Assembly Code of File a2e39b0adf6a4f68e38bdf74c1963fba

; File Name   :	u:\startupscripts\work\hiddencode.exe
; Format      :	Portable executable for	80386 (PE)
; Imagebase   :	1000000
; Section 1. (virtual address 00001000)
; Virtual size			: 000055C2 (  21954.)
; Section size in file		: 000055C2 (  21954.)
; Offset to raw	data for section: 00001000
; Flags	60000020: Text Executable Readable
; Alignment	: default
		.686p
		.mmx
		.model flat
; ===========================================================================
; Segment type:	Pure code
; Segment permissions: Read/Execute
_text		segment	para public 'CODE' use32
		assume cs:_text
		;org 1001000h
		assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
dword_1001000	dd 600Ah	dword_1001004	dd 60BCh	dword_1001008	dd 60ACh	dword_100100C	dd 6096h	dword_1001010	dd 607Ah	dword_1001014	dd 6062h	dword_1001018	dd 5FCAh	dword_100101C	dd 5FE4h						; sub_1001FAA + DCr
dword_1001020	dd 5FF4h	dword_1001024	dd 601Eh	dword_1001028	dd 603Ah	dword_100102C	dd 6050h			dd 0
dword_1001034	dd 80000011h			dd 0
dword_100103C	dd 6444h	dword_1001040	dd 6454h	dword_1001044	dd 629Ah	dword_1001048	dd 60EAh						; sub_100180D + 33r ...
dword_100104C	dd 60F6h						; sub_10014E0 + 1Er ...
dword_1001050	dd 6108h	dword_1001054	dd 6114h						; sub_10015BE + 1Br ...
dword_1001058	dd 6122h	dword_100105C	dd 6134h	dword_1001060	dd 614Ch	dword_1001064	dd 6160h						; sub_10015BE + 8Er ...
dword_1001068	dd 6170h	dword_100106C	dd 617Eh	dword_1001070	dd 618Ch	dword_1001074	dd 61A4h	dword_1001078	dd 61B8h	dword_100107C	dd 61C4h						; sub_1001D83:loc_1001DD6r ...
dword_1001080	dd 61CCh						; sub_1001BF1 + A8r ...
dword_1001084	dd 61E6h						; sub_1001BF1 + Br
dword_1001088	dd 6200h	dword_100108C	dd 6216h						; sub_100180D + 283r ...
dword_1001090	dd 6222h						; sub_1001BF1 + 41r ...
dword_1001094	dd 6230h						; sub_1001F82 + 12r
dword_1001098	dd 623Ch						; start_0 + 52Fr
dword_100109C	dd 624Ah						; start_0 + 51Fr
dword_10010A0	dd 6262h	dword_10010A4	dd 6270h	dword_10010A8	dd 6284h						; sub_100269E + 12Fr
dword_10010AC	dd 6434h	dword_10010B0	dd 62AAh						; sub_10025EA + 8Ar
dword_10010B4	dd 62BCh						; sub_10025EA + 7Ar
dword_10010B8	dd 62CCh						; start_0 + ABr ...
dword_10010BC	dd 62E2h	dword_10010C0	dd 62F0h	dword_10010C4	dd 6304h						; sub_10025EA + 66r
dword_10010C8	dd 631Ah	dword_10010CC	dd 632Ch	dword_10010D0	dd 6342h	dword_10010D4	dd 6356h	dword_10010D8	dd 636Eh	dword_10010DC	dd 637Eh	dword_10010E0	dd 6392h	dword_10010E4	dd 63A4h	dword_10010E8	dd 63B4h	dword_10010EC	dd 63CCh	dword_10010F0	dd 63DAh	dword_10010F4	dd 63F4h	dword_10010F8	dd 640Ch	dword_10010FC	dd 6422h	dword_1001100	dd 6466h			align 8
dword_1001108	dd 65A0h	dword_100110C	dd 6588h			dd 0
dword_1001114	dd 64D0h						; sub_100269E + 3BCr
dword_1001118	dd 649Ch						; sub_1001CB9 + 4Fr ...
dword_100111C	dd 64AAh						; sub_10020FE + 165r
dword_1001120	dd 64B6h						; start_0 + F6r
dword_1001124	dd 64C2h						; start_0 + 4B7r
dword_1001128	dd 64E2h						; sub_10020FE + 132r
dword_100112C	dd 64F2h						; sub_10020FE + F1r ...
dword_1001130	dd 6508h			align 8
dword_1001138	dd 5F8Ch	dword_100113C	dd 5F96h	dword_1001140	dd 5FA0h						; sub_1002AE1 + 123r ...
dword_1001144	dd 5FAAh	dword_1001148	dd 5FB4h			align 10h
dword_1001150	dd 655Ch	dword_1001154	dd 6546h						; sub_1001BA0 + 14r
dword_1001158	dd 652Ch						; sub_1001BA0 + 28r
dword_100115C	dd 6522h						; sub_1001B1C:loc_1001B93r ...
		dd 5 dup(0)
		dd 3E6FAE9Dh, 0
		dd 2, 0
		dd 13A0h, 0
dword_100118C	dd 0A80E9DC0h, 11D2D910h, 10000595h, 15B1AA5Ahdword_100119C	dd 0							; sub_1002272:loc_1002390 ...
dword_10011A0	dd 74687324h, 246E7764h, 7165722Eh, 0a_sfx_cab_shutd	db '_SFX_CAB_SHUTDOWN_REQUEST',0 ; DATA XREF: sub_1001BF1 + 6
					; sub_1001BF1 + A3
		align 4
aInitiatesystem	db 'InitiateSystemShutdownExA',0 ; DATA XREF: sub_1001D83 + 84
		align 4
aAdvapi32_dll	db 'advapi32.dll',0     ; DATA XREF: sub_1001D83 + 72
					; sub_10025EA + 75
		align 4
aWfp_idle_trigg	db 'WFP_IDLE_TRIGGER',0 ; DATA XREF: sub_1001D83 + D
		align 4
aDecryptfilea	db 'DecryptFileA',0     ; DATA XREF: sub_10025EA + 84
		align 4
aTempExt	db 'temp\ext',0         ; DATA XREF: sub_100269E + 321
		align 4
a02x		db '%02x',0             ; DATA XREF: sub_100269E + 2B4
		align 10h
aS		db '%s',0               ; DATA XREF: sub_100269E + 28A
		align 4
aBackofficestor	db 'backofficestorage',0 ; DATA XREF: sub_100269E + 196
		align 4
aCdtag_1	db 'cdtag.1',0          ; DATA XREF: sub_1002AE1 + 11B
a_sfx_cab_exe_p	db '_SFX_CAB_EXE_PATH',0 ; DATA XREF: start_0 + 387
		align 4
aUpdateUpdate_e	db '\update\update.exe',0 ; DATA XREF: start_0 + 374
		align 4
byte_1001278	db 0			; DATA XREF: sub_1004618 + 1Dr
					; sub_1004C06 + 15Cr ...
		align 4
		dd 2020101h, 4040303h, 6060505h, 8080707h, 0A0A0909h, 0C0C0B0Bh
		dd 0E0E0D0Dh, 10100F0Fh, 3 dup(11111111h), 111111h, 0
dword_10012B0	dd 0FFFFFFFEh						; sub_1004E5D:loc_100500Er ...
		dd 0FFFFFFFFh, 0
dword_10012BC	dd 1				dd 2, 4, 6, 0Ah, 0Eh, 16h, 1Eh,	2Eh, 3Eh, 5Eh, 7Eh, 0BEh
		dd 0FEh, 17Eh, 1FEh, 2FEh, 3FEh, 5FEh, 7FEh, 0BFEh, 0FFEh
		dd 17FEh, 1FFEh, 2FFEh,	3FFEh, 5FFEh, 7FFEh, 0BFFEh, 0FFFEh
		dd 17FFEh, 1FFFEh, 2FFFEh, 3FFFEh, 5FFFEh, 7FFFEh, 9FFFEh
		dd 0BFFFEh, 0DFFFEh, 0FFFFEh, 11FFFEh, 13FFFEh,	15FFFEh
		dd 17FFFEh, 19FFFEh, 1BFFFEh, 1DFFFEh, 1FFFFEh,	3020100h
		dd 7060504h, 0B0A0908h,	0F0E0D0Ch
byte_100138D	db 0			; DATA XREF: sub_100576D + 1A2r
					; sub_100576D + 1E2r
		dw 201h
		dd 6050403h, 0A090807h,	0E0D0C0Bh, 100Fh, 3031424Eh, 0
		dd 3E6FAE9Dh, 1, 63786673h, 702E6261h, 6264h
 

sub_10013BC	proc near		; CODE XREF: start_0 + 46F
var_4		= dword	ptr  - 4
		push	ebp
		mov	ebp, esp
		push	ecx
		mov	eax, dword_100701C
		cmp	eax, 0FFFFFFFFh
		jz	short locret_1001449
		push	ebx
		push	esi
		xor	ebx, ebx
		push	ebx
		push	ebx
		push	ebx
		push	eax
		call	ds:dword_100104C
		push	ebx
		lea	eax, [ ebp + var_4 ]
		push	eax
		mov	esi, 210h
		push	esi
		push	offset dword_1007440
		push	dword_100701C
		call	ds:dword_1001048
		test	eax, eax
		jz	short loc_1001440
		cmp	[ ebp + var_4 ], esi
		jnz	short loc_1001440
		cmp	dword_1007440, 6E776453h
		jnz	short loc_1001440
		test	byte_100744B, 80h
		jnz	short loc_1001447
		or	byte_100744B, 40h
		cmp	dword_1007444, 10000h
		mov	byte_100764F, bl
		jnz	short loc_1001447
		test	dword ptr byte_1007448,	3FFFFFECh
		jnz	short loc_1001447
		and	byte_100744B, 0BFh
		jmp	short loc_1001447
; ---------------------------------------------------------------------------

loc_1001440:				; CODE XREF: sub_10013BC + 3A
					; sub_10013BC + 3F ...
		or	byte_100744B, 80h

loc_1001447:				; CODE XREF: sub_10013BC + 54
					; sub_10013BC + 6D ...
		pop	esi
		pop	ebx

locret_1001449:				; CODE XREF: sub_10013BC + C
		leave
		retn
sub_10013BC	endp    
   
 

 
 

sub_100144B	proc near		; CODE XREF: sub_1001BF1 + 2B
					; sub_100269E + 32A ...
arg_0		= dword	ptr  4
arg_4		= dword	ptr  8
arg_8		= dword	ptr  0Ch
		push	ebx
		push	esi
		mov	esi, [ esp + 8 + arg_0 ]
		mov	eax, esi
		push	edi
		lea	ecx, [ eax + 1 ]

loc_1001457:				; CODE XREF: sub_100144B + 11
		mov	dl, [ eax ]
		inc	eax
		test	dl, dl
		jnz	short loc_1001457
		mov	edi, [ esp + 0Ch + arg_8 ]
		sub	eax, ecx
		mov	ecx, eax
		shr	ecx, 2
		lea	edx, [ eax + edi ]
		rep movsd
		mov	ecx, eax
		and	ecx, 3
		rep movsb
		cmp	byte ptr [ edx - 1 ], 5Ch
		jz	short loc_100147F
		mov	byte ptr [ edx ],	5Ch
		inc	edx

loc_100147F:				; CODE XREF: sub_100144B + 2E
		mov	eax, [ esp + 0Ch + arg_4 ]
		lea	esi, [ eax + 1 ]

loc_1001486:				; CODE XREF: sub_100144B + 40
		mov	cl, [ eax ]
		inc	eax
		test	cl, cl
		jnz	short loc_1001486
		sub	eax, esi
		mov	esi, [ esp + 0Ch + arg_4 ]
		lea	ecx, [ eax + 1 ]
		mov	ebx, ecx
		shr	ecx, 2
		mov	edi, edx
		rep movsd
		mov	ecx, ebx
		and	ecx, 3
		rep movsb
		pop	edi
		pop	esi
		add	eax, edx
		pop	ebx
		retn	0Ch
sub_100144B	endp    
   
 

 
 

sub_10014AE	proc near		; DATA XREF: start_0 + 1DF
arg_0		= dword	ptr  4
		push	[ esp + arg_0 ]
		push	0
		push	dword_10078B8
		call	ds:dword_1001050
		retn
sub_10014AE	endp    
   
 

 
 

sub_10014C1	proc near		; DATA XREF: start_0 + 1CB
arg_0		= dword	ptr  4
		push	esi
		mov	esi, [ esp + 4 + arg_0 ]
		push	esi
		call	ds:dword_1001054
		cmp	dword_1007028, esi
		pop	esi
		jnz	short loc_10014DD
		and	dword_1007028, 0

loc_10014DD:				; CODE XREF: sub_10014C1 + 13
		xor	eax, eax
		retn
sub_10014C1	endp    
   
 

 
 

sub_10014E0	proc near		; CODE XREF: start_0 + 1F8
					; DATA XREF: start_0 + 1C6
arg_0		= dword	ptr  4
arg_4		= dword	ptr  8
arg_8		= dword	ptr  0Ch
		cmp	[ esp + arg_8 ], 0
		mov	eax, [ esp + arg_4 ]
		jnz	short loc_10014F3
		mov	ecx, dword_1007014
		add	eax, ecx

loc_10014F3:				; CODE XREF: sub_10014E0 + 9
		push	[ esp + arg_8 ]
		push	0
		push	eax
		push	[ esp + 0Ch + arg_0 ]
		call	ds:dword_100104C
		sub	eax, dword_1007014
		retn
sub_10014E0	endp    
   
 

 
 

sub_100150B	proc near		; CODE XREF: sub_1001556 + 5E
					; sub_100269E + 35A
var_C		= byte ptr  - 0Ch
arg_0		= dword	ptr  8
arg_4		= dword	ptr  0Ch
		push	ebp
		mov	ebp, esp
		sub	esp, 0Ch
		mov	eax, [ ebp + arg_0 ]
		test	eax, eax
		lea	ecx, [ ebp + var_C ]
		jnz	short loc_1001524
		mov	eax, [ ebp + arg_4 ]
		mov	byte ptr [ eax ],	30h
		inc	eax
		jmp	short loc_100154F
; ---------------------------------------------------------------------------

loc_1001524:				; CODE XREF: sub_100150B + E
		push	esi

loc_1001525:				; CODE XREF: sub_100150B + 29
		xor	edx, edx
		push	0Ah
		pop	esi
		div	esi
		add	dl, 30h
		mov	[ ecx ], dl
		inc	ecx
		test	eax, eax
		jnz	short loc_1001525
		lea	eax, [ ebp + var_C ]
		dec	ecx
		cmp	ecx, eax
		mov	eax, [ ebp + arg_4 ]
		pop	esi
		jb	short loc_100154F

loc_1001542:				; CODE XREF: sub_100150B + 42
		mov	dl, [ ecx ]
		mov	[ eax ], dl
		inc	eax
		dec	ecx
		lea	edx, [ ebp + var_C ]
		cmp	ecx, edx
		jnb	short loc_1001542

loc_100154F:				; CODE XREF: sub_100150B + 17
					; sub_100150B + 35
		and	byte ptr [ eax ],	0
		leave
		retn	8
sub_100150B	endp    
   
 

 
 

sub_1001556	proc near		; CODE XREF: sub_1001CB9 + 32
var_C		= dword	ptr  - 0Ch
var_8		= dword	ptr  - 8
var_4		= dword	ptr  - 4
arg_0		= dword	ptr  8
arg_4		= dword	ptr  0Ch
arg_8		= dword	ptr  10h
		push	ebp
		mov	ebp, esp
		sub	esp, 0Ch
		push	esi
		mov	esi, [ ebp + arg_0 ]
		test	esi, 20000000h
		jz	short loc_100157F
		push	[ ebp + arg_4 ]
		push	[ ebp + arg_8 ]
		push	esi
		push	dword_1007020
		call	ds:dword_1001118
		test	eax, eax
		jnz	short loc_10015B9

loc_100157F:				; CODE XREF: sub_1001556 + 10
		mov	eax, dword_100776C
		mov	[ ebp + var_C ], eax
		mov	eax, offset dword_100119C
		mov	[ ebp + var_8 ], eax
		mov	[ ebp + var_4 ], eax
		lea	eax, [ ebp + var_C ]
		push	eax
		push	[ ebp + arg_4 ]
		push	[ ebp + arg_8 ]
		push	0
		push	esi
		push	0
		push	3000h
		call	ds:dword_1001058
		test	eax, eax
		jnz	short loc_10015B9
		push	[ ebp + arg_8 ]
		push	esi
		call	sub_100150B

loc_10015B9:				; CODE XREF: sub_1001556 + 27
					; sub_1001556 + 58
		pop	esi
		leave
		retn	0Ch
sub_1001556	endp    
   
 

 
 

sub_10015BE	proc near		; CODE XREF: sub_10016BA + 56
					; sub_1001CB9:loc_1001D2A ...
		push	ebx
		push	ebp
		push	esi
		push	edi
		push	offset dword_10078A0
		call	ds:dword_1001070
		mov	eax, dword_1007028
		xor	ebp, ebp
		cmp	eax, ebp
		jz	short loc_10015E5
		push	eax
		call	ds:dword_1001054
		mov	dword_1007028, ebp

loc_10015E5:				; CODE XREF: sub_10015BE + 18
		mov	esi, off_1007000
		mov	ebx, ds:dword_100106C
		mov	edi, offset off_1007000
		jmp	short loc_1001627
; ---------------------------------------------------------------------------

loc_10015F8:				; CODE XREF: sub_10015BE + 6B
		mov	eax, [ esi + 4 ]
		cmp	eax, ebp
		jz	short loc_1001625
		push	eax
		call	ds:dword_1001068
		test	eax, eax
		jnz	short loc_1001622
		call	ds:dword_1001064
		cmp	eax, 2
		jz	short loc_1001622
		cmp	eax, 3
		jz	short loc_1001622
		push	4
		push	ebp
		push	dword ptr [ esi + 4 ]
		call	ebx ; dword_100106C

loc_1001622:				; CODE XREF: sub_10015BE + 4A
					; sub_10015BE + 55 ...
		mov	[ esi + 4 ], ebp

loc_1001625:				; CODE XREF: sub_10015BE + 3F
		mov	esi, [ esi ]

loc_1001627:				; CODE XREF: sub_10015BE + 38
		cmp	esi, edi
		jnz	short loc_10015F8
		mov	esi, off_1007008
		mov	ebp, ds:dword_1001060
		mov	edi, offset off_1007008
		jmp	short loc_100166B
; ---------------------------------------------------------------------------

loc_100163E:				; CODE XREF: sub_10015BE + AF
		mov	eax, [ esi + 4 ]
		test	eax, eax
		jz	short loc_1001669
		push	eax
		call	ebp ; dword_1001060
		test	eax, eax
		jnz	short loc_1001665
		call	ds:dword_1001064
		cmp	eax, 2
		jz	short loc_1001665
		cmp	eax, 3
		jz	short loc_1001665
		push	4
		push	0
		push	dword ptr [ esi + 4 ]
		call	ebx ; dword_100106C

loc_1001665:				; CODE XREF: sub_10015BE + 8C
					; sub_10015BE + 97 ...
		and	dword ptr [ esi + 4 ], 0

loc_1001669:				; CODE XREF: sub_10015BE + 85
		mov	esi, [ esi ]

loc_100166B:				; CODE XREF: sub_10015BE + 7E
		cmp	esi, edi
		jnz	short loc_100163E
		mov	eax, dword_100701C
		cmp	eax, 0FFFFFFFFh
		jz	short loc_1001687
		push	eax
		call	ds:dword_1001054
		or	dword_100701C, 0FFFFFFFFh

loc_1001687:				; CODE XREF: sub_10015BE + B9
		mov	esi, offset dword_10078C0
		push	esi
		call	ebp ; dword_1001060
		test	eax, eax
		jnz	short loc_10016AA
		call	ds:dword_1001064
		cmp	eax, 2
		jz	short loc_10016AA
		cmp	eax, 3
		jz	short loc_10016AA
		push	4
		push	0
		push	esi
		call	ebx ; dword_100106C

loc_10016AA:				; CODE XREF: sub_10015BE + D3
					; sub_10015BE + DE ...
		push	offset dword_10078A0
		call	ds:dword_100105C
		pop	edi
		pop	esi
		pop	ebp
		pop	ebx
		retn
sub_10015BE	endp    
   
 

 
 

sub_10016BA	proc near		; DATA XREF: sub_1001CB9 + A0
arg_0		= dword	ptr  8
arg_4		= dword	ptr  0Ch
arg_8		= dword	ptr  10h
		push	ebp
		mov	ebp, esp
		cmp	[ ebp + arg_4 ], 10h
		jz	short loc_100172D
		cmp	[ ebp + arg_4 ], 16h
		jz	short loc_100170A
		cmp	[ ebp + arg_4 ], 110h
		jnz	short loc_1001729
		cmp	dword_1007038, 0
		mov	eax, [ ebp + arg_0 ]
		mov	dword_1007764, eax
		jz	short loc_10016FC
		push	0FFFFFFFDh
		push	eax
		call	ds:dword_1001120
		push	1F4h
		mov	dword_1007770, eax
		call	ds:dword_100107C

loc_10016FC:				; CODE XREF: sub_10016BA + 27
		push	dword_1007774
		call	ds:dword_1001078
		jmp	short loc_100173F
; ---------------------------------------------------------------------------

loc_100170A:				; CODE XREF: sub_10016BA + D
		cmp	[ ebp + arg_8 ], 0
		jz	short loc_1001729
		call	sub_10015BE
		mov	eax, dword_1007884
		test	eax, eax
		jz	short loc_100173F
		push	1
		push	eax
		call	ds:dword_1001074
		jmp	short loc_100173F
; ---------------------------------------------------------------------------

loc_1001729:				; CODE XREF: sub_10016BA + 16
					; sub_10016BA + 54
		xor	eax, eax
		jmp	short loc_1001742
; ---------------------------------------------------------------------------

loc_100172D:				; CODE XREF: sub_10016BA + 7
		and	dword_1007764, 0
		push	0
		push	[ ebp + arg_0 ]
		call	ds:dword_100111C

loc_100173F:				; CODE XREF: sub_10016BA + 4E
					; sub_10016BA + 62 ...
		xor	eax, eax
		inc	eax

loc_1001742:				; CODE XREF: sub_10016BA + 71
		pop	ebp
		retn	10h
sub_10016BA	endp    
   
 

 
 

sub_1001746	proc near		; CODE XREF: sub_1002272 + 2A4
arg_0		= dword	ptr  4
		mov	eax, [ esp + arg_0 ]
		push	esi
		mov	esi, offset dword_10078C0

loc_1001750:				; CODE XREF: sub_1001746 + 17
		mov	cl, [ eax ]
		cmp	cl, 20h
		jz	short loc_100175C
		cmp	cl, 9
		jnz	short loc_100175F

loc_100175C:				; CODE XREF: sub_1001746 + F
		inc	eax
		jmp	short loc_1001750
; ---------------------------------------------------------------------------

loc_100175F:				; CODE XREF: sub_1001746 + 14
		mov	ecx, eax
		push	edi
		lea	edi, [ ecx + 1 ]

loc_1001765:				; CODE XREF: sub_1001746 + 24
		mov	dl, [ ecx ]
		inc	ecx
		test	dl, dl
		jnz	short loc_1001765
		sub	ecx, edi
		inc	ecx
		cmp	ecx, 104h
		pop	edi
		jb	short loc_100177C
		xor	eax, eax
		jmp	short loc_10017B0
; ---------------------------------------------------------------------------

loc_100177C:				; CODE XREF: sub_1001746 + 30
		mov	cl, [ eax ]
		cmp	cl, 22h
		jnz	short loc_10017A6
		jmp	short loc_100178D
; ---------------------------------------------------------------------------

loc_1001785:				; CODE XREF: sub_1001746 + 4C
		cmp	cl, 22h
		jz	short loc_10017AA
		mov	[ esi ], cl
		inc	esi

loc_100178D:				; CODE XREF: sub_1001746 + 3D
		inc	eax
		mov	cl, [ eax ]
		test	cl, cl
		jnz	short loc_1001785
		jmp	short loc_10017AA
; ---------------------------------------------------------------------------

loc_1001796:				; CODE XREF: sub_1001746 + 62
		cmp	cl, 20h
		jz	short loc_10017AA
		cmp	cl, 9
		jz	short loc_10017AA
		mov	[ esi ], cl
		inc	esi
		inc	eax
		mov	cl, [ eax ]

loc_10017A6:				; CODE XREF: sub_1001746 + 3B
		test	cl, cl
		jnz	short loc_1001796

loc_10017AA:				; CODE XREF: sub_1001746 + 42
					; sub_1001746 + 4E ...
		and	byte ptr [ esi ],	0
		xor	eax, eax
		inc	eax

loc_10017B0:				; CODE XREF: sub_1001746 + 34
		pop	esi
		retn	4
sub_1001746	endp    
   
 

 
 

sub_10017B4	proc near		; CODE XREF: start_0 + 41
		xor	ecx, ecx

loc_10017B6:				; CODE XREF: sub_10017B4 + 27
		push	8
		mov	eax, ecx
		pop	edx

loc_10017BB:				; CODE XREF: sub_10017B4 + 17
		test	al, 1
		jz	short loc_10017C8
		shr	eax, 1
		xor	eax, 0EDB88320h
		jmp	short loc_10017CA
; ---------------------------------------------------------------------------

loc_10017C8:				; CODE XREF: sub_10017B4 + 9
		shr	eax, 1

loc_10017CA:				; CODE XREF: sub_10017B4 + 12
		dec	edx
		jnz	short loc_10017BB
		mov	dword_1007040[ ecx * 4 ], eax
		inc	ecx
		cmp	ecx, 100h
		jb	short loc_10017B6
		retn
sub_10017B4	endp    
   
 

 
 

sub_10017DE	proc near		; CODE XREF: sub_100180D + 172
					; start_0 + 18A
arg_0		= dword	ptr  4
arg_4		= dword	ptr  8
arg_8		= dword	ptr  0Ch
		mov	edx, [ esp + arg_8 ]
		test	edx, edx
		mov	eax, [ esp + arg_0 ]
		mov	ecx, [ esp + arg_4 ]
		jz	short locret_100180A
		push	esi
		push	edi

loc_10017F0:				; CODE XREF: sub_10017DE + 28
		movzx	esi, byte ptr [ ecx ]
		movzx	edi, al
		xor	esi, edi
		mov	esi, dword_1007040[ esi * 4 ]
		shr	eax, 8
		xor	eax, esi
		inc	ecx
		dec	edx
		jnz	short loc_10017F0
		pop	edi
		pop	esi

locret_100180A:				; CODE XREF: sub_10017DE + E
		retn	0Ch
sub_10017DE	endp    
   
 

 
 

sub_100180D	proc near		; CODE XREF: sub_1002272 + 4B
var_114		= dword	ptr  - 114h
var_100		= word ptr  - 100h
var_D8		= dword	ptr  - 0D8h
var_7C		= dword	ptr  - 7Ch
var_78		= dword	ptr  - 78h
var_1C		= dword	ptr  - 1Ch
var_18		= dword	ptr  - 18h
var_14		= dword	ptr  - 14h
var_10		= dword	ptr  - 10h
var_C		= dword	ptr  - 0Ch
var_8		= dword	ptr  - 8
var_4		= dword	ptr  - 4
arg_0		= dword	ptr  8
		push	ebp
		mov	ebp, esp
		sub	esp, 114h
		push	ebx
		xor	ebx, ebx
		push	ebx
		push	10000000h
		push	3
		push	ebx
		push	3
		push	80000000h
		push	[ ebp + arg_0 ]
		call	ds:dword_1001090
		cmp	eax, 0FFFFFFFFh
		mov	[ ebp + var_C ], eax
		jz	loc_1001B17
		push	esi
		push	edi
		mov	edi, ds:dword_1001048
		push	ebx
		lea	ecx, [ ebp + arg_0 ]
		push	ecx
		mov	esi, 0F8h
		push	esi
		lea	ecx, [ ebp + var_114 ]
		push	ecx
		push	eax
		call	edi ; dword_1001048
		test	eax, eax
		jz	loc_1001B0C
		cmp	[ ebp + arg_0 ], esi
		jnz	loc_1001B0C
		cmp	word ptr [ ebp + var_114 ],	5A4Dh
		jnz	short loc_10018B7
		push	ebx
		push	ebx
		push	[ ebp + var_D8 ]
		push	[ ebp + var_C ]
		call	ds:dword_100104C
		cmp	eax, [ ebp + var_D8 ]
		jnz	loc_1001B0C
		push	ebx
		lea	eax, [ ebp + arg_0 ]
		push	eax
		push	esi
		lea	eax, [ ebp + var_114 ]
		push	eax
		push	[ ebp + var_C ]
		call	edi ; dword_1001048
		test	eax, eax
		jz	loc_1001B0C
		cmp	[ ebp + arg_0 ], esi
		jnz	loc_1001B0C

loc_10018B7:				; CODE XREF: sub_100180D + 68
		cmp	[ ebp + var_114 ], 4550h
		jnz	loc_1001B0C
		cmp	[ ebp + var_100 ], 0E0h
		jb	loc_1001B0C
		cmp	[ ebp + var_7C ], ebx
		jz	loc_1001B0C
		cmp	[ ebp + var_78 ], ebx
		jz	loc_1001B0C
		cmp	[ ebp + var_78 ], 40000h
		ja	loc_1001B0C
		push	[ ebp + var_78 ]
		push	8
		push	dword_10078B8
		call	ds:dword_100108C
		mov	esi, eax
		cmp	esi, ebx
		mov	[ ebp + var_14 ], esi
		jz	loc_1001B0C
		push	ebx
		push	ebx
		push	[ ebp + var_7C ]
		push	[ ebp + var_C ]
		call	ds:dword_100104C
		cmp	eax, [ ebp + var_7C ]
		jnz	loc_1001B0C
		push	ebx
		lea	eax, [ ebp + arg_0 ]
		push	eax
		push	[ ebp + var_78 ]
		push	esi
		push	[ ebp + var_C ]
		call	edi ; dword_1001048
		test	eax, eax
		jz	loc_1001B0C
		mov	ecx, [ ebp + var_78 ]
		cmp	[ ebp + arg_0 ], ecx
		jnz	loc_1001B0C
		mov	eax, esi
		mov	[ ebp + var_4 ], ecx
		cmp	ecx, 16h
		jmp	short loc_1001993
; ---------------------------------------------------------------------------

loc_1001956:				; CODE XREF: sub_100180D + 189
		cmp	byte ptr [ eax ],	0C0h
		jnz	short loc_100198B
		push	4
		pop	ecx
		mov	edi, offset dword_100118C
		mov	esi, eax
		xor	edx, edx
		repe cmpsd
		jnz	short loc_100198B
		mov	ecx, [ eax + 10h ]
		cmp	ecx, 16h
		mov	[ ebp + arg_0 ], ecx
		jb	short loc_100198B
		cmp	ecx, [ ebp + var_4 ]
		ja	short loc_100198B
		push	ecx
		push	eax
		push	0FFFFFFFFh
		call	sub_10017DE
		test	eax, eax
		jz	short loc_100199D
		mov	eax, [ ebp + var_8 ]

loc_100198B:				; CODE XREF: sub_100180D + 14C
					; sub_100180D + 15C ...
		inc	eax
		dec	[ ebp + var_4 ]
		cmp	[ ebp + var_4 ], 16h

loc_1001993:				; CODE XREF: sub_100180D + 147
		mov	[ ebp + var_8 ], eax
		jnb	short loc_1001956
		jmp	loc_1001B0C
; ---------------------------------------------------------------------------

loc_100199D:				; CODE XREF: sub_100180D + 179
		mov	ecx, [ ebp + var_8 ]
		test	cl, 3
		jz	short loc_10019C2
		mov	edi, [ ebp + var_14 ]
		mov	esi, edi
		jmp	short loc_10019B5
; ---------------------------------------------------------------------------

loc_10019AC:				; CODE XREF: sub_100180D + 1AB
		dec	[ ebp + arg_0 ]
		mov	al, [ ecx ]
		mov	[ esi ], al
		inc	esi
		inc	ecx

loc_10019B5:				; CODE XREF: sub_100180D + 19D
		cmp	[ ebp + arg_0 ], ebx
		jnz	short loc_10019AC
		dec	[ ebp + arg_0 ]
		mov	[ ebp + var_8 ], edi
		mov	ecx, edi

loc_10019C2:				; CODE XREF: sub_100180D + 196
		movzx	edx, word ptr [ ecx + 14h ]
		mov	eax, [ ecx + 10h ]
		add	eax, ecx
		add	ecx, 16h
		cmp	edx, ebx
		mov	[ ebp + var_14 ], edx
		mov	[ ebp + var_1C ], eax
		jz	loc_1001B0C
		mov	edi, ds:dword_1001088
		jmp	short loc_10019EA
; ---------------------------------------------------------------------------

loc_10019E4:				; CODE XREF: sub_100180D + 2F9
		mov	ecx, [ ebp + var_8 ]
		mov	eax, [ ebp + var_1C ]

loc_10019EA:				; CODE XREF: sub_100180D + 1D5
		mov	edx, ecx
		add	ecx, 4
		cmp	ecx, eax
		mov	[ ebp + var_10 ], edx
		ja	loc_1001B0C
		mov	ax, [ edx ]
		test	al, 1
		jnz	loc_1001B0C
		test	byte ptr [ edx + 2 ], 1
		jnz	loc_1001B0C
		movzx	edx, word ptr [ edx + 2 ]
		movzx	eax, ax
		mov	esi, ecx
		add	ecx, eax
		mov	[ ebp + var_18 ], ecx
		add	ecx, edx
		cmp	ecx, [ ebp + var_1C ]
		mov	[ ebp + var_8 ], ecx
		ja	loc_1001B0C
		mov	ecx, [ ebp + var_18 ]
		shr	eax, 1
		mov	[ esi + eax * 2 - 2 ], bx
		mov	eax, [ ebp + var_10 ]
		movzx	eax, word ptr [ eax + 2 ]
		push	2
		shr	eax, 1
		mov	[ ecx + eax * 2 - 2 ], bx
		pop	eax
		sub	esi, eax
		mov	word ptr [ esi ],	5Fh
		sub	esi, eax
		mov	word ptr [ esi ],	58h
		sub	esi, eax
		mov	word ptr [ esi ],	46h
		sub	esi, eax
		mov	word ptr [ esi ],	53h
		sub	esi, eax
		lea	eax, [ ebp + var_4 ]
		push	eax
		push	ebx
		push	ebx
		push	ebx
		push	0FFFFFFFFh
		push	esi
		push	ebx
		push	ebx
		mov	word ptr [ esi ],	5Fh
		call	edi ; dword_1001088
		cmp	eax, ebx
		mov	[ ebp + arg_0 ], eax
		jz	loc_1001B03
		cmp	[ ebp + var_4 ], ebx
		jnz	short loc_1001B03
		push	eax
		push	8
		push	dword_10078B8
		call	ds:dword_100108C
		cmp	eax, ebx
		mov	[ ebp + var_10 ], eax
		jz	short loc_1001B0C
		push	ebx
		push	ebx
		push	[ ebp + arg_0 ]
		push	eax
		push	0FFFFFFFFh
		push	esi
		push	ebx
		push	ebx
		call	edi ; dword_1001088
		push	ebx
		push	ebx
		push	[ ebp + var_10 ]
		call	ds:dword_1001084
		test	eax, eax
		jnz	short loc_1001B03
		lea	eax, [ ebp + var_4 ]
		push	eax
		push	ebx
		push	ebx
		push	ebx
		push	0FFFFFFFFh
		push	[ ebp + var_18 ]
		push	ebx
		push	ebx
		call	edi ; dword_1001088
		cmp	eax, ebx
		mov	[ ebp + arg_0 ], eax
		jz	short loc_1001B03
		cmp	[ ebp + var_4 ], ebx
		jnz	short loc_1001B03
		push	eax
		push	8
		push	dword_10078B8
		call	ds:dword_100108C
		mov	esi, eax
		cmp	esi, ebx
		jz	short loc_1001B0C
		push	ebx
		push	ebx
		push	[ ebp + arg_0 ]
		push	esi
		push	0FFFFFFFFh
		push	[ ebp + var_18 ]
		push	ebx
		push	ebx
		call	edi ; dword_1001088
		push	esi
		push	[ ebp + var_10 ]
		call	ds:dword_1001080

loc_1001B03:				; CODE XREF: sub_100180D + 26F
					; sub_100180D + 278 ...
		dec	[ ebp + var_14 ]
		jnz	loc_10019E4

loc_1001B0C:				; CODE XREF: sub_100180D + 50
					; sub_100180D + 59 ...
		push	[ ebp + var_C ]
		call	ds:dword_1001054
		pop	edi
		pop	esi

loc_1001B17:				; CODE XREF: sub_100180D + 2B
		pop	ebx
		leave
		retn	4
sub_100180D	endp    
   
 

 
 

sub_1001B1C	proc near		; CODE XREF: sub_1001D83 + 64
var_10		= dword	ptr  - 10h
var_C		= dword	ptr  - 0Ch
var_8		= dword	ptr  - 8
var_4		= dword	ptr  - 4
arg_0		= dword	ptr  8
arg_4		= dword	ptr  0Ch
arg_8		= dword	ptr  10h
arg_C		= dword	ptr  14h
		push	ebp
		mov	ebp, esp
		sub	esp, 10h
		mov	eax, [ ebp + arg_0 ]
		cdq
		mov	[ ebp + var_C ], eax
		mov	eax, [ ebp + arg_4 ]
		push	esi
		xor	esi, esi
		sub	eax, esi
		mov	[ ebp + var_10 ], 1
		mov	[ ebp + var_8 ], edx
		jz	short loc_1001B45
		dec	eax
		jnz	short loc_1001B99
		and	[ ebp + var_4 ], esi
		jmp	short loc_1001B4C
; ---------------------------------------------------------------------------

loc_1001B45:				; CODE XREF: sub_1001B1C + 1F
		mov	[ ebp + var_4 ], 2

loc_1001B4C:				; CODE XREF: sub_1001B1C + 27
		lea	eax, [ ebp + arg_0 ]
		push	eax
		push	28h
		push	0FFFFFFFFh
		call	ds:dword_1001154
		test	eax, eax
		jl	short loc_1001B99
		cmp	[ ebp + arg_8 ], 0
		mov	eax, [ ebp + arg_C ]
		jz	short loc_1001B6D
		test	eax, eax
		jz	short loc_1001B6D
		mov	esi, [ eax ]

loc_1001B6D:				; CODE XREF: sub_1001B1C + 49
					; sub_1001B1C + 4D
		push	eax
		push	[ ebp + arg_8 ]
		lea	eax, [ ebp + var_10 ]
		push	esi
		push	eax
		push	0
		push	[ ebp + arg_0 ]
		call	ds:dword_1001158
		test	eax, eax
		push	[ ebp + arg_0 ]
		jl	short loc_1001B93
		call	ds:dword_100115C
		xor	eax, eax
		inc	eax
		jmp	short loc_1001B9B
; ---------------------------------------------------------------------------

loc_1001B93:				; CODE XREF: sub_1001B1C + 6A
		call	ds:dword_100115C

loc_1001B99:				; CODE XREF: sub_1001B1C + 22
					; sub_1001B1C + 40
		xor	eax, eax

loc_1001B9B:				; CODE XREF: sub_1001B1C + 75
		pop	esi
		leave
		retn	10h
sub_1001B1C	endp    
   
 

 
 

sub_1001BA0	proc near		; CODE XREF: sub_1001D83 + 169
var_4		= dword	ptr  - 4
arg_0		= dword	ptr  8
		push	ebp
		mov	ebp, esp
		push	ecx
		push	esi
		xor	esi, esi
		cmp	[ ebp + arg_0 ], esi
		jz	short loc_1001BE6
		lea	eax, [ ebp + var_4 ]
		push	eax
		push	28h
		push	0FFFFFFFFh
		call	ds:dword_1001154
		test	eax, eax
		jl	short loc_1001BE6
		push	esi
		push	esi
		push	esi
		push	[ ebp + arg_0 ]
		push	esi
		push	[ ebp + var_4 ]
		call	ds:dword_1001158
		test	eax, eax
		push	[ ebp + var_4 ]
		jl	short loc_1001BE0
		call	ds:dword_100115C
		xor	eax, eax
		inc	eax
		jmp	short loc_1001BE8
; ---------------------------------------------------------------------------

loc_1001BE0:				; CODE XREF: sub_1001BA0 + 33
		call	ds:dword_100115C

loc_1001BE6:				; CODE XREF: sub_1001BA0 + A
					; sub_1001BA0 + 1C
		xor	eax, eax

loc_1001BE8:				; CODE XREF: sub_1001BA0 + 3E
		pop	esi
		leave
		retn	4
sub_1001BA0	endp    
   
 

 
 

sub_1001BED	proc near		; CODE XREF: sub_100368F + 93
					; sub_100368F + A5 ...
		xor	eax, eax
		retn
sub_1001BED	endp    
   
 

 
; [ 00000001 BYTES: COLLAPSED FUNCTION nullsub_1. PRESS KEYPAD \" + \" TO EXPAND ]
 

sub_1001BF1	proc near		; CODE XREF: start_0:loc_100305B
var_4		= byte ptr  - 4
		push	ecx
		push	ebp
		xor	ebp, ebp
		push	ebp
		push	ebp
		push	offset a_sfx_cab_shutd ; \"_SFX_CAB_SHUTDOWN_REQUEST\"
		call	ds:dword_1001084
		test	eax, eax
		jnz	loc_1001CB6
		push	esi
		push	edi
		mov	esi, offset dword_1007B00
		push	esi
		push	offset dword_10011A0
		push	offset dword_10078C0
		call	sub_100144B
		push	ebp
		push	4000002h
		push	1
		push	ebp
		push	3
		push	0C0000000h
		push	esi
		call	ds:dword_1001090
		mov	edx, eax
		cmp	edx, 0FFFFFFFFh
		mov	dword_100701C, edx
		jz	short loc_1001CB4
		push	ebx
		mov	ebx, offset dword_1007440
		xor	eax, eax
		push	ebp
		mov	ecx, 84h
		mov	edi, ebx
		rep stosd
		lea	eax, [ esp + 18h + var_4 ]
		push	eax
		mov	edi, 210h
		push	edi
		push	ebx
		push	edx
		mov	dword_1007440, 6E776453h
		mov	dword_1007444, 10000h
		mov	dword ptr byte_1007448,	0C0000013h
		call	ds:dword_1001094
		test	eax, eax
		pop	ebx
		jz	short loc_1001CA1
		cmp	[ esp + 0Ch ], edi
		jnz	short loc_1001CA1
		push	esi
		push	offset a_sfx_cab_shutd ; \"_SFX_CAB_SHUTDOWN_REQUEST\"
		call	ds:dword_1001080
		jmp	short loc_1001CB4
; ---------------------------------------------------------------------------

loc_1001CA1:				; CODE XREF: sub_1001BF1 + 9A
					; sub_1001BF1 + A0
		push	dword_100701C
		call	ds:dword_1001054
		or	dword_100701C, 0FFFFFFFFh

loc_1001CB4:				; CODE XREF: sub_1001BF1 + 52
					; sub_1001BF1 + AE
		pop	edi
		pop	esi

loc_1001CB6:				; CODE XREF: sub_1001BF1 + 13
		pop	ebp
		pop	ecx
		retn
sub_1001BF1	endp    
   
 

 
 

sub_1001CB9	proc near		; CODE XREF: sub_1001CB9 + C2
					; sub_1001EFD + 18 ...
var_280		= byte ptr  - 280h
var_80		= byte ptr  - 80h
arg_0		= dword	ptr  8
		push	ebp
		lea	ebp, [ esp - 74h ]
		sub	esp, 280h
		push	esi
		mov	esi, [ ebp + 74h + arg_0 ]
		cmp	esi, 0FFFFFFFFh
		jnz	short loc_1001CD5
		call	ds:dword_1001064
		mov	esi, eax

loc_1001CD5:				; CODE XREF: sub_1001CB9 + 12
		cmp	dword_1017C20, 0
		jnz	short loc_1001D2A
		lea	eax, [ ebp + 74h + var_280 ]
		push	eax
		push	200h
		push	esi
		call	sub_1001556
		and	[ ebp + 74h + var_80 ], 0
		push	80h
		lea	eax, [ ebp + 74h + var_80 ]
		push	eax
		push	20000003h
		push	dword_1007020
		call	ds:dword_1001118
		push	10010h
		lea	eax, [ ebp + 74h + var_80 ]
		push	eax
		lea	eax, [ ebp + 74h + var_280 ]
		push	eax
		push	dword_1007764
		call	ds:dword_1001124

loc_1001D2A:				; CODE XREF: sub_1001CB9 + 23
		call	sub_10015BE
		test	esi, esi
		jnz	short loc_1001D34
		inc	esi

loc_1001D34:				; CODE XREF: sub_1001CB9 + 78
		cmp	dword_1007024, 0
		jz	short loc_1001D4F
		push	offset dword_10078A0
		call	ds:dword_100109C
		and	dword_1007024, 0

loc_1001D4F:				; CODE XREF: sub_1001CB9 + 82
		push	esi
		call	ds:dword_1001098
		int	3		; Trap to Debugger

loc_1001D57:				; DATA XREF: start_0 + 8E
		push	0
		push	offset sub_10016BA
		push	0
		push	64h
		push	dword_1007020
		call	ds:dword_1001114
		and	dword_1007764, 0
		test	eax, eax
		jz	short locret_1001D80
		push	0FFFFFFFFh
		call	sub_1001CB9

locret_1001D80:				; CODE XREF: sub_1001CB9 + BE
		retn	4
sub_1001CB9	endp    
   
 

  ; sp - analysis failed
 

sub_1001D83	proc near		; CODE XREF: start_0 + 4EF
var_1B4		= byte ptr  - 1B4h
var_B0		= dword	ptr  - 0B0h
var_AC		= dword	ptr  - 0ACh
var_18		= byte ptr  - 18h
var_14		= byte ptr  - 14h
var_4		= dword	ptr  - 4
arg_0		= dword	ptr  8
arg_4		= dword	ptr  0Ch
arg_8		= dword	ptr  10h
arg_C		= dword	ptr  14h
arg_10		= dword	ptr  18h
		push	ebp
		lea	ebp, [ esp - 64h ]
		sub	esp, 1B4h
		push	ebx
		push	esi
		push	offset aWfp_idle_trigg ; \"WFP_IDLE_TRIGGER\"
		xor	ebx, ebx
		push	ebx
		push	100000h
		mov	[ ebp + 64h + var_4 ], 10h
		call	ds:dword_10010BC
		mov	esi, eax
		cmp	esi, ebx
		jz	short loc_1001DC5
		push	0EA60h
		push	esi
		call	ds:dword_10010B8
		push	esi
		call	ds:dword_1001054
		jmp	short loc_1001DDC
; ---------------------------------------------------------------------------

loc_1001DC5:				; CODE XREF: sub_1001D83 + 2B
		cmp	[ ebp + 64h + arg_8 ], ebx
		jz	short loc_1001DD1
		push	0EA60h
		jmp	short loc_1001DD6
; ---------------------------------------------------------------------------

loc_1001DD1:				; CODE XREF: sub_1001D83 + 45
		push	2710h

loc_1001DD6:				; CODE XREF: sub_1001D83 + 4C
		call	ds:dword_100107C

loc_1001DDC:				; CODE XREF: sub_1001D83 + 40
		lea	eax, [ ebp + 64h + var_4 ]
		push	eax
		lea	eax, [ ebp + 64h + var_14 ]
		push	eax
		push	ebx
		push	13h
		call	sub_1001B1C
		test	eax, eax
		jz	loc_1001EF4
		push	edi
		push	offset aAdvapi32_dll ; \"advapi32.dll\"
		call	ds:dword_10010B4
		cmp	eax, ebx
		mov	[ ebp + 64h + arg_8 ], eax
		jz	short loc_1001E29
		push	offset aInitiatesystem ; \"InitiateSystemShutdownExA\"
		push	eax
		call	ds:dword_10010B0
		cmp	eax, ebx
		jz	short loc_1001E29
		push	[ ebp + 64h + arg_10 ]
		push	[ ebp + 64h + arg_0 ]
		push	[ ebp + 64h + arg_4 ]
		push	ebx
		push	[ ebp + 64h + arg_C ]
		push	ebx
		call	eax
		jmp	short loc_1001E38
; ---------------------------------------------------------------------------

loc_1001E29:				; CODE XREF: sub_1001D83 + 82
					; sub_1001D83 + 92
		push	[ ebp + 64h + arg_0 ]
		push	[ ebp + 64h + arg_4 ]
		push	ebx
		push	ebx
		push	ebx
		call	ds:dword_1001018

loc_1001E38:				; CODE XREF: sub_1001D83 + A4
		mov	edi, eax
		cmp	edi, ebx
		jnz	loc_1001EDA
		mov	esi, ds:dword_1001044
		lea	eax, [ ebp + 64h + var_B0 ]
		push	eax
		mov	[ ebp + 64h + var_B0 ], 94h
		call	esi ; dword_1001044
		cmp	[ ebp + 64h + var_AC ], 4
		jbe	short loc_1001EDA
		lea	eax, [ ebp + 64h + var_B0 ]
		push	eax
		mov	[ ebp + 64h + var_B0 ], 9Ch
		call	esi ; dword_1001044
		test	[ ebp + 64h + var_18 ], 40h
		jz	short loc_1001EDA
		push	104h
		lea	eax, [ ebp + 64h + var_1B4 ]
		push	eax
		call	ds:dword_10010A8
		test	eax, eax
		jz	short loc_1001EDA
		lea	eax, [ ebp + 64h + var_1B4 ]
		push	5Ch
		push	eax
		call	ds:dword_1001138
		pop	ecx
		pop	ecx
		push	ebx
		push	2000000h
		push	3
		push	ebx
		push	7
		mov	[ eax + 1 ], bl
		push	0C0000000h
		lea	eax, [ ebp + 64h + var_1B4 ]
		push	eax
		call	ds:dword_1001090
		mov	esi, eax
		cmp	esi, 0FFFFFFFFh
		jz	short loc_1001EDA
		push	esi
		call	ds:dword_10010A4
		push	esi
		mov	edi, eax
		call	ds:dword_1001054
		cmp	edi, ebx
		jz	short loc_1001EDA
		push	1
		call	ds:dword_1001150
		mov	edi, eax

loc_1001EDA:				; CODE XREF: sub_1001D83 + B9
					; sub_1001D83 + D6 ...
		cmp	[ ebp + 64h + arg_8 ], ebx
		jz	short loc_1001EE8
		push	[ ebp + 64h + arg_8 ]
		call	ds:dword_10010A0

loc_1001EE8:				; CODE XREF: sub_1001D83 + 15A
		lea	eax, [ ebp + 64h + var_14 ]
		push	eax
		call	sub_1001BA0
		mov	eax, edi
		pop	edi

loc_1001EF4:				; CODE XREF: sub_1001D83 + 6B
		pop	esi
		pop	ebx
		add	ebp, 64h
		leave
		retn	14h
sub_1001D83	endp    
   
 

 
 

sub_1001EFD	proc near		; CODE XREF: sub_1001FAA + 96
					; sub_1001FAA + E5 ...
arg_0		= dword	ptr  4
		push	[ esp + arg_0 ]
		push	8
		push	dword_10078B8
		call	ds:dword_100108C
		test	eax, eax
		jnz	short locret_1001F1A
		push	8
		call	sub_1001CB9

locret_1001F1A:				; CODE XREF: sub_1001EFD + 14
		retn
sub_1001EFD	endp    
   
 

 
 

sub_1001F1B	proc near		; CODE XREF: start_0 + 146
					; DATA XREF: start_0 + 1DA
arg_0		= dword	ptr  4
		push	esi
		push	0
		push	8000000h
		push	3
		push	0
		push	3
		push	80000000h
		push	[ esp + 1Ch + arg_0 ]
		call	ds:dword_1001090
		mov	esi, eax
		cmp	esi, 0FFFFFFFFh
		jnz	short loc_1001F45
		push	eax
		call	sub_1001CB9

loc_1001F45:				; CODE XREF: sub_1001F1B + 22
		push	0
		push	0
		push	dword_1007014
		push	esi
		call	ds:dword_100104C
		mov	eax, esi
		pop	esi
		retn
sub_1001F1B	endp    
   
 

 
 

sub_1001F5A	proc near		; CODE XREF: start_0 + 178
					; DATA XREF: start_0 + 1D5
arg_0		= dword	ptr  8
arg_4		= dword	ptr  0Ch
arg_8		= dword	ptr  10h
		push	ebp
		mov	ebp, esp
		push	0
		lea	eax, [ ebp + arg_8 ]
		push	eax
		push	[ ebp + arg_8 ]
		push	[ ebp + arg_4 ]
		push	[ ebp + arg_0 ]
		call	ds:dword_1001048
		test	eax, eax
		jnz	short loc_1001F7D
		push	0FFFFFFFFh
		call	sub_1001CB9

loc_1001F7D:				; CODE XREF: sub_1001F5A + 1A
		mov	eax, [ ebp + arg_8 ]
		pop	ebp
		retn
sub_1001F5A	endp    
   
 

 
 

sub_1001F82	proc near		; DATA XREF: start_0 + 1D0
arg_0		= dword	ptr  8
arg_4		= dword	ptr  0Ch
arg_8		= dword	ptr  10h
		push	ebp
		mov	ebp, esp
		push	0
		lea	eax, [ ebp + arg_8 ]
		push	eax
		push	[ ebp + arg_8 ]
		push	[ ebp + arg_4 ]
		push	[ ebp + arg_0 ]
		call	ds:dword_1001094
		test	eax, eax
		jnz	short loc_1001FA5
		push	0FFFFFFFFh
		call	sub_1001CB9

loc_1001FA5:				; CODE XREF: sub_1001F82 + 1A
		mov	eax, [ ebp + arg_8 ]
		pop	ebp
		retn
sub_1001F82	endp    
   
 

 
 

sub_1001FAA	proc near		; CODE XREF: sub_100269E + 66
var_C		= byte ptr  - 0Ch
var_B		= byte ptr  - 0Bh
var_A		= byte ptr  - 0Ah
var_9		= byte ptr  - 9
var_8		= byte ptr  - 8
var_7		= byte ptr  - 7
var_4		= byte ptr  - 4
arg_0		= dword	ptr  8
arg_4		= dword	ptr  0Ch
arg_8		= dword	ptr  10h
		push	ebp
		mov	ebp, esp
		sub	esp, 0Ch
		push	edi
		push	[ ebp + arg_0 ]
		and	[ ebp + var_C ], 0
		and	[ ebp + var_B ], 0
		and	[ ebp + var_A ], 0
		and	[ ebp + var_9 ], 0
		and	[ ebp + var_8 ], 0
		xor	edi, edi
		push	edi
		push	edi
		push	edi
		push	edi
		push	edi
		push	edi
		push	220h
		push	20h
		push	2
		lea	eax, [ ebp + var_C ]
		push	eax
		mov	[ ebp + var_7 ], 5
		call	ds:dword_1001024
		test	eax, eax
		jz	short loc_1002002
		lea	eax, [ ebp + arg_0 ]
		push	eax
		push	28h
		call	ds:dword_10010C0
		push	eax
		call	ds:dword_1001000
		test	eax, eax
		jnz	short loc_1002009

loc_1002002:				; CODE XREF: sub_1001FAA + 3F
		xor	eax, eax
		jmp	loc_10020C2
; ---------------------------------------------------------------------------

loc_1002009:				; CODE XREF: sub_1001FAA + 56
		push	ebx
		mov	ebx, ds:dword_1001020
		push	esi
		lea	eax, [ ebp + var_4 ]
		push	eax
		push	10000h
		push	offset dword_1007C20
		push	4
		push	[ ebp + arg_0 ]
		call	ebx ; dword_1001020
		test	eax, eax
		jnz	short loc_1002031

loc_100202A:				; CODE XREF: sub_1001FAA + D4
		xor	eax, eax
		jmp	loc_10020C0
; ---------------------------------------------------------------------------

loc_1002031:				; CODE XREF: sub_1001FAA + 7E
		push	dword_1007C20
		call	ds:dword_100101C
		mov	esi, eax
		push	esi
		call	sub_1001EFD
		cmp	eax, edi
		pop	ecx
		mov	ecx, [ ebp + arg_4 ]
		mov	[ ecx ], eax
		jz	short loc_100209E
		mov	ecx, esi
		mov	esi, dword_1007C20
		mov	edi, eax
		mov	eax, ecx
		shr	ecx, 2
		rep movsd
		mov	ecx, eax
		lea	eax, [ ebp + var_4 ]
		push	eax
		push	10000h
		push	offset dword_1007C20
		and	ecx, 3
		push	1
		rep movsb
		push	[ ebp + arg_0 ]
		call	ebx ; dword_1001020
		test	eax, eax
		jz	short loc_100202A
		push	dword_1007C20
		call	ds:dword_100101C
		mov	esi, eax
		push	esi
		call	sub_1001EFD
		test	eax, eax
		pop	ecx
		mov	ecx, [ ebp + arg_8 ]
		mov	[ ecx ], eax
		jnz	short loc_10020A5

loc_100209E:				; CODE XREF: sub_1001FAA + A3
		push	8
		call	sub_1001CB9

loc_10020A5:				; CODE XREF: sub_1001FAA + F2
		mov	ecx, esi
		mov	esi, dword_1007C20
		mov	edi, eax
		mov	eax, ecx
		shr	ecx, 2
		rep movsd
		mov	ecx, eax
		and	ecx, 3
		xor	eax, eax
		rep movsb
		inc	eax

loc_10020C0:				; CODE XREF: sub_1001FAA + 82
		pop	esi
		pop	ebx

loc_10020C2:				; CODE XREF: sub_1001FAA + 5A
		pop	edi
		leave
		retn	0Ch
sub_1001FAA	endp    
   
 

 
 

sub_10020C7	proc near		; CODE XREF: sub_10020FE + FE
					; sub_1002272 + 40 ...
arg_0		= dword	ptr  4
		mov	eax, [ esp + arg_0 ]
		lea	ecx, [ eax + 1 ]

loc_10020CE:				; CODE XREF: sub_10020C7 + C
		mov	dl, [ eax ]
		inc	eax
		test	dl, dl
		jnz	short loc_10020CE
		push	esi
		sub	eax, ecx
		lea	esi, [ eax + 1 ]
		push	edi
		push	esi
		call	sub_1001EFD
		pop	ecx
		mov	ecx, esi
		mov	esi, [ esp + 8 + arg_0 ]
		mov	edx, ecx
		shr	ecx, 2
		mov	edi, eax
		rep movsd
		mov	ecx, edx
		and	ecx, 3
		rep movsb
		pop	edi
		pop	esi
		retn	4
sub_10020C7	endp    
   
 

 
 

sub_10020FE	proc near		; DATA XREF: sub_100269E + 3A9
var_228		= byte ptr  - 228h
var_124		= byte ptr  - 124h
var_20		= dword	ptr  - 20h
var_18		= dword	ptr  - 18h
var_14		= dword	ptr  - 14h
var_10		= dword	ptr  - 10h
arg_0		= dword	ptr  8
arg_4		= dword	ptr  0Ch
arg_8		= word ptr  10h
		push	ebp
		mov	ebp, esp
		sub	esp, 228h
		mov	eax, [ ebp + arg_4 ]
		sub	eax, 10h
		push	ebx
		push	esi
		jz	loc_100225E
		sub	eax, 100h
		jz	loc_1002204
		dec	eax
		jnz	short loc_100213A
		movzx	eax, [ ebp + arg_8 ]
		dec	eax
		jz	loc_10021D5
		dec	eax
		jz	loc_100225E
		sub	eax, 6Bh
		jz	short loc_1002141

loc_100213A:				; CODE XREF: sub_10020FE + 23
		xor	eax, eax
		jmp	loc_100226C
; ---------------------------------------------------------------------------

loc_1002141:				; CODE XREF: sub_10020FE + 3A
		push	edi
		push	104h
		lea	eax, [ ebp + var_228 ]
		push	eax
		push	20000005h
		push	dword_1007020
		xor	ebx, ebx
		mov	[ ebp + var_124 ], bl
		call	ds:dword_1001118
		mov	esi, [ ebp + arg_0 ]
		push	8
		xor	eax, eax
		pop	ecx
		lea	edi, [ ebp + var_20 ]
		rep stosd
		lea	eax, [ ebp + var_124 ]
		mov	[ ebp + var_18 ], eax
		lea	eax, [ ebp + var_228 ]
		mov	[ ebp + var_14 ], eax
		xor	edi, edi
		lea	eax, [ ebp + var_20 ]
		inc	edi
		push	eax
		mov	[ ebp + var_20 ], esi
		mov	[ ebp + var_10 ], edi
		call	ds:dword_1001108
		cmp	eax, ebx
		jz	short loc_10021C2
		lea	ecx, [ ebp + var_124 ]
		push	ecx
		push	eax
		call	ds:dword_100110C
		test	eax, eax
		jz	short loc_10021C2
		lea	eax, [ ebp + var_124 ]
		push	eax
		push	ebx
		push	0Ch
		push	6Ch
		push	esi
		call	ds:dword_100112C

loc_10021C2:				; CODE XREF: sub_10020FE + 9D
					; sub_10020FE + AF
		push	ebx
		push	ebx
		push	28h
		push	esi
		call	ds:dword_1001128
		mov	eax, edi
		pop	edi
		jmp	loc_100226C
; ---------------------------------------------------------------------------

loc_10021D5:				; CODE XREF: sub_10020FE + 2A
		and	[ ebp + var_124 ], 0
		lea	eax, [ ebp + var_124 ]
		push	eax
		push	104h
		push	0Dh
		push	6Ch
		push	[ ebp + arg_0 ]
		call	ds:dword_100112C
		lea	eax, [ ebp + var_124 ]
		push	eax
		call	sub_10020C7
		push	eax
		jmp	short loc_1002260
; ---------------------------------------------------------------------------

loc_1002204:				; CODE XREF: sub_10020FE + 1C
		push	104h
		lea	eax, [ ebp + var_124 ]
		push	eax
		push	20000005h
		push	dword_1007020
		call	ds:dword_1001118
		lea	eax, [ ebp + var_124 ]
		push	eax
		xor	ebx, ebx
		push	ebx
		push	0Ch
		push	[ ebp + arg_0 ]
		call	ds:dword_1001128
		mov	esi, ds:dword_100112C
		lea	eax, [ ebp + var_124 ]
		push	eax
		push	ebx
		push	0Ch
		push	67h
		push	[ ebp + arg_0 ]
		call	esi ; dword_100112C
		push	offset dword_10078C0
		push	ebx
		push	0Ch
		push	6Ch
		push	[ ebp + arg_0 ]
		call	esi ; dword_100112C
		jmp	short loc_1002269
; ---------------------------------------------------------------------------

loc_100225E:				; CODE XREF: sub_10020FE + 11
					; sub_10020FE + 31
		push	0

loc_1002260:				; CODE XREF: sub_10020FE + 104
		push	[ ebp + arg_0 ]
		call	ds:dword_100111C

loc_1002269:				; CODE XREF: sub_10020FE + 15E
		xor	eax, eax
		inc	eax

loc_100226C:				; CODE XREF: sub_10020FE + 3E
					; sub_10020FE + D2
		pop	esi
		pop	ebx
		leave
		retn	10h
sub_10020FE	endp    
   
 

 
 

sub_1002272	proc near		; CODE XREF: start_0 + 46
var_1C		= dword	ptr  - 1Ch
var_18		= dword	ptr  - 18h
var_14		= dword	ptr  - 14h
		sub	esp, 10h
		push	ebx
		push	ebp
		push	esi
		push	edi
		push	104h
		mov	esi, offset dword_1007780
		push	esi
		xor	ebx, ebx
		push	ebx
		call	ds:dword_10010CC
		mov	eax, esi
		lea	ecx, [ eax + 1 ]

loc_1002292:				; CODE XREF: sub_1002272 + 25
		mov	dl, [ eax ]
		inc	eax
		cmp	dl, bl
		jnz	short loc_1002292
		sub	eax, ecx
		lea	eax, dword_1007780[ eax ]
		jmp	short loc_10022AD
; ---------------------------------------------------------------------------

loc_10022A3:				; CODE XREF: sub_1002272 + 3D
		lea	ecx, [ eax - 1 ]
		cmp	byte ptr [ ecx ],	5Ch
		jz	short loc_10022B1
		mov	eax, ecx

loc_10022AD:				; CODE XREF: sub_1002272 + 2F
		cmp	eax, esi
		ja	short loc_10022A3

loc_10022B1:				; CODE XREF: sub_1002272 + 37
		push	eax
		call	sub_10020C7
		push	esi
		mov	dword_1007034, eax
		call	sub_100180D
		call	ds:dword_10010C8
		mov	ebp, eax
		mov	[ esp + 2Ch + var_14 ], ebp
		xor	ecx, ecx

loc_10022D0:				; CODE XREF: sub_1002272 + 75
		mov	al, [ ebp + 0 ]
		cmp	al, 20h
		jz	short loc_10022DF
		cmp	al, 9
		jz	short loc_10022DF
		cmp	al, 22h
		jnz	short loc_10022E9

loc_10022DF:				; CODE XREF: sub_1002272 + 63
					; sub_1002272 + 67
		cmp	al, 22h
		jnz	short loc_10022E6
		xor	ecx, ecx
		inc	ecx

loc_10022E6:				; CODE XREF: sub_1002272 + 6F
		inc	ebp
		jmp	short loc_10022D0
; ---------------------------------------------------------------------------

loc_10022E9:				; CODE XREF: sub_1002272 + 6B
		cmp	ecx, ebx
		mov	[ esp + 2Ch + var_14 ], ebp
		jz	short loc_1002307
		cmp	[ ebp + 0 ], bl
		mov	eax, ebp
		jz	short loc_1002307

loc_10022F8:				; CODE XREF: sub_1002272 + 8E
		cmp	byte ptr [ eax ],	22h
		jz	short loc_1002304
		inc	eax
		cmp	[ eax ], bl
		jnz	short loc_10022F8
		jmp	short loc_1002307
; ---------------------------------------------------------------------------

loc_1002304:				; CODE XREF: sub_1002272 + 89
		mov	byte ptr [ eax ],	20h

loc_1002307:				; CODE XREF: sub_1002272 + 7D
					; sub_1002272 + 84 ...
		mov	eax, ebp
		lea	ecx, [ eax + 1 ]

loc_100230C:				; CODE XREF: sub_1002272 + 9F
		mov	dl, [ eax ]
		inc	eax
		cmp	dl, bl
		jnz	short loc_100230C
		sub	eax, ecx
		lea	eax, [ eax + ebp - 1 ]
		jmp	short loc_100232A
; ---------------------------------------------------------------------------

loc_100231B:				; CODE XREF: sub_1002272 + BA
		mov	cl, [ eax ]
		cmp	cl, 20h
		jz	short loc_1002327
		cmp	cl, 9
		jnz	short loc_100232E

loc_1002327:				; CODE XREF: sub_1002272 + AE
		mov	[ eax ], bl
		dec	eax

loc_100232A:				; CODE XREF: sub_1002272 + A7
		cmp	eax, ebp
		jnb	short loc_100231B

loc_100232E:				; CODE XREF: sub_1002272 + B3
		mov	ecx, dword_1007034
		mov	eax, ecx
		mov	[ esp + 2Ch + var_1C ], ebx
		mov	byte ptr dword_10079E0,	bl
		lea	esi, [ eax + 1 ]

loc_1002343:				; CODE XREF: sub_1002272 + D6
		mov	dl, [ eax ]
		inc	eax
		cmp	dl, bl
		jnz	short loc_1002343
		sub	eax, esi
		lea	edx, [ eax + ecx - 1 ]
		jmp	short loc_1002358
; ---------------------------------------------------------------------------

loc_1002352:				; CODE XREF: sub_1002272 + E8
		cmp	byte ptr [ edx ],	2Eh
		jz	short loc_100235E
		dec	edx

loc_1002358:				; CODE XREF: sub_1002272 + DE
		cmp	edx, ecx
		ja	short loc_1002352
		jmp	short loc_1002390
; ---------------------------------------------------------------------------

loc_100235E:				; CODE XREF: sub_1002272 + E3
		mov	eax, edx
		lea	esi, [ eax + 1 ]

loc_1002363:				; CODE XREF: sub_1002272 + F6
		mov	cl, [ eax ]
		inc	eax
		cmp	cl, bl
		jnz	short loc_1002363
		sub	eax, esi
		lea	ecx, [ eax + 1 ]
		mov	[ esp + 2Ch + var_1C ], eax
		mov	eax, ecx
		shr	ecx, 2
		mov	esi, edx
		mov	edi, offset dword_10079E0
		rep movsd
		mov	ecx, eax
		and	ecx, 3
		rep movsb
		mov	[ edx ], bl
		mov	ecx, dword_1007034

loc_1002390:				; CODE XREF: sub_1002272 + EA
		mov	dword_100702C, offset dword_100119C
		cmp	[ ebp + 0 ], bl
		mov	esi, ebp
		jmp	loc_10024A7
; ---------------------------------------------------------------------------

loc_10023A4:				; CODE XREF: sub_1002272 + 239
		mov	al, [ esi ]
		mov	dl, [ ecx ]
		or	al, 20h
		or	dl, 20h
		cmp	al, dl
		jnz	loc_10024A0
		lea	ebp, [ esi + 1 ]
		lea	esi, [ ecx + 1 ]
		jmp	short loc_10023C5
; ---------------------------------------------------------------------------

loc_10023BD:				; CODE XREF: sub_1002272 + 162
		xor	ebx, ebx
		cmp	al, bl
		jz	short loc_10023E0
		inc	ebp
		inc	esi

loc_10023C5:				; CODE XREF: sub_1002272 + 149
		mov	al, [ esi ]
		mov	dl, [ ebp + 0 ]
		mov	bl, al
		or	dl, 20h
		or	bl, 20h
		cmp	bl, dl
		jz	short loc_10023BD
		xor	ebx, ebx
		cmp	al, bl
		jnz	loc_10024A0

loc_10023E0:				; CODE XREF: sub_1002272 + 14F
		cmp	byte ptr [ ebp + 0 ],