00000000 push ebp
00000001 mov ebp,esp
00000003 push edi
00000004 push esi
00000005 push ebx
00000006 sub esp,7Ch
00000009 mov esi,ecx
0000000b lea edi,[ebp-68h]
0000000e mov ecx,16h
00000013 xor eax,eax
00000015 rep stos dword ptr es:[edi]
00000017 mov ecx,esi
00000019 lea edi,[ebp+FFFFFF7Ch]
0000001f call FFF8E4E0
00000024 mov dword ptr [ebp-54h],esi
00000027 mov dword ptr [ebp-28h],edx
0000002a mov edi,dword ptr [ebp+8]
0000002d xor edx,edx
0000002f mov dword ptr [ebp-2Ch],edx
00000032 mov dword ptr [ebp-30h],edx
00000035 mov dword ptr [ebp-34h],edx
00000038 test ecx,ecx
0000003a je 000000D5
00000040 call 00015B70
00000045 mov dword ptr [ebp-58h],eax
00000048 mov eax,dword ptr [ebp-58h]
0000004b mov eax,dword ptr [eax+4]
0000004e mov dword ptr [ebp-30h],eax
00000051 mov eax,dword ptr [ebp-58h]
00000054 mov eax,dword ptr [eax+10h]
00000057 mov dword ptr [ebp-2Ch],eax
0000005a lea eax,[ebp-3Ch]
0000005d push eax
0000005e lea eax,[ebp-40h]
00000061 push eax
00000062 lea edx,[ebp-38h]
00000065 mov ecx,dword ptr [ebp-28h]
00000068 call FFF93A40
0000006d cmp dword ptr [ebp-30h],0
00000071 je 00944F16
00000077 mov eax,dword ptr [ebp-30h]
0000007a cmp byte ptr [eax],al
0000007c cmp byte ptr [eax+000000D0h],2
00000083 jae 00944F16
00000089 mov eax,dword ptr [ebp-30h]
0000008c cmp byte ptr [eax+000000CFh],0
00000093 je 000000A8
00000095 mov eax,dword ptr [ebp-30h]
00000098 mov esi,dword ptr [eax+6Ch]
0000009b call FFF89628
000000a0 cmp eax,esi
000000a2 jne 00944F27
000000a8 mov eax,dword ptr [ebp-30h]
000000ab mov eax,dword ptr [eax+00000084h]
000000b1 mov dword ptr [ebp-5Ch],eax
000000b4 mov eax,dword ptr [ebp-30h]
000000b7 cmp byte ptr [eax],al
000000b9 lea eax,[eax+000000B8h]
000000bf cmp dword ptr [eax],1
000000c2 sete al
000000c5 movzx eax,al
000000c8 mov dword ptr [ebp-44h],eax
000000cb xor edx,edx
000000cd mov dword ptr [ebp-48h],edx
000000d0 jmp 00000185
000000d5 lea eax,[ebp-2Ch]
000000d8 push eax
000000d9 lea eax,[ebp-30h]
000000dc push eax
000000dd mov ecx,dword ptr [ebp-28h]
000000e0 mov edx,edi
000000e2 call 000004D0
000000e7 cmp dword ptr [ebp-30h],0
000000eb je 00944F1D
000000f1 mov ecx,4F7E89Ch
000000f6 call FFF8E3D0
000000fb mov ebx,eax
000000fd mov ecx,ebx
000000ff call 0000FDE0
00000104 mov dword ptr [ebp-58h],ebx
00000107 mov eax,dword ptr [ebp-30h]
0000010a lea edx,[ebx+4]
0000010d call FFF8E3D8
00000112 mov eax,dword ptr [ebp-2Ch]
00000115 lea edx,[ebx+10h]
00000118 call FFF8E3D8
0000011d mov esi,dword ptr [ebp-30h]
00000120 cmp byte ptr [esi],al
00000122 mov ecx,esi
00000124 mov edx,ebx
00000126 call 0000C330
0000012b lea edx,[esi+000000A4h]
00000131 call FFF8E420
00000136 push dword ptr [ebx+14h]
00000139 push dword ptr [ebp-28h]
0000013c mov dword ptr [ebp-7Ch],4D4E93Ch
00000143 mov eax,dword ptr [ebp-54h]
00000146 mov dword ptr [ebp-78h],esp
00000149 mov dword ptr [ebp-74h],4EDABDAh
00000150 mov byte ptr [eax+8],0
00000154 call dword ptr ds:[04D23908h]
0000015a mov ecx,dword ptr [ebp-54h]
0000015d mov byte ptr [ecx+8],1
00000161 mov ecx,dword ptr ds:[04D213B4h]
00000167 cmp dword ptr [ecx],0
0000016a je 00000171
0000016c call FFF8E4E8
00000171 mov dword ptr [ebp-74h],0
00000178 jmp 0000005A
0000017d mov eax,dword ptr [ebp-34h]
00000180 jmp 0000048B
00000185 cmp dword ptr [ebp-44h],0
00000189 jne 00000221
0000018f cmp dword ptr [ebp-5Ch],0
00000193 setne bl
00000196 movzx ebx,bl
00000199 test ebx,ebx
0000019b jne 0000020B
0000019d mov ecx,4F7E930h
000001a2 call FFF8E3D0
000001a7 mov ecx,eax
000001a9 mov esi,dword ptr [ebp-30h]
000001ac mov dword ptr [ecx+18h],edi
000001af mov byte ptr [ecx+1Fh],bl
000001b2 lea edx,[esi+00000084h]
000001b8 call FFF8E440
000001bd mov esi,dword ptr [ebp-2Ch]
000001c0 mov edi,dword ptr [ebp-30h]
000001c3 mov ecx,dword ptr ds:[04D21350h]
000001c9 mov edx,3ACh
000001ce call FFF8E3E0
000001d3 mov ecx,dword ptr ds:[04D21350h]
000001d9 mov edx,3ACh
000001de call FFF8E400
000001e3 mov ecx,dword ptr [eax+00000F68h]
000001e9 push edi
000001ea mov edx,esi
000001ec cmp dword ptr [ecx],ecx
000001ee call FFF8FFA0
000001f3 mov dword ptr [ebp-34h],eax
000001f6 mov dword ptr [ebp-1Ch],0
000001fd mov dword ptr [ebp-18h],0FCh
00000204 push 4EDAD8Ah
00000209 jmp 00000240
0000020b mov eax,dword ptr [ebp-30h]
0000020e mov eax,dword ptr [eax+18h]
00000211 mov ecx,dword ptr [eax+1Ch]
00000214 lea edx,[ebp-48h]
00000217 call FFF89648
0000021c jmp 0000019D
00000221 mov ecx,dword ptr [ebp-30h]
00000224 cmp byte ptr [ecx],al
00000226 xor eax,eax
00000228 lea edx,[eax+1]
0000022b mov dword ptr [ebp-6Ch],eax
0000022e mov eax,edx
00000230 mov edx,dword ptr [ebp-6Ch]
00000233 lock cmpxchg dword ptr [ecx+000000B8h],edx
0000023b jmp 0000018F
00000240 cmp dword ptr [ebp-34h],1
00000244 je 000002A9
00000246 mov eax,dword ptr [ebp-30h]
00000249 mov ecx,dword ptr [ebp-5Ch]
0000024c lea edx,[eax+00000084h]
00000252 call FFF8E440
00000257 cmp dword ptr [ebp-44h],0
0000025b je 00000279
0000025d mov eax,dword ptr [ebp-30h]
00000260 cmp byte ptr [eax],al
00000262 lea eax,[eax+000000B8h]
00000268 cmp dword ptr [eax],1
0000026b je 00000279
0000026d mov ecx,dword ptr [ebp-30h]
00000270 cmp dword ptr [ecx],ecx
00000272 call 0000BF50
00000277 jmp 000002A9
00000279 cmp dword ptr [ebp-44h],0
0000027d jne 000002A9
0000027f mov eax,dword ptr [ebp-30h]
00000282 cmp byte ptr [eax],al
00000284 lea eax,[eax+000000B8h]
0000028a cmp dword ptr [eax],1
0000028d jne 000002A9
0000028f mov ecx,dword ptr [ebp-30h]
00000292 cmp byte ptr [ecx],al
00000294 xor eax,eax
00000296 lea edx,[eax+1]
00000299 mov dword ptr [ebp-6Ch],eax
0000029c mov eax,edx
0000029e mov edx,dword ptr [ebp-6Ch]
000002a1 lock cmpxchg dword ptr [ecx+000000B8h],edx
000002a9 movzx eax,byte ptr [ebp-48h]
000002ad test eax,eax
000002af je 000002BF
000002b1 mov eax,dword ptr [ebp-30h]
000002b4 mov eax,dword ptr [eax+18h]
000002b7 mov ecx,dword ptr [eax+1Ch]
000002ba call FFF89378
000002bf pop eax
000002c0 jmp eax
000002c2 cmp dword ptr [ebp-34h],1
000002c6 je 000002F3
000002c8 lea eax,[ebp-3Ch]
000002cb push eax
000002cc lea eax,[ebp-40h]
000002cf push eax
000002d0 lea edx,[ebp-38h]
000002d3 mov ecx,dword ptr [ebp-28h]
000002d6 call FFF93A40
000002db mov eax,dword ptr [ebp-30h]
000002de mov eax,dword ptr [eax+00000088h]
000002e4 mov dword ptr [ebp-60h],eax
000002e7 mov eax,dword ptr [ebp-30h]
000002ea cmp byte ptr [eax+000000CFh],0
000002f1 je 00000313
000002f3 mov eax,dword ptr [ebp-30h]
000002f6 cmp byte ptr [eax],al
000002f8 cmp byte ptr [eax+000000D0h],2
000002ff jae 00000437
00000305 jmp 0000017D
0000030a mov dword ptr [ebp-18h],0
00000311 jmp 000002C2
00000313 cmp dword ptr [ebp-60h],0
00000317 je 000002F3
00000319 cmp dword ptr [ebp-34h],0
0000031d jne 00000401
00000323 mov eax,dword ptr [ebp-30h]
00000326 mov byte ptr [eax+000000CFh],1
0000032d mov ecx,dword ptr ds:[04D21350h]
00000333 mov edx,322h
00000338 call FFF8E3E0
0000033d add eax,0C18h
00000342 lock inc dword ptr [eax]
00000345 lea edx,[ebp-34h]
00000348 mov ecx,dword ptr [ebp-28h]
0000034b call FFF93AA0
00000350 mov dword ptr [ebp-1Ch],0
00000357 mov dword ptr [ebp-18h],0FCh
0000035e push 4EDAEF3h
00000363 jmp 00000365
00000365 mov ecx,dword ptr ds:[04D21350h]
0000036b mov edx,322h
00000370 call FFF8E3E0
00000375 add eax,0C18h
0000037a lock dec dword ptr [eax]
0000037d mov eax,dword ptr [ebp-60h]
00000380 cmp byte ptr [eax+25h],0
00000384 je 00000392
00000386 mov eax,dword ptr [ebp-30h]
00000389 cmp byte ptr [eax+000000CFh],0
00000390 je 000003F5
00000392 xor edx,edx
00000394 mov dword ptr [ebp-4Ch],edx
00000397 mov eax,dword ptr [ebp-60h]
0000039a mov dword ptr [ebp-64h],eax
0000039d lea edx,[ebp-4Ch]
000003a0 mov ecx,dword ptr [ebp-60h]
000003a3 call FFF89648
000003a8 mov eax,dword ptr [ebp-60h]
000003ab cmp byte ptr [eax+25h],0
000003af jne 000003B9
000003b1 mov ecx,dword ptr [ebp-60h]
000003b4 call FFF91CA8
000003b9 mov eax,dword ptr [ebp-30h]
000003bc xor edx,edx
000003be mov dword ptr [eax+00000088h],edx
000003c4 mov eax,dword ptr [ebp-30h]
000003c7 mov byte ptr [eax+000000CFh],dl
000003cd mov dword ptr [ebp-20h],0
000003d4 mov dword ptr [ebp-1Ch],0FCh
000003db push 4EDAE78h
000003e0 jmp 000003E2
000003e2 movzx eax,byte ptr [ebp-4Ch]
000003e6 test eax,eax
000003e8 je 000003F2
000003ea mov ecx,dword ptr [ebp-64h]
000003ed call FFF89378
000003f2 pop eax
000003f3 jmp eax
000003f5 pop eax
000003f6 jmp eax
000003f8 mov dword ptr [ebp-1Ch],0
000003ff jmp 000003F5
00000401 mov eax,dword ptr [ebp-60h]
00000404 cmp byte ptr [eax+25h],0
00000408 je 0000041A
0000040a mov eax,dword ptr [ebp-30h]
0000040d cmp byte ptr [eax+000000CFh],0
00000414 je 000002F3
0000041a xor edx,edx
0000041c mov dword ptr [ebp-50h],edx
0000041f jmp 00944EC8
00000424 movzx eax,byte ptr [ebp-50h]
00000428 test eax,eax
0000042a je 00000434
0000042c mov ecx,dword ptr [ebp-68h]
0000042f call FFF89378
00000434 pop eax
00000435 jmp eax
00000437 cmp dword ptr [ebp-34h],1
0000043b jne 0000017D
00000441 mov eax,dword ptr [ebp-30h]
00000444 mov esi,dword ptr [eax+00000094h]
0000044a call FFF89628
0000044f cmp eax,esi
00000451 jne 0000017D
00000457 mov ecx,dword ptr [ebp-58h]
0000045a cmp dword ptr [ecx],ecx
0000045c call 000254B0
00000461 mov eax,dword ptr [ebp-58h]
00000464 mov ecx,dword ptr [eax+0Ch]
00000467 cmp dword ptr [ecx],ecx
00000469 call FFFA9428
0000046e jmp 0000017D
00000473 mov dword ptr [ebp-18h],0
0000047a jmp 000002F3
0000047f mov dword ptr [ebp-18h],0
00000486 jmp 000002F3
0000048b mov esi,dword ptr [ebp-54h]
0000048e mov edi,dword ptr [ebp-80h]
00000491 mov dword ptr [esi+0Ch],edi
00000494 lea esp,[ebp-0Ch]
00000497 pop ebx
00000498 pop esi
00000499 pop edi
0000049a pop ebp
0000049b ret 8
0000049e int 3
0000049f int 3
000004a0 int 3
000004a1 int 3
000004a2 int 3
000004a3 int 3
000004a4 int 3
000004a5 int 3
000004a6 int 3
000004a7 int 3
000004a8 int 3
000004a9 int 3
000004aa int 3
000004ab int 3
000004ac int 3
000004ad int 3
000004ae int 3
000004af int 3
000004b0 int 3
000004b1 int 3
000004b2 int 3
000004b3 int 3
000004b4 int 3
000004b5 int 3
000004b6 int 3
000004b7 int 3
000004b8 int 3
000004b9 mov eax,dword ptr [ebp-60h]
000004bc mov dword ptr [ebp-68h],eax
000004bf lea edx,[ebp-50h]
000004c2 mov ecx,dword ptr [ebp-60h]
000004c5 call FF644C39
000004ca mov eax,dword ptr [ebp-60h]
000004cd cmp byte ptr [eax+25h],0
000004d1 jne 000004DB
000004d3 mov ecx,dword ptr [ebp-60h]
000004d6 call FF64D299
000004db mov eax,dword ptr [ebp-30h]
000004de xor edx,edx
000004e0 mov dword ptr [eax+00000088h],edx
000004e6 mov eax,dword ptr [ebp-30h]
000004e9 mov byte ptr [eax+000000CFh],dl
000004ef mov dword ptr [ebp-1Ch],0
000004f6 mov dword ptr [ebp-18h],0FCh
000004fd push 4EDAEFFh
00000502 jmp FF6BBA15
00000507 xor eax,eax
00000509 jmp FF6BBA7C
0000050e mov eax,2
00000513 jmp FF6BBA7C
00000518 cmp dword ptr [ebp-40h],20000000h
0000051f je FF6BB699
00000525 jmp 00000531
00000527 mov ecx,0Ah
0000052c call FF644C41
00000531 mov eax,dword ptr [ebp-30h]
00000534 cmp byte ptr [eax+000000CFh],0
0000053b jne 00000527
0000053d jmp FF6BB699