 59 pop ecx :00401D09 C3 ret * Referenced by a CALL at Addresses: |:004012FF , :00401693 , :004017CD , :004018B2 , :00401962 |:00401ACC , :00401BAA , :00401C7A , :00401C88 , :00401C92 | :00401D0A 837C2404FF cmp dword ptr [esp+04], FFFFFFFF :00401D0F 740F je 00401D20 :00401D11 FF742408 push [esp+08] :00401D15 FF742408 push [esp+08] :00401D19 E8BA180000 call 004035D8 :00401D1E 59 pop ecx :00401D1F 59 pop ecx * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00401D0F(C) | :00401D20 C3 ret * Referenced by a CALL at Addresses: |:004012F7 , :00401467 | :00401D21 56 push esi :00401D22 8B742408 mov esi, dword ptr [esp+08] :00401D26 57 push edi * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00401D3E(C) | :00401D27 FF742410 push [esp+10] :00401D2B FF06 inc dword ptr [esi] :00401D2D E8BEFFFFFF call 00401CF0 :00401D32 8BF8 mov edi, eax :00401D34 57 push edi :00401D35 E8BE160000 call 004033F8 :00401D3A 59 pop ecx :00401D3B 85C0 test eax, eax :00401D3D 59 pop ecx :00401D3E 75E7 jne 00401D27 :00401D40 8BC7 mov eax, edi :00401D42 5F pop edi :00401D43 5E pop esi :00401D44 C3 ret :00401D45 A1608E4000 mov eax, dword ptr [00408E60] :00401D4A 56 push esi :00401D4B 6A14 push 00000014 :00401D4D 85C0 test eax, eax :00401D4F 5E pop esi :00401D50 7507 jne 00401D59 :00401D52 B800020000 mov eax, 00000200 :00401D57 EB06 jmp 00401D5F * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00401D50(C) | :00401D59 3BC6 cmp eax, esi :00401D5B 7D07 jge 00401D64 :00401D5D 8BC6 mov eax, esi * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00401D57(U) | :00401D5F A3608E4000 mov dword ptr [00408E60], eax * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00401D5B(C) | :00401D64 6A04 push 00000004 :00401D66 50 push eax :00401D67 E8DA180000 call 00403646 :00401D6C 59 pop ecx :00401D6D A3587E4000 mov dword ptr [00407E58], eax :00401D72 85C0 test eax, eax :00401D74 59 pop ecx :00401D75 7521 jne 00401D98 :00401D77 6A04 push 00000004 :00401D79 56 push esi :00401D7A 8935608E4000 mov dword ptr [00408E60], esi :00401D80 E8C1180000 call 00403646 :00401D85 59 pop ecx :00401D86 A3587E4000 mov dword ptr [00407E58], eax :00401D8B 85C0 test eax, eax :00401D8D 59 pop ecx :00401D8E 7508 jne 00401D98 :00401D90 6A1A push 0000001A :00401D92 E8B4F4FFFF call 0040124B :00401D97 59 pop ecx * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00401D75(C), :00401D8E(C) | :00401D98 33C9 xor ecx, ecx :00401D9A B8C8704000 mov eax, 004070C8 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00401DB3(C) | :00401D9F 8B15587E4000 mov edx, dword ptr [00407E58] :00401DA5 890411 mov dword ptr [ecx+edx], eax :00401DA8 83C020 add eax, 00000020 :00401DAB 83C104 add ecx, 00000004 :00401DAE 3D48734000 cmp eax, 00407348 :00401DB3 7CEA jl 00401D9F :00401DB5 33D2 xor edx, edx :00401DB7 B9D8704000 mov ecx, 004070D8 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00401DE6(C) | :00401DBC 8BC2 mov eax, edx :00401DBE 8BF2 mov esi, edx :00401DC0 C1F805 sar eax, 05 :00401DC3 83E61F and esi, 0000001F :00401DC6 8B0485407D4000 mov eax, dword ptr [4*eax+00407D40] :00401DCD 8B04F0 mov eax, dword ptr [eax+8*esi] :00401DD0 83F8FF cmp eax, FFFFFFFF :00401DD3 7404 je 00401DD9 :00401DD5 85C0 test eax, eax :00401DD7 7503 jne 00401DDC * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00401DD3(C) | :00401DD9 8309FF or dword ptr [ecx], FFFFFFFF * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00401DD7(C) | :00401DDC 83C120 add ecx, 00000020 :00401DDF 42 inc edx :00401DE0 81F938714000 cmp ecx, 00407138 :00401DE6 7CD4 jl 00401DBC :00401DE8 5E pop esi :00401DE9 C3 ret :00401DEA E8C3190000 call 004037B2 :00401DEF 803D9079400000 cmp byte ptr [00407990], 00 :00401DF6 7405 je 00401DFD :00401DF8 E9C6180000 jmp 004036C3 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00401DF6(C) | :00401DFD C3 ret * Referenced by a CALL at Address: |:00401144 | :00401DFE 56 push esi :00401DFF 8B742408 mov esi, dword ptr [esp+08] :00401E03 FF7610 push [esi+10] :00401E06 E8911A0000 call 0040389C :00401E0B 85C0 test eax, eax :00401E0D 59 pop ecx :00401E0E 7477 je 00401E87 :00401E10 81FEE8704000 cmp esi, 004070E8 :00401E16 7504 jne 00401E1C :00401E18 33C0 xor eax, eax :00401E1A EB0B jmp 00401E27 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00401E16(C) | :00401E1C 81FE08714000 cmp esi, 00407108 :00401E22 7563 jne 00401E87 :00401E24 6A01 push 00000001 :00401E26 58 pop eax * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00401E1A(U) | :00401E27 FF0544794000 inc dword ptr [00407944] :00401E2D 66F7460C0C01 test [esi+0C], 010C :00401E33 7552 jne 00401E87 :00401E35 833C854879400000 cmp dword ptr [4*eax+00407948], 00000000 :00401E3D 53 push ebx :00401E3E 57 push edi :00401E3F 8D3C8548794000 lea edi, dword ptr [4*eax+00407948] :00401E46 BB00100000 mov ebx, 00001000 :00401E4B 7520 jne 00401E6D :00401E4D 53 push ebx :00401E4E E8D5190000 call 00403828 :00401E53 85C0 test eax, eax :00401E55 59 pop ecx :00401E56 8907 mov dword ptr [edi], eax :00401E58 7513 jne 00401E6D :00401E5A 8D4614 lea eax, dword ptr [esi+14] :00401E5D 6A02 push 00000002 :00401E5F 894608 mov dword ptr [esi+08], eax :00401E62 8906 mov dword ptr [esi], eax :00401E64 58 pop eax :00401E65 894618 mov dword ptr [esi+18], eax :00401E68 894604 mov dword ptr [esi+04], eax :00401E6B EB0D jmp 00401E7A * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00401E4B(C), :00401E58(C) | :00401E6D 8B3F mov edi, dword ptr [edi] :00401E6F 895E18 mov dword ptr [esi+18], ebx :00401E72 897E08 mov dword ptr [esi+08], edi :00401E75 893E mov dword ptr [esi], edi :00401E77 895E04 mov dword ptr [esi+04], ebx * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00401E6B(U) | :00401E7A 66814E0C0211 or word ptr [esi+0C], 1102 :00401E80 6A01 push 00000001 :00401E82 58 pop eax :00401E83 5F pop edi :00401E84 5B pop ebx :00401E85 5E pop esi :00401E86 C3 ret * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00401E0E(C), :00401E22(C), :00401E33(C) | :00401E87 33C0 xor eax, eax :00401E89 5E pop esi :00401E8A C3 ret * Referenced by a CALL at Address: |:0040115E | :00401E8B 837C240400 cmp dword ptr [esp+04], 00000000 :00401E90 56 push esi :00401E91 7422 je 00401EB5 :00401E93 8B74240C mov esi, dword ptr [esp+0C] :00401E97 F6460D10 test [esi+0D], 10 :00401E9B 7429 je 00401EC6 :00401E9D 56 push esi :00401E9E E8B3180000 call 00403756 :00401EA3 80660DEE and byte ptr [esi+0D], EE :00401EA7 83661800 and dword ptr [esi+18], 00000000 :00401EAB 832600 and dword ptr [esi], 00000000 :00401EAE 83660800 and dword ptr [esi+08], 00000000 :00401EB2 59 pop ecx :00401EB3 5E pop esi :00401EB4 C3 ret * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00401E91(C) | :00401EB5 8B44240C mov eax, dword ptr [esp+0C] :00401EB9 F6400D10 test [eax+0D], 10 :00401EBD 7407 je 00401EC6 :00401EBF 50 push eax :00401EC0 E891180000 call 00403756 :00401EC5 59 pop ecx * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00401E9B(C), :00401EBD(C) | :00401EC6 5E pop esi :00401EC7 C3 ret * Referenced by a CALL at Address: |:00401155 | :00401EC8 55 push ebp :00401EC9 8BEC mov ebp, esp :00401ECB 81EC48020000 sub esp, 00000248 :00401ED1 53 push ebx :00401ED2 56 push esi :00401ED3 57 push edi :00401ED4 8B7D0C mov edi, dword ptr [ebp+0C] :00401ED7 33F6 xor esi, esi :00401ED9 8A1F mov bl, byte ptr [edi] :00401EDB 47 inc edi :00401EDC 84DB test bl, bl :00401EDE 8975F4 mov dword ptr [ebp-0C], esi :00401EE1 8975EC mov dword ptr [ebp-14], esi :00401EE4 897D0C mov dword ptr [ebp+0C], edi :00401EE7 0F84F4060000 je 004025E1 :00401EED 8B4DF0 mov ecx, dword ptr [ebp-10] :00401EF0 33D2 xor edx, edx :00401EF2 EB08 jmp 00401EFC * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004025DB(C) | :00401EF4 8B4DF0 mov ecx, dword ptr [ebp-10] :00401EF7 8B75D0 mov esi, dword ptr [ebp-30] :00401EFA 33D2 xor edx, edx * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00401EF2(U) | :00401EFC 3955EC cmp dword ptr [ebp-14], edx :00401EFF 0F8CDC060000 jl 004025E1 :00401F05 80FB20 cmp bl, 20 :00401F08 7C13 jl 00401F1D :00401F0A 80FB78 cmp bl, 78 :00401F0D 7F0E jg 00401F1D :00401F0F 0FBEC3 movsx eax, bl :00401F12 8A8094604000 mov al, byte ptr [eax+00406094] :00401F18 83E00F and eax, 0000000F :00401F1B EB02 jmp 00401F1F * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00401F08(C), :00401F0D(C) | :00401F1D 33C0 xor eax, eax * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00401F1B(U) | :00401F1F 0FBE84C6B4604000 movsx eax, byte ptr [esi+8*eax+004060B4] :00401F27 C1F804 sar eax, 04 :00401F2A 83F807 cmp eax, 00000007 :00401F2D 8945D0 mov dword ptr [ebp-30], eax :00401F30 0F879A060000 ja 004025D0 :00401F36 FF2485E9254000 jmp dword ptr [4*eax+004025E9] :00401F3D 834DF0FF or dword ptr [ebp-10], FFFFFFFF :00401F41 8955CC mov dword ptr [ebp-34], edx :00401F44 8955D8 mov dword ptr [ebp-28], edx :00401F47 8955E0 mov dword ptr [ebp-20], edx :00401F4A 8955E4 mov dword ptr [ebp-1C], edx :00401F4D 8955FC mov dword ptr [ebp-04], edx :00401F50 8955DC mov dword ptr [ebp-24], edx :00401F53 E978060000 jmp 004025D0 :00401F58 0FBEC3 movsx eax, bl :00401F5B 83E820 sub eax, 00000020 :00401F5E 743B je 00401F9B :00401F60 83E803 sub eax, 00000003 :00401F63 742D je 00401F92 :00401F65 83E808 sub eax, 00000008 :00401F68 741F je 00401F89 :00401F6A 48 dec eax :00401F6B 48 dec eax :00401F6C 7412 je 00401F80 :00401F6E 83E803 sub eax, 00000003 :00401F71 0F8559060000 jne 004025D0 :00401F77 834DFC08 or dword ptr [ebp-04], 00000008 :00401F7B E950060000 jmp 004025D0 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00401F6C(C) | :00401F80 834DFC04 or dword ptr [ebp-04], 00000004 :00401F84 E947060000 jmp 004025D0 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00401F68(C) | :00401F89 834DFC01 or dword ptr [ebp-04], 00000001 :00401F8D E93E060000 jmp 004025D0 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00401F63(C) | :00401F92 804DFC80 or byte ptr [ebp-04], 80 :00401F96 E935060000 jmp 004025D0 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00401F5E(C) | :00401F9B 834DFC02 or dword ptr [ebp-04], 00000002 :00401F9F E92C060000 jmp 004025D0 :00401FA4 80FB2A cmp bl, 2A :00401FA7 7523 jne 00401FCC :00401FA9 8D4510 lea eax, dword ptr [ebp+10] :00401FAC 50 push eax :00401FAD E8F5060000 call 004026A7 :00401FB2 85C0 test eax, eax :00401FB4 59 pop ecx :00401FB5 8945E0 mov dword ptr [ebp-20], eax :00401FB8 0F8D12060000 jnl 004025D0 :00401FBE 834DFC04 or dword ptr [ebp-04], 00000004 :00401FC2 F7D8 neg eax * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00401FD9(U) | :00401FC4 8945E0 mov dword ptr [ebp-20], eax :00401FC7 E904060000 jmp 004025D0 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00401FA7(C) | :00401FCC 8B45E0 mov eax, dword ptr [ebp-20] :00401FCF 0FBECB movsx ecx, bl :00401FD2 8D0480 lea eax, dword ptr [eax+4*eax] :00401FD5 8D4441D0 lea eax, dword ptr [ecx+2*eax-30] :00401FD9 EBE9 jmp 00401FC4 :00401FDB 8955F0 mov dword ptr [ebp-10], edx :00401FDE E9ED050000 jmp 004025D0 :00401FE3 80FB2A cmp bl, 2A :00401FE6 751E jne 00402006 :00401FE8 8D4510 lea eax, dword ptr [ebp+10] :00401FEB 50 push eax :00401FEC E8B6060000 call 004026A7 :00401FF1 85C0 test eax, eax :00401FF3 59 pop ecx :00401FF4 8945F0 mov dword ptr [ebp-10], eax :00401FF7 0F8DD3050000 jnl 004025D0 :00401FFD 834DF0FF or dword ptr [ebp-10], FFFFFFFF :00402001 E9CA050000 jmp 004025D0 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00401FE6(C) | :00402006 8D0489 lea eax, dword ptr [ecx+4*ecx] :00402009 0FBECB movsx ecx, bl :0040200C 8D4441D0 lea eax, dword ptr [ecx+2*eax-30] :00402010 8945F0 mov dword ptr [ebp-10], eax :00402013 E9B8050000 jmp 004025D0 :00402018 80FB49 cmp bl, 49 :0040201B 742E je 0040204B :0040201D 80FB68 cmp bl, 68 :00402020 7420 je 00402042 :00402022 80FB6C cmp bl, 6C :00402025 7412 je 00402039 :00402027 80FB77 cmp bl, 77 :0040202A 0F85A0050000 jne 004025D0 :00402030 804DFD08 or byte ptr [ebp-03], 08 :00402034 E997050000 jmp 004025D0 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402025(C) | :00402039 834DFC10 or dword ptr [ebp-04], 00000010 :0040203D E98E050000 jmp 004025D0 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402020(C) | :00402042 834DFC20 or dword ptr [ebp-04], 00000020 :00402046 E985050000 jmp 004025D0 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0040201B(C) | :0040204B 803F36 cmp byte ptr [edi], 36 :0040204E 7514 jne 00402064 :00402050 807F0134 cmp byte ptr [edi+01], 34 :00402054 750E jne 00402064 :00402056 47 inc edi :00402057 47 inc edi :00402058 804DFD80 or byte ptr [ebp-03], 80 :0040205C 897D0C mov dword ptr [ebp+0C], edi :0040205F E96C050000 jmp 004025D0 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:0040204E(C), :00402054(C) | :00402064 8955D0 mov dword ptr [ebp-30], edx * Possible StringData Ref from Data Obj ->" ((((( " ->" H" | :00402067 8B0DB4744000 mov ecx, dword ptr [004074B4] :0040206D 8955DC mov dword ptr [ebp-24], edx :00402070 0FB6C3 movzx eax, bl :00402073 F644410180 test [ecx+2*eax+01], 80 :00402078 7419 je 00402093 :0040207A 8D45EC lea eax, dword ptr [ebp-14] :0040207D 50 push eax :0040207E FF7508 push [ebp+08] :00402081 0FBEC3 movsx eax, bl :00402084 50 push eax :00402085 E87F050000 call 00402609 :0040208A 8A1F mov bl, byte ptr [edi] :0040208C 83C40C add esp, 0000000C :0040208F 47 inc edi :00402090 897D0C mov dword ptr [ebp+0C], edi * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402078(C) | :00402093 8D45EC lea eax, dword ptr [ebp-14] :00402096 50 push eax :00402097 FF7508 push [ebp+08] :0040209A 0FBEC3 movsx eax, bl :0040209D 50 push eax :0040209E E866050000 call 00402609 :004020A3 83C40C add esp, 0000000C :004020A6 E925050000 jmp 004025D0 :004020AB 0FBEC3 movsx eax, bl :004020AE 83F867 cmp eax, 00000067 :004020B1 0F8F1C020000 jg 004022D3 :004020B7 83F865 cmp eax, 00000065 :004020BA 0F8D96000000 jnl 00402156 :004020C0 83F858 cmp eax, 00000058 :004020C3 0F8FEB000000 jg 004021B4 :004020C9 0F8478020000 je 00402347 :004020CF 83E843 sub eax, 00000043 :004020D2 0F849F000000 je 00402177 :004020D8 48 dec eax :004020D9 48 dec eax :004020DA 7470 je 0040214C :004020DC 48 dec eax :004020DD 48 dec eax :004020DE 746C je 0040214C :004020E0 83E80C sub eax, 0000000C :004020E3 0F85E9030000 jne 004024D2 :004020E9 66F745FC3008 test [ebp-04], 0830 :004020EF 7504 jne 004020F5 :004020F1 804DFD08 or byte ptr [ebp-03], 08 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:004020EF(C), :004022F2(C) | :004020F5 8B75F0 mov esi, dword ptr [ebp-10] :004020F8 83FEFF cmp esi, FFFFFFFF :004020FB 7505 jne 00402102 :004020FD BEFFFFFF7F mov esi, 7FFFFFFF * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004020FB(C) | :00402102 8D4510 lea eax, dword ptr [ebp+10] :00402105 50 push eax :00402106 E89C050000 call 004026A7 :0040210B 66F745FC1008 test [ebp-04], 0810 :00402111 59 pop ecx :00402112 8BC8 mov ecx, eax :00402114 894DF8 mov dword ptr [ebp-08], ecx :00402117 0F84FE010000 je 0040231B :0040211D 85C9 test ecx, ecx :0040211F 7509 jne 0040212A :00402121 8B0D4C734000 mov ecx, dword ptr [0040734C] :00402127 894DF8 mov dword ptr [ebp-08], ecx * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0040211F(C) | :0040212A C745DC01000000 mov [ebp-24], 00000001 :00402131 8BC1 mov eax, ecx * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0040214A(U) | :00402133 8BD6 mov edx, esi :00402135 4E dec esi :00402136 85D2 test edx, edx :00402138 0F84D4010000 je 00402312 :0040213E 66833800 cmp word ptr [eax], 0000 :00402142 0F84CA010000 je 00402312 :00402148 40 inc eax :00402149 40 inc eax :0040214A EBE7 jmp 00402133 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:004020DA(C), :004020DE(C) | :0040214C C745CC01000000 mov [ebp-34], 00000001 :00402153 80C320 add bl, 20 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004020BA(C) | :00402156 834DFC40 or dword ptr [ebp-04], 00000040 :0040215A 8DBDB8FDFFFF lea edi, dword ptr [ebp+FFFFFDB8] :00402160 3BCA cmp ecx, edx :00402162 897DF8 mov dword ptr [ebp-08], edi :00402165 0F8DCF000000 jnl 0040223A :0040216B C745F006000000 mov [ebp-10], 00000006 :00402172 E9D1000000 jmp 00402248 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004020D2(C) | :00402177 66F745FC3008 test [ebp-04], 0830 :0040217D 7504 jne 00402183 :0040217F 804DFD08 or byte ptr [ebp-03], 08 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:0040217D(C), :004021BC(C) | :00402183 66F745FC1008 test [ebp-04], 0810 :00402189 8D4510 lea eax, dword ptr [ebp+10] :0040218C 50 push eax :0040218D 743B je 004021CA :0040218F E830050000 call 004026C4 :00402194 50 push eax :00402195 8D85B8FDFFFF lea eax, dword ptr [ebp+FFFFFDB8] :0040219B 50 push eax :0040219C E8AA170000 call 0040394B :004021A1 83C40C add esp, 0000000C :004021A4 8945F4 mov dword ptr [ebp-0C], eax :004021A7 85C0 test eax, eax :004021A9 7D32 jge 004021DD :004021AB C745D801000000 mov [ebp-28], 00000001 :004021B2 EB29 jmp 004021DD * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004020C3(C) | :004021B4 83E85A sub eax, 0000005A :004021B7 7432 je 004021EB :004021B9 83E809 sub eax, 00000009 :004021BC 74C5 je 00402183 :004021BE 48 dec eax :004021BF 0F84E8010000 je 004023AD :004021C5 E908030000 jmp 004024D2 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0040218D(C) | :004021CA E8D8040000 call 004026A7 :004021CF 59 pop ecx :004021D0 8885B8FDFFFF mov byte ptr [ebp+FFFFFDB8], al :004021D6 C745F401000000 mov [ebp-0C], 00000001 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:004021A9(C), :004021B2(U) | :004021DD 8D85B8FDFFFF lea eax, dword ptr [ebp+FFFFFDB8] :004021E3 8945F8 mov dword ptr [ebp-08], eax :004021E6 E9E7020000 jmp 004024D2 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004021B7(C) | :004021EB 8D4510 lea eax, dword ptr [ebp+10] :004021EE 50 push eax :004021EF E8B3040000 call 004026A7 :004021F4 85C0 test eax, eax :004021F6 59 pop ecx :004021F7 7433 je 0040222C :004021F9 8B4804 mov ecx, dword ptr [eax+04] :004021FC 85C9 test ecx, ecx :004021FE 742C je 0040222C :00402200 F645FD08 test [ebp-03], 08 :00402204 7417 je 0040221D :00402206 0FBF00 movsx eax, word ptr [eax] :00402209 D1E8 shr eax, 1 :0040220B 894DF8 mov dword ptr [ebp-08], ecx :0040220E 8945F4 mov dword ptr [ebp-0C], eax :00402211 C745DC01000000 mov [ebp-24], 00000001 :00402218 E9B5020000 jmp 004024D2 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402204(C) | :0040221D 8365DC00 and dword ptr [ebp-24], 00000000 :00402221 894DF8 mov dword ptr [ebp-08], ecx :00402224 0FBF00 movsx eax, word ptr [eax] :00402227 E9A3020000 jmp 004024CF * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:004021F7(C), :004021FE(C) | :0040222C A148734000 mov eax, dword ptr [00407348] :00402231 8945F8 mov dword ptr [ebp-08], eax :00402234 50 push eax :00402235 E98E000000 jmp 004022C8 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402165(C) | :0040223A 750C jne 00402248 :0040223C 80FB67 cmp bl, 67 :0040223F 7507 jne 00402248 :00402241 C745F001000000 mov [ebp-10], 00000001 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00402172(U), :0040223A(C), :0040223F(C) | :00402248 8B4510 mov eax, dword ptr [ebp+10] :0040224B FF75CC push [ebp-34] :0040224E 83C008 add eax, 00000008 :00402251 894510 mov dword ptr [ebp+10], eax :00402254 FF75F0 push [ebp-10] :00402257 8B48F8 mov ecx, dword ptr [eax-08] :0040225A 894DB8 mov dword ptr [ebp-48], ecx :0040225D 8B40FC mov eax, dword ptr [eax-04] :00402260 8945BC mov dword ptr [ebp-44], eax :00402263 0FBEC3 movsx eax, bl :00402266 50 push eax :00402267 8D85B8FDFFFF lea eax, dword ptr [ebp+FFFFFDB8] :0040226D 50 push eax :0040226E 8D45B8 lea eax, dword ptr [ebp-48] :00402271 50 push eax :00402272 FF1590744000 call dword ptr [00407490] :00402278 8B75FC mov esi, dword ptr [ebp-04] :0040227B 83C414 add esp, 00000014 :0040227E 81E680000000 and esi, 00000080 :00402284 7414 je 0040229A :00402286 837DF000 cmp dword ptr [ebp-10], 00000000 :0040228A 750E jne 0040229A :0040228C 8D85B8FDFFFF lea eax, dword ptr [ebp+FFFFFDB8] :00402292 50 push eax :00402293 FF159C744000 call dword ptr [0040749C] :00402299 59 pop ecx * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00402284(C), :0040228A(C) | :0040229A 80FB67 cmp bl, 67 :0040229D 7512 jne 004022B1 :0040229F 85F6 test esi, esi :004022A1 750E jne 004022B1 :004022A3 8D85B8FDFFFF lea eax, dword ptr [ebp+FFFFFDB8] :004022A9 50 push eax :004022AA FF1594744000 call dword ptr [00407494] :004022B0 59 pop ecx * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:0040229D(C), :004022A1(C) | :004022B1 80BDB8FDFFFF2D cmp byte ptr [ebp+FFFFFDB8], 2D :004022B8 750D jne 004022C7 :004022BA 804DFD01 or byte ptr [ebp-03], 01 :004022BE 8DBDB9FDFFFF lea edi, dword ptr [ebp+FFFFFDB9] :004022C4 897DF8 mov dword ptr [ebp-08], edi * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004022B8(C) | :004022C7 57 push edi * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402235(U) | :004022C8 E803160000 call 004038D0 :004022CD 59 pop ecx :004022CE E9FC010000 jmp 004024CF * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004020B1(C) | :004022D3 83E869 sub eax, 00000069 :004022D6 0F84D1000000 je 004023AD :004022DC 83E805 sub eax, 00000005 :004022DF 0F849E000000 je 00402383 :004022E5 48 dec eax :004022E6 0F8484000000 je 00402370 :004022EC 48 dec eax :004022ED 7451 je 00402340 :004022EF 83E803 sub eax, 00000003 :004022F2 0F84FDFDFFFF je 004020F5 :004022F8 48 dec eax :004022F9 48 dec eax :004022FA 0F84B1000000 je 004023B1 :00402300 83E803 sub eax, 00000003 :00402303 0F85C9010000 jne 004024D2 :00402309 C745D427000000 mov [ebp-2C], 00000027 :00402310 EB3C jmp 0040234E * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00402138(C), :00402142(C) | :00402312 2BC1 sub eax, ecx :00402314 D1F8 sar eax, 1 :00402316 E9B4010000 jmp 004024CF * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402117(C) | :0040231B 85C9 test ecx, ecx :0040231D 7509 jne 00402328 :0040231F 8B0D48734000 mov ecx, dword ptr [00407348] :00402325 894DF8 mov dword ptr [ebp-08], ecx * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0040231D(C) | :00402328 8BC1 mov eax, ecx * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402337(U) | :0040232A 8BD6 mov edx, esi :0040232C 4E dec esi :0040232D 85D2 test edx, edx :0040232F 7408 je 00402339 :00402331 803800 cmp byte ptr [eax], 00 :00402334 7403 je 00402339 :00402336 40 inc eax :00402337 EBF1 jmp 0040232A * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:0040232F(C), :00402334(C) | :00402339 2BC1 sub eax, ecx :0040233B E98F010000 jmp 004024CF * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004022ED(C) | :00402340 C745F008000000 mov [ebp-10], 00000008 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004020C9(C) | :00402347 C745D407000000 mov [ebp-2C], 00000007 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402310(U) | :0040234E F645FC80 test [ebp-04], 80 :00402352 C745F410000000 mov [ebp-0C], 00000010 :00402359 745D je 004023B8 :0040235B 8A45D4 mov al, byte ptr [ebp-2C] :0040235E C645EA30 mov [ebp-16], 30 :00402362 0451 add al, 51 :00402364 C745E402000000 mov [ebp-1C], 00000002 :0040236B 8845EB mov byte ptr [ebp-15], al :0040236E EB48 jmp 004023B8 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004022E6(C) | :00402370 F645FC80 test [ebp-04], 80 :00402374 C745F408000000 mov [ebp-0C], 00000008 :0040237B 743B je 004023B8 :0040237D 804DFD02 or byte ptr [ebp-03], 02 :00402381 EB35 jmp 004023B8 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004022DF(C) | :00402383 8D4510 lea eax, dword ptr [ebp+10] :00402386 50 push eax :00402387 E81B030000 call 004026A7 :0040238C F645FC20 test [ebp-04], 20 :00402390 59 pop ecx :00402391 7409 je 0040239C :00402393 668B4DEC mov cx, word ptr [ebp-14] :00402397 668908 mov word ptr [eax], cx :0040239A EB05 jmp 004023A1 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402391(C) | :0040239C 8B4DEC mov ecx, dword ptr [ebp-14] :0040239F 8908 mov dword ptr [eax], ecx * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0040239A(U) | :004023A1 C745D801000000 mov [ebp-28], 00000001 :004023A8 E923020000 jmp 004025D0 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:004021BF(C), :004022D6(C) | :004023AD 834DFC40 or dword ptr [ebp-04], 00000040 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004022FA(C) | :004023B1 C745F40A000000 mov [ebp-0C], 0000000A * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00402359(C), :0040236E(U), :0040237B(C), :00402381(U) | :004023B8 F645FD80 test [ebp-03], 80 :004023BC 740C je 004023CA :004023BE 8D4510 lea eax, dword ptr [ebp+10] :004023C1 50 push eax :004023C2 E8ED020000 call 004026B4 :004023C7 59 pop ecx :004023C8 EB41 jmp 0040240B * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004023BC(C) | :004023CA F645FC20 test [ebp-04], 20 :004023CE 7421 je 004023F1 :004023D0 F645FC40 test [ebp-04], 40 :004023D4 8D4510 lea eax, dword ptr [ebp+10] :004023D7 50 push eax :004023D8 740C je 004023E6 :004023DA E8C8020000 call 004026A7 :004023DF 59 pop ecx :004023E0 0FBFC0 movsx eax, ax * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:004023EF(U), :00402401(U) | :004023E3 99 cdq :004023E4 EB25 jmp 0040240B * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004023D8(C) | :004023E6 E8BC020000 call 004026A7 :004023EB 59 pop ecx :004023EC 0FB7C0 movzx eax, ax :004023EF EBF2 jmp 004023E3 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004023CE(C) | :004023F1 F645FC40 test [ebp-04], 40 :004023F5 8D4510 lea eax, dword ptr [ebp+10] :004023F8 50 push eax :004023F9 7408 je 00402403 :004023FB E8A7020000 call 004026A7 :00402400 59 pop ecx :00402401 EBE0 jmp 004023E3 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004023F9(C) | :00402403 E89F020000 call 004026A7 :00402408 59 pop ecx :00402409 33D2 xor edx, edx * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:004023C8(U), :004023E4(U) | :0040240B F645FC40 test [ebp-04], 40 :0040240F 741B je 0040242C :00402411 85D2 test edx, edx :00402413 7F17 jg 0040242C :00402415 7C04 jl 0040241B :00402417 85C0 test eax, eax :00402419 7311 jnb 0040242C * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402415(C) | :0040241B F7D8 neg eax :0040241D 83D200 adc edx, 00000000 :00402420 8BF0 mov esi, eax :00402422 F7DA neg edx :00402424 804DFD01 or byte ptr [ebp-03], 01 :00402428 8BFA mov edi, edx :0040242A EB04 jmp 00402430 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:0040240F(C), :00402413(C), :00402419(C) | :0040242C 8BF0 mov esi, eax :0040242E 8BFA mov edi, edx * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0040242A(U) | :00402430 F645FD80 test [ebp-03], 80 :00402434 7503 jne 00402439 :00402436 83E700 and edi, 00000000 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402434(C) | :00402439 837DF000 cmp dword ptr [ebp-10], 00000000 :0040243D 7D09 jge 00402448 :0040243F C745F001000000 mov [ebp-10], 00000001 :00402446 EB04 jmp 0040244C * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0040243D(C) | :00402448 8365FCF7 and dword ptr [ebp-04], FFFFFFF7 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402446(U) | :0040244C 8BC6 mov eax, esi :0040244E 0BC7 or eax, edi :00402450 7504 jne 00402456 :00402452 8365E400 and dword ptr [ebp-1C], 00000000 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402450(C) | :00402456 8D45B7 lea eax, dword ptr [ebp-49] :00402459 8945F8 mov dword ptr [ebp-08], eax * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004024A5(U) | :0040245C 8B45F0 mov eax, dword ptr [ebp-10] :0040245F FF4DF0 dec [ebp-10] :00402462 85C0 test eax, eax :00402464 7F06 jg 0040246C :00402466 8BC6 mov eax, esi :00402468 0BC7 or eax, edi :0040246A 743B je 004024A7 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402464(C) | :0040246C 8B45F4 mov eax, dword ptr [ebp-0C] :0040246F 99 cdq :00402470 52 push edx :00402471 50 push eax :00402472 57 push edi :00402473 56 push esi :00402474 8945C0 mov dword ptr [ebp-40], eax :00402477 8955C4 mov dword ptr [ebp-3C], edx :0040247A E8B1150000 call 00403A30 :0040247F FF75C4 push [ebp-3C] :00402482 8BD8 mov ebx, eax :00402484 83C330 add ebx, 00000030 :00402487 FF75C0 push [ebp-40] :0040248A 57 push edi :0040248B 56 push esi :0040248C E82F150000 call 004039C0 :00402491 83FB39 cmp ebx, 00000039 :00402494 8BF0 mov esi, eax :00402496 8BFA mov edi, edx :00402498 7E03 jle 0040249D :0040249A 035DD4 add ebx, dword ptr [ebp-2C] * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402498(C) | :0040249D 8B45F8 mov eax, dword ptr [ebp-08] :004024A0 FF4DF8 dec [ebp-08] :004024A3 8818 mov byte ptr [eax], bl :004024A5 EBB5 jmp 0040245C * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0040246A(C) | :004024A7 8D45B7 lea eax, dword ptr [ebp-49] :004024AA 2B45F8 sub eax, dword ptr [ebp-08] :004024AD FF45F8 inc [ebp-08] :004024B0 F645FD02 test [ebp-03], 02 :004024B4 8945F4 mov dword ptr [ebp-0C], eax :004024B7 7419 je 004024D2 :004024B9 8B4DF8 mov ecx, dword ptr [ebp-08] :004024BC 803930 cmp byte ptr [ecx], 30 :004024BF 7504 jne 004024C5 :004024C1 85C0 test eax, eax :004024C3 750D jne 004024D2 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004024BF(C) | :004024C5 FF4DF8 dec [ebp-08] :004024C8 40 inc eax :004024C9 8B4DF8 mov ecx, dword ptr [ebp-08] :004024CC C60130 mov byte ptr [ecx], 30 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00402227(U), :004022CE(U), :00402316(U), :0040233B(U) | :004024CF 8945F4 mov dword ptr [ebp-0C], eax * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:004020E3(C), :004021C5(U), :004021E6(U), :00402218(U), :00402303(C) |:004024B7(C), :004024C3(C) | :004024D2 837DD800 cmp dword ptr [ebp-28], 00000000 :004024D6 0F85F4000000 jne 004025D0 :004024DC 8B5DFC mov ebx, dword ptr [ebp-04] :004024DF F6C340 test bl, 40 :004024E2 7426 je 0040250A :004024E4 F6C701 test bh, 01 :004024E7 7406 je 004024EF :004024E9 C645EA2D mov [ebp-16], 2D :004024ED EB14 jmp 00402503 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004024E7(C) | :004024EF F6C301 test bl, 01 :004024F2 7406 je 004024FA :004024F4 C645EA2B mov [ebp-16], 2B :004024F8 EB09 jmp 00402503 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004024F2(C) | :004024FA F6C302 test bl, 02 :004024FD 740B je 0040250A :004024FF C645EA20 mov [ebp-16], 20 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:004024ED(U), :004024F8(U) | :00402503 C745E401000000 mov [ebp-1C], 00000001 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:004024E2(C), :004024FD(C) | :0040250A 8B75E0 mov esi, dword ptr [ebp-20] :0040250D 2B75E4 sub esi, dword ptr [ebp-1C] :00402510 2B75F4 sub esi, dword ptr [ebp-0C] :00402513 F6C30C test bl, 0C :00402516 7512 jne 0040252A :00402518 8D45EC lea eax, dword ptr [ebp-14] :0040251B 50 push eax :0040251C FF7508 push [ebp+08] :0040251F 56 push esi :00402520 6A20 push 00000020 :00402522 E817010000 call 0040263E :00402527 83C410 add esp, 00000010 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402516(C) | :0040252A 8D45EC lea eax, dword ptr [ebp-14] :0040252D 50 push eax :0040252E 8D45EA lea eax, dword ptr [ebp-16] :00402531 FF7508 push [ebp+08] :00402534 FF75E4 push [ebp-1C] :00402537 50 push eax :00402538 E832010000 call 0040266F :0040253D 83C410 add esp, 00000010 :00402540 F6C308 test bl, 08 :00402543 7417 je 0040255C :00402545 F6C304 test bl, 04 :00402548 7512 jne 0040255C :0040254A 8D45EC lea eax, dword ptr [ebp-14] :0040254D 50 push eax :0040254E FF7508 push [ebp+08] :00402551 56 push esi :00402552 6A30 push 00000030 :00402554 E8E5000000 call 0040263E :00402559 83C410 add esp, 00000010 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00402543(C), :00402548(C) | :0040255C 837DDC00 cmp dword ptr [ebp-24], 00000000 :00402560 7441 je 004025A3 :00402562 837DF400 cmp dword ptr [ebp-0C], 00000000 :00402566 7E3B jle 004025A3 :00402568 8B45F4 mov eax, dword ptr [ebp-0C] :0040256B 8B5DF8 mov ebx, dword ptr [ebp-08] :0040256E 8D78FF lea edi, dword ptr [eax-01] * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0040259F(C) | :00402571 668B03 mov ax, word ptr [ebx] :00402574 43 inc ebx :00402575 50 push eax :00402576 8D45C8 lea eax, dword ptr [ebp-38] :00402579 50 push eax :0040257A 43 inc ebx :0040257B E8CB130000 call 0040394B :00402580 59 pop ecx :00402581 85C0 test eax, eax :00402583 59 pop ecx :00402584 7E32 jle 004025B8 :00402586 8D4DEC lea ecx, dword ptr [ebp-14] :00402589 51 push ecx :0040258A FF7508 push [ebp+08] :0040258D 50 push eax :0040258E 8D45C8 lea eax, dword ptr [ebp-38] :00402591 50 push eax :00402592 E8D8000000 call 0040266F :00402597 83C410 add esp, 00000010 :0040259A 8BC7 mov eax, edi :0040259C 4F dec edi :0040259D 85C0 test eax, eax :0040259F 75D0 jne 00402571 :004025A1 EB15 jmp 004025B8 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00402560(C), :00402566(C) | :004025A3 8D45EC lea eax, dword ptr [ebp-14] :004025A6 50 push eax :004025A7 FF7508 push [ebp+08] :004025AA FF75F4 push [ebp-0C] :004025AD FF75F8 push [ebp-08] :004025B0 E8BA000000 call 0040266F :004025B5 83C410 add esp, 00000010 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00402584(C), :004025A1(U) | :004025B8 F645FC04 test [ebp-04], 04 :004025BC 7412 je 004025D0 :004025BE 8D45EC lea eax, dword ptr [ebp-14] :004025C1 50 push eax :004025C2 FF7508 push [ebp+08] :004025C5 56 push esi :004025C6 6A20 push 00000020 :004025C8 E871000000 call 0040263E :004025CD 83C410 add esp, 00000010 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00401F30(C), :00401F53(U), :00401F71(C), :00401F7B(U), :00401F84(U) |:00401F8D(U), :00401F96(U), :00401F9F(U), :00401FB8(C), :00401FC7(U) |:00401FDE(U), :00401FF7(C), :00402001(U), :00402013(U), :0040202A(C) |:00402034(U), :0040203D(U), :00402046(U), :0040205F(U), :004020A6(U) |:004023A8(U), :004024D6(C), :004025BC(C) | :004025D0 8B7D0C mov edi, dword ptr [ebp+0C] :004025D3 8A1F mov bl, byte ptr [edi] :004025D5 47 inc edi :004025D6 84DB test bl, bl :004025D8 897D0C mov dword ptr [ebp+0C], edi :004025DB 0F8513F9FFFF jne 00401EF4 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00401EE7(C), :00401EFF(C) | :004025E1 8B45EC mov eax, dword ptr [ebp-14] :004025E4 5F pop edi :004025E5 5E pop esi :004025E6 5B pop ebx :004025E7 C9 leave :004025E8 C3 ret :004025E9 67204000 DWORD 00402067 :004025ED 3D1F4000 DWORD 00401F3D :004025F1 581F4000 DWORD 00401F58 :004025F5 A41F4000 DWORD 00401FA4 :004025F9 DB1F4000 DWORD 00401FDB :004025FD E31F4000 DWORD 00401FE3 :00402601 18204000 DWORD 00402018 :00402605 AB204000 DWORD 004020AB * Referenced by a CALL at Addresses: |:00402085 , :0040209E , :00402658 , :0040268F | :00402609 55 push ebp :0040260A 8BEC mov ebp, esp :0040260C 8B4D0C mov ecx, dword ptr [ebp+0C] :0040260F FF4904 dec [ecx+04] :00402612 780E js 00402622 :00402614 8B11 mov edx, dword ptr [ecx] :00402616 8A4508 mov al, byte ptr [ebp+08] :00402619 8802 mov byte ptr [edx], al :0040261B FF01 inc dword ptr [ecx] :0040261D 0FB6C0 movzx eax, al :00402620 EB0B jmp 0040262D * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402612(C) | :00402622 51 push ecx :00402623 FF7508 push [ebp+08] :00402626 E87A140000 call 00403AA5 :0040262B 59 pop ecx :0040262C 59 pop ecx * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402620(U) | :0040262D 83F8FF cmp eax, FFFFFFFF :00402630 8B4510 mov eax, dword ptr [ebp+10] :00402633 7505 jne 0040263A :00402635 8308FF or dword ptr [eax], FFFFFFFF :00402638 5D pop ebp :00402639 C3 ret * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402633(C) | :0040263A FF00 inc dword ptr [eax] :0040263C 5D pop ebp :0040263D C3 ret * Referenced by a CALL at Addresses: |:00402522 , :00402554 , :004025C8 | :0040263E 56 push esi :0040263F 57 push edi :00402640 8B7C2410 mov edi, dword ptr [esp+10] :00402644 8BC7 mov eax, edi :00402646 4F dec edi :00402647 85C0 test eax, eax :00402649 7E21 jle 0040266C :0040264B 8B742418 mov esi, dword ptr [esp+18] * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0040266A(C) | :0040264F 56 push esi :00402650 FF742418 push [esp+18] :00402654 FF742414 push [esp+14] :00402658 E8ACFFFFFF call 00402609 :0040265D 83C40C add esp, 0000000C :00402660 833EFF cmp dword ptr [esi], FFFFFFFF :00402663 7407 je 0040266C :00402665 8BC7 mov eax, edi :00402667 4F dec edi :00402668 85C0 test eax, eax :0040266A 7FE3 jg 0040264F * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00402649(C), :00402663(C) | :0040266C 5F pop edi :0040266D 5E pop esi :0040266E C3 ret * Referenced by a CALL at Addresses: |:00402538 , :00402592 , :004025B0 | :0040266F 53 push ebx :00402670 8B5C240C mov ebx, dword ptr [esp+0C] :00402674 8BC3 mov eax, ebx :00402676 4B dec ebx :00402677 56 push esi :00402678 57 push edi :00402679 85C0 test eax, eax :0040267B 7E26 jle 004026A3 :0040267D 8B7C241C mov edi, dword ptr [esp+1C] :00402681 8B742410 mov esi, dword ptr [esp+10] * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004026A1(C) | :00402685 0FBE06 movsx eax, byte ptr [esi] :00402688 57 push edi :00402689 46 inc esi :0040268A FF74241C push [esp+1C] :0040268E 50 push eax :0040268F E875FFFFFF call 00402609 :00402694 83C40C add esp, 0000000C :00402697 833FFF cmp dword ptr [edi], FFFFFFFF :0040269A 7407 je 004026A3 :0040269C 8BC3 mov eax, ebx :0040269E 4B dec ebx :0040269F 85C0 test eax, eax :004026A1 7FE2 jg 00402685 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:0040267B(C), :0040269A(C) | :004026A3 5F pop edi :004026A4 5E pop esi :004026A5 5B pop ebx :004026A6 C3 ret * Referenced by a CALL at Addresses: |:00401FAD , :00401FEC , :00402106 , :004021CA , :004021EF |:00402387 , :004023DA , :004023E6 , :004023FB , :00402403 | :004026A7 8B442404 mov eax, dword ptr [esp+04] :004026AB 830004 add dword ptr [eax], 00000004 :004026AE 8B00 mov eax, dword ptr [eax] :004026B0 8B40FC mov eax, dword ptr [eax-04] :004026B3 C3 ret * Referenced by a CALL at Address: |:004023C2 | :004026B4 8B442404 mov eax, dword ptr [esp+04] :004026B8 830008 add dword ptr [eax], 00000008 :004026BB 8B08 mov ecx, dword ptr [eax] :004026BD 8B41F8 mov eax, dword ptr [ecx-08] :004026C0 8B51FC mov edx, dword ptr [ecx-04] :004026C3 C3 ret * Referenced by a CALL at Address: |:0040218F | :004026C4 8B442404 mov eax, dword ptr [esp+04] :004026C8 830004 add dword ptr [eax], 00000004 :004026CB 8B00 mov eax, dword ptr [eax] :004026CD 668B40FC mov ax, word ptr [eax-04] :004026D1 C3 ret * Referenced by a CALL at Address: |:004011FF | :004026D2 A1547E4000 mov eax, dword ptr [00407E54] :004026D7 85C0 test eax, eax :004026D9 7402 je 004026DD :004026DB FFD0 call eax * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004026D9(C) | :004026DD 6814704000 push 00407014 :004026E2 6808704000 push 00407008 :004026E7 E8CE000000 call 004027BA :004026EC 6804704000 push 00407004 :004026F1 6800704000 push 00407000 :004026F6 E8BF000000 call 004027BA :004026FB 83C410 add esp, 00000010 :004026FE C3 ret * Referenced by a CALL at Address: |:00401227 | :004026FF 6A00 push 00000000 :00402701 6A00 push 00000000 :00402703 FF74240C push [esp+0C] :00402707 E815000000 call 00402721 :0040270C 83C40C add esp, 0000000C :0040270F C3 ret * Referenced by a CALL at Address: |:00401246 | :00402710 6A00 push 00000000 :00402712 6A01 push 00000001 :00402714 FF74240C push [esp+0C] :00402718 E804000000 call 00402721 :0040271D 83C40C add esp, 0000000C :00402720 C3 ret * Referenced by a CALL at Addresses: |:00402707 , :00402718 | :00402721 57 push edi :00402722 6A01 push 00000001 :00402724 5F pop edi :00402725 393D98794000 cmp dword ptr [00407998], edi :0040272B 7511 jne 0040273E :0040272D FF742408 push [esp+08] * Reference To: KERNEL32.GetCurrentProcess, Ord:00F7h | :00402731 FF1510604000 Call dword ptr [00406010] :00402737 50 push eax * Reference To: KERNEL32.TerminateProcess, Ord:029Eh | :00402738 FF150C604000 Call dword ptr [0040600C] * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0040272B(C) | :0040273E 837C240C00 cmp dword ptr [esp+0C], 00000000 :00402743 53 push ebx :00402744 8B5C2414 mov ebx, dword ptr [esp+14] :00402748 893D94794000 mov dword ptr [00407994], edi :0040274E 881D90794000 mov byte ptr [00407990], bl :00402754 753C jne 00402792 :00402756 A1507E4000 mov eax, dword ptr [00407E50] :0040275B 85C0 test eax, eax :0040275D 7422 je 00402781 :0040275F 8B0D4C7E4000 mov ecx, dword ptr [00407E4C] :00402765 56 push esi :00402766 8D71FC lea esi, dword ptr [ecx-04] :00402769 3BF0 cmp esi, eax :0040276B 7213 jb 00402780 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0040277E(C) | :0040276D 8B06 mov eax, dword ptr [esi] :0040276F 85C0 test eax, eax :00402771 7402 je 00402775 :00402773 FFD0 call eax * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402771(C) | :00402775 83EE04 sub esi, 00000004 :00402778 3B35507E4000 cmp esi, dword ptr [00407E50] :0040277E 73ED jnb 0040276D * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0040276B(C) | :00402780 5E pop esi * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0040275D(C) | :00402781 6820704000 push 00407020 :00402786 6818704000 push 00407018 :0040278B E82A000000 call 004027BA :00402790 59 pop ecx :00402791 59 pop ecx * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402754(C) | :00402792 6828704000 push 00407028 :00402797 6824704000 push 00407024 :0040279C E819000000 call 004027BA :004027A1 59 pop ecx :004027A2 59 pop ecx :004027A3 85DB test ebx, ebx :004027A5 5B pop ebx :004027A6 7510 jne 004027B8 :004027A8 FF742408 push [esp+08] :004027AC 893D98794000 mov dword ptr [00407998], edi * Reference To: KERNEL32.ExitProcess, Ord:007Dh | :004027B2 FF1508604000 Call dword ptr [00406008] * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004027A6(C) | :004027B8 5F pop edi :004027B9 C3 ret * Referenced by a CALL at Addresses: |:004026E7 , :004026F6 , :0040278B , :0040279C | :004027BA 56 push esi :004027BB 8B742408 mov esi, dword ptr [esp+08] * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004027D0(U) | :004027BF 3B74240C cmp esi, dword ptr [esp+0C] :004027C3 730D jnb 004027D2 :004027C5 8B06 mov eax, dword ptr [esi] :004027C7 85C0 test eax, eax :004027C9 7402 je 004027CD :004027CB FFD0 call eax * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004027C9(C) | :004027CD 83C604 add esi, 00000004 :004027D0 EBED jmp 004027BF * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004027C3(C) | :004027D2 5E pop esi :004027D3 C3 ret * Referenced by a CALL at Address: |:00401238 | :004027D4 55 push ebp :004027D5 8BEC mov ebp, esp :004027D7 53 push ebx :004027D8 FF7508 push [ebp+08] :004027DB E835010000 call 00402915 :004027E0 85C0 test eax, eax :004027E2 59 pop ecx :004027E3 0F8420010000 je 00402909 :004027E9 8B5808 mov ebx, dword ptr [eax+08] :004027EC 85DB test ebx, ebx :004027EE 0F8415010000 je 00402909 :004027F4 83FB05 cmp ebx, 00000005 :004027F7 750C jne 00402805 :004027F9 83600800 and dword ptr [eax+08], 00000000 :004027FD 6A01 push 00000001 :004027FF 58 pop eax :00402800 E90D010000 jmp 00402912 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004027F7(C) | :00402805 83FB01 cmp ebx, 00000001 :00402808 0F84F6000000 je 00402904 :0040280E 8B0D9C794000 mov ecx, dword ptr [0040799C] :00402814 894D08 mov dword ptr [ebp+08], ecx :00402817 8B4D0C mov ecx, dword ptr [ebp+0C] :0040281A 890D9C794000 mov dword ptr [0040799C], ecx :00402820 8B4804 mov ecx, dword ptr [eax+04] :00402823 83F908 cmp ecx, 00000008 :00402826 0F85C8000000 jne 004028F4 :0040282C 8B0DC8734000 mov ecx, dword ptr [004073C8] :00402832 8B15CC734000 mov edx, dword ptr [004073CC] :00402838 03D1 add edx, ecx :0040283A 56 push esi :0040283B 3BCA cmp ecx, edx :0040283D 7D15 jge 00402854 :0040283F 8D3449 lea esi, dword ptr [ecx+2*ecx] :00402842 2BD1 sub edx, ecx :00402844 8D34B558734000 lea esi, dword ptr [4*esi+00407358] * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402852(C) | :0040284B 832600 and dword ptr [esi], 00000000 :0040284E 83C60C add esi, 0000000C :00402851 4A dec edx :00402852 75F7 jne 0040284B * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0040283D(C) | :00402854 8B00 mov eax, dword ptr [eax] :00402856 8B35D4734000 mov esi, dword ptr [004073D4] :0040285C 3D8E0000C0 cmp eax, C000008E :00402861 750C jne 0040286F :00402863 C705D473400083000000 mov dword ptr [004073D4], 00000083 :0040286D EB70 jmp 004028DF * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402861(C) | :0040286F 3D900000C0 cmp eax, C0000090 :00402874 750C jne 00402882 :00402876 C705D473400081000000 mov dword ptr [004073D4], 00000081 :00402880 EB5D jmp 004028DF * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402874(C) | :00402882 3D910000C0 cmp eax, C0000091 :00402887 750C jne 00402895 :00402889 C705D473400084000000 mov dword ptr [004073D4], 00000084 :00402893 EB4A jmp 004028DF * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402887(C) | :00402895 3D930000C0 cmp eax, C0000093 :0040289A 750C jne 004028A8 :0040289C C705D473400085000000 mov dword ptr [004073D4], 00000085 :004028A6 EB37 jmp 004028DF * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0040289A(C) | :004028A8 3D8D0000C0 cmp eax, C000008D :004028AD 750C jne 004028BB :004028AF C705D473400082000000 mov dword ptr [004073D4], 00000082 :004028B9 EB24 jmp 004028DF * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004028AD(C) | :004028BB 3D8F0000C0 cmp eax, C000008F :004028C0 750C jne 004028CE :004028C2 C705D473400086000000 mov dword ptr [004073D4], 00000086 :004028CC EB11 jmp 004028DF * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004028C0(C) | :004028CE 3D920000C0 cmp eax, C0000092 :004028D3 750A jne 004028DF :004028D5 C705D47340008A000000 mov dword ptr [004073D4], 0000008A * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:0040286D(U), :00402880(U), :00402893(U), :004028A6(U), :004028B9(U) |:004028CC(U), :004028D3(C) | :004028DF FF35D4734000 push dword ptr [004073D4] :004028E5 6A08 push 00000008 :004028E7 FFD3 call ebx :004028E9 59 pop ecx :004028EA 8935D4734000 mov dword ptr [004073D4], esi :004028F0 59 pop ecx :004028F1 5E pop esi :004028F2 EB08 jmp 004028FC * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402826(C) | :004028F4 83600800 and dword ptr [eax+08], 00000000 :004028F8 51 push ecx :004028F9 FFD3 call ebx :004028FB 59 pop ecx * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004028F2(U) | :004028FC 8B4508 mov eax, dword ptr [ebp+08] :004028FF A39C794000 mov dword ptr [0040799C], eax * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402808(C) | :00402904 83C8FF or eax, FFFFFFFF :00402907 EB09 jmp 00402912 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:004027E3(C), :004027EE(C) | :00402909 FF750C push [ebp+0C] * Reference To: KERNEL32.UnhandledExceptionFilter, Ord:02ADh | :0040290C FF1514604000 Call dword ptr [00406014] * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00402800(U), :00402907(U) | :00402912 5B pop ebx :00402913 5D pop ebp :00402914 C3 ret * Referenced by a CALL at Address: |:004027DB | :00402915 8B542404 mov edx, dword ptr [esp+04] :00402919 8B0DD0734000 mov ecx, dword ptr [004073D0] :0040291F 391550734000 cmp dword ptr [00407350], edx :00402925 56 push esi :00402926 B850734000 mov eax, 00407350 :0040292B 7415 je 00402942 :0040292D 8D3449 lea esi, dword ptr [ecx+2*ecx] :00402930 8D34B550734000 lea esi, dword ptr [4*esi+00407350] * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402940(C) | :00402937 83C00C add eax, 0000000C :0040293A 3BC6 cmp eax, esi :0040293C 7304 jnb 00402942 :0040293E 3910 cmp dword ptr [eax], edx :00402940 75F5 jne 00402937 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:0040292B(C), :0040293C(C) | :00402942 8D0C49 lea ecx, dword ptr [ecx+2*ecx] :00402945 5E pop esi :00402946 8D0C8D50734000 lea ecx, dword ptr [4*ecx+00407350] :0040294D 3BC1 cmp eax, ecx :0040294F 7304 jnb 00402955 :00402951 3910 cmp dword ptr [eax], edx :00402953 7402 je 00402957 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0040294F(C) | :00402955 33C0 xor eax, eax * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402953(C) | :00402957 C3 ret * Referenced by a CALL at Address: |:004011FA | :00402958 53 push ebx :00402959 33DB xor ebx, ebx :0040295B 391D487E4000 cmp dword ptr [00407E48], ebx :00402961 56 push esi :00402962 57 push edi :00402963 7505 jne 0040296A :00402965 E83A170000 call 004040A4 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402963(C) | :0040296A 8B3538794000 mov esi, dword ptr [00407938] :00402970 33FF xor edi, edi * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402988(U) | :00402972 8A06 mov al, byte ptr [esi] :00402974 3AC3 cmp al, bl :00402976 7412 je 0040298A :00402978 3C3D cmp al, 3D :0040297A 7401 je 0040297D :0040297C 47 inc edi * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0040297A(C) | :0040297D 56 push esi :0040297E E84D0F0000 call 004038D0 :00402983 59 pop ecx :00402984 8D740601 lea esi, dword ptr [esi+eax+01] :00402988 EBE8 jmp 00402972 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402976(C) | :0040298A 8D04BD04000000 lea eax, dword ptr [4*edi+00000004] :00402991 50 push eax :00402992 E8910E0000 call 00403828 :00402997 8BF0 mov esi, eax :00402999 59 pop ecx :0040299A 3BF3 cmp esi, ebx :0040299C 893578794000 mov dword ptr [00407978], esi :004029A2 7508 jne 004029AC :004029A4 6A09 push 00000009 :004029A6 E8A0E8FFFF call 0040124B :004029AB 59 pop ecx * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004029A2(C) | :004029AC 8B3D38794000 mov edi, dword ptr [00407938] :004029B2 381F cmp byte ptr [edi], bl :004029B4 7439 je 004029EF :004029B6 55 push ebp * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004029EC(C) | :004029B7 57 push edi :004029B8 E8130F0000 call 004038D0 :004029BD 8BE8 mov ebp, eax :004029BF 59 pop ecx :004029C0 45 inc ebp :004029C1 803F3D cmp byte ptr [edi], 3D :004029C4 7422 je 004029E8 :004029C6 55 push ebp :004029C7 E85C0E0000 call 00403828 :004029CC 3BC3 cmp eax, ebx :004029CE 59 pop ecx :004029CF 8906 mov dword ptr [esi], eax :004029D1 7508 jne 004029DB :004029D3 6A09 push 00000009 :004029D5 E871E8FFFF call 0040124B :004029DA 59 pop ecx * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004029D1(C) | :004029DB 57 push edi :004029DC FF36 push dword ptr [esi] :004029DE E80D120000 call 00403BF0 :004029E3 59 pop ecx :004029E4 83C604 add esi, 00000004 :004029E7 59 pop ecx * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004029C4(C) | :004029E8 03FD add edi, ebp :004029EA 381F cmp byte ptr [edi], bl :004029EC 75C9 jne 004029B7 :004029EE 5D pop ebp * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004029B4(C) | :004029EF FF3538794000 push dword ptr [00407938] :004029F5 E8C0110000 call 00403BBA :004029FA 59 pop ecx :004029FB 891D38794000 mov dword ptr [00407938], ebx :00402A01 891E mov dword ptr [esi], ebx :00402A03 5F pop edi :00402A04 5E pop esi :00402A05 C705447E400001000000 mov dword ptr [00407E44], 00000001 :00402A0F 5B pop ebx :00402A10 C3 ret * Referenced by a CALL at Address: |:004011F5 | :00402A11 55 push ebp :00402A12 8BEC mov ebp, esp :00402A14 51 push ecx :00402A15 51 push ecx :00402A16 53 push ebx :00402A17 33DB xor ebx, ebx :00402A19 391D487E4000 cmp dword ptr [00407E48], ebx :00402A1F 56 push esi :00402A20 57 push edi :00402A21 7505 jne 00402A28 :00402A23 E87C160000 call 004040A4 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402A21(C) | :00402A28 BEA0794000 mov esi, 004079A0 :00402A2D 6804010000 push 00000104 :00402A32 56 push esi :00402A33 53 push ebx * Reference To: KERNEL32.GetModuleFileNameA, Ord:0124h | :00402A34 FF1518604000 Call dword ptr [00406018] :00402A3A A1648E4000 mov eax, dword ptr [00408E64] :00402A3F 893588794000 mov dword ptr [00407988], esi :00402A45 8BFE mov edi, esi :00402A47 3818 cmp byte ptr [eax], bl :00402A49 7402 je 00402A4D :00402A4B 8BF8 mov edi, eax * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402A49(C) | :00402A4D 8D45F8 lea eax, dword ptr [ebp-08] :00402A50 50 push eax :00402A51 8D45FC lea eax, dword ptr [ebp-04] :00402A54 50 push eax :00402A55 53 push ebx :00402A56 53 push ebx :00402A57 57 push edi :00402A58 E84D000000 call 00402AAA :00402A5D 8B45F8 mov eax, dword ptr [ebp-08] :00402A60 8B4DFC mov ecx, dword ptr [ebp-04] :00402A63 8D0488 lea eax, dword ptr [eax+4*ecx] :00402A66 50 push eax :00402A67 E8BC0D0000 call 00403828 :00402A6C 8BF0 mov esi, eax :00402A6E 83C418 add esp, 00000018 :00402A71 3BF3 cmp esi, ebx :00402A73 7508 jne 00402A7D :00402A75 6A08 push 00000008 :00402A77 E8CFE7FFFF call 0040124B :00402A7C 59 pop ecx * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402A73(C) | :00402A7D 8D45F8 lea eax, dword ptr [ebp-08] :00402A80 50 push eax :00402A81 8D45FC lea eax, dword ptr [ebp-04] :00402A84 50 push eax :00402A85 8B45FC mov eax, dword ptr [ebp-04] :00402A88 8D0486 lea eax, dword ptr [esi+4*eax] :00402A8B 50 push eax :00402A8C 56 push esi :00402A8D 57 push edi :00402A8E E817000000 call 00402AAA :00402A93 8B45FC mov eax, dword ptr [ebp-04] :00402A96 83C414 add esp, 00000014 :00402A99 48 dec eax :00402A9A 893570794000 mov dword ptr [00407970], esi :00402AA0 5F pop edi :00402AA1 5E pop esi :00402AA2 A36C794000 mov dword ptr [0040796C], eax :00402AA7 5B pop ebx :00402AA8 C9 leave :00402AA9 C3 ret * Referenced by a CALL at Addresses: |:00402A58 , :00402A8E | :00402AAA 55 push ebp :00402AAB 8BEC mov ebp, esp :00402AAD 8B4D18 mov ecx, dword ptr [ebp+18] :00402AB0 8B4514 mov eax, dword ptr [ebp+14] :00402AB3 53 push ebx :00402AB4 56 push esi :00402AB5 832100 and dword ptr [ecx], 00000000 :00402AB8 8B7510 mov esi, dword ptr [ebp+10] :00402ABB 57 push edi :00402ABC 8B7D0C mov edi, dword ptr [ebp+0C] :00402ABF C70001000000 mov dword ptr [eax], 00000001 :00402AC5 8B4508 mov eax, dword ptr [ebp+08] :00402AC8 85FF test edi, edi :00402ACA 7408 je 00402AD4 :00402ACC 8937 mov dword ptr [edi], esi :00402ACE 83C704 add edi, 00000004 :00402AD1 897D0C mov dword ptr [ebp+0C], edi * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402ACA(C) | :00402AD4 803822 cmp byte ptr [eax], 22 :00402AD7 7544 jne 00402B1D * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00402B02(C), :00402B09(U) | :00402AD9 8A5001 mov dl, byte ptr [eax+01] :00402ADC 40 inc eax :00402ADD 80FA22 cmp dl, 22 :00402AE0 7429 je 00402B0B :00402AE2 84D2 test dl, dl :00402AE4 7425 je 00402B0B :00402AE6 0FB6D2 movzx edx, dl :00402AE9 F682217C400004 test byte ptr [edx+00407C21], 04 :00402AF0 740C je 00402AFE :00402AF2 FF01 inc dword ptr [ecx] :00402AF4 85F6 test esi, esi :00402AF6 7406 je 00402AFE :00402AF8 8A10 mov dl, byte ptr [eax] :00402AFA 8816 mov byte ptr [esi], dl :00402AFC 46 inc esi :00402AFD 40 inc eax * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00402AF0(C), :00402AF6(C) | :00402AFE FF01 inc dword ptr [ecx] :00402B00 85F6 test esi, esi :00402B02 74D5 je 00402AD9 :00402B04 8A10 mov dl, byte ptr [eax] :00402B06 8816 mov byte ptr [esi], dl :00402B08 46 inc esi :00402B09 EBCE jmp 00402AD9 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00402AE0(C), :00402AE4(C) | :00402B0B FF01 inc dword ptr [ecx] :00402B0D 85F6 test esi, esi :00402B0F 7404 je 00402B15 :00402B11 802600 and byte ptr [esi], 00 :00402B14 46 inc esi * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402B0F(C) | :00402B15 803822 cmp byte ptr [eax], 22 :00402B18 7546 jne 00402B60 :00402B1A 40 inc eax :00402B1B EB43 jmp 00402B60 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00402AD7(C), :00402B4F(C) | :00402B1D FF01 inc dword ptr [ecx] :00402B1F 85F6 test esi, esi :00402B21 7405 je 00402B28 :00402B23 8A10 mov dl, byte ptr [eax] :00402B25 8816 mov byte ptr [esi], dl :00402B27 46 inc esi * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402B21(C) | :00402B28 8A10 mov dl, byte ptr [eax] :00402B2A 40 inc eax :00402B2B 0FB6DA movzx ebx, dl :00402B2E F683217C400004 test byte ptr [ebx+00407C21], 04 :00402B35 740C je 00402B43 :00402B37 FF01 inc dword ptr [ecx] :00402B39 85F6 test esi, esi :00402B3B 7405 je 00402B42 :00402B3D 8A18 mov bl, byte ptr [eax] :00402B3F 881E mov byte ptr [esi], bl :00402B41 46 inc esi * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402B3B(C) | :00402B42 40 inc eax * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402B35(C) | :00402B43 80FA20 cmp dl, 20 :00402B46 7409 je 00402B51 :00402B48 84D2 test dl, dl :00402B4A 7409 je 00402B55 :00402B4C 80FA09 cmp dl, 09 :00402B4F 75CC jne 00402B1D * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402B46(C) | :00402B51 84D2 test dl, dl :00402B53 7503 jne 00402B58 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402B4A(C) | :00402B55 48 dec eax :00402B56 EB08 jmp 00402B60 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402B53(C) | :00402B58 85F6 test esi, esi :00402B5A 7404 je 00402B60 :00402B5C 8066FF00 and byte ptr [esi-01], 00 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00402B18(C), :00402B1B(U), :00402B56(U), :00402B5A(C) | :00402B60 83651800 and dword ptr [ebp+18], 00000000 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402C48(U) | :00402B64 803800 cmp byte ptr [eax], 00 :00402B67 0F84E0000000 je 00402C4D * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402B7A(U) | :00402B6D 8A10 mov dl, byte ptr [eax] :00402B6F 80FA20 cmp dl, 20 :00402B72 7405 je 00402B79 :00402B74 80FA09 cmp dl, 09 :00402B77 7503 jne 00402B7C * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402B72(C) | :00402B79 40 inc eax :00402B7A EBF1 jmp 00402B6D * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402B77(C) | :00402B7C 803800 cmp byte ptr [eax], 00 :00402B7F 0F84C8000000 je 00402C4D :00402B85 85FF test edi, edi :00402B87 7408 je 00402B91 :00402B89 8937 mov dword ptr [edi], esi :00402B8B 83C704 add edi, 00000004 :00402B8E 897D0C mov dword ptr [ebp+0C], edi * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402B87(C) | :00402B91 8B5514 mov edx, dword ptr [ebp+14] :00402B94 FF02 inc dword ptr [edx] * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402C39(U) | :00402B96 C7450801000000 mov [ebp+08], 00000001 :00402B9D 33DB xor ebx, ebx * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402BA6(U) | :00402B9F 80385C cmp byte ptr [eax], 5C :00402BA2 7504 jne 00402BA8 :00402BA4 40 inc eax :00402BA5 43 inc ebx :00402BA6 EBF7 jmp 00402B9F * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402BA2(C) | :00402BA8 803822 cmp byte ptr [eax], 22 :00402BAB 752C jne 00402BD9 :00402BAD F6C301 test bl, 01 :00402BB0 7525 jne 00402BD7 :00402BB2 33FF xor edi, edi :00402BB4 397D18 cmp dword ptr [ebp+18], edi :00402BB7 740D je 00402BC6 :00402BB9 80780122 cmp byte ptr [eax+01], 22 :00402BBD 8D5001 lea edx, dword ptr [eax+01] :00402BC0 7504 jne 00402BC6 :00402BC2 8BC2 mov eax, edx :00402BC4 EB03 jmp 00402BC9 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00402BB7(C), :00402BC0(C) | :00402BC6 897D08 mov dword ptr [ebp+08], edi * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402BC4(U) | :00402BC9 8B7D0C mov edi, dword ptr [ebp+0C] :00402BCC 33D2 xor edx, edx :00402BCE 395518 cmp dword ptr [ebp+18], edx :00402BD1 0F94C2 sete dl :00402BD4 895518 mov dword ptr [ebp+18], edx * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402BB0(C) | :00402BD7 D1EB shr ebx, 1 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402BAB(C) | :00402BD9 8BD3 mov edx, ebx :00402BDB 4B dec ebx :00402BDC 85D2 test edx, edx :00402BDE 740E je 00402BEE :00402BE0 43 inc ebx * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402BEC(C) | :00402BE1 85F6 test esi, esi :00402BE3 7404 je 00402BE9 :00402BE5 C6065C mov byte ptr [esi], 5C :00402BE8 46 inc esi * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402BE3(C) | :00402BE9 FF01 inc dword ptr [ecx] :00402BEB 4B dec ebx :00402BEC 75F3 jne 00402BE1 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402BDE(C) | :00402BEE 8A10 mov dl, byte ptr [eax] :00402BF0 84D2 test dl, dl :00402BF2 744A je 00402C3E :00402BF4 837D1800 cmp dword ptr [ebp+18], 00000000 :00402BF8 750A jne 00402C04 :00402BFA 80FA20 cmp dl, 20 :00402BFD 743F je 00402C3E :00402BFF 80FA09 cmp dl, 09 :00402C02 743A je 00402C3E * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402BF8(C) | :00402C04 837D0800 cmp dword ptr [ebp+08], 00000000 :00402C08 742E je 00402C38 :00402C0A 85F6 test esi, esi :00402C0C 7419 je 00402C27 :00402C0E 0FB6DA movzx ebx, dl :00402C11 F683217C400004 test byte ptr [ebx+00407C21], 04 :00402C18 7406 je 00402C20 :00402C1A 8816 mov byte ptr [esi], dl :00402C1C 46 inc esi :00402C1D 40 inc eax :00402C1E FF01 inc dword ptr [ecx] * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402C18(C) | :00402C20 8A10 mov dl, byte ptr [eax] :00402C22 8816 mov byte ptr [esi], dl :00402C24 46 inc esi :00402C25 EB0F jmp 00402C36 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402C0C(C) | :00402C27 0FB6D2 movzx edx, dl :00402C2A F682217C400004 test byte ptr [edx+00407C21], 04 :00402C31 7403 je 00402C36 :00402C33 40 inc eax :00402C34 FF01 inc dword ptr [ecx] * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00402C25(U), :00402C31(C) | :00402C36 FF01 inc dword ptr [ecx] * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402C08(C) | :00402C38 40 inc eax :00402C39 E958FFFFFF jmp 00402B96 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00402BF2(C), :00402BFD(C), :00402C02(C) | :00402C3E 85F6 test esi, esi :00402C40 7404 je 00402C46 :00402C42 802600 and byte ptr [esi], 00 :00402C45 46 inc esi * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402C40(C) | :00402C46 FF01 inc dword ptr [ecx] :00402C48 E917FFFFFF jmp 00402B64 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00402B67(C), :00402B7F(C) | :00402C4D 85FF test edi, edi :00402C4F 7403 je 00402C54 :00402C51 832700 and dword ptr [edi], 00000000 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402C4F(C) | :00402C54 8B4514 mov eax, dword ptr [ebp+14] :00402C57 5F pop edi :00402C58 5E pop esi :00402C59 5B pop ebx :00402C5A FF00 inc dword ptr [eax] :00402C5C 5D pop ebp :00402C5D C3 ret * Referenced by a CALL at Address: |:004011EB | :00402C5E 51 push ecx :00402C5F 51 push ecx :00402C60 A1A47A4000 mov eax, dword ptr [00407AA4] :00402C65 53 push ebx :00402C66 55 push ebp * Reference To: KERNEL32.GetEnvironmentStringsW, Ord:0108h | :00402C67 8B2D2C604000 mov ebp, dword ptr [0040602C] :00402C6D 56 push esi :00402C6E 57 push edi :00402C6F 33DB xor ebx, ebx :00402C71 33F6 xor esi, esi :00402C73 33FF xor edi, edi :00402C75 3BC3 cmp eax, ebx :00402C77 7533 jne 00402CAC :00402C79 FFD5 call ebp :00402C7B 8BF0 mov esi, eax :00402C7D 3BF3 cmp esi, ebx :00402C7F 740C je 00402C8D :00402C81 C705A47A400001000000 mov dword ptr [00407AA4], 00000001 :00402C8B EB28 jmp 00402CB5 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402C7F(C) | * Reference To: KERNEL32.GetEnvironmentStrings, Ord:0106h | :00402C8D FF1528604000 Call dword ptr [00406028] :00402C93 8BF8 mov edi, eax :00402C95 3BFB cmp edi, ebx :00402C97 0F84EA000000 je 00402D87 :00402C9D C705A47A400002000000 mov dword ptr [00407AA4], 00000002 :00402CA7 E98F000000 jmp 00402D3B * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402C77(C) | :00402CAC 83F801 cmp eax, 00000001 :00402CAF 0F8581000000 jne 00402D36 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402C8B(U) | :00402CB5 3BF3 cmp esi, ebx :00402CB7 750C jne 00402CC5 :00402CB9 FFD5 call ebp :00402CBB 8BF0 mov esi, eax :00402CBD 3BF3 cmp esi, ebx :00402CBF 0F84C2000000 je 00402D87 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402CB7(C) | :00402CC5 66391E cmp word ptr [esi], bx :00402CC8 8BC6 mov eax, esi :00402CCA 740E je 00402CDA * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00402CD1(C), :00402CD8(C) | :00402CCC 40 inc eax :00402CCD 40 inc eax :00402CCE 663918 cmp word ptr [eax], bx :00402CD1 75F9 jne 00402CCC :00402CD3 40 inc eax :00402CD4 40 inc eax :00402CD5 663918 cmp word ptr [eax], bx :00402CD8 75F2 jne 00402CCC * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402CCA(C) | :00402CDA 2BC6 sub eax, esi * Reference To: KERNEL32.WideCharToMultiByte, Ord:02D2h | :00402CDC 8B3D24604000 mov edi, dword ptr [00406024] :00402CE2 D1F8 sar eax, 1 :00402CE4 53 push ebx :00402CE5 53 push ebx :00402CE6 40 inc eax :00402CE7 53 push ebx :00402CE8 53 push ebx :00402CE9 50 push eax :00402CEA 56 push esi :00402CEB 53 push ebx :00402CEC 53 push ebx :00402CED 89442434 mov dword ptr [esp+34], eax :00402CF1 FFD7 call edi :00402CF3 8BE8 mov ebp, eax :00402CF5 3BEB cmp ebp, ebx :00402CF7 7432 je 00402D2B :00402CF9 55 push ebp :00402CFA E8290B0000 call 00403828 :00402CFF 3BC3 cmp eax, ebx :00402D01 59 pop ecx :00402D02 89442410 mov dword ptr [esp+10], eax :00402D06 7423 je 00402D2B :00402D08 53 push ebx :00402D09 53 push ebx :00402D0A 55 push ebp :00402D0B 50 push eax :00402D0C FF742424 push [esp+24] :00402D10 56 push esi :00402D11 53 push ebx :00402D12 53 push ebx :00402D13 FFD7 call edi :00402D15 85C0 test eax, eax :00402D17 750E jne 00402D27 :00402D19 FF742410 push [esp+10] :00402D1D E8980E0000 call 00403BBA :00402D22 59 pop ecx :00402D23 895C2410 mov dword ptr [esp+10], ebx * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402D17(C) | :00402D27 8B5C2410 mov ebx, dword ptr [esp+10] * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00402CF7(C), :00402D06(C) | :00402D2B 56 push esi * Reference To: KERNEL32.FreeEnvironmentStringsW, Ord:00B3h | :00402D2C FF1520604000 Call dword ptr [00406020] :00402D32 8BC3 mov eax, ebx :00402D34 EB53 jmp 00402D89 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402CAF(C) | :00402D36 83F802 cmp eax, 00000002 :00402D39 754C jne 00402D87 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402CA7(U) | :00402D3B 3BFB cmp edi, ebx :00402D3D 750C jne 00402D4B * Reference To: KERNEL32.GetEnvironmentStrings, Ord:0106h | :00402D3F FF1528604000 Call dword ptr [00406028] :00402D45 8BF8 mov edi, eax :00402D47 3BFB cmp edi, ebx :00402D49 743C je 00402D87 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402D3D(C) | :00402D4B 381F cmp byte ptr [edi], bl :00402D4D 8BC7 mov eax, edi :00402D4F 740A je 00402D5B * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00402D54(C), :00402D59(C) | :00402D51 40 inc eax :00402D52 3818 cmp byte ptr [eax], bl :00402D54 75FB jne 00402D51 :00402D56 40 inc eax :00402D57 3818 cmp byte ptr [eax], bl :00402D59 75F6 jne 00402D51 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402D4F(C) | :00402D5B 2BC7 sub eax, edi :00402D5D 40 inc eax :00402D5E 8BE8 mov ebp, eax :00402D60 55 push ebp :00402D61 E8C20A0000 call 00403828 :00402D66 8BF0 mov esi, eax :00402D68 59 pop ecx :00402D69 3BF3 cmp esi, ebx :00402D6B 7504 jne 00402D71 :00402D6D 33F6 xor esi, esi :00402D6F EB0B jmp 00402D7C * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402D6B(C) | :00402D71 55 push ebp :00402D72 57 push edi :00402D73 56 push esi :00402D74 E847130000 call 004040C0 :00402D79 83C40C add esp, 0000000C * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402D6F(U) | :00402D7C 57 push edi * Reference To: KERNEL32.FreeEnvironmentStringsA, Ord:00B2h | :00402D7D FF151C604000 Call dword ptr [0040601C] :00402D83 8BC6 mov eax, esi :00402D85 EB02 jmp 00402D89 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00402C97(C), :00402CBF(C), :00402D39(C), :00402D49(C) | :00402D87 33C0 xor eax, eax * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00402D34(U), :00402D85(U) | :00402D89 5F pop edi :00402D8A 5E pop esi :00402D8B 5D pop ebp :00402D8C 5B pop ebx :00402D8D 59 pop ecx :00402D8E 59 pop ecx :00402D8F C3 ret * Referenced by a CALL at Address: |:004011DB | :00402D90 83EC44 sub esp, 00000044 :00402D93 53 push ebx :00402D94 55 push ebp :00402D95 56 push esi :00402D96 57 push edi :00402D97 6800010000 push 00000100 :00402D9C E8870A0000 call 00403828 :00402DA1 8BF0 mov esi, eax :00402DA3 59 pop ecx :00402DA4 85F6 test esi, esi :00402DA6 7508 jne 00402DB0 :00402DA8 6A1B push 0000001B :00402DAA E89CE4FFFF call 0040124B :00402DAF 59 pop ecx * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402DA6(C) | :00402DB0 8935407D4000 mov dword ptr [00407D40], esi :00402DB6 C705407E400020000000 mov dword ptr [00407E40], 00000020 :00402DC0 8D8600010000 lea eax, dword ptr [esi+00000100] * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402DE2(U) | :00402DC6 3BF0 cmp esi, eax :00402DC8 731A jnb 00402DE4 :00402DCA 80660400 and byte ptr [esi+04], 00 :00402DCE 830EFF or dword ptr [esi], FFFFFFFF :00402DD1 C646050A mov [esi+05], 0A :00402DD5 A1407D4000 mov eax, dword ptr [00407D40] :00402DDA 83C608 add esi, 00000008 :00402DDD 0500010000 add eax, 00000100 :00402DE2 EBE2 jmp 00402DC6 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402DC8(C) | :00402DE4 8D442410 lea eax, dword ptr [esp+10] :00402DE8 50 push eax * Reference To: KERNEL32.GetStartupInfoA, Ord:0150h | :00402DE9 FF153C604000 Call dword ptr [0040603C] :00402DEF 66837C244200 cmp word ptr [esp+42], 0000 :00402DF5 0F84C5000000 je 00402EC0 :00402DFB 8B442444 mov eax, dword ptr [esp+44] :00402DFF 85C0 test eax, eax :00402E01 0F84B9000000 je 00402EC0 :00402E07 8B30 mov esi, dword ptr [eax] :00402E09 8D6804 lea ebp, dword ptr [eax+04] :00402E0C B800080000 mov eax, 00000800 :00402E11 3BF0 cmp esi, eax :00402E13 8D1C2E lea ebx, dword ptr [esi+ebp] :00402E16 7C02 jl 00402E1A :00402E18 8BF0 mov esi, eax * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402E16(C) | :00402E1A 3935407E4000 cmp dword ptr [00407E40], esi :00402E20 7D52 jge 00402E74 :00402E22 BF447D4000 mov edi, 00407D44 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402E6A(C) | :00402E27 6800010000 push 00000100 :00402E2C E8F7090000 call 00403828 :00402E31 85C0 test eax, eax :00402E33 59 pop ecx :00402E34 7438 je 00402E6E :00402E36 8305407E400020 add dword ptr [00407E40], 00000020 :00402E3D 8907 mov dword ptr [edi], eax :00402E3F 8D8800010000 lea ecx, dword ptr [eax+00000100] * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402E5F(U) | :00402E45 3BC1 cmp eax, ecx :00402E47 7318 jnb 00402E61 :00402E49 80600400 and byte ptr [eax+04], 00 :00402E4D 8308FF or dword ptr [eax], FFFFFFFF :00402E50 C640050A mov [eax+05], 0A :00402E54 8B0F mov ecx, dword ptr [edi] :00402E56 83C008 add eax, 00000008 :00402E59 81C100010000 add ecx, 00000100 :00402E5F EBE4 jmp 00402E45 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402E47(C) | :00402E61 83C704 add edi, 00000004 :00402E64 3935407E4000 cmp dword ptr [00407E40], esi :00402E6A 7CBB jl 00402E27 :00402E6C EB06 jmp 00402E74 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402E34(C) | :00402E6E 8B35407E4000 mov esi, dword ptr [00407E40] * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00402E20(C), :00402E6C(U) | :00402E74 33FF xor edi, edi :00402E76 85F6 test esi, esi :00402E78 7E46 jle 00402EC0 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402EBE(C) | :00402E7A 8B03 mov eax, dword ptr [ebx] :00402E7C 83F8FF cmp eax, FFFFFFFF :00402E7F 7436 je 00402EB7 :00402E81 8A4D00 mov cl, byte ptr [ebp+00] :00402E84 F6C101 test cl, 01 :00402E87 742E je 00402EB7 :00402E89 F6C108 test cl, 08 :00402E8C 750B jne 00402E99 :00402E8E 50 push eax * Reference To: KERNEL32.GetFileType, Ord:0115h | :00402E8F FF1538604000 Call dword ptr [00406038] :00402E95 85C0 test eax, eax :00402E97 741E je 00402EB7 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402E8C(C) | :00402E99 8BC7 mov eax, edi :00402E9B 8BCF mov ecx, edi :00402E9D C1F805 sar eax, 05 :00402EA0 83E11F and ecx, 0000001F :00402EA3 8B0485407D4000 mov eax, dword ptr [4*eax+00407D40] :00402EAA 8D04C8 lea eax, dword ptr [eax+8*ecx] :00402EAD 8B0B mov ecx, dword ptr [ebx] :00402EAF 8908 mov dword ptr [eax], ecx :00402EB1 8A4D00 mov cl, byte ptr [ebp+00] :00402EB4 884804 mov byte ptr [eax+04], cl * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00402E7F(C), :00402E87(C), :00402E97(C) | :00402EB7 47 inc edi :00402EB8 45 inc ebp :00402EB9 83C304 add ebx, 00000004 :00402EBC 3BFE cmp edi, esi :00402EBE 7CBA jl 00402E7A * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00402DF5(C), :00402E01(C), :00402E78(C) | :00402EC0 33DB xor ebx, ebx * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402F25(C) | :00402EC2 A1407D4000 mov eax, dword ptr [00407D40] :00402EC7 833CD8FF cmp dword ptr [eax+8*ebx], FFFFFFFF :00402ECB 8D34D8 lea esi, dword ptr [eax+8*ebx] :00402ECE 754D jne 00402F1D :00402ED0 85DB test ebx, ebx :00402ED2 C6460481 mov [esi+04], 81 :00402ED6 7505 jne 00402EDD :00402ED8 6AF6 push FFFFFFF6 :00402EDA 58 pop eax :00402EDB EB0A jmp 00402EE7 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402ED6(C) | :00402EDD 8BC3 mov eax, ebx :00402EDF 48 dec eax :00402EE0 F7D8 neg eax :00402EE2 1BC0 sbb eax, eax :00402EE4 83C0F5 add eax, FFFFFFF5 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402EDB(U) | :00402EE7 50 push eax * Reference To: KERNEL32.GetStdHandle, Ord:0152h | :00402EE8 FF1534604000 Call dword ptr [00406034] :00402EEE 8BF8 mov edi, eax :00402EF0 83FFFF cmp edi, FFFFFFFF :00402EF3 7417 je 00402F0C :00402EF5 57 push edi * Reference To: KERNEL32.GetFileType, Ord:0115h | :00402EF6 FF1538604000 Call dword ptr [00406038] :00402EFC 85C0 test eax, eax :00402EFE 740C je 00402F0C :00402F00 25FF000000 and eax, 000000FF :00402F05 893E mov dword ptr [esi], edi :00402F07 83F802 cmp eax, 00000002 :00402F0A 7506 jne 00402F12 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00402EF3(C), :00402EFE(C) | :00402F0C 804E0440 or byte ptr [esi+04], 40 :00402F10 EB0F jmp 00402F21 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402F0A(C) | :00402F12 83F803 cmp eax, 00000003 :00402F15 750A jne 00402F21 :00402F17 804E0408 or byte ptr [esi+04], 08 :00402F1B EB04 jmp 00402F21 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402ECE(C) | :00402F1D 804E0480 or byte ptr [esi+04], 80 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00402F10(U), :00402F15(C), :00402F1B(U) | :00402F21 43 inc ebx :00402F22 83FB03 cmp ebx, 00000003 :00402F25 7C9B jl 00402EC2 :00402F27 FF35407E4000 push dword ptr [00407E40] * Reference To: KERNEL32.SetHandleCount, Ord:026Dh | :00402F2D FF1530604000 Call dword ptr [00406030] :00402F33 5F pop edi :00402F34 5E pop esi :00402F35 5D pop ebp :00402F36 5B pop ebx :00402F37 83C444 add esp, 00000044 :00402F3A C3 ret * Referenced by a CALL at Address: |:004011C5 | :00402F3B 33C0 xor eax, eax :00402F3D 6A00 push 00000000 :00402F3F 39442408 cmp dword ptr [esp+08], eax :00402F43 6800100000 push 00001000 :00402F48 0F94C0 sete al :00402F4B 50 push eax * Reference To: KERNEL32.HeapCreate, Ord:019Bh | :00402F4C FF1544604000 Call dword ptr [00406044] :00402F52 85C0 test eax, eax :00402F54 A3287D4000 mov dword ptr [00407D28], eax :00402F59 7415 je 00402F70 :00402F5B E895140000 call 004043F5 :00402F60 85C0 test eax, eax :00402F62 750F jne 00402F73 :00402F64 FF35287D4000 push dword ptr [00407D28] * Reference To: KERNEL32.HeapDestroy, Ord:019Dh | :00402F6A FF1540604000 Call dword ptr [00406040] * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402F59(C) | :00402F70 33C0 xor eax, eax :00402F72 C3 ret * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402F62(C) | :00402F73 6A01 push 00000001 :00402F75 58 pop eax :00402F76 C3 ret :00402F77 CC int 03 * Referenced by a CALL at Address: |:004030CA | :00402F78 55 push ebp :00402F79 8BEC mov ebp, esp :00402F7B 53 push ebx :00402F7C 56 push esi :00402F7D 57 push edi :00402F7E 55 push ebp :00402F7F 6A00 push 00000000 :00402F81 6A00 push 00000000 * Possible StringData Ref from Code Obj ->"]_^[" | :00402F83 68902F4000 push 00402F90 :00402F88 FF7508 push [ebp+08] * Reference To: KERNEL32.RtlUnwind, Ord:022Fh | :00402F8B E89C2C0000 Call 00405C2C :00402F90 5D pop ebp :00402F91 5F pop edi :00402F92 5E pop esi :00402F93 5B pop ebx :00402F94 8BE5 mov esp, ebp :00402F96 5D pop ebp :00402F97 C3 ret :00402F98 8B4C2404 mov ecx, dword ptr [esp+04] :00402F9C F7410406000000 test [ecx+04], 00000006 :00402FA3 B801000000 mov eax, 00000001 :00402FA8 740F je 00402FB9 :00402FAA 8B442408 mov eax, dword ptr [esp+08] :00402FAE 8B542410 mov edx, dword ptr [esp+10] :00402FB2 8902 mov dword ptr [edx], eax :00402FB4 B803000000 mov eax, 00000003 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402FA8(C) | :00402FB9 C3 ret * Referenced by a CALL at Addresses: |:004030D7 , :00403117 , :0040313C | :00402FBA 53 push ebx :00402FBB 56 push esi :00402FBC 57 push edi :00402FBD 8B442410 mov eax, dword ptr [esp+10] :00402FC1 50 push eax :00402FC2 6AFE push FFFFFFFE :00402FC4 68982F4000 push 00402F98 :00402FC9 64FF3500000000 push dword ptr fs:[00000000] :00402FD0 64892500000000 mov dword ptr fs:[00000000], esp * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403012(U) | :00402FD7 8B442420 mov eax, dword ptr [esp+20] :00402FDB 8B5808 mov ebx, dword ptr [eax+08] :00402FDE 8B700C mov esi, dword ptr [eax+0C] :00402FE1 83FEFF cmp esi, FFFFFFFF :00402FE4 742E je 00403014 :00402FE6 3B742424 cmp esi, dword ptr [esp+24] :00402FEA 7428 je 00403014 :00402FEC 8D3476 lea esi, dword ptr [esi+2*esi] :00402FEF 8B0CB3 mov ecx, dword ptr [ebx+4*esi] :00402FF2 894C2408 mov dword ptr [esp+08], ecx :00402FF6 89480C mov dword ptr [eax+0C], ecx :00402FF9 837CB30400 cmp dword ptr [ebx+4*esi+04], 00000000 :00402FFE 7512 jne 00403012 :00403000 6801010000 push 00000101 :00403005 8B44B308 mov eax, dword ptr [ebx+4*esi+08] :00403009 E840000000 call 0040304E :0040300E FF54B308 call [ebx+4*esi+08] * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00402FFE(C) | :00403012 EBC3 jmp 00402FD7 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00402FE4(C), :00402FEA(C) | :00403014 648F0500000000 pop dword ptr fs:[00000000] :0040301B 83C40C add esp, 0000000C :0040301E 5F pop edi :0040301F 5E pop esi :00403020 5B pop ebx :00403021 C3 ret :00403022 33C0 xor eax, eax :00403024 648B0D00000000 mov ecx, dword ptr fs:[00000000] :0040302B 817904982F4000 cmp dword ptr [ecx+04], 00402F98 :00403032 7510 jne 00403044 :00403034 8B510C mov edx, dword ptr [ecx+0C] :00403037 8B520C mov edx, dword ptr [edx+0C] :0040303A 395108 cmp dword ptr [ecx+08], edx :0040303D 7505 jne 00403044 :0040303F B801000000 mov eax, 00000001 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00403032(C), :0040303D(C) | :00403044 C3 ret :00403045 53 push ebx :00403046 51 push ecx * Possible StringData Ref from Data Obj ->" " | :00403047 BBE4734000 mov ebx, 004073E4 :0040304C EB0A jmp 00403058 * Referenced by a CALL at Addresses: |:00403009 , :004030E8 | :0040304E 53 push ebx :0040304F 51 push ecx * Possible StringData Ref from Data Obj ->" " | :00403050 BBE4734000 mov ebx, 004073E4 :00403055 8B4D08 mov ecx, dword ptr [ebp+08] * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0040304C(U) | :00403058 894B08 mov dword ptr [ebx+08], ecx :0040305B 894304 mov dword ptr [ebx+04], eax :0040305E 896B0C mov dword ptr [ebx+0C], ebp :00403061 59 pop ecx :00403062 5B pop ebx :00403063 C20400 ret 0004 :00403066 CC int 03 :00403067 CC int 03 :00403068 56 push esi :00403069 43 inc ebx :0040306A 3230 xor dh, byte ptr [eax] :0040306C 58 pop eax :0040306D 43 inc ebx :0040306E 3030 xor byte ptr [eax], dh :00403070 55 push ebp :00403071 8BEC mov ebp, esp :00403073 83EC08 sub esp, 00000008 :00403076 53 push ebx :00403077 56 push esi :00403078 57 push edi :00403079 55 push ebp :0040307A FC cld :0040307B 8B5D0C mov ebx, dword ptr [ebp+0C] :0040307E 8B4508 mov eax, dword ptr [ebp+08] :00403081 F7400406000000 test [eax+04], 00000006 :00403088 0F8582000000 jne 00403110 :0040308E 8945F8 mov dword ptr [ebp-08], eax :00403091 8B4510 mov eax, dword ptr [ebp+10] :00403094 8945FC mov dword ptr [ebp-04], eax :00403097 8D45F8 lea eax, dword ptr [ebp-08] :0040309A 8943FC mov dword ptr [ebx-04], eax :0040309D 8B730C mov esi, dword ptr [ebx+0C] :004030A0 8B7B08 mov edi, dword ptr [ebx+08] * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403100(U) | :004030A3 83FEFF cmp esi, FFFFFFFF :004030A6 7461 je 00403109 :004030A8 8D0C76 lea ecx, dword ptr [esi+2*esi] :004030AB 837C8F0400 cmp dword ptr [edi+4*ecx+04], 00000000 :004030B0 7445 je 004030F7 :004030B2 56 push esi :004030B3 55 push ebp :004030B4 8D6B10 lea ebp, dword ptr [ebx+10] :004030B7 FF548F04 call [edi+4*ecx+04] :004030BB 5D pop ebp :004030BC 5E pop esi :004030BD 8B5D0C mov ebx, dword ptr [ebp+0C] :004030C0 0BC0 or eax, eax :004030C2 7433 je 004030F7 :004030C4 783C js 00403102 :004030C6 8B7B08 mov edi, dword ptr [ebx+08] :004030C9 53 push ebx :004030CA E8A9FEFFFF call 00402F78 :004030CF 83C404 add esp, 00000004 :004030D2 8D6B10 lea ebp, dword ptr [ebx+10] :004030D5 56 push esi :004030D6 53 push ebx :004030D7 E8DEFEFFFF call 00402FBA :004030DC 83C408 add esp, 00000008 :004030DF 8D0C76 lea ecx, dword ptr [esi+2*esi] :004030E2 6A01 push 00000001 :004030E4 8B448F08 mov eax, dword ptr [edi+4*ecx+08] :004030E8 E861FFFFFF call 0040304E :004030ED 8B048F mov eax, dword ptr [edi+4*ecx] :004030F0 89430C mov dword ptr [ebx+0C], eax :004030F3 FF548F08 call [edi+4*ecx+08] * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:004030B0(C), :004030C2(C) | :004030F7 8B7B08 mov edi, dword ptr [ebx+08] :004030FA 8D0C76 lea ecx, dword ptr [esi+2*esi] :004030FD 8B348F mov esi, dword ptr [edi+4*ecx] :00403100 EBA1 jmp 004030A3 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004030C4(C) | :00403102 B800000000 mov eax, 00000000 :00403107 EB1C jmp 00403125 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004030A6(C) | :00403109 B801000000 mov eax, 00000001 :0040310E EB15 jmp 00403125 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403088(C) | :00403110 55 push ebp :00403111 8D6B10 lea ebp, dword ptr [ebx+10] :00403114 6AFF push FFFFFFFF :00403116 53 push ebx :00403117 E89EFEFFFF call 00402FBA :0040311C 83C408 add esp, 00000008 :0040311F 5D pop ebp :00403120 B801000000 mov eax, 00000001 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00403107(U), :0040310E(U) | :00403125 5D pop ebp :00403126 5F pop edi :00403127 5E pop esi :00403128 5B pop ebx :00403129 8BE5 mov esp, ebp :0040312B 5D pop ebp :0040312C C3 ret :0040312D 55 push ebp :0040312E 8B4C2408 mov ecx, dword ptr [esp+08] :00403132 8B29 mov ebp, dword ptr [ecx] :00403134 8B411C mov eax, dword ptr [ecx+1C] :00403137 50 push eax :00403138 8B4118 mov eax, dword ptr [ecx+18] :0040313B 50 push eax :0040313C E879FEFFFF call 00402FBA :00403141 83C408 add esp, 00000008 :00403144 5D pop ebp :00403145 C20400 ret 0004 * Referenced by a CALL at Addresses: |:00401254 , :00401279 | :00403148 A140794000 mov eax, dword ptr [00407940] :0040314D 83F801 cmp eax, 00000001 :00403150 740D je 0040315F :00403152 85C0 test eax, eax :00403154 752A jne 00403180 :00403156 833DB470400001 cmp dword ptr [004070B4], 00000001 :0040315D 7521 jne 00403180 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403150(C) | :0040315F 68FC000000 push 000000FC :00403164 E818000000 call 00403181 :00403169 A1A87A4000 mov eax, dword ptr [00407AA8] :0040316E 59 pop ecx :0040316F 85C0 test eax, eax :00403171 7402 je 00403175 :00403173 FFD0 call eax * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403171(C) | :00403175 68FF000000 push 000000FF :0040317A E802000000 call 00403181 :0040317F 59 pop ecx * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00403154(C), :0040315D(C) | :00403180 C3 ret * Referenced by a CALL at Addresses: |:0040125D , :00401282 , :00403164 , :0040317A | :00403181 55 push ebp :00403182 8BEC mov ebp, esp :00403184 81ECA4010000 sub esp, 000001A4 :0040318A 8B5508 mov edx, dword ptr [ebp+08] :0040318D 33C9 xor ecx, ecx :0040318F B8F8734000 mov eax, 004073F8 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004031A1(C) | :00403194 3B10 cmp edx, dword ptr [eax] :00403196 740B je 004031A3 :00403198 83C008 add eax, 00000008 :0040319B 41 inc ecx :0040319C 3D88744000 cmp eax, 00407488 :004031A1 7CF1 jl 00403194 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403196(C) | :004031A3 56 push esi :004031A4 8BF1 mov esi, ecx :004031A6 C1E603 shl esi, 03 :004031A9 3B96F8734000 cmp edx, dword ptr [esi+004073F8] :004031AF 0F851C010000 jne 004032D1 :004031B5 A140794000 mov eax, dword ptr [00407940] :004031BA 83F801 cmp eax, 00000001 :004031BD 0F84E8000000 je 004032AB :004031C3 85C0 test eax, eax :004031C5 750D jne 004031D4 :004031C7 833DB470400001 cmp dword ptr [004070B4], 00000001 :004031CE 0F84D7000000 je 004032AB * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004031C5(C) | :004031D4 81FAFC000000 cmp edx, 000000FC :004031DA 0F84F1000000 je 004032D1 :004031E0 8D855CFEFFFF lea eax, dword ptr [ebp+FFFFFE5C] :004031E6 6804010000 push 00000104 :004031EB 50 push eax :004031EC 6A00 push 00000000 * Reference To: KERNEL32.GetModuleFileNameA, Ord:0124h | :004031EE FF1518604000 Call dword ptr [00406018] :004031F4 85C0 test eax, eax :004031F6 7513 jne 0040320B :004031F8 8D855CFEFFFF lea eax, dword ptr [ebp+FFFFFE5C] :004031FE 6800644000 push 00406400 :00403203 50 push eax :00403204 E8E7090000 call 00403BF0 :00403209 59 pop ecx :0040320A 59 pop ecx * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004031F6(C) | :0040320B 8D855CFEFFFF lea eax, dword ptr [ebp+FFFFFE5C] :00403211 57 push edi :00403212 50 push eax :00403213 8DBD5CFEFFFF lea edi, dword ptr [ebp+FFFFFE5C] :00403219 E8B2060000 call 004038D0 :0040321E 40 inc eax :0040321F 59 pop ecx :00403220 83F83C cmp eax, 0000003C :00403223 7629 jbe 0040324E :00403225 8D855CFEFFFF lea eax, dword ptr [ebp+FFFFFE5C] :0040322B 50 push eax :0040322C E89F060000 call 004038D0 :00403231 8BF8 mov edi, eax :00403233 8D855CFEFFFF lea eax, dword ptr [ebp+FFFFFE5C] :00403239 83E83B sub eax, 0000003B :0040323C 6A03 push 00000003 :0040323E 03F8 add edi, eax :00403240 68FC634000 push 004063FC :00403245 57 push edi :00403246 E8851A0000 call 00404CD0 :0040324B 83C410 add esp, 00000010 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403223(C) | :0040324E 8D8560FFFFFF lea eax, dword ptr [ebp+FFFFFF60] :00403254 68E0634000 push 004063E0 :00403259 50 push eax :0040325A E891090000 call 00403BF0 :0040325F 8D8560FFFFFF lea eax, dword ptr [ebp+FFFFFF60] :00403265 57 push edi :00403266 50 push eax :00403267 E894090000 call 00403C00 :0040326C 8D8560FFFFFF lea eax, dword ptr [ebp+FFFFFF60] :00403272 68DC634000 push 004063DC :00403277 50 push eax :00403278 E883090000 call 00403C00 :0040327D FFB6FC734000 push dword ptr [esi+004073FC] :00403283 8D8560FFFFFF lea eax, dword ptr [ebp+FFFFFF60] :00403289 50 push eax :0040328A E871090000 call 00403C00 :0040328F 6810200100 push 00012010 :00403294 8D8560FFFFFF lea eax, dword ptr [ebp+FFFFFF60] :0040329A 68B4634000 push 004063B4 :0040329F 50 push eax :004032A0 E899190000 call 00404C3E :004032A5 83C42C add esp, 0000002C :004032A8 5F pop edi :004032A9 EB26 jmp 004032D1 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:004031BD(C), :004031CE(C) | :004032AB 8D4508 lea eax, dword ptr [ebp+08] :004032AE 8DB6FC734000 lea esi, dword ptr [esi+004073FC] :004032B4 6A00 push 00000000 :004032B6 50 push eax :004032B7 FF36 push dword ptr [esi] :004032B9 E812060000 call 004038D0 :004032BE 59 pop ecx :004032BF 50 push eax :004032C0 FF36 push dword ptr [esi] :004032C2 6AF4 push FFFFFFF4 * Reference To: KERNEL32.GetStdHandle, Ord:0152h | :004032C4 FF1534604000 Call dword ptr [00406034] :004032CA 50 push eax * Reference To: KERNEL32.WriteFile, Ord:02DFh | :004032CB FF1554604000 Call dword ptr [00406054] * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:004031AF(C), :004031DA(C), :004032A9(U) | :004032D1 5E pop esi :004032D2 C9 leave :004032D3 C3 ret * Referenced by a CALL at Address: |:00401937 | :004032D4 55 push ebp :004032D5 8BEC mov ebp, esp :004032D7 53 push ebx :004032D8 56 push esi :004032D9 8B750C mov esi, dword ptr [ebp+0C] :004032DC 33DB xor ebx, ebx :004032DE 3BF3 cmp esi, ebx :004032E0 7415 je 004032F7 :004032E2 395D10 cmp dword ptr [ebp+10], ebx :004032E5 7410 je 004032F7 :004032E7 8A06 mov al, byte ptr [esi] :004032E9 3AC3 cmp al, bl :004032EB 7510 jne 004032FD :004032ED 8B4508 mov eax, dword ptr [ebp+08] :004032F0 3BC3 cmp eax, ebx :004032F2 7403 je 004032F7 :004032F4 668918 mov word ptr [eax], bx * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:004032E0(C), :004032E5(C), :004032F2(C) | :004032F7 33C0 xor eax, eax * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00403316(U), :0040335A(C), :00403364(C), :00403373(U) | :004032F9 5E pop esi :004032FA 5B pop ebx :004032FB 5D pop ebp :004032FC C3 ret * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004032EB(C) | :004032FD 391DC47A4000 cmp dword ptr [00407AC4], ebx :00403303 7513 jne 00403318 :00403305 8B4D08 mov ecx, dword ptr [ebp+08] :00403308 3BCB cmp ecx, ebx :0040330A 7407 je 00403313 :0040330C 660FB6C0 movzx ax, al :00403310 668901 mov word ptr [ecx], ax * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:0040330A(C), :00403394(C) | :00403313 6A01 push 00000001 :00403315 58 pop eax :00403316 EBE1 jmp 004032F9 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403303(C) | * Possible StringData Ref from Data Obj ->" ((((( " ->" H" | :00403318 8B0DB4744000 mov ecx, dword ptr [004074B4] :0040331E 0FB6C0 movzx eax, al :00403321 F644410180 test [ecx+2*eax+01], 80 :00403326 744D je 00403375 :00403328 A1A8744000 mov eax, dword ptr [004074A8] :0040332D 83F801 cmp eax, 00000001 :00403330 7E2A jle 0040335C :00403332 394510 cmp dword ptr [ebp+10], eax :00403335 7C2F jl 00403366 :00403337 33C9 xor ecx, ecx :00403339 395D08 cmp dword ptr [ebp+08], ebx :0040333C 0F95C1 setne cl :0040333F 51 push ecx :00403340 FF7508 push [ebp+08] :00403343 50 push eax :00403344 56 push esi :00403345 6A09 push 00000009 :00403347 FF35D47A4000 push dword ptr [00407AD4] * Reference To: KERNEL32.MultiByteToWideChar, Ord:01E4h | :0040334D FF1558604000 Call dword ptr [00406058] :00403353 85C0 test eax, eax :00403355 A1A8744000 mov eax, dword ptr [004074A8] :0040335A 759D jne 004032F9 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403330(C) | :0040335C 394510 cmp dword ptr [ebp+10], eax :0040335F 7205 jb 00403366 :00403361 385E01 cmp byte ptr [esi+01], bl :00403364 7593 jne 004032F9 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00403335(C), :0040335F(C), :0040339A(U) | :00403366 C705507940002A000000 mov dword ptr [00407950], 0000002A :00403370 83C8FF or eax, FFFFFFFF :00403373 EB84 jmp 004032F9 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403326(C) | :00403375 33C0 xor eax, eax :00403377 395D08 cmp dword ptr [ebp+08], ebx :0040337A 0F95C0 setne al :0040337D 50 push eax :0040337E FF7508 push [ebp+08] :00403381 6A01 push 00000001 :00403383 56 push esi :00403384 6A09 push 00000009 :00403386 FF35D47A4000 push dword ptr [00407AD4] * Reference To: KERNEL32.MultiByteToWideChar, Ord:01E4h | :0040338C FF1558604000 Call dword ptr [00406058] :00403392 85C0 test eax, eax :00403394 0F8579FFFFFF jne 00403313 :0040339A EBCA jmp 00403366 :0040339C CC int 03 :0040339D CC int 03 :0040339E CC int 03 :0040339F CC int 03 * Referenced by a CALL at Addresses: |:0040180C , :004036B1 , :00404EC6 | :004033A0 8B54240C mov edx, dword ptr [esp+0C] :004033A4 8B4C2404 mov ecx, dword ptr [esp+04] :004033A8 85D2 test edx, edx :004033AA 7447 je 004033F3 :004033AC 33C0 xor eax, eax :004033AE 8A442408 mov al, byte ptr [esp+08] :004033B2 57 push edi :004033B3 8BF9 mov edi, ecx :004033B5 83FA04 cmp edx, 00000004 :004033B8 722D jb 004033E7 :004033BA F7D9 neg ecx :004033BC 83E103 and ecx, 00000003 :004033BF 7408 je 004033C9 :004033C1 2BD1 sub edx, ecx * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004033C7(C) | :004033C3 8807 mov byte ptr [edi], al :004033C5 47 inc edi :004033C6 49 dec ecx :004033C7 75FA jne 004033C3 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004033BF(C) | :004033C9 8BC8 mov ecx, eax :004033CB C1E008 shl eax, 08 :004033CE 03C1 add eax, ecx :004033D0 8BC8 mov ecx, eax :004033D2 C1E010 shl eax, 10 :004033D5 03C1 add eax, ecx :004033D7 8BCA mov ecx, edx :004033D9 83E203 and edx, 00000003 :004033DC C1E902 shr ecx, 02 :004033DF 7406 je 004033E7 :004033E1 F3 repz :004033E2 AB stosd :004033E3 85D2 test edx, edx :004033E5 7406 je 004033ED * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:004033B8(C), :004033DF(C), :004033EB(C) | :004033E7 8807 mov byte ptr [edi], al :004033E9 47 inc edi :004033EA 4A dec edx :004033EB 75FA jne 004033E7 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004033E5(C) | :004033ED 8B442408 mov eax, dword ptr [esp+08] :004033F1 5F pop edi :004033F2 C3 ret * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004033AA(C) | :004033F3 8B442404 mov eax, dword ptr [esp+04] :004033F7 C3 ret * Referenced by a CALL at Addresses: |:0040130A , :0040131C , :00401D35 | :004033F8 833DA874400001 cmp dword ptr [004074A8], 00000001 :004033FF 7E0E jle 0040340F :00403401 6A08 push 00000008 :00403403 FF742408 push [esp+08] :00403407 E814000000 call 00403420 :0040340C 59 pop ecx :0040340D 59 pop ecx :0040340E C3 ret * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004033FF(C) | :0040340F 8B442404 mov eax, dword ptr [esp+04] * Possible StringData Ref from Data Obj ->" ((((( " ->" H" | :00403413 8B0DB4744000 mov ecx, dword ptr [004074B4] :00403419 8A0441 mov al, byte ptr [ecx+2*eax] :0040341C 83E008 and eax, 00000008 :0040341F C3 ret * Referenced by a CALL at Addresses: |:004012D2 , :0040136F , :0040154F , :004015BD , :00401664 |:00401A04 , :00401A50 , :00401B15 , :00401B52 , :00401CCA |:00403407 | :00403420 55 push ebp :00403421 8BEC mov ebp, esp :00403423 51 push ecx :00403424 8B4508 mov eax, dword ptr [ebp+08] :00403427 8D4801 lea ecx, dword ptr [eax+01] :0040342A 81F900010000 cmp ecx, 00000100 :00403430 770C ja 0040343E * Possible StringData Ref from Data Obj ->" ((((( " ->" H" | :00403432 8B0DB4744000 mov ecx, dword ptr [004074B4] :00403438 0FB70441 movzx eax, word ptr [ecx+2*eax] :0040343C EB52 jmp 00403490 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403430(C) | :0040343E 8BC8 mov ecx, eax :00403440 56 push esi * Possible StringData Ref from Data Obj ->" ((((( " ->" H" | :00403441 8B35B4744000 mov esi, dword ptr [004074B4] :00403447 C1F908 sar ecx, 08 :0040344A 0FB6D1 movzx edx, cl :0040344D F644560180 test [esi+2*edx+01], 80 :00403452 5E pop esi :00403453 740E je 00403463 :00403455 8065FE00 and byte ptr [ebp-02], 00 :00403459 884DFC mov byte ptr [ebp-04], cl :0040345C 8845FD mov byte ptr [ebp-03], al :0040345F 6A02 push 00000002 :00403461 EB09 jmp 0040346C * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403453(C) | :00403463 8065FD00 and byte ptr [ebp-03], 00 :00403467 8845FC mov byte ptr [ebp-04], al :0040346A 6A01 push 00000001 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403461(U) | :0040346C 58 pop eax :0040346D 8D4D0A lea ecx, dword ptr [ebp+0A] :00403470 6A01 push 00000001 :00403472 6A00 push 00000000 :00403474 6A00 push 00000000 :00403476 51 push ecx :00403477 50 push eax :00403478 8D45FC lea eax, dword ptr [ebp-04] :0040347B 50 push eax :0040347C 6A01 push 00000001 :0040347E E854190000 call 00404DD7 :00403483 83C41C add esp, 0000001C :00403486 85C0 test eax, eax :00403488 7502 jne 0040348C :0040348A C9 leave :0040348B C3 ret * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403488(C) | :0040348C 0FB7450A movzx eax, word ptr [ebp+0A] * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0040343C(U) | :00403490 23450C and eax, dword ptr [ebp+0C] :00403493 C9 leave :00403494 C3 ret :00403495 CC int 03 :00403496 CC int 03 :00403497 CC int 03 :00403498 CC int 03 :00403499 CC int 03 :0040349A CC int 03 :0040349B CC int 03 :0040349C CC int 03 :0040349D CC int 03 :0040349E CC int 03 :0040349F CC int 03 * Referenced by a CALL at Address: |:00401A8C | :004034A0 8B442408 mov eax, dword ptr [esp+08] :004034A4 8B4C2410 mov ecx, dword ptr [esp+10] :004034A8 0BC8 or ecx, eax :004034AA 8B4C240C mov ecx, dword ptr [esp+0C] :004034AE 7509 jne 004034B9 :004034B0 8B442404 mov eax, dword ptr [esp+04] :004034B4 F7E1 mul ecx :004034B6 C21000 ret 0010 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004034AE(C) | :004034B9 53 push ebx :004034BA F7E1 mul ecx :004034BC 8BD8 mov ebx, eax :004034BE 8B442408 mov eax, dword ptr [esp+08] :004034C2 F7642414 mul [esp+14] :004034C6 03D8 add ebx, eax :004034C8 8B442408 mov eax, dword ptr [esp+08] :004034CC F7E1 mul ecx :004034CE 03D3 add edx, ebx :004034D0 5B pop ebx :004034D1 C21000 ret 0010 :004034D4 CC int 03 :004034D5 CC int 03 :004034D6 CC int 03 :004034D7 CC int 03 :004034D8 CC int 03 :004034D9 CC int 03 :004034DA CC int 03 :004034DB CC int 03 :004034DC CC int 03 :004034DD CC int 03 :004034DE CC int 03 :004034DF CC int 03 * Referenced by a CALL at Addresses: |:00401A2B , :00401A7B | :004034E0 80F940 cmp cl, 40 :004034E3 7315 jnb 004034FA :004034E5 80F920 cmp cl, 20 :004034E8 7306 jnb 004034F0 :004034EA 0FA5C2 shld edx, eax, cl :004034ED D3E0 shl eax, cl :004034EF C3 ret * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004034E8(C) | :004034F0 8BD0 mov edx, eax :004034F2 33C0 xor eax, eax :004034F4 80E11F and cl, 1F :004034F7 D3E2 shl edx, cl :004034F9 C3 ret * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004034E3(C) | :004034FA 33C0 xor eax, eax :004034FC 33D2 xor edx, edx :004034FE C3 ret * Referenced by a CALL at Address: |:00401D03 | :004034FF 56 push esi :00403500 8B742408 mov esi, dword ptr [esp+08] :00403504 8B460C mov eax, dword ptr [esi+0C] :00403507 A883 test al, 83 :00403509 0F84C4000000 je 004035D3 :0040350F A840 test al, 40 :00403511 0F85BC000000 jne 004035D3 :00403517 A802 test al, 02 :00403519 740A je 00403525 :0040351B 0C20 or al, 20 :0040351D 89460C mov dword ptr [esi+0C], eax :00403520 E9AE000000 jmp 004035D3 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403519(C) | :00403525 0C01 or al, 01 :00403527 66A90C01 test ax, 010C :0040352B 89460C mov dword ptr [esi+0C], eax :0040352E 7509 jne 00403539 :00403530 56 push esi :00403531 E8E01B0000 call 00405116 :00403536 59 pop ecx :00403537 EB05 jmp 0040353E * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0040352E(C) | :00403539 8B4608 mov eax, dword ptr [esi+08] :0040353C 8906 mov dword ptr [esi], eax * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403537(U) | :0040353E FF7618 push [esi+18] :00403541 FF7608 push [esi+08] :00403544 FF7610 push [esi+10] :00403547 E8D4190000 call 00404F20 :0040354C 83C40C add esp, 0000000C :0040354F 894604 mov dword ptr [esi+04], eax :00403552 85C0 test eax, eax :00403554 746C je 004035C2 :00403556 83F8FF cmp eax, FFFFFFFF :00403559 7467 je 004035C2 :0040355B 8B560C mov edx, dword ptr [esi+0C] :0040355E F6C282 test dl, 82 :00403561 7534 jne 00403597 :00403563 8B4E10 mov ecx, dword ptr [esi+10] :00403566 57 push edi :00403567 83F9FF cmp ecx, FFFFFFFF :0040356A 7414 je 00403580 :0040356C 8BF9 mov edi, ecx :0040356E C1FF05 sar edi, 05 :00403571 83E11F and ecx, 0000001F :00403574 8B3CBD407D4000 mov edi, dword ptr [4*edi+00407D40] :0040357B 8D3CCF lea edi, dword ptr [edi+8*ecx] :0040357E EB05 jmp 00403585 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0040356A(C) | :00403580 BFD8734000 mov edi, 004073D8 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0040357E(U) | :00403585 8A4F04 mov cl, byte ptr [edi+04] :00403588 5F pop edi :00403589 80E182 and cl, 82 :0040358C 80F982 cmp cl, 82 :0040358F 7506 jne 00403597 :00403591 80CE20 or dh, 20 :00403594 89560C mov dword ptr [esi+0C], edx * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00403561(C), :0040358F(C) | :00403597 817E1800020000 cmp dword ptr [esi+18], 00000200 :0040359E 7514 jne 004035B4 :004035A0 8B4E0C mov ecx, dword ptr [esi+0C] :004035A3 F6C108 test cl, 08 :004035A6 740C je 004035B4 :004035A8 F6C504 test ch, 04 :004035AB 7507 jne 004035B4 :004035AD C7461800100000 mov [esi+18], 00001000 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:0040359E(C), :004035A6(C), :004035AB(C) | :004035B4 8B0E mov ecx, dword ptr [esi] :004035B6 48 dec eax :004035B7 894604 mov dword ptr [esi+04], eax :004035BA 0FB601 movzx eax, byte ptr [ecx] :004035BD 41 inc ecx :004035BE 890E mov dword ptr [esi], ecx :004035C0 5E pop esi :004035C1 C3 ret * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00403554(C), :00403559(C) | :004035C2 F7D8 neg eax :004035C4 1BC0 sbb eax, eax :004035C6 83E010 and eax, 00000010 :004035C9 83C010 add eax, 00000010 :004035CC 09460C or dword ptr [esi+0C], eax :004035CF 83660400 and dword ptr [esi+04], 00000000 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00403509(C), :00403511(C), :00403520(U) | :004035D3 83C8FF or eax, FFFFFFFF :004035D6 5E pop esi :004035D7 C3 ret * Referenced by a CALL at Address: |:00401D19 | :004035D8 53 push ebx :004035D9 8B5C2408 mov ebx, dword ptr [esp+08] :004035DD 83FBFF cmp ebx, FFFFFFFF :004035E0 56 push esi :004035E1 7441 je 00403624 :004035E3 8B742410 mov esi, dword ptr [esp+10] :004035E7 8B460C mov eax, dword ptr [esi+0C] :004035EA A801 test al, 01 :004035EC 7508 jne 004035F6 :004035EE A880 test al, 80 :004035F0 7432 je 00403624 :004035F2 A802 test al, 02 :004035F4 752E jne 00403624 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004035EC(C) | :004035F6 837E0800 cmp dword ptr [esi+08], 00000000 :004035FA 7507 jne 00403603 :004035FC 56 push esi :004035FD E8141B0000 call 00405116 :00403602 59 pop ecx * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004035FA(C) | :00403603 8B06 mov eax, dword ptr [esi] :00403605 3B4608 cmp eax, dword ptr [esi+08] :00403608 7509 jne 00403613 :0040360A 837E0400 cmp dword ptr [esi+04], 00000000 :0040360E 7514 jne 00403624 :00403610 40 inc eax :00403611 8906 mov dword ptr [esi], eax * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403608(C) | :00403613 F6460C40 test [esi+0C], 40 :00403617 7411 je 0040362A :00403619 FF0E dec dword ptr [esi] :0040361B 8B06 mov eax, dword ptr [esi] :0040361D 3818 cmp byte ptr [eax], bl :0040361F 740F je 00403630 :00403621 40 inc eax :00403622 8906 mov dword ptr [esi], eax * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:004035E1(C), :004035F0(C), :004035F4(C), :0040360E(C) | :00403624 83C8FF or eax, FFFFFFFF * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403644(U) | :00403627 5E pop esi :00403628 5B pop ebx :00403629 C3 ret * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403617(C) | :0040362A FF0E dec dword ptr [esi] :0040362C 8B06 mov eax, dword ptr [esi] :0040362E 8818 mov byte ptr [eax], bl * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0040361F(C) | :00403630 8B460C mov eax, dword ptr [esi+0C] :00403633 FF4604 inc [esi+04] :00403636 24EF and al, EF :00403638 0C01 or al, 01 :0040363A 89460C mov dword ptr [esi+0C], eax :0040363D 8BC3 mov eax, ebx :0040363F 25FF000000 and eax, 000000FF :00403644 EBE1 jmp 00403627 * Referenced by a CALL at Addresses: |:00401D67 , :00401D80 | :00403646 53 push ebx :00403647 56 push esi :00403648 8B74240C mov esi, dword ptr [esp+0C] :0040364C 57 push edi :0040364D 0FAF742414 imul esi, dword ptr [esp+14] :00403652 83FEE0 cmp esi, FFFFFFE0 :00403655 8BDE mov ebx, esi :00403657 770D ja 00403666 :00403659 85F6 test esi, esi :0040365B 7503 jne 00403660 :0040365D 6A01 push 00000001 :0040365F 5E pop esi * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0040365B(C) | :00403660 83C60F add esi, 0000000F :00403663 83E6F0 and esi, FFFFFFF0 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00403657(C), :004036AB(U) | :00403666 33FF xor edi, edi :00403668 83FEE0 cmp esi, FFFFFFE0 :0040366B 772A ja 00403697 :0040366D 3B1DC0774000 cmp ebx, dword ptr [004077C0] :00403673 770D ja 00403682 :00403675 53 push ebx :00403676 E80E110000 call 00404789 :0040367B 8BF8 mov edi, eax :0040367D 59 pop ecx :0040367E 85FF test edi, edi :00403680 752B jne 004036AD * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403673(C) | :00403682 56 push esi :00403683 6A08 push 00000008 :00403685 FF35287D4000 push dword ptr [00407D28] * Reference To: KERNEL32.HeapAlloc, Ord:0199h | :0040368B FF155C604000 Call dword ptr [0040605C] :00403691 8BF8 mov edi, eax :00403693 85FF test edi, edi :00403695 7522 jne 004036B9 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0040366B(C) | :00403697 833DE47A400000 cmp dword ptr [00407AE4], 00000000 :0040369E 7419 je 004036B9 :004036A0 56 push esi :004036A1 E8B41A0000 call 0040515A :004036A6 85C0 test eax, eax :004036A8 59 pop ecx :004036A9 7414 je 004036BF :004036AB EBB9 jmp 00403666 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403680(C) | :004036AD 53 push ebx :004036AE 6A00 push 00000000 :004036B0 57 push edi :004036B1 E8EAFCFFFF call 004033A0 :004036B6 83C40C add esp, 0000000C * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00403695(C), :0040369E(C) | :004036B9 8BC7 mov eax, edi * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004036C1(U) | :004036BB 5F pop edi :004036BC 5E pop esi :004036BD 5B pop ebx :004036BE C3 ret * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004036A9(C) | :004036BF 33C0 xor eax, eax :004036C1 EBF8 jmp 004036BB * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00401DF8(U) | :004036C3 56 push esi :004036C4 57 push edi :004036C5 6A03 push 00000003 :004036C7 33FF xor edi, edi :004036C9 5E pop esi :004036CA 3935608E4000 cmp dword ptr [00408E60], esi :004036D0 7E44 jle 00403716 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403714(C) | :004036D2 A1587E4000 mov eax, dword ptr [00407E58] :004036D7 8B04B0 mov eax, dword ptr [eax+4*esi] :004036DA 85C0 test eax, eax :004036DC 742F je 0040370D :004036DE F6400C83 test [eax+0C], 83 :004036E2 740D je 004036F1 :004036E4 50 push eax :004036E5 E88B1A0000 call 00405175 :004036EA 83F8FF cmp eax, FFFFFFFF :004036ED 59 pop ecx :004036EE 7401 je 004036F1 :004036F0 47 inc edi * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:004036E2(C), :004036EE(C) | :004036F1 83FE14 cmp esi, 00000014 :004036F4 7C17 jl 0040370D :004036F6 A1587E4000 mov eax, dword ptr [00407E58] :004036FB FF34B0 push dword ptr [eax+4*esi] :004036FE E8B7040000 call 00403BBA :00403703 A1587E4000 mov eax, dword ptr [00407E58] :00403708 59 pop ecx :00403709 8324B000 and dword ptr [eax+4*esi], 00000000 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:004036DC(C), :004036F4(C) | :0040370D 46 inc esi :0040370E 3B35608E4000 cmp esi, dword ptr [00408E60] :00403714 7CBC jl 004036D2 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004036D0(C) | :00403716 8BC7 mov eax, edi :00403718 5F pop edi :00403719 5E pop esi :0040371A C3 ret * Referenced by a CALL at Addresses: |:004037E8 , :00403803 | :0040371B 56 push esi :0040371C 8B742408 mov esi, dword ptr [esp+08] :00403720 85F6 test esi, esi :00403722 7509 jne 0040372D :00403724 56 push esi :00403725 E891000000 call 004037BB :0040372A 59 pop ecx :0040372B 5E pop esi :0040372C C3 ret * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403722(C) | :0040372D 56 push esi :0040372E E823000000 call 00403756 :00403733 85C0 test eax, eax :00403735 59 pop ecx :00403736 7405 je 0040373D :00403738 83C8FF or eax, FFFFFFFF :0040373B 5E pop esi :0040373C C3 ret * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403736(C) | :0040373D F6460D40 test [esi+0D], 40 :00403741 740F je 00403752 :00403743 FF7610 push [esi+10] :00403746 E8801A0000 call 004051CB :0040374B F7D8 neg eax :0040374D 59 pop ecx :0040374E 5E pop esi :0040374F 1BC0 sbb eax, eax :00403751 C3 ret * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403741(C) | :00403752 33C0 xor eax, eax :00403754 5E pop esi :00403755 C3 ret * Referenced by a CALL at Addresses: |:00401E9E , :00401EC0 , :0040372E , :0040518F | :00403756 53 push ebx :00403757 56 push esi :00403758 8B74240C mov esi, dword ptr [esp+0C] :0040375C 33DB xor ebx, ebx :0040375E 57 push edi :0040375F 8B460C mov eax, dword ptr [esi+0C] :00403762 8BC8 mov ecx, eax :00403764 83E103 and ecx, 00000003 :00403767 80F902 cmp cl, 02 :0040376A 7537 jne 004037A3 :0040376C 66A90801 test ax, 0108 :00403770 7431 je 004037A3 :00403772 8B4608 mov eax, dword ptr [esi+08] :00403775 8B3E mov edi, dword ptr [esi] :00403777 2BF8 sub edi, eax :00403779 85FF test edi, edi :0040377B 7E26 jle 004037A3 :0040377D 57 push edi :0040377E 50 push eax :0040377F FF7610 push [esi+10] :00403782 E89B1A0000 call 00405222 :00403787 83C40C add esp, 0000000C :0040378A 3BC7 cmp eax, edi :0040378C 750E jne 0040379C :0040378E 8B460C mov eax, dword ptr [esi+0C] :00403791 A880 test al, 80 :00403793 740E je 004037A3 :00403795 24FD and al, FD :00403797 89460C mov dword ptr [esi+0C], eax :0040379A EB07 jmp 004037A3 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0040378C(C) | :0040379C 834E0C20 or dword ptr [esi+0C], 00000020 :004037A0 83CBFF or ebx, FFFFFFFF * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:0040376A(C), :00403770(C), :0040377B(C), :00403793(C), :0040379A(U) | :004037A3 8B4608 mov eax, dword ptr [esi+08] :004037A6 83660400 and dword ptr [esi+04], 00000000 :004037AA 8906 mov dword ptr [esi], eax :004037AC 5F pop edi :004037AD 8BC3 mov eax, ebx :004037AF 5E pop esi :004037B0 5B pop ebx :004037B1 C3 ret * Referenced by a CALL at Address: |:00401DEA | :004037B2 6A01 push 00000001 :004037B4 E802000000 call 004037BB :004037B9 59 pop ecx :004037BA C3 ret * Referenced by a CALL at Addresses: |:00403725 , :004037B4 | :004037BB 53 push ebx :004037BC 56 push esi :004037BD 57 push edi :004037BE 33F6 xor esi, esi :004037C0 33DB xor ebx, ebx :004037C2 33FF xor edi, edi :004037C4 3935608E4000 cmp dword ptr [00408E60], esi :004037CA 7E4D jle 00403819 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403817(C) | :004037CC A1587E4000 mov eax, dword ptr [00407E58] :004037D1 8B04B0 mov eax, dword ptr [eax+4*esi] :004037D4 85C0 test eax, eax :004037D6 7438 je 00403810 :004037D8 8B480C mov ecx, dword ptr [eax+0C] :004037DB F6C183 test cl, 83 :004037DE 7430 je 00403810 :004037E0 837C241001 cmp dword ptr [esp+10], 00000001 :004037E5 750F jne 004037F6 :004037E7 50 push eax :004037E8 E82EFFFFFF call 0040371B :004037ED 83F8FF cmp eax, FFFFFFFF :004037F0 59 pop ecx :004037F1 741D je 00403810 :004037F3 43 inc ebx :004037F4 EB1A jmp 00403810 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004037E5(C) | :004037F6 837C241000 cmp dword ptr [esp+10], 00000000 :004037FB 7513 jne 00403810 :004037FD F6C102 test cl, 02 :00403800 740E je 00403810 :00403802 50 push eax :00403803 E813FFFFFF call 0040371B :00403808 83F8FF cmp eax, FFFFFFFF :0040380B 59 pop ecx :0040380C 7502 jne 00403810 :0040380E 0BF8 or edi, eax * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:004037D6(C), :004037DE(C), :004037F1(C), :004037F4(U), :004037FB(C) |:00403800(C), :0040380C(C) | :00403810 46 inc esi :00403811 3B35608E4000 cmp esi, dword ptr [00408E60] :00403817 7CB3 jl 004037CC * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004037CA(C) | :00403819 837C241001 cmp dword ptr [esp+10], 00000001 :0040381E 8BC3 mov eax, ebx :00403820 7402 je 00403824 :00403822 8BC7 mov eax, edi * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403820(C) | :00403824 5F pop edi :00403825 5E pop esi :00403826 5B pop ebx :00403827 C3 ret * Referenced by a CALL at Addresses: |:00401E4E , :00402992 , :004029C7 , :00402A67 , :00402CFA |:00402D61 , :00402D9C , :00402E2C , :00405121 | :00403828 FF35E47A4000 push dword ptr [00407AE4] :0040382E FF742408 push [esp+08] :00403832 E803000000 call 0040383A :00403837 59 pop ecx :00403838 59 pop ecx :00403839 C3 ret * Referenced by a CALL at Address: |:00403832 | :0040383A 837C2404E0 cmp dword ptr [esp+04], FFFFFFE0 :0040383F 7722 ja 00403863 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403861(C) | :00403841 FF742404 push [esp+04] :00403845 E81C000000 call 00403866 :0040384A 85C0 test eax, eax :0040384C 59 pop ecx :0040384D 7516 jne 00403865 :0040384F 39442408 cmp dword ptr [esp+08], eax :00403853 7410 je 00403865 :00403855 FF742404 push [esp+04] :00403859 E8FC180000 call 0040515A :0040385E 85C0 test eax, eax :00403860 59 pop ecx :00403861 75DE jne 00403841 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0040383F(C) | :00403863 33C0 xor eax, eax * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:0040384D(C), :00403853(C) | :00403865 C3 ret * Referenced by a CALL at Address: |:00403845 | :00403866 56 push esi :00403867 8B742408 mov esi, dword ptr [esp+08] :0040386B 3B35C0774000 cmp esi, dword ptr [004077C0] :00403871 770B ja 0040387E :00403873 56 push esi :00403874 E8100F0000 call 00404789 :00403879 85C0 test eax, eax :0040387B 59 pop ecx :0040387C 751C jne 0040389A * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403871(C) | :0040387E 85F6 test esi, esi :00403880 7503 jne 00403885 :00403882 6A01 push 00000001 :00403884 5E pop esi * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403880(C) | :00403885 83C60F add esi, 0000000F :00403888 83E6F0 and esi, FFFFFFF0 :0040388B 56 push esi :0040388C 6A00 push 00000000 :0040388E FF35287D4000 push dword ptr [00407D28] * Reference To: KERNEL32.HeapAlloc, Ord:0199h | :00403894 FF155C604000 Call dword ptr [0040605C] * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0040387C(C) | :0040389A 5E pop esi :0040389B C3 ret * Referenced by a CALL at Addresses: |:00401E06 , :00403B06 | :0040389C 8B442404 mov eax, dword ptr [esp+04] :004038A0 3B05407E4000 cmp eax, dword ptr [00407E40] :004038A6 7203 jb 004038AB :004038A8 33C0 xor eax, eax :004038AA C3 ret * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004038A6(C) | :004038AB 8BC8 mov ecx, eax :004038AD 83E01F and eax, 0000001F :004038B0 C1F905 sar ecx, 05 :004038B3 8B0C8D407D4000 mov ecx, dword ptr [4*ecx+00407D40] :004038BA 8A44C104 mov al, byte ptr [ecx+8*eax+04] :004038BE 83E040 and eax, 00000040 :004038C1 C3 ret :004038C2 CC int 03 :004038C3 CC int 03 :004038C4 CC int 03 :004038C5 CC int 03 :004038C6 CC int 03 :004038C7 CC int 03 :004038C8 CC int 03 :004038C9 CC int 03 :004038CA CC int 03 :004038CB CC int 03 :004038CC CC int 03 :004038CD CC int 03 :004038CE CC int 03 :004038CF CC int 03 * Referenced by a CALL at Addresses: |:004022C8 , :0040297E , :004029B8 , :00403219 , :0040322C |:004032B9 | :004038D0 8B4C2404 mov ecx, dword ptr [esp+04] :004038D4 F7C103000000 test ecx, 00000003 :004038DA 7414 je 004038F0 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004038E9(C) | :004038DC 8A01 mov al, byte ptr [ecx] :004038DE 41 inc ecx :004038DF 84C0 test al, al :004038E1 7440 je 00403923 :004038E3 F7C103000000 test ecx, 00000003 :004038E9 75F1 jne 004038DC :004038EB 0500000000 add eax, 00000000 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:004038DA(C), :00403906(C), :00403921(U) | :004038F0 8B01 mov eax, dword ptr [ecx] :004038F2 BAFFFEFE7E mov edx, 7EFEFEFF :004038F7 03D0 add edx, eax :004038F9 83F0FF xor eax, FFFFFFFF :004038FC 33C2 xor eax, edx :004038FE 83C104 add ecx, 00000004 :00403901 A900010181 test eax, 81010100 :00403906 74E8 je 004038F0 :00403908 8B41FC mov eax, dword ptr [ecx-04] :0040390B 84C0 test al, al :0040390D 7432 je 00403941 :0040390F 84E4 test ah, ah :00403911 7424 je 00403937 :00403913 A90000FF00 test eax, 00FF0000 :00403918 7413 je 0040392D :0040391A A9000000FF test eax, FF000000 :0040391F 7402 je 00403923 :00403921 EBCD jmp 004038F0 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:004038E1(C), :0040391F(C) | :00403923 8D41FF lea eax, dword ptr [ecx-01] :00403926 8B4C2404 mov ecx, dword ptr [esp+04] :0040392A 2BC1 sub eax, ecx :0040392C C3 ret * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403918(C) | :0040392D 8D41FE lea eax, dword ptr [ecx-02] :00403930 8B4C2404 mov ecx, dword ptr [esp+04] :00403934 2BC1 sub eax, ecx :00403936 C3 ret * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403911(C) | :00403937 8D41FD lea eax, dword ptr [ecx-03] :0040393A 8B4C2404 mov ecx, dword ptr [esp+04] :0040393E 2BC1 sub eax, ecx :00403940 C3 ret * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0040390D(C) | :00403941 8D41FC lea eax, dword ptr [ecx-04] :00403944 8B4C2404 mov ecx, dword ptr [esp+04] :00403948 2BC1 sub eax, ecx :0040394A C3 ret * Referenced by a CALL at Addresses: |:0040219C , :0040257B | :0040394B 55 push ebp :0040394C 8BEC mov ebp, esp :0040394E 8B4508 mov eax, dword ptr [ebp+08] :00403951 85C0 test eax, eax :00403953 7502 jne 00403957 :00403955 5D pop ebp :00403956 C3 ret * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403953(C) | :00403957 833DC47A400000 cmp dword ptr [00407AC4], 00000000 :0040395E 7512 jne 00403972 :00403960 668B4D0C mov cx, word ptr [ebp+0C] :00403964 6681F9FF00 cmp cx, 00FF :00403969 7739 ja 004039A4 :0040396B 6A01 push 00000001 :0040396D 8808 mov byte ptr [eax], cl :0040396F 58 pop eax :00403970 5D pop ebp :00403971 C3 ret * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0040395E(C) | :00403972 8D4D08 lea ecx, dword ptr [ebp+08] :00403975 83650800 and dword ptr [ebp+08], 00000000 :00403979 51 push ecx :0040397A 6A00 push 00000000 :0040397C FF35A8744000 push dword ptr [004074A8] :00403982 50 push eax :00403983 8D450C lea eax, dword ptr [ebp+0C] :00403986 6A01 push 00000001 :00403988 50 push eax :00403989 6820020000 push 00000220 :0040398E FF35D47A4000 push dword ptr [00407AD4] * Reference To: KERNEL32.WideCharToMultiByte, Ord:02D2h | :00403994 FF1524604000 Call dword ptr [00406024] :0040399A 85C0 test eax, eax :0040399C 7406 je 004039A4 :0040399E 837D0800 cmp dword ptr [ebp+08], 00000000 :004039A2 740D je 004039B1 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00403969(C), :0040399C(C) | :004039A4 C705507940002A000000 mov dword ptr [00407950], 0000002A :004039AE 83C8FF or eax, FFFFFFFF * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004039A2(C) | :004039B1 5D pop ebp :004039B2 C3 ret :004039B3 CC int 03 :004039B4 CC int 03 :004039B5 CC int 03 :004039B6 CC int 03 :004039B7 CC int 03 :004039B8 CC int 03 :004039B9 CC int 03 :004039BA CC int 03 :004039BB CC int 03 :004039BC CC int 03 :004039BD CC int 03 :004039BE CC int 03 :004039BF CC int 03 * Referenced by a CALL at Address: |:0040248C | :004039C0 53 push ebx :004039C1 56 push esi :004039C2 8B442418 mov eax, dword ptr [esp+18] :004039C6 0BC0 or eax, eax :004039C8 7518 jne 004039E2 :004039CA 8B4C2414 mov ecx, dword ptr [esp+14] :004039CE 8B442410 mov eax, dword ptr [esp+10] :004039D2 33D2 xor edx, edx :004039D4 F7F1 div ecx :004039D6 8BD8 mov ebx, eax :004039D8 8B44240C mov eax, dword ptr [esp+0C] :004039DC F7F1 div ecx :004039DE 8BD3 mov edx, ebx :004039E0 EB41 jmp 00403A23 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004039C8(C) | :004039E2 8BC8 mov ecx, eax :004039E4 8B5C2414 mov ebx, dword ptr [esp+14] :004039E8 8B542410 mov edx, dword ptr [esp+10] :004039EC 8B44240C mov eax, dword ptr [esp+0C] * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004039FA(C) | :004039F0 D1E9 shr ecx, 1 :004039F2 D1DB rcr ebx, 1 :004039F4 D1EA shr edx, 1 :004039F6 D1D8 rcr eax, 1 :004039F8 0BC9 or ecx, ecx :004039FA 75F4 jne 004039F0 :004039FC F7F3 div ebx :004039FE 8BF0 mov esi, eax :00403A00 F7642418 mul [esp+18] :00403A04 8BC8 mov ecx, eax :00403A06 8B442414 mov eax, dword ptr [esp+14] :00403A0A F7E6 mul esi :00403A0C 03D1 add edx, ecx :00403A0E 720E jb 00403A1E :00403A10 3B542410 cmp edx, dword ptr [esp+10] :00403A14 7708 ja 00403A1E :00403A16 7207 jb 00403A1F :00403A18 3B44240C cmp eax, dword ptr [esp+0C] :00403A1C 7601 jbe 00403A1F * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00403A0E(C), :00403A14(C) | :00403A1E 4E dec esi * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00403A16(C), :00403A1C(C) | :00403A1F 33D2 xor edx, edx :00403A21 8BC6 mov eax, esi * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004039E0(U) | :00403A23 5E pop esi :00403A24 5B pop ebx :00403A25 C21000 ret 0010 :00403A28 CC int 03 :00403A29 CC int 03 :00403A2A CC int 03 :00403A2B CC int 03 :00403A2C CC int 03 :00403A2D CC int 03 :00403A2E CC int 03 :00403A2F CC int 03 * Referenced by a CALL at Address: |:0040247A | :00403A30 53 push ebx :00403A31 8B442414 mov eax, dword ptr [esp+14] :00403A35 0BC0 or eax, eax :00403A37 7518 jne 00403A51 :00403A39 8B4C2410 mov ecx, dword ptr [esp+10] :00403A3D 8B44240C mov eax, dword ptr [esp+0C] :00403A41 33D2 xor edx, edx :00403A43 F7F1 div ecx :00403A45 8B442408 mov eax, dword ptr [esp+08] :00403A49 F7F1 div ecx :00403A4B 8BC2 mov eax, edx :00403A4D 33D2 xor edx, edx :00403A4F EB50 jmp 00403AA1 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403A37(C) | :00403A51 8BC8 mov ecx, eax :00403A53 8B5C2410 mov ebx, dword ptr [esp+10] :00403A57 8B54240C mov edx, dword ptr [esp+0C] :00403A5B 8B442408 mov eax, dword ptr [esp+08] * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403A69(C) | :00403A5F D1E9 shr ecx, 1 :00403A61 D1DB rcr ebx, 1 :00403A63 D1EA shr edx, 1 :00403A65 D1D8 rcr eax, 1 :00403A67 0BC9 or ecx, ecx :00403A69 75F4 jne 00403A5F :00403A6B F7F3 div ebx :00403A6D 8BC8 mov ecx, eax :00403A6F F7642414 mul [esp+14] :00403A73 91 xchg eax,ecx :00403A74 F7642410 mul [esp+10] :00403A78 03D1 add edx, ecx :00403A7A 720E jb 00403A8A :00403A7C 3B54240C cmp edx, dword ptr [esp+0C] :00403A80 7708 ja 00403A8A :00403A82 720E jb 00403A92 :00403A84 3B442408 cmp eax, dword ptr [esp+08] :00403A88 7608 jbe 00403A92 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00403A7A(C), :00403A80(C) | :00403A8A 2B442410 sub eax, dword ptr [esp+10] :00403A8E 1B542414 sbb edx, dword ptr [esp+14] * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00403A82(C), :00403A88(C) | :00403A92 2B442408 sub eax, dword ptr [esp+08] :00403A96 1B54240C sbb edx, dword ptr [esp+0C] :00403A9A F7DA neg edx :00403A9C F7D8 neg eax :00403A9E 83DA00 sbb edx, 00000000 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403A4F(U) | :00403AA1 5B pop ebx :00403AA2 C21000 ret 0010 * Referenced by a CALL at Address: |:00402626 | :00403AA5 55 push ebp :00403AA6 8BEC mov ebp, esp :00403AA8 53 push ebx :00403AA9 56 push esi :00403AAA 8B750C mov esi, dword ptr [ebp+0C] :00403AAD 8B460C mov eax, dword ptr [esi+0C] :00403AB0 8B5E10 mov ebx, dword ptr [esi+10] :00403AB3 A882 test al, 82 :00403AB5 0F84F3000000 je 00403BAE :00403ABB A840 test al, 40 :00403ABD 0F85EB000000 jne 00403BAE :00403AC3 A801 test al, 01 :00403AC5 7416 je 00403ADD :00403AC7 83660400 and dword ptr [esi+04], 00000000 :00403ACB A810 test al, 10 :00403ACD 0F84DB000000 je 00403BAE :00403AD3 8B4E08 mov ecx, dword ptr [esi+08] :00403AD6 24FE and al, FE :00403AD8 890E mov dword ptr [esi], ecx :00403ADA 89460C mov dword ptr [esi+0C], eax * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403AC5(C) | :00403ADD 8B460C mov eax, dword ptr [esi+0C] :00403AE0 83660400 and dword ptr [esi+04], 00000000 :00403AE4 83650C00 and dword ptr [ebp+0C], 00000000 :00403AE8 24EF and al, EF :00403AEA 0C02 or al, 02 :00403AEC 66A90C01 test ax, 010C :00403AF0 89460C mov dword ptr [esi+0C], eax :00403AF3 7522 jne 00403B17 :00403AF5 81FEE8704000 cmp esi, 004070E8 :00403AFB 7408 je 00403B05 :00403AFD 81FE08714000 cmp esi, 00407108 :00403B03 750B jne 00403B10 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403AFB(C) | :00403B05 53 push ebx :00403B06 E891FDFFFF call 0040389C :00403B0B 85C0 test eax, eax :00403B0D 59 pop ecx :00403B0E 7507 jne 00403B17 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403B03(C) | :00403B10 56 push esi :00403B11 E800160000 call 00405116 :00403B16 59 pop ecx * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00403AF3(C), :00403B0E(C) | :00403B17 66F7460C0801 test [esi+0C], 0108 :00403B1D 57 push edi :00403B1E 7464 je 00403B84 :00403B20 8B4608 mov eax, dword ptr [esi+08] :00403B23 8B3E mov edi, dword ptr [esi] :00403B25 2BF8 sub edi, eax :00403B27 8D4801 lea ecx, dword ptr [eax+01] :00403B2A 890E mov dword ptr [esi], ecx :00403B2C 8B4E18 mov ecx, dword ptr [esi+18] :00403B2F 49 dec ecx :00403B30 85FF test edi, edi :00403B32 894E04 mov dword ptr [esi+04], ecx :00403B35 7E10 jle 00403B47 :00403B37 57 push edi :00403B38 50 push eax :00403B39 53 push ebx :00403B3A E8E3160000 call 00405222 :00403B3F 83C40C add esp, 0000000C :00403B42 89450C mov dword ptr [ebp+0C], eax :00403B45 EB33 jmp 00403B7A * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403B35(C) | :00403B47 83FBFF cmp ebx, FFFFFFFF :00403B4A 7416 je 00403B62 :00403B4C 8BC3 mov eax, ebx :00403B4E 8BCB mov ecx, ebx :00403B50 C1F805 sar eax, 05 :00403B53 83E11F and ecx, 0000001F :00403B56 8B0485407D4000 mov eax, dword ptr [4*eax+00407D40] :00403B5D 8D04C8 lea eax, dword ptr [eax+8*ecx] :00403B60 EB05 jmp 00403B67 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403B4A(C) | :00403B62 B8D8734000 mov eax, 004073D8 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403B60(U) | :00403B67 F6400420 test [eax+04], 20 :00403B6B 740D je 00403B7A :00403B6D 6A02 push 00000002 :00403B6F 6A00 push 00000000 :00403B71 53 push ebx :00403B72 E858180000 call 004053CF :00403B77 83C40C add esp, 0000000C * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00403B45(U), :00403B6B(C) | :00403B7A 8B4608 mov eax, dword ptr [esi+08] :00403B7D 8A4D08 mov cl, byte ptr [ebp+08] :00403B80 8808 mov byte ptr [eax], cl :00403B82 EB14 jmp 00403B98 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403B1E(C) | :00403B84 6A01 push 00000001 :00403B86 8D4508 lea eax, dword ptr [ebp+08] :00403B89 5F pop edi :00403B8A 57 push edi :00403B8B 50 push eax :00403B8C 53 push ebx :00403B8D E890160000 call 00405222 :00403B92 83C40C add esp, 0000000C :00403B95 89450C mov dword ptr [ebp+0C], eax * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403B82(U) | :00403B98 397D0C cmp dword ptr [ebp+0C], edi :00403B9B 5F pop edi :00403B9C 7406 je 00403BA4 :00403B9E 834E0C20 or dword ptr [esi+0C], 00000020 :00403BA2 EB0F jmp 00403BB3 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403B9C(C) | :00403BA4 8B4508 mov eax, dword ptr [ebp+08] :00403BA7 25FF000000 and eax, 000000FF :00403BAC EB08 jmp 00403BB6 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00403AB5(C), :00403ABD(C), :00403ACD(C) | :00403BAE 0C20 or al, 20 :00403BB0 89460C mov dword ptr [esi+0C], eax * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403BA2(U) | :00403BB3 83C8FF or eax, FFFFFFFF * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403BAC(U) | :00403BB6 5E pop esi :00403BB7 5B pop ebx :00403BB8 5D pop ebp :00403BB9 C3 ret * Referenced by a CALL at Addresses: |:004029F5 , :00402D1D , :004036FE , :004051B8 , :00405B5C | :00403BBA 56 push esi :00403BBB 8B742408 mov esi, dword ptr [esp+08] :00403BBF 85F6 test esi, esi :00403BC1 7424 je 00403BE7 :00403BC3 56 push esi :00403BC4 E86A080000 call 00404433 :00403BC9 59 pop ecx :00403BCA 85C0 test eax, eax :00403BCC 56 push esi :00403BCD 740A je 00403BD9 :00403BCF 50 push eax :00403BD0 E889080000 call 0040445E :00403BD5 59 pop ecx :00403BD6 59 pop ecx :00403BD7 5E pop esi :00403BD8 C3 ret * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403BCD(C) | :00403BD9 6A00 push 00000000 :00403BDB FF35287D4000 push dword ptr [00407D28] * Reference To: KERNEL32.HeapFree, Ord:019Fh | :00403BE1 FF154C604000 Call dword ptr [0040604C] * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403BC1(C) | :00403BE7 5E pop esi :00403BE8 C3 ret :00403BE9 CC int 03 :00403BEA CC int 03 :00403BEB CC int 03 :00403BEC CC int 03 :00403BED CC int 03 :00403BEE CC int 03 :00403BEF CC int 03 * Referenced by a CALL at Addresses: |:004029DE , :00403204 , :0040325A | :00403BF0 57 push edi :00403BF1 8B7C2408 mov edi, dword ptr [esp+08] :00403BF5 EB6A jmp 00403C61 :00403BF7 8DA42400000000 lea esp, dword ptr [esp] :00403BFE 8BFF mov edi, edi * Referenced by a CALL at Addresses: |:00403267 , :00403278 , :0040328A | :00403C00 8B4C2404 mov ecx, dword ptr [esp+04] :00403C04 57 push edi :00403C05 F7C103000000 test ecx, 00000003 :00403C0B 740F je 00403C1C * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403C1A(C) | :00403C0D 8A01 mov al, byte ptr [ecx] :00403C0F 41 inc ecx :00403C10 84C0 test al, al :00403C12 743B je 00403C4F :00403C14 F7C103000000 test ecx, 00000003 :00403C1A 75F1 jne 00403C0D * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00403C0B(C), :00403C32(C), :00403C4D(U) | :00403C1C 8B01 mov eax, dword ptr [ecx] :00403C1E BAFFFEFE7E mov edx, 7EFEFEFF :00403C23 03D0 add edx, eax :00403C25 83F0FF xor eax, FFFFFFFF :00403C28 33C2 xor eax, edx :00403C2A 83C104 add ecx, 00000004 :00403C2D A900010181 test eax, 81010100 :00403C32 74E8 je 00403C1C :00403C34 8B41FC mov eax, dword ptr [ecx-04] :00403C37 84C0 test al, al :00403C39 7423 je 00403C5E :00403C3B 84E4 test ah, ah :00403C3D 741A je 00403C59 :00403C3F A90000FF00 test eax, 00FF0000 :00403C44 740E je 00403C54 :00403C46 A9000000FF test eax, FF000000 :00403C4B 7402 je 00403C4F :00403C4D EBCD jmp 00403C1C * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00403C12(C), :00403C4B(C) | :00403C4F 8D79FF lea edi, dword ptr [ecx-01] :00403C52 EB0D jmp 00403C61 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403C44(C) | :00403C54 8D79FE lea edi, dword ptr [ecx-02] :00403C57 EB08 jmp 00403C61 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403C3D(C) | :00403C59 8D79FD lea edi, dword ptr [ecx-03] :00403C5C EB03 jmp 00403C61 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403C39(C) | :00403C5E 8D79FC lea edi, dword ptr [ecx-04] * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00403BF5(U), :00403C52(U), :00403C57(U), :00403C5C(U) | :00403C61 8B4C240C mov ecx, dword ptr [esp+0C] :00403C65 F7C103000000 test ecx, 00000003 :00403C6B 7419 je 00403C86 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403C7D(C) | :00403C6D 8A11 mov dl, byte ptr [ecx] :00403C6F 41 inc ecx :00403C70 84D2 test dl, dl :00403C72 7464 je 00403CD8 :00403C74 8817 mov byte ptr [edi], dl :00403C76 47 inc edi :00403C77 F7C103000000 test ecx, 00000003 :00403C7D 75EE jne 00403C6D :00403C7F EB05 jmp 00403C86 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00403C9E(C), :00403CB8(U) | :00403C81 8917 mov dword ptr [edi], edx :00403C83 83C704 add edi, 00000004 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00403C6B(C), :00403C7F(U) | :00403C86 BAFFFEFE7E mov edx, 7EFEFEFF :00403C8B 8B01 mov eax, dword ptr [ecx] :00403C8D 03D0 add edx, eax :00403C8F 83F0FF xor eax, FFFFFFFF :00403C92 33C2 xor eax, edx :00403C94 8B11 mov edx, dword ptr [ecx] :00403C96 83C104 add ecx, 00000004 :00403C99 A900010181 test eax, 81010100 :00403C9E 74E1 je 00403C81 :00403CA0 84D2 test dl, dl :00403CA2 7434 je 00403CD8 :00403CA4 84F6 test dh, dh :00403CA6 7427 je 00403CCF :00403CA8 F7C20000FF00 test edx, 00FF0000 :00403CAE 7412 je 00403CC2 :00403CB0 F7C2000000FF test edx, FF000000 :00403CB6 7402 je 00403CBA :00403CB8 EBC7 jmp 00403C81 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403CB6(C) | :00403CBA 8917 mov dword ptr [edi], edx :00403CBC 8B442408 mov eax, dword ptr [esp+08] :00403CC0 5F pop edi :00403CC1 C3 ret * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403CAE(C) | :00403CC2 668917 mov word ptr [edi], dx :00403CC5 8B442408 mov eax, dword ptr [esp+08] :00403CC9 C6470200 mov [edi+02], 00 :00403CCD 5F pop edi :00403CCE C3 ret * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403CA6(C) | :00403CCF 668917 mov word ptr [edi], dx :00403CD2 8B442408 mov eax, dword ptr [esp+08] :00403CD6 5F pop edi :00403CD7 C3 ret * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00403C72(C), :00403CA2(C) | :00403CD8 8817 mov byte ptr [edi], dl :00403CDA 8B442408 mov eax, dword ptr [esp+08] :00403CDE 5F pop edi :00403CDF C3 ret * Referenced by a CALL at Address: |:004040AF | :00403CE0 55 push ebp :00403CE1 8BEC mov ebp, esp :00403CE3 83EC18 sub esp, 00000018 :00403CE6 53 push ebx :00403CE7 56 push esi :00403CE8 57 push edi :00403CE9 FF7508 push [ebp+08] :00403CEC E888010000 call 00403E79 :00403CF1 8BF0 mov esi, eax :00403CF3 59 pop ecx :00403CF4 3B35047B4000 cmp esi, dword ptr [00407B04] :00403CFA 897508 mov dword ptr [ebp+08], esi :00403CFD 0F846A010000 je 00403E6D :00403D03 33DB xor ebx, ebx :00403D05 3BF3 cmp esi, ebx :00403D07 0F8456010000 je 00403E63 :00403D0D 33D2 xor edx, edx :00403D0F B8C8764000 mov eax, 004076C8 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403D21(C) | :00403D14 3930 cmp dword ptr [eax], esi :00403D16 7472 je 00403D8A :00403D18 83C030 add eax, 00000030 :00403D1B 42 inc edx :00403D1C 3DB8774000 cmp eax, 004077B8 :00403D21 7CF1 jl 00403D14 :00403D23 8D45E8 lea eax, dword ptr [ebp-18] :00403D26 50 push eax :00403D27 56 push esi * Reference To: KERNEL32.GetCPInfo, Ord:00BFh | :00403D28 FF1560604000 Call dword ptr [00406060] :00403D2E 83F801 cmp eax, 00000001 :00403D31 0F8524010000 jne 00403E5B :00403D37 6A40 push 00000040 :00403D39 33C0 xor eax, eax :00403D3B 59 pop ecx :00403D3C BF207C4000 mov edi, 00407C20 :00403D41 837DE801 cmp dword ptr [ebp-18], 00000001 :00403D45 8935047B4000 mov dword ptr [00407B04], esi :00403D4B F3 repz :00403D4C AB stosd :00403D4D AA stosb :00403D4E 891D247D4000 mov dword ptr [00407D24], ebx :00403D54 0F86EF000000 jbe 00403E49 :00403D5A 807DEE00 cmp byte ptr [ebp-12], 00 :00403D5E 0F84BB000000 je 00403E1F :00403D64 8D4DEF lea ecx, dword ptr [ebp-11] * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403E19(C) | :00403D67 8A11 mov dl, byte ptr [ecx] :00403D69 84D2 test dl, dl :00403D6B 0F84AE000000 je 00403E1F :00403D71 0FB641FF movzx eax, byte ptr [ecx-01] :00403D75 0FB6D2 movzx edx, dl * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403D88(U) | :00403D78 3BC2 cmp eax, edx :00403D7A 0F8793000000 ja 00403E13 :00403D80 8088217C400004 or byte ptr [eax+00407C21], 04 :00403D87 40 inc eax :00403D88 EBEE jmp 00403D78 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403D16(C) | :00403D8A 6A40 push 00000040 :00403D8C 33C0 xor eax, eax :00403D8E 59 pop ecx :00403D8F BF207C4000 mov edi, 00407C20 :00403D94 F3 repz :00403D95 AB stosd :00403D96 8D3452 lea esi, dword ptr [edx+2*edx] :00403D99 895DFC mov dword ptr [ebp-04], ebx :00403D9C C1E604 shl esi, 04 :00403D9F AA stosb :00403DA0 8D9ED8764000 lea ebx, dword ptr [esi+004076D8] * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403DE3(C) | :00403DA6 803B00 cmp byte ptr [ebx], 00 :00403DA9 8BCB mov ecx, ebx :00403DAB 742C je 00403DD9 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403DD7(C) | :00403DAD 8A5101 mov dl, byte ptr [ecx+01] :00403DB0 84D2 test dl, dl :00403DB2 7425 je 00403DD9 :00403DB4 0FB601 movzx eax, byte ptr [ecx] :00403DB7 0FB6FA movzx edi, dl :00403DBA 3BC7 cmp eax, edi :00403DBC 7714 ja 00403DD2 :00403DBE 8B55FC mov edx, dword ptr [ebp-04] :00403DC1 8A92C0764000 mov dl, byte ptr [edx+004076C0] * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403DD0(C) | :00403DC7 0890217C4000 or byte ptr [eax+00407C21], dl :00403DCD 40 inc eax :00403DCE 3BC7 cmp eax, edi :00403DD0 76F5 jbe 00403DC7 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403DBC(C) | :00403DD2 41 inc ecx :00403DD3 41 inc ecx :00403DD4 803900 cmp byte ptr [ecx], 00 :00403DD7 75D4 jne 00403DAD * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00403DAB(C), :00403DB2(C) | :00403DD9 FF45FC inc [ebp-04] :00403DDC 83C308 add ebx, 00000008 :00403DDF 837DFC04 cmp dword ptr [ebp-04], 00000004 :00403DE3 72C1 jb 00403DA6 :00403DE5 8B4508 mov eax, dword ptr [ebp+08] :00403DE8 C7051C7B400001000000 mov dword ptr [00407B1C], 00000001 :00403DF2 50 push eax :00403DF3 A3047B4000 mov dword ptr [00407B04], eax :00403DF8 E8C6000000 call 00403EC3 :00403DFD 8DB6CC764000 lea esi, dword ptr [esi+004076CC] :00403E03 BF107B4000 mov edi, 00407B10 :00403E08 A5 movsd :00403E09 A5 movsd :00403E0A 59 pop ecx :00403E0B A3247D4000 mov dword ptr [00407D24], eax :00403E10 A5 movsd :00403E11 EB55 jmp 00403E68 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403D7A(C) | :00403E13 41 inc ecx :00403E14 41 inc ecx :00403E15 8079FF00 cmp byte ptr [ecx-01], 00 :00403E19 0F8548FFFFFF jne 00403D67 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00403D5E(C), :00403D6B(C) | :00403E1F 6A01 push 00000001 :00403E21 58 pop eax * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403E2F(C) | :00403E22 8088217C400008 or byte ptr [eax+00407C21], 08 :00403E29 40 inc eax :00403E2A 3DFF000000 cmp eax, 000000FF :00403E2F 72F1 jb 00403E22 :00403E31 56 push esi :00403E32 E88C000000 call 00403EC3 :00403E37 59 pop ecx :00403E38 A3247D4000 mov dword ptr [00407D24], eax :00403E3D C7051C7B400001000000 mov dword ptr [00407B1C], 00000001 :00403E47 EB06 jmp 00403E4F * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403D54(C) | :00403E49 891D1C7B4000 mov dword ptr [00407B1C], ebx * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403E47(U) | :00403E4F 33C0 xor eax, eax :00403E51 BF107B4000 mov edi, 00407B10 :00403E56 AB stosd :00403E57 AB stosd :00403E58 AB stosd :00403E59 EB0D jmp 00403E68 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403D31(C) | :00403E5B 391DAC7A4000 cmp dword ptr [00407AAC], ebx :00403E61 740E je 00403E71 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403D07(C) | :00403E63 E88E000000 call 00403EF6 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00403E11(U), :00403E59(U) | :00403E68 E8B2000000 call 00403F1F * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403CFD(C) | :00403E6D 33C0 xor eax, eax :00403E6F EB03 jmp 00403E74 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403E61(C) | :00403E71 83C8FF or eax, FFFFFFFF * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403E6F(U) | :00403E74 5F pop edi :00403E75 5E pop esi :00403E76 5B pop ebx :00403E77 C9 leave :00403E78 C3 ret * Referenced by a CALL at Address: |:00403CEC | :00403E79 8B442404 mov eax, dword ptr [esp+04] :00403E7D 8325AC7A400000 and dword ptr [00407AAC], 00000000 :00403E84 83F8FE cmp eax, FFFFFFFE :00403E87 7510 jne 00403E99 :00403E89 C705AC7A400001000000 mov dword ptr [00407AAC], 00000001 * Reference To: KERNEL32.GetOEMCP, Ord:0131h | :00403E93 FF2568604000 Jmp dword ptr [00406068] * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403E87(C) | :00403E99 83F8FD cmp eax, FFFFFFFD :00403E9C 7510 jne 00403EAE :00403E9E C705AC7A400001000000 mov dword ptr [00407AAC], 00000001 * Reference To: KERNEL32.GetACP, Ord:00B9h | :00403EA8 FF2564604000 Jmp dword ptr [00406064] * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403E9C(C) | :00403EAE 83F8FC cmp eax, FFFFFFFC :00403EB1 750F jne 00403EC2 :00403EB3 A1D47A4000 mov eax, dword ptr [00407AD4] :00403EB8 C705AC7A400001000000 mov dword ptr [00407AAC], 00000001 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403EB1(C) | :00403EC2 C3 ret * Referenced by a CALL at Addresses: |:00403DF8 , :00403E32 | :00403EC3 8B442404 mov eax, dword ptr [esp+04] :00403EC7 2DA4030000 sub eax, 000003A4 :00403ECC 7422 je 00403EF0 :00403ECE 83E804 sub eax, 00000004 :00403ED1 7417 je 00403EEA :00403ED3 83E80D sub eax, 0000000D :00403ED6 740C je 00403EE4 :00403ED8 48 dec eax :00403ED9 7403 je 00403EDE :00403EDB 33C0 xor eax, eax :00403EDD C3 ret * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403ED9(C) | :00403EDE B804040000 mov eax, 00000404 :00403EE3 C3 ret * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403ED6(C) | :00403EE4 B812040000 mov eax, 00000412 :00403EE9 C3 ret * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403ED1(C) | :00403EEA B804080000 mov eax, 00000804 :00403EEF C3 ret * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403ECC(C) | :00403EF0 B811040000 mov eax, 00000411 :00403EF5 C3 ret * Referenced by a CALL at Address: |:00403E63 | :00403EF6 57 push edi :00403EF7 6A40 push 00000040 :00403EF9 59 pop ecx :00403EFA 33C0 xor eax, eax :00403EFC BF207C4000 mov edi, 00407C20 :00403F01 F3 repz :00403F02 AB stosd :00403F03 AA stosb :00403F04 33C0 xor eax, eax :00403F06 BF107B4000 mov edi, 00407B10 :00403F0B A3047B4000 mov dword ptr [00407B04], eax :00403F10 A31C7B4000 mov dword ptr [00407B1C], eax :00403F15 A3247D4000 mov dword ptr [00407D24], eax :00403F1A AB stosd :00403F1B AB stosd :00403F1C AB stosd :00403F1D 5F pop edi :00403F1E C3 ret * Referenced by a CALL at Address: |:00403E68 | :00403F1F 55 push ebp :00403F20 8BEC mov ebp, esp :00403F22 81EC14050000 sub esp, 00000514 :00403F28 8D45EC lea eax, dword ptr [ebp-14] :00403F2B 56 push esi :00403F2C 50 push eax :00403F2D FF35047B4000 push dword ptr [00407B04] * Reference To: KERNEL32.GetCPInfo, Ord:00BFh | :00403F33 FF1560604000 Call dword ptr [00406060] :00403F39 83F801 cmp eax, 00000001 :00403F3C 0F8516010000 jne 00404058 :00403F42 33C0 xor eax, eax :00403F44 BE00010000 mov esi, 00000100 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403F53(C) | :00403F49 888405ECFEFFFF mov byte ptr [ebp+eax-00000114], al :00403F50 40 inc eax :00403F51 3BC6 cmp eax, esi :00403F53 72F4 jb 00403F49 :00403F55 8A45F2 mov al, byte ptr [ebp-0E] :00403F58 C685ECFEFFFF20 mov byte ptr [ebp+FFFFFEEC], 20 :00403F5F 84C0 test al, al :00403F61 7437 je 00403F9A :00403F63 53 push ebx :00403F64 57 push edi :00403F65 8D55F3 lea edx, dword ptr [ebp-0D] * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403F96(C) | :00403F68 0FB60A movzx ecx, byte ptr [edx] :00403F6B 0FB6C0 movzx eax, al :00403F6E 3BC1 cmp eax, ecx :00403F70 771D ja 00403F8F :00403F72 2BC8 sub ecx, eax :00403F74 8DBC05ECFEFFFF lea edi, dword ptr [ebp+eax-00000114] :00403F7B 41 inc ecx :00403F7C B820202020 mov eax, 20202020 :00403F81 8BD9 mov ebx, ecx :00403F83 C1E902 shr ecx, 02 :00403F86 F3 repz :00403F87 AB stosd :00403F88 8BCB mov ecx, ebx :00403F8A 83E103 and ecx, 00000003 :00403F8D F3 repz :00403F8E AA stosb * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403F70(C) | :00403F8F 42 inc edx :00403F90 42 inc edx :00403F91 8A42FF mov al, byte ptr [edx-01] :00403F94 84C0 test al, al :00403F96 75D0 jne 00403F68 :00403F98 5F pop edi :00403F99 5B pop ebx * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403F61(C) | :00403F9A 6A00 push 00000000 :00403F9C 8D85ECFAFFFF lea eax, dword ptr [ebp+FFFFFAEC] :00403FA2 FF35247D4000 push dword ptr [00407D24] :00403FA8 FF35047B4000 push dword ptr [00407B04] :00403FAE 50 push eax :00403FAF 8D85ECFEFFFF lea eax, dword ptr [ebp+FFFFFEEC] :00403FB5 56 push esi :00403FB6 50 push eax :00403FB7 6A01 push 00000001 :00403FB9 E8190E0000 call 00404DD7 :00403FBE 6A00 push 00000000 :00403FC0 8D85ECFDFFFF lea eax, dword ptr [ebp+FFFFFDEC] :00403FC6 FF35047B4000 push dword ptr [00407B04] :00403FCC 56 push esi :00403FCD 50 push eax :00403FCE 8D85ECFEFFFF lea eax, dword ptr [ebp+FFFFFEEC] :00403FD4 56 push esi :00403FD5 50 push eax :00403FD6 56 push esi :00403FD7 FF35247D4000 push dword ptr [00407D24] :00403FDD E887140000 call 00405469 :00403FE2 6A00 push 00000000 :00403FE4 8D85ECFCFFFF lea eax, dword ptr [ebp+FFFFFCEC] :00403FEA FF35047B4000 push dword ptr [00407B04] :00403FF0 56 push esi :00403FF1 50 push eax :00403FF2 8D85ECFEFFFF lea eax, dword ptr [ebp+FFFFFEEC] :00403FF8 56 push esi :00403FF9 50 push eax :00403FFA 6800020000 push 00000200 :00403FFF FF35247D4000 push dword ptr [00407D24] :00404005 E85F140000 call 00405469 :0040400A 83C45C add esp, 0000005C :0040400D 33C0 xor eax, eax :0040400F 8D8DECFAFFFF lea ecx, dword ptr [ebp+FFFFFAEC] * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00404054(C) | :00404015 668B11 mov dx, word ptr [ecx] :00404018 F6C201 test dl, 01 :0040401B 7416 je 00404033 :0040401D 8088217C400010 or byte ptr [eax+00407C21], 10 :00404024 8A9405ECFDFFFF mov dl, byte ptr [ebp+eax-00000214] * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00404046(U) | :0040402B 8890207B4000 mov byte ptr [eax+00407B20], dl :00404031 EB1C jmp 0040404F * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0040401B(C) | :00404033 F6C202 test dl, 02 :00404036 7410 je 00404048 :00404038 8088217C400020 or byte ptr [eax+00407C21], 20 :0040403F 8A9405ECFCFFFF mov dl, byte ptr [ebp+eax-00000314] :00404046 EBE3 jmp 0040402B * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00404036(C) | :00404048 80A0207B400000 and byte ptr [eax+00407B20], 00 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00404031(U) | :0040404F 40 inc eax :00404050 41 inc ecx :00404051 41 inc ecx :00404052 3BC6 cmp eax, esi :00404054 72BF jb 00404015 :00404056 EB49 jmp 004040A1 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403F3C(C) | :00404058 33C0 xor eax, eax :0040405A BE00010000 mov esi, 00000100 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0040409F(C) | :0040405F 83F841 cmp eax, 00000041 :00404062 7219 jb 0040407D :00404064 83F85A cmp eax, 0000005A :00404067 7714 ja 0040407D :00404069 8088217C400010 or byte ptr [eax+00407C21], 10 :00404070 8AC8 mov cl, al :00404072 80C120 add cl, 20 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00404093(U) | :00404075 8888207B4000 mov byte ptr [eax+00407B20], cl :0040407B EB1F jmp 0040409C * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00404062(C), :00404067(C) | :0040407D 83F861 cmp eax, 00000061 :00404080 7213 jb 00404095 :00404082 83F87A cmp eax, 0000007A :00404085 770E ja 00404095 :00404087 8088217C400020 or byte ptr [eax+00407C21], 20 :0040408E 8AC8 mov cl, al :00404090 80E920 sub cl, 20 :00404093 EBE0 jmp 00404075 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00404080(C), :00404085(C) | :00404095 80A0207B400000 and byte ptr [eax+00407B20], 00 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0040407B(U) | :0040409C 40 inc eax :0040409D 3BC6 cmp eax, esi :0040409F 72BE jb 0040405F * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00404056(U) | :004040A1 5E pop esi :004040A2 C9 leave :004040A3 C3 ret * Referenced by a CALL at Addresses: |:00402965 , :00402A23 | :004040A4 833D487E400000 cmp dword ptr [00407E48], 00000000 :004040AB 7512 jne 004040BF :004040AD 6AFD push FFFFFFFD :004040AF E82CFCFFFF call 00403CE0 :004040B4 59 pop ecx :004040B5 C705487E400001000000 mov dword ptr [00407E48], 00000001 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004040AB(C) | :004040BF C3 ret * Referenced by a CALL at Address: |:00402D74 | :004040C0 55 push ebp :004040C1 8BEC mov ebp, esp :004040C3 57 push edi :004040C4 56 push esi :004040C5 8B750C mov esi, dword ptr [ebp+0C] :004040C8 8B4D10 mov ecx, dword ptr [ebp+10] :004040CB 8B7D08 mov edi, dword ptr [ebp+08] :004040CE 8BC1 mov eax, ecx :004040D0 8BD1 mov edx, ecx :004040D2 03C6 add eax, esi :004040D4 3BFE cmp edi, esi :004040D6 7608 jbe 004040E0 :004040D8 3BF8 cmp edi, eax :004040DA 0F8278010000 jb 00404258 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004040D6(C) | :004040E0 F7C703000000 test edi, 00000003 :004040E6 7514 jne 004040FC :004040E8 C1E902 shr ecx, 02 :004040EB 83E203 and edx, 00000003 :004040EE 83F908 cmp ecx, 00000008 :004040F1 7229 jb 0040411C :004040F3 F3 repz :004040F4 A5 movsd :004040F5 FF249508424000 jmp dword ptr [4*edx+00404208] * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004040E6(C) | :004040FC 8BC7 mov eax, edi :004040FE BA03000000 mov edx, 00000003 :00404103 83E904 sub ecx, 00000004 :00404106 720C jb 00404114 :00404108 83E003 and eax, 00000003 :0040410B 03C8 add ecx, eax :0040410D FF248520414000 jmp dword ptr [4*eax+00404120] * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00404106(C) | :00404114 FF248D18424000 jmp dword ptr [4*ecx+00404218] :0040411B 90 nop * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:004040F1(C), :0040414E(C), :00404174(C), :0040418E(C) | :0040411C FF BYTE ffh :0040411D 24 BYTE 24h :0040411E 8D BYTE 8dh :0040411F 9C BYTE 9ch :00404120 41400090 DWORD 90004041 :00404124 30414000 DWORD 00404130 :00404128 5C414000 DWORD 0040415C :0040412C 80414000 DWORD 00404180 :00404130 23D1 and edx, ecx :00404132 8A06 mov al, byte ptr [esi] :00404134 8807 mov byte ptr [edi], al :00404136 8A4601 mov al, byte ptr [esi+01] :00404139 884701 mov byte ptr [edi+01], al :0040413C 8A4602 mov al, byte ptr [esi+02] :0040413F C1E902 shr ecx, 02 :00404142 884702 mov byte ptr [edi+02], al :00404145 83C603 add esi, 00000003 :00404148 83C703 add edi, 00000003 :0040414B 83F908 cmp ecx, 00000008 :0040414E 72CC jb 0040411C :00404150 F3 repz :00404151 A5 movsd :00404152 FF249508424000 jmp dword ptr [4*edx+00404208] :00404159 8D4900 lea ecx, dword ptr [ecx+00] :0040415C 23D1 and edx, ecx :0040415E 8A06 mov al, byte ptr [esi] :00404160 8807 mov byte ptr [edi], al :00404162 8A4601 mov al, byte ptr [esi+01] :00404165 C1E902 shr ecx, 02 :00404168 884701 mov byte ptr [edi+01], al :0040416B 83C602 add esi, 00000002 :0040416E 83C702 add edi, 00000002 :00404171 83F908 cmp ecx, 00000008 :00404174 72A6 jb 0040411C :00404176 F3 repz :00404177 A5 movsd :00404178 FF249508424000 jmp dword ptr [4*edx+00404208] :0040417F 90 nop :00404180 23D1 and edx, ecx :00404182 8A06 mov al, byte ptr [esi] :00404184 8807 mov byte ptr [edi], al :00404186 46 inc esi :00404187 C1E902 shr ecx, 02 :0040418A 47 inc edi :0040418B 83F908 cmp ecx, 00000008 :0040418E 728C jb 0040411C :00404190 F3 repz :00404191 A5 movsd :00404192 FF249508424000 jmp dword ptr [4*edx+00404208] :00404199 8D4900 lea ecx, dword ptr [ecx+00] :0040419C FF414000 DWORD 004041FF :004041A0 EC414000 DWORD 004041EC :004041A4 E4414000 DWORD 004041E4 :004041A8 DC414000 DWORD 004041DC :004041AC D4414000 DWORD 004041D4 :004041B0 CC414000 DWORD 004041CC :004041B4 C4414000 DWORD 004041C4 :004041B8 BC414000 DWORD 004041BC :004041BC 8B448EE4 mov eax, dword ptr [esi+4*ecx-1C] :004041C0 89448FE4 mov dword ptr [edi+4*ecx-1C], eax :004041C4 8B448EE8 mov eax, dword ptr [esi+4*ecx-18] :004041C8 89448FE8 mov dword ptr [edi+4*ecx-18], eax :004041CC 8B448EEC mov eax, dword ptr [esi+4*ecx-14] :004041D0 89448FEC mov dword ptr [edi+4*ecx-14], eax :004041D4 8B448EF0 mov eax, dword ptr [esi+4*ecx-10] :004041D8 89448FF0 mov dword ptr [edi+4*ecx-10], eax :004041DC 8B448EF4 mov eax, dword ptr [esi+4*ecx-0C] :004041E0 89448FF4 mov dword ptr [edi+4*ecx-0C], eax :004041E4 8B448EF8 mov eax, dword ptr [esi+4*ecx-08] :004041E8 89448FF8 mov dword ptr [edi+4*ecx-08], eax :004041EC 8B448EFC mov eax, dword ptr [esi+4*ecx-04] :004041F0 89448FFC mov dword ptr [edi+4*ecx-04], eax :004041F4 8D048D00000000 lea eax, dword ptr [4*ecx+00000000] :004041FB 03F0 add esi, eax :004041FD 03F8 add edi, eax :004041FF FF249508424000 jmp dword ptr [4*edx+00404208] :00404206 8BFF mov edi, edi :00404208 18424000 DWORD 00404218 :0040420C 20424000 DWORD 00404220 :00404210 2C424000 DWORD 0040422C :00404214 40424000 DWORD 00404240 :00404218 8B45085E DWORD 5E08458B :0040421C 5F pop edi :0040421D C9 leave :0040421E C3 ret :0040421F 90 nop :00404220 8A06 mov al, byte ptr [esi] :00404222 8807 mov byte ptr [edi], al :00404224 8B4508 mov eax, dword ptr [ebp+08] :00404227 5E pop esi :00404228 5F pop edi :00404229 C9 leave :0040422A C3 ret :0040422B 90 nop :0040422C 8A06 mov al, byte ptr [esi] :0040422E 8807 mov byte ptr [edi], al :00404230 8A4601 mov al, byte ptr [esi+01] :00404233 884701 mov byte ptr [edi+01], al :00404236 8B4508 mov eax, dword ptr [ebp+08] :00404239 5E pop esi :0040423A 5F pop edi :0040423B C9 leave :0040423C C3 ret :0040423D 8D4900 lea ecx, dword ptr [ecx+00] :00404240 8A06 mov al, byte ptr [esi] :00404242 8807 mov byte ptr [edi], al :00404244 8A4601 mov al, byte ptr [esi+01] :00404247 884701 mov byte ptr [edi+01], al :0040424A 8A4602 mov al, byte ptr [esi+02] :0040424D 884702 mov byte ptr [edi+02], al :00404250 8B4508 mov eax, dword ptr [ebp+08] :00404253 5E pop esi :00404254 5F pop edi :00404255 C9 leave :00404256 C3 ret :00404257 90 nop * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004040DA(C) | :00404258 8D7431FC lea esi, dword ptr [ecx+esi-04] :0040425C 8D7C39FC lea edi, dword ptr [ecx+edi-04] :00404260 F7C703000000 test edi, 00000003 :00404266 7524 jne 0040428C :00404268 C1E902 shr ecx, 02 :0040426B 83E203 and edx, 00000003 :0040426E 83F908 cmp ecx, 00000008 :00404271 720D jb 00404280 :00404273 FD std :00404274 F3 repz :00404275 A5 movsd :00404276 FC cld :00404277 FF2495A0434000 jmp dword ptr [4*edx+004043A0] :0040427E 8BFF mov edi, edi * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00404271(C), :004042C8(C), :004042F2(C), :00404320(C) | :00404280 F7D9 neg ecx :00404282 FF248D50434000 jmp dword ptr [4*ecx+00404350] :00404289 8D4900 lea ecx, dword ptr [ecx+00] * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00404266(C) | :0040428C 8BC7 mov eax, edi :0040428E BA03000000 mov edx, 00000003 :00404293 83F904 cmp ecx, 00000004 :00404296 720C jb 004042A4 :00404298 83E003 and eax, 00000003 :0040429B 2BC8 sub ecx, eax :0040429D FF2485A8424000 jmp dword ptr [4*eax+004042A8] * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00404296(C) | :004042A4 FF BYTE ffh :004042A5 24 BYTE 24h :004042A6 8D BYTE 8dh :004042A7 A0 BYTE a0h :004042A8 43400090 DWORD 90004043 :004042AC B8424000 DWORD 004042B8 :004042B0 D8424000 DWORD 004042D8 :004042B4 00434000 DWORD 00404300 :004042B8 8A4603 mov al, byte ptr [esi+03] :004042BB 23D1 and edx, ecx :004042BD 884703 mov byte ptr [edi+03], al :004042C0 4E dec esi :004042C1 C1E902 shr ecx, 02 :004042C4 4F dec edi :004042C5 83F908 cmp ecx, 00000008 :004042C8 72B6 jb 00404280 :004042CA FD std :004042CB F3 repz :004042CC A5 movsd :004042CD FC cld :004042CE FF2495A0434000 jmp dword ptr [4*edx+004043A0] :004042D5 8D4900 lea ecx, dword ptr [ecx+00] :004042D8 8A4603 mov al, byte ptr [esi+03] :004042DB 23D1 and edx, ecx :004042DD 884703 mov byte ptr [edi+03], al :004042E0 8A4602 mov al, byte ptr [esi+02] :004042E3 C1E902 shr ecx, 02 :004042E6 884702 mov byte ptr [edi+02], al :004042E9 83EE02 sub esi, 00000002 :004042EC 83EF02 sub edi, 00000002 :004042EF 83F908 cmp ecx, 00000008 :004042F2 728C jb 00404280 :004042F4 FD std :004042F5 F3 repz :004042F6 A5 movsd :004042F7 FC cld :004042F8 FF2495A0434000 jmp dword ptr [4*edx+004043A0] :004042FF 90 nop :00404300 8A4603 mov al, byte ptr [esi+03] :00404303 23D1 and edx, ecx :00404305 884703 mov byte ptr [edi+03], al :00404308 8A4602 mov al, byte ptr [esi+02] :0040430B 884702 mov byte ptr [edi+02], al :0040430E 8A4601 mov al, byte ptr [esi+01] :00404311 C1E902 shr ecx, 02 :00404314 884701 mov byte ptr [edi+01], al :00404317 83EE03 sub esi, 00000003 :0040431A 83EF03 sub edi, 00000003 :0040431D 83F908 cmp ecx, 00000008 :00404320 0F825AFFFFFF jb 00404280 :00404326 FD std :00404327 F3 repz :00404328 A5 movsd :00404329 FC cld :0040432A FF2495A0434000 jmp dword ptr [4*edx+004043A0] :00404331 8D4900 lea ecx, dword ptr [ecx+00] :00404334 54434000 DWORD 00404354 :00404338 5C434000 DWORD 0040435C :0040433C 64434000 DWORD 00404364 :00404340 6C434000 DWORD 0040436C :00404344 74434000 DWORD 00404374 :00404348 7C434000 DWORD 0040437C :0040434C 84434000 DWORD 00404384 :00404350 97434000 DWORD 00404397 :00404354 8B448E1C mov eax, dword ptr [esi+4*ecx+1C] :00404358 89448F1C mov dword ptr [edi+4*ecx+1C], eax :0040435C 8B448E18 mov eax, dword ptr [esi+4*ecx+18] :00404360 89448F18 mov dword ptr [edi+4*ecx+18], eax :00404364 8B448E14 mov eax, dword ptr [esi+4*ecx+14] :00404368 89448F14 mov dword ptr [edi+4*ecx+14], eax :0040436C 8B448E10 mov eax, dword ptr [esi+4*ecx+10] :00404370 89448F10 mov dword ptr [edi+4*ecx+10], eax :00404374 8B448E0C mov eax, dword ptr [esi+4*ecx+0C] :00404378 89448F0C mov dword ptr [edi+4*ecx+0C], eax :0040437C 8B448E08 mov eax, dword ptr [esi+4*ecx+08] :00404380 89448F08 mov dword ptr [edi+4*ecx+08], eax :00404384 8B448E04 mov eax, dword ptr [esi+4*ecx+04] :00404388 89448F04 mov dword ptr [edi+4*ecx+04], eax :0040438C 8D048D00000000 lea eax, dword ptr [4*ecx+00000000] :00404393 03F0 add esi, eax :00404395 03F8 add edi, eax :00404397 FF2495A0434000 jmp dword ptr [4*edx+004043A0] :0040439E 8BFF mov edi, edi :004043A0 B0434000 DWORD 004043B0 :004043A4 B8434000 DWORD 004043B8 :004043A8 C8434000 DWORD 004043C8 :004043AC DC434000 DWORD 004043DC :004043B0 8B4508 mov eax, dword ptr [ebp+08] :004043B3 5E pop esi :004043B4 5F pop edi :004043B5 C9 leave :004043B6 C3 ret :004043B7 90 nop :004043B8 8A4603 mov al, byte ptr [esi+03] :004043BB 884703 mov byte ptr [edi+03], al :004043BE 8B4508 mov eax, dword ptr [ebp+08] :004043C1 5E pop esi :004043C2 5F pop edi :004043C3 C9 leave :004043C4 C3 ret :004043C5 8D4900 lea ecx, dword ptr [ecx+00] :004043C8 8A4603 mov al, byte ptr [esi+03] :004043CB 884703 mov byte ptr [edi+03], al :004043CE 8A4602 mov al, byte ptr [esi+02] :004043D1 884702 mov byte ptr [edi+02], al :004043D4 8B4508 mov eax, dword ptr [ebp+08] :004043D7 5E pop esi :004043D8 5F pop edi :004043D9 C9 leave :004043DA C3 ret :004043DB 90 nop :004043DC 8A4603 mov al, byte ptr [esi+03] :004043DF 884703 mov byte ptr [edi+03], al :004043E2 8A4602 mov al, byte ptr [esi+02] :004043E5 884702 mov byte ptr [edi+02], al :004043E8 8A4601 mov al, byte ptr [esi+01] :004043EB 884701 mov byte ptr [edi+01], al :004043EE 8B4508 mov eax, dword ptr [ebp+08] :004043F1 5E pop esi :004043F2 5F pop edi :004043F3 C9 leave :004043F4 C3 ret * Referenced by a CALL at Address: |:00402F5B | :004043F5 6840010000 push 00000140 :004043FA 6A00 push 00000000 :004043FC FF35287D4000 push dword ptr [00407D28] * Reference To: KERNEL32.HeapAlloc, Ord:0199h | :00404402 FF155C604000 Call dword ptr [0040605C] :00404408 85C0 test eax, eax :0040440A A3007B4000 mov dword ptr [00407B00], eax :0040440F 7501 jne 00404412 :00404411 C3 ret * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0040440F(C) | :00404412 8325F87A400000 and dword ptr [00407AF8], 00000000 :00404419 8325FC7A400000 and dword ptr [00407AFC], 00000000 :00404420 6A01 push 00000001 :00404422 A3F47A4000 mov dword ptr [00407AF4], eax :00404427 C705EC7A400010000000 mov dword ptr [00407AEC], 00000010 :00404431 58 pop eax :00404432 C3 ret * Referenced by a CALL at Address: |:00403BC4 | :00404433 A1FC7A4000 mov eax, dword ptr [00407AFC] :00404438 8D0C80 lea ecx, dword ptr [eax+4*eax] :0040443B A1007B4000 mov eax, dword ptr [00407B00] :00404440 8D0C88 lea ecx, dword ptr [eax+4*ecx] * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00404459(U) | :00404443 3BC1 cmp eax, ecx :00404445 7314 jnb 0040445B :00404447 8B542404 mov edx, dword ptr [esp+04] :0040444B 2B500C sub edx, dword ptr [eax+0C] :0040444E 81FA00001000 cmp edx, 00100000 :00404454 7207 jb 0040445D :00404456 83C014 add eax, 00000014 :00404459 EBE8 jmp 00404443 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00404445(C) | :0040445B 33C0 xor eax, eax * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00404454(C) | :0040445D C3 ret * Referenced by a CALL at Address: |:00403BD0 | :0040445E 55 push ebp :0040445F 8BEC mov ebp, esp :00404461 83EC14 sub esp, 00000014 :00404464 8B550C mov edx, dword ptr [ebp+0C] :00404467 8B4D08 mov ecx, dword ptr [ebp+08] :0040446A 53 push ebx :0040446B 56 push esi :0040446C 8B4110 mov eax, dword ptr [ecx+10] :0040446F 8BF2 mov esi, edx :00404471 2B710C sub esi, dword ptr [ecx+0C] :00404474 8B5AFC mov ebx, dword ptr [edx-04] :00404477 83C2FC add edx, FFFFFFFC :0040447A 57 push edi :0040447B C1EE0F shr esi, 0F :0040447E 8BCE mov ecx, esi :00404480 8B7AFC mov edi, dword ptr [edx-04] :00404483 69C904020000 imul ecx, 00000204 :00404489 4B dec ebx :0040448A 897DFC mov dword ptr [ebp-04], edi :0040448D 8D8C0144010000 lea ecx, dword ptr [ecx+eax+00000144] :00404494 895DF4 mov dword ptr [ebp-0C], ebx :00404497 894DF0 mov dword ptr [ebp-10], ecx :0040449A 8B0C13 mov ecx, dword ptr [ebx+edx] :0040449D F6C101 test cl, 01 :004044A0 894DF8 mov dword ptr [ebp-08], ecx :004044A3 757F jne 00404524 :004044A5 C1F904 sar ecx, 04 :004044A8 6A3F push 0000003F :004044AA 49 dec ecx :004044AB 5F pop edi :004044AC 894D0C mov dword ptr [ebp+0C], ecx :004044AF 3BCF cmp ecx, edi :004044B1 7603 jbe 004044B6 :004044B3 897D0C mov dword ptr [ebp+0C], edi * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004044B1(C) | :004044B6 8B4C1304 mov ecx, dword ptr [ebx+edx+04] :004044BA 3B4C1308 cmp ecx, dword ptr [ebx+edx+08] :004044BE 7548 jne 00404508 :004044C0 8B4D0C mov ecx, dword ptr [ebp+0C] :004044C3 83F920 cmp ecx, 00000020 :004044C6 731C jnb 004044E4 :004044C8 BF00000080 mov edi, 80000000 :004044CD D3EF shr edi, cl :004044CF 8D4C0104 lea ecx, dword ptr [ecx+eax+04] :004044D3 F7D7 not edi :004044D5 217CB044 and dword ptr [eax+4*esi+44], edi :004044D9 FE09 dec byte ptr [ecx] :004044DB 752B jne 00404508 :004044DD 8B4D08 mov ecx, dword ptr [ebp+08] :004044E0 2139 and dword ptr [ecx], edi :004044E2 EB24 jmp 00404508 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004044C6(C) | :004044E4 83C1E0 add ecx, FFFFFFE0 :004044E7 BF00000080 mov edi, 80000000 :004044EC D3EF shr edi, cl :004044EE 8B4D0C mov ecx, dword ptr [ebp+0C] :004044F1 8D4C0104 lea ecx, dword ptr [ecx+eax+04] :004044F5 F7D7 not edi :004044F7 21BCB0C4000000 and dword ptr [eax+4*esi+000000C4], edi :004044FE FE09 dec byte ptr [ecx] :00404500 7506 jne 00404508 :00404502 8B4D08 mov ecx, dword ptr [ebp+08] :00404505 217904 and dword ptr [ecx+04], edi * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:004044BE(C), :004044DB(C), :004044E2(U), :00404500(C) | :00404508 8B4C1308 mov ecx, dword ptr [ebx+edx+08] :0040450C 8B7C1304 mov edi, dword ptr [ebx+edx+04] :00404510 897904 mov dword ptr [ecx+04], edi :00404513 8B4C1304 mov ecx, dword ptr [ebx+edx+04] :00404517 8B7C1308 mov edi, dword ptr [ebx+edx+08] :0040451B 035DF8 add ebx, dword ptr [ebp-08] :0040451E 897908 mov dword ptr [ecx+08], edi :00404521 895DF4 mov dword ptr [ebp-0C], ebx * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004044A3(C) | :00404524 8BFB mov edi, ebx :00404526 C1FF04 sar edi, 04 :00404529 4F dec edi :0040452A 83FF3F cmp edi, 0000003F :0040452D 7603 jbe 00404532 :0040452F 6A3F push 0000003F :00404531 5F pop edi * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0040452D(C) | :00404532 8B4DFC mov ecx, dword ptr [ebp-04] :00404535 83E101 and ecx, 00000001 :00404538 894DEC mov dword ptr [ebp-14], ecx :0040453B 0F85A0000000 jne 004045E1 :00404541 2B55FC sub edx, dword ptr [ebp-04] :00404544 8B4DFC mov ecx, dword ptr [ebp-04] :00404547 C1F904 sar ecx, 04 :0040454A 6A3F push 0000003F :0040454C 8955F8 mov dword ptr [ebp-08], edx :0040454F 49 dec ecx :00404550 5A pop edx :00404551 3BCA cmp ecx, edx :00404553 894D0C mov dword ptr [ebp+0C], ecx :00404556 7605 jbe 0040455D :00404558 89550C mov dword ptr [ebp+0C], edx :0040455B 8BCA mov ecx, edx * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00404556(C) | :0040455D 035DFC add ebx, dword ptr [ebp-04] :00404560 8BFB mov edi, ebx :00404562 895DF4 mov dword ptr [ebp-0C], ebx :00404565 C1FF04 sar edi, 04 :00404568 4F dec edi :00404569 3BFA cmp edi, edx :0040456B 7602 jbe 0040456F :0040456D 8BFA mov edi, edx * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0040456B(C) | :0040456F 3BCF cmp ecx, edi :00404571 746B je 004045DE :00404573 8B4DF8 mov ecx, dword ptr [ebp-08] :00404576 8B5104 mov edx, dword ptr [ecx+04] :00404579 3B5108 cmp edx, dword ptr [ecx+08] :0040457C 7548 jne 004045C6 :0040457E 8B4D0C mov ecx, dword ptr [ebp+0C] :00404581 83F920 cmp ecx, 00000020 :00404584 731C jnb 004045A2 :00404586 BA00000080 mov edx, 80000000 :0040458B D3EA shr edx, cl :0040458D 8D4C0104 lea ecx, dword ptr [ecx+eax+04] :00404591 F7D2 not edx :00404593 2154B044 and dword ptr [eax+4*esi+44], edx :00404597 FE09 dec byte ptr [ecx] :00404599 752B jne 004045C6 :0040459B 8B4D08 mov ecx, dword ptr [ebp+08] :0040459E 2111 and dword ptr [ecx], edx :004045A0 EB24 jmp 004045C6 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00404584(C) | :004045A2 83C1E0 add ecx, FFFFFFE0 :004045A5 BA00000080 mov edx, 80000000 :004045AA D3EA shr edx, cl :004045AC 8B4D0C mov ecx, dword ptr [ebp+0C] :004045AF 8D4C0104 lea ecx, dword ptr [ecx+eax+04] :004045B3 F7D2 not edx :004045B5 2194B0C4000000 and dword ptr [eax+4*esi+000000C4], edx :004045BC FE09 dec byte ptr [ecx] :004045BE 7506 jne 004045C6 :004045C0 8B4D08 mov ecx, dword ptr [ebp+08] :004045C3 215104 and dword ptr [ecx+04], edx * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:0040457C(C), :00404599(C), :004045A0(U), :004045BE(C) | :004045C6 8B4DF8 mov ecx, dword ptr [ebp-08] :004045C9 8B5108 mov edx, dword ptr [ecx+08] :004045CC 8B4904 mov ecx, dword ptr [ecx+04] :004045CF 894A04 mov dword ptr [edx+04], ecx :004045D2 8B4DF8 mov ecx, dword ptr [ebp-08] :004045D5 8B5104 mov edx, dword ptr [ecx+04] :004045D8 8B4908 mov ecx, dword ptr [ecx+08] :004045DB 894A08 mov dword ptr [edx+08], ecx * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00404571(C) | :004045DE 8B55F8 mov edx, dword ptr [ebp-08] * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0040453B(C) | :004045E1 837DEC00 cmp dword ptr [ebp-14], 00000000 :004045E5 7509 jne 004045F0 :004045E7 397D0C cmp dword ptr [ebp+0C], edi :004045EA 0F8489000000 je 00404679 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004045E5(C) | :004045F0 8B4DF0 mov ecx, dword ptr [ebp-10] :004045F3 8D0CF9 lea ecx, dword ptr [ecx+8*edi] :004045F6 8B4904 mov ecx, dword ptr [ecx+04] :004045F9 894A04 mov dword ptr [edx+04], ecx :004045FC 8B4DF0 mov ecx, dword ptr [ebp-10] :004045FF 8D0CF9 lea ecx, dword ptr [ecx+8*edi] :00404602 894A08 mov dword ptr [edx+08], ecx :00404605 895104 mov dword ptr [ecx+04], edx :00404608 8B4A04 mov ecx, dword ptr [edx+04] :0040460B 895108 mov dword ptr [ecx+08], edx :0040460E 8B4A04 mov ecx, dword ptr [edx+04] :00404611 3B4A08 cmp ecx, dword ptr [edx+08] :00404614 7563 jne 00404679 :00404616 8A4C0704 mov cl, byte ptr [edi+eax+04] :0040461A 83FF20 cmp edi, 00000020 :0040461D 884D0F mov byte ptr [ebp+0F], cl :00404620 FEC1 inc cl :00404622 884C0704 mov byte ptr [edi+eax+04], cl :00404626 7325 jnb 0040464D :00404628 807D0F00 cmp byte ptr [ebp+0F], 00 :0040462C 750E jne 0040463C :0040462E BB00000080 mov ebx, 80000000 :00404633 8BCF mov ecx, edi :00404635 D3EB shr ebx, cl :00404637 8B4D08 mov ecx, dword ptr [ebp+08] :0040463A 0919 or dword ptr [ecx], ebx * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0040462C(C) | :0040463C BB00000080 mov ebx, 80000000 :00404641 8BCF mov ecx, edi :00404643 D3EB shr ebx, cl :00404645 8D44B044 lea eax, dword ptr [eax+4*esi+44] :00404649 0918 or dword ptr [eax], ebx :0040464B EB29 jmp 00404676 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00404626(C) | :0040464D 807D0F00 cmp byte ptr [ebp+0F], 00 :00404651 7510 jne 00404663 :00404653 8D4FE0 lea ecx, dword ptr [edi-20] :00404656 BB00000080 mov ebx, 80000000 :0040465B D3EB shr ebx, cl :0040465D 8B4D08 mov ecx, dword ptr [ebp+08] :00404660 095904 or dword ptr [ecx+04], ebx * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00404651(C) | :00404663 8D4FE0 lea ecx, dword ptr [edi-20] :00404666 BF00000080 mov edi, 80000000 :0040466B D3EF shr edi, cl :0040466D 8D84B0C4000000 lea eax, dword ptr [eax+4*esi+000000C4] :00404674 0938 or dword ptr [eax], edi * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0040464B(U) | :00404676 8B5DF4 mov ebx, dword ptr [ebp-0C] * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:004045EA(C), :00404614(C) | :00404679 8B45F0 mov eax, dword ptr [ebp-10] :0040467C 891A mov dword ptr [edx], ebx :0040467E 895C13FC mov dword ptr [ebx+edx-04], ebx :00404682 FF08 dec dword ptr [eax] :00404684 0F85FA000000 jne 00404784 :0040468A A1F87A4000 mov eax, dword ptr [00407AF8] :0040468F 85C0 test eax, eax :00404691 0F84DF000000 je 00404776 :00404697 8B0DF07A4000 mov ecx, dword ptr [00407AF0] * Reference To: KERNEL32.VirtualFree, Ord:02BFh | :0040469D 8B3D48604000 mov edi, dword ptr [00406048] :004046A3 C1E10F shl ecx, 0F :004046A6 03480C add ecx, dword ptr [eax+0C] :004046A9 BB00800000 mov ebx, 00008000 :004046AE 6800400000 push 00004000 :004046B3 53 push ebx :004046B4 51 push ecx :004046B5 FFD7 call edi :004046B7 8B0DF07A4000 mov ecx, dword ptr [00407AF0] :004046BD A1F87A4000 mov eax, dword ptr [00407AF8] :004046C2 BA00000080 mov edx, 80000000 :004046C7 D3EA shr edx, cl :004046C9 095008 or dword ptr [eax+08], edx :004046CC A1F87A4000 mov eax, dword ptr [00407AF8] :004046D1 8B0DF07A4000 mov ecx, dword ptr [00407AF0] :004046D7 8B4010 mov eax, dword ptr [eax+10] :004046DA 83A488C400000000 and dword ptr [eax+4*ecx+000000C4], 00000000 :004046E2 A1F87A4000 mov eax, dword ptr [00407AF8] :004046E7 8B4010 mov eax, dword ptr [eax+10] :004046EA FE4843 dec [eax+43] :004046ED A1F87A4000 mov eax, dword ptr [00407AF8] :004046F2 8B4810 mov ecx, dword ptr [eax+10] :004046F5 80794300 cmp byte ptr [ecx+43], 00 :004046F9 7509 jne 00404704 :004046FB 836004FE and dword ptr [eax+04], FFFFFFFE :004046FF A1F87A4000 mov eax, dword ptr [00407AF8] * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004046F9(C) | :00404704 837808FF cmp dword ptr [eax+08], FFFFFFFF :00404708 756C jne 00404776 :0040470A 53 push ebx :0040470B 6A00 push 00000000 :0040470D FF700C push [eax+0C] :00404710 FFD7 call edi :00404712 A1F87A4000 mov eax, dword ptr [00407AF8] :00404717 FF7010 push [eax+10] :0040471A 6A00 push 00000000 :0040471C FF35287D4000 push dword ptr [00407D28] * Reference To: KERNEL32.HeapFree, Ord:019Fh | :00404722 FF154C604000 Call dword ptr [0040604C] :00404728 A1FC7A4000 mov eax, dword ptr [00407AFC] :0040472D 8B15007B4000 mov edx, dword ptr [00407B00] :00404733 8D0480 lea eax, dword ptr [eax+4*eax] :00404736 C1E002 shl eax, 02 :00404739 8BC8 mov ecx, eax :0040473B A1F87A4000 mov eax, dword ptr [00407AF8] :00404740 2BC8 sub ecx, eax :00404742 8D4C11EC lea ecx, dword ptr [ecx+edx-14] :00404746 51 push ecx :00404747 8D4814 lea ecx, dword ptr [eax+14] :0040474A 51 push ecx :0040474B 50 push eax :0040474C E86F0F0000 call 004056C0 :00404751 8B4508 mov eax, dword ptr [ebp+08] :00404754 83C40C add esp, 0000000C :00404757 FF0DFC7A4000 dec dword ptr [00407AFC] :0040475D 3B05F87A4000 cmp eax, dword ptr [00407AF8] :00404763 7603 jbe 00404768 :00404765 83E814 sub eax, 00000014 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00404763(C) | :00404768 8B0D007B4000 mov ecx, dword ptr [00407B00] :0040476E 890DF47A4000 mov dword ptr [00407AF4], ecx :00404774 EB03 jmp 00404779 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00404691(C), :00404708(C) | :00404776 8B4508 mov eax, dword ptr [ebp+08] * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00404774(U) | :00404779 A3F87A4000 mov dword ptr [00407AF8], eax :0040477E 8935F07A4000 mov dword ptr [00407AF0], esi * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00404684(C) | :00404784 5F pop edi :00404785 5E pop esi :00404786 5B pop ebx :00404787 C9 leave :00404788 C3 ret * Referenced by a CALL at Addresses: |:00403676 , :00403874 | :00404789 55 push ebp :0040478A 8BEC mov ebp, esp :0040478C 83EC14 sub esp, 00000014 :0040478F A1FC7A4000 mov eax, dword ptr [00407AFC] :00404794 8B15007B4000 mov edx, dword ptr [00407B00] :0040479A 53 push ebx :0040479B 56 push esi :0040479C 8D0480 lea eax, dword ptr [eax+4*eax] :0040479F 57 push edi :004047A0 8D3C82 lea edi, dword ptr [edx+4*eax] :004047A3 8B4508 mov eax, dword ptr [ebp+08] :004047A6 897DFC mov dword ptr [ebp-04], edi :004047A9 8D4817 lea ecx, dword ptr [eax+17] :004047AC 83E1F0 and ecx, FFFFFFF0 :004047AF 894DF0 mov dword ptr [ebp-10], ecx :004047B2 C1F904 sar ecx, 04 :004047B5 49 dec ecx :004047B6 83F920 cmp ecx, 00000020 :004047B9 7D0E jge 004047C9 :004047BB 83CEFF or esi, FFFFFFFF :004047BE D3EE shr esi, cl :004047C0 834DF8FF or dword ptr [ebp-08], FFFFFFFF :004047C4 8975F4 mov dword ptr [ebp-0C], esi :004047C7 EB10 jmp 004047D9 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004047B9(C) | :004047C9 83C1E0 add ecx, FFFFFFE0 :004047CC 83C8FF or eax, FFFFFFFF :004047CF 33F6 xor esi, esi :004047D1 D3E8 shr eax, cl :004047D3 8975F4 mov dword ptr [ebp-0C], esi :004047D6 8945F8 mov dword ptr [ebp-08], eax * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004047C7(U) | :004047D9 A1F47A4000 mov eax, dword ptr [00407AF4] :004047DE 8BD8 mov ebx, eax :004047E0 3BDF cmp ebx, edi :004047E2 895D08 mov dword ptr [ebp+08], ebx :004047E5 7319 jnb 00404800 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004047FE(C) | :004047E7 8B4B04 mov ecx, dword ptr [ebx+04] :004047EA 8B3B mov edi, dword ptr [ebx] :004047EC 234DF8 and ecx, dword ptr [ebp-08] :004047EF 23FE and edi, esi :004047F1 0BCF or ecx, edi :004047F3 750B jne 00404800 :004047F5 83C314 add ebx, 00000014 :004047F8 3B5DFC cmp ebx, dword ptr [ebp-04] :004047FB 895D08 mov dword ptr [ebp+08], ebx :004047FE 72E7 jb 004047E7 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:004047E5(C), :004047F3(C) | :00404800 3B5DFC cmp ebx, dword ptr [ebp-04] :00404803 7579 jne 0040487E :00404805 8BDA mov ebx, edx * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0040481F(U) | :00404807 3BD8 cmp ebx, eax :00404809 895D08 mov dword ptr [ebp+08], ebx :0040480C 7315 jnb 00404823 :0040480E 8B4B04 mov ecx, dword ptr [ebx+04] :00404811 8B3B mov edi, dword ptr [ebx] :00404813 234DF8 and ecx, dword ptr [ebp-08] :00404816 23FE and edi, esi :00404818 0BCF or ecx, edi :0040481A 7505 jne 00404821 :0040481C 83C314 add ebx, 00000014 :0040481F EBE6 jmp 00404807 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0040481A(C) | :00404821 3BD8 cmp ebx, eax * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0040480C(C) | :00404823 7559 jne 0040487E * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00404836(U) | :00404825 3B5DFC cmp ebx, dword ptr [ebp-04] :00404828 7311 jnb 0040483B :0040482A 837B0800 cmp dword ptr [ebx+08], 00000000 :0040482E 7508 jne 00404838 :00404830 83C314 add ebx, 00000014 :00404833 895D08 mov dword ptr [ebp+08], ebx :00404836 EBED jmp 00404825 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0040482E(C) | :00404838 3B5DFC cmp ebx, dword ptr [ebp-04] * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00404828(C) | :0040483B 7526 jne 00404863 :0040483D 8BDA mov ebx, edx * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0040484F(U) | :0040483F 3BD8 cmp ebx, eax :00404841 895D08 mov dword ptr [ebp+08], ebx :00404844 730D jnb 00404853 :00404846 837B0800 cmp dword ptr [ebx+08], 00000000 :0040484A 7505 jne 00404851 :0040484C 83C314 add ebx, 00000014 :0040484F EBEE jmp 0040483F * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0040484A(C) | :00404851 3BD8 cmp ebx, eax * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00404844(C) | :00404853 750E jne 00404863 :00404855 E838020000 call 00404A92 :0040485A 8BD8 mov ebx, eax :0040485C 85DB test ebx, ebx :0040485E 895D08 mov dword ptr [ebp+08], ebx :00404861 7414 je 00404877 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:0040483B(C), :00404853(C) | :00404863 53 push ebx :00404864 E8DA020000 call 00404B43 :00404869 59 pop ecx :0040486A 8B4B10 mov ecx, dword ptr [ebx+10] :0040486D 8901 mov dword ptr [ecx], eax :0040486F 8B4310 mov eax, dword ptr [ebx+10] :00404872 8338FF cmp dword ptr [eax], FFFFFFFF :00404875 7507 jne 0040487E * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00404861(C) | :00404877 33C0 xor eax, eax :00404879 E90F020000 jmp 00404A8D * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00404803(C), :00404823(C), :00404875(C) | :0040487E 891DF47A4000 mov dword ptr [00407AF4], ebx :00404884 8B4310 mov eax, dword ptr [ebx+10] :00404887 8B10 mov edx, dword ptr [eax] :00404889 83FAFF cmp edx, FFFFFFFF :0040488C 8955FC mov dword ptr [ebp-04], edx :0040488F 7414 je 004048A5 :00404891 8B8C90C4000000 mov ecx, dword ptr [eax+4*edx+000000C4] :00404898 8B7C9044 mov edi, dword ptr [eax+4*edx+44] :0040489C 234DF8 and ecx, dword ptr [ebp-08] :0040489F 23FE and edi, esi :004048A1 0BCF or ecx, edi :004048A3 7537 jne 004048DC * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0040488F(C) | :004048A5 8B90C4000000 mov edx, dword ptr [eax+000000C4] :004048AB 8B7044 mov esi, dword ptr [eax+44] :004048AE 2355F8 and edx, dword ptr [ebp-08] :004048B1 2375F4 and esi, dword ptr [ebp-0C] :004048B4 8365FC00 and dword ptr [ebp-04], 00000000 :004048B8 8D4844 lea ecx, dword ptr [eax+44] :004048BB 0BD6 or edx, esi :004048BD 8B75F4 mov esi, dword ptr [ebp-0C] :004048C0 7517 jne 004048D9 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004048D7(C) | :004048C2 8B9184000000 mov edx, dword ptr [ecx+00000084] :004048C8 FF45FC inc [ebp-04] :004048CB 2355F8 and edx, dword ptr [ebp-08] :004048CE 83C104 add ecx, 00000004 :004048D1 8BFE mov edi, esi :004048D3 2339 and edi, dword ptr [ecx] :004048D5 0BD7 or edx, edi :004048D7 74E9 je 004048C2 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004048C0(C) | :004048D9 8B55FC mov edx, dword ptr [ebp-04] * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004048A3(C) | :004048DC 8BCA mov ecx, edx :004048DE 33FF xor edi, edi :004048E0 69C904020000 imul ecx, 00000204 :004048E6 8D8C0144010000 lea ecx, dword ptr [ecx+eax+00000144] :004048ED 894DF4 mov dword ptr [ebp-0C], ecx :004048F0 8B4C9044 mov ecx, dword ptr [eax+4*edx+44] :004048F4 23CE and ecx, esi :004048F6 750D jne 00404905 :004048F8 8B8C90C4000000 mov ecx, dword ptr [eax+4*edx+000000C4] :004048FF 6A20 push 00000020 :00404901 234DF8 and ecx, dword ptr [ebp-08] :00404904 5F pop edi * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:004048F6(C), :0040490C(U) | :00404905 85C9 test ecx, ecx :00404907 7C05 jl 0040490E :00404909 D1E1 shl ecx, 1 :0040490B 47 inc edi :0040490C EBF7 jmp 00404905 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00404907(C) | :0040490E 8B4DF4 mov ecx, dword ptr [ebp-0C] :00404911 8B54F904 mov edx, dword ptr [ecx+8*edi+04] :00404915 8B0A mov ecx, dword ptr [edx] :00404917 2B4DF0 sub ecx, dword ptr [ebp-10] :0040491A 8BF1 mov esi, ecx :0040491C 894DF8 mov dword ptr [ebp-08], ecx :0040491F C1FE04 sar esi, 04 :00404922 4E dec esi :00404923 83FE3F cmp esi, 0000003F :00404926 7E03 jle 0040492B :00404928 6A3F push 0000003F :0040492A 5E pop esi * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00404926(C) | :0040492B 3BF7 cmp esi, edi :0040492D 0F840D010000 je 00404A40 :00404933 8B4A04 mov ecx, dword ptr [edx+04] :00404936 3B4A08 cmp ecx, dword ptr [edx+08] :00404939 7561 jne 0040499C :0040493B 83FF20 cmp edi, 00000020 :0040493E 7D2B jge 0040496B :00404940 BB00000080 mov ebx, 80000000 :00404945 8BCF mov ecx, edi :00404947 D3EB shr ebx, cl :00404949 8B4DFC mov ecx, dword ptr [ebp-04] :0040494C 8D7C3804 lea edi, dword ptr [eax+edi+04] :00404950 F7D3 not ebx :00404952 895DEC mov dword ptr [ebp-14], ebx :00404955 235C8844 and ebx, dword ptr [eax+4*ecx+44] :00404959 895C8844 mov dword ptr [eax+4*ecx+44], ebx :0040495D FE0F dec byte ptr [edi] :0040495F 7538 jne 00404999 :00404961 8B5D08 mov ebx, dword ptr [ebp+08] :00404964 8B4DEC mov ecx, dword ptr [ebp-14] :00404967 210B and dword ptr [ebx], ecx :00404969 EB31 jmp 0040499C * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0040493E(C) | :0040496B 8D4FE0 lea ecx, dword ptr [edi-20] :0040496E BB00000080 mov ebx, 80000000 :00404973 D3EB shr ebx, cl :00404975 8B4DFC mov ecx, dword ptr [ebp-04] :00404978 8D7C3804 lea edi, dword ptr [eax+edi+04] :0040497C 8D8C88C4000000 lea ecx, dword ptr [eax+4*ecx+000000C4] :00404983 F7D3 not ebx :00404985 2119 and dword ptr [ecx], ebx :00404987 FE0F dec byte ptr [edi] :00404989 895DEC mov dword ptr [ebp-14], ebx :0040498C 750B jne 00404999 :0040498E 8B5D08 mov ebx, dword ptr [ebp+08] :00404991 8B4DEC mov ecx, dword ptr [ebp-14] :00404994 214B04 and dword ptr [ebx+04], ecx :00404997 EB03 jmp 0040499C * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:0040495F(C), :0040498C(C) | :00404999 8B5D08 mov ebx, dword ptr [ebp+08] * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00404939(C), :00404969(U), :00404997(U) | :0040499C 8B4A08 mov ecx, dword ptr [edx+08] :0040499F 8B7A04 mov edi, dword ptr [edx+04] :004049A2 837DF800 cmp dword ptr [ebp-08], 00000000 :004049A6 897904 mov dword ptr [ecx+04], edi :004049A9 8B4A04 mov ecx, dword ptr [edx+04] :004049AC 8B7A08 mov edi, dword ptr [edx+08] :004049AF 897908 mov dword ptr [ecx+08], edi :004049B2 0F8494000000 je 00404A4C :004049B8 8B4DF4 mov ecx, dword ptr [ebp-0C] :004049BB 8B7CF104 mov edi, dword ptr [ecx+8*esi+04] :004049BF 8D0CF1 lea ecx, dword ptr [ecx+8*esi] :004049C2 897A04 mov dword ptr [edx+04], edi :004049C5 894A08 mov dword ptr [edx+08], ecx :004049C8 895104 mov dword ptr [ecx+04], edx :004049CB 8B4A04 mov ecx, dword ptr [edx+04] :004049CE 895108 mov dword ptr [ecx+08], edx :004049D1 8B4A04 mov ecx, dword ptr [edx+04] :004049D4 3B4A08 cmp ecx, dword ptr [edx+08] :004049D7 7564 jne 00404A3D :004049D9 8A4C0604 mov cl, byte ptr [esi+eax+04] :004049DD 83FE20 cmp esi, 00000020 :004049E0 884D0B mov byte ptr [ebp+0B], cl :004049E3 7D29 jge 00404A0E :004049E5 FEC1 inc cl :004049E7 807D0B00 cmp byte ptr [ebp+0B], 00 :004049EB 884C0604 mov byte ptr [esi+eax+04], cl :004049EF 750B jne 004049FC :004049F1 BF00000080 mov edi, 80000000 :004049F6 8BCE mov ecx, esi :004049F8 D3EF shr edi, cl :004049FA 093B or dword ptr [ebx], edi * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004049EF(C) | :004049FC BF00000080 mov edi, 80000000 :00404A01 8BCE mov ecx, esi :00404A03 D3EF shr edi, cl :00404A05 8B4DFC mov ecx, dword ptr [ebp-04] :00404A08 097C8844 or dword ptr [eax+4*ecx+44], edi :00404A0C EB2F jmp 00404A3D * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004049E3(C) | :00404A0E FEC1 inc cl :00404A10 807D0B00 cmp byte ptr [ebp+0B], 00 :00404A14 884C0604 mov byte ptr [esi+eax+04], cl :00404A18 750D jne 00404A27 :00404A1A 8D4EE0 lea ecx, dword ptr [esi-20] :00404A1D BF00000080 mov edi, 80000000 :00404A22 D3EF shr edi, cl :00404A24 097B04 or dword ptr [ebx+04], edi * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00404A18(C) | :00404A27 8B4DFC mov ecx, dword ptr [ebp-04] :00404A2A 8DBC88C4000000 lea edi, dword ptr [eax+4*ecx+000000C4] :00404A31 8D4EE0 lea ecx, dword ptr [esi-20] :00404A34 BE00000080 mov esi, 80000000 :00404A39 D3EE shr esi, cl :00404A3B 0937 or dword ptr [edi], esi * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:004049D7(C), :00404A0C(U) | :00404A3D 8B4DF8 mov ecx, dword ptr [ebp-08] * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0040492D(C) | :00404A40 85C9 test ecx, ecx :00404A42 740B je 00404A4F :00404A44 890A mov dword ptr [edx], ecx :00404A46 894C11FC mov dword ptr [ecx+edx-04], ecx :00404A4A EB03 jmp 00404A4F * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004049B2(C) | :00404A4C 8B4DF8 mov ecx, dword ptr [ebp-08] * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00404A42(C), :00404A4A(U) | :00404A4F 8B75F0 mov esi, dword ptr [ebp-10] :00404A52 03D1 add edx, ecx :00404A54 8D4E01 lea ecx, dword ptr [esi+01] :00404A57 890A mov dword ptr [edx], ecx :00404A59 894C32FC mov dword ptr [edx+esi-04], ecx :00404A5D 8B75F4 mov esi, dword ptr [ebp-0C] :00404A60 8B0E mov ecx, dword ptr [esi] :00404A62 85C9 test ecx, ecx :00404A64 8D7901 lea edi, dword ptr [ecx+01] :00404A67 893E mov dword ptr [esi], edi :00404A69 751A jne 00404A85 :00404A6B 3B1DF87A4000 cmp ebx, dword ptr [00407AF8] :00404A71 7512 jne 00404A85 :00404A73 8B4DFC mov ecx, dword ptr [ebp-04] :00404A76 3B0DF07A4000 cmp ecx, dword ptr [00407AF0] :00404A7C 7507 jne 00404A85 :00404A7E 8325F87A400000 and dword ptr [00407AF8], 00000000 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00404A69(C), :00404A71(C), :00404A7C(C) | :00404A85 8B4DFC mov ecx, dword ptr [ebp-04] :00404A88 8908 mov dword ptr [eax], ecx :00404A8A 8D4204 lea eax, dword ptr [edx+04] * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00404879(U) | :00404A8D 5F pop edi :00404A8E 5E pop esi :00404A8F 5B pop ebx :00404A90 C9 leave :00404A91 C3 ret * Referenced by a CALL at Address: |:00404855 | :00404A92 A1FC7A4000 mov eax, dword ptr [00407AFC] :00404A97 8B0DEC7A4000 mov ecx, dword ptr [00407AEC] :00404A9D 56 push esi :00404A9E 57 push edi :00404A9F 33FF xor edi, edi :00404AA1 3BC1 cmp eax, ecx :00404AA3 7530 jne 00404AD5 :00404AA5 8D448950 lea eax, dword ptr [ecx+4*ecx+50] :00404AA9 C1E002 shl eax, 02 :00404AAC 50 push eax :00404AAD FF35007B4000 push dword ptr [00407B00] :00404AB3 57 push edi :00404AB4 FF35287D4000 push dword ptr [00407D28] * Reference To: KERNEL32.HeapReAlloc, Ord:01A2h | :00404ABA FF1570604000 Call dword ptr [00406070] :00404AC0 3BC7 cmp eax, edi :00404AC2 7461 je 00404B25 :00404AC4 8305EC7A400010 add dword ptr [00407AEC], 00000010 :00404ACB A3007B4000 mov dword ptr [00407B00], eax :00404AD0 A1FC7A4000 mov eax, dword ptr [00407AFC] * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00404AA3(C) | :00404AD5 8B0D007B4000 mov ecx, dword ptr [00407B00] :00404ADB 68C4410000 push 000041C4 :00404AE0 6A08 push 00000008 :00404AE2 8D0480 lea eax, dword ptr [eax+4*eax] :00404AE5 FF35287D4000 push dword ptr [00407D28] :00404AEB 8D3481 lea esi, dword ptr [ecx+4*eax] * Reference To: KERNEL32.HeapAlloc, Ord:0199h | :00404AEE FF155C604000 Call dword ptr [0040605C] :00404AF4 3BC7 cmp eax, edi :00404AF6 894610 mov dword ptr [esi+10], eax :00404AF9 742A je 00404B25 :00404AFB 6A04 push 00000004 :00404AFD 6800200000 push 00002000 :00404B02 6800001000 push 00100000 :00404B07 57 push edi * Reference To: KERNEL32.VirtualAlloc, Ord:02BBh | :00404B08 FF156C604000 Call dword ptr [0040606C] :00404B0E 3BC7 cmp eax, edi :00404B10 89460C mov dword ptr [esi+0C], eax :00404B13 7514 jne 00404B29 :00404B15 FF7610 push [esi+10] :00404B18 57 push edi :00404B19 FF35287D4000 push dword ptr [00407D28] * Reference To: KERNEL32.HeapFree, Ord:019Fh | :00404B1F FF154C604000 Call dword ptr [0040604C] * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00404AC2(C), :00404AF9(C) | :00404B25 33C0 xor eax, eax :00404B27 EB17 jmp 00404B40 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00404B13(C) | :00404B29 834E08FF or dword ptr [esi+08], FFFFFFFF :00404B2D 893E mov dword ptr [esi], edi :00404B2F 897E04 mov dword ptr [esi+04], edi :00404B32 FF05FC7A4000 inc dword ptr [00407AFC] :00404B38 8B4610 mov eax, dword ptr [esi+10] :00404B3B 8308FF or dword ptr [eax], FFFFFFFF :00404B3E 8BC6 mov eax, esi * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00404B27(U) | :00404B40 5F pop edi :00404B41 5E pop esi :00404B42 C3 ret * Referenced by a CALL at Address: |:00404864 | :00404B43 55 push ebp :00404B44 8BEC mov ebp, esp :00404B46 51 push ecx :00404B47 8B4D08 mov ecx, dword ptr [ebp+08] :00404B4A 53 push ebx :00404B4B 56 push esi :00404B4C 57 push edi :00404B4D 8B7110 mov esi, dword ptr [ecx+10] :00404B50 8B4108 mov eax, dword ptr [ecx+08] :00404B53 33DB xor ebx, ebx * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00404B5C(U) | :00404B55 85C0 test eax, eax :00404B57 7C05 jl 00404B5E :00404B59 D1E0 shl eax, 1 :00404B5B 43 inc ebx :00404B5C EBF7 jmp 00404B55 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00404B57(C) | :00404B5E 8BC3 mov eax, ebx :00404B60 6A3F push 0000003F :00404B62 69C004020000 imul eax, 00000204 :00404B68 5A pop edx :00404B69 8D843044010000 lea eax, dword ptr [eax+esi+00000144] :00404B70 8945FC mov dword ptr [ebp-04], eax * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00404B7D(C) | :00404B73 894008 mov dword ptr [eax+08], eax :00404B76 894004 mov dword ptr [eax+04], eax :00404B79 83C008 add eax, 00000008 :00404B7C 4A dec edx :00404B7D 75F4 jne 00404B73 :00404B7F 8BFB mov edi, ebx :00404B81 6A04 push 00000004 :00404B83 C1E70F shl edi, 0F :00404B86 03790C add edi, dword ptr [ecx+0C] :00404B89 6800100000 push 00001000 :00404B8E 6800800000 push 00008000 :00404B93 57 push edi * Reference To: KERNEL32.VirtualAlloc, Ord:02BBh | :00404B94 FF156C604000 Call dword ptr [0040606C] :00404B9A 85C0 test eax, eax :00404B9C 7508 jne 00404BA6 :00404B9E 83C8FF or eax, FFFFFFFF :00404BA1 E993000000 jmp 00404C39 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00404B9C(C) | :00404BA6 8D9700700000 lea edx, dword ptr [edi+00007000] :00404BAC 3BFA cmp edi, edx :00404BAE 773C ja 00404BEC :00404BB0 8D4710 lea eax, dword ptr [edi+10] * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00404BEA(C) | :00404BB3 8348F8FF or dword ptr [eax-08], FFFFFFFF :00404BB7 8388EC0F0000FF or dword ptr [eax+00000FEC], FFFFFFFF :00404BBE 8D88FC0F0000 lea ecx, dword ptr [eax+00000FFC] :00404BC4 C740FCF00F0000 mov [eax-04], 00000FF0 :00404BCB 8908 mov dword ptr [eax], ecx :00404BCD 8D88FCEFFFFF lea ecx, dword ptr [eax+FFFFEFFC] :00404BD3 894804 mov dword ptr [eax+04], ecx :00404BD6 C780E80F0000F00F0000 mov dword ptr [ebx+00000FE8], 00000FF0 :00404BE0 0500100000 add eax, 00001000 :00404BE5 8D48F0 lea ecx, dword ptr [eax-10] :00404BE8 3BCA cmp ecx, edx :00404BEA 76C7 jbe 00404BB3 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00404BAE(C) | :00404BEC 8B45FC mov eax, dword ptr [ebp-04] :00404BEF 8D4F0C lea ecx, dword ptr [edi+0C] :00404BF2 05F8010000 add eax, 000001F8 :00404BF7 6A01 push 00000001 :00404BF9 5F pop edi :00404BFA 894804 mov dword ptr [eax+04], ecx :00404BFD 894108 mov dword ptr [ecx+08], eax :00404C00 8D4A0C lea ecx, dword ptr [edx+0C] :00404C03 894808 mov dword ptr [eax+08], ecx :00404C06 894104 mov dword ptr [ecx+04], eax :00404C09 83649E4400 and dword ptr [esi+4*ebx+44], 00000000 :00404C0E 89BC9EC4000000 mov dword ptr [esi+4*ebx+000000C4], edi :00404C15 8A4643 mov al, byte ptr [esi+43] :00404C18 8AC8 mov cl, al :00404C1A FEC1 inc cl :00404C1C 84C0 test al, al :00404C1E 8B4508 mov eax, dword ptr [ebp+08] :00404C21 884E43 mov byte ptr [esi+43], cl :00404C24 7503 jne 00404C29 :00404C26 097804 or dword ptr [eax+04], edi * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00404C24(C) | :00404C29 BA00000080 mov edx, 80000000 :00404C2E 8BCB mov ecx, ebx :00404C30 D3EA shr edx, cl :00404C32 F7D2 not edx :00404C34 215008 and dword ptr [eax+08], edx :00404C37 8BC3 mov eax, ebx * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00404BA1(U) | :00404C39 5F pop edi :00404C3A 5E pop esi :00404C3B 5B pop ebx :00404C3C C9 leave :00404C3D C3 ret * Referenced by a CALL at Address: |:004032A0 | :00404C3E 53 push ebx :00404C3F 33DB xor ebx, ebx :00404C41 391DB07A4000 cmp dword ptr [00407AB0], ebx :00404C47 56 push esi :00404C48 57 push edi :00404C49 7542 jne 00404C8D :00404C4B 6848644000 push 00406448 * Reference To: KERNEL32.LoadLibraryA, Ord:01C2h | :00404C50 FF1578604000 Call dword ptr [00406078] :00404C56 8BF8 mov edi, eax :00404C58 3BFB cmp edi, ebx :00404C5A 7467 je 00404CC3 * Reference To: KERNEL32.GetProcAddress, Ord:013Eh | :00404C5C 8B3574604000 mov esi, dword ptr [00406074] :00404C62 683C644000 push 0040643C :00404C67 57 push edi :00404C68 FFD6 call esi :00404C6A 85C0 test eax, eax :00404C6C A3B07A4000 mov dword ptr [00407AB0], eax :00404C71 7450 je 00404CC3 :00404C73 682C644000 push 0040642C :00404C78 57 push edi :00404C79 FFD6 call esi :00404C7B 6818644000 push 00406418 :00404C80 57 push edi :00404C81 A3B47A4000 mov dword ptr [00407AB4], eax :00404C86 FFD6 call esi :00404C88 A3B87A4000 mov dword ptr [00407AB8], eax * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00404C49(C) | :00404C8D A1B47A4000 mov eax, dword ptr [00407AB4] :00404C92 85C0 test eax, eax :00404C94 7416 je 00404CAC :00404C96 FFD0 call eax :00404C98 8BD8 mov ebx, eax :00404C9A 85DB test ebx, ebx :00404C9C 740E je 00404CAC :00404C9E A1B87A4000 mov eax, dword ptr [00407AB8] :00404CA3 85C0 test eax, eax :00404CA5 7405 je 00404CAC :00404CA7 53 push ebx :00404CA8 FFD0 call eax :00404CAA 8BD8 mov ebx, eax * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00404C94(C), :00404C9C(C), :00404CA5(C) | :00404CAC FF742418 push [esp+18] :00404CB0 FF742418 push [esp+18] :00404CB4 FF742418 push [esp+18] :00404CB8 53 push ebx :00404CB9 FF15B07A4000 call dword ptr [00407AB0] * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00404CC5(U) | :00404CBF 5F pop edi :00404CC0 5E pop esi :00404CC1 5B pop ebx :00404CC2 C3 ret * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00404C5A(C), :00404C71(C) | :00404CC3 33C0 xor eax, eax :00404CC5 EBF8 jmp 00404CBF :00404CC7 CC int 03 :00404CC8 CC int 03 :00404CC9 CC int 03 :00404CCA CC int 03 :00404CCB CC int 03 :00404CCC CC int 03 :00404CCD CC int 03 :00404CCE CC int 03 :00404CCF CC int 03 * Referenced by a CALL at Address: |:00403246 | :00404CD0 8B4C240C mov ecx, dword ptr [esp+0C] :00404CD4 57 push edi :00404CD5 85C9 test ecx, ecx :00404CD7 747A je 00404D53 :00404CD9 56 push esi :00404CDA 53 push ebx :00404CDB 8BD9 mov ebx, ecx :00404CDD 8B742414 mov esi, dword ptr [esp+14] :00404CE1 F7C603000000 test esi, 00000003 :00404CE7 8B7C2410 mov edi, dword ptr [esp+10] :00404CEB 7507 jne 00404CF4 :00404CED C1E902 shr ecx, 02 :00404CF0 756F jne 00404D61 :00404CF2 EB21 jmp 00404D15 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00404CEB(C), :00404D07(C) | :00404CF4 8A06 mov al, byte ptr [esi] :00404CF6 46 inc esi :00404CF7 8807 mov byte ptr [edi], al :00404CF9 47 inc edi :00404CFA 49 dec ecx :00404CFB 7425 je 00404D22 :00404CFD 84C0 test al, al :00404CFF 7429 je 00404D2A :00404D01 F7C603000000 test esi, 00000003 :00404D07 75EB jne 00404CF4 :00404D09 8BD9 mov ebx, ecx :00404D0B C1E902 shr ecx, 02 :00404D0E 7551 jne 00404D61 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00404D5F(C) | :00404D10 83E303 and ebx, 00000003 :00404D13 740D je 00404D22 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00404CF2(U), :00404D20(C) | :00404D15 8A06 mov al, byte ptr [esi] :00404D17 46 inc esi :00404D18 8807 mov byte ptr [edi], al :00404D1A 47 inc edi :00404D1B 84C0 test al, al :00404D1D 742F je 00404D4E :00404D1F 4B dec ebx :00404D20 75F3 jne 00404D15 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00404CFB(C), :00404D13(C) | :00404D22 8B442410 mov eax, dword ptr [esp+10] :00404D26 5B pop ebx :00404D27 5E pop esi :00404D28 5F pop edi :00404D29 C3 ret * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00404CFF(C) | :00404D2A F7C703000000 test edi, 00000003 :00404D30 7412 je 00404D44 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00404D42(C) | :00404D32 8807 mov byte ptr [edi], al :00404D34 47 inc edi :00404D35 49 dec ecx :00404D36 0F848A000000 je 00404DC6 :00404D3C F7C703000000 test edi, 00000003 :00404D42 75EE jne 00404D32 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00404D30(C) | :00404D44 8BD9 mov ebx, ecx :00404D46 C1E902 shr ecx, 02 :00404D49 756C jne 00404DB7 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00404D4F(C), :00404DC4(C) | :00404D4B 8807 mov byte ptr [edi], al :00404D4D 47 inc edi * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00404D1D(C) | :00404D4E 4B dec ebx :00404D4F 75FA jne 00404D4B :00404D51 5B pop ebx :00404D52 5E pop esi * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00404CD7(C) | :00404D53 8B442408 mov eax, dword ptr [esp+08] :00404D57 5F pop edi :00404D58 C3 ret * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00404D79(C), :00404D91(C) | :00404D59 8917 mov dword ptr [edi], edx :00404D5B 83C704 add edi, 00000004 :00404D5E 49 dec ecx :00404D5F 74AF je 00404D10 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00404CF0(C), :00404D0E(C) | :00404D61 BAFFFEFE7E mov edx, 7EFEFEFF :00404D66 8B06 mov eax, dword ptr [esi] :00404D68 03D0 add edx, eax :00404D6A 83F0FF xor eax, FFFFFFFF :00404D6D 33C2 xor eax, edx :00404D6F 8B16 mov edx, dword ptr [esi] :00404D71 83C604 add esi, 00000004 :00404D74 A900010181 test eax, 81010100 :00404D79 74DE je 00404D59 :00404D7B 84D2 test dl, dl :00404D7D 742C je 00404DAB :00404D7F 84F6 test dh, dh :00404D81 741E je 00404DA1 :00404D83 F7C20000FF00 test edx, 00FF0000 :00404D89 740C je 00404D97 :00404D8B F7C2000000FF test edx, FF000000 :00404D91 75C6 jne 00404D59 :00404D93 8917 mov dword ptr [edi], edx :00404D95 EB18 jmp 00404DAF * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00404D89(C) | :00404D97 81E2FFFF0000 and edx, 0000FFFF :00404D9D 8917 mov dword ptr [edi], edx :00404D9F EB0E jmp 00404DAF * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00404D81(C) | :00404DA1 81E2FF000000 and edx, 000000FF :00404DA7 8917 mov dword ptr [edi], edx :00404DA9 EB04 jmp 00404DAF * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00404D7D(C) | :00404DAB 33D2 xor edx, edx :00404DAD 8917 mov dword ptr [edi], edx * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00404D95(U), :00404D9F(U), :00404DA9(U) | :00404DAF 83C704 add edi, 00000004 :00404DB2 33C0 xor eax, eax :00404DB4 49 dec ecx :00404DB5 740A je 00404DC1 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00404D49(C) | :00404DB7 33C0 xor eax, eax * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00404DBF(C) | :00404DB9 8907 mov dword ptr [edi], eax :00404DBB 83C704 add edi, 00000004 :00404DBE 49 dec ecx :00404DBF 75F8 jne 00404DB9 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00404DB5(C) | :00404DC1 83E303 and ebx, 00000003 :00404DC4 7585 jne 00404D4B * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00404D36(C) | :00404DC6 8B442410 mov eax, dword ptr [esp+10] :00404DCA 5B pop ebx :00404DCB 5E pop esi :00404DCC 5F pop edi :00404DCD C3 ret :00404DCE 6A02 push 00000002 :00404DD0 E876C4FFFF call 0040124B :00404DD5 59 pop ecx :00404DD6 C3 ret * Referenced by a CALL at Addresses: |:0040347E , :00403FB9 | :00404DD7 55 push ebp :00404DD8 8BEC mov ebp, esp :00404DDA 6AFF push FFFFFFFF :00404DDC 6860644000 push 00406460 :00404DE1 6870304000 push 00403070 :00404DE6 64A100000000 mov eax, dword ptr fs:[00000000] :00404DEC 50 push eax :00404DED 64892500000000 mov dword ptr fs:[00000000], esp :00404DF4 83EC18 sub esp, 00000018 :00404DF7 53 push ebx :00404DF8 56 push esi :00404DF9 57 push edi :00404DFA 8965E8 mov dword ptr [ebp-18], esp :00404DFD A1DC7A4000 mov eax, dword ptr [00407ADC] :00404E02 33DB xor ebx, ebx :00404E04 3BC3 cmp eax, ebx :00404E06 753E jne 00404E46 :00404E08 8D45E4 lea eax, dword ptr [ebp-1C] :00404E0B 50 push eax :00404E0C 6A01 push 00000001 :00404E0E 5E pop esi :00404E0F 56 push esi :00404E10 6858644000 push 00406458 :00404E15 56 push esi * Reference To: KERNEL32.GetStringTypeW, Ord:0156h | :00404E16 FF1580604000 Call dword ptr [00406080] :00404E1C 85C0 test eax, eax :00404E1E 7404 je 00404E24 :00404E20 8BC6 mov eax, esi :00404E22 EB1D jmp 00404E41 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00404E1E(C) | :00404E24 8D45E4 lea eax, dword ptr [ebp-1C] :00404E27 50 push eax :00404E28 56 push esi :00404E29 6854644000 push 00406454 :00404E2E 56 push esi :00404E2F 53 push ebx * Reference To: KERNEL32.GetStringTypeA, Ord:0153h | :00404E30 FF157C604000 Call dword ptr [0040607C] :00404E36 85C0 test eax, eax :00404E38 0F84CE000000 je 00404F0C :00404E3E 6A02 push 00000002 :00404E40 58 pop eax * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00404E22(U) | :00404E41 A3DC7A4000 mov dword ptr [00407ADC], eax * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00404E06(C) | :00404E46 83F802 cmp eax, 00000002 :00404E49 7524 jne 00404E6F :00404E4B 8B451C mov eax, dword ptr [ebp+1C] :00404E4E 3BC3 cmp eax, ebx :00404E50 7505 jne 00404E57 :00404E52 A1C47A4000 mov eax, dword ptr [00407AC4] * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00404E50(C) | :00404E57 FF7514 push [ebp+14] :00404E5A FF7510 push [ebp+10] :00404E5D FF750C push [ebp+0C] :00404E60 FF7508 push [ebp+08] :00404E63 50 push eax * Reference To: KERNEL32.GetStringTypeA, Ord:0153h | :00404E64 FF157C604000 Call dword ptr [0040607C] :00404E6A E99F000000 jmp 00404F0E * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00404E49(C) | :00404E6F 83F801 cmp eax, 00000001 :00404E72 0F8594000000 jne 00404F0C :00404E78 395D18 cmp dword ptr [ebp+18], ebx :00404E7B 7508 jne 00404E85 :00404E7D A1D47A4000 mov eax, dword ptr [00407AD4] :00404E82 894518 mov dword ptr [ebp+18], eax * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00404E7B(C) | :00404E85 53 push ebx :00404E86 53 push ebx :00404E87 FF7510 push [ebp+10] :00404E8A FF750C push [ebp+0C] :00404E8D 8B4520 mov eax, dword ptr [ebp+20] :00404E90 F7D8 neg eax :00404E92 1BC0 sbb eax, eax :00404E94 83E008 and eax, 00000008 :00404E97 40 inc eax :00404E98 50 push eax :00404E99 FF7518 push [ebp+18] * Reference To: KERNEL32.MultiByteToWideChar, Ord:01E4h | :00404E9C FF1558604000 Call dword ptr [00406058] :00404EA2 8945E0 mov dword ptr [ebp-20], eax :00404EA5 3BC3 cmp eax, ebx :00404EA7 7463 je 00404F0C :00404EA9 895DFC mov dword ptr [ebp-04], ebx :00404EAC 8D3C00 lea edi, dword ptr [eax+eax] :00404EAF 8BC7 mov eax, edi :00404EB1 83C003 add eax, 00000003 :00404EB4 24FC and al, FC :00404EB6 E8450B0000 call 00405A00 :00404EBB 8965E8 mov dword ptr [ebp-18], esp :00404EBE 8BF4 mov esi, esp :00404EC0 8975DC mov dword ptr [ebp-24], esi :00404EC3 57 push edi :00404EC4 53 push ebx :00404EC5 56 push esi :00404EC6 E8D5E4FFFF call 004033A0 :00404ECB 83C40C add esp, 0000000C :00404ECE EB0B jmp 00404EDB :00404ED0 6A01 push 00000001 :00404ED2 58 pop eax :00404ED3 C3 ret :00404ED4 8B65E8 mov esp, dword ptr [ebp-18] :00404ED7 33DB xor ebx, ebx :00404ED9 33F6 xor esi, esi * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00404ECE(U) | :00404EDB 834DFCFF or dword ptr [ebp-04], FFFFFFFF :00404EDF 3BF3 cmp esi, ebx :00404EE1 7429 je 00404F0C :00404EE3 FF75E0 push [ebp-20] :00404EE6 56 push esi :00404EE7 FF7510 push [ebp+10] :00404EEA FF750C push [ebp+0C] :00404EED 6A01 push 00000001 :00404EEF FF7518 push [ebp+18] * Reference To: KERNEL32.MultiByteToWideChar, Ord:01E4h | :00404EF2 FF1558604000 Call dword ptr [00406058] :00404EF8 3BC3 cmp eax, ebx :00404EFA 7410 je 00404F0C :00404EFC FF7514 push [ebp+14] :00404EFF 50 push eax :00404F00 56 push esi :00404F01 FF7508 push [ebp+08] * Reference To: KERNEL32.GetStringTypeW, Ord:0156h | :00404F04 FF1580604000 Call dword ptr [00406080] :00404F0A EB02 jmp 00404F0E * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00404E38(C), :00404E72(C), :00404EA7(C), :00404EE1(C), :00404EFA(C) | :00404F0C 33C0 xor eax, eax * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00404E6A(U), :00404F0A(U) | :00404F0E 8D65CC lea esp, dword ptr [ebp-34] :00404F11 8B4DF0 mov ecx, dword ptr [ebp-10] :00404F14 64890D00000000 mov dword ptr fs:[00000000], ecx :00404F1B 5F pop edi :00404F1C 5E pop esi :00404F1D 5B pop ebx :00404F1E C9 leave :00404F1F C3 ret * Referenced by a CALL at Address: |:00403547 | :00404F20 55 push ebp :00404F21 8BEC mov ebp, esp :00404F23 83EC0C sub esp, 0000000C :00404F26 53 push ebx :00404F27 56 push esi :00404F28 8B7508 mov esi, dword ptr [ebp+08] :00404F2B 57 push edi :00404F2C 3B35407E4000 cmp esi, dword ptr [00407E40] :00404F32 0F83C5010000 jnb 004050FD :00404F38 8BC6 mov eax, esi :00404F3A 83E61F and esi, 0000001F :00404F3D C1F805 sar eax, 05 :00404F40 C1E603 shl esi, 03 :00404F43 8D1C85407D4000 lea ebx, dword ptr [4*eax+00407D40] :00404F4A 8B0485407D4000 mov eax, dword ptr [4*eax+00407D40] :00404F51 03C6 add eax, esi :00404F53 8A5004 mov dl, byte ptr [eax+04] :00404F56 F6C201 test dl, 01 :00404F59 0F849E010000 je 004050FD :00404F5F 8365F800 and dword ptr [ebp-08], 00000000 :00404F63 8B7D0C mov edi, dword ptr [ebp+0C] :00404F66 837D1000 cmp dword ptr [ebp+10], 00000000 :00404F6A 8BCF mov ecx, edi :00404F6C 7467 je 00404FD5 :00404F6E F6C202 test dl, 02 :00404F71 7562 jne 00404FD5 :00404F73 F6C248 test dl, 48 :00404F76 741D je 00404F95 :00404F78 8A4005 mov al, byte ptr [eax+05] :00404F7B 3C0A cmp al, 0A :00404F7D 7416 je 00404F95 :00404F7F FF4D10 dec [ebp+10] :00404F82 8807 mov byte ptr [edi], al :00404F84 8B03 mov eax, dword ptr [ebx] :00404F86 8D4F01 lea ecx, dword ptr [edi+01] :00404F89 C745F801000000 mov [ebp-08], 00000001 :00404F90 C64430050A mov [eax+esi+05], 0A * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00404F76(C), :00404F7D(C) | :00404F95 8D45F4 lea eax, dword ptr [ebp-0C] :00404F98 6A00 push 00000000 :00404F9A 50 push eax :00404F9B 8B03 mov eax, dword ptr [ebx] :00404F9D FF7510 push [ebp+10] :00404FA0 51 push ecx :00404FA1 FF3430 push dword ptr [eax+esi] * Reference To: KERNEL32.ReadFile, Ord:0218h | :00404FA4 FF1588604000 Call dword ptr [00406088] :00404FAA 85C0 test eax, eax :00404FAC 753A jne 00404FE8 * Reference To: KERNEL32.GetLastError, Ord:011Ah | :00404FAE FF1584604000 Call dword ptr [00406084] :00404FB4 6A05 push 00000005 :00404FB6 59 pop ecx :00404FB7 3BC1 cmp eax, ecx :00404FB9 7515 jne 00404FD0 :00404FBB C7055079400009000000 mov dword ptr [00407950], 00000009 :00404FC5 890D54794000 mov dword ptr [00407954], ecx :00404FCB E93E010000 jmp 0040510E * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00404FB9(C) | :00404FD0 83F86D cmp eax, 0000006D :00404FD3 7507 jne 00404FDC * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00404F6C(C), :00404F71(C) | :00404FD5 33C0 xor eax, eax :00404FD7 E935010000 jmp 00405111 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00404FD3(C) | :00404FDC 50 push eax :00404FDD E84D0A0000 call 00405A2F :00404FE2 59 pop ecx :00404FE3 E926010000 jmp 0040510E * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00404FAC(C) | :00404FE8 8B03 mov eax, dword ptr [ebx] :00404FEA 8B55F4 mov edx, dword ptr [ebp-0C] :00404FED 0155F8 add dword ptr [ebp-08], edx :00404FF0 8D4C3004 lea ecx, dword ptr [eax+esi+04] :00404FF4 8A443004 mov al, byte ptr [eax+esi+04] :00404FF8 A880 test al, 80 :00404FFA 0F84F8000000 je 004050F8 :00405000 85D2 test edx, edx :00405002 7409 je 0040500D :00405004 803F0A cmp byte ptr [edi], 0A :00405007 7504 jne 0040500D :00405009 0C04 or al, 04 :0040500B EB02 jmp 0040500F * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00405002(C), :00405007(C) | :0040500D 24FB and al, FB * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0040500B(U) | :0040500F 8801 mov byte ptr [ecx], al :00405011 8B450C mov eax, dword ptr [ebp+0C] :00405014 8B4DF8 mov ecx, dword ptr [ebp-08] :00405017 894510 mov dword ptr [ebp+10], eax :0040501A 03C8 add ecx, eax :0040501C 3BC1 cmp eax, ecx :0040501E 894DF8 mov dword ptr [ebp-08], ecx :00405021 0F83CB000000 jnb 004050F2 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004050DA(C) | :00405027 8B4510 mov eax, dword ptr [ebp+10] :0040502A 8A00 mov al, byte ptr [eax] :0040502C 3C1A cmp al, 1A :0040502E 0F84AE000000 je 004050E2 :00405034 3C0D cmp al, 0D :00405036 740B je 00405043 :00405038 8807 mov byte ptr [edi], al :0040503A 47 inc edi :0040503B FF4510 inc [ebp+10] :0040503E E991000000 jmp 004050D4 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00405036(C) | :00405043 49 dec ecx :00405044 394D10 cmp dword ptr [ebp+10], ecx :00405047 7318 jnb 00405061 :00405049 8B4510 mov eax, dword ptr [ebp+10] :0040504C 40 inc eax :0040504D 80380A cmp byte ptr [eax], 0A :00405050 7506 jne 00405058 :00405052 83451002 add dword ptr [ebp+10], 00000002 :00405056 EB5E jmp 004050B6 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00405050(C) | :00405058 C6070D mov byte ptr [edi], 0D :0040505B 47 inc edi :0040505C 894510 mov dword ptr [ebp+10], eax :0040505F EB73 jmp 004050D4 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00405047(C) | :00405061 8D45F4 lea eax, dword ptr [ebp-0C] :00405064 6A00 push 00000000 :00405066 50 push eax :00405067 FF4510 inc [ebp+10] :0040506A 8D45FF lea eax, dword ptr [ebp-01] :0040506D 6A01 push 00000001 :0040506F 50 push eax :00405070 8B03 mov eax, dword ptr [ebx] :00405072 FF3430 push dword ptr [eax+esi] * Reference To: KERNEL32.ReadFile, Ord:0218h | :00405075 FF1588604000 Call dword ptr [00406088] :0040507B 85C0 test eax, eax :0040507D 750A jne 00405089 * Reference To: KERNEL32.GetLastError, Ord:011Ah | :0040507F FF1584604000 Call dword ptr [00406084] :00405085 85C0 test eax, eax :00405087 7547 jne 004050D0 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0040507D(C) | :00405089 837DF400 cmp dword ptr [ebp-0C], 00000000 :0040508D 7441 je 004050D0 :0040508F 8B03 mov eax, dword ptr [ebx] :00405091 F644300448 test [eax+esi+04], 48 :00405096 7413 je 004050AB :00405098 8A45FF mov al, byte ptr [ebp-01] :0040509B 3C0A cmp al, 0A :0040509D 7417 je 004050B6 :0040509F C6070D mov byte ptr [edi], 0D :004050A2 8B0B mov ecx, dword ptr [ebx] :004050A4 47 inc edi :004050A5 88443105 mov byte ptr [ecx+esi+05], al :004050A9 EB29 jmp 004050D4 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00405096(C) | :004050AB 3B7D0C cmp edi, dword ptr [ebp+0C] :004050AE 750B jne 004050BB :004050B0 807DFF0A cmp byte ptr [ebp-01], 0A :004050B4 7505 jne 004050BB * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00405056(U), :0040509D(C) | :004050B6 C6070A mov byte ptr [edi], 0A :004050B9 EB18 jmp 004050D3 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:004050AE(C), :004050B4(C) | :004050BB 6A01 push 00000001 :004050BD 6AFF push FFFFFFFF :004050BF FF7508 push [ebp+08] :004050C2 E808030000 call 004053CF :004050C7 83C40C add esp, 0000000C :004050CA 807DFF0A cmp byte ptr [ebp-01], 0A :004050CE 7404 je 004050D4 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00405087(C), :0040508D(C) | :004050D0 C6070D mov byte ptr [edi], 0D * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004050B9(U) | :004050D3 47 inc edi * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:0040503E(U), :0040505F(U), :004050A9(U), :004050CE(C) | :004050D4 8B4DF8 mov ecx, dword ptr [ebp-08] :004050D7 394D10 cmp dword ptr [ebp+10], ecx :004050DA 0F8247FFFFFF jb 00405027 :004050E0 EB10 jmp 004050F2 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0040502E(C) | :004050E2 8B03 mov eax, dword ptr [ebx] :004050E4 8D743004 lea esi, dword ptr [eax+esi+04] :004050E8 8A06 mov al, byte ptr [esi] :004050EA A840 test al, 40 :004050EC 7504 jne 004050F2 :004050EE 0C02 or al, 02 :004050F0 8806 mov byte ptr [esi], al * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00405021(C), :004050E0(U), :004050EC(C) | :004050F2 2B7D0C sub edi, dword ptr [ebp+0C] :004050F5 897DF8 mov dword ptr [ebp-08], edi * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00404FFA(C) | :004050F8 8B45F8 mov eax, dword ptr [ebp-08] :004050FB EB14 jmp 00405111 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00404F32(C), :00404F59(C) | :004050FD 83255479400000 and dword ptr [00407954], 00000000 :00405104 C7055079400009000000 mov dword ptr [00407950], 00000009 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00404FCB(U), :00404FE3(U) | :0040510E 83C8FF or eax, FFFFFFFF * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00404FD7(U), :004050FB(U) | :00405111 5F pop edi :00405112 5E pop esi :00405113 5B pop ebx :00405114 C9 leave :00405115 C3 ret * Referenced by a CALL at Addresses: |:00403531 , :004035FD , :00403B11 | :00405116 FF0544794000 inc dword ptr [00407944] :0040511C 6800100000 push 00001000 :00405121 E802E7FFFF call 00403828 :00405126 59 pop ecx :00405127 8B4C2404 mov ecx, dword ptr [esp+04] :0040512B 85C0 test eax, eax :0040512D 894108 mov dword ptr [ecx+08], eax :00405130 740D je 0040513F :00405132 83490C08 or dword ptr [ecx+0C], 00000008 :00405136 C7411800100000 mov [ecx+18], 00001000 :0040513D EB11 jmp 00405150 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00405130(C) | :0040513F 83490C04 or dword ptr [ecx+0C], 00000004 :00405143 8D4114 lea eax, dword ptr [ecx+14] :00405146 894108 mov dword ptr [ecx+08], eax :00405149 C7411802000000 mov [ecx+18], 00000002 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0040513D(U) | :00405150 8B4108 mov eax, dword ptr [ecx+08] :00405153 83610400 and dword ptr [ecx+04], 00000000 :00405157 8901 mov dword ptr [ecx], eax :00405159 C3 ret * Referenced by a CALL at Addresses: |:004036A1 , :00403859 | :0040515A A1E07A4000 mov eax, dword ptr [00407AE0] :0040515F 85C0 test eax, eax :00405161 740F je 00405172 :00405163 FF742404 push [esp+04] :00405167 FFD0 call eax :00405169 85C0 test eax, eax :0040516B 59 pop ecx :0040516C 7404 je 00405172 :0040516E 6A01 push 00000001 :00405170 58 pop eax :00405171 C3 ret * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00405161(C), :0040516C(C) | :00405172 33C0 xor eax, eax :00405174 C3 ret * Referenced by a CALL at Address: |:004036E5 | :00405175 56 push esi :00405176 8B742408 mov esi, dword ptr [esp+08] :0040517A 57 push edi :0040517B 83CFFF or edi, FFFFFFFF :0040517E 8B460C mov eax, dword ptr [esi+0C] :00405181 A840 test al, 40 :00405183 7405 je 0040518A :00405185 83C8FF or eax, FFFFFFFF :00405188 EB3A jmp 004051C4 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00405183(C) | :0040518A A883 test al, 83 :0040518C 7434 je 004051C2 :0040518E 56 push esi :0040518F E8C2E5FFFF call 00403756 :00405194 56 push esi :00405195 8BF8 mov edi, eax :00405197 E8AD090000 call 00405B49 :0040519C FF7610 push [esi+10] :0040519F E8F2080000 call 00405A96 :004051A4 83C40C add esp, 0000000C :004051A7 85C0 test eax, eax :004051A9 7D05 jge 004051B0 :004051AB 83CFFF or edi, FFFFFFFF :004051AE EB12 jmp 004051C2 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004051A9(C) | :004051B0 8B461C mov eax, dword ptr [esi+1C] :004051B3 85C0 test eax, eax :004051B5 740B je 004051C2 :004051B7 50 push eax :004051B8 E8FDE9FFFF call 00403BBA :004051BD 83661C00 and dword ptr [esi+1C], 00000000 :004051C1 59 pop ecx * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:0040518C(C), :004051AE(U), :004051B5(C) | :004051C2 8BC7 mov eax, edi * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00405188(U) | :004051C4 83660C00 and dword ptr [esi+0C], 00000000 :004051C8 5F pop edi :004051C9 5E pop esi :004051CA C3 ret * Referenced by a CALL at Address: |:00403746 | :004051CB 8B442404 mov eax, dword ptr [esp+04] :004051CF 3B05407E4000 cmp eax, dword ptr [00407E40] :004051D5 733D jnb 00405214 :004051D7 8BC8 mov ecx, eax :004051D9 8BD0 mov edx, eax :004051DB C1F905 sar ecx, 05 :004051DE 83E21F and edx, 0000001F :004051E1 8B0C8D407D4000 mov ecx, dword ptr [4*ecx+00407D40] :004051E8 F644D10401 test [ecx+8*edx+04], 01 :004051ED 7425 je 00405214 :004051EF 50 push eax :004051F0 E8F9090000 call 00405BEE :004051F5 59 pop ecx :004051F6 50 push eax * Reference To: KERNEL32.FlushFileBuffers, Ord:00AAh | :004051F7 FF158C604000 Call dword ptr [0040608C] :004051FD 85C0 test eax, eax :004051FF 7508 jne 00405209 * Reference To: KERNEL32.GetLastError, Ord:011Ah | :00405201 FF1584604000 Call dword ptr [00406084] :00405207 EB02 jmp 0040520B * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004051FF(C) | :00405209 33C0 xor eax, eax * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00405207(U) | :0040520B 85C0 test eax, eax :0040520D 7412 je 00405221 :0040520F A354794000 mov dword ptr [00407954], eax * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:004051D5(C), :004051ED(C) | :00405214 C7055079400009000000 mov dword ptr [00407950], 00000009 :0040521E 83C8FF or eax, FFFFFFFF * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0040520D(C) | :00405221 C3 ret * Referenced by a CALL at Addresses: |:00403782 , :00403B3A , :00403B8D | :00405222 55 push ebp :00405223 8BEC mov ebp, esp :00405225 81EC14040000 sub esp, 00000414 :0040522B 8B4D08 mov ecx, dword ptr [ebp+08] :0040522E 53 push ebx :0040522F 3B0D407E4000 cmp ecx, dword ptr [00407E40] :00405235 56 push esi :00405236 57 push edi :00405237 0F8379010000 jnb 004053B6 :0040523D 8BC1 mov eax, ecx :0040523F 8BF1 mov esi, ecx :00405241 C1F805 sar eax, 05 :00405244 83E61F and esi, 0000001F :00405247 8D1C85407D4000 lea ebx, dword ptr [4*eax+00407D40] :0040524E C1E603 shl esi, 03 :00405251 8B03 mov eax, dword ptr [ebx] :00405253 8A443004 mov al, byte ptr [eax+esi+04] :00405257 A801 test al, 01 :00405259 0F8457010000 je 004053B6 :0040525F 33FF xor edi, edi :00405261 397D10 cmp dword ptr [ebp+10], edi :00405264 897DF8 mov dword ptr [ebp-08], edi :00405267 897DF0 mov dword ptr [ebp-10], edi :0040526A 7507 jne 00405273 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00405399(C) | :0040526C 33C0 xor eax, eax :0040526E E957010000 jmp 004053CA * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0040526A(C) | :00405273 A820 test al, 20 :00405275 740C je 00405283 :00405277 6A02 push 00000002 :00405279 57 push edi :0040527A 51 push ecx :0040527B E84F010000 call 004053CF :00405280 83C40C add esp, 0000000C * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00405275(C) | :00405283 8B03 mov eax, dword ptr [ebx] :00405285 03C6 add eax, esi :00405287 F6400480 test [eax+04], 80 :0040528B 0F84C1000000 je 00405352 :00405291 8B450C mov eax, dword ptr [ebp+0C] :00405294 397D10 cmp dword ptr [ebp+10], edi :00405297 8945FC mov dword ptr [ebp-04], eax :0040529A 897D08 mov dword ptr [ebp+08], edi :0040529D 0F86E7000000 jbe 0040538A * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00405317(C) | :004052A3 8D85ECFBFFFF lea eax, dword ptr [ebp+FFFFFBEC] * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004052DB(C) | :004052A9 8B4DFC mov ecx, dword ptr [ebp-04] :004052AC 2B4D0C sub ecx, dword ptr [ebp+0C] :004052AF 3B4D10 cmp ecx, dword ptr [ebp+10] :004052B2 7329 jnb 004052DD :004052B4 8B4DFC mov ecx, dword ptr [ebp-04] :004052B7 FF45FC inc [ebp-04] :004052BA 8A09 mov cl, byte ptr [ecx] :004052BC 80F90A cmp cl, 0A :004052BF 7507 jne 004052C8 :004052C1 FF45F0 inc [ebp-10] :004052C4 C6000D mov byte ptr [eax], 0D :004052C7 40 inc eax * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004052BF(C) | :004052C8 8808 mov byte ptr [eax], cl :004052CA 40 inc eax :004052CB 8BC8 mov ecx, eax :004052CD 8D95ECFBFFFF lea edx, dword ptr [ebp+FFFFFBEC] :004052D3 2BCA sub ecx, edx :004052D5 81F900040000 cmp ecx, 00000400 :004052DB 7CCC jl 004052A9 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004052B2(C) | :004052DD 8BF8 mov edi, eax :004052DF 8D85ECFBFFFF lea eax, dword ptr [ebp+FFFFFBEC] :004052E5 2BF8 sub edi, eax :004052E7 8D45F4 lea eax, dword ptr [ebp-0C] :004052EA 6A00 push 00000000 :004052EC 50 push eax :004052ED 8D85ECFBFFFF lea eax, dword ptr [ebp+FFFFFBEC] :004052F3 57 push edi :004052F4 50 push eax :004052F5 8B03 mov eax, dword ptr [ebx] :004052F7 FF3430 push dword ptr [eax+esi] * Reference To: KERNEL32.WriteFile, Ord:02DFh | :004052FA FF1554604000 Call dword ptr [00406054] :00405300 85C0 test eax, eax :00405302 7443 je 00405347 :00405304 8B45F4 mov eax, dword ptr [ebp-0C] :00405307 0145F8 add dword ptr [ebp-08], eax :0040530A 3BC7 cmp eax, edi :0040530C 7C0B jl 00405319 :0040530E 8B45FC mov eax, dword ptr [ebp-04] :00405311 2B450C sub eax, dword ptr [ebp+0C] :00405314 3B4510 cmp eax, dword ptr [ebp+10] :00405317 728A jb 004052A3 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:0040530C(C), :00405350(U) | :00405319 33FF xor edi, edi * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00405372(U), :0040537D(U) | :0040531B 8B45F8 mov eax, dword ptr [ebp-08] :0040531E 3BC7 cmp eax, edi :00405320 0F858B000000 jne 004053B1 :00405326 397D08 cmp dword ptr [ebp+08], edi :00405329 745F je 0040538A :0040532B 6A05 push 00000005 :0040532D 58 pop eax :0040532E 394508 cmp dword ptr [ebp+08], eax :00405331 754C jne 0040537F :00405333 C7055079400009000000 mov dword ptr [00407950], 00000009 :0040533D A354794000 mov dword ptr [00407954], eax :00405342 E980000000 jmp 004053C7 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00405302(C) | * Reference To: KERNEL32.GetLastError, Ord:011Ah | :00405347 FF1584604000 Call dword ptr [00406084] :0040534D 894508 mov dword ptr [ebp+08], eax :00405350 EBC7 jmp 00405319 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0040528B(C) | :00405352 8D4DF4 lea ecx, dword ptr [ebp-0C] :00405355 57 push edi :00405356 51 push ecx :00405357 FF7510 push [ebp+10] :0040535A FF750C push [ebp+0C] :0040535D FF30 push dword ptr [eax] * Reference To: KERNEL32.WriteFile, Ord:02DFh | :0040535F FF1554604000 Call dword ptr [00406054] :00405365 85C0 test eax, eax :00405367 740B je 00405374 :00405369 8B45F4 mov eax, dword ptr [ebp-0C] :0040536C 897D08 mov dword ptr [ebp+08], edi :0040536F 8945F8 mov dword ptr [ebp-08], eax :00405372 EBA7 jmp 0040531B * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00405367(C) | * Reference To: KERNEL32.GetLastError, Ord:011Ah | :00405374 FF1584604000 Call dword ptr [00406084] :0040537A 894508 mov dword ptr [ebp+08], eax :0040537D EB9C jmp 0040531B * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00405331(C) | :0040537F FF7508 push [ebp+08] :00405382 E8A8060000 call 00405A2F :00405387 59 pop ecx :00405388 EB3D jmp 004053C7 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:0040529D(C), :00405329(C) | :0040538A 8B03 mov eax, dword ptr [ebx] :0040538C F644300440 test [eax+esi+04], 40 :00405391 740C je 0040539F :00405393 8B450C mov eax, dword ptr [ebp+0C] :00405396 80381A cmp byte ptr [eax], 1A :00405399 0F84CDFEFFFF je 0040526C * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00405391(C) | :0040539F C705507940001C000000 mov dword ptr [00407950], 0000001C :004053A9 893D54794000 mov dword ptr [00407954], edi :004053AF EB16 jmp 004053C7 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00405320(C) | :004053B1 2B45F0 sub eax, dword ptr [ebp-10] :004053B4 EB14 jmp 004053CA * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00405237(C), :00405259(C) | :004053B6 83255479400000 and dword ptr [00407954], 00000000 :004053BD C7055079400009000000 mov dword ptr [00407950], 00000009 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00405342(U), :00405388(U), :004053AF(U) | :004053C7 83C8FF or eax, FFFFFFFF * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:0040526E(U), :004053B4(U) | :004053CA 5F pop edi :004053CB 5E pop esi :004053CC 5B pop ebx :004053CD C9 leave :004053CE C3 ret * Referenced by a CALL at Addresses: |:00403B72 , :004050C2 , :0040527B | :004053CF 8B442404 mov eax, dword ptr [esp+04] :004053D3 53 push ebx :004053D4 3B05407E4000 cmp eax, dword ptr [00407E40] :004053DA 56 push esi :004053DB 57 push edi :004053DC 7373 jnb 00405451 :004053DE 8BC8 mov ecx, eax :004053E0 8BF0 mov esi, eax :004053E2 C1F905 sar ecx, 05 :004053E5 83E61F and esi, 0000001F :004053E8 8D3C8D407D4000 lea edi, dword ptr [4*ecx+00407D40] :004053EF C1E603 shl esi, 03 :004053F2 8B0F mov ecx, dword ptr [edi] :004053F4 F644310401 test [ecx+esi+04], 01 :004053F9 7456 je 00405451 :004053FB 50 push eax :004053FC E8ED070000 call 00405BEE :00405401 83F8FF cmp eax, FFFFFFFF :00405404 59 pop ecx :00405405 750C jne 00405413 :00405407 C7055079400009000000 mov dword ptr [00407950], 00000009 :00405411 EB4F jmp 00405462 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00405405(C) | :00405413 FF742418 push [esp+18] :00405417 6A00 push 00000000 :00405419 FF74241C push [esp+1C] :0040541D 50 push eax * Reference To: KERNEL32.SetFilePointer, Ord:026Ah | :0040541E FF1590604000 Call dword ptr [00406090] :00405424 8BD8 mov ebx, eax :00405426 83FBFF cmp ebx, FFFFFFFF :00405429 7508 jne 00405433 * Reference To: KERNEL32.GetLastError, Ord:011Ah | :0040542B FF1584604000 Call dword ptr [00406084] :00405431 EB02 jmp 00405435 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00405429(C) | :00405433 33C0 xor eax, eax * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00405431(U) | :00405435 85C0 test eax, eax :00405437 7409 je 00405442 :00405439 50 push eax :0040543A E8F0050000 call 00405A2F :0040543F 59 pop ecx :00405440 EB20 jmp 00405462 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00405437(C) | :00405442 8B07 mov eax, dword ptr [edi] :00405444 80643004FD and byte ptr [eax+esi+04], FD :00405449 8D443004 lea eax, dword ptr [eax+esi+04] :0040544D 8BC3 mov eax, ebx :0040544F EB14 jmp 00405465 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:004053DC(C), :004053F9(C) | :00405451 83255479400000 and dword ptr [00407954], 00000000 :00405458 C7055079400009000000 mov dword ptr [00407950], 00000009 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00405411(U), :00405440(U) | :00405462 83C8FF or eax, FFFFFFFF * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0040544F(U) | :00405465 5F pop edi :00405466 5E pop esi :00405467 5B pop ebx :00405468 C3 ret * Referenced by a CALL at Addresses: |:00403FDD , :00404005 | :00405469 55 push ebp :0040546A 8BEC mov ebp, esp :0040546C 6AFF push FFFFFFFF :0040546E 6870644000 push 00406470 :00405473 6870304000 push 00403070 :00405478 64A100000000 mov eax, dword ptr fs:[00000000] :0040547E 50 push eax :0040547F 64892500000000 mov dword ptr fs:[00000000], esp :00405486 83EC1C sub esp, 0000001C :00405489 53 push ebx :0040548A 56 push esi :0040548B 57 push edi :0040548C 8965E8 mov dword ptr [ebp-18], esp :0040548F 33FF xor edi, edi :00405491 393DE87A4000 cmp dword ptr [00407AE8], edi :00405497 7546 jne 004054DF :00405499 57 push edi :0040549A 57 push edi :0040549B 6A01 push 00000001 :0040549D 5B pop ebx :0040549E 53 push ebx :0040549F 6858644000 push 00406458 :004054A4 BE00010000 mov esi, 00000100 :004054A9 56 push esi :004054AA 57 push edi * Reference To: KERNEL32.LCMapStringW, Ord:01C0h | :004054AB FF1598604000 Call dword ptr [00406098] :004054B1 85C0 test eax, eax :004054B3 7408 je 004054BD :004054B5 891DE87A4000 mov dword ptr [00407AE8], ebx :004054BB EB22 jmp 004054DF * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004054B3(C) | :004054BD 57 push edi :004054BE 57 push edi :004054BF 53 push ebx :004054C0 6854644000 push 00406454 :004054C5 56 push esi :004054C6 57 push edi * Reference To: KERNEL32.LCMapStringA, Ord:01BFh | :004054C7 FF1594604000 Call dword ptr [00406094] :004054CD 85C0 test eax, eax :004054CF 0F8422010000 je 004055F7 :004054D5 C705E87A400002000000 mov dword ptr [00407AE8], 00000002 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00405497(C), :004054BB(U) | :004054DF 397D14 cmp dword ptr [ebp+14], edi :004054E2 7E10 jle 004054F4 :004054E4 FF7514 push [ebp+14] :004054E7 FF7510 push [ebp+10] :004054EA E89E010000 call 0040568D :004054EF 59 pop ecx :004054F0 59 pop ecx :004054F1 894514 mov dword ptr [ebp+14], eax * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004054E2(C) | :004054F4 A1E87A4000 mov eax, dword ptr [00407AE8] :004054F9 83F802 cmp eax, 00000002 :004054FC 751D jne 0040551B :004054FE FF751C push [ebp+1C] :00405501 FF7518 push [ebp+18] :00405504 FF7514 push [ebp+14] :00405507 FF7510 push [ebp+10] :0040550A FF750C push [ebp+0C] :0040550D FF7508 push [ebp+08] * Reference To: KERNEL32.LCMapStringA, Ord:01BFh | :00405510 FF1594604000 Call dword ptr [00406094] :00405516 E9DE000000 jmp 004055F9 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004054FC(C) | :0040551B 83F801 cmp eax, 00000001 :0040551E 0F85D3000000 jne 004055F7 :00405524 397D20 cmp dword ptr [ebp+20], edi :00405527 7508 jne 00405531 :00405529 A1D47A4000 mov eax, dword ptr [00407AD4] :0040552E 894520 mov dword ptr [ebp+20], eax * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00405527(C) | :00405531 57 push edi :00405532 57 push edi :00405533 FF7514 push [ebp+14] :00405536 FF7510 push [ebp+10] :00405539 8B4524 mov eax, dword ptr [ebp+24] :0040553C F7D8 neg eax :0040553E 1BC0 sbb eax, eax :00405540 83E008 and eax, 00000008 :00405543 40 inc eax :00405544 50 push eax :00405545 FF7520 push [ebp+20] * Reference To: KERNEL32.MultiByteToWideChar, Ord:01E4h | :00405548 FF1558604000 Call dword ptr [00406058] :0040554E 8BD8 mov ebx, eax :00405550 895DE4 mov dword ptr [ebp-1C], ebx :00405553 3BDF cmp ebx, edi :00405555 0F849C000000 je 004055F7 :0040555B 897DFC mov dword ptr [ebp-04], edi :0040555E 8D041B lea eax, dword ptr [ebx+ebx] :00405561 83C003 add eax, 00000003 :00405564 24FC and al, FC :00405566 E895040000 call 00405A00 :0040556B 8965E8 mov dword ptr [ebp-18], esp :0040556E 8BC4 mov eax, esp :00405570 8945DC mov dword ptr [ebp-24], eax :00405573 834DFCFF or dword ptr [ebp-04], FFFFFFFF :00405577 EB13 jmp 0040558C :00405579 6A01 push 00000001 :0040557B 58 pop eax :0040557C C3 ret :0040557D 8B65E8 mov esp, dword ptr [ebp-18] :00405580 33FF xor edi, edi :00405582 897DDC mov dword ptr [ebp-24], edi :00405585 834DFCFF or dword ptr [ebp-04], FFFFFFFF :00405589 8B5DE4 mov ebx, dword ptr [ebp-1C] * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00405577(U) | :0040558C 397DDC cmp dword ptr [ebp-24], edi :0040558F 7466 je 004055F7 :00405591 53 push ebx :00405592 FF75DC push [ebp-24] :00405595 FF7514 push [ebp+14] :00405598 FF7510 push [ebp+10] :0040559B 6A01 push 00000001 :0040559D FF7520 push [ebp+20] * Reference To: KERNEL32.MultiByteToWideChar, Ord:01E4h | :004055A0 FF1558604000 Call dword ptr [00406058] :004055A6 85C0 test eax, eax :004055A8 744D je 004055F7 :004055AA 57 push edi :004055AB 57 push edi :004055AC 53 push ebx :004055AD FF75DC push [ebp-24] :004055B0 FF750C push [ebp+0C] :004055B3 FF7508 push [ebp+08] * Reference To: KERNEL32.LCMapStringW, Ord:01C0h | :004055B6 FF1598604000 Call dword ptr [00406098] :004055BC 8BF0 mov esi, eax :004055BE 8975D8 mov dword ptr [ebp-28], esi :004055C1 3BF7 cmp esi, edi :004055C3 7432 je 004055F7 :004055C5 F6450D04 test [ebp+0D], 04 :004055C9 7440 je 0040560B :004055CB 397D1C cmp dword ptr [ebp+1C], edi :004055CE 0F84B2000000 je 00405686 :004055D4 3B751C cmp esi, dword ptr [ebp+1C] :004055D7 7F1E jg 004055F7 :004055D9 FF751C push [ebp+1C] :004055DC FF7518 push [ebp+18] :004055DF 53 push ebx :004055E0 FF75DC push [ebp-24] :004055E3 FF750C push [ebp+0C] :004055E6 FF7508 push [ebp+08] * Reference To: KERNEL32.LCMapStringW, Ord:01C0h | :004055E9 FF1598604000 Call dword ptr [00406098] :004055EF 85C0 test eax, eax :004055F1 0F858F000000 jne 00405686 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:004054CF(C), :0040551E(C), :00405555(C), :0040558F(C), :004055A8(C) |:004055C3(C), :004055D7(C), :00405641(C), :00405659(C), :00405680(C) | :004055F7 33C0 xor eax, eax * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00405516(U), :00405688(U) | :004055F9 8D65C8 lea esp, dword ptr [ebp-38] :004055FC 8B4DF0 mov ecx, dword ptr [ebp-10] :004055FF 64890D00000000 mov dword ptr fs:[00000000], ecx :00405606 5F pop edi :00405607 5E pop esi :00405608 5B pop ebx :00405609 C9 leave :0040560A C3 ret * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004055C9(C) | :0040560B C745FC01000000 mov [ebp-04], 00000001 :00405612 8D0436 lea eax, dword ptr [esi+esi] :00405615 83C003 add eax, 00000003 :00405618 24FC and al, FC :0040561A E8E1030000 call 00405A00 :0040561F 8965E8 mov dword ptr [ebp-18], esp :00405622 8BDC mov ebx, esp :00405624 895DE0 mov dword ptr [ebp-20], ebx :00405627 834DFCFF or dword ptr [ebp-04], FFFFFFFF :0040562B EB12 jmp 0040563F :0040562D 6A01 push 00000001 :0040562F 58 pop eax :00405630 C3 ret :00405631 8B65E8 mov esp, dword ptr [ebp-18] :00405634 33FF xor edi, edi :00405636 33DB xor ebx, ebx :00405638 834DFCFF or dword ptr [ebp-04], FFFFFFFF :0040563C 8B75D8 mov esi, dword ptr [ebp-28] * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0040562B(U) | :0040563F 3BDF cmp ebx, edi :00405641 74B4 je 004055F7 :00405643 56 push esi :00405644 53 push ebx :00405645 FF75E4 push [ebp-1C] :00405648 FF75DC push [ebp-24] :0040564B FF750C push [ebp+0C] :0040564E FF7508 push [ebp+08] * Reference To: KERNEL32.LCMapStringW, Ord:01C0h | :00405651 FF1598604000 Call dword ptr [00406098] :00405657 85C0 test eax, eax :00405659 749C je 004055F7 :0040565B 397D1C cmp dword ptr [ebp+1C], edi :0040565E 57 push edi :0040565F 57 push edi :00405660 7504 jne 00405666 :00405662 57 push edi :00405663 57 push edi :00405664 EB06 jmp 0040566C * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00405660(C) | :00405666 FF751C push [ebp+1C] :00405669 FF7518 push [ebp+18] * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00405664(U) | :0040566C 56 push esi :0040566D 53 push ebx :0040566E 6820020000 push 00000220 :00405673 FF7520 push [ebp+20] * Reference To: KERNEL32.WideCharToMultiByte, Ord:02D2h | :00405676 FF1524604000 Call dword ptr [00406024] :0040567C 8BF0 mov esi, eax :0040567E 3BF7 cmp esi, edi :00405680 0F8471FFFFFF je 004055F7 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:004055CE(C), :004055F1(C) | :00405686 8BC6 mov eax, esi :00405688 E96CFFFFFF jmp 004055F9 * Referenced by a CALL at Address: |:004054EA | :0040568D 8B542408 mov edx, dword ptr [esp+08] :00405691 8B442404 mov eax, dword ptr [esp+04] :00405695 85D2 test edx, edx :00405697 56 push esi :00405698 8D4AFF lea ecx, dword ptr [edx-01] :0040569B 740D je 004056AA * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004056A8(C) | :0040569D 803800 cmp byte ptr [eax], 00 :004056A0 7408 je 004056AA :004056A2 40 inc eax :004056A3 8BF1 mov esi, ecx :004056A5 49 dec ecx :004056A6 85F6 test esi, esi :004056A8 75F3 jne 0040569D * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:0040569B(C), :004056A0(C) | :004056AA 803800 cmp byte ptr [eax], 00 :004056AD 5E pop esi :004056AE 7505 jne 004056B5 :004056B0 2B442404 sub eax, dword ptr [esp+04] :004056B4 C3 ret * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004056AE(C) | :004056B5 8BC2 mov eax, edx :004056B7 C3 ret :004056B8 CC int 03 :004056B9 CC int 03 :004056BA CC int 03 :004056BB CC int 03 :004056BC CC int 03 :004056BD CC int 03 :004056BE CC int 03 :004056BF CC int 03 * Referenced by a CALL at Address: |:0040474C | :004056C0 55 push ebp :004056C1 8BEC mov ebp, esp :004056C3 57 push edi :004056C4 56 push esi :004056C5 8B750C mov esi, dword ptr [ebp+0C] :004056C8 8B4D10 mov ecx, dword ptr [ebp+10] :004056CB 8B7D08 mov edi, dword ptr [ebp+08] :004056CE 8BC1 mov eax, ecx :004056D0 8BD1 mov edx, ecx :004056D2 03C6 add eax, esi :004056D4 3BFE cmp edi, esi :004056D6 7608 jbe 004056E0 :004056D8 3BF8 cmp edi, eax :004056DA 0F8278010000 jb 00405858 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004056D6(C) | :004056E0 F7C703000000 test edi, 00000003 :004056E6 7514 jne 004056FC :004056E8 C1E902 shr ecx, 02 :004056EB 83E203 and edx, 00000003 :004056EE 83F908 cmp ecx, 00000008 :004056F1 7229 jb 0040571C :004056F3 F3 repz :004056F4 A5 movsd :004056F5 FF249508584000 jmp dword ptr [4*edx+00405808] * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004056E6(C) | :004056FC 8BC7 mov eax, edi :004056FE BA03000000 mov edx, 00000003 :00405703 83E904 sub ecx, 00000004 :00405706 720C jb 00405714 :00405708 83E003 and eax, 00000003 :0040570B 03C8 add ecx, eax :0040570D FF248520574000 jmp dword ptr [4*eax+00405720] * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00405706(C) | :00405714 FF248D18584000 jmp dword ptr [4*ecx+00405818] :0040571B 90 nop * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:004056F1(C), :0040574E(C), :00405774(C), :0040578E(C) | :0040571C FF BYTE ffh :0040571D 24 BYTE 24h :0040571E 8D BYTE 8dh :0040571F 9C BYTE 9ch :00405720 57400090 DWORD 90004057 :00405724 30574000 DWORD 00405730 :00405728 5C574000 DWORD 0040575C :0040572C 80574000 DWORD 00405780 :00405730 23D1 and edx, ecx :00405732 8A06 mov al, byte ptr [esi] :00405734 8807 mov byte ptr [edi], al :00405736 8A4601 mov al, byte ptr [esi+01] :00405739 884701 mov byte ptr [edi+01], al :0040573C 8A4602 mov al, byte ptr [esi+02] :0040573F C1E902 shr ecx, 02 :00405742 884702 mov byte ptr [edi+02], al :00405745 83C603 add esi, 00000003 :00405748 83C703 add edi, 00000003 :0040574B 83F908 cmp ecx, 00000008 :0040574E 72CC jb 0040571C :00405750 F3 repz :00405751 A5 movsd :00405752 FF249508584000 jmp dword ptr [4*edx+00405808] :00405759 8D4900 lea ecx, dword ptr [ecx+00] :0040575C 23D1 and edx, ecx :0040575E 8A06 mov al, byte ptr [esi] :00405760 8807 mov byte ptr [edi], al :00405762 8A4601 mov al, byte ptr [esi+01] :00405765 C1E902 shr ecx, 02 :00405768 884701 mov byte ptr [edi+01], al :0040576B 83C602 add esi, 00000002 :0040576E 83C702 add edi, 00000002 :00405771 83F908 cmp ecx, 00000008 :00405774 72A6 jb 0040571C :00405776 F3 repz :00405777 A5 movsd :00405778 FF249508584000 jmp dword ptr [4*edx+00405808] :0040577F 90 nop :00405780 23D1 and edx, ecx :00405782 8A06 mov al, byte ptr [esi] :00405784 8807 mov byte ptr [edi], al :00405786 46 inc esi :00405787 C1E902 shr ecx, 02 :0040578A 47 inc edi :0040578B 83F908 cmp ecx, 00000008 :0040578E 728C jb 0040571C :00405790 F3 repz :00405791 A5 movsd :00405792 FF249508584000 jmp dword ptr [4*edx+00405808] :00405799 8D4900 lea ecx, dword ptr [ecx+00] :0040579C FF574000 DWORD 004057FF :004057A0 EC574000 DWORD 004057EC :004057A4 E4574000 DWORD 004057E4 :004057A8 DC574000 DWORD 004057DC :004057AC D4574000 DWORD 004057D4 :004057B0 CC574000 DWORD 004057CC :004057B4 C4574000 DWORD 004057C4 :004057B8 BC574000 DWORD 004057BC :004057BC 8B448EE4 mov eax, dword ptr [esi+4*ecx-1C] :004057C0 89448FE4 mov dword ptr [edi+4*ecx-1C], eax :004057C4 8B448EE8 mov eax, dword ptr [esi+4*ecx-18] :004057C8 89448FE8 mov dword ptr [edi+4*ecx-18], eax :004057CC 8B448EEC mov eax, dword ptr [esi+4*ecx-14] :004057D0 89448FEC mov dword ptr [edi+4*ecx-14], eax :004057D4 8B448EF0 mov eax, dword ptr [esi+4*ecx-10] :004057D8 89448FF0 mov dword ptr [edi+4*ecx-10], eax :004057DC 8B448EF4 mov eax, dword ptr [esi+4*ecx-0C] :004057E0 89448FF4 mov dword ptr [edi+4*ecx-0C], eax :004057E4 8B448EF8 mov eax, dword ptr [esi+4*ecx-08] :004057E8 89448FF8 mov dword ptr [edi+4*ecx-08], eax :004057EC 8B448EFC mov eax, dword ptr [esi+4*ecx-04] :004057F0 89448FFC mov dword ptr [edi+4*ecx-04], eax :004057F4 8D048D00000000 lea eax, dword ptr [4*ecx+00000000] :004057FB 03F0 add esi, eax :004057FD 03F8 add edi, eax :004057FF FF249508584000 jmp dword ptr [4*edx+00405808] :00405806 8BFF mov edi, edi :00405808 18584000 DWORD 00405818 :0040580C 20584000 DWORD 00405820 :00405810 2C584000 DWORD 0040582C :00405814 40584000 DWORD 00405840 :00405818 8B45085E DWORD 5E08458B :0040581C 5F pop edi :0040581D C9 leave :0040581E C3 ret :0040581F 90 nop :00405820 8A06 mov al, byte ptr [esi] :00405822 8807 mov byte ptr [edi], al :00405824 8B4508 mov eax, dword ptr [ebp+08] :00405827 5E pop esi :00405828 5F pop edi :00405829 C9 leave :0040582A C3 ret :0040582B 90 nop :0040582C 8A06 mov al, byte ptr [esi] :0040582E 8807 mov byte ptr [edi], al :00405830 8A4601 mov al, byte ptr [esi+01] :00405833 884701 mov byte ptr [edi+01], al :00405836 8B4508 mov eax, dword ptr [ebp+08] :00405839 5E pop esi :0040583A 5F pop edi :0040583B C9 leave :0040583C C3 ret :0040583D 8D4900 lea ecx, dword ptr [ecx+00] :00405840 8A06 mov al, byte ptr [esi] :00405842 8807 mov byte ptr [edi], al :00405844 8A4601 mov al, byte ptr [esi+01] :00405847 884701 mov byte ptr [edi+01], al :0040584A 8A4602 mov al, byte ptr [esi+02] :0040584D 884702 mov byte ptr [edi+02], al :00405850 8B4508 mov eax, dword ptr [ebp+08] :00405853 5E pop esi :00405854 5F pop edi :00405855 C9 leave :00405856 C3 ret :00405857 90 nop * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004056DA(C) | :00405858 8D7431FC lea esi, dword ptr [ecx+esi-04] :0040585C 8D7C39FC lea edi, dword ptr [ecx+edi-04] :00405860 F7C703000000 test edi, 00000003 :00405866 7524 jne 0040588C :00405868 C1E902 shr ecx, 02 :0040586B 83E203 and edx, 00000003 :0040586E 83F908 cmp ecx, 00000008 :00405871 720D jb 00405880 :00405873 FD std :00405874 F3 repz :00405875 A5 movsd :00405876 FC cld :00405877 FF2495A0594000 jmp dword ptr [4*edx+004059A0] :0040587E 8BFF mov edi, edi * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00405871(C), :004058C8(C), :004058F2(C), :00405920(C) | :00405880 F7D9 neg ecx :00405882 FF248D50594000 jmp dword ptr [4*ecx+00405950] :00405889 8D4900 lea ecx, dword ptr [ecx+00] * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00405866(C) | :0040588C 8BC7 mov eax, edi :0040588E BA03000000 mov edx, 00000003 :00405893 83F904 cmp ecx, 00000004 :00405896 720C jb 004058A4 :00405898 83E003 and eax, 00000003 :0040589B 2BC8 sub ecx, eax :0040589D FF2485A8584000 jmp dword ptr [4*eax+004058A8] * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00405896(C) | :004058A4 FF BYTE ffh :004058A5 24 BYTE 24h :004058A6 8D BYTE 8dh :004058A7 A0 BYTE a0h :004058A8 59400090 DWORD 90004059 :004058AC B8584000 DWORD 004058B8 :004058B0 D8584000 DWORD 004058D8 :004058B4 00594000 DWORD 00405900 :004058B8 8A4603 mov al, byte ptr [esi+03] :004058BB 23D1 and edx, ecx :004058BD 884703 mov byte ptr [edi+03], al :004058C0 4E dec esi :004058C1 C1E902 shr ecx, 02 :004058C4 4F dec edi :004058C5 83F908 cmp ecx, 00000008 :004058C8 72B6 jb 00405880 :004058CA FD std :004058CB F3 repz :004058CC A5 movsd :004058CD FC cld :004058CE FF2495A0594000 jmp dword ptr [4*edx+004059A0] :004058D5 8D4900 lea ecx, dword ptr [ecx+00] :004058D8 8A4603 mov al, byte ptr [esi+03] :004058DB 23D1 and edx, ecx :004058DD 884703 mov byte ptr [edi+03], al :004058E0 8A4602 mov al, byte ptr [esi+02] :004058E3 C1E902 shr ecx, 02 :004058E6 884702 mov byte ptr [edi+02], al :004058E9 83EE02 sub esi, 00000002 :004058EC 83EF02 sub edi, 00000002 :004058EF 83F908 cmp ecx, 00000008 :004058F2 728C jb 00405880 :004058F4 FD std :004058F5 F3 repz :004058F6 A5 movsd :004058F7 FC cld :004058F8 FF2495A0594000 jmp dword ptr [4*edx+004059A0] :004058FF 90 nop :00405900 8A4603 mov al, byte ptr [esi+03] :00405903 23D1 and edx, ecx :00405905 884703 mov byte ptr [edi+03], al :00405908 8A4602 mov al, byte ptr [esi+02] :0040590B 884702 mov byte ptr [edi+02], al :0040590E 8A4601 mov al, byte ptr [esi+01] :00405911 C1E902 shr ecx, 02 :00405914 884701 mov byte ptr [edi+01], al :00405917 83EE03 sub esi, 00000003 :0040591A 83EF03 sub edi, 00000003 :0040591D 83F908 cmp ecx, 00000008 :00405920 0F825AFFFFFF jb 00405880 :00405926 FD std :00405927 F3 repz :00405928 A5 movsd :00405929 FC cld :0040592A FF2495A0594000 jmp dword ptr [4*edx+004059A0] :00405931 8D4900 lea ecx, dword ptr [ecx+00] :00405934 54594000 DWORD 00405954 :00405938 5C594000 DWORD 0040595C :0040593C 64594000 DWORD 00405964 :00405940 6C594000 DWORD 0040596C :00405944 74594000 DWORD 00405974 :00405948 7C594000 DWORD 0040597C :0040594C 84594000 DWORD 00405984 :00405950 97594000 DWORD 00405997 :00405954 8B448E1C mov eax, dword ptr [esi+4*ecx+1C] :00405958 89448F1C mov dword ptr [edi+4*ecx+1C], eax :0040595C 8B448E18 mov eax, dword ptr [esi+4*ecx+18] :00405960 89448F18 mov dword ptr [edi+4*ecx+18], eax :00405964 8B448E14 mov eax, dword ptr [esi+4*ecx+14] :00405968 89448F14 mov dword ptr [edi+4*ecx+14], eax :0040596C 8B448E10 mov eax, dword ptr [esi+4*ecx+10] :00405970 89448F10 mov dword ptr [edi+4*ecx+10], eax :00405974 8B448E0C mov eax, dword ptr [esi+4*ecx+0C] :00405978 89448F0C mov dword ptr [edi+4*ecx+0C], eax :0040597C 8B448E08 mov eax, dword ptr [esi+4*ecx+08] :00405980 89448F08 mov dword ptr [edi+4*ecx+08], eax :00405984 8B448E04 mov eax, dword ptr [esi+4*ecx+04] :00405988 89448F04 mov dword ptr [edi+4*ecx+04], eax :0040598C 8D048D00000000 lea eax, dword ptr [4*ecx+00000000] :00405993 03F0 add esi, eax :00405995 03F8 add edi, eax :00405997 FF2495A0594000 jmp dword ptr [4*edx+004059A0] :0040599E 8BFF mov edi, edi :004059A0 B0594000 DWORD 004059B0 :004059A4 B8594000 DWORD 004059B8 :004059A8 C8594000 DWORD 004059C8 :004059AC DC594000 DWORD 004059DC :004059B0 8B4508 mov eax, dword ptr [ebp+08] :004059B3 5E pop esi :004059B4 5F pop edi :004059B5 C9 leave :004059B6 C3 ret :004059B7 90 nop :004059B8 8A4603 mov al, byte ptr [esi+03] :004059BB 884703 mov byte ptr [edi+03], al :004059BE 8B4508 mov eax, dword ptr [ebp+08] :004059C1 5E pop esi :004059C2 5F pop edi :004059C3 C9 leave :004059C4 C3 ret :004059C5 8D4900 lea ecx, dword ptr [ecx+00] :004059C8 8A4603 mov al, byte ptr [esi+03] :004059CB 884703 mov byte ptr [edi+03], al :004059CE 8A4602 mov al, byte ptr [esi+02] :004059D1 884702 mov byte ptr [edi+02], al :004059D4 8B4508 mov eax, dword ptr [ebp+08] :004059D7 5E pop esi :004059D8 5F pop edi :004059D9 C9 leave :004059DA C3 ret :004059DB 90 nop :004059DC 8A4603 mov al, byte ptr [esi+03] :004059DF 884703 mov byte ptr [edi+03], al :004059E2 8A4602 mov al, byte ptr [esi+02] :004059E5 884702 mov byte ptr [edi+02], al :004059E8 8A4601 mov al, byte ptr [esi+01] :004059EB 884701 mov byte ptr [edi+01], al :004059EE 8B4508 mov eax, dword ptr [ebp+08] :004059F1 5E pop esi :004059F2 5F pop edi :004059F3 C9 leave :004059F4 C3 ret :004059F5 CC int 03 :004059F6 CC int 03 :004059F7 CC int 03 :004059F8 CC int 03 :004059F9 CC int 03 :004059FA CC int 03 :004059FB CC int 03 :004059FC CC int 03 :004059FD CC int 03 :004059FE CC int 03 :004059FF CC int 03 * Referenced by a CALL at Addresses: |:00404EB6 , :00405566 , :0040561A | :00405A00 51 push ecx :00405A01 3D00100000 cmp eax, 00001000 :00405A06 8D4C2408 lea ecx, dword ptr [esp+08] :00405A0A 7214 jb 00405A20 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00405A1E(C) | :00405A0C 81E900100000 sub ecx, 00001000 :00405A12 2D00100000 sub eax, 00001000 :00405A17 8501 test dword ptr [ecx], eax :00405A19 3D00100000 cmp eax, 00001000 :00405A1E 73EC jnb 00405A0C * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00405A0A(C) | :00405A20 2BC8 sub ecx, eax :00405A22 8BC4 mov eax, esp :00405A24 8501 test dword ptr [ecx], eax :00405A26 8BE1 mov esp, ecx :00405A28 8B08 mov ecx, dword ptr [eax] :00405A2A 8B4004 mov eax, dword ptr [eax+04] :00405A2D 50 push eax :00405A2E C3 ret * Referenced by a CALL at Addresses: |:00404FDD , :00405382 , :0040543A , :00405B24 | :00405A2F 8B4C2404 mov ecx, dword ptr [esp+04] :00405A33 33D2 xor edx, edx :00405A35 890D54794000 mov dword ptr [00407954], ecx :00405A3B B8D0774000 mov eax, 004077D0 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00405A4D(C) | :00405A40 3B08 cmp ecx, dword ptr [eax] :00405A42 7420 je 00405A64 :00405A44 83C008 add eax, 00000008 :00405A47 42 inc edx :00405A48 3D38794000 cmp eax, 00407938 :00405A4D 7CF1 jl 00405A40 :00405A4F 83F913 cmp ecx, 00000013 :00405A52 721D jb 00405A71 :00405A54 83F924 cmp ecx, 00000024 :00405A57 7718 ja 00405A71 :00405A59 C705507940000D000000 mov dword ptr [00407950], 0000000D :00405A63 C3 ret * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00405A42(C) | :00405A64 8B04D5D4774000 mov eax, dword ptr [8*edx+004077D4] :00405A6B A350794000 mov dword ptr [00407950], eax :00405A70 C3 ret * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00405A52(C), :00405A57(C) | :00405A71 81F9BC000000 cmp ecx, 000000BC :00405A77 7212 jb 00405A8B :00405A79 81F9CA000000 cmp ecx, 000000CA :00405A7F C7055079400008000000 mov dword ptr [00407950], 00000008 :00405A89 760A jbe 00405A95 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00405A77(C) | :00405A8B C7055079400016000000 mov dword ptr [00407950], 00000016 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00405A89(C) | :00405A95 C3 ret * Referenced by a CALL at Address: |:0040519F | :00405A96 53 push ebx :00405A97 55 push ebp :00405A98 56 push esi :00405A99 57 push edi :00405A9A 8B7C2414 mov edi, dword ptr [esp+14] :00405A9E 3B3D407E4000 cmp edi, dword ptr [00407E40] :00405AA4 0F8386000000 jnb 00405B30 :00405AAA 8BC7 mov eax, edi :00405AAC 8BF7 mov esi, edi :00405AAE C1F805 sar eax, 05 :00405AB1 83E61F and esi, 0000001F :00405AB4 8D1C85407D4000 lea ebx, dword ptr [4*eax+00407D40] :00405ABB C1E603 shl esi, 03 :00405ABE 8B03 mov eax, dword ptr [ebx] :00405AC0 F644300401 test [eax+esi+04], 01 :00405AC5 7469 je 00405B30 :00405AC7 57 push edi :00405AC8 E821010000 call 00405BEE :00405ACD 83F8FF cmp eax, FFFFFFFF :00405AD0 59 pop ecx :00405AD1 743C je 00405B0F :00405AD3 83FF01 cmp edi, 00000001 :00405AD6 7405 je 00405ADD :00405AD8 83FF02 cmp edi, 00000002 :00405ADB 7516 jne 00405AF3 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00405AD6(C) | :00405ADD 6A02 push 00000002 :00405ADF E80A010000 call 00405BEE :00405AE4 6A01 push 00000001 :00405AE6 8BE8 mov ebp, eax :00405AE8 E801010000 call 00405BEE :00405AED 59 pop ecx :00405AEE 3BC5 cmp eax, ebp :00405AF0 59 pop ecx :00405AF1 741C je 00405B0F * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00405ADB(C) | :00405AF3 57 push edi :00405AF4 E8F5000000 call 00405BEE :00405AF9 59 pop ecx :00405AFA 50 push eax * Reference To: KERNEL32.CloseHandle, Ord:001Bh | :00405AFB FF159C604000 Call dword ptr [0040609C] :00405B01 85C0 test eax, eax :00405B03 750A jne 00405B0F * Reference To: KERNEL32.GetLastError, Ord:011Ah | :00405B05 FF1584604000 Call dword ptr [00406084] :00405B0B 8BE8 mov ebp, eax :00405B0D EB02 jmp 00405B11 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00405AD1(C), :00405AF1(C), :00405B03(C) | :00405B0F 33ED xor ebp, ebp * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00405B0D(U) | :00405B11 57 push edi :00405B12 E85D000000 call 00405B74 :00405B17 8B03 mov eax, dword ptr [ebx] :00405B19 59 pop ecx :00405B1A 8064300400 and byte ptr [eax+esi+04], 00 :00405B1F 85ED test ebp, ebp :00405B21 7409 je 00405B2C :00405B23 55 push ebp :00405B24 E806FFFFFF call 00405A2F :00405B29 59 pop ecx :00405B2A EB15 jmp 00405B41 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00405B21(C) | :00405B2C 33C0 xor eax, eax :00405B2E EB14 jmp 00405B44 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00405AA4(C), :00405AC5(C) | :00405B30 83255479400000 and dword ptr [00407954], 00000000 :00405B37 C7055079400009000000 mov dword ptr [00407950], 00000009 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00405B2A(U) | :00405B41 83C8FF or eax, FFFFFFFF * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00405B2E(U) | :00405B44 5F pop edi :00405B45 5E pop esi :00405B46 5D pop ebp :00405B47 5B pop ebx :00405B48 C3 ret * Referenced by a CALL at Address: |:00405197 | :00405B49 56 push esi :00405B4A 8B742408 mov esi, dword ptr [esp+08] :00405B4E 8B460C mov eax, dword ptr [esi+0C] :00405B51 A883 test al, 83 :00405B53 741D je 00405B72 :00405B55 A808 test al, 08 :00405B57 7419 je 00405B72 :00405B59 FF7608 push [esi+08] :00405B5C E859E0FFFF call 00403BBA :00405B61 6681660CF7FB and word ptr [esi+0C], FBF7 :00405B67 33C0 xor eax, eax :00405B69 59 pop ecx :00405B6A 8906 mov dword ptr [esi], eax :00405B6C 894608 mov dword ptr [esi+08], eax :00405B6F 894604 mov dword ptr [esi+04], eax * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00405B53(C), :00405B57(C) | :00405B72 5E pop esi :00405B73 C3 ret * Referenced by a CALL at Address: |:00405B12 | :00405B74 8B4C2404 mov ecx, dword ptr [esp+04] :00405B78 56 push esi :00405B79 3B0D407E4000 cmp ecx, dword ptr [00407E40] :00405B7F 57 push edi :00405B80 7355 jnb 00405BD7 :00405B82 8BC1 mov eax, ecx :00405B84 8BF1 mov esi, ecx :00405B86 C1F805 sar eax, 05 :00405B89 83E61F and esi, 0000001F :00405B8C 8D3C85407D4000 lea edi, dword ptr [4*eax+00407D40] :00405B93 C1E603 shl esi, 03 :00405B96 8B07 mov eax, dword ptr [edi] :00405B98 03C6 add eax, esi :00405B9A F6400401 test [eax+04], 01 :00405B9E 7437 je 00405BD7 :00405BA0 8338FF cmp dword ptr [eax], FFFFFFFF :00405BA3 7432 je 00405BD7 :00405BA5 833DB470400001 cmp dword ptr [004070B4], 00000001 :00405BAC 751F jne 00405BCD :00405BAE 33C0 xor eax, eax :00405BB0 2BC8 sub ecx, eax :00405BB2 7410 je 00405BC4 :00405BB4 49 dec ecx :00405BB5 7408 je 00405BBF :00405BB7 49 dec ecx :00405BB8 7513 jne 00405BCD :00405BBA 50 push eax :00405BBB 6AF4 push FFFFFFF4 :00405BBD EB08 jmp 00405BC7 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00405BB5(C) | :00405BBF 50 push eax :00405BC0 6AF5 push FFFFFFF5 :00405BC2 EB03 jmp 00405BC7 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00405BB2(C) | :00405BC4 50 push eax :00405BC5 6AF6 push FFFFFFF6 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00405BBD(U), :00405BC2(U) | * Reference To: KERNEL32.SetStdHandle, Ord:027Ch | :00405BC7 FF15A0604000 Call dword ptr [004060A0] * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00405BAC(C), :00405BB8(C) | :00405BCD 8B07 mov eax, dword ptr [edi] :00405BCF 830C30FF or dword ptr [eax+esi], FFFFFFFF :00405BD3 33C0 xor eax, eax :00405BD5 EB14 jmp 00405BEB * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00405B80(C), :00405B9E(C), :00405BA3(C) | :00405BD7 83255479400000 and dword ptr [00407954], 00000000 :00405BDE C7055079400009000000 mov dword ptr [00407950], 00000009 :00405BE8 83C8FF or eax, FFFFFFFF * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00405BD5(U) | :00405BEB 5F pop edi :00405BEC 5E pop esi :00405BED C3 ret * Referenced by a CALL at Addresses: |:004051F0 , :004053FC , :00405AC8 , :00405ADF , :00405AE8 |:00405AF4 | :00405BEE 8B442404 mov eax, dword ptr [esp+04] :00405BF2 3B05407E4000 cmp eax, dword ptr [00407E40] :00405BF8 731C jnb 00405C16 :00405BFA 8BC8 mov ecx, eax :00405BFC 83E01F and eax, 0000001F :00405BFF C1F905 sar ecx, 05 :00405C02 8B0C8D407D4000 mov ecx, dword ptr [4*ecx+00407D40] :00405C09 F644C10401 test [ecx+8*eax+04], 01 :00405C0E 8D04C1 lea eax, dword ptr [ecx+8*eax] :00405C11 7403 je 00405C16 :00405C13 8B00 mov eax, dword ptr [eax] :00405C15 C3 ret * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00405BF8(C), :00405C11(C) | :00405C16 83255479400000 and dword ptr [00407954], 00000000 :00405C1D C7055079400009000000 mov dword ptr [00407950], 00000009 :00405C27 83C8FF or eax, FFFFFFFF :00405C2A C3 ret :00405C2B CC int 03 * Reference To: KERNEL32.RtlUnwind, Ord:022Fh | :00405C2C FF2550604000 Jmp dword ptr [00406050] :00405C32 00000000000000000000 BYTE 10 DUP(0) :00405C3C 00000000000000000000 BYTE 10 DUP(0) :00405C46 00000000000000000000 BYTE 10 DUP(0) :00405C50 00000000000000000000 BYTE 10 DUP(0) :00405C5A 00000000000000000000 BYTE 10 DUP(0) :00405C64 00000000000000000000 BYTE 10 DUP(0) :00405C6E 00000000000000000000 BYTE 10 DUP(0) :00405C78 00000000000000000000 BYTE 10 DUP(0) :00405C82 00000000000000000000 BYTE 10 DUP(0) :00405C8C 00000000000000000000 BYTE 10 DUP(0) :00405C96 00000000000000000000 BYTE 10 DUP(0) :00405CA0 00000000000000000000 BYTE 10 DUP(0) :00405CAA 00000000000000000000 BYTE 10 DUP(0) :00405CB4 00000000000000000000 BYTE 10 DUP(0) :00405CBE 00000000000000000000 BYTE 10 DUP(0) :00405CC8 00000000000000000000 BYTE 10 DUP(0) :00405CD2 00000000000000000000 BYTE 10 DUP(0) :00405CDC 00000000000000000000 BYTE 10 DUP(0) :00405CE6 00000000000000000000 BYTE 10 DUP(0) :00405CF0 00000000000000000000 BYTE 10 DUP(0) :00405CFA 00000000000000000000 BYTE 10 DUP(0) :00405D04 00000000000000000000 BYTE 10 DUP(0) :00405D0E 00000000000000000000 BYTE 10 DUP(0) :00405D18 00000000000000000000 BYTE 10 DUP(0) :00405D22 00000000000000000000 BYTE 10 DUP(0) :00405D2C 00000000000000000000 BYTE 10 DUP(0) :00405D36 00000000000000000000 BYTE 10 DUP(0) :00405D40 00000000000000000000 BYTE 10 DUP(0) :00405D4A 00000000000000000000 BYTE 10 DUP(0) :00405D54 00000000000000000000 BYTE 10 DUP(0) :00405D5E 00000000000000000000 BYTE 10 DUP(0) :00405D68 00000000000000000000 BYTE 10 DUP(0) :00405D72 00000000000000000000 BYTE 10 DUP(0) :00405D7C 00000000000000000000 BYTE 10 DUP(0) :00405D86 00000000000000000000 BYTE 10 DUP(0) :00405D90 00000000000000000000 BYTE 10 DUP(0) :00405D9A 00000000000000000000 BYTE 10 DUP(0) :00405DA4 00000000000000000000 BYTE 10 DUP(0) :00405DAE 00000000000000000000 BYTE 10 DUP(0) :00405DB8 00000000000000000000 BYTE 10 DUP(0) :00405DC2 00000000000000000000 BYTE 10 DUP(0) :00405DCC 00000000000000000000 BYTE 10 DUP(0) :00405DD6 00000000000000000000 BYTE 10 DUP(0) :00405DE0 00000000000000000000 BYTE 10 DUP(0) :00405DEA 00000000000000000000 BYTE 10 DUP(0) :00405DF4 00000000000000000000 BYTE 10 DUP(0) :00405DFE 00000000000000000000 BYTE 10 DUP(0) :00405E08 00000000000000000000 BYTE 10 DUP(0) :00405E12 00000000000000000000 BYTE 10 DUP(0) :00405E1C 00000000000000000000 BYTE 10 DUP(0) :00405E26 00000000000000000000 BYTE 10 DUP(0) :00405E30 00000000000000000000 BYTE 10 DUP(0) :00405E3A 00000000000000000000 BYTE 10 DUP(0) :00405E44 00000000000000000000 BYTE 10 DUP(0) :00405E4E 00000000000000000000 BYTE 10 DUP(0) :00405E58 00000000000000000000 BYTE 10 DUP(0) :00405E62 00000000000000000000 BYTE 10 DUP(0) :00405E6C 00000000000000000000 BYTE 10 DUP(0) :00405E76 00000000000000000000 BYTE 10 DUP(0) :00405E80 00000000000000000000 BYTE 10 DUP(0) :00405E8A 00000000000000000000 BYTE 10 DUP(0) :00405E94 00000000000000000000 BYTE 10 DUP(0) :00405E9E 00000000000000000000 BYTE 10 DUP(0) :00405EA8 00000000000000000000 BYTE 10 DUP(0) :00405EB2 00000000000000000000 BYTE 10 DUP(0) :00405EBC 00000000000000000000 BYTE 10 DUP(0) :00405EC6 00000000000000000000 BYTE 10 DUP(0) :00405ED0 00000000000000000000 BYTE 10 DUP(0) :00405EDA 00000000000000000000 BYTE 10 DUP(0) :00405EE4 00000000000000000000 BYTE 10 DUP(0) :00405EEE 00000000000000000000 BYTE 10 DUP(0) :00405EF8 00000000000000000000 BYTE 10 DUP(0) :00405F02 00000000000000000000 BYTE 10 DUP(0) :00405F0C 00000000000000000000 BYTE 10 DUP(0) :00405F16 00000000000000000000 BYTE 10 DUP(0) :00405F20 00000000000000000000 BYTE 10 DUP(0) :00405F2A 00000000000000000000 BYTE 10 DUP(0) :00405F34 00000000000000000000 BYTE 10 DUP(0) :00405F3E 00000000000000000000 BYTE 10 DUP(0) :00405F48 00000000000000000000 BYTE 10 DUP(0) :00405F52 00000000000000000000 BYTE 10 DUP(0) :00405F5C 00000000000000000000 BYTE 10 DUP(0) :00405F66 00000000000000000000 BYTE 10 DUP(0) :00405F70 00000000000000000000 BYTE 10 DUP(0) :00405F7A 00000000000000000000 BYTE 10 DUP(0) :00405F84 00000000000000000000 BYTE 10 DUP(0) :00405F8E 00000000000000000000 BYTE 10 DUP(0) :00405F98 00000000000000000000 BYTE 10 DUP(0) :00405FA2 00000000000000000000 BYTE 10 DUP(0) :00405FAC 00000000000000000000 BYTE 10 DUP(0) :00405FB6 00000000000000000000 BYTE 10 DUP(0) :00405FC0 00000000000000000000 BYTE 10 DUP(0) :00405FCA 00000000000000000000 BYTE 10 DUP(0) :00405FD4 00000000000000000000 BYTE 10 DUP(0) :00405FDE 00000000000000000000 BYTE 10 DUP(0) :00405FE8 00000000000000000000 BYTE 10 DUP(0) :00405FF2 00000000000000000000 BYTE 10 DUP(0) :00405FFC 00000000586500006A65 BYTE 10 DUP(0) :FFFFFFFF End Of Listing