00000000 push ebp 00000001 mov ebp,esp 00000003 push edi 00000004 push esi 00000005 push ebx 00000006 sub esp,7Ch 00000009 mov esi,ecx 0000000b lea edi,[ebp-68h] 0000000e mov ecx,16h 00000013 xor eax,eax 00000015 rep stos dword ptr es:[edi] 00000017 mov ecx,esi 00000019 lea edi,[ebp+FFFFFF7Ch] 0000001f call FFF8E4E0 00000024 mov dword ptr [ebp-54h],esi 00000027 mov dword ptr [ebp-28h],edx 0000002a mov edi,dword ptr [ebp+8] 0000002d xor edx,edx 0000002f mov dword ptr [ebp-2Ch],edx 00000032 mov dword ptr [ebp-30h],edx 00000035 mov dword ptr [ebp-34h],edx 00000038 test ecx,ecx 0000003a je 000000D5 00000040 call 00015B70 00000045 mov dword ptr [ebp-58h],eax 00000048 mov eax,dword ptr [ebp-58h] 0000004b mov eax,dword ptr [eax+4] 0000004e mov dword ptr [ebp-30h],eax 00000051 mov eax,dword ptr [ebp-58h] 00000054 mov eax,dword ptr [eax+10h] 00000057 mov dword ptr [ebp-2Ch],eax 0000005a lea eax,[ebp-3Ch] 0000005d push eax 0000005e lea eax,[ebp-40h] 00000061 push eax 00000062 lea edx,[ebp-38h] 00000065 mov ecx,dword ptr [ebp-28h] 00000068 call FFF93A40 0000006d cmp dword ptr [ebp-30h],0 00000071 je 00944F16 00000077 mov eax,dword ptr [ebp-30h] 0000007a cmp byte ptr [eax],al 0000007c cmp byte ptr [eax+000000D0h],2 00000083 jae 00944F16 00000089 mov eax,dword ptr [ebp-30h] 0000008c cmp byte ptr [eax+000000CFh],0 00000093 je 000000A8 00000095 mov eax,dword ptr [ebp-30h] 00000098 mov esi,dword ptr [eax+6Ch] 0000009b call FFF89628 000000a0 cmp eax,esi 000000a2 jne 00944F27 000000a8 mov eax,dword ptr [ebp-30h] 000000ab mov eax,dword ptr [eax+00000084h] 000000b1 mov dword ptr [ebp-5Ch],eax 000000b4 mov eax,dword ptr [ebp-30h] 000000b7 cmp byte ptr [eax],al 000000b9 lea eax,[eax+000000B8h] 000000bf cmp dword ptr [eax],1 000000c2 sete al 000000c5 movzx eax,al 000000c8 mov dword ptr [ebp-44h],eax 000000cb xor edx,edx 000000cd mov dword ptr [ebp-48h],edx 000000d0 jmp 00000185 000000d5 lea eax,[ebp-2Ch] 000000d8 push eax 000000d9 lea eax,[ebp-30h] 000000dc push eax 000000dd mov ecx,dword ptr [ebp-28h] 000000e0 mov edx,edi 000000e2 call 000004D0 000000e7 cmp dword ptr [ebp-30h],0 000000eb je 00944F1D 000000f1 mov ecx,4F7E89Ch 000000f6 call FFF8E3D0 000000fb mov ebx,eax 000000fd mov ecx,ebx 000000ff call 0000FDE0 00000104 mov dword ptr [ebp-58h],ebx 00000107 mov eax,dword ptr [ebp-30h] 0000010a lea edx,[ebx+4] 0000010d call FFF8E3D8 00000112 mov eax,dword ptr [ebp-2Ch] 00000115 lea edx,[ebx+10h] 00000118 call FFF8E3D8 0000011d mov esi,dword ptr [ebp-30h] 00000120 cmp byte ptr [esi],al 00000122 mov ecx,esi 00000124 mov edx,ebx 00000126 call 0000C330 0000012b lea edx,[esi+000000A4h] 00000131 call FFF8E420 00000136 push dword ptr [ebx+14h] 00000139 push dword ptr [ebp-28h] 0000013c mov dword ptr [ebp-7Ch],4D4E93Ch 00000143 mov eax,dword ptr [ebp-54h] 00000146 mov dword ptr [ebp-78h],esp 00000149 mov dword ptr [ebp-74h],4EDABDAh 00000150 mov byte ptr [eax+8],0 00000154 call dword ptr ds:[04D23908h] 0000015a mov ecx,dword ptr [ebp-54h] 0000015d mov byte ptr [ecx+8],1 00000161 mov ecx,dword ptr ds:[04D213B4h] 00000167 cmp dword ptr [ecx],0 0000016a je 00000171 0000016c call FFF8E4E8 00000171 mov dword ptr [ebp-74h],0 00000178 jmp 0000005A 0000017d mov eax,dword ptr [ebp-34h] 00000180 jmp 0000048B 00000185 cmp dword ptr [ebp-44h],0 00000189 jne 00000221 0000018f cmp dword ptr [ebp-5Ch],0 00000193 setne bl 00000196 movzx ebx,bl 00000199 test ebx,ebx 0000019b jne 0000020B 0000019d mov ecx,4F7E930h 000001a2 call FFF8E3D0 000001a7 mov ecx,eax 000001a9 mov esi,dword ptr [ebp-30h] 000001ac mov dword ptr [ecx+18h],edi 000001af mov byte ptr [ecx+1Fh],bl 000001b2 lea edx,[esi+00000084h] 000001b8 call FFF8E440 000001bd mov esi,dword ptr [ebp-2Ch] 000001c0 mov edi,dword ptr [ebp-30h] 000001c3 mov ecx,dword ptr ds:[04D21350h] 000001c9 mov edx,3ACh 000001ce call FFF8E3E0 000001d3 mov ecx,dword ptr ds:[04D21350h] 000001d9 mov edx,3ACh 000001de call FFF8E400 000001e3 mov ecx,dword ptr [eax+00000F68h] 000001e9 push edi 000001ea mov edx,esi 000001ec cmp dword ptr [ecx],ecx 000001ee call FFF8FFA0 000001f3 mov dword ptr [ebp-34h],eax 000001f6 mov dword ptr [ebp-1Ch],0 000001fd mov dword ptr [ebp-18h],0FCh 00000204 push 4EDAD8Ah 00000209 jmp 00000240 0000020b mov eax,dword ptr [ebp-30h] 0000020e mov eax,dword ptr [eax+18h] 00000211 mov ecx,dword ptr [eax+1Ch] 00000214 lea edx,[ebp-48h] 00000217 call FFF89648 0000021c jmp 0000019D 00000221 mov ecx,dword ptr [ebp-30h] 00000224 cmp byte ptr [ecx],al 00000226 xor eax,eax 00000228 lea edx,[eax+1] 0000022b mov dword ptr [ebp-6Ch],eax 0000022e mov eax,edx 00000230 mov edx,dword ptr [ebp-6Ch] 00000233 lock cmpxchg dword ptr [ecx+000000B8h],edx 0000023b jmp 0000018F 00000240 cmp dword ptr [ebp-34h],1 00000244 je 000002A9 00000246 mov eax,dword ptr [ebp-30h] 00000249 mov ecx,dword ptr [ebp-5Ch] 0000024c lea edx,[eax+00000084h] 00000252 call FFF8E440 00000257 cmp dword ptr [ebp-44h],0 0000025b je 00000279 0000025d mov eax,dword ptr [ebp-30h] 00000260 cmp byte ptr [eax],al 00000262 lea eax,[eax+000000B8h] 00000268 cmp dword ptr [eax],1 0000026b je 00000279 0000026d mov ecx,dword ptr [ebp-30h] 00000270 cmp dword ptr [ecx],ecx 00000272 call 0000BF50 00000277 jmp 000002A9 00000279 cmp dword ptr [ebp-44h],0 0000027d jne 000002A9 0000027f mov eax,dword ptr [ebp-30h] 00000282 cmp byte ptr [eax],al 00000284 lea eax,[eax+000000B8h] 0000028a cmp dword ptr [eax],1 0000028d jne 000002A9 0000028f mov ecx,dword ptr [ebp-30h] 00000292 cmp byte ptr [ecx],al 00000294 xor eax,eax 00000296 lea edx,[eax+1] 00000299 mov dword ptr [ebp-6Ch],eax 0000029c mov eax,edx 0000029e mov edx,dword ptr [ebp-6Ch] 000002a1 lock cmpxchg dword ptr [ecx+000000B8h],edx 000002a9 movzx eax,byte ptr [ebp-48h] 000002ad test eax,eax 000002af je 000002BF 000002b1 mov eax,dword ptr [ebp-30h] 000002b4 mov eax,dword ptr [eax+18h] 000002b7 mov ecx,dword ptr [eax+1Ch] 000002ba call FFF89378 000002bf pop eax 000002c0 jmp eax 000002c2 cmp dword ptr [ebp-34h],1 000002c6 je 000002F3 000002c8 lea eax,[ebp-3Ch] 000002cb push eax 000002cc lea eax,[ebp-40h] 000002cf push eax 000002d0 lea edx,[ebp-38h] 000002d3 mov ecx,dword ptr [ebp-28h] 000002d6 call FFF93A40 000002db mov eax,dword ptr [ebp-30h] 000002de mov eax,dword ptr [eax+00000088h] 000002e4 mov dword ptr [ebp-60h],eax 000002e7 mov eax,dword ptr [ebp-30h] 000002ea cmp byte ptr [eax+000000CFh],0 000002f1 je 00000313 000002f3 mov eax,dword ptr [ebp-30h] 000002f6 cmp byte ptr [eax],al 000002f8 cmp byte ptr [eax+000000D0h],2 000002ff jae 00000437 00000305 jmp 0000017D 0000030a mov dword ptr [ebp-18h],0 00000311 jmp 000002C2 00000313 cmp dword ptr [ebp-60h],0 00000317 je 000002F3 00000319 cmp dword ptr [ebp-34h],0 0000031d jne 00000401 00000323 mov eax,dword ptr [ebp-30h] 00000326 mov byte ptr [eax+000000CFh],1 0000032d mov ecx,dword ptr ds:[04D21350h] 00000333 mov edx,322h 00000338 call FFF8E3E0 0000033d add eax,0C18h 00000342 lock inc dword ptr [eax] 00000345 lea edx,[ebp-34h] 00000348 mov ecx,dword ptr [ebp-28h] 0000034b call FFF93AA0 00000350 mov dword ptr [ebp-1Ch],0 00000357 mov dword ptr [ebp-18h],0FCh 0000035e push 4EDAEF3h 00000363 jmp 00000365 00000365 mov ecx,dword ptr ds:[04D21350h] 0000036b mov edx,322h 00000370 call FFF8E3E0 00000375 add eax,0C18h 0000037a lock dec dword ptr [eax] 0000037d mov eax,dword ptr [ebp-60h] 00000380 cmp byte ptr [eax+25h],0 00000384 je 00000392 00000386 mov eax,dword ptr [ebp-30h] 00000389 cmp byte ptr [eax+000000CFh],0 00000390 je 000003F5 00000392 xor edx,edx 00000394 mov dword ptr [ebp-4Ch],edx 00000397 mov eax,dword ptr [ebp-60h] 0000039a mov dword ptr [ebp-64h],eax 0000039d lea edx,[ebp-4Ch] 000003a0 mov ecx,dword ptr [ebp-60h] 000003a3 call FFF89648 000003a8 mov eax,dword ptr [ebp-60h] 000003ab cmp byte ptr [eax+25h],0 000003af jne 000003B9 000003b1 mov ecx,dword ptr [ebp-60h] 000003b4 call FFF91CA8 000003b9 mov eax,dword ptr [ebp-30h] 000003bc xor edx,edx 000003be mov dword ptr [eax+00000088h],edx 000003c4 mov eax,dword ptr [ebp-30h] 000003c7 mov byte ptr [eax+000000CFh],dl 000003cd mov dword ptr [ebp-20h],0 000003d4 mov dword ptr [ebp-1Ch],0FCh 000003db push 4EDAE78h 000003e0 jmp 000003E2 000003e2 movzx eax,byte ptr [ebp-4Ch] 000003e6 test eax,eax 000003e8 je 000003F2 000003ea mov ecx,dword ptr [ebp-64h] 000003ed call FFF89378 000003f2 pop eax 000003f3 jmp eax 000003f5 pop eax 000003f6 jmp eax 000003f8 mov dword ptr [ebp-1Ch],0 000003ff jmp 000003F5 00000401 mov eax,dword ptr [ebp-60h] 00000404 cmp byte ptr [eax+25h],0 00000408 je 0000041A 0000040a mov eax,dword ptr [ebp-30h] 0000040d cmp byte ptr [eax+000000CFh],0 00000414 je 000002F3 0000041a xor edx,edx 0000041c mov dword ptr [ebp-50h],edx 0000041f jmp 00944EC8 00000424 movzx eax,byte ptr [ebp-50h] 00000428 test eax,eax 0000042a je 00000434 0000042c mov ecx,dword ptr [ebp-68h] 0000042f call FFF89378 00000434 pop eax 00000435 jmp eax 00000437 cmp dword ptr [ebp-34h],1 0000043b jne 0000017D 00000441 mov eax,dword ptr [ebp-30h] 00000444 mov esi,dword ptr [eax+00000094h] 0000044a call FFF89628 0000044f cmp eax,esi 00000451 jne 0000017D 00000457 mov ecx,dword ptr [ebp-58h] 0000045a cmp dword ptr [ecx],ecx 0000045c call 000254B0 00000461 mov eax,dword ptr [ebp-58h] 00000464 mov ecx,dword ptr [eax+0Ch] 00000467 cmp dword ptr [ecx],ecx 00000469 call FFFA9428 0000046e jmp 0000017D 00000473 mov dword ptr [ebp-18h],0 0000047a jmp 000002F3 0000047f mov dword ptr [ebp-18h],0 00000486 jmp 000002F3 0000048b mov esi,dword ptr [ebp-54h] 0000048e mov edi,dword ptr [ebp-80h] 00000491 mov dword ptr [esi+0Ch],edi 00000494 lea esp,[ebp-0Ch] 00000497 pop ebx 00000498 pop esi 00000499 pop edi 0000049a pop ebp 0000049b ret 8 0000049e int 3 0000049f int 3 000004a0 int 3 000004a1 int 3 000004a2 int 3 000004a3 int 3 000004a4 int 3 000004a5 int 3 000004a6 int 3 000004a7 int 3 000004a8 int 3 000004a9 int 3 000004aa int 3 000004ab int 3 000004ac int 3 000004ad int 3 000004ae int 3 000004af int 3 000004b0 int 3 000004b1 int 3 000004b2 int 3 000004b3 int 3 000004b4 int 3 000004b5 int 3 000004b6 int 3 000004b7 int 3 000004b8 int 3 000004b9 mov eax,dword ptr [ebp-60h] 000004bc mov dword ptr [ebp-68h],eax 000004bf lea edx,[ebp-50h] 000004c2 mov ecx,dword ptr [ebp-60h] 000004c5 call FF644C39 000004ca mov eax,dword ptr [ebp-60h] 000004cd cmp byte ptr [eax+25h],0 000004d1 jne 000004DB 000004d3 mov ecx,dword ptr [ebp-60h] 000004d6 call FF64D299 000004db mov eax,dword ptr [ebp-30h] 000004de xor edx,edx 000004e0 mov dword ptr [eax+00000088h],edx 000004e6 mov eax,dword ptr [ebp-30h] 000004e9 mov byte ptr [eax+000000CFh],dl 000004ef mov dword ptr [ebp-1Ch],0 000004f6 mov dword ptr [ebp-18h],0FCh 000004fd push 4EDAEFFh 00000502 jmp FF6BBA15 00000507 xor eax,eax 00000509 jmp FF6BBA7C 0000050e mov eax,2 00000513 jmp FF6BBA7C 00000518 cmp dword ptr [ebp-40h],20000000h 0000051f je FF6BB699 00000525 jmp 00000531 00000527 mov ecx,0Ah 0000052c call FF644C41 00000531 mov eax,dword ptr [ebp-30h] 00000534 cmp byte ptr [eax+000000CFh],0 0000053b jne 00000527 0000053d jmp FF6BB699