Humand Badge 24 Firmware

1. Human Badge 24 Firmware dump. - Xcepti0n
2.  
3. seg000:00000000
4. seg000:00000000 ; ===========================================================================
5. seg000:00000000
6. seg000:00000000 ; Segment type: Pure code
7. seg000:00000000 seg000 segment byte public 'CODE' use32
8. seg000:00000000 assume cs:seg000
9. seg000:00000000 assume es:nothing, ss:nothing, ds:nothing, fs:nothing, gs:nothing
10. seg000:00000000 mov edx, 2802A0h
11. seg000:00000005 mov ecx, 280360h
12. seg000:0000000A push edi
13. seg000:0000000B xor eax, eax
14. seg000:0000000D mov edi, edx
15. seg000:0000000F sub ecx, 2802A0h
16. seg000:00000015 push esi
17. seg000:00000016 mov esi, 181592h
18. seg000:0000001B rep stosb
19. seg000:0000001D mov eax, 2801A0h
20. seg000:00000022 mov ecx, 0E8h ; 'Þ'
21. seg000:00000027 mov edi, eax
22. seg000:00000029 mov eax, 1106h
23. seg000:0000002E rep movsb
24. seg000:00000030 call sub_B3D
25. seg000:00000035 pop esi
26. seg000:00000036 pop edi
27. seg000:00000037 jmp loc_5CA
28. seg000:0000003C ; ---------------------------------------------------------------------------
29. seg000:0000003C xor eax, eax
30. seg000:0000003E mov edx, 9
31. seg000:00000043 cmp dword ptr ds:2802C4h, 1
32. seg000:0000004A jnz short loc_62
33. seg000:0000004C call sub_FE7
34. seg000:00000051 mov dword ptr ds:2802C4h, 0
35. seg000:0000005B mov eax, ds:2802B0h
36. seg000:00000060 jmp short loc_76
37. seg000:00000062 ; ---------------------------------------------------------------------------
38. seg000:00000062
39. seg000:00000062 loc_62: ; CODE XREF: seg000:0000004Aj
40. seg000:00000062 call sub_FCA
41. seg000:00000067 mov dword ptr ds:2802C4h, 1
42. seg000:00000071 mov eax, ds:2802B4h
43. seg000:00000076
44. seg000:00000076 loc_76: ; CODE XREF: seg000:00000060j
45. seg000:00000076 test eax, eax
46. seg000:00000078 jnz short loc_7F
47. seg000:0000007A mov eax, 1
48. seg000:0000007F
49. seg000:0000007F loc_7F: ; CODE XREF: seg000:00000078j
50. seg000:0000007F mov edx, ds:0B0000400h
51. seg000:00000085 add edx, eax
52. seg000:00000087 xor eax, eax
53. seg000:00000089 jmp sub_10F4
54. seg000:0000008E ; ---------------------------------------------------------------------------
55. seg000:0000008E ; START OF FUNCTION CHUNK FOR sub_10F
56. seg000:0000008E
57. seg000:0000008E loc_8E: ; CODE XREF: sub_10F+45j
58. seg000:0000008E mov ecx, ds:2801E8h
59. seg000:00000094 push esi
60. seg000:00000095 cmp ecx, ds:2802C0h
61. seg000:0000009B push ebx
62. seg000:0000009C mov ebx, ds:2801ECh
63. seg000:000000A2 jnz short loc_AC
64. seg000:000000A4 cmp ebx, ds:2802BCh
65. seg000:000000AA jz short loc_10C
66. seg000:000000AC
67. seg000:000000AC loc_AC: ; CODE XREF: sub_10F-6Dj
68. seg000:000000AC mov ds:2802C0h, ecx
69. seg000:000000B2 mov ds:2802BCh, ebx
70. seg000:000000B8 test ecx, ecx
71. seg000:000000BA jz short loc_CE
72. seg000:000000BC mov eax, ecx
73. seg000:000000BE mov esi, 64h ; 'd'
74. seg000:000000C3 imul eax, ebx
75. seg000:000000C6 cdq
76. seg000:000000C7 idiv esi
77. seg000:000000C9 mov ds:2802B8h, eax
78. seg000:000000CE
79. seg000:000000CE loc_CE: ; CODE XREF: sub_10F-55j
80. seg000:000000CE mov eax, ecx
81. seg000:000000D0 mov esi, 64h ; 'd'
82. seg000:000000D5 imul eax, ebx
83. seg000:000000D8 cdq
84. seg000:000000D9 idiv esi
85. seg000:000000DB test eax, eax
86. seg000:000000DD jle short loc_E6
87. seg000:000000DF mov ds:2802B4h, eax
88. seg000:000000E4 jmp short loc_F0
89. seg000:000000E6 ; ---------------------------------------------------------------------------
90. seg000:000000E6
91. seg000:000000E6 loc_E6: ; CODE XREF: sub_10F-32j
92. seg000:000000E6 mov dword ptr ds:2802B4h, 1
93. seg000:000000F0
94. seg000:000000F0 loc_F0: ; CODE XREF: sub_10F-2Bj
95. seg000:000000F0 sub ebx, ds:2802B4h
96. seg000:000000F6 test ebx, ebx
97. seg000:000000F8 jle short loc_102
98. seg000:000000FA mov ds:2802B0h, ebx
99. seg000:00000100 jmp short loc_10C
100. seg000:00000102 ; ---------------------------------------------------------------------------
101. seg000:00000102
102. seg000:00000102 loc_102: ; CODE XREF: sub_10F-17j
103. seg000:00000102 mov dword ptr ds:2802B0h, 1
104. seg000:0000010C
105. seg000:0000010C loc_10C: ; CODE XREF: sub_10F-65j
106. seg000:0000010C ; sub_10F-Fj
107. seg000:0000010C pop ebx
108. seg000:0000010D pop esi
109. seg000:0000010E retn
110. seg000:0000010E ; END OF FUNCTION CHUNK FOR sub_10F
111. seg000:0000010F
112. seg000:0000010F ; =============== S U B R O U T I N E =======================================
113. seg000:0000010F
114. seg000:0000010F
115. seg000:0000010F sub_10F proc near ; CODE XREF: sub_410+5Dp
116. seg000:0000010F ; sub_763-14p ...
117. seg000:0000010F
118. seg000:0000010F ; FUNCTION CHUNK AT seg000:0000008E SIZE 00000081 BYTES
119. seg000:0000010F
120. seg000:0000010F push ebx
121. seg000:00000110 mov ds:2801E8h, eax
122. seg000:00000115 mov ebx, eax
123. seg000:00000117 cmp eax, 64h ; 'd'
124. seg000:0000011A jle short loc_132
125. seg000:0000011C push 181162h
126. seg000:00000121 call sub_A37
127. seg000:00000126 mov dword ptr ds:2801E8h, 64h ; 'd'
128. seg000:00000130 jmp short loc_14A
129. seg000:00000132 ; ---------------------------------------------------------------------------
130. seg000:00000132
131. seg000:00000132 loc_132: ; CODE XREF: sub_10F+Bj
132. seg000:00000132 test eax, eax
133. seg000:00000134 jns short loc_14B
134. seg000:00000136 push 18117Fh
135. seg000:0000013B call sub_A37
136. seg000:00000140 mov dword ptr ds:2801E8h, 0
137. seg000:0000014A
138. seg000:0000014A loc_14A: ; CODE XREF: sub_10F+21j
139. seg000:0000014A pop eax
140. seg000:0000014B
141. seg000:0000014B loc_14B: ; CODE XREF: sub_10F+25j
142. seg000:0000014B mov eax, ebx
143. seg000:0000014D mov edx, ds:2801ECh
144. seg000:00000153 pop ebx
145. seg000:00000154 jmp loc_8E
146. seg000:00000154 sub_10F endp
147. seg000:00000154
148. seg000:00000159
149. seg000:00000159 ; =============== S U B R O U T I N E =======================================
150. seg000:00000159
151. seg000:00000159
152. seg000:00000159 sub_159 proc near ; CODE XREF: seg000:000006B0p
153. seg000:00000159 mov eax, ds:2801E8h
154. seg000:0000015E mov ds:2802ACh, eax
155. seg000:00000163 mov eax, ds:2801ECh
156. seg000:00000168 mov ds:2802A8h, eax
157. seg000:0000016D retn
158. seg000:0000016D sub_159 endp
159. seg000:0000016D
160. seg000:0000016E
161. seg000:0000016E ; =============== S U B R O U T I N E =======================================
162. seg000:0000016E
163. seg000:0000016E
164. seg000:0000016E sub_16E proc near ; CODE XREF: sub_226j
165. seg000:0000016E ; seg000:000005F6p
166. seg000:0000016E
167. seg000:0000016E var_18 = dword ptr -18h
168. seg000:0000016E var_14 = byte ptr -14h
169. seg000:0000016E var_10 = dword ptr -10h
170. seg000:0000016E var_C = dword ptr -0Ch
171. seg000:0000016E var_8 = dword ptr -8
172. seg000:0000016E
173. seg000:0000016E push ebx
174. seg000:0000016F xor edx, edx
175. seg000:00000171 sub esp, 14h
176. seg000:00000174 mov eax, 9
177. seg000:00000179 call sub_DC7
178. seg000:0000017E mov edx, 280340h
179. seg000:00000183 xor eax, eax
180. seg000:00000185 mov ebx, 64h ; 'd'
181. seg000:0000018A or dword ptr ds:280340h, 200h
182. seg000:00000194 call sub_F78
183. seg000:00000199 mov ecx, ds:2801ECh
184. seg000:0000019F mov eax, ds:2801E8h
185. seg000:000001A4 mov [esp+18h+var_10], ecx
186. seg000:000001A8 mov ds:2802C0h, eax
187. seg000:000001AD mov ds:2802BCh, ecx
188. seg000:000001B3 imul eax, ecx
189. seg000:000001B6 cdq
190. seg000:000001B7 idiv ebx
191. seg000:000001B9 mov ds:2802B8h, eax
192. seg000:000001BE mov edx, 181087h
193. seg000:000001C3 mov eax, 22h ; '"'
194. seg000:000001C8 mov [esp+18h+var_18], 0
195. seg000:000001CF mov [esp+18h+var_14], 1
196. seg000:000001D4 mov [esp+18h+var_C], 18003Ch
197. seg000:000001DC mov [esp+18h+var_8], 0
198. seg000:000001E4 call sub_EE3
199. seg000:000001E9 mov edx, 0Ch
200. seg000:000001EE mov eax, 2
201. seg000:000001F3 call sub_E88
202. seg000:000001F8 mov eax, 802h
203. seg000:000001FD call sub_BBD
204. seg000:00000202 mov edx, esp
205. seg000:00000204 xor eax, eax
206. seg000:00000206 call sub_110F
207. seg000:0000020B add esp, 14h
208. seg000:0000020E pop ebx
209. seg000:0000020F retn
210. seg000:0000020F sub_16E endp
211. seg000:0000020F
212. seg000:00000210
213. seg000:00000210 ; =============== S U B R O U T I N E =======================================
214. seg000:00000210
215. seg000:00000210
216. seg000:00000210 sub_210 proc near ; CODE XREF: sub_410+2Cp
217. seg000:00000210 ; seg000:000006B5p
218. seg000:00000210
219. seg000:00000210 ; FUNCTION CHUNK AT seg000:00000BCD SIZE 00000012 BYTES
220. seg000:00000210
221. seg000:00000210 mov edx, 9
222. seg000:00000215 xor eax, eax
223. seg000:00000217 call sub_FE7
224. seg000:0000021C mov eax, 802h
225. seg000:00000221 jmp loc_BCD
226. seg000:00000221 sub_210 endp
227. seg000:00000221
228. seg000:00000226
229. seg000:00000226 ; =============== S U B R O U T I N E =======================================
230. seg000:00000226
231. seg000:00000226 ; Attributes: thunk
232. seg000:00000226
233. seg000:00000226 sub_226 proc near ; CODE XREF: sub_410+62p
234. seg000:00000226 ; seg000:000006D5p ...
235. seg000:00000226 jmp sub_16E
236. seg000:00000226 sub_226 endp
237. seg000:00000226
238. seg000:0000022B ; ---------------------------------------------------------------------------
239. seg000:0000022B push esi
240. seg000:0000022C mov esi, edx
241. seg000:0000022E push ebx
242. seg000:0000022F xor ebx, ebx
243. seg000:00000231 cmp dword ptr ds:28031Ch, 1
244. seg000:00000238 jnz short loc_252
245. seg000:0000023A xor edx, edx
246. seg000:0000023C xor eax, eax
247. seg000:0000023E call sub_C58
248. seg000:00000243 mov eax, 1106h
249. seg000:00000248 call sub_B3D
250. seg000:0000024D mov ebx, 1
251. seg000:00000252
252. seg000:00000252 loc_252: ; CODE XREF: seg000:00000238j
253. seg000:00000252 or edx, 0FFFFFFFFh
254. seg000:00000255
255. seg000:00000255 loc_255: ; CODE XREF: seg000:0000025Cj
256. seg000:00000255 test esi, esi
257. seg000:00000257 jz short loc_25E
258. seg000:00000259 shr esi, 1
259. seg000:0000025B inc edx
260. seg000:0000025C jmp short loc_255
261. seg000:0000025E ; ---------------------------------------------------------------------------
262. seg000:0000025E
263. seg000:0000025E loc_25E: ; CODE XREF: seg000:00000257j
264. seg000:0000025E mov eax, ds:2801F0h
265. seg000:00000263 inc eax
266. seg000:00000264 cmp edx, ds:280200h[eax*4]
267. seg000:0000026B jnz short loc_274
268. seg000:0000026D mov ds:2801F0h, eax
269. seg000:00000272 jmp short loc_27E
270. seg000:00000274 ; ---------------------------------------------------------------------------
271. seg000:00000274
272. seg000:00000274 loc_274: ; CODE XREF: seg000:0000026Bj
273. seg000:00000274 mov dword ptr ds:2801F0h, 0FFFFFFFFh
274. seg000:0000027E
275. seg000:0000027E loc_27E: ; CODE XREF: seg000:00000272j
276. seg000:0000027E mov eax, ds:2801F4h
277. seg000:00000283 dec eax
278. seg000:00000284 cmp eax, ds:2801F0h
279. seg000:0000028A jnz loc_339
280. seg000:00000290 push 1811D8h
281. seg000:00000295 call sub_A37
282. seg000:0000029A xor eax, eax
283. seg000:0000029C mov dword ptr ds:2802A4h, 1
284. seg000:000002A6 mov dword ptr ds:2801F0h, 0FFFFFFFFh
285. seg000:000002B0 call sub_6E0
286. seg000:000002B5 mov eax, 1
287. seg000:000002BA mov esi, 0Ah
288. seg000:000002BF call sub_6E0
289. seg000:000002C4 call sub_BDF
290. seg000:000002C9 xor edx, edx
291. seg000:000002CB imul eax, 0F4240h
292. seg000:000002D1 div esi
293. seg000:000002D3 call sub_BE5
294. seg000:000002D8 xor eax, eax
295. seg000:000002DA call sub_6FC
296. seg000:000002DF mov eax, 1
297. seg000:000002E4 call sub_6FC
298. seg000:000002E9 call sub_BDF
299. seg000:000002EE mov ecx, 14h
300. seg000:000002F3 imul eax, 0F4240h
301. seg000:000002F9 xor edx, edx
302. seg000:000002FB div ecx
303. seg000:000002FD call sub_BE5
304. seg000:00000302 xor eax, eax
305. seg000:00000304 call sub_6E0
306. seg000:00000309 mov eax, 1
307. seg000:0000030E call sub_6E0
308. seg000:00000313 call sub_BDF
309. seg000:00000318 xor edx, edx
310. seg000:0000031A imul eax, 0F4240h
311. seg000:00000320 div esi
312. seg000:00000322 call sub_BE5
313. seg000:00000327 xor eax, eax
314. seg000:00000329 call sub_6FC
315. seg000:0000032E mov eax, 1
316. seg000:00000333 call sub_6FC
317. seg000:00000338 pop edx
318. seg000:00000339
319. seg000:00000339 loc_339: ; CODE XREF: seg000:0000028Aj
320. seg000:00000339 push 181256h
321. seg000:0000033E call sub_A37
322. seg000:00000343 pop eax
323. seg000:00000344 dec ebx
324. seg000:00000345 jnz short loc_358
325. seg000:00000347 mov edx, 3
326. seg000:0000034C mov eax, 3
327. seg000:00000351 pop ebx
328. seg000:00000352 pop esi
329. seg000:00000353 jmp sub_C58
330. seg000:00000358 ; ---------------------------------------------------------------------------
331. seg000:00000358
332. seg000:00000358 loc_358: ; CODE XREF: seg000:00000345j
333. seg000:00000358 pop ebx
334. seg000:00000359 pop esi
335. seg000:0000035A retn
336. seg000:0000035B
337. seg000:0000035B ; =============== S U B R O U T I N E =======================================
338. seg000:0000035B
339. seg000:0000035B
340. seg000:0000035B sub_35B proc near ; CODE XREF: seg000:000005F1p
341. seg000:0000035B push esi
342. seg000:0000035C xor esi, esi
343. seg000:0000035E push ebx
344. seg000:0000035F
345. seg000:0000035F loc_35F: ; CODE XREF: sub_35B+A2j
346. seg000:0000035F cmp esi, ds:280228h
347. seg000:00000365 jge loc_402
348. seg000:0000036B mov ebx, ds:280240h[esi*4]
349. seg000:00000372 mov edx, 1
350. seg000:00000377 mov eax, ebx
351. seg000:00000379 inc esi
352. seg000:0000037A call sub_E26
353. seg000:0000037F xor edx, edx
354. seg000:00000381 mov eax, ebx
355. seg000:00000383 call sub_DC7
356. seg000:00000388 mov edx, 1
357. seg000:0000038D mov eax, ebx
358. seg000:0000038F call sub_DFA
359. seg000:00000394 mov cl, bl
360. seg000:00000396 mov eax, 1
361. seg000:0000039B mov edx, 180F06h
362. seg000:000003A0 shl eax, cl
363. seg000:000003A2 or ds:280344h, eax
364. seg000:000003A8 mov dword ptr ds:280354h, 0
365. seg000:000003B2 or ds:280348h, eax
366. seg000:000003B8 mov dword ptr ds:280358h, 18022Bh
367. seg000:000003C2 or ds:28034Ch, eax
368. seg000:000003C8 mov dword ptr ds:28035Ch, 0
369. seg000:000003D2 or ds:280350h, eax
370. seg000:000003D8 mov eax, 2Fh ; '/'
371. seg000:000003DD call sub_EE3
372. seg000:000003E2 mov edx, 9
373. seg000:000003E7 mov eax, 0Fh
374. seg000:000003EC call sub_E88
375. seg000:000003F1 mov edx, 1
376. seg000:000003F6 mov eax, ebx
377. seg000:000003F8 call sub_E26
378. seg000:000003FD jmp loc_35F
379. seg000:00000402 ; ---------------------------------------------------------------------------
380. seg000:00000402
381. seg000:00000402 loc_402: ; CODE XREF: sub_35B+Aj
382. seg000:00000402 mov edx, 280340h
383. seg000:00000407 xor eax, eax
384. seg000:00000409 pop ebx
385. seg000:0000040A pop esi
386. seg000:0000040B jmp sub_F78
387. seg000:0000040B sub_35B endp
388. seg000:0000040B
389. seg000:00000410
390. seg000:00000410 ; =============== S U B R O U T I N E =======================================
391. seg000:00000410
392. seg000:00000410
393. seg000:00000410 sub_410 proc near ; CODE XREF: seg000:00000605p
394. seg000:00000410 push esi
395. seg000:00000411 push ebx
396. seg000:00000412 push 1811F3h
397. seg000:00000417 call sub_A37
398. seg000:0000041C push 1811F8h
399. seg000:00000421 call sub_A37
400. seg000:00000426 push 181216h
401. seg000:0000042B call sub_A37
402. seg000:00000430 push 181241h
403. seg000:00000435 xor ebx, ebx
404. seg000:00000437 call sub_A37
405. seg000:0000043C call sub_210
406. seg000:00000441 add esp, 10h
407. seg000:00000444
408. seg000:00000444 loc_444: ; CODE XREF: sub_410+54j
409. seg000:00000444 cmp ebx, ds:280260h
410. seg000:0000044A jge short loc_466
411. seg000:0000044C mov eax, ds:280264h[ebx*4]
412. seg000:00000453 mov dword ptr ds:280320h[ebx*4], 1
413. seg000:0000045E call sub_6FC
414. seg000:00000463 inc ebx
415. seg000:00000464 jmp short loc_444
416. seg000:00000466 ; ---------------------------------------------------------------------------
417. seg000:00000466
418. seg000:00000466 loc_466: ; CODE XREF: sub_410+3Aj
419. seg000:00000466 mov eax, 1Eh
420. seg000:0000046B xor ebx, ebx
421. seg000:0000046D call sub_10F
422. seg000:00000472 call sub_226
423. seg000:00000477
424. seg000:00000477 loc_477: ; CODE XREF: sub_410+E7j
425. seg000:00000477 cmp ebx, ds:280260h
426. seg000:0000047D jge short loc_4FC
427. seg000:0000047F mov eax, ebx
428. seg000:00000481 mov esi, 50h ; 'P'
429. seg000:00000486 call sub_6E0
430. seg000:0000048B call sub_BDF
431. seg000:00000490 xor edx, edx
432. seg000:00000492 imul eax, 0F4240h
433. seg000:00000498 div esi
434. seg000:0000049A call sub_BE5
435. seg000:0000049F push 181252h
436. seg000:000004A4 call sub_A37
437. seg000:000004A9 mov eax, ebx
438. seg000:000004AB call sub_6FC
439. seg000:000004B0 call sub_BDF
440. seg000:000004B5 xor edx, edx
441. seg000:000004B7 imul eax, 0F4240h
442. seg000:000004BD div esi
443. seg000:000004BF call sub_BE5
444. seg000:000004C4 push 181252h
445. seg000:000004C9 call sub_A37
446. seg000:000004CE mov eax, ebx
447. seg000:000004D0 call sub_6E0
448. seg000:000004D5 inc ebx
449. seg000:000004D6 call sub_BDF
450. seg000:000004DB xor edx, edx
451. seg000:000004DD imul eax, 0F4240h
452. seg000:000004E3 div esi
453. seg000:000004E5 call sub_BE5
454. seg000:000004EA push 181252h
455. seg000:000004EF call sub_A37
456. seg000:000004F4 add esp, 0Ch
457. seg000:000004F7 jmp loc_477
458. seg000:000004FC ; ---------------------------------------------------------------------------
459. seg000:000004FC
460. seg000:000004FC loc_4FC: ; CODE XREF: sub_410+6Dj
461. seg000:000004FC push 181258h
462. seg000:00000501 call sub_A37
463. seg000:00000506 push 181254h
464. seg000:0000050B call sub_A37
465. seg000:00000510 push 18125Bh
466. seg000:00000515 call sub_A37
467. seg000:0000051A push 181279h
468. seg000:0000051F call sub_A37
469. seg000:00000524 push 1812A6h
470. seg000:00000529 call sub_A37
471. seg000:0000052E push 181254h
472. seg000:00000533 call sub_A37
473. seg000:00000538 push 1812CEh
474. seg000:0000053D call sub_A37
475. seg000:00000542 push 18131Ch
476. seg000:00000547 call sub_A37
477. seg000:0000054C add esp, 20h
478. seg000:0000054F push 18133Dh
479. seg000:00000554 call sub_A37
480. seg000:00000559 push 181359h
481. seg000:0000055E call sub_A37
482. seg000:00000563 call sub_BDF
483. seg000:00000568 pop edx
484. seg000:00000569 imul eax, 0F4240h
485. seg000:0000056F pop ecx
486. seg000:00000570 xor edx, edx
487. seg000:00000572 mov ecx, 28h ; '('
488. seg000:00000577 pop ebx
489. seg000:00000578 div ecx
490. seg000:0000057A pop esi
491. seg000:0000057B jmp sub_BE5
492. seg000:0000057B sub_410 endp
493. seg000:0000057B
494. seg000:00000580
495. seg000:00000580 ; =============== S U B R O U T I N E =======================================
496. seg000:00000580
497. seg000:00000580
498. seg000:00000580 sub_580 proc near ; CODE XREF: sub_580+3Ep
499. seg000:00000580 ; seg000:00000640p ...
500. seg000:00000580 push ebx
501. seg000:00000581 mov ebx, 0Bh
502. seg000:00000586 mov edx, ds:0B0000400h
503. seg000:0000058C mov eax, ds:0B0000400h
504. seg000:00000591 imul eax, ds:2801A0h
505. seg000:00000598 imul ecx, eax, 3201045h
506. seg000:0000059E imul eax, edx, 7
507. seg000:000005A1 xor edx, edx
508. seg000:000005A3 div ebx
509. seg000:000005A5 mov eax, ecx
510. seg000:000005A7 imul eax, edx
511. seg000:000005AA test eax, eax
512. seg000:000005AC jnz short loc_5C3
513. seg000:000005AE mov eax, ds:2802A0h
514. seg000:000005B3 inc eax
515. seg000:000005B4 mov ds:2802A0h, eax
516. seg000:000005B9 mov ds:2801A0h, eax
517. seg000:000005BE call sub_580
518. seg000:000005C3
519. seg000:000005C3 loc_5C3: ; CODE XREF: sub_580+2Cj
520. seg000:000005C3 mov ds:2801A0h, eax
521. seg000:000005C8 pop ebx
522. seg000:000005C9 retn
523. seg000:000005C9 sub_580 endp
524. seg000:000005C9
525. seg000:000005CA ; ---------------------------------------------------------------------------
526. seg000:000005CA
527. seg000:000005CA loc_5CA: ; CODE XREF: seg000:00000037j
528. seg000:000005CA push esi
529. seg000:000005CB push ebx
530. seg000:000005CC push 1811F3h
531. seg000:000005D1 call sub_A37
532. seg000:000005D6 push 181375h
533. seg000:000005DB call sub_A37
534. seg000:000005E0 push 31h ; '1'
535. seg000:000005E2 push 181392h
536. seg000:000005E7 call sub_A37
537. seg000:000005EC call sub_8CC
538. seg000:000005F1 call sub_35B
539. seg000:000005F6 call sub_16E
540. seg000:000005FB push 1813A3h
541. seg000:00000600 call sub_A37
542. seg000:00000605 call sub_410
543. seg000:0000060A call sub_718
544. seg000:0000060F call sub_799
545. seg000:00000614 call sub_763
546. seg000:00000619 call sub_799
547. seg000:0000061E add esp, 14h
548. seg000:00000621
549. seg000:00000621 loc_621: ; CODE XREF: seg000:00000639j
550. seg000:00000621 ; seg000:000006DBj
551. seg000:00000621 cmp dword ptr ds:2802A4h, 1
552. seg000:00000628 jnz short loc_63B
553. seg000:0000062A call sub_7B2
554. seg000:0000062F mov dword ptr ds:2802A4h, 0
555. seg000:00000639 jmp short loc_621
556. seg000:0000063B ; ---------------------------------------------------------------------------
557. seg000:0000063B
558. seg000:0000063B loc_63B: ; CODE XREF: seg000:00000628j
559. seg000:0000063B call sub_72F
560. seg000:00000640 call sub_580
561. seg000:00000645 xor edx, edx
562. seg000:00000647 mov ecx, 3
563. seg000:0000064C div ecx
564. seg000:0000064E test edx, edx
565. seg000:00000650 jz short loc_663
566. seg000:00000652 dec edx
567. seg000:00000653 jnz short loc_66C
568. seg000:00000655 xor eax, eax
569. seg000:00000657 call sub_6E0
570. seg000:0000065C mov eax, 1
571. seg000:00000661 jmp short loc_665
572. seg000:00000663 ; ---------------------------------------------------------------------------
573. seg000:00000663
574. seg000:00000663 loc_663: ; CODE XREF: seg000:00000650j
575. seg000:00000663 xor eax, eax
576. seg000:00000665
577. seg000:00000665 loc_665: ; CODE XREF: seg000:00000661j
578. seg000:00000665 call sub_6E0
579. seg000:0000066A jmp short loc_671
580. seg000:0000066C ; ---------------------------------------------------------------------------
581. seg000:0000066C
582. seg000:0000066C loc_66C: ; CODE XREF: seg000:00000653j
583. seg000:0000066C call sub_718
584. seg000:00000671
585. seg000:00000671 loc_671: ; CODE XREF: seg000:0000066Aj
586. seg000:00000671 call sub_763
587. seg000:00000676 mov esi, 3Ch ; '<'
588. seg000:0000067B call sub_799
589. seg000:00000680 call sub_580
590. seg000:00000685 mov ebx, eax
591. seg000:00000687 call sub_580
592. seg000:0000068C mov ecx, 0Ah
593. seg000:00000691 xor edx, edx
594. seg000:00000693 div ecx
595. seg000:00000695 mov eax, ds:2801C0h[edx*4]
596. seg000:0000069C call sub_B76
597. seg000:000006A1 push 181258h
598. seg000:000006A6 call sub_A37
599. seg000:000006AB call sub_72F
600. seg000:000006B0 call sub_159
601. seg000:000006B5 call sub_210
602. seg000:000006BA call sub_BDF
603. seg000:000006BF xor edx, edx
604. seg000:000006C1 imul ecx, eax, 0F4240h
605. seg000:000006C7 mov eax, ebx
606. seg000:000006C9 div esi
607. seg000:000006CB mov eax, ecx
608. seg000:000006CD imul eax, edx
609. seg000:000006D0 call sub_954
610. seg000:000006D5 call sub_226
611. seg000:000006DA pop eax
612. seg000:000006DB jmp loc_621
613. seg000:000006E0
614. seg000:000006E0 ; =============== S U B R O U T I N E =======================================
615. seg000:000006E0
616. seg000:000006E0
617. seg000:000006E0 sub_6E0 proc near ; CODE XREF: seg000:000002B0p
618. seg000:000006E0 ; seg000:000002BFp ...
619. seg000:000006E0 mov edx, ds:280264h[eax*4]
620. seg000:000006E7 mov dword ptr ds:280320h[eax*4], 1
621. seg000:000006F2 movzx edx, dl
622. seg000:000006F5 xor eax, eax
623. seg000:000006F7 jmp sub_FCA
624. seg000:000006F7 sub_6E0 endp
625. seg000:000006F7
626. seg000:000006FC
627. seg000:000006FC ; =============== S U B R O U T I N E =======================================
628. seg000:000006FC
629. seg000:000006FC
630. seg000:000006FC sub_6FC proc near ; CODE XREF: seg000:000002DAp
631. seg000:000006FC ; seg000:000002E4p ...
632. seg000:000006FC mov edx, ds:280264h[eax*4]
633. seg000:00000703 mov dword ptr ds:280320h[eax*4], 0
634. seg000:0000070E movzx edx, dl
635. seg000:00000711 xor eax, eax
636. seg000:00000713 jmp sub_FE7
637. seg000:00000713 sub_6FC endp
638. seg000:00000713
639. seg000:00000718
640. seg000:00000718 ; =============== S U B R O U T I N E =======================================
641. seg000:00000718
642. seg000:00000718
643. seg000:00000718 sub_718 proc near ; CODE XREF: seg000:0000060Ap
644. seg000:00000718 ; seg000:loc_66Cp
645. seg000:00000718 push ebx
646. seg000:00000719 xor ebx, ebx
647. seg000:0000071B
648. seg000:0000071B loc_71B: ; CODE XREF: sub_718+13j
649. seg000:0000071B cmp ebx, ds:280260h
650. seg000:00000721 jge short loc_72D
651. seg000:00000723 mov eax, ebx
652. seg000:00000725 inc ebx
653. seg000:00000726 call sub_6E0
654. seg000:0000072B jmp short loc_71B
655. seg000:0000072D ; ---------------------------------------------------------------------------
656. seg000:0000072D
657. seg000:0000072D loc_72D: ; CODE XREF: sub_718+9j
658. seg000:0000072D pop ebx
659. seg000:0000072E retn
660. seg000:0000072E sub_718 endp
661. seg000:0000072E
662. seg000:0000072F
663. seg000:0000072F ; =============== S U B R O U T I N E =======================================
664. seg000:0000072F
665. seg000:0000072F
666. seg000:0000072F sub_72F proc near ; CODE XREF: seg000:loc_63Bp
667. seg000:0000072F ; seg000:000006ABp ...
668. seg000:0000072F push ebx
669. seg000:00000730 xor ebx, ebx
670. seg000:00000732
671. seg000:00000732 loc_732: ; CODE XREF: sub_72F+13j
672. seg000:00000732 cmp ebx, ds:280260h
673. seg000:00000738 jge short loc_744
674. seg000:0000073A mov eax, ebx
675. seg000:0000073C inc ebx
676. seg000:0000073D call sub_6FC
677. seg000:00000742 jmp short loc_732
678. seg000:00000744 ; ---------------------------------------------------------------------------
679. seg000:00000744
680. seg000:00000744 loc_744: ; CODE XREF: sub_72F+9j
681. seg000:00000744 pop ebx
682. seg000:00000745 retn
683. seg000:00000745 sub_72F endp
684. seg000:00000745
685. seg000:00000746 ; ---------------------------------------------------------------------------
686. seg000:00000746 ; START OF FUNCTION CHUNK FOR sub_763
687. seg000:00000746
688. seg000:00000746 loc_746: ; CODE XREF: sub_763+14j
689. seg000:00000746 push esi
690. seg000:00000747 mov esi, eax
691. seg000:00000749 push ebx
692. seg000:0000074A xor ebx, ebx
693. seg000:0000074C
694. seg000:0000074C loc_74C: ; CODE XREF: sub_763-5j
695. seg000:0000074C mov eax, ebx
696. seg000:0000074E inc ebx
697. seg000:0000074F call sub_10F
698. seg000:00000754 mov eax, esi
699. seg000:00000756 call sub_90D
700. seg000:0000075B cmp ebx, 1Eh
701. seg000:0000075E jnz short loc_74C
702. seg000:00000760 pop ebx
703. seg000:00000761 pop esi
704. seg000:00000762 retn
705. seg000:00000762 ; END OF FUNCTION CHUNK FOR sub_763
706. seg000:00000763
707. seg000:00000763 ; =============== S U B R O U T I N E =======================================
708. seg000:00000763
709. seg000:00000763
710. seg000:00000763 sub_763 proc near ; CODE XREF: seg000:00000614p
711. seg000:00000763 ; seg000:loc_671p
712. seg000:00000763
713. seg000:00000763 ; FUNCTION CHUNK AT seg000:00000746 SIZE 0000001D BYTES
714. seg000:00000763
715. seg000:00000763 call sub_BDF
716. seg000:00000768 mov ecx, 1Eh
717. seg000:0000076D imul eax, 0F4240h
718. seg000:00000773 xor edx, edx
719. seg000:00000775 div ecx
720. seg000:00000777 jmp loc_746
721. seg000:00000777 sub_763 endp
722. seg000:00000777
723. seg000:0000077C ; ---------------------------------------------------------------------------
724. seg000:0000077C ; START OF FUNCTION CHUNK FOR sub_799
725. seg000:0000077C
726. seg000:0000077C loc_77C: ; CODE XREF: sub_799+14j
727. seg000:0000077C push esi
728. seg000:0000077D mov esi, eax
729. seg000:0000077F push ebx
730. seg000:00000780 mov ebx, 1Eh
731. seg000:00000785
732. seg000:00000785 loc_785: ; CODE XREF: sub_799-5j
733. seg000:00000785 mov eax, ebx
734. seg000:00000787 call sub_10F
735. seg000:0000078C mov eax, esi
736. seg000:0000078E call sub_90D
737. seg000:00000793 dec ebx
738. seg000:00000794 jnz short loc_785
739. seg000:00000796 pop ebx
740. seg000:00000797 pop esi
741. seg000:00000798 retn
742. seg000:00000798 ; END OF FUNCTION CHUNK FOR sub_799
743. seg000:00000799
744. seg000:00000799 ; =============== S U B R O U T I N E =======================================
745. seg000:00000799
746. seg000:00000799
747. seg000:00000799 sub_799 proc near ; CODE XREF: seg000:0000060Fp
748. seg000:00000799 ; seg000:00000619p ...
749. seg000:00000799
750. seg000:00000799 ; FUNCTION CHUNK AT seg000:0000077C SIZE 0000001D BYTES
751. seg000:00000799
752. seg000:00000799 call sub_BDF
753. seg000:0000079E mov ecx, 1Eh
754. seg000:000007A3 imul eax, 0F4240h
755. seg000:000007A9 xor edx, edx
756. seg000:000007AB div ecx
757. seg000:000007AD jmp loc_77C
758. seg000:000007AD sub_799 endp
759. seg000:000007AD
760. seg000:000007B2
761. seg000:000007B2 ; =============== S U B R O U T I N E =======================================
762. seg000:000007B2
763. seg000:000007B2
764. seg000:000007B2 sub_7B2 proc near ; CODE XREF: seg000:0000062Ap
765. seg000:000007B2 push edi
766. seg000:000007B3 push esi
767. seg000:000007B4 push ebx
768. seg000:000007B5 call sub_BDF
769. seg000:000007BA imul eax, 0F4240h
770. seg000:000007C0 xor edx, edx
771. seg000:000007C2 mov ecx, 1Eh
772. seg000:000007C7 div ecx
773. seg000:000007C9 xor ebx, ebx
774. seg000:000007CB mov esi, eax
775. seg000:000007CD cmp dword ptr ds:28031Ch, 1
776. seg000:000007D4 jnz short loc_7EE
777. seg000:000007D6 xor edx, edx
778. seg000:000007D8 xor eax, eax
779. seg000:000007DA call sub_C58
780. seg000:000007DF mov eax, 1106h
781. seg000:000007E4 call sub_B3D
782. seg000:000007E9 mov ebx, 1
783. seg000:000007EE
784. seg000:000007EE loc_7EE: ; CODE XREF: sub_7B2+22j
785. seg000:000007EE call sub_72F
786. seg000:000007F3 xor edi, edi
787. seg000:000007F5 call sub_BDF
788. seg000:000007FA mov ecx, 0Ah
789. seg000:000007FF imul eax, 0F4240h
790. seg000:00000805 xor edx, edx
791. seg000:00000807 div ecx
792. seg000:00000809 call sub_90D
793. seg000:0000080E call sub_226
794. seg000:00000813 xor eax, eax
795. seg000:00000815 call sub_10F
796. seg000:0000081A mov eax, 3
797. seg000:0000081F call sub_6E0
798. seg000:00000824
799. seg000:00000824 loc_824: ; CODE XREF: sub_7B2+9Dj
800. seg000:00000824 mov eax, edi
801. seg000:00000826 call sub_10F
802. seg000:0000082B mov eax, esi
803. seg000:0000082D call sub_90D
804. seg000:00000832 cmp edi, 0Fh
805. seg000:00000835 jnz short loc_84B
806. seg000:00000837 mov eax, 2
807. seg000:0000083C call sub_6E0
808. seg000:00000841 mov eax, 4
809. seg000:00000846 call sub_6E0
810. seg000:0000084B
811. seg000:0000084B loc_84B: ; CODE XREF: sub_7B2+83j
812. seg000:0000084B inc edi
813. seg000:0000084C cmp edi, 1Fh
814. seg000:0000084F jnz short loc_824
815. seg000:00000851 mov edi, 1Eh
816. seg000:00000856
817. seg000:00000856 loc_856: ; CODE XREF: sub_7B2+CCj
818. seg000:00000856 mov eax, edi
819. seg000:00000858 call sub_10F
820. seg000:0000085D mov eax, esi
821. seg000:0000085F call sub_90D
822. seg000:00000864 cmp edi, 0Fh
823. seg000:00000867 jnz short loc_87D
824. seg000:00000869 mov eax, 2
825. seg000:0000086E call sub_6FC
826. seg000:00000873 mov eax, 4
827. seg000:00000878 call sub_6FC
828. seg000:0000087D
829. seg000:0000087D loc_87D: ; CODE XREF: sub_7B2+B5j
830. seg000:0000087D dec edi
831. seg000:0000087E jnz short loc_856
832. seg000:00000880 call sub_72F
833. seg000:00000885 dec ebx
834. seg000:00000886 jnz short loc_897
835. seg000:00000888 mov edx, 3
836. seg000:0000088D mov eax, 3
837. seg000:00000892 call sub_C58
838. seg000:00000897
839. seg000:00000897 loc_897: ; CODE XREF: sub_7B2+D4j
840. seg000:00000897 pop ebx
841. seg000:00000898 mov dword ptr ds:2802A4h, 0
842. seg000:000008A2 pop esi
843. seg000:000008A3 pop edi
844. seg000:000008A4 retn
845. seg000:000008A4 sub_7B2 endp
846. seg000:000008A4
847. seg000:000008A5 ; ---------------------------------------------------------------------------
848. seg000:000008A5 ; START OF FUNCTION CHUNK FOR sub_8CC
849. seg000:000008A5
850. seg000:000008A5 loc_8A5: ; CODE XREF: sub_8CC+3Cj
851. seg000:000008A5 push ebx
852. seg000:000008A6 xor ebx, ebx
853. seg000:000008A8
854. seg000:000008A8 loc_8A8: ; CODE XREF: sub_8CC-4j
855. seg000:000008A8 cmp ebx, ds:280260h
856. seg000:000008AE jge short loc_8CA
857. seg000:000008B0 mov eax, ds:280264h[ebx*4]
858. seg000:000008B7 mov dword ptr ds:280320h[ebx*4], 0
859. seg000:000008C2 call sub_6FC
860. seg000:000008C7 inc ebx
861. seg000:000008C8 jmp short loc_8A8
862. seg000:000008CA ; ---------------------------------------------------------------------------
863. seg000:000008CA
864. seg000:000008CA loc_8CA: ; CODE XREF: sub_8CC-1Ej
865. seg000:000008CA pop ebx
866. seg000:000008CB retn
867. seg000:000008CB ; END OF FUNCTION CHUNK FOR sub_8CC
868. seg000:000008CC
869. seg000:000008CC ; =============== S U B R O U T I N E =======================================
870. seg000:000008CC
871. seg000:000008CC
872. seg000:000008CC sub_8CC proc near ; CODE XREF: seg000:000005ECp
873. seg000:000008CC
874. seg000:000008CC ; FUNCTION CHUNK AT seg000:000008A5 SIZE 00000027 BYTES
875. seg000:000008CC
876. seg000:000008CC push esi
877. seg000:000008CD push ebx
878. seg000:000008CE xor ebx, ebx
879. seg000:000008D0
880. seg000:000008D0 loc_8D0: ; CODE XREF: sub_8CC+2Cj
881. seg000:000008D0 cmp ebx, ds:280260h
882. seg000:000008D6 jge short loc_8FA
883. seg000:000008D8 mov esi, ds:280264h[ebx*4]
884. seg000:000008DF xor edx, edx
885. seg000:000008E1 mov eax, esi
886. seg000:000008E3 inc ebx
887. seg000:000008E4 call sub_DC7
888. seg000:000008E9 mov eax, 1
889. seg000:000008EE mov ecx, esi
890. seg000:000008F0 shl eax, cl
891. seg000:000008F2 or ds:280340h, eax
892. seg000:000008F8 jmp short loc_8D0
893. seg000:000008FA ; ---------------------------------------------------------------------------
894. seg000:000008FA
895. seg000:000008FA loc_8FA: ; CODE XREF: sub_8CC+Aj
896. seg000:000008FA mov edx, 280340h
897. seg000:000008FF xor eax, eax
898. seg000:00000901 call sub_F78
899. seg000:00000906 pop ebx
900. seg000:00000907 pop esi
901. seg000:00000908 jmp loc_8A5
902. seg000:00000908 sub_8CC endp ; sp-analysis failed
903. seg000:00000908
904. seg000:0000090D
905. seg000:0000090D ; =============== S U B R O U T I N E =======================================
906. seg000:0000090D
907. seg000:0000090D
908. seg000:0000090D sub_90D proc near ; CODE XREF: sub_763-Dp
909. seg000:0000090D ; sub_799-Bp ...
910. seg000:0000090D push esi
911. seg000:0000090E push ebx
912. seg000:0000090F mov ebx, eax
913. seg000:00000911 call sub_BDF
914. seg000:00000916 mov edx, 3
915. seg000:0000091B mov esi, eax
916. seg000:0000091D xor eax, eax
917. seg000:0000091F call sub_C58
918. seg000:00000924 mov eax, 203h
919. seg000:00000929 call sub_B3D
920. seg000:0000092E call sub_BDF
921. seg000:00000933 xor edx, edx
922. seg000:00000935 imul eax, ebx
923. seg000:00000938 div esi
924. seg000:0000093A call sub_BE5
925. seg000:0000093F xor edx, edx
926. seg000:00000941 xor eax, eax
927. seg000:00000943 call sub_C58
928. seg000:00000948 mov eax, 1106h
929. seg000:0000094D pop ebx
930. seg000:0000094E pop esi
931. seg000:0000094F jmp sub_B3D
932. seg000:0000094F sub_90D endp
933. seg000:0000094F
934. seg000:00000954
935. seg000:00000954 ; =============== S U B R O U T I N E =======================================
936. seg000:00000954
937. seg000:00000954
938. seg000:00000954 sub_954 proc near ; CODE XREF: seg000:000006D0p
939. seg000:00000954 push edi
940. seg000:00000955 push esi
941. seg000:00000956 push ebx
942. seg000:00000957 mov ebx, eax
943. seg000:00000959 call sub_BDF
944. seg000:0000095E mov edx, 3
945. seg000:00000963 mov esi, eax
946. seg000:00000965 mov eax, 3
947. seg000:0000096A mov dword ptr ds:28031Ch, 1
948. seg000:00000974 call sub_C58
949. seg000:00000979 mov eax, 1106h
950. seg000:0000097E call sub_B3D
951. seg000:00000983 call sub_BDF
952. seg000:00000988 xor edx, edx
953. seg000:0000098A mov edi, eax
954. seg000:0000098C xor eax, eax
955. seg000:0000098E call sub_C58
956. seg000:00000993 mov eax, 1106h
957. seg000:00000998 call sub_B3D
958. seg000:0000099D mov edx, 3
959. seg000:000009A2 mov eax, 3
960. seg000:000009A7 call sub_C58
961. seg000:000009AC mov eax, edi
962. seg000:000009AE imul eax, ebx
963. seg000:000009B1 xor edx, edx
964. seg000:000009B3 div esi
965. seg000:000009B5 call sub_BE5
966. seg000:000009BA xor edx, edx
967. seg000:000009BC xor eax, eax
968. seg000:000009BE call sub_C58
969. seg000:000009C3 mov eax, 1106h
970. seg000:000009C8 call sub_B3D
971. seg000:000009CD pop ebx
972. seg000:000009CE mov dword ptr ds:28031Ch, 0
973. seg000:000009D8 pop esi
974. seg000:000009D9 pop edi
975. seg000:000009DA retn
976. seg000:000009DA sub_954 endp
977. seg000:000009DA
978. seg000:000009DB
979. seg000:000009DB ; =============== S U B R O U T I N E =======================================
980. seg000:000009DB
981. seg000:000009DB
982. seg000:000009DB sub_9DB proc near ; CODE XREF: sub_A37:loc_AD1p
983. seg000:000009DB push ebp
984. seg000:000009DC push edi
985. seg000:000009DD mov edi, edx
986. seg000:000009DF push esi
987. seg000:000009E0 mov esi, eax
988. seg000:000009E2 push ebx
989. seg000:000009E3 xor ebx, ebx
990. seg000:000009E5
991. seg000:000009E5 loc_9E5: ; CODE XREF: sub_9DB+39j
992. seg000:000009E5 xor edx, edx
993. seg000:000009E7 mov eax, esi
994. seg000:000009E9 div edi
995. seg000:000009EB lea ebp, [ebx+1]
996. seg000:000009EE cmp dl, 9
997. seg000:000009F1 lea eax, [edx+30h]
998. seg000:000009F4 jle short loc_A00
999. seg000:000009F6 lea eax, [edx+57h]
1000. seg000:000009F9 test cl, cl
1001. seg000:000009FB jz short loc_A00
1002. seg000:000009FD lea eax, [edx+37h]
1003. seg000:00000A00
1004. seg000:00000A00 loc_A00: ; CODE XREF: sub_9DB+19j
1005. seg000:00000A00 ; sub_9DB+20j
1006. seg000:00000A00 xor edx, edx
1007. seg000:00000A02 mov [ebp+2802DFh], al
1008. seg000:00000A08 mov eax, esi
1009. seg000:00000A0A div edi
1010. seg000:00000A0C mov esi, eax
1011. seg000:00000A0E test eax, eax
1012. seg000:00000A10 jz short loc_A16
1013. seg000:00000A12 mov ebx, ebp
1014. seg000:00000A14 jmp short loc_9E5
1015. seg000:00000A16 ; ---------------------------------------------------------------------------
1016. seg000:00000A16
1017. seg000:00000A16 loc_A16: ; CODE XREF: sub_9DB+35j
1018. seg000:00000A16 add ebx, 2802E0h
1019. seg000:00000A1C mov esi, 2802DFh
1020. seg000:00000A21
1021. seg000:00000A21 loc_A21: ; CODE XREF: sub_9DB+53j
1022. seg000:00000A21 movzx edx, byte ptr [ebx]
1023. seg000:00000A24 xor eax, eax
1024. seg000:00000A26 dec ebx
1025. seg000:00000A27 call sub_1068
1026. seg000:00000A2C cmp esi, ebx
1027. seg000:00000A2E jnz short loc_A21
1028. seg000:00000A30 pop ebx
1029. seg000:00000A31 mov eax, ebp
1030. seg000:00000A33 pop esi
1031. seg000:00000A34 pop edi
1032. seg000:00000A35 pop ebp
1033. seg000:00000A36 retn
1034. seg000:00000A36 sub_9DB endp
1035. seg000:00000A36
1036. seg000:00000A37
1037. seg000:00000A37 ; =============== S U B R O U T I N E =======================================
1038. seg000:00000A37
1039. seg000:00000A37
1040. seg000:00000A37 sub_A37 proc near ; CODE XREF: sub_10F+12p
1041. seg000:00000A37 ; sub_10F+2Cp ...
1042. seg000:00000A37
1043. seg000:00000A37 var_14 = dword ptr -14h
1044. seg000:00000A37 arg_0 = dword ptr 4
1045. seg000:00000A37 arg_4 = byte ptr 8
1046. seg000:00000A37
1047. seg000:00000A37 push ebp
1048. seg000:00000A38 push edi
1049. seg000:00000A39 push esi
1050. seg000:00000A3A push ebx
1051. seg000:00000A3B push ecx
1052. seg000:00000A3C xor ebx, ebx
1053. seg000:00000A3E mov edi, [esp+14h+arg_0]
1054. seg000:00000A42 lea esi, [esp+14h+arg_4]
1055. seg000:00000A46
1056. seg000:00000A46 loc_A46: ; CODE XREF: sub_A37+A3j
1057. seg000:00000A46 ; sub_A37+D3j ...
1058. seg000:00000A46 movzx edx, byte ptr [edi]
1059. seg000:00000A49 test dl, dl
1060. seg000:00000A4B jz loc_B35
1061. seg000:00000A51 cmp dl, 25h ; '%'
1062. seg000:00000A54 jnz loc_B27
1063. seg000:00000A5A mov cl, [edi+1]
1064. seg000:00000A5D cmp cl, 6Ch ; 'l'
1065. seg000:00000A60 jz short loc_A67
1066. seg000:00000A62 add edi, 2
1067. seg000:00000A65 jmp short loc_A6D
1068. seg000:00000A67 ; ---------------------------------------------------------------------------
1069. seg000:00000A67
1070. seg000:00000A67 loc_A67: ; CODE XREF: sub_A37+29j
1071. seg000:00000A67 mov cl, [edi+2]
1072. seg000:00000A6A add edi, 3
1073. seg000:00000A6D
1074. seg000:00000A6D loc_A6D: ; CODE XREF: sub_A37+2Ej
1075. seg000:00000A6D cmp cl, 64h ; 'd'
1076. seg000:00000A70 jz short loc_AA2
1077. seg000:00000A72 jg short loc_A87
1078. seg000:00000A74 cmp cl, 25h ; '%'
1079. seg000:00000A77 jz loc_B22
1080. seg000:00000A7D cmp cl, 58h ; 'X'
1081. seg000:00000A80 jz short loc_ADF
1082. seg000:00000A82 jmp loc_B0F
1083. seg000:00000A87 ; ---------------------------------------------------------------------------
1084. seg000:00000A87
1085. seg000:00000A87 loc_A87: ; CODE XREF: sub_A37+3Bj
1086. seg000:00000A87 cmp cl, 75h ; 'u'
1087. seg000:00000A8A jz short loc_AC5
1088. seg000:00000A8C cmp cl, 78h ; 'x'
1089. seg000:00000A8F jz short loc_ADF
1090. seg000:00000A91 cmp cl, 73h ; 's'
1091. seg000:00000A94 jnz short loc_B0F
1092. seg000:00000A96 lea eax, [esi+4]
1093. seg000:00000A99 mov ebp, [esi]
1094. seg000:00000A9B mov [esp+14h+var_14], eax
1095. seg000:00000A9E xor esi, esi
1096. seg000:00000AA0 jmp short loc_AF2
1097. seg000:00000AA2 ; ---------------------------------------------------------------------------
1098. seg000:00000AA2
1099. seg000:00000AA2 loc_AA2: ; CODE XREF: sub_A37+39j
1100. seg000:00000AA2 lea ebp, [esi+4]
1101. seg000:00000AA5 mov esi, [esi]
1102. seg000:00000AA7 test esi, esi
1103. seg000:00000AA9 jns short loc_ABA
1104. seg000:00000AAB mov edx, 2Dh ; '-'
1105. seg000:00000AB0 xor eax, eax
1106. seg000:00000AB2 call sub_1068
1107. seg000:00000AB7 inc ebx
1108. seg000:00000AB8 neg esi
1109. seg000:00000ABA
1110. seg000:00000ABA loc_ABA: ; CODE XREF: sub_A37+72j
1111. seg000:00000ABA xor ecx, ecx
1112. seg000:00000ABC mov edx, 0Ah
1113. seg000:00000AC1 mov eax, esi
1114. seg000:00000AC3 jmp short loc_AD1
1115. seg000:00000AC5 ; ---------------------------------------------------------------------------
1116. seg000:00000AC5
1117. seg000:00000AC5 loc_AC5: ; CODE XREF: sub_A37+53j
1118. seg000:00000AC5 lea ebp, [esi+4]
1119. seg000:00000AC8 xor ecx, ecx
1120. seg000:00000ACA mov edx, 0Ah
1121. seg000:00000ACF
1122. seg000:00000ACF loc_ACF: ; CODE XREF: sub_A37+B9j
1123. seg000:00000ACF mov eax, [esi]
1124. seg000:00000AD1
1125. seg000:00000AD1 loc_AD1: ; CODE XREF: sub_A37+8Cj
1126. seg000:00000AD1 call sub_9DB
1127. seg000:00000AD6 mov esi, ebp
1128. seg000:00000AD8 add ebx, eax
1129. seg000:00000ADA jmp loc_A46
1130. seg000:00000ADF ; ---------------------------------------------------------------------------
1131. seg000:00000ADF
1132. seg000:00000ADF loc_ADF: ; CODE XREF: sub_A37+49j
1133. seg000:00000ADF ; sub_A37+58j
1134. seg000:00000ADF cmp cl, 58h ; 'X'
1135. seg000:00000AE2 lea ebp, [esi+4]
1136. seg000:00000AE5 setz cl
1137. seg000:00000AE8 movzx ecx, cl
1138. seg000:00000AEB mov edx, 10h
1139. seg000:00000AF0 jmp short loc_ACF
1140. seg000:00000AF2 ; ---------------------------------------------------------------------------
1141. seg000:00000AF2
1142. seg000:00000AF2 loc_AF2: ; CODE XREF: sub_A37+69j
1143. seg000:00000AF2 ; sub_A37+CCj
1144. seg000:00000AF2 movzx edx, byte ptr [ebp+esi+0]
1145. seg000:00000AF7 test dl, dl
1146. seg000:00000AF9 jz short loc_B05
1147. seg000:00000AFB xor eax, eax
1148. seg000:00000AFD inc esi
1149. seg000:00000AFE call sub_1068
1150. seg000:00000B03 jmp short loc_AF2
1151. seg000:00000B05 ; ---------------------------------------------------------------------------
1152. seg000:00000B05
1153. seg000:00000B05 loc_B05: ; CODE XREF: sub_A37+C2j
1154. seg000:00000B05 add ebx, esi
1155. seg000:00000B07 mov esi, [esp+14h+var_14]
1156. seg000:00000B0A jmp loc_A46
1157. seg000:00000B0F ; ---------------------------------------------------------------------------
1158. seg000:00000B0F
1159. seg000:00000B0F loc_B0F: ; CODE XREF: sub_A37+4Bj
1160. seg000:00000B0F ; sub_A37+5Dj
1161. seg000:00000B0F mov edx, 25h ; '%'
1162. seg000:00000B14 xor eax, eax
1163. seg000:00000B16 mov byte ptr [esp+14h+var_14], cl
1164. seg000:00000B19 inc ebx
1165. seg000:00000B1A call sub_1068
1166. seg000:00000B1F mov cl, byte ptr [esp+14h+var_14]
1167. seg000:00000B22
1168. seg000:00000B22 loc_B22: ; CODE XREF: sub_A37+40j
1169. seg000:00000B22 movzx edx, cl
1170. seg000:00000B25 jmp short loc_B28
1171. seg000:00000B27 ; ---------------------------------------------------------------------------
1172. seg000:00000B27
1173. seg000:00000B27 loc_B27: ; CODE XREF: sub_A37+1Dj
1174. seg000:00000B27 inc edi
1175. seg000:00000B28
1176. seg000:00000B28 loc_B28: ; CODE XREF: sub_A37+EEj
1177. seg000:00000B28 xor eax, eax
1178. seg000:00000B2A inc ebx
1179. seg000:00000B2B call sub_1068
1180. seg000:00000B30 jmp loc_A46
1181. seg000:00000B35 ; ---------------------------------------------------------------------------
1182. seg000:00000B35
1183. seg000:00000B35 loc_B35: ; CODE XREF: sub_A37+14j
1184. seg000:00000B35 pop edx
1185. seg000:00000B36 mov eax, ebx
1186. seg000:00000B38 pop ebx
1187. seg000:00000B39 pop esi
1188. seg000:00000B3A pop edi
1189. seg000:00000B3B pop ebp
1190. seg000:00000B3C retn
1191. seg000:00000B3C sub_A37 endp
1192. seg000:00000B3C
1193. seg000:00000B3D
1194. seg000:00000B3D ; =============== S U B R O U T I N E =======================================
1195. seg000:00000B3D
1196. seg000:00000B3D
1197. seg000:00000B3D sub_B3D proc near ; CODE XREF: seg000:00000030p
1198. seg000:00000B3D ; seg000:00000248p ...
1199. seg000:00000B3D
1200. seg000:00000B3D ; FUNCTION CHUNK AT seg000:00001004 SIZE 00000064 BYTES
1201. seg000:00000B3D
1202. seg000:00000B3D push ebx
1203. seg000:00000B3E mov edx, 2
1204. seg000:00000B43 mov ebx, eax
1205. seg000:00000B45 mov eax, 0Ch
1206. seg000:00000B4A call sub_DC7
1207. seg000:00000B4F mov eax, 20002h
1208. seg000:00000B54 mov ds:280304h, ebx
1209. seg000:00000B5A mov dword ptr ds:280300h, 3
1210. seg000:00000B64 call sub_BBD
1211. seg000:00000B69 mov edx, 280300h
1212. seg000:00000B6E xor eax, eax
1213. seg000:00000B70 pop ebx
1214. seg000:00000B71 jmp loc_1004
1215. seg000:00000B71 sub_B3D endp
1216. seg000:00000B71
1217. seg000:00000B76
1218. seg000:00000B76 ; =============== S U B R O U T I N E =======================================
1219. seg000:00000B76
1220. seg000:00000B76
1221. seg000:00000B76 sub_B76 proc near ; CODE XREF: seg000:0000069Cp
1222. seg000:00000B76 push ebx
1223. seg000:00000B77 mov ebx, eax
1224. seg000:00000B79
1225. seg000:00000B79 loc_B79: ; CODE XREF: sub_B76+12j
1226. seg000:00000B79 movzx edx, byte ptr [ebx]
1227. seg000:00000B7C test dl, dl
1228. seg000:00000B7E jz short loc_B8A
1229. seg000:00000B80 xor eax, eax
1230. seg000:00000B82 inc ebx
1231. seg000:00000B83 call sub_1068
1232. seg000:00000B88 jmp short loc_B79
1233. seg000:00000B8A ; ---------------------------------------------------------------------------
1234. seg000:00000B8A
1235. seg000:00000B8A loc_B8A: ; CODE XREF: sub_B76+8j
1236. seg000:00000B8A mov edx, 0Ah
1237. seg000:00000B8F xor eax, eax
1238. seg000:00000B91 call sub_1068
1239. seg000:00000B96 xor eax, eax
1240. seg000:00000B98 pop ebx
1241. seg000:00000B99 retn
1242. seg000:00000B99 sub_B76 endp
1243. seg000:00000B99
1244. seg000:00000B9A
1245. seg000:00000B9A ; =============== S U B R O U T I N E =======================================
1246. seg000:00000B9A
1247. seg000:00000B9A
1248. seg000:00000B9A sub_B9A proc near ; CODE XREF: sub_110F+8p
1249. seg000:00000B9A shl eax, 3
1250. seg000:00000B9D mov edx, ds:0B0800038h
1251. seg000:00000BA3 and edx, 0FFFFFF83h
1252. seg000:00000BA6 or eax, edx
1253. seg000:00000BA8 mov ds:0B0800038h, eax
1254. seg000:00000BAD mov eax, ds:0B0800038h
1255. seg000:00000BB2 or eax, 4
1256. seg000:00000BB5 mov ds:0B0800038h, eax
1257. seg000:00000BBA xor eax, eax
1258. seg000:00000BBC retn
1259. seg000:00000BBC sub_B9A endp
1260. seg000:00000BBC
1261. seg000:00000BBD
1262. seg000:00000BBD ; =============== S U B R O U T I N E =======================================
1263. seg000:00000BBD
1264. seg000:00000BBD
1265. seg000:00000BBD sub_BBD proc near ; CODE XREF: sub_16E+8Fp
1266. seg000:00000BBD ; sub_B3D+27p
1267. seg000:00000BBD mov edx, ds:0B0800018h
1268. seg000:00000BC3 or eax, edx
1269. seg000:00000BC5 mov ds:0B0800018h, eax
1270. seg000:00000BCA xor eax, eax
1271. seg000:00000BCC retn
1272. seg000:00000BCC sub_BBD endp
1273. seg000:00000BCC
1274. seg000:00000BCD ; ---------------------------------------------------------------------------
1275. seg000:00000BCD ; START OF FUNCTION CHUNK FOR sub_210
1276. seg000:00000BCD
1277. seg000:00000BCD loc_BCD: ; CODE XREF: sub_210+11j
1278. seg000:00000BCD mov edx, ds:0B0800018h
1279. seg000:00000BD3 not eax
1280. seg000:00000BD5 and eax, edx
1281. seg000:00000BD7 mov ds:0B0800018h, eax
1282. seg000:00000BDC xor eax, eax
1283. seg000:00000BDE retn
1284. seg000:00000BDE ; END OF FUNCTION CHUNK FOR sub_210
1285. seg000:00000BDF
1286. seg000:00000BDF ; =============== S U B R O U T I N E =======================================
1287. seg000:00000BDF
1288. seg000:00000BDF
1289. seg000:00000BDF sub_BDF proc near ; CODE XREF: seg000:000002C4p
1290. seg000:00000BDF ; seg000:000002E9p ...
1291. seg000:00000BDF mov eax, ds:280278h
1292. seg000:00000BE4 retn
1293. seg000:00000BE4 sub_BDF endp
1294. seg000:00000BE4
1295. seg000:00000BE5
1296. seg000:00000BE5 ; =============== S U B R O U T I N E =======================================
1297. seg000:00000BE5
1298. seg000:00000BE5
1299. seg000:00000BE5 sub_BE5 proc near ; CODE XREF: seg000:000002D3p
1300. seg000:00000BE5 ; seg000:000002FDp ...
1301. seg000:00000BE5 imul eax, ds:280278h
1302. seg000:00000BEC push esi
1303. seg000:00000BED mov esi, eax
1304. seg000:00000BEF push ebx
1305. seg000:00000BF0 rdtsc
1306. seg000:00000BF2 mov ecx, eax
1307. seg000:00000BF4 mov ebx, edx
1308. seg000:00000BF6
1309. seg000:00000BF6 loc_BF6: ; CODE XREF: sub_BE5+1Ej
1310. seg000:00000BF6 rdtsc
1311. seg000:00000BF8 sub eax, ecx
1312. seg000:00000BFA sbb edx, ebx
1313. seg000:00000BFC cmp edx, 0
1314. seg000:00000BFF ja short loc_C05
1315. seg000:00000C01 cmp eax, esi
1316. seg000:00000C03 jb short loc_BF6
1317. seg000:00000C05
1318. seg000:00000C05 loc_C05: ; CODE XREF: sub_BE5+1Aj
1319. seg000:00000C05 pop ebx
1320. seg000:00000C06 pop esi
1321. seg000:00000C07 retn
1322. seg000:00000C07 sub_BE5 endp
1323. seg000:00000C07
1324. seg000:00000C08
1325. seg000:00000C08 ; =============== S U B R O U T I N E =======================================
1326. seg000:00000C08
1327. seg000:00000C08
1328. seg000:00000C08 sub_C08 proc near ; CODE XREF: sub_C58+A0p
1329. seg000:00000C08 shl eax, 14h
1330. seg000:00000C0B mov edx, ds:0B0800000h
1331. seg000:00000C11 or edx, 2
1332. seg000:00000C14 and eax, 3FF00000h
1333. seg000:00000C19 mov ds:0B0800000h, edx
1334. seg000:00000C1F mov edx, ds:0B0800008h
1335. seg000:00000C25 and edx, 0C00FFFFFh
1336. seg000:00000C2B mov ds:0B0800008h, edx
1337. seg000:00000C31 mov edx, ds:0B0800008h
1338. seg000:00000C37 or eax, edx
1339. seg000:00000C39 mov ds:0B0800008h, eax
1340. seg000:00000C3E mov eax, 0C8h ; '+'
1341. seg000:00000C43 call sub_BE5
1342. seg000:00000C48 mov eax, ds:0B0800000h
1343. seg000:00000C4D and eax, 0FFFFFFFDh
1344. seg000:00000C50 mov ds:0B0800000h, eax
1345. seg000:00000C55 xor eax, eax
1346. seg000:00000C57 retn
1347. seg000:00000C57 sub_C08 endp
1348. seg000:00000C57
1349. seg000:00000C58
1350. seg000:00000C58 ; =============== S U B R O U T I N E =======================================
1351. seg000:00000C58
1352. seg000:00000C58
1353. seg000:00000C58 sub_C58 proc near ; CODE XREF: seg000:0000023Ep
1354. seg000:00000C58 ; seg000:00000353j ...
1355. seg000:00000C58 push ebp
1356. seg000:00000C59 push edi
1357. seg000:00000C5A push esi
1358. seg000:00000C5B push ebx
1359. seg000:00000C5C mov ecx, edx
1360. seg000:00000C5E mov edx, ds:0B0800038h
1361. seg000:00000C64 mov edi, edx
1362. seg000:00000C66 and edi, 0FFFFF87Fh
1363. seg000:00000C6C cmp eax, 4
1364. seg000:00000C6F jz loc_D59
1365. seg000:00000C75 jb short loc_C99
1366. seg000:00000C77 cmp eax, 5
1367. seg000:00000C7A jnz loc_D9F
1368. seg000:00000C80 mov eax, ds:0B0800008h
1369. seg000:00000C85 mov esi, 20h ; ' '
1370. seg000:00000C8A or eax, 1
1371. seg000:00000C8D mov ds:0B0800008h, eax
1372. seg000:00000C92 shr esi, cl
1373. seg000:00000C94 jmp loc_D6C
1374. seg000:00000C99 ; ---------------------------------------------------------------------------
1375. seg000:00000C99
1376. seg000:00000C99 loc_C99: ; CODE XREF: sub_C58+1Dj
1377. seg000:00000C99 test eax, eax
1378. seg000:00000C9B jnz short loc_CAD
1379. seg000:00000C9D mov esi, 20h ; ' '
1380. seg000:00000CA2 mov dx, ds:200000h
1381. seg000:00000CA9 shr esi, cl
1382. seg000:00000CAB jmp short loc_CE5
1383. seg000:00000CAD ; ---------------------------------------------------------------------------
1384. seg000:00000CAD
1385. seg000:00000CAD loc_CAD: ; CODE XREF: sub_C58+43j
1386. seg000:00000CAD cmp eax, 1
1387. seg000:00000CB0 jnz short loc_CC2
1388. seg000:00000CB2 mov esi, 10h
1389. seg000:00000CB7 mov dx, ds:200002h
1390. seg000:00000CBE shr esi, cl
1391. seg000:00000CC0 jmp short loc_CE5
1392. seg000:00000CC2 ; ---------------------------------------------------------------------------
1393. seg000:00000CC2
1394. seg000:00000CC2 loc_CC2: ; CODE XREF: sub_C58+58j
1395. seg000:00000CC2 cmp eax, 2
1396. seg000:00000CC5 jnz short loc_CD7
1397. seg000:00000CC7 mov esi, 8
1398. seg000:00000CCC mov dx, ds:200004h
1399. seg000:00000CD3 shr esi, cl
1400. seg000:00000CD5 jmp short loc_CE5
1401. seg000:00000CD7 ; ---------------------------------------------------------------------------
1402. seg000:00000CD7
1403. seg000:00000CD7 loc_CD7: ; CODE XREF: sub_C58+6Dj
1404. seg000:00000CD7 mov esi, 4
1405. seg000:00000CDC mov dx, ds:200006h
1406. seg000:00000CE3 shr esi, cl
1407. seg000:00000CE5
1408. seg000:00000CE5 loc_CE5: ; CODE XREF: sub_C58+53j
1409. seg000:00000CE5 ; sub_C58+68j ...
1410. seg000:00000CE5 mov ebp, eax
1411. seg000:00000CE7 mov eax, edx
1412. seg000:00000CE9 and ax, 0FC00h
1413. seg000:00000CED mov ebx, ecx
1414. seg000:00000CEF cmp ax, 7C00h
1415. seg000:00000CF3 jnz short loc_CFD
1416. seg000:00000CF5 movzx eax, dx
1417. seg000:00000CF8 call sub_C08
1418. seg000:00000CFD
1419. seg000:00000CFD loc_CFD: ; CODE XREF: sub_C58+9Bj
1420. seg000:00000CFD mov eax, ds:0B0800008h
1421. seg000:00000D02 and ah, 0FCh
1422. seg000:00000D05 mov ds:0B0800008h, eax
1423. seg000:00000D0A mov eax, ebp
1424. seg000:00000D0C shl eax, 8
1425. seg000:00000D0F mov edx, ds:0B0800008h
1426. seg000:00000D15 or eax, edx
1427. seg000:00000D17 mov ds:0B0800008h, eax
1428. seg000:00000D1C mov eax, ds:0B0800008h
1429. seg000:00000D21 or eax, 2
1430. seg000:00000D24 mov ds:0B0800008h, eax
1431. seg000:00000D29
1432. seg000:00000D29 loc_D29: ; CODE XREF: sub_C58+D8j
1433. seg000:00000D29 mov eax, ds:0B0800004h
1434. seg000:00000D2E test al, 1
1435. seg000:00000D30 jz short loc_D29
1436. seg000:00000D32 or edi, 1
1437. seg000:00000D35 mov eax, ds:0B0800008h
1438. seg000:00000D3A shl ebx, 8
1439. seg000:00000D3D mov ecx, edi
1440. seg000:00000D3F and eax, 0FFFFFFF7h
1441. seg000:00000D42 or ecx, ebx
1442. seg000:00000D44 mov ds:0B0800008h, eax
1443. seg000:00000D49 mov ds:0B0800038h, ecx
1444. seg000:00000D4F mov eax, ds:0B0800008h
1445. seg000:00000D54 and eax, 0FFFFFFFEh
1446. seg000:00000D57 jmp short loc_D98
1447. seg000:00000D59 ; ---------------------------------------------------------------------------
1448. seg000:00000D59
1449. seg000:00000D59 loc_D59: ; CODE XREF: sub_C58+17j
1450. seg000:00000D59 shl ecx, 8
1451. seg000:00000D5C or ecx, edi
1452. seg000:00000D5E and ecx, 0FFFFFFFEh
1453. seg000:00000D61 or ecx, 2
1454. seg000:00000D64 mov ds:0B0800038h, ecx
1455. seg000:00000D6A jmp short loc_D9F
1456. seg000:00000D6C ; ---------------------------------------------------------------------------
1457. seg000:00000D6C
1458. seg000:00000D6C loc_D6C: ; CODE XREF: sub_C58+3Cj
1459. seg000:00000D6C ; sub_C58+11Bj
1460. seg000:00000D6C mov eax, ds:0B0800004h
1461. seg000:00000D71 test al, 2
1462. seg000:00000D73 jz short loc_D6C
1463. seg000:00000D75 mov eax, ds:0B0800008h
1464. seg000:00000D7A or edi, 1
1465. seg000:00000D7D shl ecx, 8
1466. seg000:00000D80 or eax, 8
1467. seg000:00000D83 or ecx, edi
1468. seg000:00000D85 mov ds:0B0800008h, eax
1469. seg000:00000D8A mov ds:0B0800038h, ecx
1470. seg000:00000D90 mov eax, ds:0B0800008h
1471. seg000:00000D95 and eax, 0FFFFFFFDh
1472. seg000:00000D98
1473. seg000:00000D98 loc_D98: ; CODE XREF: sub_C58+FFj
1474. seg000:00000D98 mov ds:0B0800008h, eax
1475. seg000:00000D9D jmp short loc_DA4
1476. seg000:00000D9F ; ---------------------------------------------------------------------------
1477. seg000:00000D9F
1478. seg000:00000D9F loc_D9F: ; CODE XREF: sub_C58+22j
1479. seg000:00000D9F ; sub_C58+112j
1480. seg000:00000D9F mov esi, 1
1481. seg000:00000DA4
1482. seg000:00000DA4 loc_DA4: ; CODE XREF: sub_C58+145j
1483. seg000:00000DA4 mov eax, ds:0B0800038h
1484. seg000:00000DA9 or al, 80h
1485. seg000:00000DAB test esi, esi
1486. seg000:00000DAD mov ds:0B0800038h, eax
1487. seg000:00000DB2 mov eax, 1
1488. seg000:00000DB7 jz short loc_DBB
1489. seg000:00000DB9 mov eax, esi
1490. seg000:00000DBB
1491. seg000:00000DBB loc_DBB: ; CODE XREF: sub_C58+15Fj
1492. seg000:00000DBB pop ebx
1493. seg000:00000DBC mov ds:280278h, eax
1494. seg000:00000DC1 pop esi
1495. seg000:00000DC2 xor eax, eax
1496. seg000:00000DC4 pop edi
1497. seg000:00000DC5 pop ebp
1498. seg000:00000DC6 retn
1499. seg000:00000DC6 sub_C58 endp
1500. seg000:00000DC6
1501. seg000:00000DC7
1502. seg000:00000DC7 ; =============== S U B R O U T I N E =======================================
1503. seg000:00000DC7
1504. seg000:00000DC7
1505. seg000:00000DC7 sub_DC7 proc near ; CODE XREF: sub_16E+Bp
1506. seg000:00000DC7 ; sub_35B+28p ...
1507. seg000:00000DC7 mov ecx, eax
1508. seg000:00000DC9 push esi
1509. seg000:00000DCA shr eax, 4
1510. seg000:00000DCD and ecx, 0Fh
1511. seg000:00000DD0 push ebx
1512. seg000:00000DD1 add ecx, ecx
1513. seg000:00000DD3 lea ebx, ds:0B0800900h[eax*4]
1514. seg000:00000DDA mov eax, 3
1515. seg000:00000DDF shl eax, cl
1516. seg000:00000DE1 mov esi, [ebx+30h]
1517. seg000:00000DE4 not eax
1518. seg000:00000DE6 and eax, esi
1519. seg000:00000DE8 mov [ebx+30h], eax
1520. seg000:00000DEB mov eax, [ebx+30h]
1521. seg000:00000DEE shl edx, cl
1522. seg000:00000DF0 or eax, edx
1523. seg000:00000DF2 mov [ebx+30h], eax
1524. seg000:00000DF5 xor eax, eax
1525. seg000:00000DF7 pop ebx
1526. seg000:00000DF8 pop esi
1527. seg000:00000DF9 retn
1528. seg000:00000DF9 sub_DC7 endp
1529. seg000:00000DF9
1530. seg000:00000DFA
1531. seg000:00000DFA ; =============== S U B R O U T I N E =======================================
1532. seg000:00000DFA
1533. seg000:00000DFA
1534. seg000:00000DFA sub_DFA proc near ; CODE XREF: sub_35B+34p
1535. seg000:00000DFA push ebx
1536. seg000:00000DFB mov ebx, eax
1537. seg000:00000DFD shr ebx, 5
1538. seg000:00000E00 mov ecx, eax
1539. seg000:00000E02 mov eax, 1
1540. seg000:00000E07 shl eax, cl
1541. seg000:00000E09 lea ecx, ds:0B0800900h[ebx*4]
1542. seg000:00000E10 test dl, dl
1543. seg000:00000E12 mov edx, [ecx+20h]
1544. seg000:00000E15 jnz short loc_E1D
1545. seg000:00000E17 not eax
1546. seg000:00000E19 and eax, edx
1547. seg000:00000E1B jmp short loc_E1F
1548. seg000:00000E1D ; ---------------------------------------------------------------------------
1549. seg000:00000E1D
1550. seg000:00000E1D loc_E1D: ; CODE XREF: sub_DFA+1Bj
1551. seg000:00000E1D or eax, edx
1552. seg000:00000E1F
1553. seg000:00000E1F loc_E1F: ; CODE XREF: sub_DFA+21j
1554. seg000:00000E1F mov [ecx+20h], eax
1555. seg000:00000E22 xor eax, eax
1556. seg000:00000E24 pop ebx
1557. seg000:00000E25 retn
1558. seg000:00000E25 sub_DFA endp
1559. seg000:00000E25
1560. seg000:00000E26
1561. seg000:00000E26 ; =============== S U B R O U T I N E =======================================
1562. seg000:00000E26
1563. seg000:00000E26
1564. seg000:00000E26 sub_E26 proc near ; CODE XREF: sub_35B+1Fp
1565. seg000:00000E26 ; sub_35B+9Dp
1566. seg000:00000E26 push ebx
1567. seg000:00000E27 mov ebx, eax
1568. seg000:00000E29 shr ebx, 5
1569. seg000:00000E2C mov ecx, eax
1570. seg000:00000E2E mov eax, 1
1571. seg000:00000E33 shl eax, cl
1572. seg000:00000E35 test dl, dl
1573. seg000:00000E37 mov edx, ds:0B0800900h[ebx*4]
1574. seg000:00000E3E jnz short loc_E46
1575. seg000:00000E40 not eax
1576. seg000:00000E42 and eax, edx
1577. seg000:00000E44 jmp short loc_E48
1578. seg000:00000E46 ; ---------------------------------------------------------------------------
1579. seg000:00000E46
1580. seg000:00000E46 loc_E46: ; CODE XREF: sub_E26+18j
1581. seg000:00000E46 or eax, edx
1582. seg000:00000E48
1583. seg000:00000E48 loc_E48: ; CODE XREF: sub_E26+1Ej
1584. seg000:00000E48 mov ds:0B0800900h[ebx*4], eax
1585. seg000:00000E4F xor eax, eax
1586. seg000:00000E51 pop ebx
1587. seg000:00000E52 retn
1588. seg000:00000E52 sub_E26 endp
1589. seg000:00000E52
1590. seg000:00000E53
1591. seg000:00000E53 ; =============== S U B R O U T I N E =======================================
1592. seg000:00000E53
1593. seg000:00000E53
1594. seg000:00000E53 sub_E53 proc near ; CODE XREF: sub_E88+46p
1595. seg000:00000E53 mov edx, eax
1596. seg000:00000E55 and eax, 18h
1597. seg000:00000E58 shl eax, 2
1598. seg000:00000E5B and edx, 7
1599. seg000:00000E5E add edx, edx
1600. seg000:00000E60 or eax, edx
1601. seg000:00000E62 mov ds:0FEC00000h, eax
1602. seg000:00000E67 mov eax, ds:0FEC00010h
1603. seg000:00000E6C retn
1604. seg000:00000E6C sub_E53 endp
1605. seg000:00000E6C
1606. seg000:00000E6D
1607. seg000:00000E6D ; =============== S U B R O U T I N E =======================================
1608. seg000:00000E6D
1609. seg000:00000E6D
1610. seg000:00000E6D sub_E6D proc near ; CODE XREF: sub_E88+24p
1611. seg000:00000E6D ; sub_E88+56j
1612. seg000:00000E6D mov ecx, eax
1613. seg000:00000E6F and eax, 18h
1614. seg000:00000E72 shl eax, 2
1615. seg000:00000E75 and ecx, 7
1616. seg000:00000E78 add ecx, ecx
1617. seg000:00000E7A or eax, ecx
1618. seg000:00000E7C mov ds:0FEC00000h, eax
1619. seg000:00000E81 mov ds:0FEC00010h, edx
1620. seg000:00000E87 retn
1621. seg000:00000E87 sub_E6D endp
1622. seg000:00000E87
1623. seg000:00000E88
1624. seg000:00000E88 ; =============== S U B R O U T I N E =======================================
1625. seg000:00000E88
1626. seg000:00000E88
1627. seg000:00000E88 sub_E88 proc near ; CODE XREF: sub_16E+85p
1628. seg000:00000E88 ; sub_35B+91p
1629. seg000:00000E88 push esi
1630. seg000:00000E89 cmp eax, 10h
1631. seg000:00000E8C push ebx
1632. seg000:00000E8D mov esi, edx
1633. seg000:00000E8F mov ebx, eax
1634. seg000:00000E91 ja short loc_EA5
1635. seg000:00000E93 mov eax, 1
1636. seg000:00000E98 mov cl, bl
1637. seg000:00000E9A shl eax, cl
1638. seg000:00000E9C xor edx, edx
1639. seg000:00000E9E test eax, 1040Ch
1640. seg000:00000EA3 jnz short loc_EAA
1641. seg000:00000EA5
1642. seg000:00000EA5 loc_EA5: ; CODE XREF: sub_E88+9j
1643. seg000:00000EA5 mov edx, 8000h
1644. seg000:00000EAA
1645. seg000:00000EAA loc_EAA: ; CODE XREF: sub_E88+1Bj
1646. seg000:00000EAA mov eax, ebx
1647. seg000:00000EAC call sub_E6D
1648. seg000:00000EB1 movzx eax, si
1649. seg000:00000EB4 cmp si, 1Ah
1650. seg000:00000EB8 lea eax, ds:0B0800448h[eax*4]
1651. seg000:00000EBF jnz short loc_EC9
1652. seg000:00000EC1 and dword ptr [eax], 0FFF80000h
1653. seg000:00000EC7 jmp short loc_ECC
1654. seg000:00000EC9 ; ---------------------------------------------------------------------------
1655. seg000:00000EC9
1656. seg000:00000EC9 loc_EC9: ; CODE XREF: sub_E88+37j
1657. seg000:00000EC9 and dword ptr [eax], 0FFFFFFFEh
1658. seg000:00000ECC
1659. seg000:00000ECC loc_ECC: ; CODE XREF: sub_E88+3Fj
1660. seg000:00000ECC mov eax, ebx
1661. seg000:00000ECE call sub_E53
1662. seg000:00000ED3 and eax, 0FFFEFFFFh
1663. seg000:00000ED8 mov edx, eax
1664. seg000:00000EDA mov eax, ebx
1665. seg000:00000EDC pop ebx
1666. seg000:00000EDD pop esi
1667. seg000:00000EDE jmp sub_E6D
1668. seg000:00000EDE sub_E88 endp
1669. seg000:00000EDE
1670. seg000:00000EE3
1671. seg000:00000EE3 ; =============== S U B R O U T I N E =======================================
1672. seg000:00000EE3
1673. seg000:00000EE3
1674. seg000:00000EE3 sub_EE3 proc near ; CODE XREF: sub_16E+76p
1675. seg000:00000EE3 ; sub_35B+82p
1676. seg000:00000EE3 lea ecx, ds:280000h[eax*8]
1677. seg000:00000EEA mov ds:280000h[eax*8], dx
1678. seg000:00000EF2 shr edx, 10h
1679. seg000:00000EF5 mov word ptr [ecx+2], 8
1680. seg000:00000EFB mov word ptr [ecx+4], 8E00h
1681. seg000:00000F01 mov [ecx+6], dx
1682. seg000:00000F05 retn
1683. seg000:00000F05 sub_EE3 endp
1684. seg000:00000F05
1685. seg000:00000F06 ; ---------------------------------------------------------------------------
1686. seg000:00000F06 push esi
1687. seg000:00000F07 push ebx
1688. seg000:00000F08 push ecx
1689. seg000:00000F09 push edx
1690. seg000:00000F0A push eax
1691. seg000:00000F0B cld
1692. seg000:00000F0C mov eax, ds:28027Ch
1693. seg000:00000F11 mov ebx, [eax+40h]
1694. seg000:00000F14 mov eax, ds:0B0800104h
1695. seg000:00000F19 and eax, 3C0h
1696. seg000:00000F1E cmp eax, 40h ; '@'
1697. seg000:00000F21 jnz short loc_F4A
1698. seg000:00000F23 mov eax, ds:0B0800008h
1699. seg000:00000F28 and eax, 0FFFFFFFBh
1700. seg000:00000F2B mov ds:0B0800008h, eax
1701. seg000:00000F30 mov eax, ds:0B0800010h
1702. seg000:00000F35 and eax, 0FFFFFFFDh
1703. seg000:00000F38 mov ds:0B0800010h, eax
1704. seg000:00000F3D mov eax, ds:0B080002Ch
1705. seg000:00000F42 or ah, 0C0h
1706. seg000:00000F45 mov ds:0B080002Ch, eax
1707. seg000:00000F4A
1708. seg000:00000F4A loc_F4A: ; CODE XREF: seg000:00000F21j
1709. seg000:00000F4A mov esi, ds:280310h
1710. seg000:00000F50 test esi, esi
1711. seg000:00000F52 jz short loc_F5D
1712. seg000:00000F54 mov edx, ebx
1713. seg000:00000F56 mov eax, ds:28030Ch
1714. seg000:00000F5B call esi
1715. seg000:00000F5D
1716. seg000:00000F5D loc_F5D: ; CODE XREF: seg000:00000F52j
1717. seg000:00000F5D mov eax, ds:28027Ch
1718. seg000:00000F62 mov [eax+4Ch], ebx
1719. seg000:00000F65 mov eax, [eax+4Ch]
1720. seg000:00000F68 mov dword ptr ds:0FEE000B0h, 0
1721. seg000:00000F72 pop eax
1722. seg000:00000F73 pop edx
1723. seg000:00000F74 pop ecx
1724. seg000:00000F75 pop ebx
1725. seg000:00000F76 pop esi
1726. seg000:00000F77 iret
1727. seg000:00000F78
1728. seg000:00000F78 ; =============== S U B R O U T I N E =======================================
1729. seg000:00000F78
1730. seg000:00000F78
1731. seg000:00000F78 sub_F78 proc near ; CODE XREF: sub_16E+26p
1732. seg000:00000F78 ; sub_35B+B0j ...
1733. seg000:00000F78 push esi
1734. seg000:00000F79 mov ecx, ds:28027Ch[eax*4]
1735. seg000:00000F80 push ebx
1736. seg000:00000F81 mov esi, [edx]
1737. seg000:00000F83 mov ebx, [ecx+34h]
1738. seg000:00000F86 mov dword ptr [ecx+34h], 0FFFFFFFFh
1739. seg000:00000F8D mov [ecx+4], esi
1740. seg000:00000F90 mov esi, [edx+4]
1741. seg000:00000F93 mov [ecx+30h], esi
1742. seg000:00000F96 mov esi, [edx+8]
1743. seg000:00000F99 mov [ecx+38h], esi
1744. seg000:00000F9C mov esi, [edx+0Ch]
1745. seg000:00000F9F mov [ecx+3Ch], esi
1746. seg000:00000FA2 mov esi, [edx+10h]
1747. seg000:00000FA5 mov [ecx+48h], esi
1748. seg000:00000FA8 mov esi, [edx+14h]
1749. seg000:00000FAB mov [ecx+68h], esi
1750. seg000:00000FAE mov esi, [edx+18h]
1751. seg000:00000FB1 mov edx, [edx+1Ch]
1752. seg000:00000FB4 mov [ecx+34h], ebx
1753. seg000:00000FB7 mov ds:280310h[eax*4], esi
1754. seg000:00000FBE mov ds:28030Ch[eax*4], edx
1755. seg000:00000FC5 pop ebx
1756. seg000:00000FC6 xor eax, eax
1757. seg000:00000FC8 pop esi
1758. seg000:00000FC9 retn
1759. seg000:00000FC9 sub_F78 endp
1760. seg000:00000FC9
1761. seg000:00000FCA
1762. seg000:00000FCA ; =============== S U B R O U T I N E =======================================
1763. seg000:00000FCA
1764. seg000:00000FCA
1765. seg000:00000FCA sub_FCA proc near ; CODE XREF: seg000:loc_62p
1766. seg000:00000FCA ; sub_6E0+17j
1767. seg000:00000FCA push esi
1768. seg000:00000FCB mov esi, ds:28027Ch[eax*4]
1769. seg000:00000FD2 push ebx
1770. seg000:00000FD3 mov cl, dl
1771. seg000:00000FD5 mov ebx, 1
1772. seg000:00000FDA mov eax, [esi]
1773. seg000:00000FDC shl ebx, cl
1774. seg000:00000FDE or eax, ebx
1775. seg000:00000FE0 mov [esi], eax
1776. seg000:00000FE2 xor eax, eax
1777. seg000:00000FE4 pop ebx
1778. seg000:00000FE5 pop esi
1779. seg000:00000FE6 retn
1780. seg000:00000FE6 sub_FCA endp
1781. seg000:00000FE6
1782. seg000:00000FE7
1783. seg000:00000FE7 ; =============== S U B R O U T I N E =======================================
1784. seg000:00000FE7
1785. seg000:00000FE7
1786. seg000:00000FE7 sub_FE7 proc near ; CODE XREF: seg000:0000004Cp
1787. seg000:00000FE7 ; sub_210+7p ...
1788. seg000:00000FE7 push esi
1789. seg000:00000FE8 mov esi, ds:28027Ch[eax*4]
1790. seg000:00000FEF push ebx
1791. seg000:00000FF0 mov cl, dl
1792. seg000:00000FF2 mov ebx, 0FFFFFFFEh
1793. seg000:00000FF7 mov eax, [esi]
1794. seg000:00000FF9 rol ebx, cl
1795. seg000:00000FFB and eax, ebx
1796. seg000:00000FFD mov [esi], eax
1797. seg000:00000FFF xor eax, eax
1798. seg000:00001001 pop ebx
1799. seg000:00001002 pop esi
1800. seg000:00001003 retn
1801. seg000:00001003 sub_FE7 endp
1802. seg000:00001003
1803. seg000:00001004 ; ---------------------------------------------------------------------------
1804. seg000:00001004 ; START OF FUNCTION CHUNK FOR sub_B3D
1805. seg000:00001004
1806. seg000:00001004 loc_1004: ; CODE XREF: sub_B3D+34j
1807. seg000:00001004 push ebx
1808. seg000:00001005 mov eax, ds:280280h[eax*4]
1809. seg000:0000100C mov ecx, [edx+4]
1810. seg000:0000100F mov ebx, ecx
1811. seg000:00001011 mov dword ptr [eax+0Ch], 0
1812. seg000:00001018 and ebx, 0FF0000h
1813. seg000:0000101E mov dword ptr [eax+0Ch], 80h ; 'Ç'
1814. seg000:00001025 shr ebx, 10h
1815. seg000:00001028 mov [eax+4], ebx
1816. seg000:0000102B movzx ebx, ch
1817. seg000:0000102E movzx ecx, cl
1818. seg000:00001031 mov [eax], ebx
1819. seg000:00001033 mov [eax+0C0h], ecx
1820. seg000:00001039 mov ecx, [edx]
1821. seg000:0000103B mov [eax+0Ch], ecx
1822. seg000:0000103E mov dword ptr [eax+10h], 0
1823. seg000:00001045 cmp byte ptr [edx+8], 0
1824. seg000:00001049 jz short loc_1054
1825. seg000:0000104B mov edx, [eax+10h]
1826. seg000:0000104E or edx, 22h
1827. seg000:00001051 mov [eax+10h], edx
1828. seg000:00001054
1829. seg000:00001054 loc_1054: ; CODE XREF: sub_B3D+50Cj
1830. seg000:00001054 mov dword ptr [eax+8], 0B7h ; 'À'
1831. seg000:0000105B mov edx, [eax+4]
1832. seg000:0000105E or dl, 80h
1833. seg000:00001061 mov [eax+4], edx
1834. seg000:00001064 xor eax, eax
1835. seg000:00001066 pop ebx
1836. seg000:00001067 retn
1837. seg000:00001067 ; END OF FUNCTION CHUNK FOR sub_B3D
1838. seg000:00001068
1839. seg000:00001068 ; =============== S U B R O U T I N E =======================================
1840. seg000:00001068
1841. seg000:00001068
1842. seg000:00001068 sub_1068 proc near ; CODE XREF: sub_9DB+4Cp
1843. seg000:00001068 ; sub_A37+7Bp ...
1844. seg000:00001068 mov eax, ds:280280h[eax*4]
1845. seg000:0000106F
1846. seg000:0000106F loc_106F: ; CODE XREF: sub_1068+Dj
1847. seg000:0000106F mov ecx, [eax+14h]
1848. seg000:00001072 and cl, 20h
1849. seg000:00001075 jnz short loc_106F
1850. seg000:00001077 movzx edx, dl
1851. seg000:0000107A mov [eax], edx
1852. seg000:0000107C
1853. seg000:0000107C loc_107C: ; CODE XREF: sub_1068+1Aj
1854. seg000:0000107C mov edx, [eax+14h]
1855. seg000:0000107F and dl, 40h
1856. seg000:00001082 jz short loc_107C
1857. seg000:00001084 xor eax, eax
1858. seg000:00001086 retn
1859. seg000:00001086 sub_1068 endp
1860. seg000:00001086
1861. seg000:00001087 ; ---------------------------------------------------------------------------
1862. seg000:00001087 push ebx
1863. seg000:00001088 push ecx
1864. seg000:00001089 push edx
1865. seg000:0000108A push eax
1866. seg000:0000108B cld
1867. seg000:0000108C mov eax, ds:0B000040Ch
1868. seg000:00001091 and eax, 0FFFFFFFEh
1869. seg000:00001094 mov ds:0B000040Ch, eax
1870. seg000:00001099 mov eax, ds:0B0800104h
1871. seg000:0000109E and eax, 3C0h
1872. seg000:000010A3 cmp eax, 40h ; '@'
1873. seg000:000010A6 jnz short loc_10CF
1874. seg000:000010A8 mov eax, ds:0B0800008h
1875. seg000:000010AD and eax, 0FFFFFFFBh
1876. seg000:000010B0 mov ds:0B0800008h, eax
1877. seg000:000010B5 mov eax, ds:0B0800010h
1878. seg000:000010BA and eax, 0FFFFFFFDh
1879. seg000:000010BD mov ds:0B0800010h, eax
1880. seg000:000010C2 mov eax, ds:0B080002Ch
1881. seg000:000010C7 or ah, 0C0h
1882. seg000:000010CA mov ds:0B080002Ch, eax
1883. seg000:000010CF
1884. seg000:000010CF loc_10CF: ; CODE XREF: seg000:000010A6j
1885. seg000:000010CF mov ebx, ds:280318h
1886. seg000:000010D5 test ebx, ebx
1887. seg000:000010D7 jz short loc_10E0
1888. seg000:000010D9 mov eax, ds:280314h
1889. seg000:000010DE call ebx
1890. seg000:000010E0
1891. seg000:000010E0 loc_10E0: ; CODE XREF: seg000:000010D7j
1892. seg000:000010E0 mov eax, ds:0B0000418h
1893. seg000:000010E5 mov dword ptr ds:0FEE000B0h, 0
1894. seg000:000010EF pop eax
1895. seg000:000010F0 pop edx
1896. seg000:000010F1 pop ecx
1897. seg000:000010F2 pop ebx
1898. seg000:000010F3 iret
1899. seg000:000010F4
1900. seg000:000010F4 ; =============== S U B R O U T I N E =======================================
1901. seg000:000010F4
1902. seg000:000010F4
1903. seg000:000010F4 sub_10F4 proc near ; CODE XREF: seg000:00000089j
1904. seg000:000010F4 ; sub_110F+3Ep
1905. seg000:000010F4 shl eax, 5
1906. seg000:000010F7 mov ecx, [eax-4FFFFBF4h]
1907. seg000:000010FD or ecx, 1
1908. seg000:00001100 mov [eax-4FFFFBF4h], ecx
1909. seg000:00001106 mov [eax-4FFFFBFCh], edx
1910. seg000:0000110C xor eax, eax
1911. seg000:0000110E retn
1912. seg000:0000110E sub_10F4 endp
1913. seg000:0000110E
1914. seg000:0000110F
1915. seg000:0000110F ; =============== S U B R O U T I N E =======================================
1916. seg000:0000110F
1917. seg000:0000110F
1918. seg000:0000110F sub_110F proc near ; CODE XREF: sub_16E+98p
1919. seg000:0000110F push esi
1920. seg000:00001110 mov esi, eax
1921. seg000:00001112 xor eax, eax
1922. seg000:00001114 push ebx
1923. seg000:00001115 mov ebx, edx
1924. seg000:00001117 call sub_B9A
1925. seg000:0000111C mov eax, esi
1926. seg000:0000111E mov edx, [ebx]
1927. seg000:00001120 shl eax, 5
1928. seg000:00001123 sub eax, 4FFFFC00h
1929. seg000:00001128 mov [eax+8], edx
1930. seg000:0000112B mov edx, [eax+18h]
1931. seg000:0000112E mov edx, [ebx+0Ch]
1932. seg000:00001131 mov ds:280318h[esi*4], edx
1933. seg000:00001138 mov edx, [ebx+10h]
1934. seg000:0000113B mov ds:280314h[esi*4], edx
1935. seg000:00001142 cmp byte ptr [ebx+4], 0
1936. seg000:00001146 jz short loc_1154
1937. seg000:00001148 mov edx, [ebx+8]
1938. seg000:0000114B mov eax, esi
1939. seg000:0000114D call sub_10F4
1940. seg000:00001152 jmp short loc_115D
1941. seg000:00001154 ; ---------------------------------------------------------------------------
1942. seg000:00001154
1943. seg000:00001154 loc_1154: ; CODE XREF: sub_110F+37j
1944. seg000:00001154 mov edx, [eax+0Ch]
1945. seg000:00001157 and edx, 0FFFFFFFEh
1946. seg000:0000115A mov [eax+0Ch], edx
1947. seg000:0000115D
1948. seg000:0000115D loc_115D: ; CODE XREF: sub_110F+43j
1949. seg000:0000115D xor eax, eax
1950. seg000:0000115F pop ebx
1951. seg000:00001160 pop esi
1952. seg000:00001161 retn
1953. seg000:00001161 sub_110F endp
1954. seg000:00001161
1955. seg000:00001161 ; ---------------------------------------------------------------------------
1956. seg000:00001162 aPeriodIsTooDar db 'Period is too darned short',0Dh,0Ah,0
1957. seg000:0000117F aDutyWasNegativ db 'Duty was negative, resetting to 0',0Dh,0Ah,0
1958. seg000:000011A3 aDutyWasMoreTha db 'Duty was more than constant, resetting to constant',0Dh,0Ah,0
1959. seg000:000011D8 aKonamiCodeUnlo db 0Dh,0Ah
1960. seg000:000011D8 db 9,'Konami Code unlocked!',0Dh,0Ah,0
1961. seg000:000011F3 a2j db 1Bh,'[2J',0
1962. seg000:000011F8 aDefconBiosDc24 db 'DEFCON BIOS - DC24 (C) 2016',0Dh,0Ah,0
1963. seg000:00001216 aCpuIntelRD2000 db 'CPU : Intel(R) D2000 MCU running @ 32MHz',0Dh,0Ah,0
1964. seg000:00001241 aCheckingMemory db 'Checking Memory...',0
1965. seg000:00001254 db 0Dh,0Ah
1966. seg000:00001254 db 0Dh,0Ah
1967. seg000:00001254 db 0Dh,0Ah,0
1968. seg000:0000125B aSorryDefconIsC db 'Sorry, DEFCON is cancelled.',0Dh,0Ah,0
1969. seg000:00001279 aPushingTheButt db 'Pushing the buttons will do... Things...',0Dh,0Ah
1970. seg000:00001279 db 0Dh,0Ah,0
1971. seg000:000012A6 aSearchingForTh db 'Searching for the meaning of life....',0Dh,0Ah,0
1972. seg000:000012CE aC2016464748455 db '(C) 2016 - 4647-4845-5150-206b-7520-6571-6f72-6e67-7667-6e61-2070'
1973. seg000:000012CE db '-7176-2065',0Dh,0Ah,0
1974. seg000:0000131C a637065676e6e67 db ' 6370-6567-6e6e-6766',0Dh,0Ah,0
1975. seg000:0000133D aPresentedByDar db 'Presented by Dark Tangent',0Dh,0Ah,0
1976. seg000:00001359 aBadgesBy1o57Wa db 'Badges by 1o57 & Warthog9',0Dh,0Ah,0
1977. seg000:00001375 aSorryDefconI_0 db 'Sorry, DEFCON is cancelled',0Dh,0Ah,0
1978. seg000:00001392 aTestingLc db 'Testing: |%lc|',0Dh,0Ah,0
1979. seg000:000013A3 aPost db 'POST()',0Dh,0Ah,0
1980. seg000:000013AC aUqogHqnmuVjkpm db 'Uqog hqnmu vjkpm vjg gngxcvqt qpna iqgu fqyp',0
1981. seg000:000013D9 aUqhvyctgGpikpg db 'Uqhvyctg Gpikpggtkpi okijv dg uekgpeg; dwv vjcv',27h,'u pqv yjcv K f'
1982. seg000:000013D9 db 'q. K',27h,'o c jcemgt, pqv cp gpikpggt. - Lcokg Bcykpumk',0
1983. seg000:0000144A aAqwOgcpKEcpVYc db 'Aqw ogcp K ecp',27h,'v ycnm vjqwij vjg ecukpq ykvj c hcmg dcfig?',0
1984. seg000:00001485 aRtkguvPqyVjcvD db 'Rtkguv: "Pqy vjcv dtkpiu c yjqng pgy ogcpkpi vq ',27h,'Jqpgarqv',27h,'"'
1985. seg000:00001485 db 0
1986. seg000:000014C1 aNqqmJcemgtu db 'Nqqm, jcemgtu!',0
1987. seg000:000014D0 a1057 db '1057',0
1988. seg000:000014D5 aNkxgFgoquPgxgt db 'Nkxg fgoqu pgxgt yqtm, fqwdna uq cv FGHEQP',0
1989. seg000:00001500 aCtgAqwUwtgVjku db 'Ctg aqw uwtg vjku dcfig kup',27h,'v urakpi qp aqw?',0
1990. seg000:0000152D aNqqmCHgf db 'Nqqm c hgf!',0
1991. seg000:00001539 aKFqpVMpqyYjgtg db '"K fqp',27h,'v mpqy yjgtg K',27h,'o iqkpi htqo jgtg, dwv K rtqokug kv y'
1992. seg000:00001539 db 'qp',27h,'v dg dqtkpi." -Fcxkf Dqykg',0
1993. seg000:00001592 dw 1
1994. seg000:00001594 dd 7 dup(0)
1995. seg000:000015B0 dd 13AC0000h, 13D90018h, 144A0018h, 14850018h, 14C10018h
1996. seg000:000015B0 dd 14D00018h, 14D50018h, 15000018h, 152D0018h, 15390018h
1997. seg000:000015B0 dd 140018h, 1000000h, 0FFFF0000h, 0AFFFFh, 2 dup(0)
1998. seg000:000015F0 dd 2 dup(0E0000h), 2 dup(110000h), 100000h, 0F0000h, 100000h
1999. seg000:000015F0 dd 0F0000h, 0A0000h, 2 dup(80000h), 5 dup(0)
2000. seg000:00001630 dd 0E0000h, 0F0000h, 110000h, 100000h, 0B0000h, 80000h
2001. seg000:00001630 dd 70000h, 0A0000h, 50000h, 120000h, 20000h, 60000h, 0
2002. seg000:00001664 dd 10000h, 200000h, 0C000000h, 2000B000h, 2400B000h, 0FFFFB000h
2003. seg000:00001664 dd 1A61h dup(0FFFFFFFFh)
2004. seg000:00001664 seg000 ends
2005. seg000:00001664
2006. seg000:00001664
2007. seg000:00001664 end